commit 4bf511ba139d03a45426bb63e86c4dc589723123 Author: Vincent Ambo Date: Sun Feb 14 16:01:08 2016 +0100 [gogs] Add gogs setup diff --git a/README.md b/README.md new file mode 100644 index 000000000..124120b39 --- /dev/null +++ b/README.md @@ -0,0 +1,3 @@ +Configuration and such for stuff on *.tazj.in + +(with the exception of the blog, which is [here](https://git.tazj.in/tazjin/tazblog)) diff --git a/gogs/gogs-nginx.yaml b/gogs/gogs-nginx.yaml new file mode 100644 index 000000000..d9f1a93b8 --- /dev/null +++ b/gogs/gogs-nginx.yaml @@ -0,0 +1,9 @@ +# Nginx configuration storage + +apiVersion: v1 +kind: Secret +metadata: + name: gogs-nginx +type: Opaque +data: + gogs.conf: "IyBHb2dzIFRMUyB0dW5uZWwKc2VydmVyIHsKICAgIGxpc3RlbiA0NDMgc3NsOwoKICAgICMgY2VydHMgc2VudCB0byB0aGUgY2xpZW50IGluIFNFUlZFUiBIRUxMTyBhcmUgY29uY2F0ZW5hdGVkIGluIHNzbF9jZXJ0aWZpY2F0ZQogICAgc3NsX2NlcnRpZmljYXRlIC9ldGMvbmdpbngvc3NsL2dpdC10YXpqLWluLmNydDsKICAgIHNzbF9jZXJ0aWZpY2F0ZV9rZXkgL2V0Yy9uZ2lueC9zc2wvZ2l0LXRhemotaW4ua2V5OwogICAgc3NsX3Nlc3Npb25fdGltZW91dCAxZDsKICAgIHNzbF9zZXNzaW9uX2NhY2hlIHNoYXJlZDpTU0w6NTBtOwogICAgc3NsX3Nlc3Npb25fdGlja2V0cyBvZmY7CgogICAgIyBEaWZmaWUtSGVsbG1hbiBwYXJhbWV0ZXIgZm9yIERIRSBjaXBoZXJzdWl0ZXMsIHJlY29tbWVuZGVkIDIwNDggYml0cwogICAgc3NsX2RocGFyYW0gL2V0Yy9uZ2lueC9zc2wvZ2l0LXRhemotaW4uZGg7CgogICAgIyBtb2Rlcm4gY29uZmlndXJhdGlvbi4gdHdlYWsgdG8geW91ciBuZWVkcy4KICAgIHNzbF9wcm90b2NvbHMgVExTdjEuMSBUTFN2MS4yOwogICAgc3NsX2NpcGhlcnMgJ0VDREhFLVJTQS1BRVMxMjgtR0NNLVNIQTI1NjpFQ0RIRS1FQ0RTQS1BRVMxMjgtR0NNLVNIQTI1NjpFQ0RIRS1SU0EtQUVTMjU2LUdDTS1TSEEzODQ6RUNESEUtRUNEU0EtQUVTMjU2LUdDTS1TSEEzODQ6REhFLVJTQS1BRVMxMjgtR0NNLVNIQTI1NjpESEUtRFNTLUFFUzEyOC1HQ00tU0hBMjU2OmtFREgrQUVTR0NNOkVDREhFLVJTQS1BRVMxMjgtU0hBMjU2OkVDREhFLUVDRFNBLUFFUzEyOC1TSEEyNTY6RUNESEUtUlNBLUFFUzEyOC1TSEE6RUNESEUtRUNEU0EtQUVTMTI4LVNIQTpFQ0RIRS1SU0EtQUVTMjU2LVNIQTM4NDpFQ0RIRS1FQ0RTQS1BRVMyNTYtU0hBMzg0OkVDREhFLVJTQS1BRVMyNTYtU0hBOkVDREhFLUVDRFNBLUFFUzI1Ni1TSEE6REhFLVJTQS1BRVMxMjgtU0hBMjU2OkRIRS1SU0EtQUVTMTI4LVNIQTpESEUtRFNTLUFFUzEyOC1TSEEyNTY6REhFLVJTQS1BRVMyNTYtU0hBMjU2OkRIRS1EU1MtQUVTMjU2LVNIQTpESEUtUlNBLUFFUzI1Ni1TSEE6IWFOVUxMOiFlTlVMTDohRVhQT1JUOiFERVM6IVJDNDohM0RFUzohTUQ1OiFQU0snOwogICAgc3NsX3ByZWZlcl9zZXJ2ZXJfY2lwaGVycyBvbjsKCiAgICAjIEhTVFMgKG5neF9odHRwX2hlYWRlcnNfbW9kdWxlIGlzIHJlcXVpcmVkKSAoMTU3NjgwMDAgc2Vjb25kcyA9IDYgbW9udGhzKQogICAgYWRkX2hlYWRlciBTdHJpY3QtVHJhbnNwb3J0LVNlY3VyaXR5IG1heC1hZ2U9MTU3NjgwMDA7CgogICAgIyBPQ1NQIFN0YXBsaW5nIC0tLQogICAgIyBmZXRjaCBPQ1NQIHJlY29yZHMgZnJvbSBVUkwgaW4gc3NsX2NlcnRpZmljYXRlIGFuZCBjYWNoZSB0aGVtCiAgICBzc2xfc3RhcGxpbmcgb247CiAgICBzc2xfc3RhcGxpbmdfdmVyaWZ5IG9uOwoKICAgICMjIHZlcmlmeSBjaGFpbiBvZiB0cnVzdCBvZiBPQ1NQIHJlc3BvbnNlIHVzaW5nIFJvb3QgQ0EgYW5kIEludGVybWVkaWF0ZSBjZXJ0cwogICAgc3NsX3RydXN0ZWRfY2VydGlmaWNhdGUgL2V0Yy9uZ2lueC9zc2wvbGV0c2VuY3J5cHQuY3J0OwoKICAgIHJlc29sdmVyIDguOC44Ljg7CgogICAgIyBQcm94eSBhbGwgcmVxdWVzdHMgdG8gR29ncwogICAgbG9jYXRpb24gLyB7CiAgICAgICAgcHJveHlfcGFzcyBodHRwOi8vbG9jYWxob3N0OjMwMDA7CiAgICB9CiAgICAKICAgICMgRXhjZXB0IHRoZSB0aW55IC53ZWxsLWtub3duIGZvbGRlciwgd2hpY2ggd2Ugd2lsbCBuZWVkIGZvciByZW5ld2luZyBjZXJ0cwogICAgbG9jYXRpb24gXn4gLy53ZWxsLWtub3duL2FjbWUtY2hhbGxlbmdlLyB7CiAgICAgICAgZGVmYXVsdF90eXBlICJ0ZXh0L3BsYWluIjsKICAgICAgICByb290IC90bXAvZ29ncy9sZXRzZW5jcnlwdDsKICAgIH0KfQoKIyBSZWRpcmVjdCB0byBIVFRQUwpzZXJ2ZXIgewogICAgbGlzdGVuIDgwIGRlZmF1bHRfc2VydmVyOwogICAgc2VydmVyX25hbWUgXzsKICAgIHJldHVybiAzMDEgaHR0cHM6Ly8kaG9zdCRyZXF1ZXN0X3VyaTsKfQo=" diff --git a/gogs/gogs-rc.yaml b/gogs/gogs-rc.yaml new file mode 100644 index 000000000..5a236bb79 --- /dev/null +++ b/gogs/gogs-rc.yaml @@ -0,0 +1,44 @@ +apiVersion: v1 +kind: ReplicationController +metadata: + name: gogs +spec: + replicas: 1 + selector: + app: gogs + template: + metadata: + labels: + app: gogs + spec: + containers: + - image: gogs/gogs + imagePullPolicy: Always + name: gogs + ports: + - containerPort: 22 + - containerPort: 3000 + volumeMounts: + - name: gogs-storage + mountPath: /data + - image: nginx:1.9 + name: nginx + ports: + - containerPort: 80 + - containerPort: 443 + volumeMounts: + - name: gogs-tls + mountPath: /etc/nginx/ssl + - name: gogs-nginx + mountPath: /etc/nginx/conf.d + volumes: + - name: gogs-storage + gcePersistentDisk: + pdName: gogs-storage + fsType: ext4 + - name: gogs-tls + secret: + secretName: gogs-tls + - name: gogs-nginx + secret: + secretName: gogs-nginx diff --git a/gogs/gogs-svc.yaml b/gogs/gogs-svc.yaml new file mode 100644 index 000000000..66cd97419 --- /dev/null +++ b/gogs/gogs-svc.yaml @@ -0,0 +1,20 @@ +apiVersion: v1 +kind: Service +metadata: + name: gogs + labels: + app: gogs +spec: + type: LoadBalancer + selector: + app: gogs + ports: + - port: 22 + targetPort: 22 + name: git-ssh + - port: 443 + targetPort: 443 + name: gogs-https + - port: 80 + targetPort: 80 + name: gogs-http diff --git a/gogs/gogs-tls.yaml.asc b/gogs/gogs-tls.yaml.asc new file mode 100644 index 000000000..920819ae3 --- /dev/null +++ b/gogs/gogs-tls.yaml.asc @@ -0,0 +1,229 @@ +-----BEGIN PGP MESSAGE----- +Version: GnuPG v2 + +hMIDS826Ohxmza0SBCMEAU5mUBFxP1tvEDeWzpsciunCRE3I1AZ9ZNCm2RCiyfqm +/ZLsHRv1Jj6ucdIhIc2eQP2s8HSD7ga81KvZ/0uP0fX7AJDQEIHuXODnPjC3vdxn +72xtIBViNTNYRzOc4dMeFO22yTqsNuh/8qDfFAfR/aHjr/9RzYjXPozJutAAVRta +XObSMMWE87cRK9hgjIPNxZDexkRTkM5UeCk+34GAX2gbB+3pTfeFm0faBt+CqPiE +d3dNp9LtAYNqw8taU471042/8A9VHzfK/SvQUUr3aOqTnUhExSpSkuGtrXu+Rpln +415WhTpzFFEeuogJdJoCeA52v8pFUVPUc2ElRZfOj+7eWLoiw60ESygVpYa5izB3 +J7zPmbsxrXFXWrQNID2q3sUGpRsWx2mOBTScS6tiIP46oNPJmzxOMO3sDwzh9yaU +JGuvuDqF5bDT+wZSHsm4Z6/8c/Vg5pIx5RXFO2tkklP5dmQy1nqxmQnIL6KtETol +pd1SlYxnb2K6l4EYsvOtZZL0YSM7u+vqh1inS1+SsWISHgugxhke1kfqLLCs6SdB +EaJ9aD+z2X2754F0R+WP3B9uzylcuwsDiVs4oNNSlRWxnixqkT9Wzd6ZKq++CdRc +RUSEEKF8RfbfZV5JQyRfQvVi7vVQ9GSLKKFCOaUi6u8tw7gI005tEaLNbp0x538Z ++8QX9DpRF+KTL2fEVR2TE02FiJgD9Ev9BZmX8wIGkh7LCET3azZ8cQvmlKFy+EWD +1TzUviXAlVPVFjKaaKRMwkbQR80m6C086i+tpAmEWnBOFftg+ZYi1C5Vv9gy4JlL ++eIbkHetJddIIFmJbrzVkFnJgIAnhDf4cO8TMfUo4CUzGTaAMcpWQsmOR0zKHgD+ +P2olclT3YJcpzwEeqFC8gJRZKJUBFsATkO8AA3jjLJXK6WXSZ4lcM7xss9pa2+PM +7TyRPEBG6rHMxDFFK9DjunqGBMLYh52PL1PIq3bdElMKGfDq6jHnGXsrfM2u8tkM +iBRlQozyW/V0aeJUo31kAcbT0FL7W5EcFgQrWg0/aZn2N3dhqql/7MVl/mS/8kT5 ++r1P0tm1xBKQZevtVMvkp2m6zpWD02C5tbHzC251UaF8l6pWLQBXDRiMDwaWTR4z +FE8rqg8WG6WqQpQ/9QoTnjAfPeiqAioe3EBn539bYobcav5Q7jtY7jIVf3/zNXoW +IY4cwaqOHtb0CrNMPUuJo8BLKqGq1ZXtp0XWFGfAEZPwG24EambjrrQmdUHKQucG +fK4xMjRJoNtMDcPaXZJGW2WhCocQHF8N65q2c5qSVmmJy0rSYo13qVWsX1Z+aSOt +kRKZxytYBJxIF5JlUJ0s7SGs3mAZrygkHheSCFLDZDf6EOppAnj7+gykakfvDr+Q +TpfQ2B0LcsPKH8Vlrzzo/OLy3sGb/u81BwNQ/jWw/QHdx9Ha4MjwEcxiez1Y6hWK +LNGZxgTlWLrm42EVdJDq3JrtiaKBqzRCHo5seg1LsBwdzvo9+CzhjpyDDfEXs3pV +IEA9HpgPBWVQbh5LnNZkVSL/QE1oGo/ve20LX660yDZvnA4BFEKixkqhqNW3GpY0 +K0cCPf7XxNHaI0uK50z+rw7Teynk7ORAWIwZA9a02YBkb9AKZOTDpV1CpRLLt3n3 +DKSva6b9WWutGXb/q2SYe+kTShGoBhQU/zsk5BrdUjYPzSTADCBlG9PZo3gRQf8y ++7QxCyiP/pLa/RSRvH5Tkgf33n/a7C9YPNXLqO4WsB14cTUA9cGeQr6kl8DzbY6K +336osOA3cPR3hn8tCowz2DnWdYBT1NODq9ZuVIm7LL70T0Cv5x5wVBeFbnmqQDf3 +HWiN5vR55qv5HYSjwDGtx7+w176JztAv4eu2SEk1y32IkY1NhjySUQgC1Jz6tRww +f2DPWtHTBL1dI0EetPzjegmi63MLjak57ZGPBy3PXUtkarpVVsqR+n8fU/7aulrn +GX2/dl/va5y8Td8w0Nv0VsT7oVfkZtbpCpEedSMXtpX025TNWQ75CeTvLlAwv1Bl +GJ74v3K5/u3lQHlx3oCTXBRmOevbUDKJTHRJPluDbFE+E7YHV1QisjthoroOvwsY +LLocypSc+0G0p/+F/fYxc8307jSB3+oD1S8pbLH9K7OyCa7e7GoforeyfZZggwAO +vVRraJ+nJkWymP9pJl8vwnAY2H7cHVY+nlf5e/mgYgIvzAvJww7ponvgo36kFJU3 +YmDXlhOI8VNtObD9XiENHfIORSRQx+zDIxQBvGMGkqzIPWTWt0bW0dt3Ca2uRdDh +77aiHOiilCmrhSPR6YmOvH/qMcnb4w5lmWH/C1eAr4FX6RyrVvvXTj0hjGAlMsnd +VWCOC4x6H4y7iXTxufve3Py6jPQhxzUDwJzETNuh5J4wze2joV73R2QVHBUmTmem +pbnLAPEhj+cYDDWbSLsOD1lE0GsCuSQMr4UE659YOd4ALjolGlT68pLnCM0Jnb+m +gVCvL19dM6PCtlTeg6wG8yM7RjqY1G9pJX1I7pYWbn/82+up3XhyNCT+5Dm2+0SO +wYXzGeVcCv5inFjosRNn5peAQ0f8giAQkYDZxuWPFtBovVYC7tZ9P9e4qUIINt1/ +UeVmlwFZh5E/UiTpE0Wiq6mGCY4fl3L1L6boALllg0Fm/CeGZV+qtEa1dmyTLlDg +ShIpUkUbwKKVaW4/TPNHk0N8zV5I0WFKmCV6FOz92oPd/HyeduMyuS8LePUDGfst +ruA8dtCnARVHs8SjWNbyq94W0Hp0EaD+bLKc9JjBk14mq0OyDeUEQRezB8C/oLLV +Yez6xrBrsJVKh7wPQiBVQtjmHI+HGVYNiaeS3vRQ4EYhgu8MEf+isIhH2VVCfGgl +exHGOsmt5zld1b4oSJrfAU+aCys7KXdKqcYXsEKlfGhhjrpsN5SMioh6Fya0b8Y/ +JMJed2aZ5Lu19CvHUgFYMsSYGac7uR5nn9WfDAz47KJgfeEdS3plIi3fN1beyGXC +po7A5kL2loIYRm5VkSERqKO/F6UVgSN6uuj5nRd4SIebW45GJosp0e40EOvaURQt +9byct2D3O+AfIUS2AJhUxQJVYi/pJNSv8fT/pA6UlL0FWrp02jkpk20uzLRn2S63 +jovRJbhhi1dDcF1fXFIBGuSNRKmpefeuBuMz5/kf+WPHZvobO4bjjwZx2s1VXBCk +tnTMRd9fLuddiZhR/p96BwsJSzlA+4fhxBLEgiPtC2Tq+WaDvQKgq7eP6G+5yRL1 +Ic9wSRqshAZumUjP++3pVhUYfIInI0ijb3EeRrCt7AfKrHf5eTEaPtP82hssjVYV +twFbyd6x9sfj3ym1btrDFKmho1URHxZXoNJ5/+Kbfqsk/tE68bRFCVq0E36pqjkI +p3QLWN0LVeYrScha01l+ZNW/pZU5Nx1RI3IiyvExsUylWwvRjXJLvVsvdsUzfJrA +bVqtEQI2ffQBZpiIxYKE3RAIN8ikPkx69/ac7fcaKS3Vs3wSu0lhjRqpF1pszWEz +gxa+eZ/gUqPXG59XtwEu2Fb+xLlniZ6/sj7T7nzyxD6dqOSESGn73sffh82QPhvB +BPnwR6iYftAtT2h0XpKVfkXyivucCOO206nQJQ9Pm5dCOrOo3931a7TFXu3ravu6 +giT20CyzTNF2y5qZAKEA4aWd3mPnDxgT1thG/8HwYSVLDAVXKicq9stS6C+zjm/s ++I6zfvPIMimdBL+uWM+0tExQVJo2ciLSHIxeeyIwbFIRXlX2XNDoa7wpkf83ia49 +6g88pS8+x9U755pH1Zt43V/zE719R9g3/l9pk0+YmcjblD0Pshnm5urcCloOFCET +mWEIyh7qjgh2V3kSngzjiItUnHDfhIZg5yj4JhWVfo53bEqrY+FQbNAdj+mxbiXt +sSUqyZQ0sVSFh68pJokysc6izDBo1mQNu95E3tSQOBxdo8nZQH5IHsATBlHLKxIo +bHlkaaIBAqj7982RSkFh2Eh2zoSEfttjcUMEx0anngQhPW+oaQn0vxCAAAFESlar +el7VlkI5N9CfKowUwhCKGAHWvE4o+RfhttA73ie52nsg47TElbEBGHnFkTqVBxGj +3dPx+TgaD4rXTwF9ElR8k0IixDM25DR93zUHcwvTTUOgEwP3HU4VKcZ3AXiyUMwa +IjK5ib/HT3FPK3DStOLnZGotfntU5lszOwJ7mYzHEPR+c1fV2+RZC34Aw2aYT2Js +dLzNDUe4/iodypvXvQyq3J3JEVGHRVWclzFNl1xq/WqzxfS61kBMJNXslkvSgFPS +LmiiFvmKMNgYyxEV1kHs8Agc9FR6Wij4wGHVQ3FfGN08tNmi8KGeuJ9rLyUYyQ3K +sNyQ0YCEOLTfLDZV78JEjBkKl5crooQvz0Grq48xbaRCK6VbOQN5FOq/gzPClJdR +ov+Wz87V4LW7/tmuWXMWWSZLxuWVZ2LuNJMdm0xQaxXWEZadve9g6mdO5fOBsXkb +wRiTMKv7xmRLysD8+Qv0B/gCII1CoQ4KFr+mUaI/aBmxwUjRypDpDIX1rciQJmI6 +HFZ3iMMxV4snPJgbU9lMBK2tASIWYqLhj2D5zPgkksd4W1U38zeToeLtk2MPEZHW +pWbhPLHK44mq8gK/SLFB8ix7mbpWL4P3+1RsGbfdftt3YD6dg8ytUrFUNKi/unfU +ftYGp/apDAoh6mDjLaYGcy+/mXeX5+VRExM/zKijKSV/V5az1bRSEP3VZPr7srMM +EOCKCsezzurjNV0hDokY0I413FGokdGNu8+6CUDaTuwSsWS/fnqRGN1Ar/xgfvnc +vea26rCCKI6P9iqIulPlQP/wX23wHqEXDXi2mS6DgqzxE64gmcNfAcmYAwWdourH ++t+Nwz7LwTmI8WTTTM3tVbk+iKR47X13Y5E1u9ErR7rGc1Vml2ovcobZXv0WEG/a +FDq2VLqPP10cPG5vVVQrgy+6TWRBQ2FlfPn1HzBLGuORvc4jgJhfsYKBkZOrxtYQ +iuEGTEjE0CcJsGAnOmdM4IQ+iyvqRxgfugrVj9S7MyqtufB0ufKw6S7g/qMupzJp +57eFaOmDQJ8hbvl/ERM1lAle5ZzE9wAgjE52Yzbwn0zShAf7dTOgHljW9IseKBnd +0m4G8AtCzSlOifuuclNU6RNJoeN1EIvX0ukyZZbAgN+D30tPaWfAjFK0AF5BV6B+ +QDUQzMb5iIroEsAIvbZ+JBStk8V+GT1mz7KVm46syDsH1tb4S7NBOElya6nWwZBf +Ly+ulY8Jk6qNKTXaeboqV6DC4T5rdgrfscbuZTnvpvuPeoz3APufOZBt58f+BJAG +8DOVQn/Y2RTyVYYNq5w3v9/cU1myK8RHb7Ucb/t+3A8pjcmsD5Jiw1cPm/VV1vHi +ClAQ43BtMupoE8CmPNyNeZ1tLeljGmC9NI+DlMd3BIxwfaKWICvDLDlw8OqcwaAz +kkTt1B77IIEAmyixg93ZxfOHTy7UUSA+bP7ILqlP2dCRpWTO6W1nBzLWNo553SDB +zfzb+VOvykc7/XR44VfncilVlQEchAIzVeuVeUiRAPVjigk4LZAyZOZoXqGUt50E +5iwLQEXRStcc8/OP74mHNvICkheRp0H2c9clhST3oULMID5ZjWfTYXfRYCkPfBk5 +gb/lV1LrqS/hfyeWVCY2h5o90QZ/AYAm6xKNvjYc7rIibS7MVcyl2o7wHXAO3Wtd +URTMQ4yRmS1e7IZfdreUFemmakhcAoKFOj59YF/o2Cu2xtdc11rj9eb6ZJUzoINq +0iurlxSdzVx52af3ryihUTDWsActR+dCToapSUDIEKthVbkTVAZcoZU6cG0APYTn +9U5nAE+X4JUad5IXr4DnIl4zmPkZ2IShF3a0V92jEv7we2ALcxgoYUd6PrtHp2l2 +lm1ezNHFRik51/VMaJQJw5PwGJqBsC/Nk4udtrqMKHFE9aMRO/3GDDhDPtj5wp0z +yQ00dMMaBpLp6KDWLuBWGNQPzR8oqdNeffBgsr1rj8hvujzh/aV1icJuNEpyl9x0 +9Ld2yzWSYxIjHcIOpbeFxGyLzXOf2jSDnF2aK5YrEYTVRSKYazUIfPjEB4oG5ub2 +zys+Br8rZV8wnK7EjqpmQEd2003KiNHvFjNmvTiJrLWKS6XeLgm+MEzCNhjkJMch ++1WhV6UVfMpSIAhqYqmZuAOUeL5ZqjpUydJi1v3JnYOMF0mi/yfgdUakevwbNE2j +YE6/cM6EcA5yi+p1jjuFygOVku8vYSplMCcrcNwhOogoC8JDHzHZ8bDgyBKo3Jpu +vmw8qjOgjDfdRxRZuJAE0MbubV1HC5bgwiEvpFIZEDrKbVuhZ2zimwiSEXV5fMJw +8o/iRLiQPwEC4rXluF7i5NwOgcbvLhuuAzZdQzkwJ0ueo0VW0LldboPHmDEtUQtY +EmFJsNEOk7+qp3ifF/X3kuzxJDKeR3Eb+V1J0mys/gslxgWkJEtLR2mMfVEdIfIL +zHItnYF0tyddIZuWqGxly99uYI33gkBhmgfczL0Qvy7EZ95q5woRSzcMTaULX1UK +ZKA3mvrX1srKjKnKeeoYGuys59AGH8hmCB+lTshn9i382ZwFGcepbfEckYrIA1E4 +lVb45Bi/ugX097ULFK5dL787kMkLC37IfhmGKl8HTpKJe//sZINo+V74PBt4uUY/ +Ioqd/1vyLqpfuZSasJa7toQSUfViCKP9OZwEqLUkLWELPHDyyZaZ50uuH2/KRMbl +QN4eADWYdAxp3mmU2fUZmjXZeeD3cHutPzXt6TU1KH0iWZD4XzOndOPVFTCiCspt +uC8kaKtP1gjSct9ttLl+Tg5rO7VwUMJwdy0nCAYaeO3BEz89Hp2wfLF14w8i4ZDz +Rc3B4Bq8dGBE7g4yFCjMNL8XzTBoF9Jf/YS/cJjsRRT81vsisq+Xo+NjDhxKxY6Q +yWNog+0CKCz6jomynjdTa4ZkrL2tzF8rnWzOWmRCzRQlGSXRD8ooVu/+xP+s+p6d +CqK7q8ysifL3OAa6p9shR/N/olfkM6gG8LsPxlnWk1cZ/7HeK4RhnWgGeGUJHRU1 +J1wb3M/J3npIxfAKcNTybTYwC5ysjreg1yfbWAlyDkJmq3HEh7cw/2/ZdbdKV99q +mJWJ7Fa2vNbELM64ec2YIXvVkvhegOfp/cw2i+0FH2SyyWKatj3pCU6mV/0tavxH +xqZ0I8+5kXym3qUeGNnntLX9IhWwlo3pDE2DwfQePcnp0FuIuD59+4kJIUmuyTyq +JKOlWZiaMotuuGRkrM3f/Tc6hI0q+j5W6tgJ06fJax7kKZHQVhV3iXUr6hyaGCSz +VTMmZKbhYEcB82hanhkS5o7sXcMzrxU2c6egoJHBpjf+c+ZU8hcl/rOOPbNpFYgD +iYCrx/LFcXTkLADQRaNxMcaCnDRrHC0398kWYX9I6HdZR2j5cqQCuM4dMnI3UO+w +JkDElUwANPmdWP5jW75onteHl/yfj2ah/UWFTozS+du6aWjMzY7eTww+8XTonSZJ +JskyxFxD2qnIG9vqUWwBxeQeEK0hxjERy6M8cb/P7RurULXNUawjEI+3YGvfOyGY +VtHjDJaew2bN3pzfFWmCmJSfIi1WnkFPpRExFheqDEjr3k5cOAls+8TuQwS2aJY0 +L9aAuyr2hyVcGWH2Xw3uek6WRv2XBT8hsr6EfjcRg/9aX+oLqoIHfFTCrJrd3I13 +axMb/2CWvFUxZFjPLs1Xlz3Ux7je31oL0EcQruvtefQ4qYSBPGb1ES1+QgCX2PAJ +zj4lHc91PmsXKJW0nsStgxK/FDD3TB1WiYSG3KvEnYrYVQRxcf+fJzSEG39zd3EW +iNh8mGGyZoilV37iDAeF7gJOvwMqKOUMrRG4wtSfpkSxhXglx5IysBP/axDBfXjm +LOwxvt4zR9bV2g79uGJb4zSnO6u3ytSRMRVT2mrBw34EfWNrfV5hoqoJ5I0VxVdm +oEOKreO0fqgDtIVNiOGF4y4zWjsCzAqZ+bCoyimidUmjjsZKwg1Wf+0aBmmgc1D/ +veVTg4e3Y44AXn1lZnbGtticA6zscCo/GtvOue1LcEpJHQ+unxIudSAUkcBvrksS +f7gmrfNE1XYz7KWIcIaC0A3yE9M6x1lF/ZOFuml9Pt2HaRbRyYxSnggHOR4KQOIS +vKv1RI8FXcGk8qf9YwCivnGSwbL1fsA8wdJgNWTLwChhemm80ieiNg4g/zkeITSL +MlRZ0Q2wQMKU4xTN/Zn5fBeC2fdzW1K+Mn+MQyT30txcvLdYhiO5lPYs7kldtgzx +pbZBez6WQffT82BF4MqnYRVJsmKh4F4vsnYcDBBxIT7qWjCPiDyifKzhmuhO7BrD +cemIYtibr3dQIKhPLNmKtVwDxE2ZNFN8uItqdypEW+DS9dJBuev/+tj8KiKuMMzv +6D+kPKtOzTGQSXuSJWf9WFI6BUuGoNUgJRk7BYULZAy3a0C4d3Z5CTHw6jcQtDdH +oZmyRTS9MrhVZ/9rBYC9XvzrUnZ2V63/3R18+74WftsxXseUMQ3+jxO/zd9ERM30 +HEpRPK++X0SvVd8p7vqSVuiKuZImABaF8ZEt4e95BURTyRSObBsjN+S2GuEpAcn5 +nGpKQrHufS/KmouIdzfTlP9vtCP8vwy0/oqzTyxXoYTbJO0n0w1OVAC9wvvVVun2 +Xp5NTjho+WiTq82CzNQDRbXGnSZTNYSaAbYw3T+CuJM7g3qcsOZSoqIXwGh0g8Ph +QZvsBq4w9lpqDoUvvhoO+59DYsXT/MuxI/zPS5vAOfeMFL5MKQ/AcSKZS49icYov +pImtTf+NiFmTswY+RNMoS8GGW6CUb90sD1d4NoF2TXctLGX2kiFEDMS7v3Fg55Iu +sbYM1/zPPGhjZQl36j76zIiJ98UNZC43+K4S23DX5HAFk8TVm20I6/mG8U7F3cEO +PExQf+piiyDo5kI0slwrNasstNV2s9CZNkys01ecvxCFQ0ZfP8rQsE2DL5ylXV3g +4bqyFgk2wVHxaYFC1qsb0IRf2wiM6cUFKJXV0yHa8R7bX6P3Dxqskq6l4HMN/mzu +ysPb1K3lTqv09vHjrwAnQ5Uri1YhWDSn/A8YFQWhDl4sVURwlXgio+3z+2HTIq3i +Vhz55xLMXXOfeHpRk7PEkDGRluOBFilCbUpOLGD4+rqrwBDT98e3JMaU65agfB+M +rsRsFVEe3AYE7GW3TVWSj8XpsNzof/6njaTjq9RNsJ+tAM4RGwMpHGNZkknUsxzw +x8o6MM8YqJq6DCWij1ju2YMeaJIxcW8NDRQO8KtE1RjylnAvzZZKZ4HDzbd9g2sM +yx7jVdsc4gElmToPcQ6C8Rlt3QP2IO6Jvm+eJAjK4br68/dTcnC9J9JxAj2GDb0W +s7QYb6rG8mZ46b5vGCstcWzqC5VdoL+QHYDgJA70/1jubJD3dpHDORBuypUXcMRa +BONneNdlX/HunPPYOtlkikpVqep8OFz1t4G9iyu1gbl7BT6ORFyHysDFdfEYsOwO +13U3qMMJERbU5NerIJcvmYYx0qq6E3DDa0HfL77s57HSYcrZa9935yr4HWaC8DwR +DpF11FYN3O4O7PlYFWFgG6Pxru1YAFyHmoSKxuSDv5CpK1q5/TlhfxVP6flYfbQj +qVwn1AtHO7t3Wpu0degEK0HC1LoVAdyUVLZC04eXNZXa/rrZ+xdkUMJiCJ6hrpHH +8oVaaI3gLXsIYKRgMska3pS72aIwL2swjBhTsMWEpClDx1eI/0n11TgQcTi4vlw4 +1VuJfy1pboc55y5rUhLFKxNc3N7SzpxxhuDbg6l/+FEZtYCJrl5jqCXgWYmmKD47 +DRIFMX0INGVNP3aM9WElIIofh0ErUw8SuONzV2QNdLNopaLdSZROa/ljqIaDa0wt +gg6K6E2PwPukLnCiY5LR0eK6t5qj4QFxuA8OplmSMssJ+KwynPoaWPu1qsfvz6Gs +hhql3BspDi6cka5eQBdimjqGAqTiLjx1IVFv5+pgI7WMtbcmvX//LuOrn7e02xSa +wxejikf63V1jQwG0Iw0oroE+fheYIKh+gL+pE23DiYSG8co70uuYW9CYVg8tXID4 +IYJPTlI7Z2Y4Ap/M1Bvd2qNpteHg2i7mdQm14UEzUBCRSd6jJk9XsjkpBYiMLcUM +VG0cP+Yq5fcHpedMo5q6XBQotztyqS5R1C9bh4VX3HRWzwQLacgLi+FzqKCEHTlj +mjA+P0FkxEglk6J5J/+deAGI3A9xPebNmiyj7O8IXLXooOu7LE8VzBo7NsINGIrf +4W7SgpLhqd9pM6TFQBm6/5xWTjgsNopaD/O7OMNEz04rLY2dvxRXdGTdCZZFXo54 +ugaO9NlV/OSIyBUoZnr9DKS/tGGighmOZgqGykFswHjPA9vWNzw3mNA1rV5PgLGe +4Ts+ertC900AJCrtalu+Q8n5QtXWw4wSZaqRgSjPXZPycPGGK55eZUzVRoWtbFp3 +3p23SxilEIvvP6Gt4kx6dPZUDrFiPGXi3dNYGGUDmJ/uZrh/YyjIRK2UtYIpdKh3 +2miJwY21/DG/9OM4t+aDhOrgi7MH3CMwR1eZvkA1p8PL9IEq8KhFHT47BmKPi1tO +JQV+w6RAYl+r4Y9Gl8v9D0rSSjiBIPaa+ZZP4MbqQAYLQy6UKnPyrfdyaEz6/5GK +4zClfIq5KcXanA6i99HOFE8bQX7kuM3prR1fTEhzpgyE4+bga/vCQZ5z7ynLud/O +XdRetWBRWNBOM3Xtp1BzOxiV0/nRKZYGzk3+8FiQM5p83ODvnp8oZOU0WKMNklmt +8fYjqAgccuRCtOhLozSNAFLts0Exm2ENcNPtyYWR+RBJdT2OXURHa7vfy8rfCpoi +GpDvd3sZFqB7P53tBg9/cmKPMqFkOlXHSbaqE2Q//nj/XSuMSkyYc0jHx1DDAf1k +Lrp7KVa8DXFQl1YdGJBXwt171jQidMKb/6emfDNhCHtkbc7w4vK6Bpr+bsNpLP3o +nuiniMuHqVqN0TlmC7H9Cpb/JQnKFkO1tCAcbLmxj1R8IEFqxy+hyQhZK5ClJxJg +Uzbp7NrLGoMOvFBTsblI71Mmt6w2HdsVZw8tcT54R/KvTQNmRzGKwwJXV6sMXVPe +MQMvIAOty2ieRX1ofU7cxllKjzgsjof2xhqkazn+pIhLCo8M1Xe6bW4Y193tqmTR +k7V0KoQkg4RQAR2MmLR63jC+wPrxddB9odUABBpXX8W+gfk8sbXrzPmGOsqt1lz0 +dogDq2UmqSNgU6pK1jYkN7ZXnVB+3ND9942/g/hR1o+qc2QJ3Omkp0XhteREB1JO +KqbKgG4NNHadjukOmsQBVY6cf76Vz6F8LnxUXR0xyk0wmsgJJHpWDOuaSGO/AEE4 +eDjnRYqr5fDJTzNiTfN9f8bjvWG539nob14QfAV7/m60OL3z2MsBKPtkv+PbezeT +GCRqKThRBeSIMoaBWth0EL/4Uvd7Ii1amRED2XSXKAEBkwDUgAp057BD5QUwwHA+ +NSb8/ghnEFcbgjEnBzp6ZOdxiOS2bBiAfwmWWpoxlvOi7SMeDH5kV9sD4klfL8xw +vZeblsu84JO7OWmQOiBkBUTls2hsJE9FEzfeWKwDFcom2V5TML9rfQ45LTmAS1Fn +WrypPd7qGYwsYU8pM/oMb6tVl/CZNDvAXU1bl+PrqNrecEouWphtAICho3u/OtR1 +f7uSrhLSYMtDsLtRH2vwt3DlgqgGJ+b0izz+3LETXWbnAMwMmiacUk91DDNq4UKF +biFXRneKLMsqhbFW2GGSf2Aymo+soHYNM9a7Iy7F0YqTkCmuaslg5dv5yyHHHivi +c+H6XD9zagjXWtUs5gugYbdxYeExjrmMtMO6fyYLkfYmzybXRYWAmQpMy5prfsfZ +SaQq35G/OMN6weI5Mzh9u+w1LJuq/71L4Pzp8m+Cz6XESEZzerGnVad98yBf5Ej8 +RipyIgCgwEGBHJ+GTDF9bD2NEXggDRdDr6e0P3aJ6+jwQJj6Lt1nHfdUTlzVldiK +kWSYhghEXPA90nLAgmyRGwAKnFmimOMLhNV6m3QICruWkTV0bYFXW9a22vLHATiG +F72mGwHN4BIE2WH/eSS/tnDcOulNI9Dny6n//yKIwmvZPtOycLTb6hOumJd36S6W +D6LCng/ck8E1rlNv1e3QcAI5yhqMd30A4B5UczuUB1dEpauI+2U7sRp35cj96ps4 +dnrmyItT8dJyDusap6+lo011UDBFoM4A9e2y6zClhL1rym84lkJiiu4Fl/xrMexG +Wq4ugj5P7kgezggMiTXyoRB7AN4f6ZDPTnbA0yt0CL/earPdikPkxZoykhmOQE0P +tHIeri2zO8Pjex4HLPVo34kgS39FfHXvAyry76WTW0IaGEAWq6IhaPA4nN/XS2Ln +fixoK/HIIsLR51C8Jc/RflZZit9DnIaT2Xf0kG7L9C7HP/3bvUMKht47XpV48jEr +G0CKNWOCeiaHPzekf6zVkgeLIt28aZ3Wcs3tQ4Ln1AIn31EWhkK+IY64gAqjsXYj +fWMPnTv2T6EUhImWXmus8jF/3trRnKd+mh2AMt0wGKFUu7uaXnb4LO9CPJSWNhlr +qG+9FMVU2r5UTvv6C9K2y1D8lQrPhJ4/0733acoyAKI2BPY/3tD8GOd/z+AIYrrq +4FqxhIDzHuh5Xs5bGdtwdkAAC2SI81SvNn2829/lWQvsr2aF52wwyawCUVn2p6+Z +O/kk8z0i9+uunhzTkQpjJtSrXornxNXdPtjrbbCP9+OyehrrNMt1W9X5vmrBp1cm +8eEB+inR25imeZnVQtEOnq93ARmVUGN0XNgooHpQnIiMOLdfCjiepHxoIu1cjvcC +m2s+ehasPLuiUAJhBDCQaIBFYPEvmLGj+ZkMU4b/dFPz4te6gcVnH9pP6ay2dAnG +piBKR7jmXP7GVuuksUF7L+zU3l+MuPP5b+q0cYBL46Cq2LomuCKTZt0E3FsJuZeo +uvFBhTgYcvGBz9MJ0gbiJh2uJXvdtzNPH9ggh7GFt6I+4bBnHZbErNbCKBiHXDvx +Iq9Dsd2n6UdbN7XUJbRAuOU+bxi7JH5i7lnBxtIv1AP7tWnVtFUh9Q8Ux35z1q8X +nfS5QuHVWbGnIZMAJk6RVLptRM077x1Vw4ZayfN+ognlbYRAuzdBd2WKqKQ6UIHG +thWdOwuMDA3/VBqLOAfVOO2NWzh1e1JlitkYK1PnpiUKpkfp1ZaHeYchPlojP/8W +peRQZTb8KLWE8aCfVTV/e9eUUSevaA8dmRWfcsU5okM6OzcQqxzcSN7Y3FMpUxfC +28W2DTUuvv7wEDIWiDyXZReU1BzNWkxwOhqyBH8RgyKI6TkqfY/p2pghCUJR3RqT +hrenDjTCqLOaL89VqxKZPy6qpmP551QWZ1YwFWjqLIcZDvSI8694sSLZrgYRG0r7 +/jzE27sTEZWNvBfmbfgiEcSeSVQx2jj3gi8bqhmmAvk/vzbfbs4JjrCwIqNjL9ul +Kz8kYhEX1Exk3RJCGjwHrF5TSSDPPEJgYxB1aMFvKPfLiPuYS2Bt76hKHqWA5Rv2 +3kKWbMEGbXuNSK76M/SU7JPLPzV8ZZ9cMYlCRZ0vEOsB35mdpr60/ypGLO5xIR7O +VS7FzgYmtmYX3ccHoTE2+4hsIhoYJtfWUJV3uZniq0Rt/G+csmu2qG43dQxvdyek +PSktX7MqhPK/46byUSe/8kBJvt5i9WHOInpCUhD/uDnjZjSPqe0FhmU9DyME1xO9 +RY5wRySJVEFC6DrzJkepvBMIpTCCRM9dT70H+FtsxKCnnKPweRZhOYD3Czk3tyKe +0YfhlT002MCDztaKn94RF5w2owIaIHaGXnn3QGJU4p6nD/nUTaRcdX6EKsP1ziQZ +tk6yrFk2Yi2AQEtCXD1V+OO3y8Xk6mTisI9la4OzU3Sy3UAy/ImxoFXB/ztAOwkF ++KZcoyDdKkR2XV5R5EgdWWuztvNyxVzAYIUhfa4WvRj8RTdo3rBaFBjx8/k+JOXr +aJXiNB6at3KWEQxl8r/raaKp+/k5QH2CSmVFaWdEVAO5lTemVB0DpGJvaLsZH0eE +wTANuGw576FItf+QUEP+D99ZZWKwk9TPzlRGZGEWFXuSE71DR0Vtg4iOPJuzkb+B +6yAPl2cNSMEua3M3Whiq23AIqcxWbHANXGn2FBQvCsDlwZjxkHRRyt0jH8tBf/nQ +cUYMjqWl+PAazTTX+woXT005WlPQxhnOT+X5+32zn2Ct52YGMbUFNbaNcOGITkYp +KFQXBF85OoFtjxhkJKZ/aF0agkCFKFnBhxXCqe0w9hiw+vglAWhQNHlAGyPlqCvU +S7Q67UOT3AA262882QVShOMlVX4rn+HfeA== +=mjOU +-----END PGP MESSAGE----- diff --git a/gogs/gogs.conf b/gogs/gogs.conf new file mode 100644 index 000000000..4b3c91c79 --- /dev/null +++ b/gogs/gogs.conf @@ -0,0 +1,50 @@ +# Gogs TLS tunnel +server { + listen 443 ssl; + + # certs sent to the client in SERVER HELLO are concatenated in ssl_certificate + ssl_certificate /etc/nginx/ssl/git-tazj-in.crt; + ssl_certificate_key /etc/nginx/ssl/git-tazj-in.key; + ssl_session_timeout 1d; + ssl_session_cache shared:SSL:50m; + ssl_session_tickets off; + + # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits + ssl_dhparam /etc/nginx/ssl/git-tazj-in.dh; + + # modern configuration. tweak to your needs. + ssl_protocols TLSv1.1 TLSv1.2; + ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK'; + ssl_prefer_server_ciphers on; + + # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months) + add_header Strict-Transport-Security max-age=15768000; + + # OCSP Stapling --- + # fetch OCSP records from URL in ssl_certificate and cache them + ssl_stapling on; + ssl_stapling_verify on; + + ## verify chain of trust of OCSP response using Root CA and Intermediate certs + ssl_trusted_certificate /etc/nginx/ssl/letsencrypt.crt; + + resolver 8.8.8.8; + + # Proxy all requests to Gogs + location / { + proxy_pass http://localhost:3000; + } + + # Except the tiny .well-known folder, which we will need for renewing certs + location ^~ /.well-known/acme-challenge/ { + default_type "text/plain"; + root /tmp/gogs/letsencrypt; + } +} + +# Redirect to HTTPS +server { + listen 80 default_server; + server_name _; + return 301 https://$host$request_uri; +} diff --git a/gogs/nginx.conf b/gogs/nginx.conf new file mode 100644 index 000000000..995250f72 --- /dev/null +++ b/gogs/nginx.conf @@ -0,0 +1,28 @@ +user nginx; +worker_processes 1; + +error_log /var/log/nginx/error.log warn; +pid /var/run/nginx.pid; + +events { + worker_connections 1024; +} + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + sendfile on; + #tcp_nopush on; + + keepalive_timeout 65; + gzip on; + + include /etc/nginx/conf.d/*.conf; +}