From: Julien Moutinho Date: Wed, 5 Mar 2014 23:16:15 +0000 (+0100) Subject: Correction : nginx/site.d/cyclo-{vie,wiki} : perms. X-Git-Url: https://git.cyclocoop.org/?p=lhc%2Fateliers.git;a=commitdiff_plain;h=f135690b35e8a5349b210714c0ec04fc3d81e7d8 Correction : nginx/site.d/cyclo-{vie,wiki} : perms. --- diff --git a/etc/nginx/site.d/cyclo-vie/local.sh b/etc/nginx/site.d/cyclo-vie/local.sh index 85e0f2c..d4ed833 100644 --- a/etc/nginx/site.d/cyclo-vie/local.sh +++ b/etc/nginx/site.d/cyclo-vie/local.sh @@ -7,13 +7,16 @@ sudo install -m 664 -o www -g www \ /etc/nginx/x509.d/"$site"/crt.pem "$tool"/local/apt-get-install ikiwiki \ - libsearch-xapian-perl + xapian-omega \ + libsearch-xapian-perl \ + libdigest-sha-perl \ + libhtml-scrubber-perl "$tool"/local/adduser fcgi-"$site" \ --disabled-login \ --disabled-password \ --group \ - --home /home/www/data/"$site" \ + --home /home/cyclo/var/ikiwiki/'"'$site'"' \ --shell /bin/false \ --system "$tool"/local/adduser www-"$site" \ @@ -47,17 +50,20 @@ sudo install -m 771 -o git -g git /dev/stdin \ EOF if sudo test -d /home/cyclo/var/ikiwiki/"$site"/src/.git - then sudo -u wiki-"$site" sh -$-c \ - 'cd /home/cyclo/var/ikiwiki/'"'$site'"'/src && + then sudo -u wiki-"$site" sh -$-c ' \ + cd /home/cyclo/var/ikiwiki/'"'$site'"'/src && git pull -v && git submodule update --recursive --init' else - sudo -u wiki-"$site" git clone \ - git@localhost:cyclovie \ - /home/cyclo/var/ikiwiki/"$site"/src - sudo -u wiki-"$site" sh -$-c \ - 'cd /home/cyclo/var/ikiwiki/'"'$site'"'/src && - git submodule update --recursive --init' + sudo -u wiki-"$site" sh -$-c ' \ + umask 007 && + git clone \ + git@localhost:cyclovie \ + /home/cyclo/var/ikiwiki/'"'$site'"'/src && + cd /home/cyclo/var/ikiwiki/'"'$site'"'/src && + git config core.sharedRepository group && + git submodule update --recursive --init + ' fi sudo adduser wiki-"$site" www-"$site" @@ -69,12 +75,13 @@ sudo -u wiki-"$site" ikiwiki \ --setup /home/cyclo/var/ikiwiki/"$site"/src/ikiwiki.setup \ --refresh \ --wrappers -sudo chown wiki-"$site":www-"$site" \ +sudo chown fcgi-"$site":wiki-"$site" \ /home/git/hooks/cyclo/"$site"/post-update.ikiwiki sudo chmod 6755 \ /home/git/hooks/cyclo/"$site"/post-update.ikiwiki sudo chmod g+w \ - /home/cyclo/var/ikiwiki/"$site"/src/.ikiwiki + /home/cyclo/var/ikiwiki/"$site"/src/.ikiwiki \ + /home/cyclo/var/ikiwiki/"$site"/src/.ikiwiki/xapian/default sudo cat /etc/gitweb/gitweb.conf - <<-EOF | \$export_ok = "cyclo-vie-export-ok"; diff --git a/etc/nginx/site.d/cyclo-vie/remote.sh b/etc/nginx/site.d/cyclo-vie/remote.sh index bd26117..87d6cb5 100644 --- a/etc/nginx/site.d/cyclo-vie/remote.sh +++ b/etc/nginx/site.d/cyclo-vie/remote.sh @@ -1,5 +1,7 @@ gpg --decrypt "$tool"/var/sec/ssh/wiki-"$site".gpg | "$tool"/remote/ssh root@"$local_ipv4" ' \ + set +x + key=$(cat) set -e -f -u -x sudo install -d -m 1751 -o cyclo -g cyclo \ /home/cyclo \ @@ -10,7 +12,7 @@ gpg --decrypt "$tool"/var/sec/ssh/wiki-"$site".gpg | --disabled-login \ --disabled-password \ --group \ - --home /home/cyclo/var/ikiwiki/'"'$site'"' \ + --home /home/cyclo/var/ikiwiki/'"'$site'"'/fcgi \ --shell /bin/false \ --system sudo install -d -m 2770 -o wiki-'"'$site'"' -g wiki-'"'$site'"' \ @@ -18,5 +20,15 @@ gpg --decrypt "$tool"/var/sec/ssh/wiki-"$site".gpg | sudo install -d -m 750 -o wiki-'"'$site'"' -g wiki-'"'$site'"' \ /home/cyclo/var/ikiwiki/'"'$site'"'/etc/ssh sudo install -m 400 -o wiki-'"'$site'"' -g wiki-'"'$site'"' /dev/stdin \ - /home/cyclo/var/ikiwiki/'"'$site'"'/etc/ssh/id_rsa + /home/cyclo/var/ikiwiki/'"'$site'"'/etc/ssh/id_rsa <<-EOF + $key + EOF + sudo install -d -m 2770 -o fcgi-'"'$site'"' -g fcgi-'"'$site'"' \ + /home/cyclo/var/ikiwiki/'"'$site'"'/fcgi + sudo install -d -m 750 -o fcgi-'"'$site'"' -g fcgi-'"'$site'"' \ + /home/cyclo/var/ikiwiki/'"'$site'"'/fcgi/etc/ssh + sudo install -m 400 -o fcgi-'"'$site'"' -g fcgi-'"'$site'"' /dev/stdin \ + /home/cyclo/var/ikiwiki/'"'$site'"'/fcgi/etc/ssh/id_rsa <<-EOF + $key + EOF ' diff --git a/etc/nginx/site.d/cyclo-wiki/local.sh b/etc/nginx/site.d/cyclo-wiki/local.sh index 47d0294..a37237d 100644 --- a/etc/nginx/site.d/cyclo-wiki/local.sh +++ b/etc/nginx/site.d/cyclo-wiki/local.sh @@ -7,13 +7,16 @@ sudo install -m 664 -o www -g www \ /etc/nginx/x509.d/"$site"/crt.pem "$tool"/local/apt-get-install ikiwiki \ - libsearch-xapian-perl + xapian-omega \ + libsearch-xapian-perl \ + libdigest-sha-perl \ + libhtml-scrubber-perl "$tool"/local/adduser fcgi-"$site" \ --disabled-login \ --disabled-password \ --group \ - --home /home/www/data/"$site" \ + --home /home/cyclo/var/ikiwiki/'"'$site'"' \ --shell /bin/false \ --system "$tool"/local/adduser www-"$site" \ @@ -47,17 +50,20 @@ sudo install -m 771 -o git -g git /dev/stdin \ EOF if sudo test -d /home/cyclo/var/ikiwiki/"$site"/src/.git - then sudo -u wiki-"$site" sh -$-c \ - 'cd /home/cyclo/var/ikiwiki/'"'$site'"'/src && + then sudo -u wiki-"$site" sh -$-c ' \ + cd /home/cyclo/var/ikiwiki/'"'$site'"'/src && git pull -v && git submodule update --recursive --init' else - sudo -u wiki-"$site" git clone \ - git@localhost:cyclowiki \ - /home/cyclo/var/ikiwiki/"$site"/src - sudo -u wiki-"$site" sh -$-c \ - 'cd /home/cyclo/var/ikiwiki/'"'$site'"'/src && - git submodule update --recursive --init' + sudo -u wiki-"$site" sh -$-c ' \ + umask 007 && + git clone \ + git@localhost:cyclowiki \ + /home/cyclo/var/ikiwiki/'"'$site'"'/src && + cd /home/cyclo/var/ikiwiki/'"'$site'"'/src && + git config core.sharedRepository group && + git submodule update --recursive --init + ' fi sudo adduser wiki-"$site" www-"$site" @@ -69,12 +75,13 @@ sudo -u wiki-"$site" ikiwiki \ --setup /home/cyclo/var/ikiwiki/"$site"/src/ikiwiki.setup \ --refresh \ --wrappers -sudo chown wiki-"$site":www-"$site" \ +sudo chown fcgi-"$site":wiki-"$site" \ /home/git/hooks/cyclo/"$site"/post-update.ikiwiki sudo chmod 6755 \ /home/git/hooks/cyclo/"$site"/post-update.ikiwiki sudo chmod g+w \ - /home/cyclo/var/ikiwiki/"$site"/src/.ikiwiki + /home/cyclo/var/ikiwiki/"$site"/src/.ikiwiki \ + /home/cyclo/var/ikiwiki/"$site"/src/.ikiwiki/xapian/default sudo cat /etc/gitweb/gitweb.conf - <<-EOF | \$export_ok = "cyclo-wiki-export-ok"; diff --git a/etc/nginx/site.d/cyclo-wiki/remote.sh b/etc/nginx/site.d/cyclo-wiki/remote.sh index bd26117..87d6cb5 100644 --- a/etc/nginx/site.d/cyclo-wiki/remote.sh +++ b/etc/nginx/site.d/cyclo-wiki/remote.sh @@ -1,5 +1,7 @@ gpg --decrypt "$tool"/var/sec/ssh/wiki-"$site".gpg | "$tool"/remote/ssh root@"$local_ipv4" ' \ + set +x + key=$(cat) set -e -f -u -x sudo install -d -m 1751 -o cyclo -g cyclo \ /home/cyclo \ @@ -10,7 +12,7 @@ gpg --decrypt "$tool"/var/sec/ssh/wiki-"$site".gpg | --disabled-login \ --disabled-password \ --group \ - --home /home/cyclo/var/ikiwiki/'"'$site'"' \ + --home /home/cyclo/var/ikiwiki/'"'$site'"'/fcgi \ --shell /bin/false \ --system sudo install -d -m 2770 -o wiki-'"'$site'"' -g wiki-'"'$site'"' \ @@ -18,5 +20,15 @@ gpg --decrypt "$tool"/var/sec/ssh/wiki-"$site".gpg | sudo install -d -m 750 -o wiki-'"'$site'"' -g wiki-'"'$site'"' \ /home/cyclo/var/ikiwiki/'"'$site'"'/etc/ssh sudo install -m 400 -o wiki-'"'$site'"' -g wiki-'"'$site'"' /dev/stdin \ - /home/cyclo/var/ikiwiki/'"'$site'"'/etc/ssh/id_rsa + /home/cyclo/var/ikiwiki/'"'$site'"'/etc/ssh/id_rsa <<-EOF + $key + EOF + sudo install -d -m 2770 -o fcgi-'"'$site'"' -g fcgi-'"'$site'"' \ + /home/cyclo/var/ikiwiki/'"'$site'"'/fcgi + sudo install -d -m 750 -o fcgi-'"'$site'"' -g fcgi-'"'$site'"' \ + /home/cyclo/var/ikiwiki/'"'$site'"'/fcgi/etc/ssh + sudo install -m 400 -o fcgi-'"'$site'"' -g fcgi-'"'$site'"' /dev/stdin \ + /home/cyclo/var/ikiwiki/'"'$site'"'/fcgi/etc/ssh/id_rsa <<-EOF + $key + EOF '