From abdbd80ac4dcc42619ee4ed12c19fb5d71fa2d83 Mon Sep 17 00:00:00 2001 From: Syndamia Date: Tue, 6 Sep 2022 10:53:34 +0300 Subject: Added many configs to .b --- .b/etc/ImageMagick-7/policy.xml | 91 +++++ .b/etc/X11/Sessions/Xsession | 107 ++++++ .b/etc/X11/Sessions/openbox | 1 + .b/etc/X11/xdm/Xaccess | 98 ++++++ .b/etc/X11/xdm/Xresources | 73 ++++ .b/etc/X11/xdm/Xservers | 12 + .b/etc/X11/xdm/xdm-config | 31 ++ .b/etc/X11/xinit/xinitrc | 65 ++++ .b/etc/X11/xinit/xinitrc.d/00-xhost | 7 + .../X11/xinit/xinitrc.d/40-libcanberra-gtk-module | 16 + .b/etc/X11/xinit/xinitrc.d/80-dbus | 13 + .b/etc/X11/xinit/xinitrc.d/80xapp-gtk3-module.sh | 10 + .b/etc/X11/xinit/xinitrc.d/90-consolekit | 32 ++ .b/etc/X11/xinit/xserverrc | 6 + .b/etc/X11/xorg.conf.d/20opengl.conf | 2 + .b/etc/apache2/httpd.conf | 368 ++++++++++++++++++++ .b/etc/apache2/magic | 385 +++++++++++++++++++++ .../apache2/modules.d/.keep_www-servers_apache-2 | 0 .b/etc/apache2/modules.d/00_default_settings.conf | 131 +++++++ .b/etc/apache2/modules.d/00_error_documents.conf | 57 +++ .b/etc/apache2/modules.d/00_languages.conf | 133 +++++++ .b/etc/apache2/modules.d/00_mod_autoindex.conf | 85 +++++ .b/etc/apache2/modules.d/00_mod_info.conf | 10 + .b/etc/apache2/modules.d/00_mod_log_config.conf | 35 ++ .b/etc/apache2/modules.d/00_mod_mime.conf | 46 +++ .b/etc/apache2/modules.d/00_mod_status.conf | 15 + .b/etc/apache2/modules.d/00_mod_userdir.conf | 32 ++ .b/etc/apache2/modules.d/00_mpm.conf | 99 ++++++ .b/etc/apache2/modules.d/10_mod_mem_cache.conf | 10 + .b/etc/apache2/modules.d/40_mod_ssl.conf | 67 ++++ .b/etc/apache2/modules.d/41_mod_http2.conf | 9 + .b/etc/apache2/modules.d/45_mod_dav.conf | 19 + .b/etc/apache2/modules.d/46_mod_ldap.conf | 18 + .b/etc/apache2/vhosts.d/.keep_www-servers_apache-2 | 0 .b/etc/apache2/vhosts.d/00_default_ssl_vhost.conf | 186 ++++++++++ .b/etc/apache2/vhosts.d/00_default_vhost.conf | 45 +++ .b/etc/apache2/vhosts.d/default_vhost.include | 71 ++++ .b/etc/apache2/vhosts.d/synd-local.conf | 16 + .b/etc/libvirt/nwfilter/allow-arp.xml | 11 + .b/etc/libvirt/nwfilter/allow-dhcp-server.xml | 16 + .b/etc/libvirt/nwfilter/allow-dhcp.xml | 16 + .b/etc/libvirt/nwfilter/allow-dhcpv6-server.xml | 16 + .b/etc/libvirt/nwfilter/allow-dhcpv6.xml | 16 + .b/etc/libvirt/nwfilter/allow-incoming-ipv4.xml | 11 + .b/etc/libvirt/nwfilter/allow-incoming-ipv6.xml | 11 + .b/etc/libvirt/nwfilter/allow-ipv4.xml | 11 + .b/etc/libvirt/nwfilter/allow-ipv6.xml | 11 + .b/etc/libvirt/nwfilter/clean-traffic-gateway.xml | 24 ++ .b/etc/libvirt/nwfilter/clean-traffic.xml | 22 ++ .b/etc/libvirt/nwfilter/no-arp-ip-spoofing.xml | 14 + .b/etc/libvirt/nwfilter/no-arp-mac-spoofing.xml | 14 + .b/etc/libvirt/nwfilter/no-arp-spoofing.xml | 12 + .b/etc/libvirt/nwfilter/no-ip-multicast.xml | 13 + .b/etc/libvirt/nwfilter/no-ip-spoofing.xml | 17 + .b/etc/libvirt/nwfilter/no-ipv6-multicast.xml | 13 + .b/etc/libvirt/nwfilter/no-ipv6-spoofing.xml | 17 + .b/etc/libvirt/nwfilter/no-mac-broadcast.xml | 13 + .b/etc/libvirt/nwfilter/no-mac-spoofing.xml | 16 + .b/etc/libvirt/nwfilter/no-other-l2-traffic.xml | 11 + .b/etc/libvirt/nwfilter/no-other-rarp-traffic.xml | 11 + .../libvirt/nwfilter/qemu-announce-self-rarp.xml | 16 + .b/etc/libvirt/nwfilter/qemu-announce-self.xml | 15 + .b/etc/libvirt/qemu/Funtoo.xml | 155 +++++++++ .b/etc/libvirt/qemu/debian10-xfce.xml | 154 +++++++++ .b/etc/libvirt/qemu/fedora33-openbox_xfce.xml | 147 ++++++++ .b/etc/libvirt/qemu/fedora34-gnome40.xml | 148 ++++++++ .b/etc/libvirt/qemu/fedora34-openbox.xml | 147 ++++++++ .b/etc/libvirt/qemu/networks/autostart/default.xml | 1 + .b/etc/libvirt/qemu/networks/default.xml | 19 + .b/etc/libvirt/qemu/plan9.xml | 117 +++++++ .b/etc/libvirt/qemu/ubuntu16.04.xml | 122 +++++++ .b/etc/libvirt/qemu/ubuntu20.04.xml | 160 +++++++++ .b/etc/libvirt/qemu/win10.xml | 142 ++++++++ .b/etc/libvirt/qemu/win8.1.xml | 144 ++++++++ .b/etc/libvirt/storage/KVM-Images.xml | 19 + .b/etc/libvirt/storage/autostart/KVM-Images.xml | 1 + .b/etc/libvirt/storage/autostart/default.xml | 1 + .b/etc/libvirt/storage/default.xml | 19 + .b/etc/polkit-1/rules.d/50-default.rules | 12 + .b/etc/polkit-1/rules.d/50-udisks.rules | 25 ++ .b/etc/polkit-1/rules.d/88-poweroff.rules | 6 + .b/etc/polkit-1/rules.d/88-reboot.rules | 6 + .b/etc/polkit-1/rules.d/88-suspend.rules | 6 + .b/etc/vim/._cfg0000_vimrc | 230 ++++++++++++ .b/etc/vim/vimrc | 234 +++++++++++++ 85 files changed, 4763 insertions(+) create mode 100644 .b/etc/ImageMagick-7/policy.xml create mode 100755 .b/etc/X11/Sessions/Xsession create mode 100755 .b/etc/X11/Sessions/openbox create mode 100644 .b/etc/X11/xdm/Xaccess create mode 100644 .b/etc/X11/xdm/Xresources create mode 100644 .b/etc/X11/xdm/Xservers create mode 100644 .b/etc/X11/xdm/xdm-config create mode 100644 .b/etc/X11/xinit/xinitrc create mode 100755 .b/etc/X11/xinit/xinitrc.d/00-xhost create mode 100755 .b/etc/X11/xinit/xinitrc.d/40-libcanberra-gtk-module create mode 100755 .b/etc/X11/xinit/xinitrc.d/80-dbus create mode 100755 .b/etc/X11/xinit/xinitrc.d/80xapp-gtk3-module.sh create mode 100755 .b/etc/X11/xinit/xinitrc.d/90-consolekit create mode 100755 .b/etc/X11/xinit/xserverrc create mode 100644 .b/etc/X11/xorg.conf.d/20opengl.conf create mode 100644 .b/etc/apache2/httpd.conf create mode 100644 .b/etc/apache2/magic create mode 100644 .b/etc/apache2/modules.d/.keep_www-servers_apache-2 create mode 100644 .b/etc/apache2/modules.d/00_default_settings.conf create mode 100644 .b/etc/apache2/modules.d/00_error_documents.conf create mode 100644 .b/etc/apache2/modules.d/00_languages.conf create mode 100644 .b/etc/apache2/modules.d/00_mod_autoindex.conf create mode 100644 .b/etc/apache2/modules.d/00_mod_info.conf create mode 100644 .b/etc/apache2/modules.d/00_mod_log_config.conf create mode 100644 .b/etc/apache2/modules.d/00_mod_mime.conf create mode 100644 .b/etc/apache2/modules.d/00_mod_status.conf create mode 100644 .b/etc/apache2/modules.d/00_mod_userdir.conf create mode 100644 .b/etc/apache2/modules.d/00_mpm.conf create mode 100644 .b/etc/apache2/modules.d/10_mod_mem_cache.conf create mode 100644 .b/etc/apache2/modules.d/40_mod_ssl.conf create mode 100644 .b/etc/apache2/modules.d/41_mod_http2.conf create mode 100644 .b/etc/apache2/modules.d/45_mod_dav.conf create mode 100644 .b/etc/apache2/modules.d/46_mod_ldap.conf create mode 100644 .b/etc/apache2/vhosts.d/.keep_www-servers_apache-2 create mode 100644 .b/etc/apache2/vhosts.d/00_default_ssl_vhost.conf create mode 100644 .b/etc/apache2/vhosts.d/00_default_vhost.conf create mode 100644 .b/etc/apache2/vhosts.d/default_vhost.include create mode 100644 .b/etc/apache2/vhosts.d/synd-local.conf create mode 100644 .b/etc/libvirt/nwfilter/allow-arp.xml create mode 100644 .b/etc/libvirt/nwfilter/allow-dhcp-server.xml create mode 100644 .b/etc/libvirt/nwfilter/allow-dhcp.xml create mode 100644 .b/etc/libvirt/nwfilter/allow-dhcpv6-server.xml create mode 100644 .b/etc/libvirt/nwfilter/allow-dhcpv6.xml create mode 100644 .b/etc/libvirt/nwfilter/allow-incoming-ipv4.xml create mode 100644 .b/etc/libvirt/nwfilter/allow-incoming-ipv6.xml create mode 100644 .b/etc/libvirt/nwfilter/allow-ipv4.xml create mode 100644 .b/etc/libvirt/nwfilter/allow-ipv6.xml create mode 100644 .b/etc/libvirt/nwfilter/clean-traffic-gateway.xml create mode 100644 .b/etc/libvirt/nwfilter/clean-traffic.xml create mode 100644 .b/etc/libvirt/nwfilter/no-arp-ip-spoofing.xml create mode 100644 .b/etc/libvirt/nwfilter/no-arp-mac-spoofing.xml create mode 100644 .b/etc/libvirt/nwfilter/no-arp-spoofing.xml create mode 100644 .b/etc/libvirt/nwfilter/no-ip-multicast.xml create mode 100644 .b/etc/libvirt/nwfilter/no-ip-spoofing.xml create mode 100644 .b/etc/libvirt/nwfilter/no-ipv6-multicast.xml create mode 100644 .b/etc/libvirt/nwfilter/no-ipv6-spoofing.xml create mode 100644 .b/etc/libvirt/nwfilter/no-mac-broadcast.xml create mode 100644 .b/etc/libvirt/nwfilter/no-mac-spoofing.xml create mode 100644 .b/etc/libvirt/nwfilter/no-other-l2-traffic.xml create mode 100644 .b/etc/libvirt/nwfilter/no-other-rarp-traffic.xml create mode 100644 .b/etc/libvirt/nwfilter/qemu-announce-self-rarp.xml create mode 100644 .b/etc/libvirt/nwfilter/qemu-announce-self.xml create mode 100644 .b/etc/libvirt/qemu/Funtoo.xml create mode 100644 .b/etc/libvirt/qemu/debian10-xfce.xml create mode 100644 .b/etc/libvirt/qemu/fedora33-openbox_xfce.xml create mode 100644 .b/etc/libvirt/qemu/fedora34-gnome40.xml create mode 100644 .b/etc/libvirt/qemu/fedora34-openbox.xml create mode 120000 .b/etc/libvirt/qemu/networks/autostart/default.xml create mode 100644 .b/etc/libvirt/qemu/networks/default.xml create mode 100644 .b/etc/libvirt/qemu/plan9.xml create mode 100644 .b/etc/libvirt/qemu/ubuntu16.04.xml create mode 100644 .b/etc/libvirt/qemu/ubuntu20.04.xml create mode 100644 .b/etc/libvirt/qemu/win10.xml create mode 100644 .b/etc/libvirt/qemu/win8.1.xml create mode 100644 .b/etc/libvirt/storage/KVM-Images.xml create mode 120000 .b/etc/libvirt/storage/autostart/KVM-Images.xml create mode 120000 .b/etc/libvirt/storage/autostart/default.xml create mode 100644 .b/etc/libvirt/storage/default.xml create mode 100644 .b/etc/polkit-1/rules.d/50-default.rules create mode 100644 .b/etc/polkit-1/rules.d/50-udisks.rules create mode 100644 .b/etc/polkit-1/rules.d/88-poweroff.rules create mode 100644 .b/etc/polkit-1/rules.d/88-reboot.rules create mode 100644 .b/etc/polkit-1/rules.d/88-suspend.rules create mode 100644 .b/etc/vim/._cfg0000_vimrc create mode 100644 .b/etc/vim/vimrc (limited to '.b/etc') diff --git a/.b/etc/ImageMagick-7/policy.xml b/.b/etc/ImageMagick-7/policy.xml new file mode 100644 index 0000000..7472ed1 --- /dev/null +++ b/.b/etc/ImageMagick-7/policy.xml @@ -0,0 +1,91 @@ + + + + + +]> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/.b/etc/X11/Sessions/Xsession b/.b/etc/X11/Sessions/Xsession new file mode 100755 index 0000000..c86ccee --- /dev/null +++ b/.b/etc/X11/Sessions/Xsession @@ -0,0 +1,107 @@ +#!/bin/sh +# $XConsortium: Xsession /main/10 1995/12/18 18:21:28 gildea $ + +case $# in +1) + case $1 in + failsafe) + exec xterm -geometry 80x24-0-0 + ;; + esac +esac + +# redirect errors to a file in user's home directory if we can +for errfile in "$HOME/.xsession-errors" "${TMPDIR-/tmp}/xses-$USER" "/tmp/xses-$USER" +do + if ( cp /dev/null "$errfile" 2> /dev/null ) + then + chmod 600 "$errfile" + exec > "$errfile" 2>&1 + break + fi +done + +# clean up after xbanner +if which freetemp 2> /dev/null ; then + freetemp +fi + +startup=$HOME/.xsession + +userresources=$HOME/.Xresources +usermodmap=$HOME/.Xmodmap +userxkbmap=$HOME/.Xkbmap + +sysresources=/etc/X11/Xresources +sysmodmap=/etc/X11/Xmodmap +sysxkbmap=/etc/X11/Xkbmap + +rh6sysresources=/etc/X11/xinit/Xresources +rh6sysmodmap=/etc/X11/xinit/Xmodmap + + +# merge in defaults +if [ -f "$rh6sysresources" ]; then + xrdb -merge "$rh6sysresources" +fi + +if [ -f "$sysresources" ]; then + xrdb -merge "$sysresources" +fi + +if [ -f "$userresources" ]; then + xrdb -merge "$userresources" +fi + +# merge in keymaps +if [ -f "$sysxkbmap" ]; then + setxkbmap `cat "$sysxkbmap"` + XKB_IN_USE=yes +fi + +if [ -f "$userxkbmap" ]; then + setxkbmap `cat "$userxkbmap"` + XKB_IN_USE=yes +fi + +# +# Eeek, this seems like too much magic here +# +if [ -z "$XKB_IN_USE" -a ! -L /etc/X11/X ]; then + if grep '^exec.*/Xsun' /etc/X11/X > /dev/null 2>&1 && [ -f /etc/X11/XF86Config ]; then + xkbsymbols=`sed -n -e 's/^[ ]*XkbSymbols[ ]*"\(.*\)".*$/\1/p' /etc/X11/XF86Config` + if [ -n "$xkbsymbols" ]; then + setxkbmap -symbols "$xkbsymbols" + XKB_IN_USE=yes + fi + fi +fi + +# xkb and xmodmap don't play nice together +if [ -z "$XKB_IN_USE" ]; then + if [ -f "$rh6sysmodmap" ]; then + xmodmap "$rh6sysmodmap" + fi + + if [ -f "$sysmodmap" ]; then + xmodmap "$sysmodmap" + fi + + if [ -f "$usermodmap" ]; then + xmodmap "$usermodmap" + fi +fi + +unset XKB_IN_USE + +if [ -x "$startup" ]; then + exec "$startup" +elif [ -x "$HOME/.Xclients" ]; then + exec "$HOME/.Xclients" +elif [ -x /etc/X11/xinit/Xclients ]; then + exec /etc/X11/xinit/Xclients +elif [ -x /etc/X11/Xclients ]; then + exec /etc/X11/Xclients +else + exec xsm +fi diff --git a/.b/etc/X11/Sessions/openbox b/.b/etc/X11/Sessions/openbox new file mode 100755 index 0000000..99319e1 --- /dev/null +++ b/.b/etc/X11/Sessions/openbox @@ -0,0 +1 @@ +/usr/bin/openbox-session diff --git a/.b/etc/X11/xdm/Xaccess b/.b/etc/X11/xdm/Xaccess new file mode 100644 index 0000000..c843888 --- /dev/null +++ b/.b/etc/X11/xdm/Xaccess @@ -0,0 +1,98 @@ +# +# Access control file for XDMCP connections +# +# To control Direct and Broadcast access: +# +# pattern +# +# To control Indirect queries: +# +# pattern list of hostnames and/or macros ... +# +# To use the chooser: +# +# pattern CHOOSER BROADCAST +# +# or +# +# pattern CHOOSER list of hostnames and/or macros ... +# +# To define macros: +# +# %name list of hosts ... +# +# To control which addresses xdm listens for requests on: +# +# LISTEN address [list of multicast groups ... ] +# +# The first form tells xdm which displays to respond to itself. +# The second form tells xdm to forward indirect queries from hosts matching +# the specified pattern to the indicated list of hosts. +# The third form tells xdm to handle indirect queries using the chooser; +# the chooser is directed to send its own queries out via the broadcast +# address and display the results on the terminal. +# The fourth form is similar to the third, except instead of using the +# broadcast address, it sends DirectQuerys to each of the hosts in the list +# The fifth form tells xdm which addresses to listen for incoming connections +# on. If present, xdm will only listen for connections on the specified +# interfaces and/or multicast groups. +# +# In all cases, xdm uses the first entry which matches the terminal; +# for IndirectQuery messages only entries with right hand sides can +# match, for Direct and Broadcast Query messages, only entries without +# right hand sides can match. +# + +#* #any host can get a login window + +# +# To hardwire a specific terminal to a specific host, you can +# leave the terminal sending indirect queries to this host, and +# use an entry of the form: +# + +#terminal-a host-a + + +# +# The nicest way to run the chooser is to just ask it to broadcast +# requests to the network - that way new hosts show up automatically. +# Sometimes, however, the chooser can't figure out how to broadcast, +# so this may not work in all environments. +# + +#* CHOOSER BROADCAST #any indirect host can get a chooser + +# +# If you'd prefer to configure the set of hosts each terminal sees, +# then just uncomment these lines (and comment the CHOOSER line above) +# and edit the %hostlist line as appropriate +# + +#%hostlist host-a host-b + +#* CHOOSER %hostlist # + +# +# If you have a machine with multiple network interfaces or IP addresses +# you can control which interfaces accept XDMCP packets by listing a LISTEN +# line for each interface you want to listen on. You can additionally list +# one or more multicast groups after each address to listen on those groups +# on that address. +# +# If no LISTEN is specified, the default is the same as "LISTEN *" - listen on +# all unicast interfaces, but not for multicast packets. If any LISTEN lines +# are specified, then only the listed interfaces will be listened on. +# +# IANA has assigned FF0X:0:0:0:0:0:0:12B as the permanently assigned +# multicast addresses for XDMCP, where X in the prefix may be replaced +# by any valid scope identifier, such as 1 for Node-Local, 2 for Link-Local, +# 5 for Site-Local, and so on. The default is equivalent to the example shown +# here using the Link-Local version to most closely match the old IPv4 subnet +# broadcast behavior. +# +# LISTEN * ff02:0:0:0:0:0:0:12b + +# This example shows listening for multicast on all scopes up to site-local +# +# LISTEN * ff01:0:0:0:0:0:0:12b ff02:0:0:0:0:0:0:12b ff03:0:0:0:0:0:0:12b ff04:0:0:0:0:0:0:12b ff05:0:0:0:0:0:0:12b diff --git a/.b/etc/X11/xdm/Xresources b/.b/etc/X11/xdm/Xresources new file mode 100644 index 0000000..4412ccb --- /dev/null +++ b/.b/etc/X11/xdm/Xresources @@ -0,0 +1,73 @@ +Xcursor.theme: whiteglass + + + +xlogin*login.translations: #override \ + CtrlR: abort-display()\n\ + F1: set-session-argument(failsafe) finish-field()\n\ + Delete: delete-character()\n\ + Left: move-backward-character()\n\ + Right: move-forward-character()\n\ + Home: move-to-begining()\n\ + End: move-to-end()\n\ + CtrlKP_Enter: set-session-argument(failsafe) finish-field()\n\ + KP_Enter: set-session-argument() finish-field()\n\ + CtrlReturn: set-session-argument(failsafe) finish-field()\n\ + Return: set-session-argument() finish-field() + +xlogin*greeting: Welcome +xlogin*namePrompt: Username: +xlogin*passwdPrompt: ``Password: `` +xlogin*fail: Login incorrect or forbidden by policy + +xlogin*greetFont: -adobe-helvetica-bold-o-normal--24-240-75-75-p-138-iso8859-1 +xlogin*font: -adobe-helvetica-medium-r-normal--18-180-75-75-p-98-iso8859-1 +xlogin*promptFont: -adobe-helvetica-bold-r-normal--18-180-75-75-p-103-iso8859-1 +xlogin*failFont: -adobe-helvetica-bold-r-normal--18-180-75-75-p-103-iso8859-1 +xlogin*greetFace: Helvetica-24:bold +xlogin*face: Helvetica-18 +xlogin*promptFace: Helvetica-18 +xlogin*failFace: Helvetica-18:bold + +#ifdef COLOR +xlogin*borderWidth: 1 +xlogin*frameWidth: 0 +xlogin*innerFramesWidth: 0 +xlogin*shdColor: #b8bb26 +xlogin*hiColor: #b8bb26 +xlogin*background: #282828 +xlogin*greetColor: #d49408 +xlogin*failColor: #c80003 +*Foreground: #ffeede +!*Background: steelblue +#else +xlogin*borderWidth: 3 +xlogin*frameWidth: 0 +xlogin*innerFramesWidth: 1 +xlogin*shdColor: black +xlogin*hiColor: black +#endif + +xlogin*echoPasswd: true + +!#if PLANES >= 8 +!xlogin*logoFileName: /usr/share/xdm/pixmaps/xorg.xpm +!#else +!xlogin*logoFileName: /usr/share/xdm/pixmaps/xorg-bw.xpm +!#endif +!xlogin*useShape: true +!xlogin*logoPadding: 10 + + +XConsole.text.geometry: 480x130 +XConsole.verbose: true +XConsole*iconic: true +XConsole*font: fixed + +Chooser*geometry: 700x500+300+200 +Chooser*allowShellResize: false +Chooser*viewport.forceBars: true +Chooser*label.font: *-new century schoolbook-bold-i-normal-*-240-* +Chooser*label.label: XDMCP Host Menu from CLIENTHOST +Chooser*list.font: -*-*-medium-r-normal-*-*-230-*-*-c-*-iso8859-1 +Chooser*Command.font: *-new century schoolbook-bold-r-normal-*-180-* \ No newline at end of file diff --git a/.b/etc/X11/xdm/Xservers b/.b/etc/X11/xdm/Xservers new file mode 100644 index 0000000..53c459c --- /dev/null +++ b/.b/etc/X11/xdm/Xservers @@ -0,0 +1,12 @@ +# +# Xservers file, workstation prototype +# +# This file should contain an entry to start the server on the +# local display; if you have more than one display (not screen), +# you can add entries to the list (one per line). If you also +# have some X terminals connected which do not support XDMCP, +# you can add them here as well. Each X terminal line should +# look like: +# XTerminalName:0 foreign +# +:0 local /usr/bin/X :0 vt7 diff --git a/.b/etc/X11/xdm/xdm-config b/.b/etc/X11/xdm/xdm-config new file mode 100644 index 0000000..29ef25b --- /dev/null +++ b/.b/etc/X11/xdm/xdm-config @@ -0,0 +1,31 @@ +! +! +! +! +! +DisplayManager.authDir: /var/lib/xdm +DisplayManager.errorLogFile: /var/log/xdm.log +DisplayManager.pidFile: /var/run/xdm.pid +DisplayManager.keyFile: /etc/X11/xdm/xdm-keys +DisplayManager.servers: /etc/X11/xdm/Xservers +DisplayManager.accessFile: /etc/X11/xdm/Xaccess +DisplayManager*resources: /etc/X11/xdm/Xresources +DisplayManager.willing: su nobody -s /bin/sh -c /usr/lib64/X11/xdm/Xwilling +! All displays should use authorization, but we cannot be sure +! X terminals may not be configured that way, so they will require +! individual resource settings. +DisplayManager*authorize: true +DisplayManager*authName: MIT-MAGIC-COOKIE-1 +! +DisplayManager*chooser: /usr/lib64/X11/xdm/chooser +DisplayManager*startup: /usr/lib64/X11/xdm/Xstartup +DisplayManager*session: /usr/lib64/X11/xdm/Xsession +DisplayManager*reset: /usr/lib64/X11/xdm/Xreset +DisplayManager*authComplain: true +! The following three resources set up display :0 as the console. +DisplayManager._0.setup: /usr/lib64/X11/xdm/Xsetup_0 +DisplayManager._0.startup: /usr/lib64/X11/xdm/GiveConsole +DisplayManager._0.reset: /usr/lib64/X11/xdm/TakeConsole +! SECURITY: do not listen for XDMCP or Chooser requests +! Comment out this line if you want to manage X terminals with xdm +DisplayManager.requestPort: 0 diff --git a/.b/etc/X11/xinit/xinitrc b/.b/etc/X11/xinit/xinitrc new file mode 100644 index 0000000..1109fc3 --- /dev/null +++ b/.b/etc/X11/xinit/xinitrc @@ -0,0 +1,65 @@ +#!/bin/sh + +userresources=$HOME/.Xresources +usermodmap=$HOME/.Xmodmap +sysresources=/etc/X11/xinit/Xresources +sysmodmap=/etc/X11/xinit/Xmodmap + +# merge in defaults and keymaps + +if [ -f $sysresources ]; then + + + + + + + + xrdb -merge $sysresources + +fi + +if [ -f $sysmodmap ]; then + xmodmap $sysmodmap +fi + +if [ -f "$userresources" ]; then + + + + + + + + xrdb -merge "$userresources" + +fi + +if [ -f "$usermodmap" ]; then + xmodmap "$usermodmap" +fi + +# start some nice programs + +if [ -n "`/etc/X11/chooser.sh`" ]; then + command="`/etc/X11/chooser.sh`" +else + failsafe="yes" +fi + +if [ -d /etc/X11/xinit/xinitrc.d ] ; then + for f in /etc/X11/xinit/xinitrc.d/?* ; do + [ -x "$f" ] && . "$f" + done + unset f +fi + +if [ -n "$failsafe" ]; then + twm & + xclock -geometry 50x50-1+1 & + xterm -geometry 80x50+494+51 & + xterm -geometry 80x20+494-0 & + exec xterm -geometry 80x66+0+0 -name login +else + exec $command +fi diff --git a/.b/etc/X11/xinit/xinitrc.d/00-xhost b/.b/etc/X11/xinit/xinitrc.d/00-xhost new file mode 100755 index 0000000..82cf103 --- /dev/null +++ b/.b/etc/X11/xinit/xinitrc.d/00-xhost @@ -0,0 +1,7 @@ +#!/bin/sh +# Allow all local connections from the current UID +# This fixes issues with hostname changes (usually by dhcp clients) +# see bug 287498 for more info + +[ -x /usr/bin/xhost ] && [ -x /usr/bin/id ] && + xhost +si:localuser:`id -un` > /dev/null 2>&1 diff --git a/.b/etc/X11/xinit/xinitrc.d/40-libcanberra-gtk-module b/.b/etc/X11/xinit/xinitrc.d/40-libcanberra-gtk-module new file mode 100755 index 0000000..63c16af --- /dev/null +++ b/.b/etc/X11/xinit/xinitrc.d/40-libcanberra-gtk-module @@ -0,0 +1,16 @@ +#!/bin/sh +# to be sourced + +case "$SESSION" in + GNOME) + # Done by gnome-settings-daemon + ;; + *) + if [ -z "$GTK_MODULES" ] ; then + GTK_MODULES="canberra-gtk-module" + else + GTK_MODULES="$GTK_MODULES:canberra-gtk-module" + fi + export GTK_MODULES + ;; +esac diff --git a/.b/etc/X11/xinit/xinitrc.d/80-dbus b/.b/etc/X11/xinit/xinitrc.d/80-dbus new file mode 100755 index 0000000..5593e2c --- /dev/null +++ b/.b/etc/X11/xinit/xinitrc.d/80-dbus @@ -0,0 +1,13 @@ +#!/bin/bash + +# launches a session dbus instance + +dbuslaunch="`which dbus-launch 2>/dev/null`" +if [ -n "$dbuslaunch" ] && [ -x "$dbuslaunch" ] && [ -z "$DBUS_SESSION_BUS_ADDRESS" ]; then + if [ -n "$command" ]; then + command="$dbuslaunch --exit-with-session $command" + else + eval `$dbuslaunch --sh-syntax --exit-with-session` + fi +fi + diff --git a/.b/etc/X11/xinit/xinitrc.d/80xapp-gtk3-module.sh b/.b/etc/X11/xinit/xinitrc.d/80xapp-gtk3-module.sh new file mode 100755 index 0000000..4b2ec2a --- /dev/null +++ b/.b/etc/X11/xinit/xinitrc.d/80xapp-gtk3-module.sh @@ -0,0 +1,10 @@ +#!/bin/bash +# This file is sourced by xinit(1) or a display manager's Xsession, not executed. + +if [ -z "$GTK_MODULES" ] ; then + GTK_MODULES="xapp-gtk3-module" +else + GTK_MODULES="$GTK_MODULES:xapp-gtk3-module" +fi + +export GTK_MODULES diff --git a/.b/etc/X11/xinit/xinitrc.d/90-consolekit b/.b/etc/X11/xinit/xinitrc.d/90-consolekit new file mode 100755 index 0000000..358fc24 --- /dev/null +++ b/.b/etc/X11/xinit/xinitrc.d/90-consolekit @@ -0,0 +1,32 @@ +# -*- sh -*- +# Xsession.d script for ck-launch-session. +# +# +# This file is sourced by Xsession(5), not executed. + +CK_LAUNCH_SESSION=/usr/bin/ck-launch-session + +is_on_console() { + session=$(dbus-send --system --dest=org.freedesktop.ConsoleKit \ + --type=method_call --print-reply --reply-timeout=2000 \ + /org/freedesktop/ConsoleKit/Manager \ + org.freedesktop.ConsoleKit.Manager.GetCurrentSession \ + | grep path | awk '{print $3}' | sed s/\"//g) + x11_display=$(dbus-send --system --dest=org.freedesktop.ConsoleKit \ + --type=method_call --print-reply --reply-timeout=2000 \ + $session org.freedesktop.ConsoleKit.Session.GetX11Display \ + | grep string | awk '{print $2}' | sed s/\"//g) + + if [ -z "$x11_display" ] ; then + return 0 + else + return 1 + fi +} + +# gdm already creates a CK session for us, so do not run the expensive D-Bus +# calls if we have $GDMSESSION +if [ -z "$GDMSESSION" ] && [ -x "$CK_LAUNCH_SESSION" ] && \ + ( [ -z "$XDG_SESSION_COOKIE" ] || is_on_console ) ; then + command="$CK_LAUNCH_SESSION $command" +fi diff --git a/.b/etc/X11/xinit/xserverrc b/.b/etc/X11/xinit/xserverrc new file mode 100755 index 0000000..6b57eeb --- /dev/null +++ b/.b/etc/X11/xinit/xserverrc @@ -0,0 +1,6 @@ +#!/bin/sh +if [ -z "$XDG_VTNR" ]; then + exec /usr/bin/X -nolisten tcp "$@" +else + exec /usr/bin/X -nolisten tcp "$@" vt$XDG_VTNR +fi diff --git a/.b/etc/X11/xorg.conf.d/20opengl.conf b/.b/etc/X11/xorg.conf.d/20opengl.conf new file mode 100644 index 0000000..582220f --- /dev/null +++ b/.b/etc/X11/xorg.conf.d/20opengl.conf @@ -0,0 +1,2 @@ +Section "Files" +EndSection diff --git a/.b/etc/apache2/httpd.conf b/.b/etc/apache2/httpd.conf new file mode 100644 index 0000000..bbc3654 --- /dev/null +++ b/.b/etc/apache2/httpd.conf @@ -0,0 +1,368 @@ +# This is a modification of the default Apache 2.4 configuration file +# for Gentoo Linux. +# +# Support: +# http://www.gentoo.org/main/en/lists.xml [mailing lists] +# http://forums.gentoo.org/ [web forums] +# irc://irc.freenode.net#gentoo-apache [irc chat] +# +# Bug Reports: +# http://bugs.gentoo.org [gentoo related bugs] +# http://httpd.apache.org/bug_report.html [apache httpd related bugs] +# +# +# This is the main Apache HTTP server configuration file. It contains the +# configuration directives that give the server its instructions. +# See for detailed information. +# In particular, see +# +# for a discussion of each configuration directive. +# +# Do NOT simply read the instructions in here without understanding +# what they do. They're here only as hints or reminders. If you are unsure +# consult the online docs. You have been warned. +# +# Configuration and logfile names: If the filenames you specify for many +# of the server's control files begin with "/" (or "drive:/" for Win32), the +# server will use that explicit path. If the filenames do *not* begin +# with "/", the value of ServerRoot is prepended -- so "var/log/apache2/foo_log" +# with ServerRoot set to "/usr" will be interpreted by the +# server as "/usr/var/log/apache2/foo.log". + +ServerName localhost + +# ServerRoot: The top of the directory tree under which the server's +# configuration, error, and log files are kept. +# +# Do not add a slash at the end of the directory path. If you point +# ServerRoot at a non-local disk, be sure to point the LockFile directive +# at a local disk. If you wish to share the same ServerRoot for multiple +# httpd daemons, you will need to change at least LockFile and PidFile. +# Comment: The LockFile directive has been replaced by the Mutex directive +ServerRoot "/usr/lib64/apache2" + +# +# Relax access to content within /var/www. +# + + AllowOverride None + # Allow open access: + Require all granted + + +# Further relax access to the default document root: + + # + # Possible values for the Options directive are "None", "All", + # or any combination of: + # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews + # + # Note that "MultiViews" must be named *explicitly* --- "Options All" + # doesn't give it to you. + # + # The Options directive is both complicated and important. Please see + # http://httpd.apache.org/docs/2.4/mod/core.html#options + # for more information. + # + Options Indexes FollowSymLinks + + # + # AllowOverride controls what directives may be placed in .htaccess files. + # It can be "All", "None", or any combination of the keywords: + # Options FileInfo AuthConfig Limit + # + AllowOverride None + + # + # Controls who can get stuff from this server. + # + Require all granted + + +# +# DirectoryIndex: sets the file that Apache will serve if a directory +# is requested. +# + + DirectoryIndex index.html + + +# +# The following lines prevent .htaccess and .htpasswd files from being +# viewed by Web clients. +# + + Require all denied + + +# +# ErrorLog: The location of the error log file. +# If you do not specify an ErrorLog directive within a +# container, error messages relating to that virtual host will be +# logged here. If you *do* define an error logfile for a +# container, that host's errors will be logged there and not here. +# +ErrorLog "logs/error_log" + +# +# LogLevel: Control the number of messages logged to the error_log. +# Possible values include: debug, info, notice, warn, error, crit, +# alert, emerg. +# +LogLevel warn + + + # + # The following directives define some format nicknames for use with + # a CustomLog directive (see below). + # + LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined + LogFormat "%h %l %u %t \"%r\" %>s %b" common + + + # You need to enable mod_logio.c to use %I and %O + LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio + + + # + # The location and format of the access logfile (Common Logfile Format). + # If you do not define any access logfiles within a + # container, they will be logged here. Contrariwise, if you *do* + # define per- access logfiles, transactions will be + # logged therein and *not* in this file. + # + #CustomLog "logs/access_log" common + + # + # If you prefer a logfile with access, agent, and referer information + # (Combined Logfile Format) you can use the following directive. + # + CustomLog "logs/access_log" combined + + + + # + # Redirect: Allows you to tell clients about documents that used to + # exist in your server's namespace, but do not anymore. The client + # will make a new request for the document at its new location. + # Example: + # Redirect permanent /foo http://www.example.com/bar + + # + # Alias: Maps web paths into filesystem paths and is used to + # access content that does not live under the DocumentRoot. + # Example: + # Alias /webpath /full/filesystem/path + # + # If you include a trailing / on /webpath then the server will + # require it to be present in the URL. You will also likely + # need to provide a section to allow access to + # the filesystem path. + + # + # ScriptAlias: This controls which directories contain server scripts. + # ScriptAliases are essentially the same as Aliases, except that + # documents in the target directory are treated as applications and + # run by the server when requested rather than as documents sent to the + # client. The same rules about trailing "/" apply to ScriptAlias + # directives as to Alias. + # + ScriptAlias /cgi-bin/ "/var/www/cgi-bin/" + + + +# +# "/var/www/cgi-bin" should be changed to whatever your ScriptAliased +# CGI directory exists, if you have that configured. +# + + AllowOverride None + Options None + Require all granted + + + + # + # TypesConfig points to the file containing the list of mappings from + # filename extension to MIME-type. + # + TypesConfig /etc/mime.types + + # + # AddType allows you to add to or override the MIME configuration + # file specified in TypesConfig for specific file types. + # + #AddType application/x-gzip .tgz + # + # AddEncoding allows you to have certain browsers uncompress + # information on the fly. Note: Not all browsers support this. + # + #AddEncoding x-compress .Z + #AddEncoding x-gzip .gz .tgz + # + # If the AddEncoding directives above are commented-out, then you + # probably should define those extensions to indicate media types: + # + AddType application/x-compress .Z + AddType application/x-gzip .gz .tgz + + # + # AddHandler allows you to map certain file extensions to "handlers": + # actions unrelated to filetype. These can be either built into the server + # or added with the Action directive (see below) + # + # To use CGI scripts outside of ScriptAliased directories: + # (You will also need to add "ExecCGI" to the "Options" directive.) + # + #AddHandler cgi-script .cgi + + # For type maps (negotiated resources): + #AddHandler type-map var + + # + # Filters allow you to process content before it is sent to the client. + # + # To parse .shtml files for server-side includes (SSI): + # (You will also need to add "Includes" to the "Options" directive.) + # + AddType text/html .shtml + AddOutputFilter INCLUDES .shtml + + +# +# Specify a default charset for all content served; this enables +# interpretation of all content as UTF-8 by default. To use the +# default browser choice (ISO-8859-1), or to allow the META tags +# in HTML content to override this choice, comment out this +# directive: +# +AddDefaultCharset UTF-8 + + + # + # The mod_mime_magic module allows the server to use various hints from the + # contents of the file itself to determine its type. The MIMEMagicFile + # directive tells the module where the hint definitions are located. + # + MIMEMagicFile conf/magic + + + +# Dynamic Shared Object (DSO) Support +# +# To be able to use the functionality of a module which was built as a DSO you +# have to place corresponding `LoadModule' lines at this location so the +# directives contained in it are actually available _before_ they are used. +# Statically compiled modules (those listed by `httpd -l') do not need +# to be loaded here. +# +# Example: +# LoadModule foo_module modules/mod_foo.so +# +# GENTOO: Automatically defined based on APACHE2_MODULES USE_EXPAND variable. +# Do not change manually, it will be overwritten on upgrade. +# +# The following modules are considered as the default configuration. +# If you wish to disable one of them, you may have to alter other +# configuration directives. +# +# Change these at your own risk! + +LoadModule actions_module modules/mod_actions.so +LoadModule alias_module modules/mod_alias.so +LoadModule auth_basic_module modules/mod_auth_basic.so +LoadModule authn_anon_module modules/mod_authn_anon.so +LoadModule authn_core_module modules/mod_authn_core.so +LoadModule authn_dbm_module modules/mod_authn_dbm.so +LoadModule authn_file_module modules/mod_authn_file.so +LoadModule authz_core_module modules/mod_authz_core.so +LoadModule authz_dbm_module modules/mod_authz_dbm.so +LoadModule authz_groupfile_module modules/mod_authz_groupfile.so +LoadModule authz_host_module modules/mod_authz_host.so +LoadModule authz_owner_module modules/mod_authz_owner.so +LoadModule authz_user_module modules/mod_authz_user.so +LoadModule autoindex_module modules/mod_autoindex.so + +LoadModule cache_module modules/mod_cache.so + +LoadModule cgi_module modules/mod_cgi.so +LoadModule cgid_module modules/mod_cgid.so + +LoadModule dav_module modules/mod_dav.so + + +LoadModule dav_fs_module modules/mod_dav_fs.so + + +LoadModule dav_lock_module modules/mod_dav_lock.so + +LoadModule deflate_module modules/mod_deflate.so +LoadModule dir_module modules/mod_dir.so +LoadModule env_module modules/mod_env.so +LoadModule expires_module modules/mod_expires.so +LoadModule ext_filter_module modules/mod_ext_filter.so + +LoadModule file_cache_module modules/mod_file_cache.so + +LoadModule filter_module modules/mod_filter.so +LoadModule headers_module modules/mod_headers.so +LoadModule include_module modules/mod_include.so + +LoadModule info_module modules/mod_info.so + +LoadModule log_config_module modules/mod_log_config.so +LoadModule logio_module modules/mod_logio.so +LoadModule mime_module modules/mod_mime.so +LoadModule mime_magic_module modules/mod_mime_magic.so +LoadModule negotiation_module modules/mod_negotiation.so +LoadModule rewrite_module modules/mod_rewrite.so +LoadModule setenvif_module modules/mod_setenvif.so + +LoadModule socache_shmcb_module modules/mod_socache_shmcb.so + +LoadModule speling_module modules/mod_speling.so + +LoadModule ssl_module modules/mod_ssl.so + + +LoadModule status_module modules/mod_status.so + +LoadModule unique_id_module modules/mod_unique_id.so +LoadModule unixd_module modules/mod_unixd.so + +LoadModule userdir_module modules/mod_userdir.so + +LoadModule usertrack_module modules/mod_usertrack.so +LoadModule vhost_alias_module modules/mod_vhost_alias.so + + # https://stackoverflow.com/a/31829055/12036073 +LoadModule access_compat_module modules/mod_access_compat.so + +# If you wish httpd to run as a different user or group, you must run +# httpd as root initially and it will switch. +# +# User/Group: The name (or #number) of the user/group to run httpd as. +# It is usually good practice to create a dedicated user and group for +# running httpd, as with most system services. +User apache +Group apache + +# Supplemental configuration +# +# Most of the configuration files in the /etc/apache2/modules.d/ directory can +# be turned on using APACHE2_OPTS in /etc/conf.d/apache2 to add extra features +# or to modify the default configuration of the server. +# +# To know which flag to add to APACHE2_OPTS, look at the first line of the +# the file, which will usually be an where OPTION is the +# flag to use. +Include /etc/apache2/modules.d/*.conf + +# Virtual-host support +# +# Gentoo has made using virtual-hosts easy. In /etc/apache2/vhosts.d/ we +# include a default vhost (enabled by adding -D DEFAULT_VHOST to +# APACHE2_OPTS in /etc/conf.d/apache2). +Include /etc/apache2/vhosts.d/*.conf + +# vim: ts=4 filetype=apache diff --git a/.b/etc/apache2/magic b/.b/etc/apache2/magic new file mode 100644 index 0000000..bc891d9 --- /dev/null +++ b/.b/etc/apache2/magic @@ -0,0 +1,385 @@ +# Magic data for mod_mime_magic Apache module (originally for file(1) command) +# The module is described in /manual/mod/mod_mime_magic.html +# +# The format is 4-5 columns: +# Column #1: byte number to begin checking from, ">" indicates continuation +# Column #2: type of data to match +# Column #3: contents of data to match +# Column #4: MIME type of result +# Column #5: MIME encoding of result (optional) + +#------------------------------------------------------------------------------ +# Localstuff: file(1) magic for locally observed files +# Add any locally observed files here. + +#------------------------------------------------------------------------------ +# end local stuff +#------------------------------------------------------------------------------ + +#------------------------------------------------------------------------------ +# Java + +0 short 0xcafe +>2 short 0xbabe application/java + +#------------------------------------------------------------------------------ +# audio: file(1) magic for sound formats +# +# from Jan Nicolai Langfeldt , +# + +# Sun/NeXT audio data +0 string .snd +>12 belong 1 audio/basic +>12 belong 2 audio/basic +>12 belong 3 audio/basic +>12 belong 4 audio/basic +>12 belong 5 audio/basic +>12 belong 6 audio/basic +>12 belong 7 audio/basic + +>12 belong 23 audio/x-adpcm + +# DEC systems (e.g. DECstation 5000) use a variant of the Sun/NeXT format +# that uses little-endian encoding and has a different magic number +# (0x0064732E in little-endian encoding). +0 lelong 0x0064732E +>12 lelong 1 audio/x-dec-basic +>12 lelong 2 audio/x-dec-basic +>12 lelong 3 audio/x-dec-basic +>12 lelong 4 audio/x-dec-basic +>12 lelong 5 audio/x-dec-basic +>12 lelong 6 audio/x-dec-basic +>12 lelong 7 audio/x-dec-basic +# compressed (G.721 ADPCM) +>12 lelong 23 audio/x-dec-adpcm + +# Bytes 0-3 of AIFF, AIFF-C, & 8SVX audio files are "FORM" +# AIFF audio data +8 string AIFF audio/x-aiff +# AIFF-C audio data +8 string AIFC audio/x-aiff +# IFF/8SVX audio data +8 string 8SVX audio/x-aiff + +# Creative Labs AUDIO stuff +# Standard MIDI data +0 string MThd audio/unknown +#>9 byte >0 (format %d) +#>11 byte >1 using %d channels +# Creative Music (CMF) data +0 string CTMF audio/unknown +# SoundBlaster instrument data +0 string SBI audio/unknown +# Creative Labs voice data +0 string Creative\ Voice\ File audio/unknown +## is this next line right? it came this way... +#>19 byte 0x1A +#>23 byte >0 - version %d +#>22 byte >0 \b.%d + +# [GRR 950115: is this also Creative Labs? Guessing that first line +# should be string instead of unknown-endian long...] +#0 long 0x4e54524b MultiTrack sound data +#0 string NTRK MultiTrack sound data +#>4 long x - version %ld + +# Microsoft WAVE format (*.wav) +# [GRR 950115: probably all of the shorts and longs should be leshort/lelong] +# Microsoft RIFF +0 string RIFF +# - WAVE format +>8 string WAVE audio/x-wav +# MPEG audio. +0 beshort&0xfff0 0xfff0 audio/mpeg +# C64 SID Music files, from Linus Walleij +0 string PSID audio/prs.sid + +#------------------------------------------------------------------------------ +# c-lang: file(1) magic for C programs or various scripts +# + +# XPM icons (Greg Roelofs, newt@uchicago.edu) +# ideally should go into "images", but entries below would tag XPM as C source +0 string /*\ XPM image/x-xbm 7bit + +# this first will upset you if you're a PL/1 shop... (are there any left?) +# in which case rm it; ascmagic will catch real C programs +# C or REXX program text +0 string /* text/plain +# C++ program text +0 string // text/plain + +#------------------------------------------------------------------------------ +# compress: file(1) magic for pure-compression formats (no archives) +# +# compress, gzip, pack, compact, huf, squeeze, crunch, freeze, yabba, whap, etc. +# +# Formats for various forms of compressed data +# Formats for "compress" proper have been moved into "compress.c", +# because it tries to uncompress it to figure out what's inside. + +# standard unix compress +0 string \037\235 application/octet-stream x-compress + +# gzip (GNU zip, not to be confused with [Info-ZIP/PKWARE] zip archiver) +0 string \037\213 application/octet-stream x-gzip + +# According to gzip.h, this is the correct byte order for packed data. +0 string \037\036 application/octet-stream +# +# This magic number is byte-order-independent. +# +0 short 017437 application/octet-stream + +# XXX - why *two* entries for "compacted data", one of which is +# byte-order independent, and one of which is byte-order dependent? +# +# compacted data +0 short 0x1fff application/octet-stream +0 string \377\037 application/octet-stream +# huf output +0 short 0145405 application/octet-stream + +# Squeeze and Crunch... +# These numbers were gleaned from the Unix versions of the programs to +# handle these formats. Note that I can only uncrunch, not crunch, and +# I didn't have a crunched file handy, so the crunch number is untested. +# Keith Waclena +#0 leshort 0x76FF squeezed data (CP/M, DOS) +#0 leshort 0x76FE crunched data (CP/M, DOS) + +# Freeze +#0 string \037\237 Frozen file 2.1 +#0 string \037\236 Frozen file 1.0 (or gzip 0.5) + +# lzh? +#0 string \037\240 LZH compressed data + +#------------------------------------------------------------------------------ +# frame: file(1) magic for FrameMaker files +# +# This stuff came on a FrameMaker demo tape, most of which is +# copyright, but this file is "published" as witness the following: +# +0 string \ +# and Anna Shergold +# +0 string \ +0 string \14 byte 12 (OS/2 1.x format) +#>14 byte 64 (OS/2 2.x format) +#>14 byte 40 (Windows 3.x format) +#0 string IC icon +#0 string PI pointer +#0 string CI color icon +#0 string CP color pointer +#0 string BA bitmap array + +0 string \x89PNG image/png +0 string FWS application/x-shockwave-flash +0 string CWS application/x-shockwave-flash + +#------------------------------------------------------------------------------ +# lisp: file(1) magic for lisp programs +# +# various lisp types, from Daniel Quinlan (quinlan@yggdrasil.com) +0 string ;; text/plain 8bit +# Emacs 18 - this is always correct, but not very magical. +0 string \012( application/x-elc +# Emacs 19 +0 string ;ELC\023\000\000\000 application/x-elc + +#------------------------------------------------------------------------------ +# mail.news: file(1) magic for mail and news +# +# There are tests to ascmagic.c to cope with mail and news. +0 string Relay-Version: message/rfc822 7bit +0 string #!\ rnews message/rfc822 7bit +0 string N#!\ rnews message/rfc822 7bit +0 string Forward\ to message/rfc822 7bit +0 string Pipe\ to message/rfc822 7bit +0 string Return-Path: message/rfc822 7bit +0 string Path: message/news 8bit +0 string Xref: message/news 8bit +0 string From: message/rfc822 7bit +0 string Article message/news 8bit +#------------------------------------------------------------------------------ +# msword: file(1) magic for MS Word files +# +# Contributor claims: +# Reversed-engineered MS Word magic numbers +# + +0 string \376\067\0\043 application/msword +0 string \333\245-\0\0\0 application/msword + +# disable this one because it applies also to other +# Office/OLE documents for which msword is not correct. See PR#2608. +#0 string \320\317\021\340\241\261 application/msword + + + +#------------------------------------------------------------------------------ +# printer: file(1) magic for printer-formatted files +# + +# PostScript +0 string %! application/postscript +0 string \004%! application/postscript + +# Acrobat +# (due to clamen@cs.cmu.edu) +0 string %PDF- application/pdf + +#------------------------------------------------------------------------------ +# sc: file(1) magic for "sc" spreadsheet +# +38 string Spreadsheet application/x-sc + +#------------------------------------------------------------------------------ +# tex: file(1) magic for TeX files +# +# XXX - needs byte-endian stuff (big-endian and little-endian DVI?) +# +# From + +# Although we may know the offset of certain text fields in TeX DVI +# and font files, we can't use them reliably because they are not +# zero terminated. [but we do anyway, christos] +0 string \367\002 application/x-dvi +#0 string \367\203 TeX generic font data +#0 string \367\131 TeX packed font data +#0 string \367\312 TeX virtual font data +#0 string This\ is\ TeX, TeX transcript text +#0 string This\ is\ METAFONT, METAFONT transcript text + +# There is no way to detect TeX Font Metric (*.tfm) files without +# breaking them apart and reading the data. The following patterns +# match most *.tfm files generated by METAFONT or afm2tfm. +#2 string \000\021 TeX font metric data +#2 string \000\022 TeX font metric data +#>34 string >\0 (%s) + +# Texinfo and GNU Info, from Daniel Quinlan (quinlan@yggdrasil.com) +#0 string \\input\ texinfo Texinfo source text +#0 string This\ is\ Info\ file GNU Info text + +# correct TeX magic for Linux (and maybe more) +# from Peter Tobias (tobias@server.et-inf.fho-emden.de) +# +0 leshort 0x02f7 application/x-dvi + +# RTF - Rich Text Format +0 string {\\rtf application/rtf + +#------------------------------------------------------------------------------ +# animation: file(1) magic for animation/movie formats +# +# animation formats, originally from vax@ccwf.cc.utexas.edu (VaX#n8) +# MPEG file +0 string \000\000\001\263 video/mpeg +# +# The contributor claims: +# I couldn't find a real magic number for these, however, this +# -appears- to work. Note that it might catch other files, too, +# so BE CAREFUL! +# +# Note that title and author appear in the two 20-byte chunks +# at decimal offsets 2 and 22, respectively, but they are XOR'ed with +# 255 (hex FF)! DL format SUCKS BIG ROCKS. +# +# DL file version 1 , medium format (160x100, 4 images/screen) +0 byte 1 video/unknown +0 byte 2 video/unknown +# Quicktime video, from Linus Walleij +# from Apple quicktime file format documentation. +4 string moov video/quicktime +4 string mdat video/quicktime + diff --git a/.b/etc/apache2/modules.d/.keep_www-servers_apache-2 b/.b/etc/apache2/modules.d/.keep_www-servers_apache-2 new file mode 100644 index 0000000..e69de29 diff --git a/.b/etc/apache2/modules.d/00_default_settings.conf b/.b/etc/apache2/modules.d/00_default_settings.conf new file mode 100644 index 0000000..38635aa --- /dev/null +++ b/.b/etc/apache2/modules.d/00_default_settings.conf @@ -0,0 +1,131 @@ +# This configuration file reflects default settings for Apache HTTP Server. +# You may change these, but chances are that you may not need to. + +# Timeout: The number of seconds before receives and sends time out. +Timeout 300 + +# KeepAlive: Whether or not to allow persistent connections (more than +# one request per connection). Set to "Off" to deactivate. +KeepAlive On + +# MaxKeepAliveRequests: The maximum number of requests to allow +# during a persistent connection. Set to 0 to allow an unlimited amount. +# We recommend you leave this number high, for maximum performance. +MaxKeepAliveRequests 100 + +# KeepAliveTimeout: Number of seconds to wait for the next request from the +# same client on the same connection. +KeepAliveTimeout 15 + +# UseCanonicalName: Determines how Apache constructs self-referencing +# URLs and the SERVER_NAME and SERVER_PORT variables. +# When set "Off", Apache will use the Hostname and Port supplied +# by the client. When set "On", Apache will use the value of the +# ServerName directive. +UseCanonicalName Off + +# AccessFileName: The name of the file to look for in each directory +# for additional configuration directives. See also the AllowOverride +# directive. +AccessFileName .htaccess + +# ServerTokens +# This directive configures what you return as the Server HTTP response +# Header. The default is 'Full' which sends information about the OS-Type +# and compiled in modules. +# Set to one of: Full | OS | Minor | Minimal | Major | Prod +# where Full conveys the most information, and Prod the least. +ServerTokens Prod + +# TraceEnable +# This directive overrides the behavior of TRACE for both the core server and +# mod_proxy. The default TraceEnable on permits TRACE requests per RFC 2616, +# which disallows any request body to accompany the request. TraceEnable off +# causes the core server and mod_proxy to return a 405 (Method not allowed) +# error to the client. +# For security reasons this is turned off by default. (bug #240680) +TraceEnable off + +# Optionally add a line containing the server version and virtual host +# name to server-generated pages (internal error documents, FTP directory +# listings, mod_status and mod_info output etc., but not CGI generated +# documents or custom error documents). +# Set to "EMail" to also include a mailto: link to the ServerAdmin. +# Set to one of: On | Off | EMail +ServerSignature On + +# HostnameLookups: Log the names of clients or just their IP addresses +# e.g., www.apache.org (on) or 204.62.129.132 (off). +# The default is off because it'd be overall better for the net if people +# had to knowingly turn this feature on, since enabling it means that +# each client request will result in AT LEAST one lookup request to the +# nameserver. +HostnameLookups Off + +# EnableMMAP and EnableSendfile: On systems that support it, +# memory-mapping or the sendfile syscall is used to deliver +# files. This usually improves server performance, but must +# be turned off when serving from networked-mounted +# filesystems or if support for these functions is otherwise +# broken on your system. +EnableMMAP On +EnableSendfile Off + +# FileETag: Configures the file attributes that are used to create +# the ETag (entity tag) response header field when the document is +# based on a static file. (The ETag value is used in cache management +# to save network bandwidth.) +FileETag MTime Size + +# ContentDigest: This directive enables the generation of Content-MD5 +# headers as defined in RFC1864 respectively RFC2616. +# The Content-MD5 header provides an end-to-end message integrity +# check (MIC) of the entity-body. A proxy or client may check this +# header for detecting accidental modification of the entity-body +# in transit. +# Note that this can cause performance problems on your server since +# the message digest is computed on every request (the values are +# not cached). +# Content-MD5 is only sent for documents served by the core, and not +# by any module. For example, SSI documents, output from CGI scripts, +# and byte range responses do not have this header. +ContentDigest Off + +# ErrorLog: The location of the error log file. +# If you do not specify an ErrorLog directive within a +# container, error messages relating to that virtual host will be +# logged here. If you *do* define an error logfile for a +# container, that host's errors will be logged there and not here. +ErrorLog /var/log/apache2/error_log + +# LogLevel: Control the number of messages logged to the error_log. +# Possible values include: debug, info, notice, warn, error, crit, +# alert, emerg. +LogLevel warn + +# We configure the "default" to be a very restrictive set of features. + + Options FollowSymLinks + AllowOverride None + Require all denied + + +# DirectoryIndex: sets the file that Apache will serve if a directory +# is requested. +# +# The index.html.var file (a type-map) is used to deliver content- +# negotiated documents. The MultiViews Options can be used for the +# same purpose, but it is much slower. +# +# Do not change this entry unless you know what you are doing. + + DirectoryIndex index.html index.html.var + + +# The following lines prevent .htaccess and .htpasswd files from being +# viewed by Web clients. + + Require all denied + + +# vim: ts=4 filetype=apache diff --git a/.b/etc/apache2/modules.d/00_error_documents.conf b/.b/etc/apache2/modules.d/00_error_documents.conf new file mode 100644 index 0000000..61479fa --- /dev/null +++ b/.b/etc/apache2/modules.d/00_error_documents.conf @@ -0,0 +1,57 @@ +# The configuration below implements multi-language error documents through +# content-negotiation. + +# Customizable error responses come in three flavors: +# 1) plain text 2) local redirects 3) external redirects +# Some examples: +#ErrorDocument 500 "The server made a boo boo." +#ErrorDocument 404 /missing.html +#ErrorDocument 404 "/cgi-bin/missing_handler.pl" +#ErrorDocument 402 http://www.example.com/subscription_info.html + +# Required modules: mod_alias, mod_include, mod_negotiation +# We use Alias to redirect any /error/HTTP_.html.var response to +# our collection of by-error message multi-language collections. We use +# includes to substitute the appropriate text. +# You can modify the messages' appearance without changing any of the +# default HTTP_.html.var files by adding the line: +# Alias /error/include/ "/your/include/path/" +# which allows you to create your own set of files by starting with the +# /var/www/localhost/error/include/ files and copying them to /your/include/path/, +# even on a per-VirtualHost basis. The default include files will display +# your Apache version number and your ServerAdmin email address regardless +# of the setting of ServerSignature. + + +Alias /error/ "/usr/share/apache2/error/" + + + AllowOverride None + Options IncludesNoExec + AddOutputFilter Includes html + AddHandler type-map var + Require all granted + LanguagePriority en cs de es fr it ja ko nl pl pt-br ro sv tr + ForceLanguagePriority Prefer Fallback + + +ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var +ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var +ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var +ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var +ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var +ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var +ErrorDocument 410 /error/HTTP_GONE.html.var +ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var +ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var +ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var +ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var +ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var +ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var +ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var +ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var +ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var +ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var + + +# vim: ts=4 filetype=apache diff --git a/.b/etc/apache2/modules.d/00_languages.conf b/.b/etc/apache2/modules.d/00_languages.conf new file mode 100644 index 0000000..c429bf9 --- /dev/null +++ b/.b/etc/apache2/modules.d/00_languages.conf @@ -0,0 +1,133 @@ +# Settings for hosting different languages. + +# DefaultLanguage and AddLanguage allows you to specify the language of +# a document. You can then use content negotiation to give a browser a +# file in a language the user can understand. +# +# Specify a default language. This means that all data +# going out without a specific language tag (see below) will +# be marked with this one. You probably do NOT want to set +# this unless you are sure it is correct for all cases. +# +# It is generally better to not mark a page as +# being a certain language than marking it with the wrong +# language! +# +# DefaultLanguage nl +# +# Note 1: The suffix does not have to be the same as the language +# keyword --- those with documents in Polish (whose net-standard +# language code is pl) may wish to use "AddLanguage pl .po" to +# avoid the ambiguity with the common suffix for perl scripts. +# +# Note 2: The example entries below illustrate that in some cases +# the two character 'Language' abbreviation is not identical to +# the two character 'Country' code for its country, +# E.g. 'Danmark/dk' versus 'Danish/da'. +# +# Note 3: In the case of 'ltz' we violate the RFC by using a three char +# specifier. There is 'work in progress' to fix this and get +# the reference data for rfc1766 cleaned up. +# +# Catalan (ca) - Croatian (hr) - Czech (cs) - Danish (da) - Dutch (nl) +# English (en) - Esperanto (eo) - Estonian (et) - French (fr) - German (de) +# Greek-Modern (el) - Hebrew (he) - Italian (it) - Japanese (ja) +# Korean (ko) - Luxembourgeois* (ltz) - Norwegian Nynorsk (nn) +# Norwegian (no) - Polish (pl) - Portugese (pt) +# Brazilian Portuguese (pt-BR) - Russian (ru) - Swedish (sv) +# Simplified Chinese (zh-CN) - Spanish (es) - Traditional Chinese (zh-TW) +AddLanguage ca .ca +AddLanguage cs .cz .cs +AddLanguage da .dk +AddLanguage de .de +AddLanguage el .el +AddLanguage en .en +AddLanguage eo .eo +AddLanguage es .es +AddLanguage et .et +AddLanguage fr .fr +AddLanguage he .he +AddLanguage hr .hr +AddLanguage it .it +AddLanguage ja .ja +AddLanguage ko .ko +AddLanguage ltz .ltz +AddLanguage nl .nl +AddLanguage nn .nn +AddLanguage no .no +AddLanguage pl .po +AddLanguage pt .pt +AddLanguage pt-BR .pt-br +AddLanguage ru .ru +AddLanguage sv .sv +AddLanguage zh-CN .zh-cn +AddLanguage zh-TW .zh-tw + +# LanguagePriority allows you to give precedence to some languages +# in case of a tie during content negotiation. +# +# Just list the languages in decreasing order of preference. We have +# more or less alphabetized them here. You probably want to change this. +LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW + +# ForceLanguagePriority allows you to serve a result page rather than +# MULTIPLE CHOICES (Prefer) [in case of a tie] or NOT ACCEPTABLE (Fallback) +# [in case no accepted languages matched the available variants] +ForceLanguagePriority Prefer Fallback + +# Commonly used filename extensions to character sets. You probably +# want to avoid clashes with the language extensions, unless you +# are good at carefully testing your setup after each change. +# See http://www.iana.org/assignments/character-sets for the +# official list of charset names and their respective RFCs. +AddCharset us-ascii.ascii .us-ascii +AddCharset ISO-8859-1 .iso8859-1 .latin1 +AddCharset ISO-8859-2 .iso8859-2 .latin2 .cen +AddCharset ISO-8859-3 .iso8859-3 .latin3 +AddCharset ISO-8859-4 .iso8859-4 .latin4 +AddCharset ISO-8859-5 .iso8859-5 .cyr .iso-ru +AddCharset ISO-8859-6 .iso8859-6 .arb .arabic +AddCharset ISO-8859-7 .iso8859-7 .grk .greek +AddCharset ISO-8859-8 .iso8859-8 .heb .hebrew +AddCharset ISO-8859-9 .iso8859-9 .latin5 .trk +AddCharset ISO-8859-10 .iso8859-10 .latin6 +AddCharset ISO-8859-13 .iso8859-13 +AddCharset ISO-8859-14 .iso8859-14 .latin8 +AddCharset ISO-8859-15 .iso8859-15 .latin9 +AddCharset ISO-8859-16 .iso8859-16 .latin10 +AddCharset ISO-2022-JP .iso2022-jp .jis +AddCharset ISO-2022-KR .iso2022-kr .kis +AddCharset ISO-2022-CN .iso2022-cn .cis +AddCharset Big5.Big5 .big5 .b5 +AddCharset cn-Big5 .cn-big5 +# For russian, more than one charset is used (depends on client, mostly): +AddCharset WINDOWS-1251 .cp-1251 .win-1251 +AddCharset CP866 .cp866 +AddCharset KOI8 .koi8 +AddCharset KOI8-E .koi8-e +AddCharset KOI8-r .koi8-r .koi8-ru +AddCharset KOI8-U .koi8-u +AddCharset KOI8-ru .koi8-uk .ua +AddCharset ISO-10646-UCS-2 .ucs2 +AddCharset ISO-10646-UCS-4 .ucs4 +AddCharset UTF-7 .utf7 +AddCharset UTF-8 .utf8 +AddCharset UTF-16 .utf16 +AddCharset UTF-16BE .utf16be +AddCharset UTF-16LE .utf16le +AddCharset UTF-32 .utf32 +AddCharset UTF-32BE .utf32be +AddCharset UTF-32LE .utf32le +AddCharset euc-cn .euc-cn +AddCharset euc-gb .euc-gb +AddCharset euc-jp .euc-jp +AddCharset euc-kr .euc-kr +# Not sure how euc-tw got in - IANA doesn't list it??? +AddCharset EUC-TW .euc-tw +AddCharset gb2312 .gb2312 .gb +AddCharset iso-10646-ucs-2 .ucs-2 .iso-10646-ucs-2 +AddCharset iso-10646-ucs-4 .ucs-4 .iso-10646-ucs-4 +AddCharset shift_jis .shift_jis .sjis + + +# vim: ts=4 filetype=apache diff --git a/.b/etc/apache2/modules.d/00_mod_autoindex.conf b/.b/etc/apache2/modules.d/00_mod_autoindex.conf new file mode 100644 index 0000000..10bf483 --- /dev/null +++ b/.b/etc/apache2/modules.d/00_mod_autoindex.conf @@ -0,0 +1,85 @@ + + + + +# We include the /icons/ alias for FancyIndexed directory listings. If +# you do not use FancyIndexing, you may comment this out. +Alias /icons/ "/usr/share/apache2/icons/" + + + Options Indexes MultiViews + AllowOverride None + Require all granted + + + +# Directives controlling the display of server-generated directory listings. +# +# To see the listing of a directory, the Options directive for the +# directory must include "Indexes", and the directory must not contain +# a file matching those listed in the DirectoryIndex directive. + +# IndexOptions: Controls the appearance of server-generated directory +# listings. +IndexOptions FancyIndexing VersionSort + +# AddIcon* directives tell the server which icon to show for different +# files or filename extensions. These are only displayed for +# FancyIndexed directories. +AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip + +AddIconByType (TXT,/icons/text.gif) text/* +AddIconByType (IMG,/icons/image2.gif) image/* +AddIconByType (SND,/icons/sound2.gif) audio/* +AddIconByType (VID,/icons/movie.gif) video/* + +AddIcon /icons/binary.gif .bin .exe +AddIcon /icons/binhex.gif .hqx +AddIcon /icons/tar.gif .tar +AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv +AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip +AddIcon /icons/a.gif .ps .ai .eps +AddIcon /icons/layout.gif .html .shtml .htm .pdf +AddIcon /icons/text.gif .txt +AddIcon /icons/c.gif .c +AddIcon /icons/p.gif .pl .py +AddIcon /icons/f.gif .for +AddIcon /icons/dvi.gif .dvi +AddIcon /icons/uuencoded.gif .uu +AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl +AddIcon /icons/tex.gif .tex +AddIcon /icons/bomb.gif core + +AddIcon /icons/back.gif .. +AddIcon /icons/hand.right.gif README +AddIcon /icons/folder.gif ^^DIRECTORY^^ +AddIcon /icons/blank.gif ^^BLANKICON^^ + +# DefaultIcon is which icon to show for files which do not have an icon +# explicitly set. +DefaultIcon /icons/unknown.gif + +# AddDescription allows you to place a short description after a file in +# server-generated indexes. These are only displayed for FancyIndexed +# directories. +# Format: AddDescription "description" filename + +#AddDescription "GZIP compressed document" .gz +#AddDescription "tar archive" .tar +#AddDescription "GZIP compressed tar archive" .tgz + +# ReadmeName is the name of the README file the server will look for by +# default, and append to directory listings. + +# HeaderName is the name of a file which should be prepended to +# directory indexes. +ReadmeName README.html +HeaderName HEADER.html + +# IndexIgnore is a set of filenames which directory indexing should ignore +# and not include in the listing. Shell-style wildcarding is permitted. +IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t + + + +# vim: ts=4 filetype=apache diff --git a/.b/etc/apache2/modules.d/00_mod_info.conf b/.b/etc/apache2/modules.d/00_mod_info.conf new file mode 100644 index 0000000..2cd32c4 --- /dev/null +++ b/.b/etc/apache2/modules.d/00_mod_info.conf @@ -0,0 +1,10 @@ + +# Allow remote server configuration reports, with the URL of +# http://servername/server-info + + SetHandler server-info + Require local + + + +# vim: ts=4 filetype=apache diff --git a/.b/etc/apache2/modules.d/00_mod_log_config.conf b/.b/etc/apache2/modules.d/00_mod_log_config.conf new file mode 100644 index 0000000..ce0238e --- /dev/null +++ b/.b/etc/apache2/modules.d/00_mod_log_config.conf @@ -0,0 +1,35 @@ + +# The following directives define some format nicknames for use with +# a CustomLog directive (see below). +LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined +LogFormat "%h %l %u %t \"%r\" %>s %b" common + +LogFormat "%{Referer}i -> %U" referer +LogFormat "%{User-Agent}i" agent +LogFormat "%v %h %l %u %t \"%r\" %>s %b %T" script +LogFormat "%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" VLOG=%{VLOG}e" vhost + + +# You need to enable mod_logio.c to use %I and %O +LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio +LogFormat "%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" vhostio + + +# The location and format of the access logfile (Common Logfile Format). +# If you do not define any access logfiles within a +# container, they will be logged here. Contrariwise, if you *do* +# define per- access logfiles, transactions will be +# logged therein and *not* in this file. +CustomLog /var/log/apache2/access_log common + +# If you would like to have agent and referer logfiles, +# uncomment the following directives. +#CustomLog /var/log/apache2/referer_log referer +#CustomLog /var/log/apache2/agent_logs agent + +# If you prefer a logfile with access, agent, and referer information +# (Combined Logfile Format) you can use the following directive. +#CustomLog /var/log/apache2/access_log combined + + +# vim: ts=4 filetype=apache diff --git a/.b/etc/apache2/modules.d/00_mod_mime.conf b/.b/etc/apache2/modules.d/00_mod_mime.conf new file mode 100644 index 0000000..fb8a9a5 --- /dev/null +++ b/.b/etc/apache2/modules.d/00_mod_mime.conf @@ -0,0 +1,46 @@ + +# TypesConfig points to the file containing the list of mappings from +# filename extension to MIME-type. +TypesConfig /etc/mime.types + +# AddType allows you to add to or override the MIME configuration +# file specified in TypesConfig for specific file types. +#AddType application/x-gzip .tgz + +# AddEncoding allows you to have certain browsers uncompress +# information on the fly. Note: Not all browsers support this. +#AddEncoding x-compress .Z +#AddEncoding x-gzip .gz .tgz + +# If the AddEncoding directives above are commented-out, then you +# probably should define those extensions to indicate media types: +AddType application/x-compress .Z +AddType application/x-gzip .gz .tgz + +# AddHandler allows you to map certain file extensions to "handlers": +# actions unrelated to filetype. These can be either built into the server +# or added with the Action directive (see below) + +# To use CGI scripts outside of ScriptAliased directories: +# (You will also need to add "ExecCGI" to the "Options" directive.) +#AddHandler cgi-script .cgi + +# For type maps (negotiated resources): +#AddHandler type-map var + +# Filters allow you to process content before it is sent to the client. +# +# To parse .shtml files for server-side includes (SSI): +# (You will also need to add "Includes" to the "Options" directive.) +#AddType text/html .shtml +#AddOutputFilter INCLUDES .shtml + + + +# The mod_mime_magic module allows the server to use various hints from the +# contents of the file itself to determine its type. The MIMEMagicFile +# directive tells the module where the hint definitions are located. +MIMEMagicFile /etc/apache2/magic + + +# vim: ts=4 filetype=apache diff --git a/.b/etc/apache2/modules.d/00_mod_status.conf b/.b/etc/apache2/modules.d/00_mod_status.conf new file mode 100644 index 0000000..ed8b3c7 --- /dev/null +++ b/.b/etc/apache2/modules.d/00_mod_status.conf @@ -0,0 +1,15 @@ + +# Allow server status reports generated by mod_status, +# with the URL of http://servername/server-status + + SetHandler server-status + Require local + + +# ExtendedStatus controls whether Apache will generate "full" status +# information (ExtendedStatus On) or just basic information (ExtendedStatus +# Off) when the "server-status" handler is called. +ExtendedStatus On + + +# vim: ts=4 filetype=apache diff --git a/.b/etc/apache2/modules.d/00_mod_userdir.conf b/.b/etc/apache2/modules.d/00_mod_userdir.conf new file mode 100644 index 0000000..0087126 --- /dev/null +++ b/.b/etc/apache2/modules.d/00_mod_userdir.conf @@ -0,0 +1,32 @@ +# Settings for user home directories + +# UserDir: The name of the directory that is appended onto a user's home +# directory if a ~user request is received. Note that you must also set +# the default access control for these directories, as in the example below. +UserDir public_html + +# Control access to UserDir directories. The following is an example +# for a site where these directories are restricted to read-only. + + AllowOverride FileInfo AuthConfig Limit Indexes + Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec + + Require all granted + + + Require all denied + + + +# Suexec isn't really required to run cgi-scripts, but it's a really good +# idea if you have multiple users serving websites... + + + Options ExecCGI + SetHandler cgi-script + + + + + +# vim: ts=4 filetype=apache diff --git a/.b/etc/apache2/modules.d/00_mpm.conf b/.b/etc/apache2/modules.d/00_mpm.conf new file mode 100644 index 0000000..bcb9b6b --- /dev/null +++ b/.b/etc/apache2/modules.d/00_mpm.conf @@ -0,0 +1,99 @@ +# Server-Pool Management (MPM specific) + +# PidFile: The file in which the server should record its process +# identification number when it starts. +# +# DO NOT CHANGE UNLESS YOU KNOW WHAT YOU ARE DOING +PidFile /run/apache2.pid + +# The accept serialization lock file MUST BE STORED ON A LOCAL DISK. +# Mutex file:/run/apache_mpm_mutex + +# Only one of the below sections will be relevant on your +# installed httpd. Use "/usr/sbin/apache2 -l" to find out the +# active mpm. + +# common MPM configuration +# These configuration directives apply to all MPMs +# +# StartServers: Number of child server processes created at startup +# MaxRequestWorkers: Maximum number of child processes to serve requests +# MaxConnectionsPerChild: Limit on the number of connections that an individual +# child server will handle during its life + + +# prefork MPM +# This is the default MPM if USE=-threads +# +# MinSpareServers: Minimum number of idle child server processes +# MaxSpareServers: Maximum number of idle child server processes + + StartServers 5 + MinSpareServers 5 + MaxSpareServers 10 + MaxRequestWorkers 150 + MaxConnectionsPerChild 10000 + + +# worker MPM +# This is the default MPM if USE=threads +# +# MinSpareThreads: Minimum number of idle threads available to handle request spikes +# MaxSpareThreads: Maximum number of idle threads +# ThreadsPerChild: Number of threads created by each child process + + StartServers 2 + MinSpareThreads 25 + MaxSpareThreads 75 + ThreadsPerChild 25 + MaxRequestWorkers 150 + MaxConnectionsPerChild 10000 + + +# event MPM +# +# MinSpareThreads: Minimum number of idle threads available to handle request spikes +# MaxSpareThreads: Maximum number of idle threads +# ThreadsPerChild: Number of threads created by each child process + + StartServers 2 + MinSpareThreads 25 + MaxSpareThreads 75 + ThreadsPerChild 25 + MaxRequestWorkers 150 + MaxConnectionsPerChild 10000 + + +# peruser MPM +# +# MinSpareProcessors: Minimum number of idle child server processes +# MinProcessors: Minimum number of processors per virtual host +# MaxProcessors: Maximum number of processors per virtual host +# ExpireTimeout: Maximum idle time before a child is killed, 0 to disable +# Multiplexer: Specify a Multiplexer child configuration. +# Processor: Specify a user and group for a specific child process + + MinSpareProcessors 2 + MinProcessors 2 + MaxProcessors 10 + MaxRequestWorkers 150 + MaxConnectionsPerChild 1000 + ExpireTimeout 1800 + + Multiplexer nobody nobody + Processor apache apache + + +# itk MPM +# +# MinSpareServers: Minimum number of idle child server processes +# MaxSpareServers: Maximum number of idle child server processes + + StartServers 5 + MinSpareServers 5 + MaxSpareServers 10 + MaxRequestWorkers 150 + MaxConnectionsPerChild 10000 + + +# vim: ts=4 filetype=apache diff --git a/.b/etc/apache2/modules.d/10_mod_mem_cache.conf b/.b/etc/apache2/modules.d/10_mod_mem_cache.conf new file mode 100644 index 0000000..520d9fd --- /dev/null +++ b/.b/etc/apache2/modules.d/10_mod_mem_cache.conf @@ -0,0 +1,10 @@ + +# 128MB cache for objects < 2MB +CacheEnable mem / +MCacheSize 131072 +MCacheMaxObjectCount 1000 +MCacheMinObjectSize 1 +MCacheMaxObjectSize 2097152 + + +# vim: ts=4 filetype=apache diff --git a/.b/etc/apache2/modules.d/40_mod_ssl.conf b/.b/etc/apache2/modules.d/40_mod_ssl.conf new file mode 100644 index 0000000..f51de46 --- /dev/null +++ b/.b/etc/apache2/modules.d/40_mod_ssl.conf @@ -0,0 +1,67 @@ +# Note: The following must must be present to support +# starting without SSL on platforms with no /dev/random equivalent +# but a statically compiled-in mod_ssl. + +SSLRandomSeed startup builtin +SSLRandomSeed connect builtin + + + +# This is the Apache server configuration file providing SSL support. +# It contains the configuration directives to instruct the server how to +# serve pages over an https connection. For detailing information about these +# directives see + +# Do NOT simply read the instructions in here without understanding +# what they do. They're here only as hints or reminders. If you are unsure +# consult the online docs. You have been warned. + +## Pseudo Random Number Generator (PRNG): +# Configure one or more sources to seed the PRNG of the SSL library. +# The seed data should be of good random quality. +# WARNING! On some platforms /dev/random blocks if not enough entropy +# is available. This means you then cannot use the /dev/random device +# because it would lead to very long connection times (as long as +# it requires to make more entropy available). But usually those +# platforms additionally provide a /dev/urandom device which doesn't +# block. So, if available, use this one instead. Read the mod_ssl User +# Manual for more details. +#SSLRandomSeed startup file:/dev/random 512 +#SSLRandomSeed startup file:/dev/urandom 512 +#SSLRandomSeed connect file:/dev/random 512 +#SSLRandomSeed connect file:/dev/urandom 512 + +## SSL Global Context: +# All SSL configuration in this context applies both to the main server and +# all SSL-enabled virtual hosts. + +# Some MIME-types for downloading Certificates and CRLs + + AddType application/x-x509-ca-cert .crt + AddType application/x-pkcs7-crl .crl + + +## Pass Phrase Dialog: +# Configure the pass phrase gathering process. The filtering dialog program +# (`builtin' is a internal terminal dialog) has to provide the pass phrase on +# stdout. +SSLPassPhraseDialog builtin + +## Inter-Process Session Cache: +# Configure the SSL Session Cache: First the mechanism to use and second the +# expiring timeout (in seconds). +#SSLSessionCache dbm:/run/ssl_scache +SSLSessionCache shmcb:/run/ssl_scache(512000) +SSLSessionCacheTimeout 300 + +## Semaphore: +# Configure the path to the mutual exclusion semaphore the SSL engine uses +# internally for inter-process synchronization. +Mutex file:/run/apache_ssl_mutex ssl-cache + +## SSL Compression: +# Known to be vulnerable thus disabled by default (bug #507324). +SSLCompression off + + +# vim: ts=4 filetype=apache diff --git a/.b/etc/apache2/modules.d/41_mod_http2.conf b/.b/etc/apache2/modules.d/41_mod_http2.conf new file mode 100644 index 0000000..e4c9454 --- /dev/null +++ b/.b/etc/apache2/modules.d/41_mod_http2.conf @@ -0,0 +1,9 @@ + + + # enable debugging for this module + #LogLevel http2:info + + #Enable HTTP/2 support + Protocols h2 h2c http/1.1 + + diff --git a/.b/etc/apache2/modules.d/45_mod_dav.conf b/.b/etc/apache2/modules.d/45_mod_dav.conf new file mode 100644 index 0000000..36f6b9c --- /dev/null +++ b/.b/etc/apache2/modules.d/45_mod_dav.conf @@ -0,0 +1,19 @@ + +DavLockDB "/var/lib/dav/lockdb" + +# The following directives disable redirects on non-GET requests for +# a directory that does not include the trailing slash. This fixes a +# problem with several clients that do not appropriately handle +# redirects for folders with DAV methods. + +BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully +BrowserMatch "MS FrontPage" redirect-carefully +BrowserMatch "^WebDrive" redirect-carefully +BrowserMatch "^WebDAVFS/1.[012345678]" redirect-carefully +BrowserMatch "^gnome-vfs/1.0" redirect-carefully +BrowserMatch "^XML Spy" redirect-carefully +BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully + + + +# vim: ts=4 filetype=apache diff --git a/.b/etc/apache2/modules.d/46_mod_ldap.conf b/.b/etc/apache2/modules.d/46_mod_ldap.conf new file mode 100644 index 0000000..883061f --- /dev/null +++ b/.b/etc/apache2/modules.d/46_mod_ldap.conf @@ -0,0 +1,18 @@ +# Examples below are taken from the online documentation +# Refer to: +# http://localhost/manual/mod/mod_ldap.html +# http://localhost/manual/mod/mod_auth_ldap.html + +LDAPSharedCacheSize 200000 +LDAPCacheEntries 1024 +LDAPCacheTTL 600 +LDAPOpCacheEntries 1024 +LDAPOpCacheTTL 600 + + + SetHandler ldap-status + Require local + + + +# vim: ts=4 filetype=apache diff --git a/.b/etc/apache2/vhosts.d/.keep_www-servers_apache-2 b/.b/etc/apache2/vhosts.d/.keep_www-servers_apache-2 new file mode 100644 index 0000000..e69de29 diff --git a/.b/etc/apache2/vhosts.d/00_default_ssl_vhost.conf b/.b/etc/apache2/vhosts.d/00_default_ssl_vhost.conf new file mode 100644 index 0000000..6abc21d --- /dev/null +++ b/.b/etc/apache2/vhosts.d/00_default_ssl_vhost.conf @@ -0,0 +1,186 @@ + + + +# see bug #178966 why this is in here + +# When we also provide SSL we have to listen to the HTTPS port +# Note: Configurations that use IPv6 but not IPv4-mapped addresses need two +# Listen directives: "Listen [::]:443" and "Listen 0.0.0.0:443" +Listen 443 + + + ServerName localhost + Include /etc/apache2/vhosts.d/default_vhost.include + ErrorLog /var/log/apache2/ssl_error_log + + + TransferLog /var/log/apache2/ssl_access_log + + + ## SSL Engine Switch: + # Enable/Disable SSL for this virtual host. + SSLEngine on + + ## SSLProtocol: + # Don't use SSLv2 anymore as it's considered to be broken security-wise. + # Also disable SSLv3 as most modern browsers are capable of TLS. + SSLProtocol ALL -SSLv2 -SSLv3 + + ## SSL Cipher Suite: + # List the ciphers that the client is permitted to negotiate. + # See the mod_ssl documentation for a complete list. + # This list of ciphers is recommended by mozilla and was stripped off + # its RC4 ciphers. (bug #506924) + SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128:AES256:HIGH:!RC4:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK + + ## SSLHonorCipherOrder: + # Prefer the server's cipher preference order as the client may have a + # weak default order. + SSLHonorCipherOrder On + + ## Server Certificate: + # Point SSLCertificateFile at a PEM encoded certificate. If the certificate + # is encrypted, then you will be prompted for a pass phrase. Note that a + # kill -HUP will prompt again. Keep in mind that if you have both an RSA + # and a DSA certificate you can configure both in parallel (to also allow + # the use of DSA ciphers, etc.) + SSLCertificateFile /etc/ssl/apache2/server.crt + + ## Server Private Key: + # If the key is not combined with the certificate, use this directive to + # point at the key file. Keep in mind that if you've both a RSA and a DSA + # private key you can configure both in parallel (to also allow the use of + # DSA ciphers, etc.) + SSLCertificateKeyFile /etc/ssl/apache2/server.key + + ## Server Certificate Chain: + # Point SSLCertificateChainFile at a file containing the concatenation of + # PEM encoded CA certificates which form the certificate chain for the + # server certificate. Alternatively the referenced file can be the same as + # SSLCertificateFile when the CA certificates are directly appended to the + # server certificate for convinience. + #SSLCertificateChainFile /etc/ssl/apache2/ca.crt + + ## Certificate Authority (CA): + # Set the CA certificate verification path where to find CA certificates + # for client authentication or alternatively one huge file containing all + # of them (file must be PEM encoded). + # Note: Inside SSLCACertificatePath you need hash symlinks to point to the + # certificate files. Use the provided Makefile to update the hash symlinks + # after changes. + #SSLCACertificatePath /etc/ssl/apache2/ssl.crt + #SSLCACertificateFile /etc/ssl/apache2/ca-bundle.crt + + ## Certificate Revocation Lists (CRL): + # Set the CA revocation path where to find CA CRLs for client authentication + # or alternatively one huge file containing all of them (file must be PEM + # encoded). + # Note: Inside SSLCARevocationPath you need hash symlinks to point to the + # certificate files. Use the provided Makefile to update the hash symlinks + # after changes. + #SSLCARevocationPath /etc/ssl/apache2/ssl.crl + #SSLCARevocationFile /etc/ssl/apache2/ca-bundle.crl + + ## Client Authentication (Type): + # Client certificate verification type and depth. Types are none, optional, + # require and optional_no_ca. Depth is a number which specifies how deeply + # to verify the certificate issuer chain before deciding the certificate is + # not valid. + #SSLVerifyClient require + #SSLVerifyDepth 10 + + ## Access Control: + # With SSLRequire you can do per-directory access control based on arbitrary + # complex boolean expressions containing server variable checks and other + # lookup directives. The syntax is a mixture between C and Perl. See the + # mod_ssl documentation for more details. + # + # #SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \ + # and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \ + # and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \ + # and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \ + # and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \ + # or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/ + # + + ## SSL Engine Options: + # Set various options for the SSL engine. + + ## FakeBasicAuth: + # Translate the client X.509 into a Basic Authorisation. This means that the + # standard Auth/DBMAuth methods can be used for access control. The user + # name is the `one line' version of the client's X.509 certificate. + # Note that no password is obtained from the user. Every entry in the user + # file needs this password: `xxj31ZMTZzkVA'. + + ## ExportCertData: + # This exports two additional environment variables: SSL_CLIENT_CERT and + # SSL_SERVER_CERT. These contain the PEM-encoded certificates of the server + # (always existing) and the client (only existing when client + # authentication is used). This can be used to import the certificates into + # CGI scripts. + + ## StdEnvVars: + # This exports the standard SSL/TLS related `SSL_*' environment variables. + # Per default this exportation is switched off for performance reasons, + # because the extraction step is an expensive operation and is usually + # useless for serving static content. So one usually enables the exportation + # for CGI and SSI requests only. + + ## StrictRequire: + # This denies access when "SSLRequireSSL" or "SSLRequire" applied even under + # a "Satisfy any" situation, i.e. when it applies access is denied and no + # other module can change it. + + ## OptRenegotiate: + # This enables optimized SSL connection renegotiation handling when SSL + # directives are used in per-directory context. + #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire + + SSLOptions +StdEnvVars + + + + SSLOptions +StdEnvVars + + + ## SSL Protocol Adjustments: + # The safe and default but still SSL/TLS standard compliant shutdown + # approach is that mod_ssl sends the close notify alert but doesn't wait + # for the close notify alert from client. When you need a different + # shutdown approach you can use one of the following variables: + + ## ssl-unclean-shutdown: + # This forces an unclean shutdown when the connection is closed, i.e. no + # SSL close notify alert is send or allowed to received. This violates the + # SSL/TLS standard but is needed for some brain-dead browsers. Use this when + # you receive I/O errors because of the standard approach where mod_ssl + # sends the close notify alert. + + ## ssl-accurate-shutdown: + # This forces an accurate shutdown when the connection is closed, i.e. a + # SSL close notify alert is send and mod_ssl waits for the close notify + # alert of the client. This is 100% SSL/TLS standard compliant, but in + # practice often causes hanging connections with brain-dead browsers. Use + # this only for browsers where you know that their SSL implementation works + # correctly. + # Notice: Most problems of broken clients are also related to the HTTP + # keep-alive facility, so you usually additionally want to disable + # keep-alive for those clients, too. Use variable "nokeepalive" for this. + # Similarly, one has to force some clients to use HTTP/1.0 to workaround + # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and + # "force-response-1.0" for this. + + ## Per-Server Logging: + # The home of a custom SSL log file. Use this when you want a compact + # non-error SSL logfile on a virtual host basis. + + CustomLog /var/log/apache2/ssl_request_log \ + "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" + + + + + + +# vim: ts=4 filetype=apache diff --git a/.b/etc/apache2/vhosts.d/00_default_vhost.conf b/.b/etc/apache2/vhosts.d/00_default_vhost.conf new file mode 100644 index 0000000..b9766b5 --- /dev/null +++ b/.b/etc/apache2/vhosts.d/00_default_vhost.conf @@ -0,0 +1,45 @@ +# Virtual Hosts +# +# If you want to maintain multiple domains/hostnames on your +# machine you can setup VirtualHost containers for them. Most configurations +# use only name-based virtual hosts so the server doesn't need to worry about +# IP addresses. This is indicated by the asterisks in the directives below. +# +# Please see the documentation at +# +# for further details before you try to setup virtual hosts. +# +# You may use the command line option '-S' to verify your virtual host +# configuration. + + +# see bug #178966 why this is in here + +# Listen: Allows you to bind Apache to specific IP addresses and/or +# ports, instead of the default. See also the +# directive. +# +# Change this to Listen on specific IP addresses as shown below to +# prevent Apache from glomming onto all bound IP addresses. +# +#Listen 12.34.56.78:80 +Listen 80 + +# When virtual hosts are enabled, the main host defined in the default +# httpd.conf configuration will go away. We redefine it here so that it is +# still available. +# +# If you disable this vhost by removing -D DEFAULT_VHOST from +# /etc/conf.d/apache2, the first defined virtual host elsewhere will be +# the default. + + ServerName localhost + Include /etc/apache2/vhosts.d/default_vhost.include + + + ServerEnvironment apache apache + + + + +# vim: ts=4 filetype=apache diff --git a/.b/etc/apache2/vhosts.d/default_vhost.include b/.b/etc/apache2/vhosts.d/default_vhost.include new file mode 100644 index 0000000..af6ece8 --- /dev/null +++ b/.b/etc/apache2/vhosts.d/default_vhost.include @@ -0,0 +1,71 @@ +# ServerAdmin: Your address, where problems with the server should be +# e-mailed. This address appears on some server-generated pages, such +# as error documents. e.g. admin@your-domain.com +ServerAdmin root@localhost + +# DocumentRoot: The directory out of which you will serve your +# documents. By default, all requests are taken from this directory, but +# symbolic links and aliases may be used to point to other locations. +# +# If you change this to something that isn't under /var/www then suexec +# will no longer work. +DocumentRoot "/var/www/localhost/htdocs" + +# This should be changed to whatever you set DocumentRoot to. + + # Possible values for the Options directive are "None", "All", + # or any combination of: + # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews + # + # Note that "MultiViews" must be named *explicitly* --- "Options All" + # doesn't give it to you. + # + # The Options directive is both complicated and important. Please see + # http://httpd.apache.org/docs/2.4/mod/core.html#options + # for more information. + Options Indexes FollowSymLinks + + # AllowOverride controls what directives may be placed in .htaccess files. + # It can be "All", "None", or any combination of the keywords: + # Options FileInfo AuthConfig Limit + AllowOverride All + + # Controls who can get stuff from this server. + Require all granted + + + + # Redirect: Allows you to tell clients about documents that used to + # exist in your server's namespace, but do not anymore. The client + # will make a new request for the document at its new location. + # Example: + # Redirect permanent /foo http://www.example.com/bar + + # Alias: Maps web paths into filesystem paths and is used to + # access content that does not live under the DocumentRoot. + # Example: + # Alias /webpath /full/filesystem/path + # + # If you include a trailing / on /webpath then the server will + # require it to be present in the URL. You will also likely + # need to provide a section to allow access to + # the filesystem path. + + # ScriptAlias: This controls which directories contain server scripts. + # ScriptAliases are essentially the same as Aliases, except that + # documents in the target directory are treated as applications and + # run by the server when requested rather than as documents sent to the + # client. The same rules about trailing "/" apply to ScriptAlias + # directives as to Alias. + ScriptAlias /cgi-bin/ "/var/www/localhost/cgi-bin/" + + +# "/var/www/localhost/cgi-bin" should be changed to whatever your ScriptAliased +# CGI directory exists, if you have that configured. + + AllowOverride None + Options None + Require all granted + + +# vim: ts=4 filetype=apache diff --git a/.b/etc/apache2/vhosts.d/synd-local.conf b/.b/etc/apache2/vhosts.d/synd-local.conf new file mode 100644 index 0000000..1a2f813 --- /dev/null +++ b/.b/etc/apache2/vhosts.d/synd-local.conf @@ -0,0 +1,16 @@ + + ServerAdmin webmaster@localhost + ServerName synd.local + ServerAlias synd.local + + DocumentRoot "/var/www/synd" + + + Options MultiViews FollowSymlinks + AllowOverride all + Order allow,deny + Allow from all + + + ErrorDocument 404 /404.html + diff --git a/.b/etc/libvirt/nwfilter/allow-arp.xml b/.b/etc/libvirt/nwfilter/allow-arp.xml new file mode 100644 index 0000000..3b1aab4 --- /dev/null +++ b/.b/etc/libvirt/nwfilter/allow-arp.xml @@ -0,0 +1,11 @@ + + + + db4b7437-666d-4cfa-bce7-bcaa7afb13be + + diff --git a/.b/etc/libvirt/nwfilter/allow-dhcp-server.xml b/.b/etc/libvirt/nwfilter/allow-dhcp-server.xml new file mode 100644 index 0000000..c5d5e43 --- /dev/null +++ b/.b/etc/libvirt/nwfilter/allow-dhcp-server.xml @@ -0,0 +1,16 @@ + + + + 31e13fa0-afce-42cf-94de-7603f29cb16e + + + + + + + diff --git a/.b/etc/libvirt/nwfilter/allow-dhcp.xml b/.b/etc/libvirt/nwfilter/allow-dhcp.xml new file mode 100644 index 0000000..18a77b3 --- /dev/null +++ b/.b/etc/libvirt/nwfilter/allow-dhcp.xml @@ -0,0 +1,16 @@ + + + + 41f162f6-085d-404d-b182-7756c106ac8b + + + + + + + diff --git a/.b/etc/libvirt/nwfilter/allow-dhcpv6-server.xml b/.b/etc/libvirt/nwfilter/allow-dhcpv6-server.xml new file mode 100644 index 0000000..006fd6a --- /dev/null +++ b/.b/etc/libvirt/nwfilter/allow-dhcpv6-server.xml @@ -0,0 +1,16 @@ + + + + 4e92d3ca-a223-48b0-b3a5-5b00bdd11292 + + + + + + + diff --git a/.b/etc/libvirt/nwfilter/allow-dhcpv6.xml b/.b/etc/libvirt/nwfilter/allow-dhcpv6.xml new file mode 100644 index 0000000..b9616b9 --- /dev/null +++ b/.b/etc/libvirt/nwfilter/allow-dhcpv6.xml @@ -0,0 +1,16 @@ + + + + b0f2378e-0c9a-47c8-849c-3eb3fa08c414 + + + + + + + diff --git a/.b/etc/libvirt/nwfilter/allow-incoming-ipv4.xml b/.b/etc/libvirt/nwfilter/allow-incoming-ipv4.xml new file mode 100644 index 0000000..333f6d1 --- /dev/null +++ b/.b/etc/libvirt/nwfilter/allow-incoming-ipv4.xml @@ -0,0 +1,11 @@ + + + + 35858ec9-d1b8-4dec-964d-5612afda4700 + + diff --git a/.b/etc/libvirt/nwfilter/allow-incoming-ipv6.xml b/.b/etc/libvirt/nwfilter/allow-incoming-ipv6.xml new file mode 100644 index 0000000..5c08426 --- /dev/null +++ b/.b/etc/libvirt/nwfilter/allow-incoming-ipv6.xml @@ -0,0 +1,11 @@ + + + + 9a12cb02-0a56-443f-b229-1bf7a6999223 + + diff --git a/.b/etc/libvirt/nwfilter/allow-ipv4.xml b/.b/etc/libvirt/nwfilter/allow-ipv4.xml new file mode 100644 index 0000000..126ce40 --- /dev/null +++ b/.b/etc/libvirt/nwfilter/allow-ipv4.xml @@ -0,0 +1,11 @@ + + + + eb47fbd9-4e26-43bc-ba32-0b2c85485320 + + diff --git a/.b/etc/libvirt/nwfilter/allow-ipv6.xml b/.b/etc/libvirt/nwfilter/allow-ipv6.xml new file mode 100644 index 0000000..20a1c56 --- /dev/null +++ b/.b/etc/libvirt/nwfilter/allow-ipv6.xml @@ -0,0 +1,11 @@ + + + + 8de97181-a1fc-4596-8421-e1b442c19061 + + diff --git a/.b/etc/libvirt/nwfilter/clean-traffic-gateway.xml b/.b/etc/libvirt/nwfilter/clean-traffic-gateway.xml new file mode 100644 index 0000000..c4eeb32 --- /dev/null +++ b/.b/etc/libvirt/nwfilter/clean-traffic-gateway.xml @@ -0,0 +1,24 @@ + + + + 0b674222-9a8b-471f-9670-99200506aff5 + + + + + + + + + + + + + + + diff --git a/.b/etc/libvirt/nwfilter/clean-traffic.xml b/.b/etc/libvirt/nwfilter/clean-traffic.xml new file mode 100644 index 0000000..2920e9a --- /dev/null +++ b/.b/etc/libvirt/nwfilter/clean-traffic.xml @@ -0,0 +1,22 @@ + + + + 40d3673f-ad86-4881-a0ce-c256c3803116 + + + + + + + + + + + + + diff --git a/.b/etc/libvirt/nwfilter/no-arp-ip-spoofing.xml b/.b/etc/libvirt/nwfilter/no-arp-ip-spoofing.xml new file mode 100644 index 0000000..9be2051 --- /dev/null +++ b/.b/etc/libvirt/nwfilter/no-arp-ip-spoofing.xml @@ -0,0 +1,14 @@ + + + + 61832339-c864-438b-9f32-0072ca2bdf60 + + + + + diff --git a/.b/etc/libvirt/nwfilter/no-arp-mac-spoofing.xml b/.b/etc/libvirt/nwfilter/no-arp-mac-spoofing.xml new file mode 100644 index 0000000..a69e7f5 --- /dev/null +++ b/.b/etc/libvirt/nwfilter/no-arp-mac-spoofing.xml @@ -0,0 +1,14 @@ + + + + 6e3bb280-7894-461f-b995-a70b4ab04adf + + + + + diff --git a/.b/etc/libvirt/nwfilter/no-arp-spoofing.xml b/.b/etc/libvirt/nwfilter/no-arp-spoofing.xml new file mode 100644 index 0000000..f5be34e --- /dev/null +++ b/.b/etc/libvirt/nwfilter/no-arp-spoofing.xml @@ -0,0 +1,12 @@ + + + + 4aae55db-84a7-45a6-9d89-b8747a46f91b + + + diff --git a/.b/etc/libvirt/nwfilter/no-ip-multicast.xml b/.b/etc/libvirt/nwfilter/no-ip-multicast.xml new file mode 100644 index 0000000..29185cb --- /dev/null +++ b/.b/etc/libvirt/nwfilter/no-ip-multicast.xml @@ -0,0 +1,13 @@ + + + + 13e19500-ad8f-473e-88f6-90aa8b13e250 + + + + diff --git a/.b/etc/libvirt/nwfilter/no-ip-spoofing.xml b/.b/etc/libvirt/nwfilter/no-ip-spoofing.xml new file mode 100644 index 0000000..c15674e --- /dev/null +++ b/.b/etc/libvirt/nwfilter/no-ip-spoofing.xml @@ -0,0 +1,17 @@ + + + + a8b106c8-e07f-4f95-a5d6-6af90f9f6ec7 + + + + + + + + diff --git a/.b/etc/libvirt/nwfilter/no-ipv6-multicast.xml b/.b/etc/libvirt/nwfilter/no-ipv6-multicast.xml new file mode 100644 index 0000000..162f08c --- /dev/null +++ b/.b/etc/libvirt/nwfilter/no-ipv6-multicast.xml @@ -0,0 +1,13 @@ + + + + e67bb90e-496f-472d-948e-59c59e40a7de + + + + diff --git a/.b/etc/libvirt/nwfilter/no-ipv6-spoofing.xml b/.b/etc/libvirt/nwfilter/no-ipv6-spoofing.xml new file mode 100644 index 0000000..c8f665e --- /dev/null +++ b/.b/etc/libvirt/nwfilter/no-ipv6-spoofing.xml @@ -0,0 +1,17 @@ + + + + d7793108-fc88-4f21-8d30-1a52bfd7caef + + + + + + + + diff --git a/.b/etc/libvirt/nwfilter/no-mac-broadcast.xml b/.b/etc/libvirt/nwfilter/no-mac-broadcast.xml new file mode 100644 index 0000000..c9a1990 --- /dev/null +++ b/.b/etc/libvirt/nwfilter/no-mac-broadcast.xml @@ -0,0 +1,13 @@ + + + + 8a58a691-55e3-44cb-8243-c64a620c9115 + + + + diff --git a/.b/etc/libvirt/nwfilter/no-mac-spoofing.xml b/.b/etc/libvirt/nwfilter/no-mac-spoofing.xml new file mode 100644 index 0000000..68a38a6 --- /dev/null +++ b/.b/etc/libvirt/nwfilter/no-mac-spoofing.xml @@ -0,0 +1,16 @@ + + + + 649c6d5f-891c-4c31-a338-8687b45ceecb + + + + + + + diff --git a/.b/etc/libvirt/nwfilter/no-other-l2-traffic.xml b/.b/etc/libvirt/nwfilter/no-other-l2-traffic.xml new file mode 100644 index 0000000..a2994c7 --- /dev/null +++ b/.b/etc/libvirt/nwfilter/no-other-l2-traffic.xml @@ -0,0 +1,11 @@ + + + + 3c49194e-bf72-4b29-ab18-6c042d9016c5 + + diff --git a/.b/etc/libvirt/nwfilter/no-other-rarp-traffic.xml b/.b/etc/libvirt/nwfilter/no-other-rarp-traffic.xml new file mode 100644 index 0000000..6af24a4 --- /dev/null +++ b/.b/etc/libvirt/nwfilter/no-other-rarp-traffic.xml @@ -0,0 +1,11 @@ + + + + ef01fc83-ab71-4bfc-91d0-035bc9edaee9 + + diff --git a/.b/etc/libvirt/nwfilter/qemu-announce-self-rarp.xml b/.b/etc/libvirt/nwfilter/qemu-announce-self-rarp.xml new file mode 100644 index 0000000..9889c8b --- /dev/null +++ b/.b/etc/libvirt/nwfilter/qemu-announce-self-rarp.xml @@ -0,0 +1,16 @@ + + + + 19481e08-b10a-4320-b470-0382763e9084 + + + + + + + diff --git a/.b/etc/libvirt/nwfilter/qemu-announce-self.xml b/.b/etc/libvirt/nwfilter/qemu-announce-self.xml new file mode 100644 index 0000000..522a5cc --- /dev/null +++ b/.b/etc/libvirt/nwfilter/qemu-announce-self.xml @@ -0,0 +1,15 @@ + + + + 1a4fac90-916d-4a6a-bdfb-6a9843004058 + + + + + + diff --git a/.b/etc/libvirt/qemu/Funtoo.xml b/.b/etc/libvirt/qemu/Funtoo.xml new file mode 100644 index 0000000..058166f --- /dev/null +++ b/.b/etc/libvirt/qemu/Funtoo.xml @@ -0,0 +1,155 @@ + + + + Funtoo + 0b84831a-af86-4732-b797-b9fd52ff64f4 + + + + + + 4194304 + 4194304 + 2 + + hvm + + + + + + + + + + + + + destroy + restart + destroy + + + + + + /usr/bin/qemu-system-x86_64 + + + + + +
+ + + + + + + +
+ + +
+ + +
+ + + + + +
+ + + + +
+ + + + +
+ + + + +
+ + + + +
+ + + + +
+ + + + +
+ + +
+ + + + + +
+ + + + + + + + + + + +
+ + + +
+ + +
+ + + + + + + + +
+ +