etc: import from gh-pages

2024-11-16 16:29:23 +01:00 · 2014-12-27 11:09:00 +02:00 · 2014-12-27 11:09:00 +02:00 · 938247e19f
commit 938247e19f
parent 198481866f
28 changed files with 948 additions and 0 deletions
--- a/etc/NetworkManager/NetworkManager.conf
+++ b/etc/NetworkManager/NetworkManager.conf
@ -0,0 +1,10 @@
 [main]
 plugins=ifupdown,keyfile,ofono
 #dns=dnsmasq
 [ifupdown]
 managed=true
 ## Disable NM for this MAC address
 #[keyfile]
 #unmanaged-devices=mac:XX:XX:XX:XX:XX:XX
--- a/etc/apt/sources.list/12.04
+++ b/etc/apt/sources.list/12.04
@ -0,0 +1,37 @@
 # See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
 # newer versions of the distribution.
 deb mirror://mirrors.ubuntu.com/mirrors.txt precise main restricted universe multiverse
 ## Major bug fix updates produced after the final precise of the
 ## distribution.
 deb mirror://mirrors.ubuntu.com/mirrors.txt precise-updates main restricted universe multiverse
 ## N.B. software from this repository may not have been tested as
 ## extensively as that contained in the main precise, although it includes
 ## newer versions of some applications which may provide useful features.
 ## Also, please note that software in backports WILL NOT receive any review
 ## or updates from the Ubuntu security team.
 deb mirror://mirrors.ubuntu.com/mirrors.txt precise-backports main restricted universe multiverse
 deb mirror://mirrors.ubuntu.com/mirrors.txt precise-security main restricted universe multiverse
 deb-src mirror://mirrors.ubuntu.com/mirrors.txt precise main restricted universe multiverse
 deb-src mirror://mirrors.ubuntu.com/mirrors.txt precise-updates main restricted universe multiverse
 deb-src mirror://mirrors.ubuntu.com/mirrors.txt precise-backports main restricted universe multiverse
 deb-src mirror://mirrors.ubuntu.com/mirrors.txt precise-security main restricted universe multiverse
 ## Uncomment the following two lines to add software from Canonical's
 ## 'partner' repository.
 ## This software is not part of Ubuntu, but is offered by Canonical and the
 ## respective vendors as a service to Ubuntu users.
 deb http://archive.canonical.com/ubuntu precise partner
 deb-src http://archive.canonical.com/ubuntu precise partner
 ## This software is not part of Ubuntu, but is offered by third-party
 ## developers who want to ship their latest software.
 deb http://extras.ubuntu.com/ubuntu precise main
 deb-src http://extras.ubuntu.com/ubuntu precise main
 ## Ubuntu MATE https://ubuntu-mate.org/
 deb http://ppa.launchpad.net/ubuntu-mate-dev/ppa/ubuntu precise main
 deb http://ppa.launchpad.net/ubuntu-mate-dev/precise-mate/ubuntu precise main
 deb-src http://ppa.launchpad.net/ubuntu-mate-dev/ppa/ubuntu precise main
 deb-src http://ppa.launchpad.net/ubuntu-mate-dev/precise-mate/ubuntu precise main
--- a/etc/apt/sources.list/14.04
+++ b/etc/apt/sources.list/14.04
@ -0,0 +1,39 @@
 # See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
 # newer versions of the distribution.
 deb mirror://mirrors.ubuntu.com/mirrors.txt trusty main restricted universe multiverse
 ## Major bug fix updates produced after the final trusty of the
 ## distribution.
 deb mirror://mirrors.ubuntu.com/mirrors.txt trusty-updates main restricted universe multiverse
 ## N.B. software from this repository may not have been tested as
 ## extensively as that contained in the main trusty, although it includes
 ## newer versions of some applications which may provide useful features.
 ## Also, please note that software in backports WILL NOT receive any review
 ## or updates from the Ubuntu security team.
 deb mirror://mirrors.ubuntu.com/mirrors.txt trusty-backports main restricted universe multiverse
 deb mirror://mirrors.ubuntu.com/mirrors.txt trusty-security main restricted universe multiverse
 deb-src mirror://mirrors.ubuntu.com/mirrors.txt trusty main restricted universe multiverse
 deb-src mirror://mirrors.ubuntu.com/mirrors.txt trusty-updates main restricted universe multiverse
 deb-src mirror://mirrors.ubuntu.com/mirrors.txt trusty-backports main restricted universe multiverse
 deb-src mirror://mirrors.ubuntu.com/mirrors.txt trusty-security main restricted universe multiverse
 ## Uncomment the following two lines to add software from Canonical's
 ## 'partner' repository.
 ## This software is not part of Ubuntu, but is offered by Canonical and the
 ## respective vendors as a service to Ubuntu users.
 deb http://archive.canonical.com/ubuntu trusty partner
 deb-src http://archive.canonical.com/ubuntu trusty partner
 ## This software is not part of Ubuntu, but is offered by third-party
 ## developers who want to ship their latest software.
 deb http://extras.ubuntu.com/ubuntu trusty main
 deb-src http://extras.ubuntu.com/ubuntu trusty main
 ## Ubuntu MATE https://ubuntu-mate.org/
 deb http://ppa.launchpad.net/ubuntu-mate-dev/ppa/ubuntu trusty main
 deb http://ppa.launchpad.net/ubuntu-mate-dev/trusty-mate/ubuntu trusty main
 deb http://ppa.launchpad.net/accessibility-dev/ppa/ubuntu trusty main
 deb-src http://ppa.launchpad.net/ubuntu-mate-dev/ppa/ubuntu trusty main
 deb-src http://ppa.launchpad.net/ubuntu-mate-dev/trusty-mate/ubuntu trusty main
 deb-src http://ppa.launchpad.net/accessibility-dev/ppa/ubuntu trusty main
--- a/etc/apt/sources.list/14.10
+++ b/etc/apt/sources.list/14.10
@ -0,0 +1,35 @@
 # See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
 # newer versions of the distribution.
 deb mirror://mirrors.ubuntu.com/mirrors.txt utopic main restricted universe multiverse
 ## Major bug fix updates produced after the final utopic of the
 ## distribution.
 deb mirror://mirrors.ubuntu.com/mirrors.txt utopic-updates main restricted universe multiverse
 ## N.B. software from this repository may not have been tested as
 ## extensively as that contained in the main utopic, although it includes
 ## newer versions of some applications which may provide useful features.
 ## Also, please note that software in backports WILL NOT receive any review
 ## or updates from the Ubuntu security team.
 deb mirror://mirrors.ubuntu.com/mirrors.txt utopic-backports main restricted universe multiverse
 deb mirror://mirrors.ubuntu.com/mirrors.txt utopic-security main restricted universe multiverse
 deb-src mirror://mirrors.ubuntu.com/mirrors.txt utopic main restricted universe multiverse
 deb-src mirror://mirrors.ubuntu.com/mirrors.txt utopic-updates main restricted universe multiverse
 deb-src mirror://mirrors.ubuntu.com/mirrors.txt utopic-backports main restricted universe multiverse
 deb-src mirror://mirrors.ubuntu.com/mirrors.txt utopic-security main restricted universe multiverse
 ## Uncomment the following two lines to add software from Canonical's
 ## 'partner' repository.
 ## This software is not part of Ubuntu, but is offered by Canonical and the
 ## respective vendors as a service to Ubuntu users.
 deb http://archive.canonical.com/ubuntu utopic partner
 deb-src http://archive.canonical.com/ubuntu utopic partner
 ## This software is not part of Ubuntu, but is offered by third-party
 ## developers who want to ship their latest software.
 deb http://extras.ubuntu.com/ubuntu utopic main
 deb-src http://extras.ubuntu.com/ubuntu utopic main
 ## Ubuntu MATE https://ubuntu-mate.org/
 deb http://ppa.launchpad.net/ubuntu-mate-dev/ppa/ubuntu utopic main
 deb-src http://ppa.launchpad.net/ubuntu-mate-dev/ppa/ubuntu utopic main
--- a/etc/apt/sources.list/15.04
+++ b/etc/apt/sources.list/15.04
@ -0,0 +1,31 @@
 # See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
 # newer versions of the distribution.
 deb mirror://mirrors.ubuntu.com/mirrors.txt vivid main restricted universe multiverse
 ## Major bug fix updates produced after the final vivid of the
 ## distribution.
 deb mirror://mirrors.ubuntu.com/mirrors.txt vivid-updates main restricted universe multiverse
 ## N.B. software from this repository may not have been tested as
 ## extensively as that contained in the main vivid, although it includes
 ## newer versions of some applications which may provide useful features.
 ## Also, please note that software in backports WILL NOT receive any review
 ## or updates from the Ubuntu security team.
 deb mirror://mirrors.ubuntu.com/mirrors.txt vivid-backports main restricted universe multiverse
 deb mirror://mirrors.ubuntu.com/mirrors.txt vivid-security main restricted universe multiverse
 deb-src mirror://mirrors.ubuntu.com/mirrors.txt vivid main restricted universe multiverse
 deb-src mirror://mirrors.ubuntu.com/mirrors.txt vivid-updates main restricted universe multiverse
 deb-src mirror://mirrors.ubuntu.com/mirrors.txt vivid-backports main restricted universe multiverse
 deb-src mirror://mirrors.ubuntu.com/mirrors.txt vivid-security main restricted universe multiverse
 ## Uncomment the following two lines to add software from Canonical's
 ## 'partner' repository.
 ## This software is not part of Ubuntu, but is offered by Canonical and the
 ## respective vendors as a service to Ubuntu users.
 deb http://archive.canonical.com/ubuntu vivid partner
 deb-src http://archive.canonical.com/ubuntu vivid partner
 ## This software is not part of Ubuntu, but is offered by third-party
 ## developers who want to ship their latest software.
 deb http://extras.ubuntu.com/ubuntu vivid main
 deb-src http://extras.ubuntu.com/ubuntu vivid main
--- a/etc/apt/sources.list/debian
+++ b/etc/apt/sources.list/debian
@ -0,0 +1,13 @@
 # debiant in this directory is for Debian Testing.
 ## Main Debian archives.
 deb http://http.debian.net/debian stable main contrib non-free
 deb-src http://http.debian.net/debian stable main contrib non-free
 ## Debian Security
 deb http://security.debian.org/ stable/updates main contrib non-free
 deb-src http://security.debian.org/ stable/updates main contrib non-free
 ## Debian Backports
 deb http://http.debian.net/debian stable-backports main contrib non-free
 deb-src http://http.debian.net/debian stable-backports main contrib non-free
--- a/etc/apt/sources.list/debiant
+++ b/etc/apt/sources.list/debiant
@ -0,0 +1,10 @@
 # debian (without the t) in this directory is for Debian Stable.
 ## Main Debian archives.
 deb http://http.debian.net/debian testing main contrib non-free
 deb-src http://http.debian.net/debian testing main contrib non-free
 ## Debian Security
 deb http://security.debian.org/ testing/updates main contrib non-free
 deb-src http://security.debian.org/ testing/updates main contrib non-free
--- a/etc/apt/sources.list/ubuntu
+++ b/etc/apt/sources.list/ubuntu
@ -0,0 +1,35 @@
 ## Replace RELEASE on every line with your Ubuntu RELEASE which you can find out by running 
 # lsb_release -c
 # See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
 # newer versions of the distribution.
 deb mirror://mirrors.ubuntu.com/mirrors.txt RELEASE main restricted universe multiverse
 ## Major bug fix updates produced after the final release of the
 ## distribution.
 deb mirror://mirrors.ubuntu.com/mirrors.txt RELEASE-updates main restricted universe multiverse
 ## N.B. software from this repository may not have been tested as
 ## extensively as that contained in the main release, although it includes
 ## newer versions of some applications which may provide useful features.
 ## Also, please note that software in backports WILL NOT receive any review
 ## or updates from the Ubuntu security team.
 deb mirror://mirrors.ubuntu.com/mirrors.txt RELEASE-backports main restricted universe multiverse
 deb mirror://mirrors.ubuntu.com/mirrors.txt RELEASE-security main restricted universe multiverse
 deb-src mirror://mirrors.ubuntu.com/mirrors.txt RELEASE main restricted universe multiverse
 deb-src mirror://mirrors.ubuntu.com/mirrors.txt RELEASE-updates main restricted universe multiverse
 deb-src mirror://mirrors.ubuntu.com/mirrors.txt RELEASE-backports main restricted universe multiverse
 deb-src mirror://mirrors.ubuntu.com/mirrors.txt RELEASE-security main restricted universe multiverse
 ## Uncomment the following two lines to add software from Canonical's
 ## 'partner' repository.
 ## This software is not part of Ubuntu, but is offered by Canonical and the
 ## respective vendors as a service to Ubuntu users.
 deb http://archive.canonical.com/ubuntu RELEASE partner
 deb-src http://archive.canonical.com/ubuntu RELEASE partner
 ## This software is not part of Ubuntu, but is offered by third-party
 ## developers who want to ship their latest software.
 deb http://extras.ubuntu.com/ubuntu RELEASE main
 deb-src http://extras.ubuntu.com/ubuntu RELEASE main
--- a/etc/dhcp/dhcpd.conf
+++ b/etc/dhcp/dhcpd.conf
@ -0,0 +1,111 @@
 #
 # Sample configuration file for ISC dhcpd for Debian
 #
 #
 # The ddns-updates-style parameter controls whether or not the server will
 # attempt to do a DNS update when a lease is confirmed. We default to the
 # behavior of the version 2 packages ('none', since DHCP v2 didn't
 # have support for DDNS.)
 #ddns-update-style none;
 # option definitions common to all supported networks...
 #option dhcp6.domain-name "mikaela.info";
 #option dhcp6.domain-name-servers 2001:4860:4860::8888, 2001:4860:4860::8844;
 #option dhcp6.domain-search "mikaela.info";
 option domain-name "example.org";
 option domain-name-servers 2001:4860:4860::8888, 2001:4860:4860::8844;
 option domain-search "mikaela.info"
 #default-lease-time 600;
 #max-lease-time 7200;
 # If this DHCP server is the official DHCP server for the local
 # network, the authoritative directive should be uncommented.
 #authoritative;
 # Use this to send dhcp log messages to a different log file (you also
 # have to hack syslog.conf to complete the redirection).
 log-facility local7;
 # No service will be given on this subnet, but declaring it helps the 
 # DHCP server to understand the network topology.
 #subnet 10.152.187.0 netmask 255.255.255.0 {
 #}
 # This is a very basic subnet declaration.
 #subnet 10.254.239.0 netmask 255.255.255.224 {
 #  range 10.254.239.10 10.254.239.20;
 #  option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org;
 #}
 # This declaration allows BOOTP clients to get dynamic addresses,
 # which we don't really recommend.
 #subnet 10.254.239.32 netmask 255.255.255.224 {
 #  range dynamic-bootp 10.254.239.40 10.254.239.60;
 #  option broadcast-address 10.254.239.31;
 #  option routers rtr-239-32-1.example.org;
 #}
 # A slightly different configuration for an internal subnet.
 #subnet 10.5.5.0 netmask 255.255.255.224 {
 #  range 10.5.5.26 10.5.5.30;
 #  option domain-name-servers ns1.internal.example.org;
 #  option domain-name "internal.example.org";
 #  option routers 10.5.5.1;
 #  option broadcast-address 10.5.5.31;
 #  default-lease-time 600;
 #  max-lease-time 7200;
 #}
 # Hosts which require special configuration options can be listed in
 # host statements.   If no address is specified, the address will be
 # allocated dynamically (if possible), but the host-specific information
 # will still come from the host declaration.
 #host passacaglia {
 #  hardware ethernet 0:0:c0:5d:bd:95;
 #  filename "vmunix.passacaglia";
 #  server-name "toccata.fugue.com";
 #}
 # Fixed IP addresses can also be specified for hosts.   These addresses
 # should not also be listed as being available for dynamic assignment.
 # Hosts for which fixed IP addresses have been specified can boot using
 # BOOTP or DHCP.   Hosts for which no fixed address is specified can only
 # be booted with DHCP, unless there is an address range on the subnet
 # to which a BOOTP client is connected which has the dynamic-bootp flag
 # set.
 #host fantasia {
 #  hardware ethernet 08:00:07:26:c0:a5;
 #  fixed-address fantasia.fugue.com;
 #}
 # You can declare a class of clients and then do address allocation
 # based on that.   The example below shows a case where all clients
 # in a certain class get addresses on the 10.17.224/24 subnet, and all
 # other clients get addresses on the 10.0.29/24 subnet.
 #class "foo" {
 #  match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
 #}
 #shared-network 224-29 {
 #  subnet 10.17.224.0 netmask 255.255.255.0 {
 #    option routers rtr-224.example.org;
 #  }
 #  subnet 10.0.29.0 netmask 255.255.255.0 {
 #    option routers rtr-29.example.org;
 #  }
 #  pool {
 #    allow members of "foo";
 #    range 10.17.224.10 10.17.224.250;
 #  }
 #  pool {
 #    deny members of "foo";
 #    range 10.0.29.10 10.0.29.230;
 #  }
 #}
--- a/etc/dnsmasq.d/mikaela
+++ b/etc/dnsmasq.d/mikaela
@ -0,0 +1,41 @@
 ## This file is for my own configuration that I wish to not get
 ## accidentally overwritten by package upgrades. This is based on Debian
 ## Testing (Jessie) dnsmasq.conf on 2014-12-23 08:50+0200
 # Send everything to unbound listening on port 5353
 no-resolv
 server=127.0.0.1#2000 # unbound
 # Be better netizen
 # Never forward plain names (without a dot or domain part)
 domain-needed
 # Never forward addresses in the non-routed address spaces.
 bogus-priv
 # DNSSEC validation and caching:
 conf-file=/usr/share/dnsmasq-base/trust-anchors.conf
 dnssec
 # Check that unsigned reply is OK (takes extra queries)
 dnssec-check-unsigned
 # Debugging, log all DNS queries
 #log-queries
 # Filter useless Windows-originated requests
 # don't use with Kerberos, SIP, XMPP or Google Talk
 #filterwin2k
 # Enable dnsmasq's built-in TFTP server
 #enable-tftp
 # Set the root directory for files available via FTP.
 #tftp-root=/var/ftpd
 # Make the TFTP server more secure: with this set, only files owned by
 # the user dnsmasq is running as will be send over the net.
 #tftp-secure
 # This option stops dnsmasq from negotiating a larger blocksize for TFTP
 # transfers. It will slow things down, but may rescue some broken TFTP
 # clients.
 #tftp-no-blocksize
--- a/etc/fstab
+++ b/etc/fstab
@ -0,0 +1,18 @@
 # Use 'blkid' to print the universally unique identifier for a
 # device; this may be used with UUID= as a more robust way to name devices
 # that works even if disks are added and removed. See fstab(5).
 ## swap file creation and auto-mount
 # # fallocate -l 4G /swap
 # # chmod 600 /swap
 # # mkswap /swap
 # # swapon /swap
 # and to /etc/fstab:
 /swap   none    swap    sw  0   0
 # Don't mount Windows partition automatically, allow normal users to mount it without root
 # noauto,user
 UUID=105AB1525AB13576   /media/Windows  ntfs    defaults,rw,noauto,user 0   0
 # Mount my external HDD automatically on boot.
 UUID=2A2C535742C3A3D4   /media/Mikaelan ntfs    defaults,rw 0   0
--- a/etc/gai.conf
+++ b/etc/gai.conf
@ -0,0 +1,65 @@
 # Configuration for getaddrinfo(3).
 #
 # So far only configuration for the destination address sorting is needed.
 # RFC 3484 governs the sorting.  But the RFC also says that system
 # administrators should be able to overwrite the defaults.  This can be
 # achieved here.
 #
 # All lines have an initial identifier specifying the option followed by
 # up to two values.  Information specified in this file replaces the
 # default information.  Complete absence of data of one kind causes the
 # appropriate default information to be used.  The supported commands include:
 #
 # reload  <yes|no>
 #    If set to yes, each getaddrinfo(3) call will check whether this file
 #    changed and if necessary reload.  This option should not really be
 #    used.  There are possible runtime problems.  The default is no.
 #
 # label   <mask>   <value>
 #    Add another rule to the RFC 3484 label table.  See section 2.1 in
 #    RFC 3484.  The default is:
 #
 label ::1/128       0
 label ::/0          1
 label 2002::/16     2
 label ::/96         3
 label ::ffff:0:0/96 4
 label fec0::/10     5
 label fc00::/7      6
 #label 2001:0::/32   7
 #
 #    This default differs from the tables given in RFC 3484 by handling
 #    (now obsolete) site-local IPv6 addresses and Unique Local Addresses.
 #    The reason for this difference is that these addresses are never
 #    NATed while IPv4 site-local addresses most probably are.  Given
 #    the precedence of IPv6 over IPv4 (see below) on machines having only
 #    site-local IPv4 and IPv6 addresses a lookup for a global address would
 #    see the IPv6 be preferred.  The result is a long delay because the
 #    site-local IPv6 addresses cannot be used while the IPv4 address is
 #    (at least for the foreseeable future) NATed.  We also treat Teredo
 #    tunnels special.
 #
 # precedence  <mask>   <value>
 #    Add another rule to the RFC 3484 precedence table.  See section 2.1
 #    and 10.3 in RFC 3484.  The default is:
 #
 #precedence  ::1/128       50
 #precedence  ::/0          40
 #precedence  2002::/16     30
 #precedence ::/96          20
 #precedence ::ffff:0:0/96  10
 #
 #    For sites which prefer IPv4 connections change the last line to
 #
 #precedence ::ffff:0:0/96  100
 #
 # scopev4  <mask>  <value>
 #    Add another rule to the RFC 6724 scope table for IPv4 addresses.
 #    By default the scope IDs described in section 3.2 in RFC 6724 are
 #    used.  Changing these defaults should hardly ever be necessary.
 #    The defaults are equivalent to:
 #
 #scopev4 ::ffff:169.254.0.0/112  2
 #scopev4 ::ffff:127.0.0.0/104    2
 #scopev4 ::ffff:0.0.0.0/96       14
--- a/etc/hosts
+++ b/etc/hosts
@ -0,0 +1,12 @@
 ::1 localhost
 ::1 FQDN UQDN
 127.0.0.1   localhost
 127.0.1.1   FQDN UQDN
 # The following lines are desirable for IPv6 capable hosts
 ::1     ip6-localhost ip6-loopback
 fe00::0 ip6-localnet
 ff00::0 ip6-mcastprefix
 ff02::1 ip6-allnodes
 ff02::2 ip6-allrouters
--- a/etc/network/interfaces
+++ b/etc/network/interfaces
@ -0,0 +1,41 @@
 # interfaces(5) file used by ifup(8) and ifdown(8)
 auto lo
 iface lo inet loopback
 auto eth0
 allow-hotplug eth0
 iface eth0 inet static
 address 172.16.1.
 netmask 255.255.0.0
 gateway 172.16.0.1
 ## dns-nameservers is provided by resolvconf so you can specify nameservers
 ## there. Remember to install dnsmasq to get over the limit of being able
 ## to use only three DNS servers at time!
 dns-nameservers ::1 8.8.8.8 8.8.4.4
 dns-search DOMAIN.TLD
 iface eth0 inet6 auto
 ## if radvd is announcing prefixes, IPs from them must be in this file
 ## see also https://www.sixxs.net/tools/grh/ula/
 ## radvd globally routable address
 #iface eth0 inet6 static
 #address RANGE::1
 #netmask 64
 ## radvd ULA
 #iface eth0 inet6 static
 #address RANGE::1
 #netmask64
 ## Manually adding IPv6 addresses:  ip -6 addr add IPv6_ADDREsS/64 dev eth0
 ## REMEMBER TO CHANGE
 ## managed=false
 ## to
 ## managed=true
 ## in /etc/NetworkManager/NetworkManager.conf under "[ifupdown]" !
 ## And restart it!
 ## service network-manager restart
--- a/etc/nginx/README.md
+++ b/etc/nginx/README.md
@ -0,0 +1,2 @@
 Useful nginx files that I will probably need and which I will forget if I
 cannot read them from here.
--- a/etc/nginx/conf.d/cloudflare.conf
+++ b/etc/nginx/conf.d/cloudflare.conf
@ -0,0 +1,20 @@
 # Cloudflare
   set_real_ip_from   199.27.128.0/21;
   set_real_ip_from   173.245.48.0/20;
   set_real_ip_from   103.21.244.0/22;
   set_real_ip_from   103.22.200.0/22;
   set_real_ip_from   103.31.4.0/22;
   set_real_ip_from   141.101.64.0/18;
   set_real_ip_from   108.162.192.0/18;
   set_real_ip_from   190.93.240.0/20;
   set_real_ip_from   188.114.96.0/20;  
   set_real_ip_from   197.234.240.0/22;
   set_real_ip_from   198.41.128.0/17;
   set_real_ip_from   162.158.0.0/15;
   set_real_ip_from   104.16.0.0/12;
   set_real_ip_from   2400:cb00::/32;
   set_real_ip_from   2606:4700::/32;
   set_real_ip_from   2803:f800::/32;
   set_real_ip_from   2405:b500::/32;
   set_real_ip_from   2405:8100::/32;
   real_ip_header     CF-Connecting-IP;
--- a/etc/nginx/conf.d/rproxy.conf
+++ b/etc/nginx/conf.d/rproxy.conf
@ -0,0 +1,2 @@
 proxy_set_header        X-Real-IP       $remote_addr;
 proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
--- a/etc/nginx/sites-enabled/.untested_vhost_which_turns_http_to_https_DO.NOT.USE
+++ b/etc/nginx/sites-enabled/.untested_vhost_which_turns_http_to_https_DO.NOT.USE
@ -0,0 +1,70 @@
 server {
    # default_server from default vhost must exist somewhere!
    listen 80;
    listen [::]:80;
    server_name vhost.example.org;
    return 301 https://$server_name$request_uri;
 }
 server {
    listen 443;
    listen [::]:443;
    root /var/www/vhostdir;
    index index.php index.html index.htm;
    # vhost address
    server_name vhost.example.org;
    # SSL
    #ssl_certificate /etc/nginx/ssl/nginx.crt;
    #ssl_certificate_key /etc/nginx/ssl/nginx.key;
    location / {
        # First attempt to serve request as file, then
        # as directory, then fall back to displaying a 404.
        try_files $uri $uri/ =404;
        autoindex on;
    }
    # Userdir
    #ilocation ~ ^/~(.+?)(/.*)?$ {
    #    alias /home/$1/public_html$2;
    #    index  index.html index.htm;
    #    autoindex on;
    #}
    #error_page 404 /404.html;
    # redirect server error pages to the static page /50x.html
    #
    #error_page 500 502 503 504 /50x.html;
    #location = /50x.html {
    #   root /usr/share/nginx/html;
    #}
    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #
    location ~ \.php$ {
       fastcgi_split_path_info ^(.+\.php)(/.+)$;
    #   # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
    #
    #   # With php5-cgi alone:
    #    fastcgi_pass 127.0.0.1:9000;
    #   # With php5-fpm:
       fastcgi_pass unix:/var/run/php5-fpm.sock;
       fastcgi_index index.php;
       #include fastcgi_params;
       include fastcgi.conf;
    }
    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    location ~ /\.ht {
       deny all;
    }
 }
--- a/etc/nginx/sites-enabled/host
+++ b/etc/nginx/sites-enabled/host
@ -0,0 +1,91 @@
 server {
    listen 80 default_server;
    listen [::]:80 default_server ipv6only=on;
    listen 443 default_server ssl;
    listen [::]:443 default_server ssl ipv6only=on;
    root /var/www/default/;
    index index.php index.html index.htm;
 ### Generating SSL certificate:
 ## mkdir -p /etc/nginx/ssl && cd /etc/nginx/ssl
 ## openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -keyout nginx.key -out nginx.crt
 ### this takes forever and is used on line 23.
 ## openssl dhparam -out dhparam.pem 4096
    ssl_certificate /etc/nginx/ssl/nginx.crt;
    ssl_certificate_key /etc/nginx/ssl/nginx.key;
 # ----- begin of Mozilla Server Side TLS recommendations -----
 # **2014-11-07** https://wiki.mozilla.org/Security/Server_Side_TLS
    ssl_session_timeout 5m;
    ssl_session_cache shared:SSL:50m;
    # Diffie-Hellman parameter for DHE ciphersuites, recommended 4096 bits
    # See generation on line 14
    ssl_dhparam /etc/nginx/ssl/dhparam.pem;
    # Intermediate configuration. tweak to your needs.
    # comment just for me, don't uncomment.
    #ssl_ciphers '';
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
    ssl_prefer_server_ciphers on;
    # Enable this if your want HSTS (recommended)
    # HSTS = access only using HTTPS
    # add_header Strict-Transport-Security max-age=15768000;
    # OCSP Stapling ---
    # fetch OCSP records from URL in ssl_certificate and cache them
    ssl_stapling on;
    ssl_stapling_verify on;
    ## verify chain of trust of OCSP response using Root CA and Intermediate certs
    #ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;
    #resolver ::1;
 # ----- end of Mozilla Server Side TLS recommendations -----
    location / {
        # First attempt to serve request as file, then
        # as directory, then fall back to displaying a 404.
        try_files $uri $uri/ =404;
        autoindex on;
    }
    # Userdir
    location ~ ^/~(.+?)(/.*)?$ {
        alias /home/$1/public_html$2;
        index  index.html index.htm;
        autoindex on;
    }
    #error_page 404 /404.html;
    # redirect server error pages to the static page /50x.html
    #
    #error_page 500 502 503 504 /50x.html;
    #location = /50x.html {
    #   root /usr/share/nginx/html;
    #}
    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #
    location ~ \.php$ {
       fastcgi_split_path_info ^(.+\.php)(/.+)$;
    #   # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
    #
    #   # With php5-cgi alone:
    #    fastcgi_pass 127.0.0.1:9000;
    #   # With php5-fpm:
       fastcgi_pass unix:/var/run/php5-fpm.sock;
       fastcgi_index index.php;
       #include fastcgi_params;
       include fastcgi.conf;
    }
    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    location ~ /\.ht {
       deny all;
    }
 }
--- a/etc/nginx/sites-enabled/rproxy
+++ b/etc/nginx/sites-enabled/rproxy
@ -0,0 +1,16 @@
 server {
    listen 80;
    listen [::]:80;
    listen 443;
    listen [::]:443;
    server_name something.example.org;
 # NOTE: For X-Real-IP & X-Forwarded-For see ../conf.d/rproxy.conf
 # Behind CloudFlare see ../conf.d/cloudflare.conf
 location / {
    proxy_pass http://localhost:8080/;
    }
 }
--- a/etc/nginx/sites-enabled/vhost
+++ b/etc/nginx/sites-enabled/vhost
@ -0,0 +1,60 @@
 server {
    # default_server from default vhost must exist somewhere!
    listen 80;
    listen [::]:80;
    listen 443;
    listen [::]:443;
    root /var/www/vhostdir;
    index index.php index.html index.htm;
    # vhost address
    server_name vhost.example.org;
    location / {
        # First attempt to serve request as file, then
        # as directory, then fall back to displaying a 404.
        try_files $uri $uri/ =404;
        autoindex off;
    }
    # Userdir
    #ilocation ~ ^/~(.+?)(/.*)?$ {
    #    alias /home/$1/public_html$2;
    #    index  index.html index.htm;
    #    autoindex on;
    #}
    #error_page 404 /404.html;
    # redirect server error pages to the static page /50x.html
    #
    #error_page 500 502 503 504 /50x.html;
    #location = /50x.html {
    #   root /usr/share/nginx/html;
    #}
    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #
    location ~ \.php$ {
       fastcgi_split_path_info ^(.+\.php)(/.+)$;
    #   # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
    #
    #   # With php5-cgi alone:
    #    fastcgi_pass 127.0.0.1:9000;
    #   # With php5-fpm:
       fastcgi_pass unix:/var/run/php5-fpm.sock;
       fastcgi_index index.php;
       #include fastcgi_params;
       include fastcgi.conf;
    }
    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    location ~ /\.ht {
       deny all;
    }
 }
--- a/etc/polipo/config
+++ b/etc/polipo/config
@ -0,0 +1,21 @@
 # This file only needs to list configuration variables that deviate
 # from the default values.  See /usr/share/doc/polipo/examples/config.sample
 # and "polipo -v" for variables you can tweak and further information.
 # Defaults
 logSyslog = true
 logFile = /var/log/polipo/polipo.log
 # Address to listen, allowed clients & port
 #proxyAddress = ::0
 #allowedClients = 172.16.0.0/16, fd6a:d4e8:95e6::/64
 #proxyPort = 8123
 proxyPort = 8080
 # Tor
 socksParentProxy = localhost:9050
 diskCacheRoot=""
 disableLocalInterface=true
 censoredHeaders = from, accept-language
 censorReferer = maybe
--- a/etc/radvd.conf
+++ b/etc/radvd.conf
@ -0,0 +1,15 @@
 interface eth0
 {
   AdvSendAdvert on;
   AdvOtherConfigFlag on;
   prefix 2001:14b8:100:8397::/64
   {
        AdvOnLink on;
        AdvAutonomous on;
   };
   prefix ULA::/64
   {
        AdvOnLink on;
        AdvAutonomous on;
   };
 };
--- a/etc/resolvconf/resolv.conf.d/head
+++ b/etc/resolvconf/resolv.conf.d/head
@ -0,0 +1,13 @@
 ## Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
 ##     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
 ## Local DNS cache (dnsmasq)
 nameserver ::1
 ## Google DNS IPv6
 #nameserver 2001:4860:4860::8888
 #nameserver 2001:4860:4860::8844
 ## Google DNS IPv4
 #nameserver 8.8.8.8
 #nameserver 8.8.4.4
--- a/etc/resolvconf/resolv.conf.d/tail
+++ b/etc/resolvconf/resolv.conf.d/tail
@ -0,0 +1,3 @@
 # According to manual page for resolv.conf, the last search/domain entry
 # wins
 search DOMAIN.TLD
--- a/etc/ssh/sshd_config
+++ b/etc/ssh/sshd_config
@ -0,0 +1,103 @@
 # Package generated configuration file
 # See the sshd_config(5) manpage for details
 # What ports, IPs and protocols we listen for
 # sshd default
 Port 22
 # https, usually not blocked by firewalls. Verify that there is nothing
 # else listening on 443 before using this port.
 Port 443
 # personal port assigning system that I use to get around inability of
 # my router to forward one WAN port to another LAN port
 Port 10000
 # Use these options to restrict which interfaces/protocols sshd will bind to
 ListenAddress ::
 ListenAddress 0.0.0.0
 Protocol 2
 # HostKeys for protocol version 2
 HostKey /etc/ssh/ssh_host_rsa_key
 HostKey /etc/ssh/ssh_host_dsa_key
 HostKey /etc/ssh/ssh_host_ecdsa_key
 HostKey /etc/ssh/ssh_host_ed25519_key
 ## IF THE HOST KEYS ARE MISSING, RUN THE FOLLOWING AS ROOT:
 # ssh-keygen -t dsa -N "" -f /etc/ssh/ssh_host_dsa_key
 # ssh-keygen -t rsa -N "" -f /etc/ssh/ssh_host_rsa_key
 # ssh-keygen -t ecdsa -N "" -f /etc/ssh/ssh_host_ecdsa_key
 # ssh-keygen -t ed25519 -N "" -f /etc/ssh/ssh_host_ed25519_key
 #Privilege Separation is turned on for security
 UsePrivilegeSeparation yes
 # Lifetime and size of ephemeral version 1 server key
 KeyRegenerationInterval 3600
 ServerKeyBits 1024
 # Logging
 SyslogFacility AUTH
 LogLevel VERBOSE
 # Authentication:
 LoginGraceTime 120
 PermitRootLogin without-password
 StrictModes yes
 RSAAuthentication yes
 PubkeyAuthentication yes
 #AuthorizedKeysFile %h/.ssh/authorized_keys
 # Don't read the user's ~/.rhosts and ~/.shosts files
 IgnoreRhosts yes
 # For this to work you will also need host keys in /etc/ssh_known_hosts
 RhostsRSAAuthentication no
 # similar for protocol version 2
 HostbasedAuthentication no
 # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
 #IgnoreUserKnownHosts yes
 # To enable empty passwords, change to yes (NOT RECOMMENDED)
 PermitEmptyPasswords no
 # Change to yes to enable challenge-response passwords (beware issues with
 # some PAM modules and threads)
 ChallengeResponseAuthentication no
 # Change to no to disable tunnelled clear text passwords
 PasswordAuthentication no
 # Kerberos options
 #KerberosAuthentication no
 #KerberosGetAFSToken no
 #KerberosOrLocalPasswd yes
 #KerberosTicketCleanup yes
 # GSSAPI options
 #GSSAPIAuthentication no
 #GSSAPICleanupCredentials yes
 X11Forwarding yes
 X11DisplayOffset 10
 PrintMotd no
 PrintLastLog yes
 TCPKeepAlive yes
 #UseLogin no
 #MaxStartups 10:30:60
 Banner /etc/issue.net
 # Allow client to pass locale environment variables
 AcceptEnv LANG LC_*
 Subsystem sftp /usr/lib/openssh/sftp-server
 # Set this to 'yes' to enable PAM authentication, account processing,
 # and session processing. If this is enabled, PAM authentication will
 # be allowed through the ChallengeResponseAuthentication and
 # PasswordAuthentication.  Depending on your PAM configuration,
 # PAM authentication via ChallengeResponseAuthentication may bypass
 # the setting of "PermitRootLogin without-password".
 # If you just want the PAM account and session checks to run without
 # PAM authentication, then enable this but set PasswordAuthentication
 # and ChallengeResponseAuthentication to 'no'.
 UsePAM yes
--- a/etc/unbound/unbound.conf.d/forwards.conf
+++ b/etc/unbound/unbound.conf.d/forwards.conf
@ -0,0 +1,18 @@
 # Forward queries to
 forward-zone:
    name: "."
    # Google
    forward-addr: 2001:4860:4860::8888
    forward-addr: 2001:4860:4860::8844
    forward-addr: 8.8.8.8
    forward-addr: 8.8.4.4
    # OpenDNS
    forward-addr: 2620:0:ccc::2
    forward-addr: 2620:0:ccd::2
    forward-addr: 208.67.222.222
    forward-addr: 208.67.220.220
    # Yandex.DNS Basic
    forward-addr: 2a02:6b8::feed:0ff
    forward-addr: 2a02:6b8:0:1::feed:0ff
    forward-addr: 77.88.8.8
    forward-addr: 77.88.8.1
--- a/etc/unbound/unbound.conf.d/mikaela.conf
+++ b/etc/unbound/unbound.conf.d/mikaela.conf
@ -0,0 +1,16 @@
 server:
    # perform cryptographic DNSSEC validation using the root trust anchor.
    # this should be in /etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf
    # auto-trust-anchor-file: "/var/lib/unbound/root.key"
    interface: 127.0.0.1
    access-control: 127.0.0.0/8 allow
    interface: ::1
    access-control: ::1 allow
    port: 2000
    # logging
    chroot: ""
    use-syslog: yes
    log-time-ascii: yes
    log-queries: yes
    # 0 - 5, default 1, query information 3
    verbosity: 1
		`@ -0,0 +1,2 @@`
							`Useful nginx files that I will probably need and which I will forget if I`
							`cannot read them from here.`
		`@ -0,0 +1,2 @@`
							`proxy_set_header X-Real-IP $remote_addr;`
							`proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;`