Merge pull request 'merge master' (#1) from Unitoo/dot-files:master into master
Reviewed-on: https://gitea.it/claudiomaradonna/dot-files/pulls/1
This commit is contained in:
commit
58512ac416
5 changed files with 10962 additions and 24 deletions
6
etc/systemd/system/certbot-renewal.service
Normal file
6
etc/systemd/system/certbot-renewal.service
Normal file
|
@ -0,0 +1,6 @@
|
|||
[Unit]
|
||||
Description=Automatically renews SSL certificates obtained with certbot
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart=/usr/bin/certbot renew -q --post-hook /usr/local/bin/certbot-restart-nginx
|
10
etc/systemd/system/certbot-renewal.timer
Normal file
10
etc/systemd/system/certbot-renewal.timer
Normal file
|
@ -0,0 +1,10 @@
|
|||
[Unit]
|
||||
Description=This is the timer schedule Automatic renewals of SSL certificates obtained with certbot
|
||||
|
||||
[Timer]
|
||||
OnCalendar=daily
|
||||
RandomizedDelaySec=6hours
|
||||
Persistent=true
|
||||
|
||||
[Install]
|
||||
WantedBy=timers.target
|
10892
grafana/dashboards/synapse.json
Normal file
10892
grafana/dashboards/synapse.json
Normal file
File diff suppressed because it is too large
Load diff
|
@ -1,27 +1,52 @@
|
|||
HostKey /etc/ssh/ssh_host_rsa_key
|
||||
HostKey /etc/ssh/ssh_host_ecdsa_key
|
||||
HostKey /etc/ssh/ssh_host_ed25519_key
|
||||
Protocol 2 # Protocol 1 is fundamentally broken
|
||||
StrictModes yes # Protects from misconfiguration
|
||||
|
||||
SyslogFacility AUTHPRIV
|
||||
#ListenAddress [ip-here] # Listening address
|
||||
Port 22 # Listening port. Normal 22
|
||||
|
||||
AllowGroups sshlogin
|
||||
|
||||
PermitRootLogin WITHOUT-PASSWORD
|
||||
PubkeyAuthentication yes
|
||||
AuthenticationMethods publickey # Only public key authentication allowed
|
||||
AuthorizedKeysFile .ssh/authorized_keys
|
||||
IgnoreRhosts yes
|
||||
MaxSessions 4
|
||||
MaxAuthTries 4
|
||||
ClientAliveCountMax 2
|
||||
LogLevel VERBOSE
|
||||
PasswordAuthentication no
|
||||
ChallengeResponseAuthentication no
|
||||
GSSAPIAuthentication no
|
||||
UsePAM yes
|
||||
PrintMotd no
|
||||
X11Forwarding no
|
||||
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
|
||||
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
|
||||
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
|
||||
AcceptEnv XMODIFIERS
|
||||
Subsystem sftp /usr/lib/openssh/sftp-server
|
||||
PubkeyAuthentication yes # Allow public key authentication
|
||||
HostKey /etc/ssh/ssh_host_ed25519_key # Only allow ECDSA pubic key authentication
|
||||
HostKeyAlgorithms ssh-ed25519-cert-v01@openssh.com,ssh-ed25519 # Host keys the client should accepts
|
||||
KexAlgorithms curve25519-sha256 # Specifies the available KEX (Key Exchange) algorithms
|
||||
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com # Specifies the ciphers allowed
|
||||
MACs hmac-sha2-512-etm@openssh.com # Specifies the available MAC alg.
|
||||
|
||||
#Only allow incoming ECDSA and ed25519 sessions:
|
||||
HostbasedAcceptedKeyTypes ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519
|
||||
PubkeyAcceptedKeyTypes sk-ecdsa-sha2-nistp256@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,ssh-ed25519
|
||||
#CASignatureAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519
|
||||
|
||||
PermitRootLogin WITHOUT-PASSWORD # Enable/disable root login
|
||||
#AllowUsers [username] # Authorized SSH users are inside the admin group
|
||||
MaxAuthTries 5 # Maximum allowed authentication attempts
|
||||
MaxSessions 2 # Maximum allowed sessions by the user
|
||||
|
||||
PasswordAuthentication no # No username password authentication
|
||||
PermitEmptyPasswords no # No empty password authentcation allowed
|
||||
IgnoreRhosts yes # Dont read users rhost files
|
||||
HostbasedAuthentication no # Disable host-based authentication
|
||||
ChallengeResponseAuthentication no # Unused authentication scheme
|
||||
X11Forwarding no # Disable X11 forwarding
|
||||
|
||||
LogLevel VERBOSE # Fingerprint details of failed login attempts
|
||||
SyslogFacility AUTH # Logging authentication and authorization related commands
|
||||
UseDNS no # Client from a location without proper DNS generate a warning in the logs
|
||||
|
||||
PermitTunnel no # Only SSH connection and nothing else
|
||||
AllowTcpForwarding no # Disablow tunneling out via SSH
|
||||
AllowStreamLocalForwarding no # Disablow tunneling out via SSH
|
||||
GatewayPorts no # Disablow tunneling out via SSH
|
||||
AllowAgentForwarding no # Do not allow agent forwarding
|
||||
|
||||
#Banner /etc/issue.net # Show legal login banner
|
||||
PrintLastLog yes # Show last login
|
||||
|
||||
ClientAliveInterval 900 # Client timeout (15 minutes)
|
||||
ClientAliveCountMax 0 # This way enforces timeouts on the server side
|
||||
LoginGraceTime 30 # Authenticatin must happen within 30 seconds
|
||||
MaxStartups 2 # Max concurrent SSH sessions
|
||||
TCPKeepAlive yes # Do not use TCP keep-alive
|
||||
|
||||
AcceptEnv LANG LC_* # Allow client to pass locale environment variables
|
||||
|
|
5
usr/local/bin/certbot-restart-nginx
Normal file
5
usr/local/bin/certbot-restart-nginx
Normal file
|
@ -0,0 +1,5 @@
|
|||
#!/bin/bash
|
||||
|
||||
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin
|
||||
|
||||
nginx -tq && systemctl restart nginx
|
Loading…
Reference in a new issue