From 9fec52cfb9a2fca2e6ad2aa505075de47e930165 Mon Sep 17 00:00:00 2001
From: Cullum Smith <cullum@sacredheartsc.com>
Date: Thu, 14 Nov 2024 20:40:35 -0500
Subject: more updates for git server

---
 files/usr/local/etc/icinga2/conf.d/services.conf.icinga_server | 9 ++++++---
 files/usr/local/etc/nginx/vhosts.conf.git_server               | 5 +++++
 files/usr/local/etc/ssh/sshd_config.freebsd                    | 2 --
 3 files changed, 11 insertions(+), 5 deletions(-)

(limited to 'files/usr/local/etc')

diff --git a/files/usr/local/etc/icinga2/conf.d/services.conf.icinga_server b/files/usr/local/etc/icinga2/conf.d/services.conf.icinga_server
index 116fe44..ce08657 100644
--- a/files/usr/local/etc/icinga2/conf.d/services.conf.icinga_server
+++ b/files/usr/local/etc/icinga2/conf.d/services.conf.icinga_server
@@ -263,7 +263,8 @@ apply Service "http" {
              || "xmpp-servers"      in host.groups
              || "znc-servers"       in host.groups
              || "icinga-servers"    in host.groups
-             || "bitwarden-servers" in host.groups)
+             || "bitwarden-servers" in host.groups
+             || "git-servers"       in host.groups)
 }
 
 // Expect HTTP 302
@@ -304,7 +305,8 @@ apply Service "https" {
   vars.http_critical_time = ${icinga_response_time_crit}
   assign where ("pkg-repositories"  in host.groups
              || "znc-servers"       in host.groups
-             || "bitwarden-servers" in host.groups)
+             || "bitwarden-servers" in host.groups
+             || "git-servers"       in host.groups)
 }
 
 // Expect HTTPS 404
@@ -350,7 +352,8 @@ apply Service "https-cert" {
              || "smtp-servers"      in host.groups
              || "icinga-servers"    in host.groups
              || "web-servers"       in host.groups
-             || "ttrss-servers"     in host.groups)
+             || "ttrss-servers"     in host.groups
+             || "git-servers"       in host.groups)
              && !host.vars.https_vhosts)
 }
 
diff --git a/files/usr/local/etc/nginx/vhosts.conf.git_server b/files/usr/local/etc/nginx/vhosts.conf.git_server
index fdd5f53..0d24050 100644
--- a/files/usr/local/etc/nginx/vhosts.conf.git_server
+++ b/files/usr/local/etc/nginx/vhosts.conf.git_server
@@ -39,6 +39,11 @@ $(printf '    deny %s;\n' $kerberized_cidrs)
     fastcgi_pass unix:${gitolite_fcgiwrap_socket};
   }
 
+  location /custom-style.css {
+    add_header Cache-Control "public";
+    expires 1d;
+  }
+
   location @cgit {
     include fastcgi_params;
     fastcgi_param SCRIPT_FILENAME ${cgit_webroot}/cgit.cgi;
diff --git a/files/usr/local/etc/ssh/sshd_config.freebsd b/files/usr/local/etc/ssh/sshd_config.freebsd
index 0e0d730..eca2276 100644
--- a/files/usr/local/etc/ssh/sshd_config.freebsd
+++ b/files/usr/local/etc/ssh/sshd_config.freebsd
@@ -13,6 +13,4 @@ GSSAPICleanupCredentials yes
 UsePAM yes
 UseDNS no
 
-# TODO: require group to login?
-
 Subsystem	sftp	/usr/local/libexec/sftp-server
-- 
cgit v1.2.3