aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPavlos Ratis <dastergon@gentoo.org>2013-09-17 16:05:40 +0300
committerPavlos Ratis <dastergon@gentoo.org>2013-09-17 16:05:40 +0300
commitbf347945379722bddc565b411a79ecc0b62dc256 (patch)
tree25a0f0b9c4c0380d5740298f71745f7ce423cdc2
parentMerge pull request #91 from mgorny/ensure-credentials-cleaned_up-on-exception (diff)
downloadidentity.gentoo.org-bf347945379722bddc565b411a79ecc0b62dc256.tar.gz
identity.gentoo.org-bf347945379722bddc565b411a79ecc0b62dc256.tar.bz2
identity.gentoo.org-bf347945379722bddc565b411a79ecc0b62dc256.zip
add documentation
-rw-r--r--docs/source/Makefile153
-rw-r--r--docs/source/conf.py242
-rw-r--r--docs/source/credits.rst14
-rw-r--r--docs/source/getting_started/index.rst9
-rw-r--r--docs/source/getting_started/installation.rst304
-rw-r--r--docs/source/getting_started/troubleshooting.rst16
-rw-r--r--docs/source/getting_started/workflow.rst99
-rw-r--r--docs/source/index.rst32
-rw-r--r--docs/source/userguide/features.rst27
-rw-r--r--docs/source/userguide/index.rst8
-rw-r--r--docs/source/userguide/libraries.rst90
11 files changed, 994 insertions, 0 deletions
diff --git a/docs/source/Makefile b/docs/source/Makefile
new file mode 100644
index 0000000..10274a8
--- /dev/null
+++ b/docs/source/Makefile
@@ -0,0 +1,153 @@
+# Makefile for Sphinx documentation
+#
+
+# You can set these variables from the command line.
+SPHINXOPTS =
+SPHINXBUILD = sphinx-build
+PAPER =
+BUILDDIR = _build
+
+# Internal variables.
+PAPEROPT_a4 = -D latex_paper_size=a4
+PAPEROPT_letter = -D latex_paper_size=letter
+ALLSPHINXOPTS = -d $(BUILDDIR)/doctrees $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) .
+# the i18n builder cannot share the environment and doctrees with the others
+I18NSPHINXOPTS = $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) source
+
+.PHONY: help clean html dirhtml singlehtml pickle json htmlhelp qthelp devhelp epub latex latexpdf text man changes linkcheck doctest gettext
+
+help:
+ @echo "Please use \`make <target>' where <target> is one of"
+ @echo " html to make standalone HTML files"
+ @echo " dirhtml to make HTML files named index.html in directories"
+ @echo " singlehtml to make a single large HTML file"
+ @echo " pickle to make pickle files"
+ @echo " json to make JSON files"
+ @echo " htmlhelp to make HTML files and a HTML help project"
+ @echo " qthelp to make HTML files and a qthelp project"
+ @echo " devhelp to make HTML files and a Devhelp project"
+ @echo " epub to make an epub"
+ @echo " latex to make LaTeX files, you can set PAPER=a4 or PAPER=letter"
+ @echo " latexpdf to make LaTeX files and run them through pdflatex"
+ @echo " text to make text files"
+ @echo " man to make manual pages"
+ @echo " texinfo to make Texinfo files"
+ @echo " info to make Texinfo files and run them through makeinfo"
+ @echo " gettext to make PO message catalogs"
+ @echo " changes to make an overview of all changed/added/deprecated items"
+ @echo " linkcheck to check all external links for integrity"
+ @echo " doctest to run all doctests embedded in the documentation (if enabled)"
+
+clean:
+ -rm -rf $(BUILDDIR)/*
+
+html:
+ $(SPHINXBUILD) -b html $(ALLSPHINXOPTS) $(BUILDDIR)/html
+ @echo
+ @echo "Build finished. The HTML pages are in $(BUILDDIR)/html."
+
+dirhtml:
+ $(SPHINXBUILD) -b dirhtml $(ALLSPHINXOPTS) $(BUILDDIR)/dirhtml
+ @echo
+ @echo "Build finished. The HTML pages are in $(BUILDDIR)/dirhtml."
+
+singlehtml:
+ $(SPHINXBUILD) -b singlehtml $(ALLSPHINXOPTS) $(BUILDDIR)/singlehtml
+ @echo
+ @echo "Build finished. The HTML page is in $(BUILDDIR)/singlehtml."
+
+pickle:
+ $(SPHINXBUILD) -b pickle $(ALLSPHINXOPTS) $(BUILDDIR)/pickle
+ @echo
+ @echo "Build finished; now you can process the pickle files."
+
+json:
+ $(SPHINXBUILD) -b json $(ALLSPHINXOPTS) $(BUILDDIR)/json
+ @echo
+ @echo "Build finished; now you can process the JSON files."
+
+htmlhelp:
+ $(SPHINXBUILD) -b htmlhelp $(ALLSPHINXOPTS) $(BUILDDIR)/htmlhelp
+ @echo
+ @echo "Build finished; now you can run HTML Help Workshop with the" \
+ ".hhp project file in $(BUILDDIR)/htmlhelp."
+
+qthelp:
+ $(SPHINXBUILD) -b qthelp $(ALLSPHINXOPTS) $(BUILDDIR)/qthelp
+ @echo
+ @echo "Build finished; now you can run "qcollectiongenerator" with the" \
+ ".qhcp project file in $(BUILDDIR)/qthelp, like this:"
+ @echo "# qcollectiongenerator $(BUILDDIR)/qthelp/Okupy.qhcp"
+ @echo "To view the help file:"
+ @echo "# assistant -collectionFile $(BUILDDIR)/qthelp/Okupy.qhc"
+
+devhelp:
+ $(SPHINXBUILD) -b devhelp $(ALLSPHINXOPTS) $(BUILDDIR)/devhelp
+ @echo
+ @echo "Build finished."
+ @echo "To view the help file:"
+ @echo "# mkdir -p $$HOME/.local/share/devhelp/Okupy"
+ @echo "# ln -s $(BUILDDIR)/devhelp $$HOME/.local/share/devhelp/Okupy"
+ @echo "# devhelp"
+
+epub:
+ $(SPHINXBUILD) -b epub $(ALLSPHINXOPTS) $(BUILDDIR)/epub
+ @echo
+ @echo "Build finished. The epub file is in $(BUILDDIR)/epub."
+
+latex:
+ $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex
+ @echo
+ @echo "Build finished; the LaTeX files are in $(BUILDDIR)/latex."
+ @echo "Run \`make' in that directory to run these through (pdf)latex" \
+ "(use \`make latexpdf' here to do that automatically)."
+
+latexpdf:
+ $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex
+ @echo "Running LaTeX files through pdflatex..."
+ $(MAKE) -C $(BUILDDIR)/latex all-pdf
+ @echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex."
+
+text:
+ $(SPHINXBUILD) -b text $(ALLSPHINXOPTS) $(BUILDDIR)/text
+ @echo
+ @echo "Build finished. The text files are in $(BUILDDIR)/text."
+
+man:
+ $(SPHINXBUILD) -b man $(ALLSPHINXOPTS) $(BUILDDIR)/man
+ @echo
+ @echo "Build finished. The manual pages are in $(BUILDDIR)/man."
+
+texinfo:
+ $(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo
+ @echo
+ @echo "Build finished. The Texinfo files are in $(BUILDDIR)/texinfo."
+ @echo "Run \`make' in that directory to run these through makeinfo" \
+ "(use \`make info' here to do that automatically)."
+
+info:
+ $(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo
+ @echo "Running Texinfo files through makeinfo..."
+ make -C $(BUILDDIR)/texinfo info
+ @echo "makeinfo finished; the Info files are in $(BUILDDIR)/texinfo."
+
+gettext:
+ $(SPHINXBUILD) -b gettext $(I18NSPHINXOPTS) $(BUILDDIR)/locale
+ @echo
+ @echo "Build finished. The message catalogs are in $(BUILDDIR)/locale."
+
+changes:
+ $(SPHINXBUILD) -b changes $(ALLSPHINXOPTS) $(BUILDDIR)/changes
+ @echo
+ @echo "The overview file is in $(BUILDDIR)/changes."
+
+linkcheck:
+ $(SPHINXBUILD) -b linkcheck $(ALLSPHINXOPTS) $(BUILDDIR)/linkcheck
+ @echo
+ @echo "Link check complete; look for any errors in the above output " \
+ "or in $(BUILDDIR)/linkcheck/output.txt."
+
+doctest:
+ $(SPHINXBUILD) -b doctest $(ALLSPHINXOPTS) $(BUILDDIR)/doctest
+ @echo "Testing of doctests in the sources finished, look at the " \
+ "results in $(BUILDDIR)/doctest/output.txt."
diff --git a/docs/source/conf.py b/docs/source/conf.py
new file mode 100644
index 0000000..7a88108
--- /dev/null
+++ b/docs/source/conf.py
@@ -0,0 +1,242 @@
+# -*- coding: utf-8 -*-
+#
+# Okupy documentation build configuration file, created by
+# sphinx-quickstart on Tue Sep 17 15:27:37 2013.
+#
+# This file is execfile()d with the current directory set to its containing dir.
+#
+# Note that not all possible configuration values are present in this
+# autogenerated file.
+#
+# All configuration values have a default; values that are commented out
+# serve to show the default.
+
+import sys, os
+
+# If extensions (or modules to document with autodoc) are in another directory,
+# add these directories to sys.path here. If the directory is relative to the
+# documentation root, use os.path.abspath to make it absolute, like shown here.
+#sys.path.insert(0, os.path.abspath('.'))
+
+# -- General configuration -----------------------------------------------------
+
+# If your documentation needs a minimal Sphinx version, state it here.
+#needs_sphinx = '1.0'
+
+# Add any Sphinx extension module names here, as strings. They can be extensions
+# coming with Sphinx (named 'sphinx.ext.*') or your custom ones.
+extensions = ['sphinx.ext.autodoc', 'sphinx.ext.viewcode']
+
+# Add any paths that contain templates here, relative to this directory.
+templates_path = ['_templates']
+
+# The suffix of source filenames.
+source_suffix = '.rst'
+
+# The encoding of source files.
+#source_encoding = 'utf-8-sig'
+
+# The master toctree document.
+master_doc = 'index'
+
+# General information about the project.
+project = u'Okupy'
+copyright = u'2013, Gentoo Identity team'
+
+# The version info for the project you're documenting, acts as replacement for
+# |version| and |release|, also used in various other places throughout the
+# built documents.
+#
+# The short X.Y version.
+version = '0.1'
+# The full version, including alpha/beta/rc tags.
+release = '0.1'
+
+# The language for content autogenerated by Sphinx. Refer to documentation
+# for a list of supported languages.
+#language = None
+
+# There are two options for replacing |today|: either, you set today to some
+# non-false value, then it is used:
+#today = ''
+# Else, today_fmt is used as the format for a strftime call.
+#today_fmt = '%B %d, %Y'
+
+# List of patterns, relative to source directory, that match files and
+# directories to ignore when looking for source files.
+exclude_patterns = ['_build']
+
+# The reST default role (used for this markup: `text`) to use for all documents.
+#default_role = None
+
+# If true, '()' will be appended to :func: etc. cross-reference text.
+#add_function_parentheses = True
+
+# If true, the current module name will be prepended to all description
+# unit titles (such as .. function::).
+#add_module_names = True
+
+# If true, sectionauthor and moduleauthor directives will be shown in the
+# output. They are ignored by default.
+#show_authors = False
+
+# The name of the Pygments (syntax highlighting) style to use.
+pygments_style = 'sphinx'
+
+# A list of ignored prefixes for module index sorting.
+#modindex_common_prefix = []
+
+
+# -- Options for HTML output ---------------------------------------------------
+
+# The theme to use for HTML and HTML Help pages. See the documentation for
+# a list of builtin themes.
+html_theme = 'haiku'
+
+# Theme options are theme-specific and customize the look and feel of a theme
+# further. For a list of options available for each theme, see the
+# documentation.
+#html_theme_options = {}
+
+# Add any paths that contain custom themes here, relative to this directory.
+#html_theme_path = []
+
+# The name for this set of Sphinx documents. If None, it defaults to
+# "<project> v<release> documentation".
+#html_title = None
+
+# A shorter title for the navigation bar. Default is the same as html_title.
+#html_short_title = None
+
+# The name of an image file (relative to this directory) to place at the top
+# of the sidebar.
+#html_logo = None
+
+# The name of an image file (within the static path) to use as favicon of the
+# docs. This file should be a Windows icon file (.ico) being 16x16 or 32x32
+# pixels large.
+#html_favicon = None
+
+# Add any paths that contain custom static files (such as style sheets) here,
+# relative to this directory. They are copied after the builtin static files,
+# so a file named "default.css" will overwrite the builtin "default.css".
+html_static_path = ['_static']
+
+# If not '', a 'Last updated on:' timestamp is inserted at every page bottom,
+# using the given strftime format.
+#html_last_updated_fmt = '%b %d, %Y'
+
+# If true, SmartyPants will be used to convert quotes and dashes to
+# typographically correct entities.
+#html_use_smartypants = True
+
+# Custom sidebar templates, maps document names to template names.
+#html_sidebars = {}
+
+# Additional templates that should be rendered to pages, maps page names to
+# template names.
+#html_additional_pages = {}
+
+# If false, no module index is generated.
+#html_domain_indices = True
+
+# If false, no index is generated.
+#html_use_index = True
+
+# If true, the index is split into individual pages for each letter.
+#html_split_index = False
+
+# If true, links to the reST sources are added to the pages.
+#html_show_sourcelink = True
+
+# If true, "Created using Sphinx" is shown in the HTML footer. Default is True.
+#html_show_sphinx = True
+
+# If true, "(C) Copyright ..." is shown in the HTML footer. Default is True.
+#html_show_copyright = True
+
+# If true, an OpenSearch description file will be output, and all pages will
+# contain a <link> tag referring to it. The value of this option must be the
+# base URL from which the finished HTML is served.
+#html_use_opensearch = ''
+
+# This is the file name suffix for HTML files (e.g. ".xhtml").
+#html_file_suffix = None
+
+# Output file base name for HTML help builder.
+htmlhelp_basename = 'Okupydoc'
+
+
+# -- Options for LaTeX output --------------------------------------------------
+
+latex_elements = {
+# The paper size ('letterpaper' or 'a4paper').
+#'papersize': 'letterpaper',
+
+# The font size ('10pt', '11pt' or '12pt').
+#'pointsize': '10pt',
+
+# Additional stuff for the LaTeX preamble.
+#'preamble': '',
+}
+
+# Grouping the document tree into LaTeX files. List of tuples
+# (source start file, target name, title, author, documentclass [howto/manual]).
+latex_documents = [
+ ('index', 'Okupy.tex', u'Okupy Documentation',
+ u'Gentoo Identity team', 'manual'),
+]
+
+# The name of an image file (relative to this directory) to place at the top of
+# the title page.
+#latex_logo = None
+
+# For "manual" documents, if this is true, then toplevel headings are parts,
+# not chapters.
+#latex_use_parts = False
+
+# If true, show page references after internal links.
+#latex_show_pagerefs = False
+
+# If true, show URL addresses after external links.
+#latex_show_urls = False
+
+# Documents to append as an appendix to all manuals.
+#latex_appendices = []
+
+# If false, no module index is generated.
+#latex_domain_indices = True
+
+
+# -- Options for manual page output --------------------------------------------
+
+# One entry per manual page. List of tuples
+# (source start file, name, description, authors, manual section).
+man_pages = [
+ ('index', 'okupy', u'Okupy Documentation',
+ [u'Gentoo Identity team'], 1)
+]
+
+# If true, show URL addresses after external links.
+#man_show_urls = False
+
+
+# -- Options for Texinfo output ------------------------------------------------
+
+# Grouping the document tree into Texinfo files. List of tuples
+# (source start file, target name, title, author,
+# dir menu entry, description, category)
+texinfo_documents = [
+ ('index', 'Okupy', u'Okupy Documentation',
+ u'Gentoo Identity team', 'Okupy', 'One line description of project.',
+ 'Miscellaneous'),
+]
+
+# Documents to append as an appendix to all manuals.
+#texinfo_appendices = []
+
+# If false, no module index is generated.
+#texinfo_domain_indices = True
+
+# How to display URL addresses: 'footnote', 'no', or 'inline'.
+#texinfo_show_urls = 'footnote'
diff --git a/docs/source/credits.rst b/docs/source/credits.rst
new file mode 100644
index 0000000..b08b96c
--- /dev/null
+++ b/docs/source/credits.rst
@@ -0,0 +1,14 @@
+Credits
+=======
+Gentoo Identity team
+--------------------
+* Theo Chatzimichos <tampakrap>
+* Michał Górny <mgorny>
+* Pavlos Ratis <dastergon>
+
+Contributors
+------------
+* Your name could be here.
+
+.. note::
+ To contact Gentoo Identity team add '@gentoo.org' next to each nickname or send your email to <okupy AT gentoo DOT org>.
diff --git a/docs/source/getting_started/index.rst b/docs/source/getting_started/index.rst
new file mode 100644
index 0000000..a649f9e
--- /dev/null
+++ b/docs/source/getting_started/index.rst
@@ -0,0 +1,9 @@
+Getting Started
+===============
+
+.. toctree::
+ :maxdepth: 2
+
+ installation
+ workflow
+ troubleshooting
diff --git a/docs/source/getting_started/installation.rst b/docs/source/getting_started/installation.rst
new file mode 100644
index 0000000..1e650ee
--- /dev/null
+++ b/docs/source/getting_started/installation.rst
@@ -0,0 +1,304 @@
+Installation
+************
+
+Basic Requirements
+------------------
+You need `Python 2.7`_, `Django 1.6`_, `git`_, `virtualenv`_, `OpenLDAP`_, `Python-LDAP`_, `SQLite3`_, `Memcached`_ and a Unix like OS.
+
+.. _`Python 2.7`: http://docs.python.org/2/
+.. _`Django 1.6`: https://docs.djangoproject.com/en/1.6/
+.. _`git`: http://git-scm.com/
+.. _`virtualenv`: http://www.virtualenv.org/en/latest/
+.. _`OpenLDAP`: http://www.openldap.org/
+.. _`Python-LDAP`: http://www.python-ldap.org/
+.. _`SQLite3`: https://www.sqlite.org/
+.. _`Memcached`: http://memcached.org/
+
+Development Environment
+------------------------
+
+Installing okupy by hand
+~~~~~~~~~~~~~~~~~~~~~~~~
+* Clone somewhere the gentoo-identity-bootstrap repository::
+
+ git clone git://github.com/dastergon/gentoo-identity-bootstrap
+
+* Clone (in a different directory) the identity.gentoo.org repository::
+
+ git clone git://github.com/gentoo/identity.gentoo.org
+
+* Get the dependencies (choose one of the followings):
+
+* With pip:
+
+ * Optional: setup virtualenv
+ * Install the dependencies::
+
+ pip install -r requirements/base.txt --use-mirrors
+
+* With setup.py
+
+ * Optional: setup virtualenv
+ * Install the dependencies::
+
+ ./setup.py install
+
+Installing the Gentoo way
+~~~~~~~~~~~~~~~~~~~~~~~~~
+* Add the ``okupy`` overlay::
+
+ layman -a okupy
+
+* Install the dependencies::
+
+ ACCEPT_KEYWORDS="**" emerge --onlydeps okupy
+
+Configuration
+~~~~~~~~~~~~~
+
+* Copy the sample settings files::
+
+ $ cd identity.gentoo.org
+ $ cp okupy/settings/development.py.sample okupy/settings/development.py
+ $ cp okupy/settings/local_settings.py.sample okupy/settings/local_settings.py
+
+* Edit ``development.py``:
+
+ * In `STATICFILES_DIRS`, replace ``/path/to/gentoo-identity-bootstrap`` with the absolute path that you cloned the gentoo-identity-bootstrap repository earlier.
+
+* Edit ``local_settings.py``:
+
+ #. Add **sqlite3** db (sufficient for testing)
+ #. Add LDAP configuration (if applicable)
+ #. Configure **Memcached**
+ #. Sync the database::
+
+ python manage.py syncdb
+
+
+Production Environment
+----------------------
+* Create the dedicated user that will run okupy::
+
+ useradd -m okupy
+
+* Perform the same setup as for Development environment (using the okupy user).
+
+uWSGI setup
+~~~~~~~~~~~
+ * Install ``www-servers/uwsgi`` with ``USE=python``
+ * Copy /etc/conf.d/uwsgi to /etc/conf.d/uwsgi.okupy
+ * Put the following options in ``/etc/conf.d/uwsgi.okupy``::
+
+ UWSGI_SOCKET=/home/okupy/okupy.wsgi
+ UWSGI_LOG_FILE=/home/okupy/uwsgi.okupy.log
+ UWSGI_DIR=/home/okupy/identity.gentoo.org
+ UWSGI_USER=okupy
+ UWSGI_GROUP=okupy
+ # buffer-size is necessary to pass SSL certificates
+ UWSGI_EXTRA_OPTIONS='--buffer-size 65536 --plugins python27 --wsgi okupy.wsgi'
+
+ * Symlink ``/etc/init.d/uwsgi.okupy`` to ``/etc/init.d/uwsgi``, and start it::
+
+ ln -s /etc/init.d/uwsgi.okupy /etc/init.d/uwsgi
+ /etc/init.d/uwsgi.okupy start
+
+NGINX setup
+~~~~~~~~~~~
+* Install ``www-servers/nginx``::
+
+ emerge -av www-servers/nginx
+
+* Copy the server certificates and private keys to ``/etc/ssl/nginx/``
+* Concatenate all the allowed CA certificates for client auth::
+
+ cat /etc/ssl/* > /etc/ssl/nginx/all_certs.pem
+
+* Add the following options in ``/etc/nginx/nginx.conf``::
+
+ http {
+ ssl_session_cache shared:SSL:10m;
+
+ upstream okupy {
+ # connect to uWSGI
+ server unix:///home/okupy/okupy.wsgi;
+ }
+
+ server {
+ listen 0.0.0.0;
+ server_name identity.example.gr;
+
+ access_log /var/log/nginx/localhost.access_log main;
+ error_log /var/log/nginx/localhost.error_log info;
+
+ root /var/www/localhost/htdocs;
+
+ # redirect all http traffic to https://
+ location / {
+ rewrite ^ https://$http_HOST$request_uri permanent;
+ }
+ }
+
+ server {
+ listen 0.0.0.0:443;
+ server_name identity.example.gr;
+
+ ssl on;
+ # certificates for the main domain
+ ssl_certificate /etc/ssl/nginx/identity_example_gr_cacert.crt;
+ ssl_certificate_key /etc/ssl/nginx/identity_example_gr.key;
+ ssl_session_timeout 10m;
+
+ access_log /var/log/nginx/localhost.ssl_access_log main;
+ error_log /var/log/nginx/localhost.ssl_error_log info;
+
+ root /var/www/localhost/htdocs;
+
+ location /static {
+ alias /home/identity/identity.gentoo.org/static;
+ }
+
+ location / {
+ uwsgi_pass okupy;
+ include /etc/nginx/uwsgi_params;
+ }
+ }
+
+ server {
+ listen 0.0.0.0:443;
+ server_name auth.identity.example.gr;
+
+ ssl on;
+ # certificates for auth. subdomain
+ ssl_certificate /etc/ssl/nginx/auth_identity_example_gr_cacert.crt;
+ ssl_certificate_key /etc/ssl/nginx/auth_identity_example_gr.key;
+ ssl_client_certificate /etc/ssl/nginx/all_certs.pem;
+
+ # verify_client == ask for user certificate
+ ssl_session_timeout 30s;
+ ssl_verify_client optional;
+
+ access_log /var/log/nginx/localhost.ssl_access_log main;
+ error_log /var/log/nginx/localhost.ssl_error_log info;
+
+ root /var/www/localhost/htdocs;
+
+ location /static {
+ alias /home/identity/identity.gentoo.org/static;
+ }
+
+ location / {
+ uwsgi_pass okupy;
+ include /etc/nginx/uwsgi_params;
+
+ # pass certificate verification result
+ # and the certificate (so we could extract e-mails)
+ uwsgi_param SSL_CLIENT_VERIFY $ssl_client_verify;
+ uwsgi_param SSL_CLIENT_RAW_CERT $ssl_client_raw_cert;
+ }
+ }
+ }
+
+Additional
+----------
+
+virtualenv
+~~~~~~~~~~
+* Install virtualenv (replace the following command with an equivalent in case you are working in a non-Gentoo distro)::
+
+ emerge -av dev-python/virtualenv
+ virtualenv .virtualenv
+ source .virtualenv/bin/activate
+
+* The ``.virtualenv`` directory is already in ``.gitignore``, so please prefer this name.
+* The ``deactivate`` command will exit the virtual environment.
+
+memcached
+~~~~~~~~~
+* Copy ``/etc/conf.d/memcached`` to ``/etc/conf.d/memcached.okupy``::
+
+ cp /etc/conf.d/memcached /etc/conf.d/memcached.okupy
+
+* Symlink ``/etc/init.d/memcached.okupy`` to ``/etc/init.d/memcached``::
+
+ ln -s /etc/init.d/memcached /etc/init.d/memcached.okupy
+
+* Put the following data in ``/etc/conf.d/memcached.okupy``::
+
+ # The user that will be running okupy
+ MEMCACHED_RUNAS="okupy"
+ # disable TCP/IP
+ LISTENON=""
+ PORT=""
+ # enable UNIX socket (put correct path here as well)
+ MISC_OPTS="-s /home/okupy/memcached.sock"
+
+* Edit ``okupy/settings/local.py`` and put the same path in CACHES::
+
+ CACHES = {
+ 'default': {
+ 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
+ 'LOCATION': 'unix://home/okupy/memcached.sock',
+ }
+ }
+
+
+* Start memcached::
+
+ /etc/init.d/memcached.okupy start
+
+openLDAP
+~~~~~~~~
+
+.. note::
+ We have a testing instance on ldap://evidence.tamapkrap.gr
+ If you want to contribute, contact <okupy AT gentoo DOT org> to get the certificates and the rootDN credentials.
+
+* openLDAP Server
+
+ (TODO)
+
+* OpenLDAP client only
+
+ * Install OpenLDAP package::
+
+ USE="minimal" emerge -av openldap
+
+ * Put the certificates in ``/etc/openldap/ssl``
+ * Put the following content in ``/etc/openldap/ldap.conf``::
+
+ BASE dc=example, dc=gr
+ SIZELIMIT 0
+ TIMELIMIT 10
+ TLS_REQCERT demand
+ TLS_CACERT /etc/openldap/ssl/cacert.pem
+ TLS_CERT /etc/openldap/ssl/identity.example.gr.crt
+ TLS_KEY /etc/openldap/ssl/identity.example.gr.key
+ URI ldap://identity.example.gr
+
+ * In ``settings/local.py``::
+
+ AUTH_LDAP_SERVER_URI = 'ldap://identity.example.gr'
+ AUTH_LDAP_CONNECTION_OPTIONS = {
+ ldap.OPT_X_TLS_DEMAND: False,
+ }
+
+ AUTH_LDAP_BIND_DN =
+ AUTH_LDAP_BIND_PASSWORD =
+
+ AUTH_LDAP_ADMIN_BIND_DN = '(the rootDN you got from example)'
+ AUTH_LDAP_ADMIN_BIND_PASSWORD = '(the rootpw you got from example)'
+
+ AUTH_LDAP_USER_ATTR = 'uid'
+ AUTH_LDAP_USER_BASE_DN = 'ou=users,dc=example,dc=gr'
+
+ AUTH_LDAP_PERMIT_EMPTY_PASSWORD = False
+
+ AUTH_LDAP_START_TLS = True
+
+ # objectClasses that are used by any user
+ AUTH_LDAP_USER_OBJECTCLASS = ['top', 'person', 'organizationalPerson',
+ 'inetOrgPerson', 'posixAccount', 'shadowAccount', 'ldapPublicKey', 'gentooGroup']
+ # additional objectClasses that are used by developers
+ AUTH_LDAP_DEV_OBJECTCLASS = ['gentooDevGroup']
+
diff --git a/docs/source/getting_started/troubleshooting.rst b/docs/source/getting_started/troubleshooting.rst
new file mode 100644
index 0000000..b294efc
--- /dev/null
+++ b/docs/source/getting_started/troubleshooting.rst
@@ -0,0 +1,16 @@
+Troubleshooting
+===============
+In a python terminal::
+
+ import ldap
+ l = ldap.initialize('ldap://identity.example.gr')
+ l.start_tls_s()
+ l.simple_bind_s()
+ l.search_s('ou=users,dc=example,dc=gr', ldap.SCOPE_SUBTREE)
+
+In a ``./manage.py`` shell terminal::
+
+ from okupy.accounts.models import LDAPUser
+ users = LDAPUser.objects.all()
+ wolverine = LDAPUser.objects.get(username='wolverine')
+
diff --git a/docs/source/getting_started/workflow.rst b/docs/source/getting_started/workflow.rst
new file mode 100644
index 0000000..b59eefe
--- /dev/null
+++ b/docs/source/getting_started/workflow.rst
@@ -0,0 +1,99 @@
+Workflow
+========
+
+Commit and branches
+-------------------
+* Avoid creating new branches in the main repository, prefer to work on your fork instead.
+* Never commit anything to master.
+* Always submit a Pull Request instead.
+
+Pull Requests
+-------------
+* Pull Requests have to be reviewed by at least one other person and get his +1.
+* travis-ci will run the tests against a submitted Pull Request, needless to say they should pass.
+
+Tests
+-----
+Categories
+~~~~~~~~~~
+They are in ``okupy/tests`` directory, separated in four categories:
+
+* **Unit tests**: They test units. No http requests are allowed. They usually test models, forms, and custom classes/methods. They use django.test.unittest.
+* **Integration tests**: They mostly involve http requests using Client(). Usually they test views. They use django.test.unittest.
+* **Functional tests**: They usually test general functionality, as well as javascript. They work on a mocked up environment with no real database or LDAP server. They use selenium.
+* **Acceptance tests**: They test general functionality, also with selenium, but run against a real environment.
+
+Try to submit unit and/or integration tests along with your code.
+
+Running the tests
+~~~~~~~~~~~~~~~~~
+* The command to run the tests is::
+
+ python manage.py test --settings=okupy.tests.settings
+
+* There is a helper script in ``bin/`` directory::
+
+ bin/runtests -s
+
+Coverage report
+---------------
+* You need to emerge ``dev-python/coverage`` or ``pip install coverage``.
+* The command to run the tests then becomes::
+
+ coverage run manage.py test --settings=okupy.tests.settings
+
+* You need to run the following command then to get the report::
+
+ coverage report -m
+
+* Or by using the ``bin/runtests`` script, which will print the coverage report as well::
+
+ bin/runtests -s -c
+
+Flake8 report
+~~~~~~~~~~~~~
+* You need to ``emerge dev-python/flake8`` or ``pip install flake8``.
+* To run `flake8` the command is::
+
+ flake8 . --exclude=./okupy/tests/settings.py,./okupy/settings,setup.py
+
+* Using the ``bin/runtests`` script::
+
+ bin/runtests -s -f
+
+TDaemon
+~~~~~~~
+If you're working with TDD_, you could use ``dev-python/tdaemon``, which runs the tests every time a filesystem action is performed under your identity.g.o checked out directory.
+
+* In order to run it, cd to your local identity.g.o dir and run::
+
+ tdaemon -t django --custom-args="--settings=okupy.tests.settings
+
+* Using the bin/runtests script::
+
+ bin/runtests -s -t
+
+* To trigger a tdaemon test run::
+
+ bin/trigger_tdaemon_run
+
+.. _TDD: https://en.wikipedia.org/wiki/Test-driven_development
+
+Settings
+--------
+We split the settings file in the following modules:
+
+* **__init__.py**: Settings variables that are generic and static without depending if the environment is production or development.
+* **production.py**: Settings variables that are bound to production environment.
+* **development.py.sample**: Settings variables that are bound to development environment. They are provided through a sample file, since they could be different between various development environments.
+* **local.py.sample**: Settings variables that need clarification in any environment.
+
+Tests have their own settings file under ``okupy/tests/settings.py``
+
+External services
+~~~~~~~~~~~~~~~~~
+* travis-ci.org_: Runs the tests after every commit, and against every Pull Request
+* coveralls.io_: Gathers statistics about test coverage
+
+.. _travis-ci.org: https://travis-ci.org/
+.. _coveralls.io: https://coveralls.io/
diff --git a/docs/source/index.rst b/docs/source/index.rst
new file mode 100644
index 0000000..122ebe2
--- /dev/null
+++ b/docs/source/index.rst
@@ -0,0 +1,32 @@
+.. doccy documentation master file, created by
+ sphinx-quickstart on Wed Sep 4 23:53:22 2013.
+ You can adapt this file completely to your liking, but it should at least
+ contain the root `toctree` directive.
+
+Welcome to okupy's documentation!
+=================================
+
+**Gentoo Identity** (codename: Okupy) is a Django_ LDAP_ webUI and OpenID_ provider for the Gentoo_ Linux project. Okupy aims to allow Gentoo users and developers to configure easily their attributes from Gentoo’s LDAP server.
+
+.. _Django: http://www.djangoproject.com/
+.. _Gentoo: https://gentoo.org
+.. _LDAP: https://en.wikipedia.org/wiki/OpenLDAP
+.. _OpenID: http://openid.net/get-an-openid/what-is-openid/
+
+Contents:
+
+.. toctree::
+ :maxdepth: 2
+
+ getting_started/index
+ userguide/index
+ credits
+
+
+Indices and tables
+==================
+
+* :ref:`genindex`
+* :ref:`modindex`
+* :ref:`search`
+
diff --git a/docs/source/userguide/features.rst b/docs/source/userguide/features.rst
new file mode 100644
index 0000000..63eff3d
--- /dev/null
+++ b/docs/source/userguide/features.rst
@@ -0,0 +1,27 @@
+Features List
+=============
+
+List of all current available features.
+
+Web interface
+-------------
+
+Features in Identity web interface.
+
+Personal Information
+~~~~~~~~~~~~~~~~~~~~
+* View Personal LDAP Attributes
+* Edit Personal LDAP Attributes
+
+Lists
+~~~~~~~~~
+* Developers List
+* Former Developers List
+* Gentoo Foundation Members
+
+Authentication
+--------------
+* Classic Web Form Authentication
+* `One Time Password (OTP) <https://en.wikipedia.org/wiki/One-time_password>`_ - Two Factor Authentication
+* SSH Authentication
+* SSL Certificate Authentication
diff --git a/docs/source/userguide/index.rst b/docs/source/userguide/index.rst
new file mode 100644
index 0000000..3ef3097
--- /dev/null
+++ b/docs/source/userguide/index.rst
@@ -0,0 +1,8 @@
+User's guide
+===============
+
+.. toctree::
+ :maxdepth: 2
+
+ features
+ libraries
diff --git a/docs/source/userguide/libraries.rst b/docs/source/userguide/libraries.rst
new file mode 100644
index 0000000..449ff3b
--- /dev/null
+++ b/docs/source/userguide/libraries.rst
@@ -0,0 +1,90 @@
+Libraries
+=========
+
+Back-end
+--------
+
+Core
+~~~~
+* `Python <http://python.org/>`_:
+ An interpreted, interactive, object-oriented programming language
+* `Django <http://pypi.python.org/pypi/Django>`_:
+ High-level Python web framework
+
+
+Authentication & Security
+~~~~~~~~~~~~~~~~~~~~~~~~~
+
+* `django-otp <https://pypi.python.org/pypi/django-otp>`_:
+ A pluggable framework for adding two-factor authentication to Django using one-time passwords.
+* `paramiko <http://pypi.python.org/pypi/paramiko>`_:
+ SSH2 protocol library.
+* `passlib <http://code.google.com/p/passlib/>`_:
+ Password hashing framework supporting over 20 schemes.
+* `pycrypto <http://pypi.python.org/pypi/pycrypto>`_:
+ Python Cryptography Toolkit.
+* `pyOpenSSL <http://pypi.python.org/pypi/pyOpenSSL>`_:
+ Python Interface to the OpenSSL library.
+* `python-openid <http://pypi.python.org/pypi/python-openid>`_:
+ OpenID support for servers and consumers.
+
+LDAP
+~~~~
+
+* `django-auth-ldap <http://pypi.python.org/pypi/django-auth-ldap>`_:
+ Django LDAP authentication backend
+* `django-ldapdb <https://github.com/tampakrap/django-ldapdb@okupy>`_:
+ LDAP database backend for Django.
+* `python-ldap <http://pypi.python.org/pypi/python-ldap>`_:
+ Various LDAP-related Python modules
+
+Database
+~~~~~~~~
+
+* `SQLite3 <https://sqlite.org>`_:
+ SQLite: an SQL Database Engine in a C Library.
+
+Caching
+~~~~~~~
+
+* `django-compressor <http://pypi.python.org/pypi/django_compressor/>`_:
+ Allows to define regrouped/postcompiled content 'on the fly' inside of django template.
+* `python-memcached <http://pypi.python.org/pypi/python-memcached>`_:
+ Pure Python memcached client.
+
+Testing
+~~~~~~~
+
+* `django-discover-runner <https://pypi.python.org/pypi/django-discover-runner>`_:
+ A Django test runner based on unittest2's test discovery.
+* `mock <http://pypi.python.org/pypi/mock>`_:
+ A Python Mocking and Patching Library for Testing.
+* `mockldap <https://pypi.python.org/pypi/mockldap>`_:
+ A simple mock implementation of python-ldap.
+
+Various
+~~~~~~~
+
+* `pytz <http://pypi.python.org/pypi/pytz>`_:
+ World timezone definitions for Python.
+* `qrcode <https://pypi.python.org/pypi/qrcode/3.0>`_:
+ QR Code generator on top of PIL.
+
+Optional
+~~~~~~~~
+* `MySQL <http://pypi.python.org/pypi/MySQL-python>`_:
+ Python interface to MySQL.
+* `PostgreSQL <http://pypi.python.org/pypi/psycopg2>`_:
+ PostgreSQL database adapter for Python.
+
+Front-end
+---------
+CSS
+~~~
+* `Bootstrap <http://getbootstrap.com/>`_:
+ Sleek, intuitive, and powerful front-end framework for faster and easier web development.
+
+Javascript
+~~~~~~~~~~
+* `jQuery <http://jquery.com/>`_:
+ The jQuery JavaScript library.