Inital commit

Signed-off-by: Jeremy Kerr <jk@ozlabs.org>

3 files changed, 107 insertions, 0 deletions

diff --git a/lib/apache2/patchwork.fastcgi.conf b/lib/apache2/patchwork.fastcgi.conf
new file mode 100644
index 0000000..78d8147
--- /dev/null
+++ b/lib/apache2/patchwork.fastcgi.conf
@@ -0,0 +1,17 @@
+NameVirtualHost patchwork.example.com:80
+<VirtualHost patchwork.example.com:80>
+	DocumentRoot /srv/patchwork/htdocs/
+
+	Alias /media/ /srv/patchwork/lib/python/django/contrib/admin/media/
+
+	FastCGIExternalServer /srv/patchwork/htdocs/patchwork.fcgi -socket /srv/patchwork/var/fcgi.sock
+
+	RewriteEngine On
+	RewriteCond %{REQUEST_URI} !^/(images|css|js|media)/.*
+	RewriteCond %{REQUEST_FILENAME} !-f
+	RewriteRule ^/(.*)$ /patchwork.fcgi/$1 [QSA,L]
+
+	LogLevel warn
+	ErrorLog /var/log/apache2/patchwork-error.log
+	CustomLog /var/log/apache2/patchwork-acess.log combined
+</VirtualHost>
diff --git a/lib/apache2/patchwork.mod_python.conf b/lib/apache2/patchwork.mod_python.conf
new file mode 100644
index 0000000..a84a9e2
--- /dev/null
+++ b/lib/apache2/patchwork.mod_python.conf
@@ -0,0 +1,22 @@
+NameVirtualHost patchwork.example.com:80
+<VirtualHost patchwork.example.com:80>
+	DocumentRoot /srv/patchwork/htdocs/
+
+	Alias /media/ /srv/patchwork/lib/python/django/contrib/admin/media/
+
+	<Location "/">
+	    SetHandler python-program
+	    PythonHandler django.core.handlers.modpython
+	    PythonPath "['/srv/patchwork/apps', '/srv/patchwork/lib/python'] + sys.path"
+	    SetEnv DJANGO_SETTINGS_MODULE patchwork.settings
+	</Location>
+
+	<Location "/(images|css|js|media)/">
+	    SetHandler None
+	</Location>
+
+	LogLevel warn
+	ErrorLog /var/log/apache2/patchwork-error.log
+	CustomLog /var/log/apache2/patchwork-acess.log combined
+
+</VirtualHost>
diff --git a/lib/sql/grant-all.sql b/lib/sql/grant-all.sql
new file mode 100644
index 0000000..4b8a43b
--- /dev/null
+++ b/lib/sql/grant-all.sql
@@ -0,0 +1,68 @@
+BEGIN;
+-- give necessary permissions to the web server. Becuase the admin is all
+-- web-based, these need to be quite permissive
+GRANT SELECT, UPDATE, INSERT, DELETE ON
+	auth_message,
+	django_session,
+	django_site,
+	django_admin_log,
+	django_content_type,
+	auth_group_permissions,
+	auth_user,
+	auth_user_groups,
+	auth_group,
+	auth_user_user_permissions,
+	auth_permission,
+	patchwork_registrationrequest,
+	patchwork_userpersonconfirmation,
+	patchwork_state,
+	patchwork_comment,
+	patchwork_person,
+	patchwork_userprofile,
+	patchwork_userprofile_maintainer_projects,
+	patchwork_project,
+	patchwork_bundle,
+	patchwork_bundle_patches,
+	patchwork_patch
+TO "www-data";
+GRANT SELECT, UPDATE ON
+	auth_group_id_seq,
+	auth_group_permissions_id_seq,
+	auth_message_id_seq,
+	auth_permission_id_seq,
+	auth_user_groups_id_seq,
+	auth_user_id_seq,
+	auth_user_user_permissions_id_seq,
+	django_admin_log_id_seq,
+	django_content_type_id_seq,
+	django_site_id_seq,
+	patchwork_bundle_id_seq,
+	patchwork_bundle_patches_id_seq,
+	patchwork_comment_id_seq,
+	patchwork_patch_id_seq,
+	patchwork_person_id_seq,
+	patchwork_project_id_seq,
+	patchwork_registrationrequest_id_seq,
+	patchwork_state_id_seq,
+	patchwork_userpersonconfirmation_id_seq,
+	patchwork_userprofile_id_seq,
+	patchwork_userprofile_maintainer_projects_id_seq
+TO "www-data";
+
+-- allow the mail user (in this case, 'nobody') to add patches
+GRANT INSERT, SELECT ON
+	patchwork_patch,
+	patchwork_comment,
+	patchwork_person
+TO "nobody";
+GRANT SELECT ON
+	patchwork_project
+TO "nobody";
+GRANT UPDATE, SELECT ON
+	patchwork_patch_id_seq,
+	patchwork_person_id_seq,
+	patchwork_comment_id_seq
+TO "nobody";
+
+COMMIT;
+