SoundSoftware Code Site

Deploying the SoundSoftware site

#!/bin/bash

# To be sourced into a container-specific start.sh file, not run

# standalone

usage() {

    echo "Usage: $0 <database-password> <api-key> <api-httpauth-password>" 1>&2

    exit 2

}

dbpass="$1"

if [ -z "$dbpass" ]; then

    usage

fi

apikey="$2"

if [ -z "$apikey" ]; then

    usage

fi

apipass="$3"

if [ -z "$apipass" ]; then

    usage

fi

set -eu -o pipefail

rootdir="$mydir/../.."

deploydir="$rootdir"/deploy

if [ ! -d "$deploydir" ]; then

    echo "ERROR: Unexpected repository layout - expected directory at $deploydir"

    exit 2

fi

managerdir="$deploydir/vagrant"

if [ ! -d "$managerdir" ]; then

    echo "ERROR: Required directory $managerdir not found"

    exit 2

fi

configdir="$deploydir/config"

if [ ! -d "$configdir" ]; then

    echo "ERROR: Required directory $configdir not found"

    exit 2

fi

if [ ! -f "$rootdir/postgres-dumpall" ]; then

    echo "ERROR: I expect to find a Postgres SQL multi-db dump file in $rootdir/postgres-dumpall"

    exit 2

fi

fontdir="$rootdir"/public/themes/soundsoftware/stylesheets/fonts

if [ ! -f "$fontdir/24BC0E_0_0.woff" ]; then

    echo "ERROR: I expect to find necessary webfonts in $fontdir"

    exit 2

fi

apischeme=http

apihost=localhost

#apischeme=https

#apihost=code.soundsoftware.ac.uk

for f in "$configdir"/*.in "$rootdir"/extra/soundsoftware/extract-docs.sh ; do

    out="$configdir"/$(basename "$f" .in).gen

    cat "$f" | sed \

                   -e 's/INSERT_DATABASE_PASSWORD_HERE/'"$dbpass"'/g' \

                   -e 's/INSERT_API_KEY_HERE/'"$apikey"'/g' \

                   -e 's/INSERT_API_SCHEME_HERE/'"$apischeme"'/g' \

                   -e 's/INSERT_API_HOST_HERE/'"$apihost"'/g' \

                   -e 's/INSERT_API_USER_HERE/user/g' \

                   -e 's/INSERT_API_PASSWORD_HERE/'"$apipass"'/g' \

                   > "$out"

done

# A test Apache config. Lacks SSL, lacks a desirable extra layer of

# authentication for admin interface paths. Do not deploy this.

# Note this has been updated for Apache 2.4, which introduced a number

# of (welcome) changes to access control directives.

PerlLoadModule Apache::Authn::SoundSoftware

<VirtualHost *:80>

        ServerName code.soundsoftware.ac.uk

        ServerAdmin chris.cannam@soundsoftware.ac.uk

        DocumentRoot /var/www/code/public

        PassengerRestartDir restart_files

        PassengerHighPerformance on

        PassengerMaxRequests 50000

        PassengerStatThrottleRate 5

	PassengerStartTimeout 60

	PassengerFriendlyErrorPages on

        RailsSpawnMethod smart

        ExpiresDefault "access plus 1 minute"

#        <Location /sys>

#		AuthType Basic

#		AuthUserFile "/etc/apache2/auth/user.htpasswd"

#		AuthName "code.soundsoftware.ac.uk"

#		Require user user

#	</Location>

#	<Location /admin>

#		AuthType Digest

#		AuthUserFile "/etc/apache2/auth/admin.htdigest"

#		AuthName "code.soundsoftware.ac.uk admin interface"

#		Require user admin

#	</Location>

        <DirectoryMatch "^/.*/\.svn/">

                Require all denied

        </DirectoryMatch>

        <DirectoryMatch "^/.*/\.hg/">

                Require all denied

        </DirectoryMatch>

        <DirectoryMatch "^/.*/\.git/">

                Require all denied

        </DirectoryMatch>

        <Directory /var/www/code/public>

                Options -MultiViews

	</Directory>

        <Directory /var/www/code/public/themes/soundsoftware/stylesheets/fonts>

		# Avoid other sites embedding our fonts

		RewriteEngine on

		RewriteCond %{HTTP_REFERER} !^$

		RewriteCond %{HTTP_REFERER} !^http(s)?://code.soundsoftware.ac.uk/.*$ [NC]

		RewriteRule \.(ttf|woff|eot|otf|svg|zip|gz|html|txt)$ - [F]

	</Directory>

	ScriptAlias /hg "/var/hg/index.cgi"

	<Location /hg>

               	AuthName "Mercurial"

                AuthType Basic

                Require valid-user

		PerlAccessHandler Apache::Authn::SoundSoftware::access_handler

      		PerlAuthenHandler Apache::Authn::SoundSoftware::authen_handler

		PerlSetVar HTTPS "on"

		SoundSoftwareDSN "dbi:Pg:database=code;host=localhost"

    		SoundSoftwareDbUser "code"

     		SoundSoftwareDbPass "INSERT_DATABASE_PASSWORD_HERE"

		SoundSoftwareRepoPrefix "/var/hg/"

                #!!! "on" in production please!:

                SoundSoftwareSslRequired "off"

		Options +ExecCGI

		AddHandler cgi-script .cgi

		ExpiresDefault now

        </Location>

	Alias /git "/var/files/git-mirror"

	<Directory "/var/files/git-mirror">

		Options -Indexes +FollowSymLinks

                Require all granted

	</Directory>

	<Directory ~ "/var/files/git-mirror/.*\.workdir">

                Require all denied

	</Directory>

	<Directory ~ "/var/files/git-mirror/__.*">

                Require all denied

	</Directory>

	ErrorLog /var/log/apache2/code-error.log

	CustomLog /var/log/apache2/code-access.log vhost_combined

        LogLevel warn

        ServerSignature Off

</VirtualHost>

#!/bin/sh

outfile="/var/files/backups/postgres-dumpall-`date +%Y%m%d%H%M`"

oldmask=`umask`

umask 0277

su postgres -c /usr/bin/pg_dumpall > "$outfile" && bzip2 "$outfile"

umask "$oldmask"

#!/bin/bash

cd /tmp

/var/www/code/docgen/extract-docs.sh

#!/bin/bash

sudo -u code sh -c "cd /var/www/code ; ./script/rails runner -e production extra/soundsoftware/get-statistics.rb >> log/statistics.log"

#!/bin/bash

tail -2 /var/log/external-repos.log

#!/bin/bash

## No longer used - this site is now static

# /usr/bin/wget -O - -q -t 1 http://www.soundsoftware.ac.uk/cron.php

#!/bin/bash

sudo -u code sh -c "cd /var/www/code ; ./script/rails runner \"Repository.fetch_changesets\" -e production 2>&1 | grep -v 'Not trusting' | grep -v 'svn:' | grep -v 'working copy' | grep -v 'deprecated' | grep -v 'version_requirements'"

exit 0

#!/bin/bash

sudo -H -u www-data /var/www/code/reposman/run-external.sh

#!/bin/sh

rm -f /var/www/code/tmp/cache/*/*/views*explore*

#!/bin/bash

logfile="/var/www/code/log/export-git.log"

sudo -u code sh -c "cd /tmp ; /var/www/code/extra/soundsoftware/export-git.sh production /var/hg /var/files/git-mirror >> $logfile 2>&1"

#!/bin/bash

sudo -u www-data /var/www/code/reposman/run-reposman.sh

#!/bin/sh

for location in var/www etc/apache2 etc/cron.*; do

	target="/var/files/backups/`echo $location | sed 's,/,_,g'`-`date +%Y%m%d%H%M`"

	oldmask=`umask`

	umask 0277

	cd /

	tar cjf "$target".tar.bz2 "$location"

	umask "$oldmask"

done

production:

  adapter: postgresql

  database: code

  host: localhost

  username: code

  password: "INSERT_DATABASE_PASSWORD_HERE"

[paths]

/ = /var/hg/*

[web]

allow_archive = gz, zip, bz2

allow_push = *

#!/usr/bin/env python

#

# An example CGI script to export multiple hgweb repos, edit as necessary

# adjust python path if not a system-wide install:

#import sys

#sys.path.insert(0, "/path/to/python/lib")

# enable importing on demand to reduce startup time

from mercurial import demandimport; demandimport.enable()

# Uncomment to send python tracebacks to the browser if an error occurs:

import cgitb

cgitb.enable()

# If you'd like to serve pages with UTF-8 instead of your default

# locale charset, you can do so by uncommenting the following lines.

# Note that this will cause your .hgrc files to be interpreted in

# UTF-8 and all your repo files to be displayed using UTF-8.

#

import os

os.environ["HGENCODING"] = "UTF-8"

from mercurial.hgweb.hgwebdir_mod import hgwebdir

import mercurial.hgweb.wsgicgi as wsgicgi

# The config file looks like this.  You can have paths to individual

# repos, collections of repos in a directory tree, or both.

#

# [paths]

# virtual/path1 = /real/path1

# virtual/path2 = /real/path2

# virtual/root = /real/root/*

# / = /real/root2/*

# virtual/root2 = /real/root2/**

#

# [collections]

# /prefix/to/strip/off = /root/of/tree/full/of/repos

#

# paths example:

#

# * First two lines mount one repository into one virtual path, like

# '/real/path1' into 'virtual/path1'.

#

# * The third entry mounts every mercurial repository found in '/real/root'

# in 'virtual/root'. This format is preferred over the [collections] one,

# since using absolute paths as configuration keys is not supported on every

# platform (especially on Windows).

#

# * The fourth entry is a special case mounting all repositories in

# /'real/root2' in the root of the virtual directory.

#

# * The fifth entry recursively finds all repositories under the real root,

# and mounts them using their relative path (to given real root) under the

# virtual root.

#

# collections example: say directory tree /foo contains repos /foo/bar,

# /foo/quux/baz.  Give this config section:

#   [collections]

#   /foo = /foo

# Then repos will list as bar and quux/baz.

#

# Alternatively you can pass a list of ('virtual/path', '/real/path') tuples

# or use a dictionary with entries like 'virtual/path': '/real/path'

application = hgwebdir('hgweb.config')

wsgicgi.launch(application)

# see "man logrotate" for details

# rotate log files weekly

weekly

# use the syslog group by default, since this is the owning group

# of /var/log/syslog.

su root syslog

# keep 4 weeks worth of backlogs

rotate 4

# create new (empty) log files after rotating old ones

create

# uncomment this if you want your log files compressed

#compress

# packages drop log rotation information into this directory

include /etc/logrotate.d

# no packages own wtmp, or btmp -- we'll rotate them here

/var/log/wtmp {

    missingok

    monthly

    create 0664 root utmp

    rotate 1

}

/var/log/btmp {

    missingok

    monthly

    create 0660 root utmp

    rotate 1

}

# system-specific logs may be configured here

/var/www/code/log/*.log {

	weekly

	missingok

	rotate 52

	compress

	delaycompress

	create 640 code code

	sharedscripts

	postrotate

		touch /var/www/code/restart_files/restart.txt

	endscript

}

/var/log/reposman.log {

        weekly

        missingok

        rotate 52

        compress

        delaycompress

        create 640 www-data code

        sharedscripts

}

/var/log/external-repos.log {

        weekly

        missingok

        rotate 52

        compress

        delaycompress

        create 640 www-data code

        sharedscripts

}

PassengerMaxPoolSize 60

LoadModule passenger_module /var/lib/gems/2.3.0/gems/passenger-4.0.60/buildout/apache2/mod_passenger.so

PassengerRoot /var/lib/gems/2.3.0/gems/passenger-4.0.60

PassengerDefaultRuby /usr/bin/ruby2.3

# Apache::DBI is supposed to be a transparent replacement for Perl DBI with

# better performance when multiple connections are made with common DSN, user

# and password

PerlModule Apache::DBI

#!/bin/bash

logfile=/var/log/external-repos.log

(

flock -s 200

echo >> $logfile

date >> $logfile

/var/www/code/reposman/convert-external-repos.rb \

	-s /var/hg \

	-r INSERT_API_SCHEME_HERE://INSERT_API_HOST_HERE/ \

	-k INSERT_API_KEY_HERE \

	-v \

	--http-user=INSERT_API_USER_HERE \

	--http-pass=INSERT_API_PASSWORD_HERE \

        -c "/var/www/code/reposman/update-external-repo.sh" \

	>> $logfile 2>&1

date >> $logfile

echo Done >> $logfile

)200>>$logfile

#!/bin/bash

logfile=/var/log/reposman.log

(

flock -s 200

echo >> $logfile

/var/www/code/reposman/reposman-soundsoftware.rb \

	-s /var/hg \

	-r INSERT_API_SCHEME_HERE://INSERT_API_HOST_HERE/ \

	-k INSERT_API_KEY_HERE \

	--http-user=INSERT_API_USER_HERE \

	--http-pass=INSERT_API_PASSWORD_HERE \

	-o www-data \

	-g code \

	-c "/var/www/code/reposman/run-hginit.sh" \

	--scm=Mercurial \

	>> $logfile 2>&1

)200>>$logfile

FROM ubuntu:16.04

MAINTAINER Chris Cannam <cannam@all-day-breakfast.com>

COPY . /var/www/code

WORKDIR /var/www/code

INSERT_PROVISIONING_HERE

# Start Postgres and foregrounded Apache

RUN echo "#!/bin/bash"                      > container-run.sh

RUN echo "/etc/init.d/postgresql start"    >> container-run.sh

RUN echo "apache2ctl -D FOREGROUND"        >> container-run.sh

RUN chmod +x container-run.sh

EXPOSE 80

CMD ./container-run.sh

# For documentation and experimental purposes only. As a

# reconstruction of the machine image that runs this application,

# there are lots of things missing here; but as a good Docker

# configuration, it fails by mixing together rather a lot of concerns.

FROM ubuntu:16.04

MAINTAINER Chris Cannam <cannam@all-day-breakfast.com>

RUN apt-get update && \

    apt-get install -y \

    apache2 \

    apache2-dev \

    apt-utils \

    build-essential \

    cron \

    curl \

    doxygen \

    exim4 \

    git \

    graphviz \

    imagemagick \

    libapache-dbi-perl \

    libapache2-mod-perl2 \

    libapr1-dev \

    libaprutil1-dev \

    libauthen-simple-ldap-perl \

    libcurl4-openssl-dev \

    libdbd-pg-perl \

    libpq-dev \

    libmagickwand-dev \

    libio-socket-ssl-perl \

    logrotate \

    mercurial \

    postgresql \

    rsync \

    ruby \

    ruby-dev \

    sudo

# Also used on the live site, for javadoc extraction, but this is

# would be by far the biggest package here: let's omit it while we're

# not making use of it

#   openjdk-9-jdk-headless

RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*

# Passenger gets installed through gem, not apt

RUN gem install passenger -v 4.0.60 --no-rdoc --no-ri

RUN passenger-install-apache2-module --languages=ruby

# Copy across webapp, set up ownership

COPY . /var/www/code

RUN groupadd code

RUN useradd -g code -G www-data code

RUN chown -R code.www-data /var/www/code

RUN find /var/www/code -type d -exec chmod g+s \{\} \;

# Initialise /var/hg (in reality this would be mounted from somewhere)

RUN mkdir -p /var/hg

RUN chown code.www-data /var/hg

RUN chmod g+s /var/hg

COPY extra/soundsoftware/scripted-deploy/config/index.cgi /var/hg/

COPY extra/soundsoftware/scripted-deploy/config/hgweb.config /var/hg/

RUN chmod +x /var/hg/index.cgi

# We're based in the code webapp directory from here on

WORKDIR /var/www/code

# Set up database config etc

RUN cp extra/soundsoftware/scripted-deploy/config/database.yml.interpolated config/database.yml

# Install Rails and dependencies (database.yml must be populated before this)

RUN gem install bundler

RUN bundle install

# Initialise Redmine token (bundler must be installed before this)

RUN bundle exec rake generate_secret_token

# Import Postgres database from postgres-dumpall file

RUN chown postgres postgres-dumpall

RUN /etc/init.d/postgresql start && sudo -u postgres psql -f postgres-dumpall postgres

RUN rm postgres-dumpall

# Install Perl auth module for Hg access

RUN mkdir -p /usr/local/lib/site_perl/Apache/Authn/

RUN cp extra/soundsoftware/SoundSoftware.pm /usr/local/lib/site_perl/Apache/Authn/

# Set up Apache config (todo: insert variables)

RUN rm -f /etc/apache2/sites-enabled/000-default.conf

RUN cp extra/soundsoftware/scripted-deploy/config/passenger.conf /etc/apache2/mods-available/

RUN cp extra/soundsoftware/scripted-deploy/config/passenger.load /etc/apache2/mods-available/

RUN cp extra/soundsoftware/scripted-deploy/config/perl.conf      /etc/apache2/mods-available/

RUN ln -s ../mods-available/passenger.conf  /etc/apache2/mods-enabled/

RUN ln -s ../mods-available/passenger.load  /etc/apache2/mods-enabled/

RUN ln -s ../mods-available/perl.conf       /etc/apache2/mods-enabled/

RUN ln -s ../mods-available/expires.load    /etc/apache2/mods-enabled/

RUN ln -s ../mods-available/rewrite.load    /etc/apache2/mods-enabled/

RUN ln -s ../mods-available/cgi.load        /etc/apache2/mods-enabled/

RUN cp extra/soundsoftware/scripted-deploy/config/code.conf.interpolated /etc/apache2/sites-available/code.conf

RUN ln -s ../sites-available/code.conf /etc/apache2/sites-enabled/10-code.conf

RUN apache2ctl configtest

# Start Postgres and foregrounded Apache

RUN echo "#!/bin/bash"                      > container-run.sh

RUN echo "/etc/init.d/postgresql start"    >> container-run.sh

RUN echo "apache2ctl -D FOREGROUND"        >> container-run.sh

RUN chmod +x container-run.sh

EXPOSE 80

CMD ./container-run.sh

#!/bin/bash

mydir=$(dirname "$0")

. "$mydir"/../any/prepare.sh

provisioning_commands=$(

    for x in "$deploydir"/provision.d/[0-9]*.sh; do

        echo "RUN /bin/bash /var/www/code/deploy/provision.d/$(basename $x)"

    done | sed 's/$/\\n/' | fmt -2000 | sed 's/ RUN/RUN/g' )

( echo

  echo "### DO NOT EDIT THIS FILE - it is generated from Dockerfile.in"

  echo

) > "$managerdir/Dockerfile"

cat "$managerdir/Dockerfile.in" |

    sed 's,INSERT_PROVISIONING_HERE,'"$provisioning_commands"',' >> \

        "$managerdir/Dockerfile.gen"

cd "$rootdir"

dockertag="cannam/soundsoftware-site"

sudo docker build -t "$dockertag" -f "deploy/docker/Dockerfile.gen" .

sudo docker run -p 8080:80 -d "$dockertag"

#!/bin/bash

set -e

# Install necessary system packages. This assumes we are deploying on

# Ubuntu 16.04.

# We aim to make all of these provisioning scripts non-destructive if

# run more than once. In this case, running the script again will

# install any outstanding updates.

apt-get update && \

    apt-get dist-upgrade -y && \

    apt-get install -y \

            ack-grep \

            apache2 \

            apache2-dev \

            apt-utils \

            build-essential \

            cron \

            curl \

            doxygen \

            exim4 \

            git \

            graphviz \

            imagemagick \

            libapache-dbi-perl \

            libapache2-mod-perl2 \

            libapr1-dev \

            libaprutil1-dev \

            libauthen-simple-ldap-perl \

            libcurl4-openssl-dev \

            libdbd-pg-perl \

            libpq-dev \

            libmagickwand-dev \

            libio-socket-ssl-perl \

            logrotate \

            mercurial \

            openjdk-9-jdk-headless \

            postgresql \

            rsync \

            ruby \

            ruby-dev \

            sudo

locale-gen en_US.UTF-8

#!/bin/bash

set -e

# Phusion Passenger as application server.

# This gets installed through gem, not apt, and we ask for a specific

# version (the last in the 4.0.x line).

if [ ! -f /var/lib/gems/2.3.0/gems/passenger-4.0.60/buildout/apache2/mod_passenger.so ]; then

    gem install passenger -v 4.0.60 --no-rdoc --no-ri

    passenger-install-apache2-module --languages=ruby

fi

#!/bin/bash

set -e

# The webapp directory is owned and run by the code user, in group

# www-data. The repos and other things served directly are the other

# way around -- owned by the www-data user, in group code.

for user in code docgen ; do

    if ! grep -q "^$user:" /etc/passwd ; then

        groupadd "$user"

        useradd -g "$user" -G www-data "$user"

    fi

done

#!/bin/bash

set -e

# We might be running in one of two ways:

#

# 1. The code directory is already at /var/www/code, either because a

# previous provisioning step has imported it there or because this

# script has been run before -- in this situation all we do is

# re-check the ownership and permissions. OR

#

# 2. The code directory has not yet been copied to /var/www/code, in

# which case we expect to find it at /code-to-deploy, e.g. as a

# Vagrant shared folder, and we copy it over from there. (We don't

# deploy directly from shared folders as we might not be able to

# manipulate ownership and permissions properly there.)

if [ ! -d /var/www/code ]; then

    if [ ! -d /code-to-deploy ]; then

        echo "ERROR: Expected to find code tree at /var/www/code or /code-to-deploy: is the deployment script being invoked correctly?"

        exit 2

    fi

    cp -a /code-to-deploy /var/www/code

fi

chown -R code.www-data /var/www/code

find /var/www/code -type d -exec chmod g+s \{\} \;

#!/bin/bash

set -e

# In a real deployment, /var/hg is probably mounted from somewhere

# else. But in an empty deployment we need to create it, and in both

# cases we set up the config files with their current versions here.

if [ ! -f /var/hg/index.cgi ]; then

    mkdir -p /var/hg

fi

cp /var/www/code/deploy/config/index.cgi /var/hg/

cp /var/www/code/deploy/config/hgweb.config /var/hg/

chmod +x /var/hg/index.cgi

chown -R www-data.code /var/hg

find /var/hg -type d -exec chmod g+s \{\} \;

#!/bin/bash

set -e

# Copy across the database config file (the source file has presumably

# been generated from a skeleton, earlier in provisioning)

infile=/var/www/code/deploy/config/database.yml.gen

outfile=/var/www/code/config/database.yml

if [ ! -f "$outfile" ]; then

    if [ ! -f "$infile" ]; then

        echo "ERROR: Database config file $infile not found - has the database secret been interpolated from $infile.in correctly?"

        exit 2

    fi

    cp "$infile" "$outfile"

fi

#!/bin/bash

set -e

# Install Ruby gems for the web app.

# We aim to make all of these provisioning scripts non-destructive if

# run more than once. In this case, running the script again will

# install any outstanding updates.

cd /var/www/code

gem install bundler

bundle install

#!/bin/bash

set -e

# Create a session token if it hasn't already been created.

cd /var/www/code

if [ ! -f config/initializers/secret_token.rb ]; then

    bundle exec rake generate_secret_token

fi

#!/bin/bash

set -e

# Start the database and if a dump file is found, load it. The dump

# file is then deleted so that the db won't be overwritten on

# subsequent runs. (The original repo contains no dump file, so it

# should exist only if you have provided some data to load.)

/etc/init.d/postgresql start

cd /var/www/code

if [ -f postgres-dumpall ]; then

    chmod ugo+r postgres-dumpall

    sudo -u postgres psql -f postgres-dumpall postgres

    rm postgres-dumpall

fi

#!/bin/bash

set -e

# Install the Apache mod_perl module used for hg repo access control

if [ ! -f /usr/local/lib/site_perl/Apache/Authn/SoundSoftware.pm ]; then

    mkdir -p /usr/local/lib/site_perl/Apache/Authn/

    cp /var/www/code/extra/soundsoftware/SoundSoftware.pm \

       /usr/local/lib/site_perl/Apache/Authn/

fi

#!/bin/bash

set -e

# Install Apache config files and module loaders

cd /var/www/code

codeconffile=/var/www/code/deploy/config/code.conf.gen

if [ ! -f "$codeconffile" ]; then

    echo "ERROR: Apache config file $codeconffile not found - has the database secret been interpolated from its input file correctly?"

    exit 2

fi

if [ ! -f /etc/apache2/sites-enabled/10-code.conf ]; then

    rm -f /etc/apache2/sites-enabled/000-default.conf

    cp deploy/config/passenger.conf /etc/apache2/mods-available/

    cp deploy/config/passenger.load /etc/apache2/mods-available/

    cp deploy/config/perl.conf      /etc/apache2/mods-available/

    ln -s ../mods-available/passenger.conf  /etc/apache2/mods-enabled/

    ln -s ../mods-available/passenger.load  /etc/apache2/mods-enabled/

    ln -s ../mods-available/perl.conf       /etc/apache2/mods-enabled/

    ln -s ../mods-available/expires.load    /etc/apache2/mods-enabled/

    ln -s ../mods-available/rewrite.load    /etc/apache2/mods-enabled/

    ln -s ../mods-available/cgi.load        /etc/apache2/mods-enabled/

    cp "$codeconffile" /etc/apache2/sites-available/code.conf

    ln -s ../sites-available/code.conf /etc/apache2/sites-enabled/10-code.conf

    apache2ctl configtest

fi

#!/bin/bash

set -e

# In case we are running without a properly mounted /var/hg directory,

# check for the existence of one repo and, if absent, attempt to clone

# it so that we have something we can serve for test purposes.

if [ ! -d /var/hg/vamp-plugin-sdk ]; then

    echo "Cloning vamp-plugin-sdk repo for testing..."

    cd /var/hg

    hg clone https://code.soundsoftware.ac.uk/hg/vamp-plugin-sdk

    chown -R www-data.code vamp-plugin-sdk

fi

#!/bin/bash

set -e

# Copy docgen scripts to the place they actually live. This is

# particularly badly managed, since the target location is actually

# within the repo already

cd /var/www/code

mkdir -p docgen

for file in \

    doxysafe.pl \

    extract-doxygen.sh \

    extract-javadoc.sh \

    extract-matlabdocs.sh \

    matlab-docs.conf \

    matlab-docs-credit.html \

    matlab-docs.pl ; do

    if [ ! -f docgen/"$file" ]; then

        cp extra/soundsoftware/"$file" docgen/

    fi

done

for file in \

    extract-docs.sh ; do

    if [ ! -f docgen/"$file" ]; then

        cp deploy/config/"$file".gen docgen/"$file"

    fi

done

chown code.www-data docgen/*

chmod +x docgen/*.sh

#!/bin/bash

set -e

# Copy reposman scripts to the place they actually live. Like docgen,

# this is particularly badly managed, since the target location is

# actually within the repo already. At least in this case some of the

# scripts have to be edited to insert the server's API key, so there

# is a bit of logic there

cd /var/www/code

mkdir -p reposman

for file in \

    convert-external-repos.rb \

    reposman-soundsoftware.rb \

    run-hginit.sh \

    update-external-repo.sh ; do

    if [ ! -f reposman/"$file" ]; then

        cp extra/soundsoftware/"$file" reposman/

    fi

done

for file in \

    run-external.sh \

    run-reposman.sh ; do

    if [ ! -f reposman/"$file" ]; then

        cp deploy/config/"$file".gen reposman/"$file"

    fi

done

chown code.www-data reposman/*

chmod +x reposman/*.sh

chmod +x reposman/*.rb

touch /var/log/reposman.log

touch /var/log/external-repos.log

chown www-data.code /var/log/reposman.log

chown www-data.code /var/log/external-repos.log

#!/bin/bash

set -e

# Initialise directories used as targets for cron activity (if they

# don't already exist)

for dir in \

    /var/files/backups \

    /var/doc \

    /var/files/git-mirror ; do

    if [ ! -d "$dir" ]; then

        mkdir -p "$dir"

        chown -R code.www-data "$dir"

        chmod g+s "$dir"

    fi

done

# Copy cron scripts to the appropriate destinations

cd /var/www/code

if [ ! -d /etc/cron.minutely ]; then

    mkdir -p /etc/cron.minutely

    echo '*  *    * * *   root    test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.minutely )' >> /etc/crontab

fi

for t in minutely hourly daily monthly; do

    for s in deploy/config/cron.$t/[0-9]* ; do

        name=$(basename $s)

        dest="/etc/cron.$t/$name"

        if [ ! -f "$dest" ]; then

            cp "$s" "$dest"

            chmod +x "$dest"

        fi

    done

done

#!/bin/bash

cd /var/www/code

cp deploy/config/logrotate.conf /etc/logrotate.conf

#!/bin/bash

set -e

# Last action: start the webserver

apache2ctl restart

# -*- mode: ruby -*-

# vi: set ft=ruby :

Vagrant.configure("2") do |config|

  config.vm.box = "ubuntu/xenial64"

  config.vm.network "forwarded_port", guest: 80, host: 8080

  config.vm.synced_folder "../..", "/code-to-deploy"

  config.vm.provision :shell, path: "vagrant-provision.sh"

end

#!/bin/bash

mydir=$(dirname "$0")

. "$mydir"/../any/prepare.sh

cd "$managerdir"

vagrant up

#!/bin/bash

#!!! still not covered:

# * https

# * http auth for API (/sys) and /admin interfaces

# * sending email

set -e

for f in /code-to-deploy/deploy/provision.d/[0-9]*.sh ; do

    case "$f" in

        *~) ;;

        *) echo "Running provisioning script: $f"

           /bin/bash "$f";;

    esac

done

echo "All provisioning scripts complete"