From 016f516f09604233a00205bd9cfaa10bc9d277ed Mon Sep 17 00:00:00 2001
From: Christian Boltz <cboltz@opensuse.org>
Date: Oct 28 2020 20:53:48 +0000
Subject: Merge branch 'hellcp/pagure-fixes' into 'production'


Add requested changes to the config

See merge request infra/salt!445
---

diff --git a/pillar/id/pagure01_infra_opensuse_org.sls b/pillar/id/pagure01_infra_opensuse_org.sls
index fd16785..1f32a46 100644
--- a/pillar/id/pagure01_infra_opensuse_org.sls
+++ b/pillar/id/pagure01_infra_opensuse_org.sls
@@ -14,7 +14,10 @@ grains:
   documentation: []
   responsible:
     - hellcp
+    - Pharaoh_Atem
   partners: []
   weburls:
     - https://code.opensuse.org
     - https://pages.opensuse.org
+    - https://releases.opensuse.org
+    - https://ev.opensuse.org
diff --git a/pillar/role/pagure.sls b/pillar/role/pagure.sls
index 84acfbf..aeaa4e1 100644
--- a/pillar/role/pagure.sls
+++ b/pillar/role/pagure.sls
@@ -4,6 +4,15 @@ include:
 {% endif %}
   - role.common.nginx
 
+sshd_config:
+  matches:
+    git_user:
+      type:
+        User: git
+      options:
+        AuthorizedKeysCommand /usr/lib/pagure/keyhelper.py "%u" "%h" "%t" "%f"
+        AuthorizedKeysCommandUser git
+
 profile:
   pagure:
     database_user: pagure
@@ -33,7 +42,32 @@ nginx:
                     - try_files: $uri @pagure
                 - location /releases:
                     - alias: /srv/www/pagure-releases/
-                    - autoindex: on
+                    - autoindex: 'on'
+          enabled: True
+        releases.opensuse.org.conf:
+          config:
+            - server:
+                - server_name: releases.opensuse.org
+                - listen:
+                    - 80
+                - location /:
+                    - alias: /srv/www/pagure-releases/
+                    - autoindex: 'on'
+          enabled: True
+        ev.opensuse.org.conf:
+          config:
+            - server:
+                - server_name: ev.opensuse.org
+                - listen:
+                    - 80
+                - location @pagure_ev:
+                    - proxy_set_header: Host $http_host
+                    - proxy_set_header: X-Real-IP $remote_addr
+                    - proxy_set_header: X-Forwarded-For $proxy_add_x_forwarded_for
+                    - proxy_set_header: X-Forwarded-Proto $scheme
+                    - proxy_pass: http://localhost:8080
+                - location /:
+                    - try_files: $uri @pagure_ev
           enabled: True
         pages.opensuse.org.conf:
           config:
diff --git a/salt/profile/pagure/files/pagure.cfg b/salt/profile/pagure/files/pagure.cfg
index f17f886..373739c 100644
--- a/salt/profile/pagure/files/pagure.cfg
+++ b/salt/profile/pagure/files/pagure.cfg
@@ -13,7 +13,7 @@ ENABLE_TICKETS = True
 ENABLE_DOCS = True
 
 # Enables / Disables private projects
-PRIVATE_PROJECTS = True
+PRIVATE_PROJECTS = False
 
 ### Secret key for the Flask application
 SECRET_KEY='{{ pillar['profile']['pagure']['secret_key'] }}'
@@ -27,10 +27,10 @@ DB_URL = 'postgres://{{ pillar['profile']['pagure']['database_user'] }}:{{ pilla
 FEDMSG_NOTIFICATIONS = False
 
 ### The FAS group in which the admin of pagure are
-ADMIN_GROUP = ['sysadmin-main']
+#ADMIN_GROUP = ['sysadmin-main']
 
 ### Hard-coded list of global admins
-PAGURE_ADMIN_USERS = ['hellcp']
+PAGURE_ADMIN_USERS = ['hellcp', 'Pharaoh_Atem']
 
 ### Enables sending email using SMTP credentials.
 EMAIL_SEND = True
@@ -105,9 +105,12 @@ REMOTE_GIT_FOLDER = os.path.join(
 ### Whether to enable scanning for viruses in attachments
 VIRUS_SCAN_ATTACHMENTS = False
 
-GIT_AUTH_BACKEND = "pagure_authorized_keys"
+GIT_AUTH_BACKEND = "pagure"
+
 HTTP_REPO_ACCESS_GITOLITE = None
 
+SSH_KEYS_USERNAME_EXPECT = "git"
+
 SSH_COMMAND_NON_REPOSPANNER = ([
     "/usr/bin/%(cmd)s",
     "/srv/gitolite/repositories/%(reponame)s",
@@ -180,7 +183,7 @@ IP_ALLOWED_INTERNAL = ['127.0.0.1', 'localhost', '::1']
 # here what the URL of the eventsource server is, for example:
 # https://ev.pagure.io or https://pagure.io:8080 or whatever you are using
 # (Note: the urls sent to it start with a '/' so no need to add one yourself)
-EVENTSOURCE_SOURCE = None
+EVENTSOURCE_SOURCE = https://ev.opensuse.org
 # Port where the event source server is running (maybe be the same port
 # as the one specified in EVENTSOURCE_SOURCE or a different one if you
 # have something running in front of the server such as apache or stunnel).
@@ -191,7 +194,7 @@ EVENTSOURCE_PORT = 8080
 #EV_STATS_PORT = 8888
 # Web-hook can be turned on or off allowing using them for notifications, or
 # not.
-WEBHOOK = False
+WEBHOOK = True
 
 ### Redis configuration
 # A redis server is required for both the Event-Source server or the web-hook
@@ -264,3 +267,5 @@ REPOSPANNER_REGIONS = {}
 # Path to the plugins configuration file that is used to load plugins. Please
 # look at files/plugins.cfg.sample for a configuration example.
 # PAGURE_PLUGINS_CONFIG = "/etc/pagure/plugins.cfg"
+
+THEME = 'chameleon'
diff --git a/salt/profile/pagure/init.sls b/salt/profile/pagure/init.sls
index 80be2b4..f62565e 100644
--- a/salt/profile/pagure/init.sls
+++ b/salt/profile/pagure/init.sls
@@ -6,6 +6,14 @@ pagure_pgks:
     - pkgs:
       - pagure
       - pagure-web-nginx
+      - pagure-theme-chameleon
+      - pagure-ci
+      - pagure-ev
+      - pagure-loadjson
+      - pagure-logcom
+      - pagure-milters
+      - pagure-mirror
+      - pagure-webhook
 
 pagure_conf:
   file.managed:
@@ -19,8 +27,8 @@ pagure_conf:
 
 pagure_alembic_conf:
   file.managed:
-    - name: /etc/pagure/alembic.cfg
-    - source: salt://profile/pagure/files/alembic.cfg
+    - name: /etc/pagure/alembic.ini
+    - source: salt://profile/pagure/files/alembic.ini
     - template: jinja
     - require_in:
       - service: pagure_web_service