matthijs/servers/drsnuggles.git
15 years agoMerge commit 'origin/template' into www
root [Tue, 5 May 2009 16:20:22 +0000 (18:20 +0200)]
Merge commit 'origin/template' into www

* commit 'origin/template':
  rsyslog: Use another format for forwarding messages.
  ssh: Disable changing of the oom_adj value.
  ssh: Add default initscript configuration.

15 years agorsyslog: Use another format for forwarding messages. samba
Matthijs Kooijman [Tue, 5 May 2009 16:09:52 +0000 (18:09 +0200)]
rsyslog: Use another format for forwarding messages.

The syslog protocol 23 format seems to be broken in rsyslog for messages
that were originally generated by legacy applications (i.e., do not have
a structured-data field).

See http://bugzilla.adiscon.com/show_bug.cgi?id=125

15 years agossh: Disable changing of the oom_adj value.
Matthijs Kooijman [Tue, 5 May 2009 15:07:10 +0000 (17:07 +0200)]
ssh: Disable changing of the oom_adj value.

This value is meant for making sure ssh is never killed by the oom
killer, but that is not allowed inside vservers.

15 years agossh: Add default initscript configuration.
Matthijs Kooijman [Tue, 5 May 2009 15:06:45 +0000 (17:06 +0200)]
ssh: Add default initscript configuration.

15 years agoMerge commit 'origin/template' into www
root [Tue, 5 May 2009 14:26:48 +0000 (16:26 +0200)]
Merge commit 'origin/template' into www

* commit 'origin/template':
  rsyslog: Make the main queue disk-assisted as well.
  rsyslog: Enable queuing of log messages.
  nss: Add some comments.
  rsyslog: Send all logs to the log vserver.
  rsyslog: Move all rsyslog log files into a subdir.
  rsyslog: Update logrotate config to new rsyslog config.
  rsyslog: Add default logrotate config.
  rsyslog: Disable logging of kernel messages.
  rsyslog: Enable loggin of mark lines.
  rsyslog: Clean up rsyslog configuration.
  rsyslog: Add default configuration.
  pam: Add pam_permit to the auth section of chfn.
  nss: Update to use our custom LDAP schema.
  apt: Set the Default-Release to "stable".
  pam: Let pam.d/cron include common-account.
  pam: Let pam.d/su include common{account,session}.
  pam: Make common-account also support unix users.
  pam: Add .so to module names in pam.d/other.

15 years agorsyslog: Make the main queue disk-assisted as well.
Matthijs Kooijman [Tue, 5 May 2009 13:55:27 +0000 (15:55 +0200)]
rsyslog: Make the main queue disk-assisted as well.

15 years agorsyslog: Enable queuing of log messages.
Matthijs Kooijman [Tue, 5 May 2009 13:07:22 +0000 (15:07 +0200)]
rsyslog: Enable queuing of log messages.

This prevents messages from getting lost when the log vserver is
temporarily unavailable.

15 years agonss: Add some comments.
Matthijs Kooijman [Tue, 5 May 2009 09:17:28 +0000 (11:17 +0200)]
nss: Add some comments.

15 years agorsyslog: Send all logs to the log vserver.
Matthijs Kooijman [Tue, 5 May 2009 08:52:30 +0000 (10:52 +0200)]
rsyslog: Send all logs to the log vserver.

This happens in addition to local logging.

15 years agorsyslog: Move all rsyslog log files into a subdir.
Matthijs Kooijman [Tue, 5 May 2009 08:17:52 +0000 (10:17 +0200)]
rsyslog: Move all rsyslog log files into a subdir.

This allows us to use *.log in the logrotate configuration, without
conflicting with logfiles not created by rsyslog.

15 years agorsyslog: Update logrotate config to new rsyslog config.
Matthijs Kooijman [Mon, 4 May 2009 20:41:06 +0000 (22:41 +0200)]
rsyslog: Update logrotate config to new rsyslog config.

15 years agorsyslog: Add default logrotate config.
Matthijs Kooijman [Mon, 4 May 2009 20:37:56 +0000 (22:37 +0200)]
rsyslog: Add default logrotate config.

15 years agorsyslog: Disable logging of kernel messages.
Matthijs Kooijman [Mon, 4 May 2009 20:31:27 +0000 (22:31 +0200)]
rsyslog: Disable logging of kernel messages.

The vservers won't have access to the kernel messages anyway.

15 years agorsyslog: Enable loggin of mark lines.
Matthijs Kooijman [Mon, 4 May 2009 20:26:54 +0000 (22:26 +0200)]
rsyslog: Enable loggin of mark lines.

15 years agorsyslog: Clean up rsyslog configuration.
Matthijs Kooijman [Mon, 4 May 2009 20:00:15 +0000 (22:00 +0200)]
rsyslog: Clean up rsyslog configuration.

This removes some commented out lines, and reorganizes the existing
logfiles to be more consistent.

15 years agorsyslog: Add default configuration.
Matthijs Kooijman [Mon, 4 May 2009 19:50:28 +0000 (21:50 +0200)]
rsyslog: Add default configuration.

15 years agophp: Add a vim filetype to php5.ini.local.
Matthijs Kooijman [Fri, 24 Apr 2009 19:39:58 +0000 (21:39 +0200)]
php: Add a vim filetype to php5.ini.local.

15 years agophp: Display errors in the log, not to the client.
Matthijs Kooijman [Fri, 24 Apr 2009 19:39:09 +0000 (21:39 +0200)]
php: Display errors in the log, not to the client.

15 years agophp: Add a local configuration override file.
Matthijs Kooijman [Fri, 24 Apr 2009 19:38:11 +0000 (21:38 +0200)]
php: Add a local configuration override file.

15 years agoaddsite: Add some comments.
Matthijs Kooijman [Fri, 24 Apr 2009 19:35:38 +0000 (21:35 +0200)]
addsite: Add some comments.

15 years agoaddsite: Run update-php.ini.
Matthijs Kooijman [Fri, 24 Apr 2009 19:33:33 +0000 (21:33 +0200)]
addsite: Run update-php.ini.

15 years agofastcgi: Enable php for evolution-events.nl.
Matthijs Kooijman [Fri, 24 Apr 2009 19:18:37 +0000 (21:18 +0200)]
fastcgi: Enable php for evolution-events.nl.

15 years agosystem: Set hostname and mailname
Matthijs Kooijman [Fri, 17 Apr 2009 13:15:44 +0000 (15:15 +0200)]
system: Set hostname and mailname

15 years agophpldapadmin: Display displayName whenever possible.
Matthijs Kooijman [Wed, 15 Apr 2009 17:47:16 +0000 (19:47 +0200)]
phpldapadmin: Display displayName whenever possible.

15 years agophpldapadmin: Start autonumbering at 0, for uniqueNumber.
Matthijs Kooijman [Wed, 15 Apr 2009 17:45:40 +0000 (19:45 +0200)]
phpldapadmin: Start autonumbering at 0, for uniqueNumber.

We want to use phpldapadmin's autonumber feature for uniqueNumbers as
well as uidNumbers. This makes sure that uniqueNumbers don't jump up to
1000.

15 years agopam: Add pam_permit to the auth section of chfn.
Matthijs Kooijman [Mon, 13 Apr 2009 15:48:38 +0000 (17:48 +0200)]
pam: Add pam_permit to the auth section of chfn.

The chfn command did not work before, since it checks account as well as
auth.

15 years agonss: Update to use our custom LDAP schema.
Matthijs Kooijman [Mon, 13 Apr 2009 15:22:39 +0000 (17:22 +0200)]
nss: Update to use our custom LDAP schema.

This uses the uniqueMember attribute containing dns instead of the
memberUid attribute containing usernames for forming groups.
Additionally, it tells nss-ldap about our replacement for the posixGroup
objectClass.

15 years agoapt: Set the Default-Release to "stable".
Matthijs Kooijman [Mon, 13 Apr 2009 15:21:33 +0000 (17:21 +0200)]
apt: Set the Default-Release to "stable".

15 years agolighttpd: Re-enable cgi handling for gitweb.
Matthijs Kooijman [Tue, 7 Apr 2009 20:38:37 +0000 (22:38 +0200)]
lighttpd: Re-enable cgi handling for gitweb.

This was accidentally disabled in a previous commit.

15 years agolighttpd: Load mod_auth before other modules.
Matthijs Kooijman [Sun, 5 Apr 2009 09:21:12 +0000 (11:21 +0200)]
lighttpd: Load mod_auth before other modules.

Loading mod_auth last broke authentication on fastcgi enabled urls.

15 years agofastcgi: Add trac for stderr.nl.
Matthijs Kooijman [Fri, 3 Apr 2009 11:30:11 +0000 (13:30 +0200)]
fastcgi: Add trac for stderr.nl.

15 years agofastcgi: Pass the site dir to each fastcgi daemon.
Matthijs Kooijman [Fri, 3 Apr 2009 11:29:53 +0000 (13:29 +0200)]
fastcgi: Pass the site dir to each fastcgi daemon.

15 years agolighttpd: Update indigetes.stderr.nl to blues.
Matthijs Kooijman [Fri, 3 Apr 2009 11:28:56 +0000 (13:28 +0200)]
lighttpd: Update indigetes.stderr.nl to blues.

Also point the configuration at the new trac fcgi server.

15 years agolighttpd: Use a patched version of phpldapadmin.
Matthijs Kooijman [Fri, 3 Apr 2009 11:15:54 +0000 (13:15 +0200)]
lighttpd: Use a patched version of phpldapadmin.

15 years agoaddsite: Give webmasters and www-data access to the data dir.
root [Sun, 29 Mar 2009 21:40:00 +0000 (23:40 +0200)]
addsite: Give webmasters and www-data access to the data dir.

15 years agolighttpd: Add configuration for weblog.ninniach.nl.
root [Sun, 29 Mar 2009 21:39:31 +0000 (23:39 +0200)]
lighttpd: Add configuration for weblog.ninniach.nl.

15 years agoaddsite: Give webmasters write access to the data dir.
Matthijs Kooijman [Sun, 29 Mar 2009 19:36:45 +0000 (21:36 +0200)]
addsite: Give webmasters write access to the data dir.

15 years agofastcgi: Enable php for ninniach.nl.
Matthijs Kooijman [Sun, 29 Mar 2009 19:24:20 +0000 (21:24 +0200)]
fastcgi: Enable php for ninniach.nl.

15 years agolighttpd: Add configuration for ninniach.nl.
Matthijs Kooijman [Sun, 29 Mar 2009 19:18:29 +0000 (21:18 +0200)]
lighttpd: Add configuration for ninniach.nl.

15 years agolighttpd: Enable phpldapadmin on www.stderr.nl/ldap.
Matthijs Kooijman [Sun, 29 Mar 2009 19:18:02 +0000 (21:18 +0200)]
lighttpd: Enable phpldapadmin on stderr.nl/ldap.

15 years agolighttpd: Enable blosxom on www.stderr.nl/blosxom.
Matthijs Kooijman [Sun, 29 Mar 2009 19:16:37 +0000 (21:16 +0200)]
lighttpd: Enable blosxom on www.stderr.nl/blosxom.

This is not the final configuration, but it should make blosxom work for
now.

15 years agolighttpd: Enable mod_setenv.
Matthijs Kooijman [Sun, 29 Mar 2009 19:15:44 +0000 (21:15 +0200)]
lighttpd: Enable mod_setenv.

15 years agolighttpd: Add comment.
Matthijs Kooijman [Sun, 29 Mar 2009 19:15:12 +0000 (21:15 +0200)]
lighttpd: Add comment.

15 years agoaddsite: Create the directory properly.
Matthijs Kooijman [Sun, 29 Mar 2009 16:18:18 +0000 (18:18 +0200)]
addsite: Create the directory properly.

15 years agoaddsite: Add www users and groups in their own OU's.
Matthijs Kooijman [Sun, 29 Mar 2009 16:17:45 +0000 (18:17 +0200)]
addsite: Add www users and groups in their own OU's.

15 years agophpldapadmin: Make SSHA default password hashing.
Matthijs Kooijman [Sun, 29 Mar 2009 15:50:10 +0000 (17:50 +0200)]
phpldapadmin: Make SSHA default password hashing.

15 years agoUpdate the list of allowed shells.
Matthijs Kooijman [Sun, 29 Mar 2009 15:48:39 +0000 (17:48 +0200)]
Update the list of allowed shells.

15 years agophpldapadmin: User /home/%uid as homedir.
Matthijs Kooijman [Sun, 29 Mar 2009 15:48:02 +0000 (17:48 +0200)]
phpldapadmin: User /home/%uid as homedir.

15 years agophpldapadmin: Add hostObject to new user accounts.
Matthijs Kooijman [Sun, 29 Mar 2009 15:47:10 +0000 (17:47 +0200)]
phpldapadmin: Add hostObject to new user accounts.

15 years agophpldapadmin: Add phpldapadmin configuration.
Matthijs Kooijman [Sun, 29 Mar 2009 14:56:29 +0000 (16:56 +0200)]
phpldapadmin: Add phpldapadmin configuration.

15 years agogitweb: Update the urls that gitweb publishes.
Matthijs Kooijman [Mon, 5 Jan 2009 14:49:34 +0000 (15:49 +0100)]
gitweb: Update the urls that gitweb publishes.

The http url no longer needs /git/ and ssh no longer needs
/data/vcs/git/.

15 years agolighttpd: Redirect git.stderr.nl/*.git to /data/vcs/git.
Matthijs Kooijman [Mon, 5 Jan 2009 14:48:12 +0000 (15:48 +0100)]
lighttpd: Redirect git.stderr.nl/*.git to /data/vcs/git.

This replaces the symlink in the htdocs directory and removes the /git/
from the url.

15 years agolighttpd: Enable phpmyadmin on /mysql on all vhosts.
Matthijs Kooijman [Mon, 5 Jan 2009 08:58:56 +0000 (09:58 +0100)]
lighttpd: Enable phpmyadmin on /mysql on all vhosts.

15 years agofastcgi: Enable php for stderr.nl
Matthijs Kooijman [Mon, 5 Jan 2009 08:56:22 +0000 (09:56 +0100)]
fastcgi: Enable php for stderr.nl

15 years agopam: Let pam.d/cron include common-account.
Matthijs Kooijman [Tue, 30 Dec 2008 23:00:45 +0000 (00:00 +0100)]
pam: Let pam.d/cron include common-account.

The changes to common-account make the custom account section of
pam.d/cron unneeded.

15 years agopam: Let pam.d/su include common{account,session}.
Matthijs Kooijman [Tue, 30 Dec 2008 22:58:24 +0000 (23:58 +0100)]
pam: Let pam.d/su include common{account,session}.

Since pam.d/other was removed, su was missing the account and session
entries and failed.

15 years agopam: Make common-account also support unix users.
Matthijs Kooijman [Tue, 30 Dec 2008 22:56:17 +0000 (23:56 +0100)]
pam: Make common-account also support unix users.

This makes sure that common-account supports both unix users (from
passwd) and ldap users. A lot of services don't do real (password)
authentication, but do need to work for both ldap and unix users (cron,
su).

common-auth still only works for ldap users, since those are the only
ones with actual passwords.

15 years agopam: Add .so to module names in pam.d/other.
Matthijs Kooijman [Tue, 30 Dec 2008 22:51:27 +0000 (23:51 +0100)]
pam: Add .so to module names in pam.d/other.

15 years agoMerge commit 'origin/template' into www
root [Tue, 30 Dec 2008 17:07:16 +0000 (18:07 +0100)]
Merge commit 'origin/template' into www

* commit 'origin/template':
  pam: Deny everything in pam.d/other.
  pam: Add default pam.d/other file.
  pam: Fix pam configuration for cron.
  pam: Don't allow console logins.
  pam: Allow only root to change shells and user info.
  pam: Add default pamd.d/{chfn,chsh,cron,login} files.
  pam: Remove all but one line from pam.d/su.
  pam: Add default pam.d/su file.

15 years agopam: Deny everything in pam.d/other.
Matthijs Kooijman [Tue, 30 Dec 2008 16:04:28 +0000 (17:04 +0100)]
pam: Deny everything in pam.d/other.

15 years agopam: Add default pam.d/other file.
Matthijs Kooijman [Tue, 30 Dec 2008 16:01:26 +0000 (17:01 +0100)]
pam: Add default pam.d/other file.

15 years agopam: Fix pam configuration for cron.
Matthijs Kooijman [Tue, 30 Dec 2008 15:50:45 +0000 (16:50 +0100)]
pam: Fix pam configuration for cron.

This allows non-ldap users (say, root) to use cron.

15 years agopam: Don't allow console logins.
Matthijs Kooijman [Tue, 30 Dec 2008 10:38:15 +0000 (11:38 +0100)]
pam: Don't allow console logins.

We don't have a console on a vserver anyway...

15 years agopam: Allow only root to change shells and user info.
Matthijs Kooijman [Tue, 30 Dec 2008 10:36:39 +0000 (11:36 +0100)]
pam: Allow only root to change shells and user info.

Since changing user info and shells for ldap users is not supported by
chfn and chsh anyway, and we have no real users that are not in ldap,
limiting this to just root makes sense.

15 years agopam: Add default pamd.d/{chfn,chsh,cron,login} files.
Matthijs Kooijman [Tue, 30 Dec 2008 10:24:58 +0000 (11:24 +0100)]
pam: Add default pamd.d/{chfn,chsh,cron,login} files.

15 years agopam: Remove all but one line from pam.d/su.
Matthijs Kooijman [Mon, 29 Dec 2008 19:03:51 +0000 (20:03 +0100)]
pam: Remove all but one line from pam.d/su.

The session modules seem useless, and the common files only include ldap
and don't know about root, so that only gives warnings when root is
trying to su.

This makes it impossible for non-root users to use su, but that's a
feature.

15 years agopam: Add default pam.d/su file.
Matthijs Kooijman [Mon, 29 Dec 2008 19:03:15 +0000 (20:03 +0100)]
pam: Add default pam.d/su file.

15 years agosystem: Improve the permissions addsite sets.
Matthijs Kooijman [Wed, 17 Dec 2008 19:10:56 +0000 (20:10 +0100)]
system: Improve the permissions addsite sets.

15 years agolighttpd: Add initial configuration files.
Matthijs Kooijman [Wed, 17 Dec 2008 19:03:26 +0000 (20:03 +0100)]
lighttpd: Add initial configuration files.

15 years agosystem: Add acl-aware perl wrapper.
Matthijs Kooijman [Wed, 17 Dec 2008 18:59:44 +0000 (19:59 +0100)]
system: Add acl-aware perl wrapper.

By default, permission checks in perl only use the normal mode bits,
instead of the access(2) function. Adding "use filetest 'access';" to
the program, or the equivalent "-mfiletest=access" to the commandline,
we get proper behaviour when ACLs are involved.

15 years agoaddsite: Give www-data read access to conf/ dirs.
Matthijs Kooijman [Wed, 17 Dec 2008 18:58:27 +0000 (19:58 +0100)]
addsite: Give www-data read access to conf/ dirs.

16 years agogitweb: Make gitweb publish http and ssh urls for every repos.
root [Tue, 25 Nov 2008 00:12:10 +0000 (01:12 +0100)]
gitweb: Make gitweb publish http and ssh urls for every repos.

16 years agogitweb: Point gitweb at /data/vcs/git.
root [Tue, 25 Nov 2008 00:11:55 +0000 (01:11 +0100)]
gitweb: Point gitweb at /data/vcs/git.

16 years agohgweb: Point hgwebdir.cgi at /etc/hgweb.conf.
root [Mon, 24 Nov 2008 23:26:25 +0000 (00:26 +0100)]
hgweb: Point hgwebdir.cgi at /etc/hgweb.conf.

/etc/hgweb.conf points hgweb at /data/vcs/hg.

16 years agoAdd example hgwebdir.cgi script.
root [Mon, 24 Nov 2008 23:21:16 +0000 (00:21 +0100)]
Add example hgwebdir.cgi script.

16 years agogitweb: Add default config file.
root [Mon, 24 Nov 2008 21:51:18 +0000 (22:51 +0100)]
gitweb: Add default config file.

16 years agofastcgi: Add init script for fastcgi processes.
root [Fri, 7 Nov 2008 21:56:56 +0000 (22:56 +0100)]
fastcgi: Add init script for fastcgi processes.

This script will for now ignore its command line arguments and always
restart all scripts. This should be improved in the future.

16 years agosystem: Let update-php.ini also include a php.ini.local
root [Fri, 7 Nov 2008 11:41:14 +0000 (12:41 +0100)]
system: Let update-php.ini also include a php.ini.local

16 years agosystem: Let addsite always make DIR absolute.
root [Fri, 7 Nov 2008 11:40:45 +0000 (12:40 +0100)]
system: Let addsite always make DIR absolute.

16 years agosystem: Fix permission setting in addsite.
root [Fri, 7 Nov 2008 11:28:02 +0000 (12:28 +0100)]
system: Fix permission setting in addsite.

16 years agosystem: Add update-php.ini script.
root [Thu, 6 Nov 2008 13:55:44 +0000 (14:55 +0100)]
system: Add update-php.ini script.

This script merges system php.ini with a per-site php.ini.override, to
compensate for the lack of a proper include statement in php's config
files.

16 years agosystem: Add script to fix users and permissions for a site.
root [Thu, 6 Nov 2008 13:50:44 +0000 (14:50 +0100)]
system: Add script to fix users and permissions for a site.

16 years agosystem: Set the timezone to Europe/Amsterdam.
Matthijs Kooijman [Thu, 9 Oct 2008 20:20:13 +0000 (22:20 +0200)]
system: Set the timezone to Europe/Amsterdam.

16 years agoapt: Move local repository from ~matthijs to /data.
Matthijs Kooijman [Thu, 9 Oct 2008 15:46:18 +0000 (15:46 +0000)]
apt: Move local repository from ~matthijs to /data.

16 years agobash: Include bash.bashrc from /etc/profile.
Matthijs Kooijman [Thu, 9 Oct 2008 13:15:34 +0000 (13:15 +0000)]
bash: Include bash.bashrc from /etc/profile.

16 years agosystem: Add resolv.conf, pointing to the DNS vserver.
Matthijs Kooijman [Thu, 9 Oct 2008 13:14:52 +0000 (13:14 +0000)]
system: Add resolv.conf, pointing to the DNS vserver.

16 years agobash: Add default global profile script.
root [Tue, 30 Sep 2008 14:49:56 +0000 (14:49 +0000)]
bash: Add default global profile script.

16 years agobash: Enable extended completion.
root [Tue, 30 Sep 2008 14:33:29 +0000 (14:33 +0000)]
bash: Enable extended completion.

16 years agobash: Add initial bashrc.
root [Tue, 30 Sep 2008 14:32:51 +0000 (14:32 +0000)]
bash: Add initial bashrc.

16 years agonss: Don't use mdns for name resolution.
root [Fri, 26 Sep 2008 10:16:05 +0000 (10:16 +0000)]
nss: Don't use mdns for name resolution.

This change was automatically made by removing avahi-daemon.

16 years agonullmailer: Add configuration.
root [Fri, 26 Sep 2008 10:15:05 +0000 (10:15 +0000)]
nullmailer: Add configuration.

16 years agopam: Enable LDAP host attribute checking.
root [Thu, 25 Sep 2008 15:36:02 +0000 (15:36 +0000)]
pam: Enable LDAP host attribute checking.

16 years agopam: Only use LDAP for auth and account, remove unix authentication.
root [Thu, 25 Sep 2008 15:30:51 +0000 (15:30 +0000)]
pam: Only use LDAP for auth and account, remove unix authentication.

16 years agopam: Simplify configuration.
root [Thu, 25 Sep 2008 12:19:43 +0000 (12:19 +0000)]
pam: Simplify configuration.

16 years agopam: Use LDAP for authentication.
root [Thu, 25 Sep 2008 10:24:14 +0000 (10:24 +0000)]
pam: Use LDAP for authentication.

16 years agonss: Use LDAP for passwd and group.
root [Thu, 25 Sep 2008 10:23:45 +0000 (10:23 +0000)]
nss: Use LDAP for passwd and group.

16 years agopam: Add default pam common- files.
root [Thu, 25 Sep 2008 07:48:37 +0000 (07:48 +0000)]
pam: Add default pam common- files.

16 years agoAdd local debian repository.
root [Thu, 21 Aug 2008 16:04:27 +0000 (16:04 +0000)]
Add local debian repository.

16 years agoImport initial sources.list.
root [Thu, 21 Aug 2008 15:45:24 +0000 (15:45 +0000)]
Import initial sources.list.