fedora-infra_ansible/roles/openqa/server/templates/openqa.ini.j2

[global]
audit_enabled = 0
branding = plain
base_url = https://{{ external_hostname }}
download_domains = fedoraproject.org
{% if openqa_webapi_plugins is defined and openqa_webapi_plugins %}
plugins = {{ openqa_webapi_plugins }}
{% endif %}
hide_asset_types = repo hdd
parallel_cancel_whole_cluster = 0

{% if openqa_amqp_publisher_url is defined and openqa_amqp_publisher_url %}
[amqp]
topic_prefix = {{ openqa_amqp_publisher_prefix }}
url = {{ openqa_amqp_publisher_url }}
exchange = {{ openqa_amqp_publisher_exchange }}
{% if openqa_amqp_publisher_cacertfile is defined %}
cacertfile = {{ openqa_amqp_publisher_cacertfile }}
certfile = {{ openqa_amqp_publisher_certfile }}
keyfile = {{ openqa_amqp_publisher_keyfile }}
{% endif %}
{% endif %}

[audit/storage_duration]
startup = 7
jobgroup = 7
jobtemplate = 7
table = 7
iso = 7
user = 7
asset = 7
needle = 7
other = 7

[auth]
method = {{ openqa_auth_method }}

[logging]
level = info

[misc_limits]
asset_cleanup_max_free_percentage = 20

{% if openqa_auth_method == 'OpenID' %}
[openid]
provider = https://id.fedoraproject.org/
httpsonly = 1
{% endif %}

{% if openqa_auth_method == 'OAuth2' %}
[oauth2]
provider = custom
authorize_url = https://id{{openqa_env_suffix}}.fedoraproject.org/openidc/Authorization?response_type=code
token_url = https://id{{openqa_env_suffix}}.fedoraproject.org/openidc/Token
user_url = https://id{{openqa_env_suffix}}.fedoraproject.org/openidc/UserInfo
token_scope = openid profile email
token_label = Bearer
id_from = preferred_username
nickname_from = nickname
unique_name = FAS
key = openqa
secret = {{ openqa_oauth2_secret }}
{% endif %}