le1t0-deprec 2.1.6.001

data/lib/deprec/templates/s3utils/s3cfg

@@ -0,0 +1,35 @@
+[default]
+access_key = <%= s3utils_access_key %>
+acl_public = False
+bucket_location = <%= s3utils_bucket_location %>
+cloudfront_host = cloudfront.amazonaws.com
+cloudfront_resource = /2008-06-30/distribution
+default_mime_type = binary/octet-stream
+delete_removed = False
+dry_run = False
+encoding = ANSI_X3.4-1968
+encrypt = False
+force = False
+get_continue = False
+gpg_command = /usr/bin/gpg
+gpg_decrypt = %(gpg_command)s -d --verbose --no-use-agent --batch --yes --passphrase-fd %(passphrase_fd)s -o %(output_file)s %(input_file)s
+gpg_encrypt = %(gpg_command)s -c --verbose --no-use-agent --batch --yes --passphrase-fd %(passphrase_fd)s -o %(output_file)s %(input_file)s
+gpg_passphrase = <%= s3utils_passphrase %>
+guess_mime_type = True
+host_base = s3.amazonaws.com
+host_bucket = %(bucket)s.s3.amazonaws.com
+human_readable_sizes = False
+list_md5 = False
+preserve_attrs = True
+progress_meter = True
+proxy_host = 
+proxy_port = 0
+recursive = False
+recv_chunk = 4096
+secret_key = <%= s3utils_secret_key %>
+send_chunk = 4096
+simpledb_host = sdb.amazonaws.com
+skip_existing = False
+urlencoding_mode = normal
+use_https = True
+verbosity = WARNING

data/lib/deprec/templates/s3utils/s3config.yml

@@ -0,0 +1,3 @@
+aws_access_key_id: <%= s3utils_access_key %>
+aws_secret_access_key: <%= s3utils_secret_key %>
+aws_calling_format: <%= s3utils_calling_format %>

data/lib/deprec/templates/sphinx/monit.conf.erb

@@ -0,0 +1,5 @@
+check process searchd with pidfile /opt/local/var/db/sphinx/log/searchd.pid
+	start program = "/usr/local/bin/searchd --config <%= deploy_to %>/current/config/ultrasphinx/production.conf"
+	stop program = "/usr/local/bin/searchd --stop --config <%= deploy_to %>/current/config/ultrasphinx/production.conf"
+
+	if 3 restarts within 5 cycles then timeout

data/lib/deprec/templates/ssh/ssh_config.erb

@@ -0,0 +1,50 @@
+
+# This is the ssh client system-wide configuration file.  See
+# ssh_config(5) for more information.  This file provides defaults for
+# users, and the values can be changed in per-user configuration files
+# or on the command line.
+
+# Configuration data is parsed as follows:
+#  1. command line options
+#  2. user-specific file
+#  3. system-wide file
+# Any configuration value is only changed the first time it is set.
+# Thus, host-specific definitions should be at the beginning of the
+# configuration file, and defaults at the end.
+
+# Site-wide defaults for some commonly used options.  For a comprehensive
+# list of available options, their meanings and defaults, please see the
+# ssh_config(5) man page.
+
+Host *
+    ForwardAgent yes
+#   ForwardX11 no
+#   ForwardX11Trusted yes
+#   RhostsRSAAuthentication no
+#   RSAAuthentication yes
+#   PasswordAuthentication yes
+#   HostbasedAuthentication no
+#   GSSAPIAuthentication no
+#   GSSAPIDelegateCredentials no
+#   GSSAPIKeyExchange no
+#   GSSAPITrustDNS no
+#   BatchMode no
+#   CheckHostIP yes
+#   AddressFamily any
+#   ConnectTimeout 0
+#   StrictHostKeyChecking ask
+#   IdentityFile ~/.ssh/identity
+#   IdentityFile ~/.ssh/id_rsa
+#   IdentityFile ~/.ssh/id_dsa
+#   Port 22
+#   Protocol 2,1
+#   Cipher 3des
+#   Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
+#   EscapeChar ~
+#   Tunnel no
+#   TunnelDevice any:any
+#   PermitLocalCommand no
+    SendEnv LANG LC_*
+    HashKnownHosts yes
+    GSSAPIAuthentication yes
+    GSSAPIDelegateCredentials no

data/lib/deprec/templates/ssh/sshd_config.erb

@@ -0,0 +1,78 @@
+# Package generated configuration file
+# See the sshd(8) manpage for details
+
+# What ports, IPs and protocols we listen for
+Port 22
+# Use these options to restrict which interfaces/protocols sshd will bind to
+#ListenAddress ::
+#ListenAddress 0.0.0.0
+Protocol 2
+# HostKeys for protocol version 2
+HostKey /etc/ssh/ssh_host_rsa_key
+HostKey /etc/ssh/ssh_host_dsa_key
+#Privilege Separation is turned on for security
+UsePrivilegeSeparation yes
+
+# Lifetime and size of ephemeral version 1 server key
+KeyRegenerationInterval 3600
+ServerKeyBits 768
+
+# Logging
+SyslogFacility AUTH
+LogLevel INFO
+
+# Authentication:
+LoginGraceTime 120
+PermitRootLogin no
+StrictModes yes
+
+RSAAuthentication yes
+PubkeyAuthentication yes
+#AuthorizedKeysFile	%h/.ssh/authorized_keys
+
+# Don't read the user's ~/.rhosts and ~/.shosts files
+IgnoreRhosts yes
+# For this to work you will also need host keys in /etc/ssh_known_hosts
+RhostsRSAAuthentication no
+# similar for protocol version 2
+HostbasedAuthentication no
+# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
+#IgnoreUserKnownHosts yes
+
+# To enable empty passwords, change to yes (NOT RECOMMENDED)
+PermitEmptyPasswords no
+
+# Change to yes to enable challenge-response passwords (beware issues with
+# some PAM modules and threads)
+ChallengeResponseAuthentication no
+
+# Change to no to disable tunnelled clear text passwords
+PasswordAuthentication no
+
+# Kerberos options
+#KerberosAuthentication no
+#KerberosGetAFSToken no
+#KerberosOrLocalPasswd yes
+#KerberosTicketCleanup yes
+
+# GSSAPI options
+#GSSAPIAuthentication no
+#GSSAPICleanupCredentials yes
+
+X11Forwarding yes
+X11DisplayOffset 10
+PrintMotd no
+PrintLastLog yes
+TCPKeepAlive yes
+#UseLogin no
+
+#MaxStartups 10:30:60
+#Banner /etc/issue.net
+
+# Allow client to pass locale environment variables
+AcceptEnv LANG LC_*
+
+Subsystem sftp /usr/lib/openssh/sftp-server
+
+UsePAM no
+UseDNS no

data/lib/deprec/templates/ssl/make-ssl-cert

@@ -0,0 +1,138 @@
+#!/bin/bash -e
+# This is a mockup of a script to produce a snakeoil cert
+# The aim is to have a debconfisable ssl-certificate script
+
+. /usr/share/debconf/confmodule
+db_version 2.0
+db_capb backup
+
+ask_via_debconf() {
+    db_settitle make-ssl-cert/title
+
+    templates="countryname statename localityname organisationname ouname hostname email"
+
+    for i in $templates; do
+	RET=""
+	while [ "x$RET" = "x" ]; do
+	    db_fset make-ssl-cert/$i seen false
+	    db_input high make-ssl-cert/$i || true
+	    db_go
+	    db_get make-ssl-cert/$i
+	done
+     done
+
+     db_get make-ssl-cert/countryname
+     CountryName="$RET"
+     db_fset make-ssl-cert/countryname seen false
+
+     db_get make-ssl-cert/statename
+     StateName="$RET"
+     db_fset make-ssl-cert/statename seen false
+
+     db_get make-ssl-cert/localityname
+     LocalityName="$RET"
+     db_fset make-ssl-cert/localityname seen false
+
+     db_get make-ssl-cert/organisationname
+     OrganisationName="$RET"
+     db_fset make-ssl-cert/organisationname seen false
+
+     db_get make-ssl-cert/ouname
+     OUName="$RET"
+     db_fset make-ssl-cert/ouname seen false
+
+     db_get make-ssl-cert/hostname
+     HostName="$RET"
+     db_fset make-ssl-cert/hostname seen false
+
+     db_get make-ssl-cert/email
+     Email="$RET"
+     db_fset make-ssl-cert/email seen false
+}
+
+make_snakeoil() {
+     CountryName="XX"
+     StateName="There is no such thing outside US"
+     LocalityName="Everywhere"
+     OrganisationName="OCOSA"
+     OUName="Office for Complication of Otherwise Simple Affairs"
+     HostName="$(hostname -f || hostname)"
+     Email="root@$HostName"
+}
+
+create_temporary_cnf() {
+    sed -e s#@CountryName@#"$CountryName"# \
+	-e s#@StateName@#"$StateName"# \
+	-e s#@LocalityName@#"$LocalityName"# \
+	-e s#@OrganisationName@#"$OrganisationName"# \
+	-e s#@OUName@#"$OUName"# \
+	-e s#@HostName@#"$HostName"# \
+	-e s#@Email@#"$Email"# \
+	$template > $TMPFILE
+}
+
+# Takes two arguments, the base layout and the output cert.
+
+if [ $# -lt 2 ] && [ "$1" != "generate-default-snakeoil" ]; then
+    printf "Usage: $0 template output [--force-overwrite]\n";
+    printf "Usage: $0 generate-default-snakeoil [--force-overwrite]\n";
+    exit 1;
+fi
+
+if [ "$1" != "generate-default-snakeoil" ]; then
+    template="$1"
+    output="$2"
+    # be anal in manual mode.
+    if [ ! -f $template ]; then
+	printf "Could not open template file: $template!\n";
+	exit 1;
+    fi
+    if [ -f $output ] && [ "$3" != "--force-overwrite" ]; then
+        printf "$output file already exists!\n";
+        exit 1;
+    fi
+    ask_via_debconf
+else
+    template="/usr/share/ssl-cert/ssleay.cnf"
+    if [ -f "/etc/ssl/certs/ssl-cert-snakeoil.pem" ] && [ -f "/etc/ssl/private/ssl-cert-snakeoil.key" ]; then
+        if [ "$2" != "--force-overwrite" ]; then
+             exit 0
+        fi
+    fi
+    make_snakeoil
+fi
+
+# # should be a less common char
+# problem is that openssl virtually accepts everything and we need to
+# sacrifice one char.
+
+TMPFILE="$(mktemp)" || exit 1
+
+create_temporary_cnf
+
+# create the certiface.
+
+export RANDFILE=/dev/random
+
+if [ "$1" != "generate-default-snakeoil" ]; then
+	# openssl req -config $TMPFILE -new -x509 -nodes -out $output -keyout $output > /dev/null 2>&1
+    openssl req -config $TMPFILE -new -x509 -days 365 -nodes -out $output -keyout $output > /dev/null 2>&1
+    chmod 600 $output
+    # hash symlink
+    cd $(dirname $output)
+    ln -sf $(basename $output) $(openssl x509 -hash -noout -in $output)
+else
+    # openssl req -config $TMPFILE -new -x509 -nodes \
+    openssl req -config $TMPFILE -new -x509 -days 365 nodes \
+	-out /etc/ssl/certs/ssl-cert-snakeoil.pem \
+        -keyout /etc/ssl/private/ssl-cert-snakeoil.key > /dev/null 2>&1
+    chmod 644 /etc/ssl/certs/ssl-cert-snakeoil.pem
+    chmod 640 /etc/ssl/private/ssl-cert-snakeoil.key
+    chown root:ssl-cert /etc/ssl/private/ssl-cert-snakeoil.key
+    # hash symlink
+    cd /etc/ssl/certs/
+    ln -sf ssl-cert-snakeoil.pem $(openssl x509 -hash -noout -in ssl-cert-snakeoil.pem)
+fi
+
+# cleanup
+rm -f $TMPFILE

data/lib/deprec/templates/ssl/ssl-cert-snakeoil.key

@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXwIBAAKBgQDAq435f/QmKkc/Z3UDPxcdZM0XNNFE97DGSFJIjuKdJaLp+HDr
+JroV1TS8YUpZpJ7FhuasEg9G+HcwZcncChWgiwXnwMxG/6zs4U+7SzaehpB0lfCp
+8jYHNwhaUDr5H4YSfznltGQRlELlSHNLyDgQzRwMjWluTpxJ2MXMcKXCvQIDAQAB
+AoGBAI7kbQZW1F8dyfuHIixHNUByivykCnSI8s0LxCLV/dGooRu/SxfLgAVDO7pe
+uYKkabB7bUa+mh/7lIILa9tKi2Bbqnr+DZyCmKqQn3YBsc6yS19zMDhkt+UfhQc9
+3/ssdASGCQg3cW7Y3x103S+j3zB6dmO44vDOevDymVg8z//tAkEA9kmlwavZ5sKq
+fLYCz7edp7hCcOL1QO/iwKMlnyGLOhg5sgwHu8o/+5OHlWLGAln0Z6Q6XEdWw9pD
+LDxPntmAawJBAMhEnvHjPLAN8oSnrLsklBC6N77t3TNt5e+1SSeGhfgZcw3m2ftE
+jPNgdcu9+JTgGD9yV6u1FWQReG/saYlRc3cCQQCUP8an6qLydbEb+o98q0EaCR7t
+RqBsYzlxzYLC4/Ujlht8oiMxlc+nxqkxcdBQ8AbfMAr1Kvf+Um5mvTMMIk5bAkEA
+uOHQspILtqRJnXmGFwZ/wqmHSTYinZX5TkBYFqs0BoTIGK9j0XnJfe0xEjSAxj/T
+Ys9WbGgyJT2TqA/ipiiRpQJBAMYFGlBV6/zNaX0u1vm2E8/96jl7FAxA06F2OiBn
+lWtdmT+adpNo04XyX61N5+ie0A2SOgKpZWomm0wA1SGi7TQ=
+-----END RSA PRIVATE KEY-----

data/lib/deprec/templates/ssl/ssl-cert-snakeoil.pem

@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDCzCCAnQCCQDHermh7psBnzANBgkqhkiG9w0BAQUFADCByTELMAkGA1UEBhMC
+WFgxKjAoBgNVBAgTIVRoZXJlIGlzIG5vIHN1Y2ggdGhpbmcgb3V0c2lkZSBVUzET
+MBEGA1UEBxMKRXZlcnl3aGVyZTEOMAwGA1UEChMFT0NPU0ExPDA6BgNVBAsTM09m
+ZmljZSBmb3IgQ29tcGxpY2F0aW9uIG9mIE90aGVyd2lzZSBTaW1wbGUgQWZmYWly
+czEPMA0GA1UEAxMGY2FsdmluMRowGAYJKoZIhvcNAQkBFgtyb290QGNhbHZpbjAe
+Fw0wOTAyMDMwNTExNDdaFw0wOTAzMDUwNTExNDdaMIHJMQswCQYDVQQGEwJYWDEq
+MCgGA1UECBMhVGhlcmUgaXMgbm8gc3VjaCB0aGluZyBvdXRzaWRlIFVTMRMwEQYD
+VQQHEwpFdmVyeXdoZXJlMQ4wDAYDVQQKEwVPQ09TQTE8MDoGA1UECxMzT2ZmaWNl
+IGZvciBDb21wbGljYXRpb24gb2YgT3RoZXJ3aXNlIFNpbXBsZSBBZmZhaXJzMQ8w
+DQYDVQQDEwZjYWx2aW4xGjAYBgkqhkiG9w0BCQEWC3Jvb3RAY2FsdmluMIGfMA0G
+CSqGSIb3DQEBAQUAA4GNADCBiQKBgQDAq435f/QmKkc/Z3UDPxcdZM0XNNFE97DG
+SFJIjuKdJaLp+HDrJroV1TS8YUpZpJ7FhuasEg9G+HcwZcncChWgiwXnwMxG/6zs
+4U+7SzaehpB0lfCp8jYHNwhaUDr5H4YSfznltGQRlELlSHNLyDgQzRwMjWluTpxJ
+2MXMcKXCvQIDAQABMA0GCSqGSIb3DQEBBQUAA4GBADZ2Uu123BHOGow9C5lnxP3K
+nkVpfqOTvVztyOtTVE+GZrCiFj4RyuJpL9JmpXTo+Dl8CrTguxbhnSPFQCYdmIbj
+zYGygWx4a0qfKdVe4GMREWzsBVCwH0mPEV6i0nxy4KMffNcTKwhSoh3LZ0rWhoYr
+gb3pgta67aRdAaIS556W
+-----END CERTIFICATE-----

data/lib/deprec/templates/starling/monit.conf.erb

@@ -0,0 +1,14 @@
+check process starling-<%= starling_port %> with pidfile <%= starling_run_dir %>/starling.pid
+group starling
+start program = "start-stop-daemon -c <%= starling_user %>:<%= starling_group %> --start --quiet --pidfile <%= starling_run_dir %>/starling.pid --exec /usr/local/bin/starling -- <%= starling_runtime_options %>"
+stop program = "start-stop-daemon -c <%= starling_user %>:<%= starling_group %> --stop --quiet --pidfile <%= starling_run_dir %>/starling.pid --exec /usr/local/bin/starling -- <%= starling_runtime_options %>"
+	
+if failed host 127.0.0.1 port <%= starling_port %>
+  	with timeout 10 seconds
+  	then alert
+
+if totalmem > 100 Mb then restart
+if cpu > 60% for 2 cycles then alert
+if cpu > 80% for 5 cycles then restart
+if loadavg(5min) > 10 for 8 cycles then restart
+if 3 restarts within 5 cycles then timeout

data/lib/deprec/templates/starling/starling-init-script.erb

@@ -0,0 +1,71 @@
+#! /bin/sh
+### BEGIN INIT INFO
+# Provides: starling
+# Required-Start: $local_fs $remote_fs
+# Required-Stop: $local_fs $remote_fs
+# Default-Start: 2 3 4 5
+# Default-Stop: S 0 1 6
+# Short-Description: Starling queue server
+# Description: The Starling distributed, transactional queue server
+### END INIT INFO
+# Author: Twitter
+# Version: 0.9.7.7
+
+set -e
+
+DUSER=<%= starling_user %>
+DGROUP=<%= starling_group %>
+LOGFILE=<%= starling_log_dir %>/starling.log
+SPOOLDIR=<%= starling_spool_dir %>
+PORT=<%= starling_port %>
+LISTEN=0.0.0.0
+PIDFILE=<%= starling_run_dir %>/starling.pid
+
+PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
+NAME=starling
+DESC="Starling"
+INSTALL_DIR=/usr/local/bin
+DAEMON=$INSTALL_DIR/$NAME
+SCRIPTNAME=/etc/init.d/$NAME
+OPTS="-h $LISTEN -p $PORT -d -q $SPOOLDIR -P $PIDFILE -L $LOGFILE"
+
+. /lib/lsb/init-functions
+
+
+# Gracefully exit if the package has been removed.
+test -x $DAEMON || exit 0
+
+d_start() {
+	log_begin_msg "Starting Starling Server..."
+		start-stop-daemon -c $DUSER:$DGROUP --start --quiet --pidfile $PIDFILE --exec $DAEMON \
+		-- $OPTS || log_end_msg 1
+		log_end_msg 0
+}
+
+d_stop() {
+	log_begin_msg "Stopping Starling Server..."
+		start-stop-daemon -c $DUSER:$DGROUP --stop --quiet --pidfile $PIDFILE \
+		|| log_end_msg 1
+		log_end_msg 0
+}
+
+case "$1" in
+start)
+d_start
+;;
+stop)
+d_stop
+;;
+restart|force-reload|reload)
+d_stop
+sleep 2
+d_start
+;;
+*)
+echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2
+exit 3
+;;
+esac
+
+exit 0
+

data/lib/deprec/templates/subversion/svn.apache.vhost.erb

@@ -0,0 +1,43 @@
+<VirtualHost *:80>
+  ServerName <%= @username %>.svn.engineyard.com
+  ServerAdmin admin@engineyard.com
+
+  <Location />
+    DAV svn
+
+    Satisfy Any
+    Require valid-user
+
+    AuthType Basic
+    AuthName "Engine Yard SVN Cluster: <%= @username %>"
+    AuthUserFile       /data/svn/<%= @username %>/users
+
+    AuthzSVNAccessFile /data/svn/<%= @username %>/access
+
+    SVNPath            /data/svn/<%= @username %>/repo
+  </Location>
+</VirtualHost>
+
+<VirtualHost *:443>
+  ServerName <%= @username %>.svn.engineyard.com
+  ServerAdmin admin@engineyard.com
+
+  <Location />
+    DAV svn
+
+    Satisfy Any
+    Require valid-user
+
+    AuthType Basic
+    AuthName "Engine Yard SVN Cluster: <%= @username %>"
+    AuthUserFile       /data/svn/<%= @username %>/users
+
+    AuthzSVNAccessFile /data/svn/<%= @username %>/access
+
+    SVNPath            /data/svn/<%= @username %>/repo
+  </Location>
+
+  SSLEngine on
+  SSLProtocol all
+  SSLCipherSuite HIGH:MEDIUM
+</VirtualHost>