Mercurial > hg > soundsoftware-site

--- a/.hgignore	Wed Aug 16 16:58:22 2017 +0100
+++ b/.hgignore	Thu Aug 17 11:55:29 2017 +0100
@@ -42,3 +42,6 @@
 *.pyc
 *-console.log
 postgres-dumpall
+deploy/config/code.conf
+deploy/config/database.yml
+deploy/docker/Dockerfile
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/deploy/config/code.conf.in	Thu Aug 17 11:55:29 2017 +0100
@@ -0,0 +1,94 @@
+
+# A test Apache config. Lacks SSL, lacks a desirable extra layer of
+# authentication for admin interface paths. Do not deploy this.
+
+PerlLoadModule Apache::Authn::SoundSoftware
+
+<VirtualHost *:80>
+        ServerName code.soundsoftware.ac.uk
+        ServerAdmin chris.cannam@soundsoftware.ac.uk
+
+        DocumentRoot /var/www/code/public
+        PassengerRestartDir restart_files
+        PassengerHighPerformance on
+        PassengerMaxRequests 50000
+        PassengerStatThrottleRate 5
+	PassengerStartTimeout 60
+	PassengerFriendlyErrorPages on
+        RailsSpawnMethod smart
+        ExpiresDefault "access plus 1 minute"
+
+        <DirectoryMatch "^/.*/\.svn/">
+                Order allow,deny
+                Deny from all
+                Satisfy All
+        </DirectoryMatch>
+
+        <DirectoryMatch "^/.*/\.hg/">
+                Order allow,deny
+                Deny from all
+                Satisfy All
+        </DirectoryMatch>
+
+        <DirectoryMatch "^/.*/\.git/">
+                Order allow,deny
+                Deny from all
+                Satisfy All
+        </DirectoryMatch>
+
+        <Directory /var/www/code/public>
+                Options -MultiViews
+	</Directory>
+
+        <Directory /var/www/code/public/themes/soundsoftware/stylesheets/fonts>
+		# Avoid other sites embedding our fonts
+		RewriteEngine on
+		RewriteCond %{HTTP_REFERER} !^$
+		RewriteCond %{HTTP_REFERER} !^http(s)?://code.soundsoftware.ac.uk/.*$ [NC]
+		RewriteRule \.(ttf|woff|eot|otf|svg|zip|gz|html|txt)$ - [F]
+	</Directory>
+
+	ScriptAlias /hg "/var/hg/index.cgi"
+
+	<Location /hg>
+               	AuthName "Mercurial"
+                AuthType Basic
+                Require valid-user
+		PerlAccessHandler Apache::Authn::SoundSoftware::access_handler
+      		PerlAuthenHandler Apache::Authn::SoundSoftware::authen_handler
+		PerlSetVar HTTPS "on"
+		SoundSoftwareDSN "dbi:Pg:database=code;host=localhost"
+    		SoundSoftwareDbUser "code"
+     		SoundSoftwareDbPass "INSERT_POSTGRES_PASSWORD_HERE"
+		SoundSoftwareRepoPrefix "/var/hg/"
+                #!!! "on" in production please!:
+                SoundSoftwareSslRequired "off"
+		Options +ExecCGI
+		AddHandler cgi-script .cgi
+		ExpiresDefault now
+        </Location>
+
+	Alias /git "/var/files/git-mirror"
+
+	<Directory "/var/files/git-mirror">
+		Options -Indexes +FollowSymLinks
+                Order allow,deny
+                Allow from all
+	</Directory>
+	<Directory ~ "/var/files/git-mirror/.*\.workdir">
+		Order allow,deny
+		Deny from all
+	</Directory>
+	<Directory ~ "/var/files/git-mirror/__.*">
+                Order allow,deny
+                Deny from all
+	</Directory>
+
+	ErrorLog /var/log/apache2/code-error.log
+	CustomLog /var/log/apache2/code-access.log vhost_combined
+
+        LogLevel warn
+        ServerSignature Off
+
+</VirtualHost>
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/deploy/config/cron.daily/00-backup-db	Thu Aug 17 11:55:29 2017 +0100
@@ -0,0 +1,6 @@
+#!/bin/sh
+outfile="/var/files/backups/postgres-dumpall-`date +%Y%m%d%H%M`"
+oldmask=`umask`
+umask 0277
+su postgres -c /usr/bin/pg_dumpall > "$outfile" && bzip2 "$outfile"
+umask "$oldmask"
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/deploy/config/cron.daily/10-extract-docs	Thu Aug 17 11:55:29 2017 +0100
@@ -0,0 +1,3 @@
+#!/bin/bash
+cd /tmp
+/var/www/code/docgen/extract-docs.sh
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/deploy/config/cron.daily/15-get-statistics	Thu Aug 17 11:55:29 2017 +0100
@@ -0,0 +1,2 @@
+#!/bin/bash
+sudo -u code sh -c "cd /var/www/code ; ./script/rails runner -e production extra/soundsoftware/get-statistics.rb >> log/statistics.log"
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/deploy/config/cron.daily/20-check-end-of-external-repo-log	Thu Aug 17 11:55:29 2017 +0100
@@ -0,0 +1,2 @@
+#!/bin/bash
+tail -2 /var/log/external-repos.log
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/deploy/config/cron.hourly/00-drupal-cron	Thu Aug 17 11:55:29 2017 +0100
@@ -0,0 +1,3 @@
+#!/bin/bash
+/usr/bin/wget -O - -q -t 1 http://www.soundsoftware.ac.uk/cron.php
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/deploy/config/cron.hourly/10-redmine-fetch-changesets	Thu Aug 17 11:55:29 2017 +0100
@@ -0,0 +1,3 @@
+#!/bin/bash
+sudo -u code sh -c "cd /var/www/code ; ./script/rails runner \"Repository.fetch_changesets\" -e production 2>&1 | grep -v 'Not trusting' | grep -v 'svn:' | grep -v 'working copy' | grep -v 'deprecated' | grep -v 'version_requirements'"
+exit 0
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/deploy/config/cron.hourly/20-convert-external-repos	Thu Aug 17 11:55:29 2017 +0100
@@ -0,0 +1,2 @@
+#!/bin/bash
+sudo -H -u www-data /var/www/code/reposman/run-external.sh
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/deploy/config/cron.hourly/30-expire-explore-cache	Thu Aug 17 11:55:29 2017 +0100
@@ -0,0 +1,2 @@
+#!/bin/sh
+rm -f /var/www/code/tmp/cache/*/*/views*explore*
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/deploy/config/cron.hourly/40-export-git	Thu Aug 17 11:55:29 2017 +0100
@@ -0,0 +1,3 @@
+#!/bin/bash
+logfile="/var/www/code/log/export-git.log"
+sudo -u code sh -c "cd /tmp ; /var/www/code/extra/soundsoftware/export-git.sh production /var/hg /var/files/git-mirror >> $logfile 2>&1"
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/deploy/config/cron.minutely/00-redmine-repositories	Thu Aug 17 11:55:29 2017 +0100
@@ -0,0 +1,3 @@
+#!/bin/bash
+sudo -u www-data /var/www/code/reposman/run-reposman.sh
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/deploy/config/cron.monthly/00-backup-files	Thu Aug 17 11:55:29 2017 +0100
@@ -0,0 +1,10 @@
+#!/bin/sh
+for location in var/www etc/apache2 etc/cron.*; do
+	target="/var/files/backups/`echo $location | sed 's,/,_,g'`-`date +%Y%m%d%H%M`"
+	oldmask=`umask`
+	umask 0277
+	cd /
+	tar cjf "$target".tar.bz2 "$location"
+	umask "$oldmask"
+done
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/deploy/config/database.yml.in	Thu Aug 17 11:55:29 2017 +0100
@@ -0,0 +1,7 @@
+production:
+  adapter: postgresql
+  database: code
+  host: localhost
+  username: code
+  password: "INSERT_POSTGRES_PASSWORD_HERE"
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/deploy/config/hgweb.config	Thu Aug 17 11:55:29 2017 +0100
@@ -0,0 +1,6 @@
+[paths]
+/ = /var/hg/*
+
+[web]
+allow_archive = gz, zip, bz2
+allow_push = *
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/deploy/config/index.cgi	Thu Aug 17 11:55:29 2017 +0100
@@ -0,0 +1,67 @@
+#!/usr/bin/env python
+#
+# An example CGI script to export multiple hgweb repos, edit as necessary
+
+# adjust python path if not a system-wide install:
+#import sys
+#sys.path.insert(0, "/path/to/python/lib")
+
+# enable importing on demand to reduce startup time
+from mercurial import demandimport; demandimport.enable()
+
+# Uncomment to send python tracebacks to the browser if an error occurs:
+import cgitb
+cgitb.enable()
+
+# If you'd like to serve pages with UTF-8 instead of your default
+# locale charset, you can do so by uncommenting the following lines.
+# Note that this will cause your .hgrc files to be interpreted in
+# UTF-8 and all your repo files to be displayed using UTF-8.
+#
+import os
+os.environ["HGENCODING"] = "UTF-8"
+
+from mercurial.hgweb.hgwebdir_mod import hgwebdir
+import mercurial.hgweb.wsgicgi as wsgicgi
+
+# The config file looks like this.  You can have paths to individual
+# repos, collections of repos in a directory tree, or both.
+#
+# [paths]
+# virtual/path1 = /real/path1
+# virtual/path2 = /real/path2
+# virtual/root = /real/root/*
+# / = /real/root2/*
+# virtual/root2 = /real/root2/**
+#
+# [collections]
+# /prefix/to/strip/off = /root/of/tree/full/of/repos
+#
+# paths example:
+#
+# * First two lines mount one repository into one virtual path, like
+# '/real/path1' into 'virtual/path1'.
+#
+# * The third entry mounts every mercurial repository found in '/real/root'
+# in 'virtual/root'. This format is preferred over the [collections] one,
+# since using absolute paths as configuration keys is not supported on every
+# platform (especially on Windows).
+#
+# * The fourth entry is a special case mounting all repositories in
+# /'real/root2' in the root of the virtual directory.
+#
+# * The fifth entry recursively finds all repositories under the real root,
+# and mounts them using their relative path (to given real root) under the
+# virtual root.
+#
+# collections example: say directory tree /foo contains repos /foo/bar,
+# /foo/quux/baz.  Give this config section:
+#   [collections]
+#   /foo = /foo
+# Then repos will list as bar and quux/baz.
+#
+# Alternatively you can pass a list of ('virtual/path', '/real/path') tuples
+# or use a dictionary with entries like 'virtual/path': '/real/path'
+
+application = hgwebdir('hgweb.config')
+wsgicgi.launch(application)
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/deploy/config/logrotate.conf	Thu Aug 17 11:55:29 2017 +0100
@@ -0,0 +1,65 @@
+# see "man logrotate" for details
+# rotate log files weekly
+weekly
+
+# keep 4 weeks worth of backlogs
+rotate 4
+
+# create new (empty) log files after rotating old ones
+create
+
+# uncomment this if you want your log files compressed
+#compress
+
+# packages drop log rotation information into this directory
+include /etc/logrotate.d
+
+# no packages own wtmp, or btmp -- we'll rotate them here
+/var/log/wtmp {
+    missingok
+    monthly
+    create 0664 root utmp
+    rotate 1
+}
+
+/var/log/btmp {
+    missingok
+    monthly
+    create 0660 root utmp
+    rotate 1
+}
+
+# system-specific logs may be configured here
+/var/www/code/log/*.log {
+	weekly
+	missingok
+	rotate 52
+	compress
+	delaycompress
+	create 640 code code
+	sharedscripts
+	postrotate
+		touch /var/www/code/restart_files/restart.txt
+	endscript
+}
+
+/var/log/reposman.log {
+        weekly
+        missingok
+        rotate 52
+        compress
+        delaycompress
+        create 640 www-data code
+        sharedscripts
+}
+
+/var/log/external-repos.log {
+        weekly
+        missingok
+        rotate 52
+        compress
+        delaycompress
+        create 640 www-data code
+        sharedscripts
+}
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/deploy/config/passenger.conf	Thu Aug 17 11:55:29 2017 +0100
@@ -0,0 +1,2 @@
+PassengerMaxPoolSize 60
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/deploy/config/passenger.load	Thu Aug 17 11:55:29 2017 +0100
@@ -0,0 +1,3 @@
+LoadModule passenger_module /var/lib/gems/2.3.0/gems/passenger-4.0.60/buildout/apache2/mod_passenger.so
+PassengerRoot /var/lib/gems/2.3.0/gems/passenger-4.0.60
+PassengerDefaultRuby /usr/bin/ruby2.3
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/deploy/config/perl.conf	Thu Aug 17 11:55:29 2017 +0100
@@ -0,0 +1,4 @@
+# Apache::DBI is supposed to be a transparent replacement for Perl DBI with
+# better performance when multiple connections are made with common DSN, user
+# and password
+PerlModule Apache::DBI
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/deploy/docker/Dockerfile.in	Thu Aug 17 11:55:29 2017 +0100
@@ -0,0 +1,20 @@
+
+FROM ubuntu:16.04
+MAINTAINER Chris Cannam <cannam@all-day-breakfast.com>
+
+COPY . /var/www/code
+
+WORKDIR /var/www/code
+
+INSERT_PROVISIONING_HERE
+
+# Start Postgres and foregrounded Apache
+
+RUN echo "#!/bin/bash"                      > container-run.sh
+RUN echo "/etc/init.d/postgresql start"    >> container-run.sh
+RUN echo "apache2ctl -D FOREGROUND"        >> container-run.sh
+RUN chmod +x container-run.sh
+
+EXPOSE 80
+CMD ./container-run.sh
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/deploy/docker/Dockerfile.inline	Thu Aug 17 11:55:29 2017 +0100
@@ -0,0 +1,139 @@
+
+# For documentation and experimental purposes only. As a
+# reconstruction of the machine image that runs this application,
+# there are lots of things missing here; but as a good Docker
+# configuration, it fails by mixing together rather a lot of concerns.
+
+FROM ubuntu:16.04
+MAINTAINER Chris Cannam <cannam@all-day-breakfast.com>
+
+RUN apt-get update && \
+    apt-get install -y \
+    apache2 \
+    apache2-dev \
+    apt-utils \
+    build-essential \
+    cron \
+    curl \
+    doxygen \
+    exim4 \
+    git \
+    graphviz \
+    imagemagick \
+    libapache-dbi-perl \
+    libapache2-mod-perl2 \
+    libapr1-dev \
+    libaprutil1-dev \
+    libauthen-simple-ldap-perl \
+    libcurl4-openssl-dev \
+    libdbd-pg-perl \
+    libpq-dev \
+    libmagickwand-dev \
+    libio-socket-ssl-perl \
+    logrotate \
+    mercurial \
+    postgresql \
+    rsync \
+    ruby \
+    ruby-dev \
+    sudo
+
+# Also used on the live site, for javadoc extraction, but this is
+# would be by far the biggest package here: let's omit it while we're
+# not making use of it
+#   openjdk-9-jdk-headless
+
+RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
+
+
+# Passenger gets installed through gem, not apt
+
+RUN gem install passenger -v 4.0.60 --no-rdoc --no-ri
+RUN passenger-install-apache2-module --languages=ruby
+
+
+# Copy across webapp, set up ownership
+
+COPY . /var/www/code
+
+RUN groupadd code
+RUN useradd -g code -G www-data code
+RUN chown -R code.www-data /var/www/code
+RUN find /var/www/code -type d -exec chmod g+s \{\} \;
+
+
+# Initialise /var/hg (in reality this would be mounted from somewhere)
+
+RUN mkdir -p /var/hg
+RUN chown code.www-data /var/hg
+RUN chmod g+s /var/hg
+COPY extra/soundsoftware/scripted-deploy/config/index.cgi /var/hg/
+COPY extra/soundsoftware/scripted-deploy/config/hgweb.config /var/hg/
+RUN chmod +x /var/hg/index.cgi
+
+
+# We're based in the code webapp directory from here on
+
+WORKDIR /var/www/code
+
+
+# Set up database config etc
+
+RUN cp extra/soundsoftware/scripted-deploy/config/database.yml.interpolated config/database.yml
+
+
+# Install Rails and dependencies (database.yml must be populated before this)
+
+RUN gem install bundler
+RUN bundle install
+
+
+# Initialise Redmine token (bundler must be installed before this)
+
+RUN bundle exec rake generate_secret_token
+
+
+# Import Postgres database from postgres-dumpall file
+
+RUN chown postgres postgres-dumpall
+RUN /etc/init.d/postgresql start && sudo -u postgres psql -f postgres-dumpall postgres
+RUN rm postgres-dumpall
+
+
+# Install Perl auth module for Hg access
+
+RUN mkdir -p /usr/local/lib/site_perl/Apache/Authn/
+RUN cp extra/soundsoftware/SoundSoftware.pm /usr/local/lib/site_perl/Apache/Authn/
+
+
+# Set up Apache config (todo: insert variables)
+
+RUN rm -f /etc/apache2/sites-enabled/000-default.conf
+
+RUN cp extra/soundsoftware/scripted-deploy/config/passenger.conf /etc/apache2/mods-available/
+RUN cp extra/soundsoftware/scripted-deploy/config/passenger.load /etc/apache2/mods-available/
+RUN cp extra/soundsoftware/scripted-deploy/config/perl.conf      /etc/apache2/mods-available/
+
+RUN ln -s ../mods-available/passenger.conf  /etc/apache2/mods-enabled/
+RUN ln -s ../mods-available/passenger.load  /etc/apache2/mods-enabled/
+RUN ln -s ../mods-available/perl.conf       /etc/apache2/mods-enabled/
+RUN ln -s ../mods-available/expires.load    /etc/apache2/mods-enabled/
+RUN ln -s ../mods-available/rewrite.load    /etc/apache2/mods-enabled/
+RUN ln -s ../mods-available/cgi.load        /etc/apache2/mods-enabled/
+
+RUN cp extra/soundsoftware/scripted-deploy/config/code.conf.interpolated /etc/apache2/sites-available/code.conf
+RUN ln -s ../sites-available/code.conf /etc/apache2/sites-enabled/10-code.conf
+
+RUN apache2ctl configtest
+
+
+# Start Postgres and foregrounded Apache
+
+RUN echo "#!/bin/bash"                      > container-run.sh
+RUN echo "/etc/init.d/postgresql start"    >> container-run.sh
+RUN echo "apache2ctl -D FOREGROUND"        >> container-run.sh
+RUN chmod +x container-run.sh
+
+EXPOSE 80
+CMD ./container-run.sh
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/deploy/docker/start.sh	Thu Aug 17 11:55:29 2017 +0100
@@ -0,0 +1,70 @@
+#!/bin/bash
+
+mydir=$(dirname "$0")
+
+dbpwd="$1"
+if [ -z "$dbpwd" ]; then
+    echo "Usage: $0 <database-password>" 1>&2
+    exit 2
+fi
+
+set -eu -o pipefail
+
+rootdir="$mydir/../.."
+
+deploydir="$rootdir"/deploy
+if [ ! -d "$deploydir" ]; then
+    echo "ERROR: Unexpected repository layout - expected directory at $deploydir"
+    exit 2
+fi
+
+managerdir="$deploydir/docker"
+if [ ! -d "$managerdir" ]; then
+    echo "ERROR: Required directory $managerdir not found"
+    exit 2
+fi
+
+configdir="$deploydir/config"
+if [ ! -d "$configdir" ]; then
+    echo "ERROR: Required directory $configdir not found"
+    exit 2
+fi
+
+if [ ! -f "$rootdir/postgres-dumpall" ]; then
+    echo "ERROR: I expect to find a Postgres SQL multi-db dump file in $rootdir/postgres-dumpall"
+    exit 2
+fi
+
+fontdir="$rootdir"/public/themes/soundsoftware/stylesheets/fonts
+if [ ! -f "$fontdir/24BC0E_0_0.woff" ]; then
+    echo "ERROR: I expect to find necessary webfonts in $fontdir"
+    exit 2
+fi
+
+for f in database.yml code.conf ; do
+    cat "$configdir/$f.in" |
+        sed 's/INSERT_POSTGRES_PASSWORD_HERE/'"$dbpwd"'/g' > \
+            "$configdir/$f"
+done
+
+provisioning_commands=$(
+    for x in "$deploydir"/provision.d/[0-9]*; do
+        echo "RUN /bin/bash /var/www/code/deploy/provision.d/$(basename $x)"
+    done | sed 's/$/\\n/' | fmt -2000 | sed 's/ RUN/RUN/g' )
+
+( echo
+  echo "### DO NOT EDIT THIS FILE - it is generated from Dockerfile.in"
+  echo
+) > "$managerdir/Dockerfile"
+
+cat "$managerdir/Dockerfile.in" |
+    sed 's,INSERT_PROVISIONING_HERE,'"$provisioning_commands"',' >> \
+        "$managerdir/Dockerfile"
+
+cd "$rootdir"
+
+dockertag="cannam/soundsoftware-site"
+
+sudo docker build -t "$dockertag" -f "deploy/docker/Dockerfile" .
+sudo docker run -p 8080:80 -d "$dockertag"
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/deploy/provision.d/000-system-packages.sh	Thu Aug 17 11:55:29 2017 +0100
@@ -0,0 +1,41 @@
+#!/bin/bash
+
+set -e
+
+apt-get update && \
+    apt-get dist-upgrade -y && \
+    apt-get install -y \
+            ack-grep \
+            apache2 \
+            apache2-dev \
+            apt-utils \
+            build-essential \
+            cron \
+            curl \
+            doxygen \
+            exim4 \
+            git \
+            graphviz \
+            imagemagick \
+            libapache-dbi-perl \
+            libapache2-mod-perl2 \
+            libapr1-dev \
+            libaprutil1-dev \
+            libauthen-simple-ldap-perl \
+            libcurl4-openssl-dev \
+            libdbd-pg-perl \
+            libpq-dev \
+            libmagickwand-dev \
+            libio-socket-ssl-perl \
+            logrotate \
+            mercurial \
+            postgresql \
+            rsync \
+            ruby \
+            ruby-dev \
+            sudo
+
+apt-get clean && rm -rf /var/lib/apt/lists/*
+locale-gen en_US.UTF-8
+
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/deploy/provision.d/010-passenger.sh	Thu Aug 17 11:55:29 2017 +0100
@@ -0,0 +1,11 @@
+#!/bin/bash
+
+set -e
+
+# Passenger gets installed through gem, not apt
+
+if [ ! -f /var/lib/gems/2.3.0/gems/passenger-4.0.60/buildout/apache2/mod_passenger.so ]; then
+    gem install passenger -v 4.0.60 --no-rdoc --no-ri
+    passenger-install-apache2-module --languages=ruby
+fi
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/deploy/provision.d/020-users.sh	Thu Aug 17 11:55:29 2017 +0100
@@ -0,0 +1,9 @@
+#!/bin/bash
+
+set -e
+
+if ! grep -q '^code:' /etc/passwd ; then
+    groupadd code
+    useradd -g code -G www-data code
+fi
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/deploy/provision.d/030-webapp-dir.sh	Thu Aug 17 11:55:29 2017 +0100
@@ -0,0 +1,16 @@
+#!/bin/bash
+
+set -e
+
+if [ ! -d /var/www/code ]; then
+    if [ ! -d /code-to-deploy ]; then
+        echo "ERROR: Expected to find code tree at /code-to-deploy: is the deployment script being invoked correctly?"
+        exit 2
+    fi
+    cp -a /code-to-deploy /var/www/code
+fi
+
+chown -R code.www-data /var/www/code
+find /var/www/code -type d -exec chmod g+s \{\} \;
+
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/deploy/provision.d/040-hg-dir.sh	Thu Aug 17 11:55:29 2017 +0100
@@ -0,0 +1,20 @@
+#!/bin/bash
+
+set -e
+
+if [ ! -f /var/hg/index.cgi ]; then
+    mkdir -p /var/hg
+    chown code.www-data /var/hg
+    chmod g+s /var/hg
+    cp /var/www/code/deploy/config/index.cgi /var/hg/
+    cp /var/www/code/deploy/config/hgweb.config /var/hg/
+    chmod +x /var/hg/index.cgi
+fi
+
+if [ ! -d /var/hg/vamp-plugin-sdk ]; then
+    # This project can be used for testing
+    echo "Cloning vamp-plugin-sdk repo for testing..."
+    cd /var/hg
+    hg clone https://code.soundsoftware.ac.uk/hg/vamp-plugin-sdk
+    chown -R code.www-data vamp-plugin-sdk
+fi
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/deploy/provision.d/050-webapp-db.sh	Thu Aug 17 11:55:29 2017 +0100
@@ -0,0 +1,15 @@
+#!/bin/bash
+
+set -e
+
+infile=/var/www/code/deploy/config/database.yml
+
+if [ ! -f "$infile" ]; then
+    echo "ERROR: Database config file $infile not found - has the database secret been interpolated from $infile.in correctly?"
+    exit 2
+fi
+
+if [ ! -f /var/www/code/config/database.yml ]; then
+    cp "$infile" /var/www/code/config/database.yml
+fi
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/deploy/provision.d/060-bundler.sh	Thu Aug 17 11:55:29 2017 +0100
@@ -0,0 +1,8 @@
+#!/bin/bash
+
+set -e
+
+cd /var/www/code
+gem install bundler
+bundle install
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/deploy/provision.d/070-secret-token.sh	Thu Aug 17 11:55:29 2017 +0100
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+set -e
+
+cd /var/www/code
+bundle exec rake generate_secret_token
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/deploy/provision.d/080-database-load.sh	Thu Aug 17 11:55:29 2017 +0100
@@ -0,0 +1,16 @@
+#!/bin/bash
+
+set -e
+
+/etc/init.d/postgresql start
+
+cd /var/www/code
+
+if [ -f postgres-dumpall ]; then
+    chmod ugo+r postgres-dumpall
+    sudo -u postgres psql -f postgres-dumpall postgres
+    rm postgres-dumpall # This was just a copy of the shared folder file anyway
+fi
+
+
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/deploy/provision.d/090-perl-auth-module.sh	Thu Aug 17 11:55:29 2017 +0100
@@ -0,0 +1,9 @@
+#!/bin/bash
+
+set -e
+
+if [ ! -f /usr/local/lib/site_perl/Apache/Authn/SoundSoftware.pm ]; then
+    mkdir -p /usr/local/lib/site_perl/Apache/Authn/
+    cp /var/www/code/extra/soundsoftware/SoundSoftware.pm /usr/local/lib/site_perl/Apache/Authn/
+fi
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/deploy/provision.d/100-apache-config.sh	Thu Aug 17 11:55:29 2017 +0100
@@ -0,0 +1,35 @@
+#!/bin/bash
+
+set -e
+
+cd /var/www/code
+
+codeconffile=/var/www/code/deploy/config/code.conf
+
+if [ ! -f "$codeconffile" ]; then
+    echo "ERROR: Apache config file $codeconffile not found - has the database secret been interpolated from $codeconffile.in correctly?"
+    exit 2
+fi
+
+if [ ! -f /etc/apache2/sites-enabled/10-code.conf ]; then
+
+    rm -f /etc/apache2/sites-enabled/000-default.conf
+
+    cp deploy/config/passenger.conf /etc/apache2/mods-available/
+    cp deploy/config/passenger.load /etc/apache2/mods-available/
+    cp deploy/config/perl.conf      /etc/apache2/mods-available/
+
+    ln -s ../mods-available/passenger.conf  /etc/apache2/mods-enabled/
+    ln -s ../mods-available/passenger.load  /etc/apache2/mods-enabled/
+    ln -s ../mods-available/perl.conf       /etc/apache2/mods-enabled/
+    ln -s ../mods-available/expires.load    /etc/apache2/mods-enabled/
+    ln -s ../mods-available/rewrite.load    /etc/apache2/mods-enabled/
+    ln -s ../mods-available/cgi.load        /etc/apache2/mods-enabled/
+
+    cp "$codeconffile" /etc/apache2/sites-available/code.conf
+    ln -s ../sites-available/code.conf /etc/apache2/sites-enabled/10-code.conf
+
+    apache2ctl configtest
+
+fi
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/deploy/provision.d/110-apache-start.sh	Thu Aug 17 11:55:29 2017 +0100
@@ -0,0 +1,6 @@
+#!/bin/bash
+
+set -e
+
+apache2ctl restart
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/deploy/vagrant/Vagrantfile	Thu Aug 17 11:55:29 2017 +0100
@@ -0,0 +1,9 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+Vagrant.configure("2") do |config|
+  config.vm.box = "ubuntu/xenial64"
+  config.vm.network "forwarded_port", guest: 80, host: 8080
+  config.vm.synced_folder "../..", "/code-to-deploy"
+  config.vm.provision :shell, path: "vagrant-provision.sh"
+end
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/deploy/vagrant/start.sh	Thu Aug 17 11:55:29 2017 +0100
@@ -0,0 +1,53 @@
+#!/bin/bash
+
+mydir=$(dirname "$0")
+
+dbpwd="$1"
+if [ -z "$dbpwd" ]; then
+    echo "Usage: $0 <database-password>" 1>&2
+    exit 2
+fi
+
+set -eu -o pipefail
+
+rootdir="$mydir/../.."
+
+deploydir="$rootdir"/deploy
+if [ ! -d "$deploydir" ]; then
+    echo "ERROR: Unexpected repository layout - expected directory at $deploydir"
+    exit 2
+fi
+
+managerdir="$deploydir/vagrant"
+if [ ! -d "$managerdir" ]; then
+    echo "ERROR: Required directory $managerdir not found"
+    exit 2
+fi
+
+configdir="$deploydir/config"
+if [ ! -d "$configdir" ]; then
+    echo "ERROR: Required directory $configdir not found"
+    exit 2
+fi
+
+if [ ! -f "$rootdir/postgres-dumpall" ]; then
+    echo "ERROR: I expect to find a Postgres SQL multi-db dump file in $rootdir/postgres-dumpall"
+    exit 2
+fi
+
+fontdir="$rootdir"/public/themes/soundsoftware/stylesheets/fonts
+if [ ! -f "$fontdir/24BC0E_0_0.woff" ]; then
+    echo "ERROR: I expect to find necessary webfonts in $fontdir"
+    exit 2
+fi
+
+for f in database.yml code.conf ; do
+    cat "$configdir/$f.in" |
+        sed 's/INSERT_POSTGRES_PASSWORD_HERE/'"$dbpwd"'/g' > \
+            "$configdir/$f"
+done
+
+cd "$managerdir"
+
+vagrant up
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/deploy/vagrant/vagrant-provision.sh	Thu Aug 17 11:55:29 2017 +0100
@@ -0,0 +1,20 @@
+#!/bin/bash
+
+#!!! still not covered:
+# * cron jobs
+# * https
+# * web fonts
+# * reposman scripts (and their API key setup, etc)
+# * docgen script install
+# * logrotate config (check against system one)
+
+set -e
+
+for f in /code-to-deploy/deploy/provision.d/[0-9]* ; do
+    case "$f" in
+        *~) ;;
+        *) echo "Running provision script: $f"
+           /bin/bash "$f";;
+    esac
+done
+
--- a/extra/soundsoftware/scripted-deploy/config/code.conf	Wed Aug 16 16:58:22 2017 +0100
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,94 +0,0 @@
-
-# A test Apache config. Lacks SSL, lacks a desirable extra layer of
-# authentication for admin interface paths. Do not deploy this.
-
-PerlLoadModule Apache::Authn::SoundSoftware
-
-<VirtualHost *:80>
-        ServerName code.soundsoftware.ac.uk
-        ServerAdmin chris.cannam@soundsoftware.ac.uk
-
-        DocumentRoot /var/www/code/public
-        PassengerRestartDir restart_files
-        PassengerHighPerformance on
-        PassengerMaxRequests 50000
-        PassengerStatThrottleRate 5
-	PassengerStartTimeout 60
-	PassengerFriendlyErrorPages on
-        RailsSpawnMethod smart
-        ExpiresDefault "access plus 1 minute"
-
-        <DirectoryMatch "^/.*/\.svn/">
-                Order allow,deny
-                Deny from all
-                Satisfy All
-        </DirectoryMatch>
-
-        <DirectoryMatch "^/.*/\.hg/">
-                Order allow,deny
-                Deny from all
-                Satisfy All
-        </DirectoryMatch>
-
-        <DirectoryMatch "^/.*/\.git/">
-                Order allow,deny
-                Deny from all
-                Satisfy All
-        </DirectoryMatch>
-
-        <Directory /var/www/code/public>
-                Options -MultiViews
-	</Directory>
-
-        <Directory /var/www/code/public/themes/soundsoftware/stylesheets/fonts>
-		# Avoid other sites embedding our fonts
-		RewriteEngine on
-		RewriteCond %{HTTP_REFERER} !^$
-		RewriteCond %{HTTP_REFERER} !^http(s)?://code.soundsoftware.ac.uk/.*$ [NC]
-		RewriteRule \.(ttf|woff|eot|otf|svg|zip|gz|html|txt)$ - [F]
-	</Directory>
-
-	ScriptAlias /hg "/var/hg/index.cgi"
-
-	<Location /hg>
-               	AuthName "Mercurial"
-                AuthType Basic
-                Require valid-user
-		PerlAccessHandler Apache::Authn::SoundSoftware::access_handler
-      		PerlAuthenHandler Apache::Authn::SoundSoftware::authen_handler
-		PerlSetVar HTTPS "on"
-		SoundSoftwareDSN "dbi:Pg:database=code;host=localhost"
-    		SoundSoftwareDbUser "code"
-     		SoundSoftwareDbPass "INSERT_POSTGRES_PASSWORD_HERE"
-		SoundSoftwareRepoPrefix "/var/hg/"
-                #!!! "on" in production please!:
-                SoundSoftwareSslRequired "off"
-		Options +ExecCGI
-		AddHandler cgi-script .cgi
-		ExpiresDefault now
-        </Location>
-
-	Alias /git "/var/files/git-mirror"
-
-	<Directory "/var/files/git-mirror">
-		Options -Indexes +FollowSymLinks
-                Order allow,deny
-                Allow from all
-	</Directory>
-	<Directory ~ "/var/files/git-mirror/.*\.workdir">
-		Order allow,deny
-		Deny from all
-	</Directory>
-	<Directory ~ "/var/files/git-mirror/__.*">
-                Order allow,deny
-                Deny from all
-	</Directory>
-
-	ErrorLog /var/log/apache2/code-error.log
-	CustomLog /var/log/apache2/code-access.log vhost_combined
-
-        LogLevel warn
-        ServerSignature Off
-
-</VirtualHost>
-
--- a/extra/soundsoftware/scripted-deploy/config/cron.daily/00-backup-db	Wed Aug 16 16:58:22 2017 +0100
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,6 +0,0 @@
-#!/bin/sh
-outfile="/var/files/backups/postgres-dumpall-`date +%Y%m%d%H%M`"
-oldmask=`umask`
-umask 0277
-su postgres -c /usr/bin/pg_dumpall > "$outfile" && bzip2 "$outfile"
-umask "$oldmask"
--- a/extra/soundsoftware/scripted-deploy/config/cron.daily/10-extract-docs	Wed Aug 16 16:58:22 2017 +0100
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,3 +0,0 @@
-#!/bin/bash
-cd /tmp
-/var/www/code/docgen/extract-docs.sh
--- a/extra/soundsoftware/scripted-deploy/config/cron.daily/15-get-statistics	Wed Aug 16 16:58:22 2017 +0100
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,2 +0,0 @@
-#!/bin/bash
-sudo -u code sh -c "cd /var/www/code ; ./script/rails runner -e production extra/soundsoftware/get-statistics.rb >> log/statistics.log"
--- a/extra/soundsoftware/scripted-deploy/config/cron.daily/20-check-end-of-external-repo-log	Wed Aug 16 16:58:22 2017 +0100
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,2 +0,0 @@
-#!/bin/bash
-tail -2 /var/log/external-repos.log
--- a/extra/soundsoftware/scripted-deploy/config/cron.hourly/00-drupal-cron	Wed Aug 16 16:58:22 2017 +0100
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,3 +0,0 @@
-#!/bin/bash
-/usr/bin/wget -O - -q -t 1 http://www.soundsoftware.ac.uk/cron.php
-
--- a/extra/soundsoftware/scripted-deploy/config/cron.hourly/10-redmine-fetch-changesets	Wed Aug 16 16:58:22 2017 +0100
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,3 +0,0 @@
-#!/bin/bash
-sudo -u code sh -c "cd /var/www/code ; ./script/rails runner \"Repository.fetch_changesets\" -e production 2>&1 | grep -v 'Not trusting' | grep -v 'svn:' | grep -v 'working copy' | grep -v 'deprecated' | grep -v 'version_requirements'"
-exit 0
--- a/extra/soundsoftware/scripted-deploy/config/cron.hourly/20-convert-external-repos	Wed Aug 16 16:58:22 2017 +0100
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,2 +0,0 @@
-#!/bin/bash
-sudo -H -u www-data /var/www/code/reposman/run-external.sh
--- a/extra/soundsoftware/scripted-deploy/config/cron.hourly/30-expire-explore-cache	Wed Aug 16 16:58:22 2017 +0100
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,2 +0,0 @@
-#!/bin/sh
-rm -f /var/www/code/tmp/cache/*/*/views*explore*
--- a/extra/soundsoftware/scripted-deploy/config/cron.hourly/40-export-git	Wed Aug 16 16:58:22 2017 +0100
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,3 +0,0 @@
-#!/bin/bash
-logfile="/var/www/code/log/export-git.log"
-sudo -u code sh -c "cd /tmp ; /var/www/code/extra/soundsoftware/export-git.sh production /var/hg /var/files/git-mirror >> $logfile 2>&1"
--- a/extra/soundsoftware/scripted-deploy/config/cron.minutely/00-redmine-repositories	Wed Aug 16 16:58:22 2017 +0100
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,3 +0,0 @@
-#!/bin/bash
-sudo -u www-data /var/www/code/reposman/run-reposman.sh
-
--- a/extra/soundsoftware/scripted-deploy/config/cron.monthly/00-backup-files	Wed Aug 16 16:58:22 2017 +0100
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,10 +0,0 @@
-#!/bin/sh
-for location in var/www etc/apache2 etc/cron.*; do
-	target="/var/files/backups/`echo $location | sed 's,/,_,g'`-`date +%Y%m%d%H%M`"
-	oldmask=`umask`
-	umask 0277
-	cd /
-	tar cjf "$target".tar.bz2 "$location"
-	umask "$oldmask"
-done
-
--- a/extra/soundsoftware/scripted-deploy/config/database.yml	Wed Aug 16 16:58:22 2017 +0100
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,7 +0,0 @@
-production:
-  adapter: postgresql
-  database: code
-  host: localhost
-  username: code
-  password: "INSERT_POSTGRES_PASSWORD_HERE"
-
--- a/extra/soundsoftware/scripted-deploy/config/hgweb.config	Wed Aug 16 16:58:22 2017 +0100
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,6 +0,0 @@
-[paths]
-/ = /var/hg/*
-
-[web]
-allow_archive = gz, zip, bz2
-allow_push = *
--- a/extra/soundsoftware/scripted-deploy/config/index.cgi	Wed Aug 16 16:58:22 2017 +0100
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,67 +0,0 @@
-#!/usr/bin/env python
-#
-# An example CGI script to export multiple hgweb repos, edit as necessary
-
-# adjust python path if not a system-wide install:
-#import sys
-#sys.path.insert(0, "/path/to/python/lib")
-
-# enable importing on demand to reduce startup time
-from mercurial import demandimport; demandimport.enable()
-
-# Uncomment to send python tracebacks to the browser if an error occurs:
-import cgitb
-cgitb.enable()
-
-# If you'd like to serve pages with UTF-8 instead of your default
-# locale charset, you can do so by uncommenting the following lines.
-# Note that this will cause your .hgrc files to be interpreted in
-# UTF-8 and all your repo files to be displayed using UTF-8.
-#
-import os
-os.environ["HGENCODING"] = "UTF-8"
-
-from mercurial.hgweb.hgwebdir_mod import hgwebdir
-import mercurial.hgweb.wsgicgi as wsgicgi
-
-# The config file looks like this.  You can have paths to individual
-# repos, collections of repos in a directory tree, or both.
-#
-# [paths]
-# virtual/path1 = /real/path1
-# virtual/path2 = /real/path2
-# virtual/root = /real/root/*
-# / = /real/root2/*
-# virtual/root2 = /real/root2/**
-#
-# [collections]
-# /prefix/to/strip/off = /root/of/tree/full/of/repos
-#
-# paths example:
-#
-# * First two lines mount one repository into one virtual path, like
-# '/real/path1' into 'virtual/path1'.
-#
-# * The third entry mounts every mercurial repository found in '/real/root'
-# in 'virtual/root'. This format is preferred over the [collections] one,
-# since using absolute paths as configuration keys is not supported on every
-# platform (especially on Windows).
-#
-# * The fourth entry is a special case mounting all repositories in
-# /'real/root2' in the root of the virtual directory.
-#
-# * The fifth entry recursively finds all repositories under the real root,
-# and mounts them using their relative path (to given real root) under the
-# virtual root.
-#
-# collections example: say directory tree /foo contains repos /foo/bar,
-# /foo/quux/baz.  Give this config section:
-#   [collections]
-#   /foo = /foo
-# Then repos will list as bar and quux/baz.
-#
-# Alternatively you can pass a list of ('virtual/path', '/real/path') tuples
-# or use a dictionary with entries like 'virtual/path': '/real/path'
-
-application = hgwebdir('hgweb.config')
-wsgicgi.launch(application)
--- a/extra/soundsoftware/scripted-deploy/config/logrotate.conf	Wed Aug 16 16:58:22 2017 +0100
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,65 +0,0 @@
-# see "man logrotate" for details
-# rotate log files weekly
-weekly
-
-# keep 4 weeks worth of backlogs
-rotate 4
-
-# create new (empty) log files after rotating old ones
-create
-
-# uncomment this if you want your log files compressed
-#compress
-
-# packages drop log rotation information into this directory
-include /etc/logrotate.d
-
-# no packages own wtmp, or btmp -- we'll rotate them here
-/var/log/wtmp {
-    missingok
-    monthly
-    create 0664 root utmp
-    rotate 1
-}
-
-/var/log/btmp {
-    missingok
-    monthly
-    create 0660 root utmp
-    rotate 1
-}
-
-# system-specific logs may be configured here
-/var/www/code/log/*.log {
-	weekly
-	missingok
-	rotate 52
-	compress
-	delaycompress
-	create 640 code code
-	sharedscripts
-	postrotate
-		touch /var/www/code/restart_files/restart.txt
-	endscript
-}
-
-/var/log/reposman.log {
-        weekly
-        missingok
-        rotate 52
-        compress
-        delaycompress
-        create 640 www-data code
-        sharedscripts
-}
-
-/var/log/external-repos.log {
-        weekly
-        missingok
-        rotate 52
-        compress
-        delaycompress
-        create 640 www-data code
-        sharedscripts
-}
-
--- a/extra/soundsoftware/scripted-deploy/config/passenger.conf	Wed Aug 16 16:58:22 2017 +0100
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,2 +0,0 @@
-PassengerMaxPoolSize 60
-
--- a/extra/soundsoftware/scripted-deploy/config/passenger.load	Wed Aug 16 16:58:22 2017 +0100
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,3 +0,0 @@
-LoadModule passenger_module /var/lib/gems/2.3.0/gems/passenger-4.0.60/buildout/apache2/mod_passenger.so
-PassengerRoot /var/lib/gems/2.3.0/gems/passenger-4.0.60
-PassengerDefaultRuby /usr/bin/ruby2.3
--- a/extra/soundsoftware/scripted-deploy/config/perl.conf	Wed Aug 16 16:58:22 2017 +0100
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,4 +0,0 @@
-# Apache::DBI is supposed to be a transparent replacement for Perl DBI with
-# better performance when multiple connections are made with common DSN, user
-# and password
-PerlModule Apache::DBI
--- a/extra/soundsoftware/scripted-deploy/docker/Dockerfile	Wed Aug 16 16:58:22 2017 +0100
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,139 +0,0 @@
-
-# For documentation and experimental purposes only. As a
-# reconstruction of the machine image that runs this application,
-# there are lots of things missing here; but as a good Docker
-# configuration, it fails by mixing together rather a lot of concerns.
-
-FROM ubuntu:16.04
-MAINTAINER Chris Cannam <cannam@all-day-breakfast.com>
-
-RUN apt-get update && \
-    apt-get install -y \
-    apache2 \
-    apache2-dev \
-    apt-utils \
-    build-essential \
-    cron \
-    curl \
-    doxygen \
-    exim4 \
-    git \
-    graphviz \
-    imagemagick \
-    libapache-dbi-perl \
-    libapache2-mod-perl2 \
-    libapr1-dev \
-    libaprutil1-dev \
-    libauthen-simple-ldap-perl \
-    libcurl4-openssl-dev \
-    libdbd-pg-perl \
-    libpq-dev \
-    libmagickwand-dev \
-    libio-socket-ssl-perl \
-    logrotate \
-    mercurial \
-    postgresql \
-    rsync \
-    ruby \
-    ruby-dev \
-    sudo
-
-# Also used on the live site, for javadoc extraction, but this is
-# would be by far the biggest package here: let's omit it while we're
-# not making use of it
-#   openjdk-9-jdk-headless
-
-RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
-
-
-# Passenger gets installed through gem, not apt
-
-RUN gem install passenger -v 4.0.60 --no-rdoc --no-ri
-RUN passenger-install-apache2-module --languages=ruby
-
-
-# Copy across webapp, set up ownership
-
-COPY . /var/www/code
-
-RUN groupadd code
-RUN useradd -g code -G www-data code
-RUN chown -R code.www-data /var/www/code
-RUN find /var/www/code -type d -exec chmod g+s \{\} \;
-
-
-# Initialise /var/hg (in reality this would be mounted from somewhere)
-
-RUN mkdir -p /var/hg
-RUN chown code.www-data /var/hg
-RUN chmod g+s /var/hg
-COPY extra/soundsoftware/scripted-deploy/config/index.cgi /var/hg/
-COPY extra/soundsoftware/scripted-deploy/config/hgweb.config /var/hg/
-RUN chmod +x /var/hg/index.cgi
-
-
-# We're based in the code webapp directory from here on
-
-WORKDIR /var/www/code
-
-
-# Set up database config etc
-
-RUN cp extra/soundsoftware/scripted-deploy/config/database.yml.interpolated config/database.yml
-
-
-# Install Rails and dependencies (database.yml must be populated before this)
-
-RUN gem install bundler
-RUN bundle install
-
-
-# Initialise Redmine token (bundler must be installed before this)
-
-RUN bundle exec rake generate_secret_token
-
-
-# Import Postgres database from postgres-dumpall file
-
-RUN chown postgres postgres-dumpall
-RUN /etc/init.d/postgresql start && sudo -u postgres psql -f postgres-dumpall postgres
-RUN rm postgres-dumpall
-
-
-# Install Perl auth module for Hg access
-
-RUN mkdir -p /usr/local/lib/site_perl/Apache/Authn/
-RUN cp extra/soundsoftware/SoundSoftware.pm /usr/local/lib/site_perl/Apache/Authn/
-
-
-# Set up Apache config (todo: insert variables)
-
-RUN rm -f /etc/apache2/sites-enabled/000-default.conf
-
-RUN cp extra/soundsoftware/scripted-deploy/config/passenger.conf /etc/apache2/mods-available/
-RUN cp extra/soundsoftware/scripted-deploy/config/passenger.load /etc/apache2/mods-available/
-RUN cp extra/soundsoftware/scripted-deploy/config/perl.conf      /etc/apache2/mods-available/
-
-RUN ln -s ../mods-available/passenger.conf  /etc/apache2/mods-enabled/
-RUN ln -s ../mods-available/passenger.load  /etc/apache2/mods-enabled/
-RUN ln -s ../mods-available/perl.conf       /etc/apache2/mods-enabled/
-RUN ln -s ../mods-available/expires.load    /etc/apache2/mods-enabled/
-RUN ln -s ../mods-available/rewrite.load    /etc/apache2/mods-enabled/
-RUN ln -s ../mods-available/cgi.load        /etc/apache2/mods-enabled/
-
-RUN cp extra/soundsoftware/scripted-deploy/config/code.conf.interpolated /etc/apache2/sites-available/code.conf
-RUN ln -s ../sites-available/code.conf /etc/apache2/sites-enabled/10-code.conf
-
-RUN apache2ctl configtest
-
-
-# Start Postgres and foregrounded Apache
-
-RUN echo "#!/bin/bash"                      > container-run.sh
-RUN echo "/etc/init.d/postgresql start"    >> container-run.sh
-RUN echo "apache2ctl -D FOREGROUND"        >> container-run.sh
-RUN chmod +x container-run.sh
-
-EXPOSE 80
-CMD ./container-run.sh
-
--- a/extra/soundsoftware/scripted-deploy/docker/start.sh	Wed Aug 16 16:58:22 2017 +0100
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,57 +0,0 @@
-#!/bin/bash
-
-mydir=$(dirname "$0")
-
-dbpwd="$1"
-if [ -z "$dbpwd" ]; then
-    echo "Usage: $0 <database-password>" 1>&2
-    exit 2
-fi
-
-set -eu
-
-sswdir="$mydir/../.."
-rootdir="$sswdir/../.."
-
-deploydir="$sswdir"/scripted-deploy
-if [ ! -d "$deploydir" ]; then
-    echo "ERROR: Unexpected repository layout - expected directory at $deploydir"
-    exit 2
-fi
-
-managerdir="$deploydir/docker"
-if [ ! -d "$managerdir" ]; then
-    echo "ERROR: Required directory $managerdir not found"
-    exit 2
-fi
-
-configdir="$deploydir/config"
-if [ ! -d "$configdir" ]; then
-    echo "ERROR: Required directory $configdir not found"
-    exit 2
-fi
-
-if [ ! -f "$rootdir/postgres-dumpall" ]; then
-    echo "ERROR: I expect to find a Postgres SQL multi-db dump file in $rootdir/postgres-dumpall"
-    exit 2
-fi
-
-fontdir="$rootdir"/public/themes/soundsoftware/stylesheets/fonts
-if [ ! -f "$fontdir/24BC0E_0_0.woff" ]; then
-    echo "ERROR: I expect to find necessary webfonts in $fontdir"
-    exit 2
-fi
-
-for f in database.yml code.conf ; do
-    cat "$configdir/$f" |
-        sed 's/INSERT_POSTGRES_PASSWORD_HERE/'"$dbpwd"'/g' > \
-            "$configdir/$f.interpolated"
-done
-
-cd "$rootdir"
-
-dockertag="cannam/soundsoftware-site"
-
-sudo docker build -t "$dockertag" -f "$managerdir/Dockerfile" .
-sudo docker run -p 8080:80 -d "$dockertag"
-
--- a/extra/soundsoftware/scripted-deploy/vagrant/Vagrantfile	Wed Aug 16 16:58:22 2017 +0100
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,9 +0,0 @@
-# -*- mode: ruby -*-
-# vi: set ft=ruby :
-
-Vagrant.configure("2") do |config|
-  config.vm.box = "ubuntu/xenial64"
-  config.vm.network "forwarded_port", guest: 80, host: 8080
-  config.vm.synced_folder "../../../..", "/vagrant-code"
-  config.vm.provision :shell, path: "vagrant-provision.sh"
-end
--- a/extra/soundsoftware/scripted-deploy/vagrant/provision.d/000-system-packages.sh	Wed Aug 16 16:58:22 2017 +0100
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,81 +0,0 @@
-#!/bin/bash
-
-set -e
-
-if [ -x /usr/bin/yum ]; then
-
-    # Assumption: CentOS 7
-
-    # This doesn't work -- I got hung up on the problem of making a
-    # sufficiently recent Ruby act as the system /usr/bin/ruby without
-    # massively overcomplicating things, and decided not to persist
-    # with it
-
-    yum install -y epel-release centos-release-scl && \
-        yum update -y && \
-        yum install -y \
-            httpd \
-            httpd-devel \
-            gcc \
-            gcc-c++ \
-            curl \
-            doxygen \
-            git \
-            mercurial \
-            mod_perl \
-            postgresql \
-            rh-ruby24 \
-            rh-ruby24-ruby-devel \
-            rh-ruby24-rubygems \
-            rh-ruby24-rubygems-devel \
-            logrotate
-
-    if [ -f /usr/bin/ruby ]; then
-        yum remove -y ruby
-    fi
-
-    cat > /etc/profile.d/enableruby24.sh <<EOF
-#!/bin/bash
-source scl_source enable rh-ruby24
-EOF
-
-else
-
-    # Assumption: Ubuntu 16.04
-
-    # This is the working one!
-
-    apt-get update && \
-        apt-get dist-upgrade -y && \
-        apt-get install -y \
-                ack-grep \
-                apache2 \
-                apache2-dev \
-                apt-utils \
-                build-essential \
-                cron \
-                curl \
-                doxygen \
-                exim4 \
-                git \
-                graphviz \
-                imagemagick \
-                libapache-dbi-perl \
-                libapache2-mod-perl2 \
-                libapr1-dev \
-                libaprutil1-dev \
-                libauthen-simple-ldap-perl \
-                libcurl4-openssl-dev \
-                libdbd-pg-perl \
-                libpq-dev \
-                libmagickwand-dev \
-                libio-socket-ssl-perl \
-                logrotate \
-                mercurial \
-                postgresql \
-                rsync \
-                ruby \
-                ruby-dev \
-                sudo
-
-fi
--- a/extra/soundsoftware/scripted-deploy/vagrant/provision.d/010-passenger.sh	Wed Aug 16 16:58:22 2017 +0100
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,11 +0,0 @@
-#!/bin/bash
-
-set -e
-
-# Passenger gets installed through gem, not apt
-
-if [ ! -f /var/lib/gems/2.3.0/gems/passenger-4.0.60/buildout/apache2/mod_passenger.so ]; then
-    gem install passenger -v 4.0.60 --no-rdoc --no-ri
-    passenger-install-apache2-module --languages=ruby
-fi
-
--- a/extra/soundsoftware/scripted-deploy/vagrant/provision.d/020-users.sh	Wed Aug 16 16:58:22 2017 +0100
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,9 +0,0 @@
-#!/bin/bash
-
-set -e
-
-if ! grep -q '^code:' /etc/passwd ; then
-    groupadd code
-    useradd -g code -G www-data code
-fi
-
--- a/extra/soundsoftware/scripted-deploy/vagrant/provision.d/030-webapp-dir.sh	Wed Aug 16 16:58:22 2017 +0100
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,10 +0,0 @@
-#!/bin/bash
-
-set -e
-
-if [ ! -d /var/www/code ]; then
-    cp -a /vagrant-code /var/www/code
-    chown -R code.www-data /var/www/code
-    find /var/www/code -type d -exec chmod g+s \{\} \;
-fi
-
--- a/extra/soundsoftware/scripted-deploy/vagrant/provision.d/040-hg-dir.sh	Wed Aug 16 16:58:22 2017 +0100
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,19 +0,0 @@
-#!/bin/bash
-
-set -e
-
-if [ ! -f /var/hg/index.cgi ]; then
-    mkdir -p /var/hg
-    chown code.www-data /var/hg
-    chmod g+s /var/hg
-    cp /var/www/code/extra/soundsoftware/scripted-deploy/config/index.cgi /var/hg/
-    cp /var/www/code/extra/soundsoftware/scripted-deploy/config/hgweb.config /var/hg/
-    chmod +x /var/hg/index.cgi
-fi
-
-if [ ! -d /var/hg/vamp-plugin-sdk ]; then
-    # This project can be used for testing
-    cd /var/hg
-    hg clone https://code.soundsoftware.ac.uk/hg/vamp-plugin-sdk
-    chown -R code.www-data vamp-plugin-sdk
-fi
--- a/extra/soundsoftware/scripted-deploy/vagrant/provision.d/050-webapp-db.sh	Wed Aug 16 16:58:22 2017 +0100
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,9 +0,0 @@
-#!/bin/bash
-
-set -e
-
-if [ ! -f /var/www/code/config/database.yml ]; then
-    cp /var/www/code/extra/soundsoftware/scripted-deploy/config/database.yml.interpolated \
-       /var/www/code/config/database.yml
-fi
-
--- a/extra/soundsoftware/scripted-deploy/vagrant/provision.d/060-bundler.sh	Wed Aug 16 16:58:22 2017 +0100
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,8 +0,0 @@
-#!/bin/bash
-
-set -e
-
-cd /var/www/code
-gem install bundler
-bundle install
-
--- a/extra/soundsoftware/scripted-deploy/vagrant/provision.d/070-secret-token.sh	Wed Aug 16 16:58:22 2017 +0100
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,7 +0,0 @@
-#!/bin/bash
-
-set -e
-
-cd /var/www/code
-bundle exec rake generate_secret_token
-
--- a/extra/soundsoftware/scripted-deploy/vagrant/provision.d/080-database-load.sh	Wed Aug 16 16:58:22 2017 +0100
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,16 +0,0 @@
-#!/bin/bash
-
-set -e
-
-/etc/init.d/postgresql start
-
-cd /var/www/code
-
-if [ -f postgres-dumpall ]; then
-    chmod ugo+r postgres-dumpall
-    sudo -u postgres psql -f postgres-dumpall postgres
-    rm postgres-dumpall # This was just a copy of the shared folder file anyway
-fi
-
-
-
--- a/extra/soundsoftware/scripted-deploy/vagrant/provision.d/090-perl-auth-module.sh	Wed Aug 16 16:58:22 2017 +0100
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,9 +0,0 @@
-#!/bin/bash
-
-set -e
-
-if [ ! -f /usr/local/lib/site_perl/Apache/Authn/SoundSoftware.pm ]; then
-    mkdir -p /usr/local/lib/site_perl/Apache/Authn/
-    cp /var/www/code/extra/soundsoftware/SoundSoftware.pm /usr/local/lib/site_perl/Apache/Authn/
-fi
-
--- a/extra/soundsoftware/scripted-deploy/vagrant/provision.d/100-apache-config.sh	Wed Aug 16 16:58:22 2017 +0100
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,28 +0,0 @@
-#!/bin/bash
-
-set -e
-
-cd /var/www/code
-
-if [ ! -f /etc/apache2/sites-enabled/10-code.conf ]; then
-
-    rm -f /etc/apache2/sites-enabled/000-default.conf
-
-    cp extra/soundsoftware/scripted-deploy/config/passenger.conf /etc/apache2/mods-available/
-    cp extra/soundsoftware/scripted-deploy/config/passenger.load /etc/apache2/mods-available/
-    cp extra/soundsoftware/scripted-deploy/config/perl.conf      /etc/apache2/mods-available/
-
-    ln -s ../mods-available/passenger.conf  /etc/apache2/mods-enabled/
-    ln -s ../mods-available/passenger.load  /etc/apache2/mods-enabled/
-    ln -s ../mods-available/perl.conf       /etc/apache2/mods-enabled/
-    ln -s ../mods-available/expires.load    /etc/apache2/mods-enabled/
-    ln -s ../mods-available/rewrite.load    /etc/apache2/mods-enabled/
-    ln -s ../mods-available/cgi.load        /etc/apache2/mods-enabled/
-
-    cp extra/soundsoftware/scripted-deploy/config/code.conf.interpolated /etc/apache2/sites-available/code.conf
-    ln -s ../sites-available/code.conf /etc/apache2/sites-enabled/10-code.conf
-
-    apache2ctl configtest
-
-fi
-
--- a/extra/soundsoftware/scripted-deploy/vagrant/provision.d/110-apache-start.sh	Wed Aug 16 16:58:22 2017 +0100
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,6 +0,0 @@
-#!/bin/bash
-
-set -e
-
-apache2ctl restart
-
--- a/extra/soundsoftware/scripted-deploy/vagrant/start.sh	Wed Aug 16 16:58:22 2017 +0100
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,54 +0,0 @@
-#!/bin/bash
-
-mydir=$(dirname "$0")
-
-dbpwd="$1"
-if [ -z "$dbpwd" ]; then
-    echo "Usage: $0 <database-password>" 1>&2
-    exit 2
-fi
-
-set -eu
-
-sswdir="$mydir/../.."
-rootdir="$sswdir/../.."
-
-deploydir="$sswdir"/scripted-deploy
-if [ ! -d "$deploydir" ]; then
-    echo "ERROR: Unexpected repository layout - expected directory at $deploydir"
-    exit 2
-fi
-
-managerdir="$deploydir/vagrant"
-if [ ! -d "$managerdir" ]; then
-    echo "ERROR: Required directory $managerdir not found"
-    exit 2
-fi
-
-configdir="$deploydir/config"
-if [ ! -d "$configdir" ]; then
-    echo "ERROR: Required directory $configdir not found"
-    exit 2
-fi
-
-if [ ! -f "$rootdir/postgres-dumpall" ]; then
-    echo "ERROR: I expect to find a Postgres SQL multi-db dump file in $rootdir/postgres-dumpall"
-    exit 2
-fi
-
-fontdir="$rootdir"/public/themes/soundsoftware/stylesheets/fonts
-if [ ! -f "$fontdir/24BC0E_0_0.woff" ]; then
-    echo "ERROR: I expect to find necessary webfonts in $fontdir"
-    exit 2
-fi
-
-for f in database.yml code.conf ; do
-    cat "$configdir/$f" |
-        sed 's/INSERT_POSTGRES_PASSWORD_HERE/'"$dbpwd"'/g' > \
-            "$configdir/$f.interpolated"
-done
-
-cd "$managerdir"
-
-vagrant up
-
--- a/extra/soundsoftware/scripted-deploy/vagrant/vagrant-provision.sh	Wed Aug 16 16:58:22 2017 +0100
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,20 +0,0 @@
-#!/bin/bash
-
-#!!! still not covered:
-# * cron jobs
-# * https
-# * web fonts
-# * reposman scripts (and their API key setup, etc)
-# * docgen script install
-# * logrotate config (check against system one)
-
-set -e
-
-for f in /vagrant-code/extra/soundsoftware/scripted-deploy/vagrant/provision.d/[0-9]* ; do
-    case "$f" in
-        *~) ;;
-        *) echo "Running provision script: $f"
-           /bin/bash "$f";;
-    esac
-done
-