yamabiiko
/
dot-files
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Update from master

This commit is contained in:
yamabiiko 2021-07-02 12:23:06 +00:00
parent f64f2a0196
commit dfa7b33c07
22 changed files with 634 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitattributes vendored
View File

@ -1 +1,2 @@
neovim/*.conf gitlab-language=vim
emacs/*.conf gitlab-language=elisp

12
README.md
View File

@ -23,5 +23,15 @@ edit the .gitattributes file accordingly:
```txt
neovim/*.conf gitlab-language=vim
spacemacs/*.conf gitlab-language=elisp
emacs/*.conf gitlab-language=elisp
```
## Support
<a href="https://liberapay.com/Unitoo/donate"><img alt="Donate using Liberapay" src="https://liberapay.com/assets/widgets/donate.svg"></a>
---
> [unitoo.it](https://www.unitoo.it) &nbsp;&middot;&nbsp;
> Mastodon [@unitoo](https://mastodon.uno/@unitoo) &nbsp;&middot;&nbsp;
> GitHub [@UnitooTeam](https://github.com/UnitooTeam)

18
apache/etc/httpd/conf.d/virtualhost-example.conf Normal file
View File

@ -0,0 +1,18 @@
<VirtualHost *:443>
# YOUR CONFIG
# Redirect all request to a 503 return code when in maintenance mode
ErrorDocument 503 /maintenance/index.html
RewriteEngine on
RewriteCond /var/www/maintenance/ALL -f [OR]
RewriteCond /var/www/maintenance/%{SERVER_NAME} -f
RewriteCond %{REQUEST_URI} !=/maintenance/index.html
RewriteCond %{REQUEST_URI} !=/maintenance/index.png
RewriteRule ^ - [R=503,L]
# Redirect away from the maintenance page if not in maintenance mode
RewriteCond /var/www/maintenance/ALL !-f
RewriteCond /var/www/maintenance/%{SERVER_NAME} !-f
RewriteRule ^/maintenance/index.html$ / [R,L]
</VirtualHost>

7
apache/etc/httpd/conf/httpd-maintenance.conf Normal file
View File

@ -0,0 +1,7 @@
## YOUR CONFIG HERE
<IfModule alias_module>
## OTHER CONFIG HERE
Alias "/maintenance" "/var/www/maintenance"
</IfModule>

4
apache/etc/httpd/conf/httpd-no-signature.conf Normal file
View File

@ -0,0 +1,4 @@
## MAIN CONFIG HERE
ServerTokens Prod
ServerSignature Off

8
apache/etc/httpd/conf/httpd-server-status.conf Normal file
View File

@ -0,0 +1,8 @@
## MAIN CONFIG HERE
<Location "/server-status">
SetHandler server-status
Order deny,allow
Deny from all
Allow from 127.0.0.1
</Location>

20
apache/var/www/maintenance/index.html Normal file
View File

@ -0,0 +1,20 @@
<!doctype html>
<title>Site Maintenance</title>
<style>
body { text-align: center; padding: 150px; }
h1 { font-size: 3rem; }
body { font: 1.5rem Helvetica, sans-serif; color: #333; }
article { display: block; text-align: middle; width: 650px; margin: 0 auto; }
a { color: #dc8100; text-decoration: none; }
a:hover { color: #333; text-decoration: none; }
</style>
<article>
<img src="maintenance/index.png" height=270>
<h1>We&rsquo;ll be back soon!</h1>
<div>
<p>We&rsquo;re performing some hacks at the moment.
<br>You can always <a href="mailto:info@unitoo.pw">contact us</a>!</p>
<p>&mdash; Your best friend &#x1F60E</p>
</div>
</article>

BIN
apache/var/www/maintenance/index.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 55 KiB

327
emacs/spacemacs.conf Normal file
View File

@ -0,0 +1,327 @@
;; -*- mode: emacs-lisp -*-
;; This file is loaded by Spacemacs at startup.
;; It must be stored in your home directory.
(defun dotspacemacs/layers ()
"Configuration Layers declaration.
You should not put any user code in this function besides modifying the variable
values."
(setq-default
;; Base distribution to use. This is a layer contained in the directory
;; `+distribution'. For now available distributions are `spacemacs-base'
;; or `spacemacs'. (default 'spacemacs)
dotspacemacs-distribution 'spacemacs
;; Lazy installation of layers (i.e. layers are installed only when a file
;; with a supported type is opened). Possible values are `all', `unused'
;; and `nil'. `unused' will lazy install only unused layers (i.e. layers
;; not listed in variable `dotspacemacs-configuration-layers'), `all' will
;; lazy install any layer that support lazy installation even the layers
;; listed in `dotspacemacs-configuration-layers'. `nil' disable the lazy
;; installation feature and you have to explicitly list a layer in the
;; variable `dotspacemacs-configuration-layers' to install it.
;; (default 'unused)
dotspacemacs-enable-lazy-installation 'unused
;; If non-nil then Spacemacs will ask for confirmation before installing
;; a layer lazily. (default t)
dotspacemacs-ask-for-lazy-installation t
;; If non-nil layers with lazy install support are lazy installed.
;; List of additional paths where to look for configuration layers.
;; Paths must have a trailing slash (i.e. `~/.mycontribs/')
dotspacemacs-configuration-layer-path '()
;; List of configuration layers to load.
dotspacemacs-configuration-layers
'(systemd
;; ----------------------------------------------------------------
;; Example of useful layers you may want to use right away.
;; Uncomment some layer names and press <SPC f e R> (Vim style) or
;; <M-m f e R> (Emacs style) to install them.
;; ----------------------------------------------------------------
(ruby :variables ruby-version-manager 'rbenv ruby-enable-enh-ruby-mode t)
yaml
html
javascript
coffeescript
markdown
sql
ruby-on-rails
helm
(colors :variables colors-enable-nyan-cat-progress-bar t)
better-defaults
emacs-lisp
syntax-checking
semantic
shell
php
)
;; List of additional packages that will be installed without being
;; wrapped in a layer. If you need some configuration for these
;; packages, then consider creating a layer. You can also put the
;; configuration in `dotspacemacs/user-config'.
dotspacemacs-additional-packages '(xclip base16-theme)
;; A list of packages that cannot be updated.
dotspacemacs-frozen-packages '()
;; A list of packages that will not be installed and loaded.
dotspacemacs-excluded-packages '()
;; Defines the behaviour of Spacemacs when installing packages.
;; Possible values are `used-only', `used-but-keep-unused' and `all'.
;; `used-only' installs only explicitly used packages and uninstall any
;; unused packages as well as their unused dependencies.
;; `used-but-keep-unused' installs only the used packages but won't uninstall
;; them if they become unused. `all' installs *all* packages supported by
;; Spacemacs and never uninstall them. (default is `used-only')
dotspacemacs-install-packages 'used-only))
(defun dotspacemacs/init ()
"Initialization function.
This function is called at the very startup of Spacemacs initialization
before layers configuration.
You should not put any user code in there besides modifying the variable
values."
;; This setq-default sexp is an exhaustive list of all the supported
;; spacemacs settings.
(setq-default
;; If non nil ELPA repositories are contacted via HTTPS whenever it's
;; possible. Set it to nil if you have no way to use HTTPS in your
;; environment, otherwise it is strongly recommended to let it set to t.
;; This variable has no effect if Emacs is launched with the parameter
;; `--insecure' which forces the value of this variable to nil.
;; (default t)
dotspacemacs-elpa-https t
;; Maximum allowed time in seconds to contact an ELPA repository.
dotspacemacs-elpa-timeout 5
;; If non nil then spacemacs will check for updates at startup
;; when the current branch is not `develop'. Note that checking for
;; new versions works via git commands, thus it calls GitHub services
;; whenever you start Emacs. (default nil)
dotspacemacs-check-for-update nil
;; If non-nil, a form that evaluates to a package directory. For example, to
;; use different package directories for different Emacs versions, set this
;; to `emacs-version'.
dotspacemacs-elpa-subdirectory nil
;; One of `vim', `emacs' or `hybrid'.
;; `hybrid' is like `vim' except that `insert state' is replaced by the
;; `hybrid state' with `emacs' key bindings. The value can also be a list
;; with `:variables' keyword (similar to layers). Check the editing styles
;; section of the documentation for details on available variables.
;; (default 'vim)
dotspacemacs-editing-style 'vim
;; If non nil output loading progress in `*Messages*' buffer. (default nil)
dotspacemacs-verbose-loading nil
;; Specify the startup banner. Default value is `official', it displays
;; the official spacemacs logo. An integer value is the index of text
;; banner, `random' chooses a random text banner in `core/banners'
;; directory. A string value must be a path to an image format supported
;; by your Emacs build.
;; If the value is nil then no banner is displayed. (default 'official)
dotspacemacs-startup-banner nil
;; List of items to show in startup buffer or an association list of
;; the form `(list-type . list-size)`. If nil then it is disabled.
;; Possible values for list-type are:
;; `recents' `bookmarks' `projects' `agenda' `todos'."
;; List sizes may be nil, in which case
;; `spacemacs-buffer-startup-lists-length' takes effect.
dotspacemacs-startup-lists '((bookmarks . 5)
(recents . 5)
(projects . 7))
;; True if the home buffer should respond to resize events.
dotspacemacs-startup-buffer-responsive t
;; Default major mode of the scratch buffer (default `text-mode')
dotspacemacs-scratch-mode 'text-mode
;; List of themes, the first of the list is loaded when spacemacs starts.
;; Press <SPC> T n to cycle to the next theme in the list (works great
;; with 2 themes variants, one dark and one light)
dotspacemacs-themes '(base16-one-light
spacemacs-light
spacemacs-dark)
dotspacemacs-colorize-cursor-according-to-state t
;; Default font, or prioritized list of fonts. `powerline-scale' allows to
;; quickly tweak the mode-line size to make separators look not too crappy.
dotspacemacs-default-font '("Anonymous Pro for Powerline"
:size 18
:powerline-scale 1.4)
;; The leader key
dotspacemacs-leader-key "SPC"
;; The key used for Emacs commands (M-x) (after pressing on the leader key).
;; (default "SPC")
dotspacemacs-emacs-command-key "SPC"
;; The key used for Vim Ex commands (default ":")
dotspacemacs-ex-command-key ":"
;; The leader key accessible in `emacs state' and `insert state'
;; (default "M-m")
dotspacemacs-emacs-leader-key "M-m"
;; Major mode leader key is a shortcut key which is the equivalent of
;; pressing `<leader> m`. Set it to `nil` to disable it. (default ",")
dotspacemacs-major-mode-leader-key ","
;; Major mode leader key accessible in `emacs state' and `insert state'.
;; (default "C-M-m")
dotspacemacs-major-mode-emacs-leader-key "C-M-m"
;; These variables control whether separate commands are bound in the GUI to
;; the key pairs C-i, TAB and C-m, RET.
;; Setting it to a non-nil value, allows for separate commands under <C-i>
;; and TAB or <C-m> and RET.
;; In the terminal, these pairs are generally indistinguishable, so this only
;; works in the GUI. (default nil)
dotspacemacs-distinguish-gui-tab nil
;; If non nil `Y' is remapped to `y$' in Evil states. (default nil)
dotspacemacs-remap-Y-to-y$ nil
;; If non-nil, the shift mappings `<' and `>' retain visual state if used
;; there. (default t)
dotspacemacs-retain-visual-state-on-shift t
;; If non-nil, J and K move lines up and down when in visual mode.
;; (default nil)
dotspacemacs-visual-line-move-text nil
;; If non nil, inverse the meaning of `g' in `:substitute' Evil ex-command.
;; (default nil)
dotspacemacs-ex-substitute-global nil
;; Name of the default layout (default "Default")
dotspacemacs-default-layout-name "Default"
;; If non nil the default layout name is displayed in the mode-line.
;; (default nil)
dotspacemacs-display-default-layout nil
;; If non nil then the last auto saved layouts are resume automatically upon
;; start. (default nil)
dotspacemacs-auto-resume-layouts nil
;; Size (in MB) above which spacemacs will prompt to open the large file
;; literally to avoid performance issues. Opening a file literally means that
;; no major mode or minor modes are active. (default is 1)
dotspacemacs-large-file-size 1
;; Location where to auto-save files. Possible values are `original' to
;; auto-save the file in-place, `cache' to auto-save the file to another
;; file stored in the cache directory and `nil' to disable auto-saving.
;; (default 'cache)
dotspacemacs-auto-save-file-location 'cache
;; Maximum number of rollback slots to keep in the cache. (default 5)
dotspacemacs-max-rollback-slots 5
;; If non nil, `helm' will try to minimize the space it uses. (default nil)
dotspacemacs-helm-resize nil
;; if non nil, the helm header is hidden when there is only one source.
;; (default nil)
dotspacemacs-helm-no-header nil
;; define the position to display `helm', options are `bottom', `top',
;; `left', or `right'. (default 'bottom)
dotspacemacs-helm-position 'bottom
;; Controls fuzzy matching in helm. If set to `always', force fuzzy matching
;; in all non-asynchronous sources. If set to `source', preserve individual
;; source settings. Else, disable fuzzy matching in all sources.
;; (default 'always)
dotspacemacs-helm-use-fuzzy 'always
;; If non nil the paste micro-state is enabled. When enabled pressing `p`
;; several times cycle between the kill ring content. (default nil)
dotspacemacs-enable-paste-transient-state nil
;; Which-key delay in seconds. The which-key buffer is the popup listing
;; the commands bound to the current keystroke sequence. (default 0.4)
dotspacemacs-which-key-delay 0.4
;; Which-key frame position. Possible values are `right', `bottom' and
;; `right-then-bottom'. right-then-bottom tries to display the frame to the
;; right; if there is insufficient space it displays it at the bottom.
;; (default 'bottom)
dotspacemacs-which-key-position 'bottom
;; If non nil a progress bar is displayed when spacemacs is loading. This
;; may increase the boot time on some systems and emacs builds, set it to
;; nil to boost the loading time. (default t)
dotspacemacs-loading-progress-bar nil
;; If non nil the frame is fullscreen when Emacs starts up. (default nil)
;; (Emacs 24.4+ only)
dotspacemacs-fullscreen-at-startup nil
;; If non nil `spacemacs/toggle-fullscreen' will not use native fullscreen.
;; Use to disable fullscreen animations in OSX. (default nil)
dotspacemacs-fullscreen-use-non-native nil
;; If non nil the frame is maximized when Emacs starts up.
;; Takes effect only if `dotspacemacs-fullscreen-at-startup' is nil.
;; (default nil) (Emacs 24.4+ only)
dotspacemacs-maximized-at-startup t
;; A value from the range (0..100), in increasing opacity, which describes
;; the transparency level of a frame when it's active or selected.
;; Transparency can be toggled through `toggle-transparency'. (default 90)
dotspacemacs-active-transparency 90
;; A value from the range (0..100), in increasing opacity, which describes
;; the transparency level of a frame when it's inactive or deselected.
;; Transparency can be toggled through `toggle-transparency'. (default 90)
dotspacemacs-inactive-transparency 90
;; If non nil show the titles of transient states. (default t)
dotspacemacs-show-transient-state-title t
;; If non nil show the color guide hint for transient state keys. (default t)
dotspacemacs-show-transient-state-color-guide t
;; If non nil unicode symbols are displayed in the mode line. (default t)
dotspacemacs-mode-line-unicode-symbols t
;; If non nil smooth scrolling (native-scrolling) is enabled. Smooth
;; scrolling overrides the default behavior of Emacs which recenters point
;; when it reaches the top or bottom of the screen. (default t)
dotspacemacs-smooth-scrolling t
;; Control line numbers activation.
;; If set to `t' or `relative' line numbers are turned on in all `prog-mode' and
;; `text-mode' derivatives. If set to `relative', line numbers are relative.
;; This variable can also be set to a property list for finer control:
;; '(:relative nil
;; :disabled-for-modes dired-mode
;; doc-view-mode
;; markdown-mode
;; org-mode
;; pdf-view-mode
;; text-mode
;; :size-limit-kb 1000)
;; (default nil)
dotspacemacs-line-numbers t
;; Code folding method. Possible values are `evil' and `origami'.
;; (default 'evil)
dotspacemacs-folding-method 'evil
;; If non-nil smartparens-strict-mode will be enabled in programming modes.
;; (default nil)
dotspacemacs-smartparens-strict-mode nil
;; If non-nil pressing the closing parenthesis `)' key in insert mode passes
;; over any automatically added closing parenthesis, bracket, quote, etc…
;; This can be temporary disabled by pressing `C-q' before `)'. (default nil)
dotspacemacs-smart-closing-parenthesis nil
;; Select a scope to highlight delimiters. Possible values are `any',
;; `current', `all' or `nil'. Default is `all' (highlight any scope and
;; emphasis the current one). (default 'all)
dotspacemacs-highlight-delimiters 'all
;; If non nil, advise quit functions to keep server open when quitting.
;; (default nil)
dotspacemacs-persistent-server nil
;; List of search tool executable names. Spacemacs uses the first installed
;; tool of the list. Supported tools are `ag', `pt', `ack' and `grep'.
;; (default '("ag" "pt" "ack" "grep"))
dotspacemacs-search-tools '("ag" "pt" "ack" "grep")
;; The default package repository used if no explicit repository has been
;; specified with an installed package.
;; Not used for now. (default nil)
dotspacemacs-default-package-repository nil
;; Delete whitespace while saving buffer. Possible values are `all'
;; to aggressively delete empty line and long sequences of whitespace,
;; `trailing' to delete only the whitespace at end of lines, `changed'to
;; delete only whitespace for changed lines or `nil' to disable cleanup.
;; (default nil)
dotspacemacs-whitespace-cleanup nil
))
(defun dotspacemacs/user-init ()
"Initialization function for user code.
It is called immediately after `dotspacemacs/init', before layer configuration
executes.
This function is mostly useful for variables that need to be set
before packages are loaded. If you are unsure, you should try in setting them in
`dotspacemacs/user-config' first."
)
(defun dotspacemacs/user-config ()
"Configuration function for user code.
This function is called at the very end of Spacemacs initialization after
layers configuration.
This is the place where most of your configurations should be done. Unless it is
explicitly specified that a variable should be set before a package is loaded,
you should place your code here."
(add-hook 'before-save-hook 'delete-trailing-whitespace)
;; Activate column indicator in prog-mode and text-mode
;; (add-hook 'prog-mode-hook 'turn-on-fci-mode)
;; (add-hook 'text-mode-hook 'turn-on-fci-mode)
(setq enh-ruby-add-encoding-comment-on-save nil)
(setq powerline-default-separator 'arrow)
(cancel-timer recentf-auto-save-timer)
(xclip-mode 1)
)
;; Do not write anything past this comment. This is where Emacs will
;; auto-generate custom variable definitions.

28
emacs/spacemacs.md Normal file
View File

@ -0,0 +1,28 @@
# Spacemacs configuration
![spacemacs example](spacemacs.png "Emacs with this Spacemacs configuration")
# Quick setup
1. Copy the `spacemacs.conf` file in your $HOME directory and rename as `.spacemacs`
2. Adapt the file for your needs
3. Install dependecies, for each layer in `dotspacemacs-configuration-layers` function following respective documentation, starting here: [spacemacs layers](https://github.com/syl20bnr/spacemacs/tree/develop/layers)
4. Install your font; in this conf we are using "Anonymous Pro for Powerline"
5. Execute this:
```bash
git clone https://github.com/syl20bnr/spacemacs ~/.emacs.d
```
## Extra features
* https Elpa enabled
* Base16 Light Theme
* xclip is working
* arrow as powerline separator
* automatic trailing whitespaces deletion
## Power features
* Nyan cat scroll bar

BIN
emacs/spacemacs.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 92 KiB

22
iptables/iptables-http-full-f2b.fw Normal file
View File

@ -0,0 +1,22 @@
*filter
:INPUT DROP [4414218:211789180]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [17973:1146056]
:f2b-sshd - [0:0]
-A INPUT -p tcp -m multiport --dports 22 -j f2b-sshd
-A INPUT -i lo -j ACCEPT
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -m conntrack --ctstate INVALID -j DROP
-A INPUT -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 587 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 22 -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 80 -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 443 -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 25 -j REJECT --reject-with icmp-port-unreachable
-A OUTPUT -p tcp -m tcp --sport 587 -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A f2b-sshd -j RETURN
COMMIT

20
iptables/iptables-http-full.fw Normal file
View File

@ -0,0 +1,20 @@
*filter
:INPUT DROP [4414218:211789180]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [17973:1146056]
-A INPUT -i lo -j ACCEPT
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -m conntrack --ctstate INVALID -j DROP
-A INPUT -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 587 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 22 -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 80 -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 443 -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 25 -j REJECT --reject-with icmp-port-unreachable
-A OUTPUT -p tcp -m tcp --sport 587 -m conntrack --ctstate ESTABLISHED -j ACCEPT
COMMIT

14
iptables/iptables-ssh-only.fw Normal file
View File

@ -0,0 +1,14 @@
*filter
:INPUT DROP [4414218:211789180]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [17973:1146056]
-A INPUT -i lo -j ACCEPT
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -m conntrack --ctstate INVALID -j DROP
-A INPUT -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 22 -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 25 -j REJECT --reject-with icmp-port-unreachable
COMMIT

16
iptables/iptables.md Normal file
View File

@ -0,0 +1,16 @@
# Configurations
All configurations includes:
* INPUT DROP
* SSH port on 22.
* SMTP port 25 as `--reject-with icmp-port-unreachable`
- [ssh-only](iptables-ssh-only.fw) -> SSH
- [http-full](iptables-http-full.fw) -> HTTP/ HTTPS/ SMTPS
- [http-full-f2b](iptables-http-full-f2b.fw) -> HTTP/ HTTPS/ SMTPS/ fail2ban
## Usage
Simply:
```bash
iptables-restore < file.fw
```

99
postgresql/etc/postgresql/pg_hba.conf Normal file
View File

@ -0,0 +1,99 @@
# PostgreSQL Client Authentication Configuration File
# ===================================================
#
# Refer to the "Client Authentication" section in the PostgreSQL
# documentation for a complete description of this file. A short
# synopsis follows.
#
# This file controls: which hosts are allowed to connect, how clients
# are authenticated, which PostgreSQL user names they can use, which
# databases they can access. Records take one of these forms:
#
# local DATABASE USER METHOD [OPTIONS]
# host DATABASE USER ADDRESS METHOD [OPTIONS]
# hostssl DATABASE USER ADDRESS METHOD [OPTIONS]
# hostnossl DATABASE USER ADDRESS METHOD [OPTIONS]
#
# (The uppercase items must be replaced by actual values.)
#
# The first field is the connection type: "local" is a Unix-domain
# socket, "host" is either a plain or SSL-encrypted TCP/IP socket,
# "hostssl" is an SSL-encrypted TCP/IP socket, and "hostnossl" is a
# plain TCP/IP socket.
#
# DATABASE can be "all", "sameuser", "samerole", "replication", a
# database name, or a comma-separated list thereof. The "all"
# keyword does not match "replication". Access to replication
# must be enabled in a separate record (see example below).
#
# USER can be "all", a user name, a group name prefixed with "+", or a
# comma-separated list thereof. In both the DATABASE and USER fields
# you can also write a file name prefixed with "@" to include names
# from a separate file.
#
# ADDRESS specifies the set of hosts the record matches. It can be a
# host name, or it is made up of an IP address and a CIDR mask that is
# an integer (between 0 and 32 (IPv4) or 128 (IPv6) inclusive) that
# specifies the number of significant bits in the mask. A host name
# that starts with a dot (.) matches a suffix of the actual host name.
# Alternatively, you can write an IP address and netmask in separate
# columns to specify the set of hosts. Instead of a CIDR-address, you
# can write "samehost" to match any of the server's own IP addresses,
# or "samenet" to match any address in any subnet that the server is
# directly connected to.
#
# METHOD can be "trust", "reject", "md5", "password", "scram-sha-256",
# "gss", "sspi", "ident", "peer", "pam", "ldap", "radius" or "cert".
# Note that "password" sends passwords in clear text; "md5" or
# "scram-sha-256" are preferred since they send encrypted passwords.
#
# OPTIONS are a set of options for the authentication in the format
# NAME=VALUE. The available options depend on the different
# authentication methods -- refer to the "Client Authentication"
# section in the documentation for a list of which options are
# available for which authentication methods.
#
# Database and user names containing spaces, commas, quotes and other
# special characters must be quoted. Quoting one of the keywords
# "all", "sameuser", "samerole" or "replication" makes the name lose
# its special character, and just match a database or username with
# that name.
#
# This file is read on server startup and when the server receives a
# SIGHUP signal. If you edit the file on a running system, you have to
# SIGHUP the server for the changes to take effect, run "pg_ctl reload",
# or execute "SELECT pg_reload_conf()".
#
# Put your actual configuration here
# ----------------------------------
#
# If you want to allow non-local connections, you need to add more
# "host" records. In that case you will also need to make PostgreSQL
# listen on a non-local interface via the listen_addresses
# configuration parameter, or via the -i or -h command line switches.
# DO NOT DISABLE!
# If you change this first entry you will need to make sure that the
# database superuser can access the database using some other method.
# Noninteractive access to all databases is required during automatic
# maintenance (custom daily cronjobs, replication, and similar tasks).
#
# Database administrative login by Unix domain socket
local all postgres peer
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all scram-sha-256
# IPv4 local connections:
host all all 127.0.0.1/32 scram-sha-256
# IPv6 local connections:
host all all ::1/128 scram-sha-256
# Allow replication connections from localhost, by a user with the
# replication privilege.
local replication all peer
host replication all 127.0.0.1/32 scram-sha-256
host replication all ::1/128 scram-sha-256

5
postgresql/etc/postgresql/postgresql.conf Normal file
View File

@ -0,0 +1,5 @@
## OTHER CONFIG
password_encryption = scram-sha-256
## END CONFIG

1
prometheus/exporters/etc/default/prometheus-apache-exporter Normal file
View File

@ -0,0 +1 @@
ARGS='--scrape_uri="http://127.0.0.1/server-status?auto"'

1
prometheus/exporters/etc/default/prometheus-nginx-exporter Normal file
View File

@ -0,0 +1 @@
ARGS="-nginx.scrape-uri http://127.0.0.1:80/stub_status"

2
prometheus/exporters/etc/default/prometheus-postgresql-exporter Normal file
View File

@ -0,0 +1,2 @@
# peer mode
DATA_SOURCE_NAME='host=/var/run/postgresql sslmode=disable'

15
prometheus/exporters/etc/systemd/system/prometheus-apache-exporter.service Normal file
View File

@ -0,0 +1,15 @@
[Unit]
Description=Prometheus exporter for Apache
Documentation=https://github.com/Lusitaniae/apache_exporter
Wants=network-online.target
After=network-online.target
[Service]
User=root
Group=root
Type=simple
EnvironmentFile=/etc/default/prometheus-apache-exporter
ExecStart=/usr/bin/apache_exporter $ARGS
[Install]
WantedBy=multi-user.target

15
prometheus/exporters/etc/systemd/system/prometheus-mysqld-exporter.service Normal file
View File

@ -0,0 +1,15 @@
[Unit]
Description=Prometheus exporter for MariaDB
Documentation=https://github.com/prometheus/mysqld_exporter
Wants=network-online.target
After=network-online.target
[Service]
User=root
Group=root
Type=simple
EnvironmentFile=/etc/default/prometheus-mariadb-exporter
ExecStart=/usr/bin/mysqld_exporter $ARGS
[Install]
WantedBy=multi-user.target