# Configuration for server stack demonstration include = ["../server.toml"] # General settings [general] # Filesystem size in MiB filesystem_size = 4096 # Package settings [packages] # Daemons openssh = {} nginx = {} rustysd = {} # Backends php84 = {} composer = {} luajit = {} python312 = {} # go = {} # zig = {} # Tools nano = {} neovim = {} rsync = {} vim = {} sqlite3 = {} # tmux = {} htop = {} # Content website = {} [[files]] path = "/usr/lib/init.d/98_keygen_sh" data = """ requires_weak 10_net bash /root/keygen.sh """ [[files]] path = "/usr/lib/init.d/99_rustysd" data = """ requires_weak 98_keygen_sh # Undocumented usage of rsdctl, pointing to notifications dir RSDCTL_ADDR=/var/run/rustysd/control.socket rustysd --conf /etc/rustysd """ [[files]] path = "/etc/rustysd/system/network-online.target" data = """ [Unit] Description=The target after networks has online [Install] WantedBy=default.target """ [[files]] path = "/etc/rustysd/system/multi-user.target" data = """ [Unit] Description=The target after user administrations has online [Install] WantedBy=default.target """ [[files]] path = "/etc/rustysd/system/nginx.service" data = """ [Unit] Description=The nginx HTTP and reverse proxy server After=network-online.target [Service] Type=simple ExecStart=/usr/bin/nginx -g "daemon off;" [Install] WantedBy=multi-user.target """ [[files]] path = "/etc/rustysd/system/ssh.service" data = """ [Unit] Description=OpenBSD Secure Shell server After=network-online.target [Service] Type=simple ExecStart=/usr/bin/sshd -D [Install] WantedBy=multi-user.target """ [[files]] path = "/etc/rustysd/system/php.service" data = """ [Unit] Description=OpenBSD Secure Shell server After=network-online.target [Service] Type=simple # currently php-fpm not that quite work ExecStart=env PWD=/var/www/html php -S localhost:9000 # ExecStart=/usr/bin/php-fpm --fpm-config /etc/php/84/php-fpm.conf --nodaemonize [Install] WantedBy=multi-user.target """ [[files]] path = "/var/www/html/index.php" data = """ php /bin/composer install """ [[files]] postinstall = true data = "" path = "/etc/nginx/conf.d" directory = true [[files]] postinstall = true path = "/etc/nginx/nginx.conf" data = """ user nginx; # currently nginx does a lot spin locking for some reason worker_processes 1; error_log /var/log/nginx/error.log; pid /var/run/nginx.pid; events { worker_connections 1024; } http { log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; include mime.types; include fastcgi.conf; default_type application/octet-stream; include /etc/nginx/conf.d/*.conf; } """ [[files]] postinstall = true path = "/etc/nginx/conf.d/localhost.conf" data = """ server { listen 80; server_name localhost; root /usr/share/website; absolute_redirect off; location / { index index.html index.htm; } } """ [[files]] postinstall = true path = "/etc/nginx/conf.d/php-www.conf" data = """ server { listen 8081; server_name localhost; root /var/www/html; index index.php index.html index.htm; location / { try_files $uri $uri/ =404; } location ~ \\.php$ { # because we're not using PHP FPM (see rustysd php.service) # include fastcgi_params; # fastcgi_pass 127.0.0.1:9000; # fastcgi_index index.php; # fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; proxy_pass http://127.0.0.1:9000; } } """ [[files]] postinstall = true path = "/etc/php/84/php-fpm.conf" data = """ error_log=/var/log/php-fpm.log include=/etc/php/84/php-fpm.d/*.conf """ [[files]] postinstall = true path = "/etc/php/84/php-fpm.d/www.conf" data = """ [www] user = user group = user listen = 127.0.0.1:9000 pm = static pm.max_children = 1 """ [[files]] postinstall = true path = "/etc/ssh/sshd_config" data = """ Port 22 AddressFamily inet AuthorizedKeysFile .ssh/authorized_keys PermitRootLogin yes PasswordAuthentication yes PermitEmptyPasswords yes Subsystem sftp /usr/libexec/sftp-server """ [users.nobody] password = "" shell = "/usr/bin/ion" #TODO: nologin? [users.nginx] password = "" shell = "/usr/bin/ion" #TODO: nologin? [[files]] path = "/root/keygen.sh" data = """ #!/usr/bin/env bash if [ ! -f /etc/ssh/ssh_host_rsa_key ]; then ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N "" ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -N "" ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N "" fi """ [[files]] path = "/home/user/server.sh" data = """ #!/usr/bin/env bash /bin/sshd -D & nginx -g "daemon off;" & php-fpm --nodaemonize & """ [[files]] path = "/home/user/Welcome.txt" data = """ ############################################################################## # Welcome to Red Bear OS Server Demo! # # This is a quick demonstration of Red Bear OS used as server stack. # At the moment we support SSH, NGINX, Python, PHP. There's more to come # # This server demo is insecure by design, we encourage you to get familiar into # basics of server security if you wish to use this as a production server. # # There should be rustysd already running, if not, you can try start it manually # > sudo rustysd --conf /etc/rustysd # # You can also try running all daemons manually # > sudo bash server.sh # # The server will start port 22 (ssh), 80 (static web) and 8081 (php) # If you use the Red Bear OS build system, starting QEMU with `net=redir` # should expose those port to 8022, 8080 and 8081. # Try logging in to console via SSH with `ssh user@localhost -p 8022` # ############################################################################## """