Change Details

Some components are missing from the nasqueron/phabricator image: - the ability to fetch code from a private repository for arcanist, libphutil and phabricator - the autoupdate mechanism to check if a production branch can be rebased against master - the SSH daemons Currently, they're manually installed. That forbids us to treat this container as an immutable, throwable artifact. Plan is to include them to nasqueron/phabricator or override in a nasqueron/devcentral image.

Some components are missing from the nasqueron/phabricator image: - the ability to fetch code from a private repository for arcanist, libphutil and phabricator - the autoupdate mechanism to check if a production branch can be rebased against master - the SSH daemons Currently, they're manually installed. That forbids us to treat this container as an immutable, throwable artifact. Plan is to include them to nasqueron/phabricator or override in a nasqueron/devcentral image. ## Tasks to do ### Hosting To allow to clone repo per SSH and interact with them: # Provide a SSH configuration: P292, we can drop `Port 5022` as it was only used when DevCentral was on Dwellers and some other containers or locally we needed to interact with DevCentral # Create a vcs user for SSH access: `vcs:x:432:433:Phabricator VCS SSH access:/var/vcs:/bin/sh` # Give permission to vcs to sudo as app for VCS commands: `vcs ALL=(app) SETENV: NOPASSWD: /usr/bin/git, /usr/bin/hg, /usr/bin/svnserve, /usr/bin/git-upload-pack, /usr/bin/git-receive-pack` - could be saved as /etc/sudoers.d/phabricator-hosting # Create an unit to launch SSH as /usr/sbin/sshd -f /etc/sudoers.d/phabricator-hosting # Expose port 22

Some components are missing from the nasqueron/phabricator image: - the ability to fetch code from a private repository for arcanist, libphutil and phabricator - the autoupdate mechanism to check if a production branch can be rebased against master - the SSH daemons Currently, they're manually installed. That forbids us to treat this container as an immutable, throwable artifact. Plan is to include them to nasqueron/phabricator or override in a nasqueron/devcentral image. ## Tasks to do ### Hosting To allow to clone repo per SSH and interact with them: # Provide a SSH configuration: P292, we can drop `Port 5022` as it was only used when DevCentral was on Dwellers and some other containers or locally we needed to interact with DevCentral # Create a vcs user for SSH access: `vcs:x:432:433:Phabricator VCS SSH access:/var/vcs:/bin/sh` # Give permission to vcs to sudo as app for VCS commands: `vcs ALL=(app) SETENV: NOPASSWD: /usr/bin/git, /usr/bin/hg, /usr/bin/svnserve, /usr/bin/git-upload-pack, /usr/bin/git-receive-pack` - could be saved as /etc/sudoers.d/phabricator-hosting # Create an unit to launch SSH as /usr/sbin/sshd -f /etc/sudoers.d/phabricator-hosting # Expose port 22