commit 91f4f6128766aff92a94e9e0b6d964bf80f2e39f Author: EC2 Default User Date: Mon Jan 27 15:21:57 2025 +0000 First commit diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..9f38df6 --- /dev/null +++ b/.gitignore @@ -0,0 +1,78 @@ +# Byte-compiled / optimized / DLL files +__pycache__/ +*.py[cod] + +# C extensions +*.so + +# Distribution / packaging +.Python +env/ +build/ +develop-eggs/ +dist/ +downloads/ +eggs/ +.eggs/ +lib/ +lib64/ +parts/ +sdist/ +var/ +*.egg-info/ +.installed.cfg +*.egg + +# PyInstaller +# Usually these files are written by a python script from a template +# before PyInstaller builds the exe, so as to inject date/other infos into it. +*.manifest +*.spec + +# Installer logs +pip-log.txt +pip-delete-this-directory.txt + +# Unit test / coverage reports +htmlcov/ +.tox/ +.coverage +.coverage.* +.cache +nosetests.xml +coverage.xml +*,cover + +# Translations +*.mo +*.pot + +# Django stuff: +*.log + +# Sphinx documentation +docs/_build/ + +# PyBuilder +target/ + +test.db + +# Environments +.venv/ + +# Logs +logs/ + +# Invenio-cli per machine file +.invenio.private + +# S3 default bucket location +data/default/* +data/.minio.sys + +# Celery +celerybeat-schedule + +# Configuration secrets +secrets.toml diff --git a/README.md b/README.md new file mode 100644 index 0000000..9d1be9f --- /dev/null +++ b/README.md @@ -0,0 +1,49 @@ +# AM-D-Model Data Repository + +Welcome to your InvenioRDM instance. + +## Getting started + +Run the following commands in order to start your new InvenioRDM instance: + +```console +invenio-cli containers start --lock --build --setup +``` + +The above command first builds the application docker image and afterwards +starts the application and related services (database, Opensearch, Redis +and RabbitMQ). The build and boot process will take some time to complete, +especially the first time as docker images have to be downloaded during the +process. + +Once running, visit https://127.0.0.1 in your browser. + +**Note**: The server is using a self-signed SSL certificate, so your browser +will issue a warning that you will have to by-pass. + +## Overview + +Following is an overview of the generated files and folders: + +| Name | Description | +|---|---| +| ``Dockerfile`` | Dockerfile used to build your application image. | +| ``Pipfile`` | Python requirements installed via [pipenv](https://pipenv.pypa.io) | +| ``Pipfile.lock`` | Locked requirements (generated on first install). | +| ``app_data`` | Application data such as vocabularies. | +| ``assets`` | Web assets (CSS, JavaScript, LESS, JSX templates) used in the Webpack build. | +| ``docker`` | Example configuration for NGINX and uWSGI. | +| ``docker-compose.full.yml`` | Example of a full infrastructure stack. | +| ``docker-compose.yml`` | Backend services needed for local development. | +| ``docker-services.yml`` | Common services for the Docker Compose files. | +| ``invenio.cfg`` | The Invenio application configuration. | +| ``logs`` | Log files. | +| ``static`` | Static files that need to be served as-is (e.g. images). | +| ``templates`` | Folder for your Jinja templates. | +| ``.invenio`` | Common file used by Invenio-CLI to be version controlled. | +| ``.invenio.private`` | Private file used by Invenio-CLI *not* to be version controlled. | + +## Documentation + +To learn how to configure, customize, deploy and much more, visit +the [InvenioRDM Documentation](https://inveniordm.docs.cern.ch/). diff --git a/invenio.cfg b/invenio.cfg new file mode 100644 index 0000000..f67f667 --- /dev/null +++ b/invenio.cfg @@ -0,0 +1,231 @@ +""" +InvenioRDM settings for AM-D-Model Data Repository project. + +This file was automatically generated by 'invenio-cli init'. + +For the full list of settings and their values, see +https://inveniordm.docs.cern.ch/reference/configuration/. +""" + +from datetime import datetime +from invenio_i18n import lazy_gettext as _ + + +def _(x): # needed to avoid start time failure with lazy strings + return x + +# Custom function and constant to manage secrets more easily +def read_secrets(): + import tomli + with open("secrets.toml", "rb") as f: + return tomli.load(f) + +SECRETS = read_secrets() + +# Flask +# ===== +# See https://flask.palletsprojects.com/en/1.1.x/config/ + +# Define the value of the cache control header `max-age` returned by the server when serving +# public files. Files will be cached by the browser for the provided number of seconds. +# See flask documentation for more information: +# https://flask.palletsprojects.com/en/2.1.x/config/#SEND_FILE_MAX_AGE_DEFAULT +SEND_FILE_MAX_AGE_DEFAULT = 300 + +# SECURITY WARNING: keep the secret key used in production secret! +# Do not commit it to a source code repository. +# TODO: Set +SECRET_KEY=SECRETS["SECRET_KEY"] + +# Since HAProxy and Nginx route all requests no matter the host header +# provided, the allowed hosts variable is set to localhost. In production it +# should be set to the correct host and it is strongly recommended to only +# route correct hosts to the application. +APP_ALLOWED_HOSTS = ['0.0.0.0', 'localhost', '127.0.0.1', 'am-d-modeleu-caddy-1'] + + +# Flask-SQLAlchemy +# ================ +# See https://flask-sqlalchemy.palletsprojects.com/en/2.x/config/ + +# TODO: Set +SQLALCHEMY_DATABASE_URI="postgresql+psycopg2://am-d-model-data-repository:am-d-model-data-repository@localhost/am-d-model-data-repository" + + +# Invenio-App +# =========== +# See https://invenio-app.readthedocs.io/en/latest/configuration.html + +APP_DEFAULT_SECURE_HEADERS = { + 'content_security_policy': { + 'default-src': [ + "'self'", + 'data:', # for fonts + "'unsafe-inline'", # for inline scripts and styles + "blob:", # for pdf preview + # Add your own policies here (e.g. analytics) + ], + }, + 'content_security_policy_report_only': False, + 'content_security_policy_report_uri': None, + 'force_file_save': False, + 'force_https': True, + 'force_https_permanent': False, + 'frame_options': 'sameorigin', + 'frame_options_allow_from': None, + 'session_cookie_http_only': True, + 'session_cookie_secure': True, + 'strict_transport_security': True, + 'strict_transport_security_include_subdomains': True, + 'strict_transport_security_max_age': 31556926, # One year in seconds + 'strict_transport_security_preload': False, +} + + +# Flask-Babel +# =========== +# See https://python-babel.github.io/flask-babel/#configuration + +# Default locale (language) +BABEL_DEFAULT_LOCALE = 'en_IE' +# Default time zone +BABEL_DEFAULT_TIMEZONE = 'Europe/Dublin' + + +# Invenio-I18N +# ============ +# See https://invenio-i18n.readthedocs.io/en/latest/configuration.html + +# Other supported languages (do not include BABEL_DEFAULT_LOCALE in list). +I18N_LANGUAGES = [ + ('de', _('German')), + ('fr', _('French')), + ('es', _('Spanish')), + ('it', _('Italian')), + # ('tr', _('Turkish')), +] + + +# Invenio-Theme +# ============= +# See https://invenio-theme.readthedocs.io/en/latest/configuration.html + +# Name used in header and UI +THEME_SITENAME = "AM-D-Model Data Repository" +# Frontpage title +THEME_FRONTPAGE_TITLE = "AM-D-Model Data Repository" +# Header logo +THEME_LOGO = 'images/invenio-rdm.svg' + + +# Invenio-App-RDM +# =============== +# See https://github.com/inveniosoftware/invenio-app-rdm/blob/master/invenio_app_rdm/config.py + +# Instance's theme entrypoint file. Path relative to the ``assets/`` folder. +INSTANCE_THEME_FILE = './less/theme.less' + +# Email address for administrator emails (like file checksum alerts) +APP_RDM_ADMIN_EMAIL_RECIPIENT = "repo@am-d-model.eu" + +# Default values for the deposit form +APP_RDM_DEPOSIT_FORM_DEFAULTS = { + "publication_date": lambda: datetime.now().strftime("%Y-%m-%d"), + "rights": [ + { + "id": "cc-by-4.0", + "title": "Creative Commons Attribution 4.0 International", + "description": ("The Creative Commons Attribution license allows " + "re-distribution and re-use of a licensed work " + "on the condition that the creator is " + "appropriately credited."), + "link": "https://creativecommons.org/licenses/by/4.0/legalcode", + } + ], + "publisher": "AM-D-Model Data Repository", +} + +APP_RDM_DEPOSIT_FORM_AUTOCOMPLETE_NAMES = 'search' # "search_only" or "off" + +# Invenio-Files-Rest +# ================== +FILES_REST_STORAGE_FACTORY='invenio_s3.s3fs_storage_factory' + +# Invenio-S3 +# ========== +S3_ENDPOINT_URL='http://localhost:9000/' +S3_ACCESS_KEY_ID='CHANGE_ME' +S3_SECRET_ACCESS_KEY='CHANGE_ME' + +# Allow S3 endpoint in the CSP rules +APP_DEFAULT_SECURE_HEADERS['content_security_policy']['default-src'].append( + S3_ENDPOINT_URL +) + +# Invenio-Records-Resources +# ========================= +# See https://github.com/inveniosoftware/invenio-records-resources/blob/master/invenio_records_resources/config.py + +# TODO: Set with your own hostname when deploying to production +SITE_UI_URL = "https://am-d-model.eu/repo" + +SITE_API_URL = "https://am-d-model.eu/repo/api" + +# Invenio-RDM-Records +# =================== +# See https://inveniordm.docs.cern.ch/customize/dois/ +DATACITE_ENABLED = False +DATACITE_USERNAME = "" +DATACITE_PASSWORD = "" +DATACITE_PREFIX = "" +DATACITE_TEST_MODE = True +DATACITE_DATACENTER_SYMBOL = "" + +# Authentication - Invenio-Accounts and Invenio-OAuthclient +# ========================================================= +# See: https://inveniordm.docs.cern.ch/customize/authentication/ + +# Invenio-Accounts +# ---------------- +# See https://github.com/inveniosoftware/invenio-accounts/blob/master/invenio_accounts/config.py +ACCOUNTS_LOCAL_LOGIN_ENABLED = True # enable local login +SECURITY_REGISTERABLE = True # local login: allow users to register +SECURITY_RECOVERABLE = True # local login: allow users to reset the password +SECURITY_CHANGEABLE = True # local login: allow users to change psw +SECURITY_CONFIRMABLE = True # local login: users can confirm e-mail address +SECURITY_LOGIN_WITHOUT_CONFIRMATION = False # require users to confirm email before being able to login + +# Invenio-OAuthclient +# ------------------- +# See https://github.com/inveniosoftware/invenio-oauthclient/blob/master/invenio_oauthclient/config.py + +OAUTHCLIENT_REMOTE_APPS = {} # configure external login providers + +from invenio_oauthclient.views.client import auto_redirect_login +ACCOUNTS_LOGIN_VIEW_FUNCTION = auto_redirect_login # autoredirect to external login if enabled +OAUTHCLIENT_AUTO_REDIRECT_TO_EXTERNAL_LOGIN = False # autoredirect to external login + +# Invenio-UserProfiles +# -------------------- +USERPROFILES_READ_ONLY = False # allow users to change profile info (name, email, etc...) + +# OAI-PMH +# ======= +# See https://github.com/inveniosoftware/invenio-oaiserver/blob/master/invenio_oaiserver/config.py + +OAISERVER_ID_PREFIX = "am-d-model.eu" +"""The prefix that will be applied to the generated OAI-PMH ids.""" +OAISERVER_ADMIN_EMAILS = [ + "repo@am-d-model.eu", +] + +# Invenio-Search +# -------------- + +SEARCH_INDEX_PREFIX = "am-d-model-data-repository-" + +# Invenio-Users-Resources +# ----------------------- + +USERS_RESOURCES_ADMINISTRATION_ENABLED = True +"""Enable the user administration"""