[GIT] refactor submodules: add all to own repo

2019-10-06 22:55:56 +02:00 · 2019-10-06 22:55:56 +02:00 · be2b9bf3c0
commit be2b9bf3c0
27 changed files with 3311 additions and 0 deletions
--- a/files/caddy.service
+++ b/files/caddy.service
@ -0,0 +1,44 @@
+[Unit]
+Description=Caddy HTTP/2 web server
+Documentation=https://caddyserver.com/docs
+After=network-online.target
+Wants=network-online.target
+
+[Service]
+Restart=on-abnormal
+
+User=www-data
+Group=www-data
+Environment=CADDYPATH=/etc/ssl/caddy
+
+PIDFile=/run/caddy.pid
+ExecStart=/usr/local/bin/caddy -log stdout -agree -email=code@jannikbeyerstedt.de -conf=/etc/caddy/Caddyfile -root=/var/tmp
+ExecReload=/bin/kill -USR1 $MAINPID
+
+KillMode=mixed
+KillSignal=SIGQUIT
+TimeoutStopSec=5s
+
+LimitNOFILE=8192
+LimitNPROC=64
+
+StartLimitInterval=600
+;StartLimitBurst=5
+RestartSec=60
+PermissionsStartOnly=true
+
+PrivateTmp=true
+;PrivateDevices=true
+;ProtectHome=true
+;ProtectSystem=full
+ReadWriteDirectories=/etc/ssl/caddy
+
+; The following additional security directives only work with systemd v229 or later.
+; They further restrict privileges that can be gained by caddy.
+; Note that you may have to add capabilities required by any plugins in use.
+;CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+;AmbientCapabilities=CAP_NET_BIND_SERVICE
+;NoNewPrivileges=true
+
+[Install]
+WantedBy=multi-user.target
--- a/files/ddns-hosts.sh
+++ b/files/ddns-hosts.sh
@ -0,0 +1,54 @@
+#!/bin/sh
+passwd='dyndnshosts'
+hostname=$(hostname | tr '[:upper:]' '[:lower:]')
+
+platform='unknown'
+unamestr=$(uname)
+if [ "$unamestr" = 'Linux' ]; then
+  platform='linux'
+elif [ "$unamestr" = 'FreeBSD' ]; then
+  platform='freebsd'
+fi
+
+ip6addr=''
+ip4addr=''
+if [ $platform = 'linux' ]; then
+  ip6addr=$(ip -6 addr show scope global | grep inet6 | tail -1 | egrep -o '([0-9abcdef]{4}[0-9:abcdef]*)')
+  # filter local IPv4 address ranges (172.16.0.0/12, 10.0.0.0/8, 192.168.0.0/16)
+  ip4addr=$(ip -4 addr show scope global | grep inet | egrep -o '([0-9]{1,3}\.){3}[0-9]{1,3}' | grep -Ev '172.(1[6-9]|2[0-9]|3[0-1])' | grep -Ev '10.' | grep -Ev '192.168.' | head -n 1)
+elif [ $platform = 'freebsd' ]; then
+  ip6addr=$(ifconfig em0 | grep inet6 | tail -1 | egrep -o '([0-9abcdef]{4}[0-9:abcdef]*)')
+  ip4addr=$(ifconfig em0 inet | grep inet | egrep -o '([0-9]{1,3}\.){3}[0-9]{1,3}' | head -n 1)
+fi
+
+echo "Current IP addresses of $hostname are: $ip4addr, $ip6addr"
+
+
+if [ $ip4addr ]; then
+  echo "Updating IPv4 DNS entry..."
+else
+  echo "No public IPv4 address, updating DNS entry anyway..."
+fi
+
+# API always returns 200, so check for response payload to begin with {"Success":true,
+url="https://dyndns.jtbx.de/update?secret=$passwd&domain=$hostname&addr=$ip4addr"
+statuscode=$(curl -s $url)
+case "$statuscode" in
+  {\"Success\":true*) echo "IPv4 Success" ;;
+  *) (>&2 echo "IPv4 DynDNS update failed: API response:\n$statuscode") ;;
+esac
+
+
+if [ $ip6addr ]; then
+  echo "Updating IPv6 DNS entry..."
+
+  # API always returns 200, so check for response payload to begin with {"Success":true,
+  url="https://dyndns.jtbx.de/update?secret=$passwd&domain=$hostname&addr=$ip6addr"
+  statuscode=$(curl -s $url)
+  case "$statuscode" in
+    {\"Success\":true*) echo "IPv6 Success" ;;
+    *) (>&2 echo "IPv6 DynDNS update failed: API response:\n$statuscode") ;;
+  esac
+else
+  echo "No public IPv6 Address, skipping DNS update."
+fi
--- a/files/ddns-namecheap.sh
+++ b/files/ddns-namecheap.sh
@ -0,0 +1,6 @@
+#!/bin/bash
+passwd='dyndnshosts'
+hostname=$(hostname | tr '[:upper:]' '[:lower:]')
+domain=jtbx.space
+
+/usr/bin/curl -4 -s "http://dynamicdns.park-your-domain.com/update?host=$hostname&domain=$domain&password=$passwd" > /dev/null
--- a/files/exim4.conf.template
+++ b/files/exim4.conf.template
--- a/files/sshd_config
+++ b/files/sshd_config
@ -0,0 +1,70 @@
+# Standard sshd config of Jannik Beyerstedt
+
+Protocol 2
+#Port 4422
+#AddressFamily any
+#ListenAddress 0.0.0.0
+#ListenAddress ::
+
+# Ciphers and keying
+#RekeyLimit default none
+KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
+Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
+MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
+
+# Logging
+#SyslogFacility AUTH
+LogLevel VERBOSE
+
+# Authentication:
+#LoginGraceTime 2m
+PermitRootLogin no
+#StrictModes yes
+MaxAuthTries 2
+MaxSessions 2
+
+IgnoreRhosts yes
+
+# Password based logins are disabled - only public key based logins are allowed.
+AuthenticationMethods publickey
+PasswordAuthentication no
+PermitEmptyPasswords no
+ChallengeResponseAuthentication no
+
+UsePAM yes
+
+AllowAgentForwarding no
+AllowTcpForwarding no
+#GatewayPorts no
+X11Forwarding no
+#X11DisplayOffset 10
+#X11UseLocalhost yes
+#PermitTTY yes
+PrintMotd no
+#PrintLastLog yes
+#TCPKeepAlive yes
+#UseLogin no
+#UsePrivilegeSeparation sandbox
+#PermitUserEnvironment no
+#Compression delayed
+#ClientAliveInterval 0
+ClientAliveCountMax 2
+UseDNS no
+#PidFile /var/run/sshd.pid
+#MaxStartups 10:30:100
+#PermitTunnel no
+#ChrootDirectory none
+#VersionAddendum none
+
+# Allow client to pass locale environment variables
+AcceptEnv LANG LC_*
+
+# override default of no subsystems
+Subsystem	sftp	/usr/lib/openssh/sftp-server
+
+# Example of overriding settings on a per-user basis
+#Match User anoncvs
+#	X11Forwarding no
+#	AllowTcpForwarding no
+#	PermitTTY no
+#	ForceCommand cvs server