--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mercurial/aws-s3-backup/files/mercurial-s3-backup.sh	Mon Jun 29 18:38:49 2020 -0500
@@ -0,0 +1,10 @@
+#!/bin/bash
+
+BUCKET=$1
+DATE=`date --iso-8601`
+BACKUP_DIR=$2
+BACKUP_TAR="/tmp/$BUCKET-$DATE.tgz"
+
+tar -zc -f $BACKUP_TAR $BACKUP_DIR
+aws s3 mb "s3://$BUCKET/"
+aws s3 cp $BACKUP_TAR "s3://$BUCKET/"

--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mercurial/aws-s3-backup/handlers/main.yaml	Mon Jun 29 18:38:49 2020 -0500
@@ -0,0 +1,5 @@
+---
+
+- name: reload s3 backup service
+  systemd: name="mercurial-s3-backup@{{mercurial_s3_backup_bucket}}.service" enabled="yes" daemon_reload="yes"
+  become: yes

--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mercurial/aws-s3-backup/tasks/main.yaml	Mon Jun 29 18:38:49 2020 -0500
@@ -0,0 +1,19 @@
+---
+
+- name: create mercurial s3 backup shell script
+  become: yes
+  copy:
+    src: "mercurial-s3-backup.sh"
+    dest: "/usr/local/bin/mercurial-s3-backup.sh"
+    mode: "0755"
+
+- name: configure mercurial s3 backup systemd service
+  become: yes
+  template:
+    src: "[email protected]"
+    dest: "/lib/systemd/system/mercurial-s3-backup@{{mercurial_s3_backup_bucket}}.service"
+  notify: reload s3 backup service
+
+- name: ensure mercurial s3 backup service is started
+  become: yes
+  systemd: name="mercurial-s3-backup@{{mercurial_s3_backup_bucket}}.service" enabled="yes"

--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mercurial/aws-s3-backup/templates/[email protected]	Mon Jun 29 18:38:49 2020 -0500
@@ -0,0 +1,9 @@
+[Unit]
+Description=Mercurial s3 backup for "%I"
+
+[Service]
+Type=oneshot
+ExecStart=/usr/local/bin/mercurial-s3-backup.sh %i "{{mercurial_s3_backup_dir}}"
+
+[Install]
+WantedBy=aws-s3-backup.target

--- a/mercurial/files/mercurial-s3-backup.sh	Sun Jun 28 20:56:56 2020 -0500
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,10 +0,0 @@
-#!/bin/bash
-
-BUCKET=$1
-DATE=`date --iso-8601`
-BACKUP_DIR=$2
-BACKUP_TAR="/tmp/$BUCKET-$DATE.tgz"
-
-tar -zc -f $BACKUP_TAR $BACKUP_DIR
-aws s3 mb "s3://$BUCKET/"
-aws s3 cp $BACKUP_TAR "s3://$BUCKET/"

--- a/mercurial/handlers/main.yaml	Sun Jun 28 20:56:56 2020 -0500
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,5 +0,0 @@
----
-
-- name: reload s3 backup service
-  systemd: name="mercurial-s3-backup@{{mercurial_s3_backup_bucket}}.service" enabled="yes" daemon_reload="yes"
-  become: yes

--- a/mercurial/tasks/main.yaml	Sun Jun 28 20:56:56 2020 -0500
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,23 +0,0 @@
----
-
-- name: install mercurial
-  become: yes
-  apt: name="mercurial"
-
-- name: create mercurial s3 backup shell script
-  become: yes
-  copy:
-    src: "mercurial-s3-backup.sh"
-    dest: "/usr/local/bin/mercurial-s3-backup.sh"
-    mode: "0755"
-
-- name: configure mercurial s3 backup systemd service
-  become: yes
-  template:
-    src: "[email protected]"
-    dest: "/lib/systemd/system/mercurial-s3-backup@{{mercurial_s3_backup_bucket}}.service"
-  notify: reload s3 backup service
-
-- name: ensure mercurial s3 backup service is started
-  become: yes
-  systemd: name="mercurial-s3-backup@{{mercurial_s3_backup_bucket}}.service" enabled="yes"

--- a/mercurial/templates/[email protected]	Sun Jun 28 20:56:56 2020 -0500
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,9 +0,0 @@
-[Unit]
-Description=Mercurial s3 backup for "%I"
-
-[Service]
-Type=oneshot
-ExecStart=/usr/local/bin/mercurial-s3-backup.sh %i "{{mercurial_s3_backup_dir}}"
-
-[Install]
-WantedBy=aws-s3-backup.target

--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mercurial/web/handlers/main.yaml	Mon Jun 29 18:38:49 2020 -0500
@@ -0,0 +1,5 @@
+---
+
+- name: restart uwsgi
+  systemd: name="uwsgi.service" enabled="yes" daemon_reload="yes" state="restarted"
+  become: yes

--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mercurial/web/tasks/main.yaml	Mon Jun 29 18:38:49 2020 -0500
@@ -0,0 +1,38 @@
+---
+
+- name: pip install mercurial
+  become: yes
+  pip: name="mercurial" executable="pip3"
+
+- name: apt install uwsgi
+  become: yes
+  apt: name="{{item}}"
+  loop:
+    - "uwsgi"
+    - "uwsgi-plugin-python3"
+  notify: restart uwsgi
+
+- name: configure hgweb
+  become: yes
+  template: src="{{item}}.j2" dest="{{mercurial_uwsgi_root}}/{{item}}"
+  loop:
+    - "hgweb.config"
+    - "hgweb.wsgi"
+  notify: restart uwsgi
+
+- name: install uwsgi site
+  become: yes
+  template: src="hgweb.ini.j2" dest="/etc/uwsgi/apps-available/hgweb.ini"
+  notify: restart uwsgi
+
+- name: enable uwsgi site
+  become: yes
+  file:
+    src:  "/etc/uwsgi/apps-available/hgweb.ini"
+    dest: "/etc/uwsgi/apps-enabled/hgweb.ini"
+    state: "link"
+  notify: restart uwsgi
+
+- name: ensure uwsgi service is started
+  become: yes
+  systemd: name="uwsgi.service" enabled="yes"

--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mercurial/web/templates/hgweb.config.j2	Mon Jun 29 18:38:49 2020 -0500
@@ -0,0 +1,6 @@
+[paths]
+/ = {{mercurial_uwsgi_repos}}
+
+[web]
+deny_push = *
+allow_archive = gz bz2 zip

--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mercurial/web/templates/hgweb.ini.j2	Mon Jun 29 18:38:49 2020 -0500
@@ -0,0 +1,8 @@
+[uwsgi]
+processes = 2
+socket = unix:/run/uwsgi/app/hgweb/socket
+chdir = {{mercurial_uwsgi_root}}
+wsgi-file = hgweb.wsgi
+uid = www-data
+gid = www-data
+plugins = python3

--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mercurial/web/templates/hgweb.nginx.conf.j2	Mon Jun 29 18:38:49 2020 -0500
@@ -0,0 +1,33 @@
+server {
+    listen 80;
+    listen [::]:80;
+    server_name {{nginx_server_name}};
+    return 301 https://$host$request_uri;
+}
+
+server {
+    listen 443 ssl http2;
+#    listen [::]:443 ssl ipv6only=on;
+    server_name {{nginx_server_name}};
+
+    ssl_certificate {{nginx_ssl_cert}};
+    ssl_certificate_key {{nginx_ssl_privkey}};
+    include /etc/letsencrypt/options-ssl-nginx.conf;
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
+
+    ssl_ecdh_curve X25519:prime256v1:secp384r1:secp521r1;
+    ssl_stapling on;
+    ssl_stapling_verify on;
+
+    location / {
+        include     uwsgi_params;
+        uwsgi_param REMOTE_PORT     $remote_port;
+        uwsgi_param SERVER_PORT     $server_port;
+        uwsgi_param SERVER_PROTOCOL $server_protocol;
+        uwsgi_param UWSGI_SCHEME    $scheme;
+        uwsgi_param SCRIPT_NAME     /;
+        uwsgi_param AUTH_USER       $remote_user;
+        uwsgi_param REMOTE_USER     $remote_user;
+        uwsgi_pass  unix:/run/uwsgi/app/hgweb/socket;
+    }
+}

--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/mercurial/web/templates/hgweb.wsgi.j2	Mon Jun 29 18:38:49 2020 -0500
@@ -0,0 +1,18 @@
+# An example WSGI for use with mod_wsgi, edit as necessary
+# See https://mercurial-scm.org/wiki/modwsgi for more information
+
+# Path to repo or hgweb config to serve (see 'hg help hgweb')
+config = "{{mercurial_uwsgi_root}}/hgweb.config"
+
+# Uncomment and adjust if Mercurial is not installed system-wide
+# (consult "installed modules" path from 'hg debuginstall'):
+#import sys; sys.path.insert(0, "/path/to/python/lib")
+
+# Uncomment to send python tracebacks to the browser if an error occurs:
+import cgitb; cgitb.enable()
+
+# enable demandloading to reduce startup time
+from mercurial import demandimport; demandimport.enable()
+
+from mercurial.hgweb import hgweb
+application = hgweb(config.encode())