blob: 9078fe1c6a91f390f3362a39e416dac42d8fc056 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
|
{%- set common = {'address': '[fd29:8e45:f292:ff80::1]', 'port': 443, 'domain': '.themis.backend.syscid.com', 'snippetsdir': '/etc/apache2/snippets.d/'} -%}
{%- macro httpdformulaexcess() -%}
LogLevel: False
ErrorLog: False
LogFormat: False
CustomLog: False
ServerAdmin: False
ServerAlias: False
{%- endmacro -%}
{%- macro httpdcommon(app) -%}
Include {{ common['snippetsdir'] }}ssl_themis.conf
<FilesMatch '\.php$'>
SetHandler 'proxy:unix:/run/php-fpm/{{ app }}.sock|fcgi://{{ app }}'
</FilesMatch>
{%- endmacro -%}
apache:
sites:
BookStack:
interface: '{{ common['address'] }}'
port: {{ common['port'] }}
ServerName: bookstack{{ common['domain'] }}
DocumentRoot: /srv/www/BookStack/
DirectoryIndex: index.php
Directory:
/srv/www/BookStack/:
Options: FollowSymLinks
AllowOverride: None
Require: all granted
Formula_Append: |
RewriteEngine On
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} (.+)/$
RewriteRule ^ %1 [L,R=301]
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
{{ httpdformulaexcess() }}
Formula_Append: |
{{ httpdcommon('BookStack') }}
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript
SetOutputFilter DEFLATE
PrivateBin:
interface: '{{ common['address'] }}'
port: {{ common['port'] }}
ServerName: privatebin{{ common['domain'] }}
DocumentRoot: /srv/www/PrivateBin/public
DirectoryIndex: index.php
Directory:
/srv/www/PrivateBin/:
Options: false
AllowOverride: None
Require: all granted
{{ httpdformulaexcess() }}
Formula_Append: |
{{ httpdcommon('PrivateBin') }}
profile:
bookstack:
app_url: https://libertacasa.info
db_host: ${'secret_bookstack:db_host'}
db_database: ${'secret_bookstack:db_database'}
db_username: ${'secret_bookstack:db_username'}
db_password: ${'secret_bookstack:db_password'}
mail_driver: smtp
mail_from_name: LibertaCasa Documentation
mail_from: mail@libertacasa.info
mail_host: zz0.email
mail_port: 465
mail_username: mail@libertacasa.info
mail_password: ${'secret_bookstack:mail_password'}
mail_encryption: ssl
app_theme: lysergic
cache_driver: memcached
session_driver: memcached
memcached_servers: /run/memcached/memcached.sock
session_secure_cookie: true
session_cookie_name: libertacasa_megayummycookie
app_debug: false
session_lifetime: 240
auth_method: saml2
auth_auto_initiate: true
saml2_name: LibertaCasa SSO
saml2_email_attribute: email
saml2_external_id_attribute: uid
saml2_display_name_attributes: fullname
saml2_idp_entityid: https://libsso.net/realms/LibertaCasa
saml2_idp_sso: https://libsso.net/realms/LibertaCasa/protocol/saml
saml2_idp_slo: https://libsso.net/realms/LibertaCasa/protocol/saml
saml2_idp_x509: ${'secret_bookstack:saml2_idp_x509'}
saml2_autoload_metadata: false
saml2_sp_x509: ${'secret_bookstack:saml2_sp_x509'}
saml2_sp_x509_key: ${'secret_bookstack:saml2_sp_x509_key'}
saml2_user_to_groups: true
saml2_group_attribute: groups
saml2_remove_from_groups: true
queue_connection: database
privatebin:
main:
name: Bin
fileupload: true
syntaxhighlightingtheme: sons-of-obsidian
sizelimit: 310485760
notice: 'Note: Kittens will die if you abuse this service.'
languageselection: true
urlshortener: ${'secret_privatebin:main:urlshortener'}
qrcode: true
expire:
default: 1week
expire_options:
5min: 300
10min: 600
1hour: 3600
1day: 86400
1week: 604800
1month: 2592000
1year: 31536000
never: 0
formatter_options:
plaintext: Plain Text
syntaxhighlighting: Source Code
markdown: Markdown
traffic:
limit: 10
header: X_FORWARDED_FOR
dir: /var/lib/PrivateBin/limits
purge:
limit: 300
batchsize: 10
dir: /var/lib/PrivateBin/limits
model:
class: Database
model_options:
dsn: ${'secret_privatebin:model_options:dsn'}
tbl: privatebin_
usr: ${'secret_privatebin:model_options:usr'}
pwd: ${'secret_privatebin:model_options:pwd'}
opt[12]: true
manage_firewall: True
firewalld:
zones:
backend:
services:
- https
|