summaryrefslogtreecommitdiff
path: root/public
diff options
context:
space:
mode:
Diffstat (limited to 'public')
-rwxr-xr-xpublic/fs/etc/pagure/pagure-cfg.sh12
-rw-r--r--public/fs/etc/pagure/pagure.cfg.in184
-rw-r--r--public/fs/etc/systemd/system/pagure_docs_web.service16
-rw-r--r--public/fs/etc/systemd/system/pagure_web.service16
4 files changed, 228 insertions, 0 deletions
diff --git a/public/fs/etc/pagure/pagure-cfg.sh b/public/fs/etc/pagure/pagure-cfg.sh
new file mode 100755
index 0000000..22e1e05
--- /dev/null
+++ b/public/fs/etc/pagure/pagure-cfg.sh
@@ -0,0 +1,12 @@
+#!/bin/sh
+
+set -eu
+
+source /root/config/private/fs/etc/server.ports
+source /root/config/private/keys/pagure/pagure.keys
+
+sed -e 's/@ssh_port@/'${ssh_port}'/g' \
+ -e 's/@pagure_flask_key@/'${pagure_flask_key}'/g' \
+ -e 's/@pagure_pgsql_key@/'${pagure_pgsql_key}'/g' \
+ -e 's/@pagure_email_key@/'${pagure_email_key}'/g' \
+ "$1"
diff --git a/public/fs/etc/pagure/pagure.cfg.in b/public/fs/etc/pagure/pagure.cfg.in
new file mode 100644
index 0000000..0c5c353
--- /dev/null
+++ b/public/fs/etc/pagure/pagure.cfg.in
@@ -0,0 +1,184 @@
+import os
+from datetime import timedelta
+from pagure.default_config import ACLS
+
+
+### site meta
+INSTANCE_NAME = 'midipix'
+ADMIN_EMAIL = 'pagure@midipix.org'
+THEME = 'midipix'
+
+
+### pagure authentication
+GIT_AUTH_BACKEND = "pagure"
+HTTP_REPO_ACCESS_GITOLITE = None
+
+
+### site options
+DISABLE_REMOTE_PR = False
+ENABLE_NEW_PROJECTS = True
+ENABLE_UI_NEW_PROJECTS = False
+ENABLE_GROUP_MNGT = False
+ENABLE_TICKETS = True
+ENABLE_DOCS = True
+
+
+# project options
+PRIVATE_PROJECTS = True
+
+
+### flask
+SECRET_KEY = '@pagure_flask_key@'
+
+
+### pgsql
+DB_URL = 'postgres://pagure:@pagure_pgsql_key@@localhost/pagure'
+
+### site administration
+FEDMSG_NOTIFICATIONS = False
+PAGURE_AUTH = 'local'
+PAGURE_ADMIN_USERS = ['midipix']
+ADMIN_GROUP = ['sysadmin-main']
+ADMIN_SESSION_LIFETIME = timedelta(minutes=120)
+
+
+USER_ACLS = [
+ key
+ for key in ACLS.keys()
+ if key not in [
+ 'generate_acls_project',
+ 'internal_access',
+ 'create_project'
+ ]
+]
+
+
+ADMIN_API_ACLS = [
+ 'internal_access',
+ 'issue_comment',
+ 'issue_create',
+ 'issue_change_status',
+ 'pull_request_flag',
+ 'pull_request_comment',
+ 'pull_request_merge',
+ 'generate_acls_project',
+ 'commit_flag',
+ 'create_branch',
+ 'create_project',
+ 'tag_project',
+]
+
+
+### email options
+EMAIL_ERROR = 'root@localhost'
+EMAIL_SEND = True
+VIRUS_SCAN_ATTACHMENTS = False
+
+
+### SMTP settings
+SMTP_SERVER = 'localhost'
+SMTP_PORT = 25
+SMTP_SSL = False
+SMTP_USERNAME = None
+SMTP_PASSWORD = None
+
+FROM_EMAIL = 'pagure@midipix.org'
+SALT_EMAIL = '@pagure_email_key@'
+DOMAIN_EMAIL_NOTIFICATIONS = 'midipix.org'
+
+
+### web frontend
+APP_URL = 'https://pagure.midipix.org'
+DOC_APP_URL = 'https://docs.foss21.org'
+
+SHORT_LENGTH = 6
+ITEM_PER_PAGE = 50
+MAX_CONTENT_LENGTH = 4 * 1024 * 1024
+
+
+### web backend
+APPLICATION_ROOT = '/'
+SESSION_COOKIE_NAME = 'pagure_at_midipix_dot_org'
+SESSION_COOKIE_SECURE = True
+CHECK_SESSION_IP = False
+OLD_VIEW_COMMIT_ENABLED = False
+
+
+### git frontend
+GIT_URL_SSH = 'ssh://git@midipix.org:@ssh_port@/'
+GIT_URL_GIT = 'https://pagure.midipix.org/'
+
+
+### gunicorn
+IP_ALLOWED_INTERNAL = ['10.8.0.1', '127.0.0.1', 'localhost', '::1', '']
+
+
+### event source options
+EVENTSOURCE_SOURCE = None
+EVENTSOURCE_PORT = 8080
+WEBHOOK = False
+
+
+### redis configuration
+REDIS_HOST = '127.0.0.1'
+REDIS_PORT = 6379
+REDIS_DB = 0
+
+
+### repo-spanner (https://repospanner.org/)
+REPOSPANNER_NEW_REPO = None
+REPOSPANNER_NEW_REPO_ADMIN_OVERRIDE = False
+REPOSPANNER_NEW_FORK = True
+REPOSPANNER_ADMIN_MIGRATION = False
+REPOSPANNER_REGIONS = {}
+
+
+### git backend
+GIT_FOLDER = os.path.join(
+ '/srv',
+ 'pagure',
+ 'repositories'
+)
+
+REPOSPANNER_PSEUDO_FOLDER = os.path.join(
+ '/srv',
+ 'pagure',
+ 'pseudo'
+)
+
+REMOTE_GIT_FOLDER = os.path.join(
+ '/srv',
+ 'pagure',
+ 'remotes'
+)
+
+BLACKLISTED_PROJECTS = [
+ 'static', 'pv', 'releases', 'new', 'api', 'settings',
+ 'logout', 'login', 'users', 'groups', 'projects']
+
+
+### ssh
+SSH_KEYS_USERNAME_EXPECT = "git"
+
+SSH_COMMAND_NON_REPOSPANNER = ([
+ "/usr/bin/%(cmd)s",
+ "/srv/pagure/repositories/%(reponame)s",
+], {"GL_USER": "%(username)s"})
+
+
+SSH_KEYS_OPTIONS = (
+ 'restrict,command="/usr/lib/pagure/aclchecker.py %(username)s"'
+)
+
+
+SSH_KEYS = {
+ 'ED25519': {
+ 'pubkey': ' pagure.midipix.org,95.216.227.143,2a01:4f9:2b:20f0::2 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILp9B8XCCKYUzueIICIJBmxHIOovaup9SKJdyQWAem8U',
+ 'SHA256': ' SHA256:+KTUN+cN7AYorPHeST7SFmKyKuYzRXmIIyHlrIGdXiA',
+ },
+
+ 'RSA': {
+ 'pubkey': ' pagure.midipix.org,95.216.227.143,2a01:4f9:2b:20f0::2 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDTtBBrmKbdLetolYmLviwDc2iFNDdT5D19C9nG4QmE02M2hLHpQC32K3EAKLdKTVWPn2BAdIl0KuUw/6k6F9XUklFDW+rprM1hiHwTjJKMEn1p8gY0iCEZHGAxjcejiiRYCc4iwvzuuHjMMlbaOrQbiPP/GD8BG1KnoHbVpWHDDifzXRx8kCo6qmk5HvM9wCncqEFE/NR6bsNl4MwRXSaDgOoGKlIC3gsEizXQbxGZ7dsdcBPcw8KoLnvY8px5WCA3C2gDeTe1V5siTMsfZ/1BJoYWYsV+6AR51C1EUF5ejekdPQCCn4YbIRGIfkmY9/Kyco1AThJ3kRHXFGC8SPo06Z3NJDyxLOiOKx1qQ3/fX6t+UApESnX6EEv6ljk/37iPZyfJ//zCSnPPUR1IPDIzt3SPPp4ZJk/o3L/l2nHKdxChCPAtMOww+qjhEPg1Nwf+twSYbdxXV9eLJBTR4BPzkJ6h7qHmmHaAZtUAFHDSsMRY14y8SOGHWcr8LFfPcbo5bYFfAjdmlpd9LASpDo3GiarU6IPv9+pCdeCQfp8ereQIRW6GNByb2j/zEpPeO9KB5g6+fjVWgYZjUaqo3Kmnb5esMexvaKFdI5DjZoptGNzUSJf3v7qG4L3JF+okFXzfln80BdZfQWUiQcUBfXgCzrbam5EaIT0aFUEmtlP+ceI4rlxvhae6QG9nu6J6vDgg5reXqmrtA0eWVZ+iuTNut5aCwN9RSc8XQ+dO/9sWIifhrP614s8XX+10nOuzke1ZLVX75gozEHT+qEIIslPnAwdiRx+GZpWRDT3knGwo3cQLi/2yQNyNScyxYGnDMuS847sISH+BBVgOubqzmQDbUDl5d93EWDGN1EPc11i83j5axXdd+/9diCIxvWZzYr+0JajDT51hjJHos5MYoflvS1sGHyBmV9mIC9tIvp2pd8xtU+UC2a8etOo6BiVeXeSdqFfZ91Pdd4jkFK/bstqjyog4qopllpkApJeKb4Tpnl+7SPNu7I6hwPS/NWIVQnhGFCWUxXtzdLTzy5ybQ3444L2I+vYaZuMzaDt0nOdgV2iTFTqUtCqqm4H9SvP4PSDnizZNfNGEINpL1TCAkqfZArajJW1IJXW1v+v2ApbsspKOR4t87+EHvz87TceKLfQAiwPHYYb1pjqk022Q/EWLfyiXqK+hYCCaAMoqnjouB77+r6QEkGss6/XoQPCxhzAUixRSGExvvWZm/FJUUq5jdmN3NmT/t88d9Qd6K6KW9ACPaBKAKraTqVWPrPCDV3/iW/3HPYT8hPdMsLYeXoGKXoXOu38LV24wR+Av9+3zPXl89DHhbt72P6KSTYErqr6VZW/qCZh7pjiFsoIZjZct',
+ 'SHA256': 'SHA256:CtOLkhSF+Bj3gLt0ihzV+Q/R9KfPsVsC6MkyLMOZov8',
+ }
+}
diff --git a/public/fs/etc/systemd/system/pagure_docs_web.service b/public/fs/etc/systemd/system/pagure_docs_web.service
new file mode 100644
index 0000000..a3002f6
--- /dev/null
+++ b/public/fs/etc/systemd/system/pagure_docs_web.service
@@ -0,0 +1,16 @@
+[Unit]
+Description=Pagure docs web application
+After=postgresql.service mariadb.service mysqld.service redis.target
+Documentation=https://pagure.io/pagure
+
+
+[Service]
+ExecStart=/usr/bin/gunicorn --workers 4 --env PAGURE_CONFIG=/etc/pagure/pagure.cfg --access-logfile /var/log/pagure/access_docs_web.log --error-logfile /var/log/pagure/error_docs_web.log --bind unix:/tmp/.pagure_docs_web.sock pagure.docs_server:APP
+Type=simple
+User=git
+Group=nginx
+Restart=on-failure
+
+
+[Install]
+WantedBy=multi-user.target
diff --git a/public/fs/etc/systemd/system/pagure_web.service b/public/fs/etc/systemd/system/pagure_web.service
new file mode 100644
index 0000000..cf8f539
--- /dev/null
+++ b/public/fs/etc/systemd/system/pagure_web.service
@@ -0,0 +1,16 @@
+[Unit]
+Description=Pagure web application
+After=postgresql.service redis.target
+Documentation=https://pagure.io/pagure
+
+
+[Service]
+ExecStart=/usr/bin/gunicorn --workers 4 --env PAGURE_CONFIG=/etc/pagure/pagure.cfg --access-logfile /var/log/pagure/access_web.log --error-logfile /var/log/pagure/error_web.log --bind unix:/tmp/.pagure_web.sock "pagure.flask_app:create_app()"
+Type=simple
+User=git
+Group=nginx
+Restart=on-failure
+
+
+[Install]
+WantedBy=multi-user.target