devboardsforandroid: create initial configuration

This change adds in the initial configuration for the gerrit server git.devboardsforandroid.ctt.linaro.org Change-Id: Idd5098469bdeeaaeb99a8e01cd5ef551f2754603 Signed-off-by: Kelley Spoon <kelley.spoon@linaro.org> Reviewed-on: https://review.linaro.org/c/infrastructure/ansible-playbooks/+/45234
author: Kelley Spoon <kelley.spoon@linaro.org> 2023-08-10 17:34:03 -0500
committer: Kelley Spoon <kelley.spoon@linaro.org> 2023-08-18 04:32:15 +0000
commit: ecd6209d688b2bb28b6cccafaff953368ad29ef3 (patch)
tree: 1dddec910e6ed22ee35cad31bd2dd3b2b7560de0
parent: 2d9f6c70f40f44f7f034dda60ed8d253072a1a86 (diff)
5 files changed, 214 insertions, 0 deletions
diff --git a/files/apache/git.devboardsforandroid.ctt.linaro.org.conf b/files/apache/git.devboardsforandroid.ctt.linaro.org.conf
new file mode 100644
index 00000000..f4612b9f
--- /dev/null
+++ b/files/apache/git.devboardsforandroid.ctt.linaro.org.conf
@@ -0,0 +1,106 @@
+<VirtualHost *:80>
+	ServerName git.devboardsforandroid.ctt.linaro.org
+	{% if ssl_cert is defined %}
+
+	RedirectMatch permanent "^/(?!\.well-known/acme-challenge)(.*)" "https://{{hostname}}/$1"
+
+	{% else %}
+
+	DocumentRoot    /srv/gerrit
+
+	CustomLog /var/log/apache2/git.devboardsforandroid.ctt.linaro.org-access.log combined
+	ErrorLog /var/log/apache2/git.devboardsforandroid.ctt.linaro.org-error.log
+
+	ExpiresActive   On
+	ExpiresDefault  "access plus 0 seconds"
+
+	ExpiresByType   text/css        "access plus 1 week"
+	ExpiresByType   text/javascript "access plus 1 week"
+	ExpiresByType   image/png       "access plus 1 month"
+	ExpiresByType   image/jpg       "access plus 1 month"
+	ExpiresByType   image/jpeg      "access plus 1 month"
+	ExpiresByType   image/x-icon    "access plus 1 month"
+
+	Header append Cache-Control "no-transform"
+
+	<FilesMatch "\.(html|htm)$">
+        	Header add Cache-Control "must-revalidate"
+	</FilesMatch>
+
+	<FilesMatch "\.(js|css)$">
+        	Header add Cache-Control "max-age=604800"
+	        <ifModule mod_deflate.c>
+        	        SetOutputFilter DEFLATE
+	        </ifModule>
+	</FilesMatch>
+
+	RequestHeader set X-Forwarded-Scheme http
+
+	ProxyRequests Off
+	ProxyVia Off
+	ProxyPreserveHost On
+	<Proxy *>
+		Order deny,allow
+		Allow from all
+	</Proxy>
+
+	AllowEncodedSlashes On
+	ProxyPass	/	http://127.0.0.1:8080/ nocanon
+	{% endif %}
+
+        Include /etc/apache2/linaro/letsencrypt.conf
+</VirtualHost>
+
+{% if ssl_cert is defined %}
+<VirtualHost *:443>
+	ServerName git.devboardsforandroid.ctt.linaro.org
+
+        Include /etc/apache2/linaro/settings-ssl.conf
+	SSLCertificateFile {{ssl_cert}}
+	SSLCertificateKeyFile {{ssl_key}}
+	{% if ssl_ca is defined -%}
+	SSLCACertificateFile {{ssl_ca}}
+	{%- endif %}
+
+	DocumentRoot /srv/gerrit
+
+	CustomLog /var/log/apache2/git.devboardsforandroid.ctt.linaro.org-access.log combined
+	ErrorLog /var/log/apache2/git.devboardsforandroid.ctt.linaro.org-error.log
+
+	ExpiresActive   On
+	ExpiresDefault  "access plus 0 seconds"
+
+	ExpiresByType   text/css        "access plus 1 week"
+	ExpiresByType   text/javascript "access plus 1 week"
+	ExpiresByType   image/png       "access plus 1 month"
+	ExpiresByType   image/jpg       "access plus 1 month"
+	ExpiresByType   image/jpeg      "access plus 1 month"
+	ExpiresByType   image/x-icon    "access plus 1 month"
+
+	Header append Cache-Control "no-transform"
+
+	<FilesMatch "\.(html|htm)$">
+        	Header add Cache-Control "must-revalidate"
+	</FilesMatch>
+
+	<FilesMatch "\.(js|css)$">
+        	Header add Cache-Control "max-age=604800"
+	        <ifModule mod_deflate.c>
+        	        SetOutputFilter DEFLATE
+	        </ifModule>
+	</FilesMatch>
+
+	RequestHeader set X-Forwarded-Scheme http
+
+	ProxyRequests Off
+	ProxyVia Off
+	ProxyPreserveHost On
+	<Proxy *>
+		Order deny,allow
+		Allow from all
+	</Proxy>
+
+	AllowEncodedSlashes On
+	ProxyPass	/	http://127.0.0.1:8080/ nocanon
+</VirtualHost>
+{% endif %}
diff --git a/files/gerrit/git.devboardsforandroid.ctt.linaro.org b/files/gerrit/git.devboardsforandroid.ctt.linaro.org
new file mode 100644
index 00000000..686e022f
--- /dev/null
+++ b/files/gerrit/git.devboardsforandroid.ctt.linaro.org
@@ -0,0 +1,67 @@
+[core]
+    streamFileThreshold = 512m
+    packedGitLimit = 2000m
+[gerrit]
+	basePath = /srv/repositories
+	canonicalWebUrl = https://git.devboardsforandroid.ctt.linaro.org/
+    serverId = {{gerrit_config_server_id}}
+[auth]
+    type = OAUTH
+    loginUrl = /login
+    loginText = Sign-in with GitHub
+    registerPageUrl = "/#/register"
+    gitBasicAuthPolicy = HTTP
+[oauth]
+    allowEditFullName = true
+    allowRegisterNewEmail = true
+[plugin "gerrit-oauth-provider-github-oauth"]
+    client-id = bfe5b324c057fe64896c
+    fix-legacy-user-id = false
+[sendemail]
+	smtpServer = localhost
+    expiryDays = 15
+    replyToAddress = review@git.devboardsforandroid.ctt.linaro.org
+{% if gerrit_config_dovecot_user is defined and gerrit_config_dovecot_password is defined %}
+[receiveemail]
+    protocol = IMAP
+    host = localhost
+    username = {{ gerrit_config_dovecot_user }}
+{% endif %}
+[container]
+	user = git
+	javaHome = /usr/lib/jvm/java-11-openjdk-amd64/jre
+	heapLimit = {{ gerrit_mem }}
+	javaOptions = "-Dflogger.backend_factory=com.google.common.flogger.backend.log4j.Log4jBackendFactory#getInstance"
+	javaOptions = "-Dflogger.logging_context=com.google.gerrit.server.logging.LoggingContext#getInstance"
+
+[sshd]
+	listenAddress = *:29418
+    idleTimeout = 5m
+[httpd]
+	listenUrl = proxy-https://127.0.0.1:8080/
+[cache]
+	directory = cache
+[cache "projects"]
+    memoryLimit = 4096
+    diskLimit = 10240
+[download]
+    scheme = http
+    scheme = ssh
+    scheme = anon_http
+    scheme = repo_download
+[gitweb]
+    type = cgit
+    url = https://git.devboardsforandroid.ctt.linaro.org/
+[theme]
+    selectionColor = FFFEAE
+[user]
+	name = Linaro Dev Boards for Android Code Review
+    email = review@git.devboardsforandroid.ctt.linaro.org
+[index]
+	type = LUCENE
+[noteDb "changes"]
+    autoMigrate = true
+[change]
+    allowDrafts = true
+[receive]
+    enableSignedPush = false
diff --git a/host_vars/git.devboardsforandroid.ctt.linaro.org b/host_vars/git.devboardsforandroid.ctt.linaro.org
new file mode 100644
index 00000000..e34b2f50
--- /dev/null
+++ b/host_vars/git.devboardsforandroid.ctt.linaro.org
@@ -0,0 +1,38 @@
+---
+hosttype: git-review
+server_role: git-review
+#db_user: gerrit2
+gerrit_host: git.devboardsforandroid.ctt.linaro.org
+host_site_name: Linaro Dev Boards for Android Code Review
+grokmirror_master: false
+
+gerrit_managed: yes
+gerrit_http_username: git
+gerrit_http_base: http://localhost:8080
+gerrit_mem: 4000m
+gerrit_config_server_id: 8f6f209b-eb1a-4cbf-aa44-c8bc30e9bfda
+gerrit_oauth: yes
+gerrit_github_oauth_id: bfe5b324c057fe64896c
+
+dovecot_user: "{{gerrit_config_dovecot_user}}"
+dovecot_password: "{{gerrit_config_dovecot_password}}"
+
+ssl_cert: /etc/dehydrated/certs/{{inventory_hostname}}/fullchain.pem
+ssl_key: /etc/dehydrated/certs/{{inventory_hostname}}/privkey.pem
+ssl_ca: "{{ssl_cert}}"
+
+
+# Note: this also sets up config for android-review.linaro.org cert
+dehydrated_http_domains:
+  - git.devboardsforandroid.ctt.linaro.org
+
+dehydrated_dns_domains: []
+
+dehydrated_domains_txt: |
+  git.devboardsforandroid.ctt.linaro.org
+
+apache_ldap_uri: ldaps://login.linaro.org
+ssh_ldap_uri: ldaps://login.linaro.org
+
+postfix_destinations: ["git.devboardsforandroid.ctt.linaro.org"]
+postfix_hostname: "git.devboardsforandroid.ctt.linaro.org"
diff --git a/hosts b/hosts
index be699772..57a65ebb 100644
--- a/hosts
+++ b/hosts
@@ -25,6 +25,7 @@ review.trustedfirmware.org
 review.mlplatform.org
 # Note: only accessible via Forge's VPN
 gerrit.forge.aws.linaro.com ansible_host=10.252.23.114
+git.devboardsforandroid.ctt.linaro.org
 
 [gerrit_mirror]
 git-us.linaro.org
@@ -182,6 +183,7 @@ android-review.linaro.org
 elk.linaro.org
 git.morello-project.org
 gerrit.forge.aws.linaro.com
+git.devboardsforandroid.ctt.linaro.org
 
 [swarm_nodes]
 x86-07
diff --git a/ssh/known_hosts b/ssh/known_hosts
index df178be0..cd548d8c 100644
--- a/ssh/known_hosts
+++ b/ssh/known_hosts
@@ -373,3 +373,4 @@ gerrit.forge.aws.linaro.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEJJYD+iG0I7hbLd
 flexnet.trustedfirmware.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINfxMgScSvY67rmci7rpsiCU4dTFOhzrsbreEaZGT4Ka
 mbedtls.trustedfirmware.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDe5WQk5mtt30d6spLcYXfVeHQpZ5MKWSrAt/qPJVHOE
 ci.trustedfirmware.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGQOW9Zk6tmYyV7eh5qtjpUoNoYom7FVMtvEmMNHzGWt
+git.devboardsforandroid.ctt.linaro.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO/t+zvQuh3t2E8zIbbYL1gQRE8nPgwphWs/cVVcxrv4
author	Kelley Spoon <kelley.spoon@linaro.org>	2023-08-10 17:34:03 -0500
committer	Kelley Spoon <kelley.spoon@linaro.org>	2023-08-18 04:32:15 +0000
commit	ecd6209d688b2bb28b6cccafaff953368ad29ef3 (patch)
tree	1dddec910e6ed22ee35cad31bd2dd3b2b7560de0
parent	2d9f6c70f40f44f7f034dda60ed8d253072a1a86 (diff)