ubuntu-machine-rachid 0.5.3.2.23
Sign up to get free protection for your applications and to get access to all the features.
- data/MIT-LICENSE +20 -0
- data/README +15 -0
- data/lib/capistrano/ext/ubuntu-machine/apache.rb +118 -0
- data/lib/capistrano/ext/ubuntu-machine/aptitude.rb +99 -0
- data/lib/capistrano/ext/ubuntu-machine/extras.rb +39 -0
- data/lib/capistrano/ext/ubuntu-machine/ffmpeg.rb +43 -0
- data/lib/capistrano/ext/ubuntu-machine/gems.rb +41 -0
- data/lib/capistrano/ext/ubuntu-machine/git.rb +15 -0
- data/lib/capistrano/ext/ubuntu-machine/helpers.rb +36 -0
- data/lib/capistrano/ext/ubuntu-machine/iptables.rb +20 -0
- data/lib/capistrano/ext/ubuntu-machine/lmsensors.rb +26 -0
- data/lib/capistrano/ext/ubuntu-machine/machine.rb +50 -0
- data/lib/capistrano/ext/ubuntu-machine/mysql.rb +64 -0
- data/lib/capistrano/ext/ubuntu-machine/network.rb +42 -0
- data/lib/capistrano/ext/ubuntu-machine/ntp.rb +37 -0
- data/lib/capistrano/ext/ubuntu-machine/odbc.rb +44 -0
- data/lib/capistrano/ext/ubuntu-machine/php.rb +8 -0
- data/lib/capistrano/ext/ubuntu-machine/postfix.rb +7 -0
- data/lib/capistrano/ext/ubuntu-machine/rails3.rb +7 -0
- data/lib/capistrano/ext/ubuntu-machine/ruby.rb +82 -0
- data/lib/capistrano/ext/ubuntu-machine/ssh.rb +64 -0
- data/lib/capistrano/ext/ubuntu-machine/templates/apache2.erb +7 -0
- data/lib/capistrano/ext/ubuntu-machine/templates/deflate.conf.erb +3 -0
- data/lib/capistrano/ext/ubuntu-machine/templates/freetds.conf.erb +8 -0
- data/lib/capistrano/ext/ubuntu-machine/templates/iptables.erb +46 -0
- data/lib/capistrano/ext/ubuntu-machine/templates/my.cnf.erb +3 -0
- data/lib/capistrano/ext/ubuntu-machine/templates/new_db.erb +5 -0
- data/lib/capistrano/ext/ubuntu-machine/templates/ntp.conf.erb +16 -0
- data/lib/capistrano/ext/ubuntu-machine/templates/ntpdate.erb +13 -0
- data/lib/capistrano/ext/ubuntu-machine/templates/odbc.ini.erb +8 -0
- data/lib/capistrano/ext/ubuntu-machine/templates/odbcinst.ini.erb +7 -0
- data/lib/capistrano/ext/ubuntu-machine/templates/passenger.conf.erb +2 -0
- data/lib/capistrano/ext/ubuntu-machine/templates/passenger.load.erb +1 -0
- data/lib/capistrano/ext/ubuntu-machine/templates/sources.jaunty.erb +55 -0
- data/lib/capistrano/ext/ubuntu-machine/templates/sources.lucid.erb +22 -0
- data/lib/capistrano/ext/ubuntu-machine/templates/sshd_config.erb +80 -0
- data/lib/capistrano/ext/ubuntu-machine/templates/vhost.erb +17 -0
- data/lib/capistrano/ext/ubuntu-machine/templates/vsftpd.conf.erb +158 -0
- data/lib/capistrano/ext/ubuntu-machine/templates/xsendfile.load.erb +1 -0
- data/lib/capistrano/ext/ubuntu-machine/tmpfs.rb +17 -0
- data/lib/capistrano/ext/ubuntu-machine/utils.rb +49 -0
- data/lib/capistrano/ext/ubuntu-machine/vsftpd.rb +63 -0
- data/lib/capistrano/ext/ubuntu-machine.rb +30 -0
- metadata +130 -0
@@ -0,0 +1,37 @@
|
|
1
|
+
require 'yaml'
|
2
|
+
namespace :ntp do
|
3
|
+
set :ntp_default_ntpd_opts, "NTPD_OPTS='-g'"
|
4
|
+
set :ntp_pool_servers, (0..2).map {|num| "#{num}.pool.ntp.org"}
|
5
|
+
|
6
|
+
desc "Install NTP"
|
7
|
+
task :install do
|
8
|
+
sudo "aptitude install -y ntp"
|
9
|
+
configure
|
10
|
+
end
|
11
|
+
|
12
|
+
desc "Configure NTP"
|
13
|
+
task :configure do
|
14
|
+
put render("ntpdate", binding), "ntpdate.tmp"
|
15
|
+
sudo "mv ntpdate.tmp /etc/default/ntpdate"
|
16
|
+
put render("ntp.conf", binding), "ntp.conf.tmp"
|
17
|
+
sudo "mv ntp.conf.tmp /etc/ntp.conf"
|
18
|
+
run "echo '#{ntp_default_ntpd_opts}' > ntp.tmp"
|
19
|
+
sudo "mv ntp.tmp /etc/default/ntp"
|
20
|
+
restart
|
21
|
+
end
|
22
|
+
|
23
|
+
desc "Start the NTP server"
|
24
|
+
task :start do
|
25
|
+
sudo "/etc/init.d/ntp start"
|
26
|
+
end
|
27
|
+
|
28
|
+
desc "Restart the NTP server"
|
29
|
+
task :restart do
|
30
|
+
sudo "/etc/init.d/ntp restart"
|
31
|
+
end
|
32
|
+
|
33
|
+
desc "Stop the NTP server"
|
34
|
+
task :stop do
|
35
|
+
sudo "/etc/init.d/ntp stop"
|
36
|
+
end
|
37
|
+
end
|
@@ -0,0 +1,44 @@
|
|
1
|
+
namespace :odbc do
|
2
|
+
_cset(:odbc_sourcename) { abort "Please specify the odbc sourcename:\n set :odbc_sourcename, 'MyFirstSQLServer'" }
|
3
|
+
_cset(:odbc_database) { abort "Please specify the odbc database:\n set :odbc_database, 'MyDB'" }
|
4
|
+
_cset(:odbc_host) { abort "Please specify the odbc host:\n set :odbc_host, '127.0.0.1'" }
|
5
|
+
_cset :odbc_port, '1433'
|
6
|
+
|
7
|
+
desc "Install ODBC/FreeTDS"
|
8
|
+
task :install, :roles => :app do
|
9
|
+
profile_lines = ["export ODBCINI=/etc/odbc.ini",
|
10
|
+
"export ODBCSYSINI=/etc",
|
11
|
+
"export FREETDSCONF=/etc/freetds/freetds.conf"]
|
12
|
+
sudo_add_to_file('/etc/profile',profile_lines)
|
13
|
+
|
14
|
+
freetds = "freetds-0.82"
|
15
|
+
sudo "sudo apt-get install unixodbc unixodbc-dev tdsodbc -y"
|
16
|
+
run "wget -nv ftp://ftp.ibiblio.org/pub/Linux/ALPHA/freetds/stable/#{freetds}.tar.gz"
|
17
|
+
run "tar xvzf #{freetds}.tar.gz && cd #{freetds} && ./configure && make"
|
18
|
+
sudo_keepalive
|
19
|
+
run "cd #{freetds} && sudo make install"
|
20
|
+
run "rm #{freetds}.tar.gz && rm -Rf #{freetds}"
|
21
|
+
end
|
22
|
+
|
23
|
+
desc "Install the ruby ODBC library"
|
24
|
+
task :install_rubyodbc, :roles => :app do
|
25
|
+
rubyodbc = "ruby-odbc-0.9996"
|
26
|
+
run "wget -nv http://www.ch-werner.de/rubyodbc/#{rubyodbc}.tar.gz"
|
27
|
+
run "tar xvzf #{rubyodbc}.tar.gz && cd #{rubyodbc} && ruby extconf.rb && make"
|
28
|
+
sudo_keepalive
|
29
|
+
run "cd #{rubyodbc} && sudo make install"
|
30
|
+
run "rm #{rubyodbc}.tar.gz && rm -Rf #{rubyodbc}"
|
31
|
+
end
|
32
|
+
|
33
|
+
desc "Install FreeTDS/ODBC configuration files"
|
34
|
+
task :config_files, :roles => :app do
|
35
|
+
put render("odbc.ini", binding), "odbc.ini"
|
36
|
+
sudo "mv odbc.ini /etc/odbc.ini"
|
37
|
+
put render("odbcinst.ini", binding), "odbcinst.ini"
|
38
|
+
sudo "mv odbcinst.ini /etc/odbcinst.ini"
|
39
|
+
put render("freetds.conf", binding), "more_freetds.conf"
|
40
|
+
run "cat /etc/freetds/freetds.conf more_freetds.conf > freetds.conf"
|
41
|
+
sudo "mv freetds.conf /etc/freetds/freetds.conf"
|
42
|
+
run "rm more_freetds.conf"
|
43
|
+
end
|
44
|
+
end
|
@@ -0,0 +1,8 @@
|
|
1
|
+
namespace :php do
|
2
|
+
desc "Install PHP 5"
|
3
|
+
task :install, :roles => :app do
|
4
|
+
sudo "apt-get install libapache2-mod-php5 php5 php5-common php5-curl php5-dev php5-gd php5-imagick php5-mcrypt php5-memcache php5-mhash php5-mysql php5-pspell php5-snmp php5-sqlite php5-xmlrpc php5-xsl -y"
|
5
|
+
sudo "/etc/init.d/apache2 reload"
|
6
|
+
end
|
7
|
+
|
8
|
+
end
|
@@ -0,0 +1,82 @@
|
|
1
|
+
require 'net/http'
|
2
|
+
|
3
|
+
namespace :ruby do
|
4
|
+
desc "Install Ruby 1.8"
|
5
|
+
task :install, :roles => :app do
|
6
|
+
sudo "apt-get install -y ruby1.8-dev ruby1.8 ri1.8 rdoc1.8 irb1.8 libreadline-ruby1.8 libruby1.8 libopenssl-ruby sqlite3 libsqlite3-ruby1.8"
|
7
|
+
sudo "apt-get install -y libmysql-ruby1.8"
|
8
|
+
|
9
|
+
sudo "ln -s /usr/bin/ruby1.8 /usr/bin/ruby"
|
10
|
+
sudo "ln -s /usr/bin/ri1.8 /usr/bin/ri"
|
11
|
+
sudo "ln -s /usr/bin/rdoc1.8 /usr/bin/rdoc"
|
12
|
+
sudo "ln -s /usr/bin/irb1.8 /usr/bin/irb"
|
13
|
+
end
|
14
|
+
|
15
|
+
|
16
|
+
set :ruby_enterprise_url do
|
17
|
+
Net::HTTP.get('www.rubyenterpriseedition.com', '/download.html').scan(/http:.*\.tar\.gz/).first
|
18
|
+
end
|
19
|
+
|
20
|
+
set :ruby_enterprise_version do
|
21
|
+
"#{ruby_enterprise_url[/(ruby-enterprise.*)(.tar.gz)/, 1]}"
|
22
|
+
end
|
23
|
+
|
24
|
+
set :passenger_version do
|
25
|
+
`gem list passenger$ -r`.gsub(/[\n|\s|passenger|(|)]/,"")
|
26
|
+
end
|
27
|
+
|
28
|
+
|
29
|
+
desc "Install Ruby Enterpise Edition"
|
30
|
+
task :install_enterprise, :roles => :app do
|
31
|
+
sudo "apt-get install libssl-dev -y"
|
32
|
+
sudo "apt-get install libreadline5-dev -y"
|
33
|
+
|
34
|
+
run "test ! -d /opt/#{ruby_enterprise_version}"
|
35
|
+
run "wget #{ruby_enterprise_url}"
|
36
|
+
run "tar xzvf #{ruby_enterprise_version}.tar.gz"
|
37
|
+
run "rm #{ruby_enterprise_version}.tar.gz"
|
38
|
+
sudo "./#{ruby_enterprise_version}/installer --auto /opt/#{ruby_enterprise_version}"
|
39
|
+
sudo "rm -rf #{ruby_enterprise_version}/"
|
40
|
+
|
41
|
+
# create a "permanent" link to the current REE install
|
42
|
+
sudo "ln -s /opt/#{ruby_enterprise_version} /opt/ruby-enterprise"
|
43
|
+
|
44
|
+
# add REE bin to the path
|
45
|
+
run "cat /etc/environment > ~/environment.tmp"
|
46
|
+
run 'echo PATH="/opt/ruby-enterprise/bin:$PATH" >> ~/environment.tmp'
|
47
|
+
sudo 'mv ~/environment.tmp /etc/environment'
|
48
|
+
end
|
49
|
+
|
50
|
+
desc "Install Phusion Passenger"
|
51
|
+
task :install_passenger, :roles => :app do
|
52
|
+
# rake 0.8.5 needs latest version of rdoc
|
53
|
+
sudo "gem install rdoc"
|
54
|
+
|
55
|
+
# because passenger-install-apache2-module do not find the rake installed by REE
|
56
|
+
sudo "gem install rake"
|
57
|
+
|
58
|
+
sudo "apt-get install apache2-mpm-prefork -y"
|
59
|
+
sudo "apt-get install libapr1-dev -y"
|
60
|
+
sudo "apt-get install apache2-prefork-dev -y"
|
61
|
+
|
62
|
+
# call the upgrade_passenger task
|
63
|
+
upgrade_passenger
|
64
|
+
end
|
65
|
+
|
66
|
+
desc "Upgrade Phusion Passenger"
|
67
|
+
task :upgrade_passenger, :roles => :app do
|
68
|
+
sudo "/opt/#{ruby_enterprise_version}/bin/ruby /opt/#{ruby_enterprise_version}/bin/gem install passenger"
|
69
|
+
run "sudo /opt/#{ruby_enterprise_version}/bin/ruby /opt/#{ruby_enterprise_version}/bin/passenger-install-apache2-module --auto"
|
70
|
+
|
71
|
+
put render("passenger.load", binding), "/home/#{user}/passenger.load"
|
72
|
+
put render("passenger.conf", binding), "/home/#{user}/passenger.conf"
|
73
|
+
|
74
|
+
sudo "mv /home/#{user}/passenger.load /etc/apache2/mods-available/"
|
75
|
+
sudo "mv /home/#{user}/passenger.conf /etc/apache2/mods-available/"
|
76
|
+
|
77
|
+
sudo "a2enmod passenger"
|
78
|
+
apache.force_reload
|
79
|
+
end
|
80
|
+
|
81
|
+
|
82
|
+
end
|
@@ -0,0 +1,64 @@
|
|
1
|
+
namespace :ssh do
|
2
|
+
|
3
|
+
desc <<-DESC
|
4
|
+
Setup SSH on the gateway host. Runs `upload_keys`, `install_ovh_ssh_key` AND \
|
5
|
+
`configure_sshd` then reloads the SSH service to finalize the changes.
|
6
|
+
DESC
|
7
|
+
task :setup, :roles => :gateway do
|
8
|
+
upload_keys
|
9
|
+
configure_sshd
|
10
|
+
install_ovh_ssh_key if ["ovh-rps", "ovh-dedie"].include?(hosting_provider)
|
11
|
+
reload
|
12
|
+
end
|
13
|
+
|
14
|
+
|
15
|
+
desc <<-DESC
|
16
|
+
Uploads your local public SSH keys to the server. A .ssh folder is created if \
|
17
|
+
one does not already exist. The SSH keys default to the ones set in \
|
18
|
+
Capistrano's ssh_options. You can change this by setting ssh_options[:keys] = \
|
19
|
+
["/home/user/.ssh/id_dsa"].
|
20
|
+
|
21
|
+
See "SSH copy" and "SSH Permissions" sections on \
|
22
|
+
http://articles.slicehost.com/2008/4/25/ubuntu-hardy-setup-page-1
|
23
|
+
DESC
|
24
|
+
task :upload_keys, :roles => :gateway do
|
25
|
+
run "mkdir -p ~/.ssh"
|
26
|
+
run "chown -R #{user}:#{user} ~/.ssh"
|
27
|
+
run "chmod 700 ~/.ssh"
|
28
|
+
|
29
|
+
authorized_keys = ssh_options[:keys].collect { |key| File.read("#{key}.pub") }.join("\n")
|
30
|
+
put authorized_keys, "./.ssh/authorized_keys2", :mode => 0600
|
31
|
+
end
|
32
|
+
|
33
|
+
desc <<-DESC
|
34
|
+
Configure SSH daemon with more secure settings recommended by Slicehost. The \
|
35
|
+
will be configured to run on the port configured in Capistrano's "ssh_options". \
|
36
|
+
This defaults to the standard SSH port 22. You can change this by setting \
|
37
|
+
ssh_options[:port] = 3000. Note that this change will not take affect until \
|
38
|
+
reload the SSH service with `cap ssh:reload`.
|
39
|
+
|
40
|
+
See "SSH config" section on \
|
41
|
+
http://articles.slicehost.com/2008/4/25/ubuntu-hardy-setup-page-1
|
42
|
+
DESC
|
43
|
+
task :configure_sshd, :roles => :gateway do
|
44
|
+
put render("sshd_config", binding), "sshd_config"
|
45
|
+
sudo "mv sshd_config /etc/ssh/sshd_config"
|
46
|
+
end
|
47
|
+
|
48
|
+
desc <<-DESC
|
49
|
+
Install OVH SSH Keys
|
50
|
+
DESC
|
51
|
+
task :install_ovh_ssh_key, :roles => :gateway do
|
52
|
+
sudo "wget ftp://ftp.ovh.net/made-in-ovh/cle-ssh-public/installer_la_cle.sh -O installer_la_cle.sh"
|
53
|
+
sudo "sh installer_la_cle.sh"
|
54
|
+
end
|
55
|
+
|
56
|
+
desc <<-DESC
|
57
|
+
Reload SSH service.
|
58
|
+
DESC
|
59
|
+
task :reload, :roles => :gateway do
|
60
|
+
sudo "/etc/init.d/ssh reload"
|
61
|
+
end
|
62
|
+
|
63
|
+
|
64
|
+
end
|
@@ -0,0 +1,46 @@
|
|
1
|
+
*filter
|
2
|
+
|
3
|
+
|
4
|
+
# Allows all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0
|
5
|
+
-A INPUT -i lo -j ACCEPT
|
6
|
+
-A INPUT -i ! lo -d 127.0.0.0/8 -j REJECT
|
7
|
+
|
8
|
+
|
9
|
+
# Accepts all established inbound connections
|
10
|
+
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
|
11
|
+
|
12
|
+
|
13
|
+
# Allows all outbound traffic
|
14
|
+
# You can modify this to only allow certain traffic
|
15
|
+
-A OUTPUT -j ACCEPT
|
16
|
+
|
17
|
+
|
18
|
+
# Allows HTTP and HTTPS connections from anywhere (the normal ports for websites)
|
19
|
+
-A INPUT -p tcp --dport 80 -j ACCEPT
|
20
|
+
-A INPUT -p tcp --dport 443 -j ACCEPT
|
21
|
+
|
22
|
+
|
23
|
+
# Allows SSH connections
|
24
|
+
#
|
25
|
+
# THE -dport NUMBER IS THE SAME ONE YOU SET UP IN THE SSHD_CONFIG FILE
|
26
|
+
#
|
27
|
+
-A INPUT -p tcp -m state --state NEW --dport <%= ssh_options[:port] %> -j ACCEPT
|
28
|
+
|
29
|
+
<% if hosting_provider=="ovh-rps" %>
|
30
|
+
# allow packets from SAN, only for ovh-rps
|
31
|
+
-A OUTPUT -p tcp --dport 3260 -j ACCEPT
|
32
|
+
<% end %>
|
33
|
+
|
34
|
+
# Allow ping
|
35
|
+
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
|
36
|
+
|
37
|
+
|
38
|
+
# log iptables denied calls
|
39
|
+
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
|
40
|
+
|
41
|
+
|
42
|
+
# Reject all other inbound - default deny unless explicitly allowed policy
|
43
|
+
-A INPUT -j REJECT
|
44
|
+
-A FORWARD -j REJECT
|
45
|
+
|
46
|
+
COMMIT
|
@@ -0,0 +1,5 @@
|
|
1
|
+
CREATE DATABASE `<%= db_name %>` DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
|
2
|
+
CREATE USER '<%= db_username %>'@'localhost' IDENTIFIED BY '<%= db_user_password %>';
|
3
|
+
GRANT USAGE ON * . * TO '<%= db_username %>'@'localhost' IDENTIFIED BY '<%= db_user_password %>' WITH MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;
|
4
|
+
GRANT ALL PRIVILEGES ON `<%= db_name %>` . * TO '<%= db_username %>'@'localhost' WITH GRANT OPTION ;
|
5
|
+
FLUSH PRIVILEGES ;
|
@@ -0,0 +1,16 @@
|
|
1
|
+
# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help
|
2
|
+
|
3
|
+
driftfile /var/lib/ntp/ntp.drift
|
4
|
+
filegen clockstats file clockstats type day enable
|
5
|
+
filegen loopstats file loopstats type day enable
|
6
|
+
filegen peerstats file peerstats type day enable
|
7
|
+
restrict -4 default kod notrap nomodify nopeer noquery
|
8
|
+
restrict -6 default kod notrap nomodify nopeer noquery
|
9
|
+
restrict 10.13.0.0 mask 255.255.255.0 nomodify notrap
|
10
|
+
restrict 10.14.0.0 mask 255.255.255.0 nomodify notrap
|
11
|
+
restrict 127.0.0.1
|
12
|
+
restrict ::1
|
13
|
+
<% ntp_pool_servers.each_with_index do |ntp_server,index|%>
|
14
|
+
<%= "server #{ntp_server} #{index == 0 ? 'iburst' : ''}" %>
|
15
|
+
<% end %>
|
16
|
+
statistics loopstats peerstats clockstats
|
@@ -0,0 +1,13 @@
|
|
1
|
+
# The settings in this file are used by the program ntpdate-debian, but not
|
2
|
+
# by the upstream program ntpdate.
|
3
|
+
|
4
|
+
# Set to "yes" to take the server list from /etc/ntp.conf, from package ntp,
|
5
|
+
# so you only have to keep it in one place.
|
6
|
+
NTPDATE_USE_NTP_CONF=yes
|
7
|
+
|
8
|
+
# List of NTP servers to use (Separate multiple servers with spaces.)
|
9
|
+
# Not used if NTPDATE_USE_NTP_CONF is yes.
|
10
|
+
NTPSERVERS="ntp.ubuntu.com"
|
11
|
+
|
12
|
+
# Additional options to pass to ntpdate
|
13
|
+
NTPOPTIONS=""
|
@@ -0,0 +1 @@
|
|
1
|
+
LoadModule passenger_module /opt/<%= ruby_enterprise_version %>/lib/ruby/gems/1.8/gems/passenger-<%= passenger_version %>/ext/apache2/mod_passenger.so
|
@@ -0,0 +1,55 @@
|
|
1
|
+
# See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
|
2
|
+
# newer versions of the distribution.
|
3
|
+
# Copied here by ubuntu machine
|
4
|
+
|
5
|
+
deb http://archive.ubuntu.com/ubuntu/ jaunty main restricted
|
6
|
+
deb-src http://archive.ubuntu.com/ubuntu/ jaunty main restricted
|
7
|
+
|
8
|
+
## Major bug fix updates produced after the final release of the
|
9
|
+
## distribution.
|
10
|
+
deb http://archive.ubuntu.com/ubuntu/ jaunty-updates main restricted
|
11
|
+
deb-src http://archive.ubuntu.com/ubuntu/ jaunty-updates main restricted
|
12
|
+
|
13
|
+
## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
|
14
|
+
## team, and may not be under a free licence. Please satisfy yourself as to
|
15
|
+
## your rights to use the software. Also, please note that software in
|
16
|
+
## universe WILL NOT receive any review or updates from the Ubuntu security
|
17
|
+
## team.
|
18
|
+
deb http://archive.ubuntu.com/ubuntu/ jaunty universe
|
19
|
+
deb-src http://archive.ubuntu.com/ubuntu/ jaunty universe
|
20
|
+
deb http://archive.ubuntu.com/ubuntu/ jaunty-updates universe
|
21
|
+
deb-src http://archive.ubuntu.com/ubuntu/ jaunty-updates universe
|
22
|
+
|
23
|
+
## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
|
24
|
+
## team, and may not be under a free licence. Please satisfy yourself as to
|
25
|
+
## your rights to use the software. Also, please note that software in
|
26
|
+
## multiverse WILL NOT receive any review or updates from the Ubuntu
|
27
|
+
## security team.
|
28
|
+
deb http://archive.ubuntu.com/ubuntu/ jaunty multiverse
|
29
|
+
deb-src http://archive.ubuntu.com/ubuntu/ jaunty multiverse
|
30
|
+
deb http://archive.ubuntu.com/ubuntu/ jaunty-updates multiverse
|
31
|
+
deb-src http://archive.ubuntu.com/ubuntu/ jaunty-updates multiverse
|
32
|
+
|
33
|
+
## Uncomment the following two lines to add software from the 'backports'
|
34
|
+
## repository.
|
35
|
+
## N.B. software from this repository may not have been tested as
|
36
|
+
## extensively as that contained in the main release, although it includes
|
37
|
+
## newer versions of some applications which may provide useful features.
|
38
|
+
## Also, please note that software in backports WILL NOT receive any review
|
39
|
+
## or updates from the Ubuntu security team.
|
40
|
+
# deb http://cl.archive.ubuntu.com/ubuntu/ jaunty-backports main restricted universe multiverse
|
41
|
+
# deb-src http://cl.archive.ubuntu.com/ubuntu/ jaunty-backports main restricted universe multiverse
|
42
|
+
|
43
|
+
## Uncomment the following two lines to add software from Canonical's
|
44
|
+
## 'partner' repository. This software is not part of Ubuntu, but is
|
45
|
+
## offered by Canonical and the respective vendors as a service to Ubuntu
|
46
|
+
## users.
|
47
|
+
# deb http://archive.canonical.com/ubuntu jaunty partner
|
48
|
+
# deb-src http://archive.canonical.com/ubuntu jaunty partner
|
49
|
+
|
50
|
+
deb http://archive.ubuntu.com/ubuntu/ jaunty-security main restricted
|
51
|
+
deb-src http://archive.ubuntu.com/ubuntu/ jaunty-security main restricted
|
52
|
+
deb http://archive.ubuntu.com/ubuntu/ jaunty-security universe
|
53
|
+
deb-src http://archive.ubuntu.com/ubuntu/ jaunty-security universe
|
54
|
+
deb http://archive.ubuntu.com/ubuntu/ jaunty-security multiverse
|
55
|
+
deb-src http://archive.ubuntu.com/ubuntu/ jaunty-security multiverse
|
@@ -0,0 +1,22 @@
|
|
1
|
+
#############################################################
|
2
|
+
################### OFFICIAL UBUNTU REPOS ###################
|
3
|
+
#############################################################
|
4
|
+
|
5
|
+
###### Ubuntu Main Repos
|
6
|
+
deb http://nl.archive.ubuntu.com/ubuntu/ lucid main restricted universe multiverse
|
7
|
+
deb-src http://nl.archive.ubuntu.com/ubuntu/ lucid main restricted universe multiverse
|
8
|
+
|
9
|
+
###### Ubuntu Update Repos
|
10
|
+
deb http://nl.archive.ubuntu.com/ubuntu/ lucid-security main restricted universe multiverse
|
11
|
+
deb http://nl.archive.ubuntu.com/ubuntu/ lucid-updates main restricted universe multiverse
|
12
|
+
deb http://nl.archive.ubuntu.com/ubuntu/ lucid-proposed main restricted universe multiverse
|
13
|
+
deb http://nl.archive.ubuntu.com/ubuntu/ lucid-backports main restricted universe multiverse
|
14
|
+
deb-src http://nl.archive.ubuntu.com/ubuntu/ lucid-security main restricted universe multiverse
|
15
|
+
deb-src http://nl.archive.ubuntu.com/ubuntu/ lucid-updates main restricted universe multiverse
|
16
|
+
deb-src http://nl.archive.ubuntu.com/ubuntu/ lucid-proposed main restricted universe multiverse
|
17
|
+
deb-src http://nl.archive.ubuntu.com/ubuntu/ lucid-backports main restricted universe multiverse
|
18
|
+
|
19
|
+
###### Ubuntu Partner Repo
|
20
|
+
deb http://archive.canonical.com/ubuntu lucid partner
|
21
|
+
deb-src http://archive.canonical.com/ubuntu lucid partner
|
22
|
+
|
@@ -0,0 +1,80 @@
|
|
1
|
+
# Package generated configuration file
|
2
|
+
# See the sshd(8) manpage for details
|
3
|
+
|
4
|
+
# What ports, IPs and protocols we listen for
|
5
|
+
Port <%= ssh_options[:port] %>
|
6
|
+
# Use these options to restrict which interfaces/protocols sshd will bind to
|
7
|
+
#ListenAddress ::
|
8
|
+
#ListenAddress 0.0.0.0
|
9
|
+
Protocol 2
|
10
|
+
# HostKeys for protocol version 2
|
11
|
+
HostKey /etc/ssh/ssh_host_rsa_key
|
12
|
+
HostKey /etc/ssh/ssh_host_dsa_key
|
13
|
+
#Privilege Separation is turned on for security
|
14
|
+
UsePrivilegeSeparation yes
|
15
|
+
|
16
|
+
# Lifetime and size of ephemeral version 1 server key
|
17
|
+
KeyRegenerationInterval 3600
|
18
|
+
ServerKeyBits 768
|
19
|
+
|
20
|
+
# Logging
|
21
|
+
SyslogFacility AUTH
|
22
|
+
LogLevel INFO
|
23
|
+
|
24
|
+
# Authentication:
|
25
|
+
LoginGraceTime 120
|
26
|
+
PermitRootLogin yes # allow it to enable OVH to connect to your server
|
27
|
+
StrictModes yes
|
28
|
+
|
29
|
+
RSAAuthentication yes
|
30
|
+
PubkeyAuthentication yes
|
31
|
+
AuthorizedKeysFile .ssh/authorized_keys2
|
32
|
+
UsePam yes
|
33
|
+
|
34
|
+
# Don't read the user's ~/.rhosts and ~/.shosts files
|
35
|
+
IgnoreRhosts yes
|
36
|
+
# For this to work you will also need host keys in /etc/ssh_known_hosts
|
37
|
+
RhostsRSAAuthentication no
|
38
|
+
# similar for protocol version 2
|
39
|
+
HostbasedAuthentication no
|
40
|
+
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
|
41
|
+
#IgnoreUserKnownHosts yes
|
42
|
+
|
43
|
+
# To enable empty passwords, change to yes (NOT RECOMMENDED)
|
44
|
+
PermitEmptyPasswords no
|
45
|
+
|
46
|
+
# Change to yes to enable challenge-response passwords (beware issues with
|
47
|
+
# some PAM modules and threads)
|
48
|
+
ChallengeResponseAuthentication no
|
49
|
+
|
50
|
+
# Change to no to disable tunnelled clear text passwords
|
51
|
+
PasswordAuthentication no
|
52
|
+
|
53
|
+
# Kerberos options
|
54
|
+
#KerberosAuthentication no
|
55
|
+
#KerberosGetAFSToken no
|
56
|
+
#KerberosOrLocalPasswd yes
|
57
|
+
#KerberosTicketCleanup yes
|
58
|
+
|
59
|
+
# GSSAPI options
|
60
|
+
GSSAPIAuthentication no
|
61
|
+
#GSSAPICleanupCredentials yes
|
62
|
+
|
63
|
+
X11Forwarding no
|
64
|
+
X11DisplayOffset 10
|
65
|
+
PrintMotd no
|
66
|
+
PrintLastLog yes
|
67
|
+
KeepAlive yes
|
68
|
+
#UseLogin no
|
69
|
+
|
70
|
+
#MaxStartups 10:30:60
|
71
|
+
#Banner /etc/issue.net
|
72
|
+
|
73
|
+
# Allow client to pass locale environment variables
|
74
|
+
AcceptEnv LANG LC_*
|
75
|
+
|
76
|
+
Subsystem sftp /usr/lib/openssh/sftp-server
|
77
|
+
|
78
|
+
UseDNS no
|
79
|
+
|
80
|
+
AllowUsers <%= user %>
|
@@ -0,0 +1,17 @@
|
|
1
|
+
<VirtualHost *:80>
|
2
|
+
|
3
|
+
# Admin email, Server Name (domain name) and any aliases
|
4
|
+
ServerAdmin <%= server_admin %>
|
5
|
+
ServerName <%= server_name %>
|
6
|
+
ServerAlias <%= server_alias %>
|
7
|
+
|
8
|
+
# Index file and Document Root (where the public files are located)
|
9
|
+
DirectoryIndex <%= directory_index %>
|
10
|
+
DocumentRoot /home/<%= user %>/websites/<%= server_name %>/public
|
11
|
+
|
12
|
+
# Custom log file locations
|
13
|
+
LogLevel warn
|
14
|
+
ErrorLog /home/<%= user %>/websites/<%= server_name %>/logs/error.log
|
15
|
+
CustomLog /home/<%= user %>/websites/<%= server_name %>/logs/access.log combined
|
16
|
+
|
17
|
+
</VirtualHost>
|