FiXato-ubuntu-machine 0.5.3.2.2 → 0.5.3.2.3

data/lib/capistrano/ext/ubuntu-machine.rb

@@ -19,4 +19,6 @@ Capistrano::Configuration.instance.load {load("#{File.dirname(__FILE__)}/ubuntu-
 Capistrano::Configuration.instance.load {load("#{File.dirname(__FILE__)}/ubuntu-machine/postfix.rb")}
 Capistrano::Configuration.instance.load {load("#{File.dirname(__FILE__)}/ubuntu-machine/ruby.rb")}
 Capistrano::Configuration.instance.load {load("#{File.dirname(__FILE__)}/ubuntu-machine/ssh.rb")}
-Capistrano::Configuration.instance.load {load("#{File.dirname(__FILE__)}/ubuntu-machine/utils.rb")}
+Capistrano::Configuration.instance.load {load("#{File.dirname(__FILE__)}/ubuntu-machine/tmpfs.rb")}
+Capistrano::Configuration.instance.load {load("#{File.dirname(__FILE__)}/ubuntu-machine/utils.rb")}
+Capistrano::Configuration.instance.load {load("#{File.dirname(__FILE__)}/ubuntu-machine/vsftpd.rb")}

data/lib/capistrano/ext/ubuntu-machine/apache.rb

@@ -123,4 +123,13 @@ namespace :apache do
     sudo "a2enmod deflate"
     force_reload
   end
+
+  desc "Install mod-xsendfile"
+  task :install_mod_xsendfile, :roles => :web do
+    run "wget http://tn123.ath.cx/mod_xsendfile/mod_xsendfile-0.9.tar.gz -O mod_xsendfile-0.9.tar.gz"
+    run "tar -xzf mod_xsendfile-0.9.tar.gz"
+    sudo "mkdir -p /usr/local/src"
+    sudo "mv mod_xsendfile-0.9* /usr/local/src/"
+    sudo "apxs2 -cia /usr/local/src/mod_xsendfile-0.9/mod_xsendfile.c"
+  end
 end

data/lib/capistrano/ext/ubuntu-machine/ssh.rb

@@ -60,5 +60,14 @@ namespace :ssh do
     sudo "/etc/init.d/ssh reload"
   end
   
+  desc <<-DESC
+    Upload a default SSH config.
+  DESC
+  task :upload_ssh_config, :roles => :gateway do
+    run "mkdir -p ~/.ssh"
+    run "chown -R #{user}:#{user} ~/.ssh"
+    run "chmod 700 ~/.ssh"
+    put File.read(ssh_config), "./.ssh/config", :mode => 0600
+  end
   
 end

data/lib/capistrano/ext/ubuntu-machine/templates/vsftpd.conf.erb

@@ -0,0 +1,158 @@
+# Example config file /etc/vsftpd.conf
+#
+# The default compiled in settings are fairly paranoid. This sample file
+# loosens things up a bit, to make the ftp daemon more usable.
+# Please see vsftpd.conf.5 for all compiled in defaults.
+#
+# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
+# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
+# capabilities.
+#
+#
+# Run standalone?  vsftpd can run either from an inetd or as a standalone
+# daemon started from an initscript.
+#listen=YES
+#
+# Run standalone with IPv6?
+# Like the listen parameter, except vsftpd will listen on an IPv6 socket
+# instead of an IPv4 one. This parameter and the listen parameter are mutually
+# exclusive.
+#listen_ipv6=YES
+#
+# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
+#anonymous_enable=YES
+#
+# Uncomment this to allow local users to log in.
+#local_enable=YES
+#
+# Uncomment this to enable any form of FTP write command.
+#write_enable=YES
+#
+# Default umask for local users is 077. You may wish to change this to 022,
+# if your users expect that (022 is used by most other ftpd's)
+#local_umask=022
+#
+# Uncomment this to allow the anonymous FTP user to upload files. This only
+# has an effect if the above global write enable is activated. Also, you will
+# obviously need to create a directory writable by the FTP user.
+#anon_upload_enable=YES
+#
+# Uncomment this if you want the anonymous FTP user to be able to create
+# new directories.
+#anon_mkdir_write_enable=YES
+#
+# Activate directory messages - messages given to remote users when they
+# go into a certain directory.
+#dirmessage_enable=YES
+#
+# Activate logging of uploads/downloads.
+#xferlog_enable=YES
+#
+# Make sure PORT transfer connections originate from port 20 (ftp-data).
+#connect_from_port_20=YES
+#
+# If you want, you can arrange for uploaded anonymous files to be owned by
+# a different user. Note! Using "root" for uploaded files is not
+# recommended!
+#chown_uploads=YES
+#chown_username=whoever
+#
+# You may override where the log file goes if you like. The default is shown
+# below.
+#xferlog_file=/var/log/vsftpd.log
+#
+# If you want, you can have your log file in standard ftpd xferlog format
+#xferlog_std_format=YES
+#
+# You may change the default value for timing out an idle session.
+#idle_session_timeout=600
+#
+# You may change the default value for timing out a data connection.
+#data_connection_timeout=120
+#
+# It is recommended that you define on your system a unique user which the
+# ftp server can use as a totally isolated and unprivileged user.
+#nopriv_user=ftpsecure
+#
+# Enable this and the server will recognise asynchronous ABOR requests. Not
+# recommended for security (the code is non-trivial). Not enabling it,
+# however, may confuse older FTP clients.
+#async_abor_enable=YES
+#
+# By default the server will pretend to allow ASCII mode but in fact ignore
+# the request. Turn on the below options to have the server actually do ASCII
+# mangling on files when in ASCII mode.
+# Beware that on some FTP servers, ASCII support allows a denial of service
+# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
+# predicted this attack and has always been safe, reporting the size of the
+# raw file.
+# ASCII mangling is a horrible feature of the protocol.
+#ascii_upload_enable=YES
+#ascii_download_enable=YES
+#
+# You may fully customise the login banner string:
+#ftpd_banner=Welcome to blah FTP service.
+#
+# You may specify a file of disallowed anonymous e-mail addresses. Apparently
+# useful for combatting certain DoS attacks.
+#deny_email_enable=YES
+# (default follows)
+#banned_email_file=/etc/vsftpd.banned_emails
+#
+# You may restrict local users to their home directories.  See the FAQ for
+# the possible risks in this before using chroot_local_user or
+# chroot_list_enable below.
+#chroot_local_user=YES
+#
+# You may specify an explicit list of local users to chroot() to their home
+# directory. If chroot_local_user is YES, then this list becomes a list of
+# users to NOT chroot().
+#chroot_list_enable=YES
+# (default follows)
+#chroot_list_file=/etc/vsftpd.chroot_list
+#
+# You may activate the "-R" option to the builtin ls. This is disabled by
+# default to avoid remote users being able to cause excessive I/O on large
+# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
+# the presence of the "-R" option, so there is a strong case for enabling it.
+#ls_recurse_enable=YES
+#
+#
+# Debian customization
+#
+# Some of vsftpd's settings don't fit the Debian filesystem layout by
+# default.  These settings are more Debian-friendly.
+#
+# This option should be the name of a directory which is empty.  Also, the
+# directory should not be writable by the ftp user. This directory is used
+# as a secure chroot() jail at times vsftpd does not require filesystem
+# access.
+secure_chroot_dir=/var/run/vsftpd
+#
+# This string is the name of the PAM service vsftpd will use.
+pam_service_name=vsftpd
+#
+# This option specifies the location of the RSA certificate to use for SSL
+# encrypted connections.
+rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
+# This option specifies the location of the RSA key to use for SSL
+# encrypted connections.
+rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
+
+# We run from init.d
+listen=YES
+# We do not want anons connecting nor uploading
+anonymous_enable=NO
+anon_upload_enable=NO
+# We want local users connecting/writing
+local_enable=YES
+write_enable=YES
+# Files are initially created as Owner/Group read/write
+file_open_mode=0660
+local_umask=0007
+# No need for active directory messages
+dirmessage_enable=NO
+xferlog_enable=YES
+connect_from_port_20=YES
+# Jail that local user!
+chroot_local_user=YES

data/lib/capistrano/ext/ubuntu-machine/tmpfs.rb

@@ -0,0 +1,20 @@
+namespace :tmpfs do
+  set :tmpfs_directories do
+    {
+      '/tmpfs' => {:size => '2G', :mode => '0744'},
+    }
+  end
+
+  desc "Create tmpfs directories"
+  task :create_directories, :roles => :app do
+    tmpfs_directories.each do |dir,options|
+      options[:size] = '2G' if options[:size].nil?
+      options[:mode] = '0744' if options[:mode].nil?
+      sudo "mkdir -p #{dir}"
+      sudo "mount -t tmpfs -o size=#{options[:size]},mode=#{options[:mode]} tmpfs #{dir}"
+      run "cp /etc/fstab fstab.tmp"
+      run "echo 'tmpfs #{dir} tmpfs size=#{options[:size]},mode=#{options[:mode]} 0 0' >> fstab.tmp"
+      sudo "mv fstab.tmp /etc/fstab"
+    end
+  end
+end

data/lib/capistrano/ext/ubuntu-machine/vsftpd.rb

@@ -0,0 +1,54 @@
+namespace :vsftpd do
+  set :vsftpd_user_shell, '/usr/sbin/nologin'
+  set :vsftpd_group, 'ftpusers'
+
+  desc "Install VSFTPd"
+  task :install, :roles => :app do
+    sudo "aptitude install -y vsftpd"
+    configure
+    add_nologin_shell
+    create_users
+  end
+
+  desc "Install VSFTPd configuration file"
+  task :configure, :roles => :app do
+    put render("vsftpd.conf", binding), "vsftpd.conf"
+    sudo "mv vsftpd.conf /etc/vsftpd.conf"
+    restart
+  end
+
+  desc "Add the :vsftpd_user_shell to /etc/shells"
+  task :add_nologin_shell, :roles => :app do
+    puts "If this fails, then the '#{vsftpd_user_shell}'-shell is already in /etc/shells"
+    run "test -z `grep #{vsftpd_user_shell} /etc/shells`"
+    run "cp /etc/shells ~/shells.tmp"
+    run "echo '#{vsftpd_user_shell}' >> ~/shells.tmp"
+    sudo "mv ~/shells.tmp /etc/shells"
+  end
+
+  desc "Create VSFTPd-only users"
+  task :create_users, :roles => :app do
+    vsftpd_users.each do |user_to_create|
+      sudo "groupadd -f #{vsftpd_group}"
+      sudo "usermod -a -G #{vsftpd_group} #{user}"
+      sudo "useradd --shell #{vsftpd_user_shell} --groups #{vsftpd_group} -m #{user_to_create}"
+      puts "Changing password for #{user_to_create}:"
+      sudo_and_watch_prompt("passwd #{user_to_create}", [/Enter new UNIX password/, /Retype new UNIX password:/, /\[\]\:/, /\[y\/N\]/i])
+    end
+  end
+
+  desc "Start the vsftpd server"
+  task :start, :roles => :app do
+    sudo "/etc/init.d/vsftpd start"
+  end
+
+  desc "Restart the vsftpd server"
+  task :restart, :roles => :app do
+    sudo "/etc/init.d/vsftpd restart"
+  end
+
+  desc "Stop the vsftpd server"
+  task :stop, :roles => :app do
+    sudo "/etc/init.d/vsftpd stop"
+  end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification 
 name: FiXato-ubuntu-machine
 version: !ruby/object:Gem::Version 
-  version: 0.5.3.2.2
+  version: 0.5.3.2.3
 platform: ruby
 authors: 
 - Thomas Balthazar
@@ -11,7 +11,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2009-06-10 00:00:00 -07:00
+date: 2009-06-12 00:00:00 -07:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -49,7 +49,9 @@ files:
 - lib/capistrano/ext/ubuntu-machine/postfix.rb
 - lib/capistrano/ext/ubuntu-machine/ruby.rb
 - lib/capistrano/ext/ubuntu-machine/ssh.rb
+- lib/capistrano/ext/ubuntu-machine/tmpfs.rb
 - lib/capistrano/ext/ubuntu-machine/utils.rb
+- lib/capistrano/ext/ubuntu-machine/vsftpd.rb
 - lib/capistrano/ext/ubuntu-machine/templates/apache2.erb
 - lib/capistrano/ext/ubuntu-machine/templates/iptables.erb
 - lib/capistrano/ext/ubuntu-machine/templates/my.cnf.erb
@@ -58,6 +60,7 @@ files:
 - lib/capistrano/ext/ubuntu-machine/templates/passenger.load.erb
 - lib/capistrano/ext/ubuntu-machine/templates/sshd_config.erb
 - lib/capistrano/ext/ubuntu-machine/templates/vhost.erb
+- lib/capistrano/ext/ubuntu-machine/templates/vsftpd.conf.erb
 - lib/capistrano/ext/ubuntu-machine/templates/deflate.conf.erb
 - lib/capistrano/ext/ubuntu-machine/templates/freetds.conf.erb
 - lib/capistrano/ext/ubuntu-machine/templates/odbc.ini.erb