# HG changeset patch # User wenzelm # Date 1573662875 -3600 # Node ID 070a9b62f44abaecc315956c0e979035325e1b3c # Parent 8c1c717a830b9ef384fed5e89509f28f716f53a5 removed obsolete material: already covered by documentation or tools; diff -r 8c1c717a830b -r 070a9b62f44a Admin/Phabricator/README --- a/Admin/Phabricator/README Wed Nov 13 17:33:59 2019 +0100 +++ b/Admin/Phabricator/README Wed Nov 13 17:34:35 2019 +0100 @@ -8,40 +8,10 @@ - Configuration / Authentication: https://secure.phabricator.com/book/phabricator/article/configuring_accounts_and_registration - . only local User/Password, *not* Google, Github etc. . auth.require-email-verification true . policy.allow-public true -- Configuration/SSH: - https://secure.phabricator.com/book/phabricator/article/diffusion_hosting - - /etc/ssh/sshd_config: - Port 222 - - /etc/passwd: - phabricator:x:118:126::/home/phabricator:/bin/bash - vcs:x:119:125::/home/vcs:/bin/bash - - /etc/group: - phabricator:x:126: - vcs:x:125: - - $ cp ssh/ssh-hook /usr/local/bin/. - $ cp ssh/sshd_config.phabricator /etc/ssh/. - $ cp ssh/sshd-phabricator.service /lib/systemd/system/. - $ cp ssh/sudoers.d/phabricator /etc/sudoers.d/. - - $ ./bin/config set phd.user phabricator - $ ./bin/config set diffusion.ssh-user vcs - $ ./bin/config set diffusion.ssh-port 22 - - $ systemctl enable sshd-phabricator - $ systemctl start sshd-phabricator - - Test on local machine: - $ echo "{}" | ssh vcs@phabricator.sketis.net conduit conduit.ping - - Update: https://secure.phabricator.com/book/phabricator/article/upgrading @@ -49,7 +19,7 @@ - Documentation: /var/www/phabricator-vcs/libphutil/scripts/build_xhpast.php - ./bin/diviner generate + ./bin/diviner generate #slow - Backup: https://secure.phabricator.com/book/phabricator/article/configuring_backups diff -r 8c1c717a830b -r 070a9b62f44a Admin/Phabricator/phd/phd-phabricator.service --- a/Admin/Phabricator/phd/phd-phabricator.service Wed Nov 13 17:33:59 2019 +0100 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,15 +0,0 @@ -[Unit] -Description=PHP daemon (Phabricator) -After=syslog.target network.target apache2.service mysql.service - -[Service] -Type=oneshot -User=phabricator -Group=phabricator -Environment=PATH=/sbin:/usr/sbin:/usr/local/sbin:/usr/local/bin:/usr/bin:/bin -ExecStart=/var/www/phabricator/phabricator/bin/phd start -ExecStop=/var/www/phabricator/phabricator/bin/phd stop -RemainAfterExit=yes - -[Install] -WantedBy=multi-user.target diff -r 8c1c717a830b -r 070a9b62f44a Admin/Phabricator/ssh/ssh-hook --- a/Admin/Phabricator/ssh/ssh-hook Wed Nov 13 17:33:59 2019 +0100 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,14 +0,0 @@ -#!/bin/sh - -# NOTE: Replace this with the username that you expect users to connect with. -VCSUSER="vcs" - -# NOTE: Replace this with the path to your Phabricator directory. -ROOT="/var/www/phabricator/phabricator" - -if [ "$1" != "$VCSUSER" ]; -then - exit 1 -fi - -exec "$ROOT/bin/ssh-auth" $@ diff -r 8c1c717a830b -r 070a9b62f44a Admin/Phabricator/ssh/sshd-phabricator.service --- a/Admin/Phabricator/ssh/sshd-phabricator.service Wed Nov 13 17:33:59 2019 +0100 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,21 +0,0 @@ -[Unit] -Description=OpenBSD Secure Shell server (Phabricator) -After=network.target auditd.service -ConditionPathExists=!/etc/ssh/sshd_not_to_be_run - -[Service] -EnvironmentFile=-/etc/default/ssh -ExecStartPre=/usr/sbin/sshd -f /etc/ssh/sshd_config.phabricator -t -ExecStart=/usr/sbin/sshd -f /etc/ssh/sshd_config.phabricator -D $SSHD_OPTS -ExecReload=/usr/sbin/sshd -f /etc/ssh/sshd_config.phabricator -t -ExecReload=/bin/kill -HUP $MAINPID -KillMode=process -Restart=on-failure -RestartPreventExitStatus=255 -Type=notify -RuntimeDirectory=sshd-phabricator -RuntimeDirectoryMode=0755 - -[Install] -WantedBy=multi-user.target -Alias=sshd-phabricator.service diff -r 8c1c717a830b -r 070a9b62f44a Admin/Phabricator/ssh/sshd_config.phabricator --- a/Admin/Phabricator/ssh/sshd_config.phabricator Wed Nov 13 17:33:59 2019 +0100 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,24 +0,0 @@ -# NOTE: You must have OpenSSHD 6.2 or newer; support for AuthorizedKeysCommand -# was added in this version. - -# NOTE: Edit these to the correct values for your setup. - -AuthorizedKeysCommand /usr/local/bin/ssh-hook -AuthorizedKeysCommandUser vcs -AllowUsers vcs - -# You may need to tweak these options, but mostly they just turn off everything -# dangerous. - -Port 22 -Protocol 2 -PermitRootLogin no -AllowAgentForwarding no -AllowTcpForwarding no -PrintMotd no -PrintLastLog no -PasswordAuthentication no -ChallengeResponseAuthentication no -AuthorizedKeysFile none - -PidFile /var/run/sshd-phabricator.pid diff -r 8c1c717a830b -r 070a9b62f44a Admin/Phabricator/ssh/sudoers.d/phabricator --- a/Admin/Phabricator/ssh/sudoers.d/phabricator Wed Nov 13 17:33:59 2019 +0100 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,2 +0,0 @@ -www-data ALL=(phabricator) SETENV: NOPASSWD: /usr/bin/git, /usr/bin/hg, /usr/bin/ssh, /usr/bin/id -vcs ALL=(phabricator) SETENV: NOPASSWD: /usr/bin/git, /usr/bin/git-upload-pack, /usr/bin/git-receive-pack, /usr/bin/hg, /usr/bin/svnserve, /usr/bin/ssh, /usr/bin/id