From 864a75a96f7b81df3ddc52bbcef468a8646b5fb8 Mon Sep 17 00:00:00 2001
From: Chris Croome <chris@webarchitects.co.uk>
Date: Wed, 6 Sep 2023 18:31:43 +0100
Subject: [PATCH] deny .git for templates
---
.pre-commit-config.yaml | 8 ++++----
.pymarkdown | 7 -------
.pymarkdown.yml | 14 ++++++++++++++
templates/mc3.conf.j2 | 31 ++++++++++++++++++-------------
templates/webarch.conf.j2 | 5 +++++
5 files changed, 41 insertions(+), 24 deletions(-)
delete mode 100644 .pymarkdown
create mode 100644 .pymarkdown.yml
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 8da5a5a..d4f2ed6 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -17,19 +17,19 @@ repos:
name: YAML Lint
# https://github.com/ansible/ansible-lint/releases
- repo: https://github.com/ansible/ansible-lint.git
- rev: v6.17.2
+ rev: v6.18.0
hooks:
- id: ansible-lint
name: Ansible Lint
language: python
additional_dependencies:
# https://github.com/kellyjonbrazil/jc/releases
- - jc==1.23.2
+ - jc==1.23.4
# https://github.com/jmespath/jmespath.py/tags
- jmespath==1.0.1
# https://github.com/jackdewinter/pymarkdown/releases
- - repo: https://github.com/jackdewinter/pymarkdown
- rev: v0.9.11
+ - repo: https://github.com/jackdewinter/pymarkdown.git
+ rev: v0.9.13.3
hooks:
- id: pymarkdown
name: Markdown Lint
diff --git a/.pymarkdown b/.pymarkdown
deleted file mode 100644
index 4ccc9d3..0000000
--- a/.pymarkdown
+++ /dev/null
@@ -1,7 +0,0 @@
-{
- "plugins": {
- "md013": {
- "enabled": false
- }
- }
-}
diff --git a/.pymarkdown.yml b/.pymarkdown.yml
new file mode 100644
index 0000000..f3d9bc2
--- /dev/null
+++ b/.pymarkdown.yml
@@ -0,0 +1,14 @@
+# Copyright 2018-2023 Chris Croome
+#
+# This file is part of the Webarchitects Apache Ansible role.
+#
+# The Webarchitects Apache Ansible role is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
+#
+# The Webarchitects Apache Ansible role is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along with the Webarchitects Apache Ansible role. If not, see <https://www.gnu.org/licenses/>.
+---
+plugins:
+ md013:
+ enabled: false
+...
diff --git a/templates/mc3.conf.j2 b/templates/mc3.conf.j2
index 0d4da7e..0d98899 100644
--- a/templates/mc3.conf.j2
+++ b/templates/mc3.conf.j2
@@ -23,14 +23,14 @@ Alias /mc3.shtml /var/www/mc3/mc3.shtml
Alias /icons /usr/share/apache2/icons
# env vars for the default index page, mc3.shtml
{% if apache_conf_enabled is defined and "phpmyadmin" in apache_conf_enabled %}
-SetEnv PHPMYADMIN_DOMAIN "{{ inventory_hostname }}"
+SetEnv PHPMYADMIN_DOMAIN "{{ inventory_hostname }}"
{% endif %}
SetEnv HOME_DOMAIN "mc3.coop"
SetEnv SITE_TITLE "MC3 Co-operative Hosting"
SetEnv STATIC_DIR "/mc3/"
SetEnv STATIC_TOP "top.shtml"
SetEnv STATIC_BOT "bot.shtml"
-# default page title
+# default page title
SetEnv PAGE_TITLE "Directory Listing"
SetEnv PAGE_DESC ""
<Directory "/">
@@ -39,14 +39,14 @@ SetEnv PAGE_DESC ""
Require all denied
</Directory>
<Directory "/var/www/mc3">
- Options IncludesNoExec
+ Options IncludesNoExec
DirectoryIndex mc3.shtml
AddOutputFilter Includes shtml
- SSILegacyExprParser on
- SSILastModified on
+ SSILegacyExprParser on
+ SSILastModified on
HeaderName /mc3/top.shtml
ReadmeName /mc3/bot.shtml
- IndexOptions FancyIndexing VersionSort HTMLTable NameWidth=* DescriptionWidth=*
+ IndexOptions FancyIndexing VersionSort HTMLTable NameWidth=* DescriptionWidth=*
IndexOptions Charset=UTF-8 SuppressHTMLPreamble XHTML TrackModified IconsAreLinks
IndexOptions SuppressDescription
AllowOverride None
@@ -70,16 +70,21 @@ SetEnv PAGE_DESC ""
</Directory>
<Directory "/var/www/html/.well-known">
Options None
- AllowOverride None
+ AllowOverride None
ForceType text/plain
</Directory>
+<Directory "/var/www/html/.git">
+ Options None
+ AllowOverride None
+ Require all denied
+</Directory>
<Directory "/home/*/sites/*">
DirectoryIndex mc3.shtml
AddOutputFilter Includes shtml
- SSILegacyExprParser on
+ SSILegacyExprParser on
HeaderName /mc3/top.shtml
ReadmeName /mc3/bot.shtml
- IndexOptions FancyIndexing VersionSort HTMLTable NameWidth=* DescriptionWidth=*
+ IndexOptions FancyIndexing VersionSort HTMLTable NameWidth=* DescriptionWidth=*
IndexOptions Charset=UTF-8 SuppressHTMLPreamble XHTML TrackModified IconsAreLinks
IndexOptions SuppressDescription
</Directory>
@@ -90,10 +95,10 @@ ErrorDocument 403 /mc3/403.shtml
# The default virtual host for port 80
<VirtualHost *:80>
- ServerName {{ inventory_hostname }}
+ ServerName {{ inventory_hostname }}
ServerAlias www.{{ inventory_hostname }}
<IfModule suexec_module>
- SuexecUserGroup www-data www-data
+ SuexecUserGroup www-data www-data
</IfModule>
ServerAdmin graham@mc3.coop
#SetEnv PIWIK_SITE_ID "1"
@@ -122,10 +127,10 @@ ErrorDocument 403 /mc3/403.shtml
# The default virtual host for port 443
<IfModule mod_ssl.c>
<VirtualHost *:443>
- ServerName {{ inventory_hostname }}
+ ServerName {{ inventory_hostname }}
ServerAlias www.{{ inventory_hostname }}
<IfModule suexec_module>
- SuexecUserGroup www-data www-data
+ SuexecUserGroup www-data www-data
</IfModule>
ServerAdmin graham@mc3.coop
#SetEnv PIWIK_SITE_ID "1"
diff --git a/templates/webarch.conf.j2 b/templates/webarch.conf.j2
index f09ab71..2363413 100644
--- a/templates/webarch.conf.j2
+++ b/templates/webarch.conf.j2
@@ -89,6 +89,11 @@ SetEnv PAGE_DESC ""
</IfModule>
RedirectMatch 404 /\\.(svn|git|hg|bzr|cvs)(/|$)
</Directory>
+<Directory "/var/www/html/.git">
+ Options None
+ AllowOverride None
+ Require all denied
+</Directory>
<Directory "/var/www/html/.well-known">
Options None
AllowOverride None
--
GitLab