From ad70b4aca07c09bb601586893dd2a2f0c95724d8 Mon Sep 17 00:00:00 2001 From: Salt Date: Fri, 16 Oct 2020 22:17:38 -0500 Subject: [PATCH] Exodia, obliterate --- README.md | 29 - ansible-pull.cfg | 12 - ansible.cfg | 19 - inventory/group_vars/all.yml | 207 -- inventory/hosts.yml | 73 - localhost-deploy.sh | 25 - playbooks/appservers.yml | 42 - playbooks/dbservers.yml | 8 - playbooks/dns.yml | 17 - playbooks/gameservers.yml | 25 - playbooks/home.yml | 52 - playbooks/phone.yml | 11 - playbooks/webservers.yml | 47 - provision.yml | 9 - reboot.yml | 15 - roles/adam/defaults/main.yml | 4 - roles/adam/tasks/main.yml | 60 - roles/adam/templates/adam@.service | 29 - roles/adam/templates/auth.json | 3 - roles/ansible-pull/defaults/main.yml | 5 - roles/ansible-pull/files/ansiblevaultpass | 6 - roles/ansible-pull/handlers/main.yml | 10 - roles/ansible-pull/meta/main.yml | 4 - roles/ansible-pull/tasks/main.yml | 32 - .../templates/ansible-pull.service | 16 - .../ansible-pull/templates/ansible-pull.timer | 11 - roles/ansible/files/ansiblekey | 135 -- roles/ansible/meta/main.yml | 4 - roles/ansible/tasks/main.yml | 51 - roles/apache-php/files/my.cnf | 30 - roles/apache-php/files/php-apache2.ini | 1933 --------------- roles/apache-php/files/php-cgi.ini | 1933 --------------- roles/apache-php/handlers/main.yml | 8 - roles/apache-php/meta/main.yml | 2 - roles/apache-php/tasks/main.yml | 72 - roles/awscreds/files/awscredentials | 11 - roles/awscreds/meta/main.yml | 2 - roles/awscreds/tasks/main.yml | 15 - roles/base-backups/defaults/main.yml | 5 - roles/base-backups/handlers/main.yml | 10 - roles/base-backups/meta/main.yml | 6 - roles/base-backups/tasks/main.yml | 41 - .../templates/9iron-backup.service | 14 - .../base-backups/templates/9iron-backup.timer | 11 - roles/base-backups/templates/backup.sh | 65 - roles/base-snmpd/handlers/main.yml | 8 - roles/base-snmpd/tasks/main.yml | 21 - roles/base-snmpd/templates/snmpd.conf | 165 -- roles/base-user/defaults/main.yml | 4 - roles/base-user/meta/main.yml | 2 - roles/base-user/tasks/main.yml | 88 - roles/common/files/motd-news | 19 - roles/common/handlers/main.yml | 8 - roles/common/meta/main.yml | 2 - roles/common/tasks/ansibleuser.yml | 41 - roles/common/tasks/main.yml | 63 - roles/common/tasks/packages.yml | 58 - roles/common/templates/50-ansible-motd.sh | 34 - roles/common/templates/90-ansible | 3 - roles/common/templates/hosts | 11 - roles/common/templates/issue | 2 - roles/desktop-common/handlers/main.yml | 14 - roles/desktop-common/meta/main.yml | 2 - roles/desktop-common/tasks/dkms.yml | 13 - roles/desktop-common/tasks/main.yml | 74 - roles/desktop-common/tasks/mopidy.yml | 46 - roles/desktop-common/tasks/packages.yml | 245 -- roles/desktop-common/tasks/sshd.yml | 19 - .../templates/apache2-vhost.conf | 8 - roles/desktop-common/templates/backup.sh | 67 - roles/desktop-common/templates/g810-led.rules | 22 - roles/desktop-common/templates/grubconfig | 40 - roles/desktop-common/templates/mopidy.conf | 132 -- .../templates/nomouseaccel.conf | 9 - roles/desktop-common/templates/sshd_config | 112 - .../desktop-common/templates/switch-rcm.rules | 1 - roles/desktop-common/templates/touchpad.conf | 12 - roles/desktop-sddm/meta/main.yml | 2 - roles/desktop-sddm/tasks/main.yml | 43 - roles/desktop-sddm/templates/main.conf | 11 - roles/desktop-sddm/templates/theme.conf | 6 - roles/desktop-zerotier/handlers/main.yml | 9 - roles/desktop-zerotier/meta/main.yml | 2 - roles/desktop-zerotier/tasks/main.yml | 35 - .../templates/zerotier-one.service | 14 - roles/dkms/handlers/main.yml | 9 - roles/dkms/tasks/main.yml | 15 - roles/dokuwiki/defaults/main.yml | 3 - roles/dokuwiki/meta/main.yml | 4 - roles/dokuwiki/tasks/main.yml | 64 - .../dokuwiki/templates/apache2-vhost-ssl.conf | 35 - roles/dokuwiki/templates/backup.sh | 38 - roles/gitea/defaults/main.yml | 7 - roles/gitea/handlers/main.yml | 11 - roles/gitea/meta/main.yml | 5 - roles/gitea/tasks/add_default_user.yml | 32 - roles/gitea/tasks/main.yml | 160 -- roles/gitea/templates/apache2-vhost-ssl.conf | 37 - roles/gitea/templates/app.ini | 74 - roles/gitea/templates/backup.sh | 47 - roles/gitea/templates/gitea.service | 25 - roles/gitweb/meta/main.yml | 4 - roles/gitweb/tasks/main.yml | 37 - roles/gitweb/templates/apache2-vhost-ssl.conf | 32 - roles/grafana/handlers/main.yml | 8 - roles/grafana/meta/main.yml | 4 - roles/grafana/tasks/main.yml | 93 - .../grafana/templates/apache2-vhost-ssl.conf | 35 - roles/grafana/templates/grafana.ini | 714 ------ roles/https/meta/main.yml | 4 - roles/https/tasks/main.yml | 116 - roles/https/templates/apache2-vhost.conf | 14 - roles/influxdb/handlers/main.yml | 9 - roles/influxdb/tasks/main.yml | 20 - roles/influxdb/templates/influxdb.conf | 556 ----- roles/matrix/defaults/main.yml | 5 - roles/matrix/handlers/main.yml | 9 - roles/matrix/meta/main.yml | 6 - roles/matrix/tasks/main.yml | 117 - roles/matrix/templates/apache2-matrix.conf | 3 - roles/matrix/templates/apache2-vhost-ssl.conf | 32 - roles/matrix/templates/backup.sh | 38 - roles/matrix/templates/homeserver.yaml | 131 -- roles/matrix/templates/homeserver.yaml.orig | 2085 ----------------- roles/matrix/templates/server_name.yaml | 3 - roles/matrix/templates/shared_secrets.yaml | 4 - roles/minecraft-forge/defaults/main.yml | 10 - roles/minecraft-forge/files/eula.txt | 2 - roles/minecraft-forge/handlers/main.yml | 8 - roles/minecraft-forge/meta/main.yml | 4 - roles/minecraft-forge/tasks/main.yml | 181 -- roles/minecraft-forge/templates/backup.sh | 38 - roles/minecraft-forge/templates/install.sh | 33 - .../templates/minecraft@.service | 39 - roles/minecraft-forge/templates/recover.sh | 57 - .../templates/server.properties | 38 - roles/minecraft-paper/defaults/main.yml | 26 - roles/minecraft-paper/handlers/main.yml | 9 - roles/minecraft-paper/tasks/main.yml | 60 - roles/minecraft-paper/templates/backup.sh | 28 - roles/minecraft-paper/templates/eula.txt | 2 - roles/minecraft-paper/templates/hourly.sh | 50 - .../minecraft-paper/templates/paper@.service | 39 - .../templates/server.properties | 38 - roles/mysql/meta/main.yml | 2 - roles/mysql/tasks/main.yml | 25 - roles/nextcloud/defaults/main.yml | 3 - roles/nextcloud/meta/main.yml | 4 - roles/nextcloud/tasks/main.yml | 138 -- .../templates/apache2-vhost-ssl.conf | 35 - roles/nextcloud/templates/backup.sh | 61 - roles/phone-common/tasks/main.yml | 21 - roles/pleroma/defaults/main.yml | 6 - roles/pleroma/handlers/main.yml | 8 - roles/pleroma/meta/main.yml | 4 - roles/pleroma/tasks/main.yml | 182 -- .../pleroma/templates/apache2-vhost-ssl.conf | 35 - roles/pleroma/templates/backup.sh | 50 - roles/pleroma/templates/config.exs | 55 - roles/pleroma/templates/pleroma.service | 26 - roles/pleroma/templates/recover.sh | 61 - roles/postfix-ses/handlers/main.yml | 8 - roles/postfix-ses/meta/main.yml | 2 - roles/postfix-ses/tasks/main.yml | 47 - roles/postfix-ses/templates/main.cf | 52 - roles/postfix-ses/templates/sasl_passwd | 1 - roles/postgresql/handlers/main.yml | 8 - roles/postgresql/meta/main.yml | 2 - roles/postgresql/tasks/main.yml | 44 - roles/postgresql/templates/backup.sh | 47 - roles/postgresql/templates/pg_hba.conf | 101 - roles/postgresql/templates/postgresql.conf | 662 ------ roles/pulseaudio/tasks/main.yml | 32 - roles/pulseaudio/templates/pulse-client.conf | 3 - roles/pulseaudio/templates/pulse-daemon.conf | 23 - roles/pulseaudio/templates/pulse-default.pa | 77 - roles/pulseaudio/templates/pulseaudio.service | 23 - roles/redirect/meta/main.yml | 4 - roles/redirect/tasks/main.yml | 21 - .../redirect/templates/apache2-redirect.conf | 22 - roles/redirect/templates/apache2-vhost.conf | 12 - roles/redis/handlers/main.yml | 8 - roles/redis/meta/main.yml | 2 - roles/redis/tasks/main.yml | 30 - roles/redis/templates/redis-tmpfiles.conf | 1 - roles/redis/templates/redis.conf | 1317 ----------- roles/rgb-kraken/tasks/main.yml | 25 - roles/rgb-kraken/templates/rgb-kraken.service | 13 - roles/sourcegame/defaults/main.yml | 2 - roles/sourcegame/handlers/main.yml | 8 - roles/sourcegame/meta/main.yml | 9 - roles/sourcegame/tasks/main.yml | 39 - roles/sourcegame/templates/sourcegame.service | 29 - roles/steamcmd/tasks/main.yml | 34 - roles/steamgame/meta/main.yml | 5 - roles/steamgame/tasks/main.yml | 27 - roles/telegraf/handlers/main.yml | 8 - roles/telegraf/tasks/main.yml | 33 - roles/telegraf/templates/50-ansible.conf | 3 - roles/terraria/defaults/main.yml | 7 - roles/terraria/meta/main.yml | 0 roles/terraria/tasks/main.yml | 126 - roles/terraria/templates/backup.sh | 50 - roles/terraria/templates/config | 13 - roles/terraria/templates/terraria@.service | 33 - roles/tes3mp/defaults/main.yml | 14 - roles/tes3mp/handlers/main.yml | 8 - roles/tes3mp/tasks/main.yml | 76 - roles/tes3mp/templates/backup.sh | 38 - roles/tes3mp/templates/config.lua | 331 --- .../templates/tes3mp-server-default.cfg | 19 - roles/tes3mp/templates/tes3mp@.service | 29 - roles/tmodloader/defaults/main.yml | 7 - roles/tmodloader/meta/main.yml | 0 roles/tmodloader/tasks/main.yml | 128 - roles/tmodloader/templates/backup-nightly.sh | 49 - roles/tmodloader/templates/backup.sh | 54 - roles/tmodloader/templates/config | 13 - .../tmodloader/templates/tmodloader@.service | 33 - site.yml | 30 - 220 files changed, 16451 deletions(-) delete mode 100644 README.md delete mode 100644 ansible-pull.cfg delete mode 100644 ansible.cfg delete mode 100644 inventory/group_vars/all.yml delete mode 100644 inventory/hosts.yml delete mode 100755 localhost-deploy.sh delete mode 100644 playbooks/appservers.yml delete mode 100644 playbooks/dbservers.yml delete mode 100644 playbooks/dns.yml delete mode 100644 playbooks/gameservers.yml delete mode 100644 playbooks/home.yml delete mode 100644 playbooks/phone.yml delete mode 100644 playbooks/webservers.yml delete mode 100755 provision.yml delete mode 100755 reboot.yml delete mode 100644 roles/adam/defaults/main.yml delete mode 100644 roles/adam/tasks/main.yml delete mode 100644 roles/adam/templates/adam@.service delete mode 100644 roles/adam/templates/auth.json delete mode 100644 roles/ansible-pull/defaults/main.yml delete mode 100644 roles/ansible-pull/files/ansiblevaultpass delete mode 100644 roles/ansible-pull/handlers/main.yml delete mode 100644 roles/ansible-pull/meta/main.yml delete mode 100644 roles/ansible-pull/tasks/main.yml delete mode 100644 roles/ansible-pull/templates/ansible-pull.service delete mode 100644 roles/ansible-pull/templates/ansible-pull.timer delete mode 100644 roles/ansible/files/ansiblekey delete mode 100644 roles/ansible/meta/main.yml delete mode 100644 roles/ansible/tasks/main.yml delete mode 100644 roles/apache-php/files/my.cnf delete mode 100644 roles/apache-php/files/php-apache2.ini delete mode 100644 roles/apache-php/files/php-cgi.ini delete mode 100644 roles/apache-php/handlers/main.yml delete mode 100644 roles/apache-php/meta/main.yml delete mode 100644 roles/apache-php/tasks/main.yml delete mode 100644 roles/awscreds/files/awscredentials delete mode 100644 roles/awscreds/meta/main.yml delete mode 100644 roles/awscreds/tasks/main.yml delete mode 100644 roles/base-backups/defaults/main.yml delete mode 100644 roles/base-backups/handlers/main.yml delete mode 100644 roles/base-backups/meta/main.yml delete mode 100644 roles/base-backups/tasks/main.yml delete mode 100644 roles/base-backups/templates/9iron-backup.service delete mode 100644 roles/base-backups/templates/9iron-backup.timer delete mode 100644 roles/base-backups/templates/backup.sh delete mode 100644 roles/base-snmpd/handlers/main.yml delete mode 100644 roles/base-snmpd/tasks/main.yml delete mode 100644 roles/base-snmpd/templates/snmpd.conf delete mode 100644 roles/base-user/defaults/main.yml delete mode 100644 roles/base-user/meta/main.yml delete mode 100644 roles/base-user/tasks/main.yml delete mode 100644 roles/common/files/motd-news delete mode 100644 roles/common/handlers/main.yml delete mode 100644 roles/common/meta/main.yml delete mode 100644 roles/common/tasks/ansibleuser.yml delete mode 100644 roles/common/tasks/main.yml delete mode 100644 roles/common/tasks/packages.yml delete mode 100755 roles/common/templates/50-ansible-motd.sh delete mode 100644 roles/common/templates/90-ansible delete mode 100644 roles/common/templates/hosts delete mode 100644 roles/common/templates/issue delete mode 100644 roles/desktop-common/handlers/main.yml delete mode 100644 roles/desktop-common/meta/main.yml delete mode 100644 roles/desktop-common/tasks/dkms.yml delete mode 100644 roles/desktop-common/tasks/main.yml delete mode 100644 roles/desktop-common/tasks/mopidy.yml delete mode 100644 roles/desktop-common/tasks/packages.yml delete mode 100644 roles/desktop-common/tasks/sshd.yml delete mode 100644 roles/desktop-common/templates/apache2-vhost.conf delete mode 100644 roles/desktop-common/templates/backup.sh delete mode 100644 roles/desktop-common/templates/g810-led.rules delete mode 100644 roles/desktop-common/templates/grubconfig delete mode 100644 roles/desktop-common/templates/mopidy.conf delete mode 100644 roles/desktop-common/templates/nomouseaccel.conf delete mode 100644 roles/desktop-common/templates/sshd_config delete mode 100644 roles/desktop-common/templates/switch-rcm.rules delete mode 100644 roles/desktop-common/templates/touchpad.conf delete mode 100644 roles/desktop-sddm/meta/main.yml delete mode 100644 roles/desktop-sddm/tasks/main.yml delete mode 100644 roles/desktop-sddm/templates/main.conf delete mode 100644 roles/desktop-sddm/templates/theme.conf delete mode 100644 roles/desktop-zerotier/handlers/main.yml delete mode 100644 roles/desktop-zerotier/meta/main.yml delete mode 100644 roles/desktop-zerotier/tasks/main.yml delete mode 100644 roles/desktop-zerotier/templates/zerotier-one.service delete mode 100644 roles/dkms/handlers/main.yml delete mode 100644 roles/dkms/tasks/main.yml delete mode 100644 roles/dokuwiki/defaults/main.yml delete mode 100644 roles/dokuwiki/meta/main.yml delete mode 100644 roles/dokuwiki/tasks/main.yml delete mode 100644 roles/dokuwiki/templates/apache2-vhost-ssl.conf delete mode 100644 roles/dokuwiki/templates/backup.sh delete mode 100644 roles/gitea/defaults/main.yml delete mode 100644 roles/gitea/handlers/main.yml delete mode 100644 roles/gitea/meta/main.yml delete mode 100644 roles/gitea/tasks/add_default_user.yml delete mode 100644 roles/gitea/tasks/main.yml delete mode 100644 roles/gitea/templates/apache2-vhost-ssl.conf delete mode 100644 roles/gitea/templates/app.ini delete mode 100644 roles/gitea/templates/backup.sh delete mode 100644 roles/gitea/templates/gitea.service delete mode 100644 roles/gitweb/meta/main.yml delete mode 100644 roles/gitweb/tasks/main.yml delete mode 100644 roles/gitweb/templates/apache2-vhost-ssl.conf delete mode 100644 roles/grafana/handlers/main.yml delete mode 100644 roles/grafana/meta/main.yml delete mode 100644 roles/grafana/tasks/main.yml delete mode 100644 roles/grafana/templates/apache2-vhost-ssl.conf delete mode 100644 roles/grafana/templates/grafana.ini delete mode 100644 roles/https/meta/main.yml delete mode 100644 roles/https/tasks/main.yml delete mode 100644 roles/https/templates/apache2-vhost.conf delete mode 100644 roles/influxdb/handlers/main.yml delete mode 100644 roles/influxdb/tasks/main.yml delete mode 100644 roles/influxdb/templates/influxdb.conf delete mode 100644 roles/matrix/defaults/main.yml delete mode 100644 roles/matrix/handlers/main.yml delete mode 100644 roles/matrix/meta/main.yml delete mode 100644 roles/matrix/tasks/main.yml delete mode 100644 roles/matrix/templates/apache2-matrix.conf delete mode 100644 roles/matrix/templates/apache2-vhost-ssl.conf delete mode 100644 roles/matrix/templates/backup.sh delete mode 100644 roles/matrix/templates/homeserver.yaml delete mode 100644 roles/matrix/templates/homeserver.yaml.orig delete mode 100644 roles/matrix/templates/server_name.yaml delete mode 100644 roles/matrix/templates/shared_secrets.yaml delete mode 100644 roles/minecraft-forge/defaults/main.yml delete mode 100644 roles/minecraft-forge/files/eula.txt delete mode 100644 roles/minecraft-forge/handlers/main.yml delete mode 100644 roles/minecraft-forge/meta/main.yml delete mode 100644 roles/minecraft-forge/tasks/main.yml delete mode 100644 roles/minecraft-forge/templates/backup.sh delete mode 100644 roles/minecraft-forge/templates/install.sh delete mode 100644 roles/minecraft-forge/templates/minecraft@.service delete mode 100644 roles/minecraft-forge/templates/recover.sh delete mode 100644 roles/minecraft-forge/templates/server.properties delete mode 100644 roles/minecraft-paper/defaults/main.yml delete mode 100644 roles/minecraft-paper/handlers/main.yml delete mode 100644 roles/minecraft-paper/tasks/main.yml delete mode 100644 roles/minecraft-paper/templates/backup.sh delete mode 100644 roles/minecraft-paper/templates/eula.txt delete mode 100644 roles/minecraft-paper/templates/hourly.sh delete mode 100644 roles/minecraft-paper/templates/paper@.service delete mode 100644 roles/minecraft-paper/templates/server.properties delete mode 100644 roles/mysql/meta/main.yml delete mode 100644 roles/mysql/tasks/main.yml delete mode 100644 roles/nextcloud/defaults/main.yml delete mode 100644 roles/nextcloud/meta/main.yml delete mode 100644 roles/nextcloud/tasks/main.yml delete mode 100644 roles/nextcloud/templates/apache2-vhost-ssl.conf delete mode 100644 roles/nextcloud/templates/backup.sh delete mode 100644 roles/phone-common/tasks/main.yml delete mode 100644 roles/pleroma/defaults/main.yml delete mode 100644 roles/pleroma/handlers/main.yml delete mode 100644 roles/pleroma/meta/main.yml delete mode 100644 roles/pleroma/tasks/main.yml delete mode 100644 roles/pleroma/templates/apache2-vhost-ssl.conf delete mode 100644 roles/pleroma/templates/backup.sh delete mode 100644 roles/pleroma/templates/config.exs delete mode 100644 roles/pleroma/templates/pleroma.service delete mode 100644 roles/pleroma/templates/recover.sh delete mode 100644 roles/postfix-ses/handlers/main.yml delete mode 100644 roles/postfix-ses/meta/main.yml delete mode 100644 roles/postfix-ses/tasks/main.yml delete mode 100644 roles/postfix-ses/templates/main.cf delete mode 100644 roles/postfix-ses/templates/sasl_passwd delete mode 100644 roles/postgresql/handlers/main.yml delete mode 100644 roles/postgresql/meta/main.yml delete mode 100644 roles/postgresql/tasks/main.yml delete mode 100644 roles/postgresql/templates/backup.sh delete mode 100644 roles/postgresql/templates/pg_hba.conf delete mode 100644 roles/postgresql/templates/postgresql.conf delete mode 100644 roles/pulseaudio/tasks/main.yml delete mode 100644 roles/pulseaudio/templates/pulse-client.conf delete mode 100644 roles/pulseaudio/templates/pulse-daemon.conf delete mode 100644 roles/pulseaudio/templates/pulse-default.pa delete mode 100644 roles/pulseaudio/templates/pulseaudio.service delete mode 100644 roles/redirect/meta/main.yml delete mode 100644 roles/redirect/tasks/main.yml delete mode 100644 roles/redirect/templates/apache2-redirect.conf delete mode 100644 roles/redirect/templates/apache2-vhost.conf delete mode 100644 roles/redis/handlers/main.yml delete mode 100644 roles/redis/meta/main.yml delete mode 100644 roles/redis/tasks/main.yml delete mode 100644 roles/redis/templates/redis-tmpfiles.conf delete mode 100644 roles/redis/templates/redis.conf delete mode 100644 roles/rgb-kraken/tasks/main.yml delete mode 100644 roles/rgb-kraken/templates/rgb-kraken.service delete mode 100644 roles/sourcegame/defaults/main.yml delete mode 100644 roles/sourcegame/handlers/main.yml delete mode 100644 roles/sourcegame/meta/main.yml delete mode 100644 roles/sourcegame/tasks/main.yml delete mode 100644 roles/sourcegame/templates/sourcegame.service delete mode 100644 roles/steamcmd/tasks/main.yml delete mode 100644 roles/steamgame/meta/main.yml delete mode 100644 roles/steamgame/tasks/main.yml delete mode 100644 roles/telegraf/handlers/main.yml delete mode 100644 roles/telegraf/tasks/main.yml delete mode 100644 roles/telegraf/templates/50-ansible.conf delete mode 100644 roles/terraria/defaults/main.yml delete mode 100644 roles/terraria/meta/main.yml delete mode 100644 roles/terraria/tasks/main.yml delete mode 100644 roles/terraria/templates/backup.sh delete mode 100644 roles/terraria/templates/config delete mode 100644 roles/terraria/templates/terraria@.service delete mode 100644 roles/tes3mp/defaults/main.yml delete mode 100644 roles/tes3mp/handlers/main.yml delete mode 100644 roles/tes3mp/tasks/main.yml delete mode 100644 roles/tes3mp/templates/backup.sh delete mode 100644 roles/tes3mp/templates/config.lua delete mode 100755 roles/tes3mp/templates/tes3mp-server-default.cfg delete mode 100644 roles/tes3mp/templates/tes3mp@.service delete mode 100644 roles/tmodloader/defaults/main.yml delete mode 100644 roles/tmodloader/meta/main.yml delete mode 100644 roles/tmodloader/tasks/main.yml delete mode 100644 roles/tmodloader/templates/backup-nightly.sh delete mode 100644 roles/tmodloader/templates/backup.sh delete mode 100644 roles/tmodloader/templates/config delete mode 100644 roles/tmodloader/templates/tmodloader@.service delete mode 100755 site.yml diff --git a/README.md b/README.md deleted file mode 100644 index 577811e..0000000 --- a/README.md +++ /dev/null @@ -1,29 +0,0 @@ -# Salt's Ansible Repo - -A collection of Ansible configuration to manage all of my machines. - -## Quickstart - -To quickly get a machine up and running, add it to the inventory and `./provision.yml` it. This ensures a basic, sane running environment from which you can do tuning. Ideally, though, you should have roles. - -## Overview - -The main playbook, `site.yml`, can be separated into more or less two parts: - -* The home machine half, tied together via Zerotier - -* The 9iron half, with public IPs and resolvable names - -See `inventory/hosts.yml` for details on what machines have what roles and what configuration. I try my best to make self-explaning configuration, so everything should mostly make sense on a first read. If you have any questions, hit me up. - -## Style Guide - -* Quote strings when required, quote entire strings if they contain Jinja markup, not just the marked up section (yes I know I violate this in several places) - -* Use `yes` and `no` for booleans - -* Use short form for simple tasks (still working on fixing that up) - -## Your Shit is Trash - -I know. Please file an issue. diff --git a/ansible-pull.cfg b/ansible-pull.cfg deleted file mode 100644 index 74beb5d..0000000 --- a/ansible-pull.cfg +++ /dev/null @@ -1,12 +0,0 @@ -[defaults] -gathering = smart -interpreter_python = python3 -inventory = inventory -roles_path = roles -# Secrets -ask_become_pass = false -ask_vault_pass = false -# Warnings -command_warnings = true -#deprecation_warnings = false -system_warnings = true diff --git a/ansible.cfg b/ansible.cfg deleted file mode 100644 index 6ca5029..0000000 --- a/ansible.cfg +++ /dev/null @@ -1,19 +0,0 @@ -[defaults] -gathering = smart -interpreter_python = python3 -inventory = inventory -roles_path = roles -# Connection info -private_key_file = ~/.ssh/ansible -host_key_checking = false -# Secrets -ask_become_pass = true -ask_vault_pass = true -# Warnings -command_warnings = true -#deprecation_warnings = false -system_warnings = true - -[ssh_connection] -pipelining = true -ssh_extra_args =-o ForwardAgent=yes -o StrictHostKeyChecking=no diff --git a/inventory/group_vars/all.yml b/inventory/group_vars/all.yml deleted file mode 100644 index 3bdb9cf..0000000 --- a/inventory/group_vars/all.yml +++ /dev/null @@ -1,207 +0,0 @@ -#!/usr/bin/ansible-playbook -# vim:ft=ansible: - -## BACKEND -# ACME -acme: - #directory: "https://acme-staging-v02.api.letsencrypt.org/directory" # Testing ACME endpoint - directory: "https://acme-v02.api.letsencrypt.org/directory" - version: 2 - webroot: /var/www/acme -aws: - # S3 Backups - backup_bucket: "9iron-backups-general" - # SES - ses: - user: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 33643766376336316266373239386466373639633765333332353031373132383061346564633036 - 3337396261333264363562363364336235633831353133380a613164666161313265396261616634 - 38353531306238613735623433663138643231663139363735373537393337636362636534656166 - 3063373930343039320a663063663535633932323739653461336164643035633036663362666161 - 38316564326537303236333266303432326164393435663665363963326363306237 - pass: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 39306665653635383832623438656364616633643032663365643033316236333939363732363034 - 3566663361653862646636396339343963626561613839620a663731313337613734356261326437 - 31653763346663656165343632336366343562333836396232636431323635333965336137316237 - 3662393364636631310a643935313539353338333233356362623835363631383035666536343634 - 65663937643165613337373837633737653765303764303536386530616363343361326536633935 - 3565626161343562396663353538653136376138373334336435 -# MySQL -mysql: - root_password: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 62316565376333396465333931356163343363663063636233653536373033396230626639613964 - 3037613839373833646234626236643430393364643131610a333539373533663434373935376130 - 65323365313465316635646465376665616132653832316362363535366563363863636530313666 - 3036393134386131310a643734363261633166636263343538313533393738323934303137343163 - 39636637643035616236663364663562366133613233313139623937313531343564 -# PSQL -psql: - ansible: - user: ansible - pass: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 30383235373131383466383438653235666365386631356463633265623332643337633830663930 - 3639313565613138373165636264343030323961646539390a356134383764326631326635636139 - 63626263373063343036373266326235363839316662363031356264363365633161326264643766 - 3734386366633861640a643335636330323432626437646337353534653832383337396432636264 - 61356331646133653363353931306630373963316430626266346630646362666237 - neighbor_block: "172.31.0.0/16" - -## WEBAPPS -# Gitea -gitea: - db: - hostname: 172.31.47.215 - pass: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 62353264353465316661353738666161313036373761666163663733656461316536636334386335 - 6161386630663739363439383237343065333239613134610a383036373735326536386464343164 - 31346337636665356630336234306534646362386663633734353166373761316139313734306630 - 3364306566323666310a323034303434613237643665643637633430353437316339356463646331 - 33353062343164396465326365653561626363343961326363633231303736316436643935646161 - 3933353234613430373930663832643934613233383635613433 - app_name: "9iron Gitea" - disable_registration: "false" - url: "git.9iron.club" - root: "/var/gitea" - efs: - name: "9iron-gitea" - region: "us-east-2" - subnet_id: "subnet-852935ed" - security_group: "sg-4f4b692c" - admin: - user: "salt" - email: "rehashedsalt@cock.li" - pass: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 35613039646236306236363930353231303331633765303039373736626666666530323433356466 - 3062633166313332643039613561303431613735396339650a376664373137643439303465376365 - 35313266376539366134343562626164616666306338343538663361393964626565303331383234 - 3565646664333966650a323530356664366262653763363439613534303764366436376634373639 - 62303264653836656162366362316461656363353539343632616462626231643632 -# Grafana -grafana: - db: - hostname: 172.31.47.215 - pass: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 65376335363732633132326630323161393861323833323631613630343262383137656138356262 - 3730386139393739373738626535376636666135646463350a623331333032346434343465666234 - 38393539623437376133363063633238383031326431653737346564323837343265653431633962 - 6665346237666165330a643635653863356633623535383063366632336437313730626233346664 - 33303465616532313339393634386166363162393661393037323835323035386663 - url: "monitor.9iron.club" - webroot: "/var/www/grafana" - config_repo: "https://git.9iron.club/salt/grafana" -# Matrix -matrix: - server_name: "9iron.club" - url: "matrix.9iron.club" - enable_registration: "true" - admin_contact: "mailto:rehashedsalt@cock.li" - db_password: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 64663061333130386634323631353435376330636334623334663365633361336563393634333061 - 6531393839336532376465356132646337663339333431340a383030373166653835386239643365 - 31356462653634323162343164633130366664323034373330613764663635326534303935303230 - 6233636463636134640a386436316462643434343739333232613264303635323261616634326562 - 63316265366238383038653034326661633163346462396663346563666134393232 -# Nextcloud -nextcloud: - db: - hostname: 172.31.47.215 - pass: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 37633035633563646266346264333636393931323664313166633133653461646333643731636661 - 3966666665396239346662613764353333393038663762340a313236396331623061376462356437 - 66373234633939393034353439393465663131303661393164303335336435653734613064663964 - 3332313764623133630a393731613236373837316437653265636663666261383135636662373566 - 61373135303632336237333836353764646639633735323566346366623766646266 - efs: - name: "9iron-nextcloud" - region: "us-east-2" - subnet_id: "subnet-852935ed" - security_group: "sg-4f4b692c" - url: "nc.9iron.club" -# Pleroma -pleroma: - instance: - name: Cowfee - desc: owo - email: rehashedsalt@cock.li - notify_email: noreply@cowfee.moe - openreg: "true" - static_repo: "https://git.9iron.club/salt/pleroma" - db: - pass: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 34343838386134656236313462653531663839363030333630383332386535356431326436633137 - 3261323632653635383930333131333235373437653733300a363562666264616138623832666137 - 61333039646332343838346633363035343434303036643465353062353062303961383138643564 - 3338393765393733340a626436653666363236643938613466643530326665653764333933393437 - 37613033653864643965323162373366306233626235663461326266376662663634353066386139 - 37636162313364623933396232366239633338363539626637373163333130373665373038363566 - 65646633636638653335356536323334646632366164633532636634376632356166306139393766 - 38633934623639366263 - secret: - key_base: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 36333934336635613533333137636532363937613764353933636566663031316262333837323064 - 6534653062626461633462636335346132353564653038330a326330326235623530393337333063 - 37666666386637633839633737376465366439356461653363396665636137353264363762346461 - 3765616634653234630a623061393834373964653939626564363263383435666366356339663136 - 64613330656434653538363734393831353133316666326338366335383064356165333537383837 - 31633939353565303661626233623064653838636435376239376361663362636164653962383561 - 33366335623038653232613731333730363836653532363834663663343963303763323534343038 - 61666238346239636634 - signing_salt: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 31306137646362333433313630363538333234643339353530333038393061663132633161356231 - 3662386234633933633762363334333031306564353132380a633339323364633137396636616363 - 64393536353362386336323662316262333763326138616364333237353262323232636335353436 - 3563396435643363620a646337346561393863366361643536356363626334343264343861663131 - 3466 -# snmpd -snmp: - location: "us-east-2" - contact: "Salt " - auth_user_pass: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 36373662333533616331623933343364663532326261653636363732323138633836356633623934 - 6561333833343432353561366438313165383163366131630a653163666463356462633966666330 - 38323965303639356635613565633030373836643132336332373730303137376165616163646538 - 3162616233366236350a626130643230323264343938373134653034636232303130623134393531 - 61366330316330646137336161623166343835316432363433373333323232383166 - priv_user_pass: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 61316538316630333662633665646364356138613730633334653761626636633836363335383965 - 6332303265323236383130383366336662626331613866340a636139366135313134303538613833 - 61383662306163663634333538343733663836633834373462616265366365626533366334383031 - 6265643764656461320a313137326430386532653538346462323463386538303966303830343037 - 63333632656534333334383666666138353435383938623934663766623735656533 - int_user_pass: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 31616561323762653439346630653231646137626638383930346437323139666163316131333534 - 6463313537316230363735346236323033386562373032330a326261393039663539353738643465 - 36666136663930663463373731663534316232643637623732346331383737643233626235613439 - 3733366462613133620a386336303434303130313636356339633939623638366236346234376566 - 65386530663137393830636134653632623366333837616364396161666464613166 - -## VIDYA -# tes3mp -tes3mp: - archive: "https://github.com/TES3MP/openmw-tes3mp/releases/download/0.7.0-alpha/tes3mp-server-GNU+Linux-x86_64-release-0.7.0-alpha-abc4090a0f-01d297f5c6.tar.gz" - name: "main" - dest: /opt/tes3mp - server: - name: "9iron TES3MP" - maxplayers: 8 - password: dicks - port: 25565 - master: - enabled: "true" - host: master.tes3mp.com - port: 25561 diff --git a/inventory/hosts.yml b/inventory/hosts.yml deleted file mode 100644 index 431e399..0000000 --- a/inventory/hosts.yml +++ /dev/null @@ -1,73 +0,0 @@ -#!/usr/bin/ansible-playbook -# vim:ft=ansible: -all: - vars: - ansible_pull_repo: "https://git.9iron.club/salt/ansible" - ansible_user: ubuntu - gitea_api_token: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 39646564383934343237626436363261643265663339616566353563613266396536373164646235 - 3630333032613536373532616363333464653138656164390a386565316164386263363935663264 - 62613737336539653835356634313636643732396330313863393861373664353966363437373338 - 6565336264613334650a613063393662643237333864316332613131386233396562333063646263 - 63636238356266363065656462626536346634646365363135643538316136346566306131626161 - 3166653266383332343332366530343532396435353134373939 - ssl_protocol: "all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1" - ssl_cipher_suite: "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256" - user_username: salt - user_password: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 37666131343936663962386535343939373161343337383436613961303637376136633736353533 - 3366623536646563383563373265313134663464396231370a303033353661336436386561366139 - 30393536393634653566646636366436656435623534626266343632313336336336346131383361 - 3366343932383930350a383637646261373135376138633533306530306339316235353262356135 - 34626466363266616265653064333365663663306330666632343864373335626265323230633331 - 33623431633665353964623437636231623366383733626266353162633762373035376638663936 - 62383065653836366431316461663862393130653761643937376565366435646665313961663534 - 64303363653631653433343361616635373966326433663466636164613062343561333036613937 - 35616666633737356331653632323639373330396433366639326466373639313630 - children: - # Personal home machines - home: - vars: - ansible_user: ansible - ansible_pull_time: "*-*-* 03:00:00" - aws: - backup_bucket: 9iron-backups-home - zerotier_network_id: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 35646131343239623265663562343333383362366633386462646465643163353866643633636135 - 6238643231313536323337343663313865323430323437630a353462393830376431376363373232 - 30656433343263653035333637336165323931363966376264353164326135336131646362623734 - 3339633961393864330a616437613534643231366634643362383438316233376334636264303361 - 65313231393433396538663463383731303661633663343066333264303330313133 - hosts: - dsk-cstm-0: - ansible_host: 172.23.100.1 - lap-s76-lemp9-0: - ansible_host: 172.23.100.3 - thefuck: - vars: - ansible_user: root - hosts: - game1.thefuck.how: - 9iron: - children: - dbservers: - vars: - hosts: - psql1.9iron.club: - webservers: - hosts: - web1.9iron.club: - fedi1.9iron.club: - gameservers: - vars: - steam_api_key: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 39616163316634306633623435636633623966306537636639316439343839393231376661666335 - 6136333866633861313566306433393637613364386234360a303832626338373230396665336430 - 33346530626633616161613635656433356434366437383363663165303862316163323263323230 - 3334373531646364620a386165626130386265343235363639346230323930626330343235373662 - 38313431663734343931333462316633643935353038313934663466303834636533616165353961 - 6438356265656532396363323532616437353831613261323037 diff --git a/localhost-deploy.sh b/localhost-deploy.sh deleted file mode 100755 index 312a88a..0000000 --- a/localhost-deploy.sh +++ /dev/null @@ -1,25 +0,0 @@ -#! /bin/bash -# -# localhost-deploy.sh -# Deploys configs for local machine and only local machine -# Copyright (C) 2020 Vintage Salt -# -# Distributed under terms of the MIT license. -# -set -e -if ! command -v ansible > /dev/null 2>&1; then - printf "Installing Ansible and related packages\n" - if command -v apt > /dev/null 2>&1; then - printf "Installing via APT\n" - sudo apt-get install libffi-dev python3-pip python3-setuptools -y - elif command -v apk > /dev/null 2>&1; then - printf "Installing via APK\n" - sudo apk add gcc musl-dev py3-cryptography py3-pip py3-setuptools - else - printf "No supported package manager found\nPlease install Ansible manually" - exit 1 - fi - sudo pip3 install ansible -fi -ansible-playbook site.yml -l "$HOSTNAME" -e "ansible_user=$USER ansible_connection=local ansible_host=localhost" --ask-become-pass --ask-vault-pass "$@" - diff --git a/playbooks/appservers.yml b/playbooks/appservers.yml deleted file mode 100644 index a8787ad..0000000 --- a/playbooks/appservers.yml +++ /dev/null @@ -1,42 +0,0 @@ -#!/usr/bin/env ansible-playbook -# vim:ft=ansible: ---- -- hosts: fedi1.9iron.club - pre_tasks: - - name: Assure cowfee record - route53: - state: present - overwrite: yes - zone: cowfee.moe - type: A - record: "cowfee.moe." - ttl: 3600 - value: [ "{{ ipify_public_ip }}" ] - wait: yes - become: yes - tags: [ common, dns ] - roles: - - role: base-backups - tags: [ backups ] - - role: matrix - vars: - matrix_db_hostname: 172.31.47.215 - tags: [ fedi, matrix ] - - role: pleroma - vars: - pleroma_url: cowfee.moe - pleroma_db_hostname: 172.31.47.215 - tags: [ web, pleroma ] - - role: adam - vars: - adam_name: lain - adam_auth_token: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 33346238356561313736653431666439363835663134303339366536663964333138666530343166 - 6132353938663563316265346630613231616362643937380a616132386464653438343739613937 - 32626230326430396563316363613139306535663832336531636239633364383432373739646436 - 3338376362313539360a383763313439633331313531323232653866633065333933633061326465 - 64343165613961346362353162316530623132633164643461616633633335666232633833313561 - 33306532343963383331623663616161626533633261383238646164663362396261633736636362 - 373764613833343634346333613639626535 - tags: [ discord, adam ] diff --git a/playbooks/dbservers.yml b/playbooks/dbservers.yml deleted file mode 100644 index 734fb3b..0000000 --- a/playbooks/dbservers.yml +++ /dev/null @@ -1,8 +0,0 @@ -#!/usr/bin/ansible-playbook -# vim:ft=ansible: -- hosts: psql1.9iron.club - roles: - - role: base-backups - tags: [ backups ] - - role: postgresql - tags: [ db, psql ] diff --git a/playbooks/dns.yml b/playbooks/dns.yml deleted file mode 100644 index ce142d3..0000000 --- a/playbooks/dns.yml +++ /dev/null @@ -1,17 +0,0 @@ -#!/usr/bin/ansible-playbook -# vim:ft=ansible: - -- hosts: 9iron - tasks: - - name: Add machine to DNS zone - route53: - state: present - overwrite: yes - zone: 9iron.club - type: A - record: "{{ inventory_hostname }}." - ttl: 3600 - value: [ "{{ ipify_public_ip }}" ] - wait: yes - become: yes - tags: [ common, dns ] diff --git a/playbooks/gameservers.yml b/playbooks/gameservers.yml deleted file mode 100644 index 6d029e1..0000000 --- a/playbooks/gameservers.yml +++ /dev/null @@ -1,25 +0,0 @@ -#!/usr/bin/env ansible-playbook -# vim:ft=ansible: ---- -- hosts: gameservers - roles: - - role: base-backups - tags: [ backups ] -- hosts: game1.thefuck.how - roles: - - role: base-backups - tags: [ backups ] - - role: gitweb - vars: - gitweb_repo: "https://git.9iron.club/salt/thefuck.how" - gitweb_url: "thefuck.how" - gitweb_webroot: "/var/www/thefuck.how" - tags: [ web, webroot ] - - role: minecraft-paper - vars: - paper_name: "thefuckhow" - paper_mc_maxplayers: 16 - paper_mc_motd: "Brett's new serber" - paper_jre_xms: 1024m - paper_jre_xmx: 2048m - tags: [ gameserver, minecraft, paper ] diff --git a/playbooks/home.yml b/playbooks/home.yml deleted file mode 100644 index 8501376..0000000 --- a/playbooks/home.yml +++ /dev/null @@ -1,52 +0,0 @@ -#!/usr/bin/env ansible-playbook -# vim:ft=ansible: ---- -- hosts: home - roles: - - role: base-backups - tags: [ backups ] - - role: desktop-zerotier - tags: [ zerotier ] - - role: desktop-common - vars: - mopidy_spotify_username: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 62383664346563343663636261386261383865393535646465386435663535653036636665393133 - 3732653236663632633863346463346164663938396137370a326535633966343430633464653437 - 36646134393764313338323235356634353433623731336231626238653064633332306533343966 - 3362303836363065610a383362313738346534313435393537343931383465623466336632323632 - 65656663316561333462303761613963383236363532383866313038633232373132 - mopidy_spotify_password: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 33303165663833663839323230643036363962393164373638333334643663626235353936343861 - 3834633461343533353366373330323264393361323433330a623837613037346633633065613761 - 63303234323734623938373134333932343965336665323939306336323836613130343866343838 - 3633383138646233330a366634303739643237333331613436623737663463316133666230366165 - 36306233336134636532383232303035343533373262373431353966656561633336 - mopidy_spotify_client_id: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 32366664323864383162663963343438643930356531653064393135383364623162626533613433 - 6462633637396265373238383461623665393730396139320a626537353761323132386131616338 - 62323033666231326363616363343530333239303638626137613237393135613961613362313662 - 6233336234306466640a383834353935636138323837343765373966353365323634343439663435 - 39646138616533656361653765633161616238633335306363383030383832636330356162616264 - 3739646162313739646538306137623231313037386239343563 - mopidy_spotify_client_secret: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 34666538353333303865623932653237313465653363356665333336343832356530666666343266 - 6637653137643431346562333465323862356465303766630a336531653033393133396238326134 - 32393033643261373764663963353130626331646266363430353536326135663239363539613530 - 6265366565363862610a366561373362656637623863336665336562323838643665323461653937 - 38306234316364306134396138376230626630633733306432626637616239373838646433343761 - 3436643661633766616564663937346232353666386531363438 - tags: [ desktop ] - - role: pulseaudio - tags: [ pulse, pulseaudio ] - - role: desktop-sddm - vars: - sddm_theme_name: "breeze" - tags: [ sddm, desktop ] -- hosts: dsk-cstm-0 - roles: - - role: rgb-kraken - tags: [ desktop, kraken, rgb ] diff --git a/playbooks/phone.yml b/playbooks/phone.yml deleted file mode 100644 index 51ae442..0000000 --- a/playbooks/phone.yml +++ /dev/null @@ -1,11 +0,0 @@ -#!/usr/bin/ansible-playbook -# vim:ft=ansible: ---- -- hosts: phone - roles: - - role: base-backups - tags: [ backups ] - - role: desktop-zerotier - tags: [ zerotier ] - - role: phone-common - tags: [ phone, common ] diff --git a/playbooks/webservers.yml b/playbooks/webservers.yml deleted file mode 100644 index 1f02d1c..0000000 --- a/playbooks/webservers.yml +++ /dev/null @@ -1,47 +0,0 @@ -#!/usr/bin/env ansible-playbook -# vim:ft=ansible: ---- -- hosts: web1.9iron.club - roles: - - role: base-backups - tags: [ backups ] - - role: gitea - tags: [ web, gitea ] - - role: grafana - tags: [ web, grafana ] - - role: nextcloud - tags: [ web, nextcloud ] - - role: redirect - vars: - redirect_from: "9iron.club" - redirect_to: "www.9iron.club" - redirect_webroot: "/var/www/redirect" - tags: [ web, redirect, 9i ] - - role: gitweb - vars: - gitweb_repo: "https://git.9iron.club/salt/www2" - gitweb_url: "www.9iron.club" - gitweb_webroot: "/var/www/www" - tags: [ web, webroot, 9i ] -- hosts: web1.9iron.club - roles: - - role: redirect - vars: - redirect_from: "otwstudios.org" - redirect_to: "www.otwstudios.org" - redirect_webroot: "/var/www/redirect" - tags: [ web, redirect, otw ] - - role: gitweb - vars: - gitweb_repo: "https://git.9iron.club/KidiroInfiniti/OTW_Site" - gitweb_url: "www.otwstudios.org" - gitweb_webroot: "/var/www/otwstudios.org" - tags: [ web, webroot, otw ] -- hosts: web1.9iron.club - roles: - - role: gitweb - vars: - gitweb_repo: "https://git.9iron.club/salt/desultd" - gitweb_url: "desu.ltd" - gitweb_webroot: "/var/www/desultd" - tags: [ web, webroot, desu ] diff --git a/provision.yml b/provision.yml deleted file mode 100755 index d98a4d4..0000000 --- a/provision.yml +++ /dev/null @@ -1,9 +0,0 @@ -#!/usr/bin/env ansible-playbook -# vim:ft=ansible: ---- -- hosts: all - roles: - - role: common - tags: [ common ] - - role: ansible-pull - tags: [ ansible, common ] diff --git a/reboot.yml b/reboot.yml deleted file mode 100755 index bd3ec95..0000000 --- a/reboot.yml +++ /dev/null @@ -1,15 +0,0 @@ -#!/usr/bin/env ansible-playbook -# vim:ft=ansible: ---- -- hosts: dbservers,webservers,gameservers - serial: 1 - tasks: - - name: Check for reboot-required - stat: - path: "/var/run/reboot-required" - register: s - - name: Reboot - reboot: - reboot_timeout: 300 - when: s.stat.exists - become: yes diff --git a/roles/adam/defaults/main.yml b/roles/adam/defaults/main.yml deleted file mode 100644 index 5786850..0000000 --- a/roles/adam/defaults/main.yml +++ /dev/null @@ -1,4 +0,0 @@ -#!/usr/bin/ansible-playbook -# vim:ft=ansible: -adam_name: adam -adam_repo: "https://git.9iron.club/salt/adam" diff --git a/roles/adam/tasks/main.yml b/roles/adam/tasks/main.yml deleted file mode 100644 index 9d692aa..0000000 --- a/roles/adam/tasks/main.yml +++ /dev/null @@ -1,60 +0,0 @@ -#!/usr/bin/ansible-playbook -# vim:ft=ansible: -- name: Set up Adam - block: - - name: Install required packages - apt: - name: - - libopus0 - - nodejs - - npm - - name: Install packages without recommends - apt: - install_recommends: no - name: - - ffmpeg - - name: Create Adam user - user: - name: discord-adam - - name: Assure data directory - file: - path: "/var/adam" - state: directory - # Sticky, SetGID - mode: 3775 - owner: root - group: discord-adam - - name: Set up bot root - block: - - name: Create specific data directory - file: - path: "/var/adam/{{ adam_name }}" - state: directory - mode: 0755 - - name: Clone bot repo - git: - repo: "{{ adam_repo }}" - dest: "/var/adam/{{ adam_name }}" - - name: Initialize NPM modules - npm: - path: "/var/adam/{{ adam_name }}" - - name: Template out authentication token - template: - src: "auth.json" - dest: "/var/adam/{{ adam_name }}/auth.json" - mode: "0600" - become: yes - become_user: discord-adam - - name: Set up system configuration - block: - - name: Template out service - template: - src: "adam@.service" - dest: "/etc/systemd/system/adam@.service" - - name: Start and enable service - systemd: - daemon_reload: yes - name: "adam@{{ adam_name }}.service" - enabled: yes - state: started - become: yes diff --git a/roles/adam/templates/adam@.service b/roles/adam/templates/adam@.service deleted file mode 100644 index d48ad3d..0000000 --- a/roles/adam/templates/adam@.service +++ /dev/null @@ -1,29 +0,0 @@ -# -# Licensed under the terms of the MIT license -# vim:ft=dosini: -# - -[Unit] -Description=Adam Bot %i -After=network.target - -[Service] -User=discord-adam -Group=discord-adam -WorkingDirectory=/var/adam/%i -PrivateUsers=true -ProtectSystem=full -ProtectHome=true -# Implies MountFlags=slave -ProtectKernelTunables=true -# Implies NoNewPrivileges=yes -ProtectKernelModules=true -# Implies MountAPIVFS=yes -ProtectControlGroups=true - -ExecStart=/usr/bin/node index.js - -Restart=always - -[Install] -WantedBy=multi-user.target diff --git a/roles/adam/templates/auth.json b/roles/adam/templates/auth.json deleted file mode 100644 index bdc2868..0000000 --- a/roles/adam/templates/auth.json +++ /dev/null @@ -1,3 +0,0 @@ -{ - "token": "{{ adam_auth_token }}" -} diff --git a/roles/ansible-pull/defaults/main.yml b/roles/ansible-pull/defaults/main.yml deleted file mode 100644 index 82a248d..0000000 --- a/roles/ansible-pull/defaults/main.yml +++ /dev/null @@ -1,5 +0,0 @@ -# vim:ft=ansible: -ansible_pull_boot_delay: "15min" -# Use `systemd-analyze calendar` for testing -ansible_pull_time: "*-*-* 01:00:00" -ansible_pull_playbook: "site.yml" diff --git a/roles/ansible-pull/files/ansiblevaultpass b/roles/ansible-pull/files/ansiblevaultpass deleted file mode 100644 index 0131d94..0000000 --- a/roles/ansible-pull/files/ansiblevaultpass +++ /dev/null @@ -1,6 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -31383561303637303735386663306631333063623336643030643634333262336664363461613239 -6230623439393465656161663432393732633662383833640a373433343236353835363130653937 -31346233663237383666306536633962613534623735366531666561656335393964316230633161 -3930636537313364380a376432363431346636363565383734613638316161643036623636656532 -66333038393738663464343534633766643734393165626538633962376161376262 diff --git a/roles/ansible-pull/handlers/main.yml b/roles/ansible-pull/handlers/main.yml deleted file mode 100644 index 7a95227..0000000 --- a/roles/ansible-pull/handlers/main.yml +++ /dev/null @@ -1,10 +0,0 @@ -#!/usr/bin/ansible-playbook -# vim:ft=ansible: ---- -- name: restart ansiblepull timer - systemd: - daemon_reload: yes - name: ansible-pull.timer - enabled: yes - state: restarted - become: yes diff --git a/roles/ansible-pull/meta/main.yml b/roles/ansible-pull/meta/main.yml deleted file mode 100644 index 1c855bb..0000000 --- a/roles/ansible-pull/meta/main.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -allow_duplicates: no -dependencies: - - role: ansible diff --git a/roles/ansible-pull/tasks/main.yml b/roles/ansible-pull/tasks/main.yml deleted file mode 100644 index 371002d..0000000 --- a/roles/ansible-pull/tasks/main.yml +++ /dev/null @@ -1,32 +0,0 @@ -#!/usr/bin/ansible-playbook -# vim:ft=ansible: ---- -- name: Set up ansible-pull - block: - - name: Copy Ansible password file - copy: - src: ansiblevaultpass - dest: ~/ansiblevaultpass - mode: "0600" - become: yes - become_user: ansible - - name: Configure systemd unit - block: - - name: Template out services - template: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - mode: "{{ item.mode }}" - loop: - - { src: "ansible-pull.service", dest: "/etc/systemd/system/ansible-pull.service", mode: "0644" } - - { src: "ansible-pull.timer", dest: "/etc/systemd/system/ansible-pull.timer", mode: "0644" } - notify: restart ansiblepull timer - - name: Enable timer - systemd: - daemon_reload: yes - name: ansible-pull.timer - enabled: yes - state: started - notify: restart ansiblepull timer - when: ansible_service_mgr == "systemd" - become: yes diff --git a/roles/ansible-pull/templates/ansible-pull.service b/roles/ansible-pull/templates/ansible-pull.service deleted file mode 100644 index 92e9928..0000000 --- a/roles/ansible-pull/templates/ansible-pull.service +++ /dev/null @@ -1,16 +0,0 @@ -# vim:ft=dosini: -[Unit] -Description=Ansible pull service -StartLimitIntervalSec=3600 -StartLimitBurst=5 - -[Service] -User=ansible -Group=ansible -Environment=ANSIBLE_CONFIG=~/ansible-pull-repo/ansible-pull.cfg -ExecStart=/usr/local/bin/ansible-pull --accept-host-key -U "{{ ansible_pull_repo }}" -d "~/ansible-pull-repo" --vault-password-file "~/ansiblevaultpass" "{{ ansible_pull_playbook }}" -Restart=on-failure -RestartSec=90 - -[Install] -WantedBy=multi-user.target diff --git a/roles/ansible-pull/templates/ansible-pull.timer b/roles/ansible-pull/templates/ansible-pull.timer deleted file mode 100644 index ea34077..0000000 --- a/roles/ansible-pull/templates/ansible-pull.timer +++ /dev/null @@ -1,11 +0,0 @@ -# vim:ft=dosini: -[Unit] -Description=Ansible pull timer - -[Timer] -Persistent=true -OnBootSec={{ ansible_pull_boot_delay }} -OnCalendar={{ ansible_pull_time }} - -[Install] -WantedBy=timers.target diff --git a/roles/ansible/files/ansiblekey b/roles/ansible/files/ansiblekey deleted file mode 100644 index 0260268..0000000 --- a/roles/ansible/files/ansiblekey +++ /dev/null @@ -1,135 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -38366663623636336331373931396632616133633538633562353430656338666162393164346436 -3939356235343431326165373231313930386639333466330a613864636237373735306636383631 -66363165343164616333636336393561313633613130656664323663356162636265373639336665 -3564333732373634370a656231613835663436326633346263316630346461316566363462666132 -39346632316563333633363061336534356336363534613837386332393166383565336635633763 -30336139326361313763303739393265316535643238663736646361656639373461396433396665 -63363237303933373265613336616335343038326561346362323636333333313235366361653463 -39386137356632373032343762303538656130366430643030383234343663366666373162393063 -32656366313631613235643061366639323930363766363137393737646666383839336264373831 -64316164613332353430373933633939373933303461663832333663313561643462666234633461 -31653039323430613731656538343831376632376634336436643461643063643138396131316134 -66373035326333613035643833363836613437376265373135326362323062633936323435383630 -39646433356161663831356265346261363137666634646331306130306232343638346264303631 -32303737643632393937363738623865303735633535316162366464393163653834386432663261 -64303339343335666532663434353234353066663632633730373530313637666532363863313963 -31326662633639376462303466646536323965643739636438613132333738373430363534396361 -37616566303633663362326436666636343762653531313435356163636133643430393139623938 -38643839373365313966636466393039626139366665346664643930353630613236303761306331 -34656137643764633132643830666638333938316530613236643232633830643337623432656134 -66636138326230623336653938323934316339393531393163343637386236613334636362613265 -30386638636662393431363134353165613965306364373061613634303132336336396265323565 -34303231356664376464363533626263626130653565653032656264616236656161343039333461 -32303736383365346138313864633966623963633635313161623565363664303562316338366161 -61386133663265316464646637336239396339386561306632313235363136316430636635626432 -36333432623564376134343965653138353331663632346262396432356637623738323333366633 -35396630386536653232396439663135343934653835643962353039323664383432326463323735 -38643235643633316338396364393730333235316139353535643534303863356365353630653239 -30306437383336303530316232666161646363646436666335613763306534356432663933323663 -63633838633139373336376633643363393730313531353766656139326634613366356666623236 -38353562653065386662656632373332653162383165666131386132613962643635663864656433 -63343837363831396166616162353935383935653732346139366637306436386532646330343332 -39666431616662393036616134666436393366303365336162646539656138636166656633313533 -39626162346263306235346662343432396635636238383032623066343165366166656537613535 -63383232303831323064636662366264663666353337373065326561343661396632353532346564 -63616333363962366364373038336261613833623561636437343564656630663032313562386436 -62656163636638323764313239336435383930303735623035313136326130373432376139623736 -65613430353265356233373866653236633832373231333434643238326430356666626461663435 -65623964313837353665373739613230633932653837643532623463366535323565636562356436 -61616236366564323765653165323132326238633365353365333366363864636265656437373537 -62356134343366373335393833666531366462306336396337313966326230393435383562343364 -34313037393461383930373538653962623964313862326532333739373933303137313662376639 -31396634323032393131323735333634356133316333383936366366623936643539323539613763 -34363839353163616338396430643263336163653735656361656362336130653236363437373130 -36343063306366303037666530616631333834633531363036343461633138393736623334643630 -35323262323938366561363835616231316364343837383539656638346135663164623334616466 -64653161313233373563343537326336336465623432636538323037386539343439373137666137 -62393135316363643161393330656130663737303534356630376334633239346663356561376337 -64343532313565393330316538376263353839383565643734336637666630663061316163343139 -39393638356133613266656230313836623435613636336436616337653030376430376263323939 -66623038383035373365643436353834623038646634636465353735356135643264623534313731 -34343538356331646432653133386335623336303066663635326262623837663033303461376362 -31373361353664383361326530333361336562663033303963636135666235626263303538366234 -63313461666463376361373639336637306132353066393233626333376534356264356335373538 -31306363613435303062623466303339363931396163373834323738336636656337333938653766 -64386233663366343434376432303731653937313639376661336462323662373134643332326661 -37396664363030343362613133393130373730646534616431303730633466353637353264646132 -36373861613864393366653065353662626434396163663137636135333238313363303266623732 -61646166666136306133633761373833633332616634333131303534306434366165613933323666 -61666562626135396434316130303839643331316532663336343731393431643739376565363330 -33623036613930333338353262643766336134386662336462616562353536616330666330306264 -30633162636562613562363661653531356134613632633562306338353236393336313132663961 -34313466383464616639643630376465396164383536666365353139383562386130626562353436 -31303633623137663238663065363434336663336634363437646363656462333430653464643939 -66333036646631353138646264386630356563333932633933643337396363343562623766356533 -38316639353234666336383737383532353963633762313437356262383830643137353262383964 -30396636626465336331313264666637393030663765393338333061623030633134313438386631 -36336238386563313037373237366432323937663539663162396166663033626663646461323362 -64643137613939363164616533366436353631396232663832393231316263646466653966333238 -66393965623863393433323366366130666364376164336638666331666461316135353338343139 -39636566393437396333633462396464616131333134613131323964353434613736313736376461 -37373130626331623362613538353735613963363035656433626134336564303966383462363661 -34353064643732666264323536316231643833326664386333396536336665316339303562323763 -35646561613439643066613765623563386331363437353637376434656638373962383865396464 -65353834356631316438386139316631336262356139663062346131336432333834616231666538 -32346565343263646461363336353365626532613465623833623036663839613864333961666437 -32633662626462386366363736323739366434323632373066373435633961623038363061386261 -36333139636135623131653234346163353366316562653439336233316236386431383163653866 -38393939646363613132323663643931306135626165626264666262323764336562636166626533 -30613762353431643635656566656533346330306463353839393035343766656465343132363862 -38306239663262336338353033303764633935303562643936373732396466616564323532326439 -36623538363638376232616535363263373664386332623237313834613165393439323936383562 -63373966643531346337333935393862346437316264656563316539303037343933393639363434 -66616161626165373661653963323835383437656464383931363236376165633834343039323035 -62386637373738653639643232636631366532626332356538663166653839303663643332323130 -63386465323838666437646361653633626635303733626238326237623637623563303465353531 -66333935333335396634356539313434616538336135306631353961623764376665653365356335 -30656266313637383534353736346633393432343466666639376330313837353763343438653366 -38346132336336656365323166303632633661383530626331613739303961386235346139366236 -30636464336165353436303966633935323835353439363636386661383461363265323937653565 -65383139613365613337623136626133393461663461613566623134396431613733663137373335 -31666332393338666235653562356563643033353961386466386562346339653638626261306635 -34353132353664373332323335646438646433386430313061643737623566613339653131623836 -62633936626436626133303633366336373838336531336139616564623364626534383834313234 -37666163623462656434316563363535646236666536396431626132323361343238303834366637 -33623565313730386264336638306637623931323861333939376165323139376335326566333633 -65316439613430383230323439613538396630306233356339613662333061643732346531656364 -65623263336538346561356631386639363939643434343938373264373565613537336465363038 -66363963626365633338663234643764316530353566376633313732336533333063613232333538 -66396236313866343038656366633738666463356432613230636361316436666432373636363034 -63353231346533303361363834333231633131613165366134353763363766613033656333626438 -30333731383264323732313261336263326562316530663962313739383836326536363030333564 -39333436396136623161373032643438633431303761333962623832333832366463626533653832 -64323333306336616363613865393561656636633735616333333736633463396330353665626561 -38316134626163376466643537336335313131353461316362383865363437643263636339383831 -65383762663265636663396135386630326333393237356564616237393431633537633762616134 -34353264346539663038663866386538306662316233353130663332643533623436393937366266 -65303330633966613038393430303536363730643463663733653237343937336136353233303037 -65613537656335356533666136366363323535636635323330623664626564656537356363633763 -31313437363766663338313633663866663563393039363232656638363961336631303464306536 -36396136346663323038386634343461336666636438323866356339623763656436643833393963 -66396662366632653831393238396535623939306434396537643930393261336161396239383330 -62336237396639663837623561383964346633353935366266373030633864393433623734613233 -35653138303866656465363465313733616363633334663062363436376139633231626564376166 -34643864333865633832616539333063396264376566666539633936646338623763353032353635 -34633465613135376234303538636432346336383431343237323661393564306438333830393737 -38356333363961643735356265613762396663323264336565623762356163626130623366623861 -31626135613865613866666565663063656632653339333866396537343131636366393131346438 -66626434656235376265386135333165366162346536623466303437313131336165346238383934 -35353064663536373162613836383663396661633930616431653764353339613835393762396332 -32363965653235646130323761316437376631383464306661623963306362343631666538653864 -30613233336339373739363733346466313764383165643466316239613264393332626133363437 -36666431613263393730393264326235353239633035653736626233343630623736646230653064 -35393932396361623239326435356563623033316561373236613136333938363265376561386430 -36393730353465376663343361306234346564623837363565373733373936623534353639623538 -62316264613734326638636538653861663637623462306138636532653036343061396363363631 -61316638653133636561363333363638396439643835363033336666346461356637336233386234 -32336664376631336662613239353461633566633565623137643536343137373534663031626333 -64613335656330666465366638373863306439636166346430363033313435626337373764313938 -35306465656264643463653930303830333262616233333532616138383335626663636365626464 -65613461633737646235343230346331313435386530383838613930633037356537623039333936 -61353332386231623237613731363731383738383934613932613031633235663935386536323733 -31393263353339633462326639306264356562393166366263626537313432366639376531386263 -31643061303032303363653631323131656436663563363333646162643331376438343437663034 -6332323532343937323062386135393566323732356533336162 diff --git a/roles/ansible/meta/main.yml b/roles/ansible/meta/main.yml deleted file mode 100644 index 6eff89a..0000000 --- a/roles/ansible/meta/main.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -allow_duplicates: no -dependencies: - - role: awscreds diff --git a/roles/ansible/tasks/main.yml b/roles/ansible/tasks/main.yml deleted file mode 100644 index ad68903..0000000 --- a/roles/ansible/tasks/main.yml +++ /dev/null @@ -1,51 +0,0 @@ -#!/usr/bin/ansible-playbook -# vim:ft=ansible: ---- -- name: Set up Ansible - block: - - name: Install Ansible-required packages via apt - apt: - name: - - python3-pip - - python3-boto - - python3-boto3 - - python3-botocore - - python3-setuptools - become: true - when: ansible_os_family == "Debian" - - name: Install Ansible-required packages via apk - apk: - name: - - gcc - - musl-dev - - py3-boto - - py3-boto3 - - py3-botocore - - py3-cryptography - - py3-pip - - py3-setuptools - when: ansible_distribution == "Alpine" - - name: Install Ansible-required packages via pip - pip: - name: "{{ packages }}" - state: latest - vars: - packages: - - ansible - - ansible-base - - ansible-lint - - name: Assure root .ssh directory - file: - path: ~/.ssh - state: directory - mode: "0600" - - name: Copy Ansible private key - copy: - src: ansiblekey - dest: ~/.ssh/ansible - mode: "0600" - - name: Clone Ansible repo - git: - dest: /etc/ansible - repo: "{{ ansible_pull_repo }}" - become: true diff --git a/roles/apache-php/files/my.cnf b/roles/apache-php/files/my.cnf deleted file mode 100644 index 9ac6712..0000000 --- a/roles/apache-php/files/my.cnf +++ /dev/null @@ -1,30 +0,0 @@ -# The MariaDB configuration file -# -# The MariaDB/MySQL tools read configuration files in the following order: -# 1. "/etc/mysql/mariadb.cnf" (this file) to set global defaults, -# 2. "/etc/mysql/conf.d/*.cnf" to set global options. -# 3. "/etc/mysql/mariadb.conf.d/*.cnf" to set MariaDB-only options. -# 4. "~/.my.cnf" to set user-specific options. -# -# If the same option is defined multiple times, the last one will apply. -# -# One can use all long options that the program supports. -# Run program with --help to get a list of available options and with -# --print-defaults to see which it would actually understand and use. - -[mysqld] -max_allowed_packet=100M -skip-networking -innodb_file_format = Barracuda -innodb_large_prefix = 1 -innodb_file_per_table = ON - -# -# This group is read both both by the client and the server -# use it for options that affect everything -# -[client-server] - -# Import all .cnf files from configuration directory -!includedir /etc/mysql/conf.d/ -!includedir /etc/mysql/mariadb.conf.d/ diff --git a/roles/apache-php/files/php-apache2.ini b/roles/apache-php/files/php-apache2.ini deleted file mode 100644 index 164753b..0000000 --- a/roles/apache-php/files/php-apache2.ini +++ /dev/null @@ -1,1933 +0,0 @@ -[PHP] - -;;;;;;;;;;;;;;;;;;; -; About php.ini ; -;;;;;;;;;;;;;;;;;;; -; PHP's initialization file, generally called php.ini, is responsible for -; configuring many of the aspects of PHP's behavior. - -; PHP attempts to find and load this configuration from a number of locations. -; The following is a summary of its search order: -; 1. SAPI module specific location. -; 2. The PHPRC environment variable. (As of PHP 5.2.0) -; 3. A number of predefined registry keys on Windows (As of PHP 5.2.0) -; 4. Current working directory (except CLI) -; 5. The web server's directory (for SAPI modules), or directory of PHP -; (otherwise in Windows) -; 6. The directory from the --with-config-file-path compile time option, or the -; Windows directory (C:\windows or C:\winnt) -; See the PHP docs for more specific information. -; http://php.net/configuration.file - -; The syntax of the file is extremely simple. Whitespace and lines -; beginning with a semicolon are silently ignored (as you probably guessed). -; Section headers (e.g. [Foo]) are also silently ignored, even though -; they might mean something in the future. - -; Directives following the section heading [PATH=/www/mysite] only -; apply to PHP files in the /www/mysite directory. Directives -; following the section heading [HOST=www.example.com] only apply to -; PHP files served from www.example.com. Directives set in these -; special sections cannot be overridden by user-defined INI files or -; at runtime. Currently, [PATH=] and [HOST=] sections only work under -; CGI/FastCGI. -; http://php.net/ini.sections - -; Directives are specified using the following syntax: -; directive = value -; Directive names are *case sensitive* - foo=bar is different from FOO=bar. -; Directives are variables used to configure PHP or PHP extensions. -; There is no name validation. If PHP can't find an expected -; directive because it is not set or is mistyped, a default value will be used. - -; The value can be a string, a number, a PHP constant (e.g. E_ALL or M_PI), one -; of the INI constants (On, Off, True, False, Yes, No and None) or an expression -; (e.g. E_ALL & ~E_NOTICE), a quoted string ("bar"), or a reference to a -; previously set variable or directive (e.g. ${foo}) - -; Expressions in the INI file are limited to bitwise operators and parentheses: -; | bitwise OR -; ^ bitwise XOR -; & bitwise AND -; ~ bitwise NOT -; ! boolean NOT - -; Boolean flags can be turned on using the values 1, On, True or Yes. -; They can be turned off using the values 0, Off, False or No. - -; An empty string can be denoted by simply not writing anything after the equal -; sign, or by using the None keyword: - -; foo = ; sets foo to an empty string -; foo = None ; sets foo to an empty string -; foo = "None" ; sets foo to the string 'None' - -; If you use constants in your value, and these constants belong to a -; dynamically loaded extension (either a PHP extension or a Zend extension), -; you may only use these constants *after* the line that loads the extension. - -;;;;;;;;;;;;;;;;;;; -; About this file ; -;;;;;;;;;;;;;;;;;;; -; PHP comes packaged with two INI files. One that is recommended to be used -; in production environments and one that is recommended to be used in -; development environments. - -; php.ini-production contains settings which hold security, performance and -; best practices at its core. But please be aware, these settings may break -; compatibility with older or less security conscience applications. We -; recommending using the production ini in production and testing environments. - -; php.ini-development is very similar to its production variant, except it is -; much more verbose when it comes to errors. We recommend using the -; development version only in development environments, as errors shown to -; application users can inadvertently leak otherwise secure information. - -; This is php.ini-production INI file. - -;;;;;;;;;;;;;;;;;;; -; Quick Reference ; -;;;;;;;;;;;;;;;;;;; -; The following are all the settings which are different in either the production -; or development versions of the INIs with respect to PHP's default behavior. -; Please see the actual settings later in the document for more details as to why -; we recommend these changes in PHP's behavior. - -; display_errors -; Default Value: On -; Development Value: On -; Production Value: Off - -; display_startup_errors -; Default Value: Off -; Development Value: On -; Production Value: Off - -; error_reporting -; Default Value: E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED -; Development Value: E_ALL -; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT - -; html_errors -; Default Value: On -; Development Value: On -; Production value: On - -; log_errors -; Default Value: Off -; Development Value: On -; Production Value: On - -; max_input_time -; Default Value: -1 (Unlimited) -; Development Value: 60 (60 seconds) -; Production Value: 60 (60 seconds) - -; output_buffering -; Default Value: Off -; Development Value: 4096 -; Production Value: 4096 - -; register_argc_argv -; Default Value: On -; Development Value: Off -; Production Value: Off - -; request_order -; Default Value: None -; Development Value: "GP" -; Production Value: "GP" - -; session.gc_divisor -; Default Value: 100 -; Development Value: 1000 -; Production Value: 1000 - -; session.sid_bits_per_character -; Default Value: 4 -; Development Value: 5 -; Production Value: 5 - -; short_open_tag -; Default Value: On -; Development Value: Off -; Production Value: Off - -; variables_order -; Default Value: "EGPCS" -; Development Value: "GPCS" -; Production Value: "GPCS" - -;;;;;;;;;;;;;;;;;;;; -; php.ini Options ; -;;;;;;;;;;;;;;;;;;;; -; Name for user-defined php.ini (.htaccess) files. Default is ".user.ini" -;user_ini.filename = ".user.ini" - -; To disable this feature set this option to empty value -;user_ini.filename = - -; TTL for user-defined php.ini files (time-to-live) in seconds. Default is 300 seconds (5 minutes) -;user_ini.cache_ttl = 300 - -;;;;;;;;;;;;;;;;;;;; -; Language Options ; -;;;;;;;;;;;;;;;;;;;; - -; Enable the PHP scripting language engine under Apache. -; http://php.net/engine -engine = On - -; This directive determines whether or not PHP will recognize code between -; tags as PHP source which should be processed as such. It is -; generally recommended that should be used and that this feature -; should be disabled, as enabling it may result in issues when generating XML -; documents, however this remains supported for backward compatibility reasons. -; Note that this directive does not control the would work. -; http://php.net/syntax-highlighting -;highlight.string = #DD0000 -;highlight.comment = #FF9900 -;highlight.keyword = #007700 -;highlight.default = #0000BB -;highlight.html = #000000 - -; If enabled, the request will be allowed to complete even if the user aborts -; the request. Consider enabling it if executing long requests, which may end up -; being interrupted by the user or a browser timing out. PHP's default behavior -; is to disable this feature. -; http://php.net/ignore-user-abort -;ignore_user_abort = On - -; Determines the size of the realpath cache to be used by PHP. This value should -; be increased on systems where PHP opens many files to reflect the quantity of -; the file operations performed. -; Note: if open_basedir is set, the cache is disabled -; http://php.net/realpath-cache-size -;realpath_cache_size = 4096k - -; Duration of time, in seconds for which to cache realpath information for a given -; file or directory. For systems with rarely changing files, consider increasing this -; value. -; http://php.net/realpath-cache-ttl -;realpath_cache_ttl = 120 - -; Enables or disables the circular reference collector. -; http://php.net/zend.enable-gc -zend.enable_gc = On - -; If enabled, scripts may be written in encodings that are incompatible with -; the scanner. CP936, Big5, CP949 and Shift_JIS are the examples of such -; encodings. To use this feature, mbstring extension must be enabled. -; Default: Off -;zend.multibyte = Off - -; Allows to set the default encoding for the scripts. This value will be used -; unless "declare(encoding=...)" directive appears at the top of the script. -; Only affects if zend.multibyte is set. -; Default: "" -;zend.script_encoding = - -;;;;;;;;;;;;;;;;; -; Miscellaneous ; -;;;;;;;;;;;;;;;;; - -; Decides whether PHP may expose the fact that it is installed on the server -; (e.g. by adding its signature to the Web server header). It is no security -; threat in any way, but it makes it possible to determine whether you use PHP -; on your server or not. -; http://php.net/expose-php -expose_php = Off - -;;;;;;;;;;;;;;;;;;; -; Resource Limits ; -;;;;;;;;;;;;;;;;;;; - -; Maximum execution time of each script, in seconds -; http://php.net/max-execution-time -; Note: This directive is hardcoded to 0 for the CLI SAPI -max_execution_time = 30 - -; Maximum amount of time each script may spend parsing request data. It's a good -; idea to limit this time on productions servers in order to eliminate unexpectedly -; long running scripts. -; Note: This directive is hardcoded to -1 for the CLI SAPI -; Default Value: -1 (Unlimited) -; Development Value: 60 (60 seconds) -; Production Value: 60 (60 seconds) -; http://php.net/max-input-time -max_input_time = 60 - -; Maximum input variable nesting level -; http://php.net/max-input-nesting-level -;max_input_nesting_level = 64 - -; How many GET/POST/COOKIE input variables may be accepted -; max_input_vars = 1000 - -; Maximum amount of memory a script may consume (128MB) -; http://php.net/memory-limit -memory_limit = 512M - -;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; -; Error handling and logging ; -;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; - -; This directive informs PHP of which errors, warnings and notices you would like -; it to take action for. The recommended way of setting values for this -; directive is through the use of the error level constants and bitwise -; operators. The error level constants are below here for convenience as well as -; some common settings and their meanings. -; By default, PHP is set to take action on all errors, notices and warnings EXCEPT -; those related to E_NOTICE and E_STRICT, which together cover best practices and -; recommended coding standards in PHP. For performance reasons, this is the -; recommend error reporting setting. Your production server shouldn't be wasting -; resources complaining about best practices and coding standards. That's what -; development servers and development settings are for. -; Note: The php.ini-development file has this setting as E_ALL. This -; means it pretty much reports everything which is exactly what you want during -; development and early testing. -; -; Error Level Constants: -; E_ALL - All errors and warnings (includes E_STRICT as of PHP 5.4.0) -; E_ERROR - fatal run-time errors -; E_RECOVERABLE_ERROR - almost fatal run-time errors -; E_WARNING - run-time warnings (non-fatal errors) -; E_PARSE - compile-time parse errors -; E_NOTICE - run-time notices (these are warnings which often result -; from a bug in your code, but it's possible that it was -; intentional (e.g., using an uninitialized variable and -; relying on the fact it is automatically initialized to an -; empty string) -; E_STRICT - run-time notices, enable to have PHP suggest changes -; to your code which will ensure the best interoperability -; and forward compatibility of your code -; E_CORE_ERROR - fatal errors that occur during PHP's initial startup -; E_CORE_WARNING - warnings (non-fatal errors) that occur during PHP's -; initial startup -; E_COMPILE_ERROR - fatal compile-time errors -; E_COMPILE_WARNING - compile-time warnings (non-fatal errors) -; E_USER_ERROR - user-generated error message -; E_USER_WARNING - user-generated warning message -; E_USER_NOTICE - user-generated notice message -; E_DEPRECATED - warn about code that will not work in future versions -; of PHP -; E_USER_DEPRECATED - user-generated deprecation warnings -; -; Common Values: -; E_ALL (Show all errors, warnings and notices including coding standards.) -; E_ALL & ~E_NOTICE (Show all errors, except for notices) -; E_ALL & ~E_NOTICE & ~E_STRICT (Show all errors, except for notices and coding standards warnings.) -; E_COMPILE_ERROR|E_RECOVERABLE_ERROR|E_ERROR|E_CORE_ERROR (Show only errors) -; Default Value: E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED -; Development Value: E_ALL -; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT -; http://php.net/error-reporting -error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT - -; This directive controls whether or not and where PHP will output errors, -; notices and warnings too. Error output is very useful during development, but -; it could be very dangerous in production environments. Depending on the code -; which is triggering the error, sensitive information could potentially leak -; out of your application such as database usernames and passwords or worse. -; For production environments, we recommend logging errors rather than -; sending them to STDOUT. -; Possible Values: -; Off = Do not display any errors -; stderr = Display errors to STDERR (affects only CGI/CLI binaries!) -; On or stdout = Display errors to STDOUT -; Default Value: On -; Development Value: On -; Production Value: Off -; http://php.net/display-errors -display_errors = Off - -; The display of errors which occur during PHP's startup sequence are handled -; separately from display_errors. PHP's default behavior is to suppress those -; errors from clients. Turning the display of startup errors on can be useful in -; debugging configuration problems. We strongly recommend you -; set this to 'off' for production servers. -; Default Value: Off -; Development Value: On -; Production Value: Off -; http://php.net/display-startup-errors -display_startup_errors = Off - -; Besides displaying errors, PHP can also log errors to locations such as a -; server-specific log, STDERR, or a location specified by the error_log -; directive found below. While errors should not be displayed on productions -; servers they should still be monitored and logging is a great way to do that. -; Default Value: Off -; Development Value: On -; Production Value: On -; http://php.net/log-errors -log_errors = On - -; Set maximum length of log_errors. In error_log information about the source is -; added. The default is 1024 and 0 allows to not apply any maximum length at all. -; http://php.net/log-errors-max-len -log_errors_max_len = 1024 - -; Do not log repeated messages. Repeated errors must occur in same file on same -; line unless ignore_repeated_source is set true. -; http://php.net/ignore-repeated-errors -ignore_repeated_errors = Off - -; Ignore source of message when ignoring repeated messages. When this setting -; is On you will not log errors with repeated messages from different files or -; source lines. -; http://php.net/ignore-repeated-source -ignore_repeated_source = Off - -; If this parameter is set to Off, then memory leaks will not be shown (on -; stdout or in the log). This has only effect in a debug compile, and if -; error reporting includes E_WARNING in the allowed list -; http://php.net/report-memleaks -report_memleaks = On - -; This setting is on by default. -;report_zend_debug = 0 - -; Store the last error/warning message in $php_errormsg (boolean). Setting this value -; to On can assist in debugging and is appropriate for development servers. It should -; however be disabled on production servers. -; This directive is DEPRECATED. -; Default Value: Off -; Development Value: Off -; Production Value: Off -; http://php.net/track-errors -;track_errors = Off - -; Turn off normal error reporting and emit XML-RPC error XML -; http://php.net/xmlrpc-errors -;xmlrpc_errors = 0 - -; An XML-RPC faultCode -;xmlrpc_error_number = 0 - -; When PHP displays or logs an error, it has the capability of formatting the -; error message as HTML for easier reading. This directive controls whether -; the error message is formatted as HTML or not. -; Note: This directive is hardcoded to Off for the CLI SAPI -; Default Value: On -; Development Value: On -; Production value: On -; http://php.net/html-errors -html_errors = On - -; If html_errors is set to On *and* docref_root is not empty, then PHP -; produces clickable error messages that direct to a page describing the error -; or function causing the error in detail. -; You can download a copy of the PHP manual from http://php.net/docs -; and change docref_root to the base URL of your local copy including the -; leading '/'. You must also specify the file extension being used including -; the dot. PHP's default behavior is to leave these settings empty, in which -; case no links to documentation are generated. -; Note: Never use this feature for production boxes. -; http://php.net/docref-root -; Examples -;docref_root = "/phpmanual/" - -; http://php.net/docref-ext -;docref_ext = .html - -; String to output before an error message. PHP's default behavior is to leave -; this setting blank. -; http://php.net/error-prepend-string -; Example: -;error_prepend_string = "" - -; String to output after an error message. PHP's default behavior is to leave -; this setting blank. -; http://php.net/error-append-string -; Example: -;error_append_string = "" - -; Log errors to specified file. PHP's default behavior is to leave this value -; empty. -; http://php.net/error-log -; Example: -;error_log = php_errors.log -; Log errors to syslog (Event Log on Windows). -;error_log = syslog - -;windows.show_crt_warning -; Default value: 0 -; Development value: 0 -; Production value: 0 - -;;;;;;;;;;;;;;;;; -; Data Handling ; -;;;;;;;;;;;;;;;;; - -; The separator used in PHP generated URLs to separate arguments. -; PHP's default setting is "&". -; http://php.net/arg-separator.output -; Example: -;arg_separator.output = "&" - -; List of separator(s) used by PHP to parse input URLs into variables. -; PHP's default setting is "&". -; NOTE: Every character in this directive is considered as separator! -; http://php.net/arg-separator.input -; Example: -;arg_separator.input = ";&" - -; This directive determines which super global arrays are registered when PHP -; starts up. G,P,C,E & S are abbreviations for the following respective super -; globals: GET, POST, COOKIE, ENV and SERVER. There is a performance penalty -; paid for the registration of these arrays and because ENV is not as commonly -; used as the others, ENV is not recommended on productions servers. You -; can still get access to the environment variables through getenv() should you -; need to. -; Default Value: "EGPCS" -; Development Value: "GPCS" -; Production Value: "GPCS"; -; http://php.net/variables-order -variables_order = "GPCS" - -; This directive determines which super global data (G,P & C) should be -; registered into the super global array REQUEST. If so, it also determines -; the order in which that data is registered. The values for this directive -; are specified in the same manner as the variables_order directive, -; EXCEPT one. Leaving this value empty will cause PHP to use the value set -; in the variables_order directive. It does not mean it will leave the super -; globals array REQUEST empty. -; Default Value: None -; Development Value: "GP" -; Production Value: "GP" -; http://php.net/request-order -request_order = "GP" - -; This directive determines whether PHP registers $argv & $argc each time it -; runs. $argv contains an array of all the arguments passed to PHP when a script -; is invoked. $argc contains an integer representing the number of arguments -; that were passed when the script was invoked. These arrays are extremely -; useful when running scripts from the command line. When this directive is -; enabled, registering these variables consumes CPU cycles and memory each time -; a script is executed. For performance reasons, this feature should be disabled -; on production servers. -; Note: This directive is hardcoded to On for the CLI SAPI -; Default Value: On -; Development Value: Off -; Production Value: Off -; http://php.net/register-argc-argv -register_argc_argv = Off - -; When enabled, the ENV, REQUEST and SERVER variables are created when they're -; first used (Just In Time) instead of when the script starts. If these -; variables are not used within a script, having this directive on will result -; in a performance gain. The PHP directive register_argc_argv must be disabled -; for this directive to have any affect. -; http://php.net/auto-globals-jit -auto_globals_jit = On - -; Whether PHP will read the POST data. -; This option is enabled by default. -; Most likely, you won't want to disable this option globally. It causes $_POST -; and $_FILES to always be empty; the only way you will be able to read the -; POST data will be through the php://input stream wrapper. This can be useful -; to proxy requests or to process the POST data in a memory efficient fashion. -; http://php.net/enable-post-data-reading -;enable_post_data_reading = Off - -; Maximum size of POST data that PHP will accept. -; Its value may be 0 to disable the limit. It is ignored if POST data reading -; is disabled through enable_post_data_reading. -; http://php.net/post-max-size -post_max_size = 8M - -; Automatically add files before PHP document. -; http://php.net/auto-prepend-file -auto_prepend_file = - -; Automatically add files after PHP document. -; http://php.net/auto-append-file -auto_append_file = - -; By default, PHP will output a media type using the Content-Type header. To -; disable this, simply set it to be empty. -; -; PHP's built-in default media type is set to text/html. -; http://php.net/default-mimetype -default_mimetype = "text/html" - -; PHP's default character set is set to UTF-8. -; http://php.net/default-charset -default_charset = "UTF-8" - -; PHP internal character encoding is set to empty. -; If empty, default_charset is used. -; http://php.net/internal-encoding -;internal_encoding = - -; PHP input character encoding is set to empty. -; If empty, default_charset is used. -; http://php.net/input-encoding -;input_encoding = - -; PHP output character encoding is set to empty. -; If empty, default_charset is used. -; See also output_buffer. -; http://php.net/output-encoding -;output_encoding = - -;;;;;;;;;;;;;;;;;;;;;;;;; -; Paths and Directories ; -;;;;;;;;;;;;;;;;;;;;;;;;; - -; UNIX: "/path1:/path2" -;include_path = ".:/usr/share/php" -; -; Windows: "\path1;\path2" -;include_path = ".;c:\php\includes" -; -; PHP's default setting for include_path is ".;/path/to/php/pear" -; http://php.net/include-path - -; The root of the PHP pages, used only if nonempty. -; if PHP was not compiled with FORCE_REDIRECT, you SHOULD set doc_root -; if you are running php as a CGI under any web server (other than IIS) -; see documentation for security issues. The alternate is to use the -; cgi.force_redirect configuration below -; http://php.net/doc-root -doc_root = - -; The directory under which PHP opens the script using /~username used only -; if nonempty. -; http://php.net/user-dir -user_dir = - -; Directory in which the loadable extensions (modules) reside. -; http://php.net/extension-dir -; extension_dir = "./" -; On windows: -; extension_dir = "ext" - -; Directory where the temporary files should be placed. -; Defaults to the system default (see sys_get_temp_dir) -; sys_temp_dir = "/tmp" - -; Whether or not to enable the dl() function. The dl() function does NOT work -; properly in multithreaded servers, such as IIS or Zeus, and is automatically -; disabled on them. -; http://php.net/enable-dl -enable_dl = Off - -; cgi.force_redirect is necessary to provide security running PHP as a CGI under -; most web servers. Left undefined, PHP turns this on by default. You can -; turn it off here AT YOUR OWN RISK -; **You CAN safely turn this off for IIS, in fact, you MUST.** -; http://php.net/cgi.force-redirect -;cgi.force_redirect = 1 - -; if cgi.nph is enabled it will force cgi to always sent Status: 200 with -; every request. PHP's default behavior is to disable this feature. -;cgi.nph = 1 - -; if cgi.force_redirect is turned on, and you are not running under Apache or Netscape -; (iPlanet) web servers, you MAY need to set an environment variable name that PHP -; will look for to know it is OK to continue execution. Setting this variable MAY -; cause security issues, KNOW WHAT YOU ARE DOING FIRST. -; http://php.net/cgi.redirect-status-env -;cgi.redirect_status_env = - -; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI. PHP's -; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok -; what PATH_INFO is. For more information on PATH_INFO, see the cgi specs. Setting -; this to 1 will cause PHP CGI to fix its paths to conform to the spec. A setting -; of zero causes PHP to behave as before. Default is 1. You should fix your scripts -; to use SCRIPT_FILENAME rather than PATH_TRANSLATED. -; http://php.net/cgi.fix-pathinfo -;cgi.fix_pathinfo=1 - -; if cgi.discard_path is enabled, the PHP CGI binary can safely be placed outside -; of the web tree and people will not be able to circumvent .htaccess security. -; http://php.net/cgi.dicard-path -;cgi.discard_path=1 - -; FastCGI under IIS (on WINNT based OS) supports the ability to impersonate -; security tokens of the calling client. This allows IIS to define the -; security context that the request runs under. mod_fastcgi under Apache -; does not currently support this feature (03/17/2002) -; Set to 1 if running under IIS. Default is zero. -; http://php.net/fastcgi.impersonate -;fastcgi.impersonate = 1 - -; Disable logging through FastCGI connection. PHP's default behavior is to enable -; this feature. -;fastcgi.logging = 0 - -; cgi.rfc2616_headers configuration option tells PHP what type of headers to -; use when sending HTTP response code. If set to 0, PHP sends Status: header that -; is supported by Apache. When this option is set to 1, PHP will send -; RFC2616 compliant header. -; Default is zero. -; http://php.net/cgi.rfc2616-headers -;cgi.rfc2616_headers = 0 - -; cgi.check_shebang_line controls whether CGI PHP checks for line starting with #! -; (shebang) at the top of the running script. This line might be needed if the -; script support running both as stand-alone script and via PHP CGI<. PHP in CGI -; mode skips this line and ignores its content if this directive is turned on. -; http://php.net/cgi.check-shebang-line -;cgi.check_shebang_line=1 - -;;;;;;;;;;;;;;;; -; File Uploads ; -;;;;;;;;;;;;;;;; - -; Whether to allow HTTP file uploads. -; http://php.net/file-uploads -file_uploads = On - -; Temporary directory for HTTP uploaded files (will use system default if not -; specified). -; http://php.net/upload-tmp-dir -;upload_tmp_dir = - -; Maximum allowed size for uploaded files. -; http://php.net/upload-max-filesize -upload_max_filesize = 1G - -; Maximum number of files that can be uploaded via a single request -max_file_uploads = 20 - -;;;;;;;;;;;;;;;;;; -; Fopen wrappers ; -;;;;;;;;;;;;;;;;;; - -; Whether to allow the treatment of URLs (like http:// or ftp://) as files. -; http://php.net/allow-url-fopen -allow_url_fopen = On - -; Whether to allow include/require to open URLs (like http:// or ftp://) as files. -; http://php.net/allow-url-include -allow_url_include = Off - -; Define the anonymous ftp password (your email address). PHP's default setting -; for this is empty. -; http://php.net/from -;from="john@doe.com" - -; Define the User-Agent string. PHP's default setting for this is empty. -; http://php.net/user-agent -;user_agent="PHP" - -; Default timeout for socket based streams (seconds) -; http://php.net/default-socket-timeout -default_socket_timeout = 60 - -; If your scripts have to deal with files from Macintosh systems, -; or you are running on a Mac and need to deal with files from -; unix or win32 systems, setting this flag will cause PHP to -; automatically detect the EOL character in those files so that -; fgets() and file() will work regardless of the source of the file. -; http://php.net/auto-detect-line-endings -;auto_detect_line_endings = Off - -;;;;;;;;;;;;;;;;;;;;;; -; Dynamic Extensions ; -;;;;;;;;;;;;;;;;;;;;;; - -; If you wish to have an extension loaded automatically, use the following -; syntax: -; -; extension=modulename -; -; For example: -; -; extension=mysqli -; -; When the extension library to load is not located in the default extension -; directory, You may specify an absolute path to the library file: -; -; extension=/path/to/extension/mysqli.so -; -; Note : The syntax used in previous PHP versions ('extension=.so' and -; 'extension='php_.dll') is supported for legacy reasons and may be -; deprecated in a future PHP major version. So, when it is possible, please -; move to the new ('extension=) syntax. -; -; Notes for Windows environments : -; -; - Many DLL files are located in the extensions/ (PHP 4) or ext/ (PHP 5+) -; extension folders as well as the separate PECL DLL download (PHP 5+). -; Be sure to appropriately set the extension_dir directive. -; -;extension=bz2 -;extension=curl -;extension=fileinfo -;extension=gd2 -;extension=gettext -;extension=gmp -;extension=intl -;extension=imap -;extension=interbase -;extension=ldap -;extension=mbstring -;extension=exif ; Must be after mbstring as it depends on it -;extension=mysqli -;extension=oci8_12c ; Use with Oracle Database 12c Instant Client -;extension=odbc -;extension=openssl -;extension=pdo_firebird -;extension=pdo_mysql -;extension=pdo_oci -;extension=pdo_odbc -;extension=pdo_pgsql -;extension=pdo_sqlite -;extension=pgsql -;extension=shmop - -; The MIBS data available in the PHP distribution must be installed. -; See http://www.php.net/manual/en/snmp.installation.php -;extension=snmp - -;extension=soap -;extension=sockets -;extension=sqlite3 -;extension=tidy -;extension=xmlrpc -;extension=xsl - -;;;;;;;;;;;;;;;;;;; -; Module Settings ; -;;;;;;;;;;;;;;;;;;; - -[CLI Server] -; Whether the CLI web server uses ANSI color coding in its terminal output. -cli_server.color = On - -[Date] -; Defines the default timezone used by the date functions -; http://php.net/date.timezone -;date.timezone = - -; http://php.net/date.default-latitude -;date.default_latitude = 31.7667 - -; http://php.net/date.default-longitude -;date.default_longitude = 35.2333 - -; http://php.net/date.sunrise-zenith -;date.sunrise_zenith = 90.583333 - -; http://php.net/date.sunset-zenith -;date.sunset_zenith = 90.583333 - -[filter] -; http://php.net/filter.default -;filter.default = unsafe_raw - -; http://php.net/filter.default-flags -;filter.default_flags = - -[iconv] -; Use of this INI entry is deprecated, use global input_encoding instead. -; If empty, default_charset or input_encoding or iconv.input_encoding is used. -; The precedence is: default_charset < intput_encoding < iconv.input_encoding -;iconv.input_encoding = - -; Use of this INI entry is deprecated, use global internal_encoding instead. -; If empty, default_charset or internal_encoding or iconv.internal_encoding is used. -; The precedence is: default_charset < internal_encoding < iconv.internal_encoding -;iconv.internal_encoding = - -; Use of this INI entry is deprecated, use global output_encoding instead. -; If empty, default_charset or output_encoding or iconv.output_encoding is used. -; The precedence is: default_charset < output_encoding < iconv.output_encoding -; To use an output encoding conversion, iconv's output handler must be set -; otherwise output encoding conversion cannot be performed. -;iconv.output_encoding = - -[imap] -; rsh/ssh logins are disabled by default. Use this INI entry if you want to -; enable them. Note that the IMAP library does not filter mailbox names before -; passing them to rsh/ssh command, thus passing untrusted data to this function -; with rsh/ssh enabled is insecure. -;imap.enable_insecure_rsh=0 - -[intl] -;intl.default_locale = -; This directive allows you to produce PHP errors when some error -; happens within intl functions. The value is the level of the error produced. -; Default is 0, which does not produce any errors. -;intl.error_level = E_WARNING -;intl.use_exceptions = 0 - -[sqlite3] -; Directory pointing to SQLite3 extensions -; http://php.net/sqlite3.extension-dir -;sqlite3.extension_dir = - -; SQLite defensive mode flag (only available from SQLite 3.26+) -; When the defensive flag is enabled, language features that allow ordinary -; SQL to deliberately corrupt the database file are disabled. This forbids -; writing directly to the schema, shadow tables (eg. FTS data tables), or -; the sqlite_dbpage virtual table. -; https://www.sqlite.org/c3ref/c_dbconfig_defensive.html -; (for older SQLite versions, this flag has no use) -;sqlite3.defensive = 1 - -[Pcre] -;PCRE library backtracking limit. -; http://php.net/pcre.backtrack-limit -;pcre.backtrack_limit=100000 - -;PCRE library recursion limit. -;Please note that if you set this value to a high number you may consume all -;the available process stack and eventually crash PHP (due to reaching the -;stack size limit imposed by the Operating System). -; http://php.net/pcre.recursion-limit -;pcre.recursion_limit=100000 - -;Enables or disables JIT compilation of patterns. This requires the PCRE -;library to be compiled with JIT support. -;pcre.jit=1 - -[Pdo] -; Whether to pool ODBC connections. Can be one of "strict", "relaxed" or "off" -; http://php.net/pdo-odbc.connection-pooling -;pdo_odbc.connection_pooling=strict - -;pdo_odbc.db2_instance_name - -[Pdo_mysql] -; If mysqlnd is used: Number of cache slots for the internal result set cache -; http://php.net/pdo_mysql.cache_size -pdo_mysql.cache_size = 2000 - -; Default socket name for local MySQL connects. If empty, uses the built-in -; MySQL defaults. -; http://php.net/pdo_mysql.default-socket -pdo_mysql.default_socket= - -[Phar] -; http://php.net/phar.readonly -;phar.readonly = On - -; http://php.net/phar.require-hash -;phar.require_hash = On - -;phar.cache_list = - -[mail function] -; For Win32 only. -; http://php.net/smtp -SMTP = localhost -; http://php.net/smtp-port -smtp_port = 25 - -; For Win32 only. -; http://php.net/sendmail-from -;sendmail_from = me@example.com - -; For Unix only. You may supply arguments as well (default: "sendmail -t -i"). -; http://php.net/sendmail-path -;sendmail_path = - -; Force the addition of the specified parameters to be passed as extra parameters -; to the sendmail binary. These parameters will always replace the value of -; the 5th parameter to mail(). -;mail.force_extra_parameters = - -; Add X-PHP-Originating-Script: that will include uid of the script followed by the filename -mail.add_x_header = Off - -; The path to a log file that will log all mail() calls. Log entries include -; the full path of the script, line number, To address and headers. -;mail.log = -; Log mail to syslog (Event Log on Windows). -;mail.log = syslog - -[ODBC] -; http://php.net/odbc.default-db -;odbc.default_db = Not yet implemented - -; http://php.net/odbc.default-user -;odbc.default_user = Not yet implemented - -; http://php.net/odbc.default-pw -;odbc.default_pw = Not yet implemented - -; Controls the ODBC cursor model. -; Default: SQL_CURSOR_STATIC (default). -;odbc.default_cursortype - -; Allow or prevent persistent links. -; http://php.net/odbc.allow-persistent -odbc.allow_persistent = On - -; Check that a connection is still valid before reuse. -; http://php.net/odbc.check-persistent -odbc.check_persistent = On - -; Maximum number of persistent links. -1 means no limit. -; http://php.net/odbc.max-persistent -odbc.max_persistent = -1 - -; Maximum number of links (persistent + non-persistent). -1 means no limit. -; http://php.net/odbc.max-links -odbc.max_links = -1 - -; Handling of LONG fields. Returns number of bytes to variables. 0 means -; passthru. -; http://php.net/odbc.defaultlrl -odbc.defaultlrl = 4096 - -; Handling of binary data. 0 means passthru, 1 return as is, 2 convert to char. -; See the documentation on odbc_binmode and odbc_longreadlen for an explanation -; of odbc.defaultlrl and odbc.defaultbinmode -; http://php.net/odbc.defaultbinmode -odbc.defaultbinmode = 1 - -;birdstep.max_links = -1 - -[Interbase] -; Allow or prevent persistent links. -ibase.allow_persistent = 1 - -; Maximum number of persistent links. -1 means no limit. -ibase.max_persistent = -1 - -; Maximum number of links (persistent + non-persistent). -1 means no limit. -ibase.max_links = -1 - -; Default database name for ibase_connect(). -;ibase.default_db = - -; Default username for ibase_connect(). -;ibase.default_user = - -; Default password for ibase_connect(). -;ibase.default_password = - -; Default charset for ibase_connect(). -;ibase.default_charset = - -; Default timestamp format. -ibase.timestampformat = "%Y-%m-%d %H:%M:%S" - -; Default date format. -ibase.dateformat = "%Y-%m-%d" - -; Default time format. -ibase.timeformat = "%H:%M:%S" - -[MySQLi] - -; Maximum number of persistent links. -1 means no limit. -; http://php.net/mysqli.max-persistent -mysqli.max_persistent = -1 - -; Allow accessing, from PHP's perspective, local files with LOAD DATA statements -; http://php.net/mysqli.allow_local_infile -;mysqli.allow_local_infile = On - -; Allow or prevent persistent links. -; http://php.net/mysqli.allow-persistent -mysqli.allow_persistent = On - -; Maximum number of links. -1 means no limit. -; http://php.net/mysqli.max-links -mysqli.max_links = -1 - -; If mysqlnd is used: Number of cache slots for the internal result set cache -; http://php.net/mysqli.cache_size -mysqli.cache_size = 2000 - -; Default port number for mysqli_connect(). If unset, mysqli_connect() will use -; the $MYSQL_TCP_PORT or the mysql-tcp entry in /etc/services or the -; compile-time value defined MYSQL_PORT (in that order). Win32 will only look -; at MYSQL_PORT. -; http://php.net/mysqli.default-port -mysqli.default_port = 3306 - -; Default socket name for local MySQL connects. If empty, uses the built-in -; MySQL defaults. -; http://php.net/mysqli.default-socket -mysqli.default_socket = - -; Default host for mysql_connect() (doesn't apply in safe mode). -; http://php.net/mysqli.default-host -mysqli.default_host = - -; Default user for mysql_connect() (doesn't apply in safe mode). -; http://php.net/mysqli.default-user -mysqli.default_user = - -; Default password for mysqli_connect() (doesn't apply in safe mode). -; Note that this is generally a *bad* idea to store passwords in this file. -; *Any* user with PHP access can run 'echo get_cfg_var("mysqli.default_pw") -; and reveal this password! And of course, any users with read access to this -; file will be able to reveal the password as well. -; http://php.net/mysqli.default-pw -mysqli.default_pw = - -; Allow or prevent reconnect -mysqli.reconnect = Off - -[mysqlnd] -; Enable / Disable collection of general statistics by mysqlnd which can be -; used to tune and monitor MySQL operations. -; http://php.net/mysqlnd.collect_statistics -mysqlnd.collect_statistics = On - -; Enable / Disable collection of memory usage statistics by mysqlnd which can be -; used to tune and monitor MySQL operations. -; http://php.net/mysqlnd.collect_memory_statistics -mysqlnd.collect_memory_statistics = Off - -; Records communication from all extensions using mysqlnd to the specified log -; file. -; http://php.net/mysqlnd.debug -;mysqlnd.debug = - -; Defines which queries will be logged. -; http://php.net/mysqlnd.log_mask -;mysqlnd.log_mask = 0 - -; Default size of the mysqlnd memory pool, which is used by result sets. -; http://php.net/mysqlnd.mempool_default_size -;mysqlnd.mempool_default_size = 16000 - -; Size of a pre-allocated buffer used when sending commands to MySQL in bytes. -; http://php.net/mysqlnd.net_cmd_buffer_size -;mysqlnd.net_cmd_buffer_size = 2048 - -; Size of a pre-allocated buffer used for reading data sent by the server in -; bytes. -; http://php.net/mysqlnd.net_read_buffer_size -;mysqlnd.net_read_buffer_size = 32768 - -; Timeout for network requests in seconds. -; http://php.net/mysqlnd.net_read_timeout -;mysqlnd.net_read_timeout = 31536000 - -; SHA-256 Authentication Plugin related. File with the MySQL server public RSA -; key. -; http://php.net/mysqlnd.sha256_server_public_key -;mysqlnd.sha256_server_public_key = - -[OCI8] - -; Connection: Enables privileged connections using external -; credentials (OCI_SYSOPER, OCI_SYSDBA) -; http://php.net/oci8.privileged-connect -;oci8.privileged_connect = Off - -; Connection: The maximum number of persistent OCI8 connections per -; process. Using -1 means no limit. -; http://php.net/oci8.max-persistent -;oci8.max_persistent = -1 - -; Connection: The maximum number of seconds a process is allowed to -; maintain an idle persistent connection. Using -1 means idle -; persistent connections will be maintained forever. -; http://php.net/oci8.persistent-timeout -;oci8.persistent_timeout = -1 - -; Connection: The number of seconds that must pass before issuing a -; ping during oci_pconnect() to check the connection validity. When -; set to 0, each oci_pconnect() will cause a ping. Using -1 disables -; pings completely. -; http://php.net/oci8.ping-interval -;oci8.ping_interval = 60 - -; Connection: Set this to a user chosen connection class to be used -; for all pooled server requests with Oracle 11g Database Resident -; Connection Pooling (DRCP). To use DRCP, this value should be set to -; the same string for all web servers running the same application, -; the database pool must be configured, and the connection string must -; specify to use a pooled server. -;oci8.connection_class = - -; High Availability: Using On lets PHP receive Fast Application -; Notification (FAN) events generated when a database node fails. The -; database must also be configured to post FAN events. -;oci8.events = Off - -; Tuning: This option enables statement caching, and specifies how -; many statements to cache. Using 0 disables statement caching. -; http://php.net/oci8.statement-cache-size -;oci8.statement_cache_size = 20 - -; Tuning: Enables statement prefetching and sets the default number of -; rows that will be fetched automatically after statement execution. -; http://php.net/oci8.default-prefetch -;oci8.default_prefetch = 100 - -; Compatibility. Using On means oci_close() will not close -; oci_connect() and oci_new_connect() connections. -; http://php.net/oci8.old-oci-close-semantics -;oci8.old_oci_close_semantics = Off - -[PostgreSQL] -; Allow or prevent persistent links. -; http://php.net/pgsql.allow-persistent -pgsql.allow_persistent = On - -; Detect broken persistent links always with pg_pconnect(). -; Auto reset feature requires a little overheads. -; http://php.net/pgsql.auto-reset-persistent -pgsql.auto_reset_persistent = Off - -; Maximum number of persistent links. -1 means no limit. -; http://php.net/pgsql.max-persistent -pgsql.max_persistent = -1 - -; Maximum number of links (persistent+non persistent). -1 means no limit. -; http://php.net/pgsql.max-links -pgsql.max_links = -1 - -; Ignore PostgreSQL backends Notice message or not. -; Notice message logging require a little overheads. -; http://php.net/pgsql.ignore-notice -pgsql.ignore_notice = 0 - -; Log PostgreSQL backends Notice message or not. -; Unless pgsql.ignore_notice=0, module cannot log notice message. -; http://php.net/pgsql.log-notice -pgsql.log_notice = 0 - -[bcmath] -; Number of decimal digits for all bcmath functions. -; http://php.net/bcmath.scale -bcmath.scale = 0 - -[browscap] -; http://php.net/browscap -;browscap = extra/browscap.ini - -[Session] -; Handler used to store/retrieve data. -; http://php.net/session.save-handler -session.save_handler = files - -; Argument passed to save_handler. In the case of files, this is the path -; where data files are stored. Note: Windows users have to change this -; variable in order to use PHP's session functions. -; -; The path can be defined as: -; -; session.save_path = "N;/path" -; -; where N is an integer. Instead of storing all the session files in -; /path, what this will do is use subdirectories N-levels deep, and -; store the session data in those directories. This is useful if -; your OS has problems with many files in one directory, and is -; a more efficient layout for servers that handle many sessions. -; -; NOTE 1: PHP will not create this directory structure automatically. -; You can use the script in the ext/session dir for that purpose. -; NOTE 2: See the section on garbage collection below if you choose to -; use subdirectories for session storage -; -; The file storage module creates files using mode 600 by default. -; You can change that by using -; -; session.save_path = "N;MODE;/path" -; -; where MODE is the octal representation of the mode. Note that this -; does not overwrite the process's umask. -; http://php.net/session.save-path -;session.save_path = "/var/lib/php/sessions" - -; Whether to use strict session mode. -; Strict session mode does not accept uninitialized session ID and regenerate -; session ID if browser sends uninitialized session ID. Strict mode protects -; applications from session fixation via session adoption vulnerability. It is -; disabled by default for maximum compatibility, but enabling it is encouraged. -; https://wiki.php.net/rfc/strict_sessions -session.use_strict_mode = 0 - -; Whether to use cookies. -; http://php.net/session.use-cookies -session.use_cookies = 1 - -; http://php.net/session.cookie-secure -;session.cookie_secure = - -; This option forces PHP to fetch and use a cookie for storing and maintaining -; the session id. We encourage this operation as it's very helpful in combating -; session hijacking when not specifying and managing your own session id. It is -; not the be-all and end-all of session hijacking defense, but it's a good start. -; http://php.net/session.use-only-cookies -session.use_only_cookies = 1 - -; Name of the session (used as cookie name). -; http://php.net/session.name -session.name = PHPSESSID - -; Initialize session on request startup. -; http://php.net/session.auto-start -session.auto_start = 0 - -; Lifetime in seconds of cookie or, if 0, until browser is restarted. -; http://php.net/session.cookie-lifetime -session.cookie_lifetime = 0 - -; The path for which the cookie is valid. -; http://php.net/session.cookie-path -session.cookie_path = / - -; The domain for which the cookie is valid. -; http://php.net/session.cookie-domain -session.cookie_domain = - -; Whether or not to add the httpOnly flag to the cookie, which makes it inaccessible to browser scripting languages such as JavaScript. -; http://php.net/session.cookie-httponly -session.cookie_httponly = - -; Handler used to serialize data. php is the standard serializer of PHP. -; http://php.net/session.serialize-handler -session.serialize_handler = php - -; Defines the probability that the 'garbage collection' process is started -; on every session initialization. The probability is calculated by using -; gc_probability/gc_divisor. Where session.gc_probability is the numerator -; and gc_divisor is the denominator in the equation. Setting this value to 1 -; when the session.gc_divisor value is 100 will give you approximately a 1% chance -; the gc will run on any give request. -; Default Value: 1 -; Development Value: 1 -; Production Value: 1 -; http://php.net/session.gc-probability -session.gc_probability = 0 - -; Defines the probability that the 'garbage collection' process is started on every -; session initialization. The probability is calculated by using the following equation: -; gc_probability/gc_divisor. Where session.gc_probability is the numerator and -; session.gc_divisor is the denominator in the equation. Setting this value to 1 -; when the session.gc_divisor value is 100 will give you approximately a 1% chance -; the gc will run on any give request. Increasing this value to 1000 will give you -; a 0.1% chance the gc will run on any give request. For high volume production servers, -; this is a more efficient approach. -; Default Value: 100 -; Development Value: 1000 -; Production Value: 1000 -; http://php.net/session.gc-divisor -session.gc_divisor = 1000 - -; After this number of seconds, stored data will be seen as 'garbage' and -; cleaned up by the garbage collection process. -; http://php.net/session.gc-maxlifetime -session.gc_maxlifetime = 1440 - -; NOTE: If you are using the subdirectory option for storing session files -; (see session.save_path above), then garbage collection does *not* -; happen automatically. You will need to do your own garbage -; collection through a shell script, cron entry, or some other method. -; For example, the following script would is the equivalent of -; setting session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes): -; find /path/to/sessions -cmin +24 -type f | xargs rm - -; Check HTTP Referer to invalidate externally stored URLs containing ids. -; HTTP_REFERER has to contain this substring for the session to be -; considered as valid. -; http://php.net/session.referer-check -session.referer_check = - -; Set to {nocache,private,public,} to determine HTTP caching aspects -; or leave this empty to avoid sending anti-caching headers. -; http://php.net/session.cache-limiter -session.cache_limiter = nocache - -; Document expires after n minutes. -; http://php.net/session.cache-expire -session.cache_expire = 180 - -; trans sid support is disabled by default. -; Use of trans sid may risk your users' security. -; Use this option with caution. -; - User may send URL contains active session ID -; to other person via. email/irc/etc. -; - URL that contains active session ID may be stored -; in publicly accessible computer. -; - User may access your site with the same session ID -; always using URL stored in browser's history or bookmarks. -; http://php.net/session.use-trans-sid -session.use_trans_sid = 0 - -; Set session ID character length. This value could be between 22 to 256. -; Shorter length than default is supported only for compatibility reason. -; Users should use 32 or more chars. -; http://php.net/session.sid-length -; Default Value: 32 -; Development Value: 26 -; Production Value: 26 -session.sid_length = 26 - -; The URL rewriter will look for URLs in a defined set of HTML tags. -;
is special; if you include them here, the rewriter will -; add a hidden field with the info which is otherwise appended -; to URLs. tag's action attribute URL will not be modified -; unless it is specified. -; Note that all valid entries require a "=", even if no value follows. -; Default Value: "a=href,area=href,frame=src,form=" -; Development Value: "a=href,area=href,frame=src,form=" -; Production Value: "a=href,area=href,frame=src,form=" -; http://php.net/url-rewriter.tags -session.trans_sid_tags = "a=href,area=href,frame=src,form=" - -; URL rewriter does not rewrite absolute URLs by default. -; To enable rewrites for absolute pathes, target hosts must be specified -; at RUNTIME. i.e. use ini_set() -; tags is special. PHP will check action attribute's URL regardless -; of session.trans_sid_tags setting. -; If no host is defined, HTTP_HOST will be used for allowed host. -; Example value: php.net,www.php.net,wiki.php.net -; Use "," for multiple hosts. No spaces are allowed. -; Default Value: "" -; Development Value: "" -; Production Value: "" -;session.trans_sid_hosts="" - -; Define how many bits are stored in each character when converting -; the binary hash data to something readable. -; Possible values: -; 4 (4 bits: 0-9, a-f) -; 5 (5 bits: 0-9, a-v) -; 6 (6 bits: 0-9, a-z, A-Z, "-", ",") -; Default Value: 4 -; Development Value: 5 -; Production Value: 5 -; http://php.net/session.hash-bits-per-character -session.sid_bits_per_character = 5 - -; Enable upload progress tracking in $_SESSION -; Default Value: On -; Development Value: On -; Production Value: On -; http://php.net/session.upload-progress.enabled -;session.upload_progress.enabled = On - -; Cleanup the progress information as soon as all POST data has been read -; (i.e. upload completed). -; Default Value: On -; Development Value: On -; Production Value: On -; http://php.net/session.upload-progress.cleanup -;session.upload_progress.cleanup = On - -; A prefix used for the upload progress key in $_SESSION -; Default Value: "upload_progress_" -; Development Value: "upload_progress_" -; Production Value: "upload_progress_" -; http://php.net/session.upload-progress.prefix -;session.upload_progress.prefix = "upload_progress_" - -; The index name (concatenated with the prefix) in $_SESSION -; containing the upload progress information -; Default Value: "PHP_SESSION_UPLOAD_PROGRESS" -; Development Value: "PHP_SESSION_UPLOAD_PROGRESS" -; Production Value: "PHP_SESSION_UPLOAD_PROGRESS" -; http://php.net/session.upload-progress.name -;session.upload_progress.name = "PHP_SESSION_UPLOAD_PROGRESS" - -; How frequently the upload progress should be updated. -; Given either in percentages (per-file), or in bytes -; Default Value: "1%" -; Development Value: "1%" -; Production Value: "1%" -; http://php.net/session.upload-progress.freq -;session.upload_progress.freq = "1%" - -; The minimum delay between updates, in seconds -; Default Value: 1 -; Development Value: 1 -; Production Value: 1 -; http://php.net/session.upload-progress.min-freq -;session.upload_progress.min_freq = "1" - -; Only write session data when session data is changed. Enabled by default. -; http://php.net/session.lazy-write -;session.lazy_write = On - -[Assertion] -; Switch whether to compile assertions at all (to have no overhead at run-time) -; -1: Do not compile at all -; 0: Jump over assertion at run-time -; 1: Execute assertions -; Changing from or to a negative value is only possible in php.ini! (For turning assertions on and off at run-time, see assert.active, when zend.assertions = 1) -; Default Value: 1 -; Development Value: 1 -; Production Value: -1 -; http://php.net/zend.assertions -zend.assertions = -1 - -; Assert(expr); active by default. -; http://php.net/assert.active -;assert.active = On - -; Throw an AssertationException on failed assertions -; http://php.net/assert.exception -;assert.exception = On - -; Issue a PHP warning for each failed assertion. (Overridden by assert.exception if active) -; http://php.net/assert.warning -;assert.warning = On - -; Don't bail out by default. -; http://php.net/assert.bail -;assert.bail = Off - -; User-function to be called if an assertion fails. -; http://php.net/assert.callback -;assert.callback = 0 - -; Eval the expression with current error_reporting(). Set to true if you want -; error_reporting(0) around the eval(). -; http://php.net/assert.quiet-eval -;assert.quiet_eval = 0 - -[COM] -; path to a file containing GUIDs, IIDs or filenames of files with TypeLibs -; http://php.net/com.typelib-file -;com.typelib_file = - -; allow Distributed-COM calls -; http://php.net/com.allow-dcom -;com.allow_dcom = true - -; autoregister constants of a components typlib on com_load() -; http://php.net/com.autoregister-typelib -;com.autoregister_typelib = true - -; register constants casesensitive -; http://php.net/com.autoregister-casesensitive -;com.autoregister_casesensitive = false - -; show warnings on duplicate constant registrations -; http://php.net/com.autoregister-verbose -;com.autoregister_verbose = true - -; The default character set code-page to use when passing strings to and from COM objects. -; Default: system ANSI code page -;com.code_page= - -[mbstring] -; language for internal character representation. -; This affects mb_send_mail() and mbstring.detect_order. -; http://php.net/mbstring.language -;mbstring.language = Japanese - -; Use of this INI entry is deprecated, use global internal_encoding instead. -; internal/script encoding. -; Some encoding cannot work as internal encoding. (e.g. SJIS, BIG5, ISO-2022-*) -; If empty, default_charset or internal_encoding or iconv.internal_encoding is used. -; The precedence is: default_charset < internal_encoding < iconv.internal_encoding -;mbstring.internal_encoding = - -; Use of this INI entry is deprecated, use global input_encoding instead. -; http input encoding. -; mbstring.encoding_traslation = On is needed to use this setting. -; If empty, default_charset or input_encoding or mbstring.input is used. -; The precedence is: default_charset < intput_encoding < mbsting.http_input -; http://php.net/mbstring.http-input -;mbstring.http_input = - -; Use of this INI entry is deprecated, use global output_encoding instead. -; http output encoding. -; mb_output_handler must be registered as output buffer to function. -; If empty, default_charset or output_encoding or mbstring.http_output is used. -; The precedence is: default_charset < output_encoding < mbstring.http_output -; To use an output encoding conversion, mbstring's output handler must be set -; otherwise output encoding conversion cannot be performed. -; http://php.net/mbstring.http-output -;mbstring.http_output = - -; enable automatic encoding translation according to -; mbstring.internal_encoding setting. Input chars are -; converted to internal encoding by setting this to On. -; Note: Do _not_ use automatic encoding translation for -; portable libs/applications. -; http://php.net/mbstring.encoding-translation -;mbstring.encoding_translation = Off - -; automatic encoding detection order. -; "auto" detect order is changed according to mbstring.language -; http://php.net/mbstring.detect-order -;mbstring.detect_order = auto - -; substitute_character used when character cannot be converted -; one from another -; http://php.net/mbstring.substitute-character -;mbstring.substitute_character = none - -; overload(replace) single byte functions by mbstring functions. -; mail(), ereg(), etc are overloaded by mb_send_mail(), mb_ereg(), -; etc. Possible values are 0,1,2,4 or combination of them. -; For example, 7 for overload everything. -; 0: No overload -; 1: Overload mail() function -; 2: Overload str*() functions -; 4: Overload ereg*() functions -; http://php.net/mbstring.func-overload -;mbstring.func_overload = 0 - -; enable strict encoding detection. -; Default: Off -;mbstring.strict_detection = On - -; This directive specifies the regex pattern of content types for which mb_output_handler() -; is activated. -; Default: mbstring.http_output_conv_mimetype=^(text/|application/xhtml\+xml) -;mbstring.http_output_conv_mimetype= - -[gd] -; Tell the jpeg decode to ignore warnings and try to create -; a gd image. The warning will then be displayed as notices -; disabled by default -; http://php.net/gd.jpeg-ignore-warning -;gd.jpeg_ignore_warning = 1 - -[exif] -; Exif UNICODE user comments are handled as UCS-2BE/UCS-2LE and JIS as JIS. -; With mbstring support this will automatically be converted into the encoding -; given by corresponding encode setting. When empty mbstring.internal_encoding -; is used. For the decode settings you can distinguish between motorola and -; intel byte order. A decode setting cannot be empty. -; http://php.net/exif.encode-unicode -;exif.encode_unicode = ISO-8859-15 - -; http://php.net/exif.decode-unicode-motorola -;exif.decode_unicode_motorola = UCS-2BE - -; http://php.net/exif.decode-unicode-intel -;exif.decode_unicode_intel = UCS-2LE - -; http://php.net/exif.encode-jis -;exif.encode_jis = - -; http://php.net/exif.decode-jis-motorola -;exif.decode_jis_motorola = JIS - -; http://php.net/exif.decode-jis-intel -;exif.decode_jis_intel = JIS - -[Tidy] -; The path to a default tidy configuration file to use when using tidy -; http://php.net/tidy.default-config -;tidy.default_config = /usr/local/lib/php/default.tcfg - -; Should tidy clean and repair output automatically? -; WARNING: Do not use this option if you are generating non-html content -; such as dynamic images -; http://php.net/tidy.clean-output -tidy.clean_output = Off - -[soap] -; Enables or disables WSDL caching feature. -; http://php.net/soap.wsdl-cache-enabled -soap.wsdl_cache_enabled=1 - -; Sets the directory name where SOAP extension will put cache files. -; http://php.net/soap.wsdl-cache-dir -soap.wsdl_cache_dir="/tmp" - -; (time to live) Sets the number of second while cached file will be used -; instead of original one. -; http://php.net/soap.wsdl-cache-ttl -soap.wsdl_cache_ttl=86400 - -; Sets the size of the cache limit. (Max. number of WSDL files to cache) -soap.wsdl_cache_limit = 5 - -[sysvshm] -; A default size of the shared memory segment -;sysvshm.init_mem = 10000 - -[ldap] -; Sets the maximum number of open links or -1 for unlimited. -ldap.max_links = -1 - -[dba] -;dba.default_handler= - -[opcache] -; Determines if Zend OPCache is enabled -;opcache.enable=1 - -; Determines if Zend OPCache is enabled for the CLI version of PHP -;opcache.enable_cli=0 - -; The OPcache shared memory storage size. -;opcache.memory_consumption=128 - -; The amount of memory for interned strings in Mbytes. -;opcache.interned_strings_buffer=8 - -; The maximum number of keys (scripts) in the OPcache hash table. -; Only numbers between 200 and 1000000 are allowed. -;opcache.max_accelerated_files=10000 - -; The maximum percentage of "wasted" memory until a restart is scheduled. -;opcache.max_wasted_percentage=5 - -; When this directive is enabled, the OPcache appends the current working -; directory to the script key, thus eliminating possible collisions between -; files with the same name (basename). Disabling the directive improves -; performance, but may break existing applications. -;opcache.use_cwd=1 - -; When disabled, you must reset the OPcache manually or restart the -; webserver for changes to the filesystem to take effect. -;opcache.validate_timestamps=1 - -; How often (in seconds) to check file timestamps for changes to the shared -; memory storage allocation. ("1" means validate once per second, but only -; once per request. "0" means always validate) -;opcache.revalidate_freq=2 - -; Enables or disables file search in include_path optimization -;opcache.revalidate_path=0 - -; If disabled, all PHPDoc comments are dropped from the code to reduce the -; size of the optimized code. -;opcache.save_comments=1 - -; Allow file existence override (file_exists, etc.) performance feature. -;opcache.enable_file_override=0 - -; A bitmask, where each bit enables or disables the appropriate OPcache -; passes -;opcache.optimization_level=0xffffffff - -;opcache.inherited_hack=1 -;opcache.dups_fix=0 - -; The location of the OPcache blacklist file (wildcards allowed). -; Each OPcache blacklist file is a text file that holds the names of files -; that should not be accelerated. The file format is to add each filename -; to a new line. The filename may be a full path or just a file prefix -; (i.e., /var/www/x blacklists all the files and directories in /var/www -; that start with 'x'). Line starting with a ; are ignored (comments). -;opcache.blacklist_filename= - -; Allows exclusion of large files from being cached. By default all files -; are cached. -;opcache.max_file_size=0 - -; Check the cache checksum each N requests. -; The default value of "0" means that the checks are disabled. -;opcache.consistency_checks=0 - -; How long to wait (in seconds) for a scheduled restart to begin if the cache -; is not being accessed. -;opcache.force_restart_timeout=180 - -; OPcache error_log file name. Empty string assumes "stderr". -;opcache.error_log= - -; All OPcache errors go to the Web server log. -; By default, only fatal errors (level 0) or errors (level 1) are logged. -; You can also enable warnings (level 2), info messages (level 3) or -; debug messages (level 4). -;opcache.log_verbosity_level=1 - -; Preferred Shared Memory back-end. Leave empty and let the system decide. -;opcache.preferred_memory_model= - -; Protect the shared memory from unexpected writing during script execution. -; Useful for internal debugging only. -;opcache.protect_memory=0 - -; Allows calling OPcache API functions only from PHP scripts which path is -; started from specified string. The default "" means no restriction -;opcache.restrict_api= - -; Mapping base of shared memory segments (for Windows only). All the PHP -; processes have to map shared memory into the same address space. This -; directive allows to manually fix the "Unable to reattach to base address" -; errors. -;opcache.mmap_base= - -; Enables and sets the second level cache directory. -; It should improve performance when SHM memory is full, at server restart or -; SHM reset. The default "" disables file based caching. -;opcache.file_cache= - -; Enables or disables opcode caching in shared memory. -;opcache.file_cache_only=0 - -; Enables or disables checksum validation when script loaded from file cache. -;opcache.file_cache_consistency_checks=1 - -; Implies opcache.file_cache_only=1 for a certain process that failed to -; reattach to the shared memory (for Windows only). Explicitly enabled file -; cache is required. -;opcache.file_cache_fallback=1 - -; Enables or disables copying of PHP code (text segment) into HUGE PAGES. -; This should improve performance, but requires appropriate OS configuration. -;opcache.huge_code_pages=1 - -; Validate cached file permissions. -;opcache.validate_permission=0 - -; Prevent name collisions in chroot'ed environment. -;opcache.validate_root=0 - -; If specified, it produces opcode dumps for debugging different stages of -; optimizations. -;opcache.opt_debug_level=0 - -[curl] -; A default value for the CURLOPT_CAINFO option. This is required to be an -; absolute path. -;curl.cainfo = - -[openssl] -; The location of a Certificate Authority (CA) file on the local filesystem -; to use when verifying the identity of SSL/TLS peers. Most users should -; not specify a value for this directive as PHP will attempt to use the -; OS-managed cert stores in its absence. If specified, this value may still -; be overridden on a per-stream basis via the "cafile" SSL stream context -; option. -;openssl.cafile= - -; If openssl.cafile is not specified or if the CA file is not found, the -; directory pointed to by openssl.capath is searched for a suitable -; certificate. This value must be a correctly hashed certificate directory. -; Most users should not specify a value for this directive as PHP will -; attempt to use the OS-managed cert stores in its absence. If specified, -; this value may still be overridden on a per-stream basis via the "capath" -; SSL stream context option. -;openssl.capath= - -; Local Variables: -; tab-width: 4 -; End: diff --git a/roles/apache-php/files/php-cgi.ini b/roles/apache-php/files/php-cgi.ini deleted file mode 100644 index 164753b..0000000 --- a/roles/apache-php/files/php-cgi.ini +++ /dev/null @@ -1,1933 +0,0 @@ -[PHP] - -;;;;;;;;;;;;;;;;;;; -; About php.ini ; -;;;;;;;;;;;;;;;;;;; -; PHP's initialization file, generally called php.ini, is responsible for -; configuring many of the aspects of PHP's behavior. - -; PHP attempts to find and load this configuration from a number of locations. -; The following is a summary of its search order: -; 1. SAPI module specific location. -; 2. The PHPRC environment variable. (As of PHP 5.2.0) -; 3. A number of predefined registry keys on Windows (As of PHP 5.2.0) -; 4. Current working directory (except CLI) -; 5. The web server's directory (for SAPI modules), or directory of PHP -; (otherwise in Windows) -; 6. The directory from the --with-config-file-path compile time option, or the -; Windows directory (C:\windows or C:\winnt) -; See the PHP docs for more specific information. -; http://php.net/configuration.file - -; The syntax of the file is extremely simple. Whitespace and lines -; beginning with a semicolon are silently ignored (as you probably guessed). -; Section headers (e.g. [Foo]) are also silently ignored, even though -; they might mean something in the future. - -; Directives following the section heading [PATH=/www/mysite] only -; apply to PHP files in the /www/mysite directory. Directives -; following the section heading [HOST=www.example.com] only apply to -; PHP files served from www.example.com. Directives set in these -; special sections cannot be overridden by user-defined INI files or -; at runtime. Currently, [PATH=] and [HOST=] sections only work under -; CGI/FastCGI. -; http://php.net/ini.sections - -; Directives are specified using the following syntax: -; directive = value -; Directive names are *case sensitive* - foo=bar is different from FOO=bar. -; Directives are variables used to configure PHP or PHP extensions. -; There is no name validation. If PHP can't find an expected -; directive because it is not set or is mistyped, a default value will be used. - -; The value can be a string, a number, a PHP constant (e.g. E_ALL or M_PI), one -; of the INI constants (On, Off, True, False, Yes, No and None) or an expression -; (e.g. E_ALL & ~E_NOTICE), a quoted string ("bar"), or a reference to a -; previously set variable or directive (e.g. ${foo}) - -; Expressions in the INI file are limited to bitwise operators and parentheses: -; | bitwise OR -; ^ bitwise XOR -; & bitwise AND -; ~ bitwise NOT -; ! boolean NOT - -; Boolean flags can be turned on using the values 1, On, True or Yes. -; They can be turned off using the values 0, Off, False or No. - -; An empty string can be denoted by simply not writing anything after the equal -; sign, or by using the None keyword: - -; foo = ; sets foo to an empty string -; foo = None ; sets foo to an empty string -; foo = "None" ; sets foo to the string 'None' - -; If you use constants in your value, and these constants belong to a -; dynamically loaded extension (either a PHP extension or a Zend extension), -; you may only use these constants *after* the line that loads the extension. - -;;;;;;;;;;;;;;;;;;; -; About this file ; -;;;;;;;;;;;;;;;;;;; -; PHP comes packaged with two INI files. One that is recommended to be used -; in production environments and one that is recommended to be used in -; development environments. - -; php.ini-production contains settings which hold security, performance and -; best practices at its core. But please be aware, these settings may break -; compatibility with older or less security conscience applications. We -; recommending using the production ini in production and testing environments. - -; php.ini-development is very similar to its production variant, except it is -; much more verbose when it comes to errors. We recommend using the -; development version only in development environments, as errors shown to -; application users can inadvertently leak otherwise secure information. - -; This is php.ini-production INI file. - -;;;;;;;;;;;;;;;;;;; -; Quick Reference ; -;;;;;;;;;;;;;;;;;;; -; The following are all the settings which are different in either the production -; or development versions of the INIs with respect to PHP's default behavior. -; Please see the actual settings later in the document for more details as to why -; we recommend these changes in PHP's behavior. - -; display_errors -; Default Value: On -; Development Value: On -; Production Value: Off - -; display_startup_errors -; Default Value: Off -; Development Value: On -; Production Value: Off - -; error_reporting -; Default Value: E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED -; Development Value: E_ALL -; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT - -; html_errors -; Default Value: On -; Development Value: On -; Production value: On - -; log_errors -; Default Value: Off -; Development Value: On -; Production Value: On - -; max_input_time -; Default Value: -1 (Unlimited) -; Development Value: 60 (60 seconds) -; Production Value: 60 (60 seconds) - -; output_buffering -; Default Value: Off -; Development Value: 4096 -; Production Value: 4096 - -; register_argc_argv -; Default Value: On -; Development Value: Off -; Production Value: Off - -; request_order -; Default Value: None -; Development Value: "GP" -; Production Value: "GP" - -; session.gc_divisor -; Default Value: 100 -; Development Value: 1000 -; Production Value: 1000 - -; session.sid_bits_per_character -; Default Value: 4 -; Development Value: 5 -; Production Value: 5 - -; short_open_tag -; Default Value: On -; Development Value: Off -; Production Value: Off - -; variables_order -; Default Value: "EGPCS" -; Development Value: "GPCS" -; Production Value: "GPCS" - -;;;;;;;;;;;;;;;;;;;; -; php.ini Options ; -;;;;;;;;;;;;;;;;;;;; -; Name for user-defined php.ini (.htaccess) files. Default is ".user.ini" -;user_ini.filename = ".user.ini" - -; To disable this feature set this option to empty value -;user_ini.filename = - -; TTL for user-defined php.ini files (time-to-live) in seconds. Default is 300 seconds (5 minutes) -;user_ini.cache_ttl = 300 - -;;;;;;;;;;;;;;;;;;;; -; Language Options ; -;;;;;;;;;;;;;;;;;;;; - -; Enable the PHP scripting language engine under Apache. -; http://php.net/engine -engine = On - -; This directive determines whether or not PHP will recognize code between -; tags as PHP source which should be processed as such. It is -; generally recommended that should be used and that this feature -; should be disabled, as enabling it may result in issues when generating XML -; documents, however this remains supported for backward compatibility reasons. -; Note that this directive does not control the would work. -; http://php.net/syntax-highlighting -;highlight.string = #DD0000 -;highlight.comment = #FF9900 -;highlight.keyword = #007700 -;highlight.default = #0000BB -;highlight.html = #000000 - -; If enabled, the request will be allowed to complete even if the user aborts -; the request. Consider enabling it if executing long requests, which may end up -; being interrupted by the user or a browser timing out. PHP's default behavior -; is to disable this feature. -; http://php.net/ignore-user-abort -;ignore_user_abort = On - -; Determines the size of the realpath cache to be used by PHP. This value should -; be increased on systems where PHP opens many files to reflect the quantity of -; the file operations performed. -; Note: if open_basedir is set, the cache is disabled -; http://php.net/realpath-cache-size -;realpath_cache_size = 4096k - -; Duration of time, in seconds for which to cache realpath information for a given -; file or directory. For systems with rarely changing files, consider increasing this -; value. -; http://php.net/realpath-cache-ttl -;realpath_cache_ttl = 120 - -; Enables or disables the circular reference collector. -; http://php.net/zend.enable-gc -zend.enable_gc = On - -; If enabled, scripts may be written in encodings that are incompatible with -; the scanner. CP936, Big5, CP949 and Shift_JIS are the examples of such -; encodings. To use this feature, mbstring extension must be enabled. -; Default: Off -;zend.multibyte = Off - -; Allows to set the default encoding for the scripts. This value will be used -; unless "declare(encoding=...)" directive appears at the top of the script. -; Only affects if zend.multibyte is set. -; Default: "" -;zend.script_encoding = - -;;;;;;;;;;;;;;;;; -; Miscellaneous ; -;;;;;;;;;;;;;;;;; - -; Decides whether PHP may expose the fact that it is installed on the server -; (e.g. by adding its signature to the Web server header). It is no security -; threat in any way, but it makes it possible to determine whether you use PHP -; on your server or not. -; http://php.net/expose-php -expose_php = Off - -;;;;;;;;;;;;;;;;;;; -; Resource Limits ; -;;;;;;;;;;;;;;;;;;; - -; Maximum execution time of each script, in seconds -; http://php.net/max-execution-time -; Note: This directive is hardcoded to 0 for the CLI SAPI -max_execution_time = 30 - -; Maximum amount of time each script may spend parsing request data. It's a good -; idea to limit this time on productions servers in order to eliminate unexpectedly -; long running scripts. -; Note: This directive is hardcoded to -1 for the CLI SAPI -; Default Value: -1 (Unlimited) -; Development Value: 60 (60 seconds) -; Production Value: 60 (60 seconds) -; http://php.net/max-input-time -max_input_time = 60 - -; Maximum input variable nesting level -; http://php.net/max-input-nesting-level -;max_input_nesting_level = 64 - -; How many GET/POST/COOKIE input variables may be accepted -; max_input_vars = 1000 - -; Maximum amount of memory a script may consume (128MB) -; http://php.net/memory-limit -memory_limit = 512M - -;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; -; Error handling and logging ; -;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; - -; This directive informs PHP of which errors, warnings and notices you would like -; it to take action for. The recommended way of setting values for this -; directive is through the use of the error level constants and bitwise -; operators. The error level constants are below here for convenience as well as -; some common settings and their meanings. -; By default, PHP is set to take action on all errors, notices and warnings EXCEPT -; those related to E_NOTICE and E_STRICT, which together cover best practices and -; recommended coding standards in PHP. For performance reasons, this is the -; recommend error reporting setting. Your production server shouldn't be wasting -; resources complaining about best practices and coding standards. That's what -; development servers and development settings are for. -; Note: The php.ini-development file has this setting as E_ALL. This -; means it pretty much reports everything which is exactly what you want during -; development and early testing. -; -; Error Level Constants: -; E_ALL - All errors and warnings (includes E_STRICT as of PHP 5.4.0) -; E_ERROR - fatal run-time errors -; E_RECOVERABLE_ERROR - almost fatal run-time errors -; E_WARNING - run-time warnings (non-fatal errors) -; E_PARSE - compile-time parse errors -; E_NOTICE - run-time notices (these are warnings which often result -; from a bug in your code, but it's possible that it was -; intentional (e.g., using an uninitialized variable and -; relying on the fact it is automatically initialized to an -; empty string) -; E_STRICT - run-time notices, enable to have PHP suggest changes -; to your code which will ensure the best interoperability -; and forward compatibility of your code -; E_CORE_ERROR - fatal errors that occur during PHP's initial startup -; E_CORE_WARNING - warnings (non-fatal errors) that occur during PHP's -; initial startup -; E_COMPILE_ERROR - fatal compile-time errors -; E_COMPILE_WARNING - compile-time warnings (non-fatal errors) -; E_USER_ERROR - user-generated error message -; E_USER_WARNING - user-generated warning message -; E_USER_NOTICE - user-generated notice message -; E_DEPRECATED - warn about code that will not work in future versions -; of PHP -; E_USER_DEPRECATED - user-generated deprecation warnings -; -; Common Values: -; E_ALL (Show all errors, warnings and notices including coding standards.) -; E_ALL & ~E_NOTICE (Show all errors, except for notices) -; E_ALL & ~E_NOTICE & ~E_STRICT (Show all errors, except for notices and coding standards warnings.) -; E_COMPILE_ERROR|E_RECOVERABLE_ERROR|E_ERROR|E_CORE_ERROR (Show only errors) -; Default Value: E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED -; Development Value: E_ALL -; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT -; http://php.net/error-reporting -error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT - -; This directive controls whether or not and where PHP will output errors, -; notices and warnings too. Error output is very useful during development, but -; it could be very dangerous in production environments. Depending on the code -; which is triggering the error, sensitive information could potentially leak -; out of your application such as database usernames and passwords or worse. -; For production environments, we recommend logging errors rather than -; sending them to STDOUT. -; Possible Values: -; Off = Do not display any errors -; stderr = Display errors to STDERR (affects only CGI/CLI binaries!) -; On or stdout = Display errors to STDOUT -; Default Value: On -; Development Value: On -; Production Value: Off -; http://php.net/display-errors -display_errors = Off - -; The display of errors which occur during PHP's startup sequence are handled -; separately from display_errors. PHP's default behavior is to suppress those -; errors from clients. Turning the display of startup errors on can be useful in -; debugging configuration problems. We strongly recommend you -; set this to 'off' for production servers. -; Default Value: Off -; Development Value: On -; Production Value: Off -; http://php.net/display-startup-errors -display_startup_errors = Off - -; Besides displaying errors, PHP can also log errors to locations such as a -; server-specific log, STDERR, or a location specified by the error_log -; directive found below. While errors should not be displayed on productions -; servers they should still be monitored and logging is a great way to do that. -; Default Value: Off -; Development Value: On -; Production Value: On -; http://php.net/log-errors -log_errors = On - -; Set maximum length of log_errors. In error_log information about the source is -; added. The default is 1024 and 0 allows to not apply any maximum length at all. -; http://php.net/log-errors-max-len -log_errors_max_len = 1024 - -; Do not log repeated messages. Repeated errors must occur in same file on same -; line unless ignore_repeated_source is set true. -; http://php.net/ignore-repeated-errors -ignore_repeated_errors = Off - -; Ignore source of message when ignoring repeated messages. When this setting -; is On you will not log errors with repeated messages from different files or -; source lines. -; http://php.net/ignore-repeated-source -ignore_repeated_source = Off - -; If this parameter is set to Off, then memory leaks will not be shown (on -; stdout or in the log). This has only effect in a debug compile, and if -; error reporting includes E_WARNING in the allowed list -; http://php.net/report-memleaks -report_memleaks = On - -; This setting is on by default. -;report_zend_debug = 0 - -; Store the last error/warning message in $php_errormsg (boolean). Setting this value -; to On can assist in debugging and is appropriate for development servers. It should -; however be disabled on production servers. -; This directive is DEPRECATED. -; Default Value: Off -; Development Value: Off -; Production Value: Off -; http://php.net/track-errors -;track_errors = Off - -; Turn off normal error reporting and emit XML-RPC error XML -; http://php.net/xmlrpc-errors -;xmlrpc_errors = 0 - -; An XML-RPC faultCode -;xmlrpc_error_number = 0 - -; When PHP displays or logs an error, it has the capability of formatting the -; error message as HTML for easier reading. This directive controls whether -; the error message is formatted as HTML or not. -; Note: This directive is hardcoded to Off for the CLI SAPI -; Default Value: On -; Development Value: On -; Production value: On -; http://php.net/html-errors -html_errors = On - -; If html_errors is set to On *and* docref_root is not empty, then PHP -; produces clickable error messages that direct to a page describing the error -; or function causing the error in detail. -; You can download a copy of the PHP manual from http://php.net/docs -; and change docref_root to the base URL of your local copy including the -; leading '/'. You must also specify the file extension being used including -; the dot. PHP's default behavior is to leave these settings empty, in which -; case no links to documentation are generated. -; Note: Never use this feature for production boxes. -; http://php.net/docref-root -; Examples -;docref_root = "/phpmanual/" - -; http://php.net/docref-ext -;docref_ext = .html - -; String to output before an error message. PHP's default behavior is to leave -; this setting blank. -; http://php.net/error-prepend-string -; Example: -;error_prepend_string = "" - -; String to output after an error message. PHP's default behavior is to leave -; this setting blank. -; http://php.net/error-append-string -; Example: -;error_append_string = "" - -; Log errors to specified file. PHP's default behavior is to leave this value -; empty. -; http://php.net/error-log -; Example: -;error_log = php_errors.log -; Log errors to syslog (Event Log on Windows). -;error_log = syslog - -;windows.show_crt_warning -; Default value: 0 -; Development value: 0 -; Production value: 0 - -;;;;;;;;;;;;;;;;; -; Data Handling ; -;;;;;;;;;;;;;;;;; - -; The separator used in PHP generated URLs to separate arguments. -; PHP's default setting is "&". -; http://php.net/arg-separator.output -; Example: -;arg_separator.output = "&" - -; List of separator(s) used by PHP to parse input URLs into variables. -; PHP's default setting is "&". -; NOTE: Every character in this directive is considered as separator! -; http://php.net/arg-separator.input -; Example: -;arg_separator.input = ";&" - -; This directive determines which super global arrays are registered when PHP -; starts up. G,P,C,E & S are abbreviations for the following respective super -; globals: GET, POST, COOKIE, ENV and SERVER. There is a performance penalty -; paid for the registration of these arrays and because ENV is not as commonly -; used as the others, ENV is not recommended on productions servers. You -; can still get access to the environment variables through getenv() should you -; need to. -; Default Value: "EGPCS" -; Development Value: "GPCS" -; Production Value: "GPCS"; -; http://php.net/variables-order -variables_order = "GPCS" - -; This directive determines which super global data (G,P & C) should be -; registered into the super global array REQUEST. If so, it also determines -; the order in which that data is registered. The values for this directive -; are specified in the same manner as the variables_order directive, -; EXCEPT one. Leaving this value empty will cause PHP to use the value set -; in the variables_order directive. It does not mean it will leave the super -; globals array REQUEST empty. -; Default Value: None -; Development Value: "GP" -; Production Value: "GP" -; http://php.net/request-order -request_order = "GP" - -; This directive determines whether PHP registers $argv & $argc each time it -; runs. $argv contains an array of all the arguments passed to PHP when a script -; is invoked. $argc contains an integer representing the number of arguments -; that were passed when the script was invoked. These arrays are extremely -; useful when running scripts from the command line. When this directive is -; enabled, registering these variables consumes CPU cycles and memory each time -; a script is executed. For performance reasons, this feature should be disabled -; on production servers. -; Note: This directive is hardcoded to On for the CLI SAPI -; Default Value: On -; Development Value: Off -; Production Value: Off -; http://php.net/register-argc-argv -register_argc_argv = Off - -; When enabled, the ENV, REQUEST and SERVER variables are created when they're -; first used (Just In Time) instead of when the script starts. If these -; variables are not used within a script, having this directive on will result -; in a performance gain. The PHP directive register_argc_argv must be disabled -; for this directive to have any affect. -; http://php.net/auto-globals-jit -auto_globals_jit = On - -; Whether PHP will read the POST data. -; This option is enabled by default. -; Most likely, you won't want to disable this option globally. It causes $_POST -; and $_FILES to always be empty; the only way you will be able to read the -; POST data will be through the php://input stream wrapper. This can be useful -; to proxy requests or to process the POST data in a memory efficient fashion. -; http://php.net/enable-post-data-reading -;enable_post_data_reading = Off - -; Maximum size of POST data that PHP will accept. -; Its value may be 0 to disable the limit. It is ignored if POST data reading -; is disabled through enable_post_data_reading. -; http://php.net/post-max-size -post_max_size = 8M - -; Automatically add files before PHP document. -; http://php.net/auto-prepend-file -auto_prepend_file = - -; Automatically add files after PHP document. -; http://php.net/auto-append-file -auto_append_file = - -; By default, PHP will output a media type using the Content-Type header. To -; disable this, simply set it to be empty. -; -; PHP's built-in default media type is set to text/html. -; http://php.net/default-mimetype -default_mimetype = "text/html" - -; PHP's default character set is set to UTF-8. -; http://php.net/default-charset -default_charset = "UTF-8" - -; PHP internal character encoding is set to empty. -; If empty, default_charset is used. -; http://php.net/internal-encoding -;internal_encoding = - -; PHP input character encoding is set to empty. -; If empty, default_charset is used. -; http://php.net/input-encoding -;input_encoding = - -; PHP output character encoding is set to empty. -; If empty, default_charset is used. -; See also output_buffer. -; http://php.net/output-encoding -;output_encoding = - -;;;;;;;;;;;;;;;;;;;;;;;;; -; Paths and Directories ; -;;;;;;;;;;;;;;;;;;;;;;;;; - -; UNIX: "/path1:/path2" -;include_path = ".:/usr/share/php" -; -; Windows: "\path1;\path2" -;include_path = ".;c:\php\includes" -; -; PHP's default setting for include_path is ".;/path/to/php/pear" -; http://php.net/include-path - -; The root of the PHP pages, used only if nonempty. -; if PHP was not compiled with FORCE_REDIRECT, you SHOULD set doc_root -; if you are running php as a CGI under any web server (other than IIS) -; see documentation for security issues. The alternate is to use the -; cgi.force_redirect configuration below -; http://php.net/doc-root -doc_root = - -; The directory under which PHP opens the script using /~username used only -; if nonempty. -; http://php.net/user-dir -user_dir = - -; Directory in which the loadable extensions (modules) reside. -; http://php.net/extension-dir -; extension_dir = "./" -; On windows: -; extension_dir = "ext" - -; Directory where the temporary files should be placed. -; Defaults to the system default (see sys_get_temp_dir) -; sys_temp_dir = "/tmp" - -; Whether or not to enable the dl() function. The dl() function does NOT work -; properly in multithreaded servers, such as IIS or Zeus, and is automatically -; disabled on them. -; http://php.net/enable-dl -enable_dl = Off - -; cgi.force_redirect is necessary to provide security running PHP as a CGI under -; most web servers. Left undefined, PHP turns this on by default. You can -; turn it off here AT YOUR OWN RISK -; **You CAN safely turn this off for IIS, in fact, you MUST.** -; http://php.net/cgi.force-redirect -;cgi.force_redirect = 1 - -; if cgi.nph is enabled it will force cgi to always sent Status: 200 with -; every request. PHP's default behavior is to disable this feature. -;cgi.nph = 1 - -; if cgi.force_redirect is turned on, and you are not running under Apache or Netscape -; (iPlanet) web servers, you MAY need to set an environment variable name that PHP -; will look for to know it is OK to continue execution. Setting this variable MAY -; cause security issues, KNOW WHAT YOU ARE DOING FIRST. -; http://php.net/cgi.redirect-status-env -;cgi.redirect_status_env = - -; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI. PHP's -; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok -; what PATH_INFO is. For more information on PATH_INFO, see the cgi specs. Setting -; this to 1 will cause PHP CGI to fix its paths to conform to the spec. A setting -; of zero causes PHP to behave as before. Default is 1. You should fix your scripts -; to use SCRIPT_FILENAME rather than PATH_TRANSLATED. -; http://php.net/cgi.fix-pathinfo -;cgi.fix_pathinfo=1 - -; if cgi.discard_path is enabled, the PHP CGI binary can safely be placed outside -; of the web tree and people will not be able to circumvent .htaccess security. -; http://php.net/cgi.dicard-path -;cgi.discard_path=1 - -; FastCGI under IIS (on WINNT based OS) supports the ability to impersonate -; security tokens of the calling client. This allows IIS to define the -; security context that the request runs under. mod_fastcgi under Apache -; does not currently support this feature (03/17/2002) -; Set to 1 if running under IIS. Default is zero. -; http://php.net/fastcgi.impersonate -;fastcgi.impersonate = 1 - -; Disable logging through FastCGI connection. PHP's default behavior is to enable -; this feature. -;fastcgi.logging = 0 - -; cgi.rfc2616_headers configuration option tells PHP what type of headers to -; use when sending HTTP response code. If set to 0, PHP sends Status: header that -; is supported by Apache. When this option is set to 1, PHP will send -; RFC2616 compliant header. -; Default is zero. -; http://php.net/cgi.rfc2616-headers -;cgi.rfc2616_headers = 0 - -; cgi.check_shebang_line controls whether CGI PHP checks for line starting with #! -; (shebang) at the top of the running script. This line might be needed if the -; script support running both as stand-alone script and via PHP CGI<. PHP in CGI -; mode skips this line and ignores its content if this directive is turned on. -; http://php.net/cgi.check-shebang-line -;cgi.check_shebang_line=1 - -;;;;;;;;;;;;;;;; -; File Uploads ; -;;;;;;;;;;;;;;;; - -; Whether to allow HTTP file uploads. -; http://php.net/file-uploads -file_uploads = On - -; Temporary directory for HTTP uploaded files (will use system default if not -; specified). -; http://php.net/upload-tmp-dir -;upload_tmp_dir = - -; Maximum allowed size for uploaded files. -; http://php.net/upload-max-filesize -upload_max_filesize = 1G - -; Maximum number of files that can be uploaded via a single request -max_file_uploads = 20 - -;;;;;;;;;;;;;;;;;; -; Fopen wrappers ; -;;;;;;;;;;;;;;;;;; - -; Whether to allow the treatment of URLs (like http:// or ftp://) as files. -; http://php.net/allow-url-fopen -allow_url_fopen = On - -; Whether to allow include/require to open URLs (like http:// or ftp://) as files. -; http://php.net/allow-url-include -allow_url_include = Off - -; Define the anonymous ftp password (your email address). PHP's default setting -; for this is empty. -; http://php.net/from -;from="john@doe.com" - -; Define the User-Agent string. PHP's default setting for this is empty. -; http://php.net/user-agent -;user_agent="PHP" - -; Default timeout for socket based streams (seconds) -; http://php.net/default-socket-timeout -default_socket_timeout = 60 - -; If your scripts have to deal with files from Macintosh systems, -; or you are running on a Mac and need to deal with files from -; unix or win32 systems, setting this flag will cause PHP to -; automatically detect the EOL character in those files so that -; fgets() and file() will work regardless of the source of the file. -; http://php.net/auto-detect-line-endings -;auto_detect_line_endings = Off - -;;;;;;;;;;;;;;;;;;;;;; -; Dynamic Extensions ; -;;;;;;;;;;;;;;;;;;;;;; - -; If you wish to have an extension loaded automatically, use the following -; syntax: -; -; extension=modulename -; -; For example: -; -; extension=mysqli -; -; When the extension library to load is not located in the default extension -; directory, You may specify an absolute path to the library file: -; -; extension=/path/to/extension/mysqli.so -; -; Note : The syntax used in previous PHP versions ('extension=.so' and -; 'extension='php_.dll') is supported for legacy reasons and may be -; deprecated in a future PHP major version. So, when it is possible, please -; move to the new ('extension=) syntax. -; -; Notes for Windows environments : -; -; - Many DLL files are located in the extensions/ (PHP 4) or ext/ (PHP 5+) -; extension folders as well as the separate PECL DLL download (PHP 5+). -; Be sure to appropriately set the extension_dir directive. -; -;extension=bz2 -;extension=curl -;extension=fileinfo -;extension=gd2 -;extension=gettext -;extension=gmp -;extension=intl -;extension=imap -;extension=interbase -;extension=ldap -;extension=mbstring -;extension=exif ; Must be after mbstring as it depends on it -;extension=mysqli -;extension=oci8_12c ; Use with Oracle Database 12c Instant Client -;extension=odbc -;extension=openssl -;extension=pdo_firebird -;extension=pdo_mysql -;extension=pdo_oci -;extension=pdo_odbc -;extension=pdo_pgsql -;extension=pdo_sqlite -;extension=pgsql -;extension=shmop - -; The MIBS data available in the PHP distribution must be installed. -; See http://www.php.net/manual/en/snmp.installation.php -;extension=snmp - -;extension=soap -;extension=sockets -;extension=sqlite3 -;extension=tidy -;extension=xmlrpc -;extension=xsl - -;;;;;;;;;;;;;;;;;;; -; Module Settings ; -;;;;;;;;;;;;;;;;;;; - -[CLI Server] -; Whether the CLI web server uses ANSI color coding in its terminal output. -cli_server.color = On - -[Date] -; Defines the default timezone used by the date functions -; http://php.net/date.timezone -;date.timezone = - -; http://php.net/date.default-latitude -;date.default_latitude = 31.7667 - -; http://php.net/date.default-longitude -;date.default_longitude = 35.2333 - -; http://php.net/date.sunrise-zenith -;date.sunrise_zenith = 90.583333 - -; http://php.net/date.sunset-zenith -;date.sunset_zenith = 90.583333 - -[filter] -; http://php.net/filter.default -;filter.default = unsafe_raw - -; http://php.net/filter.default-flags -;filter.default_flags = - -[iconv] -; Use of this INI entry is deprecated, use global input_encoding instead. -; If empty, default_charset or input_encoding or iconv.input_encoding is used. -; The precedence is: default_charset < intput_encoding < iconv.input_encoding -;iconv.input_encoding = - -; Use of this INI entry is deprecated, use global internal_encoding instead. -; If empty, default_charset or internal_encoding or iconv.internal_encoding is used. -; The precedence is: default_charset < internal_encoding < iconv.internal_encoding -;iconv.internal_encoding = - -; Use of this INI entry is deprecated, use global output_encoding instead. -; If empty, default_charset or output_encoding or iconv.output_encoding is used. -; The precedence is: default_charset < output_encoding < iconv.output_encoding -; To use an output encoding conversion, iconv's output handler must be set -; otherwise output encoding conversion cannot be performed. -;iconv.output_encoding = - -[imap] -; rsh/ssh logins are disabled by default. Use this INI entry if you want to -; enable them. Note that the IMAP library does not filter mailbox names before -; passing them to rsh/ssh command, thus passing untrusted data to this function -; with rsh/ssh enabled is insecure. -;imap.enable_insecure_rsh=0 - -[intl] -;intl.default_locale = -; This directive allows you to produce PHP errors when some error -; happens within intl functions. The value is the level of the error produced. -; Default is 0, which does not produce any errors. -;intl.error_level = E_WARNING -;intl.use_exceptions = 0 - -[sqlite3] -; Directory pointing to SQLite3 extensions -; http://php.net/sqlite3.extension-dir -;sqlite3.extension_dir = - -; SQLite defensive mode flag (only available from SQLite 3.26+) -; When the defensive flag is enabled, language features that allow ordinary -; SQL to deliberately corrupt the database file are disabled. This forbids -; writing directly to the schema, shadow tables (eg. FTS data tables), or -; the sqlite_dbpage virtual table. -; https://www.sqlite.org/c3ref/c_dbconfig_defensive.html -; (for older SQLite versions, this flag has no use) -;sqlite3.defensive = 1 - -[Pcre] -;PCRE library backtracking limit. -; http://php.net/pcre.backtrack-limit -;pcre.backtrack_limit=100000 - -;PCRE library recursion limit. -;Please note that if you set this value to a high number you may consume all -;the available process stack and eventually crash PHP (due to reaching the -;stack size limit imposed by the Operating System). -; http://php.net/pcre.recursion-limit -;pcre.recursion_limit=100000 - -;Enables or disables JIT compilation of patterns. This requires the PCRE -;library to be compiled with JIT support. -;pcre.jit=1 - -[Pdo] -; Whether to pool ODBC connections. Can be one of "strict", "relaxed" or "off" -; http://php.net/pdo-odbc.connection-pooling -;pdo_odbc.connection_pooling=strict - -;pdo_odbc.db2_instance_name - -[Pdo_mysql] -; If mysqlnd is used: Number of cache slots for the internal result set cache -; http://php.net/pdo_mysql.cache_size -pdo_mysql.cache_size = 2000 - -; Default socket name for local MySQL connects. If empty, uses the built-in -; MySQL defaults. -; http://php.net/pdo_mysql.default-socket -pdo_mysql.default_socket= - -[Phar] -; http://php.net/phar.readonly -;phar.readonly = On - -; http://php.net/phar.require-hash -;phar.require_hash = On - -;phar.cache_list = - -[mail function] -; For Win32 only. -; http://php.net/smtp -SMTP = localhost -; http://php.net/smtp-port -smtp_port = 25 - -; For Win32 only. -; http://php.net/sendmail-from -;sendmail_from = me@example.com - -; For Unix only. You may supply arguments as well (default: "sendmail -t -i"). -; http://php.net/sendmail-path -;sendmail_path = - -; Force the addition of the specified parameters to be passed as extra parameters -; to the sendmail binary. These parameters will always replace the value of -; the 5th parameter to mail(). -;mail.force_extra_parameters = - -; Add X-PHP-Originating-Script: that will include uid of the script followed by the filename -mail.add_x_header = Off - -; The path to a log file that will log all mail() calls. Log entries include -; the full path of the script, line number, To address and headers. -;mail.log = -; Log mail to syslog (Event Log on Windows). -;mail.log = syslog - -[ODBC] -; http://php.net/odbc.default-db -;odbc.default_db = Not yet implemented - -; http://php.net/odbc.default-user -;odbc.default_user = Not yet implemented - -; http://php.net/odbc.default-pw -;odbc.default_pw = Not yet implemented - -; Controls the ODBC cursor model. -; Default: SQL_CURSOR_STATIC (default). -;odbc.default_cursortype - -; Allow or prevent persistent links. -; http://php.net/odbc.allow-persistent -odbc.allow_persistent = On - -; Check that a connection is still valid before reuse. -; http://php.net/odbc.check-persistent -odbc.check_persistent = On - -; Maximum number of persistent links. -1 means no limit. -; http://php.net/odbc.max-persistent -odbc.max_persistent = -1 - -; Maximum number of links (persistent + non-persistent). -1 means no limit. -; http://php.net/odbc.max-links -odbc.max_links = -1 - -; Handling of LONG fields. Returns number of bytes to variables. 0 means -; passthru. -; http://php.net/odbc.defaultlrl -odbc.defaultlrl = 4096 - -; Handling of binary data. 0 means passthru, 1 return as is, 2 convert to char. -; See the documentation on odbc_binmode and odbc_longreadlen for an explanation -; of odbc.defaultlrl and odbc.defaultbinmode -; http://php.net/odbc.defaultbinmode -odbc.defaultbinmode = 1 - -;birdstep.max_links = -1 - -[Interbase] -; Allow or prevent persistent links. -ibase.allow_persistent = 1 - -; Maximum number of persistent links. -1 means no limit. -ibase.max_persistent = -1 - -; Maximum number of links (persistent + non-persistent). -1 means no limit. -ibase.max_links = -1 - -; Default database name for ibase_connect(). -;ibase.default_db = - -; Default username for ibase_connect(). -;ibase.default_user = - -; Default password for ibase_connect(). -;ibase.default_password = - -; Default charset for ibase_connect(). -;ibase.default_charset = - -; Default timestamp format. -ibase.timestampformat = "%Y-%m-%d %H:%M:%S" - -; Default date format. -ibase.dateformat = "%Y-%m-%d" - -; Default time format. -ibase.timeformat = "%H:%M:%S" - -[MySQLi] - -; Maximum number of persistent links. -1 means no limit. -; http://php.net/mysqli.max-persistent -mysqli.max_persistent = -1 - -; Allow accessing, from PHP's perspective, local files with LOAD DATA statements -; http://php.net/mysqli.allow_local_infile -;mysqli.allow_local_infile = On - -; Allow or prevent persistent links. -; http://php.net/mysqli.allow-persistent -mysqli.allow_persistent = On - -; Maximum number of links. -1 means no limit. -; http://php.net/mysqli.max-links -mysqli.max_links = -1 - -; If mysqlnd is used: Number of cache slots for the internal result set cache -; http://php.net/mysqli.cache_size -mysqli.cache_size = 2000 - -; Default port number for mysqli_connect(). If unset, mysqli_connect() will use -; the $MYSQL_TCP_PORT or the mysql-tcp entry in /etc/services or the -; compile-time value defined MYSQL_PORT (in that order). Win32 will only look -; at MYSQL_PORT. -; http://php.net/mysqli.default-port -mysqli.default_port = 3306 - -; Default socket name for local MySQL connects. If empty, uses the built-in -; MySQL defaults. -; http://php.net/mysqli.default-socket -mysqli.default_socket = - -; Default host for mysql_connect() (doesn't apply in safe mode). -; http://php.net/mysqli.default-host -mysqli.default_host = - -; Default user for mysql_connect() (doesn't apply in safe mode). -; http://php.net/mysqli.default-user -mysqli.default_user = - -; Default password for mysqli_connect() (doesn't apply in safe mode). -; Note that this is generally a *bad* idea to store passwords in this file. -; *Any* user with PHP access can run 'echo get_cfg_var("mysqli.default_pw") -; and reveal this password! And of course, any users with read access to this -; file will be able to reveal the password as well. -; http://php.net/mysqli.default-pw -mysqli.default_pw = - -; Allow or prevent reconnect -mysqli.reconnect = Off - -[mysqlnd] -; Enable / Disable collection of general statistics by mysqlnd which can be -; used to tune and monitor MySQL operations. -; http://php.net/mysqlnd.collect_statistics -mysqlnd.collect_statistics = On - -; Enable / Disable collection of memory usage statistics by mysqlnd which can be -; used to tune and monitor MySQL operations. -; http://php.net/mysqlnd.collect_memory_statistics -mysqlnd.collect_memory_statistics = Off - -; Records communication from all extensions using mysqlnd to the specified log -; file. -; http://php.net/mysqlnd.debug -;mysqlnd.debug = - -; Defines which queries will be logged. -; http://php.net/mysqlnd.log_mask -;mysqlnd.log_mask = 0 - -; Default size of the mysqlnd memory pool, which is used by result sets. -; http://php.net/mysqlnd.mempool_default_size -;mysqlnd.mempool_default_size = 16000 - -; Size of a pre-allocated buffer used when sending commands to MySQL in bytes. -; http://php.net/mysqlnd.net_cmd_buffer_size -;mysqlnd.net_cmd_buffer_size = 2048 - -; Size of a pre-allocated buffer used for reading data sent by the server in -; bytes. -; http://php.net/mysqlnd.net_read_buffer_size -;mysqlnd.net_read_buffer_size = 32768 - -; Timeout for network requests in seconds. -; http://php.net/mysqlnd.net_read_timeout -;mysqlnd.net_read_timeout = 31536000 - -; SHA-256 Authentication Plugin related. File with the MySQL server public RSA -; key. -; http://php.net/mysqlnd.sha256_server_public_key -;mysqlnd.sha256_server_public_key = - -[OCI8] - -; Connection: Enables privileged connections using external -; credentials (OCI_SYSOPER, OCI_SYSDBA) -; http://php.net/oci8.privileged-connect -;oci8.privileged_connect = Off - -; Connection: The maximum number of persistent OCI8 connections per -; process. Using -1 means no limit. -; http://php.net/oci8.max-persistent -;oci8.max_persistent = -1 - -; Connection: The maximum number of seconds a process is allowed to -; maintain an idle persistent connection. Using -1 means idle -; persistent connections will be maintained forever. -; http://php.net/oci8.persistent-timeout -;oci8.persistent_timeout = -1 - -; Connection: The number of seconds that must pass before issuing a -; ping during oci_pconnect() to check the connection validity. When -; set to 0, each oci_pconnect() will cause a ping. Using -1 disables -; pings completely. -; http://php.net/oci8.ping-interval -;oci8.ping_interval = 60 - -; Connection: Set this to a user chosen connection class to be used -; for all pooled server requests with Oracle 11g Database Resident -; Connection Pooling (DRCP). To use DRCP, this value should be set to -; the same string for all web servers running the same application, -; the database pool must be configured, and the connection string must -; specify to use a pooled server. -;oci8.connection_class = - -; High Availability: Using On lets PHP receive Fast Application -; Notification (FAN) events generated when a database node fails. The -; database must also be configured to post FAN events. -;oci8.events = Off - -; Tuning: This option enables statement caching, and specifies how -; many statements to cache. Using 0 disables statement caching. -; http://php.net/oci8.statement-cache-size -;oci8.statement_cache_size = 20 - -; Tuning: Enables statement prefetching and sets the default number of -; rows that will be fetched automatically after statement execution. -; http://php.net/oci8.default-prefetch -;oci8.default_prefetch = 100 - -; Compatibility. Using On means oci_close() will not close -; oci_connect() and oci_new_connect() connections. -; http://php.net/oci8.old-oci-close-semantics -;oci8.old_oci_close_semantics = Off - -[PostgreSQL] -; Allow or prevent persistent links. -; http://php.net/pgsql.allow-persistent -pgsql.allow_persistent = On - -; Detect broken persistent links always with pg_pconnect(). -; Auto reset feature requires a little overheads. -; http://php.net/pgsql.auto-reset-persistent -pgsql.auto_reset_persistent = Off - -; Maximum number of persistent links. -1 means no limit. -; http://php.net/pgsql.max-persistent -pgsql.max_persistent = -1 - -; Maximum number of links (persistent+non persistent). -1 means no limit. -; http://php.net/pgsql.max-links -pgsql.max_links = -1 - -; Ignore PostgreSQL backends Notice message or not. -; Notice message logging require a little overheads. -; http://php.net/pgsql.ignore-notice -pgsql.ignore_notice = 0 - -; Log PostgreSQL backends Notice message or not. -; Unless pgsql.ignore_notice=0, module cannot log notice message. -; http://php.net/pgsql.log-notice -pgsql.log_notice = 0 - -[bcmath] -; Number of decimal digits for all bcmath functions. -; http://php.net/bcmath.scale -bcmath.scale = 0 - -[browscap] -; http://php.net/browscap -;browscap = extra/browscap.ini - -[Session] -; Handler used to store/retrieve data. -; http://php.net/session.save-handler -session.save_handler = files - -; Argument passed to save_handler. In the case of files, this is the path -; where data files are stored. Note: Windows users have to change this -; variable in order to use PHP's session functions. -; -; The path can be defined as: -; -; session.save_path = "N;/path" -; -; where N is an integer. Instead of storing all the session files in -; /path, what this will do is use subdirectories N-levels deep, and -; store the session data in those directories. This is useful if -; your OS has problems with many files in one directory, and is -; a more efficient layout for servers that handle many sessions. -; -; NOTE 1: PHP will not create this directory structure automatically. -; You can use the script in the ext/session dir for that purpose. -; NOTE 2: See the section on garbage collection below if you choose to -; use subdirectories for session storage -; -; The file storage module creates files using mode 600 by default. -; You can change that by using -; -; session.save_path = "N;MODE;/path" -; -; where MODE is the octal representation of the mode. Note that this -; does not overwrite the process's umask. -; http://php.net/session.save-path -;session.save_path = "/var/lib/php/sessions" - -; Whether to use strict session mode. -; Strict session mode does not accept uninitialized session ID and regenerate -; session ID if browser sends uninitialized session ID. Strict mode protects -; applications from session fixation via session adoption vulnerability. It is -; disabled by default for maximum compatibility, but enabling it is encouraged. -; https://wiki.php.net/rfc/strict_sessions -session.use_strict_mode = 0 - -; Whether to use cookies. -; http://php.net/session.use-cookies -session.use_cookies = 1 - -; http://php.net/session.cookie-secure -;session.cookie_secure = - -; This option forces PHP to fetch and use a cookie for storing and maintaining -; the session id. We encourage this operation as it's very helpful in combating -; session hijacking when not specifying and managing your own session id. It is -; not the be-all and end-all of session hijacking defense, but it's a good start. -; http://php.net/session.use-only-cookies -session.use_only_cookies = 1 - -; Name of the session (used as cookie name). -; http://php.net/session.name -session.name = PHPSESSID - -; Initialize session on request startup. -; http://php.net/session.auto-start -session.auto_start = 0 - -; Lifetime in seconds of cookie or, if 0, until browser is restarted. -; http://php.net/session.cookie-lifetime -session.cookie_lifetime = 0 - -; The path for which the cookie is valid. -; http://php.net/session.cookie-path -session.cookie_path = / - -; The domain for which the cookie is valid. -; http://php.net/session.cookie-domain -session.cookie_domain = - -; Whether or not to add the httpOnly flag to the cookie, which makes it inaccessible to browser scripting languages such as JavaScript. -; http://php.net/session.cookie-httponly -session.cookie_httponly = - -; Handler used to serialize data. php is the standard serializer of PHP. -; http://php.net/session.serialize-handler -session.serialize_handler = php - -; Defines the probability that the 'garbage collection' process is started -; on every session initialization. The probability is calculated by using -; gc_probability/gc_divisor. Where session.gc_probability is the numerator -; and gc_divisor is the denominator in the equation. Setting this value to 1 -; when the session.gc_divisor value is 100 will give you approximately a 1% chance -; the gc will run on any give request. -; Default Value: 1 -; Development Value: 1 -; Production Value: 1 -; http://php.net/session.gc-probability -session.gc_probability = 0 - -; Defines the probability that the 'garbage collection' process is started on every -; session initialization. The probability is calculated by using the following equation: -; gc_probability/gc_divisor. Where session.gc_probability is the numerator and -; session.gc_divisor is the denominator in the equation. Setting this value to 1 -; when the session.gc_divisor value is 100 will give you approximately a 1% chance -; the gc will run on any give request. Increasing this value to 1000 will give you -; a 0.1% chance the gc will run on any give request. For high volume production servers, -; this is a more efficient approach. -; Default Value: 100 -; Development Value: 1000 -; Production Value: 1000 -; http://php.net/session.gc-divisor -session.gc_divisor = 1000 - -; After this number of seconds, stored data will be seen as 'garbage' and -; cleaned up by the garbage collection process. -; http://php.net/session.gc-maxlifetime -session.gc_maxlifetime = 1440 - -; NOTE: If you are using the subdirectory option for storing session files -; (see session.save_path above), then garbage collection does *not* -; happen automatically. You will need to do your own garbage -; collection through a shell script, cron entry, or some other method. -; For example, the following script would is the equivalent of -; setting session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes): -; find /path/to/sessions -cmin +24 -type f | xargs rm - -; Check HTTP Referer to invalidate externally stored URLs containing ids. -; HTTP_REFERER has to contain this substring for the session to be -; considered as valid. -; http://php.net/session.referer-check -session.referer_check = - -; Set to {nocache,private,public,} to determine HTTP caching aspects -; or leave this empty to avoid sending anti-caching headers. -; http://php.net/session.cache-limiter -session.cache_limiter = nocache - -; Document expires after n minutes. -; http://php.net/session.cache-expire -session.cache_expire = 180 - -; trans sid support is disabled by default. -; Use of trans sid may risk your users' security. -; Use this option with caution. -; - User may send URL contains active session ID -; to other person via. email/irc/etc. -; - URL that contains active session ID may be stored -; in publicly accessible computer. -; - User may access your site with the same session ID -; always using URL stored in browser's history or bookmarks. -; http://php.net/session.use-trans-sid -session.use_trans_sid = 0 - -; Set session ID character length. This value could be between 22 to 256. -; Shorter length than default is supported only for compatibility reason. -; Users should use 32 or more chars. -; http://php.net/session.sid-length -; Default Value: 32 -; Development Value: 26 -; Production Value: 26 -session.sid_length = 26 - -; The URL rewriter will look for URLs in a defined set of HTML tags. -; is special; if you include them here, the rewriter will -; add a hidden field with the info which is otherwise appended -; to URLs. tag's action attribute URL will not be modified -; unless it is specified. -; Note that all valid entries require a "=", even if no value follows. -; Default Value: "a=href,area=href,frame=src,form=" -; Development Value: "a=href,area=href,frame=src,form=" -; Production Value: "a=href,area=href,frame=src,form=" -; http://php.net/url-rewriter.tags -session.trans_sid_tags = "a=href,area=href,frame=src,form=" - -; URL rewriter does not rewrite absolute URLs by default. -; To enable rewrites for absolute pathes, target hosts must be specified -; at RUNTIME. i.e. use ini_set() -; tags is special. PHP will check action attribute's URL regardless -; of session.trans_sid_tags setting. -; If no host is defined, HTTP_HOST will be used for allowed host. -; Example value: php.net,www.php.net,wiki.php.net -; Use "," for multiple hosts. No spaces are allowed. -; Default Value: "" -; Development Value: "" -; Production Value: "" -;session.trans_sid_hosts="" - -; Define how many bits are stored in each character when converting -; the binary hash data to something readable. -; Possible values: -; 4 (4 bits: 0-9, a-f) -; 5 (5 bits: 0-9, a-v) -; 6 (6 bits: 0-9, a-z, A-Z, "-", ",") -; Default Value: 4 -; Development Value: 5 -; Production Value: 5 -; http://php.net/session.hash-bits-per-character -session.sid_bits_per_character = 5 - -; Enable upload progress tracking in $_SESSION -; Default Value: On -; Development Value: On -; Production Value: On -; http://php.net/session.upload-progress.enabled -;session.upload_progress.enabled = On - -; Cleanup the progress information as soon as all POST data has been read -; (i.e. upload completed). -; Default Value: On -; Development Value: On -; Production Value: On -; http://php.net/session.upload-progress.cleanup -;session.upload_progress.cleanup = On - -; A prefix used for the upload progress key in $_SESSION -; Default Value: "upload_progress_" -; Development Value: "upload_progress_" -; Production Value: "upload_progress_" -; http://php.net/session.upload-progress.prefix -;session.upload_progress.prefix = "upload_progress_" - -; The index name (concatenated with the prefix) in $_SESSION -; containing the upload progress information -; Default Value: "PHP_SESSION_UPLOAD_PROGRESS" -; Development Value: "PHP_SESSION_UPLOAD_PROGRESS" -; Production Value: "PHP_SESSION_UPLOAD_PROGRESS" -; http://php.net/session.upload-progress.name -;session.upload_progress.name = "PHP_SESSION_UPLOAD_PROGRESS" - -; How frequently the upload progress should be updated. -; Given either in percentages (per-file), or in bytes -; Default Value: "1%" -; Development Value: "1%" -; Production Value: "1%" -; http://php.net/session.upload-progress.freq -;session.upload_progress.freq = "1%" - -; The minimum delay between updates, in seconds -; Default Value: 1 -; Development Value: 1 -; Production Value: 1 -; http://php.net/session.upload-progress.min-freq -;session.upload_progress.min_freq = "1" - -; Only write session data when session data is changed. Enabled by default. -; http://php.net/session.lazy-write -;session.lazy_write = On - -[Assertion] -; Switch whether to compile assertions at all (to have no overhead at run-time) -; -1: Do not compile at all -; 0: Jump over assertion at run-time -; 1: Execute assertions -; Changing from or to a negative value is only possible in php.ini! (For turning assertions on and off at run-time, see assert.active, when zend.assertions = 1) -; Default Value: 1 -; Development Value: 1 -; Production Value: -1 -; http://php.net/zend.assertions -zend.assertions = -1 - -; Assert(expr); active by default. -; http://php.net/assert.active -;assert.active = On - -; Throw an AssertationException on failed assertions -; http://php.net/assert.exception -;assert.exception = On - -; Issue a PHP warning for each failed assertion. (Overridden by assert.exception if active) -; http://php.net/assert.warning -;assert.warning = On - -; Don't bail out by default. -; http://php.net/assert.bail -;assert.bail = Off - -; User-function to be called if an assertion fails. -; http://php.net/assert.callback -;assert.callback = 0 - -; Eval the expression with current error_reporting(). Set to true if you want -; error_reporting(0) around the eval(). -; http://php.net/assert.quiet-eval -;assert.quiet_eval = 0 - -[COM] -; path to a file containing GUIDs, IIDs or filenames of files with TypeLibs -; http://php.net/com.typelib-file -;com.typelib_file = - -; allow Distributed-COM calls -; http://php.net/com.allow-dcom -;com.allow_dcom = true - -; autoregister constants of a components typlib on com_load() -; http://php.net/com.autoregister-typelib -;com.autoregister_typelib = true - -; register constants casesensitive -; http://php.net/com.autoregister-casesensitive -;com.autoregister_casesensitive = false - -; show warnings on duplicate constant registrations -; http://php.net/com.autoregister-verbose -;com.autoregister_verbose = true - -; The default character set code-page to use when passing strings to and from COM objects. -; Default: system ANSI code page -;com.code_page= - -[mbstring] -; language for internal character representation. -; This affects mb_send_mail() and mbstring.detect_order. -; http://php.net/mbstring.language -;mbstring.language = Japanese - -; Use of this INI entry is deprecated, use global internal_encoding instead. -; internal/script encoding. -; Some encoding cannot work as internal encoding. (e.g. SJIS, BIG5, ISO-2022-*) -; If empty, default_charset or internal_encoding or iconv.internal_encoding is used. -; The precedence is: default_charset < internal_encoding < iconv.internal_encoding -;mbstring.internal_encoding = - -; Use of this INI entry is deprecated, use global input_encoding instead. -; http input encoding. -; mbstring.encoding_traslation = On is needed to use this setting. -; If empty, default_charset or input_encoding or mbstring.input is used. -; The precedence is: default_charset < intput_encoding < mbsting.http_input -; http://php.net/mbstring.http-input -;mbstring.http_input = - -; Use of this INI entry is deprecated, use global output_encoding instead. -; http output encoding. -; mb_output_handler must be registered as output buffer to function. -; If empty, default_charset or output_encoding or mbstring.http_output is used. -; The precedence is: default_charset < output_encoding < mbstring.http_output -; To use an output encoding conversion, mbstring's output handler must be set -; otherwise output encoding conversion cannot be performed. -; http://php.net/mbstring.http-output -;mbstring.http_output = - -; enable automatic encoding translation according to -; mbstring.internal_encoding setting. Input chars are -; converted to internal encoding by setting this to On. -; Note: Do _not_ use automatic encoding translation for -; portable libs/applications. -; http://php.net/mbstring.encoding-translation -;mbstring.encoding_translation = Off - -; automatic encoding detection order. -; "auto" detect order is changed according to mbstring.language -; http://php.net/mbstring.detect-order -;mbstring.detect_order = auto - -; substitute_character used when character cannot be converted -; one from another -; http://php.net/mbstring.substitute-character -;mbstring.substitute_character = none - -; overload(replace) single byte functions by mbstring functions. -; mail(), ereg(), etc are overloaded by mb_send_mail(), mb_ereg(), -; etc. Possible values are 0,1,2,4 or combination of them. -; For example, 7 for overload everything. -; 0: No overload -; 1: Overload mail() function -; 2: Overload str*() functions -; 4: Overload ereg*() functions -; http://php.net/mbstring.func-overload -;mbstring.func_overload = 0 - -; enable strict encoding detection. -; Default: Off -;mbstring.strict_detection = On - -; This directive specifies the regex pattern of content types for which mb_output_handler() -; is activated. -; Default: mbstring.http_output_conv_mimetype=^(text/|application/xhtml\+xml) -;mbstring.http_output_conv_mimetype= - -[gd] -; Tell the jpeg decode to ignore warnings and try to create -; a gd image. The warning will then be displayed as notices -; disabled by default -; http://php.net/gd.jpeg-ignore-warning -;gd.jpeg_ignore_warning = 1 - -[exif] -; Exif UNICODE user comments are handled as UCS-2BE/UCS-2LE and JIS as JIS. -; With mbstring support this will automatically be converted into the encoding -; given by corresponding encode setting. When empty mbstring.internal_encoding -; is used. For the decode settings you can distinguish between motorola and -; intel byte order. A decode setting cannot be empty. -; http://php.net/exif.encode-unicode -;exif.encode_unicode = ISO-8859-15 - -; http://php.net/exif.decode-unicode-motorola -;exif.decode_unicode_motorola = UCS-2BE - -; http://php.net/exif.decode-unicode-intel -;exif.decode_unicode_intel = UCS-2LE - -; http://php.net/exif.encode-jis -;exif.encode_jis = - -; http://php.net/exif.decode-jis-motorola -;exif.decode_jis_motorola = JIS - -; http://php.net/exif.decode-jis-intel -;exif.decode_jis_intel = JIS - -[Tidy] -; The path to a default tidy configuration file to use when using tidy -; http://php.net/tidy.default-config -;tidy.default_config = /usr/local/lib/php/default.tcfg - -; Should tidy clean and repair output automatically? -; WARNING: Do not use this option if you are generating non-html content -; such as dynamic images -; http://php.net/tidy.clean-output -tidy.clean_output = Off - -[soap] -; Enables or disables WSDL caching feature. -; http://php.net/soap.wsdl-cache-enabled -soap.wsdl_cache_enabled=1 - -; Sets the directory name where SOAP extension will put cache files. -; http://php.net/soap.wsdl-cache-dir -soap.wsdl_cache_dir="/tmp" - -; (time to live) Sets the number of second while cached file will be used -; instead of original one. -; http://php.net/soap.wsdl-cache-ttl -soap.wsdl_cache_ttl=86400 - -; Sets the size of the cache limit. (Max. number of WSDL files to cache) -soap.wsdl_cache_limit = 5 - -[sysvshm] -; A default size of the shared memory segment -;sysvshm.init_mem = 10000 - -[ldap] -; Sets the maximum number of open links or -1 for unlimited. -ldap.max_links = -1 - -[dba] -;dba.default_handler= - -[opcache] -; Determines if Zend OPCache is enabled -;opcache.enable=1 - -; Determines if Zend OPCache is enabled for the CLI version of PHP -;opcache.enable_cli=0 - -; The OPcache shared memory storage size. -;opcache.memory_consumption=128 - -; The amount of memory for interned strings in Mbytes. -;opcache.interned_strings_buffer=8 - -; The maximum number of keys (scripts) in the OPcache hash table. -; Only numbers between 200 and 1000000 are allowed. -;opcache.max_accelerated_files=10000 - -; The maximum percentage of "wasted" memory until a restart is scheduled. -;opcache.max_wasted_percentage=5 - -; When this directive is enabled, the OPcache appends the current working -; directory to the script key, thus eliminating possible collisions between -; files with the same name (basename). Disabling the directive improves -; performance, but may break existing applications. -;opcache.use_cwd=1 - -; When disabled, you must reset the OPcache manually or restart the -; webserver for changes to the filesystem to take effect. -;opcache.validate_timestamps=1 - -; How often (in seconds) to check file timestamps for changes to the shared -; memory storage allocation. ("1" means validate once per second, but only -; once per request. "0" means always validate) -;opcache.revalidate_freq=2 - -; Enables or disables file search in include_path optimization -;opcache.revalidate_path=0 - -; If disabled, all PHPDoc comments are dropped from the code to reduce the -; size of the optimized code. -;opcache.save_comments=1 - -; Allow file existence override (file_exists, etc.) performance feature. -;opcache.enable_file_override=0 - -; A bitmask, where each bit enables or disables the appropriate OPcache -; passes -;opcache.optimization_level=0xffffffff - -;opcache.inherited_hack=1 -;opcache.dups_fix=0 - -; The location of the OPcache blacklist file (wildcards allowed). -; Each OPcache blacklist file is a text file that holds the names of files -; that should not be accelerated. The file format is to add each filename -; to a new line. The filename may be a full path or just a file prefix -; (i.e., /var/www/x blacklists all the files and directories in /var/www -; that start with 'x'). Line starting with a ; are ignored (comments). -;opcache.blacklist_filename= - -; Allows exclusion of large files from being cached. By default all files -; are cached. -;opcache.max_file_size=0 - -; Check the cache checksum each N requests. -; The default value of "0" means that the checks are disabled. -;opcache.consistency_checks=0 - -; How long to wait (in seconds) for a scheduled restart to begin if the cache -; is not being accessed. -;opcache.force_restart_timeout=180 - -; OPcache error_log file name. Empty string assumes "stderr". -;opcache.error_log= - -; All OPcache errors go to the Web server log. -; By default, only fatal errors (level 0) or errors (level 1) are logged. -; You can also enable warnings (level 2), info messages (level 3) or -; debug messages (level 4). -;opcache.log_verbosity_level=1 - -; Preferred Shared Memory back-end. Leave empty and let the system decide. -;opcache.preferred_memory_model= - -; Protect the shared memory from unexpected writing during script execution. -; Useful for internal debugging only. -;opcache.protect_memory=0 - -; Allows calling OPcache API functions only from PHP scripts which path is -; started from specified string. The default "" means no restriction -;opcache.restrict_api= - -; Mapping base of shared memory segments (for Windows only). All the PHP -; processes have to map shared memory into the same address space. This -; directive allows to manually fix the "Unable to reattach to base address" -; errors. -;opcache.mmap_base= - -; Enables and sets the second level cache directory. -; It should improve performance when SHM memory is full, at server restart or -; SHM reset. The default "" disables file based caching. -;opcache.file_cache= - -; Enables or disables opcode caching in shared memory. -;opcache.file_cache_only=0 - -; Enables or disables checksum validation when script loaded from file cache. -;opcache.file_cache_consistency_checks=1 - -; Implies opcache.file_cache_only=1 for a certain process that failed to -; reattach to the shared memory (for Windows only). Explicitly enabled file -; cache is required. -;opcache.file_cache_fallback=1 - -; Enables or disables copying of PHP code (text segment) into HUGE PAGES. -; This should improve performance, but requires appropriate OS configuration. -;opcache.huge_code_pages=1 - -; Validate cached file permissions. -;opcache.validate_permission=0 - -; Prevent name collisions in chroot'ed environment. -;opcache.validate_root=0 - -; If specified, it produces opcode dumps for debugging different stages of -; optimizations. -;opcache.opt_debug_level=0 - -[curl] -; A default value for the CURLOPT_CAINFO option. This is required to be an -; absolute path. -;curl.cainfo = - -[openssl] -; The location of a Certificate Authority (CA) file on the local filesystem -; to use when verifying the identity of SSL/TLS peers. Most users should -; not specify a value for this directive as PHP will attempt to use the -; OS-managed cert stores in its absence. If specified, this value may still -; be overridden on a per-stream basis via the "cafile" SSL stream context -; option. -;openssl.cafile= - -; If openssl.cafile is not specified or if the CA file is not found, the -; directory pointed to by openssl.capath is searched for a suitable -; certificate. This value must be a correctly hashed certificate directory. -; Most users should not specify a value for this directive as PHP will -; attempt to use the OS-managed cert stores in its absence. If specified, -; this value may still be overridden on a per-stream basis via the "capath" -; SSL stream context option. -;openssl.capath= - -; Local Variables: -; tab-width: 4 -; End: diff --git a/roles/apache-php/handlers/main.yml b/roles/apache-php/handlers/main.yml deleted file mode 100644 index 5e0cf69..0000000 --- a/roles/apache-php/handlers/main.yml +++ /dev/null @@ -1,8 +0,0 @@ -#!/usr/bin/ansible-playbook -# vim:ft=ansible: ---- -- name: restart apache - service: - name: apache2 - state: restarted - become: yes diff --git a/roles/apache-php/meta/main.yml b/roles/apache-php/meta/main.yml deleted file mode 100644 index d098f75..0000000 --- a/roles/apache-php/meta/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -allow_duplicates: no diff --git a/roles/apache-php/tasks/main.yml b/roles/apache-php/tasks/main.yml deleted file mode 100644 index 443d7ce..0000000 --- a/roles/apache-php/tasks/main.yml +++ /dev/null @@ -1,72 +0,0 @@ -#!/usr/bin/ansible-playbook -# vim:ft=ansible: ---- -- name: Install, configure, and start Apache and PHP - block: - - name: Install Apache and PHP packages - apt: - name: "{{ packages }}" - vars: - packages: - - apache2 - - libapache2-mod-php - - php - - php-gd - - php-json - - php-mysql - - php-curl - - php-mbstring - - php-intl - - php-xml - - php-zip - - php-cgi - - php-cli - - python3-passlib # For htpasswd support - - name: Find PHP config directory - find: - paths: /etc/php - patterns: '*' - file_type: directory - register: phpdirs - - name: Debug - debug: - var: phpdirs.files.0.path - - name: Copy configuration - copy: - src: "{{ item.src }}" - dest: "{{ phpdirs.files.0.path }}/{{ item.dest }}" - mode: "{{ item.mode }}" - loop: - - { src: "php-apache2.ini", dest: "apache2/php.ini", mode: "0644" } - - { src: "php-cgi.ini", dest: "cgi/php.ini", mode: "0644" } - - name: Disable default website - file: - # This is a symlink so who cares - path: "/etc/apache2/sites-enabled/000-default.conf" - state: absent - - name: Configure modules - block: - - name: Disable modules - command: - argv: - - "/usr/sbin/a2dismod" - - "{{ item }}" - removes: "/etc/apache2/mods-enabled/{{ item }}.load" - loop: - - mpm_event - notify: restart apache - - name: Enable modules - command: - argv: - - "/usr/sbin/a2enmod" - - "{{ item }}" - creates: "/etc/apache2/mods-enabled/{{ item }}.load" - loop: - - headers - - mpm_prefork - # Fun fact: this works - - php* - - rewrite - - ssl - notify: restart apache - become: yes diff --git a/roles/awscreds/files/awscredentials b/roles/awscreds/files/awscredentials deleted file mode 100644 index a1a44fe..0000000 --- a/roles/awscreds/files/awscredentials +++ /dev/null @@ -1,11 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -38616333383866663466353035306234356565643564383866633038636531616239393365636436 -6538393064666337616565616636363331333062643235340a613061356630656333626664343038 -39326661306439343666623339323430333662363864366364363664323833393039303938323035 -3061396662656435660a366361363138386332633234633832613630643364316130643665343737 -37303434633839323363376562303966363466323638616265303865343936396465616434666163 -61666663373333643034363663323465326130393331636463666534343837646466653265343162 -39343066323764646361323833303334643730633938633436343330626230303462666166356530 -63623861383436636137623733633839333564363334323034313537616633666436333133396639 -63666237366535386436343839653939373533656164333865613631386131343565363734333935 -3861623666613138353061646564393465356532316631616231 diff --git a/roles/awscreds/meta/main.yml b/roles/awscreds/meta/main.yml deleted file mode 100644 index d098f75..0000000 --- a/roles/awscreds/meta/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -allow_duplicates: no diff --git a/roles/awscreds/tasks/main.yml b/roles/awscreds/tasks/main.yml deleted file mode 100644 index 6df3e2f..0000000 --- a/roles/awscreds/tasks/main.yml +++ /dev/null @@ -1,15 +0,0 @@ -#!/usr/bin/ansible-playbook -# vim:ft=ansible: ---- -- name: Set up AWS credentials for root - block: - - name: Create .aws directory - file: - path: ~/.aws - state: directory - - name: Copy AWS credentials - copy: - src: awscredentials - dest: ~/.aws/credentials - mode: "0600" - become: true diff --git a/roles/base-backups/defaults/main.yml b/roles/base-backups/defaults/main.yml deleted file mode 100644 index a5f0db6..0000000 --- a/roles/base-backups/defaults/main.yml +++ /dev/null @@ -1,5 +0,0 @@ -#!/usr/bin/ansible-playbook -# vim:ft=ansible: -backups_outdir: "/opt/backups/out" -backups_boot_delay: 1h -backups_time: "*-*-* 02:00:00" diff --git a/roles/base-backups/handlers/main.yml b/roles/base-backups/handlers/main.yml deleted file mode 100644 index 1ca1c40..0000000 --- a/roles/base-backups/handlers/main.yml +++ /dev/null @@ -1,10 +0,0 @@ -#!/usr/bin/ansible-playbook -# vim:ft=ansible: ---- -- name: restart backups timer - systemd: - daemon_reload: yes - name: 9iron-backup.timer - enabled: yes - state: restarted - become: yes diff --git a/roles/base-backups/meta/main.yml b/roles/base-backups/meta/main.yml deleted file mode 100644 index b3dfd68..0000000 --- a/roles/base-backups/meta/main.yml +++ /dev/null @@ -1,6 +0,0 @@ -#!/usr/bin/ansible-playbook -# vim:ft=ansible: ---- -allow_duplicates: no -dependencies: - - role: awscreds diff --git a/roles/base-backups/tasks/main.yml b/roles/base-backups/tasks/main.yml deleted file mode 100644 index 1843d58..0000000 --- a/roles/base-backups/tasks/main.yml +++ /dev/null @@ -1,41 +0,0 @@ -#!/usr/bin/ansible-playbook -# vim:ft=ansible: ---- -- name: Set up general backups - block: - - name: Create backups directories - file: - state: directory - mode: "0700" - path: "{{ item }}" - loop: - - "/opt/backups" - - "/opt/backups/modules" - - "{{ backups_outdir }}" - - name: Create /backups symlink - file: - state: link - path: "/backups" - src: "{{ backups_outdir }}" - - name: Template out backup script - template: - src: "backup.sh" - dest: "/opt/backups/backup.sh" - mode: "0700" - - name: Template out services - template: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - mode: "{{ item.mode }}" - loop: - - { src: "9iron-backup.service", dest: "/etc/systemd/system/9iron-backup.service", mode: "0644" } - - { src: "9iron-backup.timer", dest: "/etc/systemd/system/9iron-backup.timer", mode: "0644" } - notify: restart backups timer - - name: Enable timer - systemd: - daemon_reload: yes - name: 9iron-backup.timer - enabled: yes - state: started - notify: restart backups timer - become: yes diff --git a/roles/base-backups/templates/9iron-backup.service b/roles/base-backups/templates/9iron-backup.service deleted file mode 100644 index 034f56a..0000000 --- a/roles/base-backups/templates/9iron-backup.service +++ /dev/null @@ -1,14 +0,0 @@ -# vim:ft=dosini: -[Unit] -Description=9iron backup service -StartLimitIntervalSec=3600 -StartLimitBurst=5 - -[Service] -MemoryMax=256M -ExecStart=/opt/backups/backup.sh -Restart=on-failure -RestartSec=90 - -[Install] -WantedBy=multi-user.target diff --git a/roles/base-backups/templates/9iron-backup.timer b/roles/base-backups/templates/9iron-backup.timer deleted file mode 100644 index 11d8c8e..0000000 --- a/roles/base-backups/templates/9iron-backup.timer +++ /dev/null @@ -1,11 +0,0 @@ -# vim:ft=dosini: -[Unit] -Description=9iron backup timer - -[Timer] -Persistent=true -OnBootSec={{ backups_boot_delay }} -OnCalendar={{ backups_time }} - -[Install] -WantedBy=timers.target diff --git a/roles/base-backups/templates/backup.sh b/roles/base-backups/templates/backup.sh deleted file mode 100644 index 3839f65..0000000 --- a/roles/base-backups/templates/backup.sh +++ /dev/null @@ -1,65 +0,0 @@ -#! /bin/bash -# -# backup.sh -# General-purpose backup script that accepts subtasks -# Copyright (C) 2020 Vintage Salt -# -# Distributed under terms of the MIT license. -# - -set -e - -export BACKUPSDIR="/backups" -export OUTDIR="$BACKUPSDIR/out" -export MODULESDIR="/opt/backups/modules" -export DATE="$(date -Iseconds)" - -# Helper functions -log() { - [ -z "$1" ] && return 1 - printf "$(date -Iseconds): $1\n" -} - -# Sanity checks -if ! [ -d "$MODULESDIR" ]; then - log "Unable to find modules directory: $MODULESDIR" - exit 1 -fi -# Source an RC, if we have it -if [ -r "$MODULESDIR/backuprc" ]; then - source "$MODULESDIR/backuprc" -fi -# More sanity checks -if ! [ -d "$BACKUPSDIR" ]; then - log "Unable to find backups directory: $BACKUPSDIR" - exit 2 -fi -# Do the do -log "Beginning backups" -for file in "$MODULESDIR"/*; do - # Just keep going if we don't have any tasks to do - [ -f "$file" ] || continue - # Execute the module and alert if it fails - log "Executing module: $file" - ( - # Define a log function for our module to use - log() { - [ -z "$1" ] && return 1 - printf "$(date -Iseconds): $1\n" - } - source "$file" - ) || { - log "Error executing module: $file" - } -done -# If we have a fancy schmancy bucket, use it -s3bucket="{{ aws.backup_bucket }}" -if command -v aws > /dev/null 2>&1 && aws s3 ls "s3://$s3bucket" > /dev/null 2>&1; then - log "Moving files to S3 bucket $s3bucket" - nice -n 10 aws s3 mv "$BACKUPSDIR" "s3://$s3bucket" \ - --recursive \ - --only-show-errors \ - --exclude "*.log" \ - --storage-class STANDARD -fi - diff --git a/roles/base-snmpd/handlers/main.yml b/roles/base-snmpd/handlers/main.yml deleted file mode 100644 index ce2f76b..0000000 --- a/roles/base-snmpd/handlers/main.yml +++ /dev/null @@ -1,8 +0,0 @@ -#!/usr/bin/ansible-playbook -# vim:ft=ansible: ---- -- name: restart snmpd - systemd: - name: snmpd - state: restarted - become: yes diff --git a/roles/base-snmpd/tasks/main.yml b/roles/base-snmpd/tasks/main.yml deleted file mode 100644 index 34dab91..0000000 --- a/roles/base-snmpd/tasks/main.yml +++ /dev/null @@ -1,21 +0,0 @@ -#!/usr/bin/ansible-playbook -# vim:ft=ansible: ---- -- name: Install snmpd - block: - - name: Install snmpd - apt: - name: - - snmpd - - name: Template out config - template: - src: snmpd.conf - dest: /etc/snmp/snmpd.conf - mode: "0600" - notify: restart snmpd - - name: Enable snmpd - systemd: - name: snmpd - enabled: yes - state: started - become: yes diff --git a/roles/base-snmpd/templates/snmpd.conf b/roles/base-snmpd/templates/snmpd.conf deleted file mode 100644 index c076f75..0000000 --- a/roles/base-snmpd/templates/snmpd.conf +++ /dev/null @@ -1,165 +0,0 @@ -# Listen for connections on all interfaces (both IPv4 *and* IPv6) -agentAddress udp:161,udp6:[::1]:161 - -# Create users -createUser authOnlyUser SHA {{ snmp.auth_user_pass }} -createUser authPrivUser SHA {{ snmp.priv_user_pass }} -createUser internalUser SHA {{ snmp.int_user_pass }} - -############################################################################### -# -# ACCESS CONTROL -# - - # system + hrSystem groups only -view systemonly included .1.3.6.1.2.1.1 -view systemonly included .1.3.6.1.2.1.25.1 - - # Full access from the local host -#rocommunity public localhost - # Default access to basic system info - rocommunity public default -V systemonly - # rocommunity6 is for IPv6 - rocommunity6 public default -V systemonly - - # Full access from an example network - # Adjust this network address to match your local - # settings, change the community string, - # and check the 'agentAddress' setting above -#rocommunity secret 10.0.0.0/16 - - # Full read-only access for SNMPv3 - rouser authOnlyUser - # Full write access for encrypted requests - # Remember to activate the 'createUser' lines above -#rwuser authPrivUser priv - -# It's no longer typically necessary to use the full 'com2sec/group/access' configuration -# r[ow]user and r[ow]community, together with suitable views, should cover most requirements - - - -############################################################################### -# -# SYSTEM INFORMATION -# - -# Note that setting these values here, results in the corresponding MIB objects being 'read-only' -# See snmpd.conf(5) for more details -sysLocation {{ snmp.location }} -sysContact {{ snmp.contact }} - # Application + End-to-End layers -sysServices 72 - - -# -# Process Monitoring -# - # At least one 'mountd' process -proc mountd - # No more than 4 'ntalkd' processes - 0 is OK -proc ntalkd 4 - # At least one 'sendmail' process, but no more than 10 -proc sendmail 10 1 - -# Walk the UCD-SNMP-MIB::prTable to see the resulting output -# Note that this table will be empty if there are no "proc" entries in the snmpd.conf file - - -# -# Disk Monitoring -# - # 10MBs required on root disk, 5% free on /var, 10% free on all other disks -disk / 10000 -disk /var 5% -includeAllDisks 10% - -# Walk the UCD-SNMP-MIB::dskTable to see the resulting output -# Note that this table will be empty if there are no "disk" entries in the snmpd.conf file - - -# -# System Load -# - # Unacceptable 1-, 5-, and 15-minute load averages -load 12 10 5 - -# Walk the UCD-SNMP-MIB::laTable to see the resulting output -# Note that this table *will* be populated, even without a "load" entry in the snmpd.conf file - - - -############################################################################### -# -# ACTIVE MONITORING -# - - # send SNMPv1 traps - trapsink localhost public - # send SNMPv2c traps -#trap2sink localhost public - # send SNMPv2c INFORMs -#informsink localhost public - -# Note that you typically only want *one* of these three lines -# Uncommenting two (or all three) will result in multiple copies of each notification. - - -# -# Event MIB - automatically generate alerts -# - # Remember to activate the 'createUser' lines above -iquerySecName internalUser -rouser internalUser - # generate traps on UCD error conditions -defaultMonitors yes - # generate traps on linkUp/Down -linkUpDownNotifications yes - - - -############################################################################### -# -# EXTENDING THE AGENT -# - -# -# Arbitrary extension commands -# - extend test1 /bin/echo Hello, world! - extend-sh test2 echo Hello, world! ; echo Hi there ; exit 35 -#extend-sh test3 /bin/sh /tmp/shtest - -# Note that this last entry requires the script '/tmp/shtest' to be created first, -# containing the same three shell commands, before the line is uncommented - -# Walk the NET-SNMP-EXTEND-MIB tables (nsExtendConfigTable, nsExtendOutput1Table -# and nsExtendOutput2Table) to see the resulting output - -# Note that the "extend" directive supercedes the previous "exec" and "sh" directives -# However, walking the UCD-SNMP-MIB::extTable should still returns the same output, -# as well as the fuller results in the above tables. - - -# -# "Pass-through" MIB extension command -# -#pass .1.3.6.1.4.1.8072.2.255 /bin/sh PREFIX/local/passtest -#pass .1.3.6.1.4.1.8072.2.255 /usr/bin/perl PREFIX/local/passtest.pl - -# Note that this requires one of the two 'passtest' scripts to be installed first, -# before the appropriate line is uncommented. -# These scripts can be found in the 'local' directory of the source distribution, -# and are not installed automatically. - -# Walk the NET-SNMP-PASS-MIB::netSnmpPassExamples subtree to see the resulting output - - -# -# AgentX Sub-agents -# - # Run as an AgentX master agent - master agentx - # Listen for network connections (from localhost) - # rather than the default named socket /var/agentx/master -#agentXSocket tcp:localhost:705 diff --git a/roles/base-user/defaults/main.yml b/roles/base-user/defaults/main.yml deleted file mode 100644 index 5eb903b..0000000 --- a/roles/base-user/defaults/main.yml +++ /dev/null @@ -1,4 +0,0 @@ -# vim:ft=ansible: -user_username: salt -user_shell: /bin/bash -user_password: "!" diff --git a/roles/base-user/meta/main.yml b/roles/base-user/meta/main.yml deleted file mode 100644 index d098f75..0000000 --- a/roles/base-user/meta/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -allow_duplicates: no diff --git a/roles/base-user/tasks/main.yml b/roles/base-user/tasks/main.yml deleted file mode 100644 index 5793557..0000000 --- a/roles/base-user/tasks/main.yml +++ /dev/null @@ -1,88 +0,0 @@ -#!/usr/bin/ansible-playbook -# vim:ft=ansible: ---- -- name: Assure user - user: - name: "{{ user_username }}" - shell: "{{ user_shell }}" - password: "{{ user_password }}" - become: yes -- name: Add user to sudo - user: - name: "{{ user_username }}" - groups: sudo - append: yes - become: yes - when: ansible_os_family == "Debian" -- name: Add user to wheel - user: - name: "{{ user_username }}" - groups: wheel - append: yes - become: yes - when: ansible_os_family != "Debian" -- name: Bootstrap user - block: - - name: Assure .ssh directory - file: - path: $HOME/.ssh - state: directory - mode: "0700" - - name: Generate keypair - openssh_keypair: - comment: "{{ user_username }}@{{ inventory_hostname_short }}" - path: $HOME/.ssh/id_ed25519 - mode: "0600" - register: keypair - - name: Register keypair with Gitea - uri: - url: "https://git.9iron.club/api/v1/user/keys" - method: POST - headers: - accept: "application/json" - Authorization: "token {{ gitea_api_token }}" - body_format: json - body: - key: "{{ keypair.public_key }}" - read_only: yes - title: "{{ inventory_hostname }}-ed25519" - status_code: 201 - when: keypair is changed - - name: Configure authorized hosts - authorized_key: - user: "{{ user_username }}" - manage_dir: yes - key: "{{ item.key }}" - state: "{{ item.state }}" - loop: - - { key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDc03Q21k7rDuIbZ91dIMOSAM7EpT75YFzOoYL6CfHLZbRDsYTVgUSHYL9lfgGiW9CYL9Gp8QT9eLzIdfgn4e8OMMuoW1jayM9nj6iY3tmWlinuzs535j04Us/aY1Gka+f0qf/vJfRAwO0VN92xmLxW4pQMD/r5DKQ3yppvohnAAPeOhoFeLbEPiBgb1ktNxtQF9GdIOdDIEE+dV0UA07dJskTdJGG9Zbff7VEcQXknhaLdclye+BHlNkRv+MvFu4jPnBNttPiM4TSBgOD88U68M6MsYBJ+2e+7cTiO2DWy9bTtAnhWHD468fdS3S9h62l2lsrGBa5dRpc8RCpPXFo/ salt@dsk-cstm-0", state: present } - - { key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDyOzdOFNONNhr++/2L3iSN04JsLwYHkapslDMEImI0x4chvdfdA9OkEOZHP5EoMUG6uWL3xZZdQ9Egp931oHDc4W5ylPQ1VtqQ2vcyffCfBTOEaUeEgw2tHBDngMqBgTajMSFvTbaC7JNSIdcGP1KTCCYZ3f8DPjVmG8FAKq1kDnCyI4sXHQswi/AbIBrOsWSW+qjrQdD/jU7T2LPQbU9FB+afinDizhGXUzkmbRkOD5z/YsyrWDfaKhGS4EwJpZbEwT7ocnCaQSa74xYLwUlBONhg3u2wq00mrh7vc2WbeGB7VoCsojPIj5r6KoCKzRBVog2HLQ4W7QqfSW/nXR21 salt@lap-th-e560-0", state: present } - - { key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCsZVQJr3d5G9nhlAilU8SKK7AInw8bgUTbIof7LEPD16Fg21KKAIcpYqWgw53EwuwFN8KJjDHKQasfnGZ++vIdpaNKB5HAAHapHxMREpwKzDf9Z+phfi2S5rdIodeCz62DVo0DSd4NZGF1q2FGgVTIsnOVLRBiu5xBIP6BElMmAn+afsBHiuN68YVUxqTnwX+brQXcxhG/D0UuNHUgf2VZ95vNktgad03/1g9FbKI4CIVoUazHeavTFzOYewfSzOGo9T6VOxe0Tm/GYjokO+XGtn5LtITFAEjAMEyhUb3JCtmPuof153BaP11ELqURUp1Os5Spxq2nsxGpdSebzty157uf9wFPGnbsSk5ehEE9pQodzCZlrHu85oKFGtwtdYmAvQd8LvrIb+tRFV2LX3AL/H0KdAGOCBvQG0bIAWmosZSzTT0zC1ESA97ncpzP8VYJJtwvhxyJOpsA3udHScQAZllrTjh6S18RJts1GtLv2d7ogFBzRAGn+/dsekX5ghU= salt@lap-s76-lemp9-0", state: present } - - { key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDgLG6Y+R58AaS8hxrAVtpYRon1JiXG65KoHLR1hr8GtQXAaJuTIzzvD3LJbZ3OxSctZCzfu85SZ+7ex6yHAD0RfPASAGZarHOWSFuTULtIYaz0lGopfmHrVT9yV2df0zhqz3E2FEJaMe1CXkDufJrD3IkPZSTd24NY83hJGWxSM9SbiCqAf+c3DSWWhCC75WXdIfPs6d5CF/pYY6T1kD9AJC4K6JhP3LtieFBGZfpd6EamZ/Y1wvlFbkjV+rLDvYE4BF4WNYcJP1CTEgtOTAbACMqSdQ6544JUVvKNE7J9haOzTK0gYcp05zvgHvgju9TuPizlYEjPgypxNZBPXQisat3KXLenGS4+4gLloFrkZ4f2IfJidLrBd99GAina2OMHsCfQrazhuzvIoXI/5ww+k28GgF264HA8ZNkhPgZf3tbDmSHIZPvshRRvYOfURwiwl9T9xwdoJet5qdPrXk6EmX6f5TUIUdB8eeXcLecQDfvwgbDePdxz02sEw4LymK0= salt@ph-pine-0", state: present } - - name: Check for dotfile initialization - stat: path=$HOME/.dotfiles - register: p - - name: Initialize dotfiles - block: - - name: Clone bootstrap script - git: - accept_hostkey: yes - repo: git@git.9iron.club:salt/bootstrap - dest: $HOME/bootstrap - depth: 1 - force: yes - - name: Execute bootstrap script - shell: "cd && ~/bootstrap/bootstrap.sh > bootstrap.log 2>&1" - - name: Disable untracked files on dotfiles - git_config: - name: status.showUntrackedFiles - value: "no" - scope: local - repo: ~/.dotfiles - - name: Remove bootstrap script directory - file: - path: ~/bootstrap - state: absent - when: not p.stat.exists - become: yes - become_user: "{{ user_username }}" diff --git a/roles/common/files/motd-news b/roles/common/files/motd-news deleted file mode 100644 index eefe29c..0000000 --- a/roles/common/files/motd-news +++ /dev/null @@ -1,19 +0,0 @@ -# Enable/disable the dynamic MOTD news service -# This is a useful way to provide dynamic, informative -# information pertinent to the users and administrators -# of the local system -ENABLED=0 - -# Configure the source of dynamic MOTD news -# White space separated list of 0 to many news services -# For security reasons, these must be https -# and have a valid certificate -# Canonical runs a service at motd.ubuntu.com, and you -# can easily run one too -URLS="https://motd.ubuntu.com" - -# Specify the time in seconds, you're willing to wait for -# dynamic MOTD news -# Note that news messages are fetched in the background by -# a systemd timer, so this should never block boot or login -WAIT=5 diff --git a/roles/common/handlers/main.yml b/roles/common/handlers/main.yml deleted file mode 100644 index fb91194..0000000 --- a/roles/common/handlers/main.yml +++ /dev/null @@ -1,8 +0,0 @@ -#!/usr/bin/ansible-playbook -# vim:ft=ansible: ---- -- name: restart cron - service: - name: cron - state: restarted - become: yes diff --git a/roles/common/meta/main.yml b/roles/common/meta/main.yml deleted file mode 100644 index d098f75..0000000 --- a/roles/common/meta/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -allow_duplicates: no diff --git a/roles/common/tasks/ansibleuser.yml b/roles/common/tasks/ansibleuser.yml deleted file mode 100644 index 42e5ec0..0000000 --- a/roles/common/tasks/ansibleuser.yml +++ /dev/null @@ -1,41 +0,0 @@ -#!/usr/bin/ansible-playbook -# vim:ft=ansible: -- name: Configure Ansible system user - block: - - name: Create Ansible system user - user: - name: ansible - password_lock: yes - system: yes - become: yes - - name: Enroll Ansible user in sudo - user: - name: ansible - groups: sudo - when: ansible_os_family == "Debian" - - name: Enroll Ansible user in wheel - user: - name: ansible - groups: wheel - when: ansible_os_family != "Debian" - - name: Ensure perms on Ansible user home - file: - path: "/home/ansible" - mode: "0700" - - name: Ensure ownership of Ansible user home - file: - path: "/home/ansible" - owner: ansible - group: ansible - recurse: yes - - name: Add Ansible key to user - authorized_key: - user: ansible - manage_dir: yes - key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC8pjK7Z6V9IjxRtLB9Xwt5Rujj0iMQqOVExRkmkIzjEcblV/cqtwx4fOijoN9eQlmrjQg05rBWoHJoUiLH5LimU2HPQt9vSDSt/tTXNafhvi3St3nz+GA9yCwAkJfvz2QL/vnU7sfveYC2xmWZC0xjcG4bl8pL2GJgfyh4OnfS9vNRTpn1kAJ/Fl4vRLtRaFx1WzF3/RJUOkesYLegawSRJsaIamJFI5YxHe5VeTnFefVtssgbGrOj19uRDIZkBW/5uWsnNPVwbGUT089qioS11QFJaVOQCgU/E+4lxCHlRfLQ+gnXvaQV3j0JFk/I1bZNlCcNLHc0ZasXIqV+BUaR4au35QkDBjh38DCxesZ775tudXUp7KP6OHCC9i9ncIkum3mE+4K+0KAlS0oevUQdfguXkRQ6q3vydxEgWbBOx3jHi7i5AwvOnJqZRmUnfFp0qfhGfcS2pLEZhUcd0bOM6qAyK1XD5XRzXoVLS9bdHNUwCaIWie0tOYMLLmNooTU= ansible" - - name: Add Ansible user sudoers rule - template: - src: 90-ansible - dest: "/etc/sudoers.d/90-ansible" - mode: "0440" - become: yes diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml deleted file mode 100644 index 3187c55..0000000 --- a/roles/common/tasks/main.yml +++ /dev/null @@ -1,63 +0,0 @@ -#!/usr/bin/ansible-playbook -# vim:ft=ansible: ---- -- name: Configure basic system settings - block: - - name: Install packages - include_tasks: packages.yml - - name: Copy system configs - template: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - mode: "{{ item.mode }}" - loop: - - { src: "hosts", dest: "/etc/hosts", mode: "0644" } - - { src: "issue", dest: "/etc/issue", mode: "0644" } - - name: Set hostname - hostname: - name: "{{ inventory_hostname }}" - when: ansible_os_family == "Debian" - - name: Set hostname for PMOS - hostname: - name: "{{ inventory_hostname }}" - use: alpine - when: ansible_distribution == "Alpine" - - name: Set timezone - timezone: - name: "America/Chicago" - notify: restart cron - when: ansible_os_family == "Debian" - - name: Configure MOTD - block: - - name: Disable MOTD news - copy: - src: "motd-news" - dest: "/etc/default/motd-news" - tags: [ motd ] - - name: Disable default update-motd tasks - file: - path: "/etc/update-motd.d/{{ item }}" - state: absent - loop: - - "00-header" - - "10-help-text" - - "50-landscape-sysinfo" - - "50-motd-news" - - "80-esm" - - "80-livepatch" - - "90-updates-available" - - "91-release-upgrade" - - "92-unattended-upgrades" - - "95-hwe-eol" - - "97-overlayroot" - tags: [ motd ] - when: ansible_distribution == "Ubuntu" - - name: Add update-motd tasks - template: - src: 50-ansible-motd.sh - dest: /etc/update-motd.d/50-ansible - mode: "0755" - tags: [ motd ] - - name: Configure Ansible user - include_tasks: ansibleuser.yml - become: yes diff --git a/roles/common/tasks/packages.yml b/roles/common/tasks/packages.yml deleted file mode 100644 index df137a6..0000000 --- a/roles/common/tasks/packages.yml +++ /dev/null @@ -1,58 +0,0 @@ -#!/usr/bin/ansible-playbook -# vim:ft=ansible: ---- -- name: Install packages via APT - block: - - name: Update and upgrade apt packages - apt: - upgrade: yes - update_cache: yes - # One day - cache_valid_time: 86400 - - name: Install basic packages - apt: - name: - - acl - - apt-file - - aptitude - - awscli - - htop - - ncdu - - net-tools - - openssh-server - - pwgen - - python3-apt - - screen - - vim - - whois - - name: Install basic packages without recommends - apt: - install_recommends: no - name: - - smartmontools - - name: Remove packages - apt: - state: absent - name: - - unattended-upgrades - become: yes - when: ansible_os_family == "Debian" -- name: Install packages via APK - block: - - name: Update and upgrade packages - apk: - upgrade: yes - update_cache: yes - - name: Install basic packages - apk: - name: - - acl - - coreutils - - gcc - - git - - htop - - ncdu - - screen - - vim - become: yes - when: ansible_distribution == "Alpine" diff --git a/roles/common/templates/50-ansible-motd.sh b/roles/common/templates/50-ansible-motd.sh deleted file mode 100755 index 6d13fe3..0000000 --- a/roles/common/templates/50-ansible-motd.sh +++ /dev/null @@ -1,34 +0,0 @@ -#! /bin/sh -# -# 50-ansible-motd.sh -# Copyright (C) 2020 Vintage Salt -# -# Distributed under terms of the MIT license. -# - -# Service statuses -if command -v systemctl > /dev/null 2>&1; then - len=20 - printf "Services:\n" - for unit in \ - 9iron-backup \ - ansible-pull - do - systemctl status $unit > /dev/null 2>&1 - case $? in - 0) - printf " * %-${len}.${len}s\e[32mRunning\e[0m\n" $unit - ;; - 1|2) - printf " * %-${len}.${len}s\e[31mDead\e[0m\n" $unit - ;; - 3) - printf " * %-${len}.${len}s\e[34mExited\e[0m\n" $unit - ;; - *) - printf " * %-${len}.${len}s\e[33mUnknown\e[0m\n" "$unit" - ;; - esac - done -fi - diff --git a/roles/common/templates/90-ansible b/roles/common/templates/90-ansible deleted file mode 100644 index 809567b..0000000 --- a/roles/common/templates/90-ansible +++ /dev/null @@ -1,3 +0,0 @@ -# Managed by Ansible - -ansible ALL=(ALL) NOPASSWD:ALL diff --git a/roles/common/templates/hosts b/roles/common/templates/hosts deleted file mode 100644 index 230595c..0000000 --- a/roles/common/templates/hosts +++ /dev/null @@ -1,11 +0,0 @@ -127.0.0.1 localhost -127.0.0.1 {{ inventory_hostname }} -127.0.0.1 {{ inventory_hostname_short }} - -# The following lines are desirable for IPv6 capable hosts -::1 localhost ip6-localhost ip6-loopback -fe00::0 ip6-localnet -ff00::0 ip6-mcastprefix -ff02::1 ip6-allnodes -ff02::2 ip6-allrouters -ff02::3 ip6-allhosts diff --git a/roles/common/templates/issue b/roles/common/templates/issue deleted file mode 100644 index fcadf1c..0000000 --- a/roles/common/templates/issue +++ /dev/null @@ -1,2 +0,0 @@ -{{ ansible_distribution }} {{ ansible_distribution_version }} \l - diff --git a/roles/desktop-common/handlers/main.yml b/roles/desktop-common/handlers/main.yml deleted file mode 100644 index 4c70994..0000000 --- a/roles/desktop-common/handlers/main.yml +++ /dev/null @@ -1,14 +0,0 @@ -#!/usr/bin/ansible-playbook -# vim:ft=ansible: ---- -- name: reload udev - command: /usr/bin/udevadm trigger - become: yes -- name: restart sshd - systemd: - name: sshd.service - state: restarted - become: yes -- name: regen initramfs - command: /usr/sbin/update-initramfs -c -k all - become: yes diff --git a/roles/desktop-common/meta/main.yml b/roles/desktop-common/meta/main.yml deleted file mode 100644 index d098f75..0000000 --- a/roles/desktop-common/meta/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -allow_duplicates: no diff --git a/roles/desktop-common/tasks/dkms.yml b/roles/desktop-common/tasks/dkms.yml deleted file mode 100644 index 51295ed..0000000 --- a/roles/desktop-common/tasks/dkms.yml +++ /dev/null @@ -1,13 +0,0 @@ -#!/usr/bin/ansible-playbook -# vim:ft=ansible: ---- -- name: Install DKMS modules - block: - - name: Install hid-nintendo - include_role: - name: dkms - vars: - dkms_repo: "https://github.com/nicman23/dkms-hid-nintendo" - dkms_name: "nintendo-1.0" - become: yes - tags: [ dkms ] diff --git a/roles/desktop-common/tasks/main.yml b/roles/desktop-common/tasks/main.yml deleted file mode 100644 index 8171acc..0000000 --- a/roles/desktop-common/tasks/main.yml +++ /dev/null @@ -1,74 +0,0 @@ -#!/usr/bin/ansible-playbook -# vim:ft=ansible: ---- -- name: Configure desktop system - block: - - name: Create config directories - file: - path: "{{ item }}" - state: directory - recurse: yes - loop: - - "/etc/X11/xorg.conf.d" - - name: Nuke some configs - file: - path: "{{ item }}" - state: absent - loop: - # Works around a bug where this causes failed logins - - "/etc/X11/Xsession.d/70im-config_launch" - - name: Copy system configs - template: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - mode: "{{ item.mode }}" - loop: - - { src: "sshd_config", dest: "/etc/ssh/sshd_config", mode: "0644" } - - { src: "nomouseaccel.conf", dest: "/etc/X11/xorg.conf.d/90-mouse-acceleration.conf", mode: "0644" } - - { src: "touchpad.conf", dest: "/etc/X11/xorg.conf.d/90-touchpad.conf", mode: "0644" } - - { src: "grubconfig", dest: "/etc/default/grub", mode: "0644" } - - name: Copy udev rules - template: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - mode: "{{ item.mode }}" - loop: - - { src: "g810-led.rules", dest: "/etc/udev/rules.d/50-g810-led.rules", mode: "0644" } - - { src: "switch-rcm.rules", dest: "/etc/udev/rules.d/50-switch-rcm.rules", mode: "0644" } - notify: reload udev - tags: [ udev ] - - name: Configure custom kernel modules - include_tasks: dkms.yml - tags: [ dkms ] - - name: Configure SSH - include_tasks: sshd.yml - - name: Configure system packages - include_tasks: packages.yml - - name: Configure Mopidy - include_tasks: mopidy.yml - - name: Set up Plymouth bgrt - alternatives: - name: default.plymouth - path: /usr/share/plymouth/themes/bgrt/bgrt.plymouth - notify: regen initramfs - - name: Stop services - systemd: - name: "{{ item }}" - enabled: no - state: stopped - loop: - - mopidy.service - - motd-news.timer - - name: Start services - systemd: - name: "{{ item }}" - enabled: yes - state: started - loop: - - syncthing@salt.service - - name: Template out backup module - template: - src: "backup.sh" - dest: "/opt/backups/modules/desktop.sh" - mode: "0600" - become: yes diff --git a/roles/desktop-common/tasks/mopidy.yml b/roles/desktop-common/tasks/mopidy.yml deleted file mode 100644 index 5d47366..0000000 --- a/roles/desktop-common/tasks/mopidy.yml +++ /dev/null @@ -1,46 +0,0 @@ -#!/usr/bin/ansible-playbook -# vim:ft=ansible: ---- -- name: Configure system packages - block: - - name: Add mopidy repo key - apt_key: - url: "https://apt.mopidy.com/mopidy.gpg" - - name: Add repos - apt_repository: - repo: "{{ item }}" - loop: - # These repos work for Buster and >=19.10 - - "deb https://apt.mopidy.com/ buster main contrib non-free" - - "deb-src https://apt.mopidy.com/ buster main contrib non-free" - - name: Update APT cache - apt: - update_cache: yes - cache_valid_time: 86400 - - name: Install packages - apt: - name: - - mpc - - mopidy - - mopidy-mpd - - mopidy-spotify - - name: Template out config - block: - - name: Create config directory - file: - path: "~/.config/mopidy" - state: directory - mode: "0755" - - name: Template out config - template: - src: mopidy.conf - mode: "0600" - dest: "~/.config/mopidy/mopidy.conf" - become_user: "{{ user_username }}" - become: yes - - name: Remove MPD - apt: - name: - - mpd - state: absent - become: yes diff --git a/roles/desktop-common/tasks/packages.yml b/roles/desktop-common/tasks/packages.yml deleted file mode 100644 index 61c0ff7..0000000 --- a/roles/desktop-common/tasks/packages.yml +++ /dev/null @@ -1,245 +0,0 @@ -#!/usr/bin/ansible-playbook -# vim:ft=ansible: ---- -- name: Configure system packages - block: - - name: Enable i386 architecture - lineinfile: - dest: /var/lib/dpkg/arch - line: i386 - create: yes - - name: Add repo keys from keyserver - apt_key: - keyserver: 'keyserver.ubuntu.com' - id: "{{ item }}" - loop: - - "3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF" # Monodevelop - - name: Add repo keys by URL - apt_key: - url: "{{ item }}" - loop: - - "https://packagecloud.io/slacktechnologies/slack/gpgkey" # Slack - - "https://syncthing.net/release-key.txt" # Syncthing - - "https://packages.riot.im/debian/riot-im-archive-keyring.gpg" # Element - - "https://download.spotify.com/debian/pubkey.gpg" # Spotify 1 - - "https://download.spotify.com/debian/pubkey_0D811D58.gpg" # Spotify 2 - - name: Add repos - apt_repository: - repo: "{{ item }}" - loop: - # Debs - - "deb https://packagecloud.io/slacktechnologies/slack/debian/ jessie main" # Slack - - "deb http://repository.spotify.com stable non-free" # Spotify - - "deb https://apt.syncthing.net/ syncthing stable" # Syncthing - - "deb https://download.mono-project.com/repo/ubuntu vs-bionic main" # Monodevelop - - "deb https://packages.riot.im/debian/ default main" # Element - # My PPA - #- "ppa:rehashedsalt/personal" - # First-party PPAs - - "ppa:phoerious/keepassxc" # KeepassXC - # Third-party PPAs - - "ppa:system76-dev/stable" # Love my lemp9 - - "ppa:drewwalton19216801/dolphin-master-cosmic" # Because Dolphin doesn't update their shit - - "ppa:kgilmer/speed-ricer" # Rice rice rice - - "ppa:lutris-team/lutris" # Lutris is kickass - - name: Update and upgrade apt packages - apt: - upgrade: "yes" - update_cache: yes - # One day - cache_valid_time: 86400 - - name: Install packages - apt: - name: - # Terminal packages - - adb - - bison - - build-essential - - cmake - - debhelper - - devscripts # Tons of cool shit in here, mostly for packaging tho - - dh-make - - earlyoom - - fastboot - - ffmpeg - - flex - - git - - glances # For temperature monitoring, mostly. It's pretty heavy - - imagemagick - - libinput-tools # Allows for libinput debugging - - lua-check # I am good ComputerCraft guy - - neofetch # I never use it but whatever I guess - - network-manager-openconnect - - network-manager-openvpn - - network-manager-vpnc # For default route configuration - - nmap # For those times when you wanna scan a guy - - npm # I'm sorry - - openjdk-8-jre # For Minecraft - - pbuilder # Deb creation tool that does it all in a container - - pwgen - - python3-appdirs - - python3-eyed3 - - python3-pip - - python3-pyqt5 - - python3-usb # fuselee-gelee - - python3-venv - - qt5-default # For Multimc, should be installed on Kubuntu by default regardless - - traceroute - - tree - - units # How many bytes are in a mile? - - vagrant - - vagrant-libvirt - - vim - - wamerican # Dictionaries because I have like two scripts that use them - - wamerican-large - - wamerican-huge - - wamerican-insane - - wine - - wine-binfmt - - xz-utils # For Ansible deb support - # Fonts - - fonts-fork-awesome - - fonts-inconsolata - - fonts-material-design-icons-iconfont - - fonts-noto - - fonts-roboto - # DE - - bspwm - - conky-all # Why this is in several packages is beyond me - - dunst - - hsetroot # Works around a bug with Compton and a gray root window - - i3lock # Don't actually use this anymore (wew ksmserver) - - ibus - - ibus-mozc # Jap - - kubuntu-desktop # Sanity - - mozc-utils-gui - - nitrogen - - papirus-icon-theme - - pavucontrol-qt - - picom - - polybar - - qt5ct - - xbacklight # This works on literally none of my machines but fuck it - # Desktop applications - - alsa-tools-gui # For reprobing my front jack, I guess?? - - barrier # FOSS Synergy - - cantata # MPD client - - chromium-browser - - chromium-chromedriver # Because Selenium - - clonezilla - - dolphin-emu-master - - dolphin-plugins - - element-desktop - - filelight # Sweet disk usage util - - filezilla - - firefox - - g810-led # For Logitech peripherals - - gimp - - inkscape # I use it for like two things - - joy2key # Neat little wrapper to bind joypad keys to keyboard keys - - joystick - - kcolorchooser - - kde-config-plymouth # Realistically not required, but whatever - - kdenlive # For the one video I edit a year - - kdepim - - keepassxc - - krita # I don't ever end up using this, maybe I'll pick it up for spritework - - libnotify-bin # Used for several of my scripts - - libretro-desmume - - libretro-mgba - - libretro-mupen64plus - - libretro-snes9x - - lutris - - mesa-vulkan-drivers - - mono-complete # Initial installation of this package may take an eternity - - monodevelop - - mpv - - mupen64plus-qt - - nextcloud-desktop - - obs-studio - - plymouth-theme-spinner # Gives us the good UEFI logo bootup - - pulseeffects # I need to be an echoey boi - - q4wine - - qbittorrent - - rdesktop # CLI RDP client, works real nice - - redshift - - retroarch - - rofi - - scrot # For scripted screenshots - - slack-desktop - - spotify-client - - steam-installer - - syncthing-gtk - - telegram-desktop - - torbrowser-launcher # Sometimes it's bugged but it's still nice to have - - virt-manager - - vulkan-tools - - vulkan-utils - - winetricks - - xdotool - - xserver-xephyr - - zim - # Other architectures, misc - - "libgl1-mesa-dri:i386" - - "mesa-vulkan-drivers:i386" - # Games - - minetest - - name: Install System76-exclusive packages - apt: - name: - - firmware-manager - - kamoso # Camera util - - system76-acpi-dkms - - system76-dkms - - system76-firmware - - system76-io-dkms - - system76-power - when: ansible_system_vendor == "System76" - - name: Install Focal-exclusive desktop applications - apt: - name: - - piper # Peripheral LED management - when: ansible_distribution_release == "focal" - - name: Install packages without recommends - apt: - install_recommends: no - name: - - php # Dev stuff - - php-xml - - name: Install out-of-repo packages - apt: - deb: "{{ item }}" - loop: - - "https://dl.discordapp.net/apps/linux/0.0.12/discord-0.0.12.deb" - - "https://github.com/MultiMC/MultiMC5/releases/download/0.6.8/multimc_1.4-1.deb" - - "https://zoom.us/client/latest/zoom_amd64.deb" - # We ignore errors here in case we have a more up-to-date package on the target machine and/or face a URL timeout - ignore_errors: yes - - name: Install desktop applications through pip3 - pip: - executable: "/usr/bin/pip3" - state: latest - name: - - pmbootstrap - - protontricks - - youtube-dl - # Just in case we have legacy apps floating around - - name: Remove Snap applications - snap: - name: - - discord - - pixelorama - - riot-web - - slack - - scrcpy - - sengi - - spotify - state: absent - - name: Remove desktop applications through APT - apt: - name: - - ktorrent - - mpd - - thunderbird - state: absent - become: yes diff --git a/roles/desktop-common/tasks/sshd.yml b/roles/desktop-common/tasks/sshd.yml deleted file mode 100644 index 45d9ac4..0000000 --- a/roles/desktop-common/tasks/sshd.yml +++ /dev/null @@ -1,19 +0,0 @@ -#!/usr/bin/ansible-playbook -# vim:ft=ansible: ---- -- name: Configure desktop system - block: - - name: Copy system configs - template: - src: sshd_config - dest: "/etc/ssh/sshd_config" - mode: "0644" - notify: restart sshd - - name: Start services - systemd: - name: "{{ item }}" - enabled: yes - state: started - loop: - - sshd.service - become: yes diff --git a/roles/desktop-common/templates/apache2-vhost.conf b/roles/desktop-common/templates/apache2-vhost.conf deleted file mode 100644 index ad0301b..0000000 --- a/roles/desktop-common/templates/apache2-vhost.conf +++ /dev/null @@ -1,8 +0,0 @@ -# Configuration for {{ inventory_hostname }} local Apache -# vim:ft=apache: - -# Website configuration - - ServerName localhost - DocumentRoot "/var/www/localhost" - diff --git a/roles/desktop-common/templates/backup.sh b/roles/desktop-common/templates/backup.sh deleted file mode 100644 index f367966..0000000 --- a/roles/desktop-common/templates/backup.sh +++ /dev/null @@ -1,67 +0,0 @@ -#! /bin/bash -# -# desktop.sh -# Backup script for desktops. Meant to be sourced by our main backup script -# Copyright (C) 2020 Vintage Salt -# -# Distributed under terms of the MIT license. -# - -set -e - -export OUTDIR="$BACKUPSDIR/{{ inventory_hostname_short }}" -retention=7 # 7-day retention period - -# Sanity checks -if [ -z "$BACKUPSDIR" ]; then - log "BACKUPSDIR was undefined. Run the main backup script instead of this one." - return 1 -fi -if ! [ -d "$OUTDIR" ]; then - if ! mkdir "$OUTDIR"; then - log "Unable to find or create output directory: $OUTDIR" - return 2 - fi -fi - -# Purge oldest backup if we need to -currentbackupcount="$(ls -1 "$OUTDIR" | wc -l)" -if (( currentbackupcount >= retention )); then - lastbackup="$(find "$OUTDIR" -name \*.tar.gz 2>/dev/null | sort | head -n 1)" - if [ -f "$lastbackup" ]; then - log "Removing old backup: $lastbackup" - rm "$lastbackup" - fi -fi -# WE MAKE BACKUP NOW SERGEI -s3bucket="{{ aws.backup_bucket }}" -for dir in /home/*; do - username="$(basename -- "$dir")" - forcefile="$dir/.backup/force" - [ -d "$dir/.backup" ] || continue - for file in "$dir/.backup/"*; do [ -e "$file" ] || continue; done - tar czhf "$OUTDIR/desktop-$username-{{ inventory_hostname_short }}-$(date -Iseconds).tar.gz" "$dir/.backup/"* -# if (( "$(date +%d)" == "1" )) || [ -f "$forcefile" ]; then -# log "Detected conditions for monthly dump" -# if command -v aws > /dev/null 2>&1 && aws s3 ls "s3://$s3bucket" > /dev/null 2>&1; then -# # Time for huge backups piped straight to S3 -# tar cz \ -# --exclude "$dir/.ansible" \ -# --exclude "$dir/.backup" \ -# --exclude "$dir/.cache" \ -# --exclude "$dir/.steam" \ -# --exclude "$dir/Downloads" \ -# --exclude "$dir/Dropbox" \ -# --exclude "$dir/Nextcloud" \ -# --exclude "$dir/snap" \ -# "$dir/."* \ -# | aws s3 cp - "s3://$s3bucket/{{ inventory_hostname_short }}/desktop-$username-{{ inventory_hostname_short }}-$(date -Iseconds)-full.tar.gz" \ -# --only-show-errors \ -# --storage-class STANDARD_IA -# else -# log "Could not satisfy requirements for AWS CLI" -# fi -# [ -f "$forcefile" ] && rm "$forcefile" -# fi -done - diff --git a/roles/desktop-common/templates/g810-led.rules b/roles/desktop-common/templates/g810-led.rules deleted file mode 100644 index 1757150..0000000 --- a/roles/desktop-common/templates/g810-led.rules +++ /dev/null @@ -1,22 +0,0 @@ -ACTION=="add", SUBSYSTEMS=="usb", ATTRS{idVendor}=="046d", ATTRS{idProduct}=="c336", MODE="666" RUN+="/usr/bin/g213-led -p /etc/g810-led/profile" -ACTION=="add", SUBSYSTEMS=="usb", ATTRS{idVendor}=="046d", ATTRS{idProduct}=="c330", MODE="666" RUN+="/usr/bin/g410-led -p /etc/g810-led/profile" -ACTION=="add", SUBSYSTEMS=="usb", ATTRS{idVendor}=="046d", ATTRS{idProduct}=="c33a", MODE="666" RUN+="/usr/bin/g413-led -p /etc/g810-led/profile" -ACTION=="add", SUBSYSTEMS=="usb", ATTRS{idVendor}=="046d", ATTRS{idProduct}=="c33c", MODE="666" RUN+="/usr/bin/g513-led -p /etc/g810-led/profile" -ACTION=="add", SUBSYSTEMS=="usb", ATTRS{idVendor}=="046d", ATTRS{idProduct}=="c333", MODE="666" RUN+="/usr/bin/g610-led -p /etc/g810-led/profile" -ACTION=="add", SUBSYSTEMS=="usb", ATTRS{idVendor}=="046d", ATTRS{idProduct}=="c338", MODE="666" RUN+="/usr/bin/g610-led -p /etc/g810-led/profile" -ACTION=="add", SUBSYSTEMS=="usb", ATTRS{idVendor}=="046d", ATTRS{idProduct}=="c331", MODE="666" RUN+="/usr/bin/g810-led -p /etc/g810-led/profile" -ACTION=="add", SUBSYSTEMS=="usb", ATTRS{idVendor}=="046d", ATTRS{idProduct}=="c337", MODE="666" RUN+="/usr/bin/g810-led -p /etc/g810-led/profile" -ACTION=="add", SUBSYSTEMS=="usb", ATTRS{idVendor}=="046d", ATTRS{idProduct}=="c32b", MODE="666" RUN+="/usr/bin/g910-led -p /etc/g810-led/profile" -ACTION=="add", SUBSYSTEMS=="usb", ATTRS{idVendor}=="046d", ATTRS{idProduct}=="c335", MODE="666" RUN+="/usr/bin/g910-led -p /etc/g810-led/profile" -ACTION=="add", SUBSYSTEMS=="usb", ATTRS{idVendor}=="046d", ATTRS{idProduct}=="c339", MODE="666" RUN+="/usr/bin/gpro-led -p /etc/g810-led/profile" -ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="046d", ATTRS{idProduct}=="c336", MODE="666" RUN+="/usr/bin/g213-led -p /etc/g810-led/profile" -ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="046d", ATTRS{idProduct}=="c330", MODE="666" RUN+="/usr/bin/g410-led -p /etc/g810-led/profile" -ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="046d", ATTRS{idProduct}=="c33a", MODE="666" RUN+="/usr/bin/g413-led -p /etc/g810-led/profile" -ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="046d", ATTRS{idProduct}=="c33c", MODE="666" RUN+="/usr/bin/g513-led -p /etc/g810-led/profile" -ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="046d", ATTRS{idProduct}=="c333", MODE="666" RUN+="/usr/bin/g610-led -p /etc/g810-led/profile" -ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="046d", ATTRS{idProduct}=="c338", MODE="666" RUN+="/usr/bin/g610-led -p /etc/g810-led/profile" -ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="046d", ATTRS{idProduct}=="c331", MODE="666" RUN+="/usr/bin/g810-led -p /etc/g810-led/profile" -ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="046d", ATTRS{idProduct}=="c337", MODE="666" RUN+="/usr/bin/g810-led -p /etc/g810-led/profile" -ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="046d", ATTRS{idProduct}=="c32b", MODE="666" RUN+="/usr/bin/g910-led -p /etc/g810-led/profile" -ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="046d", ATTRS{idProduct}=="c335", MODE="666" RUN+="/usr/bin/g910-led -p /etc/g810-led/profile" -ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="046d", ATTRS{idProduct}=="c339", MODE="666" RUN+="/usr/bin/gpro-led -p /etc/g810-led/profile" diff --git a/roles/desktop-common/templates/grubconfig b/roles/desktop-common/templates/grubconfig deleted file mode 100644 index 8d0344d..0000000 --- a/roles/desktop-common/templates/grubconfig +++ /dev/null @@ -1,40 +0,0 @@ -# vim:ft=bash: -# If you change this file, run 'update-grub' afterwards to update -# /boot/grub/grub.cfg. -# For full documentation of the options in this file, see: -# info -f grub -n 'Simple configuration' - -GRUB_DEFAULT=0 -GRUB_HIDDEN_TIMEOUT=0 -GRUB_HIDDEN_TIMEOUT_QUIET="true" -GRUB_TIMEOUT=0 -GRUB_TIMEOUT_STYLE=hidden -GRUB_RECORDFAIL_TIMEOUT=0 -GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian` -GRUB_CMDLINE_LINUX_DEFAULT="quiet splash" -GRUB_CMDLINE_LINUX="" - -# Work around probing for other OSs resetting timeout -GRUB_DISABLE_OS_PROBER="true" - -# Uncomment to enable BadRAM filtering, modify to suit your needs -# This works with Linux (no patch required) and with any kernel that obtains -# the memory map information from GRUB (GNU Mach, kernel of FreeBSD ...) -#GRUB_BADRAM="0x01234567,0xfefefefe,0x89abcdef,0xefefefef" - -# Uncomment to disable graphical terminal (grub-pc only) -#GRUB_TERMINAL=console - -# The resolution used on graphical terminal -# note that you can use only modes which your graphic card supports via VBE -# you can see them in real GRUB with the command `vbeinfo' -#GRUB_GFXMODE=640x480 - -# Uncomment if you don't want GRUB to pass "root=UUID=xxx" parameter to Linux -#GRUB_DISABLE_LINUX_UUID=true - -# Uncomment to disable generation of recovery mode menu entries -#GRUB_DISABLE_RECOVERY="true" - -# Uncomment to get a beep at grub start -#GRUB_INIT_TUNE="480 440 1" diff --git a/roles/desktop-common/templates/mopidy.conf b/roles/desktop-common/templates/mopidy.conf deleted file mode 100644 index 243ccb3..0000000 --- a/roles/desktop-common/templates/mopidy.conf +++ /dev/null @@ -1,132 +0,0 @@ -# For further information about options in this file see: -# http://docs.mopidy.com/ -# -# The initial commented out values reflect the defaults as of: -# Mopidy 2.2.3 -# Mopidy-File 2.2.3 -# Mopidy-HTTP 2.2.3 -# Mopidy-Local 2.2.3 -# Mopidy-M3U 2.2.3 -# Mopidy-MPD 2.2.3 -# Mopidy-SoftwareMixer 2.2.3 -# Mopidy-Stream 2.2.3 -# -# Available options and defaults might have changed since then, -# run `mopidy config` to see the current effective config and -# `mopidy --version` to check the current version. - -[core] -#cache_dir = $XDG_CACHE_DIR/mopidy -#config_dir = $XDG_CONFIG_DIR/mopidy -#data_dir = $XDG_DATA_DIR/mopidy -#max_tracklist_length = 10000 -#restore_state = false - -[logging] -#color = true -#console_format = %(levelname)-8s %(message)s -#debug_format = %(levelname)-8s %(asctime)s [%(process)d:%(threadName)s] %(name)s\n %(message)s -#debug_file = mopidy.log -#config_file = - -[audio] -#mixer = software -mixer_volume = 60 -#output = autoaudiosink -#buffer_time = - -[proxy] -#scheme = -#hostname = -#port = -#username = -#password = - -[mpd] -#enabled = true -#hostname = 127.0.0.1 -#port = 6600 -#password = -#max_connections = 20 -#connection_timeout = 60 -#zeroconf = Mopidy MPD server on $hostname -#command_blacklist = -# listall -# listallinfo -#default_playlist_scheme = m3u - -[http] -enabled = false -#hostname = 127.0.0.1 -#port = 6680 -#static_dir = -#zeroconf = Mopidy HTTP server on $hostname -#allowed_origins = -#csrf_protection = true - -[stream] -#enabled = true -#protocols = -# http -# https -# mms -# rtmp -# rtmps -# rtsp -#metadata_blacklist = -#timeout = 5000 - -[m3u] -#enabled = true -#base_dir = $XDG_MUSIC_DIR -#default_encoding = latin-1 -#default_extension = .m3u8 -#playlists_dir = - -[softwaremixer] -#enabled = true - -[file] -#enabled = true -#media_dirs = -# $XDG_MUSIC_DIR|Music -# ~/|Home -#excluded_file_extensions = -# .directory -# .html -# .jpeg -# .jpg -# .log -# .nfo -# .pdf -# .png -# .txt -# .zip -#show_dotfiles = false -#follow_symlinks = false -#metadata_timeout = 1000 - -[local] -#enabled = true -#library = json -#media_dir = $XDG_MUSIC_DIR -#scan_timeout = 1000 -#scan_flush_threshold = 100 -#scan_follow_symlinks = false -#excluded_file_extensions = -# .directory -# .html -# .jpeg -# .jpg -# .log -# .nfo -# .pdf -# .png -# .txt -# .zip - -[spotify] -username = {{ mopidy_spotify_username }} -password = {{ mopidy_spotify_password }} -client_id = {{ mopidy_spotify_client_id }} -client_secret = {{ mopidy_spotify_client_secret }} diff --git a/roles/desktop-common/templates/nomouseaccel.conf b/roles/desktop-common/templates/nomouseaccel.conf deleted file mode 100644 index 6e4e89e..0000000 --- a/roles/desktop-common/templates/nomouseaccel.conf +++ /dev/null @@ -1,9 +0,0 @@ -# This file managed via Ansible -# vim:ft=xf86conf -Section "InputClass" - Identifier "mouse" - MatchIsPointer "yes" - # Options - Option "AccelProfile" "flat" - Option "AccelSpeed" "-1" -EndSection diff --git a/roles/desktop-common/templates/sshd_config b/roles/desktop-common/templates/sshd_config deleted file mode 100644 index d5e86d9..0000000 --- a/roles/desktop-common/templates/sshd_config +++ /dev/null @@ -1,112 +0,0 @@ -# This is the sshd server system-wide configuration file. See -# sshd_config(5) for more information. - -#Port 22 -#AddressFamily any -#ListenAddress 0.0.0.0 -#ListenAddress :: - -#HostKey /etc/ssh/ssh_host_rsa_key -#HostKey /etc/ssh/ssh_host_ecdsa_key -#HostKey /etc/ssh/ssh_host_ed25519_key - -# Ciphers and keying -#RekeyLimit default none - -# Logging -#SyslogFacility AUTH -#LogLevel INFO - -# Authentication: - -#LoginGraceTime 2m -PermitRootLogin no -#StrictModes yes -#MaxAuthTries 6 -#MaxSessions 10 - -#PubkeyAuthentication yes - -# Expect .ssh/authorized_keys2 to be disregarded by default in future. -#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2 - -#AuthorizedPrincipalsFile none - -#AuthorizedKeysCommand none -#AuthorizedKeysCommandUser nobody - -# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts -#HostbasedAuthentication no -# Change to yes if you don't trust ~/.ssh/known_hosts for -# HostbasedAuthentication -#IgnoreUserKnownHosts no -# Don't read the user's ~/.rhosts and ~/.shosts files -#IgnoreRhosts yes - -# To disable tunneled clear text passwords, change to no here! -PasswordAuthentication no -#PermitEmptyPasswords no - -# Change to yes to enable challenge-response passwords (beware issues with -# some PAM modules and threads) -ChallengeResponseAuthentication no - -# Kerberos options -#KerberosAuthentication no -#KerberosOrLocalPasswd yes -#KerberosTicketCleanup yes -#KerberosGetAFSToken no - -# GSSAPI options -#GSSAPIAuthentication no -#GSSAPICleanupCredentials yes -#GSSAPIStrictAcceptorCheck yes -#GSSAPIKeyExchange no - -# Set this to 'yes' to enable PAM authentication, account processing, -# and session processing. If this is enabled, PAM authentication will -# be allowed through the ChallengeResponseAuthentication and -# PasswordAuthentication. Depending on your PAM configuration, -# PAM authentication via ChallengeResponseAuthentication may bypass -# the setting of "PermitRootLogin without-password". -# If you just want the PAM account and session checks to run without -# PAM authentication, then enable this but set PasswordAuthentication -# and ChallengeResponseAuthentication to 'no'. -UsePAM yes - -#AllowAgentForwarding yes -#AllowTcpForwarding yes -#GatewayPorts no -X11Forwarding yes -#X11DisplayOffset 10 -#X11UseLocalhost yes -#PermitTTY yes -PrintMotd no -#PrintLastLog yes -#TCPKeepAlive yes -#PermitUserEnvironment no -#Compression delayed -#ClientAliveInterval 0 -#ClientAliveCountMax 3 -#UseDNS no -#PidFile /var/run/sshd.pid -#MaxStartups 10:30:100 -#PermitTunnel no -#ChrootDirectory none -#VersionAddendum none - -# no default banner path -#Banner none - -# Allow client to pass locale environment variables -AcceptEnv LANG LC_* - -# override default of no subsystems -Subsystem sftp /usr/lib/openssh/sftp-server - -# Example of overriding settings on a per-user basis -#Match User anoncvs -# X11Forwarding no -# AllowTcpForwarding no -# PermitTTY no -# ForceCommand cvs server diff --git a/roles/desktop-common/templates/switch-rcm.rules b/roles/desktop-common/templates/switch-rcm.rules deleted file mode 100644 index 77d5ae5..0000000 --- a/roles/desktop-common/templates/switch-rcm.rules +++ /dev/null @@ -1 +0,0 @@ -SUBSYSTEM=="usb", ATTR{idVendor}=="0955", MODE="0664", GROUP="plugdev" diff --git a/roles/desktop-common/templates/touchpad.conf b/roles/desktop-common/templates/touchpad.conf deleted file mode 100644 index 1d6a174..0000000 --- a/roles/desktop-common/templates/touchpad.conf +++ /dev/null @@ -1,12 +0,0 @@ -# This file managed via Ansible -# vim:ft=xf86conf -Section "InputClass" - Identifier "touchpad" - MatchIsTouchpad "yes" - Driver "libinput" - # Options - Option "DisableWhileTyping" "yes" - Option "Tapping" "yes" - Option "TappingButtonMap" "lrm" # 1/2/3-finger taps - Option "TappingDrag" "yes" -EndSection diff --git a/roles/desktop-sddm/meta/main.yml b/roles/desktop-sddm/meta/main.yml deleted file mode 100644 index d098f75..0000000 --- a/roles/desktop-sddm/meta/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -allow_duplicates: no diff --git a/roles/desktop-sddm/tasks/main.yml b/roles/desktop-sddm/tasks/main.yml deleted file mode 100644 index 17ffb88..0000000 --- a/roles/desktop-sddm/tasks/main.yml +++ /dev/null @@ -1,43 +0,0 @@ -#!/usr/bin/ansible-playbook -# vim:ft=ansible: ---- -- name: Install and configure SDDM - block: - - name: Install SDDM - apt: - name: - - sddm - - name: Create config directory - file: - path: /etc/sddm.conf.d - state: directory - - name: Template out config - template: - src: main.conf - dest: /etc/sddm.conf.d/50-ansible.conf - mode: "0644" - - name: Install theme - block: - - name: Remove KDE config - file: - path: /etc/sddm.conf.d/kde_settings.conf - state: absent - - name: Download theme - get_url: - url: "{{ sddm_theme }}" - dest: "/usr/share/sddm/themes/ansible.zip" - register: t - - name: Unpack theme - unarchive: - src: "/usr/share/sddm/themes/ansible.zip" - dest: "/usr/share/sddm/themes" - remote_src: yes - when: t is changed - when: sddm_theme is defined - - name: Template out theme config - template: - src: theme.conf - dest: /etc/sddm.conf.d/51-ansible-theme.conf - mode: "0644" - when: sddm_theme_name is defined - become: yes diff --git a/roles/desktop-sddm/templates/main.conf b/roles/desktop-sddm/templates/main.conf deleted file mode 100644 index f6aeed1..0000000 --- a/roles/desktop-sddm/templates/main.conf +++ /dev/null @@ -1,11 +0,0 @@ -# This configuration file managed by Ansible -# Make your adjustments in a separate file after this one in the load order -# vim:ft=dosini - -[General] -Numlock=on - -[Users] -MinimumUid=1000 -MaximumUid=60000 -HideUsers=ansible diff --git a/roles/desktop-sddm/templates/theme.conf b/roles/desktop-sddm/templates/theme.conf deleted file mode 100644 index a5d628b..0000000 --- a/roles/desktop-sddm/templates/theme.conf +++ /dev/null @@ -1,6 +0,0 @@ -# This configuration file managed by Ansible -# Make your adjustments in a separate file after this one in the load order -# vim:ft=dosini - -[Theme] -Current={{ sddm_theme_name }} diff --git a/roles/desktop-zerotier/handlers/main.yml b/roles/desktop-zerotier/handlers/main.yml deleted file mode 100644 index 4b015ef..0000000 --- a/roles/desktop-zerotier/handlers/main.yml +++ /dev/null @@ -1,9 +0,0 @@ -#!/usr/bin/ansible-playbook -# vim:ft=ansible: ---- -- name: restart zerotier - systemd: - daemon_reload: yes - name: zerotier-one.service - state: restarted - become: yes diff --git a/roles/desktop-zerotier/meta/main.yml b/roles/desktop-zerotier/meta/main.yml deleted file mode 100644 index d098f75..0000000 --- a/roles/desktop-zerotier/meta/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -allow_duplicates: no diff --git a/roles/desktop-zerotier/tasks/main.yml b/roles/desktop-zerotier/tasks/main.yml deleted file mode 100644 index ab88cfd..0000000 --- a/roles/desktop-zerotier/tasks/main.yml +++ /dev/null @@ -1,35 +0,0 @@ -#!/usr/bin/ansible-playbook -# vim:ft=ansible: ---- -- name: Configure system packages - block: - - name: Add zerotier repo key - apt_key: - url: "https://raw.githubusercontent.com/zerotier/ZeroTierOne/master/doc/contact%40zerotier.com.gpg" - - name: Add repos - apt_repository: - repo: "{{ item }}" - loop: - # These repos work for Buster and >=19.10 - - "deb http://download.zerotier.com/debian/buster buster main" - - name: Update APT cache - apt: - update_cache: yes - cache_valid_time: 86400 - - name: Install packages - apt: - name: - - zerotier-one - - name: Template out unit - template: - src: zerotier-one.service - dest: /etc/systemd/system/zerotier-one.service - notify: restart zerotier - - name: Join network - command: - argv: - - "zerotier-cli" - - "join" - - "{{ zerotier_network_id }}" - changed_when: no - become: yes diff --git a/roles/desktop-zerotier/templates/zerotier-one.service b/roles/desktop-zerotier/templates/zerotier-one.service deleted file mode 100644 index be6154d..0000000 --- a/roles/desktop-zerotier/templates/zerotier-one.service +++ /dev/null @@ -1,14 +0,0 @@ -[Unit] -Description=ZeroTier One -After=network.target -Wants=network-online.target - -[Service] -ExecStart=/usr/sbin/zerotier-one -Restart=always -KillMode=process -# Issue 738 -TimeoutStopSec=10 - -[Install] -WantedBy=multi-user.target diff --git a/roles/dkms/handlers/main.yml b/roles/dkms/handlers/main.yml deleted file mode 100644 index d96da58..0000000 --- a/roles/dkms/handlers/main.yml +++ /dev/null @@ -1,9 +0,0 @@ -#!/usr/bin/ansible-playbook -# vim:ft=ansible: ---- -- name: dkms autoinstall - command: - argv: - - /usr/sbin/dkms - - autoinstall - become: yes diff --git a/roles/dkms/tasks/main.yml b/roles/dkms/tasks/main.yml deleted file mode 100644 index a53c020..0000000 --- a/roles/dkms/tasks/main.yml +++ /dev/null @@ -1,15 +0,0 @@ -#!/usr/bin/ansible-playbook -# vim:ft=ansible: ---- -- name: Install DKMS module - block: - - name: Install packages - apt: - name: - - dkms - - name: Clone repository - git: - repo: "{{ dkms_repo }}" - dest: "/usr/src/{{ dkms_name }}" - notify: dkms autoinstall - become: yes diff --git a/roles/dokuwiki/defaults/main.yml b/roles/dokuwiki/defaults/main.yml deleted file mode 100644 index 8bfc25b..0000000 --- a/roles/dokuwiki/defaults/main.yml +++ /dev/null @@ -1,3 +0,0 @@ -# vim:ft=ansible: -dokuwiki_tgz: "https://download.dokuwiki.org/src/dokuwiki/dokuwiki-stable.tgz" -dokuwiki_webroot: "/var/www/dokuwiki" diff --git a/roles/dokuwiki/meta/main.yml b/roles/dokuwiki/meta/main.yml deleted file mode 100644 index 7e415bc..0000000 --- a/roles/dokuwiki/meta/main.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -allow_duplicates: no -dependencies: - - role: apache-php diff --git a/roles/dokuwiki/tasks/main.yml b/roles/dokuwiki/tasks/main.yml deleted file mode 100644 index 612bbb6..0000000 --- a/roles/dokuwiki/tasks/main.yml +++ /dev/null @@ -1,64 +0,0 @@ -#!/usr/bin/ansible-playbook -# vim:ft=ansible: ---- -- name: Install, configure, and start Dokuwiki - block: - - name: Set up Apache - block: - - name: Create webroot - file: - path: "{{ dokuwiki_webroot }}" - mode: "0755" - recurse: yes - state: directory - - name: Check for existing installation - stat: - path: "{{ dokuwiki_webroot }}/index.php" - register: stat_webroot_index - - name: Install Dokuwiki - block: - - name: Download Dokuwiki - get_url: - dest: /var/www/dokuwiki.tgz - url: "{{ dokuwiki_tgz }}" - - name: Extract Dokuwiki - unarchive: - src: /var/www/dokuwiki.tgz - remote_src: yes - dest: "{{ dokuwiki_webroot }}" - extra_opts: [--strip-components=1] - notify: restart apache - - name: Chown webroot - file: - path: "{{ dokuwiki_webroot }}" - state: directory - recurse: yes - owner: www-data - group: www-data - - name: Cleanup - file: - path: /var/www/dokuwiki.tgz - state: absent - when: not stat_webroot_index.stat.exists - - name: Copy over virtual host configs - template: - src: apache2-vhost-ssl.conf - dest: "/etc/apache2/sites-available/{{ dokuwiki_url }}.conf" - notify: restart apache - - name: Enable config - command: - cmd: "a2ensite {{ dokuwiki_url }}.conf" - creates: "/etc/apache2/sites-enabled/{{ dokuwiki_url }}.conf" - notify: restart apache - - name: Generate certificate - include_role: - name: https - vars: - website_url: "{{ dokuwiki_url }}" - website_webroot: "{{ dokuwiki_webroot }}" - - name: Template out backup module - template: - src: "backup.sh" - dest: "/opt/backups/modules/{{ dokuwiki_url }}.sh" - mode: "0600" - become: yes diff --git a/roles/dokuwiki/templates/apache2-vhost-ssl.conf b/roles/dokuwiki/templates/apache2-vhost-ssl.conf deleted file mode 100644 index 6a8e20d..0000000 --- a/roles/dokuwiki/templates/apache2-vhost-ssl.conf +++ /dev/null @@ -1,35 +0,0 @@ -# Configuration for {{ dokuwiki_url }} -# vim:ft=apache: - -# Accept connections from non-SNI clients -SSLStrictSNIVHostCheck off - -# Website configuration - - ServerName {{ dokuwiki_url }} - Redirect permanent / https://{{ dokuwiki_url }} - - - SSLEngine on - SSLCertificateFile /etc/pki/cert/crt/{{ dokuwiki_url }}.crt - SSLCertificateKeyFile /etc/pki/cert/private/{{ dokuwiki_url }}.key - SSLCertificateChainFile /etc/pki/cert/crt/{{ dokuwiki_url}}-fullchain.crt - SSLProtocol {{ ssl_protocol }} - SSLCipherSuite {{ ssl_cipher_suite }} - \ - SSLOptions +StdEnvVars - - - SSLOptions +StdEnvVars - - ServerName {{ dokuwiki_url }} - DocumentRoot {{ dokuwiki_webroot }} - - Require all granted - AllowOverride All - Options MultiViews FollowSymlinks - - - Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains" - - diff --git a/roles/dokuwiki/templates/backup.sh b/roles/dokuwiki/templates/backup.sh deleted file mode 100644 index 99ac041..0000000 --- a/roles/dokuwiki/templates/backup.sh +++ /dev/null @@ -1,38 +0,0 @@ -#! /bin/bash -# -# gitea.sh -# Backup script for Gitea. Meant to be sourced by our main backup script -# Copyright (C) 2020 Vintage Salt -# -# Distributed under terms of the MIT license. -# - -set -e - -export OUTDIR="$BACKUPSDIR/{{ dokuwiki_url }}" -retention=7 # 7-day retention period - -# Sanity checks -if [ -z "$BACKUPSDIR" ]; then - log "BACKUPSDIR was undefined. Run the main backup script instead of this one." - return 1 -fi -if ! [ -d "$OUTDIR" ]; then - if ! mkdir "$OUTDIR"; then - log "Unable to find or create output directory: $OUTDIR" - return 2 - fi -fi - -# Purge oldest backup if we need to -currentbackupcount="$(ls -1 "$OUTDIR" | wc -l)" -if (( currentbackupcount >= retention )); then - lastbackup="$(find "$OUTDIR" -name \*.tar.gz 2>/dev/null | sort | head -n 1)" - if [ -f "$lastbackup" ]; then - log "Removing old backup: $lastbackup" - rm "$lastbackup" - fi -fi -# WE MAKE BACKUP NOW SERGEI -tar czf "$OUTDIR/{{ dokuwiki_url }}-$(date -Iseconds).tar.gz" "{{ dokuwiki_webroot }}" - diff --git a/roles/gitea/defaults/main.yml b/roles/gitea/defaults/main.yml deleted file mode 100644 index 01119a0..0000000 --- a/roles/gitea/defaults/main.yml +++ /dev/null @@ -1,7 +0,0 @@ -# vim:ft=ansible: -gitea.root: "/home/git/gitea-repositories" -gitea.app_name: "Ansible Gitea" -gitea_push_create_user: "true" -gitea_push_create_org: "false" -gitea.disable_registration: "true" -gitea_webroot: "/var/www/gitea" diff --git a/roles/gitea/handlers/main.yml b/roles/gitea/handlers/main.yml deleted file mode 100644 index 1cfa61a..0000000 --- a/roles/gitea/handlers/main.yml +++ /dev/null @@ -1,11 +0,0 @@ -#!/usr/bin/ansible-playbook -# vim:ft=ansible: ---- -- name: restart gitea - systemd: - daemon_reload: yes - name: gitea.service - state: restarted - become: yes -- name: gitea add default user - include_tasks: tasks/add_default_user.yml diff --git a/roles/gitea/meta/main.yml b/roles/gitea/meta/main.yml deleted file mode 100644 index e6d6535..0000000 --- a/roles/gitea/meta/main.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -allow_duplicates: no -dependencies: - - role: apache-php - - role: redis diff --git a/roles/gitea/tasks/add_default_user.yml b/roles/gitea/tasks/add_default_user.yml deleted file mode 100644 index c20f571..0000000 --- a/roles/gitea/tasks/add_default_user.yml +++ /dev/null @@ -1,32 +0,0 @@ - -#!/usr/bin/ansible-playbook -# vim:ft=ansible: ---- -- block: - - name: Create user - command: - argv: - - /usr/local/bin/gitea - - admin - - create-user - - --username - - "{{ gitea.admin.user }}" - - --password - - "{{ gitea.admin.pass }}" - - --email - - "{{ gitea.admin.email }}" - - --config - - /etc/gitea/app.ini - - name: Promote user to admin - command: - argv: - - /usr/bin/mysql - - gitea - - -u - - gitea - - -p - - "{{ gitea.mysql_password }}" - - -e - - 'UPDATE user SET is_admin = 1 WHERE name = "{{ gitea.admin.user }}";' - become: yes - become_user: git diff --git a/roles/gitea/tasks/main.yml b/roles/gitea/tasks/main.yml deleted file mode 100644 index 32e6a13..0000000 --- a/roles/gitea/tasks/main.yml +++ /dev/null @@ -1,160 +0,0 @@ -#!/usr/bin/ansible-playbook -# vim:ft=ansible: ---- -- name: Set up Gitea - block: - - name: Set up PostgreSQL - block: - - name: Create DB user - postgresql_user: - name: gitea - password: "{{ gitea.db.pass }}" - login_host: "{{ gitea.db.hostname }}" - login_user: "{{ psql.ansible.user }}" - login_password: "{{ psql.ansible.pass }}" - - name: Create DB - postgresql_db: - name: gitea - owner: gitea - encoding: UNICODE - login_host: "{{ gitea.db.hostname }}" - login_user: "{{ psql.ansible.user }}" - login_password: "{{ psql.ansible.pass }}" - tags: [ postgresql ] - - name: Set up Apache - block: - - name: Enable modules - command: - cmd: a2enmod "{{ item }}" - creates: "/etc/apache2/mods-enabled/{{ item }}.load" - loop: - - proxy - - proxy_http - notify: restart apache - - name: Template out vhost - template: - src: "apache2-vhost-ssl.conf" - dest: "/etc/apache2/sites-available/{{ gitea.url }}.conf" - notify: restart apache - - name: Create webroot - file: - state: directory - path: "{{ gitea_webroot }}" - - name: Enable site - command: - cmd: "a2ensite {{ gitea.url }}.conf" - creates: "/etc/apache2/sites-enabled/{{ gitea.url }}.conf" - notify: restart apache - - name: Generate certificate - include_role: - name: https - vars: - website_url: "{{ gitea.url }}" - - name: Install git - apt: - name: git - - name: Install Gitea - get_url: - url: "https://dl.gitea.io/gitea/1.12/gitea-1.12-linux-amd64" - dest: "/usr/local/bin/gitea" - mode: "0755" - notify: restart gitea - - name: Create Gitea user - user: - name: git - password: "!" - home: "/home/git" - shell: "/bin/bash" - - name: Create directory structure - file: - state: directory - owner: git - group: git - mode: "0750" - path: "/var/lib/{{ item }}" - loop: - - "gitea" - - "gitea/custom" - - "gitea/data" - - "gitea/log" - - name: Create config directory - file: - state: directory - recurse: yes - mode: "0750" - owner: "root" - group: "git" - path: "/etc/gitea" - - name: Create repositories directory - file: - state: directory - mode: "0700" - owner: git - group: git - path: "{{ gitea.root }}" - - name: Set up EFS mount - block: - - name: Install required packages - apt: - name: - - nfs-client - - name: Create EFS - efs: - name: "{{ gitea.efs.name }}" - encrypt: yes - region: "{{ gitea.efs.region }}" - targets: - - subnet_id: "{{ gitea.efs.subnet_id }}" - security_groups: [ "{{ gitea.efs.security_group }}" ] - register: efs - - name: Mount EFS - mount: - path: "{{ gitea.root }}" - src: "{{ efs.efs.filesystem_address }}" - fstype: nfs4 - opts: "nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport" - state: mounted - when: gitea.efs.name is defined - tags: [ giteaefs ] - - name: Check for config - stat: path="/etc/gitea/app.ini" - register: p - - name: Deploy config - block: - - name: Generate INTERNAL_TOKEN - command: /usr/local/bin/gitea generate secret INTERNAL_TOKEN - register: gitea_internal_token - - name: Generate SECRET_KEY - command: /usr/local/bin/gitea generate secret SECRET_KEY - register: gitea_secret_key - - name: Generate JWT_SECRET - command: /usr/local/bin/gitea generate secret JWT_SECRET - register: gitea_jwt_secret - - name: Generate LFS_JWT_SECRET - command: /usr/local/bin/gitea generate secret LFS_JWT_SECRET - register: gitea_lfs_jwt_secret - - name: Template out app.ini - template: - src: "app.ini" - dest: "/etc/gitea/app.ini" - mode: "0640" - owner: "root" - group: "git" - when: not p.stat.exists - - name: Template out service - template: - src: "gitea.service" - dest: "/etc/systemd/system/gitea.service" - notify: restart gitea - - name: Start and enable service - systemd: - daemon_reload: yes - name: "gitea.service" - enabled: yes - state: "started" - - name: Template out backup module - template: - src: "backup.sh" - dest: "/opt/backups/modules/{{ gitea.url }}.sh" - mode: "0600" - become: yes diff --git a/roles/gitea/templates/apache2-vhost-ssl.conf b/roles/gitea/templates/apache2-vhost-ssl.conf deleted file mode 100644 index 8d6dd1f..0000000 --- a/roles/gitea/templates/apache2-vhost-ssl.conf +++ /dev/null @@ -1,37 +0,0 @@ -# Configuration for {{ gitea.url }} -# vim:ft=apache: - -# Accept connections from non-SNI clients -SSLStrictSNIVHostCheck off -# Need this for SSL proxying, apparently -SSLProxyEngine on - -# Website configuration - - ServerName {{ gitea.url }} - Redirect permanent / https://{{ gitea.url }} - - - SSLEngine on - SSLCertificateFile /etc/pki/cert/crt/{{ gitea.url }}.crt - SSLCertificateKeyFile /etc/pki/cert/private/{{ gitea.url }}.key - SSLCertificateChainFile /etc/pki/cert/crt/{{ gitea.url }}-fullchain.crt - SSLProtocol {{ ssl_protocol }} - SSLCipherSuite {{ ssl_cipher_suite }} - ServerName {{ gitea.url }} - DocumentRoot {{ gitea_webroot }} - - Require all granted - AllowOverride All - Options MultiViews FollowSymlinks - - ProxyPreserveHost On - ProxyRequests Off - ProxyPass / http://127.0.0.1:3000/ nocanon retry=1 - ProxyPassReverse / https://127.0.0.1:3000/ - - RequestHeader set X_FORWARDED_PROTO 'https' - RequestHeader set X-Forwarded-Ssl on - # Used for embedding in Nextcloud - Header unset X-Frame-Options - diff --git a/roles/gitea/templates/app.ini b/roles/gitea/templates/app.ini deleted file mode 100644 index 7521ca4..0000000 --- a/roles/gitea/templates/app.ini +++ /dev/null @@ -1,74 +0,0 @@ -APP_NAME = {{ gitea.app_name }} -RUN_USER = git -RUN_MODE = prod - -[database] -DB_TYPE = postgres -HOST = {{ gitea.db.hostname }}:5432 -NAME = gitea -USER = gitea -PASSWD = {{ gitea.db.pass }} -SSL_MODE = disable -CHARSET = utf8 -PATH = /var/lib/gitea/data/gitea.db - -[log] -MODE = file -LEVEL = info -ROOT_PATH = /var/lib/gitea/log - -[mailer] -ENABLED = false - -[oauth2] -JWT_SECRET = {{ gitea_jwt_secret.stdout }} - -[openid] -ENABLE_OPENID_SIGNIN = true -ENABLE_OPENID_SIGNUP = false - -[picture] -DISABLE_GRAVATAR = true -ENABLE_FEDERATED_AVATAR = false - -[repository] -ENABLE_PUSH_CREATE_USER = {{ gitea_push_create_user }} -ENABLE_PUSH_CREATE_ORG = {{ gitea_push_create_org }} -ROOT = {{ gitea.root }} - -[security] -INTERNAL_TOKEN = {{ gitea_internal_token.stdout }} -INSTALL_LOCK = true -PASSWORD_COMPLEXITY = off -SECRET_KEY = {{ gitea_secret_key.stdout }} - -[server] -SSH_DOMAIN = {{ gitea.url }} -DOMAIN = {{ gitea.url }} -HTTP_PORT = 3000 -ROOT_URL = https://{{ gitea.url }}/ -DISABLE_SSH = false -SSH_PORT = 22 -LFS_START_SERVER = true -LFS_CONTENT_PATH = /var/lib/gitea/data/lfs -LFS_JWT_SECRET = {{ gitea_lfs_jwt_secret.stdout }} -OFFLINE_MODE = true - -[service] -REGISTER_EMAIL_CONFIRM = true -ENABLE_NOTIFY_MAIL = true -DISABLE_REGISTRATION = {{ gitea.disable_registration }} -ALLOW_ONLY_EXTERNAL_REGISTRATION = false -ENABLE_CAPTCHA = false -REQUIRE_SIGNIN_VIEW = false -DEFAULT_KEEP_EMAIL_PRIVATE = false -DEFAULT_ALLOW_CREATE_ORGANIZATION = true -DEFAULT_ENABLE_TIMETRACKING = true -NO_REPLY_ADDRESS = bad.company - -[session] -PROVIDER = file - -[ui] -DEFAULT_THEME = arc-green - diff --git a/roles/gitea/templates/backup.sh b/roles/gitea/templates/backup.sh deleted file mode 100644 index 8c054b7..0000000 --- a/roles/gitea/templates/backup.sh +++ /dev/null @@ -1,47 +0,0 @@ -#! /bin/bash -# -# gitea.sh -# Backup script for Gitea. Meant to be sourced by our main backup script -# Copyright (C) 2020 Vintage Salt -# -# Distributed under terms of the MIT license. -# - -set -e - -export OUTDIR="$BACKUPSDIR/{{ gitea.url }}" -retention=7 # 7-day retention period - -# Sanity checks -if [ -z "$BACKUPSDIR" ]; then - log "BACKUPSDIR was undefined. Run the main backup script instead of this one." - return 1 -fi -if ! [ -d "$OUTDIR" ]; then - if ! mkdir "$OUTDIR"; then - log "Unable to find or create output directory: $OUTDIR" - return 2 - fi -fi -# Enforce permissions on our output directory since the git user will need them -chown root.git "$OUTDIR" -chmod 770 "$OUTDIR" - -# Purge oldest backup if we need to -currentbackupcount="$(ls -1 "$OUTDIR" | wc -l)" -if (( currentbackupcount >= retention )); then - lastbackup="$(find "$OUTDIR" -name \*.zip 2>/dev/null | sort | head -n 1)" - if [ -f "$lastbackup" ]; then - log "Removing old backup: $lastbackup" - rm "$lastbackup" - fi -fi -# WE MAKE BACKUP NOW SERGEI -if cd "$OUTDIR"; then - log "Initiating gitea dump" - su git -c "gitea dump -c /etc/gitea/app.ini" -else - log "Could not change directory: $OUTDIR" - return 3 -fi - diff --git a/roles/gitea/templates/gitea.service b/roles/gitea/templates/gitea.service deleted file mode 100644 index b699cd0..0000000 --- a/roles/gitea/templates/gitea.service +++ /dev/null @@ -1,25 +0,0 @@ -[Unit] -Description=Gitea (Git with a cup of tea) -After=syslog.target -After=network.target -Requires=redis.service - -[Service] -# Modify these two values and uncomment them if you have -# repos with lots of files and get an HTTP error 500 because -# of that -### -#LimitMEMLOCK=infinity -#LimitNOFILE=65535 -RestartSec=2s -Type=simple -User=git -Group=git -WorkingDirectory=/var/lib/gitea/ -ExecStart=/usr/local/bin/gitea web --config /etc/gitea/app.ini -Restart=always -Environment=USER=git HOME=/home/git GITEA_WORK_DIR=/var/lib/gitea - -[Install] -WantedBy=multi-user.target - diff --git a/roles/gitweb/meta/main.yml b/roles/gitweb/meta/main.yml deleted file mode 100644 index f24d2df..0000000 --- a/roles/gitweb/meta/main.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -allow_duplicates: yes -dependencies: - - role: apache-php diff --git a/roles/gitweb/tasks/main.yml b/roles/gitweb/tasks/main.yml deleted file mode 100644 index 81dbce9..0000000 --- a/roles/gitweb/tasks/main.yml +++ /dev/null @@ -1,37 +0,0 @@ -#!/usr/bin/ansible-playbook -# vim:ft=ansible: ---- -- name: Set up webroot for {{ gitweb_repo }} - block: - - name: Set up Apache - block: - - name: Create webroot - file: - path: "{{ gitweb_webroot }}" - mode: "0755" - state: directory - - name: Clone repo - git: - repo: "{{ gitweb_repo }}" - dest: "{{ gitweb_webroot }}" - notify: restart apache - - name: Copy over virtual host configs - template: - src: apache2-vhost-ssl.conf - dest: "/etc/apache2/sites-available/{{ gitweb_url }}.conf" - notify: restart apache - - name: Enable config - command: - cmd: "a2ensite {{ gitweb_url }}.conf" - creates: "/etc/apache2/sites-enabled/{{ gitweb_url }}.conf" - notify: restart apache - - name: Debug site name - debug: - msg: "{{ gitweb_url }} at {{ gitweb_webroot }} from {{ gitweb_repo }}" - - name: Generate certificate - include_role: - name: https - vars: - website_url: "{{ gitweb_url }}" - website_webroot: "{{ gitweb_webroot }}" - become: yes diff --git a/roles/gitweb/templates/apache2-vhost-ssl.conf b/roles/gitweb/templates/apache2-vhost-ssl.conf deleted file mode 100644 index 701bed0..0000000 --- a/roles/gitweb/templates/apache2-vhost-ssl.conf +++ /dev/null @@ -1,32 +0,0 @@ -# Configuration for {{ gitweb_url }} -# vim:ft=apache: - -# Accept connections from non-SNI clients -SSLStrictSNIVHostCheck off - -# Website configuration - - ServerName {{ gitweb_url }} - Redirect permanent / https://{{ gitweb_url }} - - - SSLEngine on - SSLCertificateFile /etc/pki/cert/crt/{{ gitweb_url }}.crt - SSLCertificateKeyFile /etc/pki/cert/private/{{ gitweb_url }}.key - SSLCertificateChainFile /etc/pki/cert/crt/{{ gitweb_url}}-fullchain.crt - SSLProtocol {{ ssl_protocol }} - SSLCipherSuite {{ ssl_cipher_suite }} - \ - SSLOptions +StdEnvVars - - - SSLOptions +StdEnvVars - - ServerName {{ gitweb_url }} - DocumentRoot {{ gitweb_webroot }} - - Require all granted - AllowOverride All - Options MultiViews FollowSymlinks - - diff --git a/roles/grafana/handlers/main.yml b/roles/grafana/handlers/main.yml deleted file mode 100644 index 0b950b0..0000000 --- a/roles/grafana/handlers/main.yml +++ /dev/null @@ -1,8 +0,0 @@ -#!/usr/bin/ansible-playbook -# vim:ft=ansible: ---- -- name: restart grafana - systemd: - name: grafana-server - state: restarted - become: yes diff --git a/roles/grafana/meta/main.yml b/roles/grafana/meta/main.yml deleted file mode 100644 index 7e415bc..0000000 --- a/roles/grafana/meta/main.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -allow_duplicates: no -dependencies: - - role: apache-php diff --git a/roles/grafana/tasks/main.yml b/roles/grafana/tasks/main.yml deleted file mode 100644 index 25f346c..0000000 --- a/roles/grafana/tasks/main.yml +++ /dev/null @@ -1,93 +0,0 @@ -#!/usr/bin/ansible-playbook -# vim:ft=ansible: ---- -- name: Install, configure, and start Grafana - block: - - name: Set up PostgreSQL - block: - - name: Create DB user - postgresql_user: - name: grafana - password: "{{ grafana.db.pass }}" - login_host: "{{ grafana.db.hostname }}" - login_user: "{{ psql.ansible.user }}" - login_password: "{{ psql.ansible.pass }}" - - name: Create DB - postgresql_db: - name: grafana - owner: grafana - encoding: UNICODE - login_host: "{{ grafana.db.hostname }}" - login_user: "{{ psql.ansible.user }}" - login_password: "{{ psql.ansible.pass }}" - tags: [ postgresql ] - - name: Configure Grafana - block: - - name: Create configuration directories - file: - path: "{{ item }}" - state: directory - loop: - - /etc/grafana - - /etc/grafana/provisioning - - name: Template out main config - template: - src: "grafana.ini" - dest: "/etc/grafana/grafana.ini" - mode: "0640" - notify: restart grafana - - name: Clone configuration repo - git: - repo: "{{ grafana.config_repo }}" - dest: "/etc/grafana/provisioning" - force: yes - notify: restart grafana - when: grafana.config_repo is defined - - name: Add and configure packages - block: - - name: Add APT signing key - apt_key: - url: "https://packages.grafana.com/gpg.key" - - name: Add APT repo - apt_repository: - repo: "deb https://packages.grafana.com/oss/deb stable main" - - name: Install Grafana - apt: - name: - - grafana - - name: Enable Grafana - systemd: - daemon_reload: yes - name: "grafana-server.service" - enabled: yes - state: "started" - - name: Set up Apache - block: - - name: Enable modules - command: - cmd: a2enmod "{{ item }}" - creates: "/etc/apache2/mods-enabled/{{ item }}.load" - loop: - - proxy - - proxy_http - notify: restart apache - - name: Template out vhost - template: - src: "apache2-vhost-ssl.conf" - dest: "/etc/apache2/sites-available/{{ grafana.url }}.conf" - notify: restart apache - - name: Create webroot - file: - state: directory - path: "{{ grafana.webroot }}" - - name: Enable site - command: - cmd: "a2ensite {{ grafana.url }}.conf" - creates: "/etc/apache2/sites-enabled/{{ grafana.url }}.conf" - notify: restart apache - - name: Generate certificate - include_role: - name: https - vars: - website_url: "{{ grafana.url }}" - become: yes diff --git a/roles/grafana/templates/apache2-vhost-ssl.conf b/roles/grafana/templates/apache2-vhost-ssl.conf deleted file mode 100644 index 8762290..0000000 --- a/roles/grafana/templates/apache2-vhost-ssl.conf +++ /dev/null @@ -1,35 +0,0 @@ -# Configuration for {{ grafana.url }} -# vim:ft=apache: - -# Accept connections from non-SNI clients -SSLStrictSNIVHostCheck off -# Need this for SSL proxying, apparently -SSLProxyEngine on - -# Website configuration - - ServerName {{ grafana.url }} - Redirect permanent / https://{{ grafana.url }} - - - SSLEngine on - SSLCertificateFile /etc/pki/cert/crt/{{ grafana.url }}.crt - SSLCertificateKeyFile /etc/pki/cert/private/{{ grafana.url }}.key - SSLCertificateChainFile /etc/pki/cert/crt/{{ grafana.url }}-fullchain.crt - SSLProtocol {{ ssl_protocol }} - SSLCipherSuite {{ ssl_cipher_suite }} - ServerName {{ grafana.url }} - DocumentRoot {{ grafana.webroot }} - - Require all granted - AllowOverride All - Options MultiViews FollowSymlinks - - ProxyPreserveHost On - ProxyRequests Off - ProxyPass / http://127.0.0.1:3001/ nocanon retry=1 - ProxyPassReverse / https://127.0.0.1:3001/ - - RequestHeader set X_FORWARDED_PROTO 'https' - RequestHeader set X-Forwarded-Ssl on - diff --git a/roles/grafana/templates/grafana.ini b/roles/grafana/templates/grafana.ini deleted file mode 100644 index 87e5a92..0000000 --- a/roles/grafana/templates/grafana.ini +++ /dev/null @@ -1,714 +0,0 @@ -##################### Grafana Configuration Example ##################### -# -# Everything has defaults so you only need to uncomment things you want to -# change - -# possible values : production, development -;app_mode = production - -# instance name, defaults to HOSTNAME environment variable value or hostname if HOSTNAME var is empty -;instance_name = ${HOSTNAME} - -#################################### Paths #################################### -[paths] -# Path to where grafana can store temp files, sessions, and the sqlite3 db (if that is used) -;data = /var/lib/grafana - -# Temporary files in `data` directory older than given duration will be removed -;temp_data_lifetime = 24h - -# Directory where grafana can store logs -;logs = /var/log/grafana - -# Directory where grafana will automatically scan and look for plugins -;plugins = /var/lib/grafana/plugins - -# folder that contains provisioning config files that grafana will apply on startup and while running. -;provisioning = conf/provisioning - -#################################### Server #################################### -[server] -# Protocol (http, https, h2, socket) -protocol = http - -# The ip address to bind to, empty will bind to all interfaces -http_addr = - -# The http port to use -http_port = 3001 - -# The public facing domain name used to access grafana from a browser -;domain = localhost - -# Redirect to correct domain if host header does not match domain -# Prevents DNS rebinding attacks -;enforce_domain = false - -# The full public facing url you use in browser, used for redirects and emails -# If you use reverse proxy and sub path specify full url (with sub path) -;root_url = %(protocol)s://%(domain)s:%(http_port)s/ - -# Serve Grafana from subpath specified in `root_url` setting. By default it is set to `false` for compatibility reasons. -;serve_from_sub_path = false - -# Log web requests -;router_logging = false - -# the path relative working path -;static_root_path = public - -# enable gzip -;enable_gzip = false - -# https certs & key file -;cert_file = -;cert_key = - -# Unix socket path -;socket = - -#################################### Database #################################### -[database] -# You can configure the database connection by specifying type, host, name, user and password -# as separate properties or as on string using the url properties. - -# Either "mysql", "postgres" or "sqlite3", it's your choice -type = postgres -host = {{ grafana.db.hostname }}:5432 -name = grafana -user = grafana -# If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;""" -password = {{ grafana.db.pass }} - -# Use either URL or the previous fields to configure the database -# Example: mysql://user:secret@host:port/database -;url = - -# For "postgres" only, either "disable", "require" or "verify-full" -;ssl_mode = disable - -;ca_cert_path = -;client_key_path = -;client_cert_path = -;server_cert_name = - -# For "sqlite3" only, path relative to data_path setting -;path = grafana.db - -# Max idle conn setting default is 2 -;max_idle_conn = 2 - -# Max conn setting default is 0 (mean not set) -;max_open_conn = - -# Connection Max Lifetime default is 14400 (means 14400 seconds or 4 hours) -;conn_max_lifetime = 14400 - -# Set to true to log the sql calls and execution times. -;log_queries = - -# For "sqlite3" only. cache mode setting used for connecting to the database. (private, shared) -;cache_mode = private - -#################################### Cache server ############################# -[remote_cache] -# Either "redis", "memcached" or "database" default is "database" -;type = database - -# cache connectionstring options -# database: will use Grafana primary database. -# redis: config like redis server e.g. `addr=127.0.0.1:6379,pool_size=100,db=0,ssl=false`. Only addr is required. ssl may be 'true', 'false', or 'insecure'. -# memcache: 127.0.0.1:11211 -;connstr = - -#################################### Data proxy ########################### -[dataproxy] - -# This enables data proxy logging, default is false -;logging = false - -# How long the data proxy should wait before timing out default is 30 (seconds) -;timeout = 30 - -# If enabled and user is not anonymous, data proxy will add X-Grafana-User header with username into the request, default is false. -;send_user_header = false - -#################################### Analytics #################################### -[analytics] -# Server reporting, sends usage counters to stats.grafana.org every 24 hours. -# No ip addresses are being tracked, only simple counters to track -# running instances, dashboard and error counts. It is very helpful to us. -# Change this option to false to disable reporting. -;reporting_enabled = true - -# Set to false to disable all checks to https://grafana.net -# for new vesions (grafana itself and plugins), check is used -# in some UI views to notify that grafana or plugin update exists -# This option does not cause any auto updates, nor send any information -# only a GET request to http://grafana.com to get latest versions -;check_for_updates = true - -# Google Analytics universal tracking code, only enabled if you specify an id here -;google_analytics_ua_id = - -# Google Tag Manager ID, only enabled if you specify an id here -;google_tag_manager_id = - -#################################### Security #################################### -[security] -# disable creation of admin user on first start of grafana -;disable_initial_admin_creation = false - -# default admin user, created on startup -;admin_user = admin - -# default admin password, can be changed before first start of grafana, or in profile settings -;admin_password = admin - -# used for signing -;secret_key = SW2YcwTIb9zpOOhoPsMm - -# disable gravatar profile images -;disable_gravatar = false - -# data source proxy whitelist (ip_or_domain:port separated by spaces) -;data_source_proxy_whitelist = - -# disable protection against brute force login attempts -;disable_brute_force_login_protection = false - -# set to true if you host Grafana behind HTTPS. default is false. -;cookie_secure = false - -# set cookie SameSite attribute. defaults to `lax`. can be set to "lax", "strict", "none" and "disabled" -;cookie_samesite = lax - -# set to true if you want to allow browsers to render Grafana in a ,