diff options
| -rw-r--r-- | files/web/gitweb.conf | 64 | ||||
| -rw-r--r-- | files/web/lighttpd.conf | 333 | ||||
| -rw-r--r-- | files/xinetd.d/git | 16 | ||||
| -rw-r--r-- | files/xinetd.d/git.disabled | 16 | ||||
| -rw-r--r-- | files/xinetd.d/git.vhosts | 16 | ||||
| -rw-r--r-- | manifests/clone.pp | 85 | ||||
| -rw-r--r-- | manifests/web.pp | 6 | ||||
| -rw-r--r-- | manifests/web/lighttpd.pp | 21 | ||||
| -rw-r--r-- | manifests/web/repo.pp | 7 | ||||
| -rw-r--r-- | manifests/web/repo/lighttpd.pp | 36 | ||||
| -rw-r--r-- | templates/web/lighttpd | 10 |
11 files changed, 176 insertions, 434 deletions
diff --git a/files/web/gitweb.conf b/files/web/gitweb.conf index ffd5762..88226aa 100644 --- a/files/web/gitweb.conf +++ b/files/web/gitweb.conf @@ -1,23 +1,53 @@ -# path to git projects (<project>.git) -# $projectroot = "/var/cache/git"; +# The gitweb config file is a fragment of perl code. You can set variables +# using "our $variable = value"; text from "#" character until the end of a +# line is ignored. See perlsyn(1) man page for details. +# +# See /usr/share/doc/gitweb-*/README and /usr/share/doc/gitweb-*/INSTALL for +# more details and available configuration variables. -# directory to use for temp files -$git_temp = "/tmp"; +# Set the path to git projects. This is an absolute filesystem path which will +# be prepended to the project path. +#our $projectroot = "/var/lib/git"; -# target of the home link on top of all pages -#$home_link = $my_uri || "/"; +# Set the list of git base URLs used for URL to where fetch project from, i.e. +# the full URL is "$git_base_url/$project". By default this is empty +#our @git_base_url_list = qw(git://git.example.com +# ssh://git.example.com/var/lib/git); -# html text to include at home page -$home_text = "indextext.html"; +# Enable the 'blame' blob view, showing the last commit that modified +# each line in the file. This can be very CPU-intensive. Disabled by default +#$feature{'blame'}{'default'} = [1]; +# +# Allow projects to override the default setting via git config file. +# Example: gitweb.blame = 0|1; +#$feature{'blame'}{'override'} = 1; -# file with project list; by default, simply scan the projectroot dir. -$projects_list = $projectroot; +# Disable the 'snapshot' link, providing a compressed archive of any tree. This +# can potentially generate high traffic if you have large project. Enabled for +# .tar.gz snapshots by default. +# +# Value is a list of formats defined in %known_snapshot_formats that you wish +# to offer. +#$feature{'snapshot'}{'default'} = []; +# +# Allow projects to override the default setting via git config file. +# Example: gitweb.snapshot = tbz2,zip; (use "none" to disable) +#$feature{'snapshot'}{'override'} = 1; -# stylesheet to use -$stylesheet = "/gitweb.css"; +# Disable grep search, which will list the files in currently selected tree +# containing the given string. This can be potentially CPU-intensive, of +# course. Enabled by default. +#$feature{'grep'}{'default'} = [0]; +# +# Allow projects to override the default setting via git config file. +# Example: gitweb.grep = 0|1; +#$feature{'grep'}{'override'} = 1; -# logo to use -$logo = "/git-logo.png"; - -# the 'favicon' -$favicon = "/git-favicon.png"; +# Disable the pickaxe search, which will list the commits that modified a given +# string in a file. This can be practical and quite faster alternative to +# 'blame', but still potentially CPU-intensive. Enabled by default. +#$feature{'pickaxe'}{'default'} = [0]; +# +# Allow projects to override the default setting via git config file. +# Example: gitweb.pickaxe = 0|1; +#$feature{'pickaxe'}{'override'} = 1; diff --git a/files/web/lighttpd.conf b/files/web/lighttpd.conf deleted file mode 100644 index 2315562..0000000 --- a/files/web/lighttpd.conf +++ /dev/null @@ -1,333 +0,0 @@ -# lighttpd configuration file -# -# use it as a base for lighttpd 1.0.0 and above -# -# $Id: lighttpd.conf,v 1.7 2004/11/03 22:26:05 weigon Exp $ - -############ Options you really have to take care of #################### - -## modules to load -# at least mod_access and mod_accesslog should be loaded -# all other module should only be loaded if really neccesary -# - saves some time -# - saves memory -server.modules = ( - "mod_rewrite", - "mod_redirect", - "mod_alias", - "mod_access", -# "mod_cml", -# "mod_trigger_b4_dl", -# "mod_auth", -# "mod_status", - "mod_setenv", -# "mod_fastcgi", -# "mod_proxy", -# "mod_simple_vhost", -# "mod_evhost", -# "mod_userdir", - "mod_cgi", -# "mod_compress", -# "mod_ssi", -# "mod_usertrack", -# "mod_expire", -# "mod_secdownload", -# "mod_rrdtool", - "mod_accesslog" ) - -## a static document-root, for virtual-hosting take look at the -## server.virtual-* options -server.document-root = "/var/www/lighttpd/" - -## where to send error-messages to -server.errorlog = "/var/log/lighttpd/error.log" - -# files to check for if .../ is requested -index-file.names = ( "index.php", "index.html", - "index.htm", "default.htm" ) - -## set the event-handler (read the performance section in the manual) -# server.event-handler = "freebsd-kqueue" # needed on OS X - -# mimetype mapping -mimetype.assign = ( - ".rpm" => "application/x-rpm", - ".pdf" => "application/pdf", - ".sig" => "application/pgp-signature", - ".spl" => "application/futuresplash", - ".class" => "application/octet-stream", - ".ps" => "application/postscript", - ".torrent" => "application/x-bittorrent", - ".dvi" => "application/x-dvi", - ".gz" => "application/x-gzip", - ".pac" => "application/x-ns-proxy-autoconfig", - ".swf" => "application/x-shockwave-flash", - ".tar.gz" => "application/x-tgz", - ".tgz" => "application/x-tgz", - ".tar" => "application/x-tar", - ".zip" => "application/zip", - ".mp3" => "audio/mpeg", - ".m3u" => "audio/x-mpegurl", - ".wma" => "audio/x-ms-wma", - ".wax" => "audio/x-ms-wax", - ".ogg" => "application/ogg", - ".wav" => "audio/x-wav", - ".gif" => "image/gif", - ".jar" => "application/x-java-archive", - ".jpg" => "image/jpeg", - ".jpeg" => "image/jpeg", - ".png" => "image/png", - ".xbm" => "image/x-xbitmap", - ".xpm" => "image/x-xpixmap", - ".xwd" => "image/x-xwindowdump", - ".css" => "text/css", - ".html" => "text/html", - ".htm" => "text/html", - ".js" => "text/javascript", - ".asc" => "text/plain", - ".c" => "text/plain", - ".cpp" => "text/plain", - ".log" => "text/plain", - ".conf" => "text/plain", - ".text" => "text/plain", - ".txt" => "text/plain", - ".dtd" => "text/xml", - ".xml" => "text/xml", - ".mpeg" => "video/mpeg", - ".mpg" => "video/mpeg", - ".mov" => "video/quicktime", - ".qt" => "video/quicktime", - ".avi" => "video/x-msvideo", - ".asf" => "video/x-ms-asf", - ".asx" => "video/x-ms-asf", - ".wmv" => "video/x-ms-wmv", - ".bz2" => "application/x-bzip", - ".tbz" => "application/x-bzip-compressed-tar", - ".tar.bz2" => "application/x-bzip-compressed-tar", - # default mime type - "" => "application/octet-stream", - ) - -# Use the "Content-Type" extended attribute to obtain mime type if possible -#mimetype.use-xattr = "enable" - - -## send a different Server: header -## be nice and keep it at lighttpd -# server.tag = "lighttpd" - -#### accesslog module -accesslog.filename = "/var/log/lighttpd/access.log" - -## deny access the file-extensions -# -# ~ is for backupfiles from vi, emacs, joe, ... -# .inc is often used for code includes which should in general not be part -# of the document-root -url.access-deny = ( "~", ".inc" ) - -$HTTP["url"] =~ "\.pdf$" { - server.range-requests = "disable" -} - -## -# which extensions should not be handle via static-file transfer -# -# .php, .pl, .fcgi are most often handled by mod_fastcgi or mod_cgi -static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" ) - -######### Options that are good to be but not neccesary to be changed ####### - -## bind to port (default: 80) -#server.port = 81 - -## bind to localhost (default: all interfaces) -#server.bind = "127.0.0.1" - -## error-handler for status 404 -#server.error-handler-404 = "/error-handler.html" -#server.error-handler-404 = "/error-handler.php" - -## to help the rc.scripts -server.pid-file = "/var/run/lighttpd.pid" - - -###### virtual hosts -## -## If you want name-based virtual hosting add the next three settings and load -## mod_simple_vhost -## -## document-root = -## virtual-server-root + virtual-server-default-host + virtual-server-docroot -## or -## virtual-server-root + http-host + virtual-server-docroot -## -#simple-vhost.server-root = "/srv/www/vhosts/" -#simple-vhost.default-host = "www.example.org" -#simple-vhost.document-root = "/htdocs/" - - -## -## Format: <errorfile-prefix><status-code>.html -## -> ..../status-404.html for 'File not found' -#server.errorfile-prefix = "/usr/share/lighttpd/errors/status-" -#server.errorfile-prefix = "/srv/www/errors/status-" - -## virtual directory listings -#dir-listing.activate = "enable" -## select encoding for directory listings -#dir-listing.encoding = "utf-8" - -## enable debugging -#debug.log-request-header = "enable" -#debug.log-response-header = "enable" -#debug.log-request-handling = "enable" -#debug.log-file-not-found = "enable" - -### only root can use these options -# -# chroot() to directory (default: no chroot() ) -#server.chroot = "/" - -## change uid to <uid> (default: don't care) -server.username = "lighttpd" - -## change uid to <uid> (default: don't care) -server.groupname = "lighttpd" - -#### compress module -#compress.cache-dir = "/var/cache/lighttpd/compress/" -#compress.filetype = ("text/plain", "text/html") - -#### proxy module -## read proxy.txt for more info -#proxy.server = ( ".php" => -# ( "localhost" => -# ( -# "host" => "192.168.0.101", -# "port" => 80 -# ) -# ) -# ) - -#### fastcgi module -## read fastcgi.txt for more info -## for PHP don't forget to set cgi.fix_pathinfo = 1 in the php.ini -#fastcgi.server = ( ".php" => -# ( "localhost" => -# ( -# "socket" => "/var/run/lighttpd/php-fastcgi.socket", -# "bin-path" => "/usr/bin/php-cgi" -# ) -# ) -# ) - -#### CGI module -#cgi.assign = ( ".pl" => "/usr/bin/perl", -# ".cgi" => "/usr/bin/perl" ) -# - -#### SSL engine -#ssl.engine = "enable" -#ssl.pemfile = "/etc/ssl/private/lighttpd.pem" - -#### status module -#status.status-url = "/server-status" -#status.config-url = "/server-config" - -#### auth module -## read authentication.txt for more info -#auth.backend = "plain" -#auth.backend.plain.userfile = "lighttpd.user" -#auth.backend.plain.groupfile = "lighttpd.group" - -#auth.backend.ldap.hostname = "localhost" -#auth.backend.ldap.base-dn = "dc=my-domain,dc=com" -#auth.backend.ldap.filter = "(uid=$)" - -#auth.require = ( "/server-status" => -# ( -# "method" => "digest", -# "realm" => "download archiv", -# "require" => "user=jan" -# ), -# "/server-config" => -# ( -# "method" => "digest", -# "realm" => "download archiv", -# "require" => "valid-user" -# ) -# ) - -#### url handling modules (rewrite, redirect, access) -#url.rewrite = ( "^/$" => "/server-status" ) -#url.redirect = ( "^/wishlist/(.+)" => "http://www.123.org/$1" ) -#### both rewrite/redirect support back reference to regex conditional using %n -#$HTTP["host"] =~ "^www\.(.*)" { -# url.redirect = ( "^/(.*)" => "http://%1/$1" ) -#} - -# -# define a pattern for the host url finding -# %% => % sign -# %0 => domain name + tld -# %1 => tld -# %2 => domain name without tld -# %3 => subdomain 1 name -# %4 => subdomain 2 name -# -#evhost.path-pattern = "/srv/www/vhosts/%3/htdocs/" - -#### expire module -#expire.url = ( "/buggy/" => "access 2 hours", "/asdhas/" => "access plus 1 seconds 2 minutes") - -#### ssi -#ssi.extension = ( ".shtml" ) - -#### rrdtool -#rrdtool.binary = "/usr/bin/rrdtool" -#rrdtool.db-name = "/var/lib/lighttpd/lighttpd.rrd" - -#### setenv -#setenv.add-request-header = ( "TRAV_ENV" => "mysql://user@host/db" ) -#setenv.add-response-header = ( "X-Secret-Message" => "42" ) - -## for mod_trigger_b4_dl -# trigger-before-download.gdbm-filename = "/var/lib/lighttpd/trigger.db" -# trigger-before-download.memcache-hosts = ( "127.0.0.1:11211" ) -# trigger-before-download.trigger-url = "^/trigger/" -# trigger-before-download.download-url = "^/download/" -# trigger-before-download.deny-url = "http://127.0.0.1/index.html" -# trigger-before-download.trigger-timeout = 10 - -## for mod_cml -## don't forget to add index.cml to server.indexfiles -# cml.extension = ".cml" -# cml.memcache-hosts = ( "127.0.0.1:11211" ) - -#### variable usage: -## variable name without "." is auto prefixed by "var." and becomes "var.bar" -#bar = 1 -#var.mystring = "foo" - -## integer add -#bar += 1 -## string concat, with integer cast as string, result: "www.foo1.com" -#server.name = "www." + mystring + var.bar + ".com" -## array merge -#index-file.names = (foo + ".php") + index-file.names -#index-file.names += (foo + ".php") - -#### include -#include /etc/lighttpd/lighttpd-inc.conf -## same as above if you run: "lighttpd -f /etc/lighttpd/lighttpd.conf" -#include "lighttpd-inc.conf" -include "lighttpd-gitweb.conf" - -# include configuration snippets, usually provided by packages -include_shell "find /etc/lighttpd/conf.d -maxdepth 1 -name '*.conf' -exec cat {} \;" - -#### include_shell -#include_shell "echo var.a=1" -## the above is same as: -#var.a=1 diff --git a/files/xinetd.d/git b/files/xinetd.d/git new file mode 100644 index 0000000..64c53e8 --- /dev/null +++ b/files/xinetd.d/git @@ -0,0 +1,16 @@ +# default: off +# description: The git dæmon allows git repositories to be exported using +# the git:// protocol. + +service git +{ + disable = no + socket_type = stream + wait = no + user = nobody + server = /usr/bin/git-daemon + server_args = --base-path=/srv/git --export-all --user-path=public_git --syslog --inetd --verbose + log_on_failure += USERID +# xinetd doesn't do this by default. bug #195265 + flags = IPv6 +} diff --git a/files/xinetd.d/git.disabled b/files/xinetd.d/git.disabled new file mode 100644 index 0000000..dcfae91 --- /dev/null +++ b/files/xinetd.d/git.disabled @@ -0,0 +1,16 @@ +# default: off +# description: The git dæmon allows git repositories to be exported using +# the git:// protocol. + +service git +{ + disable = yes + socket_type = stream + wait = no + user = nobody + server = /usr/bin/git-daemon + server_args = --base-path=/srv/git --export-all --user-path=public_git --syslog --inetd --verbose + log_on_failure += USERID +# xinetd doesn't do this by default. bug #195265 + flags = IPv6 +} diff --git a/files/xinetd.d/git.vhosts b/files/xinetd.d/git.vhosts new file mode 100644 index 0000000..9893820 --- /dev/null +++ b/files/xinetd.d/git.vhosts @@ -0,0 +1,16 @@ +# default: off +# description: The git dæmon allows git repositories to be exported using +# the git:// protocol. + +service git +{ + disable = no + socket_type = stream + wait = no + user = nobody + server = /usr/bin/git-daemon + server_args = --interpolated-path=/srv/git/%H/%D --syslog --inetd --verbose + log_on_failure += USERID +# xinetd doesn't do this by default. bug #195265 + flags = IPv6 +} diff --git a/manifests/clone.pp b/manifests/clone.pp index 1d6a298..29f0b2b 100644 --- a/manifests/clone.pp +++ b/manifests/clone.pp @@ -1,37 +1,60 @@ +# submodules: Whether we should initialize and update +# submodules as well +# Default: false +# clone_before: before which resources a cloning should +# happen. This is releveant in combination +# with submodules as the exec of submodules +# requires the `cwd` and you might get a +# dependency cycle if you manage $projectroot +# somewhere else. define git::clone( - $ensure = present, - $git_repo, - $projectroot, - $cloneddir_user='root', - $cloneddir_group='0', - $cloneddir_restrict_mode=true + $ensure = present, + $git_repo, + $projectroot, + $submodules = false, + $clone_before = 'absent', + $cloneddir_user='root', + $cloneddir_group='0', + $cloneddir_restrict_mode=true ){ - case $ensure { - absent: { - exec{"rm -rf $projectroot": - onlyif => "test -d $projectroot", - } + case $ensure { + absent: { + exec{"rm -rf $projectroot": + onlyif => "test -d $projectroot", + } + } + default: { + require ::git + exec {"git-clone_${name}": + command => "git clone --no-hardlinks ${git_repo} ${projectroot}", + creates => "${projectroot}/.git", + user => root, + notify => Exec["git-clone-chown_${name}"], + } + if $clone_before != 'absent' { + Exec["git-clone_${name}"]{ + before => $clone_before, + } + } + if $submodules { + exec{"git-submodules_${name}": + command => "git submodule init && git submodule update", + cwd => $projectroot, + refreshonly => true, + subscribe => Exec["git-clone_${name}"], } - default: { - include git - exec {"git-clone_${name}": - command => "git-clone --no-hardlinks ${git_repo} ${projectroot}", - creates => "${projectroot}/.git", - user => root, - require => Package['git'], - notify => Exec["git-clone-chown_${name}"], - } - exec {"git-clone-chown_${name}": - command => "chown -R ${cloneddir_user}:${cloneddir_group} ${projectroot};chmod -R og-rwx ${projectroot}/.git", - refreshonly => true - } - if $cloneddir_restrict_mode { - exec {"git-clone-chmod_${name}": - command => "chmod -R o-rwx ${projectroot}", - refreshonly => true, - subscribe => Exec["git-clone_${name}"], - } - } + } + exec {"git-clone-chown_${name}": + command => "chown -R ${cloneddir_user}:${cloneddir_group} ${projectroot};chmod -R og-rwx ${projectroot}/.git", + refreshonly => true + } + if $cloneddir_restrict_mode { + exec {"git-clone-chmod_${name}": + command => "chmod -R o-rwx ${projectroot}", + refreshonly => true, + subscribe => Exec["git-clone_${name}"], } + } } + } } diff --git a/manifests/web.pp b/manifests/web.pp index f82e8d3..73ed8f6 100644 --- a/manifests/web.pp +++ b/manifests/web.pp @@ -10,9 +10,9 @@ class git::web { owner => root, group => 0, mode => 0755; } file{'/etc/gitweb.conf': - source => [ "puppet://$server/modules/site-git/web/${fqdn}/gitweb.conf", - "puppet://$server/modules/site-git/web/gitweb.conf", - "puppet://$server/modules/git/web/gitweb.conf" ], + source => [ "puppet:///modules/site-git/web/${fqdn}/gitweb.conf", + "puppet:///modules/site-git/web/gitweb.conf", + "puppet:///modules/git/web/gitweb.conf" ], require => Package['gitweb'], owner => root, group => 0, mode => 0644; } diff --git a/manifests/web/lighttpd.pp b/manifests/web/lighttpd.pp index a169dc9..9534c60 100644 --- a/manifests/web/lighttpd.pp +++ b/manifests/web/lighttpd.pp @@ -1,24 +1,7 @@ class git::web::lighttpd { include ::lighttpd - include lighttpd::base::git::web - file{'/etc/lighttpd/lighttpd-gitweb.conf': - ensure => present, - require => Package['lighttpd'], - notify => Service['lighttpd'], - owner => root, group => 0, mode => 0644; - } - - file{'/etc/lighttpd/gitweb.d': - ensure => directory, - require => Package['lighttpd'], - owner => root, group => 0, mode => 0755; - } -} -class lighttpd::base::git::web inherits lighttpd::base { - File['/etc/lighttpd/lighttpd.conf']{ - source => [ "puppet://$server/modules/site-git/web/${fqdn}/lighttpd.conf", - "puppet://$server/modules/site-git/web/lighttpd.conf", - "puppet://$server/modules/git/web/lighttpd.conf" ], + lighttpd::config::file{'lighttpd-gitweb': + content => 'global { server.modules += ("mod_rewrite", "mod_redirect", "mod_alias", "mod_setenv", "mod_cgi" ) }', } } diff --git a/manifests/web/repo.pp b/manifests/web/repo.pp index 2cb387a..da6f74f 100644 --- a/manifests/web/repo.pp +++ b/manifests/web/repo.pp @@ -1,10 +1,15 @@ # domain: the domain under which this repo will be avaiable # projectroot: where the git repos are listened # projects_list: which repos to export +# +# logmode: +# - default: Do normal logging including ips +# - anonym: Don't log ips define git::web::repo( $ensure = 'present', $projectroot = 'absent', $projects_list = 'absent', + $logmode = 'default', $sitename = 'absent' ){ if ($ensure == 'present') and (($projects_list == 'absent') or ($projectroot == 'absent')){ @@ -31,12 +36,14 @@ define git::web::repo( 'lighttpd': { git::web::repo::lighttpd{$name: ensure => $ensure, + logmode => $logmode, gitweb_url => $gitweb_url, gitweb_config => $gitweb_config, } } 'apache': { apache::vhost::gitweb{$gitweb_url: + logmode => $logmode, ensure => $ensure, } } diff --git a/manifests/web/repo/lighttpd.pp b/manifests/web/repo/lighttpd.pp index 6676c4d..11cee4c 100644 --- a/manifests/web/repo/lighttpd.pp +++ b/manifests/web/repo/lighttpd.pp @@ -1,36 +1,16 @@ +# logmode: +# - default: Do normal logging including ips +# - anonym: Don't log ips define git::web::repo::lighttpd( $ensure = 'present', $gitweb_url, + $logmode = 'default', $gitweb_config ){ if $ensure == 'present' { include git::web::lighttpd } - file{"/etc/lighttpd/gitweb.d/${name}.conf": } - if $ensure == 'present' { - File["/etc/lighttpd/gitweb.d/${name}.conf"]{ - content => template("git/web/lighttpd"), - owner => root, group => 0, mode => 0644 - } - } else { - File["/etc/lighttpd/gitweb.d/${name}.conf"]{ - ensure => $ensure, - } - } - line{"include_of_gitwebrepo_${name}": - ensure => $ensure, - line => "include \"gitweb.d/${name}.conf\"", - file => "/etc/lighttpd/lighttpd-gitweb.conf", - } - if defined(Service['lighttpd']) { - File["/etc/lighttpd/gitweb.d/${name}.conf"]{ - notify => Service['lighttpd'], - } - Line["include_of_gitwebrepo_${name}"]{ - notify => Service['lighttpd'], - } - } - if defined(File['/etc/lighttpd/lighttpd-gitweb.conf']){ - Line["include_of_gitwebrepo_${name}"]{ - require => File['/etc/lighttpd/lighttpd-gitweb.conf'], - } + + lighttpd::vhost::file{$name: + ensure => $ensure, + content => template('git/web/lighttpd'); } } diff --git a/templates/web/lighttpd b/templates/web/lighttpd index 1153154..cf24469 100644 --- a/templates/web/lighttpd +++ b/templates/web/lighttpd @@ -3,10 +3,14 @@ $HTTP["host"] == "<%= gitweb_url %>" { "^$" => "/", ) + <%- if logmode.to_s == 'anonym' -%> + accesslog.format = "127.0.0.1 %V %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" + <%- end -%> + alias.url += ( - "/gitweb.css" => "/var/www/git/gitweb.css", - "/git-logo.png" => "/var/www/git/git-logo.png", - "/git-favicon.png" => "/var/www/git/git-favicon.png", + "/static/gitweb.css" => "/var/www/git/static/gitweb.css", + "/static/git-logo.png" => "/var/www/git/static/git-logo.png", + "/static/git-favicon.png" => "/var/www/git/static/git-favicon.png", "/" => "/var/www/git/gitweb.cgi", ) |