diff --git a/pillar/id/discourse01_infra_opensuse_org.sls b/pillar/id/discourse01_infra_opensuse_org.sls new file mode 100644 index 0000000..00fab09 --- /dev/null +++ b/pillar/id/discourse01_infra_opensuse_org.sls @@ -0,0 +1,18 @@ +grains: + city: nuremberg + country: de + hostusage: + - discourse + roles: [] + reboot_safe: yes + salt_cluster: opensuse + virt_cluster: atreju + + aliases: [] + description: Instance of discourse behind openSUSE Forums + documentation: [] + responsible: + - hellcp + partners: [] + weburls: + - https://forums.opensuse.org diff --git a/pillar/id/pagure01_infra_opensuse_org.sls b/pillar/id/pagure01_infra_opensuse_org.sls new file mode 100644 index 0000000..fd16785 --- /dev/null +++ b/pillar/id/pagure01_infra_opensuse_org.sls @@ -0,0 +1,20 @@ +grains: + city: nuremberg + country: de + hostusage: + - pagure + roles: + - pagure + reboot_safe: yes + salt_cluster: opensuse + virt_cluster: atreju + + aliases: [] + description: Instance of pagure behind openSUSE Code + documentation: [] + responsible: + - hellcp + partners: [] + weburls: + - https://code.opensuse.org + - https://pages.opensuse.org diff --git a/pillar/role/pagure.sls b/pillar/role/pagure.sls new file mode 100644 index 0000000..84acfbf --- /dev/null +++ b/pillar/role/pagure.sls @@ -0,0 +1,52 @@ +include: +{% if salt['grains.get']('include_secrets', True) %} + - secrets.role.pagure +{% endif %} + - role.common.nginx + +profile: + pagure: + database_user: pagure + database_host: 192.168.47.4 + server_list: + - code.opensuse.org + - pagure01.infra.opensuse.org + +nginx: + ng: + servers: + managed: + code.opensuse.org.conf: + config: + - server: + - server_name: code.opensuse.org + - listen: + - 80 + - default_server + - location @pagure: + - proxy_set_header: Host $http_host + - proxy_set_header: X-Real-IP $remote_addr + - proxy_set_header: X-Forwarded-For $proxy_add_x_forwarded_for + - proxy_set_header: X-Forwarded-Proto $scheme + - proxy_pass: http://unix:/srv/gitolite/.pagure_web.sock + - location /: + - try_files: $uri @pagure + - location /releases: + - alias: /srv/www/pagure-releases/ + - autoindex: on + enabled: True + pages.opensuse.org.conf: + config: + - server: + - server_name: pages.opensuse.org + - listen: + - 80 + - location @pagure_docs: + - proxy_set_header: Host $http_host + - proxy_set_header: X-Real-IP $remote_addr + - proxy_set_header: X-Forwarded-For $proxy_add_x_forwarded_for + - proxy_set_header: X-Forwarded-Proto $scheme + - proxy_pass: http://unix:/srv/gitolite/.pagure_docs_web.sock + - location /: + - try_files: $uri @pagure_docs + enabled: True diff --git a/pillar/secrets/role/pagure.sls b/pillar/secrets/role/pagure.sls new file mode 100644 index 0000000..e62def5 --- /dev/null +++ b/pillar/secrets/role/pagure.sls @@ -0,0 +1,279 @@ +#!yaml|gpg + +profile: + pagure: + secret_key: | + -----BEGIN PGP MESSAGE----- + + hQQOA7A9CHm0S6RyEA/8CtiZeYyRPCdl+QmiQiNmtR5d4xdoYAW+OtWkWD1RJhQT + 7h1DYtrDonce2kaqgW32p8UkRebkYbKLaR1yffEPg8T6RAFPYRvgCAGtNZvfQJ5E + kcKjGDHH4MbLgD1zBvNxdAldbc++ViBWvfssCZG129gzpBgNcKj51dD00V0hLlD5 + sLui27xIzEXDuecq37sfz0Ne0an//SJMQPRQcS62m4NTlk1HiyfRvd0KTZ9tODkS + VGYqIRj6Yof4cKJjLHNs84tZW57ZGoQPwl2+/h+5AfmQBjVNhlW8mYtwVz/S6tVB + aB8vDD5d+f2whRy31pOszK9vjNT+lMwXgW0/4EvWJgVMbMFEwVlht1HXT7ZarnXg + tovJSVv1T+VeT5O5FvV8eyjvjy3rIpBZRVdJmBfoquHmdUesR83NMaG4/smdfMfc + +zSB6q3b3gBPZrL9Cm5vwVaIoqWC/5ELL974uZ+xOO1Xqwf2hsQFChJDKRWIDTPe + a1/rR0GStnWJYhxhv+zIv7NFTB7JHEN2FR/vU9ArZDhhfvLnoBZovldazf15VZsS + MXb7ky60UVX3qwsvgH1ObB0VrAYazGM7qpuv+2h07vfP7Q3SSgzAL3NSPWnY7eX0 + JOKBvkI8fLd7aGyhaB1A6cyKB4XS1II0DxTJCHgud+/BkTHSv6JcYhOJUFEAKO4P + /itjFZVMFg7+mhl89rQQ2KFAJA0hrgnKi2YeJL/Hq6qb/KHKYb5Sl29E3nGdp0bU + k8psH8vTmrC/ZzLZsbxz3v5Uc0udByhMrg/TjVtNdL+sz31V8BoKihqnZYVmjCt+ + +fGG1Vs5gxb6dMz+gYnuOQn8lN1wmCMQM5AHrkGUu7KQM3KJJP7PIJWIqbhPy4io + w1UFMxhNvyHoeIDPoVr+6EP/YsmL940+Q0QSBDeg95KJxmYNsIRg3fJ5suC/Eeir + 16oe9Ntb9rP3WgtC9K8nmMxqms70EVAZw1sn6FO0XMl6uNVuyFfQIAKFIUcjh7LH + ayV6BkH9DW0JeMH98yAKAXkkf3pgtEWWjGXlkuTdbT2HLGXg0yYZOk3bSIYfyob2 + O7d0omYUIeMLcnVMFxAZdCL1SF4NoHD8wyt75ebsb2hibk5T4KczUyXoGtogQR7Q + uwMrxHxwXIc/qmJQRE3d/dbBrsDYOSTYRd2On/njkFpCJPYyXJY/gBgltBi+613Q + 8+q0AQV8rcweQjRND8/6ebGp2sOhjxGKd3soZ8tt8F5oZbaRnpPO4X1e7bmvtu0X + eC3M0I+Um7sOzUaHWBZEeU6/DuqkjQmUezw/r+M8jKnrwN1bQqmEqTPxc5TsK2OD + 266H8DwtVPhI3N57P1RV+rvAqkz9QIbQOUFIU8VIvpolhQIMA8amgupjyC8cAQ/9 + FtGWu7AZ/B/ttKzQFC4gcfvT7HbCB5z3KYmBawV+smoNeoPO8ECJJIE6D7neCE1m + Zy4uGtZi+RoyAma8V981BUQsCctXkWGuQclJ6fI9koYtpKC4TazQ9gWbY5wbpNxf + 2ZVZKVX8O5ddefhI5dXxVbZ6ZISOR1VNreH1ja2dl0GxoD9QFqA9qleR4cC/Fdus + TLPwR/j/2+3kK8TalfhKLvA8T7p0P1ZnIUtx7WQVjTV9eaCzcrMgBTjAMXzsns+/ + L50yIScHFdu0tfrDDEEtCWFlmSApANZKzQE3hMnq+Ihv8DmWgjVGtmfVy/YJhgHl + R2UFZ0AkJyJVg/lH7RZIUsPpqGGifOg/0VN6gt76TVT3di2jwXJ2gsC/Umrc1D91 + 3F+Y6pLmLdm19ibdLJxAAFGlPHVdbK00uQd/L0geQQSiPUMpaXdF02zeQjFcjTdT + jZf1YiWaq1aTsSDKimh2iBWNvaJ+KtaOSpgvAALVGmQz1NLnTZj2jGtEqMWiWhnM + dLGI4mH6oCDfrJcpxeFFRruzER9pqIFVrJyb4N7cs7QyGmXcfmQ5Sp0v4wRDKo/S + 3B/+yNiRJRXItB8F2ajZ40uXhXBmXxpIQAIQb6x0Tz1IgZOaejaajU1ns4e0SRaW + Fq0Zd/G1ynd5hGul20chDf4/FKVwL7qjrqiUecf5K+SFAQ4DslgfDDfB4G8QA/93 + dZ3i35P3Fvck99aKp948PBrtX47NzVp65Q2WSgn2AQyGqWeHnRYUgjQmPDh3/SkO + OIgDT4ZgbJP4mLjlAJBFSJ3LCwcYXeXGL2paCvUadyA28Srzh1S9uR0R+NM3HZYS + lTYbNrYLBWFazw0LTGB89HxisCxf9ImaviOZ6rj/JwP/a/JJUnDCaa4IM5GHj7ii + dYbntMPWHVZOCvXXjJnN3VZ5BUeyY8XppkcBm3O3W1Hg+UuRkfIZHunwzXYisjcu + G9WXx0F+Epnf8PgHwuOfJqSxw91tT8GEI5F6CjETQcKH3ANzfr9+OEfCZ/GDsuii + JSsJ/TbOoyufxWEgPcqgpUyFAg4DiLcKbyvsTOYQB/9DdHe3nT/hEQFaUCMj2FLl + qdpDKcANgmz40cnKcqaClm0+L12KMEmgSCUxzf5n9uTIyfAjiYN/MJRW9kYTX+oi + vurzpC4Du3+vxIuOehQrt5LrIZrsnldlRlKdL+gSjM29EADOiSOaNhBzWfnUSIN2 + 8Jce6hgB5lnUX1Iiz9Ir6fk9PqoiRfEO+ry6uVXec3BIQAgjGdS1xu9+hgkQ28d2 + ZD8I/ULv7qt2qJrRkY9l0V0KJgjkROiSOwF5XlsJMebz1eEtd1ebIDikglKKhYUh + q5xEcPd4t/7Y2yhwKGanyJCEBFs/Slb9mJK+1vTTZnas5efkR8H3gALYXLITiceG + B/4wPd1O9SdiXBG2XQ0lUT6o/O0QLEhyFvye9DEpwQT8Vj0RYmR5hTgxNhZjfEka + uHfpZB4ylw9Gm6eAFZDbqER1iOiVwEmhW8IXvBzgqx1a6RtMfOOwt8JLeU1LD3cU + Pp2oKHHUMvUIF4rfikOHR2jAeYmQXH+Hv7XhIBuB4j8xOe2svrDQBPVIZZ2iPOsl + 6ZlHqS3g3nxJMX+mTu1DbY1dfxM1d/+VE7fHffuNBc7MYym4n8WWvpe3YzA9hKVN + O2Adia61tzbvAgOSNSIuKaIiRnhKLvFr757l9DM5DSVxhZQ2L6BkvgGhElCyn4H8 + ufl4SgK9gAxKBEtEBKtj535nhQIMA1tQWD9t5xGsAQ/9Hxw8GBolYNXuZp3R817c + BArYDdvqg2hWJ+e0ER5W5Byc55riCyZ0jfg0tito3/oZtTuy+ZCiJ2B2XbKnZYUp + 7kmXcn149rhrAYAFlDAC13JPYDwxLDtooXOdMD8iC7ECbuCf07KgyFcQsbDOozRR + 0h3ADEVj0ZgwaitSmJKkjpFiPaIXoYn70f83JWrEjPKvdLkby7i4DWm48mpeL6Jf + hDim5Bi8UiIkKmAzYiTmA6LsKaeyc3YHvHks+jKDT0tUrfoWSfHbN/6bKISj+QM/ + jTX10qwvyMjiGeRRjW1XiW3qQYp8OG6nd+bmZQtQz6YlljynrlJ8yS2wxVGLMN04 + mbSAfY69hYn7RPyPyZAD6QaRBO3t9uIWK1J7nK1nkqUVhSEvLRSB3md1n4Et7lcQ + OSlizpkH8n889zCLyWu/8Ry/1Yo1yJU2IkcbSDu5Qlmlx1N0vZR4nU6Omt26uw9R + uols+RXesImai9Vr2XrrwBU/X8vT7w53bBZuJJ2ih3fKLAe7uM674J3CgVa4E1T3 + DnHwnGtci5vzCYS3tHL0mRzJvvKugcPCer4QK/HGU4CMNGaJjX61+vUtSyLoPcWy + ZK/TeTl65Hj9E+eMgPVViibXTPmO1KPzmoLWwj4nmV4IzZcyky436nOf9rMKdQBk + 4l5IcNXTMVwRK9FtLBikXOOFAgwDcaIHBQt0xN0BD/9VMJmdaG/qqv/YfutjS3mQ + 5DSpPxDJe5+cItcWIeEM7bXyjHhmU6OtwemdvnWBiPO49ueSoWlYLo0yExNhjWl3 + ZViDZ9pFDYCENdbwQSoQ583x+8HLWsq4LEFPgHcJZc/ujpZTQe7mFJpENTh/AY+C + umScWTFpAvDlsI4jChNoXEJ7U4Ps+BqH3RfrjcGKAEh/00y8SFNWSRVfluGogYNl + d4J1ovo0aQvQUsyC7V1BFFQwdQ8bhMdIj/OMDBi+Sg3Xp4K2gAkL5SRM4pGs8bkM + p0pamJzMLLmxqIZpC8kyB//h9fT83v5cMyp7GghGZf4vrTX5JiaC4IEVHq3Op8Ha + lbpTmTlA5+gERTKWlVz0FRDUeDH2U4/vPo5g9H6HAINl5ZoGyU5uOrvTjcEx26M2 + VEzBX3XxCfc+k6T/mXONSOo3JGv37HSyVULa9xD/EwBI+cNk1NxERCjwQjVgzKeW + LG9MhdEMG1VZiP8iNbNGjQQ17HAS2L7EoQJj7MYiXkg3rL+s9nuaXLkimctBNf9G + MPf+iUblzuvva43gCdkvY9P9Qrmz+W29UUAwbf+dy2Yp5I4dShLh2UnCg8F3xskN + cXiLqLn16SPV3Ye0kFe57JuBnHyXqGVBUlkVN/wWGuaakGm9Db1LZ3LBN4TuYWns + opr4sBIu/x/ouILVpwhrDoUCDAOs8M4KG6xpkQEP/3ilyBTG2f0f4JgKe++BLffg + rRmgQaOJRt+r0KyHwbX0jxIp/sIuIL0eXhVqymgeFxlLJ53Gc4GaiAGXevU+4Ihl + Yq75UQVCIK7Hc5GAEgoV+MeLtOn3+PeFOJJoU8i4mtn3oudspj+hY1vG01LrGHxe + EKxiGbejm0lpDXRmRJU80BLUqUOcSdkLVWC/lRuj68qKdNJ9ymGnhoL64copdXXj + taDpwZ8yNKydfKYRKJ1H3yI4xYU0elpw98xM96T04evzy2hV3MskjzeVNeqGbuQs + XetgsOHIuiXc/66OHOZ/wgGfwI2i6k2pbicNCafdkHI7JYbJ7a1zwEDgxnMK+Jc7 + TBc2TuckVCXmE4y8B+BigpQvy2iQyvWHeov9assdcqDbgwO5p0ErM4dRExNEUFBC + AN/OgK6TOJnQUW/pQs4HzbkS1MJHkVUgIcMbIhMflJMGE4NLvjblKEejICMa9r3L + AoB1t7efwDXnN5Pm/D8yvdMSB7r03n9plT+Bx2Hf8WhSxCOCNoNQHDx9Q2C43I0k + n1TKbFBNcdTyHx3JaarOk/lYMinvXkOSgFkqlK2xd85ZRDdmOiH1/beOMefIQT31 + 64cr1GPWU7v6HjQ+oS7GX9qkfD55o+M5XFRmZodsGaKLxnOaCmI2AeoE8Q8Z5qsv + X18ly1wWg1ovpEEaY+Ci0lsBK3rPsgKh8PugUn2i4TZATiwlIxAxsWeQ/VSAi8bZ + gvEwm1SLnRKea9h4n5Shb5QhLJD+MQP8pdbOnWhJUQoBNz+kl+wsMlWEjMPuSomy + JsX9XYzExIEsdHXK + =vCKm + -----END PGP MESSAGE----- + salt_email: | + -----BEGIN PGP MESSAGE----- + + hQQOA7A9CHm0S6RyEA/+NtWOfR0n7KoJD4s25LIDmGaXrd+cY/uDXNQjeHt1nwMm + l57v14HEDBAUNmqhy7rot+rL4l0ZrZ5IbJso+aeJBzwU50cL9sHaK68Ur24H8Bsu + UXXBQjJX5ozYF/+e0odXjcBXiaxRQS34sH7cjoT+zmeo0JYqWPrlyeOLv+zXvVdT + Xuw1b15UMJQiZSLjgmeyRon4XxqxgDD9EIqwYBDqnEHr/JTXrkOB1Y/YbusYEqsI + L3C6U4vj42Ii6YG1niKN9KnrvrRoUQ5UuH/ctC8Q9f+yOfuPf5cmFryBVaCgtR/N + Ot0gym0pL9smxoMhyFb0vWuN2rY+d2QTALAsSHlbDTY/+0n0pUDHe9tl30ANXmNf + CQnhpALK1jevmIe2QqflTONnWsDg0NjYrD+vhStXBV05eMxcOR7wvcyEyXg0Vp25 + srKq/eBHOw8VNnyWDDeFp0gtXjhGJhBwd7hvMHwUJv/FeiGpG+MdMay+Y9EYCR98 + 8tGamU8oZCt25zyZpmY9k4nVMFQKBEUQZvNE4UQTkq3ULxyc1ioUvJ/rFUPNNAio + PVsjcd9dbrvfHw82pM7Tucfff8YqiNUKcWnMmthbF7qI1EOYYBUjyXUmBAfh60VF + Z/7RKCTVfuyZkGgwUKx1HVyrRtrXCmHaWuU7TJioFbJ0r7vfRP8O9hVUWIrfwrwP + /RaaYUNNHnmCZkZz9V1hrVK4FtdAYkRrEKFltbj0lhBZxHjtLA7qhU+W7xtgZ9hs + UQzF6tUUbmWihDu0TFTgl8f6VDnDNMXoQ8MJ8dtGqtQ8i+3X9mi18C4p2foI6Zyf + CZpNMorM4TEEtAP0AIyxOdT3FYnwx9OfRE/iYA1SujVXXasnhEoppi/GNmhKJKpl + AvhDBxfxDGu/AQWkyM6yVwOSwJNcqoxDF/+FR7S7LaAH65GzjJBFdKDFrQMigUwv + eK5lykSRZK34FVXbeOzC2DZvhyV3vi/gahLgXbHx7Igx+kNLSWnp2E5QFn0Nwdee + Qe5oLaBK3zNB0/iNxRFv65EwgGxY3kr8ubZYIuJpKc+CGmhnPj4y0yXz0/1sMWBI + plrD9Jr7RvBKkC5dnCWTTHrIeYDNPfjF7zcu6eDMPiUGoc+BxVyToPZpoTh7fhe1 + 0hyrgLavxGM+YNSFcaB3Hs8cf5GaMIoPjic352cIMis38CN/HxwCb1mbp9xeZtmO + KYhE6FG5nY/1GqG17xhfOByGqZxkGTR5ChUFHQh+RgbvuKV5upuypYdbB05UbzCE + tC1sWiajXzu9NvTQR5mP6b3wQW44sL16eowgc8dy1psmxZMz3O0ccjjf+QXxWcQU + jplsCM/8KaujBHnWhDNeOf69kj1gdcXMvNO2+lzDpXR6hQIMA8amgupjyC8cAQ/+ + IU6S0Ej7HhgJsnMUGtSrw2w5qCG65NmtVCDXeaK/6VHBEJjC5ZyQZPWFKHRh8Ii+ + oyQCsYkq07oXUhk0msKTHPYeIAviwRCxmLhhaeFimARJdsYtp79v9CSPczc7XTjS + gBIYi2CorWDdEESd1ROdun9tBmxUfEQ3BQrXdACG/RopUmPi4x7HGpK+6LaGLjS5 + ZcW4zlypMkTcsLqfuGmlqgIvzOraR/9UNfsMFSfJYhgYAabqDFlGm6XnlYLKUluT + ORYWZEgi9kMg9ucc7IsxiroIldqvCc6qa9eIbcbPmGN5zQ19p9hw3VGIUIadjj3I + dauynmvEMe0bCirIrdM6VeA7XoCL550NUi8+lGikbEAO3RoaLB0OPqO0a/zQuqxs + 4X2DtCPLrbCHu++g3DNX8afhMul0KmHmMBAYKwyeAOu4nNdzp0K3ygrSvX4qQEDX + oDsyDpJoEs2MhH5NyaB+KMiCN8pu5cDYmyd6xGxbjavt8dn5wSUzeGIAMTbbAmuz + h3QJBglesHrKJ+KsDonV9sHlgTkBZC/4+fS6t46Tqd02T/8w++nFtER7ss4HeJ71 + O9l9AmCqeFje+YPcxirxpYjlKnVVaNcjTkSHlOCT1rmksGocczyxS0vPxZ2a8bKT + egTqcCtZ0xyGZevbycMHHPc+5ikdeXpBcY2DJpbRxbCFAQ4DslgfDDfB4G8QBACI + DMjnfMN+NtCiaTdMGr40aNrsA6mOk2hH2ruDWm2OromziutfHyTEAtNIWL4/qK7C + pfNN4C3KtzRk6dP+vlr+uTUTmjzqGR3yjz7XsQ4u7P33AAzXoHFrQjdpoakLW5dy + v/xDnq0Xkbg7i058X7HWslY2vA4XTJ7RkujTU4/otwP8CuBMXtYn/UURs7dMN2lF + 7VAn4uQBKzEcqd9rvyAfLqJBxcHZzJ202rYHEl0a+7zS8QYYeR7pXtgmFhP2cpnH + 9/dN3d4AxOrFTASzUcwyCCx91oXFQoGM5tuFKigMeKf/Gdge5t0cAV93kwcAFeB4 + 8IyMttQ5IAk+wI1CxrIhFoSFAg4DiLcKbyvsTOYQCACsBE+Lt0LvMlcsWto7hv5z + Eqk+bgorCnfQItgmVoFlgWzLaHwtkK3BK/+qDKsKr2tv75+YhZg6c2X1ujVqXsHc + zZXV5toMmdRjZEBz6JiX8EpCA7zP9W3facyaet3I02awccXGbIRnHmp0H01aDJKo + 86Ah+Qie8oxKAGOVhOnksdjzfGoZbHjJGsDHoR/gz4bnT0V8RLm7szTfMUzsJ82t + TWJ3tf6tHsQHU1PxdelHY/2jm9vWBGj2KOrgIW3C2OmOrnMKVlWIoRZgbs+UxhlJ + H6IiFuOQoBCOeTw5DJqP+dqsvE8QPC2V+a3ibtaNMxuvo2J9HIadVvHaWzPcXQPJ + B/0VA+D1hDqMXTRVgn+armwqtNQusDZY4ucX54dHgxDwapEUQQiS+45Wd5ZWXyhi + aSEW+Z9noYXc+dp10aLYLSO1EXlmJjQUXN1Ezp89LrGdMykUGMrpnS6W87XEMCej + s48kgcxKvEaZ5685yJlQFXROUXH8N2E8LJWfVNszSIiGoFpNEIUgBNgyUXJBZbGC + YHN8FYyRCK/H6nuEm+xmeXeyKLOWjfLT1mehALZyCPUGQk7kgvcnlYx147V+jDI/ + 48Ajx20mEgyX/gu4DaBWQor/56ee3oHxM2aEP9TJ51GCpQlDptLYCsOMBOYF9xIJ + 85+nFpLZzOZXHQcknbXhh3h2hQIMA1tQWD9t5xGsAQ/+K6r7u/02leKJaqCX8twg + QCG1KLP7Jl21RFgH6DspNlApeJuf6FY9WjjIBJN0i6YoiOrRRkx5pUG5AGuQwssE + iTRPEcP3u/Euh+Z/XlSz/UJF9Vr18FSZos1UHekRluIDFFSY/RPMWVL0brz8mt4K + m4HvtkghHzxEFZrlOHhBC4bOi1HtNUj4tnW35QvDio+doy6qWcKcrPpkW6E3MiWC + wPKgkuzWwhICuLhUxsnfIlXrP2LVM/cI9EPlTMiIL2az93QGZ1C5JCKIHUIvPOrS + ZwV3uBjSeBAWq+Wid6vfQahp1uR9OXdpnVdPDkekwjml7TS85BaJ9/zF5GUVnqK6 + TJIP1aXOBNhOFvVy6vwBBNB62rvxhkIcSXeeZKr56F5SKy561U1yAP4pNi/hIe3H + jjHWdFI9iUTJubwD0boEDXkShN+2o6FlC3wXWItE4Nx+amnvEYIituH//J8y7qE0 + UZzufXnCuM7a8V1xfMyrCYjacldQSeoAQnNvLls54eQ8uYdanqG2ObD+J7lgOys9 + dj8hPvyzGcar5B4Ke2sHNFxEQLk4Q9AzpDKzLO++wn6jHe+oo8Yo43luFsYA5f3X + +2vv2g9uHdS6jwDvRlo6BxlzhIWkPobCiGCU0ZJJpOSG9InXnmj8cT+CSBsXKUYC + K9sdonb1kn7lUzT2IBv1H72FAgwDcaIHBQt0xN0BEACM4VFDJn4rCkNdSaRNrHHh + BZVQUs1xwSpe1KMlc83YDf3JgK5NBiag2wfs9FoJqsDxIcSoF7Ylb+9UvCdOZWL2 + CUWVPkh0AwLJkYjM6Wk4Vv2ReUz92CkFTjlpDfKLSLuXDV6lFkwOXTUzjVCF6oKt + NTvzgBkIaQayZuOt/TTk5YbL1c/ND32WEeThw49W46mx+/2eVLRH8KmUv4MacZ5n + EmbYqmKGh+JX7XD/tsm+aNGCIfBecy0VxobS08amOOygpgzk+pVPe8YfEFImBFg5 + cZhcn4n6GChuL9w4Seh3VwFycT+Ztj8StJlJsiB0kWxVT68tmg0eb0L3zp1Dd5tp + 9Jdnl3PT6B6/vqsFYcHbYMGdx73proMqVbPITKBMKLi1F6tTG6hv1tmbEPGy+Q0U + +sNA+s8aT2Z9H/a8wBIxzEwA5ZjzUAOKtxAa2/tUZ93ri0mPfCUPuC0yaajbN5pP + 0NlDgjIqr/xUK9Wd2gKgHtIRNTZVHxKcPjuaxTtAGx2w7iraCwoj/pjF12gefibj + m/5ZWXzgoe9UIvZ/ofEkeZ2JGf1J57/tJG/0jBXR41R8LQYOtZD54rOAm6XwqqWY + FIg6/w3gmL6Q5A3chtkys79OAkwBnzTqeakFqb7y34hrHmupXTL4WyWSRfydpDgP + T5I3A+py7KgshhpMPPMVmoUCDAOs8M4KG6xpkQEP/2TmonVELiwBbAIR1QUZrXbd + TfWh7ZSV7Q9QttXVJ2vrKy+Wh4V580NML0j8mNHhFr8bJ+maABHZ5/V+dbaePjDV + 3jriulVzYjXiYR/5YWAJhPJw07lW2iB0uXygkzlAXG2MpmfCvcCuUIOwLS12Mz+n + sGlYHsOZfRaKWjbWSbrnvCPSJ2ewTXAl5xA0sjhBg9BcvSQxXnlG/4OHyvzo4h7Z + 7jR+6mzCCnFYCLm8XKFOHrM/uzr1ulQ8Xn8Rx7AxWHN0g6v9073uRjvqRRY0YISr + 9ZeYKiMWskHmoPBFP0fpxTyCEyaU5lxQ1OBPxipGoXltBFd/3PdYxbg3GA9ON8iq + mnrydbdOMuDdLYJWZwPDYwwLjlDTvPZvtAgAQ1IWvMV/WSMh2HZPJV8BG4bY1XY6 + 4X61SDNFuCAeQWSSgfFiz48/tlzMkVRATiFbB2VK3p4/c3nUwcTJHW1pe778yhLL + txWu0CGDhgSVJyxds4eimDNEpS3s+G89uXD44DlhBl/73QjJ4LA7z9+S9OwMekfT + G3Jz8bfy93OqYz9KUQBvKTXQyzJAl5x+LEqXLvlknSoIDptppzwY2DHFs5IitjAo + d9hyvgIHpwFn2a3gCOeuus4mDR44PQeqjxDA+0ZJ8T4wSjJ02TSehm+SsHsWCL8V + ksXNqHy+M0HFJvBTHbUT0lsBmrADCC2aRe1uf7NdsBHvqGmifeKn4bMYMtwB9o5D + eJWH+SfcsPNp1FnJXlY0gtnUP74j3eBEumguJYmDn+DB4l/7KUPv7Vpx2Tttl7qL + OV+7vf4hGlSarOWe + =FyM5 + -----END PGP MESSAGE----- + + +postgres: + users: + pagure: + password: | + -----BEGIN PGP MESSAGE----- + + hQQOA7A9CHm0S6RyEA/+IiaolPWDJuObgVfSIoyXa2/raWoeXERQVItqrMHOKZIk + eUGV0fTCVNbP9RH4Ok4D/bFG/OAUaXkX7TBDFRm6JJ1fowrNuZ8F/dIWDv76eBYW + D1kioTYC3WcJpkfz73zc2p61zx4sIA3hqoodi3n9znWTgfVvSuZ3duT+Ok8y8rRQ + qPaLNPyDmVVOJDG/KMkit/UMcVeccgaZCh3aBW0ujNXRt2xOKIc7BxuL0erclIaM + gZXQYhMd/DeQ5oy/iTLBOWdsMxsT05MM43ZrGdsTjRn2C4kHTRVmeyPq5cewjZmO + zwIN/RtCqA3Hj4OeNrhmRPeeNOIgQGAn6+UFG+7i1VudPk2bfmUCmhUEvkD7uQoc + Thk/PWblIXvvhsZrXxpMQB08iBFnSYZSyDUgj1tkvFhStagB2z56/9z7BfiEsznq + tMXxrnsTFAgc+LLqUeTk/9ZGcee0SXO50djeXIZrHFvGifoU/C8TKW4paJPNSqaP + I7CuB/hhXYEc+5kpDipxGSXWbyn2cWxk6m8SdgLE0TXWYzIS0VT0MhB50TLhP5A7 + 3AJB6g8pUv7uEth5inggNyVgNer/6mQ4HVafFg7rk8JVHuZjucLf2Sn5209SODg7 + kq/vsu6LN6GayZYlMon4GdD/7SJYNZqCj8Wk7yGyYUIYbxdusgXzQLkRyxKQh9YP + +QHbosXb2nw7uZ7wyheJVu7AfNsYHGVxDJSwR/rJcjm/bhQSn6PchXWwu0bAhM0j + P0qJp153O0OYh1x1T8QRyMyqzy4bOfRE5BKPZvw3dnMW4kD1kbirRTpyStrlSwxg + +vY579iuDYHvH+Rl++RuqO5DmxfCrwLo2zQxoGKjjKHDAfTyeUvFTmPJcRHqRJpj + 5Syf+kam9w7N9lHH1vOiII69pUgB5ilCA+XGDpLyBsYMby3LaqJXXx0p4kpNfHrX + 3QxiXpJ8bpJctGxLMA6497OMEYDt+zR4T9pSobC22iNw5X8kPLoOWazepUis4gYp + 4g32L0dJuOwsUiLn1xS0tfBBj8pyc/345Bq3Hcvj4FHYBBD/z4tQ5znojPQ+naws + EDDl+DDoR3tznEuuCR6coExZgCqjELtsh9Ug+oN4mp9WTPdYia9OUUlrPBAvrRUw + JJHhwECz5i0TEET2cTh6nFoI8wLNh32GcXvK7usX/5ef+Y7WsgDIAvq6WuKNO7Js + L0ReL9z7UQ7fn3wB4P2IUei6kgraxZuT/P+HNyso86PABSCR2jUA+uM4HBS2NTH6 + oeyz9snDr5shfG8qAp6dePAXlDQLAVV/LMqtvL3fZISnDWgATVm++XVbXTWpaxJI + 8ehYhx4DVGQDklbYwsXNGglyMX+Xh4OvM5G5kLE8sCfihQIMA8amgupjyC8cARAA + z/iUEQ48S5Fq9quKqyEXlnwncMEL+lL6wT64W/zBqL8edNuHb/DKbT/airW1ERdQ + bFo5I611m9Prl+1EJfG88w0JmB9woXOEz334yqlt1yOuvw2ykkqylSxIs16Je/oQ + w0hplTZPPYlXP7dk5dcTPWFGCfK+xUBcInFRCtSmR9Qt5dyaWMl2/aetMFRHp89l + JOgtgIFakJcOm1a6kZy/1FLVDFA49P4/5i4cRN3oJjkzmVumQhaWQjzJhuOiNFgO + AejtGyfj09GiKf6XMbJDJ5m3JDqkTvE7qmJ38V5Q5e2kimGONy7KzzTCSra6htqg + sHabnMDftfOjFIdv64uM9m30CcO+tAZ36MltrgjhC2b4ClgXdnb2EpHzY0BLmrXU + A2VuG0eNF14Nbqxf0fXvD117IXcZRYgmc4BqHIVaviD4Kq+Rsu3zQAujj3Lps8Rb + cxElMeOaWcx2oqTYNyo1jHX9uGAOlDL2GaZ10xDiSa28Zk3wnepQDTIy2fzEmqP2 + wCKpob/xYIWZ2lgkD7CFScfWoUyp9IrbrEzlHa3KbBjJXSL4YdKbIHVmZrVAd0jT + 8UPKRm9Vs3AjvRDGHNj1375rajs2I3SD2u5DWc8KIMURroEvD2Yh9LV/S76cRNbc + bMrnDH6HUqUseDcPYq7yDaUe5gFPOrTjqPKDqYJt9MeFAQ4DslgfDDfB4G8QA/wJ + avaJrzfKVVUp31WuSjKbOIUw5LZo/nzWinSItelABBMbKA/0XM0SSUnjo7uK/tQV + +EtNVaCASx9HzclW+tDiy+JqZvH0E6eGa7G7XOWk1m4MKaDW3bkC5nkgLqIpY0gl + KsT+xXSX+ZeVVTsM4nHtKvYBvpYQQgtkkQqn1NGIEwP+IjuwiH163FCtv3Hu6WpP + 2aTvqgJUA0DxUBUhmp3W5BWfrBxlcvT4M1ieeLfNzFNj00wnAw/AtoalyXuXo4ny + moNx4geBZGGQ6pvNW95DDNkvFKOUgZGLv3I0bQReB8qAXYWVEOYShH0ZkVCR+N9h + tTqJ6AoDfKWuR3lqSUYgwN2FAg4DiLcKbyvsTOYQB/9JehHS1fLSn2ODbJk+cOzP + qeYs1B41WN4UTvu+uRYkc04hVc+B6fW1ND6VoXYPLKZhsaLq5VPQ2vU7YgBMsYJJ + +uP879glhRNJ9mBfikBz0WgnVLSPVmixmrRjcd3QnnQ8m/8AcnKjF2NJyIczUyI1 + unQ5TiYgNd5uluc64JErkLpAWqRkg7m9p/FEIEDCjHP09Z17+vDwZx8iHHvfrFBA + hUlZtL4TOhwkui5bJz6eNbTW7WaWmLnYNUjz+TOiAWDXCCn7I3YN/60uiMGq4E8S + kG2Nrb60tU96T9JE+r7mHPTlPw50h4DI4kzyl0x2e81IPg+36+AmCcGUY25M/m7c + B/0aNKWzGvBbCalgxy4rr3yc45INt9IIYjJgQc3GXa0wPnfy1KVdxiKi8FvGulAu + 5AtCWwz0uxuTpn+Ja2HwdUkNWFxENOyHXvH82NtqD1CBlmvTaLKbaftVcF4Br3rv + LnWR2/v7dnlXgCHQ30hoVr3+oKg5Ih2tx59Y3id3DUzCTXI5ZAXkqO3+p7YHD/l+ + RMoXk2dP1TIcBEP5z26ZBjVZY2syy4AEZbKgKGd6SakPdpDiP6fPZ9UVx9hVHf28 + WtKe9+AddVj9mu4w9iChEdETzORIozQPRj/6Uj+/PbP4rYqX/9AxO6dUZ69d4DnX + whtFGbjQEq5M5ZO2CK4agPuEhQIMA1tQWD9t5xGsARAAkFwbiRCpIMrdHjqmsEWb + mIOoShwO4QJJud+ry38XOOD0mVR1xAuq0Zh3ZANUdvlM8/124WhGP3TWHlGFmajR + jEpVxhhpp/XzBX/+PxPgni5hPxz6XFMOQTmyFACWapMrSvdzWCEN68VxPNT3zrSB + qnu4e8CzemIZm13+fwuhJ04foIUH8yL6Xgk6ZXwtzeymx70lkonTptcKQo8IJ8CW + OhZW3IuLoiYeEjjv7k6y1+OmqvEih9+6eU1tcl9uGn08zld+mSHCao6Ua7YSJwk7 + rKGnMcRzNek5/J865eNOil/Y3WFxeExRJPBJeEkU76Epf+k779MnyCh2gEzW6LW9 + Ou2Lze1Dwwgehnu1MWrCLiqSdZXaWY6wBMCbxJPo+40d5QwrUfR6JBMSRj7stm3G + PjGVFeA8mHkyLyRGpK0d4MnXMIR7ye1Av+ye2MctNKHj2mPHjZfAcOElXxpNkSbj + kK2PKvmFT/vIcFkcsstDfn/DSgozIw63Stl8yN9soHEWuAWEsXGmUemPDfHo11JI + hGKKC7TSJwjbhMA8hHPT7wVhjaeZCvteADQNPOFQ4I4YB5GQHZNIbtstF6VDcF2D + 7lA7pI+V0W/rDgIHItK8tKqPo2Qcsd8A98GMlcbImeOzTdpWfAF822tPs1cTFgHD + 3trfBY29897XSRfVTXo5vOCFAgwDcaIHBQt0xN0BD/wJEyxg6rITooDFq5NH4xcB + 4xNPGKba6n9HdghDz7HxHuNBbgJyBxWPEZOaBfeIcoFfb5lbCMlE8fqsi2R1WawT + 4/DnHWzZNbZ1XNFF9PdSCrn0bA6vaPGHk+r6Q1YGJjX79x4mkLtNULQWi8Xhrq/I + 4sLDVyOkJ/AdbQ1Evki49zMDxHCAoWP05CyL9hWfrI2m4n5XBBSaPh1hPK8wb5fL + HGMmtTpiF3J6tH29hwhrqF/L8clSO88i4et03yxZWjUBLM8UhI2QHz8m5Ith8E3V + zELEbeI4K2CNe/4pC7STCl6tdnYRdJw1DWwmB+GwyGLCyUS90CSC/8yPr9TaGUs3 + ZNVD/WHkv46s+qIoPi46Vzz71SSNqmEHBWaHKjw98EwnUN/HPCGoc9qGIshx5vLK + vibANnC+YufK36365awTtTRErpiVVgHol59a22xgj940HH39/xLtXnLoj7fEIj/2 + 8xDYiErnaBYKd7Zu2hFk49+s1Q5VOeXryPXmsDD16HgwfKF8gkanK4PVS9b3CLJh + oIT9/AZcznjPM7VKuhjW2G4owgG/6y3RUDaNxVFxXLnXHmt8ohc20HMSVAAPxVjR + DKfQ6Pva862wqh0k8BDAyXVab2ytRUdQ8RBuq70rI4Og4rTPyy3jA9bB6sYd+Ae2 + H/PB3YPdyn4f3msS6gK3jYUCDAOs8M4KG6xpkQEQALY9Io6qUtCldghOJA9NMtlH + 409pgUjyJANd2K591cDNyaCj1s7vzNdUOVrgE/QqUkmH1Wceazzr8HM1RgF1SWHK + vwbmGfDzKotqoKTiDPEhi94yZGAp7+dLC4JqXyWfkTlCKgoRULOr4NKEsb/EPXD6 + fBsU1TlaZ+ELRNfnnpxgI9NHxYOsbJ2YVUIg5b36IUUXOqqarPXH56p1+p8UvZEH + mZGlYeBdesRZNQOdGpye59wW6oiyukqUOroGpxg65/CnbohUelXBjv736fvYAbsU + e4cXFcq0LSkqkUSX6UWy8mewcQNus48PSYXvccvaoqhtFpIr1VX6vqxKHqzykfsu + e5kf/RKKvq4tcjkp//mlQDeI2VGcwG43r9l6O3Bct8kWWZV6ZGH22Ga8fAmoj5kI + eUmtfENfKxovzBJ8O00WvBzVAS3HvzrB4qfPiCYzkN0RaGO4wiS6PZp/Z+trhkDX + gBFksDo/Y3bdRDz/KjTA1N2RtuIjGE9r/PcUcVItGwlhuV9AdCohjLdlpoEjJO6n + qKquxb8bS++QpIqoHqPXJEe68hgQchi7T0my1IY/COrf9bgo0D6oLGCEoc8z++ah + BmmnUYJtq/+WSVQ+3gE7XMghOMNe6qfq2deUhK0ftVyu55orIs4i7ojtEMX3QkET + r4CsUbcBNS8eX1T/9vRM0lsBSR7m5KcNN6RbuY3H32Scd1L30baCHKD0FDLogVW0 + CWjG+YgRK+qYK/1uAwrzteCgfpr5Csn5qEnxtCmX/3zqj1Y7r8TXAJHOUlLC2u11 + mQUfWkeLnLUb+JH0 + =kt7s + -----END PGP MESSAGE----- diff --git a/salt/profile/pagure/files/alembic.ini b/salt/profile/pagure/files/alembic.ini new file mode 100644 index 0000000..6d4bac2 --- /dev/null +++ b/salt/profile/pagure/files/alembic.ini @@ -0,0 +1,60 @@ +# A generic, single database configuration. + +[alembic] +# path to migration scripts +script_location = /usr/share/pagure/alembic + +# template used to generate migration files +# file_template = %%(rev)s_%%(slug)s + +# max length of characters to apply to the +# "slug" field +#truncate_slug_length = 40 + +# set to 'true' to run the environment during +# the 'revision' command, regardless of autogenerate +# revision_environment = false + +# set to 'true' to allow .pyc and .pyo files without +# a source .py file to be detected as revisions in the +# versions/ directory +# sourceless = false + +#sqlalchemy.url = driver://user:pass@localhost/dbname +sqlalchemy.url = postgres://{{ pillar['profile']['pagure']['database_user'] }}:{{ pillar['postgres']['users']['pagure']['password'] }}@{{ pillar['profile']['pagure']['database_host'] }}/pagure + + +# Logging configuration +[loggers] +keys = root,sqlalchemy,alembic + +[handlers] +keys = console + +[formatters] +keys = generic + +[logger_root] +level = WARN +handlers = console +qualname = + +[logger_sqlalchemy] +level = WARN +handlers = +qualname = sqlalchemy.engine + +[logger_alembic] +level = INFO +handlers = +qualname = alembic + +[handler_console] +class = StreamHandler +args = (sys.stderr,) +level = NOTSET +formatter = generic + +[formatter_generic] +format = %(levelname)-5.5s [%(name)s] %(message)s +datefmt = %H:%M:%S diff --git a/salt/profile/pagure/files/pagure.cfg b/salt/profile/pagure/files/pagure.cfg new file mode 100644 index 0000000..f17f886 --- /dev/null +++ b/salt/profile/pagure/files/pagure.cfg @@ -0,0 +1,266 @@ +import os +from datetime import timedelta + +### Set the time after which the admin session expires +# There are two sessions on pagure, login that holds for 31 days and +# the session defined here after which an user has to re-login. +# This session is used when accessing all administrative parts of pagure +# (ie: changing a project's or a user's settings) +ADMIN_SESSION_LIFETIME = timedelta(minutes=20) + +# Enable tickets and docs for all repos +ENABLE_TICKETS = True +ENABLE_DOCS = True + +# Enables / Disables private projects +PRIVATE_PROJECTS = True + +### Secret key for the Flask application +SECRET_KEY='{{ pillar['profile']['pagure']['secret_key'] }}' + +### url to the database server: +#DB_URL = 'mysql://user:pass@host/db_name' +#DB_URL = 'postgres://user:pass@host/db_name' +DB_URL = 'postgres://{{ pillar['profile']['pagure']['database_user'] }}:{{ pillar['postgres']['users']['pagure']['password'] }}@{{ pillar['profile']['pagure']['database_host'] }}/pagure' + +### Send FedMsg notifications of events in pagure +FEDMSG_NOTIFICATIONS = False + +### The FAS group in which the admin of pagure are +ADMIN_GROUP = ['sysadmin-main'] + +### Hard-coded list of global admins +PAGURE_ADMIN_USERS = ['hellcp'] + +### Enables sending email using SMTP credentials. +EMAIL_SEND = True + +### The email address to which the flask.log will send the errors (tracebacks) +EMAIL_ERROR = 'root@localhost' + +### SMTP settings +SMTP_SERVER = 'localhost' +SMTP_PORT = 25 +SMTP_SSL = False + +#Specify both for enabling SMTP with auth +SMTP_USERNAME = None +SMTP_PASSWORD = None + +### Information used to sent notifications +FROM_EMAIL = 'pagure@opensuse.org' +DOMAIN_EMAIL_NOTIFICATIONS = 'code.opensuse.org' +SALT_EMAIL = '{{ pillar['profile']['pagure']['salt_email'] }}' + +### Restrict outgoing emails to these domains: +## If set, adding emailaccounts that don't end with these domainnames +## will not be permitted. Mails to already existing emailaccounts +## that are not covered by this list will not get sent. +# ALLOWED_EMAIL_DOMAINS = [ 'localhost.localdomain', 'example.com' ] + +### Disallow remote pull requests +## If set, remote pull requests will be disabled and not available +## anymore as a selection in the PR dropdown menus +DISABLE_REMOTE_PR = False + +### The URL at which the project is available. +APP_URL = 'https://code.opensuse.org/' +### The URL at which the documentation of projects will be available +## This should be in a different domain to avoid XSS issues since we want +## to allow raw html to be displayed (different domain, ie not a sub-domain). +DOC_APP_URL = 'https://pages.opensuse.org' + +### The URL to use to clone git repositories. +GIT_URL_SSH = 'ssh://git@code.opensuse.org/' +GIT_URL_GIT = 'https://code.opensuse.org/' + + +### Folder containing the pagure user SSH authorized keys +SSH_FOLDER = os.path.join( + '/srv', + 'gitolite', + '.ssh' +) + +### Folder containing to the git repos +GIT_FOLDER = os.path.join( + '/srv', + 'gitolite', + 'repositories' +) + +REPOSPANNER_PSEUDO_FOLDER = os.path.join( + '/srv', + 'gitolite', + 'pseudo' +) + +### Folder containing the clones for the remote pull-requests +REMOTE_GIT_FOLDER = os.path.join( + '/srv', + 'gitolite', + 'remotes' +) + +### Whether to enable scanning for viruses in attachments +VIRUS_SCAN_ATTACHMENTS = False + +GIT_AUTH_BACKEND = "pagure_authorized_keys" +HTTP_REPO_ACCESS_GITOLITE = None + +SSH_COMMAND_NON_REPOSPANNER = ([ + "/usr/bin/%(cmd)s", + "/srv/gitolite/repositories/%(reponame)s", +], {"GL_USER": "%(username)s"}) + +### Configuration file for gitolite +GITOLITE_CONFIG = os.path.join( + '/srv', + 'gitolite', + '.gitolite', + 'conf', + 'gitolite.conf' +) + + +### Home folder of the gitolite user +### Folder where to run gl-compile-conf from +GITOLITE_HOME = '/srv/gitolite' + +### Version of gitolite used: 2 or 3? +GITOLITE_VERSION = 3 + +### Folder containing all the public ssh keys for gitolite +GITOLITE_KEYDIR = os.path.join(GITOLITE_HOME, '.gitolite', 'keydir') + +### Path to the gitolite.rc file +GL_RC = None + +### Path to the /bin directory where the gitolite tools can be found +GL_BINDIR = None + + +# SSH Information + +### The ssh certificates of the git server to be provided to the user +### /!\ format is important +# SSH_KEYS = {'RSA': {'fingerprint': '', 'pubkey': ''}} + + + +# Optional configuration + +### Number of items displayed per page +# Used when listing items +ITEM_PER_PAGE = 50 + +### Maximum size of the uploaded content +# Used to limit the size of file attached to a ticket for example +MAX_CONTENT_LENGTH = 4 * 1024 * 1024 # 4 megabytes + +### Lenght for short commits ids or file hex +SHORT_LENGTH = 6 + +### List of blacklisted project names that can conflicts for pagure's URLs +### or other +BLACKLISTED_PROJECTS = [ + 'static', 'pv', 'releases', 'new', 'api', 'settings', + 'logout', 'login', 'users', 'groups', 'projects'] + +### IP addresses allowed to access the internal endpoints +### These endpoints are used by the milter and are security sensitive, thus +### the IP filter +IP_ALLOWED_INTERNAL = ['127.0.0.1', 'localhost', '::1'] + +### EventSource/Web-Hook/Redis configuration +# The eventsource integration is what allows pagure to refresh the content +# on your page when someone else comments on the ticket (and this without +# asking you to reload the page. +# By default it is off, ie: EVENTSOURCE_SOURCE is None, to turn it on, specify +# here what the URL of the eventsource server is, for example: +# https://ev.pagure.io or https://pagure.io:8080 or whatever you are using +# (Note: the urls sent to it start with a '/' so no need to add one yourself) +EVENTSOURCE_SOURCE = None +# Port where the event source server is running (maybe be the same port +# as the one specified in EVENTSOURCE_SOURCE or a different one if you +# have something running in front of the server such as apache or stunnel). +EVENTSOURCE_PORT = 8080 +# If this port is specified, the event source server will run another server +# at this port and will provide information about the number of active +# connections running on the first (main) event source server +#EV_STATS_PORT = 8888 +# Web-hook can be turned on or off allowing using them for notifications, or +# not. +WEBHOOK = False + +### Redis configuration +# A redis server is required for both the Event-Source server or the web-hook +# server. +REDIS_HOST = '0.0.0.0' +REDIS_PORT = 6379 +REDIS_DB = 0 + +# Authentication related configuration option + +### Switch the authentication method +# Specify which authentication method to use. +# Available options: `fas`, `openid`, `oidc`, `local` +# Default: ``local``. +PAGURE_AUTH = 'openid' + +FAS_OPENID_ENDPOINT = 'https://id.opensuse.org/openid' + +# When this is set to True, the session cookie will only be returned to the +# server via ssl (https). If you connect to the server via plain http, the +# cookie will not be sent. This prevents sniffing of the cookie contents. +# This may be set to False when testing your application but should always +# be set to True in production. +# Default: ``True``. +SESSION_COOKIE_SECURE = True + +# The name of the cookie used to store the session id. +# Default: ``.pagure``. +SESSION_COOKIE_NAME = 'pagure' + +# Boolean specifying whether to check the user's IP address when retrieving +# its session. This make things more secure (thus is on by default) but +# under certain setup it might not work (for example is there are proxies +# in front of the application). +CHECK_SESSION_IP = True + +# Used by SESSION_COOKIE_PATH +APPLICATION_ROOT = '/' + +# Allow the backward compatiblity endpoints for the old URLs schema to +# see the commits of a repo. This is only interesting if you pagure instance +# was running since before version 1.3 and if you care about backward +# compatibility in your URLs. +OLD_VIEW_COMMIT_ENABLED = False + +# repoSpanner integration settings +# https://repospanner.org/ +# Whether to create new repositories on repoSpanner by default. +# Either None or a region name. +REPOSPANNER_NEW_REPO = None +# Whether to allow admins to override region selection on creation. +REPOSPANNER_NEW_REPO_ADMIN_OVERRIDE = False +# Whether to create new forks on repoSpanner. +# Either None (no repoSpanner), True (same as origin project) or a region name. +REPOSPANNER_NEW_FORK = True +# Whether to allow an admin to manually migrate an individual project. +REPOSPANNER_ADMIN_MIGRATION = False +# The repoSpanner regions to be used in this Pagure instance. +# Example entry: +# 'default': {'url': 'https://nodea.regiona.repospanner.local:8444', +# 'repo_prefix': 'pagure/', +# 'hook': None, +# 'ca': '', +# 'admin_cert': {'cert': '', +# 'key': ''}, +# 'push_cert': {'cert': '', +# 'key': ''}} +REPOSPANNER_REGIONS = {} + +# Path to the plugins configuration file that is used to load plugins. Please +# look at files/plugins.cfg.sample for a configuration example. +# PAGURE_PLUGINS_CONFIG = "/etc/pagure/plugins.cfg" diff --git a/salt/profile/pagure/init.sls b/salt/profile/pagure/init.sls new file mode 100644 index 0000000..80be2b4 --- /dev/null +++ b/salt/profile/pagure/init.sls @@ -0,0 +1,48 @@ +include: + - profile.pagure.redis + +pagure_pgks: + pkg.installed: + - pkgs: + - pagure + - pagure-web-nginx + +pagure_conf: + file.managed: + - name: /etc/pagure/pagure.cfg + - source: salt://profile/pagure/files/pagure.cfg + - template: jinja + - require_in: + - service: pagure_web_service + - watch_in: + - module: pagure_web_restart + +pagure_alembic_conf: + file.managed: + - name: /etc/pagure/alembic.cfg + - source: salt://profile/pagure/files/alembic.cfg + - template: jinja + - require_in: + - service: pagure_web_service + - watch_in: + - module: pagure_web_restart + +pagure_database_setup: + cmd.run: + - name: python3 /usr/share/pagure/pagure_createdb.py -c /etc/pagure/pagure.cfg -i /etc/pagure/alembic.ini + +{% set services = ['pagure_web', 'pagure_docs_web', 'pagure_worker', 'pagure_authorized_keys_worker', 'pagure_api_key_expire_mail.timer', 'pagure_mirror_project_in.timer'] %} + +{% for service in services %} +{{ service }}_service: + service.running: + - name: {{ service }} + - enable: True + +{{ service }}_restart: + module.wait: + - name: service.restart + - m_name: {{ service }} + - require: + - service: {{ service }} +{% endfor %} diff --git a/salt/profile/pagure/redis.sls b/salt/profile/pagure/redis.sls new file mode 100644 index 0000000..b9df23c --- /dev/null +++ b/salt/profile/pagure/redis.sls @@ -0,0 +1,26 @@ +redis_pgks: + pkg.installed: + - pkgs: + - redis + +redis_config_file: + file.managed: + - name: /etc/redis/default.conf + - source: /etc/redis/default.conf.example + - user: redis + - group: redis + - replace: False + - require_in: + - service: redis_service + +redis_service: + service.running: + - name: redis@default + - enable: True + +redis_restart: + module.wait: + - name: service.restart + - m_name: redis@default + - require: + - service: redis_service diff --git a/salt/profile/postgresql/files/postgresql/pg_hba.conf b/salt/profile/postgresql/files/postgresql/pg_hba.conf index 37ac8d3..cc678db 100644 --- a/salt/profile/postgresql/files/postgresql/pg_hba.conf +++ b/salt/profile/postgresql/files/postgresql/pg_hba.conf @@ -165,3 +165,7 @@ host mailman mailman 192.168.47.102/32 md5 host mailman_frontend mailman 192.168.47.4/32 md5 host mailman_frontend mailman 192.168.47.101/32 md5 host mailman_frontend mailman 192.168.47.102/32 md5 +# pagure01.infra.opensuse.org +host pagure pagure 192.168.47.4/32 md5 +host pagure pagure 192.168.47.101/32 md5 +host pagure pagure 192.168.47.102/32 md5 diff --git a/salt/role/pagure.sls b/salt/role/pagure.sls new file mode 100644 index 0000000..b6a69a6 --- /dev/null +++ b/salt/role/pagure.sls @@ -0,0 +1,3 @@ +include: + - profile.web.server.nginx + - profile.pagure