Skip to content

Instantly share code, notes, and snippets.

@drscream
Created December 10, 2018 19:21
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save drscream/f536cca6a3f71c780fec940c5934439d to your computer and use it in GitHub Desktop.
Save drscream/f536cca6a3f71c780fec940c5934439d to your computer and use it in GitHub Desktop.
#!/usr/bin/env bash
# INIT
REQ_INS="git build-essential openjdk8 digest findutils apache-tomcat nginx"
WRK_DIR="/data/pkgsrc"
SOURCE="git://github.com/NetBSD/pkgsrc.git"
BRANCH=${1-"trunk"}
GROK_VERSION="1.1-rc58"
# MAIN
echo "* install requirements"
pkgin install ${REQ_INS}
pkg_add https://pkgsrc.smartos.skylime.net/skylime-extra/2018Q2/x86_64/ctags-5.8nb20181011.tgz
echo "* clone pkgsrc from ${SOURCE}"
if [[ !-d "${WRK_DIR}/pkgsrc" ]]; then
git clone ${SOURCE} ${WRK_DIR}/pkgsrc
else
pushd ${WRK_DIR}/pkgsrc > /dev/null
if ! git pull --all; then
cd .. && rm -rf ${WRK_DIR}
git clone ${SOURCE} ${WRK_DIR}/pkgsrc
fi
popd
fi
echo "* switching branch to ${BRANCH}"
pushd ${WRK_DIR}/pkgsrc > /dev/null
git checkout ${BRANCH}
popd
echo "* create simple mk.conf"
cat << EOF > /opt/local/etc/mk.conf.local
DISTDIR= ${WRK_DIR}/distfiles
PACKAGES= ${WRK_DIR}/packages
WRKOBJDIR= ${WRK_DIR}/work
MASTER_SORT_RANDOM= no
FETCH_USING= curl
ALLOW_VULNERABLE_PACKAGES= yes
SKIP_LICENSE_CHECK= yes
MAKE_JOBS= 8
SKIP_DEPENDS= yes
.if NO_SRC_ON_FTP
PKG_FAIL_REASON+= "NO_SRC_ON_FTP not wanted for grok"
.endif
EOF
echo "* create fetch-list"
pushd ${WRK_DIR}/pkgsrc > /dev/null
bmake fetch-list MASTER_SORT_RANDOM=no > ${WRK_DIR}/fetch-list.sh
popd > /dev/null
echo "* download all source distfiles"
chmod 750 ${WRK_DIR}/fetch-list.sh
${WRK_DIR}/fetch-list.sh
echo "* extract all source distfiles"
pushd ${WRK_DIR}/pkgsrc > /dev/null
bmake extract
popd > /dev/null
echo "* remove unused version control files from source distfiles"
pushd ${WRK_DIR}/work > /dev/null
gfind . -type d -name \.git -or -name CVSROOT -or -name \.svn -or -name \.subversion > /tmp/to-be-deleted
cat /tmp/to-be-deleted | while read d; do
rm -rf "${d}"
done
rm /tmp/to-be-deleted
popd > /dev/null
echo "* fix permissions for indexing"
pushd ${WRK_DIR}/work > /dev/null
find . -type d ! -perm 0755 -exec chmod 0755 {} \;
find . -type f ! -perm 0644 -exec chmod 0644 {} \;
popd > /dev/null
echo "* install grok"
pushd /root > /dev/null
curl -LO https://github.com/oracle/opengrok/releases/download/${GROK_VERSION}/opengrok-${GROK_VERSION}.tar.gz
gtar xfz opengrok-${GROK_VERSION}.tar.gz
ln -s opengrok-${GROK_VERSION} opengrok
popd > /dev/null
echo "* install grok.war to tomcat"
pushd /root/opengrok/bin > /dev/null
./deploy.py -c /data/pkgsrc/opengrok-configuration.xml ../lib/source.war /opt/local/share/tomcat/webapps/
popd > /dev/null
echo "* secure tomcat"
pushd /opt/local/share/tomcat/conf > /dev/null
sed -i 's|^\( <Connector\) port=\(.*\)|\1 address="127.0.0.1" port=\2|g' server.xml
popd > /dev/null
echo "* enable tomcat"
mkdir -p /var/opengrok/etc/
ln -s /data/pkgsrc/opengrok-configuration.xml /var/opengrok/etc/configuration.xml
svcadm enable tomcat
echo "* create selfsign ssl"
mkdir -p /opt/local/etc/nginx/ssl
/opt/core/bin/ssl-selfsigned.sh -d /opt/local/etc/nginx/ssl -f nginx
echo "* config nginx proxy"
cat << EOF > /opt/local/etc/nginx/nginx.conf
user www www;
worker_processes 1;
events { worker_connections 1024; }
http {
include /opt/local/etc/nginx/mime.types;
sendfile on;
gzip on;
keepalive_timeout 65;
server {
listen 80; server_name grok.pkgsrc.pub;
location /.well-known/acme-challenge/ { root /var/letsencrypt/acme/; }
rewrite ^ https://\$server_name\$request_uri? permanent;
}
server {
listen 443 ssl; server_name grok.pkgsrc.pub;
location = / { return 301 https://\$server_name/source/; }
location /.well-known/acme-challenge/ { root /var/letsencrypt/acme/; }
location /source/ {
proxy_set_header X-Forwarded-Host \$host; proxy_set_header X-Forwarded-Server \$host;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:8080/source/;
}
ssl_certificate ssl/nginx.crt;
ssl_certificate_key ssl/nginx.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
}
}
EOF
echo "* enable nginx proxy"
svcadm enable nginx
echo "* let the awesome ssl script create valid certs for nginx"
/opt/core/bin/ssl-generator.sh /opt/local/etc/nginx/ssl nginx_ssl nginx svc:/pkgsrc/nginx:default
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment