Initial draft of Fork Sand IT Manual

master
Jeff Moe 6 years ago
commit 32a3f799c0

25
.gitignore vendored

@ -0,0 +1,25 @@
forksand-it-manual.pdf
*~
.~lock.*#
*.aux
*.bbl
*.blg
.fuse_hidden*
*.glo
*.gls
*.idx
*.ilg
*.ind
*.lof
*.log
*.lol
_minted-*
*.old
*.out
*.swp
*.toc
*.xdv
*.zip
*.fls
*.fdb_latexmk
*.pyg

@ -0,0 +1,27 @@
#!/bin/bash
# AO-pdf-shrink
# GPLv3+
#
# Usage:
# AO-pdf-shrink foo.pdf
# Set QUALITY to one of the below:
# screen -- lower quality, smaller size.
# ebook -- for better quality, but slightly larger pdfs.
# prepress -- output similar to Acrobat Distiller "Prepress Optimized" setting
# printer -- selects output similar to the Acrobat Distiller "Print Optimized" setting
# default -- selects output intended to be useful across a wide variety of uses, possibly at the expense of a larger output file
QUALITY=screen
OUTPDF="`basename $1 .pdf`-$QUALITY.pdf"
gs \
-sDEVICE=pdfwrite \
-dCompatibilityLevel=1.4 \
-dPDFSETTINGS=/$QUALITY \
-dNOPAUSE \
-dQUIET \
-dBATCH \
-sOutputFile=$OUTPDF \
$1

34
BUILD

@ -0,0 +1,34 @@
Dependencies
============
Requires LaTeX.
Minted syntax highlighting requires python-pygments to be installed.
Build
=====
Run the build script to make a PDF:
./build.sh
It needs to be run twice to generate the Table of Contents and List of Figures
the first time.
More Info
=========
Also see this spreadsheet:
source/images/forksand-it-manual.ods
Fork
====
For example:
cp -a forksand-it-manual LargSec
sed -i -e 's/Fork Sand IT Manual/Largopolis Security/g' BUILD build.sh README.md source/*.tex source/Blockchains/*.tex source/Clouds/*.tex source/Distros/*.tex source/Hardware/*.tex source/resources/*.sh source/*.ist source/*.gst
sed -i -e 's/forksand-it-manual/LargS/g' BUILD build.sh README.md source/*.tex source/Blockchains/*.tex source/Clouds/*.tex source/Distros/*.tex source/Hardware/*.tex source/resources/*.sh source/*.ist source/*.gst .gitignore
for i in `find . -name "*forksand-it-manual*"` ; do mv $i `echo $i | sed -e 's/forksand-it-manual/LargSec/g'` ; done
Also, fix PATHs in:
build.sh
source/resources/make-sources-list.sh

@ -0,0 +1,16 @@
# forksand-it-manual
Fork Sand IT Manual
by Fork Sand, Inc.
Copyright 2018, Fork Sand, Inc.
Permission is granted to copy, distribute and/or modify this document under
the terms of the Creative Commons Attribution 4.0 International Public License
(CC BY-SA 4.0).
Published by Fork Sand Inc., Loveland, Colorado, USA.
# Sources

@ -0,0 +1,39 @@
#!/bin/bash
# build.sh
# GPLv3+
set -x
rm -f forksand-it-manual.pdf source/forksand-it-manual.pdf
cd source || exit
# Generate Source-gen.tex, for auto source code inclusion
time ./resources/make-sources-list.sh
cd ~/FORKSAND/IT/forksand-it-manual/source/ || exit
# Build main LaTeX file
# Run BibTeX
#bibtex \
# forksand-it-manual
# Build PDF
xelatex \
-halt-on-error \
-shell-escape \
-interaction=nonstopmode \
forksand-it-manual.tex
mv *.pdf ../
exit 0
# Use latexmk for final build, takes 5x+ longer to run...
latexmk \
-xelatex \
-halt-on-error \
-shell-escape \
-interaction=nonstopmode \
forksand-it-manual.tex
# Faster, may not be enough runs:
xelatex \
-halt-on-error \
-shell-escape \
-interaction=nonstopmode \
forksand-it-manual.tex

@ -0,0 +1,111 @@
%
% Ansible.tex
%
% Fork Sand IT Manual
%
% Copyright (C) 2018, Fork Sand, Inc.
% Copyright (C) 2017, Jeff Moe
%
% This document is licensed under the Creative Commons Attribution 4.0
% International Public License (CC BY-SA 4.0) by Fork Sand, Inc.
%
\section{Ansible Cloud Management}
Use \texttt{ansible} for management of servers.
\begin{itemize}
\item Ansible ---
Website: \\ \url{https://ansible.com}
\item Ansible Github ---
Repo: \\ \url{https://github.com/ansible/ansible.git}
\item DebOps: \url{https://docs.debops.org/en/latest/index.html}
\end{itemize}
\subsection{Build Ansible Debian Package}
The version of Ansible is 2.2 in Debian 9 (stable/Stretch).
The current stable release is Ansible 2.4.
Below documents how to build a 2.4 package for Debian 9.
\begin{minted}{sh}
# To build a Debian package:
# Check here for latest version:
# https://packages.debian.org/sid/ansible
wget http://http.debian.net/debian/pool/main/a/ansible/ansible_2.4.0.0+dfsg-1.debian.tar.xz
wget http://http.debian.net/debian/pool/main/a/ansible/ansible_2.4.0.0+dfsg.orig.tar.gz
# Install some deps
apt-get install debhelper python-all python-crypto python-setuptools python-yaml asciidoc python-nose python-passlib dh-python
tar xf ansible_2.4.0.0+dfsg.orig.tar.gz
cd ansible-2.4.0.0/
tar xf ../ansible_2.4.0.0+dfsg-1.debian.tar.xz
# Update version:
echo -n " -- Jeff Moe <moe@blagblagblag.org> " ; date "+%a, %d %b %Y %H:%M:%S %z"
vim debian/changelog
dpkg-buildpackage -rfakeroot -S -uc -us -sa
dpkg-buildpackage -rfakeroot -b -uc
# That will produce this file to be installed:
dpkg -i ansible_2.4.0.0+dfsg-2_all.deb
apt-get -f install
# If you want the Ansible git archive:
git clone https://github.com/ansible/ansible.git --recursive
\end{minted}
\subsection{Ansible Initial Configuration}
Here is how to set up Ansible after initially installing it.
This is run on the system adminstrator's workstation.
\begin{minted}{sh}
# Quick and dirty test by setting up a host and running `uptime`.
mkdir -p ~/.ansible
echo ns1 > ~/.ansible/hosts
ansible -i ~/.ansible/hosts ns1 -a 'uptime'
\end{minted}
\begin{minted}{sh}
~/.ansible.cfg
[defaults]
inventory = $HOME/.ansible/hosts
[ssh_connection]
ssh_args = -o ControlMaster=auto -o ControlPersist=300s
pipelining = True
\end{minted}
To generate a full list of \texttt{ns} hosts, run the script:
\begin{minted}{sh}
cd source/resources/servers
echo "[ns]" > ~/.ansible/hosts
./ns-serverlist-ansible.sh >> ~/.ansible/hosts
ansible -i ~/.ansible/hosts ns -a "uptime"
# Find the failed hosts and remove them from ~/.ansible/hosts.
echo "[ns]" > ~/.ansible/hosts.tmp
ansible -f 32 -i ~/.ansible/hosts ns -a "echo" | grep ^ns | grep SUCCESS | cut -f 1 -d " " | sort -V >> ~/.ansible/hosts.tmp
mv ~/.ansible/hosts ~/.ansible/hosts.old
mv ~/.ansible/hosts.tmp ~/.ansible/hosts
# Test it works:
ansible -i ~/.ansible/hosts ns -a "uptime"
# To get a ton of info about each host:
ansible -i ~/.ansible/hosts ns -m setup
\end{minted}
XXX Fix, make sure everyone has \texttt{/usr/bin/python} available for \texttt{ansible}:
\begin{minted}{sh}
# XXXX SOME HOSTS DON'T HAVE /usr/bin/python
# JUST PYTHON3. HOSTS THAT DIDN'T HAVE /usr/bin/python:
# (ALL OVH)
# ns14 ns15 ns21 ns22
apt install python python-minimal
\end{minted}
Set up some playbooks, grab examples:
\begin{minted}{sh}
git clone https://github.com/ansible/ansible-examples.git
cd ansible-examples/
\end{minted}

@ -0,0 +1,46 @@
%
% Clouds.tex
%
% Fork Sand IT Manual
%
% Copyright (C) 2018, Fork Sand, Inc.
% Copyright (C) 2017, Jeff Moe
%
% This document is licensed under the Creative Commons Attribution 4.0
% International Public License (CC BY-SA 4.0) by Fork Sand, Inc.
%
\section{Cloud Servers}
There are hundreds, if not thousands of cloud service providers.
These cloud services are being evaluated:
\begin{itemize}
\item FlokiNET --- Iceland, Finland, Romania.
\item SharkTech --- Denver, Colorado, USA.
\item Cyberbunker --- Netherlands. In a nuclear bunker.
\item Orangewebsite / Ovalhost --- Iceland, appear to be the same company.
\end{itemize}
\section{Payments}
HOWTO pay cloud providers:
\begin{itemize}
\item Cyberbunker -- Wire, bitcoin.
\item FlokiNet --- Monero, etc.
\item Orangewebsite / Ovalhost --- PayPal(?), credit card, Bitcoin.
\end{itemize}
\section{Privacy}
``The cloud is your data on someone else's computer.'' --Someone (rms?).
\begin{itemize}
\item How do providers protect their users?
\item What info do they require?
\item How secure are they with info they have?
\end{itemize}
\section{ALL}
All else, noted everywhere...
\input{Clouds/Flokinet}
\input{Clouds/Sharktech}

@ -0,0 +1,190 @@
%
% Flokinet.tex
%
% Fork Sand IT Manual
%
% Copyright (C) 2018, Fork Sand, Inc.
% Copyright (C) 2017, Jeff Moe
%
% This document is licensed under the Creative Commons Attribution 4.0
% International Public License (CC BY-SA 4.0) by Fork Sand, Inc.
%
\section{FlokiNET}
Based in Iceland, governed under Icelandic law.
Looks very good. They look like the most privacy respecting ISP in the world,
at least that I have seen, including Havenco.
%\begin{commentbox} % OK
%\begin{commentbox}{FlokiNET description, from their website} % OK
%\begin{paperbox}{FlokiNET description, from their website}
FlokiNET was established in 2012 in Iceland to provide a safe harbor for freedom of speech, free press and whistleblower projects.
Us at FlokiNET guarantee that we will always offer our services without requiring personal information and we will never give third parties access to any data. Your local government forces you to provide an imprint on your blog? You don't want be molested because you publish something controversial?
FlokiNET provides autonomous, incorruptible and flexible solutions, optimized to help you to spread your ideas!
%\end{commentbox} % OK
%\end{paperbox}
From their About Us:
``You plan to build a whisteblowing website?
We encourage you to do so! We are able to supply secure and stable environments needed to build submission - and communication platforms.''
FlokiNET runs Tor exit and relay nodes.
\begin{figure}[h!]
\includegraphics[keepaspectratio=true,height=1.10\textheight,width=1.00\textwidth,angle=0]{www-flokinet.png}
\caption{Flokinet Website}
\label{fig:www-flokinet}
\end{figure}
Forms of payment accepted by Flokinet:
\begin{itemize}
\item Bank Transfer
\item Bitcoin
\item BlackCoin
\item DASH
\item Decred
\item Dogecoin
\item Ethereum
\item Litecoin
\item Monero
\item MoneyGram
\item Namecoin
\item Nav Coin
\item OK PAY
\item Payment Cash by Post
\item Paygol ``which supports credit card, Union Pay, SOFORT, Giropay and much more''
\item PayPal
\item Paysafe Card
\item Peercoin
\item Perfect Money
\item Potcoin
\item Startcoin
\item Vertcoin
\item Western Union
\item Zcash
\end{itemize}
The link to their Terms of Service on their register page,
\url{https://billing.flokinet.is/register.php} is 404.
The Terms of Service page is here:
\url{https://flokinet.is/en/tos.php}
Privacy policy:
\url{https://flokinet.is/en/PrivacyPolicy.php}
``FlokiNET shall keep confidential and not disclose information regarding the Customer except where this required by Icelandic law or is pre-approved by the Customer. Customer data will be always stored and transfered encrypted. Communication between our staff will be always secured and encrypted.''
``IRC (Internet Relay Chat) We do not allow IRC or IRC bots to be operated for illegal usage like botnets etc. Any account found to be in violation of this provision will be immediately suspended and/or deactivated and no refund will be issued. Adult content is not allowed on Icelandic Network.''
Their Romanian, Finnish, and Icelandic bandwidth test servers have an SSL cert that expired a month ago:
\url{https://ro.as200651.net/}
\url{https://fi.as200651.net/}
\url{https://is.as200651.net/}
Their blog has an invalid cert, and has HSTS enabled, so it isn't viewable in Chromium nor Firefox.
Fails with \texttt{(net::ERR\_CERT\_COMMON\_NAME\_INVALID}. It appears the common name
in the cert is
\url{https://www.blog.flokinet.is/}.
\begin{minted}{sh}
www.blog.flokinet.is normally uses encryption to protect your information. When Chromium tried to connect to www.blog.flokinet.is this time, the website sent back unusual and incorrect credentials. This may happen when an attacker is trying to pretend to be www.blog.flokinet.is, or a Wi-Fi sign-in screen has interrupted the connection. Your information is still secure because Chromium stopped the connection before any data was exchanged.
You cannot visit www.blog.flokinet.is right now because the website uses HSTS. Network errors and attacks are usually temporary, so this page will probably work later.
\end{minted}
To register, they want name, address, and email.
\subsubsection{Icelandic Modern Media Initiative}
IMMI - Icelandic Modern Media Initiative copied from:
\url{https://flokinet.is/en/AboutUs.php}
What is the IMMI and how is it protecting our customers?
\begin{itemize}
\item Whistleblower protections: Protection for those who step forward to reveal important matters in the public interest.
\item Source protection: Protection for anonymous sources who attempt to communicate to the public after a promise of confidentiality by a journalist or media organisation. Based on new EEA legislation.
\item Source-journalist communications protection: Protection for the communications between an anonymous source and a media organization and internally within a media organization prior to publication.
\item Limiting prior restraint: Prior restraint is coercion of a publisher, by a government authority, or through the judicial system, to prevent publication of a specific matter. While the Icelandic Constitution provides the right to freedom of expression, small modifications are needed to reduce the possibility of prior restraint.
\item Protection of intermediaries (Internet service providers): Immunity for "mere conduits", ISPs and telecommunications carriers.
\item Protection from "libel tourism" and other extrajudicial abuses: Non-observance of foreign judgments that violate Icelandic freedom of expression protection, and the ability to file a counter-suit in Iceland against a party who engages in a calculated attempt to suppress the speech freedoms of an Icelandic entity.
\item Statute of limitations on publishing liabilities: Recent rulings in Europe maintain that for Internet publications, each page view is publication afresh, regardless of how long ago the material was first released. This has resulted in the silent removal of investigative newspaper stories, including those over five years old, from the online archives of the Guardian and other major newspapers.
\item Process protections: The majority of legal suits related to publishing settle before final judgment. Hence the court process itself must ensure that it is not used to suppress speech through unequal access to justice, subpoenas, or other interlocutory motions. Process protections (called anti-SLAPP laws in the US) permit a judge to declare the matter a free speech related case, at which point protections are activated to prevent such abuses.
\end{itemize}
More info: \url{https://en.immi.is/}
\subsubsection{FlokiNET Restrictions}
This is restricted:
\begin{itemize}
\item Anything than can result in Spamhaus listing.
\item Phishing Sites / Scam Sites (ex: Ebay/Paypal,CC/Password Scam sites).
\item Mailbombers or any sort of spam sites.
\item DDoS originations.
\item Spam email.
\item Netscan / Hack programs and archives.
\item Malicious Scripts (ex: originate DDoS attacks or hack attempts).
\item Botnet/Doorway/Carding.
\item Childporn.
\item Fraud Websites/Forums.
\item Any kind of adult content is not allowed on our location Iceland.
\end{itemize}
\subsection{FlokiNET Pros}
FlokiNET Pros:
\begin{itemize}
\item The entire reason for FlokiNET to exist is to help people publish in repressive environments.
\item Strong dedication to privacy.
\item Based in Iceland.
\item Dedicated servers aren't too expensive.
\item Romanian VPS is OpenVZ and KVM.
\item Finnish VPS is KVM.
\item Has private domain registration services.
\item Colocation available.
\item ``FlokiNET is proud to be completly Tor Project logo-friendly. Feel free to host a TOR-node with us!''
\item ``DDoS mitigation cloud has 950 Gbps filtering capacity.''
\item Finland and Iceland are free speech friendlier countries.
\item Has good, optional higher level SLAs that are inexpensive.
\item Has Debian 9 available for KVM.
\item Maximum balance is €15000.00EUR.
\item Strong dedication to Tor.
\item Creates apparently random username for login.
\item Debian 9 version installed was (nearly) up to date.
\item Uses KVM.
\end{itemize}
\subsection{FlokiNET Cons}
FlokiNET Cons:
\begin{itemize}
\item Iceland Virtual Private Server uses VMWare.
\item Dedicated servers look like older HP models.
\item Bandwidth is OK, but not great as they are on a remote island.
\item VoIP URL is 404 \url{https://flokinet.is/en/learnsecurevoip.php}.
\item Uses WHMCS for account services management (non-free software).
\item After doing PayPal payment, it says payment was successful, but invoice says ``Unpaid''.
\item The invalid SSL certificates and 404 pages possibly point to poor security practices, overall.
\item VPS are deployed manually and \emph{not deployed on weekends!}
\item Someone was left logged in on the console, on first login:
\begin{minted}{sh}
# w
04:40:52 up 2:17, 2 users, load average: 0.00, 0.00, 0.00
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
is4423 tty1 - 02:24 2:16m 0.17s 0.08s -bash
\end{minted}
\item By default in the KVM, they set the nameservers to Google's
\texttt{8.8.8.8} and \texttt{8.8.4.4}.
% \item In the KVM, you get a NAT'd IP address, not a real one.
\end{itemize}
\subsection{FlokiNET Unknown}
\begin{itemize}
\item IPMI on dedicated servers?
\item The IP in \texttt{/etc/hosts} for the hostname wasn't the same as used for SSH.
Either a mistake or firewall forwarded for security (???). Appears to be mistake.
\end{itemize}

@ -0,0 +1,108 @@
%
% Sharktech.tex
%
% Fork Sand IT Manual
%
% Copyright (C) 2018, Fork Sand, Inc.
% Copyright (C) 2017, Jeff Moe
%
% This document is licensed under the Creative Commons Attribution 4.0
% International Public License (CC BY-SA 4.0) by Fork Sand, Inc.
%
\section{Sharktech}
Sharktech is a provider that focuses on DDoS prevention, such
as for gaming servers. Has a data center in Denver.
Looks good. Manually provisions servers over a few days.
Good local speed and latency.
\url{https://sharktech.net/}
\begin{figure}[h!]
\includegraphics[keepaspectratio=true,height=1.10\textheight,width=1.00\textwidth,angle=0]{www-sharktech.png}
\caption{Sharktech Website}
\label{fig:www-sharktech}
\end{figure}
\begin{figure}[h!]
\includegraphics[keepaspectratio=true,height=1.10\textheight,width=1.00\textwidth,angle=0]{www-sharktech-dashboard-services.png}
\caption{Sharktech Dashboard Services Web Page}
\label{fig:www-sharktech-dashboard-services}
\end{figure}
First login, kernel is:
\texttt{Linux debian 3.16.0-4-amd64 \#1 SMP Debian 3.16.36-1+deb8u1 (2016-09-03) x86\_64 GNU/Linux}
It isn't up-to-date. Running Debian 8.6. The \texttt{dmesg} showed the kernel had already
barfed a couple times (USB time outs and more).
IPMI http connection is in cleartext!!! Doesn't redirect to https. https has failed SSL
certificate (like every other Supermicro on the planet). IPMI requires Java junk.
Server was running for a few days before I could update it.
\begin{minted}{sh}
# Sharktech IPMI:
Firmware Revision : 03.38
Firmware Build Time : 2015-01-05
# XXX
# XXX Somehow doesn't have a route to ns1 for DNS (?).
# XXX NEED MULTIPLE MASTERS.
# XXX This eventually sync'd after a few minutes and restarts...
017-10-07 07:53:57.755584 | server | N | zone load: slave zone solipsists.org. requires download from the master
2017-10-07 07:54:00.833918 | server | E | slave: query error for domain solipsists.org. from master at 69.164.197.34#53: No route to host
2017-10-07 07:54:00.833923 | server | W | slave: 69.164.197.34#53 master failed to answer for domain solipsists.org.: retrying
2017-10-07 07:54:00.928262 | server | E | database: solipsists.org.: failed to download the zone: No route to host
# XXX takes 7 minutes to reboot.
\end{minted}
\begin{figure}[h!]
\includegraphics[keepaspectratio=true,height=1.10\textheight,width=1.00\textwidth,angle=0]{sharktech-reboot-dhcp.png}
\caption{Sharktech Reboot DHCP Hang}
\label{fig:sharktech-reboot-dhcp}
\end{figure}
\begin{figure}[h!]
\includegraphics[keepaspectratio=true,height=1.10\textheight,width=1.00\textwidth,angle=0]{sharktech-reboot-dhcp-2.png}
\caption{Sharktech Reboot DHCP Hang 2}
\label{fig:sharktech-reboot-dhcp-2}
\end{figure}
\begin{figure}[h!]
\includegraphics[keepaspectratio=true,height=1.10\textheight,width=1.00\textwidth,angle=0]{sharktech-reboot-grub.png}
\caption{Sharktech Reboot GRUB}
\label{fig:sharktech-reboot-grub}
\end{figure}
\begin{itemize}
\item Default IPMI connection is in cleartext http.
\item SSL certificate for Supermicro IPMI is bad (like all of them).
\item Can't change password on IPMI.
\item Root password for server and IPMI is sent via email.
\item There is an attack window between their machine imaging and first login.
\item Customer should control timing of first power on.
\item System is also possibly vuln during the ISP's initial power up and commissioning period.
\item First reboot, the system hung (.png XXX).
\item Hard reset, lots of DHCP queries at boot.
\item A \texttt{debian} user was on the system, password unknown. Check \texttt{/home}!
\item They block NTP to prevent DDoS, so you have to use their time server
\texttt{time.sharktech.net}
\end{itemize}
Sharktech payment methods:
\begin{itemize}
\item Credit Card.
\item PayPal.
\item Wire Transfer.
\item Check/Western Union.
\item Offline Credit Card.
\item Bitcoin.
\item \$1,000USD maximum balance.
\end{itemize}
\section{ns36}
ns36 server info
\begin{itemize}
\item Shipped with default kernel:
\texttt{Linux debian 3.16.0-4-amd64 \#1 SMP Debian 3.16.7-ckt20-1+deb8u2 (2016-01-02) x86\_64 GNU/Linux}
\item Shipped with Debian 8.3 (an old version of \texttt{oldstable}).
\end{itemize}

@ -0,0 +1,51 @@
%
% ClusterHardware.tex
%
% Fork Sand IT Manual
%
% Copyright (C) 2018, Fork Sand, Inc.
% Copyright (C) 2017, Jeff Moe
% Copyright (C) 2017 Aleph Objects, Inc.
%
% This document is licensed under the Creative Commons Attribution 4.0
% International Public License (CC BY-SA 4.0) by Fork Sand, Inc.
%
\section{Cluster Hardware Overview}
The cluster will require rackmountable equipment:
\begin{itemize}
\item GNU/Linux Servers
\end{itemize}
\section{GNU/Linux Servers}
The servers will all run Debian GNU/Linux
\subsection{Denver Server List}
\begin{itemize}
\item \texttt{oc1.forksand.com} --- KVM host.
\item \texttt{rd1.forksand.com} --- Misc.
\end{itemize}
\section{Network Hardware}
The network switches do not run free software.
\section{Disk Drives}
The disk drives do not run free software.
\begin{itemize}
\item Hard drive platters, 7200 RPM, 2.5" and 3.5"
\item SSD
\item NVMe
\end{itemize}
\section{Suppliers}
Who we'll get hardware from.
\begin{itemize}
\item Pogo Linux --- Debian GNU/Linux Servers, USA.
\item Viking.net --- Coreboot Opteron servers in Germany.
\item raptorcs.com --- POWER9, custom Coreboot systems (?), USA.
\end{itemize}

@ -0,0 +1,33 @@
%
% Colophon.tex
%
% Fork Sand IT Manual
%
% Document template:
% Copyright (C) 2018, Fork Sand, Inc.
% Copyright (C) 2017, Jeff Moe
% Copyright (C) 2011, 2012, 2013, 2014, 2015, 2016, 2017 Aleph Objects, Inc.
% Copyright (C) 2009, 2010 Jeff Moe
%
% This document is licensed under the Creative Commons Attribution 4.0
% International Public License (CC BY-SA 4.0) by Fork Sand, Inc.
%
%%% COLOPHON %%%
\begin{vplace}
\centering
\emph{\LARGE Colophon}
\rule{0.5\textwidth}{0.4pt}\\[\baselineskip]
{\tiny Created with 100\% Free Software}
Debian GNU/Linux
{\LaTeX} Memoir
\rule{0\textwidth}{0pt}\\[\baselineskip]%
\rule{0.5\textwidth}{0.4pt}\\[\baselineskip]
\end{vplace}
%%% END COLOPHON %%%

@ -0,0 +1,24 @@
%
% Contact.tex
%
% Fork Sand IT Manual
%
% Document template:
% Copyright (C) 2018, Fork Sand, Inc.
% Copyright (C) 2017, Jeff Moe
% Copyright (C) 2011, 2012, 2013, 2014, 2015, 2016, 2017 Aleph Objects, Inc.
% Copyright (C) 2009, 2010 Jeff Moe
%
% This document is licensed under the Creative Commons Attribution 4.0
% International Public License (CC BY-SA 4.0) by Fork Sand, Inc.
%
\section{Email}
\setlength{\parindent}{0pt}
Email: \texttt{support@forksand.com}
\section{Website}
\texttt{www.forksand.com}

@ -0,0 +1,40 @@
%
% Copyright.tex
% Copyleft
%
% Fork Sand IT Manual
%
% Copyright (C) 2018, Fork Sand, Inc.
% Copyright (C) 2017, Jeff Moe
%
% Document template:
% Copyright (C) 2018, Fork Sand, Inc.
% Copyright (C) 2017, Jeff Moe
% Copyright (C) 2011, 2012, 2013, 2014, 2015, 2016, 2017 Aleph Objects, Inc.
%
% This document is licensed under the Creative Commons Attribution 4.0
% International Public License (CC BY-SA 4.0) by Fork Sand, Inc.
%
\fontspec{lmroman12-regular.otf}
\clearpage\null\vfill
\begingroup
\thispagestyle{empty}
\footnotesize\raggedright
\setlength{\parskip}{0.5\baselineskip}
\textbf{Fork Sand IT Manual}
Copyright \copyright\ 2018, Fork Sand, Inc.\par
Permission is granted to copy, distribute and\slash or modify
this document under the terms of the
Creative Commons Attribution 4.0 International Public License
(CC BY-SA 4.0).
Published by Fork Sand, Inc., Loveland, Colorado, USA.
% ISBN: NNN-N-NNN-NNNNN-N
\renewcommand{\dateseparator}{}
\hfill\texttt{\yyyymmdddate\today} % Timestamp build date
\endgroup
\pagebreak{}

@ -0,0 +1,88 @@
%
% DNS.tex
%
% Fork Sand IT Manual
%
% Copyright (C) 2018, Fork Sand, Inc.
% Copyright (C) 2017, Jeff Moe
%
% This document is licensed under the Creative Commons Attribution 4.0
% International Public License (CC BY-SA 4.0) by Fork Sand, Inc.
%
DNS, so many problems, so insecure.
Nameserver daemons:
\begin{itemize}
\item BIND
\item cstorm\_deepDNS --- WTF.
Website: \\ \url{https://github.com/cryptostorm/cstorm_deepDNS}
\item djbdns
\item prodns
\item EU/CZ one
\item Yadifa --- Many nodes deployed
\end{itemize}
Misc:
\begin{itemize}
\item Once records are stable, set TTL to huge time ?
\item OpenDNS.
\end{itemize}
\section{Registration}
Where to register? Need to be in the root servers...
\begin{itemize}
\item Njalla --- ``Privacy-aware domain registration service''.
Website: \\ \url{https://njal.la/}
\end{itemize}
\subsection{Njalla}
Njalla --- ``Privacy-aware domain registration service''.
Website: \\ \url{https://njal.la/}
They purchase and own the domain, to protect privacy.
``We're not actually a domain name registration service, we're a customer to these. We sit in between the domain name registration service and you, acting as a privacy shield.
When you purchase a domain name through Njalla, we own it for you. However, the agreement between us grants you full usage rights to the domain. Whenever you want to, you can transfer the ownership to yourself or some other party.''
\begin{itemize}
\item Based in Nevis.
\item By the Pirate Bay and Flattr crew.
\end{itemize}
Payment methods:
\begin{itemize}
\item Bitcoin
\item DASH
\item Litecoin
\item Monero
\item PayPal
\end{itemize}
\section{njal.la}
njal.la is a privacy domain registrar. They register the domain in their name,
which is a step further than most registrars. They are registered legal owner
of the domain. But the user can configure the domain however they want, using
njal.la's nameservers or not, as they like. If the user wants to take the
domain somewhere else and own it directly, they can.
They appear to take security up a notch too, using encrypted jabber instead
of email, as an option.
\begin{itemize}
\item Signup can be done via email or jabber (!).
\item Jabber signup sends message via jabber, using \emph{unathenticated} OTR.
This is the first service I've seen that does this, and it is great. Would be
better if it did authenticated OTR setup before sending the verification URL
though.
\item Fist login page at Njalla ask for a PGP key, if email is to be sent (!).
\item Support can be done via Jabber.
\item Tor onion (!) address: \url{http://njalladnspotetti.onion/}
\item Payment forms accepted: Bitcoin, PayPal, LiteCoin, Monero, Dash,
Bitcoin Cash.
\end{itemize}

@ -0,0 +1,22 @@
%
% Distros.tex
%
% Fork Sand IT Manual
%
% Copyright (C) 2018, Fork Sand, Inc.
% Copyright (C) 2017, Jeff Moe
%
% This document is licensed under the Creative Commons Attribution 4.0
% International Public License (CC BY-SA 4.0) by Fork Sand, Inc.
%
\section{Operating System Distributions}
\label{sec:overview-distros}
The following operating systems will be used:
\begin{itemize}
\item Debian GNU/Linux --- For Utility, Ceph, and OpenNebula Servers.
\item OPNSense --- Firewalls.
\end{itemize}
\input{Distros/Debian}

@ -0,0 +1,98 @@
%
% Debian.tex
%
% Fork Sand IT Manual
%
% Copyright (C) 2018, Fork Sand, Inc.
% Copyright (C) 2017, Jeff Moe
% Copyright (C) 2017 Aleph Objects, Inc.
%
% This document is licensed under the Creative Commons Attribution 4.0
% International Public License (CC BY-SA 4.0) by Fork Sand, Inc.
%
\section{Debian}
Debian is a free software GNU/Linux distribution.
\begin{figure}[h!]
\includegraphics[keepaspectratio=true,height=1.10\textheight,width=1.00\textwidth,angle=0]{www-debian.png}
\caption{Debian Website}
\label{fig:www-debian}
\end{figure}
\subsection{Install Debian}
The Debian servers all get a Minimal + standard utilities + sshd install.
At present, it is being tested with virtual machines. When deployed, it will
be set up remotely using HTML5 IPMI.
Install Debian 9 (Stretch).
\section{Creating Debian Images}
All cloud services will install various operating system images onto the
virtual and bare metal machines they sell. Usually these images are old.
They are also done by the provider, often of marginal quality. Some are
tuned, and are a bit better done (e.g. Linode). Others are a couple years
old when booted.
There are innumerable ways to make images of an operating system to be used.
Here are some for Debian...
\begin{itemize}
\item \texttt{Debian OpenStack Images} --- \url{http://cdimage.debian.org/cdimage/openstack/current/}
\item \texttt{bootstrap-vz} --- tool for creating Debian images for cloud platforms (CLI).
\item \texttt{cdebootstrap} --- Bootstrap a Debian system.
\item \texttt{debootstick} --- Turn a chroot environment into a bootable image.
\item \texttt{debootstrap} --- Bootstrap a basic Debian system.
\item \texttt{grml-debootstrap}- wrapper around debootstrap for installing pure Debian.
\item \texttt{live-boot} --- Live System Boot Components.
\item \texttt{live-wrapper} --- Wrapper for vmdebootstrap for creating live images.
\item \texttt{openstack-debian-images} --- script to build a Debian image for OpenStack.
\item \texttt{packer} --- tool for creating machine images for multiple platforms.
\item \texttt{vmdebootstrap} --- Bootstrap Debian into a (virtual machine) disk image.
\end{itemize}
\subsection{\texttt{packer}}
The \texttt{packer} application in Debian looks particularly useful.
\begin{figure}[h!]
\includegraphics[keepaspectratio=true,height=1.10\textheight,width=1.00\textwidth,angle=0]{www-packer.png}
\caption{Packer Website}
\label{fig:www-packer}
\end{figure}
Debian's description:
%%%
Packer is a CLI tool for the automatic creation of identical machine images
(single deployable units that contain a pre-configured OS and installed
software) for multiple platforms (public cloud providers, private cloud
and desktop virtualization solutions) from a single JSON template resp.
configuration file.
Packer features builders for the following target platforms which could be
employed on Debian:
\begin{itemize}
\item Amazon Web Services (EBS-backed Amazon Machine Images for EC2, and other
types)
\item DigitalOcean (reuseable snapshots from available source images)
\item Docker
\item Google Compute Engine (images based on existing images)
\item OpenStack (new reuseable images for servers in OpenStack clouds)
\item QEMU (KVM and Xen virtual machine images)
\item Oracle VirtualBox (virtual machine images)
\end{itemize}
A number of post-processors are included like for creating Vagrant boxes.
Several provisioners resp. remote execution systems, namely Ansible, Chef,
Puppet, Salt, and shell based provisioning (using SSH) are supported to
configure and install software on the machines automatically after fresh OSs
have been set up.
For the documentation of Packer, please see <\url{https://www.packer.io/docs}>.

@ -0,0 +1,29 @@
%
% Distros-tmpl.tex
%
% Fork Sand IT Manual
%
% Copyright (C) 2018, Fork Sand, Inc.
% Copyright (C) 2017, Jeff Moe
%
% This document is licensed under the Creative Commons Attribution 4.0
% International Public License (CC BY-SA 4.0) by Fork Sand, Inc.
%
\section{DISTRO}
Website: % \url{https://www.distro.org}
%\begin{figure}[h!]
%\includegraphics[keepaspectratio=true,height=1.10\textheight,width=1.00\textwidth,angle=0]{www-distro.png}
% \caption{DISTRO Website}
% \label{fig:www-distro}
%\end{figure}
%\subsection{DISTRO Installation}
%DISTRO Installation.
%\subsection{DISTRO Configuration}
%DISTRO Configuration
%\begin{minted}{sh}
%# DISTRO
%\end{minted}

@ -0,0 +1,123 @@
%
% Firewalls.tex
%
% Fork Sand IT Manual
%
% Copyright (C) 2018, Fork Sand, Inc.
% Copyright (C) 2017, Jeff Moe
% Copyright (C) 2016, 2017 Aleph Objects, Inc.
%
% This document is licensed under the Creative Commons Attribution 4.0
% International Public License (CC BY-SA 4.0) by Fork Sand, Inc.
%
Firewalls keep the bad packets out, mostly. And let some good packets out.
\section{Overview}
What is the network doing?
\begin{itemize}
\item snort
\item MRTG
\item Aguri
\end{itemize}
%
% Authentication
\section{Overview}
Two-factor authentication using TOTP.
%
% Hardware
\section{Firewall Hardware Overview}
Hardware.
Some resellers:
\begin{itemize}
\item \url{https://www.deciso.com/}
\item \url{https://www.pfwhardware.com/}
\item \url{https://www.osnet.eu/}
\end{itemize}
\begin{itemize}
\item (8) 1 gig ethernet ports
Connects to (1) 100M ethernet upstream fiber optic
Connects to (1) 100M ethernet upstream wifi
Various LAN
\item (Hot swap?) Dual Power Supplies
\item (How swap?) RAID (Linux md), with SSD storage.
\item 2.5" drive bays
\item Total ~8GHz CPU
\item ~8-16 gigs RAM ? Depends on OS.
\item Two servers total, for standby/failover
\end{itemize}
%
% Firewall
\section{Overview}
Most servers and workstations run GNU/Linux, which uses iptables.
\section{iptables}
iptables is part of the Netfilter project and has been included by default in
the Linux kernel for many years.
\begin{figure}[h!]
\includegraphics[keepaspectratio=true,height=1.10\textheight,width=1.00\textwidth,angle=0]{www-netfilter.png}
\caption{Netfilter Website}
\label{fig:www-netfilter}
\end{figure}
\section{Requirements}
There are a lot of operating systems to consider to use as a firewall...
Notes on some requirements in a firewall.
\begin{itemize}
\item Must be free software.
\item The project must still be alive.
\item Does it use a hardened kernel?
\item How does it do security updates?
\item Are there open security issues?
\item Are there any CVEs?
\item How are security issues handled?
\item Is there a list of security issues?
\item Does it have a wifi portal? (Should that be a separate box or in OpenWRT?)
\item Does upstream https actually work?
\item UTM - Unified Threat Management (e.g. snort, etc.)
\item Load balancing between multiple upstreams (without BGP).
\item Load balancing between dual local routers.
\item Fail over to standby router (e.g. pfsync).
\item ``Anti-virus'', SMTP, POP scans? Meh? (e.g. OpenBSD has greylist/tarpit.)
\item Packet cleansing (e.g. tcp header randomization).
\item Do we want DNS, DHCP, etc? Probably not?
\item OpenVPN (built into router, or thru it?).
\item Network graphing (MRTG, aguri, etc.)
\item No broken ``community'' editions.
\item Have mirrored server doing analysis?
\item NAT options? cone, etc.
\item Local system monitoring (e.g. system temp, hdd status, etc.)
\item sshd
\item GSM, pppd ?
\item Two-factor authentication.
\item snort, suricata
\end{itemize}
\section{Firewall Operating Systems in Use}
\subsection{Debian}
\href{https://www.debian.org/}{Debian}
Debian is used for nearly everything. It could easily be used as a
router/firewall. There are better, more tuned options.
Linux's iptables is used on servers.
\begin{figure}[h!]
\includegraphics[keepaspectratio=true,height=1.10\textheight,width=1.00\textwidth,angle=0]{www-debian.png}
\caption{Debian Website}
\label{fig:www-debian}
\end{figure}

@ -0,0 +1,38 @@
%
% Firmware.tex
%
% Fork Sand IT Manual
%
% Copyright (C) 2018, Fork Sand, Inc.
% Copyright (C) 2017, Jeff Moe
%
% This document is licensed under the Creative Commons Attribution 4.0
% International Public License (CC BY-SA 4.0) by Fork Sand, Inc.
%
\section{Overview of Firmware}
\label{sec:overview-firmware}
There is a lot of firmware in workstations, often non-free.
Various projects replace some non-free binaries.
\begin{itemize}
\item BIOS
\item Hard drive firmware
\item Keyboard controller
\item on and on...
\end{itemize}
\section{Coreboot}
Coreboot is used on Viking.net servers.
\section{OpenBMC}
OpenBMC is used on Raptor Computing Systems OpenPOWER workstations.
\begin{itemize}
\item Github:
Website: \\ \url{https://github.com/openbmc/openbmc}
\end{itemize}

@ -0,0 +1,29 @@
%
% Introduction.tex
%
% Fork Sand IT Manual
%
% Copyright (C) 2018, Fork Sand, Inc.
% Copyright (C) 2017, Jeff Moe
%
% This document is licensed under the Creative Commons Attribution 4.0
% International Public License (CC BY-SA 4.0) by Fork Sand, Inc.
%
\section{Overview}
The purpose of this document is to record the setup and maintenance of
Fork Sand's IT infrastructure.
\begin{itemize}
\item Free.
\item Private.
\item Secure.
\item Hardware.
\item Software.
\item Firmware.
\item Network.
\item Cloud.
\item Operating Systems.
\end{itemize}

@ -0,0 +1,17 @@
%
% NTP.tex
%
% Fork Sand IT Manual
%
% Copyright (C) 2018, Fork Sand, Inc.
% Copyright (C) 2017, Jeff Moe
%
% This document is licensed under the Creative Commons Attribution 4.0
% International Public License (CC BY-SA 4.0) by Fork Sand, Inc.
%
NTP is time.
\begin{itemize}
\item Daemon \texttt{chrony}, most secure
\item Hardware clocks, GPS, etc.
\end{itemize}

@ -0,0 +1,54 @@
%
% Network.tex
%
% Fork Sand IT Manual
%
% Copyright (C) 2018, Fork Sand, Inc.
% Copyright (C) 2017, Jeff Moe
% Copyright (C) 2017 Aleph Objects, Inc.
%
% This document is licensed under the Creative Commons Attribution 4.0
% International Public License (CC BY-SA 4.0) by Fork Sand, Inc.
%
\section{Network Diagaram}
This is an overview of the network.
The first diagram is an overview, with networks listed, without the admin network.
XXX Diagram.
%\begin{figure}[h!]
%\includegraphics[keepaspectratio=true,height=1.00\textheight,width=1.00\textwidth,angle=90]{fs-cloud-net-overview.pdf}
% \caption{Fork Sand IT Manual Network Overview without Admin Net}
% \label{fig:fs-cloud-net-overview}
%\end{figure}
The second network, shows most servers, without the admin network.
XXX Diagram.
%\begin{figure}[h!]
%\includegraphics[keepaspectratio=true,height=1.00\textheight,width=1.00\textwidth,angle=90]{ao-cloud-net.pdf}
% \caption{Fork Sand IT Manual Network without Admin Net}
% \label{fig:ao-cloud-net}
%\end{figure}
\section{Switches}
Some day there will be a real free software network switch we'll
be able to use... For now we will be using:
\begin{itemize}
\item TP Link 48-port 1 Gigabit RJ-45
\item Netgear 16-port 10 Gigabit RJ-45
\end{itemize}
\section{IPMI Administration}
The servers have low level administration done via HTML5 IPMI.
OpenBMC will be used, where possible.

@ -0,0 +1,197 @@
%
% OpenNebula.tex
%
% Fork Sand IT Manual
%
% Copyright (C) 2018, Fork Sand, Inc.
% Copyright (C) 2017, Jeff Moe
% Copyright (C) 2017 Aleph Objects, Inc.
%
% This document is licensed under the Creative Commons Attribution 4.0
% International Public License (CC BY-SA 4.0) by Fork Sand, Inc.
%
% XXX TODO: opennebula-sunstone-login.png
\section{Overview}
OpenNebula is a virtual machine manager.
The private cloud deployment will be based on OpenNebula version 5.4, which
is currently in beta. There are only Debian 8 (Jessie, oldstable) releases.
Debian hasn't packaged OpenNebula since wheezy. It has it in sid, but even
that is an old version. The only packages available for Debian are the
upstream ones for Jessie made by OpenNebula. UPDATE: although it isn't listed
on their website, it does appear their are Debian 9 (Stretch) builds of
OpenNebula for the betas of the forthcoming 5.4 version, which is great.
Documentation:
\url{https://docs.opennebula.org/5.4/}
\begin{figure}[h!]
\includegraphics[keepaspectratio=true,height=1.10\textheight,width=1.00\textwidth,angle=0]{www-opennebula.png}
\caption{OpenNebula Website}
\label{fig:www-opennebula}
\end{figure}
\begin{itemize}
\item Website: \\ \url{https://opennebula.org/}
\item Debian Stretch Repo: \\
\url{http://downloads.opennebula.org/repo/5.4/Debian/9/pool/opennebula/}
\end{itemize}
The following servers will be deployed to host OpenNebula and the KVMs:
\begin{itemize}
\item \texttt{waz-kvm-001.forksand.com} --- Virtual Machine Server 1
\item \texttt{waz-kvm-002.forksand.com} --- Virtual Machine Server 2
\item \texttt{waz-kvm-003.forksand.com} --- Virtual Machine Server 3
\item \texttt{waz-kvm-004.forksand.com} --- Virtual Machine Server 4
\item \texttt{waz-kvm-005.forksand.com} --- Virtual Machine Server 5
\item \texttt{waz-sun-001.forksand.com} --- OpenNebula Sunstone Web GUI 1
\item \texttt{waz-sun-002.forksand.com} --- OpenNebula Sunstone Web GUI 2
\end{itemize}
\subsection{Virtual Machine Servers}
KVM virtual machine servers. Fast CPU, with lots of RAM. Uses Ceph to store
virtual images.
\subsection{Sunstone Web GUI Servers}
Sunstone is OpenNebula's Web GUI for administration of the cluster.
\begin{figure}[h!]
\includegraphics[keepaspectratio=true,height=1.10\textheight,width=1.00\textwidth,angle=0]{opennebula-sunstone.png}
\caption{OpenNebula Sunstone Web Admin GUI}
\label{fig:opennebula-sunstone}
\end{figure}
\begin{minted}{sh}
wget -q -O- https://downloads.opennebula.org/repo/repo.key | apt-key add -
echo "deb http://downloads.opennebula.org/repo/5.4/Debian/9 stable opennebula" > /etc/apt/sources.list.d/opennebula.list
apt update
apt -y install opennebula-node
service libvirtd restart
\end{minted}
\section{Bugs}
Things that are bugs or at least aren't configured correctly.
\section{Sunstone Configuration}
At this point, you should have the OpenNebula Sunstone server up and running.
See scripts in \texttt{source/resources/ns24} for automation.
\begin{enumerate}
\item Set up ssh tunnel (use Sunstone server name for ns24):
Code: \\ \texttt{ssh -N -C -L 9869:localhost:9869 ns24}
\item In workstation, open browser to url:
URL: \\ \url{http://localhost:9869/}
Info: \\ This goes through the encrypted SSH tunnel, but doesn't use https.
\item Click \texttt{OpenNebula} in the upper right to get the full web console.
\item Click \texttt{Infrastructure}.
\item Click \texttt{Hosts}.
\item Click The \texttt{+} plus icon.
\item Enter the hostname of the KVM server you want to use, such as the Sunstone server itself.
\texttt{Type: KVM}
\texttt{Hostname: ns24}
\item Click \texttt{Create}.
\item Repeatedly hit the reload button that's the two arrows in a circle, as it goes thru
stages of setup, starting at \texttt{INIT}.
\item Confirm status is \texttt{ON}.
\end{enumerate}
\section{Sunstone Deploy Image}
This is a quick and dirty way to deploy a first test image.
NOTE: It is note privacy aware, as it pulls the image from the
OpenNebula ``store''.
How to deploy an image from the OpenNebula App store:
\begin{enumerate}
\item Click \texttt{Storage}.
\item Click \texttt{Apps}
\item Click \texttt{Debian 9 - KVM}.
\item Click on the icon that is a cloud with an arrow in it. This downloads it to OpenNebula.
\item Select a datastore by clicking the \texttt{default} line.
\item Leave name and all that the same, and click \texttt{Download}.
\item Click \texttt{Images} under \texttt{Storage} in the left column.
\item Hit the refresh icon repeatedly.
\item When \texttt{Status} is \texttt{READY}, it is good to go.
\item Click \texttt{Templates} in the left column.
\item Click \texttt{VMs}.
\item Click \texttt{Debian 9 - KVM}.
\item Click \texttt{Instantiate}.
\item \texttt{VM Name} enter \texttt{deb9}.
\item \texttt{Number of instances} enter \texttt{1}.
\item \texttt{Memory} enter \texttt{768}.
\item \texttt{CPU} enter \texttt{1}.
\item Click the slider to \texttt{Instantiate as persistent}.
\item Click \texttt{Instantiate}.
\item Click \texttt{Instances} in the left column.
\item Click \texttt{VMs}.
\item Click the reload icon, repeat.
\item It is good when \texttt{Status} is \texttt{RUNNING}.
\item Set up an \texttt{ssh} tunnel so VNC can be used:
\texttt{ssh -N -C -L 29876:localhost:29876 ns24}
\item Click on the little monitor icon to launch VNC.
\item Look at booted up screen at \texttt{login:} prompt.
\item This means a Debian KVM booted up and the VNC is working.
There is no password for the \texttt{root} account, only \texttt{ssh} is available.
So without network setup, you can't really do anything with this image.
Booted, it just shows it works.
\end{enumerate}
I think delete this section, it would go before the \texttt{Templates} above.:
\begin{enumerate}
\item Click \texttt{Debian 9 - KVM}.
\item PROBABLY NO: Click \texttt{Clone} to make a local copy.
\item PROBABLY NO: It will say \texttt{Copy of Debian 9 - KVM}, leave as-is, click \texttt{Clone}.
\item Click on the icon with three dots.
\item Click \texttt{Make Persistent}.
\item Click on the icon with three dots.
\item Click \texttt{Enable}.
\end{enumerate}
\section{OpenNebula Networking}
XXX Yes, this part needs set up...
\begin{minted}{sh}
# /etc/network/interfaces bridge section, add this:
auto br0
iface br0 inet static
bridge_ports eth0
bridge_fd 0
address 192.168.100.1
netmask 255.255.255.0
network 192.168.100.0
broadcast 192.168.100.255
gateway 192.168.100.1
dns-nameservers 37.235.1.174
dns-search forksand.com
\end{minted}
As user \texttt{jebba}, on the server, run this to generate a key.
Then paste that key into Sunstone under "SSH Public Key".
\begin{minted}{sh}
ssh-keygen -t ed25519
\end{minted}
\begin{minted}{sh}
# XXX test. Use this IP and interface, so no 192.168.0.0 but real IPs.
# Comment this out:
auto eth0:27
iface eth0:27 inet static
address 174.128.229.158
netmask 255.255.255.224
gateway 174.128.229.129
\end{minted}
XXX Check if IP forwarding is needed in \texttt{/etc/sysctl.conf}.
If things are set up to use a bridge and 192.168.100.100,
\texttt{iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE}
Will bring things up to NAT.
XXX The port forwarding is forwarding all port 53 to guest at the moment.

@ -0,0 +1,131 @@
%
% Software-daemons.tex
%
% Fork Sand IT Manual
%
% Copyright (C) 2018, Fork Sand, Inc.
% Copyright (C) 2017, Jeff Moe
% Copyright (C) 2014, 2015, 2016, 2017 Aleph Objects, Inc.
%
% This document is licensed under the Creative Commons Attribution 4.0
% International Public License (CC BY-SA 4.0) by Fork Sand, Inc.
%
\section{Server Daemons}
These are the server daemons used to drive the enterprise.
\section{\href{http://sourceforge.net/projects/acpid2/}{ACPID}}
Monitors ACPI events. Runs on nearly all servers and workstations.
\section{\href{http://httpd.apache.org/}{Apache}}
Web daemon, used on many servers.
\section{\href{http://www.isc.org/}{BIND}}
Nameserver used for caching.
\section{\href{https://borgbackup.github.io/borgbackup/}{Borg}}
Backup program.
\section{\href{https://www.collaboraoffice.com/code/}{code}}
Collabora Online Development Edition (CODE) is LibreOffice Online (LOOL)
for Nextcloud.
\section{\href{https://github.com/coturn/coturn}{coturn}}
TURN and STUN server. Used for videoconferencing.
\section{\href{http://ftp.isc.org/isc/cron/}{cron}}
Scheduled triggering of applications (cf. at).
\section{\href{http://dnsmasq.org/}{DHCP}}
dnsmasq DHCP for 350+ hosts.
\section{\href{https://www.discourse.org/}{Discourse}}
Mailing list, discussion board, forum.
\section{\href{https://dockerproject.org/}{Docker}}
System containers, virtual servers.
\section{\href{http://dnsmasq.org/}{DNS}}
dnsmasq DNS caching.
\section{\href{http://dnsmasq.org/}{Dovecot}}
IMAP mail services. Employees check their mail via the
IMAP server, typically using Icedove or aomail (roundcube using IMAP).
\section{\href{https://www.erlang.org/}{Erlang}}
Virtual machine (ejabberd).
\section{{iptables}{Firewalls}}
Linux's iptables.
\section{\href{http://www.fail2ban.org/}{fail2ban}}
Block out scripts, bots, crackers, and network noise on servers.
\section{\href{http://www.debian.org/}{Init}}
Init, woo!
\section{\href{http://mariadb.org/}{MariaDB}}
Used on many servers for a database. Replacing MySQL.
\section{md RAID}
Linux RAID, md, mdadm.
\section{\href{http://www.memcached.org/}{memcached}}
Used to speed up websites, such as Nextcloud.
\section{\href{http://www.mysql.org/}{MySQL}}
Used on many servers for a database.
\section{\href{https://nextcloud.com/}{Nextcloud}}
Shared calendars, files, collaborative document editing with
LibreOffice Online, videoconferencing.
\section{\href{http://support.ntp.org/}{NTP}}
Syncs time on every server and workstation.
\section{\href{http://www.opendkim.org/}{OpenDKIM}}
DKIM (Domain Keys Identified Mail) sender authentication system.
\section{\href{http://www.openssh.com/}{OpenSSH}}
Used to control every server, create encrypted tunnels (autossh),
mount filesystems (sshfs), and remote file transfer (sftp).
\section{\href{http://openvpn.net/}{OpenVPN}}
Connects external resources, such as employee mobiles and laptops, to the internal network.
\section{\href{https://www.piwiki.org/}{Piwik}}
Application to analyze web site traffic.
\href{http://www.mrunix.net/webalizer/}{Webalizer} is used occassionally.
\section{\href{http://www.postfix.org/}{Postfix}}
Main SMTP outgoing mail server.
\section{\href{http://www.postgresql.org/}{Postgres}}
Database server.
\section{\href{http://www.qemu.org/}{QEMU}}
Computer emulator, runs virtual servers. Uses KVM.
\section{\href{http://rsync.samba.org/}{rsync}}
File server.
\section{\href{http://www.rsyslog.com/}{rsyslog}}
Logging on every server and workstation.
\section{\href{http://www.spamassassin.org/}{spamassassin}}
Spam filtering of email.
\section{\href{http://fuse.sourceforge.net/sshfs.html}{sshfs}}
Main internal fileserver.
\section{\href{http://www.freedesktop.org/wiki/Software/systemd}{systemd}}
System bootup and process manager.
\section{\href{http://dnsmasq.org/}{TFTP}}
Network install server.
\section{\href{http://www.xinetd.org}{xinetd}}
xinetd on Debian systems. inetd on OpenBSD. Misc network utils.
\section{\href{http://www.ejabberd.im/}{XMPP/jabber}}
ejabberd, Erlang XMPP (jabber) server.

@ -0,0 +1,66 @@
\section{\texttt{SHA256SUM}}
\texttt{SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855}
\inputminted{sh}{resources/SHA256SUM}
\section{\texttt{STATS}}
\texttt{SHA256: b1861503f0a41f1f2bef8fbfba32501d871ef4c5fd073c3b9272c71a7b1e7ea5}
\inputminted{sh}{resources/STATS}
\section{\texttt{apps/iptables/etc/iptables}}
\texttt{SHA256: 825577f3fd900576c119d0a6191de16bf2d55fb84e6749921710b293e5fd1889}
\inputminted{sh}{resources/apps/iptables/etc/iptables}
\section{\texttt{apps/iptables/etc/iptables.test.rules}}
\texttt{SHA256: 4b50c760daa85619a74f1c635b26807fcc7f8bedb90bd22893de8c98f3d78ff1}
\inputminted{sh}{resources/apps/iptables/etc/iptables.test.rules}
\section{\texttt{apps/oca/etc/init.d/openerp-server}}
\texttt{SHA256: 03e673de76f6aece8473a8441b0c921368f675ea234b62fa58708427a1b69346}
\inputminted{sh}{resources/apps/oca/etc/init.d/openerp-server}
\section{\texttt{apps/oca/lib/systemd/system/odoo-server.service}}
\texttt{SHA256: a149aa2a11f17a20eda8f32e2ef5b34e403b772d53f1dcd2a62bd44b166c2122}
\inputminted{sh}{resources/apps/oca/lib/systemd/system/odoo-server.service}
\section{\texttt{apps/oca/oca11-addons}}
\texttt{SHA256: 72d2cb138dfae349f5029b27dae74d13745061233fcebb79ef3d38eb4836183a}
\inputminted{sh}{resources/apps/oca/oca11-addons}
\section{\texttt{apps/oca/oca-install.sh}}
\texttt{SHA256: 3d793228bd669725954044abb7901b38d6aa2fc397ee2d9fd65e46973a6e4365}
\inputminted{sh}{resources/apps/oca/oca-install.sh}
\section{\texttt{apps/oca/oca-manual-modules}}
\texttt{SHA256: 36b8bf27d09d3f67387f1febc34212a137341d18d25da3e47767fe8e8a56054f}
\inputminted{sh}{resources/apps/oca/oca-manual-modules}
\section{\texttt{apps/oca/odoo9-modules}}
\texttt{SHA256: 3d742d5b59b2a2d7e3c500be929d001bc3685b3a755ec8e913e82a90c87d58ec}
\inputminted{sh}{resources/apps/oca/odoo9-modules}
\section{\texttt{apps/odoo/odoo11-deb-install.sh}}
\texttt{SHA256: eec3af072498c00dd207f85d05de93ae81b4a0a6f4d31aa6b1dfb31af84eb07f}
\inputminted{sh}{resources/apps/odoo/odoo11-deb-install.sh}
\section{\texttt{apps/ssh/socks-chain.sh}}
\texttt{SHA256: 8e0ee0af15f20e6a5120f9bca4b073532002f8d309dc365c64734b111c03ae4e}
\inputminted{sh}{resources/apps/ssh/socks-chain.sh}
\section{\texttt{apps/ssh/socks-proxy.sh}}
\texttt{SHA256: 646c3cdef108cf891d9d5279971f3da8a708d78b9cb18da832043ba3048cfacf}
\inputminted{sh}{resources/apps/ssh/socks-proxy.sh}
\section{\texttt{apps/sunstone/etc/one/sunstone-logos.yaml}}
\texttt{SHA256: b318da9ebbe0bc3b5b80efda6c8594b2017736d8e32d3ff74aaefb727cf1fb0e}
\inputminted{sh}{resources/apps/sunstone/etc/one/sunstone-logos.yaml}
\section{\texttt{apps/sunstone/etc/one/sunstone-views.yaml}}
\texttt{SHA256: 34f5df58f4f6fce5985378c946c8b9718567a1454f171e2629b33e37ce0ca87f}
\inputminted{sh}{resources/apps/sunstone/etc/one/sunstone-views.yaml}
\section{\texttt{apps/yadifa-master/etc/yadifa/yadifad.conf}}
\texttt{SHA256: 1802daa96fe2a7373059b86ae166f008591aad4304eb8176e1c20f56e61e7df8}
\inputminted{sh}{resources/apps/yadifa-master/etc/yadifa/yadifad.conf}
\section{\texttt{apps/yadifa-master/var/lib/yadifa/masters/solipsists.org.zone}}
\texttt{SHA256: e2c4028695f3ac6b6ed8afb963a7821589b94ed81a2d068d7480b809d402c830}
\inputminted{sh}{resources/apps/yadifa-master/var/lib/yadifa/masters/solipsists.org.zone}
\section{\texttt{apps/yadifa-slave/etc/yadifa/yadifad.conf}}
\texttt{SHA256: 705f36a12aee30e8510e5d06f1d3dd471a82aa518e00648a83f8f9d1146b8186}
\inputminted{sh}{resources/apps/yadifa-slave/etc/yadifa/yadifad.conf}
\section{\texttt{apps/yadifa/var/lib/yadifa/masters/0.0.127.in-addr.arpa.zone}}
\texttt{SHA256: 1966009066a265b65574003bc5f338ee4c2595c010ece34e9e428c526b974fd5}
\inputminted{sh}{resources/apps/yadifa/var/lib/yadifa/masters/0.0.127.in-addr.arpa.zone}
\section{\texttt{apps/yadifa/var/lib/yadifa/masters/localhost.zone}}
\texttt{SHA256: 93847412dc586aa627b7c8d9c7f9f08223d62bd7297bb02058b57aaa4e92e220}
\inputminted{sh}{resources/apps/yadifa/var/lib/yadifa/masters/localhost.zone}
\section{\texttt{make-sources-list.sh}}
\texttt{SHA256: 29a180a3849349df01041152a06c3af2b9c1fc13b2d4da07fa1196ff6aff9de9}
\inputminted{sh}{resources/make-sources-list.sh}
\section{\texttt{txt2qrpng.sh}}
\texttt{SHA256: 28dff76725cfbe3e4dcf70120f0393422507443fa5b6a62e1814bd44fb62161e}
\inputminted{sh}{resources/txt2qrpng.sh}

@ -0,0 +1,12 @@
%
% Source.tex
%
% Fork Sand IT Manual
%
% Copyright (C) 2018, Fork Sand, Inc.
% Copyright (C) 2017, Jeff Moe
%
% This document is licensed under the Creative Commons Attribution 4.0
% International Public License (CC BY-SA 4.0) by Fork Sand, Inc.
%
\input{Source-gen}

@ -0,0 +1,45 @@
%
% Title.tex
%
% Fork Sand IT Manual
%
% Copyright (C) 2018, Fork Sand, Inc.
% Copyright (C) 2017, Jeff Moe
%
% Document template:
% Copyright (C) 2018, Fork Sand, Inc.
% Copyright (C) 2017, Jeff Moe
% Copyright (C) 2011, 2012, 2013, 2014, 2015, 2016, 2017 Aleph Objects, Inc.
% Copyright (C) 2009, 2010 Jeff Moe
%
% This document is licensed under the Creative Commons Attribution 4.0
% International Public License (CC BY-SA 4.0) by Fork Sand, Inc.
%
\date {}
\thispagestyle{empty}
\begin{center}
\par
%\includegraphics[keepaspectratio=true,angle=0,height=0.95\textheight,width=0.95\textwidth]{foo.pdf}
\par
\null\vfill
{\fontspec{lmroman12-regular.otf}\fontsize{35pt}{5cm}\selectfont \textcolor{ao-purple}{Fork Sand IT Manual}}
\par
\null\vfill
\par
\null\vfill
\par
\null\vfill
{\fontspec{lmroman12-regular.otf}\fontsize{25pt}{5cm}\selectfont \textcolor{ao-purple}{DRAFT}}
\par
\null\vfill
\par
\null\vfill
\par
\null\vfill
%\hfill{\fontspec{lmroman12-regular.otf}\fontsize{12}{5cm}\selectfont \textcolor{ao-purple}{Fork Sand, Inc.}}
\par
\renewcommand{\dateseparator}{}
\hfill\texttt{\yyyymmdddate\today} % Timestamp build date
\end{center}

@ -0,0 +1,28 @@
%
% forksand-it-manual-thumbnail.tex
% Create thumbnail images of PDF pages
%
% Fork Sand IT Manual
%
% Copyright (C) 2018, Fork Sand, Inc.
% Copyright (C) 2017, Jeff Moe
%
% Document template:
% Copyright (C) 2018, Fork Sand, Inc.
% Copyright (C) 2017, Jeff Moe
% Copyright (C) 2011, 2012, 2013, 2014, 2015, 2016, 2017 Aleph Objects, Inc.
% Copyright (C) 2009, 2010 Jeff Moe
%
% This document is licensed under the Creative Commons Attribution 4.0
% International Public License (CC BY-SA 4.0) by Fork Sand, Inc.
%
\documentclass[twoside]{minimal}
\usepackage[paperwidth=22.86cm, paperheight=30.48cm,dvips=false,pdftex=false,vtex=false]{geometry}
\usepackage[final]{pdfpages}
\usepackage{pdflscape}
\usepackage{thumbpdf}
\begin{document}
\includepdf[nup=2x4,pages={{},-},landscape]{forksand-it-manual.pdf}
\end{document}

@ -0,0 +1,21 @@
%
% forksand-it-manual.gst
% makindex glossary style file
%
% Fork Sand IT Manual
%
% Copyright (C) 2017, Jeff Moe
% Copyright (C) 2014, 2015, 2016, 2017 Aleph Objects, Inc.
%
% This document is licensed under the Creative Commons Attribution 4.0
% International Public License (CC BY-SA 4.0) by Jeff Moe.
%
preamble "\\begin{theglossary}"
postamble "\n\\end{theglossary}\n"
item_0 "\n\\glossitem"
delim_0 "{\\memglonum{"
encap_suffix "}}}"
headings_flag 0
heading_prefix "{"
heading_suffix "}"
keyword "\\glossaryentry"

@ -0,0 +1,15 @@
%
% forksand-it-manual.ist
% makindex index style file
%
% Fork Sand IT Manual
%
% Copyright (C) 2017, Jeff Moe
% Copyright (C) 2014, 2015, 2016, 2017 Aleph Objects, Inc.
%
% This document is licensed under the Creative Commons Attribution 4.0
% International Public License (CC BY-SA 4.0) by Jeff Moe.
%
heading_prefix "{\\normalsize \\bfseries\\hfil\\ "
heading_suffix " \\ \\hfil}\\nopagebreak\n"
headings_flag 1

@ -0,0 +1,365 @@
%
% forksand-it-manual.tex
% Main LaTeX document for formatting forksand-it-manual
%
% Fork Sand IT Manual
%
% Copyright (C) 2018, Fork Sand, Inc.
% Copyright (C) 2017, Jeff Moe
%
% Document template:
% Copyright (C) 2018, Fork Sand, Inc.
% Copyright (C) 2011, 2012, 2013, 2014, 2015, 2016, 2017 Aleph Objects, Inc.
% Copyright (C) 2009, 2010 Jeff Moe
%
% This document is licensed under the Creative Commons Attribution 4.0
% International Public License (CC BY-SA 4.0) by Fork Sand, Inc.
%
%%% XXX NOTE
%%% Glossaries and indices are broken:
%%% https://sharelatex.tenderapp.com/help/discussions/questions/19378-glossaries-indices-and-speed
%%% XXX NOTE
% LaTeX Docs:
% http://en.wikibooks.org/wiki/Category:LaTeX
% LaTeX Memoir Class
% Docs: /usr/share/doc/texlive-doc/latex/memoir/memman.pdf
\documentclass[twoside,10pt,openright,final,english]{memoir}
\usepackage{tikz}
\usetikzlibrary{shadows,shapes,arrows,chains,calc,decorations.pathmorphing,patterns,trees,positioning,automata,fit}
% This breaks things, but would be great to use
%\usepackage{tikz-qtree,tikz-qtree-compat}
\usepackage{rotating}
\usepackage{forest}
\usetikzlibrary{arrows,shapes}
\usetikzlibrary{positioning,calendar,er}
\usetikzlibrary{decorations.markings}
\usetikzlibrary{shapes.geometric}
% Source code highlighting
\usepackage{mdframed} % /usr/share/doc/texlive-doc/latex/mdframed/mdframed.pdf
\usepackage{minted} % /usr/share/doc/texlive-doc/latex/minted/minted.pdf
\setminted{autogobble, breaklines, breakanywhere, breakautoindent, funcnamehighlighting,style=manni,fontsize=\scriptsize}
% fontsize
\setmintedinline{breaklines, breakanywhere}
\surroundwithmdframed{minted}
\mdfsetup{roundcorner=10pt,
linewidth=3pt,
linecolor=ao-light-blue,
backgroundcolor=white,
leftmargin=1cm,rightmargin=1cm
}
\usepackage{smartdiagram}
\usesmartdiagramlibrary{additions}
\usepackage{comment} % /usr/share/doc/texlive-doc/latex/comment/comment.pdf
\usepackage{graphicx} % /usr/share/doc/texlive-doc/latex/graphics/graphicx.pdf
\usepackage{epstopdf} % /usr/share/doc/texlive-doc/latex/oberdiek/epstopdf.pdf
% http://www.tug.org/applications/hyperref/manual.html
% /usr/share/doc/texlive-doc/latex/hyperref/hyperref.pdf
\usepackage[colorlinks=true,linkcolor=ao-dark-orange,urlcolor=ao-dark-orange]{hyperref}
%\usepackage{url} % /usr/share/doc/texlive-doc/latex/url/url.pdf % Use hyperref.
\graphicspath{{./resources/}{./resources/images/}{./resources/drawings/}}
\makeindex
\makeglossary
\usepackage{color} % Docs: /usr/share/doc/texlive-latex-base-doc/latex/graphics/grfguide.pdf
%\usepackage[usenames,dvipsnames,svgnames,table]{xcolor}
%%% PREAMBLE FONTS %%%
% For XeTeX
% http://www.ctan.org/pkg/fontspec
% http://mirrors.ctan.org/macros/latex/contrib/fontspec/fontspec.pdf
\usepackage{fontspec}
\defaultfontfeatures{Ligatures=TeX} % To support LaTeX quoting style
\setmainfont{lmroman12-regular.otf}
\usepackage[normalem]{ulem} % underline
\usepackage{floatpag} % Full page figures without page numbers.
%%% END PREAMBLE FONTS %%%
%%% PAGE, STOCK, AND MARGIN SIZE %%%
% "Crown Quarto/Crown 4vo" at Lulu and Lightning Source
% 7.44 x 9.68" 18.90 x 24.58cm
%\setstocksize{24.58cm}{18.90cm} % { height }{ width }
% US Letter
% 8.50 x 11.00" 21.59 x 27.94cm
%\setstocksize{27.94cm}{21.59cm} % { height }{ width }
% A4
% 8.27 x 11.70" 21.00 x 29.70cm
%\setstocksize{29.70cm}{21.00cm} % { height }{ width }
% Lulu Largest Hardcover, 24-800 pages
% 8.25 x 10.75" 20.96 x 27.31cm
\setstocksize{27.31cm}{20.96cm} % { height }{ width }
\settrimmedsize{\stockheight}{\stockwidth}{*}
%\settypeblocksize{ height }{ width }{ ratio }
% "Crown Quarto/Crown 4vo" at Lulu and Lightning Source
%\settypeblocksize{19.0cm}{*}{*}
% US Letter
%\settypeblocksize{23.0cm}{*}{*}
% A4
%\settypeblocksize{24.0cm}{*}{*}
% Lulu Largest Hardcover, 24-800 pages
\settypeblocksize{22.0cm}{*}{*}
%\setlrmarginsandblock{ spine }{ edge }{ ratio }
% make the spine have more space than outer edge
% "Crown Quarto/Crown 4vo" at Lulu and Lightning Source
%\setlrmarginsandblock{*}{2.5cm}{1.2}
% US Letter
%\setlrmarginsandblock{*}{2.0cm}{1.4}
% A4
%\setlrmarginsandblock{*}{2.0cm}{1.4}
% Lulu Largest Hardcover, 24-800 pages
\setlrmarginsandblock{*}{2.0cm}{1.4}
% \setulmargins{ upper }{ lower }{ ratio }
\setulmargins{2.0cm}{*}{*}
% \setheadfoot{ headheight }{ footskip }
\setheadfoot{12pt}{2cm}
\checkandfixthelayout[fixed]
%%% END PAGE, STOCK, AND MARGIN SIZE %%%
\setcounter{secnumdepth}{3}
\setcounter{tocdepth}{3}
\setsecnumdepth{subsection}
\usepackage[english]{babel}
\usepackage{datetime} % Docs: /usr/share/doc/texlive-doc/latex/datetime/datetime.pdf
\usepackage{ucs}
%%% PDFLATEX %%%
\usepackage{etex}
%%% Not all features are used in XeTeX
\usepackage[protrusion,babel,final]{microtype}
%%% Conflicts with package fontspec
%\usepackage[utf8x]{inputenc}
% Docs: /usr/share/doc/texlive-humanities-doc/latex/ledmac/ledmac.pdf
%\usepackage{eledmac}
%\usepackage{jebba}
%%% forksand-it-manual PAGE STYLE %%%
\makepagestyle{aocstyle}
\pagestyle{aocstyle}
\makeevenhead{aocstyle}{}{\hspace{2em}\itshape\small\leftmark}{}
\makeoddhead{aocstyle}{}{\scshape\small\rightmark}{}
\makeevenfoot{aocstyle}{}{\hspace{2em}\thepage}{}
\makeoddfoot{aocstyle}{}{\thepage}{}
%%% END forksand-it-manual PAGE STYLE %%%
%%% forksand-it-manualSKI CHAPTER STYLE %%%
\makechapterstyle{aocski}{%
\renewcommand*{\printchaptername}{} % Clear out the chapter name (e.g. capítulo)
\renewcommand*{\printchapternum}{} % Clear out the chapter number
\renewcommand*{\chaptitlefont}{\fontspec{lmroman12-regular.otf}\fontsize{20pt}{3em}\selectfont} % Set chapter title font
\renewcommand*{\printchaptertitle}[1]{%
\hrule\vskip\onelineskip \centering \chaptitlefont{##1}\par}
% Set chapter title font
\renewcommand*{\afterchaptertitle}{\vskip\onelineskip \hrule\vskip
\afterchapskip}
}
%%% END forksand-it-manualSKI CHAPTER STYLE %%%
%%% FORMATTING... %%%
\midsloppy
\setlength{\emergencystretch}{3em}
\tolerance=5000
\hyphenpenalty=500
\setlength{\topskip}{1.6\topskip}
\checkandfixthelayout
\raggedbottom
\widowpenalty=10000
\clubpenalty=10000
%%% END FORMATTING... %%%
%%% FOOTNOTES %%%
% no horizontal rule before footnotes:
\let\oldfootnoterule\footnoterule
\renewcommand*{\footnoterule}{}
\setlength{\footmarkwidth}{3.5em}
%%% END FOOTNOTES %%%
%%% COLORS %%%
\definecolor{ao-purple}{cmyk}{0.50,0.60,0.00,0.43} % ???
%\definecolor{ao-purple}{cmyk}{0.85 0.90 0.00 0.05} % ???
\definecolor{ao-dark-blue}{cmyk}{0.83 0.24 0.00 0.12}
\definecolor{ao-light-blue}{cmyk}{0.41 0.15 0.00 0.09}
\definecolor{ao-light-orange}{cmyk}{0.00 0.40 0.88 0.03}
\definecolor{ao-dark-orange}{cmyk}{0.00 0.51 0.83 0.11}
\definecolor{ao-gold}{cmyk}{0.00 0.18 0.75 0.00}
\definecolor{ao-greyblack}{cmyk}{0.00 0.11 0.09 0.86}
\definecolor{ao-white}{cmyk}{0.00 0.00 0.00 0.00}
\definecolor{ao-black}{cmyk}{1.00 1.00 1.00 1.00}
\definecolor{lulzbot-green}{cmyk}{0.11 0.00 0.78 0.15}
%%% END COLORS %%%
%%% DEBUG %%%
%\showoutput
%\typeoutlayout
%\typeoutstandardlayout
%%% END DEBUG %%%
%%% END OF PREAMBLE %%%
\begin{document}
%%% BEGIN FRONT MATTER %%%
\frontmatter
% Set page numbers to lowercase roman numerals, and reset the count to 1 (no *)
\pagenumbering{roman}
%%% TITLE PAGE %%%
% We want the title to be on the right hand page.
% If we pad a page, it gives us two with openright
\include{Title}
%%% END TITLE PAGE
%%% COPYRIGHT PAGE %%%
\include{Copyright}
%%% END COPYRIGHT PAGE %%%
%%% TABLE OF CONTENTS %%%
{\fontspec{lmroman12-regular.otf}
\maxtocdepth{subsection}
\settocdepth{subsection}
%\setsecnumdepth{subsection}
% space between dots
\renewcommand{\cftchapterdotsep}{15}
% dot symbol (default is period)
\renewcommand{\cftdot}{\textperiodcentered} % centered period
% Set space between each entry in ToC
\setlength{\cftbeforechapterskip}{5pt}
\tableofcontents*}
%%% END TABLE OF CONTENTS %%%
%%% LIST OF FIGURES %%%
\renewcommand*{\lofheadstart}{\vspace{1cm}}
\clearpage
\listoffigures*
%%% END LIST OF FIGURES %%%
%%% LIST OF LISTINGS %%%
%\renewcommand*{\lofheadstart}{\vspace{1cm}}
%\clearpage
%\listoflistings
%%% END LIST OF LISTINGS %%%
%%% CHAPTER STYLE %%%
\chapterstyle{aocski} % defined in preamble
\def\topblockvspace{0.11}
%%% END CHAPTER STYLE %%%
%%% CHAPTER CONFIG %%%
\newcommand{\chapterheader}{Fork Sand IT Manual}
% See \chapterconf below for examples of how this is used.
% value 1 is file to include
% value 2 is title of chapter
% value 3 is sub title of chapter
\newcommand{\chapterconf}[3]{
\chapter{\emph{{#2}}\protect \\
{#3}}
\thispagestyle{empty}
\markboth{#2}{\chapterheader}
{\include{#1}}
}
%%% END CHAPTER CONFIG %%%
%%% FRONTMATTER CHAPTERS %%%
\fontspec{lmroman12-regular.otf}
% Format:
% \chapterconf{Name of file to include}{Title of Chapter}
\chapterconf{Introduction}{Introduction}{Fork Sand IT Manual}
%%% END FRONTMATTER CHAPTERS %%%
%%% END FRONTMATTER %%%
%%% BEGIN MAINMATTER %%%
\mainmatter*
% Set page numbering to arabic, but don't reset numbering (*)
\pagenumbering*{arabic}
%% MAINMATTER CHAPTERS %%%
% Default chapter font
\fontspec{lmroman12-regular.otf}
% Format:
% \chapterconf{Name of file to include}{Title of Chapter}{Subtitle}
% Comment out a line to not render that chapter
\chapterconf{Hardware}{Hardware}{Metal and Chips}
\chapterconf{Network}{Network}{Switch}
\chapterconf{Switches}{Network Switches}{Free Switches (none found)}
\chapterconf{Clouds}{Clouds}{Software as a Surveillance State}
\chapterconf{Distros}{Distributions}{Free Software Distributions}
\chapterconf{Software-daemons}{Server Software}{Server Software Daemons}
\chapterconf{Firewalls}{Firewalls}{Firewalls}
\chapterconf{ClusterHardware}{Cluster Hardware}{Machines}
\chapterconf{Firewall-opnsense}{OPNSense Firewall}{Use OPNSense}
\chapterconf{OpenNebula}{OpenNebula}{Virtual Machines}
\chapterconf{Ansible}{Ansible}{Cluster Administration}
\chapterconf{DNS}{Domain Name Service (DNS)}{Who Names You?}
\chapterconf{NTP}{Network Time Protocol}{A Hole in Time}
\chapterconf{Firmware}{Firmware}{Embedded Software}
%%% Appendix %%%
%\part{Appendix} % XXX
\appendix
\chapterconf{Source}{Free Software}{Free Software and Configurations}
%% END MAINMATTER CHAPTERS %%%
%%% END MAINMATTER %%%
%%% BEGIN BACKMATTER %%%
\backmatter
%%% INDEX %%%
\clearpage
\printindex
%%% END INDEX %%%
%%% GLOSSARY %%%
\renewcommand{\memgloterm}[1]{\textbf{#1}}
\renewcommand{\memglodesc}[1]{\textit{#1}}
\renewcommand{\memglonum}[1]{}
\clearpage
\printglossary
%%% END GLOSSARY %%%
%%% CONTACT %%%
\chapterconf{Contact}{Contact}{Phone, Email, Web, Location}
%%% END CONTACT %%%
%%% COLOPHON %%%
%%% skip a couple pages
\pagebreak{}
\thispagestyle{empty}
\begingroup
\vfill\null
\endgroup
\pagebreak{}
\thispagestyle{empty}
\fontspec{lmroman12-regular.otf}
{\include{Colophon}}
%%% END COLOPHON %%%
%%% END BACKMATTER %%%
\end{document}

@ -0,0 +1,135 @@
%
% jebba.sty
%
% Secure, Private, Libre, Open, and Free Commodity Computing
%
% Copyright (C) 2017, Jeff Moe
%
% This document is licensed under the Creative Commons Attribution 4.0
% International Public License (CC BY-SA 4.0) by Jeff Moe.
%
% XXX Since it is a LaTeX .sty file, put under LaTeX license too?
%
% Forked, relicensed by Jeff Moe 2017
% Based on:
% DND 5e LaTeX Style File
% MIT License
% Created by Evan Bergeron
% Modified by Christopher Liu December 2015
% Modified by Yannic Meyer Feb 2016
\ProvidesPackage{jebba}[2017/10/18 v0.0.1 Template for jebba]
%
% Prerequisite Packages
%
% Set a different geometry with \newgeometry
%\usepackage[
% bindingoffset=15pt, % .2in
% hmargin=50pt, % .7in
% top=40pt, % .55in
% bottom=50pt, % .7in
% footskip=30pt, % makes the footer text line up with the graphic
%]{geometry}
%\RequirePackage[table]{xcolor}
\RequirePackage{array}
\RequirePackage{tabularx}
\RequirePackage{tikz}
\RequirePackage{keycommand}
\RequirePackage[most]{tcolorbox} % used for some boxes
\RequirePackage{enumitem}
%\RequirePackage{microtype} % Improve ragged2e hyphenation and overfull boxes
\RequirePackage{ragged2e}
\RequirePackage{xparse}
% Load other modules of this package
% XXX Disable ones that break the build
\RequirePackage{lib/jebbacolors} % color definitions
\RequirePackage{lib/jebbafonts} % font definitions
\RequirePackage{lib/jebbacomment} % \commentbox definition
%\RequirePackage{lib/jebbaheader} % fancy headers and footers
\RequirePackage{lib/jebbamonster} % \monsterbox definition
\RequirePackage{lib/jebbapaperbox} % \paperbox definition
\RequirePackage{lib/jebbaquote} % \quotebox definition
%\RequirePackage{lib/jebbasections} % section styling
\RequirePackage{lib/jebbaspell} % \spell definition
\RequirePackage{lib/jebbastrings} % Load document strings
\RequirePackage{lib/jebbatable} % \jebbatable definition
%
% Options
%
% 'bg-letter-img','bg-letter-print' and 'bg-none' options
\newtoggle{bool-bg}
\newtoggle{bool-footer-scroll}
\DeclareOption{bg-none} {\togglefalse{bool-bg}\togglefalse{bool-footer-scroll}}
\DeclareOption{bg-print}{\togglefalse{bool-bg}\toggletrue{bool-footer-scroll}}
\DeclareOption{bg-full} {\toggletrue{bool-bg}\toggletrue{bool-footer-scroll}}
\DeclareOption{bg-a4}{\jebba@deprecate{bg-a4}{0.7}[Remove call to this package option.]}
\DeclareOption{bg-letter}{\jebba@deprecate{bg-letter}{0.7}[Remove call to this package option.]}
% Toggle justification (official books are flush left).
\newtoggle{justified}
\DeclareOption{justified}{\toggletrue{justified}}
% Default Settings
\ExecuteOptions{bg-full}
\ProcessOptions\relax
% Set paragraph and line spacing
\linespread{1.1}%
\setlength{\parindent}{1em}
\setlength{\RaggedRightRightskip}{0pt plus 1cm}
\setlength{\RaggedRightParindent}{\parindent}
\hyphenpenalty=1000 % Fewer hyphens
% Set left justification if not justified
\nottoggle{justified}{\RaggedRight}
%
% Style Parameters
%
% Disable space between paragraphs.
\setlength{\parskip}{0pt}
% Font environment
\newenvironment{lmss}{%
\jebba@deprecate{lmss}{0.7}
\fontfamily{lmss}\selectfont
}{}
% Columns setup
\setlength{\columnsep}{25pt} % .35in
% Customize itemize environment.
\setlist{leftmargin=1em}
\setitemize{noitemsep,topsep=0.5ex}
\renewcommand{\labelitemi}{\raisebox{0.25ex}{\tiny{\( \bullet \)}}}
% Fancy DnD 5e-style hline
\renewcommand{\hline}{
\noindent
\begin{tikzpicture}[]
\draw [rulered, fill=rulered] (0, 0) --(0,0.1) -- (\textwidth, 0.08);
\end{tikzpicture}
}
% Either hilariously, or infuriatingly, the \ifcommandkey
% implementation is buggy. Here is a re-implementation
% from tex.stackexchange.
\begingroup
\makeatletter
\catcode`\/=8 %
\@firstofone
{
\endgroup
\renewcommand{\ifcommandkey}[1]{%
\csname @\expandafter \expandafter \expandafter
\expandafter \expandafter \expandafter \expandafter
\kcmd@nbk \commandkey {#1}//{first}{second}//oftwo\endcsname
}
}

@ -0,0 +1,14 @@
% Copyright (C) 2017, Jeff Moe
%
% This document is licensed under the Creative Commons Attribution 4.0
% International Public License (CC BY-SA 4.0) by Jeff Moe.
%
% XXX Since it is a LaTeX .sty file, put under LaTeX license too?
%
% Forked, relicensed by Jeff Moe 2017
% Based on:
% DND 5e LaTeX Style File
% MIT License
% Created by Evan Bergeron
% Modified by Christopher Liu December 2015
% Modified by Yannic Meyer Feb 2016

@ -0,0 +1,40 @@
To add captions for a new language, say French:
1. Copy the template below into jebbastrings-captions.sty
2. Substitute the <language> token with the
language name:
% French captions
\addto\captionsfrench{%
...
3. Fill out the ... fields with the appropriate
translations, without quotes:
...
\def\armorclassname{Translation here}%
\def\hitpointsname{Sorry}%
\def\speedname{I do not actually know French}%
...
vv ------ TEMPLATE ------ vv
\addto\captions<language>{%
\def\armorclassname{...}%
\def\hitpointsname{...}%
\def\speedname{...}%
\def\strstatname{...}%
\def\dexstatname{...}%
\def\constatname{...}%
\def\intstatname{...}%
\def\wisstatname{...}%
\def\chastatname{...}%
\def\skillsname{...}%
\def\dimmname{...}%
\def\dvulname{...}%
\def\dresname{...}%
\def\cimmname{...}%
\def\savesname{...}%
\def\sensesname{...}%
\def\languagesname{...}%
\def\challengename{...}%
}

@ -0,0 +1,52 @@
% Define colors, sampled from the books.
\RequirePackage{color}
% Page
\definecolor{bgtan}{HTML}{F7F2E5} % background and quotebox
\definecolor{pagegold}{HTML}{B89A67} % pagenumbers and footer
% Type
\definecolor{titlered}{HTML}{58180D} % titles
\definecolor{titlegold}{HTML}{C9AD6A} % titlerules
\definecolor{rulered}{HTML}{9C2B1B} % triangular rule in statsblock
% Trim (affects tables and paperboxes)
\definecolor{PhbLightGreen}{HTML}{E0E5C1} % PHB Part 1
\definecolor{PhbLightCyan}{HTML}{B5CEB8} % PHB Part 2
\definecolor{PhbMauve}{HTML}{DCCCC5} % PHB Part 3
\definecolor{PhbTan}{HTML}{E5D5AC} % PHB appendix
\definecolor{DmgLavender}{HTML}{E3CED3} % DMG Part 1
\definecolor{DmgCoral}{HTML}{F3D7C1} % DMG Part 2
\definecolor{DmgSlateGray}{HTML}{DBE4E4} % DMG Part 3
\definecolor{DmgLilac}{HTML}{D7D4D6} % DMG appendix
% Trim aliases
\colorlet{DmgSlateGrey}{DmgSlateGray}
% The color used in \setthemecolor when a new color is not set
\colorlet{themecolor}{PhbLightGreen} % Set the default theme to Part 1 of the PHB.
% Element colors that change when \setthemecolor is used
\colorlet{commentboxcolor}{themecolor} % commentbox background
\colorlet{paperboxcolor}{themecolor} % paperbox background
\colorlet{tablecolor}{themecolor} % table even row background
% Element colors that do not respond to \setthemecolor
\colorlet{quoteboxcolor}{bgtan} % quotebox background
\definecolor{statblockribbon}{HTML}{E69A28} % stat block top/bottom borders (gold)
\definecolor{statblockbg}{HTML}{FDF1DC} % stat block background (tan)
% Sets the themecolor and colors for all themed elements
% If called without the optional color, resets the color of all themed elements to the current themecolor
\newcommand{\setthemecolor}[1][themecolor]{%
\colorlet{themecolor}{#1}
\colorlet{commentboxcolor}{#1}
\colorlet{paperboxcolor}{#1}
\colorlet{tablecolor}{#1}
}
% Backwards-compatible aliases and colours
\colorlet{commentgreen}{PhbLightGreen}
\colorlet{itemtablepink}{DmgCoral}
\colorlet{monstertan}{statblockbg}
\definecolor{monstertandark}{HTML}{F0DBB5}

@ -0,0 +1,22 @@
%Usage \begin{commentbox}[options]{title}[color]
\DeclareTColorBox{commentbox}{O{} m O{commentboxcolor}}{%
before upper={\nottoggle{justified}{\RaggedRight}},
frame hidden,
boxrule=0pt,
breakable,
enhanced,
before skip=8pt plus 1pt,
toptitle=3mm,
boxsep=0.25ex,
left=8pt,
right=8pt,
arc=0mm,
fonttitle=\jebba@BoxTitleFont\color{black},
fontupper=\jebba@BoxBodyFont,
title={#2},
parbox=false,
colback={#3},
colbacktitle={#3},
after={\vspace{5pt plus 1pt}\noindent},
#1
}

@ -0,0 +1,19 @@
\RequirePackage{bookman}
\RequirePackage[T1]{fontenc}
\renewcommand{\sfdefault}{lmss}
\newcommand{\jebba@TitleFont}{\normalfont\scshape}
\newcommand{\jebba@TableTitleFont}{\fontfamily{fosj}\selectfont\bfseries\scshape}
\newcommand{\jebba@TableBodyFont}{\sffamily}
\newcommand{\jebba@BoxTitleFont}{\fontfamily{fosj}\selectfont\bfseries\scshape}
\newcommand{\jebba@BoxBodyFont}{\sffamily}
\newcommand{\jebba@StatBlockTitleFont}{\normalfont\bfseries\scshape}
\newcommand{\jebba@StatBlockSubtitleFont}{\fontfamily{fosj}\selectfont\scshape}
\newcommand{\jebba@StatBlockBodyFont}{\sffamily}
\newcommand{\jebba@FooterFont}{\normalfont\scshape}
\newcommand{\jebba@PageNumberFont}{\normalfont}

@ -0,0 +1,58 @@
\RequirePackage{fancyhdr} % Adaptation of the footers
% Setup for custom footer
\pagestyle{fancy}
\newlength{\nobgfooterheight}
\setlength{\nobgfooterheight}{\paperheight}
\addtolength{\nobgfooterheight}{-1in}
\addtolength{\nobgfooterheight}{-\topmargin}
\addtolength{\nobgfooterheight}{-\headheight}
\addtolength{\nobgfooterheight}{-\headsep}
\addtolength{\nobgfooterheight}{-\textheight}
\addtolength{\nobgfooterheight}{-\footskip}
\renewcommand{\headrulewidth}{0.0pt} %no rule for header
\renewcommand{\footrulewidth}{0.0pt} %no rule for footer
\fancyhf{} % clear all headers and footers
\fancyhead{
\iftoggle{bool-bg}{
\begin{tikzpicture}[remember picture,overlay]
\node[inner sep=0pt] at (current page.center) {\includegraphics[width=\paperwidth,height=\paperheight]{img/paper}};
\end{tikzpicture}
}{}
}
\fancyfoot[LE]{
\iftoggle{bool-footer-scroll}{
\begin{tikzpicture}[remember picture,overlay]
\node[xscale=-1,inner sep=0pt,anchor=south,nearly opaque] at (current page.south) {\includegraphics[width=\paperwidth,height=43pt]{img/footerscroll}};
\node[xshift=20pt,yshift=30pt] at (current page.south west) {\jebba@PageNumberFont\textcolor{pagegold}{\thepage}};
\node[anchor=south west,xshift=\marginparwidth+\marginparpush,yshift=27pt] at (current page.south west) {\jebba@FooterFont{\textcolor{pagegold}{\nouppercase\leftmark}}};
\end{tikzpicture}
}{
\begin{tikzpicture}[remember picture,overlay]
\node[anchor=south west,xshift=\marginparwidth-\marginparpush,yshift=\nobgfooterheight+2pt] at (current page.south west) {\jebba@PageNumberFont{\thepage}};
\node[anchor=south west,xshift=\marginparwidth+\marginparpush,yshift=\nobgfooterheight] at (current page.south west) {\leftmark};
\end{tikzpicture}
}
}
\fancyfoot[RO]{
\iftoggle{bool-footer-scroll}{
\begin{tikzpicture}[remember picture,overlay]
\node[inner sep=0pt,anchor=south,nearly opaque] at (current page.south) {\includegraphics[width=\paperwidth,height=43pt]{img/footerscroll}};
\node[xshift=-20pt,yshift=30pt] at (current page.south east) {\jebba@PageNumberFont\textcolor{pagegold}{\thepage}};
\node[anchor=south east,xshift=-\marginparwidth-\marginparpush,yshift=27pt] at (current page.south east) {\jebba@FooterFont{\textcolor{pagegold}{\nouppercase\leftmark}}};
\end{tikzpicture}
}{
\begin{tikzpicture}[remember picture,overlay]
\node[anchor=south east,xshift=-\marginparwidth+2\marginparpush,yshift=\nobgfooterheight+2pt] at (current page.south east) {\jebba@PageNumberFont{\thepage}};
\node[anchor=south east,xshift=-\marginparwidth,yshift=\nobgfooterheight] at (current page.south east) {\leftmark};
\end{tikzpicture}
}
}
\fancypagestyle{plain}{}

@ -0,0 +1,154 @@
% Monster environment sty file
\RequirePackage{fp}
\RequirePackage{xstring}
% Macro to print stats with autocomputed modifier
% e.g. \stat{12} prints "12 (+1)"
\newcommand{\stat}[1]{%
\FPeval{\mod}{(#1 - 10)/2}%
\FPifpos\mod%
\FPeval{\mod}{clip(trunc(mod,0))}#1\ (+\mod)%
\else%
\FPeval{\mod}{clip(abs(trunc(mod-0.5,0)))}#1\ (\(-\)\mod)%
\fi%
}
% Macro to print avarage dice based value
% e.g. \dice{2d6+3} prints "10 (2d6 + 3)"
\newcommand{\dice}[1]{%
\StrSubstitute{#1}{ }{}[\DiceArg]% strip whitespaces
\StrCut{\DiceArg}{d}\DiceNum\DiceSides% split string
\StrCut{\DiceSides}{+}\DiceSides\DiceAddMod%
\StrCut{\DiceSides}{-}\DiceSides\DiceSubMod%
\FPeval{\DiceAvg}{(\DiceSides+1)/2*\DiceNum}% calculate avg roll
\IfInteger{\DiceAddMod}{%
\FPadd{\DiceAvg}{\DiceAvg}{\DiceAddMod}% add value
\def\DiceMod{ + \DiceAddMod}%
}{%
\IfInteger{\DiceSubMod}{%
\FPsub{\DiceAvg}{\DiceAvg}{\DiceSubMod}% subtract value
\def\DiceMod{ \(-\) \DiceSubMod}%
}{%
\def\DiceMod{}%
}%
}%
\FPtrunc{\DiceAvg}{\DiceAvg}{0}% round down
\FPprint{\DiceAvg\ (\DiceNum d\DiceSides\DiceMod)}
}
% Monster box made to look like the Monster Manual NPC definitions
\newtcolorbox{monsterboxnobg}[2][]{
enhanced,
frame hidden,
before skip=7pt plus2pt,
boxrule=0pt,
breakable,
boxsep=0.25ex,
toptitle=3mm,
left=2.5mm,
right=2.15mm,
arc=0mm,
opacityback=0,
colframe=titlered,
fonttitle=\jebba@StatBlockTitleFont\color{titlered}\Large,
fontupper=\jebba@StatBlockBodyFont,
title=#2,
after={\vspace{7pt plus 1pt}\noindent},
#1
}
% new Monsterbox
\newtcolorbox{monsterbox}[2][]{
enhanced,
frame hidden,
before skip=7pt plus2pt,
boxrule=0pt,
breakable,
boxsep=0.25ex,
toptitle=3mm,
left=2.5mm,
right=2.15mm,
arc=0mm,
borderline north={4pt}{0pt}{titlered},
borderline north={2.5pt}{0.75pt}{statblockribbon},
borderline south={4pt}{0pt}{titlered},
borderline south={2.5pt}{0.75pt}{statblockribbon},
colback=statblockbg,
colbacktitle=statblockbg,
colframe=titlered,
fonttitle=\jebba@StatBlockTitleFont\color{titlered}\Large,
fontupper=\jebba@StatBlockBodyFont,
title=#2,
after={\vspace{7pt plus 1pt}\noindent},
#1
}
% Define Monster subsection header style
%\newcommand{\monstersection}[1]{\subsubsection*{#1}}
\newcommand{\monstersection}[1]{
{\par
\color{titlered}\jebba@StatBlockSubtitleFont\large #1 \vspace{3pt}
\titleline{\color{titlered}\titlerule[0.6pt]}
\par\medskip}
}
\newenvironment{monsteraction}[1][\unskip]{\emph{\textbf{#1.}}}{\vspace{0.5em}}
%
% Macros for use within the monster environment
%
\newkeycommand\basics[armorclass=0, hitpoints=0, speed=0]{%
\color{titlered}
\textbf{\armorclassname} \commandkey{armorclass}\\
\textbf{\hitpointsname} \commandkey{hitpoints}\\
\textbf{\speedname} \commandkey{speed}\\
}
% Taubular enviornment for stats-block
\newkeycommand\stats[STR=\stat{10},
DEX=\stat{10},
CON=\stat{10},
INT=\stat{10},
WIS=\stat{10},
CHA=\stat{10}]{
{\footnotesize
\hspace*{-3.5pt}
\resizebox{0.97\linewidth}{\height}{
\begin{tabular}{cccccc}
\rule{0pt}{3.7mm} %adds space between hline and table
\textbf{\strstatname} & \textbf{\dexstatname} & \textbf{\constatname} & \textbf{\intstatname} & \textbf{\wisstatname} & \textbf{\chastatname}\\
\commandkey{STR} & \commandkey{DEX} & \commandkey{CON} & \commandkey{INT} & \commandkey{WIS} & \commandkey{CHA}
\end{tabular}
}
\\[0.4em] %adds space after table
}
}
\newkeycommand\details[skills=,
damageimmunities=,
savingthrows=,
conditionimmunities=,
damageresistances=,
damagevulnerabilities=,
senses=---,
languages=---,
challenge=0]{%
\ifcommandkey{savingthrows}
{\textbf{\savesname} \commandkey{savingthrows}\\}{}
\ifcommandkey{skills}
{\textbf{\skillsname} \commandkey{skills}\\}{}
\ifcommandkey{damagevulnerabilities}
{\textbf{\dvulname} \commandkey{damagevulnerabilities}\\}{}
\ifcommandkey{damageresistances}
{\textbf{\dresname} \commandkey{damageresistances}\\}{}
\ifcommandkey{damageimmunities}
{\textbf{\dimmname} \commandkey{damageimmunities}\\}{}
\ifcommandkey{conditionimmunities}
{\textbf{\cimmname} \commandkey{conditionimmunities}\\}{}
% These traits appear to always be present.
{\textbf{\sensesname} \commandkey{senses}\\}
{\textbf{\languagesname} \commandkey{languages}\\}
{\textbf{\challengename} \commandkey{challenge}\\}
\color{black}
}

@ -0,0 +1,30 @@
%Usage \begin{paperbox}[options]{title}[color]
\DeclareTColorBox{paperbox}{O{} m O{paperboxcolor}}{%
before upper={\nottoggle{justified}{\RaggedRight}},
frame hidden,
boxrule=0pt,
enhanced,
before skip=11pt plus 1pt,
toptitle=3mm,
boxsep=0.25ex,
left=8pt,
right=8pt,
fonttitle=\jebba@BoxTitleFont\color{black},
fontupper=\jebba@BoxBodyFont,
title={#2},
arc=0mm,
parbox=false,
borderline north={1pt}{-0.5pt}{black},
borderline south={1pt}{-0.5pt}{black},
colback={#3},
colbacktitle={#3},
fuzzy shadow={0mm}{-3.5pt}{-0.5pt}{0.4mm}{black!60!white},
overlay={%
\fill[black] (frame.south west) -- ++ (7pt,0) -- ++ (0,-5pt) -- cycle;
\fill[black] (frame.north west) -- ++ (7pt,0) -- ++ (0,5pt) -- cycle;
\fill[black] (frame.north east) -- ++ (-7pt,0) -- ++ (0,5pt) -- cycle;
\fill[black] (frame.south east) -- ++ (-7pt,0) -- ++ (0,-5pt) -- cycle;
},
after={\vspace{10pt plus 1pt}\noindent},
#1
}

@ -0,0 +1,25 @@
%Usage \begin{quotebox}[options][color]
\DeclareTColorBox{quotebox}{O{} O{quoteboxcolor}}{%
before upper={\nottoggle{justified}{\RaggedRight}},
code={\linespread{1.25}},
enhanced jigsaw,
frame hidden,
boxrule=0pt,
breakable,
enhanced,
before skip=10pt plus 1pt,
boxsep=0.25ex,
left=8pt,
right=8pt,
colback={#2},
arc=0mm,
parbox=false,
borderline west={1pt}{-0.5pt}{titlered},
borderline east={1pt}{-0.5pt}{titlered},
fontupper=\jebba@BoxBodyFont,
overlay={%
\foreach\n in {north east,north west,south east,south west}
{\draw[titlered, fill=titlered] (frame.\n) circle (2pt); }; },
after={\vspace{7.5pt plus 1pt}\noindent},
#1
}

@ -0,0 +1,45 @@
%\RequirePackage[titles]{tocloft}
%\RequirePackage[toc]{multitoc}
%\RequirePackage{titlesec} % Used to adjust (sub)section formatting
%Remove Numbering (If you want Numbering set secnumdepth to the appropriate depth)
\setcounter{secnumdepth}{-1}
% Chapter
\titleformat{\chapter}
{\color{titlered}\jebba@TitleFont\Huge}{\thechapter\quad}{0pt}{}
\titlespacing*{\chapter}{0pt}{0pt}{20pt}
\renewcommand\cftchapfont{\color{titlered}\jebba@TitleFont\bfseries}
% Section
\titleformat{\section}
{\color{titlered}\jebba@TitleFont\LARGE}{\thesection\quad}{0pt}{}
% Subsection
\titleformat{\subsection}
{\color{titlered}\jebba@TitleFont\Large}{\thesubsection\quad}{0pt}{}
[\titleline{\color{titlegold}\titlerule[1pt]}]
% Subsubsection
\titleformat{\subsubsection}
{\color{titlered}\jebba@TitleFont\large}{\thesubsubsection\quad}{0pt}{}[]
% Paragraph
\titleformat{\paragraph}[runin]
{\normalfont\normalsize\bfseries\slshape}{\theparagraph\quad}{0pt}{}[.]
\titlespacing*{\paragraph}
{0pt}{\parskip}{\wordsep}
% Subparagraph
\titleformat{\subparagraph}[runin]
{\normalfont\normalsize\bfseries\slshape}{\thesubparagraph\quad}{0pt}{}[.]
\titlespacing*{\subparagraph}
{\parindent}{\parskip}{\wordsep}
% Special command for magic items, traps, and the like.
\newcommand{\subtitlesection}[2]{
\subsubsection{#1}\vspace{-1ex}
\textit{#2}\vspace{1ex}\par
}

@ -0,0 +1,15 @@
\newcommand{\spellheader}[6]{
\subtitlesection{#1}{#2}
\vspace{-1ex} % subtitlesection artefact; topsep also changes bottom spacing.
\begin{description}[font=\normalfont\textbf,noitemsep,topsep=1ex,leftmargin=1em]
\item[Casting Time:] #3
\item[Range:] #4
\item[Components:] #5
\item[Duration:] #6
\end{description}
}
\newenvironment{spell}[6]
{\spellheader{#1}{#2}{#3}{#4}{#5}{#6}}
% Environment encloses description.
{\vspace{\baselineskip}}

@ -0,0 +1,26 @@
% Italian captions
\addto\captionsitalian{%
\def\armorclassname{Classe Armatura}
\def\hitpointsname{Punti Ferita}
\def\speedname{Velocit\`a}
\def\strstatname{FOR}
\def\dexstatname{DES}
\def\constatname{COS}
\def\intstatname{INT}
\def\wisstatname{SAG}
\def\chastatname{CAR}
\def\skillsname{Abilit\`a}
\def\dimmname{Immunità Danni}
\def\dvulname{Debolezze Danni}
\def\dresname{Resistenze Danni}
\def\cimmname{Immunit\`a Condizioni}
\def\savesname{Tiri Salvezza}
\def\sensesname{Sensi}
\def\languagesname{Linguaggi}
\def\challengename{Sfida}
}
% To add captions for other languages, copy and paste the template in
% captions-template.txt in this file, then fill out all the fields with your
% translations.

@ -0,0 +1,32 @@
% Define all strings as new macros instead of hardcoding them in the
% TeX files. This then allows us to add captions for multilanguage support.
\newcommand\armorclassname{Armor Class}
\newcommand\hitpointsname{Hit Points}
\newcommand\speedname{Speed}
\newcommand\strstatname{STR}
\newcommand\dexstatname{DEX}
\newcommand\constatname{CON}
\newcommand\intstatname{INT}
\newcommand\wisstatname{WIS}
\newcommand\chastatname{CHA}
\newcommand\skillsname{Skills}
\newcommand\dimmname{Damage Immunities}
\newcommand\dvulname{Damage Vulnerabilities}
\newcommand\dresname{Damage Resistances}
\newcommand\cimmname{Condition Immunities}
\newcommand\savesname{Saving Throws}
\newcommand\sensesname{Senses}
\newcommand\languagesname{Languages}
\newcommand\challengename{Challenge}
% Check if either babel or polyglossia have been loaded,
% in which case load the string captions
\@ifpackageloaded{babel}{
\usepackage{lib/jebbastrings-captions}
}{}
\@ifpackageloaded{polyglossia}{
\usepackage{lib/jebbastrings-captions}
}{}

@ -0,0 +1,35 @@
% Table Header
\newcommand{\header}[1]{{
\par\vspace*{8pt}
\noindent
\jebba@TableTitleFont
#1}}
% Centered Column
\newcolumntype{Y}{>{\centering\arraybackslash}X}
% Table Environment
\NewDocumentEnvironment{jebbatable}{O{XX} O{tablecolor}}{%
\par\vspace*{8pt}
\noindent
\jebba@TableBodyFont
\rowcolors{1}{}{#2}
\tabularx{\linewidth}{#1}
}{%
\endtabularx
\vspace{8pt plus 1pt}
\noindent
}
\newenvironment{jebbaitemtable}[1][XX]{%
\jebba@deprecate{jebbaitemtable}{0.7}[Set tablecolor and use jebbatable instead.]
\par\vspace*{8pt}
\noindent
\jebba@TableBodyFont
\rowcolors{1}{}{DmgCoral}
\tabularx{\linewidth}{#1}
}{%
\endtabularx
\vspace{8pt plus 1pt}
\noindent
}

Binary file not shown.

@ -0,0 +1,22 @@
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 ./SHA256SUM
b1861503f0a41f1f2bef8fbfba32501d871ef4c5fd073c3b9272c71a7b1e7ea5 ./STATS
825577f3fd900576c119d0a6191de16bf2d55fb84e6749921710b293e5fd1889 ./apps/iptables/etc/iptables
4b50c760daa85619a74f1c635b26807fcc7f8bedb90bd22893de8c98f3d78ff1 ./apps/iptables/etc/iptables.test.rules
03e673de76f6aece8473a8441b0c921368f675ea234b62fa58708427a1b69346 ./apps/oca/etc/init.d/openerp-server
a149aa2a11f17a20eda8f32e2ef5b34e403b772d53f1dcd2a62bd44b166c2122 ./apps/oca/lib/systemd/system/odoo-server.service
72d2cb138dfae349f5029b27dae74d13745061233fcebb79ef3d38eb4836183a ./apps/oca/oca11-addons
3d793228bd669725954044abb7901b38d6aa2fc397ee2d9fd65e46973a6e4365 ./apps/oca/oca-install.sh
36b8bf27d09d3f67387f1febc34212a137341d18d25da3e47767fe8e8a56054f ./apps/oca/oca-manual-modules
3d742d5b59b2a2d7e3c500be929d001bc3685b3a755ec8e913e82a90c87d58ec ./apps/oca/odoo9-modules
eec3af072498c00dd207f85d05de93ae81b4a0a6f4d31aa6b1dfb31af84eb07f ./apps/odoo/odoo11-deb-install.sh
8e0ee0af15f20e6a5120f9bca4b073532002f8d309dc365c64734b111c03ae4e ./apps/ssh/socks-chain.sh
646c3cdef108cf891d9d5279971f3da8a708d78b9cb18da832043ba3048cfacf ./apps/ssh/socks-proxy.sh
b318da9ebbe0bc3b5b80efda6c8594b2017736d8e32d3ff74aaefb727cf1fb0e ./apps/sunstone/etc/one/sunstone-logos.yaml
34f5df58f4f6fce5985378c946c8b9718567a1454f171e2629b33e37ce0ca87f ./apps/sunstone/etc/one/sunstone-views.yaml
1802daa96fe2a7373059b86ae166f008591aad4304eb8176e1c20f56e61e7df8 ./apps/yadifa-master/etc/yadifa/yadifad.conf
e2c4028695f3ac6b6ed8afb963a7821589b94ed81a2d068d7480b809d402c830 ./apps/yadifa-master/var/lib/yadifa/masters/solipsists.org.zone
705f36a12aee30e8510e5d06f1d3dd471a82aa518e00648a83f8f9d1146b8186 ./apps/yadifa-slave/etc/yadifa/yadifad.conf
1966009066a265b65574003bc5f338ee4c2595c010ece34e9e428c526b974fd5 ./apps/yadifa/var/lib/yadifa/masters/0.0.127.in-addr.arpa.zone
93847412dc586aa627b7c8d9c7f9f08223d62bd7297bb02058b57aaa4e92e220 ./apps/yadifa/var/lib/yadifa/masters/localhost.zone
29a180a3849349df01041152a06c3af2b9c1fc13b2d4da07fa1196ff6aff9de9 ./make-sources-list.sh
28dff76725cfbe3e4dcf70120f0393422507443fa5b6a62e1814bd44fb62161e ./txt2qrpng.sh

@ -0,0 +1,2 @@
There are 22 source code files included.
There are 22 unique files.

Binary file not shown.

After

Width:  |  Height:  |  Size: 479 B

Binary file not shown.

After

Width:  |  Height:  |  Size: 2.4 KiB

@ -0,0 +1,3 @@
#!/bin/bash
# iptables
/sbin/iptables-restore < /etc/iptables.up.rules

@ -0,0 +1,23 @@
# iptables.test.rules
*filter
# Allows all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0
-A INPUT -i lo -j ACCEPT
# Accepts all established inbound connections
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Allows all outbound traffic
# You could modify this to only allow certain traffic
-A OUTPUT -j ACCEPT
# DNS
-A INPUT -p tcp --dport 53 -j ACCEPT
-A INPUT -p udp --dport 53 -j ACCEPT
# SSH Access Port
-A INPUT -p tcp --dport 22 -j ACCEPT
-A INPUT -p tcp --dport 49824 -j ACCEPT
# Allow ping
#-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
# log iptables denied calls (access via 'dmesg' command)
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
# Reject all other inbound - default deny unless explicitly allowed policy:
-A INPUT -j REJECT
-A FORWARD -j REJECT
COMMIT

@ -0,0 +1,85 @@
#!/bin/sh
### BEGIN INIT INFO
# Provides: odoo-server
# Required-Start: $remote_fs $syslog
# Required-Stop: $remote_fs $syslog
# Should-Start: $network
# Should-Stop: $network
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Odoo ERP
# Description: Odoo is a complete ERP business solution.
### END INIT INFO
PATH=/bin:/sbin:/usr/bin
# Change the Odoo source files location according your needs.
DAEMON=/opt/odoo/openerp-server
# Use the name convention of your choice
NAME=odoo-server
DESC=odoo-server
# Specify the user name (Default: odoo).
USER=odoo
# Specify an alternate config file (Default: /etc/odoo-server.conf).
CONFIGFILE="/etc/odoo-server.conf"
# pidfile
PIDFILE=/var/run/$NAME.pid
# Additional options that are passed to the Daemon.
DAEMON_OPTS="-c $CONFIGFILE"
[ -x $DAEMON ] || exit 0
[ -f $CONFIGFILE ] || exit 0
checkpid() {
[ -f $PIDFILE ] || return 1
pid=`cat $PIDFILE`
[ -d /proc/$pid ] && return 0
return 1
}
case "${1}" in
start)
echo -n "Starting ${DESC}: "
start-stop-daemon --start --quiet --pidfile ${PIDFILE} \
--chuid ${USER} --background --make-pidfile \
--exec ${DAEMON} -- ${DAEMON_OPTS}
echo "${NAME}."
;;
stop)
echo -n "Stopping ${DESC}: "
start-stop-daemon --stop --quiet --pidfile ${PIDFILE} \
--oknodo
echo "${NAME}."
;;
restart|force-reload)
echo -n "Restarting ${DESC}: "
start-stop-daemon --stop --quiet --pidfile ${PIDFILE} \
--oknodo
sleep 1
start-stop-daemon --start --quiet --pidfile ${PIDFILE} \
--chuid ${USER} --background --make-pidfile \
--exec ${DAEMON} -- ${DAEMON_OPTS}
echo "${NAME}."
;;
*)
N=/etc/init.d/${NAME}
echo "Usage: ${NAME} {start|stop|restart|force-reload}" >&2
exit 1
;;
esac
exit 0

@ -0,0 +1,17 @@
[Unit]
Description=Odoo Open Source ERP and CRM
Requires=postgresql.service
After=network.target postgresql.service
[Service]
Type=simple
PermissionsStartOnly=true
SyslogIdentifier=odoo-server
User=odoo
Group=odoo
ExecStart=/opt/odoo/odoo-bin --config=/etc/odoo-server.conf --addons-path=/opt/odoo/addons/
WorkingDirectory=/opt/odoo/
StandardOutput=journal+console
[Install]
WantedBy=multi-user.target

@ -0,0 +1,199 @@
#!/bin/bash
# oca-install.sh
# GPLv3+
# OCB 11 worked, no OCA modules.
# Is OCB best git repo to use as base ??? XXX
#
set -x
apt-get install \
postgresql-all
# XXX set up postgres config.
sudo su - postgres -c "createuser -s oca"
sudo -u postgres psql -c "CREATE USER oca WITH password 'XXX';"
sudo -u postgres psql -c "ALTER USER oca CREATEDB;"
sudo -u postgres createuser odoo -U postgres -dRSP
#sudo adduser --system --home=/opt/oca --group oca
sudo adduser --system --home=/opt/odoo --group odoo
sudo mkdir /var/log/oca
sudo mkdir /var/log/odoo
# uh, add to /root/.bashrc XXX
#export PYTHONPATH=/opt/odoo
# XXX Oh boy
root@ns32:/opt/odoo# pip install -e .
# if you install gis module
sudo apt-get install postgis
sudo git clone https://www.github.com/odoo/odoo --depth 1 --branch 9.0 --single-branch /opt/odoo
#sudo git clone https://www.github.com/odoo/odoo --depth 1 --branch 10.0 --single-branch /opt/odoo
sudo chown -R odoo: /opt/odoo/
sudo chown odoo:root /var/log/odoo
sudo chown odoo: /etc/odoo-server.conf
sudo chmod 640 /etc/odoo-server.conf
# 9, get openerp-server for /etc/init.d/
# 10+
sudo systemctl start odoo-server
sudo systemctl status odoo-server
apt-get install \
python-pip \
libxml2-dev python-libxml2 \
libxslt1-dev \
cython \
libldap2-dev \
zlib1g-dev \
libgsasl7-dev libsasl2-dev \
libevent-dev \
python-babel python-decorator python-docutils python-feedparser python-gevent python-greenlet python-html2text python-jinja2 python-lxml python-mako python-markupsafe python-mock python-ofxparse python-passlib python-pil python-psutil python-psycopg2 python-pydot python-pyldap python-pyparsing python-pypdf2 python-serial python-dateutil python-arrow python-usb python-yaml python-qrcode python-reportlab python-requests python-six python-suds python-vatnumber python-vobject python-werkzeug python-xlsxwriter python-xlwt python-xlrd wkhtmltopdf python-pdfkit
# Build deps when building from source/git:
# XXX installs everything that matches node-*, because I'm not sure what all is needed
# These are python3 versions:
apt-get install \
python3-pip \
libxml2-dev python3-libxml2 \
libxslt1-dev \
cython3 \
libldap2-dev \
python3-pyldap python3-ldap3 \
zlib1g-dev \
libgsasl7-dev libsasl2-dev \
libevent-dev \
python3-babel python3-decorator python3-docutils python3-feedparser python3-gevent python3-greenlet python3-html2text python3-jinja2 python3-lxml python3-mako python3-markupsafe python3-mock python3-ofxparse python3-passlib python3-pil python3-psutil python3-psycopg2 python3-pydot python3-pyldap python3-pyparsing python3-pypdf2 python3-serial python3-dateutil python3-arrow python3-usb python3-yaml python3-qrcode python3-reportlab python3-requests python3-six python3-suds python3-vatnumber python3-vobject python3-werkzeug python3-xlsxwriter python-xlwt python3-xlrd wkhtmltopdf python3-pdfkit
# `apt-cache search node | grep ^node- |cut -f 1 -d " "` \
# nodeenv nodejs nodejs-dev nodejs-legacy \
# node-read-package-json node-normalize-package-data
# nodejs nodejs-legacy \
# Per: https://www.linode.com/docs/websites/cms/install-odoo-10-on-ubuntu-16-04 adapted for Debian
apt-get install git python-pip postgresql postgresql-server-dev-all python-all-dev python-dev python-setuptools libxml2-dev libxslt1-dev libevent-dev libsasl2-dev libldap2-dev pkg-config libtiff5-dev libjpeg-dev zlib1g-dev libfreetype6-dev liblcms2-dev liblcms2-utils libwebp-dev tcl8.6-dev tk8.6-dev python-tk libyaml-dev fontconfig
apt-get clean
# XXX fails with some mercurial thing or similar, idk
# maybe just for 11+ ?
sudo pip3 install -r /opt/odoo/doc/requirements.txt
sudo pip3 install -r /opt/odoo/requirements.txt
# For 2.7 versions
sudo pip install -r /opt/odoo/doc/requirements.txt
sudo pip install -r /opt/odoo/requirements.txt
# Install npm, not in Debian
# XXX Doesn't work, known bug:
# https://github.com/npm/npm/issues/18524
#curl -L https://npmjs.org/install.sh | sh
# curl -sL https://deb.nodesource.com/setup_4.x | sudo -E bash -
curl -sL https://deb.nodesource.com/setup_8.x | bash -
apt-get install -y nodejs
#npm install -g less
npm install -g less less-plugin-clean-css
cp /opt/odoo/debian/odoo.conf /etc/odoo-server.conf
vim /lib/systemd/system/odoo-server.service
# doesn't want execute bits
#chmod 755 /lib/systemd/system/odoo-server.service
chown root: /lib/systemd/system/odoo-server.service
### Addons and Modules
#
# As jebba...
#git clone https://github.com/OCA/maintainer-tools.git
# Note, this is 2.2 gigs
git clone https://github.com/OCA/OCB.git
cd OCB/
#git checkout remotes/origin/10.0
git checkout remotes/origin/9.0
pip3 install -r requirements.txt
cp -p debian/odoo.conf ~/oca.conf
# Change username to oca
vim ~/odoo.conf
# First time to init new modules ??? XXX
./odoo-bin --init=all -d oca2 --config=/home/jebba/oca.conf
# XXX auto
./odoo-bin \
-d oca2 \
--config=/home/jebba/odoo.conf
# On workstation, create tunnel:
ssh -N -C -L 8069:localhost:8069 ns32
# and open in browser:
# http://localhost:8069
# XXX, deps below fail.
#sudo pip install wand
apt install python-simplejson
#apt install python3-simplejson
# as jebba, on server:
mkdir OCA
cd OCA/
for i in `cat ../oca11-addons`
do git clone $i
done
pip uninstall odoo9-addon-server-environment odoo9-addon-server-environment-files-sample odoo9-addon-server-environment-ir-config-parameter
# NO:
# HMM, to autofind modules for OCA.
# As root, or not:
export PIP_FIND_LINKS="https://wheelhouse.odoo-community.org/oca"
# Fails as jebba because wants to write to /usr/local
# XXX TOTAL KLUDGE:
sudo chown -R jebba /usr/local
# run as jebba:
pip3 install odoo-autodiscover
pip3 install setuptools-odoo
# uh, as root, odoo 9
pip install odoo-autodiscover
pip install setuptools-odoo
# Meh, odoo-autodiscover says this command must work:
python -c "import odoo.api"
# But this does:
python3 -c "import odoo.api"
# For OCA modules:
# still fails.
apt install libminizip1 minizip
# hw_scanner module needs libevdev2 (?) installed. Maybe also:
# python-evemu - Linux Input Event Device Emulation Library - Python bindings
# python3-evemu - Linux Input Event Device Emulation Library - Python3 bindings
#apt install python-evemu python3-evemu
# Nope:
hw_scanner
connector_prestashop
mail_environment
server_environment_files
# To install postgis stuff add to db:
sudo su - postgres
psql
CREATE EXTENSION postgis;
CREATE EXTENSION postgis_topology;

@ -0,0 +1,18 @@
Install:
l10n_us United States Accounting
account_enterprise_remove Account - Remove Enterprise Features
account_analytic_distribution - Account Analytic Distribution
account_bank_statement_import - Account Bank Statement Import (OFX)
account_check_deposit - Account Check Deposit
account_check_printing_report_base - Account Check Printing Report Base
account_invoice_view_payment - Account Invoice View Payment
account_mass_reconcile - Account Mass Reconcile
account_mass_reconcile_by_purchase_line - Account Mass Reconcile by Purchase Line
account_move_line_product - Account Move Line Product
account_move_line_purchase_info - Account Move Line Purchase Info
account_move_line_stock_info - Account Move Line Stock Move
account_partner_reconcile - Account Partner Reconcile
account_payment_mode - Account Payment Mode
account_payment_order - Account Payment Order

@ -0,0 +1,54 @@
https://github.com/OCA/account-analytic.git
https://github.com/OCA/account-budgeting.git
https://github.com/OCA/account-closing.git
https://github.com/OCA/account-consolidation.git
https://github.com/OCA/account-financial-reporting.git
https://github.com/OCA/account-financial-tools.git
https://github.com/OCA/account-fiscal-rule.git
https://github.com/OCA/account-invoice-reporting.git
https://github.com/OCA/account-invoicing.git
https://github.com/OCA/account-payment.git
https://github.com/OCA/account-reconcile.git
https://github.com/OCA/bank-payment.git
https://github.com/OCA/bank-statement-import.git
https://github.com/OCA/business-requirement.git
https://github.com/OCA/community-data-files.git
https://github.com/OCA/connector-telephony.git
https://github.com/OCA/contract.git
https://github.com/OCA/crm.git
https://github.com/OCA/delivery-carrier.git
https://github.com/OCA/geospatial.git
https://github.com/OCA/infrastructure-dns.git
https://github.com/OCA/interface-github.git
https://github.com/OCA/knowledge.git
https://github.com/OCA/l10n-usa.git
https://github.com/OCA/maintenance.git
https://github.com/OCA/management-system.git
https://github.com/OCA/manufacture.git
https://github.com/OCA/manufacture-reporting.git
https://github.com/OCA/margin-analysis.git
https://github.com/OCA/mis-builder.git
https://github.com/OCA/multi-company.git
https://github.com/OCA/oca-custom.git
https://github.com/OCA/partner-contact.git
https://github.com/OCA/product-attribute.git
https://github.com/OCA/product-kitting.git
https://github.com/OCA/project.git
https://github.com/OCA/project-reporting.git
https://github.com/OCA/purchase-reporting.git
https://github.com/OCA/purchase-workflow.git
https://github.com/OCA/reporting-engine.git
https://github.com/OCA/rma.git
https://github.com/OCA/sale-financial.git
https://github.com/OCA/sale-reporting.git
https://github.com/OCA/server-backend.git
https://github.com/OCA/server-brand.git
https://github.com/OCA/server-tools.git
https://github.com/OCA/stock-logistics-reporting.git
https://github.com/OCA/stock-logistics-tracking.git
https://github.com/OCA/stock-logistics-transport.git
https://github.com/OCA/stock-logistics-warehouse.git
https://github.com/OCA/stock-logistics-workflow.git
https://github.com/OCA/vertical-community.git
https://github.com/OCA/vertical-isp.git
https://github.com/OCA/vertical-realestate.git

@ -0,0 +1,764 @@
odoo9-addon-account-analytic-distribution
odoo9-addon-account-analytic-no-lines
odoo9-addon-account-analytic-parent
odoo9-addon-account-analytic-required
odoo9-addon-account-asset-depr-line-cancel
odoo9-addon-account-balance-line
odoo9-addon-account-balance-reporting
odoo9-addon-account-bank-statement-import-camt
odoo9-addon-account-bank-statement-import-camt-details
odoo9-addon-account-bank-statement-import-fr-cfonb
odoo9-addon-account-bank-statement-import-move-line
odoo9-addon-account-bank-statement-import-qif
odoo9-addon-account-banking-fr-lcr
odoo9-addon-account-banking-mandate
odoo9-addon-account-banking-mandate-sale
odoo9-addon-account-banking-pain-base
odoo9-addon-account-banking-sepa-credit-transfer
odoo9-addon-account-banking-sepa-direct-debit
odoo9-addon-account-chart-update
odoo9-addon-account-check-deposit
odoo9-addon-account-check-printing-report-base
odoo9-addon-account-check-printing-report-dlt103
odoo9-addon-account-credit-control
odoo9-addon-account-cutoff-base
odoo9-addon-account-cutoff-prepaid
odoo9-addon-account-draft-invoice-print
odoo9-addon-account-due-list
odoo9-addon-account-due-list-aging-comments
odoo9-addon-account-due-list-days-overdue
odoo9-addon-account-due-list-payment-mode
odoo9-addon-account-enterprise-remove
odoo9-addon-account-financial-report-horizontal
odoo9-addon-account-financial-report-qweb
odoo9-addon-account-fiscal-position-rule
odoo9-addon-account-fiscal-position-rule-purchase
odoo9-addon-account-fiscal-position-rule-sale
odoo9-addon-account-fiscal-position-vat-check
odoo9-addon-account-fiscal-year
odoo9-addon-account-invoice-blocking
odoo9-addon-account-invoice-check-total
odoo9-addon-account-invoice-currency
odoo9-addon-account-invoice-fiscal-position-update
odoo9-addon-account-invoice-line-report
odoo9-addon-account-invoice-merge
odoo9-addon-account-invoice-merge-payment
odoo9-addon-account-invoice-merge-purchase
odoo9-addon-account-invoice-pricelist
odoo9-addon-account-invoice-refund-link
odoo9-addon-account-invoice-refund-option
odoo9-addon-account-invoice-rounding
odoo9-addon-account-invoice-search-by-reference
odoo9-addon-account-invoice-start-end-dates
odoo9-addon-account-invoice-supplier-ref-unique
odoo9-addon-account-invoice-tax-required
odoo9-addon-account-invoice-variant-configurator
odoo9-addon-account-invoice-view-payment
odoo9-addon-account-journal-report
odoo9-addon-account-mass-reconcile
odoo9-addon-account-mass-reconcile-by-purchase-line
odoo9-addon-account-mass-reconcile-ref-deep-search
odoo9-addon-account-mass-reconcile-transaction-ref
odoo9-addon-account-move-bankaccount-import
odoo9-addon-account-move-base-import
odoo9-addon-account-move-line-product
odoo9-addon-account-move-line-purchase-info
odoo9-addon-account-move-line-stock-info
odoo9-addon-account-move-locking
odoo9-addon-account-move-so-import
odoo9-addon-account-move-transactionid-import
odoo9-addon-account-multicurrency-revaluation
odoo9-addon-account-multicurrency-revaluation-report
odoo9-addon-account-operating-unit
odoo9-addon-account-operation-rule
odoo9-addon-account-partner-reconcile
odoo9-addon-account-payment-mode
odoo9-addon-account-payment-order
odoo9-addon-account-payment-order-return
odoo9-addon-account-payment-partner
odoo9-addon-account-payment-purchase
odoo9-addon-account-payment-return
odoo9-addon-account-payment-return-import
odoo9-addon-account-payment-return-import-sepa-pain
odoo9-addon-account-payment-sale
odoo9-addon-account-payment-show-invoice
odoo9-addon-account-payment-term-extension
odoo9-addon-account-payment-transfer-reconcile-batch
odoo9-addon-account-permanent-lock-move
odoo9-addon-account-product-fiscal-classification
odoo9-addon-account-renumber
odoo9-addon-account-reporting-weight
odoo9-addon-account-reversal
odoo9-addon-account-tax-balance
odoo9-addon-account-tax-unece
odoo9-addon-account-voucher-operating-unit
odoo9-addon-admin-technical-features
odoo9-addon-analytic-base-department
odoo9-addon-analytic-department
odoo9-addon-analytic-operating-unit
odoo9-addon-asterisk-click2dial
odoo9-addon-attachment-base-synchronize
odoo9-addon-auditlog
odoo9-addon-auth-from-http-remote-user
odoo9-addon-auth-session-timeout
odoo9-addon-auth-signup-verify-email
odoo9-addon-auth-supplier
odoo9-addon-auth-totp
odoo9-addon-auto-backup
odoo9-addon-barcodes-generator-abstract
odoo9-addon-barcodes-generator-partner
odoo9-addon-barcodes-generator-product
odoo9-addon-base-comment-template
odoo9-addon-base-country-state-translatable
odoo9-addon-base-custom-info
odoo9-addon-base-delivery-carrier-label
odoo9-addon-base-export-manager
odoo9-addon-base-external-dbsource
odoo9-addon-base-fontawesome
odoo9-addon-base-geoengine
odoo9-addon-base-geoengine-demo
odoo9-addon-base-import-async
odoo9-addon-base-import-match
odoo9-addon-base-kanban-stage
odoo9-addon-base-location
odoo9-addon-base-location-geonames-import
odoo9-addon-base-manifest-extension
odoo9-addon-base-multi-image
odoo9-addon-base-name-search-improved
odoo9-addon-base-optional-quick-create
odoo9-addon-base-partner-merge
odoo9-addon-base-partner-sequence
odoo9-addon-base-phone
odoo9-addon-base-phone-popup
odoo9-addon-base-report-auto-create-qweb
odoo9-addon-base-report-to-printer
odoo9-addon-base-report-to-printer-mail
odoo9-addon-base-search-fuzzy
odoo9-addon-base-search-mail-content
odoo9-addon-base-setup-enterprise-remove
odoo9-addon-base-suspend-security
odoo9-addon-base-technical-features
odoo9-addon-base-transaction-id
odoo9-addon-base-unece
odoo9-addon-base-user-gravatar
odoo9-addon-base-user-role
odoo9-addon-base-vat-sanitized
odoo9-addon-base-view-inheritance-extension
odoo9-addon-bi-sql-editor
odoo9-addon-bi-view-editor
odoo9-addon-business-requirement
odoo9-addon-business-requirement-deliverable
odoo9-addon-business-requirement-deliverable-categ
odoo9-addon-business-requirement-deliverable-default
odoo9-addon-business-requirement-deliverable-report
odoo9-addon-cmis
odoo9-addon-cms-delete-content
odoo9-addon-cms-form
odoo9-addon-cms-form-example
odoo9-addon-cms-status-message
odoo9-addon-configuration-helper
odoo9-addon-connector
odoo9-addon-connector-base-product
odoo9-addon-connector-ecommerce
odoo9-addon-connector-job-subscribe
odoo9-addon-connector-prestashop
odoo9-addon-connector-prestashop-catalog-manager
odoo9-addon-connector-prestashop-manufacturer
odoo9-addon-contract
odoo9-addon-contract-commission
odoo9-addon-contract-invoice-merge-by-partner
odoo9-addon-contract-mandate
odoo9-addon-contract-payment-mode
odoo9-addon-contract-recurring-analytic-distribution
odoo9-addon-contract-show-invoice
odoo9-addon-contract-variable-quantity
odoo9-addon-crm-action
odoo9-addon-crm-claim-code
odoo9-addon-crm-claim-operating-unit
odoo9-addon-crm-claim-rma
odoo9-addon-crm-claim-rma-code
odoo9-addon-crm-claim-type
odoo9-addon-crm-deduplicate-acl
odoo9-addon-crm-deduplicate-by-ref
odoo9-addon-crm-deduplicate-by-website
odoo9-addon-crm-deduplicate-filter
odoo9-addon-crm-lead-to-event-registration
odoo9-addon-crm-lead-website
odoo9-addon-crm-operating-unit
odoo9-addon-crm-phone
odoo9-addon-crm-phonecall
odoo9-addon-crm-phonecall-summary-predefined
odoo9-addon-crm-rma-location
odoo9-addon-crm-rma-stock-location
odoo9-addon-crm-sale-marketing
odoo9-addon-currency-rate-update
odoo9-addon-customer-activity-statement
odoo9-addon-customer-outstanding-statement
odoo9-addon-database-cleanup
odoo9-addon-date-range
odoo9-addon-datetime-formatter
odoo9-addon-dbfilter-from-header
odoo9-addon-dead-mans-switch-client
odoo9-addon-delivery-carrier-deposit
odoo9-addon-delivery-carrier-label-postlogistics
odoo9-addon-disable-odoo-online
odoo9-addon-document-page
odoo9-addon-document-page-approval
odoo9-addon-document-page-environment-manual
odoo9-addon-document-page-environmental-aspect
odoo9-addon-document-page-health-safety-manual
odoo9-addon-document-page-procedure
odoo9-addon-document-page-quality-manual
odoo9-addon-document-page-work-instruction
odoo9-addon-document-url
odoo9-addon-donation
odoo9-addon-donation-bank-statement
odoo9-addon-donation-base
odoo9-addon-donation-direct-debit
odoo9-addon-donation-recurring
odoo9-addon-donation-sale
odoo9-addon-email-template-qweb
odoo9-addon-event-email-reminder
odoo9-addon-event-phone
odoo9-addon-event-registration-cancel-reason
odoo9-addon-event-registration-mass-mailing
odoo9-addon-event-registration-partner-unique
odoo9-addon-external-file-location
odoo9-addon-fetchmail-bydate
odoo9-addon-fetchmail-notify-error-to-sender
odoo9-addon-fetchmail-thread-default
odoo9-addon-geoengine-maplausanne
odoo9-addon-geoengine-partner
odoo9-addon-geoengine-swisstopo
odoo9-addon-help-online
odoo9-addon-hr-commission
odoo9-addon-hr-contract-operating-unit
odoo9-addon-hr-employee-firstname
odoo9-addon-hr-employee-reference
odoo9-addon-hr-expense-analytic-distribution
odoo9-addon-hr-family
odoo9-addon-hr-holiday-notify-employee-manager
odoo9-addon-hr-holidays-compute-days
odoo9-addon-hr-holidays-leave-auto-approve
odoo9-addon-hr-holidays-legal-leave
odoo9-addon-hr-payroll-cancel
odoo9-addon-hr-payroll-report
odoo9-addon-hr-payslip-change-state
odoo9-addon-hr-phone
odoo9-addon-hr-public-holidays
odoo9-addon-hr-recruitment-phone
odoo9-addon-hr-skill
odoo9-addon-hr-timesheet-sheet-restrict-analytic
odoo9-addon-hr-timesheet-sheet-week-start-day
odoo9-addon-hr-worked-days-from-timesheet
odoo9-addon-html-image-url-extractor
odoo9-addon-html-text
odoo9-addon-intrastat-base
odoo9-addon-invoice-comment-template
odoo9-addon-keychain
odoo9-addon-knowledge
odoo9-addon-kpi
odoo9-addon-l10n-ar-base-country-state
odoo9-addon-l10n-be-antibiotic-tax
odoo9-addon-l10n-be-apb-tax
odoo9-addon-l10n-be-eco-tax
odoo9-addon-l10n-be-iso20022-pain
odoo9-addon-l10n-br-base
odoo9-addon-l10n-br-crm
odoo9-addon-l10n-br-zip
odoo9-addon-l10n-ca-toponyms
odoo9-addon-l10n-ch-bank
odoo9-addon-l10n-ch-bank-statement-import-postfinance
odoo9-addon-l10n-ch-base-bank
odoo9-addon-l10n-ch-dta
odoo9-addon-l10n-ch-fds-postfinance
odoo9-addon-l10n-ch-fds-upload-sepa
odoo9-addon-l10n-ch-hr-payroll
odoo9-addon-l10n-ch-import-cresus
odoo9-addon-l10n-ch-import-winbiz
odoo9-addon-l10n-ch-pain-base
odoo9-addon-l10n-ch-pain-credit-transfer
odoo9-addon-l10n-ch-payment-slip
odoo9-addon-l10n-ch-scan-bvr
odoo9-addon-l10n-ch-states
odoo9-addon-l10n-ch-zip
odoo9-addon-l10n-cn-hr-payroll
odoo9-addon-l10n-cn-partner
odoo9-addon-l10n-ec
odoo9-addon-l10n-ec-config
odoo9-addon-l10n-ec-ote
odoo9-addon-l10n-es
odoo9-addon-l10n-es-account-asset
odoo9-addon-l10n-es-account-balance-report
odoo9-addon-l10n-es-account-bank-statement-import-n43
odoo9-addon-l10n-es-account-invoice-sequence
odoo9-addon-l10n-es-aeat
odoo9-addon-l10n-es-aeat-mod111
odoo9-addon-l10n-es-aeat-mod115
odoo9-addon-l10n-es-aeat-mod303
odoo9-addon-l10n-es-aeat-sii
odoo9-addon-l10n-es-cnae
odoo9-addon-l10n-es-crm-lead-trade-name
odoo9-addon-l10n-es-irnr
odoo9-addon-l10n-es-partner
odoo9-addon-l10n-es-partner-mercantil
odoo9-addon-l10n-es-toponyms
odoo9-addon-l10n-et-base
odoo9-addon-l10n-eu-nace
odoo9-addon-l10n-fr-base-location-geonames-import
odoo9-addon-l10n-fr-department
odoo9-addon-l10n-fr-department-oversea
odoo9-addon-l10n-fr-naf-ape
odoo9-addon-l10n-fr-siret
odoo9-addon-l10n-fr-state
odoo9-addon-l10n-fr-tax-sale-ttc
odoo9-addon-l10n-it-abicab
odoo9-addon-l10n-it-base-location-geonames-import
odoo9-addon-l10n-it-ddt
odoo9-addon-l10n-it-rea
odoo9-addon-l10n-lu-mis-reports
odoo9-addon-l10n-ma-state
odoo9-addon-l10n-nl-bsn
odoo9-addon-l10n-nl-intrastat
odoo9-addon-l10n-nl-postcodeapi
odoo9-addon-l10n-nl-tax-statement
odoo9-addon-l10n-nl-xaf-auditfile-export
odoo9-addon-letsencrypt
odoo9-addon-mail-as-letter
odoo9-addon-mail-attach-existing-attachment
odoo9-addon-mail-cleanup
odoo9-addon-mail-debrand
odoo9-addon-mail-digest
odoo9-addon-mail-environment
odoo9-addon-mail-log-messages-to-process
odoo9-addon-mail-optional-autofollow
odoo9-addon-mail-optional-follower-notification
odoo9-addon-mail-thread-medical-prescription
odoo9-addon-mail-tracking
odoo9-addon-mail-tracking-mailgun
odoo9-addon-mail-tracking-mass-mailing
odoo9-addon-marketing-crm-partner
odoo9-addon-mass-editing
odoo9-addon-mass-mailing-custom-unsubscribe
odoo9-addon-mass-mailing-enterprise-remove
odoo9-addon-mass-mailing-partner
odoo9-addon-mass-mailing-security-group
odoo9-addon-mass-mailing-unique
odoo9-addon-medical
odoo9-addon-medical-base-us
odoo9-addon-medical-lab
odoo9-addon-medical-manufacturer
odoo9-addon-medical-medicament
odoo9-addon-medical-medicament-component
odoo9-addon-medical-medicament-us
odoo9-addon-medical-medication
odoo9-addon-medical-pathology
odoo9-addon-medical-patient-disease
odoo9-addon-medical-patient-disease-allergy
odoo9-addon-medical-patient-dob
odoo9-addon-medical-pharmacy
odoo9-addon-medical-pharmacy-us
odoo9-addon-medical-physician
odoo9-addon-medical-prescription
odoo9-addon-medical-prescription-state
odoo9-addon-medical-prescription-us
odoo9-addon-membership-variable-period
odoo9-addon-menu-technical-info
odoo9-addon-mgmtsystem
odoo9-addon-mgmtsystem-action
odoo9-addon-mgmtsystem-audit
odoo9-addon-mgmtsystem-claim
odoo9-addon-mgmtsystem-hazard
odoo9-addon-mgmtsystem-info-security-manual
odoo9-addon-mgmtsystem-kpi
odoo9-addon-mgmtsystem-manual
odoo9-addon-mgmtsystem-nonconformity
odoo9-addon-mgmtsystem-probability
odoo9-addon-mgmtsystem-quality
odoo9-addon-mgmtsystem-review
odoo9-addon-mgmtsystem-severity
odoo9-addon-mgmtsystem-survey
odoo9-addon-mis-builder
odoo9-addon-mis-builder-budget
odoo9-addon-module-auto-update
odoo9-addon-module-prototyper
odoo9-addon-mrp-bom-component-menu
odoo9-addon-mrp-bom-dismantling
odoo9-addon-mrp-bom-note
odoo9-addon-mrp-bom-structure-report-level-1
odoo9-addon-mrp-bom-structure-xlsx
odoo9-addon-mrp-bom-structure-xlsx-level-1
odoo9-addon-mrp-disable-force-availability-button
odoo9-addon-mrp-production-note
odoo9-addon-mrp-production-partner-note
odoo9-addon-mrp-production-putaway-strategy
odoo9-addon-mrp-production-raw-material-procurement-group
odoo9-addon-mrp-production-request
odoo9-addon-mrp-sale-info
odoo9-addon-oauth-provider
odoo9-addon-oauth-provider-jwt
odoo9-addon-openeducat-achievement
odoo9-addon-openeducat-activity
odoo9-addon-openeducat-admission
odoo9-addon-openeducat-alumni
odoo9-addon-openeducat-assignment
odoo9-addon-openeducat-attendance
odoo9-addon-openeducat-classroom
odoo9-addon-openeducat-core
odoo9-addon-openeducat-erp
odoo9-addon-openeducat-exam
odoo9-addon-openeducat-facility
odoo9-addon-openeducat-fees
odoo9-addon-openeducat-health
odoo9-addon-openeducat-hostel
odoo9-addon-openeducat-l10n-in
odoo9-addon-openeducat-l10n-in-admission
odoo9-addon-openeducat-library
odoo9-addon-openeducat-parent
odoo9-addon-openeducat-placement
odoo9-addon-openeducat-scholarship
odoo9-addon-openeducat-timetable
odoo9-addon-openeducat-transportation
odoo9-addon-operating-unit
odoo9-addon-partner-address-street3
odoo9-addon-partner-changeset
odoo9-addon-partner-contact-birthdate
odoo9-addon-partner-contact-department
odoo9-addon-partner-contact-gender
odoo9-addon-partner-contact-height
odoo9-addon-partner-contact-in-several-companies
odoo9-addon-partner-contact-job-position
odoo9-addon-partner-contact-lang
odoo9-addon-partner-contact-nationality
odoo9-addon-partner-contact-nutrition
odoo9-addon-partner-contact-nutrition-activity-level
odoo9-addon-partner-contact-nutrition-allergen
odoo9-addon-partner-contact-nutrition-diet
odoo9-addon-partner-contact-nutrition-exclusion
odoo9-addon-partner-contact-nutrition-goal
odoo9-addon-partner-contact-personal-information-page
odoo9-addon-partner-contact-weight
odoo9-addon-partner-default-sale-discount
odoo9-addon-partner-event
odoo9-addon-partner-external-map
odoo9-addon-partner-financial-risk
odoo9-addon-partner-firstname
odoo9-addon-partner-helper
odoo9-addon-partner-identification
odoo9-addon-partner-multi-company
odoo9-addon-partner-multi-image
odoo9-addon-partner-multi-relation
odoo9-addon-partner-password-reset
odoo9-addon-partner-payment-return-risk
odoo9-addon-partner-phone-extension
odoo9-addon-partner-phonecall-schedule
odoo9-addon-partner-ref-unique
odoo9-addon-partner-sale-risk
odoo9-addon-partner-sector
odoo9-addon-partner-stock-risk
odoo9-addon-partner-survey
odoo9-addon-password-security
odoo9-addon-portal-payment-mode
odoo9-addon-pos-access-right
odoo9-addon-pos-customer-display
odoo9-addon-pos-customer-required
odoo9-addon-pos-empty-home
odoo9-addon-pos-price-to-weight
odoo9-addon-pos-quick-logout
odoo9-addon-pos-remove-pos-category
odoo9-addon-pos-session-summary
odoo9-addon-pricelist-per-product
odoo9-addon-printer-tray
odoo9-addon-printer-zpl2
odoo9-addon-procurement-auto-create-group
odoo9-addon-procurement-operating-unit
odoo9-addon-procurement-purchase-no-grouping
odoo9-addon-product-attribute-priority
odoo9-addon-product-brand
odoo9-addon-product-by-supplier
odoo9-addon-product-custom-info
odoo9-addon-product-dimension
odoo9-addon-product-harmonized-system
odoo9-addon-product-manufacturer
odoo9-addon-product-multi-category
odoo9-addon-product-multi-company
odoo9-addon-product-multi-image
odoo9-addon-product-multi-link
odoo9-addon-product-pricelist-direct-print
odoo9-addon-product-pricelist-item-list-view
odoo9-addon-product-pricelist-tax-included
odoo9-addon-product-replenishment-cost
odoo9-addon-product-sequence
odoo9-addon-product-supplier-code-purchase
odoo9-addon-product-supplierinfo-discount
odoo9-addon-product-supplierinfo-revision
odoo9-addon-product-tax-multicompany-default
odoo9-addon-product-uom
odoo9-addon-product-uom-unece
odoo9-addon-product-variant-configurator
odoo9-addon-product-variant-supplierinfo
odoo9-addon-product-warranty
odoo9-addon-project-change-state
odoo9-addon-project-department
odoo9-addon-project-description
odoo9-addon-project-double-alias
odoo9-addon-project-enterprise-remove
odoo9-addon-project-issue-code
odoo9-addon-project-issue-task
odoo9-addon-project-issue-timesheet-time-control
odoo9-addon-project-stage-closed
odoo9-addon-project-stage-state
odoo9-addon-project-task-add-very-high
odoo9-addon-project-task-code
odoo9-addon-project-task-default-stage
odoo9-addon-project-task-delegate
odoo9-addon-project-task-dependency
odoo9-addon-project-task-digitized-signature
odoo9-addon-project-task-materials
odoo9-addon-project-task-materials-stock
odoo9-addon-project-task-report
odoo9-addon-project-task-send-by-mail
odoo9-addon-project-timeline
odoo9-addon-project-timesheet-time-control
odoo9-addon-purchase-analytic-distribution
odoo9-addon-purchase-batch-invoicing
odoo9-addon-purchase-date-planned-manual
odoo9-addon-purchase-delivery-split-date
odoo9-addon-purchase-discount
odoo9-addon-purchase-fiscal-position-update
odoo9-addon-purchase-location-by-line
odoo9-addon-purchase-open-qty
odoo9-addon-purchase-operating-unit
odoo9-addon-purchase-order-approved
odoo9-addon-purchase-order-type
odoo9-addon-purchase-order-variant-mgmt
odoo9-addon-purchase-picking-state
odoo9-addon-purchase-reporting-weight
odoo9-addon-purchase-request
odoo9-addon-purchase-request-department
odoo9-addon-purchase-request-operating-unit
odoo9-addon-purchase-request-procurement
odoo9-addon-purchase-request-procurement-operating-unit
odoo9-addon-purchase-request-to-procurement
odoo9-addon-purchase-request-to-requisition
odoo9-addon-purchase-request-to-requisition-operating-unit
odoo9-addon-purchase-request-to-rfq
odoo9-addon-purchase-request-to-rfq-operating-unit
odoo9-addon-purchase-request-to-rfq-order-approved
odoo9-addon-purchase-requisition-operating-unit
odoo9-addon-purchase-stock-picking-return-invoicing
odoo9-addon-purchase-stock-picking-return-invoicing-open-qty
odoo9-addon-purchase-variant-configurator
odoo9-addon-purchase-variant-configurator-on-confirm
odoo9-addon-report-custom-filename
odoo9-addon-report-qweb-element-page-visibility
odoo9-addon-report-qweb-pdf-watermark
odoo9-addon-report-wkhtmltopdf-param
odoo9-addon-report-xlsx
odoo9-addon-res-config-settings-enterprise-remove
odoo9-addon-res-partner-affiliate
odoo9-addon-res-partner-attributes-add-BN
odoo9-addon-res-partner-attributes-add-NEQ
odoo9-addon-res-partner-attributes-add-SIN
odoo9-addon-runbot-build-instructions
odoo9-addon-runbot-relative
odoo9-addon-runbot-skip-tests
odoo9-addon-runbot-travis2docker
odoo9-addon-runbot-website-display
odoo9-addon-sale-analytic-distribution
odoo9-addon-sale-automatic-workflow
odoo9-addon-sale-automatic-workflow-payment-mode
odoo9-addon-sale-commission
odoo9-addon-sale-crm-medical-prescription
odoo9-addon-sale-delivery-block
odoo9-addon-sale-delivery-block-proc-group-by-line
odoo9-addon-sale-delivery-rate
odoo9-addon-sale-enterprise-remove
odoo9-addon-sale-exception
odoo9-addon-sale-force-invoiced
odoo9-addon-sale-medical-prescription
odoo9-addon-sale-operating-unit
odoo9-addon-sale-order-line-date
odoo9-addon-sale-order-lot-selection
odoo9-addon-sale-order-price-recalculation
odoo9-addon-sale-order-type
odoo9-addon-sale-order-variant-mgmt
odoo9-addon-sale-packaging-price
odoo9-addon-sale-procurement-group-by-line
odoo9-addon-sale-procurement-group-by-requested-date
odoo9-addon-sale-product-set
odoo9-addon-sale-proforma-report
odoo9-addon-sale-rental
odoo9-addon-sale-reporting-weight
odoo9-addon-sale-revert-done
odoo9-addon-sale-sourced-by-line
odoo9-addon-sale-start-end-dates
odoo9-addon-sale-stock-medical-prescription
odoo9-addon-sale-stock-operating-unit
odoo9-addon-sale-stock-picking-return-invoicing
odoo9-addon-sale-timesheet-invoice-description
odoo9-addon-sale-validity
odoo9-addon-sales-team-multicompany
odoo9-addon-sales-team-operating-unit
odoo9-addon-scheduler-error-mailer
odoo9-addon-server-environment
odoo9-addon-server-environment-files-sample
odoo9-addon-server-environment-ir-config-parameter
odoo9-addon-sql-export
odoo9-addon-sql-request-abstract
odoo9-addon-stock-account-change-product-valuation
odoo9-addon-stock-account-deposit
odoo9-addon-stock-account-quant-merge
odoo9-addon-stock-analytic
odoo9-addon-stock-auto-move
odoo9-addon-stock-available
odoo9-addon-stock-available-immediately
odoo9-addon-stock-available-mrp
odoo9-addon-stock-available-unreserved
odoo9-addon-stock-batch-picking
odoo9-addon-stock-cycle-count
odoo9-addon-stock-demand-estimate
odoo9-addon-stock-deposit
odoo9-addon-stock-disable-force-availability-button
odoo9-addon-stock-enterprise-remove
odoo9-addon-stock-inventory-chatter
odoo9-addon-stock-inventory-discrepancy
odoo9-addon-stock-inventory-exclude-sublocation
odoo9-addon-stock-inventory-lockdown
odoo9-addon-stock-inventory-revaluation
odoo9-addon-stock-inventory-verification-request
odoo9-addon-stock-location-area-data
odoo9-addon-stock-lot-scrap
odoo9-addon-stock-move-partner-info
odoo9-addon-stock-mts-mto-rule
odoo9-addon-stock-no-negative
odoo9-addon-stock-operating-unit
odoo9-addon-stock-orderpoint-generator
odoo9-addon-stock-orderpoint-manual-procurement
odoo9-addon-stock-orderpoint-uom
odoo9-addon-stock-pack-operation-auto-fill
odoo9-addon-stock-partner-lot
odoo9-addon-stock-picking-delivery-rate
odoo9-addon-stock-picking-digitized-signature
odoo9-addon-stock-picking-invoice-link
odoo9-addon-stock-picking-mass-assign
odoo9-addon-stock-picking-operation-quick-change
odoo9-addon-stock-picking-package-preparation
odoo9-addon-stock-picking-package-preparation-line
odoo9-addon-stock-picking-sale-order-link
odoo9-addon-stock-picking-send-by-mail
odoo9-addon-stock-picking-show-backorder
odoo9-addon-stock-picking-show-return
odoo9-addon-stock-picking-tracking
odoo9-addon-stock-picking-transfer-lot-autoassign
odoo9-addon-stock-picking-variant-mgmt
odoo9-addon-stock-putaway-product
odoo9-addon-stock-quant-manual-assign
odoo9-addon-stock-quant-merge
odoo9-addon-stock-quant-reserved-qty-uom
odoo9-addon-stock-removal-location-by-priority
odoo9-addon-stock-reserve
odoo9-addon-stock-scanner
odoo9-addon-stock-scanner-inventory
odoo9-addon-stock-scanner-location-info
odoo9-addon-stock-scanner-receipt
odoo9-addon-stock-scanner-shipping
odoo9-addon-stock-valuation-account-manual-adjustment
odoo9-addon-stock-valued-picking-report
odoo9-addon-stock-warehouse-orderpoint-stock-info
odoo9-addon-stock-warehouse-orderpoint-stock-info-unreserved
odoo9-addon-subcontracted-service
odoo9-addon-subscription-action
odoo9-addon-support-branding
odoo9-addon-survey-one-choice-per-column
odoo9-addon-survey-percent-question
odoo9-addon-test-base-import-async
odoo9-addon-test-configuration-helper
odoo9-addon-users-ldap-mail
odoo9-addon-users-ldap-populate
odoo9-addon-web-access-rule-buttons
odoo9-addon-web-advanced-search-x2x
odoo9-addon-web-decimal-numpad-dot
odoo9-addon-web-dialog-size
odoo9-addon-web-duplicate-visibility
odoo9-addon-web-easy-switch-company
odoo9-addon-web-editor-background-color
odoo9-addon-web-environment-ribbon
odoo9-addon-web-export-view
odoo9-addon-web-favicon
odoo9-addon-web-hide-db-manager-link
odoo9-addon-web-ir-actions-act-window-message
odoo9-addon-web-listview-custom-element-number
odoo9-addon-web-m2x-options
odoo9-addon-web-menu-collapsible
odoo9-addon-web-notify
odoo9-addon-web-readonly-bypass
odoo9-addon-web-responsive
odoo9-addon-web-searchbar-full-width
odoo9-addon-web-send-message-popup
odoo9-addon-web-sheet-full-width
odoo9-addon-web-shortcut
odoo9-addon-web-timeline
odoo9-addon-web-translate-dialog
odoo9-addon-web-tree-dynamic-colored-field
odoo9-addon-web-tree-image
odoo9-addon-web-tree-many2one-clickable
odoo9-addon-web-widget-color
odoo9-addon-web-widget-darkroom
odoo9-addon-web-widget-datepicker-options
odoo9-addon-web-widget-digitized-signature
odoo9-addon-web-widget-float-formula
odoo9-addon-web-widget-image-download
odoo9-addon-web-widget-image-webcam
odoo9-addon-web-widget-many2many-tags-multi-selection
odoo9-addon-web-widget-timepicker
odoo9-addon-web-widget-x2many-2d-matrix
odoo9-addon-web-x2many-delete-all
odoo9-addon-web_selenium
odoo9-addon-website-anchor-smooth-scroll
odoo9-addon-website-blog-excerpt-img
odoo9-addon-website-blog-mgmt
odoo9-addon-website-blog-share
odoo9-addon-website-breadcrumb
odoo9-addon-website-canonical-url
odoo9-addon-website-certificate
odoo9-addon-website-container-fluid
odoo9-addon-website-cookie-notice
odoo9-addon-website-crm-privacy-policy
odoo9-addon-website-crm-quick-answer
odoo9-addon-website-crm-recaptcha
odoo9-addon-website-event-filter-selector
odoo9-addon-website-event-share
odoo9-addon-website-field-autocomplete
odoo9-addon-website-form-recaptcha
odoo9-addon-website-forum-censored
odoo9-addon-website-google-tag-manager
odoo9-addon-website-img-bg-style
odoo9-addon-website-legal-page
odoo9-addon-website-livechat-firstname
odoo9-addon-website-logo
odoo9-addon-website-no-crawler
odoo9-addon-website-odoo-debranding
odoo9-addon-website-payment-v10
odoo9-addon-website-portal-address
odoo9-addon-website-portal-contact
odoo9-addon-website-portal-purchase
odoo9-addon-website-portal-sale-v10
odoo9-addon-website-portal-v10
odoo9-addon-website-sale-b2c
odoo9-addon-website-sale-checkout-country-vat
odoo9-addon-website-sale-checkout-skip-payment
odoo9-addon-website-sale-default-country
odoo9-addon-website-sale-enterprise-remove
odoo9-addon-website-sale-product-brand
odoo9-addon-website-sale-qty
odoo9-addon-website-sale-require-legal
odoo9-addon-website-sale-require-login
odoo9-addon-website-sale-suggest-create-account
odoo9-addon-website-sale-vat-required
odoo9-addon-website-sale-wishlist
odoo9-addon-website-seo-redirection
odoo9-addon-website-snippet-anchor
odoo9-addon-website-snippet-big-button
odoo9-addon-website-snippet-country-dropdown
odoo9-addon-website-snippet-marginless-gallery

@ -0,0 +1,31 @@
#!/bin/bash
# odoo11-deb-install
# GPLv3+
# XXX Barfs on Odoo's key. Known bug:
# https://github.com/odoo/odoo/issues/19900
# XXX Broken for ~two weeks so far.
set -x
wget -O - https://nightly.odoo.com/odoo.key | apt-key add -
# After adding this key and running apt-get update:
# W: GPG error: http://nightly.odoo.com/11.0/nightly/deb ./ InRelease: The following signatures were invalid: 5D134C924CB06330DCEFE2A1DEF2A2198183CBB5
# W: The repository 'http://nightly.odoo.com/11.0/nightly/deb ./ InRelease' is not signed.
# N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use.
# N: See apt-secure(8) manpage for repository creation and user configuration details.
#
# Key fails with this too:
# root@ns32:~# apt-key adv --keyserver pgp.mit.edu --recv-keys 5D134C924CB06330DCEFE2A1DEF2A2198183CBB5
# Executing: /tmp/apt-key-gpghome.HqnorymeFd/gpg.1.sh --keyserver pgp.mit.edu --recv-keys 5D134C924CB06330DCEFE2A1DEF2A2198183CBB5
# gpg: keyserver receive failed: Server indicated a failure
echo "deb http://nightly.odoo.com/11.0/nightly/deb/ ./" >> /etc/apt/sources.list.d/odoo.list
apt-get update
apt-get install \
postgresql-all \
python3-babel python3-decorator python3-docutils python3-feedparser python3-gevent python3-greenlet python3-html2text python3-jinja2 python3-lxml python3-mako python3-markupsafe python3-mock python3-ofxparse python3-passlib python3-pil python3-psutil python3-psycopg2 python3-pydot python3-pyldap python3-pyparsing python3-pypdf2 python3-serial python3-dateutil python3-arrow python3-usb python3-yaml python3-qrcode python3-reportlab python3-requests python3-six python3-suds python3-vatnumber python3-vobject python3-werkzeug python3-xlsxwriter python-xlwt python3-xlrd wkhtmltopdf python3-pdfkit
apt-get clean
apt-get install odoo

@ -0,0 +1,8 @@
#!/bin/bash
# socks-chain.sh
# GPLv3+
# Creates a SOCKS chain from the local machine to the host on the commandline.
# Usage:
# socks-chain.sh [hostname]
set -x
ssh -S none -N -L 8080:localhost:8080 $@

@ -0,0 +1,8 @@
#!/bin/bash
# socks-proxy.sh
# GPLv3+
# Creates a SOCKS proxy from the local machine to the host on the commandline.
# Usage:
# socks-proxy.sh [hostname]
set -x
ssh -S none -N -D 8080 $@

@ -0,0 +1,11 @@
# You can add custom logos here, or disable any of the default ones commenting
# out its line
- { 'name': "Arch Linux", 'path': "images/logos/arch.png"}
- { 'name': "CentOS", 'path': "images/logos/centos.png"}
- { 'name': "Debian", 'path': "images/logos/debian.png"}
- { 'name': "Fedora", 'path': "images/logos/fedora.png"}
- { 'name': "Linux", 'path': "images/logos/linux.png"}
- { 'name': "Redhat", 'path': "images/logos/redhat.png"}
- { 'name': "Ubuntu", 'path': "images/logos/ubuntu.png"}
#- { 'name': "Windows XP/2003", 'path': "images/logos/windowsxp.png"}
#- { 'name': "Windows 8", 'path': "images/logos/windows8.png"}

@ -0,0 +1,18 @@
---
logo: images/opennebula-5.0.png
groups:
oneadmin:
- admin
- admin_vcenter
- groupadmin
- groupadmin_vcenter
- user
- cloud
- cloud_vcenter
default:
- cloud
default_groupadmin:
- groupadmin
- cloud
labels_groups:
default:

Binary file not shown.

After

Width:  |  Height:  |  Size: 7.0 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 7.1 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 7.1 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 7.0 KiB

@ -0,0 +1,262 @@
<main>
daemon off
chroot on
logpath "/var/log/yadifa"
pidfile "/run/yadifa/yadifad.pid"
datapath "/var/lib/yadifa"
keyspath "/var/lib/yadifa/keys"
xfrpath "/var/lib/yadifa/xfr"
# hostname "server-yadifad"
# serverid "yadifad-01"
# version "2.2.0"
edns0-max-size 4096
max-tcp-queries 100
uid yadifa
gid yadifa
port 53
listen 0.0.0.0
statistics on
queries-log-type 1
answer-formerr-packets off
# axfr-maxrecordbypacket 0
allow-query any
allow-update none
allow-transfer none
allow-notify none
allow-control controller
</main>
<nsid>
ascii "ns1"
</nsid>
<control>
enabled true
</control>
<rrl>
enabled true
log_only false
responses_per_second 5
errors_per_second 5
window 15
slip 2
min_table_size 1024
max_table_size 16384
ipv4_prefix_length 24
# ipv6_prefix_length 56
exempted none
</rrl>
<channels>
database database.log 0644
dnssec dnssec.log 0644
server server.log 0644
statistics statistics.log 0644
system system.log 0644
zone zone.log 0644
queries queries.log 0644
all all.log 0644
syslog syslog USER,CRON,PID
stderr STDERR
stdout STDOUT
</channels>
<loggers>
database EMERG,ALERT,CRIT,ERR,WARNING,NOTICE database,all
dnssec EMERG,ALERT,CRIT,ERR,WARNING,NOTICE dnssec,all
server EMERG,ALERT,CRIT,ERR,WARNING,NOTICE server,all
stats * statistics
system EMERG,ALERT,CRIT,ERR,WARNING,NOTICE system,all
zone EMERG,ALERT,CRIT,ERR,WARNING,NOTICE zone,all
# queries * queries
</loggers>
#include "keys.conf"
#<key>
# name master-slave
# algorithm hmac-md5
# secret MasterAndSlavesTSIGKey==
#</key>
#<acl>
# transferer key master-slave
# admins 192.0.2.0/24, 2001:db8::74
# master 192.0.2.53
# controller key abroad-admin-key
#</acl>
<acl>
controller 127.0.0.0/8, ::1
</acl>
<zone>
type master
domain localhost
file masters/localhost.zone
allow-transfer none
allow-update none
allow-update-forwarding none
</zone>
<zone>
type master
domain 0.0.127.in-addr.arpa
file masters/0.0.127.in-addr.arpa.zone
allow-transfer none
allow-update none
allow-update-forwarding none
</zone>
<zone>
type master
domain solipsists.org
file masters/solipsists.org.zone
allow-transfer 96.126.96.118,172.104.125.227,172.104.165.223,139.162.176.183,45.56.110.60,45.79.215.191,176.58.103.36,185.70.105.134,114.142.160.48,118.89.221.146,217.182.128.77,54.36.54.14,85.17.15.147,129.232.222.82,145.239.149.66,145.239.2.154,145.239.1.3,91.90.42.178,164.132.206.84,66.11.121.31,174.128.229.130,163.172.35.98,104.219.168.143,174.128.229.131,37.228.129.89
allow-update none
allow-update-forwarding none
</zone>
<dnssec-policy>
id "normal-policy"
description "Example of a policy with ZSK and KSK"
denial "nsec3-fixed"
key-suite "zsk-1024"
key-suite "ksk-2048"
</dnssec-policy>
<key-suite>
id "zsk-1024"
key-template "zsk-rsa-sha256-1024"
key-roll "monthly-diary"
</key-suite>
<key-suite>
id "ksk-2048"
key-template "ksk-rsa-sha256-2048"
key-roll "yearly-diary"
</key-suite>
<key-template>
id "zsk-rsa-sha512-1024"
algorithm RSASHA512
size 1024
</key-template>
<key-template>
id "zsk-rsa-sha512-2048"
algorithm RSASHA512
size 2048
</key-template>
<key-template>
id "zsk-rsa-sha256-1024"
algorithm RSASHA256
size 1024
</key-template>
<key-template>
id "zsk-rsa-sha256-2048"
algorithm RSASHA256
size 2048
</key-template>
<key-template>
id "ksk-rsa-sha512-1024"
ksk 1
algorithm RSASHA512
size 1024
</key-template>
<key-template>
id "ksk-rsa-sha512-2048"
ksk 1
algorithm RSASHA512
size 2048
</key-template>
<key-template>
id "ksk-rsa-sha256-1024"
ksk 1
algorithm RSASHA256
size 1024
</key-template>
<key-template>
id "ksk-rsa-sha256-2048"
ksk 1
algorithm RSASHA256
size 2048
</key-template>
<denial>
type NSEC3
id "nsec3-random"
salt-length 32
iterations 10
optout off
</denial>
<denial>
type NSEC3
id "nsec3-fixed"
salt "BA5EBA11" # if nsec3-resalting is off
iterations 5 # the number of additional times the hash function has been performe
optout off
</denial>
<key-roll>
id "yearly-diary"
generate 5 0 15 6 * * # this year (2016) 15/06 at 00:05
publish 10 0 15 6 * * # 00:10
activate 15 0 16 6 * * # 16/06 at 00:15
inactive 15 0 17 6 * * # (2017) 17/06 at 00:15
remove 15 11 18 6 * * # (2017) 18/06 at 11:15
</key-roll>
<key-roll>
id "monthly-diary"
generate 5 0 * * tue 0 # 1 tuesday of the month at 00:05
publish 10 0 * * tue 0 # 00:10
activate 15 0 * * wed 0 # 1 wednesday of the month at 00:15
inactive 15 0 * * thu 0 # 1 thursday of the month at 00:15
remove 15 11 * * fri 0 # 1 friday of the month at 11:15
</key-roll>
<key-roll>
id "weekly-diary"
generate 25 0 * * sun * # every sunday of the month at 00:25
publish 30 0 * * sun * # at 00:30
activate 35 0 * * sun * # at 00:35
inactive 35 0 * * sun * # at 00:35
remove 35 11 * * sun * # at 11:35
</key-roll>
<key-roll>
id "daily-diary"
generate 5 0 * * * * # at 00:05
publish 10 0 * * * * # at 00:10
activate 15 0 * * * * # at 00:15
inactive 15 0 * * * * # at 00:15
remove 15 11 * * * * # at 11:15
</key-roll>
<key-roll>
id "hourly-diary"
generate 1 * * * * *
publish 5 * * * * *
activate 10 * * * * *
inactive 15 * * * * *
remove 20 * * * * *
</key-roll>
<key-roll>
id "half-hourly-diary"
generate 0,30 * * * * *
publish 1,31 * * * * *
activate 2,32 * * * * *
inactive 34,04 * * * * *
remove 38,08 * * * * *
</key-roll>
<key-roll>
id "insane-diary"
generate * * * * * *
publish * * * * * *
activate * * * * * *
inactive * * * * * *
remove * * * * * *
</key-roll>
<key-roll>
id "monthly-relative"
generate +31d
publish +60
activate +120
inactive +33d # must be bigger than generate, to avoid a gap
remove +1d
</key-roll>
<key-roll>
id "insane-relative"
generate +60
publish +0
activate +0
inactive +60
remove +0
</key-roll>
<key-roll>
id "less-insane-relative"
generate +120
publish +0
activate +0
inactive +160
remove +0
</key-roll>

@ -0,0 +1,59 @@
; Be sure to increment each revision!
$TTL 3600
$ORIGIN solipsists.org.
solipsists.org. 3600 IN SOA ns1.solipsists.org. ns.solipsists.org. 41 3600 1800 3600000 600
3600 IN NS ns1.solipsists.org.
3600 IN NS ns2.solipsists.org.
3600 IN NS ns3.solipsists.org.
3600 IN NS ns4.solipsists.org.
3600 IN NS ns5.solipsists.org.
3600 IN NS ns6.solipsists.org.
3600 IN NS ns7.solipsists.org.
3600 IN NS ns8.solipsists.org.
; 3600 IN NS ns9.solipsists.org.
3600 IN NS ns11.solipsists.org.
3600 IN NS ns12.solipsists.org.
; 3600 IN NS ns13.solipsists.org.
3600 IN NS ns14.solipsists.org.
3600 IN NS ns15.solipsists.org.
3600 IN NS ns17.solipsists.org.
; 3600 IN NS ns18.solipsists.org.
; 3600 IN NS ns19.solipsists.org.
; 3600 IN NS ns20.solipsists.org.
3600 IN NS ns21.solipsists.org.
3600 IN NS ns22.solipsists.org.
; 3600 IN NS ns23.solipsists.org.
; 3600 IN NS ns24.solipsists.org.
3600 IN NS ns26.solipsists.org.
; 3600 IN NS ns29.solipsists.org.
; 3600 IN NS ns30.solipsists.org.
; 3600 IN NS ns31.solipsists.org.
ns1.solipsists.org. 3600 IN A 69.164.197.34
ns2.solipsists.org. 3600 IN A 96.126.96.118
ns3.solipsists.org. 3600 IN A 172.104.125.227
ns4.solipsists.org. 3600 IN A 172.104.165.223
ns5.solipsists.org. 3600 IN A 139.162.176.183
ns6.solipsists.org. 3600 IN A 45.56.110.60
ns7.solipsists.org. 3600 IN A 45.79.215.191
ns8.solipsists.org. 3600 IN A 176.58.103.36
ns9.solipsists.org. 3600 IN A 185.70.105.134
ns11.solipsists.org. 3600 IN A 91.90.42.178
ns12.solipsists.org. 3600 IN A 114.142.160.48
ns13.solipsists.org. 3600 IN A 118.89.221.146
ns14.solipsists.org. 3600 IN A 217.182.128.77
ns15.solipsists.org. 3600 IN A 54.36.54.14
ns17.solipsists.org. 3600 IN A 85.17.15.147
ns18.solipsists.org. 3600 IN A 129.232.222.82
ns19.solipsists.org. 3600 IN A 163.172.35.98
ns20.solipsists.org. 3600 IN A 145.239.149.66
ns21.solipsists.org. 3600 IN A 145.239.2.154
ns22.solipsists.org. 3600 IN A 145.239.1.3
ns23.solipsists.org. 3600 IN A 164.132.206.84
ns24.solipsists.org. 3600 IN A 174.128.229.130
ns26.solipsists.org. 3600 IN A 66.11.121.31
ns29.solipsists.org. 3600 IN A 104.219.168.143
ns30.solipsists.org. 3600 IN A 174.128.229.131
ns31.solipsists.org. 3600 IN A 37.228.129.89
oca.solipsists.org. 3600 IN A 174.128.229.131
fn1 IN CNAME ns24.solipsists.org.

@ -0,0 +1,243 @@
<main>
daemon off
chroot off
logpath "/var/log/yadifa"
pidfile "/run/yadifa/yadifad.pid"
datapath "/var/lib/yadifa"
keyspath "/var/lib/yadifa/keys"
xfrpath "/var/lib/yadifa/xfr"
edns0-max-size 4096
max-tcp-queries 100
uid yadifa
gid yadifa
port 53
listen 0.0.0.0
statistics on
queries-log-type 1
answer-formerr-packets off
allow-query any
allow-update none
allow-transfer none
allow-notify 69.164.197.34
allow-control controller
</main>
<nsid>
ascii "ns"
</nsid>
<control>
enabled true
</control>
<rrl>
enabled true
log_only false
responses_per_second 5
errors_per_second 5
window 15
slip 2
min_table_size 1024
max_table_size 16384
ipv4_prefix_length 24
ipv6_prefix_length 56
exempted none
</rrl>
<channels>
database database.log 0644
dnssec dnssec.log 0644
server server.log 0644
statistics statistics.log 0644
system system.log 0644
zone zone.log 0644
queries queries.log 0644
all all.log 0644
syslog syslog USER,CRON,PID
stderr STDERR
stdout STDOUT
</channels>
<loggers>
database EMERG,ALERT,CRIT,ERR,WARNING,NOTICE database,all
dnssec EMERG,ALERT,CRIT,ERR,WARNING,NOTICE dnssec,all
server EMERG,ALERT,CRIT,ERR,WARNING,NOTICE server,all
stats * statistics
system EMERG,ALERT,CRIT,ERR,WARNING,NOTICE system,all
zone EMERG,ALERT,CRIT,ERR,WARNING,NOTICE zone,all
</loggers>
<acl>
controller 127.0.0.0/8, ::1
</acl>
<zone>
type master
domain localhost
file masters/localhost.zone
allow-transfer none
allow-update none
allow-update-forwarding none
</zone>
<zone>
type master
domain 0.0.127.in-addr.arpa
file masters/0.0.127.in-addr.arpa.zone
allow-transfer none
allow-update none
allow-update-forwarding none
</zone>
<zone>
type slave
domain solipsists.org
file slaves/solipsists.org.zone
master 69.164.197.34
</zone>
<dnssec-policy>
id "normal-policy"
description "Example of a policy with ZSK and KSK"
denial "nsec3-fixed"
key-suite "zsk-1024"
key-suite "ksk-2048"
</dnssec-policy>
<key-suite>
id "zsk-1024"
key-template "zsk-rsa-sha256-1024"
key-roll "monthly-diary"
</key-suite>
<key-suite>
id "ksk-2048"
key-template "ksk-rsa-sha256-2048"
key-roll "yearly-diary"
</key-suite>
<key-template>
id "zsk-rsa-sha512-1024"
algorithm RSASHA512
size 1024
</key-template>
<key-template>
id "zsk-rsa-sha512-2048"
algorithm RSASHA512
size 2048
</key-template>
<key-template>
id "zsk-rsa-sha256-1024"
algorithm RSASHA256
size 1024
</key-template>
<key-template>
id "zsk-rsa-sha256-2048"
algorithm RSASHA256
size 2048
</key-template>
<key-template>
id "ksk-rsa-sha512-1024"
ksk 1
algorithm RSASHA512
size 1024
</key-template>
<key-template>
id "ksk-rsa-sha512-2048"
ksk 1
algorithm RSASHA512
size 2048
</key-template>
<key-template>
id "ksk-rsa-sha256-1024"
ksk 1
algorithm RSASHA256
size 1024
</key-template>
<key-template>
id "ksk-rsa-sha256-2048"
ksk 1
algorithm RSASHA256
size 2048
</key-template>
<denial>
type NSEC3
id "nsec3-random"
salt-length 32
iterations 10
optout off
</denial>
<denial>
type NSEC3
id "nsec3-fixed"
salt "BA5EBA11" # if nsec3-resalting is off
iterations 5 # the number of additional times the hash function has been performe
optout off
</denial>
<key-roll>
id "yearly-diary"
generate 5 0 15 6 * * # this year (2016) 15/06 at 00:05
publish 10 0 15 6 * * # 00:10
activate 15 0 16 6 * * # 16/06 at 00:15
inactive 15 0 17 6 * * # (2017) 17/06 at 00:15
remove 15 11 18 6 * * # (2017) 18/06 at 11:15
</key-roll>
<key-roll>
id "monthly-diary"
generate 5 0 * * tue 0 # 1 tuesday of the month at 00:05
publish 10 0 * * tue 0 # 00:10
activate 15 0 * * wed 0 # 1 wednesday of the month at 00:15
inactive 15 0 * * thu 0 # 1 thursday of the month at 00:15
remove 15 11 * * fri 0 # 1 friday of the month at 11:15
</key-roll>
<key-roll>
id "weekly-diary"
generate 25 0 * * sun * # every sunday of the month at 00:25
publish 30 0 * * sun * # at 00:30
activate 35 0 * * sun * # at 00:35
inactive 35 0 * * sun * # at 00:35
remove 35 11 * * sun * # at 11:35
</key-roll>
<key-roll>
id "daily-diary"
generate 5 0 * * * * # at 00:05
publish 10 0 * * * * # at 00:10
activate 15 0 * * * * # at 00:15
inactive 15 0 * * * * # at 00:15
remove 15 11 * * * * # at 11:15
</key-roll>
<key-roll>
id "hourly-diary"
generate 1 * * * * *
publish 5 * * * * *
activate 10 * * * * *
inactive 15 * * * * *
remove 20 * * * * *
</key-roll>
<key-roll>
id "half-hourly-diary"
generate 0,30 * * * * *
publish 1,31 * * * * *
activate 2,32 * * * * *
inactive 34,04 * * * * *
remove 38,08 * * * * *
</key-roll>
<key-roll>
id "insane-diary"
generate * * * * * *
publish * * * * * *
activate * * * * * *
inactive * * * * * *
remove * * * * * *
</key-roll>
<key-roll>
id "monthly-relative"
generate +31d
publish +60
activate +120
inactive +33d # must be bigger than generate, to avoid a gap
remove +1d
</key-roll>
<key-roll>
id "insane-relative"
generate +60
publish +0
activate +0
inactive +60
remove +0
</key-roll>
<key-roll>
id "less-insane-relative"
generate +120
publish +0
activate +0
inactive +160
remove +0
</key-roll>

@ -0,0 +1,12 @@
$TTL 86400 ; 24 hours
$ORIGIN 0.0.127.IN-ADDR.ARPA.
0.0.127.IN-ADDR.ARPA. 86400 IN SOA localhost. root.localhost. (
20120201 ; Serial
3h ; Refresh
15 ; Retry
1w ; Expire
3h ; Minimum
)
86400 IN NS localhost.
1 86400 IN PTR localhost.

@ -0,0 +1,13 @@
$TTL 86400 ; 24 hours
$ORIGIN localhost.
localhost. 86400 IN SOA localhost. root.localhost. (
20120201 ; serial
3H ; refresh
15 ; retry
1w ; expire
3h ; minimum
)
86400 IN NS localhost.
86400 IN A 127.0.0.1

Binary file not shown.

After

Width:  |  Height:  |  Size: 105 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 91 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 18 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 15 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 19 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 344 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 359 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 338 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 262 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 299 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 98 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 564 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 315 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 683 KiB

@ -0,0 +1,45 @@
#!/bin/bash
# make-sources-list.sh
# GPLv3+
# This will generate a list of files to be included as source code.
# Then it will generate LaTeX includes.
# XXX Great cruft
# Redirect fix XXX
# No spaces in filenames, or this may go awry.
# Perhaps add QR codes like:
CODEDIR="/home/`id -u -n`/FORKSAND/IT//forksand-it-manual/source/resources"
cd "$CODEDIR" || exit
TEXOUT="/home/`id -u -n`/FORKSAND/IT/forksand-it-manual/source/Source-gen.tex"
# Build a grep exclude command that has file extensions to not include.
EXCLUDE="\./\.git \.csv$ \.eps \.git$ \.gz$ \.jpg$ \.ods$ \.ods\#$ \.png$ \.pdf$ \.swp$ \.tmp$ \.xml$ \.aux$ \.fuse_hidden*$ \.glo$ \.gls$ \.idx$ \.ilg$ \.ind$ \.lof$ \.log$ \.lol$ _minted-*$ \.old$ \.out$ \.swp$ \.toc$ \.zip$"
EXCLUDEGREP="grep -v -i "
for i in $EXCLUDE
do EXCLUDEGREP="$EXCLUDEGREP -e $i"
done
SRCFILES=`find . -type f | sort -V | $EXCLUDEGREP`
rm -f $TEXOUT $SHAOUT SHA256SUM
touch $TEXOUT $SHAOUT SHA256SUM
# Make checksums
# LaTeX files to be rendered
for i in $SRCFILES
do
#NOUNDER=`echo $i | sed -e 's/_/\\\_/g'`
NOUNDER=`echo $i | sed -e 's/_/\\\_/g' | cut -f 2- -d "/"`
echo "\section{\texttt{$NOUNDER}}"
# echo "\texttt{$NOUNDER} \\\ "
echo "\texttt{SHA256: `sha256sum $i | cut -f 1 -d " "`}"
sha256sum $i >> SHA256SUM
MINTEDPATH=`echo $i | cut -f 2- -d "/"`
MINTEDPATH="resources/$MINTEDPATH"
echo "\inputminted{sh}{$MINTEDPATH}"
done >> $TEXOUT
sort -V SHA256SUM > SHA256SUM.tmp
echo "There are `cat SHA256SUM | sort -u | wc -l` source code files included." > STATS
echo "There are `cat SHA256SUM.tmp | cut -f 1 -d " " | sort -u | wc -l` unique files." >> STATS
rm SHA256SUM.tmp
# Files not rendered
#echo "\section{Not Rendered}" >> $TEXOUT
#echo "The files listed in this section were not rendered." >> $TEXOUT
#echo "Upstream {\LaTeX} files:" >> $TEXOUT

@ -0,0 +1,21 @@
#!/bin/bash
# txt2qrpng.sh
# GPLv3+
# Give this a name of a text file and it will produce a
# series of .png files encoding the data in QR codes.
# Use:
# txt2qrpng.sh foo.txt
mkdir -p QR
cat $1 | \
qrencode \
--type=png \
-o QR/$1.png && exit
cat $1 | \
qrencode \
-S \
-v 40 \
-l L \
--type=png \
-o QR/$1.png
Loading…
Cancel
Save