diff -r d0d59d12db94 -r d8949733849d deploy/config/code.conf.in --- /dev/null +++ b/deploy/config/code.conf.in @@ -0,0 +1,94 @@ + +# A test Apache config. Lacks SSL, lacks a desirable extra layer of +# authentication for admin interface paths. Do not deploy this. + +PerlLoadModule Apache::Authn::SoundSoftware + + + ServerName code.soundsoftware.ac.uk + ServerAdmin chris.cannam@soundsoftware.ac.uk + + DocumentRoot /var/www/code/public + PassengerRestartDir restart_files + PassengerHighPerformance on + PassengerMaxRequests 50000 + PassengerStatThrottleRate 5 + PassengerStartTimeout 60 + PassengerFriendlyErrorPages on + RailsSpawnMethod smart + ExpiresDefault "access plus 1 minute" + + + Order allow,deny + Deny from all + Satisfy All + + + + Order allow,deny + Deny from all + Satisfy All + + + + Order allow,deny + Deny from all + Satisfy All + + + + Options -MultiViews + + + + # Avoid other sites embedding our fonts + RewriteEngine on + RewriteCond %{HTTP_REFERER} !^$ + RewriteCond %{HTTP_REFERER} !^http(s)?://code.soundsoftware.ac.uk/.*$ [NC] + RewriteRule \.(ttf|woff|eot|otf|svg|zip|gz|html|txt)$ - [F] + + + ScriptAlias /hg "/var/hg/index.cgi" + + + AuthName "Mercurial" + AuthType Basic + Require valid-user + PerlAccessHandler Apache::Authn::SoundSoftware::access_handler + PerlAuthenHandler Apache::Authn::SoundSoftware::authen_handler + PerlSetVar HTTPS "on" + SoundSoftwareDSN "dbi:Pg:database=code;host=localhost" + SoundSoftwareDbUser "code" + SoundSoftwareDbPass "INSERT_POSTGRES_PASSWORD_HERE" + SoundSoftwareRepoPrefix "/var/hg/" + #!!! "on" in production please!: + SoundSoftwareSslRequired "off" + Options +ExecCGI + AddHandler cgi-script .cgi + ExpiresDefault now + + + Alias /git "/var/files/git-mirror" + + + Options -Indexes +FollowSymLinks + Order allow,deny + Allow from all + + + Order allow,deny + Deny from all + + + Order allow,deny + Deny from all + + + ErrorLog /var/log/apache2/code-error.log + CustomLog /var/log/apache2/code-access.log vhost_combined + + LogLevel warn + ServerSignature Off + + + diff -r d0d59d12db94 -r d8949733849d deploy/config/cron.daily/00-backup-db --- /dev/null +++ b/deploy/config/cron.daily/00-backup-db @@ -0,0 +1,6 @@ +#!/bin/sh +outfile="/var/files/backups/postgres-dumpall-`date +%Y%m%d%H%M`" +oldmask=`umask` +umask 0277 +su postgres -c /usr/bin/pg_dumpall > "$outfile" && bzip2 "$outfile" +umask "$oldmask" diff -r d0d59d12db94 -r d8949733849d deploy/config/cron.daily/10-extract-docs --- /dev/null +++ b/deploy/config/cron.daily/10-extract-docs @@ -0,0 +1,3 @@ +#!/bin/bash +cd /tmp +/var/www/code/docgen/extract-docs.sh diff -r d0d59d12db94 -r d8949733849d deploy/config/cron.daily/15-get-statistics --- /dev/null +++ b/deploy/config/cron.daily/15-get-statistics @@ -0,0 +1,2 @@ +#!/bin/bash +sudo -u code sh -c "cd /var/www/code ; ./script/rails runner -e production extra/soundsoftware/get-statistics.rb >> log/statistics.log" diff -r d0d59d12db94 -r d8949733849d deploy/config/cron.daily/20-check-end-of-external-repo-log --- /dev/null +++ b/deploy/config/cron.daily/20-check-end-of-external-repo-log @@ -0,0 +1,2 @@ +#!/bin/bash +tail -2 /var/log/external-repos.log diff -r d0d59d12db94 -r d8949733849d deploy/config/cron.hourly/00-drupal-cron --- /dev/null +++ b/deploy/config/cron.hourly/00-drupal-cron @@ -0,0 +1,3 @@ +#!/bin/bash +/usr/bin/wget -O - -q -t 1 http://www.soundsoftware.ac.uk/cron.php + diff -r d0d59d12db94 -r d8949733849d deploy/config/cron.hourly/10-redmine-fetch-changesets --- /dev/null +++ b/deploy/config/cron.hourly/10-redmine-fetch-changesets @@ -0,0 +1,3 @@ +#!/bin/bash +sudo -u code sh -c "cd /var/www/code ; ./script/rails runner \"Repository.fetch_changesets\" -e production 2>&1 | grep -v 'Not trusting' | grep -v 'svn:' | grep -v 'working copy' | grep -v 'deprecated' | grep -v 'version_requirements'" +exit 0 diff -r d0d59d12db94 -r d8949733849d deploy/config/cron.hourly/20-convert-external-repos --- /dev/null +++ b/deploy/config/cron.hourly/20-convert-external-repos @@ -0,0 +1,2 @@ +#!/bin/bash +sudo -H -u www-data /var/www/code/reposman/run-external.sh diff -r d0d59d12db94 -r d8949733849d deploy/config/cron.hourly/30-expire-explore-cache --- /dev/null +++ b/deploy/config/cron.hourly/30-expire-explore-cache @@ -0,0 +1,2 @@ +#!/bin/sh +rm -f /var/www/code/tmp/cache/*/*/views*explore* diff -r d0d59d12db94 -r d8949733849d deploy/config/cron.hourly/40-export-git --- /dev/null +++ b/deploy/config/cron.hourly/40-export-git @@ -0,0 +1,3 @@ +#!/bin/bash +logfile="/var/www/code/log/export-git.log" +sudo -u code sh -c "cd /tmp ; /var/www/code/extra/soundsoftware/export-git.sh production /var/hg /var/files/git-mirror >> $logfile 2>&1" diff -r d0d59d12db94 -r d8949733849d deploy/config/cron.minutely/00-redmine-repositories --- /dev/null +++ b/deploy/config/cron.minutely/00-redmine-repositories @@ -0,0 +1,3 @@ +#!/bin/bash +sudo -u www-data /var/www/code/reposman/run-reposman.sh + diff -r d0d59d12db94 -r d8949733849d deploy/config/cron.monthly/00-backup-files --- /dev/null +++ b/deploy/config/cron.monthly/00-backup-files @@ -0,0 +1,10 @@ +#!/bin/sh +for location in var/www etc/apache2 etc/cron.*; do + target="/var/files/backups/`echo $location | sed 's,/,_,g'`-`date +%Y%m%d%H%M`" + oldmask=`umask` + umask 0277 + cd / + tar cjf "$target".tar.bz2 "$location" + umask "$oldmask" +done + diff -r d0d59d12db94 -r d8949733849d deploy/config/database.yml.in --- /dev/null +++ b/deploy/config/database.yml.in @@ -0,0 +1,7 @@ +production: + adapter: postgresql + database: code + host: localhost + username: code + password: "INSERT_POSTGRES_PASSWORD_HERE" + diff -r d0d59d12db94 -r d8949733849d deploy/config/hgweb.config --- /dev/null +++ b/deploy/config/hgweb.config @@ -0,0 +1,6 @@ +[paths] +/ = /var/hg/* + +[web] +allow_archive = gz, zip, bz2 +allow_push = * diff -r d0d59d12db94 -r d8949733849d deploy/config/index.cgi --- /dev/null +++ b/deploy/config/index.cgi @@ -0,0 +1,67 @@ +#!/usr/bin/env python +# +# An example CGI script to export multiple hgweb repos, edit as necessary + +# adjust python path if not a system-wide install: +#import sys +#sys.path.insert(0, "/path/to/python/lib") + +# enable importing on demand to reduce startup time +from mercurial import demandimport; demandimport.enable() + +# Uncomment to send python tracebacks to the browser if an error occurs: +import cgitb +cgitb.enable() + +# If you'd like to serve pages with UTF-8 instead of your default +# locale charset, you can do so by uncommenting the following lines. +# Note that this will cause your .hgrc files to be interpreted in +# UTF-8 and all your repo files to be displayed using UTF-8. +# +import os +os.environ["HGENCODING"] = "UTF-8" + +from mercurial.hgweb.hgwebdir_mod import hgwebdir +import mercurial.hgweb.wsgicgi as wsgicgi + +# The config file looks like this. You can have paths to individual +# repos, collections of repos in a directory tree, or both. +# +# [paths] +# virtual/path1 = /real/path1 +# virtual/path2 = /real/path2 +# virtual/root = /real/root/* +# / = /real/root2/* +# virtual/root2 = /real/root2/** +# +# [collections] +# /prefix/to/strip/off = /root/of/tree/full/of/repos +# +# paths example: +# +# * First two lines mount one repository into one virtual path, like +# '/real/path1' into 'virtual/path1'. +# +# * The third entry mounts every mercurial repository found in '/real/root' +# in 'virtual/root'. This format is preferred over the [collections] one, +# since using absolute paths as configuration keys is not supported on every +# platform (especially on Windows). +# +# * The fourth entry is a special case mounting all repositories in +# /'real/root2' in the root of the virtual directory. +# +# * The fifth entry recursively finds all repositories under the real root, +# and mounts them using their relative path (to given real root) under the +# virtual root. +# +# collections example: say directory tree /foo contains repos /foo/bar, +# /foo/quux/baz. Give this config section: +# [collections] +# /foo = /foo +# Then repos will list as bar and quux/baz. +# +# Alternatively you can pass a list of ('virtual/path', '/real/path') tuples +# or use a dictionary with entries like 'virtual/path': '/real/path' + +application = hgwebdir('hgweb.config') +wsgicgi.launch(application) diff -r d0d59d12db94 -r d8949733849d deploy/config/logrotate.conf --- /dev/null +++ b/deploy/config/logrotate.conf @@ -0,0 +1,65 @@ +# see "man logrotate" for details +# rotate log files weekly +weekly + +# keep 4 weeks worth of backlogs +rotate 4 + +# create new (empty) log files after rotating old ones +create + +# uncomment this if you want your log files compressed +#compress + +# packages drop log rotation information into this directory +include /etc/logrotate.d + +# no packages own wtmp, or btmp -- we'll rotate them here +/var/log/wtmp { + missingok + monthly + create 0664 root utmp + rotate 1 +} + +/var/log/btmp { + missingok + monthly + create 0660 root utmp + rotate 1 +} + +# system-specific logs may be configured here +/var/www/code/log/*.log { + weekly + missingok + rotate 52 + compress + delaycompress + create 640 code code + sharedscripts + postrotate + touch /var/www/code/restart_files/restart.txt + endscript +} + +/var/log/reposman.log { + weekly + missingok + rotate 52 + compress + delaycompress + create 640 www-data code + sharedscripts +} + +/var/log/external-repos.log { + weekly + missingok + rotate 52 + compress + delaycompress + create 640 www-data code + sharedscripts +} + diff -r d0d59d12db94 -r d8949733849d deploy/config/passenger.conf --- /dev/null +++ b/deploy/config/passenger.conf @@ -0,0 +1,2 @@ +PassengerMaxPoolSize 60 + diff -r d0d59d12db94 -r d8949733849d deploy/config/passenger.load --- /dev/null +++ b/deploy/config/passenger.load @@ -0,0 +1,3 @@ +LoadModule passenger_module /var/lib/gems/2.3.0/gems/passenger-4.0.60/buildout/apache2/mod_passenger.so +PassengerRoot /var/lib/gems/2.3.0/gems/passenger-4.0.60 +PassengerDefaultRuby /usr/bin/ruby2.3 diff -r d0d59d12db94 -r d8949733849d deploy/config/perl.conf --- /dev/null +++ b/deploy/config/perl.conf @@ -0,0 +1,4 @@ +# Apache::DBI is supposed to be a transparent replacement for Perl DBI with +# better performance when multiple connections are made with common DSN, user +# and password +PerlModule Apache::DBI