diff options
Diffstat (limited to 'roles/munin-master/files')
| -rw-r--r-- | roles/munin-master/files/etc/nginx/sites-available/munin | 14 | ||||
| -rw-r--r-- | roles/munin-master/files/etc/systemd/system/munin-cgi-graph.service | 28 | ||||
| -rw-r--r-- | roles/munin-master/files/etc/systemd/system/munin-cgi-graph.socket (renamed from roles/munin-master/files/lib/systemd/system/munin-cgi-graph.socket) | 0 | ||||
| -rw-r--r-- | roles/munin-master/files/etc/systemd/system/munin-cgi-html.service | 27 | ||||
| -rw-r--r-- | roles/munin-master/files/etc/systemd/system/munin-cgi-html.socket (renamed from roles/munin-master/files/lib/systemd/system/munin-cgi-html.socket) | 0 | ||||
| -rw-r--r-- | roles/munin-master/files/lib/systemd/system/munin-cgi-graph.service | 14 | ||||
| -rw-r--r-- | roles/munin-master/files/lib/systemd/system/munin-cgi-html.service | 14 |
7 files changed, 65 insertions, 32 deletions
diff --git a/roles/munin-master/files/etc/nginx/sites-available/munin b/roles/munin-master/files/etc/nginx/sites-available/munin index ade1888..2f681fb 100644 --- a/roles/munin-master/files/etc/nginx/sites-available/munin +++ b/roles/munin-master/files/etc/nginx/sites-available/munin @@ -1,31 +1,37 @@ server { listen 127.0.0.1:80; listen [::1]:80; server_name munin.fripost.org; + allow 127.0.0.0/8; + allow ::1/128; + deny all; + access_log /var/log/nginx/munin.access.log; error_log /var/log/nginx/munin.error.log info; + include snippets/headers.conf; + location = / { return 302 /munin$args; } location /munin/static/ { alias /etc/munin/static/; } location /munin-cgi/munin-cgi-graph/ { fastcgi_split_path_info ^(/munin-cgi/munin-cgi-graph)(.*); - include fastcgi/params; + fastcgi_param PATH_INFO $fastcgi_path_info; + include snippets/fastcgi.conf; fastcgi_pass unix:/run/munin/cgi-graph.socket; - gzip off; } location /munin/ { fastcgi_split_path_info ^(/munin)(.*); - include fastcgi/params; + fastcgi_param PATH_INFO $fastcgi_path_info; + include snippets/fastcgi.conf; fastcgi_pass unix:/run/munin/cgi-html.socket; - gzip off; } } diff --git a/roles/munin-master/files/etc/systemd/system/munin-cgi-graph.service b/roles/munin-master/files/etc/systemd/system/munin-cgi-graph.service new file mode 100644 index 0000000..b8e6012 --- /dev/null +++ b/roles/munin-master/files/etc/systemd/system/munin-cgi-graph.service @@ -0,0 +1,28 @@ +[Unit] +Description=Munin CGI Graph Service +After=network.target +PartOf=munin.service +Requires=munin-cgi-graph.socket + +[Service] +StandardInput=socket +User=www-data +Group=munin +ExecStart=/usr/lib/munin/cgi/munin-cgi-graph + +# Hardening +NoNewPrivileges=yes +PrivateDevices=yes +ProtectHome=yes +ProtectSystem=strict +ReadWriteDirectories=-/var/log/munin +ReadWriteDirectories=-/var/lib/munin/cgi-tmp/munin-cgi-graph +PrivateDevices=yes +PrivateNetwork=yes +ProtectControlGroups=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +RestrictAddressFamilies= + +[Install] +WantedBy=multi-user.target diff --git a/roles/munin-master/files/lib/systemd/system/munin-cgi-graph.socket b/roles/munin-master/files/etc/systemd/system/munin-cgi-graph.socket index d4d2e27..d4d2e27 100644 --- a/roles/munin-master/files/lib/systemd/system/munin-cgi-graph.socket +++ b/roles/munin-master/files/etc/systemd/system/munin-cgi-graph.socket diff --git a/roles/munin-master/files/etc/systemd/system/munin-cgi-html.service b/roles/munin-master/files/etc/systemd/system/munin-cgi-html.service new file mode 100644 index 0000000..0e66b3f --- /dev/null +++ b/roles/munin-master/files/etc/systemd/system/munin-cgi-html.service @@ -0,0 +1,27 @@ +[Unit] +Description=Munin CGI HTML Service +After=network.target +PartOf=munin.service +Requires=munin-cgi-html.socket + +[Service] +StandardInput=socket +User=www-data +Group=munin +ExecStart=/usr/lib/munin/cgi/munin-cgi-html + +# Hardening +NoNewPrivileges=yes +PrivateDevices=yes +ProtectHome=yes +ProtectSystem=strict +ReadWriteDirectories=-/var/log/munin +PrivateDevices=yes +PrivateNetwork=yes +ProtectControlGroups=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +RestrictAddressFamilies= + +[Install] +WantedBy=multi-user.target diff --git a/roles/munin-master/files/lib/systemd/system/munin-cgi-html.socket b/roles/munin-master/files/etc/systemd/system/munin-cgi-html.socket index 77be2cf..77be2cf 100644 --- a/roles/munin-master/files/lib/systemd/system/munin-cgi-html.socket +++ b/roles/munin-master/files/etc/systemd/system/munin-cgi-html.socket diff --git a/roles/munin-master/files/lib/systemd/system/munin-cgi-graph.service b/roles/munin-master/files/lib/systemd/system/munin-cgi-graph.service deleted file mode 100644 index 9e4d820..0000000 --- a/roles/munin-master/files/lib/systemd/system/munin-cgi-graph.service +++ /dev/null @@ -1,14 +0,0 @@ -[Unit] -Description=Munin CGI Graph Service -After=network.target -PartOf=munin.service -Requires=munin-cgi-graph.socket - -[Service] -StandardInput=socket -User=www-data -Group=munin -ExecStart=/usr/lib/munin/cgi/munin-cgi-graph - -[Install] -WantedBy=multi-user.target diff --git a/roles/munin-master/files/lib/systemd/system/munin-cgi-html.service b/roles/munin-master/files/lib/systemd/system/munin-cgi-html.service deleted file mode 100644 index 11a7470..0000000 --- a/roles/munin-master/files/lib/systemd/system/munin-cgi-html.service +++ /dev/null @@ -1,14 +0,0 @@ -[Unit] -Description=Munin CGI HTML Service -After=network.target -PartOf=munin.service -Requires=munin-cgi-html.socket - -[Service] -StandardInput=socket -User=www-data -Group=munin -ExecStart=/usr/lib/munin/cgi/munin-cgi-html - -[Install] -WantedBy=multi-user.target |