Firewall 1100 described 80%, Freesoft filepaths wrapped shorter, contacts updated, minor fixes

7 years ago · 9268536285
parent d6ba1bcaaa
commit 9268536285
26 changed files with 490 additions and 36 deletions
--- a/source/Ansible.tex
+++ b/source/Ansible.tex
@ -69,8 +69,8 @@ echo ns1 > ~/.ansible/hosts
 ansible -i ~/.ansible/hosts ns1 -a 'uptime'
 \end{minted}

-\begin{minted}{sh}
 ~/.ansible.cfg
+\begin{minted}{sh}
 [defaults]
 inventory = $HOME/.ansible/hosts

@ -150,7 +150,7 @@ The following files need to be edited and configured before executing this playb
 After having configured the server credentials and added the server IP to the inventory, use the following command to execute the playbook.

 \begin{minted}{sh}
-ansible-playbook -i inventory.yml site.yml`
+ansible-playbook -i inventory.yml site.yml -vvv
 \end{minted}

 \subsection{Project Structure}
@ -265,8 +265,7 @@ The following applications are required to utilize this this section objectives.
 Ansible can be installed using Python PIP. 
 \begin{itemize}
    \item \texttt{Ansible} 2.4.x+
-    \item \texttt{Python} 2.7.9+   
-        \textcolor[rgb]{0.80,0.00,0.00}{Todo clarify confusion over version requirements}
+    \item \texttt{Python} 2.7.x
 \end{itemize}

 \subsection{Quick Start}
@ -295,7 +294,7 @@ The following files need to be edited and configured before executing this playb
 After having configured the server credentials and added the server IP to the inventory, use the following command to execute the playbook.

 \begin{minted}{sh}
-ansible-playbook -i inventory.yml site.yml`
+ansible-playbook -i inventory.yml site.yml -vvv
 \end{minted}

 \subsection{Project Structure}
--- a/source/Contact.tex
+++ b/source/Contact.tex
@ -17,8 +17,29 @@
 \setlength{\parindent}{0pt}
 Email: \texttt{support@forksand.com}

-
 \section{Website}

 \texttt{www.forksand.com}

+\vspace{10pt}
+On the social:
+
+\subsection{Twitter}
+
+\texttt{twitter.com/realforksand}
+
+\subsection{Imgur}
+
+\texttt{imgur.com/user/forksand}
+
+\section{Address}
+
+Fork Sand, Inc.\\
+626 West 66th Street\\
+Loveland, Colorado\\
+80538 USA
+
+\section{Phone}
+
+1-970-999-8777 Voice\\
+1-970-449-7502 Fax\\
--- a/source/DNS.tex
+++ b/source/DNS.tex
@ -34,11 +34,6 @@ Misc:
 \section{Registration}
 Where to register? Need to be in the root servers...

-\begin{itemize}
- \item Njalla --- ``Privacy-aware domain registration service''.
-  Website: \\ \url{https://njal.la/}
-\end{itemize}
-
 \subsection{Njalla}
 Njalla --- ``Privacy-aware domain registration service''.
  Website: \\ \url{https://njal.la/}
--- a/source/Firewalls.tex
+++ b/source/Firewalls.tex
@ -114,6 +114,436 @@ indicator of which machine one is connected to during post.

 Supermicro does include KVM-over-IP functionality with the motherboard.

+\begin{itemize}
+ \item Default IPMI connection is in cleartext http.
+ \item SSL certificate for Supermicro IPMI is bad (like all of them).
+ \item Can't change password on IPMI.
+ %\item Root password for server and IPMI is sent via email.
+ %\item There is an attack window between their machine imaging and first login.
+ %\item Customer should control timing of first power on.
+ %\item System is also possibly vuln during the ISP's initial power up and commissioning period.
+ %\item First reboot, the system hung (.png XXX).
+ %\item Hard reset, lots of DHCP queries at boot.
+ %\item A \texttt{debian} user was on the system, password unknown. Check \texttt{/home}!
+ %\item They block NTP to prevent DDoS, so you have to use their time server
+ % \texttt{time.sharktech.net}
+\end{itemize}
+
+\subsection{Supermicro Setup over IPMI bios}
+{{\grenewcommand{\currentColor}{secondary-brown}}}
+{{\grenewcommand{\currentTextColor}{ao-black}}}
+\providecommand{\sharkIPConfigItem}[4]{}
+\renewcommand{\sharkIPConfigItem}[4]{
+    \rowcolor{\currentColor}   \vspace{-1pt}
+    \rule[-0.3em]{0pt}{-0.5em}  \vspace{-1pt}
+    \small{\textcolor{\currentTextColor}{#1}} & \vspace{-1pt}
+    \small{\textcolor{\currentTextColor}{#2}} \\
+}
+\providecommand{\sharkIPConfigLastItem}[4]{}
+\renewcommand{\sharkIPConfigLastItem}[4]{
+    \rowcolor{\currentColor}   \vspace{-1pt}
+    \rule[-1.0em]{0pt}{1em}  \vspace{-1pt}
+    \small{\textcolor{\currentTextColor}{#1}} & \vspace{-1pt}
+    \small{\textcolor{\currentTextColor}{#2}} \\
+    \tabucline[2pt]{1-2}
+}
+\providecommand{\SIPCCwidth}{3.5cm}
+\renewcommand{\SIPCCwidth}{5cm}
+
+\begin{figure}[!htb]
+    \includegraphics[keepaspectratio=true,height=1.10\textheight,width=1.00\textwidth,angle=0]
+        {sf-fw/ssc-ipmi-init.png}
+    \caption{Supermicro SuperServer 1018D-FRN8T PEI-IPMI Initialization}
+    \label{fig:supermicroSSCIpmiInit}
+\end{figure}
+
+Before IPMI Initialization, choose in Boot Agent GE an entry PXE
+(Preboot eXecution Environment)
+
+In Aptio Setup Utility set the following Boot Features:
+
+\begin{table}[!htb]
+    \caption{sf-fw BIOS configs}% \label{tab:sharkNodeIPConfig}
+    \begin{tabu}{|[2pt]p{\SIPCCwidth}|[2pt]p{\SIPCCwidth*2}|[2pt]}
+        \tabucline[2pt]{1-2}
+        \multicolumn {1}{|[2pt]l|[2pt]}{\rule[-0.7em]{0pt}{2em} \cellcolor{\currentColor}{Boot Feature}}&
+        \multicolumn {1}{l|[2pt]}{\cellcolor{\currentColor}{Value}} \\
+        \tabucline[2pt]{1-2}
+        \sharkIPConfigItem    { SMCBiosActionFlag       }{ \char`[0\char`]          }{}{}
+        \sharkIPConfigItem    { SumBbsSupportFlag       }{ 48                       }{}{}
+        \sharkIPConfigLastItem{ Bridge ports            }{ \char`[Disabled\char`]   }{}{}
+        \sharkIPConfigItem    { SumBbsSupportFlag       }{ \char`[Force BIOS\char`] }{}{}
+        \sharkIPConfigItem    { SumBbsSupportFlag       }{ \char`[On\char`]         }{}{}
+        \sharkIPConfigItem    { SumBbsSupportFlag       }{ \char`[Disabled\char`]   }{}{}
+        \sharkIPConfigItem    { SumBbsSupportFlag       }{ \char`[Immediate\char`]  }{}{}
+        \sharkIPConfigLastItem{ Subnet mask             }{ \char`[Disabled\char`]   }{}{}
+    \end{tabu}
+\end{table}
+
+Set system Date/Time
+
+\newpage
+\subsection*{\textcolor{ao-white}{ Supermicro Setup over IPMI bios1}}
+\begin{figure}[!ht]
+    \includegraphics[keepaspectratio=true,height=1.10\textheight,width=1.00\textwidth,angle=0]
+        {sf-fw/ssc-ipmi-boot1.png}
+    \caption{Supermicro SuperServer 1018D-FRN8T Bios prompt for boot-menu}
+    \label{fig:supermicroSSCIpmiBoot1}
+\end{figure}
+\begin{table}[!htb]
+    \caption{sf-fw BIOS configs continued}% \label{tab:sharkNodeIPConfig}
+    \begin{tabu}{|[2pt]p{\SIPCCwidth}|[2pt]p{\SIPCCwidth*2}|[2pt]}
+        \tabucline[2pt]{1-2}
+        \multicolumn {1}{|[2pt]l|[2pt]}{\rule[-0.7em]{0pt}{2em} \cellcolor{\currentColor}{Boot Feature}}&
+        \multicolumn {1}{l|[2pt]}{\cellcolor{\currentColor}{Value}} \\
+        \tabucline[2pt]{1-2}
+        \sharkIPConfigItem    { Power Configuration     }{}{}{}
+        \sharkIPConfigItem    { Watch Dog Function      }{ \char`[Disabled\char`]   }{}{}
+        \sharkIPConfigItem    { Power button Function   }{ \char`[4 Seconds Override\char`] }{}{}
+        \sharkIPConfigLastItem{ Subnet mask             }{ \char`[Power On\char`]   }{}{}
+    \end{tabu}
+\end{table}
+
+\newpage
+\begin{figure}[!ht]
+    \includegraphics[keepaspectratio=true,height=1.10\textheight,width=1.00\textwidth,angle=0]
+        {sf-fw/ssc-ipmi-boot2.png}
+    \caption{Supermicro SuperServer 1018D-FRN8T Bootstrap loader}
+    \label{fig:supermicroSSCIpmiBoot2}
+\end{figure}
+\begin{table}[!htb]
+    \caption{sf-fw BIOS configs continued}% \label{tab:sharkNodeIPConfig}
+    \begin{tabu}{|[2pt]p{\SIPCCwidth}|[2pt]p{\SIPCCwidth*2}|[2pt]}
+        \tabucline[2pt]{1-2}
+        \multicolumn {1}{|[2pt]l|[2pt]}{\rule[-0.7em]{0pt}{2em} \cellcolor{\currentColor}{Boot Feature}}&
+        \multicolumn {1}{l|[2pt]}{\cellcolor{\currentColor}{Value}} \\
+        \tabucline[2pt]{1-2}
+        \sharkIPConfigItem    { Onboard LAN1 OPROM      }{ \char`[Disabled\char`]   }{}{}
+        \sharkIPConfigItem    { Onboard LAN2 OPROM      }{ \char`[Disabled\char`]   }{}{}
+        \sharkIPConfigLastItem{ Onboard LAN3 - LAN8 OPROM }{ \char`[Disabled\char`]   }{}{}
+        \sharkIPConfigItem    { Legacy Boot Order \char`#1}{ \char`[USB Key:Virtual Disk\char`]   }{}{}
+        \sharkIPConfigLastItem{ Legacy Boot Order \char`#2 - \char`#7}{ \char`[Disabled\char`]   }{}{}
+    \end{tabu}
+\end{table}
+\newpage
+\begin{figure}[!ht]
+    \includegraphics[keepaspectratio=true,height=1.10\textheight,width=1.00\textwidth,angle=0]
+        {sf-fw/ssc-ipmi-opnsense-boot1.png}
+    \caption{Supermicro SuperServer OPNsense Boot variant}
+    \label{fig:supermicroSSCIpmiOpnsenseBoot1}
+\end{figure}
+Let default option 5 execute.
+\begin{table}[!htb]
+    \caption{sf-fw LSI Corp Config Utility}% \label{tab:sharkNodeIPConfig}
+    \begin{tabu}{|[2pt]p{\SIPCCwidth}|[2pt]p{\SIPCCwidth*2}|[2pt]}
+        \tabucline[2pt]{1-2}
+        \multicolumn {1}{|[2pt]l|[2pt]}{\rule[-0.7em]{0pt}{2em} \cellcolor{\currentColor}{Parameter}}&
+        \multicolumn {1}{l|[2pt]}{\cellcolor{\currentColor}{Value}} \\
+        \tabucline[2pt]{1-2}
+        \sharkIPConfigItem    { Adapter }{LSI2116-IT}{}{}
+        \sharkIPConfigItem    { PCI Slot }{0B}{}{}
+        \sharkIPConfigItem    { PCI Address(Bus/Dev) }{02:00}{}{}
+        \sharkIPConfigItem    { MPT Firmware Revision }{20.00.07.00-IT}{}{}
+        \sharkIPConfigItem    { SAS Address }{50030480:1E300A01}{}{}
+        \sharkIPConfigItem    { NVDATA Version }{14.01.40.00}{}{}
+        \sharkIPConfigItem    { Status }{Disabled}{}{}
+        \sharkIPConfigItem    { Boot Order}{0}{}{}
+        \sharkIPConfigLastItem{ Boot Support}{ \char`[Disabled\char`]   }{}{}
+    \end{tabu}
+\end{table}
+
+\newpage
+{{\grenewcommand{\currentColor}{primary-blue}}}
+\begin{figure}[!ht]
+    \includegraphics[keepaspectratio=true,height=1.10\textheight,width=1.00\textwidth,angle=0]
+        {sf-fw/ssc-opns-dash1.png}
+    \caption{Supermicro SuperServer OPNsense Dashboard}
+    \label{fig:supermicroSSCIpmiOpnsenseDash1}
+\end{figure}
+\begin{table}[!htb]
+    \caption{sf-fw LSI Corp Config Utility}% \label{tab:sharkNodeIPConfig}
+    \begin{tabu}{|[2pt]p{\SIPCCwidth}|[2pt]p{\SIPCCwidth*2}|[2pt]}
+        \tabucline[2pt]{1-2}
+        \multicolumn {1}{|[2pt]l|[2pt]}{\rule[-0.7em]{0pt}{2em} \cellcolor{\currentColor}{Parameter}}&
+        \multicolumn {1}{l|[2pt]}{\cellcolor{\currentColor}{Value}} \\
+        \tabucline[2pt]{1-2}
+        \sharkIPConfigItem    { Hostname }{sf-fw1}{}{}
+        \sharkIPConfigItem    { Domain }{forksand.com}{}{}
+        \sharkIPConfigItem    { Language }{English}{}{}
+        \sharkIPConfigItem    { Primary DNS Server }{216.146.35.35}{}{}
+        \sharkIPConfigItem    { Secondary DNS Server }{208.67.222.222}{}{}
+        \sharkIPConfigLastItem{ Override DNS }{unchecked}{}{}
+        \sharkIPConfigLastItem{ Enable Resolver}{checked}{}{}
+        \sharkIPConfigLastItem{ Others }{leave unchecked}{}{}
+    \end{tabu}
+\end{table}
+
+\begin{itemize}
+    \item Set server time information
+    \item Configure WAN interface,  DHCP, subnet masks /32, Block .. Flags checked, others empty
+    \item Configure WAN interface, IP 192.168.1.1 change to 192.168.110.21, subnet mask /24
+    \item Set Web GUI Password
+    \item Reload to apply changes
+    \item Finished initial configuration, click a href "continue to the dashboard"
+    \item Configure console appears, refer to table
+        \ref{tab:supermicroSSCIpmiOpnsenseDash2} on p. \pageref{tab:supermicroSSCIpmiOpnsenseDash2}
+    \item Set root password and reboot
+    \item Re-enter Aptio Setup Utility Boot tab
+    \item Switch Legacy Boot Order \char`#1 \char` to [Hard Disk: SATADOM-...\char`]
+    \item Start the boot
+    \item OPNsense: Let default option 5 execute
+\end{itemize}
+{{\grenewcommand{\currentColor}{secondary-brown}}}
+\begin{figure}[!ht]
+    \includegraphics[keepaspectratio=true,height=1.10\textheight,width=1.00\textwidth,angle=0]
+        {sf-fw/ssc-opns-dash2.png}
+    \caption{Supermicro SuperServer OPNsense Dashboard Continued}
+    \label{fig:supermicroSSCIpmiOpnsenseDash2}
+\end{figure}
+\begin{table}[!htb]
+    \caption{sf-fw LSI Corp Config Utility} \label{tab:supermicroSSCIpmiOpnsenseDash2}
+    \begin{tabu}{|[2pt]p{\SIPCCwidth}|[2pt]p{\SIPCCwidth*2}|[2pt]}
+        \tabucline[2pt]{1-2}
+        \multicolumn {1}{|[2pt]l|[2pt]}{\rule[-0.7em]{0pt}{2em} \cellcolor{\currentColor}{Parameter}}&
+        \multicolumn {1}{l|[2pt]}{\cellcolor{\currentColor}{Value}} \\
+        \tabucline[2pt]{1-2}
+        \sharkIPConfigItem    { Configure Console }{Accept these Settings}{}{}
+        \sharkIPConfigItem    { Select task }{Guided installation}{}{}
+        \sharkIPConfigItem    { Select a disk }{ada0: 600.00MB/s transfers (SATA 3.x, UDMA6, PIO 512bytes)}{}{}
+        \sharkIPConfigItem    { Select install mode }{GPT/UEFI mode}{}{}
+        \sharkIPConfigItem    { Swap Partition }{yes}{}{}
+        \sharkIPConfigLastItem{ Enable Resolver}{checked}{}{}
+    \end{tabu}
+\end{table}
+{{\grenewcommand{\currentColor}{primary-blue}}}
+\begin{itemize}
+    \item Enter OPNsense dashboard and make a backup, System -> Configuration -> Backups, save the XML
+    \item Execute update firmware, refer to figure
+        \ref{fig:supermicroSSCIpmiOpnsenseDash3} on p. \pageref{fig:supermicroSSCIpmiOpnsenseDash3}
+\end{itemize}
+
+\newpage
+\begin{figure}[!ht]
+    \includegraphics[keepaspectratio=true,height=1.10\textheight,width=1.00\textwidth,angle=0]
+        {sf-fw/ssc-opns-dash3-update.png}
+    \caption{Supermicro SuperServer OPNsense Dashboard Update Firmware}
+    \label{fig:supermicroSSCIpmiOpnsenseDash3}
+\end{figure}
+\begin{itemize}
+    \item Standby until updating finished, refer to figure
+        \ref{fig:supermicroSSCIpmiOpnsenseDash4} on p. \pageref{fig:supermicroSSCIpmiOpnsenseDash4}
+    \item Switch to tab Settings, refer to figure
+        \ref{fig:supermicroSSCIpmiOpnsenseDash5} on p. \pageref{fig:supermicroSSCIpmiOpnsenseDash5}
+\end{itemize}
+\begin{figure}[!ht]
+    \includegraphics[keepaspectratio=true,height=1.10\textheight,width=1.00\textwidth,angle=0]
+        {sf-fw/ssc-opns-dash4-update.png}
+    \caption{Supermicro SuperServer OPNsense Dashboard Update Firmware Continued}
+    \label{fig:supermicroSSCIpmiOpnsenseDash4}
+\end{figure}
+
+\newpage
+\begin{figure}[!ht]
+    \includegraphics[keepaspectratio=true,height=1.10\textheight,width=1.00\textwidth,angle=0]
+        {sf-fw/ssc-opns-dash5-fw.png}
+    \caption{Supermicro SuperServer OPNsense Dashboard Firmware Settings}
+    \label{fig:supermicroSSCIpmiOpnsenseDash5}
+\end{figure}
+\begin{itemize}
+    \item Set mirror to LeaseWeb (San Francisco, US)
+    \item Set Flavour to LibreSSL
+    \item Set Release Type to Production
+    \item Click save and return to Updates tab.
+\end{itemize}
+
+\newpage
+\begin{figure}[!ht]
+    \includegraphics[keepaspectratio=true,height=1.10\textheight,width=1.00\textwidth,angle=0]
+        {sf-fw/ssc-opns-dash6-fw-updates.png}
+    \caption{Supermicro SuperServer OPNsense Dashboard Firmware Pending Updates}
+    \label{fig:supermicroSSCIpmiOpnsenseDash6}
+\end{figure}
+\begin{itemize}
+    \item Click Update now.
+    \item Standby until Update is completed.
+    \item Restore configs from XML, refer to figure
+        \ref{fig:supermicroSSCIpmiOpnsenseDash8} on p. \pageref{fig:supermicroSSCIpmiOpnsenseDash8}
+\end{itemize}
+\begin{figure}[!ht]
+    \includegraphics[keepaspectratio=true,height=1.10\textheight,width=1.00\textwidth,angle=0]
+        {sf-fw/ssc-opns-dash7-fw-update.png}
+    \caption{Supermicro SuperServer OPNsense Dashboard Firmware Update Processing}
+    \label{fig:supermicroSSCIpmiOpnsenseDash7}
+\end{figure}
+
+\newpage
+\begin{figure}[!ht]
+    \includegraphics[keepaspectratio=true,height=1.10\textheight,width=1.00\textwidth,angle=0]
+        {sf-fw/ssc-opns-dash8-fw-backupandreboot.png}
+    \caption{Supermicro SuperServer OPNsense Dashboard restore from XML config backup}
+    \label{fig:supermicroSSCIpmiOpnsenseDash8}
+\end{figure}
+\begin{itemize}
+    \item Upload the config and restore
+    \item Add a user, refer to figure
+        \ref{fig:supermicroSSCIpmiOpnsenseDash9} on p. \pageref{fig:supermicroSSCIpmiOpnsenseDash9}
+        using parameters from table
+        \ref{tab:supermicroSSCIpmiOpnsenseAddUser} on p. \pageref{tab:supermicroSSCIpmiOpnsenseAddUser}
+\end{itemize}
+\newpage
+\begin{figure}[!ht]
+    \includegraphics[keepaspectratio=true,height=1.10\textheight,width=1.00\textwidth,angle=0]
+        {sf-fw/ssc-opns-dash9-user.png}
+    \caption{Supermicro SuperServer OPNsense Dashboard Add User}
+    \label{fig:supermicroSSCIpmiOpnsenseDash9}
+\end{figure}
+\begin{table}[!htb]
+    \caption{sf-fw OPNsense Dashboard Add User} \label{tab:supermicroSSCIpmiOpnsenseAddUser}
+    \begin{tabu}{|[2pt]p{\SIPCCwidth}|[2pt]p{\SIPCCwidth*2}|[2pt]}
+        \tabucline[2pt]{1-2}
+        \multicolumn {1}{|[2pt]l|[2pt]}{\rule[-0.7em]{0pt}{2em} \cellcolor{\currentColor}{Parameter}}&
+        \multicolumn {1}{l|[2pt]}{\cellcolor{\currentColor}{Value}} \\
+        \tabucline[2pt]{1-2}
+        \sharkIPConfigItem    { Username }{jebba}{}{}
+        \sharkIPConfigItem    { Disabled }{unchecked}{}{}
+        \sharkIPConfigItem    { Full name }{Jeff Moe}{}{}
+        \sharkIPConfigItem    { E-mail }{moe@forksand.com}{}{}
+        \sharkIPConfigItem    { Comment }{}{}{}
+        \sharkIPConfigItem    { Expiration date }{}{}{}
+        \sharkIPConfigLastItem{ Group Memberships }{Member of admins}{}{}
+        \sharkIPConfigItem    { Certificate }{unchecked}{}{}
+        \sharkIPConfigLastItem{ OTP seed }{}{}{}
+    \end{tabu}
+\end{table}
+
+\newpage
+\begin{figure}[!ht]
+    \includegraphics[keepaspectratio=true,height=1.10\textheight,width=1.00\textwidth,angle=0]
+        {sf-fw/ssc-opns-dash10-dhcpv4.png}
+    \caption{Supermicro SuperServer OPNsense Dashboard DHCPv4}
+    \label{fig:supermicroSSCIpmiOpnsenseDash10}
+\end{figure}
+\begin{itemize}
+    \item Disable DHCPv4
+\end{itemize}
+\begin{table}[!htb]
+    \caption{sf-fw OPNsense Dashboard DHCPv4} \label{tab:supermicroSSCIpmiOpnsenseDhcpv4}
+    \begin{tabu}{|[2pt]p{\SIPCCwidth}|[2pt]p{\SIPCCwidth*2}|[2pt]}
+        \tabucline[2pt]{1-2}
+        \multicolumn {1}{|[2pt]l|[2pt]}{\rule[-0.7em]{0pt}{2em} \cellcolor{\currentColor}{Parameter}}&
+        \multicolumn {1}{l|[2pt]}{\cellcolor{\currentColor}{Value}} \\
+        \tabucline[2pt]{1-2}
+        \sharkIPConfigItem    { Enable }{unchecked}{}{}
+        \sharkIPConfigItem    { Deny unknown clients }{unchecked}{}{}
+        \sharkIPConfigItem    { Subnet }{192.168.110.0}{}{}
+        \sharkIPConfigItem    { Subnet mask }{255.255.255.0}{}{}
+        \sharkIPConfigLastItem{ Range }{192.168.110.10 - 192.168.110.245}{}{}
+        \sharkIPConfigLastItem{ Others }{leave unchanged}{}{}
+    \end{tabu}
+\end{table}
+
+\newpage
+\begin{figure}[!ht]
+    \includegraphics[keepaspectratio=true,height=1.10\textheight,width=1.00\textwidth,angle=0]
+        {sf-fw/ssc-opns-dash11-plugins.png}
+    \includegraphics[keepaspectratio=true,trim=360mm 190mm 10mm 80mm,clip,width=1.0\textwidth,angle=0]
+        {sf-fw/ssc-opns-dash11-plugins.png}
+    \caption{Supermicro SuperServer OPNsense Dashboard Plugin Installation}
+    \label{fig:supermicroSSCIpmiOpnsenseDash11}
+\end{figure}
+\begin{itemize}
+    \item Make sure os-dyndns plugin installed
+    \item Install os-acme-client
+\end{itemize}
+%\begin{table}[!htb]
+%    \caption{sf-fw OPNsense Dashboard Plugins} \label{tab:supermicroSSCIpmiOpnsensePlugins}
+%    \begin{tabu}{|[2pt]p{\SIPCCwidth}|[2pt]p{\SIPCCwidth*2}|[2pt]}
+%        \tabucline[2pt]{1-2}
+%        \multicolumn {1}{|[2pt]l|[2pt]}{\rule[-0.7em]{0pt}{2em} \cellcolor{\currentColor}{Parameter}}&
+%        \multicolumn {1}{l|[2pt]}{\cellcolor{\currentColor}{Value}} \\
+%        \tabucline[2pt]{1-2}
+%        \sharkIPConfigItem    { Enable }{unchecked}{}{}
+%        \sharkIPConfigItem    { Deny unknown clients }{unchecked}{}{}
+%        \sharkIPConfigItem    { Subnet }{192.168.110.0}{}{}
+%        \sharkIPConfigItem    { Subnet mask }{255.255.255.0}{}{}
+%        \sharkIPConfigLastItem{ Range }{192.168.110.10 - 192.168.110.245}{}{}
+%        \sharkIPConfigLastItem{ Others }{leave unchanged}{}{}
+%    \end{tabu}
+%\end{table}
+
+\newpage
+\begin{figure}[!ht]
+    \includegraphics[keepaspectratio=true,height=1.10\textheight,width=1.00\textwidth,angle=0]
+        {sf-fw/ssc-opns-dash12-lea.png}
+    \caption{Supermicro SuperServer OPNsense Dashboard add Let's Encrypt account}
+    \label{fig:supermicroSSCIpmiOpnsenseDash12}
+\end{figure}
+\begin{itemize}
+    \item Add Let's Encrypt account
+    \item Modify global Let's Encrypt settings
+    \item Apply Let's Encrypt settings
+    \item Refer to Certificates menu
+\end{itemize}
+\begin{table}[!htb]
+    \caption{sf-fw OPNsense Dashboard Let's Encrypt account and settings} \label{tab:supermicroSSCIpmiOpnsenseLea}
+    \begin{tabu}{|[2pt]p{\SIPCCwidth}|[2pt]p{\SIPCCwidth*2}|[2pt]}
+        \tabucline[2pt]{1-2}
+        \multicolumn {1}{|[2pt]l|[2pt]}{\rule[-0.7em]{0pt}{2em} \cellcolor{\currentColor}{Parameter}}&
+        \multicolumn {1}{l|[2pt]}{\cellcolor{\currentColor}{Value}} \\
+        \tabucline[2pt]{1-2}
+        \sharkIPConfigItem    { Enable }{checked}{}{}
+        \sharkIPConfigItem    { Name }{sf-fw1}{}{}
+        \sharkIPConfigItem    { Description }{SharkFork Firewall 1}{}{}
+        \sharkIPConfigLastItem{ E-Mail address }{sharkfork@forksand.com}{}{}
+        \sharkIPConfigItem    { Enable Plugin }{checked}{}{}
+        \sharkIPConfigItem    { Auto Renewal }{checked}{}{}
+        \sharkIPConfigItem    { Let's Encrypt Environment }{Production Environment \char`[Default\char`]}{}{}
+        \sharkIPConfigLastItem{ HAProxy Integration }{unchecked}{}{}
+    \end{tabu}
+\end{table}
+
+\newpage
+%\begin{figure}[!ht]
+%    \includegraphics[keepaspectratio=true,height=1.10\textheight,width=1.00\textwidth,angle=0]
+%        {sf-fw/ssc-opns-dash13-cert.png}
+%    \caption{Supermicro SuperServer OPNsense Dashboard add Certificate}
+%    \label{fig:supermicroSSCIpmiOpnsenseDash12}
+%\end{figure}
+\begin{itemize}
+    \item Add Validation Method
+    \item Add Certificate
+    \item Apply ``Issue/Renew Certificates Now''
+\end{itemize}
+\begin{table}[!htb]
+    \caption{sf-fw OPNsense Dashboard Let's Encrypt account and settings} \label{tab:supermicroSSCIpmiOpnsenseLea}
+    \begin{tabu}{|[2pt]p{\SIPCCwidth}|[2pt]p{\SIPCCwidth*2}|[2pt]}
+        \tabucline[2pt]{1-2}
+        \multicolumn {1}{|[2pt]l|[2pt]}{\rule[-0.7em]{0pt}{2em} \cellcolor{\currentColor}{Parameter}}&
+        \multicolumn {1}{l|[2pt]}{\cellcolor{\currentColor}{Value}} \\
+        \tabucline[2pt]{1-2}
+        \sharkIPConfigItem    { Validation Method }{}{}{}
+        \sharkIPConfigItem    { Enable }{checked}{}{}
+        \sharkIPConfigItem    { Name }{sf-fw1-http}{}{}
+        \sharkIPConfigItem    { Description }{SharkFork Firewall 1 http validation}{}{}
+        \sharkIPConfigLastItem{ Challenge Type }{HTTP-01}{}{}
+        \sharkIPConfigLastItem{ HTTP Service }{OPNsense Web Service (automatic port forward)}{}{}
+        \sharkIPConfigItem    { IP Auto-Discovery }{checked}{}{}
+        \sharkIPConfigItem    { Interface }{WAN}{}{}
+        \sharkIPConfigLastItem{ IP Addresses }{}{}{}
+        \tabucline[2pt]{1-2}
+        \sharkIPConfigItem    { Certificate }{}{}{}
+        \sharkIPConfigItem    { Enable }{checked}{}{}
+        \sharkIPConfigItem    { Common Name }{sf-fw1.forksand.com}{}{}
+        \sharkIPConfigItem    { Description }{SharkFork Firewall 1}{}{}
+        \sharkIPConfigItem    { Alt Names }{}{}{}
+        \sharkIPConfigItem    { LE Account }{sf-fw1}{}{}
+        \sharkIPConfigItem    { Validation Method }{sf-fw1-http}{}{}
+        \sharkIPConfigItem    { Restart Actions }{}{}{}
+        \sharkIPConfigItem    { Auto Renewal }{checked}{}{}
+        \sharkIPConfigLastItem{ Renewal Interval }{60}{}{}
+    \end{tabu}
+\end{table}
+
 \newpage
 \section{Alternatives Firewalls Hardware Overview}
 Some resellers:
--- a/source/Hardware.tex
+++ b/source/Hardware.tex
@ -49,11 +49,6 @@ The cluster will require rackmountable equipment:

 %\subsubsection{Sharkfork 21U detail hardware description} \label{sec:hardware-description-sharkfork-21U}

-\definecolor{secondary-brown}{HTML}{F3E2C3} %     HEX # F3E2C3    R:243 G:226 B:195   C:0 M:7 Y:20 K:5
-\definecolor{primary-blue}{HTML}{A1F4FF} %     HEX # A1F4FF    R:161 G:244 B:255  C:37 M:4 Y:0 K:0
-\definecolor{primary-brown}{HTML}{B07E3B} %     HEX # B07E3B    R:176 G:126 B:56    C:0 M:28 Y:68 K:31
-\definecolor{nonbrand-dark-blue}{HTML}{184B6D} %     HEX # 184B6D    R:19 G:70 B:109    C:0 M:28 Y:68 K:31
-
 \newcommand{\nodeUnitName}[4]{
    \rowcolor{#3}\vspace{-1pt}
    {{\grenewcommand{\currentColor}{#3}}}
@ -351,7 +346,8 @@ Who we'll get hardware from.

 {{\grenewcommand{\currentColor}{primary-blue}}}
 {{\grenewcommand{\currentTextColor}{ao-black}}}
-\providecommand{\sharkIPConfigItem}[4]{
+\providecommand{\sharkIPConfigItem}[4]{}
+\renewcommand{\sharkIPConfigItem}[4]{
    \rowcolor{\currentColor}   \vspace{-1pt}
    \rule[-0.3em]{0pt}{-0.5em}  \vspace{-1pt}
    \small{\textcolor{\currentTextColor}{#1}} & \vspace{-1pt}
@ -359,7 +355,8 @@ Who we'll get hardware from.
    \small{\textcolor{\currentTextColor}{#3}} & \vspace{-1pt}
    \small{\textcolor{\currentTextColor}{#4}} \\
 }
-\providecommand{\sharkIPConfigLastItem}[4]{
+\providecommand{\sharkIPConfigLastItem}[4]{}
+\renewcommand{\sharkIPConfigLastItem}[4]{
    \rowcolor{\currentColor}   \vspace{-1pt}
    \rule[-1.0em]{0pt}{1em}  \vspace{-1pt}
    \small{\textcolor{\currentTextColor}{#1}} & \vspace{-1pt}
@ -369,6 +366,7 @@ Who we'll get hardware from.
    \tabucline[2pt]{1-4}
 }
 \providecommand{\SIPCCwidth}{3.5cm}
+\renewcommand{\SIPCCwidth}{3.5cm}
 \begin{table}[!htb]
    \caption{IP configs of nodes} \label{tab:sharkNodeIPConfig}
    \begin{tabu}{|[2pt]p{\SIPCCwidth}|[2pt]p{\SIPCCwidth}|p{\SIPCCwidth}|p{\SIPCCwidth}|[2pt]}
--- a/source/Software-daemons.tex
+++ b/source/Software-daemons.tex
@ -127,8 +127,8 @@ mtab.fuselock
 aliases.db
 \end{minted}
 \subsection{Set up a git user:}
-\begin{minted}{sh}
 vi ~/.gitconfig
+\begin{minted}{sh}
 [user]
 name = Jeff Moe

@ -141,7 +141,9 @@ name = Jeff Moe
 \begin{minted}{sh}
 git add .
 EDITOR=vi git commit -a
+\end{minted}
 Intial setup of pwn.themoes.org jessie owncloud server
+\begin{minted}{sh}
 #Install some needed stuff:
 apt-get -y install sudo vim curl exuberant-ctags rsync ntp vim-scripts
 host strace telnet lsb-release unzip bzip2 && apt-get clean
@ -331,9 +333,6 @@ echo alias ivp6 off  >>  /etc/modprobe.d/aliases.conf
 reboot
 \end{minted}

-%####################
-%# Install Owncloud #
-%####################
 \subsection{Install nextcloud}
 Copied from Owncloud installation sequence. Todo: review difference to Nextcloud

--- a/source/Source-gen.tex
+++ b/source/Source-gen.tex
@ -61,22 +61,22 @@
 \section{\texttt{apps/ansible-debian-mail/roles/mikegleasonjr.firewall/defaults/\\ \qquad\qquad\qquad../main.yml}}
 \texttt{SHA256: c86227ad9775e213708a92703958d1ae8dc80b5073b665499839e4c80f0d77d5}
 \inputminted{sh}{resources/apps/ansible-debian-mail/roles/mikegleasonjr.firewall/defaults/main.yml}
-\section{\texttt{apps/ansible-debian-mail/roles/mikegleasonjr.firewall/meta/main.yml}}
+\section{\texttt{apps/ansible-debian-mail/roles/mikegleasonjr.firewall/meta/\\ \qquad\qquad\qquad../main.yml}}
 \texttt{SHA256: c77f50cf2758025bece96792badbf0f98a799738be56e3dbd94d5c416ce402b5}
 \inputminted{sh}{resources/apps/ansible-debian-mail/roles/mikegleasonjr.firewall/meta/main.yml}
-\section{\texttt{apps/ansible-debian-mail/roles/mikegleasonjr.firewall/meta/.galaxy\char`_install\char`_info}}
+\section{\texttt{apps/ansible-debian-mail/roles/mikegleasonjr.firewall/meta/\\ \qquad\qquad\qquad../.galaxy\char`_install\char`_info}}
 \texttt{SHA256: 8df2fa6c72bad1a6b52a7e84a1dd5a850b96d3ed55c4266113c1476bbc1c974d}
 \inputminted{sh}{resources/apps/ansible-debian-mail/roles/mikegleasonjr.firewall/meta/.galaxy_install_info}
-\section{\texttt{apps/ansible-debian-mail/roles/mikegleasonjr.firewall/tasks/main.yml}}
+\section{\texttt{apps/ansible-debian-mail/roles/mikegleasonjr.firewall/tasks/\\ \qquad\qquad\qquad../main.yml}}
 \texttt{SHA256: 5d1ebe1ec51a5a4b0ab52bbf1af63ca94af4290182755b2463aa321bfb39732f}
 \inputminted{sh}{resources/apps/ansible-debian-mail/roles/mikegleasonjr.firewall/tasks/main.yml}
-\section{\texttt{apps/ansible-debian-mail/roles/mikegleasonjr.firewall/tasks/persist-debian.yml}}
+\section{\texttt{apps/ansible-debian-mail/roles/mikegleasonjr.firewall/tasks/\\ \qquad\qquad\qquad../persist-debian.yml}}
 \texttt{SHA256: da08d16128d29e725a80590890592020a53d90cbeac3b55dbe67da63fc254e6b}
 \inputminted{sh}{resources/apps/ansible-debian-mail/roles/mikegleasonjr.firewall/tasks/persist-debian.yml}
-\section{\texttt{apps/ansible-debian-mail/roles/mikegleasonjr.firewall/tasks/persist-redhat.yml}}
+\section{\texttt{apps/ansible-debian-mail/roles/mikegleasonjr.firewall/tasks/\\ \qquad\qquad\qquad../persist-redhat.yml}}
 \texttt{SHA256: aaa130a6c8ad52ede70c2b12e46e27e61475e5d8b0842274b5ce0515ad645734}
 \inputminted{sh}{resources/apps/ansible-debian-mail/roles/mikegleasonjr.firewall/tasks/persist-redhat.yml}
-\section{\texttt{apps/ansible-debian-mail/roles/mikegleasonjr.firewall/tasks/rules.yml}}
+\section{\texttt{apps/ansible-debian-mail/roles/mikegleasonjr.firewall/tasks/\\ \qquad\qquad\qquad../rules.yml}}
 \texttt{SHA256: 6f28f53b5c77709268853ab1ba9f16ca30d64cd72dde08e9d9826b82c714e602}
 \inputminted{sh}{resources/apps/ansible-debian-mail/roles/mikegleasonjr.firewall/tasks/rules.yml}
 \section{\texttt{apps/ansible-debian-mail/roles/mikegleasonjr.firewall/templates/\\ \qquad\qquad\qquad../generated.v4.j2}}
@ -106,10 +106,10 @@
 \section{\texttt{apps/ansible-debian-mail/roles/postfix\char`_configuration/templates/\\ \qquad\qquad\qquad../aliases.j2}}
 \texttt{SHA256: 5a101165ebf12cbd1663908e21f77dc2636fee45da36f5daa79ab84c47e7dfcb}
 \inputminted{sh}{resources/apps/ansible-debian-mail/roles/postfix_configuration/templates/aliases.j2}
-\section{\texttt{apps/ansible-debian-mail/roles/server\char`_tasks/handlers/main.yml}}
+\section{\texttt{apps/ansible-debian-mail/roles/server\char`_tasks/handlers/\\ \qquad\qquad\qquad../main.yml}}
 \texttt{SHA256: 5822b360aa9988efc37bdf5dd9626de45b2d1f279f70e032f5b56427994f440d}
 \inputminted{sh}{resources/apps/ansible-debian-mail/roles/server_tasks/handlers/main.yml}
-\section{\texttt{apps/ansible-debian-mail/roles/server\char`_tasks/tasks/main.yml}}
+\section{\texttt{apps/ansible-debian-mail/roles/server\char`_tasks/tasks/\\ \qquad\qquad\qquad../main.yml}}
 \texttt{SHA256: 9482c99a24179cb4bcd0d8ea5bf6ac5e8391cd88b1242190693c685127bb94e8}
 \inputminted{sh}{resources/apps/ansible-debian-mail/roles/server_tasks/tasks/main.yml}
 \section{\texttt{apps/ansible-debian-mail/roles/spamassassin\char`_configuration/tasks/\\ \qquad\qquad\qquad../main.yml}}
@ -144,7 +144,7 @@
 \inputminted{sh}{resources/apps/ansible-gitea/roles/gitea/tasks/main.yml}
 \section{\texttt{apps/ansible-gitea/roles/gitea/templates/gitea.ini.j2}}
 \texttt{SHA256: c8be571f2f2407240bc88997aedf70c9230554a65132ebab9a1ee0d4296ff9d3}
-\inputminted{sh}{resources/apps/ansible-gitea/roles/gitea/templates/gitea.ini.j2}
+\inputminted{ini}{resources/apps/ansible-gitea/roles/gitea/templates/gitea.ini.j2}
 \section{\texttt{apps/ansible-gitea/roles/gitea/templates/gitea.service.j2}}
 \texttt{SHA256: 0acbfe01156c9e39ee71a4fc64310ab003f09bfcf544df00b1f3cff010ed8f38}
 \inputminted{sh}{resources/apps/ansible-gitea/roles/gitea/templates/gitea.service.j2}
@ -219,16 +219,16 @@
 \inputminted{sh}{resources/apps/yadifa-master/etc/yadifa/yadifad.conf}
 \section{\texttt{apps/yadifa-master/var/lib/yadifa/masters/solipsists.org.zone}}
 \texttt{SHA256: e2c4028695f3ac6b6ed8afb963a7821589b94ed81a2d068d7480b809d402c830}
-\inputminted{sh}{resources/apps/yadifa-master/var/lib/yadifa/masters/solipsists.org.zone}
+\inputminted{ca65}{resources/apps/yadifa-master/var/lib/yadifa/masters/solipsists.org.zone}
 \section{\texttt{apps/yadifa-slave/etc/yadifa/yadifad.conf}}
 \texttt{SHA256: 705f36a12aee30e8510e5d06f1d3dd471a82aa518e00648a83f8f9d1146b8186}
 \inputminted{sh}{resources/apps/yadifa-slave/etc/yadifa/yadifad.conf}
 \section{\texttt{apps/yadifa/var/lib/yadifa/masters/0.0.127.in-addr.arpa.zone}}
 \texttt{SHA256: 1966009066a265b65574003bc5f338ee4c2595c010ece34e9e428c526b974fd5}
-\inputminted{sh}{resources/apps/yadifa/var/lib/yadifa/masters/0.0.127.in-addr.arpa.zone}
+\inputminted{ca65}{resources/apps/yadifa/var/lib/yadifa/masters/0.0.127.in-addr.arpa.zone}
 \section{\texttt{apps/yadifa/var/lib/yadifa/masters/localhost.zone}}
 \texttt{SHA256: 93847412dc586aa627b7c8d9c7f9f08223d62bd7297bb02058b57aaa4e92e220}
-\inputminted{sh}{resources/apps/yadifa/var/lib/yadifa/masters/localhost.zone}
+\inputminted{ca65}{resources/apps/yadifa/var/lib/yadifa/masters/localhost.zone}
 \section{\texttt{txt2qrpng.sh}}
 \texttt{SHA256: 28dff76725cfbe3e4dcf70120f0393422507443fa5b6a62e1814bd44fb62161e}
 \inputminted{sh}{resources/txt2qrpng.sh}
--- a/source/forksand-it-manual.tex
+++ b/source/forksand-it-manual.tex
@ -244,6 +244,10 @@ leftmargin=1cm,rightmargin=1cm
 \definecolor{ao-white}{cmyk}{0.00 0.00 0.00 0.00}
 \definecolor{ao-black}{cmyk}{1.00 1.00 1.00 1.00}
 \definecolor{lulzbot-green}{cmyk}{0.11 0.00 0.78 0.15}
+\definecolor{secondary-brown}{HTML}{F3E2C3} %     HEX # F3E2C3    R:243 G:226 B:195   C:0 M:7 Y:20 K:5
+\definecolor{primary-blue}{HTML}{A1F4FF} %     HEX # A1F4FF    R:161 G:244 B:255  C:37 M:4 Y:0 K:0
+\definecolor{primary-brown}{HTML}{B07E3B} %     HEX # B07E3B    R:176 G:126 B:56    C:0 M:28 Y:68 K:31
+\definecolor{nonbrand-dark-blue}{HTML}{184B6D} %     HEX # 184B6D    R:19 G:70 B:109    C:0 M:28 Y:68 K:31
 %%% END COLORS %%%


--- a/source/resources/images/sf-fw/ssc-ipmi-boot1.png
+++ b/source/resources/images/sf-fw/ssc-ipmi-boot1.png
--- a/source/resources/images/sf-fw/ssc-ipmi-boot2.png
+++ b/source/resources/images/sf-fw/ssc-ipmi-boot2.png
--- a/source/resources/images/sf-fw/ssc-ipmi-init.png
+++ b/source/resources/images/sf-fw/ssc-ipmi-init.png
--- a/source/resources/images/sf-fw/ssc-ipmi-opnsense-boot1.png
+++ b/source/resources/images/sf-fw/ssc-ipmi-opnsense-boot1.png
--- a/source/resources/images/sf-fw/ssc-opns-dash1.png
+++ b/source/resources/images/sf-fw/ssc-opns-dash1.png
--- a/source/resources/images/sf-fw/ssc-opns-dash10-dhcpv4.png
+++ b/source/resources/images/sf-fw/ssc-opns-dash10-dhcpv4.png
--- a/source/resources/images/sf-fw/ssc-opns-dash11-plugins.png
+++ b/source/resources/images/sf-fw/ssc-opns-dash11-plugins.png
--- a/source/resources/images/sf-fw/ssc-opns-dash12-lea.png
+++ b/source/resources/images/sf-fw/ssc-opns-dash12-lea.png
--- a/source/resources/images/sf-fw/ssc-opns-dash2.png
+++ b/source/resources/images/sf-fw/ssc-opns-dash2.png
--- a/source/resources/images/sf-fw/ssc-opns-dash3-update.png
+++ b/source/resources/images/sf-fw/ssc-opns-dash3-update.png
--- a/source/resources/images/sf-fw/ssc-opns-dash4-update.png
+++ b/source/resources/images/sf-fw/ssc-opns-dash4-update.png
--- a/source/resources/images/sf-fw/ssc-opns-dash5-fw.png
+++ b/source/resources/images/sf-fw/ssc-opns-dash5-fw.png
--- a/source/resources/images/sf-fw/ssc-opns-dash6-fw-updates.png
+++ b/source/resources/images/sf-fw/ssc-opns-dash6-fw-updates.png
--- a/source/resources/images/sf-fw/ssc-opns-dash7-fw-update.png
+++ b/source/resources/images/sf-fw/ssc-opns-dash7-fw-update.png
--- a/source/resources/images/sf-fw/ssc-opns-dash8-fw-backupandreboot.png
+++ b/source/resources/images/sf-fw/ssc-opns-dash8-fw-backupandreboot.png
--- a/source/resources/images/sf-fw/ssc-opns-dash9-user.png
+++ b/source/resources/images/sf-fw/ssc-opns-dash9-user.png
--- a/source/resources/images/sharkfork-21U.png
+++ b/source/resources/images/sharkfork-21U.png
--- a/source/resources/make-sources-list.sh
+++ b/source/resources/make-sources-list.sh
@ -30,7 +30,7 @@ touch $TEXOUT SHA256SUM
 for i in $SRCFILES
 do
    # NOUNDER=`echo $i | sed -e 's/_/\\\_/g'`
-    NOUNDER=`echo $i | sed -e 's/_/\\\\char\\\`_/g' | cut -f 2- -d "/" | sed -e 's/^\(.\{60,75\}\)\//\1\/\\\\\\\\ \\\\qquad\\\\qquad\\\\qquad\.\.\//g'`
+    NOUNDER=`echo $i | sed -e 's/_/\\\\char\\\`_/g' | cut -f 2- -d "/" | sed -e 's/^\(.\{55,70\}\)\//\1\/\\\\\\\\ \\\\qquad\\\\qquad\\\\qquad\.\.\//g'`
    # !!! ToDo, apply greedy pattern to second sed's range pattern
    echo "\section{\texttt{$NOUNDER}}"
    # echo "\texttt{$NOUNDER} \\\ "
@ -38,7 +38,15 @@ do
    sha256sum $i >> SHA256SUM
    MINTEDPATH=`echo $i | cut -f 2- -d "/"`
    MINTEDPATH="resources/$MINTEDPATH"
-    echo "\inputminted{sh}{$MINTEDPATH}"
+    if [[ "$i" =~ \.ini\.j2$|\.zone$ ]]; then
+        if [[ "$i" =~ \.ini\.j2$ ]]; then
+            echo "\inputminted{ini}{$MINTEDPATH}"
+        else
+            echo "\inputminted{ca65}{$MINTEDPATH}"
+        fi
+    else
+        echo "\inputminted{sh}{$MINTEDPATH}"
+    fi
 done >> $TEXOUT

 sort -V SHA256SUM > SHA256SUM.tmp