├── .art ├── front_page.png ├── issue_list.png ├── logo.png ├── project_overview.png ├── redmine_settings.png ├── webmin_admin_dashboard.png └── webmin_admin_tklbam.png ├── .gitignore ├── Makefile ├── README.rst ├── changelog ├── conf.d ├── downloads └── main ├── overlay ├── etc │ ├── apache2 │ │ └── conf-available │ │ │ ├── redmine_secure.conf │ │ │ └── redmine_webaccess.conf │ ├── confconsole │ │ └── services.txt │ └── cron.d │ │ └── redmine └── usr │ └── lib │ └── inithooks │ ├── bin │ └── redmine.py │ └── firstboot.d │ ├── 20regen-redmine-secrets │ └── 40redmine └── plan └── main /.art/front_page.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/turnkeylinux-apps/redmine/f8fbbce29728e4b6f294fbb6e7a591fb513efcba/.art/front_page.png -------------------------------------------------------------------------------- /.art/issue_list.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/turnkeylinux-apps/redmine/f8fbbce29728e4b6f294fbb6e7a591fb513efcba/.art/issue_list.png -------------------------------------------------------------------------------- /.art/logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/turnkeylinux-apps/redmine/f8fbbce29728e4b6f294fbb6e7a591fb513efcba/.art/logo.png -------------------------------------------------------------------------------- /.art/project_overview.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/turnkeylinux-apps/redmine/f8fbbce29728e4b6f294fbb6e7a591fb513efcba/.art/project_overview.png -------------------------------------------------------------------------------- /.art/redmine_settings.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/turnkeylinux-apps/redmine/f8fbbce29728e4b6f294fbb6e7a591fb513efcba/.art/redmine_settings.png -------------------------------------------------------------------------------- /.art/webmin_admin_dashboard.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/turnkeylinux-apps/redmine/f8fbbce29728e4b6f294fbb6e7a591fb513efcba/.art/webmin_admin_dashboard.png -------------------------------------------------------------------------------- /.art/webmin_admin_tklbam.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/turnkeylinux-apps/redmine/f8fbbce29728e4b6f294fbb6e7a591fb513efcba/.art/webmin_admin_tklbam.png -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | build 2 | *.pyc 3 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | WEBMIN_FW_TCP_INCOMING = 22 80 443 3690 4155 8080 9418 12321 2 | 3 | RUBY_VER=3.2 4 | 5 | include $(FAB_PATH)/common/mk/turnkey/revisioncontrol.mk 6 | include $(FAB_PATH)/common/mk/turnkey/rails.mk 7 | include $(FAB_PATH)/common/mk/turnkey.mk 8 | -------------------------------------------------------------------------------- /README.rst: -------------------------------------------------------------------------------- 1 | Redmine - Integrated SCM & Project Management 2 | ============================================= 3 | 4 | Redmine_ is a Rails web application that provides integrated project 5 | management features, issue tracking, and support for multiple version 6 | control programs. It includes calendar and gantt charts to aid visual 7 | representation of projects and their deadlines. It also features 8 | multi-project support, role based access control, a per-project wiki, 9 | and project forums. 10 | 11 | The Redmine appliance includes all the standard features in `TurnKey 12 | Core`_, and on top of that: 13 | 14 | - Redmine configurations: 15 | - Installed from upstream source code to /var/www/redmine 16 | 17 | **Security note**: Updates to Redmine may require supervision so 18 | they **ARE NOT** configured to install automatically. See `Redmine 19 | documentation`_ for upgrading. 20 | 21 | - Supports Git and Subversion. 22 | - Includes exemplary helloworld repositories. 23 | - Loaded default roles, trackers, statuses, workflows and 24 | enumerations. 25 | - Configured projects to use all available trackers (bug, feature, 26 | support). 27 | 28 | - SSL support out of the box. 29 | - Includes Phusion Passenger for Apache web server (mod_rails). 30 | - Postfix MTA (bound to localhost) to allow sending of email (e.g., 31 | password recovery). 32 | - Webmin modules for configuring Apache2, MySQL and Postfix. 33 | 34 | - Repository access:: 35 | 36 | Name Protocol access 37 | ---- --------------- 38 | Git http://$ipaddr/git 39 | https://$ipaddr/git 40 | ssh://vcs@$ipaddr/git 41 | Subversion http://$ipaddr/svn 42 | svn://addr/svn 43 | svn+ssh://vcs@$ipaddr/srv/repos/svn 44 | 45 | Repositories are stored in /srv/repos. 46 | 47 | - Recommended configurations: 48 | 49 | - settings -> hostname and path 50 | - settings -> email notifications 51 | 52 | Credentials *(passwords set at first boot)* 53 | ------------------------------------------- 54 | 55 | - Webmin, Webshell, SSH, MySQL: username **root** 56 | - Redmine: username **admin** 57 | - Git, SVN: username **vcs** 58 | 59 | .. _Redmine: http://www.redmine.org 60 | .. _TurnKey Core: https://www.turnkeylinux.org/core 61 | .. _Redmine documentation: http://www.redmine.org/projects/redmine/wiki/RedmineUpgrade 62 | -------------------------------------------------------------------------------- /changelog: -------------------------------------------------------------------------------- 1 | turnkey-redmine-18.1 (1) turnkey; urgency=low 2 | 3 | * Rebuild to fix critical bug: #1947. 4 | 5 | * Adds 'mariadb_admin' DB user - exclusively for use in the Webmin MariaDB 6 | module. Part of #1945. 7 | 8 | * Other general tidying & improvements. 9 | 10 | -- Jeremy Davis Tue, 14 May 2024 08:52:32 +0000 11 | 12 | turnkey-redmine-18.0 (1) turnkey; urgency=low 13 | 14 | * Install latest upstream version of Redmine: 5.1.2 15 | [Daniele Lolli ] 16 | 17 | * Thanks too to Davide Mainardi 18 | [Daniele Lolli ] 19 | 20 | * Confconsole: bugfix broken DNS-01 Let's Encrypt challenge- closes #1876 & 21 | #1895. 22 | [Jeremy Davis ] 23 | 24 | * Ensure hashfile includes URL to public key - closes #1864. 25 | 26 | * Include webmin-logviewer module by default - closes #1866. 27 | 28 | * Upgraded base distribution to Debian 12.x/Bookworm. 29 | 30 | * Configuration console (confconsole): 31 | - Support for DNS-01 Let's Encrypt challenges. 32 | [ Oleh Dmytrychenko github: @NitrogenUA ] 33 | - Support for getting Let's Encrypt cert via IPv6 - closes #1785. 34 | - Refactor network interface code to ensure that it works as expected and 35 | supports more possible network config (e.g. hotplug interfaces & wifi). 36 | - Show error message rather than stacktrace when window resized to 37 | incompatable resolution - closes #1609. 38 | [ Stefan Davis ] 39 | - Bugfix exception when quitting configuration of mail relay. 40 | [ Oleh Dmytrychenko github: @NitrogenUA ] 41 | - Improve code quality: implement typing, fstrings and make (mostly) PEP8 42 | compliant. 43 | [Stefan Davis & Jeremy Davis 44 | 45 | * Firstboot Initialization (inithooks): 46 | - Refactor start up (now hooks into getty process, rather than having it's 47 | own service). 48 | [ Stefan Davis ] 49 | - Refactor firstboot.d/01ipconfig (and 09hostname) to ensure that hostname 50 | is included in dhcp info when set via inithooks. 51 | - Package turnkey-make-ssl-cert script (from common overlay - now packaged 52 | as turnkey-ssl). Refactor relevant scripts to leverage turnkey-ssl. 53 | - Refactor run script - use bashisms and general tidying. 54 | - Show blacklisted password characters more nicely. 55 | - Misc packaging changes/improvements. 56 | - Support returning output from MySQL - i.e. support 'SELECT'. (Only 57 | applies to apps that include MySQL/MariaDB). 58 | 59 | * Web management console (webmin): 60 | - Upgraded webmin to v2.105. 61 | - Replace webmin-shell with webmin-xterm module by default - closes #1904. 62 | - Removed stunnel reverse proxy (Webmin hosted directly now). 63 | - Ensure that Webmin uses HTTPS with default cert 64 | (/etc/ssl/private/cert.pem). 65 | - Disabled Webmin Let's Encrypt (for now). 66 | 67 | * Web shell (shellinabox): 68 | - Completely removed in v18.0 (Webmin now has a proper interactive shell). 69 | 70 | * Backup (tklbam): 71 | - Ported dependencies to Debian Bookworm; otherwise unchanged. 72 | 73 | * Security hardening & improvements: 74 | - Generate and use new TurnKey Bookworm keys. 75 | - Automate (and require) default pinning for packages from Debian 76 | backports. Also support non-free backports. 77 | 78 | * IPv6 support: 79 | - Adminer (only on LAMP based apps) listen on IPv6. 80 | - Nginx/NodeJS (NodeJS based apps only) listen on IPv6. 81 | 82 | * Misc bugfixes & feature implementations: 83 | - Remove rsyslog package (systemd journal now all that's needed). 84 | - Include zstd compression support. 85 | - Enable new non-free-firmware apt repo by default. 86 | - Improve turnkey-artisan so that it works reliably in cron jobs (only 87 | Laravel based LAMP apps). 88 | 89 | * Set mod_evasive log location - makes debugging easier. 90 | [ Jeremy Davis ] 91 | 92 | * Include and enable mod_evasive and mod_security2 by default in Apache. 93 | [ Stefan Davis ] 94 | 95 | * Use MariaDB (MySQL replacement) v10.11.3 (from debian repos). 96 | 97 | -- Jeremy Davis Wed, 13 Mar 2024 07:37:42 +0000 98 | 99 | turnkey-redmine-17.1 (1) turnkey; urgency=low 100 | 101 | * Updated all Debian packages to latest. 102 | [ autopatched by buildtasks ] 103 | 104 | * Patched bugfix release. Closes #1734. 105 | [ autopatched by buildtasks ] 106 | 107 | -- Jeremy Davis Wed, 14 Sep 2022 06:57:18 +0000 108 | 109 | turnkey-redmine-17.0 (1) turnkey; urgency=low 110 | 111 | * Update to latest stable Redmine - v5.0.0. 112 | 113 | * Note: Please refer to turnkey-core's 17.0 changelog for changes common to all 114 | appliances. Here we only describe changes specific to this appliance. 115 | 116 | -- Zhenya Hvorostian Fri, 06 May 2022 19:37:04 +0300 117 | 118 | turnkey-redmine-16.1 (1) turnkey; urgency=low 119 | 120 | * Update to latest stable Redmine - v4.2.1. 121 | 122 | * Note: Please refer to turnkey-core's 16.1 changelog for changes common to all 123 | appliances. Here we only describe changes specific to this appliance. 124 | 125 | -- Jeremy Davis Thu, 06 May 2021 16:54:01 +1000 126 | 127 | turnkey-redmine-16.0 (1) turnkey; urgency=low 128 | 129 | * Update to latest stable Redmine - v4.1.1. 130 | 131 | * Update to latest stable Ruby on Rails - v6.0.3.3. 132 | 133 | * Update other relevant dependencies/tools: 134 | 135 | - ruby: v2.6.6 136 | - rbenv: v1.1.2 137 | - yarn: v1.22.5 138 | 139 | * Explcitly disable TLS<1.2 (i.e. SSLv3, TLSv1, TLSv1.1). (v15.x 140 | TurnKey releases supported TLS 1.2, but could fallback as low as TLSv1). 141 | 142 | * Update SSL/TLS cyphers to provide "Intermediate" browser/client support 143 | (suitable for "General-purpose servers with a variety of clients, 144 | recommended for almost all systems"). As provided by Mozilla via 145 | https://ssl-config.mozilla.org/. 146 | 147 | * Updated version of mysqltuner script - now installed as per upstream 148 | recommendation. 149 | 150 | * Note: Please refer to turnkey-core's changelog for changes common to all 151 | appliances. Here we only describe changes specific to this appliance. 152 | 153 | -- Zhenya Hvorostian Wed, 08 Sep 2020 11:47:06 +0300 154 | 155 | turnkey-redmine-15.2 (1) turnkey; urgency=low 156 | 157 | * Update to latest stable Redmine - v4.0.3. 158 | 159 | * Remove MariaDB workaround code (no longer required due to Debian MariaDB 160 | patch). 161 | 162 | * Disable requirement to reset admin password on first login (password set 163 | on firstboot). 164 | 165 | -- Jeremy Davis Fri, 07 Jun 2019 08:05:06 +1000 166 | 167 | turnkey-redmine-15.1 (1) turnkey; urgency=low 168 | 169 | * Rebuild to resolve inadvertent removal of mariadb during sec-updates 170 | - part of #1246. 171 | 172 | -- Jeremy Davis Thu, 22 Nov 2018 14:41:34 +1100 173 | 174 | turnkey-redmine-15.0 (1) turnkey; urgency=low 175 | 176 | * Upgraded to latest stable version of Redmine (3.4.6) 177 | 178 | * Install Adminer directly from stretch/main repo 179 | 180 | * Replace MySQL with MariaDB 181 | 182 | * Mercurial (hg) & Bazaar (bzr) support removed (related to #1050) 183 | [ Anton Pyrogovskyi ] 184 | 185 | * Add workaround for MariaDB 10.1 186 | 187 | * Note: Please refer to turnkey-core's changelog for changes common to all 188 | appliances. Here we only describe changes specific to this appliance. 189 | 190 | -- Zhenya Hvorostian Mon, 18 Jun 2018 21:41:20 +0300 191 | 192 | turnkey-redmine-14.2 (1) turnkey; urgency=low 193 | 194 | * Upgraded to latest stable version of Redmine. 195 | 196 | * Upstream source component versions: 197 | 198 | redmine 3.2.6 199 | 200 | * Note: Please refer to turnkey-core's changelog for changes common to all 201 | appliances. Here we only describe changes specific to this appliance. 202 | 203 | -- Zhenya Hvorostian Wed, 21 Jun 2017 10:50:13 +0300 204 | 205 | turnkey-redmine-14.1 (1) turnkey; urgency=low 206 | 207 | * Upgraded to latest stable version of Redmine. 208 | 209 | * Upstream source component versions: 210 | 211 | redmine 3.2.0 212 | 213 | * Note: Please refer to turnkey-core's changelog for changes common to all 214 | appliances. Here we only describe changes specific to this appliance. 215 | 216 | -- Anton Pyrogovskyi Sun, 03 Jan 2016 12:22:53 +0100 217 | 218 | turnkey-redmine-14.0 (1) turnkey; urgency=low 219 | 220 | * Upgraded to latest stable version of Redmine. 221 | 222 | * Upstream source component versions: 223 | 224 | redmine 3.0.3 225 | 226 | * Hardened default SSL settings 227 | 228 | * Note: Please refer to turnkey-core's changelog for changes common to all 229 | appliances. Here we only describe changes specific to this appliance. 230 | 231 | -- Stefan Davis Mon, 25 May 2015 03:52:36 +0000 232 | 233 | turnkey-redmine-13.0 (1) turnkey; urgency=low 234 | 235 | * Redmine: 236 | 237 | - Replaced ruby-enterprise with stock ruby from Debian [#102]. 238 | - Ruby 1.9.3 uses mysql2 adapter [#108]. 239 | - Bugfixes for package transitions [#58, #59]. 240 | - Bugfix: email delivery settings [#12]. 241 | - Bugfix: path_encoding UTF8 -> UTF-8 [#123]. 242 | 243 | * Note: Please refer to turnkey-core's changelog for changes common to all 244 | appliances. Here we only describe changes specific to this appliance. 245 | 246 | -- Alon Swartz Fri, 11 Oct 2013 11:00:55 +0300 247 | 248 | turnkey-redmine-12.1 (1) turnkey; urgency=low 249 | 250 | * Upgraded to latest major version of Redmine. 251 | 252 | * Upstream source component versions: 253 | 254 | redmine 2.2.3 255 | rubyenterprise 1.8.7-2012.02_i386_ubuntu10.04 256 | 1.8.7-2012.02_amd64_debian6 257 | 258 | * Note: Please refer to turnkey-core's changelog for changes common to all 259 | appliances. Here we only describe changes specific to this appliance. 260 | 261 | -- Alon Swartz Sun, 07 Apr 2013 08:00:00 +0200 262 | 263 | turnkey-redmine-12.0 (1) turnkey; urgency=low 264 | 265 | * Redmine 266 | 267 | - Upgraded to latest upstream archive. 268 | - Updated firstboot redmine configuration (passwords are now salted). 269 | - Removed regen-redmine-secrets, now handled by regen-rails-secrets. 270 | - Updated default configurations (eg. mail) for newer rails version. 271 | - Bugfix: add creation dates to helloworld repos (UX). 272 | 273 | * Major component versions 274 | 275 | redmine 1.4.4 (upstream archive) 276 | rails 2.3.14 277 | ruby-enterprise 1.8.7-2012.02 278 | apache2 2.2.16-6+squeeze7 279 | mysql-server 5.1.63-0+squeeze1 280 | build-essential 11.5 281 | 282 | git-core 1:1.7.2.5-3 283 | bzr 2.1.2-1 284 | subversion 1.6.12dfsg-6 285 | mercurial 1.6.4-1 286 | 287 | * Note: Please refer to turnkey-core's changelog for changes common to all 288 | appliances. Here we only describe changes specific to this appliance. 289 | 290 | -- Alon Swartz Wed, 01 Aug 2012 08:00:00 +0200 291 | 292 | turnkey-redmine-11.3 (1) turnkey; urgency=low 293 | 294 | * Installed security updates. 295 | * Enabled etckeeper garbage collection by default. 296 | * Upgraded to latest inithooks version (adhoc re-initialization via turnkey-init) 297 | 298 | -- Alon Swartz Mon, 05 Dec 2011 10:48:44 +0000 299 | 300 | turnkey-redmine-11.2 (1) turnkey; urgency=low 301 | 302 | * Installed security updates. 303 | * Added HubDNS package and firstboot configuration. 304 | 305 | -- Alon Swartz Fri, 15 Jul 2011 07:47:08 +0000 306 | 307 | turnkey-redmine-11.1 (1) turnkey; urgency=low 308 | 309 | * Redmine: 310 | 311 | - Regenerate action_controller.session secret (security). 312 | - Updated project creation schema due to required fields. 313 | - Replaced Ruby with Ruby Enterprise (performance). 314 | - Replaced Ruby Enterprise rack gem with version 1.0.1 (Redmine dep). 315 | - Added i18n gem version 0.4.2 (Redmine dep). 316 | 317 | * Set Redmine admin email and password on firstboot (convenience, security). 318 | 319 | * Set MySQL root password on firstboot (convenience, security). 320 | 321 | * Force MySQL to use Unicode/UTF8. 322 | 323 | * Set postfix MTA myhostname to localhost (bugfix). 324 | 325 | * Included libreadline-dev so rails console works (bugfix). 326 | 327 | * Major component versions: 328 | 329 | redmine 1.0.5 (upstream tarball) 330 | ruby-enterprise 1.8.7-2010.02_i386_ubuntu10.04 331 | mysql-server 5.1.41-3ubuntu12.8 332 | apache2 2.2.14-5ubuntu8.4 333 | 334 | git-core 1:1.7.0.4-1ubuntu0.1 335 | bzr 2.1.1-1 336 | subversion 1.6.6dfsg-2ubuntu1 337 | mercurial 1.4.3-1 338 | 339 | * Note: Please refer to turnkey-core's changelog for changes common to all 340 | appliances. Here we only describe changes specific to this appliance. 341 | 342 | -- Alon Swartz Sun, 24 Dec 2010 09:02:55 +0200 343 | 344 | turnkey-redmine-2009.10 (2) hardy; urgency=low 345 | 346 | * Installed all security updates (see manifest for package versions). 347 | 348 | * Install security updates on firstboot (except when running live). 349 | 350 | * Trick webmin into not checking for upgrades (managed by apt). 351 | 352 | * Updated di-live mysql mechanism and secret regeneration. 353 | 354 | * Included latest version of inithooks and updated scripts. 355 | 356 | * Included wget as per common request. 357 | 358 | -- Alon Swartz Mon, 29 Mar 2010 09:02:11 +0200 359 | 360 | turnkey-redmine-2009.10 (1) hardy; urgency=low 361 | 362 | * Initial public release of TurnKey Redmine. 363 | 364 | * SSL support out of the box. 365 | 366 | * Redmine configuration: 367 | 368 | - Loaded default roles, trackers, statuses, workflows and enumerations. 369 | - Configured projects to use all available trackers (bug, feature, support). 370 | - Includes custom developed init scripts for bzr and svn. 371 | - Includes exemplary helloworld repositories. 372 | 373 | * Integrated version control systems: 374 | 375 | - git: git://addr/git 376 | - svn: svn://addr/svn 377 | - bzr: bzr://addr/bzr 378 | - mercurial: http://addr:8080 379 | 380 | * Includes Phusion Passenger for Apache web server (mod_rails). 381 | 382 | * Includes postfix MTA (bound to localhost) to allow sending of email from 383 | Redmine (e.g., password recovery). Also added webmin-postfix module for 384 | convenience. 385 | 386 | * Regenerates all secrets during installation / firstboot (security). 387 | 388 | * Major component versions: 389 | 390 | redmine 0.8.4 (upstream tarball) 391 | 392 | git-core 1:1.5.4.3-1ubuntu2.1 393 | bzr 1.3.1-1ubuntu0.1 394 | subversion 1.4.6dfsg1-2ubuntu1.1 395 | mercurial 0.9.5-3 396 | 397 | apache2 2.2.8-1ubuntu0.11 398 | mysql-server 5.0.51a-3ubuntu5.4 399 | ruby 4.1 400 | rubygems 1.3.5 401 | rails 2.3.4 402 | rake 0.8.7 403 | passenger 2.2.5 404 | 405 | * Note: Please refer to turnkey-core's changelog for changes common to all 406 | appliances. Here we only describe changes specific to this appliance. 407 | 408 | -- Alon Swartz Tue, 29 Sep 2009 15:39:41 +0200 409 | -------------------------------------------------------------------------------- /conf.d/downloads: -------------------------------------------------------------------------------- 1 | #!/bin/bash -ex 2 | 3 | dl() { 4 | [[ "$FAB_HTTP_PROXY" ]] && PROXY="--proxy $FAB_HTTP_PROXY" 5 | cd $2; curl -L -f -O $PROXY $1; cd - 6 | } 7 | 8 | get_html_tags() { 9 | local IFS='>' 10 | read -d '<' TAG VALUE 11 | } 12 | 13 | TMP_DIR=$(mktemp -d /tmp/redmine.XXXXX) 14 | dl https://www.redmine.org/projects/redmine/wiki/Download "$TMP_DIR" 15 | HTML="$TMP_DIR/Download" 16 | HTML_TAGS=$(cat $HTML | while get_html_tags "$HTML"; do echo $TAG; done) 17 | rm -rf "$HTML" 18 | RELEASE=$(sed -En 's|^a href="/releases/(redmine-[0-9\.]+\.tar.gz)".*$|\1|p' \ 19 | <<<"$HTML_TAGS" \ 20 | | sort -V \ 21 | | tail -1) 22 | 23 | SRC="/usr/local/src" 24 | dl "https://www.redmine.org/releases/$RELEASE" "$SRC" 25 | dl "https://www.redmine.org/releases/$RELEASE.sha256" "$SRC" 26 | 27 | cd "$SRC" 28 | shasum -c "$RELEASE.sha256" 29 | rm "$RELEASE.sha256" 30 | -------------------------------------------------------------------------------- /conf.d/main: -------------------------------------------------------------------------------- 1 | #!/bin/bash -ex 2 | 3 | ADMIN_PASS=turnkey 4 | API_KEY=$(mcookie) 5 | 6 | SRC=/usr/local/src 7 | WEBROOT=/var/www/redmine 8 | 9 | # needed for git-http 10 | a2enmod cgi 11 | 12 | DB_PASS=$(grep 'password:' $WEBROOT/config/database.yml | head -1 | sed 's/ *//g' | cut -d':' -f2) 13 | 14 | # start mysql 15 | systemctl start mariadb 16 | 17 | # remove adminer user - redmine doesn't have adminer 18 | mariadb_admin_pass=$(mcookie)$(mcookie) 19 | mysql -e "DROP USER IF EXISTS adminer;" 20 | mysql -e "GRANT ALL PRIVILEGES ON *.* TO mariadb_admin@localhost IDENTIFIED BY '$mariadb_admin_pass';" 21 | mysql -e "FLUSH PRIVILEGES;" 22 | 23 | # configure webmin specific db user - updated in firstboot script 24 | # this should probably be move to common - for use in all apps that doesn't have adminer 25 | conf=/etc/webmin/mysql/config 26 | # 'login' should exist in webmin conf 27 | sed -i "\|^login=|s|=.*|=mariadb_admin|" $conf 28 | # 'pass' shouldn't exist in webmin conf, but just in case it does 29 | if grep -q '^pass=' $conf; then 30 | sed -i "\|^pass=|s|=.*|=$mariadb_admin_pass|" $conf 31 | else 32 | echo "pass=$mariadb_admin_pass" >> $conf 33 | fi 34 | 35 | # install redmine and configure it 36 | tar -zxf $SRC/redmine-*.tar.gz -C $(dirname $WEBROOT) 37 | rm -rf $SRC/redmine-*.tar.gz 38 | 39 | mv $WEBROOT $WEBROOT.orig 40 | mv $(dirname $WEBROOT)/redmine-* $WEBROOT 41 | cp $WEBROOT.orig/config/database.yml $WEBROOT/config/database.yml 42 | rm -rf $WEBROOT.orig 43 | 44 | CONF=$WEBROOT/db/migrate/001_setup.rb 45 | SHA1_PASS=$(echo -n $ADMIN_PASS | sha1sum | cut -d " " -f 1) 46 | sed -i "s/:hashed_password \(.*\)/:hashed_password => \"$SHA1_PASS\",/" $CONF 47 | 48 | [[ "$FAB_HTTP_PROXY" ]] && export http_proxy=$FAB_HTTP_PROXY 49 | 50 | cd $WEBROOT 51 | bundle config set --local without 'test development' 52 | bundle install 53 | 54 | for i in test development production; do 55 | mysql -e "DROP DATABASE IF EXISTS redmine_$i;" 56 | done 57 | mysql -e "CREATE DATABASE redmine_production DEFAULT CHARACTER SET utf8mb4 DEFAULT COLLATE utf8mb4_general_ci;" 58 | 59 | bundle exec rake generate_secret_token 60 | bundle exec rake db:migrate RAILS_ENV="production" 61 | REDMINE_LANG=en bundle exec rake redmine:load_default_data RAILS_ENV="production" 62 | unset http_proxy 63 | 64 | # requirement for reposman.rb 65 | gem install --no-document activeresource 66 | 67 | project_init() { 68 | echo "Running 'project_init $1 $2 $3 $4'." 69 | mysql <> $WEBROOT/api_key 130 | chmod 600 $WEBROOT/api_key 131 | 132 | a2enconf redmine_secure 133 | a2enconf redmine_webaccess 134 | 135 | # configure outgoing email 136 | cat >$WEBROOT/config/configuration.yml<>$WEBROOT/public/stylesheets/application.css<|$TURNKEY_CREDIT\n|" $FOOTER 165 | 166 | # setup logs for rotation 167 | rm -r $WEBROOT/log 168 | ln -s /var/log/redmine/ $WEBROOT/log 169 | 170 | # configure permissions 171 | chown -R root:www-data $WEBROOT 172 | chown -R www-data:www-data $WEBROOT/tmp 173 | chown -R www-data:www-data /var/log/redmine/ 174 | chown -R www-data:www-data $WEBROOT/files 175 | 176 | mkdir -p $WEBROOT/public/plugin_assets 177 | chown -R www-data:www-data $WEBROOT/public/plugin_assets 178 | 179 | # stop mysql 180 | systemctl stop mariadb 181 | -------------------------------------------------------------------------------- /overlay/etc/apache2/conf-available/redmine_secure.conf: -------------------------------------------------------------------------------- 1 | 2 | Allow from 127.0.0.1 3 | Deny from all 4 | 5 | -------------------------------------------------------------------------------- /overlay/etc/apache2/conf-available/redmine_webaccess.conf: -------------------------------------------------------------------------------- 1 | AddExternalAuth pwauth /usr/sbin/pwauth 2 | SetExternalAuthMethod pwauth pipe 3 | 4 | 5 | DAV svn 6 | 7 | SVNAllowBulkUpdates Prefer 8 | 9 | SVNParentPath "/srv/repos/svn" 10 | LimitXMLRequestBody 0 11 | 12 | SVNPathAuthz off 13 | 14 | AuthType Basic 15 | AuthName "Redmine SVN Repository" 16 | AuthBasicProvider external 17 | AuthExternal pwauth 18 | 19 | Order deny,allow 20 | Deny from env=AUTHREQUIRED 21 | Satisfy any 22 | 23 | # read access 24 | 25 | Require valid-user 26 | 27 | # write access 28 | 29 | Require valid-user 30 | 31 | 32 | -------------------------------------------------------------------------------- /overlay/etc/confconsole/services.txt: -------------------------------------------------------------------------------- 1 | Web: http://$ipaddr 2 | https://$ipaddr 3 | Webmin: https://$ipaddr:12321 4 | SVN: svn://$ipaddr/svn 5 | svn+ssh://vcs@$ipaddr/srv/repos/svn 6 | GIT: ssh://vcs@$ipaddr/git 7 | SSH/SFTP: root@$ipaddr (port 22) 8 | -------------------------------------------------------------------------------- /overlay/etc/cron.d/redmine: -------------------------------------------------------------------------------- 1 | WEBROOT=/var/www/redmine 2 | 3 | 10 * * * * root /usr/local/rbenv/shims/ruby $WEBROOT/extra/svn/reposman.rb --redmine localhost --svn-dir /srv/repos/svn --owner www-data --url file:///srv/repos/svn --key-file $WEBROOT/api_key 2>&1 >> /var/log/reposman.log 4 | -------------------------------------------------------------------------------- /overlay/usr/lib/inithooks/bin/redmine.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 2 | """Set Redmine admin password and email 3 | 4 | Option: 5 | --pass= unless provided, will ask interactively 6 | --email= unless provided, will ask interactively 7 | 8 | """ 9 | 10 | import sys 11 | import getopt 12 | from libinithooks import inithooks_cache 13 | import hashlib 14 | import random 15 | import string 16 | 17 | from libinithooks.dialog_wrapper import Dialog 18 | from mysqlconf import MySQL 19 | 20 | def usage(s=None): 21 | if s: 22 | print("Error:", s, file=sys.stderr) 23 | print("Syntax: %s [options]" % sys.argv[0], file=sys.stderr) 24 | print(__doc__, file=sys.stderr) 25 | sys.exit(1) 26 | 27 | def main(): 28 | try: 29 | opts, args = getopt.gnu_getopt(sys.argv[1:], "h", 30 | ['help', 'pass=', 'email=']) 31 | except getopt.GetoptError as e: 32 | usage(e) 33 | 34 | password = "" 35 | email = "" 36 | for opt, val in opts: 37 | if opt in ('-h', '--help'): 38 | usage() 39 | elif opt == '--pass': 40 | password = val 41 | elif opt == '--email': 42 | email = val 43 | 44 | if not password: 45 | d = Dialog('TurnKey Linux - First boot configuration') 46 | password = d.get_password( 47 | "Redmine Password", 48 | "Enter new password for the Redmine 'admin' account.") 49 | 50 | if not email: 51 | if 'd' not in locals(): 52 | d = Dialog('TurnKey Linux - First boot configuration') 53 | 54 | email = d.get_email( 55 | "Redmine Email", 56 | "Enter email address for the Redmine 'admin' account.", 57 | "admin@example.com") 58 | 59 | inithooks_cache.write('APP_EMAIL', email) 60 | 61 | salt = "".join(random.choice(string.ascii_letters) for line in range(16)) 62 | pw_with_salt = salt + hashlib.sha1(password.encode('utf-8')).hexdigest() 63 | hashpass = hashlib.sha1(pw_with_salt.encode('utf-8')).hexdigest() 64 | user_id = 1 65 | 66 | m = MySQL() 67 | m.execute('UPDATE redmine_production.email_addresses SET address=\"%s\" WHERE user_id=%i;' % (email, user_id)) 68 | m.execute('UPDATE redmine_production.users SET salt=\"%s\" WHERE login=\"admin\" AND id=%i;' % (salt, user_id)) 69 | m.execute('UPDATE redmine_production.users SET hashed_password=\"%s\" WHERE login=\"admin\" AND id = %i;' % (hashpass, user_id)) 70 | 71 | if __name__ == "__main__": 72 | main() 73 | 74 | -------------------------------------------------------------------------------- /overlay/usr/lib/inithooks/firstboot.d/20regen-redmine-secrets: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | # change the password redmine uses for DB access 3 | 4 | . /etc/default/inithooks 5 | 6 | gen_pass() { 7 | unset USER PASSWORD 8 | USER="$1" 9 | PASSWORD=$(mcookie)$(mcookie) 10 | $INITHOOKS_PATH/bin/mysqlconf.py --user="$USER" --pass="$PASSWORD" 11 | echo "$PASSWORD" 12 | fi 13 | 14 | WEBROOT=/var/www/redmine 15 | SECRET=$(mcookie)$(mcookie)$(mcookie)$(mcookie) 16 | 17 | # regenerate redmine DB user password & set secret 18 | PASSWORD=$(gen_pass redmine) 19 | sed -i "s|\\(RedmineDbPass\\) .*|\1 \"$PASSWORD\"|g" /etc/apache2/conf-available/redmine_webaccess.conf 20 | sed -i "s|\\(password:\\) .*|\1 $PASSWORD|g" $WEBROOT/config/database.yml 21 | sed -i "s|RedmineApp::Application.config.secret_key_base = .*|RedmineApp::Application.config.secret_key_base = '$SECRET)'|g" $WEBROOT/config/initializers/secret_token.rb 22 | 23 | # regenerate mariadb_admin password (for Webmin MariaDB module) 24 | PASSWORD=$(gen_pass mariadb_admin) 25 | sed -i "\|^pass=|s|=.*|=$PASSWORD|" /etc/webmin/mysql/config 26 | 27 | systemctl restart apache2 28 | -------------------------------------------------------------------------------- /overlay/usr/lib/inithooks/firstboot.d/40redmine: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | # set redmine admin password and email 3 | 4 | . /etc/default/inithooks 5 | 6 | [ -e $INITHOOKS_CONF ] && . $INITHOOKS_CONF 7 | $INITHOOKS_PATH/bin/redmine.py --pass="$APP_PASS" --email="$APP_EMAIL" 8 | 9 | -------------------------------------------------------------------------------- /plan/main: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | 5 | imagemagick 6 | libmagickcore-dev 7 | libmagickwand-dev 8 | 9 | libapache2-mod-svn 10 | 11 | gsfonts # for gantt PNG export 12 | --------------------------------------------------------------------------------