diff --git a/.gitignore b/.gitignore
deleted file mode 100644
index ea90996..0000000
--- a/.gitignore
+++ /dev/null
@@ -1,5 +0,0 @@
-Gemfile.lock
-.bundled_gems/
-log/
-junit/
-.vagrant/
diff --git a/Gemfile b/Gemfile
deleted file mode 100644
index 019213a..0000000
--- a/Gemfile
+++ /dev/null
@@ -1,15 +0,0 @@
-source 'https://rubygems.org'
-
-if File.exists?('/home/zuul/src/git.openstack.org/openstack-infra/puppet-openstack_infra_spec_helper')
- gem_checkout_method = {:path => '/home/zuul/src/git.openstack.org/openstack-infra/puppet-openstack_infra_spec_helper'}
-else
- gem_checkout_method = {:git => 'https://git.openstack.org/openstack-infra/puppet-openstack_infra_spec_helper'}
-end
-gem_checkout_method[:require] = false
-
-group :development, :test, :system_tests do
- gem 'puppet-openstack_infra_spec_helper',
- gem_checkout_method
-end
-
-# vim:ft=ruby
diff --git a/LICENSE b/LICENSE
deleted file mode 100644
index d645695..0000000
--- a/LICENSE
+++ /dev/null
@@ -1,202 +0,0 @@
-
- Apache License
- Version 2.0, January 2004
- http://www.apache.org/licenses/
-
- TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
-
- 1. Definitions.
-
- "License" shall mean the terms and conditions for use, reproduction,
- and distribution as defined by Sections 1 through 9 of this document.
-
- "Licensor" shall mean the copyright owner or entity authorized by
- the copyright owner that is granting the License.
-
- "Legal Entity" shall mean the union of the acting entity and all
- other entities that control, are controlled by, or are under common
- control with that entity. For the purposes of this definition,
- "control" means (i) the power, direct or indirect, to cause the
- direction or management of such entity, whether by contract or
- otherwise, or (ii) ownership of fifty percent (50%) or more of the
- outstanding shares, or (iii) beneficial ownership of such entity.
-
- "You" (or "Your") shall mean an individual or Legal Entity
- exercising permissions granted by this License.
-
- "Source" form shall mean the preferred form for making modifications,
- including but not limited to software source code, documentation
- source, and configuration files.
-
- "Object" form shall mean any form resulting from mechanical
- transformation or translation of a Source form, including but
- not limited to compiled object code, generated documentation,
- and conversions to other media types.
-
- "Work" shall mean the work of authorship, whether in Source or
- Object form, made available under the License, as indicated by a
- copyright notice that is included in or attached to the work
- (an example is provided in the Appendix below).
-
- "Derivative Works" shall mean any work, whether in Source or Object
- form, that is based on (or derived from) the Work and for which the
- editorial revisions, annotations, elaborations, or other modifications
- represent, as a whole, an original work of authorship. For the purposes
- of this License, Derivative Works shall not include works that remain
- separable from, or merely link (or bind by name) to the interfaces of,
- the Work and Derivative Works thereof.
-
- "Contribution" shall mean any work of authorship, including
- the original version of the Work and any modifications or additions
- to that Work or Derivative Works thereof, that is intentionally
- submitted to Licensor for inclusion in the Work by the copyright owner
- or by an individual or Legal Entity authorized to submit on behalf of
- the copyright owner. For the purposes of this definition, "submitted"
- means any form of electronic, verbal, or written communication sent
- to the Licensor or its representatives, including but not limited to
- communication on electronic mailing lists, source code control systems,
- and issue tracking systems that are managed by, or on behalf of, the
- Licensor for the purpose of discussing and improving the Work, but
- excluding communication that is conspicuously marked or otherwise
- designated in writing by the copyright owner as "Not a Contribution."
-
- "Contributor" shall mean Licensor and any individual or Legal Entity
- on behalf of whom a Contribution has been received by Licensor and
- subsequently incorporated within the Work.
-
- 2. Grant of Copyright License. Subject to the terms and conditions of
- this License, each Contributor hereby grants to You a perpetual,
- worldwide, non-exclusive, no-charge, royalty-free, irrevocable
- copyright license to reproduce, prepare Derivative Works of,
- publicly display, publicly perform, sublicense, and distribute the
- Work and such Derivative Works in Source or Object form.
-
- 3. Grant of Patent License. Subject to the terms and conditions of
- this License, each Contributor hereby grants to You a perpetual,
- worldwide, non-exclusive, no-charge, royalty-free, irrevocable
- (except as stated in this section) patent license to make, have made,
- use, offer to sell, sell, import, and otherwise transfer the Work,
- where such license applies only to those patent claims licensable
- by such Contributor that are necessarily infringed by their
- Contribution(s) alone or by combination of their Contribution(s)
- with the Work to which such Contribution(s) was submitted. If You
- institute patent litigation against any entity (including a
- cross-claim or counterclaim in a lawsuit) alleging that the Work
- or a Contribution incorporated within the Work constitutes direct
- or contributory patent infringement, then any patent licenses
- granted to You under this License for that Work shall terminate
- as of the date such litigation is filed.
-
- 4. Redistribution. You may reproduce and distribute copies of the
- Work or Derivative Works thereof in any medium, with or without
- modifications, and in Source or Object form, provided that You
- meet the following conditions:
-
- (a) You must give any other recipients of the Work or
- Derivative Works a copy of this License; and
-
- (b) You must cause any modified files to carry prominent notices
- stating that You changed the files; and
-
- (c) You must retain, in the Source form of any Derivative Works
- that You distribute, all copyright, patent, trademark, and
- attribution notices from the Source form of the Work,
- excluding those notices that do not pertain to any part of
- the Derivative Works; and
-
- (d) If the Work includes a "NOTICE" text file as part of its
- distribution, then any Derivative Works that You distribute must
- include a readable copy of the attribution notices contained
- within such NOTICE file, excluding those notices that do not
- pertain to any part of the Derivative Works, in at least one
- of the following places: within a NOTICE text file distributed
- as part of the Derivative Works; within the Source form or
- documentation, if provided along with the Derivative Works; or,
- within a display generated by the Derivative Works, if and
- wherever such third-party notices normally appear. The contents
- of the NOTICE file are for informational purposes only and
- do not modify the License. You may add Your own attribution
- notices within Derivative Works that You distribute, alongside
- or as an addendum to the NOTICE text from the Work, provided
- that such additional attribution notices cannot be construed
- as modifying the License.
-
- You may add Your own copyright statement to Your modifications and
- may provide additional or different license terms and conditions
- for use, reproduction, or distribution of Your modifications, or
- for any such Derivative Works as a whole, provided Your use,
- reproduction, and distribution of the Work otherwise complies with
- the conditions stated in this License.
-
- 5. Submission of Contributions. Unless You explicitly state otherwise,
- any Contribution intentionally submitted for inclusion in the Work
- by You to the Licensor shall be under the terms and conditions of
- this License, without any additional terms or conditions.
- Notwithstanding the above, nothing herein shall supersede or modify
- the terms of any separate license agreement you may have executed
- with Licensor regarding such Contributions.
-
- 6. Trademarks. This License does not grant permission to use the trade
- names, trademarks, service marks, or product names of the Licensor,
- except as required for reasonable and customary use in describing the
- origin of the Work and reproducing the content of the NOTICE file.
-
- 7. Disclaimer of Warranty. Unless required by applicable law or
- agreed to in writing, Licensor provides the Work (and each
- Contributor provides its Contributions) on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
- implied, including, without limitation, any warranties or conditions
- of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
- PARTICULAR PURPOSE. You are solely responsible for determining the
- appropriateness of using or redistributing the Work and assume any
- risks associated with Your exercise of permissions under this License.
-
- 8. Limitation of Liability. In no event and under no legal theory,
- whether in tort (including negligence), contract, or otherwise,
- unless required by applicable law (such as deliberate and grossly
- negligent acts) or agreed to in writing, shall any Contributor be
- liable to You for damages, including any direct, indirect, special,
- incidental, or consequential damages of any character arising as a
- result of this License or out of the use or inability to use the
- Work (including but not limited to damages for loss of goodwill,
- work stoppage, computer failure or malfunction, or any and all
- other commercial damages or losses), even if such Contributor
- has been advised of the possibility of such damages.
-
- 9. Accepting Warranty or Additional Liability. While redistributing
- the Work or Derivative Works thereof, You may choose to offer,
- and charge a fee for, acceptance of support, warranty, indemnity,
- or other liability obligations and/or rights consistent with this
- License. However, in accepting such obligations, You may act only
- on Your own behalf and on Your sole responsibility, not on behalf
- of any other Contributor, and only if You agree to indemnify,
- defend, and hold each Contributor harmless for any liability
- incurred by, or claims asserted against, such Contributor by reason
- of your accepting any such warranty or additional liability.
-
- END OF TERMS AND CONDITIONS
-
- APPENDIX: How to apply the Apache License to your work.
-
- To apply the Apache License to your work, attach the following
- boilerplate notice, with the fields enclosed by brackets "[]"
- replaced with your own identifying information. (Don't include
- the brackets!) The text should be enclosed in the appropriate
- comment syntax for the file format. We also recommend that a
- file or class name and description of purpose be included on the
- same "printed page" as the copyright notice for easier
- identification within third-party archives.
-
- Copyright [yyyy] [name of copyright owner]
-
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
diff --git a/README.md b/README.md
deleted file mode 100644
index 9fd19a2..0000000
--- a/README.md
+++ /dev/null
@@ -1,3 +0,0 @@
-# OpenStack Cgit Module
-
-This module installs and configures cgit
diff --git a/README.rst b/README.rst
new file mode 100644
index 0000000..c4ba6c6
--- /dev/null
+++ b/README.rst
@@ -0,0 +1,9 @@
+This project is no longer maintained.
+
+The contents of this repository are still available in the Git
+source code management system. To see the contents of this
+repository before it reached its end of life, please check out the
+previous commit with "git checkout HEAD^1".
+
+For any further questions, please email
+service-discuss@lists.opendev.org or join #opendev on Freenode.
diff --git a/Rakefile b/Rakefile
deleted file mode 100644
index ff1f0d7..0000000
--- a/Rakefile
+++ /dev/null
@@ -1,8 +0,0 @@
-require 'rubygems'
-require 'puppetlabs_spec_helper/rake_tasks'
-require 'puppet-lint/tasks/puppet-lint'
-PuppetLint.configuration.fail_on_warnings = true
-PuppetLint.configuration.send('disable_80chars')
-PuppetLint.configuration.send('disable_autoloader_layout')
-PuppetLint.configuration.send('disable_class_inherits_from_params_class')
-PuppetLint.configuration.send('disable_class_parameter_defaults')
diff --git a/bindep.txt b/bindep.txt
deleted file mode 100644
index 7cdd58e..0000000
--- a/bindep.txt
+++ /dev/null
@@ -1,11 +0,0 @@
-# This is a cross-platform list tracking distribution packages needed by tests;
-# see http://docs.openstack.org/infra/bindep/ for additional information.
-
-libxml2-devel [test platform:rpm]
-libxml2-dev [test platform:dpkg]
-libxslt-devel [test platform:rpm]
-libxslt1-dev [test platform:dpkg]
-ruby-devel [test platform:rpm]
-ruby-dev [test platform:dpkg]
-zlib1g-dev [test platform:dpkg]
-zlib-devel [test platform:rpm]
diff --git a/files/git-daemon.service b/files/git-daemon.service
deleted file mode 100644
index 2622fd9..0000000
--- a/files/git-daemon.service
+++ /dev/null
@@ -1,9 +0,0 @@
-[Unit]
-Description=Git Repositories Server Daemon
-Documentation=man:git-daemon(1)
-Wants=git-daemon.socket
-
-[Service]
-User=nobody
-ExecStart=-/usr/libexec/git-core/git-daemon --base-path=/var/lib/git --export-all --syslog --inetd --verbose /var/lib/git
-StandardInput=socket
diff --git a/files/git.xinetd b/files/git.xinetd
deleted file mode 100644
index 4f6081d..0000000
--- a/files/git.xinetd
+++ /dev/null
@@ -1,14 +0,0 @@
-# default: off
-# description: The git dæmon allows git repositories to be exported using \
-# the git:// protocol.
-
-service git
-{
- disable = yes
- socket_type = stream
- wait = no
- user = nobody
- server = /usr/libexec/git-core/git-daemon
- server_args = --base-path=/var/lib/git --export-all --syslog --inetd --verbose /var/lib/git
- log_on_failure += USERID
-}
diff --git a/files/rsyslog.haproxy.conf b/files/rsyslog.haproxy.conf
deleted file mode 100644
index 892296f..0000000
--- a/files/rsyslog.haproxy.conf
+++ /dev/null
@@ -1,6 +0,0 @@
-# Provides UDP syslog reception
-$ModLoad imudp
-$UDPServerRun 514
-
-# Save haproxy messages to haproxy.log
-local0.* /var/log/haproxy.log
diff --git a/manifests/init.pp b/manifests/init.pp
deleted file mode 100644
index 09a9ebb..0000000
--- a/manifests/init.pp
+++ /dev/null
@@ -1,209 +0,0 @@
-# Copyright 2013 Hewlett-Packard Development Company, L.P.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-#
-# Class: cgit
-#
-class cgit(
- $behind_proxy = false,
- $cgit_timeout = false,
- $cgitdir = '/var/www/cgit',
- $cgitrc_settings = {},
- $manage_cgitrc = false,
- $mpm_settings = {}, # override the mpm worker settings
- $prefork_settings = {}, # override the prefork worker settings
- $selinux_mode = 'enforcing',
- $serveradmin = "webmaster@${::fqdn}",
- $serveraliases = undef,
- $ssl_cert_file = undef,
- $ssl_cert_file_contents = undef, # If left undefined puppet will not create file.
- $ssl_chain_file = undef,
- $ssl_chain_file_contents = undef, # If left undefined puppet will not create file.
- $ssl_key_file = undef,
- $ssl_key_file_contents = undef, # If left undefined puppet will not create file.
- $staticfiles = '/var/www/cgit/static',
- $vhost_name = $::fqdn,
- $create_site = true,
-) {
- validate_hash($prefork_settings)
- validate_hash($mpm_settings)
- $default_prefork_settings = {
- 'StartServers' => 8,
- 'MinSpareServers' => 5,
- 'MaxSpareServers' => 20,
- 'ServerLimit' => 256,
- 'MaxClients' => 256,
- 'MaxRequestsPerChild' => 4000
- }
- $default_mpm_settings = {
- 'StartServers' => 4,
- 'MaxClients' => 300,
- 'MinSpareThreads' => 25,
- 'MaxSpareThreads' => 75,
- 'ThreadsPerChild' => 25,
- 'MaxRequestsPerChild' => 0
- }
- # merge settings with defaults
- $final_mpm_settings = merge($default_mpm_settings, $mpm_settings)
- $final_prefork_settings = merge($default_prefork_settings, $prefork_settings)
-
- if $behind_proxy == true {
- $http_port = 8080
- $https_port = 4443
- $daemon_port = 29418
- } else {
- $http_port = 80
- $https_port = 443
- $daemon_port = 9418
- }
-
- package { [
- 'git-daemon',
- 'highlight',
- ]:
- ensure => present,
- }
- package { 'cgit':
- ensure => present,
- install_options => ['--enablerepo', 'epel'],
- before => Class['::httpd'],
- }
-
- include ::httpd
-
- user { 'cgit':
- ensure => present,
- home => '/home/cgit',
- shell => '/bin/bash',
- gid => 'cgit',
- managehome => true,
- require => Group['cgit'],
- }
-
- group { 'cgit':
- ensure => present,
- }
-
- file {'/home/cgit':
- ensure => directory,
- owner => 'cgit',
- group => 'cgit',
- mode => '0755',
- require => User['cgit'],
- }
-
- file { '/etc/httpd/conf/httpd.conf':
- ensure => present,
- owner => 'root',
- group => 'root',
- mode => '0644',
- content => template('cgit/httpd.conf.erb'),
- require => Package['httpd'],
- notify => Service['httpd'],
- }
-
- file { '/etc/httpd/conf.d/ssl.conf':
- ensure => present,
- owner => 'root',
- group => 'root',
- mode => '0644',
- content => template('cgit/ssl.conf.erb'),
- require => Class['::httpd::ssl'],
- notify => Service['httpd'],
- }
-
- if ($::osfamily == 'Debian') {
- # httpd_mod is not supported on Centos and mod_version is installed
- # by default there so this is not necessary unless on Debian.
- httpd_mod { 'version':
- ensure => present,
- }
- }
-
- if ($::osfamily == 'RedHat' and $::operatingsystemmajrelease == '7') {
- package { 'mod_ldap':
- ensure => present,
- }
- }
-
- if ($::osfamily == 'RedHat' and $::operatingsystemmajrelease >= '7') {
- $git_daemon_service_name = 'git-daemon.socket'
- file { '/usr/lib/systemd/system/git-daemon.socket':
- ensure => present,
- owner => 'root',
- group => 'root',
- mode => '0644',
- content => template('cgit/git-daemon.socket.erb'),
- }
- file { 'git-daemon-init-script':
- ensure => present,
- path => '/usr/lib/systemd/system/git-daemon@.service',
- owner => 'root',
- group => 'root',
- mode => '0644',
- source => 'puppet:///modules/cgit/git-daemon.service',
- require => File['/usr/lib/systemd/system/git-daemon.socket'],
- }
- } else {
- $git_daemon_service_name = 'git-daemon'
- file { 'git-daemon-init-script':
- ensure => present,
- path => '/etc/init.d/git-daemon',
- owner => 'root',
- group => 'root',
- mode => '0755',
- content => template('cgit/git-daemon.init.erb'),
- }
- }
-
- service { $git_daemon_service_name:
- ensure => running,
- enable => true,
- subscribe => File['git-daemon-init-script'],
- }
-
- if ($::osfamily == 'RedHat') {
- case $selinux_mode {
- 'disabled': {
- warning('Running with selinux "disabled" is not recommended')
- }
- default: {
- include ::cgit::selinux
- }
- }
- }
-
- if create_site {
- cgit::site { 'default':
- behind_proxy => $behind_proxy,
- cgit_timeout => $cgit_timeout,
- cgitdir => $cgitdir,
- cgitrc_settings => $cgitrc_settings,
- manage_cgitrc => $manage_cgitrc,
- selinux_mode => $selinux_mode,
- serveradmin => $serveradmin,
- serveraliases => $serveraliases,
- ssl_cert_file => $ssl_cert_file,
- ssl_cert_file_contents => $ssl_cert_file_contents,
- ssl_chain_file => $ssl_chain_file,
- ssl_chain_file_contents => $ssl_chain_file_contents,
- ssl_key_file => $ssl_key_file,
- ssl_key_file_contents => $ssl_key_file_contents,
- staticfiles => $staticfiles,
- cgit_vhost_name => $vhost_name,
- # Make default site have lower vhost priority for better compatibility
- # with non SNI capable clients.
- cgit_vhost_priority => '25',
- }
- }
-}
diff --git a/manifests/lb.pp b/manifests/lb.pp
deleted file mode 100644
index e0ea1f8..0000000
--- a/manifests/lb.pp
+++ /dev/null
@@ -1,153 +0,0 @@
-# Copyright 2014 Hewlett-Packard Development Company, L.P.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-#
-# Class: cgit::lb
-#
-class cgit::lb (
- $balancer_member_git_ports = ['29418',],
- $balancer_member_http_ports = ['8080',],
- $balancer_member_https_ports = ['4443',],
- $balancer_member_ips = [],
- $balancer_member_names = [],
- $defaults_options = {
- 'log' => 'global',
- 'stats' => 'enable',
- 'option' => 'redispatch',
- 'retries' => '3',
- 'timeout' => [
- 'http-request 10s',
- 'queue 1m',
- 'connect 10s',
- 'client 2m',
- 'server 2m',
- 'check 10s',
- ],
- 'maxconn' => '8000',
- },
- $git_options = {
- 'maxconn' => '256',
- 'backlog' => '256',
- 'balance' => 'leastconn',
- 'option' => [
- 'tcplog',
- ],
- },
- $global_options = {
- 'log' => '127.0.0.1 local0',
- 'chroot' => '/var/lib/haproxy',
- 'pidfile' => '/var/run/haproxy.pid',
- 'maxconn' => '4000',
- 'user' => 'haproxy',
- 'group' => 'haproxy',
- 'daemon' => '',
- 'stats' => 'socket /var/lib/haproxy/stats user root group root mode 0600 level admin'
- },
- $http_options = {
- 'balance' => 'leastconn',
- 'option' => [
- 'tcplog',
- ],
- },
- $https_options = {
- 'balance' => 'leastconn',
- 'option' => [
- 'tcplog',
- ],
- },
-) {
-
- package { 'socat':
- ensure => present,
- }
-
- package { 'lsof':
- ensure => present,
- }
-
- class { '::haproxy':
- enable => true,
- global_options => $global_options,
- defaults_options => $defaults_options,
- }
-
- # NOTE(cmurphy) If the only available ipv6 address is a link-local address,
- # facter won't filter it out:
- # https://docs.puppet.com/facter/3.1/release_notes.html#regression-fix-avoid-reporting-link-local-ipv6-addresses-if-a-valid-address-is-available
- # But we don't want haproxy to try to bind to a link local address, so filter
- # it out
- if $::ipaddress6 =~ /^fe[89a-f]/ {
- $_ipaddress6 = undef
- } else {
- $_ipaddress6 = $::ipaddress6
- }
- # The three listen defines here are what the world will hit.
- $haproxy_addresses = delete_undef_values([$::ipaddress, $_ipaddress6])
-
- haproxy::listen { 'balance_git_http':
- ipaddress => $haproxy_addresses,
- ports => ['80'],
- mode => 'tcp',
- collect_exported => false,
- options => $http_options,
- }
- haproxy::listen { 'balance_git_https':
- ipaddress => $haproxy_addresses,
- ports => ['443'],
- mode => 'tcp',
- collect_exported => false,
- options => $https_options,
- }
- haproxy::listen { 'balance_git_daemon':
- ipaddress => $haproxy_addresses,
- ports => ['9418'],
- mode => 'tcp',
- collect_exported => false,
- options => $git_options,
- }
- haproxy::balancermember { 'balance_git_http_member':
- listening_service => 'balance_git_http',
- server_names => $balancer_member_names,
- ipaddresses => $balancer_member_ips,
- ports => $balancer_member_http_ports,
- }
- haproxy::balancermember { 'balance_git_https_member':
- listening_service => 'balance_git_https',
- server_names => $balancer_member_names,
- ipaddresses => $balancer_member_ips,
- ports => $balancer_member_https_ports,
- }
- haproxy::balancermember { 'balance_git_daemon_member':
- listening_service => 'balance_git_daemon',
- server_names => $balancer_member_names,
- ipaddresses => $balancer_member_ips,
- ports => $balancer_member_git_ports,
- options => 'maxqueue 512',
- }
-
- if (!defined(Service['rsyslog'])) {
- service { 'rsyslog':
- ensure => running,
- enable => true,
- }
- }
-
- file { '/etc/rsyslog.d/haproxy.conf':
- ensure => present,
- owner => 'root',
- group => 'root',
- mode => '0644',
- source => 'puppet:///modules/cgit/rsyslog.haproxy.conf',
- notify => Service['rsyslog'],
- }
-}
diff --git a/manifests/selinux.pp b/manifests/selinux.pp
deleted file mode 100644
index f46150e..0000000
--- a/manifests/selinux.pp
+++ /dev/null
@@ -1,53 +0,0 @@
-# Copyright 2014 Hewlett-Packard Development Company, L.P.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-#
-# Class: cgit::selinux
-#
-class cgit::selinux {
- selboolean { 'httpd_enable_cgi':
- persistent => true,
- value => on
- }
-
- exec { 'cgit_allow_http_port':
- unless => "semanage port -l | grep \'http_port_t.*tcp.*${::cgit::http_port}\'",
- command => "semanage port -a -t http_port_t -p tcp ${::cgit::http_port} \
- || semanage port -m -t http_port_t -p tcp ${::cgit::http_port}",
- path => '/bin:/usr/sbin',
- before => Service['httpd'],
- subscribe => File['/etc/httpd/conf/httpd.conf'],
- }
-
- exec { 'cgit_allow_https_port':
- unless => "semanage port -l | grep \'http_port_t.*tcp.*${::cgit::https_port}\'",
- command => "semanage port -a -t http_port_t -p tcp ${::cgit::https_port} \
- || semanage port -m -t http_port_t -p tcp ${::cgit::https_port}",
- path => '/bin:/usr/sbin',
- subscribe => File['/etc/httpd/conf.d/ssl.conf'],
- }
-
- exec { 'cgit_allow_git_daemon_port':
- unless => "semanage port -l | grep \'git_port_t.*tcp.*${::cgit::daemon_port}\'",
- command => "semanage port -a -t git_port_t -p tcp ${::cgit::daemon_port} \
- || semanage port -m -t git_port_t -p tcp ${::cgit::daemon_port}",
- path => '/bin:/usr/sbin',
- before => Service[$::cgit::git_daemon_service_name],
- subscribe => [
- File['git-daemon-init-script'],
- File['/usr/lib/systemd/system/git-daemon.socket'],
- ],
- refreshonly => true,
- }
-}
-
diff --git a/manifests/site.pp b/manifests/site.pp
deleted file mode 100644
index 5029dcd..0000000
--- a/manifests/site.pp
+++ /dev/null
@@ -1,169 +0,0 @@
-# Copyright 2013 Hewlett-Packard Development Company, L.P.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-#
-define cgit::site(
- $behind_proxy = false,
- $cgit_timeout = false,
- $cgitdir = '/var/www/cgit',
- $cgitrc_path = '/etc/cgitrc',
- $cgitrc_settings = {},
- $manage_cgitrc = false,
- $selinux_mode = 'enforcing',
- $serveradmin = "webmaster@${::fqdn}",
- $serveraliases = undef,
- $ssl_cert_file = undef,
- $ssl_cert_file_contents = undef, # If left undefined puppet will not create file.
- $ssl_chain_file = undef,
- $ssl_chain_file_contents = undef, # If left undefined puppet will not create file.
- $ssl_key_file = undef,
- $ssl_key_file_contents = undef, # If left undefined puppet will not create file.
- $staticfiles = '/var/www/cgit/static',
- $local_git_dir = '/var/lib/git',
- $cgit_vhost_name = $::fqdn,
- $cgit_vhost_priority = '50',
-) {
- $default_cgitrc_settings = {
- 'cache-size' => 1000,
- 'cache-dynamic-ttl' => 1,
- 'cache-repo-ttl' => 1,
- 'cache-root-ttl' => 1,
- 'cache-root' => "/var/cache/cgit/${cgit_vhost_name}",
- 'clone-prefix' => "git://${::fqdn} https://${::fqdn}",
- 'enable-index-owner' => 0,
- 'enable-index-links' => 1,
- 'enable-http-clone' => 0,
- 'max-stats' => 'quarter',
- 'side-by-side-diffs' => 1,
- 'mimetype.gif' => 'image/gif',
- 'mimetype.html' => 'text/html',
- 'mimetype.jpg' => 'image/jpeg',
- 'mimetype.jpeg' => 'image/jpeg',
- 'mimetype.pdf' => 'application/pdf',
- 'mimetype.png' => 'image/png',
- 'mimetype.svg' => 'image/svg+xml',
- 'source-filter' => '/usr/libexec/cgit/filters/syntax-highlighting.sh',
- 'max-repo-count' => 600,
- 'include' => '/etc/cgitrepos'
- }
- if $behind_proxy == true {
- $http_port = 8080
- $https_port = 4443
- $daemon_port = 29418
- } else {
- $http_port = 80
- $https_port = 443
- $daemon_port = 9418
- }
-
- # merge settings with defaults
- $final_cgitrc_settings = merge($default_cgitrc_settings, $cgitrc_settings)
-
- file { $local_git_dir:
- ensure => directory,
- owner => 'cgit',
- group => 'cgit',
- mode => '0644',
- require => User['cgit'],
- }
-
- file { "${local_git_dir}/p":
- ensure => link,
- target => $local_git_dir,
- require => File[$local_git_dir],
- }
-
- exec { "restorecon -R -v ${local_git_dir}":
- path => '/sbin',
- require => File[$local_git_dir],
- subscribe => File[$local_git_dir],
- refreshonly => true,
- }
-
- ::httpd::vhost { $cgit_vhost_name:
- port => $https_port,
- serveraliases => $serveraliases,
- docroot => 'MEANINGLESS ARGUMENT',
- priority => $cgit_vhost_priority,
- content => template('cgit/git.vhost.erb'),
- ssl => true,
- require => [
- File[$staticfiles],
- Package['cgit'],
- ],
- }
-
- file { "/var/cache/cgit/${cgit_vhost_name}":
- ensure => directory,
- owner => 'apache',
- group => 'root',
- mode => '0755',
- require => Package['cgit']
- }
-
- file { $cgitdir:
- ensure => directory,
- owner => 'root',
- group => 'root',
- mode => '0755',
- require => Package['httpd']
- }
-
- file { $staticfiles:
- ensure => directory,
- owner => 'root',
- group => 'root',
- mode => '0755',
- require => File[$cgitdir],
- }
-
-
- if $ssl_cert_file_contents != undef {
- file { $ssl_cert_file:
- owner => 'root',
- group => 'root',
- mode => '0640',
- content => $ssl_cert_file_contents,
- before => Httpd::Vhost[$cgit_vhost_name],
- }
- }
-
- if $ssl_key_file_contents != undef {
- file { $ssl_key_file:
- owner => 'root',
- group => 'root',
- mode => '0640',
- content => $ssl_key_file_contents,
- before => Httpd::Vhost[$cgit_vhost_name],
- }
- }
-
- if $ssl_chain_file_contents != undef {
- file { $ssl_chain_file:
- owner => 'root',
- group => 'root',
- mode => '0640',
- content => $ssl_chain_file_contents,
- before => Httpd::Vhost[$cgit_vhost_name],
- }
- }
- if $manage_cgitrc {
- file { $cgitrc_path:
- ensure => present,
- owner => 'root',
- group => 'root',
- mode => '0644',
- content => template('cgit/cgitrc.erb')
- }
- }
-}
diff --git a/manifests/ssh.pp b/manifests/ssh.pp
deleted file mode 100644
index 6b88708..0000000
--- a/manifests/ssh.pp
+++ /dev/null
@@ -1,100 +0,0 @@
-# Copyright 2014 Hewlett-Packard Development Company, L.P.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-#
-# Class: cgit::ssh
-#
-# This class enables clones from git repo using ssh protocol
-#
-# params:
-# user:
-# The user that will be used for git clone
-# group:
-# The group for the git user
-# manage_group:
-# If enabled, it will create the group for the git user
-# home:
-# The home directory of the git user
-# manage_home:
-# If enabled, it wil manage the home directory for the git user
-# target:
-# If set, it creates a symlink for the git directory
-# target_name:
-# If target is set, it defined the name of the source git directory
-# authorized_keys
-# Array with the list of keys that will be used for authorizing git
-# clones over ssh
-class cgit::ssh (
- $authorized_keys = [],
- $group = 'git',
- $home = '/var/lib/git',
- $manage_group = true,
- $manage_home = true,
- $target = undef,
- $target_name = 'repo',
- $user = 'git',
-) {
-
- if $manage_home {
- file { $home:
- ensure => directory,
- owner => $user,
- group => $group,
- mode => '0755',
- require => User[$user],
- }
- }
-
- if $target != undef {
- # This should be a directory that contains bare repos
- file { "${home}/${target_name}":
- ensure => link,
- target => $target,
- require => File[$home],
- }
- }
-
- if ($manage_group) and (! defined(Group[$group])) {
- group { $group:
- ensure => present,
- }
- }
-
- user { $user:
- ensure => present,
- shell => '/usr/bin/git-shell',
- gid => $group,
- home => $home,
- managehome => true,
- require => Group[$group],
- }
-
- $ssh_dir = "${home}/.ssh"
- file { $ssh_dir:
- ensure => directory,
- owner => $user,
- mode => '0750',
- }
-
- $auth_file = "${ssh_dir}/authorized_keys"
- file { $auth_file:
- ensure => present,
- owner => $user,
- mode => '0640',
- content => template('cgit/authorized_keys.erb'),
- require => [
- File[$ssh_dir],
- User[$user],
- ],
- }
-}
diff --git a/metadata.json b/metadata.json
deleted file mode 100644
index c8ae3e3..0000000
--- a/metadata.json
+++ /dev/null
@@ -1,11 +0,0 @@
-{
- "name": "openstackinfra-cgit",
- "version": "0.0.1",
- "author": "Openstack CI",
- "summary": "Puppet module for cgit",
- "license": "Apache 2.0",
- "source": "https://git.openstack.org/openstack-infra/puppet-cgit.git",
- "project_page": "http://docs.openstack.org/infra/system-config/",
- "issues_url": "https://storyboard.openstack.org/#!/project/778",
- "dependencies": []
-}
diff --git a/spec/acceptance/basic_spec.rb b/spec/acceptance/basic_spec.rb
deleted file mode 100644
index a480c91..0000000
--- a/spec/acceptance/basic_spec.rb
+++ /dev/null
@@ -1,279 +0,0 @@
-require 'puppet-openstack_infra_spec_helper/spec_helper_acceptance'
-
-describe 'puppet-cgit module', :if => ['fedora', 'redhat'].include?(os[:family]) do
- def pp_path
- base_path = File.dirname(__FILE__)
- File.join(base_path, 'fixtures')
- end
-
- def preconditions_puppet_module
- module_path = File.join(pp_path, 'preconditions.pp')
- File.read(module_path)
- end
-
- def default_puppet_module
- module_path = File.join(pp_path, 'default.pp')
- File.read(module_path)
- end
-
- before(:all) do
- apply_manifest(preconditions_puppet_module, catch_failures: true)
- end
-
- it 'should work with no errors' do
- apply_manifest(default_puppet_module, catch_failures: true)
- end
-
- it 'should be idempotent' do
- apply_manifest(default_puppet_module, catch_changes: true)
- end
-
- describe 'cgit server' do
- describe 'running web server' do
- describe command('curl http://localhost/cgit') do
- its(:stdout) { should include 'OpenStack git repository browser' }
- end
-
- describe command('curl --insecure https://localhost/cgit') do
- its(:stdout) { should include 'OpenStack git repository browser' }
- end
-
- describe port(80) do
- it { should be_listening }
- end
-
- describe port(443) do
- it { should be_listening }
- end
-
- describe port(9418) do
- it { should be_listening }
- end
-
- describe service('httpd') do
- it { should be_enabled }
- it { should be_running }
- end
- end
-
- describe service('git-daemon.socket'), :if => ['fedora', 'redhat'].include?(os[:family]) && os[:release] >= '7' do
- it { should be_enabled }
- it { should be_running }
- end
-
- describe service('git-daemon'), :if => ['fedora', 'redhat'].include?(os[:family]) && os[:release] < '7' do
- it { should be_enabled }
- it { should be_running }
- end
- end
-
- describe 'required users and groups' do
- describe user('cgit') do
- it { should exist }
- it { should belong_to_group 'cgit' }
- end
-
- describe group('cgit') do
- it { should exist }
- end
-
- describe user('git') do
- it { should exist }
- it { should belong_to_group 'git' }
- end
-
- describe group('git') do
- it { should exist }
- end
- end
- describe 'required os packages' do
- required_packages = [
- package('mod_ldap'),
- package('cgit'),
- package('git-daemon'),
- package('highlight'),
- ]
-
- required_packages.each do |package|
- describe package do
- it { should be_installed }
- end
- end
- end
-
- describe 'required files' do
- required_directories = [
- file('/home/cgit'),
- file('/var/lib/git'),
- ]
-
- required_directories.each do |directory|
- describe directory do
- it { should be_directory }
- it { should be_owned_by 'cgit' }
- it { should be_grouped_into 'cgit' }
- end
- end
-
- required_directories = [
- file('/var/www/cgit'),
- file('/var/www/cgit/static'),
- ]
-
- required_directories.each do |directory|
- describe directory do
- it { should be_directory }
- it { should be_owned_by 'root' }
- it { should be_grouped_into 'root' }
- end
- end
-
- describe file('/var/lib/git/p') do
- it { should be_linked_to '/var/lib/git' }
- end
-
- describe file('/usr/lib/systemd/system/git-daemon.socket'), :if => ['fedora', 'redhat'].include?(os[:family]) && os[:release] >= '7' do
- it { should be_file }
- it { should be_owned_by 'root' }
- it { should be_grouped_into 'root' }
- its(:content) { should include 'ListenStream=9418' }
- end
-
- describe file('/usr/lib/systemd/system/git-daemon@.service'), :if => ['fedora', 'redhat'].include?(os[:family]) && os[:release] >= '7' do
- it { should be_file }
- it { should be_owned_by 'root' }
- it { should be_grouped_into 'root' }
- its(:content) { should include 'Wants=git-daemon.socket' }
- end
-
- describe file('/etc/init.d/git-daemon'), :if => ['fedora', 'redhat'].include?(os[:family]) && os[:release] < '7' do
- it { should be_file }
- it { should be_owned_by 'root' }
- it { should be_grouped_into 'root' }
- its(:content) { should include 'DAEMON=/usr/libexec/git-core/git-daemon' }
- its(:content) { should include 'PORT=9418' }
- end
-
- describe file('/etc/pki/tls/certs/localhost.pem') do
- it { should be_file }
- it { should be_owned_by 'root' }
- it { should be_grouped_into 'root' }
- end
-
- describe file('/etc/pki/tls/private/localhost.key') do
- it { should be_file }
- it { should be_owned_by 'root' }
- it { should be_grouped_into 'root' }
- end
-
- describe file('/etc/cgitrc') do
- it { should be_file }
- it { should be_owned_by 'root' }
- it { should be_grouped_into 'root' }
- its(:content) { should include 'clone-prefix=https://git.openstack.org https://git.openstack.org' }
- end
-
- describe file('/var/lib/git/.ssh/authorized_keys') do
- it { should be_file }
- it { should be_owned_by 'git' }
- it { should be_mode '640' } # Authorized keys file should have a restrict permission
- its(:content) { should include 'ssh-key 1a2b3c4d5e' }
- end
-
- describe file('/etc/httpd/conf/httpd.conf') do
- it { should be_file }
- it { should be_owned_by 'root' }
- it { should be_grouped_into 'root' }
- its(:content) { should include 'Listen 80' }
- end
-
- describe file('/etc/httpd/conf.d/ssl.conf') do
- it { should be_file }
- it { should be_owned_by 'root' }
- it { should be_grouped_into 'root' }
- its(:content) { should include 'Listen 443' }
- end
-
- vhost_content = '
- ServerName localhost
- ServerAdmin webmaster@localhost
-
-
- Alias /cgit-data /usr/share/cgit
- ScriptAlias /cgit /var/www/cgi-bin/cgit
- Alias /static /var/www/cgit/static
- RewriteEngine On
- RewriteRule ^/$ /cgit [R]
-
- SetEnv GIT_PROJECT_ROOT /var/lib/git
- SetEnv GIT_HTTP_EXPORT_ALL
- SetEnv GIT_NOTES_DISPLAY_REF refs/notes/*
- SetEnv CGIT_CONFIG /etc/cgitrc
-
- AliasMatch ^/(.*/objects/[0-9a-f]{2}/[0-9a-f]{38})$ /var/lib/git/$1
- AliasMatch ^/(.*/objects/pack/pack-[0-9a-f]{40}.(pack|idx))$ /var/lib/git/$1
- ScriptAlias / /usr/libexec/git-core/git-http-backend/
-
- ErrorLog /var/log/httpd/localhost-error.log
-
-
-
- LogLevel warn
-
- CustomLog /var/log/httpd/localhost-access.log combined
-
-
-
- ServerName localhost
- ServerAdmin webmaster@localhost
-
-
- Alias /cgit-data /usr/share/cgit
- ScriptAlias /cgit /var/www/cgi-bin/cgit
- Alias /static /var/www/cgit/static
- RewriteEngine On
- RewriteRule ^/$ /cgit [R]
-
- SetEnv GIT_PROJECT_ROOT /var/lib/git
- SetEnv GIT_HTTP_EXPORT_ALL
- SetEnv GIT_NOTES_DISPLAY_REF refs/notes/*
- SetEnv CGIT_CONFIG /etc/cgitrc
-
- AliasMatch ^/(.*/objects/[0-9a-f]{2}/[0-9a-f]{38})$ /var/lib/git/$1
- AliasMatch ^/(.*/objects/pack/pack-[0-9a-f]{40}.(pack|idx))$ /var/lib/git/$1
- ScriptAlias / /usr/libexec/git-core/git-http-backend/
-
- ErrorLog /var/log/httpd/localhost-ssl-error.log
-
- LogLevel warn
-
- CustomLog /var/log/httpd/localhost-ssl-access.log combined
-
- SSLEngine on
- SSLProtocol All -SSLv2 -SSLv3
-
- SSLCertificateFile /etc/pki/tls/certs/localhost.pem
- SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
-
-
-'
- describe file('/etc/httpd/conf.d/25-localhost.conf') do
- its(:content) { should eq vhost_content }
- end
- end
-
- describe 'selinux' do
- describe command("semanage boolean -l | grep '^httpd_enable_cgi'") do
- its(:stdout) { should match(/^httpd_enable_cgi.*\(on , on\)/) }
- end
-
- describe command("semanage port -l | grep '^http_port_t'") do
- its (:stdout) { should match(/^http_port_t.*\b80/) }
- its (:stdout) { should match(/^http_port_t.*\b443/) }
- end
-
- describe command("semanage port -l | grep '^git_port_t'") do
- its(:stdout) { should match(/^git_port_t.*\b9418/) }
- end
- end
-end
diff --git a/spec/acceptance/behind_proxy_spec.rb b/spec/acceptance/behind_proxy_spec.rb
deleted file mode 100644
index 77dcec6..0000000
--- a/spec/acceptance/behind_proxy_spec.rb
+++ /dev/null
@@ -1,272 +0,0 @@
-require 'puppet-openstack_infra_spec_helper/spec_helper_acceptance'
-
-describe 'puppet-cgit module begind proxy', :if => ['fedora', 'redhat'].include?(os[:family]) do
- def pp_path
- base_path = File.dirname(__FILE__)
- File.join(base_path, 'fixtures')
- end
-
- def preconditions_puppet_module
- module_path = File.join(pp_path, 'preconditions.pp')
- File.read(module_path)
- end
-
- def behindproxy_puppet_module
- module_path = File.join(pp_path, 'behindproxy.pp')
- File.read(module_path)
- end
-
- before(:all) do
- apply_manifest(preconditions_puppet_module, catch_failures: true)
- end
-
- it 'should work with no errors' do
- apply_manifest(behindproxy_puppet_module, catch_failures: true)
- end
-
- it 'should be idempotent' do
- apply_manifest(behindproxy_puppet_module, catch_changes: true)
- end
-
- describe 'required services' do
- describe 'running web server' do
- describe command('curl http://localhost:8080/cgit') do
- its(:stdout) { should include 'OpenStack git repository browser' }
- end
-
- describe command('curl --insecure https://localhost:4443/cgit') do
- its(:stdout) { should include 'OpenStack git repository browser' }
- end
-
- describe port(8080) do
- it { should be_listening }
- end
-
- describe port(4443) do
- it { should be_listening }
- end
-
- describe port(29418) do
- it { should be_listening }
- end
-
- describe service('httpd') do
- it { should be_enabled }
- it { should be_running }
- end
- end
-
- describe service('git-daemon.socket'), :if => ['fedora', 'redhat'].include?(os[:family]) && os[:release] >= '7' do
- it { should be_enabled }
- it { should be_running }
- end
-
- describe service('git-daemon'), :if => ['fedora', 'redhat'].include?(os[:family]) && os[:release] < '7' do
- it { should be_enabled }
- it { should be_running }
- end
- end
-
- describe 'required users and groups' do
- describe user('cgit') do
- it { should exist }
- it { should belong_to_group 'cgit' }
- end
-
- describe group('cgit') do
- it { should exist }
- end
-
- describe user('git') do
- it { should exist }
- it { should belong_to_group 'git' }
- end
-
- describe group('git') do
- it { should exist }
- end
- end
-
- describe 'required os packages' do
- required_packages = [
- package('mod_ldap'),
- package('cgit'),
- package('git-daemon'),
- package('highlight'),
- ]
-
- required_packages.each do |package|
- describe package do
- it { should be_installed }
- end
- end
- end
-
- describe 'required files' do
- required_directories = [
- file('/home/cgit'),
- file('/var/lib/git'),
- ]
-
- required_directories.each do |directory|
- describe directory do
- it { should be_directory }
- it { should be_owned_by 'cgit' }
- it { should be_grouped_into 'cgit' }
- end
- end
-
- required_directories = [
- file('/var/www/cgit'),
- file('/var/www/cgit/static'),
- ]
-
- required_directories.each do |directory|
- describe directory do
- it { should be_directory }
- it { should be_owned_by 'root' }
- it { should be_grouped_into 'root' }
- end
- end
-
- describe file('/usr/lib/systemd/system/git-daemon.socket'), :if => ['fedora', 'redhat'].include?(os[:family]) && os[:release] >= '7' do
- it { should be_file }
- it { should be_owned_by 'root' }
- it { should be_grouped_into 'root' }
- its(:content) { should include 'ListenStream=29418' }
- end
-
- describe file('/usr/lib/systemd/system/git-daemon@.service'), :if => ['fedora', 'redhat'].include?(os[:family]) && os[:release] >= '7' do
- it { should be_file }
- it { should be_owned_by 'root' }
- it { should be_grouped_into 'root' }
- its(:content) { should include 'Wants=git-daemon.socket' }
- end
-
- describe file('/etc/init.d/git-daemon'), :if => ['fedora', 'redhat'].include?(os[:family]) && os[:release] < '7' do
- it { should be_file }
- it { should be_owned_by 'root' }
- it { should be_grouped_into 'root' }
- its(:content) { should include 'DAEMON=/usr/libexec/git-core/git-daemon' }
- its(:content) { should include 'PORT=29418' }
- end
-
- describe file('/etc/pki/tls/certs/localhost.pem') do
- it { should be_file }
- it { should be_owned_by 'root' }
- it { should be_grouped_into 'root' }
- end
-
- describe file('/etc/pki/tls/private/localhost.key') do
- it { should be_file }
- it { should be_owned_by 'root' }
- it { should be_grouped_into 'root' }
- end
-
- describe file('/etc/cgitrc') do
- it { should be_file }
- it { should be_owned_by 'root' }
- it { should be_grouped_into 'root' }
- its(:content) { should include 'clone-prefix=https://git.openstack.org https://git.openstack.org' }
- end
-
- describe file('/var/lib/git/.ssh/authorized_keys') do
- it { should be_file }
- it { should be_owned_by 'git' }
- it { should be_mode '640' } # Authorized keys file should have a restrict permission
- its(:content) { should include 'ssh-key 1a2b3c4d5e' }
- end
-
- describe file('/etc/httpd/conf/httpd.conf') do
- it { should be_file }
- it { should be_owned_by 'root' }
- it { should be_grouped_into 'root' }
- its(:content) { should include 'Listen 8080' }
- end
-
- describe file('/etc/httpd/conf.d/ssl.conf') do
- it { should be_file }
- it { should be_owned_by 'root' }
- it { should be_grouped_into 'root' }
- its(:content) { should include 'Listen 4443' }
- end
-
- vhost_content = '
- ServerName localhost
- ServerAdmin webmaster@localhost
-
-
- Alias /cgit-data /usr/share/cgit
- ScriptAlias /cgit /var/www/cgi-bin/cgit
- Alias /static /var/www/cgit/static
- RewriteEngine On
- RewriteRule ^/$ /cgit [R]
-
- SetEnv GIT_PROJECT_ROOT /var/lib/git
- SetEnv GIT_HTTP_EXPORT_ALL
- SetEnv GIT_NOTES_DISPLAY_REF refs/notes/*
- SetEnv CGIT_CONFIG /etc/cgitrc
-
- AliasMatch ^/(.*/objects/[0-9a-f]{2}/[0-9a-f]{38})$ /var/lib/git/$1
- AliasMatch ^/(.*/objects/pack/pack-[0-9a-f]{40}.(pack|idx))$ /var/lib/git/$1
- ScriptAlias / /usr/libexec/git-core/git-http-backend/
-
- ErrorLog /var/log/httpd/localhost-error.log
-
-
-
- LogLevel warn
-
- CustomLog /var/log/httpd/localhost-access.log combined
-
-
-
- ServerName localhost
- ServerAdmin webmaster@localhost
-
-
- Alias /cgit-data /usr/share/cgit
- ScriptAlias /cgit /var/www/cgi-bin/cgit
- Alias /static /var/www/cgit/static
- RewriteEngine On
- RewriteRule ^/$ /cgit [R]
-
- SetEnv GIT_PROJECT_ROOT /var/lib/git
- SetEnv GIT_HTTP_EXPORT_ALL
- SetEnv GIT_NOTES_DISPLAY_REF refs/notes/*
- SetEnv CGIT_CONFIG /etc/cgitrc
-
- AliasMatch ^/(.*/objects/[0-9a-f]{2}/[0-9a-f]{38})$ /var/lib/git/$1
- AliasMatch ^/(.*/objects/pack/pack-[0-9a-f]{40}.(pack|idx))$ /var/lib/git/$1
- ScriptAlias / /usr/libexec/git-core/git-http-backend/
-
- ErrorLog /var/log/httpd/localhost-ssl-error.log
-
- LogLevel warn
-
- CustomLog /var/log/httpd/localhost-ssl-access.log combined
-
- SSLEngine on
- SSLProtocol All -SSLv2 -SSLv3
-
- SSLCertificateFile /etc/pki/tls/certs/localhost.pem
- SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
-
-
-'
- describe file('/etc/httpd/conf.d/25-localhost.conf') do
- its(:content) { should eq vhost_content }
- end
- end
-
- describe 'selinux' do
- describe command("semanage port -l | grep '^http_port_t'") do
- its(:stdout) { should match(/^http_port_t.*\b8080/) }
- its(:stdout) { should match(/^http_port_t.*\b4443/) }
- end
-
- describe command("semanage port -l | grep '^git_port_t'") do
- its(:stdout) { should match(/^git_port_t.*\b29418/) }
- end
- end
-end
diff --git a/spec/acceptance/fixtures/behindproxy.pp b/spec/acceptance/fixtures/behindproxy.pp
deleted file mode 100644
index d365bc9..0000000
--- a/spec/acceptance/fixtures/behindproxy.pp
+++ /dev/null
@@ -1,30 +0,0 @@
-if ($::osfamily == 'RedHat') {
- exec { 'reload systemd to have ports updated':
- command => '/bin/systemctl daemon-reload',
- refreshonly => true,
- subscribe => File['/usr/lib/systemd/system/git-daemon.socket'],
- }
-
- class { '::cgit':
- vhost_name => 'localhost',
- serveradmin => 'webmaster@localhost',
- ssl_cert_file_contents => file('/etc/ssl/certs/ssl-cert-snakeoil.pem'),
- ssl_cert_file => '/etc/pki/tls/certs/localhost.pem',
- ssl_key_file_contents => file('/etc/ssl/private/ssl-cert-snakeoil.key'),
- ssl_key_file => '/etc/pki/tls/private/localhost.key',
- manage_cgitrc => true,
- behind_proxy => true,
- cgitrc_settings => {
- 'clone-prefix' => 'https://git.openstack.org https://git.openstack.org',
- 'root-title' => 'OpenStack git repository browser',
- },
- }
-
- class { '::cgit::ssh':
- manage_home => false,
- require => Class['::cgit'],
- authorized_keys => [
- 'ssh-key 1a2b3c4d5e',
- ],
- }
-}
diff --git a/spec/acceptance/fixtures/default.pp b/spec/acceptance/fixtures/default.pp
deleted file mode 100644
index ae6b95f..0000000
--- a/spec/acceptance/fixtures/default.pp
+++ /dev/null
@@ -1,29 +0,0 @@
-if ($::osfamily == 'RedHat') {
- exec { 'reload systemd to have ports updated':
- command => '/bin/systemctl daemon-reload',
- refreshonly => true,
- subscribe => File['/usr/lib/systemd/system/git-daemon.socket'],
- }
-
- class { '::cgit':
- vhost_name => 'localhost',
- serveradmin => 'webmaster@localhost',
- ssl_cert_file_contents => file('/etc/ssl/certs/ssl-cert-snakeoil.pem'),
- ssl_cert_file => '/etc/pki/tls/certs/localhost.pem',
- ssl_key_file_contents => file('/etc/ssl/private/ssl-cert-snakeoil.key'),
- ssl_key_file => '/etc/pki/tls/private/localhost.key',
- manage_cgitrc => true,
- cgitrc_settings => {
- 'clone-prefix' => 'https://git.openstack.org https://git.openstack.org',
- 'root-title' => 'OpenStack git repository browser',
- },
- }
-
- class { '::cgit::ssh':
- manage_home => false,
- require => Class['::cgit'],
- authorized_keys => [
- 'ssh-key 1a2b3c4d5e',
- ],
- }
-}
diff --git a/spec/acceptance/fixtures/loadbalancer.pp b/spec/acceptance/fixtures/loadbalancer.pp
deleted file mode 100644
index 9f0ca73..0000000
--- a/spec/acceptance/fixtures/loadbalancer.pp
+++ /dev/null
@@ -1,6 +0,0 @@
-if ($::osfamily == 'Debian') {
- class { '::cgit::lb':
- balancer_member_names => [ 'local' ],
- balancer_member_ips => [ '127.0.0.1' ],
- }
-}
diff --git a/spec/acceptance/fixtures/preconditions.pp b/spec/acceptance/fixtures/preconditions.pp
deleted file mode 100644
index 834ceb3..0000000
--- a/spec/acceptance/fixtures/preconditions.pp
+++ /dev/null
@@ -1,41 +0,0 @@
-# Installing ssl-cert in order to get snakeoil certs
-if ($::osfamily == 'RedHat' and $::operatingsystemmajrelease == '7') {
- exec { 'creates self-signed certificate directory':
- path => '/usr/bin',
- command => 'mkdir -p /etc/ssl/certs',
- creates => '/etc/ssl/certs',
- }
-
- exec { 'creates self-signed certificate key directory':
- path => '/usr/bin',
- command => 'mkdir -p /etc/ssl/private',
- creates => '/etc/ssl/private',
- }
-
- exec { 'creates self-signed certificate':
- path => '/usr/bin',
- command => 'openssl req \
- -new \
- -newkey rsa:2048 \
- -days 365 \
- -nodes \
- -x509 \
- -subj "/C=US/ST=California/L=San Francisco/O=Dis/CN=localhost" \
- -keyout /etc/ssl/private/ssl-cert-snakeoil.key \
- -out /etc/ssl/certs/ssl-cert-snakeoil.pem',
- creates => ['/etc/ssl/private/ssl-cert-snakeoil.key', '/etc/ssl/certs/ssl-cert-snakeoil.pem'],
- require => [
- Exec['creates self-signed certificate directory'],
- Exec['creates self-signed certificate key directory'],
- ],
- }
-
- package { 'policycoreutils-python':
- ensure => present,
- }
-}
-elsif ($::osfamily == 'Debian') {
- package { 'ssl-cert':
- ensure => present,
- }
-}
diff --git a/spec/acceptance/loadbalancer_spec.rb b/spec/acceptance/loadbalancer_spec.rb
deleted file mode 100644
index f8452d9..0000000
--- a/spec/acceptance/loadbalancer_spec.rb
+++ /dev/null
@@ -1,71 +0,0 @@
-require 'puppet-openstack_infra_spec_helper/spec_helper_acceptance'
-
-describe 'puppet-cgit loadbalancer module', :if => ['debian', 'ubuntu'].include?(os[:family]) do
- def pp_path
- base_path = File.dirname(__FILE__)
- File.join(base_path, 'fixtures')
- end
-
- def preconditions_puppet_module
- module_path = File.join(pp_path, 'preconditions.pp')
- File.read(module_path)
- end
-
- def loadbalancer_puppet_module
- module_path = File.join(pp_path, 'loadbalancer.pp')
- File.read(module_path)
- end
-
- before(:all) do
- apply_manifest(preconditions_puppet_module, catch_failures: true)
- end
-
- it 'should work with no errors' do
- apply_manifest(loadbalancer_puppet_module, catch_failures: true)
- end
-
- it 'should be idempotent' do
- apply_manifest(loadbalancer_puppet_module, catch_changes: true)
- end
-
- describe 'required services' do
- describe port(80) do
- it { should be_listening }
- end
-
- describe port(443) do
- it { should be_listening }
- end
-
- describe port(9418) do
- it { should be_listening }
- end
-
- describe service('haproxy') do
- it { should be_enabled }
- it { should be_running }
- end
- end
-
- describe 'required os packages' do
- required_packages = [
- package('socat'),
- package('lsof'),
- ]
-
- required_packages.each do |package|
- describe package do
- it { should be_installed }
- end
- end
- end
-
- describe 'required files' do
- describe file('/etc/rsyslog.d/haproxy.conf') do
- it { should be_file }
- it { should be_owned_by 'root' }
- it { should be_grouped_into 'root' }
- its(:content) { should include 'local0.* /var/log/haproxy.log' }
- end
- end
-end
diff --git a/spec/acceptance/nodesets/default.yml b/spec/acceptance/nodesets/default.yml
deleted file mode 100644
index 3bb3e62..0000000
--- a/spec/acceptance/nodesets/default.yml
+++ /dev/null
@@ -1,11 +0,0 @@
-HOSTS:
- ubuntu-server-1404-x64:
- roles:
- - master
- platform: ubuntu-14.04-amd64
- box: puppetlabs/ubuntu-14.04-64-nocm
- box_url: https://vagrantcloud.com/puppetlabs/ubuntu-14.04-64-nocm
- hypervisor: vagrant
-CONFIG:
- log_level: debug
- type: git
diff --git a/spec/acceptance/nodesets/nodepool-centos7.yml b/spec/acceptance/nodesets/nodepool-centos7.yml
deleted file mode 100644
index c552874..0000000
--- a/spec/acceptance/nodesets/nodepool-centos7.yml
+++ /dev/null
@@ -1,10 +0,0 @@
-HOSTS:
- centos-70-x64:
- roles:
- - master
- platform: el-7-x86_64
- hypervisor: none
- ip: 127.0.0.1
-CONFIG:
- type: foss
- set_env: false
diff --git a/spec/acceptance/nodesets/nodepool-trusty.yml b/spec/acceptance/nodesets/nodepool-trusty.yml
deleted file mode 100644
index 9fc624e..0000000
--- a/spec/acceptance/nodesets/nodepool-trusty.yml
+++ /dev/null
@@ -1,10 +0,0 @@
-HOSTS:
- ubuntu-14.04-amd64:
- roles:
- - master
- platform: ubuntu-14.04-amd64
- hypervisor: none
- ip: 127.0.0.1
-CONFIG:
- type: foss
- set_env: false
diff --git a/spec/acceptance/nodesets/nodepool-xenial.yml b/spec/acceptance/nodesets/nodepool-xenial.yml
deleted file mode 100644
index 99dd318..0000000
--- a/spec/acceptance/nodesets/nodepool-xenial.yml
+++ /dev/null
@@ -1,10 +0,0 @@
-HOSTS:
- ubuntu-16.04-amd64:
- roles:
- - master
- platform: ubuntu-16.04-amd64
- hypervisor: none
- ip: 127.0.0.1
-CONFIG:
- type: foss
- set_env: false
diff --git a/templates/authorized_keys.erb b/templates/authorized_keys.erb
deleted file mode 100644
index a271ea8..0000000
--- a/templates/authorized_keys.erb
+++ /dev/null
@@ -1,6 +0,0 @@
-# This file contains a list of authorized ssh keys for read-only access to git
-# The list should be kept to a minimum
-# Each key should have a descriptive comment field including points of contact
-<% @authorized_keys.each do |authorized_key| -%>
-<%= authorized_key %>
-<% end -%>
diff --git a/templates/cgitrc.erb b/templates/cgitrc.erb
deleted file mode 100644
index aec9d8f..0000000
--- a/templates/cgitrc.erb
+++ /dev/null
@@ -1,7 +0,0 @@
-#
-# See cgitrc(5) or /usr/share/doc/cgit-*/cgitrc.5.html for details
-#
-
-<% @final_cgitrc_settings.keys.sort.each do |setting| -%>
-<%= setting -%>=<%= @final_cgitrc_settings[setting] %>
-<% end -%>
diff --git a/templates/git-daemon.init.erb b/templates/git-daemon.init.erb
deleted file mode 100644
index d45e17c..0000000
--- a/templates/git-daemon.init.erb
+++ /dev/null
@@ -1,63 +0,0 @@
-#!/bin/sh
-#
-# Startup/shutdown script for the git daemon
-# chkconfig: 345 56 10
-#
-# description: Startup/shutdown script for the git daemon
-#
-. /etc/init.d/functions
-
-NAME=git-daemon
-USER=nobody
-DAEMON=/usr/libexec/git-core/git-daemon
-GIT_REPO=/var/lib/git
-PORT=<%= scope.lookupvar("cgit::daemon_port") %>
-ARGS="--base-path=/var/lib/git --user=$USER --export-all --syslog --detach --verbose --port=$PORT $GIT_REPO"
-
-start () {
- echo -n $"Starting $NAME: "
-
- # start daemon
- daemon $DAEMON $ARGS
- RETVAL=$?
- echo
- [ $RETVAL = 0 ] && touch /var/lock/git-daemon
- return $RETVAL
-}
-
-stop () {
- # stop daemon
-
- echo -n $"Stopping $NAME: "
- killproc $DAEMON
- RETVAL=$?
- echo
- [ $RETVAL = 0 ] && rm -f /var/lock/git-daemon
-}
-
-restart() {
- stop
- start
-}
-
-case $1 in
- start)
- start
- ;;
- stop)
- stop
- ;;
- restart)
- restart
- ;;
- status)
- status $DAEMON
- RETVAL=$?
- ;;
- *)
- echo $"Usage: $NAME {start|stop|restart|status}"
- exit 3
- ;;
-esac
-
-exit $RETVAL
diff --git a/templates/git-daemon.socket.erb b/templates/git-daemon.socket.erb
deleted file mode 100644
index 626b284..0000000
--- a/templates/git-daemon.socket.erb
+++ /dev/null
@@ -1,9 +0,0 @@
-[Unit]
-Description=Git Activation Socket
-
-[Socket]
-ListenStream=<%= scope.lookupvar("cgit::daemon_port") %>
-Accept=true
-
-[Install]
-WantedBy=sockets.target
diff --git a/templates/git.vhost.erb b/templates/git.vhost.erb
deleted file mode 100644
index 97b99c5..0000000
--- a/templates/git.vhost.erb
+++ /dev/null
@@ -1,83 +0,0 @@
->
- ServerName <%= @cgit_vhost_name %>
- ServerAdmin <%= @serveradmin %>
-
-<% unless ['', nil, :undef].include?@serveraliases %>
-<% if @serveraliases.is_a? Array -%>
-<% @serveraliases.each do |name| -%><%= " ServerAlias #{name}\n" %><% end -%>
-<% elsif @serveraliases != '' -%>
-<%= " ServerAlias #{@serveraliases}" -%>
-<% end -%>
-<% end -%>
-
- Alias /cgit-data /usr/share/cgit
- ScriptAlias /cgit /var/www/cgi-bin/cgit
- Alias /static <%= @staticfiles %>
- RewriteEngine On
- RewriteRule ^/$ /cgit [R]
-
- SetEnv GIT_PROJECT_ROOT <%= @local_git_dir %>
- SetEnv GIT_HTTP_EXPORT_ALL
- SetEnv GIT_NOTES_DISPLAY_REF refs/notes/*
- SetEnv CGIT_CONFIG <%= @cgitrc_path %>
-
- AliasMatch ^/(.*/objects/[0-9a-f]{2}/[0-9a-f]{38})$ <%= @local_git_dir %>/$1
- AliasMatch ^/(.*/objects/pack/pack-[0-9a-f]{40}.(pack|idx))$ <%= @local_git_dir %>/$1
- ScriptAlias / /usr/libexec/git-core/git-http-backend/
-
- ErrorLog /var/log/httpd/<%= @cgit_vhost_name %>-error.log
-
- <% if @cgit_timeout.is_a? Integer %>
- Timeout <%= @cgit_timeout %>
- <% end %>
-
- LogLevel warn
-
- CustomLog /var/log/httpd/<%= @cgit_vhost_name %>-access.log combined
-
-
->
- ServerName <%= @cgit_vhost_name %>
- ServerAdmin <%= @serveradmin %>
-
-<% unless ['', nil, :undef].include?@serveraliases %>
-<% if @serveraliases.is_a? Array -%>
-<% @serveraliases.each do |name| -%><%= " ServerAlias #{name}\n" %><% end -%>
-<% elsif @serveraliases != '' -%>
-<%= " ServerAlias #{@serveraliases}" -%>
-<% end -%>
-<% end -%>
-
- Alias /cgit-data /usr/share/cgit
- ScriptAlias /cgit /var/www/cgi-bin/cgit
- Alias /static <%= @staticfiles %>
- RewriteEngine On
- RewriteRule ^/$ /cgit [R]
-
- SetEnv GIT_PROJECT_ROOT <%= @local_git_dir %>
- SetEnv GIT_HTTP_EXPORT_ALL
- SetEnv GIT_NOTES_DISPLAY_REF refs/notes/*
- SetEnv CGIT_CONFIG <%= @cgitrc_path %>
-
- AliasMatch ^/(.*/objects/[0-9a-f]{2}/[0-9a-f]{38})$ <%= @local_git_dir %>/$1
- AliasMatch ^/(.*/objects/pack/pack-[0-9a-f]{40}.(pack|idx))$ <%= @local_git_dir %>/$1
- ScriptAlias / /usr/libexec/git-core/git-http-backend/
-
- ErrorLog /var/log/httpd/<%= @cgit_vhost_name %>-ssl-error.log
-
- LogLevel warn
-
- CustomLog /var/log/httpd/<%= @cgit_vhost_name %>-ssl-access.log combined
-
- SSLEngine on
- SSLProtocol All -SSLv2 -SSLv3
-
- SSLCertificateFile <%= @ssl_cert_file %>
- SSLCertificateKeyFile <%= @ssl_key_file %>
-<%# The original default was '' -%>
-<%# scope.lookupvar returns nil for an undefined variable in puppet 4 -%>
-<%# scope.lookupvar returns :undef for an undefined variable in puppet 3 -%>
-<% unless ['', nil, :undef].include?@ssl_chain_file %>
- SSLCertificateChainFile <%= @ssl_chain_file %>
-<% end %>
-
diff --git a/templates/httpd.conf.erb b/templates/httpd.conf.erb
deleted file mode 100644
index 104bdb8..0000000
--- a/templates/httpd.conf.erb
+++ /dev/null
@@ -1,1048 +0,0 @@
-# This is the main Apache server configuration file. It contains the
-# configuration directives that give the server its instructions.
-# See for detailed information.
-# In particular, see
-#
-# for a discussion of each configuration directive.
-#
-#
-# Do NOT simply read the instructions in here without understanding
-# what they do. They're here only as hints or reminders. If you are unsure
-# consult the online docs. You have been warned.
-#
-# The configuration directives are grouped into three basic sections:
-# 1. Directives that control the operation of the Apache server process as a
-# whole (the 'global environment').
-# 2. Directives that define the parameters of the 'main' or 'default' server,
-# which responds to requests that aren't handled by a virtual host.
-# These directives also provide default values for the settings
-# of all virtual hosts.
-# 3. Settings for virtual hosts, which allow Web requests to be sent to
-# different IP addresses or hostnames and have them handled by the
-# same Apache server process.
-#
-# Configuration and logfile names: If the filenames you specify for many
-# of the server's control files begin with "/" (or "drive:/" for Win32), the
-# server will use that explicit path. If the filenames do *not* begin
-# with "/", the value of ServerRoot is prepended -- so "logs/foo.log"
-# with ServerRoot set to "/etc/httpd" will be interpreted by the
-# server as "/etc/httpd/logs/foo.log".
-#
-
-### Section 1: Global Environment
-#
-# The directives in this section affect the overall operation of Apache,
-# such as the number of concurrent requests it can handle or where it
-# can find its configuration files.
-#
-
-#
-# Don't give away too much information about all the subcomponents
-# we are running. Comment out this line if you don't mind remote sites
-# finding out what major optional modules you are running
-ServerTokens OS
-
-#
-# ServerRoot: The top of the directory tree under which the server's
-# configuration, error, and log files are kept.
-#
-# NOTE! If you intend to place this on an NFS (or otherwise network)
-# mounted filesystem then please read the LockFile documentation
-# (available at );
-# you will save yourself a lot of trouble.
-#
-# Do NOT add a slash at the end of the directory path.
-#
-ServerRoot "/etc/httpd"
-
-#
-# PidFile: The file in which the server should record its process
-# identification number when it starts. Note the PIDFILE variable in
-# /etc/sysconfig/httpd must be set appropriately if this location is
-# changed.
-#
-PidFile run/httpd.pid
-
-#
-# Timeout: The number of seconds before receives and sends time out.
-#
-Timeout 120
-
-#
-# KeepAlive: Whether or not to allow persistent connections (more than
-# one request per connection). Set to "Off" to deactivate.
-#
-KeepAlive Off
-
-#
-# MaxKeepAliveRequests: The maximum number of requests to allow
-# during a persistent connection. Set to 0 to allow an unlimited amount.
-# We recommend you leave this number high, for maximum performance.
-#
-MaxKeepAliveRequests 100
-
-#
-# KeepAliveTimeout: Number of seconds to wait for the next request from the
-# same client on the same connection.
-#
-KeepAliveTimeout 15
-
-##
-## Server-Pool Size Regulation (MPM specific)
-##
-
-# prefork MPM
-# StartServers: number of server processes to start
-# MinSpareServers: minimum number of server processes which are kept spare
-# MaxSpareServers: maximum number of server processes which are kept spare
-# ServerLimit: maximum value for MaxClients for the lifetime of the server
-# MaxClients: maximum number of server processes allowed to start
-# MaxRequestsPerChild: maximum number of requests a server process serves
-
-<% @final_prefork_settings.keys.sort.each do |setting| -%>
-<%= setting -%> <%= @final_prefork_settings[setting] %>
-<% end -%>
-
-
-# worker MPM
-# StartServers: initial number of server processes to start
-# MaxClients: maximum number of simultaneous client connections
-# MinSpareThreads: minimum number of worker threads which are kept spare
-# MaxSpareThreads: maximum number of worker threads which are kept spare
-# ThreadsPerChild: constant number of worker threads in each server process
-# MaxRequestsPerChild: maximum number of requests a server process serves
-
-<% @final_mpm_settings.keys.sort.each do |setting| -%>
-<%= setting -%> <%= @final_mpm_settings[setting] %>
-<% end -%>
-
-
-#
-# Listen: Allows you to bind Apache to specific IP addresses and/or
-# ports, in addition to the default. See also the
-# directive.
-#
-# Change this to Listen on specific IP addresses as shown below to
-# prevent Apache from glomming onto all bound IP addresses (0.0.0.0)
-#
-#Listen 12.34.56.78:80
-Listen <%= scope.lookupvar("cgit::http_port") %>
-
-#
-# Dynamic Shared Object (DSO) Support
-#
-# To be able to use the functionality of a module which was built as a DSO you
-# have to place corresponding `LoadModule' lines at this location so the
-# directives contained in it are actually available _before_ they are used.
-# Statically compiled modules (those listed by `httpd -l') do not need
-# to be loaded here.
-#
-# Example:
-# LoadModule foo_module modules/mod_foo.so
-#
-# The version_module has to be available for IfVersion to be parsed,
-# so breaking alphabetical order and loading it first
-
-LoadModule version_module modules/mod_version.so
-
-LoadModule auth_basic_module modules/mod_auth_basic.so
-LoadModule auth_digest_module modules/mod_auth_digest.so
-LoadModule authn_file_module modules/mod_authn_file.so
-LoadModule cache_module modules/mod_cache.so
-= 2.4>
-LoadModule authn_core_module modules/mod_authn_core.so
-LoadModule authz_core_module modules/mod_authz_core.so
-LoadModule authz_core_module modules/mod_authz_host.so
-LoadModule cache_disk_module modules/mod_cache_disk.so
-LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
-LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
-LoadModule slotmem_shm_module modules/mod_slotmem_shm.so
-LoadModule unixd_module modules/mod_unixd.so
-
-
-LoadModule authn_alias_module modules/mod_authn_alias.so
-LoadModule authn_default_module modules/mod_authn_default.so
-LoadModule authz_default_module modules/mod_authz_default.so
-LoadModule disk_cache_module modules/mod_disk_cache.so
-
-LoadModule authn_anon_module modules/mod_authn_anon.so
-LoadModule authn_dbm_module modules/mod_authn_dbm.so
-LoadModule authz_host_module modules/mod_authz_host.so
-LoadModule authz_user_module modules/mod_authz_user.so
-LoadModule authz_owner_module modules/mod_authz_owner.so
-LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
-LoadModule authz_dbm_module modules/mod_authz_dbm.so
-LoadModule ldap_module modules/mod_ldap.so
-LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
-LoadModule include_module modules/mod_include.so
-LoadModule log_config_module modules/mod_log_config.so
-LoadModule logio_module modules/mod_logio.so
-LoadModule env_module modules/mod_env.so
-LoadModule ext_filter_module modules/mod_ext_filter.so
-LoadModule mime_magic_module modules/mod_mime_magic.so
-LoadModule expires_module modules/mod_expires.so
-LoadModule deflate_module modules/mod_deflate.so
-LoadModule headers_module modules/mod_headers.so
-LoadModule usertrack_module modules/mod_usertrack.so
-LoadModule setenvif_module modules/mod_setenvif.so
-LoadModule mime_module modules/mod_mime.so
-LoadModule dav_module modules/mod_dav.so
-LoadModule status_module modules/mod_status.so
-LoadModule autoindex_module modules/mod_autoindex.so
-LoadModule info_module modules/mod_info.so
-LoadModule dav_fs_module modules/mod_dav_fs.so
-LoadModule vhost_alias_module modules/mod_vhost_alias.so
-LoadModule negotiation_module modules/mod_negotiation.so
-LoadModule dir_module modules/mod_dir.so
-LoadModule actions_module modules/mod_actions.so
-LoadModule speling_module modules/mod_speling.so
-LoadModule userdir_module modules/mod_userdir.so
-LoadModule alias_module modules/mod_alias.so
-LoadModule substitute_module modules/mod_substitute.so
-LoadModule rewrite_module modules/mod_rewrite.so
-LoadModule proxy_module modules/mod_proxy.so
-LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
-LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
-LoadModule proxy_http_module modules/mod_proxy_http.so
-LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
-LoadModule proxy_connect_module modules/mod_proxy_connect.so
-LoadModule suexec_module modules/mod_suexec.so
-LoadModule cgi_module modules/mod_cgi.so
-
-#
-# The following modules are not loaded by default:
-#
-#LoadModule asis_module modules/mod_asis.so
-#LoadModule authn_dbd_module modules/mod_authn_dbd.so
-#LoadModule cern_meta_module modules/mod_cern_meta.so
-#LoadModule cgid_module modules/mod_cgid.so
-#LoadModule dbd_module modules/mod_dbd.so
-#LoadModule dumpio_module modules/mod_dumpio.so
-#LoadModule filter_module modules/mod_filter.so
-#LoadModule ident_module modules/mod_ident.so
-#LoadModule log_forensic_module modules/mod_log_forensic.so
-#LoadModule unique_id_module modules/mod_unique_id.so
-#
-
-#
-# Load config files from the config directory "/etc/httpd/conf.d".
-#
-Include conf.d/*.conf
-
-<% if @operatingsystem == 'CentOS' && @operatingsystemmajrelease.to_i >= 7 -%>
-Include conf.modules.d/*.conf
-<% end -%>
-
-#
-# ExtendedStatus controls whether Apache will generate "full" status
-# information (ExtendedStatus On) or just basic information (ExtendedStatus
-# Off) when the "server-status" handler is called. The default is Off.
-#
-#ExtendedStatus On
-
-#
-# If you wish httpd to run as a different user or group, you must run
-# httpd as root initially and it will switch.
-#
-# User/Group: The name (or #number) of the user/group to run httpd as.
-# . On SCO (ODT 3) use "User nouser" and "Group nogroup".
-# . On HPUX you may not be able to use shared memory as nobody, and the
-# suggested workaround is to create a user www and use that user.
-# NOTE that some kernels refuse to setgid(Group) or semctl(IPC_SET)
-# when the value of (unsigned)Group is above 60000;
-# don't use Group #-1 on these systems!
-#
-User apache
-Group apache
-
-### Section 2: 'Main' server configuration
-#
-# The directives in this section set up the values used by the 'main'
-# server, which responds to any requests that aren't handled by a
-# definition. These values also provide defaults for
-# any containers you may define later in the file.
-#
-# All of these directives may appear inside containers,
-# in which case these default settings will be overridden for the
-# virtual host being defined.
-#
-
-#
-# ServerAdmin: Your address, where problems with the server should be
-# e-mailed. This address appears on some server-generated pages, such
-# as error documents. e.g. admin@your-domain.com
-#
-ServerAdmin root@localhost
-
-#
-# ServerName gives the name and port that the server uses to identify itself.
-# This can often be determined automatically, but we recommend you specify
-# it explicitly to prevent problems during startup.
-#
-# If this is not set to valid DNS name for your host, server-generated
-# redirections will not work. See also the UseCanonicalName directive.
-#
-# If your host doesn't have a registered DNS name, enter its IP address here.
-# You will have to access it by its address anyway, and this will make
-# redirections work in a sensible way.
-#
-#ServerName www.example.com:80
-
-#
-# UseCanonicalName: Determines how Apache constructs self-referencing
-# URLs and the SERVER_NAME and SERVER_PORT variables.
-# When set "Off", Apache will use the Hostname and Port supplied
-# by the client. When set "On", Apache will use the value of the
-# ServerName directive.
-#
-UseCanonicalName Off
-
-#
-# DocumentRoot: The directory out of which you will serve your
-# documents. By default, all requests are taken from this directory, but
-# symbolic links and aliases may be used to point to other locations.
-#
-DocumentRoot "/var/www/html"
-
-#
-# Each directory to which Apache has access can be configured with respect
-# to which services and features are allowed and/or disabled in that
-# directory (and its subdirectories).
-#
-# First, we configure the "default" to be a very restrictive set of
-# features.
-#
-
- Options FollowSymLinks
- AllowOverride None
-
-
-#
-# Note that from this point forward you must specifically allow
-# particular features to be enabled - so if something's not working as
-# you might expect, make sure that you have specifically enabled it
-# below.
-#
-
-#
-# This should be changed to whatever you set DocumentRoot to.
-#
-
-
-#
-# Possible values for the Options directive are "None", "All",
-# or any combination of:
-# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
-#
-# Note that "MultiViews" must be named *explicitly* --- "Options All"
-# doesn't give it to you.
-#
-# The Options directive is both complicated and important. Please see
-# http://httpd.apache.org/docs/2.2/mod/core.html#options
-# for more information.
-#
- Options Indexes FollowSymLinks
-
-#
-# AllowOverride controls what directives may be placed in .htaccess files.
-# It can be "All", "None", or any combination of the keywords:
-# Options FileInfo AuthConfig Limit
-#
- AllowOverride None
-
-#
-# Controls who can get stuff from this server.
-#
-= 2.4>
- Require all granted
-
-
- Order allow,deny
- Allow from all
-
-
-
-
-#
-# UserDir: The name of the directory that is appended onto a user's home
-# directory if a ~user request is received.
-#
-# The path to the end user account 'public_html' directory must be
-# accessible to the webserver userid. This usually means that ~userid
-# must have permissions of 711, ~userid/public_html must have permissions
-# of 755, and documents contained therein must be world-readable.
-# Otherwise, the client will only receive a "403 Forbidden" message.
-#
-# See also: http://httpd.apache.org/docs/misc/FAQ.html#forbidden
-#
-
- #
- # UserDir is disabled by default since it can confirm the presence
- # of a username on the system (depending on home directory
- # permissions).
- #
- UserDir disabled
-
- #
- # To enable requests to /~user/ to serve the user's public_html
- # directory, remove the "UserDir disabled" line above, and uncomment
- # the following line instead:
- #
- #UserDir public_html
-
-
-
-#
-# Control access to UserDir directories. The following is an example
-# for a site where these directories are restricted to read-only.
-#
-#
-# AllowOverride FileInfo AuthConfig Limit
-# Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
-#
-# Order allow,deny
-# Allow from all
-#
-#
-# Order deny,allow
-# Deny from all
-#
-#
-
-#
-# DirectoryIndex: sets the file that Apache will serve if a directory
-# is requested.
-#
-# The index.html.var file (a type-map) is used to deliver content-
-# negotiated documents. The MultiViews Option can be used for the
-# same purpose, but it is much slower.
-#
-DirectoryIndex index.html index.html.var
-
-#
-# AccessFileName: The name of the file to look for in each directory
-# for additional configuration directives. See also the AllowOverride
-# directive.
-#
-AccessFileName .htaccess
-
-#
-# The following lines prevent .htaccess and .htpasswd files from being
-# viewed by Web clients.
-#
-
- = 2.4>
- Require all denied
-
-
- Order allow,deny
- Deny from all
- Satisfy All
-
-
-
-#
-# TypesConfig describes where the mime.types file (or equivalent) is
-# to be found.
-#
-TypesConfig /etc/mime.types
-
-#
-# DefaultType is the default MIME type the server will use for a document
-# if it cannot otherwise determine one, such as from filename extensions.
-# If your server contains mostly text or HTML documents, "text/plain" is
-# a good value. If most of your content is binary, such as applications
-# or images, you may want to use "application/octet-stream" instead to
-# keep browsers from trying to display binary files as though they are
-# text.
-#
-DefaultType text/plain
-
-#
-# The mod_mime_magic module allows the server to use various hints from the
-# contents of the file itself to determine its type. The MIMEMagicFile
-# directive tells the module where the hint definitions are located.
-#
-
-# MIMEMagicFile /usr/share/magic.mime
- MIMEMagicFile conf/magic
-
-
-#
-# HostnameLookups: Log the names of clients or just their IP addresses
-# e.g., www.apache.org (on) or 204.62.129.132 (off).
-# The default is off because it'd be overall better for the net if people
-# had to knowingly turn this feature on, since enabling it means that
-# each client request will result in AT LEAST one lookup request to the
-# nameserver.
-#
-HostnameLookups Off
-
-#
-# EnableMMAP: Control whether memory-mapping is used to deliver
-# files (assuming that the underlying OS supports it).
-# The default is on; turn this off if you serve from NFS-mounted
-# filesystems. On some systems, turning it off (regardless of
-# filesystem) can improve performance; for details, please see
-# http://httpd.apache.org/docs/2.2/mod/core.html#enablemmap
-#
-#EnableMMAP off
-
-#
-# EnableSendfile: Control whether the sendfile kernel support is
-# used to deliver files (assuming that the OS supports it).
-# The default is on; turn this off if you serve from NFS-mounted
-# filesystems. Please see
-# http://httpd.apache.org/docs/2.2/mod/core.html#enablesendfile
-#
-#EnableSendfile off
-
-#
-# ErrorLog: The location of the error log file.
-# If you do not specify an ErrorLog directive within a
-# container, error messages relating to that virtual host will be
-# logged here. If you *do* define an error logfile for a
-# container, that host's errors will be logged there and not here.
-#
-ErrorLog logs/error_log
-
-#
-# LogLevel: Control the number of messages logged to the error_log.
-# Possible values include: debug, info, notice, warn, error, crit,
-# alert, emerg.
-#
-LogLevel warn
-
-#
-# The following directives define some format nicknames for use with
-# a CustomLog directive (see below).
-#
-LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
-LogFormat "%h %l %u %t \"%r\" %>s %b" common
-LogFormat "%{Referer}i -> %U" referer
-LogFormat "%{User-agent}i" agent
-
-# "combinedio" includes actual counts of actual bytes received (%I) and sent (%O); this
-# requires the mod_logio module to be loaded.
-#LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
-
-#
-# The location and format of the access logfile (Common Logfile Format).
-# If you do not define any access logfiles within a
-# container, they will be logged here. Contrariwise, if you *do*
-# define per- access logfiles, transactions will be
-# logged therein and *not* in this file.
-#
-#CustomLog logs/access_log common
-
-#
-# If you would like to have separate agent and referer logfiles, uncomment
-# the following directives.
-#
-#CustomLog logs/referer_log referer
-#CustomLog logs/agent_log agent
-
-#
-# For a single logfile with access, agent, and referer information
-# (Combined Logfile Format), use the following directive:
-#
-CustomLog logs/access_log combined
-
-#
-# Optionally add a line containing the server version and virtual host
-# name to server-generated pages (internal error documents, FTP directory
-# listings, mod_status and mod_info output etc., but not CGI generated
-# documents or custom error documents).
-# Set to "EMail" to also include a mailto: link to the ServerAdmin.
-# Set to one of: On | Off | EMail
-#
-ServerSignature On
-
-#
-# Aliases: Add here as many aliases as you need (with no limit). The format is
-# Alias fakename realname
-#
-# Note that if you include a trailing / on fakename then the server will
-# require it to be present in the URL. So "/icons" isn't aliased in this
-# example, only "/icons/". If the fakename is slash-terminated, then the
-# realname must also be slash terminated, and if the fakename omits the
-# trailing slash, the realname must also omit it.
-#
-# We include the /icons/ alias for FancyIndexed directory listings. If you
-# do not use FancyIndexing, you may comment this out.
-#
-Alias /icons/ "/var/www/icons/"
-
-
- Options Indexes MultiViews FollowSymLinks
- AllowOverride None
- = 2.4>
- Require all granted
-
-
- Order allow,deny
- Allow from all
-
-
-
-#
-# WebDAV module configuration section.
-#
-
- # Location of the WebDAV lock database.
- DAVLockDB /var/lib/dav/lockdb
-
-
-#
-# ScriptAlias: This controls which directories contain server scripts.
-# ScriptAliases are essentially the same as Aliases, except that
-# documents in the realname directory are treated as applications and
-# run by the server when requested rather than as documents sent to the client.
-# The same rules about trailing "/" apply to ScriptAlias directives as to
-# Alias.
-#
-ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
-
-#
-# "/var/www/cgi-bin" should be changed to whatever your ScriptAliased
-# CGI directory exists, if you have that configured.
-#
-
- AllowOverride None
- Options None
- = 2.4>
- Require all granted
-
-
- Order allow,deny
- Allow from all
-
-
-
-#
-# Redirect allows you to tell clients about documents which used to exist in
-# your server's namespace, but do not anymore. This allows you to tell the
-# clients where to look for the relocated document.
-# Example:
-# Redirect permanent /foo http://www.example.com/bar
-
-#
-# Directives controlling the display of server-generated directory listings.
-#
-
-#
-# IndexOptions: Controls the appearance of server-generated directory
-# listings.
-#
-IndexOptions FancyIndexing VersionSort NameWidth=* HTMLTable Charset=UTF-8
-
-#
-# AddIcon* directives tell the server which icon to show for different
-# files or filename extensions. These are only displayed for
-# FancyIndexed directories.
-#
-AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
-
-AddIconByType (TXT,/icons/text.gif) text/*
-AddIconByType (IMG,/icons/image2.gif) image/*
-AddIconByType (SND,/icons/sound2.gif) audio/*
-AddIconByType (VID,/icons/movie.gif) video/*
-
-AddIcon /icons/binary.gif .bin .exe
-AddIcon /icons/binhex.gif .hqx
-AddIcon /icons/tar.gif .tar
-AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
-AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
-AddIcon /icons/a.gif .ps .ai .eps
-AddIcon /icons/layout.gif .html .shtml .htm .pdf
-AddIcon /icons/text.gif .txt
-AddIcon /icons/c.gif .c
-AddIcon /icons/p.gif .pl .py
-AddIcon /icons/f.gif .for
-AddIcon /icons/dvi.gif .dvi
-AddIcon /icons/uuencoded.gif .uu
-AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
-AddIcon /icons/tex.gif .tex
-AddIcon /icons/bomb.gif core
-
-AddIcon /icons/back.gif ..
-AddIcon /icons/hand.right.gif README
-AddIcon /icons/folder.gif ^^DIRECTORY^^
-AddIcon /icons/blank.gif ^^BLANKICON^^
-
-#
-# DefaultIcon is which icon to show for files which do not have an icon
-# explicitly set.
-#
-DefaultIcon /icons/unknown.gif
-
-#
-# AddDescription allows you to place a short description after a file in
-# server-generated indexes. These are only displayed for FancyIndexed
-# directories.
-# Format: AddDescription "description" filename
-#
-#AddDescription "GZIP compressed document" .gz
-#AddDescription "tar archive" .tar
-#AddDescription "GZIP compressed tar archive" .tgz
-
-#
-# ReadmeName is the name of the README file the server will look for by
-# default, and append to directory listings.
-#
-# HeaderName is the name of a file which should be prepended to
-# directory indexes.
-ReadmeName README.html
-HeaderName HEADER.html
-
-#
-# IndexIgnore is a set of filenames which directory indexing should ignore
-# and not include in the listing. Shell-style wildcarding is permitted.
-#
-IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
-
-#
-# DefaultLanguage and AddLanguage allows you to specify the language of
-# a document. You can then use content negotiation to give a browser a
-# file in a language the user can understand.
-#
-# Specify a default language. This means that all data
-# going out without a specific language tag (see below) will
-# be marked with this one. You probably do NOT want to set
-# this unless you are sure it is correct for all cases.
-#
-# * It is generally better to not mark a page as
-# * being a certain language than marking it with the wrong
-# * language!
-#
-# DefaultLanguage nl
-#
-# Note 1: The suffix does not have to be the same as the language
-# keyword --- those with documents in Polish (whose net-standard
-# language code is pl) may wish to use "AddLanguage pl .po" to
-# avoid the ambiguity with the common suffix for perl scripts.
-#
-# Note 2: The example entries below illustrate that in some cases
-# the two character 'Language' abbreviation is not identical to
-# the two character 'Country' code for its country,
-# E.g. 'Danmark/dk' versus 'Danish/da'.
-#
-# Note 3: In the case of 'ltz' we violate the RFC by using a three char
-# specifier. There is 'work in progress' to fix this and get
-# the reference data for rfc1766 cleaned up.
-#
-# Catalan (ca) - Croatian (hr) - Czech (cs) - Danish (da) - Dutch (nl)
-# English (en) - Esperanto (eo) - Estonian (et) - French (fr) - German (de)
-# Greek-Modern (el) - Hebrew (he) - Italian (it) - Japanese (ja)
-# Korean (ko) - Luxembourgeois* (ltz) - Norwegian Nynorsk (nn)
-# Norwegian (no) - Polish (pl) - Portugese (pt)
-# Brazilian Portuguese (pt-BR) - Russian (ru) - Swedish (sv)
-# Simplified Chinese (zh-CN) - Spanish (es) - Traditional Chinese (zh-TW)
-#
-AddLanguage ca .ca
-AddLanguage cs .cz .cs
-AddLanguage da .dk
-AddLanguage de .de
-AddLanguage el .el
-AddLanguage en .en
-AddLanguage eo .eo
-AddLanguage es .es
-AddLanguage et .et
-AddLanguage fr .fr
-AddLanguage he .he
-AddLanguage hr .hr
-AddLanguage it .it
-AddLanguage ja .ja
-AddLanguage ko .ko
-AddLanguage ltz .ltz
-AddLanguage nl .nl
-AddLanguage nn .nn
-AddLanguage no .no
-AddLanguage pl .po
-AddLanguage pt .pt
-AddLanguage pt-BR .pt-br
-AddLanguage ru .ru
-AddLanguage sv .sv
-AddLanguage zh-CN .zh-cn
-AddLanguage zh-TW .zh-tw
-
-#
-# LanguagePriority allows you to give precedence to some languages
-# in case of a tie during content negotiation.
-#
-# Just list the languages in decreasing order of preference. We have
-# more or less alphabetized them here. You probably want to change this.
-#
-LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW
-
-#
-# ForceLanguagePriority allows you to serve a result page rather than
-# MULTIPLE CHOICES (Prefer) [in case of a tie] or NOT ACCEPTABLE (Fallback)
-# [in case no accepted languages matched the available variants]
-#
-ForceLanguagePriority Prefer Fallback
-
-#
-# Specify a default charset for all content served; this enables
-# interpretation of all content as UTF-8 by default. To use the
-# default browser choice (ISO-8859-1), or to allow the META tags
-# in HTML content to override this choice, comment out this
-# directive:
-#
-AddDefaultCharset UTF-8
-
-#
-# AddType allows you to add to or override the MIME configuration
-# file mime.types for specific file types.
-#
-#AddType application/x-tar .tgz
-
-#
-# AddEncoding allows you to have certain browsers uncompress
-# information on the fly. Note: Not all browsers support this.
-# Despite the name similarity, the following Add* directives have nothing
-# to do with the FancyIndexing customization directives above.
-#
-#AddEncoding x-compress .Z
-#AddEncoding x-gzip .gz .tgz
-
-# If the AddEncoding directives above are commented-out, then you
-# probably should define those extensions to indicate media types:
-#
-AddType application/x-compress .Z
-AddType application/x-gzip .gz .tgz
-
-#
-# MIME-types for downloading Certificates and CRLs
-#
-AddType application/x-x509-ca-cert .crt
-AddType application/x-pkcs7-crl .crl
-
-#
-# AddHandler allows you to map certain file extensions to "handlers":
-# actions unrelated to filetype. These can be either built into the server
-# or added with the Action directive (see below)
-#
-# To use CGI scripts outside of ScriptAliased directories:
-# (You will also need to add "ExecCGI" to the "Options" directive.)
-#
-#AddHandler cgi-script .cgi
-
-#
-# For files that include their own HTTP headers:
-#
-#AddHandler send-as-is asis
-
-#
-# For type maps (negotiated resources):
-# (This is enabled by default to allow the Apache "It Worked" page
-# to be distributed in multiple languages.)
-#
-AddHandler type-map var
-
-#
-# Filters allow you to process content before it is sent to the client.
-#
-# To parse .shtml files for server-side includes (SSI):
-# (You will also need to add "Includes" to the "Options" directive.)
-#
-AddType text/html .shtml
-AddOutputFilter INCLUDES .shtml
-
-#
-# Action lets you define media types that will execute a script whenever
-# a matching file is called. This eliminates the need for repeated URL
-# pathnames for oft-used CGI file processors.
-# Format: Action media/type /cgi-script/location
-# Format: Action handler-name /cgi-script/location
-#
-
-#
-# Customizable error responses come in three flavors:
-# 1) plain text 2) local redirects 3) external redirects
-#
-# Some examples:
-#ErrorDocument 500 "The server made a boo boo."
-#ErrorDocument 404 /missing.html
-#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
-#ErrorDocument 402 http://www.example.com/subscription_info.html
-#
-
-#
-# Putting this all together, we can internationalize error responses.
-#
-# We use Alias to redirect any /error/HTTP_.html.var response to
-# our collection of by-error message multi-language collections. We use
-# includes to substitute the appropriate text.
-#
-# You can modify the messages' appearance without changing any of the
-# default HTTP_.html.var files by adding the line:
-#
-# Alias /error/include/ "/your/include/path/"
-#
-# which allows you to create your own set of files by starting with the
-# /var/www/error/include/ files and
-# copying them to /your/include/path/, even on a per-VirtualHost basis.
-#
-
-Alias /error/ "/var/www/error/"
-
-
-
-
- AllowOverride None
- Options IncludesNoExec
- AddOutputFilter Includes html
- AddHandler type-map var
- = 2.4>
- Require all granted
-
-
- Order allow,deny
- Allow from all
-
-
- LanguagePriority en es de fr
- ForceLanguagePriority Prefer Fallback
-
-
-# ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var
-# ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var
-# ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var
-# ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var
-# ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var
-# ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var
-# ErrorDocument 410 /error/HTTP_GONE.html.var
-# ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var
-# ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var
-# ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var
-# ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var
-# ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var
-# ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var
-# ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var
-# ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var
-# ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var
-# ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var
-
-
-
-
-#
-# The following directives modify normal HTTP response behavior to
-# handle known problems with browser implementations.
-#
-BrowserMatch "Mozilla/2" nokeepalive
-BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
-BrowserMatch "RealPlayer 4\.0" force-response-1.0
-BrowserMatch "Java/1\.0" force-response-1.0
-BrowserMatch "JDK/1\.0" force-response-1.0
-
-#
-# The following directive disables redirects on non-GET requests for
-# a directory that does not include the trailing slash. This fixes a
-# problem with Microsoft WebFolders which does not appropriately handle
-# redirects for folders with DAV methods.
-# Same deal with Apple's DAV filesystem and Gnome VFS support for DAV.
-#
-BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
-BrowserMatch "MS FrontPage" redirect-carefully
-BrowserMatch "^WebDrive" redirect-carefully
-BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully
-BrowserMatch "^gnome-vfs/1.0" redirect-carefully
-BrowserMatch "^XML Spy" redirect-carefully
-BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
-
-#
-# Allow server status reports generated by mod_status,
-# with the URL of http://servername/server-status
-# Change the ".example.com" to match your domain to enable.
-#
-#
-# SetHandler server-status
-# Order deny,allow
-# Deny from all
-# Allow from .example.com
-#
-
-#
-# Allow remote server configuration reports, with the URL of
-# http://servername/server-info (requires that mod_info.c be loaded).
-# Change the ".example.com" to match your domain to enable.
-#
-#
-# SetHandler server-info
-# Order deny,allow
-# Deny from all
-# Allow from .example.com
-#
-
-#
-# Proxy Server directives. Uncomment the following lines to
-# enable the proxy server:
-#
-#
-#ProxyRequests On
-#
-#
-# Order deny,allow
-# Deny from all
-# Allow from .example.com
-#
-
-#
-# Enable/disable the handling of HTTP/1.1 "Via:" headers.
-# ("Full" adds the server version; "Block" removes all outgoing Via: headers)
-# Set to one of: Off | On | Full | Block
-#
-#ProxyVia On
-
-#
-# To enable a cache of proxied content, uncomment the following lines.
-# See http://httpd.apache.org/docs/2.2/mod/mod_cache.html for more details.
-#
-#
-# CacheEnable disk /
-# CacheRoot "/var/cache/mod_proxy"
-#
-#
-
-#
-# End of proxy directives.
-
-### Section 3: Virtual Hosts
-#
-# VirtualHost: If you want to maintain multiple domains/hostnames on your
-# machine you can setup VirtualHost containers for them. Most configurations
-# use only name-based virtual hosts so the server doesn't need to worry about
-# IP addresses. This is indicated by the asterisks in the directives below.
-#
-# Please see the documentation at
-#
-# for further details before you try to setup virtual hosts.
-#
-# You may use the command line option '-S' to verify your virtual host
-# configuration.
-
-#
-# Use name-based virtual hosting.
-#
-#NameVirtualHost *:80
-#
-# NOTE: NameVirtualHost cannot be used without a port specifier
-# (e.g. :80) if mod_ssl is being used, due to the nature of the
-# SSL protocol.
-#
-
-#
-# VirtualHost example:
-# Almost any Apache directive may go into a VirtualHost container.
-# The first VirtualHost section is used for requests without a known
-# server name.
-#
-#
-# ServerAdmin webmaster@dummy-host.example.com
-# DocumentRoot /www/docs/dummy-host.example.com
-# ServerName dummy-host.example.com
-# ErrorLog logs/dummy-host.example.com-error_log
-# CustomLog logs/dummy-host.example.com-access_log common
-#
diff --git a/templates/ssl.conf.erb b/templates/ssl.conf.erb
deleted file mode 100644
index fb38b95..0000000
--- a/templates/ssl.conf.erb
+++ /dev/null
@@ -1,70 +0,0 @@
-#
-# This is the Apache server configuration file providing SSL support.
-# It contains the configuration directives to instruct the server how to
-# serve pages over an https connection. For detailing information about these
-# directives see
-#
-# Do NOT simply read the instructions in here without understanding
-# what they do. They're here only as hints or reminders. If you are unsure
-# consult the online docs. You have been warned.
-#
-
-LoadModule ssl_module modules/mod_ssl.so
-
-#
-# When we also provide SSL we have to listen to the
-# the HTTPS port in addition.
-#
-Listen <%= scope.lookupvar("cgit::https_port") %>
-
-##
-## SSL Global Context
-##
-## All SSL configuration in this context applies both to
-## the main server and all SSL-enabled virtual hosts.
-##
-
-# Pass Phrase Dialog:
-# Configure the pass phrase gathering process.
-# The filtering dialog program (`builtin' is a internal
-# terminal dialog) has to provide the pass phrase on stdout.
-SSLPassPhraseDialog builtin
-
-# Inter-Process Session Cache:
-# Configure the SSL Session Cache: First the mechanism
-# to use and second the expiring timeout (in seconds).
-SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
-SSLSessionCacheTimeout 300
-
-# Semaphore:
-# Configure the path to the mutual exclusion semaphore the
-# SSL engine uses internally for inter-process synchronization.
-
-SSLMutex default
-
-
-# Pseudo Random Number Generator (PRNG):
-# Configure one or more sources to seed the PRNG of the
-# SSL library. The seed data should be of good random quality.
-# WARNING! On some platforms /dev/random blocks if not enough entropy
-# is available. This means you then cannot use the /dev/random device
-# because it would lead to very long connection times (as long as
-# it requires to make more entropy available). But usually those
-# platforms additionally provide a /dev/urandom device which doesn't
-# block. So, if available, use this one instead. Read the mod_ssl User
-# Manual for more details.
-SSLRandomSeed startup file:/dev/urandom 256
-SSLRandomSeed connect builtin
-#SSLRandomSeed startup file:/dev/random 512
-#SSLRandomSeed connect file:/dev/random 512
-#SSLRandomSeed connect file:/dev/urandom 512
-
-#
-# Use "SSLCryptoDevice" to enable any supported hardware
-# accelerators. Use "openssl engine -v" to list supported
-# engine names. NOTE: If you enable an accelerator and the
-# server does not start, consult the error logs and ensure
-# your accelerator is functioning properly.
-#
-SSLCryptoDevice builtin
-#SSLCryptoDevice ubsec