poesty 9 mesi fa
parent
commit
095a78a2eb
4 ha cambiato i file con 136 aggiunte e 131 eliminazioni
  1. 101 101
      init.sh
  2. 22 22
      start.sh
  3. 8 8
      template/config.ini.template
  4. 5 0
      template/docker-compose.yml.template

+ 101 - 101
init.sh

@@ -29,128 +29,131 @@ paste_module="paste.sr.ht"
 todo_module="todo.sr.ht"
 
 function add_module() {
-  read -r input
-  echo
-  if [[ "$input" -le 1 ]]; then
-    modules=$modules" "$1
-    echo -e "$yellow $1 is selected${none}"
-  fi
+	read -r input
+	echo
+	if [[ "$input" -le 1 ]]; then
+		modules=$modules" "$1
+		echo -e "$yellow $1 is selected${none}"
+	fi
 }
 
 function progress() {
-  echo "$2 IS RUNNING..."
-  printf "[▓"
-  while kill -0 "$1" 2>/dev/null; do
-    printf "▓"
-    sleep 0.05
-  done
-  wait "$1"
-  printf "▓] done!"
+	echo "$2 IS RUNNING..."
+	printf "[▓"
+	while kill -0 "$1" 2>/dev/null; do
+		printf "▓"
+		sleep 0.05
+	done
+	wait "$1"
+	printf "▓] done!"
 }
 
 function generate_config() {
-  service_key=$(grep <genkeys "Service" | awk -F: '{gsub(/[[:blank:]]*/,"");print $2}')
-  network_key=$(grep <genkeys "Network" | awk -F: '{gsub(/[[:blank:]]*/,"");print $2}')
-  webhook_key=$(grep <genkeys "Webhook Private" | awk -F: '{gsub(/[[:blank:]]*/,"");print $2}')
-  sed -i "s/{{SERVICE_KEY}}/$service_key/" config.ini
-  sed -i "s/{{NETWORK_KEY}}/$network_key/" config.ini
-  sed -i "s@{{WEBHOOK_KEY}}@$webhook_key@" config.ini
-  sed -i "s@{{DOMAIN}}@$domain_name@" config.ini
+	service_key=$(grep <genkeys "Service" | awk -F: '{gsub(/[[:blank:]]*/,"");print $2}')
+	network_key=$(grep <genkeys "Network" | awk -F: '{gsub(/[[:blank:]]*/,"");print $2}')
+	webhook_key=$(grep <genkeys "Webhook Private" | awk -F: '{gsub(/[[:blank:]]*/,"");print $2}')
+	sed -i "s/{{SERVICE_KEY}}/$service_key/" config.ini
+	sed -i "s/{{NETWORK_KEY}}/$network_key/" config.ini
+	sed -i "s@{{WEBHOOK_KEY}}@$webhook_key@" config.ini
+	sed -i "s@{{DOMAIN}}@$domain_name@" config.ini
 }
 
 function generate_keys() {
-  docker run sr.ht-base:dev sh -c 'srht-keygen service && srht-keygen network && srht-keygen webhook' | awk '{n[1]="Service";n[2]="Network";n[3]=n[4]="Webhook";print n[NR]" "$0 > "genkeys"}'
+	docker run --rm sr.ht-base:dev sh -c 'srht-keygen service && srht-keygen network && srht-keygen webhook' | awk '{n[1]="Service";n[2]="Network";n[3]=n[4]="Webhook";print n[NR]" "$0 > "genkeys"}'
+	docker run --rm -v /tmp/gpg-output:/root/.gnupg vladgh/gpg --batch --passphrase '' --quick-gen-key admin@admin.com
+	docker run --rm -v /tmp/gpg-output:/root/.gnupg vladgh/gpg -a --export-secret-key admin@admin.com >srht.priv
+	docker run --rm -v /tmp/gpg-output:/root/.gnupg vladgh/gpg -a --export admin@admin.com >srht.pub
+	rm -r /tmp/gpg-output
 }
 
 function build_base_image() {
-  docker build -t sr.ht-base:dev ./base/ && echo
+	docker build -t sr.ht-base:dev ./base/ && echo
 }
 
-
 function set_domain() {
-  sed "s@$local_domain@$domain_name@g" template/config.ini.template >config.ini
-  sed -i "s/$local_domain/srht/g" "grep -rl $local_domain nginx_conf"
+	sed "s@$local_domain@$domain_name@g" template/config.ini.template >config.ini
+	sed -i "s@$local_domain@$domain_name@g" $(grep -rl $local_domain nginx_conf)
 }
 
 function select_version_control() {
-  # Git or Mercurial or Both
-  echo -e "Select your distributed version control system ${cyan}1.Git${none} or ${cyan}2.Mercurial${none} or ${cyan}3.Both${none}?"
-  read -r version_control_system_input
-  echo
-
-  if [[ "$version_control_system_input" -le 1 ]]; then
-    modules=$modules" "$git_module
-    echo -e "$yellow $modules is selected${none}"
-  elif [[ "$version_control_system_input" -le 2 ]]; then
-    modules=$modules" "$hg_module
-    echo -e "$yellow  $modules is selected${none}"
-  else
-    modules=$modules' '$git_module' '$hg_module
-    echo -e "$yellow $modules are selected${none}"
-  fi
+	# Git or Mercurial or Both
+	echo -e "Select your distributed version control system ${cyan}1.Git${none} or ${cyan}2.Mercurial${none} or ${cyan}3.Both${none}?"
+	read -r version_control_system_input
+	echo
+
+	if [[ "$version_control_system_input" -le 1 ]]; then
+		modules=$modules" "$git_module
+		echo -e "$yellow $modules is selected${none}"
+	elif [[ "$version_control_system_input" -le 2 ]]; then
+		modules=$modules" "$hg_module
+		echo -e "$yellow  $modules is selected${none}"
+	else
+		modules=$modules' '$git_module' '$hg_module
+		echo -e "$yellow $modules are selected${none}"
+	fi
 }
 
 function advance_config() {
-  # CI
-  # builds.sr.ht
+	# CI
+	# builds.sr.ht
 
-  echo -e "Do you want to use ${cyan} Sourcehut CI ${none}? ${cyan}1.Yes${none} or ${cyan}2.No${none}?"
-  add_module "$build_module"
+	echo -e "Do you want to use ${cyan} Sourcehut CI ${none}? ${cyan}1.Yes${none} or ${cyan}2.No${none}?"
+	add_module "$build_module"
 
-  echo -e "Do you want to use ${cyan}Mailing list service${none}? ${cyan}1.Yes${none} or ${cyan}2.No${none}?"
-  add_module "$list_module"
+	echo -e "Do you want to use ${cyan}Mailing list service${none}? ${cyan}1.Yes${none} or ${cyan}2.No${none}?"
+	add_module "$list_module"
 
-  # wiki service
-  #  man.sr.ht
-  echo -e "Do you want to use ${cyan}Wiki service${none}? ${cyan}1.Yes${none} or ${cyan}2.No${none}?"
-  add_module "$man_module"
+	# wiki service
+	#  man.sr.ht
+	echo -e "Do you want to use ${cyan}Wiki service${none}? ${cyan}1.Yes${none} or ${cyan}2.No${none}?"
+	add_module "$man_module"
 
-  # issue and bug tracker service
-  # todo.sr.ht
-  echo -e "Do you want to use ${cyan}issue and bug tracker service${none}? ${cyan}1.Yes${none} or ${cyan}2.No${none}?"
-  add_module "$todo_module"
+	# issue and bug tracker service
+	# todo.sr.ht
+	echo -e "Do you want to use ${cyan}issue and bug tracker service${none}? ${cyan}1.Yes${none} or ${cyan}2.No${none}?"
+	add_module "$todo_module"
 
-  # Syntax highlighting
-  # paste.sr.ht
-  echo -e "Do you want to use ${cyan} ad-hoc text file service${none}? ${cyan}1.Yes${none} or ${cyan}2.No${none}?"
-  add_module "$paste_module"
+	# Syntax highlighting
+	# paste.sr.ht
+	echo -e "Do you want to use ${cyan} ad-hoc text file service${none}? ${cyan}1.Yes${none} or ${cyan}2.No${none}?"
+	add_module "$paste_module"
 }
 
 function select_mode() {
-  min_mode="Minimal Installation(Install only required modules)"
-  max_mod="Maximize Installation(Install all modules)"
-  adv_mod="Advanced Mode(Choose your own personalized modules)"
-  quit="Quit"
-  mode=("$min_mode" "$max_mod" "$adv_mod" "$quit")
-  PS3="Select the installation mode: "
-  select item in "${mode[@]}"; do
-    case $item in
-    "$min_mode")
-      echo "$item"
-      select_version_control
-      break
-      ;;
-    "$max_mod")
-      echo "$item"
-      modules=$modules"$git_module $hg_module $build_module $list_module $man_module $paste_module $todo_module"
-      break
-      ;;
-    "$adv_mod")
-      echo "$item"
-      advance_config
-      break
-      ;;
-    "$quit")
-      exit
-      ;;
-    quit)
-      break
-      ;;
-    *)
-      echo "Invalid option $REPLY"
-      ;;
-    esac
-  done
+	min_mode="Minimal Installation(Install only required modules)"
+	max_mod="Maximize Installation(Install all modules)"
+	adv_mod="Advanced Mode(Choose your own personalized modules)"
+	quit="Quit"
+	mode=("$min_mode" "$max_mod" "$adv_mod" "$quit")
+	PS3="Select the installation mode: "
+	select item in "${mode[@]}"; do
+		case $item in
+		"$min_mode")
+			echo "$item"
+			select_version_control
+			break
+			;;
+		"$max_mod")
+			echo "$item"
+			modules=$modules"$git_module $hg_module $build_module $list_module $man_module $paste_module $todo_module"
+			break
+			;;
+		"$adv_mod")
+			echo "$item"
+			advance_config
+			break
+			;;
+		"$quit")
+			exit
+			;;
+		quit)
+			break
+			;;
+		*)
+			echo "Invalid option $REPLY"
+			;;
+		esac
+	done
 }
 
 ## Start
@@ -162,11 +165,11 @@ read -r domain_input
 echo
 echo "domain_input :$domain_input"
 if [[ "$domain_input" == 's' || -z "$domain_input" ]]; then
-  echo -e "$yellow skip${none}"
-  cp template/config.ini.template  config.ini
+	echo -e "$yellow skip${none}"
+	cp template/config.ini.template config.ini
 else
-  domain_name=$domain_input
-  set_domain
+	domain_name=$domain_input
+	set_domain
 fi
 
 echo "domain:  $domain_name"
@@ -175,7 +178,6 @@ echo
 #generate_launch_shell "$modules" &
 #progress $! "🤖 Generate Launch Shell"
 
-
 echo
 echo
 sed "s/{{MODULES}}/$modules/" ./template/Dockerfile.template >Dockerfile &
@@ -183,7 +185,7 @@ progress $! "🐋 Generate Dockerfile"
 
 echo
 echo
-db_names=$(echo "$modules" | tr -d '.' | tr " " "," )
+db_names=$(echo "$modules" | tr -d '.' | tr " " ",")
 sed "s/{{database_name}}/$db_names/" ./template/docker-compose.yml.template >docker-compose.yml &
 progress $! "🐋 Generate DockerCompose file"
 
@@ -209,5 +211,3 @@ generate_config
 progress $! "🔧 Generate Config"
 echo
 echo
-
-

+ 22 - 22
start.sh

@@ -6,29 +6,29 @@ echo "service list: $service_list"
 
 metasrht-initdb
 /usr/bin/gunicorn metasrht.app:app -c /etc/sr.ht/meta.sr.ht.gunicorn.conf.py -b 0.0.0.0:5000 -D
-#/usr/bin/metasrht-api -b 0.0.0.0:5100 &
+/usr/bin/metasrht-api -b 0.0.0.0:5100 &
 /usr/bin/celery -A metasrht.webhooks worker --loglevel=info &
 echo "0	2	*	*	*  /usr/bin/metasrht-daily" >>/etc/crontab
 
 if [[ "$service_list" == *"git"* ]]; then
-  gitsrht-initdb
-  /usr/bin/gunicorn gitsrht.app:app -b 0.0.0.0:5001 -c /etc/sr.ht/git.sr.ht.gunicorn.conf.py -D
-  #  /usr/bin/gitsrht-api -b 0.0.0.0:5101 &
-  /usr/bin/celery -A gitsrht.webhooks worker --loglevel=info &
-  echo "*/20 * * * *  /usr/bin/gitsrht-periodic" >>/etc/crontab
+	gitsrht-initdb
+	/usr/bin/gunicorn gitsrht.app:app -b 0.0.0.0:5001 -c /etc/sr.ht/git.sr.ht.gunicorn.conf.py -D
+	/usr/bin/gitsrht-api -b 0.0.0.0:5101 &
+	/usr/bin/celery -A gitsrht.webhooks worker --loglevel=info &
+	echo "*/20 * * * *  /usr/bin/gitsrht-periodic" >>/etc/crontab
 fi
 
 if [[ "$service_list" == *"hg"* ]]; then
-  hgsrht-initdb
-  /usr/bin/gunicorn hgsrht.app:app -b 0.0.0.0:5010 -c /etc/sr.ht/git.sr.ht.gunicorn.conf.py -D
-#  /usr/bin/hgsrht-api -b 0.0.0.0:5110 &
-  /usr/bin/celery -A hgsrht.webhooks worker --loglevel=info &
-  echo "*/20 * * * *  /usr/bin/hgsrht-periodic" >>/etc/crontab
+	hgsrht-initdb
+	/usr/bin/gunicorn hgsrht.app:app -b 0.0.0.0:5010 -c /etc/sr.ht/git.sr.ht.gunicorn.conf.py -D
+	/usr/bin/hgsrht-api -b 0.0.0.0:5110 &
+	/usr/bin/celery -A hgsrht.webhooks worker --loglevel=info &
+	echo "*/20 * * * *  /usr/bin/hgsrht-periodic" >>/etc/crontab
 fi
 
 if [[ "$service_list" == *"builds"* ]]; then
-  buildsrht-initdb
-  /usr/bin/gunicorn buildsrht.app:app -b 0.0.0.0:5002 -c /etc/sr.ht/builds.sr.ht.gunicorn.conf.py -D
+	buildsrht-initdb
+	/usr/bin/gunicorn buildsrht.app:app -b 0.0.0.0:5002 -c /etc/sr.ht/builds.sr.ht.gunicorn.conf.py -D
 
 fi
 
@@ -42,21 +42,21 @@ fi
 #fi
 
 if [[ "$service_list" == *"man"* ]]; then
-  mansrht-initdb
-  /usr/bin/gunicorn mansrht.app:app -b 0.0.0.0:5004 -c /etc/sr.ht/man.sr.ht.gunicorn.conf.py -D
+	mansrht-initdb
+	/usr/bin/gunicorn mansrht.app:app -b 0.0.0.0:5004 -c /etc/sr.ht/man.sr.ht.gunicorn.conf.py -D
 fi
 
 if [[ "$service_list" == *"todo"* ]]; then
-  todosrht-initdb
-  /usr/bin/gunicorn todosrht.app:app -b 0.0.0.0:5003 -c /etc/sr.ht/todo.sr.ht.gunicorn.conf.py -D
-#  /usr/bin/todosrht-api -b 0.0.0.0:5103
-  #  /usr/bin/todosrht-lmtp &
-  /usr/bin/celery -A todosrht.webhooks worker --loglevel=info &
+	todosrht-initdb
+	/usr/bin/gunicorn todosrht.app:app -b 0.0.0.0:5003 -c /etc/sr.ht/todo.sr.ht.gunicorn.conf.py -D
+	/usr/bin/todosrht-api -b 0.0.0.0:5103
+	#  /usr/bin/todosrht-lmtp &
+	/usr/bin/celery -A todosrht.webhooks worker --loglevel=info &
 fi
 
 if [[ "$service_list" == *"paste"* ]]; then
-  pastesrht-initdb
-  /usr/bin/gunicorn pastesrht.app:app -b 0.0.0.0:5011 -c /etc/sr.ht/paste.sr.ht.gunicorn.conf.py -D
+	pastesrht-initdb
+	/usr/bin/gunicorn pastesrht.app:app -b 0.0.0.0:5011 -c /etc/sr.ht/paste.sr.ht.gunicorn.conf.py -D
 fi
 
 tail -f /dev/null

+ 8 - 8
template/config.ini.template

@@ -53,7 +53,7 @@ s3-secret-key=
 # Outgoing SMTP settings
 smtp-host=
 smtp-port=
-smtp-from=
+smtp-from=CHANGEME@example.org
 #
 # Default: starttls
 # Options: starttls, tls, insecure
@@ -76,8 +76,8 @@ error-from=
 # that file. pgp-pubkey should be set to the path to your public key, and
 # pgp-key-id should be set to the key ID string. Outgoing emails are signed with
 # this PGP key.
-pgp-privkey=
-pgp-pubkey=
+pgp-privkey=/etc/sr.ht/srht.priv
+pgp-pubkey=/etc/sr.ht/srht.pub
 pgp-key-id=
 
 [webhooks]
@@ -155,7 +155,7 @@ max-duration=3s
 # *.sr.ht services are running.
 #
 # Comma-separated, CIDR notation.
-internal-ipnet=127.0.0.0/8,::1/128,192.168.0.0/16,10.0.0.0/8
+internal-ipnet=127.0.0.0/8,::1/128,192.168.0.0/16,10.0.0.0/8,172.28.0.0/16
 
 [git.sr.ht::dispatch]
 #
@@ -214,12 +214,12 @@ max-duration=3s
 # *.sr.ht services are running.
 #
 # Comma-separated, CIDR notation.
-internal-ipnet=127.0.0.0/8,::1/128,192.168.0.0/16,10.0.0.0/8
+internal-ipnet=127.0.0.0/8,::1/128,192.168.0.0/16,10.0.0.0/8,172.28.0.0/16
 
 [meta.sr.ht::settings]
 #
 # If "no", public registration will not be permitted.
-registration=yes
+registration=no
 #
 # Where to redirect new users upon registration
 onboarding-redirect=http://git.localtest.me/
@@ -357,7 +357,7 @@ max-duration=90s
 # *.sr.ht services are running.
 #
 # Comma-separated, CIDR notation.
-internal-ipnet=127.0.0.0/8,::1/128,192.168.0.0/16,10.0.0.0/8
+internal-ipnet=127.0.0.0/8,::1/128,192.168.0.0/16,10.0.0.0/8,172.28.0.0/16
 
 [lists.sr.ht::redirects]
 #
@@ -556,7 +556,7 @@ max-duration=3s
 # *.sr.ht services are running.
 #
 # Comma-separated, CIDR notation.
-internal-ipnet=127.0.0.0/8,::1/128,192.168.0.0/16,10.0.0.0/8
+internal-ipnet=127.0.0.0/8,::1/128,192.168.0.0/16,10.0.0.0/8,172.28.0.0/16
 
 # NOTE: this is not a typo. It goes into the git dispatch section because
 # that script actually handles all the dispatching (git, hg, man, etc.)

+ 5 - 0
template/docker-compose.yml.template

@@ -27,6 +27,8 @@ services:
     volumes:
       - git-data:/var/lib/git
       - ./config.ini:/etc/sr.ht/config.ini
+      - ./srht.priv:/etc/sr.ht/srht.priv
+      - ./srht.pub:/etc/sr.ht/srht.pub
       - static-data:/usr/lib/python3.9/site-packages/
 
     networks:
@@ -58,3 +60,6 @@ volumes:
 networks:
   srht-net:
     driver: bridge
+    ipam:
+      config:
+        - subnet: 172.28.0.0/16