% random=/dev/urandom gpg_options="-r $USER@ -r $SOME_OTHER_USER@" lib/tool/openssl/make etc/openssl/heureux-cyclage.org
% random=/dev/urandom gpg_options="-r $USER@ -r $SOME_OTHER_USER@" lib/tool/openssl/make etc/openssl/*.heureux-cyclage.org
% lib/tool/openssl/check etc/openssl/*
+TASK: gérer gitolite
+ % cd etc/gitolite
+ % vim conf/gitolite.conf
+ % git commit
+ % ../../vm_remote gitolite_push
- bind9/nsd (DNS auth) : configurer
- ferm/shorewall (pare-feu) : configurer
- agendav
+- sympa
+- openerp : runit + squelette
+- gitolite : rationalisation des adresses de notification dans hooks.mailinglist
-Subproject commit dd0f4ab2b20259d1e280760d31dd78285b7cc329
+Subproject commit d1e9e89a11de56575f61e71923446d024989a7b8
listen 443;
include /etc/nginx/conf.d/ssl.conf;
-ssl_certificate /etc/nginx/x509.d/lhc-git-tls/crt.pem;
-ssl_certificate_key /etc/nginx/x509.d/lhc-git-tls/key.pem;
+ssl_certificate /etc/nginx/x509.d/gitweb-tls/crt.pem;
+ssl_certificate_key /etc/nginx/x509.d/gitweb-tls/key.pem;
ssl_session_timeout 5m;
deny all;
log_not_found off;
}
-location ~ ^.*\.git/objects/([0-9a-f]+/[0-9a-f]+|pack/pack-[0-9a-f]+.(pack|idx)) {
- # NOTE: static repo files for cloning over HTTP
- root /home/git/pub;
- }
-location ~ ^.*\.git/(HEAD|info/refs|objects/info/.*|git-(upload|receive)-pack)$ {
- # NOTE: requests that need to go to git-http-backend
- root /home/git/pub;
- include /etc/nginx/conf.d/fastcgi.conf;
- fastcgi_param GIT_HTTP_EXPORT_ALL "";
- fastcgi_param GIT_PROJECT_ROOT /home/git/pub;
- fastcgi_param PATH_INFO $uri;
- fastcgi_param REMOTE_USER $remote_user;
- fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend;
- }
+# NOTE: commenté car exporte tous les dépôts indistinctement
+#location ~ ^.*\.git/(HEAD|info/refs|objects/info/.*|git-(upload|receive)-pack)$ {
+# # NOTE: requests that need to go to git-http-backend
+# root /home/git/pub;
+# fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend;
+# include /etc/nginx/conf.d/fastcgi.conf;
+# fastcgi_param GIT_HTTP_EXPORT_ALL "";
+# fastcgi_param GIT_PROJECT_ROOT /home/git/pub;
+# fastcgi_param PATH_INFO $uri;
+# fastcgi_pass unix:/run/spawn-fcgi/gitweb;
+# }
+#location ~ ^.*\.git/objects/([0-9a-f]+/[0-9a-f]+|pack/pack-[0-9a-f]+.(pack|idx)) {
+# # NOTE: static repo files for cloning over HTTP
+# root /home/git/pub;
+# }
location @gitweb {
root /usr/share/gitweb;
fastcgi_param SCRIPT_FILENAME /usr/share/gitweb/gitweb.cgi;
sudo install -d -m 2770 -o wiki-"$site" -g wiki-"$site" \
/home/lhc/var/ikiwiki/remorque
sudo install -d -m 2750 -o wiki-"$site" -g git \
- /home/git/hooks/remorque
+ /home/git/hooks/lhc \
+ /home/git/hooks/lhc/remorque
sudo install -m 3771 -o git -g git /dev/stdin \
- /home/git/pub/remorqueatelier.git/hooks/post-update <<-EOF
+ /home/git/pub/lhc/remorque.git/hooks/post-update <<-EOF
#!/bin/sh -efux
# The cd below is why we must use this script.
# "E: Failed to change to directory '...': Permission denied"
cd /
- exec /home/git/hooks/remorque/post-update.ikiwiki
+ exec /home/git/hooks/lhc/remorque/post-update.ikiwiki
EOF
if sudo test -d /home/lhc/var/ikiwiki/remorque/.git
else
sudo -u wiki-"$site" \
git clone \
- git@localhost:remorqueatelier \
+ git@localhost:lhc/remorque \
/home/lhc/var/ikiwiki/remorque/git
set +f
sudo mv -i \
#!/usr/bin/perl
use IkiWiki::Setup::Standard {
- wikiname => 'Remorque Atelier',
+ wikiname => 'Remorque',
adminemail => 'admin+lhc-remorque@heureux-cyclage.org',
adminuser => [qw{
julm
#prefsurl => "https://$ENV{site}/cgi/ikiwiki.cgi",
#cgi_wrapper => 'cgi/ikiwiki.cgi',
#cgi_wrappermode => '02750',
- cgiauthurl => "https://remorque.heureux-cyclage.org/auth/cgi/ikiwiki.cgi",
- httpauth_pagespec => '!*/Discussion and !tmp',
- anonok_pagespec => '*/Discussion or tmp',
- locked_pages => '(user(git) and * and !*/Discussion and !tmp) and !*/Discussion',
+ cgiauthurl => "https://remorque.heureux-cyclage.org/cgi/ikiwiki.cgi",
+ #httpauth_pagespec => '!*/discussion and !tmp',
+ #anonok_pagespec => '*/discussion or tmp',
+ locked_pages => '(user(git) and * and !*/discussion and !tmp) and !*/discussion',
rcs => "git",
- historyurl => "/git/?p=remorqueatelier.git;a=history;f=[[file]]",
- diffurl => "/git/?p=remorqueatelier.git;a=blobdiff;f=[[file]];h=[[sha1_to]];hp=[[sha1_from]];hb=[[sha1_commit]];hpb=[[sha1_parent]]",
+ #historyurl => "/git/?p=lhc/remorque.git;a=history;f=[[file]]",
+ #diffurl => "/git/?p=lhc/remorque.git;a=blobdiff;f=[[file]];h=[[sha1_to]];hp=[[sha1_from]];hb=[[sha1_commit]];hpb=[[sha1_parent]]",
gitorigin_branch => "origin",
gitmaster_branch => "master",
wrappers => [
, wrappermode => "00750"
}
, { post_commit => 1
- , wrapper => "/home/git/hooks/remorque/post-update.ikiwiki"
+ , wrapper => "/home/git/hooks/lhc/remorque/post-update.ikiwiki"
, wrappermode => "06750"
, wrapper_background_command => ""
}
# , { post_commit => 1
- # , wrapper => "/home/git/pub/remorqueatelier/hooks/post-receive.iki"
+ # , wrapper => "/home/git/pub/lhc/remorque/hooks/post-receive.iki"
# , wrappermode => "06750"
# , wrapper_background_command => ""
# }
# , { test_receive => 1
- # , wrapper => "/home/git/pub/remorqueatelier.git/hooks/pre-receive.iki"
+ # , wrapper => "/home/git/pub/lhc/remorque.git/hooks/pre-receive.iki"
# , wrappermode => "06750"
# }
],
prefix_directives => 1,
indexpages => 0,
discussion => 1,
- discussionpage => 'Discussion',
+ discussionpage => 'discussion',
html5 => 0,
sslcookie => 1,
default_pageext => 'mdwn',
hardlink => 0,
umask => 002,
#wrappergroup => 'ikiwiki',
- #libdir => '/home/lhc/var/ikiwiki/remorqueatelier/.ikiwiki',
+ #libdir => '/home/lhc/var/ikiwiki/lhc/remorque/.ikiwiki',
libdir => '',
ENV => {},
#include => '^\\.htaccess$',
#wiki_file_chars => '-[:alnum:]+/.:_@’()&',
wiki_file_chars => '-[:alnum:]+/.:_',
allow_symlinks_before_srcdir => 1,
- #htmlscrubber_skip => '!*/Discussion',
+ #htmlscrubber_skip => '!*/discussion',
#rss => 0,
atom => 1,
#allowrss => 0,
#openid_realm => '',
#openid_cgiurl => '',
#openidsignup => 'http://myopenid.com/',
- account_creation_password => 'w3_sh411_0v3rc0m3',
+ #account_creation_password => 'w3_sh411_0v3rc0m3',
password_cost => 8,
#tohighlight => '.c .h .cpp .pl .py Makefile:make',
#multimarkdown => 0,
# or (mimetype(application/pdf) and maxsize(2mb)
# )',
#virus_checker => 'clamdscan -',
- #comments_pagespec => 'blog/* and !*/Discussion',
+ #comments_pagespec => 'blog/* and !*/discussion',
#comments_closed_pagespec => 'blog/controversial or blog/flamewar',
#comments_pagename => '',
#comments_allowdirectives => 0,
#getsource_mimetype => 'text/plain; charset=utf-8',
#mirrorlist => {},
repositories =>
- [ "git://git.heureux-cyclage.org/remorqueatelier.git"
- , "git\@git.heureux-cyclage.org:remorqueatelier.git"
+ [ "git://git.heureux-cyclage.org/lhc/remorque.git"
+ , "git\@git.heureux-cyclage.org:lhc/remorque.git"
],
omega_cgi => '/usr/lib/cgi-bin/omega/omega',
search_pagespec => '* and !recentchanges/*',
#websetup_unsafe => [],
#websetup_show_unsafe => 1,
#archivebase => 'archives',
- #archive_pagespec => 'posts/* and !*/Discussion',
+ #archive_pagespec => 'posts/* and !*/discussion',
#directive_description_dir => 'ikiwiki/directive',
#teximg_dvipng => '',
#teximg_prefix => '\\documentclass{article}
--disabled-login \
--disabled-password \
--group \
- --home /home/git/pub \
+ --home /home/git/daemon \
--shell /bin/false \
--system
rule adduser log-git-daemon\
sudo adduser log-git log-git-daemon
sudo install -d -m 770 -o log-"$sv" -g log-"$sv" \
/home/git/log/"$sv"
+sudo install -d -m 770 -o git -g "$sv" \
+ /home/git/daemon
+sudo ln -fns \
+ ../pub \
+ /home/git/daemon/git.$vm_domainname
exec /usr/bin/chpst \
-u "$sv":"$sv":git-data \
/usr/lib/git-core/git-daemon \
- --base-path="$home" \
- --interpolated-path=/home/git/srv/%H%D \
+ --interpolated-path="$home"/%H%D \
--reuseaddr \
--user-path=pub/git \
- --verbose \
- -- \
- "$home"
+ --verbose
sudo install -d -m 770 -o log-fcgi-"$sv" -g log-fcgi-"$sv" \
/home/www/log/"$sv"/spawn-fcgi
sudo install -d -m 2750 -o git -g fcgi-"$sv" \
- /etc/gitweb \
- /etc/gitweb/cgi
+ /etc/gitweb
sudo ln -fns /etc/gitweb /home/git/etc/gitweb
sudo install -m 400 -o fcgi-"$sv" -g fcgi-"$sv" /dev/stdin \
- /home/git/etc/gitweb/gitweb.conf <<-EOF
+ /etc/gitweb/gitweb.conf <<-EOF
\$commit_oneline_message_width = 70;
- \$default_projects_order = 'age';
+ \$default_projects_order = 'project';
\$default_text_plain_charset = 'UTF-8';
@diff_opts = ();
\$favicon = "static/git-favicon.png";
+ \$feature{'highlight'}{'default'} = [1];
\$git_temp = "/run/shm/tmp/gitweb";
- \$home_footer = "/etc/gitweb/cgi/home-footer.cgi.inc";
- \$home_header = "/etc/gitweb/cgi/home-header.cgi.inc";
+ \$home_text = "/etc/gitweb/home_text.html";
\$home_link = "/";
\$home_link_str = 'dépôts';
\$home_th_age = 'activité';
\$projects_list_description_width = 42;
\$projects_list_owner_width = 15;
\$search_str = "Filtre :";
- \$site_footer = "/etc/gitweb/cgi/site-footer.bin";
- \$site_header = undef;
+ \$site_footer = "/etc/gitweb/site_footer.html";
+ \$site_header = "/etc/gitweb/site_header.html";
\$site_name = "git.$vm_domainname";
- \$space_to_nbsp = 0;
@stylesheets = ("static/gitweb.css");#
- \$untabify_tabstop = 2;
+ EOF
+sudo install -m 400 -o fcgi-"$sv" -g fcgi-"$sv" /dev/stdin \
+ /etc/gitweb/home_text.html <<-EOF
+ <h2>Forge logicielle publique de l'Heureux Cyclage</h2>
+ <p>Pour récupérer un dépôt public :</p>
+ <pre>git clone git://git.heureux-cyclage.org/<projet></pre>
EOF
\$GL_CONF = "\$GL_ADMINDIR/conf/gitolite.conf";
\$GL_CONF_COMPILED = "\$GL_ADMINDIR/conf/gitolite.conf.pm";
#\$GL_GET_MEMBERSHIPS_PGM = "/usr/local/bin/expand-ldap-user-to-groups"
- \$GL_GITCONFIG_KEYS = "hooks\\..* repo\\..*";
+ \$GL_GITCONFIG_KEYS = "gitweb\\..* hooks\\..*";
#\$GL_HOSTNAME = "git.$vm_domainname";
# NOTE: read doc/mirroring.mkd COMPLETELY before setting this.
#\$GL_HTTP_ANON_USER = "mob";
#!/bin/sh
set -e -f ${DRY_RUN:+-n} -u
-tool=$(cd "${0%/*}"; cd -)
+tool=$0
+while test -L "$tool"
+ do tool=$(readlink "$tool")
+ done
+tool=${tool%/*}
. "$tool"/lib/rule.sh
. "$tool"/etc/vm.sh
do conf=${conf#"$tool"/etc/nginx/site.d/}
local site=${conf%/key_send}
rule _x509_site_key_decrypt \
- "$(cat "$tool"/etc/apache2/site.d/"$site"/key_send)" |
+ "$(cat "$tool"/etc/apache2/site.d/"$site"/x509_host)" |
rule ssh -l root ' \
sudo install -d -m 770 -o '"$user"' -g '"$user"' \
/etc/apache2 \
for conf in "$tool"/etc/nginx/site.d/*/site.conf
do conf=${conf#"$tool"/etc/nginx/site.d/}
local site="${conf%/site.conf}"
- if test -f "$tool"/etc/nginx/site.d/"$site"/key_send
+ if test -f "$tool"/etc/nginx/site.d/"$site"/x509_host
then
rule _x509_site_key_decrypt \
- "$(cat "$tool"/etc/nginx/site.d/"$site"/key_send)" |
+ "$(cat "$tool"/etc/nginx/site.d/"$site"/x509_host)" |
rule ssh -l root ' \
sudo install -d -m 770 -o root -g root \
/etc/nginx \