From 3d29ecb8767d923f79b82566fd57b08db76b8fc5 Mon Sep 17 00:00:00 2001
From: Silvino Silva Install Gitolite port first; This setup is based on documentation from
- Arch Wiki. Mount point; Create user; Create user and home directory;1. Gitolite
+ Gitolite
- 1.1. Install Gitolite
+ 1. Install Gitolite
$ prt-get depinst gitolite
-
- # mkdir -p /srv/gitolite
- # mount /srv/gitolite
-
+ 2. Configure Gitolite
-
+ # mkdir -p /srv/gitolite
# useradd -U -d /srv/gitolite gitolite
- # passwd gitolite
# chown gitolite:gitolite /srv/gitolite
@@ -36,10 +31,14 @@
locked and can login via ssh. This password
will not be used.
+ # passwd gitolite +-
You need to copy a public key, read ssh - how to create one.
+Copy public key that will be used for + authenticating gitolite administrator, read + ssh how to + create one.
$ sudo install -o gitolite -g gitolite /home/bob/.ssh/gitolite.pub /srv/gitolite/gitolite.pub @@ -66,7 +65,7 @@ $ ssh -v -i ~/.ssh/gitulite_rsa gitolite@localhost -p 2222-
Read how to setup ssh identities, gitolite documentation. @@ -76,7 +75,7 @@ $ git clone gitolite:gitolite-admin -
First copy the key to remote server, in this example key is on same server;
@@ -97,13 +96,13 @@ $ exit -Gitolite helps add and remove users from authorized_keys by allowing add or remove keys from keydir directory in clone.
-$ mv bob.pub keydir/ @@ -112,7 +111,7 @@ $ git push-
$ git rm keydir/bob.pub @@ -120,9 +119,9 @@ $ git push-
Add repository atom and user bob to devteam group, edit conf/gitolite.conf;
@@ -169,8 +168,7 @@ $ git push --
Rename rep void to sysdoc, on remote host;
@@ -193,12 +191,12 @@ $ git push -Example from Cookbook how to apply hooks only to certain repos. Uncomment or add - this line on /srv/gitolite/.gitolite.rc, within the %RC block;
+ this line on /srv/gitolite/.gitolite.rc, within the %RC block;LOCAL_CODE => "$rc{GL_ADMIN_BASE}/local", @@ -234,7 +232,7 @@ git "standard" names (pre-receive, post-receive, post-update), you use descriptive names (e.g. "deploy", "RSS-post", etc). -1.4.1. Deploy Hook
+4.1. Deploy Hook
This manual create two users; one gitolite that handle git central server and system www for web servers. To avoid permission @@ -242,9 +240,9 @@ we have permission to use chown, this way files end up with right www user ownership and permissions.
-This hook allows to select wich branch is deployed and if exists, - calls a script inside project folder with user www. This allows to - do post deploy (checkout) tasks such as composer update.
+This hook allows to select wich branch is deployed and if exists, + calls a script inside project folder with user www. This allows to + do post deploy (checkout) tasks such as composer update.
Create deployweb in gitolite-admin/local/hooks/repo-specific;
@@ -254,29 +252,29 @@
- #!/bin/bash + #!/bin/bash - ###################################################################### - # - # Put this file in your gitolite-admin; - # ~/gitolite-admin/local/hooks/repo-specific/deployweb - # - while read oldrev newrev refname - do - BRANCH=$(git rev-parse --symbolic --abbrev-ref $refname) - echo "Commit was for branch $BRANCH" + ###################################################################### + # + # Put this file in your gitolite-admin; + # ~/gitolite-admin/local/hooks/repo-specific/deployweb + # + while read oldrev newrev refname + do + BRANCH=$(git rev-parse --symbolic --abbrev-ref $refname) + echo "Commit was for branch $BRANCH" - if [[ "$BRANCH" == "master" ]];then + if [[ "$BRANCH" == "master" ]];then - # Get project name from current directory (without .git) - PROJECT=$(basename "$PWD") - PROJECT=${PROJECT%.git} + # Get project name from current directory (without .git) + PROJECT=$(basename "$PWD") + PROJECT=${PROJECT%.git} - echo "Project $PROJECT added to deploy list." - echo $PWD > /srv/gitolite/deploy/$PROJECT - fi + echo "Project $PROJECT added to deploy list." + echo $PWD > /srv/gitolite/deploy/$PROJECT + fi - done + done
Create deploy directory on remote;
@@ -422,10 +420,10 @@ Tools IndexThis is part of the c9-doc Manual. - Copyright (C) 2016 - c9 team. - See the file Gnu Free Documentation License - for copying conditions.
+ Copyright (C) 2016 + c9 team. + See the file Gnu Free Documentation License + for copying conditions. diff --git a/tools/index.html b/tools/index.html index d20ccfa..c6fbae7 100644 --- a/tools/index.html +++ b/tools/index.html @@ -127,9 +127,8 @@ OpenSSHOpenBSD Secure Shell, is a suite of security-related network-level utilities based on the SSH protocol, @@ -14,7 +14,7 @@ encryption of network traffic over multiple authentication methods and by providing secure tunneling capabilities.
-Crux openssh port install this files to etc;
@@ -45,7 +45,7 @@ $ man sshd -Read OpenSSH server Best Security Practices, @@ -68,7 +68,12 @@ #ListenAddress :: -
Authentication settings;
++ # The default requires explicit activation of protocol 1 + Protocol 2 ++ +
Authentication settings;
# Authentication: @@ -114,9 +119,10 @@ Banner /etc/issue+
Iptables;
-Example of iptable script
+Example of system-iptables.sh
$IPT -A INPUT -i ${PUB_IF} -p tcp --dport 2222 --sport 1024:65535 -m state --state ESTABLISHED -j ACCEPT @@ -124,6 +130,8 @@ $IPT -A OUTPUT -o ${PUB_IF} -p tcp --sport 2222 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT+
Change SyslogFacility in accordance with syslog-ng configuration;
@@ -154,7 +162,7 @@ # ss -f inet -l -p | grep ssh-
To create new key;
@@ -186,7 +194,7 @@ $ chmod 600 ~/.ssh/gitolite -Send gitolite.pub public key to server. In this example bob (administrator of gitolite) is on same host, @@ -215,7 +223,7 @@ $ ssh -P 2222 bob@remote.org -
When you have multiple accounts/identities you can configure ssh client so you dont need to give @@ -270,7 +278,7 @@
Logout just detach from session with ctrl + b d
-This information is inspired by Reverse SSH connections @@ -295,10 +303,10 @@ Tools Index
This is part of the c9-doc Manual. -Copyright (C) 2016 -c9 team. -See the file Gnu Free Documentation License -for copying conditions.
+ Copyright (C) 2016 + c9 team. + See the file Gnu Free Documentation License + for copying conditions. diff --git a/tools/qemu.html b/tools/qemu.html index 272a26b..0079dfc 100644 --- a/tools/qemu.html +++ b/tools/qemu.html @@ -123,7 +123,7 @@# DEV="br0" - # TAP="tap5" + # TAP="tap1"
@@ -135,12 +135,26 @@ # ip link set ${TAP} master ${DEV}+
Create interface with correct permissions set for kvm group.
+ ++ # sysctl -w net.ipv4.ip_forward=1 + # iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o eth0 -j MASQUERADE ++ +
Start qemu with 512 of ram, mydisk.img as disk and boot from iso
+See scripts/system-qemu.sh, as template. Run virtual machine that uses above tap device;
$ ISO=~/crux-3.2.iso $ IMG=~/crux-img.qcow2 + $ TAP="tap1" $ qemu-system-x86_64 \ -enable-kvm \ @@ -151,19 +165,6 @@ -net nic,model=virtio -net tap,ifname=${TAP},script=no,downscript=no-
Create interface with correct permissions set for kvm group.
- -- # sysctl -w net.ipv4.ip_forward=1 - # iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o eth0 -j MASQUERADE -- -
Start qemu with 512 of ram, mydisk.img as disk and boot from iso
-$ ISO=~/crux-3.2.iso $ IMG=~/crux-img.qcow2 diff --git a/tools/scripts/config-install.sh b/tools/scripts/config-install.sh deleted file mode 100644 index 061081f..0000000 --- a/tools/scripts/config-install.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh - -CONF_DIR="$(dirname `dirname $0`)/conf" -echo "CONF_DIR=$CONF_DIR\n" diff --git a/tools/scripts/install-nginx.sh b/tools/scripts/install-nginx.sh deleted file mode 100644 index decacc1..0000000 --- a/tools/scripts/install-nginx.sh +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/sh - -. `dirname $0`/config-install.sh - -prt-get depinst nginx - -cp -R $CONF_DIR/etc/nginx/* /etc/nginx/ - -mkdir /srv/www -chown nginx:www /srv/www - -usermod -a -G www nginx -usermod -m -d /srv/www nginx - -openssl genrsa -des3 -out /etc/ssl/keys/nginx.key 2048 -openssl req -new -key /etc/ssl/keys/nginx.key -out /etc/ssl/certs/nginx.csr -openssl x509 -req -days 365 \ - -in /etc/ssl/certs/nginx.csr \ - -signkey /etc/ssl/keys/nginx.key \ - -out /etc/ssl/certs/nginx.crt - -cp /etc/ssl/keys/nginx.key /etc/ssl/keys/nginx.key.pass -openssl rsa -in /etc/ssl/keys/nginx.key.pass -out /etc/ssl/keys/nginx.key - diff --git a/tools/scripts/install-php.sh b/tools/scripts/install-php.sh deleted file mode 100644 index 4c28173..0000000 --- a/tools/scripts/install-php.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/sh - -. `dirname $0`/config-install.sh - -prt-get depinst php php-fpm php-gd php-pdo-pgsql php-postgresql - -cp /etc/php/php.ini-development /etc/php/php.ini diff --git a/tools/scripts/install-postgres.sh b/tools/scripts/install-postgres.sh deleted file mode 100644 index 06666e0..0000000 --- a/tools/scripts/install-postgres.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/sh - -. `dirname $0`/config-install.sh - -prt-get depinst postgresql - -cp -R $CONF_DIR/etc/rc.d/postgresql /etc/rc.d/ - -mkdir /srv/pgsql/ -touch /var/log/postgresql -chown postgres:postgres /srv/pgsql /var/log/postgresql - -sudo -u postgres initdb -D /srv/pgsql/data - -cp $CONF_DIR/srv/pgsql/data/pg_hba.conf /srv/pgsql/data/ -chown postgres:postgres /srv/pgsql/data/pg_hba.conf diff --git a/tools/scripts/setup-gitolite.sh b/tools/scripts/setup-gitolite.sh new file mode 100644 index 0000000..c42db14 --- /dev/null +++ b/tools/scripts/setup-gitolite.sh @@ -0,0 +1,43 @@ +#!/bin/sh + +# First we define the function +ConfirmOrExit () +{ + while true + do + echo -n "Please confirm (y or n) :" + read CONFIRM + case $CONFIRM in + y|Y|YES|yes|Yes) break ;; + n|N|no|NO|No) + echo "Aborting - you entered $CONFIRM" + exit + ;; + *) echo "Please enter only y or n" + esac + done + echo "You entered $CONFIRM. Continuing ..." +} + + +# Absolute path to this script, e.g. /home/user/bin/foo.sh +SCRIPT=$(readlink -f "$0") +# Absolute path this script is in, thus /home/user/bin +SCRIPTPATH=$(dirname "$SCRIPT") + +DIR=$(dirname "$SCRIPTPATH"); +DIR_CONF=$DIR"/conf" + +echo "SCRIPT=$SCRIPT"; +echo "SCRIPTPATH=$SCRIPTPATH"; +echo "DIR=$DIR"; +echo "DIR_CONF=$DIR_CONF"; +ConfirmOrExit + + prt-get depinst gitolite + + mkdir -p /srv/gitolite + useradd -U -d /srv/gitolite gitolite + chown gitolite:gitolite /srv/gitolite + +exit 0; diff --git a/tools/scripts/setup-nginx.sh b/tools/scripts/setup-nginx.sh new file mode 100644 index 0000000..decacc1 --- /dev/null +++ b/tools/scripts/setup-nginx.sh @@ -0,0 +1,24 @@ +#!/bin/sh + +. `dirname $0`/config-install.sh + +prt-get depinst nginx + +cp -R $CONF_DIR/etc/nginx/* /etc/nginx/ + +mkdir /srv/www +chown nginx:www /srv/www + +usermod -a -G www nginx +usermod -m -d /srv/www nginx + +openssl genrsa -des3 -out /etc/ssl/keys/nginx.key 2048 +openssl req -new -key /etc/ssl/keys/nginx.key -out /etc/ssl/certs/nginx.csr +openssl x509 -req -days 365 \ + -in /etc/ssl/certs/nginx.csr \ + -signkey /etc/ssl/keys/nginx.key \ + -out /etc/ssl/certs/nginx.crt + +cp /etc/ssl/keys/nginx.key /etc/ssl/keys/nginx.key.pass +openssl rsa -in /etc/ssl/keys/nginx.key.pass -out /etc/ssl/keys/nginx.key + diff --git a/tools/scripts/setup-openssh.sh b/tools/scripts/setup-openssh.sh new file mode 100644 index 0000000..14afe8b --- /dev/null +++ b/tools/scripts/setup-openssh.sh @@ -0,0 +1,43 @@ +#!/bin/sh + +# First we define the function +ConfirmOrExit () +{ + while true + do + echo -n "Please confirm (y or n) :" + read CONFIRM + case $CONFIRM in + y|Y|YES|yes|Yes) break ;; + n|N|no|NO|No) + echo "Aborting - you entered $CONFIRM" + exit + ;; + *) echo "Please enter only y or n" + esac + done + echo "You entered $CONFIRM. Continuing ..." +} + + +# Absolute path to this script, e.g. /home/user/bin/foo.sh +SCRIPT=$(readlink -f "$0") +# Absolute path this script is in, thus /home/user/bin +SCRIPTPATH=$(dirname "$SCRIPT") + +DIR=$(dirname "$SCRIPTPATH"); +DIR_CONF=$DIR"/conf" + +echo "SCRIPT=$SCRIPT"; +echo "SCRIPTPATH=$SCRIPTPATH"; +echo "DIR=$DIR"; +echo "DIR_CONF=$DIR_CONF"; +ConfirmOrExit + + + #installer overwrite system init script + cp -R $DIR_CONF/etc/ssh/sshd_config /etc/ssh/sshd_config + + sh /etc/rc.d/sshd start + +exit 0; diff --git a/tools/scripts/setup-php.sh b/tools/scripts/setup-php.sh new file mode 100644 index 0000000..4c28173 --- /dev/null +++ b/tools/scripts/setup-php.sh @@ -0,0 +1,7 @@ +#!/bin/sh + +. `dirname $0`/config-install.sh + +prt-get depinst php php-fpm php-gd php-pdo-pgsql php-postgresql + +cp /etc/php/php.ini-development /etc/php/php.ini diff --git a/tools/scripts/setup-postgresql.sh b/tools/scripts/setup-postgresql.sh new file mode 100644 index 0000000..4e1ee3a --- /dev/null +++ b/tools/scripts/setup-postgresql.sh @@ -0,0 +1,87 @@ +#!/bin/sh + +# First we define the function +ConfirmOrExit () +{ + while true + do + echo -n "Please confirm (y or n) :" + read CONFIRM + case $CONFIRM in + y|Y|YES|yes|Yes) break ;; + n|N|no|NO|No) + echo "Aborting - you entered $CONFIRM" + exit + ;; + *) echo "Please enter only y or n" + esac + done + echo "You entered $CONFIRM. Continuing ..." +} + + +# Absolute path to this script, e.g. /home/user/bin/foo.sh +SCRIPT=$(readlink -f "$0") +# Absolute path this script is in, thus /home/user/bin +SCRIPTPATH=$(dirname "$SCRIPT") + +DIR=$(dirname "$SCRIPTPATH"); +DIR_CONF=$DIR"/conf" + +echo "SCRIPT=$SCRIPT"; +echo "SCRIPTPATH=$SCRIPTPATH"; +echo "DIR=$DIR"; +echo "DIR_CONF=$DIR_CONF"; +ConfirmOrExit + +IS_INSTALL=$(prt-get isinst postgresql); +echo $IS_INSTALL; +if [ "$IS_INSTALL" = "package postgresql is installed" ] +then + echo "updating postgresql" + OLD_VERSION=$(prt-get current postgresql); + echo $OLD_VERSION; + + sudo -u postgres pg_dumpall > /srv/pgsql/dump-$OLD_VERSION.sql + + sh /etc/rc.d/postgresql stop + + #extra backup, in case ... + tar --xattrs -zcpf /srv/pgsql/data-$OLD_VERSION.tar.gz \ + --directory=/srv/pgsql/data . + + rm -R /srv/pgsql/data + + prt-get update postgresql + + NEW_VERSION=$(prt-get current postgresql); + echo $NEW_VERSION; + + sudo -u postgres initdb -D /srv/pgsql/data + + rejmerge + #installer overwrite system init script + cp -R $DIR_CONF/etc/rc.d/postgresql /etc/rc.d/ + + sh /etc/rc.d/postgresql start + sleep 5 + + sudo -u postgres psql -d postgres -f /srv/pgsql/dump-$OLD_VERSION.sql + +else + echo "install postgresql and dependencies" + prt-get depinst postgresql + + cp -R $DIR_CONF/etc/rc.d/postgresql /etc/rc.d/ + + mkdir /srv/pgsql/ + touch /var/log/postgresql + chown postgres:postgres /srv/pgsql /var/log/postgresql + + sudo -u postgres initdb -D /srv/pgsql/data + + cp $DIR_CONF/srv/pgsql/data/pg_hba.conf /srv/pgsql/data/ + chown postgres:postgres /srv/pgsql/data/pg_hba.conf +fi + +exit 0; diff --git a/tools/scripts/system-iptables.sh b/tools/scripts/system-iptables.sh index 4ec3b79..429efde 100644 --- a/tools/scripts/system-iptables.sh +++ b/tools/scripts/system-iptables.sh @@ -339,9 +339,9 @@ $IPT -A OUTPUT -o ${PUB_IF} -p tcp --sport 1024:65535 --dport 1024: -m state -- # $IPT -A OUTPUT -o ${PUB_IF} -p tcp --dport 2100 -j ACCEPT # $IPT -A OUTPUT -o ${PUB_IF} -p tcp --dport 9990 -j ACCEPT # -# echo "Allow wesnoth" -# $IPT -A OUTPUT -o ${PUB_IF} -p tcp --dport 15000 -m state --state NEW -j ACCEPT -# $IPT -A OUTPUT -o ${PUB_IF} -p tcp --dport 14998 -m state --state NEW -j ACCEPT + echo "Allow wesnoth" + $IPT -A OUTPUT -o ${PUB_IF} -p tcp --dport 15000 -m state --state NEW -j ACCEPT + $IPT -A OUTPUT -o ${PUB_IF} -p tcp --dport 14998 -m state --state NEW -j ACCEPT ##### END your rules ############ # Less log of known traffic diff --git a/tools/scripts/system-qemu.sh b/tools/scripts/system-qemu.sh index 8c68e70..489af5e 100644 --- a/tools/scripts/system-qemu.sh +++ b/tools/scripts/system-qemu.sh @@ -1,15 +1,58 @@ #!/bin/sh -ISO=~/crux-3.2.iso -IMG=~/crux-img.qcow2 -TAP=$1 +# First we define the function +ConfirmOrExit () +{ + while true + do + echo -n "Please confirm (y or n) :" + read CONFIRM + case $CONFIRM in + y|Y|YES|yes|Yes) break ;; + n|N|no|NO|No) + echo "Aborting - you entered $CONFIRM" + exit + ;; + *) echo "Please enter only y or n" + esac + done + echo "You entered $CONFIRM. Continuing ..." +} -echo "TAP: $TAP" +SCRIPT=$(readlink -f "$0") +# Absolute path this script is in, thus /home/user/bin +SCRIPTPATH=$(dirname "$SCRIPT") -qemu-system-x86_64 \ - -enable-kvm \ - -m 1024 \ - -boot d \ - -cdrom ${ISO} \ - -hda ${IMG} \ - -net nic,model=virtio -net tap,ifname=${TAP},script=no,downscript=no +DIR=$(dirname "$SCRIPTPATH"); +DIR_LOCAL="$(dirname $(dirname ${DIR}))/local"; + +MEM=$1 +TAP=$2 +ISO_FILE="${DIR_LOCAL}/$3" +IMG="${DIR_LOCAL}/$4" + +echo "MEM (512): $MEM" +echo "TAP (tap1): $TAP" +echo "ISO_FILE (crux-3.2.iso): $ISO_FILE" +echo "IMG (crux-img.qcow2): $IMG" +ConfirmOrExit + +if [ "$ISO_FILE" = "$DIR_LOCAL/" ] +then + qemu-system-x86_64 \ + -enable-kvm \ + -m $MEM \ + -boot c \ + -hda ${IMG} \ + -net nic,model=virtio -net tap,ifname=${TAP},script=no,downscript=no +else + qemu-system-x86_64 \ + -enable-kvm \ + -m $MEM \ + -boot d \ + -cdrom ${ISO_FILE} \ + -hda ${IMG} \ + -net nic,model=virtio -net tap,ifname=${TAP},script=no,downscript=no +fi + +exit 0; -- cgit 1.4.1-2-gfad0