Add SaFiRe + ShaRe, closes #410

lxc-apps/safire/app

@@ -0,0 +1,30 @@
+{
+    "version": "0.0.1-200403",
+    "meta": {
+        "title": "Sahana Eden - SAFIRE",
+        "desc-cs": "Řízení humanítární činnosti - Řešení nouzových událostí",
+        "desc-en": "Management of humanitarian activities - First response",
+        "license": "GPL"
+    },
+    "containers": {
+        "safire": {
+            "image": "sahana_0.0.1-200403",
+            "depends": [
+                "safire-postgres"
+            ],
+            "mounts": {
+                "safire/sahana_conf": "srv/web2py/applications/eden/models",
+                "safire/sahana_data/SAFIRE": "srv/web2py/applications/eden/modules/templates/SAFIRE",
+                "safire/sahana_data/databases": "srv/web2py/applications/eden/databases",
+                "safire/sahana_data/uploads": "srv/web2py/applications/eden/uploads",
+                "safire/sahana_data/masterUsers.csv": "srv/web2py/applications/eden/modules/templates/default/users/masterUsers.csv:file"
+            }
+        },
+        "safire-postgres": {
+            "image": "postgis_3.0.0-200403",
+            "mounts": {
+                "safire/postgres_data": "var/lib/postgresql"
+            }
+        }
+    }
+}

lxc-apps/safire/install.sh

@@ -0,0 +1,52 @@
+#!/bin/sh
+set -ev
+
+# Volumes
+POSTGRES_DATA="${VOLUMES_DIR}/safire/postgres_data"
+SAHANA_DATA="${VOLUMES_DIR}/safire/sahana_data"
+SAHANA_CONF="${VOLUMES_DIR}/safire/sahana_conf"
+SAHANA_LAYER="${LAYERS_DIR}/sahana_0.0.1-200403"
+
+# Create Postgres instance
+install -o 105432 -g 105432 -m 700 -d ${POSTGRES_DATA}
+spoc-container exec safire-postgres -- initdb -D /var/lib/postgresql
+
+# Configure Postgres
+install -o 105432 -g 105432 -m 600 postgres_data/postgresql.conf ${POSTGRES_DATA}/postgresql.conf
+install -o 105432 -g 105432 -m 600 postgres_data/pg_hba.conf ${POSTGRES_DATA}/pg_hba.conf
+
+# Create PostgreSQL user and database
+export SAFIRE_PWD=$(head -c 18 /dev/urandom | base64 | tr -d '+/=')
+spoc-container start safire-postgres
+envsubst <createdb.sql | spoc-container exec safire-postgres -- psql
+
+# Prepare persistent directory structure
+install -o 108080 -g 108080 -m 750 -d ${SAHANA_DATA}/databases
+install -o 108080 -g 108080 -m 750 -d ${SAHANA_DATA}/uploads
+cp -rp ${SAHANA_LAYER}/srv/web2py/applications/eden/models ${SAHANA_CONF}
+cp -rp ${SAHANA_LAYER}/srv/web2py/applications/eden/modules/templates/SAFIRE ${SAHANA_DATA}/SAFIRE
+
+# Configure SAFIRE
+export SAFIRE_HMAC=$(head -c 18 /dev/urandom | base64 | tr -d '+/=')
+export SAFIRE_ADMIN_USER="admin@example.com"
+export SAFIRE_ADMIN_PWD=$(head -c 12 /dev/urandom | base64 | tr -d '+/=')
+envsubst <sahana_conf/000_config.py | install -o 108080 -g 108080 -m 640 /dev/stdin ${SAHANA_CONF}/000_config.py
+envsubst <sahana_data/masterUsers.csv | install -o 108080 -g 108080 -m 640 /dev/stdin ${SAHANA_DATA}/masterUsers.csv
+install -o 108080 -g 108080 -m 640 sahana_conf/00_settings.py ${SAHANA_CONF}/00_settings.py
+install -o 108080 -g 108080 -m 640 sahana_data/SAFIRE/config.py ${SAHANA_DATA}/SAFIRE/config.py
+
+# Populate database
+spoc-container exec -u sahana safire -- sh -c 'cd /srv/web2py; ./web2py.py -S eden -M -R applications/eden/static/scripts/tools/noop.py'
+
+# Set "production values" (increases performance) only if the DEBUG environment variable is not set
+if [ ${DEBUG:-0} -eq 0 ]; then
+    sed -i 's/settings.base.migrate = True/settings.base.migrate = False/' ${SAHANA_CONF}/000_config.py
+    sed -i 's/settings.base.debug = True/settings.base.debug = False/' ${SAHANA_CONF}/000_config.py
+    sed -i 's/#settings.base.prepopulate = 0/settings.base.prepopulate = 0/' ${SAHANA_CONF}/000_config.py
+fi
+
+# Stop services required for setup
+spoc-container stop safire-postgres
+
+# Register application
+vmmgr register-app safire safire "${SAFIRE_ADMIN_USER}" "${SAFIRE_ADMIN_PWD}"

lxc-apps/safire/install/createdb.sql

@@ -0,0 +1,8 @@
+CREATE ROLE safire NOSUPERUSER NOCREATEDB NOCREATEROLE NOINHERIT LOGIN ENCRYPTED PASSWORD '${SAFIRE_PWD}';
+CREATE DATABASE safire;
+REVOKE ALL ON DATABASE safire FROM public;
+ALTER DATABASE safire OWNER TO safire;
+\c safire;
+CREATE EXTENSION postgis;
+GRANT ALL ON geometry_columns TO safire;
+GRANT ALL ON spatial_ref_sys TO safire;

lxc-apps/safire/install/postgres_data/pg_hba.conf

@@ -0,0 +1,3 @@
+local all postgres      peer
+local all all           md5
+host  all all 0.0.0.0/0 md5

lxc-apps/safire/install/postgres_data/postgresql.conf

@@ -0,0 +1,750 @@
+# -----------------------------
+# PostgreSQL configuration file
+# -----------------------------
+#
+# This file consists of lines of the form:
+#
+#   name = value
+#
+# (The "=" is optional.)  Whitespace may be used.  Comments are introduced with
+# "#" anywhere on a line.  The complete list of parameter names and allowed
+# values can be found in the PostgreSQL documentation.
+#
+# The commented-out settings shown in this file represent the default values.
+# Re-commenting a setting is NOT sufficient to revert it to the default value;
+# you need to reload the server.
+#
+# This file is read on server startup and when the server receives a SIGHUP
+# signal.  If you edit the file on a running system, you have to SIGHUP the
+# server for the changes to take effect, run "pg_ctl reload", or execute
+# "SELECT pg_reload_conf()".  Some parameters, which are marked below,
+# require a server shutdown and restart to take effect.
+#
+# Any parameter can also be given as a command-line option to the server, e.g.,
+# "postgres -c log_connections=on".  Some parameters can be changed at run time
+# with the "SET" SQL command.
+#
+# Memory units:  kB = kilobytes        Time units:  ms  = milliseconds
+#                MB = megabytes                     s   = seconds
+#                GB = gigabytes                     min = minutes
+#                TB = terabytes                     h   = hours
+#                                                   d   = days
+
+
+#------------------------------------------------------------------------------
+# FILE LOCATIONS
+#------------------------------------------------------------------------------
+
+# The default values of these variables are driven from the -D command-line
+# option or PGDATA environment variable, represented here as ConfigDir.
+
+#data_directory = 'ConfigDir'		# use data in another directory
+					# (change requires restart)
+#hba_file = 'ConfigDir/pg_hba.conf'	# host-based authentication file
+					# (change requires restart)
+#ident_file = 'ConfigDir/pg_ident.conf'	# ident configuration file
+					# (change requires restart)
+
+# If external_pid_file is not explicitly set, no extra PID file is written.
+#external_pid_file = ''			# write an extra PID file
+					# (change requires restart)
+
+
+#------------------------------------------------------------------------------
+# CONNECTIONS AND AUTHENTICATION
+#------------------------------------------------------------------------------
+
+# - Connection Settings -
+
+listen_addresses = '*'			# what IP address(es) to listen on;
+					# comma-separated list of addresses;
+					# defaults to 'localhost'; use '*' for all
+					# (change requires restart)
+#port = 5432				# (change requires restart)
+max_connections = 100			# (change requires restart)
+#superuser_reserved_connections = 3	# (change requires restart)
+unix_socket_directories = '/run/postgresql,/tmp'	# comma-separated list of directories
+					# (change requires restart)
+#unix_socket_group = ''			# (change requires restart)
+#unix_socket_permissions = 0777		# begin with 0 to use octal notation
+					# (change requires restart)
+#bonjour = off				# advertise server via Bonjour
+					# (change requires restart)
+#bonjour_name = ''			# defaults to the computer name
+					# (change requires restart)
+
+# - TCP settings -
+# see "man 7 tcp" for details
+
+#tcp_keepalives_idle = 0		# TCP_KEEPIDLE, in seconds;
+					# 0 selects the system default
+#tcp_keepalives_interval = 0		# TCP_KEEPINTVL, in seconds;
+					# 0 selects the system default
+#tcp_keepalives_count = 0		# TCP_KEEPCNT;
+					# 0 selects the system default
+#tcp_user_timeout = 0			# TCP_USER_TIMEOUT, in milliseconds;
+					# 0 selects the system default
+
+# - Authentication -
+
+#authentication_timeout = 1min		# 1s-600s
+#password_encryption = md5		# md5 or scram-sha-256
+#db_user_namespace = off
+
+# GSSAPI using Kerberos
+#krb_server_keyfile = ''
+#krb_caseins_users = off
+
+# - SSL -
+
+#ssl = off
+#ssl_ca_file = ''
+#ssl_cert_file = 'server.crt'
+#ssl_crl_file = ''
+#ssl_key_file = 'server.key'
+#ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers
+#ssl_prefer_server_ciphers = on
+#ssl_ecdh_curve = 'prime256v1'
+#ssl_min_protocol_version = 'TLSv1'
+#ssl_max_protocol_version = ''
+#ssl_dh_params_file = ''
+#ssl_passphrase_command = ''
+#ssl_passphrase_command_supports_reload = off
+
+
+#------------------------------------------------------------------------------
+# RESOURCE USAGE (except WAL)
+#------------------------------------------------------------------------------
+
+# - Memory -
+
+shared_buffers = 128MB			# min 128kB
+					# (change requires restart)
+#huge_pages = try			# on, off, or try
+					# (change requires restart)
+#temp_buffers = 8MB			# min 800kB
+#max_prepared_transactions = 0		# zero disables the feature
+					# (change requires restart)
+# Caution: it is not advisable to set max_prepared_transactions nonzero unless
+# you actively intend to use prepared transactions.
+#work_mem = 4MB				# min 64kB
+#maintenance_work_mem = 64MB		# min 1MB
+#autovacuum_work_mem = -1		# min 1MB, or -1 to use maintenance_work_mem
+#max_stack_depth = 2MB			# min 100kB
+#shared_memory_type = mmap		# the default is the first option
+					# supported by the operating system:
+					#   mmap
+					#   sysv
+					#   windows
+					# (change requires restart)
+dynamic_shared_memory_type = posix	# the default is the first option
+					# supported by the operating system:
+					#   posix
+					#   sysv
+					#   windows
+					#   mmap
+					# (change requires restart)
+
+# - Disk -
+
+#temp_file_limit = -1			# limits per-process temp file space
+					# in kB, or -1 for no limit
+
+# - Kernel Resources -
+
+#max_files_per_process = 1000		# min 25
+					# (change requires restart)
+
+# - Cost-Based Vacuum Delay -
+
+#vacuum_cost_delay = 0			# 0-100 milliseconds (0 disables)
+#vacuum_cost_page_hit = 1		# 0-10000 credits
+#vacuum_cost_page_miss = 10		# 0-10000 credits
+#vacuum_cost_page_dirty = 20		# 0-10000 credits
+#vacuum_cost_limit = 200		# 1-10000 credits
+
+# - Background Writer -
+
+#bgwriter_delay = 200ms			# 10-10000ms between rounds
+#bgwriter_lru_maxpages = 100		# max buffers written/round, 0 disables
+#bgwriter_lru_multiplier = 2.0		# 0-10.0 multiplier on buffers scanned/round
+#bgwriter_flush_after = 512kB		# measured in pages, 0 disables
+
+# - Asynchronous Behavior -
+
+#effective_io_concurrency = 1		# 1-1000; 0 disables prefetching
+#max_worker_processes = 8		# (change requires restart)
+#max_parallel_maintenance_workers = 2	# taken from max_parallel_workers
+#max_parallel_workers_per_gather = 2	# taken from max_parallel_workers
+#parallel_leader_participation = on
+#max_parallel_workers = 8		# maximum number of max_worker_processes that
+					# can be used in parallel operations
+#old_snapshot_threshold = -1		# 1min-60d; -1 disables; 0 is immediate
+					# (change requires restart)
+#backend_flush_after = 0		# measured in pages, 0 disables
+
+
+#------------------------------------------------------------------------------
+# WRITE-AHEAD LOG
+#------------------------------------------------------------------------------
+
+# - Settings -
+
+wal_level = minimal			# minimal, replica, or logical
+					# (change requires restart)
+#fsync = on				# flush data to disk for crash safety
+					# (turning this off can cause
+					# unrecoverable data corruption)
+#synchronous_commit = on		# synchronization level;
+					# off, local, remote_write, remote_apply, or on
+#wal_sync_method = fsync		# the default is the first option
+					# supported by the operating system:
+					#   open_datasync
+					#   fdatasync (default on Linux)
+					#   fsync
+					#   fsync_writethrough
+					#   open_sync
+#full_page_writes = on			# recover from partial page writes
+#wal_compression = off			# enable compression of full-page writes
+#wal_log_hints = off			# also do full page writes of non-critical updates
+					# (change requires restart)
+#wal_init_zero = on			# zero-fill new WAL files
+#wal_recycle = on			# recycle WAL files
+#wal_buffers = -1			# min 32kB, -1 sets based on shared_buffers
+					# (change requires restart)
+#wal_writer_delay = 200ms		# 1-10000 milliseconds
+#wal_writer_flush_after = 1MB		# measured in pages, 0 disables
+
+#commit_delay = 0			# range 0-100000, in microseconds
+#commit_siblings = 5			# range 1-1000
+
+# - Checkpoints -
+
+#checkpoint_timeout = 5min		# range 30s-1d
+#max_wal_size = 1GB
+#min_wal_size = 80MB
+#checkpoint_completion_target = 0.5	# checkpoint target duration, 0.0 - 1.0
+#checkpoint_flush_after = 256kB		# measured in pages, 0 disables
+#checkpoint_warning = 30s		# 0 disables
+
+# - Archiving -
+
+#archive_mode = off		# enables archiving; off, on, or always
+				# (change requires restart)
+#archive_command = ''		# command to use to archive a logfile segment
+				# placeholders: %p = path of file to archive
+				#               %f = file name only
+				# e.g. 'test ! -f /mnt/server/archivedir/%f && cp %p /mnt/server/archivedir/%f'
+#archive_timeout = 0		# force a logfile segment switch after this
+				# number of seconds; 0 disables
+
+# - Archive Recovery -
+
+# These are only used in recovery mode.
+
+#restore_command = ''		# command to use to restore an archived logfile segment
+				# placeholders: %p = path of file to restore
+				#               %f = file name only
+				# e.g. 'cp /mnt/server/archivedir/%f %p'
+				# (change requires restart)
+#archive_cleanup_command = ''	# command to execute at every restartpoint
+#recovery_end_command = ''	# command to execute at completion of recovery
+
+# - Recovery Target -
+
+# Set these only when performing a targeted recovery.
+
+#recovery_target = ''		# 'immediate' to end recovery as soon as a
+                                # consistent state is reached
+				# (change requires restart)
+#recovery_target_name = ''	# the named restore point to which recovery will proceed
+				# (change requires restart)
+#recovery_target_time = ''	# the time stamp up to which recovery will proceed
+				# (change requires restart)
+#recovery_target_xid = ''	# the transaction ID up to which recovery will proceed
+				# (change requires restart)
+#recovery_target_lsn = ''	# the WAL LSN up to which recovery will proceed
+				# (change requires restart)
+#recovery_target_inclusive = on # Specifies whether to stop:
+				# just after the specified recovery target (on)
+				# just before the recovery target (off)
+				# (change requires restart)
+#recovery_target_timeline = 'latest'	# 'current', 'latest', or timeline ID
+				# (change requires restart)
+#recovery_target_action = 'pause'	# 'pause', 'promote', 'shutdown'
+				# (change requires restart)
+
+
+#------------------------------------------------------------------------------
+# REPLICATION
+#------------------------------------------------------------------------------
+
+# - Sending Servers -
+
+# Set these on the master and on any standby that will send replication data.
+
+max_wal_senders = 0		# max number of walsender processes
+				# (change requires restart)
+#wal_keep_segments = 0		# in logfile segments; 0 disables
+#wal_sender_timeout = 60s	# in milliseconds; 0 disables
+
+max_replication_slots = 0	# max number of replication slots
+				# (change requires restart)
+#track_commit_timestamp = off	# collect timestamp of transaction commit
+				# (change requires restart)
+
+# - Master Server -
+
+# These settings are ignored on a standby server.
+
+#synchronous_standby_names = ''	# standby servers that provide sync rep
+				# method to choose sync standbys, number of sync standbys,
+				# and comma-separated list of application_name
+				# from standby(s); '*' = all
+#vacuum_defer_cleanup_age = 0	# number of xacts by which cleanup is delayed
+
+# - Standby Servers -
+
+# These settings are ignored on a master server.
+
+#primary_conninfo = ''			# connection string to sending server
+					# (change requires restart)
+#primary_slot_name = ''			# replication slot on sending server
+					# (change requires restart)
+#promote_trigger_file = ''		# file name whose presence ends recovery
+#hot_standby = on			# "off" disallows queries during recovery
+					# (change requires restart)
+#max_standby_archive_delay = 30s	# max delay before canceling queries
+					# when reading WAL from archive;
+					# -1 allows indefinite delay
+#max_standby_streaming_delay = 30s	# max delay before canceling queries
+					# when reading streaming WAL;
+					# -1 allows indefinite delay
+#wal_receiver_status_interval = 10s	# send replies at least this often
+					# 0 disables
+#hot_standby_feedback = off		# send info from standby to prevent
+					# query conflicts
+#wal_receiver_timeout = 60s		# time that receiver waits for
+					# communication from master
+					# in milliseconds; 0 disables
+#wal_retrieve_retry_interval = 5s	# time to wait before retrying to
+					# retrieve WAL after a failed attempt
+#recovery_min_apply_delay = 0		# minimum delay for applying changes during recovery
+
+# - Subscribers -
+
+# These settings are ignored on a publisher.
+
+max_logical_replication_workers = 0	# taken from max_worker_processes
+					# (change requires restart)
+max_sync_workers_per_subscription = 0	# taken from max_logical_replication_workers
+
+
+#------------------------------------------------------------------------------
+# QUERY TUNING
+#------------------------------------------------------------------------------
+
+# - Planner Method Configuration -
+
+#enable_bitmapscan = on
+#enable_hashagg = on
+#enable_hashjoin = on
+#enable_indexscan = on
+#enable_indexonlyscan = on
+#enable_material = on
+#enable_mergejoin = on
+#enable_nestloop = on
+#enable_parallel_append = on
+#enable_seqscan = on
+#enable_sort = on
+#enable_tidscan = on
+#enable_partitionwise_join = off
+#enable_partitionwise_aggregate = off
+#enable_parallel_hash = on
+#enable_partition_pruning = on
+
+# - Planner Cost Constants -
+
+#seq_page_cost = 1.0			# measured on an arbitrary scale
+#random_page_cost = 4.0			# same scale as above
+#cpu_tuple_cost = 0.01			# same scale as above
+#cpu_index_tuple_cost = 0.005		# same scale as above
+#cpu_operator_cost = 0.0025		# same scale as above
+#parallel_tuple_cost = 0.1		# same scale as above
+#parallel_setup_cost = 1000.0	# same scale as above
+
+#jit_above_cost = 100000		# perform JIT compilation if available
+					# and query more expensive than this;
+					# -1 disables
+#jit_inline_above_cost = 500000		# inline small functions if query is
+					# more expensive than this; -1 disables
+#jit_optimize_above_cost = 500000	# use expensive JIT optimizations if
+					# query is more expensive than this;
+					# -1 disables
+
+#min_parallel_table_scan_size = 8MB
+#min_parallel_index_scan_size = 512kB
+#effective_cache_size = 4GB
+
+# - Genetic Query Optimizer -
+
+#geqo = on
+#geqo_threshold = 12
+#geqo_effort = 5			# range 1-10
+#geqo_pool_size = 0			# selects default based on effort
+#geqo_generations = 0			# selects default based on effort
+#geqo_selection_bias = 2.0		# range 1.5-2.0
+#geqo_seed = 0.0			# range 0.0-1.0
+
+# - Other Planner Options -
+
+#default_statistics_target = 100	# range 1-10000
+#constraint_exclusion = partition	# on, off, or partition
+#cursor_tuple_fraction = 0.1		# range 0.0-1.0
+#from_collapse_limit = 8
+#join_collapse_limit = 8		# 1 disables collapsing of explicit
+					# JOIN clauses
+#force_parallel_mode = off
+#jit = on				# allow JIT compilation
+#plan_cache_mode = auto			# auto, force_generic_plan or
+					# force_custom_plan
+
+
+#------------------------------------------------------------------------------
+# REPORTING AND LOGGING
+#------------------------------------------------------------------------------
+
+# - Where to Log -
+
+#log_destination = 'stderr'		# Valid values are combinations of
+					# stderr, csvlog, syslog, and eventlog,
+					# depending on platform.  csvlog
+					# requires logging_collector to be on.
+
+# This is used when logging to stderr:
+#logging_collector = off		# Enable capturing of stderr and csvlog
+					# into log files. Required to be on for
+					# csvlogs.
+					# (change requires restart)
+
+# These are only used if logging_collector is on:
+#log_directory = 'log'			# directory where log files are written,
+					# can be absolute or relative to PGDATA
+#log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log'	# log file name pattern,
+					# can include strftime() escapes
+#log_file_mode = 0600			# creation mode for log files,
+					# begin with 0 to use octal notation
+#log_truncate_on_rotation = off		# If on, an existing log file with the
+					# same name as the new log file will be
+					# truncated rather than appended to.
+					# But such truncation only occurs on
+					# time-driven rotation, not on restarts
+					# or size-driven rotation.  Default is
+					# off, meaning append to existing files
+					# in all cases.
+#log_rotation_age = 1d			# Automatic rotation of logfiles will
+					# happen after that time.  0 disables.
+#log_rotation_size = 10MB		# Automatic rotation of logfiles will
+					# happen after that much log output.
+					# 0 disables.
+
+# These are relevant when logging to syslog:
+#syslog_facility = 'LOCAL0'
+#syslog_ident = 'postgres'
+#syslog_sequence_numbers = on
+#syslog_split_messages = on
+
+# This is only relevant when logging to eventlog (win32):
+# (change requires restart)
+#event_source = 'PostgreSQL'
+
+# - When to Log -
+
+#log_min_messages = warning		# values in order of decreasing detail:
+					#   debug5
+					#   debug4
+					#   debug3
+					#   debug2
+					#   debug1
+					#   info
+					#   notice
+					#   warning
+					#   error
+					#   log
+					#   fatal
+					#   panic
+
+#log_min_error_statement = error	# values in order of decreasing detail:
+					#   debug5
+					#   debug4
+					#   debug3
+					#   debug2
+					#   debug1
+					#   info
+					#   notice
+					#   warning
+					#   error
+					#   log
+					#   fatal
+					#   panic (effectively off)
+
+#log_min_duration_statement = -1	# -1 is disabled, 0 logs all statements
+					# and their durations, > 0 logs only
+					# statements running at least this number
+					# of milliseconds
+
+#log_transaction_sample_rate = 0.0	# Fraction of transactions whose statements
+					# are logged regardless of their duration. 1.0 logs all
+					# statements from all transactions, 0.0 never logs.
+
+# - What to Log -
+
+#debug_print_parse = off
+#debug_print_rewritten = off
+#debug_print_plan = off
+#debug_pretty_print = on
+#log_checkpoints = off
+#log_connections = off
+#log_disconnections = off
+#log_duration = off
+#log_error_verbosity = default		# terse, default, or verbose messages
+#log_hostname = off
+log_line_prefix = '%m [%p] %q%u@%d '			# special values:
+					#   %a = application name
+					#   %u = user name
+					#   %d = database name
+					#   %r = remote host and port
+					#   %h = remote host
+					#   %p = process ID
+					#   %t = timestamp without milliseconds
+					#   %m = timestamp with milliseconds
+					#   %n = timestamp with milliseconds (as a Unix epoch)
+					#   %i = command tag
+					#   %e = SQL state
+					#   %c = session ID
+					#   %l = session line number
+					#   %s = session start timestamp
+					#   %v = virtual transaction ID
+					#   %x = transaction ID (0 if none)
+					#   %q = stop here in non-session
+					#        processes
+					#   %% = '%'
+					# e.g. '<%u%%%d> '
+#log_lock_waits = off			# log lock waits >= deadlock_timeout
+#log_statement = 'none'			# none, ddl, mod, all
+#log_replication_commands = off
+#log_temp_files = -1			# log temporary files equal or larger
+					# than the specified size in kilobytes;
+					# -1 disables, 0 logs all temp files
+log_timezone = 'Europe/Prague'
+
+#------------------------------------------------------------------------------
+# PROCESS TITLE
+#------------------------------------------------------------------------------
+
+#cluster_name = ''			# added to process titles if nonempty
+					# (change requires restart)
+#update_process_title = on
+
+
+#------------------------------------------------------------------------------
+# STATISTICS
+#------------------------------------------------------------------------------
+
+# - Query and Index Statistics Collector -
+
+#track_activities = on
+#track_counts = on
+#track_io_timing = off
+#track_functions = none			# none, pl, all
+#track_activity_query_size = 1024	# (change requires restart)
+#stats_temp_directory = 'pg_stat_tmp'
+
+
+# - Monitoring -
+
+#log_parser_stats = off
+#log_planner_stats = off
+#log_executor_stats = off
+#log_statement_stats = off
+
+
+#------------------------------------------------------------------------------
+# AUTOVACUUM
+#------------------------------------------------------------------------------
+
+#autovacuum = on			# Enable autovacuum subprocess?  'on'
+					# requires track_counts to also be on.
+#log_autovacuum_min_duration = -1	# -1 disables, 0 logs all actions and
+					# their durations, > 0 logs only
+					# actions running at least this number
+					# of milliseconds.
+#autovacuum_max_workers = 3		# max number of autovacuum subprocesses
+					# (change requires restart)
+#autovacuum_naptime = 1min		# time between autovacuum runs
+#autovacuum_vacuum_threshold = 50	# min number of row updates before
+					# vacuum
+#autovacuum_analyze_threshold = 50	# min number of row updates before
+					# analyze
+#autovacuum_vacuum_scale_factor = 0.2	# fraction of table size before vacuum
+#autovacuum_analyze_scale_factor = 0.1	# fraction of table size before analyze
+#autovacuum_freeze_max_age = 200000000	# maximum XID age before forced vacuum
+					# (change requires restart)
+#autovacuum_multixact_freeze_max_age = 400000000	# maximum multixact age
+					# before forced vacuum
+					# (change requires restart)
+#autovacuum_vacuum_cost_delay = 2ms	# default vacuum cost delay for
+					# autovacuum, in milliseconds;
+					# -1 means use vacuum_cost_delay
+#autovacuum_vacuum_cost_limit = -1	# default vacuum cost limit for
+					# autovacuum, -1 means use
+					# vacuum_cost_limit
+
+
+#------------------------------------------------------------------------------
+# CLIENT CONNECTION DEFAULTS
+#------------------------------------------------------------------------------
+
+# - Statement Behavior -
+
+#client_min_messages = notice		# values in order of decreasing detail:
+					#   debug5
+					#   debug4
+					#   debug3
+					#   debug2
+					#   debug1
+					#   log
+					#   notice
+					#   warning
+					#   error
+#search_path = '"$user", public'	# schema names
+#row_security = on
+#default_tablespace = ''		# a tablespace name, '' uses the default
+#temp_tablespaces = ''			# a list of tablespace names, '' uses
+					# only default tablespace
+#default_table_access_method = 'heap'
+#check_function_bodies = on
+#default_transaction_isolation = 'read committed'
+#default_transaction_read_only = off
+#default_transaction_deferrable = off
+#session_replication_role = 'origin'
+#statement_timeout = 0			# in milliseconds, 0 is disabled
+#lock_timeout = 0			# in milliseconds, 0 is disabled
+#idle_in_transaction_session_timeout = 0	# in milliseconds, 0 is disabled
+#vacuum_freeze_min_age = 50000000
+#vacuum_freeze_table_age = 150000000
+#vacuum_multixact_freeze_min_age = 5000000
+#vacuum_multixact_freeze_table_age = 150000000
+#vacuum_cleanup_index_scale_factor = 0.1	# fraction of total number of tuples
+						# before index cleanup, 0 always performs
+						# index cleanup
+#bytea_output = 'hex'			# hex, escape
+#xmlbinary = 'base64'
+#xmloption = 'content'
+#gin_fuzzy_search_limit = 0
+#gin_pending_list_limit = 4MB
+
+# - Locale and Formatting -
+
+datestyle = 'iso, mdy'
+#intervalstyle = 'postgres'
+timezone = 'Europe/Prague'
+#timezone_abbreviations = 'Default'     # Select the set of available time zone
+					# abbreviations.  Currently, there are
+					#   Default
+					#   Australia (historical usage)
+					#   India
+					# You can create your own file in
+					# share/timezonesets/.
+#extra_float_digits = 1			# min -15, max 3; any value >0 actually
+					# selects precise output mode
+#client_encoding = sql_ascii		# actually, defaults to database
+					# encoding
+
+# These settings are initialized by initdb, but they can be changed.
+lc_messages = 'C'			# locale for system error message
+					# strings
+lc_monetary = 'C'			# locale for monetary formatting
+lc_numeric = 'C'			# locale for number formatting
+lc_time = 'C'				# locale for time formatting
+
+# default configuration for text search
+default_text_search_config = 'pg_catalog.english'
+
+# - Shared Library Preloading -
+
+#shared_preload_libraries = ''	# (change requires restart)
+#local_preload_libraries = ''
+#session_preload_libraries = ''
+#jit_provider = 'llvmjit'		# JIT library to use
+
+# - Other Defaults -
+
+#dynamic_library_path = '$libdir'
+
+
+#------------------------------------------------------------------------------
+# LOCK MANAGEMENT
+#------------------------------------------------------------------------------
+
+#deadlock_timeout = 1s
+#max_locks_per_transaction = 64		# min 10
+					# (change requires restart)
+#max_pred_locks_per_transaction = 64	# min 10
+					# (change requires restart)
+#max_pred_locks_per_relation = -2	# negative values mean
+					# (max_pred_locks_per_transaction
+					#  / -max_pred_locks_per_relation) - 1
+#max_pred_locks_per_page = 2            # min 0
+
+
+#------------------------------------------------------------------------------
+# VERSION AND PLATFORM COMPATIBILITY
+#------------------------------------------------------------------------------
+
+# - Previous PostgreSQL Versions -
+
+#array_nulls = on
+#backslash_quote = safe_encoding	# on, off, or safe_encoding
+#escape_string_warning = on
+#lo_compat_privileges = off
+#operator_precedence_warning = off
+#quote_all_identifiers = off
+#standard_conforming_strings = on
+#synchronize_seqscans = on
+
+# - Other Platforms and Clients -
+
+#transform_null_equals = off
+
+
+#------------------------------------------------------------------------------
+# ERROR HANDLING
+#------------------------------------------------------------------------------
+
+#exit_on_error = off			# terminate session on any error?
+#restart_after_crash = on		# reinitialize after backend crash?
+#data_sync_retry = off			# retry or panic on failure to fsync
+					# data?
+					# (change requires restart)
+
+
+#------------------------------------------------------------------------------
+# CONFIG FILE INCLUDES
+#------------------------------------------------------------------------------
+
+# These options allow settings to be loaded from files other than the
+# default postgresql.conf.  Note that these are directives, not variable
+# assignments, so they can usefully be given more than once.
+
+#include_dir = '...'			# include files ending in '.conf' from
+					# a directory, e.g., 'conf.d'
+#include_if_exists = '...'		# include file only if it exists
+#include = '...'			# include file
+
+
+#------------------------------------------------------------------------------
+# CUSTOMIZED OPTIONS
+#------------------------------------------------------------------------------
+
+# Add settings for extensions here

lxc-apps/safire/install/sahana_conf/000_config.py

@@ -0,0 +1,263 @@
+# -*- coding: utf-8 -*-
+
+"""
+    Machine-specific settings
+    All settings which are typically edited for a specific machine should be done here
+
+    Deployers should ideally not need to edit any other files outside of their template folder
+
+    Note for Developers:
+        /models/000_config.py is NOT in the Git repository, to avoid leaking of
+        sensitive or irrelevant information into the repository.
+    For changes to be committed, please also edit:
+        modules/templates/000_config.py
+"""
+
+# Remove this line when you have edited this file sufficiently to proceed to the web interface
+FINISHED_EDITING_CONFIG_FILE = True
+
+# Select the Template
+# - which Modules are enabled
+# - PrePopulate data
+# - Security Policy
+# - Workflows
+# - Theme
+# - note that you should restart your web2py after changing this setting
+settings.base.template = "SAFIRE"
+
+# Database settings
+# Uncomment to use a different database, other than sqlite
+settings.database.db_type = "postgres"
+#settings.database.db_type = "mysql"
+# Uncomment to use a different host
+settings.database.host = "safire-postgres"
+# Uncomment to use a different port
+#settings.database.port = 3306
+#settings.database.port = 5432
+# Uncomment to select a different name for your database
+settings.database.database = "safire"
+# Uncomment to select a different username for your database
+settings.database.username = "safire"
+# Uncomment to set the password
+# NB Web2Py doesn't like passwords with an @ in them
+settings.database.password = "${SAFIRE_PWD}"
+# Uncomment to use a different pool size
+#settings.database.pool_size = 30
+# Do we have a spatial DB available? (currently supports PostGIS. Spatialite to come.)
+settings.gis.spatialdb = True
+
+# Base settings
+settings.base.system_name = T("Sahana First Response")
+settings.base.system_name_short = T("SAFIRE")
+# Set this to the Public URL of the instance
+settings.base.public_url = "https://safire.spotter.vm"
+
+# Switch to "False" in Production for a Performance gain
+# (need to set to "True" again when Table definitions are changed)
+settings.base.migrate = True
+# To just create the .table files (also requires migrate=True):
+#settings.base.fake_migrate = True
+
+# Set this to True to switch to Debug mode
+# Debug mode means that uncompressed CSS/JS files are loaded
+# JS Debug messages are also available in the Console
+# can also load an individual page in debug mode by appending URL with
+# ?debug=1
+settings.base.debug = True
+
+# Uncomment this to prevent automated test runs from remote
+# settings.base.allow_testing = False
+
+# Configure the log level ("DEBUG", "INFO", "WARNING", "ERROR" or "CRITICAL"), None = turn off logging (default)
+#settings.log.level = "ERROR" # DEBUG set automatically when base.debug is True
+# Uncomment to prevent writing log messages to the console (sys.stderr)
+#settings.log.console = False
+# Configure a log file (file name)
+#settings.log.logfile = None
+# Uncomment to get detailed caller information
+#settings.log.caller_info = True
+
+# Uncomment to use Content Delivery Networks to speed up Internet-facing sites
+#settings.base.cdn = True
+
+# Allow language files to be updated automatically
+#settings.L10n.languages_readonly = False
+
+# This setting should be changed _before_ registering the 1st user
+# - should happen automatically if installing using supported scripts
+settings.auth.hmac_key = "${SAFIRE_HMAC}"
+
+# If using Masterkey Authentication, then set this to a deployment-specific 32 char string:
+#settings.auth.masterkey_app_key = "randomstringrandomstringrandomstring"
+
+# Minimum Password Length
+#settings.auth.password_min_length = 8
+
+# Email settings
+# Outbound server
+settings.mail.server = "host:25"
+#settings.mail.tls = True
+# Useful for Windows Laptops:
+# https://www.google.com/settings/security/lesssecureapps
+#settings.mail.server = "smtp.gmail.com:587"
+#settings.mail.tls = True
+#settings.mail.login = "username:password"
+# From Address - until this is set, no mails can be sent
+settings.mail.sender = "${SAFIRE_ADMIN_USER}"
+# Default email address to which requests to approve new user accounts gets sent
+# This can be overridden for specific domains/organisations via the auth_domain table
+settings.mail.approver = "${SAFIRE_ADMIN_USER}"
+# Daily Limit on Sending of emails
+#settings.mail.limit = 1000
+
+# Frontpage settings
+# RSS feeds
+settings.frontpage.rss = [
+    {"title": "Eden",
+     # Trac timeline
+     "url": "http://eden.sahanafoundation.org/timeline?ticket=on&changeset=on&milestone=on&wiki=on&max=50&daysback=90&format=rss"
+    },
+    {"title": "Twitter",
+     # @SahanaFOSS
+     #"url": "https://search.twitter.com/search.rss?q=from%3ASahanaFOSS" # API v1 deprecated, so doesn't work, need to use 3rd-party service, like:
+     "url": "http://www.rssitfor.me/getrss?name=@SahanaFOSS"
+     # Hashtag
+     #url: "http://search.twitter.com/search.atom?q=%23eqnz" # API v1 deprecated, so doesn't work, need to use 3rd-party service, like:
+     #url: "http://api2.socialmention.com/search?q=%23eqnz&t=all&f=rss"
+    }
+]
+
+# Uncomment to restrict to specific country/countries
+#settings.gis.countries= ("LK",)
+
+# Uncomment to enable a guided tour
+#settings.base.guided_tour = True
+
+# Bing API Key (for Map layers)
+# http://www.microsoft.com/maps/create-a-bing-maps-key.aspx
+#settings.gis.api_bing = ""
+# Google API Key (for Google Maps Layers)
+settings.gis.api_google = ""
+# Yahoo API Key (for Geocoder)
+#settings.gis.api_yahoo = ""
+
+# GeoNames username
+#settings.gis.geonames_username = ""
+
+# Fill this in to get Google Analytics for your site
+#settings.base.google_analytics_tracking_id = ""
+
+# Chat server, see: http://eden.sahanafoundation.org/wiki/InstallationGuidelines/Chat
+#settings.base.chat_server = {
+#   "ip": "127.0.0.1",
+#   "port": 7070,
+#   "name": "servername",
+#	# Default group everyone is added to
+#   "groupname" : "everyone",
+#   "server_db" : "openfire",
+#   # These settings fallback to main DB settings if not specified
+#   # Only mysql/postgres supported
+#   #"server_db_type" : "mysql",
+#   #"server_db_username" : "",
+#   #"server_db_password": "",
+#   #"server_db_port" : 3306,
+#   #"server_db_ip" : "127.0.0.1",
+#   }
+
+# GeoServer (Currently used by GeoExplorer. Will allow REST control of GeoServer.)
+# NB Needs to be publically-accessible URL for querying via client JS
+#settings.gis.geoserver_url = "http://localhost/geoserver"
+#settings.gis.geoserver_username = "admin"
+#settings.gis.geoserver_password = ""
+# Print Service URL: http://eden.sahanafoundation.org/wiki/BluePrintGISPrinting
+#settings.gis.print_service = "/geoserver/pdf/"
+
+# Google OAuth (to allow users to login using Google)
+# https://code.google.com/apis/console/
+#settings.auth.google_id = ""
+#settings.auth.google_secret = ""
+
+# Pootle server
+# settings.L10n.pootle_url = "http://pootle.sahanafoundation.org/"
+# settings.L10n.pootle_username = "username"
+# settings.L10n.pootle_password = "*****"
+
+# SOLR server for Full-Text Search
+#settings.base.solr_url = "http://127.0.0.1:8983/solr/"
+
+# Memcache server to allow sharing of sessions across instances
+#settings.base.session_memcache = '127.0.0.1:11211'
+
+settings.base.session_db = True
+
+# UI options
+# Should user be prompted to save before navigating away?
+#settings.ui.navigate_away_confirm = False
+# Should user be prompted to confirm actions?
+#settings.ui.confirm = False
+# Should potentially large dropdowns be turned into autocompletes?
+# (unused currently)
+#settings.ui.autocomplete = True
+#settings.ui.read_label = "Details"
+#settings.ui.update_label = "Edit"
+
+# Audit settings
+# - can be a callable for custom hooks (return True to also perform normal logging, or False otherwise)
+# NB Auditing (especially Reads) slows system down & consumes diskspace
+#settings.security.audit_write = False
+#settings.security.audit_read = False
+
+# Performance Options
+# Maximum number of search results for an Autocomplete Widget
+#settings.search.max_results = 200
+# Maximum number of features for a Map Layer
+#settings.gis.max_features = 1000
+
+# CAP Settings
+# Change for different authority and organisations
+# See http://alerting.worldweather.org/ for oid
+# Country root oid. The oid for the organisation includes this base
+#settings.cap.identifier_oid = "2.49.0.0.608.0"
+# Set the period (in days) after which alert info segments expire (default=2)
+#settings.cap.info_effective_period = 2
+
+# =============================================================================
+# Import the settings from the Template
+# - note: invalid settings are ignored
+#
+settings.import_template()
+
+# =============================================================================
+# Over-rides to the Template may be done here
+#
+
+# e.g.
+#settings.base.system_name = T("Sahana TEST")
+#settings.base.prepopulate = ("MY_TEMPLATE_ONLY")
+#settings.base.prepopulate += ("default", "default/users")
+#settings.base.theme = "default"
+settings.L10n.default_language = "cs"
+#settings.security.policy = 7 # Organisation-ACLs
+# Enable Additional Module(s)
+#from gluon.storage import Storage
+#settings.modules["delphi"] = Storage(
+#        name_nice = T("Delphi Decision Maker"),
+#        restricted = False,
+#        module_type = 10,
+#    )
+# Disable a module which is normally used by the template
+# - NB Only templates with adaptive menus will work nicely with this!
+#del settings.modules["irs"]
+
+# Production instances should set this before prepopulate is run
+#settings.base.prepopulate_demo = 0
+
+# After 1st_run, set this for Production to save 1x DAL hit/request
+#settings.base.prepopulate = 0
+
+# =============================================================================
+# A version number to tell update_check if there is a need to refresh the
+# running copy of this file
+VERSION = 1
+
+# END =========================================================================

lxc-apps/safire/install/sahana_conf/00_settings.py

@@ -0,0 +1,318 @@
+# -*- coding: utf-8 -*-
+
+"""
+    Global settings:
+
+    Those which are typically edited during a deployment are in
+    000_config.py & their results parsed into here. Deployers
+    shouldn't typically need to edit any settings here.
+"""
+
+# Keep all our configuration options off the main global variables
+
+# Use response.s3 for one-off variables which are visible in views without explicit passing
+s3.formats = Storage()
+
+# Workaround for this Bug in Selenium with FF4:
+#    http://code.google.com/p/selenium/issues/detail?id=1604
+s3.interactive = settings.get_ui_confirm()
+
+s3.base_url = "%s/%s" % (settings.get_base_public_url(),
+                         appname)
+s3.download_url = "%s/default/download" % s3.base_url
+
+# -----------------------------------------------------------------------------
+# Client tests
+
+# Check whether browser is Mobile & store result in session
+# - commented-out until we make use of it
+#if session.s3.mobile is None:
+#    session.s3.mobile = s3base.s3_is_mobile_client(request)
+#if session.s3.browser is None:
+#    session.s3.browser = s3base.s3_populate_browser_compatibility(request)
+
+# -----------------------------------------------------------------------------
+# Global variables
+
+# Strings to i18n
+# Common Labels
+#messages["BREADCRUMB"] = ">> "
+messages["UNKNOWN_OPT"] = ""
+messages["NONE"] = ""
+messages["OBSOLETE"] = "Obsolete"
+messages["READ"] = settings.get_ui_label_read()
+messages["UPDATE"] = settings.get_ui_label_update()
+messages["DELETE"] = "Delete"
+messages["COPY"] = "Copy"
+messages["NOT_APPLICABLE"] = "N/A"
+messages["ADD_PERSON"] = "Create a Person"
+messages["ADD_LOCATION"] = "Create Location"
+messages["SELECT_LOCATION"] = "Select a location"
+messages["COUNTRY"] = "Country"
+messages["ORGANISATION"] = "Organization"
+messages["AUTOCOMPLETE_HELP"] = "Enter some characters to bring up a list of possible matches"
+
+for u in messages:
+    if isinstance(messages[u], str):
+        globals()[u] = T(messages[u])
+
+# CRUD Labels
+s3.crud_labels = Storage(READ=READ,
+                         UPDATE=UPDATE,
+                         DELETE=DELETE,
+                         COPY=COPY,
+                         NONE=NONE,
+                         )
+
+# Error Messages
+ERROR["BAD_RECORD"] = "Record not found!"
+ERROR["BAD_METHOD"] = "Unsupported method!"
+ERROR["BAD_FORMAT"] = "Unsupported data format!"
+ERROR["BAD_REQUEST"] = "Invalid request"
+ERROR["BAD_SOURCE"] = "Invalid source"
+ERROR["BAD_TEMPLATE"] = "XSLT stylesheet not found"
+ERROR["BAD_RESOURCE"] = "Nonexistent or invalid resource"
+ERROR["DATA_IMPORT_ERROR"] = "Data import error"
+ERROR["INTEGRITY_ERROR"] = "Integrity error: record can not be deleted while it is referenced by other records"
+ERROR["METHOD_DISABLED"] = "Method disabled"
+ERROR["NO_MATCH"] = "No matching element found in the data source"
+ERROR["NOT_IMPLEMENTED"] = "Not implemented"
+ERROR["NOT_PERMITTED"] = "Operation not permitted"
+ERROR["PARSE_ERROR"] = "XML parse error"
+ERROR["TRANSFORMATION_ERROR"] = "XSLT transformation error"
+ERROR["UNAUTHORISED"] = "Not Authorized"
+ERROR["VALIDATION_ERROR"] = "Validation error"
+
+# To get included in <HEAD>
+s3.stylesheets = []
+s3.external_stylesheets = []
+# To get included at the end of <BODY>
+s3.scripts = []
+s3.scripts_modules = []
+s3.js_global = []
+s3.jquery_ready = []
+
+# -----------------------------------------------------------------------------
+# Languages
+
+s3.l10n_languages = settings.get_L10n_languages()
+
+# Default strings are in US English
+T.current_languages = ("en", "en-us")
+# Check if user has selected a specific language
+if get_vars._language:
+    language = get_vars._language
+    session.s3.language = language
+elif session.s3.language:
+    # Use the last-selected language
+    language = session.s3.language
+elif auth.is_logged_in():
+    # Use user preference
+    language = auth.user.language
+else:
+    # Use system default
+    language = settings.get_L10n_default_language()
+#else:
+#    # Use what browser requests (default web2py behaviour)
+#    T.force(T.http_accept_language)
+
+# IE doesn't set request.env.http_accept_language
+#if language != "en":
+T.force(language)
+
+# Store for views (e.g. Ext)
+if language.find("-") == -1:
+    # Ext peculiarities
+    if language == "vi":
+        s3.language = "vn"
+    elif language == "el":
+        s3.language = "el_GR"
+    else:
+        s3.language = language
+else:
+    lang_parts = language.split("-")
+    s3.language = "%s_%s" % (lang_parts[0], lang_parts[1].upper())
+
+# List of Languages which use a Right-to-Left script (Arabic, Hebrew, Farsi, Urdu)
+if language in ("ar", "prs", "ps", "ur"):
+    s3.rtl = True
+else:
+    s3.rtl = False
+
+# -----------------------------------------------------------------------------
+# Auth
+
+_settings = auth.settings
+_settings.lock_keys = False
+
+_settings.expiration = 28800  # seconds
+
+if settings.get_auth_openid():
+    # Requires http://pypi.python.org/pypi/python-openid/
+    try:
+        from gluon.contrib.login_methods.openid_auth import OpenIDAuth
+        openid_login_form = OpenIDAuth(auth)
+        from gluon.contrib.login_methods.extended_login_form import ExtendedLoginForm
+        _settings.login_form = ExtendedLoginForm(auth, openid_login_form,
+                                                 signals=["oid", "janrain_nonce"])
+    except ImportError:
+        session.warning = "Library support not available for OpenID"
+
+# Allow use of LDAP accounts for login
+# NB Currently this means that change password should be disabled:
+#_settings.actions_disabled.append("change_password")
+# (NB These are not automatically added to PR or to Authenticated role since they enter via the login() method not register())
+#from gluon.contrib.login_methods.ldap_auth import ldap_auth
+# Require even alternate login methods to register users 1st
+#_settings.alternate_requires_registration = True
+# Active Directory
+#_settings.login_methods.append(ldap_auth(mode="ad", server="dc.domain.org", base_dn="ou=Users,dc=domain,dc=org"))
+# or if not wanting local users at all (no passwords saved within DB):
+#_settings.login_methods = [ldap_auth(mode="ad", server="dc.domain.org", base_dn="ou=Users,dc=domain,dc=org")]
+# Domino
+#_settings.login_methods.append(ldap_auth(mode="domino", server="domino.domain.org"))
+# OpenLDAP
+#_settings.login_methods.append(ldap_auth(server="directory.sahanafoundation.org", base_dn="ou=users,dc=sahanafoundation,dc=org"))
+# Allow use of Email accounts for login
+#_settings.login_methods.append(email_auth("smtp.gmail.com:587", "@gmail.com"))
+
+# Require captcha verification for registration
+#auth.settings.captcha = RECAPTCHA(request, public_key="PUBLIC_KEY", private_key="PRIVATE_KEY")
+# Require Email Verification
+_settings.registration_requires_verification = settings.get_auth_registration_requires_verification()
+_settings.on_failed_authorization = URL(c="default", f="user",
+                                        args="not_authorized")
+_settings.reset_password_requires_verification = True
+_settings.verify_email_next = URL(c="default", f="index")
+
+# Require Admin approval for self-registered users
+_settings.registration_requires_approval = settings.get_auth_registration_requires_approval()
+
+# We don't wish to clutter the groups list with 1 per user.
+_settings.create_user_groups = False
+# We need to allow basic logins for Webservices
+_settings.allow_basic_login = True
+
+_settings.logout_onlogout = s3_auth_on_logout
+_settings.login_onaccept = s3_auth_on_login
+# Now read in auth.login() to avoid setting unneccesarily in every request
+#_settings.login_next = settings.get_auth_login_next()
+if settings.has_module("vol") and \
+   settings.get_auth_registration_volunteer():
+    _settings.register_next = URL(c="vol", f="person")
+
+# Languages available in User Profiles
+#if len(s3.l10n_languages) > 1:
+#    _settings.table_user.language.requires = s3base.IS_ISO639_2_LANGUAGE_CODE(sort = True,
+#                                                                              translate = True,
+#                                                                              zero = None,
+#                                                                              )
+#else:
+#    field = _settings.table_user.language
+#    field.default = s3.l10n_languages.keys()[0]
+#    field.readable = False
+#    field.writable = False
+
+_settings.lock_keys = True
+
+# -----------------------------------------------------------------------------
+# Mail
+
+# These settings could be made configurable as part of the Messaging Module
+# - however also need to be used by Auth (order issues)
+sender = settings.get_mail_sender()
+if sender:
+    mail.settings.sender = sender
+    mail.settings.server = settings.get_mail_server()
+    mail.settings.tls = settings.get_mail_server_tls()
+    mail_server_login = settings.get_mail_server_login()
+    if mail_server_login:
+        mail.settings.login = mail_server_login
+    # Email settings for registration verification and approval
+    _settings.mailer = mail
+
+# -----------------------------------------------------------------------------
+# Session
+
+# Custom Notifications
+response.error = session.error
+response.confirmation = session.confirmation
+response.information = session.information
+response.warning = session.warning
+session.error = []
+session.confirmation = []
+session.information = []
+session.warning = []
+
+# Shortcuts for system role IDs, see modules/s3aaa.py/AuthS3
+#system_roles = auth.get_system_roles()
+#ADMIN = system_roles.ADMIN
+#AUTHENTICATED = system_roles.AUTHENTICATED
+#ANONYMOUS = system_roles.ANONYMOUS
+#EDITOR = system_roles.EDITOR
+#MAP_ADMIN = system_roles.MAP_ADMIN
+#ORG_ADMIN = system_roles.ORG_ADMIN
+#ORG_GROUP_ADMIN = system_roles.ORG_GROUP_ADMIN
+
+if s3.debug:
+    # Add the developer toolbar from modules/s3/s3utils.py
+    s3.toolbar = s3base.s3_dev_toolbar
+
+# -----------------------------------------------------------------------------
+# CRUD
+
+s3_formstyle = settings.get_ui_formstyle()
+s3_formstyle_read = settings.get_ui_formstyle_read()
+s3_formstyle_mobile = s3_formstyle
+submit_button = T("Save")
+s3_crud = s3.crud
+s3_crud.formstyle = s3_formstyle
+s3_crud.formstyle_read = s3_formstyle_read
+s3_crud.submit_button = submit_button
+# Optional class for Submit buttons
+#s3_crud.submit_style = "submit-button"
+s3_crud.confirm_delete = T("Do you really want to delete these records?")
+s3_crud.archive_not_delete = settings.get_security_archive_not_delete()
+s3_crud.navigate_away_confirm = settings.get_ui_navigate_away_confirm()
+
+# Content Type Headers, default is application/xml for XML formats
+# and text/x-json for JSON formats, other content types must be
+# specified here:
+s3.content_type = Storage(
+    tc = "application/atom+xml", # TableCast feeds
+    rss = "application/rss+xml", # RSS
+    georss = "application/rss+xml", # GeoRSS
+    kml = "application/vnd.google-earth.kml+xml", # KML
+)
+
+# JSON Formats
+s3.json_formats = ["geojson", "s3json"]
+
+# CSV Formats
+s3.csv_formats = ["hrf", "s3csv"]
+
+# Datatables default number of rows per page
+s3.ROWSPERPAGE = 20
+
+# Valid Extensions for Image Upload fields
+s3.IMAGE_EXTENSIONS = ["png", "PNG", "jpg", "JPG", "jpeg", "JPEG"]
+
+# Default CRUD strings
+s3.crud_strings = Storage(
+    label_create = T("Add Record"),
+    title_display = T("Record Details"),
+    title_list = T("Records"),
+    title_update = T("Edit Record"),
+    title_map = T("Map"),
+    title_report = T("Report"),
+    label_list_button = T("List Records"),
+    label_delete_button = T("Delete Record"),
+    msg_record_created = T("Record added"),
+    msg_record_modified = T("Record updated"),
+    msg_record_deleted = T("Record deleted"),
+    msg_list_empty = T("No Records currently available"),
+    msg_match = T("Matching Records"),
+    msg_no_match = T("No Matching Records"),
+    )
+
+# END =========================================================================

lxc-apps/safire/install/sahana_data/masterUsers.csv

@@ -0,0 +1,2 @@
+First Name,Last Name,Email,Password,Role,Organisation
+Admin,User,${SAFIRE_ADMIN_USER},${SAFIRE_ADMIN_PWD},ADMIN,

lxc-apps/safire/install/update-conf.sh

@@ -0,0 +1,14 @@
+#!/bin/sh
+
+# Volumes
+SAHANA_CONF="${VOLUMES_DIR}/safire/sahana_conf"
+
+# Variables
+HTTP_HOST="${HOST}"
+[ "${PORT}" != "443" ] && HTTP_HOST="${HTTP_HOST}:${PORT}"
+
+# Replacements
+sed -i "s|\(^settings\.base\.public_url = \).*|\1\"https://${HTTP_HOST}\"|" ${SAHANA_CONF}/000_config.py
+sed -i "s|\(^settings\.mail\.sender = \).*|\1\"${EMAIL}\"|" ${SAHANA_CONF}/000_config.py
+sed -i "s|\(^settings\.mail\.approver = \).*|\1\"${EMAIL}\"|" ${SAHANA_CONF}/000_config.py
+sed -i "s|\(^settings\.gis\.api_google = \).*|\1\"${GMAPS_API_KEY}\"|" ${SAHANA_CONF}/000_config.py

lxc-apps/safire/uninstall.sh

@@ -0,0 +1,8 @@
+#!/bin/sh
+set -ev
+
+# Remove persistent data
+rm -rf "${VOLUMES_DIR}/safire"
+
+# Unregister application
+vmmgr unregister-app safire

lxc-apps/share/app

@@ -0,0 +1,30 @@
+{
+    "version": "0.0.1-200403",
+    "meta": {
+        "title": "Sahana Eden - SHARE",
+        "desc-cs": "Řízení humanítární činnosti - Úleva a rehabilitace",
+        "desc-en": "Management of humanitarian activities - Relief and rehabilitation",
+        "license": "GPL"
+    },
+    "containers": {
+        "share": {
+            "image": "sahana_0.0.1-200403",
+            "depends": [
+                "share-postgres"
+            ],
+            "mounts": {
+                "share/sahana_conf": "srv/web2py/applications/eden/models",
+                "share/sahana_data/SHARE": "srv/web2py/applications/eden/modules/templates/SHARE",
+                "share/sahana_data/databases": "srv/web2py/applications/eden/databases",
+                "share/sahana_data/uploads": "srv/web2py/applications/eden/uploads",
+                "share/sahana_data/masterUsers.csv": "srv/web2py/applications/eden/modules/templates/default/users/masterUsers.csv:file"
+            }
+        },
+        "share-postgres": {
+            "image": "postgis_3.0.0-200403",
+            "mounts": {
+                "share/postgres_data": "var/lib/postgresql"
+            }
+        }
+    }
+}

lxc-apps/share/install.sh

@@ -0,0 +1,52 @@
+#!/bin/sh
+set -ev
+
+# Volumes
+POSTGRES_DATA="${VOLUMES_DIR}/share/postgres_data"
+SAHANA_DATA="${VOLUMES_DIR}/share/sahana_data"
+SAHANA_CONF="${VOLUMES_DIR}/share/sahana_conf"
+SAHANA_LAYER="${LAYERS_DIR}/sahana_0.0.1-200403"
+
+# Create Postgres instance
+install -o 105432 -g 105432 -m 700 -d ${POSTGRES_DATA}
+spoc-container exec share-postgres -- initdb -D /var/lib/postgresql
+
+# Configure Postgres
+install -o 105432 -g 105432 -m 600 postgres_data/postgresql.conf ${POSTGRES_DATA}/postgresql.conf
+install -o 105432 -g 105432 -m 600 postgres_data/pg_hba.conf ${POSTGRES_DATA}/pg_hba.conf
+
+# Create PostgreSQL user and database
+export SHARE_PWD=$(head -c 18 /dev/urandom | base64 | tr -d '+/=')
+spoc-container start share-postgres
+envsubst <createdb.sql | spoc-container exec share-postgres -- psql
+
+# Prepare persistent directory structure
+install -o 108080 -g 108080 -m 750 -d ${SAHANA_DATA}/databases
+install -o 108080 -g 108080 -m 750 -d ${SAHANA_DATA}/uploads
+cp -rp ${SAHANA_LAYER}/srv/web2py/applications/eden/models ${SAHANA_CONF}
+cp -rp ${SAHANA_LAYER}/srv/web2py/applications/eden/modules/templates/SHARE ${SAHANA_DATA}/SHARE
+
+# Configure SHARE
+export SHARE_HMAC=$(head -c 18 /dev/urandom | base64 | tr -d '+/=')
+export SHARE_ADMIN_USER="admin@example.com"
+export SHARE_ADMIN_PWD=$(head -c 12 /dev/urandom | base64 | tr -d '+/=')
+envsubst <sahana_conf/000_config.py | install -o 108080 -g 108080 -m 640 /dev/stdin ${SAHANA_CONF}/000_config.py
+envsubst <sahana_data/masterUsers.csv | install -o 108080 -g 108080 -m 640 /dev/stdin ${SAHANA_DATA}/masterUsers.csv
+install -o 108080 -g 108080 -m 640 sahana_conf/00_settings.py ${SAHANA_CONF}/00_settings.py
+install -o 108080 -g 108080 -m 640 sahana_data/SHARE/config.py ${SAHANA_DATA}/SHARE/config.py
+
+# Populate database
+spoc-container exec -u sahana share -- sh -c 'cd /srv/web2py; ./web2py.py -S eden -M -R applications/eden/static/scripts/tools/noop.py'
+
+# Set "production values" (increases performance) only if the DEBUG environment variable is not set
+if [ ${DEBUG:-0} -eq 0 ]; then
+    sed -i 's/settings.base.migrate = True/settings.base.migrate = False/' ${SAHANA_CONF}/000_config.py
+    sed -i 's/settings.base.debug = True/settings.base.debug = False/' ${SAHANA_CONF}/000_config.py
+    sed -i 's/#settings.base.prepopulate = 0/settings.base.prepopulate = 0/' ${SAHANA_CONF}/000_config.py
+fi
+
+# Stop services required for setup
+spoc-container stop share-postgres
+
+# Register application
+vmmgr register-app share share "${SHARE_ADMIN_USER}" "${SHARE_ADMIN_PWD}"

lxc-apps/share/install/createdb.sql

@@ -0,0 +1,8 @@
+CREATE ROLE share NOSUPERUSER NOCREATEDB NOCREATEROLE NOINHERIT LOGIN ENCRYPTED PASSWORD '${SHARE_PWD}';
+CREATE DATABASE share;
+REVOKE ALL ON DATABASE share FROM public;
+ALTER DATABASE share OWNER TO share;
+\c share;
+CREATE EXTENSION postgis;
+GRANT ALL ON geometry_columns TO share;
+GRANT ALL ON spatial_ref_sys TO share;

lxc-apps/share/install/postgres_data/pg_hba.conf

@@ -0,0 +1,3 @@
+local all postgres      peer
+local all all           md5
+host  all all 0.0.0.0/0 md5

lxc-apps/share/install/postgres_data/postgresql.conf

@@ -0,0 +1,750 @@
+# -----------------------------
+# PostgreSQL configuration file
+# -----------------------------
+#
+# This file consists of lines of the form:
+#
+#   name = value
+#
+# (The "=" is optional.)  Whitespace may be used.  Comments are introduced with
+# "#" anywhere on a line.  The complete list of parameter names and allowed
+# values can be found in the PostgreSQL documentation.
+#
+# The commented-out settings shown in this file represent the default values.
+# Re-commenting a setting is NOT sufficient to revert it to the default value;
+# you need to reload the server.
+#
+# This file is read on server startup and when the server receives a SIGHUP
+# signal.  If you edit the file on a running system, you have to SIGHUP the
+# server for the changes to take effect, run "pg_ctl reload", or execute
+# "SELECT pg_reload_conf()".  Some parameters, which are marked below,
+# require a server shutdown and restart to take effect.
+#
+# Any parameter can also be given as a command-line option to the server, e.g.,
+# "postgres -c log_connections=on".  Some parameters can be changed at run time
+# with the "SET" SQL command.
+#
+# Memory units:  kB = kilobytes        Time units:  ms  = milliseconds
+#                MB = megabytes                     s   = seconds
+#                GB = gigabytes                     min = minutes
+#                TB = terabytes                     h   = hours
+#                                                   d   = days
+
+
+#------------------------------------------------------------------------------
+# FILE LOCATIONS
+#------------------------------------------------------------------------------
+
+# The default values of these variables are driven from the -D command-line
+# option or PGDATA environment variable, represented here as ConfigDir.
+
+#data_directory = 'ConfigDir'		# use data in another directory
+					# (change requires restart)
+#hba_file = 'ConfigDir/pg_hba.conf'	# host-based authentication file
+					# (change requires restart)
+#ident_file = 'ConfigDir/pg_ident.conf'	# ident configuration file
+					# (change requires restart)
+
+# If external_pid_file is not explicitly set, no extra PID file is written.
+#external_pid_file = ''			# write an extra PID file
+					# (change requires restart)
+
+
+#------------------------------------------------------------------------------
+# CONNECTIONS AND AUTHENTICATION
+#------------------------------------------------------------------------------
+
+# - Connection Settings -
+
+listen_addresses = '*'			# what IP address(es) to listen on;
+					# comma-separated list of addresses;
+					# defaults to 'localhost'; use '*' for all
+					# (change requires restart)
+#port = 5432				# (change requires restart)
+max_connections = 100			# (change requires restart)
+#superuser_reserved_connections = 3	# (change requires restart)
+unix_socket_directories = '/run/postgresql,/tmp'	# comma-separated list of directories
+					# (change requires restart)
+#unix_socket_group = ''			# (change requires restart)
+#unix_socket_permissions = 0777		# begin with 0 to use octal notation
+					# (change requires restart)
+#bonjour = off				# advertise server via Bonjour
+					# (change requires restart)
+#bonjour_name = ''			# defaults to the computer name
+					# (change requires restart)
+
+# - TCP settings -
+# see "man 7 tcp" for details
+
+#tcp_keepalives_idle = 0		# TCP_KEEPIDLE, in seconds;
+					# 0 selects the system default
+#tcp_keepalives_interval = 0		# TCP_KEEPINTVL, in seconds;
+					# 0 selects the system default
+#tcp_keepalives_count = 0		# TCP_KEEPCNT;
+					# 0 selects the system default
+#tcp_user_timeout = 0			# TCP_USER_TIMEOUT, in milliseconds;
+					# 0 selects the system default
+
+# - Authentication -
+
+#authentication_timeout = 1min		# 1s-600s
+#password_encryption = md5		# md5 or scram-sha-256
+#db_user_namespace = off
+
+# GSSAPI using Kerberos
+#krb_server_keyfile = ''
+#krb_caseins_users = off
+
+# - SSL -
+
+#ssl = off
+#ssl_ca_file = ''
+#ssl_cert_file = 'server.crt'
+#ssl_crl_file = ''
+#ssl_key_file = 'server.key'
+#ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers
+#ssl_prefer_server_ciphers = on
+#ssl_ecdh_curve = 'prime256v1'
+#ssl_min_protocol_version = 'TLSv1'
+#ssl_max_protocol_version = ''
+#ssl_dh_params_file = ''
+#ssl_passphrase_command = ''
+#ssl_passphrase_command_supports_reload = off
+
+
+#------------------------------------------------------------------------------
+# RESOURCE USAGE (except WAL)
+#------------------------------------------------------------------------------
+
+# - Memory -
+
+shared_buffers = 128MB			# min 128kB
+					# (change requires restart)
+#huge_pages = try			# on, off, or try
+					# (change requires restart)
+#temp_buffers = 8MB			# min 800kB
+#max_prepared_transactions = 0		# zero disables the feature
+					# (change requires restart)
+# Caution: it is not advisable to set max_prepared_transactions nonzero unless
+# you actively intend to use prepared transactions.
+#work_mem = 4MB				# min 64kB
+#maintenance_work_mem = 64MB		# min 1MB
+#autovacuum_work_mem = -1		# min 1MB, or -1 to use maintenance_work_mem
+#max_stack_depth = 2MB			# min 100kB
+#shared_memory_type = mmap		# the default is the first option
+					# supported by the operating system:
+					#   mmap
+					#   sysv
+					#   windows
+					# (change requires restart)
+dynamic_shared_memory_type = posix	# the default is the first option
+					# supported by the operating system:
+					#   posix
+					#   sysv
+					#   windows
+					#   mmap
+					# (change requires restart)
+
+# - Disk -
+
+#temp_file_limit = -1			# limits per-process temp file space
+					# in kB, or -1 for no limit
+
+# - Kernel Resources -
+
+#max_files_per_process = 1000		# min 25
+					# (change requires restart)
+
+# - Cost-Based Vacuum Delay -
+
+#vacuum_cost_delay = 0			# 0-100 milliseconds (0 disables)
+#vacuum_cost_page_hit = 1		# 0-10000 credits
+#vacuum_cost_page_miss = 10		# 0-10000 credits
+#vacuum_cost_page_dirty = 20		# 0-10000 credits
+#vacuum_cost_limit = 200		# 1-10000 credits
+
+# - Background Writer -
+
+#bgwriter_delay = 200ms			# 10-10000ms between rounds
+#bgwriter_lru_maxpages = 100		# max buffers written/round, 0 disables
+#bgwriter_lru_multiplier = 2.0		# 0-10.0 multiplier on buffers scanned/round
+#bgwriter_flush_after = 512kB		# measured in pages, 0 disables
+
+# - Asynchronous Behavior -
+
+#effective_io_concurrency = 1		# 1-1000; 0 disables prefetching
+#max_worker_processes = 8		# (change requires restart)
+#max_parallel_maintenance_workers = 2	# taken from max_parallel_workers
+#max_parallel_workers_per_gather = 2	# taken from max_parallel_workers
+#parallel_leader_participation = on
+#max_parallel_workers = 8		# maximum number of max_worker_processes that
+					# can be used in parallel operations
+#old_snapshot_threshold = -1		# 1min-60d; -1 disables; 0 is immediate
+					# (change requires restart)
+#backend_flush_after = 0		# measured in pages, 0 disables
+
+
+#------------------------------------------------------------------------------
+# WRITE-AHEAD LOG
+#------------------------------------------------------------------------------
+
+# - Settings -
+
+wal_level = minimal			# minimal, replica, or logical
+					# (change requires restart)
+#fsync = on				# flush data to disk for crash safety
+					# (turning this off can cause
+					# unrecoverable data corruption)
+#synchronous_commit = on		# synchronization level;
+					# off, local, remote_write, remote_apply, or on
+#wal_sync_method = fsync		# the default is the first option
+					# supported by the operating system:
+					#   open_datasync
+					#   fdatasync (default on Linux)
+					#   fsync
+					#   fsync_writethrough
+					#   open_sync
+#full_page_writes = on			# recover from partial page writes
+#wal_compression = off			# enable compression of full-page writes
+#wal_log_hints = off			# also do full page writes of non-critical updates
+					# (change requires restart)
+#wal_init_zero = on			# zero-fill new WAL files
+#wal_recycle = on			# recycle WAL files
+#wal_buffers = -1			# min 32kB, -1 sets based on shared_buffers
+					# (change requires restart)
+#wal_writer_delay = 200ms		# 1-10000 milliseconds
+#wal_writer_flush_after = 1MB		# measured in pages, 0 disables
+
+#commit_delay = 0			# range 0-100000, in microseconds
+#commit_siblings = 5			# range 1-1000
+
+# - Checkpoints -
+
+#checkpoint_timeout = 5min		# range 30s-1d
+#max_wal_size = 1GB
+#min_wal_size = 80MB
+#checkpoint_completion_target = 0.5	# checkpoint target duration, 0.0 - 1.0
+#checkpoint_flush_after = 256kB		# measured in pages, 0 disables
+#checkpoint_warning = 30s		# 0 disables
+
+# - Archiving -
+
+#archive_mode = off		# enables archiving; off, on, or always
+				# (change requires restart)
+#archive_command = ''		# command to use to archive a logfile segment
+				# placeholders: %p = path of file to archive
+				#               %f = file name only
+				# e.g. 'test ! -f /mnt/server/archivedir/%f && cp %p /mnt/server/archivedir/%f'
+#archive_timeout = 0		# force a logfile segment switch after this
+				# number of seconds; 0 disables
+
+# - Archive Recovery -
+
+# These are only used in recovery mode.
+
+#restore_command = ''		# command to use to restore an archived logfile segment
+				# placeholders: %p = path of file to restore
+				#               %f = file name only
+				# e.g. 'cp /mnt/server/archivedir/%f %p'
+				# (change requires restart)
+#archive_cleanup_command = ''	# command to execute at every restartpoint
+#recovery_end_command = ''	# command to execute at completion of recovery
+
+# - Recovery Target -
+
+# Set these only when performing a targeted recovery.
+
+#recovery_target = ''		# 'immediate' to end recovery as soon as a
+                                # consistent state is reached
+				# (change requires restart)
+#recovery_target_name = ''	# the named restore point to which recovery will proceed
+				# (change requires restart)
+#recovery_target_time = ''	# the time stamp up to which recovery will proceed
+				# (change requires restart)
+#recovery_target_xid = ''	# the transaction ID up to which recovery will proceed
+				# (change requires restart)
+#recovery_target_lsn = ''	# the WAL LSN up to which recovery will proceed
+				# (change requires restart)
+#recovery_target_inclusive = on # Specifies whether to stop:
+				# just after the specified recovery target (on)
+				# just before the recovery target (off)
+				# (change requires restart)
+#recovery_target_timeline = 'latest'	# 'current', 'latest', or timeline ID
+				# (change requires restart)
+#recovery_target_action = 'pause'	# 'pause', 'promote', 'shutdown'
+				# (change requires restart)
+
+
+#------------------------------------------------------------------------------
+# REPLICATION
+#------------------------------------------------------------------------------
+
+# - Sending Servers -
+
+# Set these on the master and on any standby that will send replication data.
+
+max_wal_senders = 0		# max number of walsender processes
+				# (change requires restart)
+#wal_keep_segments = 0		# in logfile segments; 0 disables
+#wal_sender_timeout = 60s	# in milliseconds; 0 disables
+
+max_replication_slots = 0	# max number of replication slots
+				# (change requires restart)
+#track_commit_timestamp = off	# collect timestamp of transaction commit
+				# (change requires restart)
+
+# - Master Server -
+
+# These settings are ignored on a standby server.
+
+#synchronous_standby_names = ''	# standby servers that provide sync rep
+				# method to choose sync standbys, number of sync standbys,
+				# and comma-separated list of application_name
+				# from standby(s); '*' = all
+#vacuum_defer_cleanup_age = 0	# number of xacts by which cleanup is delayed
+
+# - Standby Servers -
+
+# These settings are ignored on a master server.
+
+#primary_conninfo = ''			# connection string to sending server
+					# (change requires restart)
+#primary_slot_name = ''			# replication slot on sending server
+					# (change requires restart)
+#promote_trigger_file = ''		# file name whose presence ends recovery
+#hot_standby = on			# "off" disallows queries during recovery
+					# (change requires restart)
+#max_standby_archive_delay = 30s	# max delay before canceling queries
+					# when reading WAL from archive;
+					# -1 allows indefinite delay
+#max_standby_streaming_delay = 30s	# max delay before canceling queries
+					# when reading streaming WAL;
+					# -1 allows indefinite delay
+#wal_receiver_status_interval = 10s	# send replies at least this often
+					# 0 disables
+#hot_standby_feedback = off		# send info from standby to prevent
+					# query conflicts
+#wal_receiver_timeout = 60s		# time that receiver waits for
+					# communication from master
+					# in milliseconds; 0 disables
+#wal_retrieve_retry_interval = 5s	# time to wait before retrying to
+					# retrieve WAL after a failed attempt
+#recovery_min_apply_delay = 0		# minimum delay for applying changes during recovery
+
+# - Subscribers -
+
+# These settings are ignored on a publisher.
+
+max_logical_replication_workers = 0	# taken from max_worker_processes
+					# (change requires restart)
+max_sync_workers_per_subscription = 0	# taken from max_logical_replication_workers
+
+
+#------------------------------------------------------------------------------
+# QUERY TUNING
+#------------------------------------------------------------------------------
+
+# - Planner Method Configuration -
+
+#enable_bitmapscan = on
+#enable_hashagg = on
+#enable_hashjoin = on
+#enable_indexscan = on
+#enable_indexonlyscan = on
+#enable_material = on
+#enable_mergejoin = on
+#enable_nestloop = on
+#enable_parallel_append = on
+#enable_seqscan = on
+#enable_sort = on
+#enable_tidscan = on
+#enable_partitionwise_join = off
+#enable_partitionwise_aggregate = off
+#enable_parallel_hash = on
+#enable_partition_pruning = on
+
+# - Planner Cost Constants -
+
+#seq_page_cost = 1.0			# measured on an arbitrary scale
+#random_page_cost = 4.0			# same scale as above
+#cpu_tuple_cost = 0.01			# same scale as above
+#cpu_index_tuple_cost = 0.005		# same scale as above
+#cpu_operator_cost = 0.0025		# same scale as above
+#parallel_tuple_cost = 0.1		# same scale as above
+#parallel_setup_cost = 1000.0	# same scale as above
+
+#jit_above_cost = 100000		# perform JIT compilation if available
+					# and query more expensive than this;
+					# -1 disables
+#jit_inline_above_cost = 500000		# inline small functions if query is
+					# more expensive than this; -1 disables
+#jit_optimize_above_cost = 500000	# use expensive JIT optimizations if
+					# query is more expensive than this;
+					# -1 disables
+
+#min_parallel_table_scan_size = 8MB
+#min_parallel_index_scan_size = 512kB
+#effective_cache_size = 4GB
+
+# - Genetic Query Optimizer -
+
+#geqo = on
+#geqo_threshold = 12
+#geqo_effort = 5			# range 1-10
+#geqo_pool_size = 0			# selects default based on effort
+#geqo_generations = 0			# selects default based on effort
+#geqo_selection_bias = 2.0		# range 1.5-2.0
+#geqo_seed = 0.0			# range 0.0-1.0
+
+# - Other Planner Options -
+
+#default_statistics_target = 100	# range 1-10000
+#constraint_exclusion = partition	# on, off, or partition
+#cursor_tuple_fraction = 0.1		# range 0.0-1.0
+#from_collapse_limit = 8
+#join_collapse_limit = 8		# 1 disables collapsing of explicit
+					# JOIN clauses
+#force_parallel_mode = off
+#jit = on				# allow JIT compilation
+#plan_cache_mode = auto			# auto, force_generic_plan or
+					# force_custom_plan
+
+
+#------------------------------------------------------------------------------
+# REPORTING AND LOGGING
+#------------------------------------------------------------------------------
+
+# - Where to Log -
+
+#log_destination = 'stderr'		# Valid values are combinations of
+					# stderr, csvlog, syslog, and eventlog,
+					# depending on platform.  csvlog
+					# requires logging_collector to be on.
+
+# This is used when logging to stderr:
+#logging_collector = off		# Enable capturing of stderr and csvlog
+					# into log files. Required to be on for
+					# csvlogs.
+					# (change requires restart)
+
+# These are only used if logging_collector is on:
+#log_directory = 'log'			# directory where log files are written,
+					# can be absolute or relative to PGDATA
+#log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log'	# log file name pattern,
+					# can include strftime() escapes
+#log_file_mode = 0600			# creation mode for log files,
+					# begin with 0 to use octal notation
+#log_truncate_on_rotation = off		# If on, an existing log file with the
+					# same name as the new log file will be
+					# truncated rather than appended to.
+					# But such truncation only occurs on
+					# time-driven rotation, not on restarts
+					# or size-driven rotation.  Default is
+					# off, meaning append to existing files
+					# in all cases.
+#log_rotation_age = 1d			# Automatic rotation of logfiles will
+					# happen after that time.  0 disables.
+#log_rotation_size = 10MB		# Automatic rotation of logfiles will
+					# happen after that much log output.
+					# 0 disables.
+
+# These are relevant when logging to syslog:
+#syslog_facility = 'LOCAL0'
+#syslog_ident = 'postgres'
+#syslog_sequence_numbers = on
+#syslog_split_messages = on
+
+# This is only relevant when logging to eventlog (win32):
+# (change requires restart)
+#event_source = 'PostgreSQL'
+
+# - When to Log -
+
+#log_min_messages = warning		# values in order of decreasing detail:
+					#   debug5
+					#   debug4
+					#   debug3
+					#   debug2
+					#   debug1
+					#   info
+					#   notice
+					#   warning
+					#   error
+					#   log
+					#   fatal
+					#   panic
+
+#log_min_error_statement = error	# values in order of decreasing detail:
+					#   debug5
+					#   debug4
+					#   debug3
+					#   debug2
+					#   debug1
+					#   info
+					#   notice
+					#   warning
+					#   error
+					#   log
+					#   fatal
+					#   panic (effectively off)
+
+#log_min_duration_statement = -1	# -1 is disabled, 0 logs all statements
+					# and their durations, > 0 logs only
+					# statements running at least this number
+					# of milliseconds
+
+#log_transaction_sample_rate = 0.0	# Fraction of transactions whose statements
+					# are logged regardless of their duration. 1.0 logs all
+					# statements from all transactions, 0.0 never logs.
+
+# - What to Log -
+
+#debug_print_parse = off
+#debug_print_rewritten = off
+#debug_print_plan = off
+#debug_pretty_print = on
+#log_checkpoints = off
+#log_connections = off
+#log_disconnections = off
+#log_duration = off
+#log_error_verbosity = default		# terse, default, or verbose messages
+#log_hostname = off
+log_line_prefix = '%m [%p] %q%u@%d '			# special values:
+					#   %a = application name
+					#   %u = user name
+					#   %d = database name
+					#   %r = remote host and port
+					#   %h = remote host
+					#   %p = process ID
+					#   %t = timestamp without milliseconds
+					#   %m = timestamp with milliseconds
+					#   %n = timestamp with milliseconds (as a Unix epoch)
+					#   %i = command tag
+					#   %e = SQL state
+					#   %c = session ID
+					#   %l = session line number
+					#   %s = session start timestamp
+					#   %v = virtual transaction ID
+					#   %x = transaction ID (0 if none)
+					#   %q = stop here in non-session
+					#        processes
+					#   %% = '%'
+					# e.g. '<%u%%%d> '
+#log_lock_waits = off			# log lock waits >= deadlock_timeout
+#log_statement = 'none'			# none, ddl, mod, all
+#log_replication_commands = off
+#log_temp_files = -1			# log temporary files equal or larger
+					# than the specified size in kilobytes;
+					# -1 disables, 0 logs all temp files
+log_timezone = 'Europe/Prague'
+
+#------------------------------------------------------------------------------
+# PROCESS TITLE
+#------------------------------------------------------------------------------
+
+#cluster_name = ''			# added to process titles if nonempty
+					# (change requires restart)
+#update_process_title = on
+
+
+#------------------------------------------------------------------------------
+# STATISTICS
+#------------------------------------------------------------------------------
+
+# - Query and Index Statistics Collector -
+
+#track_activities = on
+#track_counts = on
+#track_io_timing = off
+#track_functions = none			# none, pl, all
+#track_activity_query_size = 1024	# (change requires restart)
+#stats_temp_directory = 'pg_stat_tmp'
+
+
+# - Monitoring -
+
+#log_parser_stats = off
+#log_planner_stats = off
+#log_executor_stats = off
+#log_statement_stats = off
+
+
+#------------------------------------------------------------------------------
+# AUTOVACUUM
+#------------------------------------------------------------------------------
+
+#autovacuum = on			# Enable autovacuum subprocess?  'on'
+					# requires track_counts to also be on.
+#log_autovacuum_min_duration = -1	# -1 disables, 0 logs all actions and
+					# their durations, > 0 logs only
+					# actions running at least this number
+					# of milliseconds.
+#autovacuum_max_workers = 3		# max number of autovacuum subprocesses
+					# (change requires restart)
+#autovacuum_naptime = 1min		# time between autovacuum runs
+#autovacuum_vacuum_threshold = 50	# min number of row updates before
+					# vacuum
+#autovacuum_analyze_threshold = 50	# min number of row updates before
+					# analyze
+#autovacuum_vacuum_scale_factor = 0.2	# fraction of table size before vacuum
+#autovacuum_analyze_scale_factor = 0.1	# fraction of table size before analyze
+#autovacuum_freeze_max_age = 200000000	# maximum XID age before forced vacuum
+					# (change requires restart)
+#autovacuum_multixact_freeze_max_age = 400000000	# maximum multixact age
+					# before forced vacuum
+					# (change requires restart)
+#autovacuum_vacuum_cost_delay = 2ms	# default vacuum cost delay for
+					# autovacuum, in milliseconds;
+					# -1 means use vacuum_cost_delay
+#autovacuum_vacuum_cost_limit = -1	# default vacuum cost limit for
+					# autovacuum, -1 means use
+					# vacuum_cost_limit
+
+
+#------------------------------------------------------------------------------
+# CLIENT CONNECTION DEFAULTS
+#------------------------------------------------------------------------------
+
+# - Statement Behavior -
+
+#client_min_messages = notice		# values in order of decreasing detail:
+					#   debug5
+					#   debug4
+					#   debug3
+					#   debug2
+					#   debug1
+					#   log
+					#   notice
+					#   warning
+					#   error
+#search_path = '"$user", public'	# schema names
+#row_security = on
+#default_tablespace = ''		# a tablespace name, '' uses the default
+#temp_tablespaces = ''			# a list of tablespace names, '' uses
+					# only default tablespace
+#default_table_access_method = 'heap'
+#check_function_bodies = on
+#default_transaction_isolation = 'read committed'
+#default_transaction_read_only = off
+#default_transaction_deferrable = off
+#session_replication_role = 'origin'
+#statement_timeout = 0			# in milliseconds, 0 is disabled
+#lock_timeout = 0			# in milliseconds, 0 is disabled
+#idle_in_transaction_session_timeout = 0	# in milliseconds, 0 is disabled
+#vacuum_freeze_min_age = 50000000
+#vacuum_freeze_table_age = 150000000
+#vacuum_multixact_freeze_min_age = 5000000
+#vacuum_multixact_freeze_table_age = 150000000
+#vacuum_cleanup_index_scale_factor = 0.1	# fraction of total number of tuples
+						# before index cleanup, 0 always performs
+						# index cleanup
+#bytea_output = 'hex'			# hex, escape
+#xmlbinary = 'base64'
+#xmloption = 'content'
+#gin_fuzzy_search_limit = 0
+#gin_pending_list_limit = 4MB
+
+# - Locale and Formatting -
+
+datestyle = 'iso, mdy'
+#intervalstyle = 'postgres'
+timezone = 'Europe/Prague'
+#timezone_abbreviations = 'Default'     # Select the set of available time zone
+					# abbreviations.  Currently, there are
+					#   Default
+					#   Australia (historical usage)
+					#   India
+					# You can create your own file in
+					# share/timezonesets/.
+#extra_float_digits = 1			# min -15, max 3; any value >0 actually
+					# selects precise output mode
+#client_encoding = sql_ascii		# actually, defaults to database
+					# encoding
+
+# These settings are initialized by initdb, but they can be changed.
+lc_messages = 'C'			# locale for system error message
+					# strings
+lc_monetary = 'C'			# locale for monetary formatting
+lc_numeric = 'C'			# locale for number formatting
+lc_time = 'C'				# locale for time formatting
+
+# default configuration for text search
+default_text_search_config = 'pg_catalog.english'
+
+# - Shared Library Preloading -
+
+#shared_preload_libraries = ''	# (change requires restart)
+#local_preload_libraries = ''
+#session_preload_libraries = ''
+#jit_provider = 'llvmjit'		# JIT library to use
+
+# - Other Defaults -
+
+#dynamic_library_path = '$libdir'
+
+
+#------------------------------------------------------------------------------
+# LOCK MANAGEMENT
+#------------------------------------------------------------------------------
+
+#deadlock_timeout = 1s
+#max_locks_per_transaction = 64		# min 10
+					# (change requires restart)
+#max_pred_locks_per_transaction = 64	# min 10
+					# (change requires restart)
+#max_pred_locks_per_relation = -2	# negative values mean
+					# (max_pred_locks_per_transaction
+					#  / -max_pred_locks_per_relation) - 1
+#max_pred_locks_per_page = 2            # min 0
+
+
+#------------------------------------------------------------------------------
+# VERSION AND PLATFORM COMPATIBILITY
+#------------------------------------------------------------------------------
+
+# - Previous PostgreSQL Versions -
+
+#array_nulls = on
+#backslash_quote = safe_encoding	# on, off, or safe_encoding
+#escape_string_warning = on
+#lo_compat_privileges = off
+#operator_precedence_warning = off
+#quote_all_identifiers = off
+#standard_conforming_strings = on
+#synchronize_seqscans = on
+
+# - Other Platforms and Clients -
+
+#transform_null_equals = off
+
+
+#------------------------------------------------------------------------------
+# ERROR HANDLING
+#------------------------------------------------------------------------------
+
+#exit_on_error = off			# terminate session on any error?
+#restart_after_crash = on		# reinitialize after backend crash?
+#data_sync_retry = off			# retry or panic on failure to fsync
+					# data?
+					# (change requires restart)
+
+
+#------------------------------------------------------------------------------
+# CONFIG FILE INCLUDES
+#------------------------------------------------------------------------------
+
+# These options allow settings to be loaded from files other than the
+# default postgresql.conf.  Note that these are directives, not variable
+# assignments, so they can usefully be given more than once.
+
+#include_dir = '...'			# include files ending in '.conf' from
+					# a directory, e.g., 'conf.d'
+#include_if_exists = '...'		# include file only if it exists
+#include = '...'			# include file
+
+
+#------------------------------------------------------------------------------
+# CUSTOMIZED OPTIONS
+#------------------------------------------------------------------------------
+
+# Add settings for extensions here

lxc-apps/share/install/sahana_conf/000_config.py

@@ -0,0 +1,263 @@
+# -*- coding: utf-8 -*-
+
+"""
+    Machine-specific settings
+    All settings which are typically edited for a specific machine should be done here
+
+    Deployers should ideally not need to edit any other files outside of their template folder
+
+    Note for Developers:
+        /models/000_config.py is NOT in the Git repository, to avoid leaking of
+        sensitive or irrelevant information into the repository.
+    For changes to be committed, please also edit:
+        modules/templates/000_config.py
+"""
+
+# Remove this line when you have edited this file sufficiently to proceed to the web interface
+FINISHED_EDITING_CONFIG_FILE = True
+
+# Select the Template
+# - which Modules are enabled
+# - PrePopulate data
+# - Security Policy
+# - Workflows
+# - Theme
+# - note that you should restart your web2py after changing this setting
+settings.base.template = "SHARE"
+
+# Database settings
+# Uncomment to use a different database, other than sqlite
+settings.database.db_type = "postgres"
+#settings.database.db_type = "mysql"
+# Uncomment to use a different host
+settings.database.host = "share-postgres"
+# Uncomment to use a different port
+#settings.database.port = 3306
+#settings.database.port = 5432
+# Uncomment to select a different name for your database
+settings.database.database = "share"
+# Uncomment to select a different username for your database
+settings.database.username = "share"
+# Uncomment to set the password
+# NB Web2Py doesn't like passwords with an @ in them
+settings.database.password = "${SHARE_PWD}"
+# Uncomment to use a different pool size
+#settings.database.pool_size = 30
+# Do we have a spatial DB available? (currently supports PostGIS. Spatialite to come.)
+settings.gis.spatialdb = True
+
+# Base settings
+settings.base.system_name = T("Sahana Relief and Rehabilitation ")
+settings.base.system_name_short = T("SHARE")
+# Set this to the Public URL of the instance
+settings.base.public_url = "https://share.spotter.vm"
+
+# Switch to "False" in Production for a Performance gain
+# (need to set to "True" again when Table definitions are changed)
+settings.base.migrate = True
+# To just create the .table files (also requires migrate=True):
+#settings.base.fake_migrate = True
+
+# Set this to True to switch to Debug mode
+# Debug mode means that uncompressed CSS/JS files are loaded
+# JS Debug messages are also available in the Console
+# can also load an individual page in debug mode by appending URL with
+# ?debug=1
+settings.base.debug = True
+
+# Uncomment this to prevent automated test runs from remote
+# settings.base.allow_testing = False
+
+# Configure the log level ("DEBUG", "INFO", "WARNING", "ERROR" or "CRITICAL"), None = turn off logging (default)
+#settings.log.level = "ERROR" # DEBUG set automatically when base.debug is True
+# Uncomment to prevent writing log messages to the console (sys.stderr)
+#settings.log.console = False
+# Configure a log file (file name)
+#settings.log.logfile = None
+# Uncomment to get detailed caller information
+#settings.log.caller_info = True
+
+# Uncomment to use Content Delivery Networks to speed up Internet-facing sites
+#settings.base.cdn = True
+
+# Allow language files to be updated automatically
+#settings.L10n.languages_readonly = False
+
+# This setting should be changed _before_ registering the 1st user
+# - should happen automatically if installing using supported scripts
+settings.auth.hmac_key = "${SHARE_HMAC}"
+
+# If using Masterkey Authentication, then set this to a deployment-specific 32 char string:
+#settings.auth.masterkey_app_key = "randomstringrandomstringrandomstring"
+
+# Minimum Password Length
+#settings.auth.password_min_length = 8
+
+# Email settings
+# Outbound server
+settings.mail.server = "host:25"
+#settings.mail.tls = True
+# Useful for Windows Laptops:
+# https://www.google.com/settings/security/lesssecureapps
+#settings.mail.server = "smtp.gmail.com:587"
+#settings.mail.tls = True
+#settings.mail.login = "username:password"
+# From Address - until this is set, no mails can be sent
+settings.mail.sender = "${SHARE_ADMIN_USER}"
+# Default email address to which requests to approve new user accounts gets sent
+# This can be overridden for specific domains/organisations via the auth_domain table
+settings.mail.approver = "${SHARE_ADMIN_USER}"
+# Daily Limit on Sending of emails
+#settings.mail.limit = 1000
+
+# Frontpage settings
+# RSS feeds
+settings.frontpage.rss = [
+    {"title": "Eden",
+     # Trac timeline
+     "url": "http://eden.sahanafoundation.org/timeline?ticket=on&changeset=on&milestone=on&wiki=on&max=50&daysback=90&format=rss"
+    },
+    {"title": "Twitter",
+     # @SahanaFOSS
+     #"url": "https://search.twitter.com/search.rss?q=from%3ASahanaFOSS" # API v1 deprecated, so doesn't work, need to use 3rd-party service, like:
+     "url": "http://www.rssitfor.me/getrss?name=@SahanaFOSS"
+     # Hashtag
+     #url: "http://search.twitter.com/search.atom?q=%23eqnz" # API v1 deprecated, so doesn't work, need to use 3rd-party service, like:
+     #url: "http://api2.socialmention.com/search?q=%23eqnz&t=all&f=rss"
+    }
+]
+
+# Uncomment to restrict to specific country/countries
+#settings.gis.countries= ("LK",)
+
+# Uncomment to enable a guided tour
+#settings.base.guided_tour = True
+
+# Bing API Key (for Map layers)
+# http://www.microsoft.com/maps/create-a-bing-maps-key.aspx
+#settings.gis.api_bing = ""
+# Google API Key (for Google Maps Layers)
+settings.gis.api_google = ""
+# Yahoo API Key (for Geocoder)
+#settings.gis.api_yahoo = ""
+
+# GeoNames username
+#settings.gis.geonames_username = ""
+
+# Fill this in to get Google Analytics for your site
+#settings.base.google_analytics_tracking_id = ""
+
+# Chat server, see: http://eden.sahanafoundation.org/wiki/InstallationGuidelines/Chat
+#settings.base.chat_server = {
+#   "ip": "127.0.0.1",
+#   "port": 7070,
+#   "name": "servername",
+#	# Default group everyone is added to
+#   "groupname" : "everyone",
+#   "server_db" : "openfire",
+#   # These settings fallback to main DB settings if not specified
+#   # Only mysql/postgres supported
+#   #"server_db_type" : "mysql",
+#   #"server_db_username" : "",
+#   #"server_db_password": "",
+#   #"server_db_port" : 3306,
+#   #"server_db_ip" : "127.0.0.1",
+#   }
+
+# GeoServer (Currently used by GeoExplorer. Will allow REST control of GeoServer.)
+# NB Needs to be publically-accessible URL for querying via client JS
+#settings.gis.geoserver_url = "http://localhost/geoserver"
+#settings.gis.geoserver_username = "admin"
+#settings.gis.geoserver_password = ""
+# Print Service URL: http://eden.sahanafoundation.org/wiki/BluePrintGISPrinting
+#settings.gis.print_service = "/geoserver/pdf/"
+
+# Google OAuth (to allow users to login using Google)
+# https://code.google.com/apis/console/
+#settings.auth.google_id = ""
+#settings.auth.google_secret = ""
+
+# Pootle server
+# settings.L10n.pootle_url = "http://pootle.sahanafoundation.org/"
+# settings.L10n.pootle_username = "username"
+# settings.L10n.pootle_password = "*****"
+
+# SOLR server for Full-Text Search
+#settings.base.solr_url = "http://127.0.0.1:8983/solr/"
+
+# Memcache server to allow sharing of sessions across instances
+#settings.base.session_memcache = '127.0.0.1:11211'
+
+settings.base.session_db = True
+
+# UI options
+# Should user be prompted to save before navigating away?
+#settings.ui.navigate_away_confirm = False
+# Should user be prompted to confirm actions?
+#settings.ui.confirm = False
+# Should potentially large dropdowns be turned into autocompletes?
+# (unused currently)
+#settings.ui.autocomplete = True
+#settings.ui.read_label = "Details"
+#settings.ui.update_label = "Edit"
+
+# Audit settings
+# - can be a callable for custom hooks (return True to also perform normal logging, or False otherwise)
+# NB Auditing (especially Reads) slows system down & consumes diskspace
+#settings.security.audit_write = False
+#settings.security.audit_read = False
+
+# Performance Options
+# Maximum number of search results for an Autocomplete Widget
+#settings.search.max_results = 200
+# Maximum number of features for a Map Layer
+#settings.gis.max_features = 1000
+
+# CAP Settings
+# Change for different authority and organisations
+# See http://alerting.worldweather.org/ for oid
+# Country root oid. The oid for the organisation includes this base
+#settings.cap.identifier_oid = "2.49.0.0.608.0"
+# Set the period (in days) after which alert info segments expire (default=2)
+#settings.cap.info_effective_period = 2
+
+# =============================================================================
+# Import the settings from the Template
+# - note: invalid settings are ignored
+#
+settings.import_template()
+
+# =============================================================================
+# Over-rides to the Template may be done here
+#
+
+# e.g.
+#settings.base.system_name = T("Sahana TEST")
+#settings.base.prepopulate = ("MY_TEMPLATE_ONLY")
+#settings.base.prepopulate += ("default", "default/users")
+#settings.base.theme = "default"
+settings.L10n.default_language = "cs"
+#settings.security.policy = 7 # Organisation-ACLs
+# Enable Additional Module(s)
+#from gluon.storage import Storage
+#settings.modules["delphi"] = Storage(
+#        name_nice = T("Delphi Decision Maker"),
+#        restricted = False,
+#        module_type = 10,
+#    )
+# Disable a module which is normally used by the template
+# - NB Only templates with adaptive menus will work nicely with this!
+#del settings.modules["irs"]
+
+# Production instances should set this before prepopulate is run
+#settings.base.prepopulate_demo = 0
+
+# After 1st_run, set this for Production to save 1x DAL hit/request
+#settings.base.prepopulate = 0
+
+# =============================================================================
+# A version number to tell update_check if there is a need to refresh the
+# running copy of this file
+VERSION = 1
+
+# END =========================================================================

lxc-apps/share/install/sahana_conf/00_settings.py

@@ -0,0 +1,318 @@
+# -*- coding: utf-8 -*-
+
+"""
+    Global settings:
+
+    Those which are typically edited during a deployment are in
+    000_config.py & their results parsed into here. Deployers
+    shouldn't typically need to edit any settings here.
+"""
+
+# Keep all our configuration options off the main global variables
+
+# Use response.s3 for one-off variables which are visible in views without explicit passing
+s3.formats = Storage()
+
+# Workaround for this Bug in Selenium with FF4:
+#    http://code.google.com/p/selenium/issues/detail?id=1604
+s3.interactive = settings.get_ui_confirm()
+
+s3.base_url = "%s/%s" % (settings.get_base_public_url(),
+                         appname)
+s3.download_url = "%s/default/download" % s3.base_url
+
+# -----------------------------------------------------------------------------
+# Client tests
+
+# Check whether browser is Mobile & store result in session
+# - commented-out until we make use of it
+#if session.s3.mobile is None:
+#    session.s3.mobile = s3base.s3_is_mobile_client(request)
+#if session.s3.browser is None:
+#    session.s3.browser = s3base.s3_populate_browser_compatibility(request)
+
+# -----------------------------------------------------------------------------
+# Global variables
+
+# Strings to i18n
+# Common Labels
+#messages["BREADCRUMB"] = ">> "
+messages["UNKNOWN_OPT"] = ""
+messages["NONE"] = ""
+messages["OBSOLETE"] = "Obsolete"
+messages["READ"] = settings.get_ui_label_read()
+messages["UPDATE"] = settings.get_ui_label_update()
+messages["DELETE"] = "Delete"
+messages["COPY"] = "Copy"
+messages["NOT_APPLICABLE"] = "N/A"
+messages["ADD_PERSON"] = "Create a Person"
+messages["ADD_LOCATION"] = "Create Location"
+messages["SELECT_LOCATION"] = "Select a location"
+messages["COUNTRY"] = "Country"
+messages["ORGANISATION"] = "Organization"
+messages["AUTOCOMPLETE_HELP"] = "Enter some characters to bring up a list of possible matches"
+
+for u in messages:
+    if isinstance(messages[u], str):
+        globals()[u] = T(messages[u])
+
+# CRUD Labels
+s3.crud_labels = Storage(READ=READ,
+                         UPDATE=UPDATE,
+                         DELETE=DELETE,
+                         COPY=COPY,
+                         NONE=NONE,
+                         )
+
+# Error Messages
+ERROR["BAD_RECORD"] = "Record not found!"
+ERROR["BAD_METHOD"] = "Unsupported method!"
+ERROR["BAD_FORMAT"] = "Unsupported data format!"
+ERROR["BAD_REQUEST"] = "Invalid request"
+ERROR["BAD_SOURCE"] = "Invalid source"
+ERROR["BAD_TEMPLATE"] = "XSLT stylesheet not found"
+ERROR["BAD_RESOURCE"] = "Nonexistent or invalid resource"
+ERROR["DATA_IMPORT_ERROR"] = "Data import error"
+ERROR["INTEGRITY_ERROR"] = "Integrity error: record can not be deleted while it is referenced by other records"
+ERROR["METHOD_DISABLED"] = "Method disabled"
+ERROR["NO_MATCH"] = "No matching element found in the data source"
+ERROR["NOT_IMPLEMENTED"] = "Not implemented"
+ERROR["NOT_PERMITTED"] = "Operation not permitted"
+ERROR["PARSE_ERROR"] = "XML parse error"
+ERROR["TRANSFORMATION_ERROR"] = "XSLT transformation error"
+ERROR["UNAUTHORISED"] = "Not Authorized"
+ERROR["VALIDATION_ERROR"] = "Validation error"
+
+# To get included in <HEAD>
+s3.stylesheets = []
+s3.external_stylesheets = []
+# To get included at the end of <BODY>
+s3.scripts = []
+s3.scripts_modules = []
+s3.js_global = []
+s3.jquery_ready = []
+
+# -----------------------------------------------------------------------------
+# Languages
+
+s3.l10n_languages = settings.get_L10n_languages()
+
+# Default strings are in US English
+T.current_languages = ("en", "en-us")
+# Check if user has selected a specific language
+if get_vars._language:
+    language = get_vars._language
+    session.s3.language = language
+elif session.s3.language:
+    # Use the last-selected language
+    language = session.s3.language
+elif auth.is_logged_in():
+    # Use user preference
+    language = auth.user.language
+else:
+    # Use system default
+    language = settings.get_L10n_default_language()
+#else:
+#    # Use what browser requests (default web2py behaviour)
+#    T.force(T.http_accept_language)
+
+# IE doesn't set request.env.http_accept_language
+#if language != "en":
+T.force(language)
+
+# Store for views (e.g. Ext)
+if language.find("-") == -1:
+    # Ext peculiarities
+    if language == "vi":
+        s3.language = "vn"
+    elif language == "el":
+        s3.language = "el_GR"
+    else:
+        s3.language = language
+else:
+    lang_parts = language.split("-")
+    s3.language = "%s_%s" % (lang_parts[0], lang_parts[1].upper())
+
+# List of Languages which use a Right-to-Left script (Arabic, Hebrew, Farsi, Urdu)
+if language in ("ar", "prs", "ps", "ur"):
+    s3.rtl = True
+else:
+    s3.rtl = False
+
+# -----------------------------------------------------------------------------
+# Auth
+
+_settings = auth.settings
+_settings.lock_keys = False
+
+_settings.expiration = 28800  # seconds
+
+if settings.get_auth_openid():
+    # Requires http://pypi.python.org/pypi/python-openid/
+    try:
+        from gluon.contrib.login_methods.openid_auth import OpenIDAuth
+        openid_login_form = OpenIDAuth(auth)
+        from gluon.contrib.login_methods.extended_login_form import ExtendedLoginForm
+        _settings.login_form = ExtendedLoginForm(auth, openid_login_form,
+                                                 signals=["oid", "janrain_nonce"])
+    except ImportError:
+        session.warning = "Library support not available for OpenID"
+
+# Allow use of LDAP accounts for login
+# NB Currently this means that change password should be disabled:
+#_settings.actions_disabled.append("change_password")
+# (NB These are not automatically added to PR or to Authenticated role since they enter via the login() method not register())
+#from gluon.contrib.login_methods.ldap_auth import ldap_auth
+# Require even alternate login methods to register users 1st
+#_settings.alternate_requires_registration = True
+# Active Directory
+#_settings.login_methods.append(ldap_auth(mode="ad", server="dc.domain.org", base_dn="ou=Users,dc=domain,dc=org"))
+# or if not wanting local users at all (no passwords saved within DB):
+#_settings.login_methods = [ldap_auth(mode="ad", server="dc.domain.org", base_dn="ou=Users,dc=domain,dc=org")]
+# Domino
+#_settings.login_methods.append(ldap_auth(mode="domino", server="domino.domain.org"))
+# OpenLDAP
+#_settings.login_methods.append(ldap_auth(server="directory.sahanafoundation.org", base_dn="ou=users,dc=sahanafoundation,dc=org"))
+# Allow use of Email accounts for login
+#_settings.login_methods.append(email_auth("smtp.gmail.com:587", "@gmail.com"))
+
+# Require captcha verification for registration
+#auth.settings.captcha = RECAPTCHA(request, public_key="PUBLIC_KEY", private_key="PRIVATE_KEY")
+# Require Email Verification
+_settings.registration_requires_verification = settings.get_auth_registration_requires_verification()
+_settings.on_failed_authorization = URL(c="default", f="user",
+                                        args="not_authorized")
+_settings.reset_password_requires_verification = True
+_settings.verify_email_next = URL(c="default", f="index")
+
+# Require Admin approval for self-registered users
+_settings.registration_requires_approval = settings.get_auth_registration_requires_approval()
+
+# We don't wish to clutter the groups list with 1 per user.
+_settings.create_user_groups = False
+# We need to allow basic logins for Webservices
+_settings.allow_basic_login = True
+
+_settings.logout_onlogout = s3_auth_on_logout
+_settings.login_onaccept = s3_auth_on_login
+# Now read in auth.login() to avoid setting unneccesarily in every request
+#_settings.login_next = settings.get_auth_login_next()
+if settings.has_module("vol") and \
+   settings.get_auth_registration_volunteer():
+    _settings.register_next = URL(c="vol", f="person")
+
+# Languages available in User Profiles
+#if len(s3.l10n_languages) > 1:
+#    _settings.table_user.language.requires = s3base.IS_ISO639_2_LANGUAGE_CODE(sort = True,
+#                                                                              translate = True,
+#                                                                              zero = None,
+#                                                                              )
+#else:
+#    field = _settings.table_user.language
+#    field.default = s3.l10n_languages.keys()[0]
+#    field.readable = False
+#    field.writable = False
+
+_settings.lock_keys = True
+
+# -----------------------------------------------------------------------------
+# Mail
+
+# These settings could be made configurable as part of the Messaging Module
+# - however also need to be used by Auth (order issues)
+sender = settings.get_mail_sender()
+if sender:
+    mail.settings.sender = sender
+    mail.settings.server = settings.get_mail_server()
+    mail.settings.tls = settings.get_mail_server_tls()
+    mail_server_login = settings.get_mail_server_login()
+    if mail_server_login:
+        mail.settings.login = mail_server_login
+    # Email settings for registration verification and approval
+    _settings.mailer = mail
+
+# -----------------------------------------------------------------------------
+# Session
+
+# Custom Notifications
+response.error = session.error
+response.confirmation = session.confirmation
+response.information = session.information
+response.warning = session.warning
+session.error = []
+session.confirmation = []
+session.information = []
+session.warning = []
+
+# Shortcuts for system role IDs, see modules/s3aaa.py/AuthS3
+#system_roles = auth.get_system_roles()
+#ADMIN = system_roles.ADMIN
+#AUTHENTICATED = system_roles.AUTHENTICATED
+#ANONYMOUS = system_roles.ANONYMOUS
+#EDITOR = system_roles.EDITOR
+#MAP_ADMIN = system_roles.MAP_ADMIN
+#ORG_ADMIN = system_roles.ORG_ADMIN
+#ORG_GROUP_ADMIN = system_roles.ORG_GROUP_ADMIN
+
+if s3.debug:
+    # Add the developer toolbar from modules/s3/s3utils.py
+    s3.toolbar = s3base.s3_dev_toolbar
+
+# -----------------------------------------------------------------------------
+# CRUD
+
+s3_formstyle = settings.get_ui_formstyle()
+s3_formstyle_read = settings.get_ui_formstyle_read()
+s3_formstyle_mobile = s3_formstyle
+submit_button = T("Save")
+s3_crud = s3.crud
+s3_crud.formstyle = s3_formstyle
+s3_crud.formstyle_read = s3_formstyle_read
+s3_crud.submit_button = submit_button
+# Optional class for Submit buttons
+#s3_crud.submit_style = "submit-button"
+s3_crud.confirm_delete = T("Do you really want to delete these records?")
+s3_crud.archive_not_delete = settings.get_security_archive_not_delete()
+s3_crud.navigate_away_confirm = settings.get_ui_navigate_away_confirm()
+
+# Content Type Headers, default is application/xml for XML formats
+# and text/x-json for JSON formats, other content types must be
+# specified here:
+s3.content_type = Storage(
+    tc = "application/atom+xml", # TableCast feeds
+    rss = "application/rss+xml", # RSS
+    georss = "application/rss+xml", # GeoRSS
+    kml = "application/vnd.google-earth.kml+xml", # KML
+)
+
+# JSON Formats
+s3.json_formats = ["geojson", "s3json"]
+
+# CSV Formats
+s3.csv_formats = ["hrf", "s3csv"]
+
+# Datatables default number of rows per page
+s3.ROWSPERPAGE = 20
+
+# Valid Extensions for Image Upload fields
+s3.IMAGE_EXTENSIONS = ["png", "PNG", "jpg", "JPG", "jpeg", "JPEG"]
+
+# Default CRUD strings
+s3.crud_strings = Storage(
+    label_create = T("Add Record"),
+    title_display = T("Record Details"),
+    title_list = T("Records"),
+    title_update = T("Edit Record"),
+    title_map = T("Map"),
+    title_report = T("Report"),
+    label_list_button = T("List Records"),
+    label_delete_button = T("Delete Record"),
+    msg_record_created = T("Record added"),
+    msg_record_modified = T("Record updated"),
+    msg_record_deleted = T("Record deleted"),
+    msg_list_empty = T("No Records currently available"),
+    msg_match = T("Matching Records"),
+    msg_no_match = T("No Matching Records"),
+    )
+
+# END =========================================================================

lxc-apps/share/install/sahana_data/masterUsers.csv

@@ -0,0 +1,2 @@
+First Name,Last Name,Email,Password,Role,Organisation
+Admin,User,${SHARE_ADMIN_USER},${SHARE_ADMIN_PWD},ADMIN,

lxc-apps/share/install/update-conf.sh

@@ -0,0 +1,14 @@
+#!/bin/sh
+
+# Volumes
+SAHANA_CONF="${VOLUMES_DIR}/share/sahana_conf"
+
+# Variables
+HTTP_HOST="${HOST}"
+[ "${PORT}" != "443" ] && HTTP_HOST="${HTTP_HOST}:${PORT}"
+
+# Replacements
+sed -i "s|\(^settings\.base\.public_url = \).*|\1\"https://${HTTP_HOST}\"|" ${SAHANA_CONF}/000_config.py
+sed -i "s|\(^settings\.mail\.sender = \).*|\1\"${EMAIL}\"|" ${SAHANA_CONF}/000_config.py
+sed -i "s|\(^settings\.mail\.approver = \).*|\1\"${EMAIL}\"|" ${SAHANA_CONF}/000_config.py
+sed -i "s|\(^settings\.gis\.api_google = \).*|\1\"${GMAPS_API_KEY}\"|" ${SAHANA_CONF}/000_config.py

lxc-apps/share/uninstall.sh

@@ -0,0 +1,8 @@
+#!/bin/sh
+set -ev
+
+# Remove persistent data
+rm -rf "${VOLUMES_DIR}/share"
+
+# Unregister application
+vmmgr unregister-app share