diff --git a/source/Ansible.tex b/source/Ansible.tex index 316bb9f..747c7b4 100644 --- a/source/Ansible.tex +++ b/source/Ansible.tex @@ -69,8 +69,8 @@ echo ns1 > ~/.ansible/hosts ansible -i ~/.ansible/hosts ns1 -a 'uptime' \end{minted} -\begin{minted}{sh} ~/.ansible.cfg +\begin{minted}{sh} [defaults] inventory = $HOME/.ansible/hosts @@ -150,7 +150,7 @@ The following files need to be edited and configured before executing this playb After having configured the server credentials and added the server IP to the inventory, use the following command to execute the playbook. \begin{minted}{sh} -ansible-playbook -i inventory.yml site.yml` +ansible-playbook -i inventory.yml site.yml -vvv \end{minted} \subsection{Project Structure} @@ -265,8 +265,7 @@ The following applications are required to utilize this this section objectives. Ansible can be installed using Python PIP. \begin{itemize} \item \texttt{Ansible} 2.4.x+ - \item \texttt{Python} 2.7.9+ - \textcolor[rgb]{0.80,0.00,0.00}{Todo clarify confusion over version requirements} + \item \texttt{Python} 2.7.x \end{itemize} \subsection{Quick Start} @@ -295,7 +294,7 @@ The following files need to be edited and configured before executing this playb After having configured the server credentials and added the server IP to the inventory, use the following command to execute the playbook. \begin{minted}{sh} -ansible-playbook -i inventory.yml site.yml` +ansible-playbook -i inventory.yml site.yml -vvv \end{minted} \subsection{Project Structure} diff --git a/source/Contact.tex b/source/Contact.tex index 7ad5997..0488507 100644 --- a/source/Contact.tex +++ b/source/Contact.tex @@ -17,8 +17,29 @@ \setlength{\parindent}{0pt} Email: \texttt{support@forksand.com} - \section{Website} \texttt{www.forksand.com} +\vspace{10pt} +On the social: + +\subsection{Twitter} + +\texttt{twitter.com/realforksand} + +\subsection{Imgur} + +\texttt{imgur.com/user/forksand} + +\section{Address} + +Fork Sand, Inc.\\ +626 West 66th Street\\ +Loveland, Colorado\\ +80538 USA + +\section{Phone} + ++1-970-999-8777 Voice\\ ++1-970-449-7502 Fax\\ diff --git a/source/DNS.tex b/source/DNS.tex index 95c9348..e93a532 100644 --- a/source/DNS.tex +++ b/source/DNS.tex @@ -34,11 +34,6 @@ Misc: \section{Registration} Where to register? Need to be in the root servers... -\begin{itemize} - \item Njalla --- ``Privacy-aware domain registration service''. - Website: \\ \url{https://njal.la/} -\end{itemize} - \subsection{Njalla} Njalla --- ``Privacy-aware domain registration service''. Website: \\ \url{https://njal.la/} diff --git a/source/Firewalls.tex b/source/Firewalls.tex index c5568a7..22f1382 100644 --- a/source/Firewalls.tex +++ b/source/Firewalls.tex @@ -114,6 +114,436 @@ indicator of which machine one is connected to during post. Supermicro does include KVM-over-IP functionality with the motherboard. +\begin{itemize} + \item Default IPMI connection is in cleartext http. + \item SSL certificate for Supermicro IPMI is bad (like all of them). + \item Can't change password on IPMI. + %\item Root password for server and IPMI is sent via email. + %\item There is an attack window between their machine imaging and first login. + %\item Customer should control timing of first power on. + %\item System is also possibly vuln during the ISP's initial power up and commissioning period. + %\item First reboot, the system hung (.png XXX). + %\item Hard reset, lots of DHCP queries at boot. + %\item A \texttt{debian} user was on the system, password unknown. Check \texttt{/home}! + %\item They block NTP to prevent DDoS, so you have to use their time server + % \texttt{time.sharktech.net} +\end{itemize} + +\subsection{Supermicro Setup over IPMI bios} +{{\grenewcommand{\currentColor}{secondary-brown}}} +{{\grenewcommand{\currentTextColor}{ao-black}}} +\providecommand{\sharkIPConfigItem}[4]{} +\renewcommand{\sharkIPConfigItem}[4]{ + \rowcolor{\currentColor} \vspace{-1pt} + \rule[-0.3em]{0pt}{-0.5em} \vspace{-1pt} + \small{\textcolor{\currentTextColor}{#1}} & \vspace{-1pt} + \small{\textcolor{\currentTextColor}{#2}} \\ +} +\providecommand{\sharkIPConfigLastItem}[4]{} +\renewcommand{\sharkIPConfigLastItem}[4]{ + \rowcolor{\currentColor} \vspace{-1pt} + \rule[-1.0em]{0pt}{1em} \vspace{-1pt} + \small{\textcolor{\currentTextColor}{#1}} & \vspace{-1pt} + \small{\textcolor{\currentTextColor}{#2}} \\ + \tabucline[2pt]{1-2} +} +\providecommand{\SIPCCwidth}{3.5cm} +\renewcommand{\SIPCCwidth}{5cm} + +\begin{figure}[!htb] + \includegraphics[keepaspectratio=true,height=1.10\textheight,width=1.00\textwidth,angle=0] + {sf-fw/ssc-ipmi-init.png} + \caption{Supermicro SuperServer 1018D-FRN8T PEI-IPMI Initialization} + \label{fig:supermicroSSCIpmiInit} +\end{figure} + +Before IPMI Initialization, choose in Boot Agent GE an entry PXE +(Preboot eXecution Environment) + +In Aptio Setup Utility set the following Boot Features: + +\begin{table}[!htb] + \caption{sf-fw BIOS configs}% \label{tab:sharkNodeIPConfig} + \begin{tabu}{|[2pt]p{\SIPCCwidth}|[2pt]p{\SIPCCwidth*2}|[2pt]} + \tabucline[2pt]{1-2} + \multicolumn {1}{|[2pt]l|[2pt]}{\rule[-0.7em]{0pt}{2em} \cellcolor{\currentColor}{Boot Feature}}& + \multicolumn {1}{l|[2pt]}{\cellcolor{\currentColor}{Value}} \\ + \tabucline[2pt]{1-2} + \sharkIPConfigItem { SMCBiosActionFlag }{ \char`[0\char`] }{}{} + \sharkIPConfigItem { SumBbsSupportFlag }{ 48 }{}{} + \sharkIPConfigLastItem{ Bridge ports }{ \char`[Disabled\char`] }{}{} + \sharkIPConfigItem { SumBbsSupportFlag }{ \char`[Force BIOS\char`] }{}{} + \sharkIPConfigItem { SumBbsSupportFlag }{ \char`[On\char`] }{}{} + \sharkIPConfigItem { SumBbsSupportFlag }{ \char`[Disabled\char`] }{}{} + \sharkIPConfigItem { SumBbsSupportFlag }{ \char`[Immediate\char`] }{}{} + \sharkIPConfigLastItem{ Subnet mask }{ \char`[Disabled\char`] }{}{} + \end{tabu} +\end{table} + +Set system Date/Time + +\newpage +\subsection*{\textcolor{ao-white}{ Supermicro Setup over IPMI bios1}} +\begin{figure}[!ht] + \includegraphics[keepaspectratio=true,height=1.10\textheight,width=1.00\textwidth,angle=0] + {sf-fw/ssc-ipmi-boot1.png} + \caption{Supermicro SuperServer 1018D-FRN8T Bios prompt for boot-menu} + \label{fig:supermicroSSCIpmiBoot1} +\end{figure} +\begin{table}[!htb] + \caption{sf-fw BIOS configs continued}% \label{tab:sharkNodeIPConfig} + \begin{tabu}{|[2pt]p{\SIPCCwidth}|[2pt]p{\SIPCCwidth*2}|[2pt]} + \tabucline[2pt]{1-2} + \multicolumn {1}{|[2pt]l|[2pt]}{\rule[-0.7em]{0pt}{2em} \cellcolor{\currentColor}{Boot Feature}}& + \multicolumn {1}{l|[2pt]}{\cellcolor{\currentColor}{Value}} \\ + \tabucline[2pt]{1-2} + \sharkIPConfigItem { Power Configuration }{}{}{} + \sharkIPConfigItem { Watch Dog Function }{ \char`[Disabled\char`] }{}{} + \sharkIPConfigItem { Power button Function }{ \char`[4 Seconds Override\char`] }{}{} + \sharkIPConfigLastItem{ Subnet mask }{ \char`[Power On\char`] }{}{} + \end{tabu} +\end{table} + +\newpage +\begin{figure}[!ht] + \includegraphics[keepaspectratio=true,height=1.10\textheight,width=1.00\textwidth,angle=0] + {sf-fw/ssc-ipmi-boot2.png} + \caption{Supermicro SuperServer 1018D-FRN8T Bootstrap loader} + \label{fig:supermicroSSCIpmiBoot2} +\end{figure} +\begin{table}[!htb] + \caption{sf-fw BIOS configs continued}% \label{tab:sharkNodeIPConfig} + \begin{tabu}{|[2pt]p{\SIPCCwidth}|[2pt]p{\SIPCCwidth*2}|[2pt]} + \tabucline[2pt]{1-2} + \multicolumn {1}{|[2pt]l|[2pt]}{\rule[-0.7em]{0pt}{2em} \cellcolor{\currentColor}{Boot Feature}}& + \multicolumn {1}{l|[2pt]}{\cellcolor{\currentColor}{Value}} \\ + \tabucline[2pt]{1-2} + \sharkIPConfigItem { Onboard LAN1 OPROM }{ \char`[Disabled\char`] }{}{} + \sharkIPConfigItem { Onboard LAN2 OPROM }{ \char`[Disabled\char`] }{}{} + \sharkIPConfigLastItem{ Onboard LAN3 - LAN8 OPROM }{ \char`[Disabled\char`] }{}{} + \sharkIPConfigItem { Legacy Boot Order \char`#1}{ \char`[USB Key:Virtual Disk\char`] }{}{} + \sharkIPConfigLastItem{ Legacy Boot Order \char`#2 - \char`#7}{ \char`[Disabled\char`] }{}{} + \end{tabu} +\end{table} +\newpage +\begin{figure}[!ht] + \includegraphics[keepaspectratio=true,height=1.10\textheight,width=1.00\textwidth,angle=0] + {sf-fw/ssc-ipmi-opnsense-boot1.png} + \caption{Supermicro SuperServer OPNsense Boot variant} + \label{fig:supermicroSSCIpmiOpnsenseBoot1} +\end{figure} +Let default option 5 execute. +\begin{table}[!htb] + \caption{sf-fw LSI Corp Config Utility}% \label{tab:sharkNodeIPConfig} + \begin{tabu}{|[2pt]p{\SIPCCwidth}|[2pt]p{\SIPCCwidth*2}|[2pt]} + \tabucline[2pt]{1-2} + \multicolumn {1}{|[2pt]l|[2pt]}{\rule[-0.7em]{0pt}{2em} \cellcolor{\currentColor}{Parameter}}& + \multicolumn {1}{l|[2pt]}{\cellcolor{\currentColor}{Value}} \\ + \tabucline[2pt]{1-2} + \sharkIPConfigItem { Adapter }{LSI2116-IT}{}{} + \sharkIPConfigItem { PCI Slot }{0B}{}{} + \sharkIPConfigItem { PCI Address(Bus/Dev) }{02:00}{}{} + \sharkIPConfigItem { MPT Firmware Revision }{20.00.07.00-IT}{}{} + \sharkIPConfigItem { SAS Address }{50030480:1E300A01}{}{} + \sharkIPConfigItem { NVDATA Version }{14.01.40.00}{}{} + \sharkIPConfigItem { Status }{Disabled}{}{} + \sharkIPConfigItem { Boot Order}{0}{}{} + \sharkIPConfigLastItem{ Boot Support}{ \char`[Disabled\char`] }{}{} + \end{tabu} +\end{table} + +\newpage +{{\grenewcommand{\currentColor}{primary-blue}}} +\begin{figure}[!ht] + \includegraphics[keepaspectratio=true,height=1.10\textheight,width=1.00\textwidth,angle=0] + {sf-fw/ssc-opns-dash1.png} + \caption{Supermicro SuperServer OPNsense Dashboard} + \label{fig:supermicroSSCIpmiOpnsenseDash1} +\end{figure} +\begin{table}[!htb] + \caption{sf-fw LSI Corp Config Utility}% \label{tab:sharkNodeIPConfig} + \begin{tabu}{|[2pt]p{\SIPCCwidth}|[2pt]p{\SIPCCwidth*2}|[2pt]} + \tabucline[2pt]{1-2} + \multicolumn {1}{|[2pt]l|[2pt]}{\rule[-0.7em]{0pt}{2em} \cellcolor{\currentColor}{Parameter}}& + \multicolumn {1}{l|[2pt]}{\cellcolor{\currentColor}{Value}} \\ + \tabucline[2pt]{1-2} + \sharkIPConfigItem { Hostname }{sf-fw1}{}{} + \sharkIPConfigItem { Domain }{forksand.com}{}{} + \sharkIPConfigItem { Language }{English}{}{} + \sharkIPConfigItem { Primary DNS Server }{216.146.35.35}{}{} + \sharkIPConfigItem { Secondary DNS Server }{208.67.222.222}{}{} + \sharkIPConfigLastItem{ Override DNS }{unchecked}{}{} + \sharkIPConfigLastItem{ Enable Resolver}{checked}{}{} + \sharkIPConfigLastItem{ Others }{leave unchecked}{}{} + \end{tabu} +\end{table} + +\begin{itemize} + \item Set server time information + \item Configure WAN interface, DHCP, subnet masks /32, Block .. Flags checked, others empty + \item Configure WAN interface, IP 192.168.1.1 change to 192.168.110.21, subnet mask /24 + \item Set Web GUI Password + \item Reload to apply changes + \item Finished initial configuration, click a href "continue to the dashboard" + \item Configure console appears, refer to table + \ref{tab:supermicroSSCIpmiOpnsenseDash2} on p. \pageref{tab:supermicroSSCIpmiOpnsenseDash2} + \item Set root password and reboot + \item Re-enter Aptio Setup Utility Boot tab + \item Switch Legacy Boot Order \char`#1 \char` to [Hard Disk: SATADOM-...\char`] + \item Start the boot + \item OPNsense: Let default option 5 execute +\end{itemize} +{{\grenewcommand{\currentColor}{secondary-brown}}} +\begin{figure}[!ht] + \includegraphics[keepaspectratio=true,height=1.10\textheight,width=1.00\textwidth,angle=0] + {sf-fw/ssc-opns-dash2.png} + \caption{Supermicro SuperServer OPNsense Dashboard Continued} + \label{fig:supermicroSSCIpmiOpnsenseDash2} +\end{figure} +\begin{table}[!htb] + \caption{sf-fw LSI Corp Config Utility} \label{tab:supermicroSSCIpmiOpnsenseDash2} + \begin{tabu}{|[2pt]p{\SIPCCwidth}|[2pt]p{\SIPCCwidth*2}|[2pt]} + \tabucline[2pt]{1-2} + \multicolumn {1}{|[2pt]l|[2pt]}{\rule[-0.7em]{0pt}{2em} \cellcolor{\currentColor}{Parameter}}& + \multicolumn {1}{l|[2pt]}{\cellcolor{\currentColor}{Value}} \\ + \tabucline[2pt]{1-2} + \sharkIPConfigItem { Configure Console }{Accept these Settings}{}{} + \sharkIPConfigItem { Select task }{Guided installation}{}{} + \sharkIPConfigItem { Select a disk }{ada0: 600.00MB/s transfers (SATA 3.x, UDMA6, PIO 512bytes)}{}{} + \sharkIPConfigItem { Select install mode }{GPT/UEFI mode}{}{} + \sharkIPConfigItem { Swap Partition }{yes}{}{} + \sharkIPConfigLastItem{ Enable Resolver}{checked}{}{} + \end{tabu} +\end{table} +{{\grenewcommand{\currentColor}{primary-blue}}} +\begin{itemize} + \item Enter OPNsense dashboard and make a backup, System -> Configuration -> Backups, save the XML + \item Execute update firmware, refer to figure + \ref{fig:supermicroSSCIpmiOpnsenseDash3} on p. \pageref{fig:supermicroSSCIpmiOpnsenseDash3} +\end{itemize} + +\newpage +\begin{figure}[!ht] + \includegraphics[keepaspectratio=true,height=1.10\textheight,width=1.00\textwidth,angle=0] + {sf-fw/ssc-opns-dash3-update.png} + \caption{Supermicro SuperServer OPNsense Dashboard Update Firmware} + \label{fig:supermicroSSCIpmiOpnsenseDash3} +\end{figure} +\begin{itemize} + \item Standby until updating finished, refer to figure + \ref{fig:supermicroSSCIpmiOpnsenseDash4} on p. \pageref{fig:supermicroSSCIpmiOpnsenseDash4} + \item Switch to tab Settings, refer to figure + \ref{fig:supermicroSSCIpmiOpnsenseDash5} on p. \pageref{fig:supermicroSSCIpmiOpnsenseDash5} +\end{itemize} +\begin{figure}[!ht] + \includegraphics[keepaspectratio=true,height=1.10\textheight,width=1.00\textwidth,angle=0] + {sf-fw/ssc-opns-dash4-update.png} + \caption{Supermicro SuperServer OPNsense Dashboard Update Firmware Continued} + \label{fig:supermicroSSCIpmiOpnsenseDash4} +\end{figure} + +\newpage +\begin{figure}[!ht] + \includegraphics[keepaspectratio=true,height=1.10\textheight,width=1.00\textwidth,angle=0] + {sf-fw/ssc-opns-dash5-fw.png} + \caption{Supermicro SuperServer OPNsense Dashboard Firmware Settings} + \label{fig:supermicroSSCIpmiOpnsenseDash5} +\end{figure} +\begin{itemize} + \item Set mirror to LeaseWeb (San Francisco, US) + \item Set Flavour to LibreSSL + \item Set Release Type to Production + \item Click save and return to Updates tab. +\end{itemize} + +\newpage +\begin{figure}[!ht] + \includegraphics[keepaspectratio=true,height=1.10\textheight,width=1.00\textwidth,angle=0] + {sf-fw/ssc-opns-dash6-fw-updates.png} + \caption{Supermicro SuperServer OPNsense Dashboard Firmware Pending Updates} + \label{fig:supermicroSSCIpmiOpnsenseDash6} +\end{figure} +\begin{itemize} + \item Click Update now. + \item Standby until Update is completed. + \item Restore configs from XML, refer to figure + \ref{fig:supermicroSSCIpmiOpnsenseDash8} on p. \pageref{fig:supermicroSSCIpmiOpnsenseDash8} +\end{itemize} +\begin{figure}[!ht] + \includegraphics[keepaspectratio=true,height=1.10\textheight,width=1.00\textwidth,angle=0] + {sf-fw/ssc-opns-dash7-fw-update.png} + \caption{Supermicro SuperServer OPNsense Dashboard Firmware Update Processing} + \label{fig:supermicroSSCIpmiOpnsenseDash7} +\end{figure} + +\newpage +\begin{figure}[!ht] + \includegraphics[keepaspectratio=true,height=1.10\textheight,width=1.00\textwidth,angle=0] + {sf-fw/ssc-opns-dash8-fw-backupandreboot.png} + \caption{Supermicro SuperServer OPNsense Dashboard restore from XML config backup} + \label{fig:supermicroSSCIpmiOpnsenseDash8} +\end{figure} +\begin{itemize} + \item Upload the config and restore + \item Add a user, refer to figure + \ref{fig:supermicroSSCIpmiOpnsenseDash9} on p. \pageref{fig:supermicroSSCIpmiOpnsenseDash9} + using parameters from table + \ref{tab:supermicroSSCIpmiOpnsenseAddUser} on p. \pageref{tab:supermicroSSCIpmiOpnsenseAddUser} +\end{itemize} +\newpage +\begin{figure}[!ht] + \includegraphics[keepaspectratio=true,height=1.10\textheight,width=1.00\textwidth,angle=0] + {sf-fw/ssc-opns-dash9-user.png} + \caption{Supermicro SuperServer OPNsense Dashboard Add User} + \label{fig:supermicroSSCIpmiOpnsenseDash9} +\end{figure} +\begin{table}[!htb] + \caption{sf-fw OPNsense Dashboard Add User} \label{tab:supermicroSSCIpmiOpnsenseAddUser} + \begin{tabu}{|[2pt]p{\SIPCCwidth}|[2pt]p{\SIPCCwidth*2}|[2pt]} + \tabucline[2pt]{1-2} + \multicolumn {1}{|[2pt]l|[2pt]}{\rule[-0.7em]{0pt}{2em} \cellcolor{\currentColor}{Parameter}}& + \multicolumn {1}{l|[2pt]}{\cellcolor{\currentColor}{Value}} \\ + \tabucline[2pt]{1-2} + \sharkIPConfigItem { Username }{jebba}{}{} + \sharkIPConfigItem { Disabled }{unchecked}{}{} + \sharkIPConfigItem { Full name }{Jeff Moe}{}{} + \sharkIPConfigItem { E-mail }{moe@forksand.com}{}{} + \sharkIPConfigItem { Comment }{}{}{} + \sharkIPConfigItem { Expiration date }{}{}{} + \sharkIPConfigLastItem{ Group Memberships }{Member of admins}{}{} + \sharkIPConfigItem { Certificate }{unchecked}{}{} + \sharkIPConfigLastItem{ OTP seed }{}{}{} + \end{tabu} +\end{table} + +\newpage +\begin{figure}[!ht] + \includegraphics[keepaspectratio=true,height=1.10\textheight,width=1.00\textwidth,angle=0] + {sf-fw/ssc-opns-dash10-dhcpv4.png} + \caption{Supermicro SuperServer OPNsense Dashboard DHCPv4} + \label{fig:supermicroSSCIpmiOpnsenseDash10} +\end{figure} +\begin{itemize} + \item Disable DHCPv4 +\end{itemize} +\begin{table}[!htb] + \caption{sf-fw OPNsense Dashboard DHCPv4} \label{tab:supermicroSSCIpmiOpnsenseDhcpv4} + \begin{tabu}{|[2pt]p{\SIPCCwidth}|[2pt]p{\SIPCCwidth*2}|[2pt]} + \tabucline[2pt]{1-2} + \multicolumn {1}{|[2pt]l|[2pt]}{\rule[-0.7em]{0pt}{2em} \cellcolor{\currentColor}{Parameter}}& + \multicolumn {1}{l|[2pt]}{\cellcolor{\currentColor}{Value}} \\ + \tabucline[2pt]{1-2} + \sharkIPConfigItem { Enable }{unchecked}{}{} + \sharkIPConfigItem { Deny unknown clients }{unchecked}{}{} + \sharkIPConfigItem { Subnet }{192.168.110.0}{}{} + \sharkIPConfigItem { Subnet mask }{255.255.255.0}{}{} + \sharkIPConfigLastItem{ Range }{192.168.110.10 - 192.168.110.245}{}{} + \sharkIPConfigLastItem{ Others }{leave unchanged}{}{} + \end{tabu} +\end{table} + +\newpage +\begin{figure}[!ht] + \includegraphics[keepaspectratio=true,height=1.10\textheight,width=1.00\textwidth,angle=0] + {sf-fw/ssc-opns-dash11-plugins.png} + \includegraphics[keepaspectratio=true,trim=360mm 190mm 10mm 80mm,clip,width=1.0\textwidth,angle=0] + {sf-fw/ssc-opns-dash11-plugins.png} + \caption{Supermicro SuperServer OPNsense Dashboard Plugin Installation} + \label{fig:supermicroSSCIpmiOpnsenseDash11} +\end{figure} +\begin{itemize} + \item Make sure os-dyndns plugin installed + \item Install os-acme-client +\end{itemize} +%\begin{table}[!htb] +% \caption{sf-fw OPNsense Dashboard Plugins} \label{tab:supermicroSSCIpmiOpnsensePlugins} +% \begin{tabu}{|[2pt]p{\SIPCCwidth}|[2pt]p{\SIPCCwidth*2}|[2pt]} +% \tabucline[2pt]{1-2} +% \multicolumn {1}{|[2pt]l|[2pt]}{\rule[-0.7em]{0pt}{2em} \cellcolor{\currentColor}{Parameter}}& +% \multicolumn {1}{l|[2pt]}{\cellcolor{\currentColor}{Value}} \\ +% \tabucline[2pt]{1-2} +% \sharkIPConfigItem { Enable }{unchecked}{}{} +% \sharkIPConfigItem { Deny unknown clients }{unchecked}{}{} +% \sharkIPConfigItem { Subnet }{192.168.110.0}{}{} +% \sharkIPConfigItem { Subnet mask }{255.255.255.0}{}{} +% \sharkIPConfigLastItem{ Range }{192.168.110.10 - 192.168.110.245}{}{} +% \sharkIPConfigLastItem{ Others }{leave unchanged}{}{} +% \end{tabu} +%\end{table} + +\newpage +\begin{figure}[!ht] + \includegraphics[keepaspectratio=true,height=1.10\textheight,width=1.00\textwidth,angle=0] + {sf-fw/ssc-opns-dash12-lea.png} + \caption{Supermicro SuperServer OPNsense Dashboard add Let's Encrypt account} + \label{fig:supermicroSSCIpmiOpnsenseDash12} +\end{figure} +\begin{itemize} + \item Add Let's Encrypt account + \item Modify global Let's Encrypt settings + \item Apply Let's Encrypt settings + \item Refer to Certificates menu +\end{itemize} +\begin{table}[!htb] + \caption{sf-fw OPNsense Dashboard Let's Encrypt account and settings} \label{tab:supermicroSSCIpmiOpnsenseLea} + \begin{tabu}{|[2pt]p{\SIPCCwidth}|[2pt]p{\SIPCCwidth*2}|[2pt]} + \tabucline[2pt]{1-2} + \multicolumn {1}{|[2pt]l|[2pt]}{\rule[-0.7em]{0pt}{2em} \cellcolor{\currentColor}{Parameter}}& + \multicolumn {1}{l|[2pt]}{\cellcolor{\currentColor}{Value}} \\ + \tabucline[2pt]{1-2} + \sharkIPConfigItem { Enable }{checked}{}{} + \sharkIPConfigItem { Name }{sf-fw1}{}{} + \sharkIPConfigItem { Description }{SharkFork Firewall 1}{}{} + \sharkIPConfigLastItem{ E-Mail address }{sharkfork@forksand.com}{}{} + \sharkIPConfigItem { Enable Plugin }{checked}{}{} + \sharkIPConfigItem { Auto Renewal }{checked}{}{} + \sharkIPConfigItem { Let's Encrypt Environment }{Production Environment \char`[Default\char`]}{}{} + \sharkIPConfigLastItem{ HAProxy Integration }{unchecked}{}{} + \end{tabu} +\end{table} + +\newpage +%\begin{figure}[!ht] +% \includegraphics[keepaspectratio=true,height=1.10\textheight,width=1.00\textwidth,angle=0] +% {sf-fw/ssc-opns-dash13-cert.png} +% \caption{Supermicro SuperServer OPNsense Dashboard add Certificate} +% \label{fig:supermicroSSCIpmiOpnsenseDash12} +%\end{figure} +\begin{itemize} + \item Add Validation Method + \item Add Certificate + \item Apply ``Issue/Renew Certificates Now'' +\end{itemize} +\begin{table}[!htb] + \caption{sf-fw OPNsense Dashboard Let's Encrypt account and settings} \label{tab:supermicroSSCIpmiOpnsenseLea} + \begin{tabu}{|[2pt]p{\SIPCCwidth}|[2pt]p{\SIPCCwidth*2}|[2pt]} + \tabucline[2pt]{1-2} + \multicolumn {1}{|[2pt]l|[2pt]}{\rule[-0.7em]{0pt}{2em} \cellcolor{\currentColor}{Parameter}}& + \multicolumn {1}{l|[2pt]}{\cellcolor{\currentColor}{Value}} \\ + \tabucline[2pt]{1-2} + \sharkIPConfigItem { Validation Method }{}{}{} + \sharkIPConfigItem { Enable }{checked}{}{} + \sharkIPConfigItem { Name }{sf-fw1-http}{}{} + \sharkIPConfigItem { Description }{SharkFork Firewall 1 http validation}{}{} + \sharkIPConfigLastItem{ Challenge Type }{HTTP-01}{}{} + \sharkIPConfigLastItem{ HTTP Service }{OPNsense Web Service (automatic port forward)}{}{} + \sharkIPConfigItem { IP Auto-Discovery }{checked}{}{} + \sharkIPConfigItem { Interface }{WAN}{}{} + \sharkIPConfigLastItem{ IP Addresses }{}{}{} + \tabucline[2pt]{1-2} + \sharkIPConfigItem { Certificate }{}{}{} + \sharkIPConfigItem { Enable }{checked}{}{} + \sharkIPConfigItem { Common Name }{sf-fw1.forksand.com}{}{} + \sharkIPConfigItem { Description }{SharkFork Firewall 1}{}{} + \sharkIPConfigItem { Alt Names }{}{}{} + \sharkIPConfigItem { LE Account }{sf-fw1}{}{} + \sharkIPConfigItem { Validation Method }{sf-fw1-http}{}{} + \sharkIPConfigItem { Restart Actions }{}{}{} + \sharkIPConfigItem { Auto Renewal }{checked}{}{} + \sharkIPConfigLastItem{ Renewal Interval }{60}{}{} + \end{tabu} +\end{table} + \newpage \section{Alternatives Firewalls Hardware Overview} Some resellers: diff --git a/source/Hardware.tex b/source/Hardware.tex index de2e6ee..5268172 100644 --- a/source/Hardware.tex +++ b/source/Hardware.tex @@ -49,11 +49,6 @@ The cluster will require rackmountable equipment: %\subsubsection{Sharkfork 21U detail hardware description} \label{sec:hardware-description-sharkfork-21U} -\definecolor{secondary-brown}{HTML}{F3E2C3} % HEX # F3E2C3 R:243 G:226 B:195 C:0 M:7 Y:20 K:5 -\definecolor{primary-blue}{HTML}{A1F4FF} % HEX # A1F4FF R:161 G:244 B:255 C:37 M:4 Y:0 K:0 -\definecolor{primary-brown}{HTML}{B07E3B} % HEX # B07E3B R:176 G:126 B:56 C:0 M:28 Y:68 K:31 -\definecolor{nonbrand-dark-blue}{HTML}{184B6D} % HEX # 184B6D R:19 G:70 B:109 C:0 M:28 Y:68 K:31 - \newcommand{\nodeUnitName}[4]{ \rowcolor{#3}\vspace{-1pt} {{\grenewcommand{\currentColor}{#3}}} @@ -351,7 +346,8 @@ Who we'll get hardware from. {{\grenewcommand{\currentColor}{primary-blue}}} {{\grenewcommand{\currentTextColor}{ao-black}}} -\providecommand{\sharkIPConfigItem}[4]{ +\providecommand{\sharkIPConfigItem}[4]{} +\renewcommand{\sharkIPConfigItem}[4]{ \rowcolor{\currentColor} \vspace{-1pt} \rule[-0.3em]{0pt}{-0.5em} \vspace{-1pt} \small{\textcolor{\currentTextColor}{#1}} & \vspace{-1pt} @@ -359,7 +355,8 @@ Who we'll get hardware from. \small{\textcolor{\currentTextColor}{#3}} & \vspace{-1pt} \small{\textcolor{\currentTextColor}{#4}} \\ } -\providecommand{\sharkIPConfigLastItem}[4]{ +\providecommand{\sharkIPConfigLastItem}[4]{} +\renewcommand{\sharkIPConfigLastItem}[4]{ \rowcolor{\currentColor} \vspace{-1pt} \rule[-1.0em]{0pt}{1em} \vspace{-1pt} \small{\textcolor{\currentTextColor}{#1}} & \vspace{-1pt} @@ -369,6 +366,7 @@ Who we'll get hardware from. \tabucline[2pt]{1-4} } \providecommand{\SIPCCwidth}{3.5cm} +\renewcommand{\SIPCCwidth}{3.5cm} \begin{table}[!htb] \caption{IP configs of nodes} \label{tab:sharkNodeIPConfig} \begin{tabu}{|[2pt]p{\SIPCCwidth}|[2pt]p{\SIPCCwidth}|p{\SIPCCwidth}|p{\SIPCCwidth}|[2pt]} diff --git a/source/Software-daemons.tex b/source/Software-daemons.tex index e499cde..abdbb3a 100644 --- a/source/Software-daemons.tex +++ b/source/Software-daemons.tex @@ -127,8 +127,8 @@ mtab.fuselock aliases.db \end{minted} \subsection{Set up a git user:} -\begin{minted}{sh} vi ~/.gitconfig +\begin{minted}{sh} [user] name = Jeff Moe @@ -141,7 +141,9 @@ name = Jeff Moe \begin{minted}{sh} git add . EDITOR=vi git commit -a +\end{minted} Intial setup of pwn.themoes.org jessie owncloud server +\begin{minted}{sh} #Install some needed stuff: apt-get -y install sudo vim curl exuberant-ctags rsync ntp vim-scripts host strace telnet lsb-release unzip bzip2 && apt-get clean @@ -331,9 +333,6 @@ echo alias ivp6 off >> /etc/modprobe.d/aliases.conf reboot \end{minted} -%#################### -%# Install Owncloud # -%#################### \subsection{Install nextcloud} Copied from Owncloud installation sequence. Todo: review difference to Nextcloud diff --git a/source/Source-gen.tex b/source/Source-gen.tex index 304119e..307633e 100644 --- a/source/Source-gen.tex +++ b/source/Source-gen.tex @@ -61,22 +61,22 @@ \section{\texttt{apps/ansible-debian-mail/roles/mikegleasonjr.firewall/defaults/\\ \qquad\qquad\qquad../main.yml}} \texttt{SHA256: c86227ad9775e213708a92703958d1ae8dc80b5073b665499839e4c80f0d77d5} \inputminted{sh}{resources/apps/ansible-debian-mail/roles/mikegleasonjr.firewall/defaults/main.yml} -\section{\texttt{apps/ansible-debian-mail/roles/mikegleasonjr.firewall/meta/main.yml}} +\section{\texttt{apps/ansible-debian-mail/roles/mikegleasonjr.firewall/meta/\\ \qquad\qquad\qquad../main.yml}} \texttt{SHA256: c77f50cf2758025bece96792badbf0f98a799738be56e3dbd94d5c416ce402b5} \inputminted{sh}{resources/apps/ansible-debian-mail/roles/mikegleasonjr.firewall/meta/main.yml} -\section{\texttt{apps/ansible-debian-mail/roles/mikegleasonjr.firewall/meta/.galaxy\char`_install\char`_info}} +\section{\texttt{apps/ansible-debian-mail/roles/mikegleasonjr.firewall/meta/\\ \qquad\qquad\qquad../.galaxy\char`_install\char`_info}} \texttt{SHA256: 8df2fa6c72bad1a6b52a7e84a1dd5a850b96d3ed55c4266113c1476bbc1c974d} \inputminted{sh}{resources/apps/ansible-debian-mail/roles/mikegleasonjr.firewall/meta/.galaxy_install_info} -\section{\texttt{apps/ansible-debian-mail/roles/mikegleasonjr.firewall/tasks/main.yml}} +\section{\texttt{apps/ansible-debian-mail/roles/mikegleasonjr.firewall/tasks/\\ \qquad\qquad\qquad../main.yml}} \texttt{SHA256: 5d1ebe1ec51a5a4b0ab52bbf1af63ca94af4290182755b2463aa321bfb39732f} \inputminted{sh}{resources/apps/ansible-debian-mail/roles/mikegleasonjr.firewall/tasks/main.yml} -\section{\texttt{apps/ansible-debian-mail/roles/mikegleasonjr.firewall/tasks/persist-debian.yml}} +\section{\texttt{apps/ansible-debian-mail/roles/mikegleasonjr.firewall/tasks/\\ \qquad\qquad\qquad../persist-debian.yml}} \texttt{SHA256: da08d16128d29e725a80590890592020a53d90cbeac3b55dbe67da63fc254e6b} \inputminted{sh}{resources/apps/ansible-debian-mail/roles/mikegleasonjr.firewall/tasks/persist-debian.yml} -\section{\texttt{apps/ansible-debian-mail/roles/mikegleasonjr.firewall/tasks/persist-redhat.yml}} +\section{\texttt{apps/ansible-debian-mail/roles/mikegleasonjr.firewall/tasks/\\ \qquad\qquad\qquad../persist-redhat.yml}} \texttt{SHA256: aaa130a6c8ad52ede70c2b12e46e27e61475e5d8b0842274b5ce0515ad645734} \inputminted{sh}{resources/apps/ansible-debian-mail/roles/mikegleasonjr.firewall/tasks/persist-redhat.yml} -\section{\texttt{apps/ansible-debian-mail/roles/mikegleasonjr.firewall/tasks/rules.yml}} +\section{\texttt{apps/ansible-debian-mail/roles/mikegleasonjr.firewall/tasks/\\ \qquad\qquad\qquad../rules.yml}} \texttt{SHA256: 6f28f53b5c77709268853ab1ba9f16ca30d64cd72dde08e9d9826b82c714e602} \inputminted{sh}{resources/apps/ansible-debian-mail/roles/mikegleasonjr.firewall/tasks/rules.yml} \section{\texttt{apps/ansible-debian-mail/roles/mikegleasonjr.firewall/templates/\\ \qquad\qquad\qquad../generated.v4.j2}} @@ -106,10 +106,10 @@ \section{\texttt{apps/ansible-debian-mail/roles/postfix\char`_configuration/templates/\\ \qquad\qquad\qquad../aliases.j2}} \texttt{SHA256: 5a101165ebf12cbd1663908e21f77dc2636fee45da36f5daa79ab84c47e7dfcb} \inputminted{sh}{resources/apps/ansible-debian-mail/roles/postfix_configuration/templates/aliases.j2} -\section{\texttt{apps/ansible-debian-mail/roles/server\char`_tasks/handlers/main.yml}} +\section{\texttt{apps/ansible-debian-mail/roles/server\char`_tasks/handlers/\\ \qquad\qquad\qquad../main.yml}} \texttt{SHA256: 5822b360aa9988efc37bdf5dd9626de45b2d1f279f70e032f5b56427994f440d} \inputminted{sh}{resources/apps/ansible-debian-mail/roles/server_tasks/handlers/main.yml} -\section{\texttt{apps/ansible-debian-mail/roles/server\char`_tasks/tasks/main.yml}} +\section{\texttt{apps/ansible-debian-mail/roles/server\char`_tasks/tasks/\\ \qquad\qquad\qquad../main.yml}} \texttt{SHA256: 9482c99a24179cb4bcd0d8ea5bf6ac5e8391cd88b1242190693c685127bb94e8} \inputminted{sh}{resources/apps/ansible-debian-mail/roles/server_tasks/tasks/main.yml} \section{\texttt{apps/ansible-debian-mail/roles/spamassassin\char`_configuration/tasks/\\ \qquad\qquad\qquad../main.yml}} @@ -144,7 +144,7 @@ \inputminted{sh}{resources/apps/ansible-gitea/roles/gitea/tasks/main.yml} \section{\texttt{apps/ansible-gitea/roles/gitea/templates/gitea.ini.j2}} \texttt{SHA256: c8be571f2f2407240bc88997aedf70c9230554a65132ebab9a1ee0d4296ff9d3} -\inputminted{sh}{resources/apps/ansible-gitea/roles/gitea/templates/gitea.ini.j2} +\inputminted{ini}{resources/apps/ansible-gitea/roles/gitea/templates/gitea.ini.j2} \section{\texttt{apps/ansible-gitea/roles/gitea/templates/gitea.service.j2}} \texttt{SHA256: 0acbfe01156c9e39ee71a4fc64310ab003f09bfcf544df00b1f3cff010ed8f38} \inputminted{sh}{resources/apps/ansible-gitea/roles/gitea/templates/gitea.service.j2} @@ -219,16 +219,16 @@ \inputminted{sh}{resources/apps/yadifa-master/etc/yadifa/yadifad.conf} \section{\texttt{apps/yadifa-master/var/lib/yadifa/masters/solipsists.org.zone}} \texttt{SHA256: e2c4028695f3ac6b6ed8afb963a7821589b94ed81a2d068d7480b809d402c830} -\inputminted{sh}{resources/apps/yadifa-master/var/lib/yadifa/masters/solipsists.org.zone} +\inputminted{ca65}{resources/apps/yadifa-master/var/lib/yadifa/masters/solipsists.org.zone} \section{\texttt{apps/yadifa-slave/etc/yadifa/yadifad.conf}} \texttt{SHA256: 705f36a12aee30e8510e5d06f1d3dd471a82aa518e00648a83f8f9d1146b8186} \inputminted{sh}{resources/apps/yadifa-slave/etc/yadifa/yadifad.conf} \section{\texttt{apps/yadifa/var/lib/yadifa/masters/0.0.127.in-addr.arpa.zone}} \texttt{SHA256: 1966009066a265b65574003bc5f338ee4c2595c010ece34e9e428c526b974fd5} -\inputminted{sh}{resources/apps/yadifa/var/lib/yadifa/masters/0.0.127.in-addr.arpa.zone} +\inputminted{ca65}{resources/apps/yadifa/var/lib/yadifa/masters/0.0.127.in-addr.arpa.zone} \section{\texttt{apps/yadifa/var/lib/yadifa/masters/localhost.zone}} \texttt{SHA256: 93847412dc586aa627b7c8d9c7f9f08223d62bd7297bb02058b57aaa4e92e220} -\inputminted{sh}{resources/apps/yadifa/var/lib/yadifa/masters/localhost.zone} +\inputminted{ca65}{resources/apps/yadifa/var/lib/yadifa/masters/localhost.zone} \section{\texttt{txt2qrpng.sh}} \texttt{SHA256: 28dff76725cfbe3e4dcf70120f0393422507443fa5b6a62e1814bd44fb62161e} \inputminted{sh}{resources/txt2qrpng.sh} diff --git a/source/forksand-it-manual.tex b/source/forksand-it-manual.tex index 18c1dfc..0873f7b 100644 --- a/source/forksand-it-manual.tex +++ b/source/forksand-it-manual.tex @@ -244,6 +244,10 @@ leftmargin=1cm,rightmargin=1cm \definecolor{ao-white}{cmyk}{0.00 0.00 0.00 0.00} \definecolor{ao-black}{cmyk}{1.00 1.00 1.00 1.00} \definecolor{lulzbot-green}{cmyk}{0.11 0.00 0.78 0.15} +\definecolor{secondary-brown}{HTML}{F3E2C3} % HEX # F3E2C3 R:243 G:226 B:195 C:0 M:7 Y:20 K:5 +\definecolor{primary-blue}{HTML}{A1F4FF} % HEX # A1F4FF R:161 G:244 B:255 C:37 M:4 Y:0 K:0 +\definecolor{primary-brown}{HTML}{B07E3B} % HEX # B07E3B R:176 G:126 B:56 C:0 M:28 Y:68 K:31 +\definecolor{nonbrand-dark-blue}{HTML}{184B6D} % HEX # 184B6D R:19 G:70 B:109 C:0 M:28 Y:68 K:31 %%% END COLORS %%% diff --git a/source/resources/images/sf-fw/ssc-ipmi-boot1.png b/source/resources/images/sf-fw/ssc-ipmi-boot1.png new file mode 100644 index 0000000..59ca4d3 Binary files /dev/null and b/source/resources/images/sf-fw/ssc-ipmi-boot1.png differ diff --git a/source/resources/images/sf-fw/ssc-ipmi-boot2.png b/source/resources/images/sf-fw/ssc-ipmi-boot2.png new file mode 100644 index 0000000..51c06fe Binary files /dev/null and b/source/resources/images/sf-fw/ssc-ipmi-boot2.png differ diff --git a/source/resources/images/sf-fw/ssc-ipmi-init.png b/source/resources/images/sf-fw/ssc-ipmi-init.png new file mode 100644 index 0000000..9c14f91 Binary files /dev/null and b/source/resources/images/sf-fw/ssc-ipmi-init.png differ diff --git a/source/resources/images/sf-fw/ssc-ipmi-opnsense-boot1.png b/source/resources/images/sf-fw/ssc-ipmi-opnsense-boot1.png new file mode 100644 index 0000000..619a982 Binary files /dev/null and b/source/resources/images/sf-fw/ssc-ipmi-opnsense-boot1.png differ diff --git a/source/resources/images/sf-fw/ssc-opns-dash1.png b/source/resources/images/sf-fw/ssc-opns-dash1.png new file mode 100644 index 0000000..586e10c Binary files /dev/null and b/source/resources/images/sf-fw/ssc-opns-dash1.png differ diff --git a/source/resources/images/sf-fw/ssc-opns-dash10-dhcpv4.png b/source/resources/images/sf-fw/ssc-opns-dash10-dhcpv4.png new file mode 100644 index 0000000..4e424ab Binary files /dev/null and b/source/resources/images/sf-fw/ssc-opns-dash10-dhcpv4.png differ diff --git a/source/resources/images/sf-fw/ssc-opns-dash11-plugins.png b/source/resources/images/sf-fw/ssc-opns-dash11-plugins.png new file mode 100644 index 0000000..88dc1fc Binary files /dev/null and b/source/resources/images/sf-fw/ssc-opns-dash11-plugins.png differ diff --git a/source/resources/images/sf-fw/ssc-opns-dash12-lea.png b/source/resources/images/sf-fw/ssc-opns-dash12-lea.png new file mode 100644 index 0000000..650dedb Binary files /dev/null and b/source/resources/images/sf-fw/ssc-opns-dash12-lea.png differ diff --git a/source/resources/images/sf-fw/ssc-opns-dash2.png b/source/resources/images/sf-fw/ssc-opns-dash2.png new file mode 100644 index 0000000..d8b0770 Binary files /dev/null and b/source/resources/images/sf-fw/ssc-opns-dash2.png differ diff --git a/source/resources/images/sf-fw/ssc-opns-dash3-update.png b/source/resources/images/sf-fw/ssc-opns-dash3-update.png new file mode 100644 index 0000000..43a8d89 Binary files /dev/null and b/source/resources/images/sf-fw/ssc-opns-dash3-update.png differ diff --git a/source/resources/images/sf-fw/ssc-opns-dash4-update.png b/source/resources/images/sf-fw/ssc-opns-dash4-update.png new file mode 100644 index 0000000..d0d683a Binary files /dev/null and b/source/resources/images/sf-fw/ssc-opns-dash4-update.png differ diff --git a/source/resources/images/sf-fw/ssc-opns-dash5-fw.png b/source/resources/images/sf-fw/ssc-opns-dash5-fw.png new file mode 100644 index 0000000..f2506a1 Binary files /dev/null and b/source/resources/images/sf-fw/ssc-opns-dash5-fw.png differ diff --git a/source/resources/images/sf-fw/ssc-opns-dash6-fw-updates.png b/source/resources/images/sf-fw/ssc-opns-dash6-fw-updates.png new file mode 100644 index 0000000..4e34209 Binary files /dev/null and b/source/resources/images/sf-fw/ssc-opns-dash6-fw-updates.png differ diff --git a/source/resources/images/sf-fw/ssc-opns-dash7-fw-update.png b/source/resources/images/sf-fw/ssc-opns-dash7-fw-update.png new file mode 100644 index 0000000..5a32cd8 Binary files /dev/null and b/source/resources/images/sf-fw/ssc-opns-dash7-fw-update.png differ diff --git a/source/resources/images/sf-fw/ssc-opns-dash8-fw-backupandreboot.png b/source/resources/images/sf-fw/ssc-opns-dash8-fw-backupandreboot.png new file mode 100644 index 0000000..81f64af Binary files /dev/null and b/source/resources/images/sf-fw/ssc-opns-dash8-fw-backupandreboot.png differ diff --git a/source/resources/images/sf-fw/ssc-opns-dash9-user.png b/source/resources/images/sf-fw/ssc-opns-dash9-user.png new file mode 100644 index 0000000..5128c1e Binary files /dev/null and b/source/resources/images/sf-fw/ssc-opns-dash9-user.png differ diff --git a/source/resources/images/sharkfork-21U.png b/source/resources/images/sharkfork-21U.png index 7cdb994..e259689 100644 Binary files a/source/resources/images/sharkfork-21U.png and b/source/resources/images/sharkfork-21U.png differ diff --git a/source/resources/make-sources-list.sh b/source/resources/make-sources-list.sh index 62aa1ae..655bf97 100755 --- a/source/resources/make-sources-list.sh +++ b/source/resources/make-sources-list.sh @@ -30,7 +30,7 @@ touch $TEXOUT SHA256SUM for i in $SRCFILES do # NOUNDER=`echo $i | sed -e 's/_/\\\_/g'` - NOUNDER=`echo $i | sed -e 's/_/\\\\char\\\`_/g' | cut -f 2- -d "/" | sed -e 's/^\(.\{60,75\}\)\//\1\/\\\\\\\\ \\\\qquad\\\\qquad\\\\qquad\.\.\//g'` + NOUNDER=`echo $i | sed -e 's/_/\\\\char\\\`_/g' | cut -f 2- -d "/" | sed -e 's/^\(.\{55,70\}\)\//\1\/\\\\\\\\ \\\\qquad\\\\qquad\\\\qquad\.\.\//g'` # !!! ToDo, apply greedy pattern to second sed's range pattern echo "\section{\texttt{$NOUNDER}}" # echo "\texttt{$NOUNDER} \\\ " @@ -38,7 +38,15 @@ do sha256sum $i >> SHA256SUM MINTEDPATH=`echo $i | cut -f 2- -d "/"` MINTEDPATH="resources/$MINTEDPATH" - echo "\inputminted{sh}{$MINTEDPATH}" + if [[ "$i" =~ \.ini\.j2$|\.zone$ ]]; then + if [[ "$i" =~ \.ini\.j2$ ]]; then + echo "\inputminted{ini}{$MINTEDPATH}" + else + echo "\inputminted{ca65}{$MINTEDPATH}" + fi + else + echo "\inputminted{sh}{$MINTEDPATH}" + fi done >> $TEXOUT sort -V SHA256SUM > SHA256SUM.tmp