Update for mkosi 15.1
This commit is contained in:
parent
086247b34b
commit
e3b9f4b027
|
@ -4,12 +4,10 @@ Autologin = yes
|
||||||
[Output]
|
[Output]
|
||||||
Format = directory
|
Format = directory
|
||||||
Hostname = servnest.test
|
Hostname = servnest.test
|
||||||
|
CacheDirectory = ../mkosi.cache/
|
||||||
|
OutputDirectory = /var/lib/machines
|
||||||
|
|
||||||
[Content]
|
[Content]
|
||||||
RemoveFiles = /.git,/.gitignore,/mkosi.*,/*.md
|
|
||||||
Cache = ../mkosi.cache/
|
|
||||||
ExtraTree = ./
|
|
||||||
BasePackages = yes
|
|
||||||
WithDocs = yes
|
WithDocs = yes
|
||||||
WithNetwork = yes
|
WithNetwork = yes
|
||||||
Packages =
|
Packages =
|
|
@ -22,8 +22,6 @@ if [[ $OS = "arch" ]]; then
|
||||||
|
|
||||||
mkdir -p /srv/servnest/ht/usr/lib
|
mkdir -p /srv/servnest/ht/usr/lib
|
||||||
ln /usr/lib/libc.so.6 /srv/servnest/ht/usr/lib/libc.so.6
|
ln /usr/lib/libc.so.6 /srv/servnest/ht/usr/lib/libc.so.6
|
||||||
|
|
||||||
systemctl enable httpd
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [[ $OS = "debian" ]]; then
|
if [[ $OS = "debian" ]]; then
|
|
@ -17,6 +17,8 @@ policy:
|
||||||
algorithm: "ed25519"
|
algorithm: "ed25519"
|
||||||
nsec3: "on"
|
nsec3: "on"
|
||||||
nsec3-iterations: 10
|
nsec3-iterations: 10
|
||||||
|
delete-delay: 60d
|
||||||
|
dnskey-management: "incremental"
|
||||||
|
|
||||||
template:
|
template:
|
||||||
- id: "servnest"
|
- id: "servnest"
|
|
@ -1,9 +1,9 @@
|
||||||
#!/usr/bin/bash
|
#!/usr/bin/bash
|
||||||
|
|
||||||
sudo -u $knot mkdir -p /var/lib/knot/confdb/
|
mkdir -p /var/lib/knot/confdb/
|
||||||
|
|
||||||
# Load configuration in Knot database
|
# Load configuration in Knot database
|
||||||
sudo -u $knot knotc conf-import /install/knot.conf
|
knotc conf-import /install/knot.conf
|
||||||
|
|
||||||
# We need servnest to be allowed to configure Knot
|
# We need servnest to be allowed to configure Knot
|
||||||
usermod -aG $knot $servnest # Add user $servnest to group $knot
|
usermod -aG $knot $servnest # Add user $servnest to group $knot
|
|
@ -1,6 +1,7 @@
|
||||||
error_log = syslog
|
error_log = syslog
|
||||||
|
|
||||||
extension = pdo_sqlite
|
extension = pdo_sqlite
|
||||||
|
extension = sqlite3
|
||||||
extension = gettext
|
extension = gettext
|
||||||
# Only required for the check.php script
|
# Only required for the check.php script
|
||||||
extension = curl
|
extension = curl
|
||||||
|
@ -8,4 +9,3 @@ extension = curl
|
||||||
# Optional
|
# Optional
|
||||||
expose_php = Off
|
expose_php = Off
|
||||||
zend_extension = opcache
|
zend_extension = opcache
|
||||||
opcache.jit_buffer_size = 32M
|
|
|
@ -22,7 +22,6 @@ chmod u=r,g=,o= /etc/sftpgo/ed25519
|
||||||
|
|
||||||
# For systemd
|
# For systemd
|
||||||
cp /install/sftpgo.service /etc/systemd/system/
|
cp /install/sftpgo.service /etc/systemd/system/
|
||||||
systemctl enable sftpgo
|
|
||||||
|
|
||||||
# Allow listening on privileged ports
|
# Allow listening on privileged ports
|
||||||
setcap 'cap_net_bind_service=+ep' /usr/local/bin/sftpgo
|
setcap 'cap_net_bind_service=+ep' /usr/local/bin/sftpgo
|
|
@ -0,0 +1 @@
|
||||||
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFkueXNjIEZVGbR1kLlDKrbRjKIvXaqbVHMVpGqH3L0/ miraty@Cerise
|
|
@ -0,0 +1 @@
|
||||||
|
Subproject commit 63554b4908a088f5da0dc3a5806415cfa7b88701
|
|
@ -0,0 +1,21 @@
|
||||||
|
#!/usr/bin/bash
|
||||||
|
|
||||||
|
if [ "$container" != "mkosi" ]; then
|
||||||
|
exec mkosi-chroot "$SCRIPT" "$@"
|
||||||
|
fi
|
||||||
|
|
||||||
|
set -euo pipefail
|
||||||
|
|
||||||
|
source /etc/os-release
|
||||||
|
export OS=$ID
|
||||||
|
|
||||||
|
if [[ $OS = "arch" ]]; then
|
||||||
|
systemctl enable sshd
|
||||||
|
systemctl enable knot
|
||||||
|
systemctl enable nginx
|
||||||
|
systemctl enable httpd
|
||||||
|
systemctl enable tor
|
||||||
|
systemctl enable php-fpm
|
||||||
|
fi
|
||||||
|
|
||||||
|
systemctl enable sftpgo
|
|
@ -1,4 +1,9 @@
|
||||||
#!/usr/bin/bash
|
#!/usr/bin/bash
|
||||||
|
|
||||||
|
if [ "$container" != "mkosi" ]; then
|
||||||
|
exec mkosi-chroot "$SCRIPT" "$@"
|
||||||
|
fi
|
||||||
|
|
||||||
set -euo pipefail
|
set -euo pipefail
|
||||||
|
|
||||||
source /etc/os-release
|
source /etc/os-release
|
||||||
|
@ -14,15 +19,12 @@ chown $sftpgo: /usr/local/bin/sftpgo
|
||||||
chmod u=rx,g=,o= /usr/local/bin/sftpgo
|
chmod u=rx,g=,o= /usr/local/bin/sftpgo
|
||||||
|
|
||||||
if [[ $OS = "arch" ]]; then
|
if [[ $OS = "arch" ]]; then
|
||||||
systemctl enable sshd
|
|
||||||
systemctl enable knot
|
|
||||||
systemctl enable nginx
|
|
||||||
systemctl enable tor
|
|
||||||
systemctl enable php-fpm
|
|
||||||
|
|
||||||
pacman-key --init
|
pacman-key --init
|
||||||
pacman-key --populate
|
pacman-key --populate
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Enable testing option
|
# Enable testing option
|
||||||
sed -i 's/local_only_check = false/local_only_check = true/' /srv/servnest/core/config.ini
|
sed -i 's/local_only_check = false/local_only_check = true/' /srv/servnest/core/config.ini
|
||||||
|
|
||||||
|
chmod u=rwX,g=rX,o=rX / /etc
|
||||||
|
chmod -R u=rwX,g=rX,o=rX /etc/php
|
||||||
|
|
|
@ -3,11 +3,12 @@ Distribution = arch
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
[Output]
|
|
||||||
Output = /var/lib/machines/servnest-arch
|
|
||||||
|
|
||||||
[Content]
|
[Content]
|
||||||
Packages =
|
Packages =
|
||||||
|
systemd
|
||||||
|
pacman
|
||||||
|
archlinux-keyring
|
||||||
apache
|
apache
|
||||||
nginx-mod-headers-more
|
nginx-mod-headers-more
|
||||||
certbot-nginx
|
certbot-nginx
|
||||||
|
@ -16,5 +17,8 @@ Packages =
|
||||||
go
|
go
|
||||||
openssh
|
openssh
|
||||||
iputils
|
iputils
|
||||||
|
gettext
|
||||||
which
|
which
|
||||||
sshpass
|
sshpass
|
||||||
|
sed
|
||||||
|
coreutils
|
|
@ -3,11 +3,9 @@ Distribution = debian
|
||||||
Release = testing
|
Release = testing
|
||||||
Mirror = https://deb.debian.org/debian
|
Mirror = https://deb.debian.org/debian
|
||||||
|
|
||||||
[Output]
|
|
||||||
Output = /var/lib/machines/servnest-debian
|
|
||||||
|
|
||||||
[Content]
|
[Content]
|
||||||
Packages =
|
Packages =
|
||||||
|
dbus
|
||||||
apt-transport-tor
|
apt-transport-tor
|
||||||
apache2
|
apache2
|
||||||
libnginx-mod-http-headers-more-filter
|
libnginx-mod-http-headers-more-filter
|
|
@ -1 +0,0 @@
|
||||||
Subproject commit 25b1d30cbebef6bde5bb26b4de92ef78a29924a6
|
|
Loading…
Reference in New Issue