Compare commits
30 Commits
main
...
improved-i
Author | SHA1 | Date | |
---|---|---|---|
59b3181d61 | |||
|
f139ea55b4 | ||
|
2e154389de | ||
f5ef18851c | |||
8886b572b0 | |||
a17e2c6fe9 | |||
9366d8b6d7 | |||
5c3eb7f358 | |||
33cf371a0d | |||
9aa0a89b79 | |||
3a01543c8b | |||
87973dfb6e | |||
85286b5412 | |||
6f36d515e3 | |||
323b4dd306 | |||
e75d03a313 | |||
930441ae9a | |||
f9a3bd789b | |||
15dd844093 | |||
43d7375dae | |||
cd3210c5fb | |||
221ce69a80 | |||
1ca0272031 | |||
e244895552 | |||
cea66f285a | |||
50167c0f03 | |||
7b98c953b1 | |||
528af8b0f5 | |||
9b317d1677 | |||
5fa67890c2 |
6
.gitignore
vendored
6
.gitignore
vendored
@ -1,12 +1,14 @@
|
||||
# Generated files
|
||||
roles/Node/files/*-vm.service
|
||||
roles/Nazara/files/dns
|
||||
roles/Nazara/files/dhcp
|
||||
roles/Chappaai/files/dns
|
||||
roles/Chappaai/files/dhcp
|
||||
roles/Node/files/vm-definitions/**
|
||||
roles/ShadowArch/files/mirrorlist
|
||||
roles/Sharingan/files/monit/checks/availability
|
||||
roles/Foundation/files/custom/public/img/**
|
||||
roles/Maat/files/pacoloco.yaml
|
||||
venv/**
|
||||
wiki/**
|
||||
**/pkg/**
|
||||
**/src/**
|
||||
**pkg.tar.zst
|
||||
|
4
PKGBUILD
4
PKGBUILD
@ -4,10 +4,10 @@ pkgrel=1
|
||||
pkgrel() {
|
||||
git log "$(git describe --tag --abbrev=0)"..HEAD | grep -c commit
|
||||
}
|
||||
epoch=
|
||||
epoch="$(git log | grep -c commit)"
|
||||
pkgdesc="$(head -n 1 README.md)"
|
||||
arch=("x86_64")
|
||||
url="https://aninix.net/foundation/${pkgname}"
|
||||
url="$(git config remote.origin.url | sed 's/.git$//')"
|
||||
license=('custom')
|
||||
groups=()
|
||||
depends=('bash>=4.4' 'python>=3.11' 'ansible>=8.3' 'tmux' 'openssh')
|
||||
|
26
README.md
26
README.md
@ -1,10 +1,10 @@
|
||||
This project will discover and provide inventory intelligence to Sora, Shadowfeed, Geth, and Sharingan.
|
||||
|
||||
*Note*: This project is in progress -- former Makefiles from [ConfigPackages](/AniNIX/ConfigPackages) are being upgraded into Ansible playbooks here.
|
||||
This project is our Infrastructure-as-Code solution, detailing the deployment & some repeatable operational tasks of the AniNIX.
|
||||
|
||||
# Etymology
|
||||
|
||||
It is named after the fictional Star Wars Imperial Intelligence organization that oversaw the various divisions of Intelligence and orchestrated their operations. Like its namesake, this project oversees the various tools within our ecosystem and enforces compliance with standards.
|
||||
It is named after flagship carrier Kapisi from the game [Homeworld: Deserts of Kharak](https://store.steampowered.com/app/281610?snr=5000_5100___primarylinks). The carrier was the command and production center of Operation Khadiim, an expedition to understand an anomaly on their world & escape the fanaticism of their Gaalsien rivals. The S'jet were able to succeed in this mission not only due to the military efficacy of their forces but also through the research and production capabilities available to the Kapisi.
|
||||
|
||||
This project seeks to give other admins and engineers to launch their own infrastructures and break out of any strangleholds that may have entangled them, whether that is tribalism, vendor lock, or stigma.
|
||||
|
||||
# Relevant Files and Software
|
||||
|
||||
@ -14,7 +14,7 @@ export ANSIBLE_VAULT_PASSWORD_FILE=$HOME/password-store/${organization}.vault.pa
|
||||
export ANSIBLE_VAULT_FILE=$HOME/password-store/${organization}.vault
|
||||
```
|
||||
|
||||
Take a look at `examples/msn0.yml` as an example inventory -- make sure you populate one of your own.
|
||||
Take a look at `examples/msn0.yml` as an example inventory -- make sure you populate one of your own. The scripts here expect inventories to have layers of groups -- the top group under `all` must be managed vs. unmanaged. The rest of the scripts use YAMLPath to sort out the rest of the groups.
|
||||
|
||||
Once you have your vault and inventory, use [AniNIX/ShadowArch](/AniNIX/ShadowArch) with your hypervisor to provision the base image for your machines, or [Raspbian](https://www.raspberrypi.org/).
|
||||
|
||||
@ -30,14 +30,22 @@ We've also added two scripts in `./bin` to make your life easier:
|
||||
|
||||
Happy hacking!
|
||||
|
||||
## Exceptions
|
||||
# Etymology
|
||||
|
||||
Some services, such as AniNIX/Sharingan and AniNIX/Geth, store their configuration in internal datastructures and databases such that we cannot easily export our build for others to use. We will document what we have done for each of these as best we can in the README.md files for others to replicate. Backups of these services into AniNIX/Aether are therefore dumps of these databases and not available to share.
|
||||
The [Ubiqtorate](https://starwars.fandom.com/wiki/Ubiqtorate/Legends) was a far-reaching security orchestration entity within Palpatine's Empire. It was mean to collect and act on intelligence to improve the security posture of the regime. We use this project similarly -- Ubiqtorate is the Infrastructure-as-Code behind the throne, making changes and ensuring services stay in line.
|
||||
|
||||
# Relevant Files and Software
|
||||
|
||||
This project is mostly built on [Ansible](https://docs.ansible.com/). You will need to understand inventories, playbooks, and vaults at the minimum.
|
||||
|
||||
# Available Clients
|
||||
|
||||
This service is a management tool -- its files get used by the Ansible toolset. There are no clients to connect directly to this service, as we have chosen a serverless approach.
|
||||
None -- this project is used to describe actions for other services to take.
|
||||
|
||||
# Equivalents or Competition
|
||||
|
||||
This service is our elected Infrastructure-as-Code solution -- many professional tools like Ansible Tower, Terraform, etc. do the same thing. Some apps ship OVA's, or prebuilt images, of their software. Docker registries also serve as similar way to document the means by which services are built.
|
||||
Similar tools include Puppet, chef, salty, Ansible Tower, Terraform, etc. We have chosen to go the raw Ansible route, so that we don't have to maintain the build infrastructure separately and to make our responses more agile.
|
||||
|
||||
# Exceptions
|
||||
|
||||
Some services, such as AniNIX/Sharingan and AniNIX/Geth, store their configuration in internal datastructures and databases such that we cannot easily export our build for others to use. We will document what we have done for each of these as best we can in the README.md files for others to replicate. Backups of these services into AniNIX/Aether are therefore dumps of these databases and not available to share.
|
||||
|
@ -1,5 +1,8 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Ensure we are in the source directory.
|
||||
cd $(dirname $0)/..
|
||||
|
||||
# Role is first argument
|
||||
role="$1"
|
||||
if [ -z "$role" ]; then
|
||||
|
@ -1,5 +1,8 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Ensure we are in the source directory.
|
||||
cd $(dirname $0)/..
|
||||
|
||||
# Arguments
|
||||
inventory="$1"
|
||||
if [ "$inventory" == "-h" ] || [ "$inventory" == "--help" ]; then
|
||||
|
@ -11,6 +11,7 @@
|
||||
import os
|
||||
import subprocess
|
||||
import sys
|
||||
import re
|
||||
import yaml
|
||||
|
||||
rolepath='../roles/Sharingan/files'
|
||||
|
@ -2,6 +2,7 @@
|
||||
# File: generate-pihole-dns-dhcp.py
|
||||
#
|
||||
# Description: This file generates the DNS and DHCP files for pihole.
|
||||
# It expects that the inventory has two levels of grouping.
|
||||
#
|
||||
# Package: AniNIX/Ubiqtorate
|
||||
# Copyright: WTFPL
|
||||
@ -9,43 +10,37 @@
|
||||
# Author: DarkFeather <darkfeather@aninix.net>
|
||||
|
||||
import os
|
||||
import re
|
||||
import subprocess
|
||||
import sys
|
||||
import yaml
|
||||
from kapisi_lib import *
|
||||
|
||||
rolepath='../roles/Nazara/files'
|
||||
rolepath='../roles/Chappaai/files'
|
||||
dnsfilepath=rolepath+"/dns"
|
||||
dhcpfilepath=rolepath+"/dhcp"
|
||||
entryset={}
|
||||
|
||||
def WriteDHCPEntry(content,hosttype,hostclass):
|
||||
def WriteDHCPEntries(replica_domain,dhcpfile):
|
||||
### Create the DHCP entry
|
||||
# param content: the yaml content to parse
|
||||
# param hosttype: managed or unmanaged
|
||||
# param hostclass: the type of host as classified in the yaml
|
||||
global dhcpfile
|
||||
global entryset
|
||||
for host in entryset:
|
||||
# Entries should be:
|
||||
# dhcp-host=mac,ip,fqdn
|
||||
dhcpfile.write('dhcp-host=' + entryset[host][1] + ',' + entryset[host][0] + ',' + host + '.' + replica_domain + '\n')
|
||||
|
||||
with open(dhcpfilepath,'a') as dhcpfile:
|
||||
for host in content['all']['children'][hosttype]['children'][hostclass]['hosts']:
|
||||
try:
|
||||
dhcpfile.write('dhcp-host=' + content['all']['children'][hosttype]['children'][hostclass]['hosts'][host]['mac'] + ',' + content['all']['children'][hosttype]['children'][hostclass]['hosts'][host]['ip'] + ',' + host + '.' + content['all']['vars']['replica_domain'] + '\n')
|
||||
except:
|
||||
print(host + ' is not complete for DHCP.')
|
||||
|
||||
def WriteDNSEntry(content,hosttype,hostclass):
|
||||
def WriteDNSEntries(replica_domain,dnsfile):
|
||||
### Create the DNS entry
|
||||
# param content: the yaml content to parse
|
||||
# param hosttype: managed or unmanaged
|
||||
# param hostclass: the type of host as classified in the yaml
|
||||
global dnsfile
|
||||
|
||||
with open(dnsfilepath,'a') as dnsfile:
|
||||
|
||||
# Write host entries
|
||||
for host in content['all']['children'][hosttype]['children'][hostclass]['hosts']:
|
||||
try:
|
||||
dnsfile.write(content['all']['children'][hosttype]['children'][hostclass]['hosts'][host]['ip'] + ' ' + host + '.' + content['all']['vars']['replica_domain'] + ' ' + host + '\n')
|
||||
except:
|
||||
print(host + ' is not complete for DNS.')
|
||||
global entryset
|
||||
for host in entryset:
|
||||
# Entries should be:
|
||||
# ip host fqdn
|
||||
dnsfile.write(entryset[host][0] + ' ' + host + '.' + replica_domain + ' ' + host + '\n')
|
||||
|
||||
def GenerateFiles(file):
|
||||
### Open the file and parse it
|
||||
@ -58,29 +53,30 @@ def GenerateFiles(file):
|
||||
# Parse the yaml
|
||||
with open(file, 'r') as stream:
|
||||
content = yaml.safe_load(stream)
|
||||
replica_domain = content['all']['vars']['replica_domain']
|
||||
external_domain = content['all']['vars']['external_domain']
|
||||
|
||||
# Clear the DNS file
|
||||
with open(dhcpfilepath,'w') as dhcpfile:
|
||||
dhcpfile.write('dhcp-range='+content['all']['vars']['dhcprange']+'\n')
|
||||
dhcpfile.write('dhcp-option=option:dns-server,'+content['all']['vars']['dns']+'\n\n')
|
||||
dhcpfile.write('dhcp-range='+content['all']['vars']['staticrange']+'\n')
|
||||
WriteDHCPEntries(replica_domain,dhcpfile)
|
||||
with open(dnsfilepath,'w') as dnsfile:
|
||||
vips=subprocess.run(["/bin/bash", "-c", "echo | openssl s_client -connect "+content['all']['vars']['external_domain']+":443 | openssl x509 -text -noout | grep DNS: | tr ',' '\n' | sed 's/\s\+DNS://' | grep -ivE ^"+content['all']['vars']['external_domain']+" | tr '\n' ' '"], capture_output=True).stdout.decode("utf-8")
|
||||
dnsfile.write(content['all']['vars']['webfront']+' '+content['all']['vars']['external_domain']+' '+vips+"\n")
|
||||
|
||||
# Add DNS entries for each host
|
||||
hosttype = 'managed'
|
||||
for hostclass in ['physical','virtual','geth_hubs']:
|
||||
WriteDNSEntry(content,hosttype,hostclass)
|
||||
WriteDHCPEntry(content,hosttype,hostclass)
|
||||
hosttype = 'unmanaged'
|
||||
for hostclass in ['ovas','test_ovas','appliances','adhoc_appliances','iot']:
|
||||
WriteDNSEntry(content,hosttype,hostclass)
|
||||
WriteDHCPEntry(content,hosttype,hostclass)
|
||||
dnsfile.write(content['all']['vars']['webfront']+' '+external_domain+' '+content['all']['vars']['external_subdomains'].replace(' ','.'+external_domain+' ')+'.'+external_domain+' '+content['all']['vars']['hosted_domains']+"\n")
|
||||
WriteDNSEntries(replica_domain,dnsfile)
|
||||
print('Files should be in '+rolepath);
|
||||
|
||||
### Main function
|
||||
# param sys.argv: Input arguments
|
||||
if __name__ == '__main__':
|
||||
if len(sys.argv) != 2:
|
||||
if len(sys.argv) < 2:
|
||||
print("You need to supply an inventory file.")
|
||||
sys.exit(1)
|
||||
if len(sys.argv) == 3:
|
||||
entryset = TrackIPEntries(sys.argv[1],sys.argv[2])
|
||||
else:
|
||||
entryset = TrackIPEntries(sys.argv[1])
|
||||
GenerateFiles(sys.argv[1])
|
||||
#dumper.dump(entryset)
|
||||
sys.exit(0)
|
||||
|
@ -1,6 +1,6 @@
|
||||
#!/bin/bash
|
||||
|
||||
# File: gen-ssh-keyscan
|
||||
# File: ./generate-ssh-keyscan
|
||||
#
|
||||
# Description: This file generates a known_host block for the inventory.
|
||||
#
|
||||
|
@ -13,7 +13,7 @@ import shutil
|
||||
import sys
|
||||
import yaml
|
||||
|
||||
filepath="roles/Node/files/vm-definitions/"
|
||||
filepath="../roles/Node/files/vm-definitions/"
|
||||
|
||||
def WriteVMFile(content,hosttype,hostclass):
|
||||
### Create the service files for the hosts
|
||||
@ -54,7 +54,7 @@ def WriteVMFile(content,hosttype,hostclass):
|
||||
vmfile.write('[Service]\n')
|
||||
vmfile.write('ExecStart=/usr/sbin/qemu-system-x86_64 -name AniNIX/' + host + ' -machine type=pc,accel=kvm')
|
||||
if 'uefi' in content['all']['children'][hosttype]['children'][hostclass]['hosts'][host].keys(): vmfile.write(' -bios /usr/share/edk2-ovmf/x64/OVMF.fd')
|
||||
vmfile.write(' -cpu qemu64 -smp ' + cores + ' ' + disks + ' -net nic,macaddr=' + mac + ',model=virtio -net bridge,br=' + bridge + ' -vga std -nographic -vnc :' + str(vnc) + ' -m size=' + str(memory) + 'G -device virtio-rng-pci\n')
|
||||
vmfile.write(' -cpu host -smp ' + cores + ' ' + disks + ' -net nic,macaddr=' + mac + ',model=virtio -net bridge,br=' + bridge + ' -vga std -nographic -vnc :' + str(vnc) + ' -m size=' + str(memory) + 'G -device virtio-rng-pci\n')
|
||||
vmfile.write('ExecReload=/bin/kill -HUP $MAINPID\n')
|
||||
vmfile.write('KillMode=process\n')
|
||||
vmfile.write('Restart=always\n')
|
||||
@ -84,7 +84,7 @@ def GenerateFiles(file):
|
||||
|
||||
# Add service files for each host
|
||||
WriteVMFile(content,'managed','virtual')
|
||||
WriteVMFile(content,'unmanaged','ovas',
|
||||
WriteVMFile(content,'unmanaged','ovas')
|
||||
WriteVMFile(content,'unmanaged','test_ovas')
|
||||
|
||||
if __name__ == '__main__':
|
||||
|
63
bin/kapisi_lib.py
Normal file
63
bin/kapisi_lib.py
Normal file
@ -0,0 +1,63 @@
|
||||
import re
|
||||
import yaml
|
||||
from types import SimpleNamespace
|
||||
from yamlpath.common import Parsers
|
||||
from yamlpath.wrappers import ConsolePrinter
|
||||
from yamlpath import Processor
|
||||
from yamlpath import YAMLPath
|
||||
from yamlpath.exceptions import YAMLPathException
|
||||
|
||||
def TrackIPEntries(yaml_file,searchstring='all.children.**.ip'):
|
||||
### Try to parse an Ansible inventory for hosts with the 'ip' attribute.
|
||||
# param file: the file to parse
|
||||
# return: a populated entry set in form [{Host,[ip,mac]},...]
|
||||
|
||||
# Borrowing from upstream author's example at https://pypi.org/project/yamlpath/
|
||||
|
||||
entryset = {}
|
||||
|
||||
# The various classes of this library must be able to write messages somewhere
|
||||
# when things go bad.
|
||||
#logging_args = SimpleNamespace(quiet=True, verbose=False, debug=False)
|
||||
logging_args = SimpleNamespace(quiet=True, verbose=True, debug=True)
|
||||
log = ConsolePrinter(logging_args)
|
||||
|
||||
# Prep the YAML parser
|
||||
yaml = Parsers.get_yaml_editor()
|
||||
(yaml_data, doc_loaded) = Parsers.get_yaml_data(yaml, log, yaml_file)
|
||||
if not doc_loaded:
|
||||
exit(1)
|
||||
processor = Processor(log, yaml_data)
|
||||
|
||||
yaml_path = YAMLPath(searchstring)
|
||||
|
||||
# Create a regex pattern to remove the end of the path
|
||||
ippattern = re.compile('\.ip$')
|
||||
try:
|
||||
for node_coordinate in processor.get_nodes(yaml_path, mustexist=True):
|
||||
# Strip the path to the host entry.
|
||||
path = ippattern.sub("",str(node_coordinate.path))
|
||||
# Pull the IP
|
||||
ip = str(node_coordinate.node)
|
||||
# Pull the hosname
|
||||
splitpath = path.split('.')
|
||||
hostname = splitpath[len(splitpath)-1]
|
||||
#print("Got {} from '{}''.".format(ip,path))
|
||||
|
||||
# Path the MAC
|
||||
mac_yaml_path = YAMLPath(path+".mac")
|
||||
mac=""
|
||||
try:
|
||||
for node_coordinate in processor.get_nodes(mac_yaml_path, mustexist=True):
|
||||
mac = str(node_coordinate.node)
|
||||
except YAMLPathException as ex:
|
||||
log.error(ex)
|
||||
|
||||
# Add the host to the entryset.
|
||||
entryset.update({ hostname : [ip,mac] })
|
||||
|
||||
except YAMLPathException as ex:
|
||||
log.error(ex)
|
||||
|
||||
finally:
|
||||
return entryset
|
@ -21,7 +21,7 @@ function usage() {
|
||||
# Show helptext
|
||||
# param retcode: what to exit
|
||||
retcode="$1"
|
||||
echo "Usage: $0 [ -o offset ] [-g group ] -i inventory.yml"
|
||||
echo "Usage: $0 [ -o offset ] [-g group ] [-i inventory.yml]"
|
||||
echo " $0 -h"
|
||||
echo "Group is optional -- add it if you only want to look at a specific subset."
|
||||
echo "Add -v for verbosity."
|
||||
@ -78,8 +78,7 @@ if [ "$(basename $0)" == "tmux-hosts" ]; then
|
||||
done
|
||||
|
||||
if [ -z "$inventory" ]; then
|
||||
echo Need an inventory.
|
||||
usage 2;
|
||||
inventory=$(grep -E ^inventory ~/.ansible.cfg | cut -f 2 -d '=')
|
||||
fi
|
||||
|
||||
tmuxHosts $(ansible -i "$inventory" --list-hosts "$group"\
|
||||
|
@ -1,7 +1,9 @@
|
||||
all:
|
||||
vars:
|
||||
# Environment-wide data
|
||||
external_domain: aninix.net
|
||||
external_domain: "aninix.net"
|
||||
external_subdomains: "cyberbrain foundation irc lykos maat password sharingan singularity superintendent www yggdrasil"
|
||||
hosted_domains: "travelpawscvt.com"
|
||||
replica_domain: "MSN0.AniNIX.net"
|
||||
time_zone: "America/Chicago"
|
||||
# Services used by all
|
||||
@ -19,60 +21,94 @@ all:
|
||||
ansible_become_method: sudo
|
||||
ansible_become_user: root
|
||||
static: false
|
||||
wireless_ssid: 'Shadowfeed'
|
||||
wireless_ssid: 'Shadownet'
|
||||
ansible_python_interpreter: auto_silent
|
||||
ldap:
|
||||
server: "10.0.1.3"
|
||||
orgdn: "dc=aninix,dc=net"
|
||||
binduser: 'binduser'
|
||||
userou: 'ou=People'
|
||||
groupou: 'ou=Group'
|
||||
filter: '(&(objectClass=person)(!(pwdReset=TRUE)))'
|
||||
organization: # Information about the group
|
||||
admin: 'DarkFeather'
|
||||
email: 'ircs://irc.aninix.net:6697/DarkFeather'
|
||||
displayname: 'AniNIX'
|
||||
gpgkey: '904DE6275579CB589D85720C1CC1E3F4ED06F296'
|
||||
ssl: # Standard SSL cryptographic standards
|
||||
identity: 'aninix.net-0001' # The Let's Encrypt identity to use
|
||||
identity: 'aninix.net-0002' # The Let's Encrypt identity to use
|
||||
ciphersuite: "!NULL:!SSLv2:!SSLv3:!TLSv1:EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"
|
||||
children:
|
||||
managed:
|
||||
children:
|
||||
physical: # 10.0.1.0/28
|
||||
hosts:
|
||||
Nazara:
|
||||
Chappaai:
|
||||
ipinterface: eth0
|
||||
ip: 10.0.1.2
|
||||
mac: B8:27:EB:B6:AA:0C
|
||||
static: true
|
||||
Core:
|
||||
ipinterface: enp1s0f0
|
||||
ip: 10.0.1.3
|
||||
mac: 00:25:90:0d:6e:86
|
||||
static: true
|
||||
sslidentity: aninix.net-0001
|
||||
secdetection: true
|
||||
iptv_location: "Milwaukee|Madison"
|
||||
aether_source: true
|
||||
Node0:
|
||||
ipinterface: enp1s0f0
|
||||
ip: 10.0.1.4
|
||||
mac: DE:8B:9E:19:55:1D
|
||||
tap: true
|
||||
Node1:
|
||||
ipinterface: enp1s0f0
|
||||
ip: 10.0.1.5
|
||||
mac: B0:41:6F:0D:47:E1
|
||||
tap: true
|
||||
Node2:
|
||||
ipinterface: enp1s0f0
|
||||
ip: 10.0.1.7
|
||||
mac: B0:41:6F:0D:41:D1
|
||||
tap: true
|
||||
Node3:
|
||||
ipinterface: enp1s0f0
|
||||
ip: 10.0.1.8
|
||||
mac: B0:41:6F:0D:51:0E
|
||||
tap: true
|
||||
children:
|
||||
Node:
|
||||
hosts:
|
||||
Node1:
|
||||
ipinterface: enp1s0
|
||||
ip: 10.0.1.5
|
||||
mac: FA:EC:43:87:4D:2D
|
||||
tap: true
|
||||
ups: 'aps'
|
||||
active_vms:
|
||||
- Yggdrasil
|
||||
Node2:
|
||||
ipinterface: enp1s0
|
||||
ip: 10.0.1.7
|
||||
mac: 56:02:ef:2c:1f:7c
|
||||
tap: true
|
||||
active_vms:
|
||||
- DarkNet
|
||||
- Maat
|
||||
- Sharingan
|
||||
- Superintendent
|
||||
Node3:
|
||||
ipinterface: enp1s0
|
||||
ip: 10.0.1.8
|
||||
mac: B2:C6:2C:02:B2:6E
|
||||
tap: true
|
||||
active_vms:
|
||||
- TDS-Jump
|
||||
Geth:
|
||||
hosts:
|
||||
Geth0:
|
||||
ipinterface: eth0
|
||||
ip: 10.0.1.9
|
||||
mac: 84:16:F9:14:15:C5
|
||||
static: true
|
||||
k3s_primary: true
|
||||
Geth1:
|
||||
ipinterface: eth0
|
||||
ip: 10.0.1.10
|
||||
mac: E4:5F:01:01:FF:9C
|
||||
static: true
|
||||
Geth2:
|
||||
ipinterface: eth0
|
||||
ip: 10.0.1.11
|
||||
mac: E4:5F:01:01:FF:D5
|
||||
static: true
|
||||
Geth3:
|
||||
ipinterface: eth0
|
||||
ip: 10.0.1.12
|
||||
mac: E4:5F:01:01:FF:96
|
||||
static: true
|
||||
Geth4:
|
||||
ipinterface: eth0
|
||||
ip: 10.0.1.13
|
||||
mac: E4:5F:01:01:FF:E4
|
||||
static: true
|
||||
Geth5:
|
||||
ipinterface: eth0
|
||||
ip: 10.0.1.14
|
||||
mac: B8:27:EB:B6:AA:0D
|
||||
static: true
|
||||
virtual: # 10.0.1.16/28
|
||||
vars:
|
||||
hosts:
|
||||
@ -87,18 +123,20 @@ all:
|
||||
uefi: true
|
||||
siem: true
|
||||
disks:
|
||||
- '-drive format=raw,index=0,media=disk,file=/dev/sdb'
|
||||
- '-drive format=raw,index=0,media=disk,file=/dev/sdc'
|
||||
# On hold because of https://aninix.net/DarkFeather/MSN0/issues/6
|
||||
holdpkg: "elasticsearch graylog mongodb44-bin mongodb-tools-bin"
|
||||
DarkNet:
|
||||
ipinterface: ens3
|
||||
ip: 10.0.1.17
|
||||
mac: 00:15:5D:01:02:05
|
||||
cores: 2
|
||||
memory: 2
|
||||
cores: 4
|
||||
memory: 4
|
||||
vnc: 9
|
||||
bridge: br0
|
||||
disks:
|
||||
- '-drive format=raw,index=0,media=disk,file=/dev/sdd'
|
||||
- '-drive format=raw,index=0,media=disk,file=/dev/sdb'
|
||||
wolfpack_config: 'gitea@foundation.aninix.net:DarkFeather/WolfPack-Config.git'
|
||||
Maat:
|
||||
ip: 10.0.1.18
|
||||
ipinterface: ens3
|
||||
@ -106,26 +144,45 @@ all:
|
||||
cores: 2
|
||||
memory: 2
|
||||
bridge: br0
|
||||
vscan_enabled: true
|
||||
vnc: 7
|
||||
disks:
|
||||
- '-drive format=qcow2,l2-cache-size=8M,file=/srv/maat/vm/Maat.qcow2'
|
||||
|
||||
geth_hubs: # 10.0.1.32/28
|
||||
- '-drive format=qcow2,l2-cache-size=8M,file=/mnt/cage2/vm/Maat.qcow2'
|
||||
Yggdrasil:
|
||||
ipinterface: ens3
|
||||
ip: 10.0.1.3
|
||||
mac: 00:25:90:0d:6e:86
|
||||
static: true
|
||||
sslidentity: aninix.net-0001
|
||||
secdetection: true
|
||||
iptv_location: "Milwaukee|Madison"
|
||||
aether_source: true
|
||||
cores: 8
|
||||
memory: 16
|
||||
bridge: br0
|
||||
vnc: 1
|
||||
vscan_enabled: true
|
||||
disks:
|
||||
- '-drive format=raw,index=0,media=disk,file=/dev/sda'
|
||||
- '-drive format=raw,index=0,media=disk,file=/dev/sdb'
|
||||
- '-drive format=raw,index=0,media=disk,file=/dev/sdc'
|
||||
- '-drive format=raw,index=0,media=disk,file=/dev/sdd'
|
||||
Vergil: # 10.0.1.32/28
|
||||
vars:
|
||||
motion_enabled: yes
|
||||
hosts:
|
||||
Geth-Hub-1:
|
||||
Vergil1:
|
||||
ip: 10.0.1.32
|
||||
mac: 84:16:F9:14:15:C5
|
||||
mac: b8:27:eb:9a:73:dd
|
||||
rotate: 0
|
||||
remote: NS-RC4NA-14
|
||||
Geth-Hub-2:
|
||||
Vergil2:
|
||||
ip: 10.0.1.33
|
||||
mac: 84:16:F9:13:B6:E6
|
||||
motion_enabled: no
|
||||
rotate: 180
|
||||
remote: NS-RC4NA-14
|
||||
Geth-Hub-3:
|
||||
Vergil3:
|
||||
ip: 10.0.1.34
|
||||
mac: b8:27:eb:60:73:68
|
||||
rotate: 90
|
||||
@ -135,7 +192,7 @@ all:
|
||||
# Both OVA groups are in the same subnet -- test_ovas aren't monitored
|
||||
ovas: # 10.0.1.48/28
|
||||
hosts:
|
||||
Geth:
|
||||
Superintendent:
|
||||
ip: 10.0.1.49
|
||||
mac: DE:8B:9E:19:55:1E
|
||||
cores: 2
|
||||
@ -144,7 +201,7 @@ all:
|
||||
bridge: br0
|
||||
uefi: true
|
||||
disks:
|
||||
- '-drive format=qcow2,l2-cache-size=8M,file=/srv/maat/vm/hassos_ova-5.13.qcow2'
|
||||
- '-drive format=qcow2,l2-cache-size=8M,file=/mnt/cage2/vm/hassos_ova-5.13.qcow2'
|
||||
test_ovas: # 10.0.1.48/28
|
||||
hosts:
|
||||
TDS-Jump:
|
||||
@ -155,7 +212,7 @@ all:
|
||||
vnc: 4
|
||||
bridge: br0
|
||||
disks:
|
||||
- '-drive format=qcow2,l2-cache-size=8M,file=/srv/maat/vm/TDSJump.qcow2'
|
||||
- '-drive format=qcow2,l2-cache-size=8M,file=/srv/node/vm/TDSJump.qcow2'
|
||||
DedNet:
|
||||
ip: 10.0.1.50
|
||||
mac: 00:15:5d:01:02:09
|
||||
@ -164,7 +221,7 @@ all:
|
||||
vnc: 3
|
||||
bridge: br0
|
||||
disks:
|
||||
- '-drive format=qcow2,l2-cache-size=8M,file=/srv/maat/vm/DedNet.qcow2'
|
||||
- '-drive format=qcow2,l2-cache-size=8M,file=/mnt/cage2/vm/DedNet.qcow2'
|
||||
- '-cdrom /srv/maat/iso/kali-linux.iso -boot order=d'
|
||||
Aether:
|
||||
ip: 10.0.1.51
|
||||
@ -185,7 +242,7 @@ all:
|
||||
bridge: br0
|
||||
vnc: 10
|
||||
disks:
|
||||
- '-drive format=qcow2,l2-cache-size=8M,file=/srv/maat/vm/test1.qcow2'
|
||||
- '-drive format=qcow2,l2-cache-size=8M,file=/mnt/cage2/vm/test1.qcow2'
|
||||
test2:
|
||||
ip: 10.0.1.53
|
||||
ipinterface: ens3
|
||||
@ -195,7 +252,7 @@ all:
|
||||
bridge: br0
|
||||
vnc: 11
|
||||
disks:
|
||||
- '-drive format=qcow2,l2-cache-size=8M,file=/srv/maat/vm/test2.qcow2'
|
||||
- '-drive format=qcow2,l2-cache-size=8M,file=/mnt/cage2/vm/test2.qcow2'
|
||||
test3:
|
||||
ip: 10.0.1.54
|
||||
ipinterface: ens3
|
||||
@ -205,11 +262,11 @@ all:
|
||||
bridge: br0
|
||||
vnc: 12
|
||||
disks:
|
||||
- '-drive format=qcow2,l2-cache-size=8M,file=/srv/maat/vm/test3.qcow2'
|
||||
- '-drive format=qcow2,l2-cache-size=8M,file=/mnt/cage2/vm/test3.qcow2'
|
||||
# appliances are monitored -- adhoc_appliances are convenience only and not monitored.
|
||||
appliances:
|
||||
hosts: # 10.0.1.64/27
|
||||
Shadowfeed: # Router must be at root
|
||||
Shadownet: # Router must be at root
|
||||
ip: 10.0.1.1
|
||||
mac: 2c:30:33:64:f4:03
|
||||
Print: # Print is excepted for legacy setup reasons before we laid out subnets.
|
||||
@ -218,21 +275,21 @@ all:
|
||||
Geth-Eyes:
|
||||
ip: 10.0.1.68
|
||||
mac: 9C:A3:AA:33:A3:99
|
||||
"Core-Console":
|
||||
ip: 10.0.1.74
|
||||
mac: 00:25:90:0D:82:5B
|
||||
"Node0-Console":
|
||||
ip: 10.0.1.75
|
||||
mac: 00:25:90:3E:C6:8C
|
||||
# "Core-Console":
|
||||
# ip: 10.0.1.74
|
||||
# mac: 00:25:90:0D:82:5B
|
||||
# "Node0-Console":
|
||||
# ip: 10.0.1.75
|
||||
# mac: 00:25:90:3E:C6:8C
|
||||
adhoc_appliances:
|
||||
hosts: # 10.0.1.64/27
|
||||
DarkFeather:
|
||||
ip: 10.0.1.64
|
||||
mac: D0:40:EF:D4:14:CF
|
||||
mac: f4:2b:8c:10:31:44
|
||||
Lykos:
|
||||
ip: 10.0.1.65
|
||||
mac: 70:74:14:4F:8E:42
|
||||
Games:
|
||||
Node0:
|
||||
ip: 10.0.1.66
|
||||
mac: E0:BE:03:77:0E:88
|
||||
LivingRoomTV:
|
||||
@ -244,24 +301,25 @@ all:
|
||||
TrainingRoomTV:
|
||||
ip: 10.0.1.71
|
||||
mac: 80:D2:1D:17:63:10
|
||||
Tachikoma:
|
||||
BT:
|
||||
ip: 10.0.1.72
|
||||
mac: 90:0f:0c:1a:d3:23
|
||||
Dedsec:
|
||||
mac: 8A:00:AA:7F:DF:D1
|
||||
DedSec:
|
||||
ip: 10.0.1.73
|
||||
mac: 34:F6:4B:36:12:8F
|
||||
# dhcp build space: 10.0.1.224/27
|
||||
iot: # 10.0.2.0/24
|
||||
hosts:
|
||||
LinKeuei:
|
||||
LivingRoomRegulator:
|
||||
ip: 10.0.2.2
|
||||
mac: 64:16:66:08:57:F5
|
||||
Canary:
|
||||
Monitor:
|
||||
ip: 10.0.2.3
|
||||
mac: 18:B4:30:2F:F1:37
|
||||
Charon:
|
||||
Gatekeeper:
|
||||
ip: 10.0.2.4
|
||||
mac: 64:52:99:14:28:2B
|
||||
Skitarii-1:
|
||||
# CaretakerAlpha has no network
|
||||
CaretakerBravo:
|
||||
ip: 10.0.2.5
|
||||
mac: 40:9F:38:95:06:34
|
||||
|
@ -34,7 +34,7 @@
|
||||
- SSH
|
||||
- Sharingan
|
||||
|
||||
- hosts: Core
|
||||
- hosts: Yggdrasil
|
||||
order: sorted
|
||||
serial: "{{ threads | default('16') }}"
|
||||
gather_facts: true
|
||||
@ -46,6 +46,9 @@
|
||||
- SSL
|
||||
- WebServer
|
||||
- IRC
|
||||
- WolfPack
|
||||
- Foundation
|
||||
- Yggrasil
|
||||
|
||||
- hosts: geth_hubs
|
||||
order: sorted
|
||||
@ -57,7 +60,7 @@
|
||||
roles:
|
||||
- Geth-Hub
|
||||
|
||||
- hosts: Node0
|
||||
- hosts: Node1,Node2,Node3
|
||||
order: sorted
|
||||
serial: "{{ threads | default('16') }}"
|
||||
gather_facts: true
|
||||
@ -77,3 +80,4 @@
|
||||
- "{{ lookup('env', 'ANSIBLE_VAULT_FILE') }}"
|
||||
roles:
|
||||
- DarkNet
|
||||
- WolfPack
|
||||
|
@ -9,36 +9,23 @@
|
||||
# Patch then restart a node
|
||||
#
|
||||
#
|
||||
- hosts: physical,virtual
|
||||
- hosts: "{{ targets | default('virtual') }}"
|
||||
order: sorted
|
||||
serial: 4
|
||||
vars:
|
||||
ansible_become: yes
|
||||
ansible_become_method: sudo
|
||||
roles:
|
||||
- patching
|
||||
|
||||
- hosts: physical
|
||||
order: sorted
|
||||
serial: 4
|
||||
vars:
|
||||
ansible_become: yes
|
||||
ansible_become_method: sudo
|
||||
tasks:
|
||||
- package:
|
||||
name: archlinux-keyring
|
||||
state: latest
|
||||
|
||||
- hosts: virtual,geth-hubs
|
||||
order: sorted
|
||||
serial: 4
|
||||
vars:
|
||||
ansible_become: yes
|
||||
ansible_become_method: sudo
|
||||
vars_files:
|
||||
- "{{ lookup('env', 'ANSIBLE_VAULT_FILE') }}"
|
||||
roles:
|
||||
- patching
|
||||
|
||||
- hosts: physical
|
||||
order: sorted
|
||||
ignore_unreachable: true
|
||||
serial: 4
|
||||
vars:
|
||||
ansible_become: yes
|
||||
ansible_become_method: sudo
|
||||
vars_files:
|
||||
- "{{ lookup('env', 'ANSIBLE_VAULT_FILE') }}"
|
||||
roles:
|
||||
- patching
|
||||
- include_role:
|
||||
name: patching
|
||||
when: targets is unset
|
||||
|
33
playbooks/rebuild-pacman-keyring.yml
Normal file
33
playbooks/rebuild-pacman-keyring.yml
Normal file
@ -0,0 +1,33 @@
|
||||
---
|
||||
|
||||
- hosts: "{{ targets | default('all') }}"
|
||||
become: true
|
||||
gather_facts: false
|
||||
|
||||
tasks:
|
||||
|
||||
- name: Clean
|
||||
command: rm -Rf /etc/pacman.d/gnupg
|
||||
|
||||
- name: Initialize keyring
|
||||
command: /usr/bin/pacman-key --init
|
||||
|
||||
- name: Add ArchLinux
|
||||
command: /usr/bin/pacman-key --populate archlinux
|
||||
|
||||
- name: Add AniNIX
|
||||
command: /usr/bin/pacman-key --populate aninix
|
||||
|
||||
- name: Locally sign AniNIX
|
||||
command: /usr/bin/pacman-key --lsign 904DE6275579CB589D85720C1CC1E3F4ED06F296
|
||||
|
||||
- name: Update DB
|
||||
command: /usr/bin/pacman-key --updatedb
|
||||
|
||||
- name: Update packages
|
||||
pacman:
|
||||
name:
|
||||
- archlinux-keyring
|
||||
- ShadowArch
|
||||
state: latest
|
||||
update_cache: true
|
12
precommit-hooks/ensure-apps-are-short
Executable file
12
precommit-hooks/ensure-apps-are-short
Executable file
@ -0,0 +1,12 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Webserver apps directory should be short -- apps that fail this category should become their own.
|
||||
|
||||
retcode=0
|
||||
for file in `find roles/WebServer/files/apps -type f`; do
|
||||
if [[ $(wc -l "$file" | awk '{ print $1; }') -gt 10 ]]; then
|
||||
echo "$file" is too long to be deployed as a mini-app under the WebServer role.
|
||||
retcode=1
|
||||
fi
|
||||
done
|
||||
exit $retcode
|
7
precommit-hooks/playbook-lint-check
Executable file
7
precommit-hooks/playbook-lint-check
Executable file
@ -0,0 +1,7 @@
|
||||
#!/bin/bash
|
||||
|
||||
# pre-commit hook to use ansible-lint to check our playbooks.
|
||||
|
||||
for file in `find ../playbooks/ -type f`; do
|
||||
ansible-lint "$file"
|
||||
done
|
7
roles/Aether/README.md
Normal file
7
roles/Aether/README.md
Normal file
@ -0,0 +1,7 @@
|
||||
See [AniNIX/Aether](/AniNIX/Aether) for complete details of the tool.
|
||||
|
||||
Role requirements:
|
||||
* `secrets['Aether']` in Vault
|
||||
* A YAML list of nodes under the key `Aether_nodes` in Vault
|
||||
* A host called 'Core' to act as the source
|
||||
* 22/tcp/sftp access through firewalls to the Core host from any clients
|
@ -0,0 +1,3 @@
|
||||
#!/bin/bash
|
||||
### Gitea ###
|
||||
tar cvzf "$BACKUPDIR"/gitea.tgz /var/lib/gitea/data
|
@ -0,0 +1,3 @@
|
||||
#!/bin/bash
|
||||
### Grimoire ###
|
||||
sudo -u postgres pg_dumpall > "$BACKUPDIR"/grimoire.sql
|
@ -0,0 +1,3 @@
|
||||
#!/bin/bash
|
||||
### IRC Services ###
|
||||
cp /opt/anope/data/anope.db "$BACKUPDIR"
|
@ -0,0 +1,9 @@
|
||||
#!/bin/bash
|
||||
### Wiki ###
|
||||
mkdir "$BACKUPDIR"/wiki/
|
||||
for i in `find /usr/share/webapps/ -maxdepth 1 -type d | grep mediawiki`; do
|
||||
foldername="$(echo "$i" | rev | cut -f 1 -d '/' | rev)"
|
||||
dbname="$(grep '^\$wgDBname' "$i"/LocalSettings.php | cut -f 2 -d \")"
|
||||
$BACKUPCMD "${i}"/LocalSettings.php "$BACKUPDIR"/wiki/"$foldername"-localsettings.php
|
||||
sudo -u postgres pg_dump "$dbname" > "$BACKUPDIR"/wiki/"$dbname".psql
|
||||
done
|
@ -0,0 +1,3 @@
|
||||
#!/bin/bash
|
||||
### Yggdrasil -- File & SHA list only for space reasons ###
|
||||
cp /srv/yggdrasil/library.sha256 "$BACKUPDIR"/yggdrasil.library.sha256
|
146
roles/Aether/files/yggdrasil-check.conf
Normal file
146
roles/Aether/files/yggdrasil-check.conf
Normal file
@ -0,0 +1,146 @@
|
||||
# Example configuration file for AIDE.
|
||||
# More information about configuration options available in the aide.conf manpage.
|
||||
@@define DBDIR /var/lib/aide
|
||||
@@define LOGDIR /var/log/aide
|
||||
|
||||
# The location of the database to be read.
|
||||
database_in=file:@@{DBDIR}/aide.db.gz
|
||||
|
||||
# The location of the database to be written.
|
||||
#database_out=sql:host:port:database:login_name:passwd:table
|
||||
#database_out=file:aide.db.new
|
||||
database_out=file:@@{DBDIR}/aide.db.new.gz
|
||||
|
||||
# Whether to gzip the output to database
|
||||
gzip_dbout=yes
|
||||
|
||||
# Default.
|
||||
log_level=warning
|
||||
report_level=changed_attributes
|
||||
|
||||
report_url=file:@@{LOGDIR}/aide.log
|
||||
report_url=stdout
|
||||
#report_url=stderr
|
||||
#
|
||||
# Here are all the attributes we can check
|
||||
#p: permissions
|
||||
#i: inode
|
||||
#n: number of links
|
||||
#l: link name
|
||||
#u: user
|
||||
#g: group
|
||||
#s: size
|
||||
###b: block count
|
||||
#m: mtime
|
||||
#a: atime
|
||||
#c: ctime
|
||||
#S: check for growing size
|
||||
#I: ignore changed filename
|
||||
#ANF: allow new files
|
||||
#ARF: allow removed files
|
||||
#
|
||||
|
||||
# Here are all the digests we can use
|
||||
#md5: md5 checksum
|
||||
#sha1: sha1 checksum
|
||||
#sha256: sha256 checksum
|
||||
#sha512: sha512 checksum
|
||||
#rmd160: rmd160 checksum
|
||||
#tiger: tiger checksum
|
||||
#haval: haval checksum
|
||||
#crc32: crc32 checksum
|
||||
#gost: gost checksum
|
||||
#whirlpool: whirlpool checksum
|
||||
|
||||
# These are the default rules
|
||||
#R: p+i+l+n+u+g+s+m+c+md5
|
||||
#L: p+i+l+n+u+g
|
||||
#E: Empty group
|
||||
#>: Growing logfile p+l+u+g+i+n+S
|
||||
|
||||
# You can create custom rules - my home made rule definition goes like this
|
||||
ALLXTRAHASHES = sha1+rmd160+sha256+sha512+whirlpool+tiger+haval+gost+crc32
|
||||
ALLXTRAHASHES = sha1+rmd160+sha256+sha512+tiger
|
||||
# Everything but access time (Ie. all changes)
|
||||
EVERYTHING = R+ALLXTRAHASHES
|
||||
|
||||
# Sane, with multiple hashes
|
||||
# NORMAL = R+rmd160+sha256+whirlpool
|
||||
NORMAL = R+rmd160+sha256
|
||||
|
||||
# For directories, don't bother doing hashes
|
||||
DIR = p+i+n+u+g+acl+xattrs
|
||||
|
||||
# Access control only
|
||||
PERMS = p+i+u+g+acl
|
||||
|
||||
# Logfile are special, in that they often change
|
||||
LOG = >
|
||||
|
||||
# Just do md5 and sha256 hashes
|
||||
LSPP = R+sha256
|
||||
|
||||
# Some files get updated automatically, so the inode/ctime/mtime change
|
||||
# but we want to know when the data inside them changes
|
||||
DATAONLY = p+n+u+g+s+acl+xattrs+md5+sha256+rmd160+tiger
|
||||
|
||||
|
||||
# Next decide what directories/files you want in the database.
|
||||
|
||||
/boot NORMAL
|
||||
/bin NORMAL
|
||||
/sbin NORMAL
|
||||
/lib NORMAL
|
||||
/lib64 NORMAL
|
||||
/opt NORMAL
|
||||
/usr NORMAL
|
||||
/root NORMAL
|
||||
# These are too volatile
|
||||
!/usr/src
|
||||
!/usr/tmp
|
||||
|
||||
# Check only permissions, inode, user and group for /etc, but
|
||||
# cover some important files closely.
|
||||
/etc PERMS
|
||||
!/etc/mtab
|
||||
# Ignore backup files
|
||||
!/etc/.*~
|
||||
/etc/exports NORMAL
|
||||
/etc/fstab NORMAL
|
||||
/etc/passwd NORMAL
|
||||
/etc/group NORMAL
|
||||
/etc/gshadow NORMAL
|
||||
/etc/shadow NORMAL
|
||||
/etc/security/opasswd NORMAL
|
||||
|
||||
/etc/hosts.allow NORMAL
|
||||
/etc/hosts.deny NORMAL
|
||||
|
||||
/etc/sudoers NORMAL
|
||||
/etc/skel NORMAL
|
||||
|
||||
/etc/logrotate.d NORMAL
|
||||
|
||||
/etc/resolv.conf DATAONLY
|
||||
|
||||
/etc/nscd.conf NORMAL
|
||||
/etc/securetty NORMAL
|
||||
|
||||
# Shell/X starting files
|
||||
/etc/profile NORMAL
|
||||
/etc/bashrc NORMAL
|
||||
/etc/bash_completion.d/ NORMAL
|
||||
/etc/login.defs NORMAL
|
||||
/etc/zprofile NORMAL
|
||||
/etc/zshrc NORMAL
|
||||
/etc/zlogin NORMAL
|
||||
/etc/zlogout NORMAL
|
||||
/etc/profile.d/ NORMAL
|
||||
/etc/X11/ NORMAL
|
||||
|
||||
# Ignore logs
|
||||
!/var/lib/pacman/.*
|
||||
!/var/cache/.*
|
||||
!/var/log/.*
|
||||
!/var/run/.*
|
||||
!/var/spool/.*
|
27
roles/Aether/tasks/client.yml
Normal file
27
roles/Aether/tasks/client.yml
Normal file
@ -0,0 +1,27 @@
|
||||
---
|
||||
|
||||
- name: Copy the key
|
||||
become: true
|
||||
copy:
|
||||
dest: /home/aether/.ssh/aether
|
||||
content: "{{ aether_key.stdout }}"
|
||||
|
||||
- name: Copy the public key
|
||||
become: true
|
||||
copy:
|
||||
dest: /home/aether/.ssh/aether.pub
|
||||
content: "{{ aether_key.stdout }}"
|
||||
|
||||
- name: Enable the service
|
||||
become: yes
|
||||
service:
|
||||
name: aether.timer
|
||||
state: enabled
|
||||
running: yes
|
||||
|
||||
- name: Enable the service - 2
|
||||
become: yes
|
||||
service:
|
||||
name: aether-gen.timer
|
||||
state: disabled
|
||||
running: no
|
64
roles/Aether/tasks/main.yml
Normal file
64
roles/Aether/tasks/main.yml
Normal file
@ -0,0 +1,64 @@
|
||||
---
|
||||
|
||||
- name: Install the package
|
||||
become: true
|
||||
ignore_errors: true
|
||||
package:
|
||||
name: Aether
|
||||
state: present
|
||||
|
||||
- name: Validate the user
|
||||
vars:
|
||||
service_account: aether
|
||||
include_tasks: ../roles/common/service_account.yml
|
||||
|
||||
- name: Ensure the Aether identity is protected.
|
||||
become: true
|
||||
file:
|
||||
path: "{{ item }}"
|
||||
state: directory
|
||||
owner: aether
|
||||
group: aether
|
||||
mode: 0700
|
||||
loop:
|
||||
- /home/aether/.ssh
|
||||
- /usr/local/etc/Aether
|
||||
- /usr/local/etc/Aether/backup-entries
|
||||
- /usr/local/backup
|
||||
|
||||
- name: Ensure the Aether identity exists
|
||||
delegate_to: Core # Core will track the identity that will then be shared to everyone else.
|
||||
become: true
|
||||
command:
|
||||
creates: /home/aether/.ssh/aether
|
||||
chdir: /home/aether/.ssh/
|
||||
cmd: ssh-keygen -t ed25519 -N "" -f ./aether
|
||||
|
||||
- name: Read the Aether identity
|
||||
become: true
|
||||
delegate_to: Core
|
||||
command: cat /home/aether/.ssh/aether
|
||||
register: aether_key
|
||||
|
||||
- name: Read the Aether public identity
|
||||
become: true
|
||||
delegate_to: Core
|
||||
command: cat /home/aether/.ssh/aether.pub
|
||||
register: aether_pubkey
|
||||
|
||||
- include_tasks: source.yml
|
||||
when: "{{ inventory_hostname }} is 'Core'"
|
||||
|
||||
- include_tasks: client.yml
|
||||
when: "{{ inventory_hostname }} is 'Core'"
|
||||
|
||||
- name: Ensure the Aether identity files are protected.
|
||||
become: true
|
||||
file:
|
||||
path: "{{ item }}"
|
||||
owner: aether
|
||||
group: aether
|
||||
mode: 0600
|
||||
loop:
|
||||
- /home/aether/.ssh/aether
|
||||
- /home/aether/.ssh/aether.pub
|
42
roles/Aether/tasks/source.yml
Normal file
42
roles/Aether/tasks/source.yml
Normal file
@ -0,0 +1,42 @@
|
||||
---
|
||||
|
||||
- name: Copy the backup scripts
|
||||
become: yes
|
||||
copy:
|
||||
src: "backup-entries/{{ inventory_hostname }}"
|
||||
dest: "/usr/local/etc/Aether/backup-entries"
|
||||
owner: aether
|
||||
group: aether
|
||||
|
||||
- name: Seed the backup passphrase
|
||||
become: yes
|
||||
copy:
|
||||
content: "{{ passwords['Aether'] }}"
|
||||
dest: "/usr/local/etc/Aether/pass.txt"
|
||||
owner: aether
|
||||
group: aether
|
||||
mode: 0600
|
||||
|
||||
- name: Enable the generation service
|
||||
become: yes
|
||||
when: "{{ inventory_hostname }} == 'Core'"
|
||||
service:
|
||||
name: aether-gen.timer
|
||||
state: enabled
|
||||
running: yes
|
||||
|
||||
- name: Enable the generation service - 2
|
||||
become: yes
|
||||
when: "{{ inventory_hostname }} == 'Core'"
|
||||
service:
|
||||
name: aether.timer
|
||||
state: disabled
|
||||
running: no
|
||||
|
||||
- name: Set up the authorized_keys
|
||||
template:
|
||||
src: authorized_keys.j2
|
||||
dest: /home/aether/.ssh/authorized_keys
|
||||
mode: 0600
|
||||
owner: aether
|
||||
group: aether
|
18
roles/Chappaai/README.md
Normal file
18
roles/Chappaai/README.md
Normal file
@ -0,0 +1,18 @@
|
||||
A Chappaai host is a gateway to accessing other hosts. It is a safeguard against admin error.
|
||||
|
||||
## Etymology
|
||||
Chappaai hosts are named to follow the non-English naming of the Stargate network by the other denizens of the galaxy.
|
||||
|
||||
They are the first line of defense against administrative error -- similar to the way that [Stargate Command](https://stargate.fandom.com/wiki/Stargate_Command) was for Earth. They prevent admins from being locked out of correcting their changes and are connected to everything in the ecosystem. They also control DNS, which allows a sort of subliminal control of the entire ecosystem. This prevents infiltration by infections (similar to Goauld) and in fact can be the extinction of any DNS-enabled malware in the ecosystem by sinkholing the Command-and-Control.
|
||||
|
||||
## Capacity and Components
|
||||
A Chappaai host needs minimal CPU or memory.
|
||||
|
||||
## Hosted Services and Entities
|
||||
Chappaai should host a Pihole installation and [SSH](../Services/SSH.md). It should be linked by NAT to an obscure port to the outside world.
|
||||
|
||||
## Connections
|
||||
Any host should be able to connect to a Chappaai with SSH and X11, and it should be able to dial to any service provider.
|
||||
|
||||
## Additional Reference
|
||||
Chappaai hosts should be deployed alongside any Hypervisor. They can be as simple as a Pi-hole with SSH access, and they should be allowed to receive SSH connections from a non-tcp/22/ssh port.
|
@ -17,7 +17,7 @@
|
||||
|
||||
- name: Ensure pihole web admin password
|
||||
become: yes
|
||||
command: "pihole -a -p {{ passwords['Nazara'] }}"
|
||||
command: "pihole -a -p {{ passwords['Chappaai'] }}"
|
||||
# when: pihole_install.changed
|
||||
|
||||
- name: Generate DNS/DHCP from inventory
|
||||
@ -25,7 +25,7 @@
|
||||
run_once: true
|
||||
command: "python3 ../bin/generate-pihole-dns-dhcp.py {{ inventory_file }}"
|
||||
|
||||
- name: Nazara DNS
|
||||
- name: Chappaai DNS
|
||||
become: yes
|
||||
register: dns_updated
|
||||
copy:
|
||||
@ -35,7 +35,7 @@
|
||||
group: pihole
|
||||
mode: 0644
|
||||
|
||||
- name: Nazara DHCP
|
||||
- name: Chappaai DHCP
|
||||
become: yes
|
||||
register: dhcp_updated
|
||||
copy:
|
||||
@ -45,7 +45,7 @@
|
||||
group: root
|
||||
mode: 0644
|
||||
|
||||
- name: Nazara Configuration
|
||||
- name: Chappaai Configuration
|
||||
become: yes
|
||||
register: conf_updated
|
||||
copy:
|
||||
@ -56,7 +56,7 @@
|
||||
mode: 0644
|
||||
|
||||
|
||||
- name: Nazara DHCP Leases dir
|
||||
- name: Chappaai DHCP Leases dir
|
||||
become: yes
|
||||
file:
|
||||
path: /var/lib/misc/
|
||||
@ -65,7 +65,7 @@
|
||||
group: root
|
||||
mode: 0777
|
||||
|
||||
- name: Nazara DHCP Leases
|
||||
- name: Chappaai DHCP Leases
|
||||
become: yes
|
||||
file:
|
||||
path: /var/lib/misc/dnsmasq.leases
|
@ -1,12 +1,16 @@
|
||||
Cyberbrain is a way to ensure that so long as a person is connected to the Internet and authorized, they're able to connect to, use, and control the AniNIX. It's a web-based shell emulator for connecting to the system. It can serve as an alternative to using the [Terminal & SSH add-on](https://www.home-assistant.io/common-tasks/supervised/#installing-and-using-the-ssh-add-on-requires-enabling-advanced-mode-for-the-ha-user) for [AniNIX/Geth](../Geth/) in cases where a separate security posture is needed for each.
|
||||
Cyberbrain is a way to ensure that so long as a person is connected to the Internet and authorized, they're able to connect to, use, and control the AniNIX.
|
||||
|
||||
**Warning**: This is a fallback measure -- browsers are still inherently less secure than hard clients like [Git Bash](https://git-scm.com/download/win) or [OpenSSH](https://www.openssh.com/portable.html).
|
||||
It can serve as an alternative to using the [Terminal & SSH add-on](https://www.home-assistant.io/common-tasks/supervised/#installing-and-using-the-ssh-add-on-requires-enabling-advanced-mode-for-the-ha-user) for [AniNIX/Geth](../Geth/) in cases where a separate security posture is needed for each.
|
||||
|
||||
# Etymology
|
||||
A [cyberbrain](https://ghostintheshell.fandom.com/wiki/Cyberbrain) is a concept from the series *Ghost in the Shell*. It's the integration of a normal brain with electronic, usually networked components. Similarly, this app serves as a core bridge between the shell environment of the AniNIX and any authorized user.
|
||||
|
||||
# Relevant Files and Software
|
||||
This service uses a file, [/etc/conf.d/webssh](file:///etc/conf.d/webssh), to control the service. Additionally, there's a password file [/opt/openresty/nginx/passwords/cyberbrain.htpasswd](file:///opt/openresty/nginx/passwords/cyberbrain.htpasswd) that controls an initial authentication to the webserver socket.
|
||||
This service is deployed as a Docker image from [FileStash](https://www.filestash.app/docs/install-and-upgrade/). This image is pointed back at the AniNIX/Yggdrasil's SFTP service.
|
||||
|
||||
Configuration is done in [the app](http://10.0.1.8:8334/admin/). A unique password should be configured, and then the only authorized backend is SFTP with passthrough authentication on the 'username_and_password' strategy. The SFTP host is then jailed as AniNIX/Yggdrasil's internal IP and port, with the `{{ .user }}` and `{{ .password }}` attributes populated.
|
||||
|
||||
This app can be proxied to the outside world and protected by encryption & a web-application firewall. This happens through [a WebServer configuration file](/AniNIX/Ubiqtorate/src/branch/main/roles/WebServer/files/conf.d/Core/adhan.conf).
|
||||
|
||||
## Backups
|
||||
No backup is needed.
|
||||
|
@ -1,22 +0,0 @@
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
server_name cyberbrain.aninix.net;
|
||||
|
||||
include sec.conf;
|
||||
include default.csp.conf;
|
||||
include letsencrypt.conf;
|
||||
|
||||
location /
|
||||
{
|
||||
auth_basic "Cyberbrain";
|
||||
auth_basic_user_file ../passwords/cyberbrain.htpasswd;
|
||||
proxy_pass http://127.0.0.1:8822;
|
||||
proxy_http_version 1.1;
|
||||
proxy_read_timeout 300;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Real-PORT $remote_port;
|
||||
}
|
||||
}
|
@ -1,10 +0,0 @@
|
||||
[Unit]
|
||||
Description=AniNIX/Cyberbrain | SSH Web Front End, powered by python-webssh
|
||||
|
||||
[Service]
|
||||
User=webssh
|
||||
EnvironmentFile=/etc/conf.d/webssh
|
||||
ExecStart=/usr/bin/wssh $WEBSSH_ARGS
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
@ -1,71 +0,0 @@
|
||||
---
|
||||
- name: Install python-webssh
|
||||
become: yes
|
||||
package:
|
||||
name: python-webssh
|
||||
state: present
|
||||
|
||||
- name: Standardize the servicefile
|
||||
become: yes
|
||||
register: servicefile
|
||||
copy:
|
||||
src: cyberbrain.service
|
||||
dest: /usr/lib/systemd/system/cyberbrain.service
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
|
||||
- name: Ensure default webssh service file is off.
|
||||
become: yes
|
||||
service:
|
||||
name: webssh
|
||||
state: stopped
|
||||
enabled: no
|
||||
|
||||
- systemd:
|
||||
daemon_reload: true
|
||||
when: servicefile.changed
|
||||
become: yes
|
||||
|
||||
- name: Ensure service is restarted
|
||||
when: servicefile.changed
|
||||
become: yes
|
||||
service:
|
||||
name: cyberbrain.service
|
||||
enabled: yes
|
||||
state: started
|
||||
|
||||
- name: Ensure service is started
|
||||
when: not servicefile.changed
|
||||
become: yes
|
||||
service:
|
||||
name: cyberbrain.service
|
||||
enabled: yes
|
||||
state: started
|
||||
|
||||
- name: Add the webserver conf file
|
||||
become: yes
|
||||
register: webserver_conf
|
||||
copy:
|
||||
src: cyberbrain.conf
|
||||
dest: /opt/openresty/nginx/conf.d/cyberbrain.conf
|
||||
owner: root
|
||||
group: http
|
||||
mode: 0750
|
||||
|
||||
- name: Ensure the password file is seeded
|
||||
become: yes
|
||||
template:
|
||||
src: cyberbrain.htpasswd.j2
|
||||
dest: /opt/openresty/nginx/passwords/cyberbrain.htpasswd
|
||||
owner: root
|
||||
group: http
|
||||
mode: 0750
|
||||
|
||||
- name: Reload openresty
|
||||
become: yes
|
||||
when: webserver_conf.changed
|
||||
service:
|
||||
name: openresty.service
|
||||
state: reloaded
|
||||
|
@ -1 +0,0 @@
|
||||
cyberbrain:{PLAIN}{{ passwords.Cyberbrain }}
|
@ -52,7 +52,7 @@ a {
|
||||
| sed "s/$ROW/$ANINIXROW/gI" \
|
||||
| sed "s/$NAV/$ANINIXNAV/gI" \
|
||||
| sed "s/$HOVER/$ANINIXHOVER/gI" \
|
||||
| sed "s/$BGCOLOR/$ANINIXBG/gI" > /var/lib/gitea/custom/public/css/theme-aninix.css
|
||||
| sed "s/$BGCOLOR/$ANINIXBG/gI" > /var/lib/gitea/custom/public/assets/css/theme-aninix.css
|
||||
|
||||
cd /var/lib/gitea/web-snippets
|
||||
head="$(curl -ks https://aninix.net/ | grep -B 99999 -E '^<div class="home"')"
|
||||
@ -60,5 +60,5 @@ foot="$(curl -ks https://aninix.net/ | grep -A 99999 -E '<footer>')"
|
||||
for i in `find . -type f`; do
|
||||
(echo "$head"
|
||||
cat "$i"
|
||||
echo "$foot") > /var/lib/gitea/custom/public/"$i".html
|
||||
echo "$foot") > /var/lib/gitea/custom/public/assets/"$i".html
|
||||
done
|
||||
|
26
roles/Foundation/files/custom/public/assets/js/aninix.js
Normal file
26
roles/Foundation/files/custom/public/assets/js/aninix.js
Normal file
@ -0,0 +1,26 @@
|
||||
/* RSS Reading */
|
||||
function insertNewsSnippet(snippet,tag) {
|
||||
/* DOM XML handling has been too problematic, so we are now using git-hooks to pre-generate the snippet. This function injects that snippet.
|
||||
* param snippet: URI for the snippet
|
||||
* param tag: div tag to overwrite
|
||||
*/
|
||||
var http_request = false;
|
||||
http_request = new XMLHttpRequest();
|
||||
http_request.open("GET",snippet,true);
|
||||
http_request.setRequestHeader("Cache-Control", "no-cache");
|
||||
http_request.setRequestHeader("Pragma", "no-cache");
|
||||
http_request.onreadystatechange = function() {
|
||||
if (http_request.readyState == 4) {
|
||||
if (http_request.status == 200) {
|
||||
if (http_request.responseText != null) {
|
||||
document.getElementById(tag).innerHTML = http_request.responseText;
|
||||
} else {
|
||||
alert("Failed to receive RSS file from the server - file not found.");
|
||||
return false;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
http_request.send(null);
|
||||
}
|
@ -1,472 +0,0 @@
|
||||
/* Borrowed from https://rawgit.com/BenZuser/Emby-Web-Dark-Themes-CSS/master/RED/theme.css */
|
||||
/*
|
||||
_________________________________________________________________________
|
||||
------------------------- COLOR HEX & RGB CODES -------------------------
|
||||
|
||||
RED : #E81123 & (232, 17, 35)
|
||||
DARK COLOR : #94131E
|
||||
|
||||
ORANGE : #FF8000 & (255, 128, 0)
|
||||
DARK COLOR : #BF6000
|
||||
|
||||
ORANGE PLEX : #CC7B19 & (204, 123, 25)
|
||||
DARK COLOR : #B35A00
|
||||
|
||||
YELLOW : #BDBD00 & (189, 189, 0)
|
||||
DARK COLOR : #757500
|
||||
|
||||
GREEN : #52B54B & (82, 181, 75)
|
||||
DARK COLOR : #3E8437
|
||||
|
||||
BLUE : #4285F4 & (66, 133, 244)
|
||||
DARK COLOR : #0C57D6
|
||||
|
||||
BLUE DARK : #3367d6 & (51,103,214)
|
||||
BLUE DARK (DARK) : #1f4698
|
||||
|
||||
PURPLE : #673AB7 & (103, 58, 183)
|
||||
DARK COLOR : #3F2471
|
||||
|
||||
GRAY : #7F7F7F & (127, 127, 127)
|
||||
DARK COLOR : #535353
|
||||
|
||||
PINK : #F707DF & (247, 7, 223)
|
||||
DARK COLOR : #C604B3
|
||||
|
||||
*/
|
||||
/*
|
||||
_________________________________________________________________________
|
||||
----------------------- EMBY THEME : ACCENT COLORS ----------------------
|
||||
|
||||
---------- Table of Contents ----------
|
||||
|
||||
1. ACCENT COLORS
|
||||
1.1 Buttons
|
||||
1.1.1 Checkboxes
|
||||
1.1.2 Rectangles
|
||||
1.1.3 Links & Text buttons
|
||||
1.1.4 Others
|
||||
1.2 Details
|
||||
1.2.1 Circles
|
||||
1.2.2 Indicators
|
||||
1.2.3 Fonts
|
||||
1.2.4 Icons
|
||||
1.2.5 Dialogs & Action Sheets
|
||||
1.2.6 Others
|
||||
1.3 Fixes
|
||||
|
||||
2. MISCELLANEOUS MODIFICATIONS
|
||||
2.1 Buttons
|
||||
2.2 Details
|
||||
2.2.1 Scrollbars
|
||||
2.2.2 Logos
|
||||
2.2.3 Others
|
||||
2.3 Fixes
|
||||
2.3.1 Dark Colors
|
||||
|
||||
*/
|
||||
/* ------------------------ 1. ACCENT COLORS ------------------------- */
|
||||
/* ----- 1.1 Buttons ----- */
|
||||
/* 1.1.1 Checkboxes */
|
||||
.emby-checkbox:checked + span + span + .checkboxOutline > .checkboxOutlineTick {
|
||||
background-color: #E81123 !important; }
|
||||
|
||||
.emby-checkbox:checked + span + span + .checkboxOutline,
|
||||
.progressring-spiner {
|
||||
border-color: #E81123 !important; }
|
||||
|
||||
.emby-checkbox:focus + span + .emby-checkbox-focushelper {
|
||||
background-color: #E81123 !important;
|
||||
opacity: 0.26 !important; }
|
||||
|
||||
/* 1.1.2 Rectangles */
|
||||
.raised {
|
||||
background: #404040 !important;
|
||||
color: #fff !important; }
|
||||
|
||||
.button-submit, .button-accent {
|
||||
background: #E81123 !important;
|
||||
color: #fff; }
|
||||
|
||||
.raised-mini.emby-button {
|
||||
background: #E81123 !important;
|
||||
color: #ffffff !important; }
|
||||
|
||||
/* Restart */
|
||||
.btnRestartContainer.emby-button {
|
||||
background: #E81123 !important;
|
||||
color: #fff; }
|
||||
|
||||
/* Play & Resume */
|
||||
.btnPlaySimple.emby-button {
|
||||
background: #E81123 !important;
|
||||
color: #fff; }
|
||||
|
||||
.btnResume.emby-button {
|
||||
background: #94131E !important;
|
||||
color: #fff; }
|
||||
|
||||
/* 1.1.3 Links & Text buttons */
|
||||
.button-link, .button-flat-accent, .button-accent-flat,
|
||||
.textlink {
|
||||
color: #E81123 !important; }
|
||||
|
||||
.button-link:hover, .button-flat-accent:hover,
|
||||
.button-accent-flat:hover, .textlink:hover {
|
||||
color: #9b9b9b !important; }
|
||||
|
||||
.button-link:active, .button-flat-accent:active,
|
||||
.button-accent-flat:active, .textlink:active {
|
||||
color: #94131E !important; }
|
||||
|
||||
/* Top Header */
|
||||
.emby-tab-button-active {
|
||||
color: #E81123 !important; }
|
||||
|
||||
/* 1.1.4 Others */
|
||||
/* Alpha Picker */
|
||||
.alphaPickerButton-selected, .alphaPickerButton-tv:focus {
|
||||
background-color: #E81123 !important;
|
||||
color: #fff !important; }
|
||||
|
||||
/* Radio Buttons */
|
||||
.mdl-radio__inner-circle {
|
||||
background: #E81123 !important; }
|
||||
|
||||
.mdl-radio__button:checked + .mdl-radio__label + .mdl-radio__outer-circle {
|
||||
border: 2px solid #E81123 !important; }
|
||||
|
||||
.mdl-radio__button:checked:focus + .mdl-radio__label + .mdl-radio__outer-circle + .mdl-radio__inner-circle {
|
||||
-webkit-box-shadow: 0 0 0 10px rgba(232, 17, 35, 0.26) !important;
|
||||
box-shadow: 0 0 0 10px rgba(232, 17, 35, 0.26) !important; }
|
||||
|
||||
/* Control Group Buttons */
|
||||
div[data-role="controlgroup"] a.ui-btn-active[data-role='button'] {
|
||||
background: #E81123 !important;
|
||||
color: #ffffff !important; }
|
||||
|
||||
/* ----- 1.2 Details ----- */
|
||||
/* 1.2.1 Circles */
|
||||
/*.listItemIcon:not(.listItemIcon-transparent) {
|
||||
background-color: $accent-color !important; }*/
|
||||
.dashboardSection i.listItemIcon.md-icon {
|
||||
background-color: #E81123 !important; }
|
||||
|
||||
.scheduledTaskPaperIconItem[data-status="Running"] i.listItemIcon.md-icon {
|
||||
background-color: #94131E !important; }
|
||||
|
||||
/* Focus Helper circles */
|
||||
.paper-icon-button-light:focus {
|
||||
color: #E81123 !important; }
|
||||
|
||||
/* 1.2.2 Indicators */
|
||||
.countIndicator, .playedIndicator {
|
||||
background: #E81123 !important; }
|
||||
|
||||
.levelNormal {
|
||||
background-color: #E81123 !important; }
|
||||
|
||||
.fullSyncIndicator {
|
||||
background: #E81123 !important;
|
||||
color: #fff; }
|
||||
|
||||
.playstatebutton-played i, .ratingbutton-withrating i {
|
||||
color: #E81123 !important; }
|
||||
|
||||
p#pUpToDate i.md-icon {
|
||||
background-color: #E81123 !important; }
|
||||
|
||||
/* Loading Spinners */
|
||||
.mdl-spinner__layer-1, .mdl-spinner__layer-2, .mdl-spinner__layer-3,
|
||||
.mdl-spinner__layer-4 {
|
||||
border-color: #E81123 !important; }
|
||||
|
||||
.progressring-spiner {
|
||||
border: 0.25em solid #E81123 !important; }
|
||||
|
||||
/* 1.2.3 Fonts */
|
||||
.selectLabelFocused, .textareaLabelFocused, .inputLabelFocused {
|
||||
color: #E81123 !important; }
|
||||
|
||||
.secondary.listItemBodyText span, div#divRunningTasks span {
|
||||
color: #E81123 !important; }
|
||||
|
||||
/* 1.2.4 Icons */
|
||||
.starIcon, .mediaInfoTimerIcon {
|
||||
color: #E81123 !important; }
|
||||
|
||||
/* Top Header */
|
||||
.btnActiveCast {
|
||||
color: #E81123 !important; }
|
||||
|
||||
/* Now Playing Bar & Now Playing Page */
|
||||
.repeatActive,
|
||||
button.btnCommand.repeatToggleButton.autoSize.nowPlayingPageRepeatActive {
|
||||
color: #E81123 !important; }
|
||||
|
||||
/* 1.2.5 Dialogs & Action Sheets */
|
||||
/* 1.2.6 Others */
|
||||
/* General Accent Color Modifications */
|
||||
:focus {
|
||||
outline: #E81123 auto 5px; }
|
||||
|
||||
select:focus {
|
||||
border-color: #E81123 !important; }
|
||||
|
||||
::selection {
|
||||
background-color: #94131E !important; }
|
||||
|
||||
.emby-input:focus, .emby-textarea:focus {
|
||||
border-color: #E81123 !important; }
|
||||
|
||||
/* Google Now Playing Bar & Now Playing Page */
|
||||
.iconOsdProgressInner, .mdl-slider__background-lower, .sliderBubble,
|
||||
.mdl-slider::-webkit-slider-thumb {
|
||||
background: #E81123 !important; }
|
||||
|
||||
.mdl-slider:focus::-webkit-slider-thumb {
|
||||
-webkit-box-shadow: 0 0 0 10px rgba(232, 17, 35, 0.26);
|
||||
box-shadow: 0 0 0 10px rgba(232, 17, 35, 0.26) !important; }
|
||||
|
||||
/* Firefox Now Playing Bar & Now Playing Page */
|
||||
.mdl-slider::-moz-range-thumb, .mdl-slider::-moz-range-progress {
|
||||
background: #E81123 !important; }
|
||||
|
||||
.mdl-slider:focus::-moz-range-thumb {
|
||||
box-shadow: 0 0 0 10px rgba(232, 17, 35, 0.26) !important; }
|
||||
|
||||
/* Progress Bars */
|
||||
.itemProgressBarForeground {
|
||||
background-color: #E81123 !important; }
|
||||
|
||||
.taskProgressInner {
|
||||
background: #E81123 !important; }
|
||||
|
||||
/* Google Progress Bars */
|
||||
progress::-webkit-progress-value {
|
||||
background: #E81123 !important; }
|
||||
|
||||
/* Firefox Progress Bars */
|
||||
progress::-moz-progress-bar {
|
||||
background: #E81123 !important; }
|
||||
|
||||
/* Edge Progress Bars */
|
||||
progress {
|
||||
background: #E81123 !important; }
|
||||
|
||||
/* Main Drawers */
|
||||
.navMenuDivider {
|
||||
background: #262626 !important; }
|
||||
|
||||
.adminDrawerLogo {
|
||||
border-bottom: 1px solid #262626 !important; }
|
||||
|
||||
.mainDrawer {
|
||||
background: #181818 !important; }
|
||||
|
||||
.sidebarHeader {
|
||||
color: #bbbbbb !important; }
|
||||
|
||||
.navMenuOption {
|
||||
color: #ffffff !important; }
|
||||
|
||||
.navMenuOption.navMenuOption-selected {
|
||||
background: #252528 !important;
|
||||
color: #E81123 !important; }
|
||||
|
||||
.navMenuOption:hover {
|
||||
background: #252528 !important;
|
||||
color: #9b9b9b !important; }
|
||||
|
||||
/* Metadata Editor */
|
||||
div.jstree-wholerow.jstree-wholerow-clicked:hover,
|
||||
div.jstree-wholerow.jstree-wholerow-clicked,
|
||||
div.jstree-wholerow.jstree-wholerow-hovered {
|
||||
background: #252528 !important; }
|
||||
|
||||
.jstree-anchor.jstree-clicked,
|
||||
.jstree-anchor.jstree-clicked.jstree-hovered {
|
||||
background: #252528 !important;
|
||||
color: #E81123 !important; }
|
||||
|
||||
/* Multi-select */
|
||||
.itemSelectionPanel {
|
||||
border: 1px solid #E81123 !important; }
|
||||
|
||||
.selectionCommandsPanel {
|
||||
background: #E81123 !important;
|
||||
color: #fff; }
|
||||
|
||||
/* upNextDialog */
|
||||
.upNextDialog-countdownText {
|
||||
color: #E81123 !important; }
|
||||
|
||||
/* Selection Bars */
|
||||
.emby-select-selectionbar, .emby-textarea-selectionbar,
|
||||
.emby-input-selectionbar {
|
||||
background-color: #E81123 !important; }
|
||||
|
||||
/* Media Info Detail Image */
|
||||
.itemDetailImage.loaded:hover {
|
||||
border: 1px solid #E81123 !important; }
|
||||
|
||||
/* 1.3 Fixes */
|
||||
/* ------------------ 2. MISCELLANEOUS MODIFICATIONS ----------------- */
|
||||
/* ----- 2.1 Buttons ----- */
|
||||
/* Circles */
|
||||
.fab {
|
||||
background-color: transparent !important;
|
||||
-webkit-box-shadow: none !important;
|
||||
box-shadow: none !important;
|
||||
-webkit-transition: none !important;
|
||||
-o-transition: none !important;
|
||||
transition: none !important; }
|
||||
|
||||
/* ----- 2.2 Details ----- */
|
||||
/* 2.2.1 Scrollbars */
|
||||
/* Google Chrome */
|
||||
::-webkit-scrollbar-corner {
|
||||
background-color: #3B3B3B; }
|
||||
|
||||
::-webkit-scrollbar {
|
||||
width: 10px;
|
||||
height: 10px;
|
||||
background-color: #3B3B3B; }
|
||||
|
||||
::-webkit-scrollbar-thumb {
|
||||
-webkit-border-radius: 2px;
|
||||
border-radius: 2px;
|
||||
background: #888888; }
|
||||
|
||||
/* Google Chrome - Dashboard Drawer */
|
||||
div.scrollContainer.smoothScrollY::-webkit-scrollbar-corner {
|
||||
background-color: transparent !important; }
|
||||
|
||||
div.scrollContainer.smoothScrollY::-webkit-scrollbar {
|
||||
width: 2px;
|
||||
height: 2px;
|
||||
background-color: transparent !important; }
|
||||
|
||||
div.scrollContainer.smoothScrollY::-webkit-scrollbar-thumb {
|
||||
-webkit-border-radius: 2px;
|
||||
border-radius: 2px;
|
||||
background: #888888; }
|
||||
|
||||
/* Google Chrome - Filter Dialog */
|
||||
.dynamicFilterDialog::-webkit-scrollbar-corner {
|
||||
background-color: transparent !important; }
|
||||
|
||||
.dynamicFilterDialog::-webkit-scrollbar {
|
||||
width: 2px;
|
||||
height: 2px;
|
||||
background-color: transparent !important; }
|
||||
|
||||
.dynamicFilterDialog::-webkit-scrollbar-thumb {
|
||||
-webkit-border-radius: 2px;
|
||||
border-radius: 2px;
|
||||
background: #888888; }
|
||||
|
||||
/* 2.2.2 Logos */
|
||||
/* Login Page */
|
||||
.imgLogoIcon {
|
||||
content: url(https://cdn.rawgit.com/BenZuser/Emby-Dark-Themes-Resources/master/images/logos-and-icons/RED/logo.png) !important; }
|
||||
|
||||
/* Main Drawer Mobile */
|
||||
.adminDrawerLogo img {
|
||||
content: url(https://cdn.rawgit.com/BenZuser/Emby-Dark-Themes-Resources/master/images/logos-and-icons/RED/logo.png) !important; }
|
||||
|
||||
/* Home Page */
|
||||
.pageTitleWithLogo {
|
||||
background-image: url(https://cdn.rawgit.com/BenZuser/Emby-Dark-Themes-Resources/master/images/logos-and-icons/RED/logo.png) !important; }
|
||||
|
||||
/* 2.2.3 Others */
|
||||
/* CSS Box */
|
||||
#txtCustomCss {
|
||||
height: 300px !important;
|
||||
overflow-y: scroll !important; }
|
||||
|
||||
/* Select Box */
|
||||
select option {
|
||||
background-color: #2b2b2b !important;
|
||||
color: #ffffff !important; }
|
||||
|
||||
/* Dialogs */
|
||||
.formDialogHeader:not(.formDialogHeader-clear),
|
||||
.formDialogFooter:not(.formDialogFooter-clear) {
|
||||
background-color: #121212 !important;
|
||||
color: #fff; }
|
||||
|
||||
/* Headers */
|
||||
.skinHeader {
|
||||
background-color: #080808 !important;
|
||||
color: #fff !important; }
|
||||
|
||||
.skinHeader-withBackground {
|
||||
background-color: #080808 !important; }
|
||||
|
||||
@supports (backdrop-filter: blur(1.5em)) or (-webkit-backdrop-filter: blur(1.5em)) {
|
||||
.skinHeader-blurred {
|
||||
background: rgba(20, 20, 20, 0.7) !important;
|
||||
-webkit-backdrop-filter: blur(1.5em) !important;
|
||||
backdrop-filter: blur(1.5em) !important; } }
|
||||
.skinHeader.semiTransparent {
|
||||
-webkit-backdrop-filter: none !important;
|
||||
backdrop-filter: none !important;
|
||||
background-color: rgba(0, 0, 0, 0.4) !important;
|
||||
background-image: -webkit-gradient(linear, left top, left bottom, color-stop(10%, rgba(0, 0, 0, 0.7)), color-stop(10%, transparent)) !important;
|
||||
background-image: -webkit-linear-gradient(top, rgba(0, 0, 0, 0.7) 10%, transparent) !important;
|
||||
background-image: -moz-linear-gradient(top, rgba(0, 0, 0, 0.7) 10%, transparent) !important;
|
||||
background-image: -o-linear-gradient(top, rgba(0, 0, 0, 0.7) 10%, transparent) !important;
|
||||
background-image: linear-gradient(to bottom, rgba(0, 0, 0, 0.7) 10%, transparent) !important; }
|
||||
|
||||
.appfooter {
|
||||
background: #080808 !important;
|
||||
color: #fff !important; }
|
||||
|
||||
@supports (backdrop-filter: blur(10px)) or (-webkit-backdrop-filter: blur(10px)) {
|
||||
.appfooter-blurred {
|
||||
background: rgba(24, 24, 24, 0.7) !important;
|
||||
-webkit-backdrop-filter: blur(20px) !important;
|
||||
backdrop-filter: blur(20px) !important; } }
|
||||
/* TV Global Modifications */
|
||||
.emby-tab-button-active.emby-button-tv {
|
||||
color: #fff !important; }
|
||||
|
||||
.guide-channelHeaderCell, .guide-channelTimeslotHeader {
|
||||
background: #2e2e2e !important; }
|
||||
|
||||
.guide-programTextIcon {
|
||||
color: #1e1e1e !important;
|
||||
background: #555 !important; }
|
||||
|
||||
.guide-headerTimeslots {
|
||||
color: #ccc !important; }
|
||||
|
||||
/* ----- 2.3 Fixes ----- */
|
||||
/* 2.3.1 Dark Colors */
|
||||
.autoorganizetable tbody tr:nth-child(odd) td, .autoorganizetable tbody tr:nth-child(odd) th {
|
||||
background-color: #222326 !important; }
|
||||
|
||||
.autoorganizetable > .table > tbody > tr {
|
||||
border: 1px solid #222326 !important; }
|
||||
|
||||
/*
|
||||
_____________________________________________________________________
|
||||
|
||||
Emby Dark Themes is maintained by Ben Z (BenZuser)
|
||||
with the contribution of Happy2Play.
|
||||
_____________________________________________________________________
|
||||
|
||||
*/
|
||||
/* TEMPORARY FIXES */
|
||||
/* Links */
|
||||
.searchSuggestionsList a, .noItemsMessage a, a.lnkPremiere {
|
||||
color: #E81123 !important; }
|
||||
|
||||
.searchSuggestionsList a:hover, .noItemsMessage a:hover,
|
||||
a.lnkPremiere:hover {
|
||||
color: #9b9b9b !important; }
|
||||
|
||||
.searchSuggestionsList a:active, .noItemsMessage a:active,
|
||||
a.lnkPremiere:active {
|
||||
color: #94131E !important; }
|
File diff suppressed because one or more lines are too long
@ -1,271 +0,0 @@
|
||||
<!DOCTYPE html>
|
||||
<html lang="en-US" class="theme-">
|
||||
<head data-suburl="">
|
||||
<meta charset="utf-8">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1">
|
||||
<meta http-equiv="x-ua-compatible" content="ie=edge">
|
||||
<title> AniNIX </title>
|
||||
<link rel="manifest" href="/manifest.json" crossorigin="use-credentials">
|
||||
<meta name="theme-color" content="#ff0000">
|
||||
<meta name="author" content="AniNIX::Foundation" />
|
||||
<meta name="description" content="AniNIX::Foundation \\ Code, documentation, and information sharing powered by Gitea (git with a cup of tea)" />
|
||||
<meta name="keywords" content="go,git,self-hosted,gitea,aninix,aninix::foundation">
|
||||
<meta name="referrer" content="no-referrer" />
|
||||
<meta name="_csrf" content="iI1Kkrppem-yCnHGCll-UshSK6A6MTYwMDcwNjM3MTUxOTU5NzYxNg" />
|
||||
|
||||
|
||||
|
||||
|
||||
<script>
|
||||
/*
|
||||
@licstart The following is the entire license notice for the
|
||||
JavaScript code in this page.
|
||||
|
||||
Copyright (c) 2016 The Gitea Authors
|
||||
Copyright (c) 2015 The Gogs Authors
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
of this software and associated documentation files (the "Software"), to deal
|
||||
in the Software without restriction, including without limitation the rights
|
||||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
copies of the Software, and to permit persons to whom the Software is
|
||||
furnished to do so, subject to the following conditions:
|
||||
|
||||
The above copyright notice and this permission notice shall be included in
|
||||
all copies or substantial portions of the Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
||||
THE SOFTWARE.
|
||||
---
|
||||
Licensing information for additional javascript libraries can be found at:
|
||||
{{StaticUrlPrefix}}/vendor/librejs.html
|
||||
|
||||
@licend The above is the entire license notice
|
||||
for the JavaScript code in this page.
|
||||
*/
|
||||
</script>
|
||||
<script>
|
||||
window.config = {
|
||||
AppVer: '1.12.4',
|
||||
AppSubUrl: '',
|
||||
StaticUrlPrefix: '',
|
||||
UseServiceWorker: true ,
|
||||
csrf: 'iI1Kkrppem-yCnHGCll-UshSK6A6MTYwMDcwNjM3MTUxOTU5NzYxNg',
|
||||
HighlightJS: false,
|
||||
Minicolors: false,
|
||||
SimpleMDE: false,
|
||||
Tribute: false,
|
||||
U2F: false,
|
||||
Heatmap: false,
|
||||
heatmapUser: null,
|
||||
NotificationSettings: {
|
||||
MinTimeout: 10000 ,
|
||||
TimeoutStep: 10000 ,
|
||||
MaxTimeout: 60000 ,
|
||||
EventSourceUpdateTime: 10000 ,
|
||||
},
|
||||
|
||||
};
|
||||
</script>
|
||||
<link rel="shortcut icon" href="/img/favicon.png">
|
||||
<link rel="mask-icon" href="/img/gitea-safari.svg" color="#609926">
|
||||
<link rel="fluid-icon" href="/img/gitea-lg.png" title="AniNIX">
|
||||
<link rel="stylesheet" href="/vendor/assets/font-awesome/css/font-awesome.min.css">
|
||||
|
||||
|
||||
|
||||
<link rel="stylesheet" href="/fomantic/semantic.min.css?v=d8d448774563cec3783c3b65d4e914b6">
|
||||
<link rel="stylesheet" href="/css/index.css?v=d8d448774563cec3783c3b65d4e914b6">
|
||||
<noscript>
|
||||
<style>
|
||||
.dropdown:hover > .menu { display: block; }
|
||||
.ui.secondary.menu .dropdown.item > .menu { margin-top: 0; }
|
||||
</style>
|
||||
</noscript>
|
||||
|
||||
<style class="list-search-style"></style>
|
||||
|
||||
<meta property="og:title" content="AniNIX">
|
||||
<meta property="og:type" content="website" />
|
||||
<meta property="og:image" content="/img/gitea-lg.png" />
|
||||
<meta property="og:url" content="https://foundation.aninix.net/" />
|
||||
<meta property="og:description" content="AniNIX::Foundation \\ Code, documentation, and information sharing powered by Gitea (git with a cup of tea)">
|
||||
|
||||
<meta property="og:site_name" content="AniNIX" />
|
||||
|
||||
<link rel="stylesheet" href="/css/theme-aninix.css?v=d8d448774563cec3783c3b65d4e914b6">
|
||||
|
||||
<link rel="icon" type="image/png" href="/img/AniNIX.png" />
|
||||
<link rel="alternate" type="application/rss+xml" title="AniNIX::RSS" href="/aninix.xml" />
|
||||
<link rel='apple-touch-icon' sizes='180x180' href='/img/AniNIX.png' />
|
||||
<meta name='apple-mobile-web-app-capable' content='yes' />
|
||||
|
||||
</head>
|
||||
<body>
|
||||
|
||||
|
||||
<div class="full height">
|
||||
<noscript>This website works better with JavaScript.</noscript>
|
||||
|
||||
|
||||
|
||||
|
||||
<div class="ui top secondary stackable main menu following bar light">
|
||||
<div class="ui container" id="navbar">
|
||||
<div class="item brand" style="justify-content: space-between;">
|
||||
<a href="/">
|
||||
<img class="ui mini image" src="/img/gitea-sm.png">
|
||||
</a>
|
||||
<div class="ui basic icon button mobile-only" id="navbar-expand-toggle">
|
||||
<i class="sidebar icon"></i>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
|
||||
<a class="item active" href="/">Home</a>
|
||||
<a class="item " href="/explore/repos">Explore</a>
|
||||
|
||||
|
||||
<a class="item" target="_blank" id="chat" href="https://irc.aninix.net/">Chat</a>
|
||||
<a class="item" target="_blank" id="pwdchange" href="https://password.aninix.net/">Change Password</a>
|
||||
<a class="item" id="martialarts" href="/martialarts/">Martial Arts</a>
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
<a class="item" target="_blank" rel="noopener noreferrer" href="https://docs.gitea.io">Help</a>
|
||||
<div class="right stackable menu">
|
||||
|
||||
<a class="item" href="/user/sign_up">
|
||||
<svg class="svg octicon-person" width="16" height="16" aria-hidden="true"><use xlink:href="#octicon-person" /></svg> Register
|
||||
</a>
|
||||
|
||||
<a class="item" rel="nofollow" href="/user/login?redirect_to=">
|
||||
<svg class="svg octicon-sign-in" width="16" height="16" aria-hidden="true"><use xlink:href="#octicon-sign-in" /></svg> Sign In
|
||||
</a>
|
||||
</div>
|
||||
|
||||
</div>
|
||||
|
||||
</div>
|
||||
|
||||
|
||||
|
||||
|
||||
<div class="home">
|
||||
<h2>Thank you for your purchase!</h2>
|
||||
<footer>
|
||||
<div class="ui container">
|
||||
<div class="ui left">
|
||||
Powered by Gitea Page: <strong>0ms</strong> Template: <strong>0ms</strong>
|
||||
</div>
|
||||
<div class="ui right links">
|
||||
|
||||
<div class="ui language bottom floating slide up dropdown link item">
|
||||
<i class="world icon"></i>
|
||||
<div class="text">English</div>
|
||||
<div class="menu">
|
||||
|
||||
<a lang="en-US" class="item active selected" href="#">English</a>
|
||||
|
||||
<a lang="zh-CN" class="item " href="?lang=zh-CN">简体中文</a>
|
||||
|
||||
<a lang="zh-HK" class="item " href="?lang=zh-HK">繁體中文(香港)</a>
|
||||
|
||||
<a lang="zh-TW" class="item " href="?lang=zh-TW">繁體中文(台灣)</a>
|
||||
|
||||
<a lang="de-DE" class="item " href="?lang=de-DE">Deutsch</a>
|
||||
|
||||
<a lang="fr-FR" class="item " href="?lang=fr-FR">français</a>
|
||||
|
||||
<a lang="nl-NL" class="item " href="?lang=nl-NL">Nederlands</a>
|
||||
|
||||
<a lang="lv-LV" class="item " href="?lang=lv-LV">latviešu</a>
|
||||
|
||||
<a lang="ru-RU" class="item " href="?lang=ru-RU">русский</a>
|
||||
|
||||
<a lang="uk-UA" class="item " href="?lang=uk-UA">Українська</a>
|
||||
|
||||
<a lang="ja-JP" class="item " href="?lang=ja-JP">日本語</a>
|
||||
|
||||
<a lang="es-ES" class="item " href="?lang=es-ES">español</a>
|
||||
|
||||
<a lang="pt-BR" class="item " href="?lang=pt-BR">português do Brasil</a>
|
||||
|
||||
<a lang="pl-PL" class="item " href="?lang=pl-PL">polski</a>
|
||||
|
||||
<a lang="bg-BG" class="item " href="?lang=bg-BG">български</a>
|
||||
|
||||
<a lang="it-IT" class="item " href="?lang=it-IT">italiano</a>
|
||||
|
||||
<a lang="fi-FI" class="item " href="?lang=fi-FI">suomi</a>
|
||||
|
||||
<a lang="tr-TR" class="item " href="?lang=tr-TR">Türkçe</a>
|
||||
|
||||
<a lang="cs-CZ" class="item " href="?lang=cs-CZ">čeština</a>
|
||||
|
||||
<a lang="sr-SP" class="item " href="?lang=sr-SP">српски</a>
|
||||
|
||||
<a lang="sv-SE" class="item " href="?lang=sv-SE">svenska</a>
|
||||
|
||||
<a lang="ko-KR" class="item " href="?lang=ko-KR">한국어</a>
|
||||
|
||||
</div>
|
||||
</div>
|
||||
<a href="/vendor/librejs.html" data-jslicense="1">JavaScript licenses</a>
|
||||
<a href="/api/swagger">API</a>
|
||||
<a target="_blank" rel="noopener noreferrer" href="https://gitea.io">Website</a>
|
||||
|
||||
|
||||
</div>
|
||||
</div>
|
||||
</footer>
|
||||
|
||||
|
||||
<script src="/js/jquery.js?v=d8d448774563cec3783c3b65d4e914b6"></script>
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
<script src="/fomantic/semantic.min.js?v=d8d448774563cec3783c3b65d4e914b6"></script>
|
||||
<script src="/js/index.js?v=d8d448774563cec3783c3b65d4e914b6"></script>
|
||||
|
||||
<script type="text/javascript">
|
||||
var _gaq = _gaq || [];
|
||||
_gaq.push(['_setAccount', 'UA-18148792-3']);
|
||||
_gaq.push(['_trackPageview']);
|
||||
|
||||
(function() {
|
||||
var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
|
||||
ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
|
||||
var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
|
||||
})();
|
||||
|
||||
</script>
|
||||
|
||||
<script src="https://redalert.battleforthenet.com/widget.js" async></script>
|
||||
|
||||
<script type="text/javascript">
|
||||
document.getElementsByClassName('brand')[0].children[0].children[0].src="/img/AniNIX.png";
|
||||
$('meta[property=og\\:image]').attr('content', '/img/AniNIX.png');
|
||||
$('link[rel="mask-icon"]').attr('href', '/img/AniNIX.png');
|
||||
$('link[rel="mask-icon"]').attr('color', '#000000');
|
||||
document.getElementsById("pwdchange").setAttribute("target","_blank");
|
||||
document.getElementsById("chat").setAttribute("target","_blank");
|
||||
</script>
|
||||
|
||||
|
||||
|
||||
</body>
|
||||
</html>
|
@ -1,16 +1,3 @@
|
||||
<!-- Google Analytics -->
|
||||
<script type="text/javascript">
|
||||
var _gaq = _gaq || [];
|
||||
_gaq.push(['_setAccount', 'UA-18148792-3']);
|
||||
_gaq.push(['_trackPageview']);
|
||||
|
||||
(function() {
|
||||
var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
|
||||
ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
|
||||
var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
|
||||
})();
|
||||
|
||||
</script>
|
||||
<!-- Replace Gitea icon with AniNIX -->
|
||||
<script type="text/javascript">
|
||||
document.getElementById('navbar').children[0].children[0].children[0].src="/assets/img/AniNIX.png";
|
||||
@ -20,5 +7,3 @@ _gaq.push(['_trackPageview']);
|
||||
document.getElementById("pwdchange").setAttribute("target","_blank");
|
||||
document.getElementById("chat").setAttribute("target","_blank");
|
||||
</script>
|
||||
|
||||
|
||||
|
@ -2,3 +2,4 @@
|
||||
<link rel="alternate" type="application/rss+xml" title="AniNIX/RSS" href="/aninix.xml" />
|
||||
<link rel='apple-touch-icon' sizes='180x180' href='/assets/img/AniNIX.png' />
|
||||
<meta name='apple-mobile-web-app-capable' content='yes' />
|
||||
<script src="/assets/js/aninix.js"></script>
|
||||
|
@ -17,7 +17,7 @@
|
||||
<div class="ui stackable middle very relaxed page grid">
|
||||
<div class="eight wide center column">
|
||||
<h1 class="hero ui icon header">
|
||||
<img width=20px height=20px src='/assets/img/icons/FoundationIcon.png'/>
|
||||
<img width=20px height=20px src='/assets/img/icons/Foundation.png'/>
|
||||
<a href="https://foundation.aninix.net/explore/repos">Open source security</a>
|
||||
</h1>
|
||||
<p class="large">
|
||||
@ -26,7 +26,7 @@
|
||||
</div>
|
||||
<div class="eight wide center column">
|
||||
<h1 class="hero ui icon header">
|
||||
<img width=20px height=20px src='/assets/img/icons/IRCIcon.png'/>
|
||||
<img width=20px height=20px src='/assets/img/icons/IRC.png'/>
|
||||
<a href='ircs://aninix.net:6697/#lobby'>Contact us anytime</a>
|
||||
</h1>
|
||||
<p class="large">
|
||||
@ -36,7 +36,7 @@
|
||||
<div class="ui stackable middle very relaxed page grid">
|
||||
<div class="eight wide center column">
|
||||
<h1 class="hero ui icon header">
|
||||
<img width=20px height=20px src="/assets/img/icons/WikiIcon.png"/>
|
||||
<img width=20px height=20px src="/assets/img/icons/Wiki.png"/>
|
||||
<a href="/AniNIX/Wiki">Open documentation</a>
|
||||
</h1>
|
||||
<p class="large">
|
||||
@ -45,11 +45,11 @@
|
||||
</div>
|
||||
<div class="eight wide center column">
|
||||
<h1 class="hero ui icon header">
|
||||
<img width=20px height=20x src="/assets/img/icons/MaatIcon.png"/>
|
||||
<img width=20px height=20x src="/assets/img/icons/Maat.png"/>
|
||||
<a href="https://maat.aninix.net/">Downloads</a>
|
||||
</h1>
|
||||
<p class="large">
|
||||
We offer downloads from our AniNIX::Maat continuous-deployment system, including static files and packages for <a href="https://archlinux.org/">ArchLinux-style distributions.</a>
|
||||
We offer downloads from our AniNIX/Maat continuous-deployment system, including static files and packages for <a href="https://archlinux.org/">ArchLinux-style distributions.</a>
|
||||
</p>
|
||||
</div>
|
||||
</div>
|
||||
@ -60,13 +60,19 @@
|
||||
<p>We host a number of web apps to make our users' lives easier.
|
||||
</div>
|
||||
<div class="ui stackable middle very relaxed page grid">
|
||||
<div class="four wide center column"><a title="AniNIX/Singularity" href="https://singularity.aninix.net"><img style="width: 50px; height:auto; margin: 0; padding: 0 auto;" alt=RSS src="/assets/img/icons/SingularityIcon.png" /><p>AniNIX/Singularity (News powered by TT-RSS)</p></a></div>
|
||||
<div class="four wide center column"><a title="AniNIX/Yggdrasil" href="https://yggdrasil.aninix.net"><img style="width: 50px; height:auto; margin: 0; padding: 0 auto;" src="/assets/img/icons/YggdrasilIcon.png" /><p>AniNIX/Yggdrasil (Media powered by Emby)</p></a></div>
|
||||
<div class="four wide center column"><a title="AniNIX/Sharingan" href="https://sharingan.aninix.net"><img src="/assets/img/icons/SharinganIcon.png" style="width: 50px; height:auto; margin: 0; padding: 0 auto;" /><p>AniNIX/Sharingan (Monitoring powered by Nagios)</p></a></div>
|
||||
<div class="four wide center column"><a title="AniNIX/WolfPack" href="https://wolfpack.aninix.net"><img src="/assets/img/icons/WolfPackIcon.png" style="width: 50px; height:auto; margin: 0; padding: 0 auto;" /><p>AniNIX/WolfPack (Botnet download results)</p></a></div>
|
||||
<div class="four wide center column"><a title="AniNIX/Singularity" href="https://singularity.aninix.net"><img style="width: 50px; height:auto; margin: 0; padding: 0 auto;" alt=RSS src="/assets/img/icons/Singularity.png" /><p>AniNIX/Singularity (News powered by TT-RSS)</p></a></div>
|
||||
<div class="four wide center column"><a title="AniNIX/Yggdrasil" href="https://yggdrasil.aninix.net"><img style="width: 50px; height:auto; margin: 0; padding: 0 auto;" src="/assets/img/icons/Yggdrasil.png" /><p>AniNIX/Yggdrasil (Media powered by Emby)</p></a></div>
|
||||
<div class="four wide center column"><a title="AniNIX/Sharingan" href="https://sharingan.aninix.net"><img src="/assets/img/icons/Sharingan.png" style="width: 50px; height:auto; margin: 0; padding: 0 auto;" /><p>AniNIX/Sharingan (Monitoring powered by Graylog)</p></a></div>
|
||||
<div class="four wide center column"><a title="AniNIX/Cyberbrain" href="https://cyberbrain.aninix.net"><img src="/assets/img/icons/Cyberbrain.png" style="width: 50px; height:auto; margin: 0; padding: 0 auto;" /><p>AniNIX/Cyberbrain (SFTP Dropbox)</p></a></div>
|
||||
</div>
|
||||
</div>
|
||||
<hr style="margin-top: 50px;" />
|
||||
<div class="sixteen wide center aligned centered column">
|
||||
<div class="hero" id="latest-news"></div>
|
||||
<script type="text/javascript">
|
||||
insertNewsSnippet("https://aninix.net/assets/rss-snippets/aninix","latest-news");
|
||||
</script>
|
||||
</div>
|
||||
<div class="sixteen wide center aligned centered column">
|
||||
<div class="hero">
|
||||
<h2>Follow us on social media</h2>
|
||||
|
@ -2,7 +2,7 @@
|
||||
<div class="sixteen wide center aligned centered column">
|
||||
<!--<div class="ui negative message"><p>We are open despite COVID-19 -- those attending in person will need to sign a waiver of health and follow all state requirements, including wearing a mask.</p></div>-->
|
||||
<div>
|
||||
<img class="logo" src="/assets/img/icons/MartialArtsIcon.png" />
|
||||
<img class="logo" src="/assets/img/icons/MartialArts.png" />
|
||||
</div>
|
||||
<div class="hero">
|
||||
<h1 class="ui icon header title">
|
||||
@ -16,7 +16,7 @@
|
||||
<div class="ui stackable middle very relaxed page grid">
|
||||
<div class="eight wide center column">
|
||||
<h1 class="hero ui icon header">
|
||||
<img width=20px height=20px src='/assets/img/icons/FoundationIcon.png'/>
|
||||
<img width=20px height=20px src='/assets/img/icons/Foundation.png'/>
|
||||
<a href="/mawiki">Open-source</a>
|
||||
</h1>
|
||||
<p class="large">
|
||||
@ -35,13 +35,13 @@
|
||||
<div class="ui stackable middle very relaxed page grid">
|
||||
<div class="eight wide center column">
|
||||
<h1 class="hero ui icon header">
|
||||
<img width=20px height=20px src="/assets/img/icons/MartialArtsIcon.png"/>
|
||||
<img width=20px height=20px src="/assets/img/icons/MartialArts.png"/>
|
||||
<a href="/martialarts/index.html#storefront">Low-cost</a>
|
||||
</h1>
|
||||
<p class="large">We are non-profit group -- we train because we feel like it makes life better, not to make money. As such, our costs are publicly documented and our rates match the same. Classes will be informed of potential changes to costs well in advance, and we use recurring payments. We want you thinking about your training, not how you're going to pay for it.</p>
|
||||
<p class="large">
|
||||
<ul style="text-align: left;">
|
||||
<li><b>Cost:</b> $10 per month in-person; $5 per month livestream -- pay below.</li>
|
||||
<li><b>Cost:</b> Free</li>
|
||||
<li><b>Lessons:</b>Tuesdays 7-8:30 p.m.</li>
|
||||
<li><b>Sparring:</b>Tuesdays 6-7 p.m.</li>
|
||||
<li><b>Shaolin Workouts:</b> Saturday mornings at 8 a.m. </li>
|
||||
@ -51,7 +51,7 @@
|
||||
</div>
|
||||
<div class="eight wide center column">
|
||||
<h1 class="hero ui icon header">
|
||||
<img width=20px height=20x src="/assets/img/icons/IRCIcon.png"/>
|
||||
<img width=20px height=20x src="/assets/img/icons/IRC.png"/>
|
||||
<a href="/martialarts/index.html#social">Real-life First</a>
|
||||
</h1>
|
||||
<p class="large">
|
||||
@ -62,6 +62,10 @@
|
||||
</div>
|
||||
</div>
|
||||
<hr style="margin-top: 50px;" />
|
||||
<div class="ui stackable middle very relaxed page grid" id="latest-news"></div>
|
||||
<script type="text/javascript">
|
||||
insertNewsSnippet("https://aninix.net/assets/rss-snippets/maqotw","latest-news");
|
||||
</script>
|
||||
<div class="ui stackable middle very relaxed page grid" id="social">
|
||||
<div class="sixteen wide center aligned centered column">
|
||||
<div class="hero">
|
||||
|
@ -1,107 +0,0 @@
|
||||
<div class="ui stackable middle very relaxed page grid">
|
||||
<script src="https://js.stripe.com/v3"></script>
|
||||
<div class="sixteen wide center aligned centered column">
|
||||
<h1 class="ui icon header title">
|
||||
AniNIX
|
||||
</h1>
|
||||
<h2>Our Storefront</h2>
|
||||
<p>We have limited service offerings available. Please contact an admin on IRC first to arrange the contract, then use the item below to pay the invoice.</p>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="ui stackable middle very relaxed page grid">
|
||||
<div class="sixteen wide center column" >
|
||||
<h1 class="hero ui icon header">
|
||||
<img width=20px height=20px src='/assets/img/icons/CoreIcon.png'/>
|
||||
Cybersecurity Consulting
|
||||
</h1>
|
||||
<p class="large">The AniNIX offers cybersecurity consulting and advice services on a limited basis. We bill at $20 an hour -- please select your need below after negotiating with an admin.</p>
|
||||
<p class="large">
|
||||
<form action="./storefront.html" id="hours">
|
||||
<label for="hourcount">Hours required</label>
|
||||
<select name="hourcount" id="hourscount">
|
||||
<option value="1">1</option>
|
||||
<option value="2">2</option>
|
||||
<option value="3">3</option>
|
||||
<option value="4">4</option>
|
||||
<option value="5">5</option>
|
||||
<option value="6">6</option>
|
||||
<option value="7">7</option>
|
||||
<option value="8">8</option>
|
||||
<option value="9">9</option>
|
||||
<option value="10">10</option>
|
||||
<option value="11">11</option>
|
||||
<option value="12">12</option>
|
||||
<option value="13">13</option>
|
||||
<option value="14">14</option>
|
||||
<option value="15">15</option>
|
||||
<option value="16">16</option>
|
||||
<option value="17">17</option>
|
||||
<option value="18">18</option>
|
||||
<option value="19">19</option>
|
||||
<option value="20">20</option>
|
||||
</select>
|
||||
<br/>
|
||||
</form>
|
||||
<!-- START STRIPE CODE -->
|
||||
|
||||
<!-- Create a button that your customers click to complete their purchase. Customize the styling to suit your branding. -->
|
||||
<button
|
||||
style="background-color:#6772E5;color:#FFF;padding:8px 12px;border:0;border-radius:4px;font-size:1em"
|
||||
id="checkout-button-price_1HTuehI49P1uFPoXCW9pJg5E"
|
||||
role="link"
|
||||
type="button"
|
||||
>
|
||||
Checkout
|
||||
</button>
|
||||
|
||||
<div id="error-message"></div>
|
||||
|
||||
<script>
|
||||
(function() {
|
||||
var stripe = Stripe('pk_live_51HThYnI49P1uFPoX5ARnHSpT9D08Gbfux6O25waFLpPBsnZoLDuqopFAZeLfu0CbbICxEnPZOOLkDLTlcNjkazs100ElKcF2QX');
|
||||
|
||||
var checkoutButton = document.getElementById('checkout-button-price_1HTuehI49P1uFPoXCW9pJg5E');
|
||||
checkoutButton.addEventListener('click', function () {
|
||||
// When the customer clicks on the button, redirect
|
||||
// them to Checkout.
|
||||
stripe.redirectToCheckout({
|
||||
lineItems: [{price: 'price_1HTuehI49P1uFPoXCW9pJg5E', quantity: parseInt(document.getElementById('hourscount').value)}],
|
||||
mode: 'payment',
|
||||
// Do not rely on the redirect to the successUrl for fulfilling
|
||||
// purchases, customers may not always reach the success_url after
|
||||
// a successful payment.
|
||||
// Instead use one of the strategies described in
|
||||
// https://stripe.com/docs/payments/checkout/fulfill-orders
|
||||
successUrl: window.location.protocol + '//aninix.net/pay/thank-you.html',
|
||||
cancelUrl: window.location.protocol + '//aninix.net/pay/storefront.html',
|
||||
})
|
||||
.then(function (result) {
|
||||
if (result.error) {
|
||||
// If `redirectToCheckout` fails due to a browser or network
|
||||
// error, display the localized error message to your customer.
|
||||
var displayError = document.getElementById('error-message');
|
||||
displayError.textContent = result.error.message;
|
||||
}
|
||||
});
|
||||
});
|
||||
})();
|
||||
</script>
|
||||
<! -- END STRIPE CODE -->
|
||||
</p>
|
||||
</div>
|
||||
</div>
|
||||
<div class="ui stackable middle very relaxed page grid">
|
||||
<div class="sixteen wide center column" >
|
||||
<hr style="margin-top: 50px;" />
|
||||
<h2>Donate</h2>
|
||||
<p>If you like what we do, you can also donate on one of these platforms:</p>
|
||||
<ul style="width:500px;text-align: left;margin:auto;">
|
||||
<li><a href="https://store.steampowered.com/wishlist/id/darkfeather664/#sort=order">Steam (games)</a></li>
|
||||
<li><a href="https://www.amazon.com/hz/wishlist/ls/3CORZU03RNWST?ref_=wl_share">Amazon (hardware)</a></li>
|
||||
<li>BTC 38Nd3SgytdvSmcX3gfHeNAE2B6aPyYbS7s</li>
|
||||
<li>Coinbase USDC 0x21a05e628Ed622F7594f62Ea3C764bAEF7fE3Bf3</li>
|
||||
</ul>
|
||||
</div>
|
||||
</div>
|
@ -1,12 +0,0 @@
|
||||
<div class="ui stackable middle very relaxed page grid">
|
||||
<div class="sixteen wide center aligned centered column">
|
||||
<div>
|
||||
<img class="logo" src="/assets/img/icons/CoreIcon.png" />
|
||||
</div>
|
||||
<div class="hero">
|
||||
<h2 class="ui icon header title">
|
||||
Thank you for your purchase!
|
||||
</h2>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
@ -5,12 +5,6 @@
|
||||
name:
|
||||
- gitea
|
||||
|
||||
- name: BitBot
|
||||
become: yes
|
||||
git:
|
||||
repo: https://github.com/jesopo/bitbot.git
|
||||
dest: /opt/bitbot
|
||||
|
||||
- name: Make directories
|
||||
become: yes
|
||||
file:
|
||||
@ -27,7 +21,7 @@
|
||||
register: config
|
||||
template:
|
||||
src: app.ini.j2
|
||||
dest: /var/lib/gitea/custom/conf/app.ini
|
||||
dest: /etc/gitea/app.ini
|
||||
owner: gitea
|
||||
group: gitea
|
||||
mode: 0750
|
||||
@ -53,7 +47,7 @@
|
||||
become: yes
|
||||
get_url:
|
||||
url: https://github.com/BenZuser/Emby-Web-Dark-Themes-CSS/raw/master/RED/theme.css
|
||||
dest: /var/lib/gitea/custom/public/css/emby-web-dark-theme-BenZuser.css
|
||||
dest: /var/lib/gitea/custom/public/assets/css/emby-web-dark-theme-BenZuser.css
|
||||
owner: gitea
|
||||
group: gitea
|
||||
|
||||
@ -65,23 +59,6 @@
|
||||
owner: gitea
|
||||
group: gitea
|
||||
|
||||
- name: Service file
|
||||
become: yes
|
||||
register: servicefile
|
||||
copy:
|
||||
src: foundation.service
|
||||
dest: /usr/lib/systemd/system
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0755
|
||||
|
||||
- name: Ensure default service disabled
|
||||
become: yes
|
||||
service:
|
||||
name: gitea
|
||||
state: stopped
|
||||
enabled: no
|
||||
|
||||
- name: Generate pages
|
||||
become: yes
|
||||
register: custompages
|
||||
@ -89,8 +66,8 @@
|
||||
|
||||
- name: Restart service
|
||||
become: yes
|
||||
when: config.changed or servicefile.changed or custompages.changed
|
||||
when: config.changed or custompages.changed
|
||||
service:
|
||||
name: foundation
|
||||
name: gitea
|
||||
state: restarted
|
||||
enabled: yes
|
||||
|
@ -8,35 +8,36 @@ APP_NAME = AniNIX
|
||||
RUN_USER = gitea
|
||||
; Either "dev", "prod" or "test", default is "dev"
|
||||
RUN_MODE = prod
|
||||
WORK_PATH = /var/lib/gitea
|
||||
|
||||
[repository]
|
||||
ROOT = repos
|
||||
SCRIPT_TYPE = bash
|
||||
ROOT = repos
|
||||
SCRIPT_TYPE = bash
|
||||
; Default ANSI charset
|
||||
ANSI_CHARSET =
|
||||
ANSI_CHARSET =
|
||||
; Force every new repository to be private
|
||||
FORCE_PRIVATE = false
|
||||
FORCE_PRIVATE = false
|
||||
; Default privacy setting when creating a new repository, allowed values: last, private, public. Default is last which means the last setting used.
|
||||
DEFAULT_PRIVATE = last
|
||||
DEFAULT_PRIVATE = last
|
||||
; Global limit of repositories per user, applied at creation time. -1 means no limit
|
||||
MAX_CREATION_LIMIT = -1
|
||||
MAX_CREATION_LIMIT = -1
|
||||
; Preferred Licenses to place at the top of the List
|
||||
; The name here must match the filename in conf/license or custom/conf/license
|
||||
PREFERRED_LICENSES = AniNIX-WTFPL
|
||||
PREFERRED_LICENSES = AniNIX-WTFPL
|
||||
; Disable the ability to interact with repositories using the HTTP protocol
|
||||
DISABLE_HTTP_GIT = false
|
||||
DISABLE_HTTP_GIT = false
|
||||
; Value for Access-Control-Allow-Origin header, default is not to present
|
||||
; WARNING: This maybe harmful to you website if you do not give it a right value.
|
||||
ACCESS_CONTROL_ALLOW_ORIGIN =
|
||||
ACCESS_CONTROL_ALLOW_ORIGIN =
|
||||
; Force ssh:// clone url instead of scp-style uri when default SSH port is used
|
||||
USE_COMPAT_SSH_URI = false
|
||||
USE_COMPAT_SSH_URI = false
|
||||
; Close issues as long as a commit on any branch marks it as fixed
|
||||
DEFAULT_CLOSE_ISSUES_VIA_COMMITS_IN_ANY_BRANCH = false
|
||||
|
||||
[repository.editor]
|
||||
; List of file extensions for which lines should be wrapped in the CodeMirror editor
|
||||
; Separate extensions with a comma. To line wrap files without an extension, just put a comma
|
||||
LINE_WRAP_EXTENSIONS = .txt,.md,.markdown,.mdown,.mkd,
|
||||
LINE_WRAP_EXTENSIONS = .txt,.md,.markdown,.mdown,.mkd,
|
||||
; Valid file modes that have a preview API associated with them, such as api/v1/markdown
|
||||
; Separate the values by commas. The preview tab in edit mode won't be displayed if the file extension doesn't match
|
||||
PREVIEWABLE_FILE_MODES = markdown
|
||||
@ -49,15 +50,15 @@ LOCAL_WIKI_PATH = tmp/local-wiki
|
||||
|
||||
[repository.upload]
|
||||
; Whether repository file uploads are enabled. Defaults to `true`
|
||||
ENABLED = true
|
||||
ENABLED = true
|
||||
; Path for uploads. Defaults to `data/tmp/uploads` (tmp gets deleted on gitea restart)
|
||||
TEMP_PATH = data/tmp/uploads
|
||||
TEMP_PATH = data/tmp/uploads
|
||||
; One or more allowed types, e.g. image/jpeg|image/png. Nothing means any file type
|
||||
ALLOWED_TYPES =
|
||||
; Max size of each file in megabytes. Defaults to 3MB
|
||||
FILE_MAX_SIZE = 3
|
||||
; Max number of files per upload. Defaults to 5
|
||||
MAX_FILES = 5
|
||||
MAX_FILES = 5
|
||||
|
||||
[repository.pull-request]
|
||||
; List of prefixes used in Pull Request title to mark them as Work In Progress
|
||||
@ -70,138 +71,138 @@ LOCK_REASONS = Too heated,Off-topic,Resolved,Spam
|
||||
[cors]
|
||||
; More information about CORS can be found here: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#The_HTTP_response_headers
|
||||
; enable cors headers (disabled by default)
|
||||
ENABLED = false
|
||||
ENABLED = false
|
||||
; scheme of allowed requests
|
||||
SCHEME = http
|
||||
SCHEME = http
|
||||
; list of requesting domains that are allowed
|
||||
ALLOW_DOMAIN = *
|
||||
ALLOW_DOMAIN = *
|
||||
; allow subdomains of headers listed above to request
|
||||
ALLOW_SUBDOMAIN = false
|
||||
ALLOW_SUBDOMAIN = false
|
||||
; list of methods allowed to request
|
||||
METHODS = GET,HEAD,POST,PUT,PATCH,DELETE,OPTIONS
|
||||
METHODS = GET,HEAD,POST,PUT,PATCH,DELETE,OPTIONS
|
||||
; max time to cache response
|
||||
MAX_AGE = 10m
|
||||
MAX_AGE = 10m
|
||||
; allow request with credentials
|
||||
ALLOW_CREDENTIALS = false
|
||||
|
||||
[ui]
|
||||
; Number of repositories that are displayed on one explore page
|
||||
EXPLORE_PAGING_NUM = 20
|
||||
EXPLORE_PAGING_NUM = 20
|
||||
; Number of issues that are displayed on one page
|
||||
ISSUE_PAGING_NUM = 10
|
||||
ISSUE_PAGING_NUM = 10
|
||||
; Number of maximum commits displayed in one activity feed
|
||||
FEED_MAX_COMMIT_NUM = 5
|
||||
FEED_MAX_COMMIT_NUM = 5
|
||||
; Number of maximum commits displayed in commit graph.
|
||||
GRAPH_MAX_COMMIT_NUM = 100
|
||||
GRAPH_MAX_COMMIT_NUM = 100
|
||||
; Number of line of codes shown for a code comment
|
||||
CODE_COMMENT_LINES = 4
|
||||
CODE_COMMENT_LINES = 4
|
||||
; Value of `theme-color` meta tag, used by Android >= 5.0
|
||||
; An invalid color like "none" or "disable" will have the default style
|
||||
; More info: https://developers.google.com/web/updates/2014/11/Support-for-theme-color-in-Chrome-39-for-Android
|
||||
THEME_COLOR_META_TAG = `#ff0000`
|
||||
THEME_COLOR_META_TAG = `#ff0000`
|
||||
; Max size of files to be displayed (default is 8MiB)
|
||||
MAX_DISPLAY_FILE_SIZE = 8388608
|
||||
MAX_DISPLAY_FILE_SIZE = 8388608
|
||||
; Whether the email of the user should be shown in the Explore Users page
|
||||
SHOW_USER_EMAIL = true
|
||||
SHOW_USER_EMAIL = true
|
||||
; Set the default theme for the Gitea install
|
||||
DEFAULT_THEME = aninix
|
||||
DEFAULT_THEME = aninix
|
||||
; All available themes. Allow users select personalized themes regardless of the value of `DEFAULT_THEME`.
|
||||
THEMES = gitea,arc-green,aninix
|
||||
THEMES = gitea,arc-green,aninix
|
||||
; Whether the full name of the users should be shown where possible. If the full name isn't set, the username will be used.
|
||||
DEFAULT_SHOW_FULL_NAME = false
|
||||
|
||||
[ui.admin]
|
||||
; Number of users that are displayed on one page
|
||||
USER_PAGING_NUM = 50
|
||||
USER_PAGING_NUM = 50
|
||||
; Number of repos that are displayed on one page
|
||||
REPO_PAGING_NUM = 50
|
||||
REPO_PAGING_NUM = 50
|
||||
; Number of notices that are displayed on one page
|
||||
NOTICE_PAGING_NUM = 25
|
||||
; Number of organizations that are displayed on one page
|
||||
ORG_PAGING_NUM = 50
|
||||
ORG_PAGING_NUM = 50
|
||||
|
||||
[ui.user]
|
||||
; Number of repos that are displayed on one page
|
||||
REPO_PAGING_NUM = 15
|
||||
|
||||
[ui.meta]
|
||||
AUTHOR = AniNIX::Foundation
|
||||
DESCRIPTION = AniNIX::Foundation \\ Code, documentation, and information sharing powered by Gitea (git with a cup of tea)
|
||||
KEYWORDS = go,git,self-hosted,gitea,aninix,aninix::foundation
|
||||
AUTHOR = AniNIX/Foundation
|
||||
DESCRIPTION = AniNIX/Foundation | Code, documentation, and information sharing powered by Gitea (git with a cup of tea)
|
||||
KEYWORDS = go,git,self-hosted,gitea,aninix,aninix::foundation
|
||||
|
||||
[markdown]
|
||||
; Enable hard line break extension
|
||||
ENABLE_HARD_LINE_BREAK = false
|
||||
; List of custom URL-Schemes that are allowed as links when rendering Markdown
|
||||
; for example git,magnet
|
||||
CUSTOM_URL_SCHEMES =
|
||||
CUSTOM_URL_SCHEMES =
|
||||
; List of file extensions that should be rendered/edited as Markdown
|
||||
; Separate the extensions with a comma. To render files without any extension as markdown, just put a comma
|
||||
FILE_EXTENSIONS = .md,.markdown,.mdown,.mkd
|
||||
FILE_EXTENSIONS = .md,.markdown,.mdown,.mkd
|
||||
|
||||
[server]
|
||||
; The protocol the server listens on. One of 'http', 'https', 'unix' or 'fcgi'.
|
||||
PROTOCOL = http
|
||||
DOMAIN = {{ external_domain }}
|
||||
ROOT_URL = https://{{ external_domain }}/
|
||||
PROTOCOL = http
|
||||
DOMAIN = {{ external_domain }}
|
||||
ROOT_URL = https://{{ external_domain }}/
|
||||
; The address to listen on. Either a IPv4/IPv6 address or the path to a unix socket.
|
||||
HTTP_ADDR = 0.0.0.0
|
||||
HTTP_PORT = 3000
|
||||
HTTP_ADDR = 0.0.0.0
|
||||
HTTP_PORT = 3000
|
||||
; If REDIRECT_OTHER_PORT is true, and PROTOCOL is set to https an http server
|
||||
; will be started on PORT_TO_REDIRECT and it will redirect plain, non-secure http requests to the main
|
||||
; ROOT_URL. Defaults are false for REDIRECT_OTHER_PORT and 80 for
|
||||
; PORT_TO_REDIRECT.
|
||||
REDIRECT_OTHER_PORT = false
|
||||
PORT_TO_REDIRECT = 3000
|
||||
REDIRECT_OTHER_PORT = false
|
||||
PORT_TO_REDIRECT = 3000
|
||||
; Permission for unix socket
|
||||
UNIX_SOCKET_PERMISSION = 660
|
||||
UNIX_SOCKET_PERMISSION = 660
|
||||
; Local (DMZ) URL for Gitea workers (such as SSH update) accessing web service.
|
||||
; In most cases you do not need to change the default value.
|
||||
; Alter it only if your SSH server node is not the same as HTTP node.
|
||||
; Do not set this variable if PROTOCOL is set to 'unix'.
|
||||
LOCAL_ROOT_URL = %(PROTOCOL)s://%(HTTP_ADDR)s:%(HTTP_PORT)s/
|
||||
LOCAL_ROOT_URL = %(PROTOCOL)s://%(HTTP_ADDR)s:%(HTTP_PORT)s/
|
||||
; Disable SSH feature when not available
|
||||
DISABLE_SSH = false
|
||||
DISABLE_SSH = false
|
||||
; Whether to use the builtin SSH server or not.
|
||||
START_SSH_SERVER = false
|
||||
START_SSH_SERVER = false
|
||||
; Username to use for the builtin SSH server. If blank, then it is the value of RUN_USER.
|
||||
BUILTIN_SSH_SERVER_USER =
|
||||
BUILTIN_SSH_SERVER_USER =
|
||||
; Domain name to be exposed in clone URL
|
||||
SSH_DOMAIN = foundation.aninix.net
|
||||
SSH_DOMAIN = foundation.aninix.net
|
||||
; The network interface the builtin SSH server should listen on
|
||||
SSH_LISTEN_HOST =
|
||||
SSH_LISTEN_HOST =
|
||||
; Port number to be exposed in clone URL
|
||||
SSH_PORT = 22
|
||||
SSH_PORT = 22
|
||||
; The port number the builtin SSH server should listen on
|
||||
SSH_LISTEN_PORT = %(SSH_PORT)s
|
||||
SSH_LISTEN_PORT = %(SSH_PORT)s
|
||||
; Root path of SSH directory, default is '~/.ssh', but you have to use '/home/git/.ssh'.
|
||||
SSH_ROOT_PATH =
|
||||
SSH_ROOT_PATH =
|
||||
; Gitea will create a authorized_keys file by default when it is not using the internal ssh server
|
||||
; If you intend to use the AuthorizedKeysCommand functionality then you should turn this off.
|
||||
SSH_CREATE_AUTHORIZED_KEYS_FILE = true
|
||||
; For the built-in SSH server, choose the ciphers to support for SSH connections,
|
||||
; for system SSH this setting has no effect
|
||||
SSH_SERVER_CIPHERS = aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, arcfour256, arcfour128
|
||||
SSH_SERVER_CIPHERS = aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, arcfour256, arcfour128
|
||||
; For the built-in SSH server, choose the key exchange algorithms to support for SSH connections,
|
||||
; for system SSH this setting has no effect
|
||||
SSH_SERVER_KEY_EXCHANGES = diffie-hellman-group1-sha1, diffie-hellman-group14-sha1, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, curve25519-sha256@libssh.org
|
||||
SSH_SERVER_KEY_EXCHANGES = diffie-hellman-group1-sha1, diffie-hellman-group14-sha1, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, curve25519-sha256@libssh.org
|
||||
; For the built-in SSH server, choose the MACs to support for SSH connections,
|
||||
; for system SSH this setting has no effect
|
||||
SSH_SERVER_MACS = hmac-sha2-256-etm@openssh.com, hmac-sha2-256, hmac-sha1, hmac-sha1-96
|
||||
SSH_SERVER_MACS = hmac-sha2-256-etm@openssh.com, hmac-sha2-256, hmac-sha1, hmac-sha1-96
|
||||
; Directory to create temporary files in when testing public keys using ssh-keygen,
|
||||
; default is the system temporary directory.
|
||||
SSH_KEY_TEST_PATH =
|
||||
SSH_KEY_TEST_PATH =
|
||||
; Path to ssh-keygen, default is 'ssh-keygen' which means the shell is responsible for finding out which one to call.
|
||||
SSH_KEYGEN_PATH = ssh-keygen
|
||||
SSH_KEYGEN_PATH = ssh-keygen
|
||||
; Enable SSH Authorized Key Backup when rewriting all keys, default is true
|
||||
SSH_BACKUP_AUTHORIZED_KEYS = true
|
||||
SSH_BACKUP_AUTHORIZED_KEYS = true
|
||||
; Enable exposure of SSH clone URL to anonymous visitors, default is false
|
||||
SSH_EXPOSE_ANONYMOUS = false
|
||||
SSH_EXPOSE_ANONYMOUS = false
|
||||
; Indicate whether to check minimum key size with corresponding type
|
||||
MINIMUM_KEY_SIZE_CHECK = false
|
||||
MINIMUM_KEY_SIZE_CHECK = false
|
||||
; Disable CDN even in "prod" mode
|
||||
OFFLINE_MODE = true
|
||||
DISABLE_ROUTER_LOG = false
|
||||
OFFLINE_MODE = true
|
||||
DISABLE_ROUTER_LOG = false
|
||||
; Generate steps:
|
||||
; $ ./gitea cert -ca=true -duration=8760h0m0s -host=myhost.example.com
|
||||
;
|
||||
@ -209,30 +210,30 @@ DISABLE_ROUTER_LOG = false
|
||||
; not forget to export the private key):
|
||||
; $ openssl pkcs12 -in cert.pfx -out cert.pem -nokeys
|
||||
; $ openssl pkcs12 -in cert.pfx -out key.pem -nocerts -nodes
|
||||
CERT_FILE = custom/https/cert.pem
|
||||
KEY_FILE = custom/https/key.pem
|
||||
CERT_FILE = custom/https/cert.pem
|
||||
KEY_FILE = custom/https/key.pem
|
||||
; Root directory containing templates and static files.
|
||||
; default is the path where Gitea is executed
|
||||
STATIC_ROOT_PATH = /usr/share/gitea
|
||||
STATIC_ROOT_PATH = /usr/share/gitea
|
||||
; Default path for App data
|
||||
APP_DATA_PATH = data
|
||||
APP_DATA_PATH = data
|
||||
; Application level GZIP support
|
||||
ENABLE_GZIP = false
|
||||
ENABLE_GZIP = false
|
||||
; Application profiling (memory and cpu)
|
||||
; For "web" command it listens on localhost:6060
|
||||
; For "serve" command it dumps to disk at PPROF_DATA_PATH as (cpuprofile|memprofile)_<username>_<temporary id>
|
||||
ENABLE_PPROF = false
|
||||
ENABLE_PPROF = false
|
||||
; PPROF_DATA_PATH, use an absolute path when you start gitea as service
|
||||
PPROF_DATA_PATH = data/tmp/pprof
|
||||
PPROF_DATA_PATH = data/tmp/pprof
|
||||
; Landing page, can be "home", "explore", or "organizations"
|
||||
LANDING_PAGE = home
|
||||
LANDING_PAGE = home
|
||||
; Enables git-lfs support. true or false, default is false.
|
||||
LFS_START_SERVER = true
|
||||
LFS_START_SERVER = true
|
||||
; Where your lfs files reside, default is data/lfs.
|
||||
; LFS authentication secret, change this yourself
|
||||
LFS_JWT_SECRET = {{ secrets.Foundation.lfs_jwt_secret }}
|
||||
LFS_JWT_SECRET = {{ secrets.Foundation.lfs_jwt_secret }}
|
||||
; LFS authentication validity period (in time.Duration), pushes taking longer than this may fail.
|
||||
LFS_HTTP_AUTH_EXPIRY = 20m
|
||||
LFS_HTTP_AUTH_EXPIRY = 20m
|
||||
|
||||
[lfs]
|
||||
PATH = data/lfs
|
||||
@ -240,47 +241,47 @@ PATH = data/lfs
|
||||
; Define allowed algorithms and their minimum key length (use -1 to disable a type)
|
||||
[ssh.minimum_key_sizes]
|
||||
ED25519 = 256
|
||||
ECDSA = 256
|
||||
RSA = 2048
|
||||
DSA = 1024
|
||||
ECDSA = 256
|
||||
RSA = 2048
|
||||
DSA = 1024
|
||||
|
||||
[database]
|
||||
; Either "mysql", "postgres", "mssql" or "sqlite3", it's your choice
|
||||
DB_TYPE = postgres
|
||||
HOST = 127.0.0.1:5432
|
||||
NAME = gitea
|
||||
USER = gitea
|
||||
DB_TYPE = postgres
|
||||
HOST = 127.0.0.1:5432
|
||||
NAME = gitea
|
||||
USER = gitea
|
||||
; Use PASSWD = `your password` for quoting if you use special characters in the password.
|
||||
PASSWD = {{ secrets.Foundation.database_password }}
|
||||
PASSWD = {{ secrets.Foundation.database_password }}
|
||||
; For Postgres, either "disable" (default), "require", or "verify-full"
|
||||
; For MySQL, either "false" (default), "true", or "skip-verify"
|
||||
SSL_MODE = disable
|
||||
SSL_MODE = disable
|
||||
; For MySQL only, either "utf8" or "utf8mb4", default is "utf8".
|
||||
; NOTICE: for "utf8mb4" you must use MySQL InnoDB > 5.6. Gitea is unable to check this.
|
||||
CHARSET = utf8
|
||||
CHARSET = utf8
|
||||
; For "sqlite3" and "tidb", use an absolute path when you start gitea as service
|
||||
PATH = data/gitea.db
|
||||
PATH = data/gitea.db
|
||||
; For "sqlite3" only. Query timeout
|
||||
SQLITE_TIMEOUT = 500
|
||||
SQLITE_TIMEOUT = 500
|
||||
; For iterate buffer, default is 50
|
||||
ITERATE_BUFFER_SIZE = 50
|
||||
; Show the database generated SQL
|
||||
LOG_SQL = false
|
||||
LOG_SQL = false
|
||||
; Maximum number of DB Connect retries
|
||||
DB_RETRIES = 10
|
||||
DB_RETRIES = 10
|
||||
; Backoff time per DB retry (time.Duration)
|
||||
DB_RETRY_BACKOFF = 3s
|
||||
DB_RETRY_BACKOFF = 3s
|
||||
|
||||
[indexer]
|
||||
; Issue indexer type, currently support: bleve or db, default is bleve
|
||||
ISSUE_INDEXER_TYPE = bleve
|
||||
ISSUE_INDEXER_TYPE = bleve
|
||||
; Issue indexer storage path, available when ISSUE_INDEXER_TYPE is bleve
|
||||
ISSUE_INDEXER_PATH = indexers/issues.bleve
|
||||
ISSUE_INDEXER_PATH = indexers/issues.bleve
|
||||
; When `ISSUE_INDEXER_QUEUE_TYPE` is `redis`, this will store the redis connection string.
|
||||
; repo indexer by default disabled, since it uses a lot of disk space
|
||||
REPO_INDEXER_ENABLED = false
|
||||
REPO_INDEXER_PATH = indexers/repos.bleve
|
||||
MAX_FILE_SIZE = 1048576
|
||||
REPO_INDEXER_ENABLED = false
|
||||
REPO_INDEXER_PATH = indexers/repos.bleve
|
||||
MAX_FILE_SIZE = 1048576
|
||||
|
||||
[admin]
|
||||
; Disallow regular (non-admin) users from creating organizations.
|
||||
@ -288,23 +289,23 @@ DISABLE_REGULAR_ORG_CREATION = true
|
||||
|
||||
[security]
|
||||
; Whether the installer is disabled
|
||||
INSTALL_LOCK = true
|
||||
INSTALL_LOCK = true
|
||||
; !!CHANGE THIS TO KEEP YOUR USER DATA SAFE!!
|
||||
SECRET_KEY = {{ secrets.Foundation.secret_key }}
|
||||
SECRET_KEY = {{ secrets.Foundation.secret_key }}
|
||||
; How long to remember that an user is logged in before requiring relogin (in days)
|
||||
LOGIN_REMEMBER_DAYS = 7
|
||||
COOKIE_USERNAME = gitea_awesome
|
||||
COOKIE_REMEMBER_NAME = gitea_incredible
|
||||
LOGIN_REMEMBER_DAYS = 7
|
||||
COOKIE_USERNAME = gitea_awesome
|
||||
COOKIE_REMEMBER_NAME = gitea_incredible
|
||||
; Reverse proxy authentication header name of user name
|
||||
REVERSE_PROXY_AUTHENTICATION_USER = X-WEBAUTH-USER
|
||||
REVERSE_PROXY_AUTHENTICATION_USER = X-WEBAUTH-USER
|
||||
REVERSE_PROXY_AUTHENTICATION_EMAIL = X-WEBAUTH-EMAIL
|
||||
; The minimum password length for new Users
|
||||
MIN_PASSWORD_LENGTH = 6
|
||||
MIN_PASSWORD_LENGTH = 6
|
||||
; Set to true to allow users to import local server paths
|
||||
IMPORT_LOCAL_PATHS = false
|
||||
IMPORT_LOCAL_PATHS = false
|
||||
; Set to true to prevent all users (including admin) from creating custom git hooks
|
||||
DISABLE_GIT_HOOKS = false
|
||||
INTERNAL_TOKEN = {{ secrets.Foundation.internal_token }}
|
||||
DISABLE_GIT_HOOKS = false
|
||||
INTERNAL_TOKEN = {{ secrets.Foundation.internal_token }}
|
||||
|
||||
[openid]
|
||||
;
|
||||
@ -333,164 +334,164 @@ ENABLE_OPENID_SIGNIN = FALSE
|
||||
; Space separated.
|
||||
; Only these would be allowed if non-blank.
|
||||
; Example value: trusted.domain.org trusted.domain.net
|
||||
WHITELISTED_URIS =
|
||||
WHITELISTED_URIS =
|
||||
; Forbidden URI patterns (POSIX regexp).
|
||||
; Space separated.
|
||||
; Only used if WHITELISTED_URIS is blank.
|
||||
; Example value: loadaverage.org/badguy stackexchange.com/.*spammer
|
||||
BLACKLISTED_URIS =
|
||||
BLACKLISTED_URIS =
|
||||
ENABLE_OPENID_SIGNUP = false
|
||||
|
||||
[service]
|
||||
; Time limit to confirm account/email registration
|
||||
ACTIVE_CODE_LIVE_MINUTES = 180
|
||||
ACTIVE_CODE_LIVE_MINUTES = 180
|
||||
; Time limit to perform the reset of a forgotten password
|
||||
RESET_PASSWD_CODE_LIVE_MINUTES = 180
|
||||
RESET_PASSWD_CODE_LIVE_MINUTES = 180
|
||||
; Whether a new user needs to confirm their email when registering.
|
||||
REGISTER_EMAIL_CONFIRM = false
|
||||
REGISTER_EMAIL_CONFIRM = false
|
||||
; List of domain names that are allowed to be used to register on a Gitea instance
|
||||
; gitea.io,example.com
|
||||
EMAIL_DOMAIN_ALLOWLIST =
|
||||
EMAIL_DOMAIN_ALLOWLIST =
|
||||
; Disallow registration, only allow admins to create accounts.
|
||||
DISABLE_REGISTRATION = true
|
||||
DISABLE_REGISTRATION = true
|
||||
; Allow registration only using third-party services, it works only when DISABLE_REGISTRATION is false
|
||||
ALLOW_ONLY_EXTERNAL_REGISTRATION = false
|
||||
ALLOW_ONLY_EXTERNAL_REGISTRATION = false
|
||||
; User must sign in to view anything.
|
||||
REQUIRE_SIGNIN_VIEW = false
|
||||
REQUIRE_SIGNIN_VIEW = false
|
||||
; Mail notification
|
||||
ENABLE_NOTIFY_MAIL = false
|
||||
ENABLE_NOTIFY_MAIL = false
|
||||
; More detail: https://github.com/gogits/gogs/issues/165
|
||||
ENABLE_REVERSE_PROXY_AUTHENTICATION = false
|
||||
ENABLE_REVERSE_PROXY_AUTO_REGISTRATION = false
|
||||
ENABLE_REVERSE_PROXY_EMAIL = false
|
||||
ENABLE_REVERSE_PROXY_AUTHENTICATION = false
|
||||
ENABLE_REVERSE_PROXY_AUTO_REGISTRATION = false
|
||||
ENABLE_REVERSE_PROXY_EMAIL = false
|
||||
; Enable captcha validation for registration
|
||||
ENABLE_CAPTCHA = false
|
||||
ENABLE_CAPTCHA = false
|
||||
; Type of captcha you want to use. Options: image, recaptcha
|
||||
CAPTCHA_TYPE = image
|
||||
CAPTCHA_TYPE = image
|
||||
; Enable recaptcha to use Google's recaptcha service
|
||||
; Go to https://www.google.com/recaptcha/admin to sign up for a key
|
||||
RECAPTCHA_SECRET =
|
||||
RECAPTCHA_SITEKEY =
|
||||
RECAPTCHA_SECRET =
|
||||
RECAPTCHA_SITEKEY =
|
||||
; Change this to use recaptcha.net or other recaptcha service
|
||||
RECAPTCHA_URL = https://www.google.com/recaptcha/
|
||||
RECAPTCHA_URL = https://www.google.com/recaptcha/
|
||||
; Default value for KeepEmailPrivate
|
||||
; Each new user will get the value of this setting copied into their profile
|
||||
DEFAULT_KEEP_EMAIL_PRIVATE = false
|
||||
DEFAULT_KEEP_EMAIL_PRIVATE = false
|
||||
; Default value for AllowCreateOrganization
|
||||
; Every new user will have rights set to create organizations depending on this setting
|
||||
DEFAULT_ALLOW_CREATE_ORGANIZATION = false
|
||||
DEFAULT_ALLOW_CREATE_ORGANIZATION = false
|
||||
; Either "public", "limited" or "private", default is "public"
|
||||
; Limited is for signed user only
|
||||
; Private is only for member of the organization
|
||||
; Public is for everyone
|
||||
DEFAULT_ORG_VISIBILITY = public
|
||||
DEFAULT_ORG_VISIBILITY = public
|
||||
; Default value for EnableDependencies
|
||||
; Repositories will use dependencies by default depending on this setting
|
||||
DEFAULT_ENABLE_DEPENDENCIES = true
|
||||
DEFAULT_ENABLE_DEPENDENCIES = true
|
||||
; Enable heatmap on users profiles.
|
||||
ENABLE_USER_HEATMAP = true
|
||||
ENABLE_USER_HEATMAP = true
|
||||
; Enable Timetracking
|
||||
ENABLE_TIMETRACKING = true
|
||||
ENABLE_TIMETRACKING = true
|
||||
; Default value for EnableTimetracking
|
||||
; Repositories will use timetracking by default depending on this setting
|
||||
DEFAULT_ENABLE_TIMETRACKING = true
|
||||
DEFAULT_ENABLE_TIMETRACKING = true
|
||||
; Default value for AllowOnlyContributorsToTrackTime
|
||||
; Only users with write permissions can track time if this is true
|
||||
DEFAULT_ALLOW_ONLY_CONTRIBUTORS_TO_TRACK_TIME = true
|
||||
; Default value for the domain part of the user's email address in the git log
|
||||
; if he has set KeepEmailPrivate to true. The user's email will be replaced with a
|
||||
; concatenation of the user name in lower case, "@" and NO_REPLY_ADDRESS.
|
||||
NO_REPLY_ADDRESS = noreply.aninix.net
|
||||
NO_REPLY_ADDRESS = noreply.aninix.net
|
||||
; Show Registration button
|
||||
SHOW_REGISTRATION_BUTTON = true
|
||||
SHOW_REGISTRATION_BUTTON = true
|
||||
; Default value for AutoWatchNewRepos
|
||||
; When adding a repo to a team or creating a new repo all team members will watch the
|
||||
; repo automatically if enabled
|
||||
AUTO_WATCH_NEW_REPOS = true
|
||||
AUTO_WATCH_NEW_REPOS = true
|
||||
|
||||
[webhook]
|
||||
; Hook task queue length, increase if webhook shooting starts hanging
|
||||
QUEUE_LENGTH = 1000
|
||||
QUEUE_LENGTH = 1000
|
||||
; Deliver timeout in seconds
|
||||
DELIVER_TIMEOUT = 5
|
||||
; Allow insecure certification
|
||||
SKIP_TLS_VERIFY = false
|
||||
; Number of history information in each page
|
||||
PAGING_NUM = 10
|
||||
PAGING_NUM = 10
|
||||
ALLOWED_HOST_LIST = ::1/128, 127.0.0.1/32
|
||||
|
||||
; We don't use mail
|
||||
[mailer]
|
||||
ENABLED = false
|
||||
ENABLED = false
|
||||
|
||||
[cache]
|
||||
; Either "memory", "redis", or "memcache", default is "memory"
|
||||
ADAPTER = memory
|
||||
ADAPTER = memory
|
||||
; For "memory" only, GC interval in seconds, default is 60
|
||||
INTERVAL = 60
|
||||
; For "redis" and "memcache", connection host address
|
||||
; redis: network=tcp,addr=:6379,password=macaron,db=0,pool_size=100,idle_timeout=180
|
||||
; memcache: `127.0.0.1:11211`
|
||||
HOST =
|
||||
HOST =
|
||||
; Time to keep items in cache if not used, default is 16 hours.
|
||||
; Setting it to 0 disables caching
|
||||
ITEM_TTL = 16h
|
||||
|
||||
[session]
|
||||
; Either "memory", "file", or "redis", default is "memory"
|
||||
PROVIDER = file
|
||||
PROVIDER = file
|
||||
; Provider config options
|
||||
; memory: doesn't have any config yet
|
||||
; file: session file path, e.g. `data/sessions`
|
||||
; redis: network=tcp,addr=:6379,password=macaron,db=0,pool_size=100,idle_timeout=180
|
||||
; mysql: go-sql-driver/mysql dsn config string, e.g. `root:password@/session_table`
|
||||
PROVIDER_CONFIG = data/sessions
|
||||
PROVIDER_CONFIG = data/sessions
|
||||
; Session cookie name
|
||||
COOKIE_NAME = i_like_gitea
|
||||
COOKIE_NAME = i_like_gitea
|
||||
; If you use session in https only, default is false
|
||||
COOKIE_SECURE = false
|
||||
COOKIE_SECURE = true
|
||||
; Enable set cookie, default is true
|
||||
ENABLE_SET_COOKIE = true
|
||||
; Session GC time interval in seconds, default is 86400 (1 day)
|
||||
GC_INTERVAL_TIME = 86400
|
||||
GC_INTERVAL_TIME = 86400
|
||||
; Session life time in seconds, default is 86400 (1 day)
|
||||
SESSION_LIFE_TIME = 86400
|
||||
|
||||
[picture]
|
||||
AVATAR_UPLOAD_PATH = data/avatars
|
||||
REPOSITORY_AVATAR_UPLOAD_PATH = data/repo-avatars
|
||||
AVATAR_UPLOAD_PATH = avatars
|
||||
REPOSITORY_AVATAR_UPLOAD_PATH = repo-avatars
|
||||
; How Gitea deals with missing repository avatars
|
||||
; none = no avatar will be displayed; random = random avatar will be displayed; image = default image will be used
|
||||
REPOSITORY_AVATAR_FALLBACK = none
|
||||
REPOSITORY_AVATAR_FALLBACK = none
|
||||
REPOSITORY_AVATAR_FALLBACK_IMAGE = /img/repo_default.png
|
||||
; Max Width and Height of uploaded avatars.
|
||||
; This is to limit the amount of RAM used when resizing the image.
|
||||
AVATAR_MAX_WIDTH = 4096
|
||||
AVATAR_MAX_HEIGHT = 3072
|
||||
AVATAR_MAX_WIDTH = 4096
|
||||
AVATAR_MAX_HEIGHT = 3072
|
||||
; Maximum alloved file size for uploaded avatars.
|
||||
; This is to limit the amount of RAM used when resizing the image.
|
||||
AVATAR_MAX_FILE_SIZE = 1048576
|
||||
AVATAR_MAX_FILE_SIZE = 1048576
|
||||
; Chinese users can choose "duoshuo"
|
||||
; or a custom avatar source, like: http://cn.gravatar.com/avatar/
|
||||
GRAVATAR_SOURCE = gravatar
|
||||
GRAVATAR_SOURCE = gravatar
|
||||
; This value will always be true in offline mode.
|
||||
DISABLE_GRAVATAR = true
|
||||
DISABLE_GRAVATAR = true
|
||||
; Federated avatar lookup uses DNS to discover avatar associated
|
||||
; with emails, see https://www.libravatar.org
|
||||
; This value will always be false in offline mode or when Gravatar is disabled.
|
||||
ENABLE_FEDERATED_AVATAR = false
|
||||
ENABLE_FEDERATED_AVATAR = false
|
||||
|
||||
[attachment]
|
||||
; Whether attachments are enabled. Defaults to `true`
|
||||
ENABLED = true
|
||||
ENABLED = true
|
||||
; Path for attachments. Defaults to `data/attachments`
|
||||
PATH = data/attachments
|
||||
PATH = data/attachments
|
||||
; One or more allowed types, e.g. image/jpeg|image/png
|
||||
ALLOWED_TYPES = image/jpeg|image/png|application/zip|application/gzip
|
||||
; Max size of each file. Defaults to 4MB
|
||||
MAX_SIZE = 4
|
||||
MAX_SIZE = 4
|
||||
; Max number of files per upload. Defaults to 5
|
||||
MAX_FILES = 5
|
||||
MAX_FILES = 5
|
||||
|
||||
[time]
|
||||
; Specifies the format for fully outputted dates. Defaults to RFC1123
|
||||
@ -499,33 +500,28 @@ MAX_FILES = 5
|
||||
FORMAT =
|
||||
|
||||
[log]
|
||||
ROOT_PATH = %(GITEA_WORK_DIR)/log
|
||||
ROOT_PATH = /var/log/gitea/
|
||||
; Either "console", "file", "conn", "smtp" or "database", default is "console"
|
||||
; Use comma to separate multiple modes, e.g. "console, file"
|
||||
MODE = console
|
||||
LEVEL = Info
|
||||
; Either "Trace", "Debug", "Info", "Warn", "Error", "Critical", default is "Trace"
|
||||
LEVEL = Warn
|
||||
; Either "Trace", "Debug", "Info", "Warn", "Error", "Critical", default is "None"
|
||||
STACKTRACE_LEVEL = None
|
||||
logger.router.MODE = ,
|
||||
logger.xorm.MODE = ,
|
||||
logger.access.MODE =
|
||||
ROOT_PATH = /var/log/gitea/
|
||||
; Either "console", "file", "conn", "smtp" or "database", default is "console"
|
||||
; Use comma to separate multiple modes, e.g. "console, file"
|
||||
MODE = console
|
||||
logger.access.MODE = console
|
||||
; Buffer length of the channel, keep it as it is if you don't know what it is.
|
||||
BUFFER_LEN = 10000
|
||||
BUFFER_LEN = 10000
|
||||
; Either "Trace", "Debug", "Info", "Warn", "Error", "Critical", default is "Info"
|
||||
ACCESS_LOG_TEMPLATE = {{ '{{' }}.Ctx.RemoteAddr{{ '}}' }} - {{ '{{' }}.Identity{{ '}}' }} {{ '{{' }}.Start.Format "[02/Jan/2006:15:04:05 -0700]" {{ '}}' }} "{{ '{{' }}.Ctx.Req.Method{{ '}}' }} {{ '{{' }}.Ctx.Req.RequestURI{{ '}}' }} {{ '{{' }}.Ctx.Req.Proto{{ '}}' }}" {{ '{{' }}.ResponseWriter.Status{{ '}}' }} {{ '{{' }}.ResponseWriter.Size{{ '}}' }} "{{ '{{' }}.Ctx.Req.Referer{{ '}}' }}\" \"{{ '{{' }}.Ctx.Req.UserAgent{{ '}}' }}"
|
||||
logger.access.MODE = console
|
||||
; Either "Trace", "Debug", "Info", "Warn", "Error", "Critical", default is "Trace"
|
||||
LEVEL = Info
|
||||
; Either "Trace", "Debug", "Info", "Warn", "Error", "Critical", default is "None"
|
||||
STACKTRACE_LEVEL = Critical
|
||||
;ACCESS_LOG_TEMPLATE =
|
||||
|
||||
; Generic log modes
|
||||
[log.x]
|
||||
FLAGS = stdflags
|
||||
FLAGS = stdflags
|
||||
EXPRESSION =
|
||||
PREFIX =
|
||||
COLORIZE = false
|
||||
PREFIX =
|
||||
COLORIZE = false
|
||||
|
||||
; For "console" mode only
|
||||
[log.console]
|
||||
@ -536,54 +532,54 @@ COLORIZE = true
|
||||
|
||||
; For "file" mode only
|
||||
[log.file]
|
||||
LEVEL =
|
||||
LEVEL =
|
||||
; Set the file_name for the logger. If this is a relative path this
|
||||
; will be relative to ROOT_PATH
|
||||
FILE_NAME =
|
||||
FILE_NAME =
|
||||
; This enables automated log rotate(switch of following options), default is true
|
||||
LOG_ROTATE = true
|
||||
LOG_ROTATE = true
|
||||
; Max number of lines in a single file, default is 1000000
|
||||
MAX_LINES = 1000000
|
||||
MAX_LINES = 1000000
|
||||
; Max size shift of a single file, default is 28 means 1 << 28, 256MB
|
||||
MAX_SIZE_SHIFT = 28
|
||||
MAX_SIZE_SHIFT = 28
|
||||
; Segment log daily, default is true
|
||||
DAILY_ROTATE = true
|
||||
DAILY_ROTATE = true
|
||||
; delete the log file after n days, default is 7
|
||||
MAX_DAYS = 7
|
||||
MAX_DAYS = 7
|
||||
; compress logs with gzip
|
||||
COMPRESS = true
|
||||
COMPRESS = true
|
||||
; compression level see godoc for compress/gzip
|
||||
COMPRESSION_LEVEL = -1
|
||||
|
||||
; For "conn" mode only
|
||||
[log.conn]
|
||||
LEVEL =
|
||||
LEVEL =
|
||||
; Reconnect host for every single message, default is false
|
||||
RECONNECT_ON_MSG = false
|
||||
; Try to reconnect when connection is lost, default is false
|
||||
RECONNECT = false
|
||||
RECONNECT = false
|
||||
; Either "tcp", "unix" or "udp", default is "tcp"
|
||||
PROTOCOL = tcp
|
||||
PROTOCOL = tcp
|
||||
; Host address
|
||||
ADDR =
|
||||
ADDR =
|
||||
|
||||
; For "smtp" mode only
|
||||
[log.smtp]
|
||||
LEVEL =
|
||||
LEVEL =
|
||||
; Name displayed in mail title, default is "Diagnostic message from server"
|
||||
SUBJECT = Diagnostic message from server
|
||||
SUBJECT = Diagnostic message from server
|
||||
; Mail server
|
||||
HOST =
|
||||
HOST =
|
||||
; Mailer user name and password
|
||||
USER =
|
||||
USER =
|
||||
; Use PASSWD = `your password` for quoting if you use special characters in the password.
|
||||
PASSWD =
|
||||
PASSWD =
|
||||
; Receivers, can be one or more, e.g. 1@example.com,2@example.com
|
||||
RECEIVERS =
|
||||
|
||||
[cron]
|
||||
; Enable running cron tasks periodically.
|
||||
ENABLED = true
|
||||
ENABLED = true
|
||||
; Run cron tasks when Gitea starts.
|
||||
RUN_AT_START = false
|
||||
|
||||
@ -594,90 +590,90 @@ SCHEDULE = @every 10m
|
||||
; Repository health check
|
||||
[cron.repo_health_check]
|
||||
SCHEDULE = @every 24h
|
||||
TIMEOUT = 60s
|
||||
TIMEOUT = 60s
|
||||
; Arguments for command 'git fsck', e.g. "--unreachable --tags"
|
||||
; see more on http://git-scm.com/docs/git-fsck
|
||||
ARGS =
|
||||
ARGS =
|
||||
|
||||
; Check repository statistics
|
||||
[cron.check_repo_stats]
|
||||
RUN_AT_START = true
|
||||
SCHEDULE = @every 24h
|
||||
SCHEDULE = @every 24h
|
||||
|
||||
; Clean up old repository archives
|
||||
[cron.archive_cleanup]
|
||||
; Whether to enable the job
|
||||
ENABLED = true
|
||||
ENABLED = true
|
||||
; Whether to always run at least once at start up time (if ENABLED)
|
||||
RUN_AT_START = true
|
||||
; Time interval for job to run
|
||||
SCHEDULE = @every 24h
|
||||
SCHEDULE = @every 24h
|
||||
; Archives created more than OLDER_THAN ago are subject to deletion
|
||||
OLDER_THAN = 24h
|
||||
OLDER_THAN = 24h
|
||||
|
||||
; Synchronize external user data (only LDAP user synchronization is supported)
|
||||
[cron.sync_external_users]
|
||||
; Synchronize external user data when starting server (default false)
|
||||
RUN_AT_START = false
|
||||
RUN_AT_START = false
|
||||
; Interval as a duration between each synchronization (default every 24h)
|
||||
SCHEDULE = @every 24h
|
||||
SCHEDULE = @every 24h
|
||||
; Create new users, update existing user data and disable users that are not in external source anymore (default)
|
||||
; or only create new users if UPDATE_EXISTING is set to false
|
||||
UPDATE_EXISTING = true
|
||||
|
||||
[git]
|
||||
; Disables highlight of added and removed changes
|
||||
DISABLE_DIFF_HIGHLIGHT = false
|
||||
DISABLE_DIFF_HIGHLIGHT = false
|
||||
; Max number of lines allowed in a single file in diff view
|
||||
MAX_GIT_DIFF_LINES = 1000
|
||||
MAX_GIT_DIFF_LINES = 1000
|
||||
; Max number of allowed characters in a line in diff view
|
||||
MAX_GIT_DIFF_LINE_CHARACTERS = 5000
|
||||
; Max number of files shown in diff view
|
||||
MAX_GIT_DIFF_FILES = 100
|
||||
MAX_GIT_DIFF_FILES = 100
|
||||
; Arguments for command 'git gc', e.g. "--aggressive --auto"
|
||||
; see more on http://git-scm.com/docs/git-gc/
|
||||
GC_ARGS =
|
||||
GC_ARGS =
|
||||
; If use git wire protocol version 2 when git version >= 2.18, default is true, set to false when you always want git wire protocol version 1
|
||||
EnableAutoGitWireProtocol = true
|
||||
EnableAutoGitWireProtocol = true
|
||||
|
||||
; Operation timeout in seconds
|
||||
[git.timeout]
|
||||
DEFAULT = 360
|
||||
MIGRATE = 600
|
||||
MIRROR = 300
|
||||
CLONE = 300
|
||||
PULL = 300
|
||||
GC = 60
|
||||
MIRROR = 300
|
||||
CLONE = 300
|
||||
PULL = 300
|
||||
GC = 60
|
||||
|
||||
[mirror]
|
||||
; Default interval as a duration between each check
|
||||
DEFAULT_INTERVAL = 8h
|
||||
; Min interval as a duration must be > 1m
|
||||
MIN_INTERVAL = 10m
|
||||
MIN_INTERVAL = 10m
|
||||
|
||||
[api]
|
||||
; Enables Swagger. True or false; default is true.
|
||||
ENABLE_SWAGGER = true
|
||||
ENABLE_SWAGGER = true
|
||||
; Max number of items in a page
|
||||
MAX_RESPONSE_ITEMS = 50
|
||||
MAX_RESPONSE_ITEMS = 50
|
||||
; Default paging number of api
|
||||
DEFAULT_PAGING_NUM = 30
|
||||
DEFAULT_PAGING_NUM = 30
|
||||
; Default and maximum number of items per page for git trees api
|
||||
DEFAULT_GIT_TREES_PER_PAGE = 1000
|
||||
; Default size of a blob returned by the blobs API (default is 10MiB)
|
||||
DEFAULT_MAX_BLOB_SIZE = 10485760
|
||||
DEFAULT_MAX_BLOB_SIZE = 10485760
|
||||
|
||||
[oauth2]
|
||||
; Enables OAuth2 provider
|
||||
ENABLE = true
|
||||
ENABLE = true
|
||||
; Lifetime of an OAuth2 access token in seconds
|
||||
ACCESS_TOKEN_EXPIRATION_TIME = 3600
|
||||
ACCESS_TOKEN_EXPIRATION_TIME = 3600
|
||||
; Lifetime of an OAuth2 access token in hours
|
||||
REFRESH_TOKEN_EXPIRATION_TIME = 730
|
||||
; Check if refresh token got already used
|
||||
INVALIDATE_REFRESH_TOKENS = false
|
||||
INVALIDATE_REFRESH_TOKENS = false
|
||||
; OAuth2 authentication secret for access and refresh tokens, change this a unique string.
|
||||
JWT_SECRET = {{ secrets.Foundation.jwt_secret }}
|
||||
JWT_SECRET = {{ secrets.Foundation.jwt_secret }}
|
||||
|
||||
[i18n]
|
||||
LANGS = en-US,zh-CN,zh-HK,zh-TW,de-DE,fr-FR,nl-NL,lv-LV,ru-RU,uk-UA,ja-JP,es-ES,pt-BR,pl-PL,bg-BG,it-IT,fi-FI,tr-TR,cs-CZ,sr-SP,sv-SE,ko-KR
|
||||
@ -721,24 +717,23 @@ ko-KR = ko
|
||||
[highlight.mapping]
|
||||
|
||||
[other]
|
||||
SHOW_FOOTER_BRANDING = false
|
||||
SHOW_FOOTER_BRANDING = false
|
||||
; Show version information about Gitea and Go in the footer
|
||||
SHOW_FOOTER_VERSION = false
|
||||
SHOW_FOOTER_VERSION = false
|
||||
; Show template execution time in the footer
|
||||
SHOW_FOOTER_TEMPLATE_LOAD_TIME = true
|
||||
|
||||
[markup.asciidoc]
|
||||
ENABLED = false
|
||||
ENABLED = false
|
||||
; List of file extensions that should be rendered by an external command
|
||||
FILE_EXTENSIONS = .adoc,.asciidoc
|
||||
; External command to render all matching extensions
|
||||
RENDER_COMMAND = asciidoc --out-file=- -
|
||||
RENDER_COMMAND = asciidoc --out-file=- -
|
||||
; Don't pass the file on STDIN, pass the filename as argument instead.
|
||||
IS_INPUT_FILE = false
|
||||
IS_INPUT_FILE = false
|
||||
|
||||
[metrics]
|
||||
; Enables metrics endpoint. True or false; default is false.
|
||||
ENABLED = false
|
||||
; If you want to add authorization, specify a token here
|
||||
TOKEN =
|
||||
|
||||
TOKEN =
|
||||
|
@ -38,8 +38,8 @@
|
||||
become: yes
|
||||
register: servicesfile
|
||||
copy:
|
||||
src: services/irc.service
|
||||
dest: /usr/lib/systemd/system/irc.service
|
||||
src: services/inspircd.service
|
||||
dest: /usr/lib/systemd/system/inspircd.service
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
@ -90,7 +90,7 @@
|
||||
- name: Ensure service running
|
||||
become: yes
|
||||
service:
|
||||
name: irc
|
||||
name: inspircd
|
||||
state: started
|
||||
enabled: yes
|
||||
|
||||
@ -98,5 +98,5 @@
|
||||
become: yes
|
||||
when: templatefiles.changed or servicesfile.changed
|
||||
service:
|
||||
name: irc
|
||||
name: inspircd
|
||||
state: reloaded
|
||||
|
@ -38,8 +38,8 @@
|
||||
become: yes
|
||||
register: servicesfile
|
||||
copy:
|
||||
src: services/ircservices.service
|
||||
dest: /usr/lib/systemd/system/ircservices.service
|
||||
src: services/anope.service
|
||||
dest: /usr/lib/systemd/system/anope.service
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
@ -53,7 +53,7 @@
|
||||
- name: Ensure service running
|
||||
become: yes
|
||||
service:
|
||||
name: ircservices
|
||||
name: anope
|
||||
state: started
|
||||
enabled: yes
|
||||
|
||||
@ -61,5 +61,5 @@
|
||||
become: yes
|
||||
when: templatefiles.changed or servicesfile.changed
|
||||
service:
|
||||
name: ircservices
|
||||
name: anope
|
||||
state: reloaded
|
||||
|
@ -31,8 +31,8 @@
|
||||
become: yes
|
||||
register: servicesfile
|
||||
copy:
|
||||
src: services/ircweb.service
|
||||
dest: /usr/lib/systemd/system/ircweb.service
|
||||
src: services/kiwiirc.service
|
||||
dest: /usr/lib/systemd/system/kiwiirc.service
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
@ -46,7 +46,7 @@
|
||||
- name: Ensure service running
|
||||
become: yes
|
||||
service:
|
||||
name: ircweb
|
||||
name: kiwiirc
|
||||
state: started
|
||||
enabled: yes
|
||||
|
||||
@ -54,5 +54,5 @@
|
||||
become: yes
|
||||
when: config.changed or servicesfile.changed
|
||||
service:
|
||||
name: ircweb
|
||||
name: kiwiirc
|
||||
state: reloaded
|
||||
|
@ -9,35 +9,23 @@ https://aur.archlinux.org/brscan4.git
|
||||
https://aur.archlinux.org/carbonyl-bin.git
|
||||
https://aur.archlinux.org/castnow-git.git
|
||||
https://aur.archlinux.org/ccrypt.git
|
||||
https://aur.archlinux.org/chromium-pepper-flash.git
|
||||
https://aur.archlinux.org/defcon.git
|
||||
https://aur.archlinux.org/discord-cli-git.git
|
||||
https://aur.archlinux.org/discord-irc.git
|
||||
https://aur.archlinux.org/downgrader.git
|
||||
https://aur.archlinux.org/dotnet-core-bin.git
|
||||
https://aur.archlinux.org/dotnet-runtime-bin.git
|
||||
https://aur.archlinux.org/freeme2.git
|
||||
https://aur.archlinux.org/genymotion.git
|
||||
https://aur.archlinux.org/gnome-alsamixer.git
|
||||
https://aur.archlinux.org/google-chrome.git
|
||||
https://aur.archlinux.org/google-earth.git
|
||||
https://aur.archlinux.org/googlecl.git
|
||||
https://aur.archlinux.org/googler.git
|
||||
https://aur.archlinux.org/graylog.git
|
||||
https://aur.archlinux.org/graylog-collector-sidecar.git
|
||||
https://aur.archlinux.org/gsa.git
|
||||
https://aur.archlinux.org/gstreamer0.10-ffmpeg.git
|
||||
https://aur.archlinux.org/gtk-xfce-engine.git
|
||||
https://aur.archlinux.org/gvmd.git
|
||||
https://aur.archlinux.org/gyazo.git
|
||||
https://aur.archlinux.org/helloworld.git
|
||||
https://aur.archlinux.org/injection.git
|
||||
https://aur.archlinux.org/inspircd.git
|
||||
https://aur.archlinux.org/irker.git
|
||||
https://aur.archlinux.org/jmtpfs.git
|
||||
https://aur.archlinux.org/jpcsp.git
|
||||
https://aur.archlinux.org/js.git
|
||||
https://aur.archlinux.org/kpcli.git
|
||||
https://aur.archlinux.org/lib32-glib.git
|
||||
https://aur.archlinux.org/libdaq.git
|
||||
https://aur.archlinux.org/libdwarf-20140413.git
|
||||
@ -50,28 +38,22 @@ https://aur.archlinux.org/mkinitcpio-utils.git
|
||||
https://aur.archlinux.org/mpir.git
|
||||
https://aur.archlinux.org/mongodb-bin.git
|
||||
https://aur.archlinux.org/mongodb-tools-bin.git
|
||||
https://aur.archlinux.org/mongosh-bin.git
|
||||
https://aur.archlinux.org/nordvpn-bin.git
|
||||
https://aur.archlinux.org/oinkmaster.git
|
||||
https://aur.archlinux.org/openresty.git
|
||||
https://aur.archlinux.org/openvas-scanner.git
|
||||
https://aur.archlinux.org/openvisualtraceroute.git
|
||||
https://aur.archlinux.org/ospd.git
|
||||
https://aur.archlinux.org/ospd-openvas.git
|
||||
https://aur.archlinux.org/ossec-local.git
|
||||
https://aur.archlinux.org/pwm.git
|
||||
https://aur.archlinux.org/pcmciautils.git
|
||||
https://aur.archlinux.org/pdfshuffler.git
|
||||
https://aur.archlinux.org/pear-net-ldap2.git
|
||||
https://aur.archlinux.org/perl-clipboard.git
|
||||
https://aur.archlinux.org/perl-crypt-rijndael.git
|
||||
https://aur.archlinux.org/perl-expect.git
|
||||
https://aur.archlinux.org/perl-file-keepass.git
|
||||
https://aur.archlinux.org/perl-net-sftp-foreign.git
|
||||
https://aur.archlinux.org/perl-php-serialization.git
|
||||
https://aur.archlinux.org/perl-sys-mmap.git
|
||||
https://aur.archlinux.org/perl-term-shellui.git
|
||||
https://aur.archlinux.org/php-pear.git
|
||||
https://aur.archlinux.org/php-zts.git
|
||||
https://aur.archlinux.org/pm-utils.git
|
||||
https://aur.archlinux.org/powerpanel.git
|
||||
https://aur.archlinux.org/python-aiohttp.git
|
||||
@ -92,16 +74,14 @@ https://aur.archlinux.org/savage.git
|
||||
https://aur.archlinux.org/self-service-password.git
|
||||
https://aur.archlinux.org/smarty3.git
|
||||
https://aur.archlinux.org/suricata.git
|
||||
https://aur.archlinux.org/swfdec.git
|
||||
https://aur.archlinux.org/swfdec-gnome.git
|
||||
https://aur.archlinux.org/systemdjournal2gelf.git
|
||||
https://aur.archlinux.org/tor-browser-en.git
|
||||
https://aur.archlinux.org/tor-browser-bin.git
|
||||
https://aur.archlinux.org/trid.git
|
||||
https://aur.archlinux.org/tt-rss-auth-ldap-git.git
|
||||
https://aur.archlinux.org/udisks.git
|
||||
https://aur.archlinux.org/undvd.git
|
||||
https://aur.archlinux.org/uniglot.git
|
||||
https://aur.archlinux.org/unvanquished.git
|
||||
https://aur.archlinux.org/unvanquished-data.git
|
||||
https://aur.archlinux.org/vbam-gtk.git
|
||||
https://aur.archlinux.org/xfce4-mixer.git
|
||||
https://aur.archlinux.org/xorg-server-utils.git
|
||||
|
@ -1,14 +0,0 @@
|
||||
port: 9129
|
||||
download_timeout: 3600 # download will timeout after 3600 seconds
|
||||
cache_dir: /var/cache/pacoloco
|
||||
purge_files_after: 360000 # 360000 seconds or 100 hours, 0 to disable
|
||||
repos:
|
||||
archlinux:
|
||||
urls:
|
||||
- http://mirrors.gigenet.com/archlinux/
|
||||
- http://mnvoip.mm.fcix.net/archlinux/
|
||||
- http://mirrors.kernel.org/archlinux/
|
||||
- http://ftp.osuosl.org/pub/archlinux/
|
||||
- https://mnvoip.mm.fcix.net/archlinux/
|
||||
- http://southfront.mm.fcix.net/archlinux/
|
||||
user_agent: Pacoloco
|
@ -17,6 +17,7 @@
|
||||
|
||||
- name: Maat configuration
|
||||
become: yes
|
||||
register: aurlist
|
||||
copy:
|
||||
src: aur.list
|
||||
dest: /usr/local/etc/Maat/aur.list
|
||||
@ -28,6 +29,13 @@
|
||||
state: restarted
|
||||
enabled: yes
|
||||
|
||||
- name: Start Maat build cycle
|
||||
become: yes
|
||||
when: aurlist.changed
|
||||
service:
|
||||
name: maat.service
|
||||
state: started
|
||||
|
||||
- name: Generate mirrorlist
|
||||
delegate_to: localhost
|
||||
run_once: yes
|
||||
|
@ -1,16 +0,0 @@
|
||||
A Nazara host is a gateway to accessing other hosts. It is a safeguard against admin error.
|
||||
|
||||
## Etymology
|
||||
Nazara hosts are named because they are the first line of defense against administrative error -- they prevent admins from being locked out of correcting their changes and are connected to everything in the ecosystem. They also control DNS, which allows a sort of subliminal control of the entire ecosystem. This is akin to the mastermind [Reaper AI](https://masseffect.fandom.com/wiki/Sovereign) from the Mass Effect franchise, and in fact can be the extinction of any DNS-enabled malware in the ecosystem by sinkholing the Command-and-Control.
|
||||
|
||||
## Capacity and Components
|
||||
A Nazara host needs minimal CPU or memory.
|
||||
|
||||
## Hosted Services and Entities
|
||||
Nazara should host a Pihole installation and [SSH](../Services/SSH.md). It should be NAT'ed to an obscure port to the outside world.
|
||||
|
||||
## Connections
|
||||
Any host should be able to connect to a Nazara with SSH and X11, and it should be able to dial to any service provider.
|
||||
|
||||
## Additional Reference
|
||||
Nazara hosts should be deployed alongside any Hypervisor. They can be as simple as a Pi-hole with SSH access, and they should be allowed to receive SSH connections from a non-tcp/22/ssh port.
|
@ -61,3 +61,11 @@
|
||||
when: qemubr.changed or br0.changed
|
||||
debug:
|
||||
msg: You may need to restart VMs on the Node.
|
||||
|
||||
- name: Enable VMs
|
||||
become: yes
|
||||
with_items: "{{ active_vms }}"
|
||||
service:
|
||||
name: "{{ item }}-vm.service"
|
||||
state: started
|
||||
enabled: yes
|
||||
|
@ -1,14 +0,0 @@
|
||||
[Unit]
|
||||
Description=AniNIX/{{ inventory_hostname }}
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
ExecStart=/usr/sbin/qemu-system-x86_64 -name AniNIX/{{ inventory_hostname }} -machine type=pc,accel=kvm -bios /usr/share/edk2-ovmf/x64/OVMF.fd -cpu host -smp {{ cores }} {{ disks }} -net nic,macaddr={{ mac }},model=virtio -net bridge,br={{ bridge }} -vga std -nographic -vnc :{{ vnc }} -m size={{ memory }}G -device virtio-rng-pci
|
||||
ExecReload=/bin/kill -HUP $MAINPID
|
||||
KillMode=process
|
||||
Restart=always
|
||||
User=root
|
||||
Group=root
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
3
roles/Password/bin/sora-dump-config
Executable file
3
roles/Password/bin/sora-dump-config
Executable file
@ -0,0 +1,3 @@
|
||||
#!/bin/bash
|
||||
|
||||
slapcat -a "(!(entryDN:dnSubtreeMatch:=ou=People,dc=aninix,dc=net))"
|
19
roles/Password/files/nsswitch.conf
Normal file
19
roles/Password/files/nsswitch.conf
Normal file
@ -0,0 +1,19 @@
|
||||
# Begin /etc/nsswitch.conf
|
||||
|
||||
passwd: files ldap
|
||||
group: files ldap
|
||||
shadow: files ldap
|
||||
|
||||
publickey: files
|
||||
|
||||
hosts: files dns myhostname
|
||||
networks: files
|
||||
|
||||
protocols: files
|
||||
services: files
|
||||
ethers: files
|
||||
rpc: files
|
||||
|
||||
netgroup: files
|
||||
|
||||
# End /etc/nsswitch.conf
|
12
roles/Password/files/pam.d/atd
Normal file
12
roles/Password/files/pam.d/atd
Normal file
@ -0,0 +1,12 @@
|
||||
#%PAM-1.0
|
||||
|
||||
auth required pam_unix.so
|
||||
auth required pam_env.so
|
||||
|
||||
account required pam_access.so
|
||||
account required pam_unix.so
|
||||
account required pam_time.so
|
||||
|
||||
session required pam_loginuid.so
|
||||
session required pam_limits.so
|
||||
session required pam_unix.so
|
6
roles/Password/files/pam.d/chfn
Normal file
6
roles/Password/files/pam.d/chfn
Normal file
@ -0,0 +1,6 @@
|
||||
#%PAM-1.0
|
||||
auth sufficient pam_rootok.so
|
||||
auth required pam_unix.so
|
||||
account required pam_unix.so
|
||||
session required pam_unix.so
|
||||
password required pam_permit.so
|
4
roles/Password/files/pam.d/chpasswd
Normal file
4
roles/Password/files/pam.d/chpasswd
Normal file
@ -0,0 +1,4 @@
|
||||
#%PAM-1.0
|
||||
auth sufficient pam_rootok.so
|
||||
account required pam_permit.so
|
||||
password include system-auth
|
6
roles/Password/files/pam.d/chsh
Normal file
6
roles/Password/files/pam.d/chsh
Normal file
@ -0,0 +1,6 @@
|
||||
#%PAM-1.0
|
||||
auth sufficient pam_rootok.so
|
||||
auth required pam_unix.so
|
||||
account required pam_unix.so
|
||||
session required pam_unix.so
|
||||
password required pam_permit.so
|
11
roles/Password/files/pam.d/crond
Normal file
11
roles/Password/files/pam.d/crond
Normal file
@ -0,0 +1,11 @@
|
||||
#
|
||||
# The PAM configuration file for the cron daemon
|
||||
#
|
||||
#
|
||||
# Although no PAM authentication is called, auth modules
|
||||
# are used for credential setting
|
||||
auth include system-auth
|
||||
account required pam_access.so
|
||||
account include system-auth
|
||||
session required pam_loginuid.so
|
||||
session include system-auth
|
3
roles/Password/files/pam.d/cups
Normal file
3
roles/Password/files/pam.d/cups
Normal file
@ -0,0 +1,3 @@
|
||||
auth required pam_unix.so
|
||||
account required pam_unix.so
|
||||
session required pam_unix.so
|
4
roles/Password/files/pam.d/groupmems
Normal file
4
roles/Password/files/pam.d/groupmems
Normal file
@ -0,0 +1,4 @@
|
||||
#%PAM-1.0
|
||||
auth sufficient pam_rootok.so
|
||||
account required pam_permit.so
|
||||
password include system-auth
|
7
roles/Password/files/pam.d/login
Normal file
7
roles/Password/files/pam.d/login
Normal file
@ -0,0 +1,7 @@
|
||||
#%PAM-1.0
|
||||
|
||||
auth requisite pam_nologin.so
|
||||
auth include system-local-login
|
||||
account include system-local-login
|
||||
session include system-local-login
|
||||
password include system-local-login
|
4
roles/Password/files/pam.d/newusers
Normal file
4
roles/Password/files/pam.d/newusers
Normal file
@ -0,0 +1,4 @@
|
||||
#%PAM-1.0
|
||||
auth sufficient pam_rootok.so
|
||||
account required pam_permit.so
|
||||
password include system-auth
|
1
roles/Password/files/pam.d/nslcd.conf
Normal file
1
roles/Password/files/pam.d/nslcd.conf
Normal file
@ -0,0 +1 @@
|
||||
UiqiKXIU
|
9
roles/Password/files/pam.d/other
Normal file
9
roles/Password/files/pam.d/other
Normal file
@ -0,0 +1,9 @@
|
||||
#%PAM-1.0
|
||||
auth required pam_deny.so
|
||||
auth required pam_warn.so
|
||||
account required pam_deny.so
|
||||
account required pam_warn.so
|
||||
password required pam_deny.so
|
||||
password required pam_warn.so
|
||||
session required pam_deny.so
|
||||
session required pam_warn.so
|
5
roles/Password/files/pam.d/passwd
Normal file
5
roles/Password/files/pam.d/passwd
Normal file
@ -0,0 +1,5 @@
|
||||
#%PAM-1.0
|
||||
#password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3
|
||||
#password required pam_unix.so sha512 shadow use_authtok
|
||||
password sufficient pam_ldap.so
|
||||
password required pam_unix.so sha512 shadow nullok
|
4
roles/Password/files/pam.d/passwd.pacnew
Normal file
4
roles/Password/files/pam.d/passwd.pacnew
Normal file
@ -0,0 +1,4 @@
|
||||
#%PAM-1.0
|
||||
auth include system-auth
|
||||
account include system-auth
|
||||
password include system-auth
|
3
roles/Password/files/pam.d/postgresql
Normal file
3
roles/Password/files/pam.d/postgresql
Normal file
@ -0,0 +1,3 @@
|
||||
auth required pam_unix.so
|
||||
account required pam_unix.so
|
||||
session required pam_unix.so
|
8
roles/Password/files/pam.d/remote
Normal file
8
roles/Password/files/pam.d/remote
Normal file
@ -0,0 +1,8 @@
|
||||
#%PAM-1.0
|
||||
|
||||
auth required pam_securetty.so
|
||||
auth requisite pam_nologin.so
|
||||
auth include system-remote-login
|
||||
account include system-remote-login
|
||||
session include system-remote-login
|
||||
password include system-remote-login
|
13
roles/Password/files/pam.d/rlogin
Normal file
13
roles/Password/files/pam.d/rlogin
Normal file
@ -0,0 +1,13 @@
|
||||
#%PAM-1.0
|
||||
# For root login to succeed here with pam_securetty, "rlogin" must be
|
||||
# listed in /etc/securetty.
|
||||
auth required pam_nologin.so
|
||||
auth required pam_securetty.so
|
||||
auth required pam_env.so
|
||||
auth sufficient pam_rhosts.so
|
||||
auth include system-auth
|
||||
account include system-auth
|
||||
password include system-auth
|
||||
session optional pam_keyinit.so force revoke
|
||||
session required pam_loginuid.so
|
||||
session include system-auth
|
11
roles/Password/files/pam.d/rsh
Normal file
11
roles/Password/files/pam.d/rsh
Normal file
@ -0,0 +1,11 @@
|
||||
#%PAM-1.0
|
||||
# For root login to succeed here with pam_securetty, "rsh" must be
|
||||
# listed in /etc/securetty.
|
||||
auth required pam_nologin.so
|
||||
auth required pam_securetty.so
|
||||
auth required pam_env.so
|
||||
auth required pam_rhosts.so
|
||||
account include system-auth
|
||||
session optional pam_keyinit.so force revoke
|
||||
session required pam_loginuid.so
|
||||
session include system-auth
|
4
roles/Password/files/pam.d/runuser
Normal file
4
roles/Password/files/pam.d/runuser
Normal file
@ -0,0 +1,4 @@
|
||||
#%PAM-1.0
|
||||
|
||||
auth sufficient pam_rootok.so
|
||||
session include system-login
|
4
roles/Password/files/pam.d/runuser-l
Normal file
4
roles/Password/files/pam.d/runuser-l
Normal file
@ -0,0 +1,4 @@
|
||||
#%PAM-1.0
|
||||
|
||||
auth sufficient pam_rootok.so
|
||||
session include system-login
|
1
roles/Password/files/pam.d/screen
Normal file
1
roles/Password/files/pam.d/screen
Normal file
@ -0,0 +1 @@
|
||||
auth required pam_unix.so
|
6
roles/Password/files/pam.d/sshd
Normal file
6
roles/Password/files/pam.d/sshd
Normal file
@ -0,0 +1,6 @@
|
||||
#%PAM-1.0
|
||||
|
||||
auth include system-remote-login
|
||||
account include system-remote-login
|
||||
password include system-remote-login
|
||||
session include system-remote-login
|
6
roles/Password/files/pam.d/sssd-shadowutils
Normal file
6
roles/Password/files/pam.d/sssd-shadowutils
Normal file
@ -0,0 +1,6 @@
|
||||
#%PAM-1.0
|
||||
auth [success=done ignore=ignore default=die] pam_unix.so nullok try_first_pass
|
||||
auth required pam_deny.so
|
||||
|
||||
account required pam_unix.so
|
||||
account required pam_permit.so
|
14
roles/Password/files/pam.d/su
Normal file
14
roles/Password/files/pam.d/su
Normal file
@ -0,0 +1,14 @@
|
||||
#%PAM-1.0
|
||||
auth sufficient pam_ldap.so
|
||||
auth sufficient pam_rootok.so
|
||||
# Uncomment the following line to implicitly trust users in the "wheel" group.
|
||||
#auth sufficient pam_wheel.so trust use_uid
|
||||
# Uncomment the following line to require a user to be in the "wheel" group.
|
||||
#auth required pam_wheel.so use_uid
|
||||
auth required pam_unix.so use_first_pass
|
||||
|
||||
account sufficient pam_ldap.so
|
||||
account required pam_unix.so
|
||||
|
||||
session sufficient pam_ldap.so
|
||||
session required pam_unix.so
|
12
roles/Password/files/pam.d/su-l
Normal file
12
roles/Password/files/pam.d/su-l
Normal file
@ -0,0 +1,12 @@
|
||||
#%PAM-1.0
|
||||
auth sufficient pam_rootok.so
|
||||
# Uncomment the following line to implicitly trust users in the "wheel" group.
|
||||
#auth sufficient pam_wheel.so trust use_uid
|
||||
# Uncomment the following line to require a user to be in the "wheel" group.
|
||||
#auth required pam_wheel.so use_uid
|
||||
auth sufficient pam_ldap.so
|
||||
auth required pam_unix.so use_first_pass
|
||||
account sufficient pam_ldap.so
|
||||
account required pam_unix.so
|
||||
session sufficient pam_ldap.so
|
||||
session required pam_unix.so
|
10
roles/Password/files/pam.d/su-l.pacnew
Normal file
10
roles/Password/files/pam.d/su-l.pacnew
Normal file
@ -0,0 +1,10 @@
|
||||
#%PAM-1.0
|
||||
auth sufficient pam_rootok.so
|
||||
# Uncomment the following line to implicitly trust users in the "wheel" group.
|
||||
#auth sufficient pam_wheel.so trust use_uid
|
||||
# Uncomment the following line to require a user to be in the "wheel" group.
|
||||
#auth required pam_wheel.so use_uid
|
||||
auth required pam_unix.so
|
||||
account required pam_unix.so
|
||||
session required pam_unix.so
|
||||
password include system-auth
|
10
roles/Password/files/pam.d/su.pacnew
Normal file
10
roles/Password/files/pam.d/su.pacnew
Normal file
@ -0,0 +1,10 @@
|
||||
#%PAM-1.0
|
||||
auth sufficient pam_rootok.so
|
||||
# Uncomment the following line to implicitly trust users in the "wheel" group.
|
||||
#auth sufficient pam_wheel.so trust use_uid
|
||||
# Uncomment the following line to require a user to be in the "wheel" group.
|
||||
#auth required pam_wheel.so use_uid
|
||||
auth required pam_unix.so
|
||||
account required pam_unix.so
|
||||
session required pam_unix.so
|
||||
password include system-auth
|
4
roles/Password/files/pam.d/sudo
Normal file
4
roles/Password/files/pam.d/sudo
Normal file
@ -0,0 +1,4 @@
|
||||
#%PAM-1.0
|
||||
auth include system-auth
|
||||
account include system-auth
|
||||
session include system-auth
|
20
roles/Password/files/pam.d/system-auth
Normal file
20
roles/Password/files/pam.d/system-auth
Normal file
@ -0,0 +1,20 @@
|
||||
#%PAM-1.0
|
||||
|
||||
auth sufficient pam_ldap.so
|
||||
auth required pam_unix.so try_first_pass nullok
|
||||
auth optional pam_permit.so
|
||||
auth required pam_env.so
|
||||
|
||||
account sufficient pam_ldap.so
|
||||
account required pam_unix.so
|
||||
account optional pam_permit.so
|
||||
account required pam_time.so
|
||||
|
||||
password sufficient pam_ldap.so
|
||||
password required pam_unix.so try_first_pass nullok sha512 shadow
|
||||
password optional pam_permit.so
|
||||
|
||||
session required pam_limits.so
|
||||
session required pam_unix.so
|
||||
session optional pam_ldap.so
|
||||
session optional pam_permit.so
|
27
roles/Password/files/pam.d/system-auth.pacnew
Normal file
27
roles/Password/files/pam.d/system-auth.pacnew
Normal file
@ -0,0 +1,27 @@
|
||||
#%PAM-1.0
|
||||
|
||||
auth required pam_faillock.so preauth
|
||||
# Optionally use requisite above if you do not want to prompt for the password
|
||||
# on locked accounts.
|
||||
-auth [success=2 default=ignore] pam_systemd_home.so
|
||||
auth [success=1 default=bad] pam_unix.so try_first_pass nullok
|
||||
auth [default=die] pam_faillock.so authfail
|
||||
auth optional pam_permit.so
|
||||
auth required pam_env.so
|
||||
auth required pam_faillock.so authsucc
|
||||
# If you drop the above call to pam_faillock.so the lock will be done also
|
||||
# on non-consecutive authentication failures.
|
||||
|
||||
-account [success=1 default=ignore] pam_systemd_home.so
|
||||
account required pam_unix.so
|
||||
account optional pam_permit.so
|
||||
account required pam_time.so
|
||||
|
||||
-password [success=1 default=ignore] pam_systemd_home.so
|
||||
password required pam_unix.so try_first_pass nullok shadow
|
||||
password optional pam_permit.so
|
||||
|
||||
-session optional pam_systemd_home.so
|
||||
session required pam_limits.so
|
||||
session required pam_unix.so
|
||||
session optional pam_permit.so
|
6
roles/Password/files/pam.d/system-local-login
Normal file
6
roles/Password/files/pam.d/system-local-login
Normal file
@ -0,0 +1,6 @@
|
||||
#%PAM-1.0
|
||||
|
||||
auth include system-login
|
||||
account include system-login
|
||||
password include system-login
|
||||
session include system-login
|
19
roles/Password/files/pam.d/system-login
Normal file
19
roles/Password/files/pam.d/system-login
Normal file
@ -0,0 +1,19 @@
|
||||
#%PAM-1.0
|
||||
|
||||
auth required pam_shells.so
|
||||
auth requisite pam_nologin.so
|
||||
auth include system-auth
|
||||
|
||||
account required pam_access.so
|
||||
account required pam_nologin.so
|
||||
account include system-auth
|
||||
|
||||
password include system-auth
|
||||
|
||||
session optional pam_loginuid.so
|
||||
session include system-auth
|
||||
session optional pam_motd.so motd=/etc/motd
|
||||
session optional pam_mail.so dir=/var/spool/mail standard quiet
|
||||
-session optional pam_systemd.so
|
||||
session required pam_env.so
|
||||
#session required pam_mkhomedir.so skel=/etc/skel umask=0027
|
20
roles/Password/files/pam.d/system-login.pacnew
Normal file
20
roles/Password/files/pam.d/system-login.pacnew
Normal file
@ -0,0 +1,20 @@
|
||||
#%PAM-1.0
|
||||
|
||||
auth required pam_shells.so
|
||||
auth requisite pam_nologin.so
|
||||
auth include system-auth
|
||||
|
||||
account required pam_access.so
|
||||
account required pam_nologin.so
|
||||
account include system-auth
|
||||
|
||||
password include system-auth
|
||||
|
||||
session optional pam_loginuid.so
|
||||
session optional pam_keyinit.so force revoke
|
||||
session include system-auth
|
||||
session optional pam_motd.so
|
||||
session optional pam_mail.so dir=/var/spool/mail standard quiet
|
||||
session optional pam_umask.so
|
||||
-session optional pam_systemd.so
|
||||
session required pam_env.so
|
6
roles/Password/files/pam.d/system-remote-login
Normal file
6
roles/Password/files/pam.d/system-remote-login
Normal file
@ -0,0 +1,6 @@
|
||||
#%PAM-1.0
|
||||
|
||||
auth include system-login
|
||||
account include system-login
|
||||
password include system-login
|
||||
session include system-login
|
11
roles/Password/files/pam.d/system-services
Normal file
11
roles/Password/files/pam.d/system-services
Normal file
@ -0,0 +1,11 @@
|
||||
#%PAM-1.0
|
||||
|
||||
auth sufficient pam_permit.so
|
||||
|
||||
account include system-auth
|
||||
|
||||
session optional pam_loginuid.so
|
||||
session required pam_limits.so
|
||||
session required pam_unix.so
|
||||
session optional pam_permit.so
|
||||
session required pam_env.so
|
5
roles/Password/files/pam.d/systemd-user
Normal file
5
roles/Password/files/pam.d/systemd-user
Normal file
@ -0,0 +1,5 @@
|
||||
# Used by systemd --user instances.
|
||||
|
||||
account include system-login
|
||||
session required pam_loginuid.so
|
||||
session include system-login
|
5
roles/Password/files/pam.d/vlock
Normal file
5
roles/Password/files/pam.d/vlock
Normal file
@ -0,0 +1,5 @@
|
||||
#%PAM-1.0
|
||||
auth required pam_unix.so
|
||||
account required pam_unix.so
|
||||
password required pam_unix.so
|
||||
session required pam_unix.so
|
119
roles/Password/files/sora-base-config
Normal file
119
roles/Password/files/sora-base-config
Normal file
@ -0,0 +1,119 @@
|
||||
dn: dc=aninix,dc=net
|
||||
objectClass: dcObject
|
||||
objectClass: organization
|
||||
dc: aninix
|
||||
o: AniNIXUsers
|
||||
description: AniNIX::LDAP Crediential Directory
|
||||
structuralObjectClass: organization
|
||||
entryUUID: a521b05a-3532-4042-bf8f-3631a1e51b94
|
||||
creatorsName: cn=root,dc=aninix,dc=net
|
||||
createTimestamp: 20160901205333Z
|
||||
entryCSN: 20160901205333.449191Z#000000#000#000000
|
||||
modifiersName: cn=root,dc=aninix,dc=net
|
||||
modifyTimestamp: 20160901205333Z
|
||||
|
||||
dn: cn=root,dc=aninix,dc=net
|
||||
objectClass: organizationalRole
|
||||
cn: root
|
||||
description: Directory Manager
|
||||
structuralObjectClass: organizationalRole
|
||||
entryUUID: 9e4273d9-d002-4015-a774-bed02afd6cc9
|
||||
creatorsName: cn=root,dc=aninix,dc=net
|
||||
createTimestamp: 20160901205333Z
|
||||
pwdLastSuccess: 20220918222625Z
|
||||
entryCSN: 20220918222625.132392Z#000000#000#000000
|
||||
modifiersName: cn=root,dc=aninix,dc=net
|
||||
modifyTimestamp: 20220918222625Z
|
||||
|
||||
dn: ou=Group,dc=aninix,dc=net
|
||||
ou: Group
|
||||
objectClass: top
|
||||
objectClass: organizationalUnit
|
||||
structuralObjectClass: organizationalUnit
|
||||
entryUUID: 475e1ae1-d992-4a9a-85de-e7f71974ac03
|
||||
creatorsName: cn=root,dc=aninix,dc=net
|
||||
createTimestamp: 20160901214257Z
|
||||
entryCSN: 20160901214257.941445Z#000000#000#000000
|
||||
modifiersName: cn=root,dc=aninix,dc=net
|
||||
modifyTimestamp: 20160901214257Z
|
||||
|
||||
dn: cn=ldapuser,ou=Group,dc=aninix,dc=net
|
||||
cn: ldapuser
|
||||
gidNumber: 10000
|
||||
objectClass: posixGroup
|
||||
objectClass: top
|
||||
structuralObjectClass: posixGroup
|
||||
entryUUID: dc17d42d-fae9-496d-b362-82f27679476c
|
||||
creatorsName: cn=root,dc=aninix,dc=net
|
||||
createTimestamp: 20160903051753Z
|
||||
entryCSN: 20160903051753.156600Z#000000#000#000000
|
||||
modifiersName: cn=root,dc=aninix,dc=net
|
||||
modifyTimestamp: 20160903051753Z
|
||||
|
||||
dn: cn=hypervisorauth,ou=Group,dc=aninix,dc=net
|
||||
cn: hypervisorauth
|
||||
gidNumber: 10001
|
||||
objectClass: posixGroup
|
||||
objectClass: top
|
||||
structuralObjectClass: posixGroup
|
||||
entryUUID: 88cb5e2c-ee93-4d62-a83a-63ceff9ceba0
|
||||
creatorsName: cn=root,dc=aninix,dc=net
|
||||
createTimestamp: 20160903061147Z
|
||||
memberUid: lurso3
|
||||
entryCSN: 20160903061653.689826Z#000000#000#000000
|
||||
modifiersName: cn=root,dc=aninix,dc=net
|
||||
modifyTimestamp: 20160903061653Z
|
||||
|
||||
dn: ou=pwpolicies,dc=aninix,dc=net
|
||||
ou: pwpolicies
|
||||
objectClass: top
|
||||
objectClass: organizationalUnit
|
||||
structuralObjectClass: organizationalUnit
|
||||
entryUUID: ee2c6fc6-a40a-4d6f-992e-c1a04439f022
|
||||
creatorsName: cn=root,dc=aninix,dc=net
|
||||
createTimestamp: 20161029155416Z
|
||||
entryCSN: 20161029155416.247439Z#000000#000#000000
|
||||
modifiersName: cn=root,dc=aninix,dc=net
|
||||
modifyTimestamp: 20161029155416Z
|
||||
|
||||
dn: cn=default,ou=pwpolicies,dc=aninix,dc=net
|
||||
objectClass: pwdPolicy
|
||||
objectClass: person
|
||||
objectClass: top
|
||||
cn: default
|
||||
sn: Default
|
||||
pwdAttribute: userPassword
|
||||
pwdMaxAge: 31536000
|
||||
pwdExpireWarning: 604800
|
||||
pwdInHistory: 12
|
||||
pwdCheckQuality: 1
|
||||
pwdMaxFailure: 5
|
||||
pwdLockout: TRUE
|
||||
pwdLockoutDuration: 86400
|
||||
pwdGraceAuthNLimit: 3
|
||||
pwdFailureCountInterval: 3600
|
||||
pwdMustChange: TRUE
|
||||
pwdMinLength: 8
|
||||
pwdAllowUserChange: TRUE
|
||||
pwdSafeModify: FALSE
|
||||
structuralObjectClass: person
|
||||
entryUUID: f983ea45-deca-4b8f-8e55-cebbacf392ba
|
||||
creatorsName: cn=root,dc=aninix,dc=net
|
||||
createTimestamp: 20161029171109Z
|
||||
entryCSN: 20161029171109.930559Z#000000#000#000000
|
||||
modifiersName: cn=root,dc=aninix,dc=net
|
||||
modifyTimestamp: 20161029171109Z
|
||||
|
||||
dn: cn=DarkFeather,ou=Group,dc=aninix,dc=net
|
||||
cn: DarkFeather
|
||||
gidNumber: 10002
|
||||
objectClass: posixGroup
|
||||
objectClass: top
|
||||
memberUid: DarkFeather
|
||||
structuralObjectClass: posixGroup
|
||||
entryUUID: 1f333fb2-0611-4235-ba07-aa9fa0edb439
|
||||
creatorsName: cn=root,dc=aninix,dc=net
|
||||
createTimestamp: 20201018201805Z
|
||||
entryCSN: 20201018201805.104347Z#000000#000#000000
|
||||
modifiersName: cn=root,dc=aninix,dc=net
|
||||
modifyTimestamp: 20201018201805Z
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user