15 files changed, 278 insertions, 0 deletions
diff --git a/packages/crashbox-config/debian/changelog b/packages/crashbox-config/debian/changelog
new file mode 100644
index 0000000..4991b8d
--- /dev/null
+++ b/packages/crashbox-config/debian/changelog
@@ -0,0 +1,5 @@
+crashbox-config (1) unstable; urgency=medium
+
+  * Initial Release.
+
+ -- Jakob Odersky <infra@crashbox.io>  Tue, 28 Aug 2018 21:47:21 -0700
diff --git a/packages/crashbox-config/debian/compat b/packages/crashbox-config/debian/compat
new file mode 100644
index 0000000..b4de394
--- /dev/null
+++ b/packages/crashbox-config/debian/compat
@@ -0,0 +1 @@
+11
diff --git a/packages/crashbox-config/debian/control b/packages/crashbox-config/debian/control
new file mode 100644
index 0000000..aacca52
--- /dev/null
+++ b/packages/crashbox-config/debian/control
@@ -0,0 +1,38 @@
+Source: crashbox-config
+Section: admin
+Priority: optional
+Maintainer: Jakob Odersky <infra@crashbox.io>
+Build-Depends: debhelper (>= 11)
+Standards-Version: 4.1.3
+
+Package: crashbox-base-config
+Architecture: any
+Depends: ${shlibs:Depends}, ${misc:Depends}, apt-listchanges, ca-certificates, curl, jq, openssl, rsync, ufw, unattended-upgrades, wget, sudo
+Provides: ${diverted-files}
+Conflicts: ${diverted-files}
+Description: configuration for base system
+ Adds local customizations to the base system configuration.
+
+Package: crashbox-nginx-config
+Architecture: any
+Depends: ${shlibs:Depends}, ${misc:Depends}, ssl-cert, nginx, crashbox-base-config
+Provides: ${diverted-files}
+Conflicts: ${diverted-files}
+Description: local nginx configuration
+ Adds local customizations to nginx config
+
+Package: crashbox-ip-config
+Architecture: any
+Depends: ${shlibs:Depends}, ${misc:Depends}, crashbox-nginx-config
+Provides: ${diverted-files}
+Conflicts: ${diverted-files}
+Description: what-is-my-ip website
+ Adds an nginx site that echoes back a remote IP address
+
+Package: crashbox-git-config
+Architecture: any
+Depends: ${shlibs:Depends}, ${misc:Depends}, crashbox-nginx-config, cgit, python3-pygments, python3-markdown, git-core, fcgiwrap, adduser
+Provides: ${diverted-files}
+Conflicts: ${diverted-files}
+Description: cgit web interface
+ Adds an nginx site that serves a CGit instance
+\ No newline at end of file
diff --git a/packages/crashbox-config/debian/copyright b/packages/crashbox-config/debian/copyright
new file mode 100644
index 0000000..ac7fbf4
--- /dev/null
+++ b/packages/crashbox-config/debian/copyright
@@ -0,0 +1,27 @@
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: crashbox-config
+
+Files: *
+Copyright: 2018 Jakob Odersky <jakob@odersky.com>
+License: GPL-3.0+
+
+Files: debian/*
+Copyright: 2018 Jakob Odersky <jakob@odersky.com>
+License: GPL-3.0+
+
+License: GPL-3.0+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+ .
+ This package is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ GNU General Public License for more details.
+ .
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <https://www.gnu.org/licenses/>.
+ .
+ On Debian systems, the complete text of the GNU General
+ Public License version 3 can be found in "/usr/share/common-licenses/GPL-3".
+\ No newline at end of file
diff --git a/packages/crashbox-config/debian/crashbox-base-config.install b/packages/crashbox-config/debian/crashbox-base-config.install
new file mode 100644
index 0000000..ef80655
--- /dev/null
+++ b/packages/crashbox-config/debian/crashbox-base-config.install
@@ -0,0 +1 @@
+base/20auto-upgrades etc/apt/apt.conf.d/
diff --git a/packages/crashbox-config/debian/crashbox-base-config.postinst b/packages/crashbox-config/debian/crashbox-base-config.postinst
new file mode 100644
index 0000000..b48f01f
--- /dev/null
+++ b/packages/crashbox-config/debian/crashbox-base-config.postinst
@@ -0,0 +1,42 @@
+#!/bin/sh
+# postinst script for crashbox-base-config
+#
+# see: dh_installdeb(1)
+
+set -e
+
+# summary of how this script can be called:
+#        * <postinst> `configure' <most-recently-configured-version>
+#        * <old-postinst> `abort-upgrade' <new version>
+#        * <conflictor's-postinst> `abort-remove' `in-favour' <package>
+#          <new-version>
+#        * <postinst> `abort-remove'
+#        * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
+#          <failed-install-package> <version> `removing'
+#          <conflicting-package> <version>
+# for details, see https://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+
+
+case "$1" in
+    configure)
+	 ufw allow 22/tcp || true
+	 ufw default deny || true
+	 ufw --force enable || true
+    ;;
+
+    abort-upgrade|abort-remove|abort-deconfigure)
+    ;;
+
+    *)
+        echo "postinst called with unknown argument \`$1'" >&2
+        exit 1
+    ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
diff --git a/packages/crashbox-config/debian/crashbox-git-config.cron.d b/packages/crashbox-config/debian/crashbox-git-config.cron.d
new file mode 100644
index 0000000..d9cadfd
--- /dev/null
+++ b/packages/crashbox-config/debian/crashbox-git-config.cron.d
@@ -0,0 +1 @@
+0 0 * * * git /usr/bin/gh-mirror-all
+\ No newline at end of file
diff --git a/packages/crashbox-config/debian/crashbox-git-config.install b/packages/crashbox-config/debian/crashbox-git-config.install
new file mode 100644
index 0000000..a7d3e36
--- /dev/null
+++ b/packages/crashbox-config/debian/crashbox-git-config.install
@@ -0,0 +1,3 @@
+git/etc/* etc
+git/usr/* usr
+git/var/* var
diff --git a/packages/crashbox-config/debian/crashbox-git-config.postinst b/packages/crashbox-config/debian/crashbox-git-config.postinst
new file mode 100644
index 0000000..774869e
--- /dev/null
+++ b/packages/crashbox-config/debian/crashbox-git-config.postinst
@@ -0,0 +1,45 @@
+#!/bin/sh
+#
+# see: dh_installdeb(1)
+
+set -e
+
+# summary of how this script can be called:
+#        * <postinst> `configure' <most-recently-configured-version>
+#        * <old-postinst> `abort-upgrade' <new version>
+#        * <conflictor's-postinst> `abort-remove' `in-favour' <package>
+#          <new-version>
+#        * <postinst> `abort-remove'
+#        * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
+#          <failed-install-package> <version> `removing'
+#          <conflicting-package> <version>
+# for details, see https://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+
+
+case "$1" in
+    configure)
+	adduser --group --system --home /var/lib/git git
+	mkdir -p /srv/git
+	chown -R git:git /srv/git
+	mkdir -p /var/lib/git/www/
+	ln -s /usr/share/cgit/cgit.css /var/lib/git/www/cgit.css
+	ln -s /usr/share/cgit/robots.txt /var/lib/git/www/robots.txt
+	deb-systemd-invoke restart nginx
+    ;;
+
+    abort-upgrade|abort-remove|abort-deconfigure)
+    ;;
+
+    *)
+        echo "postinst called with unknown argument \`$1'" >&2
+        exit 1
+    ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
diff --git a/packages/crashbox-config/debian/crashbox-ip-config.install b/packages/crashbox-config/debian/crashbox-ip-config.install
new file mode 100644
index 0000000..2646928
--- /dev/null
+++ b/packages/crashbox-config/debian/crashbox-ip-config.install
@@ -0,0 +1 @@
+ip/ip.conf etc/nginx/sites-enabled/
diff --git a/packages/crashbox-config/debian/crashbox-ip-config.postinst b/packages/crashbox-config/debian/crashbox-ip-config.postinst
new file mode 100644
index 0000000..90e58d6
--- /dev/null
+++ b/packages/crashbox-config/debian/crashbox-ip-config.postinst
@@ -0,0 +1,40 @@
+#!/bin/sh
+# postinst script for crashbox-ip-config
+#
+# see: dh_installdeb(1)
+
+set -e
+
+# summary of how this script can be called:
+#        * <postinst> `configure' <most-recently-configured-version>
+#        * <old-postinst> `abort-upgrade' <new version>
+#        * <conflictor's-postinst> `abort-remove' `in-favour' <package>
+#          <new-version>
+#        * <postinst> `abort-remove'
+#        * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
+#          <failed-install-package> <version> `removing'
+#          <conflicting-package> <version>
+# for details, see https://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+
+
+case "$1" in
+    configure)
+	deb-systemd-invoke restart nginx
+    ;;
+
+    abort-upgrade|abort-remove|abort-deconfigure)
+    ;;
+
+    *)
+        echo "postinst called with unknown argument \`$1'" >&2
+        exit 1
+    ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
diff --git a/packages/crashbox-config/debian/crashbox-nginx-config.install b/packages/crashbox-config/debian/crashbox-nginx-config.install
new file mode 100644
index 0000000..f2ed0d3
--- /dev/null
+++ b/packages/crashbox-config/debian/crashbox-nginx-config.install
@@ -0,0 +1 @@
+nginx/etc/* etc
diff --git a/packages/crashbox-config/debian/crashbox-nginx-config.postinst b/packages/crashbox-config/debian/crashbox-nginx-config.postinst
new file mode 100644
index 0000000..7a22244
--- /dev/null
+++ b/packages/crashbox-config/debian/crashbox-nginx-config.postinst
@@ -0,0 +1,54 @@
+#!/bin/sh
+# postinst script for crashbox-nginx-config
+#
+# see: dh_installdeb(1)
+
+set -e
+
+# summary of how this script can be called:
+#        * <postinst> `configure' <most-recently-configured-version>
+#        * <old-postinst> `abort-upgrade' <new version>
+#        * <conflictor's-postinst> `abort-remove' `in-favour' <package>
+#          <new-version>
+#        * <postinst> `abort-remove'
+#        * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
+#          <failed-install-package> <version> `removing'
+#          <conflicting-package> <version>
+# for details, see https://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+
+
+case "$1" in
+    configure)
+	ln -f -s /etc/nginx/sites-available/default.conf /etc/nginx/sites-enabled/default
+	usermod --append --groups ssl-cert www-data
+	ufw allow 80/tcp
+	ufw allow 443/tcp
+
+	if [ ! -r /etc/ssl/private/server.key.pem ] \
+		  || [ ! -r /etc/ssl/server.cert.pem ] \
+		  || [ ! -r /etc/ssl/issuer.cert.pem ]; then
+	    ln -f -s /etc/ssl/private/ssl-cert-snakeoil.key /etc/ssl/private/server.key.pem
+	    ln -f -s /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/ssl/server.cert.pem
+	    ln -f -s /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/ssl/issuer.cert.pem
+	    echo "WARNING: no certificates found, falling back to snakeoil certificates!" >&2
+	fi
+	
+	deb-systemd-invoke restart nginx
+    ;;
+
+    abort-upgrade|abort-remove|abort-deconfigure)
+    ;;
+
+    *)
+        echo "postinst called with unknown argument \`$1'" >&2
+        exit 1
+    ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
diff --git a/packages/crashbox-config/debian/rules b/packages/crashbox-config/debian/rules
new file mode 100755
index 0000000..9946432
--- /dev/null
+++ b/packages/crashbox-config/debian/rules
@@ -0,0 +1,18 @@
+#!/usr/bin/make -f
+# See debhelper(7) (uncomment to enable)
+# output every command that modifies files on the build system.
+#export DH_VERBOSE = 1
+
+
+# see FEATURE AREAS in dpkg-buildflags(1)
+#export DEB_BUILD_MAINT_OPTIONS = hardening=+all
+
+# see ENVIRONMENT in dpkg-buildflags(1)
+# package maintainers to append CFLAGS
+#export DEB_CFLAGS_MAINT_APPEND  = -Wall -pedantic
+# package maintainers to append LDFLAGS
+#export DEB_LDFLAGS_MAINT_APPEND = -Wl,--as-needed
+
+
+%:
+	dh $@
diff --git a/packages/crashbox-config/debian/source/format b/packages/crashbox-config/debian/source/format
new file mode 100644
index 0000000..89ae9db
--- /dev/null
+++ b/packages/crashbox-config/debian/source/format
@@ -0,0 +1 @@
+3.0 (native)