diff options
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/architecture.mdwn | 1 | ||||
| -rw-r--r-- | docs/architecture/data.mdwn | 19 | ||||
| -rw-r--r-- | docs/architecture/features.mdwn | 7 | ||||
| -rw-r--r-- | docs/architecture/mail.mdwn | 6 | ||||
| -rw-r--r-- | docs/architecture/needed_admin_infrastructure.mdwn | 7 | ||||
| -rw-r--r-- | docs/architecture/needed_user_facing_infrastructure.mdwn | 37 | ||||
| -rw-r--r-- | docs/architecture/setup_file_overrides.mdwn | 24 |
7 files changed, 101 insertions, 0 deletions
diff --git a/docs/architecture.mdwn b/docs/architecture.mdwn new file mode 100644 index 0000000..581ceb7 --- /dev/null +++ b/docs/architecture.mdwn @@ -0,0 +1 @@ +[[!map pages="architecture/* and ! architecture/*/*"]] diff --git a/docs/architecture/data.mdwn b/docs/architecture/data.mdwn new file mode 100644 index 0000000..a81a268 --- /dev/null +++ b/docs/architecture/data.mdwn @@ -0,0 +1,19 @@ +Data model! + +Dynamic data lookup should opportunisticly cache any associated cheap data. For instance, there are three data from stat(/srv/git/$reponame.git), so looking up one should grab the others. Jules points out that everything here is inherently cached, and I should be using getpw*() for passwd parsing. + +[[!table format=dsv delimiter=# data=""" +datum #stored location #constraint +username #usually $ENV{SUDO_USER} # !~ /^git-|^ikiwiki-/ and =~ /^[a-zA-Z0-9_.][a-zA-Z0-9_.-]+$/ +uid #/etc/passwd # None +email #/etc/passwd GECOS #Email::Valid::Loose->new("-fqdn" => 1, "-fudge" => 0, "-local_rules" => 0, "-mxcheck" => 1, "-tldcheck" => 0 ); +repoaccess #/etc/group git-$reponame entry # None +reponame #/srv/git/$reponame.git # =~ /^[a-z0-9][a-z0-9.-]+$/ +repodescription #/srv/git/$reponame.git/description # =~ /^[\x{0020}-\x{FDCF}\x{FDF0}-\x{FFFD}]{1,80}$/ +repoowner #stat /srv/git/$reponame.git/objects uid; might be better as first non-ikiwiki user in /etc/group git-$reponame entry # None +repoglobalwritable #stat /srv/git/$reponame.git/objects o+w bit # None +repoglobalreadable #stat /srv/git/$reponame.git/objects o+r bit # None +repoikiwikidisable #probably in /srv/git/$reponame.git/config # None +repointernaltemplates #probably in /srv/git/$reponame.git/config # None +repospecialdomain #probably in /srv/git/$reponame.git/config # None +"""]] diff --git a/docs/architecture/features.mdwn b/docs/architecture/features.mdwn new file mode 100644 index 0000000..fbdedb2 --- /dev/null +++ b/docs/architecture/features.mdwn @@ -0,0 +1,7 @@ +An in-distributed-repo model for + +- code +- blogs +- bugs +- web pages +- [[mail]] diff --git a/docs/architecture/mail.mdwn b/docs/architecture/mail.mdwn new file mode 100644 index 0000000..61bbfcd --- /dev/null +++ b/docs/architecture/mail.mdwn @@ -0,0 +1,6 @@ +I can presumably get mailing lists into ikiwiki using one of the following: + +- MLM+Ikiwiki [comment-by-mail plugin](http://ikiwiki.info/todo/comment_by_mail/) +- MLM+Ikiwiki [mailbox plugin](http://pivot.cs.unb.ca/git/?p=ikimailbox.git;a=summary) + +But how would we get it into git? Might we have to do that externally? diff --git a/docs/architecture/needed_admin_infrastructure.mdwn b/docs/architecture/needed_admin_infrastructure.mdwn new file mode 100644 index 0000000..59365c2 --- /dev/null +++ b/docs/architecture/needed_admin_infrastructure.mdwn @@ -0,0 +1,7 @@ +- DONE: HTTP AUTH from PAM through the magic of mod-auth-pam +- DONE: HTTP access from /etc/group through the magic of mod-auth-sys-group +- DONE: Shell security through rbash and privilege escalation security (for mkwiki, mkuser, etc) through sudo +- DONE: Guaranteed namespace coherence with the vhosting of cgi, secure, and normal with the aid of a wildcard SSL certificate +- TODO: Work out how to pass mailing list emails around. Probably either ssh or vserver namespace magic. +- DONE: manual [[setup file overrides]], /etc/ikiwiki/piny/$reponame.setup.pl, included directly with 'do' before dumping state. +- DONE: rebuildrepo diff --git a/docs/architecture/needed_user_facing_infrastructure.mdwn b/docs/architecture/needed_user_facing_infrastructure.mdwn new file mode 100644 index 0000000..1e7284a --- /dev/null +++ b/docs/architecture/needed_user_facing_infrastructure.mdwn @@ -0,0 +1,37 @@ +TODO: user-facing documentation on piny-web +TODO: help system on pinyshell (display on login) + +It'd be nice to maintain feature parity between command line access and web access. + +[[!table data=""" +feature |command line |web +anonymous account creation |DONE: ssh createuser@piny.be |TODO: CGI frontend to adduser +password modification |DONE: /srv/rbin/passwd |TODO: Authen::PAM chauthtok CGI jblake: the pam interface was *really* not designed with http in mind though if you hard-code the interaction script it's not hard at all +repo creation, deletion |DONE: /srv/rbin/newrepo, rmrepo, lsrepo |TODO: CGI frontend +repo user management |DONE: /srv/rbin/addaccess, rmaccess, lsaccess |TODO: CGI frontend +[[mailing list addition|mail]] |TODO: /srv/rbin/addlist, dependent on getting sympa up |TODO: CGI frontend +authorized_keys modification |DONE: /srv/rbin/readkeys, writekeys, appendkeys |TODO: CGI frontend, though i am not convinced anyone would care +disable password auth if ssh key|TODO |Ha ha NEVER +commit access |DONE: git+ssh://piny.be/srv/git/whatever.git |DONE: Ikiwiki+mod-auth-sys-group/mod-auth-pam, though I am told there is a magic hook to allow public editing through git:// +wysiwyg editing tool |Ha ha no |TODO: wmd a good option, though needs UI tweaks +fork |TODO: /srv/rbin/fork |TODO: CGI frontend +upload and commit container contents |no |TODO: CGI frontend +user or repo activity data aggregation |TODO: /srv/rbin/activity |TODO: rss generation, possibly install a dynamic rss reader +help system |lock down 'man', print introduction on login |command documentation should be rendered online, perhaps +config tweaking |PARTIAL: pinyconfig |TODO: CGI frontend +"""]] + +Needed config tweakables + +- TODO: ikiwiki-editable vs. git-only +- TODO: toggle ikiwiki autoindexing +- TODO: optional use of repository subdirectory as srcdir +- TODO: globally readable repos vs. group readable repos +- TODO: globally writable repos vs. group writable repos +- TODO: editable ikiwiki templates vs. default layout +- TODO: user-configured domain vs. default piny domain + +Other + +- TODO: overall site layout/theme/css +- TODO: front page to piny server editable by sysadmin ("here's what's on this server; readme; faq; about;") diff --git a/docs/architecture/setup_file_overrides.mdwn b/docs/architecture/setup_file_overrides.mdwn new file mode 100644 index 0000000..6133a22 --- /dev/null +++ b/docs/architecture/setup_file_overrides.mdwn @@ -0,0 +1,24 @@ +Use cases: + +### Adding post-update hooks, which requires diverting Ikiwiki's hook. + + mv /srv/git/poop.git/hooks/post-update /srv/git/poop.git/hooks/post-update-ikiwiki + cat > /srv/git/poop.git/hooks/post-update + #!/bin/sh + /srv/git/poop.git/hooks/post-update-ikiwiki & + echo This is a hook that does things! + cat > /srv/ikiwiki/piny/poop.setup.pl + foreach(@{$conf->{wrappers}}) { $_->{wrapper} =~ s/post-update/post-update-ikiwiki/; }; + rebuildrepo poop + +### Adding or removing plugins, or plugin confuration variables. + + cat > /srv/ikiwiki/piny/poop.setup.pl + push(@{$conf->{add_plugins}}, 'txt'); + rebuildrepo poop + +### Any other special confuration requests from hosted projects. + + cat > /srv/ikiwiki/piny/poop.setup.pl + $conf->{teximg_prefix} .= "\n\\newcommand{\\unit}[1]{\\ensuremath{\\, \\mathrm{#1}}}" + rebuildrepo poop |