From eff60765ee91a900f665b84ae882a6e9158c1192 Mon Sep 17 00:00:00 2001 From: Johannes Stoelp Date: Tue, 13 Feb 2024 00:39:32 +0100 Subject: git: add rsyslog --- roles/git/files/gitolite-cgit/Dockerfile | 5 ++++- roles/git/files/gitolite-cgit/entrypoint.sh | 2 ++ roles/git/files/gitolite-cgit/etc/rsyslog.conf | 19 +++++++++++++++++++ roles/git/files/gitolite-cgit/etc/sshd_config | 2 ++ 4 files changed, 27 insertions(+), 1 deletion(-) create mode 100644 roles/git/files/gitolite-cgit/etc/rsyslog.conf (limited to 'roles/git') diff --git a/roles/git/files/gitolite-cgit/Dockerfile b/roles/git/files/gitolite-cgit/Dockerfile index dcaf1a0..e46aa21 100644 --- a/roles/git/files/gitolite-cgit/Dockerfile +++ b/roles/git/files/gitolite-cgit/Dockerfile @@ -4,12 +4,15 @@ RUN apk add --update-cache --upgrade --no-cache --purge \ gitolite openssh \ cgit nginx fcgiwrap spawn-fcgi \ py3-markdown py3-pygments \ - curl \ + rsyslog curl \ && rm -rf /var/cache/apk VOLUME /var/lib/git EXPOSE 22 80 +# -- rsyslogd +COPY etc/rsyslog.conf /etc + # -- sshd COPY etc/sshd_config /etc/ssh/sshd_config diff --git a/roles/git/files/gitolite-cgit/entrypoint.sh b/roles/git/files/gitolite-cgit/entrypoint.sh index 3ad094f..14c16a7 100755 --- a/roles/git/files/gitolite-cgit/entrypoint.sh +++ b/roles/git/files/gitolite-cgit/entrypoint.sh @@ -52,5 +52,7 @@ rm -f /etc/nginx/http.d/default.conf spawn-fcgi -s /run/fcgiwrap.sock -U nginx -- /usr/bin/fcgiwrap nginx +rsyslogd + # Start sshd non-detached. /usr/sbin/sshd -D diff --git a/roles/git/files/gitolite-cgit/etc/rsyslog.conf b/roles/git/files/gitolite-cgit/etc/rsyslog.conf new file mode 100644 index 0000000..fa25c6a --- /dev/null +++ b/roles/git/files/gitolite-cgit/etc/rsyslog.conf @@ -0,0 +1,19 @@ +$AbortOnUncleanConfig on +$WorkDirectory /var/lib/rsyslog + +$FileOwner root +$FileCreateMode 0640 +$DirCreateMode 0755 +$Umask 0022 + +## Modules + +# Support local system logging. +module(load="imuxsock") + +## Logging Rules + +# Write all messages with 'info' severity except 'auth.info' to messages file. +# The '-' disables buffer flush. +#*.info;auth.none -/var/log/messages +auth.* /dev/stdout diff --git a/roles/git/files/gitolite-cgit/etc/sshd_config b/roles/git/files/gitolite-cgit/etc/sshd_config index b6da391..b9ab963 100644 --- a/roles/git/files/gitolite-cgit/etc/sshd_config +++ b/roles/git/files/gitolite-cgit/etc/sshd_config @@ -12,3 +12,5 @@ PermitEmptyPasswords no AllowTcpForwarding no GatewayPorts no X11Forwarding no + +# Logs by default to auth.* syslog facility. -- cgit v1.2.3