From 309456d19faeda568c87db567c1722eae3333b15 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Thu, 9 Apr 2015 15:37:55 +0000 Subject: [PATCH] add new configurations files --- .../locale.conf.j2 => files/locale.conf} | 2 +- roles/common/files/logind.conf | 34 ++++ .../resolv.conf.j2 => files/resolv.conf} | 2 +- roles/common/{templates => files}/whois.conf | 1 + roles/common/tasks/main.yml | 19 ++- roles/container/files/vimrc | 2 +- roles/php/templates/php.ini.j2 | 148 ++++++++++++------ 7 files changed, 154 insertions(+), 54 deletions(-) rename roles/common/{templates/locale.conf.j2 => files/locale.conf} (74%) create mode 100644 roles/common/files/logind.conf rename roles/common/{templates/resolv.conf.j2 => files/resolv.conf} (78%) rename roles/common/{templates => files}/whois.conf (95%) diff --git a/roles/common/templates/locale.conf.j2 b/roles/common/files/locale.conf similarity index 74% rename from roles/common/templates/locale.conf.j2 rename to roles/common/files/locale.conf index 5a05e6a..3709b1d 100644 --- a/roles/common/templates/locale.conf.j2 +++ b/roles/common/files/locale.conf @@ -1,4 +1,4 @@ -# {{ ansible_managed }} +# managed by ansible # LANG="de_DE.UTF-8" LC_MESSAGES="en_DK.UTF-8" diff --git a/roles/common/files/logind.conf b/roles/common/files/logind.conf new file mode 100644 index 0000000..5cfe9e5 --- /dev/null +++ b/roles/common/files/logind.conf @@ -0,0 +1,34 @@ +# managed by ansible +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. +# +# You can override the directives in this file by creating files in +# /etc/systemd/logind.conf.d/*.conf. +# +# See logind.conf(5) for details + +[Login] +#NAutoVTs=6 +#ReserveVT=6 +#KillUserProcesses=no +#KillOnlyUsers= +#KillExcludeUsers=root +#InhibitDelayMaxSec=5 +#HandlePowerKey=poweroff +#HandleSuspendKey=suspend +#HandleHibernateKey=hibernate +#HandleLidSwitch=suspend +#HandleLidSwitchDocked=ignore +#PowerKeyIgnoreInhibited=no +#SuspendKeyIgnoreInhibited=no +#HibernateKeyIgnoreInhibited=no +#LidSwitchIgnoreInhibited=yes +#IdleAction=ignore +#IdleActionSec=30min +#RuntimeDirectorySize=10% +#RemoveIPC=yes diff --git a/roles/common/templates/resolv.conf.j2 b/roles/common/files/resolv.conf similarity index 78% rename from roles/common/templates/resolv.conf.j2 rename to roles/common/files/resolv.conf index 10a8088..47eefe3 100644 --- a/roles/common/templates/resolv.conf.j2 +++ b/roles/common/files/resolv.conf @@ -1,4 +1,4 @@ -# {{ ansible_managed }} +# managed by ansible # # /etc/resolv.conf # diff --git a/roles/common/templates/whois.conf b/roles/common/files/whois.conf similarity index 95% rename from roles/common/templates/whois.conf rename to roles/common/files/whois.conf index 7f867bd..0380f1f 100644 --- a/roles/common/templates/whois.conf +++ b/roles/common/files/whois.conf @@ -1,3 +1,4 @@ +# managed by ansible \.dn42$ whois.dn42 \-DN42$ whois.dn42 # dn42 range 64512-65534 diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml index c9c67e6..ef1a9ef 100644 --- a/roles/common/tasks/main.yml +++ b/roles/common/tasks/main.yml @@ -1,7 +1,3 @@ -- name: resolv.conf - template: src=resolv.conf.j2 dest=/etc/resolv.conf mode=0644 backup=yes -- name: locale.conf - template: src=locale.conf.j2 dest=/etc/locale.conf mode=0644 backup=yes - name: update pacman cache pacman: update_cache=yes - name: install essential packages @@ -14,8 +10,19 @@ - git - sudo - ca-certificates-dn42 -- name: /etc/hosts - template: src=hosts.j2 dest=/etc/hosts mode=0644 backup=yes - locale_gen: name=de_DE.UTF-8 state=present - locale_gen: name=en_DK.UTF-8 state=present - command: /usr/bin/timedatectl set-timezone UTC + +- name: common configuration + template: src={{ item.from }}.j2 dest={{ item.to }} mode=0644 backup=no + with_items: + - { from: hosts, to: /etc/hosts } + +- name: common configuration + copy: src={{ item.from }} dest={{ item.to }} + with_items: + - { from: locale.conf, to: /etc/locale.conf } + - { from: whois.conf, to: /etc/whois.conf } + - { from: resolv.conf, to: /etc/resolv.conf } + - { from: logind.conf, to: /etc/systemd/system/logind.conf } diff --git a/roles/container/files/vimrc b/roles/container/files/vimrc index 32297ba..3ca1794 100644 --- a/roles/container/files/vimrc +++ b/roles/container/files/vimrc @@ -1,4 +1,4 @@ -" {{ ansible_managed }} +" managed by ansible set nocompatible " be iMproved filetype off " required! let mapleader="," " change the leader to be a comma vs slash diff --git a/roles/php/templates/php.ini.j2 b/roles/php/templates/php.ini.j2 index 020477a..db3ed87 100644 --- a/roles/php/templates/php.ini.j2 +++ b/roles/php/templates/php.ini.j2 @@ -78,9 +78,9 @@ ; compatibility with older or less security conscience applications. We ; recommending using the production ini in production and testing environments. -; php.ini-development is very similar to its production variant, except it's -; much more verbose when it comes to errors. We recommending using the -; development version only in development environments as errors shown to +; php.ini-development is very similar to its production variant, except it is +; much more verbose when it comes to errors. We recommend using the +; development version only in development environments, as errors shown to ; application users can inadvertently leak otherwise secure information. ; This is php.ini-production INI file. @@ -293,20 +293,17 @@ serialize_precision = 17 ; open_basedir, if set, limits all file operations to the defined directory ; and below. This directive makes most sense if used in a per-directory -; or per-virtualhost web server configuration file. This directive is -; *NOT* affected by whether Safe Mode is turned On or Off. +; or per-virtualhost web server configuration file. ; http://php.net/open-basedir open_basedir = /srv/http/:/home/:/tmp/:/usr/share/pear/:/usr/share/webapps/:/etc/webapps/ ; This directive allows you to disable certain functions for security reasons. -; It receives a comma-delimited list of function names. This directive is -; *NOT* affected by whether Safe Mode is turned On or Off. +; It receives a comma-delimited list of function names. ; http://php.net/disable-functions disable_functions = ; This directive allows you to disable certain classes for security reasons. -; It receives a comma-delimited list of class names. This directive is -; *NOT* affected by whether Safe Mode is turned On or Off. +; It receives a comma-delimited list of class names. ; http://php.net/disable-classes disable_classes = @@ -423,7 +420,7 @@ memory_limit = 128M ; E_NOTICE - run-time notices (these are warnings which often result ; from a bug in your code, but it's possible that it was ; intentional (e.g., using an uninitialized variable and -; relying on the fact it's automatically initialized to an +; relying on the fact it is automatically initialized to an ; empty string) ; E_STRICT - run-time notices, enable to have PHP suggest changes ; to your code which will ensure the best interoperability @@ -456,8 +453,8 @@ error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT ; it could be very dangerous in production environments. Depending on the code ; which is triggering the error, sensitive information could potentially leak ; out of your application such as database usernames and passwords or worse. -; It's recommended that errors be logged on production servers rather than -; having the errors sent to STDOUT. +; For production environments, we recommend logging errors rather than +; sending them to STDOUT. ; Possible Values: ; Off = Do not display any errors ; stderr = Display errors to STDERR (affects only CGI/CLI binaries!) @@ -471,8 +468,8 @@ display_errors = Off ; The display of errors which occur during PHP's startup sequence are handled ; separately from display_errors. PHP's default behavior is to suppress those ; errors from clients. Turning the display of startup errors on can be useful in -; debugging configuration problems. But, it's strongly recommended that you -; leave this setting off on production servers. +; debugging configuration problems. We strongly recommend you +; set this to 'off' for production servers. ; Default Value: Off ; Development Value: On ; Production Value: Off @@ -611,13 +608,13 @@ html_errors = On ; http://php.net/variables-order variables_order = "GPCS" -; This directive determines which super global data (G,P,C,E & S) should -; be registered into the super global array REQUEST. If so, it also determines -; the order in which that data is registered. The values for this directive are -; specified in the same manner as the variables_order directive, EXCEPT one. -; Leaving this value empty will cause PHP to use the value set in the -; variables_order directive. It does not mean it will leave the super globals -; array REQUEST empty. +; This directive determines which super global data (G,P & C) should be +; registered into the super global array REQUEST. If so, it also determines +; the order in which that data is registered. The values for this directive +; are specified in the same manner as the variables_order directive, +; EXCEPT one. Leaving this value empty will cause PHP to use the value set +; in the variables_order directive. It does not mean it will leave the super +; globals array REQUEST empty. ; Default Value: None ; Development Value: "GP" ; Production Value: "GP" @@ -678,15 +675,33 @@ auto_append_file = ; http://php.net/default-mimetype default_mimetype = "text/html" -; PHP's default character set is set to empty. +; PHP's default character set is set to UTF-8. ; http://php.net/default-charset -;default_charset = "UTF-8" +default_charset = "UTF-8" + +; PHP internal character encoding is set to empty. +; If empty, default_charset is used. +; http://php.net/internal-encoding +;internal_encoding = + +; PHP input character encoding is set to empty. +; If empty, default_charset is used. +; http://php.net/input-encoding +;input_encoding = + +; PHP output character encoding is set to empty. +; If empty, default_charset is used. +; mbstring or iconv output handler is used. +; See also output_buffer. +; http://php.net/output-encoding +;output_encoding = ; Always populate the $HTTP_RAW_POST_DATA variable. PHP's default behavior is -; to disable this feature. If post reading is disabled through -; enable_post_data_reading, $HTTP_RAW_POST_DATA is *NOT* populated. +; to disable this feature and it will be removed in a future version. +; If post reading is disabled through enable_post_data_reading, +; $HTTP_RAW_POST_DATA is *NOT* populated. ; http://php.net/always-populate-raw-post-data -;always_populate_raw_post_data = On +;always_populate_raw_post_data = -1 ;;;;;;;;;;;;;;;;;;;;;;;;; ; Paths and Directories ; @@ -770,8 +785,8 @@ enable_dl = Off ;fastcgi.logging = 0 ; cgi.rfc2616_headers configuration option tells PHP what type of headers to -; use when sending HTTP response code. If it's set 0 PHP sends Status: header that -; is supported by Apache. When this option is set to 1 PHP will send +; use when sending HTTP response code. If set to 0, PHP sends Status: header that +; is supported by Apache. When this option is set to 1, PHP will send ; RFC2616 compliant header. ; Default is zero. ; http://php.net/cgi.rfc2616-headers @@ -935,9 +950,22 @@ date.timezone = UTC ;filter.default_flags = [iconv] -;iconv.input_encoding = ISO-8859-1 -;iconv.internal_encoding = ISO-8859-1 -;iconv.output_encoding = ISO-8859-1 +; Use of this INI entry is deprecated, use global input_encoding instead. +; If empty, default_charset or input_encoding or iconv.input_encoding is used. +; The precedence is: default_charset < intput_encoding < iconv.input_encoding +;iconv.input_encoding = + +; Use of this INI entry is deprecated, use global internal_encoding instead. +; If empty, default_charset or internal_encoding or iconv.internal_encoding is used. +; The precedence is: default_charset < internal_encoding < iconv.internal_encoding +;iconv.internal_encoding = + +; Use of this INI entry is deprecated, use global output_encoding instead. +; If empty, default_charset or output_encoding or iconv.output_encoding is used. +; The precedence is: default_charset < output_encoding < iconv.output_encoding +; To use an output encoding conversion, iconv's output handler must be set +; otherwise output encoding conversion cannot be performed. +;iconv.output_encoding = [intl] ;intl.default_locale = @@ -1373,9 +1401,9 @@ session.save_handler = files ; ; where N is an integer. Instead of storing all the session files in ; /path, what this will do is use subdirectories N-levels deep, and -; store the session data in those directories. This is useful if you -; or your OS have problems with lots of files in one directory, and is -; a more efficient layout for servers that handle lots of sessions. +; store the session data in those directories. This is useful if +; your OS has problems with many files in one directory, and is +; a more efficient layout for servers that handle many sessions. ; ; NOTE 1: PHP will not create this directory structure automatically. ; You can use the script in the ext/session dir for that purpose. @@ -1410,7 +1438,7 @@ session.use_cookies = 1 ; This option forces PHP to fetch and use a cookie for storing and maintaining ; the session id. We encourage this operation as it's very helpful in combating ; session hijacking when not specifying and managing your own session id. It is -; not the end all be all of session hijacking defense, but it's a good start. +; not the be-all and end-all of session hijacking defense, but it's a good start. ; http://php.net/session.use-only-cookies session.use_only_cookies = 1 @@ -1510,7 +1538,7 @@ session.cache_limiter = nocache session.cache_expire = 180 ; trans sid support is disabled by default. -; Use of trans sid may risk your users security. +; Use of trans sid may risk your users' security. ; Use this option with caution. ; - User may send URL contains active session ID ; to other person via. email/irc/etc. @@ -1700,23 +1728,34 @@ mssql.secure_connection = Off [mbstring] ; language for internal character representation. +; This affects mb_send_mail() and mbstrig.detect_order. ; http://php.net/mbstring.language ;mbstring.language = Japanese +; Use of this INI entry is deprecated, use global internal_encoding instead. ; internal/script encoding. -; Some encoding cannot work as internal encoding. -; (e.g. SJIS, BIG5, ISO-2022-*) -; http://php.net/mbstring.internal-encoding -;mbstring.internal_encoding = UTF-8 +; Some encoding cannot work as internal encoding. (e.g. SJIS, BIG5, ISO-2022-*) +; If empty, default_charset or internal_encoding or iconv.internal_encoding is used. +; The precedence is: default_charset < internal_encoding < iconv.internal_encoding +;mbstring.internal_encoding = +; Use of this INI entry is deprecated, use global input_encoding instead. ; http input encoding. +; mbstring.encoding_traslation = On is needed to use this setting. +; If empty, default_charset or input_encoding or mbstring.input is used. +; The precedence is: default_charset < intput_encoding < mbsting.http_input ; http://php.net/mbstring.http-input -;mbstring.http_input = UTF-8 +;mbstring.http_input = -; http output encoding. mb_output_handler must be -; registered as output buffer to function +; Use of this INI entry is deprecated, use global output_encoding instead. +; http output encoding. +; mb_output_handler must be registered as output buffer to function. +; If empty, default_charset or output_encoding or mbstring.http_output is used. +; The precedence is: default_charset < output_encoding < mbstring.http_output +; To use an output encoding conversion, mbstring's output handler must be set +; otherwise output encoding conversion cannot be performed. ; http://php.net/mbstring.http-output -;mbstring.http_output = pass +;mbstring.http_output = ; enable automatic encoding translation according to ; mbstring.internal_encoding setting. Input chars are @@ -1727,7 +1766,7 @@ mssql.secure_connection = Off ;mbstring.encoding_translation = Off ; automatic encoding detection order. -; auto means +; "auto" detect order is changed according to mbstring.language ; http://php.net/mbstring.detect-order ;mbstring.detect_order = auto @@ -1748,6 +1787,7 @@ mssql.secure_connection = Off ;mbstring.func_overload = 0 ; enable strict encoding detection. +; Default: Off ;mbstring.strict_detection = On ; This directive specifies the regex pattern of content types for which mb_output_handler() @@ -1937,6 +1977,24 @@ opcache.enable=1 ; absolute path. ;curl.cainfo = +[openssl] +; The location of a Certificate Authority (CA) file on the local filesystem +; to use when verifying the identity of SSL/TLS peers. Most users should +; not specify a value for this directive as PHP will attempt to use the +; OS-managed cert stores in its absence. If specified, this value may still +; be overridden on a per-stream basis via the "cafile" SSL stream context +; option. +;openssl.cafile= + +; If openssl.cafile is not specified or if the CA file is not found, the +; directory pointed to by openssl.capath is searched for a suitable +; certificate. This value must be a correctly hashed certificate directory. +; Most users should not specify a value for this directive as PHP will +; attempt to use the OS-managed cert stores in its absence. If specified, +; this value may still be overridden on a per-stream basis via the "capath" +; SSL stream context option. +;openssl.capath= + ; Local Variables: ; tab-width: 4 ; End: