From 61b82221c6e9704c38bf0f4a5c4f6eb0c7cbf00e Mon Sep 17 00:00:00 2001 From: Brian Zalewski <59970525+ProfessorManhattan@users.noreply.github.com> Date: Sun, 9 Jul 2023 06:46:28 +0000 Subject: [PATCH] Latest --- docs/ERROR.md | 35 ++ home/.chezmoitemplates/files/cloudflared.pem | 47 ++ home/dot_config/clamd/TODO.md | 3 + home/dot_config/clamd/freshclam.conf | 204 +++++++++ home/dot_config/cloudflared/cloudflared.pem | 3 + home/dot_config/powershell/profile.ps1 | 3 + home/dot_local/bin/executable_install-program | 4 +- home/dot_local/etc/nginx/fastcgi.conf | 26 ++ home/dot_local/etc/nginx/fastcgi_params | 25 ++ home/dot_local/etc/nginx/koi-utf | 110 +++++ home/dot_local/etc/nginx/koi-win | 104 +++++ home/dot_local/etc/nginx/mime.types | 120 +++++ home/dot_local/etc/nginx/nginx.conf | 89 ++++ home/dot_local/etc/nginx/nginx.conf.example | 116 +++++ home/dot_local/etc/nginx/proxy_params | 4 + home/dot_local/etc/nginx/scgi_params | 18 + home/dot_local/etc/nginx/uwsgi_params | 18 + home/dot_local/etc/nginx/win-utf | 126 ++++++ home/dot_local/etc/sftpgo/README.md | 3 + home/dot_local/etc/sftpgo/sftpgo.json | 412 ++++++++++++++++++ home/dot_local/etc/vector/vector.toml | 44 ++ software.yml | 13 +- 22 files changed, 1521 insertions(+), 6 deletions(-) create mode 100644 docs/ERROR.md create mode 100644 home/.chezmoitemplates/files/cloudflared.pem create mode 100644 home/dot_config/clamd/TODO.md create mode 100644 home/dot_config/clamd/freshclam.conf create mode 100644 home/dot_config/cloudflared/cloudflared.pem create mode 100644 home/dot_local/etc/nginx/fastcgi.conf create mode 100644 home/dot_local/etc/nginx/fastcgi_params create mode 100644 home/dot_local/etc/nginx/koi-utf create mode 100644 home/dot_local/etc/nginx/koi-win create mode 100644 home/dot_local/etc/nginx/mime.types create mode 100644 home/dot_local/etc/nginx/nginx.conf create mode 100644 home/dot_local/etc/nginx/nginx.conf.example create mode 100644 home/dot_local/etc/nginx/proxy_params create mode 100644 home/dot_local/etc/nginx/scgi_params create mode 100644 home/dot_local/etc/nginx/uwsgi_params create mode 100644 home/dot_local/etc/nginx/win-utf create mode 100644 home/dot_local/etc/sftpgo/README.md create mode 100644 home/dot_local/etc/sftpgo/sftpgo.json create mode 100644 home/dot_local/etc/vector/vector.toml diff --git a/docs/ERROR.md b/docs/ERROR.md new file mode 100644 index 00000000..ea16056f --- /dev/null +++ b/docs/ERROR.md @@ -0,0 +1,35 @@ +``` +🍺 /usr/local/Cellar/sftpgo/2.5.3: 174 files, 50.3MB +==> Running `brew cleanup sftpgo`... +Removing: /usr/local/Cellar/sftpgo/2.5.2... (174 files, 50.2MB) +==> Upgrading angular-cli + 16.1.1 -> 16.1.4 + +==> Pouring angular-cli--16.1.4.ventura.bottle.tar.gz +🍺 /usr/local/Cellar/angular-cli/16.1.4: 6,965 files, 31.2MB +==> Running `brew cleanup angular-cli`... +Removing: /usr/local/Cellar/angular-cli/16.1.1... (6,970 files, 31.2MB) +==> Upgrading docker-compose + 2.19.0 -> 2.19.1 + +==> Pouring docker-compose--2.19.1.ventura.bottle.tar.gz +Error: The `brew link` step did not complete successfully +The formula built, but is not symlinked into /usr/local +Could not symlink bin/docker-compose +Target /usr/local/bin/docker-compose +already exists. You may want to remove it: + rm '/usr/local/bin/docker-compose' + +To force the link and overwrite all conflicting files: + brew link --overwrite docker-compose + +To list all files that would be deleted: + brew link --overwrite --dry-run docker-compose + +Possible conflicting files are: +/usr/local/bin/docker-compose -> /Applications/Docker.app/Contents/Resources/bin/docker-compose +==> Caveats +Compose is now a Docker plugin. For Docker to find this plugin, symlink it: + mkdir -p ~/.docker/cli-plugins + ln -sfn /usr/local/opt/docker-compose/bin/docker-compose ~/.docker/cli-plugins/docker-compose +``` \ No newline at end of file diff --git a/home/.chezmoitemplates/files/cloudflared.pem b/home/.chezmoitemplates/files/cloudflared.pem new file mode 100644 index 00000000..17441fe1 --- /dev/null +++ b/home/.chezmoitemplates/files/cloudflared.pem @@ -0,0 +1,47 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKdmlXcEdOamlVMlhjcHZY +LzJNY2xtVmlFMXc1RFNjY2hPR2ZrMitwRXljCjVEVmlCUDEwZi9oNXc5Z2UwRDVu +cnFzaU5aUDJQZWlYaWVaaERWd0twNjQKLS0tIEJWYkJzWFErVFg5QXVWalJDUHgv +QSt1d1ljSno2eTFUa1h4V0ZEM1loWUEK0ooSvacj4CdFUR0ltcLl84Z51ACjyvDn +7ICI4q7488uQ4Zrz4TbyADsCdHdMJHAu02sXK/Ssq32qsqaCIoY6DJbeFD5lwe9K +U8aBk43xboue514dHTUDv7RyH3+ywEbo4M7ZV8ne4oNQzQ1cmaztepl66jcKjJ+5 +DwQHXHUVcOALZ+sjHpI/cQ4pbN5/C2r7Qhxk4BWTdqzXWTBYAM1DzWsMoodPN9H5 +krnqV5P0kWBgIUi/8LclcIWDpXI8pY5hDUDVjopU/rE/Hu/uqBT108Li5gPjNJzX +GPliX9Fp2J1a6gRS6OgLd9jrHg52m2S2x/nnfUnSxHjKtIFiGTaIDBJ1lrQvitNr +l8h1lbm90wmnt7glqKoVpbwUrPVCdhV81QpR1Rhts4jNMptfN6EIlvc6d0b6prAG +NYCR3ixEFj789yNTxUkuegjc7awTiOY2ECnMekyPhn8TQ/gz2y/8JVB3nidnFiw/ +N8ZtJrLTSt/sDBhOx+gvTGjXvVjVktOiqltELSLbT/pf1ZG4Q3h6sJHKYC+DRRBQ +JtPCTT9g41JSXPQdYTe73QYyIU7+NW26taNglPyUh0Pt1Ox6/r9S5zpKJJVIIcam +l67GhRbpSr81tR0bMM9fQPIv1yz53WIaEiUHGPRqi7Zb5pur6BWVpxFCHWYNvIc0 +BiG4hAZfCI/Xsu3Vtd7Wz8aHSTn4mvmu56+GESr6VqcHqI4wsoh9hDNnpg3cUyfn +8vPnUznAvbfe86vZIV8QKMFWjxFdhxuEha+A8grQpB+Nlz9f9NocN/ImSVZkoUEf +ML7WECiR6PpBc4lNZb6HwSC9ig2pLfowI8igW7h30ivmRwIX0myMEvnOkFrz//hg +PpGGrjquvglz6rLI6ak5G7hLznje+ZYDh1OLLR2jBKVj5r1/se4D8sF4gSqMf/5B +KwoeKS4+1voGKYWCKuawXsS9VcBltgRad9sUI9KzfK4ujRN7xL8jEThkzOKjXLGz +h3TVAXMC21I/nVUcyNIhMqOShDMThEla8CzrIpk22KDKhu+gxcl9KNbSFOYP3REn +wjgXJF5CFoDPmUtqEy8HgZ/MRpyTFzqEhuQfdrjgCuds6fRM1u9uNAyHSxDAjreF +0F4IX1RYdKyowaA6Ee+8vPUJVNR9FEIeESLRvQGdjfGu6nAy2Qzx0HVTmFIWDac0 +kFnyP57UF1mL+wzIMUxkY1WL2Ajo/kCZZMedMI/N4W+n/8TfxQWiqzXgu3A+iyqh +M1RsQ8LEHqiLgexYhTmgRX6NNchI8HQJ9jqsSASTQGNQSMuB6G4UfOsCVBHRmfNJ +c6kPxIb9FrEA/wUhgqdBAkj4/z4JD6ZRzMLZQny7ZUTP0fJm3ealfVr8XHFl/Fwm +7AW44wUphfPV2HrtHKSGWczfJPHlVaYRN1+QwoZoxB21Pe2HuYSEUHHywKkir1+E +aN8S6sh7t9Acq7vUHnQbemAmpZkAHxOEzb4SaX/9jPrK5gIKF5+MDtBuZ+skw7wN +3vNlF5/qcnQGEKrF+tVYxgXXEuOTqyV1xPB05BYIlmw0t5g4ixi53URDnD5vqfpR +/D6ALPDBG5iy5c6XwbGGkWY34BNuTW5WLBj6CEC+m8gZKSvVJLoiV4uuBeUkb2tu +CHp/Hdq6DfBfjmZLu0Re43YzwlLiMuzXl8fbqmO86q5Qzv9UQExDndmMdhHhLUO4 +Cn/X/AgmE3PjiPwPY0YGLiEubMcnnmSkrOZV1NzKqnO7626bmLQGjtX2+hhqTK26 ++LNi/+oRqSj641cuQLySLclybEOsOvFZiMcSXTmcyMEVg2Z3umBf6t5XbhFT5zJx +T3Ry4wAx3G+hCbjGX9Ee+4qq8qFhOJUtC51k8WRUyc8vSxKclRD83lMmRLP8/LT4 +6ll0OtOSOLTz5ikx8PeGf9m1T0tNPBLTB0nydbFAhY9uEe8eMays2vXKeUAebKPr +DACX4gcoOmqBEVUI6dtNxOSvFN9A/AlTwKR7H1aUZBozBnRBG4yA2ZMVt5Ty5Tda +ZwHxHh27/fldyCmABsgxmru0FX5gucPE42Uf+q5rFS96vCle1CHgQUwsMdYeu8a8 +RnDKIzsQqcJzIz759FIbz2vtdYD5zncWz/Ac2LXyLDxsmIRg2QXSg+jekbN/CdYl ++D03eoLH6vbhc2dK4M9oI41TaYp5S/zJJ9tKVKJ7q3Kl/nwoDJcnEpC/HkIoDjKl +gNEDJCFmC/1MCMty0IvxfT7CysHBRqEnWXT7zKK9SpB3+/rV8AOA9RTc5TZOFMZy +2hLn8ypLXNzIX9/kdWk++UOhrLco2+wVqUEUpmDWjtVnBBkdLNLLUPJHCBlzQ9VE +CxgbnEocgXgPo2nizek6O+CJothSVgpiT9fWbdB94vXMutUiUTE4/wgJHvfMdbK9 +Ea1q4zvmhGNOplgHFEvq1MU8gNaPzYCfKWw9wp79ZcsFELuQBHYeMCFph0k3Sh4K +jY12XvtEKYWiBZJsVTHTost+aT+jipjgq3vEn1yEKnAV66ezBplwAsfUitRlwGb6 +W6KgqM8L2GJhE57FKK2RCj+l71mqRYCuOJHkhoLls+d4sgu5+ozerqDYzSLSyfBZ +/j/6+gJDEclZNnvu+71TzODCqK9zDA== +-----END AGE ENCRYPTED FILE----- \ No newline at end of file diff --git a/home/dot_config/clamd/TODO.md b/home/dot_config/clamd/TODO.md new file mode 100644 index 00000000..abc5d8df --- /dev/null +++ b/home/dot_config/clamd/TODO.md @@ -0,0 +1,3 @@ +Configure freshclam for clamav to send emails to .user.email when findings are reported + +Also, optimize other settings \ No newline at end of file diff --git a/home/dot_config/clamd/freshclam.conf b/home/dot_config/clamd/freshclam.conf new file mode 100644 index 00000000..7155881b --- /dev/null +++ b/home/dot_config/clamd/freshclam.conf @@ -0,0 +1,204 @@ +## +## Example config file for freshclam +## Please read the freshclam.conf(5) manual before editing this file. +## + + +# Comment or remove the line below. +# Example + +# Path to the database directory. +# WARNING: It must match clamd.conf's directive! +# Default: hardcoded (depends on installation options) +#DatabaseDirectory /var/lib/clamav + +# Path to the log file (make sure it has proper permissions) +# Default: disabled +#UpdateLogFile /var/log/freshclam.log + +# Maximum size of the log file. +# Value of 0 disables the limit. +# You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes) +# and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). +# in bytes just don't use modifiers. If LogFileMaxSize is enabled, +# log rotation (the LogRotate option) will always be enabled. +# Default: 1M +#LogFileMaxSize 2M + +# Log time with each message. +# Default: no +#LogTime yes + +# Enable verbose logging. +# Default: no +#LogVerbose yes + +# Use system logger (can work together with UpdateLogFile). +# Default: no +#LogSyslog yes + +# Specify the type of syslog messages - please refer to 'man syslog' +# for facility names. +# Default: LOG_LOCAL6 +#LogFacility LOG_MAIL + +# Enable log rotation. Always enabled when LogFileMaxSize is enabled. +# Default: no +#LogRotate yes + +# This option allows you to save the process identifier of the daemon +# This file will be owned by root, as long as freshclam was started by root. +# It is recommended that the directory where this file is stored is +# also owned by root to keep other users from tampering with it. +# Default: disabled +#PidFile /var/run/freshclam.pid + +# By default when started freshclam drops privileges and switches to the +# "clamav" user. This directive allows you to change the database owner. +# Default: clamav (may depend on installation options) +#DatabaseOwner clamav + +# Use DNS to verify virus database version. FreshClam uses DNS TXT records +# to verify database and software versions. With this directive you can change +# the database verification domain. +# WARNING: Do not touch it unless you're configuring freshclam to use your +# own database verification domain. +# Default: current.cvd.clamav.net +#DNSDatabaseInfo current.cvd.clamav.net + +# database.clamav.net is now the primary domain name to be used world-wide. +# Now that CloudFlare is being used as our Content Delivery Network (CDN), +# this one domain name works world-wide to direct freshclam to the closest +# geographic endpoint. +# If the old db.XY.clamav.net domains are set, freshclam will automatically +# use database.clamav.net instead. +DatabaseMirror database.clamav.net + +# How many attempts to make before giving up. +# Default: 3 (per mirror) +#MaxAttempts 5 + +# With this option you can control scripted updates. It's highly recommended +# to keep it enabled. +# Default: yes +#ScriptedUpdates yes + +# By default freshclam will keep the local databases (.cld) uncompressed to +# make their handling faster. With this option you can enable the compression; +# the change will take effect with the next database update. +# Default: no +#CompressLocalDatabase no + +# With this option you can provide custom sources for database files. +# This option can be used multiple times. Support for: +# http(s)://, ftp(s)://, or file:// +# Default: no custom URLs +#DatabaseCustomURL http://myserver.example.com/mysigs.ndb +#DatabaseCustomURL https://myserver.example.com/mysigs.ndb +#DatabaseCustomURL https://myserver.example.com:4567/allow_list.wdb +#DatabaseCustomURL ftp://myserver.example.com/example.ldb +#DatabaseCustomURL ftps://myserver.example.com:4567/example.ndb +#DatabaseCustomURL file:///mnt/nfs/local.hdb + +# This option allows you to easily point freshclam to private mirrors. +# If PrivateMirror is set, freshclam does not attempt to use DNS +# to determine whether its databases are out-of-date, instead it will +# use the If-Modified-Since request or directly check the headers of the +# remote database files. For each database, freshclam first attempts +# to download the CLD file. If that fails, it tries to download the +# CVD file. This option overrides DatabaseMirror, DNSDatabaseInfo +# and ScriptedUpdates. It can be used multiple times to provide +# fall-back mirrors. +# Default: disabled +#PrivateMirror mirror1.example.com +#PrivateMirror mirror2.example.com + +# Number of database checks per day. +# Default: 12 (every two hours) +#Checks 24 + +# Proxy settings +# The HTTPProxyServer may be prefixed with [scheme]:// to specify which kind +# of proxy is used. +# http:// HTTP Proxy. Default when no scheme or proxy type is specified. +# https:// HTTPS Proxy. (Added in 7.52.0 for OpenSSL, GnuTLS and NSS) +# socks4:// SOCKS4 Proxy. +# socks4a:// SOCKS4a Proxy. Proxy resolves URL hostname. +# socks5:// SOCKS5 Proxy. +# socks5h:// SOCKS5 Proxy. Proxy resolves URL hostname. +# Default: disabled +#HTTPProxyServer https://proxy.example.com +#HTTPProxyPort 1234 +#HTTPProxyUsername myusername +#HTTPProxyPassword mypass + +# If your servers are behind a firewall/proxy which applies User-Agent +# filtering you can use this option to force the use of a different +# User-Agent header. +# As of ClamAV 0.103.3, this setting may not be used when updating from the +# clamav.net CDN and can only be used when updating from a private mirror. +# Default: clamav/version_number (OS: ..., ARCH: ..., CPU: ..., UUID: ...) +#HTTPUserAgent SomeUserAgentIdString + +# Use aaa.bbb.ccc.ddd as client address for downloading databases. Useful for +# multi-homed systems. +# Default: Use OS'es default outgoing IP address. +#LocalIPAddress aaa.bbb.ccc.ddd + +# Send the RELOAD command to clamd. +# Default: no +NotifyClamd /usr/local/etc/clamav/clamd.conf + +# Run command after successful database update. +# Use EXIT_1 to return 1 after successful database update. +# Default: disabled +#OnUpdateExecute command + +# Run command when database update process fails. +# Default: disabled +#OnErrorExecute command + +# Run command when freshclam reports outdated version. +# In the command string %v will be replaced by the new version number. +# Default: disabled +#OnOutdatedExecute command + +# Don't fork into background. +# Default: no +#Foreground yes + +# Enable debug messages in libclamav. +# Default: no +#Debug yes + +# Timeout in seconds when connecting to database server. +# Default: 30 +#ConnectTimeout 60 + +# Timeout in seconds when reading from database server. 0 means no timeout. +# Default: 60 +#ReceiveTimeout 300 + +# With this option enabled, freshclam will attempt to load new databases into +# memory to make sure they are properly handled by libclamav before replacing +# the old ones. +# Tip: This feature uses a lot of RAM. If your system has limited RAM and you +# are actively running ClamD or ClamScan during the update, then you may need +# to set `TestDatabases no`. +# Default: yes +#TestDatabases no + +# This option enables downloading of bytecode.cvd, which includes additional +# detection mechanisms and improvements to the ClamAV engine. +# Default: yes +#Bytecode no + +# Include an optional signature databases (opt-in). +# This option can be used multiple times. +#ExtraDatabase dbname1 +#ExtraDatabase dbname2 + +# Exclude a standard signature database (opt-out). +# This option can be used multiple times. +#ExcludeDatabase dbname1 +#ExcludeDatabase dbname2 \ No newline at end of file diff --git a/home/dot_config/cloudflared/cloudflared.pem b/home/dot_config/cloudflared/cloudflared.pem new file mode 100644 index 00000000..f00bc38e --- /dev/null +++ b/home/dot_config/cloudflared/cloudflared.pem @@ -0,0 +1,3 @@ +{{- if and (stat (joinPath .host.home ".config" "age" "chezmoi.txt")) (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "files" "cloudflared.pem")) -}} +{{ includeTemplate "files/cloudflared.pem" | decrypt -}} +{{ end -}} diff --git a/home/dot_config/powershell/profile.ps1 b/home/dot_config/powershell/profile.ps1 index 9de166c8..1d9ab041 100644 --- a/home/dot_config/powershell/profile.ps1 +++ b/home/dot_config/powershell/profile.ps1 @@ -24,6 +24,9 @@ foreach ($module in $modules) { Import-Module $module -Force } +### Homebrew +Add-Content -Path $PROFILE.CurrentUserAllHosts -Value '$(/usr/local/bin/brew shellenv) | Invoke-Expression' + ### posh-git settings oh-my-posh init pwsh --config "$env:HOME/.config/oh-my-posh/Betelgeuse.omp.json" | Invoke-Expression diff --git a/home/dot_local/bin/executable_install-program b/home/dot_local/bin/executable_install-program index d6843536..76d7263b 100644 --- a/home/dot_local/bin/executable_install-program +++ b/home/dot_local/bin/executable_install-program @@ -1641,7 +1641,7 @@ async function updateService(service) { log('info', logStage, `There was an error starting / enabling the ${service} service with systemd`) try { if (brew) { - runCommand(`Starting / enabling ${service} with Homebrew`, `sudo brew services start ${service}`) + runCommand(`Starting / enabling ${service} with Homebrew`, `brew services start ${service}`) log('success', logStage, `Started / enabled the ${service} service with Homebrew`) } else { log('error', logStage, `Unable to start service with systemd and Homebrew is not available`) @@ -1665,7 +1665,7 @@ async function updateService(service) { const brew = which.sync('brew', { nothrow: true }) if (brew) { try { - runCommand(`Starting / enabling ${service} with Homebrew`, `sudo brew services start ${service}`) + runCommand(`Starting / enabling ${service} with Homebrew`, `brew services start ${service}`) log('success', logStage, `Started / enabled the ${service} service with Homebrew`) } catch (e) { log('error', logStage, `There was an error starting / enabling the ${service} Homebrew service`) diff --git a/home/dot_local/etc/nginx/fastcgi.conf b/home/dot_local/etc/nginx/fastcgi.conf new file mode 100644 index 00000000..d94b57f3 --- /dev/null +++ b/home/dot_local/etc/nginx/fastcgi.conf @@ -0,0 +1,26 @@ + +fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; +fastcgi_param QUERY_STRING $query_string; +fastcgi_param REQUEST_METHOD $request_method; +fastcgi_param CONTENT_TYPE $content_type; +fastcgi_param CONTENT_LENGTH $content_length; + +fastcgi_param SCRIPT_NAME $fastcgi_script_name; +fastcgi_param REQUEST_URI $request_uri; +fastcgi_param DOCUMENT_URI $document_uri; +fastcgi_param DOCUMENT_ROOT $document_root; +fastcgi_param SERVER_PROTOCOL $server_protocol; +fastcgi_param REQUEST_SCHEME $scheme; +fastcgi_param HTTPS $https if_not_empty; + +fastcgi_param GATEWAY_INTERFACE CGI/1.1; +fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; + +fastcgi_param REMOTE_ADDR $remote_addr; +fastcgi_param REMOTE_PORT $remote_port; +fastcgi_param SERVER_ADDR $server_addr; +fastcgi_param SERVER_PORT $server_port; +fastcgi_param SERVER_NAME $server_name; + +# PHP only, required if PHP was built with --enable-force-cgi-redirect +fastcgi_param REDIRECT_STATUS 200; \ No newline at end of file diff --git a/home/dot_local/etc/nginx/fastcgi_params b/home/dot_local/etc/nginx/fastcgi_params new file mode 100644 index 00000000..28decb95 --- /dev/null +++ b/home/dot_local/etc/nginx/fastcgi_params @@ -0,0 +1,25 @@ + +fastcgi_param QUERY_STRING $query_string; +fastcgi_param REQUEST_METHOD $request_method; +fastcgi_param CONTENT_TYPE $content_type; +fastcgi_param CONTENT_LENGTH $content_length; + +fastcgi_param SCRIPT_NAME $fastcgi_script_name; +fastcgi_param REQUEST_URI $request_uri; +fastcgi_param DOCUMENT_URI $document_uri; +fastcgi_param DOCUMENT_ROOT $document_root; +fastcgi_param SERVER_PROTOCOL $server_protocol; +fastcgi_param REQUEST_SCHEME $scheme; +fastcgi_param HTTPS $https if_not_empty; + +fastcgi_param GATEWAY_INTERFACE CGI/1.1; +fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; + +fastcgi_param REMOTE_ADDR $remote_addr; +fastcgi_param REMOTE_PORT $remote_port; +fastcgi_param SERVER_ADDR $server_addr; +fastcgi_param SERVER_PORT $server_port; +fastcgi_param SERVER_NAME $server_name; + +# PHP only, required if PHP was built with --enable-force-cgi-redirect +fastcgi_param REDIRECT_STATUS 200; diff --git a/home/dot_local/etc/nginx/koi-utf b/home/dot_local/etc/nginx/koi-utf new file mode 100644 index 00000000..b62caf2e --- /dev/null +++ b/home/dot_local/etc/nginx/koi-utf @@ -0,0 +1,110 @@ + +# This map is not a full koi8-r <> utf8 map: it does not contain +# box-drawing and some other characters. Besides this map contains +# several koi8-u and Byelorussian letters which are not in koi8-r. +# If you need a full and standard map, use contrib/unicode2nginx/koi-utf +# map instead. + +charset_map koi8-r utf-8 { + + 80 E282AC ; # euro + + 95 E280A2 ; # bullet + + 9A C2A0 ; #   + + 9E C2B7 ; # · + + A3 D191 ; # small yo + A4 D194 ; # small Ukrainian ye + + A6 D196 ; # small Ukrainian i + A7 D197 ; # small Ukrainian yi + + AD D291 ; # small Ukrainian soft g + AE D19E ; # small Byelorussian short u + + B0 C2B0 ; # ° + + B3 D081 ; # capital YO + B4 D084 ; # capital Ukrainian YE + + B6 D086 ; # capital Ukrainian I + B7 D087 ; # capital Ukrainian YI + + B9 E28496 ; # numero sign + + BD D290 ; # capital Ukrainian soft G + BE D18E ; # capital Byelorussian short U + + BF C2A9 ; # (C) + + C0 D18E ; # small yu + C1 D0B0 ; # small a + C2 D0B1 ; # small b + C3 D186 ; # small ts + C4 D0B4 ; # small d + C5 D0B5 ; # small ye + C6 D184 ; # small f + C7 D0B3 ; # small g + C8 D185 ; # small kh + C9 D0B8 ; # small i + CA D0B9 ; # small j + CB D0BA ; # small k + CC D0BB ; # small l + CD D0BC ; # small m + CE D0BD ; # small n + CF D0BE ; # small o + + D0 D0BF ; # small p + D1 D18F ; # small ya + D2 D180 ; # small r + D3 D181 ; # small s + D4 D182 ; # small t + D5 D183 ; # small u + D6 D0B6 ; # small zh + D7 D0B2 ; # small v + D8 D18C ; # small soft sign + D9 D18B ; # small y + DA D0B7 ; # small z + DB D188 ; # small sh + DC D18D ; # small e + DD D189 ; # small shch + DE D187 ; # small ch + DF D18A ; # small hard sign + + E0 D0AE ; # capital YU + E1 D090 ; # capital A + E2 D091 ; # capital B + E3 D0A6 ; # capital TS + E4 D094 ; # capital D + E5 D095 ; # capital YE + E6 D0A4 ; # capital F + E7 D093 ; # capital G + E8 D0A5 ; # capital KH + E9 D098 ; # capital I + EA D099 ; # capital J + EB D09A ; # capital K + EC D09B ; # capital L + ED D09C ; # capital M + EE D09D ; # capital N + EF D09E ; # capital O + + F0 D09F ; # capital P + F1 D0AF ; # capital YA + F2 D0A0 ; # capital R + F3 D0A1 ; # capital S + F4 D0A2 ; # capital T + F5 D0A3 ; # capital U + F6 D096 ; # capital ZH + F7 D092 ; # capital V + F8 D0AC ; # capital soft sign + F9 D0AB ; # capital Y + FA D097 ; # capital Z + FB D0A8 ; # capital SH + FC D0AD ; # capital E + FD D0A9 ; # capital SHCH + FE D0A7 ; # capital CH + FF D0AA ; # capital hard sign +} + diff --git a/home/dot_local/etc/nginx/koi-win b/home/dot_local/etc/nginx/koi-win new file mode 100644 index 00000000..2ddb1b7c --- /dev/null +++ b/home/dot_local/etc/nginx/koi-win @@ -0,0 +1,104 @@ + +charset_map koi8-r windows-1251 { + + 80 88 ; # euro + + 95 95 ; # bullet + + 9A A0 ; #   + + 9E B7 ; # · + + A3 B8 ; # small yo + A4 BA ; # small Ukrainian ye + + A6 B3 ; # small Ukrainian i + A7 BF ; # small Ukrainian yi + + AD B4 ; # small Ukrainian soft g + AE A2 ; # small Byelorussian short u + + B0 B0 ; # ° + + B3 A8 ; # capital YO + B4 AA ; # capital Ukrainian YE + + B6 B2 ; # capital Ukrainian I + B7 AF ; # capital Ukrainian YI + + B9 B9 ; # numero sign + + BD A5 ; # capital Ukrainian soft G + BE A1 ; # capital Byelorussian short U + + BF A9 ; # (C) + + C0 FE ; # small yu + C1 E0 ; # small a + C2 E1 ; # small b + C3 F6 ; # small ts + C4 E4 ; # small d + C5 E5 ; # small ye + C6 F4 ; # small f + C7 E3 ; # small g + C8 F5 ; # small kh + C9 E8 ; # small i + CA E9 ; # small j + CB EA ; # small k + CC EB ; # small l + CD EC ; # small m + CE ED ; # small n + CF EE ; # small o + + D0 EF ; # small p + D1 FF ; # small ya + D2 F0 ; # small r + D3 F1 ; # small s + D4 F2 ; # small t + D5 F3 ; # small u + D6 E6 ; # small zh + D7 E2 ; # small v + D8 FC ; # small soft sign + D9 FB ; # small y + DA E7 ; # small z + DB F8 ; # small sh + DC FD ; # small e + DD F9 ; # small shch + DE F7 ; # small ch + DF FA ; # small hard sign + + E0 DE ; # capital YU + E1 C0 ; # capital A + E2 C1 ; # capital B + E3 D6 ; # capital TS + E4 C4 ; # capital D + E5 C5 ; # capital YE + E6 D4 ; # capital F + E7 C3 ; # capital G + E8 D5 ; # capital KH + E9 C8 ; # capital I + EA C9 ; # capital J + EB CA ; # capital K + EC CB ; # capital L + ED CC ; # capital M + EE CD ; # capital N + EF CE ; # capital O + + F0 CF ; # capital P + F1 DF ; # capital YA + F2 D0 ; # capital R + F3 D1 ; # capital S + F4 D2 ; # capital T + F5 D3 ; # capital U + F6 C6 ; # capital ZH + F7 C2 ; # capital V + F8 DC ; # capital soft sign + F9 DB ; # capital Y + FA C7 ; # capital Z + FB D8 ; # capital SH + FC DD ; # capital E + FD D9 ; # capital SHCH + FE D7 ; # capital CH + FF DA ; # capital hard sign +} + diff --git a/home/dot_local/etc/nginx/mime.types b/home/dot_local/etc/nginx/mime.types new file mode 100644 index 00000000..968b55c0 --- /dev/null +++ b/home/dot_local/etc/nginx/mime.types @@ -0,0 +1,120 @@ +types { + # Data interchange + application/atom+xml atom; + application/json json map topojson; + application/ld+json jsonld; + application/rss+xml rss; + application/vnd.geo+json geojson; + application/xml rdf xml; + + # JavaScript + application/javascript js; + + # Manifest files + application/manifest+json webmanifest; + application/x-web-app-manifest+json webapp; + text/cache-manifest appcache; + + # Media files + audio/midi mid midi kar; + audio/mp4 aac f4a f4b m4a; + audio/mpeg mp3; + audio/ogg oga ogg opus; + audio/x-realaudio ra; + audio/x-wav wav; + image/bmp bmp; + image/gif gif; + image/jpeg jpeg jpg; + image/jxr jxr hdp wdp; + image/png png; + image/svg+xml svg svgz; + image/tiff tif tiff; + image/vnd.wap.wbmp wbmp; + image/webp webp; + image/x-jng jng; + video/3gpp 3gp 3gpp; + video/mp4 f4p f4v m4v mp4; + video/mpeg mpeg mpg; + video/ogg ogv; + video/quicktime mov; + video/webm webm; + video/x-flv flv; + video/x-mng mng; + video/x-ms-asf asf asx; + video/x-ms-wmv wmv; + video/x-msvideo avi; + + # Serving `.ico` image files with a different media type + # prevents Internet Explorer from displaying then as images: + # https://github.com/h5bp/html5-boilerplate/commit/37b5fec090d00f38de64b591bcddcb205aadf8ee + image/x-icon cur ico; + + # Microsoft Office + application/msword doc; + application/vnd.ms-excel xls; + application/vnd.ms-powerpoint ppt; + application/vnd.openxmlformats-officedocument.wordprocessingml.document docx; + application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx; + application/vnd.openxmlformats-officedocument.presentationml.presentation pptx; + + # Web fonts + application/font-woff woff; + application/font-woff2 woff2; + application/vnd.ms-fontobject eot; + + # Browsers usually ignore the font media types and simply sniff + # the bytes to figure out the font type. + # https://mimesniff.spec.whatwg.org/#matching-a-font-type-pattern + # + # However, Blink and WebKit based browsers will show a warning + # in the console if the following font types are served with any + # other media types. + application/x-font-ttf ttc ttf; + font/opentype otf; + + # Other + application/java-archive ear jar war; + application/mac-binhex40 hqx; + application/octet-stream bin deb dll dmg exe img iso msi msm msp safariextz; + application/pdf pdf; + application/postscript ai eps ps; + application/rtf rtf; + application/vnd.google-earth.kml+xml kml; + application/vnd.google-earth.kmz kmz; + application/vnd.wap.wmlc wmlc; + application/x-7z-compressed 7z; + application/x-bb-appworld bbaw; + application/x-bittorrent torrent; + application/x-chrome-extension crx; + application/x-cocoa cco; + application/x-java-archive-diff jardiff; + application/x-java-jnlp-file jnlp; + application/x-makeself run; + application/x-opera-extension oex; + application/x-perl pl pm; + application/x-pilot pdb prc; + application/x-rar-compressed rar; + application/x-redhat-package-manager rpm; + application/x-sea sea; + application/x-shockwave-flash swf; + application/x-stuffit sit; + application/x-tcl tcl tk; + application/x-x509-ca-cert crt der pem; + application/x-xpinstall xpi; + application/xhtml+xml xhtml; + application/xslt+xml xsl; + application/zip zip; + text/css css; + text/csv csv; + text/html htm html shtml; + text/markdown md; + text/mathml mml; + text/plain txt; + text/vcard vcard vcf; + text/vnd.rim.location.xloc xloc; + text/vnd.sun.j2me.app-descriptor jad; + text/vnd.wap.wml wml; + text/vtt vtt; + text/x-component htc; +} + diff --git a/home/dot_local/etc/nginx/nginx.conf b/home/dot_local/etc/nginx/nginx.conf new file mode 100644 index 00000000..f46fd24d --- /dev/null +++ b/home/dot_local/etc/nginx/nginx.conf @@ -0,0 +1,89 @@ +user www-data; +worker_processes auto; +pid /run/nginx.pid; +include /etc/nginx/modules-enabled/*.conf; +worker_rlimit_nofile 65535; + +events { + multi_accept on; + worker_connections 8000; +} + +http { + # General Settings + charset utf-8; + sendfile on; + tcp_nopush on; + tcp_nodelay on; + types_hash_max_size 2048; + client_max_body_size 100M; + server_tokens off; # Shows nginx version + + # MIME Settings + include mime.types; + default_type application/octet-stream; + + # Log Settings + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for" ' + '"$host" sn="$server_name" ' + 'rt=$request_time ' + 'ua="$upstream_addr" us="$upstream_status" ' + 'ut="$upstream_response_time" ul="$upstream_response_length" ' + 'cs=$upstream_cache_status' ; + access_log /var/log/nginx/access.log main; + error_log /var/log/nginx/error.log warn; + + # GZIP Settings + gzip on; + gzip_vary on; + gzip_proxied any; + gzip_comp_level 6; + gzip_disable "msie6"; + gzip_min_length 1024; + gzip_types + application/atom+xml + application/javascript + application/json + application/ld+json + application/manifest+json + application/rss+xml + application/vnd.geo+json + application/vnd.ms-fontobject + application/x-font-ttf + application/x-web-app-manifest+json + application/xhtml+xml + application/xml + font/opentype + image/bmp + image/svg+xml + image/x-icon + text/cache-manifest + text/css + text/plain + text/vcard + text/vnd.rim.location.xloc + text/vtt + text/x-component + text/x-cross-domain-policy; + + # Limits + limit_req_log_level warn; + limit_req_zone $binary_remote_addr zone=login:10m rate=10r/m; + + # Optimizations + # https://www.digitalocean.com/community/tutorials/how-to-optimize-nginx-configuration + client_body_buffer_size 10K; + client_body_timeout 24; + client_header_buffer_size 1k; + large_client_header_buffers 2 1k; + # https://gist.github.com/denji/8359866 + # reset_timedout_connection on; + # send_timeout 24; + server_names_hash_bucket_size 64; + + # Virtual Host Configs + include /etc/nginx/conf.d/*.conf; + include /etc/nginx/sites-enabled/*; +} diff --git a/home/dot_local/etc/nginx/nginx.conf.example b/home/dot_local/etc/nginx/nginx.conf.example new file mode 100644 index 00000000..08f2b6c9 --- /dev/null +++ b/home/dot_local/etc/nginx/nginx.conf.example @@ -0,0 +1,116 @@ +#user nobody; +worker_processes 1; + +#error_log logs/error.log; +#error_log logs/error.log notice; +#error_log logs/error.log info; + +#pid logs/nginx.pid; + + +events { + worker_connections 1024; +} + + +http { + include mime.types; + default_type application/octet-stream; + + #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + # '$status $body_bytes_sent "$http_referer" ' + # '"$http_user_agent" "$http_x_forwarded_for"'; + + #access_log logs/access.log main; + + sendfile on; + #tcp_nopush on; + + #keepalive_timeout 0; + keepalive_timeout 65; + + #gzip on; + + server { + listen 8080; + server_name localhost; + + #charset koi8-r; + + #access_log logs/host.access.log main; + + location / { + root html; + index index.html index.htm; + } + + #error_page 404 /404.html; + + # redirect server error pages to the static page /50x.html + # + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root html; + } + + # proxy the PHP scripts to Apache listening on 127.0.0.1:80 + # + #location ~ \.php$ { + # proxy_pass http://127.0.0.1; + #} + + # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 + # + #location ~ \.php$ { + # root html; + # fastcgi_pass 127.0.0.1:9000; + # fastcgi_index index.php; + # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; + # include fastcgi_params; + #} + + # deny access to .htaccess files, if Apache's document root + # concurs with nginx's one + # + #location ~ /\.ht { + # deny all; + #} + } + + + # another virtual host using mix of IP-, name-, and port-based configuration + # + #server { + # listen 8000; + # listen somename:8080; + # server_name somename alias another.alias; + + # location / { + # root html; + # index index.html index.htm; + # } + #} + + + # HTTPS server + # + #server { + # listen 443 ssl; + # server_name localhost; + + # ssl_certificate cert.pem; + # ssl_certificate_key cert.key; + + # ssl_session_cache shared:SSL:1m; + # ssl_session_timeout 5m; + + # ssl_ciphers HIGH:!aNULL:!MD5; + # ssl_prefer_server_ciphers on; + + # location / { + # root html; + # index index.html index.htm; + # } + #} + include servers/*; +} \ No newline at end of file diff --git a/home/dot_local/etc/nginx/proxy_params b/home/dot_local/etc/nginx/proxy_params new file mode 100644 index 00000000..df75bc5d --- /dev/null +++ b/home/dot_local/etc/nginx/proxy_params @@ -0,0 +1,4 @@ +proxy_set_header Host $http_host; +proxy_set_header X-Real-IP $remote_addr; +proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +proxy_set_header X-Forwarded-Proto $scheme; diff --git a/home/dot_local/etc/nginx/scgi_params b/home/dot_local/etc/nginx/scgi_params new file mode 100644 index 00000000..8f161f6a --- /dev/null +++ b/home/dot_local/etc/nginx/scgi_params @@ -0,0 +1,18 @@ + +scgi_param REQUEST_METHOD $request_method; +scgi_param REQUEST_URI $request_uri; +scgi_param QUERY_STRING $query_string; +scgi_param CONTENT_TYPE $content_type; + +scgi_param DOCUMENT_URI $document_uri; +scgi_param DOCUMENT_ROOT $document_root; +scgi_param SCGI 1; +scgi_param SERVER_PROTOCOL $server_protocol; +scgi_param REQUEST_SCHEME $scheme; +scgi_param HTTPS $https if_not_empty; + +scgi_param REMOTE_ADDR $remote_addr; +scgi_param REMOTE_PORT $remote_port; +scgi_param SERVER_PORT $server_port; +scgi_param SERVER_NAME $server_name; + diff --git a/home/dot_local/etc/nginx/uwsgi_params b/home/dot_local/etc/nginx/uwsgi_params new file mode 100644 index 00000000..02f963f0 --- /dev/null +++ b/home/dot_local/etc/nginx/uwsgi_params @@ -0,0 +1,18 @@ + +uwsgi_param QUERY_STRING $query_string; +uwsgi_param REQUEST_METHOD $request_method; +uwsgi_param CONTENT_TYPE $content_type; +uwsgi_param CONTENT_LENGTH $content_length; + +uwsgi_param REQUEST_URI $request_uri; +uwsgi_param PATH_INFO $document_uri; +uwsgi_param DOCUMENT_ROOT $document_root; +uwsgi_param SERVER_PROTOCOL $server_protocol; +uwsgi_param REQUEST_SCHEME $scheme; +uwsgi_param HTTPS $https if_not_empty; + +uwsgi_param REMOTE_ADDR $remote_addr; +uwsgi_param REMOTE_PORT $remote_port; +uwsgi_param SERVER_PORT $server_port; +uwsgi_param SERVER_NAME $server_name; + diff --git a/home/dot_local/etc/nginx/win-utf b/home/dot_local/etc/nginx/win-utf new file mode 100644 index 00000000..11e61180 --- /dev/null +++ b/home/dot_local/etc/nginx/win-utf @@ -0,0 +1,126 @@ +# This map is not a full windows-1251 <> utf8 map: it does not +# contain Serbian and Macedonian letters. If you need a full map, +# use contrib/unicode2nginx/win-utf map instead. + +charset_map windows-1251 utf-8 { + + 82 E2809A; # single low-9 quotation mark + + 84 E2809E; # double low-9 quotation mark + 85 E280A6; # ellipsis + 86 E280A0; # dagger + 87 E280A1; # double dagger + 88 E282AC; # euro + 89 E280B0; # per mille + + 91 E28098; # left single quotation mark + 92 E28099; # right single quotation mark + 93 E2809C; # left double quotation mark + 94 E2809D; # right double quotation mark + 95 E280A2; # bullet + 96 E28093; # en dash + 97 E28094; # em dash + + 99 E284A2; # trade mark sign + + A0 C2A0; #   + A1 D18E; # capital Byelorussian short U + A2 D19E; # small Byelorussian short u + + A4 C2A4; # currency sign + A5 D290; # capital Ukrainian soft G + A6 C2A6; # borken bar + A7 C2A7; # section sign + A8 D081; # capital YO + A9 C2A9; # (C) + AA D084; # capital Ukrainian YE + AB C2AB; # left-pointing double angle quotation mark + AC C2AC; # not sign + AD C2AD; # soft hypen + AE C2AE; # (R) + AF D087; # capital Ukrainian YI + + B0 C2B0; # ° + B1 C2B1; # plus-minus sign + B2 D086; # capital Ukrainian I + B3 D196; # small Ukrainian i + B4 D291; # small Ukrainian soft g + B5 C2B5; # micro sign + B6 C2B6; # pilcrow sign + B7 C2B7; # · + B8 D191; # small yo + B9 E28496; # numero sign + BA D194; # small Ukrainian ye + BB C2BB; # right-pointing double angle quotation mark + + BF D197; # small Ukrainian yi + + C0 D090; # capital A + C1 D091; # capital B + C2 D092; # capital V + C3 D093; # capital G + C4 D094; # capital D + C5 D095; # capital YE + C6 D096; # capital ZH + C7 D097; # capital Z + C8 D098; # capital I + C9 D099; # capital J + CA D09A; # capital K + CB D09B; # capital L + CC D09C; # capital M + CD D09D; # capital N + CE D09E; # capital O + CF D09F; # capital P + + D0 D0A0; # capital R + D1 D0A1; # capital S + D2 D0A2; # capital T + D3 D0A3; # capital U + D4 D0A4; # capital F + D5 D0A5; # capital KH + D6 D0A6; # capital TS + D7 D0A7; # capital CH + D8 D0A8; # capital SH + D9 D0A9; # capital SHCH + DA D0AA; # capital hard sign + DB D0AB; # capital Y + DC D0AC; # capital soft sign + DD D0AD; # capital E + DE D0AE; # capital YU + DF D0AF; # capital YA + + E0 D0B0; # small a + E1 D0B1; # small b + E2 D0B2; # small v + E3 D0B3; # small g + E4 D0B4; # small d + E5 D0B5; # small ye + E6 D0B6; # small zh + E7 D0B7; # small z + E8 D0B8; # small i + E9 D0B9; # small j + EA D0BA; # small k + EB D0BB; # small l + EC D0BC; # small m + ED D0BD; # small n + EE D0BE; # small o + EF D0BF; # small p + + F0 D180; # small r + F1 D181; # small s + F2 D182; # small t + F3 D183; # small u + F4 D184; # small f + F5 D185; # small kh + F6 D186; # small ts + F7 D187; # small ch + F8 D188; # small sh + F9 D189; # small shch + FA D18A; # small hard sign + FB D18B; # small y + FC D18C; # small soft sign + FD D18D; # small e + FE D18E; # small yu + FF D18F; # small ya +} + diff --git a/home/dot_local/etc/sftpgo/README.md b/home/dot_local/etc/sftpgo/README.md new file mode 100644 index 00000000..9626eacd --- /dev/null +++ b/home/dot_local/etc/sftpgo/README.md @@ -0,0 +1,3 @@ +# TODO + +Configure this sftpgo.json file and copy over to `/usr/local/etc/sftpgo/sftpgo.json` (macOS) \ No newline at end of file diff --git a/home/dot_local/etc/sftpgo/sftpgo.json b/home/dot_local/etc/sftpgo/sftpgo.json new file mode 100644 index 00000000..fce7b325 --- /dev/null +++ b/home/dot_local/etc/sftpgo/sftpgo.json @@ -0,0 +1,412 @@ +{ + "common": { + "idle_timeout": 15, + "upload_mode": 0, + "actions": { + "execute_on": [], + "execute_sync": [], + "hook": "" + }, + "setstat_mode": 0, + "temp_path": "", + "proxy_protocol": 0, + "proxy_allowed": [], + "startup_hook": "", + "post_connect_hook": "", + "post_disconnect_hook": "", + "data_retention_hook": "", + "max_total_connections": 0, + "max_per_host_connections": 20, + "whitelist_file": "", + "allow_self_connections": 0, + "defender": { + "enabled": false, + "driver": "memory", + "ban_time": 30, + "ban_time_increment": 50, + "threshold": 15, + "score_invalid": 2, + "score_valid": 1, + "score_limit_exceeded": 3, + "observation_time": 30, + "entries_soft_limit": 100, + "entries_hard_limit": 150, + "safelist_file": "", + "blocklist_file": "", + "safelist": [], + "blocklist": [] + }, + "rate_limiters": [ + { + "average": 0, + "period": 1000, + "burst": 1, + "type": 2, + "protocols": [ + "SSH", + "FTP", + "DAV", + "HTTP" + ], + "allow_list": [], + "generate_defender_events": false, + "entries_soft_limit": 100, + "entries_hard_limit": 150 + } + ] + }, + "acme": { + "domains": [], + "email": "", + "key_type": "4096", + "certs_path": "certs", + "ca_endpoint": "https://acme-v02.api.letsencrypt.org/directory", + "renew_days": 30, + "http01_challenge": { + "port": 80, + "proxy_header": "", + "webroot": "" + }, + "tls_alpn01_challenge": { + "port": 0 + } + }, + "sftpd": { + "bindings": [ + { + "port": 2022, + "address": "", + "apply_proxy_config": true + } + ], + "max_auth_tries": 0, + "banner": "", + "host_keys": [], + "host_certificates": [], + "host_key_algorithms": [], + "moduli": [], + "kex_algorithms": [], + "ciphers": [], + "macs": [], + "trusted_user_ca_keys": [], + "revoked_user_certs_file": "", + "login_banner_file": "", + "enabled_ssh_commands": [ + "md5sum", + "sha1sum", + "sha256sum", + "cd", + "pwd", + "scp" + ], + "keyboard_interactive_authentication": false, + "keyboard_interactive_auth_hook": "", + "password_authentication": true, + "folder_prefix": "" + }, + "ftpd": { + "bindings": [ + { + "port": 0, + "address": "", + "apply_proxy_config": true, + "tls_mode": 0, + "certificate_file": "", + "certificate_key_file": "", + "min_tls_version": 12, + "force_passive_ip": "", + "passive_ip_overrides": [], + "client_auth_type": 0, + "tls_cipher_suites": [], + "passive_connections_security": 0, + "active_connections_security": 0, + "debug": false + } + ], + "banner": "", + "banner_file": "", + "active_transfers_port_non_20": true, + "passive_port_range": { + "start": 50000, + "end": 50100 + }, + "disable_active_mode": false, + "enable_site": false, + "hash_support": 0, + "combine_support": 0, + "certificate_file": "", + "certificate_key_file": "", + "ca_certificates": [], + "ca_revocation_lists": [] + }, + "webdavd": { + "bindings": [ + { + "port": 0, + "address": "", + "enable_https": false, + "certificate_file": "", + "certificate_key_file": "", + "min_tls_version": 12, + "client_auth_type": 0, + "tls_cipher_suites": [], + "prefix": "", + "proxy_allowed": [], + "client_ip_proxy_header": "", + "client_ip_header_depth": 0, + "disable_www_auth_header": false + } + ], + "certificate_file": "", + "certificate_key_file": "", + "ca_certificates": [], + "ca_revocation_lists": [], + "cors": { + "enabled": false, + "allowed_origins": [], + "allowed_methods": [], + "allowed_headers": [], + "exposed_headers": [], + "allow_credentials": false, + "max_age": 0, + "options_passthrough": false, + "options_success_status": 0, + "allow_private_network": false + }, + "cache": { + "users": { + "expiration_time": 0, + "max_size": 50 + }, + "mime_types": { + "enabled": true, + "max_size": 1000 + } + } + }, + "data_provider": { + "driver": "sqlite", + "name": "sftpgo.db", + "host": "", + "port": 0, + "username": "", + "password": "", + "sslmode": 0, + "disable_sni": false, + "target_session_attrs": "", + "root_cert": "", + "client_cert": "", + "client_key": "", + "connection_string": "", + "sql_tables_prefix": "", + "track_quota": 2, + "delayed_quota_update": 0, + "pool_size": 0, + "users_base_dir": "/usr/local/var/sftpgo/data", + "actions": { + "execute_on": [], + "execute_for": [], + "hook": "" + }, + "external_auth_hook": "", + "external_auth_scope": 0, + "pre_login_hook": "", + "post_login_hook": "", + "post_login_scope": 0, + "check_password_hook": "", + "check_password_scope": 0, + "password_hashing": { + "bcrypt_options": { + "cost": 10 + }, + "argon2_options": { + "memory": 65536, + "iterations": 1, + "parallelism": 2 + }, + "algo": "bcrypt" + }, + "password_validation": { + "admins": { + "min_entropy": 0 + }, + "users": { + "min_entropy": 0 + } + }, + "password_caching": true, + "update_mode": 0, + "create_default_admin": false, + "naming_rules": 1, + "is_shared": 0, + "node": { + "host": "", + "port": 0, + "proto": "http" + }, + "backups_path": "backups" + }, + "httpd": { + "bindings": [ + { + "port": 8080, + "address": "", + "enable_web_admin": true, + "enable_web_client": true, + "enable_rest_api": true, + "enabled_login_methods": 0, + "enable_https": false, + "certificate_file": "", + "certificate_key_file": "", + "min_tls_version": 12, + "client_auth_type": 0, + "tls_cipher_suites": [], + "proxy_allowed": [], + "client_ip_proxy_header": "", + "client_ip_header_depth": 0, + "hide_login_url": 0, + "render_openapi": true, + "web_client_integrations": [], + "oidc": { + "client_id": "", + "client_secret": "", + "config_url": "", + "redirect_base_url": "", + "scopes": [ + "openid", + "profile", + "email" + ], + "username_field": "", + "role_field": "", + "implicit_roles": false, + "custom_fields": [], + "insecure_skip_signature_check": false, + "debug": false + }, + "security": { + "enabled": false, + "allowed_hosts": [], + "allowed_hosts_are_regex": false, + "hosts_proxy_headers": [], + "https_redirect": false, + "https_host": "", + "https_proxy_headers": [], + "sts_seconds": 0, + "sts_include_subdomains": false, + "sts_preload": false, + "content_type_nosniff": false, + "content_security_policy": "", + "permissions_policy": "", + "cross_origin_opener_policy": "", + "expect_ct_header": "" + }, + "branding": { + "web_admin": { + "name": "", + "short_name": "", + "favicon_path": "", + "logo_path": "", + "login_image_path": "", + "disclaimer_name": "", + "disclaimer_path": "", + "default_css": "", + "extra_css": [] + }, + "web_client": { + "name": "", + "short_name": "", + "favicon_path": "", + "logo_path": "", + "login_image_path": "", + "disclaimer_name": "", + "disclaimer_path": "", + "default_css": "", + "extra_css": [] + } + } + } + ], + "templates_path": "templates", + "static_files_path": "static", + "openapi_path": "openapi", + "web_root": "", + "certificate_file": "", + "certificate_key_file": "", + "ca_certificates": [], + "ca_revocation_lists": [], + "signing_passphrase": "", + "token_validation": 0, + "max_upload_file_size": 1048576000, + "cors": { + "enabled": false, + "allowed_origins": [], + "allowed_methods": [], + "allowed_headers": [], + "exposed_headers": [], + "allow_credentials": false, + "max_age": 0, + "options_passthrough": false, + "options_success_status": 0, + "allow_private_network": false + }, + "setup": { + "installation_code": "", + "installation_code_hint": "Installation code" + }, + "hide_support_link": false + }, + "telemetry": { + "bind_port": 0, + "bind_address": "127.0.0.1", + "enable_profiler": false, + "auth_user_file": "", + "certificate_file": "", + "certificate_key_file": "", + "min_tls_version": 12, + "tls_cipher_suites": [] + }, + "http": { + "timeout": 20, + "retry_wait_min": 2, + "retry_wait_max": 30, + "retry_max": 3, + "ca_certificates": [], + "certificates": [], + "skip_tls_verify": false, + "headers": [] + }, + "command": { + "timeout": 30, + "env": [], + "commands": [] + }, + "kms": { + "secrets": { + "url": "", + "master_key": "", + "master_key_path": "" + } + }, + "mfa": { + "totp": [ + { + "name": "Default", + "issuer": "SFTPGo", + "algo": "sha1" + } + ] + }, + "smtp": { + "host": "", + "port": 25, + "from": "", + "user": "", + "password": "", + "auth_type": 0, + "encryption": 0, + "domain": "", + "templates_path": "templates" + }, + "plugins": [] + } \ No newline at end of file diff --git a/home/dot_local/etc/vector/vector.toml b/home/dot_local/etc/vector/vector.toml new file mode 100644 index 00000000..cea1eb9b --- /dev/null +++ b/home/dot_local/etc/vector/vector.toml @@ -0,0 +1,44 @@ +# __ __ __ +# \ \ / / / / +# \ V / / / +# \_/ \/ +# +# V E C T O R +# Configuration +# +# ------------------------------------------------------------------------------ +# Website: https://vector.dev +# Docs: https://vector.dev/docs +# Chat: https://chat.vector.dev +# ------------------------------------------------------------------------------ + +# Change this to use a non-default directory for Vector data storage: +# data_dir = "/usr/local/var/lib/vector/" + +# Random Syslog-formatted logs +[sources.dummy_logs] +type = "demo_logs" +format = "syslog" +interval = 1 + +# Parse Syslog logs +# See the Vector Remap Language reference for more info: https://vrl.dev +[transforms.parse_logs] +type = "remap" +inputs = ["dummy_logs"] +source = ''' +. = parse_syslog!(string!(.message)) +''' + +# Print parsed logs to stdout +[sinks.print] +type = "console" +inputs = ["parse_logs"] +encoding.codec = "json" + +# Vector's GraphQL API (disabled by default) +# Uncomment to try it out with the `vector top` command or +# in your browser at http://localhost:8686 +#[api] +#enabled = true +#address = "127.0.0.1:8686" \ No newline at end of file diff --git a/software.yml b/software.yml index f36de256..2b9d1479 100644 --- a/software.yml +++ b/software.yml @@ -579,6 +579,7 @@ softwarePackages: _github: https://github.com/appium/appium _home: https://appium.io/ _name: Appium + _service: appium ansible: professormanhattan.appium brew: appium choco: appium-desktop @@ -602,6 +603,7 @@ softwarePackages: http-toolkit: _github: https://github.com/httptoolkit/httptoolkit _name: HTTP Toolkit + _when:cask: '! test -d "/Applications/HTTP Toolkit.app"' cask: http-toolkit winget: HTTPToolKit.HTTPToolKit tart: @@ -775,7 +777,7 @@ softwarePackages: _github: https://github.com/AstroNvim/AstroNvim _home: https://astronvim.github.io/ _name: AstroNvim - _post: nvim --headless -c 'autocmd User PackerComplete quitall' + _post: nvim --headless -c 'autocmd User PackerComplete quitall' & typescript-to-lua: _bin: tstl _github: https://github.com/TypeScriptToLua/TypeScriptToLua @@ -1589,7 +1591,7 @@ softwarePackages: _github: https://github.com/Cisco-Talos/clamav _home: https://www.clamav.net/ _name: ClamAV - _post: freshclam + _post: if [ -f "${XDG_DATA_CONFIG:-$HOME/.config}/clamav/freshclam.conf" ]; then sudo cp -f "${XDG_DATA_CONFIG:-$HOME/.config}/clamav/freshclam.conf" /usr/local/etc/clamav/freshclam.conf; fi && freshclam _service:apt: clamav-freshclam _service:dnf: clamd-freshclam _service:pacman: clamav-freshclam @@ -5865,6 +5867,7 @@ softwarePackages: proto: tcp - port: 443 proto: tcp + _service: nginx ansible: professormanhattan.nginx apt: nginx brew: nginx @@ -7062,7 +7065,7 @@ softwarePackages: _github: null _home: null _name: null - _when: echo '! ((brew list provisionql | grep ProvisionQL > /dev/null) && (brew list qlcolorcode | grep QLColorCode > /dev/null) && (brew list qlimagesize | grep qlImageSize > /dev/null) && (brew list qlmarkdown | grep QLMarkdown > /dev/null) && (brew list qlstephen | grep QLStephen > /dev/null) && (brew list qlvideo | grep QLVideo > /dev/null) && (brew list quicklook-json | grep QuickLookJSON > /dev/null) && (brew list quicklookapk | grep QuickLookAPK > /dev/null) && (brew list webpquicklook | grep WebpQuickLook > /dev/null))' | bash + _when: '! (brew list provisionql | grep ProvisionQL > /dev/null && brew list qlcolorcode | grep QLColorCode > /dev/null && brew list qlimagesize | grep qlImageSize > /dev/null && brew list qlmarkdown | grep QLMarkdown > /dev/null && brew list qlstephen | grep QLStephen > /dev/null && brew list qlvideo | grep QLVideo > /dev/null && brew list quicklook-json | grep QuickLookJSON > /dev/null && brew list quicklookapk | grep QuickLookAPK > /dev/null && brew list webpquicklook | grep WebpQuickLook > /dev/null)' cask: - provisionql - qlcolorcode @@ -7718,6 +7721,7 @@ softwarePackages: _github: https://github.com/drakkan/sftpgo _home: null _name: sftpgo + _service: sftpgo brew: sftpgo choco: sftpgo github: github.com/drakkan/sftpgo @@ -9020,8 +9024,9 @@ softwarePackages: _github: https://github.com/vectordotdev/vector _home: https://vector.dev/ _name: Vector + _service: vectordotdev/brew/vector # Unlisted on their website and formulae didn't seem to be registering the bin in the PATH - # brew: vectordotdev/brew/vector + brew: vectordotdev/brew/vector helm: https://helm.vector.dev pacman: vector script:darwin: curl --proto '=https' --tlsv1.2 -sSf https://sh.vector.dev | bash