Suspect Devices maintains a git backup server for repositories hosted by github and bitbucket. This site uses Redmine to track issues and work.
- Backup repositories hosted elsewhere.
- Consolidate work into active/inactive projects
- Track issues (ticketing)
- Document server setup.
This server is running on a Ubuntu 18.04 container because redmine requires a version of Ruby that is behind the new LTS (20.04). We will revisit this next spring.
apt-get install postgresql apt-get install apache2 libapache2-mod-passenger apt-get install redmine-pgsql apt-get install redmine cp /usr/share/doc/redmine/examples/apache2-passenger-host.conf /etc/apache2/sites-available/redmine.conf nano /etc/apache2/sites-available/redmine.conf a2enmod passenger a2ensite redmine.conf a2dissite 000-default service apache2 reload update.sh
Adding git functionality...
apt-get install git
Add git command to configuration
cp /usr/share/redmine/config/configuration.yml.example /etc/redmine/default/configuration.yml nano /etc/redmine/default/configuration.yml ... add git command here ... scm_git_command: git ... service redmine restart
Create some space for mirrors.
mkdir /var/git chown -R www-data:www-data /var/git/
The www-data user should have its keys added to bitbucket and github. (This user does not need write permission)
vipw su - www-data mkdir /var/www/.ssh chown www-data:www-data /var/www su - www-data ssh-genkey
Rather than configuring a git hook for both github and bitbucket we will create scripts to populate and update the mirrors.
vi /etc/cron.d/sync_git_repos */2 * * * * www-data /var/www/bin/update-repos.py
Making redmine less ugly.
Redmine makes it fairly easy to theme using css to override its defaults.
cd /usr/share/redmine/public/themes/ ls mkdir susdev chown www-data susdev mkdir susdev/stylesheets/ mkdir susdev/images ls cd susdev/images/ wget https://serverdocs.suspectdevices.com/serverdocs/chrome/site/sd_logo_sm.png wget https://serverdocs.suspectdevices.com/serverdocs/chrome/site/sd_logo_sm.png --no-check-certificate nano ../stylesheets/application.css ls nano ../stylesheets/application.css chown -R www-data:www-data ../../susdev
Adding SSL to the site
sudo bash make-ssl-cert generate-default-snakeoil --force-overwrite cd /etc/apache2/ ls a2enmod ssl nano sites-enabled/redmine.conf apache2ctl configtest apache2ctl restart
Getting a certificate from letsencrypt
the EFF provides a certificate and a program to set it up from letsencrypt
apt-get install certbot
Certbot expects to be able to verify that your server exists and can serve one of its files. The file needs to be accessable at http://\
cd /usr/share/redmine/public mkdir -p .well-known/acme-challenge/ echo hello> .well-known/acme-challenge/test root@emile:/usr/share/redmine/public# chown -R www-data:www-data .well-known/
Once this is done you can run certbot manually.
certbot certonly --manual
They are going to ask a bunch of questions and then ask you to create file on the server. The script pauses and you will have to create the file in a different shell.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Create a file containing just this data: KncX49YdVo125HQZiI1qYbSZxIPIUPMmcJUg2thHHCs.yoObxAOItnb_LvbpT7eCOZwNmD_ROuCOAkQqFAoKSTc And make it available on your web server at this URL: http://git.suspectdevices.com/.well-known/acme-challenge/KncX49YdVo125HQZiI1qYbSZxIPIUPMmcJUg2thHHCs - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Press Enter to Continue
Create the file as instructed in a different terminal and make sure its accessable by apache.
echo KncX49YdVo125HQZiI1qYbSZxIPIUPMmcJUg2thHHCs.yoObxAOItnb_LvbpT7eCOZwNmD_ROuCOAkQqFAoKSTc>/usr/share/redmine/public/.well-known/acme-challenge/KncX49YdVo125HQZiI1qYbSZxIPIUPMmcJUg2thHHCs chown www-data:www-data /usr/share/redmine/public/.well-known/acme-challenge/KncX49YdVo125HQZiI1qYbSZxIPIUPMmcJUg2thHHCs
If it's successful it will install the certificate and private key under /etc/letsencrypt/live/. Adjust your apache configuration.
nano /etc/apache2/sites-enabled/redmine.conf ... replace the top portion of the original virtualhost config with the following .... <VirtualHost *:80> Redirect permanent "/" "https://git.suspectdevices.com/" </VirtualHost> <VirtualHost *:443> ServerName git.suspectdevices.com SSLEngine on #SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem #SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key SSLCertificateFile /etc/letsencrypt/live/git.suspectdevices.com/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/git.suspectdevices.com/privkey.pem # this is the passenger config ... and save it .... apache2ctl configtest apache2ctl restart
Creating scripts clone and update the repositories
both bitbucket and git have apis that allow you to list the repositories for each user without needing to authenticate (and expose your credentials). There are limitations but they are worth exploring.
apt-get install python-github apt-get install python-bitbucket su -l www-data python
The scripts I arrived at work but could certainly be refined. I should probably just use a list for each repo regardless of the site and maintain that as part of this repo. Bitbucket does not allow you to list all of the private repos so I just went with a simple list.
Set up email
Debians postfix installer makes it very easy to install postfix configured as a null client. When installing select Satelite and provide your domain name and relay host.
apt-get install postfix
Things that are done in redmine.
- Set passwords and add admin users.
- Add projects and add repositories to them.
- Remove repo browsing from anonymous / non project users.
- Activate theme.
- USE IT!