diff options
| author | Eden <edendeoliveira@gmail.com> | 2019-04-10 23:02:55 +0100 |
|---|---|---|
| committer | Eden <edendeoliveira@gmail.com> | 2019-04-10 23:12:09 +0100 |
| commit | fdc231661647d4ca15ddf312e85b210eabd23e50 (patch) | |
| tree | 36a1e267f434b3e5c6bafe9a57b0abf4fd82236e | |
| parent | 675126cad1cde96a6fcf63efdc1bd8b6f6ba22ad (diff) | |
| parent | a19f7c5f9f357102b469b2b44c3f0749e1345b11 (diff) | |
| download | doc-fdc231661647d4ca15ddf312e85b210eabd23e50.tar.gz | |
doc release 0.5.2
| -rw-r--r-- | core/configure.html | 3 | ||||
| -rw-r--r-- | core/ports.html | 3 | ||||
| -rw-r--r-- | core/scripts/backup-ports.sh | 130 | ||||
| -rw-r--r-- | core/scripts/backup-system.sh | 149 | ||||
| -rw-r--r-- | core/scripts/restore-ports.sh | 4 | ||||
| -rw-r--r-- | dev/git/work.html | 34 | ||||
| -rw-r--r-- | host.html | 2 | ||||
| -rw-r--r-- | index.html | 2 | ||||
| -rw-r--r-- | tools/conf/etc/skel/.gitconfig | 8 | ||||
| -rw-r--r-- | tools/conf/etc/syslog-ng.conf | 235 | ||||
| -rw-r--r-- | tools/conf/srv/pgsql/data/pg_hba.conf | 36 | ||||
| -rw-r--r-- | tools/conf/srv/pgsql/data/postgresql.conf | 194 | ||||
| -rw-r--r-- | tools/dnsmasq.html | 4 | ||||
| -rw-r--r-- | tools/gitolite.html | 3 | ||||
| -rw-r--r-- | tools/index.html | 27 | ||||
| -rw-r--r-- | tools/logwatch.html | 79 | ||||
| -rw-r--r-- | tools/openssh.html | 3 | ||||
| -rw-r--r-- | tools/postgresql.html | 28 | ||||
| -rw-r--r-- | tools/scripts/pkgmk-test.conf | 1 |
19 files changed, 529 insertions, 416 deletions
diff --git a/core/configure.html b/core/configure.html index c814091..90c97ea 100644 --- a/core/configure.html +++ b/core/configure.html @@ -185,8 +185,7 @@ </dl> <pre> - # group -g username username - # useradd -u username -g username -m -k /etc/skel -s /bin/bash username + # useradd -U -m -k /etc/skel -s /bin/bash username # usermod -G adm,wheel,audio,video username # passwd username </pre> diff --git a/core/ports.html b/core/ports.html index 34583d1..e921351 100644 --- a/core/ports.html +++ b/core/ports.html @@ -29,8 +29,7 @@ Add a user that will be used by ports tools, this example pkgmk;</p> <pre> - # group -r -g pkgmk pkgmk - # useradd -r -u pkgmk -g pkgmk -m -d /usr/ports -s /bin/false pkgmk + # useradd -r -U -d /usr/ports -s /bin/false pkgmk </pre> <p>You can add your self to group pkgmk. Check if members of this diff --git a/core/scripts/backup-ports.sh b/core/scripts/backup-ports.sh index b5667e4..bac18e5 100644 --- a/core/scripts/backup-ports.sh +++ b/core/scripts/backup-ports.sh @@ -3,6 +3,9 @@ DEST_SYS=/usr/ports/releases/stable DEST_ARC=/usr/ports/releases/archives +#PACKAGES=/usr/ports/packages +PACKAGES=/usr/ports/archive/packages + #PRT_GET_FLAGS="-fr -if -is" PRT_GET_FLAGS="-fr" @@ -12,90 +15,119 @@ BUILD_NAME="R1D9" #echo "${DEST_ARC}/NAME-0.0.0.targ.gz" #read BUILD_NAME +#internal +database=${DEST_SYS}/pkg-db.tar.gz +ports=${DEST_SYS}/etc-ports.tar.gz +metadata=${DEST_SYS}/metadata.tar.gz +build=${DEST_SYS}/metadata/build-version +portsver=${DEST_SYS}/metadata/ports-releases +all=${DEST_SYS}/metadata/all-installed +collinst=${DEST_SYS}/metadata/installed +notfound=${DEST_SYS}/metadata/not-found + echo "Give build CRUX_RELEASE.VERSION (3.4.X);" echo "${DEST_ARC}/${BUILD_NAME}-VERSION.tar.gz" read BUILD_VERSION mkdir -p ${DEST_SYS} mkdir -p ${DEST_ARC} +mkdir -p ${DEST_SYS}/metadata + +archive="${DEST_ARC}/${BUILD_NAME}-${BUILD_VERSION}.tar" +echo "Creating $archive ..." +if [ -f ${archive} ]; then + rm ${archive} +fi backup_collections() { # backup collection packages while read COLL_VERSION; do - COLL_NAME=$(echo $COLL_VERSION | cut -d "-" -f 1) - COLL_RELEASE=$(echo $COLL_VERSION | cut -d "-" -f 2) - - while read PORT_NAME; do - # get installed version not version on ports - PACKAGE=$(grep "^${PORT_NAME}#" ${DEST_SYS}/all-installed.pkg) - echo "Backing up package: ${PACKAGE}" - - # check if binary package exist - if [ ! -f /usr/ports/packages/${PACKAGE} ]; then - echo "Building package: ${PACKAGE};" - sudo prt-get update ${PRT_GET_FLAGS} ${PORT_NAME} - fi - - if [ -f /usr/ports/packages/${PACKAGE} ]; then - echo ${PACKAGE} >> ${DEST_SYS}/${COLL_NAME}-backup.pkg - tar rvf ${DEST_SYS}/${COLL_NAME}-${COLL_RELEASE}.tar --directory=/usr/ports/packages ${PACKAGE} - else - echo "Package ${PACKAGE} from ${PORT_NAME} port not found." - echo ${PACKAGE} >> ${DEST_SYS}/${COLL_NAME}-${COLL_RELEASE}-notfound.pkg - fi - done < ${DEST_SYS}/${COLL_NAME}-installed.pkg - done < ${DEST_SYS}/ports_versions.pkg + COLL_NAME=$(echo $COLL_VERSION | cut -d "-" -f 1) + COLL_RELEASE=$(echo $COLL_VERSION | cut -d "-" -f 2) + + if [ -f ${DEST_SYS}/${COLL_VERSION}.tar ]; then + rm ${DEST_SYS}/${COLL_VERSION}.tar + fi + + while read PORT_NAME; do + # get installed version not version on ports + PACKAGE=$(grep "^${PORT_NAME}#" ${all}) + + # check if binary package exist + if [ ! -f /usr/ports/packages/${PACKAGE} ]; then + echo "Building package: ${PACKAGE};" + sudo prt-get update ${PRT_GET_FLAGS} ${PORT_NAME} + fi + + if [ -f /usr/ports/packages/${PACKAGE} ]; then + echo ${PACKAGE} >> ${DEST_SYS}/metadata/${COLL_NAME}-backup + tar rvf ${DEST_SYS}/${COLL_VERSION}.tar --directory=${PACKAGES} ${PACKAGE} + else + echo "Package ${PACKAGE} from ${PORT_NAME} port not found." + echo ${PACKAGE} >> ${notfound}-${COLL_VERSION} + fi + done < ${collinst}-${COLL_NAME} + + tar rvf $archive --directory=${DEST_SYS} ${COLL_VERSION}.tar + + done < ${portsver} } create_metadata() { - echo "${BUILD_NAME}-${BUILD_VERSION}" >> ${DEST_SYS}/build_version + + echo "${BUILD_NAME}-${BUILD_VERSION}" > ${build} # archive pkgutils data - tar --xattrs -zcpf ${DEST_SYS}/pkg-db.tar.gz /var/lib/pkg/db . + tar --xattrs -zcpf $database --directory=/var/lib/pkg/ db + tar rvf $archive --directory=${DEST_SYS} $(basename ${database}) # archive ports data - tar --xattrs -zcpf ${DEST_SYS}/etc_ports.tar.gz --directory=/etc/ports . + tar --xattrs -zcpf $ports --directory=/etc/ports . + tar rvf $archive --directory=${DEST_SYS} $(basename ${ports}) # must be using gwak instead of sed - prt-get listinst -v | sed 's/ /#/g' | sed 's/$/.pkg.tar.gz/g' > ${DEST_SYS}/all-installed.pkg + prt-get listinst -v | sed 's/ /#/g' | sed 's/$/.pkg.tar.gz/g' > ${all} - if [ -f ${DEST_SYS}/ports_versions ]; then - rm ${DEST_SYS}/ports_versions.pkg + if [ -f ${portsver} ]; then + rm ${portsver} fi for filename in /etc/ports/*.git; do - source $filename + source $filename + + echo "${NAME} port collection release (exp; ${BUILD_VERSION}):" + + read RELEASE + echo ${NAME}-${RELEASE} >> ${portsver} - echo "${NAME} port collection release (exp; ${BUILD_VERSION}):" + # backup ports collection + echo "Backing up collection: ${NAME}" + tar --xattrs -zcpf ${DEST_SYS}/"ports"-${NAME}-${RELEASE}.tar.gz \ + --directory=/usr/ports/${NAME} \ + --exclude=.git \ + . - read RELEASE - echo ${NAME}-${RELEASE} >> ${DEST_SYS}/ports_versions.pkg + tar rvf $archive --directory=${DEST_SYS} "ports"-${NAME}-${RELEASE}.tar.gz - # backup ports collection - echo "Backing up collection: ${NAME}" - tar --xattrs -zcpf ${DEST_SYS}/${NAME}-ports-${RELEASE}.tar.gz \ - --directory=/usr/ports/${NAME} \ - --exclude=.git/ \ - . + # create list of installed packages + prt-get printf "%i %p %n\n" | grep "yes /usr/ports/${NAME}" | cut -d " " -f 3 > ${collinst}-${NAME} - # create list of installed packages - prt-get printf "%i %p %n\n" | grep "yes /usr/ports/${NAME}" | cut -d " " -f 3 > ${DEST_SYS}/${NAME}-installed.pkg - done +done } create_archive() { - echo "Creating ${DEST_ARC}/${BUILD_NAME}-${BUILD_VERSION}.tar.gz ..." - tar --xattrs -zcpf ${DEST_ARC}/${BUILD_NAME}-${BUILD_VERSION}.tar.gz --directory=${DEST_SYS} . + tar --xattrs -zcpf ${metadata} --directory=${DEST_SYS} metadata/ + tar rvf $archive --directory=${DEST_SYS} $(basename ${metadata}) } update_host() { - echo "Creating links to /usr/ports/installed" - rm -r /usr/ports/installed - pkg_installed + echo "Creating links to /usr/ports/installed" + rm -r /usr/ports/installed + pkg_installed - echo "Creating ports page" - portspage --title=${BUILD_NAME}-${BUILD_VERSION} /usr/ports/installed > /usr/ports/installed/index.html + echo "Creating ports page" + portspage --title=${BUILD_NAME}-${BUILD_VERSION} /usr/ports/installed > /usr/ports/installed/index.html } create_metadata diff --git a/core/scripts/backup-system.sh b/core/scripts/backup-system.sh index 17c8c6a..22fe588 100644 --- a/core/scripts/backup-system.sh +++ b/core/scripts/backup-system.sh @@ -3,8 +3,6 @@ ROOT_DIR= DEST_DIR=/root/backup DEST_SYS="${DEST_DIR}/system" -PORT_PKG="${DEST_SYS}/packages" -PORT_PRT="${DEST_SYS}/ports" DATA_CNF="${DEST_DIR}/conf" DATA_USR="${DEST_DIR}/user" DATA_SRV="${DEST_DIR}/srv" @@ -31,8 +29,6 @@ print_data () { echo "ROOT_DIR=${ROOT_DIR}" echo "DEST_DIR=${DEST_DIR}" echo "DEST_SYS=${DEST_SYS}" - echo "PORT_PKG=${PORT_PKG}" - echo "PORT_PRT=${PORT_PRT}" echo "DATA_CNF=${DATA_CNF}" echo "DATA_USR=${DATA_USR}" echo "DATA_SRV=${DATA_SRV}" @@ -59,8 +55,6 @@ while [ "$1" ]; do # Destination directory DEST_SYS="${DEST_DIR}/system" - PORT_PKG="${DEST_SYS}/packages" - PORT_PRT="${DEST_SYS}/ports" DATA_CNF="${DEST_DIR}/conf" DATA_USR="${DEST_DIR}/user" DATA_SRV="${DEST_DIR}/srv" @@ -80,8 +74,6 @@ done print_data ConfirmOrExit -mkdir -p ${PORT_PKG} -mkdir -p ${PORT_PRT} mkdir -p ${DATA_CNF} mkdir -p ${DATA_USR} mkdir -p ${DATA_SRV} @@ -95,7 +87,79 @@ tar --xattrs -zcpf $DATA_CNF/usr_etc.tar.gz \ --directory=$ROOT_DIR/usr/etc \ . +bacup_home_metadata () { # User Meta Data + + for dir in /home/*; do + if [ "${dir}" != "/home/lost+found" ]; then + user=$(basename $dir) + tar --xattrs -zcpf "${DATA_USR}/meta-${user}.tar.gz" \ + $dir/.bash_profile \ + $dir/.bashrc \ + $dir/.config \ + $dir/.gitconfig \ + $dir/.gnupg \ + $dir/.irssi \ + $dir/.lynxrc \ + $dir/.mutt \ + $dir/.netrc \ + $dir/.profile \ + $dir/.spectrwm.conf \ + $dir/.ssh \ + $dir/.tmux.conf \ + $dir/.vim \ + $dir/.vimrc \ + $dir/.xinitrc + + # encript data + #gpg --output "${DATA_USR}/meta-${user}.tar.gz.gpg" \ + # --encrypt --recipient user@host \ + # "${DATA_USR}/meta-${user}.tar.gz" + + tar --xattrs -zcpf "${DATA_USR}/gitolite-${user}.tar.gz" \ + $dir/gitolite-admin + fi + done +} + +backup_services () { + # backup web data first stop php and nginx + for pkg_www in ${ROOT_DIR}/srv/www/*; do + if [[ ! $(ls ${pkg_www} | grep -v "backup_deploy") = "" ]]; then + pkg_back="${DATA_SRV}/www" + if [ ! -d ${pkg_back} ]; then + mkdir -p ${pkg_back} + fi + bck_file="${pkg_back}/$(basename ${pkg_www}).tar.gz" + exc="${pkg_www}/backup_deploy" + tar --exclude ${exc} --xattrs -zcpf ${bck_file} ${pkg_www} + fi + done + + # backup database data first dump all databases + pkg_back="${DATA_SRV}/pgsql" + if [ ! -d ${pkg_back} ]; then + mkdir -p ${pkg_back} + fi + pg_dumpall -U postgres | gzip > ${pkg_back}/cluster_dump.gz + + tar --xattrs -zcpf "${pkg_back}/pgsql-conf.tar.gz" \ + ${ROOT_DIR}/srv/pgsql/data/pg_hba.conf \ + ${ROOT_DIR}/srv/pgsql/data/pg_ident.conf \ + ${ROOT_DIR}/srv/pgsql/data/postgresql.conf + + + # backup gitolite repositories + pkg_back="${DATA_SRV}/gitolite" + if [ ! -d ${pkg_back} ]; then + mkdir -p ${pkg_back} + fi + + tar --xattrs -zcpf "${pkg_back}/gitolite.tar.gz" \ + --directory=${ROOT_DIR}/srv/gitolite \ + . +} + while true do echo "Backup User Metadata ?" @@ -105,36 +169,7 @@ do n|N|no|NO|No) break ;; y|Y|YES|yes|Yes) echo "Accept - you entered $CONFIRM" - for dir in /home/*; do - if [ "${dir}" != "/home/lost+found" ]; then - user=$(basename $dir) - tar --xattrs -zcpf "${DATA_USR}/meta-${user}.tar.gz" \ - $dir/.bash_profile \ - $dir/.bashrc \ - $dir/.config \ - $dir/.gitconfig \ - $dir/.gnupg \ - $dir/.irssi \ - $dir/.lynxrc \ - $dir/.mutt \ - $dir/.netrc \ - $dir/.profile \ - $dir/.spectrwm.conf \ - $dir/.ssh \ - $dir/.tmux.conf \ - $dir/.vim \ - $dir/.vimrc \ - $dir/.xinitrc - - # encript data - #gpg --output "${DATA_USR}/meta-${user}.tar.gz.gpg" \ - # --encrypt --recipient user@host \ - # "${DATA_USR}/meta-${user}.tar.gz" - - tar --xattrs -zcpf "${DATA_USR}/gitolite-${user}.tar.gz" \ - $dir/gitolite-admin - fi - done + bacup_home_metadata break ;; *) echo "Please enter only y or n" @@ -151,43 +186,7 @@ do n|N|no|NO|No) break ;; y|Y|YES|yes|Yes) echo "Accept - you entered $CONFIRM" - - # backup web data first stop php and nginx - for pkg_www in ${ROOT_DIR}/srv/www/*; do - if [[ ! $(ls ${pkg_www} | grep -v "backup_deploy") = "" ]]; then - pkg_back="${DATA_SRV}/www" - if [ ! -d ${pkg_back} ]; then - mkdir -p ${pkg_back} - fi - bck_file="${pkg_back}/$(basename ${pkg_www}).tar.gz" - exc="${pkg_www}/backup_deploy" - tar --exclude ${exc} --xattrs -zcpf ${bck_file} ${pkg_www} - fi - done - - # backup database data first dump all databases - pkg_back="${DATA_SRV}/pgsql" - if [ ! -d ${pkg_back} ]; then - mkdir -p ${pkg_back} - fi - pg_dumpall -U postgres | gzip > ${pkg_back}/cluster_dump.gz - - tar --xattrs -zcpf "${pkg_back}/pgsql-conf.tar.gz" \ - ${ROOT_DIR}/srv/pgsql/data/pg_hba.conf \ - ${ROOT_DIR}/srv/pgsql/data/pg_ident.conf \ - ${ROOT_DIR}/srv/pgsql/data/postgresql.conf - - - # backup gitolite repositories - pkg_back="${DATA_SRV}/gitolite" - if [ ! -d ${pkg_back} ]; then - mkdir -p ${pkg_back} - fi - - tar --xattrs -zcpf "${pkg_back}/gitolite.tar.gz" \ - --directory=${ROOT_DIR}/srv/gitolite \ - . - + backup_services break ;; *) echo "Please enter only y or n" diff --git a/core/scripts/restore-ports.sh b/core/scripts/restore-ports.sh index 39f5178..b53e723 100644 --- a/core/scripts/restore-ports.sh +++ b/core/scripts/restore-ports.sh @@ -19,7 +19,7 @@ extract_archives() { echo "extracting ${COLL_VERSION}.tar to /usr/ports/packages" tar -C /usr/ports/packages -xf ${WORK_DIR}/${COLL_VERSION}.tar rm ${WORK_DIR}/${COLL_VERSION}.tar - done < ${WORK_DIR}/ports_versions.pkg + done < ${WORK_DIR}/metadata/ports-releases } update_system() { @@ -30,7 +30,7 @@ update_system() { while read COLL_VERSION; do COLL_NAME=$(echo $COLL_VERSION | cut -d "-" -f 1) ports -u $COLL_NAME - done < ${WORK_DIR}/ports_versions.pkg + done < ${WORK_DIR}/metadata/ports-releases # first update with prt-get prt-get sysup diff --git a/dev/git/work.html b/dev/git/work.html index b57bfb5..7f97af5 100644 --- a/dev/git/work.html +++ b/dev/git/work.html @@ -58,28 +58,28 @@ gloga () { <p>Mark all deleted to commit;</p> <pre> -$ git ls-files --deleted -z | xargs -0 git rm + $ git ls-files --deleted -z | xargs -0 git rm </pre> <p>Query last commit that affected current file path</p> <pre> -$ git rev-list -n 1 HEAD -- . -$ git show f000 path/to/file -$ git diff --name-status f000 path/to/file + $ git rev-list -n 1 HEAD -- . + $ git show f000 path/to/file + $ git diff --name-status f000 path/to/file </pre> <p>Undo a file to specific commit</p> <pre> -$ git checkout f000^ -- path/to/file + $ git checkout f000^ -- path/to/file </pre> <p>Join multiple commits into single one;</p> <pre> -$ git log --oneline -$ git rebase -i oldest_commit_to_rewrite + $ git log --oneline + $ git rebase -i oldest_commit_to_rewrite </pre> <h2 id="logdiff">2.2. Logs, diff commits</h2> @@ -87,13 +87,13 @@ $ git rebase -i oldest_commit_to_rewrite <p>Create patch files to target branch/tag/ref;</p> <pre> -$ git format-patch --no-prefix software-v0.0.1 + $ git format-patch --no-prefix software-v0.0.1 </pre> <p>Same using diff command;</p> <pre> -$ diff orig file > file.patch + $ diff -u orig file > file.patch </pre> <h2 id="remote">2.3. Working with remotes</h2> @@ -101,40 +101,40 @@ $ diff orig file > file.patch <p>Adding a new remote;</p> <pre> -$ git remote add newremotename https://machine.example.org/repo.git + $ git remote add newremotename https://machine.example.org/repo.git </pre> <p>Update all branches with remote;</p> <pre> -$ git fetch --all -$ git pull --all + $ git fetch --all + $ git pull --all </pre> <p>If you want to track all remotes run this line and then the commands mentioned above;</p> <pre> -$ for remote in `git branch -r`; do git branch --track ${remote#origin/} $remote; done + $ for remote in `git branch -r`; do git branch --track ${remote#origin/} $remote; done </pre> <p>Future updates;</p> <pre> -$ git fetch --all -$ git pull --all + $ git fetch --all + $ git pull --all </pre> <p>Update local branches removed on remote set;</p> <pre> -$ git config --global fetch.prune true + $ git config --global fetch.prune true </pre> <p>This will prune on fetch or you can keep it manually;</p> <pre> -$ git remote prune origin + $ git remote prune origin </pre> <p>When using gitolite as remote, check following documentation;</p> diff --git a/host.html b/host.html index 4fe155f..554aa06 100644 --- a/host.html +++ b/host.html @@ -11,7 +11,7 @@ <h2>Core</h2> <dl> <dt>Base OS</dt> - <dd>Gnu/Linux Crux 3.2<dd> + <dd>Gnu/Linux Crux 3.4<dd> <dd><a href="core/install.html#step1">Download</a></dd> <dt>Package Management</dt> diff --git a/index.html b/index.html index 48ee3d1..05ede6b 100644 --- a/index.html +++ b/index.html @@ -38,7 +38,7 @@ <p>Version;</p> <pre> - rev 0.5.1 + rev 0.5.2 </pre> <a href="links.html">Links</a> contains relevant diff --git a/tools/conf/etc/skel/.gitconfig b/tools/conf/etc/skel/.gitconfig new file mode 100644 index 0000000..f96ecf7 --- /dev/null +++ b/tools/conf/etc/skel/.gitconfig @@ -0,0 +1,8 @@ +[core] + pager = less -F -X +[diff] + tool = vimdiff +[merge] + tool = vimdiff +[difftool] + prompt = false diff --git a/tools/conf/etc/syslog-ng.conf b/tools/conf/etc/syslog-ng.conf index cfb1c08..16c1ddb 100644 --- a/tools/conf/etc/syslog-ng.conf +++ b/tools/conf/etc/syslog-ng.conf @@ -1,60 +1,43 @@ -############################################################################# -# Simple syslog-ng.conf for crux.nu, +@version: 3.17 # -# Silvino Silva < silvino at bk dot ru > -# Created: 1/12/2014 -# -# Reference: -# http://www.campin.net/syslog-ng/expanded-syslog-ng.con -# -# Notes: -# * f_error and f_console are not used -# -------------------------------------------------------------------------- -@version: 3.5 -@include "scl.conf" - -options { - flush_lines(0); - time_reopen(10); - chain_hostnames(off); - create_dirs(no); - stats_freq(1200); - use_dns(no); - use_fqdn(no); - perm(0600); - log_fifo_size(2048); - log_msg_size(1024); - keep_hostname(yes); -}; +# /etc/syslog-ng: syslog-ng(8) configration file +# based on a gentoo template added custom changes for crux -############################################# -# sources -# -source s_log { unix-dgram("/dev/log"); }; -source s_internal { internal(); }; -source s_kernel { file("/proc/kmsg" program_override("kernel")); }; +# on busy systems you may have to adjus flush_lines and suppress() to avoid +# heavy disc i/o +# to change default permissions/owner/group for newly created files add +# options like this: owner(root); group(sys); perm(0644); + +options { chain_hostnames(off); flush_lines(0); stats_freq(0); create_dirs(on); }; + +#source where to read log +source src { unix-stream("/dev/log"); internal(); }; +source kernsrc { file("/proc/kmsg"); }; +#define templates template t_debug { template("$DATE fac $FACILITY lvl $LEVEL prg $PROGRAM: $MSG\n"); }; -############################################# -# common destinations -# +#define destinations +destination authlog { file("/var/log/auth" suppress(5)); }; +destination sudo { file("/var/log/sudo" suppress(5)); }; +destination cron { file("/var/log/cron" suppress(5)); }; +destination kern { file("/var/log/kernel" suppress(5)); }; +destination mail { file("/var/log/mail" suppress(5)); }; -destination d_auth { file("/var/log/auth"); }; -destination d_cron { file("/var/log/cron"); }; -destination d_daemon { file("/var/log/daemon"); }; -destination d_kernel { file("/var/log/kernel"); }; -destination d_lpr { file("/var/log/lpr"); }; -destination d_mail { file("/var/log/mail"); }; -destination d_user { file("/var/log/user"); }; -destination d_syslog { file("/val/log/syslog"); }; +destination mailinfo { file("/var/log/mail.info" suppress(5)); }; +destination mailwarn { file("/var/log/mail.warn" suppress(5)); }; +destination mailerr { file("/var/log/mail.err" suppress(5)); }; -destination d_debug { file("/var/log/debug" template(t_debug)); }; -destination d_error { file("/var/log/error"); }; -destination d_messages { file("/var/log/messages"); }; +#destination newscrit { file("/var/log/news/news.crit" suppress(5)); }; +#destination newserr { file("/var/log/news/news.err" suppress(5)); }; +#destination newsnotice { file("/var/log/news/news.notice" suppress(5)); }; -destination d_console { usertty("root"); }; -destination d_console_all { usertty("root"); }; +destination debug { file("/var/log/debug" template(t_debug) suppress(5)); }; +destination messages { file("/var/log/messages" suppress(5)); }; +destination errors { file("/var/log/error" suppress(5)); }; +destination console { usertty("root"); }; +destination console_all { file("/dev/tty12" suppress(5)); }; +destination xconsole { pipe("/dev/xconsole" suppress(5)); }; ############################################# # custom destinations @@ -70,119 +53,75 @@ destination d_gitolite { file("/var/log/gitolite"); }; destination d_nginx_access { file("/var/log/nginx/access.log" owner(root) group(www) perm(0644)); }; destination d_nginx_error { file("/var/log/nginx/error.log"); }; -############################################# -# common filters -# -filter f_info { level(info); }; -filter f_notice { level(notice); }; -filter f_warn { level(warn); }; -filter f_err { level(err); }; -filter f_crit { level(crit .. emerg); }; - -filter f_emerg { level(emerg); }; -filter f_alert { level(alert); }; - -filter f_debug { - level(debug) - and not facility(auth, authpriv, mail, news) -}; - -filter f_error { level(err..emerg); }; -filter f_auth { facility(auth, authpriv); }; -filter f_cron { facility(cron); }; -filter f_daemon { facility(daemon); }; -filter f_kernel { facility(kern); }; -filter f_lpr { facility(lpr); }; - -filter f_local { facility( - local0, - local1, - local2, - local3, - local4, - local5, - local6, - local7 - ); -}; - -filter f_mail { facility(mail); }; -filter f_syslog { facility(syslog); }; -filter f_user { facility(user); }; -filter f_console { level(warn .. emerg); }; +#create filters +filter f_authpriv { facility(auth, authpriv); }; +filter f_cron { facility(cron); }; +filter f_kern { facility(kern); }; +filter f_mail { facility(mail); }; +#filter f_debug { not facility(auth, authpriv, mail) and not program(sudo); }; +filter f_debug { not facility(mail) and not program(sudo); }; +filter f_messages { level(info..warn) + and not facility(auth, authpriv, mail) and not program(sudo); }; +filter f_sudo { program(sudo); }; +filter f_errors { level(err..emerg); }; + +filter f_emergency { level(emerg); }; + +filter f_info { level(info); }; +filter f_notice { level(notice); }; +filter f_warn { level(warn); }; +filter f_crit { level(crit); }; +filter f_err { level(err); }; ############################################# # custom filters # - -filter f_messages { - level(info..warn) - and not facility(auth, authpriv, mail, cron) -}; - filter f_dnsmasq { program("dnsmasq"); }; filter f_postgres { facility(local0); }; filter f_sshd { facility(local1); }; -filter f_iptables { - facility(kern) - and match("iptables" value("MESSAGE")) -}; - -filter f_shorewall_warn { - level (warn) - and match ("Shorewall" value("MESSAGE")); -}; - -filter f_shorewall_info { - level (info) - and match ("Shorewall" value("MESSAGE")); -}; - +filter f_iptables { facility(kern) and match("iptables" value("MESSAGE")) }; +filter f_shorewall_warn { level (warn) and match ("Shorewall" value("MESSAGE")); }; +filter f_shorewall_info {level (info) and match ("Shorewall" value("MESSAGE")); }; filter f_gitolite { program("gitolite"); }; +filter f_nginx_access { match("nginx_access:" value("MESSAGE")); }; +filter f_nginx_error { match("nginx_error:" value("MESSAGE")); }; + +# examples for text-matching (beware of performance issues) +#filter f_failed { match("failed"); }; +#filter f_denied { match("denied"); }; + +#connect filter and destination +log { source(src); filter(f_authpriv); destination(authlog); }; +log { source(src); filter(f_sudo); destination(sudo); }; +log { source(src); filter(f_cron); destination(cron); }; +log { source(kernsrc); filter(f_kern); destination(kern); }; +log { source(src); filter(f_mail); destination(mail); }; +log { source(src); filter(f_mail); filter(f_info); destination(mailinfo); }; +log { source(src); filter(f_mail); filter(f_warn); destination(mailwarn); }; +log { source(src); filter(f_mail); filter(f_err); destination(mailerr); }; + +#log { source(src); filter(f_debug); destination(debug); }; +log { source(src); filter(f_messages); destination(messages); }; +log { source(src); filter(f_errors); destination(errors); }; +log { source(src); filter(f_emergency); destination(console); }; -filter f_nginx_access { - match("nginx_access:" value("MESSAGE")); -}; - -filter f_nginx_error { - match("nginx_error:" value("MESSAGE")); -}; - - -log { source (s_kernel); filter (f_iptables); destination (d_iptables); flags(final);}; -log { source (s_kernel); filter (f_shorewall_warn); destination (d_shorewall_warn); flags(final);}; -log { source (s_kernel); filter (f_shorewall_info); destination (d_shorewall_info); flags(final);}; -log { source(s_log); filter(f_dnsmasq); destination(d_dnsmasq); flags(final); }; -log { source(s_log); filter(f_postgres); destination(d_postgres); flags(final); }; -log { source(s_log); filter(f_sshd); destination(d_sshd); flags(final); }; -log { source(s_log); filter(f_gitolite); destination(d_gitolite); flags(final); }; -log { source(s_log); filter(f_nginx_error); destination(d_nginx_error); flags(final); }; -log { source(s_log); filter(f_local); filter(f_nginx_access); destination(d_nginx_access); flags(final); }; +#default log +#log { source(src); destination(console_all); }; ############################################# -# connect filter and destination +# custom # -log { source(s_log); filter(f_auth); destination(d_auth); }; -log { source(s_log); filter(f_cron); destination(d_cron); }; -log { source(s_log); filter(f_daemon); destination(d_daemon); }; -log { source(s_kernel); filter(f_kernel); destination(d_kernel); }; -log { source(s_log); filter(f_lpr); destination(d_lpr); }; -log { source(s_log); source(s_internal); filter(f_syslog); destination(d_syslog); }; -log { source(s_log); filter(f_user); destination(d_user); }; +log { source (kernsrc); filter (f_iptables); destination (d_iptables);}; +log { source (kernsrc); filter (f_shorewall_warn); destination (d_shorewall_warn);}; +log { source (kernsrc); filter (f_shorewall_info); destination (d_shorewall_info);}; +log { source(src); filter(f_dnsmasq); destination(d_dnsmasq);}; +log { source(src); filter(f_postgres); destination(d_postgres);}; +log { source(src); filter(f_sshd); destination(d_sshd);}; +log { source(src); filter(f_gitolite); destination(d_gitolite);}; +log { source(src); filter(f_nginx_error); destination(d_nginx_error);}; +log { source(src); filter(f_nginx_access); destination(d_nginx_access);}; -log { source(s_log); filter(f_mail); destination(d_mail); }; -log { source(s_log); filter(f_mail); filter(f_info); destination(d_mail); }; -log { source(s_log); filter(f_mail); filter(f_info); destination(d_mail); }; -log { source(s_log); filter(f_mail); filter(f_info); destination(d_mail); }; -log { source(s_log); filter(f_debug); destination(d_debug); }; -log { source(s_log); filter(f_error); destination(d_error); }; - -#log { source(s_log); filter(f_console); destination(d_console_all); }; -log { source(s_log); filter(f_crit); destination(d_console); }; - -#default log -log { source(s_log); filter(f_messages); destination(d_messages); }; diff --git a/tools/conf/srv/pgsql/data/pg_hba.conf b/tools/conf/srv/pgsql/data/pg_hba.conf index 55ce3f3..af37ab4 100644 --- a/tools/conf/srv/pgsql/data/pg_hba.conf +++ b/tools/conf/srv/pgsql/data/pg_hba.conf @@ -42,10 +42,10 @@ # or "samenet" to match any address in any subnet that the server is # directly connected to. # -# METHOD can be "trust", "reject", "md5", "password", "gss", "sspi", -# "ident", "peer", "pam", "ldap", "radius" or "cert". Note that -# "password" sends passwords in clear text; "md5" is preferred since -# it sends encrypted passwords. +# METHOD can be "trust", "reject", "md5", "password", "scram-sha-256", +# "gss", "sspi", "ident", "peer", "pam", "ldap", "radius" or "cert". +# Note that "password" sends passwords in clear text; "md5" or +# "scram-sha-256" are preferred since they send encrypted passwords. # # OPTIONS are a set of options for the authentication in the format # NAME=VALUE. The available options depend on the different @@ -59,11 +59,11 @@ # its special character, and just match a database or username with # that name. # -# This file is read on server startup and when the postmaster receives -# a SIGHUP signal. If you edit the file on a running system, you have -# to SIGHUP the postmaster for the changes to take effect. You can -# use "pg_ctl reload" to do that. - +# This file is read on server startup and when the server receives a +# SIGHUP signal. If you edit the file on a running system, you have to +# SIGHUP the server for the changes to take effect, run "pg_ctl reload", +# or execute "SELECT pg_reload_conf()". +# # Put your actual configuration here # ---------------------------------- # @@ -82,15 +82,19 @@ # "local" is for Unix domain socket connections only #local all all trust -local all postgres ident # IPv4 local connections: -host all all 127.0.0.1/32 trust -#hostssl all all 192.168.0.0/32 md5 - +#host all all 127.0.0.1/32 trust # IPv6 local connections: #host all all ::1/128 trust # Allow replication connections from localhost, by a user with the # replication privilege. -#local replication postgres trust -#host replication postgres 127.0.0.1/32 trust -#host replication postgres ::1/128 trust +#local replication all trust +#host replication all 127.0.0.1/32 trust +#host replication all ::1/128 trust + +# TYPE DATABASE USER ADDRESS METHOD +local postgres postgres trust +host postgres postgres 127.0.0.1/32 trust +host db_flyspray flyspray 127.0.0.1/32 md5 +host all all 127.0.0.1/32 scram-sha-256 +host all all 0.0.0.0/0 reject diff --git a/tools/conf/srv/pgsql/data/postgresql.conf b/tools/conf/srv/pgsql/data/postgresql.conf index df3525c..e25ab49 100644 --- a/tools/conf/srv/pgsql/data/postgresql.conf +++ b/tools/conf/srv/pgsql/data/postgresql.conf @@ -16,9 +16,9 @@ # # This file is read on server startup and when the server receives a SIGHUP # signal. If you edit the file on a running system, you have to SIGHUP the -# server for the changes to take effect, or use "pg_ctl reload". Some -# parameters, which are marked below, require a server shutdown and restart to -# take effect. +# server for the changes to take effect, run "pg_ctl reload", or execute +# "SELECT pg_reload_conf()". Some parameters, which are marked below, +# require a server shutdown and restart to take effect. # # Any parameter can also be given as a command-line option to the server, e.g., # "postgres -c log_connections=on". Some parameters can be changed at run time @@ -73,26 +73,6 @@ max_connections = 100 # (change requires restart) #bonjour_name = '' # defaults to the computer name # (change requires restart) -# - Security and Authentication - - -#authentication_timeout = 1min # 1s-600s -ssl = on # (change requires restart) -#ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers - # (change requires restart) -#ssl_prefer_server_ciphers = on # (change requires restart) -#ssl_ecdh_curve = 'prime256v1' # (change requires restart) -ssl_cert_file = '/etc/ssl/certs/pg.crt' # (change requires restart) -ssl_key_file = '/etc/ssl/keys/pg.key' # (change requires restart) -#ssl_ca_file = '' # (change requires restart) -#ssl_crl_file = '' # (change requires restart) -password_encryption = on -#db_user_namespace = off -#row_security = on - -# GSSAPI using Kerberos -#krb_server_keyfile = '' -#krb_caseins_users = off - # - TCP Keepalives - # see "man 7 tcp" for details @@ -103,6 +83,34 @@ password_encryption = on #tcp_keepalives_count = 0 # TCP_KEEPCNT; # 0 selects the system default +# - Authentication - + +#authentication_timeout = 1min # 1s-600s +#password_encryption = md5 # md5 or scram-sha-256 +password_encryption = scram-sha-256 # md5 or scram-sha-256 +#db_user_namespace = off + +# GSSAPI using Kerberos +#krb_server_keyfile = '' +#krb_caseins_users = off + +# - SSL - + +#ssl = off +ssl = on +#ssl_ca_file = '' +#ssl_cert_file = 'server.crt' +ssl_cert_file = '/etc/ssl/certs/pg.crt' +#ssl_crl_file = '' +#ssl_key_file = 'server.key' +ssl_key_file = '/etc/ssl/keys/pg.key' +#ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers +#ssl_prefer_server_ciphers = on +#ssl_ecdh_curve = 'prime256v1' +#ssl_dh_params_file = '' +#ssl_passphrase_command = '' +#ssl_passphrase_command_supports_reload = off + #------------------------------------------------------------------------------ # RESOURCE USAGE (except WAL) @@ -123,24 +131,24 @@ shared_buffers = 128MB # min 128kB #maintenance_work_mem = 64MB # min 1MB #autovacuum_work_mem = -1 # min 1MB, or -1 to use maintenance_work_mem #max_stack_depth = 2MB # min 100kB -dynamic_shared_memory_type = sysv # the default is the first option +dynamic_shared_memory_type = posix # the default is the first option # supported by the operating system: # posix # sysv # windows # mmap # use none to disable dynamic shared memory + # (change requires restart) # - Disk - -#temp_file_limit = -1 # limits per-session temp file space +#temp_file_limit = -1 # limits per-process temp file space # in kB, or -1 for no limit -# - Kernel Resource Usage - +# - Kernel Resources - #max_files_per_process = 1000 # min 25 # (change requires restart) -#shared_preload_libraries = '' # (change requires restart) # - Cost-Based Vacuum Delay - @@ -153,26 +161,37 @@ dynamic_shared_memory_type = sysv # the default is the first option # - Background Writer - #bgwriter_delay = 200ms # 10-10000ms between rounds -#bgwriter_lru_maxpages = 100 # 0-1000 max buffers written/round -#bgwriter_lru_multiplier = 2.0 # 0-10.0 multipler on buffers scanned/round +#bgwriter_lru_maxpages = 100 # max buffers written/round, 0 disables +#bgwriter_lru_multiplier = 2.0 # 0-10.0 multiplier on buffers scanned/round +#bgwriter_flush_after = 512kB # measured in pages, 0 disables # - Asynchronous Behavior - #effective_io_concurrency = 1 # 1-1000; 0 disables prefetching -#max_worker_processes = 8 +#max_worker_processes = 8 # (change requires restart) +#max_parallel_maintenance_workers = 2 # taken from max_parallel_workers +#max_parallel_workers_per_gather = 2 # taken from max_parallel_workers +#parallel_leader_participation = on +#max_parallel_workers = 8 # maximum number of max_worker_processes that + # can be used in parallel operations +#old_snapshot_threshold = -1 # 1min-60d; -1 disables; 0 is immediate + # (change requires restart) +#backend_flush_after = 0 # measured in pages, 0 disables #------------------------------------------------------------------------------ -# WRITE AHEAD LOG +# WRITE-AHEAD LOG #------------------------------------------------------------------------------ # - Settings - -#wal_level = minimal # minimal, archive, hot_standby, or logical +#wal_level = replica # minimal, replica, or logical # (change requires restart) -#fsync = on # turns forced synchronization on or off +#fsync = on # flush data to disk for crash safety + # (turning this off can cause + # unrecoverable data corruption) #synchronous_commit = on # synchronization level; - # off, local, remote_write, or on + # off, local, remote_write, remote_apply, or on #wal_sync_method = fsync # the default is the first option # supported by the operating system: # open_datasync @@ -187,16 +206,18 @@ dynamic_shared_memory_type = sysv # the default is the first option #wal_buffers = -1 # min 32kB, -1 sets based on shared_buffers # (change requires restart) #wal_writer_delay = 200ms # 1-10000 milliseconds +#wal_writer_flush_after = 1MB # measured in pages, 0 disables #commit_delay = 0 # range 0-100000, in microseconds #commit_siblings = 5 # range 1-1000 # - Checkpoints - -#checkpoint_timeout = 5min # range 30s-1h -#max_wal_size = 1GB -#min_wal_size = 80MB +#checkpoint_timeout = 5min # range 30s-1d +max_wal_size = 1GB +min_wal_size = 80MB #checkpoint_completion_target = 0.5 # checkpoint target duration, 0.0 - 1.0 +#checkpoint_flush_after = 256kB # measured in pages, 0 disables #checkpoint_warning = 30s # 0 disables # - Archiving - @@ -215,16 +236,16 @@ dynamic_shared_memory_type = sysv # the default is the first option # REPLICATION #------------------------------------------------------------------------------ -# - Sending Server(s) - +# - Sending Servers - # Set these on the master and on any standby that will send replication data. -#max_wal_senders = 0 # max number of walsender processes +#max_wal_senders = 10 # max number of walsender processes # (change requires restart) -#wal_keep_segments = 0 # in logfile segments, 16MB each; 0 disables +#wal_keep_segments = 0 # in logfile segments; 0 disables #wal_sender_timeout = 60s # in milliseconds; 0 disables -#max_replication_slots = 0 # max number of replication slots +#max_replication_slots = 10 # max number of replication slots # (change requires restart) #track_commit_timestamp = off # collect timestamp of transaction commit # (change requires restart) @@ -234,7 +255,8 @@ dynamic_shared_memory_type = sysv # the default is the first option # These settings are ignored on a standby server. #synchronous_standby_names = '' # standby servers that provide sync rep - # comma-separated list of application_name + # method to choose sync standbys, number of sync standbys, + # and comma-separated list of application_name # from standby(s); '*' = all #vacuum_defer_cleanup_age = 0 # number of xacts by which cleanup is delayed @@ -242,7 +264,7 @@ dynamic_shared_memory_type = sysv # the default is the first option # These settings are ignored on a master server. -#hot_standby = off # "on" allows queries during recovery +#hot_standby = on # "off" disallows queries during recovery # (change requires restart) #max_standby_archive_delay = 30s # max delay before canceling queries # when reading WAL from archive; @@ -260,6 +282,14 @@ dynamic_shared_memory_type = sysv # the default is the first option #wal_retrieve_retry_interval = 5s # time to wait before retrying to # retrieve WAL after a failed attempt +# - Subscribers - + +# These settings are ignored on a publisher. + +#max_logical_replication_workers = 4 # taken from max_worker_processes + # (change requires restart) +#max_sync_workers_per_subscription = 2 # taken from max_logical_replication_workers + #------------------------------------------------------------------------------ # QUERY TUNING @@ -275,9 +305,14 @@ dynamic_shared_memory_type = sysv # the default is the first option #enable_material = on #enable_mergejoin = on #enable_nestloop = on +#enable_parallel_append = on #enable_seqscan = on #enable_sort = on #enable_tidscan = on +#enable_partitionwise_join = off +#enable_partitionwise_aggregate = off +#enable_parallel_hash = on +#enable_partition_pruning = on # - Planner Cost Constants - @@ -286,6 +321,20 @@ dynamic_shared_memory_type = sysv # the default is the first option #cpu_tuple_cost = 0.01 # same scale as above #cpu_index_tuple_cost = 0.005 # same scale as above #cpu_operator_cost = 0.0025 # same scale as above +#parallel_tuple_cost = 0.1 # same scale as above +#parallel_setup_cost = 1000.0 # same scale as above + +#jit_above_cost = 100000 # perform JIT compilation if available + # and query more expensive than this; + # -1 disables +#jit_inline_above_cost = 500000 # inline small functions if query is + # more expensive than this; -1 disables +#jit_optimize_above_cost = 500000 # use expensive JIT optimizations if + # query is more expensive than this; + # -1 disables + +#min_parallel_table_scan_size = 8MB +#min_parallel_index_scan_size = 512kB #effective_cache_size = 4GB # - Genetic Query Optimizer - @@ -306,15 +355,19 @@ dynamic_shared_memory_type = sysv # the default is the first option #from_collapse_limit = 8 #join_collapse_limit = 8 # 1 disables collapsing of explicit # JOIN clauses +#force_parallel_mode = off +#jit = off # allow JIT compilation #------------------------------------------------------------------------------ -# ERROR REPORTING AND LOGGING +# REPORTING AND LOGGING #------------------------------------------------------------------------------ # - Where to Log - #log_destination = 'stderr' # Valid values are combinations of +#log_destination = 'stderr,syslog' # Multiple are valide +log_destination = 'syslog' # stderr, csvlog, syslog, and eventlog, # depending on platform. csvlog # requires logging_collector to be on. @@ -326,7 +379,7 @@ dynamic_shared_memory_type = sysv # the default is the first option # (change requires restart) # These are only used if logging_collector is on: -#log_directory = 'pg_log' # directory where log files are written, +#log_directory = 'log' # directory where log files are written, # can be absolute or relative to PGDATA #log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log' # log file name pattern, # can include strftime() escapes @@ -348,9 +401,13 @@ dynamic_shared_memory_type = sysv # the default is the first option # These are relevant when logging to syslog: #syslog_facility = 'LOCAL0' -#syslog_ident = 'postgres' +syslog_facility = 'LOCAL0' +syslog_ident = 'postgres' +#syslog_sequence_numbers = on +#syslog_split_messages = on # This is only relevant when logging to eventlog (win32): +# (change requires restart) #event_source = 'PostgreSQL' # - When to Log - @@ -407,12 +464,12 @@ dynamic_shared_memory_type = sysv # the default is the first option #debug_print_plan = off #debug_pretty_print = on #log_checkpoints = off -#log_connections = off -#log_disconnections = off -#log_duration = off +log_connections = on +log_disconnections = on +log_duration = on #log_error_verbosity = default # terse, default, or verbose messages -#log_hostname = off -#log_line_prefix = '' # special values: +log_hostname = on +#log_line_prefix = '%m [%p] ' # special values: # %a = application name # %u = user name # %d = database name @@ -421,6 +478,7 @@ dynamic_shared_memory_type = sysv # the default is the first option # %p = process ID # %t = timestamp without milliseconds # %m = timestamp with milliseconds + # %n = timestamp with milliseconds (as a Unix epoch) # %i = command tag # %e = SQL state # %c = session ID @@ -440,8 +498,9 @@ dynamic_shared_memory_type = sysv # the default is the first option # -1 disables, 0 logs all temp files log_timezone = 'Portugal' - -# - Process Title - +#------------------------------------------------------------------------------ +# PROCESS TITLE +#------------------------------------------------------------------------------ #cluster_name = '' # added to process titles if nonempty # (change requires restart) @@ -449,10 +508,10 @@ log_timezone = 'Portugal' #------------------------------------------------------------------------------ -# RUNTIME STATISTICS +# STATISTICS #------------------------------------------------------------------------------ -# - Query/Index Statistics Collector - +# - Query and Index Statistics Collector - #track_activities = on #track_counts = on @@ -462,7 +521,7 @@ log_timezone = 'Portugal' #stats_temp_directory = 'pg_stat_tmp' -# - Statistics Monitoring - +# - Monitoring - #log_parser_stats = off #log_planner_stats = off @@ -471,7 +530,7 @@ log_timezone = 'Portugal' #------------------------------------------------------------------------------ -# AUTOVACUUM PARAMETERS +# AUTOVACUUM #------------------------------------------------------------------------------ #autovacuum = on # Enable autovacuum subprocess? 'on' @@ -509,6 +568,7 @@ log_timezone = 'Portugal' # - Statement Behavior - #search_path = '"$user", public' # schema names +#row_security = on #default_tablespace = '' # a tablespace name, '' uses the default #temp_tablespaces = '' # a list of tablespace names, '' uses # only default tablespace @@ -519,10 +579,14 @@ log_timezone = 'Portugal' #session_replication_role = 'origin' #statement_timeout = 0 # in milliseconds, 0 is disabled #lock_timeout = 0 # in milliseconds, 0 is disabled +#idle_in_transaction_session_timeout = 0 # in milliseconds, 0 is disabled #vacuum_freeze_min_age = 50000000 #vacuum_freeze_table_age = 150000000 #vacuum_multixact_freeze_min_age = 5000000 #vacuum_multixact_freeze_table_age = 150000000 +#vacuum_cleanup_index_scale_factor = 0.1 # fraction of total number of tuples + # before index cleanup, 0 always performs + # index cleanup #bytea_output = 'hex' # hex, escape #xmlbinary = 'base64' #xmloption = 'content' @@ -555,11 +619,16 @@ lc_time = 'C' # locale for time formatting # default configuration for text search default_text_search_config = 'pg_catalog.english' -# - Other Defaults - +# - Shared Library Preloading - -#dynamic_library_path = '$libdir' +#shared_preload_libraries = '' # (change requires restart) #local_preload_libraries = '' #session_preload_libraries = '' +#jit_provider = 'llvmjit' # JIT library to use + +# - Other Defaults - + +#dynamic_library_path = '$libdir' #------------------------------------------------------------------------------ @@ -571,10 +640,14 @@ default_text_search_config = 'pg_catalog.english' # (change requires restart) #max_pred_locks_per_transaction = 64 # min 10 # (change requires restart) +#max_pred_locks_per_relation = -2 # negative values mean + # (max_pred_locks_per_transaction + # / -max_pred_locks_per_relation) - 1 +#max_pred_locks_per_page = 2 # min 0 #------------------------------------------------------------------------------ -# VERSION/PLATFORM COMPATIBILITY +# VERSION AND PLATFORM COMPATIBILITY #------------------------------------------------------------------------------ # - Previous PostgreSQL Versions - @@ -586,7 +659,6 @@ default_text_search_config = 'pg_catalog.english' #lo_compat_privileges = off #operator_precedence_warning = off #quote_all_identifiers = off -#sql_inheritance = on #standard_conforming_strings = on #synchronize_seqscans = on diff --git a/tools/dnsmasq.html b/tools/dnsmasq.html index a6a0046..ca776d1 100644 --- a/tools/dnsmasq.html +++ b/tools/dnsmasq.html @@ -1,4 +1,4 @@ - <!DOCTYPE html> +<!DOCTYPE html> <html dir="ltr" lang="en"> <head> <meta charset='utf-8'> @@ -69,7 +69,7 @@ <p> This is part of the Hive System Documentation. - Copyright (C) 2018 + Copyright (C) 2019 Hive Team. See the file <a href="../fdl-1.3-standalone.html">Gnu Free Documentation License</a> for copying conditions.</p> </body> diff --git a/tools/gitolite.html b/tools/gitolite.html index 0e92158..8a526c2 100644 --- a/tools/gitolite.html +++ b/tools/gitolite.html @@ -22,7 +22,8 @@ <p>Create user and home directory;</p> <pre> - # useradd -r -s /bin/bash -U -m -d /srv/gitolite gitolite + # useradd -r -s /bin/sh -U -m -d /srv/gitolite gitolite + # usermod -p x gitolite </pre> <p>Permissions for /srv/gitolite/repositories directories should be diff --git a/tools/index.html b/tools/index.html index 0afdf3e..a002c0d 100644 --- a/tools/index.html +++ b/tools/index.html @@ -121,10 +121,10 @@ <ul> <li><a href="qemu.html">Qemu</a> <ul> - <li><a href="qemu.html#kern">1. Host System</a></li> + <li><a href="qemu.html#kern">1. Host system</a></li> <li><a href="qemu.html#disk">2. Disk images</a></li> <li><a href="qemu.html#net">3. Network</a></li> - <li><a href="qemu.html#guest">4. Guest System</a></li> + <li><a href="qemu.html#guest">4. Guest system</a></li> </ul> </li> <li> @@ -139,18 +139,18 @@ <ul> <li><a href="nginx.html#install">1. Install Nginx</a></li> <li><a href="nginx.html#certs">2. Certificates</a></li> - <li><a href="nginx.html#nginxconf">3. Nginx Configuration</a></li> + <li><a href="nginx.html#nginxconf">3. Nginx configuration</a></li> <li><a href="nginx.html#server">4. Server with PHP</a></li> - <li><a href="nginx.html#userdir">5. User Directory</a></li> + <li><a href="nginx.html#userdir">5. User directory</a></li> <li><a href="nginx.html#logs">6. Logs</a></li> </ul> </li> <li><a href="gitolite.html">Gitolite</a> <ul> <li><a href="gitolite.html#install">1. Install Gitolite</a></li> - <li><a href="gitolite.html#config">2. Configure Gitolite</a></li> - <li><a href="gitolite.html#admin">3. Gitolite Administration</a></li> - <li><a href="gitolite.html#hooks">4. Gitolite Hooks</a></li> + <li><a href="gitolite.html#config">2. Configure gitolite</a></li> + <li><a href="gitolite.html#admin">3. Gitolite administration</a></li> + <li><a href="gitolite.html#hooks">4. Gitolite hooks</a></li> <li><a href="gitolite.html#gitweb">5. Gitweb</a></li> <li><a href="gitolite.html#git-daemon">6. Git-daemon</a></li> </ul> @@ -158,12 +158,13 @@ <li><a href="postgresql.html">Postgresql</a> <ul> <li><a href="postgresql.html#install">1. Install Postgresql</a></li> - <li><a href="postgresql.html#config">2. Configure Server</a></li> - <li><a href="postgresql.html#createuser">3. Create User</a></li> - <li><a href="postgresql.html#createdb">4. Create Database</a></li> - <li><a href="postgresql.html#dropdb">5. Drop Database</a></li> - <li><a href="postgresql.html#dropuser">6. Drop User</a></li> + <li><a href="postgresql.html#config">2. Configure server</a></li> + <li><a href="postgresql.html#createuser">3. Create user</a></li> + <li><a href="postgresql.html#createdb">4. Create database</a></li> + <li><a href="postgresql.html#dropdb">5. Drop database</a></li> + <li><a href="postgresql.html#dropuser">6. Drop user</a></li> <li><a href="postgresql.html#psql">7. Psql</a></li> + <li><a href="postgresql.html#backup">8. Backup and restore</a></li> </ul> </li> </ul> @@ -172,7 +173,7 @@ <p> This is part of the Hive System Documentation. - Copyright (C) 2018 + Copyright (C) 2019 Hive Team. See the file <a href="../fdl-1.3-standalone.html">Gnu Free Documentation License</a> for copying conditions.</p> diff --git a/tools/logwatch.html b/tools/logwatch.html index 4f35571..e47a517 100644 --- a/tools/logwatch.html +++ b/tools/logwatch.html @@ -2,21 +2,74 @@ <html dir="ltr" lang="en"> <head> <meta charset='utf-8'> - <title>1. Logwatch</title> + <title>Logwatch</title> </head> <body> - <h1>1. Logwatch</h1> - <p>Get <a href="https://crux.nu/portdb/index.php?a=getup&q=deepthought">deepthought.httpup</a> - and move it to /etc/ports. Activate collection in /etc/prt-get.conf and run;</p> + <a href="index.html">Tools Index</a> + + <h1>Logwatch</h1> + + <p>Install logwatch, ports collection contains <a href="https://crux.nu/portdb/index.php?a=getup&q=deepthought">deepthought.httpup</a> port;</p> <pre> - $ ports -u $ prt-get depinst logwatch </pre> <h2 id="conf">1.1. Configure</h2> + <p>Logwatch apply configuration state using layers of configuration files, last in the list is most important;</p> + + <ul> + <li>/usr/share/logwatch/default.conf/*</li> + <li>/etc/logwatch/conf/*</li> + <li>command line arguments</li> + </ul> + + <p>From logwatch documentation;</p> + + <pre> + The contents of the three directories /usr/share/logwatch/default.conf, + /usr/share/logwatch/dist.conf, and /etc/logwatch/conf, all have the + same structure: + + services: This subdirectory contains the configuration + files specific to each service. Logwatch + determines which services are available by + examining the contents of this directory. + Each service configuration file is named by + its service name with the ".conf" suffix. + + logfiles: This subdirectory contains the logfile group + configuration files. Each logfile group + configuration file contains information about + one or more log files with the same format. + Several services may use the same logfile + group configuration file. Each of these + configuration files are named by the group + name with the ".conf" suffix. Many + of the group names are taken from the name + of a system log file (such as messages, + maillog, secure, etc.), but not always. + + logwatch.conf: This file contains the defaults for the + overall execution of Logwatch, and affect all + of its services. Many of its parameters can + be overridden by command-line switches when + invoking the Logwatch executable, as described + in the man page for Logwatch. + + ignore.conf: This file specifies regular expressions that, + when matched by the output of logwatch, will + suppress the matching line, regardless of which + service is being executed. + + The /etc/logwatch/conf directory may also contain the file 'override.conf', + which is described in section 4, "Customizing the Configuration." + </pre> + + <p>Copy default configuration to use as a template;</p> + <pre> $ sudo cp /usr/share/logwatch/default.conf/logwatch.conf /etc/logwatch/conf/ </pre> @@ -24,16 +77,21 @@ <p>Example configuration;</p> <pre> - MailTo = admin@box + MailTo = admin@machine MailFrom = logwatch Range = Today Detail = Med </pre> - <p>Activate all or per service;</p> + <p>Default activate all services, to enable per service edit /usr/share/logwatch/default.conf/logwatch.conf;</p> <pre> #Service = All + </pre> + + <p>Then add the services to /etc/logwatch/conf/logwatch.conf;</p> + + <pre> Service = http Service = exim Service = dhcpd @@ -68,5 +126,12 @@ $ sudo chmod +x /etc/cron/daily/logwatch </pre> + <a href="index.html">Tools Index</a> + + <p> + This is part of the Hive System Documentation. + Copyright (C) 2019 + Hive Team. + See the file <a href="../fdl-1.3-standalone.html">Gnu Free Documentation License</a> for copying conditions.</p> </body> </html> diff --git a/tools/openssh.html b/tools/openssh.html index b643285..4b85020 100644 --- a/tools/openssh.html +++ b/tools/openssh.html @@ -257,6 +257,9 @@ IdentityFile ~/.ssh/gitolite Port 2222 User gitolite + + Host * + IdentitiesOnly yes </pre> <p>Now you can just type ssh core to connect machine.example.org on diff --git a/tools/postgresql.html b/tools/postgresql.html index 00fe1ae..285e7c3 100644 --- a/tools/postgresql.html +++ b/tools/postgresql.html @@ -141,7 +141,7 @@ ssl_key_file = '/etc/ssl/keys/pg.key' # (change requires restart) #ssl_ca_file = '' # (change requires restart) #ssl_crl_file = '' # (change requires restart) - password_encryption = on + password_encryption = scram-sha-256 </pre> <h3>2.5. Configure pg_hba.conf</h3> @@ -152,20 +152,10 @@ <pre> # TYPE DATABASE USER ADDRESS METHOD - - # "local" is for Unix domain socket connections only - #local all all trust - local all postgres ident - # IPv4 local connections: - host all all 127.0.0.1/32 trust - #hostssl all all 192.168.0.0/32 md5 - # IPv6 local connections: - #host all all ::1/128 trust - # Allow replication connections from localhost, by a user with the - # replication privilege. - #local replication postgres trust - #host replication postgres 127.0.0.1/32 trust - #host replication postgres ::1/128 trust + local postgres all trust + host postgres all 127.0.0.1/32 trust + host all all 127.0.0.1/32 scram-sha-256 + host all all 0.0.0.0/0 reject </pre> <p>Start server and alter postgres password</p> @@ -189,9 +179,10 @@ syslog_facility='LOCAL0' syslog_ident='postgres' log_connections = on + log_disconnections = on + log_duration = on </pre> - <p>Create /etc/logrotate.d/postgres;</p> <pre> @@ -300,7 +291,7 @@ db_flyspray=# create schema public; </pre> - <h2 id="backup">8. Backup</h3> + <h2 id="backup">8. Backup and restore</h3> <h3>8.1. Dump databases</h3> @@ -317,10 +308,9 @@ <a href="index.html">Tools Index</a> <p> This is part of the Hive System Documentation. - Copyright (C) 2018 + Copyright (C) 2019 Hive Team. See the file <a href="../fdl-1.3-standalone.html">Gnu Free Documentation License</a> for copying conditions.</p> - </body> </html> diff --git a/tools/scripts/pkgmk-test.conf b/tools/scripts/pkgmk-test.conf index 14248aa..4a04eec 100644 --- a/tools/scripts/pkgmk-test.conf +++ b/tools/scripts/pkgmk-test.conf @@ -9,6 +9,7 @@ PKGMK_SOURCE_DIR="$PWD" PKGMK_PACKAGE_DIR="$PWD" PKGMK_WORK_DIR="$PWD/work" PKGMK_DOWNLOAD="yes" +PKGMK_UP_TO_DATE="no" # PKGMK_IGNORE_FOOTPRINT="no" # PKGMK_IGNORE_NEW="no" # PKGMK_NO_STRIP="no" |