# New CVS setup accessible by local users locally or via ssh:

# Create cvs user and group, to own the repositories:
mkdir /var/cvs-repos
useradd -c "CVS User" -d /var/cvs-repos -M cvs -s /sbin/nologin
gpasswd -a wpollock cvs
gpasswd -a rabaut cvs
pwck
grpck
chage -l cvs
chage -E -1 cvs

# Setup email aliases for cvs and cvs-admin-<repositoryName>:
vi /etc/aliases  # forward to wpollock, on localhost
newaliases  # or: postalias /etc/aliases

# Set up a group quota for /var, for group "cvs":
cd /var
touch aquota.group
chmod a+r  aquota.group

vi /etc/fstab
#  Changed this line:
# /dev/sda5  /var  ext3  defaults,usrquota,grpquota,nodev,acl  1 2

mount /var -o remount
quotacheck -vgcM /var
setquota -g cvs 100000 150000 300 500 /var

# Set correct owner, group for ~cvs, and set default permissions:
cd ~cvs
mkdir .ssh
chown -R cvs.cvs .
chmod g+ws .
setfacl -m d:g:cvs:rwX .

# Create a repository for the COP-2805 class:
mkdir cop2805
export CVSROOT=/var/cvs-repos/cop2805
cvs init
cd
mkdir cvsproj
cd cvsproj
cvs import -m 'Create empty project' cvsproj vendor start
cd 
rmdir cvsproj

vi ~/.bash_profile  # export CVSROOT and CVSRSH

# Configure repository:
cvs checkout CVSROOT
cd CVSROOT

vi notify
tail notify
    #  ALL mail -s "YborStudent CVS notification - cop2805" cvs

vi users  # Lists email address to use, rather than local mail
cat users
    wpollock:pollock@acm.org

#vi readers  # Not needed for class setup, allows anonymous checkout:
#    anonymous
# cvs add readers

cvs add users

cvs commit -m 'Allow use of cvs watch command' notify users # readers

vi loginfo
tail loginfo
    # Notify cvs administrator of all commits:
    ALL mail -s 'YborStudent CVS Repository commit by $USER: %{psv}' cvs

cvs commit -m 'Automatically maintain current copy in my private website,
  and send email notice to cvs-admin-cop2805 (pollock@acm.org) after
  each commit' loginfo

cd ..
cvs release -d CVSROOT

# Setup procmail to process the cvs (forward to wpollock) email
# commit notices:
cat <<'EOF' >~/.procmailrc
   # Redirect CVS commit notices for cop2805 repo, update website:
   :0 c
   * ^Subject: YborStudent CVS Repository commit .*
   ! pollock@acm.org

   # Forward the mail that matched the last rule's condition (A flag):
   :0 A
   | /home/wpollock/bin/update-cvs-website
EOF

cat <<'EOF' >~/bin/update-cvs-website
#!/bin/bash
ssh wpollock@wpollock.com \
  'cd /home/wpollock.com/secure-html/cvs-repos; \
   CVS_RSH=ssh \
   cvs  -q -d :ext:wpollock@yborstudent.hccfl.edu/var/cvs-repos/cop2805 \
   update -d minigolf cvsproj'

echo 'check https://wpollock.com/cvs-repos/ ' | mail -s \
   "Updated cop2805 CVS repo website mirror, exit status: $?" \
   pollock@acm.org
EOF

chmod +x bin/update-cvs-website

# Add accounts for students, using official HCC user ID:
useradd -c "Gloria Giraldo (cop2805 CVS)" -m ggiraldo
gpasswd -a ggiraldo cvs
passwd ggiraldo
... # repeat for all COP-2805 students

# Setup website to hold snap-shot of module:
# (accessed with: https://wpollock.com, requires login)
ssh wpollock.com

vi .bash_profile  # export CVSROOT and CVSRSH

su - -c 'useradd -c "CVS User" -d /var/cvs-repos -M cvs -s /sbin/nologin'

cd ~wpollock/secure-html

mkdir cvs-repos
chgrp cvs cvs-repos
chmod g+s,a+rx cvs-repos
setfacl -m d:o::rX cvs-repos

vi index.htm  # Add link to cvs-repos directory

vi cvs-repos/index.php  # auto-lists files in all modules
chmod a+r cvs-repos/index.php   # should not need this, with ACL set!

# checkout initial version of project:
cd cvs-repos
CVS_RSH=ssh \
   cvs -q -d :ext:wpollock@yborstudent.hccfl.edu/var/cvs-repos/cop2805 \
     checkout cvsproj minigolf

# Adjust initial permissions if needed.

TODO: Configure security better, so only selected users (not all users
      listed in /etc/passwd!) have commit privileges to selected module(s).
      Also restrict access to CVSROOT module to admin users only.

#######################################
# Add network access to cvs "pserver" service (Note: This is not
# needed when students have system accounts, which is preferred):

echo 'cvs: ALL' >> /etc/hosts.allow 
        
cat <<'EOF' > /etc/xinetd.d/cvs
    # default: off
    # description: The CVS pserver allows pserver access to CVS repositories \
    #	from other systems.
    service cvspserver
    {
    disable        = no
    socket_type    = stream
    protocol       = tcp
    wait           = no
    user           = root
    passenv        = PATH
    server         = /usr/bin/cvs
    server_args    = -f --allow-root=/var/cvs-repos pserver
    }
EOF

chmod a+r /etc/xinetd.d/cvs
/etc/init.d/xinetd reload
#############################################