Skip to content
Permalink
Browse files

misc/bluelife-config-graz: Add new port for common server configuration

  • Loading branch information...
decke committed Jul 19, 2019
1 parent 36a248d commit 643147452f67c0911d93bb0c99cd847ac2d40361
@@ -0,0 +1,22 @@
# $FreeBSD$

PORTNAME= bluelife-config-graz
PORTVERSION= 2019.07.19
PORTREVISION= 0
CATEGORIES= misc
MASTER_SITES= #
DISTFILES= #

MAINTAINER= decke@FreeBSD.org
COMMENT= Common FreeBSD Server Configuration for bluelife.at Network

LICENSE= CC0-1.0

NO_BUILD= yes
NO_ARCH= yes

do-install:
${MKDIR} ${STAGEDIR}
${CP} -pr ${FILESDIR}/* ${STAGEDIR}/

.include <bsd.port.mk>
@@ -0,0 +1,65 @@
# $FreeBSD: releng/12.0/libexec/dma/dmagent/dma.conf 289087 2015-10-09 22:09:44Z bapt $
#
# Your smarthost (also called relayhost). Leave blank if you don't want
# smarthost support.
SMARTHOST smtp.vpn.bluelife.at

# Use this SMTP port. Most users will be fine with the default (25)
PORT 465

# Path to your alias file. Just stay with the default.
#ALIASES /etc/aliases

# Path to your spooldir. Just stay with the default.
#SPOOLDIR /var/spool/dma

# SMTP authentication
#AUTHPATH /etc/dma/auth.conf

# Uncomment if yout want TLS/SSL support
SECURETRANSFER

# Uncomment if you want STARTTLS support (only used in combination with
# SECURETRANSFER)
#STARTTLS

# Uncomment if you have specified STARTTLS above and it should be allowed
# to fail ("opportunistic TLS", use an encrypted connection when available
# but allow an unencrypted one to servers that do not support it)
#OPPORTUNISTIC_TLS

# Path to your local SSL certificate
#CERTFILE

# If you want to use plain text SMTP login without using encryption, change
# the SECURE entry below to INSECURE. Otherwise plain login will only work
# over a secure connection. Use this option with caution.
#SECURE

# Uncomment if you want to defer your mails. This is useful if you are
# behind a dialup line. You have to submit your mails manually with dma -q
#DEFER

# Uncomment if you want the bounce message to include the complete original
# message, not just the headers.
#FULLBOUNCE

# The internet hostname dma uses to identify the host.
# If not set or empty, the result of gethostname(2) is used.
# If MAILNAME is an absolute path to a file, the first line of this file
# will be used as the hostname.
#MAILNAME mail.example.net

# Masquerade envelope from addresses with this address/hostname.
# Use this if mails are not accepted by destination mail servers because
# your sender domain is invalid.
# By default, MASQUERADE is not set.
# Format: MASQUERADE [user@][host]
# Examples:
# MASQUERADE john@ on host "hamlet" will send all mails as john@hamlet
# MASQUERADE percolator will send mails as $username@percolator, e.g. fish@percolator
# MASQUERADE herb@ert will send all mails as herb@ert
MASQUERADE noreply.graz@bluelife.at

# Directly forward the mail to the SMARTHOST bypassing aliases and local delivery
NULLCLIENT
@@ -0,0 +1 @@

@@ -0,0 +1,12 @@
/*******************************************************
*
* {HOSTNAME} - BlueLife.at Network
*
* WARNING
*
* This System is restricted to authorized users for
* authorized use ONLY. If you are not authorized to
* access this System, disconnect now!
*
*******************************************************/

@@ -0,0 +1,11 @@
daily_show_success="NO"
daily_show_info="NO"

weekly_show_success="NO"
weekly_show_info="NO"

monthly_show_success="NO"
monthly_show_info="NO"

daily_status_security_enable="NO"
security_status_logincheck_enable="NO"
@@ -0,0 +1,126 @@
# $OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $
# $FreeBSD: releng/12.0/crypto/openssh/sshd_config 338561 2018-09-10 16:20:12Z des $

# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options override the
# default value.

# Note that some of FreeBSD's defaults differ from OpenBSD's, and
# FreeBSD has a few additional options.

#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key

# Ciphers and keying
#RekeyLimit default none

# Logging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

#PubkeyAuthentication yes

# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile .ssh/authorized_keys

#AuthorizedPrincipalsFile none

#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# Change to yes to enable built-in password authentication.
PasswordAuthentication no
PermitEmptyPasswords no

# Change to no to disable PAM authentication
ChallengeResponseAuthentication no

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

# Set this to 'no' to disable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM no

#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#UseBlacklist no
#VersionAddendum FreeBSD-20180909

# no default banner path
#Banner none

# override default of no subsystems
Subsystem sftp /usr/libexec/sftp-server

# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# PermitTTY no
# ForceCommand cvs server

Match User backup
ChrootDirectory %h
ForceCommand internal-sftp
X11Forwarding no
@@ -0,0 +1,5 @@
server time.graz.bluelife.at iburst

driftfile /var/db/chrony/drift
makestep 1.0 3
rtcsync
@@ -0,0 +1,3 @@
FreeBSD: {
url: "pkg+https://pkg.FreeBSD.org/${ABI}/latest",
}
@@ -0,0 +1,4 @@
Common FreeBSD Configuration for Servers within the bluelife.at
Network.

WWW: https://www.bluelife.at/
@@ -0,0 +1,7 @@
/etc/dma/dma.conf
/etc/motd
/etc/motd_ssh
/etc/periodic.conf
/etc/ssh/sshd_config
etc/chrony.conf
etc/pkg/repos/FreeBSD.conf

0 comments on commit 6431474

Please sign in to comment.
You can’t perform that action at this time.