diff --git a/Admin/Phabricator/README b/Admin/Phabricator/README --- a/Admin/Phabricator/README +++ b/Admin/Phabricator/README @@ -1,58 +1,28 @@ Phabricator server ================== - Apache HTTPS via "Let's Encrypt": https://letsencrypt.org/getting-started https://certbot.eff.org/lets-encrypt/ubuntubionic-apache.html - Configuration / Authentication: https://secure.phabricator.com/book/phabricator/article/configuring_accounts_and_registration - . only local User/Password, *not* Google, Github etc. . auth.require-email-verification true . policy.allow-public true -- Configuration/SSH: - https://secure.phabricator.com/book/phabricator/article/diffusion_hosting - - /etc/ssh/sshd_config: - Port 222 - - /etc/passwd: - phabricator:x:118:126::/home/phabricator:/bin/bash - vcs:x:119:125::/home/vcs:/bin/bash - - /etc/group: - phabricator:x:126: - vcs:x:125: - - $ cp ssh/ssh-hook /usr/local/bin/. - $ cp ssh/sshd_config.phabricator /etc/ssh/. - $ cp ssh/sshd-phabricator.service /lib/systemd/system/. - $ cp ssh/sudoers.d/phabricator /etc/sudoers.d/. - - $ ./bin/config set phd.user phabricator - $ ./bin/config set diffusion.ssh-user vcs - $ ./bin/config set diffusion.ssh-port 22 - - $ systemctl enable sshd-phabricator - $ systemctl start sshd-phabricator - - Test on local machine: - $ echo "{}" | ssh vcs@phabricator.sketis.net conduit conduit.ping - - Update: https://secure.phabricator.com/book/phabricator/article/upgrading sudo ./update - Documentation: /var/www/phabricator-vcs/libphutil/scripts/build_xhpast.php - ./bin/diviner generate + ./bin/diviner generate #slow - Backup: https://secure.phabricator.com/book/phabricator/article/configuring_backups $ apt install automysqlbackup edit /etc/default/automysqlbackup: BACKUPDIR diff --git a/Admin/Phabricator/phd/phd-phabricator.service b/Admin/Phabricator/phd/phd-phabricator.service deleted file mode 100644 --- a/Admin/Phabricator/phd/phd-phabricator.service +++ /dev/null @@ -1,15 +0,0 @@ -[Unit] -Description=PHP daemon (Phabricator) -After=syslog.target network.target apache2.service mysql.service - -[Service] -Type=oneshot -User=phabricator -Group=phabricator -Environment=PATH=/sbin:/usr/sbin:/usr/local/sbin:/usr/local/bin:/usr/bin:/bin -ExecStart=/var/www/phabricator/phabricator/bin/phd start -ExecStop=/var/www/phabricator/phabricator/bin/phd stop -RemainAfterExit=yes - -[Install] -WantedBy=multi-user.target diff --git a/Admin/Phabricator/ssh/ssh-hook b/Admin/Phabricator/ssh/ssh-hook deleted file mode 100755 --- a/Admin/Phabricator/ssh/ssh-hook +++ /dev/null @@ -1,14 +0,0 @@ -#!/bin/sh - -# NOTE: Replace this with the username that you expect users to connect with. -VCSUSER="vcs" - -# NOTE: Replace this with the path to your Phabricator directory. -ROOT="/var/www/phabricator/phabricator" - -if [ "$1" != "$VCSUSER" ]; -then - exit 1 -fi - -exec "$ROOT/bin/ssh-auth" $@ diff --git a/Admin/Phabricator/ssh/sshd-phabricator.service b/Admin/Phabricator/ssh/sshd-phabricator.service deleted file mode 100644 --- a/Admin/Phabricator/ssh/sshd-phabricator.service +++ /dev/null @@ -1,21 +0,0 @@ -[Unit] -Description=OpenBSD Secure Shell server (Phabricator) -After=network.target auditd.service -ConditionPathExists=!/etc/ssh/sshd_not_to_be_run - -[Service] -EnvironmentFile=-/etc/default/ssh -ExecStartPre=/usr/sbin/sshd -f /etc/ssh/sshd_config.phabricator -t -ExecStart=/usr/sbin/sshd -f /etc/ssh/sshd_config.phabricator -D $SSHD_OPTS -ExecReload=/usr/sbin/sshd -f /etc/ssh/sshd_config.phabricator -t -ExecReload=/bin/kill -HUP $MAINPID -KillMode=process -Restart=on-failure -RestartPreventExitStatus=255 -Type=notify -RuntimeDirectory=sshd-phabricator -RuntimeDirectoryMode=0755 - -[Install] -WantedBy=multi-user.target -Alias=sshd-phabricator.service diff --git a/Admin/Phabricator/ssh/sshd_config.phabricator b/Admin/Phabricator/ssh/sshd_config.phabricator deleted file mode 100644 --- a/Admin/Phabricator/ssh/sshd_config.phabricator +++ /dev/null @@ -1,24 +0,0 @@ -# NOTE: You must have OpenSSHD 6.2 or newer; support for AuthorizedKeysCommand -# was added in this version. - -# NOTE: Edit these to the correct values for your setup. - -AuthorizedKeysCommand /usr/local/bin/ssh-hook -AuthorizedKeysCommandUser vcs -AllowUsers vcs - -# You may need to tweak these options, but mostly they just turn off everything -# dangerous. - -Port 22 -Protocol 2 -PermitRootLogin no -AllowAgentForwarding no -AllowTcpForwarding no -PrintMotd no -PrintLastLog no -PasswordAuthentication no -ChallengeResponseAuthentication no -AuthorizedKeysFile none - -PidFile /var/run/sshd-phabricator.pid diff --git a/Admin/Phabricator/ssh/sudoers.d/phabricator b/Admin/Phabricator/ssh/sudoers.d/phabricator deleted file mode 100644 --- a/Admin/Phabricator/ssh/sudoers.d/phabricator +++ /dev/null @@ -1,2 +0,0 @@ -www-data ALL=(phabricator) SETENV: NOPASSWD: /usr/bin/git, /usr/bin/hg, /usr/bin/ssh, /usr/bin/id -vcs ALL=(phabricator) SETENV: NOPASSWD: /usr/bin/git, /usr/bin/git-upload-pack, /usr/bin/git-receive-pack, /usr/bin/hg, /usr/bin/svnserve, /usr/bin/ssh, /usr/bin/id