🎉: init

base/Dockerfile

@@ -0,0 +1,10 @@
+FROM alpine:latest
+
+RUN echo 'https://mirror.sr.ht/alpine/edge/sr.ht' >> /etc/apk/repositories
+RUN wget -q -O /etc/apk/keys/alpine@sr.ht.rsa.pub https://mirror.sr.ht/alpine/alpine@sr.ht.rsa.pub
+
+RUN apk update
+RUN apk add py3-gunicorn py3-psycopg2
+
+# install meta
+RUN apk add meta.sr.ht

docker-compose.yml

@@ -0,0 +1,28 @@
+version: '3.4'
+
+services:
+  redis:
+    image: redis:latest
+  database:
+    image: postgres:latest
+    environment:
+      POSTGRES_USER: sourcehut
+      POSTGRES_DB: sourcehut
+      POSTGRES_PASSWORD: sourcehut
+    volumes:
+      - db-data:/var/lib/postgresql/data
+  git:
+    build: ./git/
+    ports:
+      - "5000:5000"
+      - "5001:5001"
+    volumes:
+      - git-data:/var/lib/git
+      - ./config.ini.template:/etc/sr.ht/config.ini.template
+    links:
+      - database
+      - redis
+
+volumes:
+  db-data:
+  git-data:

git/Dockerfile

@@ -0,0 +1,9 @@
+FROM sr.ht-base:dev
+
+RUN apk add meta.sr.ht
+RUN apk add git.sr.ht
+
+
+
+
+

init.sh

@@ -0,0 +1,133 @@
+#!/bin/bash
+set -e
+red='\e[91m'
+green='\e[92m'
+yellow='\e[93m'
+magenta='\e[95m'
+cyan='\e[96m'
+none='\e[0m'
+_red() { echo -e "${red}$*${none}"; }
+_green() { echo -e "${green}$*${none}"; }
+_yellow() { echo -e "${yellow}$*${none}"; }
+_magenta() { echo -e "${magenta}$*${none}"; }
+_cyan() { echo -e "${cyan}$*${none}"; }
+
+modules="metasrht"
+domain_name="http://localhost"
+
+function add_module() {
+  read -r input
+  echo
+  if [[ "$input" -le 1 ]]; then
+    modules=$modules" "$1
+    echo -e "$yellow $1 is selected${none}"
+  fi
+}
+
+
+# Git or Mercurial or Both
+echo -e "Select your distributed version control system ${cyan}1.Git${none} or ${cyan}2.Mercurial${none} or ${cyan}3.Both${none}?"
+read -r version_control_system_input
+echo
+
+if [[ "$version_control_system_input" -le 1 ]]; then
+  module="git.sr.ht"
+  modules=$modules" "$module
+  echo -e "$yellow $module is selected${none}"
+elif [[ "$version_control_system_input" -le 2 ]]; then
+  module="hg.sr.ht"
+  modules=$modules" "$module
+  echo -e "$yellow  $module is selected${none}"
+else
+  module="git.sr.ht hg.sr.ht"
+  modules=$modules" "$module
+  echo -e "$yellow $module are selected${none}"
+fi
+
+# Domain
+echo -e "Set your ${cyan} Domain name ${none} or ${cyan}s (skip)${none}?"
+read -r domain_input
+echo
+if [[ "$domain_input" == 's' ]] || [[ -z "$null" ]]; then
+  echo -e "$yellow skip${none}"
+else
+  domain_name=$domain_input
+fi
+
+# CI
+# builds.sr.ht
+
+echo -e "Do you want to use ${cyan} Sourcehut CI ${none}? ${cyan}1.Yes${none} or ${cyan}2.No${none}?"
+add_module "builds.sr.ht"
+
+echo -e "Do you want to use ${cyan}Mailing list service${none}? ${cyan}1.Yes${none} or ${cyan}2.No${none}?"
+add_module "lists.sr.ht"
+
+#  a wiki service
+#  man.sr.ht
+echo -e "Do you want to use ${cyan}Wiki service${none}? ${cyan}1.Yes${none} or ${cyan}2.No${none}?"
+add_module "man.sr.h"
+
+# Syntax highlighting
+# paste.sr.ht
+echo -e "Do you want to use ${cyan}Syntax highlighting${none}? ${cyan}1.Yes${none} or ${cyan}2.No${none}?"
+add_module "paste.sr.ht"
+
+# issue and bug tracker service
+#  todo.sr.ht
+echo -e "Do you want to use ${cyan}issue and bug tracker service${none}? ${cyan}1.Yes${none} or ${cyan}2.No${none}?"
+add_module "todo.sr.ht"
+echo
+echo
+
+echo -e "---------------------------${green}Start generate Dockerfile ${none}--------------------------------------"
+echo
+echo
+sed "s/{{MODULES}}/$modules/" ./template/Dockerfile.template >Dockerfile
+# TODO start.sh
+echo
+echo
+echo -e "---------------------------${green}Generate Dockerfile success${none}--------------------------------------"
+
+## build base image
+#
+#echo -e "---------------------------${green}Start build base image ${none}--------------------------------------"
+#docker build -t sr.ht-base:dev ./base/
+#echo
+#echo -e "---------------------------${green}Build base image success${none}--------------------------------------"
+
+## generate keys
+
+echo -e "---------------------------${green}Start  generate  keys${none}-----------------------------------------"
+echo
+echo
+docker run sr.ht-base:dev sh -c 'srht-keygen service && srht-keygen network && srht-keygen webhook' | awk '{n[1]="Service";n[2]="Network";n[3]=n[4]="Webhook";print n[NR]" "$0 > "genkeys"}'
+echo
+echo
+echo -e "$(<genkeys)"
+echo -e "${yellow}Distribute the webhook public key to anyone who would want to verify ${none}"
+echo -e "${yellow}webhook payloads from your service.${none}"
+echo -e "${yellow}you can see generated keys in the  'genkeys' file ${none}"
+echo
+echo
+echo -e "---------------------------${green}Generate keys success${none}-----------------------------------------"
+echo
+echo
+
+## generate config
+echo -e "---------------------------${green}Start  generate  config${none}---------------------------------------"
+echo
+echo
+service_key=$(<genkeys  grep Service | awk -F: '{print $2}')
+network_key=$(<genkeys  grep Network | awk -F: '{print $2}')
+webhook_key=$(<genkeys  grep Webhook | awk -F: 'BEGIN{print $2}')
+sed "s/{{SERVICE_KEY}}/$service_key/" ./template/config.ini.template > config.ini
+sed -i "s/{{NETWORK_KEY}}/$network_key/" config.ini
+sed -i "s/{{WEBHOOK_KEY}}/$webhook_key/" config.ini
+echo "$domain_name"
+sed -i "s@{{DOMAIN}}@$domain_name@" config.ini
+echo
+echo
+echo -e "---------------------------${green}Generate keys success${none}-----------------------------------------"
+
+# TODO modules config

start.sh

@@ -0,0 +1,4 @@
+
+
+/usr/bin/gunicorn metasrht.app:app -b 0.0.0.0:5000
+/usr/bin/gunicorn gitsrht.app:app -b 0.0.0.0:5001

template/Dockerfile.template

@@ -0,0 +1,10 @@
+FROM sr.ht-base:dev
+COPY ./start.sh /
+
+RUN apk add  {{MODULES}}
+COMMAND ["./start.sh"]
+
+
+
+
+

template/config.ini.template

@@ -0,0 +1,215 @@
+[sr.ht]
+#
+# The name of your network of sr.ht-based sites
+site-name=sourcehut
+#
+# The top-level info page for your site
+site-info=https://sourcehut.org
+#
+# {{ site-name }}, {{ site-blurb }}
+site-blurb=the hacker's forge
+#
+# If this != production, we add a banner to each page
+environment=production
+#
+# Contact information for the site owners
+owner-name=Drew DeVault
+owner-email=sir@cmpwn.com
+#
+# The source code for your fork of sr.ht
+source-url=https://git.sr.ht/~sircmpwn/srht
+#
+# A key used for encrypting session cookies. Use `srht-keygen service` to
+# generate the service key. This must be shared between each node of the same
+# service (e.g. git1.sr.ht and git2.sr.ht), but different services may use
+# different keys. If you configure all of your services with the same
+# config.ini, you may use the same service-key for all of them.
+service-key={{SERVICE_KEY}}
+#
+# A secret key to encrypt internal messages with. Use `srht-keygen network` to
+# generate this key. It must be consistent between all services and nodes.
+network-key={{NETWORK_KEY}}
+#
+# The redis host URL. This is used for caching and temporary storage, and must
+# be shared between nodes (e.g. git1.sr.ht and git2.sr.ht), but need not be
+# shared between services. It may be shared between services, however, with no
+# ill effect, if this better suits your infrastructure.
+redis-host=redis://127.0.0.1:6379
+#
+# The Prometheus Pushgateway instance to deliver gitsrht-periodic metrics to (http[s]://host:port)
+pushgateway=
+
+[objects]
+# Configure the S3-compatible object storage service. Leave empty to disable
+# object storage.
+#
+# Minio is recommended as a FOSS solution over AWS: https://min.io
+s3-upstream=
+s3-access-key=
+s3-secret-key=
+
+[mail]
+#
+# Outgoing SMTP settings
+smtp-host=
+smtp-port=
+smtp-from=
+#
+# Default: starttls
+# Options: starttls, tls, insecure
+smtp-encryption=starttls
+#
+# Default: plain
+# Options: plain, none
+smtp-auth=plain
+# user / password are required if smtp-auth is plain
+smtp-user=
+smtp-password=
+#
+# Application exceptions are emailed to this address
+error-to=
+error-from=
+#
+# You should generate a PGP key to allow users to authenticate emails received
+# from your services. Use `gpg --edit-key [key id]` to remove the password from
+# your private key, then export it to a file and set pgp-privkey to the path to
+# that file. pgp-pubkey should be set to the path to your public key, and
+# pgp-key-id should be set to the key ID string. Outgoing emails are signed with
+# this PGP key.
+pgp-privkey=
+pgp-pubkey=
+pgp-key-id=
+
+[webhooks]
+#
+# base64-encoded Ed25519 key for signing webhook payloads. This should be
+# consistent between all services.
+#
+# Use the `srht-keygen webhook` command to generate this key. Put the private
+# key here and distribute the public key to anyone who would want to verify
+# webhook payloads from your service.
+private-key= {{WEBHOOK_KEY}}
+
+
+[git.sr.ht]
+#
+# URL git.sr.ht is being served at (protocol://domain)
+origin={{DOMAIN}}
+#
+# Address and port to bind the debug server to
+debug-host=0.0.0.0
+debug-port=5001
+#
+# Configures the SQLAlchemy connection string for the database.
+connection-string=postgresql://postgres@localhost/git.sr.ht
+#
+# Set to "yes" to automatically run migrations on package upgrade.
+migrate-on-upgrade=yes
+#
+# The redis connection used for the webhooks worker
+webhooks=redis://localhost:6379/1
+#
+# A post-update script which is installed in every git repo.
+post-update-script=/usr/bin/gitsrht-update-hook
+#
+# git.sr.ht's OAuth client ID and secret for meta.sr.ht
+# Register your client at meta.example.org/oauth
+oauth-client-id=CHANGEME
+oauth-client-secret=CHANGEME
+#
+# Path to git repositories on disk
+repos=/var/lib/git/
+#
+# Configure the S3 bucket and prefix for object storage. Leave empty to disable
+# object storage. Bucket is required to enable object storage; prefix is
+# optional.
+s3-bucket=
+s3-prefix=
+#
+# Required for preparing and sending patchsets from git.sr.ht
+outgoing-domain=
+
+#
+# Origin URL for the API
+# Only needed if not run behind a reverse proxy, e.g. for local development.
+# By default, the API port is 100 more than the web port
+#api-origin=http://localhost:5101
+
+[git.sr.ht::api]
+#
+# Maximum complexity of GraphQL queries. The higher this number, the more work
+# that API clients can burden the API backend with. Complexity is equal to the
+# number of discrete fields which would be returned to the user. 200 is a good
+# default.
+max-complexity=200
+
+#
+# The maximum time the API backend will spend processing a single API request.
+#
+# See https://golang.org/pkg/time/#ParseDuration
+max-duration=3s
+
+#
+# Set of IP subnets which are permitted to utilize internal API
+# authentication. This should be limited to the subnets from which your
+# *.sr.ht services are running.
+#
+# Comma-separated, CIDR notation.
+internal-ipnet=127.0.0.0/8,::1/128,192.168.0.0/16,10.0.0.0/8
+
+[git.sr.ht::dispatch]
+#
+# The authorized keys hook uses this to dispatch to various handlers
+# The format is a program to exec into as the key, and the user to match as the
+# value. When someone tries to log in as this user, this program is executed
+# and is expected to omit an AuthorizedKeys file.
+#
+# Uncomment the relevant lines to enable the various sr.ht dispatchers.
+/usr/bin/gitsrht-keys=git:git
+#/usr/bin/buildsrht-keys=builds:builds
+
+[meta.sr.ht]
+origin={{DOMAIN}}:5000
+#
+# Address and port to bind the debug server to
+debug-host=0.0.0.0
+debug-port=5000
+#
+# Configures the SQLAlchemy connection string for the database.
+connection-string=postgresql://postgres@localhost/meta.sr.ht
+#
+# Set to "yes" to automatically run migrations on package upgrade.
+migrate-on-upgrade=yes
+
+[meta.sr.ht::settings]
+#
+# If "no", public registration will not be permitted.
+registration=yes
+#
+# Where to redirect new users upon registration
+onboarding-redirect={{DOMAIN}}:5000
+#
+# How many invites each user is issued upon registration (only applicable if
+# open registration is disabled)
+user-invites=5
+
+[meta.sr.ht::aliases]
+#
+# You can add aliases for the client IDs of commonly used OAuth clients here.
+#
+# Example:
+# git.sr.ht=12345
+# Uncomment this to provide optional builds.sr.ht integration
+
+#[builds.sr.ht]
+#origin=http://builds.sr.ht.local
+#oauth-client-id=CHANGEME
+
+[meta.sr.ht::billing]
+#
+# "yes" to enable the billing system
+enabled=no
+#
+# Get your keys at https://dashboard.stripe.com/account/apikeys
+stripe-public-key=
+stripe-secret-key=