| Nico Huber | d652872 | 2023-07-01 14:38:39 +0000 | [diff] [blame] | 1 | Create environment files (cf. `git ls-files \*environment.template`): |
| 2 | * Set SA_PUBLIC_DOMAIN_NAME in `environment` |
| Nico Huber | a1a296f | 2023-06-25 10:07:07 +0000 | [diff] [blame] | 3 | * Set CANONICAL_WEB_URL in `gerrit/environment` |
| Nico Huber | 5407310 | 2023-06-25 11:36:59 +0000 | [diff] [blame] | 4 | * Enable GitHub OAUTH in `gerrit/environment` |
| Nico Huber | 59c365c | 2023-07-01 18:18:12 +0000 | [diff] [blame] | 5 | |
| Nico Huber | aa15aee | 2023-07-01 22:35:45 +0000 | [diff] [blame] | 6 | To build: |
| 7 | * nginx first because it creates selfsigned certificate `docker-compose build nginx` |
| 8 | * then everything else `docker-compose build` |
| 9 | |
| Nico Huber | 59c365c | 2023-07-01 18:18:12 +0000 | [diff] [blame] | 10 | Get containers up: |
| 11 | * `docker-compose up` |
| Nico Huber | 15edd77 | 2023-07-01 18:16:50 +0000 | [diff] [blame] | 12 | |
| Nico Huber | 804b41b | 2023-07-02 15:53:42 +0000 | [diff] [blame] | 13 | Mail setup: |
| 14 | * A 'gerrit@' mail account will be added automatically |
| 15 | * See `docker-compose exec mailserver setup` for more |
| 16 | * Add account or alias for 'postmaster@' |
| 17 | |
| Nico Huber | 15edd77 | 2023-07-01 18:16:50 +0000 | [diff] [blame] | 18 | When the containers are up run `certbot`: |
| 19 | * Once `docker-compose -f sa-certbot.yml run new` |
| 20 | * Every x < 30 days `docker-compose -f sa-certbot.yml run renew` |
| 21 | * Always reload nginx `docker-compose exec nginx nginx -s reload` |
| Nico Huber | 22aecea | 2023-07-19 01:39:58 +0000 | [diff] [blame] | 22 | |
| 23 | DKIM: |
| 24 | * `docker-compose exec mailserver setup config dkim` |
| 25 | * If using a subdomain, set `use_esld = false;` |
| 26 | in `mail/rspamd-override.d/dkim_signing.conf` |
| 27 | * Publish key from `mail/config/rspamd/dkim/*.public.dns.txt` via DNS |
| Nico Huber | ed486d5 | 2023-07-19 14:00:59 +0000 | [diff] [blame] | 28 | |
| 29 | Mail testing with dial-in IP: |
| 30 | Some popular (german) email providers greet with a 554 error when the IP is |
| 31 | blacklisted. Seems out of standard and hence can lead to not bouncing the |
| 32 | message immediately. |
| 33 | * Set `smtp_skip_5xx_greeting = no` in `mail/config/postfix-main.cf`, |
| 34 | if you want immediate bounces. |
| Nico Huber | 5132ca7 | 2023-07-20 23:40:48 +0000 | [diff] [blame] | 35 | |
| 36 | Import projects into Gerrit: |
| 37 | * `sudo git -C gerrit/git/ clone --mirror ...` |
| 38 | - Update `groups` and groups in `project.config` |
| 39 | in branch `refs/meta/config` |
| 40 | * Import foreign server IDs if needed, e.g. |
| 41 | `sudo git config -f gerrit/etc/gerrit.config --add gerrit.importedServerId fb9ff590-4b50-4f01-be71-0aafd704c4b4` |
| 42 | * Import foreign account IDs: |
| 43 | - Check out refs/meta/external-ids` of `All-Users.git` |
| 44 | - `sha1sum` the imported ID, e.g. `echo -n imported:1000000@fb9ff590-4b50-4f01-be71-0aafd704c4b4 | sha1sum` |
| 45 | - Use SHA1 sum as filename, contents: |
| 46 | [externalId "imported:1000000@fb9ff590-4b50-4f01-be71-0aafd704c4b4"] |
| 47 | accountId = 1000123 |
| 48 | - import_account_id() { |
| 49 | imported=imported:$1 |
| 50 | sha1=$(printf "%s" ${imported} | sha1sum | awk '{ printf $1; }') |
| 51 | local=$2 |
| 52 | printf "[externalId \"${imported}\"]\n\taccountId = ${local}\n" >${sha1} |
| 53 | } |
| 54 | - Commit & push |
| 55 | * Restart containers |