dk0r/config.yaml

## config.yaml
#######################
### Oncall-api settings
#######################
server:
  host: 0.0.0.0
  port: 8080
oncall_host: http://localhost:8080
metrics: dummy
db:
  conn:
    kwargs:
      scheme: mysql+pymysql
      user: root
      password: "1234"
      host: 127.0.0.1
      port: 3306
      database: oncall
      charset: utf8
      echo: True
    str: "%(scheme)s://%(user)s:%(password)s@%(host)s:%(port)s/%(database)s?charset=%(charset)s"
  kwargs:
    pool_recycle: 3600
healthcheck_path: /tmp/status

# Keys for encrypting/signing session cookies.
# Change to random long values in production.
session:
  encrypt_key: 'abc'
  sign_key: '123'

# Debug mode toggle. Disable in production.
# Debug mode disables authentication, allows access to debug-only API endpoints
# (used for testing), allows HTTP access, and removes some security headers
# from responses.
debug: True

## To run Oncall without https, set this value to True
## WARNING: use this only for debugging purposes, to avoid sending
## usernames and passwords in plain text.
#allow_http: False

# Pluggable authentication module configuration.
# Additional auth modules can be added by implementing the Authenticator
# class, with two required methods: __init__(self, config) and
# authenticate(self, username, password)
auth:
  debug: True
  module: 'oncall.auth.modules.debug'  # Auth module where Authenticator is implemented

# Example configuration for LDAP-based auth
#   module: 'oncall.auth.modules.ldap_example'
#   module: 'oncall.auth.modules.ldap_import' # for automatically import user at first connexion
#   ldap_url: 'ldaps://example.com'
#   ldap_user_suffix: '@example.biz'
#   ldap_cert_path: '/etc/ldap_cert.pem'
#   ldap_bind_user: 'cn=binduser,ou=services,dc=company,dc=org'
#   ldap_bind_password: 'abc123'
#   ldap_base_dn: 'ou=accounts,dc=company,dc=org'
#   ldap_search_filter: '(uid=%s)'
# options used by the ldap_import module.
#   import_user: True
#   attrs:
#     username: 'uid'
#     full_name: 'displayName'
#     email: 'mail'
#     mobile: 'mobile'
#     sms: 'phone'
#     slack: 'uid'

############################
### Oncall-notifier settings
############################
notifier:
  # Skip sending messages, log instead
  skipsend: True

# Reminder notification settings
notifications:
  # The notifier will send reminders for events with these roles
  default_roles:
    - "primary"
    - "secondary"
    - "shadow"
    - "manager"
  # Reminders will be sent $x seconds before events start, for $x in this list
  default_times:
    - 86400
    - 604800
  # Reminders are sent using these modes of contact
  default_modes:
    - "email"
    # - "teams_messenger"
# Reminder task settings
reminder:
  activated: True
  polling_interval: 360  # In seconds, the reminder will poll DB for events every $n seconds
  default_timezone: 'US/Pacific'  # Dates/times in the reminders are formatted in this timezone

# User validator checks that people scheduled for on-call events have defined phone numbers
user_validator:
  activated: True
  subject: 'Warning: Missing phone number in Oncall'
  body: 'You are scheduled for an on-call shift in the future, but have no phone number recorded. Please update your information in Oncall.'

# Reminders sent using these messengers
messengers:
#   - type: teams_messenger
#     webhook: "channel_webhook_url"
#
#   - type: rocketchat_messenger
#     user: username
#     password: abc123
#     refresh: 60000
#     api_host: https://example.rocket.chat
#
#  - type: iris_messenger
#    application: oncall
#    iris_api_key: magic
#    api_host: http://localhost:16649

  - type: dummy
    application: oncall
    iris_api_key: magic

############################
### Oncall frontend settings
############################
supported_timezones:
  - 'US/Pacific'
  - 'US/Eastern'
  - 'US/Central'
  - 'US/Mountain'
  - 'US/Alaska'
  - 'US/Hawaii'
  - 'Asia/Kolkata'
  - 'Asia/Shanghai'
  - 'UTC'

index_content_setting:
  # Page footer contents
  #footer: |
  #  <ul>
  #    <li>Oncall © LinkedIn 2020</li>
  #    <li>Feedback</li>
  #    <li><a href="http://oncall.tools" target="_blank">About</a></li>
  #  </ul>
  # Note displayed when a user has no phone number
  missing_number_note: 'No number'
header_color: '#3a3a3a'

# The base url for the public oncall calendar. This url has to open to the public internet for most web calendar subscriptions to work.
# The public calendar url will be formatted as follows: "{public_calendar_base_url}/{ical_key}".
# Replace localhost with the hostname of the oncall or iris-relay instance.
public_calendar_base_url: 'http://localhost:8080/api/v0/ical'
# Additional message you want to put here, could be a link to the FAQ
public_calendar_additional_message: 'Link to FAQ'

# Integration with Iris, allowing for escalation from Oncall
iris_plan_integration:
  activated: True
  # Iris app and key settings
  app: oncall
  api_key: magic
  api_host: http://localhost:16649
  # API url to get a list of Oncall-compatible plans
  # This will be /v0/applications/$app_name/plans
  plan_url: '/v0/applications/oncall/plans'
  # Plan to follow with urgent escalations; must be a dynamic plan
  urgent_plan:
    name: 'Oncall test'
    # In the Iris plan, dynamic target $n will map to dynamic_targets[$n].
    # For example, here, Iris target 0 will be the oncall-primary of the
    # team, target 1 will be the team, and target 2 will be the manager
    dynamic_targets:
      - role: 'oncall-primary'
      - role: 'team'
      - role: 'manager'
  # Similar to above, but for medium teams.
  medium_plan:
    name: 'Oncall test'
    dynamic_targets:
      - role: 'oncall-primary'
      - role: 'team'
      - role: 'manager'
# CORS settings
# allow_origins_list:
#   - http://www.example.com

# Configures whether Slack settings will appear in the frontend
slack_instance: foobar

# Setting to determine whether the Oncall API/frontend is available unauthenticated.
# Set to True to force login splash page and authentication on API calls and False to allow read
# APIs without authentication
require_auth: False

###########################
### Oncall bonus management
###########################
# add_bonus_events_api: True
# bonus_url: 'https://ONCALL_BONUS_TEAMS_ENDPOINT'
# bonus_whitelist:
#      - 'team_foo'
# bonus_blacklist:
#      - 'team_bar'
#      - 'team_baz'

##########################
### Oncall user management
##########################

# # Configure which user_sync module is being used
# user_sync:
#   module: 'oncall.user_sync.ldap_sync'
#
# # User management by syncing from Slack
# slack:
#   oauth_access_token: 'foo'
#
# # User management by syncing from LDAP
# ldap_sync:
#   url: 'ldaps://example.com'
#   base: 'ou=Staff Users,dc=multiforest,dc=biz'
#   user: 'CN=example,DC=multiforest,DC=biz'
#   password: 'password'
#   cert_path: '/etc/ldap_cert.pem'
#   query: '(&(objectClass=userProxy)(employeeId=*))'
#   # Map of Oncall user information to LDAP attribute
#   attrs:
#     username: 'sAMAccountName'
#     full_name: 'displayName'
#     mail: 'mail'
#     mobile: 'mobile'
#   image_url: 'https://image.example.com/api/%s/picture'
#
#
#
#
#
# Configure which user_sync module is being used
user_sync:
  module: 'oncall.user_sync.ldap_sync'
# User management by syncing from LDAP
ldap_sync:
  url: 'ldap://172.17.0.2:10389'                               # TODO: Try default port 389 instead of 10389? Try ldaps:// instead and provide cert_path ??
  base: 'ou=users,dc=wimpi,dc=net'                            # TODO: Try ou=roles instead?
  user: 'UID=oncall,OU=users,DC=wimpi,DC=net'                           # TODO: Try Caps vs Noncaps? Try including an ou (as shown in admin guide)?
  password: 'secret'
  cert_path: '/etc/ldap_cert.pem'                             # TODO: Get cert from Docker LDAP server and specify path here? Unsure if useful but /etc/ldap/ldap.conf shows LOCAL cert appears to be located @ /etc/ssl/certs/ca-certificates.crt
  query: '(uid=*)'                                            # TODO: Consider original query: '(&(objectClass=userProxy)(employeeId=*))'           # TODO: hmmmmm....
  # Map of Oncall user information to LDAP attribute
  attrs:
    username: 'uid'
    full_name: 'cn'
    mail: 'mail'
    mobile: 'mobile'
  image_url: 'https://<redacted>'
	#######################
	### Oncall-api settings
	#######################
	server:
	host: 0.0.0.0
	port: 8080
	oncall_host: http://localhost:8080
	metrics: dummy
	db:
	conn:
	kwargs:
	scheme: mysql+pymysql
	user: root
	password: "1234"
	host: 127.0.0.1
	port: 3306
	database: oncall
	charset: utf8
	echo: True
	str: "%(scheme)s://%(user)s:%(password)s@%(host)s:%(port)s/%(database)s?charset=%(charset)s"
	kwargs:
	pool_recycle: 3600
	healthcheck_path: /tmp/status

	# Keys for encrypting/signing session cookies.
	# Change to random long values in production.
	session:
	encrypt_key: 'abc'
	sign_key: '123'

	# Debug mode toggle. Disable in production.
	# Debug mode disables authentication, allows access to debug-only API endpoints
	# (used for testing), allows HTTP access, and removes some security headers
	# from responses.
	debug: True

	## To run Oncall without https, set this value to True
	## WARNING: use this only for debugging purposes, to avoid sending
	## usernames and passwords in plain text.
	#allow_http: False

	# Pluggable authentication module configuration.
	# Additional auth modules can be added by implementing the Authenticator
	# class, with two required methods: __init__(self, config) and
	# authenticate(self, username, password)
	auth:
	debug: True
	module: 'oncall.auth.modules.debug' # Auth module where Authenticator is implemented

	# Example configuration for LDAP-based auth
	# module: 'oncall.auth.modules.ldap_example'
	# module: 'oncall.auth.modules.ldap_import' # for automatically import user at first connexion
	# ldap_url: 'ldaps://example.com'
	# ldap_user_suffix: '@example.biz'
	# ldap_cert_path: '/etc/ldap_cert.pem'
	# ldap_bind_user: 'cn=binduser,ou=services,dc=company,dc=org'
	# ldap_bind_password: 'abc123'
	# ldap_base_dn: 'ou=accounts,dc=company,dc=org'
	# ldap_search_filter: '(uid=%s)'
	# options used by the ldap_import module.
	# import_user: True
	# attrs:
	# username: 'uid'
	# full_name: 'displayName'
	# email: 'mail'
	# mobile: 'mobile'
	# sms: 'phone'
	# slack: 'uid'

	############################
	### Oncall-notifier settings
	############################
	notifier:
	# Skip sending messages, log instead
	skipsend: True

	# Reminder notification settings
	notifications:
	# The notifier will send reminders for events with these roles
	default_roles:
	- "primary"
	- "secondary"
	- "shadow"
	- "manager"
	# Reminders will be sent $x seconds before events start, for $x in this list
	default_times:
	- 86400
	- 604800
	# Reminders are sent using these modes of contact
	default_modes:
	- "email"
	# - "teams_messenger"
	# Reminder task settings
	reminder:
	activated: True
	polling_interval: 360 # In seconds, the reminder will poll DB for events every $n seconds
	default_timezone: 'US/Pacific' # Dates/times in the reminders are formatted in this timezone

	# User validator checks that people scheduled for on-call events have defined phone numbers
	user_validator:
	activated: True
	subject: 'Warning: Missing phone number in Oncall'
	body: 'You are scheduled for an on-call shift in the future, but have no phone number recorded. Please update your information in Oncall.'

	# Reminders sent using these messengers
	messengers:
	# - type: teams_messenger
	# webhook: "channel_webhook_url"
	#
	# - type: rocketchat_messenger
	# user: username
	# password: abc123
	# refresh: 60000
	# api_host: https://example.rocket.chat
	#
	# - type: iris_messenger
	# application: oncall
	# iris_api_key: magic
	# api_host: http://localhost:16649

	- type: dummy
	application: oncall
	iris_api_key: magic

	############################
	### Oncall frontend settings
	############################
	supported_timezones:
	- 'US/Pacific'
	- 'US/Eastern'
	- 'US/Central'
	- 'US/Mountain'
	- 'US/Alaska'
	- 'US/Hawaii'
	- 'Asia/Kolkata'
	- 'Asia/Shanghai'
	- 'UTC'

	index_content_setting:
	# Page footer contents
	#footer: \|
	# <ul>
	# <li>Oncall © LinkedIn 2020</li>
	# <li>Feedback</li>
	# <li><a href="http://oncall.tools" target="_blank">About</a></li>
	# </ul>
	# Note displayed when a user has no phone number
	missing_number_note: 'No number'
	header_color: '#3a3a3a'

	# The base url for the public oncall calendar. This url has to open to the public internet for most web calendar subscriptions to work.
	# The public calendar url will be formatted as follows: "{public_calendar_base_url}/{ical_key}".
	# Replace localhost with the hostname of the oncall or iris-relay instance.
	public_calendar_base_url: 'http://localhost:8080/api/v0/ical'
	# Additional message you want to put here, could be a link to the FAQ
	public_calendar_additional_message: 'Link to FAQ'

	# Integration with Iris, allowing for escalation from Oncall
	iris_plan_integration:
	activated: True
	# Iris app and key settings
	app: oncall
	api_key: magic
	api_host: http://localhost:16649
	# API url to get a list of Oncall-compatible plans
	# This will be /v0/applications/$app_name/plans
	plan_url: '/v0/applications/oncall/plans'
	# Plan to follow with urgent escalations; must be a dynamic plan
	urgent_plan:
	name: 'Oncall test'
	# In the Iris plan, dynamic target $n will map to dynamic_targets[$n].
	# For example, here, Iris target 0 will be the oncall-primary of the
	# team, target 1 will be the team, and target 2 will be the manager
	dynamic_targets:
	- role: 'oncall-primary'
	- role: 'team'
	- role: 'manager'
	# Similar to above, but for medium teams.
	medium_plan:
	name: 'Oncall test'
	dynamic_targets:
	- role: 'oncall-primary'
	- role: 'team'
	- role: 'manager'
	# CORS settings
	# allow_origins_list:
	# - http://www.example.com

	# Configures whether Slack settings will appear in the frontend
	slack_instance: foobar

	# Setting to determine whether the Oncall API/frontend is available unauthenticated.
	# Set to True to force login splash page and authentication on API calls and False to allow read
	# APIs without authentication
	require_auth: False

	###########################
	### Oncall bonus management
	###########################
	# add_bonus_events_api: True
	# bonus_url: 'https://ONCALL_BONUS_TEAMS_ENDPOINT'
	# bonus_whitelist:
	# - 'team_foo'
	# bonus_blacklist:
	# - 'team_bar'
	# - 'team_baz'

	##########################
	### Oncall user management
	##########################

	# # Configure which user_sync module is being used
	# user_sync:
	# module: 'oncall.user_sync.ldap_sync'
	#
	# # User management by syncing from Slack
	# slack:
	# oauth_access_token: 'foo'
	#
	# # User management by syncing from LDAP
	# ldap_sync:
	# url: 'ldaps://example.com'
	# base: 'ou=Staff Users,dc=multiforest,dc=biz'
	# user: 'CN=example,DC=multiforest,DC=biz'
	# password: 'password'
	# cert_path: '/etc/ldap_cert.pem'
	# query: '(&(objectClass=userProxy)(employeeId=*))'
	# # Map of Oncall user information to LDAP attribute
	# attrs:
	# username: 'sAMAccountName'
	# full_name: 'displayName'
	# mail: 'mail'
	# mobile: 'mobile'
	# image_url: 'https://image.example.com/api/%s/picture'
	#
	#
	#
	#
	#
	# Configure which user_sync module is being used
	user_sync:
	module: 'oncall.user_sync.ldap_sync'
	# User management by syncing from LDAP
	ldap_sync:
	url: 'ldap://172.17.0.2:10389' # TODO: Try default port 389 instead of 10389? Try ldaps:// instead and provide cert_path ??
	base: 'ou=users,dc=wimpi,dc=net' # TODO: Try ou=roles instead?
	user: 'UID=oncall,OU=users,DC=wimpi,DC=net' # TODO: Try Caps vs Noncaps? Try including an ou (as shown in admin guide)?
	password: 'secret'
	cert_path: '/etc/ldap_cert.pem' # TODO: Get cert from Docker LDAP server and specify path here? Unsure if useful but /etc/ldap/ldap.conf shows LOCAL cert appears to be located @ /etc/ssl/certs/ca-certificates.crt
	query: '(uid=)' # TODO: Consider original query: '(&(objectClass=userProxy)(employeeId=))' # TODO: hmmmmm....
	# Map of Oncall user information to LDAP attribute
	attrs:
	username: 'uid'
	full_name: 'cn'
	mail: 'mail'
	mobile: 'mobile'
	image_url: 'https://<redacted>'