mirror of
https://gitea.blesmrt.net/mikaela/shell-things.git
synced 2024-12-22 10:42:55 +01:00
etc: import from gh-pages
This commit is contained in:
parent
198481866f
commit
938247e19f
10
etc/NetworkManager/NetworkManager.conf
Normal file
10
etc/NetworkManager/NetworkManager.conf
Normal file
@ -0,0 +1,10 @@
|
||||
[main]
|
||||
plugins=ifupdown,keyfile,ofono
|
||||
#dns=dnsmasq
|
||||
|
||||
[ifupdown]
|
||||
managed=true
|
||||
|
||||
## Disable NM for this MAC address
|
||||
#[keyfile]
|
||||
#unmanaged-devices=mac:XX:XX:XX:XX:XX:XX
|
37
etc/apt/sources.list/12.04
Normal file
37
etc/apt/sources.list/12.04
Normal file
@ -0,0 +1,37 @@
|
||||
# See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
|
||||
# newer versions of the distribution.
|
||||
deb mirror://mirrors.ubuntu.com/mirrors.txt precise main restricted universe multiverse
|
||||
|
||||
## Major bug fix updates produced after the final precise of the
|
||||
## distribution.
|
||||
deb mirror://mirrors.ubuntu.com/mirrors.txt precise-updates main restricted universe multiverse
|
||||
|
||||
## N.B. software from this repository may not have been tested as
|
||||
## extensively as that contained in the main precise, although it includes
|
||||
## newer versions of some applications which may provide useful features.
|
||||
## Also, please note that software in backports WILL NOT receive any review
|
||||
## or updates from the Ubuntu security team.
|
||||
deb mirror://mirrors.ubuntu.com/mirrors.txt precise-backports main restricted universe multiverse
|
||||
deb mirror://mirrors.ubuntu.com/mirrors.txt precise-security main restricted universe multiverse
|
||||
deb-src mirror://mirrors.ubuntu.com/mirrors.txt precise main restricted universe multiverse
|
||||
deb-src mirror://mirrors.ubuntu.com/mirrors.txt precise-updates main restricted universe multiverse
|
||||
deb-src mirror://mirrors.ubuntu.com/mirrors.txt precise-backports main restricted universe multiverse
|
||||
deb-src mirror://mirrors.ubuntu.com/mirrors.txt precise-security main restricted universe multiverse
|
||||
|
||||
## Uncomment the following two lines to add software from Canonical's
|
||||
## 'partner' repository.
|
||||
## This software is not part of Ubuntu, but is offered by Canonical and the
|
||||
## respective vendors as a service to Ubuntu users.
|
||||
deb http://archive.canonical.com/ubuntu precise partner
|
||||
deb-src http://archive.canonical.com/ubuntu precise partner
|
||||
|
||||
## This software is not part of Ubuntu, but is offered by third-party
|
||||
## developers who want to ship their latest software.
|
||||
deb http://extras.ubuntu.com/ubuntu precise main
|
||||
deb-src http://extras.ubuntu.com/ubuntu precise main
|
||||
|
||||
## Ubuntu MATE https://ubuntu-mate.org/
|
||||
deb http://ppa.launchpad.net/ubuntu-mate-dev/ppa/ubuntu precise main
|
||||
deb http://ppa.launchpad.net/ubuntu-mate-dev/precise-mate/ubuntu precise main
|
||||
deb-src http://ppa.launchpad.net/ubuntu-mate-dev/ppa/ubuntu precise main
|
||||
deb-src http://ppa.launchpad.net/ubuntu-mate-dev/precise-mate/ubuntu precise main
|
39
etc/apt/sources.list/14.04
Normal file
39
etc/apt/sources.list/14.04
Normal file
@ -0,0 +1,39 @@
|
||||
# See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
|
||||
# newer versions of the distribution.
|
||||
deb mirror://mirrors.ubuntu.com/mirrors.txt trusty main restricted universe multiverse
|
||||
|
||||
## Major bug fix updates produced after the final trusty of the
|
||||
## distribution.
|
||||
deb mirror://mirrors.ubuntu.com/mirrors.txt trusty-updates main restricted universe multiverse
|
||||
|
||||
## N.B. software from this repository may not have been tested as
|
||||
## extensively as that contained in the main trusty, although it includes
|
||||
## newer versions of some applications which may provide useful features.
|
||||
## Also, please note that software in backports WILL NOT receive any review
|
||||
## or updates from the Ubuntu security team.
|
||||
deb mirror://mirrors.ubuntu.com/mirrors.txt trusty-backports main restricted universe multiverse
|
||||
deb mirror://mirrors.ubuntu.com/mirrors.txt trusty-security main restricted universe multiverse
|
||||
deb-src mirror://mirrors.ubuntu.com/mirrors.txt trusty main restricted universe multiverse
|
||||
deb-src mirror://mirrors.ubuntu.com/mirrors.txt trusty-updates main restricted universe multiverse
|
||||
deb-src mirror://mirrors.ubuntu.com/mirrors.txt trusty-backports main restricted universe multiverse
|
||||
deb-src mirror://mirrors.ubuntu.com/mirrors.txt trusty-security main restricted universe multiverse
|
||||
|
||||
## Uncomment the following two lines to add software from Canonical's
|
||||
## 'partner' repository.
|
||||
## This software is not part of Ubuntu, but is offered by Canonical and the
|
||||
## respective vendors as a service to Ubuntu users.
|
||||
deb http://archive.canonical.com/ubuntu trusty partner
|
||||
deb-src http://archive.canonical.com/ubuntu trusty partner
|
||||
|
||||
## This software is not part of Ubuntu, but is offered by third-party
|
||||
## developers who want to ship their latest software.
|
||||
deb http://extras.ubuntu.com/ubuntu trusty main
|
||||
deb-src http://extras.ubuntu.com/ubuntu trusty main
|
||||
|
||||
## Ubuntu MATE https://ubuntu-mate.org/
|
||||
deb http://ppa.launchpad.net/ubuntu-mate-dev/ppa/ubuntu trusty main
|
||||
deb http://ppa.launchpad.net/ubuntu-mate-dev/trusty-mate/ubuntu trusty main
|
||||
deb http://ppa.launchpad.net/accessibility-dev/ppa/ubuntu trusty main
|
||||
deb-src http://ppa.launchpad.net/ubuntu-mate-dev/ppa/ubuntu trusty main
|
||||
deb-src http://ppa.launchpad.net/ubuntu-mate-dev/trusty-mate/ubuntu trusty main
|
||||
deb-src http://ppa.launchpad.net/accessibility-dev/ppa/ubuntu trusty main
|
35
etc/apt/sources.list/14.10
Normal file
35
etc/apt/sources.list/14.10
Normal file
@ -0,0 +1,35 @@
|
||||
# See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
|
||||
# newer versions of the distribution.
|
||||
deb mirror://mirrors.ubuntu.com/mirrors.txt utopic main restricted universe multiverse
|
||||
|
||||
## Major bug fix updates produced after the final utopic of the
|
||||
## distribution.
|
||||
deb mirror://mirrors.ubuntu.com/mirrors.txt utopic-updates main restricted universe multiverse
|
||||
|
||||
## N.B. software from this repository may not have been tested as
|
||||
## extensively as that contained in the main utopic, although it includes
|
||||
## newer versions of some applications which may provide useful features.
|
||||
## Also, please note that software in backports WILL NOT receive any review
|
||||
## or updates from the Ubuntu security team.
|
||||
deb mirror://mirrors.ubuntu.com/mirrors.txt utopic-backports main restricted universe multiverse
|
||||
deb mirror://mirrors.ubuntu.com/mirrors.txt utopic-security main restricted universe multiverse
|
||||
deb-src mirror://mirrors.ubuntu.com/mirrors.txt utopic main restricted universe multiverse
|
||||
deb-src mirror://mirrors.ubuntu.com/mirrors.txt utopic-updates main restricted universe multiverse
|
||||
deb-src mirror://mirrors.ubuntu.com/mirrors.txt utopic-backports main restricted universe multiverse
|
||||
deb-src mirror://mirrors.ubuntu.com/mirrors.txt utopic-security main restricted universe multiverse
|
||||
|
||||
## Uncomment the following two lines to add software from Canonical's
|
||||
## 'partner' repository.
|
||||
## This software is not part of Ubuntu, but is offered by Canonical and the
|
||||
## respective vendors as a service to Ubuntu users.
|
||||
deb http://archive.canonical.com/ubuntu utopic partner
|
||||
deb-src http://archive.canonical.com/ubuntu utopic partner
|
||||
|
||||
## This software is not part of Ubuntu, but is offered by third-party
|
||||
## developers who want to ship their latest software.
|
||||
deb http://extras.ubuntu.com/ubuntu utopic main
|
||||
deb-src http://extras.ubuntu.com/ubuntu utopic main
|
||||
|
||||
## Ubuntu MATE https://ubuntu-mate.org/
|
||||
deb http://ppa.launchpad.net/ubuntu-mate-dev/ppa/ubuntu utopic main
|
||||
deb-src http://ppa.launchpad.net/ubuntu-mate-dev/ppa/ubuntu utopic main
|
31
etc/apt/sources.list/15.04
Normal file
31
etc/apt/sources.list/15.04
Normal file
@ -0,0 +1,31 @@
|
||||
# See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
|
||||
# newer versions of the distribution.
|
||||
deb mirror://mirrors.ubuntu.com/mirrors.txt vivid main restricted universe multiverse
|
||||
|
||||
## Major bug fix updates produced after the final vivid of the
|
||||
## distribution.
|
||||
deb mirror://mirrors.ubuntu.com/mirrors.txt vivid-updates main restricted universe multiverse
|
||||
|
||||
## N.B. software from this repository may not have been tested as
|
||||
## extensively as that contained in the main vivid, although it includes
|
||||
## newer versions of some applications which may provide useful features.
|
||||
## Also, please note that software in backports WILL NOT receive any review
|
||||
## or updates from the Ubuntu security team.
|
||||
deb mirror://mirrors.ubuntu.com/mirrors.txt vivid-backports main restricted universe multiverse
|
||||
deb mirror://mirrors.ubuntu.com/mirrors.txt vivid-security main restricted universe multiverse
|
||||
deb-src mirror://mirrors.ubuntu.com/mirrors.txt vivid main restricted universe multiverse
|
||||
deb-src mirror://mirrors.ubuntu.com/mirrors.txt vivid-updates main restricted universe multiverse
|
||||
deb-src mirror://mirrors.ubuntu.com/mirrors.txt vivid-backports main restricted universe multiverse
|
||||
deb-src mirror://mirrors.ubuntu.com/mirrors.txt vivid-security main restricted universe multiverse
|
||||
|
||||
## Uncomment the following two lines to add software from Canonical's
|
||||
## 'partner' repository.
|
||||
## This software is not part of Ubuntu, but is offered by Canonical and the
|
||||
## respective vendors as a service to Ubuntu users.
|
||||
deb http://archive.canonical.com/ubuntu vivid partner
|
||||
deb-src http://archive.canonical.com/ubuntu vivid partner
|
||||
|
||||
## This software is not part of Ubuntu, but is offered by third-party
|
||||
## developers who want to ship their latest software.
|
||||
deb http://extras.ubuntu.com/ubuntu vivid main
|
||||
deb-src http://extras.ubuntu.com/ubuntu vivid main
|
13
etc/apt/sources.list/debian
Normal file
13
etc/apt/sources.list/debian
Normal file
@ -0,0 +1,13 @@
|
||||
# debiant in this directory is for Debian Testing.
|
||||
|
||||
## Main Debian archives.
|
||||
deb http://http.debian.net/debian stable main contrib non-free
|
||||
deb-src http://http.debian.net/debian stable main contrib non-free
|
||||
|
||||
## Debian Security
|
||||
deb http://security.debian.org/ stable/updates main contrib non-free
|
||||
deb-src http://security.debian.org/ stable/updates main contrib non-free
|
||||
|
||||
## Debian Backports
|
||||
deb http://http.debian.net/debian stable-backports main contrib non-free
|
||||
deb-src http://http.debian.net/debian stable-backports main contrib non-free
|
10
etc/apt/sources.list/debiant
Normal file
10
etc/apt/sources.list/debiant
Normal file
@ -0,0 +1,10 @@
|
||||
# debian (without the t) in this directory is for Debian Stable.
|
||||
|
||||
## Main Debian archives.
|
||||
deb http://http.debian.net/debian testing main contrib non-free
|
||||
deb-src http://http.debian.net/debian testing main contrib non-free
|
||||
|
||||
## Debian Security
|
||||
deb http://security.debian.org/ testing/updates main contrib non-free
|
||||
deb-src http://security.debian.org/ testing/updates main contrib non-free
|
||||
|
35
etc/apt/sources.list/ubuntu
Normal file
35
etc/apt/sources.list/ubuntu
Normal file
@ -0,0 +1,35 @@
|
||||
|
||||
## Replace RELEASE on every line with your Ubuntu RELEASE which you can find out by running
|
||||
# lsb_release -c
|
||||
|
||||
# See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
|
||||
# newer versions of the distribution.
|
||||
deb mirror://mirrors.ubuntu.com/mirrors.txt RELEASE main restricted universe multiverse
|
||||
|
||||
## Major bug fix updates produced after the final release of the
|
||||
## distribution.
|
||||
deb mirror://mirrors.ubuntu.com/mirrors.txt RELEASE-updates main restricted universe multiverse
|
||||
|
||||
## N.B. software from this repository may not have been tested as
|
||||
## extensively as that contained in the main release, although it includes
|
||||
## newer versions of some applications which may provide useful features.
|
||||
## Also, please note that software in backports WILL NOT receive any review
|
||||
## or updates from the Ubuntu security team.
|
||||
deb mirror://mirrors.ubuntu.com/mirrors.txt RELEASE-backports main restricted universe multiverse
|
||||
deb mirror://mirrors.ubuntu.com/mirrors.txt RELEASE-security main restricted universe multiverse
|
||||
deb-src mirror://mirrors.ubuntu.com/mirrors.txt RELEASE main restricted universe multiverse
|
||||
deb-src mirror://mirrors.ubuntu.com/mirrors.txt RELEASE-updates main restricted universe multiverse
|
||||
deb-src mirror://mirrors.ubuntu.com/mirrors.txt RELEASE-backports main restricted universe multiverse
|
||||
deb-src mirror://mirrors.ubuntu.com/mirrors.txt RELEASE-security main restricted universe multiverse
|
||||
|
||||
## Uncomment the following two lines to add software from Canonical's
|
||||
## 'partner' repository.
|
||||
## This software is not part of Ubuntu, but is offered by Canonical and the
|
||||
## respective vendors as a service to Ubuntu users.
|
||||
deb http://archive.canonical.com/ubuntu RELEASE partner
|
||||
deb-src http://archive.canonical.com/ubuntu RELEASE partner
|
||||
|
||||
## This software is not part of Ubuntu, but is offered by third-party
|
||||
## developers who want to ship their latest software.
|
||||
deb http://extras.ubuntu.com/ubuntu RELEASE main
|
||||
deb-src http://extras.ubuntu.com/ubuntu RELEASE main
|
111
etc/dhcp/dhcpd.conf
Normal file
111
etc/dhcp/dhcpd.conf
Normal file
@ -0,0 +1,111 @@
|
||||
#
|
||||
# Sample configuration file for ISC dhcpd for Debian
|
||||
#
|
||||
#
|
||||
|
||||
# The ddns-updates-style parameter controls whether or not the server will
|
||||
# attempt to do a DNS update when a lease is confirmed. We default to the
|
||||
# behavior of the version 2 packages ('none', since DHCP v2 didn't
|
||||
# have support for DDNS.)
|
||||
#ddns-update-style none;
|
||||
|
||||
# option definitions common to all supported networks...
|
||||
#option dhcp6.domain-name "mikaela.info";
|
||||
#option dhcp6.domain-name-servers 2001:4860:4860::8888, 2001:4860:4860::8844;
|
||||
#option dhcp6.domain-search "mikaela.info";
|
||||
|
||||
option domain-name "example.org";
|
||||
option domain-name-servers 2001:4860:4860::8888, 2001:4860:4860::8844;
|
||||
option domain-search "mikaela.info"
|
||||
#default-lease-time 600;
|
||||
#max-lease-time 7200;
|
||||
|
||||
# If this DHCP server is the official DHCP server for the local
|
||||
# network, the authoritative directive should be uncommented.
|
||||
#authoritative;
|
||||
|
||||
# Use this to send dhcp log messages to a different log file (you also
|
||||
# have to hack syslog.conf to complete the redirection).
|
||||
log-facility local7;
|
||||
|
||||
# No service will be given on this subnet, but declaring it helps the
|
||||
# DHCP server to understand the network topology.
|
||||
|
||||
#subnet 10.152.187.0 netmask 255.255.255.0 {
|
||||
#}
|
||||
|
||||
# This is a very basic subnet declaration.
|
||||
|
||||
#subnet 10.254.239.0 netmask 255.255.255.224 {
|
||||
# range 10.254.239.10 10.254.239.20;
|
||||
# option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org;
|
||||
#}
|
||||
|
||||
# This declaration allows BOOTP clients to get dynamic addresses,
|
||||
# which we don't really recommend.
|
||||
|
||||
#subnet 10.254.239.32 netmask 255.255.255.224 {
|
||||
# range dynamic-bootp 10.254.239.40 10.254.239.60;
|
||||
# option broadcast-address 10.254.239.31;
|
||||
# option routers rtr-239-32-1.example.org;
|
||||
#}
|
||||
|
||||
# A slightly different configuration for an internal subnet.
|
||||
#subnet 10.5.5.0 netmask 255.255.255.224 {
|
||||
# range 10.5.5.26 10.5.5.30;
|
||||
# option domain-name-servers ns1.internal.example.org;
|
||||
# option domain-name "internal.example.org";
|
||||
# option routers 10.5.5.1;
|
||||
# option broadcast-address 10.5.5.31;
|
||||
# default-lease-time 600;
|
||||
# max-lease-time 7200;
|
||||
#}
|
||||
|
||||
# Hosts which require special configuration options can be listed in
|
||||
# host statements. If no address is specified, the address will be
|
||||
# allocated dynamically (if possible), but the host-specific information
|
||||
# will still come from the host declaration.
|
||||
|
||||
#host passacaglia {
|
||||
# hardware ethernet 0:0:c0:5d:bd:95;
|
||||
# filename "vmunix.passacaglia";
|
||||
# server-name "toccata.fugue.com";
|
||||
#}
|
||||
|
||||
# Fixed IP addresses can also be specified for hosts. These addresses
|
||||
# should not also be listed as being available for dynamic assignment.
|
||||
# Hosts for which fixed IP addresses have been specified can boot using
|
||||
# BOOTP or DHCP. Hosts for which no fixed address is specified can only
|
||||
# be booted with DHCP, unless there is an address range on the subnet
|
||||
# to which a BOOTP client is connected which has the dynamic-bootp flag
|
||||
# set.
|
||||
#host fantasia {
|
||||
# hardware ethernet 08:00:07:26:c0:a5;
|
||||
# fixed-address fantasia.fugue.com;
|
||||
#}
|
||||
|
||||
# You can declare a class of clients and then do address allocation
|
||||
# based on that. The example below shows a case where all clients
|
||||
# in a certain class get addresses on the 10.17.224/24 subnet, and all
|
||||
# other clients get addresses on the 10.0.29/24 subnet.
|
||||
|
||||
#class "foo" {
|
||||
# match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
|
||||
#}
|
||||
|
||||
#shared-network 224-29 {
|
||||
# subnet 10.17.224.0 netmask 255.255.255.0 {
|
||||
# option routers rtr-224.example.org;
|
||||
# }
|
||||
# subnet 10.0.29.0 netmask 255.255.255.0 {
|
||||
# option routers rtr-29.example.org;
|
||||
# }
|
||||
# pool {
|
||||
# allow members of "foo";
|
||||
# range 10.17.224.10 10.17.224.250;
|
||||
# }
|
||||
# pool {
|
||||
# deny members of "foo";
|
||||
# range 10.0.29.10 10.0.29.230;
|
||||
# }
|
||||
#}
|
41
etc/dnsmasq.d/mikaela
Normal file
41
etc/dnsmasq.d/mikaela
Normal file
@ -0,0 +1,41 @@
|
||||
## This file is for my own configuration that I wish to not get
|
||||
## accidentally overwritten by package upgrades. This is based on Debian
|
||||
## Testing (Jessie) dnsmasq.conf on 2014-12-23 08:50+0200
|
||||
|
||||
# Send everything to unbound listening on port 5353
|
||||
no-resolv
|
||||
server=127.0.0.1#2000 # unbound
|
||||
|
||||
# Be better netizen
|
||||
# Never forward plain names (without a dot or domain part)
|
||||
domain-needed
|
||||
# Never forward addresses in the non-routed address spaces.
|
||||
bogus-priv
|
||||
|
||||
# DNSSEC validation and caching:
|
||||
conf-file=/usr/share/dnsmasq-base/trust-anchors.conf
|
||||
dnssec
|
||||
# Check that unsigned reply is OK (takes extra queries)
|
||||
dnssec-check-unsigned
|
||||
|
||||
# Debugging, log all DNS queries
|
||||
#log-queries
|
||||
|
||||
# Filter useless Windows-originated requests
|
||||
# don't use with Kerberos, SIP, XMPP or Google Talk
|
||||
#filterwin2k
|
||||
|
||||
# Enable dnsmasq's built-in TFTP server
|
||||
#enable-tftp
|
||||
|
||||
# Set the root directory for files available via FTP.
|
||||
#tftp-root=/var/ftpd
|
||||
|
||||
# Make the TFTP server more secure: with this set, only files owned by
|
||||
# the user dnsmasq is running as will be send over the net.
|
||||
#tftp-secure
|
||||
|
||||
# This option stops dnsmasq from negotiating a larger blocksize for TFTP
|
||||
# transfers. It will slow things down, but may rescue some broken TFTP
|
||||
# clients.
|
||||
#tftp-no-blocksize
|
18
etc/fstab
Normal file
18
etc/fstab
Normal file
@ -0,0 +1,18 @@
|
||||
# Use 'blkid' to print the universally unique identifier for a
|
||||
# device; this may be used with UUID= as a more robust way to name devices
|
||||
# that works even if disks are added and removed. See fstab(5).
|
||||
|
||||
## swap file creation and auto-mount
|
||||
# # fallocate -l 4G /swap
|
||||
# # chmod 600 /swap
|
||||
# # mkswap /swap
|
||||
# # swapon /swap
|
||||
# and to /etc/fstab:
|
||||
/swap none swap sw 0 0
|
||||
|
||||
# Don't mount Windows partition automatically, allow normal users to mount it without root
|
||||
# noauto,user
|
||||
UUID=105AB1525AB13576 /media/Windows ntfs defaults,rw,noauto,user 0 0
|
||||
|
||||
# Mount my external HDD automatically on boot.
|
||||
UUID=2A2C535742C3A3D4 /media/Mikaelan ntfs defaults,rw 0 0
|
65
etc/gai.conf
Normal file
65
etc/gai.conf
Normal file
@ -0,0 +1,65 @@
|
||||
# Configuration for getaddrinfo(3).
|
||||
#
|
||||
# So far only configuration for the destination address sorting is needed.
|
||||
# RFC 3484 governs the sorting. But the RFC also says that system
|
||||
# administrators should be able to overwrite the defaults. This can be
|
||||
# achieved here.
|
||||
#
|
||||
# All lines have an initial identifier specifying the option followed by
|
||||
# up to two values. Information specified in this file replaces the
|
||||
# default information. Complete absence of data of one kind causes the
|
||||
# appropriate default information to be used. The supported commands include:
|
||||
#
|
||||
# reload <yes|no>
|
||||
# If set to yes, each getaddrinfo(3) call will check whether this file
|
||||
# changed and if necessary reload. This option should not really be
|
||||
# used. There are possible runtime problems. The default is no.
|
||||
#
|
||||
# label <mask> <value>
|
||||
# Add another rule to the RFC 3484 label table. See section 2.1 in
|
||||
# RFC 3484. The default is:
|
||||
#
|
||||
label ::1/128 0
|
||||
label ::/0 1
|
||||
label 2002::/16 2
|
||||
label ::/96 3
|
||||
label ::ffff:0:0/96 4
|
||||
label fec0::/10 5
|
||||
label fc00::/7 6
|
||||
#label 2001:0::/32 7
|
||||
#
|
||||
# This default differs from the tables given in RFC 3484 by handling
|
||||
# (now obsolete) site-local IPv6 addresses and Unique Local Addresses.
|
||||
# The reason for this difference is that these addresses are never
|
||||
# NATed while IPv4 site-local addresses most probably are. Given
|
||||
# the precedence of IPv6 over IPv4 (see below) on machines having only
|
||||
# site-local IPv4 and IPv6 addresses a lookup for a global address would
|
||||
# see the IPv6 be preferred. The result is a long delay because the
|
||||
# site-local IPv6 addresses cannot be used while the IPv4 address is
|
||||
# (at least for the foreseeable future) NATed. We also treat Teredo
|
||||
# tunnels special.
|
||||
#
|
||||
# precedence <mask> <value>
|
||||
# Add another rule to the RFC 3484 precedence table. See section 2.1
|
||||
# and 10.3 in RFC 3484. The default is:
|
||||
#
|
||||
#precedence ::1/128 50
|
||||
#precedence ::/0 40
|
||||
#precedence 2002::/16 30
|
||||
#precedence ::/96 20
|
||||
#precedence ::ffff:0:0/96 10
|
||||
#
|
||||
# For sites which prefer IPv4 connections change the last line to
|
||||
#
|
||||
#precedence ::ffff:0:0/96 100
|
||||
|
||||
#
|
||||
# scopev4 <mask> <value>
|
||||
# Add another rule to the RFC 6724 scope table for IPv4 addresses.
|
||||
# By default the scope IDs described in section 3.2 in RFC 6724 are
|
||||
# used. Changing these defaults should hardly ever be necessary.
|
||||
# The defaults are equivalent to:
|
||||
#
|
||||
#scopev4 ::ffff:169.254.0.0/112 2
|
||||
#scopev4 ::ffff:127.0.0.0/104 2
|
||||
#scopev4 ::ffff:0.0.0.0/96 14
|
12
etc/hosts
Normal file
12
etc/hosts
Normal file
@ -0,0 +1,12 @@
|
||||
::1 localhost
|
||||
::1 FQDN UQDN
|
||||
|
||||
127.0.0.1 localhost
|
||||
127.0.1.1 FQDN UQDN
|
||||
|
||||
# The following lines are desirable for IPv6 capable hosts
|
||||
::1 ip6-localhost ip6-loopback
|
||||
fe00::0 ip6-localnet
|
||||
ff00::0 ip6-mcastprefix
|
||||
ff02::1 ip6-allnodes
|
||||
ff02::2 ip6-allrouters
|
41
etc/network/interfaces
Normal file
41
etc/network/interfaces
Normal file
@ -0,0 +1,41 @@
|
||||
# interfaces(5) file used by ifup(8) and ifdown(8)
|
||||
|
||||
auto lo
|
||||
iface lo inet loopback
|
||||
|
||||
auto eth0
|
||||
allow-hotplug eth0
|
||||
iface eth0 inet static
|
||||
address 172.16.1.
|
||||
netmask 255.255.0.0
|
||||
gateway 172.16.0.1
|
||||
## dns-nameservers is provided by resolvconf so you can specify nameservers
|
||||
## there. Remember to install dnsmasq to get over the limit of being able
|
||||
## to use only three DNS servers at time!
|
||||
dns-nameservers ::1 8.8.8.8 8.8.4.4
|
||||
dns-search DOMAIN.TLD
|
||||
|
||||
iface eth0 inet6 auto
|
||||
|
||||
## if radvd is announcing prefixes, IPs from them must be in this file
|
||||
## see also https://www.sixxs.net/tools/grh/ula/
|
||||
|
||||
## radvd globally routable address
|
||||
#iface eth0 inet6 static
|
||||
#address RANGE::1
|
||||
#netmask 64
|
||||
|
||||
## radvd ULA
|
||||
#iface eth0 inet6 static
|
||||
#address RANGE::1
|
||||
#netmask64
|
||||
|
||||
## Manually adding IPv6 addresses: ip -6 addr add IPv6_ADDREsS/64 dev eth0
|
||||
|
||||
## REMEMBER TO CHANGE
|
||||
## managed=false
|
||||
## to
|
||||
## managed=true
|
||||
## in /etc/NetworkManager/NetworkManager.conf under "[ifupdown]" !
|
||||
## And restart it!
|
||||
## service network-manager restart
|
2
etc/nginx/README.md
Normal file
2
etc/nginx/README.md
Normal file
@ -0,0 +1,2 @@
|
||||
Useful nginx files that I will probably need and which I will forget if I
|
||||
cannot read them from here.
|
20
etc/nginx/conf.d/cloudflare.conf
Normal file
20
etc/nginx/conf.d/cloudflare.conf
Normal file
@ -0,0 +1,20 @@
|
||||
# Cloudflare
|
||||
set_real_ip_from 199.27.128.0/21;
|
||||
set_real_ip_from 173.245.48.0/20;
|
||||
set_real_ip_from 103.21.244.0/22;
|
||||
set_real_ip_from 103.22.200.0/22;
|
||||
set_real_ip_from 103.31.4.0/22;
|
||||
set_real_ip_from 141.101.64.0/18;
|
||||
set_real_ip_from 108.162.192.0/18;
|
||||
set_real_ip_from 190.93.240.0/20;
|
||||
set_real_ip_from 188.114.96.0/20;
|
||||
set_real_ip_from 197.234.240.0/22;
|
||||
set_real_ip_from 198.41.128.0/17;
|
||||
set_real_ip_from 162.158.0.0/15;
|
||||
set_real_ip_from 104.16.0.0/12;
|
||||
set_real_ip_from 2400:cb00::/32;
|
||||
set_real_ip_from 2606:4700::/32;
|
||||
set_real_ip_from 2803:f800::/32;
|
||||
set_real_ip_from 2405:b500::/32;
|
||||
set_real_ip_from 2405:8100::/32;
|
||||
real_ip_header CF-Connecting-IP;
|
2
etc/nginx/conf.d/rproxy.conf
Normal file
2
etc/nginx/conf.d/rproxy.conf
Normal file
@ -0,0 +1,2 @@
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
@ -0,0 +1,70 @@
|
||||
server {
|
||||
|
||||
# default_server from default vhost must exist somewhere!
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
||||
server_name vhost.example.org;
|
||||
return 301 https://$server_name$request_uri;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443;
|
||||
listen [::]:443;
|
||||
|
||||
root /var/www/vhostdir;
|
||||
index index.php index.html index.htm;
|
||||
|
||||
# vhost address
|
||||
server_name vhost.example.org;
|
||||
|
||||
# SSL
|
||||
#ssl_certificate /etc/nginx/ssl/nginx.crt;
|
||||
#ssl_certificate_key /etc/nginx/ssl/nginx.key;
|
||||
|
||||
location / {
|
||||
# First attempt to serve request as file, then
|
||||
# as directory, then fall back to displaying a 404.
|
||||
try_files $uri $uri/ =404;
|
||||
autoindex on;
|
||||
}
|
||||
|
||||
# Userdir
|
||||
#ilocation ~ ^/~(.+?)(/.*)?$ {
|
||||
# alias /home/$1/public_html$2;
|
||||
# index index.html index.htm;
|
||||
# autoindex on;
|
||||
#}
|
||||
|
||||
|
||||
#error_page 404 /404.html;
|
||||
|
||||
# redirect server error pages to the static page /50x.html
|
||||
#
|
||||
#error_page 500 502 503 504 /50x.html;
|
||||
#location = /50x.html {
|
||||
# root /usr/share/nginx/html;
|
||||
#}
|
||||
|
||||
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
|
||||
#
|
||||
location ~ \.php$ {
|
||||
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||
# # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
|
||||
#
|
||||
# # With php5-cgi alone:
|
||||
# fastcgi_pass 127.0.0.1:9000;
|
||||
# # With php5-fpm:
|
||||
fastcgi_pass unix:/var/run/php5-fpm.sock;
|
||||
fastcgi_index index.php;
|
||||
#include fastcgi_params;
|
||||
include fastcgi.conf;
|
||||
}
|
||||
|
||||
# deny access to .htaccess files, if Apache's document root
|
||||
# concurs with nginx's one
|
||||
#
|
||||
location ~ /\.ht {
|
||||
deny all;
|
||||
}
|
||||
}
|
91
etc/nginx/sites-enabled/host
Normal file
91
etc/nginx/sites-enabled/host
Normal file
@ -0,0 +1,91 @@
|
||||
server {
|
||||
listen 80 default_server;
|
||||
listen [::]:80 default_server ipv6only=on;
|
||||
listen 443 default_server ssl;
|
||||
listen [::]:443 default_server ssl ipv6only=on;
|
||||
|
||||
root /var/www/default/;
|
||||
index index.php index.html index.htm;
|
||||
|
||||
### Generating SSL certificate:
|
||||
## mkdir -p /etc/nginx/ssl && cd /etc/nginx/ssl
|
||||
## openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -keyout nginx.key -out nginx.crt
|
||||
### this takes forever and is used on line 23.
|
||||
## openssl dhparam -out dhparam.pem 4096
|
||||
ssl_certificate /etc/nginx/ssl/nginx.crt;
|
||||
ssl_certificate_key /etc/nginx/ssl/nginx.key;
|
||||
# ----- begin of Mozilla Server Side TLS recommendations -----
|
||||
# **2014-11-07** https://wiki.mozilla.org/Security/Server_Side_TLS
|
||||
ssl_session_timeout 5m;
|
||||
ssl_session_cache shared:SSL:50m;
|
||||
|
||||
# Diffie-Hellman parameter for DHE ciphersuites, recommended 4096 bits
|
||||
# See generation on line 14
|
||||
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
|
||||
|
||||
# Intermediate configuration. tweak to your needs.
|
||||
# comment just for me, don't uncomment.
|
||||
#ssl_ciphers '';
|
||||
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
||||
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
|
||||
ssl_prefer_server_ciphers on;
|
||||
|
||||
# Enable this if your want HSTS (recommended)
|
||||
# HSTS = access only using HTTPS
|
||||
# add_header Strict-Transport-Security max-age=15768000;
|
||||
|
||||
# OCSP Stapling ---
|
||||
# fetch OCSP records from URL in ssl_certificate and cache them
|
||||
ssl_stapling on;
|
||||
ssl_stapling_verify on;
|
||||
## verify chain of trust of OCSP response using Root CA and Intermediate certs
|
||||
#ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;
|
||||
#resolver ::1;
|
||||
# ----- end of Mozilla Server Side TLS recommendations -----
|
||||
|
||||
location / {
|
||||
# First attempt to serve request as file, then
|
||||
# as directory, then fall back to displaying a 404.
|
||||
try_files $uri $uri/ =404;
|
||||
autoindex on;
|
||||
}
|
||||
|
||||
# Userdir
|
||||
location ~ ^/~(.+?)(/.*)?$ {
|
||||
alias /home/$1/public_html$2;
|
||||
index index.html index.htm;
|
||||
autoindex on;
|
||||
}
|
||||
|
||||
|
||||
#error_page 404 /404.html;
|
||||
|
||||
# redirect server error pages to the static page /50x.html
|
||||
#
|
||||
#error_page 500 502 503 504 /50x.html;
|
||||
#location = /50x.html {
|
||||
# root /usr/share/nginx/html;
|
||||
#}
|
||||
|
||||
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
|
||||
#
|
||||
location ~ \.php$ {
|
||||
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||
# # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
|
||||
#
|
||||
# # With php5-cgi alone:
|
||||
# fastcgi_pass 127.0.0.1:9000;
|
||||
# # With php5-fpm:
|
||||
fastcgi_pass unix:/var/run/php5-fpm.sock;
|
||||
fastcgi_index index.php;
|
||||
#include fastcgi_params;
|
||||
include fastcgi.conf;
|
||||
}
|
||||
|
||||
# deny access to .htaccess files, if Apache's document root
|
||||
# concurs with nginx's one
|
||||
#
|
||||
location ~ /\.ht {
|
||||
deny all;
|
||||
}
|
||||
}
|
16
etc/nginx/sites-enabled/rproxy
Normal file
16
etc/nginx/sites-enabled/rproxy
Normal file
@ -0,0 +1,16 @@
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
listen 443;
|
||||
listen [::]:443;
|
||||
|
||||
server_name something.example.org;
|
||||
|
||||
# NOTE: For X-Real-IP & X-Forwarded-For see ../conf.d/rproxy.conf
|
||||
# Behind CloudFlare see ../conf.d/cloudflare.conf
|
||||
|
||||
location / {
|
||||
proxy_pass http://localhost:8080/;
|
||||
}
|
||||
}
|
||||
|
60
etc/nginx/sites-enabled/vhost
Normal file
60
etc/nginx/sites-enabled/vhost
Normal file
@ -0,0 +1,60 @@
|
||||
server {
|
||||
|
||||
# default_server from default vhost must exist somewhere!
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
listen 443;
|
||||
listen [::]:443;
|
||||
|
||||
root /var/www/vhostdir;
|
||||
index index.php index.html index.htm;
|
||||
|
||||
# vhost address
|
||||
server_name vhost.example.org;
|
||||
|
||||
location / {
|
||||
# First attempt to serve request as file, then
|
||||
# as directory, then fall back to displaying a 404.
|
||||
try_files $uri $uri/ =404;
|
||||
autoindex off;
|
||||
}
|
||||
|
||||
# Userdir
|
||||
#ilocation ~ ^/~(.+?)(/.*)?$ {
|
||||
# alias /home/$1/public_html$2;
|
||||
# index index.html index.htm;
|
||||
# autoindex on;
|
||||
#}
|
||||
|
||||
|
||||
#error_page 404 /404.html;
|
||||
|
||||
# redirect server error pages to the static page /50x.html
|
||||
#
|
||||
#error_page 500 502 503 504 /50x.html;
|
||||
#location = /50x.html {
|
||||
# root /usr/share/nginx/html;
|
||||
#}
|
||||
|
||||
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
|
||||
#
|
||||
location ~ \.php$ {
|
||||
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||
# # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
|
||||
#
|
||||
# # With php5-cgi alone:
|
||||
# fastcgi_pass 127.0.0.1:9000;
|
||||
# # With php5-fpm:
|
||||
fastcgi_pass unix:/var/run/php5-fpm.sock;
|
||||
fastcgi_index index.php;
|
||||
#include fastcgi_params;
|
||||
include fastcgi.conf;
|
||||
}
|
||||
|
||||
# deny access to .htaccess files, if Apache's document root
|
||||
# concurs with nginx's one
|
||||
#
|
||||
location ~ /\.ht {
|
||||
deny all;
|
||||
}
|
||||
}
|
21
etc/polipo/config
Normal file
21
etc/polipo/config
Normal file
@ -0,0 +1,21 @@
|
||||
# This file only needs to list configuration variables that deviate
|
||||
# from the default values. See /usr/share/doc/polipo/examples/config.sample
|
||||
# and "polipo -v" for variables you can tweak and further information.
|
||||
|
||||
# Defaults
|
||||
logSyslog = true
|
||||
logFile = /var/log/polipo/polipo.log
|
||||
|
||||
# Address to listen, allowed clients & port
|
||||
#proxyAddress = ::0
|
||||
#allowedClients = 172.16.0.0/16, fd6a:d4e8:95e6::/64
|
||||
#proxyPort = 8123
|
||||
proxyPort = 8080
|
||||
|
||||
# Tor
|
||||
socksParentProxy = localhost:9050
|
||||
diskCacheRoot=""
|
||||
disableLocalInterface=true
|
||||
censoredHeaders = from, accept-language
|
||||
censorReferer = maybe
|
||||
|
15
etc/radvd.conf
Normal file
15
etc/radvd.conf
Normal file
@ -0,0 +1,15 @@
|
||||
interface eth0
|
||||
{
|
||||
AdvSendAdvert on;
|
||||
AdvOtherConfigFlag on;
|
||||
prefix 2001:14b8:100:8397::/64
|
||||
{
|
||||
AdvOnLink on;
|
||||
AdvAutonomous on;
|
||||
};
|
||||
prefix ULA::/64
|
||||
{
|
||||
AdvOnLink on;
|
||||
AdvAutonomous on;
|
||||
};
|
||||
};
|
13
etc/resolvconf/resolv.conf.d/head
Normal file
13
etc/resolvconf/resolv.conf.d/head
Normal file
@ -0,0 +1,13 @@
|
||||
## Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
|
||||
## DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
|
||||
|
||||
## Local DNS cache (dnsmasq)
|
||||
nameserver ::1
|
||||
|
||||
## Google DNS IPv6
|
||||
#nameserver 2001:4860:4860::8888
|
||||
#nameserver 2001:4860:4860::8844
|
||||
|
||||
## Google DNS IPv4
|
||||
#nameserver 8.8.8.8
|
||||
#nameserver 8.8.4.4
|
3
etc/resolvconf/resolv.conf.d/tail
Normal file
3
etc/resolvconf/resolv.conf.d/tail
Normal file
@ -0,0 +1,3 @@
|
||||
# According to manual page for resolv.conf, the last search/domain entry
|
||||
# wins
|
||||
search DOMAIN.TLD
|
103
etc/ssh/sshd_config
Executable file
103
etc/ssh/sshd_config
Executable file
@ -0,0 +1,103 @@
|
||||
# Package generated configuration file
|
||||
# See the sshd_config(5) manpage for details
|
||||
|
||||
# What ports, IPs and protocols we listen for
|
||||
# sshd default
|
||||
Port 22
|
||||
# https, usually not blocked by firewalls. Verify that there is nothing
|
||||
# else listening on 443 before using this port.
|
||||
Port 443
|
||||
# personal port assigning system that I use to get around inability of
|
||||
# my router to forward one WAN port to another LAN port
|
||||
Port 10000
|
||||
|
||||
# Use these options to restrict which interfaces/protocols sshd will bind to
|
||||
ListenAddress ::
|
||||
ListenAddress 0.0.0.0
|
||||
Protocol 2
|
||||
# HostKeys for protocol version 2
|
||||
HostKey /etc/ssh/ssh_host_rsa_key
|
||||
HostKey /etc/ssh/ssh_host_dsa_key
|
||||
HostKey /etc/ssh/ssh_host_ecdsa_key
|
||||
HostKey /etc/ssh/ssh_host_ed25519_key
|
||||
|
||||
## IF THE HOST KEYS ARE MISSING, RUN THE FOLLOWING AS ROOT:
|
||||
# ssh-keygen -t dsa -N "" -f /etc/ssh/ssh_host_dsa_key
|
||||
# ssh-keygen -t rsa -N "" -f /etc/ssh/ssh_host_rsa_key
|
||||
# ssh-keygen -t ecdsa -N "" -f /etc/ssh/ssh_host_ecdsa_key
|
||||
# ssh-keygen -t ed25519 -N "" -f /etc/ssh/ssh_host_ed25519_key
|
||||
|
||||
#Privilege Separation is turned on for security
|
||||
UsePrivilegeSeparation yes
|
||||
|
||||
# Lifetime and size of ephemeral version 1 server key
|
||||
KeyRegenerationInterval 3600
|
||||
ServerKeyBits 1024
|
||||
|
||||
# Logging
|
||||
SyslogFacility AUTH
|
||||
LogLevel VERBOSE
|
||||
|
||||
# Authentication:
|
||||
LoginGraceTime 120
|
||||
PermitRootLogin without-password
|
||||
StrictModes yes
|
||||
|
||||
RSAAuthentication yes
|
||||
PubkeyAuthentication yes
|
||||
#AuthorizedKeysFile %h/.ssh/authorized_keys
|
||||
|
||||
# Don't read the user's ~/.rhosts and ~/.shosts files
|
||||
IgnoreRhosts yes
|
||||
# For this to work you will also need host keys in /etc/ssh_known_hosts
|
||||
RhostsRSAAuthentication no
|
||||
# similar for protocol version 2
|
||||
HostbasedAuthentication no
|
||||
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
|
||||
#IgnoreUserKnownHosts yes
|
||||
|
||||
# To enable empty passwords, change to yes (NOT RECOMMENDED)
|
||||
PermitEmptyPasswords no
|
||||
|
||||
# Change to yes to enable challenge-response passwords (beware issues with
|
||||
# some PAM modules and threads)
|
||||
ChallengeResponseAuthentication no
|
||||
|
||||
# Change to no to disable tunnelled clear text passwords
|
||||
PasswordAuthentication no
|
||||
|
||||
# Kerberos options
|
||||
#KerberosAuthentication no
|
||||
#KerberosGetAFSToken no
|
||||
#KerberosOrLocalPasswd yes
|
||||
#KerberosTicketCleanup yes
|
||||
|
||||
# GSSAPI options
|
||||
#GSSAPIAuthentication no
|
||||
#GSSAPICleanupCredentials yes
|
||||
|
||||
X11Forwarding yes
|
||||
X11DisplayOffset 10
|
||||
PrintMotd no
|
||||
PrintLastLog yes
|
||||
TCPKeepAlive yes
|
||||
#UseLogin no
|
||||
|
||||
#MaxStartups 10:30:60
|
||||
Banner /etc/issue.net
|
||||
|
||||
# Allow client to pass locale environment variables
|
||||
AcceptEnv LANG LC_*
|
||||
|
||||
Subsystem sftp /usr/lib/openssh/sftp-server
|
||||
|
||||
# Set this to 'yes' to enable PAM authentication, account processing,
|
||||
# and session processing. If this is enabled, PAM authentication will
|
||||
# be allowed through the ChallengeResponseAuthentication and
|
||||
# PasswordAuthentication. Depending on your PAM configuration,
|
||||
# PAM authentication via ChallengeResponseAuthentication may bypass
|
||||
# the setting of "PermitRootLogin without-password".
|
||||
# If you just want the PAM account and session checks to run without
|
||||
# PAM authentication, then enable this but set PasswordAuthentication
|
||||
# and ChallengeResponseAuthentication to 'no'.
|
||||
UsePAM yes
|
18
etc/unbound/unbound.conf.d/forwards.conf
Normal file
18
etc/unbound/unbound.conf.d/forwards.conf
Normal file
@ -0,0 +1,18 @@
|
||||
# Forward queries to
|
||||
forward-zone:
|
||||
name: "."
|
||||
# Google
|
||||
forward-addr: 2001:4860:4860::8888
|
||||
forward-addr: 2001:4860:4860::8844
|
||||
forward-addr: 8.8.8.8
|
||||
forward-addr: 8.8.4.4
|
||||
# OpenDNS
|
||||
forward-addr: 2620:0:ccc::2
|
||||
forward-addr: 2620:0:ccd::2
|
||||
forward-addr: 208.67.222.222
|
||||
forward-addr: 208.67.220.220
|
||||
# Yandex.DNS Basic
|
||||
forward-addr: 2a02:6b8::feed:0ff
|
||||
forward-addr: 2a02:6b8:0:1::feed:0ff
|
||||
forward-addr: 77.88.8.8
|
||||
forward-addr: 77.88.8.1
|
16
etc/unbound/unbound.conf.d/mikaela.conf
Normal file
16
etc/unbound/unbound.conf.d/mikaela.conf
Normal file
@ -0,0 +1,16 @@
|
||||
server:
|
||||
# perform cryptographic DNSSEC validation using the root trust anchor.
|
||||
# this should be in /etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf
|
||||
# auto-trust-anchor-file: "/var/lib/unbound/root.key"
|
||||
interface: 127.0.0.1
|
||||
access-control: 127.0.0.0/8 allow
|
||||
interface: ::1
|
||||
access-control: ::1 allow
|
||||
port: 2000
|
||||
# logging
|
||||
chroot: ""
|
||||
use-syslog: yes
|
||||
log-time-ascii: yes
|
||||
log-queries: yes
|
||||
# 0 - 5, default 1, query information 3
|
||||
verbosity: 1
|
Loading…
Reference in New Issue
Block a user