diff --git a/public/fs/etc/pagure/pagure-cfg.sh b/public/fs/etc/pagure/pagure-cfg.sh new file mode 100755 index 0000000..22e1e05 --- /dev/null +++ b/public/fs/etc/pagure/pagure-cfg.sh @@ -0,0 +1,12 @@ +#!/bin/sh + +set -eu + +source /root/config/private/fs/etc/server.ports +source /root/config/private/keys/pagure/pagure.keys + +sed -e 's/@ssh_port@/'${ssh_port}'/g' \ + -e 's/@pagure_flask_key@/'${pagure_flask_key}'/g' \ + -e 's/@pagure_pgsql_key@/'${pagure_pgsql_key}'/g' \ + -e 's/@pagure_email_key@/'${pagure_email_key}'/g' \ + "$1" diff --git a/public/fs/etc/pagure/pagure.cfg.in b/public/fs/etc/pagure/pagure.cfg.in new file mode 100644 index 0000000..0c5c353 --- /dev/null +++ b/public/fs/etc/pagure/pagure.cfg.in @@ -0,0 +1,184 @@ +import os +from datetime import timedelta +from pagure.default_config import ACLS + + +### site meta +INSTANCE_NAME = 'midipix' +ADMIN_EMAIL = 'pagure@midipix.org' +THEME = 'midipix' + + +### pagure authentication +GIT_AUTH_BACKEND = "pagure" +HTTP_REPO_ACCESS_GITOLITE = None + + +### site options +DISABLE_REMOTE_PR = False +ENABLE_NEW_PROJECTS = True +ENABLE_UI_NEW_PROJECTS = False +ENABLE_GROUP_MNGT = False +ENABLE_TICKETS = True +ENABLE_DOCS = True + + +# project options +PRIVATE_PROJECTS = True + + +### flask +SECRET_KEY = '@pagure_flask_key@' + + +### pgsql +DB_URL = 'postgres://pagure:@pagure_pgsql_key@@localhost/pagure' + +### site administration +FEDMSG_NOTIFICATIONS = False +PAGURE_AUTH = 'local' +PAGURE_ADMIN_USERS = ['midipix'] +ADMIN_GROUP = ['sysadmin-main'] +ADMIN_SESSION_LIFETIME = timedelta(minutes=120) + + +USER_ACLS = [ + key + for key in ACLS.keys() + if key not in [ + 'generate_acls_project', + 'internal_access', + 'create_project' + ] +] + + +ADMIN_API_ACLS = [ + 'internal_access', + 'issue_comment', + 'issue_create', + 'issue_change_status', + 'pull_request_flag', + 'pull_request_comment', + 'pull_request_merge', + 'generate_acls_project', + 'commit_flag', + 'create_branch', + 'create_project', + 'tag_project', +] + + +### email options +EMAIL_ERROR = 'root@localhost' +EMAIL_SEND = True +VIRUS_SCAN_ATTACHMENTS = False + + +### SMTP settings +SMTP_SERVER = 'localhost' +SMTP_PORT = 25 +SMTP_SSL = False +SMTP_USERNAME = None +SMTP_PASSWORD = None + +FROM_EMAIL = 'pagure@midipix.org' +SALT_EMAIL = '@pagure_email_key@' +DOMAIN_EMAIL_NOTIFICATIONS = 'midipix.org' + + +### web frontend +APP_URL = 'https://pagure.midipix.org' +DOC_APP_URL = 'https://docs.foss21.org' + +SHORT_LENGTH = 6 +ITEM_PER_PAGE = 50 +MAX_CONTENT_LENGTH = 4 * 1024 * 1024 + + +### web backend +APPLICATION_ROOT = '/' +SESSION_COOKIE_NAME = 'pagure_at_midipix_dot_org' +SESSION_COOKIE_SECURE = True +CHECK_SESSION_IP = False +OLD_VIEW_COMMIT_ENABLED = False + + +### git frontend +GIT_URL_SSH = 'ssh://git@midipix.org:@ssh_port@/' +GIT_URL_GIT = 'https://pagure.midipix.org/' + + +### gunicorn +IP_ALLOWED_INTERNAL = ['10.8.0.1', '127.0.0.1', 'localhost', '::1', ''] + + +### event source options +EVENTSOURCE_SOURCE = None +EVENTSOURCE_PORT = 8080 +WEBHOOK = False + + +### redis configuration +REDIS_HOST = '127.0.0.1' +REDIS_PORT = 6379 +REDIS_DB = 0 + + +### repo-spanner (https://repospanner.org/) +REPOSPANNER_NEW_REPO = None +REPOSPANNER_NEW_REPO_ADMIN_OVERRIDE = False +REPOSPANNER_NEW_FORK = True +REPOSPANNER_ADMIN_MIGRATION = False +REPOSPANNER_REGIONS = {} + + +### git backend +GIT_FOLDER = os.path.join( + '/srv', + 'pagure', + 'repositories' +) + +REPOSPANNER_PSEUDO_FOLDER = os.path.join( + '/srv', + 'pagure', + 'pseudo' +) + +REMOTE_GIT_FOLDER = os.path.join( + '/srv', + 'pagure', + 'remotes' +) + +BLACKLISTED_PROJECTS = [ + 'static', 'pv', 'releases', 'new', 'api', 'settings', + 'logout', 'login', 'users', 'groups', 'projects'] + + +### ssh +SSH_KEYS_USERNAME_EXPECT = "git" + +SSH_COMMAND_NON_REPOSPANNER = ([ + "/usr/bin/%(cmd)s", + "/srv/pagure/repositories/%(reponame)s", +], {"GL_USER": "%(username)s"}) + + +SSH_KEYS_OPTIONS = ( + 'restrict,command="/usr/lib/pagure/aclchecker.py %(username)s"' +) + + +SSH_KEYS = { + 'ED25519': { + 'pubkey': ' pagure.midipix.org,95.216.227.143,2a01:4f9:2b:20f0::2 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILp9B8XCCKYUzueIICIJBmxHIOovaup9SKJdyQWAem8U', + 'SHA256': ' SHA256:+KTUN+cN7AYorPHeST7SFmKyKuYzRXmIIyHlrIGdXiA', + }, + + 'RSA': { + 'pubkey': ' pagure.midipix.org,95.216.227.143,2a01:4f9:2b:20f0::2 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDTtBBrmKbdLetolYmLviwDc2iFNDdT5D19C9nG4QmE02M2hLHpQC32K3EAKLdKTVWPn2BAdIl0KuUw/6k6F9XUklFDW+rprM1hiHwTjJKMEn1p8gY0iCEZHGAxjcejiiRYCc4iwvzuuHjMMlbaOrQbiPP/GD8BG1KnoHbVpWHDDifzXRx8kCo6qmk5HvM9wCncqEFE/NR6bsNl4MwRXSaDgOoGKlIC3gsEizXQbxGZ7dsdcBPcw8KoLnvY8px5WCA3C2gDeTe1V5siTMsfZ/1BJoYWYsV+6AR51C1EUF5ejekdPQCCn4YbIRGIfkmY9/Kyco1AThJ3kRHXFGC8SPo06Z3NJDyxLOiOKx1qQ3/fX6t+UApESnX6EEv6ljk/37iPZyfJ//zCSnPPUR1IPDIzt3SPPp4ZJk/o3L/l2nHKdxChCPAtMOww+qjhEPg1Nwf+twSYbdxXV9eLJBTR4BPzkJ6h7qHmmHaAZtUAFHDSsMRY14y8SOGHWcr8LFfPcbo5bYFfAjdmlpd9LASpDo3GiarU6IPv9+pCdeCQfp8ereQIRW6GNByb2j/zEpPeO9KB5g6+fjVWgYZjUaqo3Kmnb5esMexvaKFdI5DjZoptGNzUSJf3v7qG4L3JF+okFXzfln80BdZfQWUiQcUBfXgCzrbam5EaIT0aFUEmtlP+ceI4rlxvhae6QG9nu6J6vDgg5reXqmrtA0eWVZ+iuTNut5aCwN9RSc8XQ+dO/9sWIifhrP614s8XX+10nOuzke1ZLVX75gozEHT+qEIIslPnAwdiRx+GZpWRDT3knGwo3cQLi/2yQNyNScyxYGnDMuS847sISH+BBVgOubqzmQDbUDl5d93EWDGN1EPc11i83j5axXdd+/9diCIxvWZzYr+0JajDT51hjJHos5MYoflvS1sGHyBmV9mIC9tIvp2pd8xtU+UC2a8etOo6BiVeXeSdqFfZ91Pdd4jkFK/bstqjyog4qopllpkApJeKb4Tpnl+7SPNu7I6hwPS/NWIVQnhGFCWUxXtzdLTzy5ybQ3444L2I+vYaZuMzaDt0nOdgV2iTFTqUtCqqm4H9SvP4PSDnizZNfNGEINpL1TCAkqfZArajJW1IJXW1v+v2ApbsspKOR4t87+EHvz87TceKLfQAiwPHYYb1pjqk022Q/EWLfyiXqK+hYCCaAMoqnjouB77+r6QEkGss6/XoQPCxhzAUixRSGExvvWZm/FJUUq5jdmN3NmT/t88d9Qd6K6KW9ACPaBKAKraTqVWPrPCDV3/iW/3HPYT8hPdMsLYeXoGKXoXOu38LV24wR+Av9+3zPXl89DHhbt72P6KSTYErqr6VZW/qCZh7pjiFsoIZjZct', + 'SHA256': 'SHA256:CtOLkhSF+Bj3gLt0ihzV+Q/R9KfPsVsC6MkyLMOZov8', + } +} diff --git a/public/fs/etc/systemd/system/pagure_docs_web.service b/public/fs/etc/systemd/system/pagure_docs_web.service new file mode 100644 index 0000000..a3002f6 --- /dev/null +++ b/public/fs/etc/systemd/system/pagure_docs_web.service @@ -0,0 +1,16 @@ +[Unit] +Description=Pagure docs web application +After=postgresql.service mariadb.service mysqld.service redis.target +Documentation=https://pagure.io/pagure + + +[Service] +ExecStart=/usr/bin/gunicorn --workers 4 --env PAGURE_CONFIG=/etc/pagure/pagure.cfg --access-logfile /var/log/pagure/access_docs_web.log --error-logfile /var/log/pagure/error_docs_web.log --bind unix:/tmp/.pagure_docs_web.sock pagure.docs_server:APP +Type=simple +User=git +Group=nginx +Restart=on-failure + + +[Install] +WantedBy=multi-user.target diff --git a/public/fs/etc/systemd/system/pagure_web.service b/public/fs/etc/systemd/system/pagure_web.service new file mode 100644 index 0000000..cf8f539 --- /dev/null +++ b/public/fs/etc/systemd/system/pagure_web.service @@ -0,0 +1,16 @@ +[Unit] +Description=Pagure web application +After=postgresql.service redis.target +Documentation=https://pagure.io/pagure + + +[Service] +ExecStart=/usr/bin/gunicorn --workers 4 --env PAGURE_CONFIG=/etc/pagure/pagure.cfg --access-logfile /var/log/pagure/access_web.log --error-logfile /var/log/pagure/error_web.log --bind unix:/tmp/.pagure_web.sock "pagure.flask_app:create_app()" +Type=simple +User=git +Group=nginx +Restart=on-failure + + +[Install] +WantedBy=multi-user.target