Initial import

I've sent a mail to Wolfgang asking for the permission to publish the
files under the AGPLv3 (or later) license:
    I'd like to publish the /etc/apache2 configuration that you (Wolfgang)
    contributed to under the AGPLv3 license.

    If I recall well Wolfgang and me are the only contributors to that
    configuration (please do correct me if I'm wrong here).

    Can I publish it in git if I also add Wolfgang as an Author and say I
    did some changes later on?

And in his reply Wolfgang agreed:
    sure, fine with me.

Paul Kocialkowski also had access to the server before that but he doesn't
seem to have modified the apache2 configuration. From #replicant on Freenode
the 22 April 2021:

[...]
18:08 <@GNUtoo> If that's not the issue the reality is that we didn't
                publish part of the Replicant source code: the apache2
		redirect rules are missing
18:09 <@GNUtoo> I've already contacted paulk-leonov and Wolfgang for
                the permission to publish them
[...]
18:45 <@paulk-leonov> GNUtoo: ah right I got an email about licensing
                      for some files
18:45 <@paulk-leonov> does it needs an answer from me?
18:45 <@paulk-leonov> if so, about which files ?
18:46 <@paulk-leonov> I didn't recognize any that I may have authored,
                      but maybe I forgot
19:18 <@GNUtoo> paulk-leonov: basically the config files in the server
19:18 <@GNUtoo> To save time, all the files that you touched there
19:19 <@GNUtoo> Some part of it is really crucial, like the apache2
                redirects configuration, as it's somehow part of the
		Replicant source code but it hasn't been published yet.
19:24 <@GNUtoo> paulk-leonov: Also note that I'll publish it as I go
                (assuming I've also got Wolfgang's agrement), so I'll
		probably choose which free software license to use for
		each git as I work on it
19:24 <@GNUtoo> That's why it's a very wide request

Joonas Kylmälä also got access to the server but I don't remember
him doing extensive changes in the apache2 configuration.

GNUtoo: reworked the redirects and minor changes
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>

4 files changed, 176 insertions, 0 deletions

diff --git a/sites-available/autoconfig.replicant.us.conf b/sites-available/autoconfig.replicant.us.conf
new file mode 100644
index 0000000..fac76d9
--- /dev/null
+++ b/sites-available/autoconfig.replicant.us.conf
@@ -0,0 +1,26 @@
+# Usage:
+# This virtual host is meant to be used to deploy a configuration file
+# for the email service that is currently using the autoconfig.replicant.us address
+<VirtualHost *:80>
+	ServerName		autoconfig.replicant.us
+	RewriteEngine		On
+	RewriteCond		%{HTTPS} off
+	RewriteCond		%{REMOTE_ADDR} !=127.0.0.1
+	RewriteRule		(.*) https://%{HTTP_HOST}%{REQUEST_URI}
+</VirtualHost>
+
+<IfModule mod_ssl.c>
+	<VirtualHost *:443>
+		ServerAdmin		contact@replicant.us
+		ServerName		autoconfig.replicant.us
+
+		DocumentRoot		/var/www/autoconfig.replicant.us
+
+		Header			always set Strict-Transport-Security "max-age=31536000;"
+
+		SSLEngine		On
+		SSLCertificateFile	/etc/letsencrypt/live/autoconfig.replicant.us/cert.pem
+		SSLCertificateChainFile	/etc/letsencrypt/live/autoconfig.replicant.us/chain.pem
+		SSLCertificateKeyFile	/etc/letsencrypt/live/autoconfig.replicant.us/privkey.pem
+	</VirtualHost>
+</IfModule>
diff --git a/sites-available/git.replicant.us.conf b/sites-available/git.replicant.us.conf
new file mode 100644
index 0000000..cbc91b9
--- /dev/null
+++ b/sites-available/git.replicant.us.conf
@@ -0,0 +1,127 @@
+ServerName git.replicant.us
+
+<VirtualHost *:80>
+	ServerName git.replicant.us
+
+	RewriteEngine On
+	RewriteCond %{HTTPS} off
+	RewriteCond %{REMOTE_ADDR} !=127.0.0.1
+	RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
+</VirtualHost>
+
+<IfModule mod_ssl.c>
+	<VirtualHost *:443>
+		ServerAdmin contact@replicant.us
+		ServerName git.replicant.us
+
+                DocumentRoot /var/www/git.replicant.us
+
+		RewriteEngine on
+
+                Alias /cgit.css /usr/share/cgit/cgit.css
+                Alias /cgit.png /usr/share/cgit/cgit.png
+
+                Alias /replicant_logo_white.png /var/www/git.replicant.us/htdocs/replicant_logo_white.png
+		Alias /replicant_favicon.ico /var/www/git.replicant.us/htdocs/replicant_favicon.ico
+                Alias /replicant_lineage.png /var/www/git.replicant.us/htdocs/replicant_lineage.png
+
+		AliasMatch ^/(.*).git/clone.bundle	/srv/git/bundles/$1.git/clone.bundle
+                AliasMatch ^/(.*)/clone.bundle		/srv/git/bundles/$1.git/clone.bundle
+
+		# The mirrors were moved to their own subdirectories but Replicant 6 still use
+		# the old URL
+		RedirectMatch "^/AOSP-mirror/(.*)"		"/mirrors/AOSP/$1"
+		RedirectMatch "^/LineageOS-mirror/(.*)"		"/mirrors/LineageOS/$1"
+		RedirectMatch "^/F-Droid-mirror/(.*)"		"/mirrors/F-Droid/$1"
+		RedirectMatch "^/AOSP-mirror"			"/mirrors/AOSP"
+		RedirectMatch "^/LineageOS-mirror"		"/mirrors/LineageOS"
+		RedirectMatch "^/F-Droid-mirror"		"/mirrors/F-Droid"
+
+		# Unlike Gitlab, this setup is case sensitive and there are differences between
+		# 4.2 and 6.0 in case
+		# Redirect /replicant/packages_apps_Settings.git /replicant/packages_apps_settings.git
+		# Redirect /replicant/packages_apps_Browser.git /replicant/packages_apps_browser.git
+		# Above was the previous way but that didn't work with Git protocol so we renamed the repos uppercase
+		# but then it broke http protocol so here we go again redirecting to uppercase:
+		Redirect /replicant/packages_apps_settings.git /replicant/packages_apps_Settings.git
+		Redirect /replicant/packages_apps_browser.git /replicant/packages_apps_Browser.git
+
+		# Other redirects
+		IncludeOptional git-redirects/aosp-mirror.conf
+		IncludeOptional git-redirects/contrib.conf
+		IncludeOptional git-redirects/infrastructure.conf
+		IncludeOptional git-redirects/replicant-4.2.conf
+                IncludeOptional git-redirects/replicant-6.0.conf
+
+                SetEnv GIT_PROJECT_ROOT /srv/git/git-data/repositories/
+                ScriptAliasMatch \
+                        "(?x)^/(.*/(HEAD | \
+                                info/refs | \
+                                objects/(info/[^/]+ | \
+                                         [0-9a-f]{2}/[0-9a-f]{38} | \
+                                        pack/pack-[0-9a-f]{40}\.(pack|idx)) | \
+                                git-upload-pack))$" \
+                        /usr/lib/git-core/git-http-backend/$1
+
+		ScriptAlias /contrib		/usr/lib/cgit/cgit.cgi
+		ScriptAlias /infrastructure	/usr/lib/cgit/cgit.cgi
+		ScriptAlias /mirrors		/usr/lib/cgit/cgit.cgi
+		ScriptAlias /replicant		/usr/lib/cgit/cgit.cgi
+		ScriptAlias /replicant-next	/usr/lib/cgit/cgit.cgi
+
+		<Location /contrib>
+	                  SetEnv CGIT_CONFIG /etc/cgit.d/contrib.conf
+		</Location>
+
+		<Location /infrastructure>
+			SetEnv CGIT_CONFIG /etc/cgit.d/infrastructure.conf
+		</Location>
+
+		<Location /mirrors>
+	                  SetEnv CGIT_CONFIG /etc/cgit.d/mirrors.conf
+		</Location>
+
+		<Location /replicant>
+	                  SetEnv CGIT_CONFIG /etc/cgit.d/replicant.conf
+		</Location>
+
+		<Location /replicant-next>
+	                  SetEnv CGIT_CONFIG /etc/cgit.d/replicant-next.conf
+		</Location>
+
+                # <Location /test>
+                #           SetEnv CGIT_CONFIG /etc/cgit.d/test.conf
+                # </Location>
+
+                 <Directory /usr/lib/git-core/>
+                        AllowOverride None
+                        Options +ExecCgi -MultiViews +SymLinksIfOwnerMatch
+                        Require all granted
+                </Directory>
+
+                <LocationMatch "^/.*/git-receive-pack$">
+                        Order deny,allow
+                        Deny from all
+                </LocationMatch>
+
+                <Directory /usr/local/lib/cgit/>
+                        AllowOverride None
+                        Options ExecCGI FollowSymlinks
+                        Require all granted
+                </Directory>
+
+		Header always set Strict-Transport-Security "max-age=31536000;"
+
+		SSLEngine On
+                SSLCertificateFile		/etc/letsencrypt/live/git.replicant.us/cert.pem
+                SSLCertificateChainFile		/etc/letsencrypt/live/git.replicant.us/chain.pem
+                SSLCertificateKeyFile		/etc/letsencrypt/live/git.replicant.us/privkey.pem
+
+                <FilesMatch "\.(cgi|shtml|phtml|php)$">
+                                SSLOptions +StdEnvVars
+                </FilesMatch>
+                <Directory /usr/lib/cgi-bin>
+                                SSLOptions +StdEnvVars
+                </Directory>
+	</VirtualHost>
+</IfModule>
diff --git a/sites-available/letsencrypt.conf b/sites-available/letsencrypt.conf
new file mode 100644
index 0000000..a00a1bf
--- /dev/null
+++ b/sites-available/letsencrypt.conf
@@ -0,0 +1,10 @@
+# This creates a webroot for certbot
+<VirtualHost *:80>
+    ServerName		imap.replicant.us
+    DocumentRoot	/var/www/letsencrypt/imap.replicant.us/
+</VirtualHost>
+
+<VirtualHost *:80>
+    ServerName          mx1.replicant.us
+    DocumentRoot        /var/www/letsencrypt/mx1.replicant.us/
+</VirtualHost>
diff --git a/sites-available/libsamsung-ipc.replicant.us.conf b/sites-available/libsamsung-ipc.replicant.us.conf
new file mode 100644
index 0000000..c758a14
--- /dev/null
+++ b/sites-available/libsamsung-ipc.replicant.us.conf
@@ -0,0 +1,13 @@
+ServerName libsamsung-ipc.replicant.us
+
+<VirtualHost *:80>
+	ServerName		libsamsung-ipc.replicant.us
+	Redirect 		permanent			/	https://redmine.replicant.us/projects/libsamsung-ipc/wiki/
+</VirtualHost>
+
+<IfModule mod_ssl.c>
+	<VirtualHost *:443>
+		ServerName	libsamsung-ipc.replicant.us
+		Redirect	permanent			/	https://redmine.replicant.us/projects/libsamsung-ipc/wiki/
+	</VirtualHost>
+</IfModule>