centostrano 0.1

data/lib/deprec/templates/postfix/aliases.erb

@@ -0,0 +1,3 @@
+# See man 5 aliases for format
+postmaster:    root
+

data/lib/deprec/templates/postfix/dynamicmaps.cf.erb

@@ -0,0 +1,8 @@
+# Postfix dynamic maps configuration file.
+#
+# The first match found is the one that is used.  Wildcards are not supported
+# as of postfix 2.0.2
+#
+#type	location of .so file			open function	(mkmap func)
+#====	================================	=============	============
+tcp	/usr/lib/postfix/dict_tcp.so		dict_tcp_open	

data/lib/deprec/templates/postfix/main.cf.erb

@@ -0,0 +1,41 @@
+# See /usr/share/postfix/main.cf.dist for a commented, more complete version
+
+# Debian specific:  Specifying a file name will cause the first
+# line of that file to be used as the name.  The Debian default
+# is /etc/mailname.
+#myorigin = /etc/mailname
+
+smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
+biff = no
+
+# appending .domain is the MUA's job.
+append_dot_mydomain = no
+
+# Uncomment the next line to generate "delayed mail" warnings
+#delay_warning_time = 4h
+
+# TLS parameters
+smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
+smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
+smtpd_use_tls=yes
+smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
+smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
+
+# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
+# information on enabling SSL in the smtp client.
+
+myhostname = dn.blocksglobal.com
+alias_maps = hash:/etc/aliases
+alias_database = hash:/etc/aliases
+myorigin = /etc/mailname
+
+# deprec - XXX add something like this to template file
+# 
+# mydestination = <%# postfix_destination_domains * ', ' %>, localhost.localdomain, localhost
+mydestination = dn.blocksglobal.com, localhost.blocksglobal.com, , localhost
+
+relayhost = 
+mynetworks = 127.0.0.0/8
+mailbox_size_limit = 0
+recipient_delimiter = +
+inet_interfaces = all

data/lib/deprec/templates/postfix/master.cf.erb

@@ -0,0 +1,77 @@
+#
+# Postfix master process configuration file.  For details on the format
+# of the file, see the master(5) manual page (command: "man 5 master").
+#
+# ==========================================================================
+# service type  private unpriv  chroot  wakeup  maxproc command + args
+#               (yes)   (yes)   (yes)   (never) (100)
+# ==========================================================================
+smtp      inet  n       -       -       -       -       smtpd
+#submission inet n       -       -       -       -       smtpd
+#  -o smtpd_enforce_tls=yes
+#  -o smtpd_sasl_auth_enable=yes
+#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
+#smtps     inet  n       -       -       -       -       smtpd
+#  -o smtpd_tls_wrappermode=yes
+#  -o smtpd_sasl_auth_enable=yes
+#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
+#628      inet  n       -       -       -       -       qmqpd
+pickup    fifo  n       -       -       60      1       pickup
+cleanup   unix  n       -       -       -       0       cleanup
+qmgr      fifo  n       -       n       300     1       qmgr
+#qmgr     fifo  n       -       -       300     1       oqmgr
+tlsmgr    unix  -       -       -       1000?   1       tlsmgr
+rewrite   unix  -       -       -       -       -       trivial-rewrite
+bounce    unix  -       -       -       -       0       bounce
+defer     unix  -       -       -       -       0       bounce
+trace     unix  -       -       -       -       0       bounce
+verify    unix  -       -       -       -       1       verify
+flush     unix  n       -       -       1000?   0       flush
+proxymap  unix  -       -       n       -       -       proxymap
+smtp      unix  -       -       -       -       -       smtp
+# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
+relay     unix  -       -       -       -       -       smtp
+	-o smtp_fallback_relay=
+#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
+showq     unix  n       -       -       -       -       showq
+error     unix  -       -       -       -       -       error
+retry     unix  -       -       -       -       -       error
+discard   unix  -       -       -       -       -       discard
+local     unix  -       n       n       -       -       local
+virtual   unix  -       n       n       -       -       virtual
+lmtp      unix  -       -       -       -       -       lmtp
+anvil     unix  -       -       -       -       1       anvil
+scache	  unix	-	-	-	-	1	scache
+#
+# ====================================================================
+# Interfaces to non-Postfix software. Be sure to examine the manual
+# pages of the non-Postfix software to find out what options it wants.
+#
+# Many of the following services use the Postfix pipe(8) delivery
+# agent.  See the pipe(8) man page for information about ${recipient}
+# and other message envelope options.
+# ====================================================================
+#
+# maildrop. See the Postfix MAILDROP_README file for details.
+# Also specify in main.cf: maildrop_destination_recipient_limit=1
+#
+maildrop  unix  -       n       n       -       -       pipe
+  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
+#
+# See the Postfix UUCP_README file for configuration details.
+#
+uucp      unix  -       n       n       -       -       pipe
+  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
+#
+# Other external delivery methods.
+#
+ifmail    unix  -       n       n       -       -       pipe
+  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
+bsmtp     unix  -       n       n       -       -       pipe
+  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
+scalemail-backend unix	-	n	n	-	2	pipe
+  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
+mailman   unix  -       n       n       -       -       pipe
+  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
+  ${nexthop} ${user}
+

data/lib/deprec/templates/postgresql/pg_hba.conf.erb

@@ -0,0 +1,76 @@
+# PostgreSQL Client Authentication Configuration File
+# ===================================================
+#
+# Refer to the PostgreSQL Administrator's Guide, chapter "Client
+# Authentication" for a complete description.  A short synopsis
+# follows.
+#
+# This file controls: which hosts are allowed to connect, how clients
+# are authenticated, which PostgreSQL user names they can use, which
+# databases they can access.  Records take one of these forms:
+#
+# local      DATABASE  USER  METHOD  [OPTION]
+# host       DATABASE  USER  CIDR-ADDRESS  METHOD  [OPTION]
+# hostssl    DATABASE  USER  CIDR-ADDRESS  METHOD  [OPTION]
+# hostnossl  DATABASE  USER  CIDR-ADDRESS  METHOD  [OPTION]
+#
+# (The uppercase items must be replaced by actual values.)
+#
+# The first field is the connection type: "local" is a Unix-domain socket,
+# "host" is either a plain or SSL-encrypted TCP/IP socket, "hostssl" is an
+# SSL-encrypted TCP/IP socket, and "hostnossl" is a plain TCP/IP socket.
+#
+# DATABASE can be "all", "sameuser", "samerole", a database name, or
+# a comma-separated list thereof.
+#
+# USER can be "all", a user name, a group name prefixed with "+", or
+# a comma-separated list thereof.  In both the DATABASE and USER fields
+# you can also write a file name prefixed with "@" to include names from
+# a separate file.
+#
+# CIDR-ADDRESS specifies the set of hosts the record matches.
+# It is made up of an IP address and a CIDR mask that is an integer
+# (between 0 and 32 (IPv4) or 128 (IPv6) inclusive) that specifies
+# the number of significant bits in the mask.  Alternatively, you can write
+# an IP address and netmask in separate columns to specify the set of hosts.
+#
+# METHOD can be "trust", "reject", "md5", "crypt", "password",
+# "krb5", "ident", or "pam".  Note that "password" sends passwords
+# in clear text; "md5" is preferred since it sends encrypted passwords.
+#
+# OPTION is the ident map or the name of the PAM service, depending on METHOD.
+#
+# Database and user names containing spaces, commas, quotes and other special
+# characters must be quoted. Quoting one of the keywords "all", "sameuser" or
+# "samerole" makes the name lose its special character, and just match a
+# database or username with that name.
+#
+# This file is read on server startup and when the postmaster receives
+# a SIGHUP signal.  If you edit the file on a running system, you have
+# to SIGHUP the postmaster for the changes to take effect.  You can use
+# "pg_ctl reload" to do that.
+
+# Put your actual configuration here
+# ----------------------------------
+#
+# If you want to allow non-local connections, you need to add more
+# "host" records. In that case you will also need to make PostgreSQL listen
+# on a non-local interface via the listen_addresses configuration parameter,
+# or via the -i or -h command line switches.
+#
+
+
+
+# TYPE  DATABASE    USER        CIDR-ADDRESS          METHOD
+
+# "local" is for Unix domain socket connections only
+local	all         postgres                          ident sameuser
+local	all         all                               password
+# IPv4 local connections:
+host  all         postgres    127.0.0.1/32          ident sameuser
+host	all         all         127.0.0.1/32          password
+
+# IPv6 local connections:
+host	all         all         ::1/128               password
+
+

data/lib/deprec/templates/sphinx/monit.conf.erb

@@ -0,0 +1,5 @@
+check process searchd with pidfile /opt/local/var/db/sphinx/log/searchd.pid
+	start program = "/usr/local/bin/searchd --config <%= deploy_to %>/current/config/ultrasphinx/production.conf"
+	stop program = "/usr/local/bin/searchd --stop --config <%= deploy_to %>/current/config/ultrasphinx/production.conf"
+
+	if 3 restarts within 5 cycles then timeout

data/lib/deprec/templates/ssh/ssh_config.erb

@@ -0,0 +1,50 @@
+
+# This is the ssh client system-wide configuration file.  See
+# ssh_config(5) for more information.  This file provides defaults for
+# users, and the values can be changed in per-user configuration files
+# or on the command line.
+
+# Configuration data is parsed as follows:
+#  1. command line options
+#  2. user-specific file
+#  3. system-wide file
+# Any configuration value is only changed the first time it is set.
+# Thus, host-specific definitions should be at the beginning of the
+# configuration file, and defaults at the end.
+
+# Site-wide defaults for some commonly used options.  For a comprehensive
+# list of available options, their meanings and defaults, please see the
+# ssh_config(5) man page.
+
+Host *
+#   ForwardAgent no
+#   ForwardX11 no
+#   ForwardX11Trusted yes
+#   RhostsRSAAuthentication no
+#   RSAAuthentication yes
+#   PasswordAuthentication yes
+#   HostbasedAuthentication no
+#   GSSAPIAuthentication no
+#   GSSAPIDelegateCredentials no
+#   GSSAPIKeyExchange no
+#   GSSAPITrustDNS no
+#   BatchMode no
+#   CheckHostIP yes
+#   AddressFamily any
+#   ConnectTimeout 0
+#   StrictHostKeyChecking ask
+#   IdentityFile ~/.ssh/identity
+#   IdentityFile ~/.ssh/id_rsa
+#   IdentityFile ~/.ssh/id_dsa
+#   Port 22
+#   Protocol 2,1
+#   Cipher 3des
+#   Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
+#   EscapeChar ~
+#   Tunnel no
+#   TunnelDevice any:any
+#   PermitLocalCommand no
+    SendEnv LANG LC_*
+    HashKnownHosts yes
+    GSSAPIAuthentication yes
+    GSSAPIDelegateCredentials no

data/lib/deprec/templates/ssh/sshd_config.erb

@@ -0,0 +1,78 @@
+# Package generated configuration file
+# See the sshd(8) manpage for details
+
+# What ports, IPs and protocols we listen for
+Port 22
+# Use these options to restrict which interfaces/protocols sshd will bind to
+#ListenAddress ::
+#ListenAddress 0.0.0.0
+Protocol 2
+# HostKeys for protocol version 2
+HostKey /etc/ssh/ssh_host_rsa_key
+HostKey /etc/ssh/ssh_host_dsa_key
+#Privilege Separation is turned on for security
+UsePrivilegeSeparation yes
+
+# Lifetime and size of ephemeral version 1 server key
+KeyRegenerationInterval 3600
+ServerKeyBits 768
+
+# Logging
+SyslogFacility AUTH
+LogLevel INFO
+
+# Authentication:
+LoginGraceTime 120
+PermitRootLogin no
+StrictModes yes
+
+RSAAuthentication yes
+PubkeyAuthentication yes
+#AuthorizedKeysFile	%h/.ssh/authorized_keys
+
+# Don't read the user's ~/.rhosts and ~/.shosts files
+IgnoreRhosts yes
+# For this to work you will also need host keys in /etc/ssh_known_hosts
+RhostsRSAAuthentication no
+# similar for protocol version 2
+HostbasedAuthentication no
+# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
+#IgnoreUserKnownHosts yes
+
+# To enable empty passwords, change to yes (NOT RECOMMENDED)
+PermitEmptyPasswords no
+
+# Change to yes to enable challenge-response passwords (beware issues with
+# some PAM modules and threads)
+ChallengeResponseAuthentication no
+
+# Change to no to disable tunnelled clear text passwords
+PasswordAuthentication no
+
+# Kerberos options
+#KerberosAuthentication no
+#KerberosGetAFSToken no
+#KerberosOrLocalPasswd yes
+#KerberosTicketCleanup yes
+
+# GSSAPI options
+#GSSAPIAuthentication no
+#GSSAPICleanupCredentials yes
+
+X11Forwarding yes
+X11DisplayOffset 10
+PrintMotd no
+PrintLastLog yes
+TCPKeepAlive yes
+#UseLogin no
+
+#MaxStartups 10:30:60
+#Banner /etc/issue.net
+
+# Allow client to pass locale environment variables
+AcceptEnv LANG LC_*
+
+Subsystem sftp /usr/libexec/openssh/sftp-server
+
+UsePAM no
+UseDNS no

data/lib/deprec/templates/subversion/svn.apache.vhost.erb

@@ -0,0 +1,43 @@
+<VirtualHost *:80>
+  ServerName <%= @username %>.svn.engineyard.com
+  ServerAdmin admin@engineyard.com
+
+  <Location />
+    DAV svn
+
+    Satisfy Any
+    Require valid-user
+
+    AuthType Basic
+    AuthName "Engine Yard SVN Cluster: <%= @username %>"
+    AuthUserFile       /data/svn/<%= @username %>/users
+
+    AuthzSVNAccessFile /data/svn/<%= @username %>/access
+
+    SVNPath            /data/svn/<%= @username %>/repo
+  </Location>
+</VirtualHost>
+
+<VirtualHost *:443>
+  ServerName <%= @username %>.svn.engineyard.com
+  ServerAdmin admin@engineyard.com
+
+  <Location />
+    DAV svn
+
+    Satisfy Any
+    Require valid-user
+
+    AuthType Basic
+    AuthName "Engine Yard SVN Cluster: <%= @username %>"
+    AuthUserFile       /data/svn/<%= @username %>/users
+
+    AuthzSVNAccessFile /data/svn/<%= @username %>/access
+
+    SVNPath            /data/svn/<%= @username %>/repo
+  </Location>
+
+  SSLEngine on
+  SSLProtocol all
+  SSLCipherSuite HIGH:MEDIUM
+</VirtualHost>

data/lib/deprec/templates/trac/apache_vhost.conf.erb

@@ -0,0 +1,24 @@
+<VirtualHost *:80>
+  ServerName <%= trac_home_url %>
+  
+  # Configure trac_cluster 
+  <Proxy balancer://trac_cluster>
+    BalancerMember http://127.0.0.1:<%= tracd_port %>
+  </Proxy>
+
+  RewriteEngine On
+  
+  # Redirect to the AGR track instance
+  RewriteRule   ^/$  /<%= application %>/  [R]
+  # Send all traffic to tracd
+  RewriteRule ^/(.*)$ balancer://trac_cluster%{REQUEST_URI} [P,QSA,L]
+  
+  # Deflate
+  AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css application/x-javascript
+  BrowserMatch ^Mozilla/4 gzip-only-text/html
+  BrowserMatch ^Mozilla/4\.0[678] no-gzip
+  BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
+
+  ErrorLog logs/trac.agoodride.tv-error_log
+  CustomLog logs/trac.agoodride.tv-access_log combined
+</VirtualHost>

data/lib/deprec/templates/trac/trac.ini.erb

@@ -0,0 +1,106 @@
+# -*- coding: utf-8 -*-
+
+[attachment]
+max_size = 262144
+render_unsafe_content = false
+
+[browser]
+downloadable_paths = /trunk, /branches/*, /tags/*
+hide_properties = svk:merge
+render_unsafe_content = false
+
+[changeset]
+max_diff_bytes = 10000000
+max_diff_files = 0
+wiki_format_messages = true
+
+[header_logo]
+alt = 
+height = -1
+link = <%= trac_header_logo_link %>
+src = common/trac_banner.png
+width = -1
+
+[logging]
+log_file = trac.log
+# log_format = <set in global trac.ini>
+log_level = DEBUG
+log_type = none
+
+[mimeviewer]
+enscript_modes = text/x-dylan:dylan:4
+enscript_path = enscript
+max_preview_size = 262144
+mime_map = text/x-dylan:dylan,text/x-idl:ice,text/x-ada:ads:adb
+php_path = php
+silvercity_modes = 
+tab_width = 8
+
+[notification]
+always_notify_owner = <%= trac_always_notify_owner.to_s %>
+always_notify_reporter = <%= trac_always_notify_reporter.to_s %>
+always_notify_updater = <%= trac_always_notify_updater.to_s %>
+mime_encoding = base64
+smtp_always_bcc = <%= trac_smtp_always_bcc %>
+smtp_always_cc = <%= trac_smtp_always_cc %>
+smtp_default_domain = <%= trac_smtp_default_domain %>
+smtp_enabled = <%= trac_smtp_enabled.to_s %>
+smtp_from = <%= trac_smtp_from %>
+smtp_password = <%= trac_smtp_password %>
+smtp_port = <%= trac_smtp_port %>
+smtp_replyto = <%= trac_smtp_replyto %>
+smtp_server = <%= trac_smtp_server %>
+smtp_subject_prefix = <%= trac_smtp_subject_prefix %>
+smtp_user = <%= trac_smtp_user %>
+use_public_cc = <%= trac_use_public_cc.to_s %>
+use_short_addr = <%= trac_use_short_addr.to_s %>
+use_tls = <%= trac_use_tls.to_s %>
+
+[project]
+descr = <%= trac_desc %>
+footer = Visit the Trac open source project at<br /><a href="http://trac.edgewall.org/">http://trac.edgewall.org/</a>
+icon = common/trac.ico
+name = <%= application %>
+url = http://<%= domain %>/
+
+[search]
+min_query_length = 3
+
+[ticket]
+default_component = 
+default_milestone = 
+default_priority = major
+default_type = defect
+default_version = 
+restrict_owner = false
+
+[timeline]
+changeset_long_messages = false
+changeset_show_files = 0
+default_daysback = 30
+ticket_show_details = false
+
+[trac]
+authz_file = 
+authz_module_name = 
+base_url = <%= trac_base_url %>
+check_auth_ip = true
+database = sqlite:db/trac.db
+default_charset = iso-8859-15
+default_handler = WikiModule
+htdocs_location = 
+ignore_auth_case = false
+mainnav = wiki,timeline,roadmap,browser,tickets,newticket,search
+metanav = login,logout,settings,help,about
+permission_store = DefaultPermissionStore
+repository_dir = <%= repos_root %>
+repository_type = svn
+# request_filters = <set in global trac.ini>
+# templates_dir = <set in global trac.ini>
+timeout = 20
+
+[wiki]
+ignore_missing_pages = false
+render_unsafe_content = false
+split_page_names = false
+