chore: add current provisioning state before migration

2025-09-22 23:11:41 +01:00 · 2025-09-22 23:11:41 +01:00 · 50745b0f22
commit 50745b0f22
parent a9703b4748
660 changed files with 88126 additions and 0 deletions
--- a/cluster/git/default/data.tar.gz
+++ b/cluster/git/default/data.tar.gz
--- a/cluster/git/default/gitconfig
+++ b/cluster/git/default/gitconfig
@ -0,0 +1,20 @@
+[user]
+	name = DevAdm
+	email = devadm@cloudnative.zone
+	signingkey = /home/devadm/.ssh/id_cdci.pub
+[filter "lfs"]
+	process = git-lfs filter-process
+	required = true
+	clean = git-lfs clean -- %f
+	smudge = git-lfs smudge -- %f
+[core]
+	quotepath = false
+[commit]
+	template = /home/devadm/.stCommitMsg
+	gpgsign = true
+[branch]
+	autosetuprebase = always
+[init]
+	defaultBranch = main
+[gpg]
+	format = ssh
--- a/cluster/git/default/gitea/full_app.ini
+++ b/cluster/git/default/gitea/full_app.ini
@ -0,0 +1,154 @@
+APP_NAME = Local Repo CloudNative zone
+RUN_MODE = prod
+RUN_USER = git
+WORK_PATH = /data/gitea
+
+[repository]
+ROOT = /data/git/repositories
+
+[repository.local]
+LOCAL_COPY_PATH = /data/gitea/tmp/local-repo
+
+[repository.upload]
+TEMP_PATH = /data/gitea/uploads
+
+[server]
+PROTOCOL = http
+APP_DATA_PATH = /data/gitea
+SSH_DOMAIN = localrepo.cloudnative.zone
+DOMAIN = localrepo.cloudnative.zone
+HTTP_ADDR = 0.0.0.0
+HTTP_PORT = 3000
+ROOT_URL = https://localrepo.cloudnative.zone/
+DISABLE_SSH = false
+LFS_START_SERVER = true
+shFS_MAX_FILE_SIZE = 0
+LFS_LOCK_PAGING_NUM = 50
+; Permission for unix socket
+UNIX_SOCKET_PERMISSION = 666
+START_SSH_SERVER = true
+BUILTIN_SSH_SERVER_USER = git
+; The network interface the builtin SSH server should listen on
+; SSH_LISTEN_HOST =
+; Port number to be exposed in clone URL
+SSH_PORT = 2022
+; The port number the builtin SSH server should listen on
+SSH_LISTEN_PORT = %(SSH_PORT)s
+; Root path of SSH directory, default is '~/.ssh', but you have to use '/home/git/.ssh'.
+; SSH_ROOT_PATH =
+SSH_ROOT_PATH = /data/git/repositories
+; Gitea will create a authorized_keys file by default when it is not using the internal ssh server
+; If you intend to use the AuthorizedKeysCommand functionality then you should turn this off.
+SSH_CREATE_AUTHORIZED_KEYS_FILE = false
+; For the built-in SSH server, choose the ciphers to support for SSH connections,
+; for system SSH this setting has no effect
+SSH_SERVER_CIPHERS = aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, arcfour256, arcfour128
+; For the built-in SSH server, choose the key exchange algorithms to support for SSH connections
+; for system SSH this setting has no effect
+SSH_SERVER_KEY_EXCHANGES = diffie-hellman-group1-sha1, diffie-hellman-group14-sha1, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, curve25519-sha256@libssh.org
+; for system SSH this setting has no effect
+SSH_SERVER_MACS = hmac-sha2-256-etm@openssh.com, hmac-sha2-256, hmac-sha1, hmac-sha1-96
+; Directory to create temporary files in when testing public keys using ssh-keygen,
+; default is the system temporary directory.
+; SSH_KEY_TEST_PATH =
+; Path to ssh-keygen, default is 'ssh-keygen' which means the shell is responsible for finding out which one to call.
+SSH_KEYGEN_PATH = ssh-keygen
+; Enable SSH Authorized Key Backup when rewriting all keys, default is true
+SSH_BACKUP_AUTHORIZED_KEYS = true
+; Enable exposure of SSH clone URL to anonymous visitors, default is false
+SSH_EXPOSE_ANONYMOUS = false
+; Indicate whether to check minimum key size with corresponding type
+MINIMUM_KEY_SIZE_CHECK = false
+; Disable CDN even in "prod" mode
+DISABLE_ROUTER_LOG = false
+OFFLINE_MODE = true
+
+; Generate steps:
+; $ ./gitea cert -ca=true -duration=8760h0m0s -host=myhost.example.com
+; 
+; Or from a .pfx file exported from the Windows certificate store (do
+; not forget to export the private key):
+; $ openssl pkcs12 -in cert.pfx -out cert.pem -nokeys
+; $ openssl pkcs12 -in cert.pfx -out key.pem -nocerts -nodes
+# CERT_FILE                       = /data/gitea/conf/ssl/fullchain.pem
+# KEY_FILE                        = /data/gitea/conf/ssl/privkey.pem
+[database]
+PATH = /data/gitea/gitea.db
+DB_TYPE = postgres
+HOST = db:5432
+NAME = gitea
+USER = gitea
+PASSWD = gitea
+LOG_SQL = false
+SCHEMA = 
+SSL_MODE = disable
+
+[indexer]
+ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve
+
+[session]
+PROVIDER_CONFIG = /data/gitea/sessions
+PROVIDER = file
+
+[picture]
+AVATAR_UPLOAD_PATH = /data/gitea/avatars
+REPOSITORY_AVATAR_UPLOAD_PATH = /data/gitea/repo-avatars
+
+[attachment]
+PATH = /data/gitea/attachments
+
+[log]
+MODE = console
+LEVEL = info
+ROOT_PATH = /data/gitea/log
+
+[security]
+INSTALL_LOCK = false
+SECRET_KEY = 
+REVERSE_PROXY_LIMIT = 1
+REVERSE_PROXY_TRUSTED_PROXIES = *
+PASSWORD_HASH_ALGO = pbkdf2
+
+[service]
+DISABLE_REGISTRATION = false
+REQUIRE_SIGNIN_VIEW = false
+REGISTER_EMAIL_CONFIRM = false
+ENABLE_NOTIFY_MAIL = false
+ALLOW_ONLY_EXTERNAL_REGISTRATION = false
+ENABLE_CAPTCHA = false
+DEFAULT_KEEP_EMAIL_PRIVATE = false
+DEFAULT_ALLOW_CREATE_ORGANIZATION = true
+DEFAULT_ENABLE_TIMETRACKING = true
+NO_REPLY_ADDRESS = noreply.localrepo.cloudnative.zone
+
+[lfs]
+PATH = /data/git/lfs
+
+[mailer]
+ENABLED = false
+
+[openid]
+ENABLE_OPENID_SIGNIN = true
+ENABLE_OPENID_SIGNUP = true
+
+[cron.update_checker]
+ENABLED = false
+
+[repository.pull-request]
+DEFAULT_MERGE_STYLE = merge
+
+[repository.signing]
+DEFAULT_TRUST_MODEL = committer
+
+[oauth2]
+
+[webhook] 
+; Hook task queue length, increase if webhook shooting starts hanging
+QUEUE_LENGTH    = 1000
+; Deliver timeout in seconds
+DELIVER_TIMEOUT =
+; Allow insecure certification
+SKIP_TLS_VERIFY = false
+; Number of history information in each page
+PAGING_NUM      = 10
+ALLOWED_HOST_LIST = 10.11.1.0/24
--- a/cluster/git/default/gitea/patch-app-ini.sh
+++ b/cluster/git/default/gitea/patch-app-ini.sh
@ -0,0 +1,18 @@
+#!/bin/bash
+# Info: Script to patch Gita app.ini after init 
+# Author: JesusPerezLorenzo 
+# Release: 1.0
+# Date: 19-11-2023
+
+ROOT_DATA=${ROOT_DATA:-/data}
+DATA_REPO=${DATA_REPO:-$ROOT_DATA/repo}
+
+[ ! -r "$DATA_REPO/gitea/conf/app.ini" ] && echo "Error: app.ini not found " && exit 1
+
+[ ! -r "gitea/webhook_app.ini" ]  && echo "Error: no gitea/webhook_api.ini" && exit 1 
+
+if ! grep -q "\[webhook\]" "$DATA_REPO/gitea/conf/app.ini" ; then
+     	cat gitea/webhook_app.ini >> "$DATA_REPO/gitea/conf/app.ini" 
+	sudo systemctl restart pod-repo.service
+fi
+
--- a/cluster/git/default/gitea/webhook_app.ini
+++ b/cluster/git/default/gitea/webhook_app.ini
@ -0,0 +1,11 @@
+
+[webhook] 
+; Hook task queue length, increase if webhook shooting starts hanging
+QUEUE_LENGTH    = 1000
+; Deliver timeout in seconds
+DELIVER_TIMEOUT =
+; Allow insecure certification
+SKIP_TLS_VERIFY = false
+; Number of history information in each page
+PAGING_NUM      = 10
+ALLOWED_HOST_LIST = 10.11.1.0/24
--- a/cluster/git/default/install-git.sh
+++ b/cluster/git/default/install-git.sh
@ -0,0 +1,95 @@
+#!/bin/bash
+# Info: Script to install/create service pod_repo
+# Author: JesusPerezLorenzo 
+# Release: 1.0
+# Date: 19-11-2023
+
+ROOT_DATA=${ROOT_DATA:-/data}
+DATA_REPO=${DATA_REPO:-$ROOT_DATA/repo}
+DATA_DOC=${DATA_DOC:-$ROOT_DATA/doc}
+DATA_DBS=${DATA_DBS:-$ROOT_DATA/dbs}
+DATA_WEBHOOKS=${DATA_WEBHOOKS:-$ROOT_DATA/webhooks}
+
+ROOT_SOURCE=$(dirname "$0")
+
+exit 1
+sudo mkdir -p $ROOT_DATA
+sudo chown -R $(id -u):$(id -g)  $ROOT_DATA
+
+if [ ! -r "env" ] ; then 
+	echo "# Env settings " >env
+	echo "DATA_REPO=$DATA_REPO" >>env
+	echo "DATA_DOC=$DATA_DOC" >>env
+	echo "DATA_DBS=$DATA_DBS" >>env
+fi
+
+if [ ! -d "$DATA_REPO" ] && [ -r "$ROOT_SOURCE/data.tar.gz" ] ; then 
+   sudo tar -C / -xzf "$ROOT_SOURCE/data.tar.gz" && echo "Data Services installed !"
+else
+	sudo mkdir -p $DATA_REPO/gitea/conf
+	sudo mkdir -p $DATA_DOC
+	sudo mkdir -p $DATA_DBS
+fi
+
+hostname=$(hostname -s)
+id=$(id -u)
+
+if [ -r "gitconfig" ] ; then 
+   [ ! -r "$HOME/.gitconfig" ] && cp gitconfig "$HOME/.gitconfig" 
+   [ -d "/home/devadm" ] && [ ! -r "/home/devadm/.gitconfig" ] && sudo cp gitconfig "/home/devadm/.gitconfig"  && sudo chown devadm "/home/devadm/.gitconfig"
+fi
+
+[ ! -d "/dao/$hostname/services/pod_repo" ] && sudo mkdir -p "/dao/$hostname/services/pod_repo"  
+
+sudo chown -R $id /dao  
+
+cp -pr *  "/dao/$hostname/services/pod_repo"
+
+cd  "/dao/$hostname/services/pod_repo"  || exit 1
+
+if [ -r "gitea/full_app.ini" ] && [ ! -r "$DATA_REPO/gitea/conf/app.ini" ] ; then
+   cp gitea/full_app.ini "$DATA_REPO/gitea/conf/app.ini"
+fi
+
+if [ ! -r "app.ini" ] ; then 
+   ln -s $DATA_REPO/gitea/conf/app.ini . 
+fi
+
+# [ -r "bin/apply.sh" ] && ./bin/apply.sh 
+
+# Add systemd service
+sudo cp pod-repo.service /lib/systemd/system
+sudo systemctl daemon-reload
+sudo systemctl enable pod-repo.service
+sudo systemctl restart pod-repo.service
+
+if [ -r 'ddeploy_docker-compose.yml' ] ; then 
+   mv deploy_docker-compose.yml docker-compose.yml
+   val_timeout=10
+   wait=10
+   echo -n "Waiting services to come up ... "
+   while [ -z "$nc_port" ] 
+   do 
+     if nc -zv -w 1 "10.11.1.10" 3000 >/dev/null 2>/dev/null ; then 
+       nc_port=1	
+     fi
+     if [ -z "$nc_port" ] ; then 
+       sleep "$wait"
+       num=$((num + wait))
+       [ "$val_timeout" -gt  0 ] && [ "$num" -gt "$val_timeout" ] && break
+       echo -n "$num "
+     fi
+   done
+   echo ""
+   [ -r "gitea/full_app.ini" ] &&  cp gitea/full_app.ini "$DATA_REPO/gitea/conf/app.ini"
+   sudo systemctl restart pod-repo.service
+fi
+
+# Fix /etc/hosts for repo operations 
+sudo sed -i /^10.11.1.10/d /etc/hosts 
+sudo sed -i "s/$hostname/$hostname.pub/g" /etc/hosts 
+echo "10.11.1.10 $hostname localrepo.cloudnative.zone"  | sudo tee -a /etc/hosts
+
+
+exit 0
+
--- a/cluster/git/default/nginx.conf
+++ b/cluster/git/default/nginx.conf
@ -0,0 +1,56 @@
+worker_processes 1;
+user root root;
+
+events { worker_connections 1024; }
+http {
+
+    sendfile on;
+
+    upstream gitea {
+        server basecamp-0:3000;
+    }
+
+    server {
+	#listen 80;
+	#server_name basecamp-0;
+	listen 443 ssl;
+        listen [::]:443 ssl;
+       	http2 on;
+	server_name localrepo.cloudnative.zone
+        charset utf-8;
+        client_max_body_size 300m;
+	# Paths to certificate files.
+        ssl_certificate /etc/ssl-dom/fullchain.pem;
+        ssl_certificate_key /etc/ssl-dom/privkey.pem;
+        # File to be used as index
+        index index.html;
+
+        # Overrides logs defined in nginx.conf, allows per site logs.
+	# error_log /dev/stdout warn;
+	#access_log /dev/stdout main;
+
+        location / {
+            proxy_pass http://gitea/;
+
+            proxy_redirect   off;
+            proxy_set_header Host $host:$server_port;
+            proxy_set_header X-Forwarded-Proto $scheme;
+	    proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-NginX-Proxy true;
+            proxy_set_header Referer $http_referer;
+            proxy_http_version 1.1;
+            proxy_hide_header X-Powered-By;
+        }
+
+        location /doc/ {
+            autoindex on;
+            alias /doc/;
+        }
+    }
+    server {
+      listen 80;
+      listen [::]:80;
+      return 301 https://$host$request_uri;
+    }
+}
--- a/cluster/git/default/ssl/cert.pem
+++ b/cluster/git/default/ssl/cert.pem
@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIENjCCAx6gAwIBAgISA3koQWqBejvQFqDe89mHEnQGMA0GCSqGSIb3DQEBCwUA
+MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
+EwJSMzAeFw0yMzEwMjIwOTQ5NTBaFw0yNDAxMjAwOTQ5NDlaMCUxIzAhBgNVBAMT
+GmxvY2FscmVwby5jbG91ZG5hdGl2ZS56b25lMFkwEwYHKoZIzj0CAQYIKoZIzj0D
+AQcDQgAEl1tWJ1J7rxIjtN64tcvwhSKJVLB4C7uJQafTph5HqCBX8YQtFlWDL6r4
+CqT7I6xZoVT8+rBmd3Km1NX8sDkagKOCAhwwggIYMA4GA1UdDwEB/wQEAwIHgDAd
+BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNV
+HQ4EFgQUBpEVhM1Mz7pZ6VkDgXA5dVv+FrkwHwYDVR0jBBgwFoAUFC6zF7dYVsuu
+UAlA5h+vnYsUwsYwVQYIKwYBBQUHAQEESTBHMCEGCCsGAQUFBzABhhVodHRwOi8v
+cjMuby5sZW5jci5vcmcwIgYIKwYBBQUHMAKGFmh0dHA6Ly9yMy5pLmxlbmNyLm9y
+Zy8wJQYDVR0RBB4wHIIabG9jYWxyZXBvLmNsb3VkbmF0aXZlLnpvbmUwEwYDVR0g
+BAwwCjAIBgZngQwBAgEwggEEBgorBgEEAdZ5AgQCBIH1BIHyAPAAdgDatr9rP7W2
+Ip+bwrtca+hwkXFsu1GEhTS9pD0wSNf7qwAAAYtXAWRrAAAEAwBHMEUCIQDQZM3i
+3f39bi+vRyN4tTuQGHB7rw4Ik2KEeBJPb19hagIgHh8b3chscsG7VQiAeR5bx7Yk
+5OiJjjjq1zcfjT7GyY4AdgA7U3d1Pi25gE6LMFsG/kA7Z9hPw/THvQANLXJv4frU
+FwAAAYtXAWRYAAAEAwBHMEUCIE8i31Q7bMb4E4zZwe5Q1C4B/vZLmeVTW07Pq9TM
+XqHiAiEAz+LjDT+kA1kn/Pm6a2coQOQ1IDPO9KOYjM9xmLm0DnswDQYJKoZIhvcN
+AQELBQADggEBADPEPYQsHNRnAPdzHZLgoiTqedZtQE6OaDai3J+wWcRO0DbYFBSg
+5rg8yRSqoQLxAxBSu2R+ZOEFru/b/nzDycMTIM0rNCNeEAPVbPntrUPDzKKI/KDS
+u2hMZBoAz0G/5oFtZU65pLACOy+4NNvQPI0ZGMqSXO5IK4bNXMX67jRVQU/tNVIx
+Ci18lsiS+jpH6BB3CDxRFVRCm/fYIbAEgevGrdsQDTX0O2FEkelgEuKsxwGY3rnN
+ovONHsYx1azojcNyJ0H33b7JcrOPEHfuxsqwE3VpGqJGDcXSLVJzEg6es24UESJG
+F8G/vRJmWCT+Q3xOhynQCgufMlOBOoFJDKA=
+-----END CERTIFICATE-----
--- a/cluster/git/default/ssl/chain.pem
+++ b/cluster/git/default/ssl/chain.pem
@ -0,0 +1,61 @@
+-----BEGIN CERTIFICATE-----
+MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw
+TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
+cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw
+WhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
+RW5jcnlwdDELMAkGA1UEAxMCUjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQC7AhUozPaglNMPEuyNVZLD+ILxmaZ6QoinXSaqtSu5xUyxr45r+XXIo9cP
+R5QUVTVXjJ6oojkZ9YI8QqlObvU7wy7bjcCwXPNZOOftz2nwWgsbvsCUJCWH+jdx
+sxPnHKzhm+/b5DtFUkWWqcFTzjTIUu61ru2P3mBw4qVUq7ZtDpelQDRrK9O8Zutm
+NHz6a4uPVymZ+DAXXbpyb/uBxa3Shlg9F8fnCbvxK/eG3MHacV3URuPMrSXBiLxg
+Z3Vms/EY96Jc5lP/Ooi2R6X/ExjqmAl3P51T+c8B5fWmcBcUr2Ok/5mzk53cU6cG
+/kiFHaFpriV1uxPMUgP17VGhi9sVAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMC
+AYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYB
+Af8CAQAwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB8GA1UdIwQYMBaA
+FHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw
+AoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzAnBgNVHR8EIDAeMBygGqAYhhZodHRw
+Oi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQB
+gt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCFyk5HPqP3hUSFvNVneLKYY611TR6W
+PTNlclQtgaDqw+34IL9fzLdwALduO/ZelN7kIJ+m74uyA+eitRY8kc607TkC53wl
+ikfmZW4/RvTZ8M6UK+5UzhK8jCdLuMGYL6KvzXGRSgi3yLgjewQtCPkIVz6D2QQz
+CkcheAmCJ8MqyJu5zlzyZMjAvnnAT45tRAxekrsu94sQ4egdRCnbWSDtY7kh+BIm
+lJNXoB1lBMEKIq4QDUOXoRgffuDghje1WrG9ML+Hbisq/yFOGwXD9RiX8F6sw6W4
+avAuvDszue5L3sz85K+EC4Y/wFVDNvZo4TYXao6Z0f+lQKc0t8DQYzk1OXVu8rp2
+yJMC6alLbBfODALZvYH7n7do1AZls4I9d1P4jnkDrQoxB3UqQ9hVl3LEKQ73xF1O
+yK5GhDDX8oVfGKF5u+decIsH4YaTw7mP3GFxJSqv3+0lUFJoi5Lc5da149p90Ids
+hCExroL1+7mryIkXPeFM5TgO9r0rvZaBFOvV2z0gp35Z0+L4WPlbuEjN/lxPFin+
+HlUjr8gRsI3qfJOQFy/9rKIJR0Y/8Omwt/8oTWgy1mdeHmmjk7j1nYsvC9JSQ6Zv
+MldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX
+nLRbwHOoq7hHwg==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFYDCCBEigAwIBAgIQQAF3ITfU6UK47naqPGQKtzANBgkqhkiG9w0BAQsFADA/
+MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
+DkRTVCBSb290IENBIFgzMB4XDTIxMDEyMDE5MTQwM1oXDTI0MDkzMDE4MTQwM1ow
+TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
+cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwggIiMA0GCSqGSIb3DQEB
+AQUAA4ICDwAwggIKAoICAQCt6CRz9BQ385ueK1coHIe+3LffOJCMbjzmV6B493XC
+ov71am72AE8o295ohmxEk7axY/0UEmu/H9LqMZshftEzPLpI9d1537O4/xLxIZpL
+wYqGcWlKZmZsj348cL+tKSIG8+TA5oCu4kuPt5l+lAOf00eXfJlII1PoOK5PCm+D
+LtFJV4yAdLbaL9A4jXsDcCEbdfIwPPqPrt3aY6vrFk/CjhFLfs8L6P+1dy70sntK
+4EwSJQxwjQMpoOFTJOwT2e4ZvxCzSow/iaNhUd6shweU9GNx7C7ib1uYgeGJXDR5
+bHbvO5BieebbpJovJsXQEOEO3tkQjhb7t/eo98flAgeYjzYIlefiN5YNNnWe+w5y
+sR2bvAP5SQXYgd0FtCrWQemsAXaVCg/Y39W9Eh81LygXbNKYwagJZHduRze6zqxZ
+Xmidf3LWicUGQSk+WT7dJvUkyRGnWqNMQB9GoZm1pzpRboY7nn1ypxIFeFntPlF4
+FQsDj43QLwWyPntKHEtzBRL8xurgUBN8Q5N0s8p0544fAQjQMNRbcTa0B7rBMDBc
+SLeCO5imfWCKoqMpgsy6vYMEG6KDA0Gh1gXxG8K28Kh8hjtGqEgqiNx2mna/H2ql
+PRmP6zjzZN7IKw0KKP/32+IVQtQi0Cdd4Xn+GOdwiK1O5tmLOsbdJ1Fu/7xk9TND
+TwIDAQABo4IBRjCCAUIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw
+SwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1
+c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx
+tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEB
+ATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQu
+b3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9E
+U1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFHm0WeZ7tuXkAXOACIjIGlj26Ztu
+MA0GCSqGSIb3DQEBCwUAA4IBAQAKcwBslm7/DlLQrt2M51oGrS+o44+/yQoDFVDC
+5WxCu2+b9LRPwkSICHXM6webFGJueN7sJ7o5XPWioW5WlHAQU7G75K/QosMrAdSW
+9MUgNTP52GE24HGNtLi1qoJFlcDyqSMo59ahy2cI2qBDLKobkx/J3vWraV0T9VuG
+WCLKTVXkcGdtwlfFRjlBz4pYg1htmf5X6DYO8A4jqv2Il9DjXA6USbW1FzXSLr9O
+he8Y4IWS6wY7bCkjCWDcRQJMEhg76fsO3txE+FiYruq9RUWhiF1myv4Q6W+CyBFC
+Dfvp7OOGAN6dEOM4+qR9sdjoSYKEBpsr6GtPAQw4dy753ec5
+-----END CERTIFICATE-----
--- a/cluster/git/default/ssl/fullchain.pem
+++ b/cluster/git/default/ssl/fullchain.pem
@ -0,0 +1,86 @@
+-----BEGIN CERTIFICATE-----
+MIIENjCCAx6gAwIBAgISA3koQWqBejvQFqDe89mHEnQGMA0GCSqGSIb3DQEBCwUA
+MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
+EwJSMzAeFw0yMzEwMjIwOTQ5NTBaFw0yNDAxMjAwOTQ5NDlaMCUxIzAhBgNVBAMT
+GmxvY2FscmVwby5jbG91ZG5hdGl2ZS56b25lMFkwEwYHKoZIzj0CAQYIKoZIzj0D
+AQcDQgAEl1tWJ1J7rxIjtN64tcvwhSKJVLB4C7uJQafTph5HqCBX8YQtFlWDL6r4
+CqT7I6xZoVT8+rBmd3Km1NX8sDkagKOCAhwwggIYMA4GA1UdDwEB/wQEAwIHgDAd
+BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNV
+HQ4EFgQUBpEVhM1Mz7pZ6VkDgXA5dVv+FrkwHwYDVR0jBBgwFoAUFC6zF7dYVsuu
+UAlA5h+vnYsUwsYwVQYIKwYBBQUHAQEESTBHMCEGCCsGAQUFBzABhhVodHRwOi8v
+cjMuby5sZW5jci5vcmcwIgYIKwYBBQUHMAKGFmh0dHA6Ly9yMy5pLmxlbmNyLm9y
+Zy8wJQYDVR0RBB4wHIIabG9jYWxyZXBvLmNsb3VkbmF0aXZlLnpvbmUwEwYDVR0g
+BAwwCjAIBgZngQwBAgEwggEEBgorBgEEAdZ5AgQCBIH1BIHyAPAAdgDatr9rP7W2
+Ip+bwrtca+hwkXFsu1GEhTS9pD0wSNf7qwAAAYtXAWRrAAAEAwBHMEUCIQDQZM3i
+3f39bi+vRyN4tTuQGHB7rw4Ik2KEeBJPb19hagIgHh8b3chscsG7VQiAeR5bx7Yk
+5OiJjjjq1zcfjT7GyY4AdgA7U3d1Pi25gE6LMFsG/kA7Z9hPw/THvQANLXJv4frU
+FwAAAYtXAWRYAAAEAwBHMEUCIE8i31Q7bMb4E4zZwe5Q1C4B/vZLmeVTW07Pq9TM
+XqHiAiEAz+LjDT+kA1kn/Pm6a2coQOQ1IDPO9KOYjM9xmLm0DnswDQYJKoZIhvcN
+AQELBQADggEBADPEPYQsHNRnAPdzHZLgoiTqedZtQE6OaDai3J+wWcRO0DbYFBSg
+5rg8yRSqoQLxAxBSu2R+ZOEFru/b/nzDycMTIM0rNCNeEAPVbPntrUPDzKKI/KDS
+u2hMZBoAz0G/5oFtZU65pLACOy+4NNvQPI0ZGMqSXO5IK4bNXMX67jRVQU/tNVIx
+Ci18lsiS+jpH6BB3CDxRFVRCm/fYIbAEgevGrdsQDTX0O2FEkelgEuKsxwGY3rnN
+ovONHsYx1azojcNyJ0H33b7JcrOPEHfuxsqwE3VpGqJGDcXSLVJzEg6es24UESJG
+F8G/vRJmWCT+Q3xOhynQCgufMlOBOoFJDKA=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw
+TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
+cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw
+WhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
+RW5jcnlwdDELMAkGA1UEAxMCUjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQC7AhUozPaglNMPEuyNVZLD+ILxmaZ6QoinXSaqtSu5xUyxr45r+XXIo9cP
+R5QUVTVXjJ6oojkZ9YI8QqlObvU7wy7bjcCwXPNZOOftz2nwWgsbvsCUJCWH+jdx
+sxPnHKzhm+/b5DtFUkWWqcFTzjTIUu61ru2P3mBw4qVUq7ZtDpelQDRrK9O8Zutm
+NHz6a4uPVymZ+DAXXbpyb/uBxa3Shlg9F8fnCbvxK/eG3MHacV3URuPMrSXBiLxg
+Z3Vms/EY96Jc5lP/Ooi2R6X/ExjqmAl3P51T+c8B5fWmcBcUr2Ok/5mzk53cU6cG
+/kiFHaFpriV1uxPMUgP17VGhi9sVAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMC
+AYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYB
+Af8CAQAwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB8GA1UdIwQYMBaA
+FHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw
+AoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzAnBgNVHR8EIDAeMBygGqAYhhZodHRw
+Oi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQB
+gt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCFyk5HPqP3hUSFvNVneLKYY611TR6W
+PTNlclQtgaDqw+34IL9fzLdwALduO/ZelN7kIJ+m74uyA+eitRY8kc607TkC53wl
+ikfmZW4/RvTZ8M6UK+5UzhK8jCdLuMGYL6KvzXGRSgi3yLgjewQtCPkIVz6D2QQz
+CkcheAmCJ8MqyJu5zlzyZMjAvnnAT45tRAxekrsu94sQ4egdRCnbWSDtY7kh+BIm
+lJNXoB1lBMEKIq4QDUOXoRgffuDghje1WrG9ML+Hbisq/yFOGwXD9RiX8F6sw6W4
+avAuvDszue5L3sz85K+EC4Y/wFVDNvZo4TYXao6Z0f+lQKc0t8DQYzk1OXVu8rp2
+yJMC6alLbBfODALZvYH7n7do1AZls4I9d1P4jnkDrQoxB3UqQ9hVl3LEKQ73xF1O
+yK5GhDDX8oVfGKF5u+decIsH4YaTw7mP3GFxJSqv3+0lUFJoi5Lc5da149p90Ids
+hCExroL1+7mryIkXPeFM5TgO9r0rvZaBFOvV2z0gp35Z0+L4WPlbuEjN/lxPFin+
+HlUjr8gRsI3qfJOQFy/9rKIJR0Y/8Omwt/8oTWgy1mdeHmmjk7j1nYsvC9JSQ6Zv
+MldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX
+nLRbwHOoq7hHwg==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFYDCCBEigAwIBAgIQQAF3ITfU6UK47naqPGQKtzANBgkqhkiG9w0BAQsFADA/
+MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
+DkRTVCBSb290IENBIFgzMB4XDTIxMDEyMDE5MTQwM1oXDTI0MDkzMDE4MTQwM1ow
+TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
+cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwggIiMA0GCSqGSIb3DQEB
+AQUAA4ICDwAwggIKAoICAQCt6CRz9BQ385ueK1coHIe+3LffOJCMbjzmV6B493XC
+ov71am72AE8o295ohmxEk7axY/0UEmu/H9LqMZshftEzPLpI9d1537O4/xLxIZpL
+wYqGcWlKZmZsj348cL+tKSIG8+TA5oCu4kuPt5l+lAOf00eXfJlII1PoOK5PCm+D
+LtFJV4yAdLbaL9A4jXsDcCEbdfIwPPqPrt3aY6vrFk/CjhFLfs8L6P+1dy70sntK
+4EwSJQxwjQMpoOFTJOwT2e4ZvxCzSow/iaNhUd6shweU9GNx7C7ib1uYgeGJXDR5
+bHbvO5BieebbpJovJsXQEOEO3tkQjhb7t/eo98flAgeYjzYIlefiN5YNNnWe+w5y
+sR2bvAP5SQXYgd0FtCrWQemsAXaVCg/Y39W9Eh81LygXbNKYwagJZHduRze6zqxZ
+Xmidf3LWicUGQSk+WT7dJvUkyRGnWqNMQB9GoZm1pzpRboY7nn1ypxIFeFntPlF4
+FQsDj43QLwWyPntKHEtzBRL8xurgUBN8Q5N0s8p0544fAQjQMNRbcTa0B7rBMDBc
+SLeCO5imfWCKoqMpgsy6vYMEG6KDA0Gh1gXxG8K28Kh8hjtGqEgqiNx2mna/H2ql
+PRmP6zjzZN7IKw0KKP/32+IVQtQi0Cdd4Xn+GOdwiK1O5tmLOsbdJ1Fu/7xk9TND
+TwIDAQABo4IBRjCCAUIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw
+SwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1
+c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx
+tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEB
+ATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQu
+b3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9E
+U1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFHm0WeZ7tuXkAXOACIjIGlj26Ztu
+MA0GCSqGSIb3DQEBCwUAA4IBAQAKcwBslm7/DlLQrt2M51oGrS+o44+/yQoDFVDC
+5WxCu2+b9LRPwkSICHXM6webFGJueN7sJ7o5XPWioW5WlHAQU7G75K/QosMrAdSW
+9MUgNTP52GE24HGNtLi1qoJFlcDyqSMo59ahy2cI2qBDLKobkx/J3vWraV0T9VuG
+WCLKTVXkcGdtwlfFRjlBz4pYg1htmf5X6DYO8A4jqv2Il9DjXA6USbW1FzXSLr9O
+he8Y4IWS6wY7bCkjCWDcRQJMEhg76fsO3txE+FiYruq9RUWhiF1myv4Q6W+CyBFC
+Dfvp7OOGAN6dEOM4+qR9sdjoSYKEBpsr6GtPAQw4dy753ec5
+-----END CERTIFICATE-----
--- a/cluster/git/default/ssl/privkey.pem
+++ b/cluster/git/default/ssl/privkey.pem
@ -0,0 +1,5 @@
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgrLTLOsZOzsPArsTQ
+wTBTQPrN/CiYAc5JoYtJeiCVlD6hRANCAASXW1YnUnuvEiO03ri1y/CFIolUsHgL
+u4lBp9OmHkeoIFfxhC0WVYMvqvgKpPsjrFmhVPz6sGZ3cqbU1fywORqA
+-----END PRIVATE KEY-----