From b7595a000cae850e0702938336ce116376bc7d67 Mon Sep 17 00:00:00 2001 From: Julien Moutinho Date: Thu, 21 Mar 2013 22:59:04 +0100 Subject: [PATCH] Ajout : vm_hosted : lhc-remorque . --- etc/gitolite | 2 +- etc/init.d/tmpfs | 3 + etc/nginx/conf.d/fastcgi.conf | 3 - etc/nginx/nginx.conf | 4 +- .../{lhc-git-tls => gitweb-tls}/configure.sh | 2 +- .../{lhc-git-tls => gitweb-tls}/local.conf | 1 + etc/nginx/site.d/gitweb-tls/remote.sh | 0 etc/nginx/site.d/gitweb-tls/site.conf | 1 + .../key_send => gitweb-tls/x509_host} | 0 etc/nginx/site.d/gitweb/configure.sh | 39 ++++ .../site.d/{lhc-git => gitweb}/local.conf | 0 .../site.d/{lhc-git => gitweb}/site.conf | 11 +- etc/nginx/site.d/lhc-git-tls/site.conf | 1 - etc/nginx/site.d/lhc-git/configure.sh | 4 - etc/nginx/site.d/lhc-remorque/configure.sh | 78 +++++++ etc/nginx/site.d/lhc-remorque/ikiwiki.setup | 219 ++++++++++++++++++ etc/nginx/site.d/lhc-remorque/local.conf | 1 + etc/nginx/site.d/lhc-remorque/remote.sh | 22 ++ etc/nginx/site.d/lhc-remorque/site.conf | 24 ++ etc/nginx/site.d/lhc-www-tls/configure.sh | 2 +- .../lhc-www-tls/{key_send => x509_host} | 0 etc/nginx/site.d/lhc-www/site.conf | 4 +- etc/php5/fpm/pool.d/lhc-git.conf | 11 - etc/sv/git-daemon/configure | 1 - etc/sv/git-daemon/configure.sh | 19 ++ etc/sv/git-daemon/log/run | 12 +- etc/sv/git-daemon/run | 12 +- etc/sv/gitweb/configure.sh | 19 ++ etc/sv/gitweb/log/run | 7 + etc/sv/gitweb/run | 14 ++ etc/sv/lhc-remorque/configure.sh | 17 ++ etc/sv/lhc-remorque/log/run | 7 + etc/sv/lhc-remorque/run | 14 ++ etc/sv/mysql/run | 10 +- var/pub/ssh/wiki-lhc-remorque.key | 1 + vm_hosted | 160 +++++-------- vm_remote | 44 ++-- 37 files changed, 606 insertions(+), 163 deletions(-) rename etc/nginx/site.d/{lhc-git-tls => gitweb-tls}/configure.sh (85%) rename etc/nginx/site.d/{lhc-git-tls => gitweb-tls}/local.conf (87%) create mode 100644 etc/nginx/site.d/gitweb-tls/remote.sh create mode 120000 etc/nginx/site.d/gitweb-tls/site.conf rename etc/nginx/site.d/{lhc-git-tls/key_send => gitweb-tls/x509_host} (100%) create mode 100644 etc/nginx/site.d/gitweb/configure.sh rename etc/nginx/site.d/{lhc-git => gitweb}/local.conf (100%) rename etc/nginx/site.d/{lhc-git => gitweb}/site.conf (88%) delete mode 120000 etc/nginx/site.d/lhc-git-tls/site.conf delete mode 100644 etc/nginx/site.d/lhc-git/configure.sh create mode 100644 etc/nginx/site.d/lhc-remorque/configure.sh create mode 100644 etc/nginx/site.d/lhc-remorque/ikiwiki.setup create mode 100644 etc/nginx/site.d/lhc-remorque/local.conf create mode 100644 etc/nginx/site.d/lhc-remorque/remote.sh create mode 100644 etc/nginx/site.d/lhc-remorque/site.conf rename etc/nginx/site.d/lhc-www-tls/{key_send => x509_host} (100%) delete mode 100644 etc/php5/fpm/pool.d/lhc-git.conf delete mode 100755 etc/sv/git-daemon/configure create mode 100644 etc/sv/git-daemon/configure.sh create mode 100644 etc/sv/gitweb/configure.sh create mode 100755 etc/sv/gitweb/log/run create mode 100755 etc/sv/gitweb/run create mode 100644 etc/sv/lhc-remorque/configure.sh create mode 100755 etc/sv/lhc-remorque/log/run create mode 100755 etc/sv/lhc-remorque/run create mode 100644 var/pub/ssh/wiki-lhc-remorque.key diff --git a/etc/gitolite b/etc/gitolite index 3f7a2f4..dd0f4ab 160000 --- a/etc/gitolite +++ b/etc/gitolite @@ -1 +1 @@ -Subproject commit 3f7a2f4e12a66d9444e507c21e21f9acc5bed3f5 +Subproject commit dd0f4ab2b20259d1e280760d31dd78285b7cc329 diff --git a/etc/init.d/tmpfs b/etc/init.d/tmpfs index df392b8..22bc883 100755 --- a/etc/init.d/tmpfs +++ b/etc/init.d/tmpfs @@ -49,6 +49,9 @@ do_start() { ! getent passwd gitweb >/dev/null || sudo install -d -m 770 -o gitweb -g gitweb \ /run/tmp/gitweb + + sudo install -d -m 1771 -o root -g root \ + /run/spawn-fcgi fi ES=$? diff --git a/etc/nginx/conf.d/fastcgi.conf b/etc/nginx/conf.d/fastcgi.conf index c7a736d..cf1f70e 100644 --- a/etc/nginx/conf.d/fastcgi.conf +++ b/etc/nginx/conf.d/fastcgi.conf @@ -4,7 +4,6 @@ fastcgi_buffers 4 256k; fastcgi_busy_buffers_size 256k; fastcgi_connect_timeout 60; fastcgi_ignore_client_abort off; -fastcgi_index index.php; fastcgi_intercept_errors on; fastcgi_param CONTENT_LENGTH $content_length; fastcgi_param CONTENT_TYPE $content_type; @@ -31,5 +30,3 @@ fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; fastcgi_read_timeout 180; fastcgi_send_timeout 180; fastcgi_temp_file_write_size 256k; -fastcgi_param REDIRECT_STATUS 200; - # NOTE: PHP only, required if PHP was built with --enable-force-cgi-redirect diff --git a/etc/nginx/nginx.conf b/etc/nginx/nginx.conf index f8d0328..b87bf14 100644 --- a/etc/nginx/nginx.conf +++ b/etc/nginx/nginx.conf @@ -9,9 +9,7 @@ http { log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for" nocache:$no_cache document_root:$document_root' - ' fastcgi_script_name:$fastcgi_script_name' - ' request_filename:$request_filename'; + '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main buffer=32k; client_body_buffer_size 4K; # NOTE: % getconf PAGESIZE diff --git a/etc/nginx/site.d/lhc-git-tls/configure.sh b/etc/nginx/site.d/gitweb-tls/configure.sh similarity index 85% rename from etc/nginx/site.d/lhc-git-tls/configure.sh rename to etc/nginx/site.d/gitweb-tls/configure.sh index 88f45be..4756a57 100644 --- a/etc/nginx/site.d/lhc-git-tls/configure.sh +++ b/etc/nginx/site.d/gitweb-tls/configure.sh @@ -1,6 +1,6 @@ #!/bin/sh set -e -f -u -x -local hint="run vm_remote nginx_key_send before" +local hint="run vm_remote nginx_configure before" assert "sudo test -f /etc/nginx/x509.d/\"$site\"/key.pem" hint sudo install -m 664 -o www -g www \ "$tool"/var/pub/x509/git.heureux-cyclage.org/crt+ca.pem \ diff --git a/etc/nginx/site.d/lhc-git-tls/local.conf b/etc/nginx/site.d/gitweb-tls/local.conf similarity index 87% rename from etc/nginx/site.d/lhc-git-tls/local.conf rename to etc/nginx/site.d/gitweb-tls/local.conf index 4b65307..01c1542 100644 --- a/etc/nginx/site.d/lhc-git-tls/local.conf +++ b/etc/nginx/site.d/gitweb-tls/local.conf @@ -2,3 +2,4 @@ listen 443; include /etc/nginx/conf.d/ssl.conf; ssl_certificate /etc/nginx/x509.d/lhc-git-tls/crt.pem; ssl_certificate_key /etc/nginx/x509.d/lhc-git-tls/key.pem; +ssl_session_timeout 5m; diff --git a/etc/nginx/site.d/gitweb-tls/remote.sh b/etc/nginx/site.d/gitweb-tls/remote.sh new file mode 100644 index 0000000..e69de29 diff --git a/etc/nginx/site.d/gitweb-tls/site.conf b/etc/nginx/site.d/gitweb-tls/site.conf new file mode 120000 index 0000000..cedc372 --- /dev/null +++ b/etc/nginx/site.d/gitweb-tls/site.conf @@ -0,0 +1 @@ +../gitweb/site.conf \ No newline at end of file diff --git a/etc/nginx/site.d/lhc-git-tls/key_send b/etc/nginx/site.d/gitweb-tls/x509_host similarity index 100% rename from etc/nginx/site.d/lhc-git-tls/key_send rename to etc/nginx/site.d/gitweb-tls/x509_host diff --git a/etc/nginx/site.d/gitweb/configure.sh b/etc/nginx/site.d/gitweb/configure.sh new file mode 100644 index 0000000..3e1e949 --- /dev/null +++ b/etc/nginx/site.d/gitweb/configure.sh @@ -0,0 +1,39 @@ +rule apt_get_install gitweb highlight + +sudo ln -fns /etc/gitweb /home/git/etc/gitweb +sudo install -d -m 550 -o www-"$site" -g www-"$site" \ + /etc/gitweb \ + /etc/gitweb/cgi +sudo install -m 740 -o git -g www-"$site" /dev/stdin \ + /home/git/etc/gitweb/gitweb.conf <<-EOF + \$commit_oneline_message_width = 70; + \$default_projects_order = 'age'; + \$default_text_plain_charset = 'UTF-8'; + @diff_opts = (); + \$favicon = "img/git-favicon.png"; + \$git_temp = "/run/shm/tmp/gitweb"; + \$home_footer = "/etc/gitweb/cgi/home-footer.cgi.inc"; + \$home_header = "/etc/gitweb/cgi/home-header.cgi.inc"; + \$home_link = "/"; + \$home_link_str = 'dépôts'; + \$home_th_age = 'activité'; + \$home_th_descr = 'description'; + \$home_th_owner = 'contact'; + \$home_th_project = 'dépôt'; + \$javascript = "js/gitweb.js"; + \$logo = "img/git-logo.png"; + \$my_uri = ""; + \$projectroot = "../git"; + \$projects_list = "/etc/gitolite/projects.list"; + \$projects_list_description_width = 42; + \$projects_list_owner_width = 15; + \$search_str = "Filtre :"; + \$site_footer = "/etc/gitweb/cgi/site-footer.bin"; + \$site_header = undef; + \$site_name = "git.$vm_domainname"; + \$space_to_nbsp = 0; + @stylesheets = ("css/gitweb.css");# + \$untabify_tabstop = 2; + EOF +sudo adduser www-data git-data +sudo adduser www-"$site"-tls www-"$site" diff --git a/etc/nginx/site.d/lhc-git/local.conf b/etc/nginx/site.d/gitweb/local.conf similarity index 100% rename from etc/nginx/site.d/lhc-git/local.conf rename to etc/nginx/site.d/gitweb/local.conf diff --git a/etc/nginx/site.d/lhc-git/site.conf b/etc/nginx/site.d/gitweb/site.conf similarity index 88% rename from etc/nginx/site.d/lhc-git/site.conf rename to etc/nginx/site.d/gitweb/site.conf index 930d973..f15b046 100644 --- a/etc/nginx/site.d/lhc-git/site.conf +++ b/etc/nginx/site.d/gitweb/site.conf @@ -3,7 +3,7 @@ server_name git.heureux-cyclage.org; client_body_buffer_size 8k; client_max_body_size 10m; location / { - index index.html index.htm index.php; + index index.html; root /usr/share/gitweb; } location ~* ^.+.(css|gif|html|ico|jpeg|js|jpg|png|txt|xml)$ { @@ -25,7 +25,7 @@ location ~ ^.*\.git/(HEAD|info/refs|objects/info/.*|git-(upload|receive)-pack)$ root /home/git/pub; include /etc/nginx/conf.d/fastcgi.conf; fastcgi_param GIT_HTTP_EXPORT_ALL ""; - fastcgi_param GIT_PROJECT_ROOT /home/git/pub/git; + fastcgi_param GIT_PROJECT_ROOT /home/git/pub; fastcgi_param PATH_INFO $uri; fastcgi_param REMOTE_USER $remote_user; fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend; @@ -55,15 +55,16 @@ location @gitweb { fastcgi_no_cache $no_cache; fastcgi_param GITWEB_CONFIG /etc/gitweb/gitweb.conf; fastcgi_param PATH_INFO $uri; + fastcgi_param REDIRECT_STATUS 200; + # NOTE: PHP only, required if PHP was built with --enable-force-cgi-redirect fastcgi_param SCRIPT_FILENAME /usr/share/gitweb/gitweb.cgi; fastcgi_pass_header Cookie; fastcgi_pass_header Set-Cookie; - fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_split_path_info ^(.+\.cgi)(/.+)$; - fastcgi_pass unix:/run/php5/fpm/gitweb; + fastcgi_pass unix:/run/spawn-fcgi/gitweb; } -ssl_session_timeout 5m; try_files $uri @gitweb; # NOTE: send anything else to gitweb if it's not a real file diff --git a/etc/nginx/site.d/lhc-git-tls/site.conf b/etc/nginx/site.d/lhc-git-tls/site.conf deleted file mode 120000 index accacc0..0000000 --- a/etc/nginx/site.d/lhc-git-tls/site.conf +++ /dev/null @@ -1 +0,0 @@ -../lhc-git/site.conf \ No newline at end of file diff --git a/etc/nginx/site.d/lhc-git/configure.sh b/etc/nginx/site.d/lhc-git/configure.sh deleted file mode 100644 index 6983926..0000000 --- a/etc/nginx/site.d/lhc-git/configure.sh +++ /dev/null @@ -1,4 +0,0 @@ -sudo adduser php5-lhc-git www-"$site" -sudo adduser php5-lhc-git git-data -sudo adduser www-data git-data -sudo adduser www-"$site"-tls www-"$site" diff --git a/etc/nginx/site.d/lhc-remorque/configure.sh b/etc/nginx/site.d/lhc-remorque/configure.sh new file mode 100644 index 0000000..59645ad --- /dev/null +++ b/etc/nginx/site.d/lhc-remorque/configure.sh @@ -0,0 +1,78 @@ +local hint="run vm_remote nginx_configure before" +assert "sudo getent passwd wiki-\"$site\" >/dev/null" hint +assert "sudo test -f ~wiki-$site/etc/ssh/id_rsa" hint + +rule apt_get_install ikiwiki \ + libsearch-xapian-perl + +rule adduser fcgi-"$site" \ + --disabled-login \ + --disabled-password \ + --group \ + --home /home/www/pub/"$site" \ + --shell /bin/false \ + --system +rule adduser www-"$site" \ + --disabled-login \ + --disabled-password \ + --group \ + --home /home/www/pub/"$site" \ + --shell /bin/false \ + --system +sudo adduser fcgi-"$site" www-"$site" +sudo adduser fcgi-"$site" wiki-"$site" +#sudo adduser www-"$site"-tls www-"$site" +sudo install -d -m 2770 -o wiki-"$site" -g wiki-"$site" \ + /home/lhc/var/ikiwiki/remorque + +sudo install -d -m 2770 -o wiki-"$site" -g wiki-"$site" \ + /home/lhc/var/ikiwiki/remorque +sudo install -d -m 2750 -o wiki-"$site" -g git \ + /home/git/hooks/remorque +sudo install -m 3771 -o git -g git /dev/stdin \ + /home/git/pub/remorqueatelier.git/hooks/post-update <<-EOF + #!/bin/sh -efux + + # The cd below is why we must use this script. + # The current directory may not be accessible + # by the user running the ikiwiki. + # the execution of the ikiwiki wrapper would fail with : + # "E: Failed to change to directory '...': Permission denied" + cd / + + exec /home/git/hooks/remorque/post-update.ikiwiki + EOF + +if test -d /home/lhc/var/ikiwiki/remorque/.git + then sudo -u wiki-"$site" \ + sh -c 'cd /home/lhc/var/ikiwiki/remorque && git pull -v' + else + ( + eval cd ~wiki-"$site" + set +f + sudo -u wiki-"$site" \ + git clone \ + git@localhost:remorqueatelier \ + /home/lhc/var/ikiwiki/remorque/git + sudo mv -i \ + /home/lhc/var/ikiwiki/remorque/git/.git* \ + /home/lhc/var/ikiwiki/remorque/git/* \ + /home/lhc/var/ikiwiki/remorque/ + ) + sudo rmdir /home/lhc/var/ikiwiki/remorque/git + fi + +sudo install -m 400 -o wiki-"$site" -g wiki-"$site" \ + "$tool"/etc/nginx/site.d/"$site"/ikiwiki.setup \ + /home/lhc/var/ikiwiki/remorque/etc/ikiwiki.setup +eval cd ~wiki-"$site" +sudo adduser wiki-"$site" www-"$site" + +sudo install -d -m 2770 -o wiki-"$site" -g fcgi-"$site" \ + /home/www/pub/"$site"/cgi + +sudo -u wiki-"$site" ikiwiki \ + --verbose \ + --setup /home/lhc/var/ikiwiki/remorque/etc/ikiwiki.setup \ + --refresh \ + --wrappers diff --git a/etc/nginx/site.d/lhc-remorque/ikiwiki.setup b/etc/nginx/site.d/lhc-remorque/ikiwiki.setup new file mode 100644 index 0000000..d5645a8 --- /dev/null +++ b/etc/nginx/site.d/lhc-remorque/ikiwiki.setup @@ -0,0 +1,219 @@ +#!/usr/bin/perl + +use IkiWiki::Setup::Standard { + wikiname => 'Remorque Atelier', + adminemail => 'admin+lhc-remorque@heureux-cyclage.org', + adminuser => [qw{ + julm + lchevalier + }], + banned_users => [], + srcdir => "/home/lhc/var/ikiwiki/remorque", + destdir => "/home/www/pub/lhc-remorque", + #templatedir => "/home/lhc/var/ikiwiki/remorque/tmpl", + templatedir => '/usr/share/ikiwiki/templates', + underlaydir => '/usr/share/ikiwiki/basewiki', + url => '/', + cgiurl => '/cgi/ikiwiki.cgi', + #prefsurl => "https://$ENV{site}/cgi/ikiwiki.cgi", + #cgi_wrapper => 'cgi/ikiwiki.cgi', + #cgi_wrappermode => '02750', + cgiauthurl => "https://remorque.heureux-cyclage.org/auth/cgi/ikiwiki.cgi", + httpauth_pagespec => '!*/Discussion and !tmp', + anonok_pagespec => '*/Discussion or tmp', + locked_pages => '(user(git) and * and !*/Discussion and !tmp) and !*/Discussion', + rcs => "git", + historyurl => "/git/?p=remorqueatelier.git;a=history;f=[[file]]", + diffurl => "/git/?p=remorqueatelier.git;a=blobdiff;f=[[file]];h=[[sha1_to]];hp=[[sha1_from]];hb=[[sha1_commit]];hpb=[[sha1_parent]]", + gitorigin_branch => "origin", + gitmaster_branch => "master", + wrappers => [ + { cgi => 1 + , wrapper => "/home/www/pub/lhc-remorque/cgi/ikiwiki.cgi" + , wrappermode => "00750" + } + , { post_commit => 1 + , wrapper => "/home/git/hooks/remorque/post-update.ikiwiki" + , wrappermode => "06750" + , wrapper_background_command => "" + } + # , { post_commit => 1 + # , wrapper => "/home/git/pub/remorqueatelier/hooks/post-receive.iki" + # , wrappermode => "06750" + # , wrapper_background_command => "" + # } + # , { test_receive => 1 + # , wrapper => "/home/git/pub/remorqueatelier.git/hooks/pre-receive.iki" + # , wrappermode => "06750" + # } + ], + #untrusted_committers => undef, + add_plugins => [qw{ + 404 + attachment + brokenlinks + cutpaste + editdiff + favicon + htmlscrubber + httpauth + img + inline + link + lockedit + map + orphans + pagecount + pagestats + progress + recentchanges + recentchangesdiff + remove + rename + repolist + search + sidebar + table + tag + template + toc + }], + disable_plugins => [qw{ + anonok + httpauth + mail + more + openid + passwordauth + rename + shortcut + signinedit + toggle + }], + verbose => 1, + #syslog => 1, + usedirs => 1, + prefix_directives => 1, + indexpages => 0, + discussion => 1, + discussionpage => 'Discussion', + html5 => 0, + sslcookie => 1, + default_pageext => 'mdwn', + htmlext => 'xhtml', + timeformat => '%c', + locale => 'fr_FR.UTF-8', + #userdir => 'usr', + numbacklinks => 10, + hardlink => 0, + umask => 002, + #wrappergroup => 'ikiwiki', + #libdir => '/home/lhc/var/ikiwiki/remorqueatelier/.ikiwiki', + libdir => '', + ENV => {}, + #include => '^\\.htaccess$', + exclude => '^/etc$', + #wiki_file_chars => '-[:alnum:]+/.:_@’()&', + wiki_file_chars => '-[:alnum:]+/.:_', + allow_symlinks_before_srcdir => 1, + #htmlscrubber_skip => '!*/Discussion', + #rss => 0, + atom => 1, + #allowrss => 0, + allowatom => 1, + pingurl => [], + #blogspam_pagespec => 'postcomment(*)', + #blogspam_options => 'blacklist=1.2.3.4,blacklist=8.7.6.5,max-links=10', + #blogspam_server => '', + #moderate_pagespec => 'user(http://*)', + #openid_realm => '', + #openid_cgiurl => '', + #openidsignup => 'http://myopenid.com/', + account_creation_password => 'w3_sh411_0v3rc0m3', + password_cost => 8, + #tohighlight => '.c .h .cpp .pl .py Makefile:make', + #multimarkdown => 0, + #allowed_attachments => + # ' (mimetype(image/*) and maxsize(100kb)) + # or (mimetype(application/pdf) and maxsize(2mb) + # )', + #virus_checker => 'clamdscan -', + #comments_pagespec => 'blog/* and !*/Discussion', + #comments_closed_pagespec => 'blog/controversial or blog/flamewar', + #comments_pagename => '', + #comments_allowdirectives => 0, + #comments_allowauthor => 0, + #comments_commit => 1, + #getsource_mimetype => 'text/plain; charset=utf-8', + #mirrorlist => {}, + repositories => + [ "git://git.heureux-cyclage.org/remorqueatelier.git" + , "git\@git.heureux-cyclage.org:remorqueatelier.git" + ], + omega_cgi => '/usr/lib/cgi-bin/omega/omega', + search_pagespec => '* and !recentchanges/*', + #websetup_force_plugins => [], + #websetup_unsafe => [], + #websetup_show_unsafe => 1, + #archivebase => 'archives', + #archive_pagespec => 'posts/* and !*/Discussion', + #directive_description_dir => 'ikiwiki/directive', + #teximg_dvipng => '', + #teximg_prefix => '\\documentclass{article} + #\\usepackage{amsmath} + #\\usepackage{amsfonts} + #\\usepackage{amssymb} + #\\pagestyle{empty} + #\\begin{document} + #', + #teximg_postfix => '\\end{document}', + #aggregateinternal => 1, + #aggregate_webtrigger => 0, + #camelcase_ignore => [], + #pinger_timeout => 15, + #prettydateformat => '%X, %B %o, %Y', + recentchangespage => 'recentchanges', + recentchangesnum => 100, + #rsync_command => 'rsync -qa --delete . user@host:/path/to/docroot/', + global_sidebars => '*', + #tagbase => 'tag', + #add_underlays => [qw{/home/fai/wiki.underlay}], + #add_templates => [qw{/home/fai/.ikiwiki/templates}], + external_links => qr{^(git)(/.*|$)}, + attachment => + { insert => 'Lier' + , rename => 'Renommer' + , remove => 'Détacher' + , upload => 'Attacher' + }, + backlinks => + { map_tmpl => 'map-doc' + , map_id => 'backlink' + , tmpl => 'page.tmpl' + , page => 'backlinks' + , title => 'rétro-liens' + }, + edit => + { title => 'édition' + , save => 'Sauvegarder' + , preview => 'Apercevoir' + , cancel => 'Annuler' + , remove => 'Supprimer' + , rename => 'Bouger' + , diff => 'Comparer' + , location => 'Emplacement' + , type => 'Type' + }, + tag => + { map_tmpl => 'map-doc' + , map_id => 'backlink' + , tmpl => 'page.tmpl' + , page => 'tag' + , title => 'étiquette' + }, + toc => + { id => 'may-be-invalid' + , back => '↑ ' + }, + default_file => 'default.mdwn' + } diff --git a/etc/nginx/site.d/lhc-remorque/local.conf b/etc/nginx/site.d/lhc-remorque/local.conf new file mode 100644 index 0000000..56b9f1c --- /dev/null +++ b/etc/nginx/site.d/lhc-remorque/local.conf @@ -0,0 +1 @@ +listen 80; diff --git a/etc/nginx/site.d/lhc-remorque/remote.sh b/etc/nginx/site.d/lhc-remorque/remote.sh new file mode 100644 index 0000000..d86a039 --- /dev/null +++ b/etc/nginx/site.d/lhc-remorque/remote.sh @@ -0,0 +1,22 @@ +gpg --decrypt "$tool"/var/sec/ssh/wiki-"$site".gpg | +rule ssh -l root ' \ + set -e -f -u -x + sudo install -d -m 1751 -o lhc -g lhc \ + /home/lhc \ + /home/lhc/var \ + /home/lhc/var/ikiwiki + sudo install -d -m 2770 -o wiki-'"'$site'"' -g wiki-'"'$site'"' \ + /home/lhc/var/ikiwiki/remorque + getent passwd wiki-'"'$site'"' >/dev/null || + sudo adduser wiki-'"'$site'"' \ + --disabled-login \ + --disabled-password \ + --group \ + --home /home/lhc/var/ikiwiki/"$site" \ + --shell /bin/false \ + --system + sudo install -d -m 750 -o wiki-'"'$site'"' -g wiki-'"'$site'"' \ + /home/lhc/var/ikiwiki/remorque/etc/ssh + sudo install -m 400 -o wiki-'"'$site'"' -g wiki-'"'$site'"' /dev/stdin \ + /home/lhc/var/ikiwiki/remorque/etc/ssh/id_rsa + ' diff --git a/etc/nginx/site.d/lhc-remorque/site.conf b/etc/nginx/site.d/lhc-remorque/site.conf new file mode 100644 index 0000000..5d0f79c --- /dev/null +++ b/etc/nginx/site.d/lhc-remorque/site.conf @@ -0,0 +1,24 @@ +server_name remorque.heureux-cyclage.org; + +client_body_buffer_size 8k; +client_max_body_size 10m; +location / { + try_files $uri $uri/index.xhtml = 404; + } +location ~* ^.+.(css|gif|html|ico|jpeg|js|jpg|png|txt|xml)$ { + access_log off; + expires 30d; + log_not_found off; + } +location ~ /\. { + access_log off; + deny all; + log_not_found off; + } +location /cgi/ikiwiki.cgi { + include /etc/nginx/conf.d/fastcgi.conf; + fastcgi_index cgi/ikiwiki.cgi; + fastcgi_pass unix:/run/spawn-fcgi/lhc-remorque; + } + +# vim: ft=sh diff --git a/etc/nginx/site.d/lhc-www-tls/configure.sh b/etc/nginx/site.d/lhc-www-tls/configure.sh index 4bc8526..0f3e251 100644 --- a/etc/nginx/site.d/lhc-www-tls/configure.sh +++ b/etc/nginx/site.d/lhc-www-tls/configure.sh @@ -1,6 +1,6 @@ #!/bin/sh set -e -f -u -x -local hint="run vm_remote nginx_key_send before" +local hint="run vm_remote nginx_configure before" assert "sudo test -f /etc/nginx/x509.d/\"$site\"/key.pem" hint sudo install -m 664 -o www -g www \ "$tool"/var/pub/x509/www.heureux-cyclage.org/crt+ca.pem \ diff --git a/etc/nginx/site.d/lhc-www-tls/key_send b/etc/nginx/site.d/lhc-www-tls/x509_host similarity index 100% rename from etc/nginx/site.d/lhc-www-tls/key_send rename to etc/nginx/site.d/lhc-www-tls/x509_host diff --git a/etc/nginx/site.d/lhc-www/site.conf b/etc/nginx/site.d/lhc-www/site.conf index a866306..158a7a8 100644 --- a/etc/nginx/site.d/lhc-www/site.conf +++ b/etc/nginx/site.d/lhc-www/site.conf @@ -3,7 +3,6 @@ server_name www.heureux-cyclage.org heureux-cyclage.org; client_body_buffer_size 8k; client_max_body_size 10m; location / { - root /home/www/pub/lhc-www; index index.html index.htm index.php; } location ~* ^.+.(css|gif|html|ico|jpeg|js|jpg|png|txt|xml)$ { @@ -37,8 +36,11 @@ location ~ \.php$ { fastcgi_cache_valid 200 10s; fastcgi_cache_valid 404 10m; fastcgi_ignore_headers Cache-Control Expires Set-Cookie; + fastcgi_index index.php; fastcgi_max_temp_file_size 2M; fastcgi_no_cache $no_cache; + fastcgi_param REDIRECT_STATUS 200; + # NOTE: PHP only, required if PHP was built with --enable-force-cgi-redirect fastcgi_pass_header Cookie; fastcgi_pass_header Set-Cookie; fastcgi_split_path_info ^(.+\.php)(/.+)$; diff --git a/etc/php5/fpm/pool.d/lhc-git.conf b/etc/php5/fpm/pool.d/lhc-git.conf deleted file mode 100644 index 9f4f8c1..0000000 --- a/etc/php5/fpm/pool.d/lhc-git.conf +++ /dev/null @@ -1,11 +0,0 @@ -pm.max_children = 15 -pm.max_requests = 200 -pm.max_spare_servers = 15 -pm.min_spare_servers = 2 -pm.process_idle_timeout = 60s -pm.start_servers = 3 -request_slowlog_timeout = 5s -request_terminate_timeout = 120s -rlimit_core = unlimited -rlimit_files = 131072 -security.limit_extensions = .php diff --git a/etc/sv/git-daemon/configure b/etc/sv/git-daemon/configure deleted file mode 100755 index e95c7d7..0000000 --- a/etc/sv/git-daemon/configure +++ /dev/null @@ -1 +0,0 @@ -#!/bin/sh -efux diff --git a/etc/sv/git-daemon/configure.sh b/etc/sv/git-daemon/configure.sh new file mode 100644 index 0000000..5260f91 --- /dev/null +++ b/etc/sv/git-daemon/configure.sh @@ -0,0 +1,19 @@ +#!/bin/sh -eux +rule adduser git-daemon\ + --disabled-login \ + --disabled-password \ + --group \ + --home /home/git/pub \ + --shell /bin/false \ + --system +rule adduser log-git-daemon\ + --disabled-login \ + --disabled-password \ + --group \ + --home /home/git/log/git-daemon \ + --shell /bin/false \ + --system +sudo adduser git-daemon git-data +sudo adduser log-git log-git-daemon +sudo install -d -m 770 -o log-"$sv" -g log-"$sv" \ + /home/git/log/"$sv" diff --git a/etc/sv/git-daemon/log/run b/etc/sv/git-daemon/log/run index 5314155..96866cb 100755 --- a/etc/sv/git-daemon/log/run +++ b/etc/sv/git-daemon/log/run @@ -1,5 +1,7 @@ -#!/bin/sh -efux -user=git-daemon -cd /home/git/log/git-daemon/ -exec chpst -u log-"$user":log-"$user" \ - /usr/bin/svlogd -tt /home/git/log/git-daemon/ +#!/bin/sh -eux +sv=${PWD%/log} +sv=${sv#/etc/sv/} +eval "home=~log-$sv" +cd "$home" +exec chpst -u log-"$sv":log-"$sv" \ + svlogd -v -tt "$home" diff --git a/etc/sv/git-daemon/run b/etc/sv/git-daemon/run index 05140d7..3af0062 100755 --- a/etc/sv/git-daemon/run +++ b/etc/sv/git-daemon/run @@ -1,12 +1,14 @@ -#!/bin/sh -efux +#!/bin/sh -eux exec 2>&1 +sv=${PWD#/etc/sv/} +eval "home=~$sv" exec /usr/bin/chpst \ - -u git-daemon:git-daemon \ - /usr/bin/git daemon \ - --base-path=/home/git/pub \ + -u "$sv":"$sv":git-data \ + /usr/lib/git-core/git-daemon \ + --base-path="$home" \ --interpolated-path=/home/git/srv/%H%D \ --reuseaddr \ --user-path=pub/git \ --verbose \ -- \ - /home/git/pub/git + "$home" diff --git a/etc/sv/gitweb/configure.sh b/etc/sv/gitweb/configure.sh new file mode 100644 index 0000000..9f1a1cd --- /dev/null +++ b/etc/sv/gitweb/configure.sh @@ -0,0 +1,19 @@ +#!/bin/sh -eux +rule adduser fcgi-"$sv" \ + --disabled-login \ + --disabled-password \ + --group \ + --home /home/www/pub/"$sv" \ + --shell /bin/false \ + --system +rule adduser log-fcgi-"$sv" \ + --disabled-login \ + --disabled-password \ + --group \ + --home /home/www/log/"$sv"/spawn-fcgi \ + --shell /bin/false \ + --system +sudo adduser fcgi-"$sv" www-"$sv" +#sudo adduser fcgi-"$site" git-data +sudo install -d -m 770 -o log-fcgi-"$sv" -g log-fcgi-"$sv" \ + /home/www/log/"$sv"/spawn-fcgi diff --git a/etc/sv/gitweb/log/run b/etc/sv/gitweb/log/run new file mode 100755 index 0000000..500b8ad --- /dev/null +++ b/etc/sv/gitweb/log/run @@ -0,0 +1,7 @@ +#!/bin/sh -eux +sv=${PWD%/log} +sv=${sv#/etc/sv/} +eval "home=~log-fcgi-$sv" +cd "$home" +exec chpst -u log-fcgi-"$sv":log-fcgi-"$sv" \ + svlogd -v -tt "$home" diff --git a/etc/sv/gitweb/run b/etc/sv/gitweb/run new file mode 100755 index 0000000..3f78af2 --- /dev/null +++ b/etc/sv/gitweb/run @@ -0,0 +1,14 @@ +#!/bin/sh -eux +exec 2>&1 +sv=${PWD#/etc/sv/} +exec /usr/bin/spawn-fcgi \ + -u fcgi-"$sv" \ + -g fcgi-"$sv" \ + -U www-data \ + -G www-data \ + -M 0660 \ + -n \ + -s /run/spawn-fcgi/"$sv" \ + -- /usr/bin/multiwatch \ + --forks 3 \ + -- /usr/sbin/fcgiwrap diff --git a/etc/sv/lhc-remorque/configure.sh b/etc/sv/lhc-remorque/configure.sh new file mode 100644 index 0000000..67c6d37 --- /dev/null +++ b/etc/sv/lhc-remorque/configure.sh @@ -0,0 +1,17 @@ +#!/bin/sh -eux +rule adduser fcgi-"$sv" \ + --disabled-login \ + --disabled-password \ + --group \ + --home /home/www/pub/"$sv" \ + --shell /bin/false \ + --system +rule adduser log-fcgi-"$sv" \ + --disabled-login \ + --disabled-password \ + --group \ + --home /home/www/log/spawn-fcgi/"$sv" \ + --shell /bin/false \ + --system +sudo install -d -m 770 -o log-fcgi-"$sv" -g log-fcgi-"$sv" \ + /home/www/log/"$sv"/spawn-fcgi diff --git a/etc/sv/lhc-remorque/log/run b/etc/sv/lhc-remorque/log/run new file mode 100755 index 0000000..500b8ad --- /dev/null +++ b/etc/sv/lhc-remorque/log/run @@ -0,0 +1,7 @@ +#!/bin/sh -eux +sv=${PWD%/log} +sv=${sv#/etc/sv/} +eval "home=~log-fcgi-$sv" +cd "$home" +exec chpst -u log-fcgi-"$sv":log-fcgi-"$sv" \ + svlogd -v -tt "$home" diff --git a/etc/sv/lhc-remorque/run b/etc/sv/lhc-remorque/run new file mode 100755 index 0000000..3f78af2 --- /dev/null +++ b/etc/sv/lhc-remorque/run @@ -0,0 +1,14 @@ +#!/bin/sh -eux +exec 2>&1 +sv=${PWD#/etc/sv/} +exec /usr/bin/spawn-fcgi \ + -u fcgi-"$sv" \ + -g fcgi-"$sv" \ + -U www-data \ + -G www-data \ + -M 0660 \ + -n \ + -s /run/spawn-fcgi/"$sv" \ + -- /usr/bin/multiwatch \ + --forks 3 \ + -- /usr/sbin/fcgiwrap diff --git a/etc/sv/mysql/run b/etc/sv/mysql/run index f8597b2..70fdd55 100755 --- a/etc/sv/mysql/run +++ b/etc/sv/mysql/run @@ -1,12 +1,14 @@ -#!/bin/sh -efux +#!/bin/sh -eux exec 2>&1 +sv=${PWD#/etc/sv/} +eval "home=~$sv" exec /usr/bin/chpst \ - -u mysql:mysql \ + -u "$sv":"$sv" \ /usr/sbin/mysqld \ --basedir=/usr \ - --datadir=/home/mysql \ + --datadir=$home \ --pid-file=/var/run/mysqld/mysqld.pid \ --plugin-dir=/usr/lib/mysql/plugin \ --port=3306 \ --socket=/var/run/mysqld/mysqld.sock \ - --user=mysql + --user=$sv diff --git a/var/pub/ssh/wiki-lhc-remorque.key b/var/pub/ssh/wiki-lhc-remorque.key new file mode 100644 index 0000000..8ada3aa --- /dev/null +++ b/var/pub/ssh/wiki-lhc-remorque.key @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQChfJh3qeZ2gl1O4ItqVG1G0AJAd5/tkUFrcP0NSpXyVtLQ4AG0VXKQ/BWTBFIBmKjzmSRzMru83uWW4nqP012GrZaxGOCb53/rUkGbiW5lcbP5bwcqADmmDIHI4DNlQud32pMjKHpJwjhm0tSiYsuAvbUZ+W43rh5bWN186izOsW64SdGf74n7+9WR1OEgkYqxnV+oYObrdtYX2M9oAukm4EP7sCsYVui8GFzUB8wX+kfXB6JxwJP0hYcoPWyU+UrQ0tb6mQF7c6MXvOW0P5lFWgsW0GeVjR4fj9xSiDGnbfT1SsdoJ5SE4fRuX1mwb7wsywjSuDGmPluio432aoChcOOD7EYPvbP7/Z9DjeMh7pu4cPhD6PcMZNaae/M/rytbGE6pirwYfsGukWYmCRV5RFLkqH/2jc6L/HAnKoyX9ZmtV9T9tZUdpoPnnqm2c28xrH1mpiorAq8ZK0lMzUJ7cfuOL4wgdAU3u2TQUkrA5meTi0i4cgrnNPWpdK/sQeM/UFKHeHRRU7srRvaHUHZ7coi3RCBuAC2EpiuLkniclbdD1dJ5m6as+XQid7awXxgzC9DjtnvFJkk8fn5UmgDWZBp5FlBWKQQ2wPOiTWrqseSc8yh5rfECKThQAGp5F0JV2/6sLTLsq9TFuR890aHJCUZXFzWXfeYoRDIifqgHeQ== wiki-lhc-remorque@ateliers.heureux-cyclage.org diff --git a/vm_hosted b/vm_hosted index 7d5e444..d1f3cc3 100755 --- a/vm_hosted +++ b/vm_hosted @@ -74,7 +74,7 @@ rule__chrooted_configure () { # NOTE: est-ce bien utile à un moment ? . /etc/profile } -rule_apache2_configure () { +rule_apache2_configure () { # XXX: cette règle n'est pas testée/mise-à-jour local -; set +f rule apt_get_install \ apache2-mpm-itk \ @@ -507,48 +507,29 @@ rule_gitolite_configure () { --home /home/git/log \ --shell /bin/false \ --system - rule adduser git-data\ + rule adduser git-data \ --disabled-login \ --disabled-password \ --group \ --home /home/git/pub \ --shell /bin/false \ --system - rule adduser git-daemon\ - --disabled-login \ - --disabled-password \ - --group \ - --home /home/git/pub \ - --shell /bin/false \ - --system - rule adduser log-git-daemon\ - --disabled-login \ - --disabled-password \ - --group \ - --home /home/git/log/git-daemon \ - --shell /bin/false \ - --system sudo adduser git git-data - sudo adduser git-daemon git-data - sudo adduser log-git log-git-daemon sudo install -d -m 770 -o git -g git \ /etc/gitolite \ /home/git/etc \ /home/git/etc/ssh sudo install -d -m 751 -o git -g git \ /home/git - sudo install -d -m 3771 -o git-data -g git-data \ + sudo install -d -m 2770 -o git-data -g git-data \ /home/git/pub sudo install -d -m 1771 -o git -g git \ /home/git/log sudo install -d -m 2770 -o git -g log-git \ /home/git/log/gitolite \ /home/git/log/gitolite/perf - sudo install -d -m 770 -o log-git-daemon -g log-git-daemon \ - /home/git/log/git-daemon - sudo install -d -m 550 -o www-lhc-git -g www-lhc-git \ - /etc/gitweb \ - /etc/gitweb/cgi + sudo install -d -m 3771 -o git -g git \ + /home/git/hooks sudo ln -fns /etc/gitolite /home/git/etc/gitolite sudo ln -fns /etc/gitweb /home/git/etc/gitweb sudo ln -fns etc/gitolite/gitolite.rc /home/git/.gitolite.rc @@ -598,40 +579,9 @@ rule_gitolite_configure () { \$WEB_INTERFACE = "gitweb"; 1; EOF - sudo install -m 740 -o git -g www-lhc-git /dev/stdin \ - /home/git/etc/gitweb/gitweb.conf <<-EOF - \$commit_oneline_message_width = 70; - \$default_projects_order = 'age'; - \$default_text_plain_charset = 'UTF-8'; - @diff_opts = (); - \$favicon = "img/git-favicon.png"; - \$git_temp = "/run/shm/tmp/gitweb"; - \$home_footer = "/etc/gitweb/cgi/home-footer.cgi.inc"; - \$home_header = "/etc/gitweb/cgi/home-header.cgi.inc"; - \$home_link = "/"; - \$home_link_str = 'dépôts'; - \$home_th_age = 'activité'; - \$home_th_descr = 'description'; - \$home_th_owner = 'contact'; - \$home_th_project = 'dépôt'; - \$javascript = "js/gitweb.js"; - \$logo = "img/git-logo.png"; - \$my_uri = ""; - \$projectroot = "../git"; - \$projects_list = "/etc/gitolite/projects.list"; - \$projects_list_description_width = 42; - \$projects_list_owner_width = 15; - \$search_str = "Filtre :"; - \$site_footer = "/etc/gitweb/cgi/site-footer.bin"; - \$site_header = undef; - \$site_name = "git.$vm_domainname"; - \$space_to_nbsp = 0; - @stylesheets = ("css/gitweb.css");# - \$untabify_tabstop = 2; - EOF sudo install -m 600 -o git -g git \ "$tool"/var/pub/ssh/git.key \ - /home/git/etc/ssh/git.pub + /home/git/etc/ssh/git.pub sudo -u git \ GL_RC=/home/git/etc/gitolite/gitolite.rc \ GIT_AUTHOR_NAME=git \ @@ -641,7 +591,6 @@ rule_gitolite_configure () { do test ! -d /home/git/etc/gitolite/"$d" || rmdir /home/git/etc/gitolite/"$d" done - rule apt_get_install gitweb highlight sudo service tmpfs restart } rule_locales_configure () { @@ -761,13 +710,14 @@ rule_mail_configure () { rule_mysql_configure () { rule apt_get_install mysql-server-5.5 sudo install -m 644 -o root -g root \ - "$tool"/etc/mysql/my.cnf \ - /etc/mysql/my.cnf - if test ! -d /home/mysql; then - sudo install -d -m 750 -o mysql -g mysql \ - /home/mysql - sudo -u mysql mysql_install_db --no-defaults --datadir=/home/mysql/ - fi + "$tool"/etc/mysql/my.cnf \ + /etc/mysql/my.cnf + if test ! -d /home/mysql + then + sudo install -d -m 750 -o mysql -g mysql /home/mysql + sudo -u mysql mysql_install_db --no-defaults --datadir=/home/mysql + sudo usermod --home /home/mysql mysql + fi } rule_network_configure () { sudo install -m 644 -o root -g root /dev/stdin /etc/hostname <<-EOF @@ -869,7 +819,7 @@ rule_nginx_configure () { --disabled-login \ --disabled-password \ --group \ - --home /home/www-data/"$site" \ + --home /home/www/pub/"$site" \ --shell /bin/false \ --system rule adduser log-www-"$site" \ @@ -879,7 +829,7 @@ rule_nginx_configure () { --home /home/www/log/"$site"/nginx \ --shell /bin/false \ --system - sudo install -d -m 2770 -o log-www-"$site" -g log-www-"$site" \ + sudo install -d -m 771 -o log-www -g log-www \ /home/www/log/"$site" sudo install -d -m 770 -o www -g www \ /etc/nginx/site.d/"$site" @@ -1182,12 +1132,12 @@ rule_runit_configure () { "$tool"/etc/sv/"$sv"/log/run \ /etc/sv/"$sv"/log/run fi - test ! -x "$tool"/etc/sv/"$sv"/configure || - "$tool"/etc/sv/"$sv"/configure + test ! -r "$tool"/etc/sv/"$sv"/configure.sh || + . "$tool"/etc/sv/"$sv"/configure.sh ln -fns ../sv/"$sv" /etc/service/"$sv" eval local sv_status=\"\${sv_status_$sv_hash-}\" case $sv_status in - ("") sv start "$sv";; + ("") true;; (run:*) sv restart "$sv";; esac done @@ -1204,43 +1154,59 @@ rule_ssh_configure () { /etc/ssh/ssh_host_ecdsa_key \ /etc/ssh/ssh_host_ecdsa_key.pub # NOTE: clefs générées par Debian - sudo install -m 644 -o root -g root /dev/stdin /etc/ssh/sshd_config <<-EOF - Port 22 - ListenAddress $vm_ipv4 - #ListenAddress :: - Protocol 2 + sudo install -m 644 -o root -g root /dev/stdin /etc/ssh/sshd_config <<-EOF + AcceptEnv LANG LC_* + AuthorizedKeysFile %h/etc/ssh/authorized_keys + ChallengeResponseAuthentication no + ClientAliveInterval 0 Compression yes + DebianBanner no + GSSAPIAuthentication no HostKey /etc/ssh/ssh_host_rsa_key - UsePrivilegeSeparation yes + HostbasedAuthentication no + IgnoreRhosts yes + IgnoreUserKnownHosts no + KerberosAuthentication no KeyRegenerationInterval 3600 - ServerKeyBits 768 - SyslogFacility AUTH + Port 22 + ListenAddress 127.0.0.1 + ListenAddress $vm_ipv4 LogLevel INFO LoginGraceTime 120 + PasswordAuthentication no + PermitEmptyPasswords no PermitRootLogin yes - StrictModes yes - RSAAuthentication yes + PrintLastLog yes + PrintMotd no + Protocol 2 PubkeyAuthentication yes - AuthorizedKeysFile %h/etc/ssh/authorized_keys - IgnoreRhosts yes + RSAAuthentication yes RhostsRSAAuthentication no - HostbasedAuthentication no - IgnoreUserKnownHosts no - PermitEmptyPasswords no - ChallengeResponseAuthentication no - PasswordAuthentication no - KerberosAuthentication no - GSSAPIAuthentication no - X11Forwarding no - X11DisplayOffset 10 - PrintMotd no - DebianBanner no - PrintLastLog yes - TCPKeepAlive yes - ClientAliveInterval 0 - AcceptEnv LANG LC_* + ServerKeyBits 768 + StrictModes yes Subsystem sftp /usr/lib/openssh/sftp-server + SyslogFacility AUTH + TCPKeepAlive yes UsePAM yes + UsePrivilegeSeparation yes + X11DisplayOffset 10 + X11Forwarding no + EOF + sudo install -m 644 -o root -g root /dev/stdin /etc/ssh/ssh_config <<-EOF + Host * + #Compression yes + #CompressionLevel 9 + #ControlMaster auto + #ControlPath ~/var/run/ssh/%h-%p-%r.sock + GSSAPIAuthentication no + GSSAPIDelegateCredentials no + HashKnownHosts yes + IdentityFile ~/etc/ssh/id_dsa + IdentityFile ~/etc/ssh/id_rsa + IdentityFile ~/etc/ssh/identity + SendEnv LANG LC_* + StrictHostKeyChecking ask + UserKnownHostsFile ~/etc/ssh/known_hosts EOF sudo service ssh restart } @@ -1426,11 +1392,11 @@ rule_configure () { rule sysctl_configure rule user_configure rule mail_configure + rule gitolite_configure rule www_configure rule php5_fpm_configure rule nginx_configure #rule apache2_configure - rule gitolite_configure rule runit_configure } diff --git a/vm_remote b/vm_remote index c167f30..57a3e96 100755 --- a/vm_remote +++ b/vm_remote @@ -130,7 +130,7 @@ rule_dovecot_key_send () { /etc/dovecot/"$vm_domainname"/imap/x509/key.pem ' } -rule_gitolite_configure () { +rule_gitolite_git () { ( cd "$tool"/etc/gitolite GIT_SSH=../../lib/ssh \ @@ -138,29 +138,33 @@ rule_gitolite_configure () { SSH_ASKPASS='"$tool"'/lib/ssh-pass \ SSH_ID=git \ ssh-add '"$tool"'/var/sec/ssh/git