diff options
Diffstat (limited to 'usr/local/etc')
-rw-r--r-- | usr/local/etc/cgitrc | 83 | ||||
-rw-r--r-- | usr/local/etc/gmid.conf | 24 | ||||
-rw-r--r-- | usr/local/etc/nginx/nginx.conf | 202 | ||||
-rw-r--r-- | usr/local/etc/pf.conf | 60 |
4 files changed, 0 insertions, 369 deletions
diff --git a/usr/local/etc/cgitrc b/usr/local/etc/cgitrc deleted file mode 100644 index b123224..0000000 --- a/usr/local/etc/cgitrc +++ /dev/null @@ -1,83 +0,0 @@ -# -# cgit config -# - -css=/css/cgit.css -logo=/img/cgit.png -favicon=/img/favicon.ico - -# if you do not want that webcrawler (like google) index your site -robots=index, nofollow - -# if cgit messes up links, use a virtual-root. For example, cgit.example.org/ has this value: -virtual-root=/ - -root-title=GitJoe -root-desc=where the good code belongs -root-readme=/usr/local/www/gitjoe/about.html -footer=/usr/local/www/gitjoe/footer.html - -clone-url=git://gitjoe.xyz/$CGIT_REPO_URL - -enable-blame=0 -enable-commit-graph=1 -enable-filter-overrides=1 -enable-follow-links=1 -enable-git-config=0 -enable-http-clone=0 -enable-http-serving=0 -enable-index-links=0 -enable-index-owner=0 -enable-log-filecount=1 -enable-log-linecount=1 -enable-remote-branches=1 -enable-subject-links=1 -enable-tree-linenumbers=1 - -branch-sort=age -repository-sort=name -local-time=0 -strict-export=git-daemon-export-ok -remove-suffix=1 -side-by-side-diffs=0 -section-sort=1 -section-from-path=1 - -cache-size=0 - -about-filter=/usr/local/lib/cgit/filters/about-formatting-edited.sh -source-filter=/usr/local/lib/cgit/filters/syntax-highlighting-edited.sh - -snapshots=tar.gz tar.bz2 tar.xz zip -max-stats=year - -readme=:README.md -readme=:readme.md -readme=:README.org -readme=:readme.org -readme=:README.mkd -readme=:readme.mkd -readme=:README.html -readme=:readme.html -readme=:README.htm -readme=:readme.htm -readme=:README.txt -readme=:readme.txt -readme=:README -readme=:readme -readme=:INSTALL.md -readme=:install.md -readme=:INSTALL.org -readme=:install.org -readme=:INSTALL.mkd -readme=:install.mkd -readme=:INSTALL.html -readme=:install.html -readme=:INSTALL.htm -readme=:install.htm -readme=:INSTALL.txt -readme=:install.txt -readme=:INSTALL -readme=:install - -scan-path=/usr/local/git diff --git a/usr/local/etc/gmid.conf b/usr/local/etc/gmid.conf deleted file mode 100644 index cf7b293..0000000 --- a/usr/local/etc/gmid.conf +++ /dev/null @@ -1,24 +0,0 @@ -# drop privileges -user "_gmid" - -# it's a good idea to enable chroot, but -# beware that can make CGI scripting harder -#chroot "/var/gemini" - -# An example of a server block: -server "jozanofastora.xyz" { - # set the directory to serve; it's relative to the - # chroot (if enabled) - root "/usr/local/gemini" - - # Set self-signed TLS cert and key. It's better to keep - # the keys outside the chroot. - # - # You should generate them manually, for example: - # openssl req -x509 -newkey rsa:4096 -nodes \ - # -out /usr/local/etc/ssl/gmid/localhost.crt \ - # -keyout /usr/local/etc/ssl/gmid/localhost.key \ - # -subj "/CN=localhost" - cert "/usr/local/etc/letsencrypt/live/jozanofastora.xyz/cert.pem" - key "/usr/local/etc/letsencrypt/live/jozanofastora.xyz/privkey.pem" -} diff --git a/usr/local/etc/nginx/nginx.conf b/usr/local/etc/nginx/nginx.conf deleted file mode 100644 index 3febbf9..0000000 --- a/usr/local/etc/nginx/nginx.conf +++ /dev/null @@ -1,202 +0,0 @@ -worker_processes 1; - -events { - worker_connections 1024; -} - -http { - include mime.types; - default_type application/octet-stream; - sendfile on; - keepalive_timeout 65; - gzip on; - gzip_vary on; - gzip_min_length 1k; - gzip_proxied expired no-cache no-store private auth; - gzip_buffers 4 16k; - gzip_http_version 1.1; - gzip_comp_level 2; - gzip_types text/plain application/x-javascript application/javascript text/css application/xml application/json; - - map $sent_http_content_type $expires { - default off; - text/css 15m; - application/javascript 15m; - ~image/ 15m; - } - - server{ - server_name jozanofastora.xyz; - root /usr/local/www/jozan; - index index.html; - expires $expires; - - location / { - try_files $uri $uri/ =404; - } - location ~ /\.ht { - deny all; - } - location ~ \.cgi$ { - include fastcgi_params; - fastcgi_param SCRIPT_FILENAME $document_root/asm-example.cgi; - fastcgi_param PATH_INFO $uri; - fastcgi_param HTTP_HOST $server_name; - fastcgi_pass unix:/var/run/fcgiwrap/fcgiwrap.sock; - } - error_page 403 /403.html; - location = /403.html { - root /usr/local/www/jozan/err; - } - error_page 404 /404.html; - location = /404.html { - root /usr/local/www/jozan/err; - } - error_page 500 502 503 504 /50x.html; - location = /50x.html { - root /usr/local/www/nginx-dist; - } - - listen 443 ssl; - ssl_certificate /usr/local/etc/letsencrypt/live/jozanofastora.xyz/fullchain.pem; - ssl_certificate_key /usr/local/etc/letsencrypt/live/jozanofastora.xyz/privkey.pem; -} - - server { - server_name gitjoe.xyz; - root /usr/local/www/gitjoe; - try_files $uri @cgit; - index cgit.cgi; - - location @cgit { - include fastcgi_params; - fastcgi_param SCRIPT_FILENAME $document_root/cgit.cgi; - fastcgi_param PATH_INFO $uri; - fastcgi_param QUERY_STRING $args; - fastcgi_param HTTP_HOST $server_name; - fastcgi_param CGIT_CONFIG /usr/local/etc/cgitrc; - fastcgi_pass unix:/var/run/fcgiwrap/fcgiwrap.sock; - - gzip off; - rewrite ^/([^/]+/.*)?$ /cgit.cgi?url=$1 break; - } - error_page 500 502 503 504 /50x.html; - location = /50x.html { - root /usr/local/www/nginx-dist; - } - - listen 443 ssl; - ssl_certificate /usr/local/etc/letsencrypt/live/gitjoe.xyz/fullchain.pem; - ssl_certificate_key /usr/local/etc/letsencrypt/live/gitjoe.xyz/privkey.pem; -} - server{ - server_name watchoom.gitjoe.xyz; - root /usr/local/www/watchoom; - index index.html; - expires $expires; - - location / { - try_files $uri $uri/ =404; - } - location ~ /\.ht { - deny all; - } - error_page 500 502 503 504 /50x.html; - location = /50x.html { - root /usr/local/www/nginx-dist; - } - - listen 443 ssl; - ssl_certificate /usr/local/etc/letsencrypt/live/gitjoe.xyz/fullchain.pem; - ssl_certificate_key /usr/local/etc/letsencrypt/live/gitjoe.xyz/privkey.pem; -} - - server { - server_name fossil.jozanofastora.xyz; - index index.html; - root /usr/local/www/fossiljoe; - - # Bypass Fossil for the static documentation generated from - # our source code by Doxygen, so it merges into the embedded - # doc URL hierarchy at Fossil’s $ROOT/doc without requiring that - # these generated files actually be stored in the repo. This - # also lets us set aggressive caching on these docs, since - # they rarely change. - location /code/doc/html { - root /usr/local/www/fossiljoe; - - location ~* \.(html|ico|css|js|gif|jpg|png)$ { - expires 7d; - add_header Vary Accept-Encoding; - access_log off; - } - } - # Redirect everything else to the Fossil instance - location /code { - include scgi_params; - scgi_param SCRIPT_NAME "/code"; - scgi_pass 127.0.0.1:12345; - } -} - -server{ - if ($host = gitjoe.xyz) { - return 301 https://$host?p=about; - } - - server_name gitjoe.xyz; - listen 80; - return 404; -} - -server{ - if ($host = jozanofastora.xyz) { - return 301 https://$host$request_uri; - } - - server_name jozanofastora.xyz; - listen 80; - return 404; -} - -server{ - if ($host = watchoom.gitjoe.xyz) { - return 301 https://$host$request_uri; - } - - server_name watchoom.gitjoe.xyz; - listen 80; - return 404; -} - -#server { -# if ($host = fossil.jozanofastora.xyz) { -# return 301 https://$host$request_uri; -# } -# -# server_name fossil.jozanofastora.xyz; -# listen 80; -# return 404; -#} - -server { - server_name www.jozanofastora.xyz; - listen 80; - listen 443 ssl; - rewrite ^/(.*) http://jozanofastora.xyz/$1 permanent; - ssl_certificate /usr/local/etc/letsencrypt/live/jozanofastora.xyz/fullchain.pem; - ssl_certificate_key /usr/local/etc/letsencrypt/live/jozanofastora.xyz/privkey.pem; - return 404; -} - -server { - - server_name www.gitjoe.xyz git.jozanofastora.xyz; - listen 80; - listen 443 ssl; - rewrite ^/(.*) http://gitjoe.xyz/?p=about permanent; - ssl_certificate /usr/local/etc/letsencrypt/live/gitjoe.xyz/fullchain.pem; - ssl_certificate_key /usr/local/etc/letsencrypt/live/gitjoe.xyz/privkey.pem; - return 404; -} -} diff --git a/usr/local/etc/pf.conf b/usr/local/etc/pf.conf deleted file mode 100644 index c514fe8..0000000 --- a/usr/local/etc/pf.conf +++ /dev/null @@ -1,60 +0,0 @@ -## Set public interface ## -ext_if="vtnet0" - -## set and drop IP ranges on the public interface ## -martians = "{ 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, \ - 10.0.0.0/8, 169.254.0.0/16, 192.0.2.0/24, \ - 0.0.0.0/8, 240.0.0.0/4 }" - -table <spamd> persist -table <spamd-allow> persist - -# Allowed webmail services -#table <webmail> persist file "/usr/local/etc/pf.webmail.ip.conf" - -## Skip loop back interface - Skip all PF processing on interface ## -set skip on lo - -## Sets the interface for which PF should gather statistics such as bytes in/out and packets passed/blocked ## -set loginterface $ext_if - -# Deal with attacks based on incorrect handling of packet fragments -scrub in all - - -# Pass spamd allow list -rdr pass log on $ext_if inet proto tcp from <spamd-allow> to $ext_if port smtp \ - -> 127.0.0.1 port 25 -# Pass webmail servers -rdr pass log on $ext_if inet proto tcp from <gmail> to $ext_if port smtp \ - -> 127.0.0.1 port 25 -# pass submission messages. -pass quick log on $ext_if inet proto tcp from any to $ext_if port submission modulate state -# Pass unknown mail to spamd -rdr pass log on $ext_if inet proto tcp from {!<spamd-allow> <spamd>} to $ext_if port smtp \ - -> 127.0.0.1 port 8025 - -## Blocking spoofed packets -antispoof quick for $ext_if - -## Set default policy ## -block return in log all -block out all - -# Drop all Non-Routable Addresses -block drop in quick on $ext_if from $martians to any -block drop out quick on $ext_if from any to $martians - -pass in inet proto tcp to $ext_if port ssh - -# Allow Ping-Pong stuff. Be a good sysadmin -pass inet proto icmp icmp-type echoreq - -# Open up imap/pop3 support -pass quick on $ext_if proto tcp from any to any port {imap, imaps, pop3, pop3s} modulate state - - -# Allow outgoing traffic -pass out on $ext_if proto tcp from any to any modulate state -pass out on $ext_if proto udp from any to any keep state -#pass quick on $ext_if from any to any port http |