diff options
Diffstat (limited to 'packages/crashbox-config/debian')
15 files changed, 278 insertions, 0 deletions
diff --git a/packages/crashbox-config/debian/changelog b/packages/crashbox-config/debian/changelog new file mode 100644 index 0000000..4991b8d --- /dev/null +++ b/packages/crashbox-config/debian/changelog @@ -0,0 +1,5 @@ +crashbox-config (1) unstable; urgency=medium + + * Initial Release. + + -- Jakob Odersky <infra@crashbox.io> Tue, 28 Aug 2018 21:47:21 -0700 diff --git a/packages/crashbox-config/debian/compat b/packages/crashbox-config/debian/compat new file mode 100644 index 0000000..b4de394 --- /dev/null +++ b/packages/crashbox-config/debian/compat @@ -0,0 +1 @@ +11 diff --git a/packages/crashbox-config/debian/control b/packages/crashbox-config/debian/control new file mode 100644 index 0000000..aacca52 --- /dev/null +++ b/packages/crashbox-config/debian/control @@ -0,0 +1,38 @@ +Source: crashbox-config +Section: admin +Priority: optional +Maintainer: Jakob Odersky <infra@crashbox.io> +Build-Depends: debhelper (>= 11) +Standards-Version: 4.1.3 + +Package: crashbox-base-config +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, apt-listchanges, ca-certificates, curl, jq, openssl, rsync, ufw, unattended-upgrades, wget, sudo +Provides: ${diverted-files} +Conflicts: ${diverted-files} +Description: configuration for base system + Adds local customizations to the base system configuration. + +Package: crashbox-nginx-config +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, ssl-cert, nginx, crashbox-base-config +Provides: ${diverted-files} +Conflicts: ${diverted-files} +Description: local nginx configuration + Adds local customizations to nginx config + +Package: crashbox-ip-config +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, crashbox-nginx-config +Provides: ${diverted-files} +Conflicts: ${diverted-files} +Description: what-is-my-ip website + Adds an nginx site that echoes back a remote IP address + +Package: crashbox-git-config +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, crashbox-nginx-config, cgit, python3-pygments, python3-markdown, git-core, fcgiwrap, adduser +Provides: ${diverted-files} +Conflicts: ${diverted-files} +Description: cgit web interface + Adds an nginx site that serves a CGit instance
\ No newline at end of file diff --git a/packages/crashbox-config/debian/copyright b/packages/crashbox-config/debian/copyright new file mode 100644 index 0000000..ac7fbf4 --- /dev/null +++ b/packages/crashbox-config/debian/copyright @@ -0,0 +1,27 @@ +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: crashbox-config + +Files: * +Copyright: 2018 Jakob Odersky <jakob@odersky.com> +License: GPL-3.0+ + +Files: debian/* +Copyright: 2018 Jakob Odersky <jakob@odersky.com> +License: GPL-3.0+ + +License: GPL-3.0+ + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + . + This package is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + . + You should have received a copy of the GNU General Public License + along with this program. If not, see <https://www.gnu.org/licenses/>. + . + On Debian systems, the complete text of the GNU General + Public License version 3 can be found in "/usr/share/common-licenses/GPL-3".
\ No newline at end of file diff --git a/packages/crashbox-config/debian/crashbox-base-config.install b/packages/crashbox-config/debian/crashbox-base-config.install new file mode 100644 index 0000000..ef80655 --- /dev/null +++ b/packages/crashbox-config/debian/crashbox-base-config.install @@ -0,0 +1 @@ +base/20auto-upgrades etc/apt/apt.conf.d/ diff --git a/packages/crashbox-config/debian/crashbox-base-config.postinst b/packages/crashbox-config/debian/crashbox-base-config.postinst new file mode 100644 index 0000000..b48f01f --- /dev/null +++ b/packages/crashbox-config/debian/crashbox-base-config.postinst @@ -0,0 +1,42 @@ +#!/bin/sh +# postinst script for crashbox-base-config +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * <postinst> `configure' <most-recently-configured-version> +# * <old-postinst> `abort-upgrade' <new version> +# * <conflictor's-postinst> `abort-remove' `in-favour' <package> +# <new-version> +# * <postinst> `abort-remove' +# * <deconfigured's-postinst> `abort-deconfigure' `in-favour' +# <failed-install-package> <version> `removing' +# <conflicting-package> <version> +# for details, see https://www.debian.org/doc/debian-policy/ or +# the debian-policy package + + +case "$1" in + configure) + ufw allow 22/tcp || true + ufw default deny || true + ufw --force enable || true + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + ;; + + *) + echo "postinst called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 diff --git a/packages/crashbox-config/debian/crashbox-git-config.cron.d b/packages/crashbox-config/debian/crashbox-git-config.cron.d new file mode 100644 index 0000000..d9cadfd --- /dev/null +++ b/packages/crashbox-config/debian/crashbox-git-config.cron.d @@ -0,0 +1 @@ +0 0 * * * git /usr/bin/gh-mirror-all
\ No newline at end of file diff --git a/packages/crashbox-config/debian/crashbox-git-config.install b/packages/crashbox-config/debian/crashbox-git-config.install new file mode 100644 index 0000000..a7d3e36 --- /dev/null +++ b/packages/crashbox-config/debian/crashbox-git-config.install @@ -0,0 +1,3 @@ +git/etc/* etc +git/usr/* usr +git/var/* var diff --git a/packages/crashbox-config/debian/crashbox-git-config.postinst b/packages/crashbox-config/debian/crashbox-git-config.postinst new file mode 100644 index 0000000..774869e --- /dev/null +++ b/packages/crashbox-config/debian/crashbox-git-config.postinst @@ -0,0 +1,45 @@ +#!/bin/sh +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * <postinst> `configure' <most-recently-configured-version> +# * <old-postinst> `abort-upgrade' <new version> +# * <conflictor's-postinst> `abort-remove' `in-favour' <package> +# <new-version> +# * <postinst> `abort-remove' +# * <deconfigured's-postinst> `abort-deconfigure' `in-favour' +# <failed-install-package> <version> `removing' +# <conflicting-package> <version> +# for details, see https://www.debian.org/doc/debian-policy/ or +# the debian-policy package + + +case "$1" in + configure) + adduser --group --system --home /var/lib/git git + mkdir -p /srv/git + chown -R git:git /srv/git + mkdir -p /var/lib/git/www/ + ln -s /usr/share/cgit/cgit.css /var/lib/git/www/cgit.css + ln -s /usr/share/cgit/robots.txt /var/lib/git/www/robots.txt + deb-systemd-invoke restart nginx + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + ;; + + *) + echo "postinst called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 diff --git a/packages/crashbox-config/debian/crashbox-ip-config.install b/packages/crashbox-config/debian/crashbox-ip-config.install new file mode 100644 index 0000000..2646928 --- /dev/null +++ b/packages/crashbox-config/debian/crashbox-ip-config.install @@ -0,0 +1 @@ +ip/ip.conf etc/nginx/sites-enabled/ diff --git a/packages/crashbox-config/debian/crashbox-ip-config.postinst b/packages/crashbox-config/debian/crashbox-ip-config.postinst new file mode 100644 index 0000000..90e58d6 --- /dev/null +++ b/packages/crashbox-config/debian/crashbox-ip-config.postinst @@ -0,0 +1,40 @@ +#!/bin/sh +# postinst script for crashbox-ip-config +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * <postinst> `configure' <most-recently-configured-version> +# * <old-postinst> `abort-upgrade' <new version> +# * <conflictor's-postinst> `abort-remove' `in-favour' <package> +# <new-version> +# * <postinst> `abort-remove' +# * <deconfigured's-postinst> `abort-deconfigure' `in-favour' +# <failed-install-package> <version> `removing' +# <conflicting-package> <version> +# for details, see https://www.debian.org/doc/debian-policy/ or +# the debian-policy package + + +case "$1" in + configure) + deb-systemd-invoke restart nginx + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + ;; + + *) + echo "postinst called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 diff --git a/packages/crashbox-config/debian/crashbox-nginx-config.install b/packages/crashbox-config/debian/crashbox-nginx-config.install new file mode 100644 index 0000000..f2ed0d3 --- /dev/null +++ b/packages/crashbox-config/debian/crashbox-nginx-config.install @@ -0,0 +1 @@ +nginx/etc/* etc diff --git a/packages/crashbox-config/debian/crashbox-nginx-config.postinst b/packages/crashbox-config/debian/crashbox-nginx-config.postinst new file mode 100644 index 0000000..7a22244 --- /dev/null +++ b/packages/crashbox-config/debian/crashbox-nginx-config.postinst @@ -0,0 +1,54 @@ +#!/bin/sh +# postinst script for crashbox-nginx-config +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * <postinst> `configure' <most-recently-configured-version> +# * <old-postinst> `abort-upgrade' <new version> +# * <conflictor's-postinst> `abort-remove' `in-favour' <package> +# <new-version> +# * <postinst> `abort-remove' +# * <deconfigured's-postinst> `abort-deconfigure' `in-favour' +# <failed-install-package> <version> `removing' +# <conflicting-package> <version> +# for details, see https://www.debian.org/doc/debian-policy/ or +# the debian-policy package + + +case "$1" in + configure) + ln -f -s /etc/nginx/sites-available/default.conf /etc/nginx/sites-enabled/default + usermod --append --groups ssl-cert www-data + ufw allow 80/tcp + ufw allow 443/tcp + + if [ ! -r /etc/ssl/private/server.key.pem ] \ + || [ ! -r /etc/ssl/server.cert.pem ] \ + || [ ! -r /etc/ssl/issuer.cert.pem ]; then + ln -f -s /etc/ssl/private/ssl-cert-snakeoil.key /etc/ssl/private/server.key.pem + ln -f -s /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/ssl/server.cert.pem + ln -f -s /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/ssl/issuer.cert.pem + echo "WARNING: no certificates found, falling back to snakeoil certificates!" >&2 + fi + + deb-systemd-invoke restart nginx + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + ;; + + *) + echo "postinst called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 diff --git a/packages/crashbox-config/debian/rules b/packages/crashbox-config/debian/rules new file mode 100755 index 0000000..9946432 --- /dev/null +++ b/packages/crashbox-config/debian/rules @@ -0,0 +1,18 @@ +#!/usr/bin/make -f +# See debhelper(7) (uncomment to enable) +# output every command that modifies files on the build system. +#export DH_VERBOSE = 1 + + +# see FEATURE AREAS in dpkg-buildflags(1) +#export DEB_BUILD_MAINT_OPTIONS = hardening=+all + +# see ENVIRONMENT in dpkg-buildflags(1) +# package maintainers to append CFLAGS +#export DEB_CFLAGS_MAINT_APPEND = -Wall -pedantic +# package maintainers to append LDFLAGS +#export DEB_LDFLAGS_MAINT_APPEND = -Wl,--as-needed + + +%: + dh $@ diff --git a/packages/crashbox-config/debian/source/format b/packages/crashbox-config/debian/source/format new file mode 100644 index 0000000..89ae9db --- /dev/null +++ b/packages/crashbox-config/debian/source/format @@ -0,0 +1 @@ +3.0 (native) |