/etc/nginx/x509.d/"$site"/crt.pem
"$tool"/local/apt-get-install ikiwiki \
- libsearch-xapian-perl
+ xapian-omega \
+ libsearch-xapian-perl \
+ libdigest-sha-perl \
+ libhtml-scrubber-perl
"$tool"/local/adduser fcgi-"$site" \
--disabled-login \
--disabled-password \
--group \
- --home /home/www/data/"$site" \
+ --home /home/cyclo/var/ikiwiki/'"'$site'"' \
--shell /bin/false \
--system
"$tool"/local/adduser www-"$site" \
EOF
if sudo test -d /home/cyclo/var/ikiwiki/"$site"/src/.git
- then sudo -u wiki-"$site" sh -$-c \
- 'cd /home/cyclo/var/ikiwiki/'"'$site'"'/src &&
+ then sudo -u wiki-"$site" sh -$-c ' \
+ cd /home/cyclo/var/ikiwiki/'"'$site'"'/src &&
git pull -v &&
git submodule update --recursive --init'
else
- sudo -u wiki-"$site" git clone \
- git@localhost:cyclovie \
- /home/cyclo/var/ikiwiki/"$site"/src
- sudo -u wiki-"$site" sh -$-c \
- 'cd /home/cyclo/var/ikiwiki/'"'$site'"'/src &&
- git submodule update --recursive --init'
+ sudo -u wiki-"$site" sh -$-c ' \
+ umask 007 &&
+ git clone \
+ git@localhost:cyclovie \
+ /home/cyclo/var/ikiwiki/'"'$site'"'/src &&
+ cd /home/cyclo/var/ikiwiki/'"'$site'"'/src &&
+ git config core.sharedRepository group &&
+ git submodule update --recursive --init
+ '
fi
sudo adduser wiki-"$site" www-"$site"
--setup /home/cyclo/var/ikiwiki/"$site"/src/ikiwiki.setup \
--refresh \
--wrappers
-sudo chown wiki-"$site":www-"$site" \
+sudo chown fcgi-"$site":wiki-"$site" \
/home/git/hooks/cyclo/"$site"/post-update.ikiwiki
sudo chmod 6755 \
/home/git/hooks/cyclo/"$site"/post-update.ikiwiki
sudo chmod g+w \
- /home/cyclo/var/ikiwiki/"$site"/src/.ikiwiki
+ /home/cyclo/var/ikiwiki/"$site"/src/.ikiwiki \
+ /home/cyclo/var/ikiwiki/"$site"/src/.ikiwiki/xapian/default
sudo cat /etc/gitweb/gitweb.conf - <<-EOF |
\$export_ok = "cyclo-vie-export-ok";
gpg --decrypt "$tool"/var/sec/ssh/wiki-"$site".gpg |
"$tool"/remote/ssh root@"$local_ipv4" ' \
+ set +x
+ key=$(cat)
set -e -f -u -x
sudo install -d -m 1751 -o cyclo -g cyclo \
/home/cyclo \
--disabled-login \
--disabled-password \
--group \
- --home /home/cyclo/var/ikiwiki/'"'$site'"' \
+ --home /home/cyclo/var/ikiwiki/'"'$site'"'/fcgi \
--shell /bin/false \
--system
sudo install -d -m 2770 -o wiki-'"'$site'"' -g wiki-'"'$site'"' \
sudo install -d -m 750 -o wiki-'"'$site'"' -g wiki-'"'$site'"' \
/home/cyclo/var/ikiwiki/'"'$site'"'/etc/ssh
sudo install -m 400 -o wiki-'"'$site'"' -g wiki-'"'$site'"' /dev/stdin \
- /home/cyclo/var/ikiwiki/'"'$site'"'/etc/ssh/id_rsa
+ /home/cyclo/var/ikiwiki/'"'$site'"'/etc/ssh/id_rsa <<-EOF
+ $key
+ EOF
+ sudo install -d -m 2770 -o fcgi-'"'$site'"' -g fcgi-'"'$site'"' \
+ /home/cyclo/var/ikiwiki/'"'$site'"'/fcgi
+ sudo install -d -m 750 -o fcgi-'"'$site'"' -g fcgi-'"'$site'"' \
+ /home/cyclo/var/ikiwiki/'"'$site'"'/fcgi/etc/ssh
+ sudo install -m 400 -o fcgi-'"'$site'"' -g fcgi-'"'$site'"' /dev/stdin \
+ /home/cyclo/var/ikiwiki/'"'$site'"'/fcgi/etc/ssh/id_rsa <<-EOF
+ $key
+ EOF
'
/etc/nginx/x509.d/"$site"/crt.pem
"$tool"/local/apt-get-install ikiwiki \
- libsearch-xapian-perl
+ xapian-omega \
+ libsearch-xapian-perl \
+ libdigest-sha-perl \
+ libhtml-scrubber-perl
"$tool"/local/adduser fcgi-"$site" \
--disabled-login \
--disabled-password \
--group \
- --home /home/www/data/"$site" \
+ --home /home/cyclo/var/ikiwiki/'"'$site'"' \
--shell /bin/false \
--system
"$tool"/local/adduser www-"$site" \
EOF
if sudo test -d /home/cyclo/var/ikiwiki/"$site"/src/.git
- then sudo -u wiki-"$site" sh -$-c \
- 'cd /home/cyclo/var/ikiwiki/'"'$site'"'/src &&
+ then sudo -u wiki-"$site" sh -$-c ' \
+ cd /home/cyclo/var/ikiwiki/'"'$site'"'/src &&
git pull -v &&
git submodule update --recursive --init'
else
- sudo -u wiki-"$site" git clone \
- git@localhost:cyclowiki \
- /home/cyclo/var/ikiwiki/"$site"/src
- sudo -u wiki-"$site" sh -$-c \
- 'cd /home/cyclo/var/ikiwiki/'"'$site'"'/src &&
- git submodule update --recursive --init'
+ sudo -u wiki-"$site" sh -$-c ' \
+ umask 007 &&
+ git clone \
+ git@localhost:cyclowiki \
+ /home/cyclo/var/ikiwiki/'"'$site'"'/src &&
+ cd /home/cyclo/var/ikiwiki/'"'$site'"'/src &&
+ git config core.sharedRepository group &&
+ git submodule update --recursive --init
+ '
fi
sudo adduser wiki-"$site" www-"$site"
--setup /home/cyclo/var/ikiwiki/"$site"/src/ikiwiki.setup \
--refresh \
--wrappers
-sudo chown wiki-"$site":www-"$site" \
+sudo chown fcgi-"$site":wiki-"$site" \
/home/git/hooks/cyclo/"$site"/post-update.ikiwiki
sudo chmod 6755 \
/home/git/hooks/cyclo/"$site"/post-update.ikiwiki
sudo chmod g+w \
- /home/cyclo/var/ikiwiki/"$site"/src/.ikiwiki
+ /home/cyclo/var/ikiwiki/"$site"/src/.ikiwiki \
+ /home/cyclo/var/ikiwiki/"$site"/src/.ikiwiki/xapian/default
sudo cat /etc/gitweb/gitweb.conf - <<-EOF |
\$export_ok = "cyclo-wiki-export-ok";
gpg --decrypt "$tool"/var/sec/ssh/wiki-"$site".gpg |
"$tool"/remote/ssh root@"$local_ipv4" ' \
+ set +x
+ key=$(cat)
set -e -f -u -x
sudo install -d -m 1751 -o cyclo -g cyclo \
/home/cyclo \
--disabled-login \
--disabled-password \
--group \
- --home /home/cyclo/var/ikiwiki/'"'$site'"' \
+ --home /home/cyclo/var/ikiwiki/'"'$site'"'/fcgi \
--shell /bin/false \
--system
sudo install -d -m 2770 -o wiki-'"'$site'"' -g wiki-'"'$site'"' \
sudo install -d -m 750 -o wiki-'"'$site'"' -g wiki-'"'$site'"' \
/home/cyclo/var/ikiwiki/'"'$site'"'/etc/ssh
sudo install -m 400 -o wiki-'"'$site'"' -g wiki-'"'$site'"' /dev/stdin \
- /home/cyclo/var/ikiwiki/'"'$site'"'/etc/ssh/id_rsa
+ /home/cyclo/var/ikiwiki/'"'$site'"'/etc/ssh/id_rsa <<-EOF
+ $key
+ EOF
+ sudo install -d -m 2770 -o fcgi-'"'$site'"' -g fcgi-'"'$site'"' \
+ /home/cyclo/var/ikiwiki/'"'$site'"'/fcgi
+ sudo install -d -m 750 -o fcgi-'"'$site'"' -g fcgi-'"'$site'"' \
+ /home/cyclo/var/ikiwiki/'"'$site'"'/fcgi/etc/ssh
+ sudo install -m 400 -o fcgi-'"'$site'"' -g fcgi-'"'$site'"' /dev/stdin \
+ /home/cyclo/var/ikiwiki/'"'$site'"'/fcgi/etc/ssh/id_rsa <<-EOF
+ $key
+ EOF
'