andyh-deprec 1.99.26
Sign up to get free protection for your applications and to get access to all the features.
- data/CHANGELOG +187 -0
- data/COPYING +19 -0
- data/LICENSE +339 -0
- data/README +138 -0
- data/THANKS +5 -0
- data/bin/depify +133 -0
- data/docs/ANNOUNCE.deprec2 +47 -0
- data/docs/README.install +88 -0
- data/docs/README.nagios +22 -0
- data/docs/README.rails +20 -0
- data/docs/README.svn +31 -0
- data/docs/ROADMAP.txt +74 -0
- data/docs/deprec-1.x/deprec-1.x.quickstart +50 -0
- data/docs/deprec-1.x/notes.txt +12 -0
- data/docs/deprec_banner.gif +0 -0
- data/docs/windows_linux.txt +350 -0
- data/docs/xen/plan.txt +5 -0
- data/docs/xen/traffic_monitoring_with_vnstat.txt +95 -0
- data/docs/xen/xen-tools-notes.txt +31 -0
- data/docs/xen/xen_on_hardy.txt +39 -0
- data/lib/deprec/capistrano_extensions.rb +391 -0
- data/lib/deprec/recipes/aoe.rb +80 -0
- data/lib/deprec/recipes/apache.rb +179 -0
- data/lib/deprec/recipes/ar_sendmail.rb +65 -0
- data/lib/deprec/recipes/canonical.rb +57 -0
- data/lib/deprec/recipes/deprec.rb +188 -0
- data/lib/deprec/recipes/deprecated.rb +71 -0
- data/lib/deprec/recipes/example.rb +115 -0
- data/lib/deprec/recipes/git.rb +97 -0
- data/lib/deprec/recipes/gitosis.rb +48 -0
- data/lib/deprec/recipes/heartbeat.rb +138 -0
- data/lib/deprec/recipes/logrotate.rb +54 -0
- data/lib/deprec/recipes/lvm.rb +20 -0
- data/lib/deprec/recipes/memcache.rb +49 -0
- data/lib/deprec/recipes/mongrel.rb +219 -0
- data/lib/deprec/recipes/monit.rb +135 -0
- data/lib/deprec/recipes/mysql.rb +115 -0
- data/lib/deprec/recipes/nagios.rb +305 -0
- data/lib/deprec/recipes/network.rb +81 -0
- data/lib/deprec/recipes/nginx.rb +144 -0
- data/lib/deprec/recipes/ntp.rb +103 -0
- data/lib/deprec/recipes/php.rb +99 -0
- data/lib/deprec/recipes/postfix.rb +105 -0
- data/lib/deprec/recipes/rails.rb +288 -0
- data/lib/deprec/recipes/ruby.rb +66 -0
- data/lib/deprec/recipes/sphinx.rb +83 -0
- data/lib/deprec/recipes/ssh.rb +93 -0
- data/lib/deprec/recipes/svn.rb +171 -0
- data/lib/deprec/recipes/trac.rb +277 -0
- data/lib/deprec/recipes/ubuntu.rb +20 -0
- data/lib/deprec/recipes/users.rb +90 -0
- data/lib/deprec/recipes/utils.rb +39 -0
- data/lib/deprec/recipes/vnstat.rb +85 -0
- data/lib/deprec/recipes/xen.rb +262 -0
- data/lib/deprec/recipes.rb +37 -0
- data/lib/deprec/templates/aoe/aoe-init +55 -0
- data/lib/deprec/templates/aoe/fence_aoemask +351 -0
- data/lib/deprec/templates/apache/httpd-vhost-app.conf.erb +144 -0
- data/lib/deprec/templates/apache/httpd.conf +465 -0
- data/lib/deprec/templates/apache/index.html.erb +37 -0
- data/lib/deprec/templates/apache/master.css +72 -0
- data/lib/deprec/templates/ar_sendmail/logrotate.conf.erb +9 -0
- data/lib/deprec/templates/ar_sendmail/monit.conf.erb +5 -0
- data/lib/deprec/templates/deprec/caprc.erb +14 -0
- data/lib/deprec/templates/heartbeat/authkeys.erb +2 -0
- data/lib/deprec/templates/heartbeat/ha.cf.erb +15 -0
- data/lib/deprec/templates/heartbeat/haresources.erb +1 -0
- data/lib/deprec/templates/logrotate/logrotate.conf.erb +32 -0
- data/lib/deprec/templates/mongrel/logrotate.conf.erb +11 -0
- data/lib/deprec/templates/mongrel/mongrel_cluster-init-script +54 -0
- data/lib/deprec/templates/mongrel/mongrel_cluster.logrotate.d +14 -0
- data/lib/deprec/templates/mongrel/mongrel_cluster.yml.erb +10 -0
- data/lib/deprec/templates/mongrel/monit.conf.erb +17 -0
- data/lib/deprec/templates/monit/monit-init-script +104 -0
- data/lib/deprec/templates/monit/monitrc.erb +227 -0
- data/lib/deprec/templates/monit/nothing +0 -0
- data/lib/deprec/templates/mysql/create_databases.sql +20 -0
- data/lib/deprec/templates/mysql/database.yml.prod +6 -0
- data/lib/deprec/templates/mysql/database.yml.stage +6 -0
- data/lib/deprec/templates/mysql/my.cnf.erb +140 -0
- data/lib/deprec/templates/mysql/sphinx.conf.prod +542 -0
- data/lib/deprec/templates/mysql/sphinx.conf.stage +542 -0
- data/lib/deprec/templates/nagios/cgi.cfg.erb +321 -0
- data/lib/deprec/templates/nagios/check_linux_free_memory.pl +118 -0
- data/lib/deprec/templates/nagios/check_mongrel_cluster.rb +82 -0
- data/lib/deprec/templates/nagios/commands.cfg.erb +240 -0
- data/lib/deprec/templates/nagios/contacts.cfg.erb +57 -0
- data/lib/deprec/templates/nagios/hosts.cfg.erb +143 -0
- data/lib/deprec/templates/nagios/htpasswd.users +1 -0
- data/lib/deprec/templates/nagios/localhost.cfg.erb +157 -0
- data/lib/deprec/templates/nagios/nagios.cfg.erb +1274 -0
- data/lib/deprec/templates/nagios/nagios_apache_vhost.conf.erb +45 -0
- data/lib/deprec/templates/nagios/nrpe.cfg.erb +210 -0
- data/lib/deprec/templates/nagios/nrpe.xinetd.erb +16 -0
- data/lib/deprec/templates/nagios/resource.cfg.erb +34 -0
- data/lib/deprec/templates/nagios/services.cfg.erb +79 -0
- data/lib/deprec/templates/nagios/templates.cfg.erb +9 -0
- data/lib/deprec/templates/nagios/timeperiods.cfg.erb +94 -0
- data/lib/deprec/templates/network/hostname.erb +1 -0
- data/lib/deprec/templates/network/hosts.erb +2 -0
- data/lib/deprec/templates/network/interfaces.erb +18 -0
- data/lib/deprec/templates/nginx/logrotate.conf.erb +13 -0
- data/lib/deprec/templates/nginx/mime.types.erb +70 -0
- data/lib/deprec/templates/nginx/nginx-init-script +62 -0
- data/lib/deprec/templates/nginx/nginx.conf.erb +125 -0
- data/lib/deprec/templates/nginx/nginx.logrotate.d +12 -0
- data/lib/deprec/templates/nginx/nothing.conf +1 -0
- data/lib/deprec/templates/nginx/rails_nginx_vhost.conf.erb +41 -0
- data/lib/deprec/templates/ntp/ntp.conf.erb +42 -0
- data/lib/deprec/templates/postfix/aliases.erb +3 -0
- data/lib/deprec/templates/postfix/dynamicmaps.cf.erb +8 -0
- data/lib/deprec/templates/postfix/main.cf.erb +41 -0
- data/lib/deprec/templates/postfix/master.cf.erb +77 -0
- data/lib/deprec/templates/sphinx/monit.conf.erb +5 -0
- data/lib/deprec/templates/ssh/ssh_config.erb +50 -0
- data/lib/deprec/templates/ssh/sshd_config.erb +78 -0
- data/lib/deprec/templates/subversion/svn.apache.vhost.erb +43 -0
- data/lib/deprec/templates/trac/apache_vhost.conf.erb +24 -0
- data/lib/deprec/templates/trac/nginx_vhost.conf.erb +26 -0
- data/lib/deprec/templates/trac/trac.ini.erb +169 -0
- data/lib/deprec/templates/trac/trac_deprec.png +0 -0
- data/lib/deprec/templates/trac/tracd-init.erb +43 -0
- data/lib/deprec/templates/trac/users.htdigest.erb +0 -0
- data/lib/deprec/templates/vnstat/config.php +57 -0
- data/lib/deprec/templates/xen/15-disable-hwclock +40 -0
- data/lib/deprec/templates/xen/network-bridge-wrapper +3 -0
- data/lib/deprec/templates/xen/xen-tools.conf.erb +220 -0
- data/lib/deprec/templates/xen/xend-config.sxp.erb +195 -0
- data/lib/deprec/templates/xen/xend-init.erb +69 -0
- data/lib/deprec/templates/xen/xendomains.erb +137 -0
- data/lib/deprec/templates/xen/xm.tmpl.erb +85 -0
- data/lib/deprec.rb +8 -0
- data/lib/deprec_cmd_completion.sh +26 -0
- data/lib/vmbuilder_plugins/all.rb +20 -0
- data/lib/vmbuilder_plugins/apt.rb +93 -0
- data/lib/vmbuilder_plugins/emerge.rb +76 -0
- data/lib/vmbuilder_plugins/gem.rb +90 -0
- data/lib/vmbuilder_plugins/std.rb +203 -0
- metadata +224 -0
@@ -0,0 +1,125 @@
|
|
1
|
+
|
2
|
+
user <%= nginx_user %>;
|
3
|
+
worker_processes <%= nginx_worker_processes %>;
|
4
|
+
|
5
|
+
#error_log logs/error.log;
|
6
|
+
#error_log logs/error.log notice;
|
7
|
+
#error_log logs/error.log info;
|
8
|
+
|
9
|
+
#pid logs/nginx.pid;
|
10
|
+
|
11
|
+
|
12
|
+
events {
|
13
|
+
worker_connections 1024;
|
14
|
+
use epoll;
|
15
|
+
}
|
16
|
+
|
17
|
+
|
18
|
+
http {
|
19
|
+
server_names_hash_bucket_size 512;
|
20
|
+
include /usr/local/nginx/conf/vhosts/*.conf;
|
21
|
+
include conf/mime.types;
|
22
|
+
default_type application/octet-stream;
|
23
|
+
|
24
|
+
#log_format main '$remote_addr - $remote_user [$time_local] $request '
|
25
|
+
# '"$status" $body_bytes_sent "$http_referer" '
|
26
|
+
# '"$http_user_agent" "$http_x_forwarded_for"';
|
27
|
+
|
28
|
+
#access_log logs/access.log main;
|
29
|
+
|
30
|
+
sendfile on;
|
31
|
+
tcp_nopush on;
|
32
|
+
|
33
|
+
#keepalive_timeout 0;
|
34
|
+
keepalive_timeout 65;
|
35
|
+
|
36
|
+
gzip on;
|
37
|
+
gzip_http_version 1.0;
|
38
|
+
gzip_comp_level 5; # 0 - 10, More is heavier on the CPU
|
39
|
+
gzip_proxied any;
|
40
|
+
gzip_buffers 16 8k;
|
41
|
+
gzip_types text/plain text/html text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript;
|
42
|
+
|
43
|
+
server {
|
44
|
+
listen 80;
|
45
|
+
server_name localhost;
|
46
|
+
|
47
|
+
#charset koi8-r;
|
48
|
+
|
49
|
+
#access_log logs/host.access.log main;
|
50
|
+
|
51
|
+
location / {
|
52
|
+
root html;
|
53
|
+
index index.html index.htm;
|
54
|
+
}
|
55
|
+
|
56
|
+
#error_page 404 /404.html;
|
57
|
+
|
58
|
+
# redirect server error pages to the static page /50x.html
|
59
|
+
#
|
60
|
+
error_page 500 502 503 504 /50x.html;
|
61
|
+
location = /50x.html {
|
62
|
+
root html;
|
63
|
+
}
|
64
|
+
|
65
|
+
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
|
66
|
+
#
|
67
|
+
#location ~ \.php$ {
|
68
|
+
# proxy_pass http://127.0.0.1;
|
69
|
+
#}
|
70
|
+
|
71
|
+
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
|
72
|
+
#
|
73
|
+
#location ~ \.php$ {
|
74
|
+
# fastcgi_pass 127.0.0.1:9000;
|
75
|
+
# fastcgi_index index.php;
|
76
|
+
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
|
77
|
+
# include conf/fastcgi_params;
|
78
|
+
#}
|
79
|
+
|
80
|
+
# deny access to .htaccess files, if Apache's document root
|
81
|
+
# concurs with nginx's one
|
82
|
+
#
|
83
|
+
#location ~ /\.ht {
|
84
|
+
# deny all;
|
85
|
+
#}
|
86
|
+
}
|
87
|
+
|
88
|
+
|
89
|
+
# another virtual host using mix of IP-, name-, and port-based configuration
|
90
|
+
#
|
91
|
+
#server {
|
92
|
+
# listen 8000;
|
93
|
+
# listen somename:8080;
|
94
|
+
# server_name somename alias another.alias;
|
95
|
+
|
96
|
+
# location / {
|
97
|
+
# root html;
|
98
|
+
# index index.html index.htm;
|
99
|
+
# }
|
100
|
+
#}
|
101
|
+
|
102
|
+
|
103
|
+
# HTTPS server
|
104
|
+
#
|
105
|
+
#server {
|
106
|
+
# listen 443;
|
107
|
+
# server_name localhost;
|
108
|
+
|
109
|
+
# ssl on;
|
110
|
+
# ssl_certificate cert.pem;
|
111
|
+
# ssl_certificate_key cert.key;
|
112
|
+
|
113
|
+
# ssl_session_timeout 5m;
|
114
|
+
|
115
|
+
# ssl_protocols SSLv2 SSLv3 TLSv1;
|
116
|
+
# ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
|
117
|
+
# ssl_prefer_server_ciphers on;
|
118
|
+
|
119
|
+
# location / {
|
120
|
+
# root html;
|
121
|
+
# index index.html index.htm;
|
122
|
+
# }
|
123
|
+
#}
|
124
|
+
|
125
|
+
}
|
@@ -0,0 +1 @@
|
|
1
|
+
# This dir is for vhost config files
|
@@ -0,0 +1,41 @@
|
|
1
|
+
upstream <%= application %> {
|
2
|
+
<% mongrel_servers.times do |counter| -%>
|
3
|
+
<%= "server 127.0.0.1:#{mongrel_port+counter};" %>
|
4
|
+
<% end -%>
|
5
|
+
}
|
6
|
+
|
7
|
+
server {
|
8
|
+
listen 80;
|
9
|
+
server_name <%= domain %> <% 4.times do |counter| %> <%= domain.sub(/.*?\./, "assets#{counter}.") %><% end %>;
|
10
|
+
root <%= deploy_to %>/current/public;
|
11
|
+
access_log <%= deploy_to %>/shared/log/<%= domain %>-access.log;
|
12
|
+
error_log <%= deploy_to %>/shared/log/<%= domain %>-error.log;
|
13
|
+
client_max_body_size <%= nginx_client_max_body_size %>;
|
14
|
+
|
15
|
+
if (-f $document_root/system/maintenance.html){
|
16
|
+
rewrite ^(.*)$ /system/maintenance.html last;
|
17
|
+
break;
|
18
|
+
}
|
19
|
+
location / {
|
20
|
+
proxy_set_header X-Real-IP $remote_addr;
|
21
|
+
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
22
|
+
proxy_set_header Host $http_host;
|
23
|
+
proxy_redirect false;
|
24
|
+
|
25
|
+
if (-f $request_filename/index.html) {
|
26
|
+
rewrite (.*) $1/index.html break;
|
27
|
+
}
|
28
|
+
if (-f $request_filename.html) {
|
29
|
+
rewrite (.*) $1.html break;
|
30
|
+
}
|
31
|
+
if (!-f $request_filename) {
|
32
|
+
proxy_pass http://<%= application %>;
|
33
|
+
break;
|
34
|
+
}
|
35
|
+
}
|
36
|
+
|
37
|
+
error_page 500 502 503 504 /50x.html;
|
38
|
+
location = /50x.html {
|
39
|
+
root html;
|
40
|
+
}
|
41
|
+
}
|
@@ -0,0 +1,42 @@
|
|
1
|
+
# /etc/ntp.conf, configuration for ntpd
|
2
|
+
|
3
|
+
driftfile /var/lib/ntp/ntp.drift
|
4
|
+
|
5
|
+
# Enable this if you want statistics to be logged.
|
6
|
+
#statsdir /var/log/ntpstats/
|
7
|
+
|
8
|
+
statistics loopstats peerstats clockstats
|
9
|
+
filegen loopstats file loopstats type day enable
|
10
|
+
filegen peerstats file peerstats type day enable
|
11
|
+
filegen clockstats file clockstats type day enable
|
12
|
+
|
13
|
+
|
14
|
+
# You do need to talk to an NTP server or two (or three).
|
15
|
+
server ntp.ubuntu.com
|
16
|
+
server 0.pool.ntp.org
|
17
|
+
server 1.pool.ntp.org
|
18
|
+
server 2.pool.ntp.org
|
19
|
+
server pool.ntp.org
|
20
|
+
|
21
|
+
# By default, exchange time with everybody, but don't allow configuration.
|
22
|
+
# See /usr/share/doc/ntp-doc/html/accopt.html for details.
|
23
|
+
restrict -4 default kod notrap nomodify nopeer noquery
|
24
|
+
restrict -6 default kod notrap nomodify nopeer noquery
|
25
|
+
|
26
|
+
# Local users may interrogate the ntp server more closely.
|
27
|
+
restrict 127.0.0.1
|
28
|
+
restrict ::1
|
29
|
+
|
30
|
+
# Clients from this (example!) subnet have unlimited access,
|
31
|
+
# but only if cryptographically authenticated
|
32
|
+
#restrict 192.168.123.0 mask 255.255.255.0 notrust
|
33
|
+
|
34
|
+
# If you want to provide time to your local subnet, change the next line.
|
35
|
+
# (Again, the address is an example only.)
|
36
|
+
#broadcast 192.168.123.255
|
37
|
+
|
38
|
+
# If you want to listen to time broadcasts on your local subnet,
|
39
|
+
# de-comment the next lines. Please do this only if you trust everybody
|
40
|
+
# on the network!
|
41
|
+
#disable auth
|
42
|
+
#broadcastclient
|
@@ -0,0 +1,8 @@
|
|
1
|
+
# Postfix dynamic maps configuration file.
|
2
|
+
#
|
3
|
+
# The first match found is the one that is used. Wildcards are not supported
|
4
|
+
# as of postfix 2.0.2
|
5
|
+
#
|
6
|
+
#type location of .so file open function (mkmap func)
|
7
|
+
#==== ================================ ============= ============
|
8
|
+
tcp /usr/lib/postfix/dict_tcp.so dict_tcp_open
|
@@ -0,0 +1,41 @@
|
|
1
|
+
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
|
2
|
+
|
3
|
+
# Debian specific: Specifying a file name will cause the first
|
4
|
+
# line of that file to be used as the name. The Debian default
|
5
|
+
# is /etc/mailname.
|
6
|
+
#myorigin = /etc/mailname
|
7
|
+
|
8
|
+
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
|
9
|
+
biff = no
|
10
|
+
|
11
|
+
# appending .domain is the MUA's job.
|
12
|
+
append_dot_mydomain = no
|
13
|
+
|
14
|
+
# Uncomment the next line to generate "delayed mail" warnings
|
15
|
+
#delay_warning_time = 4h
|
16
|
+
|
17
|
+
# TLS parameters
|
18
|
+
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
|
19
|
+
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
|
20
|
+
smtpd_use_tls=yes
|
21
|
+
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
|
22
|
+
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
|
23
|
+
|
24
|
+
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
|
25
|
+
# information on enabling SSL in the smtp client.
|
26
|
+
|
27
|
+
myhostname = dn.blocksglobal.com
|
28
|
+
alias_maps = hash:/etc/aliases
|
29
|
+
alias_database = hash:/etc/aliases
|
30
|
+
myorigin = /etc/mailname
|
31
|
+
|
32
|
+
# deprec - XXX add something like this to template file
|
33
|
+
#
|
34
|
+
# mydestination = <%# postfix_destination_domains * ', ' %>, localhost.localdomain, localhost
|
35
|
+
mydestination = dn.blocksglobal.com, localhost.blocksglobal.com, , localhost
|
36
|
+
|
37
|
+
relayhost =
|
38
|
+
mynetworks = 127.0.0.0/8
|
39
|
+
mailbox_size_limit = 0
|
40
|
+
recipient_delimiter = +
|
41
|
+
inet_interfaces = all
|
@@ -0,0 +1,77 @@
|
|
1
|
+
#
|
2
|
+
# Postfix master process configuration file. For details on the format
|
3
|
+
# of the file, see the master(5) manual page (command: "man 5 master").
|
4
|
+
#
|
5
|
+
# ==========================================================================
|
6
|
+
# service type private unpriv chroot wakeup maxproc command + args
|
7
|
+
# (yes) (yes) (yes) (never) (100)
|
8
|
+
# ==========================================================================
|
9
|
+
smtp inet n - - - - smtpd
|
10
|
+
#submission inet n - - - - smtpd
|
11
|
+
# -o smtpd_enforce_tls=yes
|
12
|
+
# -o smtpd_sasl_auth_enable=yes
|
13
|
+
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
|
14
|
+
#smtps inet n - - - - smtpd
|
15
|
+
# -o smtpd_tls_wrappermode=yes
|
16
|
+
# -o smtpd_sasl_auth_enable=yes
|
17
|
+
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
|
18
|
+
#628 inet n - - - - qmqpd
|
19
|
+
pickup fifo n - - 60 1 pickup
|
20
|
+
cleanup unix n - - - 0 cleanup
|
21
|
+
qmgr fifo n - n 300 1 qmgr
|
22
|
+
#qmgr fifo n - - 300 1 oqmgr
|
23
|
+
tlsmgr unix - - - 1000? 1 tlsmgr
|
24
|
+
rewrite unix - - - - - trivial-rewrite
|
25
|
+
bounce unix - - - - 0 bounce
|
26
|
+
defer unix - - - - 0 bounce
|
27
|
+
trace unix - - - - 0 bounce
|
28
|
+
verify unix - - - - 1 verify
|
29
|
+
flush unix n - - 1000? 0 flush
|
30
|
+
proxymap unix - - n - - proxymap
|
31
|
+
smtp unix - - - - - smtp
|
32
|
+
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
|
33
|
+
relay unix - - - - - smtp
|
34
|
+
-o smtp_fallback_relay=
|
35
|
+
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
|
36
|
+
showq unix n - - - - showq
|
37
|
+
error unix - - - - - error
|
38
|
+
retry unix - - - - - error
|
39
|
+
discard unix - - - - - discard
|
40
|
+
local unix - n n - - local
|
41
|
+
virtual unix - n n - - virtual
|
42
|
+
lmtp unix - - - - - lmtp
|
43
|
+
anvil unix - - - - 1 anvil
|
44
|
+
scache unix - - - - 1 scache
|
45
|
+
#
|
46
|
+
# ====================================================================
|
47
|
+
# Interfaces to non-Postfix software. Be sure to examine the manual
|
48
|
+
# pages of the non-Postfix software to find out what options it wants.
|
49
|
+
#
|
50
|
+
# Many of the following services use the Postfix pipe(8) delivery
|
51
|
+
# agent. See the pipe(8) man page for information about ${recipient}
|
52
|
+
# and other message envelope options.
|
53
|
+
# ====================================================================
|
54
|
+
#
|
55
|
+
# maildrop. See the Postfix MAILDROP_README file for details.
|
56
|
+
# Also specify in main.cf: maildrop_destination_recipient_limit=1
|
57
|
+
#
|
58
|
+
maildrop unix - n n - - pipe
|
59
|
+
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
|
60
|
+
#
|
61
|
+
# See the Postfix UUCP_README file for configuration details.
|
62
|
+
#
|
63
|
+
uucp unix - n n - - pipe
|
64
|
+
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
|
65
|
+
#
|
66
|
+
# Other external delivery methods.
|
67
|
+
#
|
68
|
+
ifmail unix - n n - - pipe
|
69
|
+
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
|
70
|
+
bsmtp unix - n n - - pipe
|
71
|
+
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
|
72
|
+
scalemail-backend unix - n n - 2 pipe
|
73
|
+
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
|
74
|
+
mailman unix - n n - - pipe
|
75
|
+
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
|
76
|
+
${nexthop} ${user}
|
77
|
+
|
@@ -0,0 +1,5 @@
|
|
1
|
+
check process searchd with pidfile /opt/local/var/db/sphinx/log/searchd.pid
|
2
|
+
start program = "/usr/local/bin/searchd --config <%= deploy_to %>/current/config/ultrasphinx/production.conf"
|
3
|
+
stop program = "/usr/local/bin/searchd --stop --config <%= deploy_to %>/current/config/ultrasphinx/production.conf"
|
4
|
+
|
5
|
+
if 3 restarts within 5 cycles then timeout
|
@@ -0,0 +1,50 @@
|
|
1
|
+
|
2
|
+
# This is the ssh client system-wide configuration file. See
|
3
|
+
# ssh_config(5) for more information. This file provides defaults for
|
4
|
+
# users, and the values can be changed in per-user configuration files
|
5
|
+
# or on the command line.
|
6
|
+
|
7
|
+
# Configuration data is parsed as follows:
|
8
|
+
# 1. command line options
|
9
|
+
# 2. user-specific file
|
10
|
+
# 3. system-wide file
|
11
|
+
# Any configuration value is only changed the first time it is set.
|
12
|
+
# Thus, host-specific definitions should be at the beginning of the
|
13
|
+
# configuration file, and defaults at the end.
|
14
|
+
|
15
|
+
# Site-wide defaults for some commonly used options. For a comprehensive
|
16
|
+
# list of available options, their meanings and defaults, please see the
|
17
|
+
# ssh_config(5) man page.
|
18
|
+
|
19
|
+
Host *
|
20
|
+
# ForwardAgent no
|
21
|
+
# ForwardX11 no
|
22
|
+
# ForwardX11Trusted yes
|
23
|
+
# RhostsRSAAuthentication no
|
24
|
+
# RSAAuthentication yes
|
25
|
+
# PasswordAuthentication yes
|
26
|
+
# HostbasedAuthentication no
|
27
|
+
# GSSAPIAuthentication no
|
28
|
+
# GSSAPIDelegateCredentials no
|
29
|
+
# GSSAPIKeyExchange no
|
30
|
+
# GSSAPITrustDNS no
|
31
|
+
# BatchMode no
|
32
|
+
# CheckHostIP yes
|
33
|
+
# AddressFamily any
|
34
|
+
# ConnectTimeout 0
|
35
|
+
# StrictHostKeyChecking ask
|
36
|
+
# IdentityFile ~/.ssh/identity
|
37
|
+
# IdentityFile ~/.ssh/id_rsa
|
38
|
+
# IdentityFile ~/.ssh/id_dsa
|
39
|
+
# Port 22
|
40
|
+
# Protocol 2,1
|
41
|
+
# Cipher 3des
|
42
|
+
# Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
|
43
|
+
# EscapeChar ~
|
44
|
+
# Tunnel no
|
45
|
+
# TunnelDevice any:any
|
46
|
+
# PermitLocalCommand no
|
47
|
+
SendEnv LANG LC_*
|
48
|
+
HashKnownHosts yes
|
49
|
+
GSSAPIAuthentication yes
|
50
|
+
GSSAPIDelegateCredentials no
|
@@ -0,0 +1,78 @@
|
|
1
|
+
# Package generated configuration file
|
2
|
+
# See the sshd(8) manpage for details
|
3
|
+
|
4
|
+
# What ports, IPs and protocols we listen for
|
5
|
+
Port 22
|
6
|
+
# Use these options to restrict which interfaces/protocols sshd will bind to
|
7
|
+
#ListenAddress ::
|
8
|
+
#ListenAddress 0.0.0.0
|
9
|
+
Protocol 2
|
10
|
+
# HostKeys for protocol version 2
|
11
|
+
HostKey /etc/ssh/ssh_host_rsa_key
|
12
|
+
HostKey /etc/ssh/ssh_host_dsa_key
|
13
|
+
#Privilege Separation is turned on for security
|
14
|
+
UsePrivilegeSeparation yes
|
15
|
+
|
16
|
+
# Lifetime and size of ephemeral version 1 server key
|
17
|
+
KeyRegenerationInterval 3600
|
18
|
+
ServerKeyBits 768
|
19
|
+
|
20
|
+
# Logging
|
21
|
+
SyslogFacility AUTH
|
22
|
+
LogLevel INFO
|
23
|
+
|
24
|
+
# Authentication:
|
25
|
+
LoginGraceTime 120
|
26
|
+
PermitRootLogin no
|
27
|
+
StrictModes yes
|
28
|
+
|
29
|
+
RSAAuthentication yes
|
30
|
+
PubkeyAuthentication yes
|
31
|
+
#AuthorizedKeysFile %h/.ssh/authorized_keys
|
32
|
+
|
33
|
+
# Don't read the user's ~/.rhosts and ~/.shosts files
|
34
|
+
IgnoreRhosts yes
|
35
|
+
# For this to work you will also need host keys in /etc/ssh_known_hosts
|
36
|
+
RhostsRSAAuthentication no
|
37
|
+
# similar for protocol version 2
|
38
|
+
HostbasedAuthentication no
|
39
|
+
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
|
40
|
+
#IgnoreUserKnownHosts yes
|
41
|
+
|
42
|
+
# To enable empty passwords, change to yes (NOT RECOMMENDED)
|
43
|
+
PermitEmptyPasswords no
|
44
|
+
|
45
|
+
# Change to yes to enable challenge-response passwords (beware issues with
|
46
|
+
# some PAM modules and threads)
|
47
|
+
ChallengeResponseAuthentication no
|
48
|
+
|
49
|
+
# Change to no to disable tunnelled clear text passwords
|
50
|
+
PasswordAuthentication no
|
51
|
+
|
52
|
+
# Kerberos options
|
53
|
+
#KerberosAuthentication no
|
54
|
+
#KerberosGetAFSToken no
|
55
|
+
#KerberosOrLocalPasswd yes
|
56
|
+
#KerberosTicketCleanup yes
|
57
|
+
|
58
|
+
# GSSAPI options
|
59
|
+
#GSSAPIAuthentication no
|
60
|
+
#GSSAPICleanupCredentials yes
|
61
|
+
|
62
|
+
X11Forwarding yes
|
63
|
+
X11DisplayOffset 10
|
64
|
+
PrintMotd no
|
65
|
+
PrintLastLog yes
|
66
|
+
TCPKeepAlive yes
|
67
|
+
#UseLogin no
|
68
|
+
|
69
|
+
#MaxStartups 10:30:60
|
70
|
+
#Banner /etc/issue.net
|
71
|
+
|
72
|
+
# Allow client to pass locale environment variables
|
73
|
+
AcceptEnv LANG LC_*
|
74
|
+
|
75
|
+
Subsystem sftp /usr/lib/openssh/sftp-server
|
76
|
+
|
77
|
+
UsePAM no
|
78
|
+
UseDNS no
|
@@ -0,0 +1,43 @@
|
|
1
|
+
<VirtualHost *:80>
|
2
|
+
ServerName <%= @username %>.svn.engineyard.com
|
3
|
+
ServerAdmin admin@engineyard.com
|
4
|
+
|
5
|
+
<Location />
|
6
|
+
DAV svn
|
7
|
+
|
8
|
+
Satisfy Any
|
9
|
+
Require valid-user
|
10
|
+
|
11
|
+
AuthType Basic
|
12
|
+
AuthName "Engine Yard SVN Cluster: <%= @username %>"
|
13
|
+
AuthUserFile /data/svn/<%= @username %>/users
|
14
|
+
|
15
|
+
AuthzSVNAccessFile /data/svn/<%= @username %>/access
|
16
|
+
|
17
|
+
SVNPath /data/svn/<%= @username %>/repo
|
18
|
+
</Location>
|
19
|
+
</VirtualHost>
|
20
|
+
|
21
|
+
<VirtualHost *:443>
|
22
|
+
ServerName <%= @username %>.svn.engineyard.com
|
23
|
+
ServerAdmin admin@engineyard.com
|
24
|
+
|
25
|
+
<Location />
|
26
|
+
DAV svn
|
27
|
+
|
28
|
+
Satisfy Any
|
29
|
+
Require valid-user
|
30
|
+
|
31
|
+
AuthType Basic
|
32
|
+
AuthName "Engine Yard SVN Cluster: <%= @username %>"
|
33
|
+
AuthUserFile /data/svn/<%= @username %>/users
|
34
|
+
|
35
|
+
AuthzSVNAccessFile /data/svn/<%= @username %>/access
|
36
|
+
|
37
|
+
SVNPath /data/svn/<%= @username %>/repo
|
38
|
+
</Location>
|
39
|
+
|
40
|
+
SSLEngine on
|
41
|
+
SSLProtocol all
|
42
|
+
SSLCipherSuite HIGH:MEDIUM
|
43
|
+
</VirtualHost>
|
@@ -0,0 +1,24 @@
|
|
1
|
+
<VirtualHost *:80>
|
2
|
+
ServerName <%= trac_home_url %>
|
3
|
+
|
4
|
+
# Configure trac_cluster
|
5
|
+
<Proxy balancer://trac_cluster>
|
6
|
+
BalancerMember http://127.0.0.1:<%= tracd_port %>
|
7
|
+
</Proxy>
|
8
|
+
|
9
|
+
RewriteEngine On
|
10
|
+
|
11
|
+
# Redirect to the AGR track instance
|
12
|
+
RewriteRule ^/$ /<%= application %>/ [R]
|
13
|
+
# Send all traffic to tracd
|
14
|
+
RewriteRule ^/(.*)$ balancer://trac_cluster%{REQUEST_URI} [P,QSA,L]
|
15
|
+
|
16
|
+
# Deflate
|
17
|
+
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css application/x-javascript
|
18
|
+
BrowserMatch ^Mozilla/4 gzip-only-text/html
|
19
|
+
BrowserMatch ^Mozilla/4\.0[678] no-gzip
|
20
|
+
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
|
21
|
+
|
22
|
+
ErrorLog logs/trac.agoodride.tv-error_log
|
23
|
+
CustomLog logs/trac.agoodride.tv-access_log combined
|
24
|
+
</VirtualHost>
|
@@ -0,0 +1,26 @@
|
|
1
|
+
upstream tracd-<%= application %> {
|
2
|
+
server 127.0.0.1:9000;
|
3
|
+
}
|
4
|
+
|
5
|
+
server {
|
6
|
+
listen 80;
|
7
|
+
server_name <%= tracd_vhost_domain %>;
|
8
|
+
|
9
|
+
location / {
|
10
|
+
proxy_set_header X-Real-IP $remote_addr;
|
11
|
+
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
12
|
+
proxy_set_header Host $http_host;
|
13
|
+
proxy_redirect false;
|
14
|
+
|
15
|
+
if ($request_filename !~ /<%= application %> ) {
|
16
|
+
rewrite (.*) http://<%= tracd_vhost_domain %>/<%= application %>$1 permanent;
|
17
|
+
}
|
18
|
+
proxy_pass http://tracd-<%= application %>;
|
19
|
+
break;
|
20
|
+
}
|
21
|
+
|
22
|
+
error_page 500 502 503 504 /50x.html;
|
23
|
+
location = /50x.html {
|
24
|
+
root html;
|
25
|
+
}
|
26
|
+
}
|