From 2b9510c39477e208bef7786927d8ec97b6857215 Mon Sep 17 00:00:00 2001 From: Christopher Brannon Date: Mon, 28 Jun 2021 05:22:58 -0700 Subject: Check in web server config. --- server-config/www.the-brannons.com/etc/cgitrc | 25 +++ .../etc/lighttpd/handle-acme.lua | 8 + .../etc/lighttpd/lighttpd.conf | 95 ++++++++++ .../www.the-brannons.com/etc/lighttpd/mime.conf | 56 ++++++ .../www.the-brannons.com/etc/sv/gitolite/run | 5 + .../var/lib/gitolite/.gitolite | 203 +++++++++++++++++++++ .../lib/gitolite/cgi-environ/GITOLITE_HTTP_HOME | 1 + .../lib/gitolite/cgi-environ/GIT_HTTP_EXPORT_ALL | 1 + .../var/lib/gitolite/cgi-environ/GIT_PROJECT_ROOT | 1 + .../var/lib/gitolite/cgi-environ/HOME | 1 + .../www.the-brannons.com/var/lib/gitolite/web/git | 3 + 11 files changed, 399 insertions(+) create mode 100644 server-config/www.the-brannons.com/etc/cgitrc create mode 100644 server-config/www.the-brannons.com/etc/lighttpd/handle-acme.lua create mode 100644 server-config/www.the-brannons.com/etc/lighttpd/lighttpd.conf create mode 100644 server-config/www.the-brannons.com/etc/lighttpd/mime.conf create mode 100755 server-config/www.the-brannons.com/etc/sv/gitolite/run create mode 100644 server-config/www.the-brannons.com/var/lib/gitolite/.gitolite create mode 100644 server-config/www.the-brannons.com/var/lib/gitolite/cgi-environ/GITOLITE_HTTP_HOME create mode 100644 server-config/www.the-brannons.com/var/lib/gitolite/cgi-environ/GIT_HTTP_EXPORT_ALL create mode 100644 server-config/www.the-brannons.com/var/lib/gitolite/cgi-environ/GIT_PROJECT_ROOT create mode 100644 server-config/www.the-brannons.com/var/lib/gitolite/cgi-environ/HOME create mode 100755 server-config/www.the-brannons.com/var/lib/gitolite/web/git diff --git a/server-config/www.the-brannons.com/etc/cgitrc b/server-config/www.the-brannons.com/etc/cgitrc new file mode 100644 index 0000000..7b8463c --- /dev/null +++ b/server-config/www.the-brannons.com/etc/cgitrc @@ -0,0 +1,25 @@ +about-filter=/usr/lib/cgit/filters/about-formatting.sh +clone-prefix=/git +css=/cgit/cgit.css +logo=/cgit/cgit.png + +# Allow http transport git clone +#enable-http-clone=0 + +snapshots=all + +# if you do not want that webcrawler (like google) index your site +robots=noindex, nofollow + +# if cgit messes up links, use a virtual-root. For example, cgit.example.org/ has this value: +virtual-root=/cgit/cgit.cgi/ +repo.url=nawp +repo.path=/var/lib/gitolite/repositories/nawp.git +repo.desc=NAWP Aint WordPress +repo.readme=master:README.md +repo.url=chicken-xml-rpc +repo.path=/var/lib/gitolite/repositories/chicken-xml-rpc.git +repo.desc=xml-rpc egg for Chicken 5.x +repo.url=random-things +repo.path=/var/lib/gitolite/repositories/random-things.git +repo.desc=collection of random Chris things diff --git a/server-config/www.the-brannons.com/etc/lighttpd/handle-acme.lua b/server-config/www.the-brannons.com/etc/lighttpd/handle-acme.lua new file mode 100644 index 0000000..b27d95f --- /dev/null +++ b/server-config/www.the-brannons.com/etc/lighttpd/handle-acme.lua @@ -0,0 +1,8 @@ +# To the best of my knowledge, the thumbprint doesn't have to be +# kept secret, so I'll let it all hang out, as it were: +# Take the thing after /.well-known/acme-challenge/ from the path: + challenge = lighty.env["uri.path"]:sub(29) +ret = challenge .. '.N0Jo0TsZjiLudJJSasZ2ZGMTrMRe6_44SywWheEZTk8' +lighty.header["Content-Type"] = "text/plain" +lighty.content = { ret } +return 200 diff --git a/server-config/www.the-brannons.com/etc/lighttpd/lighttpd.conf b/server-config/www.the-brannons.com/etc/lighttpd/lighttpd.conf new file mode 100644 index 0000000..b575a2f --- /dev/null +++ b/server-config/www.the-brannons.com/etc/lighttpd/lighttpd.conf @@ -0,0 +1,95 @@ +# This is a minimal example config +# See /usr/share/doc/lighttpd +# and http://redmine.lighttpd.net/projects/lighttpd/wiki/Docs:ConfigurationOptions + +server.bind = "0.0.0.0" +server.port = 80 +server.username = "_lighttpd" +server.groupname = "_lighttpd" +server.document-root = "/srv/http/the-brannons.com" +server.errorlog = "/var/log/lighttpd/error.log" +server.modules = ( + "mod_access", + "mod_simple_vhost", + "mod_accesslog", + "mod_cgi", + "mod_fastcgi", + "mod_proxy", + "mod_rewrite", + "mod_openssl" +) +server.breakagelog = "/var/log/lighttpd/breakage.log" + +$SERVER["socket"] == "[::]:80" { +} + +ssl.pemfile = "/etc/ssl/acme/the-brannons.com/fullchain" +ssl.privkey = "/etc/ssl/acme/the-brannons.com/privkey" +$SERVER["socket"] == ":443" { + ssl.engine = "enable" +} +$SERVER["socket"] == "[::]:443" { + ssl.engine = "enable" +} + +dir-listing.activate = "enable" +index-file.names = ( "index.html" ) +include "mime.conf" + +accesslog.filename = "/var/log/lighttpd/access.log" + +server.modules += ( "mod_magnet" ) +$HTTP["url"] =~ "^/\.well-known/acme-challenge/([-_a-zA-Z0-9]+)$" { +magnet.attract-raw-url-to = ( "/etc/lighttpd/handle-acme.lua" ) +} + +simple-vhost.server-root = "/srv/http/" +simple-vhost.default-host = "default" + +$HTTP["url"] =~ "^/cgi-bin" { + cgi.assign = ( "" => "" ) + dir-listing.activate = "disable" +} + +$HTTP["host"] == "blvuug.org" { + $HTTP["url"] =~ "^/salmonella" { +proxy.server = ( + "" => ( +"blvuug.org" => +("host" => "192.168.122.83", "port" => 80))) +} +$HTTP["url"] !~ "^/salmonella" { +proxy.server = ( + "" => ( +"blvuug.org" => +("host" => "10.4.21.2", "port" => 5001))) +} +} +$HTTP["host"] == "salmonella-freebsd-x86-64.call-cc.org" { + $HTTP["url"] =~ "^/salmonella" { +proxy.server = ( + "" => ( +"salmonella-freebsd-x86-64.call-cc.org" => +("host" => "192.168.122.83", "port" => 80))) +} +$HTTP["url"] !~ "^/salmonella" { + url.access-deny = ("") +} +} +$HTTP["host"] == "bitwarden.number89.net" { +proxy.server = ( + "" => ( +"bitwarden.number89.net" => +("host" => "10.4.21.3", "port" => 5002))) +} + +cgi.x-sendfile = "enable" + +fastcgi.server = ("/git" => +(("socket" => "/run/gitolite/gitolite.sock", +"docroot" => "/var/lib/gitolite/web"))) + +$HTTP["url"] =~ "^/cgit" { + server.indexfiles = ("cgit.cgi") + cgi.assign = ("cgit.cgi" => "") +} diff --git a/server-config/www.the-brannons.com/etc/lighttpd/mime.conf b/server-config/www.the-brannons.com/etc/lighttpd/mime.conf new file mode 100644 index 0000000..49a37c7 --- /dev/null +++ b/server-config/www.the-brannons.com/etc/lighttpd/mime.conf @@ -0,0 +1,56 @@ +mimetype.use-xattr = "enable" +mimetype.xattr-name = "user.Content-Type" +mimetype.assign = ( ".html" => "text/html; charset=utf-8", +".txt" => "text/plain; charset=utf-8", +".jpg" => "image/jpeg", +".png" => "image/png", +".htm" => "text/html; charset=utf-8", +".xml" => "text/xml; charset=utf-8", +".rss20" => "text/xml; charset=utf-8", + ".pdf" => "application/pdf", + ".sig" => "application/pgp-signature", + ".spl" => "application/futuresplash", + ".class" => "application/octet-stream", + ".ps" => "application/postscript", + ".torrent" => "application/x-bittorrent", + ".dvi" => "application/x-dvi", + ".pac" => "application/x-ns-proxy-autoconfig", + ".swf" => "application/x-shockwave-flash", + ".tar.gz" => "application/x-tgz", + ".tgz" => "application/x-tgz", + ".gz" => "application/x-gzip", + ".tar" => "application/x-tar", + ".zip" => "application/zip", + ".mp3" => "audio/mpeg", + ".m3u" => "audio/x-mpegurl", + ".wma" => "audio/x-ms-wma", + ".wax" => "audio/x-ms-wax", + ".ogg" => "audio/ogg", + ".wav" => "audio/x-wav", + ".gif" => "image/gif", + ".jpeg" => "image/jpeg", + ".xbm" => "image/x-xbitmap", + ".xpm" => "image/x-xpixmap", + ".xwd" => "image/x-xwindowdump", + ".css" => "text/css", + ".js" => "text/javascript; charset=utf-8", + ".c" => "text/plain; charset=utf-8", + ".cpp" => "text/plain; charset=utf-8", + ".log" => "text/plain; charset=utf-8", + ".conf" => "text/plain; charset=utf-8", + ".text" => "text/plain; charset=utf-8", + ".dtd" => "text/xml; charset=utf-8", + ".mpeg" => "video/mpeg", + ".mpg" => "video/mpeg", + ".mov" => "video/quicktime", + ".qt" => "video/quicktime", + ".avi" => "video/x-msvideo", + ".asf" => "video/x-ms-asf", + ".asx" => "video/x-ms-asf", + ".wmv" => "video/x-ms-wmv", + ".tbz" => "application/x-bzip-compressed-tar", + ".tar.bz2" => "application/x-bzip-compressed-tar", + ".bz2" => "application/x-bzip", + ".rpm" => "application/x-rpm", + # make the default mime type application/octet-stream. + "" => "application/octet-stream") diff --git a/server-config/www.the-brannons.com/etc/sv/gitolite/run b/server-config/www.the-brannons.com/etc/sv/gitolite/run new file mode 100755 index 0000000..b8207d9 --- /dev/null +++ b/server-config/www.the-brannons.com/etc/sv/gitolite/run @@ -0,0 +1,5 @@ +#!/bin/sh +# You'll want spawn-fcgi and fcgiwrap to run gitolite as cgi. +install -d --group=gitolite --mode=0755 --owner=gitolite /run/gitolite +umask 0002 +exec spawn-fcgi -u gitolite -g gitolite -s /run/gitolite/gitolite.sock -n -d / -- /usr/bin/fcgiwrap -f diff --git a/server-config/www.the-brannons.com/var/lib/gitolite/.gitolite b/server-config/www.the-brannons.com/var/lib/gitolite/.gitolite new file mode 100644 index 0000000..01e79be --- /dev/null +++ b/server-config/www.the-brannons.com/var/lib/gitolite/.gitolite @@ -0,0 +1,203 @@ +# configuration variables for gitolite + +# This file is in perl syntax. But you do NOT need to know perl to edit it -- +# just mind the commas, use single quotes unless you know what you're doing, +# and make sure the brackets and braces stay matched up! + +# (Tip: perl allows a comma after the last item in a list also!) + +# HELP for commands can be had by running the command with "-h". + +# HELP for all the other FEATURES can be found in the documentation (look for +# "list of non-core programs shipped with gitolite" in the master index) or +# directly in the corresponding source file. + +%RC = ( + + # ------------------------------------------------------------------ + + # default umask gives you perms of '0700'; see the rc file docs for + # how/why you might change this + UMASK => 0027, + + # look for "git-config" in the documentation + GIT_CONFIG_KEYS => '', + + # comment out if you don't need all the extra detail in the logfile + LOG_EXTRA => 1, + # logging options + # 1. leave this section as is for 'normal' gitolite logging (default) + # 2. uncomment this line to log ONLY to syslog: + # LOG_DEST => 'syslog', + # 3. uncomment this line to log to syslog and the normal gitolite log: + # LOG_DEST => 'syslog,normal', + # 4. prefixing "repo-log," to any of the above will **also** log just the + # update records to "gl-log" in the bare repo directory: + # LOG_DEST => 'repo-log,normal', + # LOG_DEST => 'repo-log,syslog', + # LOG_DEST => 'repo-log,syslog,normal', + # syslog 'facility': defaults to 'local0', uncomment if needed. For example: + # LOG_FACILITY => 'local4', + + # roles. add more roles (like MANAGER, TESTER, ...) here. + # WARNING: if you make changes to this hash, you MUST run 'gitolite + # compile' afterward, and possibly also 'gitolite trigger POST_COMPILE' + ROLES => { + READERS => 1, + WRITERS => 1, + }, + + HTTP_ANON_USER => 'anonymous', + # enable caching (currently only Redis). PLEASE RTFM BEFORE USING!!! + # CACHE => 'Redis', + + # ------------------------------------------------------------------ + + # rc variables used by various features + + # the 'info' command prints this as additional info, if it is set + # SITE_INFO => 'Please see http://blahblah/gitolite for more help', + + # the CpuTime feature uses these + # display user, system, and elapsed times to user after each git operation + # DISPLAY_CPU_TIME => 1, + # display a warning if total CPU times (u, s, cu, cs) crosses this limit + # CPU_TIME_WARN_LIMIT => 0.1, + + # the Mirroring feature needs this + # HOSTNAME => "foo", + + # TTL for redis cache; PLEASE SEE DOCUMENTATION BEFORE UNCOMMENTING! + # CACHE_TTL => 600, + + # ------------------------------------------------------------------ + + # suggested locations for site-local gitolite code (see cust.html) + + # this one is managed directly on the server + # LOCAL_CODE => "$ENV{HOME}/local", + + # or you can use this, which lets you put everything in a subdirectory + # called "local" in your gitolite-admin repo. For a SECURITY WARNING + # on this, see http://gitolite.com/gitolite/non-core.html#pushcode + # LOCAL_CODE => "$rc{GL_ADMIN_BASE}/local", + + # ------------------------------------------------------------------ + + # List of commands and features to enable + + ENABLE => [ + + # COMMANDS + + # These are the commands enabled by default + 'help', + 'desc', + 'info', + 'perms', + 'writable', + + # Uncomment or add new commands here. + # 'create', + # 'fork', + # 'mirror', + # 'readme', + # 'sskm', + # 'D', + + # These FEATURES are enabled by default. + + # essential (unless you're using smart-http mode) + 'ssh-authkeys', + + # creates git-config entries from gitolite.conf file entries like 'config foo.bar = baz' + 'git-config', + + # creates git-daemon-export-ok files; if you don't use git-daemon, comment this out + 'daemon', + + # creates projects.list file; if you don't use gitweb, comment this out + 'gitweb', + + # These FEATURES are disabled by default; uncomment to enable. If you + # need to add new ones, ask on the mailing list :-) + + # user-visible behaviour + + # prevent wild repos auto-create on fetch/clone + # 'no-create-on-read', + # no auto-create at all (don't forget to enable the 'create' command!) + # 'no-auto-create', + + # access a repo by another (possibly legacy) name + # 'Alias', + + # give some users direct shell access. See documentation in + # sts.html for details on the following two choices. + # "Shell $ENV{HOME}/.gitolite.shell-users", + # 'Shell alice bob', + + # set default roles from lines like 'option default.roles-1 = ...', etc. + # 'set-default-roles', + + # show more detailed messages on deny + # 'expand-deny-messages', + + # show a message of the day + # 'Motd', + + # system admin stuff + + # enable mirroring (don't forget to set the HOSTNAME too!) + # 'Mirroring', + + # allow people to submit pub files with more than one key in them + # 'ssh-authkeys-split', + + # selective read control hack + # 'partial-copy', + + # manage local, gitolite-controlled, copies of read-only upstream repos + # 'upstream', + + # updates 'description' file instead of 'gitweb.description' config item + # 'cgit', + + # allow repo-specific hooks to be added + # 'repo-specific-hooks', + + # performance, logging, monitoring... + + # be nice + # 'renice 10', + + # log CPU times (user, system, cumulative user, cumulative system) + # 'CpuTime', + + # syntactic_sugar for gitolite.conf and included files + + # allow backslash-escaped continuation lines in gitolite.conf + # 'continuation-lines', + + # create implicit user groups from directory names in keydir/ + # 'keysubdirs-as-groups', + + # allow simple line-oriented macros + # 'macros', + + # Kindergarten mode + + # disallow various things that sensible people shouldn't be doing anyway + # 'Kindergarten', + ], + +); + +# ------------------------------------------------------------------------------ +# per perl rules, this should be the last line in such a file: +1; + +# Local variables: +# mode: perl +# End: +# vim: set syn=perl: diff --git a/server-config/www.the-brannons.com/var/lib/gitolite/cgi-environ/GITOLITE_HTTP_HOME b/server-config/www.the-brannons.com/var/lib/gitolite/cgi-environ/GITOLITE_HTTP_HOME new file mode 100644 index 0000000..b62d1f1 --- /dev/null +++ b/server-config/www.the-brannons.com/var/lib/gitolite/cgi-environ/GITOLITE_HTTP_HOME @@ -0,0 +1 @@ +/var/lib/gitolite diff --git a/server-config/www.the-brannons.com/var/lib/gitolite/cgi-environ/GIT_HTTP_EXPORT_ALL b/server-config/www.the-brannons.com/var/lib/gitolite/cgi-environ/GIT_HTTP_EXPORT_ALL new file mode 100644 index 0000000..8b13789 --- /dev/null +++ b/server-config/www.the-brannons.com/var/lib/gitolite/cgi-environ/GIT_HTTP_EXPORT_ALL @@ -0,0 +1 @@ + diff --git a/server-config/www.the-brannons.com/var/lib/gitolite/cgi-environ/GIT_PROJECT_ROOT b/server-config/www.the-brannons.com/var/lib/gitolite/cgi-environ/GIT_PROJECT_ROOT new file mode 100644 index 0000000..b53d4b7 --- /dev/null +++ b/server-config/www.the-brannons.com/var/lib/gitolite/cgi-environ/GIT_PROJECT_ROOT @@ -0,0 +1 @@ +/var/lib/gitolite/repositories diff --git a/server-config/www.the-brannons.com/var/lib/gitolite/cgi-environ/HOME b/server-config/www.the-brannons.com/var/lib/gitolite/cgi-environ/HOME new file mode 100644 index 0000000..b62d1f1 --- /dev/null +++ b/server-config/www.the-brannons.com/var/lib/gitolite/cgi-environ/HOME @@ -0,0 +1 @@ +/var/lib/gitolite diff --git a/server-config/www.the-brannons.com/var/lib/gitolite/web/git b/server-config/www.the-brannons.com/var/lib/gitolite/web/git new file mode 100755 index 0000000..52b2ba5 --- /dev/null +++ b/server-config/www.the-brannons.com/var/lib/gitolite/web/git @@ -0,0 +1,3 @@ +#!/usr/bin/execlineb +# This is executed as a CGI script under fcgiwrap. +chpst -e /var/lib/gitolite/cgi-environ /usr/lib/gitolite/gitolite-shell -- cgit v1.2.3