From 455a8cc81e08094ec9372cb94d762c1c82d02ce7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Fri, 23 Feb 2024 00:18:13 +0100 Subject: [PATCH] Cleanup unused files --- conf/cron | 22 --------------------- conf/default_sogo | 1 - conf/systemd.service | 46 -------------------------------------------- 3 files changed, 69 deletions(-) delete mode 100644 conf/cron delete mode 100644 conf/default_sogo delete mode 100644 conf/systemd.service diff --git a/conf/cron b/conf/cron deleted file mode 100644 index d13c566..0000000 --- a/conf/cron +++ /dev/null @@ -1,22 +0,0 @@ -# Sogod cronjobs - -# Vacation messages expiration -# The credentials file should contain the sieve admin credentials (username:passwd) -0 0 * * * __APP__ /__INSTALL_DIR__/sbin/sogo-tool update-autoreply -p /etc/sogo/sieve.creds - -# Session cleanup - runs every minute -# - Ajust the nbMinutes parameter to suit your needs -# Example: Sessions without activity since 60 minutes will be dropped: -* * * * * __APP__ /__INSTALL_DIR__/sbin/sogo-tool expire-sessions 60 > /dev/null 2>&1 - -# Email alarms - runs every minutes -# If you need to use SMTP AUTH for outgoing mails, specify credentials to use -# with '-p /path/to/credentialsFile' (same format as the sieve credentials) -* * * * * __APP__ /__INSTALL_DIR__/sbin/sogo-ealarms-notify > /dev/null 2>&1 - -# Daily backups -# - writes to ~sogo/backups/ by default -# - will keep 31 days worth of backups by default -# - runs once a day by default, but can run more frequently -# - make sure to set the path to sogo-backup.sh correctly -#30 0 * * * __APP__ /__INSTALL_DIR__/share/doc/sogo/sogo-backup.sh diff --git a/conf/default_sogo b/conf/default_sogo deleted file mode 100644 index 05efad1..0000000 --- a/conf/default_sogo +++ /dev/null @@ -1 +0,0 @@ -PREFORK=3 diff --git a/conf/systemd.service b/conf/systemd.service deleted file mode 100644 index 71c6dbe..0000000 --- a/conf/systemd.service +++ /dev/null @@ -1,46 +0,0 @@ -[Unit] -Description=SOGo is a groupware server -After=network.target -After=mariadb.service - -[Service] -Environment="PREFORK=3" -Environment="LD_LIBRARY_PATH=/lib:/usr/lib:/__INSTALL_DIR__/Library/Libraries/sogo:/__INSTALL_DIR__/Local/Library/Libraries/sogo" -EnvironmentFile=-/etc/default/__APP__ -Type=forking -ExecStart=/__INSTALL_DIR__/sbin/sogod -WOWorkersCount ${PREFORK} -WOPidFile /run/__APP__/sogo.pid -WOLogFile /var/log/__APP__/sogo.log -PIDFile=/run/__APP__/sogo.pid -User=__APP__ - -# Sandboxing options to harden security -# Depending on specificities of your service/app, you may need to tweak these -# .. but this should be a good baseline -# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html -NoNewPrivileges=yes -PrivateTmp=yes -PrivateDevices=yes -RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 -RestrictNamespaces=yes -RestrictRealtime=yes -DevicePolicy=closed -ProtectSystem=full -ProtectControlGroups=yes -ProtectKernelModules=yes -ProtectKernelTunables=yes -LockPersonality=yes -SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap - -# Denying access to capabilities that should not be relevant for webapps -# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html -CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD -CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE -CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT -CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK -CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM -CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG -CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE -CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW -CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG - -[Install] -WantedBy=multi-user.target