From cbc20645ea06aee1a802e894b0fcf0c8c7ef3edf Mon Sep 17 00:00:00 2001 From: Ricard Illa Date: Wed, 8 Apr 2020 13:05:07 +0200 Subject: [PATCH] initial commit --- .gitignore | 3 + Makefile | 44 + ansible/Dockerfile | 24 + ansible/Makefile | 10 + ansible/ansible.cfg | 528 +++++ ansible/get_password.sh | 3 + backup/Dockerfile | 6 + backup/Makefile | 10 + backup/make_backup.sh | 32 + buku/Dockerfile | 34 + buku/Makefile | 10 + ddclient/Dockerfile | 19 + ddclient/Makefile | 10 + git-daemon/Dockerfile | 12 + git-daemon/Makefile | 10 + git-daemon/entrypoint | 17 + gitolite-stagit/Dockerfile | 46 + gitolite-stagit/Makefile | 16 + gitolite-stagit/bin/build-stagit-index | 16 + gitolite-stagit/bin/build-stagit-repo | 22 + gitolite-stagit/bin/build-stagit-repos | 7 + gitolite-stagit/bin/entrypoint | 51 + gitolite-stagit/bin/set-owner | 16 + gitolite-stagit/bin/set-owners | 7 + gitolite-stagit/bin/set-url | 18 + gitolite-stagit/bin/set-urls | 7 + gitolite-stagit/gitolite.rc | 216 ++ .../local_code/hooks/common/post-receive | 8 + .../local_code/triggers/build-stagit-index | 3 + .../local_code/triggers/build-stagit-repos | 3 + gitolite-stagit/local_code/triggers/set-owner | 5 + .../local_code/triggers/set-owners | 5 + gitolite-stagit/local_code/triggers/set-url | 5 + gitolite-stagit/local_code/triggers/set-urls | 5 + gitolite-stagit/sshd_config | 23 + gitolite/Dockerfile | 36 + gitolite/Makefile | 10 + gitolite/docker-entrypoint.sh | 41 + gitolite/sshd_config | 23 + ledger-web/Dockerfile | 24 + ledger-web/Makefile | 10 + ledger-web/db/db.sqlite3 | Bin 0 -> 159744 bytes ledger-web/docker-entrypoint.sh | 6 + ledger-web/settings.py | 136 ++ ledger-web/test.sh | 8 + rss-bridge/Dockerfile | 20 + rss-bridge/Makefile | 10 + rss-bridge/entrypoint.sh | 14 + syncthing/Dockerfile | 32 + syncthing/Makefile | 19 + syncthing/docker-entrypoint.sh | 9 + tasks/Dockerfile | 10 + tasks/Makefile | 10 + tasks/entrypoint.sh | 11 + tor/Dockerfile | 7 + tor/Makefile | 10 + tor/entrypoint.sh | 14 + vdirsyncer/Dockerfile | 21 + vdirsyncer/Makefile | 10 + vdirsyncer/crontab | 1 + vdirsyncer/do_sync.sh | 4 + vdirsyncer/entrypoint.sh | 25 + wallabag/Dockerfile | 43 + wallabag/Makefile | 10 + wallabag/entrypoint.sh | 42 + wallabag/parameters.yml | 64 + wallabag/php-fpm.conf | 539 +++++ wallabag/php.ini | 1930 +++++++++++++++++ xandikos/Dockerfile | 30 + xandikos/Makefile | 10 + xandikos/entrypoint.sh | 28 + 71 files changed, 4468 insertions(+) create mode 100644 .gitignore create mode 100644 Makefile create mode 100644 ansible/Dockerfile create mode 100644 ansible/Makefile create mode 100644 ansible/ansible.cfg create mode 100644 ansible/get_password.sh create mode 100644 backup/Dockerfile create mode 100644 backup/Makefile create mode 100644 backup/make_backup.sh create mode 100644 buku/Dockerfile create mode 100644 buku/Makefile create mode 100644 ddclient/Dockerfile create mode 100644 ddclient/Makefile create mode 100644 git-daemon/Dockerfile create mode 100644 git-daemon/Makefile create mode 100644 git-daemon/entrypoint create mode 100644 gitolite-stagit/Dockerfile create mode 100644 gitolite-stagit/Makefile create mode 100644 gitolite-stagit/bin/build-stagit-index create mode 100644 gitolite-stagit/bin/build-stagit-repo create mode 100644 gitolite-stagit/bin/build-stagit-repos create mode 100644 gitolite-stagit/bin/entrypoint create mode 100644 gitolite-stagit/bin/set-owner create mode 100644 gitolite-stagit/bin/set-owners create mode 100644 gitolite-stagit/bin/set-url create mode 100644 gitolite-stagit/bin/set-urls create mode 100644 gitolite-stagit/gitolite.rc create mode 100644 gitolite-stagit/local_code/hooks/common/post-receive create mode 100644 gitolite-stagit/local_code/triggers/build-stagit-index create mode 100644 gitolite-stagit/local_code/triggers/build-stagit-repos create mode 100644 gitolite-stagit/local_code/triggers/set-owner create mode 100644 gitolite-stagit/local_code/triggers/set-owners create mode 100644 gitolite-stagit/local_code/triggers/set-url create mode 100644 gitolite-stagit/local_code/triggers/set-urls create mode 100644 gitolite-stagit/sshd_config create mode 100644 gitolite/Dockerfile create mode 100644 gitolite/Makefile create mode 100644 gitolite/docker-entrypoint.sh create mode 100644 gitolite/sshd_config create mode 100644 ledger-web/Dockerfile create mode 100644 ledger-web/Makefile create mode 100644 ledger-web/db/db.sqlite3 create mode 100644 ledger-web/docker-entrypoint.sh create mode 100644 ledger-web/settings.py create mode 100644 ledger-web/test.sh create mode 100644 rss-bridge/Dockerfile create mode 100644 rss-bridge/Makefile create mode 100644 rss-bridge/entrypoint.sh create mode 100644 syncthing/Dockerfile create mode 100644 syncthing/Makefile create mode 100644 syncthing/docker-entrypoint.sh create mode 100644 tasks/Dockerfile create mode 100644 tasks/Makefile create mode 100644 tasks/entrypoint.sh create mode 100644 tor/Dockerfile create mode 100644 tor/Makefile create mode 100644 tor/entrypoint.sh create mode 100644 vdirsyncer/Dockerfile create mode 100644 vdirsyncer/Makefile create mode 100644 vdirsyncer/crontab create mode 100644 vdirsyncer/do_sync.sh create mode 100644 vdirsyncer/entrypoint.sh create mode 100644 wallabag/Dockerfile create mode 100644 wallabag/Makefile create mode 100644 wallabag/entrypoint.sh create mode 100644 wallabag/parameters.yml create mode 100644 wallabag/php-fpm.conf create mode 100644 wallabag/php.ini create mode 100644 xandikos/Dockerfile create mode 100644 xandikos/Makefile create mode 100644 xandikos/entrypoint.sh diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..962b018 --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +gitolite/.env +ansible/.env +ansible/known_hosts diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..8fe4de9 --- /dev/null +++ b/Makefile @@ -0,0 +1,44 @@ +images=backup buku ddclient gitolite gitolite-stagit git-daemon rss-bridge syncthing tasks tor vdirsyncer wallabag xandikos +.PHONY: all $(images) +all: $(images) + +BUILD = make -C $@ + +backup: + $(BUILD) + +buku: + $(BUILD) + +ddclient: + $(BUILD) + +gitolite: + $(BUILD) + +gitolite-stagit: + $(BUILD) + +git-daemon: + $(BUILD) + +rss-bridge: + $(BUILD) + +syncthing: + $(BUILD) + +tasks: + $(BUILD) + +tor: + $(BUILD) + +vdirsyncer: + $(BUILD) + +xandikos: + $(BUILD) + +wallabag: + $(BUILD) diff --git a/ansible/Dockerfile b/ansible/Dockerfile new file mode 100644 index 0000000..e20cc3d --- /dev/null +++ b/ansible/Dockerfile @@ -0,0 +1,24 @@ +FROM alpine:3.12 + +RUN apk add --no-cache openssh python3 py3-pip && \ + apk add --no-cache --virtual .build-deps \ + gcc \ + libffi-dev \ + musl-dev \ + openssl-dev \ + python3-dev && \ + pip install \ + ansible==2.9 \ + cryptography \ + mitogen && \ + apk del .build-deps + +RUN apk add --no-cache openssl + +COPY get_password.sh /usr/local/bin/get_password +RUN chmod +x /usr/local/bin/get_password + +COPY ansible.cfg /etc/ansible/ansible.cfg + +RUN mkdir -p /srv +WORKDIR /srv diff --git a/ansible/Makefile b/ansible/Makefile new file mode 100644 index 0000000..45b9cc8 --- /dev/null +++ b/ansible/Makefile @@ -0,0 +1,10 @@ +USERNAME = rilla +IMG_NAME = ansible + +.PHONY: build build-nc + +build: Dockerfile + docker build -t $(USERNAME)/$(IMG_NAME) . + +build-nc: Dockerfile + docker build --no-cache -t $(USERNAME)/$(IMG_NAME) . diff --git a/ansible/ansible.cfg b/ansible/ansible.cfg new file mode 100644 index 0000000..0600bc0 --- /dev/null +++ b/ansible/ansible.cfg @@ -0,0 +1,528 @@ +# Example config file for ansible -- https://ansible.com/ +# ======================================================= + +# Nearly all parameters can be overridden in ansible-playbook +# or with command line flags. Ansible will read ANSIBLE_CONFIG, +# ansible.cfg in the current working directory, .ansible.cfg in +# the home directory, or /etc/ansible/ansible.cfg, whichever it +# finds first + +# For a full list of available options, run ansible-config list or see the +# documentation: https://docs.ansible.com/ansible/latest/reference_appendices/config.html. + +[defaults] +inventory = /etc/ansible/hosts.yml +interpreter_python = auto_silent +#library = ~/.ansible/plugins/modules:/usr/share/ansible/plugins/modules +#module_utils = ~/.ansible/plugins/module_utils:/usr/share/ansible/plugins/module_utils +#remote_tmp = ~/.ansible/tmp +#local_tmp = ~/.ansible/tmp +#forks = 5 +#poll_interval = 0.001 +#ask_pass = False +#transport = smart +strategy_plugins = /usr/lib/python3.8/site-packages/ansible_mitogen/plugins/strategy +strategy = mitogen_linear + +# Plays will gather facts by default, which contain information about +# the remote system. +# +# smart - gather by default, but don't regather if already gathered +# implicit - gather by default, turn off with gather_facts: False +# explicit - do not gather by default, must say gather_facts: True +#gathering = implicit + +# This only affects the gathering done by a play's gather_facts directive, +# by default gathering retrieves all facts subsets +# all - gather all subsets +# network - gather min and network facts +# hardware - gather hardware facts (longest facts to retrieve) +# virtual - gather min and virtual facts +# facter - import facts from facter +# ohai - import facts from ohai +# You can combine them using comma (ex: network,virtual) +# You can negate them using ! (ex: !hardware,!facter,!ohai) +# A minimal set of facts is always gathered. +# +#gather_subset = all + +# some hardware related facts are collected +# with a maximum timeout of 10 seconds. This +# option lets you increase or decrease that +# timeout to something more suitable for the +# environment. +# +#gather_timeout = 10 + +# Ansible facts are available inside the ansible_facts.* dictionary +# namespace. This setting maintains the behaviour which was the default prior +# to 2.5, duplicating these variables into the main namespace, each with a +# prefix of 'ansible_'. +# This variable is set to True by default for backwards compatibility. It +# will be changed to a default of 'False' in a future release. +# +#inject_facts_as_vars = True + +# Paths to search for collections, colon separated +# collections_paths = ~/.ansible/collections:/usr/share/ansible/collections + +# Paths to search for roles, colon separated +#roles_path = ~/.ansible/roles:/usr/share/ansible/roles:/etc/ansible/roles + +# Host key checking is enabled by default +#host_key_checking = True + +# You can only have one 'stdout' callback type enabled at a time. The default +# is 'default'. The 'yaml' or 'debug' stdout callback plugins are easier to read. +# +#stdout_callback = default +#stdout_callback = yaml +#stdout_callback = debug + + +# Ansible ships with some plugins that require whitelisting, +# this is done to avoid running all of a type by default. +# These setting lists those that you want enabled for your system. +# Custom plugins should not need this unless plugin author disables them +# by default. +# +# Enable callback plugins, they can output to stdout but cannot be 'stdout' type. +#callback_whitelist = timer, mail + +# Determine whether includes in tasks and handlers are "static" by +# default. As of 2.0, includes are dynamic by default. Setting these +# values to True will make includes behave more like they did in the +# 1.x versions. +# +#task_includes_static = False +#handler_includes_static = False + +# Controls if a missing handler for a notification event is an error or a warning +#error_on_missing_handler = True + +# Default timeout for connection plugins +#timeout = 10 + +# Default user to use for playbooks if user is not specified +# Uses the connection plugin's default, normally the user currently executing Ansible, +# unless a different user is specified here. +# +#remote_user = root + +# Logging is off by default unless this path is defined. +#log_path = /var/log/ansible.log + +# Default module to use when running ad-hoc commands +#module_name = command + +# Use this shell for commands executed under sudo. +# you may need to change this to /bin/bash in rare instances +# if sudo is constrained. +# +#executable = /bin/sh + +# By default, variables from roles will be visible in the global variable +# scope. To prevent this, set the following option to True, and only +# tasks and handlers within the role will see the variables there +# +#private_role_vars = False + +# List any Jinja2 extensions to enable here. +#jinja2_extensions = jinja2.ext.do,jinja2.ext.i18n + +# If set, always use this private key file for authentication, same as +# if passing --private-key to ansible or ansible-playbook +# +#private_key_file = /path/to/file + +# If set, configures the path to the Vault password file as an alternative to +# specifying --vault-password-file on the command line. This can also be +# an executable script that returns the vault password to stdout. +# +vault_password_file = /usr/local/bin/get_password + +# Format of string {{ ansible_managed }} available within Jinja2 +# templates indicates to users editing templates files will be replaced. +# replacing {file}, {host} and {uid} and strftime codes with proper values. +# +#ansible_managed = Ansible managed: {file} modified on %Y-%m-%d %H:%M:%S by {uid} on {host} + +# {file}, {host}, {uid}, and the timestamp can all interfere with idempotence +# in some situations so the default is a static string: +# +#ansible_managed = Ansible managed + +# By default, ansible-playbook will display "Skipping [host]" if it determines a task +# should not be run on a host. Set this to "False" if you don't want to see these "Skipping" +# messages. NOTE: the task header will still be shown regardless of whether or not the +# task is skipped. +# +#display_skipped_hosts = True + +# By default, if a task in a playbook does not include a name: field then +# ansible-playbook will construct a header that includes the task's action but +# not the task's args. This is a security feature because ansible cannot know +# if the *module* considers an argument to be no_log at the time that the +# header is printed. If your environment doesn't have a problem securing +# stdout from ansible-playbook (or you have manually specified no_log in your +# playbook on all of the tasks where you have secret information) then you can +# safely set this to True to get more informative messages. +# +#display_args_to_stdout = False + +# Ansible will raise errors when attempting to dereference +# Jinja2 variables that are not set in templates or action lines. Uncomment this line +# to change this behavior. +# +#error_on_undefined_vars = False + +# Ansible may display warnings based on the configuration of the +# system running ansible itself. This may include warnings about 3rd party packages or +# other conditions that should be resolved if possible. +# To disable these warnings, set the following value to False: +# +#system_warnings = True + +# Ansible may display deprecation warnings for language +# features that should no longer be used and will be removed in future versions. +# To disable these warnings, set the following value to False: +# +#deprecation_warnings = True + +# Ansible can optionally warn when usage of the shell and +# command module appear to be simplified by using a default Ansible module +# instead. These warnings can be silenced by adjusting the following +# setting or adding warn=yes or warn=no to the end of the command line +# parameter string. This will for example suggest using the git module +# instead of shelling out to the git command. +# +#command_warnings = False + + +# set plugin path directories here, separate with colons +#action_plugins = /usr/share/ansible/plugins/action +#become_plugins = /usr/share/ansible/plugins/become +#cache_plugins = /usr/share/ansible/plugins/cache +#callback_plugins = /usr/share/ansible/plugins/callback +#connection_plugins = /usr/share/ansible/plugins/connection +#lookup_plugins = /usr/share/ansible/plugins/lookup +#inventory_plugins = /usr/share/ansible/plugins/inventory +#vars_plugins = /usr/share/ansible/plugins/vars +#filter_plugins = /usr/share/ansible/plugins/filter +#test_plugins = /usr/share/ansible/plugins/test +#terminal_plugins = /usr/share/ansible/plugins/terminal +#strategy_plugins = /usr/share/ansible/plugins/strategy + + +# Ansible will use the 'linear' strategy but you may want to try another one. +#strategy = linear + +# By default, callbacks are not loaded for /bin/ansible. Enable this if you +# want, for example, a notification or logging callback to also apply to +# /bin/ansible runs +# +#bin_ansible_callbacks = False + + +# Don't like cows? that's unfortunate. +# set to 1 if you don't want cowsay support or export ANSIBLE_NOCOWS=1 +#nocows = 1 + +# Set which cowsay stencil you'd like to use by default. When set to 'random', +# a random stencil will be selected for each task. The selection will be filtered +# against the `cow_whitelist` option below. +# +#cow_selection = default +#cow_selection = random + +# When using the 'random' option for cowsay, stencils will be restricted to this list. +# it should be formatted as a comma-separated list with no spaces between names. +# NOTE: line continuations here are for formatting purposes only, as the INI parser +# in python does not support them. +# +#cow_whitelist=bud-frogs,bunny,cheese,daemon,default,dragon,elephant-in-snake,elephant,eyes,\ +# hellokitty,kitty,luke-koala,meow,milk,moofasa,moose,ren,sheep,small,stegosaurus,\ +# stimpy,supermilker,three-eyes,turkey,turtle,tux,udder,vader-koala,vader,www + +# Don't like colors either? +# set to 1 if you don't want colors, or export ANSIBLE_NOCOLOR=1 +# +#nocolor = 1 + +# If set to a persistent type (not 'memory', for example 'redis') fact values +# from previous runs in Ansible will be stored. This may be useful when +# wanting to use, for example, IP information from one group of servers +# without having to talk to them in the same playbook run to get their +# current IP information. +# +#fact_caching = memory + +# This option tells Ansible where to cache facts. The value is plugin dependent. +# For the jsonfile plugin, it should be a path to a local directory. +# For the redis plugin, the value is a host:port:database triplet: fact_caching_connection = localhost:6379:0 +# +#fact_caching_connection=/tmp + +# retry files +# When a playbook fails a .retry file can be created that will be placed in ~/ +# You can enable this feature by setting retry_files_enabled to True +# and you can change the location of the files by setting retry_files_save_path +# +#retry_files_enabled = False +#retry_files_save_path = ~/.ansible-retry + +# prevents logging of task data, off by default +#no_log = False + +# prevents logging of tasks, but only on the targets, data is still logged on the master/controller +#no_target_syslog = False + +# Controls whether Ansible will raise an error or warning if a task has no +# choice but to create world readable temporary files to execute a module on +# the remote machine. This option is False by default for security. Users may +# turn this on to have behaviour more like Ansible prior to 2.1.x. See +# https://docs.ansible.com/ansible/latest/user_guide/become.html#becoming-an-unprivileged-user +# for more secure ways to fix this than enabling this option. +# +#allow_world_readable_tmpfiles = False + +# Controls what compression method is used for new-style ansible modules when +# they are sent to the remote system. The compression types depend on having +# support compiled into both the controller's python and the client's python. +# The names should match with the python Zipfile compression types: +# * ZIP_STORED (no compression. available everywhere) +# * ZIP_DEFLATED (uses zlib, the default) +# These values may be set per host via the ansible_module_compression inventory variable. +# +#module_compression = 'ZIP_DEFLATED' + +# This controls the cutoff point (in bytes) on --diff for files +# set to 0 for unlimited (RAM may suffer!). +# +#max_diff_size = 104448 + +# Controls showing custom stats at the end, off by default +#show_custom_stats = False + +# Controls which files to ignore when using a directory as inventory with +# possibly multiple sources (both static and dynamic) +# +#inventory_ignore_extensions = ~, .orig, .bak, .ini, .cfg, .retry, .pyc, .pyo + +# This family of modules use an alternative execution path optimized for network appliances +# only update this setting if you know how this works, otherwise it can break module execution +# +#network_group_modules=eos, nxos, ios, iosxr, junos, vyos + +# When enabled, this option allows lookups (via variables like {{lookup('foo')}} or when used as +# a loop with `with_foo`) to return data that is not marked "unsafe". This means the data may contain +# jinja2 templating language which will be run through the templating engine. +# ENABLING THIS COULD BE A SECURITY RISK +# +#allow_unsafe_lookups = False + +# set default errors for all plays +#any_errors_fatal = False + + +[inventory] +# List of enabled inventory plugins and the order in which they are used. +#enable_plugins = host_list, script, auto, yaml, ini, toml + +# Ignore these extensions when parsing a directory as inventory source +#ignore_extensions = .pyc, .pyo, .swp, .bak, ~, .rpm, .md, .txt, ~, .orig, .ini, .cfg, .retry + +# ignore files matching these patterns when parsing a directory as inventory source +#ignore_patterns= + +# If 'True' unparsed inventory sources become fatal errors, otherwise they are warnings. +#unparsed_is_failed = False + + +[privilege_escalation] +#become = False +#become_method = sudo +#become_ask_pass = False + + +## Connection Plugins ## + +# Settings for each connection plugin go under a section titled '[[plugin_name]_connection]' +# To view available connection plugins, run ansible-doc -t connection -l +# To view available options for a connection plugin, run ansible-doc -t connection [plugin_name] +# https://docs.ansible.com/ansible/latest/plugins/connection.html + +[paramiko_connection] +# uncomment this line to cause the paramiko connection plugin to not record new host +# keys encountered. Increases performance on new host additions. Setting works independently of the +# host key checking setting above. +#record_host_keys=False + +# by default, Ansible requests a pseudo-terminal for commands executed under sudo. Uncomment this +# line to disable this behaviour. +#pty = False + +# paramiko will default to looking for SSH keys initially when trying to +# authenticate to remote devices. This is a problem for some network devices +# that close the connection after a key failure. Uncomment this line to +# disable the Paramiko look for keys function +#look_for_keys = False + +# When using persistent connections with Paramiko, the connection runs in a +# background process. If the host doesn't already have a valid SSH key, by +# default Ansible will prompt to add the host key. This will cause connections +# running in background processes to fail. Uncomment this line to have +# Paramiko automatically add host keys. +#host_key_auto_add = True + + +[ssh_connection] +# ssh arguments to use +# Leaving off ControlPersist will result in poor performance, so use +# paramiko on older platforms rather than removing it, -C controls compression use +ssh_args = -C -o ControlMaster=auto -o ControlPersist=60s -o ForwardAgent=yes + +# The base directory for the ControlPath sockets. +# This is the "%(directory)s" in the control_path option +# +# Example: +# control_path_dir = /tmp/.ansible/cp +#control_path_dir = ~/.ansible/cp + +# The path to use for the ControlPath sockets. This defaults to a hashed string of the hostname, +# port and username (empty string in the config). The hash mitigates a common problem users +# found with long hostnames and the conventional %(directory)s/ansible-ssh-%%h-%%p-%%r format. +# In those cases, a "too long for Unix domain socket" ssh error would occur. +# +# Example: +# control_path = %(directory)s/%%C +#control_path = + +# Enabling pipelining reduces the number of SSH operations required to +# execute a module on the remote server. This can result in a significant +# performance improvement when enabled, however when using "sudo:" you must +# first disable 'requiretty' in /etc/sudoers +# +# By default, this option is disabled to preserve compatibility with +# sudoers configurations that have requiretty (the default on many distros). +# +pipelining = True + +# Control the mechanism for transferring files (old) +# * smart = try sftp and then try scp [default] +# * True = use scp only +# * False = use sftp only +#scp_if_ssh = smart + +# Control the mechanism for transferring files (new) +# If set, this will override the scp_if_ssh option +# * sftp = use sftp to transfer files +# * scp = use scp to transfer files +# * piped = use 'dd' over SSH to transfer files +# * smart = try sftp, scp, and piped, in that order [default] +#transfer_method = smart + +# If False, sftp will not use batch mode to transfer files. This may cause some +# types of file transfer failures impossible to catch however, and should +# only be disabled if your sftp version has problems with batch mode +#sftp_batch_mode = False + +# The -tt argument is passed to ssh when pipelining is not enabled because sudo +# requires a tty by default. +#usetty = True + +# Number of times to retry an SSH connection to a host, in case of UNREACHABLE. +# For each retry attempt, there is an exponential backoff, +# so after the first attempt there is 1s wait, then 2s, 4s etc. up to 30s (max). +#retries = 3 + + +[persistent_connection] +# Configures the persistent connection timeout value in seconds. This value is +# how long the persistent connection will remain idle before it is destroyed. +# If the connection doesn't receive a request before the timeout value +# expires, the connection is shutdown. The default value is 30 seconds. +#connect_timeout = 30 + +# The command timeout value defines the amount of time to wait for a command +# or RPC call before timing out. The value for the command timeout must +# be less than the value of the persistent connection idle timeout (connect_timeout) +# The default value is 30 second. +#command_timeout = 30 + + +## Become Plugins ## + +# Settings for become plugins go under a section named '[[plugin_name]_become_plugin]' +# To view available become plugins, run ansible-doc -t become -l +# To view available options for a specific plugin, run ansible-doc -t become [plugin_name] +# https://docs.ansible.com/ansible/latest/plugins/become.html + +[sudo_become_plugin] +#flags = -H -S -n +#user = root + + +[selinux] +# file systems that require special treatment when dealing with security context +# the default behaviour that copies the existing context or uses the user default +# needs to be changed to use the file system dependent context. +#special_context_filesystems=fuse,nfs,vboxsf,ramfs,9p,vfat + +# Set this to True to allow libvirt_lxc connections to work without SELinux. +#libvirt_lxc_noseclabel = False + + +[colors] +#highlight = white +#verbose = blue +#warn = bright purple +#error = red +#debug = dark gray +#deprecate = purple +#skip = cyan +#unreachable = red +#ok = green +#changed = yellow +#diff_add = green +#diff_remove = red +#diff_lines = cyan + + +[diff] +# Always print diff when running ( same as always running with -D/--diff ) +#always = False + +# Set how many context lines to show in diff +#context = 3 + +[galaxy] +# Controls whether the display wheel is shown or not +#display_progress= + +# Validate TLS certificates for Galaxy server +#ignore_certs = False + +# Role or collection skeleton directory to use as a template for +# the init action in ansible-galaxy command +#role_skeleton= + +# Patterns of files to ignore inside a Galaxy role or collection +# skeleton directory +#role_skeleton_ignore="^.git$", "^.*/.git_keep$" + +# Galaxy Server URL +#server=https://galaxy.ansible.com + +# A list of Galaxy servers to use when installing a collection. +#server_list=automation_hub, release_galaxy + +# Server specific details which are mentioned in server_list +#[galaxy_server.automation_hub] +#url=https://cloud.redhat.com/api/automation-hub/ +#auth_url=https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token +#token=my_ah_token +# +#[galaxy_server.release_galaxy] +#url=https://galaxy.ansible.com/ +#token=my_token diff --git a/ansible/get_password.sh b/ansible/get_password.sh new file mode 100644 index 0000000..4f80fbf --- /dev/null +++ b/ansible/get_password.sh @@ -0,0 +1,3 @@ +#!/bin/sh + +[ -n "$VAULT_PASSWORD" ] && echo "$VAULT_PASSWORD" diff --git a/backup/Dockerfile b/backup/Dockerfile new file mode 100644 index 0000000..d66c2df --- /dev/null +++ b/backup/Dockerfile @@ -0,0 +1,6 @@ +FROM alpine:3.11 + +RUN apk --no-cache add squashfs-tools +COPY make_backup.sh /bin/make_backup +RUN chmod +x /bin/make_backup +CMD "/bin/make_backup" diff --git a/backup/Makefile b/backup/Makefile new file mode 100644 index 0000000..1989811 --- /dev/null +++ b/backup/Makefile @@ -0,0 +1,10 @@ +USERNAME = rilla +IMG_NAME = backup + +.PHONY: build build-nc + +build: Dockerfile make_backup.sh + docker build -t $(USERNAME)/$(IMG_NAME) . + +build-nc: Dockerfile make_backup.sh + docker build --no-cache -t $(USERNAME)/$(IMG_NAME) . diff --git a/backup/make_backup.sh b/backup/make_backup.sh new file mode 100644 index 0000000..463312e --- /dev/null +++ b/backup/make_backup.sh @@ -0,0 +1,32 @@ +#!/bin/sh + +if [ -n "$EXCLUDE" ]; then + dirs=$( \ + echo "${EXCLUDE}" | \ + tr " " "\n" | \ + awk -F' ' '{print "/src/"$0}' | \ + tr "\n" " " \ + ) + exclude_opt="-e ${dirs}" +else + exclude_opt="" +fi + +echo running: +echo mksquashfs \ + /src \ + "/dest/$(date +%F).sfs" \ + -comp gzip \ + -xattrs \ + -progress \ + -mem 512M \ + ${exclude_opt} + +mksquashfs \ + /src \ + "/dest/$(date +%F).sfs" \ + -comp gzip \ + -xattrs \ + -progress \ + -mem 512M \ + ${exclude_opt} diff --git a/buku/Dockerfile b/buku/Dockerfile new file mode 100644 index 0000000..cc7dee8 --- /dev/null +++ b/buku/Dockerfile @@ -0,0 +1,34 @@ +# buku + +FROM python:3.8-alpine3.11 + +ENV BUKUSERVER_PORT=5001 + +RUN apk add --no-cache --virtual .build-deps \ + gcc \ + openssl-dev \ + musl-dev \ + libffi-dev \ + git && \ + mkdir -p /usr/local/src && \ + git clone https://github.com/jarun/buku /usr/local/src/buku && \ + pip install -U --no-cache-dir \ + pip \ + gunicorn \ + "/usr/local/src/buku[server]" && \ + apk del .build-deps && \ + rm -r /usr/local/src + +RUN adduser -u 1006 -h /var/lib/buku -D buku && \ + adduser -u 1001 -D syncthing && addgroup syncthing buku && \ + mkdir -p /var/lib/buku/.local/share/buku && \ + chown -R buku:buku /var/lib/buku && \ + chown -R syncthing:buku /var/lib/buku/.local/share/buku && \ + chmod '2775' /var/lib/buku/.local/share/buku && \ + touch /var/lib/buku/.local/share/buku/bookmarks.db && chmod '664' /var/lib/buku/.local/share/buku/bookmarks.db + +VOLUME /var/lib/buku/.local/share/buku +EXPOSE ${BUKUSERVER_PORT} + +USER buku +ENTRYPOINT gunicorn --bind "0.0.0.0:${BUKUSERVER_PORT}" "bukuserver.server:create_app()" diff --git a/buku/Makefile b/buku/Makefile new file mode 100644 index 0000000..1b11ae4 --- /dev/null +++ b/buku/Makefile @@ -0,0 +1,10 @@ +USERNAME = rilla +IMG_NAME = buku + +.PHONY: build build-nc + +build: Dockerfile + docker build -t $(USERNAME)/$(IMG_NAME) . + +build-nc: Dockerfile + docker build --no-cache -t $(USERNAME)/$(IMG_NAME) . diff --git a/ddclient/Dockerfile b/ddclient/Dockerfile new file mode 100644 index 0000000..9471542 --- /dev/null +++ b/ddclient/Dockerfile @@ -0,0 +1,19 @@ +FROM alpine:3.12 + +ENV VERSION 3.9.1 +ENV DL_URL https://github.com/ddclient/ddclient/archive/v${VERSION}.tar.gz +#ENV PERL_MM_USE_DEFAULT 1 + +RUN apk add --no-cache \ + curl make wget \ + perl perl-utils perl-test-taint perl-netaddr-ip perl-net-ip \ + perl-yaml perl-log-log4perl perl-io-socket-ssl && \ + curl -L http://cpanmin.us | perl - Data::Validate::IP && \ + tmp=$(mktemp -d) && \ + curl -L "${DL_URL}" --output "${tmp}/ddclient.tar.gz" && \ + tar -xzf "${tmp}/ddclient.tar.gz" -C "${tmp}" && \ + cp "${tmp}/ddclient-${VERSION}/ddclient" /usr/bin/ddclient && \ + rm -r "${tmp}" && \ + mkdir -p /etc/ddclient /var/cache/ddclient + +CMD ["/usr/bin/ddclient", "-foreground"] diff --git a/ddclient/Makefile b/ddclient/Makefile new file mode 100644 index 0000000..4999147 --- /dev/null +++ b/ddclient/Makefile @@ -0,0 +1,10 @@ +USERNAME = rilla +IMG_NAME = ddclient + +.PHONY: build build-nc + +build: Dockerfile + docker build -t $(USERNAME)/$(IMG_NAME) . + +build-nc: Dockerfile + docker build --no-cache -t $(USERNAME)/$(IMG_NAME) . diff --git a/git-daemon/Dockerfile b/git-daemon/Dockerfile new file mode 100644 index 0000000..f99e47b --- /dev/null +++ b/git-daemon/Dockerfile @@ -0,0 +1,12 @@ +FROM alpine:3.12 + +RUN apk --no-cache add \ + fcgiwrap \ + spawn-fcgi \ + git-daemon + +COPY entrypoint /usr/local/bin/entrypoint +RUN chmod +x /usr/local/bin/entrypoint + +ENTRYPOINT ["/usr/local/bin/entrypoint"] +CMD "daemon" diff --git a/git-daemon/Makefile b/git-daemon/Makefile new file mode 100644 index 0000000..640b792 --- /dev/null +++ b/git-daemon/Makefile @@ -0,0 +1,10 @@ +USERNAME = rilla +IMG_NAME = git-daemon + +.PHONY: build build-nc + +build: Dockerfile entrypoint + docker build -t $(USERNAME)/$(IMG_NAME) . + +build-nc: Dockerfile entrypoint + docker build --no-cache -t $(USERNAME)/$(IMG_NAME) . diff --git a/git-daemon/entrypoint b/git-daemon/entrypoint new file mode 100644 index 0000000..23b63d2 --- /dev/null +++ b/git-daemon/entrypoint @@ -0,0 +1,17 @@ +#!/bin/sh + +case $1 in + daemon) + [ -n "$REPOS_DIR" ] && [ -d "$REPOS_DIR" ] && \ + exec git daemon \ + --reuseaddr \ + --base-path=/var/lib/git/repositories \ + /var/lib/git/repositories + ;; + fcgi) + FCGI_PORT=${FCGI_PORT:-9000} + exec spawn-fcgi -p "${FCGI_PORT}" -n /usr/bin/fcgiwrap + ;; + *) + exec "$@" +esac diff --git a/gitolite-stagit/Dockerfile b/gitolite-stagit/Dockerfile new file mode 100644 index 0000000..4ec7753 --- /dev/null +++ b/gitolite-stagit/Dockerfile @@ -0,0 +1,46 @@ +FROM alpine:3.12 + +RUN apk add --no-cache \ + gitolite \ + openssh-server \ + su-exec \ + libgit2 && \ + apk add --no-cache --virtual .build-deps \ + gcc \ + make \ + musl-dev \ + libgit2-dev && \ + git clone git://git.codemadness.org/stagit /tmp/stagit && \ + make -C /tmp/stagit && \ + make -C /tmp/stagit install && \ + rm -r /tmp/stagit && \ + apk del .build-deps && \ + passwd -u git && \ + mkdir -p /opt/gitolite-local/hooks/common + +COPY sshd_config /etc/ssh/sshd_config +COPY gitolite.rc /var/lib/git/.gitolite.rc + +COPY bin/. /usr/local/bin/ +COPY local_code/. /opt/gitolite-local/ + +RUN chown -R git:git /var/lib/git && \ + chmod +x \ + /usr/local/bin/entrypoint \ + /usr/local/bin/build-stagit-index \ + /usr/local/bin/build-stagit-repo \ + /usr/local/bin/build-stagit-repos \ + /usr/local/bin/set-url \ + /usr/local/bin/set-urls \ + /usr/local/bin/set-owner \ + /usr/local/bin/set-owners \ + /opt/gitolite-local/hooks/common/post-receive \ + /opt/gitolite-local/triggers/build-stagit-index \ + /opt/gitolite-local/triggers/build-stagit-repos \ + /opt/gitolite-local/triggers/set-url \ + /opt/gitolite-local/triggers/set-urls \ + /opt/gitolite-local/triggers/set-owners \ + /opt/gitolite-local/triggers/set-owner + +ENTRYPOINT ["/usr/local/bin/entrypoint"] +CMD ["/usr/sbin/sshd", "-D", "-e"] diff --git a/gitolite-stagit/Makefile b/gitolite-stagit/Makefile new file mode 100644 index 0000000..d91f2cc --- /dev/null +++ b/gitolite-stagit/Makefile @@ -0,0 +1,16 @@ +USERNAME = rilla +IMG_NAME = gitolite-stagit + +.PHONY: build build-nc + +BIN=$(wildcard bin/*) +HOOKS=$(wildcard local_code/hooks/*) +TRIGGERS=$(wildcard local_code/triggers/*) + +DEPS=Dockerfile $(BIN) $(HOOKS) $(TRIGGERS) gitolite.rc sshd_config + +build: $(DEPS) + docker build -t $(USERNAME)/$(IMG_NAME) . + +build-nc: $(DEPS) + docker build --no-cache -t $(USERNAME)/$(IMG_NAME) . diff --git a/gitolite-stagit/bin/build-stagit-index b/gitolite-stagit/bin/build-stagit-index new file mode 100644 index 0000000..cb81ac3 --- /dev/null +++ b/gitolite-stagit/bin/build-stagit-index @@ -0,0 +1,16 @@ +#!/bin/sh + +set -e + +STAGIT_DIR="${STAGIT_DIR:-/var/lib/git/stagit}" +GL_REPO_BASE="${GL_REPO_BASE:-/var/lib/git/repositories}" + +gitolite list-phy-repos | \ + gitolite access % stagit R any | \ + awk \ + -F'\t' \ + -v d="${GL_REPO_BASE}" \ + '{if ($3 !~ "DENIED") print d"/"$1".git"}' | \ + xargs -r /usr/local/bin/stagit-index | \ + sed 's|\(\)|\1\2|' > \ + "${STAGIT_DIR}/index.html" diff --git a/gitolite-stagit/bin/build-stagit-repo b/gitolite-stagit/bin/build-stagit-repo new file mode 100644 index 0000000..a239d80 --- /dev/null +++ b/gitolite-stagit/bin/build-stagit-repo @@ -0,0 +1,22 @@ +#!/bin/sh + +set -e + +[ -z "${1}" ] && exit + +STAGIT_DIR="${STAGIT_DIR:-/var/lib/git/stagit}" +GL_REPO_BASE="${GL_REPO_BASE:-/var/lib/git/repositories}" + +out_dir="${STAGIT_DIR}/${1}" +repo_dir="${GL_REPO_BASE}/${1}.git" + +echo "running stagit for '${1}'" + +if gitolite access "${1}" stagit R any; then + mkdir -p "${out_dir}" && \ + cd "${out_dir}" && \ + /usr/local/bin/stagit "${repo_dir}" && + ln -sf files.html index.html +else + rm -rf "${out_dir}" +fi diff --git a/gitolite-stagit/bin/build-stagit-repos b/gitolite-stagit/bin/build-stagit-repos new file mode 100644 index 0000000..f7244c2 --- /dev/null +++ b/gitolite-stagit/bin/build-stagit-repos @@ -0,0 +1,7 @@ +#!/bin/sh + +set -e + +for repo in $(gitolite list-phy-repos); do + /usr/local/bin/build-stagit-repo "${repo}" +done diff --git a/gitolite-stagit/bin/entrypoint b/gitolite-stagit/bin/entrypoint new file mode 100644 index 0000000..b92f1c7 --- /dev/null +++ b/gitolite-stagit/bin/entrypoint @@ -0,0 +1,51 @@ +#!/bin/sh + +set -e + +env | awk -F"=" '{ print $1"=\""$2"\"" }' > /etc/env + +for algorithm in rsa dsa ecdsa ed25519; do + keyfile="/etc/ssh/keys/ssh_host_${algorithm}_key" + [ -f "$keyfile" ] || \ + ssh-keygen -q -N '' -f "$keyfile" -t "$algorithm" +done + +BASE_DIR=/var/lib/git + +echo "fixing permissions..." + +mkdir -p \ + "${BASE_DIR}/.gitolite/conf" \ + "${BASE_DIR}/.gitolite/hooks" \ + "${BASE_DIR}/.gitolite/keydir" \ + "${BASE_DIR}/.gitolite/logs" +chown -R git:git \ + "${BASE_DIR}/.gitolite" \ + "${BASE_DIR}/.ssh" \ + "${BASE_DIR}/stagit" \ + "${BASE_DIR}/repositories" + +if [ ! -f "${BASE_DIR}/.ssh/authorized_keys" ]; then + if [ -z "$SSH_KEY" ]; then + echo "SSH_KEY needs to be set" + exit 1 + fi + SSH_KEY_NAME=${SSH_KEY_NAME:-admin} + echo "$SSH_KEY" > "/tmp/${SSH_KEY_NAME}.pub" + echo "gitolite's initial setup" + su-exec git gitolite setup -pk "/tmp/${SSH_KEY_NAME}.pub" + rm "/tmp/${SSH_KEY_NAME}.pub" +else + # stuff is already set up, but check the setup anyway + echo "gitolite's sanity setup" + su-exec git gitolite setup +fi + +echo "building static site" +su-exec git set-urls +su-exec git set-owners +su-exec git build-stagit-repos +su-exec git build-stagit-index + +echo "gitolite is ready,starting sshd" +exec "$@" diff --git a/gitolite-stagit/bin/set-owner b/gitolite-stagit/bin/set-owner new file mode 100644 index 0000000..7bf4afd --- /dev/null +++ b/gitolite-stagit/bin/set-owner @@ -0,0 +1,16 @@ +#!/bin/sh + +set -e + +[ -z "$1" ] && exit 0 + +GL_REPO_BASE="${GL_REPO_BASE:-/var/lib/git/repositories}" +owner_file="${GL_REPO_BASE}/${1}.git/owner" + +if owner=$(gitolite git-config "${1}" gitweb.owner); then + echo "setting owner for '${1}'" + echo "${owner}" > "${owner_file}" +else + echo "usetting owner for '${1}'" + rm -f "${owner_file}" +fi diff --git a/gitolite-stagit/bin/set-owners b/gitolite-stagit/bin/set-owners new file mode 100644 index 0000000..d043216 --- /dev/null +++ b/gitolite-stagit/bin/set-owners @@ -0,0 +1,7 @@ +#!/bin/sh + +set -e + +for repo in $(gitolite list-phy-repos); do + /usr/local/bin/set-owner "${repo}" +done diff --git a/gitolite-stagit/bin/set-url b/gitolite-stagit/bin/set-url new file mode 100644 index 0000000..64005d5 --- /dev/null +++ b/gitolite-stagit/bin/set-url @@ -0,0 +1,18 @@ +#!/bin/sh + +set -e + +[ -z "$1" ] && exit 0 + +GL_REPO_BASE="${GL_REPO_BASE:-/var/lib/git/repositories}" +repo_dir="${GL_REPO_BASE}/${1}.git" + +# shellcheck disable=SC1091 +[ -z "${REPOS_URL}" ] && [ -f /etc/env ] && . /etc/env + +echo "setting url for '${1}'" +if [ -z "$REPOS_URL" ]; then + echo "REPOS_URL not set" + exit 0 +fi +[ -d "$repo_dir" ] && echo "${REPOS_URL}/${1}" > "${repo_dir}/url" diff --git a/gitolite-stagit/bin/set-urls b/gitolite-stagit/bin/set-urls new file mode 100644 index 0000000..bce255e --- /dev/null +++ b/gitolite-stagit/bin/set-urls @@ -0,0 +1,7 @@ +#!/bin/sh + +set -e + +for repo in $(gitolite list-phy-repos); do + /usr/local/bin/set-url "${repo}" +done diff --git a/gitolite-stagit/gitolite.rc b/gitolite-stagit/gitolite.rc new file mode 100644 index 0000000..4d7da89 --- /dev/null +++ b/gitolite-stagit/gitolite.rc @@ -0,0 +1,216 @@ +# configuration variables for gitolite + +# This file is in perl syntax. But you do NOT need to know perl to edit it -- +# just mind the commas, use single quotes unless you know what you're doing, +# and make sure the brackets and braces stay matched up! + +# (Tip: perl allows a comma after the last item in a list also!) + +# HELP for commands can be had by running the command with "-h". + +# HELP for all the other FEATURES can be found in the documentation (look for +# "list of non-core programs shipped with gitolite" in the master index) or +# directly in the corresponding source file. + +%RC = ( + + # ------------------------------------------------------------------ + + # default umask gives you perms of '0700'; see the rc file docs for + # how/why you might change this + UMASK => 0077, + + # look for "git-config" in the documentation + GIT_CONFIG_KEYS => 'gitweb.description gitweb.owner', + + # comment out if you don't need all the extra detail in the logfile + LOG_EXTRA => 1, + # logging options + # 1. leave this section as is for 'normal' gitolite logging (default) + # 2. uncomment this line to log ONLY to syslog: + # LOG_DEST => 'syslog', + # 3. uncomment this line to log to syslog and the normal gitolite log: + # LOG_DEST => 'syslog,normal', + # 4. prefixing "repo-log," to any of the above will **also** log just the + # update records to "gl-log" in the bare repo directory: + # LOG_DEST => 'repo-log,normal', + # LOG_DEST => 'repo-log,syslog', + # LOG_DEST => 'repo-log,syslog,normal', + # syslog 'facility': defaults to 'local0', uncomment if needed. For example: + # LOG_FACILITY => 'local4', + + # roles. add more roles (like MANAGER, TESTER, ...) here. + # WARNING: if you make changes to this hash, you MUST run 'gitolite + # compile' afterward, and possibly also 'gitolite trigger POST_COMPILE' + ROLES => { + READERS => 1, + WRITERS => 1, + }, + + # enable caching (currently only Redis). PLEASE RTFM BEFORE USING!!! + # CACHE => 'Redis', + + # ------------------------------------------------------------------ + + # rc variables used by various features + + # the 'info' command prints this as additional info, if it is set + # SITE_INFO => 'Please see http://blahblah/gitolite for more help', + + # the CpuTime feature uses these + # display user, system, and elapsed times to user after each git operation + # DISPLAY_CPU_TIME => 1, + # display a warning if total CPU times (u, s, cu, cs) crosses this limit + # CPU_TIME_WARN_LIMIT => 0.1, + + # the Mirroring feature needs this + # HOSTNAME => "foo", + + # TTL for redis cache; PLEASE SEE DOCUMENTATION BEFORE UNCOMMENTING! + # CACHE_TTL => 600, + + # ------------------------------------------------------------------ + + # suggested locations for site-local gitolite code (see cust.html) + + # this one is managed directly on the server + LOCAL_CODE => "/opt/gitolite-local", + #LOCAL_CODE => "$ENV{HOME}/local", + + # or you can use this, which lets you put everything in a subdirectory + # called "local" in your gitolite-admin repo. For a SECURITY WARNING + # on this, see http://gitolite.com/gitolite/non-core.html#pushcode + # LOCAL_CODE => "$rc{GL_ADMIN_BASE}/local", + + # ------------------------------------------------------------------ + + #POST_COMPILE => [], + POST_COMPILE => [ + 'set-urls', + 'set-owners', + 'build-stagit-repos', + 'build-stagit-index' + ], + + POST_CREATE => [ + 'set-url', + 'set-owner' + ], + + # List of commands and features to enable + ENABLE => [ + + # COMMANDS + + # These are the commands enabled by default + 'help', + 'desc', + 'info', + 'perms', + 'writable', + + # Uncomment or add new commands here. + # 'create', + # 'fork', + # 'mirror', + # 'readme', + # 'sskm', + # 'D', + + # These FEATURES are enabled by default. + + # essential (unless you're using smart-http mode) + 'ssh-authkeys', + + # creates git-config entries from gitolite.conf file entries like 'config foo.bar = baz' + 'git-config', + + # creates git-daemon-export-ok files; if you don't use git-daemon, comment this out + 'daemon', + + # creates projects.list file; if you don't use gitweb, comment this out + #'gitweb', + + # These FEATURES are disabled by default; uncomment to enable. If you + # need to add new ones, ask on the mailing list :-) + + # user-visible behaviour + + # prevent wild repos auto-create on fetch/clone + # 'no-create-on-read', + # no auto-create at all (don't forget to enable the 'create' command!) + # 'no-auto-create', + + # access a repo by another (possibly legacy) name + # 'Alias', + + # give some users direct shell access. See documentation in + # sts.html for details on the following two choices. + # "Shell $ENV{HOME}/.gitolite.shell-users", + # 'Shell alice bob', + + # set default roles from lines like 'option default.roles-1 = ...', etc. + # 'set-default-roles', + + # show more detailed messages on deny + # 'expand-deny-messages', + + # show a message of the day + # 'Motd', + + # system admin stuff + + # enable mirroring (don't forget to set the HOSTNAME too!) + # 'Mirroring', + + # allow people to submit pub files with more than one key in them + # 'ssh-authkeys-split', + + # selective read control hack + # 'partial-copy', + + # manage local, gitolite-controlled, copies of read-only upstream repos + # 'upstream', + + # updates 'description' file instead of 'gitweb.description' config item + 'cgit', + + # allow repo-specific hooks to be added + #'repo-specific-hooks', + + # performance, logging, monitoring... + + # be nice + # 'renice 10', + + # log CPU times (user, system, cumulative user, cumulative system) + # 'CpuTime', + + + # syntactic_sugar for gitolite.conf and included files + + # allow backslash-escaped continuation lines in gitolite.conf + # 'continuation-lines', + + # create implicit user groups from directory names in keydir/ + # 'keysubdirs-as-groups', + + # allow simple line-oriented macros + 'macros', + + # Kindergarten mode + + # disallow various things that sensible people shouldn't be doing anyway + # 'Kindergarten', + ], + +); + +# ------------------------------------------------------------------------------ +# per perl rules, this should be the last line in such a file: +1; + +# Local variables: +# mode: perl +# End: +# vi: ft=perl diff --git a/gitolite-stagit/local_code/hooks/common/post-receive b/gitolite-stagit/local_code/hooks/common/post-receive new file mode 100644 index 0000000..6121394 --- /dev/null +++ b/gitolite-stagit/local_code/hooks/common/post-receive @@ -0,0 +1,8 @@ +#!/bin/sh + +set -e + +[ -n "${GL_REPO}" ] && \ + /usr/local/bin/set-url "${GL_REPO}" && \ + /usr/local/bin/set-owner "${GL_REPO}" && \ + /usr/local/bin/build-stagit-repo "${GL_REPO}" diff --git a/gitolite-stagit/local_code/triggers/build-stagit-index b/gitolite-stagit/local_code/triggers/build-stagit-index new file mode 100644 index 0000000..fe32b11 --- /dev/null +++ b/gitolite-stagit/local_code/triggers/build-stagit-index @@ -0,0 +1,3 @@ +#!/bin/sh + +/usr/local/bin/build-stagit-index diff --git a/gitolite-stagit/local_code/triggers/build-stagit-repos b/gitolite-stagit/local_code/triggers/build-stagit-repos new file mode 100644 index 0000000..6ce6834 --- /dev/null +++ b/gitolite-stagit/local_code/triggers/build-stagit-repos @@ -0,0 +1,3 @@ +#!/bin/sh + +/usr/local/bin/build-stagit-repos diff --git a/gitolite-stagit/local_code/triggers/set-owner b/gitolite-stagit/local_code/triggers/set-owner new file mode 100644 index 0000000..4d7faba --- /dev/null +++ b/gitolite-stagit/local_code/triggers/set-owner @@ -0,0 +1,5 @@ +#!/bin/sh + +set -e + +[ -n "$2" ] && /usr/local/bin/set-owner "$2" diff --git a/gitolite-stagit/local_code/triggers/set-owners b/gitolite-stagit/local_code/triggers/set-owners new file mode 100644 index 0000000..018403e --- /dev/null +++ b/gitolite-stagit/local_code/triggers/set-owners @@ -0,0 +1,5 @@ +#!/bin/sh + +set -e + +/usr/local/bin/set-owners diff --git a/gitolite-stagit/local_code/triggers/set-url b/gitolite-stagit/local_code/triggers/set-url new file mode 100644 index 0000000..5d68ae1 --- /dev/null +++ b/gitolite-stagit/local_code/triggers/set-url @@ -0,0 +1,5 @@ +#!/bin/sh + +set -e + +[ -n "$2" ] && /usr/local/bin/set-url "$2" diff --git a/gitolite-stagit/local_code/triggers/set-urls b/gitolite-stagit/local_code/triggers/set-urls new file mode 100644 index 0000000..82b487c --- /dev/null +++ b/gitolite-stagit/local_code/triggers/set-urls @@ -0,0 +1,5 @@ +#!/bin/sh + +set -e + +/usr/local/bin/set-urls diff --git a/gitolite-stagit/sshd_config b/gitolite-stagit/sshd_config new file mode 100644 index 0000000..dd5414f --- /dev/null +++ b/gitolite-stagit/sshd_config @@ -0,0 +1,23 @@ +Port 22 +Protocol 2 + +PermitRootLogin no +AllowUsers git + +PasswordAuthentication no +PermitEmptyPasswords no +PubkeyAuthentication yes + +HostKey /etc/ssh/keys/ssh_host_rsa_key +HostKey /etc/ssh/keys/ssh_host_dsa_key +HostKey /etc/ssh/keys/ssh_host_ecdsa_key +HostKey /etc/ssh/keys/ssh_host_ed25519_key + +X11Forwarding no +PrintMotd no + +ClientAliveInterval 300 +ClientAliveCountMax 2 +KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group18-sha512 +MACs umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com +HostKeyAlgorithms ssh-rsa,rsa-sha2-256,rsa-sha2-512 diff --git a/gitolite/Dockerfile b/gitolite/Dockerfile new file mode 100644 index 0000000..143c866 --- /dev/null +++ b/gitolite/Dockerfile @@ -0,0 +1,36 @@ +FROM alpine:3.12 + +RUN apk add --update --no-cache \ + docker-compose \ + docker \ + git \ + openssh-server \ + perl \ + shadow \ + su-exec + +RUN adduser -h /var/lib/git -D git && \ + adduser git docker && \ + mkdir -p /var/lib/git/local/hooks && \ + chown -R git:git /var/lib/git && \ + usermod -p '*' git && \ + passwd -u git + +RUN mkdir -p /usr/local/src && \ + git clone https://github.com/sitaramc/gitolite /usr/local/src/gitolite && \ + /usr/local/src/gitolite/install -ln /usr/local/bin + +RUN mkdir -p /opt/docker-services + +COPY sshd_config /etc/ssh/sshd_config + +VOLUME /etc/ssh/keys +VOLUME /var/lib/git + +COPY docker-entrypoint.sh /entrypoint +RUN chmod +x /entrypoint +ENTRYPOINT ["/entrypoint"] + +EXPOSE 22 + +CMD ["/usr/sbin/sshd", "-D", "-e"] diff --git a/gitolite/Makefile b/gitolite/Makefile new file mode 100644 index 0000000..a298f9b --- /dev/null +++ b/gitolite/Makefile @@ -0,0 +1,10 @@ +USERNAME = rilla +IMG_NAME = gitolite + +.PHONY: build build-nc + +build: Dockerfile docker-entrypoint.sh sshd_config + docker build -t $(USERNAME)/$(IMG_NAME) . + +build-nc: Dockerfile docker-entrypoint.sh sshd_config + docker build --no-cache -t $(USERNAME)/$(IMG_NAME) . diff --git a/gitolite/docker-entrypoint.sh b/gitolite/docker-entrypoint.sh new file mode 100644 index 0000000..1dc373e --- /dev/null +++ b/gitolite/docker-entrypoint.sh @@ -0,0 +1,41 @@ +#!/bin/sh + +set -xe + +[ -n "$DOCKER_GID" ] && groupmod -g "${DOCKER_GID}" docker + +for algorithm in rsa dsa ecdsa ed25519 +do + keyfile="/etc/ssh/keys/ssh_host_${algorithm}_key" + [ -f "$keyfile" ] || ssh-keygen -q -N '' -f "$keyfile" -t "$algorithm" +done + +BASE_DIR=/var/lib/git + +echo "fixing gitolite's permissions..." +find "${BASE_DIR}" \ + -not -path "${BASE_DIR}/.gitolite.rc" \ + -and -not -path "${BASE_DIR}/local/hooks/repo-specific*" \ + -exec chown git:git {} \; + +if [ ! -f "${BASE_DIR}/.ssh/authorized_keys" ] +then + if [ -n "$SSH_KEY" ] + then + [ -n "$SSH_KEY_NAME" ] || SSH_KEY_NAME="admin" + echo "$SSH_KEY" > "/tmp/${SSH_KEY_NAME}.pub" + echo "gitolite's initial setup" + su-exec git gitolite setup -pk "/tmp/${SSH_KEY_NAME}.pub" + rm "/tmp/${SSH_KEY_NAME}.pub" + else + echo "SSH_KEY needs to be set" + exit 1 + fi +else + # stuff is already set up, but check the setup anyway + echo "gitolite's sanity setup" + su-exec git gitolite setup +fi + +echo "gitolite is ready,starting sshd" +exec "$@" diff --git a/gitolite/sshd_config b/gitolite/sshd_config new file mode 100644 index 0000000..dd5414f --- /dev/null +++ b/gitolite/sshd_config @@ -0,0 +1,23 @@ +Port 22 +Protocol 2 + +PermitRootLogin no +AllowUsers git + +PasswordAuthentication no +PermitEmptyPasswords no +PubkeyAuthentication yes + +HostKey /etc/ssh/keys/ssh_host_rsa_key +HostKey /etc/ssh/keys/ssh_host_dsa_key +HostKey /etc/ssh/keys/ssh_host_ecdsa_key +HostKey /etc/ssh/keys/ssh_host_ed25519_key + +X11Forwarding no +PrintMotd no + +ClientAliveInterval 300 +ClientAliveCountMax 2 +KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group18-sha512 +MACs umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com +HostKeyAlgorithms ssh-rsa,rsa-sha2-256,rsa-sha2-512 diff --git a/ledger-web/Dockerfile b/ledger-web/Dockerfile new file mode 100644 index 0000000..6aa536b --- /dev/null +++ b/ledger-web/Dockerfile @@ -0,0 +1,24 @@ +# ledger-web + +FROM python:3.8-slim-buster + +RUN apt-get update && \ + apt-get install -y git g++ gosu && \ + rm -rf /var/lib/apt/lists/* + +RUN useradd -m ledger + +RUN git clone https://github.com/vifon/ledger-web /home/ledger/ledger-web + +RUN pip install -r /home/ledger/ledger-web/requirements.txt + +RUN mkdir -p /home/ledger/db +VOLUME /home/ledger/db + +COPY docker-entrypoint.sh /entrypoint + +RUN chmod +x /entrypoint + +WORKDIR /home/ledger/ledger-web + +ENTRYPOINT ["/entrypoint"] diff --git a/ledger-web/Makefile b/ledger-web/Makefile new file mode 100644 index 0000000..c535981 --- /dev/null +++ b/ledger-web/Makefile @@ -0,0 +1,10 @@ +USERNAME = rilla +IMG_NAME = ledger-web + +.PHONY: build build-nc + +build: Dockerfile + docker build -t $(USERNAME)/$(IMG_NAME) . + +build-nc: Dockerfile + docker build --no-cache -t $(USERNAME)/$(IMG_NAME) . diff --git a/ledger-web/db/db.sqlite3 b/ledger-web/db/db.sqlite3 new file mode 100644 index 0000000000000000000000000000000000000000..724b2f38b41bd093275263e406b483c43bfda577 GIT binary patch literal 159744 zcmeI5du$xXeaCNk?<4O<5=osbk>ZgQMII=Uw|BSqkn0B})3#z+FH5#n*H|p?mekqz zpzn^7g#>P>*fEl{D9|85n*vS$aa%Zl6==}{XEH2&Jo9PuCk0w4eaAOHd&00JNY z0w4eaAOHeCdjg}WICVM}`6nNFpM05A$z>+xIh{LqI(UmbdW=-}YD z2ER0TX>c(1&Dh(qGqIuQ-$Z{S`a<*=&4>>OfB*=900@8p2;7$ha$`Z?_{?%g?{sRd zW+#)$$ZD-w>(;b-Hj~XPWC{y%IVBfP=S!z^rNvw+mzOiAj|F`b@^W3TuIp`evqp0% zYFn?gb*-zbo6Ty=E3aIZb4vcPqcrcsj=XtQ+w8W~Y(_3;l&qp=a!Rq^L2dH z`623H!r>sdO_{~TQnpmilpZ_MS7z2;W~QWO<&0;U1w~erTs}!1%s9&20aI}?pU)QZ z^4Y^d-)yg{oz2xotxHiA>_z8fHJepRUe(Pi`BEl(cGS~};&zhB%3e+~rA#iLd1Qn- zSu*wal;qX+W?fe+twuv{cKfpz7E7gqT+W^y_SBHGYsi*VIWK3uoD}73v6MM`$kU0V zAq*!T6)7w#wCk0MrGwN-uOWIB*`YBCi@9v3RLVVmAm|%?YMJ)58?=wh>gGn3b=Hk` z>-F2}hTd+}j1k~f0Xdf`=Zj|v_3*6eA){*bF75s6?bhao+SD4l+R$EC>w0s&d!yfp zvRGD1Ii>Vef;zb-oMg(v$!3Ros%xF@-8d>LnPR^5WSlyB&U93=J7V7MLXe{5m3;P@ zA?oL4(@#TW!!uLR;56UbUl;^Kx-{kUBeOIxEmQ;kC_L zoAt0}m-evk?G3%7(jnl{O_W8sP$(8NXJXXFGo}mL%{gTYP`$NYYpTu7y2t#aEM~I# zVy^Ufl=?8+Izy)y%SVq*YoqH?k^EvwE|d%Tvk~gSZ0ii|=#~e)q1Ea;wsn57K!<;+ z{B)Q)dBLm-?daTz)z@}!?EGTBm?J2-xnq?`N%($?~s?spOdeUFOV+L?#tUaM1cSZfB*=9 z00@8p2!H?xfB*=9!2L%c8T99*>ML4vy=86<@x6=K=pnxx5!=ef<{sanjK}?x5w_$v zcH4%A{1e6{+s&cXOL|msIOLy~cphuRWp3E-Ux{xjE{VgY>;0jt7L`z8TnoEL-GNQ#0LaG00ck)1V8`;KmY_l00ck)1b$8lj0DDy zN#=88;_uj4U}jpfKek}|9*qY^NBI(+E#o7Jz-W?R@h57+!-3IBerYY=Lx%#%afz?n z&8HTE$-rzf}EZnCL}s*4UG31IfU|WVH7voAG5s>)v3` z|HsIZk9Y1^8=WBWc73HU}w*%3Wk|Hs4hD#@<+`u|XfUQV)0YyE#P81N;>9qa$Y zfq-u|*}wiD_0#xKM?72q9~=nyCd_DK{hyR*)TGDypPm2D4SnPzKO*0yPyfG5ev5pL z+#>7bMe-!clM`fwNQoaOzMuH(#2+SpJMsC%X5!_Ii3he<5GlqVwd9w z0@9=u<}UckbBq%R3m-h{m=PtM@TjA_>;i`$efx{2YICf+$BFRKfrAQ z!XJ+!MwD>IqY}K*0p^Kc$N9CNyJ5@gAr9Lwys(%-BStu3F)@zc&wQ}UD0eZyU9jW$ z2+uGeT(Fq15hGl%m=Jd{z+AA);7A}kFBy3F|4745@96^oQTkNB(PyngeLs&j0rjj0 z4h5oV-nlGOw*II8=|4Uo00JNY0w4eaAOHd&00JNY0w4ea4=@4t{6E(J4{!scY9Igt zAOHd&00JNY0w4eaAOHd&KnY;|k8S`0AOHd&00JNY0w4eaAOHd&00Iv_0j&QY{5D1n zK>!3m00ck)1V8`;KmY_l00ck)|Nb9+00ck)1V8`;KmY_l00ck)1V8`;9()2g|9|k? z7&Qa|5C8!X009sH0T2KI5C8!X00FH3(FZ^P1V8`;KmY_l00ck)1V8`;K;XeAz@Gn~ zBcnd@Kjb6w6Y?YSA^Au0599;#E%I07FUU8@ACo^IUnB33uae&+UnIXu-X>e*lVp>$ zNR3p;%j5-enLI;Q$YZ2Ta%6$bl1XxmI>ZMAKmY_l00ck)1V8`;KmY_l00i!L0ztnd z#pZZ8%fpjAoMB<~1P`ZqIK{(B7DiG$oZ#Vc9*(mxJjTOgJUq(7hgcXo!owsF5A$%8 zg~1UX4)gF34-c|1aDaz|hY23WS?C|);UEuVJdCn%Ai~2i4?{c*2K-Sezyd!D2K@eL z6zBi3N{-y^Qt4E{LumMiL>FSib)!pVyZ(w1CnR`u7buV~Hnma0`7wWeBc zt*e_Iy{*=&YDFpJ^;NClHW)j5Wo7y5O6uH&CstleO}Uf%@=v8MUg$TQO3h7)lBUvI za}(jDN+n(PmQ-mqyLz*$c5iR!Tv~p$qL=hlciG2wk+z+m?IpT$Or<~b#_@1+VL^I( zsjIElb+-cd^|(-Ub@|Ns6>kc)>Qt&m>$k4AQx`5?O?C_X@!rX!~W4nQkism>l4Xvvb8L2y~g`$PlM6# zH}rO+*6Gmp>8RFs)@S9l)m3FJTiHItQD^Vn-f$bwMlaqz8>8gVLA>r_ zDzn~hZEkdWW0_yFT9orSB~!^%)Xiq?HLEDYd{|WA+J$qMuk|Jfx799A-L)`W+oucK zKTJKe2B!~(lj~(^OS5WVq*_&VH$^F5Q7YxE&Xx5UAM$91J|kBXm>zB7`?7f9pFa>z zzD&hGyOVgs6NSGjXET-6wX(PFgLkF7&)II0%?wlNJDEW~^}RXFr#^SPy03?X9x?T~ zlf{_rAK^PqeIM7n(5qy>oW2Q%+Y0r&%w*}olfFy$e53ZrxOHnZlH7_eOLvy69>byV zz~1ErDpyC9^IBoGkjuKpuRHgVT}HCozBi^V1$@r4muBl|JiFV6Ylu5M(Q!UJ5>8&G zGnL}1IB$-QYPO(SE-Fe{$>-hu?Xbu2;1afT;MQx{F_mUnbVyu?gp=j6^k&f-5=N>e zzr&UE#YR1bN1xF>4U(R`pKWKR)2>x1{^O$WS4-bmu`=A{fT4Z4b(B!OM zE!hMc1|!?a+$O(UoMGma^a`Pqh`%h|nYM6pJKJPo8&OsxvN4^hRC8HnHDk>neOV6( z%^tr4`fRO%yF)RyO7%HlRWl;#FU!6@n!fYmP&m1~EWP=#H9~oVxm(R@8FxzDW2Abz z5PiIV*!_Rp(i}KFRv3F9tCt2s$@zKdItSZ%tzPTuYDa%$ zy{6N3SKqQMjr0Hhc^xqz00JNY0w4eaAOHd&00JNY0wD095r`+=^9}pn^2Pr>K0o9i zT!?)(^7oP7iwuW<5c+=T(ZDwYvj4?_+tL^rAYZ3uAJ1oNXE5p=wH{kS!E)PLo-&-{L&`-zmSbb?5ZLc4cg3(QWi!d^Vg+r=>Sr zeBXy2tJA}9b+bnI7^^Mk)r@n;$C=0+^PRa}&(!;NzgRZ0TeQoe4&7s{Yn`r2A4q85 zRyS&uSL<{~=*;7yb#GV{t+*50fwoK-FP7cf50f+5ykooUV{eW0*7KhTCvVHr9m2b` zs7hyZwNdM;?ajKbZfLi4y|;^BX*C+`S(1FIk}c$`#y)m`uCS=Sa}T@U?ryvrW1v5; z!H`h4u9)s&dN(|RhL zlx69ysJ%(lp(e6Zm*|zT>s0Q3JWAy3J>aAi9R1;AY3_7R z2_>JJlzhB(#Q6q2QEKsPm7gschg7olePZiiKAfDKl(rh2nw4UGBThzE!o3X_$Ki#n z*dF~#853Pv&V`aI6FXLf6Ey0v0n722shkCNpE(a*wNbOzP>A8NKQMs2qY z@yv1h;ftZ<#q@UfM5l69c3z*P#3GCu&j0t)caRqZKmY_l00ck)1V8`;KmY_l00j02 z0j&S`M>|0!2!H?xfB*=900@8p2!H?xfB*>Wg#gz7d!dKCAOHd&00JNY0w4eaAOHd& z00JPeKL}v`zdzauDnS4QKmY_l00ck)1V8`;KmY_lU@ru){@)8d?uQ_^0F7;*0Un(D#Pk9s2ap>d>P@ zM+g6F@CSo`I{1~rPYqrkOvU~s_Fn9FVz0+8QHS_|00@8p2!H?xfB*>WdjeB)L7z0U z5W88UZwnQ#t~#qVQ|vk=u20TVo3tFGZ$H!N`NKMex>G_C|YNiW~+~T-lA+(tm zLKM3^I!-OdXCh3DnaotM@5jez+GIM+OXqI^?G?|jrjF6{nT4<@zh@x?7&b=@8=;_Q zBP8(av4^P5#B7*p=ov5({9^71O`Xq$xC-k1Hx3oqeAR1bxwY#pojZWykDgyr|-PUo0Frzw+Zv%~ZM`~J3!3V;9zfB*=900@8p2!H?x zfB*=9z^(+a{@)c53_t(`KmY_l00ck)1V8`;KmY_lVBZtKzyII&O^6DB00@8p2!H?x zfB*=900@8p2!Oz@1aSVpD`DOZ|6LKm00ck)1V8`;KmY_l00ck)1V8`;_B{ct|Mz_p zq5>cQ0w4eaAOHd&00JNY0w4eaAh0U|{QLi15y1ciKmY_l00ck)1V8`;KmY_l00j0u j0j&S`eG{SrAOHd&00JNY0w4eaAOHd&00JPeD}nz5G?y%K literal 0 HcmV?d00001 diff --git a/ledger-web/docker-entrypoint.sh b/ledger-web/docker-entrypoint.sh new file mode 100644 index 0000000..69b9b6b --- /dev/null +++ b/ledger-web/docker-entrypoint.sh @@ -0,0 +1,6 @@ +#!/bin/sh + +gosu ledger /home/ledger/ledger-web/manage.py makemigrations && \ +gosu ledger /home/ledger/ledger-web/manage.py migrate + +exec gosu ledger "$@" diff --git a/ledger-web/settings.py b/ledger-web/settings.py new file mode 100644 index 0000000..78cba3b --- /dev/null +++ b/ledger-web/settings.py @@ -0,0 +1,136 @@ +""" +Django settings for ledger project. + +Generated by 'django-admin startproject' using Django 2.1.7. + +For more information on this file, see +https://docs.djangoproject.com/en/2.1/topics/settings/ + +For the full list of settings and their values, see +https://docs.djangoproject.com/en/2.1/ref/settings/ +""" + +import os + +# Build paths inside the project like this: os.path.join(BASE_DIR, ...) +BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__))) + + +# Quick-start development settings - unsuitable for production +# See https://docs.djangoproject.com/en/2.1/howto/deployment/checklist/ + +# SECURITY WARNING: keep the secret key used in production secret! +SECRET_KEY = 'km&+&g_pcaj03g9dqhzg+qcg2)5bvu_rc*_n17!ol3571a8%u8' + +# SECURITY WARNING: don't run with debug turned on in production! +DEBUG = True + +ALLOWED_HOSTS = [] + + +# Application definition + +INSTALLED_APPS = [ + 'ledger_ui.apps.LedgerUiConfig', + 'ledger_query.apps.LedgerQueryConfig', + 'ledger_submit.apps.LedgerSubmitConfig', + 'accounts.apps.AccountsConfig', + 'django.contrib.admin', + 'django.contrib.auth', + 'django.contrib.contenttypes', + 'django.contrib.sessions', + 'django.contrib.messages', + 'django.contrib.staticfiles', +] + +MIDDLEWARE = [ + 'django.middleware.security.SecurityMiddleware', + 'django.contrib.sessions.middleware.SessionMiddleware', + 'django.middleware.common.CommonMiddleware', + 'django.middleware.csrf.CsrfViewMiddleware', + 'django.contrib.auth.middleware.AuthenticationMiddleware', + 'django.contrib.messages.middleware.MessageMiddleware', + 'ledger_ui.middleware.HandleExceptionsMiddleware', + 'django.middleware.clickjacking.XFrameOptionsMiddleware', +] + +ROOT_URLCONF = 'ledger.urls' + +TEMPLATES = [ + { + 'BACKEND': 'django.template.backends.django.DjangoTemplates', + 'DIRS': [], + 'APP_DIRS': True, + 'OPTIONS': { + 'context_processors': [ + 'django.template.context_processors.debug', + 'django.template.context_processors.request', + 'django.contrib.auth.context_processors.auth', + 'django.contrib.messages.context_processors.messages', + ], + }, + }, +] + +WSGI_APPLICATION = 'ledger.wsgi.application' + + +# Database +# https://docs.djangoproject.com/en/2.1/ref/settings/#databases + +DATABASES = { + 'default': { + 'ENGINE': 'django.db.backends.sqlite3', + 'NAME': '/home/ledger/db/db.sqlite3', + } +} + + +# Password validation +# https://docs.djangoproject.com/en/2.1/ref/settings/#auth-password-validators + +AUTH_PASSWORD_VALIDATORS = [ + { + 'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator', + }, + { + 'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator', + }, + { + 'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator', + }, + { + 'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator', + }, +] + + +# Internationalization +# https://docs.djangoproject.com/en/2.1/topics/i18n/ + +LANGUAGE_CODE = 'en-us' + +TIME_ZONE = 'Europe/Warsaw' + +USE_I18N = True + +USE_L10N = True + +USE_TZ = True + + +# Static files (CSS, JavaScript, Images) +# https://docs.djangoproject.com/en/2.1/howto/static-files/ + +STATIC_URL = '/static/' + +STATICFILES_DIRS = [ + os.path.join(BASE_DIR, "static"), +] + +LOGIN_REDIRECT_URL = 'ledger_ui:index' + +LEDGER_ENTRY_COUNT = 20 +LEDGER_DEFAULT_CURRENCY = '$' +LEDGER_DEFAULT_FROM = 'Liabilities:Credit Card' +LEDGER_DEFAULT_TO = 'Expenses:Uncategorized' diff --git a/ledger-web/test.sh b/ledger-web/test.sh new file mode 100644 index 0000000..c643e23 --- /dev/null +++ b/ledger-web/test.sh @@ -0,0 +1,8 @@ +#!/bin/sh + +make && \ + docker run -it \ + -v $(pwd)/settings.py:/home/ledger/ledger-web/ledger/settings.py:ro \ + -v $(pwd)/db:/home/ledger/db \ + rilla/ledger-web \ + bash diff --git a/rss-bridge/Dockerfile b/rss-bridge/Dockerfile new file mode 100644 index 0000000..18f0668 --- /dev/null +++ b/rss-bridge/Dockerfile @@ -0,0 +1,20 @@ +FROM alpine:3.12 + +RUN apk add --no-cache \ + git su-exec nginx php7 php7-fpm \ + php7-curl php7-json php7-mbstring php7-openssl php7-pecl-memcached \ + php7-simplexml php7-sqlite3 php7-xml && \ + sed -i.bak 's/^listen = 127.0.0.1:9000/listen = 9000/' /etc/php7/php-fpm.d/www.conf && \ + mkdir -p /var/www && \ + git clone https://github.com/RSS-Bridge/rss-bridge /var/www/rss-bridge && \ + adduser -D -h /var/www/rss-bridge rssbridge && \ + chown -R rssbridge:rssbridge \ + /var/www/rss-bridge \ + /var/log/php7 + +WORKDIR /var/www/rss-bridge + +COPY entrypoint.sh /entrypoint +RUN chmod 700 /entrypoint +ENTRYPOINT ["/entrypoint"] +CMD ["rss-bridge"] diff --git a/rss-bridge/Makefile b/rss-bridge/Makefile new file mode 100644 index 0000000..c4689b0 --- /dev/null +++ b/rss-bridge/Makefile @@ -0,0 +1,10 @@ +USERNAME = rilla +IMG_NAME = rss-bridge + +.PHONY: build build-nc + +build: Dockerfile + docker build -t $(USERNAME)/$(IMG_NAME) . + +build-nc: Dockerfile + docker build --no-cache -t $(USERNAME)/$(IMG_NAME) . diff --git a/rss-bridge/entrypoint.sh b/rss-bridge/entrypoint.sh new file mode 100644 index 0000000..21267f6 --- /dev/null +++ b/rss-bridge/entrypoint.sh @@ -0,0 +1,14 @@ +#!/bin/sh + +set -ex + +case $1 in + rss-bridge) + exec su-exec rssbridge php-fpm7 -F + ;; + nginx) + exec nginx -g 'daemon off;' + ;; + *) + exec su-exec rssbridge "$@" +esac diff --git a/syncthing/Dockerfile b/syncthing/Dockerfile new file mode 100644 index 0000000..0d40188 --- /dev/null +++ b/syncthing/Dockerfile @@ -0,0 +1,32 @@ +# syncthing + +FROM alpine:3.12 + +ARG ARCH +ENV VER v1.12.0 +ENV REL syncthing-linux-${ARCH}-${VER} +ENV URI https://github.com/syncthing/syncthing/releases/download/${VER}/${REL}.tar.gz + +RUN apk add --no-cache su-exec + +RUN adduser -u 1001 -h /var/lib/syncthing -D syncthing && \ + addgroup -S -g 1005 books && addgroup syncthing books && \ + addgroup -S -g 1006 buku && addgroup syncthing buku + +RUN mkdir -p /data && chown -R syncthing:syncthing /data && \ + mkdir -p /data/books && chown -R syncthing:books /data/books && chmod '2775' /data/books && \ + mkdir -p /data/buku && chown -R syncthing:buku /data/buku && chmod '2775' /data/buku + +VOLUME /data /data/books /data/buku /var/lib/syncthing + +RUN cd /tmp && \ + wget ${URI} && \ + tar -xzf ${REL}.tar.gz && \ + cp /tmp/${REL}/syncthing /usr/local/bin/syncthing && \ + rm -r /tmp/${REL} /tmp/${REL}.tar.gz + +COPY docker-entrypoint.sh /entrypoint + +RUN chmod +x /entrypoint +ENTRYPOINT ["/entrypoint"] +CMD ["/usr/local/bin/syncthing", "-home=/var/lib/syncthing"] diff --git a/syncthing/Makefile b/syncthing/Makefile new file mode 100644 index 0000000..f012ceb --- /dev/null +++ b/syncthing/Makefile @@ -0,0 +1,19 @@ +USERNAME = rilla +IMG_NAME = syncthing + +.PHONY: build build-nc + +hw=$(shell uname -m) +ifeq ($(hw), x86_64) + ARCH=amd64 +else ifeq ($(hw), aarch64) + ARCH=arm64 +else + ARCH=$(hw) +endif + +build: Dockerfile docker-entrypoint.sh + docker build -t $(USERNAME)/$(IMG_NAME) --build-arg ARCH=$(ARCH) . + +build-nc: Dockerfile docker-entrypoint.sh + docker build --no-cache -t $(USERNAME)/$(IMG_NAME) --build-arg ARCH=$(ARCH) . diff --git a/syncthing/docker-entrypoint.sh b/syncthing/docker-entrypoint.sh new file mode 100644 index 0000000..e96a87c --- /dev/null +++ b/syncthing/docker-entrypoint.sh @@ -0,0 +1,9 @@ +#!/bin/sh + +chown -R syncthing:syncthing /data +chown -R syncthing:syncthing /var/lib/syncthing +chown -R syncthing:books /data/books +chown -R syncthing:buku /data/buku && touch /data/buku/bookmarks.db && chmod '664' /data/buku/bookmarks.db +chmod '2775' /data/books + +exec su-exec syncthing "$@" diff --git a/tasks/Dockerfile b/tasks/Dockerfile new file mode 100644 index 0000000..be27830 --- /dev/null +++ b/tasks/Dockerfile @@ -0,0 +1,10 @@ +FROM alpine:3.12 + +RUN apk add --update --no-cache \ + docker-compose \ + docker + +COPY entrypoint.sh /entrypoint +RUN chmod +x /entrypoint + +ENTRYPOINT ["/entrypoint"] diff --git a/tasks/Makefile b/tasks/Makefile new file mode 100644 index 0000000..018b436 --- /dev/null +++ b/tasks/Makefile @@ -0,0 +1,10 @@ +USERNAME = rilla +IMG_NAME = tasks + +.PHONY: build build-nc + +build: Dockerfile entrypoint.sh + docker build -t $(USERNAME)/$(IMG_NAME) . + +build-nc: Dockerfile entrypoint.sh + docker build --no-cache -t $(USERNAME)/$(IMG_NAME) . diff --git a/tasks/entrypoint.sh b/tasks/entrypoint.sh new file mode 100644 index 0000000..c8dacc9 --- /dev/null +++ b/tasks/entrypoint.sh @@ -0,0 +1,11 @@ +#!/bin/sh + +set -e + +[ -f /tasks/tasks.cron ] && crontab /tasks/tasks.cron + +if [ -n "$*" ]; then + exec "$@" +else + exec crond -f -L /dev/stdout +fi diff --git a/tor/Dockerfile b/tor/Dockerfile new file mode 100644 index 0000000..c00853e --- /dev/null +++ b/tor/Dockerfile @@ -0,0 +1,7 @@ +FROM alpine:3.12 + +RUN apk add --no-cache tor su-exec shadow +COPY entrypoint.sh /entrypoint +RUN chmod +x entrypoint +ENTRYPOINT ["/entrypoint"] +CMD ["tor"] diff --git a/tor/Makefile b/tor/Makefile new file mode 100644 index 0000000..4370297 --- /dev/null +++ b/tor/Makefile @@ -0,0 +1,10 @@ +USERNAME = rilla +IMG_NAME = tor + +.PHONY: build build-nc + +build: Dockerfile + docker build -t $(USERNAME)/$(IMG_NAME) . + +build-nc: Dockerfile + docker build --no-cache -t $(USERNAME)/$(IMG_NAME) . diff --git a/tor/entrypoint.sh b/tor/entrypoint.sh new file mode 100644 index 0000000..b5c5759 --- /dev/null +++ b/tor/entrypoint.sh @@ -0,0 +1,14 @@ +#!/bin/sh + +set -xe + +[ -n "${USER_ID}" ] && usermod -u "${USER_ID}" tor + +for dir in $(awk '{if ($1 == "HiddenServiceDir") print $2}' /etc/tor/torrc) +do + mkdir -p "${dir}" + chown tor "${dir}" + chmod 700 "${dir}" +done + +su-exec tor "$@" diff --git a/vdirsyncer/Dockerfile b/vdirsyncer/Dockerfile new file mode 100644 index 0000000..d860980 --- /dev/null +++ b/vdirsyncer/Dockerfile @@ -0,0 +1,21 @@ +FROM alpine:3.11 + +RUN apk add --no-cache python3 su-exec && \ + apk add --no-cache --virtual .build-deps py3-pip && \ + pip3 install --upgrade pip && \ + pip3 install vdirsyncer vdirsyncer[google] requests_oauthlib && \ + apk del .build-deps && \ + adduser -D -h /var/lib/vdirsyncer vdirsyncer && \ + mkdir -p /var/lib/vdirsyncer/status /var/lib/vdirsyncer/tokens && \ + touch /var/lib/vdirsyncer/config && \ + chown -R vdirsyncer:vdirsyncer /var/lib/vdirsyncer + +COPY crontab /crontab +COPY entrypoint.sh /entrypoint +COPY do_sync.sh /do_sync +RUN chmod +x /entrypoint /do_sync + +ENTRYPOINT ["/entrypoint"] +CMD ["task"] + +ENV VDIRSYNCER_CONFIG /var/lib/vdirsyncer/config diff --git a/vdirsyncer/Makefile b/vdirsyncer/Makefile new file mode 100644 index 0000000..bc147eb --- /dev/null +++ b/vdirsyncer/Makefile @@ -0,0 +1,10 @@ +USERNAME = rilla +IMG_NAME = vdirsyncer + +.PHONY: build build-nc + +build: Dockerfile entrypoint.sh crontab do_sync.sh + docker build -t $(USERNAME)/$(IMG_NAME) . + +build-nc: Dockerfile entrypoint.sh crontab do_sync.sh + docker build --no-cache -t $(USERNAME)/$(IMG_NAME) . diff --git a/vdirsyncer/crontab b/vdirsyncer/crontab new file mode 100644 index 0000000..417ceff --- /dev/null +++ b/vdirsyncer/crontab @@ -0,0 +1 @@ +*/15 * * * * /do_sync diff --git a/vdirsyncer/do_sync.sh b/vdirsyncer/do_sync.sh new file mode 100644 index 0000000..1a4e360 --- /dev/null +++ b/vdirsyncer/do_sync.sh @@ -0,0 +1,4 @@ +#!/bin/sh + +export VDIRSYNCER_CONFIG=/var/lib/vdirsyncer/config +vdirsyncer discover && vdirsyncer sync diff --git a/vdirsyncer/entrypoint.sh b/vdirsyncer/entrypoint.sh new file mode 100644 index 0000000..d4e8332 --- /dev/null +++ b/vdirsyncer/entrypoint.sh @@ -0,0 +1,25 @@ +#!/bin/sh + +mkdir -p /var/lib/vdirsyncer/tokens /var/lib/vdirsyncer/status +chown -R vdirsyncer:vdirsyncer \ + /var/lib/vdirsyncer/tokens \ + /var/lib/vdirsyncer/status + +export VDIRSYNCER_CONFIG=/var/lib/vdirsyncer/config + +case $1 in + discover) + exec su-exec vdirsyncer vdirsyncer "$@" + ;; + sync) + exec su-exec vdirsyncer vdirsyncer "$@" + ;; + task) + su-exec vdirsyncer vdirsyncer discover && \ + /usr/bin/crontab -u vdirsyncer /crontab && \ + exec /usr/sbin/crond -f -L /dev/stdout + ;; + *) + exec "$@" + ;; +esac diff --git a/wallabag/Dockerfile b/wallabag/Dockerfile new file mode 100644 index 0000000..bf53c80 --- /dev/null +++ b/wallabag/Dockerfile @@ -0,0 +1,43 @@ +FROM alpine:3.12 + +ARG WALLABAG_VERSION=2.4.0 + +RUN apk --no-cache add \ + git su-exec make nginx curl php7 \ + php7-bcmath php7-ctype php7-curl php7-dom php7-fpm php7-gd \ + php7-gettext php7-iconv php7-intl php7-json php7-mbstring \ + php7-openssl php7-pdo_sqlite php7-phar php7-session php7-simplexml \ + php7-sockets php7-tidy php7-tokenizer php7-xml php7-xmlreader + +RUN curl -s https://getcomposer.org/installer | php && \ + mv composer.phar /usr/local/bin/composer + +RUN mkdir -p /etc/nginx /etc/php7 +COPY php-fpm.conf php.ini /etc/php7/ + +RUN mkdir -p /var/www && \ + git clone \ + --branch $WALLABAG_VERSION \ + --depth 1 \ + https://github.com/wallabag/wallabag.git \ + /var/www/wallabag + +COPY parameters.yml /var/www/wallabag/app/config/parameters.yml + +WORKDIR /var/www/wallabag + +RUN SYMFONY_ENV=prod composer install \ + --no-dev \ + -o \ + --prefer-dist \ + --no-progress + +RUN addgroup -g 1000 wallabag && \ + adduser -D -h /var/www -G wallabag -u 1000 wallabag && \ + chown -R wallabag:wallabag /var/www/wallabag + +COPY entrypoint.sh /entrypoint +RUN chmod +x /entrypoint + +ENTRYPOINT ["/entrypoint"] +CMD ["wallabag"] diff --git a/wallabag/Makefile b/wallabag/Makefile new file mode 100644 index 0000000..63ea504 --- /dev/null +++ b/wallabag/Makefile @@ -0,0 +1,10 @@ +USERNAME = rilla +IMG_NAME = wallabag + +.PHONY: build build-nc + +build: Dockerfile + docker build -t $(USERNAME)/$(IMG_NAME) . + +build-nc: Dockerfile + docker build --no-cache -t $(USERNAME)/$(IMG_NAME) . diff --git a/wallabag/entrypoint.sh b/wallabag/entrypoint.sh new file mode 100644 index 0000000..b4ac9fe --- /dev/null +++ b/wallabag/entrypoint.sh @@ -0,0 +1,42 @@ +#!/bin/sh + +set -ex + +INSTALL_DIR=/var/www/wallabag + +set_permissions () { + mkdir -p \ + "${INSTALL_DIR}/data/assets" \ + "${INSTALL_DIR}/data/db" + chown -R wallabag:wallabag "${INSTALL_DIR}/data" +} + +db_install () { + [ -f "${INSTALL_DIR}/data/db/wallabag.sqlite" ] || \ + su-exec wallabag php "${INSTALL_DIR}/bin/console" \ + wallabag:install --env=prod -n +} + +case $1 in + wallabag) + set_permissions + db_install + exec su-exec wallabag php-fpm7 -F + ;; + nginx) + exec nginx -c /etc/nginx/nginx.conf -g "daemon off;" + ;; + import) + set_permissions + exec su-exec wallabag "${INSTALL_DIR}/bin/console" \ + wallabag:import:redis-worker -e=prod "$2" -vv + ;; + migrate) + set_permissions + exec su-exec wallabag "${INSTALL_DIR}/bin/console" \ + doctrine:migrations:migrate --env=prod --no-interaction + ;; + *) + set_permissions + exec su-exec wallabag "$@" +esac diff --git a/wallabag/parameters.yml b/wallabag/parameters.yml new file mode 100644 index 0000000..69c5ddb --- /dev/null +++ b/wallabag/parameters.yml @@ -0,0 +1,64 @@ +parameters: + database_driver: pdo_sqlite + database_host: 127.0.0.1 + database_port: ~ + database_name: symfony + database_user: root + database_password: ~ + database_path: "%kernel.root_dir%/../data/db/wallabag.sqlite" + database_table_prefix: wallabag_ + database_socket: null + database_charset: utf8 + database_driver_class: null + + domain_name: https://your-wallabag-url-instance.com + + test_database_driver: pdo_sqlite + test_database_host: 127.0.0.1 + test_database_port: ~ + test_database_name: ~ + test_database_user: ~ + test_database_password: ~ + test_database_path: "%kernel.root_dir%/../data/db/wallabag_test.sqlite" + + mailer_transport: smtp + mailer_user: ~ + mailer_password: ~ + mailer_host: 127.0.0.1 + mailer_port: false + mailer_encryption: ~ + mailer_auth_mode: ~ + + locale: en + + # A secret key that's used to generate certain security-related tokens + secret: ovmpmAWXRCabNlMgzlzFXDYmCFfzGv + + # two factor stuff + twofactor_auth: true + twofactor_sender: no-reply@wallabag.org + + # fosuser stuff + fosuser_registration: true + fosuser_confirmation: true + + from_email: no-reply@wallabag.org + + rss_limit: 50 + + # RabbitMQ processing + rabbitmq_host: localhost + rabbitmq_port: 5672 + rabbitmq_user: guest + rabbitmq_password: guest + rabbitmq_prefetch_count: 10 + + # Redis processing + redis_scheme: tcp + redis_host: localhost + redis_port: 6379 + redis_path: null + redis_password: null + + # Sentry + sentry_dsn: ~ diff --git a/wallabag/php-fpm.conf b/wallabag/php-fpm.conf new file mode 100644 index 0000000..6fdfe43 --- /dev/null +++ b/wallabag/php-fpm.conf @@ -0,0 +1,539 @@ +;;;;;;;;;;;;;;;;;;;;; +; FPM Configuration ; +;;;;;;;;;;;;;;;;;;;;; + +; All relative paths in this configuration file are relative to PHP's install +; prefix (/usr). This prefix can be dynamically changed by using the +; '-p' argument from the command line. + +; Include one or more files. If glob(3) exists, it is used to include a bunch of +; files from a glob(3) pattern. This directive can be used everywhere in the +; file. +; Relative path can also be used. They will be prefixed by: +; - the global prefix if it's been set (-p argument) +; - /usr otherwise +;include=etc/fpm.d/*.conf + +;;;;;;;;;;;;;;;;;; +; Global Options ; +;;;;;;;;;;;;;;;;;; + +[global] +; Pid file +; Note: the default prefix is /var +; Default Value: none +;pid = run/php-fpm.pid + +; Error log file +; If it's set to "syslog", log is sent to syslogd instead of being written +; in a local file. +; Note: the default prefix is /var +; Default Value: log/php-fpm.log +error_log = /dev/stdout + +; syslog_facility is used to specify what type of program is logging the +; message. This lets syslogd specify that messages from different facilities +; will be handled differently. +; See syslog(3) for possible values (ex daemon equiv LOG_DAEMON) +; Default Value: daemon +;syslog.facility = daemon + +; syslog_ident is prepended to every message. If you have multiple FPM +; instances running on the same server, you can change the default value +; which must suit common needs. +; Default Value: php-fpm +;syslog.ident = php-fpm + +; Log level +; Possible Values: alert, error, warning, notice, debug +; Default Value: notice +;log_level = notice + +; If this number of child processes exit with SIGSEGV or SIGBUS within the time +; interval set by emergency_restart_interval then FPM will restart. A value +; of '0' means 'Off'. +; Default Value: 0 +;emergency_restart_threshold = 0 + +; Interval of time used by emergency_restart_interval to determine when +; a graceful restart will be initiated. This can be useful to work around +; accidental corruptions in an accelerator's shared memory. +; Available Units: s(econds), m(inutes), h(ours), or d(ays) +; Default Unit: seconds +; Default Value: 0 +;emergency_restart_interval = 0 + +; Time limit for child processes to wait for a reaction on signals from master. +; Available units: s(econds), m(inutes), h(ours), or d(ays) +; Default Unit: seconds +; Default Value: 0 +;process_control_timeout = 0 + +; The maximum number of processes FPM will fork. This has been design to control +; the global number of processes when using dynamic PM within a lot of pools. +; Use it with caution. +; Note: A value of 0 indicates no limit +; Default Value: 0 +; process.max = 128 + +; Specify the nice(2) priority to apply to the master process (only if set) +; The value can vary from -19 (highest priority) to 20 (lower priority) +; Note: - It will only work if the FPM master process is launched as root +; - The pool process will inherit the master process priority +; unless it specified otherwise +; Default Value: no set +; process.priority = -19 + +; Send FPM to background. Set to 'no' to keep FPM in foreground for debugging. +; Default Value: yes +;daemonize = yes + +; Set open file descriptor rlimit for the master process. +; Default Value: system defined value +;rlimit_files = 1024 + +; Set max core size rlimit for the master process. +; Possible Values: 'unlimited' or an integer greater or equal to 0 +; Default Value: system defined value +;rlimit_core = 0 + +; Specify the event mechanism FPM will use. The following is available: +; - select (any POSIX os) +; - poll (any POSIX os) +; - epoll (linux >= 2.5.44) +; - kqueue (FreeBSD >= 4.1, OpenBSD >= 2.9, NetBSD >= 2.0) +; - /dev/poll (Solaris >= 7) +; - port (Solaris >= 10) +; Default Value: not set (auto detection) +;events.mechanism = epoll + +; When FPM is build with systemd integration, specify the interval, +; in second, between health report notification to systemd. +; Set to 0 to disable. +; Available Units: s(econds), m(inutes), h(ours) +; Default Unit: seconds +; Default value: 10 +;systemd_interval = 10 + +;;;;;;;;;;;;;;;;;;;; +; Pool Definitions ; +;;;;;;;;;;;;;;;;;;;; + +; Multiple pools of child processes may be started with different listening +; ports and different management options. The name of the pool will be +; used in logs and stats. There is no limitation on the number of pools which +; FPM can handle. Your system will tell you anyway :) + +; Start a new pool named 'www'. +; the variable $pool can we used in any directive and will be replaced by the +; pool name ('www' here) +[www] + +; Per pool prefix +; It only applies on the following directives: +; - 'access.log' +; - 'slowlog' +; - 'listen' (unixsocket) +; - 'chroot' +; - 'chdir' +; - 'php_values' +; - 'php_admin_values' +; When not set, the global prefix (or /usr) applies instead. +; Note: This directive can also be relative to the global prefix. +; Default Value: none +;prefix = /path/to/pools/$pool + +; Unix user/group of processes +; Note: The user is mandatory. If the group is not set, the default user's group +; will be used. +user = nobody +group = nobody + +; The address on which to accept FastCGI requests. +; Valid syntaxes are: +; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on +; a specific port; +; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on +; a specific port; +; 'port' - to listen on a TCP socket to all IPv4 addresses on a +; specific port; +; '[::]:port' - to listen on a TCP socket to all addresses +; (IPv6 and IPv4-mapped) on a specific port; +; '/path/to/unix/socket' - to listen on a unix socket. +; Note: This value is mandatory. +;listen = 127.0.0.1:9000 +listen = 0.0.0.0:9000 + +; Set listen(2) backlog. +; Default Value: 65535 (-1 on FreeBSD and OpenBSD) +;listen.backlog = 65535 + +; Set permissions for unix socket, if one is used. In Linux, read/write +; permissions must be set in order to allow connections from a web server. Many +; BSD-derived systems allow connections regardless of permissions. +; Default Values: user and group are set as the running user +; mode is set to 0660 +;listen.owner = nobody +;listen.group = nobody +;listen.mode = 0660 +; When POSIX Access Control Lists are supported you can set them using +; these options, value is a comma separated list of user/group names. +; When set, listen.owner and listen.group are ignored +;listen.acl_users = +;listen.acl_groups = + +; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect. +; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original +; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address +; must be separated by a comma. If this value is left blank, connections will be +; accepted from any ip address. +; Default Value: any +;listen.allowed_clients = 127.0.0.1 + +; Specify the nice(2) priority to apply to the pool processes (only if set) +; The value can vary from -19 (highest priority) to 20 (lower priority) +; Note: - It will only work if the FPM master process is launched as root +; - The pool processes will inherit the master process priority +; unless it specified otherwise +; Default Value: no set +; process.priority = -19 + +; Choose how the process manager will control the number of child processes. +; Possible Values: +; static - a fixed number (pm.max_children) of child processes; +; dynamic - the number of child processes are set dynamically based on the +; following directives. With this process management, there will be +; always at least 1 children. +; pm.max_children - the maximum number of children that can +; be alive at the same time. +; pm.start_servers - the number of children created on startup. +; pm.min_spare_servers - the minimum number of children in 'idle' +; state (waiting to process). If the number +; of 'idle' processes is less than this +; number then some children will be created. +; pm.max_spare_servers - the maximum number of children in 'idle' +; state (waiting to process). If the number +; of 'idle' processes is greater than this +; number then some children will be killed. +; ondemand - no children are created at startup. Children will be forked when +; new requests will connect. The following parameter are used: +; pm.max_children - the maximum number of children that +; can be alive at the same time. +; pm.process_idle_timeout - The number of seconds after which +; an idle process will be killed. +; Note: This value is mandatory. +pm = dynamic + +; The number of child processes to be created when pm is set to 'static' and the +; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'. +; This value sets the limit on the number of simultaneous requests that will be +; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. +; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP +; CGI. The below defaults are based on a server without much resources. Don't +; forget to tweak pm.* to fit your needs. +; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' +; Note: This value is mandatory. +pm.max_children = 5 + +; The number of child processes created on startup. +; Note: Used only when pm is set to 'dynamic' +; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2 +pm.start_servers = 2 + +; The desired minimum number of idle server processes. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' +pm.min_spare_servers = 1 + +; The desired maximum number of idle server processes. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' +pm.max_spare_servers = 3 + +; The number of seconds after which an idle process will be killed. +; Note: Used only when pm is set to 'ondemand' +; Default Value: 10s +;pm.process_idle_timeout = 10s; + +; The number of requests each child process should execute before respawning. +; This can be useful to work around memory leaks in 3rd party libraries. For +; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. +; Default Value: 0 +;pm.max_requests = 500 + +; The URI to view the FPM status page. If this value is not set, no URI will be +; recognized as a status page. It shows the following informations: +; pool - the name of the pool; +; process manager - static, dynamic or ondemand; +; start time - the date and time FPM has started; +; start since - number of seconds since FPM has started; +; accepted conn - the number of request accepted by the pool; +; listen queue - the number of request in the queue of pending +; connections (see backlog in listen(2)); +; max listen queue - the maximum number of requests in the queue +; of pending connections since FPM has started; +; listen queue len - the size of the socket queue of pending connections; +; idle processes - the number of idle processes; +; active processes - the number of active processes; +; total processes - the number of idle + active processes; +; max active processes - the maximum number of active processes since FPM +; has started; +; max children reached - number of times, the process limit has been reached, +; when pm tries to start more children (works only for +; pm 'dynamic' and 'ondemand'); +; Value are updated in real time. +; Example output: +; pool: www +; process manager: static +; start time: 01/Jul/2011:17:53:49 +0200 +; start since: 62636 +; accepted conn: 190460 +; listen queue: 0 +; max listen queue: 1 +; listen queue len: 42 +; idle processes: 4 +; active processes: 11 +; total processes: 15 +; max active processes: 12 +; max children reached: 0 +; +; By default the status page output is formatted as text/plain. Passing either +; 'html', 'xml' or 'json' in the query string will return the corresponding +; output syntax. Example: +; http://www.foo.bar/status +; http://www.foo.bar/status?json +; http://www.foo.bar/status?html +; http://www.foo.bar/status?xml +; +; By default the status page only outputs short status. Passing 'full' in the +; query string will also return status for each pool process. +; Example: +; http://www.foo.bar/status?full +; http://www.foo.bar/status?json&full +; http://www.foo.bar/status?html&full +; http://www.foo.bar/status?xml&full +; The Full status returns for each process: +; pid - the PID of the process; +; state - the state of the process (Idle, Running, ...); +; start time - the date and time the process has started; +; start since - the number of seconds since the process has started; +; requests - the number of requests the process has served; +; request duration - the duration in µs of the requests; +; request method - the request method (GET, POST, ...); +; request URI - the request URI with the query string; +; content length - the content length of the request (only with POST); +; user - the user (PHP_AUTH_USER) (or '-' if not set); +; script - the main script called (or '-' if not set); +; last request cpu - the %cpu the last request consumed +; it's always 0 if the process is not in Idle state +; because CPU calculation is done when the request +; processing has terminated; +; last request memory - the max amount of memory the last request consumed +; it's always 0 if the process is not in Idle state +; because memory calculation is done when the request +; processing has terminated; +; If the process is in Idle state, then informations are related to the +; last request the process has served. Otherwise informations are related to +; the current request being served. +; Example output: +; ************************ +; pid: 31330 +; state: Running +; start time: 01/Jul/2011:17:53:49 +0200 +; start since: 63087 +; requests: 12808 +; request duration: 1250261 +; request method: GET +; request URI: /test_mem.php?N=10000 +; content length: 0 +; user: - +; script: /home/fat/web/docs/php/test_mem.php +; last request cpu: 0.00 +; last request memory: 0 +; +; Note: There is a real-time FPM status monitoring sample web page available +; It's available in: /usr/share/php/fpm/status.html +; +; Note: The value must start with a leading slash (/). The value can be +; anything, but it may not be a good idea to use the .php extension or it +; may conflict with a real PHP file. +; Default Value: not set +;pm.status_path = /status + +; The ping URI to call the monitoring page of FPM. If this value is not set, no +; URI will be recognized as a ping page. This could be used to test from outside +; that FPM is alive and responding, or to +; - create a graph of FPM availability (rrd or such); +; - remove a server from a group if it is not responding (load balancing); +; - trigger alerts for the operating team (24/7). +; Note: The value must start with a leading slash (/). The value can be +; anything, but it may not be a good idea to use the .php extension or it +; may conflict with a real PHP file. +; Default Value: not set +;ping.path = /ping + +; This directive may be used to customize the response of a ping request. The +; response is formatted as text/plain with a 200 response code. +; Default Value: pong +;ping.response = pong + +; The access log file +; Default: not set +;access.log = log/$pool.access.log +access.log = /dev/stdout + +; The access log format. +; The following syntax is allowed +; %%: the '%' character +; %C: %CPU used by the request +; it can accept the following format: +; - %{user}C for user CPU only +; - %{system}C for system CPU only +; - %{total}C for user + system CPU (default) +; %d: time taken to serve the request +; it can accept the following format: +; - %{seconds}d (default) +; - %{miliseconds}d +; - %{mili}d +; - %{microseconds}d +; - %{micro}d +; %e: an environment variable (same as $_ENV or $_SERVER) +; it must be associated with embraces to specify the name of the env +; variable. Some exemples: +; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e +; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e +; %f: script filename +; %l: content-length of the request (for POST request only) +; %m: request method +; %M: peak of memory allocated by PHP +; it can accept the following format: +; - %{bytes}M (default) +; - %{kilobytes}M +; - %{kilo}M +; - %{megabytes}M +; - %{mega}M +; %n: pool name +; %o: output header +; it must be associated with embraces to specify the name of the header: +; - %{Content-Type}o +; - %{X-Powered-By}o +; - %{Transfert-Encoding}o +; - .... +; %p: PID of the child that serviced the request +; %P: PID of the parent of the child that serviced the request +; %q: the query string +; %Q: the '?' character if query string exists +; %r: the request URI (without the query string, see %q and %Q) +; %R: remote IP address +; %s: status (response code) +; %t: server time the request was received +; it can accept a strftime(3) format: +; %d/%b/%Y:%H:%M:%S %z (default) +; %T: time the log has been written (the request has finished) +; it can accept a strftime(3) format: +; %d/%b/%Y:%H:%M:%S %z (default) +; %u: remote user +; +; Default: "%R - %u %t \"%m %r\" %s" +;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%" + +; The log file for slow requests +; Default Value: not set +; Note: slowlog is mandatory if request_slowlog_timeout is set +;slowlog = log/$pool.log.slow + +; The timeout for serving a single request after which a PHP backtrace will be +; dumped to the 'slowlog' file. A value of '0s' means 'off'. +; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) +; Default Value: 0 +;request_slowlog_timeout = 0 + +; The timeout for serving a single request after which the worker process will +; be killed. This option should be used when the 'max_execution_time' ini option +; does not stop script execution for some reason. A value of '0' means 'off'. +; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) +; Default Value: 0 +;request_terminate_timeout = 0 + +; Set open file descriptor rlimit. +; Default Value: system defined value +;rlimit_files = 1024 + +; Set max core size rlimit. +; Possible Values: 'unlimited' or an integer greater or equal to 0 +; Default Value: system defined value +;rlimit_core = 0 + +; Chroot to this directory at the start. This value must be defined as an +; absolute path. When this value is not set, chroot is not used. +; Note: you can prefix with '$prefix' to chroot to the pool prefix or one +; of its subdirectories. If the pool prefix is not set, the global prefix +; will be used instead. +; Note: chrooting is a great security feature and should be used whenever +; possible. However, all PHP paths will be relative to the chroot +; (error_log, sessions.save_path, ...). +; Default Value: not set +;chroot = + +; Chdir to this directory at the start. +; Note: relative path can be used. +; Default Value: current directory or / when chroot +;chdir = /var/www + +; Redirect worker stdout and stderr into main error log. If not set, stdout and +; stderr will be redirected to /dev/null according to FastCGI specs. +; Note: on highloaded environement, this can cause some delay in the page +; process time (several ms). +; Default Value: no +;catch_workers_output = yes + +; Clear environment in FPM workers +; Prevents arbitrary environment variables from reaching FPM worker processes +; by clearing the environment in workers before env vars specified in this +; pool configuration are added. +; Setting to "no" will make all environment variables available to PHP code +; via getenv(), $_ENV and $_SERVER. +; Default Value: yes +;clear_env = no + +; Limits the extensions of the main script FPM will allow to parse. This can +; prevent configuration mistakes on the web server side. You should only limit +; FPM to .php extensions to prevent malicious users to use other extensions to +; exectute php code. +; Note: set an empty value to allow all extensions. +; Default Value: .php +;security.limit_extensions = .php .php3 .php4 .php5 + +; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from +; the current environment. +; Default Value: clean env +;env[HOSTNAME] = $HOSTNAME +env[PATH] = /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin +;env[TMP] = /tmp +;env[TMPDIR] = /tmp +;env[TEMP] = /tmp + +; Additional php.ini defines, specific to this pool of workers. These settings +; overwrite the values previously defined in the php.ini. The directives are the +; same as the PHP SAPI: +; php_value/php_flag - you can set classic ini defines which can +; be overwritten from PHP call 'ini_set'. +; php_admin_value/php_admin_flag - these directives won't be overwritten by +; PHP call 'ini_set' +; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no. + +; Defining 'extension' will load the corresponding shared extension from +; extension_dir. Defining 'disable_functions' or 'disable_classes' will not +; overwrite previously defined php.ini values, but will append the new value +; instead. + +; Note: path INI options can be relative and will be expanded with the prefix +; (pool, global or /usr) + +; Default Value: nothing is defined by default except the values in php.ini and +; specified at startup with the -d argument +;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com +;php_flag[display_errors] = off +;php_admin_value[error_log] = /var/log/fpm-php.www.log +;php_admin_flag[log_errors] = on +;php_admin_value[memory_limit] = 32M diff --git a/wallabag/php.ini b/wallabag/php.ini new file mode 100644 index 0000000..545d3fc --- /dev/null +++ b/wallabag/php.ini @@ -0,0 +1,1930 @@ +[PHP] + +;;;;;;;;;;;;;;;;;;; +; About php.ini ; +;;;;;;;;;;;;;;;;;;; +; PHP's initialization file, generally called php.ini, is responsible for +; configuring many of the aspects of PHP's behavior. + +; PHP attempts to find and load this configuration from a number of locations. +; The following is a summary of its search order: +; 1. SAPI module specific location. +; 2. The PHPRC environment variable. (As of PHP 5.2.0) +; 3. A number of predefined registry keys on Windows (As of PHP 5.2.0) +; 4. Current working directory (except CLI) +; 5. The web server's directory (for SAPI modules), or directory of PHP +; (otherwise in Windows) +; 6. The directory from the --with-config-file-path compile time option, or the +; Windows directory (C:\windows or C:\winnt) +; See the PHP docs for more specific information. +; http://php.net/configuration.file + +; The syntax of the file is extremely simple. Whitespace and lines +; beginning with a semicolon are silently ignored (as you probably guessed). +; Section headers (e.g. [Foo]) are also silently ignored, even though +; they might mean something in the future. + +; Directives following the section heading [PATH=/www/mysite] only +; apply to PHP files in the /www/mysite directory. Directives +; following the section heading [HOST=www.example.com] only apply to +; PHP files served from www.example.com. Directives set in these +; special sections cannot be overridden by user-defined INI files or +; at runtime. Currently, [PATH=] and [HOST=] sections only work under +; CGI/FastCGI. +; http://php.net/ini.sections + +; Directives are specified using the following syntax: +; directive = value +; Directive names are *case sensitive* - foo=bar is different from FOO=bar. +; Directives are variables used to configure PHP or PHP extensions. +; There is no name validation. If PHP can't find an expected +; directive because it is not set or is mistyped, a default value will be used. + +; The value can be a string, a number, a PHP constant (e.g. E_ALL or M_PI), one +; of the INI constants (On, Off, True, False, Yes, No and None) or an expression +; (e.g. E_ALL & ~E_NOTICE), a quoted string ("bar"), or a reference to a +; previously set variable or directive (e.g. ${foo}) + +; Expressions in the INI file are limited to bitwise operators and parentheses: +; | bitwise OR +; ^ bitwise XOR +; & bitwise AND +; ~ bitwise NOT +; ! boolean NOT + +; Boolean flags can be turned on using the values 1, On, True or Yes. +; They can be turned off using the values 0, Off, False or No. + +; An empty string can be denoted by simply not writing anything after the equal +; sign, or by using the None keyword: + +; foo = ; sets foo to an empty string +; foo = None ; sets foo to an empty string +; foo = "None" ; sets foo to the string 'None' + +; If you use constants in your value, and these constants belong to a +; dynamically loaded extension (either a PHP extension or a Zend extension), +; you may only use these constants *after* the line that loads the extension. + +;;;;;;;;;;;;;;;;;;; +; About this file ; +;;;;;;;;;;;;;;;;;;; +; PHP comes packaged with two INI files. One that is recommended to be used +; in production environments and one that is recommended to be used in +; development environments. + +; php.ini-production contains settings which hold security, performance and +; best practices at its core. But please be aware, these settings may break +; compatibility with older or less security conscience applications. We +; recommending using the production ini in production and testing environments. + +; php.ini-development is very similar to its production variant, except it's +; much more verbose when it comes to errors. We recommending using the +; development version only in development environments as errors shown to +; application users can inadvertently leak otherwise secure information. + +; This is php.ini-production INI file. + +;;;;;;;;;;;;;;;;;;; +; Quick Reference ; +;;;;;;;;;;;;;;;;;;; +; The following are all the settings which are different in either the production +; or development versions of the INIs with respect to PHP's default behavior. +; Please see the actual settings later in the document for more details as to why +; we recommend these changes in PHP's behavior. + +; display_errors +; Default Value: On +; Development Value: On +; Production Value: Off + +; display_startup_errors +; Default Value: Off +; Development Value: On +; Production Value: Off + +; error_reporting +; Default Value: E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED +; Development Value: E_ALL +; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT + +; html_errors +; Default Value: On +; Development Value: On +; Production value: On + +; log_errors +; Default Value: Off +; Development Value: On +; Production Value: On + +; max_input_time +; Default Value: -1 (Unlimited) +; Development Value: 60 (60 seconds) +; Production Value: 60 (60 seconds) + +; output_buffering +; Default Value: Off +; Development Value: 4096 +; Production Value: 4096 + +; register_argc_argv +; Default Value: On +; Development Value: Off +; Production Value: Off + +; request_order +; Default Value: None +; Development Value: "GP" +; Production Value: "GP" + +; session.bug_compat_42 +; Default Value: On +; Development Value: On +; Production Value: Off + +; session.bug_compat_warn +; Default Value: On +; Development Value: On +; Production Value: Off + +; session.gc_divisor +; Default Value: 100 +; Development Value: 1000 +; Production Value: 1000 + +; session.hash_bits_per_character +; Default Value: 4 +; Development Value: 5 +; Production Value: 5 + +; short_open_tag +; Default Value: On +; Development Value: Off +; Production Value: Off + +; track_errors +; Default Value: Off +; Development Value: On +; Production Value: Off + +; url_rewriter.tags +; Default Value: "a=href,area=href,frame=src,form=,fieldset=" +; Development Value: "a=href,area=href,frame=src,input=src,form=fakeentry" +; Production Value: "a=href,area=href,frame=src,input=src,form=fakeentry" + +; variables_order +; Default Value: "EGPCS" +; Development Value: "GPCS" +; Production Value: "GPCS" + +;;;;;;;;;;;;;;;;;;;; +; php.ini Options ; +;;;;;;;;;;;;;;;;;;;; +; Name for user-defined php.ini (.htaccess) files. Default is ".user.ini" +;user_ini.filename = ".user.ini" + +; To disable this feature set this option to empty value +;user_ini.filename = + +; TTL for user-defined php.ini files (time-to-live) in seconds. Default is 300 seconds (5 minutes) +;user_ini.cache_ttl = 300 + +;;;;;;;;;;;;;;;;;;;; +; Language Options ; +;;;;;;;;;;;;;;;;;;;; + +; Enable the PHP scripting language engine under Apache. +; http://php.net/engine +engine = On + +; This directive determines whether or not PHP will recognize code between +; tags as PHP source which should be processed as such. It is +; generally recommended that should be used and that this feature +; should be disabled, as enabling it may result in issues when generating XML +; documents, however this remains supported for backward compatibility reasons. +; Note that this directive does not control the tags. +; http://php.net/asp-tags +asp_tags = Off + +; The number of significant digits displayed in floating point numbers. +; http://php.net/precision +precision = 14 + +; Output buffering is a mechanism for controlling how much output data +; (excluding headers and cookies) PHP should keep internally before pushing that +; data to the client. If your application's output exceeds this setting, PHP +; will send that data in chunks of roughly the size you specify. +; Turning on this setting and managing its maximum buffer size can yield some +; interesting side-effects depending on your application and web server. +; You may be able to send headers and cookies after you've already sent output +; through print or echo. You also may see performance benefits if your server is +; emitting less packets due to buffered output versus PHP streaming the output +; as it gets it. On production servers, 4096 bytes is a good setting for performance +; reasons. +; Note: Output buffering can also be controlled via Output Buffering Control +; functions. +; Possible Values: +; On = Enabled and buffer is unlimited. (Use with caution) +; Off = Disabled +; Integer = Enables the buffer and sets its maximum size in bytes. +; Note: This directive is hardcoded to Off for the CLI SAPI +; Default Value: Off +; Development Value: 4096 +; Production Value: 4096 +; http://php.net/output-buffering +output_buffering = 4096 + +; You can redirect all of the output of your scripts to a function. For +; example, if you set output_handler to "mb_output_handler", character +; encoding will be transparently converted to the specified encoding. +; Setting any output handler automatically turns on output buffering. +; Note: People who wrote portable scripts should not depend on this ini +; directive. Instead, explicitly set the output handler using ob_start(). +; Using this ini directive may cause problems unless you know what script +; is doing. +; Note: You cannot use both "mb_output_handler" with "ob_iconv_handler" +; and you cannot use both "ob_gzhandler" and "zlib.output_compression". +; Note: output_handler must be empty if this is set 'On' !!!! +; Instead you must use zlib.output_handler. +; http://php.net/output-handler +;output_handler = + +; Transparent output compression using the zlib library +; Valid values for this option are 'off', 'on', or a specific buffer size +; to be used for compression (default is 4KB) +; Note: Resulting chunk size may vary due to nature of compression. PHP +; outputs chunks that are few hundreds bytes each as a result of +; compression. If you prefer a larger chunk size for better +; performance, enable output_buffering in addition. +; Note: You need to use zlib.output_handler instead of the standard +; output_handler, or otherwise the output will be corrupted. +; http://php.net/zlib.output-compression +zlib.output_compression = On + +; http://php.net/zlib.output-compression-level +;zlib.output_compression_level = -1 + +; You cannot specify additional output handlers if zlib.output_compression +; is activated here. This setting does the same as output_handler but in +; a different order. +; http://php.net/zlib.output-handler +;zlib.output_handler = + +; Implicit flush tells PHP to tell the output layer to flush itself +; automatically after every output block. This is equivalent to calling the +; PHP function flush() after each and every call to print() or echo() and each +; and every HTML block. Turning this option on has serious performance +; implications and is generally recommended for debugging purposes only. +; http://php.net/implicit-flush +; Note: This directive is hardcoded to On for the CLI SAPI +implicit_flush = Off + +; The unserialize callback function will be called (with the undefined class' +; name as parameter), if the unserializer finds an undefined class +; which should be instantiated. A warning appears if the specified function is +; not defined, or if the function doesn't include/implement the missing class. +; So only set this entry, if you really want to implement such a +; callback-function. +unserialize_callback_func = + +; When floats & doubles are serialized store serialize_precision significant +; digits after the floating point. The default value ensures that when floats +; are decoded with unserialize, the data will remain the same. +serialize_precision = 17 + +; open_basedir, if set, limits all file operations to the defined directory +; and below. This directive makes most sense if used in a per-directory +; or per-virtualhost web server configuration file. This directive is +; *NOT* affected by whether Safe Mode is turned On or Off. +; http://php.net/open-basedir +;open_basedir = + +; This directive allows you to disable certain functions for security reasons. +; It receives a comma-delimited list of function names. This directive is +; *NOT* affected by whether Safe Mode is turned On or Off. +; http://php.net/disable-functions +disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority, + +; This directive allows you to disable certain classes for security reasons. +; It receives a comma-delimited list of class names. This directive is +; *NOT* affected by whether Safe Mode is turned On or Off. +; http://php.net/disable-classes +disable_classes = + +; Colors for Syntax Highlighting mode. Anything that's acceptable in +; would work. +; http://php.net/syntax-highlighting +;highlight.string = #DD0000 +;highlight.comment = #FF9900 +;highlight.keyword = #007700 +;highlight.default = #0000BB +;highlight.html = #000000 + +; If enabled, the request will be allowed to complete even if the user aborts +; the request. Consider enabling it if executing long requests, which may end up +; being interrupted by the user or a browser timing out. PHP's default behavior +; is to disable this feature. +; http://php.net/ignore-user-abort +;ignore_user_abort = On + +; Determines the size of the realpath cache to be used by PHP. This value should +; be increased on systems where PHP opens many files to reflect the quantity of +; the file operations performed. +; http://php.net/realpath-cache-size +;realpath_cache_size = 16k + +; Duration of time, in seconds for which to cache realpath information for a given +; file or directory. For systems with rarely changing files, consider increasing this +; value. +; http://php.net/realpath-cache-ttl +;realpath_cache_ttl = 120 + +; Enables or disables the circular reference collector. +; http://php.net/zend.enable-gc +zend.enable_gc = On + +; If enabled, scripts may be written in encodings that are incompatible with +; the scanner. CP936, Big5, CP949 and Shift_JIS are the examples of such +; encodings. To use this feature, mbstring extension must be enabled. +; Default: Off +;zend.multibyte = Off + +; Allows to set the default encoding for the scripts. This value will be used +; unless "declare(encoding=...)" directive appears at the top of the script. +; Only affects if zend.multibyte is set. +; Default: "" +;zend.script_encoding = + +;;;;;;;;;;;;;;;;; +; Miscellaneous ; +;;;;;;;;;;;;;;;;; + +; Decides whether PHP may expose the fact that it is installed on the server +; (e.g. by adding its signature to the Web server header). It is no security +; threat in any way, but it makes it possible to determine whether you use PHP +; on your server or not. +; http://php.net/expose-php +expose_php = Off + +;;;;;;;;;;;;;;;;;;; +; Resource Limits ; +;;;;;;;;;;;;;;;;;;; + +; Maximum execution time of each script, in seconds +; http://php.net/max-execution-time +; Note: This directive is hardcoded to 0 for the CLI SAPI +max_execution_time = 300 + +; Maximum amount of time each script may spend parsing request data. It's a good +; idea to limit this time on productions servers in order to eliminate unexpectedly +; long running scripts. +; Note: This directive is hardcoded to -1 for the CLI SAPI +; Default Value: -1 (Unlimited) +; Development Value: 60 (60 seconds) +; Production Value: 60 (60 seconds) +; http://php.net/max-input-time +max_input_time = 60 + +; Maximum input variable nesting level +; http://php.net/max-input-nesting-level +;max_input_nesting_level = 64 + +; How many GET/POST/COOKIE input variables may be accepted +; max_input_vars = 1000 + +; Maximum amount of memory a script may consume (128MB) +; http://php.net/memory-limit +memory_limit = 128M + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +; Error handling and logging ; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + +; This directive informs PHP of which errors, warnings and notices you would like +; it to take action for. The recommended way of setting values for this +; directive is through the use of the error level constants and bitwise +; operators. The error level constants are below here for convenience as well as +; some common settings and their meanings. +; By default, PHP is set to take action on all errors, notices and warnings EXCEPT +; those related to E_NOTICE and E_STRICT, which together cover best practices and +; recommended coding standards in PHP. For performance reasons, this is the +; recommend error reporting setting. Your production server shouldn't be wasting +; resources complaining about best practices and coding standards. That's what +; development servers and development settings are for. +; Note: The php.ini-development file has this setting as E_ALL. This +; means it pretty much reports everything which is exactly what you want during +; development and early testing. +; +; Error Level Constants: +; E_ALL - All errors and warnings (includes E_STRICT as of PHP 5.4.0) +; E_ERROR - fatal run-time errors +; E_RECOVERABLE_ERROR - almost fatal run-time errors +; E_WARNING - run-time warnings (non-fatal errors) +; E_PARSE - compile-time parse errors +; E_NOTICE - run-time notices (these are warnings which often result +; from a bug in your code, but it's possible that it was +; intentional (e.g., using an uninitialized variable and +; relying on the fact it's automatically initialized to an +; empty string) +; E_STRICT - run-time notices, enable to have PHP suggest changes +; to your code which will ensure the best interoperability +; and forward compatibility of your code +; E_CORE_ERROR - fatal errors that occur during PHP's initial startup +; E_CORE_WARNING - warnings (non-fatal errors) that occur during PHP's +; initial startup +; E_COMPILE_ERROR - fatal compile-time errors +; E_COMPILE_WARNING - compile-time warnings (non-fatal errors) +; E_USER_ERROR - user-generated error message +; E_USER_WARNING - user-generated warning message +; E_USER_NOTICE - user-generated notice message +; E_DEPRECATED - warn about code that will not work in future versions +; of PHP +; E_USER_DEPRECATED - user-generated deprecation warnings +; +; Common Values: +; E_ALL (Show all errors, warnings and notices including coding standards.) +; E_ALL & ~E_NOTICE (Show all errors, except for notices) +; E_ALL & ~E_NOTICE & ~E_STRICT (Show all errors, except for notices and coding standards warnings.) +; E_COMPILE_ERROR|E_RECOVERABLE_ERROR|E_ERROR|E_CORE_ERROR (Show only errors) +; Default Value: E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED +; Development Value: E_ALL +; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT +; http://php.net/error-reporting +error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT + +; This directive controls whether or not and where PHP will output errors, +; notices and warnings too. Error output is very useful during development, but +; it could be very dangerous in production environments. Depending on the code +; which is triggering the error, sensitive information could potentially leak +; out of your application such as database usernames and passwords or worse. +; It's recommended that errors be logged on production servers rather than +; having the errors sent to STDOUT. +; Possible Values: +; Off = Do not display any errors +; stderr = Display errors to STDERR (affects only CGI/CLI binaries!) +; On or stdout = Display errors to STDOUT +; Default Value: On +; Development Value: On +; Production Value: Off +; http://php.net/display-errors +display_errors = Off + +; The display of errors which occur during PHP's startup sequence are handled +; separately from display_errors. PHP's default behavior is to suppress those +; errors from clients. Turning the display of startup errors on can be useful in +; debugging configuration problems. But, it's strongly recommended that you +; leave this setting off on production servers. +; Default Value: Off +; Development Value: On +; Production Value: Off +; http://php.net/display-startup-errors +display_startup_errors = Off + +; Besides displaying errors, PHP can also log errors to locations such as a +; server-specific log, STDERR, or a location specified by the error_log +; directive found below. While errors should not be displayed on productions +; servers they should still be monitored and logging is a great way to do that. +; Default Value: Off +; Development Value: On +; Production Value: On +; http://php.net/log-errors +log_errors = On + +; Set maximum length of log_errors. In error_log information about the source is +; added. The default is 1024 and 0 allows to not apply any maximum length at all. +; http://php.net/log-errors-max-len +log_errors_max_len = 1024 + +; Do not log repeated messages. Repeated errors must occur in same file on same +; line unless ignore_repeated_source is set true. +; http://php.net/ignore-repeated-errors +ignore_repeated_errors = Off + +; Ignore source of message when ignoring repeated messages. When this setting +; is On you will not log errors with repeated messages from different files or +; source lines. +; http://php.net/ignore-repeated-source +ignore_repeated_source = Off + +; If this parameter is set to Off, then memory leaks will not be shown (on +; stdout or in the log). This has only effect in a debug compile, and if +; error reporting includes E_WARNING in the allowed list +; http://php.net/report-memleaks +report_memleaks = On + +; This setting is on by default. +;report_zend_debug = 0 + +; Store the last error/warning message in $php_errormsg (boolean). Setting this value +; to On can assist in debugging and is appropriate for development servers. It should +; however be disabled on production servers. +; Default Value: Off +; Development Value: On +; Production Value: Off +; http://php.net/track-errors +track_errors = Off + +; Turn off normal error reporting and emit XML-RPC error XML +; http://php.net/xmlrpc-errors +;xmlrpc_errors = 0 + +; An XML-RPC faultCode +;xmlrpc_error_number = 0 + +; When PHP displays or logs an error, it has the capability of formatting the +; error message as HTML for easier reading. This directive controls whether +; the error message is formatted as HTML or not. +; Note: This directive is hardcoded to Off for the CLI SAPI +; Default Value: On +; Development Value: On +; Production value: On +; http://php.net/html-errors +html_errors = On + +; If html_errors is set to On *and* docref_root is not empty, then PHP +; produces clickable error messages that direct to a page describing the error +; or function causing the error in detail. +; You can download a copy of the PHP manual from http://php.net/docs +; and change docref_root to the base URL of your local copy including the +; leading '/'. You must also specify the file extension being used including +; the dot. PHP's default behavior is to leave these settings empty, in which +; case no links to documentation are generated. +; Note: Never use this feature for production boxes. +; http://php.net/docref-root +; Examples +;docref_root = "/phpmanual/" + +; http://php.net/docref-ext +;docref_ext = .html + +; String to output before an error message. PHP's default behavior is to leave +; this setting blank. +; http://php.net/error-prepend-string +; Example: +;error_prepend_string = "" + +; String to output after an error message. PHP's default behavior is to leave +; this setting blank. +; http://php.net/error-append-string +; Example: +;error_append_string = "" + +; Log errors to specified file. PHP's default behavior is to leave this value +; empty. +; http://php.net/error-log +; Example: +;error_log = php_errors.log +; Log errors to syslog (Event Log on NT, not valid in Windows 95). +;error_log = syslog + +;windows.show_crt_warning +; Default value: 0 +; Development value: 0 +; Production value: 0 + +;;;;;;;;;;;;;;;;; +; Data Handling ; +;;;;;;;;;;;;;;;;; + +; The separator used in PHP generated URLs to separate arguments. +; PHP's default setting is "&". +; http://php.net/arg-separator.output +; Example: +;arg_separator.output = "&" + +; List of separator(s) used by PHP to parse input URLs into variables. +; PHP's default setting is "&". +; NOTE: Every character in this directive is considered as separator! +; http://php.net/arg-separator.input +; Example: +;arg_separator.input = ";&" + +; This directive determines which super global arrays are registered when PHP +; starts up. G,P,C,E & S are abbreviations for the following respective super +; globals: GET, POST, COOKIE, ENV and SERVER. There is a performance penalty +; paid for the registration of these arrays and because ENV is not as commonly +; used as the others, ENV is not recommended on productions servers. You +; can still get access to the environment variables through getenv() should you +; need to. +; Default Value: "EGPCS" +; Development Value: "GPCS" +; Production Value: "GPCS"; +; http://php.net/variables-order +variables_order = "GPCS" + +; This directive determines which super global data (G,P,C,E & S) should +; be registered into the super global array REQUEST. If so, it also determines +; the order in which that data is registered. The values for this directive are +; specified in the same manner as the variables_order directive, EXCEPT one. +; Leaving this value empty will cause PHP to use the value set in the +; variables_order directive. It does not mean it will leave the super globals +; array REQUEST empty. +; Default Value: None +; Development Value: "GP" +; Production Value: "GP" +; http://php.net/request-order +request_order = "GP" + +; This directive determines whether PHP registers $argv & $argc each time it +; runs. $argv contains an array of all the arguments passed to PHP when a script +; is invoked. $argc contains an integer representing the number of arguments +; that were passed when the script was invoked. These arrays are extremely +; useful when running scripts from the command line. When this directive is +; enabled, registering these variables consumes CPU cycles and memory each time +; a script is executed. For performance reasons, this feature should be disabled +; on production servers. +; Note: This directive is hardcoded to On for the CLI SAPI +; Default Value: On +; Development Value: Off +; Production Value: Off +; http://php.net/register-argc-argv +register_argc_argv = Off + +; When enabled, the ENV, REQUEST and SERVER variables are created when they're +; first used (Just In Time) instead of when the script starts. If these +; variables are not used within a script, having this directive on will result +; in a performance gain. The PHP directive register_argc_argv must be disabled +; for this directive to have any affect. +; http://php.net/auto-globals-jit +auto_globals_jit = On + +; Whether PHP will read the POST data. +; This option is enabled by default. +; Most likely, you won't want to disable this option globally. It causes $_POST +; and $_FILES to always be empty; the only way you will be able to read the +; POST data will be through the php://input stream wrapper. This can be useful +; to proxy requests or to process the POST data in a memory efficient fashion. +; http://php.net/enable-post-data-reading +;enable_post_data_reading = Off + +; Maximum size of POST data that PHP will accept. +; Its value may be 0 to disable the limit. It is ignored if POST data reading +; is disabled through enable_post_data_reading. +; http://php.net/post-max-size +post_max_size = 100M + +; Automatically add files before PHP document. +; http://php.net/auto-prepend-file +auto_prepend_file = + +; Automatically add files after PHP document. +; http://php.net/auto-append-file +auto_append_file = + +; By default, PHP will output a character encoding using +; the Content-type: header. To disable sending of the charset, simply +; set it to be empty. +; +; PHP's built-in default is text/html +; http://php.net/default-mimetype +default_mimetype = "text/html" + +; PHP's default character set is set to empty. +; http://php.net/default-charset +;default_charset = "UTF-8" + +; Always populate the $HTTP_RAW_POST_DATA variable. PHP's default behavior is +; to disable this feature. If post reading is disabled through +; enable_post_data_reading, $HTTP_RAW_POST_DATA is *NOT* populated. +; http://php.net/always-populate-raw-post-data +;always_populate_raw_post_data = On + +;;;;;;;;;;;;;;;;;;;;;;;;; +; Paths and Directories ; +;;;;;;;;;;;;;;;;;;;;;;;;; + +; UNIX: "/path1:/path2" +;include_path = ".:/usr/share/php" +; +; Windows: "\path1;\path2" +;include_path = ".;c:\php\includes" +; +; PHP's default setting for include_path is ".;/path/to/php/pear" +; http://php.net/include-path + +; The root of the PHP pages, used only if nonempty. +; if PHP was not compiled with FORCE_REDIRECT, you SHOULD set doc_root +; if you are running php as a CGI under any web server (other than IIS) +; see documentation for security issues. The alternate is to use the +; cgi.force_redirect configuration below +; http://php.net/doc-root +doc_root = + +; The directory under which PHP opens the script using /~username used only +; if nonempty. +; http://php.net/user-dir +user_dir = + +; Directory in which the loadable extensions (modules) reside. +; http://php.net/extension-dir +; extension_dir = "./" +; On windows: +; extension_dir = "ext" + +; Directory where the temporary files should be placed. +; Defaults to the system default (see sys_get_temp_dir) +; sys_temp_dir = "/tmp" + +; Whether or not to enable the dl() function. The dl() function does NOT work +; properly in multithreaded servers, such as IIS or Zeus, and is automatically +; disabled on them. +; http://php.net/enable-dl +enable_dl = Off + +; cgi.force_redirect is necessary to provide security running PHP as a CGI under +; most web servers. Left undefined, PHP turns this on by default. You can +; turn it off here AT YOUR OWN RISK +; **You CAN safely turn this off for IIS, in fact, you MUST.** +; http://php.net/cgi.force-redirect +;cgi.force_redirect = 1 + +; if cgi.nph is enabled it will force cgi to always sent Status: 200 with +; every request. PHP's default behavior is to disable this feature. +;cgi.nph = 1 + +; if cgi.force_redirect is turned on, and you are not running under Apache or Netscape +; (iPlanet) web servers, you MAY need to set an environment variable name that PHP +; will look for to know it is OK to continue execution. Setting this variable MAY +; cause security issues, KNOW WHAT YOU ARE DOING FIRST. +; http://php.net/cgi.redirect-status-env +;cgi.redirect_status_env = + +; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI. PHP's +; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok +; what PATH_INFO is. For more information on PATH_INFO, see the cgi specs. Setting +; this to 1 will cause PHP CGI to fix its paths to conform to the spec. A setting +; of zero causes PHP to behave as before. Default is 1. You should fix your scripts +; to use SCRIPT_FILENAME rather than PATH_TRANSLATED. +; http://php.net/cgi.fix-pathinfo +;cgi.fix_pathinfo=1 + +; FastCGI under IIS (on WINNT based OS) supports the ability to impersonate +; security tokens of the calling client. This allows IIS to define the +; security context that the request runs under. mod_fastcgi under Apache +; does not currently support this feature (03/17/2002) +; Set to 1 if running under IIS. Default is zero. +; http://php.net/fastcgi.impersonate +;fastcgi.impersonate = 1 + +; Disable logging through FastCGI connection. PHP's default behavior is to enable +; this feature. +;fastcgi.logging = 0 + +; cgi.rfc2616_headers configuration option tells PHP what type of headers to +; use when sending HTTP response code. If it's set 0 PHP sends Status: header that +; is supported by Apache. When this option is set to 1 PHP will send +; RFC2616 compliant header. +; Default is zero. +; http://php.net/cgi.rfc2616-headers +;cgi.rfc2616_headers = 0 + +;;;;;;;;;;;;;;;; +; File Uploads ; +;;;;;;;;;;;;;;;; + +; Whether to allow HTTP file uploads. +; http://php.net/file-uploads +file_uploads = On + +; Temporary directory for HTTP uploaded files (will use system default if not +; specified). +; http://php.net/upload-tmp-dir +upload_tmp_dir = /tmp/ + +; Maximum allowed size for uploaded files. +; http://php.net/upload-max-filesize +upload_max_filesize = 100M + +; Maximum number of files that can be uploaded via a single request +max_file_uploads = 20 + +;;;;;;;;;;;;;;;;;; +; Fopen wrappers ; +;;;;;;;;;;;;;;;;;; + +; Whether to allow the treatment of URLs (like http:// or ftp://) as files. +; http://php.net/allow-url-fopen +allow_url_fopen = On + +; Whether to allow include/require to open URLs (like http:// or ftp://) as files. +; http://php.net/allow-url-include +allow_url_include = Off + +; Define the anonymous ftp password (your email address). PHP's default setting +; for this is empty. +; http://php.net/from +;from="john@doe.com" + +; Define the User-Agent string. PHP's default setting for this is empty. +; http://php.net/user-agent +;user_agent="PHP" + +; Default timeout for socket based streams (seconds) +; http://php.net/default-socket-timeout +default_socket_timeout = 60 + +; If your scripts have to deal with files from Macintosh systems, +; or you are running on a Mac and need to deal with files from +; unix or win32 systems, setting this flag will cause PHP to +; automatically detect the EOL character in those files so that +; fgets() and file() will work regardless of the source of the file. +; http://php.net/auto-detect-line-endings +;auto_detect_line_endings = Off + +;;;;;;;;;;;;;;;;;;;;;; +; Dynamic Extensions ; +;;;;;;;;;;;;;;;;;;;;;; + +; If you wish to have an extension loaded automatically, use the following +; syntax: +; +; extension=modulename.extension +; +; For example, on Windows: +; +; extension=msql.dll +; +; ... or under UNIX: +; +; extension=msql.so +; +; ... or with a path: +; +; extension=/path/to/extension/msql.so +; +; If you only provide the name of the extension, PHP will look for it in its +; default extension directory. +; + +;;;;;;;;;;;;;;;;;;; +; Module Settings ; +;;;;;;;;;;;;;;;;;;; + +[CLI Server] +; Whether the CLI web server uses ANSI color coding in its terminal output. +cli_server.color = On + +[Date] +; Defines the default timezone used by the date functions +; http://php.net/date.timezone +;date.timezone = + +; http://php.net/date.default-latitude +;date.default_latitude = 31.7667 + +; http://php.net/date.default-longitude +;date.default_longitude = 35.2333 + +; http://php.net/date.sunrise-zenith +;date.sunrise_zenith = 90.583333 + +; http://php.net/date.sunset-zenith +;date.sunset_zenith = 90.583333 + +[filter] +; http://php.net/filter.default +;filter.default = unsafe_raw + +; http://php.net/filter.default-flags +;filter.default_flags = + +[iconv] +;iconv.input_encoding = ISO-8859-1 +;iconv.internal_encoding = ISO-8859-1 +;iconv.output_encoding = ISO-8859-1 + +[intl] +;intl.default_locale = +; This directive allows you to produce PHP errors when some error +; happens within intl functions. The value is the level of the error produced. +; Default is 0, which does not produce any errors. +;intl.error_level = E_WARNING + +[sqlite] +; http://php.net/sqlite.assoc-case +;sqlite.assoc_case = 0 + +[sqlite3] +;sqlite3.extension_dir = + +[Pcre] +;PCRE library backtracking limit. +; http://php.net/pcre.backtrack-limit +;pcre.backtrack_limit=100000 + +;PCRE library recursion limit. +;Please note that if you set this value to a high number you may consume all +;the available process stack and eventually crash PHP (due to reaching the +;stack size limit imposed by the Operating System). +; http://php.net/pcre.recursion-limit +;pcre.recursion_limit=100000 + +[Pdo] +; Whether to pool ODBC connections. Can be one of "strict", "relaxed" or "off" +; http://php.net/pdo-odbc.connection-pooling +;pdo_odbc.connection_pooling=strict + +;pdo_odbc.db2_instance_name + +[Pdo_mysql] +; If mysqlnd is used: Number of cache slots for the internal result set cache +; http://php.net/pdo_mysql.cache_size +pdo_mysql.cache_size = 2000 + +; Default socket name for local MySQL connects. If empty, uses the built-in +; MySQL defaults. +; http://php.net/pdo_mysql.default-socket +pdo_mysql.default_socket= + +[Phar] +; http://php.net/phar.readonly +;phar.readonly = On + +; http://php.net/phar.require-hash +;phar.require_hash = On + +;phar.cache_list = + +[mail function] +; For Win32 only. +; http://php.net/smtp +SMTP = localhost +; http://php.net/smtp-port +smtp_port = 25 + +; For Win32 only. +; http://php.net/sendmail-from +;sendmail_from = me@example.com + +; For Unix only. You may supply arguments as well (default: "sendmail -t -i"). +; http://php.net/sendmail-path +;sendmail_path = + +; Force the addition of the specified parameters to be passed as extra parameters +; to the sendmail binary. These parameters will always replace the value of +; the 5th parameter to mail(), even in safe mode. +;mail.force_extra_parameters = + +; Add X-PHP-Originating-Script: that will include uid of the script followed by the filename +mail.add_x_header = On + +; The path to a log file that will log all mail() calls. Log entries include +; the full path of the script, line number, To address and headers. +;mail.log = +; Log mail to syslog (Event Log on NT, not valid in Windows 95). +;mail.log = syslog + +[SQL] +; http://php.net/sql.safe-mode +sql.safe_mode = Off + +[ODBC] +; http://php.net/odbc.default-db +;odbc.default_db = Not yet implemented + +; http://php.net/odbc.default-user +;odbc.default_user = Not yet implemented + +; http://php.net/odbc.default-pw +;odbc.default_pw = Not yet implemented + +; Controls the ODBC cursor model. +; Default: SQL_CURSOR_STATIC (default). +;odbc.default_cursortype + +; Allow or prevent persistent links. +; http://php.net/odbc.allow-persistent +odbc.allow_persistent = On + +; Check that a connection is still valid before reuse. +; http://php.net/odbc.check-persistent +odbc.check_persistent = On + +; Maximum number of persistent links. -1 means no limit. +; http://php.net/odbc.max-persistent +odbc.max_persistent = -1 + +; Maximum number of links (persistent + non-persistent). -1 means no limit. +; http://php.net/odbc.max-links +odbc.max_links = -1 + +; Handling of LONG fields. Returns number of bytes to variables. 0 means +; passthru. +; http://php.net/odbc.defaultlrl +odbc.defaultlrl = 4096 + +; Handling of binary data. 0 means passthru, 1 return as is, 2 convert to char. +; See the documentation on odbc_binmode and odbc_longreadlen for an explanation +; of odbc.defaultlrl and odbc.defaultbinmode +; http://php.net/odbc.defaultbinmode +odbc.defaultbinmode = 1 + +;birdstep.max_links = -1 + +[Interbase] +; Allow or prevent persistent links. +ibase.allow_persistent = 1 + +; Maximum number of persistent links. -1 means no limit. +ibase.max_persistent = -1 + +; Maximum number of links (persistent + non-persistent). -1 means no limit. +ibase.max_links = -1 + +; Default database name for ibase_connect(). +;ibase.default_db = + +; Default username for ibase_connect(). +;ibase.default_user = + +; Default password for ibase_connect(). +;ibase.default_password = + +; Default charset for ibase_connect(). +;ibase.default_charset = + +; Default timestamp format. +ibase.timestampformat = "%Y-%m-%d %H:%M:%S" + +; Default date format. +ibase.dateformat = "%Y-%m-%d" + +; Default time format. +ibase.timeformat = "%H:%M:%S" + +[MySQL] +; Allow accessing, from PHP's perspective, local files with LOAD DATA statements +; http://php.net/mysql.allow_local_infile +mysql.allow_local_infile = On + +; Allow or prevent persistent links. +; http://php.net/mysql.allow-persistent +mysql.allow_persistent = On + +; If mysqlnd is used: Number of cache slots for the internal result set cache +; http://php.net/mysql.cache_size +mysql.cache_size = 2000 + +; Maximum number of persistent links. -1 means no limit. +; http://php.net/mysql.max-persistent +mysql.max_persistent = -1 + +; Maximum number of links (persistent + non-persistent). -1 means no limit. +; http://php.net/mysql.max-links +mysql.max_links = -1 + +; Default port number for mysql_connect(). If unset, mysql_connect() will use +; the $MYSQL_TCP_PORT or the mysql-tcp entry in /etc/services or the +; compile-time value defined MYSQL_PORT (in that order). Win32 will only look +; at MYSQL_PORT. +; http://php.net/mysql.default-port +mysql.default_port = + +; Default socket name for local MySQL connects. If empty, uses the built-in +; MySQL defaults. +; http://php.net/mysql.default-socket +mysql.default_socket = + +; Default host for mysql_connect() (doesn't apply in safe mode). +; http://php.net/mysql.default-host +mysql.default_host = + +; Default user for mysql_connect() (doesn't apply in safe mode). +; http://php.net/mysql.default-user +mysql.default_user = + +; Default password for mysql_connect() (doesn't apply in safe mode). +; Note that this is generally a *bad* idea to store passwords in this file. +; *Any* user with PHP access can run 'echo get_cfg_var("mysql.default_password") +; and reveal this password! And of course, any users with read access to this +; file will be able to reveal the password as well. +; http://php.net/mysql.default-password +mysql.default_password = + +; Maximum time (in seconds) for connect timeout. -1 means no limit +; http://php.net/mysql.connect-timeout +mysql.connect_timeout = 60 + +; Trace mode. When trace_mode is active (=On), warnings for table/index scans and +; SQL-Errors will be displayed. +; http://php.net/mysql.trace-mode +mysql.trace_mode = Off + +[MySQLi] + +; Maximum number of persistent links. -1 means no limit. +; http://php.net/mysqli.max-persistent +mysqli.max_persistent = -1 + +; Allow accessing, from PHP's perspective, local files with LOAD DATA statements +; http://php.net/mysqli.allow_local_infile +;mysqli.allow_local_infile = On + +; Allow or prevent persistent links. +; http://php.net/mysqli.allow-persistent +mysqli.allow_persistent = On + +; Maximum number of links. -1 means no limit. +; http://php.net/mysqli.max-links +mysqli.max_links = -1 + +; If mysqlnd is used: Number of cache slots for the internal result set cache +; http://php.net/mysqli.cache_size +mysqli.cache_size = 2000 + +; Default port number for mysqli_connect(). If unset, mysqli_connect() will use +; the $MYSQL_TCP_PORT or the mysql-tcp entry in /etc/services or the +; compile-time value defined MYSQL_PORT (in that order). Win32 will only look +; at MYSQL_PORT. +; http://php.net/mysqli.default-port +mysqli.default_port = 3306 + +; Default socket name for local MySQL connects. If empty, uses the built-in +; MySQL defaults. +; http://php.net/mysqli.default-socket +mysqli.default_socket = + +; Default host for mysql_connect() (doesn't apply in safe mode). +; http://php.net/mysqli.default-host +mysqli.default_host = + +; Default user for mysql_connect() (doesn't apply in safe mode). +; http://php.net/mysqli.default-user +mysqli.default_user = + +; Default password for mysqli_connect() (doesn't apply in safe mode). +; Note that this is generally a *bad* idea to store passwords in this file. +; *Any* user with PHP access can run 'echo get_cfg_var("mysqli.default_pw") +; and reveal this password! And of course, any users with read access to this +; file will be able to reveal the password as well. +; http://php.net/mysqli.default-pw +mysqli.default_pw = + +; Allow or prevent reconnect +mysqli.reconnect = Off + +[mysqlnd] +; Enable / Disable collection of general statistics by mysqlnd which can be +; used to tune and monitor MySQL operations. +; http://php.net/mysqlnd.collect_statistics +mysqlnd.collect_statistics = On + +; Enable / Disable collection of memory usage statistics by mysqlnd which can be +; used to tune and monitor MySQL operations. +; http://php.net/mysqlnd.collect_memory_statistics +mysqlnd.collect_memory_statistics = Off + +; Size of a pre-allocated buffer used when sending commands to MySQL in bytes. +; http://php.net/mysqlnd.net_cmd_buffer_size +;mysqlnd.net_cmd_buffer_size = 2048 + +; Size of a pre-allocated buffer used for reading data sent by the server in +; bytes. +; http://php.net/mysqlnd.net_read_buffer_size +;mysqlnd.net_read_buffer_size = 32768 + +[OCI8] + +; Connection: Enables privileged connections using external +; credentials (OCI_SYSOPER, OCI_SYSDBA) +; http://php.net/oci8.privileged-connect +;oci8.privileged_connect = Off + +; Connection: The maximum number of persistent OCI8 connections per +; process. Using -1 means no limit. +; http://php.net/oci8.max-persistent +;oci8.max_persistent = -1 + +; Connection: The maximum number of seconds a process is allowed to +; maintain an idle persistent connection. Using -1 means idle +; persistent connections will be maintained forever. +; http://php.net/oci8.persistent-timeout +;oci8.persistent_timeout = -1 + +; Connection: The number of seconds that must pass before issuing a +; ping during oci_pconnect() to check the connection validity. When +; set to 0, each oci_pconnect() will cause a ping. Using -1 disables +; pings completely. +; http://php.net/oci8.ping-interval +;oci8.ping_interval = 60 + +; Connection: Set this to a user chosen connection class to be used +; for all pooled server requests with Oracle 11g Database Resident +; Connection Pooling (DRCP). To use DRCP, this value should be set to +; the same string for all web servers running the same application, +; the database pool must be configured, and the connection string must +; specify to use a pooled server. +;oci8.connection_class = + +; High Availability: Using On lets PHP receive Fast Application +; Notification (FAN) events generated when a database node fails. The +; database must also be configured to post FAN events. +;oci8.events = Off + +; Tuning: This option enables statement caching, and specifies how +; many statements to cache. Using 0 disables statement caching. +; http://php.net/oci8.statement-cache-size +;oci8.statement_cache_size = 20 + +; Tuning: Enables statement prefetching and sets the default number of +; rows that will be fetched automatically after statement execution. +; http://php.net/oci8.default-prefetch +;oci8.default_prefetch = 100 + +; Compatibility. Using On means oci_close() will not close +; oci_connect() and oci_new_connect() connections. +; http://php.net/oci8.old-oci-close-semantics +;oci8.old_oci_close_semantics = Off + +[PostgreSQL] +; Allow or prevent persistent links. +; http://php.net/pgsql.allow-persistent +pgsql.allow_persistent = On + +; Detect broken persistent links always with pg_pconnect(). +; Auto reset feature requires a little overheads. +; http://php.net/pgsql.auto-reset-persistent +pgsql.auto_reset_persistent = Off + +; Maximum number of persistent links. -1 means no limit. +; http://php.net/pgsql.max-persistent +pgsql.max_persistent = -1 + +; Maximum number of links (persistent+non persistent). -1 means no limit. +; http://php.net/pgsql.max-links +pgsql.max_links = -1 + +; Ignore PostgreSQL backends Notice message or not. +; Notice message logging require a little overheads. +; http://php.net/pgsql.ignore-notice +pgsql.ignore_notice = 0 + +; Log PostgreSQL backends Notice message or not. +; Unless pgsql.ignore_notice=0, module cannot log notice message. +; http://php.net/pgsql.log-notice +pgsql.log_notice = 0 + +[Sybase-CT] +; Allow or prevent persistent links. +; http://php.net/sybct.allow-persistent +sybct.allow_persistent = On + +; Maximum number of persistent links. -1 means no limit. +; http://php.net/sybct.max-persistent +sybct.max_persistent = -1 + +; Maximum number of links (persistent + non-persistent). -1 means no limit. +; http://php.net/sybct.max-links +sybct.max_links = -1 + +; Minimum server message severity to display. +; http://php.net/sybct.min-server-severity +sybct.min_server_severity = 10 + +; Minimum client message severity to display. +; http://php.net/sybct.min-client-severity +sybct.min_client_severity = 10 + +; Set per-context timeout +; http://php.net/sybct.timeout +;sybct.timeout= + +;sybct.packet_size + +; The maximum time in seconds to wait for a connection attempt to succeed before returning failure. +; Default: one minute +;sybct.login_timeout= + +; The name of the host you claim to be connecting from, for display by sp_who. +; Default: none +;sybct.hostname= + +; Allows you to define how often deadlocks are to be retried. -1 means "forever". +; Default: 0 +;sybct.deadlock_retry_count= + +[bcmath] +; Number of decimal digits for all bcmath functions. +; http://php.net/bcmath.scale +bcmath.scale = 0 + +[browscap] +; http://php.net/browscap +;browscap = extra/browscap.ini + +[Session] +; Handler used to store/retrieve data. +; http://php.net/session.save-handler +session.save_handler = files + +; Argument passed to save_handler. In the case of files, this is the path +; where data files are stored. Note: Windows users have to change this +; variable in order to use PHP's session functions. +; +; The path can be defined as: +; +; session.save_path = "N;/path" +; +; where N is an integer. Instead of storing all the session files in +; /path, what this will do is use subdirectories N-levels deep, and +; store the session data in those directories. This is useful if you +; or your OS have problems with lots of files in one directory, and is +; a more efficient layout for servers that handle lots of sessions. +; +; NOTE 1: PHP will not create this directory structure automatically. +; You can use the script in the ext/session dir for that purpose. +; NOTE 2: See the section on garbage collection below if you choose to +; use subdirectories for session storage +; +; The file storage module creates files using mode 600 by default. +; You can change that by using +; +; session.save_path = "N;MODE;/path" +; +; where MODE is the octal representation of the mode. Note that this +; does not overwrite the process's umask. +; http://php.net/session.save-path +;session.save_path = "/var/lib/php5" + +; Whether to use strict session mode. +; Strict session mode does not accept uninitialized session ID and regenerate +; session ID if browser sends uninitialized session ID. Strict mode protects +; applications from session fixation via session adoption vulnerability. It is +; disabled by default for maximum compatibility, but enabling it is encouraged. +; https://wiki.php.net/rfc/strict_sessions +session.use_strict_mode = 0 + +; Whether to use cookies. +; http://php.net/session.use-cookies +session.use_cookies = 1 + +; http://php.net/session.cookie-secure +;session.cookie_secure = + +; This option forces PHP to fetch and use a cookie for storing and maintaining +; the session id. We encourage this operation as it's very helpful in combating +; session hijacking when not specifying and managing your own session id. It is +; not the end all be all of session hijacking defense, but it's a good start. +; http://php.net/session.use-only-cookies +session.use_only_cookies = 1 + +; Name of the session (used as cookie name). +; http://php.net/session.name +session.name = PHPSESSID + +; Initialize session on request startup. +; http://php.net/session.auto-start +session.auto_start = 0 + +; Lifetime in seconds of cookie or, if 0, until browser is restarted. +; http://php.net/session.cookie-lifetime +session.cookie_lifetime = 0 + +; The path for which the cookie is valid. +; http://php.net/session.cookie-path +session.cookie_path = / + +; The domain for which the cookie is valid. +; http://php.net/session.cookie-domain +session.cookie_domain = + +; Whether or not to add the httpOnly flag to the cookie, which makes it inaccessible to browser scripting languages such as JavaScript. +; http://php.net/session.cookie-httponly +session.cookie_httponly = + +; Handler used to serialize data. php is the standard serializer of PHP. +; http://php.net/session.serialize-handler +session.serialize_handler = php + +; Defines the probability that the 'garbage collection' process is started +; on every session initialization. The probability is calculated by using +; gc_probability/gc_divisor. Where session.gc_probability is the numerator +; and gc_divisor is the denominator in the equation. Setting this value to 1 +; when the session.gc_divisor value is 100 will give you approximately a 1% chance +; the gc will run on any give request. +; Default Value: 1 +; Development Value: 1 +; Production Value: 1 +; http://php.net/session.gc-probability +session.gc_probability = 0 + +; Defines the probability that the 'garbage collection' process is started on every +; session initialization. The probability is calculated by using the following equation: +; gc_probability/gc_divisor. Where session.gc_probability is the numerator and +; session.gc_divisor is the denominator in the equation. Setting this value to 1 +; when the session.gc_divisor value is 100 will give you approximately a 1% chance +; the gc will run on any give request. Increasing this value to 1000 will give you +; a 0.1% chance the gc will run on any give request. For high volume production servers, +; this is a more efficient approach. +; Default Value: 100 +; Development Value: 1000 +; Production Value: 1000 +; http://php.net/session.gc-divisor +session.gc_divisor = 1000 + +; After this number of seconds, stored data will be seen as 'garbage' and +; cleaned up by the garbage collection process. +; http://php.net/session.gc-maxlifetime +session.gc_maxlifetime = 1440 + +; NOTE: If you are using the subdirectory option for storing session files +; (see session.save_path above), then garbage collection does *not* +; happen automatically. You will need to do your own garbage +; collection through a shell script, cron entry, or some other method. +; For example, the following script would is the equivalent of +; setting session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes): +; find /path/to/sessions -cmin +24 -type f | xargs rm + +; PHP 4.2 and less have an undocumented feature/bug that allows you to +; to initialize a session variable in the global scope. +; PHP 4.3 and later will warn you, if this feature is used. +; You can disable the feature and the warning separately. At this time, +; the warning is only displayed, if bug_compat_42 is enabled. This feature +; introduces some serious security problems if not handled correctly. It's +; recommended that you do not use this feature on production servers. But you +; should enable this on development servers and enable the warning as well. If you +; do not enable the feature on development servers, you won't be warned when it's +; used and debugging errors caused by this can be difficult to track down. +; Default Value: On +; Development Value: On +; Production Value: Off +; http://php.net/session.bug-compat-42 +session.bug_compat_42 = Off + +; This setting controls whether or not you are warned by PHP when initializing a +; session value into the global space. session.bug_compat_42 must be enabled before +; these warnings can be issued by PHP. See the directive above for more information. +; Default Value: On +; Development Value: On +; Production Value: Off +; http://php.net/session.bug-compat-warn +session.bug_compat_warn = Off + +; Check HTTP Referer to invalidate externally stored URLs containing ids. +; HTTP_REFERER has to contain this substring for the session to be +; considered as valid. +; http://php.net/session.referer-check +session.referer_check = + +; How many bytes to read from the file. +; http://php.net/session.entropy-length +;session.entropy_length = 32 + +; Specified here to create the session id. +; http://php.net/session.entropy-file +; Defaults to /dev/urandom +; On systems that don't have /dev/urandom but do have /dev/arandom, this will default to /dev/arandom +; If neither are found at compile time, the default is no entropy file. +; On windows, setting the entropy_length setting will activate the +; Windows random source (using the CryptoAPI) +;session.entropy_file = /dev/urandom + +; Set to {nocache,private,public,} to determine HTTP caching aspects +; or leave this empty to avoid sending anti-caching headers. +; http://php.net/session.cache-limiter +session.cache_limiter = nocache + +; Document expires after n minutes. +; http://php.net/session.cache-expire +session.cache_expire = 180 + +; trans sid support is disabled by default. +; Use of trans sid may risk your users security. +; Use this option with caution. +; - User may send URL contains active session ID +; to other person via. email/irc/etc. +; - URL that contains active session ID may be stored +; in publicly accessible computer. +; - User may access your site with the same session ID +; always using URL stored in browser's history or bookmarks. +; http://php.net/session.use-trans-sid +session.use_trans_sid = 0 + +; Select a hash function for use in generating session ids. +; Possible Values +; 0 (MD5 128 bits) +; 1 (SHA-1 160 bits) +; This option may also be set to the name of any hash function supported by +; the hash extension. A list of available hashes is returned by the hash_algos() +; function. +; http://php.net/session.hash-function +session.hash_function = 0 + +; Define how many bits are stored in each character when converting +; the binary hash data to something readable. +; Possible values: +; 4 (4 bits: 0-9, a-f) +; 5 (5 bits: 0-9, a-v) +; 6 (6 bits: 0-9, a-z, A-Z, "-", ",") +; Default Value: 4 +; Development Value: 5 +; Production Value: 5 +; http://php.net/session.hash-bits-per-character +session.hash_bits_per_character = 5 + +; The URL rewriter will look for URLs in a defined set of HTML tags. +; form/fieldset are special; if you include them here, the rewriter will +; add a hidden field with the info which is otherwise appended +; to URLs. If you want XHTML conformity, remove the form entry. +; Note that all valid entries require a "=", even if no value follows. +; Default Value: "a=href,area=href,frame=src,form=,fieldset=" +; Development Value: "a=href,area=href,frame=src,input=src,form=fakeentry" +; Production Value: "a=href,area=href,frame=src,input=src,form=fakeentry" +; http://php.net/url-rewriter.tags +url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry" + +; Enable upload progress tracking in $_SESSION +; Default Value: On +; Development Value: On +; Production Value: On +; http://php.net/session.upload-progress.enabled +;session.upload_progress.enabled = On + +; Cleanup the progress information as soon as all POST data has been read +; (i.e. upload completed). +; Default Value: On +; Development Value: On +; Production Value: On +; http://php.net/session.upload-progress.cleanup +;session.upload_progress.cleanup = On + +; A prefix used for the upload progress key in $_SESSION +; Default Value: "upload_progress_" +; Development Value: "upload_progress_" +; Production Value: "upload_progress_" +; http://php.net/session.upload-progress.prefix +;session.upload_progress.prefix = "upload_progress_" + +; The index name (concatenated with the prefix) in $_SESSION +; containing the upload progress information +; Default Value: "PHP_SESSION_UPLOAD_PROGRESS" +; Development Value: "PHP_SESSION_UPLOAD_PROGRESS" +; Production Value: "PHP_SESSION_UPLOAD_PROGRESS" +; http://php.net/session.upload-progress.name +;session.upload_progress.name = "PHP_SESSION_UPLOAD_PROGRESS" + +; How frequently the upload progress should be updated. +; Given either in percentages (per-file), or in bytes +; Default Value: "1%" +; Development Value: "1%" +; Production Value: "1%" +; http://php.net/session.upload-progress.freq +;session.upload_progress.freq = "1%" + +; The minimum delay between updates, in seconds +; Default Value: 1 +; Development Value: 1 +; Production Value: 1 +; http://php.net/session.upload-progress.min-freq +;session.upload_progress.min_freq = "1" + +[MSSQL] +; Allow or prevent persistent links. +mssql.allow_persistent = On + +; Maximum number of persistent links. -1 means no limit. +mssql.max_persistent = -1 + +; Maximum number of links (persistent+non persistent). -1 means no limit. +mssql.max_links = -1 + +; Minimum error severity to display. +mssql.min_error_severity = 10 + +; Minimum message severity to display. +mssql.min_message_severity = 10 + +; Compatibility mode with old versions of PHP 3.0. +mssql.compatibility_mode = Off + +; Connect timeout +;mssql.connect_timeout = 5 + +; Query timeout +;mssql.timeout = 60 + +; Valid range 0 - 2147483647. Default = 4096. +;mssql.textlimit = 4096 + +; Valid range 0 - 2147483647. Default = 4096. +;mssql.textsize = 4096 + +; Limits the number of records in each batch. 0 = all records in one batch. +;mssql.batchsize = 0 + +; Specify how datetime and datetim4 columns are returned +; On => Returns data converted to SQL server settings +; Off => Returns values as YYYY-MM-DD hh:mm:ss +;mssql.datetimeconvert = On + +; Use NT authentication when connecting to the server +mssql.secure_connection = Off + +; Specify max number of processes. -1 = library default +; msdlib defaults to 25 +; FreeTDS defaults to 4096 +;mssql.max_procs = -1 + +; Specify client character set. +; If empty or not set the client charset from freetds.conf is used +; This is only used when compiled with FreeTDS +;mssql.charset = "ISO-8859-1" + +[Assertion] +; Assert(expr); active by default. +; http://php.net/assert.active +;assert.active = On + +; Issue a PHP warning for each failed assertion. +; http://php.net/assert.warning +;assert.warning = On + +; Don't bail out by default. +; http://php.net/assert.bail +;assert.bail = Off + +; User-function to be called if an assertion fails. +; http://php.net/assert.callback +;assert.callback = 0 + +; Eval the expression with current error_reporting(). Set to true if you want +; error_reporting(0) around the eval(). +; http://php.net/assert.quiet-eval +;assert.quiet_eval = 0 + +[COM] +; path to a file containing GUIDs, IIDs or filenames of files with TypeLibs +; http://php.net/com.typelib-file +;com.typelib_file = + +; allow Distributed-COM calls +; http://php.net/com.allow-dcom +;com.allow_dcom = true + +; autoregister constants of a components typlib on com_load() +; http://php.net/com.autoregister-typelib +;com.autoregister_typelib = true + +; register constants casesensitive +; http://php.net/com.autoregister-casesensitive +;com.autoregister_casesensitive = false + +; show warnings on duplicate constant registrations +; http://php.net/com.autoregister-verbose +;com.autoregister_verbose = true + +; The default character set code-page to use when passing strings to and from COM objects. +; Default: system ANSI code page +;com.code_page= + +[mbstring] +; language for internal character representation. +; http://php.net/mbstring.language +;mbstring.language = Japanese + +; internal/script encoding. +; Some encoding cannot work as internal encoding. +; (e.g. SJIS, BIG5, ISO-2022-*) +; http://php.net/mbstring.internal-encoding +;mbstring.internal_encoding = UTF-8 + +; http input encoding. +; http://php.net/mbstring.http-input +;mbstring.http_input = UTF-8 + +; http output encoding. mb_output_handler must be +; registered as output buffer to function +; http://php.net/mbstring.http-output +;mbstring.http_output = pass + +; enable automatic encoding translation according to +; mbstring.internal_encoding setting. Input chars are +; converted to internal encoding by setting this to On. +; Note: Do _not_ use automatic encoding translation for +; portable libs/applications. +; http://php.net/mbstring.encoding-translation +;mbstring.encoding_translation = Off + +; automatic encoding detection order. +; auto means +; http://php.net/mbstring.detect-order +;mbstring.detect_order = auto + +; substitute_character used when character cannot be converted +; one from another +; http://php.net/mbstring.substitute-character +;mbstring.substitute_character = none + +; overload(replace) single byte functions by mbstring functions. +; mail(), ereg(), etc are overloaded by mb_send_mail(), mb_ereg(), +; etc. Possible values are 0,1,2,4 or combination of them. +; For example, 7 for overload everything. +; 0: No overload +; 1: Overload mail() function +; 2: Overload str*() functions +; 4: Overload ereg*() functions +; http://php.net/mbstring.func-overload +;mbstring.func_overload = 0 + +; enable strict encoding detection. +;mbstring.strict_detection = On + +; This directive specifies the regex pattern of content types for which mb_output_handler() +; is activated. +; Default: mbstring.http_output_conv_mimetype=^(text/|application/xhtml\+xml) +;mbstring.http_output_conv_mimetype= + +[gd] +; Tell the jpeg decode to ignore warnings and try to create +; a gd image. The warning will then be displayed as notices +; disabled by default +; http://php.net/gd.jpeg-ignore-warning +;gd.jpeg_ignore_warning = 0 + +[exif] +; Exif UNICODE user comments are handled as UCS-2BE/UCS-2LE and JIS as JIS. +; With mbstring support this will automatically be converted into the encoding +; given by corresponding encode setting. When empty mbstring.internal_encoding +; is used. For the decode settings you can distinguish between motorola and +; intel byte order. A decode setting cannot be empty. +; http://php.net/exif.encode-unicode +;exif.encode_unicode = ISO-8859-15 + +; http://php.net/exif.decode-unicode-motorola +;exif.decode_unicode_motorola = UCS-2BE + +; http://php.net/exif.decode-unicode-intel +;exif.decode_unicode_intel = UCS-2LE + +; http://php.net/exif.encode-jis +;exif.encode_jis = + +; http://php.net/exif.decode-jis-motorola +;exif.decode_jis_motorola = JIS + +; http://php.net/exif.decode-jis-intel +;exif.decode_jis_intel = JIS + +[Tidy] +; The path to a default tidy configuration file to use when using tidy +; http://php.net/tidy.default-config +;tidy.default_config = /usr/local/lib/php/default.tcfg + +; Should tidy clean and repair output automatically? +; WARNING: Do not use this option if you are generating non-html content +; such as dynamic images +; http://php.net/tidy.clean-output +tidy.clean_output = Off + +[soap] +; Enables or disables WSDL caching feature. +; http://php.net/soap.wsdl-cache-enabled +soap.wsdl_cache_enabled=1 + +; Sets the directory name where SOAP extension will put cache files. +; http://php.net/soap.wsdl-cache-dir +soap.wsdl_cache_dir="/tmp" + +; (time to live) Sets the number of second while cached file will be used +; instead of original one. +; http://php.net/soap.wsdl-cache-ttl +soap.wsdl_cache_ttl=86400 + +; Sets the size of the cache limit. (Max. number of WSDL files to cache) +soap.wsdl_cache_limit = 5 + +[sysvshm] +; A default size of the shared memory segment +;sysvshm.init_mem = 10000 + +[ldap] +; Sets the maximum number of open links or -1 for unlimited. +ldap.max_links = -1 + +[mcrypt] +; For more information about mcrypt settings see http://php.net/mcrypt-module-open + +; Directory where to load mcrypt algorithms +; Default: Compiled in into libmcrypt (usually /usr/local/lib/libmcrypt) +;mcrypt.algorithms_dir= + +; Directory where to load mcrypt modes +; Default: Compiled in into libmcrypt (usually /usr/local/lib/libmcrypt) +;mcrypt.modes_dir= + +[dba] +;dba.default_handler= + +[opcache] +; Determines if Zend OPCache is enabled +;opcache.enable=0 + +; Determines if Zend OPCache is enabled for the CLI version of PHP +;opcache.enable_cli=0 + +; The OPcache shared memory storage size. +;opcache.memory_consumption=64 + +; The amount of memory for interned strings in Mbytes. +;opcache.interned_strings_buffer=4 + +; The maximum number of keys (scripts) in the OPcache hash table. +; Only numbers between 200 and 100000 are allowed. +;opcache.max_accelerated_files=2000 + +; The maximum percentage of "wasted" memory until a restart is scheduled. +;opcache.max_wasted_percentage=5 + +; When this directive is enabled, the OPcache appends the current working +; directory to the script key, thus eliminating possible collisions between +; files with the same name (basename). Disabling the directive improves +; performance, but may break existing applications. +;opcache.use_cwd=1 + +; When disabled, you must reset the OPcache manually or restart the +; webserver for changes to the filesystem to take effect. +;opcache.validate_timestamps=1 + +; How often (in seconds) to check file timestamps for changes to the shared +; memory storage allocation. ("1" means validate once per second, but only +; once per request. "0" means always validate) +;opcache.revalidate_freq=2 + +; Enables or disables file search in include_path optimization +;opcache.revalidate_path=0 + +; If disabled, all PHPDoc comments are dropped from the code to reduce the +; size of the optimized code. +;opcache.save_comments=1 + +; If disabled, PHPDoc comments are not loaded from SHM, so "Doc Comments" +; may be always stored (save_comments=1), but not loaded by applications +; that don't need them anyway. +;opcache.load_comments=1 + +; If enabled, a fast shutdown sequence is used for the accelerated code +;opcache.fast_shutdown=0 + +; Allow file existence override (file_exists, etc.) performance feature. +;opcache.enable_file_override=0 + +; A bitmask, where each bit enables or disables the appropriate OPcache +; passes +;opcache.optimization_level=0xffffffff + +;opcache.inherited_hack=1 +;opcache.dups_fix=0 + +; The location of the OPcache blacklist file (wildcards allowed). +; Each OPcache blacklist file is a text file that holds the names of files +; that should not be accelerated. The file format is to add each filename +; to a new line. The filename may be a full path or just a file prefix +; (i.e., /var/www/x blacklists all the files and directories in /var/www +; that start with 'x'). Line starting with a ; are ignored (comments). +;opcache.blacklist_filename= + +; Allows exclusion of large files from being cached. By default all files +; are cached. +;opcache.max_file_size=0 + +; Check the cache checksum each N requests. +; The default value of "0" means that the checks are disabled. +;opcache.consistency_checks=0 + +; How long to wait (in seconds) for a scheduled restart to begin if the cache +; is not being accessed. +;opcache.force_restart_timeout=180 + +; OPcache error_log file name. Empty string assumes "stderr". +;opcache.error_log= + +; All OPcache errors go to the Web server log. +; By default, only fatal errors (level 0) or errors (level 1) are logged. +; You can also enable warnings (level 2), info messages (level 3) or +; debug messages (level 4). +;opcache.log_verbosity_level=1 + +; Preferred Shared Memory back-end. Leave empty and let the system decide. +;opcache.preferred_memory_model= + +; Protect the shared memory from unexpected writing during script execution. +; Useful for internal debugging only. +;opcache.protect_memory=0 + +[curl] +; A default value for the CURLOPT_CAINFO option. This is required to be an +; absolute path. +;curl.cainfo = + +; Local Variables: +; tab-width: 4 +; End: diff --git a/xandikos/Dockerfile b/xandikos/Dockerfile new file mode 100644 index 0000000..cac06c6 --- /dev/null +++ b/xandikos/Dockerfile @@ -0,0 +1,30 @@ +FROM alpine:3.11 + +RUN apk add --no-cache \ + git \ + python3 \ + su-exec && \ + apk add --no-cache --virtual .build-deps \ + gcc \ + musl-dev \ + py3-pip \ + python3-dev && \ + pip3 install --upgrade pip && \ + pip3 install \ + aiohttp \ + defusedxml \ + dulwich \ + icalendar \ + jinja2 \ + prometheus-client && \ + apk del .build-deps && \ + mkdir -p /opt && \ + git clone https://github.com/jelmer/xandikos /opt/xandikos && \ + adduser -D -h /var/lib/xandikos xandikos && \ + mkdir -p /var/lib/xandikos/data && \ + chown -R xandikos:xandikos /var/lib/xandikos + +COPY entrypoint.sh /entrypoint +RUN chmod +x /entrypoint +ENTRYPOINT ["/entrypoint"] +CMD ["xandikos"] diff --git a/xandikos/Makefile b/xandikos/Makefile new file mode 100644 index 0000000..8b598db --- /dev/null +++ b/xandikos/Makefile @@ -0,0 +1,10 @@ +USERNAME = rilla +IMG_NAME = xandikos + +.PHONY: build build-nc + +build: Dockerfile entrypoint.sh + docker build -t $(USERNAME)/$(IMG_NAME) . + +build-nc: Dockerfile entrypoint.sh + docker build --no-cache -t $(USERNAME)/$(IMG_NAME) . diff --git a/xandikos/entrypoint.sh b/xandikos/entrypoint.sh new file mode 100644 index 0000000..f745f06 --- /dev/null +++ b/xandikos/entrypoint.sh @@ -0,0 +1,28 @@ +#!/bin/sh + +set -xe + +PORT=${PORT:-8000} +ROUTE_PREFIX=${ROUTE_PREFIX:-/} + +current_user_principal="/user" + +chown -R xandikos:xandikos /var/lib/xandikos + +case $1 in + xandikos) + cd /opt/xandikos + exec su-exec xandikos python3 -m xandikos.web \ + --port="${PORT}" \ + --listen-address='0.0.0.0' \ + -d /var/lib/xandikos/data \ + --current-user-principal="${current_user_principal}" \ + --route-prefix "${ROUTE_PREFIX}" \ + --autocreate \ + --defaults + ;; + *) + exec "$@" + ;; +esac +