From 446507dd98d0111d4663261c8b82a89b82b37f98 Mon Sep 17 00:00:00 2001
From: Louis Abel <label@rockylinux.org>
Date: Sun, 22 Dec 2024 13:06:22 -0700
Subject: [PATCH] turn off gc, add memory override

---
 .../httpd.service.d/httpd-override.conf       |  2 ++
 tasks/main.yml                                | 20 +++++++++++--------
 templates/etc/kojira/kojira.conf.j2           |  7 ++++++-
 3 files changed, 20 insertions(+), 9 deletions(-)
 create mode 100644 files/etc/systemd/system/httpd.service.d/httpd-override.conf

diff --git a/files/etc/systemd/system/httpd.service.d/httpd-override.conf b/files/etc/systemd/system/httpd.service.d/httpd-override.conf
new file mode 100644
index 0000000..f1446ce
--- /dev/null
+++ b/files/etc/systemd/system/httpd.service.d/httpd-override.conf
@@ -0,0 +1,2 @@
+[Service]
+MemoryDenyWriteExecute=no
diff --git a/tasks/main.yml b/tasks/main.yml
index 4c91d64..4dc91ea 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -53,6 +53,16 @@
   notify:
     - restart_httpd
 
+- name: Create httpd memory override
+  ansible.builtin.copy:
+    src: "etc/systemd/system/httpd.service.d/httpd-override.conf"
+    dest: "/etc/systemd/system/httpd.service.d/httpd-override.conf"
+    owner: root
+    group: root
+    mode: '0644'
+  notify:
+    - restart_httpd
+
 - name: Configure robots.txt
   ansible.builtin.copy:
     src: "var/www/html/robots.txt"
@@ -63,14 +73,8 @@
   notify:
     - restart_httpd
 
-- name: Deploy custom theme for koji
-  ansible.builtin.unarchive:
-    src: "{{ koji_theme_file }}"
-    dest: /
-  when: koji_theme
-
-- name: Configure garbage collector
-  import_tasks: koji-gc.yml
+# - name: Configure garbage collector
+#   import_tasks: koji-gc.yml
 
 - name: User Sync from FAS
   import_tasks: user-sync.yml
diff --git a/templates/etc/kojira/kojira.conf.j2 b/templates/etc/kojira/kojira.conf.j2
index d1099c9..a16b323 100644
--- a/templates/etc/kojira/kojira.conf.j2
+++ b/templates/etc/kojira/kojira.conf.j2
@@ -3,6 +3,11 @@ server={{ koji_hub_url }}
 topdir={{ koji_mount }}
 logfile=/var/log/kojira.log
 ;with_src=no
+serverca = {{ koji_hub_ca }}
+;authtype = kerberos
 principal = {{ koji_kojira_principal }}
 keytab = {{ koji_kojira_keytab }}
-serverca = {{ koji_hub_ca }}
+ignore_tags = module-*-build
+debug = false
+check_external_repos = true
+dist_repo_lifetime = 7257600