diff options
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/doas.conf | 13 | ||||
| -rw-r--r-- | etc/exports | 7 | ||||
| -rw-r--r-- | etc/fstab | 3 | ||||
| -rw-r--r-- | etc/httpd.conf | 23 | ||||
| -rw-r--r-- | etc/rc.conf.local | 5 | ||||
| -rw-r--r-- | etc/shells | 10 | ||||
| -rw-r--r-- | etc/ssh/sshd_config | 103 |
7 files changed, 164 insertions, 0 deletions
diff --git a/etc/doas.conf b/etc/doas.conf new file mode 100644 index 0000000..d74f89d --- /dev/null +++ b/etc/doas.conf @@ -0,0 +1,13 @@ +# $OpenBSD: doas.conf,v 1.1 2016/09/03 11:58:32 pirofti Exp $ +# See doas.conf(5) for syntax and examples. + +# Non-exhaustive list of variables needed to build release(8) and ports(7) +#permit nopass setenv { \ +# FTPMODE PKG_CACHE PKG_PATH SM_PATH SSH_AUTH_SOCK \ +# DESTDIR DISTDIR FETCH_CMD FLAVOR GROUP MAKE MAKECONF \ +# MULTI_PACKAGES NOMAN OKAY_FILES OWNER PKG_DBDIR \ +# PKG_DESTDIR PKG_TMPDIR PORTSDIR RELEASEDIR SHARED_ONLY \ +# SUBPACKAGE WRKOBJDIR SUDO_PORT_V1 } :wsrc + +# Allow wheel by default +permit persist keepenv :wheel diff --git a/etc/exports b/etc/exports new file mode 100644 index 0000000..1d45f46 --- /dev/null +++ b/etc/exports @@ -0,0 +1,7 @@ +# $OpenBSD: exports,v 1.1 2014/07/12 03:52:39 deraadt Exp $ +# +# NFS exports Database +# See exports(5) for more information. Be very careful: misconfiguration +# of this file can result in your filesystems being readable by the world. + +/home/git/repositories -ro -maproot=root localhost diff --git a/etc/fstab b/etc/fstab new file mode 100644 index 0000000..fb3b019 --- /dev/null +++ b/etc/fstab @@ -0,0 +1,3 @@ +7b4a8f66b5a2f8af.a / ffs rw,wxallowed 1 1 + +localhost:/home/git/repositories /var/www/git/repositories nfs ro,nodev,nosuid 0 0 diff --git a/etc/httpd.conf b/etc/httpd.conf new file mode 100644 index 0000000..3defb8c --- /dev/null +++ b/etc/httpd.conf @@ -0,0 +1,23 @@ +types { + include "/usr/share/misc/mime.types" +} + +server "maddaat.org" { + listen on * port 80 + + location "*" { + block return 307 "http://git.maddaat.org" + } +} + +server "git.maddaat.org" { + listen on * port 80 + + location "/cgit.*" { + root "/cgit" + no fastcgi + } + + root "/cgi-bin/cgit.cgi" + fastcgi socket "/run/slowcgi.sock" +} diff --git a/etc/rc.conf.local b/etc/rc.conf.local new file mode 100644 index 0000000..468a7d0 --- /dev/null +++ b/etc/rc.conf.local @@ -0,0 +1,5 @@ +httpd_flags= +mountd_flags= +nfsd_flags= +portmap_flags= +slowcgi_flags= diff --git a/etc/shells b/etc/shells new file mode 100644 index 0000000..7dff12e --- /dev/null +++ b/etc/shells @@ -0,0 +1,10 @@ +# $OpenBSD: shells,v 1.8 2009/02/14 17:06:40 sobrado Exp $ +# +# list of acceptable shells for chpass(1). +# ftpd(8) will not allow users to connect who are not using +# one of these shells, unless the user is listed in /etc/ftpchroot. +/bin/sh +/bin/csh +/bin/ksh +/usr/local/bin/git-shell +/usr/local/libexec/gitolite/gitolite-shell diff --git a/etc/ssh/sshd_config b/etc/ssh/sshd_config new file mode 100644 index 0000000..305e84b --- /dev/null +++ b/etc/ssh/sshd_config @@ -0,0 +1,103 @@ +# $OpenBSD: sshd_config,v 1.105 2024/12/03 14:12:47 dtucker Exp $ + +# This is the sshd server system-wide configuration file. See +# sshd_config(5) for more information. + +# The strategy used for options in the default sshd_config shipped with +# OpenSSH is to specify options with their default value where +# possible, but leave them commented. Uncommented options override the +# default value. + +#Port 22 +#AddressFamily any +#ListenAddress 0.0.0.0 +#ListenAddress :: + +#HostKey /etc/ssh/ssh_host_rsa_key +#HostKey /etc/ssh/ssh_host_ecdsa_key +#HostKey /etc/ssh/ssh_host_ed25519_key + +# Ciphers and keying +#RekeyLimit default none + +# Logging +#SyslogFacility AUTH +#LogLevel INFO + +# Authentication: + +#LoginGraceTime 2m +PermitRootLogin no +#StrictModes yes +#MaxAuthTries 6 +#MaxSessions 10 + +#PubkeyAuthentication yes + +# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 +# but this is overridden so installations will only check .ssh/authorized_keys +AuthorizedKeysFile .ssh/authorized_keys + +#AuthorizedPrincipalsFile none + +#AuthorizedKeysCommand none +#AuthorizedKeysCommandUser nobody + +# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts +#HostbasedAuthentication no +# Change to yes if you don't trust ~/.ssh/known_hosts for +# HostbasedAuthentication +#IgnoreUserKnownHosts no +# Don't read the user's ~/.rhosts and ~/.shosts files +#IgnoreRhosts yes + +# To disable tunneled clear text passwords, change to "no" here! +PasswordAuthentication no +#PermitEmptyPasswords no + +# Change to "no" to disable keyboard-interactive authentication. Depending on +# the system's configuration, this may involve passwords, challenge-response, +# one-time passwords or some combination of these and other methods. +#KbdInteractiveAuthentication yes + +#AllowAgentForwarding yes +#AllowTcpForwarding yes +#GatewayPorts no +#X11Forwarding no +#X11DisplayOffset 10 +#X11UseLocalhost yes +PermitTTY yes +#PrintMotd yes +#PrintLastLog yes +TCPKeepAlive yes +PermitUserEnvironment no +#Compression delayed +#ClientAliveInterval 0 +#ClientAliveCountMax 3 +#UseDNS no +#PidFile /var/run/sshd.pid +#MaxStartups 10:30:100 +#PermitTunnel no +#ChrootDirectory none +#VersionAddendum none + +# no default banner path +#Banner none + +# override default of no subsystems +Subsystem sftp /usr/libexec/sftp-server + +# Example of overriding settings on a per-user basis +#Match User anoncvs +# X11Forwarding no +# AllowTcpForwarding no +# PermitTTY no +# ForceCommand cvs server + +Match User git + AllowAgentForwarding no + AllowTcpForwarding no + GatewayPorts no + X11Forwarding no + PermitTTY no + PermitTunnel no |