diff options
author | Kelley Spoon <kelley.spoon@linaro.org> | 2023-08-10 17:34:03 -0500 |
---|---|---|
committer | Kelley Spoon <kelley.spoon@linaro.org> | 2023-08-18 04:32:15 +0000 |
commit | ecd6209d688b2bb28b6cccafaff953368ad29ef3 (patch) | |
tree | 1dddec910e6ed22ee35cad31bd2dd3b2b7560de0 | |
parent | 2d9f6c70f40f44f7f034dda60ed8d253072a1a86 (diff) |
devboardsforandroid: create initial configuration
This change adds in the initial configuration for the gerrit
server git.devboardsforandroid.ctt.linaro.org
Change-Id: Idd5098469bdeeaaeb99a8e01cd5ef551f2754603
Signed-off-by: Kelley Spoon <kelley.spoon@linaro.org>
Reviewed-on: https://review.linaro.org/c/infrastructure/ansible-playbooks/+/45234
-rw-r--r-- | files/apache/git.devboardsforandroid.ctt.linaro.org.conf | 106 | ||||
-rw-r--r-- | files/gerrit/git.devboardsforandroid.ctt.linaro.org | 67 | ||||
-rw-r--r-- | host_vars/git.devboardsforandroid.ctt.linaro.org | 38 | ||||
-rw-r--r-- | hosts | 2 | ||||
-rw-r--r-- | ssh/known_hosts | 1 |
5 files changed, 214 insertions, 0 deletions
diff --git a/files/apache/git.devboardsforandroid.ctt.linaro.org.conf b/files/apache/git.devboardsforandroid.ctt.linaro.org.conf new file mode 100644 index 00000000..f4612b9f --- /dev/null +++ b/files/apache/git.devboardsforandroid.ctt.linaro.org.conf @@ -0,0 +1,106 @@ +<VirtualHost *:80> + ServerName git.devboardsforandroid.ctt.linaro.org + {% if ssl_cert is defined %} + + RedirectMatch permanent "^/(?!\.well-known/acme-challenge)(.*)" "https://{{hostname}}/$1" + + {% else %} + + DocumentRoot /srv/gerrit + + CustomLog /var/log/apache2/git.devboardsforandroid.ctt.linaro.org-access.log combined + ErrorLog /var/log/apache2/git.devboardsforandroid.ctt.linaro.org-error.log + + ExpiresActive On + ExpiresDefault "access plus 0 seconds" + + ExpiresByType text/css "access plus 1 week" + ExpiresByType text/javascript "access plus 1 week" + ExpiresByType image/png "access plus 1 month" + ExpiresByType image/jpg "access plus 1 month" + ExpiresByType image/jpeg "access plus 1 month" + ExpiresByType image/x-icon "access plus 1 month" + + Header append Cache-Control "no-transform" + + <FilesMatch "\.(html|htm)$"> + Header add Cache-Control "must-revalidate" + </FilesMatch> + + <FilesMatch "\.(js|css)$"> + Header add Cache-Control "max-age=604800" + <ifModule mod_deflate.c> + SetOutputFilter DEFLATE + </ifModule> + </FilesMatch> + + RequestHeader set X-Forwarded-Scheme http + + ProxyRequests Off + ProxyVia Off + ProxyPreserveHost On + <Proxy *> + Order deny,allow + Allow from all + </Proxy> + + AllowEncodedSlashes On + ProxyPass / http://127.0.0.1:8080/ nocanon + {% endif %} + + Include /etc/apache2/linaro/letsencrypt.conf +</VirtualHost> + +{% if ssl_cert is defined %} +<VirtualHost *:443> + ServerName git.devboardsforandroid.ctt.linaro.org + + Include /etc/apache2/linaro/settings-ssl.conf + SSLCertificateFile {{ssl_cert}} + SSLCertificateKeyFile {{ssl_key}} + {% if ssl_ca is defined -%} + SSLCACertificateFile {{ssl_ca}} + {%- endif %} + + DocumentRoot /srv/gerrit + + CustomLog /var/log/apache2/git.devboardsforandroid.ctt.linaro.org-access.log combined + ErrorLog /var/log/apache2/git.devboardsforandroid.ctt.linaro.org-error.log + + ExpiresActive On + ExpiresDefault "access plus 0 seconds" + + ExpiresByType text/css "access plus 1 week" + ExpiresByType text/javascript "access plus 1 week" + ExpiresByType image/png "access plus 1 month" + ExpiresByType image/jpg "access plus 1 month" + ExpiresByType image/jpeg "access plus 1 month" + ExpiresByType image/x-icon "access plus 1 month" + + Header append Cache-Control "no-transform" + + <FilesMatch "\.(html|htm)$"> + Header add Cache-Control "must-revalidate" + </FilesMatch> + + <FilesMatch "\.(js|css)$"> + Header add Cache-Control "max-age=604800" + <ifModule mod_deflate.c> + SetOutputFilter DEFLATE + </ifModule> + </FilesMatch> + + RequestHeader set X-Forwarded-Scheme http + + ProxyRequests Off + ProxyVia Off + ProxyPreserveHost On + <Proxy *> + Order deny,allow + Allow from all + </Proxy> + + AllowEncodedSlashes On + ProxyPass / http://127.0.0.1:8080/ nocanon +</VirtualHost> +{% endif %} diff --git a/files/gerrit/git.devboardsforandroid.ctt.linaro.org b/files/gerrit/git.devboardsforandroid.ctt.linaro.org new file mode 100644 index 00000000..686e022f --- /dev/null +++ b/files/gerrit/git.devboardsforandroid.ctt.linaro.org @@ -0,0 +1,67 @@ +[core] + streamFileThreshold = 512m + packedGitLimit = 2000m +[gerrit] + basePath = /srv/repositories + canonicalWebUrl = https://git.devboardsforandroid.ctt.linaro.org/ + serverId = {{gerrit_config_server_id}} +[auth] + type = OAUTH + loginUrl = /login + loginText = Sign-in with GitHub + registerPageUrl = "/#/register" + gitBasicAuthPolicy = HTTP +[oauth] + allowEditFullName = true + allowRegisterNewEmail = true +[plugin "gerrit-oauth-provider-github-oauth"] + client-id = bfe5b324c057fe64896c + fix-legacy-user-id = false +[sendemail] + smtpServer = localhost + expiryDays = 15 + replyToAddress = review@git.devboardsforandroid.ctt.linaro.org +{% if gerrit_config_dovecot_user is defined and gerrit_config_dovecot_password is defined %} +[receiveemail] + protocol = IMAP + host = localhost + username = {{ gerrit_config_dovecot_user }} +{% endif %} +[container] + user = git + javaHome = /usr/lib/jvm/java-11-openjdk-amd64/jre + heapLimit = {{ gerrit_mem }} + javaOptions = "-Dflogger.backend_factory=com.google.common.flogger.backend.log4j.Log4jBackendFactory#getInstance" + javaOptions = "-Dflogger.logging_context=com.google.gerrit.server.logging.LoggingContext#getInstance" + +[sshd] + listenAddress = *:29418 + idleTimeout = 5m +[httpd] + listenUrl = proxy-https://127.0.0.1:8080/ +[cache] + directory = cache +[cache "projects"] + memoryLimit = 4096 + diskLimit = 10240 +[download] + scheme = http + scheme = ssh + scheme = anon_http + scheme = repo_download +[gitweb] + type = cgit + url = https://git.devboardsforandroid.ctt.linaro.org/ +[theme] + selectionColor = FFFEAE +[user] + name = Linaro Dev Boards for Android Code Review + email = review@git.devboardsforandroid.ctt.linaro.org +[index] + type = LUCENE +[noteDb "changes"] + autoMigrate = true +[change] + allowDrafts = true +[receive] + enableSignedPush = false diff --git a/host_vars/git.devboardsforandroid.ctt.linaro.org b/host_vars/git.devboardsforandroid.ctt.linaro.org new file mode 100644 index 00000000..e34b2f50 --- /dev/null +++ b/host_vars/git.devboardsforandroid.ctt.linaro.org @@ -0,0 +1,38 @@ +--- +hosttype: git-review +server_role: git-review +#db_user: gerrit2 +gerrit_host: git.devboardsforandroid.ctt.linaro.org +host_site_name: Linaro Dev Boards for Android Code Review +grokmirror_master: false + +gerrit_managed: yes +gerrit_http_username: git +gerrit_http_base: http://localhost:8080 +gerrit_mem: 4000m +gerrit_config_server_id: 8f6f209b-eb1a-4cbf-aa44-c8bc30e9bfda +gerrit_oauth: yes +gerrit_github_oauth_id: bfe5b324c057fe64896c + +dovecot_user: "{{gerrit_config_dovecot_user}}" +dovecot_password: "{{gerrit_config_dovecot_password}}" + +ssl_cert: /etc/dehydrated/certs/{{inventory_hostname}}/fullchain.pem +ssl_key: /etc/dehydrated/certs/{{inventory_hostname}}/privkey.pem +ssl_ca: "{{ssl_cert}}" + + +# Note: this also sets up config for android-review.linaro.org cert +dehydrated_http_domains: + - git.devboardsforandroid.ctt.linaro.org + +dehydrated_dns_domains: [] + +dehydrated_domains_txt: | + git.devboardsforandroid.ctt.linaro.org + +apache_ldap_uri: ldaps://login.linaro.org +ssh_ldap_uri: ldaps://login.linaro.org + +postfix_destinations: ["git.devboardsforandroid.ctt.linaro.org"] +postfix_hostname: "git.devboardsforandroid.ctt.linaro.org" @@ -25,6 +25,7 @@ review.trustedfirmware.org review.mlplatform.org # Note: only accessible via Forge's VPN gerrit.forge.aws.linaro.com ansible_host=10.252.23.114 +git.devboardsforandroid.ctt.linaro.org [gerrit_mirror] git-us.linaro.org @@ -182,6 +183,7 @@ android-review.linaro.org elk.linaro.org git.morello-project.org gerrit.forge.aws.linaro.com +git.devboardsforandroid.ctt.linaro.org [swarm_nodes] x86-07 diff --git a/ssh/known_hosts b/ssh/known_hosts index df178be0..cd548d8c 100644 --- a/ssh/known_hosts +++ b/ssh/known_hosts @@ -373,3 +373,4 @@ gerrit.forge.aws.linaro.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEJJYD+iG0I7hbLd flexnet.trustedfirmware.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINfxMgScSvY67rmci7rpsiCU4dTFOhzrsbreEaZGT4Ka mbedtls.trustedfirmware.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDe5WQk5mtt30d6spLcYXfVeHQpZ5MKWSrAt/qPJVHOE ci.trustedfirmware.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGQOW9Zk6tmYyV7eh5qtjpUoNoYom7FVMtvEmMNHzGWt +git.devboardsforandroid.ctt.linaro.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO/t+zvQuh3t2E8zIbbYL1gQRE8nPgwphWs/cVVcxrv4 |