34 changed files with 2 additions and 2011 deletions
@ -1 +1 @@
|
||||
web: gunicorn wsgi:application --log-file - |
||||
web: gunicorn wsgi --log-file - |
||||
|
@ -1,18 +0,0 @@
|
||||
env_name: production |
||||
hostname: snipt.net |
||||
deploy_user: deploy |
||||
|
||||
users: |
||||
- |
||||
name: deploy |
||||
groups: |
||||
- deploy |
||||
- wheel |
||||
- |
||||
name: nick |
||||
groups: |
||||
- deploy |
||||
- wheel |
||||
|
||||
ssh: |
||||
port: 55555 |
@ -1,5 +0,0 @@
|
||||
base: |
||||
'*': |
||||
- production |
||||
'local.snipt.net': |
||||
- vagrant |
@ -1,13 +0,0 @@
|
||||
env_name: vagrant |
||||
hostname: local.snipt.net |
||||
deploy_user: vagrant |
||||
|
||||
users: |
||||
- |
||||
name: vagrant |
||||
groups: |
||||
- deploy |
||||
- wheel |
||||
|
||||
ssh: |
||||
port: 22 |
@ -1,85 +0,0 @@
|
||||
python-virtualenv: |
||||
pkg.installed |
||||
|
||||
virtualenvwrapper: |
||||
pip.installed |
||||
|
||||
/var/www: |
||||
file.directory: |
||||
- user: {{ pillar.deploy_user }} |
||||
- group: deploy |
||||
- mode: 775 |
||||
- require: |
||||
- user: {{ pillar.deploy_user }} |
||||
- group: deploy |
||||
|
||||
/var/www/.virtualenvs: |
||||
file.directory: |
||||
- user: {{ pillar.deploy_user }} |
||||
- group: deploy |
||||
- mode: 775 |
||||
- require: |
||||
- group: deploy |
||||
|
||||
{% if pillar.env_name != 'vagrant' %} |
||||
|
||||
/var/www/snipt: |
||||
file.directory: |
||||
- user: {{ pillar.deploy_user }} |
||||
- group: deploy |
||||
- mode: 775 |
||||
- require: |
||||
- group: deploy |
||||
|
||||
git.latest: |
||||
- name: https://github.com/nicksergeant/snipt.git |
||||
- rev: master |
||||
- target: /var/www/snipt |
||||
- user: deploy |
||||
|
||||
{% endif %} |
||||
|
||||
/var/www/.virtualenvs/snipt: |
||||
file.directory: |
||||
- user: {{ pillar.deploy_user }} |
||||
- group: deploy |
||||
- mode: 775 |
||||
- require: |
||||
- group: deploy |
||||
virtualenv.managed: |
||||
- system_site_packages: False |
||||
- requirements: /var/www/snipt/requirements.txt |
||||
|
||||
/home/{{ pillar.deploy_user }}/tmp: |
||||
file.absent |
||||
|
||||
/etc/supervisor/conf.d/snipt.conf: |
||||
file.managed: |
||||
- source: salt://application/snipt.supervisor.conf |
||||
- template: jinja |
||||
- makedirs: True |
||||
cmd.run: |
||||
- name: supervisorctl restart snipt |
||||
|
||||
snipt-site: |
||||
file.managed: |
||||
- name: /etc/nginx/sites-available/snipt |
||||
- source: salt://application/snipt.nginx.conf |
||||
- template: jinja |
||||
- group: deploy |
||||
- mode: 755 |
||||
- require: |
||||
- pkg: nginx-extras |
||||
- group: deploy |
||||
|
||||
enable-snipt-site: |
||||
file.symlink: |
||||
- name: /etc/nginx/sites-enabled/snipt |
||||
- target: /etc/nginx/sites-available/snipt |
||||
- force: false |
||||
- require: |
||||
- pkg: nginx-extras |
||||
cmd.run: |
||||
- name: service nginx restart |
||||
- require: |
||||
- pkg: nginx-extras |
@ -1,131 +0,0 @@
|
||||
upstream backend_snipt { |
||||
server 127.0.0.1:8000; |
||||
} |
||||
{% if pillar.env_name != 'vagrant' %} |
||||
server { |
||||
listen 80; |
||||
server_name *.{{ pillar.hostname }}; |
||||
|
||||
if ($host ~* "^([^.]+(\.[^.]+)*)\.{{ pillar.hostname }}$"){ |
||||
set $subd $1; |
||||
rewrite ^(.*)$ https://$subd.{{ pillar.hostname }}$1 permanent; |
||||
break; |
||||
} |
||||
} |
||||
server { |
||||
listen 80; |
||||
server_name {{ pillar.hostname }} www.{{ pillar.hostname }} beta.{{ pillar.hostname }}; |
||||
rewrite ^(.*) https://{{ pillar.hostname }}$1 permanent; |
||||
} |
||||
server { |
||||
listen 443; |
||||
server_name www.{{ pillar.hostname }}; |
||||
|
||||
ssl on; |
||||
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; |
||||
ssl_prefer_server_ciphers on; |
||||
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"; |
||||
ssl_certificate /etc/certs/{{ pillar.hostname }}.crt; |
||||
ssl_certificate_key /etc/certs/{{ pillar.hostname }}.key; |
||||
|
||||
rewrite ^(.*) https://{{ pillar.hostname }}$1 permanent; |
||||
} |
||||
server { |
||||
listen 443; |
||||
server_name {{ pillar.hostname }} *.{{ pillar.hostname }}; |
||||
|
||||
ssl on; |
||||
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; |
||||
ssl_prefer_server_ciphers on; |
||||
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"; |
||||
ssl_certificate /etc/certs/{{ pillar.hostname }}.crt; |
||||
ssl_certificate_key /etc/certs/{{ pillar.hostname }}.key; |
||||
|
||||
location ~* /favicon.ico { |
||||
root /var/www/snipt/static/img/; |
||||
expires max; |
||||
} |
||||
|
||||
location / { |
||||
|
||||
# Open CORS config from https://gist.github.com/michiel/1064640. |
||||
if ($request_method = 'OPTIONS') { |
||||
add_header 'Access-Control-Allow-Origin' '*'; |
||||
add_header 'Access-Control-Allow-Credentials' 'true'; |
||||
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; |
||||
add_header 'Access-Control-Allow-Headers' 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'; |
||||
add_header 'Access-Control-Max-Age' 1728000; |
||||
add_header 'Content-Type' 'text/plain charset=UTF-8'; |
||||
add_header 'Content-Length' 0; |
||||
return 204; |
||||
} |
||||
if ($request_method = 'POST') { |
||||
add_header 'Access-Control-Allow-Origin' '*'; |
||||
add_header 'Access-Control-Allow-Credentials' 'true'; |
||||
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; |
||||
add_header 'Access-Control-Allow-Headers' 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'; |
||||
} |
||||
if ($request_method = 'GET') { |
||||
add_header 'Access-Control-Allow-Origin' '*'; |
||||
add_header 'Access-Control-Allow-Credentials' 'true'; |
||||
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; |
||||
add_header 'Access-Control-Allow-Headers' 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'; |
||||
} |
||||
|
||||
rewrite_by_lua ' |
||||
if string.find(ngx.var.host, "_") then |
||||
local newHost, n = ngx.re.gsub(ngx.var.host, "_", "-") |
||||
ngx.redirect(ngx.var.scheme .. "://" .. newHost .. ngx.var.uri) |
||||
end |
||||
'; |
||||
|
||||
proxy_pass http://backend_snipt; |
||||
proxy_set_header Host $host; |
||||
|
||||
} |
||||
|
||||
location /static/ { |
||||
alias /var/www/snipt/static/; |
||||
expires max; |
||||
} |
||||
|
||||
location /public/feed/ { |
||||
rewrite ^/public/feed/$ https://{{ pillar.hostname }}/public/?rss permanent; |
||||
} |
||||
} |
||||
server { |
||||
listen 80 default_server; |
||||
|
||||
location / { |
||||
proxy_pass http://backend_snipt; |
||||
proxy_set_header Host $host; |
||||
} |
||||
|
||||
location /static/ { |
||||
alias /var/www/snipt/static/; |
||||
expires max; |
||||
} |
||||
location ~* /favicon.ico { |
||||
root /var/www/snipt/static/img/; |
||||
expires max; |
||||
} |
||||
} |
||||
{% else %} |
||||
server { |
||||
listen 80 default_server; |
||||
|
||||
location / { |
||||
proxy_pass http://backend_snipt; |
||||
proxy_set_header Host $host; |
||||
} |
||||
|
||||
location /static/ { |
||||
alias /var/www/snipt/media/; |
||||
expires max; |
||||
} |
||||
location ~* /favicon.ico { |
||||
root /var/www/snipt/media/img/; |
||||
expires max; |
||||
} |
||||
} |
||||
{% endif %} |
@ -1,7 +0,0 @@
|
||||
[program:snipt] |
||||
directory=/var/www/snipt |
||||
user={{ pillar.deploy_user }} |
||||
command={% if pillar.env_name != 'vagrant' %}/var/www/.virtualenvs/snipt/bin/gunicorn wsgi:application{% else %}/var/www/.virtualenvs/snipt/bin/python /var/www/snipt/manage.py runserver{% endif %} |
||||
autostart=true |
||||
autorestart=true |
||||
stopasgroup=true |
@ -1,24 +0,0 @@
|
||||
elasticsearch-file: |
||||
file.managed: |
||||
- name: /tmp/elasticsearch-1.3.4.deb |
||||
- source: https://download.elasticsearch.org/elasticsearch/elasticsearch/elasticsearch-1.3.4.deb |
||||
- unless: test -d /usr/local/elasticsearch/bin |
||||
- source_hash: sha1=6a4b6a12825f141245bb581c76052464d17de874 |
||||
|
||||
elasticsearch-install: |
||||
cmd: |
||||
- cwd: /tmp |
||||
- names: |
||||
- dpkg -i elasticsearch-1.3.4.deb |
||||
- unless: test -d /usr/local/elasticsearch/bin |
||||
- run |
||||
- require: |
||||
- file: elasticsearch-file |
||||
|
||||
elasticsearch: |
||||
service: |
||||
- running |
||||
- enable: True |
||||
- reload: True |
||||
- require: |
||||
- file: elasticsearch-file |
@ -1,103 +0,0 @@
|
||||
# Directories {{{ |
||||
|
||||
function l |
||||
tree --dirsfirst -ChFL 1 $args |
||||
end |
||||
function ll |
||||
tree --dirsfirst -ChFupDaL 1 $args |
||||
end |
||||
|
||||
# }}} |
||||
# Directories {{{ |
||||
|
||||
set -g -x fish_greeting '' |
||||
set -g -x EDITOR vim |
||||
|
||||
# }}} |
||||
# Git and Mercurial functions {{{ |
||||
|
||||
function gca |
||||
git commit -a $argv |
||||
end |
||||
function gco |
||||
git checkout $argv |
||||
end |
||||
function gd |
||||
git diff HEAD |
||||
end |
||||
function gl |
||||
git pull $argv |
||||
end |
||||
function gp |
||||
git push $argv |
||||
end |
||||
function gst |
||||
git status $argv |
||||
end |
||||
|
||||
# }}} |
||||
# Programs {{{ |
||||
|
||||
function logs |
||||
sudo supervisorctl tail -f snipt stdout |
||||
end |
||||
function pm |
||||
python manage.py $argv |
||||
end |
||||
function run |
||||
sudo supervisorctl restart snipt |
||||
sudo supervisorctl tail -f snipt stdout |
||||
end |
||||
function rs |
||||
sudo supervisorctl restart snipt |
||||
end |
||||
function ssc |
||||
sudo supervisorctl $argv |
||||
end |
||||
function wo |
||||
workon (cat .venv) $argv |
||||
end |
||||
|
||||
# }}} |
||||
# Prompt {{{ |
||||
|
||||
set -x fish_color_command 005fd7\x1epurple |
||||
set -x fish_color_search_match --background=purple |
||||
|
||||
function prompt_pwd --description 'Print the current working directory, shortend to fit the prompt' |
||||
echo $PWD | sed -e "s|^$HOME|~|" |
||||
end |
||||
|
||||
function virtualenv_prompt |
||||
if [ -n "$VIRTUAL_ENV" ] |
||||
printf '\033[0;37m(%s) ' (basename "$VIRTUAL_ENV") $argv |
||||
end |
||||
end |
||||
|
||||
function fish_prompt |
||||
z --add "$PWD" |
||||
echo ' ' |
||||
printf '\033[0;31m%s\033[0;37m on ' (whoami) |
||||
printf '\033[0;31m%s ' (hostname -f) |
||||
printf '\033[0;32m%s' (prompt_pwd) |
||||
echo |
||||
virtualenv_prompt |
||||
printf '\033[0;37m> ' |
||||
end |
||||
|
||||
# }}} |
||||
# Virtualenv {{{ |
||||
|
||||
set -x WORKON_HOME '/var/www/.virtualenvs' |
||||
. ~/.config/fish/virtualenv.fish |
||||
|
||||
# }}} |
||||
# Z {{{ |
||||
|
||||
. /etc/z.fish |
||||
|
||||
function j |
||||
z $argv |
||||
end |
||||
|
||||
# }}} |
@ -1,35 +0,0 @@
|
||||
fish: |
||||
pkgrepo.managed: |
||||
- ppa: fish-shell/release-2 |
||||
- require_in: |
||||
- pkg: fish |
||||
pkg.latest: |
||||
- name: fish |
||||
- refresh: True |
||||
|
||||
/etc/z.fish: |
||||
file.managed: |
||||
- source: salt://fish/z.fish |
||||
- mode: 755 |
||||
|
||||
{% for user in pillar.users %} |
||||
|
||||
fish-{{ user.name }}: |
||||
file.managed: |
||||
- name: /home/{{ user.name }}/.config/fish/config.fish |
||||
- user: {{ user.name }} |
||||
- source: salt://fish/config.fish |
||||
- makedirs: True |
||||
- require: |
||||
- user: {{ user.name }} |
||||
|
||||
fish-{{ user.name }}-virtualenv: |
||||
file.managed: |
||||
- name: /home/{{ user.name }}/.config/fish/virtualenv.fish |
||||
- user: {{ user.name }} |
||||
- source: salt://fish/virtualenv.fish |
||||
- makedirs: True |
||||
- require: |
||||
- user: {{ user.name }} |
||||
|
||||
{% endfor %} |
@ -1,46 +0,0 @@
|
||||
# mostly from http://coderseye.com/2010/using-virtualenv-with-fish-shell.html |
||||
|
||||
function workon -d "Activate virtual environment in $WORKON_HOME" |
||||
set tgt {$WORKON_HOME}/$argv[1] |
||||
|
||||
if [ ! -d $tgt ] |
||||
mkdir -p "$WORKON_HOME" |
||||
virtualenv $tgt |
||||
end |
||||
|
||||
if [ -d $tgt ] |
||||
cd $tgt |
||||
|
||||
deactivate |
||||
|
||||
set -gx VIRTUAL_ENV "$tgt" |
||||
set -gx _OLD_VIRTUAL_PATH $PATH |
||||
set -gx PATH "$VIRTUAL_ENV/bin" $PATH |
||||
|
||||
# unset PYTHONHOME if set |
||||
if set -q PYTHONHOME |
||||
set -gx _OLD_VIRTUAL_PYTHONHOME $PYTHONHOME |
||||
set -e PYTHONHOME |
||||
end |
||||
|
||||
cd - |
||||
echo "activated $tgt" |
||||
else |
||||
echo "$tgt not found" |
||||
end |
||||
end |
||||
|
||||
complete -c workon -a "(cd $WORKON_HOME; ls -d *)" |
||||
|
||||
function deactivate -d "Exit virtualenv and return to normal shell environment" |
||||
# reset old environment variables |
||||
if test -n "$_OLD_VIRTUAL_PATH" |
||||
set -gx PATH $_OLD_VIRTUAL_PATH |
||||
set -e _OLD_VIRTUAL_PATH |
||||
end |
||||
if test -n "$_OLD_VIRTUAL_PYTHONHOME" |
||||
set -gx PYTHONHOME $_OLD_VIRTUAL_PYTHONHOME |
||||
set -e _OLD_VIRTUAL_PYTHONHOME |
||||
end |
||||
set -e VIRTUAL_ENV |
||||
end |
@ -1,195 +0,0 @@
|
||||
# maintains a jump-list of the directories you actually use |
||||
# |
||||
# INSTALL: |
||||
# * put something like this in your config.fish: |
||||
# . /path/to/z.fish |
||||
# * put something like this in your fish_prompt function: |
||||
# z --add "$PWD" |
||||
# * cd around for a while to build up the db |
||||
# * PROFIT!! |
||||
# |
||||
# USE: |
||||
# * z foo # goes to most frecent dir matching foo |
||||
# * z foo bar # goes to most frecent dir matching foo and bar |
||||
# * z -r foo # goes to highest ranked dir matching foo |
||||
# * z -t foo # goes to most recently accessed dir matching foo |
||||
# * z -l foo # list all dirs matching foo (by frecency) |
||||
|
||||
function z -d "Jump to a recent directory." |
||||
set -l datafile "$HOME/.z" |
||||
|
||||
# add entries |
||||
if [ "$argv[1]" = "--add" ] |
||||
set -e argv[1] |
||||
|
||||
# $HOME isn't worth matching |
||||
[ "$argv" = "$HOME" ]; and return |
||||
|
||||
set -l tempfile (mktemp $datafile.XXXXXX) |
||||
test -f $tempfile; or return |
||||
|
||||
# maintain the file |
||||
awk -v path="$argv" -v now=(date +%s) -F"|" ' |
||||
BEGIN { |
||||
rank[path] = 1 |
||||
time[path] = now |
||||
} |
||||
$2 >= 1 { |
||||
if( $1 == path ) { |
||||
rank[$1] = $2 + 1 |
||||
time[$1] = now |
||||
} else { |
||||
rank[$1] = $2 |
||||
time[$1] = $3 |
||||
} |
||||
count += $2 |
||||
} |
||||
END { |
||||
if( count > 1000 ) { |
||||
for( i in rank ) print i "|" 0.9*rank[i] "|" time[i] # aging |
||||
} else for( i in rank ) print i "|" rank[i] "|" time[i] |
||||
} |
||||
' $datafile ^/dev/null > $tempfile |
||||
|
||||
mv -f $tempfile $datafile |
||||
|
||||
# tab completion |
||||
else |
||||
if [ "$argv[1]" = "--complete" ] |
||||
awk -v q="$argv[2]" -F"|" ' |
||||
BEGIN { |
||||
if( q == tolower(q) ) nocase = 1 |
||||
split(q,fnd," ") |
||||
} |
||||
{ |
||||
if( system("test -d \"" $1 "\"") ) next |
||||
if( nocase ) { |
||||
for( i in fnd ) tolower($1) !~ tolower(fnd[i]) && $1 = "" |
||||
if( $1 ) print $1 |
||||
} else { |
||||
for( i in fnd ) $1 !~ fnd[i] && $1 = "" |
||||
if( $1 ) print $1 |
||||
} |
||||
} |
||||
' "$datafile" 2>/dev/null |
||||
|
||||
else |
||||
# list/go |
||||
set -l last '' |
||||
set -l list 0 |
||||
set -l typ '' |
||||
set -l fnd '' |
||||
|
||||
while [ (count $argv) -gt 0 ] |
||||
switch "$argv[1]" |
||||
case -- '-h' |
||||
echo "z [-h][-l][-r][-t] args" >&2 |
||||
return |
||||
case -- '-l' |
||||
set list 1 |
||||
case -- '-r' |
||||
set typ "rank" |
||||
case -- '-t' |
||||
set typ "recent" |
||||
case -- '--' |
||||
while [ "$argv[1]" ] |
||||
set -e argv[1] |
||||
set fnd "$fnd $argv[1]" |
||||
end |
||||
case '*' |
||||
set fnd "$fnd $argv[1]" |
||||
end |
||||
set last $1 |
||||
set -e argv[1] |
||||
end |
||||
|
||||
[ "$fnd" ]; or set list 1 |
||||
|
||||
# if we hit enter on a completion just go there |
||||
[ -d "$last" ]; and cd "$last"; and return |
||||
|
||||
# no file yet |
||||
[ -f "$datafile" ]; or return |
||||
|
||||
set -l tempfile (mktemp $datafile.XXXXXX) |
||||
test -f $tempfile; or return |
||||
set -l target (awk -v t=(date +%s) -v list="$list" -v typ="$typ" -v q="$fnd" -v tmpfl="$tempfile" -F"|" ' |
||||
function frecent(rank, time) { |
||||
dx = t-time |
||||
if( dx < 3600 ) return rank*4 |
||||
if( dx < 86400 ) return rank*2 |
||||
if( dx < 604800 ) return rank/2 |
||||
return rank/4 |
||||
} |
||||
function output(files, toopen, override) { |
||||
if( list ) { |
||||
if( typ == "recent" ) { |
||||
cmd = "sort -nr >&2" |
||||
} else cmd = "sort -n >&2" |
||||
for( i in files ) if( files[i] ) printf "%-10s %s\n", files[i], i | cmd |
||||
if( override ) printf "%-10s %s\n", "common:", override > "/dev/stderr" |
||||
} else { |
||||
if( override ) toopen = override |
||||
print toopen |
||||
} |
||||
} |
||||
function common(matches, fnd, nc) { |
||||
for( i in matches ) { |
||||
if( matches[i] && (!short || length(i) < length(short)) ) short = i |
||||
} |
||||
if( short == "/" ) return |
||||
for( i in matches ) if( matches[i] && i !~ short ) x = 1 |
||||
if( x ) return |
||||
if( nc ) { |
||||
for( i in fnd ) if( tolower(short) !~ tolower(fnd[i]) ) x = 1 |
||||
} else for( i in fnd ) if( short !~ fnd[i] ) x = 1 |
||||
if( !x ) return short |
||||
} |
||||
BEGIN { split(q, a, " ") } |
||||
{ |
||||
if( system("test -d \"" $1 "\"") ) next |
||||
print $0 >> tmpfl |
||||
if( typ == "rank" ) { |
||||
f = $2 |
||||
} else if( typ == "recent" ) { |
||||
f = t-$3 |
||||
} else f = frecent($2, $3) |
||||
wcase[$1] = nocase[$1] = f |
||||
for( i in a ) { |
||||
if( $1 !~ a[i] ) delete wcase[$1] |
||||
if( tolower($1) !~ tolower(a[i]) ) delete nocase[$1] |
||||
} |
||||
if( wcase[$1] > oldf ) { |
||||
cx = $1 |
||||
oldf = wcase[$1] |
||||
} else if( nocase[$1] > noldf ) { |
||||
ncx = $1 |
||||
noldf = nocase[$1] |
||||
} |
||||
} |
||||
END { |
||||
if( cx ) { |
||||
output(wcase, cx, common(wcase, a, 0)) |
||||
} else if( ncx ) output(nocase, ncx, common(nocase, a, 1)) |
||||
} |
||||
' "$datafile") |
||||
|
||||
if [ $status -gt 0 ] |
||||
rm -f "$tempfile" |
||||
else |
||||
mv -f "$tempfile" "$datafile" |
||||
[ "$target" ]; and cd "$target" |
||||
end |
||||
end |
||||
end |
||||
end |
||||
|
||||
function __z_init -d 'Set up automatic population of the directory list for z' |
||||
functions fish_prompt | grep -q 'z --add' |
||||
if [ $status -gt 0 ] |
||||
functions fish_prompt | sed -e '$ i\\ |
||||
z --add "$PWD"' | . |
||||
end |
||||
end |
||||
|
||||
__z_init |
@ -1,27 +0,0 @@
|
||||
/etc/iptables.up.rules: |
||||
file.managed: |
||||
- source: salt://iptables/iptables.up.rules |
||||
- template: jinja |
||||
- require: |
||||
- pkg: iptables |
||||
|
||||
flush-iptables: |
||||
cmd.run: |
||||
- names: |
||||
- /sbin/iptables -F |
||||
- /sbin/iptables-restore < /etc/iptables.up.rules |
||||
- watch: |
||||
- file: /etc/iptables.up.rules |
||||
- require: |
||||
- pkg: iptables |
||||
|
||||
/etc/network/if-pre-up.d/iptables: |
||||
file.managed: |
||||
- mode: 644 |
||||
- source: salt://iptables/iptables-restore.sh |
||||
- require: |
||||
- pkg: iptables |
||||
cmd.run: |
||||
- name: chmod +x /etc/network/if-pre-up.d/iptables |
||||
- require: |
||||
- pkg: iptables |
@ -1,2 +0,0 @@
|
||||
#!/bin/sh |
||||
sudo sh -c '/sbin/iptables-restore < /etc/iptables.up.rules' |
@ -1,43 +0,0 @@
|
||||
*filter |
||||
|
||||
|
||||
# Allows all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0 |
||||
-A INPUT -i lo -j ACCEPT |
||||
-A INPUT ! -i lo -d 127.0.0.0/8 -j REJECT |
||||
|
||||
|
||||
# Accepts all established inbound connections |
||||
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT |
||||
|
||||
|
||||
# Allows all outbound traffic |
||||
# You can modify this to only allow certain traffic |
||||
-A OUTPUT -j ACCEPT |
||||
|
||||
|
||||
# Allows HTTP and HTTPS connections from anywhere (the normal ports for websites) |
||||
-A INPUT -p tcp --dport 80 -j ACCEPT |
||||
-A INPUT -p tcp --dport 443 -j ACCEPT |
||||
|
||||
|
||||
# Allows SSH connections |
||||
# |
||||
# THE -dport NUMBER IS THE SAME ONE YOU SET UP IN THE SSHD_CONFIG FILE |
||||
# |
||||
-A INPUT -p tcp -m state --state NEW --dport {{ pillar.ssh.port }} -j ACCEPT |
||||
|
||||
|
||||
# Allow ping |
||||
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT |
||||
|
||||
|
||||
# log iptables denied calls |
||||
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7 |
||||
|
||||
|
||||
# Reject all other inbound - default deny unless explicitly allowed policy |
||||
-A INPUT -j REJECT |
||||
-A FORWARD -j REJECT |
||||
|
||||
|
||||
COMMIT |
@ -1,46 +0,0 @@
|
||||
nginx-extras: |
||||
pkg: |
||||
- installed |
||||
|
||||
nginx: |
||||
service: |
||||
- running |
||||
- enable: True |
||||
- require: |
||||
- pkg: nginx-extras |
||||
- watch: |
||||
- file: /etc/nginx/nginx.conf |
||||
- file: /etc/nginx/sites-enabled/* |
||||
|
||||
/etc/nginx/sites-available: |
||||
file.directory: |
||||
- mode: 755 |
||||
- require: |
||||
- pkg: nginx-extras |
||||
|
||||
/etc/nginx/sites-enabled: |
||||
file.directory: |
||||
- mode: 755 |
||||
- require: |
||||
- pkg: nginx-extras |
||||
|
||||
{% if pillar.env_name != 'vagrant' %} |
||||
|
||||
/etc/certs: |
||||
file.directory: |
||||
- mode: 644 |
||||
- require: |
||||
- pkg: nginx-extras |
||||
|
||||
{% endif %} |
||||
|
||||
/etc/nginx/nginx.conf: |
||||
file.managed: |
||||
- source: salt://nginx/nginx.conf |
||||
- mode: 400 |
||||
- template: jinja |
||||
- require: |
||||
- pkg: nginx-extras |
||||
|
||||
/etc/nginx/sites-enabled/default: |
||||
file.absent |
@ -1,26 +0,0 @@
|
||||
user {% if pillar.env_name == 'vagrant' %}vagrant{% else %}www-data{% endif %}; |
||||
worker_processes 4; |
||||
|
||||
events { |
||||
worker_connections 1024; |
||||
} |
||||
|
||||
http { |
||||
include mime.types; |
||||
default_type application/octet-stream; |
||||
|
||||
sendfile on; |
||||
tcp_nopush on; |
||||
tcp_nodelay on; |
||||
|
||||
keepalive_timeout 65; |
||||
|
||||
gzip on; |
||||
gzip_disable "msie6"; |
||||
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript; |
||||
|
||||
include /etc/nginx/sites-enabled/*; |
||||
|
||||
types_hash_max_size 4096; |
||||
server_names_hash_bucket_size 64; |
||||
} |
@ -1,29 +0,0 @@
|
||||
postgresql: |
||||
pkg: |
||||
- installed |
||||
service.running: |
||||
- watch: |
||||
- file: /etc/postgresql/9.3/main/pg_hba.conf |
||||
- require: |
||||
- pkg: postgresql |
||||
|
||||
pg_hba.conf: |
||||
file.managed: |
||||
- name: /etc/postgresql/9.3/main/pg_hba.conf |
||||
- source: salt://postgresql/pg_hba.conf |
||||
- user: postgres |
||||
- group: postgres |
||||
- mode: 644 |
||||
- require: |
||||
- pkg: postgresql |
||||
|
||||
postgresql.conf: |
||||
file.managed: |
||||
- name: /etc/postgresql/9.3/main/postgresql.conf |
||||
- source: salt://postgresql/postgresql.conf |
||||
- template: jinja |
||||
- user: postgres |
||||
- group: postgres |
||||
- mode: 644 |
||||
- require: |
||||
- pkg: postgresql |
@ -1,99 +0,0 @@
|
||||
# PostgreSQL Client Authentication Configuration File |
||||
# =================================================== |
||||
# |
||||
# Refer to the "Client Authentication" section in the PostgreSQL |
||||
# documentation for a complete description of this file. A short |
||||
# synopsis follows. |
||||
# |
||||
# This file controls: which hosts are allowed to connect, how clients |
||||
# are authenticated, which PostgreSQL user names they can use, which |
||||
# databases they can access. Records take one of these forms: |
||||
# |
||||
# local DATABASE USER METHOD [OPTIONS] |
||||
# host DATABASE USER ADDRESS METHOD [OPTIONS] |
||||
# hostssl DATABASE USER ADDRESS METHOD [OPTIONS] |
||||
# hostnossl DATABASE USER ADDRESS METHOD [OPTIONS] |
||||
# |
||||
# (The uppercase items must be replaced by actual values.) |
||||
# |
||||
# The first field is the connection type: "local" is a Unix-domain |
||||
# socket, "host" is either a plain or SSL-encrypted TCP/IP socket, |
||||
# "hostssl" is an SSL-encrypted TCP/IP socket, and "hostnossl" is a |
||||
# plain TCP/IP socket. |
||||
# |
||||
# DATABASE can be "all", "sameuser", "samerole", "replication", a |
||||
# database name, or a comma-separated list thereof. The "all" |
||||
# keyword does not match "replication". Access to replication |
||||
# must be enabled in a separate record (see example below). |
||||
# |
||||
# USER can be "all", a user name, a group name prefixed with "+", or a |
||||
# comma-separated list thereof. In both the DATABASE and USER fields |
||||
# you can also write a file name prefixed with "@" to include names |
||||
# from a separate file. |
||||
# |
||||
# ADDRESS specifies the set of hosts the record matches. It can be a |
||||
# host name, or it is made up of an IP address and a CIDR mask that is |
||||
# an integer (between 0 and 32 (IPv4) or 128 (IPv6) inclusive) that |
||||
# specifies the number of significant bits in the mask. A host name |
||||
# that starts with a dot (.) matches a suffix of the actual host name. |
||||
# Alternatively, you can write an IP address and netmask in separate |
||||
# columns to specify the set of hosts. Instead of a CIDR-address, you |
||||
# can write "samehost" to match any of the server's own IP addresses, |
||||
# or "samenet" to match any address in any subnet that the server is |
||||
# directly connected to. |
||||
# |
||||
# METHOD can be "trust", "reject", "md5", "password", "gss", "sspi", |
||||
# "krb5", "ident", "peer", "pam", "ldap", "radius" or "cert". Note that |
||||
# "password" sends passwords in clear text; "md5" is preferred since |
||||
# it sends encrypted passwords. |
||||
# |
||||
# OPTIONS are a set of options for the authentication in the format |
||||
# NAME=VALUE. The available options depend on the different |
||||
# authentication methods -- refer to the "Client Authentication" |
||||
# section in the documentation for a list of which options are |
||||
# available for which authentication methods. |
||||
# |
||||
# Database and user names containing spaces, commas, quotes and other |
||||
# special characters must be quoted. Quoting one of the keywords |
||||
# "all", "sameuser", "samerole" or "replication" makes the name lose |
||||
# its special character, and just match a database or username with |
||||
# that name. |
||||
# |
||||
# This file is read on server startup and when the postmaster receives |
||||
# a SIGHUP signal. If you edit the file on a running system, you have |
||||
# to SIGHUP the postmaster for the changes to take effect. You can |
||||
# use "pg_ctl reload" to do that. |
||||
|
||||
# Put your actual configuration here |
||||
# ---------------------------------- |
||||
# |
||||
# If you want to allow non-local connections, you need to add more |
||||
# "host" records. In that case you will also need to make PostgreSQL |
||||
# listen on a non-local interface via the listen_addresses |
||||
# configuration parameter, or via the -i or -h command line switches. |
||||
|
||||
|
||||
|
||||
|
||||
# DO NOT DISABLE! |
||||
# If you change this first entry you will need to make sure that the |
||||
# database superuser can access the database using some other method. |
||||
# Noninteractive access to all databases is required during automatic |
||||
# maintenance (custom daily cronjobs, replication, and similar tasks). |
||||
# |
||||
# Database administrative login by Unix domain socket |
||||
local all postgres peer |
||||
|
||||
# TYPE DATABASE USER ADDRESS METHOD |
||||
|
||||
# "local" is for Unix domain socket connections only |
||||
local all all peer |
||||
# IPv4 local connections: |
||||
host all all 127.0.0.1/32 md5 |
||||
# IPv6 local connections: |
||||
host all all ::1/128 md5 |
||||
# Allow replication connections from localhost, by a user with the |
||||
# replication privilege. |
||||
#local replication postgres peer |
||||
#host replication postgres 127.0.0.1/32 md5 |
||||
#host replication postgres ::1/128 md5 |
@ -1,596 +0,0 @@
|
||||
# ----------------------------- |
||||
# PostgreSQL configuration file |
||||
# ----------------------------- |
||||
# |
||||
# This file consists of lines of the form: |
||||
# |
||||
# name = value |
||||
# |
||||
# (The "=" is optional.) Whitespace may be used. Comments are introduced with |
||||
# "#" anywhere on a line. The complete list of parameter names and allowed |
||||
# values can be found in the PostgreSQL documentation. |
||||
# |
||||
# The commented-out settings shown in this file represent the default values. |
||||
# Re-commenting a setting is NOT sufficient to revert it to the default value; |
||||
# you need to reload the server. |
||||
# |
||||
# This file is read on server startup and when the server receives a SIGHUP |
||||
# signal. If you edit the file on a running system, you have to SIGHUP the |
||||
# server for the changes to take effect, or use "pg_ctl reload". Some |
||||
# parameters, which are marked below, require a server shutdown and restart to |
||||
# take effect. |
||||
# |
||||
# Any parameter can also be given as a command-line option to the server, e.g., |
||||
# "postgres -c log_connections=on". Some parameters can be changed at run time |
||||
# with the "SET" SQL command. |
||||
# |
||||
# Memory units: kB = kilobytes Time units: ms = milliseconds |
||||
# MB = megabytes s = seconds |
||||
# GB = gigabytes min = minutes |
||||
# h = hours |
||||
# d = days |
||||
|
||||
|
||||
#------------------------------------------------------------------------------ |
||||
# FILE LOCATIONS |
||||
#------------------------------------------------------------------------------ |
||||
|
||||
# The default values of these variables are driven from the -D command-line |
||||
# option or PGDATA environment variable, represented here as ConfigDir. |
||||
|
||||
data_directory = '/var/lib/postgresql/9.3/main' # use data in another directory |
||||
# (change requires restart) |
||||
hba_file = '/etc/postgresql/9.3/main/pg_hba.conf' # host-based authentication file |
||||
# (change requires restart) |
||||
ident_file = '/etc/postgresql/9.3/main/pg_ident.conf' # ident configuration file |
||||
# (change requires restart) |
||||
|
||||
# If external_pid_file is not explicitly set, no extra PID file is written. |
||||
external_pid_file = '/var/run/postgresql/9.3-main.pid' # write an extra PID file |
||||
# (change requires restart) |
||||
|
||||
|
||||
#------------------------------------------------------------------------------ |
||||
# CONNECTIONS AND AUTHENTICATION |
||||
#------------------------------------------------------------------------------ |
||||
|
||||
# - Connection Settings - |
||||
|
||||
#listen_addresses = 'localhost' # what IP address(es) to listen on; |
||||
# comma-separated list of addresses; |
||||
# defaults to 'localhost'; use '*' for all |
||||
# (change requires restart) |
||||
port = 5432 # (change requires restart) |
||||
max_connections = 100 # (change requires restart) |
||||
# Note: Increasing max_connections costs ~400 bytes of shared memory per |
||||
# connection slot, plus lock space (see max_locks_per_transaction). |
||||
#superuser_reserved_connections = 3 # (change requires restart) |
||||
unix_socket_directories = '/var/run/postgresql' # comma-separated list of directories |
||||
# (change requires restart) |
||||
#unix_socket_group = '' # (change requires restart) |
||||
#unix_socket_permissions = 0777 # begin with 0 to use octal notation |
||||
# (change requires restart) |
||||
#bonjour = off # advertise server via Bonjour |
||||
# (change requires restart) |
||||
#bonjour_name = '' # defaults to the computer name |
||||
# (change requires restart) |
||||
|
||||
# - Security and Authentication - |
||||
|
||||
#authentication_timeout = 1min # 1s-600s |
||||
ssl = true # (change requires restart) |
||||
#ssl_ciphers = 'DEFAULT:!LOW:!EXP:!MD5:@STRENGTH' # allowed SSL ciphers |
||||
# (change requires restart) |
||||
#ssl_renegotiation_limit = 512MB # amount of data between renegotiations |
||||
ssl_cert_file = '/etc/ssl/certs/ssl-cert-snakeoil.pem' # (change requires restart) |
||||
ssl_key_file = '/etc/ssl/private/ssl-cert-snakeoil.key' # (change requires restart) |
||||
#ssl_ca_file = '' # (change requires restart) |
||||
#ssl_crl_file = '' # (change requires restart) |
||||
#password_encryption = on |
||||
#db_user_namespace = off |
||||
|
||||
# Kerberos and GSSAPI |
||||
#krb_server_keyfile = '' |
||||
#krb_srvname = 'postgres' # (Kerberos only) |
||||
#krb_caseins_users = off |
||||
|
||||
# - TCP Keepalives - |
||||
# see "man 7 tcp" for details |
||||
|
||||
#tcp_keepalives_idle = 0 # TCP_KEEPIDLE, in seconds; |
||||
# 0 selects the system default |
||||
#tcp_keepalives_interval = 0 # TCP_KEEPINTVL, in seconds; |
||||
# 0 selects the system default |
||||
#tcp_keepalives_count = 0 # TCP_KEEPCNT; |
||||
# 0 selects the system default |
||||
|
||||
|
||||
#------------------------------------------------------------------------------ |
||||
# RESOURCE USAGE (except WAL) |
||||
#------------------------------------------------------------------------------ |
||||
|
||||
# - Memory - |
||||
|
||||
shared_buffers = 128MB # min 128kB |
||||
# (change requires restart) |
||||
#temp_buffers = 8MB # min 800kB |
||||
#max_prepared_transactions = 0 # zero disables the feature |
||||
# (change requires restart) |
||||
# Note: Increasing max_prepared_transactions costs ~600 bytes of shared memory |
||||
# per transaction slot, plus lock space (see max_locks_per_transaction). |
||||
# It is not advisable to set max_prepared_transactions nonzero unless you |
||||
# actively intend to use prepared transactions. |
||||
#work_mem = 1MB # min 64kB |
||||
#maintenance_work_mem = 16MB # min 1MB |
||||
#max_stack_depth = 2MB # min 100kB |
||||
|
||||
# - Disk - |
||||
|
||||
#temp_file_limit = -1 # limits per-session temp file space |
||||
# in kB, or -1 for no limit |
||||
|
||||
# - Kernel Resource Usage - |
||||
|
||||
#max_files_per_process = 1000 # min 25 |
||||
# (change requires restart) |
||||
#shared_preload_libraries = '' # (change requires restart) |
||||
|
||||
# - Cost-Based Vacuum Delay - |
||||
|
||||
#vacuum_cost_delay = 0 # 0-100 milliseconds |
||||
#vacuum_cost_page_hit = 1 # 0-10000 credits |
||||
#vacuum_cost_page_miss = 10 # 0-10000 credits |
||||
#vacuum_cost_page_dirty = 20 # 0-10000 credits |
||||
#vacuum_cost_limit = 200 # 1-10000 credits |
||||
|
||||
# - Background Writer - |
||||
|
||||
#bgwriter_delay = 200ms # 10-10000ms between rounds |
||||
#bgwriter_lru_maxpages = 100 # 0-1000 max buffers written/round |
||||
#bgwriter_lru_multiplier = 2.0 # 0-10.0 multipler on buffers scanned/round |
||||
|
||||
# - Asynchronous Behavior - |
||||
|
||||
#effective_io_concurrency = 1 # 1-1000; 0 disables prefetching |
||||
|
||||
|
||||
#------------------------------------------------------------------------------ |
||||
# WRITE AHEAD LOG |
||||
#------------------------------------------------------------------------------ |
||||
|
||||
# - Settings - |
||||
|
||||
#wal_level = minimal # minimal, archive, or hot_standby |
||||
# (change requires restart) |
||||
#fsync = on # turns forced synchronization on or off |
||||
#synchronous_commit = on # synchronization level; |
||||
# off, local, remote_write, or on |
||||
#wal_sync_method = fsync # the default is the first option |
||||
# supported by the operating system: |
||||
# open_datasync |
||||
# fdatasync (default on Linux) |
||||
# fsync |
||||
# fsync_writethrough |
||||
# open_sync |
||||
#full_page_writes = on # recover from partial page writes |
||||
#wal_buffers = -1 # min 32kB, -1 sets based on shared_buffers |
||||
# (change requires restart) |
||||
#wal_writer_delay = 200ms # 1-10000 milliseconds |
||||
|
||||
#commit_delay = 0 # range 0-100000, in microseconds |
||||
#commit_siblings = 5 # range 1-1000 |
||||
|
||||
# - Checkpoints - |
||||
|
||||
#checkpoint_segments = 3 # in logfile segments, min 1, 16MB each |
||||
#checkpoint_timeout = 5min # range 30s-1h |
||||
#checkpoint_completion_target = 0.5 # checkpoint target duration, 0.0 - 1.0 |
||||
#checkpoint_warning = 30s # 0 disables |
||||
|
||||
# - Archiving - |
||||
|
||||
#archive_mode = off # allows archiving to be done |
||||
# (change requires restart) |
||||
#archive_command = '' # command to use to archive a logfile segment |
||||
# placeholders: %p = path of file to archive |
||||
# %f = file name only |
||||
# e.g. 'test ! -f /mnt/server/archivedir/%f && cp %p /mnt/server/archivedir/%f' |
||||
#archive_timeout = 0 # force a logfile segment switch after this |
||||
# number of seconds; 0 disables |
||||
|
||||
|
||||
#------------------------------------------------------------------------------ |
||||
# REPLICATION |
||||
#------------------------------------------------------------------------------ |
||||
|
||||
# - Sending Server(s) - |
||||
|
||||
# Set these on the master and on any standby that will send replication data. |
||||
|
||||
#max_wal_senders = 0 # max number of walsender processes |
||||
# (change requires restart) |
||||
#wal_keep_segments = 0 # in logfile segments, 16MB each; 0 disables |
||||
#wal_sender_timeout = 60s # in milliseconds; 0 disables |
||||
|
||||
# - Master Server - |
||||
|
||||
# These settings are ignored on a standby server. |
||||
|
||||
#synchronous_standby_names = '' # standby servers that provide sync rep |
||||
# comma-separated list of application_name |
||||
# from standby(s); '*' = all |
||||
#vacuum_defer_cleanup_age = 0 # number of xacts by which cleanup is delayed |
||||
|
||||
# - Standby Servers - |
||||
|
||||
# These settings are ignored on a master server. |
||||
|
||||
#hot_standby = off # "on" allows queries during recovery |
||||
# (change requires restart) |
||||
#max_standby_archive_delay = 30s # max delay before canceling queries |
||||
# when reading WAL from archive; |
||||
# -1 allows indefinite delay |
||||
#max_standby_streaming_delay = 30s # max delay before canceling queries |
||||
# when reading streaming WAL; |
||||
# -1 allows indefinite delay |
||||
#wal_receiver_status_interval = 10s # send replies at least this often |
||||
# 0 disables |
||||
#hot_standby_feedback = off # send info from standby to prevent |
||||
# query conflicts |
||||
#wal_receiver_timeout = 60s # time that receiver waits for |
||||
# communication from master |
||||
# in milliseconds; 0 disables |
||||
|
||||
|
||||
#------------------------------------------------------------------------------ |
||||
# QUERY TUNING |
||||
#------------------------------------------------------------------------------ |
||||
|
||||
# - Planner Method Configuration - |
||||
|
||||
#enable_bitmapscan = on |
||||
#enable_hashagg = on |
||||
#enable_hashjoin = on |
||||
#enable_indexscan = on |
||||
#enable_indexonlyscan = on |
||||
#enable_material = on |
||||
#enable_mergejoin = on |
||||
#enable_nestloop = on |
||||
#enable_seqscan = on |
||||
#enable_sort = on |
||||
#enable_tidscan = on |
||||
|
||||
# - Planner Cost Constants - |
||||
|
||||
#seq_page_cost = 1.0 # measured on an arbitrary scale |
||||
#random_page_cost = 4.0 # same scale as above |
||||
#cpu_tuple_cost = 0.01 # same scale as above |
||||
#cpu_index_tuple_cost = 0.005 # same scale as above |
||||
#cpu_operator_cost = 0.0025 # same scale as above |
||||
#effective_cache_size = 128MB |
||||
|
||||
# - Genetic Query Optimizer - |
||||
|
||||
#geqo = on |
||||
#geqo_threshold = 12 |
||||
#geqo_effort = 5 # range 1-10 |
||||
#geqo_pool_size = 0 # selects default based on effort |
||||
#geqo_generations = 0 # selects default based on effort |
||||
#geqo_selection_bias = 2.0 # range 1.5-2.0 |
||||
#geqo_seed = 0.0 # range 0.0-1.0 |
||||
|
||||
# - Other Planner Options - |
||||
|
||||
#default_statistics_target = 100 # range 1-10000 |
||||
#constraint_exclusion = partition # on, off, or partition |
||||
#cursor_tuple_fraction = 0.1 # range 0.0-1.0 |
||||
#from_collapse_limit = 8 |
||||
#join_collapse_limit = 8 # 1 disables collapsing of explicit |
||||
# JOIN clauses |
||||
|
||||
|
||||
#------------------------------------------------------------------------------ |
||||
# ERROR REPORTING AND LOGGING |
||||
#------------------------------------------------------------------------------ |
||||
|
||||
# - Where to Log - |
||||
|
||||
#log_destination = 'stderr' # Valid values are combinations of |
||||
# stderr, csvlog, syslog, and eventlog, |
||||
# depending on platform. csvlog |
||||
# requires logging_collector to be on. |
||||
|
||||
# This is used when logging to stderr: |
||||
#logging_collector = off # Enable capturing of stderr and csvlog |
||||
# into log files. Required to be on for |
||||
# csvlogs. |
||||
# (change requires restart) |
||||
|
||||
# These are only used if logging_collector is on: |
||||
#log_directory = 'pg_log' # directory where log files are written, |
||||
# can be absolute or relative to PGDATA |
||||
#log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log' # log file name pattern, |
||||
# can include strftime() escapes |
||||
#log_file_mode = 0600 # creation mode for log files, |
||||
# begin with 0 to use octal notation |
||||
#log_truncate_on_rotation = off # If on, an existing log file with the |
||||
# same name as the new log file will be |
||||
# truncated rather than appended to. |
||||
# But such truncation only occurs on |
||||
# time-driven rotation, not on restarts |
||||
# or size-driven rotation. Default is |
||||
# off, meaning append to existing files |
||||
# in all cases. |
||||
#log_rotation_age = 1d # Automatic rotation of logfiles will |
||||
# happen after that time. 0 disables. |
||||
#log_rotation_size = 10MB # Automatic rotation of logfiles will |
||||
# happen after that much log output. |
||||
# 0 disables. |
||||
|
||||
# These are relevant when logging to syslog: |
||||
#syslog_facility = 'LOCAL0' |
||||
#syslog_ident = 'postgres' |
||||
|
||||
# This is only relevant when logging to eventlog (win32): |
||||
#event_source = 'PostgreSQL' |
||||
|
||||
# - When to Log - |
||||
|
||||
#client_min_messages = notice # values in order of decreasing detail: |
||||
# debug5 |
||||
# debug4 |
||||
# debug3 |
||||
# debug2 |
||||
# debug1 |
||||
# log |
||||
# notice |
||||
# warning |
||||
# error |
||||
|
||||
#log_min_messages = warning # values in order of decreasing detail: |
||||
# debug5 |
||||
# debug4 |
||||
# debug3 |
||||
# debug2 |
||||
# debug1 |
||||
# info |
||||
# notice |
||||
# warning |
||||
# error |
||||
# log |
||||
# fatal |
||||
# panic |
||||
|
||||
#log_min_error_statement = error # values in order of decreasing detail: |
||||
# debug5 |
||||
# debug4 |
||||
# debug3 |
||||
# debug2 |
||||
# debug1 |
||||
# info |
||||
# notice |
||||
# warning |
||||
# error |
||||
# log |
||||
# fatal |
||||
# panic (effectively off) |
||||
|
||||
#log_min_duration_statement = -1 # -1 is disabled, 0 logs all statements |
||||
# and their durations, > 0 logs only |
||||
# statements running at least this number |
||||
# of milliseconds |
||||
|
||||
|
||||
# - What to Log - |
||||
|
||||
#debug_print_parse = off |
||||
#debug_print_rewritten = off |
||||
#debug_print_plan = off |
||||
#debug_pretty_print = on |
||||
#log_checkpoints = off |
||||
#log_connections = off |
||||
#log_disconnections = off |
||||
#log_duration = off |
||||
#log_error_verbosity = default # terse, default, or verbose messages |
||||
#log_hostname = off |
||||
log_line_prefix = '%t ' # special values: |
||||
# %a = application name |
||||
# %u = user name |
||||
# %d = database name |
||||
# %r = remote host and port |
||||
# %h = remote host |
||||
# %p = process ID |
||||
# %t = timestamp without milliseconds |
||||
# %m = timestamp with milliseconds |
||||
# %i = command tag |
||||
# %e = SQL state |
||||
# %c = session ID |
||||
# %l = session line number |
||||
# %s = session start timestamp |
||||
# %v = virtual transaction ID |
||||
# %x = transaction ID (0 if none) |
||||
# %q = stop here in non-session |
||||
# processes |
||||
# %% = '%' |
||||
# e.g. '<%u%%%d> ' |
||||
#log_lock_waits = off # log lock waits >= deadlock_timeout |
||||
#log_statement = 'none' # none, ddl, mod, all |
||||
#log_temp_files = -1 # log temporary files equal or larger |
||||
# than the specified size in kilobytes; |
||||
# -1 disables, 0 logs all temp files |
||||
log_timezone = 'UTC' |
||||
|
||||
|
||||
#------------------------------------------------------------------------------ |
||||
# RUNTIME STATISTICS |
||||
#------------------------------------------------------------------------------ |
||||
|
||||
# - Query/Index Statistics Collector - |
||||
|
||||
#track_activities = on |
||||
#track_counts = on |
||||
#track_io_timing = off |
||||
#track_functions = none # none, pl, all |
||||
#track_activity_query_size = 1024 # (change requires restart) |
||||
#update_process_title = on |
||||
#stats_temp_directory = 'pg_stat_tmp' |
||||
|
||||
|
||||
# - Statistics Monitoring - |
||||
|
||||
#log_parser_stats = off |
||||
#log_planner_stats = off |
||||
#log_executor_stats = off |
||||
#log_statement_stats = off |
||||
|
||||
|
||||
#------------------------------------------------------------------------------ |
||||
# AUTOVACUUM PARAMETERS |
||||
#------------------------------------------------------------------------------ |
||||
|
||||
#autovacuum = on # Enable autovacuum subprocess? 'on' |
||||
# requires track_counts to also be on. |
||||
#log_autovacuum_min_duration = -1 # -1 disables, 0 logs all actions and |
||||
# their durations, > 0 logs only |
||||
# actions running at least this number |
||||
# of milliseconds. |
||||
#autovacuum_max_workers = 3 # max number of autovacuum subprocesses |
||||
# (change requires restart) |
||||
#autovacuum_naptime = 1min # time between autovacuum runs |
||||
#autovacuum_vacuum_threshold = 50 # min number of row updates before |
||||
# vacuum |
||||
#autovacuum_analyze_threshold = 50 # min number of row updates before |
||||
# analyze |
||||
#autovacuum_vacuum_scale_factor = 0.2 # fraction of table size before vacuum |
||||
#autovacuum_analyze_scale_factor = 0.1 # fraction of table size before analyze |
||||
#autovacuum_freeze_max_age = 200000000 # maximum XID age before forced vacuum |
||||
# (change requires restart) |
||||
#autovacuum_multixact_freeze_max_age = 400000000 # maximum Multixact age |
||||
# before forced vacuum |
||||
# (change requires restart) |
||||
#autovacuum_vacuum_cost_delay = 20ms # default vacuum cost delay for |
||||
# autovacuum, in milliseconds; |
||||
# -1 means use vacuum_cost_delay |
||||
#autovacuum_vacuum_cost_limit = -1 # default vacuum cost limit for |
||||
# autovacuum, -1 means use |
||||
# vacuum_cost_limit |
||||
|
||||
|
||||
#------------------------------------------------------------------------------ |
||||
# CLIENT CONNECTION DEFAULTS |
||||
#------------------------------------------------------------------------------ |
||||
|
||||
# - Statement Behavior - |
||||
|
||||
#search_path = '"$user",public' # schema names |
||||
#default_tablespace = '' # a tablespace name, '' uses the default |
||||
#temp_tablespaces = '' # a list of tablespace names, '' uses |
||||
# only default tablespace |
||||
#check_function_bodies = on |
||||
#default_transaction_isolation = 'read committed' |
||||
#default_transaction_read_only = off |
||||
#default_transaction_deferrable = off |
||||
#session_replication_role = 'origin' |
||||
#statement_timeout = 0 # in milliseconds, 0 is disabled |
||||
#lock_timeout = 0 # in milliseconds, 0 is disabled |
||||
#vacuum_freeze_min_age = 50000000 |
||||
#vacuum_freeze_table_age = 150000000 |
||||
#vacuum_multixact_freeze_min_age = 5000000 |
||||
#vacuum_multixact_freeze_table_age = 150000000 |
||||
#bytea_output = 'hex' # hex, escape |
||||
#xmlbinary = 'base64' |
||||
#xmloption = 'content' |
||||
|
||||
# - Locale and Formatting - |
||||
|
||||
datestyle = 'iso, mdy' |
||||
#intervalstyle = 'postgres' |
||||
timezone = 'UTC' |
||||
#timezone_abbreviations = 'Default' # Select the set of available time zone |
||||
# abbreviations. Currently, there are |
||||
# Default |
||||
# Australia |
||||
# India |
||||
# You can create your own file in |
||||
# share/timezonesets/. |
||||
#extra_float_digits = 0 # min -15, max 3 |
||||
#client_encoding = sql_ascii # actually, defaults to database |
||||
# encoding |
||||
|
||||
# These settings are initialized by initdb, but they can be changed. |
||||
lc_messages = 'en_US.UTF-8' # locale for system error message |
||||
# strings |
||||
lc_monetary = 'en_US.UTF-8' # locale for monetary formatting |
||||
lc_numeric = 'en_US.UTF-8' # locale for number formatting |
||||
lc_time = 'en_US.UTF-8' # locale for time formatting |
||||
|
||||
# default configuration for text search |
||||
default_text_search_config = 'pg_catalog.english' |
||||
|
||||
# - Other Defaults - |
||||
|
||||
#dynamic_library_path = '$libdir' |
||||
#local_preload_libraries = '' |
||||
|
||||
|
||||
#------------------------------------------------------------------------------ |
||||
# LOCK MANAGEMENT |
||||
#------------------------------------------------------------------------------ |
||||
|
||||
#deadlock_timeout = 1s |
||||
#max_locks_per_transaction = 64 # min 10 |
||||
# (change requires restart) |
||||
# Note: Each lock table slot uses ~270 bytes of shared memory, and there are |
||||
# max_locks_per_transaction * (max_connections + max_prepared_transactions) |
||||
# lock table slots. |
||||
#max_pred_locks_per_transaction = 64 # min 10 |
||||
# (change requires restart) |
||||
|
||||
|
||||
#------------------------------------------------------------------------------ |
||||
# VERSION/PLATFORM COMPATIBILITY |
||||
#------------------------------------------------------------------------------ |
||||
|
||||
# - Previous PostgreSQL Versions - |
||||
|
||||
#array_nulls = on |
||||
#backslash_quote = safe_encoding # on, off, or safe_encoding |
||||
#default_with_oids = off |
||||
#escape_string_warning = on |
||||
#lo_compat_privileges = off |
||||
#quote_all_identifiers = off |
||||
#sql_inheritance = on |
||||
#standard_conforming_strings = on |
||||
#synchronize_seqscans = on |
||||
|
||||
# - Other Platforms and Clients - |
||||
|
||||
#transform_null_equals = off |
||||
|
||||
|
||||
#------------------------------------------------------------------------------ |
||||
# ERROR HANDLING |
||||
#------------------------------------------------------------------------------ |
||||
|
||||
#exit_on_error = off # terminate session on any error? |
||||
#restart_after_crash = on # reinitialize after backend crash? |
||||
|
||||
|
||||
#------------------------------------------------------------------------------ |
||||
# CONFIG FILE INCLUDES |
||||
#------------------------------------------------------------------------------ |
||||
|
||||
# These options allow settings to be loaded from files other than the |
||||
# default postgresql.conf. |
||||
|
||||
#include_dir = 'conf.d' # include files ending in '.conf' from |
||||
# directory 'conf.d' |
||||
#include_if_exists = 'exists.conf' # include file only if it exists |
||||
#include = 'special.conf' # include file |
||||
|
||||
|
||||
#------------------------------------------------------------------------------ |
||||
# CUSTOMIZED OPTIONS |
||||
#------------------------------------------------------------------------------ |
||||
|
||||
# Add settings for extensions here |