ubuntu-machine-rachid 0.5.3.2.23

data/lib/capistrano/ext/ubuntu-machine/ntp.rb

@@ -0,0 +1,37 @@
+require 'yaml'
+namespace :ntp do
+  set :ntp_default_ntpd_opts, "NTPD_OPTS='-g'"
+  set :ntp_pool_servers, (0..2).map {|num| "#{num}.pool.ntp.org"}
+
+  desc "Install NTP"
+  task :install do
+    sudo "aptitude install -y ntp"
+    configure
+  end
+
+  desc "Configure NTP"
+  task :configure do
+    put render("ntpdate", binding), "ntpdate.tmp"
+    sudo "mv ntpdate.tmp /etc/default/ntpdate"
+    put render("ntp.conf", binding), "ntp.conf.tmp"
+    sudo "mv ntp.conf.tmp /etc/ntp.conf"
+    run "echo '#{ntp_default_ntpd_opts}' > ntp.tmp"
+    sudo "mv ntp.tmp /etc/default/ntp"
+    restart
+  end
+
+  desc "Start the NTP server"
+  task :start do
+    sudo "/etc/init.d/ntp start"
+  end
+
+  desc "Restart the NTP server"
+  task :restart do
+    sudo "/etc/init.d/ntp restart"
+  end
+
+  desc "Stop the NTP server"
+  task :stop do
+    sudo "/etc/init.d/ntp stop"
+  end
+end

data/lib/capistrano/ext/ubuntu-machine/odbc.rb

@@ -0,0 +1,44 @@
+namespace :odbc do
+  _cset(:odbc_sourcename)  { abort "Please specify the odbc sourcename:\n  set :odbc_sourcename, 'MyFirstSQLServer'" }
+  _cset(:odbc_database)    { abort "Please specify the odbc database:\n  set :odbc_database, 'MyDB'" }
+  _cset(:odbc_host)        { abort "Please specify the odbc host:\n  set :odbc_host, '127.0.0.1'" }
+  _cset :odbc_port,       '1433'
+
+  desc "Install ODBC/FreeTDS"
+  task :install, :roles => :app do
+    profile_lines = ["export ODBCINI=/etc/odbc.ini",
+      "export ODBCSYSINI=/etc",
+      "export FREETDSCONF=/etc/freetds/freetds.conf"]
+    sudo_add_to_file('/etc/profile',profile_lines)
+
+    freetds = "freetds-0.82"
+    sudo "sudo apt-get install unixodbc unixodbc-dev tdsodbc -y"
+    run "wget -nv ftp://ftp.ibiblio.org/pub/Linux/ALPHA/freetds/stable/#{freetds}.tar.gz"
+    run "tar xvzf #{freetds}.tar.gz && cd #{freetds} && ./configure && make"
+    sudo_keepalive
+    run "cd #{freetds} && sudo make install"
+    run "rm #{freetds}.tar.gz && rm -Rf #{freetds}"
+  end
+
+  desc "Install the ruby ODBC library"
+  task :install_rubyodbc, :roles => :app do
+    rubyodbc = "ruby-odbc-0.9996"
+    run "wget -nv http://www.ch-werner.de/rubyodbc/#{rubyodbc}.tar.gz"
+    run "tar xvzf #{rubyodbc}.tar.gz && cd #{rubyodbc} && ruby extconf.rb && make"
+    sudo_keepalive
+    run "cd #{rubyodbc} && sudo make install"
+    run "rm #{rubyodbc}.tar.gz && rm -Rf #{rubyodbc}"
+  end
+
+  desc "Install FreeTDS/ODBC configuration files"
+  task :config_files, :roles => :app do
+    put render("odbc.ini", binding), "odbc.ini"
+    sudo "mv odbc.ini /etc/odbc.ini"
+    put render("odbcinst.ini", binding), "odbcinst.ini"
+    sudo "mv odbcinst.ini /etc/odbcinst.ini"
+    put render("freetds.conf", binding), "more_freetds.conf"
+    run "cat /etc/freetds/freetds.conf more_freetds.conf > freetds.conf"
+    sudo "mv freetds.conf /etc/freetds/freetds.conf"
+    run "rm more_freetds.conf"
+  end
+end

data/lib/capistrano/ext/ubuntu-machine/php.rb

@@ -0,0 +1,8 @@
+namespace :php do
+  desc "Install PHP 5"
+  task :install, :roles => :app do    
+    sudo "apt-get install libapache2-mod-php5 php5 php5-common php5-curl php5-dev php5-gd php5-imagick php5-mcrypt php5-memcache php5-mhash php5-mysql php5-pspell php5-snmp php5-sqlite php5-xmlrpc php5-xsl -y"
+    sudo "/etc/init.d/apache2 reload"
+  end
+
+end

data/lib/capistrano/ext/ubuntu-machine/postfix.rb

@@ -0,0 +1,7 @@
+namespace :postfix do
+  desc "Install postfix"
+  task :install, :roles => :app do
+    sudo "sudo apt-get install postfix -y"
+  end
+
+end

data/lib/capistrano/ext/ubuntu-machine/rails3.rb

@@ -0,0 +1,7 @@
+namespace :rails3 do
+  desc "Install Rails3"
+  task :install, :roles => :app do
+     sudo "/opt/ruby-enterprise/bin/gem install rails --pre --no-ri --no-rdoc"
+     sudo "apt-get install libxml2-dev libxslt1-dev"
+    end
+end

data/lib/capistrano/ext/ubuntu-machine/ruby.rb

@@ -0,0 +1,82 @@
+require 'net/http'
+
+namespace :ruby do
+  desc "Install Ruby 1.8"
+  task :install, :roles => :app do
+    sudo "apt-get install -y ruby1.8-dev ruby1.8 ri1.8 rdoc1.8 irb1.8 libreadline-ruby1.8 libruby1.8 libopenssl-ruby sqlite3 libsqlite3-ruby1.8"
+    sudo "apt-get install -y libmysql-ruby1.8"
+
+    sudo "ln -s /usr/bin/ruby1.8 /usr/bin/ruby"
+    sudo "ln -s /usr/bin/ri1.8 /usr/bin/ri"
+    sudo "ln -s /usr/bin/rdoc1.8 /usr/bin/rdoc"
+    sudo "ln -s /usr/bin/irb1.8 /usr/bin/irb"
+  end
+  
+
+  set :ruby_enterprise_url do
+    Net::HTTP.get('www.rubyenterpriseedition.com', '/download.html').scan(/http:.*\.tar\.gz/).first
+  end
+
+  set :ruby_enterprise_version do
+    "#{ruby_enterprise_url[/(ruby-enterprise.*)(.tar.gz)/, 1]}"
+  end
+  
+  set :passenger_version do
+    `gem list passenger$ -r`.gsub(/[\n|\s|passenger|(|)]/,"")
+  end
+  
+
+  desc "Install Ruby Enterpise Edition"
+  task :install_enterprise, :roles => :app do
+    sudo "apt-get install libssl-dev -y"
+    sudo "apt-get install libreadline5-dev -y"
+    
+    run "test ! -d /opt/#{ruby_enterprise_version}"
+    run "wget #{ruby_enterprise_url}"
+    run "tar xzvf #{ruby_enterprise_version}.tar.gz"
+    run "rm #{ruby_enterprise_version}.tar.gz"
+    sudo "./#{ruby_enterprise_version}/installer --auto /opt/#{ruby_enterprise_version}"
+    sudo "rm -rf #{ruby_enterprise_version}/"
+    
+    # create a "permanent" link to the current REE install
+    sudo "ln -s /opt/#{ruby_enterprise_version} /opt/ruby-enterprise" 
+    
+    # add REE bin to the path
+    run "cat /etc/environment > ~/environment.tmp"
+    run 'echo PATH="/opt/ruby-enterprise/bin:$PATH" >> ~/environment.tmp'
+    sudo 'mv ~/environment.tmp /etc/environment'
+  end
+  
+  desc "Install Phusion Passenger"
+  task :install_passenger, :roles => :app do
+    # rake 0.8.5 needs latest version of rdoc
+    sudo "gem install rdoc"
+    
+    # because  passenger-install-apache2-module do not find the rake installed by REE
+    sudo "gem install rake"
+
+    sudo "apt-get install apache2-mpm-prefork -y"
+    sudo "apt-get install libapr1-dev -y"
+    sudo "apt-get install apache2-prefork-dev -y"
+
+    # call the upgrade_passenger task
+    upgrade_passenger
+  end 
+  
+  desc "Upgrade Phusion Passenger"
+  task :upgrade_passenger, :roles => :app do
+    sudo "/opt/#{ruby_enterprise_version}/bin/ruby /opt/#{ruby_enterprise_version}/bin/gem install passenger"
+    run "sudo /opt/#{ruby_enterprise_version}/bin/ruby /opt/#{ruby_enterprise_version}/bin/passenger-install-apache2-module --auto"
+
+    put render("passenger.load", binding), "/home/#{user}/passenger.load"
+    put render("passenger.conf", binding), "/home/#{user}/passenger.conf"
+   
+    sudo "mv /home/#{user}/passenger.load /etc/apache2/mods-available/"
+    sudo "mv /home/#{user}/passenger.conf /etc/apache2/mods-available/"
+    
+    sudo "a2enmod passenger"
+    apache.force_reload
+  end
+  
+       
+end

data/lib/capistrano/ext/ubuntu-machine/ssh.rb

@@ -0,0 +1,64 @@
+namespace :ssh do
+  
+  desc <<-DESC
+    Setup SSH on the gateway host. Runs `upload_keys`, `install_ovh_ssh_key` AND \
+    `configure_sshd` then reloads the SSH service to finalize the changes.
+  DESC
+  task :setup, :roles => :gateway do
+    upload_keys
+    configure_sshd
+    install_ovh_ssh_key if ["ovh-rps", "ovh-dedie"].include?(hosting_provider)
+    reload
+  end
+  
+  
+  desc <<-DESC
+    Uploads your local public SSH keys to the server. A .ssh folder is created if \
+    one does not already exist. The SSH keys default to the ones set in \
+    Capistrano's ssh_options. You can change this by setting ssh_options[:keys] = \
+    ["/home/user/.ssh/id_dsa"].
+
+    See "SSH copy" and "SSH Permissions" sections on \
+    http://articles.slicehost.com/2008/4/25/ubuntu-hardy-setup-page-1
+  DESC
+  task :upload_keys, :roles => :gateway do
+    run "mkdir -p ~/.ssh"
+    run "chown -R #{user}:#{user} ~/.ssh"
+    run "chmod 700 ~/.ssh"
+
+    authorized_keys = ssh_options[:keys].collect { |key| File.read("#{key}.pub") }.join("\n")
+    put authorized_keys, "./.ssh/authorized_keys2", :mode => 0600
+  end
+  
+  desc <<-DESC
+    Configure SSH daemon with more secure settings recommended by Slicehost. The \
+    will be configured to run on the port configured in Capistrano's "ssh_options". \
+    This defaults to the standard SSH port 22. You can change this by setting \
+    ssh_options[:port] = 3000. Note that this change will not take affect until \
+    reload the SSH service with `cap ssh:reload`.
+
+    See "SSH config" section on \
+    http://articles.slicehost.com/2008/4/25/ubuntu-hardy-setup-page-1
+  DESC
+  task :configure_sshd, :roles => :gateway do
+    put render("sshd_config", binding), "sshd_config"
+    sudo "mv sshd_config /etc/ssh/sshd_config"
+  end
+  
+  desc <<-DESC
+    Install OVH SSH Keys
+  DESC
+  task :install_ovh_ssh_key, :roles => :gateway do
+    sudo "wget ftp://ftp.ovh.net/made-in-ovh/cle-ssh-public/installer_la_cle.sh -O installer_la_cle.sh"
+    sudo "sh installer_la_cle.sh"
+  end
+  
+  desc <<-DESC
+    Reload SSH service.
+  DESC
+  task :reload, :roles => :gateway do
+    sudo "/etc/init.d/ssh reload"
+  end
+  
+  
+end

data/lib/capistrano/ext/ubuntu-machine/templates/apache2.erb

@@ -0,0 +1,7 @@
+NameVirtualHost *:80
+
+<IfModule mod_ssl.c>
+    NameVirtualHost *:443
+</IfModule>
+
+ServerName <%= server_name %>

data/lib/capistrano/ext/ubuntu-machine/templates/deflate.conf.erb

@@ -0,0 +1,3 @@
+<IfModule mod_deflate.c>
+	AddOutputFilterByType DEFLATE text/html text/plain text/xml application/xml
+</IfModule>

data/lib/capistrano/ext/ubuntu-machine/templates/freetds.conf.erb

@@ -0,0 +1,8 @@
+[global]
+  tds version = 4.2
+  text size = 64512
+
+[<%= odbc_sourcename %>]
+#	host = <%= odbc_host %>
+#	port = <%= odbc_port %>
+	tds version = <%= odbc_tds_version rescue '8.0' %>

data/lib/capistrano/ext/ubuntu-machine/templates/iptables.erb

@@ -0,0 +1,46 @@
+*filter
+
+
+#  Allows all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0
+-A INPUT -i lo -j ACCEPT
+-A INPUT -i ! lo -d 127.0.0.0/8 -j REJECT
+
+
+#  Accepts all established inbound connections
+-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
+
+
+#  Allows all outbound traffic
+#  You can modify this to only allow certain traffic
+-A OUTPUT -j ACCEPT
+
+
+# Allows HTTP and HTTPS connections from anywhere (the normal ports for websites)
+-A INPUT -p tcp --dport 80 -j ACCEPT
+-A INPUT -p tcp --dport 443 -j ACCEPT
+
+
+#  Allows SSH connections
+#
+# THE -dport NUMBER IS THE SAME ONE YOU SET UP IN THE SSHD_CONFIG FILE
+#
+-A INPUT -p tcp -m state --state NEW --dport <%= ssh_options[:port] %> -j ACCEPT
+
+<% if hosting_provider=="ovh-rps" %>
+# allow packets from SAN, only for ovh-rps
+-A OUTPUT -p tcp --dport 3260 -j ACCEPT
+<% end %>
+
+# Allow ping
+-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
+
+
+# log iptables denied calls
+-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
+
+
+# Reject all other inbound - default deny unless explicitly allowed policy
+-A INPUT -j REJECT
+-A FORWARD -j REJECT
+
+COMMIT

data/lib/capistrano/ext/ubuntu-machine/templates/my.cnf.erb

@@ -0,0 +1,3 @@
+[mysqladmin] 
+  user            = root
+  password        = will-be-changed-so-dont-mind-it

data/lib/capistrano/ext/ubuntu-machine/templates/new_db.erb

@@ -0,0 +1,5 @@
+CREATE DATABASE  `<%= db_name %>` DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
+CREATE USER '<%= db_username %>'@'localhost' IDENTIFIED BY  '<%= db_user_password %>';
+GRANT USAGE ON * . * TO  '<%= db_username %>'@'localhost' IDENTIFIED BY  '<%= db_user_password %>' WITH MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;
+GRANT ALL PRIVILEGES ON  `<%= db_name %>` . * TO  '<%= db_username %>'@'localhost' WITH GRANT OPTION ;
+FLUSH PRIVILEGES ;

data/lib/capistrano/ext/ubuntu-machine/templates/ntp.conf.erb

@@ -0,0 +1,16 @@
+# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help
+
+driftfile /var/lib/ntp/ntp.drift
+filegen clockstats file clockstats type day enable
+filegen loopstats file loopstats type day enable
+filegen peerstats file peerstats type day enable
+restrict -4 default kod notrap nomodify nopeer noquery
+restrict -6 default kod notrap nomodify nopeer noquery
+restrict 10.13.0.0 mask 255.255.255.0 nomodify notrap
+restrict 10.14.0.0 mask 255.255.255.0 nomodify notrap
+restrict 127.0.0.1
+restrict ::1
+<% ntp_pool_servers.each_with_index do |ntp_server,index|%>
+<%= "server #{ntp_server} #{index == 0 ? 'iburst' : ''}" %>
+<% end %>
+statistics loopstats peerstats clockstats

data/lib/capistrano/ext/ubuntu-machine/templates/ntpdate.erb

@@ -0,0 +1,13 @@
+# The settings in this file are used by the program ntpdate-debian, but not
+# by the upstream program ntpdate.
+
+# Set to "yes" to take the server list from /etc/ntp.conf, from package ntp,
+# so you only have to keep it in one place.
+NTPDATE_USE_NTP_CONF=yes
+
+# List of NTP servers to use  (Separate multiple servers with spaces.)
+# Not used if NTPDATE_USE_NTP_CONF is yes.
+NTPSERVERS="ntp.ubuntu.com"
+
+# Additional options to pass to ntpdate
+NTPOPTIONS=""

data/lib/capistrano/ext/ubuntu-machine/templates/odbc.ini.erb

@@ -0,0 +1,8 @@
+[<%= odbc_sourcename %>]
+Driver      = FreeTDS
+Description = ODBC Connection via FreeTDS
+Trace       = No
+Server      = <%= odbc_host %>
+Port        = <%= odbc_port %>
+TDS Version = <%= odbc_tds_version rescue '8.0' %>
+Database    = <%= odbc_database %>

data/lib/capistrano/ext/ubuntu-machine/templates/odbcinst.ini.erb

@@ -0,0 +1,7 @@
+[FreeTDS]
+Description = TDS driver (Sybase/MS SQL)
+Driver      = /usr/lib/odbc/libtdsodbc.so
+Setup       = /usr/lib/odbc/libtdsS.so
+CPTimeout   =
+CPReuse     =
+FileUsage   = 1

data/lib/capistrano/ext/ubuntu-machine/templates/passenger.conf.erb

@@ -0,0 +1,2 @@
+PassengerRoot /opt/<%= ruby_enterprise_version %>/lib/ruby/gems/1.8/gems/passenger-<%= passenger_version %>
+PassengerRuby /opt/<%= ruby_enterprise_version %>/bin/ruby

data/lib/capistrano/ext/ubuntu-machine/templates/passenger.load.erb

@@ -0,0 +1 @@
+LoadModule passenger_module /opt/<%= ruby_enterprise_version %>/lib/ruby/gems/1.8/gems/passenger-<%= passenger_version %>/ext/apache2/mod_passenger.so

data/lib/capistrano/ext/ubuntu-machine/templates/sources.jaunty.erb

@@ -0,0 +1,55 @@
+# See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
+# newer versions of the distribution. 
+# Copied here by ubuntu machine 
+
+deb http://archive.ubuntu.com/ubuntu/ jaunty main restricted
+deb-src http://archive.ubuntu.com/ubuntu/ jaunty main restricted
+
+## Major bug fix updates produced after the final release of the
+## distribution. 
+deb http://archive.ubuntu.com/ubuntu/ jaunty-updates main restricted
+deb-src http://archive.ubuntu.com/ubuntu/ jaunty-updates main restricted
+
+## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
+## team, and may not be under a free licence. Please satisfy yourself as to
+## your rights to use the software. Also, please note that software in 
+## universe WILL NOT receive any review or updates from the Ubuntu security
+## team. 
+deb http://archive.ubuntu.com/ubuntu/ jaunty universe 
+deb-src http://archive.ubuntu.com/ubuntu/ jaunty universe 
+deb http://archive.ubuntu.com/ubuntu/ jaunty-updates universe 
+deb-src http://archive.ubuntu.com/ubuntu/ jaunty-updates universe 
+
+## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu 
+## team, and may not be under a free licence. Please satisfy yourself as to 
+## your rights to use the software. Also, please note that software in 
+## multiverse WILL NOT receive any review or updates from the Ubuntu 
+## security team. 
+deb http://archive.ubuntu.com/ubuntu/ jaunty multiverse 
+deb-src http://archive.ubuntu.com/ubuntu/ jaunty multiverse 
+deb http://archive.ubuntu.com/ubuntu/ jaunty-updates multiverse 
+deb-src http://archive.ubuntu.com/ubuntu/ jaunty-updates multiverse 
+
+## Uncomment the following two lines to add software from the 'backports'
+## repository. 
+## N.B. software from this repository may not have been tested as 
+## extensively as that contained in the main release, although it includes
+## newer versions of some applications which may provide useful features. 
+## Also, please note that software in backports WILL NOT receive any review
+## or updates from the Ubuntu security team. 
+# deb http://cl.archive.ubuntu.com/ubuntu/ jaunty-backports main restricted universe multiverse
+# deb-src http://cl.archive.ubuntu.com/ubuntu/ jaunty-backports main restricted universe multiverse
+
+## Uncomment the following two lines to add software from Canonical's
+## 'partner' repository. This software is not part of Ubuntu, but is 
+## offered by Canonical and the respective vendors as a service to Ubuntu
+## users. 
+# deb http://archive.canonical.com/ubuntu jaunty partner 
+# deb-src http://archive.canonical.com/ubuntu jaunty partner 
+
+deb http://archive.ubuntu.com/ubuntu/ jaunty-security main restricted
+deb-src http://archive.ubuntu.com/ubuntu/ jaunty-security main restricted
+deb http://archive.ubuntu.com/ubuntu/ jaunty-security universe 
+deb-src http://archive.ubuntu.com/ubuntu/ jaunty-security universe 
+deb http://archive.ubuntu.com/ubuntu/ jaunty-security multiverse 
+deb-src http://archive.ubuntu.com/ubuntu/ jaunty-security multiverse

data/lib/capistrano/ext/ubuntu-machine/templates/sources.lucid.erb

@@ -0,0 +1,22 @@
+#############################################################
+################### OFFICIAL UBUNTU REPOS ###################
+#############################################################
+
+###### Ubuntu Main Repos
+deb http://nl.archive.ubuntu.com/ubuntu/ lucid main restricted universe multiverse 
+deb-src http://nl.archive.ubuntu.com/ubuntu/ lucid main restricted universe multiverse 
+
+###### Ubuntu Update Repos
+deb http://nl.archive.ubuntu.com/ubuntu/ lucid-security main restricted universe multiverse 
+deb http://nl.archive.ubuntu.com/ubuntu/ lucid-updates main restricted universe multiverse 
+deb http://nl.archive.ubuntu.com/ubuntu/ lucid-proposed main restricted universe multiverse 
+deb http://nl.archive.ubuntu.com/ubuntu/ lucid-backports main restricted universe multiverse 
+deb-src http://nl.archive.ubuntu.com/ubuntu/ lucid-security main restricted universe multiverse 
+deb-src http://nl.archive.ubuntu.com/ubuntu/ lucid-updates main restricted universe multiverse 
+deb-src http://nl.archive.ubuntu.com/ubuntu/ lucid-proposed main restricted universe multiverse 
+deb-src http://nl.archive.ubuntu.com/ubuntu/ lucid-backports main restricted universe multiverse 
+
+###### Ubuntu Partner Repo
+deb http://archive.canonical.com/ubuntu lucid partner
+deb-src http://archive.canonical.com/ubuntu lucid partner
+

data/lib/capistrano/ext/ubuntu-machine/templates/sshd_config.erb

@@ -0,0 +1,80 @@
+# Package generated configuration file
+# See the sshd(8) manpage for details
+
+# What ports, IPs and protocols we listen for
+Port <%= ssh_options[:port] %>
+# Use these options to restrict which interfaces/protocols sshd will bind to
+#ListenAddress ::
+#ListenAddress 0.0.0.0
+Protocol 2
+# HostKeys for protocol version 2
+HostKey /etc/ssh/ssh_host_rsa_key
+HostKey /etc/ssh/ssh_host_dsa_key
+#Privilege Separation is turned on for security
+UsePrivilegeSeparation yes
+
+# Lifetime and size of ephemeral version 1 server key
+KeyRegenerationInterval 3600
+ServerKeyBits 768
+
+# Logging
+SyslogFacility AUTH
+LogLevel INFO
+
+# Authentication:
+LoginGraceTime 120
+PermitRootLogin yes # allow it to enable OVH to connect to your server
+StrictModes yes
+
+RSAAuthentication yes
+PubkeyAuthentication yes
+AuthorizedKeysFile	.ssh/authorized_keys2
+UsePam yes
+
+# Don't read the user's ~/.rhosts and ~/.shosts files
+IgnoreRhosts yes
+# For this to work you will also need host keys in /etc/ssh_known_hosts
+RhostsRSAAuthentication no
+# similar for protocol version 2
+HostbasedAuthentication no
+# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
+#IgnoreUserKnownHosts yes
+
+# To enable empty passwords, change to yes (NOT RECOMMENDED)
+PermitEmptyPasswords no
+
+# Change to yes to enable challenge-response passwords (beware issues with
+# some PAM modules and threads)
+ChallengeResponseAuthentication no
+
+# Change to no to disable tunnelled clear text passwords
+PasswordAuthentication no
+
+# Kerberos options
+#KerberosAuthentication no
+#KerberosGetAFSToken no
+#KerberosOrLocalPasswd yes
+#KerberosTicketCleanup yes
+
+# GSSAPI options
+GSSAPIAuthentication no
+#GSSAPICleanupCredentials yes
+
+X11Forwarding no
+X11DisplayOffset 10
+PrintMotd no
+PrintLastLog yes
+KeepAlive yes
+#UseLogin no
+
+#MaxStartups 10:30:60
+#Banner /etc/issue.net
+
+# Allow client to pass locale environment variables
+AcceptEnv LANG LC_*
+
+Subsystem sftp /usr/lib/openssh/sftp-server
+
+UseDNS no
+
+AllowUsers <%= user %>

data/lib/capistrano/ext/ubuntu-machine/templates/vhost.erb

@@ -0,0 +1,17 @@
+<VirtualHost *:80>
+
+  # Admin email, Server Name (domain name) and any aliases
+  ServerAdmin <%= server_admin %>
+  ServerName  <%= server_name %>
+  ServerAlias <%= server_alias %>
+
+  # Index file and Document Root (where the public files are located)
+  DirectoryIndex <%= directory_index %>
+  DocumentRoot /home/<%= user %>/websites/<%= server_name %>/public
+
+  # Custom log file locations
+  LogLevel warn
+  ErrorLog  /home/<%= user %>/websites/<%= server_name %>/logs/error.log
+  CustomLog /home/<%= user %>/websites/<%= server_name %>/logs/access.log combined
+
+</VirtualHost>