about summary refs log tree commit diff stats
path: root/tools
diff options
context:
space:
mode:
authorSilvino Silva <silvino@bk.ru>2017-02-04 00:46:40 +0000
committerSilvino Silva <silvino@bk.ru>2017-02-04 00:46:40 +0000
commit4208a8936840298b00e6930fb0501db27a5cde0f (patch)
tree662a5e7ce5569249b63c9f4925ba4f75b4c44575 /tools
parent5509a84e0d1a2732a429120e0bd26b83e119481f (diff)
parenta671b0c01821d46d9f783393b887d7987ec10161 (diff)
downloaddoc-4208a8936840298b00e6930fb0501db27a5cde0f.tar.gz
Merge branch 'r-0.3.0' into develop
Diffstat (limited to 'tools')
-rw-r--r--tools/conf/etc/gitweb.conf24
-rw-r--r--tools/conf/etc/iptables/vlan.v4170
-rw-r--r--tools/conf/etc/nginx/sites-enabled/git.localhost.conf25
-rwxr-xr-xtools/conf/etc/rc.d/blan93
-rw-r--r--tools/conf/srv/gitolite/.gitolite.rc2
-rwxr-xr-xtools/conf/srv/gitolite/deploy-web-doc42
-rw-r--r--tools/conf/srv/gitolite/deploy-web.sh75
-rwxr-xr-xtools/conf/srv/gitolite/deploy.sh175
-rwxr-xr-xtools/conf/srv/gitolite/deployweb74
-rw-r--r--tools/conf/srv/gitolite/gitolite.conf80
-rwxr-xr-xtools/conf/srv/gitolite/hook-deployweb22
-rw-r--r--tools/conf/srv/gitolite/hook.sh95
-rw-r--r--tools/gitolite.html353
-rw-r--r--tools/network.html21
-rw-r--r--tools/openssh.html2
-rw-r--r--tools/qemu.html127
-rw-r--r--tools/scripts/autoport.sh24
-rw-r--r--tools/scripts/pkgmk-test.conf38
-rw-r--r--tools/scripts/pkgmk-test.sh5
-rwxr-xr-x[-rw-r--r--]tools/scripts/replace.sh1
-rw-r--r--tools/storage.html20
-rw-r--r--tools/tcpdump.html4
-rw-r--r--tools/vim.html14
23 files changed, 1147 insertions, 339 deletions
diff --git a/tools/conf/etc/gitweb.conf b/tools/conf/etc/gitweb.conf
index b7bd004..26034fb 100644
--- a/tools/conf/etc/gitweb.conf
+++ b/tools/conf/etc/gitweb.conf
@@ -1,16 +1,22 @@
-our $git_temp = "/srv/www/gitweb_tmp";
-
-our $projects_list = "/srv/gitolite/projects.list";
 # The directories where your projects are. Must not end with a slash.
 our $projectroot = "/srv/gitolite/repositories"; 
 
 # Base URLs for links displayed in the web interface.
 our @git_base_url_list = qw(git://core.privat-network.com http://git@core.private-network.com); 
 
+our $site_name = "gitweb";
+our $git_temp = "/srv/www/gitweb_tmp";
+
+our $projects_list = "/srv/gitolite/projects.list";
+
 our $projects_list_group_categories = 1;
-# By default, gitweb will happily let people browse any repository
-# they guess the name of. This may or may not be what you want.
-# I prefer to set these, to allow exactly the repositories in
-# projects.list to be browsed.
-$export_ok = "";
-$strict_export = "true";
+
+our $home_link_str="GitWeb";
+
+$feature{'highlight'}{'default'} = [1];
+
+$feature{'pathinfo'}{'default'} = [1];
+
+our @extra_breadcrumbs = (
+      [ 'HomePage' => 'https://core.privat-network.net/' ],
+);
diff --git a/tools/conf/etc/iptables/vlan.v4 b/tools/conf/etc/iptables/vlan.v4
new file mode 100644
index 0000000..8c87389
--- /dev/null
+++ b/tools/conf/etc/iptables/vlan.v4
@@ -0,0 +1,170 @@
+# Generated by iptables-save v1.6.0 on Sat Oct 15 17:20:41 2016
+*security
+:INPUT ACCEPT [6:2056]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [6:2056]
+COMMIT
+# Completed on Sat Oct 15 17:20:41 2016
+# Generated by iptables-save v1.6.0 on Sat Oct 15 17:20:41 2016
+*raw
+:PREROUTING ACCEPT [7:2092]
+:OUTPUT ACCEPT [6:2056]
+COMMIT
+# Completed on Sat Oct 15 17:20:41 2016
+# Generated by iptables-save v1.6.0 on Sat Oct 15 17:20:41 2016
+*mangle
+:PREROUTING ACCEPT [7:2092]
+:INPUT ACCEPT [6:2056]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [6:2056]
+:POSTROUTING ACCEPT [6:2056]
+COMMIT
+# Completed on Sat Oct 15 17:20:41 2016
+# Generated by iptables-save v1.6.0 on Sat Oct 15 17:20:41 2016
+*filter
+:INPUT DROP [0:0]
+:FORWARD ACCEPT [0:0]
+:OUTPUT DROP [0:0]
+-A INPUT -i lo -j ACCEPT
+-A INPUT -i br0 -j ACCEPT
+-A INPUT -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -m limit --limit 5/min --limit-burst 7 -j LOG --log-prefix "iptables: drop sync: " --log-level 7
+-A INPUT -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j DROP
+-A INPUT -f -m limit --limit 5/min --limit-burst 7 -j LOG --log-prefix "iptables: drop frag: "
+-A INPUT -f -j DROP
+-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j DROP
+-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j DROP
+-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -m limit --limit 5/min --limit-burst 7 -j LOG --log-prefix "iptables: drop null: "
+-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
+-A INPUT -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -m limit --limit 5/min --limit-burst 7 -j LOG --log-prefix "iptables: drop syn rst syn rs"
+-A INPUT -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP
+-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -m limit --limit 5/min --limit-burst 7 -j LOG --log-prefix "iptables: drop xmas: "
+-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j DROP
+-A INPUT -p tcp -m tcp --tcp-flags FIN,ACK FIN -m limit --limit 5/min --limit-burst 7 -j LOG --log-prefix "iptables: drop fin scan: "
+-A INPUT -p tcp -m tcp --tcp-flags FIN,ACK FIN -j DROP
+-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,ACK,URG -j DROP
+#################################################################################
+#	INPUT
+#	Established connections and passive
+#
+
+# Allow established from dns server
+#-A INPUT -p udp -m udp --sport 53 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
+# INPUT accept passive
+-A INPUT -p tcp -m tcp --sport 1024:65535 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
+-A INPUT -p tcp -m tcp --sport 1024:65535 --dport 1024:65535 -m state --state RELATED -j ACCEPT
+
+
+# Allow irc
+-A INPUT -p tcp -m tcp --sport 6667 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
+# Allow xmmp
+-A INPUT -p tcp -m tcp --sport 5222 --dport 1024:65535 -m state --state ESTABLISHED,RELATED -j ACCEPT
+# Allow established from https server
+-A INPUT -p tcp -m tcp --sport 443 --dport 1024:65535 -m state --state ESTABLISHED,RELATED -j ACCEPT
+-A INPUT -p udp -m udp --sport 443 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
+
+# Allow established from http server
+-A INPUT -p tcp -m tcp --sport 80 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
+# Allow established from rsync server
+-A INPUT -p tcp -m tcp --sport 873 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
+# Allow established from pop3s server
+-A INPUT -p tcp -m tcp --sport 995 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
+# Allow established from smtps server
+-A INPUT -p tcp -m tcp --sport 465 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
+# Allow established from ntp server
+-A INPUT -p udp -m udp --sport 123 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
+# Allow established from whois server
+-A INPUT -p tcp -m tcp --sport 43 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
+# Allow established from ftp server
+-A INPUT -p tcp -m tcp --sport 20 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
+-A INPUT -p tcp -m tcp --sport 21 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
+-A INPUT -p tcp -m tcp --sport 22 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
+##################################################################################
+#	INPUT
+#	New and established connections to local servers
+#
+
+# allow ping
+-A INPUT -p icmp --icmp-type 8 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
+-A INPUT -p icmp --icmp-type 0 -m state --state ESTABLISHED,RELATED -j ACCEPT
+
+# INPUT accept from wlp7s0 to dns server
+#-A INPUT -p udp -m udp --sport 1024:65535 --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT
+
+# INPUT accept from wlp7s0 to https server
+-A INPUT -p tcp -m tcp --sport 1024:65535 --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
+# INPUT accept from wlp7s0 to ssh server
+-A INPUT -p tcp -m tcp --sport 1024:65535 --dport 2222 -m state --state ESTABLISHED -j ACCEPT
+-A INPUT -p tcp -m tcp --sport 1024:65535 --dport 2222 -m state --state NEW -m limit --limit 6/min --limit-burst 3 -j ACCEPT
+
+-A FORWARD -i br0 -j ACCEPT
+
+-A INPUT -j LOG --log-prefix "iptables: INPUT: " --log-level 7
+-A FORWARD -j LOG --log-prefix "iptables: FORWARD: " --log-level 7
+
+##################################################################################
+#	Output
+#	Connections to remote servers
+#
+-A OUTPUT -o lo -j ACCEPT
+-A OUTPUT -o br0 -j ACCEPT
+
+# Allow ping
+-A OUTPUT -p icmp --icmp-type 8 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
+# Allow to ssh clients
+-A OUTPUT -p tcp -m tcp --sport 2222 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
+
+# Allow to dns
+#-A OUTPUT -p udp -m udp --sport 1024:65535 --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT
+# Allow from dns server
+#-A OUTPUT -p udp -m udp --sport 53 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
+
+# Allow irc
+-A OUTPUT -p tcp -m tcp --sport 1024:65535 --dport 6667 -m state --state NEW,ESTABLISHED -j ACCEPT
+# Allow xmmp
+-A OUTPUT -p tcp -m tcp --sport 1024:65535 --dport 5222 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
+
+
+# Allow to rsync server
+-A OUTPUT -p tcp -m tcp --sport 1024:65535 --dport 873 -m state --state NEW,ESTABLISHED -j ACCEPT
+# Allow to pop3s server
+-A OUTPUT -p tcp -m tcp --sport 1024:65535 --dport 995 -m state --state NEW,ESTABLISHED -j ACCEPT
+# Allow to smtps server
+-A OUTPUT -p tcp -m tcp --sport 1024:65535 --dport 465 -m state --state NEW,ESTABLISHED -j ACCEPT
+# Allow to ntp server
+-A OUTPUT -p udp -m udp --sport 1024:65535 --dport 123 -m state --state NEW,ESTABLISHED -j ACCEPT
+# Allow to ftp server
+-A OUTPUT -p tcp -m tcp --sport 1024:65535 --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT
+-A OUTPUT -p tcp -m tcp --sport 1024:65535 --dport 20 -m state --state NEW,ESTABLISHED -j ACCEPT
+# Allow to https server
+-A OUTPUT -p tcp -m tcp --sport 1024:65535 --dport 443 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
+-A OUTPUT -p udp -m udp --sport 1024:65535 --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
+# Allow to http server
+-A OUTPUT -p tcp -m tcp --sport 1024:65535 --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
+
+##################################################################################
+#	Output
+#	Connections from local servers
+#
+
+
+-A OUTPUT -p tcp -m tcp --sport 1024:65535 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
+-A OUTPUT -p tcp -m tcp --sport 1024:65535 --dport 1024:65535 -m state --state RELATED -j ACCEPT
+-A OUTPUT -p tcp -m tcp --sport 1024:65535 --dport 1024:65535 -m state --state NEW -j ACCEPT
+
+
+-A OUTPUT -j LOG --log-prefix "iptables: OUTPUT: " --log-level 7
+COMMIT
+# Completed on Sat Oct 15 17:20:41 2016
+# Generated by iptables-save v1.6.0 on Sat Oct 15 17:20:41 2016
+*nat
+:PREROUTING ACCEPT [1:36]
+:INPUT ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+:POSTROUTING ACCEPT [0:0]
+
+-A POSTROUTING -s 10.0.0.0/24 -d 10.0.0.0/24 -j ACCEPT
+-A POSTROUTING -s 10.0.0.0/24 -j MASQUERADE
+#-A POSTROUTING -o wlp7s0 -j MASQUERADE
+
+COMMIT
+# Completed on Sat Oct 15 17:20:41 2016
diff --git a/tools/conf/etc/nginx/sites-enabled/git.localhost.conf b/tools/conf/etc/nginx/sites-enabled/git.localhost.conf
new file mode 100644
index 0000000..d114ab8
--- /dev/null
+++ b/tools/conf/etc/nginx/sites-enabled/git.localhost.conf
@@ -0,0 +1,25 @@
+server {
+    listen 443 ssl;
+
+    server_name git.localhost git.c9.core git.core.privat-network.net;
+
+    root /srv/www/gitweb;
+
+    location /static/ {
+        # static files (png/css) served from /usr/share/gitweb/static
+        root /usr/share/gitweb ;
+        expires 30d;
+    }
+
+    location / {
+        index gitweb.cgi
+        fastcgi_param GITWEB_CONFIG  /etc/gitweb.conf;
+        fastcgi_param DOCUMENT_ROOT  /srv/www/gitweb/;
+        fastcgi_param SCRIPT_NAME    /gitweb.cgi$fastcgi_path_info;
+        fastcgi_split_path_info      ^()(/?.+)$;
+
+        include fastcgi_params;
+        fastcgi_pass unix:/var/run/fcgiwrap.sock;
+     }
+
+}
diff --git a/tools/conf/etc/rc.d/blan b/tools/conf/etc/rc.d/blan
index f75d272..f3ea322 100755
--- a/tools/conf/etc/rc.d/blan
+++ b/tools/conf/etc/rc.d/blan
@@ -4,60 +4,55 @@
 #
 
 DEV="br0"
-PHY="enp8s0"
 
-ADDR=10.0.0.1
+ADDR=10.0.0.254
 NET=10.0.0.0
+GW=192.168.1.254
 MASK=24
-GTW=10.0.0.1
-NTAPS=$((`/usr/bin/nproc`-1))
+
+# one tap for each cpu core
+NTAPS=$((`/usr/bin/nproc`))
 
 case $1 in
-	start)
-                /sbin/ip link add name ${DEV} type bridge
-                /sbin/ip link set dev ${DEV} up
-
-                /bin/sleep 0.2s
-                /sbin/ip route flush dev ${PHY}
-                /sbin/ip addr flush dev ${PHY}
-                /sbin/ip link set dev ${PHY} master ${DEV}
-
-                /sbin/ip addr add ${ADDR}/${MASK} dev ${DEV} broadcast +
-
-                for i in `/usr/bin/seq $NTAPS`
-                do
-                    TAP="tap$i"
-                    echo $TAP
-                    /sbin/ip tuntap add ${TAP} mode tap group kvm
-                    /sbin/ip link set ${TAP} up
-                    /bin/sleep 0.2s
-                    #brctl addif $switch $1
-                    /sbin/ip link set ${TAP} master ${DEV}
-                done
-
-		exit 0
-		;;
-	stop)
-
-                for i in `/usr/bin/seq $NTAPS`
-                do
-                    TAP="tap$i"
-		    /sbin/ip link del ${TAP}
-                    echo $TAP
-                done
-
-       		/sbin/ip link set dev ${DEV} down
-		/sbin/ip route flush dev ${DEV}
-		/sbin/ip link del ${DEV}
-		exit 0
-		;;
-	restart)
-		$0 stop
-		$0 start
-		;;
-	*)
-		echo "Usage: $0 [start|stop|restart]"
-		;;
+    start)
+        /sbin/ip link add name ${DEV} type bridge
+        /sbin/ip addr add ${ADDR}/${MASK} dev ${DEV} broadcast +
+        /sbin/ip link set dev ${DEV} up
+        /bin/sleep 0.2s
+
+        for i in `/usr/bin/seq $NTAPS`
+        do
+            TAP="tap$i"
+            echo "Setting up ${TAP} tap interface."
+            /sbin/ip tuntap add ${TAP} mode tap group kvm
+            /sbin/ip link set ${TAP} up
+            /bin/sleep 0.2s
+            /sbin/ip link set ${TAP} master ${DEV}
+        done
+
+        exit 0
+        ;;
+    stop)
+
+        for i in `/usr/bin/seq $NTAPS`
+        do
+            TAP="tap$i"
+            echo "Deleting ${TAP} tap interface."
+            /sbin/ip link del ${TAP}
+        done
+
+        /sbin/ip link set dev ${DEV} down
+        /sbin/ip route flush dev ${DEV}
+        /sbin/ip link del ${DEV}
+        exit 0
+        ;;
+    restart)
+        $0 stop
+        $0 start
+        ;;
+    *)
+        echo "Usage: $0 [start|stop|restart]"
+        ;;
 esac
 
 # End of file
diff --git a/tools/conf/srv/gitolite/.gitolite.rc b/tools/conf/srv/gitolite/.gitolite.rc
index e568453..fa18e4e 100644
--- a/tools/conf/srv/gitolite/.gitolite.rc
+++ b/tools/conf/srv/gitolite/.gitolite.rc
@@ -155,7 +155,7 @@
             # 'partial-copy',
 
             # manage local, gitolite-controlled, copies of read-only upstream repos
-            # 'upstream',
+            'upstream',
 
             # updates 'description' file instead of 'gitweb.description' config item
             # 'cgit',
diff --git a/tools/conf/srv/gitolite/deploy-web-doc b/tools/conf/srv/gitolite/deploy-web-doc
new file mode 100755
index 0000000..ae8e2db
--- /dev/null
+++ b/tools/conf/srv/gitolite/deploy-web-doc
@@ -0,0 +1,42 @@
+#!/bin/bash
+######################################################################
+#
+# Put this file in your gitolite-admin;
+# ~/gitolite-admin/local/hooks/repo-specific/deploy-web-doc
+#
+# set host to empty to create package for each push
+# or set remote host to create package based on last deployed push
+# host="https://doc.localhost"
+host=""
+# set name of witch branch should be deployed
+branch_to_deploy="deploy_branch"
+
+######################################################################
+
+
+url="$host/.last_deploy"
+source /srv/gitolite/deploy/hook.sh
+read oldrev newrev refname
+push_branch=$(git rev-parse --symbolic --abbrev-ref $refname)
+
+#SCRIPT_VARS=$(set)
+#echo "project: $PROJECT"
+#echo "local dir: $PWD" &gt; /srv/gitolite/deploy/${GL_REPO}
+#echo "${SCRIPT_VARS}" &gt;&gt; /srv/gitolite/deploy/${GL_REPO}
+
+if [[ $push_branch = $branch_to_deploy  ]]; then
+
+    # if host empty we make local tracking
+    if [[ $host = "" ]]; then
+        if [[ $(is_initial ${GL_REPO}) = "true" ]]; then
+            oldrev="initial"
+        fi
+    else
+        if [[ ! $(valid_url $url) = "true" ]]; then
+            echo "Deploy: set $url on remote to start creating packages"
+            exit 1
+        fi
+        oldrev=$(get_remote_rev $url)
+    fi
+    create_package ${GL_REPO} ${PWD} ${oldrev} ${newrev} "deploy-web.sh"
+fi
diff --git a/tools/conf/srv/gitolite/deploy-web.sh b/tools/conf/srv/gitolite/deploy-web.sh
new file mode 100644
index 0000000..01e92ac
--- /dev/null
+++ b/tools/conf/srv/gitolite/deploy-web.sh
@@ -0,0 +1,75 @@
+#!/bin/bash
+
+pkg_path=$1
+
+www_root="/srv/www"
+www_user="nginx"
+www_group="www"
+
+pkg_file="${pkg_path}/project"
+pkg_rm="${pkg_path}/deleted"
+pkg_files="${pkg_path}/files"
+
+if [ ! -f ${pkg_file} ]; then
+    echo "Deploy web: invalid pkg_file ${pkg_file}"
+    exit 1
+fi
+
+pkg_name=$(head -1 ${pkg_file})
+pkg_new=$(head -3 ${pkg_file} | tail -1)
+pkg_new7=$(echo ${pkg_new} | cut -c1-7)
+
+pkg_www="${www_root}/${pkg_name}"
+pkg_back="${pkg_www}/backup_deploy"
+pkg_last="${pkg_www}/.last_deploy"
+
+if [ ! -d ${pkg_www} ]; then
+    echo "Deploy web: invalid pkg_www ${pkg_www}"
+    exit 1
+fi
+
+# first backup all data
+if [[ ! $(ls ${pkg_www} | grep -v "backup_deploy") = "" ]]; then
+    if [ ! -d ${pkg_back} ]; then
+        sudo -u ${www_user} mkdir -p ${pkg_back}
+    fi
+    backup_file="${pkg_back}/${pkg_name}-$(date '+%Y-%j-%H-%M-%S').tar.gz"
+    echo "Deploy web: making backup ${backup_file}"
+    sudo -u ${www_user} tar --exclude ${pkg_back} --xattrs -zcpf ${backup_file} ${pkg_www}
+fi
+
+# remove files and directories that have been deleted
+if [ -f ${pkg_rm} ]; then
+
+    echo "Deploy web: files to delete:"
+    # first we delete files
+    while read deleted_file; do
+        deleted_file="${pkg_www}/${deleted_file}"
+        if [ -f ${deleted_file} ]; then
+            echo "file      rm ${deleted_file}"
+            rm ${deleted_file}
+        fi
+    done <${pkg_rm}
+
+    # delete directories
+    while read deleted_file; do
+        deleted_file="${pkg_www}/${deleted_file}"
+        if [ -d ${deleted_file} ]; then
+            echo "file      rm ${deleted_file}"
+            rm ${deleted_file}
+        fi
+    done <${pkg_rm}
+
+fi
+
+# copy new files to destination
+if [ -d ${pkg_files} ]; then
+    echo "Deploy web: cp from ${pkg_files} to ${pkg_www}"
+    sudo -u ${www_user} cp -r ${pkg_files}/* ${pkg_www}
+fi
+
+echo ${pkg_new} > ${pkg_last}
+echo "Deploy: scripts/deployweb.sh ${pkg_name} ${pkg_new7} deployed."
+
+#remove temporary package
+rm -r ${pkg_path}
diff --git a/tools/conf/srv/gitolite/deploy.sh b/tools/conf/srv/gitolite/deploy.sh
new file mode 100755
index 0000000..df11f4a
--- /dev/null
+++ b/tools/conf/srv/gitolite/deploy.sh
@@ -0,0 +1,175 @@
+#!/bin/bash
+
+# origin package directory
+packages_dir="/srv/gitolite/deploy/packages"
+# temporary work directory
+deploy_dir="/srv/gitolite/deploy/deploy_dir"
+# scripts to deploy packages
+deploy_scripts="/srv/gitolite/deploy/scripts"
+
+function get_script(){
+    # receives package path return script to call
+    local pkg_path=$1
+    echo $(head -2 ${pkg_path}/project | tail -1)
+}
+
+function get_new(){
+    # receives package path return commit hash (new)
+    local pkg_path=$1
+    echo $(head -3 ${pkg_path}/project | tail -1)
+}
+
+function get_dep(){
+    # receives package path return previews commit hash (old)
+    local pkg_path=$1
+
+    new=$(head -3 ${pkg_path}/project | tail -1)
+    old=$(head -4 ${pkg_path}/project | tail -1)
+
+    if [[ ! ${new} = ${old} ]]; then
+        echo ${old} | cut -c1-7
+    fi
+}
+
+function project_extract(){
+
+    # project directory containing extracted packages
+    local prj_dir=$1
+
+    # final extracted package
+    local prj_pkg="${prj_dir}/package"
+
+    # temporary vars for swapping/iterating pkg_news
+    local pkg_new=""
+    local pkg_old=""
+    local pkg_dir=""
+    local pkg_temp=""
+    local pkg_next=1
+    local pkg_del=""
+    local x=0
+    local y=0
+
+    # array with all the news hashes
+    local pkg_news=($(ls ${prj_dir}))
+
+    # total new packages
+    local total=${#pkg_news[@]}
+
+    echo "Deploy: $(basename ${prj_dir}) extracting packages ${pkg_news[*]}"
+
+    # find first package
+    for pkg_new in ${pkg_news[@]}
+    do
+        # get package dependency
+        pkg_dir="${prj_dir}/${pkg_new}"
+        pkg_old=$(get_dep ${pkg_dir})
+        if [[ ! " ${pkg_news[@]} " =~ " ${pkg_old} " ]]; then
+            # pkg_news don't contain package
+            # we found initial package
+            pkg_temp=${pkg_news[0]}
+            pkg_news[0]=${pkg_new}
+            pkg_news[${x}]=${pkg_temp}
+            break
+        fi
+        x=$((${x}+1))
+    done
+
+    # Order packages by dependency start with first package
+    for (( y=0; y<${total}; y++ ))
+    do
+        pkg_next=$(($y+1))
+        if [[ ${pkg_next} = ${total} ]]; then
+            ## we are in the last one
+            break
+        fi
+
+        pkg_new=${pkg_news[$y]}
+        for (( x=pkg_next; x<${total}; x++ ))
+        do
+            pkg_dir="${prj_dir}/${pkg_news[${x}]}"
+            pkg_old=$(get_dep ${pkg_dir})
+            # is dependent on current
+            if [[ ${pkg_old} = ${pkg_new} ]]; then
+                pkg_temp=${pkg_news[${pkg_next}]}
+                pkg_news[${pkg_next}]=${pkg_news[${x}]}
+                pkg_news[${x}]=${pkg_temp}
+                # we can break and pass next one
+                break
+            fi
+        done
+    done
+
+    # create project final package directory
+    mkdir -p ${prj_pkg}/files
+
+    # copy project information of last commit
+    cp ${prj_dir}/${pkg_news[$((${total}-1))]}/project ${prj_pkg}
+
+    # now that packages are ordered we can start creating files
+    for pkg_new in ${pkg_news[@]}
+    do
+        pkg_dir=${prj_dir}/${pkg_new}
+        tar xf ${pkg_dir}/files.tar.xz \
+            --directory ${prj_pkg}/files
+
+        # if deleted files exists
+        if [ -f "${pkg_dir}/deleted" ]; then
+            # first collect all files/directories don't exist
+            while read pkg_del; do
+                # if file don't exist add entry to project deleted file
+                pkg_temp="${prj_pkg}/files/${pkg_del}"
+                if [ ! -f ${pkg_temp} ]; then
+                    if [ ! -d ${pkg_temp} ]; then
+                        # is not a file or directory from previous packages
+                        echo ${pkg_del} >> ${prj_pkg}/deleted
+                    fi
+                fi
+            done <${prj_dir}/${pkg_new}/deleted
+
+            # delete directories and files
+            while read pkg_del; do
+                pkg_temp="${prj_pkg}/files/${pkg_del}"
+                if [ -d ${pkg_temp} ]; then
+                    rm -r ${pkg_temp}
+                elif [ -f ${pkg_temp} ]; then
+                    rm ${pkg_temp}
+                fi
+            done <${prj_dir}/${pkg_new}/deleted
+        fi
+
+        #remove temporary directory
+        rm -r ${prj_dir}/${pkg_new}
+    done
+
+    # call project deploy script
+    call_script=${deploy_scripts}/$(get_script $prj_pkg)
+    echo "Deploy: calling deploy script: ${call_script}"
+    /bin/bash ${call_script} ${prj_pkg}
+
+}
+
+if [[ ! $(ls ${deploy_dir}) = "" ]]; then
+    rm -r ${deploy_dir}/*
+fi
+
+# first extract all packages from origin directory
+for pkg_path in `find ${packages_dir} -type f -name "*.tar.gz"`
+do
+    if [ -f ${pkg_path} ]; then
+        pkg_name=$(basename ${pkg_path})
+        pkg_proj=$(echo ${pkg_name} | cut -d "_" -f 1)
+        pkg_new7=$(echo ${pkg_name} | tail -c -15 | cut -c -7)
+        pkg_temp=${deploy_dir}/${pkg_proj}/${pkg_new7}
+        mkdir -p ${pkg_temp}
+        tar xf ${pkg_path} --directory ${pkg_temp}
+        rm ${pkg_path}
+    fi
+done
+
+# loop for all projects and deploy them
+for prj_dir in `find ${deploy_dir} -maxdepth 1 -mindepth 1 -type d`
+do
+    # order index of hashes based on old commit
+    echo "prj_dir $prj_dir"
+    project_extract ${prj_dir}
+done
diff --git a/tools/conf/srv/gitolite/deployweb b/tools/conf/srv/gitolite/deployweb
deleted file mode 100755
index 5a18ed1..0000000
--- a/tools/conf/srv/gitolite/deployweb
+++ /dev/null
@@ -1,74 +0,0 @@
-#!/bin/sh
-
-######################################################################
-#
-# Put this file in;
-# /usr/share/gitolite/deployweb
-#
-DIR_WWW=/srv/www/
-DEPLOY_BRANCH=deployweb
-TARGET_USER=nginx
-
-for DP_FILE in /srv/gitolite/deploy/*
-do
-
-	if [ ! -f "$DP_FILE" ]; then
-		# Nothing to do ;)
-		#echo "Deploy: invalid DP_FILE"
-		exit 1;
-	fi
-
-	# Get project name
-	PROJECT=$(basename "$DP_FILE")
-	echo "Deploy: PROJECT=${PROJECT}"
-
-	# Get git repository path and verify if exists
-	DIR_GIT=$(head -n 1 $DP_FILE)
-	if [ ! -d "$DIR_GIT" ]; then
-		echo "Deploy: invalid DIR_GIT: ${DIR_GIT}"
-		exit 2;
-	fi
-	echo "Deploy: DIR_GIT=${DIR_GIT}"
-
-	# Get directory to deploy and verify if exists
-	GIT_WORK_TREE=${DIR_WWW}${PROJECT}/
-	if [ ! -d "$GIT_WORK_TREE" ]; then
-		echo "Deploy: invalid GIT_WORK_TREE: ${GIT_WORK_TREE}"
-		echo "Deploy: creating directory: $GIT_WORK_TREE}"
-		mkdir -p $GIT_WORK_TREE
-	fi
-	echo "Deploy: GIT_WORK_TREE={$GIT_WORK_TREE}"
-
-	# Deploy (checkout)
-	echo "Deploy: starting git checkout"
-
-	git --git-dir=$DIR_GIT \
-		--work-tree=$GIT_WORK_TREE \
-		checkout -f $DEPLOY_BRANCH
-
-
-	# Fix ownership and permissions
-	echo "Deploy: fixing permissions"
-
-	echo "Deploy: setting owner: chown -R ${TARGET_USER}"
-	chown -R ${TARGET_USER}:${TARGET_USER} $GIT_WORK_TREE
-
-	echo "Deploy: setting directory permissions: chmod 755"
-	find $GIT_WORK_TREE -type d -print0 | xargs -0 chmod 755
-
-	echo "Deploy: setting file permissions: chmod 644"
-	find $GIT_WORK_TREE -type f -print0 | xargs -0 chmod 644
-
-	# Call project script
-	if [ -f "${GIT_WORK_TREE}/deploy.sh" ]; then
-		echo "Deploy: calling ${GIT_WORK_TREE}deploy.sh"
-		cd ${GIT_WORK_TREE}
-		sudo -u ${TARGET_USER} sh ${GIT_WORK_TREE}deploy.sh
-	fi
-
-	# Done with project
-	echo "Deploy: removing deploy file="$DP_FILE
-	rm $DP_FILE
-
-	exit 0;
-done
diff --git a/tools/conf/srv/gitolite/gitolite.conf b/tools/conf/srv/gitolite/gitolite.conf
new file mode 100644
index 0000000..09133ec
--- /dev/null
+++ b/tools/conf/srv/gitolite/gitolite.conf
@@ -0,0 +1,80 @@
+@guests         =   gitweb
+@interns        =   silvino
+@dev            =   silvino
+@teamleads      =   silvino
+@staff          =   @interns @dev @teamleads
+
+repo  @secret
+    - = @guests
+    option deny-rules = 1
+
+repo @floss
+    RW+                     =   @dev @staff
+    R                       =   @all
+
+repo @project
+    RW+                     =   @teamleads
+    -   master              =   @dev
+    -   refs/tags/v[0-9]    =   @dev
+    RW+ develop/            =   @dev
+    RW+ feature/            =   @dev
+    RW+ hot-fix/            =   @dev
+    RW                      =   @dev
+    R                       =   @interns
+
+repo @mirror
+    RW+ release/            =   @teamleads
+    RW+ develop/            =   @dev
+    RW+ feature/            =   @dev
+    RW+ hot-fix/            =   @dev
+    R                       =   @all
+
+repo gitolite-admin
+    RW+     =   gitolite
+
+repo c9-doc c9-ports c9-pmwiki c9-assistant
+    config gitweb.owner         =   "c9 team"
+    config gitweb.category      =   "c9"
+
+repo linux-pck
+    config gitweb.owner         =   "c9 team"
+    config gitweb.category      =   "mirrors"
+
+repo opt core contrib
+    config gitweb.owner         =   "crux"
+    config gitweb.category      =   "crux"
+
+repo c9-doc
+    config gitweb.description   =   "c9 documentation"
+    option hook.post-receive     =  deploy-web-doc
+
+repo c9-ports
+    config gitweb.description   =   "c9 ports"
+
+repo c9-pmwiki
+    config gitweb.description   =   "c9 wiki"
+    option hook.post-receive     =  deploy-web-doc
+
+repo c9-assistant
+    config gitweb.owner         =   "c9 team"
+    config gitweb.description   =   "c9 open assistant"
+
+repo core
+    config gitweb.description   =   "crux core collection"
+
+repo opt
+    config gitweb.description   =   "crux opt collection"
+
+repo contrib
+    config gitweb.description   =   "crux contrib collection"
+
+repo linux-pck
+    config gitweb.description   =   "PCK or Parabola Community Kernel are multiple patches, pf-kernel and zen-kernel for Linux-libre kernel"
+    option      upstream.url    = git://git.parabola.nu/pck.git
+    option      upstream.nice   = 120
+
+
+@secret    =   gitolite-admin
+@project   =   c9-doc c9-ports c9-pmwiki c9-assistant
+@project   =   core opt contrib
+@mirror    =   linux-pck
diff --git a/tools/conf/srv/gitolite/hook-deployweb b/tools/conf/srv/gitolite/hook-deployweb
deleted file mode 100755
index 1a32bd9..0000000
--- a/tools/conf/srv/gitolite/hook-deployweb
+++ /dev/null
@@ -1,22 +0,0 @@
-#!/bin/sh
-
-######################################################################
-#
-# Put this file in your gitolite-admin;
-# ~/gitolite-admin/local/hooks/repo-specific/hook-deployweb
-#
-while read oldrev newrev refname
-do
-    BRANCH=$(git rev-parse --symbolic --abbrev-ref $refname)
-    echo "Commit was for branch $BRANCH"
-
-    if [ "$BRANCH" = "deployweb" ]; then
-
-        # Get project name from current directory (without .git)
-        PROJECT=$(basename "$PWD")
-        PROJECT=${PROJECT%.git}
-
-        echo "Project $PROJECT added to deploy list."
-        echo $PWD > /srv/gitolite/deploy/$PROJECT
-    fi
-done
diff --git a/tools/conf/srv/gitolite/hook.sh b/tools/conf/srv/gitolite/hook.sh
new file mode 100644
index 0000000..1f977ca
--- /dev/null
+++ b/tools/conf/srv/gitolite/hook.sh
@@ -0,0 +1,95 @@
+#!/bin/bash
+
+# final packages dir
+packages_dir="/srv/gitolite/deploy/packages"
+# hook work directory
+hook_dir="/srv/gitolite/deploy/hook_dir"
+
+function is_initial(){
+    local prj_name=$1
+    if [ ! -d ${hook_dir}/${prj_name} ]; then
+        echo "true"
+    else
+        echo "false"
+    fi
+}
+
+function get_remote_rev(){
+    echo $(wget --no-check-certificate -qO- $1)
+}
+
+function valid_url(){
+    if [[ `wget -S --spider $1 --no-check-certificate 2>&1 | grep 'HTTP/1.1 200 OK'` ]];
+    then
+        echo "true";
+    fi
+}
+
+function create_package(){
+    # project name
+    local prj_name=$1
+    # git repository directory
+    local git_dir=$2
+    # last/old commit revision
+    local pkg_old=$3
+    # new commit revision
+    local pkg_new=$4
+    # script deploy call when extracting this package
+    local pkg_script=$5
+
+    local pkg_new7=$(echo $pkg_new | cut -c1-7)
+
+    # project directory
+    local prj_dir="${hook_dir}/${prj_name}"
+    # package directory
+    local pkg_dir="${prj_dir}/${pkg_new7}"
+    # final tar file
+    local pkg_tar="${packages_dir}/${prj_name}_${pkg_new7}.tar.gz"
+
+    # if temporary work directory exists maybe other process is creating packages
+    if [ -d "$pkg_dir" ]; then
+        echo "Deploy: temporary directory ${pkg_dir} exists, maybe other precess"
+        exit 1
+    fi
+    # create temporary directory for this package
+    mkdir -p ${pkg_dir}
+
+    echo "Deploy: ${prj_name} ${pkg_new7} package call ${pkg_script} on deploy."
+
+    # save metadata to be used by deploy script
+    echo $prj_name > ${pkg_dir}/project
+    echo $pkg_script >> ${pkg_dir}/project
+    echo $pkg_new >> ${pkg_dir}/project
+
+    # if is a valid old commit create a package with changes since then
+    # else create a full package (all files)
+    local is_commit=$(git --git-dir=${git_dir} cat-file -t ${pkg_old} 2>&1)
+    if [[ $is_commit = "commit" ]]; then
+        echo "Deploy: creating package from old commit."
+        # list with files to extract (Added Copied Modified Renamed)
+        file_list=$(git --git-dir=${git_dir} --no-pager diff \
+            --diff-filter=ACMR \
+            --name-only ${pkg_old} ${pkg_new})
+
+        # create tar archive with same name as commit hash with files
+        git --git-dir=${git_dir} archive -o ${pkg_dir}/files.tar.xz ${pkg_new} ${file_list}
+
+        # first we create list of files to be removed
+        git --git-dir=${git_dir} --no-pager diff \
+            --diff-filter=DR \
+            --name-status -t ${pkg_old} ${pkg_new} | cut -f 2 > ${pkg_dir}/deleted
+
+        # save old commit on metadata
+        echo $pkg_old >> ${pkg_dir}/project
+    else
+        echo "Deploy: creating initial package."
+        git --git-dir=${git_dir} archive -o ${pkg_dir}/files.tar.xz ${pkg_new}
+
+    fi
+
+    tar -zcpf ${pkg_tar} --directory=${pkg_dir} .
+
+    echo "Deploy: package ${pkg_tar} ready !"
+    rm -r ${pkg_dir}
+    return 0
+}
diff --git a/tools/gitolite.html b/tools/gitolite.html
index 8083ca0..94abda0 100644
--- a/tools/gitolite.html
+++ b/tools/gitolite.html
@@ -138,38 +138,54 @@
 
         <pre>
         @guests         =   gitweb
-        @interns        =   clair bob
-        @dev            =   alice david
-        @teamleads      =   mike
+        @interns        =   bob alice
+        @dev            =   fred mary joe
+        @teamleads      =   mary
         @staff          =   @interns @dev @teamleads
 
+        repo  @secret
+            - = @guests
+            option deny-rules = 1
+
+        repo @floss
+            RW+                     =   @dev @staff
+            R                       =   @all
+
+        repo @project
+            RW+                     =   @teamleads
+            -   master              =   @dev
+            -   refs/tags/v[0-9]    =   @dev
+            RW+ develop/            =   @dev
+            RW+ feature/            =   @dev
+            RW+ hot-fix/            =   @dev
+            RW                      =   @dev
+            R                       =   @interns
 
         repo gitolite-admin
             RW+     =   gitolite
 
-        repo @floss
-                R                       =   @all
+        repo c9-doc c9-ports c9-pmwiki
+            config gitweb.owner         =   "c9 team"
+            config gitweb.category      =   "c9"
 
-        repo @proto
-                RW+                     =   @staff
+        repo c9-doc
+            config gitweb.description   =   "c9 documentation"
+            option hook.post-receive     =  deploy-web-doc
 
-        repo @project
-                RW+                     =   @teamleads
-                -   master              =   @dev
-                -   refs/tags/v[0-9]    =   @dev
-                RW+ develop/            =   @dev
-                RW+ feature/            =   @dev @interns
-                RW+ hot-fix/            =   @dev @interns
-                RW                      =   @dev
-                R                       =   @interns @guests
+        repo c9-ports
+            config gitweb.description   =   "c9 ports"
 
-        @project     =   c9-doc c9-ports
+        repo c9-pmwiki
+            config gitweb.description   =   "c9 wiki"
+            option hook.post-receive     =  deploy-web-doc
 
-        repo c9-doc c9-ports
-            option hook.post-receive     =  hook-deployweb
+        repo c9-assistant
+            config gitweb.owner         =   "c9 team"
+            config gitweb.category      =   "c9"
+            config gitweb.description   =   "c9 open assistant"
 
-        repo testing
-            RW+     =   @staff
+        @secret    =   gitolite-admin
+        @project   =   c9-doc c9-ports c9-pmwiki c9-assistant
         </pre>
 
         <p>Commit and push;</p>
@@ -202,8 +218,39 @@
         $ git push
         </pre>
 
+        <h4>3.3.3 Delete Repository</h4>
+
+        <pre>
+        # cd /srv/gitolite/repositories/
+        # rm -rf c9-doc.git
+        </pre>
+
+        <p>On workstation edit conf/gitolite.conf and remove c9-doc.</p>
+
         <h2 id="hooks">4. Gitolite Hooks</h2>
 
+        <p>This document creates three scripts, one is run when gitolite receives
+        push to a project with hook active, second script is run under root
+        user to allow operations where gitolite user have no rights, third one
+        is project specific.</p>
+
+        <p>This example try to have a separate creation of a package and its deployment,
+        in case deploy script is not on the same machine other method can be used to send
+        the package.</p>
+
+        <p>A normal package will have a files.tar with all or new files to extract,
+        if necessary a deleted file with the list of files to be removed and a
+        project file with data about the package like new hash commit, or witch
+        script to call to deploy.</p>
+
+        <p>Package is created under gitolite
+        <a href="conf/srv/gitolite/hook.sh">/srv/gitolite/deploy/hook.sh</a>
+        script and
+        <a href="conf/srv/gitolite/deploy.sh">/srv/gitolite/deploy/deploy.sh</a>,
+        deploy in this example is called called by cron.</p>
+
+        <h3 id="gtl-activate">4.1. Activate Hooks</h3>
+
         <p>Example from
         <a href="http://gitolite.com/gitolite/cookbook.html#v3.6-variation-repo-specific-hooks">Cookbook</a>
         how to apply hooks only to certain repos. Uncomment or add
@@ -241,159 +288,221 @@
         $ gitolite setup
         </pre>
 
-        <h3 id="gtl-deploy">4.1. Deploy Hook</h3>
+        <h3 id="gtl-deploy">4.2. Deploy and Hook script</h3>
+
+        <p>Create deploy directory on remote, /srv/gitolite/deploy
+        was chosen to have less impact on the package system;</p>
+
+        <pre>
+        $ sudo -u gitolite mkdir /srv/gitolite/deploy
+        </pre>
+
+        <p>Script
+        <a href="conf/srv/gitolite/hook.sh">/srv/gitolite/deploy/hook.sh</a>
+        receives call create_package "project-name" "git-dir"
+        "valid oldrev/invalid" "newrev" "script/to/call.sh" from gitolite hook
+        and creates a package.</p>
+
+        <pre>
+        $ sudo -u gitolite cp conf/srv/gitolite/hook.sh /srv/gitolite/deploy/
+        </pre>
+
+        <p>Script
+        <a href="conf/srv/gitolite/deploy.sh">/srv/gitolite/deploy/deploy.sh</a>
+        loops for each package, extracts, order commit hashes to create final
+        snapshot of files and call script to handle deploy.</p>
+
+        <pre>
+        $ sudo -u gitolite cp conf/srv/gitolite/deploy.sh /srv/gitolite/deploy/
+        </pre>
+
+        <h3 id="gtl-setup">4.3. Setup project hook</h3>
 
-        <p>This manual create two users; one gitolite that handle git
-        central server and system www for web servers. To avoid permission
-        problems this example use gitolite hooks and cron. By using cron
-        we have permission to use chown, this way files end up with right
-        www user ownership and permissions.</p>
+        <p>Project hooks create a package by calling hook.sh script and
+        deploy a package being called by deploy.sh. Deploy script is a
+        simple example that handle multiple web projects.</p>
 
-        <p>This hook allows to select wich branch is deployed and if exists,
-        calls a script inside project folder with user www. This allows to
-        do post deploy (checkout) tasks such as composer update.</p>
+        <h4>4.3.1. Hook Script</h4>
 
         <p>Create
-        <a href="conf/srv/gitolite/hook-deployweb">gitolite-admin/local/hooks/repo-specific/hook-deployweb</a>;</p>
+        <a href="conf/srv/gitolite/deploy-web-doc">gitolite-admin/local/hooks/repo-specific/deploy-web-doc</a>;</p>
 
         <pre>
         #!/bin/bash
-
         ######################################################################
         #
         # Put this file in your gitolite-admin;
-        # ~/gitolite-admin/local/hooks/repo-specific/hook-deployweb
+        # ~/gitolite-admin/local/hooks/repo-specific/deploy-web-doc
         #
-        while read oldrev newrev refname
-        do
-                BRANCH=$(git rev-parse --symbolic --abbrev-ref $refname)
-                echo "Commit was for branch $BRANCH"
+        # set host to empty to create package for each push
+        # or set remote host to create package based on last deployed push
+        # host="https://doc.localhost"
+        host=""
+        # set name of witch branch should be deployed
+        branch_to_deploy="deploy_branch"
+
+        ######################################################################
 
-                if [[ "$BRANCH" == "master" ]];then
 
-                        # Get project name from current directory (without .git)
-                        PROJECT=$(basename "$PWD")
-                        PROJECT=${PROJECT%.git}
+        url="$host/.last_deploy"
+        source /srv/gitolite/deploy/hook.sh
+        read oldrev newrev refname
+        push_branch=$(git rev-parse --symbolic --abbrev-ref $refname)
 
-                        echo "Project $PROJECT added to deploy list."
-                        echo $PWD &gt; /srv/gitolite/deploy/$PROJECT
-                fi
+        #SCRIPT_VARS=$(set)
+        #echo "project: $PROJECT"
+        #echo "local dir: $PWD" &gt; /srv/gitolite/deploy/${GL_REPO}
+        #echo "${SCRIPT_VARS}" &gt;&gt; /srv/gitolite/deploy/${GL_REPO}
 
-        done
+        if [[ $push_branch = $branch_to_deploy  ]]; then
+
+            # if host empty we make local tracking
+            if [[ $host = "" ]]; then
+                if [[ $(is_initial ${GL_REPO}) = "true" ]]; then
+                    oldrev="initial"
+                fi
+            else
+                if [[ ! $(valid_url $url) = "true" ]]; then
+                    echo "Deploy: set $url on remote to start creating packages"
+                    exit 1
+                fi
+                oldrev=$(get_remote_rev $url)
+            fi
+            create_package ${GL_REPO} ${PWD} ${oldrev} ${newrev} "deploy-web.sh"
+        fi
         </pre>
 
-        <p>Add scripts to the repos you want them to be active in
-        your conf file. For example:</p>
+        <p>Activate this hook, the idea is to start with this one as a template working
+        and then implement the final one. Edit gitolite admin configuration file and
+        activate:</p>
 
         <pre>
         repo c9-doc
-            option hook.post-receive     =  hook-deployweb
+            config gitweb.description   =   "c9 documentation"
+            option hook.post-receive     =  deploy-web-doc
         </pre>
 
         <p>Add, commit, and push the admin repo;</p>
 
         <pre>
-        $ git add -u && git commit -m "deploy hook"
+        $ git add local/hooks/repo-specific/hook-deployweb
+        $ git add -u && git commit -m "added deploy c9 hook"
         </pre>
 
-        <p>Create deploy directory on remote;</p>
+        <p>Now we can test if our script is functioning by creating a branch on c9-doc
+        making a random change and push;<p>
 
         <pre>
-        # su - gitolite
-        $ mkdir deploy
+        $ cd c9-doc
+        $ git checkout -b deploy_branch
         </pre>
 
-        <p>On remote run;</p>
+        <h4>4.3.2. Deploy Script</h4>
+
+        <p>Create
+        <a href="conf/srv/gitolite/deploy-web.sh">/srv/gitolite/deploy/scripts/deploy-web.sh</a>;</p>
 
         <pre>
-        # su - gitolite
-        $ gitolite setup
-        </pre>
+        #!/bin/bash
 
-        <p>Create deploy script that cron will call
-        every minute, this script will check inside
-        /srv/gitolite/deploy folder for projects that have
-        been updated.</p>
+        pkg_path=$1
 
-        <p>Create <a href="conf/srv/gitolite/deployweb">/usr/share/gitolite/deployweb</a>;</p>
+        www_root="/srv/www"
+        www_user="nginx"
+        www_group="www"
 
-        <pre>
-        #!/bin/sh
+        pkg_file="${pkg_path}/project"
+        pkg_rm="${pkg_path}/deleted"
+        pkg_files="${pkg_path}/files"
 
-        ######################################################################
-        #
-        # Put this file in;
-        # /usr/share/gitolite/deployweb
-        #
-        DIR_WWW=/srv/www/
-        DEPLOY_BRANCH=master
-        TARGET_USER=www
+        if [ ! -f ${pkg_file} ]; then
+            echo "Deploy web: invalid pkg_file ${pkg_file}"
+            exit 1
+        fi
 
-        for DP_FILE in /srv/gitolite/deploy/*
-        do
+        pkg_name=$(head -1 ${pkg_file})
+        pkg_new=$(head -3 ${pkg_file} | tail -1)
+        pkg_new7=$(echo ${pkg_new} | cut -c1-7)
 
-            if [ ! -f "$DP_FILE" ]; then
-                # Nothing to do ;)
-                #echo "Deploy: invalid DP_FILE"
-                exit 1;
-            fi
+        pkg_www="${www_root}/${pkg_name}"
+        pkg_back="${pkg_www}/backup_deploy"
+        pkg_last="${pkg_www}/.last_deploy"
 
-            # Get project name
-            PROJECT=$(basename "$DP_FILE")
-            echo "Deploy: PROJECT=${PROJECT}"
+        if [ ! -d ${pkg_www} ]; then
+            echo "Deploy web: invalid pkg_www ${pkg_www}"
+            exit 1
+        fi
 
-            # Get git repository path and verify if exists
-            DIR_GIT=$(head -n 1 $DP_FILE)
-            if [ ! -d "$DIR_GIT" ]; then
-                echo "Deploy: invalid DIR_GIT: ${DIR_GIT}"
-                exit 2;
-            fi
-            echo "Deploy: DIR_GIT=${DIR_GIT}"
-
-            # Get directory to deploy and verify if exists
-            GIT_WORK_TREE=${DIR_WWW}${PROJECT}/
-            if [ ! -d "$GIT_WORK_TREE" ]; then
-                echo "Deploy: invalid GIT_WORK_TREE: ${GIT_WORK_TREE}"
-                echo "Deploy: creating directory: $GIT_WORK_TREE}"
-                mkdir -p $GIT_WORK_TREE
+        # first backup all data
+        if [[ ! $(ls ${pkg_www} | grep -v "backup_deploy") = "" ]]; then
+            if [ ! -d ${pkg_back} ]; then
+                sudo -u ${www_user} mkdir -p ${pkg_back}
             fi
-            echo "Deploy: GIT_WORK_TREE={$GIT_WORK_TREE}"
-
-            # Deploy (checkout)
-            echo "Deploy: starting git checkout"
+            backup_file="${pkg_back}/${pkg_name}-$(date '+%Y-%j-%H-%M-%S').tar.gz"
+            echo "Deploy web: making backup ${backup_file}"
+            sudo -u ${www_user} tar --exclude ${pkg_back} --xattrs -zcpf ${backup_file} ${pkg_www}
+        fi
+
+        # remove files and directories that have been deleted
+        if [ -f ${pkg_rm} ]; then
+
+            echo "Deploy web: files to delete:"
+            # first we delete files
+            while read deleted_file; do
+                deleted_file="${pkg_www}/${deleted_file}"
+                if [ -f ${deleted_file} ]; then
+                    echo "file      rm ${deleted_file}"
+                    rm ${deleted_file}
+                fi
+            done &lt;${pkg_rm}
+
+            # delete directories
+            while read deleted_file; do
+                deleted_file="${pkg_www}/${deleted_file}"
+                if [ -d ${deleted_file} ]; then
+                    echo "file      rm ${deleted_file}"
+                    rm ${deleted_file}
+                fi
+            done &lt;${pkg_rm}
 
-            git --git-dir=$DIR_GIT \
-                --work-tree=$GIT_WORK_TREE \
-                checkout -f $DEPLOY_BRANCH
+        fi
 
+        # copy new files to destination
+        if [ -d ${pkg_files} ]; then
+            echo "Deploy web: cp from ${pkg_files} to ${pkg_www}"
+            sudo -u ${www_user} cp -r ${pkg_files}/* ${pkg_www}
+        fi
 
-            # Fix ownership and permissions
-            echo "Deploy: fixing permissions"
+        echo ${pkg_new} > ${pkg_last}
+        echo "Deploy: scripts/deployweb.sh ${pkg_name} ${pkg_new7} deployed."
 
-            echo "Deploy: setting owner: chown -R ${TARGET_USER}"
-            chown -R ${TARGET_USER}:${TARGET_USER} $GIT_WORK_TREE
+        #remove temporary package
+        rm -r ${pkg_path}
+        </pre>
 
-            echo "Deploy: setting directory permissions: chmod 755"
-            find $GIT_WORK_TREE -type d -print0 | xargs -0 chmod 755
+        <h4>4.3.3. Debuging hooks</h4>
 
-            echo "Deploy: setting file permissions: chmod 644"
-            find $GIT_WORK_TREE -type f -print0 | xargs -0 chmod 644
+        <p>Comment gitolite admin repo script "if" and uncomment debug sections, this allow to
+        source the file with environment of hook.</p>
 
-            # Call project script
-            if [ -f "${GIT_WORK_TREE}/deploy.sh" ]; then
-                echo "Deploy: calling ${GIT_WORK_TREE}deploy.sh"
-                cd ${GIT_WORK_TREE}
-                sudo -u ${TARGET_USER} sh ${GIT_WORK_TREE}deploy.sh
-            fi
+        <p>Later you can delete this branch locally and remote and start fresh. To test
+        if hook is called each time you push run;</p>
 
-            # Done with project
-            echo "Deploy: removing deploy file="$DP_FILE
-            rm $DP_FILE
 
-            exit 0;
-        done
+        <pre>
+        $ echo $(( ( RANDOM % 10 ) +1 )) >> index.html && git add -u && git commit -m "test deploy" && git push git
         </pre>
 
+        <p>See if a file was created in /srv/gitolite/deploy with name of project and
+        with environmental variables of gitolite script.</p>
+
+        <p>From now on you can test changes directly on
+        /srv/gitolite/.gitolite/local/hooks/repo-specific/hook-deployweb
+        and repeat above command to see the results or create a separate script with
+        all variables generated by above script set so you don't have to push at all.</p>
+
+        <h4 id="gtl-deploy">4.4. Deploy with Cron</h4>
+
         <p>Add cron job to call deploy script every minute;</p>
 
         <pre>
@@ -434,7 +543,7 @@
 
         our $projects_list = "/srv/gitolite/projects.list";
         # The directories where your projects are. Must not end with a slash.
-        our $projectroot = "/srv/gitolite/repositories"; 
+        our $projectroot = "/srv/gitolite/repositories";
 
         # Base URLs for links displayed in the web interface.
         our @git_base_url_list = qw(git://core.privat-network.com http://git@core.private-network.com);
diff --git a/tools/network.html b/tools/network.html
index 43e4616..0dc51d6 100644
--- a/tools/network.html
+++ b/tools/network.html
@@ -14,30 +14,15 @@
         by <a href="../core/network.html">net and wlan</a> scripts, they
         allow to connect to the internet in the most common environments.</p>
 
+        <p>For network statistics and monitoring see <a href="tcpdump.html">tcpdump</a>.</p>
+
         <h2 id="bridge">Bridges</h2>
 
         <p>See <a href="conf/etc/rc.d/blan">/etc/rc.d/blan</a> on
         how to create interfaces at startup or as source to do it
         in automatic way;</p>
 
-        <pre>
-        DEV="br0"
-        PHY="enp8s0"
-        </pre>
-
-        <pre>
-        # ip link add name ${DEV} type bridge
-        # ip link set dev ${DEV} up
-        </pre>
-        <pre>
-        # ip route flush dev ${PHY}
-        # ip addr flush dev ${PHY}
-        # ip link set dev ${PHY} master ${DEV}
-        </pre>
-
-        <pre>
-        # ip addr add ${ADDR}/${MASK} dev ${DEV} broadcast +
-        </pre>
+        <p>For more information about bridges <a href="http://ebtables.netfilter.org/br_fw_ia/br_fw_ia.html#section7">Bridges with iptables</a></p>
 
         <a href="index.html">Tools Index</a>
         <p>This is part of the c9 Manual.
diff --git a/tools/openssh.html b/tools/openssh.html
index 12e5827..70fe76f 100644
--- a/tools/openssh.html
+++ b/tools/openssh.html
@@ -256,7 +256,7 @@
 
         <p>To take advantage of tmux first login on remote and start
         <a href"../systools/tmux.html">tmux</a>, detach from the session
-        with ctrl + b d. On change ~/.profile and add alias;</p>
+        with ctrl + b d. Change ~/.bashrc and add follow alias;</p>
 
         <pre>
         alias core-server="ssh core -t tmux a"
diff --git a/tools/qemu.html b/tools/qemu.html
index 0079dfc..86fb7aa 100644
--- a/tools/qemu.html
+++ b/tools/qemu.html
@@ -12,7 +12,9 @@
 
         <h2 id="kern">1. Host System</h2>
 
-        <p>Load modules, in this case kvm of intel cpu;</p>
+        <p>Prepare host system for virtual machines, this includes create new user,
+        loading necessary modules and configure network. Load kvm module, in this example
+        intel module is loaded but depends on host cpu;</p>
 
         <pre>
         # modprobe -a kvm-intel tun virtio
@@ -27,6 +29,7 @@
 
         <h2 id="disk">2. Disk images</h2>
 
+        <p>Qemu supports multiple disk images types.</p>
         <dl>
             <dt>img</dt>
             <dd>Raw disk image, allows dd to a physical device.</dd>
@@ -115,67 +118,109 @@
         KERNEL=="tun", GROUP="kvm", MODE="0660", OPTIONS+="static_node=net/tun"
         </pre>
 
+        <h3>2.1. Routing</h3>
 
-        <h3>2.1. Public Bridge</h3>
-
-        <p>Create <a href="network.html#bridge">bridge</a>, create new
-        tap and add it to bridge;</p>
-
-        <pre>
-        # DEV="br0"
-        # TAP="tap1"
-        </pre>
-
-        <pre>
-        # ip tuntap add ${TAP} mode tap group kvm
-        # ip link set ${TAP} up
-        </pre>
+        <p>Create interface with correct permissions set for kvm group.</p>
 
         <pre>
-        # ip link set ${TAP} master ${DEV}
+        # sysctl -w net.ipv4.ip_forward=1
+        # iptables -A INPUT -i br0 -j ACCEPT
+        # iptables -A FORWARD -i br0 -j ACCEPT
+        # iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -d 10.0.0.0/24 -j ACCEPT
+        # iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -j MASQUERADE
         </pre>
 
-        <h3>2.2. Routing</h3>
+        <h3>2.2. Public Bridge</h3>
 
-        <p>Create interface with correct permissions set for kvm group.</p>
+        <p>Create <a href="network.html#bridge">bridge</a>, create new
+        tap and add it to bridge;</p>
 
         <pre>
-        # sysctl -w net.ipv4.ip_forward=1
-        # iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o eth0 -j MASQUERADE
+        DEV="br0"
+
+        ADDR=10.0.0.254
+        NET=10.0.0.0
+        GW=192.168.1.254
+        MASK=24
+
+        # one tap for each cpu core
+        NTAPS=$((`/usr/bin/nproc`))
+
+        case $1 in
+            start)
+                /sbin/ip link add name ${DEV} type bridge
+                /sbin/ip addr add ${ADDR}/${MASK} dev ${DEV} broadcast +
+                /sbin/ip link set dev ${DEV} up
+                /bin/sleep 0.2s
+
+                for i in `/usr/bin/seq $NTAPS`
+                do
+                    TAP="tap$i"
+                    echo "Setting up ${TAP} tap interface."
+                    /sbin/ip tuntap add ${TAP} mode tap group kvm
+                    /sbin/ip link set ${TAP} up
+                    /bin/sleep 0.2s
+                    /sbin/ip link set ${TAP} master ${DEV}
+                done
+
+                exit 0
+                ;;
+            stop)
+
+                for i in `/usr/bin/seq $NTAPS`
+                do
+                    TAP="tap$i"
+                    echo "Deleting ${TAP} tap interface."
+                    /sbin/ip link del ${TAP}
+                done
+
+                /sbin/ip link set dev ${DEV} down
+                /sbin/ip route flush dev ${DEV}
+                /sbin/ip link del ${DEV}
+                exit 0
+                ;;
+            restart)
+                $0 stop
+                $0 start
+                ;;
+            *)
+                echo "Usage: $0 [start|stop|restart]"
+                ;;
+        esac
+
+        # End of file
         </pre>
 
         <h2 id="guest">Guest System</h2>
 
-        <p>Start qemu with 512 of ram, mydisk.img as disk and boot from iso</p>
-
         <p>See <a href="scripts/system-qemu.sh">scripts/system-qemu.sh</a>,
         as template. Run virtual machine that uses above tap device;</p>
 
         <pre>
-        $ ISO=~/crux-3.2.iso
-        $ IMG=~/crux-img.qcow2
-        $ TAP="tap1"
+        #!/bin/bash
 
-        $ qemu-system-x86_64 \
-            -enable-kvm \
-            -m 1024 \
-            -boot d \
-            -cdrom ${ISO} \
-            -hda ${IMG} \
-            -net nic,model=virtio -net tap,ifname=${TAP},script=no,downscript=no
-        </pre>
+        function rmac_addr (){
+        printf '54:60:BE:EF:%02X:%02X\n' $((RANDOM%256)) $((RANDOM%256))
+        }
 
-        <pre>
-        $ ISO=~/crux-3.2.iso
-        $ IMG=~/crux-img.qcow2
+        #boot=d
+        boot=$1
+        #iso=crux-3.2.iso
+        iso=$2
+        #image=crux-img.qcow2
+        image=$3
+        #tap="tap1"
+        tap=$4
+        mac=$(rmac_addr)
 
-        $ qemu-system-x86_64 \
+        qemu-system-x86_64 \
             -enable-kvm \
             -m 1024 \
-            -boot d \
-            -cdrom ${ISO} \
-            -hda ${IMG} \
-            -net nic,model=virtio -net tap,ifname=${TAP},script=no,downscript=no
+            -boot ${boot} \
+            -cdrom ${iso} \
+            -hda ${image} \
+            -device e1000,netdev=t0,mac=${mac} \
+            -netdev tap,id=t0,ifname=${tap},script=no,downscript=no
         </pre>
 
         <a href="index.html">Tools Index</a>
diff --git a/tools/scripts/autoport.sh b/tools/scripts/autoport.sh
new file mode 100644
index 0000000..9965936
--- /dev/null
+++ b/tools/scripts/autoport.sh
@@ -0,0 +1,24 @@
+#!/bin/bash
+
+# Root Directory
+DIR=$(dirname "$PWD");
+
+DIR_CONF=$DIR"/conf"
+COL_DIR=$DIR"/c9-ports/"
+
+#rm ck4up.conf
+for port in ${COL_DIR}*/ ; do
+
+    echo "Checking port $port"
+    # (cd $port && git clean -f -d . )
+    # prtwash -p -s $port
+    prtverify -m clean-repo $port
+
+    #echo "${port}Pkgfile;"
+    #source  ${port}Pkgfile;
+
+    #echo "$name md5 ${source[0]} @TAR@" >> ck4up.conf
+done
+
+portspage --title=c9-ports . > index.html
+httpup-repgen $COL_DIR
diff --git a/tools/scripts/pkgmk-test.conf b/tools/scripts/pkgmk-test.conf
new file mode 100644
index 0000000..2336685
--- /dev/null
+++ b/tools/scripts/pkgmk-test.conf
@@ -0,0 +1,38 @@
+#
+# /etc/pkgmk.conf: pkgmk(8) configuration
+#
+
+export CFLAGS="-O2 -march=x86-64"
+export CXXFLAGS="${CFLAGS}"
+
+export MAKEFLAGS="-j4"
+
+case ${PKGMK_ARCH} in
+	"64"|"")
+		;;
+	"32")
+		export CFLAGS="${CFLAGS} -m32"
+		export CXXFLAGS="${CXXFLAGS} -m32"
+		export LDFLAGS="${LDFLAGS} -m32"
+		export PKG_CONFIG_LIBDIR="/usr/lib32/pkgconfig"
+		;;
+	*)
+		echo "Unknown architecture selected! Exiting."
+		exit 1
+		;;
+esac
+
+ PKGMK_SOURCE_MIRRORS=(https://ports.c9.core/distfiles/)
+# PKGMK_SOURCE_DIR="$PWD"
+# PKGMK_PACKAGE_DIR="$PWD"
+# PKGMK_WORK_DIR="$PWD/work"
+# PKGMK_DOWNLOAD="no"
+# PKGMK_IGNORE_FOOTPRINT="no"
+# PKGMK_IGNORE_NEW="no"
+# PKGMK_NO_STRIP="no"
+# PKGMK_DOWNLOAD_PROG="wget"
+# PKGMK_WGET_OPTS=""
+# PKGMK_CURL_OPTS=""
+# PKGMK_COMPRESSION_MODE="gz"
+
+
diff --git a/tools/scripts/pkgmk-test.sh b/tools/scripts/pkgmk-test.sh
new file mode 100644
index 0000000..5509ac2
--- /dev/null
+++ b/tools/scripts/pkgmk-test.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+CONF=${DIR}/pkgmk-test.conf
+
+fakeroot pkgmk -cf $CONF -d $1
diff --git a/tools/scripts/replace.sh b/tools/scripts/replace.sh
index 8e393f0..e925e7d 100644..100755
--- a/tools/scripts/replace.sh
+++ b/tools/scripts/replace.sh
@@ -1,5 +1,6 @@
 #!/bin/sh
 
+# find and replace string on files
 folder=$1
 oldstring=$2
 newstring=$3
diff --git a/tools/storage.html b/tools/storage.html
index 894873b..109c6fa 100644
--- a/tools/storage.html
+++ b/tools/storage.html
@@ -30,6 +30,20 @@
 
         <h2 id="mv">2. Moving data</h2>
 
+        <p>Temp partition with 20M-50M;</dd>
+
+        <pre>
+        (parted) mkpart primary ext4 4000MiB 4050MiB
+        </pre>
+
+        <p>Ports partition with 120G allows to host sources, package
+        backups and ports;</dd>
+
+        <pre>
+        (parted) mkpart primary ext4 192000MiB 312000MiB
+        </pre>
+
+
         <p>Reboot into single-user mode where services aren't started and networking is offline.<p>
 
         <pre>
@@ -52,8 +66,14 @@
         <p>Edit the <a href="../conf/etc/fstab">/etc/fstab</a>file:</p>
 
         <pre>
+        # Temporary Data /tmp
+        UUID=50bf6e55-6461-4dd4-b315-65b53cac0995 /tmp            ext4    defaults,nodev,nosuid,noexec	0	0
+
         # Server Data /srv
         UUID=6fadcb98-e442-4af7-a5f2-1ddb6100a8c4 /srv            ext4    defaults        0       2
+
+        # Ports Data /usr/ports
+        UUID=d1df6743-d3cb-4d5a-badb-96cef3181095 /usr/ports       ext4    defaults,nodev,nosuid,noexec	0       0
         </pre>
 
         <p>Reboot in normal mode.</p>
diff --git a/tools/tcpdump.html b/tools/tcpdump.html
index ef15b59..8c9932a 100644
--- a/tools/tcpdump.html
+++ b/tools/tcpdump.html
@@ -8,6 +8,10 @@
         <h1>TCPDump</h1>
 
         <pre>
+        iftop
+        </pre>
+
+        <pre>
         tcpdump -vvv -s 0 -l -n port 53
         </pre>
 
diff --git a/tools/vim.html b/tools/vim.html
index d483e29..528c777 100644
--- a/tools/vim.html
+++ b/tools/vim.html
@@ -53,10 +53,21 @@
 
         <p>Vertical split;</p>
         <pre>
-        :sp
+        :vsp
+        </pre>
+
+        <p>Change horizontal to vertical</p>
+        <pre>
+        ctrl+w H
+        </pre>
+
+        <p>Change vertical to horizontal</p>
+        <pre>
+        ctrl+w J
         </pre>
 
         <p>Move between window splits;</p>
+
         <pre>
         ctrl+w (k,j,l,h)
         </pre>
@@ -97,7 +108,6 @@
         selection or object. For example to delete the next
         two words press: d + 2 + w. List of important operators objects,
         selections;</p>
-        <pre>
 
         <pre>
         operator + count + object