about summary refs log tree commit diff stats
path: root/tools/conf/etc
diff options
context:
space:
mode:
Diffstat (limited to 'tools/conf/etc')
-rw-r--r--tools/conf/etc/gitweb.conf22
-rw-r--r--tools/conf/etc/iptables/vlan.v4170
-rw-r--r--tools/conf/etc/nginx/sites-enabled/git.localhost.conf25
-rwxr-xr-xtools/conf/etc/rc.d/blan93
-rw-r--r--tools/conf/etc/skel/.xinitrc16
5 files changed, 277 insertions, 49 deletions
diff --git a/tools/conf/etc/gitweb.conf b/tools/conf/etc/gitweb.conf
new file mode 100644
index 0000000..26034fb
--- /dev/null
+++ b/tools/conf/etc/gitweb.conf
@@ -0,0 +1,22 @@
+# The directories where your projects are. Must not end with a slash.
+our $projectroot = "/srv/gitolite/repositories"; 
+
+# Base URLs for links displayed in the web interface.
+our @git_base_url_list = qw(git://core.privat-network.com http://git@core.private-network.com); 
+
+our $site_name = "gitweb";
+our $git_temp = "/srv/www/gitweb_tmp";
+
+our $projects_list = "/srv/gitolite/projects.list";
+
+our $projects_list_group_categories = 1;
+
+our $home_link_str="GitWeb";
+
+$feature{'highlight'}{'default'} = [1];
+
+$feature{'pathinfo'}{'default'} = [1];
+
+our @extra_breadcrumbs = (
+      [ 'HomePage' => 'https://core.privat-network.net/' ],
+);
diff --git a/tools/conf/etc/iptables/vlan.v4 b/tools/conf/etc/iptables/vlan.v4
new file mode 100644
index 0000000..8c87389
--- /dev/null
+++ b/tools/conf/etc/iptables/vlan.v4
@@ -0,0 +1,170 @@
+# Generated by iptables-save v1.6.0 on Sat Oct 15 17:20:41 2016
+*security
+:INPUT ACCEPT [6:2056]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [6:2056]
+COMMIT
+# Completed on Sat Oct 15 17:20:41 2016
+# Generated by iptables-save v1.6.0 on Sat Oct 15 17:20:41 2016
+*raw
+:PREROUTING ACCEPT [7:2092]
+:OUTPUT ACCEPT [6:2056]
+COMMIT
+# Completed on Sat Oct 15 17:20:41 2016
+# Generated by iptables-save v1.6.0 on Sat Oct 15 17:20:41 2016
+*mangle
+:PREROUTING ACCEPT [7:2092]
+:INPUT ACCEPT [6:2056]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [6:2056]
+:POSTROUTING ACCEPT [6:2056]
+COMMIT
+# Completed on Sat Oct 15 17:20:41 2016
+# Generated by iptables-save v1.6.0 on Sat Oct 15 17:20:41 2016
+*filter
+:INPUT DROP [0:0]
+:FORWARD ACCEPT [0:0]
+:OUTPUT DROP [0:0]
+-A INPUT -i lo -j ACCEPT
+-A INPUT -i br0 -j ACCEPT
+-A INPUT -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -m limit --limit 5/min --limit-burst 7 -j LOG --log-prefix "iptables: drop sync: " --log-level 7
+-A INPUT -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j DROP
+-A INPUT -f -m limit --limit 5/min --limit-burst 7 -j LOG --log-prefix "iptables: drop frag: "
+-A INPUT -f -j DROP
+-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j DROP
+-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j DROP
+-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -m limit --limit 5/min --limit-burst 7 -j LOG --log-prefix "iptables: drop null: "
+-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
+-A INPUT -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -m limit --limit 5/min --limit-burst 7 -j LOG --log-prefix "iptables: drop syn rst syn rs"
+-A INPUT -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP
+-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -m limit --limit 5/min --limit-burst 7 -j LOG --log-prefix "iptables: drop xmas: "
+-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j DROP
+-A INPUT -p tcp -m tcp --tcp-flags FIN,ACK FIN -m limit --limit 5/min --limit-burst 7 -j LOG --log-prefix "iptables: drop fin scan: "
+-A INPUT -p tcp -m tcp --tcp-flags FIN,ACK FIN -j DROP
+-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,ACK,URG -j DROP
+#################################################################################
+#	INPUT
+#	Established connections and passive
+#
+
+# Allow established from dns server
+#-A INPUT -p udp -m udp --sport 53 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
+# INPUT accept passive
+-A INPUT -p tcp -m tcp --sport 1024:65535 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
+-A INPUT -p tcp -m tcp --sport 1024:65535 --dport 1024:65535 -m state --state RELATED -j ACCEPT
+
+
+# Allow irc
+-A INPUT -p tcp -m tcp --sport 6667 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
+# Allow xmmp
+-A INPUT -p tcp -m tcp --sport 5222 --dport 1024:65535 -m state --state ESTABLISHED,RELATED -j ACCEPT
+# Allow established from https server
+-A INPUT -p tcp -m tcp --sport 443 --dport 1024:65535 -m state --state ESTABLISHED,RELATED -j ACCEPT
+-A INPUT -p udp -m udp --sport 443 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
+
+# Allow established from http server
+-A INPUT -p tcp -m tcp --sport 80 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
+# Allow established from rsync server
+-A INPUT -p tcp -m tcp --sport 873 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
+# Allow established from pop3s server
+-A INPUT -p tcp -m tcp --sport 995 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
+# Allow established from smtps server
+-A INPUT -p tcp -m tcp --sport 465 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
+# Allow established from ntp server
+-A INPUT -p udp -m udp --sport 123 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
+# Allow established from whois server
+-A INPUT -p tcp -m tcp --sport 43 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
+# Allow established from ftp server
+-A INPUT -p tcp -m tcp --sport 20 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
+-A INPUT -p tcp -m tcp --sport 21 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
+-A INPUT -p tcp -m tcp --sport 22 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
+##################################################################################
+#	INPUT
+#	New and established connections to local servers
+#
+
+# allow ping
+-A INPUT -p icmp --icmp-type 8 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
+-A INPUT -p icmp --icmp-type 0 -m state --state ESTABLISHED,RELATED -j ACCEPT
+
+# INPUT accept from wlp7s0 to dns server
+#-A INPUT -p udp -m udp --sport 1024:65535 --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT
+
+# INPUT accept from wlp7s0 to https server
+-A INPUT -p tcp -m tcp --sport 1024:65535 --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
+# INPUT accept from wlp7s0 to ssh server
+-A INPUT -p tcp -m tcp --sport 1024:65535 --dport 2222 -m state --state ESTABLISHED -j ACCEPT
+-A INPUT -p tcp -m tcp --sport 1024:65535 --dport 2222 -m state --state NEW -m limit --limit 6/min --limit-burst 3 -j ACCEPT
+
+-A FORWARD -i br0 -j ACCEPT
+
+-A INPUT -j LOG --log-prefix "iptables: INPUT: " --log-level 7
+-A FORWARD -j LOG --log-prefix "iptables: FORWARD: " --log-level 7
+
+##################################################################################
+#	Output
+#	Connections to remote servers
+#
+-A OUTPUT -o lo -j ACCEPT
+-A OUTPUT -o br0 -j ACCEPT
+
+# Allow ping
+-A OUTPUT -p icmp --icmp-type 8 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
+# Allow to ssh clients
+-A OUTPUT -p tcp -m tcp --sport 2222 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
+
+# Allow to dns
+#-A OUTPUT -p udp -m udp --sport 1024:65535 --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT
+# Allow from dns server
+#-A OUTPUT -p udp -m udp --sport 53 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
+
+# Allow irc
+-A OUTPUT -p tcp -m tcp --sport 1024:65535 --dport 6667 -m state --state NEW,ESTABLISHED -j ACCEPT
+# Allow xmmp
+-A OUTPUT -p tcp -m tcp --sport 1024:65535 --dport 5222 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
+
+
+# Allow to rsync server
+-A OUTPUT -p tcp -m tcp --sport 1024:65535 --dport 873 -m state --state NEW,ESTABLISHED -j ACCEPT
+# Allow to pop3s server
+-A OUTPUT -p tcp -m tcp --sport 1024:65535 --dport 995 -m state --state NEW,ESTABLISHED -j ACCEPT
+# Allow to smtps server
+-A OUTPUT -p tcp -m tcp --sport 1024:65535 --dport 465 -m state --state NEW,ESTABLISHED -j ACCEPT
+# Allow to ntp server
+-A OUTPUT -p udp -m udp --sport 1024:65535 --dport 123 -m state --state NEW,ESTABLISHED -j ACCEPT
+# Allow to ftp server
+-A OUTPUT -p tcp -m tcp --sport 1024:65535 --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT
+-A OUTPUT -p tcp -m tcp --sport 1024:65535 --dport 20 -m state --state NEW,ESTABLISHED -j ACCEPT
+# Allow to https server
+-A OUTPUT -p tcp -m tcp --sport 1024:65535 --dport 443 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
+-A OUTPUT -p udp -m udp --sport 1024:65535 --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
+# Allow to http server
+-A OUTPUT -p tcp -m tcp --sport 1024:65535 --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
+
+##################################################################################
+#	Output
+#	Connections from local servers
+#
+
+
+-A OUTPUT -p tcp -m tcp --sport 1024:65535 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
+-A OUTPUT -p tcp -m tcp --sport 1024:65535 --dport 1024:65535 -m state --state RELATED -j ACCEPT
+-A OUTPUT -p tcp -m tcp --sport 1024:65535 --dport 1024:65535 -m state --state NEW -j ACCEPT
+
+
+-A OUTPUT -j LOG --log-prefix "iptables: OUTPUT: " --log-level 7
+COMMIT
+# Completed on Sat Oct 15 17:20:41 2016
+# Generated by iptables-save v1.6.0 on Sat Oct 15 17:20:41 2016
+*nat
+:PREROUTING ACCEPT [1:36]
+:INPUT ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+:POSTROUTING ACCEPT [0:0]
+
+-A POSTROUTING -s 10.0.0.0/24 -d 10.0.0.0/24 -j ACCEPT
+-A POSTROUTING -s 10.0.0.0/24 -j MASQUERADE
+#-A POSTROUTING -o wlp7s0 -j MASQUERADE
+
+COMMIT
+# Completed on Sat Oct 15 17:20:41 2016
diff --git a/tools/conf/etc/nginx/sites-enabled/git.localhost.conf b/tools/conf/etc/nginx/sites-enabled/git.localhost.conf
new file mode 100644
index 0000000..d114ab8
--- /dev/null
+++ b/tools/conf/etc/nginx/sites-enabled/git.localhost.conf
@@ -0,0 +1,25 @@
+server {
+    listen 443 ssl;
+
+    server_name git.localhost git.c9.core git.core.privat-network.net;
+
+    root /srv/www/gitweb;
+
+    location /static/ {
+        # static files (png/css) served from /usr/share/gitweb/static
+        root /usr/share/gitweb ;
+        expires 30d;
+    }
+
+    location / {
+        index gitweb.cgi
+        fastcgi_param GITWEB_CONFIG  /etc/gitweb.conf;
+        fastcgi_param DOCUMENT_ROOT  /srv/www/gitweb/;
+        fastcgi_param SCRIPT_NAME    /gitweb.cgi$fastcgi_path_info;
+        fastcgi_split_path_info      ^()(/?.+)$;
+
+        include fastcgi_params;
+        fastcgi_pass unix:/var/run/fcgiwrap.sock;
+     }
+
+}
diff --git a/tools/conf/etc/rc.d/blan b/tools/conf/etc/rc.d/blan
index f75d272..f3ea322 100755
--- a/tools/conf/etc/rc.d/blan
+++ b/tools/conf/etc/rc.d/blan
@@ -4,60 +4,55 @@
 #
 
 DEV="br0"
-PHY="enp8s0"
 
-ADDR=10.0.0.1
+ADDR=10.0.0.254
 NET=10.0.0.0
+GW=192.168.1.254
 MASK=24
-GTW=10.0.0.1
-NTAPS=$((`/usr/bin/nproc`-1))
+
+# one tap for each cpu core
+NTAPS=$((`/usr/bin/nproc`))
 
 case $1 in
-	start)
-                /sbin/ip link add name ${DEV} type bridge
-                /sbin/ip link set dev ${DEV} up
-
-                /bin/sleep 0.2s
-                /sbin/ip route flush dev ${PHY}
-                /sbin/ip addr flush dev ${PHY}
-                /sbin/ip link set dev ${PHY} master ${DEV}
-
-                /sbin/ip addr add ${ADDR}/${MASK} dev ${DEV} broadcast +
-
-                for i in `/usr/bin/seq $NTAPS`
-                do
-                    TAP="tap$i"
-                    echo $TAP
-                    /sbin/ip tuntap add ${TAP} mode tap group kvm
-                    /sbin/ip link set ${TAP} up
-                    /bin/sleep 0.2s
-                    #brctl addif $switch $1
-                    /sbin/ip link set ${TAP} master ${DEV}
-                done
-
-		exit 0
-		;;
-	stop)
-
-                for i in `/usr/bin/seq $NTAPS`
-                do
-                    TAP="tap$i"
-		    /sbin/ip link del ${TAP}
-                    echo $TAP
-                done
-
-       		/sbin/ip link set dev ${DEV} down
-		/sbin/ip route flush dev ${DEV}
-		/sbin/ip link del ${DEV}
-		exit 0
-		;;
-	restart)
-		$0 stop
-		$0 start
-		;;
-	*)
-		echo "Usage: $0 [start|stop|restart]"
-		;;
+    start)
+        /sbin/ip link add name ${DEV} type bridge
+        /sbin/ip addr add ${ADDR}/${MASK} dev ${DEV} broadcast +
+        /sbin/ip link set dev ${DEV} up
+        /bin/sleep 0.2s
+
+        for i in `/usr/bin/seq $NTAPS`
+        do
+            TAP="tap$i"
+            echo "Setting up ${TAP} tap interface."
+            /sbin/ip tuntap add ${TAP} mode tap group kvm
+            /sbin/ip link set ${TAP} up
+            /bin/sleep 0.2s
+            /sbin/ip link set ${TAP} master ${DEV}
+        done
+
+        exit 0
+        ;;
+    stop)
+
+        for i in `/usr/bin/seq $NTAPS`
+        do
+            TAP="tap$i"
+            echo "Deleting ${TAP} tap interface."
+            /sbin/ip link del ${TAP}
+        done
+
+        /sbin/ip link set dev ${DEV} down
+        /sbin/ip route flush dev ${DEV}
+        /sbin/ip link del ${DEV}
+        exit 0
+        ;;
+    restart)
+        $0 stop
+        $0 start
+        ;;
+    *)
+        echo "Usage: $0 [start|stop|restart]"
+        ;;
 esac
 
 # End of file
diff --git a/tools/conf/etc/skel/.xinitrc b/tools/conf/etc/skel/.xinitrc
new file mode 100644
index 0000000..ac94b39
--- /dev/null
+++ b/tools/conf/etc/skel/.xinitrc
@@ -0,0 +1,16 @@
+
+##twm &
+##xclock -geometry 50x50-1+1 &
+##xterm -geometry 80x50+494+51 &
+##xterm -geometry 80x20+494-0 &
+##exec xterm -geometry 80x66+0+0 -name login
+#
+##xrandr --output eDP1 --mode 1024x768
+#xrandr --dpi 100
+#xgamma -gamma 0.8
+syndaemon -d
+#
+## Start the window manager
+
+#exec dwm
+exec openbox
generated by cgit-pink 1.4.1-2-gfad0 (git 2.36.2.497.gbbea4dcf42) at 2024-11-05 15:27:43 +0000