From f407de48eca3ddc0685f325766f408ef67e187c1 Mon Sep 17 00:00:00 2001 From: Darren 'Tadgy' Austin Date: Thu, 19 Feb 2026 14:00:03 +0000 Subject: [PATCH] Few updates before move to Devuan. --- .gitattributesdb | 72 +- etc/.gitignore | 2 + etc/apt/.gitignore | 5 + etc/apt/preferences.d/sury | 3 + etc/apt/sources.list.d/fd.list | 4 + etc/apt/sources.list.d/sury.list | 1 + etc/default/.gitignore | 2 - etc/default/prometheus-node-exporter | 5 + etc/default/terraform-http-backend | 7 + .../fusiondirectory-apache.conf | 8 + etc/fusiondirectory/fusiondirectory.conf.orig | 8 + etc/init.d/.gitignore | 1 - etc/init.d/samba | 90 -- etc/init.d/terraform-http-backend | 62 +- etc/iptables/rules-save | 24 - etc/iptables/rules6-save | 25 - etc/login.defs | 192 ++++ etc/pkglist | 1 + etc/{ => sshguard}/sshguard.conf | 0 .../whitelist} | 0 root/.gitignore | 3 +- root/{ => stuff-to-keep}/clean-fd | 0 root/stuff-to-keep/conf.d/00_bcmath.ini | 1 + root/stuff-to-keep/conf.d/00_bz2.ini | 1 + root/stuff-to-keep/conf.d/00_curl.ini | 1 + root/stuff-to-keep/conf.d/00_gd.ini | 1 + root/stuff-to-keep/conf.d/00_gettext.ini | 1 + root/stuff-to-keep/conf.d/00_gmp.ini | 1 + root/stuff-to-keep/conf.d/00_iconv.ini | 1 + root/stuff-to-keep/conf.d/00_imap.ini | 1 + root/stuff-to-keep/conf.d/00_intl.ini | 1 + root/stuff-to-keep/conf.d/00_ldap.ini | 1 + root/stuff-to-keep/conf.d/00_mbstring.ini | 1 + root/stuff-to-keep/conf.d/00_opcache.ini | 1 + root/stuff-to-keep/conf.d/00_openssl.ini | 1 + root/stuff-to-keep/conf.d/00_posix.ini | 1 + root/stuff-to-keep/conf.d/00_session.ini | 1 + root/stuff-to-keep/conf.d/00_simplexml.ini | 1 + root/stuff-to-keep/conf.d/00_sodium.ini | 1 + root/stuff-to-keep/conf.d/00_sqlite3.ini | 1 + root/stuff-to-keep/conf.d/00_xml.ini | 1 + root/stuff-to-keep/conf.d/00_zip.ini | 1 + root/stuff-to-keep/conf.d/01_phar.ini | 1 + root/stuff-to-keep/conf.d/99_pdo.ini | 6 + root/stuff-to-keep/conf.d/99_pdo_mysql.ini | 4 + root/stuff-to-keep/conf.d/99_pgsql.ini | 27 + root/stuff-to-keep/conf.d/99_phar.ini | 8 + root/stuff-to-keep/conf.d/99_session.ini | 269 ++++++ root/stuff-to-keep/conf.d/99_soap.ini | 16 + root/stuff-to-keep/conf.d/99_sqlite3.ini | 13 + root/stuff-to-keep/conf.d/99_sysvshm.ini | 3 + root/stuff-to-keep/conf.d/99_tidy.ini | 10 + root/stuff-to-keep/conf.d/imagick.ini | 1 + root/{ => stuff-to-keep}/dummy-default-mta | 0 .../dummy-default-mta_0.0.1_all.deb | Bin root/stuff-to-keep/php-fpm.conf | 143 +++ root/stuff-to-keep/php-fpm.d/www.conf | 424 +++++++++ root/stuff-to-keep/php.ini | 844 ++++++++++++++++++ root/stuff-to-keep/pushover-alert.start | 4 + root/stuff-to-keep/pushover-alert.stop | 4 + 60 files changed, 2137 insertions(+), 175 deletions(-) create mode 100644 etc/apt/.gitignore create mode 100644 etc/apt/preferences.d/sury create mode 100644 etc/apt/sources.list.d/fd.list create mode 100644 etc/apt/sources.list.d/sury.list create mode 100644 etc/default/prometheus-node-exporter create mode 100644 etc/default/terraform-http-backend create mode 100644 etc/fusiondirectory/fusiondirectory-apache.conf create mode 100644 etc/fusiondirectory/fusiondirectory.conf.orig delete mode 100755 etc/init.d/samba delete mode 100644 etc/iptables/rules-save delete mode 100644 etc/iptables/rules6-save create mode 100644 etc/login.defs rename etc/{ => sshguard}/sshguard.conf (100%) rename etc/{sshguard.whitelist => sshguard/whitelist} (100%) rename root/{ => stuff-to-keep}/clean-fd (100%) create mode 100644 root/stuff-to-keep/conf.d/00_bcmath.ini create mode 100644 root/stuff-to-keep/conf.d/00_bz2.ini create mode 100644 root/stuff-to-keep/conf.d/00_curl.ini create mode 100644 root/stuff-to-keep/conf.d/00_gd.ini create mode 100644 root/stuff-to-keep/conf.d/00_gettext.ini create mode 100644 root/stuff-to-keep/conf.d/00_gmp.ini create mode 100644 root/stuff-to-keep/conf.d/00_iconv.ini create mode 100644 root/stuff-to-keep/conf.d/00_imap.ini create mode 100644 root/stuff-to-keep/conf.d/00_intl.ini create mode 100644 root/stuff-to-keep/conf.d/00_ldap.ini create mode 100644 root/stuff-to-keep/conf.d/00_mbstring.ini create mode 100644 root/stuff-to-keep/conf.d/00_opcache.ini create mode 100644 root/stuff-to-keep/conf.d/00_openssl.ini create mode 100644 root/stuff-to-keep/conf.d/00_posix.ini create mode 100644 root/stuff-to-keep/conf.d/00_session.ini create mode 100644 root/stuff-to-keep/conf.d/00_simplexml.ini create mode 100644 root/stuff-to-keep/conf.d/00_sodium.ini create mode 100644 root/stuff-to-keep/conf.d/00_sqlite3.ini create mode 100644 root/stuff-to-keep/conf.d/00_xml.ini create mode 100644 root/stuff-to-keep/conf.d/00_zip.ini create mode 100644 root/stuff-to-keep/conf.d/01_phar.ini create mode 100644 root/stuff-to-keep/conf.d/99_pdo.ini create mode 100644 root/stuff-to-keep/conf.d/99_pdo_mysql.ini create mode 100644 root/stuff-to-keep/conf.d/99_pgsql.ini create mode 100644 root/stuff-to-keep/conf.d/99_phar.ini create mode 100644 root/stuff-to-keep/conf.d/99_session.ini create mode 100644 root/stuff-to-keep/conf.d/99_soap.ini create mode 100644 root/stuff-to-keep/conf.d/99_sqlite3.ini create mode 100644 root/stuff-to-keep/conf.d/99_sysvshm.ini create mode 100644 root/stuff-to-keep/conf.d/99_tidy.ini create mode 100644 root/stuff-to-keep/conf.d/imagick.ini rename root/{ => stuff-to-keep}/dummy-default-mta (100%) rename root/{ => stuff-to-keep}/dummy-default-mta_0.0.1_all.deb (100%) create mode 100644 root/stuff-to-keep/php-fpm.conf create mode 100644 root/stuff-to-keep/php-fpm.d/www.conf create mode 100644 root/stuff-to-keep/php.ini create mode 100755 root/stuff-to-keep/pushover-alert.start create mode 100755 root/stuff-to-keep/pushover-alert.stop diff --git a/.gitattributesdb b/.gitattributesdb index 713d76b..6c27bcb 100644 --- a/.gitattributesdb +++ b/.gitattributesdb @@ -34,6 +34,10 @@ ZXRjL2FwYWNoZTIvbW9kcy1lbmFibGVkL3NldGVudmlmLmxvYWQ= 1762021735.661650000 176202 ZXRjL2FwYWNoZTIvc2l0ZXMtYXZhaWxhYmxlLy5naXRpZ25vcmU= 1766069274.068541443 1766069263.648712326 root:root 0644 - - ZXRjL2FwYWNoZTIvc2l0ZXMtYXZhaWxhYmxlL2NvcmUuc2xhY2t3YXJlLnVrLm5ldC5jb25m 1758817141.000000000 1757785113.000000000 root:root 0644 - - ZXRjL2FwYWNoZTIvc2l0ZXMtZW5hYmxlZC8wMDAtY29yZS5zbGFja3dhcmUudWsubmV0LmNvbmY= 1762529451.292078041 1762529451.292078041 root:root 0777 - - +ZXRjL2FwdC8uZ2l0aWdub3Jl 1762532662.236312315 1762532566.409854495 root:root 0644 - - +ZXRjL2FwdC9wcmVmZXJlbmNlcy5kL3N1cnk= 1762021809.456432672 1762021809.456432672 root:root 0644 - - +ZXRjL2FwdC9zb3VyY2VzLmxpc3QuZC9mZC5saXN0 1762021706.378133066 1762021706.374133133 root:root 0644 - - +ZXRjL2FwdC9zb3VyY2VzLmxpc3QuZC9zdXJ5Lmxpc3Q= 1762021706.378133066 1762021706.378133066 root:root 0644 - - ZXRjL2Nyb24uMTVtaW4vLmdpdGlnbm9yZQ== 1762535468.567176697 1762535289.358058790 root:root 0644 - - ZXRjL2Nyb24uZC8uZ2l0aWdub3Jl 1762535453.203423781 1762535289.358058790 root:root 0644 - - ZXRjL2Nyb24uZGFpbHkvLmdpdGlnbm9yZQ== 1762538383.748288196 1762535499.146684944 root:root 0644 - - @@ -48,7 +52,9 @@ ZXRjL2Nyb24ud2Vla2x5L2NsZWFuLXBocA== 1762628439.836853762 1762628439.836853762 r ZXRjL2Nyb24ueWVhcmx5Ly5naXRpZ25vcmU= 1762535568.001577608 1762535568.001577608 root:root 0644 - - ZXRjL2Nyb250YWI= 1762534976.223094581 1757593504.000000000 root:root 0600 - - ZXRjL2RlZmF1bHQvLmdpdGlnbm9yZQ== 1762624179.585857684 1762624148.166366444 root:root 0644 - - +ZXRjL2RlZmF1bHQvcHJvbWV0aGV1cy1ub2RlLWV4cG9ydGVy 1771504260.677940581 1762023153.000000000 root:root 0644 - - ZXRjL2RlZmF1bHQvcm90YXRlLWxvZ3Mtc3ltbGlua3M= 1758555243.000000000 1758552192.000000000 root:root 0644 - - +ZXRjL2RlZmF1bHQvdGVycmFmb3JtLWh0dHAtYmFja2VuZA== 1771507048.704791655 1757595391.000000000 root:root 0600 - - ZXRjL2RlaHlkcmF0ZWQvLmdpdGlnbm9yZQ== 1758038054.000000000 1758038054.000000000 root:root 0644 - - ZXRjL2RlaHlkcmF0ZWQvYWNjb3VudHMvLmdpdGlnbm9yZQ== 1757873230.000000000 1757873230.000000000 root:root 0644 - - ZXRjL2RlaHlkcmF0ZWQvYWNjb3VudHMvYUhSMGNITTZMeTloWTIxbExYWXdNaTVoY0drdWJHVjBjMlZ1WTNKNWNIUXViM0puTDJScGNtVmpkRzl5ZVFvLnRhci5ncGc= 1761052714.000000000 1757873275.000000000 root:root 0644 - - @@ -59,20 +65,20 @@ ZXRjL2RlaHlkcmF0ZWQvZG9tYWlucw== 1757862328.000000000 1757862077.000000000 root: ZXRjL2RlaHlkcmF0ZWQvZG9tYWlucy5kL19leGFtcGxlXw== 1757863238.000000000 1757862077.000000000 root:root 0644 - - ZXRjL2RlaHlkcmF0ZWQvZG9tYWlucy5kL2NvcmUuc2xhY2t3YXJlLnVrLm5ldA== 1757863250.000000000 1757863250.000000000 root:root 0644 - - ZXRjL2RlaHlkcmF0ZWQvaG9va3MvZGVmYXVsdA== 1758045829.000000000 1757862077.000000000 root:root 0755 - - -ZXRjL2Z1c2lvbmRpcmVjdG9yeS9mdXNpb25kaXJlY3RvcnkuY29uZg== - - +ZXRjL2Z1c2lvbmRpcmVjdG9yeS9mdXNpb25kaXJlY3RvcnktYXBhY2hlLmNvbmY= 1740415693.000000000 1762022137.000000000 root:root 0644 - - +ZXRjL2Z1c2lvbmRpcmVjdG9yeS9mdXNpb25kaXJlY3RvcnkuY29uZg== 1771459200.000000000 1771459200.000000000 root:root 0644 - - +ZXRjL2Z1c2lvbmRpcmVjdG9yeS9mdXNpb25kaXJlY3RvcnkuY29uZi5vcmln 1760207207.000000000 1760207207.000000000 root:root 0644 - - ZXRjL2dyb3Vw 1762530431.632238190 1762530431.632238190 root:root 0644 - - ZXRjL2dzaGFkb3cuZ3Bn 1762628156.813441524 1762447499.282711556 root:root 0644 - - ZXRjL2hvc3RuYW1l 1757594311.000000000 1757594311.000000000 root:root 0644 - - ZXRjL2hvc3Rz 1762446715.371577485 1757594362.000000000 root:root 0644 - - -ZXRjL2luaXQuZC8uZ2l0aWdub3Jl - - -ZXRjL2luaXQuZC9zYW1iYQ== - - -ZXRjL2luaXQuZC90ZXJyYWZvcm0taHR0cC1iYWNrZW5k - - -ZXRjL2lwdGFibGVzL3J1bGVzLXNhdmU= - - -ZXRjL2lwdGFibGVzL3J1bGVzNi1zYXZl - - +ZXRjL2luaXQuZC8uZ2l0aWdub3Jl 1771459200.000000000 1771459200.000000000 root:root 0644 - - +ZXRjL2luaXQuZC90ZXJyYWZvcm0taHR0cC1iYWNrZW5k 1771459200.000000000 1771459200.000000000 root:root 0755 - - ZXRjL2tyYjUuY29uZg== 1762447367.132883171 1583171707.000000000 root:root 0644 - - ZXRjL2xkYXAvbGRhcC5jb25m 1758374529.000000000 1730112559.000000000 root:root 0644 - - ZXRjL2xkYXAvc2NoZW1hLy5naXRpZ25vcmU= 1762628549.507075969 1762628549.507075969 root:root 0644 - - ZXRjL2xkYXAvc2NoZW1hL3JmYzIzMDdiaXMuc2NoZW1h 1759835660.000000000 1759835660.000000000 root:root 0644 - - +ZXRjL2xvZ2luLmRlZnM= 1771509215.801996599 1745058028.000000000 root:root 0644 - - ZXRjL21vdGQ= 1762625944.389278724 1756052400.000000000 root:root 0644 - - ZXRjL21zbXRwLmFsaWFzZXM= 1758035451.000000000 1758035451.000000000 root:root 0644 - - ZXRjL21zbXRwcmMuZ3Bn 1761052674.000000000 1758049424.000000000 root:root 0644 - - @@ -84,7 +90,7 @@ ZXRjL3Bhc3N3ZA== 1762449439.234773795 1762449439.234773795 root:root 0644 - - ZXRjL3BocGxkYXBhZG1pbi8uZ2l0aWdub3Jl 1762628720.800299329 1762628701.308615289 root:root 0644 - - ZXRjL3BocGxkYXBhZG1pbi9jb25maWcucGhwLmdwZw== 1761052640.000000000 1758539944.000000000 root:root 0644 - - ZXRjL3BrZ2xpc3Q= 1766102401.840579350 1762560002.068536774 root:root 0644 - - -ZXRjL3BsYS9jb25maWcucGhwLmdwZw== - - +ZXRjL3BsYS9jb25maWcucGhwLmdwZw== 1771459200.000000000 1771459200.000000000 root:root 0644 - - ZXRjL3B1c2hvdmVyLWNsaWVudC8uZ2l0aWdub3Jl 1762628624.365862525 1762448145.464092595 root:root 0644 - - ZXRjL3B1c2hvdmVyLWNsaWVudC9kZWZhdWx0LmdwZw== 1762448163.991787320 1762448163.979787518 root:root 0644 - - ZXRjL3Jlc29sdi5jb25m 1757611605.000000000 1757611605.000000000 root:root 0644 - - @@ -95,8 +101,8 @@ ZXRjL3NoYWRvdy5ncGc= 1762628180.969049967 1762447484.598952854 root:root 0644 - ZXRjL3NzaC8uZ2l0aWdub3Jl 1762628843.382312260 1757606957.000000000 root:root 0644 - - ZXRjL3NzaC9zc2hfY29uZmln 1757606630.000000000 1757606630.000000000 root:root 0644 - - ZXRjL3NzaC9zc2hkX2NvbmZpZw== 1758202229.000000000 1757606896.000000000 root:root 0644 - - -ZXRjL3NzaGd1YXJkLmNvbmY= - - -ZXRjL3NzaGd1YXJkLndoaXRlbGlzdA== - - +ZXRjL3NzaGd1YXJkL3NzaGd1YXJkLmNvbmY= 1758050700.000000000 1758050700.000000000 root:root 0644 - - +ZXRjL3NzaGd1YXJkL3doaXRlbGlzdA== 1758050235.000000000 1758050235.000000000 root:root 0644 - - ZXRjL3N1ZG9lcnMuZC8uZ2l0aWdub3Jl 1762026765.566662574 1762026765.566662574 root:root 0644 - - ZXRjL3N1ZG9lcnMuZC9kZWZhdWx0cw== 1757599359.000000000 1757599359.000000000 root:root 0640 - - ZXRjL3N1ZG9lcnMuZC9yb290LWFjY2Vzcw== 1757600157.000000000 1757600157.000000000 root:root 0640 - - @@ -122,19 +128,55 @@ cm9vdC8uYmFzaF9sb2dvdXQ= 1757582867.000000000 1757582867.000000000 root:root 064 cm9vdC8uYmFzaF9wcm9maWxl 1757584711.000000000 1757584711.000000000 root:root 0644 - - cm9vdC8uYmFzaHJj 1758887027.000000000 1757586493.000000000 root:root 0644 - - cm9vdC8uZ2l0Y29uZmln 1757582738.000000000 1757582738.000000000 root:root 0644 - - -cm9vdC8uZ2l0aWdub3Jl 1762025015.187546548 1757600312.000000000 root:root 0644 - - +cm9vdC8uZ2l0aWdub3Jl 1771509562.912369370 1757600312.000000000 root:root 0644 - - cm9vdC8ubG9jYWwvc2hhcmUvbmFuby8uZ2l0aWdub3Jl 1757586210.000000000 1757586210.000000000 root:root 0644 - - cm9vdC8ubmFub3Jj 1757585756.000000000 1757585756.000000000 root:root 0644 - - cm9vdC8uc3NoLy5naXRpZ25vcmU= 1757593349.000000000 1757593349.000000000 root:root 0644 - - cm9vdC8uc3NoL2F1dGhvcml6ZWRfa2V5cw== 1757587611.000000000 1757587611.000000000 root:root 0644 - - -cm9vdC9jbGVhbi1mZA== 1758994151.000000000 1758992264.000000000 root:root 0755 - - -cm9vdC9kdW1teS1kZWZhdWx0LW10YQ== 1762020478.278412865 1762020215.034844513 root:root 0644 - - -cm9vdC9kdW1teS1kZWZhdWx0LW10YV8wLjAuMV9hbGwuZGVi 1762020499.466056182 1762020499.458056317 root:root 0644 - - +cm9vdC9zdHVmZi10by1rZWVwL2NsZWFuLWZk 1758994151.000000000 1758992264.000000000 root:root 0755 - - +cm9vdC9zdHVmZi10by1rZWVwL2NvbmYuZC8wMF9iY21hdGguaW5p 1754432591.000000000 1754432591.000000000 root:root 0644 - - +cm9vdC9zdHVmZi10by1rZWVwL2NvbmYuZC8wMF9iejIuaW5p 1754432591.000000000 1754432591.000000000 root:root 0644 - - +cm9vdC9zdHVmZi10by1rZWVwL2NvbmYuZC8wMF9jdXJsLmluaQ== 1754432591.000000000 1754432591.000000000 root:root 0644 - - +cm9vdC9zdHVmZi10by1rZWVwL2NvbmYuZC8wMF9nZC5pbmk= 1758756479.000000000 1758756479.000000000 root:root 0644 - - +cm9vdC9zdHVmZi10by1rZWVwL2NvbmYuZC8wMF9nZXR0ZXh0LmluaQ== 1754432591.000000000 1754432591.000000000 root:root 0644 - - +cm9vdC9zdHVmZi10by1rZWVwL2NvbmYuZC8wMF9nbXAuaW5p 1754432591.000000000 1754432591.000000000 root:root 0644 - - +cm9vdC9zdHVmZi10by1rZWVwL2NvbmYuZC8wMF9pY29udi5pbmk= 1754432591.000000000 1754432591.000000000 root:root 0644 - - +cm9vdC9zdHVmZi10by1rZWVwL2NvbmYuZC8wMF9pbWFwLmluaQ== 1758756479.000000000 1758756479.000000000 root:root 0644 - - +cm9vdC9zdHVmZi10by1rZWVwL2NvbmYuZC8wMF9pbnRsLmluaQ== 1754432591.000000000 1754432591.000000000 root:root 0644 - - +cm9vdC9zdHVmZi10by1rZWVwL2NvbmYuZC8wMF9sZGFwLmluaQ== 1754432591.000000000 1754432591.000000000 root:root 0644 - - +cm9vdC9zdHVmZi10by1rZWVwL2NvbmYuZC8wMF9tYnN0cmluZy5pbmk= 1754432591.000000000 1754432591.000000000 root:root 0644 - - +cm9vdC9zdHVmZi10by1rZWVwL2NvbmYuZC8wMF9vcGNhY2hlLmluaQ== 1754432591.000000000 1754432591.000000000 root:root 0644 - - +cm9vdC9zdHVmZi10by1rZWVwL2NvbmYuZC8wMF9vcGVuc3NsLmluaQ== 1754432591.000000000 1754432591.000000000 root:root 0644 - - +cm9vdC9zdHVmZi10by1rZWVwL2NvbmYuZC8wMF9wb3NpeC5pbmk= 1754432591.000000000 1754432591.000000000 root:root 0644 - - +cm9vdC9zdHVmZi10by1rZWVwL2NvbmYuZC8wMF9zZXNzaW9uLmluaQ== 1754432591.000000000 1754432591.000000000 root:root 0644 - - +cm9vdC9zdHVmZi10by1rZWVwL2NvbmYuZC8wMF9zaW1wbGV4bWwuaW5p 1754432591.000000000 1754432591.000000000 root:root 0644 - - +cm9vdC9zdHVmZi10by1rZWVwL2NvbmYuZC8wMF9zb2RpdW0uaW5p 1758756479.000000000 1758756479.000000000 root:root 0644 - - +cm9vdC9zdHVmZi10by1rZWVwL2NvbmYuZC8wMF9zcWxpdGUzLmluaQ== 1754432591.000000000 1754432591.000000000 root:root 0644 - - +cm9vdC9zdHVmZi10by1rZWVwL2NvbmYuZC8wMF94bWwuaW5p 1754432591.000000000 1754432591.000000000 root:root 0644 - - +cm9vdC9zdHVmZi10by1rZWVwL2NvbmYuZC8wMF96aXAuaW5p 1754432591.000000000 1754432591.000000000 root:root 0644 - - +cm9vdC9zdHVmZi10by1rZWVwL2NvbmYuZC8wMV9waGFyLmluaQ== 1754432591.000000000 1754432591.000000000 root:root 0644 - - +cm9vdC9zdHVmZi10by1rZWVwL2NvbmYuZC85OV9wZG8uaW5p 1758566165.000000000 1758566165.000000000 root:root 0644 - - +cm9vdC9zdHVmZi10by1rZWVwL2NvbmYuZC85OV9wZG9fbXlzcWwuaW5p 1758566165.000000000 1758566165.000000000 root:root 0644 - - +cm9vdC9zdHVmZi10by1rZWVwL2NvbmYuZC85OV9wZ3NxbC5pbmk= 1758566165.000000000 1758566165.000000000 root:root 0644 - - +cm9vdC9zdHVmZi10by1rZWVwL2NvbmYuZC85OV9waGFyLmluaQ== 1758566165.000000000 1758566165.000000000 root:root 0644 - - +cm9vdC9zdHVmZi10by1rZWVwL2NvbmYuZC85OV9zZXNzaW9uLmluaQ== 1760206689.000000000 1758566165.000000000 root:root 0644 - - +cm9vdC9zdHVmZi10by1rZWVwL2NvbmYuZC85OV9zb2FwLmluaQ== 1758566165.000000000 1758566165.000000000 root:root 0644 - - +cm9vdC9zdHVmZi10by1rZWVwL2NvbmYuZC85OV9zcWxpdGUzLmluaQ== 1758566165.000000000 1758566165.000000000 root:root 0644 - - +cm9vdC9zdHVmZi10by1rZWVwL2NvbmYuZC85OV9zeXN2c2htLmluaQ== 1758566165.000000000 1758566165.000000000 root:root 0644 - - +cm9vdC9zdHVmZi10by1rZWVwL2NvbmYuZC85OV90aWR5LmluaQ== 1758566165.000000000 1758566165.000000000 root:root 0644 - - +cm9vdC9zdHVmZi10by1rZWVwL2NvbmYuZC9pbWFnaWNrLmluaQ== 1755096904.000000000 1755096904.000000000 root:root 0644 - - +cm9vdC9zdHVmZi10by1rZWVwL2R1bW15LWRlZmF1bHQtbXRh 1762020478.278412865 1762020215.034844513 root:root 0644 - - +cm9vdC9zdHVmZi10by1rZWVwL2R1bW15LWRlZmF1bHQtbXRhXzAuMC4xX2FsbC5kZWI= 1762020499.466056182 1762020499.458056317 root:root 0644 - - +cm9vdC9zdHVmZi10by1rZWVwL3BocC1mcG0uY29uZg== 1758566251.000000000 1758566184.000000000 root:root 0644 - - +cm9vdC9zdHVmZi10by1rZWVwL3BocC1mcG0uZC93d3cuY29uZg== 1758566277.000000000 1758566199.000000000 root:root 0644 - - +cm9vdC9zdHVmZi10by1rZWVwL3BocC5pbmk= 1759845481.000000000 1758566175.000000000 root:root 0644 - - +cm9vdC9zdHVmZi10by1rZWVwL3B1c2hvdmVyLWFsZXJ0LnN0YXJ0 1758225142.000000000 1758225089.000000000 root:root 0755 - - +cm9vdC9zdHVmZi10by1rZWVwL3B1c2hvdmVyLWFsZXJ0LnN0b3A= 1758225254.000000000 1758225155.000000000 root:root 0755 - - dmFyLy5naXRpZ25vcmU= 1762537544.845782317 1758288560.000000000 root:root 0644 - - dmFyL2xpYi8uZ2l0aWdub3Jl 1762025492.611669032 1758288764.000000000 root:root 0644 - - dmFyL2xpYi90ZXJyYWZvcm0taHR0cC1iYWNrZW5kLy5naXRrZWVwZGly 1762024627.173956151 1762024627.173956151 root:root 0644 - - -dmFyL3RtcC8uZ2l0aWdub3Jl - - -dmFyL3RtcC9waHAtdXBsb2Fkcy8uZ2l0aWdub3Jl - - +dmFyL3RtcC8uZ2l0aWdub3Jl 1771459200.000000000 1771459200.000000000 root:root 0644 - - +dmFyL3RtcC9waHAtdXBsb2Fkcy8uZ2l0aWdub3Jl 1771459200.000000000 1771459200.000000000 root:root 0644 - - ZXRjL3NoYWRvdw== 1762449439.206774257 1762449439.206774257 root:shadow 0640 - - ZXRjL3NoYWRvdy0= 1762023813.000000000 1762023813.000000000 root:shadow 0640 - - ZXRjL3N1ZG9lcnM= 1751262933.000000000 1751262933.000000000 root:root 0440 - - diff --git a/etc/.gitignore b/etc/.gitignore index 9f86bc8..34654b4 100644 --- a/etc/.gitignore +++ b/etc/.gitignore @@ -1,3 +1,5 @@ +/.pwd.lock +/.updated /ImageMagick-7/ /X11/ /adduser.conf diff --git a/etc/apt/.gitignore b/etc/apt/.gitignore new file mode 100644 index 0000000..1451072 --- /dev/null +++ b/etc/apt/.gitignore @@ -0,0 +1,5 @@ +/apt.conf.d/ +/auth.conf.d/ +/keyrings/ +/sources.list +/trusted.gpg.d/ diff --git a/etc/apt/preferences.d/sury b/etc/apt/preferences.d/sury new file mode 100644 index 0000000..af6fa36 --- /dev/null +++ b/etc/apt/preferences.d/sury @@ -0,0 +1,3 @@ +Package: * +Pin: release o=deb.sury.org +Pin-Priority: 1000 diff --git a/etc/apt/sources.list.d/fd.list b/etc/apt/sources.list.d/fd.list new file mode 100644 index 0000000..1b7dcbd --- /dev/null +++ b/etc/apt/sources.list.d/fd.list @@ -0,0 +1,4 @@ +deb [trusted=yes] https://public.fusiondirectory.org/debian/fusiondirectory-integrator/ bullseye main +deb [trusted=yes] https://public.fusiondirectory.org/debian/fusiondirectory-tools/ bullseye main +deb [trusted=yes] https://public.fusiondirectory.org/debian/fusiondirectory-external-libraries/ bullseye main +deb [trusted=yes] https://public.fusiondirectory.org/debian/bullseye-fusiondirectory-release/ bullseye main diff --git a/etc/apt/sources.list.d/sury.list b/etc/apt/sources.list.d/sury.list new file mode 100644 index 0000000..feb0f4f --- /dev/null +++ b/etc/apt/sources.list.d/sury.list @@ -0,0 +1 @@ +deb [trusted=yes] https://packages.sury.org/php/ trixie main diff --git a/etc/default/.gitignore b/etc/default/.gitignore index 2a2cdd4..2a9e21a 100644 --- a/etc/default/.gitignore +++ b/etc/default/.gitignore @@ -5,8 +5,6 @@ /networking /nss /openipmi -/prometheus-node-exporter -/smartmontools /ssh /useradd /winbind diff --git a/etc/default/prometheus-node-exporter b/etc/default/prometheus-node-exporter new file mode 100644 index 0000000..1378629 --- /dev/null +++ b/etc/default/prometheus-node-exporter @@ -0,0 +1,5 @@ +# Set the command-line arguments to pass to the server. +# Due to shell escaping, to pass backslashes for regexes, you need to double +# them (\\d for \d). If running under systemd, you need to double them again +# (\\\\d to mean \d), and escape newlines too. +ARGS="--web.listen-address=5.101.171.215:9100" diff --git a/etc/default/terraform-http-backend b/etc/default/terraform-http-backend new file mode 100644 index 0000000..e6cc2ce --- /dev/null +++ b/etc/default/terraform-http-backend @@ -0,0 +1,7 @@ +TF_USER="thb" +TF_IP="5.101.171.215" +TF_PORT="25480" +TF_STORAGE_DIR="/var/lib/terraform-http-backend" +TF_AUTH_ENABLED="true" +TF_USERNAME="sysadmin" +TF_PASSWORD="sunsa" diff --git a/etc/fusiondirectory/fusiondirectory-apache.conf b/etc/fusiondirectory/fusiondirectory-apache.conf new file mode 100644 index 0000000..9facd2a --- /dev/null +++ b/etc/fusiondirectory/fusiondirectory-apache.conf @@ -0,0 +1,8 @@ +# Include FusionDirectory to your web service +Alias /fusiondirectory /usr/share/fusiondirectory/html + + +# Remove the comment from the line below if you use fusiondirectory-configuration-manager --encrypt-passwords +# include /etc/fusiondirectory/fusiondirectory.secrets + + diff --git a/etc/fusiondirectory/fusiondirectory.conf.orig b/etc/fusiondirectory/fusiondirectory.conf.orig new file mode 100644 index 0000000..ca86517 --- /dev/null +++ b/etc/fusiondirectory/fusiondirectory.conf.orig @@ -0,0 +1,8 @@ + + +
+ + + +
+ diff --git a/etc/init.d/.gitignore b/etc/init.d/.gitignore index f3bc12c..e7df9d0 100644 --- a/etc/init.d/.gitignore +++ b/etc/init.d/.gitignore @@ -1,4 +1,3 @@ /* !/.gitignore -!/samba !/terraform-http-backend diff --git a/etc/init.d/samba b/etc/init.d/samba deleted file mode 100755 index 8c701f2..0000000 --- a/etc/init.d/samba +++ /dev/null @@ -1,90 +0,0 @@ -#!/sbin/openrc-run - -extra_started_commands="reload" -piddir=${piddir:-"/run/samba"} - -DAEMON=${RC_SVCNAME#samba.} -if [ "$DAEMON" != "$RC_SVCNAME" ]; then - daemon_list=$DAEMON -fi - -depend() { - need net - after firewall -} - -start_pre() { - checkpath --directory "$piddir" -} - -start_samba() { - start-stop-daemon --start --quiet --exec /usr/sbin/samba -- \ - ${samba_options:-"-D"} -} - -stop_samba() { - start-stop-daemon --stop --quiet --pidfile "$piddir"/samba.pid -} - -start_smbd() { - start-stop-daemon --start --quiet --exec /usr/sbin/smbd -- \ - ${smbd_options:-"-D"} -} - -stop_smbd() { - start-stop-daemon --stop --quiet --pidfile "$piddir"/smbd.pid -} - -start_nmbd() { - start-stop-daemon --start --quiet --exec /usr/sbin/nmbd -- \ - ${nmbd_options:-"-D"} -} - -stop_nmbd() { - start-stop-daemon --stop --quiet --pidfile "$piddir"/nmbd.pid -} - -start_winbindd() { - start-stop-daemon --start --quiet --exec /usr/sbin/winbindd -- \ - ${winbindd_options:-"-D"} -} - -stop_winbindd() { - start-stop-daemon --stop --quiet --pidfile "$piddir"/winbindd.pid -} - - -start_bgqd() { - start-stop-daemon --start --quiet --exec /usr/lib/samba/samba-bgqd -- \ - ${bgqd_options:-"-D"} -} - -stop_bgqd() { - start-stop-daemon --stop --quiet --pidfile "$piddir"/samba-bgqd.pid -} - -start() { - for i in $daemon_list; do - ebegin "Starting $i" - start_$i - eend $? - done -} - -stop() { - for i in $daemon_list; do - ebegin "Stopping $i" - stop_$i - eend $? - done -} - -reload() { - for i in $daemon_list; do - ebegin "Reloading $i" - # bgqd binary is called samba-bgqd - busybox killall -HUP ${i/bgqd/samba-bgqd} - eend $? - done -} - diff --git a/etc/init.d/terraform-http-backend b/etc/init.d/terraform-http-backend index c43d8a2..0bc5bb7 100755 --- a/etc/init.d/terraform-http-backend +++ b/etc/init.d/terraform-http-backend @@ -1,19 +1,49 @@ -#!/sbin/openrc-run +#!/bin/sh +# Start/stop terraform-http-backend. +# +### BEGIN INIT INFO +# Provides: terraform-http-backend +# Required-Start: $network +# Required-Stop: $network +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Terraform HTTP state backend daemon +# Description: Terraform HTTP state backend daemon +### END INIT INFO -depend() { - need net - after firewall -} +NAME=terraform-http-backend +DAEMON=/opt/sbin/$NAME +DESC="Terraform HTTP state backend" +SCRIPT=terraform-http-backend -start() { - ebegin "Starting terraform-http-backend" - source /etc/conf.d/terraform-http-backend || eend 1 - su "$TF_USER" -c "/opt/sbin/terraform-http-backend &" || eend 1 - eend $? -} +test -x $DAEMON || exit 0 -stop() { - ebegin "Stopping terraform-http-backend" - busybox killall -TERM terraform-http-backend - eend $? -} +[ -f /etc/default/terraform-http-backend ] && . /etc/default/terraform-http-backend +export TF_USER TF_IP TF_PORT TF_STORAGE_DIR TF_AUTH_ENABLED TF_USERNAME TF_PASSWORD + +. /lib/lsb/init-functions + +case "$1" in + (start) + log_daemon_msg "Starting $DESC" $NAME + /usr/bin/su "$TF_USER" -c "$DAEMON >/dev/null 2>&1 &" + log_end_msg $? + ;; + (stop) + log_daemon_msg "Stopping $DESC" $NAME + /usr/bin/killall -TERM $DAEMON + log_end_msg $? + ;; + (restart|force-reload) + $0 stop && sleep 1 && $0 start + ;; + (status) + status_of_proc $DAEMON $NAME && exit 0 || exit $? + ;; + (*) + echo "Usage: /etc/init.d/$SCRIPT {start|stop|restart|force-reload|status}" + exit 1 + ;; +esac + +exit 0 diff --git a/etc/iptables/rules-save b/etc/iptables/rules-save deleted file mode 100644 index 398618b..0000000 --- a/etc/iptables/rules-save +++ /dev/null @@ -1,24 +0,0 @@ -# Generated by iptables-save v1.8.11 (nf_tables) on Sat Sep 13 18:45:54 2025 -*filter -:INPUT DROP [6:240] -:FORWARD DROP [0:0] -:OUTPUT ACCEPT [27:2250] -[0:0] -A INPUT -m conntrack --ctstate INVALID -j DROP -[12:1176] -A INPUT -i lo -j ACCEPT -[0:0] -A INPUT -s 10.254.0.0/24 -i eth1 -j ACCEPT -[0:0] -A INPUT -s 5.101.171.208/28 -i eth0 -j ACCEPT -[6:707] -A INPUT -s 185.176.90.169/32 -i eth0 -j ACCEPT -[0:0] -A INPUT -s 172.236.16.105/32 -i eth0 -j ACCEPT -[0:0] -A INPUT -s 82.33.87.103/32 -i eth0 -j ACCEPT -[0:0] -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -[0:0] -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT -[0:0] -A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT -[0:0] -A INPUT -p icmp -m icmp --icmp-type 3 -j ACCEPT -[0:0] -A INPUT -p icmp -m icmp --icmp-type 11 -j ACCEPT -[0:0] -A INPUT -p icmp -m icmp --icmp-type 12 -j ACCEPT -[0:0] -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m multiport --dports 22,25422 -m conntrack --ctstate NEW -j ACCEPT -[0:0] -A INPUT -p tcp -m tcp --dport 80 --tcp-flags FIN,SYN,RST,ACK SYN -m conntrack --ctstate NEW -j ACCEPT -[0:0] -A INPUT -p tcp -m tcp --dport 25443 --tcp-flags FIN,SYN,RST,ACK SYN -m conntrack --ctstate NEW -j ACCEPT -[0:0] -A INPUT -p tcp -m tcp --dport 25480 --tcp-flags FIN,SYN,RST,ACK SYN -m conntrack --ctstate NEW -j ACCEPT -COMMIT -# Completed on Sat Sep 13 18:45:54 2025 diff --git a/etc/iptables/rules6-save b/etc/iptables/rules6-save deleted file mode 100644 index f9c40e8..0000000 --- a/etc/iptables/rules6-save +++ /dev/null @@ -1,25 +0,0 @@ -# Generated by ip6tables-save v1.8.11 (nf_tables) on Sat Sep 13 18:45:54 2025 -*filter -:INPUT DROP [0:0] -:FORWARD DROP [0:0] -:OUTPUT ACCEPT [0:0] -[0:0] -A INPUT -m conntrack --ctstate INVALID -j DROP -[0:0] -A INPUT -i lo -j ACCEPT -[0:0] -A INPUT -s 2a01:a500:2981:1::/64 -i eth0 -j ACCEPT -[0:0] -A INPUT -s 2a07:4580:b0d:57f::169/128 -i eth0 -j ACCEPT -[0:0] -A INPUT -s 2600:3c13::2000:50ff:fef4:7f56/128 -i eth0 -j ACCEPT -[0:0] -A INPUT -s 2001:470:1f1d:58::/64 -i eth0 -j ACCEPT -[0:0] -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -[0:0] -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 128 -j ACCEPT -[0:0] -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 129 -j ACCEPT -[0:0] -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 1 -j ACCEPT -[0:0] -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 3 -j ACCEPT -[0:0] -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 4 -j ACCEPT -[0:0] -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 2 -j ACCEPT -[0:0] -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 135 -j ACCEPT -[0:0] -A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 136 -j ACCEPT -[0:0] -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m multiport --dports 22,25422 -m conntrack --ctstate NEW -j ACCEPT -[0:0] -A INPUT -p tcp -m tcp --dport 80 --tcp-flags FIN,SYN,RST,ACK SYN -m conntrack --ctstate NEW -j ACCEPT -[0:0] -A INPUT -p tcp -m tcp --dport 25443 --tcp-flags FIN,SYN,RST,ACK SYN -m conntrack --ctstate NEW -j ACCEPT -COMMIT -# Completed on Sat Sep 13 18:45:54 2025 diff --git a/etc/login.defs b/etc/login.defs new file mode 100644 index 0000000..cef0fc7 --- /dev/null +++ b/etc/login.defs @@ -0,0 +1,192 @@ +# +# /etc/login.defs - Configuration control definitions for the shadow package. +# + +# REQUIRED for useradd/userdel/usermod +# Directory where mailboxes reside, _or_ name of file, relative to the +# home directory. If you _do_ define MAIL_DIR and MAIL_FILE, +# MAIL_DIR takes precedence. +# +# Essentially: +# - MAIL_DIR defines the location of users mail spool files +# (for mbox use) by appending the username to MAIL_DIR as defined +# below. +# - MAIL_FILE defines the location of the users mail spool files as the +# fully-qualified filename obtained by prepending the user home +# directory before $MAIL_FILE +# +# NOTE: This is no more used for setting up users MAIL environment variable +# which is, starting from shadow 4.0.12-1 in Debian, entirely the +# job of the pam_mail PAM modules +# See default PAM configuration files provided for +# login, su, etc. +# +# This is a temporary situation: setting these variables will soon +# move to /etc/default/useradd and the variables will then be +# no more supported +MAIL_DIR /var/mail +#MAIL_FILE .mail + +# +# Enable display of unknown usernames when login(1) failures are recorded. +# +# WARNING: Unknown usernames may become world readable. +# See #290803 and #298773 for details about how this could become a security +# concern +LOG_UNKFAIL_ENAB no + +# +# Enable logging of successful logins +# +LOG_OK_LOGINS yes + +# +# If defined, file which maps tty line to TERM environment parameter. +# Each line of the file is in a format similar to "vt100 tty01". +# +#TTYTYPE_FILE /etc/ttytype + +# +# If defined, file which inhibits all the usual chatter during the login +# sequence. If a full pathname, then hushed mode will be enabled if the +# user's name or shell are found in the file. If not a full pathname, then +# hushed mode will be enabled if the file exists in the user's home directory. +# +HUSHLOGIN_FILE .hushlogin +#HUSHLOGIN_FILE /etc/hushlogins + +# +# *REQUIRED* The default PATH settings, for superuser and normal users. +# +# (they are minimal, add the rest in the shell startup files) +ENV_SUPATH PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin +ENV_PATH PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games + +# +# Terminal permissions for terminals after login(1). +# These settings are ignored for remote and other logins. +# +# TTYGROUP Login tty will be assigned this group ownership. +# TTYPERM Login tty will be set to this permission. +# +#TTYGROUP tty +TTYPERM 0600 + +# +# Login configuration initializations: +# +# ERASECHAR Terminal ERASE character ('\010' = backspace). +# KILLCHAR Terminal KILL character ('\025' = CTRL/U). +# +# The ERASECHAR and KILLCHAR are used only on System V machines. +# +ERASECHAR 0177 +KILLCHAR 025 + +# HOME_MODE is used by useradd(8) and newusers(8) to set the mode for new +# home directories. +HOME_MODE 0700 + +# +# Password aging controls: +# +# PASS_MAX_DAYS Maximum number of days a password may be used. +# PASS_MIN_DAYS Minimum number of days allowed between password changes. +# PASS_WARN_AGE Number of days warning given before a password expires. +# +PASS_MAX_DAYS 99999 +PASS_MIN_DAYS 0 +PASS_WARN_AGE 7 + +# +# Min/max values for automatic uid selection in useradd(8) +# +UID_MIN 1000 +UID_MAX 60000 +# System accounts +#SYS_UID_MIN 101 +#SYS_UID_MAX 999 +# Extra per user uids +SUB_UID_MIN 100000 +SUB_UID_MAX 600100000 +SUB_UID_COUNT 65536 + +# +# Min/max values for automatic gid selection in groupadd(8) +# +GID_MIN 1000 +GID_MAX 60000 +# System accounts +#SYS_GID_MIN 101 +#SYS_GID_MAX 999 +# Extra per user group ids +SUB_GID_MIN 100000 +SUB_GID_MAX 600100000 +SUB_GID_COUNT 65536 + +# +# Max number of login(1) retries if password is bad +# This will most likely be overriden by PAM, since the default pam_unix module +# has it's own built in of 3 retries. However, this is a safe fallback in case +# you are using an authentication module that does not enforce PAM_MAXTRIES. +# +LOGIN_RETRIES 3 + +# +# Max time in seconds for login(1) +# +LOGIN_TIMEOUT 30 + +# +# Which fields may be changed by regular users using chfn(1) - use +# any combination of letters "frwh" (full name, room number, work +# phone, home phone). If not defined, no changes are allowed. +# For backward compatibility, "yes" = "rwh" and "no" = "frwh". +# +CHFN_RESTRICT rwh + +# +# If set to MD5, MD5-based algorithm will be used for encrypting password +# If set to SHA256, SHA256-based algorithm will be used for encrypting password +# If set to SHA512, SHA512-based algorithm will be used for encrypting password +# If set to BCRYPT, BCRYPT-based algorithm will be used for encrypting password +# If set to YESCRYPT, YESCRYPT-based algorithm will be used for encrypting password +# If set to DES, DES-based algorithm will be used for encrypting password (default) +# MD5 and DES should not be used for new hashes, see crypt(5) for recommendations. +# Overrides the MD5_CRYPT_ENAB option +# +# Note: It is recommended to use a value consistent with +# the PAM modules configuration. +# +ENCRYPT_METHOD YESCRYPT + +# +# Should login be allowed if we can't cd to the home directory? +# Default is no. +# +DEFAULT_HOME yes + +# +# The pwck(8) utility emits a warning for any system account with a home +# directory that does not exist. Some system accounts intentionally do +# not have a home directory. Such accounts may have this string as +# their home directory in /etc/passwd to avoid a spurious warning. +# +NONEXISTENT /nonexistent + +# +# If defined, this command is run when removing a user. +# It should remove any at/cron/print jobs etc. owned by +# the user to be removed (passed as the first argument). +# +#USERDEL_CMD /usr/sbin/userdel_local + +# +# If set to yes, userdel(8) will remove the user's group if it contains no more +# members, and useradd(8) will create by default a group with the name of the +# user. +# +# Other former uses of this variable are not used in PAM environments, such as +# Debian. +# +USERGROUPS_ENAB yes diff --git a/etc/pkglist b/etc/pkglist index d845536..6ae8d51 100644 --- a/etc/pkglist +++ b/etc/pkglist @@ -414,6 +414,7 @@ libzstd1 linux-libc-dev linux-sysctl-defaults locales +locales-all login login.defs logrotate diff --git a/etc/sshguard.conf b/etc/sshguard/sshguard.conf similarity index 100% rename from etc/sshguard.conf rename to etc/sshguard/sshguard.conf diff --git a/etc/sshguard.whitelist b/etc/sshguard/whitelist similarity index 100% rename from etc/sshguard.whitelist rename to etc/sshguard/whitelist diff --git a/root/.gitignore b/root/.gitignore index 2d0c160..83fd8b0 100644 --- a/root/.gitignore +++ b/root/.gitignore @@ -2,8 +2,7 @@ !/.* !/.*/ !/.*/** -!/clean-fd -!/dummy-* +!/stuff-to-keep/ /.bash_history* /.composer/ diff --git a/root/clean-fd b/root/stuff-to-keep/clean-fd similarity index 100% rename from root/clean-fd rename to root/stuff-to-keep/clean-fd diff --git a/root/stuff-to-keep/conf.d/00_bcmath.ini b/root/stuff-to-keep/conf.d/00_bcmath.ini new file mode 100644 index 0000000..6813a0b --- /dev/null +++ b/root/stuff-to-keep/conf.d/00_bcmath.ini @@ -0,0 +1 @@ +extension=bcmath diff --git a/root/stuff-to-keep/conf.d/00_bz2.ini b/root/stuff-to-keep/conf.d/00_bz2.ini new file mode 100644 index 0000000..d0b5b0f --- /dev/null +++ b/root/stuff-to-keep/conf.d/00_bz2.ini @@ -0,0 +1 @@ +extension=bz2 diff --git a/root/stuff-to-keep/conf.d/00_curl.ini b/root/stuff-to-keep/conf.d/00_curl.ini new file mode 100644 index 0000000..89fa13d --- /dev/null +++ b/root/stuff-to-keep/conf.d/00_curl.ini @@ -0,0 +1 @@ +extension=curl diff --git a/root/stuff-to-keep/conf.d/00_gd.ini b/root/stuff-to-keep/conf.d/00_gd.ini new file mode 100644 index 0000000..bb35ed0 --- /dev/null +++ b/root/stuff-to-keep/conf.d/00_gd.ini @@ -0,0 +1 @@ +extension=gd diff --git a/root/stuff-to-keep/conf.d/00_gettext.ini b/root/stuff-to-keep/conf.d/00_gettext.ini new file mode 100644 index 0000000..549944c --- /dev/null +++ b/root/stuff-to-keep/conf.d/00_gettext.ini @@ -0,0 +1 @@ +extension=gettext diff --git a/root/stuff-to-keep/conf.d/00_gmp.ini b/root/stuff-to-keep/conf.d/00_gmp.ini new file mode 100644 index 0000000..1b2be41 --- /dev/null +++ b/root/stuff-to-keep/conf.d/00_gmp.ini @@ -0,0 +1 @@ +extension=gmp diff --git a/root/stuff-to-keep/conf.d/00_iconv.ini b/root/stuff-to-keep/conf.d/00_iconv.ini new file mode 100644 index 0000000..4711441 --- /dev/null +++ b/root/stuff-to-keep/conf.d/00_iconv.ini @@ -0,0 +1 @@ +extension=iconv diff --git a/root/stuff-to-keep/conf.d/00_imap.ini b/root/stuff-to-keep/conf.d/00_imap.ini new file mode 100644 index 0000000..d026b09 --- /dev/null +++ b/root/stuff-to-keep/conf.d/00_imap.ini @@ -0,0 +1 @@ +extension=imap diff --git a/root/stuff-to-keep/conf.d/00_intl.ini b/root/stuff-to-keep/conf.d/00_intl.ini new file mode 100644 index 0000000..63f20e8 --- /dev/null +++ b/root/stuff-to-keep/conf.d/00_intl.ini @@ -0,0 +1 @@ +extension=intl diff --git a/root/stuff-to-keep/conf.d/00_ldap.ini b/root/stuff-to-keep/conf.d/00_ldap.ini new file mode 100644 index 0000000..5d67d7d --- /dev/null +++ b/root/stuff-to-keep/conf.d/00_ldap.ini @@ -0,0 +1 @@ +extension=ldap diff --git a/root/stuff-to-keep/conf.d/00_mbstring.ini b/root/stuff-to-keep/conf.d/00_mbstring.ini new file mode 100644 index 0000000..0e3a392 --- /dev/null +++ b/root/stuff-to-keep/conf.d/00_mbstring.ini @@ -0,0 +1 @@ +extension=mbstring diff --git a/root/stuff-to-keep/conf.d/00_opcache.ini b/root/stuff-to-keep/conf.d/00_opcache.ini new file mode 100644 index 0000000..592cb59 --- /dev/null +++ b/root/stuff-to-keep/conf.d/00_opcache.ini @@ -0,0 +1 @@ +zend_extension=opcache diff --git a/root/stuff-to-keep/conf.d/00_openssl.ini b/root/stuff-to-keep/conf.d/00_openssl.ini new file mode 100644 index 0000000..355624b --- /dev/null +++ b/root/stuff-to-keep/conf.d/00_openssl.ini @@ -0,0 +1 @@ +extension=openssl diff --git a/root/stuff-to-keep/conf.d/00_posix.ini b/root/stuff-to-keep/conf.d/00_posix.ini new file mode 100644 index 0000000..e58281c --- /dev/null +++ b/root/stuff-to-keep/conf.d/00_posix.ini @@ -0,0 +1 @@ +extension=posix diff --git a/root/stuff-to-keep/conf.d/00_session.ini b/root/stuff-to-keep/conf.d/00_session.ini new file mode 100644 index 0000000..7482518 --- /dev/null +++ b/root/stuff-to-keep/conf.d/00_session.ini @@ -0,0 +1 @@ +extension=session diff --git a/root/stuff-to-keep/conf.d/00_simplexml.ini b/root/stuff-to-keep/conf.d/00_simplexml.ini new file mode 100644 index 0000000..c88c0ae --- /dev/null +++ b/root/stuff-to-keep/conf.d/00_simplexml.ini @@ -0,0 +1 @@ +extension=simplexml diff --git a/root/stuff-to-keep/conf.d/00_sodium.ini b/root/stuff-to-keep/conf.d/00_sodium.ini new file mode 100644 index 0000000..2932bf4 --- /dev/null +++ b/root/stuff-to-keep/conf.d/00_sodium.ini @@ -0,0 +1 @@ +extension=sodium diff --git a/root/stuff-to-keep/conf.d/00_sqlite3.ini b/root/stuff-to-keep/conf.d/00_sqlite3.ini new file mode 100644 index 0000000..7ee602b --- /dev/null +++ b/root/stuff-to-keep/conf.d/00_sqlite3.ini @@ -0,0 +1 @@ +extension=sqlite3 diff --git a/root/stuff-to-keep/conf.d/00_xml.ini b/root/stuff-to-keep/conf.d/00_xml.ini new file mode 100644 index 0000000..971783d --- /dev/null +++ b/root/stuff-to-keep/conf.d/00_xml.ini @@ -0,0 +1 @@ +extension=xml diff --git a/root/stuff-to-keep/conf.d/00_zip.ini b/root/stuff-to-keep/conf.d/00_zip.ini new file mode 100644 index 0000000..08a7894 --- /dev/null +++ b/root/stuff-to-keep/conf.d/00_zip.ini @@ -0,0 +1 @@ +extension=zip diff --git a/root/stuff-to-keep/conf.d/01_phar.ini b/root/stuff-to-keep/conf.d/01_phar.ini new file mode 100644 index 0000000..c535cef --- /dev/null +++ b/root/stuff-to-keep/conf.d/01_phar.ini @@ -0,0 +1 @@ +extension=phar diff --git a/root/stuff-to-keep/conf.d/99_pdo.ini b/root/stuff-to-keep/conf.d/99_pdo.ini new file mode 100644 index 0000000..1e03675 --- /dev/null +++ b/root/stuff-to-keep/conf.d/99_pdo.ini @@ -0,0 +1,6 @@ +[Pdo] +; Whether to pool ODBC connections. Can be one of "strict", "relaxed" or "off" +; http://php.net/pdo-odbc.connection-pooling +;pdo_odbc.connection_pooling=strict + +;pdo_odbc.db2_instance_name diff --git a/root/stuff-to-keep/conf.d/99_pdo_mysql.ini b/root/stuff-to-keep/conf.d/99_pdo_mysql.ini new file mode 100644 index 0000000..1598241 --- /dev/null +++ b/root/stuff-to-keep/conf.d/99_pdo_mysql.ini @@ -0,0 +1,4 @@ +[Pdo_mysql] +; Default socket name for local MySQL connects. If empty, uses the built-in +; MySQL defaults. +;pdo_mysql.default_socket= diff --git a/root/stuff-to-keep/conf.d/99_pgsql.ini b/root/stuff-to-keep/conf.d/99_pgsql.ini new file mode 100644 index 0000000..0b17fb5 --- /dev/null +++ b/root/stuff-to-keep/conf.d/99_pgsql.ini @@ -0,0 +1,27 @@ +[PostgreSQL] +; Allow or prevent persistent links. +; http://php.net/pgsql.allow-persistent +pgsql.allow_persistent = On + +; Detect broken persistent links always with pg_pconnect(). +; Auto reset feature requires a little overheads. +; http://php.net/pgsql.auto-reset-persistent +pgsql.auto_reset_persistent = Off + +; Maximum number of persistent links. -1 means no limit. +; http://php.net/pgsql.max-persistent +pgsql.max_persistent = -1 + +; Maximum number of links (persistent+non persistent). -1 means no limit. +; http://php.net/pgsql.max-links +pgsql.max_links = -1 + +; Ignore PostgreSQL backends Notice message or not. +; Notice message logging require a little overheads. +; http://php.net/pgsql.ignore-notice +pgsql.ignore_notice = 0 + +; Log PostgreSQL backends Notice message or not. +; Unless pgsql.ignore_notice=0, module cannot log notice message. +; http://php.net/pgsql.log-notice +pgsql.log_notice = 0 diff --git a/root/stuff-to-keep/conf.d/99_phar.ini b/root/stuff-to-keep/conf.d/99_phar.ini new file mode 100644 index 0000000..e3fc161 --- /dev/null +++ b/root/stuff-to-keep/conf.d/99_phar.ini @@ -0,0 +1,8 @@ +[Phar] +; http://php.net/phar.readonly +;phar.readonly = On + +; http://php.net/phar.require-hash +;phar.require_hash = On + +;phar.cache_list = diff --git a/root/stuff-to-keep/conf.d/99_session.ini b/root/stuff-to-keep/conf.d/99_session.ini new file mode 100644 index 0000000..214fac5 --- /dev/null +++ b/root/stuff-to-keep/conf.d/99_session.ini @@ -0,0 +1,269 @@ +[Session] +; Handler used to store/retrieve data. +; http://php.net/session.save-handler +session.save_handler = files + +; Argument passed to save_handler. In the case of files, this is the path +; where data files are stored. Note: Windows users have to change this +; variable in order to use PHP's session functions. +; +; The path can be defined as: +; +; session.save_path = "N;/path" +; +; where N is an integer. Instead of storing all the session files in +; /path, what this will do is use subdirectories N-levels deep, and +; store the session data in those directories. This is useful if +; your OS has problems with many files in one directory, and is +; a more efficient layout for servers that handle many sessions. +; +; NOTE 1: PHP will not create this directory structure automatically. +; You can use the script in the ext/session dir for that purpose. +; NOTE 2: See the section on garbage collection below if you choose to +; use subdirectories for session storage +; +; The file storage module creates files using mode 600 by default. +; You can change that by using +; +; session.save_path = "N;MODE;/path" +; +; where MODE is the octal representation of the mode. Note that this +; does not overwrite the process's umask. +; http://php.net/session.save-path +session.save_path = "/var/lib/php/sessions" + +; Name of the session (used as cookie name). +; http://php.net/session.name +session.name = PHP_SESSION_ID + +; Initialize session on request startup. +; http://php.net/session.auto-start +;session.auto_start = 0 + +; Handler used to serialize data. php is the standard serializer of PHP. +; http://php.net/session.serialize-handler +session.serialize_handler = php_serialize + +; Defines the probability that the 'garbage collection' process is started on every +; session initialization. The probability is calculated by using gc_probability/gc_divisor, +; e.g. 1/100 means there is a 1% chance that the GC process starts on each request. +; Default Value: 1 +; Development Value: 1 +; Production Value: 1 +; http://php.net/session.gc-probability +;session.gc_probability = 1 + +; Defines the probability that the 'garbage collection' process is started on every +; session initialization. The probability is calculated by using gc_probability/gc_divisor, +; e.g. 1/100 means there is a 1% chance that the GC process starts on each request. +; For high volume production servers, using a value of 1000 is a more efficient approach. +; Default Value: 100 +; Development Value: 1000 +; Production Value: 1000 +; http://php.net/session.gc-divisor +;session.gc_divisor = 1000 + +; After this number of seconds, stored data will be seen as 'garbage' and +; cleaned up by the garbage collection process. +; http://php.net/session.gc-maxlifetime +session.gc_maxlifetime = 86400 + +; NOTE: If you are using the subdirectory option for storing session files +; (see session.save_path above), then garbage collection does *not* +; happen automatically. You will need to do your own garbage +; collection through a shell script, cron entry, or some other method. +; For example, the following script is the equivalent of setting +; session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes): +; find /path/to/sessions -cmin +24 -type f | xargs rm + +; Check HTTP Referer to invalidate externally stored URLs containing ids. +; HTTP_REFERER has to contain this substring for the session to be +; considered as valid. +; http://php.net/session.referer-check +;session.referer_check = + +; Gives a path to an external resource (file) which will be used as an +; additional entropy source in the session id creation process. +;session.entropy_file string = /dev/urandom + +; Whether to use strict session mode. +; Strict session mode does not accept an uninitialized session ID, and +; regenerates the session ID if the browser sends an uninitialized session ID. +; Strict mode protects applications from session fixation via a session adoption +; vulnerability. It is disabled by default for maximum compatibility, but +; enabling it is encouraged. +; https://wiki.php.net/rfc/strict_sessions +;session.use_strict_mode = 0 + +; Whether to use cookies. +; http://php.net/session.use-cookies +; session.use_cookies = 1 + +; This option forces PHP to fetch and use a cookie for storing and maintaining +; the session id. We encourage this operation as it's very helpful in combating +; session hijacking when not specifying and managing your own session id. It is +; not the be-all and end-all of session hijacking defense, but it's a good start. +; http://php.net/session.use-only-cookies +;session.use_only_cookies = 1 + +; Lifetime in seconds of cookie or, if 0, until browser is restarted. +; http://php.net/session.cookie-lifetime +;session.cookie_lifetime = 0 + +; The path for which the cookie is valid. +; http://php.net/session.cookie-path +;session.cookie_path = / + +; The domain for which the cookie is valid. +; http://php.net/session.cookie-domain +;session.cookie_domain = + +; http://php.net/session.cookie-secure +; session.cookie_secure = On + +; Whether or not to add the httpOnly flag to the cookie, which makes it +; inaccessible to browser scripting languages such as JavaScript. +; http://php.net/session.cookie-httponly +session.cookie_httponly = Off + +; Add SameSite attribute to cookie to help mitigate Cross-Site Request Forgery (CSRF/XSRF) +; Current valid values are "Strict", "Lax" or "None". When using "None", +; make sure to include the quotes, as `none` is interpreted like `false` in ini files. +; https://tools.ietf.org/html/draft-west-first-party-cookies-07 +; session.cookie_samesite = + +; Set to {nocache,private,public,} to determine HTTP caching aspects +; or leave this empty to avoid sending anti-caching headers. +; http://php.net/session.cache-limiter +;session.cache_limiter = nocache + +; Document expires after n minutes. +; http://php.net/session.cache-expire +;session.cache_expire = 180 + +; trans sid support is disabled by default. +; Use of trans sid may risk your users' security. +; Use this option with caution. +; - User may send URL contains active session ID +; to other person via. email/irc/etc. +; - URL that contains active session ID may be stored +; in publicly accessible computer. +; - User may access your site with the same session ID +; always using URL stored in browser's history or bookmarks. +; http://php.net/session.use-trans-sid +;session.use_trans_sid = 0 + +; The URL rewriter will look for URLs in a defined set of HTML tags. +;
is special; if you include them here, the rewriter will +; add a hidden field with the info which is otherwise appended +; to URLs. tag's action attribute URL will not be modified +; unless it is specified. +; Note that all valid entries require a "=", even if no value follows. +; Default Value: "a=href,area=href,frame=src,form=" +; Development Value: "a=href,area=href,frame=src,form=" +; Production Value: "a=href,area=href,frame=src,form=" +; http://php.net/url-rewriter.tags +;session.trans_sid_tags = "a=href,area=href,frame=src,form=" + +; URL rewriter does not rewrite absolute URLs by default. +; To enable rewrites for absolute paths, target hosts must be specified +; at RUNTIME. i.e. use ini_set() +; tags is special. PHP will check action attribute's URL regardless +; of session.trans_sid_tags setting. +; If no host is defined, HTTP_HOST will be used for allowed host. +; Example value: php.net,www.php.net,wiki.php.net +; Use "," for multiple hosts. No spaces are allowed. +; Default Value: "" +; Development Value: "" +; Production Value: "" +;session.trans_sid_hosts="" + +; Set session ID character length. This value could be between 22 to 256. +; Shorter length than default is supported only for compatibility reason. +; Users should use 32 or more chars. +; http://php.net/session.sid-length +; Default Value: 32 +; Development Value: 26 +; Production Value: 26 +session.sid_length = 64 + +; Define how many bits are stored in each character when converting +; the binary hash data to something readable. +; Possible values: +; 4 (4 bits: 0-9, a-f) +; 5 (5 bits: 0-9, a-v) +; 6 (6 bits: 0-9, a-z, A-Z, "-", ",") +; Default Value: 4 +; Development Value: 5 +; Production Value: 5 +; http://php.net/session.hash-bits-per-character +session.sid_bits_per_character = 6 + +; Define the hash algorithm used to generate the session IDs. +; Possible values: +; '0' MD5 (128 bits) +; '1' SHA-1 (160 bits) +; It is also possible to specify any of the algorithms provided by the hash +; extension (if it is available), like sha512 or whirlpool. +session.hash_function = 1 + +; Define how many bits are stored in each character when converting +; the binary hash data to something readable. +; Possible values: +; 4 (4 bits: 0-9, a-f) +; 5 (5 bits: 0-9, a-v) +; 6 (6 bits: 0-9, a-z, A-Z, "-", ",") +; Default Value: 4 +; Development Value: 5 +; Production Value: 5 +session.hash_bits_per_character = 6 + +; Enable upload progress tracking in $_SESSION +; Default Value: On +; Development Value: On +; Production Value: On +; http://php.net/session.upload-progress.enabled +;session.upload_progress.enabled = On + +; Cleanup the progress information as soon as all POST data has been read +; (i.e. upload completed). +; Default Value: On +; Development Value: On +; Production Value: On +; http://php.net/session.upload-progress.cleanup +;session.upload_progress.cleanup = 1 + +; A prefix used for the upload progress key in $_SESSION +; Default Value: "upload_progress_" +; Development Value: "upload_progress_" +; Production Value: "upload_progress_" +; http://php.net/session.upload-progress.prefix +;session.upload_progress.prefix = "upload_progress_" + +; The index name (concatenated with the prefix) in $_SESSION +; containing the upload progress information +; Default Value: "PHP_SESSION_UPLOAD_PROGRESS" +; Development Value: "PHP_SESSION_UPLOAD_PROGRESS" +; Production Value: "PHP_SESSION_UPLOAD_PROGRESS" +; http://php.net/session.upload-progress.name +;session.upload_progress.name = "PHP_SESSION_UPLOAD_PROGRESS" + +; How frequently the upload progress should be updated. +; Given either in percentages (per-file), or in bytes +; Default Value: "1%" +; Development Value: "1%" +; Production Value: "1%" +; http://php.net/session.upload-progress.freq +;session.upload_progress.freq = "1%" + +; The minimum delay between updates, in seconds +; Default Value: 1 +; Development Value: 1 +; Production Value: 1 +; http://php.net/session.upload-progress.min-freq +;session.upload_progress.min_freq = "1" + +; Only write session data when session data is changed. Enabled by default. +; http://php.net/session.lazy-write +;session.lazy_write = On +session.lazy_write = Off diff --git a/root/stuff-to-keep/conf.d/99_soap.ini b/root/stuff-to-keep/conf.d/99_soap.ini new file mode 100644 index 0000000..c048b3f --- /dev/null +++ b/root/stuff-to-keep/conf.d/99_soap.ini @@ -0,0 +1,16 @@ +[soap] +; Enables or disables WSDL caching feature. +; http://php.net/soap.wsdl-cache-enabled +soap.wsdl_cache_enabled=1 + +; Sets the directory name where SOAP extension will put cache files. +; http://php.net/soap.wsdl-cache-dir +soap.wsdl_cache_dir="/tmp" + +; (time to live) Sets the number of second while cached file will be used +; instead of original one. +; http://php.net/soap.wsdl-cache-ttl +soap.wsdl_cache_ttl=86400 + +; Sets the size of the cache limit. (Max. number of WSDL files to cache) +soap.wsdl_cache_limit = 5 diff --git a/root/stuff-to-keep/conf.d/99_sqlite3.ini b/root/stuff-to-keep/conf.d/99_sqlite3.ini new file mode 100644 index 0000000..1965589 --- /dev/null +++ b/root/stuff-to-keep/conf.d/99_sqlite3.ini @@ -0,0 +1,13 @@ +[sqlite3] +; Directory pointing to SQLite3 extensions +; http://php.net/sqlite3.extension-dir +;sqlite3.extension_dir = + +; SQLite defensive mode flag (only available from SQLite 3.26+) +; When the defensive flag is enabled, language features that allow ordinary +; SQL to deliberately corrupt the database file are disabled. This forbids +; writing directly to the schema, shadow tables (eg. FTS data tables), or +; the sqlite_dbpage virtual table. +; https://www.sqlite.org/c3ref/c_dbconfig_defensive.html +; (for older SQLite versions, this flag has no use) +;sqlite3.defensive = 1 diff --git a/root/stuff-to-keep/conf.d/99_sysvshm.ini b/root/stuff-to-keep/conf.d/99_sysvshm.ini new file mode 100644 index 0000000..03da3ab --- /dev/null +++ b/root/stuff-to-keep/conf.d/99_sysvshm.ini @@ -0,0 +1,3 @@ +[sysvshm] +; A default size of the shared memory segment +;sysvshm.init_mem = 10000 diff --git a/root/stuff-to-keep/conf.d/99_tidy.ini b/root/stuff-to-keep/conf.d/99_tidy.ini new file mode 100644 index 0000000..90c5f13 --- /dev/null +++ b/root/stuff-to-keep/conf.d/99_tidy.ini @@ -0,0 +1,10 @@ +[Tidy] +; The path to a default tidy configuration file to use when using tidy +; http://php.net/tidy.default-config +;tidy.default_config = /usr/local/lib/php/default.tcfg + +; Should tidy clean and repair output automatically? +; WARNING: Do not use this option if you are generating non-html content +; such as dynamic images +; http://php.net/tidy.clean-output +tidy.clean_output = Off diff --git a/root/stuff-to-keep/conf.d/imagick.ini b/root/stuff-to-keep/conf.d/imagick.ini new file mode 100644 index 0000000..76225ec --- /dev/null +++ b/root/stuff-to-keep/conf.d/imagick.ini @@ -0,0 +1 @@ +extension=imagick diff --git a/root/dummy-default-mta b/root/stuff-to-keep/dummy-default-mta similarity index 100% rename from root/dummy-default-mta rename to root/stuff-to-keep/dummy-default-mta diff --git a/root/dummy-default-mta_0.0.1_all.deb b/root/stuff-to-keep/dummy-default-mta_0.0.1_all.deb similarity index 100% rename from root/dummy-default-mta_0.0.1_all.deb rename to root/stuff-to-keep/dummy-default-mta_0.0.1_all.deb diff --git a/root/stuff-to-keep/php-fpm.conf b/root/stuff-to-keep/php-fpm.conf new file mode 100644 index 0000000..f0b273f --- /dev/null +++ b/root/stuff-to-keep/php-fpm.conf @@ -0,0 +1,143 @@ +;;;;;;;;;;;;;;;;;;;;; +; FPM Configuration ; +;;;;;;;;;;;;;;;;;;;;; + +; All relative paths in this configuration file are relative to PHP's install +; prefix (/usr). This prefix can be dynamically changed by using the +; '-p' argument from the command line. + +;;;;;;;;;;;;;;;;;; +; Global Options ; +;;;;;;;;;;;;;;;;;; + +[global] +; Pid file +; Note: the default prefix is /var +; Default Value: none +pid = run/php-fpm.pid + +; Error log file +; If it's set to "syslog", log is sent to syslogd instead of being written +; into a local file. +; Note: the default prefix is /var +; Default Value: log/php-fpm.log +error_log = syslog + +; syslog_facility is used to specify what type of program is logging the +; message. This lets syslogd specify that messages from different facilities +; will be handled differently. +; See syslog(3) for possible values (ex daemon equiv LOG_DAEMON) +; Default Value: daemon +syslog.facility = local2 + +; syslog_ident is prepended to every message. If you have multiple FPM +; instances running on the same server, you can change the default value +; which must suit common needs. +; Default Value: php-fpm +syslog.ident = php-fpm + +; Log level +; Possible Values: alert, error, warning, notice, debug +; Default Value: notice +log_level = notice + +; Log limit on number of characters in the single line (log entry). If the +; line is over the limit, it is wrapped on multiple lines. The limit is for +; all logged characters including message prefix and suffix if present. However +; the new line character does not count into it as it is present only when +; logging to a file descriptor. It means the new line character is not present +; when logging to syslog. +; Default Value: 1024 +;log_limit = 4096 + +; Log buffering specifies if the log line is buffered which means that the +; line is written in a single write operation. If the value is false, then the +; data is written directly into the file descriptor. It is an experimental +; option that can potentionaly improve logging performance and memory usage +; for some heavy logging scenarios. This option is ignored if logging to syslog +; as it has to be always buffered. +; Default value: yes +;log_buffering = no + +; If this number of child processes exit with SIGSEGV or SIGBUS within the time +; interval set by emergency_restart_interval then FPM will restart. A value +; of '0' means 'Off'. +; Default Value: 0 +emergency_restart_threshold = 5 + +; Interval of time used by emergency_restart_interval to determine when +; a graceful restart will be initiated. This can be useful to work around +; accidental corruptions in an accelerator's shared memory. +; Available Units: s(econds), m(inutes), h(ours), or d(ays) +; Default Unit: seconds +; Default Value: 0 +emergency_restart_interval = 10 + +; Time limit for child processes to wait for a reaction on signals from master. +; Available units: s(econds), m(inutes), h(ours), or d(ays) +; Default Unit: seconds +; Default Value: 0 +;process_control_timeout = 0 + +; The maximum number of processes FPM will fork. This has been designed to control +; the global number of processes when using dynamic PM within a lot of pools. +; Use it with caution. +; Note: A value of 0 indicates no limit +; Default Value: 0 +process.max = 16 + +; Specify the nice(2) priority to apply to the master process (only if set) +; The value can vary from -19 (highest priority) to 20 (lowest priority) +; Note: - It will only work if the FPM master process is launched as root +; - The pool process will inherit the master process priority +; unless specified otherwise +; Default Value: no set +process.priority = 0 + +; Send FPM to background. Set to 'no' to keep FPM in foreground for debugging. +; Default Value: yes +;daemonize = yes + +; Set open file descriptor rlimit for the master process. +; Default Value: system defined value +;rlimit_files = 1024 + +; Set max core size rlimit for the master process. +; Possible Values: 'unlimited' or an integer greater or equal to 0 +; Default Value: system defined value +;rlimit_core = 0 + +; Specify the event mechanism FPM will use. The following is available: +; - select (any POSIX os) +; - poll (any POSIX os) +; - epoll (linux >= 2.5.44) +; - kqueue (FreeBSD >= 4.1, OpenBSD >= 2.9, NetBSD >= 2.0) +; - /dev/poll (Solaris >= 7) +; - port (Solaris >= 10) +; Default Value: not set (auto detection) +;events.mechanism = epoll + +; When FPM is built with systemd integration, specify the interval, +; in seconds, between health report notification to systemd. +; Set to 0 to disable. +; Available Units: s(econds), m(inutes), h(ours) +; Default Unit: seconds +; Default value: 10 +;systemd_interval = 10 + +;;;;;;;;;;;;;;;;;;;; +; Pool Definitions ; +;;;;;;;;;;;;;;;;;;;; + +; Multiple pools of child processes may be started with different listening +; ports and different management options. The name of the pool will be +; used in logs and stats. There is no limitation on the number of pools which +; FPM can handle. Your system will tell you anyway :) + +; Include one or more files. If glob(3) exists, it is used to include a bunch of +; files from a glob(3) pattern. This directive can be used everywhere in the +; file. +; Relative path can also be used. They will be prefixed by: +; - the global prefix if it's been set (-p argument) +; - /usr otherwise +include=/etc/php83/php-fpm.d/*.conf diff --git a/root/stuff-to-keep/php-fpm.d/www.conf b/root/stuff-to-keep/php-fpm.d/www.conf new file mode 100644 index 0000000..dfc4cef --- /dev/null +++ b/root/stuff-to-keep/php-fpm.d/www.conf @@ -0,0 +1,424 @@ +; Start a new pool named 'www'. +; the variable $pool can be used in any directive and will be replaced by the +; pool name ('www' here) +[www] + +; Per pool prefix +; It only applies on the following directives: +; - 'access.log' +; - 'slowlog' +; - 'listen' (unixsocket) +; - 'chroot' +; - 'chdir' +; - 'php_values' +; - 'php_admin_values' +; When not set, the global prefix (or /usr) applies instead. +; Note: This directive can also be relative to the global prefix. +; Default Value: none +;prefix = /path/to/pools/$pool + +; Unix user/group of processes +; Note: The user is mandatory. If the group is not set, the default user's group +; will be used. +user = nobody +group = nobody + +; The address on which to accept FastCGI requests. +; Valid syntaxes are: +; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on +; a specific port; +; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on +; a specific port; +; 'port' - to listen on a TCP socket to all addresses +; (IPv6 and IPv4-mapped) on a specific port; +; '/path/to/unix/socket' - to listen on a unix socket. +; Note: This value is mandatory. +;listen = 127.0.0.1:9000 +listen = /run/php-fpm83/php-fpm.sock + +; Set listen(2) backlog. +; Default Value: 511 (-1 on FreeBSD and OpenBSD) +;listen.backlog = 511 + +; Set permissions for unix socket, if one is used. In Linux, read/write +; permissions must be set in order to allow connections from a web server. Many +; BSD-derived systems allow connections regardless of permissions. +; Default Values: user and group are set as the running user +; mode is set to 0660 +listen.owner = nobody +listen.group = apache +listen.mode = 0660 +; When POSIX Access Control Lists are supported you can set them using +; these options, value is a comma separated list of user/group names. +; When set, listen.owner and listen.group are ignored +;listen.acl_users = +;listen.acl_groups = + +; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect. +; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original +; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address +; must be separated by a comma. If this value is left blank, connections will be +; accepted from any ip address. +; Default Value: any +; listen.allowed_clients = 127.0.0.1 + +; Specify the nice(2) priority to apply to the pool processes (only if set) +; The value can vary from -19 (highest priority) to 20 (lower priority) +; Note: - It will only work if the FPM master process is launched as root +; - The pool processes will inherit the master process priority +; unless it specified otherwise +; Default Value: no set +process.priority = 0 + +; Set the process dumpable flag (PR_SET_DUMPABLE prctl) even if the process user +; or group is differrent than the master process user. It allows to create process +; core dump and ptrace the process for the pool user. +; Default Value: no +; process.dumpable = yes + +; Choose how the process manager will control the number of child processes. +; Possible Values: +; static - a fixed number (pm.max_children) of child processes; +; dynamic - the number of child processes are set dynamically based on the +; following directives. With this process management, there will be +; always at least 1 children. +; pm.max_children - the maximum number of children that can +; be alive at the same time. +; pm.start_servers - the number of children created on startup. +; pm.min_spare_servers - the minimum number of children in 'idle' +; state (waiting to process). If the number +; of 'idle' processes is less than this +; number then some children will be created. +; pm.max_spare_servers - the maximum number of children in 'idle' +; state (waiting to process). If the number +; of 'idle' processes is greater than this +; number then some children will be killed. +; ondemand - no children are created at startup. Children will be forked when +; new requests will connect. The following parameter are used: +; pm.max_children - the maximum number of children that +; can be alive at the same time. +; pm.process_idle_timeout - The number of seconds after which +; an idle process will be killed. +; Note: This value is mandatory. +pm = dynamic + +; The number of child processes to be created when pm is set to 'static' and the +; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'. +; This value sets the limit on the number of simultaneous requests that will be +; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. +; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP +; CGI. The below defaults are based on a server without much resources. Don't +; forget to tweak pm.* to fit your needs. +; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' +; Note: This value is mandatory. +pm.max_children = 8 + +; The number of child processes created on startup. +; Note: Used only when pm is set to 'dynamic' +; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2 +pm.start_servers = 2 + +; The desired minimum number of idle server processes. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' +pm.min_spare_servers = 2 + +; The desired maximum number of idle server processes. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' +pm.max_spare_servers = 4 + +; The number of seconds after which an idle process will be killed. +; Note: Used only when pm is set to 'ondemand' +; Default Value: 10s +;pm.process_idle_timeout = 10s; + +; The number of requests each child process should execute before respawning. +; This can be useful to work around memory leaks in 3rd party libraries. For +; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. +; Default Value: 0 +pm.max_requests = 5000 + +; The URI to view the FPM status page. If this value is not set, no URI will be +; recognized as a status page. It shows the following informations: +; pool - the name of the pool; +; process manager - static, dynamic or ondemand; +; start time - the date and time FPM has started; +; start since - number of seconds since FPM has started; +; accepted conn - the number of request accepted by the pool; +; listen queue - the number of request in the queue of pending +; connections (see backlog in listen(2)); +; max listen queue - the maximum number of requests in the queue +; of pending connections since FPM has started; +; listen queue len - the size of the socket queue of pending connections; +; idle processes - the number of idle processes; +; active processes - the number of active processes; +; total processes - the number of idle + active processes; +; max active processes - the maximum number of active processes since FPM +; has started; +; max children reached - number of times, the process limit has been reached, +; when pm tries to start more children (works only for +; pm 'dynamic' and 'ondemand'); +; Value are updated in real time. +; Example output: +; pool: www +; process manager: static +; start time: 01/Jul/2011:17:53:49 +0200 +; start since: 62636 +; accepted conn: 190460 +; listen queue: 0 +; max listen queue: 1 +; listen queue len: 42 +; idle processes: 4 +; active processes: 11 +; total processes: 15 +; max active processes: 12 +; max children reached: 0 +; +; By default the status page output is formatted as text/plain. Passing either +; 'html', 'xml' or 'json' in the query string will return the corresponding +; output syntax. Example: +; http://www.foo.bar/status +; http://www.foo.bar/status?json +; http://www.foo.bar/status?html +; http://www.foo.bar/status?xml +; +; By default the status page only outputs short status. Passing 'full' in the +; query string will also return status for each pool process. +; Example: +; http://www.foo.bar/status?full +; http://www.foo.bar/status?json&full +; http://www.foo.bar/status?html&full +; http://www.foo.bar/status?xml&full +; The Full status returns for each process: +; pid - the PID of the process; +; state - the state of the process (Idle, Running, ...); +; start time - the date and time the process has started; +; start since - the number of seconds since the process has started; +; requests - the number of requests the process has served; +; request duration - the duration in µs of the requests; +; request method - the request method (GET, POST, ...); +; request URI - the request URI with the query string; +; content length - the content length of the request (only with POST); +; user - the user (PHP_AUTH_USER) (or '-' if not set); +; script - the main script called (or '-' if not set); +; last request cpu - the %cpu the last request consumed +; it's always 0 if the process is not in Idle state +; because CPU calculation is done when the request +; processing has terminated; +; last request memory - the max amount of memory the last request consumed +; it's always 0 if the process is not in Idle state +; because memory calculation is done when the request +; processing has terminated; +; If the process is in Idle state, then informations are related to the +; last request the process has served. Otherwise informations are related to +; the current request being served. +; Example output: +; ************************ +; pid: 31330 +; state: Running +; start time: 01/Jul/2011:17:53:49 +0200 +; start since: 63087 +; requests: 12808 +; request duration: 1250261 +; request method: GET +; request URI: /test_mem.php?N=10000 +; content length: 0 +; user: - +; script: /home/fat/web/docs/php/test_mem.php +; last request cpu: 0.00 +; last request memory: 0 +; +; Note: There is a real-time FPM status monitoring sample web page available +; It's available in: /usr/share/fpm/status.html +; +; Note: The value must start with a leading slash (/). The value can be +; anything, but it may not be a good idea to use the .php extension or it +; may conflict with a real PHP file. +; Default Value: not set +;pm.status_path = /status + +; The ping URI to call the monitoring page of FPM. If this value is not set, no +; URI will be recognized as a ping page. This could be used to test from outside +; that FPM is alive and responding, or to +; - create a graph of FPM availability (rrd or such); +; - remove a server from a group if it is not responding (load balancing); +; - trigger alerts for the operating team (24/7). +; Note: The value must start with a leading slash (/). The value can be +; anything, but it may not be a good idea to use the .php extension or it +; may conflict with a real PHP file. +; Default Value: not set +;ping.path = /ping + +; This directive may be used to customize the response of a ping request. The +; response is formatted as text/plain with a 200 response code. +; Default Value: pong +;ping.response = pong + +; The access log file +; Default: not set +;access.log = log/$pool.access.log + +; The access log format. +; The following syntax is allowed +; %%: the '%' character +; %C: %CPU used by the request +; it can accept the following format: +; - %{user}C for user CPU only +; - %{system}C for system CPU only +; - %{total}C for user + system CPU (default) +; %d: time taken to serve the request +; it can accept the following format: +; - %{seconds}d (default) +; - %{miliseconds}d +; - %{mili}d +; - %{microseconds}d +; - %{micro}d +; %e: an environment variable (same as $_ENV or $_SERVER) +; it must be associated with embraces to specify the name of the env +; variable. Some exemples: +; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e +; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e +; %f: script filename +; %l: content-length of the request (for POST request only) +; %m: request method +; %M: peak of memory allocated by PHP +; it can accept the following format: +; - %{bytes}M (default) +; - %{kilobytes}M +; - %{kilo}M +; - %{megabytes}M +; - %{mega}M +; %n: pool name +; %o: output header +; it must be associated with embraces to specify the name of the header: +; - %{Content-Type}o +; - %{X-Powered-By}o +; - %{Transfert-Encoding}o +; - .... +; %p: PID of the child that serviced the request +; %P: PID of the parent of the child that serviced the request +; %q: the query string +; %Q: the '?' character if query string exists +; %r: the request URI (without the query string, see %q and %Q) +; %R: remote IP address +; %s: status (response code) +; %t: server time the request was received +; it can accept a strftime(3) format: +; %d/%b/%Y:%H:%M:%S %z (default) +; The strftime(3) format must be encapsuled in a %{}t tag +; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t +; %T: time the log has been written (the request has finished) +; it can accept a strftime(3) format: +; %d/%b/%Y:%H:%M:%S %z (default) +; The strftime(3) format must be encapsuled in a %{}t tag +; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t +; %u: remote user +; +; Default: "%R - %u %t \"%m %r\" %s" +;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%" + +; The log file for slow requests +; Default Value: not set +; Note: slowlog is mandatory if request_slowlog_timeout is set +;slowlog = log/$pool.log.slow + +; The timeout for serving a single request after which a PHP backtrace will be +; dumped to the 'slowlog' file. A value of '0s' means 'off'. +; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) +; Default Value: 0 +;request_slowlog_timeout = 0 + +; Depth of slow log stack trace. +; Default Value: 20 +;request_slowlog_trace_depth = 20 + +; The timeout for serving a single request after which the worker process will +; be killed. This option should be used when the 'max_execution_time' ini option +; does not stop script execution for some reason. A value of '0' means 'off'. +; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) +; Default Value: 0 +request_terminate_timeout = 60 + +; Set open file descriptor rlimit. +; Default Value: system defined value +;rlimit_files = 1024 + +; Set max core size rlimit. +; Possible Values: 'unlimited' or an integer greater or equal to 0 +; Default Value: system defined value +;rlimit_core = 0 + +; Chroot to this directory at the start. This value must be defined as an +; absolute path. When this value is not set, chroot is not used. +; Note: you can prefix with '$prefix' to chroot to the pool prefix or one +; of its subdirectories. If the pool prefix is not set, the global prefix +; will be used instead. +; Note: chrooting is a great security feature and should be used whenever +; possible. However, all PHP paths will be relative to the chroot +; (error_log, sessions.save_path, ...). +; Default Value: not set +;chroot = + +; Chdir to this directory at the start. +; Note: relative path can be used. +; Default Value: current directory or / when chroot +;chdir = /var/www + +; Redirect worker stdout and stderr into main error log. If not set, stdout and +; stderr will be redirected to /dev/null according to FastCGI specs. +; Note: on highloaded environement, this can cause some delay in the page +; process time (several ms). +; Default Value: no +;catch_workers_output = yes + +; Clear environment in FPM workers +; Prevents arbitrary environment variables from reaching FPM worker processes +; by clearing the environment in workers before env vars specified in this +; pool configuration are added. +; Setting to "no" will make all environment variables available to PHP code +; via getenv(), $_ENV and $_SERVER. +; Default Value: yes +;clear_env = no + +; Limits the extensions of the main script FPM will allow to parse. This can +; prevent configuration mistakes on the web server side. You should only limit +; FPM to .php extensions to prevent malicious users to use other extensions to +; execute php code. +; Note: set an empty value to allow all extensions. +; Default Value: .php +security.limit_extensions = .php .phar .phtml + +; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from +; the current environment. +; Default Value: clean env +;env[HOSTNAME] = $HOSTNAME +;env[PATH] = /usr/local/bin:/usr/bin:/bin +;env[TMP] = /tmp +;env[TMPDIR] = /tmp +;env[TEMP] = /tmp + +; Additional php.ini defines, specific to this pool of workers. These settings +; overwrite the values previously defined in the php.ini. The directives are the +; same as the PHP SAPI: +; php_value/php_flag - you can set classic ini defines which can +; be overwritten from PHP call 'ini_set'. +; php_admin_value/php_admin_flag - these directives won't be overwritten by +; PHP call 'ini_set' +; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no. + +; Defining 'extension' will load the corresponding shared extension from +; extension_dir. Defining 'disable_functions' or 'disable_classes' will not +; overwrite previously defined php.ini values, but will append the new value +; instead. + +; Note: path INI options can be relative and will be expanded with the prefix +; (pool, global or /usr) + +; Default Value: nothing is defined by default except the values in php.ini and +; specified at startup with the -d argument +;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com +;php_flag[display_errors] = off +;php_admin_value[error_log] = /var/log/fpm-php.www.log +;php_admin_flag[log_errors] = on +;php_admin_value[memory_limit] = 32M diff --git a/root/stuff-to-keep/php.ini b/root/stuff-to-keep/php.ini new file mode 100644 index 0000000..b81394b --- /dev/null +++ b/root/stuff-to-keep/php.ini @@ -0,0 +1,844 @@ +[PHP] +;;;;;;;;;;;;;;;;;;;; +; php.ini Options ; +;;;;;;;;;;;;;;;;;;;; +; Name for user-defined php.ini (.htaccess) files. Default is ".user.ini" +; To disable this feature set this option to an empty value +;user_ini.filename = ".user.ini" + +; TTL for user-defined php.ini files (time-to-live) in seconds. Default is 300 seconds (5 minutes) +;user_ini.cache_ttl = 300 + +;;;;;;;;;;;;;;;;;;;; +; Language Options ; +;;;;;;;;;;;;;;;;;;;; +; Enable the PHP scripting language engine under Apache. +; http://php.net/engine +engine = On + +; This directive determines whether or not PHP will recognize code between +; tags as PHP source which should be processed as such. It is +; generally recommended that should be used and that this feature +; should be disabled, as enabling it may result in issues when generating XML +; documents, however this remains supported for backward compatibility reasons. +; Note that this directive does not control the would work. +; http://php.net/syntax-highlighting +;highlight.string = #DD0000 +;highlight.comment = #FF9900 +;highlight.keyword = #007700 +;highlight.default = #0000BB +;highlight.html = #000000 + +; If enabled, the request will be allowed to complete even if the user aborts +; the request. Consider enabling it if executing long requests, which may end up +; being interrupted by the user or a browser timing out. PHP's default behavior +; is to disable this feature. +; http://php.net/ignore-user-abort +;ignore_user_abort = On + +; Determines the size of the realpath cache to be used by PHP. This value should +; be increased on systems where PHP opens many files to reflect the quantity of +; the file operations performed. +; Note: if open_basedir is set, the cache is disabled +; http://php.net/realpath-cache-size +;realpath_cache_size = 4096k + +; Duration of time, in seconds for which to cache realpath information for a given +; file or directory. For systems with rarely changing files, consider increasing this +; value. +; http://php.net/realpath-cache-ttl +;realpath_cache_ttl = 120 + +; Enables or disables the circular reference collector. +; http://php.net/zend.enable-gc +zend.enable_gc = On + +; If enabled, scripts may be written in encodings that are incompatible with +; the scanner. CP936, Big5, CP949 and Shift_JIS are the examples of such +; encodings. To use this feature, mbstring extension must be enabled. +; Default: Off +;zend.multibyte = Off + +; Allows to set the default encoding for the scripts. This value will be used +; unless "declare(encoding=...)" directive appears at the top of the script. +; Only affects if zend.multibyte is set. +; Default: "" +;zend.script_encoding = + +; Allows to include or exclude arguments from stack traces generated for exceptions. +; In production, it is recommended to turn this setting on to prohibit the output +; of sensitive information in stack traces +; Default: Off +zend.exception_ignore_args = On + +;;;;;;;;;;;;;;;;; +; Miscellaneous ; +;;;;;;;;;;;;;;;;; +; Decides whether PHP may expose the fact that it is installed on the server +; (e.g. by adding its signature to the Web server header). It is no security +; threat in any way, but it makes it possible to determine whether you use PHP +; on your server or not. +; http://php.net/expose-php +expose_php = Off + +;;;;;;;;;;;;;;;;;;; +; Resource Limits ; +;;;;;;;;;;;;;;;;;;; +; Maximum execution time of each script, in seconds +; http://php.net/max-execution-time +; Note: This directive is hardcoded to 0 for the CLI SAPI +max_execution_time = 45 + +; Maximum amount of time each script may spend parsing request data. It's a good +; idea to limit this time on productions servers in order to eliminate unexpectedly +; long running scripts. +; Note: This directive is hardcoded to -1 for the CLI SAPI +; Default Value: -1 (Unlimited) +; Development Value: 60 (60 seconds) +; Production Value: 60 (60 seconds) +; http://php.net/max-input-time +max_input_time = 30 + +; Maximum input variable nesting level +; http://php.net/max-input-nesting-level +;max_input_nesting_level = 64 + +; How many GET/POST/COOKIE input variables may be accepted +;max_input_vars = 1000 + +; Maximum amount of memory a script may consume +; http://php.net/memory-limit +memory_limit = 1073741824 + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +; Error handling and logging ; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +; This directive informs PHP of which errors, warnings and notices you would like +; it to take action for. The recommended way of setting values for this +; directive is through the use of the error level constants and bitwise +; operators. The error level constants are below here for convenience as well as +; some common settings and their meanings. +; By default, PHP is set to take action on all errors, notices and warnings EXCEPT +; those related to E_NOTICE and E_STRICT, which together cover best practices and +; recommended coding standards in PHP. For performance reasons, this is the +; recommend error reporting setting. Your production server shouldn't be wasting +; resources complaining about best practices and coding standards. That's what +; development servers and development settings are for. +; Note: The php.ini-development file has this setting as E_ALL. This +; means it pretty much reports everything which is exactly what you want during +; development and early testing. +; +; Error Level Constants: +; E_ALL - All errors and warnings (includes E_STRICT as of PHP 5.4.0) +; E_ERROR - fatal run-time errors +; E_RECOVERABLE_ERROR - almost fatal run-time errors +; E_WARNING - run-time warnings (non-fatal errors) +; E_PARSE - compile-time parse errors +; E_NOTICE - run-time notices (these are warnings which often result +; from a bug in your code, but it's possible that it was +; intentional (e.g., using an uninitialized variable and +; relying on the fact it is automatically initialized to an +; empty string) +; E_STRICT - run-time notices, enable to have PHP suggest changes +; to your code which will ensure the best interoperability +; and forward compatibility of your code +; E_CORE_ERROR - fatal errors that occur during PHP's initial startup +; E_CORE_WARNING - warnings (non-fatal errors) that occur during PHP's +; initial startup +; E_COMPILE_ERROR - fatal compile-time errors +; E_COMPILE_WARNING - compile-time warnings (non-fatal errors) +; E_USER_ERROR - user-generated error message +; E_USER_WARNING - user-generated warning message +; E_USER_NOTICE - user-generated notice message +; E_DEPRECATED - warn about code that will not work in future versions +; of PHP +; E_USER_DEPRECATED - user-generated deprecation warnings +; +; Common Values: +; E_ALL (Show all errors, warnings and notices including coding standards.) +; E_ALL & ~E_NOTICE (Show all errors, except for notices) +; E_ALL & ~E_NOTICE & ~E_STRICT (Show all errors, except for notices and coding standards warnings.) +; E_COMPILE_ERROR|E_RECOVERABLE_ERROR|E_ERROR|E_CORE_ERROR (Show only errors) +; Default Value: E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED +; Development Value: E_ALL +; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT +; http://php.net/error-reporting +error_reporting = ~E_DEPRECATED | ~E_USER_DEPRECATED | E_ERROR | E_RECOVERABLE_ERROR | E_CORE_ERROR | E_COMPILE_ERROR | E_USER_ERROR + +; This directive controls whether or not and where PHP will output errors, +; notices and warnings too. Error output is very useful during development, but +; it could be very dangerous in production environments. Depending on the code +; which is triggering the error, sensitive information could potentially leak +; out of your application such as database usernames and passwords or worse. +; For production environments, we recommend logging errors rather than +; sending them to STDOUT. +; Possible Values: +; Off = Do not display any errors +; stderr = Display errors to STDERR (affects only CGI/CLI binaries!) +; On or stdout = Display errors to STDOUT +; Default Value: On +; Development Value: On +; Production Value: Off +; http://php.net/display-errors +display_errors = On + +; The display of errors which occur during PHP's startup sequence are handled +; separately from display_errors. PHP's default behavior is to suppress those +; errors from clients. Turning the display of startup errors on can be useful in +; debugging configuration problems. We strongly recommend you +; set this to 'off' for production servers. +; Default Value: Off +; Development Value: On +; Production Value: Off +; http://php.net/display-startup-errors +display_startup_errors = On + +; Besides displaying errors, PHP can also log errors to locations such as a +; server-specific log, STDERR, or a location specified by the error_log +; directive found below. While errors should not be displayed on productions +; servers they should still be monitored and logging is a great way to do that. +; Default Value: Off +; Development Value: On +; Production Value: On +; http://php.net/log-errors +log_errors = On + +; Set maximum length of log_errors. In error_log information about the source is +; added. The default is 1024 and 0 allows to not apply any maximum length at all. +; http://php.net/log-errors-max-len +log_errors_max_len = 1024 + +; Do not log repeated messages. Repeated errors must occur in same file on same +; line unless ignore_repeated_source is set true. +; http://php.net/ignore-repeated-errors +ignore_repeated_errors = Off + +; Ignore source of message when ignoring repeated messages. When this setting +; is On you will not log errors with repeated messages from different files or +; source lines. +; http://php.net/ignore-repeated-source +ignore_repeated_source = Off + +; If this parameter is set to Off, then memory leaks will not be shown (on +; stdout or in the log). This is only effective in a debug compile, and if +; error reporting includes E_WARNING in the allowed list +; http://php.net/report-memleaks +report_memleaks = On + +; This setting is on by default. +;report_zend_debug = 0 + +; Store the last error/warning message in $php_errormsg (boolean). Setting this value +; to On can assist in debugging and is appropriate for development servers. It should +; however be disabled on production servers. +; This directive is DEPRECATED. +; Default Value: Off +; Development Value: Off +; Production Value: Off +; http://php.net/track-errors +;track_errors = Off + +; Turn off normal error reporting and emit XML-RPC error XML +; http://php.net/xmlrpc-errors +;xmlrpc_errors = 0 + +; An XML-RPC faultCode +;xmlrpc_error_number = 0 + +; When PHP displays or logs an error, it has the capability of formatting the +; error message as HTML for easier reading. This directive controls whether +; the error message is formatted as HTML or not. +; Note: This directive is hardcoded to Off for the CLI SAPI +; http://php.net/html-errors +;html_errors = On + +; If html_errors is set to On *and* docref_root is not empty, then PHP +; produces clickable error messages that direct to a page describing the error +; or function causing the error in detail. +; You can download a copy of the PHP manual from http://php.net/docs +; and change docref_root to the base URL of your local copy including the +; leading '/'. You must also specify the file extension being used including +; the dot. PHP's default behavior is to leave these settings empty, in which +; case no links to documentation are generated. +; Note: Never use this feature for production boxes. +; http://php.net/docref-root +; Examples +;docref_root = "/phpmanual/" + +; http://php.net/docref-ext +;docref_ext = .html + +; String to output before an error message. PHP's default behavior is to leave +; this setting blank. +; http://php.net/error-prepend-string +; Example: +;error_prepend_string = "" + +; String to output after an error message. PHP's default behavior is to leave +; this setting blank. +; http://php.net/error-append-string +; Example: +;error_append_string = "" + +; Log errors to specified file. PHP's default behavior is to leave this value +; empty. +; http://php.net/error-log +; Example: +;error_log = php_errors.log +; Log errors to syslog (Event Log on Windows). +error_log = syslog + +; The syslog ident is a string which is prepended to every message logged +; to syslog. Only used when error_log is set to syslog. +syslog.ident = php + +; The syslog facility is used to specify what type of program is logging +; the message. Only used when error_log is set to syslog. +syslog.facility = local2 + +; Set this to disable filtering control characters (the default). +; Some loggers only accept NVT-ASCII, others accept anything that's not +; control characters. If your logger accepts everything, then no filtering +; is needed at all. +; Allowed values are: +; ascii (all printable ASCII characters and NL) +; no-ctrl (all characters except control characters) +; all (all characters) +; raw (like "all", but messages are not split at newlines) +; http://php.net/syslog.filter +syslog.filter = ascii + +;windows.show_crt_warning +; Default value: 0 +; Development value: 0 +; Production value: 0 + +;;;;;;;;;;;;;;;;; +; Data Handling ; +;;;;;;;;;;;;;;;;; +; The separator used in PHP generated URLs to separate arguments. +; PHP's default setting is "&". +; http://php.net/arg-separator.output +; Example: +;arg_separator.output = "&" + +; List of separator(s) used by PHP to parse input URLs into variables. +; PHP's default setting is "&". +; NOTE: Every character in this directive is considered as separator! +; http://php.net/arg-separator.input +; Example: +;arg_separator.input = ";&" + +; This directive determines which super global arrays are registered when PHP +; starts up. G,P,C,E & S are abbreviations for the following respective super +; globals: GET, POST, COOKIE, ENV and SERVER. There is a performance penalty +; paid for the registration of these arrays and because ENV is not as commonly +; used as the others, ENV is not recommended on productions servers. You +; can still get access to the environment variables through getenv() should you +; need to. +; Default Value: "EGPCS" +; Development Value: "GPCS" +; Production Value: "GPCS"; +; http://php.net/variables-order +variables_order = "GPCS" + +; This directive determines which super global data (G,P & C) should be +; registered into the super global array REQUEST. If so, it also determines +; the order in which that data is registered. The values for this directive +; are specified in the same manner as the variables_order directive, +; EXCEPT one. Leaving this value empty will cause PHP to use the value set +; in the variables_order directive. It does not mean it will leave the super +; globals array REQUEST empty. +; Default Value: None +; Development Value: "GP" +; Production Value: "GP" +; http://php.net/request-order +request_order = "GP" + +; This directive determines whether PHP registers $argv & $argc each time it +; runs. $argv contains an array of all the arguments passed to PHP when a script +; is invoked. $argc contains an integer representing the number of arguments +; that were passed when the script was invoked. These arrays are extremely +; useful when running scripts from the command line. When this directive is +; enabled, registering these variables consumes CPU cycles and memory each time +; a script is executed. For performance reasons, this feature should be disabled +; on production servers. +; Note: This directive is hardcoded to On for the CLI SAPI +; Default Value: On +; Development Value: Off +; Production Value: Off +; http://php.net/register-argc-argv +register_argc_argv = Off + +; When enabled, the ENV, REQUEST and SERVER variables are created when they're +; first used (Just In Time) instead of when the script starts. If these +; variables are not used within a script, having this directive on will result +; in a performance gain. The PHP directive register_argc_argv must be disabled +; for this directive to have any effect. +; http://php.net/auto-globals-jit +auto_globals_jit = On + +; Whether PHP will read the POST data. +; This option is enabled by default. +; Most likely, you won't want to disable this option globally. It causes $_POST +; and $_FILES to always be empty; the only way you will be able to read the +; POST data will be through the php://input stream wrapper. This can be useful +; to proxy requests or to process the POST data in a memory efficient fashion. +; http://php.net/enable-post-data-reading +;enable_post_data_reading = Off + +; Maximum size of POST data that PHP will accept. +; Its value may be 0 to disable the limit. It is ignored if POST data reading +; is disabled through enable_post_data_reading. +; http://php.net/post-max-size +post_max_size = 8M + +; Automatically add files before PHP document. +; http://php.net/auto-prepend-file +auto_prepend_file = + +; Automatically add files after PHP document. +; http://php.net/auto-append-file +auto_append_file = + +; By default, PHP will output a media type using the Content-Type header. To +; disable this, simply set it to be empty. +; PHP's built-in default media type is set to text/html. +; http://php.net/default-mimetype +default_mimetype = "text/html" + +; PHP's default character set is set to UTF-8. +; http://php.net/default-charset +default_charset = "UTF-8" + +; PHP internal character encoding is set to empty. +; If empty, default_charset is used. +; http://php.net/internal-encoding +;internal_encoding = + +; PHP input character encoding is set to empty. +; If empty, default_charset is used. +; http://php.net/input-encoding +;input_encoding = + +; PHP output character encoding is set to empty. +; If empty, default_charset is used. +; See also output_buffer. +; http://php.net/output-encoding +;output_encoding = + +;;;;;;;;;;;;;;;;;;;;;;;;; +; Paths and Directories ; +;;;;;;;;;;;;;;;;;;;;;;;;; +; PHP's default setting for include_path is ".;/path/to/php/pear" +; http://php.net/include-path +;include_path = ".:/php/includes" + +; The root of the PHP pages, used only if nonempty. +; if PHP was not compiled with FORCE_REDIRECT, you SHOULD set doc_root +; if you are running php as a CGI under any web server (other than IIS) +; see documentation for security issues. The alternate is to use the +; cgi.force_redirect configuration below +; http://php.net/doc-root +;doc_root = + +; The directory under which PHP opens the script using /~username used only +; if nonempty. +; http://php.net/user-dir +;user_dir = + +; Directory in which the loadable extensions (modules) reside. +; http://php.net/extension-dir +;extension_dir = "./" + +; Directory where the temporary files should be placed. +; Defaults to the system default (see sys_get_temp_dir) +;sys_temp_dir = "/tmp" + +; Whether or not to enable the dl() function. The dl() function does NOT work +; properly in multithreaded servers, such as IIS or Zeus, and is automatically +; disabled on them. +; http://php.net/enable-dl +enable_dl = Off + +; cgi.force_redirect is necessary to provide security running PHP as a CGI under +; most web servers. Left undefined, PHP turns this on by default. You can +; turn it off here AT YOUR OWN RISK +; **You CAN safely turn this off for IIS, in fact, you MUST.** +; http://php.net/cgi.force-redirect +;cgi.force_redirect = 1 + +; if cgi.nph is enabled it will force cgi to always sent Status: 200 with +; every request. PHP's default behavior is to disable this feature. +;cgi.nph = 1 + +; if cgi.force_redirect is turned on, and you are not running under Apache or Netscape +; (iPlanet) web servers, you MAY need to set an environment variable name that PHP +; will look for to know it is OK to continue execution. Setting this variable MAY +; cause security issues, KNOW WHAT YOU ARE DOING FIRST. +; http://php.net/cgi.redirect-status-env +;cgi.redirect_status_env = + +; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI. PHP's +; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok +; what PATH_INFO is. For more information on PATH_INFO, see the cgi specs. Setting +; this to 1 will cause PHP CGI to fix its paths to conform to the spec. A setting +; of zero causes PHP to behave as before. Default is 1. You should fix your scripts +; to use SCRIPT_FILENAME rather than PATH_TRANSLATED. +; http://php.net/cgi.fix-pathinfo +;cgi.fix_pathinfo=1 + +; if cgi.discard_path is enabled, the PHP CGI binary can safely be placed outside +; of the web tree and people will not be able to circumvent .htaccess security. +;cgi.discard_path=1 + +; FastCGI under IIS supports the ability to impersonate +; security tokens of the calling client. This allows IIS to define the +; security context that the request runs under. mod_fastcgi under Apache +; does not currently support this feature (03/17/2002) +; Set to 1 if running under IIS. Default is zero. +; http://php.net/fastcgi.impersonate +;fastcgi.impersonate = 1 + +; Disable logging through FastCGI connection. PHP's default behavior is to enable +; this feature. +;fastcgi.logging = 0 + +; cgi.rfc2616_headers configuration option tells PHP what type of headers to +; use when sending HTTP response code. If set to 0, PHP sends Status: header that +; is supported by Apache. When this option is set to 1, PHP will send +; RFC2616 compliant header. +; Default is zero. +; http://php.net/cgi.rfc2616-headers +;cgi.rfc2616_headers = 0 + +; cgi.check_shebang_line controls whether CGI PHP checks for line starting with #! +; (shebang) at the top of the running script. This line might be needed if the +; script support running both as stand-alone script and via PHP CGI<. PHP in CGI +; mode skips this line and ignores its content if this directive is turned on. +; http://php.net/cgi.check-shebang-line +;cgi.check_shebang_line=1 + +;;;;;;;;;;;;;;;; +; File Uploads ; +;;;;;;;;;;;;;;;; +; Whether to allow HTTP file uploads. +; http://php.net/file-uploads +file_uploads = On + +; Temporary directory for HTTP uploaded files (will use system default if not +; specified). +; http://php.net/upload-tmp-dir +upload_tmp_dir = /var/lib/php/uploads + +; Maximum allowed size for uploaded files. +; http://php.net/upload-max-filesize +upload_max_filesize = 20M + +; Maximum number of files that can be uploaded via a single request +max_file_uploads = 20 + +;;;;;;;;;;;;;;;;;; +; Fopen wrappers ; +;;;;;;;;;;;;;;;;;; +; Whether to allow the treatment of URLs (like http:// or ftp://) as files. +; http://php.net/allow-url-fopen +allow_url_fopen = On + +; Whether to allow include/require to open URLs (like http:// or ftp://) as files. +; http://php.net/allow-url-include +allow_url_include = Off + +; Define the anonymous ftp password (your email address). PHP's default setting +; for this is empty. +; http://php.net/from +;from="john@doe.com" + +; Define the User-Agent string. PHP's default setting for this is empty. +; http://php.net/user-agent +;user_agent="PHP" + +; Default timeout for socket based streams (seconds) +; http://php.net/default-socket-timeout +default_socket_timeout = 60 + +; If your scripts have to deal with files from Macintosh systems, +; or you are running on a Mac and need to deal with files from +; unix or win32 systems, setting this flag will cause PHP to +; automatically detect the EOL character in those files so that +; fgets() and file() will work regardless of the source of the file. +; http://php.net/auto-detect-line-endings +;auto_detect_line_endings = Off + +[Assertion] +; Switch whether to compile assertions at all (to have no overhead at run-time) +; -1: Do not compile at all +; 0: Jump over assertion at run-time +; 1: Execute assertions +; Changing from or to a negative value is only possible in php.ini! (For turning assertions on and off at run-time, see assert.active, when zend.assertions = 1) +; Default Value: 1 +; Development Value: 1 +; Production Value: -1 +; http://php.net/zend.assertions +zend.assertions = -1 + +; Assert(expr); active by default. +; http://php.net/assert.active +;assert.active = On + +; Throw an AssertionError on failed assertions +; http://php.net/assert.exception +;assert.exception = On + +; Issue a PHP warning for each failed assertion. (Overridden by assert.exception if active) +; http://php.net/assert.warning +;assert.warning = On + +; Don't bail out by default. +; http://php.net/assert.bail +;assert.bail = Off + +; User-function to be called if an assertion fails. +; http://php.net/assert.callback +;assert.callback = 0 + +; Eval the expression with current error_reporting(). Set to true if you want +; error_reporting(0) around the eval(). +; http://php.net/assert.quiet-eval +;assert.quiet_eval = 0 + +[browscap] +; http://php.net/browscap +;browscap = extra/browscap.ini + +[CLI Server] +; Whether the CLI web server uses ANSI color coding in its terminal output. +cli_server.color = On + +[Date] +; Defines the default timezone used by the date functions +; http://php.net/date.timezone +date.timezone = UTC + +; http://php.net/date.default-latitude +;date.default_latitude = 31.7667 + +; http://php.net/date.default-longitude +;date.default_longitude = 35.2333 + +; http://php.net/date.sunrise-zenith +;date.sunrise_zenith = 90.583333 + +; http://php.net/date.sunset-zenith +;date.sunset_zenith = 90.583333 + + +;;;;;;;;;;;;;;;;;;;;;;;;;;;; +; Built-In Module Settings ; +;;;;;;;;;;;;;;;;;;;;;;;;;;;; + +[COM] +; path to a file containing GUIDs, IIDs or filenames of files with TypeLibs +; http://php.net/com.typelib-file +;com.typelib_file = + +; allow Distributed-COM calls +; http://php.net/com.allow-dcom +;com.allow_dcom = true + +; autoregister constants of a component's typlib on com_load() +; http://php.net/com.autoregister-typelib +;com.autoregister_typelib = true + +; register constants casesensitive +; http://php.net/com.autoregister-casesensitive +;com.autoregister_casesensitive = false + +; show warnings on duplicate constant registrations +; http://php.net/com.autoregister-verbose +;com.autoregister_verbose = true + +; The default character set code-page to use when passing strings to and from COM objects. +; Default: system ANSI code page +;com.code_page= + +[filter] +; http://php.net/filter.default +;filter.default = unsafe_raw + +; http://php.net/filter.default-flags +;filter.default_flags = + +[mail function] +; You may supply arguments as well (default: "sendmail -t -i"). +; http://php.net/sendmail-path +;sendmail_path = "/usr/sbin/sendmail -f 'noreply@slackware.uk' -t" + +; Force the addition of the specified parameters to be passed as extra parameters +; to the sendmail binary. These parameters will always replace the value of +; the 5th parameter to mail(). +;mail.force_extra_parameters = + +; Add X-PHP-Originating-Script: that will include uid of the script followed by the filename +mail.add_x_header = Off + +; The path to a log file that will log all mail() calls. Log entries include +; the full path of the script, line number, To address and headers. +;mail.log = +; Log mail to syslog (Event Log on Windows). +;mail.log = syslog + +[Pcre] +; PCRE library backtracking limit. +; http://php.net/pcre.backtrack-limit +;pcre.backtrack_limit=100000 + +; PCRE library recursion limit. +; Please note that if you set this value to a high number you may consume all +; the available process stack and eventually crash PHP (due to reaching the +; stack size limit imposed by the Operating System). +; http://php.net/pcre.recursion-limit +;pcre.recursion_limit=100000 + +; Enables or disables JIT compilation of patterns. This requires the PCRE +; library to be compiled with JIT support. +;pcre.jit=1 diff --git a/root/stuff-to-keep/pushover-alert.start b/root/stuff-to-keep/pushover-alert.start new file mode 100755 index 0000000..3b1f2ac --- /dev/null +++ b/root/stuff-to-keep/pushover-alert.start @@ -0,0 +1,4 @@ +#!/bin/bash + +# Alert that this host is up. +( sleep 30; [[ -x /opt/sbin/pushover-client ]] && /opt/sbin/pushover-client -p -1 -m "Boot up: ${HOSTNAME%%.*}" ) & diff --git a/root/stuff-to-keep/pushover-alert.stop b/root/stuff-to-keep/pushover-alert.stop new file mode 100755 index 0000000..ebfff6a --- /dev/null +++ b/root/stuff-to-keep/pushover-alert.stop @@ -0,0 +1,4 @@ +#!/bin/bash + +# Alert that this host is going down. +[[ -x /opt/sbin/pushover-client ]] && /opt/sbin/pushover-client -p -1 -m "Shut down: ${HOSTNAME%%.*}" &