First commit

.gitignore

@@ -0,0 +1,78 @@
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[cod]
+
+# C extensions
+*.so
+
+# Distribution / packaging
+.Python
+env/
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+*.egg-info/
+.installed.cfg
+*.egg
+
+# PyInstaller
+#  Usually these files are written by a python script from a template
+#  before PyInstaller builds the exe, so as to inject date/other infos into it.
+*.manifest
+*.spec
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*,cover
+
+# Translations
+*.mo
+*.pot
+
+# Django stuff:
+*.log
+
+# Sphinx documentation
+docs/_build/
+
+# PyBuilder
+target/
+
+test.db
+
+# Environments
+.venv/
+
+# Logs
+logs/
+
+# Invenio-cli per machine file
+.invenio.private
+
+# S3 default bucket location
+data/default/*
+data/.minio.sys
+
+# Celery
+celerybeat-schedule
+
+# Configuration secrets
+secrets.toml

README.md

@@ -0,0 +1,49 @@
+# AM-D-Model Data Repository
+
+Welcome to your InvenioRDM instance.
+
+## Getting started
+
+Run the following commands in order to start your new InvenioRDM instance:
+
+```console
+invenio-cli containers start --lock --build --setup
+```
+
+The above command first builds the application docker image and afterwards
+starts the application and related services (database, Opensearch, Redis
+and RabbitMQ). The build and boot process will take some time to complete,
+especially the first time as docker images have to be downloaded during the
+process.
+
+Once running, visit https://127.0.0.1 in your browser.
+
+**Note**: The server is using a self-signed SSL certificate, so your browser
+will issue a warning that you will have to by-pass.
+
+## Overview
+
+Following is an overview of the generated files and folders:
+
+| Name | Description |
+|---|---|
+| ``Dockerfile`` | Dockerfile used to build your application image. |
+| ``Pipfile`` | Python requirements installed via [pipenv](https://pipenv.pypa.io) |
+| ``Pipfile.lock`` | Locked requirements (generated on first install). |
+| ``app_data`` | Application data such as vocabularies. |
+| ``assets`` | Web assets (CSS, JavaScript, LESS, JSX templates) used in the Webpack build. |
+| ``docker`` | Example configuration for NGINX and uWSGI. |
+| ``docker-compose.full.yml`` | Example of a full infrastructure stack. |
+| ``docker-compose.yml`` | Backend services needed for local development. |
+| ``docker-services.yml`` | Common services for the Docker Compose files. |
+| ``invenio.cfg`` | The Invenio application configuration. |
+| ``logs`` | Log files. |
+| ``static`` | Static files that need to be served as-is (e.g. images). |
+| ``templates`` | Folder for your Jinja templates. |
+| ``.invenio`` | Common file used by Invenio-CLI to be version controlled. |
+| ``.invenio.private`` | Private file used by Invenio-CLI *not* to be version controlled. |
+
+## Documentation
+
+To learn how to configure, customize, deploy and much more, visit
+the [InvenioRDM Documentation](https://inveniordm.docs.cern.ch/).

invenio.cfg

@@ -0,0 +1,231 @@
+"""
+InvenioRDM settings for AM-D-Model Data Repository project.
+
+This file was automatically generated by 'invenio-cli init'.
+
+For the full list of settings and their values, see
+https://inveniordm.docs.cern.ch/reference/configuration/.
+"""
+
+from datetime import datetime
+from invenio_i18n import lazy_gettext as _
+
+
+def _(x):  # needed to avoid start time failure with lazy strings
+    return x
+
+# Custom function and constant to manage secrets more easily
+def read_secrets():
+    import tomli
+    with open("secrets.toml", "rb") as f:
+        return tomli.load(f)
+
+SECRETS = read_secrets()
+
+# Flask
+# =====
+# See https://flask.palletsprojects.com/en/1.1.x/config/
+
+# Define the value of the cache control header `max-age` returned by the server when serving
+# public files. Files will be cached by the browser for the provided number of seconds.
+# See flask documentation for more information:
+# https://flask.palletsprojects.com/en/2.1.x/config/#SEND_FILE_MAX_AGE_DEFAULT
+SEND_FILE_MAX_AGE_DEFAULT = 300
+
+# SECURITY WARNING: keep the secret key used in production secret!
+# Do not commit it to a source code repository.
+# TODO: Set
+SECRET_KEY=SECRETS["SECRET_KEY"]
+
+# Since HAProxy and Nginx route all requests no matter the host header
+# provided, the allowed hosts variable is set to localhost. In production it
+# should be set to the correct host and it is strongly recommended to only
+# route correct hosts to the application.
+APP_ALLOWED_HOSTS = ['0.0.0.0', 'localhost', '127.0.0.1', 'am-d-modeleu-caddy-1']
+
+
+# Flask-SQLAlchemy
+# ================
+# See https://flask-sqlalchemy.palletsprojects.com/en/2.x/config/
+
+# TODO: Set
+SQLALCHEMY_DATABASE_URI="postgresql+psycopg2://am-d-model-data-repository:am-d-model-data-repository@localhost/am-d-model-data-repository"
+
+
+# Invenio-App
+# ===========
+# See https://invenio-app.readthedocs.io/en/latest/configuration.html
+
+APP_DEFAULT_SECURE_HEADERS = {
+    'content_security_policy': {
+        'default-src': [
+            "'self'",
+            'data:', # for fonts
+            "'unsafe-inline'",  # for inline scripts and styles
+            "blob:",            # for pdf preview
+            # Add your own policies here (e.g. analytics)
+        ],
+    },
+    'content_security_policy_report_only': False,
+    'content_security_policy_report_uri': None,
+    'force_file_save': False,
+    'force_https': True,
+    'force_https_permanent': False,
+    'frame_options': 'sameorigin',
+    'frame_options_allow_from': None,
+    'session_cookie_http_only': True,
+    'session_cookie_secure': True,
+    'strict_transport_security': True,
+    'strict_transport_security_include_subdomains': True,
+    'strict_transport_security_max_age': 31556926,  # One year in seconds
+    'strict_transport_security_preload': False,
+}
+
+
+# Flask-Babel
+# ===========
+# See https://python-babel.github.io/flask-babel/#configuration
+
+# Default locale (language)
+BABEL_DEFAULT_LOCALE = 'en_IE'
+# Default time zone
+BABEL_DEFAULT_TIMEZONE = 'Europe/Dublin'
+
+
+# Invenio-I18N
+# ============
+# See https://invenio-i18n.readthedocs.io/en/latest/configuration.html
+
+# Other supported languages (do not include BABEL_DEFAULT_LOCALE in list).
+I18N_LANGUAGES = [
+    ('de', _('German')),
+    ('fr', _('French')),
+    ('es', _('Spanish')),
+    ('it', _('Italian')),
+    # ('tr', _('Turkish')),
+]
+
+
+# Invenio-Theme
+# =============
+# See https://invenio-theme.readthedocs.io/en/latest/configuration.html
+
+# Name used in header and UI
+THEME_SITENAME = "AM-D-Model Data Repository"
+# Frontpage title
+THEME_FRONTPAGE_TITLE = "AM-D-Model Data Repository"
+# Header logo
+THEME_LOGO = 'images/invenio-rdm.svg'
+
+
+# Invenio-App-RDM
+# ===============
+# See https://github.com/inveniosoftware/invenio-app-rdm/blob/master/invenio_app_rdm/config.py
+
+# Instance's theme entrypoint file. Path relative to the ``assets/`` folder.
+INSTANCE_THEME_FILE = './less/theme.less'
+
+# Email address for administrator emails (like file checksum alerts)
+APP_RDM_ADMIN_EMAIL_RECIPIENT = "repo@am-d-model.eu"
+
+# Default values for the deposit form
+APP_RDM_DEPOSIT_FORM_DEFAULTS = {
+    "publication_date": lambda: datetime.now().strftime("%Y-%m-%d"),
+    "rights": [
+        {
+            "id": "cc-by-4.0",
+            "title": "Creative Commons Attribution 4.0 International",
+            "description": ("The Creative Commons Attribution license allows "
+                            "re-distribution and re-use of a licensed work "
+                            "on the condition that the creator is "
+                            "appropriately credited."),
+            "link": "https://creativecommons.org/licenses/by/4.0/legalcode",
+        }
+    ],
+    "publisher": "AM-D-Model Data Repository",
+}
+
+APP_RDM_DEPOSIT_FORM_AUTOCOMPLETE_NAMES = 'search' # "search_only" or "off"
+
+# Invenio-Files-Rest
+# ==================
+FILES_REST_STORAGE_FACTORY='invenio_s3.s3fs_storage_factory'
+
+# Invenio-S3
+# ==========
+S3_ENDPOINT_URL='http://localhost:9000/'
+S3_ACCESS_KEY_ID='CHANGE_ME'
+S3_SECRET_ACCESS_KEY='CHANGE_ME'
+
+# Allow S3 endpoint in the CSP rules
+APP_DEFAULT_SECURE_HEADERS['content_security_policy']['default-src'].append(
+    S3_ENDPOINT_URL
+)
+
+# Invenio-Records-Resources
+# =========================
+# See https://github.com/inveniosoftware/invenio-records-resources/blob/master/invenio_records_resources/config.py
+
+# TODO: Set with your own hostname when deploying to production
+SITE_UI_URL = "https://am-d-model.eu/repo"
+
+SITE_API_URL = "https://am-d-model.eu/repo/api"
+
+# Invenio-RDM-Records
+# ===================
+# See https://inveniordm.docs.cern.ch/customize/dois/
+DATACITE_ENABLED = False
+DATACITE_USERNAME = ""
+DATACITE_PASSWORD = ""
+DATACITE_PREFIX = ""
+DATACITE_TEST_MODE = True
+DATACITE_DATACENTER_SYMBOL = ""
+
+# Authentication - Invenio-Accounts and Invenio-OAuthclient
+# =========================================================
+# See: https://inveniordm.docs.cern.ch/customize/authentication/
+
+# Invenio-Accounts
+# ----------------
+# See https://github.com/inveniosoftware/invenio-accounts/blob/master/invenio_accounts/config.py
+ACCOUNTS_LOCAL_LOGIN_ENABLED = True  # enable local login
+SECURITY_REGISTERABLE = True  # local login: allow users to register
+SECURITY_RECOVERABLE = True  # local login: allow users to reset the password
+SECURITY_CHANGEABLE = True  # local login: allow users to change psw
+SECURITY_CONFIRMABLE = True  # local login: users can confirm e-mail address
+SECURITY_LOGIN_WITHOUT_CONFIRMATION = False # require users to confirm email before being able to login
+
+# Invenio-OAuthclient
+# -------------------
+# See https://github.com/inveniosoftware/invenio-oauthclient/blob/master/invenio_oauthclient/config.py
+
+OAUTHCLIENT_REMOTE_APPS = {}  # configure external login providers
+
+from invenio_oauthclient.views.client import auto_redirect_login
+ACCOUNTS_LOGIN_VIEW_FUNCTION = auto_redirect_login  # autoredirect to external login if enabled
+OAUTHCLIENT_AUTO_REDIRECT_TO_EXTERNAL_LOGIN = False  # autoredirect to external login
+
+# Invenio-UserProfiles
+# --------------------
+USERPROFILES_READ_ONLY = False  # allow users to change profile info (name, email, etc...)
+
+# OAI-PMH
+# =======
+# See https://github.com/inveniosoftware/invenio-oaiserver/blob/master/invenio_oaiserver/config.py
+
+OAISERVER_ID_PREFIX = "am-d-model.eu"
+"""The prefix that will be applied to the generated OAI-PMH ids."""
+OAISERVER_ADMIN_EMAILS = [
+    "repo@am-d-model.eu",
+]
+
+# Invenio-Search
+# --------------
+
+SEARCH_INDEX_PREFIX = "am-d-model-data-repository-"
+
+# Invenio-Users-Resources
+# -----------------------
+
+USERS_RESOURCES_ADMINISTRATION_ENABLED = True
+"""Enable the user administration"""