Commit Graph

30 Commits

Author SHA1 Message Date
oysteikt aa2712005a temmie/nfs-mounts: create by-uid bindmounts 2026-06-17 13:43:19 +09:00
oysteikt 89921b533b temmie/userweb: further harden log-processor 2026-06-17 12:31:02 +09:00
oysteikt 75f87ffab8 temmie/userweb: run passwd sync in different unit 2026-06-17 12:15:23 +09:00
oysteikt b910cf9563 temmie/userweb: suppress erroneous access log for documentRoot 2026-06-17 08:57:55 +09:00
oysteikt d23adbd4c2 temmie/userweb: deny access to documentRoot 2026-06-17 08:49:44 +09:00
oysteikt 48c0a4e504 temmie/userweb: fix directory denylist enforcement 2026-06-17 08:23:08 +09:00
oysteikt d84cc73819 temmie/userweb: handle more .php\d suffixes 2026-06-16 19:07:58 +09:00
oysteikt b738f08c09 temmie/userweb: render path denylist into Directory/Files directives 2026-06-16 19:07:57 +09:00
oysteikt 8252bba3ad temmie/userweb: enable httpd trace on debugMode 2026-06-16 19:07:57 +09:00
oysteikt a776a5a5fe temmie/userweb: explicitly override mod_perl and mod_userdir 2026-06-16 19:07:57 +09:00
oysteikt ed57744ec3 temmie/userweb: add more patterns to denylist 2026-06-16 16:07:32 +09:00
oysteikt 226db1f46e temmie/userweb: add more DirectoryIndex variants 2026-06-16 16:07:32 +09:00
oysteikt 51e1656177 temmie/userweb: disable ~pvv 2026-06-16 15:53:52 +09:00
oysteikt 47d2dcf9ff temmie/userweb: add bro server to userweb slice 2026-06-16 03:37:28 +09:00
oysteikt 254b1d9b14 temmie/userweb: split into more modules 2026-06-16 03:33:28 +09:00
oysteikt 2301672a21 temmie/userweb: run log processors as separate systemd units
This lets us divide up some of the logic making httpd itself less
brittle, and also reduces the amount of privileges for httpd.
2026-06-16 02:56:28 +09:00
oysteikt e80189c6eb temmie/userweb: stop cating passwd on startup 2026-06-13 01:41:05 +09:00
oysteikt 56a51e4c6f temmie/userweb: mount homedirs under /amd 2026-06-13 01:39:20 +09:00
oysteikt f54109f6f3 temmie/userweb: set handlers for php and perl scripts 2026-06-13 01:26:27 +09:00
oysteikt b848e0f1cc temmie/userweb: add log processor for apache 2026-06-07 06:03:18 +09:00
oysteikt c671329b93 temmie/userweb: inject users from passwd into httpd sandbox 2026-06-07 05:28:24 +09:00
oysteikt 18ab1ef982 temmie/userweb: set -i and -t in sendmail wrapper 2026-05-25 18:49:57 +09:00
oysteikt 5023edeb13 temmie/userweb: install mod_perl with custom env 2026-05-25 18:24:23 +09:00
oysteikt 0d8c26c548 temmie/userweb: send propagatedBuildInputs through perl env wrapper 2026-05-25 17:05:02 +09:00
oysteikt bd244e7797 temmie/userweb: add www2 server alias 2026-05-25 16:24:35 +09:00
oysteikt e9220bb31e temmie/userweb: use www-datas UID + GID for backwards compat 2026-05-25 15:25:26 +09:00
oysteikt 6beb9c62c3 temmie/userweb: use bro to proxy sendmail requests out of sandbox 2026-05-25 15:02:40 +09:00
oysteikt b98e8679e6 temmie/userweb: set same phpOptions for env and apache 2026-05-11 14:54:56 +09:00
oysteikt ea092ec0b3 temmie/userweb: pass userdir user to sendmail through custom envvar 2026-05-11 14:26:47 +09:00
oysteikt 5e50b617fb temmie/userweb: switch from postfix to nullmailer 2026-05-11 13:52:58 +09:00