diff options
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/apache2/patchwork.fastcgi.conf | 17 | ||||
| -rw-r--r-- | lib/apache2/patchwork.mod_python.conf | 22 | ||||
| -rw-r--r-- | lib/sql/grant-all.sql | 68 |
3 files changed, 107 insertions, 0 deletions
diff --git a/lib/apache2/patchwork.fastcgi.conf b/lib/apache2/patchwork.fastcgi.conf new file mode 100644 index 0000000..78d8147 --- /dev/null +++ b/lib/apache2/patchwork.fastcgi.conf @@ -0,0 +1,17 @@ +NameVirtualHost patchwork.example.com:80 +<VirtualHost patchwork.example.com:80> + DocumentRoot /srv/patchwork/htdocs/ + + Alias /media/ /srv/patchwork/lib/python/django/contrib/admin/media/ + + FastCGIExternalServer /srv/patchwork/htdocs/patchwork.fcgi -socket /srv/patchwork/var/fcgi.sock + + RewriteEngine On + RewriteCond %{REQUEST_URI} !^/(images|css|js|media)/.* + RewriteCond %{REQUEST_FILENAME} !-f + RewriteRule ^/(.*)$ /patchwork.fcgi/$1 [QSA,L] + + LogLevel warn + ErrorLog /var/log/apache2/patchwork-error.log + CustomLog /var/log/apache2/patchwork-acess.log combined +</VirtualHost> diff --git a/lib/apache2/patchwork.mod_python.conf b/lib/apache2/patchwork.mod_python.conf new file mode 100644 index 0000000..a84a9e2 --- /dev/null +++ b/lib/apache2/patchwork.mod_python.conf @@ -0,0 +1,22 @@ +NameVirtualHost patchwork.example.com:80 +<VirtualHost patchwork.example.com:80> + DocumentRoot /srv/patchwork/htdocs/ + + Alias /media/ /srv/patchwork/lib/python/django/contrib/admin/media/ + + <Location "/"> + SetHandler python-program + PythonHandler django.core.handlers.modpython + PythonPath "['/srv/patchwork/apps', '/srv/patchwork/lib/python'] + sys.path" + SetEnv DJANGO_SETTINGS_MODULE patchwork.settings + </Location> + + <Location "/(images|css|js|media)/"> + SetHandler None + </Location> + + LogLevel warn + ErrorLog /var/log/apache2/patchwork-error.log + CustomLog /var/log/apache2/patchwork-acess.log combined + +</VirtualHost> diff --git a/lib/sql/grant-all.sql b/lib/sql/grant-all.sql new file mode 100644 index 0000000..4b8a43b --- /dev/null +++ b/lib/sql/grant-all.sql @@ -0,0 +1,68 @@ +BEGIN; +-- give necessary permissions to the web server. Becuase the admin is all +-- web-based, these need to be quite permissive +GRANT SELECT, UPDATE, INSERT, DELETE ON + auth_message, + django_session, + django_site, + django_admin_log, + django_content_type, + auth_group_permissions, + auth_user, + auth_user_groups, + auth_group, + auth_user_user_permissions, + auth_permission, + patchwork_registrationrequest, + patchwork_userpersonconfirmation, + patchwork_state, + patchwork_comment, + patchwork_person, + patchwork_userprofile, + patchwork_userprofile_maintainer_projects, + patchwork_project, + patchwork_bundle, + patchwork_bundle_patches, + patchwork_patch +TO "www-data"; +GRANT SELECT, UPDATE ON + auth_group_id_seq, + auth_group_permissions_id_seq, + auth_message_id_seq, + auth_permission_id_seq, + auth_user_groups_id_seq, + auth_user_id_seq, + auth_user_user_permissions_id_seq, + django_admin_log_id_seq, + django_content_type_id_seq, + django_site_id_seq, + patchwork_bundle_id_seq, + patchwork_bundle_patches_id_seq, + patchwork_comment_id_seq, + patchwork_patch_id_seq, + patchwork_person_id_seq, + patchwork_project_id_seq, + patchwork_registrationrequest_id_seq, + patchwork_state_id_seq, + patchwork_userpersonconfirmation_id_seq, + patchwork_userprofile_id_seq, + patchwork_userprofile_maintainer_projects_id_seq +TO "www-data"; + +-- allow the mail user (in this case, 'nobody') to add patches +GRANT INSERT, SELECT ON + patchwork_patch, + patchwork_comment, + patchwork_person +TO "nobody"; +GRANT SELECT ON + patchwork_project +TO "nobody"; +GRANT UPDATE, SELECT ON + patchwork_patch_id_seq, + patchwork_person_id_seq, + patchwork_comment_id_seq +TO "nobody"; + +COMMIT; + |