From 216f747033c486278cdde7b06af4c95ea4132e35 Mon Sep 17 00:00:00 2001 From: Miraty Date: Tue, 7 Feb 2023 19:52:54 +0100 Subject: [PATCH] Move important scripts and configs to /install --- .gitignore | 6 +- etc/apt/sources.list | 1 + {mkosi.skeleton/etc => etc}/hosts | 0 .../etc => etc}/knot/knot-primary.conf | 0 .../etc => etc}/knot/knot-secondary.conf | 0 {mkosi.extra/etc => etc}/pacman.d/mirrorlist | 0 {mkosi.extra/etc => etc}/resolv.conf | 0 {mkosi.extra/etc => etc}/ssh/sshd_config | 0 .../systemd/resolved.conf.d/dot.conf | 0 etc/tmpfiles.d/servnest.conf | 3 + install/install.sh | 24 +++++ {mkosi.extra/etc/knot => install}/knot.conf | 2 +- install/knot.sh | 5 + install/nginx.sh | 7 ++ .../etc => install}/nginx/inc/errors.conf | 0 install/nginx/inc/fastcgi.conf | 9 ++ install/nginx/inc/ht-onion.conf | 3 + install/nginx/inc/ht-tls.conf | 4 + .../etc => install}/nginx/inc/ht.conf | 3 +- .../etc => install}/nginx/inc/tls.conf | 0 .../etc => install}/nginx/inc/types.conf | 0 {mkosi.extra/etc => install}/nginx/nginx.conf | 4 +- .../nginx/sites/default-server.conf | 2 + .../etc => install}/nginx/sites/http.conf | 2 + .../nginx/sites/interface.conf | 5 + .../nginx/sites/sftpgo-auth.conf | 4 +- .../nginx/sites/subdomain.conf | 2 + .../etc => install}/nginx/sites/subpath.conf | 2 + install/permissions.sh | 35 +++++++ .../niver.conf => install/php-fpm.conf | 2 + .../php-fpm.service.override.conf | 0 install/php.ini | 14 +++ install/php.sh | 18 ++++ install/servnest.sh | 9 ++ .../systemd/system => install}/sftpgo.service | 0 install/sftpgo.sh | 21 +++++ .../etc/sftpgo => install}/sftpgo.toml | 0 install/sudo.sh | 3 + .../etc/sudoers.d/servnest => install/sudoers | 0 .../tor.service.override.conf | 0 install/tor.sh | 14 +++ {mkosi.extra/etc/tor => install}/torrc | 3 - mkosi.default | 3 + mkosi.extra/etc/apt/sources.list | 3 - mkosi.extra/etc/nginx/inc/fastcgi.conf | 26 ------ mkosi.extra/etc/nginx/inc/ht-onion.conf | 1 - mkosi.extra/etc/nginx/inc/ht-tls.conf | 2 - mkosi.extra/etc/php/php-fpm.conf | 3 - mkosi.extra/etc/php/php-fpm.d/servnest.conf | 24 ----- mkosi.extra/usr/lib/tmpfiles.d/php-fpm.conf | 1 - mkosi.postinst | 91 ++----------------- mkosi.prepare | 40 -------- mkosi.skeleton/etc/sftpgo/banner.txt | 0 mkosi.skeleton/etc/tmpfiles.d/knot.conf | 3 - mkosi.skeleton/var/lib/knot/confdb/data.mdb | 0 mkosi.skeleton/var/lib/knot/confdb/lock.mdb | 0 mkosi.skeleton/var/log/knot/.gitkeep | 0 mkosi.skeleton/var/log/php/.gitkeep | 0 {mkosi.cache => root/.ssh}/.gitkeep | 0 {mkosi.skeleton/root => root}/sftpgo.sh | 6 +- .../8.1/fpm => srv/servnest/acme}/.gitkeep | 0 srv/servnest/core | 1 + srv/servnest/docs | 1 + .../srv => srv}/servnest/errors/400.html | 0 .../srv => srv}/servnest/errors/403.html | 0 .../srv => srv}/servnest/errors/404.en.html | 0 .../srv => srv}/servnest/errors/404.fr.html | 0 .../srv => srv}/servnest/errors/404.php | 0 .../srv => srv}/servnest/errors/405.html | 0 .../srv => srv}/servnest/errors/410.html | 0 .../srv => srv}/servnest/errors/418.html | 0 .../srv => srv}/servnest/errors/500.html | 0 .../srv => srv}/servnest/errors/502.html | 0 .../srv => srv}/servnest/errors/503.html | 0 .../srv => srv}/servnest/errors/504.html | 0 .../servnest/errors/default-domain.en.html | 0 .../servnest/errors/default-ip.en.html | 0 .../srv => srv}/servnest/errors/http.php | 0 .../srv => srv}/servnest/errors/index.php | 0 .../servnest/errors/unsecure.en.php | 0 .../servnest/errors/unsecure.fr.php | 0 .../root/.ssh => srv/servnest/ht}/.gitkeep | 0 .../acme => srv/servnest/nginx}/.gitkeep | 0 .../servnest/ht => srv/servnest/ns}/.gitkeep | 0 .../servnest/reg/servnest.test.zone | 0 .../servnest/reg/test.servnest.test.zone | 0 .../nginx => srv/servnest/subdomain}/.gitkeep | 0 .../ns => srv/servnest/subpath}/.gitkeep | 0 .../servnest/tor-config}/.gitkeep | 0 .../servnest/tor-keys}/.gitkeep | 0 usr/lib/tmpfiles.d/php-fpm.conf | 1 + .../tor-config => var/log/knot}/.gitkeep | 0 .../tor-keys => var/log/php}/.gitkeep | 0 93 files changed, 209 insertions(+), 204 deletions(-) create mode 100644 etc/apt/sources.list rename {mkosi.skeleton/etc => etc}/hosts (100%) rename {mkosi.extra/etc => etc}/knot/knot-primary.conf (100%) rename {mkosi.extra/etc => etc}/knot/knot-secondary.conf (100%) rename {mkosi.extra/etc => etc}/pacman.d/mirrorlist (100%) rename {mkosi.extra/etc => etc}/resolv.conf (100%) rename {mkosi.extra/etc => etc}/ssh/sshd_config (100%) rename {mkosi.skeleton/etc => etc}/systemd/resolved.conf.d/dot.conf (100%) create mode 100644 etc/tmpfiles.d/servnest.conf create mode 100644 install/install.sh rename {mkosi.extra/etc/knot => install}/knot.conf (94%) create mode 100644 install/knot.sh create mode 100644 install/nginx.sh rename {mkosi.extra/etc => install}/nginx/inc/errors.conf (100%) create mode 100644 install/nginx/inc/fastcgi.conf create mode 100644 install/nginx/inc/ht-onion.conf create mode 100644 install/nginx/inc/ht-tls.conf rename {mkosi.extra/etc => install}/nginx/inc/ht.conf (79%) rename {mkosi.extra/etc => install}/nginx/inc/tls.conf (100%) rename {mkosi.extra/etc => install}/nginx/inc/types.conf (100%) rename {mkosi.extra/etc => install}/nginx/nginx.conf (98%) rename {mkosi.extra/etc => install}/nginx/sites/default-server.conf (87%) rename {mkosi.extra/etc => install}/nginx/sites/http.conf (83%) rename mkosi.extra/etc/nginx/sites/servnest.test.conf => install/nginx/sites/interface.conf (75%) rename {mkosi.extra/etc => install}/nginx/sites/sftpgo-auth.conf (57%) rename {mkosi.extra/etc => install}/nginx/sites/subdomain.conf (88%) rename {mkosi.extra/etc => install}/nginx/sites/subpath.conf (86%) create mode 100644 install/permissions.sh rename mkosi.extra/etc/php/php-fpm.d/niver.conf => install/php-fpm.conf (86%) rename mkosi.skeleton/etc/systemd/system/php-fpm.service.d/override.conf => install/php-fpm.service.override.conf (100%) create mode 100644 install/php.ini create mode 100644 install/php.sh create mode 100644 install/servnest.sh rename {mkosi.skeleton/etc/systemd/system => install}/sftpgo.service (100%) create mode 100644 install/sftpgo.sh rename {mkosi.skeleton/etc/sftpgo => install}/sftpgo.toml (100%) create mode 100644 install/sudo.sh rename mkosi.extra/etc/sudoers.d/servnest => install/sudoers (100%) rename mkosi.skeleton/etc/systemd/system/tor.service.d/override.conf => install/tor.service.override.conf (100%) create mode 100644 install/tor.sh rename {mkosi.extra/etc/tor => install}/torrc (57%) delete mode 100644 mkosi.extra/etc/apt/sources.list delete mode 100644 mkosi.extra/etc/nginx/inc/fastcgi.conf delete mode 100644 mkosi.extra/etc/nginx/inc/ht-onion.conf delete mode 100644 mkosi.extra/etc/nginx/inc/ht-tls.conf delete mode 100644 mkosi.extra/etc/php/php-fpm.conf delete mode 100644 mkosi.extra/etc/php/php-fpm.d/servnest.conf delete mode 100644 mkosi.extra/usr/lib/tmpfiles.d/php-fpm.conf delete mode 100755 mkosi.prepare delete mode 100644 mkosi.skeleton/etc/sftpgo/banner.txt delete mode 100644 mkosi.skeleton/etc/tmpfiles.d/knot.conf delete mode 100644 mkosi.skeleton/var/lib/knot/confdb/data.mdb delete mode 100644 mkosi.skeleton/var/lib/knot/confdb/lock.mdb delete mode 100644 mkosi.skeleton/var/log/knot/.gitkeep delete mode 100644 mkosi.skeleton/var/log/php/.gitkeep rename {mkosi.cache => root/.ssh}/.gitkeep (100%) rename {mkosi.skeleton/root => root}/sftpgo.sh (76%) mode change 100755 => 100644 rename {mkosi.extra/etc/php/8.1/fpm => srv/servnest/acme}/.gitkeep (100%) create mode 160000 srv/servnest/core create mode 160000 srv/servnest/docs rename {mkosi.skeleton/srv => srv}/servnest/errors/400.html (100%) rename {mkosi.skeleton/srv => srv}/servnest/errors/403.html (100%) rename {mkosi.skeleton/srv => srv}/servnest/errors/404.en.html (100%) rename {mkosi.skeleton/srv => srv}/servnest/errors/404.fr.html (100%) rename {mkosi.skeleton/srv => srv}/servnest/errors/404.php (100%) rename {mkosi.skeleton/srv => srv}/servnest/errors/405.html (100%) rename {mkosi.skeleton/srv => srv}/servnest/errors/410.html (100%) rename {mkosi.skeleton/srv => srv}/servnest/errors/418.html (100%) rename {mkosi.skeleton/srv => srv}/servnest/errors/500.html (100%) rename {mkosi.skeleton/srv => srv}/servnest/errors/502.html (100%) rename {mkosi.skeleton/srv => srv}/servnest/errors/503.html (100%) rename {mkosi.skeleton/srv => srv}/servnest/errors/504.html (100%) rename {mkosi.skeleton/srv => srv}/servnest/errors/default-domain.en.html (100%) rename {mkosi.skeleton/srv => srv}/servnest/errors/default-ip.en.html (100%) rename {mkosi.skeleton/srv => srv}/servnest/errors/http.php (100%) rename {mkosi.skeleton/srv => srv}/servnest/errors/index.php (100%) rename {mkosi.skeleton/srv => srv}/servnest/errors/unsecure.en.php (100%) rename {mkosi.skeleton/srv => srv}/servnest/errors/unsecure.fr.php (100%) rename {mkosi.skeleton/root/.ssh => srv/servnest/ht}/.gitkeep (100%) rename {mkosi.skeleton/srv/servnest/acme => srv/servnest/nginx}/.gitkeep (100%) rename {mkosi.skeleton/srv/servnest/ht => srv/servnest/ns}/.gitkeep (100%) rename {mkosi.skeleton/srv => srv}/servnest/reg/servnest.test.zone (100%) rename {mkosi.skeleton/srv => srv}/servnest/reg/test.servnest.test.zone (100%) rename {mkosi.skeleton/srv/servnest/nginx => srv/servnest/subdomain}/.gitkeep (100%) rename {mkosi.skeleton/srv/servnest/ns => srv/servnest/subpath}/.gitkeep (100%) rename {mkosi.skeleton/srv/servnest/subdomain => srv/servnest/tor-config}/.gitkeep (100%) rename {mkosi.skeleton/srv/servnest/subpath => srv/servnest/tor-keys}/.gitkeep (100%) create mode 100644 usr/lib/tmpfiles.d/php-fpm.conf rename {mkosi.skeleton/srv/servnest/tor-config => var/log/knot}/.gitkeep (100%) rename {mkosi.skeleton/srv/servnest/tor-keys => var/log/php}/.gitkeep (100%) diff --git a/.gitignore b/.gitignore index 609f74e..80e855e 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,4 @@ -/mkosi.cache/* -!/mkosi.cache/.gitkeep /mkosi.passphrase /mkosi.passwd -/mkosi.skeleton/root/.ssh/authorized_keys -/mkosi.skeleton/usr/local/bin/sftpgo +/root/.ssh/authorized_keys +/usr/local/bin/sftpgo diff --git a/etc/apt/sources.list b/etc/apt/sources.list new file mode 100644 index 0000000..6e11d54 --- /dev/null +++ b/etc/apt/sources.list @@ -0,0 +1 @@ +deb tor+http://2s4yqjx5ul6okpp3f2gaunr2syex5jgbfpfvhxxbbjwnrsvbk5v3qbid.onion/debian bookworm main diff --git a/mkosi.skeleton/etc/hosts b/etc/hosts similarity index 100% rename from mkosi.skeleton/etc/hosts rename to etc/hosts diff --git a/mkosi.extra/etc/knot/knot-primary.conf b/etc/knot/knot-primary.conf similarity index 100% rename from mkosi.extra/etc/knot/knot-primary.conf rename to etc/knot/knot-primary.conf diff --git a/mkosi.extra/etc/knot/knot-secondary.conf b/etc/knot/knot-secondary.conf similarity index 100% rename from mkosi.extra/etc/knot/knot-secondary.conf rename to etc/knot/knot-secondary.conf diff --git a/mkosi.extra/etc/pacman.d/mirrorlist b/etc/pacman.d/mirrorlist similarity index 100% rename from mkosi.extra/etc/pacman.d/mirrorlist rename to etc/pacman.d/mirrorlist diff --git a/mkosi.extra/etc/resolv.conf b/etc/resolv.conf similarity index 100% rename from mkosi.extra/etc/resolv.conf rename to etc/resolv.conf diff --git a/mkosi.extra/etc/ssh/sshd_config b/etc/ssh/sshd_config similarity index 100% rename from mkosi.extra/etc/ssh/sshd_config rename to etc/ssh/sshd_config diff --git a/mkosi.skeleton/etc/systemd/resolved.conf.d/dot.conf b/etc/systemd/resolved.conf.d/dot.conf similarity index 100% rename from mkosi.skeleton/etc/systemd/resolved.conf.d/dot.conf rename to etc/systemd/resolved.conf.d/dot.conf diff --git a/etc/tmpfiles.d/servnest.conf b/etc/tmpfiles.d/servnest.conf new file mode 100644 index 0000000..edb6b63 --- /dev/null +++ b/etc/tmpfiles.d/servnest.conf @@ -0,0 +1,3 @@ +d /run/servnest 0555 root root - - +d /run/knot 0755 knot knot - - +d /run/php-fpm 0755 nginx nginx - - diff --git a/install/install.sh b/install/install.sh new file mode 100644 index 0000000..1f0536a --- /dev/null +++ b/install/install.sh @@ -0,0 +1,24 @@ +# Set users and groups names +export sftpgo='sftpgo' +export servnest='servnest' +export knot='knot' +export nginx='nginx' +export tor='tor' +if [[ $OS = "debian" ]]; then + export tor='debian-tor' +fi + +# Create system users and groups +useradd -U -r -s $(which nologin) $nginx +useradd -U -r -s $(which nologin) $servnest +useradd -U -r -s $(which nologin) $sftpgo + +# Execute installation steps +source /install/sudo.sh +source /install/tor.sh +source /install/knot.sh +source /install/servnest.sh +source /install/php.sh +source /install/nginx.sh +source /install/sftpgo.sh +source /install/permissions.sh diff --git a/mkosi.extra/etc/knot/knot.conf b/install/knot.conf similarity index 94% rename from mkosi.extra/etc/knot/knot.conf rename to install/knot.conf index 07fa0dc..fa30a14 100644 --- a/mkosi.extra/etc/knot/knot.conf +++ b/install/knot.conf @@ -6,7 +6,7 @@ server: listen: [ "::1@42053", "127.0.0.1@42053" ] log: - - target: "/var/log/knot/knot.log" + - target: "syslog" any: "debug" database: diff --git a/install/knot.sh b/install/knot.sh new file mode 100644 index 0000000..9a217ee --- /dev/null +++ b/install/knot.sh @@ -0,0 +1,5 @@ +#!/usr/bin/bash + +# Load configuration in Knot database +sudo -u $knot mkdir -p /var/lib/knot/confdb/ +sudo -u $knot knotc conf-import /install/knot.conf diff --git a/install/nginx.sh b/install/nginx.sh new file mode 100644 index 0000000..2114a2c --- /dev/null +++ b/install/nginx.sh @@ -0,0 +1,7 @@ +#!/usr/bin/bash + +# Generate default self-signed TLS key pair +openssl req -subj '/' -new -newkey RSA:3072 -days 3650 -nodes -x509 -keyout /etc/ssl/private/servnest.key -out /etc/ssl/certs/servnest.crt + +rm -r /etc/nginx/* +cp -r /install/nginx/* /etc/nginx/ diff --git a/mkosi.extra/etc/nginx/inc/errors.conf b/install/nginx/inc/errors.conf similarity index 100% rename from mkosi.extra/etc/nginx/inc/errors.conf rename to install/nginx/inc/errors.conf diff --git a/install/nginx/inc/fastcgi.conf b/install/nginx/inc/fastcgi.conf new file mode 100644 index 0000000..8ddfdd6 --- /dev/null +++ b/install/nginx/inc/fastcgi.conf @@ -0,0 +1,9 @@ +# Required by PHP-FPM +fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; +fastcgi_param REQUEST_METHOD $request_method; +fastcgi_param CONTENT_TYPE $content_type; +fastcgi_param CONTENT_LENGTH $content_length; + +# Required by ServNest +fastcgi_param REQUEST_URI $request_uri; +fastcgi_param SERVER_NAME $server_name; diff --git a/install/nginx/inc/ht-onion.conf b/install/nginx/inc/ht-onion.conf new file mode 100644 index 0000000..3855972 --- /dev/null +++ b/install/nginx/inc/ht-onion.conf @@ -0,0 +1,3 @@ +# This configuration file is included by dedicated Onion sites created by ServNest + +include inc/ht.conf; diff --git a/install/nginx/inc/ht-tls.conf b/install/nginx/inc/ht-tls.conf new file mode 100644 index 0000000..f2591fb --- /dev/null +++ b/install/nginx/inc/ht-tls.conf @@ -0,0 +1,4 @@ +# This configuration file is included by dedicated DNS and TLS sites created by ServNest + +include inc/ht.conf; +include inc/tls.conf; diff --git a/mkosi.extra/etc/nginx/inc/ht.conf b/install/nginx/inc/ht.conf similarity index 79% rename from mkosi.extra/etc/nginx/inc/ht.conf rename to install/nginx/inc/ht.conf index 9b6cbdd..946c3d0 100644 --- a/mkosi.extra/etc/nginx/inc/ht.conf +++ b/install/nginx/inc/ht.conf @@ -1,8 +1,7 @@ more_set_headers "Content-Security-Policy : default-src 'none'; style-src 'self' 'unsafe-inline' data:; img-src 'self' data:; font-src 'self' data:; media-src 'self' data:; frame-ancestors 'none'; form-action 'none';"; location / { - index index.html index.md index.gmi; - try_files $uri $uri/ =404; + try_files $uri $uri/index.html $uri/index.md $uri/index.gmi =404; } include inc/errors.conf; diff --git a/mkosi.extra/etc/nginx/inc/tls.conf b/install/nginx/inc/tls.conf similarity index 100% rename from mkosi.extra/etc/nginx/inc/tls.conf rename to install/nginx/inc/tls.conf diff --git a/mkosi.extra/etc/nginx/inc/types.conf b/install/nginx/inc/types.conf similarity index 100% rename from mkosi.extra/etc/nginx/inc/types.conf rename to install/nginx/inc/types.conf diff --git a/mkosi.extra/etc/nginx/nginx.conf b/install/nginx/nginx.conf similarity index 98% rename from mkosi.extra/etc/nginx/nginx.conf rename to install/nginx/nginx.conf index bed5657..6764949 100644 --- a/mkosi.extra/etc/nginx/nginx.conf +++ b/install/nginx/nginx.conf @@ -27,8 +27,8 @@ http { # Logging map $http_cookie $loggable { - "" 0; - default 1; + "" 0; + default 1; } log_format servnest '|$time_local| [$remote_addr]@$server_name {$ssl_protocol $ssl_cipher} $status $body_bytes_sent "$request" "$http_user_agent"'; error_log /var/log/nginx/error.log notice; diff --git a/mkosi.extra/etc/nginx/sites/default-server.conf b/install/nginx/sites/default-server.conf similarity index 87% rename from mkosi.extra/etc/nginx/sites/default-server.conf rename to install/nginx/sites/default-server.conf index 2a3a18a..a4bd0c3 100644 --- a/mkosi.extra/etc/nginx/sites/default-server.conf +++ b/install/nginx/sites/default-server.conf @@ -1,3 +1,5 @@ +# This server block is reached only if no other server block can match, and displays some explanations + server { listen [::1]:42443 ssl http2 default_server; listen 127.0.0.1:42443 ssl http2 default_server; diff --git a/mkosi.extra/etc/nginx/sites/http.conf b/install/nginx/sites/http.conf similarity index 83% rename from mkosi.extra/etc/nginx/sites/http.conf rename to install/nginx/sites/http.conf index 5a862e6..08ee57b 100644 --- a/mkosi.extra/etc/nginx/sites/http.conf +++ b/install/nginx/sites/http.conf @@ -1,3 +1,5 @@ +# This server block should listen on port 80 to warn users they tried to make an unsecure connection + server { listen [::1]:42080 default_server; listen 127.0.0.1:42080 default_server; diff --git a/mkosi.extra/etc/nginx/sites/servnest.test.conf b/install/nginx/sites/interface.conf similarity index 75% rename from mkosi.extra/etc/nginx/sites/servnest.test.conf rename to install/nginx/sites/interface.conf index c51687b..8964e72 100644 --- a/mkosi.extra/etc/nginx/sites/servnest.test.conf +++ b/install/nginx/sites/interface.conf @@ -1,3 +1,5 @@ +# This server block is the publicly exposed ServNest control interface + server { listen [::1]:42443 ssl http2; listen 127.0.0.1:42443 ssl http2; @@ -10,6 +12,7 @@ server { more_set_headers "Content-Security-Policy : default-src 'none'; style-src 'self'; frame-ancestors 'none'; form-action 'self';"; + # Main ServNest interface location / { fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass unix:/run/php-fpm/servnest.sock; @@ -17,6 +20,7 @@ server { try_files /router.php =500; } + # The router doesn't manage CSS files location /css { alias /srv/servnest/core/css; } @@ -25,6 +29,7 @@ server { alias /srv/servnest/docs; } + # For a public server, these should point to a Let's Encrypt-trusted key pair ssl_certificate /etc/ssl/certs/servnest.crt; ssl_certificate_key /etc/ssl/private/servnest.key; } diff --git a/mkosi.extra/etc/nginx/sites/sftpgo-auth.conf b/install/nginx/sites/sftpgo-auth.conf similarity index 57% rename from mkosi.extra/etc/nginx/sites/sftpgo-auth.conf rename to install/nginx/sites/sftpgo-auth.conf index 27939e0..7aeb6b2 100644 --- a/mkosi.extra/etc/nginx/sites/sftpgo-auth.conf +++ b/install/nginx/sites/sftpgo-auth.conf @@ -1,5 +1,7 @@ +# This server block and the PHP script it maps make ServNest authentication available to the SFTPGo external authenticator + server { - listen [::1]:8055; + listen [::1]:8055; # It's meant to stay a private IP root /srv/servnest/core; diff --git a/mkosi.extra/etc/nginx/sites/subdomain.conf b/install/nginx/sites/subdomain.conf similarity index 88% rename from mkosi.extra/etc/nginx/sites/subdomain.conf rename to install/nginx/sites/subdomain.conf index 2414dfe..eaf19eb 100644 --- a/mkosi.extra/etc/nginx/sites/subdomain.conf +++ b/install/nginx/sites/subdomain.conf @@ -1,3 +1,5 @@ +# Maps subdomain to filesystem subpath + server { listen [::1]:42443 ssl http2; listen 127.0.0.1:42443 ssl http2; diff --git a/mkosi.extra/etc/nginx/sites/subpath.conf b/install/nginx/sites/subpath.conf similarity index 86% rename from mkosi.extra/etc/nginx/sites/subpath.conf rename to install/nginx/sites/subpath.conf index f4cd36a..4dc62db 100644 --- a/mkosi.extra/etc/nginx/sites/subpath.conf +++ b/install/nginx/sites/subpath.conf @@ -1,3 +1,5 @@ +# Maps HTTP subpath to filesystem subpath + server { listen [::1]:42443 ssl http2; listen 127.0.0.1:42443 ssl http2; diff --git a/install/permissions.sh b/install/permissions.sh new file mode 100644 index 0000000..283ceb6 --- /dev/null +++ b/install/permissions.sh @@ -0,0 +1,35 @@ +#!/usr/bin/bash + +# We need servnest to be allowed to configure Knot +usermod -aG $knot $servnest # Add user servnest to group knot +chown -R $knot: /var/lib/knot/confdb +chmod -R u=rwX,g=rwX,o= /var/lib/knot/confdb + +chown -R $knot: /var/log/knot +chmod -R u=rwX,g=,o= /var/log/knot + +chown -R $servnest:$knot /srv/servnest/ns +chmod -R u=rwX,g=rwX,o= /srv/servnest/ns +chown -R $servnest:$knot /srv/servnest/reg +chmod -R u=rwX,g=rwX,o= /srv/servnest/reg + +chown -R $servnest:$nginx /srv/servnest/nginx /srv/servnest/subpath /srv/servnest/subdomain +chmod -R u=rwX,g=rX,o= /srv/servnest/nginx /srv/servnest/subpath /srv/servnest/subdomain + +usermod -aG $sftpgo $servnest +chown -R $nginx:$sftpgo /srv/servnest/ht +chmod -R u=rX,g=rwX,o= /srv/servnest/ht + +chown -R $sftpgo: /etc/sftpgo +chmod -R u=rX,g=rX,o= /etc/sftpgo +chmod u=r,g=,o= /etc/sftpgo/ed25519 + +chown -R $servnest:$tor /srv/servnest/tor-config +chmod -R u=rwX,g=rX,o= /srv/servnest/tor-config +chown -R $tor: /srv/servnest/tor-keys +chmod -R u=rwX,g=,o= /srv/servnest/tor-keys + +chown -R $servnest:$nginx /srv/servnest/core /srv/servnest/errors +chmod -R u=rX,g=rX,o= /srv/servnest/core /srv/servnest/errors +chown -R $servnest: /srv/servnest/core/db +chmod -R u=rwX,g=,o= /srv/servnest/core/db diff --git a/mkosi.extra/etc/php/php-fpm.d/niver.conf b/install/php-fpm.conf similarity index 86% rename from mkosi.extra/etc/php/php-fpm.d/niver.conf rename to install/php-fpm.conf index fcf0bc3..f4412f8 100644 --- a/mkosi.extra/etc/php/php-fpm.d/niver.conf +++ b/install/php-fpm.conf @@ -1,3 +1,5 @@ +; https://www.php.net/manual/install.fpm.configuration.php + [servnest] user = $pool diff --git a/mkosi.skeleton/etc/systemd/system/php-fpm.service.d/override.conf b/install/php-fpm.service.override.conf similarity index 100% rename from mkosi.skeleton/etc/systemd/system/php-fpm.service.d/override.conf rename to install/php-fpm.service.override.conf diff --git a/install/php.ini b/install/php.ini new file mode 100644 index 0000000..81d5615 --- /dev/null +++ b/install/php.ini @@ -0,0 +1,14 @@ +extension = pdo +extension = pdo_sqlite +extension = sodium +extension = gettext + +expose_php = Off +zend_extension = opcache +opcache.jit_buffer_size = 32M + +output_buffering = 4096 +short_open_tag = Off + +; Set this to Off for a public setup +display_errors = On diff --git a/install/php.sh b/install/php.sh new file mode 100644 index 0000000..10c0ac4 --- /dev/null +++ b/install/php.sh @@ -0,0 +1,18 @@ +#!/usr/bin/bash + +rm -r /etc/php/* +cp /install/php-fpm.conf /etc/php/ + +export PHP_INI=/etc/php/php.ini + +if [[ $OS = "debian" ]]; then + mkdir -p /etc/php/8.2/fpm/ + mv /etc/php/php-fpm.conf /etc/php/8.2/fpm/ + export PHP_INI=/etc/php/8.2/fpm/php.ini +fi + +cp /install/php.ini $PHP_INI + +# For systemd +mkdir /etc/systemd/system/php-fpm.service.d +cp /install/php-fpm.service.override.conf /etc/systemd/system/php-fpm.service.d/ diff --git a/install/servnest.sh b/install/servnest.sh new file mode 100644 index 0000000..f1ea8ff --- /dev/null +++ b/install/servnest.sh @@ -0,0 +1,9 @@ +#!/usr/bin/bash + +# Create database +sqlite3 /srv/servnest/core/db/servnest.db < /srv/servnest/core/db/schema.sql + +sqlite3 /srv/servnest/core/db/servnest.db <<< "UPDATE params SET value = '$(openssl rand -hex 16)' WHERE name = 'username_salt';" + +# Create translation Machine Objects files +msgfmt /srv/servnest/core/locales/fr/C/LC_MESSAGES/messages.po -o /srv/servnest/core/locales/fr/C/LC_MESSAGES/messages.mo diff --git a/mkosi.skeleton/etc/systemd/system/sftpgo.service b/install/sftpgo.service similarity index 100% rename from mkosi.skeleton/etc/systemd/system/sftpgo.service rename to install/sftpgo.service diff --git a/install/sftpgo.sh b/install/sftpgo.sh new file mode 100644 index 0000000..5071a05 --- /dev/null +++ b/install/sftpgo.sh @@ -0,0 +1,21 @@ +#!/usr/bin/bash + +chmod +x /usr/local/bin/sftpgo + +mkdir /etc/sftpgo + +# Generate SFTPGo key pair +ssh-keygen -f /etc/sftpgo/ed25519 -t ed25519 -N "" -C "" +# Generate fingerprints +fp=($(ssh-keygen -l -f /etc/sftpgo/ed25519)) +echo ${fp[1]} > /etc/sftpgo/ed25519.fp +ssh-keygen -lv -f /etc/sftpgo/ed25519 | tail -n +2 > /etc/sftpgo/ed25519.asciiart +# Generate SSHFP record +echo ht.servnest.test. 86400 SSHFP 4 2 $(cut -d ' ' -f 2 /etc/sftpgo/ed25519.pub | base64 -d | sha256sum | cut -d ' ' -f 1) >> /srv/servnest/reg/servnest.test.zone + +cp /install/sftpgo.toml /etc/sftpgo/ +touch /etc/sftpgo/banner.txt + +# For systemd +cp /install/sftpgo.service /etc/systemd/system/ +systemctl enable sftpgo diff --git a/mkosi.skeleton/etc/sftpgo/sftpgo.toml b/install/sftpgo.toml similarity index 100% rename from mkosi.skeleton/etc/sftpgo/sftpgo.toml rename to install/sftpgo.toml diff --git a/install/sudo.sh b/install/sudo.sh new file mode 100644 index 0000000..70d794e --- /dev/null +++ b/install/sudo.sh @@ -0,0 +1,3 @@ +#!/usr/bin/bash + +cp /install/sudoers /etc/sudoers.d/servnest diff --git a/mkosi.extra/etc/sudoers.d/servnest b/install/sudoers similarity index 100% rename from mkosi.extra/etc/sudoers.d/servnest rename to install/sudoers diff --git a/mkosi.skeleton/etc/systemd/system/tor.service.d/override.conf b/install/tor.service.override.conf similarity index 100% rename from mkosi.skeleton/etc/systemd/system/tor.service.d/override.conf rename to install/tor.service.override.conf diff --git a/install/tor.sh b/install/tor.sh new file mode 100644 index 0000000..bdee66a --- /dev/null +++ b/install/tor.sh @@ -0,0 +1,14 @@ +rm -r /etc/tor/* +cp /install/torrc /etc/tor/ + +mkdir /etc/systemd/system/tor.service.d +cp /install/tor.service.override.conf /etc/systemd/system/tor.service.d/ + +if [[ $OS = "debian" ]]; then + mv /etc/systemd/system/tor.service.d/ /etc/systemd/system/tor@default.service.d/ + sed -i 's/User tor/User debian-tor/' /etc/tor/torrc + sed -i 's/reload tor/reload tor@default/' /etc/sudoers.d/servnest + sed -i 's/ALL=(tor)/ALL=(debian-tor)/' /etc/sudoers.d/servnest + sed -i 's/systemctl reload tor"/systemctl reload tor@default"/' /srv/servnest/core/config.ini + sed -i 's/tor_user = "tor"/tor_user = "debian-tor"/' /srv/servnest/core/config.ini +fi diff --git a/mkosi.extra/etc/tor/torrc b/install/torrc similarity index 57% rename from mkosi.extra/etc/tor/torrc rename to install/torrc index e3060a6..1e1156b 100644 --- a/mkosi.extra/etc/tor/torrc +++ b/install/torrc @@ -2,7 +2,4 @@ User tor SocksPort 0 DataDirectory /var/lib/tor -HiddenServiceNonAnonymousMode 1 -HiddenServiceSingleHopMode 1 - %include /srv/servnest/tor-config/* diff --git a/mkosi.default b/mkosi.default index 1f92105..1628df1 100644 --- a/mkosi.default +++ b/mkosi.default @@ -6,6 +6,9 @@ Format = directory Hostname = servnest.test [Content] +RemoveFiles = /.git,/.gitignore,/mkosi.*,/*.md +Cache = ../mkosi.cache/ +ExtraTree = ./ BasePackages = yes WithDocs = yes WithNetwork = yes diff --git a/mkosi.extra/etc/apt/sources.list b/mkosi.extra/etc/apt/sources.list deleted file mode 100644 index da07084..0000000 --- a/mkosi.extra/etc/apt/sources.list +++ /dev/null @@ -1,3 +0,0 @@ -deb tor+http://2s4yqjx5ul6okpp3f2gaunr2syex5jgbfpfvhxxbbjwnrsvbk5v3qbid.onion/debian bullseye main -deb tor+http://2s4yqjx5ul6okpp3f2gaunr2syex5jgbfpfvhxxbbjwnrsvbk5v3qbid.onion/debian bullseye-backports main -deb tor+http://5ajw6aqf3ep7sijnscdzw77t7xq4xjpsy335yb2wiwgouo7yfxtjlmid.onion/debian-security bullseye-security main diff --git a/mkosi.extra/etc/nginx/inc/fastcgi.conf b/mkosi.extra/etc/nginx/inc/fastcgi.conf deleted file mode 100644 index 091738c..0000000 --- a/mkosi.extra/etc/nginx/inc/fastcgi.conf +++ /dev/null @@ -1,26 +0,0 @@ - -fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; -fastcgi_param QUERY_STRING $query_string; -fastcgi_param REQUEST_METHOD $request_method; -fastcgi_param CONTENT_TYPE $content_type; -fastcgi_param CONTENT_LENGTH $content_length; - -fastcgi_param SCRIPT_NAME $fastcgi_script_name; -fastcgi_param REQUEST_URI $request_uri; -fastcgi_param DOCUMENT_URI $document_uri; -fastcgi_param DOCUMENT_ROOT $document_root; -fastcgi_param SERVER_PROTOCOL $server_protocol; -fastcgi_param REQUEST_SCHEME $scheme; -fastcgi_param HTTPS $https if_not_empty; - -fastcgi_param GATEWAY_INTERFACE CGI/1.1; -fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; - -fastcgi_param REMOTE_ADDR $remote_addr; -fastcgi_param REMOTE_PORT $remote_port; -fastcgi_param SERVER_ADDR $server_addr; -fastcgi_param SERVER_PORT $server_port; -fastcgi_param SERVER_NAME $server_name; - -# PHP only, required if PHP was built with --enable-force-cgi-redirect -fastcgi_param REDIRECT_STATUS 200; diff --git a/mkosi.extra/etc/nginx/inc/ht-onion.conf b/mkosi.extra/etc/nginx/inc/ht-onion.conf deleted file mode 100644 index a391ef7..0000000 --- a/mkosi.extra/etc/nginx/inc/ht-onion.conf +++ /dev/null @@ -1 +0,0 @@ -include inc/ht.conf; diff --git a/mkosi.extra/etc/nginx/inc/ht-tls.conf b/mkosi.extra/etc/nginx/inc/ht-tls.conf deleted file mode 100644 index 52ebfbc..0000000 --- a/mkosi.extra/etc/nginx/inc/ht-tls.conf +++ /dev/null @@ -1,2 +0,0 @@ -include inc/ht.conf; -include inc/tls.conf; diff --git a/mkosi.extra/etc/php/php-fpm.conf b/mkosi.extra/etc/php/php-fpm.conf deleted file mode 100644 index 4c16665..0000000 --- a/mkosi.extra/etc/php/php-fpm.conf +++ /dev/null @@ -1,3 +0,0 @@ -[global] - -include = /etc/php/php-fpm.d/*.conf diff --git a/mkosi.extra/etc/php/php-fpm.d/servnest.conf b/mkosi.extra/etc/php/php-fpm.d/servnest.conf deleted file mode 100644 index fcf0bc3..0000000 --- a/mkosi.extra/etc/php/php-fpm.d/servnest.conf +++ /dev/null @@ -1,24 +0,0 @@ -[servnest] - -user = $pool -group = knot - -listen = /run/php-fpm/$pool.sock - -listen.owner = nginx -listen.group = nginx - -pm = dynamic -pm.max_children = 5 -pm.start_servers = 2 -pm.min_spare_servers = 1 -pm.max_spare_servers = 3 - -access.log = /var/log/php/$pool-access.log - -catch_workers_output = yes -decorate_workers_output = yes - -clear_env = yes - -security.limit_extensions = .php diff --git a/mkosi.extra/usr/lib/tmpfiles.d/php-fpm.conf b/mkosi.extra/usr/lib/tmpfiles.d/php-fpm.conf deleted file mode 100644 index 4d0e3ec..0000000 --- a/mkosi.extra/usr/lib/tmpfiles.d/php-fpm.conf +++ /dev/null @@ -1 +0,0 @@ -d /run/php-fpm 755 nginx nginx diff --git a/mkosi.postinst b/mkosi.postinst index d7b66e5..26a4b22 100755 --- a/mkosi.postinst +++ b/mkosi.postinst @@ -1,93 +1,14 @@ #!/usr/bin/bash source /etc/os-release +export OS=$ID -# Create system users -useradd -U -r -s /usr/sbin/nologin nginx -useradd -U -r -s /usr/sbin/nologin servnest -useradd -U -r -s /usr/sbin/nologin sftpgo +# Generate OpenSSH server key pair +ssh-keygen -f /etc/ssh/ed25519 -t ed25519 -N "" +ssh-keygen -lvf /etc/ssh/ed25519 > /etc/ssh/ed25519.fp -# Set proper permissions +source /install/install.sh -chown -R knot:knot /var/lib/knot/confdb -chmod -R u=rwX,g=rwX,o= /var/lib/knot/confdb -usermod -aG knot servnest - -chown -R knot:knot /var/log/knot -chmod -R u=rwX,g=,o= /var/log/knot - -chown -R servnest:knot /srv/servnest/ns -chmod -R u=rwX,g=rwX,o= /srv/servnest/ns -chown -R servnest:knot /srv/servnest/reg -chmod -R u=rwX,g=rwX,o= /srv/servnest/reg - -chown -R servnest:nginx /srv/servnest/nginx /srv/servnest/subpath /srv/servnest/subdomain -chmod -R u=rwX,g=rX,o= /srv/servnest/nginx /srv/servnest/subpath /srv/servnest/subdomain - -chown -R sftpgo:sftpgo /etc/sftpgo -chmod -R u=rX,g=rX,o=rX /etc/sftpgo -chmod u=r,g=,o= /etc/sftpgo/ed25519 - -chown -R servnest:sftpgo /srv/servnest/ht -chmod -R u=rwX,g=rwX,o=rX /srv/servnest/ht - -if [[ $ID = "debian" ]]; then - chown -R servnest:debian-tor /srv/servnest/tor-config - chown -R debian-tor:debian-tor /srv/servnest/tor-keys -else - chown -R servnest:tor /srv/servnest/tor-config - chown -R tor:tor /srv/servnest/tor-keys -fi -chmod -R u=rwX,g=rX,o= /srv/servnest/tor-config -chmod -R u=rwX,g=,o= /srv/servnest/tor-keys - -chown -R servnest:nginx /srv/servnest/core /srv/servnest/errors -chmod -R u=rX,g=rX,o= /srv/servnest/core /srv/servnest/errors -chown -R servnest:servnest /srv/servnest/core/db -chmod -R u=rwX,g=,o= /srv/servnest/core/db - -# Load configuration in Knot database -sudo -u knot knotc conf-import /etc/knot/knot.conf - -# PHP paths unification across distributions - -export PHP_INI=/etc/php/php.ini - -if [[ $ID = "debian" ]]; then - rm /etc/php/8.2/fpm/php-fpm.conf - ln -s /etc/php/php-fpm.conf /etc/php/8.2/fpm/php-fpm.conf - ln -s /etc/php/php-fpm.d/ /etc/php/8.2/fpm/pool.d - - export PHP_INI=/etc/php/8.2/fpm/php.ini -fi - -# Configure PHP-FPM properly - -cat >> $PHP_INI << EOF -expose_php = Off -display_errors = On -extension = pdo_sqlite -extension = sodium -extension = gettext -zend_extension = opcache -opcache.jit_buffer_size = 32M -EOF - -# Configure Tor - -if [[ $ID = "debian" ]]; then - mv /etc/systemd/system/tor.service.d/ /etc/systemd/system/tor@default.service.d/ - sed -i 's/User tor/User debian-tor/' /etc/tor/torrc - sed -i 's/reload tor/reload tor@default/' /etc/sudoers.d/servnest - sed -i 's/ALL=(tor)/ALL=(debian-tor)/' /etc/sudoers.d/servnest - sed -i 's/systemctl reload tor"/systemctl reload tor@default"/' /srv/servnest/core/config.ini - sed -i 's/tor_user = "tor"/tor_user = "debian-tor"/' /srv/servnest/core/config.ini -fi - -# Start SystemD services at startup - -systemctl enable sftpgo - -if [[ $ID = "arch" ]]; then +if [[ $OS = "arch" ]]; then systemctl enable sshd systemctl enable knot systemctl enable nginx diff --git a/mkosi.prepare b/mkosi.prepare deleted file mode 100755 index 1a00229..0000000 --- a/mkosi.prepare +++ /dev/null @@ -1,40 +0,0 @@ -#!/usr/bin/bash -source /etc/os-release - -chmod +x /usr/local/bin/sftpgo - -# Clear configuration (will be filled with mkosi.extra/) -rm -r /etc/nginx/* -rm -r /etc/ssh/* -rm /etc/tor/torrc -if [[ $ID = "debian" ]]; then - rm -r /etc/php/8.2/fpm/pool.d - rm /usr/lib/tmpfiles.d/php8.2-fpm.conf -fi -if [[ $ID = "arch" ]]; then - rm /etc/php/php-fpm.d/* -fi - -# Generate default self-signed TLS key pair -openssl req -subj '/' -new -newkey RSA:3072 -days 3650 -nodes -x509 -keyout /etc/ssl/private/servnest.key -out /etc/ssl/certs/servnest.crt - -# Generate OpenSSH server key pair -ssh-keygen -f /etc/ssh/ed25519 -t ed25519 -N "" -ssh-keygen -lvf /etc/ssh/ed25519 > /etc/ssh/ed25519.fp - -# Generate SFTPGo key pair -ssh-keygen -f /etc/sftpgo/ed25519 -t ed25519 -N "" -C "" -# Generate fingerprints -fp=($(ssh-keygen -l -f /etc/sftpgo/ed25519)) -echo ${fp[1]} > /etc/sftpgo/ed25519.fp -ssh-keygen -lv -f /etc/sftpgo/ed25519 | tail -n +2 > /etc/sftpgo/ed25519.asciiart -# Generate SSHFP record -echo ht.servnest.test. 86400 SSHFP 4 2 $(cut -d ' ' -f 2 /etc/sftpgo/ed25519.pub | base64 -d | sha256sum | cut -d ' ' -f 1) >> /srv/servnest/reg/servnest.test.zone - -# Create database -sqlite3 /srv/servnest/core/db/servnest.db < /srv/servnest/core/db/schema.sql - -sqlite3 /srv/servnest/core/db/servnest.db <<< "UPDATE params SET value = '$(openssl rand -hex 16)' WHERE name = 'username_salt';" - -# Create translation Machine Objects files -msgfmt /srv/servnest/core/locales/fr/C/LC_MESSAGES/messages.po -o /srv/servnest/core/locales/fr/C/LC_MESSAGES/messages.mo diff --git a/mkosi.skeleton/etc/sftpgo/banner.txt b/mkosi.skeleton/etc/sftpgo/banner.txt deleted file mode 100644 index e69de29..0000000 diff --git a/mkosi.skeleton/etc/tmpfiles.d/knot.conf b/mkosi.skeleton/etc/tmpfiles.d/knot.conf deleted file mode 100644 index a16e4fa..0000000 --- a/mkosi.skeleton/etc/tmpfiles.d/knot.conf +++ /dev/null @@ -1,3 +0,0 @@ -d /run/servnest 0555 root root - - -d /run/knot 0755 knot knot - - -d /var/lib/knot 0770 knot knot - - diff --git a/mkosi.skeleton/var/lib/knot/confdb/data.mdb b/mkosi.skeleton/var/lib/knot/confdb/data.mdb deleted file mode 100644 index e69de29..0000000 diff --git a/mkosi.skeleton/var/lib/knot/confdb/lock.mdb b/mkosi.skeleton/var/lib/knot/confdb/lock.mdb deleted file mode 100644 index e69de29..0000000 diff --git a/mkosi.skeleton/var/log/knot/.gitkeep b/mkosi.skeleton/var/log/knot/.gitkeep deleted file mode 100644 index e69de29..0000000 diff --git a/mkosi.skeleton/var/log/php/.gitkeep b/mkosi.skeleton/var/log/php/.gitkeep deleted file mode 100644 index e69de29..0000000 diff --git a/mkosi.cache/.gitkeep b/root/.ssh/.gitkeep similarity index 100% rename from mkosi.cache/.gitkeep rename to root/.ssh/.gitkeep diff --git a/mkosi.skeleton/root/sftpgo.sh b/root/sftpgo.sh old mode 100755 new mode 100644 similarity index 76% rename from mkosi.skeleton/root/sftpgo.sh rename to root/sftpgo.sh index 98d6039..0b38e3e --- a/mkosi.skeleton/root/sftpgo.sh +++ b/root/sftpgo.sh @@ -1,12 +1,12 @@ #!/usr/bin/bash - source /etc/os-release + export GO=/usr/bin/go -if [[ $ID = "debian" ]]; then +if [[ $OS = "debian" ]]; then export GO=/usr/lib/go-1.19/bin/go fi git clone https://github.com/drakkan/sftpgo /root/sftpgo-src cd /root/sftpgo-src -git checkout v2.4.0 +git checkout $(git tag | tail -n 1) $GO build -o /usr/local/bin/sftpgo diff --git a/mkosi.extra/etc/php/8.1/fpm/.gitkeep b/srv/servnest/acme/.gitkeep similarity index 100% rename from mkosi.extra/etc/php/8.1/fpm/.gitkeep rename to srv/servnest/acme/.gitkeep diff --git a/srv/servnest/core b/srv/servnest/core new file mode 160000 index 0000000..ac6d311 --- /dev/null +++ b/srv/servnest/core @@ -0,0 +1 @@ +Subproject commit ac6d311ada4cbc0557d1c56bd61d81a543d7f767 diff --git a/srv/servnest/docs b/srv/servnest/docs new file mode 160000 index 0000000..fbe7149 --- /dev/null +++ b/srv/servnest/docs @@ -0,0 +1 @@ +Subproject commit fbe714909c09701253c3f7e6254a2fab42b35161 diff --git a/mkosi.skeleton/srv/servnest/errors/400.html b/srv/servnest/errors/400.html similarity index 100% rename from mkosi.skeleton/srv/servnest/errors/400.html rename to srv/servnest/errors/400.html diff --git a/mkosi.skeleton/srv/servnest/errors/403.html b/srv/servnest/errors/403.html similarity index 100% rename from mkosi.skeleton/srv/servnest/errors/403.html rename to srv/servnest/errors/403.html diff --git a/mkosi.skeleton/srv/servnest/errors/404.en.html b/srv/servnest/errors/404.en.html similarity index 100% rename from mkosi.skeleton/srv/servnest/errors/404.en.html rename to srv/servnest/errors/404.en.html diff --git a/mkosi.skeleton/srv/servnest/errors/404.fr.html b/srv/servnest/errors/404.fr.html similarity index 100% rename from mkosi.skeleton/srv/servnest/errors/404.fr.html rename to srv/servnest/errors/404.fr.html diff --git a/mkosi.skeleton/srv/servnest/errors/404.php b/srv/servnest/errors/404.php similarity index 100% rename from mkosi.skeleton/srv/servnest/errors/404.php rename to srv/servnest/errors/404.php diff --git a/mkosi.skeleton/srv/servnest/errors/405.html b/srv/servnest/errors/405.html similarity index 100% rename from mkosi.skeleton/srv/servnest/errors/405.html rename to srv/servnest/errors/405.html diff --git a/mkosi.skeleton/srv/servnest/errors/410.html b/srv/servnest/errors/410.html similarity index 100% rename from mkosi.skeleton/srv/servnest/errors/410.html rename to srv/servnest/errors/410.html diff --git a/mkosi.skeleton/srv/servnest/errors/418.html b/srv/servnest/errors/418.html similarity index 100% rename from mkosi.skeleton/srv/servnest/errors/418.html rename to srv/servnest/errors/418.html diff --git a/mkosi.skeleton/srv/servnest/errors/500.html b/srv/servnest/errors/500.html similarity index 100% rename from mkosi.skeleton/srv/servnest/errors/500.html rename to srv/servnest/errors/500.html diff --git a/mkosi.skeleton/srv/servnest/errors/502.html b/srv/servnest/errors/502.html similarity index 100% rename from mkosi.skeleton/srv/servnest/errors/502.html rename to srv/servnest/errors/502.html diff --git a/mkosi.skeleton/srv/servnest/errors/503.html b/srv/servnest/errors/503.html similarity index 100% rename from mkosi.skeleton/srv/servnest/errors/503.html rename to srv/servnest/errors/503.html diff --git a/mkosi.skeleton/srv/servnest/errors/504.html b/srv/servnest/errors/504.html similarity index 100% rename from mkosi.skeleton/srv/servnest/errors/504.html rename to srv/servnest/errors/504.html diff --git a/mkosi.skeleton/srv/servnest/errors/default-domain.en.html b/srv/servnest/errors/default-domain.en.html similarity index 100% rename from mkosi.skeleton/srv/servnest/errors/default-domain.en.html rename to srv/servnest/errors/default-domain.en.html diff --git a/mkosi.skeleton/srv/servnest/errors/default-ip.en.html b/srv/servnest/errors/default-ip.en.html similarity index 100% rename from mkosi.skeleton/srv/servnest/errors/default-ip.en.html rename to srv/servnest/errors/default-ip.en.html diff --git a/mkosi.skeleton/srv/servnest/errors/http.php b/srv/servnest/errors/http.php similarity index 100% rename from mkosi.skeleton/srv/servnest/errors/http.php rename to srv/servnest/errors/http.php diff --git a/mkosi.skeleton/srv/servnest/errors/index.php b/srv/servnest/errors/index.php similarity index 100% rename from mkosi.skeleton/srv/servnest/errors/index.php rename to srv/servnest/errors/index.php diff --git a/mkosi.skeleton/srv/servnest/errors/unsecure.en.php b/srv/servnest/errors/unsecure.en.php similarity index 100% rename from mkosi.skeleton/srv/servnest/errors/unsecure.en.php rename to srv/servnest/errors/unsecure.en.php diff --git a/mkosi.skeleton/srv/servnest/errors/unsecure.fr.php b/srv/servnest/errors/unsecure.fr.php similarity index 100% rename from mkosi.skeleton/srv/servnest/errors/unsecure.fr.php rename to srv/servnest/errors/unsecure.fr.php diff --git a/mkosi.skeleton/root/.ssh/.gitkeep b/srv/servnest/ht/.gitkeep similarity index 100% rename from mkosi.skeleton/root/.ssh/.gitkeep rename to srv/servnest/ht/.gitkeep diff --git a/mkosi.skeleton/srv/servnest/acme/.gitkeep b/srv/servnest/nginx/.gitkeep similarity index 100% rename from mkosi.skeleton/srv/servnest/acme/.gitkeep rename to srv/servnest/nginx/.gitkeep diff --git a/mkosi.skeleton/srv/servnest/ht/.gitkeep b/srv/servnest/ns/.gitkeep similarity index 100% rename from mkosi.skeleton/srv/servnest/ht/.gitkeep rename to srv/servnest/ns/.gitkeep diff --git a/mkosi.skeleton/srv/servnest/reg/servnest.test.zone b/srv/servnest/reg/servnest.test.zone similarity index 100% rename from mkosi.skeleton/srv/servnest/reg/servnest.test.zone rename to srv/servnest/reg/servnest.test.zone diff --git a/mkosi.skeleton/srv/servnest/reg/test.servnest.test.zone b/srv/servnest/reg/test.servnest.test.zone similarity index 100% rename from mkosi.skeleton/srv/servnest/reg/test.servnest.test.zone rename to srv/servnest/reg/test.servnest.test.zone diff --git a/mkosi.skeleton/srv/servnest/nginx/.gitkeep b/srv/servnest/subdomain/.gitkeep similarity index 100% rename from mkosi.skeleton/srv/servnest/nginx/.gitkeep rename to srv/servnest/subdomain/.gitkeep diff --git a/mkosi.skeleton/srv/servnest/ns/.gitkeep b/srv/servnest/subpath/.gitkeep similarity index 100% rename from mkosi.skeleton/srv/servnest/ns/.gitkeep rename to srv/servnest/subpath/.gitkeep diff --git a/mkosi.skeleton/srv/servnest/subdomain/.gitkeep b/srv/servnest/tor-config/.gitkeep similarity index 100% rename from mkosi.skeleton/srv/servnest/subdomain/.gitkeep rename to srv/servnest/tor-config/.gitkeep diff --git a/mkosi.skeleton/srv/servnest/subpath/.gitkeep b/srv/servnest/tor-keys/.gitkeep similarity index 100% rename from mkosi.skeleton/srv/servnest/subpath/.gitkeep rename to srv/servnest/tor-keys/.gitkeep diff --git a/usr/lib/tmpfiles.d/php-fpm.conf b/usr/lib/tmpfiles.d/php-fpm.conf new file mode 100644 index 0000000..8b13789 --- /dev/null +++ b/usr/lib/tmpfiles.d/php-fpm.conf @@ -0,0 +1 @@ + diff --git a/mkosi.skeleton/srv/servnest/tor-config/.gitkeep b/var/log/knot/.gitkeep similarity index 100% rename from mkosi.skeleton/srv/servnest/tor-config/.gitkeep rename to var/log/knot/.gitkeep diff --git a/mkosi.skeleton/srv/servnest/tor-keys/.gitkeep b/var/log/php/.gitkeep similarity index 100% rename from mkosi.skeleton/srv/servnest/tor-keys/.gitkeep rename to var/log/php/.gitkeep