miya0001/smartos.sh Secret

## smartos.sh
rm -fr /var/db/pkgin/pkgin.db
pkgin -y update

#
# install packages
#
pkgin -y install nginx
pkgin -y install mysql-server
pkgin -y install postfix
pkgin -y install memcached
pkgin -y install php53-bcmath
pkgin -y install php53-bz2
pkgin -y install php53-calendar
pkgin -y install php53-curl
pkgin -y install php53-dba
pkgin -y install php53-dom
pkgin -y install php53-dtrace
pkgin -y install php53-eaccelerator
pkgin -y install php53-enchant
pkgin -y install php53-exif
pkgin -y install php53-fpm
pkgin -y install php53-ftp
pkgin -y install php53-gd
pkgin -y install php53-geoip
pkgin -y install php53-gettext
pkgin -y install php53-gmp
pkgin -y install php53-http
pkgin -y install php53-iconv
pkgin -y install php53-imagick
pkgin -y install php53-imap
pkgin -y install php53-intl
pkgin -y install php53-json
pkgin -y install php53-ldap
pkgin -y install php53-mailparse
pkgin -y install php53-mbstring
pkgin -y install php53-mcrypt
pkgin -y install php53-memcache
pkgin -y install php53-mysql
pkgin -y install php53-oauth
pkgin -y install php53-pcntl
pkgin -y install php53-pdflib
pkgin -y install php53-posix
pkgin -y install php53-pspell
pkgin -y install php53-redis
pkgin -y install php53-shmop
pkgin -y install php53-snmp
pkgin -y install php53-soap
pkgin -y install php53-sockets
pkgin -y install php53-sphinx
pkgin -y install php53-sqlite
pkgin -y install php53-ssh2
pkgin -y install php53-suhosin
pkgin -y install php53-sysvmsg
pkgin -y install php53-sysvsem
pkgin -y install php53-sysvshm
pkgin -y install php53-tidy
pkgin -y install php53-uploadprogress
pkgin -y install php53-wddx
pkgin -y install php53-xmlrpc
pkgin -y install php53-xsl
pkgin -y install php53-zip
pkgin -y install php53-zlib


#
# setup php
#
mkdir -p /opt/local/etc/php.d
mkdir -p /var/log/php-fpm
chown -R www:www /var/log/php-fpm

cat > /opt/local/etc/php.d/extensions.ini<<'EOL'
extension=bcmath.so
extension=bz2.so
extension=calendar.so
extension=curl.so
extension=dba.so
extension=dom.so
extension=dtrace.so
extension=eaccelerator.so
extension=enchant.so
extension=exif.so
extension=ftp.so
extension=gd.so
extension=geoip.so
extension=gettext.so
extension=gmp.so
extension=http.so
extension=iconv.so
extension=imagick.so
extension=imap.so
extension=intl.so
extension=json.so
extension=ldap.so
extension=mailparse.so
extension=mbstring.so
extension=mcrypt.so
extension=memcache.so
extension=mysql.so
extension=oauth.so
extension=pcntl.so
extension=pdf.so
extension=posix.so
extension=pspell.so
extension=redis.so
extension=shmop.so
extension=snmp.so
extension=soap.so
extension=sockets.so
extension=sphinx.so
extension=sqlite.so
extension=ssh2.so
extension=suhosin.so
extension=sysvmsg.so
extension=sysvsem.so
extension=sysvshm.so
extension=tidy.so
extension=uploadprogress.so
extension=wddx.so
extension=xmlrpc.so
extension=xsl.so
extension=zip.so
extension=zlib.so

sendmail_path = "/opt/local/sbin/sendmail -t -i"

eaccelerator.shm_size = "0"
eaccelerator.cache_dir = "/var/cache/php-eaccelerator"
eaccelerator.enable = "1"
eaccelerator.optimizer = "1"
eaccelerator.debug = 0
eaccelerator.log_file = "/var/log/php-fpm/eaccelerator_log"
eaccelerator.name_space = ""
eaccelerator.check_mtime = "1"
eaccelerator.filter = ""
eaccelerator.shm_ttl = "0"
eaccelerator.shm_prune_period = "0"
eaccelerator.shm_only = "0"
eaccelerator.allowed_admin_path = ""
EOL


#
# setup php-fpm
#
cat > /opt/local/etc/php-fpm.conf<<'EOL'
[global]
pid = /var/run/php-fpm.pid
error_log = /var/log/php-fpm/php-fpm.log
;log_level = notice
;emergency_restart_threshold = 0
;emergency_restart_interval = 0
;process_control_timeout = 0
;daemonize = yes
[www]
listen = /tmp/php-fpm.sock
listen.allowed_clients = 127.0.0.1
user = www
group = www
pm = static
pm.max_children = 5
request_terminate_timeout = 60
php_admin_value[error_log] = /var/log/php-fpm/www-error.log
php_admin_flag[log_errors] = on
php_admin_value[upload_max_filesize] = 10M
php_admin_value[post_max_size] = 10M
EOL

mkdir -p /var/cache/php-eaccelerator
chown www:www /var/cache/php-eaccelerator


#
# setup nginx
#

mkdir -p /opt/local/etc/nginx/conf.d

cat > /opt/local/etc/nginx/nginx.conf<<'EOL'
#######################################################################
#
# This is the main Nginx configuration file.
#
# More information about the configuration options is available on
#   * the English wiki - http://wiki.nginx.org/Main
#   * the Russian documentation - http://sysoev.ru/nginx/
#
#######################################################################

#----------------------------------------------------------------------
# Main Module - directives that cover basic functionality
#
#   http://wiki.nginx.org/NginxHttpMainModule
#
#----------------------------------------------------------------------

user              www;
worker_processes  2;

error_log  /var/log/nginx/error.log alert;
pid        /var/run/nginx.pid;


#----------------------------------------------------------------------
# Events Module
#
#   http://wiki.nginx.org/NginxHttpEventsModule
#
#----------------------------------------------------------------------

events {
    worker_connections  1024;
    use /dev/poll;
}


#----------------------------------------------------------------------
# HTTP Core Module
#
#   http://wiki.nginx.org/NginxHttpCoreModule
#
#----------------------------------------------------------------------

http {
    server_tokens off;
    include       /opt/local/etc/nginx/mime.types;
    default_type  application/octet-stream;

    sendfile        on;
    keepalive_timeout  60;

    #gzip  on;
    gzip              on;
    gzip_http_version 1.0;
    gzip_vary         on;
    gzip_comp_level   6;
    gzip_types        text/xml text/css application/xhtml+xml application/xml application/rss+xml application/atom_xml application/x-javascript application/x-httpd-php;
    gzip_disable      "MSIE [1-6]\.";


    proxy_cache_path  /var/cache/nginx levels=1:2 keys_zone=czone:4m max_size=50m inactive=30d;
    proxy_temp_path   /var/tmp/nginx;
    proxy_cache_key   "$scheme://$host$request_uri";
    proxy_set_header  Host $host;
    proxy_set_header  X-Real-IP          $remote_addr;
    proxy_set_header  X-Forwarded-Host   $host;
    proxy_set_header  X-Forwarded-Server $host;
    proxy_set_header  X-Forwarded-For    $proxy_add_x_forwarded_for;

    #
    # The default server
    #

    upstream backend {
        server  127.0.0.1:8080;
    }

    server
    {
        listen 80 default_server;
        server_name _;

        client_max_body_size 10M;

        location /wp-admin { proxy_pass http://backend; }
        location ~ .*\.php { proxy_pass http://backend; }
        location / {
            if ($http_cookie ~* "wordpress_(?!test_cookie)") {
                set $do_not_cache 1;
            }
            proxy_no_cache     $do_not_cache;
            proxy_cache_bypass $do_not_cache;
            proxy_cache czone;
            proxy_cache_key "$scheme://$host$request_uri";
            proxy_cache_valid  0;
            proxy_pass http://backend;
        }
    }

    server {
        listen 8080 default_server;
        server_name  _;
        return 444;
    }

    # Load config files from the /etc/nginx/conf.d directory
    include /opt/local/etc/nginx/conf.d/*.conf;

}
EOL

cat > /opt/local/etc/nginx/conf.d/example.com.conf <<'EOL'
server
{
    listen       8080;
    client_max_body_size 10m;
    server_name  .exmaple.com;
    set $vhost_root "/home/vhosts/exmaple.com";
    gzip              off;
    gzip_vary         off;

    root   $vhost_root;
    index  index.php index.html index.htm;

    location / {
        if (-f $request_filename)
        {
            expires 14d;
            break;
        }

        if (!-e $request_filename)
        {
            rewrite ^(.+)$  /index.php?q=$1 last;
        }
    }

    location ~ \.php$ {
        include        /opt/local/etc/nginx/fastcgi_params;
        fastcgi_pass   unix:/tmp/php-fpm.sock;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME  $vhost_root$fastcgi_script_name;
        fastcgi_pass_header "X-Accel-Redirect";
        fastcgi_pass_header "X-Accel-Buffering";
        fastcgi_pass_header "X-Accel-Charset";
        fastcgi_pass_header "X-Accel-Expires";
        fastcgi_pass_header "X-Accel-Limit-Rate";
    }

    location ~ /\.ht {
        deny all;
    }
}
EOL

#
# MySQL
#

cat > /opt/local/etc/my.cnf <<'EOL'
[mysqld]
user=mysql
datadir=/var/mysql
character-set-server=utf8
skip_external_locking
skip_networking
# skip_name_resolv
socket=/tmp/mysql.sock


# InnoDB settings
innodb_buffer_pool_size = 384M
innodb_data_file_path = ibdata1:10M:autoextend
innodb_additional_mem_pool_size = 30M
innodb_doublewrite = 0
innodb_io_capacity = 1000
innodb_read_io_threads = 8
innodb_write_io_threads = 8


# General
query_cache_limit=1M
query_cache_min_res_unit=4k
query_cache_size=32M
query_cache_type=1

[mysqld_safe]
log-error=/var/log/mysql/mysqld.log
pid-file=/var/run/mysqld.pid

[mysqldump]
quick

[client]
default-character-set=utf8
EOL

mkdir -p /var/mysql
chown mysql:mysql /var/mysql
/opt/local/bin/mysql_install_db


#
# log rotate
#
cat > /etc/logadm.conf <<'EOL'
/var/adm/messages -C 4 -P 'Fri Feb 18 03:10:00 2011' -a 'kill -HUP `cat /var/run/syslog.pid`'
/var/adm/pacct -C 0 -N -a '/usr/lib/acct/accton pacct' -g adm -m 664 -o adm -p never
/var/cron/log -P 'Mon Feb 21 03:10:00 2011' -c -s 512k -t /var/cron/olog
/var/fm/fmd/errlog -M '/usr/sbin/fmadm -q rotate errlog && mv /var/fm/fmd/errlog.0- $nfile' -N -s 2m
/var/fm/fmd/fltlog -A 6m -M '/usr/sbin/fmadm -q rotate fltlog && mv /var/fm/fmd/fltlog.0- $nfile' -N -s 10m
/var/log/pool/poold -N -a 'pkill -HUP poold; true' -s 512m
/var/log/syslog -C 5 -P 'Mon Nov 12 03:10:00 2007' -a 'kill -HUP `cat /var/run/syslog.pid`' -s 100m
/var/lp/logs/lpsched -C 2 -N -t '$file.$N'
smf_logs -C 3 -c -s 1m /var/svc/log/*.log
/var/log/auth.log -C 5 -P 'Tue Aug 25 03:10:00 2009' -a 'kill -HUP `cat /var/run/syslog.pid`' -s 100m
nginx -C 5 -c -s 100m '/var/log/nginx/{access,error}.log'
mysql -C 5 -c -s 100m '/var/log/mysql/{error,slowquery}.log'
/var/log/postfix.log -C 5 -a 'kill -HUP `cat /var/run/syslog.pid`' -s 100m
/var/log/php-fpm.log -C 5 -c -s 100m
/var/log/php-fpm/www-error.log -C 5 -c -s 100m
/var/log/eaccelerator_log -C 5 -c -s 100m
EOL


#
# ipfilter
#
cat > /etc/ipf/ipf.conf <<'EOL'
pass out from any to any keep state
pass in quick from 127.0.0.0/8 to any keep state
pass in quick proto tcp/udp from any to any port = 80 keep state
pass in quick proto tcp/udp from any to any port = 443 keep state
pass in quick proto tcp/udp from any to any port = 22 keep state
block in quick all
EOL


#
# startup daemons
#
svcadm disable memcached
svcadm enable memcached
svcadm disable nginx
svcadm enable nginx
svcadm disable mysql
svcadm enable mysql
svcadm disable postfix
svcadm enable postfix
svcadm disable php
svcadm enable php
svcadm disable php
svcadm enable php
svcadm disable ipfilter
svcadm enable ipfilter
	rm -fr /var/db/pkgin/pkgin.db
	pkgin -y update

	#
	# install packages
	#
	pkgin -y install nginx
	pkgin -y install mysql-server
	pkgin -y install postfix
	pkgin -y install memcached
	pkgin -y install php53-bcmath
	pkgin -y install php53-bz2
	pkgin -y install php53-calendar
	pkgin -y install php53-curl
	pkgin -y install php53-dba
	pkgin -y install php53-dom
	pkgin -y install php53-dtrace
	pkgin -y install php53-eaccelerator
	pkgin -y install php53-enchant
	pkgin -y install php53-exif
	pkgin -y install php53-fpm
	pkgin -y install php53-ftp
	pkgin -y install php53-gd
	pkgin -y install php53-geoip
	pkgin -y install php53-gettext
	pkgin -y install php53-gmp
	pkgin -y install php53-http
	pkgin -y install php53-iconv
	pkgin -y install php53-imagick
	pkgin -y install php53-imap
	pkgin -y install php53-intl
	pkgin -y install php53-json
	pkgin -y install php53-ldap
	pkgin -y install php53-mailparse
	pkgin -y install php53-mbstring
	pkgin -y install php53-mcrypt
	pkgin -y install php53-memcache
	pkgin -y install php53-mysql
	pkgin -y install php53-oauth
	pkgin -y install php53-pcntl
	pkgin -y install php53-pdflib
	pkgin -y install php53-posix
	pkgin -y install php53-pspell
	pkgin -y install php53-redis
	pkgin -y install php53-shmop
	pkgin -y install php53-snmp
	pkgin -y install php53-soap
	pkgin -y install php53-sockets
	pkgin -y install php53-sphinx
	pkgin -y install php53-sqlite
	pkgin -y install php53-ssh2
	pkgin -y install php53-suhosin
	pkgin -y install php53-sysvmsg
	pkgin -y install php53-sysvsem
	pkgin -y install php53-sysvshm
	pkgin -y install php53-tidy
	pkgin -y install php53-uploadprogress
	pkgin -y install php53-wddx
	pkgin -y install php53-xmlrpc
	pkgin -y install php53-xsl
	pkgin -y install php53-zip
	pkgin -y install php53-zlib


	#
	# setup php
	#
	mkdir -p /opt/local/etc/php.d
	mkdir -p /var/log/php-fpm
	chown -R www:www /var/log/php-fpm

	cat > /opt/local/etc/php.d/extensions.ini<<'EOL'
	extension=bcmath.so
	extension=bz2.so
	extension=calendar.so
	extension=curl.so
	extension=dba.so
	extension=dom.so
	extension=dtrace.so
	extension=eaccelerator.so
	extension=enchant.so
	extension=exif.so
	extension=ftp.so
	extension=gd.so
	extension=geoip.so
	extension=gettext.so
	extension=gmp.so
	extension=http.so
	extension=iconv.so
	extension=imagick.so
	extension=imap.so
	extension=intl.so
	extension=json.so
	extension=ldap.so
	extension=mailparse.so
	extension=mbstring.so
	extension=mcrypt.so
	extension=memcache.so
	extension=mysql.so
	extension=oauth.so
	extension=pcntl.so
	extension=pdf.so
	extension=posix.so
	extension=pspell.so
	extension=redis.so
	extension=shmop.so
	extension=snmp.so
	extension=soap.so
	extension=sockets.so
	extension=sphinx.so
	extension=sqlite.so
	extension=ssh2.so
	extension=suhosin.so
	extension=sysvmsg.so
	extension=sysvsem.so
	extension=sysvshm.so
	extension=tidy.so
	extension=uploadprogress.so
	extension=wddx.so
	extension=xmlrpc.so
	extension=xsl.so
	extension=zip.so
	extension=zlib.so

	sendmail_path = "/opt/local/sbin/sendmail -t -i"

	eaccelerator.shm_size = "0"
	eaccelerator.cache_dir = "/var/cache/php-eaccelerator"
	eaccelerator.enable = "1"
	eaccelerator.optimizer = "1"
	eaccelerator.debug = 0
	eaccelerator.log_file = "/var/log/php-fpm/eaccelerator_log"
	eaccelerator.name_space = ""
	eaccelerator.check_mtime = "1"
	eaccelerator.filter = ""
	eaccelerator.shm_ttl = "0"
	eaccelerator.shm_prune_period = "0"
	eaccelerator.shm_only = "0"
	eaccelerator.allowed_admin_path = ""
	EOL


	#
	# setup php-fpm
	#
	cat > /opt/local/etc/php-fpm.conf<<'EOL'
	[global]
	pid = /var/run/php-fpm.pid
	error_log = /var/log/php-fpm/php-fpm.log
	;log_level = notice
	;emergency_restart_threshold = 0
	;emergency_restart_interval = 0
	;process_control_timeout = 0
	;daemonize = yes
	[www]
	listen = /tmp/php-fpm.sock
	listen.allowed_clients = 127.0.0.1
	user = www
	group = www
	pm = static
	pm.max_children = 5
	request_terminate_timeout = 60
	php_admin_value[error_log] = /var/log/php-fpm/www-error.log
	php_admin_flag[log_errors] = on
	php_admin_value[upload_max_filesize] = 10M
	php_admin_value[post_max_size] = 10M
	EOL

	mkdir -p /var/cache/php-eaccelerator
	chown www:www /var/cache/php-eaccelerator


	#
	# setup nginx
	#

	mkdir -p /opt/local/etc/nginx/conf.d

	cat > /opt/local/etc/nginx/nginx.conf<<'EOL'
	#######################################################################
	#
	# This is the main Nginx configuration file.
	#
	# More information about the configuration options is available on
	# * the English wiki - http://wiki.nginx.org/Main
	# * the Russian documentation - http://sysoev.ru/nginx/
	#
	#######################################################################

	#----------------------------------------------------------------------
	# Main Module - directives that cover basic functionality
	#
	# http://wiki.nginx.org/NginxHttpMainModule
	#
	#----------------------------------------------------------------------

	user www;
	worker_processes 2;

	error_log /var/log/nginx/error.log alert;
	pid /var/run/nginx.pid;


	#----------------------------------------------------------------------
	# Events Module
	#
	# http://wiki.nginx.org/NginxHttpEventsModule
	#
	#----------------------------------------------------------------------

	events {
	worker_connections 1024;
	use /dev/poll;
	}


	#----------------------------------------------------------------------
	# HTTP Core Module
	#
	# http://wiki.nginx.org/NginxHttpCoreModule
	#
	#----------------------------------------------------------------------

	http {
	server_tokens off;
	include /opt/local/etc/nginx/mime.types;
	default_type application/octet-stream;

	sendfile on;
	keepalive_timeout 60;

	#gzip on;
	gzip on;
	gzip_http_version 1.0;
	gzip_vary on;
	gzip_comp_level 6;
	gzip_types text/xml text/css application/xhtml+xml application/xml application/rss+xml application/atom_xml application/x-javascript application/x-httpd-php;
	gzip_disable "MSIE [1-6]\.";


	proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=czone:4m max_size=50m inactive=30d;
	proxy_temp_path /var/tmp/nginx;
	proxy_cache_key "$scheme://$host$request_uri";
	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-Host $host;
	proxy_set_header X-Forwarded-Server $host;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

	#
	# The default server
	#

	upstream backend {
	server 127.0.0.1:8080;
	}

	server
	{
	listen 80 default_server;
	server_name _;

	client_max_body_size 10M;

	location /wp-admin { proxy_pass http://backend; }
	location ~ .*\.php { proxy_pass http://backend; }
	location / {
	if ($http_cookie ~* "wordpress_(?!test_cookie)") {
	set $do_not_cache 1;
	}
	proxy_no_cache $do_not_cache;
	proxy_cache_bypass $do_not_cache;
	proxy_cache czone;
	proxy_cache_key "$scheme://$host$request_uri";
	proxy_cache_valid 0;
	proxy_pass http://backend;
	}
	}

	server {
	listen 8080 default_server;
	server_name _;
	return 444;
	}

	# Load config files from the /etc/nginx/conf.d directory
	include /opt/local/etc/nginx/conf.d/*.conf;

	}
	EOL

	cat > /opt/local/etc/nginx/conf.d/example.com.conf <<'EOL'
	server
	{
	listen 8080;
	client_max_body_size 10m;
	server_name .exmaple.com;
	set $vhost_root "/home/vhosts/exmaple.com";
	gzip off;
	gzip_vary off;

	root $vhost_root;
	index index.php index.html index.htm;

	location / {
	if (-f $request_filename)
	{
	expires 14d;
	break;
	}

	if (!-e $request_filename)
	{
	rewrite ^(.+)$ /index.php?q=$1 last;
	}
	}

	location ~ \.php$ {
	include /opt/local/etc/nginx/fastcgi_params;
	fastcgi_pass unix:/tmp/php-fpm.sock;
	fastcgi_index index.php;
	fastcgi_param SCRIPT_FILENAME $vhost_root$fastcgi_script_name;
	fastcgi_pass_header "X-Accel-Redirect";
	fastcgi_pass_header "X-Accel-Buffering";
	fastcgi_pass_header "X-Accel-Charset";
	fastcgi_pass_header "X-Accel-Expires";
	fastcgi_pass_header "X-Accel-Limit-Rate";
	}

	location ~ /\.ht {
	deny all;
	}
	}
	EOL

	#
	# MySQL
	#

	cat > /opt/local/etc/my.cnf <<'EOL'
	[mysqld]
	user=mysql
	datadir=/var/mysql
	character-set-server=utf8
	skip_external_locking
	skip_networking
	# skip_name_resolv
	socket=/tmp/mysql.sock


	# InnoDB settings
	innodb_buffer_pool_size = 384M
	innodb_data_file_path = ibdata1:10M:autoextend
	innodb_additional_mem_pool_size = 30M
	innodb_doublewrite = 0
	innodb_io_capacity = 1000
	innodb_read_io_threads = 8
	innodb_write_io_threads = 8


	# General
	query_cache_limit=1M
	query_cache_min_res_unit=4k
	query_cache_size=32M
	query_cache_type=1

	[mysqld_safe]
	log-error=/var/log/mysql/mysqld.log
	pid-file=/var/run/mysqld.pid

	[mysqldump]
	quick

	[client]
	default-character-set=utf8
	EOL

	mkdir -p /var/mysql
	chown mysql:mysql /var/mysql
	/opt/local/bin/mysql_install_db


	#
	# log rotate
	#
	cat > /etc/logadm.conf <<'EOL'
	/var/adm/messages -C 4 -P 'Fri Feb 18 03:10:00 2011' -a 'kill -HUP `cat /var/run/syslog.pid`'
	/var/adm/pacct -C 0 -N -a '/usr/lib/acct/accton pacct' -g adm -m 664 -o adm -p never
	/var/cron/log -P 'Mon Feb 21 03:10:00 2011' -c -s 512k -t /var/cron/olog
	/var/fm/fmd/errlog -M '/usr/sbin/fmadm -q rotate errlog && mv /var/fm/fmd/errlog.0- $nfile' -N -s 2m
	/var/fm/fmd/fltlog -A 6m -M '/usr/sbin/fmadm -q rotate fltlog && mv /var/fm/fmd/fltlog.0- $nfile' -N -s 10m
	/var/log/pool/poold -N -a 'pkill -HUP poold; true' -s 512m
	/var/log/syslog -C 5 -P 'Mon Nov 12 03:10:00 2007' -a 'kill -HUP `cat /var/run/syslog.pid`' -s 100m
	/var/lp/logs/lpsched -C 2 -N -t '$file.$N'
	smf_logs -C 3 -c -s 1m /var/svc/log/*.log
	/var/log/auth.log -C 5 -P 'Tue Aug 25 03:10:00 2009' -a 'kill -HUP `cat /var/run/syslog.pid`' -s 100m
	nginx -C 5 -c -s 100m '/var/log/nginx/{access,error}.log'
	mysql -C 5 -c -s 100m '/var/log/mysql/{error,slowquery}.log'
	/var/log/postfix.log -C 5 -a 'kill -HUP `cat /var/run/syslog.pid`' -s 100m
	/var/log/php-fpm.log -C 5 -c -s 100m
	/var/log/php-fpm/www-error.log -C 5 -c -s 100m
	/var/log/eaccelerator_log -C 5 -c -s 100m
	EOL


	#
	# ipfilter
	#
	cat > /etc/ipf/ipf.conf <<'EOL'
	pass out from any to any keep state
	pass in quick from 127.0.0.0/8 to any keep state
	pass in quick proto tcp/udp from any to any port = 80 keep state
	pass in quick proto tcp/udp from any to any port = 443 keep state
	pass in quick proto tcp/udp from any to any port = 22 keep state
	block in quick all
	EOL


	#
	# startup daemons
	#
	svcadm disable memcached
	svcadm enable memcached
	svcadm disable nginx
	svcadm enable nginx
	svcadm disable mysql
	svcadm enable mysql
	svcadm disable postfix
	svcadm enable postfix
	svcadm disable php
	svcadm enable php
	svcadm disable php
	svcadm enable php
	svcadm disable ipfilter
	svcadm enable ipfilter