9 files changed, 785 insertions, 0 deletions

diff --git a/_deploy/debian-server/apache2.conf b/_deploy/debian-server/apache2.conf
new file mode 100644
index 0000000..ae4b2c3
--- /dev/null
+++ b/_deploy/debian-server/apache2.conf
@@ -0,0 +1,227 @@
+# This is the main Apache server configuration file.  It contains the
+# configuration directives that give the server its instructions.
+# See http://httpd.apache.org/docs/2.4/ for detailed information about
+# the directives and /usr/share/doc/apache2/README.Debian about Debian specific
+# hints.
+#
+#
+# Summary of how the Apache 2 configuration works in Debian:
+# The Apache 2 web server configuration in Debian is quite different to
+# upstream's suggested way to configure the web server. This is because Debian's
+# default Apache2 installation attempts to make adding and removing modules,
+# virtual hosts, and extra configuration directives as flexible as possible, in
+# order to make automating the changes and administering the server as easy as
+# possible.
+
+# It is split into several files forming the configuration hierarchy outlined
+# below, all located in the /etc/apache2/ directory:
+#
+#	/etc/apache2/
+#	|-- apache2.conf
+#	|	`--  ports.conf
+#	|-- mods-enabled
+#	|	|-- *.load
+#	|	`-- *.conf
+#	|-- conf-enabled
+#	|	`-- *.conf
+# 	`-- sites-enabled
+#	 	`-- *.conf
+#
+#
+# * apache2.conf is the main configuration file (this file). It puts the pieces
+#   together by including all remaining configuration files when starting up the
+#   web server.
+#
+# * ports.conf is always included from the main configuration file. It is
+#   supposed to determine listening ports for incoming connections which can be
+#   customized anytime.
+#
+# * Configuration files in the mods-enabled/, conf-enabled/ and sites-enabled/
+#   directories contain particular configuration snippets which manage modules,
+#   global configuration fragments, or virtual host configurations,
+#   respectively.
+#
+#   They are activated by symlinking available configuration files from their
+#   respective *-available/ counterparts. These should be managed by using our
+#   helpers a2enmod/a2dismod, a2ensite/a2dissite and a2enconf/a2disconf. See
+#   their respective man pages for detailed information.
+#
+# * The binary is called apache2. Due to the use of environment variables, in
+#   the default configuration, apache2 needs to be started/stopped with
+#   /etc/init.d/apache2 or apache2ctl. Calling /usr/bin/apache2 directly will not
+#   work with the default configuration.
+
+
+# Global configuration
+#
+
+#
+# ServerRoot: The top of the directory tree under which the server's
+# configuration, error, and log files are kept.
+#
+# NOTE!  If you intend to place this on an NFS (or otherwise network)
+# mounted filesystem then please read the Mutex documentation (available
+# at <URL:http://httpd.apache.org/docs/2.4/mod/core.html#mutex>);
+# you will save yourself a lot of trouble.
+#
+# Do NOT add a slash at the end of the directory path.
+#
+#ServerRoot "/etc/apache2"
+
+#
+# The accept serialization lock file MUST BE STORED ON A LOCAL DISK.
+#
+#Mutex file:${APACHE_LOCK_DIR} default
+
+#
+# The directory where shm and other runtime files will be stored.
+#
+
+DefaultRuntimeDir ${APACHE_RUN_DIR}
+
+#
+# PidFile: The file in which the server should record its process
+# identification number when it starts.
+# This needs to be set in /etc/apache2/envvars
+#
+PidFile ${APACHE_PID_FILE}
+
+#
+# Timeout: The number of seconds before receives and sends time out.
+#
+Timeout 300
+
+#
+# KeepAlive: Whether or not to allow persistent connections (more than
+# one request per connection). Set to "Off" to deactivate.
+#
+KeepAlive On
+
+#
+# MaxKeepAliveRequests: The maximum number of requests to allow
+# during a persistent connection. Set to 0 to allow an unlimited amount.
+# We recommend you leave this number high, for maximum performance.
+#
+MaxKeepAliveRequests 100
+
+#
+# KeepAliveTimeout: Number of seconds to wait for the next request from the
+# same client on the same connection.
+#
+KeepAliveTimeout 5
+
+
+# These need to be set in /etc/apache2/envvars
+User ${APACHE_RUN_USER}
+Group ${APACHE_RUN_GROUP}
+
+#
+# HostnameLookups: Log the names of clients or just their IP addresses
+# e.g., www.apache.org (on) or 204.62.129.132 (off).
+# The default is off because it'd be overall better for the net if people
+# had to knowingly turn this feature on, since enabling it means that
+# each client request will result in AT LEAST one lookup request to the
+# nameserver.
+#
+HostnameLookups Off
+
+# ErrorLog: The location of the error log file.
+# If you do not specify an ErrorLog directive within a <VirtualHost>
+# container, error messages relating to that virtual host will be
+# logged here.  If you *do* define an error logfile for a <VirtualHost>
+# container, that host's errors will be logged there and not here.
+#
+ErrorLog ${APACHE_LOG_DIR}/error.log
+
+#
+# LogLevel: Control the severity of messages logged to the error_log.
+# Available values: trace8, ..., trace1, debug, info, notice, warn,
+# error, crit, alert, emerg.
+# It is also possible to configure the log level for particular modules, e.g.
+# "LogLevel info ssl:warn"
+#
+LogLevel warn
+
+# Include module configuration:
+IncludeOptional mods-enabled/*.load
+IncludeOptional mods-enabled/*.conf
+
+# Include list of ports to listen on
+Include ports.conf
+
+
+# Sets the default security model of the Apache2 HTTPD server. It does
+# not allow access to the root filesystem outside of /usr/share and /var/www.
+# The former is used by web applications packaged in Debian,
+# the latter may be used for local directories served by the web server. If
+# your system is serving content from a sub-directory in /srv you must allow
+# access here, or in any related virtual host.
+<Directory />
+	Options FollowSymLinks
+	AllowOverride None
+	Require all denied
+</Directory>
+
+<Directory /usr/share>
+	AllowOverride None
+	Require all granted
+</Directory>
+
+<Directory /var/www/>
+	Options Indexes FollowSymLinks
+	AllowOverride None
+	Require all granted
+</Directory>
+
+#<Directory /srv/>
+#	Options Indexes FollowSymLinks
+#	AllowOverride None
+#	Require all granted
+#</Directory>
+
+
+
+
+# AccessFileName: The name of the file to look for in each directory
+# for additional configuration directives.  See also the AllowOverride
+# directive.
+#
+AccessFileName .htaccess
+
+#
+# The following lines prevent .htaccess and .htpasswd files from being
+# viewed by Web clients.
+#
+<FilesMatch "^\.ht">
+	Require all denied
+</FilesMatch>
+
+
+#
+# The following directives define some format nicknames for use with
+# a CustomLog directive.
+#
+# These deviate from the Common Log Format definitions in that they use %O
+# (the actual bytes sent including headers) instead of %b (the size of the
+# requested file), because the latter makes it impossible to detect partial
+# requests.
+#
+# Note that the use of %{X-Forwarded-For}i instead of %h is not recommended.
+# Use mod_remoteip instead.
+#
+LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
+LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
+LogFormat "%h %l %u %t \"%r\" %>s %O" common
+LogFormat "%{Referer}i -> %U" referer
+LogFormat "%{User-agent}i" agent
+
+# Include of directories ignores editors' and dpkg's backup files,
+# see README.Debian for details.
+
+# Include generic snippets of statements
+IncludeOptional conf-enabled/*.conf
+
+# Include the virtual host configurations:
+IncludeOptional sites-enabled/*.conf
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
diff --git a/_deploy/debian-server/envvars b/_deploy/debian-server/envvars
new file mode 100644
index 0000000..d3e69a6
--- /dev/null
+++ b/_deploy/debian-server/envvars
@@ -0,0 +1,47 @@
+# envvars - default environment variables for apache2ctl
+
+# this won't be correct after changing uid
+unset HOME
+
+# for supporting multiple apache2 instances
+if [ "${APACHE_CONFDIR##/etc/apache2-}" != "${APACHE_CONFDIR}" ] ; then
+	SUFFIX="-${APACHE_CONFDIR##/etc/apache2-}"
+else
+	SUFFIX=
+fi
+
+# Since there is no sane way to get the parsed apache2 config in scripts, some
+# settings are defined via environment variables and then used in apache2ctl,
+# /etc/init.d/apache2, /etc/logrotate.d/apache2, etc.
+export APACHE_RUN_USER=expo
+export APACHE_RUN_GROUP=expo
+# temporary state file location. This might be changed to /run in Wheezy+1
+export APACHE_PID_FILE=/var/run/apache2$SUFFIX/apache2.pid
+export APACHE_RUN_DIR=/var/run/apache2$SUFFIX
+export APACHE_LOCK_DIR=/var/lock/apache2$SUFFIX
+# Only /var/log/apache2 is handled by /etc/logrotate.d/apache2.
+export APACHE_LOG_DIR=/var/log/apache2$SUFFIX
+
+## The locale used by some modules like mod_dav
+#export LANG=C
+## Uncomment the following line to use the system default locale instead:
+. /etc/default/locale
+
+export LANG
+
+## The command to get the status for 'apache2ctl status'.
+## Some packages providing 'www-browser' need '--dump' instead of '-dump'.
+#export APACHE_LYNX='www-browser -dump'
+
+## If you need a higher file descriptor limit, uncomment and adjust the
+## following line (default is 8192):
+#APACHE_ULIMIT_MAX_FILES='ulimit -n 65536'
+
+## If you would like to pass arguments to the web server, add them below
+## to the APACHE_ARGUMENTS environment.
+#export APACHE_ARGUMENTS=''
+
+## Enable the debug mode for maintainer scripts.
+## This will produce a verbose output on package installations of web server modules and web application
+## installations which interact with Apache
+#export APACHE2_MAINTSCRIPT_DEBUG=1
diff --git a/_deploy/debian-server/localsettingsserver-old.py b/_deploy/debian-server/localsettingsserver-old.py
new file mode 100644
index 0000000..72ab0f0
--- /dev/null
+++ b/_deploy/debian-server/localsettingsserver-old.py
@@ -0,0 +1,121 @@
+import os
+import sys
+import urllib.parse
+
+"""Settings for a troggle installation which may vary among different
+installations: for development or deployment, in a docker image or
+python virtual environment (venv), on ubuntu, debian or in Windows
+System for Linux (WSL), on the main server or in the potato hut,
+using SQLite or mariaDB.
+
+It sets the directory locations for the major parts of the system so
+that e.g. expofiles can be on a different filesystem.
+
+This file is included at the end of the main troggle/settings.py file so that
+it overwrites defaults in that file.
+"""
+
+print(" * importing troggle/localsettings.py")
+
+# DO NOT check this file into the git repo - it contains real passwords. [not this copy]
+SECRET_KEY = "zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz"
+EXPOUSERPASS = "nope"
+EXPOADMINUSERPASS = "nope"
+EMAIL_HOST_PASSWORD = "nope" 
+
+
+DATABASES = {
+    'default': { 
+        'ENGINE': 'django.db.backends.mysql', # 'postgresql_psycopg2', 'mysql', 'sqlite3' or 'oracle'.
+        'NAME' : 'troggle',                   # Or path to database file if using sqlite3.
+        'USER' : 'expo',                      # Not used with sqlite3.
+        'PASSWORD' : 'not a real password',       # Not used with sqlite3.
+        'HOST' : '',                          # Set to empty string for localhost. Not used with sqlite3.
+        'PORT' : '',                          # Set to empty string for default. Not used with sqlite3.
+    }
+}
+
+
+EXPOUSER = 'expo'
+EXPOUSERPASS = "nnn:gggggg"
+EXPOUSER_EMAIL = 'wookey@wookware.org'
+
+REPOS_ROOT_PATH = '/home/expo/'
+sys.path.append(REPOS_ROOT_PATH)
+sys.path.append(REPOS_ROOT_PATH + 'troggle')
+# Define the path to the django app (troggle in this case)
+PYTHON_PATH = REPOS_ROOT_PATH + 'troggle/'
+
+TEMPLATES = [
+    {
+        'BACKEND': 'django.template.backends.django.DjangoTemplates',
+        'DIRS': [
+            PYTHON_PATH + "templates"
+        ],
+        'OPTIONS': {
+            'debug': 'DEBUG',
+            'context_processors': [
+                'django.contrib.auth.context_processors.auth',
+                'core.context.troggle_context', 
+                'django.template.context_processors.debug',
+                'django.template.context_processors.i18n',
+                'django.template.context_processors.media',
+                'django.template.context_processors.static',
+                'django.template.context_processors.tz',
+                'django.contrib.messages.context_processors.messages',
+            ],
+            'loaders': [
+                'django.template.loaders.filesystem.Loader',
+                'django.template.loaders.app_directories.Loader',
+                # insert your TEMPLATE_LOADERS here
+           ]
+       },
+    },
+]
+
+PUBLIC_SITE = True
+
+# This should be False for normal running
+DEBUG = True
+
+SURVEX_DATA = REPOS_ROOT_PATH + 'loser/'
+DRAWINGS_DATA = REPOS_ROOT_PATH + 'drawings/'
+
+CAVERN = 'cavern'
+THREEDTOPOS = 'survexport'
+EXPOWEB = REPOS_ROOT_PATH + 'expoweb/'
+SURVEYS = REPOS_ROOT_PATH
+SURVEY_SCANS = REPOS_ROOT_PATH + 'expofiles/surveyscans/'
+FILES = REPOS_ROOT_PATH + 'expofiles'
+CAVEDESCRIPTIONS = os.path.join(EXPOWEB, "cave_data")
+ENTRANCEDESCRIPTIONS = os.path.join(EXPOWEB, "entrance_data")
+
+CACHEDIR = REPOS_ROOT_PATH + 'expowebcache/'
+THREEDCACHEDIR = CACHEDIR + '3d/'
+THUMBNAILCACHE = CACHEDIR + 'thumbs'
+
+PYTHON_PATH = REPOS_ROOT_PATH + 'troggle/'
+
+URL_ROOT = 'http://expo.survex.com/'
+DIR_ROOT = ''#this should end in / if a value is given
+EXPOWEB_URL = '/'
+SURVEYS_URL = '/survey_scans/'
+EXPOFILES   = urllib.parse.urljoin(REPOS_ROOT_PATH, 'expofiles/')
+PHOTOS_URL  = urllib.parse.urljoin(URL_ROOT, '/photos/')
+
+# MEDIA_URL is used by urls.py in a regex. See urls.py & core/views/surveys.py
+MEDIA_URL = '/site_media/'
+
+MEDIA_ROOT = REPOS_ROOT_PATH + '/troggle/media/'
+
+STATIC_URL = urllib.parse.urljoin(URL_ROOT , '/static/') # used by Django admin pages. Do not delete.
+JSLIB_URL  = urllib.parse.urljoin(URL_ROOT , '/javascript/') # always fails, try to revive it ?
+
+#TINY_MCE_MEDIA_ROOT = STATIC_ROOT + '/tiny_mce/' # not needed while TinyMCE not installed
+#TINY_MCE_MEDIA_URL = STATIC_URL + '/tiny_mce/' # not needed while TinyMCE not installed
+
+LOGFILE = '/var/log/troggle/troggle.log'
+IMPORTLOGFILE = '/var/log/troggle/import.log'
+
+# add in 290, 291, 358 when they don't make it crash horribly
+NOTABLECAVESHREFS = [ "264", "258", "204", "76", "107"]
diff --git a/_deploy/debian-server/localsettingsserver2023-01-secret.py b/_deploy/debian-server/localsettingsserver2023-01-secret.py
new file mode 100644
index 0000000..d99e61d
--- /dev/null
+++ b/_deploy/debian-server/localsettingsserver2023-01-secret.py
@@ -0,0 +1,164 @@
+import os
+import sys
+import urllib.parse
+from pathlib import Path
+
+"""Settings for a troggle installation which may vary among different
+installations: for development or deployment, in a docker image or
+python virtual environment (venv), on ubuntu, debian or in Windows
+System for Linux (WSL), on the main server or in the potato hut,
+using SQLite or mariaDB.
+
+It sets the directory locations for the major parts of the system so
+that e.g. expofiles can be on a different filesystem, or /javascript/ can be in
+a system-wide location rather than just a local directory.
+
+This file is included at the end of the main troggle/settings.py file so that
+it overwrites defaults in that file.
+
+Read https://realpython.com/python-pathlib/
+Read https://adamj.eu/tech/2020/03/16/use-pathlib-in-your-django-project/
+"""
+
+print(" * importing troggle/localsettings.py")
+
+# DO NOT check this file into the git repo - it contains real passwords.
+
+EXPOFILESREMOTE = False # if True, then re-routes urls in expofiles to remote sever
+#SECURE_SSL_REDIRECT = True # breaks 7 tests in test suite 301 not 200 (or 302) and runserver fails completely
+
+DATABASES = {
+    'default': { 
+        'ENGINE': 'django.db.backends.mysql', # 'postgresql_psycopg2', 'mysql', 'sqlite3' or 'oracle'.
+        'NAME' : 'troggle',                   # Or path to database file if using sqlite3.
+        'USER' : 'expo',                      # Not used with sqlite3.
+        'PASSWORD' : 'uFqP56B4XleeyIW',       # Not used with sqlite3.
+        'HOST' : '',                          # Set to empty string for localhost. Not used with sqlite3.
+        'PORT' : '',                          # Set to empty string for default. Not used with sqlite3.
+    }
+}
+
+
+EXPOUSER = 'expo'
+EXPOADMINUSER = 'expoadmin'
+EXPOUSER_EMAIL = 'wookey@wookware.org'
+EXPOADMINUSER_EMAIL = 'wookey@wookware.org'
+
+SECRET_KEY = "zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz"
+EXPOUSERPASS = "nope"
+EXPOADMINUSERPASS = "nope"
+EMAIL_HOST_PASSWORD = "nope" 
+
+REPOS_ROOT_PATH = '/home/expo/'
+sys.path.append(REPOS_ROOT_PATH)
+sys.path.append(REPOS_ROOT_PATH + 'troggle')
+# Define the path to the django app (troggle in this case)
+PYTHON_PATH = REPOS_ROOT_PATH + 'troggle/'
+PHOTOS_YEAR = "2022"
+TEMPLATES = [
+    {
+        'BACKEND': 'django.template.backends.django.DjangoTemplates',
+        'DIRS': [
+            PYTHON_PATH + "templates"
+        ],
+        'OPTIONS': {
+            'debug': 'DEBUG',
+            'context_processors': [ 
+                # django.template.context_processors.csrf, # is always enabled and cannot be removed, sets csrf_token
+                'django.contrib.auth.context_processors.auth', # knowledge of logged-on user & permissions
+                'core.context.troggle_context',    # in core/troggle.py
+                'django.template.context_processors.debug',
+                #'django.template.context_processors.request', # copy of current request, added in trying to make csrf work
+                'django.template.context_processors.i18n',
+                'django.template.context_processors.media',  # includes a variable MEDIA_URL
+                'django.template.context_processors.static', # includes a variable STATIC_URL
+                'django.template.context_processors.tz',
+                'django.contrib.messages.context_processors.messages',
+            ],
+            'loaders': [
+                'django.template.loaders.filesystem.Loader',
+                'django.template.loaders.app_directories.Loader', #For each app, inc admin,  in INSTALLED_APPS, loader looks for /templates 
+               # insert your own TEMPLATE_LOADERS here
+           ]
+       },
+    },
+]
+
+PUBLIC_SITE = True
+
+# This should be False for normal running
+DEBUG = True
+CACHEDPAGES = True  # experimental page cache for a handful of page types
+
+SURVEX_DATA = REPOS_ROOT_PATH + 'loser/'
+DRAWINGS_DATA = REPOS_ROOT_PATH + 'drawings/'
+
+# executables:
+CAVERN = 'cavern' # for parsing .svx files and producing .3d files
+SURVEXPORT = 'survexport' # for parsing .3d files and producing .pos files
+
+EXPOWEB = REPOS_ROOT_PATH + 'expoweb/'
+#SURVEYS = REPOS_ROOT_PATH
+SCANS_ROOT = REPOS_ROOT_PATH + 'expofiles/surveyscans/'
+FILES = REPOS_ROOT_PATH + 'expofiles'
+PHOTOS_ROOT = REPOS_ROOT_PATH + 'expofiles/photos/'
+
+TROGGLE_PATH = Path(__file__).parent
+TEMPLATE_PATH     = TROGGLE_PATH / 'templates'
+MEDIA_ROOT        = TROGGLE_PATH / 'media'
+JSLIB_ROOT        = TROGGLE_PATH / 'media' / 'jslib' # used for CaveViewer JS utility
+
+
+CAVEDESCRIPTIONS = os.path.join(EXPOWEB, "cave_data")
+ENTRANCEDESCRIPTIONS = os.path.join(EXPOWEB, "entrance_data")
+
+# CACHEDIR = REPOS_ROOT_PATH + 'expowebcache/'
+# THREEDCACHEDIR = CACHEDIR + '3d/'
+# THUMBNAILCACHE = CACHEDIR + 'thumbs'
+
+PYTHON_PATH = REPOS_ROOT_PATH + 'troggle/'
+PV = "python" + str(sys.version_info.major) + "." + str(sys.version_info.minor)
+LIBDIR  =  Path(REPOS_ROOT_PATH) / 'lib' / PV 
+
+#Note that all these *_URL constants are not actually used in urls.py, they should be..
+#URL_ROOT = 'http://expo.survex.com/'
+URL_ROOT = '/'
+DIR_ROOT = ''#this should end in / if a value is given
+EXPOWEB_URL = '/'
+SCANS_URL = '/survey_scans/'
+EXPOFILES   = urllib.parse.urljoin(REPOS_ROOT_PATH, 'expofiles/')
+PHOTOS_URL  = urllib.parse.urljoin(URL_ROOT, '/photos/')
+
+# MEDIA_URL is used by urls.py in a regex. See urls.py & core/views_surveys.py
+MEDIA_URL = '/site_media/'
+
+
+STATIC_URL = urllib.parse.urljoin(URL_ROOT , '/static/') # used by Django admin pages. Do not delete.
+JSLIB_URL  = urllib.parse.urljoin(URL_ROOT , '/javascript/') # always fails, try to revive it ?
+
+#TINY_MCE_MEDIA_ROOT = STATIC_ROOT + '/tiny_mce/' # not needed while TinyMCE not installed
+#TINY_MCE_MEDIA_URL = STATIC_URL + '/tiny_mce/' # not needed while TinyMCE not installed
+
+LOGFILE = '/var/log/troggle/troggle.log'
+IMPORTLOGFILE = '/var/log/troggle/import.log'
+
+# add in 358 when they don't make it crash horribly
+NOTABLECAVESHREFS = [ "290", "291", "359", "264", "258", "204", "76", "107"]
+
+# Sanitise these to be strings as all other code is expecting strings
+# and we have not made the change to pathlib Path type in the other localsettings-* variants yet.
+CAVEDESCRIPTIONS = os.fspath(CAVEDESCRIPTIONS)
+ENTRANCEDESCRIPTIONS = os.fspath(ENTRANCEDESCRIPTIONS)
+LOGFILE = os.fspath(LOGFILE)
+#SURVEYS = os.fspath(SURVEYS)
+EXPOWEB = os.fspath(EXPOWEB)
+DRAWINGS_DATA     = os.fspath(DRAWINGS_DATA)
+SURVEX_DATA     = os.fspath(SURVEX_DATA)
+REPOS_ROOT_PATH = os.fspath(REPOS_ROOT_PATH)
+TEMPLATE_PATH   = os.fspath(TROGGLE_PATH)
+MEDIA_ROOT      = os.fspath(MEDIA_ROOT)
+JSLIB_ROOT      = os.fspath(JSLIB_ROOT)
+SCANS_ROOT    = os.fspath(SCANS_ROOT)
+LIBDIR    = os.fspath(LIBDIR)
+
+print(" + finished importing troggle/localsettings.py")
\ No newline at end of file
diff --git a/_deploy/debian-server/requirements-server.txt b/_deploy/debian-server/requirements-server.txt
new file mode 100644
index 0000000..1a5abb1
--- /dev/null
+++ b/_deploy/debian-server/requirements-server.txt
@@ -0,0 +1,23 @@
+#This requirements txt matches the libaries as of 2023-07-09 on expo.survex.com <Debian GNU/Linux 11 (bullseye)>
+
+#Nb on the server asgiref==3.3.0, however this conflicts with the Django==3.2.12 requirement
+asgiref==3.3.2
+Django==3.2.12
+docutils==0.16
+packaging==20.9
+Pillow==8.1.2
+pytz==2021.1
+sqlparse==0.4.1
+Unidecode==1.2.0
+beautifulsoup4==4.9.3
+piexif==1.1.3
+
+#Not installed on expo.survex.com
+#black==23.3
+#click==8.1.3
+#coverage==7.2
+#isort==5.12.0
+#mypy-extensions==1.0.0
+#pathspec==0.11
+#platformdirs==3.8
+#ruff==0.0.245
diff --git a/_deploy/debian-server/serversetup b/_deploy/debian-server/serversetup
new file mode 100644
index 0000000..1c54546
--- /dev/null
+++ b/_deploy/debian-server/serversetup
@@ -0,0 +1,93 @@
+Instructions for setting up new expo debian server/VM
+For Debian Stretch, June 2019.
+
+[Note added March 2021:
+See also http://expo.survex.com/handbook/troggle/serverconfig.html
+and troggle/README.txt
+]
+
+adduser expo
+apt install openssh-server mosh tmux mc zile emacs-nox mc most ncdu
+apt install python-django apache2 mysql-server survex make rsync 
+apt install libjs-openlayers make 
+apt install git mercurial mercurial-server?
+
+for boe:
+apt install libcgi-session-perl libcrypt-passwdmd5-perl libfile-slurp-perl libgit-wrapper-perl libhtml-template-perl libhtml-template-pro-perl libmime-lite-perl libtext-password-pronounceable-perl libtime-parsedate-perl libuuid-tiny-perl libcrypt-cracklib-perl
+
+obsolete-packages:
+ bins (move to jigl?) (for photos)
+ python-django 1.7
+backports: survex therion
+not-packaged: caveview
+
+make these dirs available at top documentroot:
+cuccfiles
+expofiles
+loser  (link to repo)
+tunneldata (link to repo)
+troggle (link to repo)
+expoweb (link to repo)
+boc/boe
+
+
+config
+containing:
+
+setup apache configs for cucc and expo
+#disable default website
+a2dissite 000-default
+a2ensite cucc
+a2ensite expo
+a2enmod cgid
+
+
+Boe config:
+Alias /boe /home/expo/boe/boc/boc.pl
+<Directory /home/expo/boe/boc>
+        AddHandler cgi-script .pl
+        SetHandler cgi-script
+        Options +ExecCGI
+        Require all granted
+</Directory>
+And remember to set both program and data dir to be
+www-data:www-data
+(optionally make file group read/write by treasurer account)
+create empty repo by clicking create in boe interface
+then set names in 'settings'
+
+Set up mysql (as root)
+mysql -p
+CREATE DATABASE troggle;
+GRANT ALL PRIVILEGES ON troggle.* TO 'expo'@'localhost' IDENTIFIED BY 'somepassword';  
+
+install django:
+NO!
+This was:sudo apt install python-django python-django-registration python-django-imagekit python-django-tinymce fonts-freefont-ttf libapache2-mod-wsgi
+Should be ?
+sudo apt install python-django  python-django-tinymce fonts-freefont-ttf libapache2-mod-wsgi
+
+CHeck if this is correct:
+python-django-tinymce comes from https://salsa.debian.org/python-team/modules/python-django-tinymce
+(both modified for stretch/python2). packages under /home/wookey/packages/
+
+need fonts-freefont-ttf (to have truetype freesans available for troggle via PIL)
+need libapache2-mod-wsgi for apache wsgi support.
+
+On stretch the django 1.10 is no use so get rid of that:
+apt remove python3-django python-django python-django-common python-django-doc
+
+Then replace with django 1.7 (Needs to be built for stretch)
+apt install python-django python-django-common python-django-doc
+apt install python-django-registration python-django-imagekit python-django-tinymce
+
+then hold them to stop them being upgraded by unattended upgrades:
+echo "python-django hold" | sudo dpkg --set-selections
+echo "python-django-common hold" | sudo dpkg --set-selections
+echo "python-django-doc hold" | sudo dpkg --set-selections
+
+#troggle has to have a writable logfile otherwise the website explodes
+# 500 error on the server, and apache error log has non-rentrant errors
+create /var/log/troggle/troggle.log
+chown www-data:adm  /var/log/troggle/troggle.log
+chmod 660 /var/log/troggle/troggle.log
diff --git a/_deploy/debian-server/sitecustomize.py b/_deploy/debian-server/sitecustomize.py
new file mode 100644
index 0000000..89c6712
--- /dev/null
+++ b/_deploy/debian-server/sitecustomize.py
@@ -0,0 +1,7 @@
+# install the apport exception handler if available
+try:
+    import apport_python_hook
+except ImportError:
+    pass
+else:
+    apport_python_hook.install()
diff --git a/_deploy/debian-server/this-is-the-live-expo.survex.com-system.txt b/_deploy/debian-server/this-is-the-live-expo.survex.com-system.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/_deploy/debian-server/this-is-the-live-expo.survex.com-system.txt
diff --git a/_deploy/debian-server/wookey-exposerver-recipe.txt b/_deploy/debian-server/wookey-exposerver-recipe.txt
new file mode 100644
index 0000000..6bcdc57
--- /dev/null
+++ b/_deploy/debian-server/wookey-exposerver-recipe.txt
@@ -0,0 +1,103 @@
+adduser expo
+apt install openssh-server mosh tmux mc zile emacs-nox mc most ncdu
+apt install python-django apache2 mysql-server survex make rsync 
+apt install libjs-openlayers make 
+apt install git mercurial mercurial-server?
+
+for boe:
+apt install libcgi-session-perl libcrypt-passwdmd5-perl libfile-slurp-perl libgit-wrapper-perl libhtml-template-perl libhtml-template-pro-perl libmime-lite-perl libtext-password-pronounceable-perl libtime-parsedate-perl libuuid-tiny-perl libcrypt-cracklib-perl
+
+apt install ufraw for PEF image decoding.
+sudo apt install python-django python-django-registration e fonts-freefont-ttf libapache2-mod-wsgi python3-gdbm
+# sudo apt install python-django-imagekit python-django-tinymc
+
+obsolete-packages: bins (move to jigl?)
+  older python-django?
+backports: survex therion
+not-packaged: caveview
+
+
+make these dirs available at top documentroot:
+cuccfiles
+expofiles
+loser
+tunneldata
+troggle
+expoweb
+boc/boe
+
+config
+containing:
+
+setup apache configs for cucc and expo
+#disable default website
+a2dissite 000-default
+a2ensite cucc
+a2ensite expo
+a2enmod cgid
+
+
+Boe config:
+Alias /boe /home/expo/boe/boc/boc.pl
+<Directory /home/expo/boe/boc>
+        AddHandler cgi-script .pl
+        SetHandler cgi-script
+        Options +ExecCGI
+        Require all granted
+</Directory>
+And remember to set both program and data dir to be
+www-data:www-data
+(optionally make file group read/write by treasurer account)
+create empty repo by clicking create in boe interface
+then set names in 'settings'
+
+Set up mysql (as root)
+mysql -p
+CREATE DATABASE troggle;
+GRANT ALL PRIVILEGES ON troggle.* TO 'expo'@'localhost' IDENTIFIED BY 'somepassword';  
+Ctrl-D to exit
+
+somepassword is set in localsettings.py
+sudo service mariadb stop
+sudo service mariadb start
+
+to delete the database, it is 
+DROP DATABASE troggle;
+
+install django:
+sudo apt install python-django python-django-registration python-django-imagekit python-django-tinymce fonts-freefont-ttf libapache2-mod-wsgi
+
+python-django-imagekit comes from https://salsa.debian.org/python-team/modules/python-django-imagekit
+python-django-tinymce comes from https://salsa.debian.org/python-team/modules/python-django-tinymce
+
+need fonts-freefont-ttf (to have truetype freesans available for troggle via PIL)
+need libapache2-mod-wsgi for apache wsgi support.
+
+On stretch the django 1.10 is no use so get rid of that:
+apt remove python3-django python-django python-django-common python-django-doc
+
+Then replace with django 1.7 (Needs to be built for stretch)
+apt install python-django python-django-common python-django-doc
+apt install python-django-registration python-django-imagekit python-django-tinymce
+
+then hold them to stop them being upgraded by unattended upgrades:
+echo "python-django hold" | sudo dpkg --set-selections
+echo "python-django-common hold" | sudo dpkg --set-selections
+echo "python-django-doc hold" | sudo dpkg --set-selections
+
+Optimizing server
+I've tweaked the apache and mysql settings to make them a bit more suitable for a small machine. Seems to have shaved 200MB or so off the idling footprint.
+https://www.narga.net/optimizing-apachephpmysql-low-memory-server/
+
+(just discovered 'ab' for running apache performance tests - handy).
+
+Do the edit to site-packages/django/db/backends/base.py 
+to comment out the requirement for mysqlclient >1.3.13 
+as we run perfectly happily with Django 2.2.19 & mysqlite 1.3.10
+:
+
+version = Database.version_info
+#test nobbled by Wookey 2021-04-08 as 1.3.13 is not available on stable
+#if version < (1, 3, 13):
+#    raise ImproperlyConfigured('mysqlclient 1.3.13 or newer is required; you have %s.' % Database.__version__)
+