{{ ansible_header | comment }}

# Uncomment if you use LDAP login
import ldap
from django_auth_ldap.config import LDAPSearch, PosixGroupType

# A secret key used by the server.
SECRET_KEY = "{{ printer.django_secret_key }}"

# Should the server run in debug mode ?
# SECURITY WARNING: don't run with debug turned on in production!
DEBUG = {{ printer.debug }}

# A list of admins of the services. Receive mails when an error occurs
ADMINS = [{% for admin in printer.admins %}{{ admin }}, {% endfor %}]

# The list of hostname the server will respond to.
ALLOWED_HOSTS = [{% for host in printer.allowed_hosts %}'{{ host }}', {% endfor %}]

OPTIONAL_APPS = [
    'django_extensions',
]

# The storage systems parameters to use
DATABASES = {
    'default': {  # The DB
        'ENGINE': 'django.db.backends.postgresql',
        'NAME': '{{ printer.database.name }}',
        'USER': '{{ printer.database.user }}',
        'PASSWORD': "{{ printer.database.password }}",
        'HOST': '{{ printer.database.host }}',
        'PORT': '{{ printer.database.port }}',
    },
}

{% if printer.version == "main" %}
STATIC_ROOT = "/var/lib/django-printer/static/"

{% endif %}
MEDIA_ROOT = "/var/lib/django-printer/files/"

# The mail configuration to send mails
EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
EMAIL_USE_SSL = {{ printer.email.ssl }}
EMAIL_HOST = '{{ printer.email.host }}'
EMAIL_PORT = {{ printer.email.port }}
EMAIL_HOST_USER = '{{ printer.email.user }}'
EMAIL_HOST_PASSWORD = '{{ printer.email.password }}'
SERVER_EMAIL = '{{ printer.email.from }}'
DEFAULT_FROM_EMAIL = '{{ printer.email.from_full }}'

NOTE_KFET_URL = "{{ printer.note.url }}"
NOTE_KFET_CLIENT_ID = "{{ printer.note.client_id }}"
NOTE_KFET_CLIENT_SECRET = "{{ printer.note.client_secret }}"

# This is the common name of the printer that is installed in the CUPS server
PRINTER_NAME = 'Lexmark_X950_Series'

# Is contacted for scanning. May be HTTP or HTTPS.
PRINTER_HTTP_SERVER = 'https://{{ printer.domain }}'
# Certificates may be not verified because they are unverifiable
# due to obsolete machines.
CHECK_HTTPS_CERTIFICATE = False

# To avoid spam, you can define the maximum scanning jobs a user can request.
# If set to 0, no limit is applied.
MAX_SIMULTANEOUS_SCANNING_JOBS = 5

# This address is the address of the server that will receive the scanned file.
# This may be allowed in your firewall and contactable by the printer.
SCANNER_SERVER_ADDRESS = {{ printer.scan_server.address|tojson }}
SCANNER_SERVER_PORT = {{ printer.scan_server.port }}

# Uncomment and adapt to use a LDAP server for authentication
AUTHENTICATION_BACKENDS = ["django_auth_ldap.backend.LDAPBackend"]
AUTH_LDAP_SERVER_URI = {{ printer.ldap.uri|tojson }}
AUTH_LDAP_CONNECTION_OPTIONS = {
    ldap.OPT_X_TLS_REQUIRE_CERT: ldap.OPT_X_TLS_ALLOW,
    ldap.OPT_X_TLS_NEWCTX: 0,
    ldap.OPT_REFERRALS: 0,
}
AUTH_LDAP_USER_DN_TEMPLATE = {{ printer.ldap.dn_template|tojson }}

AUTH_LDAP_GROUP_SEARCH = LDAPSearch(
    {{ printer.ldap.group_search|tojson }},
    ldap.SCOPE_SUBTREE,
    "(objectClass=posixGroup)",
)

AUTH_LDAP_GROUP_TYPE = PosixGroupType()

AUTH_LDAP_MIRROR_GROUPS = True

AUTH_LDAP_USER_FLAGS_BY_GROUP = {
    "is_active": {{ printer.ldap.read_group|tojson }},
    "is_staff": {{ printer.ldap.read_group|tojson }},
    "is_superuser": {{ printer.ldap.write_group|tojson }},
}