commit 32a3f799c00cf5791e63ffc51924d476687b031f Author: Jeff Moe Date: Wed May 16 14:29:21 2018 -0600 Initial draft of Fork Sand IT Manual diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..8782067 --- /dev/null +++ b/.gitignore @@ -0,0 +1,25 @@ +forksand-it-manual.pdf +*~ +.~lock.*# +*.aux +*.bbl +*.blg +.fuse_hidden* +*.glo +*.gls +*.idx +*.ilg +*.ind +*.lof +*.log +*.lol +_minted-* +*.old +*.out +*.swp +*.toc +*.xdv +*.zip +*.fls +*.fdb_latexmk +*.pyg diff --git a/AO-pdf-shrink b/AO-pdf-shrink new file mode 100755 index 0000000..720998c --- /dev/null +++ b/AO-pdf-shrink @@ -0,0 +1,27 @@ +#!/bin/bash +# AO-pdf-shrink +# GPLv3+ +# +# Usage: +# AO-pdf-shrink foo.pdf + +# Set QUALITY to one of the below: +# screen -- lower quality, smaller size. +# ebook -- for better quality, but slightly larger pdfs. +# prepress -- output similar to Acrobat Distiller "Prepress Optimized" setting +# printer -- selects output similar to the Acrobat Distiller "Print Optimized" setting +# default -- selects output intended to be useful across a wide variety of uses, possibly at the expense of a larger output file + +QUALITY=screen +OUTPDF="`basename $1 .pdf`-$QUALITY.pdf" + +gs \ + -sDEVICE=pdfwrite \ + -dCompatibilityLevel=1.4 \ + -dPDFSETTINGS=/$QUALITY \ + -dNOPAUSE \ + -dQUIET \ + -dBATCH \ + -sOutputFile=$OUTPDF \ + $1 + diff --git a/BUILD b/BUILD new file mode 100644 index 0000000..f7e4a6a --- /dev/null +++ b/BUILD @@ -0,0 +1,34 @@ +Dependencies +============ +Requires LaTeX. + +Minted syntax highlighting requires python-pygments to be installed. + +Build +===== +Run the build script to make a PDF: +./build.sh + +It needs to be run twice to generate the Table of Contents and List of Figures +the first time. + +More Info +========= +Also see this spreadsheet: +source/images/forksand-it-manual.ods + +Fork +==== +For example: + +cp -a forksand-it-manual LargSec + +sed -i -e 's/Fork Sand IT Manual/Largopolis Security/g' BUILD build.sh README.md source/*.tex source/Blockchains/*.tex source/Clouds/*.tex source/Distros/*.tex source/Hardware/*.tex source/resources/*.sh source/*.ist source/*.gst + +sed -i -e 's/forksand-it-manual/LargS/g' BUILD build.sh README.md source/*.tex source/Blockchains/*.tex source/Clouds/*.tex source/Distros/*.tex source/Hardware/*.tex source/resources/*.sh source/*.ist source/*.gst .gitignore + +for i in `find . -name "*forksand-it-manual*"` ; do mv $i `echo $i | sed -e 's/forksand-it-manual/LargSec/g'` ; done + +Also, fix PATHs in: +build.sh +source/resources/make-sources-list.sh diff --git a/README.md b/README.md new file mode 100644 index 0000000..892bf2b --- /dev/null +++ b/README.md @@ -0,0 +1,16 @@ +# forksand-it-manual + +Fork Sand IT Manual + +by Fork Sand, Inc. + +Copyright 2018, Fork Sand, Inc. + +Permission is granted to copy, distribute and/or modify this document under +the terms of the Creative Commons Attribution 4.0 International Public License +(CC BY-SA 4.0). + +Published by Fork Sand Inc., Loveland, Colorado, USA. + +# Sources + diff --git a/build.sh b/build.sh new file mode 100755 index 0000000..a971a64 --- /dev/null +++ b/build.sh @@ -0,0 +1,39 @@ +#!/bin/bash +# build.sh +# GPLv3+ +set -x +rm -f forksand-it-manual.pdf source/forksand-it-manual.pdf +cd source || exit +# Generate Source-gen.tex, for auto source code inclusion +time ./resources/make-sources-list.sh +cd ~/FORKSAND/IT/forksand-it-manual/source/ || exit + +# Build main LaTeX file +# Run BibTeX +#bibtex \ +# forksand-it-manual +# Build PDF +xelatex \ + -halt-on-error \ + -shell-escape \ + -interaction=nonstopmode \ + forksand-it-manual.tex + +mv *.pdf ../ + +exit 0 + +# Use latexmk for final build, takes 5x+ longer to run... +latexmk \ + -xelatex \ + -halt-on-error \ + -shell-escape \ + -interaction=nonstopmode \ + forksand-it-manual.tex + +# Faster, may not be enough runs: +xelatex \ + -halt-on-error \ + -shell-escape \ + -interaction=nonstopmode \ + forksand-it-manual.tex diff --git a/source/Ansible.tex b/source/Ansible.tex new file mode 100644 index 0000000..976392d --- /dev/null +++ b/source/Ansible.tex @@ -0,0 +1,111 @@ +% +% Ansible.tex +% +% Fork Sand IT Manual +% +% Copyright (C) 2018, Fork Sand, Inc. +% Copyright (C) 2017, Jeff Moe +% +% This document is licensed under the Creative Commons Attribution 4.0 +% International Public License (CC BY-SA 4.0) by Fork Sand, Inc. +% +\section{Ansible Cloud Management} +Use \texttt{ansible} for management of servers. + +\begin{itemize} + \item Ansible --- + Website: \\ \url{https://ansible.com} + \item Ansible Github --- + Repo: \\ \url{https://github.com/ansible/ansible.git} + \item DebOps: \url{https://docs.debops.org/en/latest/index.html} +\end{itemize} + +\subsection{Build Ansible Debian Package} +The version of Ansible is 2.2 in Debian 9 (stable/Stretch). +The current stable release is Ansible 2.4. +Below documents how to build a 2.4 package for Debian 9. + +\begin{minted}{sh} +# To build a Debian package: +# Check here for latest version: +# https://packages.debian.org/sid/ansible +wget http://http.debian.net/debian/pool/main/a/ansible/ansible_2.4.0.0+dfsg-1.debian.tar.xz +wget http://http.debian.net/debian/pool/main/a/ansible/ansible_2.4.0.0+dfsg.orig.tar.gz + +# Install some deps +apt-get install debhelper python-all python-crypto python-setuptools python-yaml asciidoc python-nose python-passlib dh-python + +tar xf ansible_2.4.0.0+dfsg.orig.tar.gz +cd ansible-2.4.0.0/ +tar xf ../ansible_2.4.0.0+dfsg-1.debian.tar.xz + +# Update version: +echo -n " -- Jeff Moe " ; date "+%a, %d %b %Y %H:%M:%S %z" +vim debian/changelog + +dpkg-buildpackage -rfakeroot -S -uc -us -sa +dpkg-buildpackage -rfakeroot -b -uc + +# That will produce this file to be installed: +dpkg -i ansible_2.4.0.0+dfsg-2_all.deb +apt-get -f install + +# If you want the Ansible git archive: +git clone https://github.com/ansible/ansible.git --recursive +\end{minted} + +\subsection{Ansible Initial Configuration} +Here is how to set up Ansible after initially installing it. +This is run on the system adminstrator's workstation. + +\begin{minted}{sh} +# Quick and dirty test by setting up a host and running `uptime`. +mkdir -p ~/.ansible +echo ns1 > ~/.ansible/hosts +ansible -i ~/.ansible/hosts ns1 -a 'uptime' +\end{minted} + +\begin{minted}{sh} +~/.ansible.cfg +[defaults] +inventory = $HOME/.ansible/hosts + +[ssh_connection] +ssh_args = -o ControlMaster=auto -o ControlPersist=300s +pipelining = True +\end{minted} + +To generate a full list of \texttt{ns} hosts, run the script: + +\begin{minted}{sh} +cd source/resources/servers +echo "[ns]" > ~/.ansible/hosts +./ns-serverlist-ansible.sh >> ~/.ansible/hosts +ansible -i ~/.ansible/hosts ns -a "uptime" +# Find the failed hosts and remove them from ~/.ansible/hosts. +echo "[ns]" > ~/.ansible/hosts.tmp +ansible -f 32 -i ~/.ansible/hosts ns -a "echo" | grep ^ns | grep SUCCESS | cut -f 1 -d " " | sort -V >> ~/.ansible/hosts.tmp +mv ~/.ansible/hosts ~/.ansible/hosts.old +mv ~/.ansible/hosts.tmp ~/.ansible/hosts +# Test it works: +ansible -i ~/.ansible/hosts ns -a "uptime" +# To get a ton of info about each host: +ansible -i ~/.ansible/hosts ns -m setup +\end{minted} + +XXX Fix, make sure everyone has \texttt{/usr/bin/python} available for \texttt{ansible}: + +\begin{minted}{sh} +# XXXX SOME HOSTS DON'T HAVE /usr/bin/python +# JUST PYTHON3. HOSTS THAT DIDN'T HAVE /usr/bin/python: +# (ALL OVH) +# ns14 ns15 ns21 ns22 +apt install python python-minimal +\end{minted} + +Set up some playbooks, grab examples: + +\begin{minted}{sh} +git clone https://github.com/ansible/ansible-examples.git +cd ansible-examples/ +\end{minted} diff --git a/source/Clouds.tex b/source/Clouds.tex new file mode 100644 index 0000000..2f712f5 --- /dev/null +++ b/source/Clouds.tex @@ -0,0 +1,46 @@ +% +% Clouds.tex +% +% Fork Sand IT Manual +% +% Copyright (C) 2018, Fork Sand, Inc. +% Copyright (C) 2017, Jeff Moe +% +% This document is licensed under the Creative Commons Attribution 4.0 +% International Public License (CC BY-SA 4.0) by Fork Sand, Inc. +% +\section{Cloud Servers} +There are hundreds, if not thousands of cloud service providers. +These cloud services are being evaluated: + +\begin{itemize} + \item FlokiNET --- Iceland, Finland, Romania. + \item SharkTech --- Denver, Colorado, USA. + \item Cyberbunker --- Netherlands. In a nuclear bunker. + \item Orangewebsite / Ovalhost --- Iceland, appear to be the same company. +\end{itemize} + +\section{Payments} +HOWTO pay cloud providers: + +\begin{itemize} + \item Cyberbunker -- Wire, bitcoin. + \item FlokiNet --- Monero, etc. + \item Orangewebsite / Ovalhost --- PayPal(?), credit card, Bitcoin. +\end{itemize} + +\section{Privacy} +``The cloud is your data on someone else's computer.'' --Someone (rms?). + +\begin{itemize} + \item How do providers protect their users? + \item What info do they require? + \item How secure are they with info they have? +\end{itemize} + +\section{ALL} +All else, noted everywhere... + +\input{Clouds/Flokinet} +\input{Clouds/Sharktech} + diff --git a/source/Clouds/Flokinet.tex b/source/Clouds/Flokinet.tex new file mode 100644 index 0000000..f2a7f30 --- /dev/null +++ b/source/Clouds/Flokinet.tex @@ -0,0 +1,190 @@ +% +% Flokinet.tex +% +% Fork Sand IT Manual +% +% Copyright (C) 2018, Fork Sand, Inc. +% Copyright (C) 2017, Jeff Moe +% +% This document is licensed under the Creative Commons Attribution 4.0 +% International Public License (CC BY-SA 4.0) by Fork Sand, Inc. +% +\section{FlokiNET} +Based in Iceland, governed under Icelandic law. +Looks very good. They look like the most privacy respecting ISP in the world, +at least that I have seen, including Havenco. + +%\begin{commentbox} % OK +%\begin{commentbox}{FlokiNET description, from their website} % OK +%\begin{paperbox}{FlokiNET description, from their website} +FlokiNET was established in 2012 in Iceland to provide a safe harbor for freedom of speech, free press and whistleblower projects. + +Us at FlokiNET guarantee that we will always offer our services without requiring personal information and we will never give third parties access to any data. Your local government forces you to provide an imprint on your blog? You don't want be molested because you publish something controversial? + +FlokiNET provides autonomous, incorruptible and flexible solutions, optimized to help you to spread your ideas! +%\end{commentbox} % OK +%\end{paperbox} + +From their About Us: +``You plan to build a whisteblowing website? +We encourage you to do so! We are able to supply secure and stable environments needed to build submission - and communication platforms.'' + + +FlokiNET runs Tor exit and relay nodes. + +\begin{figure}[h!] +\includegraphics[keepaspectratio=true,height=1.10\textheight,width=1.00\textwidth,angle=0]{www-flokinet.png} + \caption{Flokinet Website} + \label{fig:www-flokinet} +\end{figure} + +Forms of payment accepted by Flokinet: + +\begin{itemize} + \item Bank Transfer + \item Bitcoin + \item BlackCoin + \item DASH + \item Decred + \item Dogecoin + \item Ethereum + \item Litecoin + \item Monero + \item MoneyGram + \item Namecoin + \item Nav Coin + \item OK PAY + \item Payment Cash by Post + \item Paygol ``which supports credit card, Union Pay, SOFORT, Giropay and much more'' + \item PayPal + \item Paysafe Card + \item Peercoin + \item Perfect Money + \item Potcoin + \item Startcoin + \item Vertcoin + \item Western Union + \item Zcash +\end{itemize} + +The link to their Terms of Service on their register page, +\url{https://billing.flokinet.is/register.php} is 404. +The Terms of Service page is here: +\url{https://flokinet.is/en/tos.php} +Privacy policy: +\url{https://flokinet.is/en/PrivacyPolicy.php} + +``FlokiNET shall keep confidential and not disclose information regarding the Customer except where this required by Icelandic law or is pre-approved by the Customer. Customer data will be always stored and transfered encrypted. Communication between our staff will be always secured and encrypted.'' + +``IRC (Internet Relay Chat) We do not allow IRC or IRC bots to be operated for illegal usage like botnets etc. Any account found to be in violation of this provision will be immediately suspended and/or deactivated and no refund will be issued. Adult content is not allowed on Icelandic Network.'' + + +Their Romanian, Finnish, and Icelandic bandwidth test servers have an SSL cert that expired a month ago: +\url{https://ro.as200651.net/} +\url{https://fi.as200651.net/} +\url{https://is.as200651.net/} + +Their blog has an invalid cert, and has HSTS enabled, so it isn't viewable in Chromium nor Firefox. +Fails with \texttt{(net::ERR\_CERT\_COMMON\_NAME\_INVALID}. It appears the common name +in the cert is +\url{https://www.blog.flokinet.is/}. + +\begin{minted}{sh} +www.blog.flokinet.is normally uses encryption to protect your information. When Chromium tried to connect to www.blog.flokinet.is this time, the website sent back unusual and incorrect credentials. This may happen when an attacker is trying to pretend to be www.blog.flokinet.is, or a Wi-Fi sign-in screen has interrupted the connection. Your information is still secure because Chromium stopped the connection before any data was exchanged. + +You cannot visit www.blog.flokinet.is right now because the website uses HSTS. Network errors and attacks are usually temporary, so this page will probably work later. +\end{minted} + + +To register, they want name, address, and email. + +\subsubsection{Icelandic Modern Media Initiative} +IMMI - Icelandic Modern Media Initiative copied from: +\url{https://flokinet.is/en/AboutUs.php} + +What is the IMMI and how is it protecting our customers? + +\begin{itemize} + \item Whistleblower protections: Protection for those who step forward to reveal important matters in the public interest. + \item Source protection: Protection for anonymous sources who attempt to communicate to the public after a promise of confidentiality by a journalist or media organisation. Based on new EEA legislation. + \item Source-journalist communications protection: Protection for the communications between an anonymous source and a media organization and internally within a media organization prior to publication. + \item Limiting prior restraint: Prior restraint is coercion of a publisher, by a government authority, or through the judicial system, to prevent publication of a specific matter. While the Icelandic Constitution provides the right to freedom of expression, small modifications are needed to reduce the possibility of prior restraint. + \item Protection of intermediaries (Internet service providers): Immunity for "mere conduits", ISPs and telecommunications carriers. + \item Protection from "libel tourism" and other extrajudicial abuses: Non-observance of foreign judgments that violate Icelandic freedom of expression protection, and the ability to file a counter-suit in Iceland against a party who engages in a calculated attempt to suppress the speech freedoms of an Icelandic entity. + \item Statute of limitations on publishing liabilities: Recent rulings in Europe maintain that for Internet publications, each page view is publication afresh, regardless of how long ago the material was first released. This has resulted in the silent removal of investigative newspaper stories, including those over five years old, from the online archives of the Guardian and other major newspapers. + \item Process protections: The majority of legal suits related to publishing settle before final judgment. Hence the court process itself must ensure that it is not used to suppress speech through unequal access to justice, subpoenas, or other interlocutory motions. Process protections (called anti-SLAPP laws in the US) permit a judge to declare the matter a free speech related case, at which point protections are activated to prevent such abuses. +\end{itemize} + +More info: \url{https://en.immi.is/} + +\subsubsection{FlokiNET Restrictions} +This is restricted: + +\begin{itemize} + \item Anything than can result in Spamhaus listing. + \item Phishing Sites / Scam Sites (ex: Ebay/Paypal,CC/Password Scam sites). + \item Mailbombers or any sort of spam sites. + \item DDoS originations. + \item Spam email. + \item Netscan / Hack programs and archives. + \item Malicious Scripts (ex: originate DDoS attacks or hack attempts). + \item Botnet/Doorway/Carding. + \item Childporn. + \item Fraud Websites/Forums. + \item Any kind of adult content is not allowed on our location Iceland. +\end{itemize} + +\subsection{FlokiNET Pros} +FlokiNET Pros: + +\begin{itemize} + \item The entire reason for FlokiNET to exist is to help people publish in repressive environments. + \item Strong dedication to privacy. + \item Based in Iceland. + \item Dedicated servers aren't too expensive. + \item Romanian VPS is OpenVZ and KVM. + \item Finnish VPS is KVM. + \item Has private domain registration services. + \item Colocation available. + \item ``FlokiNET is proud to be completly Tor Project logo-friendly. Feel free to host a TOR-node with us!'' + \item ``DDoS mitigation cloud has 950 Gbps filtering capacity.'' + \item Finland and Iceland are free speech friendlier countries. + \item Has good, optional higher level SLAs that are inexpensive. + \item Has Debian 9 available for KVM. + \item Maximum balance is €15000.00EUR. + \item Strong dedication to Tor. + \item Creates apparently random username for login. + \item Debian 9 version installed was (nearly) up to date. + \item Uses KVM. +\end{itemize} + +\subsection{FlokiNET Cons} +FlokiNET Cons: + +\begin{itemize} + \item Iceland Virtual Private Server uses VMWare. + \item Dedicated servers look like older HP models. + \item Bandwidth is OK, but not great as they are on a remote island. + \item VoIP URL is 404 \url{https://flokinet.is/en/learnsecurevoip.php}. + \item Uses WHMCS for account services management (non-free software). + \item After doing PayPal payment, it says payment was successful, but invoice says ``Unpaid''. + \item The invalid SSL certificates and 404 pages possibly point to poor security practices, overall. + \item VPS are deployed manually and \emph{not deployed on weekends!} + \item Someone was left logged in on the console, on first login: + \begin{minted}{sh} +# w + 04:40:52 up 2:17, 2 users, load average: 0.00, 0.00, 0.00 +USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT +is4423 tty1 - 02:24 2:16m 0.17s 0.08s -bash + \end{minted} + \item By default in the KVM, they set the nameservers to Google's + \texttt{8.8.8.8} and \texttt{8.8.4.4}. +% \item In the KVM, you get a NAT'd IP address, not a real one. +\end{itemize} + +\subsection{FlokiNET Unknown} +\begin{itemize} + \item IPMI on dedicated servers? + \item The IP in \texttt{/etc/hosts} for the hostname wasn't the same as used for SSH. + Either a mistake or firewall forwarded for security (???). Appears to be mistake. +\end{itemize} diff --git a/source/Clouds/Sharktech.tex b/source/Clouds/Sharktech.tex new file mode 100644 index 0000000..eb258f5 --- /dev/null +++ b/source/Clouds/Sharktech.tex @@ -0,0 +1,108 @@ +% +% Sharktech.tex +% +% Fork Sand IT Manual +% +% Copyright (C) 2018, Fork Sand, Inc. +% Copyright (C) 2017, Jeff Moe +% +% This document is licensed under the Creative Commons Attribution 4.0 +% International Public License (CC BY-SA 4.0) by Fork Sand, Inc. +% +\section{Sharktech} +Sharktech is a provider that focuses on DDoS prevention, such +as for gaming servers. Has a data center in Denver. +Looks good. Manually provisions servers over a few days. +Good local speed and latency. +\url{https://sharktech.net/} + +\begin{figure}[h!] +\includegraphics[keepaspectratio=true,height=1.10\textheight,width=1.00\textwidth,angle=0]{www-sharktech.png} + \caption{Sharktech Website} + \label{fig:www-sharktech} +\end{figure} + +\begin{figure}[h!] +\includegraphics[keepaspectratio=true,height=1.10\textheight,width=1.00\textwidth,angle=0]{www-sharktech-dashboard-services.png} + \caption{Sharktech Dashboard Services Web Page} + \label{fig:www-sharktech-dashboard-services} +\end{figure} + +First login, kernel is: +\texttt{Linux debian 3.16.0-4-amd64 \#1 SMP Debian 3.16.36-1+deb8u1 (2016-09-03) x86\_64 GNU/Linux} +It isn't up-to-date. Running Debian 8.6. The \texttt{dmesg} showed the kernel had already +barfed a couple times (USB time outs and more). + +IPMI http connection is in cleartext!!! Doesn't redirect to https. https has failed SSL +certificate (like every other Supermicro on the planet). IPMI requires Java junk. +Server was running for a few days before I could update it. + +\begin{minted}{sh} +# Sharktech IPMI: +Firmware Revision : 03.38 +Firmware Build Time : 2015-01-05 + +# XXX +# XXX Somehow doesn't have a route to ns1 for DNS (?). +# XXX NEED MULTIPLE MASTERS. +# XXX This eventually sync'd after a few minutes and restarts... +017-10-07 07:53:57.755584 | server | N | zone load: slave zone solipsists.org. requires download from the master +2017-10-07 07:54:00.833918 | server | E | slave: query error for domain solipsists.org. from master at 69.164.197.34#53: No route to host +2017-10-07 07:54:00.833923 | server | W | slave: 69.164.197.34#53 master failed to answer for domain solipsists.org.: retrying +2017-10-07 07:54:00.928262 | server | E | database: solipsists.org.: failed to download the zone: No route to host + +# XXX takes 7 minutes to reboot. +\end{minted} + +\begin{figure}[h!] +\includegraphics[keepaspectratio=true,height=1.10\textheight,width=1.00\textwidth,angle=0]{sharktech-reboot-dhcp.png} + \caption{Sharktech Reboot DHCP Hang} + \label{fig:sharktech-reboot-dhcp} +\end{figure} +\begin{figure}[h!] +\includegraphics[keepaspectratio=true,height=1.10\textheight,width=1.00\textwidth,angle=0]{sharktech-reboot-dhcp-2.png} + \caption{Sharktech Reboot DHCP Hang 2} + \label{fig:sharktech-reboot-dhcp-2} +\end{figure} +\begin{figure}[h!] +\includegraphics[keepaspectratio=true,height=1.10\textheight,width=1.00\textwidth,angle=0]{sharktech-reboot-grub.png} + \caption{Sharktech Reboot GRUB} + \label{fig:sharktech-reboot-grub} +\end{figure} + +\begin{itemize} + \item Default IPMI connection is in cleartext http. + \item SSL certificate for Supermicro IPMI is bad (like all of them). + \item Can't change password on IPMI. + \item Root password for server and IPMI is sent via email. + \item There is an attack window between their machine imaging and first login. + \item Customer should control timing of first power on. + \item System is also possibly vuln during the ISP's initial power up and commissioning period. + \item First reboot, the system hung (.png XXX). + \item Hard reset, lots of DHCP queries at boot. + \item A \texttt{debian} user was on the system, password unknown. Check \texttt{/home}! + \item They block NTP to prevent DDoS, so you have to use their time server + \texttt{time.sharktech.net} +\end{itemize} + +Sharktech payment methods: + +\begin{itemize} + \item Credit Card. + \item PayPal. + \item Wire Transfer. + \item Check/Western Union. + \item Offline Credit Card. + \item Bitcoin. + \item \$1,000USD maximum balance. +\end{itemize} + + +\section{ns36} +ns36 server info + +\begin{itemize} + \item Shipped with default kernel: + \texttt{Linux debian 3.16.0-4-amd64 \#1 SMP Debian 3.16.7-ckt20-1+deb8u2 (2016-01-02) x86\_64 GNU/Linux} + \item Shipped with Debian 8.3 (an old version of \texttt{oldstable}). +\end{itemize} diff --git a/source/ClusterHardware.tex b/source/ClusterHardware.tex new file mode 100644 index 0000000..2a28c86 --- /dev/null +++ b/source/ClusterHardware.tex @@ -0,0 +1,51 @@ +% +% ClusterHardware.tex +% +% Fork Sand IT Manual +% +% Copyright (C) 2018, Fork Sand, Inc. +% Copyright (C) 2017, Jeff Moe +% Copyright (C) 2017 Aleph Objects, Inc. +% +% This document is licensed under the Creative Commons Attribution 4.0 +% International Public License (CC BY-SA 4.0) by Fork Sand, Inc. +% + +\section{Cluster Hardware Overview} +The cluster will require rackmountable equipment: + +\begin{itemize} + \item GNU/Linux Servers +\end{itemize} + + +\section{GNU/Linux Servers} +The servers will all run Debian GNU/Linux + +\subsection{Denver Server List} +\begin{itemize} + \item \texttt{oc1.forksand.com} --- KVM host. + \item \texttt{rd1.forksand.com} --- Misc. +\end{itemize} + +\section{Network Hardware} +The network switches do not run free software. + +\section{Disk Drives} +The disk drives do not run free software. + +\begin{itemize} + \item Hard drive platters, 7200 RPM, 2.5" and 3.5" + \item SSD + \item NVMe +\end{itemize} + +\section{Suppliers} +Who we'll get hardware from. + +\begin{itemize} + \item Pogo Linux --- Debian GNU/Linux Servers, USA. + \item Viking.net --- Coreboot Opteron servers in Germany. + \item raptorcs.com --- POWER9, custom Coreboot systems (?), USA. +\end{itemize} + diff --git a/source/Colophon.tex b/source/Colophon.tex new file mode 100644 index 0000000..baf7ddc --- /dev/null +++ b/source/Colophon.tex @@ -0,0 +1,33 @@ +% +% Colophon.tex +% +% Fork Sand IT Manual +% +% Document template: +% Copyright (C) 2018, Fork Sand, Inc. +% Copyright (C) 2017, Jeff Moe +% Copyright (C) 2011, 2012, 2013, 2014, 2015, 2016, 2017 Aleph Objects, Inc. +% Copyright (C) 2009, 2010 Jeff Moe +% +% This document is licensed under the Creative Commons Attribution 4.0 +% International Public License (CC BY-SA 4.0) by Fork Sand, Inc. +% + +%%% COLOPHON %%% +\begin{vplace} +\centering +\emph{\LARGE Colophon} + +\rule{0.5\textwidth}{0.4pt}\\[\baselineskip] + +{\tiny Created with 100\% Free Software} + +Debian GNU/Linux + +{\LaTeX} Memoir + +\rule{0\textwidth}{0pt}\\[\baselineskip]% +\rule{0.5\textwidth}{0.4pt}\\[\baselineskip] +\end{vplace} +%%% END COLOPHON %%% + diff --git a/source/Contact.tex b/source/Contact.tex new file mode 100644 index 0000000..7ad5997 --- /dev/null +++ b/source/Contact.tex @@ -0,0 +1,24 @@ +% +% Contact.tex +% +% Fork Sand IT Manual +% +% Document template: +% Copyright (C) 2018, Fork Sand, Inc. +% Copyright (C) 2017, Jeff Moe +% Copyright (C) 2011, 2012, 2013, 2014, 2015, 2016, 2017 Aleph Objects, Inc. +% Copyright (C) 2009, 2010 Jeff Moe +% +% This document is licensed under the Creative Commons Attribution 4.0 +% International Public License (CC BY-SA 4.0) by Fork Sand, Inc. +% + +\section{Email} +\setlength{\parindent}{0pt} +Email: \texttt{support@forksand.com} + + +\section{Website} + +\texttt{www.forksand.com} + diff --git a/source/Copyright.tex b/source/Copyright.tex new file mode 100644 index 0000000..f19853c --- /dev/null +++ b/source/Copyright.tex @@ -0,0 +1,40 @@ +% +% Copyright.tex +% Copyleft +% +% Fork Sand IT Manual +% +% Copyright (C) 2018, Fork Sand, Inc. +% Copyright (C) 2017, Jeff Moe +% +% Document template: +% Copyright (C) 2018, Fork Sand, Inc. +% Copyright (C) 2017, Jeff Moe +% Copyright (C) 2011, 2012, 2013, 2014, 2015, 2016, 2017 Aleph Objects, Inc. +% +% This document is licensed under the Creative Commons Attribution 4.0 +% International Public License (CC BY-SA 4.0) by Fork Sand, Inc. +% +\fontspec{lmroman12-regular.otf} + +\clearpage\null\vfill +\begingroup +\thispagestyle{empty} +\footnotesize\raggedright +\setlength{\parskip}{0.5\baselineskip} + +\textbf{Fork Sand IT Manual} + +Copyright \copyright\ 2018, Fork Sand, Inc.\par +Permission is granted to copy, distribute and\slash or modify +this document under the terms of the +Creative Commons Attribution 4.0 International Public License +(CC BY-SA 4.0). + +Published by Fork Sand, Inc., Loveland, Colorado, USA. + +% ISBN: NNN-N-NNN-NNNNN-N +\renewcommand{\dateseparator}{} +\hfill\texttt{\yyyymmdddate\today} % Timestamp build date +\endgroup +\pagebreak{} diff --git a/source/DNS.tex b/source/DNS.tex new file mode 100644 index 0000000..95c9348 --- /dev/null +++ b/source/DNS.tex @@ -0,0 +1,88 @@ +% +% DNS.tex +% +% Fork Sand IT Manual +% +% Copyright (C) 2018, Fork Sand, Inc. +% Copyright (C) 2017, Jeff Moe +% +% This document is licensed under the Creative Commons Attribution 4.0 +% International Public License (CC BY-SA 4.0) by Fork Sand, Inc. +% + +DNS, so many problems, so insecure. + +Nameserver daemons: + +\begin{itemize} + \item BIND + \item cstorm\_deepDNS --- WTF. + Website: \\ \url{https://github.com/cryptostorm/cstorm_deepDNS} + \item djbdns + \item prodns + \item EU/CZ one + \item Yadifa --- Many nodes deployed +\end{itemize} + +Misc: + +\begin{itemize} + \item Once records are stable, set TTL to huge time ? + \item OpenDNS. +\end{itemize} + +\section{Registration} +Where to register? Need to be in the root servers... + +\begin{itemize} + \item Njalla --- ``Privacy-aware domain registration service''. + Website: \\ \url{https://njal.la/} +\end{itemize} + +\subsection{Njalla} +Njalla --- ``Privacy-aware domain registration service''. + Website: \\ \url{https://njal.la/} + +They purchase and own the domain, to protect privacy. + + +``We're not actually a domain name registration service, we're a customer to these. We sit in between the domain name registration service and you, acting as a privacy shield. +When you purchase a domain name through Njalla, we own it for you. However, the agreement between us grants you full usage rights to the domain. Whenever you want to, you can transfer the ownership to yourself or some other party.'' + + +\begin{itemize} + \item Based in Nevis. + \item By the Pirate Bay and Flattr crew. +\end{itemize} + +Payment methods: + +\begin{itemize} + \item Bitcoin + \item DASH + \item Litecoin + \item Monero + \item PayPal +\end{itemize} + +\section{njal.la} +njal.la is a privacy domain registrar. They register the domain in their name, +which is a step further than most registrars. They are registered legal owner +of the domain. But the user can configure the domain however they want, using +njal.la's nameservers or not, as they like. If the user wants to take the +domain somewhere else and own it directly, they can. +They appear to take security up a notch too, using encrypted jabber instead +of email, as an option. + +\begin{itemize} + \item Signup can be done via email or jabber (!). + \item Jabber signup sends message via jabber, using \emph{unathenticated} OTR. + This is the first service I've seen that does this, and it is great. Would be + better if it did authenticated OTR setup before sending the verification URL + though. + \item Fist login page at Njalla ask for a PGP key, if email is to be sent (!). + \item Support can be done via Jabber. + \item Tor onion (!) address: \url{http://njalladnspotetti.onion/} + \item Payment forms accepted: Bitcoin, PayPal, LiteCoin, Monero, Dash, + Bitcoin Cash. +\end{itemize} diff --git a/source/Distros.tex b/source/Distros.tex new file mode 100644 index 0000000..ca11a18 --- /dev/null +++ b/source/Distros.tex @@ -0,0 +1,22 @@ +% +% Distros.tex +% +% Fork Sand IT Manual +% +% Copyright (C) 2018, Fork Sand, Inc. +% Copyright (C) 2017, Jeff Moe +% +% This document is licensed under the Creative Commons Attribution 4.0 +% International Public License (CC BY-SA 4.0) by Fork Sand, Inc. +% +\section{Operating System Distributions} +\label{sec:overview-distros} + +The following operating systems will be used: + +\begin{itemize} + \item Debian GNU/Linux --- For Utility, Ceph, and OpenNebula Servers. + \item OPNSense --- Firewalls. +\end{itemize} + +\input{Distros/Debian} diff --git a/source/Distros/Debian.tex b/source/Distros/Debian.tex new file mode 100644 index 0000000..25658f4 --- /dev/null +++ b/source/Distros/Debian.tex @@ -0,0 +1,98 @@ +% +% Debian.tex +% +% Fork Sand IT Manual +% +% Copyright (C) 2018, Fork Sand, Inc. +% Copyright (C) 2017, Jeff Moe +% Copyright (C) 2017 Aleph Objects, Inc. +% +% This document is licensed under the Creative Commons Attribution 4.0 +% International Public License (CC BY-SA 4.0) by Fork Sand, Inc. +% +\section{Debian} +Debian is a free software GNU/Linux distribution. + +\begin{figure}[h!] +\includegraphics[keepaspectratio=true,height=1.10\textheight,width=1.00\textwidth,angle=0]{www-debian.png} + \caption{Debian Website} + \label{fig:www-debian} +\end{figure} + +\subsection{Install Debian} +The Debian servers all get a Minimal + standard utilities + sshd install. +At present, it is being tested with virtual machines. When deployed, it will +be set up remotely using HTML5 IPMI. + +Install Debian 9 (Stretch). + + +\section{Creating Debian Images} +All cloud services will install various operating system images onto the +virtual and bare metal machines they sell. Usually these images are old. +They are also done by the provider, often of marginal quality. Some are +tuned, and are a bit better done (e.g. Linode). Others are a couple years +old when booted. + + +There are innumerable ways to make images of an operating system to be used. +Here are some for Debian... + +\begin{itemize} + \item \texttt{Debian OpenStack Images} --- \url{http://cdimage.debian.org/cdimage/openstack/current/} + \item \texttt{bootstrap-vz} --- tool for creating Debian images for cloud platforms (CLI). + \item \texttt{cdebootstrap} --- Bootstrap a Debian system. + \item \texttt{debootstick} --- Turn a chroot environment into a bootable image. + \item \texttt{debootstrap} --- Bootstrap a basic Debian system. + \item \texttt{grml-debootstrap}- wrapper around debootstrap for installing pure Debian. + \item \texttt{live-boot} --- Live System Boot Components. + \item \texttt{live-wrapper} --- Wrapper for vmdebootstrap for creating live images. + \item \texttt{openstack-debian-images} --- script to build a Debian image for OpenStack. + \item \texttt{packer} --- tool for creating machine images for multiple platforms. + \item \texttt{vmdebootstrap} --- Bootstrap Debian into a (virtual machine) disk image. +\end{itemize} + +\subsection{\texttt{packer}} +The \texttt{packer} application in Debian looks particularly useful. + + +\begin{figure}[h!] +\includegraphics[keepaspectratio=true,height=1.10\textheight,width=1.00\textwidth,angle=0]{www-packer.png} + \caption{Packer Website} + \label{fig:www-packer} +\end{figure} + + +Debian's description: + + +%%% + Packer is a CLI tool for the automatic creation of identical machine images + (single deployable units that contain a pre-configured OS and installed + software) for multiple platforms (public cloud providers, private cloud + and desktop virtualization solutions) from a single JSON template resp. + configuration file. + + Packer features builders for the following target platforms which could be + employed on Debian: + +\begin{itemize} + \item Amazon Web Services (EBS-backed Amazon Machine Images for EC2, and other + types) + \item DigitalOcean (reuseable snapshots from available source images) + \item Docker + \item Google Compute Engine (images based on existing images) + \item OpenStack (new reuseable images for servers in OpenStack clouds) + \item QEMU (KVM and Xen virtual machine images) + \item Oracle VirtualBox (virtual machine images) +\end{itemize} + + A number of post-processors are included like for creating Vagrant boxes. + + Several provisioners resp. remote execution systems, namely Ansible, Chef, + Puppet, Salt, and shell based provisioning (using SSH) are supported to + configure and install software on the machines automatically after fresh OSs + have been set up. + + For the documentation of Packer, please see <\url{https://www.packer.io/docs}>. + diff --git a/source/Distros/Distros-tmpl.tex b/source/Distros/Distros-tmpl.tex new file mode 100644 index 0000000..87c427d --- /dev/null +++ b/source/Distros/Distros-tmpl.tex @@ -0,0 +1,29 @@ +% +% Distros-tmpl.tex +% +% Fork Sand IT Manual +% +% Copyright (C) 2018, Fork Sand, Inc. +% Copyright (C) 2017, Jeff Moe +% +% This document is licensed under the Creative Commons Attribution 4.0 +% International Public License (CC BY-SA 4.0) by Fork Sand, Inc. +% +\section{DISTRO} +Website: % \url{https://www.distro.org} + +%\begin{figure}[h!] +%\includegraphics[keepaspectratio=true,height=1.10\textheight,width=1.00\textwidth,angle=0]{www-distro.png} +% \caption{DISTRO Website} +% \label{fig:www-distro} +%\end{figure} + +%\subsection{DISTRO Installation} +%DISTRO Installation. + +%\subsection{DISTRO Configuration} +%DISTRO Configuration + +%\begin{minted}{sh} +%# DISTRO +%\end{minted} diff --git a/source/Firewalls.tex b/source/Firewalls.tex new file mode 100644 index 0000000..b724d17 --- /dev/null +++ b/source/Firewalls.tex @@ -0,0 +1,123 @@ +% +% Firewalls.tex +% +% Fork Sand IT Manual +% +% Copyright (C) 2018, Fork Sand, Inc. +% Copyright (C) 2017, Jeff Moe +% Copyright (C) 2016, 2017 Aleph Objects, Inc. +% +% This document is licensed under the Creative Commons Attribution 4.0 +% International Public License (CC BY-SA 4.0) by Fork Sand, Inc. +% +Firewalls keep the bad packets out, mostly. And let some good packets out. + +\section{Overview} +What is the network doing? + +\begin{itemize} + \item snort + \item MRTG + \item Aguri +\end{itemize} + +% +% Authentication + +\section{Overview} +Two-factor authentication using TOTP. + +% +% Hardware + +\section{Firewall Hardware Overview} +Hardware. + + +Some resellers: +\begin{itemize} + \item \url{https://www.deciso.com/} + \item \url{https://www.pfwhardware.com/} + \item \url{https://www.osnet.eu/} +\end{itemize} + +\begin{itemize} + \item (8) 1 gig ethernet ports + Connects to (1) 100M ethernet upstream fiber optic + Connects to (1) 100M ethernet upstream wifi + Various LAN + \item (Hot swap?) Dual Power Supplies + \item (How swap?) RAID (Linux md), with SSD storage. + \item 2.5" drive bays + \item Total ~8GHz CPU + \item ~8-16 gigs RAM ? Depends on OS. + \item Two servers total, for standby/failover +\end{itemize} + +% +% Firewall +\section{Overview} +Most servers and workstations run GNU/Linux, which uses iptables. + + +\section{iptables} +iptables is part of the Netfilter project and has been included by default in +the Linux kernel for many years. + +\begin{figure}[h!] +\includegraphics[keepaspectratio=true,height=1.10\textheight,width=1.00\textwidth,angle=0]{www-netfilter.png} + \caption{Netfilter Website} + \label{fig:www-netfilter} +\end{figure} + +\section{Requirements} +There are a lot of operating systems to consider to use as a firewall... + +Notes on some requirements in a firewall. + +\begin{itemize} + \item Must be free software. + \item The project must still be alive. + \item Does it use a hardened kernel? + \item How does it do security updates? + \item Are there open security issues? + \item Are there any CVEs? + \item How are security issues handled? + \item Is there a list of security issues? + \item Does it have a wifi portal? (Should that be a separate box or in OpenWRT?) + \item Does upstream https actually work? + \item UTM - Unified Threat Management (e.g. snort, etc.) + \item Load balancing between multiple upstreams (without BGP). + \item Load balancing between dual local routers. + \item Fail over to standby router (e.g. pfsync). + \item ``Anti-virus'', SMTP, POP scans? Meh? (e.g. OpenBSD has greylist/tarpit.) + \item Packet cleansing (e.g. tcp header randomization). + \item Do we want DNS, DHCP, etc? Probably not? + \item OpenVPN (built into router, or thru it?). + \item Network graphing (MRTG, aguri, etc.) + \item No broken ``community'' editions. + \item Have mirrored server doing analysis? + \item NAT options? cone, etc. + \item Local system monitoring (e.g. system temp, hdd status, etc.) + \item sshd + \item GSM, pppd ? + \item Two-factor authentication. + \item snort, suricata +\end{itemize} + + +\section{Firewall Operating Systems in Use} +\subsection{Debian} + \href{https://www.debian.org/}{Debian} + +Debian is used for nearly everything. It could easily be used as a +router/firewall. There are better, more tuned options. + +Linux's iptables is used on servers. + +\begin{figure}[h!] +\includegraphics[keepaspectratio=true,height=1.10\textheight,width=1.00\textwidth,angle=0]{www-debian.png} + \caption{Debian Website} + \label{fig:www-debian} +\end{figure} + diff --git a/source/Firmware.tex b/source/Firmware.tex new file mode 100644 index 0000000..c015f57 --- /dev/null +++ b/source/Firmware.tex @@ -0,0 +1,38 @@ +% +% Firmware.tex +% +% Fork Sand IT Manual +% +% Copyright (C) 2018, Fork Sand, Inc. +% Copyright (C) 2017, Jeff Moe +% +% This document is licensed under the Creative Commons Attribution 4.0 +% International Public License (CC BY-SA 4.0) by Fork Sand, Inc. +% + +\section{Overview of Firmware} +\label{sec:overview-firmware} + +There is a lot of firmware in workstations, often non-free. +Various projects replace some non-free binaries. + +\begin{itemize} + \item BIOS + \item Hard drive firmware + \item Keyboard controller + \item on and on... +\end{itemize} + + +\section{Coreboot} +Coreboot is used on Viking.net servers. + + +\section{OpenBMC} +OpenBMC is used on Raptor Computing Systems OpenPOWER workstations. + +\begin{itemize} + \item Github: + Website: \\ \url{https://github.com/openbmc/openbmc} +\end{itemize} + diff --git a/source/Introduction.tex b/source/Introduction.tex new file mode 100644 index 0000000..515c6f8 --- /dev/null +++ b/source/Introduction.tex @@ -0,0 +1,29 @@ +% +% Introduction.tex +% +% Fork Sand IT Manual +% +% Copyright (C) 2018, Fork Sand, Inc. +% Copyright (C) 2017, Jeff Moe +% +% This document is licensed under the Creative Commons Attribution 4.0 +% International Public License (CC BY-SA 4.0) by Fork Sand, Inc. +% + +\section{Overview} +The purpose of this document is to record the setup and maintenance of +Fork Sand's IT infrastructure. + + +\begin{itemize} + \item Free. + \item Private. + \item Secure. + \item Hardware. + \item Software. + \item Firmware. + \item Network. + \item Cloud. + \item Operating Systems. +\end{itemize} + diff --git a/source/NTP.tex b/source/NTP.tex new file mode 100644 index 0000000..6ae53f6 --- /dev/null +++ b/source/NTP.tex @@ -0,0 +1,17 @@ +% +% NTP.tex +% +% Fork Sand IT Manual +% +% Copyright (C) 2018, Fork Sand, Inc. +% Copyright (C) 2017, Jeff Moe +% +% This document is licensed under the Creative Commons Attribution 4.0 +% International Public License (CC BY-SA 4.0) by Fork Sand, Inc. +% +NTP is time. + +\begin{itemize} + \item Daemon \texttt{chrony}, most secure + \item Hardware clocks, GPS, etc. +\end{itemize} diff --git a/source/Network.tex b/source/Network.tex new file mode 100644 index 0000000..5f72138 --- /dev/null +++ b/source/Network.tex @@ -0,0 +1,54 @@ +% +% Network.tex +% +% Fork Sand IT Manual +% +% Copyright (C) 2018, Fork Sand, Inc. +% Copyright (C) 2017, Jeff Moe +% Copyright (C) 2017 Aleph Objects, Inc. +% +% This document is licensed under the Creative Commons Attribution 4.0 +% International Public License (CC BY-SA 4.0) by Fork Sand, Inc. +% + + +\section{Network Diagaram} + +This is an overview of the network. + + +The first diagram is an overview, with networks listed, without the admin network. + +XXX Diagram. + +%\begin{figure}[h!] +%\includegraphics[keepaspectratio=true,height=1.00\textheight,width=1.00\textwidth,angle=90]{fs-cloud-net-overview.pdf} +% \caption{Fork Sand IT Manual Network Overview without Admin Net} +% \label{fig:fs-cloud-net-overview} +%\end{figure} + +The second network, shows most servers, without the admin network. + +XXX Diagram. + +%\begin{figure}[h!] +%\includegraphics[keepaspectratio=true,height=1.00\textheight,width=1.00\textwidth,angle=90]{ao-cloud-net.pdf} +% \caption{Fork Sand IT Manual Network without Admin Net} +% \label{fig:ao-cloud-net} +%\end{figure} + + +\section{Switches} +Some day there will be a real free software network switch we'll +be able to use... For now we will be using: + +\begin{itemize} + \item TP Link 48-port 1 Gigabit RJ-45 + \item Netgear 16-port 10 Gigabit RJ-45 +\end{itemize} + + +\section{IPMI Administration} +The servers have low level administration done via HTML5 IPMI. +OpenBMC will be used, where possible. + diff --git a/source/OpenNebula.tex b/source/OpenNebula.tex new file mode 100644 index 0000000..e605734 --- /dev/null +++ b/source/OpenNebula.tex @@ -0,0 +1,197 @@ +% +% OpenNebula.tex +% +% Fork Sand IT Manual +% +% Copyright (C) 2018, Fork Sand, Inc. +% Copyright (C) 2017, Jeff Moe +% Copyright (C) 2017 Aleph Objects, Inc. +% +% This document is licensed under the Creative Commons Attribution 4.0 +% International Public License (CC BY-SA 4.0) by Fork Sand, Inc. +% +% XXX TODO: opennebula-sunstone-login.png + +\section{Overview} +OpenNebula is a virtual machine manager. + +The private cloud deployment will be based on OpenNebula version 5.4, which +is currently in beta. There are only Debian 8 (Jessie, oldstable) releases. +Debian hasn't packaged OpenNebula since wheezy. It has it in sid, but even +that is an old version. The only packages available for Debian are the +upstream ones for Jessie made by OpenNebula. UPDATE: although it isn't listed +on their website, it does appear their are Debian 9 (Stretch) builds of +OpenNebula for the betas of the forthcoming 5.4 version, which is great. + +Documentation: +\url{https://docs.opennebula.org/5.4/} + +\begin{figure}[h!] +\includegraphics[keepaspectratio=true,height=1.10\textheight,width=1.00\textwidth,angle=0]{www-opennebula.png} + \caption{OpenNebula Website} + \label{fig:www-opennebula} +\end{figure} + +\begin{itemize} + \item Website: \\ \url{https://opennebula.org/} + \item Debian Stretch Repo: \\ + \url{http://downloads.opennebula.org/repo/5.4/Debian/9/pool/opennebula/} +\end{itemize} + + +The following servers will be deployed to host OpenNebula and the KVMs: + +\begin{itemize} + \item \texttt{waz-kvm-001.forksand.com} --- Virtual Machine Server 1 + \item \texttt{waz-kvm-002.forksand.com} --- Virtual Machine Server 2 + \item \texttt{waz-kvm-003.forksand.com} --- Virtual Machine Server 3 + \item \texttt{waz-kvm-004.forksand.com} --- Virtual Machine Server 4 + \item \texttt{waz-kvm-005.forksand.com} --- Virtual Machine Server 5 + \item \texttt{waz-sun-001.forksand.com} --- OpenNebula Sunstone Web GUI 1 + \item \texttt{waz-sun-002.forksand.com} --- OpenNebula Sunstone Web GUI 2 +\end{itemize} + +\subsection{Virtual Machine Servers} +KVM virtual machine servers. Fast CPU, with lots of RAM. Uses Ceph to store +virtual images. + +\subsection{Sunstone Web GUI Servers} +Sunstone is OpenNebula's Web GUI for administration of the cluster. + +\begin{figure}[h!] +\includegraphics[keepaspectratio=true,height=1.10\textheight,width=1.00\textwidth,angle=0]{opennebula-sunstone.png} + \caption{OpenNebula Sunstone Web Admin GUI} + \label{fig:opennebula-sunstone} +\end{figure} + + +\begin{minted}{sh} +wget -q -O- https://downloads.opennebula.org/repo/repo.key | apt-key add - +echo "deb http://downloads.opennebula.org/repo/5.4/Debian/9 stable opennebula" > /etc/apt/sources.list.d/opennebula.list +apt update +apt -y install opennebula-node +service libvirtd restart +\end{minted} + + +\section{Bugs} +Things that are bugs or at least aren't configured correctly. + + +\section{Sunstone Configuration} +At this point, you should have the OpenNebula Sunstone server up and running. +See scripts in \texttt{source/resources/ns24} for automation. + +\begin{enumerate} + \item Set up ssh tunnel (use Sunstone server name for ns24): + Code: \\ \texttt{ssh -N -C -L 9869:localhost:9869 ns24} + \item In workstation, open browser to url: + URL: \\ \url{http://localhost:9869/} + Info: \\ This goes through the encrypted SSH tunnel, but doesn't use https. + \item Click \texttt{OpenNebula} in the upper right to get the full web console. + \item Click \texttt{Infrastructure}. + \item Click \texttt{Hosts}. + \item Click The \texttt{+} plus icon. + \item Enter the hostname of the KVM server you want to use, such as the Sunstone server itself. + \texttt{Type: KVM} + \texttt{Hostname: ns24} + \item Click \texttt{Create}. + \item Repeatedly hit the reload button that's the two arrows in a circle, as it goes thru + stages of setup, starting at \texttt{INIT}. + \item Confirm status is \texttt{ON}. +\end{enumerate} + +\section{Sunstone Deploy Image} +This is a quick and dirty way to deploy a first test image. +NOTE: It is note privacy aware, as it pulls the image from the +OpenNebula ``store''. + +How to deploy an image from the OpenNebula App store: +\begin{enumerate} + \item Click \texttt{Storage}. + \item Click \texttt{Apps} + \item Click \texttt{Debian 9 - KVM}. + \item Click on the icon that is a cloud with an arrow in it. This downloads it to OpenNebula. + \item Select a datastore by clicking the \texttt{default} line. + \item Leave name and all that the same, and click \texttt{Download}. + \item Click \texttt{Images} under \texttt{Storage} in the left column. + \item Hit the refresh icon repeatedly. + \item When \texttt{Status} is \texttt{READY}, it is good to go. + \item Click \texttt{Templates} in the left column. + \item Click \texttt{VMs}. + \item Click \texttt{Debian 9 - KVM}. + \item Click \texttt{Instantiate}. + \item \texttt{VM Name} enter \texttt{deb9}. + \item \texttt{Number of instances} enter \texttt{1}. + \item \texttt{Memory} enter \texttt{768}. + \item \texttt{CPU} enter \texttt{1}. + \item Click the slider to \texttt{Instantiate as persistent}. + \item Click \texttt{Instantiate}. + \item Click \texttt{Instances} in the left column. + \item Click \texttt{VMs}. + \item Click the reload icon, repeat. + \item It is good when \texttt{Status} is \texttt{RUNNING}. + \item Set up an \texttt{ssh} tunnel so VNC can be used: + \texttt{ssh -N -C -L 29876:localhost:29876 ns24} + \item Click on the little monitor icon to launch VNC. + \item Look at booted up screen at \texttt{login:} prompt. + \item This means a Debian KVM booted up and the VNC is working. + There is no password for the \texttt{root} account, only \texttt{ssh} is available. + So without network setup, you can't really do anything with this image. + Booted, it just shows it works. +\end{enumerate} + +I think delete this section, it would go before the \texttt{Templates} above.: +\begin{enumerate} + \item Click \texttt{Debian 9 - KVM}. + \item PROBABLY NO: Click \texttt{Clone} to make a local copy. + \item PROBABLY NO: It will say \texttt{Copy of Debian 9 - KVM}, leave as-is, click \texttt{Clone}. + \item Click on the icon with three dots. + \item Click \texttt{Make Persistent}. + \item Click on the icon with three dots. + \item Click \texttt{Enable}. +\end{enumerate} + +\section{OpenNebula Networking} +XXX Yes, this part needs set up... + +\begin{minted}{sh} +# /etc/network/interfaces bridge section, add this: +auto br0 +iface br0 inet static + bridge_ports eth0 + bridge_fd 0 + address 192.168.100.1 + netmask 255.255.255.0 + network 192.168.100.0 + broadcast 192.168.100.255 + gateway 192.168.100.1 + dns-nameservers 37.235.1.174 + dns-search forksand.com +\end{minted} + +As user \texttt{jebba}, on the server, run this to generate a key. +Then paste that key into Sunstone under "SSH Public Key". + +\begin{minted}{sh} +ssh-keygen -t ed25519 +\end{minted} + +\begin{minted}{sh} +# XXX test. Use this IP and interface, so no 192.168.0.0 but real IPs. +# Comment this out: +auto eth0:27 +iface eth0:27 inet static +address 174.128.229.158 +netmask 255.255.255.224 +gateway 174.128.229.129 +\end{minted} + +XXX Check if IP forwarding is needed in \texttt{/etc/sysctl.conf}. + +If things are set up to use a bridge and 192.168.100.100, +\texttt{iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE} +Will bring things up to NAT. + + +XXX The port forwarding is forwarding all port 53 to guest at the moment. diff --git a/source/Software-daemons.tex b/source/Software-daemons.tex new file mode 100644 index 0000000..d0b0763 --- /dev/null +++ b/source/Software-daemons.tex @@ -0,0 +1,131 @@ +% +% Software-daemons.tex +% +% Fork Sand IT Manual +% +% Copyright (C) 2018, Fork Sand, Inc. +% Copyright (C) 2017, Jeff Moe +% Copyright (C) 2014, 2015, 2016, 2017 Aleph Objects, Inc. +% +% This document is licensed under the Creative Commons Attribution 4.0 +% International Public License (CC BY-SA 4.0) by Fork Sand, Inc. +% +\section{Server Daemons} +These are the server daemons used to drive the enterprise. + +\section{\href{http://sourceforge.net/projects/acpid2/}{ACPID}} +Monitors ACPI events. Runs on nearly all servers and workstations. + +\section{\href{http://httpd.apache.org/}{Apache}} +Web daemon, used on many servers. + +\section{\href{http://www.isc.org/}{BIND}} +Nameserver used for caching. + +\section{\href{https://borgbackup.github.io/borgbackup/}{Borg}} +Backup program. + +\section{\href{https://www.collaboraoffice.com/code/}{code}} +Collabora Online Development Edition (CODE) is LibreOffice Online (LOOL) +for Nextcloud. + +\section{\href{https://github.com/coturn/coturn}{coturn}} +TURN and STUN server. Used for videoconferencing. + +\section{\href{http://ftp.isc.org/isc/cron/}{cron}} +Scheduled triggering of applications (cf. at). + +\section{\href{http://dnsmasq.org/}{DHCP}} +dnsmasq DHCP for 350+ hosts. + +\section{\href{https://www.discourse.org/}{Discourse}} +Mailing list, discussion board, forum. + +\section{\href{https://dockerproject.org/}{Docker}} +System containers, virtual servers. + +\section{\href{http://dnsmasq.org/}{DNS}} +dnsmasq DNS caching. + +\section{\href{http://dnsmasq.org/}{Dovecot}} +IMAP mail services. Employees check their mail via the +IMAP server, typically using Icedove or aomail (roundcube using IMAP). + +\section{\href{https://www.erlang.org/}{Erlang}} +Virtual machine (ejabberd). + +\section{{iptables}{Firewalls}} +Linux's iptables. + +\section{\href{http://www.fail2ban.org/}{fail2ban}} +Block out scripts, bots, crackers, and network noise on servers. + +\section{\href{http://www.debian.org/}{Init}} +Init, woo! + +\section{\href{http://mariadb.org/}{MariaDB}} +Used on many servers for a database. Replacing MySQL. + +\section{md RAID} +Linux RAID, md, mdadm. + +\section{\href{http://www.memcached.org/}{memcached}} +Used to speed up websites, such as Nextcloud. + +\section{\href{http://www.mysql.org/}{MySQL}} +Used on many servers for a database. + +\section{\href{https://nextcloud.com/}{Nextcloud}} +Shared calendars, files, collaborative document editing with +LibreOffice Online, videoconferencing. + +\section{\href{http://support.ntp.org/}{NTP}} +Syncs time on every server and workstation. + +\section{\href{http://www.opendkim.org/}{OpenDKIM}} +DKIM (Domain Keys Identified Mail) sender authentication system. + +\section{\href{http://www.openssh.com/}{OpenSSH}} +Used to control every server, create encrypted tunnels (autossh), +mount filesystems (sshfs), and remote file transfer (sftp). + +\section{\href{http://openvpn.net/}{OpenVPN}} +Connects external resources, such as employee mobiles and laptops, to the internal network. + +\section{\href{https://www.piwiki.org/}{Piwik}} +Application to analyze web site traffic. + +\href{http://www.mrunix.net/webalizer/}{Webalizer} is used occassionally. + +\section{\href{http://www.postfix.org/}{Postfix}} +Main SMTP outgoing mail server. + +\section{\href{http://www.postgresql.org/}{Postgres}} +Database server. + +\section{\href{http://www.qemu.org/}{QEMU}} +Computer emulator, runs virtual servers. Uses KVM. + +\section{\href{http://rsync.samba.org/}{rsync}} +File server. + +\section{\href{http://www.rsyslog.com/}{rsyslog}} +Logging on every server and workstation. + +\section{\href{http://www.spamassassin.org/}{spamassassin}} +Spam filtering of email. + +\section{\href{http://fuse.sourceforge.net/sshfs.html}{sshfs}} +Main internal fileserver. + +\section{\href{http://www.freedesktop.org/wiki/Software/systemd}{systemd}} +System bootup and process manager. + +\section{\href{http://dnsmasq.org/}{TFTP}} +Network install server. + +\section{\href{http://www.xinetd.org}{xinetd}} +xinetd on Debian systems. inetd on OpenBSD. Misc network utils. + +\section{\href{http://www.ejabberd.im/}{XMPP/jabber}} +ejabberd, Erlang XMPP (jabber) server. diff --git a/source/Source-gen.tex b/source/Source-gen.tex new file mode 100644 index 0000000..7ad4455 --- /dev/null +++ b/source/Source-gen.tex @@ -0,0 +1,66 @@ +\section{\texttt{SHA256SUM}} +\texttt{SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855} +\inputminted{sh}{resources/SHA256SUM} +\section{\texttt{STATS}} +\texttt{SHA256: b1861503f0a41f1f2bef8fbfba32501d871ef4c5fd073c3b9272c71a7b1e7ea5} +\inputminted{sh}{resources/STATS} +\section{\texttt{apps/iptables/etc/iptables}} +\texttt{SHA256: 825577f3fd900576c119d0a6191de16bf2d55fb84e6749921710b293e5fd1889} +\inputminted{sh}{resources/apps/iptables/etc/iptables} +\section{\texttt{apps/iptables/etc/iptables.test.rules}} +\texttt{SHA256: 4b50c760daa85619a74f1c635b26807fcc7f8bedb90bd22893de8c98f3d78ff1} +\inputminted{sh}{resources/apps/iptables/etc/iptables.test.rules} +\section{\texttt{apps/oca/etc/init.d/openerp-server}} +\texttt{SHA256: 03e673de76f6aece8473a8441b0c921368f675ea234b62fa58708427a1b69346} +\inputminted{sh}{resources/apps/oca/etc/init.d/openerp-server} +\section{\texttt{apps/oca/lib/systemd/system/odoo-server.service}} +\texttt{SHA256: a149aa2a11f17a20eda8f32e2ef5b34e403b772d53f1dcd2a62bd44b166c2122} +\inputminted{sh}{resources/apps/oca/lib/systemd/system/odoo-server.service} +\section{\texttt{apps/oca/oca11-addons}} +\texttt{SHA256: 72d2cb138dfae349f5029b27dae74d13745061233fcebb79ef3d38eb4836183a} +\inputminted{sh}{resources/apps/oca/oca11-addons} +\section{\texttt{apps/oca/oca-install.sh}} +\texttt{SHA256: 3d793228bd669725954044abb7901b38d6aa2fc397ee2d9fd65e46973a6e4365} +\inputminted{sh}{resources/apps/oca/oca-install.sh} +\section{\texttt{apps/oca/oca-manual-modules}} +\texttt{SHA256: 36b8bf27d09d3f67387f1febc34212a137341d18d25da3e47767fe8e8a56054f} +\inputminted{sh}{resources/apps/oca/oca-manual-modules} +\section{\texttt{apps/oca/odoo9-modules}} +\texttt{SHA256: 3d742d5b59b2a2d7e3c500be929d001bc3685b3a755ec8e913e82a90c87d58ec} +\inputminted{sh}{resources/apps/oca/odoo9-modules} +\section{\texttt{apps/odoo/odoo11-deb-install.sh}} +\texttt{SHA256: eec3af072498c00dd207f85d05de93ae81b4a0a6f4d31aa6b1dfb31af84eb07f} +\inputminted{sh}{resources/apps/odoo/odoo11-deb-install.sh} +\section{\texttt{apps/ssh/socks-chain.sh}} +\texttt{SHA256: 8e0ee0af15f20e6a5120f9bca4b073532002f8d309dc365c64734b111c03ae4e} +\inputminted{sh}{resources/apps/ssh/socks-chain.sh} +\section{\texttt{apps/ssh/socks-proxy.sh}} +\texttt{SHA256: 646c3cdef108cf891d9d5279971f3da8a708d78b9cb18da832043ba3048cfacf} +\inputminted{sh}{resources/apps/ssh/socks-proxy.sh} +\section{\texttt{apps/sunstone/etc/one/sunstone-logos.yaml}} +\texttt{SHA256: b318da9ebbe0bc3b5b80efda6c8594b2017736d8e32d3ff74aaefb727cf1fb0e} +\inputminted{sh}{resources/apps/sunstone/etc/one/sunstone-logos.yaml} +\section{\texttt{apps/sunstone/etc/one/sunstone-views.yaml}} +\texttt{SHA256: 34f5df58f4f6fce5985378c946c8b9718567a1454f171e2629b33e37ce0ca87f} +\inputminted{sh}{resources/apps/sunstone/etc/one/sunstone-views.yaml} +\section{\texttt{apps/yadifa-master/etc/yadifa/yadifad.conf}} +\texttt{SHA256: 1802daa96fe2a7373059b86ae166f008591aad4304eb8176e1c20f56e61e7df8} +\inputminted{sh}{resources/apps/yadifa-master/etc/yadifa/yadifad.conf} +\section{\texttt{apps/yadifa-master/var/lib/yadifa/masters/solipsists.org.zone}} +\texttt{SHA256: e2c4028695f3ac6b6ed8afb963a7821589b94ed81a2d068d7480b809d402c830} +\inputminted{sh}{resources/apps/yadifa-master/var/lib/yadifa/masters/solipsists.org.zone} +\section{\texttt{apps/yadifa-slave/etc/yadifa/yadifad.conf}} +\texttt{SHA256: 705f36a12aee30e8510e5d06f1d3dd471a82aa518e00648a83f8f9d1146b8186} +\inputminted{sh}{resources/apps/yadifa-slave/etc/yadifa/yadifad.conf} +\section{\texttt{apps/yadifa/var/lib/yadifa/masters/0.0.127.in-addr.arpa.zone}} +\texttt{SHA256: 1966009066a265b65574003bc5f338ee4c2595c010ece34e9e428c526b974fd5} +\inputminted{sh}{resources/apps/yadifa/var/lib/yadifa/masters/0.0.127.in-addr.arpa.zone} +\section{\texttt{apps/yadifa/var/lib/yadifa/masters/localhost.zone}} +\texttt{SHA256: 93847412dc586aa627b7c8d9c7f9f08223d62bd7297bb02058b57aaa4e92e220} +\inputminted{sh}{resources/apps/yadifa/var/lib/yadifa/masters/localhost.zone} +\section{\texttt{make-sources-list.sh}} +\texttt{SHA256: 29a180a3849349df01041152a06c3af2b9c1fc13b2d4da07fa1196ff6aff9de9} +\inputminted{sh}{resources/make-sources-list.sh} +\section{\texttt{txt2qrpng.sh}} +\texttt{SHA256: 28dff76725cfbe3e4dcf70120f0393422507443fa5b6a62e1814bd44fb62161e} +\inputminted{sh}{resources/txt2qrpng.sh} diff --git a/source/Source.tex b/source/Source.tex new file mode 100644 index 0000000..a1a7a07 --- /dev/null +++ b/source/Source.tex @@ -0,0 +1,12 @@ +% +% Source.tex +% +% Fork Sand IT Manual +% +% Copyright (C) 2018, Fork Sand, Inc. +% Copyright (C) 2017, Jeff Moe +% +% This document is licensed under the Creative Commons Attribution 4.0 +% International Public License (CC BY-SA 4.0) by Fork Sand, Inc. +% +\input{Source-gen} diff --git a/source/Title.tex b/source/Title.tex new file mode 100644 index 0000000..87a410f --- /dev/null +++ b/source/Title.tex @@ -0,0 +1,45 @@ +% +% Title.tex +% +% Fork Sand IT Manual +% +% Copyright (C) 2018, Fork Sand, Inc. +% Copyright (C) 2017, Jeff Moe +% +% Document template: +% Copyright (C) 2018, Fork Sand, Inc. +% Copyright (C) 2017, Jeff Moe +% Copyright (C) 2011, 2012, 2013, 2014, 2015, 2016, 2017 Aleph Objects, Inc. +% Copyright (C) 2009, 2010 Jeff Moe +% +% This document is licensed under the Creative Commons Attribution 4.0 +% International Public License (CC BY-SA 4.0) by Fork Sand, Inc. +% + +\date {} +\thispagestyle{empty} +\begin{center} +\par +%\includegraphics[keepaspectratio=true,angle=0,height=0.95\textheight,width=0.95\textwidth]{foo.pdf} +\par +\null\vfill +{\fontspec{lmroman12-regular.otf}\fontsize{35pt}{5cm}\selectfont \textcolor{ao-purple}{Fork Sand IT Manual}} +\par +\null\vfill +\par +\null\vfill +\par +\null\vfill +{\fontspec{lmroman12-regular.otf}\fontsize{25pt}{5cm}\selectfont \textcolor{ao-purple}{DRAFT}} +\par +\null\vfill +\par +\null\vfill +\par +\null\vfill +%\hfill{\fontspec{lmroman12-regular.otf}\fontsize{12}{5cm}\selectfont \textcolor{ao-purple}{Fork Sand, Inc.}} +\par +\renewcommand{\dateseparator}{} +\hfill\texttt{\yyyymmdddate\today} % Timestamp build date +\end{center} + diff --git a/source/forksand-it-manual-thumbnail.tex b/source/forksand-it-manual-thumbnail.tex new file mode 100644 index 0000000..48fef43 --- /dev/null +++ b/source/forksand-it-manual-thumbnail.tex @@ -0,0 +1,28 @@ +% +% forksand-it-manual-thumbnail.tex +% Create thumbnail images of PDF pages +% +% Fork Sand IT Manual +% +% Copyright (C) 2018, Fork Sand, Inc. +% Copyright (C) 2017, Jeff Moe +% +% Document template: +% Copyright (C) 2018, Fork Sand, Inc. +% Copyright (C) 2017, Jeff Moe +% Copyright (C) 2011, 2012, 2013, 2014, 2015, 2016, 2017 Aleph Objects, Inc. +% Copyright (C) 2009, 2010 Jeff Moe +% +% This document is licensed under the Creative Commons Attribution 4.0 +% International Public License (CC BY-SA 4.0) by Fork Sand, Inc. +% + +\documentclass[twoside]{minimal} +\usepackage[paperwidth=22.86cm, paperheight=30.48cm,dvips=false,pdftex=false,vtex=false]{geometry} +\usepackage[final]{pdfpages} +\usepackage{pdflscape} +\usepackage{thumbpdf} +\begin{document} +\includepdf[nup=2x4,pages={{},-},landscape]{forksand-it-manual.pdf} +\end{document} + diff --git a/source/forksand-it-manual.gst b/source/forksand-it-manual.gst new file mode 100644 index 0000000..e0efaaf --- /dev/null +++ b/source/forksand-it-manual.gst @@ -0,0 +1,21 @@ +% +% forksand-it-manual.gst +% makindex glossary style file +% +% Fork Sand IT Manual +% +% Copyright (C) 2017, Jeff Moe +% Copyright (C) 2014, 2015, 2016, 2017 Aleph Objects, Inc. +% +% This document is licensed under the Creative Commons Attribution 4.0 +% International Public License (CC BY-SA 4.0) by Jeff Moe. +% +preamble "\\begin{theglossary}" +postamble "\n\\end{theglossary}\n" +item_0 "\n\\glossitem" +delim_0 "{\\memglonum{" +encap_suffix "}}}" +headings_flag 0 +heading_prefix "{" +heading_suffix "}" +keyword "\\glossaryentry" diff --git a/source/forksand-it-manual.ist b/source/forksand-it-manual.ist new file mode 100644 index 0000000..c642ce6 --- /dev/null +++ b/source/forksand-it-manual.ist @@ -0,0 +1,15 @@ +% +% forksand-it-manual.ist +% makindex index style file +% +% Fork Sand IT Manual +% +% Copyright (C) 2017, Jeff Moe +% Copyright (C) 2014, 2015, 2016, 2017 Aleph Objects, Inc. +% +% This document is licensed under the Creative Commons Attribution 4.0 +% International Public License (CC BY-SA 4.0) by Jeff Moe. +% +heading_prefix "{\\normalsize \\bfseries\\hfil\\ " +heading_suffix " \\ \\hfil}\\nopagebreak\n" +headings_flag 1 diff --git a/source/forksand-it-manual.tex b/source/forksand-it-manual.tex new file mode 100644 index 0000000..b6d4cb3 --- /dev/null +++ b/source/forksand-it-manual.tex @@ -0,0 +1,365 @@ +% +% forksand-it-manual.tex +% Main LaTeX document for formatting forksand-it-manual +% +% Fork Sand IT Manual +% +% Copyright (C) 2018, Fork Sand, Inc. +% Copyright (C) 2017, Jeff Moe +% +% Document template: +% Copyright (C) 2018, Fork Sand, Inc. +% Copyright (C) 2011, 2012, 2013, 2014, 2015, 2016, 2017 Aleph Objects, Inc. +% Copyright (C) 2009, 2010 Jeff Moe +% +% This document is licensed under the Creative Commons Attribution 4.0 +% International Public License (CC BY-SA 4.0) by Fork Sand, Inc. +% + +%%% XXX NOTE +%%% Glossaries and indices are broken: +%%% https://sharelatex.tenderapp.com/help/discussions/questions/19378-glossaries-indices-and-speed +%%% XXX NOTE + +% LaTeX Docs: +% http://en.wikibooks.org/wiki/Category:LaTeX + +% LaTeX Memoir Class +% Docs: /usr/share/doc/texlive-doc/latex/memoir/memman.pdf +\documentclass[twoside,10pt,openright,final,english]{memoir} + +\usepackage{tikz} +\usetikzlibrary{shadows,shapes,arrows,chains,calc,decorations.pathmorphing,patterns,trees,positioning,automata,fit} +% This breaks things, but would be great to use +%\usepackage{tikz-qtree,tikz-qtree-compat} +\usepackage{rotating} +\usepackage{forest} + +\usetikzlibrary{arrows,shapes} +\usetikzlibrary{positioning,calendar,er} +\usetikzlibrary{decorations.markings} +\usetikzlibrary{shapes.geometric} + +% Source code highlighting +\usepackage{mdframed} % /usr/share/doc/texlive-doc/latex/mdframed/mdframed.pdf +\usepackage{minted} % /usr/share/doc/texlive-doc/latex/minted/minted.pdf +\setminted{autogobble, breaklines, breakanywhere, breakautoindent, funcnamehighlighting,style=manni,fontsize=\scriptsize} +% fontsize +\setmintedinline{breaklines, breakanywhere} +\surroundwithmdframed{minted} +\mdfsetup{roundcorner=10pt, +linewidth=3pt, +linecolor=ao-light-blue, +backgroundcolor=white, +leftmargin=1cm,rightmargin=1cm +} + +\usepackage{smartdiagram} +\usesmartdiagramlibrary{additions} +\usepackage{comment} % /usr/share/doc/texlive-doc/latex/comment/comment.pdf +\usepackage{graphicx} % /usr/share/doc/texlive-doc/latex/graphics/graphicx.pdf +\usepackage{epstopdf} % /usr/share/doc/texlive-doc/latex/oberdiek/epstopdf.pdf +% http://www.tug.org/applications/hyperref/manual.html +% /usr/share/doc/texlive-doc/latex/hyperref/hyperref.pdf +\usepackage[colorlinks=true,linkcolor=ao-dark-orange,urlcolor=ao-dark-orange]{hyperref} +%\usepackage{url} % /usr/share/doc/texlive-doc/latex/url/url.pdf % Use hyperref. +\graphicspath{{./resources/}{./resources/images/}{./resources/drawings/}} + +\makeindex +\makeglossary + +\usepackage{color} % Docs: /usr/share/doc/texlive-latex-base-doc/latex/graphics/grfguide.pdf +%\usepackage[usenames,dvipsnames,svgnames,table]{xcolor} + +%%% PREAMBLE FONTS %%% +% For XeTeX +% http://www.ctan.org/pkg/fontspec +% http://mirrors.ctan.org/macros/latex/contrib/fontspec/fontspec.pdf +\usepackage{fontspec} +\defaultfontfeatures{Ligatures=TeX} % To support LaTeX quoting style +\setmainfont{lmroman12-regular.otf} + +\usepackage[normalem]{ulem} % underline + +\usepackage{floatpag} % Full page figures without page numbers. + +%%% END PREAMBLE FONTS %%% + +%%% PAGE, STOCK, AND MARGIN SIZE %%% +% "Crown Quarto/Crown 4vo" at Lulu and Lightning Source +% 7.44 x 9.68" 18.90 x 24.58cm +%\setstocksize{24.58cm}{18.90cm} % { height }{ width } +% US Letter +% 8.50 x 11.00" 21.59 x 27.94cm +%\setstocksize{27.94cm}{21.59cm} % { height }{ width } +% A4 +% 8.27 x 11.70" 21.00 x 29.70cm +%\setstocksize{29.70cm}{21.00cm} % { height }{ width } +% Lulu Largest Hardcover, 24-800 pages +% 8.25 x 10.75" 20.96 x 27.31cm +\setstocksize{27.31cm}{20.96cm} % { height }{ width } + +\settrimmedsize{\stockheight}{\stockwidth}{*} + +%\settypeblocksize{ height }{ width }{ ratio } +% "Crown Quarto/Crown 4vo" at Lulu and Lightning Source +%\settypeblocksize{19.0cm}{*}{*} +% US Letter +%\settypeblocksize{23.0cm}{*}{*} +% A4 +%\settypeblocksize{24.0cm}{*}{*} +% Lulu Largest Hardcover, 24-800 pages +\settypeblocksize{22.0cm}{*}{*} + +%\setlrmarginsandblock{ spine }{ edge }{ ratio } +% make the spine have more space than outer edge +% "Crown Quarto/Crown 4vo" at Lulu and Lightning Source +%\setlrmarginsandblock{*}{2.5cm}{1.2} +% US Letter +%\setlrmarginsandblock{*}{2.0cm}{1.4} +% A4 +%\setlrmarginsandblock{*}{2.0cm}{1.4} +% Lulu Largest Hardcover, 24-800 pages +\setlrmarginsandblock{*}{2.0cm}{1.4} + +% \setulmargins{ upper }{ lower }{ ratio } +\setulmargins{2.0cm}{*}{*} + +% \setheadfoot{ headheight }{ footskip } +\setheadfoot{12pt}{2cm} + +\checkandfixthelayout[fixed] +%%% END PAGE, STOCK, AND MARGIN SIZE %%% + +\setcounter{secnumdepth}{3} +\setcounter{tocdepth}{3} +\setsecnumdepth{subsection} + +\usepackage[english]{babel} +\usepackage{datetime} % Docs: /usr/share/doc/texlive-doc/latex/datetime/datetime.pdf +\usepackage{ucs} + +%%% PDFLATEX %%% +\usepackage{etex} + +%%% Not all features are used in XeTeX +\usepackage[protrusion,babel,final]{microtype} +%%% Conflicts with package fontspec +%\usepackage[utf8x]{inputenc} + +% Docs: /usr/share/doc/texlive-humanities-doc/latex/ledmac/ledmac.pdf +%\usepackage{eledmac} + +%\usepackage{jebba} + +%%% forksand-it-manual PAGE STYLE %%% +\makepagestyle{aocstyle} +\pagestyle{aocstyle} +\makeevenhead{aocstyle}{}{\hspace{2em}\itshape\small\leftmark}{} +\makeoddhead{aocstyle}{}{\scshape\small\rightmark}{} +\makeevenfoot{aocstyle}{}{\hspace{2em}\thepage}{} +\makeoddfoot{aocstyle}{}{\thepage}{} +%%% END forksand-it-manual PAGE STYLE %%% + +%%% forksand-it-manualSKI CHAPTER STYLE %%% +\makechapterstyle{aocski}{% + \renewcommand*{\printchaptername}{} % Clear out the chapter name (e.g. capítulo) + \renewcommand*{\printchapternum}{} % Clear out the chapter number + \renewcommand*{\chaptitlefont}{\fontspec{lmroman12-regular.otf}\fontsize{20pt}{3em}\selectfont} % Set chapter title font + \renewcommand*{\printchaptertitle}[1]{% + \hrule\vskip\onelineskip \centering \chaptitlefont{##1}\par} + % Set chapter title font + \renewcommand*{\afterchaptertitle}{\vskip\onelineskip \hrule\vskip + \afterchapskip} +} +%%% END forksand-it-manualSKI CHAPTER STYLE %%% + +%%% FORMATTING... %%% +\midsloppy +\setlength{\emergencystretch}{3em} +\tolerance=5000 +\hyphenpenalty=500 +\setlength{\topskip}{1.6\topskip} +\checkandfixthelayout +\raggedbottom +\widowpenalty=10000 +\clubpenalty=10000 +%%% END FORMATTING... %%% + +%%% FOOTNOTES %%% +% no horizontal rule before footnotes: +\let\oldfootnoterule\footnoterule +\renewcommand*{\footnoterule}{} +\setlength{\footmarkwidth}{3.5em} +%%% END FOOTNOTES %%% + +%%% COLORS %%% +\definecolor{ao-purple}{cmyk}{0.50,0.60,0.00,0.43} % ??? +%\definecolor{ao-purple}{cmyk}{0.85 0.90 0.00 0.05} % ??? +\definecolor{ao-dark-blue}{cmyk}{0.83 0.24 0.00 0.12} +\definecolor{ao-light-blue}{cmyk}{0.41 0.15 0.00 0.09} +\definecolor{ao-light-orange}{cmyk}{0.00 0.40 0.88 0.03} +\definecolor{ao-dark-orange}{cmyk}{0.00 0.51 0.83 0.11} +\definecolor{ao-gold}{cmyk}{0.00 0.18 0.75 0.00} +\definecolor{ao-greyblack}{cmyk}{0.00 0.11 0.09 0.86} +\definecolor{ao-white}{cmyk}{0.00 0.00 0.00 0.00} +\definecolor{ao-black}{cmyk}{1.00 1.00 1.00 1.00} +\definecolor{lulzbot-green}{cmyk}{0.11 0.00 0.78 0.15} +%%% END COLORS %%% + + +%%% DEBUG %%% +%\showoutput +%\typeoutlayout +%\typeoutstandardlayout +%%% END DEBUG %%% + +%%% END OF PREAMBLE %%% + +\begin{document} + +%%% BEGIN FRONT MATTER %%% +\frontmatter + +% Set page numbers to lowercase roman numerals, and reset the count to 1 (no *) +\pagenumbering{roman} + +%%% TITLE PAGE %%% +% We want the title to be on the right hand page. +% If we pad a page, it gives us two with openright +\include{Title} +%%% END TITLE PAGE + +%%% COPYRIGHT PAGE %%% +\include{Copyright} +%%% END COPYRIGHT PAGE %%% + +%%% TABLE OF CONTENTS %%% +{\fontspec{lmroman12-regular.otf} +\maxtocdepth{subsection} +\settocdepth{subsection} +%\setsecnumdepth{subsection} +% space between dots +\renewcommand{\cftchapterdotsep}{15} +% dot symbol (default is period) +\renewcommand{\cftdot}{\textperiodcentered} % centered period +% Set space between each entry in ToC +\setlength{\cftbeforechapterskip}{5pt} +\tableofcontents*} +%%% END TABLE OF CONTENTS %%% + +%%% LIST OF FIGURES %%% +\renewcommand*{\lofheadstart}{\vspace{1cm}} +\clearpage +\listoffigures* +%%% END LIST OF FIGURES %%% + +%%% LIST OF LISTINGS %%% +%\renewcommand*{\lofheadstart}{\vspace{1cm}} +%\clearpage +%\listoflistings +%%% END LIST OF LISTINGS %%% + +%%% CHAPTER STYLE %%% +\chapterstyle{aocski} % defined in preamble +\def\topblockvspace{0.11} +%%% END CHAPTER STYLE %%% + +%%% CHAPTER CONFIG %%% +\newcommand{\chapterheader}{Fork Sand IT Manual} +% See \chapterconf below for examples of how this is used. +% value 1 is file to include +% value 2 is title of chapter +% value 3 is sub title of chapter +\newcommand{\chapterconf}[3]{ +\chapter{\emph{{#2}}\protect \\ +{#3}} +\thispagestyle{empty} +\markboth{#2}{\chapterheader} +{\include{#1}} +} +%%% END CHAPTER CONFIG %%% + +%%% FRONTMATTER CHAPTERS %%% +\fontspec{lmroman12-regular.otf} + +% Format: +% \chapterconf{Name of file to include}{Title of Chapter} +\chapterconf{Introduction}{Introduction}{Fork Sand IT Manual} +%%% END FRONTMATTER CHAPTERS %%% + +%%% END FRONTMATTER %%% + +%%% BEGIN MAINMATTER %%% +\mainmatter* + +% Set page numbering to arabic, but don't reset numbering (*) +\pagenumbering*{arabic} + +%% MAINMATTER CHAPTERS %%% +% Default chapter font +\fontspec{lmroman12-regular.otf} + +% Format: +% \chapterconf{Name of file to include}{Title of Chapter}{Subtitle} +% Comment out a line to not render that chapter +\chapterconf{Hardware}{Hardware}{Metal and Chips} +\chapterconf{Network}{Network}{Switch} +\chapterconf{Switches}{Network Switches}{Free Switches (none found)} +\chapterconf{Clouds}{Clouds}{Software as a Surveillance State} +\chapterconf{Distros}{Distributions}{Free Software Distributions} +\chapterconf{Software-daemons}{Server Software}{Server Software Daemons} +\chapterconf{Firewalls}{Firewalls}{Firewalls} +\chapterconf{ClusterHardware}{Cluster Hardware}{Machines} +\chapterconf{Firewall-opnsense}{OPNSense Firewall}{Use OPNSense} +\chapterconf{OpenNebula}{OpenNebula}{Virtual Machines} +\chapterconf{Ansible}{Ansible}{Cluster Administration} +\chapterconf{DNS}{Domain Name Service (DNS)}{Who Names You?} +\chapterconf{NTP}{Network Time Protocol}{A Hole in Time} +\chapterconf{Firmware}{Firmware}{Embedded Software} +%%% Appendix %%% +%\part{Appendix} % XXX +\appendix +\chapterconf{Source}{Free Software}{Free Software and Configurations} +%% END MAINMATTER CHAPTERS %%% + +%%% END MAINMATTER %%% + +%%% BEGIN BACKMATTER %%% +\backmatter + +%%% INDEX %%% +\clearpage +\printindex +%%% END INDEX %%% + +%%% GLOSSARY %%% +\renewcommand{\memgloterm}[1]{\textbf{#1}} +\renewcommand{\memglodesc}[1]{\textit{#1}} +\renewcommand{\memglonum}[1]{} + +\clearpage +\printglossary +%%% END GLOSSARY %%% + +%%% CONTACT %%% +\chapterconf{Contact}{Contact}{Phone, Email, Web, Location} +%%% END CONTACT %%% + +%%% COLOPHON %%% +%%% skip a couple pages +\pagebreak{} +\thispagestyle{empty} +\begingroup +\vfill\null +\endgroup +\pagebreak{} +\thispagestyle{empty} +\fontspec{lmroman12-regular.otf} +{\include{Colophon}} +%%% END COLOPHON %%% + +%%% END BACKMATTER %%% + +\end{document} + diff --git a/source/jebba.sty b/source/jebba.sty new file mode 100644 index 0000000..b7ff45e --- /dev/null +++ b/source/jebba.sty @@ -0,0 +1,135 @@ +% +% jebba.sty +% +% Secure, Private, Libre, Open, and Free Commodity Computing +% +% Copyright (C) 2017, Jeff Moe +% +% This document is licensed under the Creative Commons Attribution 4.0 +% International Public License (CC BY-SA 4.0) by Jeff Moe. +% +% XXX Since it is a LaTeX .sty file, put under LaTeX license too? +% +% Forked, relicensed by Jeff Moe 2017 +% Based on: +% DND 5e LaTeX Style File +% MIT License +% Created by Evan Bergeron +% Modified by Christopher Liu December 2015 +% Modified by Yannic Meyer Feb 2016 + +\ProvidesPackage{jebba}[2017/10/18 v0.0.1 Template for jebba] + +% +% Prerequisite Packages +% +% Set a different geometry with \newgeometry +%\usepackage[ +% bindingoffset=15pt, % .2in +% hmargin=50pt, % .7in +% top=40pt, % .55in +% bottom=50pt, % .7in +% footskip=30pt, % makes the footer text line up with the graphic +%]{geometry} +%\RequirePackage[table]{xcolor} +\RequirePackage{array} +\RequirePackage{tabularx} +\RequirePackage{tikz} +\RequirePackage{keycommand} +\RequirePackage[most]{tcolorbox} % used for some boxes +\RequirePackage{enumitem} +%\RequirePackage{microtype} % Improve ragged2e hyphenation and overfull boxes +\RequirePackage{ragged2e} +\RequirePackage{xparse} + + +% Load other modules of this package +% XXX Disable ones that break the build +\RequirePackage{lib/jebbacolors} % color definitions +\RequirePackage{lib/jebbafonts} % font definitions +\RequirePackage{lib/jebbacomment} % \commentbox definition +%\RequirePackage{lib/jebbaheader} % fancy headers and footers +\RequirePackage{lib/jebbamonster} % \monsterbox definition +\RequirePackage{lib/jebbapaperbox} % \paperbox definition +\RequirePackage{lib/jebbaquote} % \quotebox definition +%\RequirePackage{lib/jebbasections} % section styling +\RequirePackage{lib/jebbaspell} % \spell definition +\RequirePackage{lib/jebbastrings} % Load document strings +\RequirePackage{lib/jebbatable} % \jebbatable definition + +% +% Options +% + +% 'bg-letter-img','bg-letter-print' and 'bg-none' options +\newtoggle{bool-bg} +\newtoggle{bool-footer-scroll} +\DeclareOption{bg-none} {\togglefalse{bool-bg}\togglefalse{bool-footer-scroll}} +\DeclareOption{bg-print}{\togglefalse{bool-bg}\toggletrue{bool-footer-scroll}} +\DeclareOption{bg-full} {\toggletrue{bool-bg}\toggletrue{bool-footer-scroll}} +\DeclareOption{bg-a4}{\jebba@deprecate{bg-a4}{0.7}[Remove call to this package option.]} +\DeclareOption{bg-letter}{\jebba@deprecate{bg-letter}{0.7}[Remove call to this package option.]} + +% Toggle justification (official books are flush left). +\newtoggle{justified} +\DeclareOption{justified}{\toggletrue{justified}} + +% Default Settings +\ExecuteOptions{bg-full} +\ProcessOptions\relax + +% Set paragraph and line spacing +\linespread{1.1}% +\setlength{\parindent}{1em} +\setlength{\RaggedRightRightskip}{0pt plus 1cm} +\setlength{\RaggedRightParindent}{\parindent} +\hyphenpenalty=1000 % Fewer hyphens + +% Set left justification if not justified +\nottoggle{justified}{\RaggedRight} + +% +% Style Parameters +% + +% Disable space between paragraphs. +\setlength{\parskip}{0pt} + +% Font environment +\newenvironment{lmss}{% + \jebba@deprecate{lmss}{0.7} + \fontfamily{lmss}\selectfont + }{} + +% Columns setup +\setlength{\columnsep}{25pt} % .35in + +% Customize itemize environment. +\setlist{leftmargin=1em} +\setitemize{noitemsep,topsep=0.5ex} +\renewcommand{\labelitemi}{\raisebox{0.25ex}{\tiny{\( \bullet \)}}} + +% Fancy DnD 5e-style hline +\renewcommand{\hline}{ +\noindent + \begin{tikzpicture}[] + \draw [rulered, fill=rulered] (0, 0) --(0,0.1) -- (\textwidth, 0.08); + \end{tikzpicture} +} + + +% Either hilariously, or infuriatingly, the \ifcommandkey +% implementation is buggy. Here is a re-implementation +% from tex.stackexchange. +\begingroup + \makeatletter + \catcode`\/=8 % + \@firstofone + { + \endgroup + \renewcommand{\ifcommandkey}[1]{% + \csname @\expandafter \expandafter \expandafter + \expandafter \expandafter \expandafter \expandafter + \kcmd@nbk \commandkey {#1}//{first}{second}//oftwo\endcsname + } + } diff --git a/source/lib/COPYING b/source/lib/COPYING new file mode 100644 index 0000000..e6a8e42 --- /dev/null +++ b/source/lib/COPYING @@ -0,0 +1,14 @@ +% Copyright (C) 2017, Jeff Moe +% +% This document is licensed under the Creative Commons Attribution 4.0 +% International Public License (CC BY-SA 4.0) by Jeff Moe. +% +% XXX Since it is a LaTeX .sty file, put under LaTeX license too? +% +% Forked, relicensed by Jeff Moe 2017 +% Based on: +% DND 5e LaTeX Style File +% MIT License +% Created by Evan Bergeron +% Modified by Christopher Liu December 2015 +% Modified by Yannic Meyer Feb 2016 diff --git a/source/lib/captions-template.txt b/source/lib/captions-template.txt new file mode 100644 index 0000000..f21ac1d --- /dev/null +++ b/source/lib/captions-template.txt @@ -0,0 +1,40 @@ +To add captions for a new language, say French: + 1. Copy the template below into jebbastrings-captions.sty + 2. Substitute the token with the + language name: + + % French captions + \addto\captionsfrench{% + ... + + 3. Fill out the ... fields with the appropriate + translations, without quotes: + ... + \def\armorclassname{Translation here}% + \def\hitpointsname{Sorry}% + \def\speedname{I do not actually know French}% + ... + + +vv ------ TEMPLATE ------ vv + +\addto\captions{% + \def\armorclassname{...}% + \def\hitpointsname{...}% + \def\speedname{...}% + \def\strstatname{...}% + \def\dexstatname{...}% + \def\constatname{...}% + \def\intstatname{...}% + \def\wisstatname{...}% + \def\chastatname{...}% + \def\skillsname{...}% + \def\dimmname{...}% + \def\dvulname{...}% + \def\dresname{...}% + \def\cimmname{...}% + \def\savesname{...}% + \def\sensesname{...}% + \def\languagesname{...}% + \def\challengename{...}% +} \ No newline at end of file diff --git a/source/lib/jebbacolors.sty b/source/lib/jebbacolors.sty new file mode 100644 index 0000000..3c456ca --- /dev/null +++ b/source/lib/jebbacolors.sty @@ -0,0 +1,52 @@ +% Define colors, sampled from the books. +\RequirePackage{color} + +% Page +\definecolor{bgtan}{HTML}{F7F2E5} % background and quotebox +\definecolor{pagegold}{HTML}{B89A67} % pagenumbers and footer + +% Type +\definecolor{titlered}{HTML}{58180D} % titles +\definecolor{titlegold}{HTML}{C9AD6A} % titlerules +\definecolor{rulered}{HTML}{9C2B1B} % triangular rule in statsblock + +% Trim (affects tables and paperboxes) +\definecolor{PhbLightGreen}{HTML}{E0E5C1} % PHB Part 1 +\definecolor{PhbLightCyan}{HTML}{B5CEB8} % PHB Part 2 +\definecolor{PhbMauve}{HTML}{DCCCC5} % PHB Part 3 +\definecolor{PhbTan}{HTML}{E5D5AC} % PHB appendix +\definecolor{DmgLavender}{HTML}{E3CED3} % DMG Part 1 +\definecolor{DmgCoral}{HTML}{F3D7C1} % DMG Part 2 +\definecolor{DmgSlateGray}{HTML}{DBE4E4} % DMG Part 3 +\definecolor{DmgLilac}{HTML}{D7D4D6} % DMG appendix + +% Trim aliases +\colorlet{DmgSlateGrey}{DmgSlateGray} + +% The color used in \setthemecolor when a new color is not set +\colorlet{themecolor}{PhbLightGreen} % Set the default theme to Part 1 of the PHB. + +% Element colors that change when \setthemecolor is used +\colorlet{commentboxcolor}{themecolor} % commentbox background +\colorlet{paperboxcolor}{themecolor} % paperbox background +\colorlet{tablecolor}{themecolor} % table even row background + +% Element colors that do not respond to \setthemecolor +\colorlet{quoteboxcolor}{bgtan} % quotebox background +\definecolor{statblockribbon}{HTML}{E69A28} % stat block top/bottom borders (gold) +\definecolor{statblockbg}{HTML}{FDF1DC} % stat block background (tan) + +% Sets the themecolor and colors for all themed elements +% If called without the optional color, resets the color of all themed elements to the current themecolor +\newcommand{\setthemecolor}[1][themecolor]{% + \colorlet{themecolor}{#1} + \colorlet{commentboxcolor}{#1} + \colorlet{paperboxcolor}{#1} + \colorlet{tablecolor}{#1} +} + +% Backwards-compatible aliases and colours +\colorlet{commentgreen}{PhbLightGreen} +\colorlet{itemtablepink}{DmgCoral} +\colorlet{monstertan}{statblockbg} +\definecolor{monstertandark}{HTML}{F0DBB5} diff --git a/source/lib/jebbacomment.sty b/source/lib/jebbacomment.sty new file mode 100644 index 0000000..bf5ae78 --- /dev/null +++ b/source/lib/jebbacomment.sty @@ -0,0 +1,22 @@ +%Usage \begin{commentbox}[options]{title}[color] +\DeclareTColorBox{commentbox}{O{} m O{commentboxcolor}}{% + before upper={\nottoggle{justified}{\RaggedRight}}, + frame hidden, + boxrule=0pt, + breakable, + enhanced, + before skip=8pt plus 1pt, + toptitle=3mm, + boxsep=0.25ex, + left=8pt, + right=8pt, + arc=0mm, + fonttitle=\jebba@BoxTitleFont\color{black}, + fontupper=\jebba@BoxBodyFont, + title={#2}, + parbox=false, + colback={#3}, + colbacktitle={#3}, + after={\vspace{5pt plus 1pt}\noindent}, + #1 +} diff --git a/source/lib/jebbafonts.sty b/source/lib/jebbafonts.sty new file mode 100644 index 0000000..e3c69aa --- /dev/null +++ b/source/lib/jebbafonts.sty @@ -0,0 +1,19 @@ +\RequirePackage{bookman} +\RequirePackage[T1]{fontenc} + +\renewcommand{\sfdefault}{lmss} + +\newcommand{\jebba@TitleFont}{\normalfont\scshape} + +\newcommand{\jebba@TableTitleFont}{\fontfamily{fosj}\selectfont\bfseries\scshape} +\newcommand{\jebba@TableBodyFont}{\sffamily} + +\newcommand{\jebba@BoxTitleFont}{\fontfamily{fosj}\selectfont\bfseries\scshape} +\newcommand{\jebba@BoxBodyFont}{\sffamily} + +\newcommand{\jebba@StatBlockTitleFont}{\normalfont\bfseries\scshape} +\newcommand{\jebba@StatBlockSubtitleFont}{\fontfamily{fosj}\selectfont\scshape} +\newcommand{\jebba@StatBlockBodyFont}{\sffamily} + +\newcommand{\jebba@FooterFont}{\normalfont\scshape} +\newcommand{\jebba@PageNumberFont}{\normalfont} diff --git a/source/lib/jebbaheader.sty b/source/lib/jebbaheader.sty new file mode 100644 index 0000000..d0aad6c --- /dev/null +++ b/source/lib/jebbaheader.sty @@ -0,0 +1,58 @@ +\RequirePackage{fancyhdr} % Adaptation of the footers + +% Setup for custom footer +\pagestyle{fancy} + +\newlength{\nobgfooterheight} +\setlength{\nobgfooterheight}{\paperheight} +\addtolength{\nobgfooterheight}{-1in} +\addtolength{\nobgfooterheight}{-\topmargin} +\addtolength{\nobgfooterheight}{-\headheight} +\addtolength{\nobgfooterheight}{-\headsep} +\addtolength{\nobgfooterheight}{-\textheight} +\addtolength{\nobgfooterheight}{-\footskip} + +\renewcommand{\headrulewidth}{0.0pt} %no rule for header +\renewcommand{\footrulewidth}{0.0pt} %no rule for footer + +\fancyhf{} % clear all headers and footers + +\fancyhead{ + \iftoggle{bool-bg}{ + \begin{tikzpicture}[remember picture,overlay] + \node[inner sep=0pt] at (current page.center) {\includegraphics[width=\paperwidth,height=\paperheight]{img/paper}}; + \end{tikzpicture} + }{} +} + +\fancyfoot[LE]{ + \iftoggle{bool-footer-scroll}{ + \begin{tikzpicture}[remember picture,overlay] + \node[xscale=-1,inner sep=0pt,anchor=south,nearly opaque] at (current page.south) {\includegraphics[width=\paperwidth,height=43pt]{img/footerscroll}}; + \node[xshift=20pt,yshift=30pt] at (current page.south west) {\jebba@PageNumberFont\textcolor{pagegold}{\thepage}}; + \node[anchor=south west,xshift=\marginparwidth+\marginparpush,yshift=27pt] at (current page.south west) {\jebba@FooterFont{\textcolor{pagegold}{\nouppercase\leftmark}}}; + \end{tikzpicture} + }{ + \begin{tikzpicture}[remember picture,overlay] + \node[anchor=south west,xshift=\marginparwidth-\marginparpush,yshift=\nobgfooterheight+2pt] at (current page.south west) {\jebba@PageNumberFont{\thepage}}; + \node[anchor=south west,xshift=\marginparwidth+\marginparpush,yshift=\nobgfooterheight] at (current page.south west) {\leftmark}; + \end{tikzpicture} + } +} + +\fancyfoot[RO]{ + \iftoggle{bool-footer-scroll}{ + \begin{tikzpicture}[remember picture,overlay] + \node[inner sep=0pt,anchor=south,nearly opaque] at (current page.south) {\includegraphics[width=\paperwidth,height=43pt]{img/footerscroll}}; + \node[xshift=-20pt,yshift=30pt] at (current page.south east) {\jebba@PageNumberFont\textcolor{pagegold}{\thepage}}; + \node[anchor=south east,xshift=-\marginparwidth-\marginparpush,yshift=27pt] at (current page.south east) {\jebba@FooterFont{\textcolor{pagegold}{\nouppercase\leftmark}}}; + \end{tikzpicture} + }{ + \begin{tikzpicture}[remember picture,overlay] + \node[anchor=south east,xshift=-\marginparwidth+2\marginparpush,yshift=\nobgfooterheight+2pt] at (current page.south east) {\jebba@PageNumberFont{\thepage}}; + \node[anchor=south east,xshift=-\marginparwidth,yshift=\nobgfooterheight] at (current page.south east) {\leftmark}; + \end{tikzpicture} + } +} + +\fancypagestyle{plain}{} diff --git a/source/lib/jebbamonster.sty b/source/lib/jebbamonster.sty new file mode 100644 index 0000000..d578fd7 --- /dev/null +++ b/source/lib/jebbamonster.sty @@ -0,0 +1,154 @@ +% Monster environment sty file +\RequirePackage{fp} +\RequirePackage{xstring} + +% Macro to print stats with autocomputed modifier +% e.g. \stat{12} prints "12 (+1)" +\newcommand{\stat}[1]{% + \FPeval{\mod}{(#1 - 10)/2}% + \FPifpos\mod% + \FPeval{\mod}{clip(trunc(mod,0))}#1\ (+\mod)% + \else% + \FPeval{\mod}{clip(abs(trunc(mod-0.5,0)))}#1\ (\(-\)\mod)% + \fi% +} + +% Macro to print avarage dice based value +% e.g. \dice{2d6+3} prints "10 (2d6 + 3)" +\newcommand{\dice}[1]{% + \StrSubstitute{#1}{ }{}[\DiceArg]% strip whitespaces + \StrCut{\DiceArg}{d}\DiceNum\DiceSides% split string + \StrCut{\DiceSides}{+}\DiceSides\DiceAddMod% + \StrCut{\DiceSides}{-}\DiceSides\DiceSubMod% + \FPeval{\DiceAvg}{(\DiceSides+1)/2*\DiceNum}% calculate avg roll + \IfInteger{\DiceAddMod}{% + \FPadd{\DiceAvg}{\DiceAvg}{\DiceAddMod}% add value + \def\DiceMod{ + \DiceAddMod}% + }{% + \IfInteger{\DiceSubMod}{% + \FPsub{\DiceAvg}{\DiceAvg}{\DiceSubMod}% subtract value + \def\DiceMod{ \(-\) \DiceSubMod}% + }{% + \def\DiceMod{}% + }% + }% + \FPtrunc{\DiceAvg}{\DiceAvg}{0}% round down + \FPprint{\DiceAvg\ (\DiceNum d\DiceSides\DiceMod)} +} + +% Monster box made to look like the Monster Manual NPC definitions +\newtcolorbox{monsterboxnobg}[2][]{ + enhanced, + frame hidden, + before skip=7pt plus2pt, + boxrule=0pt, + breakable, + boxsep=0.25ex, + toptitle=3mm, + left=2.5mm, + right=2.15mm, + arc=0mm, + opacityback=0, + colframe=titlered, + fonttitle=\jebba@StatBlockTitleFont\color{titlered}\Large, + fontupper=\jebba@StatBlockBodyFont, + title=#2, + after={\vspace{7pt plus 1pt}\noindent}, + #1 +} + +% new Monsterbox +\newtcolorbox{monsterbox}[2][]{ + enhanced, + frame hidden, + before skip=7pt plus2pt, + boxrule=0pt, + breakable, + boxsep=0.25ex, + toptitle=3mm, + left=2.5mm, + right=2.15mm, + arc=0mm, + borderline north={4pt}{0pt}{titlered}, + borderline north={2.5pt}{0.75pt}{statblockribbon}, + borderline south={4pt}{0pt}{titlered}, + borderline south={2.5pt}{0.75pt}{statblockribbon}, + colback=statblockbg, + colbacktitle=statblockbg, + colframe=titlered, + fonttitle=\jebba@StatBlockTitleFont\color{titlered}\Large, + fontupper=\jebba@StatBlockBodyFont, + title=#2, + after={\vspace{7pt plus 1pt}\noindent}, + #1 +} + + +% Define Monster subsection header style +%\newcommand{\monstersection}[1]{\subsubsection*{#1}} +\newcommand{\monstersection}[1]{ + {\par + \color{titlered}\jebba@StatBlockSubtitleFont\large #1 \vspace{3pt} + \titleline{\color{titlered}\titlerule[0.6pt]} + \par\medskip} + } + +\newenvironment{monsteraction}[1][\unskip]{\emph{\textbf{#1.}}}{\vspace{0.5em}} + +% +% Macros for use within the monster environment +% +\newkeycommand\basics[armorclass=0, hitpoints=0, speed=0]{% + \color{titlered} + \textbf{\armorclassname} \commandkey{armorclass}\\ + \textbf{\hitpointsname} \commandkey{hitpoints}\\ + \textbf{\speedname} \commandkey{speed}\\ +} + +% Taubular enviornment for stats-block +\newkeycommand\stats[STR=\stat{10}, + DEX=\stat{10}, + CON=\stat{10}, + INT=\stat{10}, + WIS=\stat{10}, + CHA=\stat{10}]{ + {\footnotesize + \hspace*{-3.5pt} + \resizebox{0.97\linewidth}{\height}{ + \begin{tabular}{cccccc} + \rule{0pt}{3.7mm} %adds space between hline and table + \textbf{\strstatname} & \textbf{\dexstatname} & \textbf{\constatname} & \textbf{\intstatname} & \textbf{\wisstatname} & \textbf{\chastatname}\\ + \commandkey{STR} & \commandkey{DEX} & \commandkey{CON} & \commandkey{INT} & \commandkey{WIS} & \commandkey{CHA} + \end{tabular} + } + \\[0.4em] %adds space after table + } +} + +\newkeycommand\details[skills=, + damageimmunities=, + savingthrows=, + conditionimmunities=, + damageresistances=, + damagevulnerabilities=, + senses=---, + languages=---, + challenge=0]{% + \ifcommandkey{savingthrows} + {\textbf{\savesname} \commandkey{savingthrows}\\}{} + \ifcommandkey{skills} + {\textbf{\skillsname} \commandkey{skills}\\}{} + \ifcommandkey{damagevulnerabilities} + {\textbf{\dvulname} \commandkey{damagevulnerabilities}\\}{} + \ifcommandkey{damageresistances} + {\textbf{\dresname} \commandkey{damageresistances}\\}{} + \ifcommandkey{damageimmunities} + {\textbf{\dimmname} \commandkey{damageimmunities}\\}{} + \ifcommandkey{conditionimmunities} + {\textbf{\cimmname} \commandkey{conditionimmunities}\\}{} + % These traits appear to always be present. + {\textbf{\sensesname} \commandkey{senses}\\} + {\textbf{\languagesname} \commandkey{languages}\\} + {\textbf{\challengename} \commandkey{challenge}\\} +\color{black} +} diff --git a/source/lib/jebbapaperbox.sty b/source/lib/jebbapaperbox.sty new file mode 100644 index 0000000..9b876e9 --- /dev/null +++ b/source/lib/jebbapaperbox.sty @@ -0,0 +1,30 @@ +%Usage \begin{paperbox}[options]{title}[color] +\DeclareTColorBox{paperbox}{O{} m O{paperboxcolor}}{% + before upper={\nottoggle{justified}{\RaggedRight}}, + frame hidden, + boxrule=0pt, + enhanced, + before skip=11pt plus 1pt, + toptitle=3mm, + boxsep=0.25ex, + left=8pt, + right=8pt, + fonttitle=\jebba@BoxTitleFont\color{black}, + fontupper=\jebba@BoxBodyFont, + title={#2}, + arc=0mm, + parbox=false, + borderline north={1pt}{-0.5pt}{black}, + borderline south={1pt}{-0.5pt}{black}, + colback={#3}, + colbacktitle={#3}, + fuzzy shadow={0mm}{-3.5pt}{-0.5pt}{0.4mm}{black!60!white}, + overlay={% + \fill[black] (frame.south west) -- ++ (7pt,0) -- ++ (0,-5pt) -- cycle; + \fill[black] (frame.north west) -- ++ (7pt,0) -- ++ (0,5pt) -- cycle; + \fill[black] (frame.north east) -- ++ (-7pt,0) -- ++ (0,5pt) -- cycle; + \fill[black] (frame.south east) -- ++ (-7pt,0) -- ++ (0,-5pt) -- cycle; + }, + after={\vspace{10pt plus 1pt}\noindent}, + #1 +} diff --git a/source/lib/jebbaquote.sty b/source/lib/jebbaquote.sty new file mode 100644 index 0000000..11de6ea --- /dev/null +++ b/source/lib/jebbaquote.sty @@ -0,0 +1,25 @@ +%Usage \begin{quotebox}[options][color] +\DeclareTColorBox{quotebox}{O{} O{quoteboxcolor}}{% + before upper={\nottoggle{justified}{\RaggedRight}}, + code={\linespread{1.25}}, + enhanced jigsaw, + frame hidden, + boxrule=0pt, + breakable, + enhanced, + before skip=10pt plus 1pt, + boxsep=0.25ex, + left=8pt, + right=8pt, + colback={#2}, + arc=0mm, + parbox=false, + borderline west={1pt}{-0.5pt}{titlered}, + borderline east={1pt}{-0.5pt}{titlered}, + fontupper=\jebba@BoxBodyFont, + overlay={% + \foreach\n in {north east,north west,south east,south west} + {\draw[titlered, fill=titlered] (frame.\n) circle (2pt); }; }, + after={\vspace{7.5pt plus 1pt}\noindent}, + #1 +} diff --git a/source/lib/jebbasections.sty b/source/lib/jebbasections.sty new file mode 100644 index 0000000..39152a4 --- /dev/null +++ b/source/lib/jebbasections.sty @@ -0,0 +1,45 @@ +%\RequirePackage[titles]{tocloft} +%\RequirePackage[toc]{multitoc} +%\RequirePackage{titlesec} % Used to adjust (sub)section formatting + +%Remove Numbering (If you want Numbering set secnumdepth to the appropriate depth) +\setcounter{secnumdepth}{-1} + +% Chapter +\titleformat{\chapter} +{\color{titlered}\jebba@TitleFont\Huge}{\thechapter\quad}{0pt}{} + +\titlespacing*{\chapter}{0pt}{0pt}{20pt} + +\renewcommand\cftchapfont{\color{titlered}\jebba@TitleFont\bfseries} + +% Section +\titleformat{\section} +{\color{titlered}\jebba@TitleFont\LARGE}{\thesection\quad}{0pt}{} + +% Subsection +\titleformat{\subsection} +{\color{titlered}\jebba@TitleFont\Large}{\thesubsection\quad}{0pt}{} +[\titleline{\color{titlegold}\titlerule[1pt]}] + +% Subsubsection +\titleformat{\subsubsection} +{\color{titlered}\jebba@TitleFont\large}{\thesubsubsection\quad}{0pt}{}[] + +% Paragraph +\titleformat{\paragraph}[runin] +{\normalfont\normalsize\bfseries\slshape}{\theparagraph\quad}{0pt}{}[.] +\titlespacing*{\paragraph} +{0pt}{\parskip}{\wordsep} + +% Subparagraph +\titleformat{\subparagraph}[runin] +{\normalfont\normalsize\bfseries\slshape}{\thesubparagraph\quad}{0pt}{}[.] +\titlespacing*{\subparagraph} +{\parindent}{\parskip}{\wordsep} + +% Special command for magic items, traps, and the like. +\newcommand{\subtitlesection}[2]{ + \subsubsection{#1}\vspace{-1ex} + \textit{#2}\vspace{1ex}\par + } diff --git a/source/lib/jebbaspell.sty b/source/lib/jebbaspell.sty new file mode 100644 index 0000000..d65ea8f --- /dev/null +++ b/source/lib/jebbaspell.sty @@ -0,0 +1,15 @@ +\newcommand{\spellheader}[6]{ + \subtitlesection{#1}{#2} + \vspace{-1ex} % subtitlesection artefact; topsep also changes bottom spacing. + \begin{description}[font=\normalfont\textbf,noitemsep,topsep=1ex,leftmargin=1em] + \item[Casting Time:] #3 + \item[Range:] #4 + \item[Components:] #5 + \item[Duration:] #6 + \end{description} +} + +\newenvironment{spell}[6] + {\spellheader{#1}{#2}{#3}{#4}{#5}{#6}} + % Environment encloses description. +{\vspace{\baselineskip}} diff --git a/source/lib/jebbastrings-captions.sty b/source/lib/jebbastrings-captions.sty new file mode 100755 index 0000000..e96231a --- /dev/null +++ b/source/lib/jebbastrings-captions.sty @@ -0,0 +1,26 @@ +% Italian captions +\addto\captionsitalian{% + \def\armorclassname{Classe Armatura} + \def\hitpointsname{Punti Ferita} + \def\speedname{Velocit\`a} + \def\strstatname{FOR} + \def\dexstatname{DES} + \def\constatname{COS} + \def\intstatname{INT} + \def\wisstatname{SAG} + \def\chastatname{CAR} + \def\skillsname{Abilit\`a} + \def\dimmname{Immunità Danni} + \def\dvulname{Debolezze Danni} + \def\dresname{Resistenze Danni} + \def\cimmname{Immunit\`a Condizioni} + \def\savesname{Tiri Salvezza} + \def\sensesname{Sensi} + \def\languagesname{Linguaggi} + \def\challengename{Sfida} +} + + +% To add captions for other languages, copy and paste the template in +% captions-template.txt in this file, then fill out all the fields with your +% translations. diff --git a/source/lib/jebbastrings.sty b/source/lib/jebbastrings.sty new file mode 100755 index 0000000..87707a7 --- /dev/null +++ b/source/lib/jebbastrings.sty @@ -0,0 +1,32 @@ +% Define all strings as new macros instead of hardcoding them in the +% TeX files. This then allows us to add captions for multilanguage support. +\newcommand\armorclassname{Armor Class} +\newcommand\hitpointsname{Hit Points} +\newcommand\speedname{Speed} + +\newcommand\strstatname{STR} +\newcommand\dexstatname{DEX} +\newcommand\constatname{CON} +\newcommand\intstatname{INT} +\newcommand\wisstatname{WIS} +\newcommand\chastatname{CHA} + +\newcommand\skillsname{Skills} +\newcommand\dimmname{Damage Immunities} +\newcommand\dvulname{Damage Vulnerabilities} +\newcommand\dresname{Damage Resistances} +\newcommand\cimmname{Condition Immunities} +\newcommand\savesname{Saving Throws} +\newcommand\sensesname{Senses} +\newcommand\languagesname{Languages} +\newcommand\challengename{Challenge} + + +% Check if either babel or polyglossia have been loaded, +% in which case load the string captions +\@ifpackageloaded{babel}{ + \usepackage{lib/jebbastrings-captions} +}{} +\@ifpackageloaded{polyglossia}{ + \usepackage{lib/jebbastrings-captions} +}{} diff --git a/source/lib/jebbatable.sty b/source/lib/jebbatable.sty new file mode 100644 index 0000000..4cc23a7 --- /dev/null +++ b/source/lib/jebbatable.sty @@ -0,0 +1,35 @@ +% Table Header +\newcommand{\header}[1]{{ + \par\vspace*{8pt} + \noindent + \jebba@TableTitleFont + #1}} + +% Centered Column +\newcolumntype{Y}{>{\centering\arraybackslash}X} + +% Table Environment +\NewDocumentEnvironment{jebbatable}{O{XX} O{tablecolor}}{% + \par\vspace*{8pt} + \noindent + \jebba@TableBodyFont + \rowcolors{1}{}{#2} + \tabularx{\linewidth}{#1} + }{% + \endtabularx + \vspace{8pt plus 1pt} + \noindent + } + +\newenvironment{jebbaitemtable}[1][XX]{% + \jebba@deprecate{jebbaitemtable}{0.7}[Set tablecolor and use jebbatable instead.] + \par\vspace*{8pt} + \noindent + \jebba@TableBodyFont + \rowcolors{1}{}{DmgCoral} + \tabularx{\linewidth}{#1} + }{% + \endtabularx + \vspace{8pt plus 1pt} + \noindent + } diff --git a/source/lmroman12-regular.otf b/source/lmroman12-regular.otf new file mode 100644 index 0000000..bfe9708 Binary files /dev/null and b/source/lmroman12-regular.otf differ diff --git a/source/resources/SHA256SUM b/source/resources/SHA256SUM new file mode 100644 index 0000000..62dac70 --- /dev/null +++ b/source/resources/SHA256SUM @@ -0,0 +1,22 @@ +e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 ./SHA256SUM +b1861503f0a41f1f2bef8fbfba32501d871ef4c5fd073c3b9272c71a7b1e7ea5 ./STATS +825577f3fd900576c119d0a6191de16bf2d55fb84e6749921710b293e5fd1889 ./apps/iptables/etc/iptables +4b50c760daa85619a74f1c635b26807fcc7f8bedb90bd22893de8c98f3d78ff1 ./apps/iptables/etc/iptables.test.rules +03e673de76f6aece8473a8441b0c921368f675ea234b62fa58708427a1b69346 ./apps/oca/etc/init.d/openerp-server +a149aa2a11f17a20eda8f32e2ef5b34e403b772d53f1dcd2a62bd44b166c2122 ./apps/oca/lib/systemd/system/odoo-server.service +72d2cb138dfae349f5029b27dae74d13745061233fcebb79ef3d38eb4836183a ./apps/oca/oca11-addons +3d793228bd669725954044abb7901b38d6aa2fc397ee2d9fd65e46973a6e4365 ./apps/oca/oca-install.sh +36b8bf27d09d3f67387f1febc34212a137341d18d25da3e47767fe8e8a56054f ./apps/oca/oca-manual-modules +3d742d5b59b2a2d7e3c500be929d001bc3685b3a755ec8e913e82a90c87d58ec ./apps/oca/odoo9-modules +eec3af072498c00dd207f85d05de93ae81b4a0a6f4d31aa6b1dfb31af84eb07f ./apps/odoo/odoo11-deb-install.sh +8e0ee0af15f20e6a5120f9bca4b073532002f8d309dc365c64734b111c03ae4e ./apps/ssh/socks-chain.sh +646c3cdef108cf891d9d5279971f3da8a708d78b9cb18da832043ba3048cfacf ./apps/ssh/socks-proxy.sh +b318da9ebbe0bc3b5b80efda6c8594b2017736d8e32d3ff74aaefb727cf1fb0e ./apps/sunstone/etc/one/sunstone-logos.yaml +34f5df58f4f6fce5985378c946c8b9718567a1454f171e2629b33e37ce0ca87f ./apps/sunstone/etc/one/sunstone-views.yaml +1802daa96fe2a7373059b86ae166f008591aad4304eb8176e1c20f56e61e7df8 ./apps/yadifa-master/etc/yadifa/yadifad.conf +e2c4028695f3ac6b6ed8afb963a7821589b94ed81a2d068d7480b809d402c830 ./apps/yadifa-master/var/lib/yadifa/masters/solipsists.org.zone +705f36a12aee30e8510e5d06f1d3dd471a82aa518e00648a83f8f9d1146b8186 ./apps/yadifa-slave/etc/yadifa/yadifad.conf +1966009066a265b65574003bc5f338ee4c2595c010ece34e9e428c526b974fd5 ./apps/yadifa/var/lib/yadifa/masters/0.0.127.in-addr.arpa.zone +93847412dc586aa627b7c8d9c7f9f08223d62bd7297bb02058b57aaa4e92e220 ./apps/yadifa/var/lib/yadifa/masters/localhost.zone +29a180a3849349df01041152a06c3af2b9c1fc13b2d4da07fa1196ff6aff9de9 ./make-sources-list.sh +28dff76725cfbe3e4dcf70120f0393422507443fa5b6a62e1814bd44fb62161e ./txt2qrpng.sh diff --git a/source/resources/STATS b/source/resources/STATS new file mode 100644 index 0000000..9cbf696 --- /dev/null +++ b/source/resources/STATS @@ -0,0 +1,2 @@ +There are 22 source code files included. +There are 22 unique files. diff --git a/source/resources/apps/iptables/etc/QR/iptables.png b/source/resources/apps/iptables/etc/QR/iptables.png new file mode 100644 index 0000000..4a53247 Binary files /dev/null and b/source/resources/apps/iptables/etc/QR/iptables.png differ diff --git a/source/resources/apps/iptables/etc/QR/iptables.test.rules.png b/source/resources/apps/iptables/etc/QR/iptables.test.rules.png new file mode 100644 index 0000000..aead506 Binary files /dev/null and b/source/resources/apps/iptables/etc/QR/iptables.test.rules.png differ diff --git a/source/resources/apps/iptables/etc/iptables b/source/resources/apps/iptables/etc/iptables new file mode 100644 index 0000000..3a4df52 --- /dev/null +++ b/source/resources/apps/iptables/etc/iptables @@ -0,0 +1,3 @@ +#!/bin/bash +# iptables +/sbin/iptables-restore < /etc/iptables.up.rules diff --git a/source/resources/apps/iptables/etc/iptables.test.rules b/source/resources/apps/iptables/etc/iptables.test.rules new file mode 100644 index 0000000..9e02476 --- /dev/null +++ b/source/resources/apps/iptables/etc/iptables.test.rules @@ -0,0 +1,23 @@ +# iptables.test.rules +*filter +# Allows all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0 +-A INPUT -i lo -j ACCEPT +# Accepts all established inbound connections +-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT +# Allows all outbound traffic +# You could modify this to only allow certain traffic +-A OUTPUT -j ACCEPT +# DNS +-A INPUT -p tcp --dport 53 -j ACCEPT +-A INPUT -p udp --dport 53 -j ACCEPT +# SSH Access Port +-A INPUT -p tcp --dport 22 -j ACCEPT +-A INPUT -p tcp --dport 49824 -j ACCEPT +# Allow ping +#-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT +# log iptables denied calls (access via 'dmesg' command) +-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7 +# Reject all other inbound - default deny unless explicitly allowed policy: +-A INPUT -j REJECT +-A FORWARD -j REJECT +COMMIT diff --git a/source/resources/apps/oca/etc/init.d/openerp-server b/source/resources/apps/oca/etc/init.d/openerp-server new file mode 100755 index 0000000..0433960 --- /dev/null +++ b/source/resources/apps/oca/etc/init.d/openerp-server @@ -0,0 +1,85 @@ +#!/bin/sh +### BEGIN INIT INFO +# Provides: odoo-server +# Required-Start: $remote_fs $syslog +# Required-Stop: $remote_fs $syslog +# Should-Start: $network +# Should-Stop: $network +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Odoo ERP +# Description: Odoo is a complete ERP business solution. +### END INIT INFO + +PATH=/bin:/sbin:/usr/bin +# Change the Odoo source files location according your needs. +DAEMON=/opt/odoo/openerp-server +# Use the name convention of your choice +NAME=odoo-server +DESC=odoo-server + +# Specify the user name (Default: odoo). +USER=odoo + +# Specify an alternate config file (Default: /etc/odoo-server.conf). +CONFIGFILE="/etc/odoo-server.conf" + +# pidfile +PIDFILE=/var/run/$NAME.pid + +# Additional options that are passed to the Daemon. +DAEMON_OPTS="-c $CONFIGFILE" + +[ -x $DAEMON ] || exit 0 +[ -f $CONFIGFILE ] || exit 0 + +checkpid() { +[ -f $PIDFILE ] || return 1 +pid=`cat $PIDFILE` +[ -d /proc/$pid ] && return 0 +return 1 +} + +case "${1}" in +start) +echo -n "Starting ${DESC}: " + +start-stop-daemon --start --quiet --pidfile ${PIDFILE} \ +--chuid ${USER} --background --make-pidfile \ +--exec ${DAEMON} -- ${DAEMON_OPTS} + +echo "${NAME}." +;; + +stop) +echo -n "Stopping ${DESC}: " + +start-stop-daemon --stop --quiet --pidfile ${PIDFILE} \ +--oknodo + +echo "${NAME}." +;; + +restart|force-reload) +echo -n "Restarting ${DESC}: " + +start-stop-daemon --stop --quiet --pidfile ${PIDFILE} \ +--oknodo + +sleep 1 + +start-stop-daemon --start --quiet --pidfile ${PIDFILE} \ +--chuid ${USER} --background --make-pidfile \ +--exec ${DAEMON} -- ${DAEMON_OPTS} + +echo "${NAME}." +;; + +*) +N=/etc/init.d/${NAME} +echo "Usage: ${NAME} {start|stop|restart|force-reload}" >&2 +exit 1 +;; +esac + +exit 0 diff --git a/source/resources/apps/oca/lib/systemd/system/odoo-server.service b/source/resources/apps/oca/lib/systemd/system/odoo-server.service new file mode 100644 index 0000000..3af4e44 --- /dev/null +++ b/source/resources/apps/oca/lib/systemd/system/odoo-server.service @@ -0,0 +1,17 @@ +[Unit] +Description=Odoo Open Source ERP and CRM +Requires=postgresql.service +After=network.target postgresql.service + +[Service] +Type=simple +PermissionsStartOnly=true +SyslogIdentifier=odoo-server +User=odoo +Group=odoo +ExecStart=/opt/odoo/odoo-bin --config=/etc/odoo-server.conf --addons-path=/opt/odoo/addons/ +WorkingDirectory=/opt/odoo/ +StandardOutput=journal+console + +[Install] +WantedBy=multi-user.target diff --git a/source/resources/apps/oca/oca-install.sh b/source/resources/apps/oca/oca-install.sh new file mode 100755 index 0000000..27875e4 --- /dev/null +++ b/source/resources/apps/oca/oca-install.sh @@ -0,0 +1,199 @@ +#!/bin/bash +# oca-install.sh +# GPLv3+ +# OCB 11 worked, no OCA modules. +# Is OCB best git repo to use as base ??? XXX +# +set -x + +apt-get install \ + postgresql-all + +# XXX set up postgres config. +sudo su - postgres -c "createuser -s oca" +sudo -u postgres psql -c "CREATE USER oca WITH password 'XXX';" +sudo -u postgres psql -c "ALTER USER oca CREATEDB;" + +sudo -u postgres createuser odoo -U postgres -dRSP + +#sudo adduser --system --home=/opt/oca --group oca +sudo adduser --system --home=/opt/odoo --group odoo + +sudo mkdir /var/log/oca +sudo mkdir /var/log/odoo + +# uh, add to /root/.bashrc XXX +#export PYTHONPATH=/opt/odoo + +# XXX Oh boy +root@ns32:/opt/odoo# pip install -e . + +# if you install gis module +sudo apt-get install postgis + + +sudo git clone https://www.github.com/odoo/odoo --depth 1 --branch 9.0 --single-branch /opt/odoo +#sudo git clone https://www.github.com/odoo/odoo --depth 1 --branch 10.0 --single-branch /opt/odoo + +sudo chown -R odoo: /opt/odoo/ +sudo chown odoo:root /var/log/odoo +sudo chown odoo: /etc/odoo-server.conf +sudo chmod 640 /etc/odoo-server.conf + +# 9, get openerp-server for /etc/init.d/ + +# 10+ +sudo systemctl start odoo-server +sudo systemctl status odoo-server + + +apt-get install \ + python-pip \ + libxml2-dev python-libxml2 \ + libxslt1-dev \ + cython \ + libldap2-dev \ + zlib1g-dev \ + libgsasl7-dev libsasl2-dev \ + libevent-dev \ + python-babel python-decorator python-docutils python-feedparser python-gevent python-greenlet python-html2text python-jinja2 python-lxml python-mako python-markupsafe python-mock python-ofxparse python-passlib python-pil python-psutil python-psycopg2 python-pydot python-pyldap python-pyparsing python-pypdf2 python-serial python-dateutil python-arrow python-usb python-yaml python-qrcode python-reportlab python-requests python-six python-suds python-vatnumber python-vobject python-werkzeug python-xlsxwriter python-xlwt python-xlrd wkhtmltopdf python-pdfkit + + +# Build deps when building from source/git: +# XXX installs everything that matches node-*, because I'm not sure what all is needed +# These are python3 versions: +apt-get install \ + python3-pip \ + libxml2-dev python3-libxml2 \ + libxslt1-dev \ + cython3 \ + libldap2-dev \ + python3-pyldap python3-ldap3 \ + zlib1g-dev \ + libgsasl7-dev libsasl2-dev \ + libevent-dev \ + python3-babel python3-decorator python3-docutils python3-feedparser python3-gevent python3-greenlet python3-html2text python3-jinja2 python3-lxml python3-mako python3-markupsafe python3-mock python3-ofxparse python3-passlib python3-pil python3-psutil python3-psycopg2 python3-pydot python3-pyldap python3-pyparsing python3-pypdf2 python3-serial python3-dateutil python3-arrow python3-usb python3-yaml python3-qrcode python3-reportlab python3-requests python3-six python3-suds python3-vatnumber python3-vobject python3-werkzeug python3-xlsxwriter python-xlwt python3-xlrd wkhtmltopdf python3-pdfkit + +# `apt-cache search node | grep ^node- |cut -f 1 -d " "` \ +# nodeenv nodejs nodejs-dev nodejs-legacy \ +# node-read-package-json node-normalize-package-data +# nodejs nodejs-legacy \ + +# Per: https://www.linode.com/docs/websites/cms/install-odoo-10-on-ubuntu-16-04 adapted for Debian +apt-get install git python-pip postgresql postgresql-server-dev-all python-all-dev python-dev python-setuptools libxml2-dev libxslt1-dev libevent-dev libsasl2-dev libldap2-dev pkg-config libtiff5-dev libjpeg-dev zlib1g-dev libfreetype6-dev liblcms2-dev liblcms2-utils libwebp-dev tcl8.6-dev tk8.6-dev python-tk libyaml-dev fontconfig + + +apt-get clean + +# XXX fails with some mercurial thing or similar, idk +# maybe just for 11+ ? +sudo pip3 install -r /opt/odoo/doc/requirements.txt +sudo pip3 install -r /opt/odoo/requirements.txt + +# For 2.7 versions +sudo pip install -r /opt/odoo/doc/requirements.txt +sudo pip install -r /opt/odoo/requirements.txt + +# Install npm, not in Debian +# XXX Doesn't work, known bug: +# https://github.com/npm/npm/issues/18524 +#curl -L https://npmjs.org/install.sh | sh + +# curl -sL https://deb.nodesource.com/setup_4.x | sudo -E bash - + +curl -sL https://deb.nodesource.com/setup_8.x | bash - +apt-get install -y nodejs +#npm install -g less +npm install -g less less-plugin-clean-css + +cp /opt/odoo/debian/odoo.conf /etc/odoo-server.conf + +vim /lib/systemd/system/odoo-server.service +# doesn't want execute bits +#chmod 755 /lib/systemd/system/odoo-server.service +chown root: /lib/systemd/system/odoo-server.service + + +### Addons and Modules +# +# As jebba... +#git clone https://github.com/OCA/maintainer-tools.git + +# Note, this is 2.2 gigs +git clone https://github.com/OCA/OCB.git +cd OCB/ +#git checkout remotes/origin/10.0 +git checkout remotes/origin/9.0 +pip3 install -r requirements.txt + +cp -p debian/odoo.conf ~/oca.conf +# Change username to oca +vim ~/odoo.conf + +# First time to init new modules ??? XXX +./odoo-bin --init=all -d oca2 --config=/home/jebba/oca.conf + +# XXX auto +./odoo-bin \ + -d oca2 \ + --config=/home/jebba/odoo.conf + +# On workstation, create tunnel: +ssh -N -C -L 8069:localhost:8069 ns32 +# and open in browser: +# http://localhost:8069 + +# XXX, deps below fail. +#sudo pip install wand +apt install python-simplejson +#apt install python3-simplejson +# as jebba, on server: +mkdir OCA +cd OCA/ +for i in `cat ../oca11-addons` + do git clone $i +done + +pip uninstall odoo9-addon-server-environment odoo9-addon-server-environment-files-sample odoo9-addon-server-environment-ir-config-parameter + +# NO: +# HMM, to autofind modules for OCA. +# As root, or not: +export PIP_FIND_LINKS="https://wheelhouse.odoo-community.org/oca" +# Fails as jebba because wants to write to /usr/local +# XXX TOTAL KLUDGE: +sudo chown -R jebba /usr/local +# run as jebba: +pip3 install odoo-autodiscover +pip3 install setuptools-odoo +# uh, as root, odoo 9 +pip install odoo-autodiscover +pip install setuptools-odoo + +# Meh, odoo-autodiscover says this command must work: +python -c "import odoo.api" +# But this does: +python3 -c "import odoo.api" + + +# For OCA modules: +# still fails. +apt install libminizip1 minizip + +# hw_scanner module needs libevdev2 (?) installed. Maybe also: +# python-evemu - Linux Input Event Device Emulation Library - Python bindings +# python3-evemu - Linux Input Event Device Emulation Library - Python3 bindings +#apt install python-evemu python3-evemu + +# Nope: +hw_scanner +connector_prestashop +mail_environment +server_environment_files + +# To install postgis stuff add to db: +sudo su - postgres +psql +CREATE EXTENSION postgis; +CREATE EXTENSION postgis_topology; + diff --git a/source/resources/apps/oca/oca-manual-modules b/source/resources/apps/oca/oca-manual-modules new file mode 100644 index 0000000..260d593 --- /dev/null +++ b/source/resources/apps/oca/oca-manual-modules @@ -0,0 +1,18 @@ +Install: +l10n_us United States Accounting + +account_enterprise_remove Account - Remove Enterprise Features +account_analytic_distribution - Account Analytic Distribution +account_bank_statement_import - Account Bank Statement Import (OFX) +account_check_deposit - Account Check Deposit +account_check_printing_report_base - Account Check Printing Report Base +account_invoice_view_payment - Account Invoice View Payment +account_mass_reconcile - Account Mass Reconcile +account_mass_reconcile_by_purchase_line - Account Mass Reconcile by Purchase Line +account_move_line_product - Account Move Line Product +account_move_line_purchase_info - Account Move Line Purchase Info +account_move_line_stock_info - Account Move Line Stock Move +account_partner_reconcile - Account Partner Reconcile +account_payment_mode - Account Payment Mode +account_payment_order - Account Payment Order + diff --git a/source/resources/apps/oca/oca11-addons b/source/resources/apps/oca/oca11-addons new file mode 100644 index 0000000..348a996 --- /dev/null +++ b/source/resources/apps/oca/oca11-addons @@ -0,0 +1,54 @@ +https://github.com/OCA/account-analytic.git +https://github.com/OCA/account-budgeting.git +https://github.com/OCA/account-closing.git +https://github.com/OCA/account-consolidation.git +https://github.com/OCA/account-financial-reporting.git +https://github.com/OCA/account-financial-tools.git +https://github.com/OCA/account-fiscal-rule.git +https://github.com/OCA/account-invoice-reporting.git +https://github.com/OCA/account-invoicing.git +https://github.com/OCA/account-payment.git +https://github.com/OCA/account-reconcile.git +https://github.com/OCA/bank-payment.git +https://github.com/OCA/bank-statement-import.git +https://github.com/OCA/business-requirement.git +https://github.com/OCA/community-data-files.git +https://github.com/OCA/connector-telephony.git +https://github.com/OCA/contract.git +https://github.com/OCA/crm.git +https://github.com/OCA/delivery-carrier.git +https://github.com/OCA/geospatial.git +https://github.com/OCA/infrastructure-dns.git +https://github.com/OCA/interface-github.git +https://github.com/OCA/knowledge.git +https://github.com/OCA/l10n-usa.git +https://github.com/OCA/maintenance.git +https://github.com/OCA/management-system.git +https://github.com/OCA/manufacture.git +https://github.com/OCA/manufacture-reporting.git +https://github.com/OCA/margin-analysis.git +https://github.com/OCA/mis-builder.git +https://github.com/OCA/multi-company.git +https://github.com/OCA/oca-custom.git +https://github.com/OCA/partner-contact.git +https://github.com/OCA/product-attribute.git +https://github.com/OCA/product-kitting.git +https://github.com/OCA/project.git +https://github.com/OCA/project-reporting.git +https://github.com/OCA/purchase-reporting.git +https://github.com/OCA/purchase-workflow.git +https://github.com/OCA/reporting-engine.git +https://github.com/OCA/rma.git +https://github.com/OCA/sale-financial.git +https://github.com/OCA/sale-reporting.git +https://github.com/OCA/server-backend.git +https://github.com/OCA/server-brand.git +https://github.com/OCA/server-tools.git +https://github.com/OCA/stock-logistics-reporting.git +https://github.com/OCA/stock-logistics-tracking.git +https://github.com/OCA/stock-logistics-transport.git +https://github.com/OCA/stock-logistics-warehouse.git +https://github.com/OCA/stock-logistics-workflow.git +https://github.com/OCA/vertical-community.git +https://github.com/OCA/vertical-isp.git +https://github.com/OCA/vertical-realestate.git diff --git a/source/resources/apps/oca/odoo9-modules b/source/resources/apps/oca/odoo9-modules new file mode 100644 index 0000000..10da852 --- /dev/null +++ b/source/resources/apps/oca/odoo9-modules @@ -0,0 +1,764 @@ +odoo9-addon-account-analytic-distribution +odoo9-addon-account-analytic-no-lines +odoo9-addon-account-analytic-parent +odoo9-addon-account-analytic-required +odoo9-addon-account-asset-depr-line-cancel +odoo9-addon-account-balance-line +odoo9-addon-account-balance-reporting +odoo9-addon-account-bank-statement-import-camt +odoo9-addon-account-bank-statement-import-camt-details +odoo9-addon-account-bank-statement-import-fr-cfonb +odoo9-addon-account-bank-statement-import-move-line +odoo9-addon-account-bank-statement-import-qif +odoo9-addon-account-banking-fr-lcr +odoo9-addon-account-banking-mandate +odoo9-addon-account-banking-mandate-sale +odoo9-addon-account-banking-pain-base +odoo9-addon-account-banking-sepa-credit-transfer +odoo9-addon-account-banking-sepa-direct-debit +odoo9-addon-account-chart-update +odoo9-addon-account-check-deposit +odoo9-addon-account-check-printing-report-base +odoo9-addon-account-check-printing-report-dlt103 +odoo9-addon-account-credit-control +odoo9-addon-account-cutoff-base +odoo9-addon-account-cutoff-prepaid +odoo9-addon-account-draft-invoice-print +odoo9-addon-account-due-list +odoo9-addon-account-due-list-aging-comments +odoo9-addon-account-due-list-days-overdue +odoo9-addon-account-due-list-payment-mode +odoo9-addon-account-enterprise-remove +odoo9-addon-account-financial-report-horizontal +odoo9-addon-account-financial-report-qweb +odoo9-addon-account-fiscal-position-rule +odoo9-addon-account-fiscal-position-rule-purchase +odoo9-addon-account-fiscal-position-rule-sale +odoo9-addon-account-fiscal-position-vat-check +odoo9-addon-account-fiscal-year +odoo9-addon-account-invoice-blocking +odoo9-addon-account-invoice-check-total +odoo9-addon-account-invoice-currency +odoo9-addon-account-invoice-fiscal-position-update +odoo9-addon-account-invoice-line-report +odoo9-addon-account-invoice-merge +odoo9-addon-account-invoice-merge-payment +odoo9-addon-account-invoice-merge-purchase +odoo9-addon-account-invoice-pricelist +odoo9-addon-account-invoice-refund-link +odoo9-addon-account-invoice-refund-option +odoo9-addon-account-invoice-rounding +odoo9-addon-account-invoice-search-by-reference +odoo9-addon-account-invoice-start-end-dates +odoo9-addon-account-invoice-supplier-ref-unique +odoo9-addon-account-invoice-tax-required +odoo9-addon-account-invoice-variant-configurator +odoo9-addon-account-invoice-view-payment +odoo9-addon-account-journal-report +odoo9-addon-account-mass-reconcile +odoo9-addon-account-mass-reconcile-by-purchase-line +odoo9-addon-account-mass-reconcile-ref-deep-search +odoo9-addon-account-mass-reconcile-transaction-ref +odoo9-addon-account-move-bankaccount-import +odoo9-addon-account-move-base-import +odoo9-addon-account-move-line-product +odoo9-addon-account-move-line-purchase-info +odoo9-addon-account-move-line-stock-info +odoo9-addon-account-move-locking +odoo9-addon-account-move-so-import +odoo9-addon-account-move-transactionid-import +odoo9-addon-account-multicurrency-revaluation +odoo9-addon-account-multicurrency-revaluation-report +odoo9-addon-account-operating-unit +odoo9-addon-account-operation-rule +odoo9-addon-account-partner-reconcile +odoo9-addon-account-payment-mode +odoo9-addon-account-payment-order +odoo9-addon-account-payment-order-return +odoo9-addon-account-payment-partner +odoo9-addon-account-payment-purchase +odoo9-addon-account-payment-return +odoo9-addon-account-payment-return-import +odoo9-addon-account-payment-return-import-sepa-pain +odoo9-addon-account-payment-sale +odoo9-addon-account-payment-show-invoice +odoo9-addon-account-payment-term-extension +odoo9-addon-account-payment-transfer-reconcile-batch +odoo9-addon-account-permanent-lock-move +odoo9-addon-account-product-fiscal-classification +odoo9-addon-account-renumber +odoo9-addon-account-reporting-weight +odoo9-addon-account-reversal +odoo9-addon-account-tax-balance +odoo9-addon-account-tax-unece +odoo9-addon-account-voucher-operating-unit +odoo9-addon-admin-technical-features +odoo9-addon-analytic-base-department +odoo9-addon-analytic-department +odoo9-addon-analytic-operating-unit +odoo9-addon-asterisk-click2dial +odoo9-addon-attachment-base-synchronize +odoo9-addon-auditlog +odoo9-addon-auth-from-http-remote-user +odoo9-addon-auth-session-timeout +odoo9-addon-auth-signup-verify-email +odoo9-addon-auth-supplier +odoo9-addon-auth-totp +odoo9-addon-auto-backup +odoo9-addon-barcodes-generator-abstract +odoo9-addon-barcodes-generator-partner +odoo9-addon-barcodes-generator-product +odoo9-addon-base-comment-template +odoo9-addon-base-country-state-translatable +odoo9-addon-base-custom-info +odoo9-addon-base-delivery-carrier-label +odoo9-addon-base-export-manager +odoo9-addon-base-external-dbsource +odoo9-addon-base-fontawesome +odoo9-addon-base-geoengine +odoo9-addon-base-geoengine-demo +odoo9-addon-base-import-async +odoo9-addon-base-import-match +odoo9-addon-base-kanban-stage +odoo9-addon-base-location +odoo9-addon-base-location-geonames-import +odoo9-addon-base-manifest-extension +odoo9-addon-base-multi-image +odoo9-addon-base-name-search-improved +odoo9-addon-base-optional-quick-create +odoo9-addon-base-partner-merge +odoo9-addon-base-partner-sequence +odoo9-addon-base-phone +odoo9-addon-base-phone-popup +odoo9-addon-base-report-auto-create-qweb +odoo9-addon-base-report-to-printer +odoo9-addon-base-report-to-printer-mail +odoo9-addon-base-search-fuzzy +odoo9-addon-base-search-mail-content +odoo9-addon-base-setup-enterprise-remove +odoo9-addon-base-suspend-security +odoo9-addon-base-technical-features +odoo9-addon-base-transaction-id +odoo9-addon-base-unece +odoo9-addon-base-user-gravatar +odoo9-addon-base-user-role +odoo9-addon-base-vat-sanitized +odoo9-addon-base-view-inheritance-extension +odoo9-addon-bi-sql-editor +odoo9-addon-bi-view-editor +odoo9-addon-business-requirement +odoo9-addon-business-requirement-deliverable +odoo9-addon-business-requirement-deliverable-categ +odoo9-addon-business-requirement-deliverable-default +odoo9-addon-business-requirement-deliverable-report +odoo9-addon-cmis +odoo9-addon-cms-delete-content +odoo9-addon-cms-form +odoo9-addon-cms-form-example +odoo9-addon-cms-status-message +odoo9-addon-configuration-helper +odoo9-addon-connector +odoo9-addon-connector-base-product +odoo9-addon-connector-ecommerce +odoo9-addon-connector-job-subscribe +odoo9-addon-connector-prestashop +odoo9-addon-connector-prestashop-catalog-manager +odoo9-addon-connector-prestashop-manufacturer +odoo9-addon-contract +odoo9-addon-contract-commission +odoo9-addon-contract-invoice-merge-by-partner +odoo9-addon-contract-mandate +odoo9-addon-contract-payment-mode +odoo9-addon-contract-recurring-analytic-distribution +odoo9-addon-contract-show-invoice +odoo9-addon-contract-variable-quantity +odoo9-addon-crm-action +odoo9-addon-crm-claim-code +odoo9-addon-crm-claim-operating-unit +odoo9-addon-crm-claim-rma +odoo9-addon-crm-claim-rma-code +odoo9-addon-crm-claim-type +odoo9-addon-crm-deduplicate-acl +odoo9-addon-crm-deduplicate-by-ref +odoo9-addon-crm-deduplicate-by-website +odoo9-addon-crm-deduplicate-filter +odoo9-addon-crm-lead-to-event-registration +odoo9-addon-crm-lead-website +odoo9-addon-crm-operating-unit +odoo9-addon-crm-phone +odoo9-addon-crm-phonecall +odoo9-addon-crm-phonecall-summary-predefined +odoo9-addon-crm-rma-location +odoo9-addon-crm-rma-stock-location +odoo9-addon-crm-sale-marketing +odoo9-addon-currency-rate-update +odoo9-addon-customer-activity-statement +odoo9-addon-customer-outstanding-statement +odoo9-addon-database-cleanup +odoo9-addon-date-range +odoo9-addon-datetime-formatter +odoo9-addon-dbfilter-from-header +odoo9-addon-dead-mans-switch-client +odoo9-addon-delivery-carrier-deposit +odoo9-addon-delivery-carrier-label-postlogistics +odoo9-addon-disable-odoo-online +odoo9-addon-document-page +odoo9-addon-document-page-approval +odoo9-addon-document-page-environment-manual +odoo9-addon-document-page-environmental-aspect +odoo9-addon-document-page-health-safety-manual +odoo9-addon-document-page-procedure +odoo9-addon-document-page-quality-manual +odoo9-addon-document-page-work-instruction +odoo9-addon-document-url +odoo9-addon-donation +odoo9-addon-donation-bank-statement +odoo9-addon-donation-base +odoo9-addon-donation-direct-debit +odoo9-addon-donation-recurring +odoo9-addon-donation-sale +odoo9-addon-email-template-qweb +odoo9-addon-event-email-reminder +odoo9-addon-event-phone +odoo9-addon-event-registration-cancel-reason +odoo9-addon-event-registration-mass-mailing +odoo9-addon-event-registration-partner-unique +odoo9-addon-external-file-location +odoo9-addon-fetchmail-bydate +odoo9-addon-fetchmail-notify-error-to-sender +odoo9-addon-fetchmail-thread-default +odoo9-addon-geoengine-maplausanne +odoo9-addon-geoengine-partner +odoo9-addon-geoengine-swisstopo +odoo9-addon-help-online +odoo9-addon-hr-commission +odoo9-addon-hr-contract-operating-unit +odoo9-addon-hr-employee-firstname +odoo9-addon-hr-employee-reference +odoo9-addon-hr-expense-analytic-distribution +odoo9-addon-hr-family +odoo9-addon-hr-holiday-notify-employee-manager +odoo9-addon-hr-holidays-compute-days +odoo9-addon-hr-holidays-leave-auto-approve +odoo9-addon-hr-holidays-legal-leave +odoo9-addon-hr-payroll-cancel +odoo9-addon-hr-payroll-report +odoo9-addon-hr-payslip-change-state +odoo9-addon-hr-phone +odoo9-addon-hr-public-holidays +odoo9-addon-hr-recruitment-phone +odoo9-addon-hr-skill +odoo9-addon-hr-timesheet-sheet-restrict-analytic +odoo9-addon-hr-timesheet-sheet-week-start-day +odoo9-addon-hr-worked-days-from-timesheet +odoo9-addon-html-image-url-extractor +odoo9-addon-html-text +odoo9-addon-intrastat-base +odoo9-addon-invoice-comment-template +odoo9-addon-keychain +odoo9-addon-knowledge +odoo9-addon-kpi +odoo9-addon-l10n-ar-base-country-state +odoo9-addon-l10n-be-antibiotic-tax +odoo9-addon-l10n-be-apb-tax +odoo9-addon-l10n-be-eco-tax +odoo9-addon-l10n-be-iso20022-pain +odoo9-addon-l10n-br-base +odoo9-addon-l10n-br-crm +odoo9-addon-l10n-br-zip +odoo9-addon-l10n-ca-toponyms +odoo9-addon-l10n-ch-bank +odoo9-addon-l10n-ch-bank-statement-import-postfinance +odoo9-addon-l10n-ch-base-bank +odoo9-addon-l10n-ch-dta +odoo9-addon-l10n-ch-fds-postfinance +odoo9-addon-l10n-ch-fds-upload-sepa +odoo9-addon-l10n-ch-hr-payroll +odoo9-addon-l10n-ch-import-cresus +odoo9-addon-l10n-ch-import-winbiz +odoo9-addon-l10n-ch-pain-base +odoo9-addon-l10n-ch-pain-credit-transfer +odoo9-addon-l10n-ch-payment-slip +odoo9-addon-l10n-ch-scan-bvr +odoo9-addon-l10n-ch-states +odoo9-addon-l10n-ch-zip +odoo9-addon-l10n-cn-hr-payroll +odoo9-addon-l10n-cn-partner +odoo9-addon-l10n-ec +odoo9-addon-l10n-ec-config +odoo9-addon-l10n-ec-ote +odoo9-addon-l10n-es +odoo9-addon-l10n-es-account-asset +odoo9-addon-l10n-es-account-balance-report +odoo9-addon-l10n-es-account-bank-statement-import-n43 +odoo9-addon-l10n-es-account-invoice-sequence +odoo9-addon-l10n-es-aeat +odoo9-addon-l10n-es-aeat-mod111 +odoo9-addon-l10n-es-aeat-mod115 +odoo9-addon-l10n-es-aeat-mod303 +odoo9-addon-l10n-es-aeat-sii +odoo9-addon-l10n-es-cnae +odoo9-addon-l10n-es-crm-lead-trade-name +odoo9-addon-l10n-es-irnr +odoo9-addon-l10n-es-partner +odoo9-addon-l10n-es-partner-mercantil +odoo9-addon-l10n-es-toponyms +odoo9-addon-l10n-et-base +odoo9-addon-l10n-eu-nace +odoo9-addon-l10n-fr-base-location-geonames-import +odoo9-addon-l10n-fr-department +odoo9-addon-l10n-fr-department-oversea +odoo9-addon-l10n-fr-naf-ape +odoo9-addon-l10n-fr-siret +odoo9-addon-l10n-fr-state +odoo9-addon-l10n-fr-tax-sale-ttc +odoo9-addon-l10n-it-abicab +odoo9-addon-l10n-it-base-location-geonames-import +odoo9-addon-l10n-it-ddt +odoo9-addon-l10n-it-rea +odoo9-addon-l10n-lu-mis-reports +odoo9-addon-l10n-ma-state +odoo9-addon-l10n-nl-bsn +odoo9-addon-l10n-nl-intrastat +odoo9-addon-l10n-nl-postcodeapi +odoo9-addon-l10n-nl-tax-statement +odoo9-addon-l10n-nl-xaf-auditfile-export +odoo9-addon-letsencrypt +odoo9-addon-mail-as-letter +odoo9-addon-mail-attach-existing-attachment +odoo9-addon-mail-cleanup +odoo9-addon-mail-debrand +odoo9-addon-mail-digest +odoo9-addon-mail-environment +odoo9-addon-mail-log-messages-to-process +odoo9-addon-mail-optional-autofollow +odoo9-addon-mail-optional-follower-notification +odoo9-addon-mail-thread-medical-prescription +odoo9-addon-mail-tracking +odoo9-addon-mail-tracking-mailgun +odoo9-addon-mail-tracking-mass-mailing +odoo9-addon-marketing-crm-partner +odoo9-addon-mass-editing +odoo9-addon-mass-mailing-custom-unsubscribe +odoo9-addon-mass-mailing-enterprise-remove +odoo9-addon-mass-mailing-partner +odoo9-addon-mass-mailing-security-group +odoo9-addon-mass-mailing-unique +odoo9-addon-medical +odoo9-addon-medical-base-us +odoo9-addon-medical-lab +odoo9-addon-medical-manufacturer +odoo9-addon-medical-medicament +odoo9-addon-medical-medicament-component +odoo9-addon-medical-medicament-us +odoo9-addon-medical-medication +odoo9-addon-medical-pathology +odoo9-addon-medical-patient-disease +odoo9-addon-medical-patient-disease-allergy +odoo9-addon-medical-patient-dob +odoo9-addon-medical-pharmacy +odoo9-addon-medical-pharmacy-us +odoo9-addon-medical-physician +odoo9-addon-medical-prescription +odoo9-addon-medical-prescription-state +odoo9-addon-medical-prescription-us +odoo9-addon-membership-variable-period +odoo9-addon-menu-technical-info +odoo9-addon-mgmtsystem +odoo9-addon-mgmtsystem-action +odoo9-addon-mgmtsystem-audit +odoo9-addon-mgmtsystem-claim +odoo9-addon-mgmtsystem-hazard +odoo9-addon-mgmtsystem-info-security-manual +odoo9-addon-mgmtsystem-kpi +odoo9-addon-mgmtsystem-manual +odoo9-addon-mgmtsystem-nonconformity +odoo9-addon-mgmtsystem-probability +odoo9-addon-mgmtsystem-quality +odoo9-addon-mgmtsystem-review +odoo9-addon-mgmtsystem-severity +odoo9-addon-mgmtsystem-survey +odoo9-addon-mis-builder +odoo9-addon-mis-builder-budget +odoo9-addon-module-auto-update +odoo9-addon-module-prototyper +odoo9-addon-mrp-bom-component-menu +odoo9-addon-mrp-bom-dismantling +odoo9-addon-mrp-bom-note +odoo9-addon-mrp-bom-structure-report-level-1 +odoo9-addon-mrp-bom-structure-xlsx +odoo9-addon-mrp-bom-structure-xlsx-level-1 +odoo9-addon-mrp-disable-force-availability-button +odoo9-addon-mrp-production-note +odoo9-addon-mrp-production-partner-note +odoo9-addon-mrp-production-putaway-strategy +odoo9-addon-mrp-production-raw-material-procurement-group +odoo9-addon-mrp-production-request +odoo9-addon-mrp-sale-info +odoo9-addon-oauth-provider +odoo9-addon-oauth-provider-jwt +odoo9-addon-openeducat-achievement +odoo9-addon-openeducat-activity +odoo9-addon-openeducat-admission +odoo9-addon-openeducat-alumni +odoo9-addon-openeducat-assignment +odoo9-addon-openeducat-attendance +odoo9-addon-openeducat-classroom +odoo9-addon-openeducat-core +odoo9-addon-openeducat-erp +odoo9-addon-openeducat-exam +odoo9-addon-openeducat-facility +odoo9-addon-openeducat-fees +odoo9-addon-openeducat-health +odoo9-addon-openeducat-hostel +odoo9-addon-openeducat-l10n-in +odoo9-addon-openeducat-l10n-in-admission +odoo9-addon-openeducat-library +odoo9-addon-openeducat-parent +odoo9-addon-openeducat-placement +odoo9-addon-openeducat-scholarship +odoo9-addon-openeducat-timetable +odoo9-addon-openeducat-transportation +odoo9-addon-operating-unit +odoo9-addon-partner-address-street3 +odoo9-addon-partner-changeset +odoo9-addon-partner-contact-birthdate +odoo9-addon-partner-contact-department +odoo9-addon-partner-contact-gender +odoo9-addon-partner-contact-height +odoo9-addon-partner-contact-in-several-companies +odoo9-addon-partner-contact-job-position +odoo9-addon-partner-contact-lang +odoo9-addon-partner-contact-nationality +odoo9-addon-partner-contact-nutrition +odoo9-addon-partner-contact-nutrition-activity-level +odoo9-addon-partner-contact-nutrition-allergen +odoo9-addon-partner-contact-nutrition-diet +odoo9-addon-partner-contact-nutrition-exclusion +odoo9-addon-partner-contact-nutrition-goal +odoo9-addon-partner-contact-personal-information-page +odoo9-addon-partner-contact-weight +odoo9-addon-partner-default-sale-discount +odoo9-addon-partner-event +odoo9-addon-partner-external-map +odoo9-addon-partner-financial-risk +odoo9-addon-partner-firstname +odoo9-addon-partner-helper +odoo9-addon-partner-identification +odoo9-addon-partner-multi-company +odoo9-addon-partner-multi-image +odoo9-addon-partner-multi-relation +odoo9-addon-partner-password-reset +odoo9-addon-partner-payment-return-risk +odoo9-addon-partner-phone-extension +odoo9-addon-partner-phonecall-schedule +odoo9-addon-partner-ref-unique +odoo9-addon-partner-sale-risk +odoo9-addon-partner-sector +odoo9-addon-partner-stock-risk +odoo9-addon-partner-survey +odoo9-addon-password-security +odoo9-addon-portal-payment-mode +odoo9-addon-pos-access-right +odoo9-addon-pos-customer-display +odoo9-addon-pos-customer-required +odoo9-addon-pos-empty-home +odoo9-addon-pos-price-to-weight +odoo9-addon-pos-quick-logout +odoo9-addon-pos-remove-pos-category +odoo9-addon-pos-session-summary +odoo9-addon-pricelist-per-product +odoo9-addon-printer-tray +odoo9-addon-printer-zpl2 +odoo9-addon-procurement-auto-create-group +odoo9-addon-procurement-operating-unit +odoo9-addon-procurement-purchase-no-grouping +odoo9-addon-product-attribute-priority +odoo9-addon-product-brand +odoo9-addon-product-by-supplier +odoo9-addon-product-custom-info +odoo9-addon-product-dimension +odoo9-addon-product-harmonized-system +odoo9-addon-product-manufacturer +odoo9-addon-product-multi-category +odoo9-addon-product-multi-company +odoo9-addon-product-multi-image +odoo9-addon-product-multi-link +odoo9-addon-product-pricelist-direct-print +odoo9-addon-product-pricelist-item-list-view +odoo9-addon-product-pricelist-tax-included +odoo9-addon-product-replenishment-cost +odoo9-addon-product-sequence +odoo9-addon-product-supplier-code-purchase +odoo9-addon-product-supplierinfo-discount +odoo9-addon-product-supplierinfo-revision +odoo9-addon-product-tax-multicompany-default +odoo9-addon-product-uom +odoo9-addon-product-uom-unece +odoo9-addon-product-variant-configurator +odoo9-addon-product-variant-supplierinfo +odoo9-addon-product-warranty +odoo9-addon-project-change-state +odoo9-addon-project-department +odoo9-addon-project-description +odoo9-addon-project-double-alias +odoo9-addon-project-enterprise-remove +odoo9-addon-project-issue-code +odoo9-addon-project-issue-task +odoo9-addon-project-issue-timesheet-time-control +odoo9-addon-project-stage-closed +odoo9-addon-project-stage-state +odoo9-addon-project-task-add-very-high +odoo9-addon-project-task-code +odoo9-addon-project-task-default-stage +odoo9-addon-project-task-delegate +odoo9-addon-project-task-dependency +odoo9-addon-project-task-digitized-signature +odoo9-addon-project-task-materials +odoo9-addon-project-task-materials-stock +odoo9-addon-project-task-report +odoo9-addon-project-task-send-by-mail +odoo9-addon-project-timeline +odoo9-addon-project-timesheet-time-control +odoo9-addon-purchase-analytic-distribution +odoo9-addon-purchase-batch-invoicing +odoo9-addon-purchase-date-planned-manual +odoo9-addon-purchase-delivery-split-date +odoo9-addon-purchase-discount +odoo9-addon-purchase-fiscal-position-update +odoo9-addon-purchase-location-by-line +odoo9-addon-purchase-open-qty +odoo9-addon-purchase-operating-unit +odoo9-addon-purchase-order-approved +odoo9-addon-purchase-order-type +odoo9-addon-purchase-order-variant-mgmt +odoo9-addon-purchase-picking-state +odoo9-addon-purchase-reporting-weight +odoo9-addon-purchase-request +odoo9-addon-purchase-request-department +odoo9-addon-purchase-request-operating-unit +odoo9-addon-purchase-request-procurement +odoo9-addon-purchase-request-procurement-operating-unit +odoo9-addon-purchase-request-to-procurement +odoo9-addon-purchase-request-to-requisition +odoo9-addon-purchase-request-to-requisition-operating-unit +odoo9-addon-purchase-request-to-rfq +odoo9-addon-purchase-request-to-rfq-operating-unit +odoo9-addon-purchase-request-to-rfq-order-approved +odoo9-addon-purchase-requisition-operating-unit +odoo9-addon-purchase-stock-picking-return-invoicing +odoo9-addon-purchase-stock-picking-return-invoicing-open-qty +odoo9-addon-purchase-variant-configurator +odoo9-addon-purchase-variant-configurator-on-confirm +odoo9-addon-report-custom-filename +odoo9-addon-report-qweb-element-page-visibility +odoo9-addon-report-qweb-pdf-watermark +odoo9-addon-report-wkhtmltopdf-param +odoo9-addon-report-xlsx +odoo9-addon-res-config-settings-enterprise-remove +odoo9-addon-res-partner-affiliate +odoo9-addon-res-partner-attributes-add-BN +odoo9-addon-res-partner-attributes-add-NEQ +odoo9-addon-res-partner-attributes-add-SIN +odoo9-addon-runbot-build-instructions +odoo9-addon-runbot-relative +odoo9-addon-runbot-skip-tests +odoo9-addon-runbot-travis2docker +odoo9-addon-runbot-website-display +odoo9-addon-sale-analytic-distribution +odoo9-addon-sale-automatic-workflow +odoo9-addon-sale-automatic-workflow-payment-mode +odoo9-addon-sale-commission +odoo9-addon-sale-crm-medical-prescription +odoo9-addon-sale-delivery-block +odoo9-addon-sale-delivery-block-proc-group-by-line +odoo9-addon-sale-delivery-rate +odoo9-addon-sale-enterprise-remove +odoo9-addon-sale-exception +odoo9-addon-sale-force-invoiced +odoo9-addon-sale-medical-prescription +odoo9-addon-sale-operating-unit +odoo9-addon-sale-order-line-date +odoo9-addon-sale-order-lot-selection +odoo9-addon-sale-order-price-recalculation +odoo9-addon-sale-order-type +odoo9-addon-sale-order-variant-mgmt +odoo9-addon-sale-packaging-price +odoo9-addon-sale-procurement-group-by-line +odoo9-addon-sale-procurement-group-by-requested-date +odoo9-addon-sale-product-set +odoo9-addon-sale-proforma-report +odoo9-addon-sale-rental +odoo9-addon-sale-reporting-weight +odoo9-addon-sale-revert-done +odoo9-addon-sale-sourced-by-line +odoo9-addon-sale-start-end-dates +odoo9-addon-sale-stock-medical-prescription +odoo9-addon-sale-stock-operating-unit +odoo9-addon-sale-stock-picking-return-invoicing +odoo9-addon-sale-timesheet-invoice-description +odoo9-addon-sale-validity +odoo9-addon-sales-team-multicompany +odoo9-addon-sales-team-operating-unit +odoo9-addon-scheduler-error-mailer +odoo9-addon-server-environment +odoo9-addon-server-environment-files-sample +odoo9-addon-server-environment-ir-config-parameter +odoo9-addon-sql-export +odoo9-addon-sql-request-abstract +odoo9-addon-stock-account-change-product-valuation +odoo9-addon-stock-account-deposit +odoo9-addon-stock-account-quant-merge +odoo9-addon-stock-analytic +odoo9-addon-stock-auto-move +odoo9-addon-stock-available +odoo9-addon-stock-available-immediately +odoo9-addon-stock-available-mrp +odoo9-addon-stock-available-unreserved +odoo9-addon-stock-batch-picking +odoo9-addon-stock-cycle-count +odoo9-addon-stock-demand-estimate +odoo9-addon-stock-deposit +odoo9-addon-stock-disable-force-availability-button +odoo9-addon-stock-enterprise-remove +odoo9-addon-stock-inventory-chatter +odoo9-addon-stock-inventory-discrepancy +odoo9-addon-stock-inventory-exclude-sublocation +odoo9-addon-stock-inventory-lockdown +odoo9-addon-stock-inventory-revaluation +odoo9-addon-stock-inventory-verification-request +odoo9-addon-stock-location-area-data +odoo9-addon-stock-lot-scrap +odoo9-addon-stock-move-partner-info +odoo9-addon-stock-mts-mto-rule +odoo9-addon-stock-no-negative +odoo9-addon-stock-operating-unit +odoo9-addon-stock-orderpoint-generator +odoo9-addon-stock-orderpoint-manual-procurement +odoo9-addon-stock-orderpoint-uom +odoo9-addon-stock-pack-operation-auto-fill +odoo9-addon-stock-partner-lot +odoo9-addon-stock-picking-delivery-rate +odoo9-addon-stock-picking-digitized-signature +odoo9-addon-stock-picking-invoice-link +odoo9-addon-stock-picking-mass-assign +odoo9-addon-stock-picking-operation-quick-change +odoo9-addon-stock-picking-package-preparation +odoo9-addon-stock-picking-package-preparation-line +odoo9-addon-stock-picking-sale-order-link +odoo9-addon-stock-picking-send-by-mail +odoo9-addon-stock-picking-show-backorder +odoo9-addon-stock-picking-show-return +odoo9-addon-stock-picking-tracking +odoo9-addon-stock-picking-transfer-lot-autoassign +odoo9-addon-stock-picking-variant-mgmt +odoo9-addon-stock-putaway-product +odoo9-addon-stock-quant-manual-assign +odoo9-addon-stock-quant-merge +odoo9-addon-stock-quant-reserved-qty-uom +odoo9-addon-stock-removal-location-by-priority +odoo9-addon-stock-reserve +odoo9-addon-stock-scanner +odoo9-addon-stock-scanner-inventory +odoo9-addon-stock-scanner-location-info +odoo9-addon-stock-scanner-receipt +odoo9-addon-stock-scanner-shipping +odoo9-addon-stock-valuation-account-manual-adjustment +odoo9-addon-stock-valued-picking-report +odoo9-addon-stock-warehouse-orderpoint-stock-info +odoo9-addon-stock-warehouse-orderpoint-stock-info-unreserved +odoo9-addon-subcontracted-service +odoo9-addon-subscription-action +odoo9-addon-support-branding +odoo9-addon-survey-one-choice-per-column +odoo9-addon-survey-percent-question +odoo9-addon-test-base-import-async +odoo9-addon-test-configuration-helper +odoo9-addon-users-ldap-mail +odoo9-addon-users-ldap-populate +odoo9-addon-web-access-rule-buttons +odoo9-addon-web-advanced-search-x2x +odoo9-addon-web-decimal-numpad-dot +odoo9-addon-web-dialog-size +odoo9-addon-web-duplicate-visibility +odoo9-addon-web-easy-switch-company +odoo9-addon-web-editor-background-color +odoo9-addon-web-environment-ribbon +odoo9-addon-web-export-view +odoo9-addon-web-favicon +odoo9-addon-web-hide-db-manager-link +odoo9-addon-web-ir-actions-act-window-message +odoo9-addon-web-listview-custom-element-number +odoo9-addon-web-m2x-options +odoo9-addon-web-menu-collapsible +odoo9-addon-web-notify +odoo9-addon-web-readonly-bypass +odoo9-addon-web-responsive +odoo9-addon-web-searchbar-full-width +odoo9-addon-web-send-message-popup +odoo9-addon-web-sheet-full-width +odoo9-addon-web-shortcut +odoo9-addon-web-timeline +odoo9-addon-web-translate-dialog +odoo9-addon-web-tree-dynamic-colored-field +odoo9-addon-web-tree-image +odoo9-addon-web-tree-many2one-clickable +odoo9-addon-web-widget-color +odoo9-addon-web-widget-darkroom +odoo9-addon-web-widget-datepicker-options +odoo9-addon-web-widget-digitized-signature +odoo9-addon-web-widget-float-formula +odoo9-addon-web-widget-image-download +odoo9-addon-web-widget-image-webcam +odoo9-addon-web-widget-many2many-tags-multi-selection +odoo9-addon-web-widget-timepicker +odoo9-addon-web-widget-x2many-2d-matrix +odoo9-addon-web-x2many-delete-all +odoo9-addon-web_selenium +odoo9-addon-website-anchor-smooth-scroll +odoo9-addon-website-blog-excerpt-img +odoo9-addon-website-blog-mgmt +odoo9-addon-website-blog-share +odoo9-addon-website-breadcrumb +odoo9-addon-website-canonical-url +odoo9-addon-website-certificate +odoo9-addon-website-container-fluid +odoo9-addon-website-cookie-notice +odoo9-addon-website-crm-privacy-policy +odoo9-addon-website-crm-quick-answer +odoo9-addon-website-crm-recaptcha +odoo9-addon-website-event-filter-selector +odoo9-addon-website-event-share +odoo9-addon-website-field-autocomplete +odoo9-addon-website-form-recaptcha +odoo9-addon-website-forum-censored +odoo9-addon-website-google-tag-manager +odoo9-addon-website-img-bg-style +odoo9-addon-website-legal-page +odoo9-addon-website-livechat-firstname +odoo9-addon-website-logo +odoo9-addon-website-no-crawler +odoo9-addon-website-odoo-debranding +odoo9-addon-website-payment-v10 +odoo9-addon-website-portal-address +odoo9-addon-website-portal-contact +odoo9-addon-website-portal-purchase +odoo9-addon-website-portal-sale-v10 +odoo9-addon-website-portal-v10 +odoo9-addon-website-sale-b2c +odoo9-addon-website-sale-checkout-country-vat +odoo9-addon-website-sale-checkout-skip-payment +odoo9-addon-website-sale-default-country +odoo9-addon-website-sale-enterprise-remove +odoo9-addon-website-sale-product-brand +odoo9-addon-website-sale-qty +odoo9-addon-website-sale-require-legal +odoo9-addon-website-sale-require-login +odoo9-addon-website-sale-suggest-create-account +odoo9-addon-website-sale-vat-required +odoo9-addon-website-sale-wishlist +odoo9-addon-website-seo-redirection +odoo9-addon-website-snippet-anchor +odoo9-addon-website-snippet-big-button +odoo9-addon-website-snippet-country-dropdown +odoo9-addon-website-snippet-marginless-gallery diff --git a/source/resources/apps/odoo/odoo11-deb-install.sh b/source/resources/apps/odoo/odoo11-deb-install.sh new file mode 100755 index 0000000..5523578 --- /dev/null +++ b/source/resources/apps/odoo/odoo11-deb-install.sh @@ -0,0 +1,31 @@ +#!/bin/bash +# odoo11-deb-install +# GPLv3+ +# XXX Barfs on Odoo's key. Known bug: +# https://github.com/odoo/odoo/issues/19900 +# XXX Broken for ~two weeks so far. +set -x + +wget -O - https://nightly.odoo.com/odoo.key | apt-key add - +# After adding this key and running apt-get update: +# W: GPG error: http://nightly.odoo.com/11.0/nightly/deb ./ InRelease: The following signatures were invalid: 5D134C924CB06330DCEFE2A1DEF2A2198183CBB5 +# W: The repository 'http://nightly.odoo.com/11.0/nightly/deb ./ InRelease' is not signed. +# N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use. +# N: See apt-secure(8) manpage for repository creation and user configuration details. +# +# Key fails with this too: +# root@ns32:~# apt-key adv --keyserver pgp.mit.edu --recv-keys 5D134C924CB06330DCEFE2A1DEF2A2198183CBB5 +# Executing: /tmp/apt-key-gpghome.HqnorymeFd/gpg.1.sh --keyserver pgp.mit.edu --recv-keys 5D134C924CB06330DCEFE2A1DEF2A2198183CBB5 +# gpg: keyserver receive failed: Server indicated a failure + +echo "deb http://nightly.odoo.com/11.0/nightly/deb/ ./" >> /etc/apt/sources.list.d/odoo.list + +apt-get update + +apt-get install \ + postgresql-all \ + python3-babel python3-decorator python3-docutils python3-feedparser python3-gevent python3-greenlet python3-html2text python3-jinja2 python3-lxml python3-mako python3-markupsafe python3-mock python3-ofxparse python3-passlib python3-pil python3-psutil python3-psycopg2 python3-pydot python3-pyldap python3-pyparsing python3-pypdf2 python3-serial python3-dateutil python3-arrow python3-usb python3-yaml python3-qrcode python3-reportlab python3-requests python3-six python3-suds python3-vatnumber python3-vobject python3-werkzeug python3-xlsxwriter python-xlwt python3-xlrd wkhtmltopdf python3-pdfkit + +apt-get clean + +apt-get install odoo diff --git a/source/resources/apps/ssh/socks-chain.sh b/source/resources/apps/ssh/socks-chain.sh new file mode 100755 index 0000000..2d7e067 --- /dev/null +++ b/source/resources/apps/ssh/socks-chain.sh @@ -0,0 +1,8 @@ +#!/bin/bash +# socks-chain.sh +# GPLv3+ +# Creates a SOCKS chain from the local machine to the host on the commandline. +# Usage: +# socks-chain.sh [hostname] +set -x +ssh -S none -N -L 8080:localhost:8080 $@ diff --git a/source/resources/apps/ssh/socks-proxy.sh b/source/resources/apps/ssh/socks-proxy.sh new file mode 100755 index 0000000..1113905 --- /dev/null +++ b/source/resources/apps/ssh/socks-proxy.sh @@ -0,0 +1,8 @@ +#!/bin/bash +# socks-proxy.sh +# GPLv3+ +# Creates a SOCKS proxy from the local machine to the host on the commandline. +# Usage: +# socks-proxy.sh [hostname] +set -x +ssh -S none -N -D 8080 $@ diff --git a/source/resources/apps/sunstone/etc/one/sunstone-logos.yaml b/source/resources/apps/sunstone/etc/one/sunstone-logos.yaml new file mode 100644 index 0000000..6f5ee58 --- /dev/null +++ b/source/resources/apps/sunstone/etc/one/sunstone-logos.yaml @@ -0,0 +1,11 @@ +# You can add custom logos here, or disable any of the default ones commenting +# out its line +- { 'name': "Arch Linux", 'path': "images/logos/arch.png"} +- { 'name': "CentOS", 'path': "images/logos/centos.png"} +- { 'name': "Debian", 'path': "images/logos/debian.png"} +- { 'name': "Fedora", 'path': "images/logos/fedora.png"} +- { 'name': "Linux", 'path': "images/logos/linux.png"} +- { 'name': "Redhat", 'path': "images/logos/redhat.png"} +- { 'name': "Ubuntu", 'path': "images/logos/ubuntu.png"} +#- { 'name': "Windows XP/2003", 'path': "images/logos/windowsxp.png"} +#- { 'name': "Windows 8", 'path': "images/logos/windows8.png"} diff --git a/source/resources/apps/sunstone/etc/one/sunstone-views.yaml b/source/resources/apps/sunstone/etc/one/sunstone-views.yaml new file mode 100644 index 0000000..e8d414f --- /dev/null +++ b/source/resources/apps/sunstone/etc/one/sunstone-views.yaml @@ -0,0 +1,18 @@ +--- +logo: images/opennebula-5.0.png +groups: + oneadmin: + - admin + - admin_vcenter + - groupadmin + - groupadmin_vcenter + - user + - cloud + - cloud_vcenter +default: + - cloud +default_groupadmin: + - groupadmin + - cloud +labels_groups: + default: diff --git a/source/resources/apps/yadifa-master/etc/yadifa/QR/yadifad.conf-01.png b/source/resources/apps/yadifa-master/etc/yadifa/QR/yadifad.conf-01.png new file mode 100644 index 0000000..26eeba6 Binary files /dev/null and b/source/resources/apps/yadifa-master/etc/yadifa/QR/yadifad.conf-01.png differ diff --git a/source/resources/apps/yadifa-master/etc/yadifa/QR/yadifad.conf-02.png b/source/resources/apps/yadifa-master/etc/yadifa/QR/yadifad.conf-02.png new file mode 100644 index 0000000..71bbbcd Binary files /dev/null and b/source/resources/apps/yadifa-master/etc/yadifa/QR/yadifad.conf-02.png differ diff --git a/source/resources/apps/yadifa-master/etc/yadifa/QR/yadifad.conf-03.png b/source/resources/apps/yadifa-master/etc/yadifa/QR/yadifad.conf-03.png new file mode 100644 index 0000000..1f05d54 Binary files /dev/null and b/source/resources/apps/yadifa-master/etc/yadifa/QR/yadifad.conf-03.png differ diff --git a/source/resources/apps/yadifa-master/etc/yadifa/QR/yadifad.conf-04.png b/source/resources/apps/yadifa-master/etc/yadifa/QR/yadifad.conf-04.png new file mode 100644 index 0000000..5da634b Binary files /dev/null and b/source/resources/apps/yadifa-master/etc/yadifa/QR/yadifad.conf-04.png differ diff --git a/source/resources/apps/yadifa-master/etc/yadifa/yadifad.conf b/source/resources/apps/yadifa-master/etc/yadifa/yadifad.conf new file mode 100644 index 0000000..1aafc14 --- /dev/null +++ b/source/resources/apps/yadifa-master/etc/yadifa/yadifad.conf @@ -0,0 +1,262 @@ +
+ daemon off + chroot on + logpath "/var/log/yadifa" + pidfile "/run/yadifa/yadifad.pid" + datapath "/var/lib/yadifa" + keyspath "/var/lib/yadifa/keys" + xfrpath "/var/lib/yadifa/xfr" + # hostname "server-yadifad" + # serverid "yadifad-01" + # version "2.2.0" + edns0-max-size 4096 + max-tcp-queries 100 + uid yadifa + gid yadifa + port 53 + listen 0.0.0.0 + statistics on + queries-log-type 1 + answer-formerr-packets off + # axfr-maxrecordbypacket 0 + allow-query any + allow-update none + allow-transfer none + allow-notify none + allow-control controller +
+ + ascii "ns1" + + + enabled true + + + enabled true + log_only false + responses_per_second 5 + errors_per_second 5 + window 15 + slip 2 + min_table_size 1024 + max_table_size 16384 + ipv4_prefix_length 24 +# ipv6_prefix_length 56 + exempted none + + + database database.log 0644 + dnssec dnssec.log 0644 + server server.log 0644 + statistics statistics.log 0644 + system system.log 0644 + zone zone.log 0644 + queries queries.log 0644 + all all.log 0644 + syslog syslog USER,CRON,PID + stderr STDERR + stdout STDOUT + + + database EMERG,ALERT,CRIT,ERR,WARNING,NOTICE database,all + dnssec EMERG,ALERT,CRIT,ERR,WARNING,NOTICE dnssec,all + server EMERG,ALERT,CRIT,ERR,WARNING,NOTICE server,all + stats * statistics + system EMERG,ALERT,CRIT,ERR,WARNING,NOTICE system,all + zone EMERG,ALERT,CRIT,ERR,WARNING,NOTICE zone,all +# queries * queries + +#include "keys.conf" +# +# name master-slave +# algorithm hmac-md5 +# secret MasterAndSlavesTSIGKey== +# +# +# transferer key master-slave +# admins 192.0.2.0/24, 2001:db8::74 +# master 192.0.2.53 +# controller key abroad-admin-key +# + + controller 127.0.0.0/8, ::1 + + + type master + domain localhost + file masters/localhost.zone + allow-transfer none + allow-update none + allow-update-forwarding none + + + type master + domain 0.0.127.in-addr.arpa + file masters/0.0.127.in-addr.arpa.zone + allow-transfer none + allow-update none + allow-update-forwarding none + + + type master + domain solipsists.org + file masters/solipsists.org.zone + allow-transfer 96.126.96.118,172.104.125.227,172.104.165.223,139.162.176.183,45.56.110.60,45.79.215.191,176.58.103.36,185.70.105.134,114.142.160.48,118.89.221.146,217.182.128.77,54.36.54.14,85.17.15.147,129.232.222.82,145.239.149.66,145.239.2.154,145.239.1.3,91.90.42.178,164.132.206.84,66.11.121.31,174.128.229.130,163.172.35.98,104.219.168.143,174.128.229.131,37.228.129.89 + allow-update none + allow-update-forwarding none + + + id "normal-policy" + description "Example of a policy with ZSK and KSK" + denial "nsec3-fixed" + key-suite "zsk-1024" + key-suite "ksk-2048" + + + id "zsk-1024" + key-template "zsk-rsa-sha256-1024" + key-roll "monthly-diary" + + + id "ksk-2048" + key-template "ksk-rsa-sha256-2048" + key-roll "yearly-diary" + + + id "zsk-rsa-sha512-1024" + algorithm RSASHA512 + size 1024 + + + id "zsk-rsa-sha512-2048" + algorithm RSASHA512 + size 2048 + + + id "zsk-rsa-sha256-1024" + algorithm RSASHA256 + size 1024 + + + id "zsk-rsa-sha256-2048" + algorithm RSASHA256 + size 2048 + + + id "ksk-rsa-sha512-1024" + ksk 1 + algorithm RSASHA512 + size 1024 + + + id "ksk-rsa-sha512-2048" + ksk 1 + algorithm RSASHA512 + size 2048 + + + id "ksk-rsa-sha256-1024" + ksk 1 + algorithm RSASHA256 + size 1024 + + + id "ksk-rsa-sha256-2048" + ksk 1 + algorithm RSASHA256 + size 2048 + + + type NSEC3 + id "nsec3-random" + salt-length 32 + iterations 10 + optout off + + + type NSEC3 + id "nsec3-fixed" + salt "BA5EBA11" # if nsec3-resalting is off + iterations 5 # the number of additional times the hash function has been performe + optout off + + + id "yearly-diary" + generate 5 0 15 6 * * # this year (2016) 15/06 at 00:05 + publish 10 0 15 6 * * # 00:10 + activate 15 0 16 6 * * # 16/06 at 00:15 + inactive 15 0 17 6 * * # (2017) 17/06 at 00:15 + remove 15 11 18 6 * * # (2017) 18/06 at 11:15 + + + id "monthly-diary" + generate 5 0 * * tue 0 # 1 tuesday of the month at 00:05 + publish 10 0 * * tue 0 # 00:10 + activate 15 0 * * wed 0 # 1 wednesday of the month at 00:15 + inactive 15 0 * * thu 0 # 1 thursday of the month at 00:15 + remove 15 11 * * fri 0 # 1 friday of the month at 11:15 + + + id "weekly-diary" + generate 25 0 * * sun * # every sunday of the month at 00:25 + publish 30 0 * * sun * # at 00:30 + activate 35 0 * * sun * # at 00:35 + inactive 35 0 * * sun * # at 00:35 + remove 35 11 * * sun * # at 11:35 + + + id "daily-diary" + generate 5 0 * * * * # at 00:05 + publish 10 0 * * * * # at 00:10 + activate 15 0 * * * * # at 00:15 + inactive 15 0 * * * * # at 00:15 + remove 15 11 * * * * # at 11:15 + + + id "hourly-diary" + generate 1 * * * * * + publish 5 * * * * * + activate 10 * * * * * + inactive 15 * * * * * + remove 20 * * * * * + + + id "half-hourly-diary" + generate 0,30 * * * * * + publish 1,31 * * * * * + activate 2,32 * * * * * + inactive 34,04 * * * * * + remove 38,08 * * * * * + + + id "insane-diary" + generate * * * * * * + publish * * * * * * + activate * * * * * * + inactive * * * * * * + remove * * * * * * + + + id "monthly-relative" + generate +31d + publish +60 + activate +120 + inactive +33d # must be bigger than generate, to avoid a gap + remove +1d + + + id "insane-relative" + generate +60 + publish +0 + activate +0 + inactive +60 + remove +0 + + + id "less-insane-relative" + generate +120 + publish +0 + activate +0 + inactive +160 + remove +0 + diff --git a/source/resources/apps/yadifa-master/var/lib/yadifa/masters/solipsists.org.zone b/source/resources/apps/yadifa-master/var/lib/yadifa/masters/solipsists.org.zone new file mode 100644 index 0000000..4727ddc --- /dev/null +++ b/source/resources/apps/yadifa-master/var/lib/yadifa/masters/solipsists.org.zone @@ -0,0 +1,59 @@ +; Be sure to increment each revision! +$TTL 3600 +$ORIGIN solipsists.org. +solipsists.org. 3600 IN SOA ns1.solipsists.org. ns.solipsists.org. 41 3600 1800 3600000 600 + 3600 IN NS ns1.solipsists.org. + 3600 IN NS ns2.solipsists.org. + 3600 IN NS ns3.solipsists.org. + 3600 IN NS ns4.solipsists.org. + 3600 IN NS ns5.solipsists.org. + 3600 IN NS ns6.solipsists.org. + 3600 IN NS ns7.solipsists.org. + 3600 IN NS ns8.solipsists.org. +; 3600 IN NS ns9.solipsists.org. + 3600 IN NS ns11.solipsists.org. + 3600 IN NS ns12.solipsists.org. +; 3600 IN NS ns13.solipsists.org. + 3600 IN NS ns14.solipsists.org. + 3600 IN NS ns15.solipsists.org. + 3600 IN NS ns17.solipsists.org. +; 3600 IN NS ns18.solipsists.org. +; 3600 IN NS ns19.solipsists.org. +; 3600 IN NS ns20.solipsists.org. + 3600 IN NS ns21.solipsists.org. + 3600 IN NS ns22.solipsists.org. +; 3600 IN NS ns23.solipsists.org. +; 3600 IN NS ns24.solipsists.org. + 3600 IN NS ns26.solipsists.org. +; 3600 IN NS ns29.solipsists.org. +; 3600 IN NS ns30.solipsists.org. +; 3600 IN NS ns31.solipsists.org. +ns1.solipsists.org. 3600 IN A 69.164.197.34 +ns2.solipsists.org. 3600 IN A 96.126.96.118 +ns3.solipsists.org. 3600 IN A 172.104.125.227 +ns4.solipsists.org. 3600 IN A 172.104.165.223 +ns5.solipsists.org. 3600 IN A 139.162.176.183 +ns6.solipsists.org. 3600 IN A 45.56.110.60 +ns7.solipsists.org. 3600 IN A 45.79.215.191 +ns8.solipsists.org. 3600 IN A 176.58.103.36 +ns9.solipsists.org. 3600 IN A 185.70.105.134 +ns11.solipsists.org. 3600 IN A 91.90.42.178 +ns12.solipsists.org. 3600 IN A 114.142.160.48 +ns13.solipsists.org. 3600 IN A 118.89.221.146 +ns14.solipsists.org. 3600 IN A 217.182.128.77 +ns15.solipsists.org. 3600 IN A 54.36.54.14 +ns17.solipsists.org. 3600 IN A 85.17.15.147 +ns18.solipsists.org. 3600 IN A 129.232.222.82 +ns19.solipsists.org. 3600 IN A 163.172.35.98 +ns20.solipsists.org. 3600 IN A 145.239.149.66 +ns21.solipsists.org. 3600 IN A 145.239.2.154 +ns22.solipsists.org. 3600 IN A 145.239.1.3 +ns23.solipsists.org. 3600 IN A 164.132.206.84 +ns24.solipsists.org. 3600 IN A 174.128.229.130 +ns26.solipsists.org. 3600 IN A 66.11.121.31 +ns29.solipsists.org. 3600 IN A 104.219.168.143 +ns30.solipsists.org. 3600 IN A 174.128.229.131 +ns31.solipsists.org. 3600 IN A 37.228.129.89 +oca.solipsists.org. 3600 IN A 174.128.229.131 + +fn1 IN CNAME ns24.solipsists.org. diff --git a/source/resources/apps/yadifa-slave/etc/yadifa/yadifad.conf b/source/resources/apps/yadifa-slave/etc/yadifa/yadifad.conf new file mode 100644 index 0000000..aa6c1f0 --- /dev/null +++ b/source/resources/apps/yadifa-slave/etc/yadifa/yadifad.conf @@ -0,0 +1,243 @@ +
+ daemon off + chroot off + logpath "/var/log/yadifa" + pidfile "/run/yadifa/yadifad.pid" + datapath "/var/lib/yadifa" + keyspath "/var/lib/yadifa/keys" + xfrpath "/var/lib/yadifa/xfr" + edns0-max-size 4096 + max-tcp-queries 100 + uid yadifa + gid yadifa + port 53 + listen 0.0.0.0 + statistics on + queries-log-type 1 + answer-formerr-packets off + allow-query any + allow-update none + allow-transfer none + allow-notify 69.164.197.34 + allow-control controller +
+ + ascii "ns" + + + enabled true + + + enabled true + log_only false + responses_per_second 5 + errors_per_second 5 + window 15 + slip 2 + min_table_size 1024 + max_table_size 16384 + ipv4_prefix_length 24 + ipv6_prefix_length 56 + exempted none + + + database database.log 0644 + dnssec dnssec.log 0644 + server server.log 0644 + statistics statistics.log 0644 + system system.log 0644 + zone zone.log 0644 + queries queries.log 0644 + all all.log 0644 + syslog syslog USER,CRON,PID + stderr STDERR + stdout STDOUT + + + database EMERG,ALERT,CRIT,ERR,WARNING,NOTICE database,all + dnssec EMERG,ALERT,CRIT,ERR,WARNING,NOTICE dnssec,all + server EMERG,ALERT,CRIT,ERR,WARNING,NOTICE server,all + stats * statistics + system EMERG,ALERT,CRIT,ERR,WARNING,NOTICE system,all + zone EMERG,ALERT,CRIT,ERR,WARNING,NOTICE zone,all + + + controller 127.0.0.0/8, ::1 + + + type master + domain localhost + file masters/localhost.zone + allow-transfer none + allow-update none + allow-update-forwarding none + + + type master + domain 0.0.127.in-addr.arpa + file masters/0.0.127.in-addr.arpa.zone + allow-transfer none + allow-update none + allow-update-forwarding none + + + type slave + domain solipsists.org + file slaves/solipsists.org.zone + master 69.164.197.34 + + + id "normal-policy" + description "Example of a policy with ZSK and KSK" + denial "nsec3-fixed" + key-suite "zsk-1024" + key-suite "ksk-2048" + + + id "zsk-1024" + key-template "zsk-rsa-sha256-1024" + key-roll "monthly-diary" + + + id "ksk-2048" + key-template "ksk-rsa-sha256-2048" + key-roll "yearly-diary" + + + id "zsk-rsa-sha512-1024" + algorithm RSASHA512 + size 1024 + + + id "zsk-rsa-sha512-2048" + algorithm RSASHA512 + size 2048 + + + id "zsk-rsa-sha256-1024" + algorithm RSASHA256 + size 1024 + + + id "zsk-rsa-sha256-2048" + algorithm RSASHA256 + size 2048 + + + id "ksk-rsa-sha512-1024" + ksk 1 + algorithm RSASHA512 + size 1024 + + + id "ksk-rsa-sha512-2048" + ksk 1 + algorithm RSASHA512 + size 2048 + + + id "ksk-rsa-sha256-1024" + ksk 1 + algorithm RSASHA256 + size 1024 + + + id "ksk-rsa-sha256-2048" + ksk 1 + algorithm RSASHA256 + size 2048 + + + type NSEC3 + id "nsec3-random" + salt-length 32 + iterations 10 + optout off + + + type NSEC3 + id "nsec3-fixed" + salt "BA5EBA11" # if nsec3-resalting is off + iterations 5 # the number of additional times the hash function has been performe + optout off + + + id "yearly-diary" + generate 5 0 15 6 * * # this year (2016) 15/06 at 00:05 + publish 10 0 15 6 * * # 00:10 + activate 15 0 16 6 * * # 16/06 at 00:15 + inactive 15 0 17 6 * * # (2017) 17/06 at 00:15 + remove 15 11 18 6 * * # (2017) 18/06 at 11:15 + + + id "monthly-diary" + generate 5 0 * * tue 0 # 1 tuesday of the month at 00:05 + publish 10 0 * * tue 0 # 00:10 + activate 15 0 * * wed 0 # 1 wednesday of the month at 00:15 + inactive 15 0 * * thu 0 # 1 thursday of the month at 00:15 + remove 15 11 * * fri 0 # 1 friday of the month at 11:15 + + + id "weekly-diary" + generate 25 0 * * sun * # every sunday of the month at 00:25 + publish 30 0 * * sun * # at 00:30 + activate 35 0 * * sun * # at 00:35 + inactive 35 0 * * sun * # at 00:35 + remove 35 11 * * sun * # at 11:35 + + + id "daily-diary" + generate 5 0 * * * * # at 00:05 + publish 10 0 * * * * # at 00:10 + activate 15 0 * * * * # at 00:15 + inactive 15 0 * * * * # at 00:15 + remove 15 11 * * * * # at 11:15 + + + id "hourly-diary" + generate 1 * * * * * + publish 5 * * * * * + activate 10 * * * * * + inactive 15 * * * * * + remove 20 * * * * * + + + id "half-hourly-diary" + generate 0,30 * * * * * + publish 1,31 * * * * * + activate 2,32 * * * * * + inactive 34,04 * * * * * + remove 38,08 * * * * * + + + id "insane-diary" + generate * * * * * * + publish * * * * * * + activate * * * * * * + inactive * * * * * * + remove * * * * * * + + + id "monthly-relative" + generate +31d + publish +60 + activate +120 + inactive +33d # must be bigger than generate, to avoid a gap + remove +1d + + + id "insane-relative" + generate +60 + publish +0 + activate +0 + inactive +60 + remove +0 + + + id "less-insane-relative" + generate +120 + publish +0 + activate +0 + inactive +160 + remove +0 + diff --git a/source/resources/apps/yadifa/var/lib/yadifa/masters/0.0.127.in-addr.arpa.zone b/source/resources/apps/yadifa/var/lib/yadifa/masters/0.0.127.in-addr.arpa.zone new file mode 100644 index 0000000..53d69aa --- /dev/null +++ b/source/resources/apps/yadifa/var/lib/yadifa/masters/0.0.127.in-addr.arpa.zone @@ -0,0 +1,12 @@ +$TTL 86400 ; 24 hours +$ORIGIN 0.0.127.IN-ADDR.ARPA. + +0.0.127.IN-ADDR.ARPA. 86400 IN SOA localhost. root.localhost. ( + 20120201 ; Serial + 3h ; Refresh + 15 ; Retry + 1w ; Expire + 3h ; Minimum + ) + 86400 IN NS localhost. +1 86400 IN PTR localhost. diff --git a/source/resources/apps/yadifa/var/lib/yadifa/masters/localhost.zone b/source/resources/apps/yadifa/var/lib/yadifa/masters/localhost.zone new file mode 100644 index 0000000..76debdc --- /dev/null +++ b/source/resources/apps/yadifa/var/lib/yadifa/masters/localhost.zone @@ -0,0 +1,13 @@ +$TTL 86400 ; 24 hours +$ORIGIN localhost. + +localhost. 86400 IN SOA localhost. root.localhost. ( + 20120201 ; serial + 3H ; refresh + 15 ; retry + 1w ; expire + 3h ; minimum + ) + + 86400 IN NS localhost. + 86400 IN A 127.0.0.1 diff --git a/source/resources/images/opennebula-sunstone-login.png b/source/resources/images/opennebula-sunstone-login.png new file mode 100644 index 0000000..63377fa Binary files /dev/null and b/source/resources/images/opennebula-sunstone-login.png differ diff --git a/source/resources/images/opennebula-sunstone.png b/source/resources/images/opennebula-sunstone.png new file mode 100644 index 0000000..562449d Binary files /dev/null and b/source/resources/images/opennebula-sunstone.png differ diff --git a/source/resources/images/sharktech-reboot-dhcp-2.png b/source/resources/images/sharktech-reboot-dhcp-2.png new file mode 100644 index 0000000..20f6c14 Binary files /dev/null and b/source/resources/images/sharktech-reboot-dhcp-2.png differ diff --git a/source/resources/images/sharktech-reboot-dhcp.png b/source/resources/images/sharktech-reboot-dhcp.png new file mode 100644 index 0000000..9ef3097 Binary files /dev/null and b/source/resources/images/sharktech-reboot-dhcp.png differ diff --git a/source/resources/images/sharktech-reboot-grub.png b/source/resources/images/sharktech-reboot-grub.png new file mode 100644 index 0000000..2687b9d Binary files /dev/null and b/source/resources/images/sharktech-reboot-grub.png differ diff --git a/source/resources/images/www-debian.png b/source/resources/images/www-debian.png new file mode 100644 index 0000000..c2b5c56 Binary files /dev/null and b/source/resources/images/www-debian.png differ diff --git a/source/resources/images/www-flokinet.png b/source/resources/images/www-flokinet.png new file mode 100644 index 0000000..165be57 Binary files /dev/null and b/source/resources/images/www-flokinet.png differ diff --git a/source/resources/images/www-netfilter.png b/source/resources/images/www-netfilter.png new file mode 100644 index 0000000..33633cd Binary files /dev/null and b/source/resources/images/www-netfilter.png differ diff --git a/source/resources/images/www-opennebula.png b/source/resources/images/www-opennebula.png new file mode 100644 index 0000000..2846c8e Binary files /dev/null and b/source/resources/images/www-opennebula.png differ diff --git a/source/resources/images/www-openvpn.png b/source/resources/images/www-openvpn.png new file mode 100644 index 0000000..44bd6e1 Binary files /dev/null and b/source/resources/images/www-openvpn.png differ diff --git a/source/resources/images/www-packer.png b/source/resources/images/www-packer.png new file mode 100644 index 0000000..bf7f264 Binary files /dev/null and b/source/resources/images/www-packer.png differ diff --git a/source/resources/images/www-pogolinux.png b/source/resources/images/www-pogolinux.png new file mode 100644 index 0000000..45717e9 Binary files /dev/null and b/source/resources/images/www-pogolinux.png differ diff --git a/source/resources/images/www-sharktech-dashboard-services.png b/source/resources/images/www-sharktech-dashboard-services.png new file mode 100644 index 0000000..88979e4 Binary files /dev/null and b/source/resources/images/www-sharktech-dashboard-services.png differ diff --git a/source/resources/images/www-sharktech.png b/source/resources/images/www-sharktech.png new file mode 100644 index 0000000..3579c67 Binary files /dev/null and b/source/resources/images/www-sharktech.png differ diff --git a/source/resources/make-sources-list.sh b/source/resources/make-sources-list.sh new file mode 100755 index 0000000..0145576 --- /dev/null +++ b/source/resources/make-sources-list.sh @@ -0,0 +1,45 @@ +#!/bin/bash +# make-sources-list.sh +# GPLv3+ +# This will generate a list of files to be included as source code. +# Then it will generate LaTeX includes. +# XXX Great cruft +# Redirect fix XXX +# No spaces in filenames, or this may go awry. +# Perhaps add QR codes like: +CODEDIR="/home/`id -u -n`/FORKSAND/IT//forksand-it-manual/source/resources" +cd "$CODEDIR" || exit +TEXOUT="/home/`id -u -n`/FORKSAND/IT/forksand-it-manual/source/Source-gen.tex" +# Build a grep exclude command that has file extensions to not include. +EXCLUDE="\./\.git \.csv$ \.eps \.git$ \.gz$ \.jpg$ \.ods$ \.ods\#$ \.png$ \.pdf$ \.swp$ \.tmp$ \.xml$ \.aux$ \.fuse_hidden*$ \.glo$ \.gls$ \.idx$ \.ilg$ \.ind$ \.lof$ \.log$ \.lol$ _minted-*$ \.old$ \.out$ \.swp$ \.toc$ \.zip$" +EXCLUDEGREP="grep -v -i " +for i in $EXCLUDE + do EXCLUDEGREP="$EXCLUDEGREP -e $i" +done +SRCFILES=`find . -type f | sort -V | $EXCLUDEGREP` +rm -f $TEXOUT $SHAOUT SHA256SUM +touch $TEXOUT $SHAOUT SHA256SUM +# Make checksums +# LaTeX files to be rendered +for i in $SRCFILES +do + #NOUNDER=`echo $i | sed -e 's/_/\\\_/g'` + NOUNDER=`echo $i | sed -e 's/_/\\\_/g' | cut -f 2- -d "/"` + echo "\section{\texttt{$NOUNDER}}" +# echo "\texttt{$NOUNDER} \\\ " + echo "\texttt{SHA256: `sha256sum $i | cut -f 1 -d " "`}" + sha256sum $i >> SHA256SUM +MINTEDPATH=`echo $i | cut -f 2- -d "/"` +MINTEDPATH="resources/$MINTEDPATH" + echo "\inputminted{sh}{$MINTEDPATH}" +done >> $TEXOUT + +sort -V SHA256SUM > SHA256SUM.tmp +echo "There are `cat SHA256SUM | sort -u | wc -l` source code files included." > STATS +echo "There are `cat SHA256SUM.tmp | cut -f 1 -d " " | sort -u | wc -l` unique files." >> STATS +rm SHA256SUM.tmp + +# Files not rendered +#echo "\section{Not Rendered}" >> $TEXOUT +#echo "The files listed in this section were not rendered." >> $TEXOUT +#echo "Upstream {\LaTeX} files:" >> $TEXOUT diff --git a/source/resources/txt2qrpng.sh b/source/resources/txt2qrpng.sh new file mode 100755 index 0000000..eb2c782 --- /dev/null +++ b/source/resources/txt2qrpng.sh @@ -0,0 +1,21 @@ +#!/bin/bash +# txt2qrpng.sh +# GPLv3+ +# Give this a name of a text file and it will produce a +# series of .png files encoding the data in QR codes. +# Use: +# txt2qrpng.sh foo.txt +mkdir -p QR + +cat $1 | \ +qrencode \ + --type=png \ + -o QR/$1.png && exit + +cat $1 | \ +qrencode \ + -S \ + -v 40 \ + -l L \ + --type=png \ + -o QR/$1.png