# -*- mode: python; coding: utf-8 -*-
{{ ansible_header | comment }}

from __future__ import unicode_literals

# A secret key used by the server.
SECRET_KEY = '{{ re2o.django_secret_key }}'

# The password to access the project database
DB_PASSWORD = '{{ re2o.database.password }}'

# AES key for secret key encryption.
# The length must be a multiple of 16
AES_KEY = '{{ re2o.aes_key }}'

# Should the server run in debug mode ?
# SECURITY WARNING: don't run with debug turned on in production!
DEBUG = False

# A list of admins of the services. Receive mails when an error occurs
ADMINS = [{% for admin in re2o.admins %}{{ admin }}, {% endfor %}]

# The list of hostname the server will respond to.
ALLOWED_HOSTS = [{% for host in re2o.allowed_hosts %}'{{ host }}', {% endfor %}]

# The time zone the server is runned in
TIME_ZONE = 'Europe/Paris'

# The storage systems parameters to use
DATABASES = {
    'default': {  # The DB
        'ENGINE': 'django.db.backends.postgresql_psycopg2',
        'NAME': 're2o',
        'USER': 're2o',
        'PASSWORD': DB_PASSWORD,
        'HOST': '{{ re2o.database.uri }}',
        'TEST': {
            'CHARSET': 'utf8',
            'COLLATION': 'utf8_general_ci'
        }
    },
    'ldap': {  # The LDAP
        'ENGINE': 'ldapdb.backends.ldap',
        'NAME': '{{ re2o.ldap.uri }}',
        'USER': 'cn=admin,{{ glob_ldap.base }}',
        'TLS': False,
        'PASSWORD': '{{ re2o.ldap.master_password }}',
    }
}

# Security settings for secure https
# Activate once https is correctly configured
SECURE_CONTENT_TYPE_NOSNIFF = False
SECURE_BROWSER_XSS_FILTER = False
SESSION_COOKIE_SECURE = False
CSRF_COOKIE_SECURE = False
CSRF_COOKIE_HTTPONLY = False
X_FRAME_OPTIONS = 'DENY'
SESSION_COOKIE_AGE = 60 * 60 * 3

# The path where your organization logo is stored
LOGO_PATH = "static_files/logo.png"

# The mail configuration for Re2o to send mails
SERVER_EMAIL = '{{ re2o.from_email }}'  # The mail address to use
EMAIL_HOST = '{{ re2o.smtp_server }}'           # The host to use
EMAIL_PORT = 25             # The port to use

# Settings of the LDAP structure
LDAP = {
    'base_user_dn': u'cn=Utilisateurs,{{ glob_ldap.base }}',
    'base_userservice_dn': u'ou=service-users,{{ glob_ldap.base }}',
    'base_usergroup_dn': u'ou=posix,ou=groups,{{ glob_ldap.base }}',
    'base_userservicegroup_dn': u'ou=services,ou=groups,{{ glob_ldap.base }}',
    'base_dn': '{{ glob_ldap.base }}',
    'user_gid': 500,
}

# A range of UID to use. Used in linux environement
UID_RANGES = {
    'users': [11001, 20000],
    'service-users': [30000, 31000],
}

# A range of GID to use. Used in linux environement
GID_RANGES = {
    'posix': [501, 600],
}

# CAPTIVE_IP_RANGE = "10.51.0.0/16"

# Some optionnal Re2o Apps
OPTIONNAL_APPS_RE2O = ()

# Some Django apps you want to add in you local project
OPTIONNAL_APPS = OPTIONNAL_APPS_RE2O + ({% for app in re2o.optional_apps %}'{{ app }}', {% endfor %})

PREFIX_DELEGATION_OWNER = 'users.User'