M Makefile => Makefile +5 -1
@@ 18,6 18,9 @@ POSTGRES_LOCALNAME=my-postgres
POSTGRES_DATADIR=/home/al_dente/dev/huttese/postgres
POSTGRES_CONF=/home/al_dente/dev/huttese/etc/postgresql/postgresql.conf
+# configure git
+GIT_DATADIR=/home/al_dente/dev/huttese/git/datadir
+
# set image tag data
SRHT_LOCALNAME=srht
SRHT_LOCALVERSION=1
@@ 97,6 100,7 @@ start: image
$(CONMAN) run --detach --name $(HUTTESE_SRHT) --restart always \
--hostname tatooine -p 80:8080 \
+ --mount type=bind,src=$(GIT_DATADIR),dst=/var/lib/git \
$(SRHT_LOCALNAME)
$(CONMAN) network connect --alias $(HUTTESE_SRHT) \
$(HUTTESE_NETWORK) $(HUTTESE_SRHT)
@@ 112,6 116,6 @@ restart:
$(CONMAN) restart $(SRHT_LOCALNAME)
clean:
- $(CONMAN) rm --force $(SRHT_LOCALNAME) >/dev/null 2>&1 || true
+ $(CONMAN) rm --force $(HUTTESE_SRHT) >/dev/null 2>&1 || true
$(CONMAN) image rm --force $(SRHT_LOCALNAME):latest >/dev/null 2>&1 || true
M README.md => README.md +4 -6
@@ 9,7 9,7 @@ Makefile is in the top-level directory.
## To-Do
-nginx proxying is not working.
+nginx proxying is working sometimes.
need metasrht service to become accessible so that i can register oauth for git, lists, todo services.
@@ 17,14 17,12 @@ should also setup the metasrht-webhook process (`celery -A metasrht.webhooks wor
maybe should run migration (`metasrht-migrate -a upgrade head`) every time?
-probably should not be running most of these services as `root`.
-[apkbuilds repo](https://git.sr.ht/~sircmpwn/sr.ht-apkbuilds/tree) indicates that metasrht (and friends) run as `meta`.
-Probably have `git`, `lists`, `todo`, and `build` users.
-
most importantly, need to figure out how to secure pgp keys, worker private key, network private key, and webhook private key.
cleanup the postgres files, probably to a `pg` directory.
+for now, not targeting listssrht. may add later.
+
## Installation
@@ 33,7 31,7 @@ Disable the haproxy docker container.
Paste the following into the hosts file:
```
-127.0.0.1 git.intra.dominic-ricottone.com lists.intra.dominic-ricottone.com meta.intra.dominic-ricottone.com todo.intra.dominic-ricottone.com
+127.0.0.1 git.intra.dominic-ricottone.com meta.intra.dominic-ricottone.com todo.intra.dominic-ricottone.com test.intra.dominic-ricottone.com
```
Run `make setup && make image && make dbinit && make start`.
M sr/Dockerfile => sr/Dockerfile +2 -1
@@ 19,7 19,7 @@ COPY --chown=nginx:nginx usr/share/nginx/html/test.cgi /usr/share/nginx/html/tes
COPY --chown=nginx:nginx usr/share/nginx/html/test.php /usr/share/nginx/html/test.php
COPY etc/nginx/http.d/default.conf /etc/nginx/http.d/default.conf
COPY etc/nginx/http.d/git.conf /etc/nginx/http.d/git.conf
-COPY etc/nginx/http.d/lists.conf /etc/nginx/http.d/lists.conf
+#COPY etc/nginx/http.d/lists.conf /etc/nginx/http.d/lists.conf
COPY etc/nginx/http.d/meta.conf /etc/nginx/http.d/meta.conf
COPY etc/nginx/http.d/todo.conf /etc/nginx/http.d/todo.conf
@@ 34,6 34,7 @@ COPY etc/postfix/sasl/sasl_passwd /etc/postfix/sasl/sasl_passwd
RUN postmap /etc/postfix/sasl/sasl_passwd
# setup sourcehut
+VOLUME /var/lib/git
COPY etc/sr.ht/config.ini /etc/sr.ht/config.ini
COPY etc/sr.ht/pgp.key /etc/sr.ht/pgp.key
COPY etc/sr.ht/pgp.pubkey /etc/sr.ht/pgp.pubkey
M sr/etc/sr.ht/config.ini => sr/etc/sr.ht/config.ini +2 -50
@@ 4,6 4,7 @@ site-info=https://dominic-ricottone.com
site-blurb=hutt
owner-name=Dominic Ricottone
owner-email=me@dominic-ricottone.com
+global-domain=http://intra.dominic-ricottone.com
#environment=production
environment=development
@@ 38,7 39,7 @@ smtp-user=
smtp-password=
# Email address to dump exceptions at?
-error-to=me@dominic-ricottone.com
+error-to=REDACTED
error-from=hutt@tatooine
pgp-privkey=/etc/sr.ht/pgp.key
@@ 87,55 88,6 @@ internal-ipnet=127.0.0.0/8,::1/128,192.168.0.0/16,10.0.0.0/8
#/usr/bin/buildsrht-keys=builds:builds
-[lists.sr.ht]
-origin=http://localhost:5006
-# try: meta.localhost/oauth
-oauth-client-id=
-oauth-client-secret=
-api-origin=http://localhost:5106
-posting-domain=lists.tatooine
-allow-new-lists=no
-
-# debug host
-debug-host=0.0.0.0
-debug-port=5006
-
-# SQLAlchemy connection string
-#connection-string=postgresql://postgres@huttpg:5432/lists.sr.ht
-connection-string=postgresql://postgres@huttpg:5432/lists.sr.ht?sslmode=disable
-migrate-on-upgrade=yes
-
-# Webhooks connection string
-webhooks=redis://huttredis:6379/1
-
-# Celery connection string
-redis=redis://huttredis:6379/0
-
-# Trusted upstream SMTP server generating Authentication-Results header fields
-msgauth-server=tatooine
-
-
-[lists.sr.ht::worker]
-protocol=lmtp
-sock=/tmp/lists.sr.ht-lmtp.sock
-sock-group=postfix
-
-# Content types to reject?
-reject-mimetypes=text/html
-
-# URL for rejection notice?
-reject-url=https://man.sr.ht/lists.sr.ht/etiquette.md
-
-
-[lists.sr.ht::api]
-max-complexity=200
-max-duration=90s
-internal-ipnet=127.0.0.0/8,::1/128,192.168.0.0/16,10.0.0.0/8
-
-
-[lists.sr.ht::redirects]
-
-
[meta.sr.ht]
origin=http://localhost:5000
welcome-emails=no
A sr/etc/sr.ht/lists.config.ini => sr/etc/sr.ht/lists.config.ini +48 -0
@@ 0,0 1,48 @@
+[lists.sr.ht]
+origin=http://localhost:5006
+# try: meta.localhost/oauth
+oauth-client-id=
+oauth-client-secret=
+api-origin=http://localhost:5106
+posting-domain=lists.tatooine
+allow-new-lists=no
+
+# debug host
+debug-host=0.0.0.0
+debug-port=5006
+
+# SQLAlchemy connection string
+#connection-string=postgresql://postgres@huttpg:5432/lists.sr.ht
+connection-string=postgresql://postgres@huttpg:5432/lists.sr.ht?sslmode=disable
+migrate-on-upgrade=yes
+
+# Webhooks connection string
+webhooks=redis://huttredis:6379/1
+
+# Celery connection string
+redis=redis://huttredis:6379/0
+
+# Trusted upstream SMTP server generating Authentication-Results header fields
+msgauth-server=tatooine
+
+
+[lists.sr.ht::worker]
+protocol=lmtp
+sock=/tmp/lists.sr.ht-lmtp.sock
+sock-group=postfix
+
+# Content types to reject?
+reject-mimetypes=text/html
+
+# URL for rejection notice?
+reject-url=https://man.sr.ht/lists.sr.ht/etiquette.md
+
+
+[lists.sr.ht::api]
+max-complexity=200
+max-duration=90s
+internal-ipnet=127.0.0.0/8,::1/128,192.168.0.0/16,10.0.0.0/8
+
+
+[lists.sr.ht::redirects]
+
M sr/etc/supervisor/conf.d/supervisord.conf => sr/etc/supervisor/conf.d/supervisord.conf +2 -0
@@ 25,11 25,13 @@ redirect_stderr=true
autorestart=true
command=gunicorn metasrht.app:app -b 127.0.0.1:5000 -c /etc/sr.ht/meta.sr.ht.gunicorn.conf.py
redirect_stderr=true
+user=meta
[program:metasrht-api]
autorestart=true
command=metasrht-api
redirect_stderr=true
+user=meta
[program:nginx]
autostart=true