--- /dev/null
+DATE:=`date --iso-8601`
+
+# no-op by default
+default:
+ true
+
+# make sure perms are right, gets called at the end of many routines
+chown-www:
+ chown -R www-data:www-data /var/www
+
+# recipes for installing this thing onto a "real" (non-chroot) system
+# this is enough to get us to a functional Drupal install page
+# to go further, use the install-from-backups recipe
+setup-real-system: probe-files install-pkgs install-drupal do-mysql chown-www
+
+# test that we have /install-{drupal-toolchain,packages}.sh /pkgs /sqldefaults and /do-mysql-sh
+# if we don't have all of these files, BAD THINGS may happen
+probe-files:
+ [ -f /install-packages.sh ]
+ [ -f /pkgs ]
+ [ -f /install-drupal-toolchain.sh ]
+ [ -f /do-mysql.sh ]
+ [ -f /sqldefaults ]
+
+install-drupal:
+ chmod +x /install-drupal-toolchain.sh
+ /install-drupal-toolchain.sh
+
+install-pkgs:
+ chmod +x /install-packages.sh
+ /install-packages.sh
+
+do-mysql:
+ chmod +x /do-mysql.sh
+ /do-mysql.sh
+ # secure these two files because they contain passwords in plaintext
+ chmod og-rwx /do-mysql.sh
+ chmod 0600 /sqldefaults
+
+# recipes to restore the site from a backup
+install-from-backups: probe-backup-files install-sqldump install-drupal-sites chown-www
+
+probe-backup-files:
+ [ -f /sqldump ]
+ [ -d /sites ]
+
+install-sqldump:
+ # source the dump twice - once to create the DB, once to populate it
+ mysql -u root -p -e 'source /sqldump; use dbd_drupal; source /sqldump;'
+
+install-drupal-sites:
+ cd /var/www/html
+ cp -r /sites sites
+
+# recipes for building a chroot. notice that sql does not cooperate with chroots, due to some funky postinstall hooks and /proc namespaces conflicting
+build-chroot: new-chroot install-pkgs-in-chroot install-drupal-toolchain
+
+new-chroot:
+ rm -rf tristrap
+ mkdir tristrap
+ debootstrap --merged-usr etiona ./tristrap/ http://mirror.fsf.org/trisquel/
+
+install-pkgs-in-chroot:
+ cp files/pkgs tristrap
+ cp files/install-packages.sh tristrap
+ chmod +x tristrap/install-packages.sh
+ chroot tristrap /install-packages.sh
+
+install-drupal-toolchain:
+ cp files/install-drupal-toolchain.sh tristrap
+ chmod +x tristrap/install-drupal-toolchain.sh
+ chroot tristrap /install-drupal-toolchain.sh
--- /dev/null
+mount --rbind /proc proc
+mount --rbind /sys sys
+mount --rbind /dev dev
+mount -t tmpfs none tmp
+mount -t tmpfs none run
+touch etc/resolv.conf
+mount --bind /etc/resolv.conf etc/resolv.conf
--- /dev/null
+#!/bin/bash
+apt install -y build-essential
+cp files/do-mysql.sh /
+cp files/install-drupal-toolchain.sh /
+cp files/install-packages.sh /
+cp files/pkgs /
+cp files/sqldefaults /
--- /dev/null
+# <aliases for dbd>
+<VirtualHost *:80>
+ ServerName www0.defectivebydesign.org
+ ServerAlias www.defectivebydesign.org
+ ServerAlias defectivebydesign.com
+ ServerAlias defectivebydesign.net
+ ServerAlias www.defectivebydesign.com
+ ServerAlias www.defectivebydesign.net
+ ServerAlias dbd.fsf.org
+ ServerAlias defectivebydesign.org
+ ServerAdmin webmaster@fsf.org
+ ### redirect to same domain name, but HTTPS. required for HSTS
+ RewriteEngine On
+ RewriteCond %{HTTPS} !=on
+ RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
+</VirtualHost>
+
+<VirtualHost *:443>
+ ServerName www0.defectivebydesign.org
+ ServerAlias defectivebydesign.com
+ ServerAlias defectivebydesign.net
+ ServerAlias www.defectivebydesign.com
+ ServerAlias www.defectivebydesign.net
+ ServerAlias dbd.fsf.org
+ ServerAlias defectivebydesign.org
+ ServerAdmin webmaster@fsf.org
+ RedirectMatch permanent (.*) https://www.defectivebydesign.org$1
+</VirtualHost>
+
+<VirtualHost *:443>
+ ServerName www.defectivebydesign.org
+ ServerAdmin webmaster@fsf.org
+</VirtualHost>
+# </aliases>
+
+# <configure some basic server parameters>
+# Possible values include: debug, info, notice, warn, error, crit,
+# alert, emerg.
+LogLevel warn
+ServerSignature On
+# </basic params>
+
+# if we have mod_status, use it
+<IfModule mod_status.c>
+ #
+ # Allow server status reports generated by mod_status,
+ # with the URL of http://servername/server-status
+ # Uncomment and change the ".example.com" to allow
+ # access from other hosts.
+ #
+ <Location /server-status>
+ SetHandler server-status
+ Require host 127.0.0.1 74.94.156.210
+ </Location>
+</IfModule>
+
+# <redirects/shortenings of URLs>
+Redirect /day http://www.defectivebydesign.org/dayagainstdrm/2019
+Redirect ^/dayagainstdrm/?$ http://www.defectivebydesign.org/dayagainstdrm/2019
+RedirectPermanent /node/9 /join
+RedirectPermanent /feed.xml /rss.xml
+
+# we can't seem to standardize on using underscores or hyphens, so we're going to use both
+# we can probably have apache use regex for this, I'll investigate that next
+# - Eostre, 2020-08-04
+Redirect ^/amazon-kindle-swindle\. /amazon-kindle-swindle
+Redirect ^/amazon_kindle_swindle\. /amazon-kindle-swindle
+Redirect ^/kindle-swindle\. /amazon-kindle-swindle
+Redirect ^/kindle_swindle\. /amazon-kindle-swindle
+
+# Cf. RT #716003. Ward, 2011-11-30
+RedirectPermanent /user/register https://crm.fsf.org/civicrm/profile/create?gid=36&reset=1
+
+# Cf. RT #839159. Ward, 2013-07-09
+RedirectPermanent /what-is-drm http://www.defectivebydesign.org/what_is_drm_digital_restrictions_management
+RedirectPermanent /what_is_drm http://www.defectivebydesign.org/what_is_drm_digital_restrictions_management
+
+#k054 RT #1044876 2015-09-09
+RedirectPermanent /donate https://my.fsf.org/civicrm/contribute/transact?reset=1&id=40
+RedirectPermanent /no-drm-in-html5 https://my.fsf.org/civicrm/profile/create?gid=183&reset=1
+RedirectPermanent /no-drm-in-html-5 https://my.fsf.org/civicrm/profile/create?gid=183&reset=1
+RedirectPermanent /no_drm_in_html5 https://my.fsf.org/civicrm/profile/create?gid=183&reset=1
+RedirectPermanent /no_drm_in_html_5 https://my.fsf.org/civicrm/profile/create?gid=183&reset=1
+
+# broken links to /en/printable, etc
+# Ward, 2010-01-28
+RewriteRule ^/en/(.*) /$1 [R]
+# </redirects>
+
+# <I think this is for security? idk why we would be messing with / when our webroot is /var/www/html>
+# I'm just an intern, fiddling with code written before I could `echo Hello World`
+# - Eostre, 2020-08-04
+<Directory />
+ Options FollowSymLinks
+ AllowOverride None
+</Directory>
+# </weird stuff>
+
+# <add CGI scripts shipping by our distro>
+ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
+<Directory "/usr/lib/cgi-bin">
+ AllowOverride None
+ Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
+ Require all granted
+</Directory>
+# </cgi>
+
+# <allow us to access usr/share/doc over HTTP, but only from localhost, e.g. allow us to use an SSH tunnel to access it>
+Alias /doc/ "/usr/share/doc/"
+<Directory "/usr/share/doc/">
+ Options Indexes MultiViews FollowSymLinks
+ AllowOverride None
+ Require host 127.0.0.0/255.0.0.0 ::1/128
+</Directory>
+# </share/doc fuckery>
+
+# <manage caching: sets the Expires and Cache-Control headers so that clients know when to use their cache vs. when to refetch a resource>
+<FilesMatch "\.(ico|pdf|jpe?g|png|gif|js|css)$">
+ ExpiresActive On
+ ExpiresDefault "access plus 1 month"
+</FilesMatch>
+
+<FilesMatch ".*">
+ ExpiresActive On
+ ExpiresDefault "access plus 5 minutes"
+</FilesMatch>
+# </caching>
--- /dev/null
+# do this so that .htaccess can cause things to not 404
+<Directory /var/www/html>
+ AllowOverride All
+</Directory>
--- /dev/null
+### directives for making sure that boycottsony.org, dayagainstdrm.org, and rotten-apple.org redirect to their appropriate pages on DBD
+
+<VirtualHost *:80>
+ ServerName boycottsony.org
+ ServerAlias www.boycottsony.org
+ ### redirect to same domain name, but HTTPS. required for HSTS
+ RewriteEngine On
+ RewriteCond %{HTTPS} !=on
+ RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
+</VirtualHost>
+
+<VirtualHost *:80>
+ ServerName dayagainstdrm.org
+ ServerAlias www.dayagainstdrm.org
+ ### redirect to same domain name, but HTTPS. required for HSTS
+ RewriteEngine On
+ RewriteCond %{HTTPS} !=on
+ RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
+</VirtualHost>
+
+<VirtualHost *:80>
+ ServerName rotten-apple.org
+ ServerAlias www.rotten-apple.org
+ ### redirect to same domain name, but HTTPS. required for HSTS
+ RewriteEngine On
+ RewriteCond %{HTTPS} !=on
+ RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
+</VirtualHost>
+
+<VirtualHost *:443>
+ ServerName boycottsony.org
+ ServerAlias www.boycottsony.org
+ Redirect / https://www.defectivebydesign.org/sony/
+</VirtualHost>
+
+<VirtualHost *:443>
+ ServerName dayagainstdrm.org
+ ServerAlias www.dayagainstdrm.org
+ Header set Access-Control-Allow-Origin "my.fsf.org"
+ RewriteEngine On
+ RewriteRule ^/$ https://defectivebydesign.org/dayagainstdrm
+ RewriteRule ^/2016$ https://www.defectivebydesign.org/dayagainstdrm/2016
+ RewriteRule ^/2017$ https://www.defectivebydesign.org/dayagainstdrm/2017
+ RewriteRule ^/2018$ https://www.defectivebydesign.org/dayagainstdrm/2018
+ RewriteRule ^/2019$ https://www.defectivebydesign.org/dayagainstdrm/2019
+</VirtualHost>
+
+<VirtualHost *:443>
+ ServerName rotten-apple.org
+ ServerAlias www.rotten-apple.org
+ Redirect / https://www.fsf.org/campaigns/apple-patents
+</VirtualHost>
--- /dev/null
+#!/bin/bash -xe
+
+DRUPAL_DB_PASSWORD="H0z7WC8Xq8yRE"
+
+# install the mysql server
+apt install -y mariadb-server ||:
+# installation "fails" when working in a chroot
+# so we just ignore it
+# should work on a regular system, but this part can't be tested in a chroot
+
+# set up mysql with defaults
+mysql_secure_installation < /sqldefaults
+
+# add the drupal db
+mysql -u root -p -e 'CREATE DATABASE dbd_drupal CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;'
+mysql -u root -p -e "GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER, CREATE TEMPORARY TABLES ON dbd_drupal.* TO 'w_dbd'@'localhost' IDENTIFIED BY '$DRUPAL_DB_PASSWORD';"
+
+## and have drupal do the site-install
+#cd /var/www/html
+#vendor/bin/drush site-install --db-url=mysql://drupaluser:$DRUPAL_DB_PASSWORD@localhost/drupal
+
+# make sure perms are right
+chown -R www-data:www-data /var/www/html
--- /dev/null
+#!/bin/bash -xe
+
+# install composer if it's not already installed
+which composer || (\
+ curl -sS https://getcomposer.org/installer | php && \
+ mv composer.phar /usr/local/bin/composer && \
+:) && (\
+ composer self-update &&\
+:)
+
+# use composer to install drush7 and the drush launcher
+cd /var/www
+composer require drush/drush:8.*
+# ^^ PLEASE note that we're installing DRUSH 8, not Drupal 8. drush8 works fine with drupal7
+## actually don't install the drush launcher because it doesn't work with the latest release of drupal7
+#wget -O drush.phar https://github.com/drush-ops/drush-launcher/releases/latest/download/drush.phar
+#chmod +x drush.phar
+#mv drush.phar /usr/local/bin/drush
+
+# use vendor/bin/drush to download drupal
+cd /var/www
+vendor/bin/drush dl drupal-7
+
+# make drupal our webroot
+mv html html-stock
+ln -s drupal-7* html
--- /dev/null
+#!/bin/bash -xe
+
+apt update -y && apt upgrade -y
+
+# actually don't because it seems we don't need it. yet
+## add the php5 repo
+#add-apt-repository -y ppa:ondrej/php
+#apt update -y && apt upgrade -y
+
+for PKG in $(cat /pkgs); do
+ apt install -y $PKG ||: # never fail to install a package, because some packages' postinstall hooks fail when /dev /proc /run etc aren't mounted
+done
--- /dev/null
+software-properties-common
+tar
+coreutils
+curl
+unzip
+wget
+php
+php-xml
+php-zip
+php-mbstring
+mysql-utilities
--- /dev/null
+
+y
+password
+password
+y
+y
+y
+y
+y