misaka
- debian squeeze x64
- puppet managed
local work
mount /home with acls
/etc/skel
.bashrc
# Timestamped shell FTW export HISTTIMEFORMAT='%Y-%m-%d %H:%M:%S '
.screenrc
.vimrc
add self to .ssh/authorized_keys
mkdir -m 0701 public_html
thinking about apache
Our puppet management of apache is still a mess, so we'll do it manually. What do we want to take care of?
install apache2-mpm-itk
a couple of timeout tweaks to apache2.conf
ports.conf (listen only on 202.4.224.31, not ssl, etc.)
- aka. biribiri.meidokon.net
a2enmod ssl
fix ports.conf again for SSL, no generic Listens
conf.d/priv.conf
SetEnvIf Remote_Addr ^202\.4\.235\.109$ priv-group
install libapache2-mod-php5
- start the service
stub out /var/www/html/monitor for the default site
- fix up an index.html
edit mods-enabled/status.conf to get a usable /server-status
fix up an info.php
install libapache2-mod-wsgi
AssignUserId [username] [groupname] for itk
- nice logging
log to homedirs, ~/logs/apache/{access,error}.log
fix up logrotate fragment, apache2-vhost-logs
Some puppet manifest
1 node "misaka.anchor.net.au" {
2 $supportlevel = complete
3
4 networking::interface {
5 "eth0":
6 ipaddress => "202.4.224.29/25",
7 gateway => "top";
8 "eth0:00":
9 ipaddress => "202.4.224.30/25",
10 comment => "nginx";
11 "eth0:01":
12 ipaddress => "202.4.224.31/25",
13 comment => "apache";
14 "eth0:02":
15 ipaddress => "202.4.224.48/25",
16 comment => "qqc.meidokon.net";
17 "eth1":
18 ipaddress => "172.22.71.103/16";
19 }