From 19ca4954e7310b3d51408f80609472ff7a9cf057 Mon Sep 17 00:00:00 2001 From: tukeJonny Date: Sat, 18 Nov 2017 18:37:21 +0900 Subject: [PATCH] add confs --- confs/etc/mysql/conf.d/mysql.cnf | 1 + confs/etc/mysql/conf.d/mysqldump.cnf | 4 + confs/etc/mysql/debian-start | 5 + confs/etc/mysql/my.cnf | 21 +++ confs/etc/mysql/my.cnf.fallback | 23 ++++ confs/etc/mysql/mysql.cnf | 21 +++ confs/etc/mysql/mysql.conf.d/mysqld.cnf | 40 ++++++ .../mysql/mysql.conf.d/mysqld_safe_syslog.cnf | 2 + confs/etc/nginx/fastcgi.conf | 26 ++++ confs/etc/nginx/fastcgi_params | 25 ++++ confs/etc/nginx/koi-utf | 109 +++++++++++++++ confs/etc/nginx/koi-win | 103 +++++++++++++++ confs/etc/nginx/mime.types | 89 +++++++++++++ confs/etc/nginx/nginx.conf | 85 ++++++++++++ confs/etc/nginx/nginx.conf.orig | 85 ++++++++++++ confs/etc/nginx/proxy_params | 4 + confs/etc/nginx/scgi_params | 17 +++ confs/etc/nginx/sites-available/default | 86 ++++++++++++ confs/etc/nginx/sites-available/nginx.conf | 20 +++ .../etc/nginx/sites-available/nginx.php.conf | 32 +++++ confs/etc/nginx/sites-enabled/nginx.conf | 20 +++ confs/etc/nginx/snippets/fastcgi-php.conf | 13 ++ confs/etc/nginx/snippets/snakeoil.conf | 5 + confs/etc/nginx/uwsgi_params | 17 +++ confs/etc/nginx/win-utf | 125 ++++++++++++++++++ confs/etc/sysctl.conf | 73 ++++++++++ confs/etc/systemd/bootchart.conf | 26 ++++ confs/etc/systemd/journald.conf | 41 ++++++ confs/etc/systemd/logind.conf | 35 +++++ confs/etc/systemd/resolved.conf | 19 +++ confs/etc/systemd/system.conf | 60 +++++++++ .../default.target.wants/ureadahead.service | 16 +++ .../getty.target.wants/getty@tty1.service | 47 +++++++ .../anacron-resume.service | 14 ++ .../anacron-resume.service | 14 ++ .../etc/systemd/system/isubata.golang.service | 16 +++ .../etc/systemd/system/isubata.nodejs.service | 16 +++ confs/etc/systemd/system/isubata.perl.service | 16 +++ confs/etc/systemd/system/isubata.php.service | 16 +++ .../etc/systemd/system/isubata.python.service | 16 +++ confs/etc/systemd/system/isubata.ruby.service | 17 +++ .../multi-user.target.wants/anacron.service | 11 ++ .../multi-user.target.wants/cron.service | 12 ++ .../multi-user.target.wants/fail2ban.service | 15 +++ .../isubata.python.service | 16 +++ .../multi-user.target.wants/mysql.service | 20 +++ .../networking.service | 21 +++ .../multi-user.target.wants/nginx.service | 28 ++++ .../multi-user.target.wants/remote-fs.target | 16 +++ .../multi-user.target.wants/rsyslog.service | 15 +++ .../multi-user.target.wants/ssh.service | 17 +++ .../multi-user.target.wants/ufw.service | 13 ++ .../networking.service | 21 +++ .../system/paths.target.wants/acpid.path | 9 ++ .../system/sockets.target.wants/acpid.socket | 8 ++ .../system/sockets.target.wants/uuidd.socket | 8 ++ confs/etc/systemd/system/sshd.service | 17 +++ .../anacron-resume.service | 14 ++ .../friendly-recovery.service | 28 ++++ .../sysinit.target.wants/resolvconf.service | 16 +++ .../systemd-timesyncd.service | 33 +++++ confs/etc/systemd/system/syslog.service | 15 +++ .../apt-daily-upgrade.timer | 11 ++ .../timers.target.wants/apt-daily.timer | 12 ++ confs/etc/systemd/timesyncd.conf | 16 +++ confs/etc/systemd/user.conf | 44 ++++++ confs/put.sh | 7 + 67 files changed, 1863 insertions(+) create mode 100644 confs/etc/mysql/conf.d/mysql.cnf create mode 100644 confs/etc/mysql/conf.d/mysqldump.cnf create mode 100755 confs/etc/mysql/debian-start create mode 100644 confs/etc/mysql/my.cnf create mode 100644 confs/etc/mysql/my.cnf.fallback create mode 100644 confs/etc/mysql/mysql.cnf create mode 100644 confs/etc/mysql/mysql.conf.d/mysqld.cnf create mode 100644 confs/etc/mysql/mysql.conf.d/mysqld_safe_syslog.cnf create mode 100644 confs/etc/nginx/fastcgi.conf create mode 100644 confs/etc/nginx/fastcgi_params create mode 100644 confs/etc/nginx/koi-utf create mode 100644 confs/etc/nginx/koi-win create mode 100644 confs/etc/nginx/mime.types create mode 100644 confs/etc/nginx/nginx.conf create mode 100644 confs/etc/nginx/nginx.conf.orig create mode 100644 confs/etc/nginx/proxy_params create mode 100644 confs/etc/nginx/scgi_params create mode 100644 confs/etc/nginx/sites-available/default create mode 100644 confs/etc/nginx/sites-available/nginx.conf create mode 100644 confs/etc/nginx/sites-available/nginx.php.conf create mode 100644 confs/etc/nginx/sites-enabled/nginx.conf create mode 100644 confs/etc/nginx/snippets/fastcgi-php.conf create mode 100644 confs/etc/nginx/snippets/snakeoil.conf create mode 100644 confs/etc/nginx/uwsgi_params create mode 100644 confs/etc/nginx/win-utf create mode 100644 confs/etc/sysctl.conf create mode 100644 confs/etc/systemd/bootchart.conf create mode 100644 confs/etc/systemd/journald.conf create mode 100644 confs/etc/systemd/logind.conf create mode 100644 confs/etc/systemd/resolved.conf create mode 100644 confs/etc/systemd/system.conf create mode 100644 confs/etc/systemd/system/default.target.wants/ureadahead.service create mode 100644 confs/etc/systemd/system/getty.target.wants/getty@tty1.service create mode 100644 confs/etc/systemd/system/hibernate.target.wants/anacron-resume.service create mode 100644 confs/etc/systemd/system/hybrid-sleep.target.wants/anacron-resume.service create mode 100644 confs/etc/systemd/system/isubata.golang.service create mode 100644 confs/etc/systemd/system/isubata.nodejs.service create mode 100644 confs/etc/systemd/system/isubata.perl.service create mode 100644 confs/etc/systemd/system/isubata.php.service create mode 100644 confs/etc/systemd/system/isubata.python.service create mode 100644 confs/etc/systemd/system/isubata.ruby.service create mode 100644 confs/etc/systemd/system/multi-user.target.wants/anacron.service create mode 100644 confs/etc/systemd/system/multi-user.target.wants/cron.service create mode 100644 confs/etc/systemd/system/multi-user.target.wants/fail2ban.service create mode 100644 confs/etc/systemd/system/multi-user.target.wants/isubata.python.service create mode 100644 confs/etc/systemd/system/multi-user.target.wants/mysql.service create mode 100644 confs/etc/systemd/system/multi-user.target.wants/networking.service create mode 100644 confs/etc/systemd/system/multi-user.target.wants/nginx.service create mode 100644 confs/etc/systemd/system/multi-user.target.wants/remote-fs.target create mode 100644 confs/etc/systemd/system/multi-user.target.wants/rsyslog.service create mode 100644 confs/etc/systemd/system/multi-user.target.wants/ssh.service create mode 100644 confs/etc/systemd/system/multi-user.target.wants/ufw.service create mode 100644 confs/etc/systemd/system/network-online.target.wants/networking.service create mode 100644 confs/etc/systemd/system/paths.target.wants/acpid.path create mode 100644 confs/etc/systemd/system/sockets.target.wants/acpid.socket create mode 100644 confs/etc/systemd/system/sockets.target.wants/uuidd.socket create mode 100644 confs/etc/systemd/system/sshd.service create mode 100644 confs/etc/systemd/system/suspend.target.wants/anacron-resume.service create mode 100644 confs/etc/systemd/system/sysinit.target.wants/friendly-recovery.service create mode 100644 confs/etc/systemd/system/sysinit.target.wants/resolvconf.service create mode 100644 confs/etc/systemd/system/sysinit.target.wants/systemd-timesyncd.service create mode 100644 confs/etc/systemd/system/syslog.service create mode 100644 confs/etc/systemd/system/timers.target.wants/apt-daily-upgrade.timer create mode 100644 confs/etc/systemd/system/timers.target.wants/apt-daily.timer create mode 100644 confs/etc/systemd/timesyncd.conf create mode 100644 confs/etc/systemd/user.conf create mode 100755 confs/put.sh diff --git a/confs/etc/mysql/conf.d/mysql.cnf b/confs/etc/mysql/conf.d/mysql.cnf new file mode 100644 index 0000000..22b052d --- /dev/null +++ b/confs/etc/mysql/conf.d/mysql.cnf @@ -0,0 +1 @@ +[mysql] diff --git a/confs/etc/mysql/conf.d/mysqldump.cnf b/confs/etc/mysql/conf.d/mysqldump.cnf new file mode 100644 index 0000000..38310a9 --- /dev/null +++ b/confs/etc/mysql/conf.d/mysqldump.cnf @@ -0,0 +1,4 @@ +[mysqldump] +quick +quote-names +max_allowed_packet = 16M diff --git a/confs/etc/mysql/debian-start b/confs/etc/mysql/debian-start new file mode 100755 index 0000000..8be72ea --- /dev/null +++ b/confs/etc/mysql/debian-start @@ -0,0 +1,5 @@ +#!/bin/bash + +# Change to no-op as detailed in +# https://bugs.launchpad.net/ubuntu/+source/mysql-5.7/+bug/1577712 +exit 0 diff --git a/confs/etc/mysql/my.cnf b/confs/etc/mysql/my.cnf new file mode 100644 index 0000000..ce726b1 --- /dev/null +++ b/confs/etc/mysql/my.cnf @@ -0,0 +1,21 @@ +# +# The MySQL database server configuration file. +# +# You can copy this to one of: +# - "/etc/mysql/my.cnf" to set global options, +# - "~/.my.cnf" to set user-specific options. +# +# One can use all long options that the program supports. +# Run program with --help to get a list of available options and with +# --print-defaults to see which it would actually understand and use. +# +# For explanations see +# http://dev.mysql.com/doc/mysql/en/server-system-variables.html + +# +# * IMPORTANT: Additional settings that can override those from this file! +# The files must end with '.cnf', otherwise they'll be ignored. +# + +!includedir /etc/mysql/conf.d/ +!includedir /etc/mysql/mysql.conf.d/ diff --git a/confs/etc/mysql/my.cnf.fallback b/confs/etc/mysql/my.cnf.fallback new file mode 100644 index 0000000..92747d8 --- /dev/null +++ b/confs/etc/mysql/my.cnf.fallback @@ -0,0 +1,23 @@ +# +# The MySQL database server configuration file. +# +# You can copy this to one of: +# - "/etc/mysql/my.cnf" to set global options, +# - "~/.my.cnf" to set user-specific options. +# +# One can use all long options that the program supports. +# Run program with --help to get a list of available options and with +# --print-defaults to see which it would actually understand and use. +# +# For explanations see +# http://dev.mysql.com/doc/mysql/en/server-system-variables.html + +# This will be passed to all mysql clients +# It has been reported that passwords should be enclosed with ticks/quotes +# escpecially if they contain "#" chars... +# Remember to edit /etc/mysql/debian.cnf when changing the socket location. + +# Here is entries for some specific programs +# The following values assume you have at least 32M ram + +!includedir /etc/mysql/conf.d/ diff --git a/confs/etc/mysql/mysql.cnf b/confs/etc/mysql/mysql.cnf new file mode 100644 index 0000000..ce726b1 --- /dev/null +++ b/confs/etc/mysql/mysql.cnf @@ -0,0 +1,21 @@ +# +# The MySQL database server configuration file. +# +# You can copy this to one of: +# - "/etc/mysql/my.cnf" to set global options, +# - "~/.my.cnf" to set user-specific options. +# +# One can use all long options that the program supports. +# Run program with --help to get a list of available options and with +# --print-defaults to see which it would actually understand and use. +# +# For explanations see +# http://dev.mysql.com/doc/mysql/en/server-system-variables.html + +# +# * IMPORTANT: Additional settings that can override those from this file! +# The files must end with '.cnf', otherwise they'll be ignored. +# + +!includedir /etc/mysql/conf.d/ +!includedir /etc/mysql/mysql.conf.d/ diff --git a/confs/etc/mysql/mysql.conf.d/mysqld.cnf b/confs/etc/mysql/mysql.conf.d/mysqld.cnf new file mode 100644 index 0000000..e1d64b4 --- /dev/null +++ b/confs/etc/mysql/mysql.conf.d/mysqld.cnf @@ -0,0 +1,40 @@ +[mysqld_safe] +socket = /var/run/mysqld/mysqld.sock +nice = 0 + +[mysqld] +user = mysql +pid-file = /var/run/mysqld/mysqld.pid +socket = /var/run/mysqld/mysqld.sock +port = 3306 +basedir = /usr +datadir = /var/lib/mysql +tmpdir = /tmp +lc-messages-dir = /usr/share/mysql +skip-external-locking +ssl-key=/etc/mysql/server-key.pem + +max_allowed_packet=16MB + +innodb_file_format=Barracuda +innodb_autoinc_lock_mode = 2 +innodb_log_file_size = 750M +innodb_buffer_pool_size = 3G +innodb_flush_log_at_trx_commit=0 +innodb_io_capacity = 200 + +sort_buffer_size = 2G +key_buffer_size = 256M +thread_cache_size=100 +query_cache_size=512M +query_cache_type = 1 + +log_queries_not_using_indexes = 1 +slow_query_log = 1 +long_query_time = 0 +slow_query_log_file = /var/lib/mysql/mysqld-slow.log + +loose-innodb_buffer_pool_dump_pct = 100 +innodb_buffer_pool_dump_at_shutdown= 1 +innodb_buffer_pool_load_at_startup = 1 +innodb_flush_method=O_DIRECT diff --git a/confs/etc/mysql/mysql.conf.d/mysqld_safe_syslog.cnf b/confs/etc/mysql/mysql.conf.d/mysqld_safe_syslog.cnf new file mode 100644 index 0000000..3b0445d --- /dev/null +++ b/confs/etc/mysql/mysql.conf.d/mysqld_safe_syslog.cnf @@ -0,0 +1,2 @@ +[mysqld_safe] +syslog diff --git a/confs/etc/nginx/fastcgi.conf b/confs/etc/nginx/fastcgi.conf new file mode 100644 index 0000000..091738c --- /dev/null +++ b/confs/etc/nginx/fastcgi.conf @@ -0,0 +1,26 @@ + +fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; +fastcgi_param QUERY_STRING $query_string; +fastcgi_param REQUEST_METHOD $request_method; +fastcgi_param CONTENT_TYPE $content_type; +fastcgi_param CONTENT_LENGTH $content_length; + +fastcgi_param SCRIPT_NAME $fastcgi_script_name; +fastcgi_param REQUEST_URI $request_uri; +fastcgi_param DOCUMENT_URI $document_uri; +fastcgi_param DOCUMENT_ROOT $document_root; +fastcgi_param SERVER_PROTOCOL $server_protocol; +fastcgi_param REQUEST_SCHEME $scheme; +fastcgi_param HTTPS $https if_not_empty; + +fastcgi_param GATEWAY_INTERFACE CGI/1.1; +fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; + +fastcgi_param REMOTE_ADDR $remote_addr; +fastcgi_param REMOTE_PORT $remote_port; +fastcgi_param SERVER_ADDR $server_addr; +fastcgi_param SERVER_PORT $server_port; +fastcgi_param SERVER_NAME $server_name; + +# PHP only, required if PHP was built with --enable-force-cgi-redirect +fastcgi_param REDIRECT_STATUS 200; diff --git a/confs/etc/nginx/fastcgi_params b/confs/etc/nginx/fastcgi_params new file mode 100644 index 0000000..28decb9 --- /dev/null +++ b/confs/etc/nginx/fastcgi_params @@ -0,0 +1,25 @@ + +fastcgi_param QUERY_STRING $query_string; +fastcgi_param REQUEST_METHOD $request_method; +fastcgi_param CONTENT_TYPE $content_type; +fastcgi_param CONTENT_LENGTH $content_length; + +fastcgi_param SCRIPT_NAME $fastcgi_script_name; +fastcgi_param REQUEST_URI $request_uri; +fastcgi_param DOCUMENT_URI $document_uri; +fastcgi_param DOCUMENT_ROOT $document_root; +fastcgi_param SERVER_PROTOCOL $server_protocol; +fastcgi_param REQUEST_SCHEME $scheme; +fastcgi_param HTTPS $https if_not_empty; + +fastcgi_param GATEWAY_INTERFACE CGI/1.1; +fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; + +fastcgi_param REMOTE_ADDR $remote_addr; +fastcgi_param REMOTE_PORT $remote_port; +fastcgi_param SERVER_ADDR $server_addr; +fastcgi_param SERVER_PORT $server_port; +fastcgi_param SERVER_NAME $server_name; + +# PHP only, required if PHP was built with --enable-force-cgi-redirect +fastcgi_param REDIRECT_STATUS 200; diff --git a/confs/etc/nginx/koi-utf b/confs/etc/nginx/koi-utf new file mode 100644 index 0000000..e7974ff --- /dev/null +++ b/confs/etc/nginx/koi-utf @@ -0,0 +1,109 @@ + +# This map is not a full koi8-r <> utf8 map: it does not contain +# box-drawing and some other characters. Besides this map contains +# several koi8-u and Byelorussian letters which are not in koi8-r. +# If you need a full and standard map, use contrib/unicode2nginx/koi-utf +# map instead. + +charset_map koi8-r utf-8 { + + 80 E282AC ; # euro + + 95 E280A2 ; # bullet + + 9A C2A0 ; #   + + 9E C2B7 ; # · + + A3 D191 ; # small yo + A4 D194 ; # small Ukrainian ye + + A6 D196 ; # small Ukrainian i + A7 D197 ; # small Ukrainian yi + + AD D291 ; # small Ukrainian soft g + AE D19E ; # small Byelorussian short u + + B0 C2B0 ; # ° + + B3 D081 ; # capital YO + B4 D084 ; # capital Ukrainian YE + + B6 D086 ; # capital Ukrainian I + B7 D087 ; # capital Ukrainian YI + + B9 E28496 ; # numero sign + + BD D290 ; # capital Ukrainian soft G + BE D18E ; # capital Byelorussian short U + + BF C2A9 ; # (C) + + C0 D18E ; # small yu + C1 D0B0 ; # small a + C2 D0B1 ; # small b + C3 D186 ; # small ts + C4 D0B4 ; # small d + C5 D0B5 ; # small ye + C6 D184 ; # small f + C7 D0B3 ; # small g + C8 D185 ; # small kh + C9 D0B8 ; # small i + CA D0B9 ; # small j + CB D0BA ; # small k + CC D0BB ; # small l + CD D0BC ; # small m + CE D0BD ; # small n + CF D0BE ; # small o + + D0 D0BF ; # small p + D1 D18F ; # small ya + D2 D180 ; # small r + D3 D181 ; # small s + D4 D182 ; # small t + D5 D183 ; # small u + D6 D0B6 ; # small zh + D7 D0B2 ; # small v + D8 D18C ; # small soft sign + D9 D18B ; # small y + DA D0B7 ; # small z + DB D188 ; # small sh + DC D18D ; # small e + DD D189 ; # small shch + DE D187 ; # small ch + DF D18A ; # small hard sign + + E0 D0AE ; # capital YU + E1 D090 ; # capital A + E2 D091 ; # capital B + E3 D0A6 ; # capital TS + E4 D094 ; # capital D + E5 D095 ; # capital YE + E6 D0A4 ; # capital F + E7 D093 ; # capital G + E8 D0A5 ; # capital KH + E9 D098 ; # capital I + EA D099 ; # capital J + EB D09A ; # capital K + EC D09B ; # capital L + ED D09C ; # capital M + EE D09D ; # capital N + EF D09E ; # capital O + + F0 D09F ; # capital P + F1 D0AF ; # capital YA + F2 D0A0 ; # capital R + F3 D0A1 ; # capital S + F4 D0A2 ; # capital T + F5 D0A3 ; # capital U + F6 D096 ; # capital ZH + F7 D092 ; # capital V + F8 D0AC ; # capital soft sign + F9 D0AB ; # capital Y + FA D097 ; # capital Z + FB D0A8 ; # capital SH + FC D0AD ; # capital E + FD D0A9 ; # capital SHCH + FE D0A7 ; # capital CH + FF D0AA ; # capital hard sign +} diff --git a/confs/etc/nginx/koi-win b/confs/etc/nginx/koi-win new file mode 100644 index 0000000..72afabe --- /dev/null +++ b/confs/etc/nginx/koi-win @@ -0,0 +1,103 @@ + +charset_map koi8-r windows-1251 { + + 80 88 ; # euro + + 95 95 ; # bullet + + 9A A0 ; #   + + 9E B7 ; # · + + A3 B8 ; # small yo + A4 BA ; # small Ukrainian ye + + A6 B3 ; # small Ukrainian i + A7 BF ; # small Ukrainian yi + + AD B4 ; # small Ukrainian soft g + AE A2 ; # small Byelorussian short u + + B0 B0 ; # ° + + B3 A8 ; # capital YO + B4 AA ; # capital Ukrainian YE + + B6 B2 ; # capital Ukrainian I + B7 AF ; # capital Ukrainian YI + + B9 B9 ; # numero sign + + BD A5 ; # capital Ukrainian soft G + BE A1 ; # capital Byelorussian short U + + BF A9 ; # (C) + + C0 FE ; # small yu + C1 E0 ; # small a + C2 E1 ; # small b + C3 F6 ; # small ts + C4 E4 ; # small d + C5 E5 ; # small ye + C6 F4 ; # small f + C7 E3 ; # small g + C8 F5 ; # small kh + C9 E8 ; # small i + CA E9 ; # small j + CB EA ; # small k + CC EB ; # small l + CD EC ; # small m + CE ED ; # small n + CF EE ; # small o + + D0 EF ; # small p + D1 FF ; # small ya + D2 F0 ; # small r + D3 F1 ; # small s + D4 F2 ; # small t + D5 F3 ; # small u + D6 E6 ; # small zh + D7 E2 ; # small v + D8 FC ; # small soft sign + D9 FB ; # small y + DA E7 ; # small z + DB F8 ; # small sh + DC FD ; # small e + DD F9 ; # small shch + DE F7 ; # small ch + DF FA ; # small hard sign + + E0 DE ; # capital YU + E1 C0 ; # capital A + E2 C1 ; # capital B + E3 D6 ; # capital TS + E4 C4 ; # capital D + E5 C5 ; # capital YE + E6 D4 ; # capital F + E7 C3 ; # capital G + E8 D5 ; # capital KH + E9 C8 ; # capital I + EA C9 ; # capital J + EB CA ; # capital K + EC CB ; # capital L + ED CC ; # capital M + EE CD ; # capital N + EF CE ; # capital O + + F0 CF ; # capital P + F1 DF ; # capital YA + F2 D0 ; # capital R + F3 D1 ; # capital S + F4 D2 ; # capital T + F5 D3 ; # capital U + F6 C6 ; # capital ZH + F7 C2 ; # capital V + F8 DC ; # capital soft sign + F9 DB ; # capital Y + FA C7 ; # capital Z + FB D8 ; # capital SH + FC DD ; # capital E + FD D9 ; # capital SHCH + FE D7 ; # capital CH + FF DA ; # capital hard sign +} diff --git a/confs/etc/nginx/mime.types b/confs/etc/nginx/mime.types new file mode 100644 index 0000000..89be9a4 --- /dev/null +++ b/confs/etc/nginx/mime.types @@ -0,0 +1,89 @@ + +types { + text/html html htm shtml; + text/css css; + text/xml xml; + image/gif gif; + image/jpeg jpeg jpg; + application/javascript js; + application/atom+xml atom; + application/rss+xml rss; + + text/mathml mml; + text/plain txt; + text/vnd.sun.j2me.app-descriptor jad; + text/vnd.wap.wml wml; + text/x-component htc; + + image/png png; + image/tiff tif tiff; + image/vnd.wap.wbmp wbmp; + image/x-icon ico; + image/x-jng jng; + image/x-ms-bmp bmp; + image/svg+xml svg svgz; + image/webp webp; + + application/font-woff woff; + application/java-archive jar war ear; + application/json json; + application/mac-binhex40 hqx; + application/msword doc; + application/pdf pdf; + application/postscript ps eps ai; + application/rtf rtf; + application/vnd.apple.mpegurl m3u8; + application/vnd.ms-excel xls; + application/vnd.ms-fontobject eot; + application/vnd.ms-powerpoint ppt; + application/vnd.wap.wmlc wmlc; + application/vnd.google-earth.kml+xml kml; + application/vnd.google-earth.kmz kmz; + application/x-7z-compressed 7z; + application/x-cocoa cco; + application/x-java-archive-diff jardiff; + application/x-java-jnlp-file jnlp; + application/x-makeself run; + application/x-perl pl pm; + application/x-pilot prc pdb; + application/x-rar-compressed rar; + application/x-redhat-package-manager rpm; + application/x-sea sea; + application/x-shockwave-flash swf; + application/x-stuffit sit; + application/x-tcl tcl tk; + application/x-x509-ca-cert der pem crt; + application/x-xpinstall xpi; + application/xhtml+xml xhtml; + application/xspf+xml xspf; + application/zip zip; + + application/octet-stream bin exe dll; + application/octet-stream deb; + application/octet-stream dmg; + application/octet-stream iso img; + application/octet-stream msi msp msm; + + application/vnd.openxmlformats-officedocument.wordprocessingml.document docx; + application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx; + application/vnd.openxmlformats-officedocument.presentationml.presentation pptx; + + audio/midi mid midi kar; + audio/mpeg mp3; + audio/ogg ogg; + audio/x-m4a m4a; + audio/x-realaudio ra; + + video/3gpp 3gpp 3gp; + video/mp2t ts; + video/mp4 mp4; + video/mpeg mpeg mpg; + video/quicktime mov; + video/webm webm; + video/x-flv flv; + video/x-m4v m4v; + video/x-mng mng; + video/x-ms-asf asx asf; + video/x-ms-wmv wmv; + video/x-msvideo avi; +} diff --git a/confs/etc/nginx/nginx.conf b/confs/etc/nginx/nginx.conf new file mode 100644 index 0000000..e91d6e5 --- /dev/null +++ b/confs/etc/nginx/nginx.conf @@ -0,0 +1,85 @@ +user www-data; +worker_processes auto; +worker_rlimit_nofile 100000; +pid /run/nginx.pid; + +events { + worker_connections 10000; + multi_accept on; +} + +http { + + ## + # Basic Settings + ## + + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_requests 500000; + keepalive_timeout 65; + types_hash_max_size 2048; + server_tokens off; + open_file_cache max=1000 inactive=300s; + open_file_cache_errors on; + + # server_names_hash_bucket_size 64; + # server_name_in_redirect off; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + ## + # SSL Settings + ## + + # ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE + # ssl_prefer_server_ciphers on; + + ## + # Logging Settings + ## + + log_format ltsv "time:$time_local" + "\thost:$remote_addr" + "\tforwardedfor:$http_x_forwarded_for" + "\treq:$request" + "\tstatus:$status" + "\tmethod:$request_method" + "\turi:$request_uri" + "\tsize:$body_bytes_sent" + "\treferer:$http_referer" + "\tua:$http_user_agent" + "\treqtime:$request_time" + "\tcache:$upstream_http_x_cache" + "\truntime:$upstream_http_x_runtime" + "\tapptime:$upstream_response_time" + "\tvhost:$host"; + + access_log /var/log/nginx/access.log ltsv; + error_log /var/log/nginx/error.log; + + ## + # Gzip Settings + ## + + gzip on; + gzip_disable "msie6"; + gzip_types text/javascript; + gzip_min_length 1k; + + # gzip_vary on; + # gzip_proxied any; + # gzip_comp_level 6; + # gzip_buffers 16 8k; + # gzip_http_version 1.1; + # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; + + ## + # Virtual Host Configs + ## + + include /etc/nginx/conf.d/*.conf; + include /etc/nginx/sites-enabled/*; +} diff --git a/confs/etc/nginx/nginx.conf.orig b/confs/etc/nginx/nginx.conf.orig new file mode 100644 index 0000000..01a4a21 --- /dev/null +++ b/confs/etc/nginx/nginx.conf.orig @@ -0,0 +1,85 @@ +user www-data; +worker_processes auto; +pid /run/nginx.pid; + +events { + worker_connections 768; + # multi_accept on; +} + +http { + + ## + # Basic Settings + ## + + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; + types_hash_max_size 2048; + # server_tokens off; + + # server_names_hash_bucket_size 64; + # server_name_in_redirect off; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + ## + # SSL Settings + ## + + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE + ssl_prefer_server_ciphers on; + + ## + # Logging Settings + ## + + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log; + + ## + # Gzip Settings + ## + + gzip on; + gzip_disable "msie6"; + + # gzip_vary on; + # gzip_proxied any; + # gzip_comp_level 6; + # gzip_buffers 16 8k; + # gzip_http_version 1.1; + # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; + + ## + # Virtual Host Configs + ## + + include /etc/nginx/conf.d/*.conf; + include /etc/nginx/sites-enabled/*; +} + + +#mail { +# # See sample authentication script at: +# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript +# +# # auth_http localhost/auth.php; +# # pop3_capabilities "TOP" "USER"; +# # imap_capabilities "IMAP4rev1" "UIDPLUS"; +# +# server { +# listen localhost:110; +# protocol pop3; +# proxy on; +# } +# +# server { +# listen localhost:143; +# protocol imap; +# proxy on; +# } +#} diff --git a/confs/etc/nginx/proxy_params b/confs/etc/nginx/proxy_params new file mode 100644 index 0000000..df75bc5 --- /dev/null +++ b/confs/etc/nginx/proxy_params @@ -0,0 +1,4 @@ +proxy_set_header Host $http_host; +proxy_set_header X-Real-IP $remote_addr; +proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +proxy_set_header X-Forwarded-Proto $scheme; diff --git a/confs/etc/nginx/scgi_params b/confs/etc/nginx/scgi_params new file mode 100644 index 0000000..6d4ce4f --- /dev/null +++ b/confs/etc/nginx/scgi_params @@ -0,0 +1,17 @@ + +scgi_param REQUEST_METHOD $request_method; +scgi_param REQUEST_URI $request_uri; +scgi_param QUERY_STRING $query_string; +scgi_param CONTENT_TYPE $content_type; + +scgi_param DOCUMENT_URI $document_uri; +scgi_param DOCUMENT_ROOT $document_root; +scgi_param SCGI 1; +scgi_param SERVER_PROTOCOL $server_protocol; +scgi_param REQUEST_SCHEME $scheme; +scgi_param HTTPS $https if_not_empty; + +scgi_param REMOTE_ADDR $remote_addr; +scgi_param REMOTE_PORT $remote_port; +scgi_param SERVER_PORT $server_port; +scgi_param SERVER_NAME $server_name; diff --git a/confs/etc/nginx/sites-available/default b/confs/etc/nginx/sites-available/default new file mode 100644 index 0000000..a761605 --- /dev/null +++ b/confs/etc/nginx/sites-available/default @@ -0,0 +1,86 @@ +## +# You should look at the following URL's in order to grasp a solid understanding +# of Nginx configuration files in order to fully unleash the power of Nginx. +# http://wiki.nginx.org/Pitfalls +# http://wiki.nginx.org/QuickStart +# http://wiki.nginx.org/Configuration +# +# Generally, you will want to move this file somewhere, and start with a clean +# file but keep this around for reference. Or just disable in sites-enabled. +# +# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples. +## + +# Default server configuration +# +server { + listen 80 default_server; + listen [::]:80 default_server; + + # SSL configuration + # + # listen 443 ssl default_server; + # listen [::]:443 ssl default_server; + # + # Note: You should disable gzip for SSL traffic. + # See: https://bugs.debian.org/773332 + # + # Read up on ssl_ciphers to ensure a secure configuration. + # See: https://bugs.debian.org/765782 + # + # Self signed certs generated by the ssl-cert package + # Don't use them in a production server! + # + # include snippets/snakeoil.conf; + + root /var/www/html; + + # Add index.php to the list if you are using PHP + index index.html index.htm index.nginx-debian.html; + + server_name _; + + location / { + # First attempt to serve request as file, then + # as directory, then fall back to displaying a 404. + try_files $uri $uri/ =404; + } + + # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 + # + #location ~ \.php$ { + # include snippets/fastcgi-php.conf; + # + # # With php7.0-cgi alone: + # fastcgi_pass 127.0.0.1:9000; + # # With php7.0-fpm: + # fastcgi_pass unix:/run/php/php7.0-fpm.sock; + #} + + # deny access to .htaccess files, if Apache's document root + # concurs with nginx's one + # + #location ~ /\.ht { + # deny all; + #} +} + + +# Virtual Host configuration for example.com +# +# You can move that to a different file under sites-available/ and symlink that +# to sites-enabled/ to enable it. +# +#server { +# listen 80; +# listen [::]:80; +# +# server_name example.com; +# +# root /var/www/example.com; +# index index.html; +# +# location / { +# try_files $uri $uri/ =404; +# } +#} diff --git a/confs/etc/nginx/sites-available/nginx.conf b/confs/etc/nginx/sites-available/nginx.conf new file mode 100644 index 0000000..157152a --- /dev/null +++ b/confs/etc/nginx/sites-available/nginx.conf @@ -0,0 +1,20 @@ +server { + listen 80 default_server; + listen [::]:80 default_server; + server_name isubata.example.com; + + client_max_body_size 20M; + + root /home/isucon/isubata/webapp/public; + + location /favicon.ico { } + location /fonts/ { } + location /js/ { } + location /css/ { } + location /icons/ { } + + location / { + proxy_set_header Host $http_host; + proxy_pass http://127.0.0.1:5000; + } +} diff --git a/confs/etc/nginx/sites-available/nginx.php.conf b/confs/etc/nginx/sites-available/nginx.php.conf new file mode 100644 index 0000000..681f42c --- /dev/null +++ b/confs/etc/nginx/sites-available/nginx.php.conf @@ -0,0 +1,32 @@ +server { + listen 80 default_server; + listen [::]:80 default_server; + server_name isubata.example.com; + + client_max_body_size 20M; + + root /home/isucon/isubata/webapp/public; + + location /favicon.ico { } + location /fonts/ { } + location /js/ { } + location /css/ { } + + index index.php; + location / { + if (!-f $request_filename) { + rewrite ^(.+)$ /index.php$1 last; + } + proxy_set_header Host $http_host; + proxy_pass http://127.0.0.1:9000; + } + + location ~ [^/]\.php(/|$) { + root /home/isucon/isubata/webapp/php; + include fastcgi_params; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param SCRIPT_NAME $fastcgi_script_name; + fastcgi_pass 127.0.0.1:9000; + } +} diff --git a/confs/etc/nginx/sites-enabled/nginx.conf b/confs/etc/nginx/sites-enabled/nginx.conf new file mode 100644 index 0000000..157152a --- /dev/null +++ b/confs/etc/nginx/sites-enabled/nginx.conf @@ -0,0 +1,20 @@ +server { + listen 80 default_server; + listen [::]:80 default_server; + server_name isubata.example.com; + + client_max_body_size 20M; + + root /home/isucon/isubata/webapp/public; + + location /favicon.ico { } + location /fonts/ { } + location /js/ { } + location /css/ { } + location /icons/ { } + + location / { + proxy_set_header Host $http_host; + proxy_pass http://127.0.0.1:5000; + } +} diff --git a/confs/etc/nginx/snippets/fastcgi-php.conf b/confs/etc/nginx/snippets/fastcgi-php.conf new file mode 100644 index 0000000..8f8e4a2 --- /dev/null +++ b/confs/etc/nginx/snippets/fastcgi-php.conf @@ -0,0 +1,13 @@ +# regex to split $uri to $fastcgi_script_name and $fastcgi_path +fastcgi_split_path_info ^(.+\.php)(/.+)$; + +# Check that the PHP script exists before passing it +try_files $fastcgi_script_name =404; + +# Bypass the fact that try_files resets $fastcgi_path_info +# see: http://trac.nginx.org/nginx/ticket/321 +set $path_info $fastcgi_path_info; +fastcgi_param PATH_INFO $path_info; + +fastcgi_index index.php; +include fastcgi.conf; diff --git a/confs/etc/nginx/snippets/snakeoil.conf b/confs/etc/nginx/snippets/snakeoil.conf new file mode 100644 index 0000000..ad26c3e --- /dev/null +++ b/confs/etc/nginx/snippets/snakeoil.conf @@ -0,0 +1,5 @@ +# Self signed certificates generated by the ssl-cert package +# Don't use them in a production server! + +ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem; +ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key; diff --git a/confs/etc/nginx/uwsgi_params b/confs/etc/nginx/uwsgi_params new file mode 100644 index 0000000..09c732c --- /dev/null +++ b/confs/etc/nginx/uwsgi_params @@ -0,0 +1,17 @@ + +uwsgi_param QUERY_STRING $query_string; +uwsgi_param REQUEST_METHOD $request_method; +uwsgi_param CONTENT_TYPE $content_type; +uwsgi_param CONTENT_LENGTH $content_length; + +uwsgi_param REQUEST_URI $request_uri; +uwsgi_param PATH_INFO $document_uri; +uwsgi_param DOCUMENT_ROOT $document_root; +uwsgi_param SERVER_PROTOCOL $server_protocol; +uwsgi_param REQUEST_SCHEME $scheme; +uwsgi_param HTTPS $https if_not_empty; + +uwsgi_param REMOTE_ADDR $remote_addr; +uwsgi_param REMOTE_PORT $remote_port; +uwsgi_param SERVER_PORT $server_port; +uwsgi_param SERVER_NAME $server_name; diff --git a/confs/etc/nginx/win-utf b/confs/etc/nginx/win-utf new file mode 100644 index 0000000..774fd9f --- /dev/null +++ b/confs/etc/nginx/win-utf @@ -0,0 +1,125 @@ +# This map is not a full windows-1251 <> utf8 map: it does not +# contain Serbian and Macedonian letters. If you need a full map, +# use contrib/unicode2nginx/win-utf map instead. + +charset_map windows-1251 utf-8 { + + 82 E2809A; # single low-9 quotation mark + + 84 E2809E; # double low-9 quotation mark + 85 E280A6; # ellipsis + 86 E280A0; # dagger + 87 E280A1; # double dagger + 88 E282AC; # euro + 89 E280B0; # per mille + + 91 E28098; # left single quotation mark + 92 E28099; # right single quotation mark + 93 E2809C; # left double quotation mark + 94 E2809D; # right double quotation mark + 95 E280A2; # bullet + 96 E28093; # en dash + 97 E28094; # em dash + + 99 E284A2; # trade mark sign + + A0 C2A0; #   + A1 D18E; # capital Byelorussian short U + A2 D19E; # small Byelorussian short u + + A4 C2A4; # currency sign + A5 D290; # capital Ukrainian soft G + A6 C2A6; # borken bar + A7 C2A7; # section sign + A8 D081; # capital YO + A9 C2A9; # (C) + AA D084; # capital Ukrainian YE + AB C2AB; # left-pointing double angle quotation mark + AC C2AC; # not sign + AD C2AD; # soft hypen + AE C2AE; # (R) + AF D087; # capital Ukrainian YI + + B0 C2B0; # ° + B1 C2B1; # plus-minus sign + B2 D086; # capital Ukrainian I + B3 D196; # small Ukrainian i + B4 D291; # small Ukrainian soft g + B5 C2B5; # micro sign + B6 C2B6; # pilcrow sign + B7 C2B7; # · + B8 D191; # small yo + B9 E28496; # numero sign + BA D194; # small Ukrainian ye + BB C2BB; # right-pointing double angle quotation mark + + BF D197; # small Ukrainian yi + + C0 D090; # capital A + C1 D091; # capital B + C2 D092; # capital V + C3 D093; # capital G + C4 D094; # capital D + C5 D095; # capital YE + C6 D096; # capital ZH + C7 D097; # capital Z + C8 D098; # capital I + C9 D099; # capital J + CA D09A; # capital K + CB D09B; # capital L + CC D09C; # capital M + CD D09D; # capital N + CE D09E; # capital O + CF D09F; # capital P + + D0 D0A0; # capital R + D1 D0A1; # capital S + D2 D0A2; # capital T + D3 D0A3; # capital U + D4 D0A4; # capital F + D5 D0A5; # capital KH + D6 D0A6; # capital TS + D7 D0A7; # capital CH + D8 D0A8; # capital SH + D9 D0A9; # capital SHCH + DA D0AA; # capital hard sign + DB D0AB; # capital Y + DC D0AC; # capital soft sign + DD D0AD; # capital E + DE D0AE; # capital YU + DF D0AF; # capital YA + + E0 D0B0; # small a + E1 D0B1; # small b + E2 D0B2; # small v + E3 D0B3; # small g + E4 D0B4; # small d + E5 D0B5; # small ye + E6 D0B6; # small zh + E7 D0B7; # small z + E8 D0B8; # small i + E9 D0B9; # small j + EA D0BA; # small k + EB D0BB; # small l + EC D0BC; # small m + ED D0BD; # small n + EE D0BE; # small o + EF D0BF; # small p + + F0 D180; # small r + F1 D181; # small s + F2 D182; # small t + F3 D183; # small u + F4 D184; # small f + F5 D185; # small kh + F6 D186; # small ts + F7 D187; # small ch + F8 D188; # small sh + F9 D189; # small shch + FA D18A; # small hard sign + FB D18B; # small y + FC D18C; # small soft sign + FD D18D; # small e + FE D18E; # small yu + FF D18F; # small ya +} diff --git a/confs/etc/sysctl.conf b/confs/etc/sysctl.conf new file mode 100644 index 0000000..48e57a3 --- /dev/null +++ b/confs/etc/sysctl.conf @@ -0,0 +1,73 @@ +# +# /etc/sysctl.conf - Configuration file for setting system variables +# See /etc/sysctl.d/ for additional system variables. +# See sysctl.conf (5) for information. +# + +net.ipv4.tcp_max_tw_buckets = 2000000 +net.ipv4.ip_local_port_range = 10000 65000 +net.core.somaxconn = 32768 +net.core.netdev_max_backlog = 8192 +net.ipv4.tcp_tw_reuse = 1 +net.ipv4.tcp_fin_timeout = 10 +net.ipv4.tcp_tw_recycle = 1 +net.ipv4.tcp_rmem = 16384 131072 262144 +net.ipv4.tcp_wmem = 16384 131072 262144 +net.ipv4.tcp_mem = 2048000 4096000 4096000 +fs.file-max=65535 +kernel.panic = 10 + +#kernel.domainname = example.com + +# Uncomment the following to stop low-level messages on console +#kernel.printk = 3 4 1 3 + +##############################################################3 +# Functions previously found in netbase +# + +# Uncomment the next two lines to enable Spoof protection (reverse-path filter) +# Turn on Source Address Verification in all interfaces to +# prevent some spoofing attacks +#net.ipv4.conf.default.rp_filter=1 +#net.ipv4.conf.all.rp_filter=1 + +# Uncomment the next line to enable TCP/IP SYN cookies +# See http://lwn.net/Articles/277146/ +# Note: This may impact IPv6 TCP sessions too +#net.ipv4.tcp_syncookies=1 + +# Uncomment the next line to enable packet forwarding for IPv4 +#net.ipv4.ip_forward=1 + +# Uncomment the next line to enable packet forwarding for IPv6 +# Enabling this option disables Stateless Address Autoconfiguration +# based on Router Advertisements for this host +#net.ipv6.conf.all.forwarding=1 + + +################################################################### +# Additional settings - these settings can improve the network +# security of the host and prevent against some network attacks +# including spoofing attacks and man in the middle attacks through +# redirection. Some network environments, however, require that these +# settings are disabled so review and enable them as needed. +# +# Do not accept ICMP redirects (prevent MITM attacks) +#net.ipv4.conf.all.accept_redirects = 0 +#net.ipv6.conf.all.accept_redirects = 0 +# _or_ +# Accept ICMP redirects only for gateways listed in our default +# gateway list (enabled by default) +# net.ipv4.conf.all.secure_redirects = 1 +# +# Do not send ICMP redirects (we are not a router) +#net.ipv4.conf.all.send_redirects = 0 +# +# Do not accept IP source route packets (we are not a router) +#net.ipv4.conf.all.accept_source_route = 0 +#net.ipv6.conf.all.accept_source_route = 0 +# +# Log Martian Packets +#net.ipv4.conf.all.log_martians = 1 +# diff --git a/confs/etc/systemd/bootchart.conf b/confs/etc/systemd/bootchart.conf new file mode 100644 index 0000000..4f5e509 --- /dev/null +++ b/confs/etc/systemd/bootchart.conf @@ -0,0 +1,26 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. +# +# Entries in this file show the compile time defaults. +# You can change settings by editing this file. +# Defaults can be restored by simply deleting this file. +# +# See bootchart.conf(5) for details. + +[Bootchart] +#Samples=500 +#Frequency=25 +#Relative=no +#Filter=yes +#Output= +#Init=/path/to/init-binary +#PlotMemoryUsage=no +#PlotEntropyGraph=no +#ScaleX=100 +#ScaleY=20 +#ControlGroup=no +#PerCPU=no diff --git a/confs/etc/systemd/journald.conf b/confs/etc/systemd/journald.conf new file mode 100644 index 0000000..bc840dc --- /dev/null +++ b/confs/etc/systemd/journald.conf @@ -0,0 +1,41 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. +# +# Entries in this file show the compile time defaults. +# You can change settings by editing this file. +# Defaults can be restored by simply deleting this file. +# +# See journald.conf(5) for details. + +[Journal] +#Storage=auto +#Compress=yes +#Seal=yes +#SplitMode=uid +#SyncIntervalSec=5m +#RateLimitInterval=30s +#RateLimitBurst=1000 +#SystemMaxUse= +#SystemKeepFree= +#SystemMaxFileSize= +#SystemMaxFiles=100 +#RuntimeMaxUse= +#RuntimeKeepFree= +#RuntimeMaxFileSize= +#RuntimeMaxFiles=100 +#MaxRetentionSec= +#MaxFileSec=1month +#ForwardToSyslog=yes +#ForwardToKMsg=no +#ForwardToConsole=no +#ForwardToWall=yes +#TTYPath=/dev/console +#MaxLevelStore=debug +#MaxLevelSyslog=debug +#MaxLevelKMsg=notice +#MaxLevelConsole=info +#MaxLevelWall=emerg diff --git a/confs/etc/systemd/logind.conf b/confs/etc/systemd/logind.conf new file mode 100644 index 0000000..6095e48 --- /dev/null +++ b/confs/etc/systemd/logind.conf @@ -0,0 +1,35 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. +# +# Entries in this file show the compile time defaults. +# You can change settings by editing this file. +# Defaults can be restored by simply deleting this file. +# +# See logind.conf(5) for details. + +[Login] +#NAutoVTs=6 +#ReserveVT=6 +#KillUserProcesses=no +#KillOnlyUsers= +#KillExcludeUsers=root +#InhibitDelayMaxSec=5 +#HandlePowerKey=poweroff +#HandleSuspendKey=suspend +#HandleHibernateKey=hibernate +#HandleLidSwitch=suspend +#HandleLidSwitchDocked=ignore +#PowerKeyIgnoreInhibited=no +#SuspendKeyIgnoreInhibited=no +#HibernateKeyIgnoreInhibited=no +#LidSwitchIgnoreInhibited=yes +#HoldoffTimeoutSec=30s +#IdleAction=ignore +#IdleActionSec=30min +#RuntimeDirectorySize=10% +#RemoveIPC=yes +#UserTasksMax=12288 diff --git a/confs/etc/systemd/resolved.conf b/confs/etc/systemd/resolved.conf new file mode 100644 index 0000000..e893b23 --- /dev/null +++ b/confs/etc/systemd/resolved.conf @@ -0,0 +1,19 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. +# +# Entries in this file show the compile time defaults. +# You can change settings by editing this file. +# Defaults can be restored by simply deleting this file. +# +# See resolved.conf(5) for details + +[Resolve] +#DNS= +#FallbackDNS=8.8.8.8 8.8.4.4 2001:4860:4860::8888 2001:4860:4860::8844 +#Domains= +#LLMNR=yes +#DNSSEC=no diff --git a/confs/etc/systemd/system.conf b/confs/etc/systemd/system.conf new file mode 100644 index 0000000..63bff08 --- /dev/null +++ b/confs/etc/systemd/system.conf @@ -0,0 +1,60 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. +# +# Entries in this file show the compile time defaults. +# You can change settings by editing this file. +# Defaults can be restored by simply deleting this file. +# +# See systemd-system.conf(5) for details. + +[Manager] +#LogLevel=info +#LogTarget=journal-or-kmsg +#LogColor=yes +#LogLocation=no +#DumpCore=yes +#ShowStatus=yes +#CrashChangeVT=no +#CrashShell=no +#CrashReboot=no +#CPUAffinity=1 2 +#JoinControllers=cpu,cpuacct net_cls,net_prio +#RuntimeWatchdogSec=0 +#ShutdownWatchdogSec=10min +#CapabilityBoundingSet= +#SystemCallArchitectures= +#TimerSlackNSec= +#DefaultTimerAccuracySec=1min +#DefaultStandardOutput=journal +#DefaultStandardError=inherit +#DefaultTimeoutStartSec=90s +#DefaultTimeoutStopSec=90s +#DefaultRestartSec=100ms +#DefaultStartLimitInterval=10s +#DefaultStartLimitBurst=5 +#DefaultEnvironment= +#DefaultCPUAccounting=no +#DefaultBlockIOAccounting=no +#DefaultMemoryAccounting=no +#DefaultTasksAccounting=no +#DefaultTasksMax= +#DefaultLimitCPU= +#DefaultLimitFSIZE= +#DefaultLimitDATA= +#DefaultLimitSTACK= +#DefaultLimitCORE= +#DefaultLimitRSS= +#DefaultLimitNOFILE= +#DefaultLimitAS= +#DefaultLimitNPROC= +#DefaultLimitMEMLOCK= +#DefaultLimitLOCKS= +#DefaultLimitSIGPENDING= +#DefaultLimitMSGQUEUE= +#DefaultLimitNICE= +#DefaultLimitRTPRIO= +#DefaultLimitRTTIME= diff --git a/confs/etc/systemd/system/default.target.wants/ureadahead.service b/confs/etc/systemd/system/default.target.wants/ureadahead.service new file mode 100644 index 0000000..85f7292 --- /dev/null +++ b/confs/etc/systemd/system/default.target.wants/ureadahead.service @@ -0,0 +1,16 @@ +[Unit] +Description=Read required files in advance +DefaultDependencies=false +Conflicts=shutdown.target +Before=shutdown.target +Requires=ureadahead-stop.timer +RequiresMountsFor=/var/lib/ureadahead +ConditionVirtualization=no + +[Service] +ExecStart=/sbin/ureadahead +# when profiling, give it three minutes after sending SIGTERM to write out the pack file +TimeoutStopSec=3m + +[Install] +WantedBy=default.target diff --git a/confs/etc/systemd/system/getty.target.wants/getty@tty1.service b/confs/etc/systemd/system/getty.target.wants/getty@tty1.service new file mode 100644 index 0000000..a9cd33f --- /dev/null +++ b/confs/etc/systemd/system/getty.target.wants/getty@tty1.service @@ -0,0 +1,47 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Getty on %I +Documentation=man:agetty(8) man:systemd-getty-generator(8) +Documentation=http://0pointer.de/blog/projects/serial-console.html +After=systemd-user-sessions.service plymouth-quit-wait.service +After=rc-local.service + +# If additional gettys are spawned during boot then we should make +# sure that this is synchronized before getty.target, even though +# getty.target didn't actually pull it in. +Before=getty.target +IgnoreOnIsolate=yes + +# On systems without virtual consoles, don't start any getty. Note +# that serial gettys are covered by serial-getty@.service, not this +# unit. +ConditionPathExists=/dev/tty0 + +[Service] +# the VT is cleared by TTYVTDisallocate +ExecStart=-/sbin/agetty --noclear %I $TERM +Type=idle +Restart=always +RestartSec=0 +UtmpIdentifier=%I +TTYPath=/dev/%I +TTYReset=yes +TTYVHangup=yes +TTYVTDisallocate=yes +KillMode=process +IgnoreSIGPIPE=no +SendSIGHUP=yes + +# Unset locale for the console getty since the console has problems +# displaying some internationalized messages. +Environment=LANG= LANGUAGE= LC_CTYPE= LC_NUMERIC= LC_TIME= LC_COLLATE= LC_MONETARY= LC_MESSAGES= LC_PAPER= LC_NAME= LC_ADDRESS= LC_TELEPHONE= LC_MEASUREMENT= LC_IDENTIFICATION= + +[Install] +WantedBy=getty.target +DefaultInstance=tty1 diff --git a/confs/etc/systemd/system/hibernate.target.wants/anacron-resume.service b/confs/etc/systemd/system/hibernate.target.wants/anacron-resume.service new file mode 100644 index 0000000..21b840a --- /dev/null +++ b/confs/etc/systemd/system/hibernate.target.wants/anacron-resume.service @@ -0,0 +1,14 @@ +[Unit] +Description=Run anacron jobs at resume +After=suspend.target +After=hibernate.target +After=hybrid-sleep.target + +[Service] +ExecStart=/bin/systemctl --no-block --fail start anacron.service + +[Install] +WantedBy=suspend.target +WantedBy=hibernate.target +WantedBy=hybrid-sleep.target + diff --git a/confs/etc/systemd/system/hybrid-sleep.target.wants/anacron-resume.service b/confs/etc/systemd/system/hybrid-sleep.target.wants/anacron-resume.service new file mode 100644 index 0000000..21b840a --- /dev/null +++ b/confs/etc/systemd/system/hybrid-sleep.target.wants/anacron-resume.service @@ -0,0 +1,14 @@ +[Unit] +Description=Run anacron jobs at resume +After=suspend.target +After=hibernate.target +After=hybrid-sleep.target + +[Service] +ExecStart=/bin/systemctl --no-block --fail start anacron.service + +[Install] +WantedBy=suspend.target +WantedBy=hibernate.target +WantedBy=hybrid-sleep.target + diff --git a/confs/etc/systemd/system/isubata.golang.service b/confs/etc/systemd/system/isubata.golang.service new file mode 100644 index 0000000..54f0121 --- /dev/null +++ b/confs/etc/systemd/system/isubata.golang.service @@ -0,0 +1,16 @@ +[Unit] +Description = isucon7 qualifier main application in golang + +[Service] +WorkingDirectory=/home/isucon/isubata/webapp/go/ +EnvironmentFile=/home/isucon/env.sh + +ExecStart = /home/isucon/isubata/webapp/go/isubata + +Restart = always +Type = simple +User = isucon +Group = isucon + +[Install] +WantedBy = multi-user.target diff --git a/confs/etc/systemd/system/isubata.nodejs.service b/confs/etc/systemd/system/isubata.nodejs.service new file mode 100644 index 0000000..72a52bf --- /dev/null +++ b/confs/etc/systemd/system/isubata.nodejs.service @@ -0,0 +1,16 @@ +[Unit] +Description = isucon7 qualifier main application in nodejs + +[Service] +WorkingDirectory=/home/isucon/isubata/webapp/nodejs +EnvironmentFile=/home/isucon/env.sh + +ExecStart = /home/isucon/local/node/bin/node /home/isucon/isubata/webapp/nodejs + +Restart = always +Type = simple +User = isucon +Group = isucon + +[Install] +WantedBy = multi-user.target diff --git a/confs/etc/systemd/system/isubata.perl.service b/confs/etc/systemd/system/isubata.perl.service new file mode 100644 index 0000000..7386e92 --- /dev/null +++ b/confs/etc/systemd/system/isubata.perl.service @@ -0,0 +1,16 @@ +[Unit] +Description = isucon7 qualifier main application in perl + +[Service] +WorkingDirectory=/home/isucon/isubata/webapp/perl +EnvironmentFile=/home/isucon/env.sh + +ExecStart = /home/isucon/local/perl/bin/carton exec plackup -s Starlet -p 5000 app.psgi + +Restart = always +Type = simple +User = isucon +Group = isucon + +[Install] +WantedBy = multi-user.target diff --git a/confs/etc/systemd/system/isubata.php.service b/confs/etc/systemd/system/isubata.php.service new file mode 100644 index 0000000..437f3eb --- /dev/null +++ b/confs/etc/systemd/system/isubata.php.service @@ -0,0 +1,16 @@ +[Unit] +Description = isucon7 qualifier main application in PHP + +[Service] +WorkingDirectory=/home/isucon/isubata/webapp/php +EnvironmentFile=/home/isucon/env.sh + +ExecStart = /home/isucon/local/php/sbin/php-fpm --fpm-config /home/isucon/local/php/etc/isubata.php-fpm.conf + +Restart = always +Type = simple +User = isucon +Group = isucon + +[Install] +WantedBy = multi-user.target diff --git a/confs/etc/systemd/system/isubata.python.service b/confs/etc/systemd/system/isubata.python.service new file mode 100644 index 0000000..49be6df --- /dev/null +++ b/confs/etc/systemd/system/isubata.python.service @@ -0,0 +1,16 @@ +[Unit] +Description = isucon7 qualifier main application in python + +[Service] +WorkingDirectory=/home/isucon/isubata/webapp/python +EnvironmentFile=/home/isucon/env.sh + +ExecStart = /home/isucon/local/python/bin/gunicorn --workers=4 --threads=4 app:app -b '127.0.0.1:5000' + +Restart = always +Type = simple +User = isucon +Group = isucon + +[Install] +WantedBy = multi-user.target diff --git a/confs/etc/systemd/system/isubata.ruby.service b/confs/etc/systemd/system/isubata.ruby.service new file mode 100644 index 0000000..5b97855 --- /dev/null +++ b/confs/etc/systemd/system/isubata.ruby.service @@ -0,0 +1,17 @@ +[Unit] +Description = isucon7 qualifier main application in ruby + +[Service] +WorkingDirectory=/home/isucon/isubata/webapp/ruby +EnvironmentFile=/home/isucon/env.sh +Environment=RACK_ENV=production + +ExecStart = /home/isucon/local/ruby/bin/bundle exec puma -p 5000 -t 10 + +Restart = always +Type = simple +User = isucon +Group = isucon + +[Install] +WantedBy = multi-user.target diff --git a/confs/etc/systemd/system/multi-user.target.wants/anacron.service b/confs/etc/systemd/system/multi-user.target.wants/anacron.service new file mode 100644 index 0000000..77af569 --- /dev/null +++ b/confs/etc/systemd/system/multi-user.target.wants/anacron.service @@ -0,0 +1,11 @@ +[Unit] +Description=Run anacron jobs +After=time-sync.target +ConditionACPower=true + +[Service] +ExecStart=/usr/sbin/anacron -dsq +IgnoreSIGPIPE=false + +[Install] +WantedBy=multi-user.target diff --git a/confs/etc/systemd/system/multi-user.target.wants/cron.service b/confs/etc/systemd/system/multi-user.target.wants/cron.service new file mode 100644 index 0000000..f06473d --- /dev/null +++ b/confs/etc/systemd/system/multi-user.target.wants/cron.service @@ -0,0 +1,12 @@ +[Unit] +Description=Regular background program processing daemon +Documentation=man:cron(8) + +[Service] +EnvironmentFile=-/etc/default/cron +ExecStart=/usr/sbin/cron -f $EXTRA_OPTS +IgnoreSIGPIPE=false +KillMode=process + +[Install] +WantedBy=multi-user.target diff --git a/confs/etc/systemd/system/multi-user.target.wants/fail2ban.service b/confs/etc/systemd/system/multi-user.target.wants/fail2ban.service new file mode 100644 index 0000000..6ebbacc --- /dev/null +++ b/confs/etc/systemd/system/multi-user.target.wants/fail2ban.service @@ -0,0 +1,15 @@ +[Unit] +Description=Fail2Ban Service +Documentation=man:fail2ban(1) +After=network.target iptables.service firewalld.service + +[Service] +Type=forking +ExecStart=/usr/bin/fail2ban-client -x start +ExecStop=/usr/bin/fail2ban-client stop +ExecReload=/usr/bin/fail2ban-client reload +PIDFile=/var/run/fail2ban/fail2ban.pid +Restart=always + +[Install] +WantedBy=multi-user.target diff --git a/confs/etc/systemd/system/multi-user.target.wants/isubata.python.service b/confs/etc/systemd/system/multi-user.target.wants/isubata.python.service new file mode 100644 index 0000000..49be6df --- /dev/null +++ b/confs/etc/systemd/system/multi-user.target.wants/isubata.python.service @@ -0,0 +1,16 @@ +[Unit] +Description = isucon7 qualifier main application in python + +[Service] +WorkingDirectory=/home/isucon/isubata/webapp/python +EnvironmentFile=/home/isucon/env.sh + +ExecStart = /home/isucon/local/python/bin/gunicorn --workers=4 --threads=4 app:app -b '127.0.0.1:5000' + +Restart = always +Type = simple +User = isucon +Group = isucon + +[Install] +WantedBy = multi-user.target diff --git a/confs/etc/systemd/system/multi-user.target.wants/mysql.service b/confs/etc/systemd/system/multi-user.target.wants/mysql.service new file mode 100644 index 0000000..13d5ca2 --- /dev/null +++ b/confs/etc/systemd/system/multi-user.target.wants/mysql.service @@ -0,0 +1,20 @@ +# MySQL systemd service file + +[Unit] +Description=MySQL Community Server +After=network.target + +[Install] +WantedBy=multi-user.target + +[Service] +User=mysql +Group=mysql +PermissionsStartOnly=true +ExecStartPre=/usr/share/mysql/mysql-systemd-start pre +ExecStart=/usr/sbin/mysqld +ExecStartPost=/usr/share/mysql/mysql-systemd-start post +TimeoutSec=600 +Restart=on-failure +RuntimeDirectory=mysqld +RuntimeDirectoryMode=755 diff --git a/confs/etc/systemd/system/multi-user.target.wants/networking.service b/confs/etc/systemd/system/multi-user.target.wants/networking.service new file mode 100644 index 0000000..7d7af55 --- /dev/null +++ b/confs/etc/systemd/system/multi-user.target.wants/networking.service @@ -0,0 +1,21 @@ +[Unit] +Description=Raise network interfaces +Documentation=man:interfaces(5) +DefaultDependencies=no +Wants=network.target +After=local-fs.target network-pre.target apparmor.service systemd-sysctl.service systemd-modules-load.service +Before=network.target shutdown.target network-online.target +Conflicts=shutdown.target + +[Install] +WantedBy=multi-user.target +WantedBy=network-online.target + +[Service] +Type=oneshot +EnvironmentFile=-/etc/default/networking +ExecStartPre=-/bin/sh -c '[ "$CONFIGURE_INTERFACES" != "no" ] && [ -n "$(ifquery --read-environment --list --exclude=lo)" ] && udevadm settle' +ExecStart=/sbin/ifup -a --read-environment +ExecStop=/sbin/ifdown -a --read-environment --exclude=lo +RemainAfterExit=true +TimeoutStartSec=5min diff --git a/confs/etc/systemd/system/multi-user.target.wants/nginx.service b/confs/etc/systemd/system/multi-user.target.wants/nginx.service new file mode 100644 index 0000000..0da034d --- /dev/null +++ b/confs/etc/systemd/system/multi-user.target.wants/nginx.service @@ -0,0 +1,28 @@ +# Stop dance for nginx +# ======================= +# +# ExecStop sends SIGSTOP (graceful stop) to the nginx process. +# If, after 5s (--retry QUIT/5) nginx is still running, systemd takes control +# and sends SIGTERM (fast shutdown) to the main process. +# After another 5s (TimeoutStopSec=5), and if nginx is alive, systemd sends +# SIGKILL to all the remaining processes in the process group (KillMode=mixed). +# +# nginx signals reference doc: +# http://nginx.org/en/docs/control.html +# +[Unit] +Description=A high performance web server and a reverse proxy server +After=network.target + +[Service] +Type=forking +PIDFile=/run/nginx.pid +ExecStartPre=/usr/sbin/nginx -t -q -g 'daemon on; master_process on;' +ExecStart=/usr/sbin/nginx -g 'daemon on; master_process on;' +ExecReload=/usr/sbin/nginx -g 'daemon on; master_process on;' -s reload +ExecStop=-/sbin/start-stop-daemon --quiet --stop --retry QUIT/5 --pidfile /run/nginx.pid +TimeoutStopSec=5 +KillMode=mixed + +[Install] +WantedBy=multi-user.target diff --git a/confs/etc/systemd/system/multi-user.target.wants/remote-fs.target b/confs/etc/systemd/system/multi-user.target.wants/remote-fs.target new file mode 100644 index 0000000..43ffa5c --- /dev/null +++ b/confs/etc/systemd/system/multi-user.target.wants/remote-fs.target @@ -0,0 +1,16 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Remote File Systems +Documentation=man:systemd.special(7) +After=remote-fs-pre.target +DefaultDependencies=no +Conflicts=shutdown.target + +[Install] +WantedBy=multi-user.target diff --git a/confs/etc/systemd/system/multi-user.target.wants/rsyslog.service b/confs/etc/systemd/system/multi-user.target.wants/rsyslog.service new file mode 100644 index 0000000..72259bf --- /dev/null +++ b/confs/etc/systemd/system/multi-user.target.wants/rsyslog.service @@ -0,0 +1,15 @@ +[Unit] +Description=System Logging Service +Requires=syslog.socket +Documentation=man:rsyslogd(8) +Documentation=http://www.rsyslog.com/doc/ + +[Service] +Type=notify +ExecStart=/usr/sbin/rsyslogd -n +StandardOutput=null +Restart=on-failure + +[Install] +WantedBy=multi-user.target +Alias=syslog.service diff --git a/confs/etc/systemd/system/multi-user.target.wants/ssh.service b/confs/etc/systemd/system/multi-user.target.wants/ssh.service new file mode 100644 index 0000000..3df8c64 --- /dev/null +++ b/confs/etc/systemd/system/multi-user.target.wants/ssh.service @@ -0,0 +1,17 @@ +[Unit] +Description=OpenBSD Secure Shell server +After=network.target auditd.service +ConditionPathExists=!/etc/ssh/sshd_not_to_be_run + +[Service] +EnvironmentFile=-/etc/default/ssh +ExecStart=/usr/sbin/sshd -D $SSHD_OPTS +ExecReload=/bin/kill -HUP $MAINPID +KillMode=process +Restart=on-failure +RestartPreventExitStatus=255 +Type=notify + +[Install] +WantedBy=multi-user.target +Alias=sshd.service diff --git a/confs/etc/systemd/system/multi-user.target.wants/ufw.service b/confs/etc/systemd/system/multi-user.target.wants/ufw.service new file mode 100644 index 0000000..c568e80 --- /dev/null +++ b/confs/etc/systemd/system/multi-user.target.wants/ufw.service @@ -0,0 +1,13 @@ +[Unit] +Description=Uncomplicated firewall +DefaultDependencies=no +Before=network.target + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/lib/ufw/ufw-init start quiet +ExecStop=/lib/ufw/ufw-init stop + +[Install] +WantedBy=multi-user.target diff --git a/confs/etc/systemd/system/network-online.target.wants/networking.service b/confs/etc/systemd/system/network-online.target.wants/networking.service new file mode 100644 index 0000000..7d7af55 --- /dev/null +++ b/confs/etc/systemd/system/network-online.target.wants/networking.service @@ -0,0 +1,21 @@ +[Unit] +Description=Raise network interfaces +Documentation=man:interfaces(5) +DefaultDependencies=no +Wants=network.target +After=local-fs.target network-pre.target apparmor.service systemd-sysctl.service systemd-modules-load.service +Before=network.target shutdown.target network-online.target +Conflicts=shutdown.target + +[Install] +WantedBy=multi-user.target +WantedBy=network-online.target + +[Service] +Type=oneshot +EnvironmentFile=-/etc/default/networking +ExecStartPre=-/bin/sh -c '[ "$CONFIGURE_INTERFACES" != "no" ] && [ -n "$(ifquery --read-environment --list --exclude=lo)" ] && udevadm settle' +ExecStart=/sbin/ifup -a --read-environment +ExecStop=/sbin/ifdown -a --read-environment --exclude=lo +RemainAfterExit=true +TimeoutStartSec=5min diff --git a/confs/etc/systemd/system/paths.target.wants/acpid.path b/confs/etc/systemd/system/paths.target.wants/acpid.path new file mode 100644 index 0000000..bf3acfc --- /dev/null +++ b/confs/etc/systemd/system/paths.target.wants/acpid.path @@ -0,0 +1,9 @@ +[Unit] +Description=ACPI Events Check + +[Path] +DirectoryNotEmpty=/etc/acpi/events/ + +[Install] +WantedBy=paths.target + diff --git a/confs/etc/systemd/system/sockets.target.wants/acpid.socket b/confs/etc/systemd/system/sockets.target.wants/acpid.socket new file mode 100644 index 0000000..1e5365b --- /dev/null +++ b/confs/etc/systemd/system/sockets.target.wants/acpid.socket @@ -0,0 +1,8 @@ +[Unit] +Description=ACPID Listen Socket + +[Socket] +ListenStream=/run/acpid.socket + +[Install] +WantedBy=sockets.target diff --git a/confs/etc/systemd/system/sockets.target.wants/uuidd.socket b/confs/etc/systemd/system/sockets.target.wants/uuidd.socket new file mode 100644 index 0000000..52da1ec --- /dev/null +++ b/confs/etc/systemd/system/sockets.target.wants/uuidd.socket @@ -0,0 +1,8 @@ +[Unit] +Description=UUID daemon activation socket + +[Socket] +ListenStream=/run/uuidd/request + +[Install] +WantedBy=sockets.target diff --git a/confs/etc/systemd/system/sshd.service b/confs/etc/systemd/system/sshd.service new file mode 100644 index 0000000..3df8c64 --- /dev/null +++ b/confs/etc/systemd/system/sshd.service @@ -0,0 +1,17 @@ +[Unit] +Description=OpenBSD Secure Shell server +After=network.target auditd.service +ConditionPathExists=!/etc/ssh/sshd_not_to_be_run + +[Service] +EnvironmentFile=-/etc/default/ssh +ExecStart=/usr/sbin/sshd -D $SSHD_OPTS +ExecReload=/bin/kill -HUP $MAINPID +KillMode=process +Restart=on-failure +RestartPreventExitStatus=255 +Type=notify + +[Install] +WantedBy=multi-user.target +Alias=sshd.service diff --git a/confs/etc/systemd/system/suspend.target.wants/anacron-resume.service b/confs/etc/systemd/system/suspend.target.wants/anacron-resume.service new file mode 100644 index 0000000..21b840a --- /dev/null +++ b/confs/etc/systemd/system/suspend.target.wants/anacron-resume.service @@ -0,0 +1,14 @@ +[Unit] +Description=Run anacron jobs at resume +After=suspend.target +After=hibernate.target +After=hybrid-sleep.target + +[Service] +ExecStart=/bin/systemctl --no-block --fail start anacron.service + +[Install] +WantedBy=suspend.target +WantedBy=hibernate.target +WantedBy=hybrid-sleep.target + diff --git a/confs/etc/systemd/system/sysinit.target.wants/friendly-recovery.service b/confs/etc/systemd/system/sysinit.target.wants/friendly-recovery.service new file mode 100644 index 0000000..ec8952d --- /dev/null +++ b/confs/etc/systemd/system/sysinit.target.wants/friendly-recovery.service @@ -0,0 +1,28 @@ +[Unit] +Description=Recovery mode menu +DefaultDependencies=no +ConditionKernelCommandLine=recovery +Conflicts=shutdown.target +Before=systemd-fsck-root.service local-fs-pre.target +Wants=systemd-udevd.service systemd-udev-trigger.service +After=systemd-udevd.service + +[Service] +Type=oneshot +Environment=HOME=/root +WorkingDirectory=/root +ExecStartPre=-/bin/udevadm settle +ExecStartPre=-/bin/dmesg --console-off +ExecStartPre=-/bin/plymouth quit +# let the console output settle down +ExecStartPre=-/bin/sh -e 'while systemctl list-jobs | grep -v friendly-recovery | grep -q running; do sleep 0.2; done' +ExecStart=-/lib/recovery-mode/recovery-menu +StandardInput=tty-force +StandardOutput=inherit +StandardError=inherit +KillMode=process +IgnoreSIGPIPE=no +SendSIGHUP=yes + +[Install] +WantedBy=sysinit.target diff --git a/confs/etc/systemd/system/sysinit.target.wants/resolvconf.service b/confs/etc/systemd/system/sysinit.target.wants/resolvconf.service new file mode 100644 index 0000000..d9ac6b9 --- /dev/null +++ b/confs/etc/systemd/system/sysinit.target.wants/resolvconf.service @@ -0,0 +1,16 @@ +[Unit] +Description=Nameserver information manager +Documentation=man:resolvconf(8) +DefaultDependencies=no +Before=network-pre.target +Wants=network-pre.target + +[Service] +RemainAfterExit=yes +ExecStartPre=/bin/mkdir -p /run/resolvconf/interface +ExecStartPre=/bin/touch /run/resolvconf/postponed-update +ExecStart=/sbin/resolvconf --enable-updates +ExecStop=/sbin/resolvconf --disable-updates + +[Install] +WantedBy=sysinit.target diff --git a/confs/etc/systemd/system/sysinit.target.wants/systemd-timesyncd.service b/confs/etc/systemd/system/sysinit.target.wants/systemd-timesyncd.service new file mode 100644 index 0000000..4b5bc87 --- /dev/null +++ b/confs/etc/systemd/system/sysinit.target.wants/systemd-timesyncd.service @@ -0,0 +1,33 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Network Time Synchronization +Documentation=man:systemd-timesyncd.service(8) +ConditionCapability=CAP_SYS_TIME +ConditionVirtualization=!container +DefaultDependencies=no +RequiresMountsFor=/var/lib/systemd/clock +After=systemd-remount-fs.service systemd-tmpfiles-setup.service systemd-sysusers.service +Before=time-sync.target sysinit.target shutdown.target +Conflicts=shutdown.target +Wants=time-sync.target + +[Service] +Type=notify +Restart=always +RestartSec=0 +ExecStart=/lib/systemd/systemd-timesyncd +CapabilityBoundingSet=CAP_SYS_TIME CAP_SETUID CAP_SETGID CAP_SETPCAP CAP_CHOWN CAP_DAC_OVERRIDE CAP_FOWNER +PrivateTmp=yes +PrivateDevices=yes +ProtectSystem=full +ProtectHome=yes +WatchdogSec=3min + +[Install] +WantedBy=sysinit.target diff --git a/confs/etc/systemd/system/syslog.service b/confs/etc/systemd/system/syslog.service new file mode 100644 index 0000000..72259bf --- /dev/null +++ b/confs/etc/systemd/system/syslog.service @@ -0,0 +1,15 @@ +[Unit] +Description=System Logging Service +Requires=syslog.socket +Documentation=man:rsyslogd(8) +Documentation=http://www.rsyslog.com/doc/ + +[Service] +Type=notify +ExecStart=/usr/sbin/rsyslogd -n +StandardOutput=null +Restart=on-failure + +[Install] +WantedBy=multi-user.target +Alias=syslog.service diff --git a/confs/etc/systemd/system/timers.target.wants/apt-daily-upgrade.timer b/confs/etc/systemd/system/timers.target.wants/apt-daily-upgrade.timer new file mode 100644 index 0000000..79caf3b --- /dev/null +++ b/confs/etc/systemd/system/timers.target.wants/apt-daily-upgrade.timer @@ -0,0 +1,11 @@ +[Unit] +Description=Daily apt upgrade and clean activities +After=apt-daily.timer + +[Timer] +OnCalendar=*-*-* 6:00 +RandomizedDelaySec=60m +Persistent=true + +[Install] +WantedBy=timers.target diff --git a/confs/etc/systemd/system/timers.target.wants/apt-daily.timer b/confs/etc/systemd/system/timers.target.wants/apt-daily.timer new file mode 100644 index 0000000..735da24 --- /dev/null +++ b/confs/etc/systemd/system/timers.target.wants/apt-daily.timer @@ -0,0 +1,12 @@ +[Unit] +Description=Daily apt download activities +After=network-online.target +Wants=network-online.target + +[Timer] +OnCalendar=*-*-* 6,18:00 +RandomizedDelaySec=12h +Persistent=true + +[Install] +WantedBy=timers.target diff --git a/confs/etc/systemd/timesyncd.conf b/confs/etc/systemd/timesyncd.conf new file mode 100644 index 0000000..1593011 --- /dev/null +++ b/confs/etc/systemd/timesyncd.conf @@ -0,0 +1,16 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. +# +# Entries in this file show the compile time defaults. +# You can change settings by editing this file. +# Defaults can be restored by simply deleting this file. +# +# See timesyncd.conf(5) for details. + +[Time] +#NTP= +#FallbackNTP=ntp.ubuntu.com diff --git a/confs/etc/systemd/user.conf b/confs/etc/systemd/user.conf new file mode 100644 index 0000000..87c8164 --- /dev/null +++ b/confs/etc/systemd/user.conf @@ -0,0 +1,44 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. +# +# You can override the directives in this file by creating files in +# /etc/systemd/user.conf.d/*.conf. +# +# See systemd-user.conf(5) for details + +[Manager] +#LogLevel=info +#LogTarget=console +#LogColor=yes +#LogLocation=no +#SystemCallArchitectures= +#TimerSlackNSec= +#DefaultTimerAccuracySec=1min +#DefaultStandardOutput=inherit +#DefaultStandardError=inherit +#DefaultTimeoutStartSec=90s +#DefaultTimeoutStopSec=90s +#DefaultRestartSec=100ms +#DefaultStartLimitInterval=10s +#DefaultStartLimitBurst=5 +#DefaultEnvironment= +#DefaultLimitCPU= +#DefaultLimitFSIZE= +#DefaultLimitDATA= +#DefaultLimitSTACK= +#DefaultLimitCORE= +#DefaultLimitRSS= +#DefaultLimitNOFILE= +#DefaultLimitAS= +#DefaultLimitNPROC= +#DefaultLimitMEMLOCK= +#DefaultLimitLOCKS= +#DefaultLimitSIGPENDING= +#DefaultLimitMSGQUEUE= +#DefaultLimitNICE= +#DefaultLimitRTPRIO= +#DefaultLimitRTTIME= diff --git a/confs/put.sh b/confs/put.sh new file mode 100755 index 0000000..96b54ec --- /dev/null +++ b/confs/put.sh @@ -0,0 +1,7 @@ +#!/usr/bin/env bash + +FROM="./etc/" +TO="/etc" + +rsync -avcz $FROM $TO +