fixity

6 files changed, 134 insertions, 6 deletions

diff --git a/config-box-winston-base.PKGBUILD b/config-box-winston-base.PKGBUILD
index c408289..4072c81 100644
--- a/config-box-winston-base.PKGBUILD
+++ b/config-box-winston-base.PKGBUILD
@@ -5,7 +5,7 @@ package() {
 preamble
 
 # ## Base setup
-depends+=(linux-libre-lts grub haveged irqbalance)
+depends+=(linux-libre-lts grub haveged irqbalance systemd-swap)
 conflicts+=(linux-libre)
 
 add-file etc/hostname <<EOF
@@ -28,8 +28,11 @@ LC_COLLATE=C
 EOF
 
 add-unit etc/systemd/system/getty.target.wants/getty@tty1.service
+add-unit etc/systemd/system/local-fs.target.wants/systemd-swap.service
 add-unit etc/systemd/system/multi-user.target.wants/haveged.service
 add-unit etc/systemd/system/multi-user.target.wants/irqbalance.service
+add-unit etc/systemd/system/multi-user.target.wants/remote-fs.target
+add-unit etc/systemd/system/multi-user.target.wants/sshd.service
 
 ln -s ../usr/lib/os-release etc/os-release
 install -d etc/ssl/certs
diff --git a/config-mgmt-etckeeper.PKGBUILD b/config-mgmt-etckeeper.PKGBUILD
index ccf854e..664d33c 100644
--- a/config-mgmt-etckeeper.PKGBUILD
+++ b/config-mgmt-etckeeper.PKGBUILD
@@ -1,5 +1,5 @@
 . ${BUILDFILE%/*}/common.sh
-pkgver=20161111.1
+pkgver=20161111.4
 
 package() {
 preamble
@@ -32,7 +32,24 @@ add-file -m755 etc/etckeeper/commit.d/40git-ignore <<EOF
 git ls-files --ignored --exclude-standard -z|xargs -0r git rm --cached --
 EOF
 
-# It as also been configured to maintain a list of installed packages
+# etckeeper has been configured to run the pre-commit hook at exta
+# times, to work around a bug[0].
+#
+# [0]: https://etckeeper.branchable.com/todo/metadata_changes_don__39__t_cause_a_new_commit/
+add-file -m755 etc/etckeeper/unclean.d/20pre-commit <<EOF
+#!/bin/sh
+# pre-commit hook for etckeeper, to store metadata and do sanity checks
+set -e
+etckeeper pre-commit -d /etc
+EOF
+add-file -m755 etc/etckeeper/commit.d/20pre-commit <<EOF
+#!/bin/sh
+# pre-commit hook for etckeeper, to store metadata and do sanity checks
+set -e
+etckeeper pre-commit -d /etc
+EOF
+
+# It has also been configured to maintain a list of installed packages
 # as `/etc/.installed-packages.txt`.
 add-file -m755 etc/etckeeper/pre-commit.d/25list-installed <<EOF
 #!/bin/sh
@@ -86,6 +103,9 @@ EOF
 add-file etc/pacman.d/.gitignore <<EOF
 /gnupg/
 EOF
+add-file etc/xml/.gitignore <<EOF
+/catalog
+EOF
 
 postamble
 }
diff --git a/config-mgmt-nginx.PKGBUILD b/config-mgmt-nginx.PKGBUILD
new file mode 100644
index 0000000..6d7f8a1
--- /dev/null
+++ b/config-mgmt-nginx.PKGBUILD
@@ -0,0 +1,47 @@
+. ${BUILDFILE%/*}/common.sh
+pkgver=20161111.2
+
+package() {
+preamble
+
+depends+=(nginx)
+
+add-file etc/nginx/sites/alias-parabolagnulinux_org.conf <<EOF
+# -*- Mode: nginx; nginx-indent-level: 8; indent-tabs-mode: t -*-
+# Redirect everything from *.parabolagnulinux.org to *.parabola.nu
+
+# Top-level domain
+server {
+	server_name parabolagnulinux.org;
+	listen 443 ssl http2;
+	listen [::]:443 ssl http2;
+
+	location / { return 301 https://www.parabola.nu\$request_uri; }
+}
+
+# Wildcard sub-domain
+server {
+	server_name ~^(?<subdomain>[^\\.]*)\\.parabolagnulinux\\.org\$;
+	listen 443 ssl http2;
+	listen [::]:443 ssl http2;
+
+	location / { return 301 https://\$subdomain.parabola.nu\$request_uri; }
+}
+EOF
+
+add-file etc/nginx/sites/meta-unknown-domain.conf <<EOF
+# -*- Mode: nginx; nginx-indent-level: 8; indent-tabs-mode: t -*-
+
+server {
+	listen 443 ssl http2 default_server;
+	listen [::]:443 ssl http2 default_server;
+
+	return 301 https://www.parabola.nu/404;
+}
+EOF
+
+add-unit etc/systemd/system/multi-user.target.wants/nginx.service
+
+postamble
+}
+
diff --git a/config-service-config.PKGBUILD b/config-service-config.PKGBUILD
new file mode 100644
index 0000000..d9d91f9
--- /dev/null
+++ b/config-service-config.PKGBUILD
@@ -0,0 +1,30 @@
+. ${BUILDFILE%/*}/common.sh
+pkgver=20161111.3
+
+package() {
+preamble
+
+depends+=(nginx config-mgmt-certbot)
+
+add-file -m755 etc/ssl/misc/certbot-get.d/10-config <<EOF
+#!/bin/bash
+echo config.{parabola.nu,parabolagnulinux.org}
+EOF
+
+add-file etc/nginx/sites/server-config_parabola_nu.conf <<EOF
+# -*- Mode: nginx; nginx-indent-level: 8; indent-tabs-mode: t -*-
+
+server {
+	server_name config.parabola.nu;
+	listen 443 ssl http2;
+	listen [::]:443 ssl http2;
+
+	error_log  /var/log/nginx/nginx.http.config_parabola_nu.error.log  error;
+	access_log /var/log/nginx/nginx.http.config_parabola_nu.access.log specific;
+
+	autoindex on;
+}
+EOF
+
+postamble
+}
diff --git a/config-service-myhostname.PKGBUILD b/config-service-myhostname.PKGBUILD
index 921b7e7..a5f2cf6 100644
--- a/config-service-myhostname.PKGBUILD
+++ b/config-service-myhostname.PKGBUILD
@@ -1,5 +1,5 @@
 . ${BUILDFILE%/*}/common.sh
-pkgver=20161111.1
+pkgver=20161111.2
 
 package() {
 preamble
@@ -15,7 +15,10 @@ server {
 	error_log  /var/log/nginx/nginx.http.myhostname.error.log  error;
 	access_log /var/log/nginx/nginx.http.myhostname.access.log specific;
 
-	location = / {
+	root /srv/http/myhostname;
+	autoindex on;
+
+	location = /sysinfo {
 		uwsgi_pass unix:/run/uwsgi/myhostname.sock;
 		uwsgi_modifier1 9; # Standard CGI request
 		include uwsgi_params;
@@ -23,6 +26,31 @@ server {
 }
 EOF
 
+add-file -m755 srv/http/myhostname/sysinfo <<EOF
+#!/bin/bash
+# Copyright 2016 Luke Shumaker
+
+cmds=(
+	'hostnamectl status'
+	"systemctl status | sed '1d;/^\\s*CGroup:/,\\\$d'"
+	'uptime'
+	'free -h'
+	"df -Th | sed -n '1p;/^\\/dev/p'"
+)
+
+printf '%s\\r\\n' \\
+       'Content-Type: text/plain; charset=utf-8' \\
+       ''
+
+for cmd in "\${cmds[@]}"; do
+	printf '\$ %s\\n' "\$cmd"
+	(eval "\$cmd")
+	echo
+done
+EOF
+
+ln -s /var/cache/pacman/pkg srv/http/myhostname/pkg
+
 add-file etc/uwsgi/myhostname.ini <<EOF
 [uwsgi]
 master = true
diff --git a/config-service-wiki.PKGBUILD b/config-service-wiki.PKGBUILD
index 6d2dd7f..24fccf9 100644
--- a/config-service-wiki.PKGBUILD
+++ b/config-service-wiki.PKGBUILD
@@ -8,7 +8,7 @@ depends+=(uwsgi-plugin-php php-apcu-bc php-intl)
 depends+=(mariadb imagemagick config-mgmt-uwsgi config-mgmt-certbot)
 depends+=(git)
 
-add-file -m755 etc/ssl/misc/certbot-get.d/10-git <<EOF
+add-file -m755 etc/ssl/misc/certbot-get.d/10-wiki <<EOF
 #!/bin/bash
 echo wiki.{parabola.nu,parabolagnulinux.org}
 EOF