diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..30b70a7 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +# Ignore editor files +*.swp diff --git a/bashrc b/bashrc index e4a1d4f..8f8a9b6 100644 --- a/bashrc +++ b/bashrc @@ -30,4 +30,4 @@ CBUILD="x86_64-pc-linux-gnu" export PALUDIS_PATCHDIR="$ROOT/etc/paludis/paludis" -. "${PALUDIS_DIR:-/etc/paludis}/libs/shell/sysconf.bash" +#. "${PALUDIS_DIR:-/etc/paludis}/libs/shell/imgconf.bash" diff --git a/imgconf/net-dns/bind/etc/bind/master/rixotstudio.cz b/imgconf/net-dns/bind/etc/bind/master/rixotstudio.cz index 95d5c55..3404197 100644 --- a/imgconf/net-dns/bind/etc/bind/master/rixotstudio.cz +++ b/imgconf/net-dns/bind/etc/bind/master/rixotstudio.cz @@ -1,42 +1,41 @@ ;; Can be tested using clear; named-checkzone rixotstudio.cz rixotstudio.cz -$TTL 3600 +$TTL 300 $ORIGIN rixotstudio.cz. +@ 300 IN NS ns.wedos.cz. @ IN SOA ( - ns1.rixotstudio.cz. ; MNAME - hostmaster.rixotstudio.cz. ; RNAME - 2020042100 ; SERIAL + ns.dreamon.rixotstudio.cz. ; MNAME + hostmaster.dreamon.rixotstudio.cz. ; RNAME + 2020042123 ; SERIAL 8H ; REFRESH 2H ; RETRY 1W ; EXPIRY 2H ; MINIMUM Negative Cache TTL ) ;; NS -@ 300 IN NS dreamon.rixotstudio.cz. -@ 3600 IN NS ns.wedos.cz. -@ 3600 IN NS ns.wedos.net. -@ 3600 IN NS ns.wedos.eu. -@ 3600 IN NS ns.wedos.com. +;@ 300 IN NS ns.dreamon.rixotstudio.cz. ;; DEFAULT -rixotstudio.cz IN CNAME dreamon.rixotstudio.cz -mail.rixotstudio.cz. IN MX 10 dreamon.rixotstudio.cz. +;rixotstudio.cz. IN CNAME dreamon.rixotstudio.cz +;ns.rixotstudio.cz. IN CNAME 213.220.230.81 +ns.dreamon.rixotstudio.cz. IN A 213.220.230.81 +mail.rixotstudio.cz. IN MX 10 dreamon.rixotstudio.cz. openpgpkey.rixotstudio.cz. IN CNAME wkd.keys.openpgp.org. -;rixotstudio.cz. IN DS 8837 13 2 +;rixotstudio.cz. IN DS 64022 14 2 9EE542B149F2AFF449677D3425FBB2573208FED686E81800FD0630841309F68B ;; DREAMON -dreamon.rixotstudio.cz. IN A 78.102.113.209 -mail.dreamon.rixotstudio.cz. 3600 IN MX 10 dreamon.rixotstudio.cz. +dreamon.rixotstudio.cz. IN A 213.220.230.81 +mail.dreamon.rixotstudio.cz. IN MX 10 dreamon.rixotstudio.cz. smtp.dreamon.rixotstudio.cz IN CNAME dreamon.rixotstudio.cz. smtps.dreamon.rixotstudio.cz IN CNAME dreamon.rixotstudio.cz. imap.dreamon.rixotstudio.cz IN CNAME dreamon.rixotstudio.cz. imaps.dreamon.rixotstudio.cz IN CNAME dreamon.rixotstudio.cz. pop3.dreamon.rixotstudio.cz IN CNAME dreamon.rixotstudio.cz. pop3s.dreamon.rixotstudio.cz IN CNAME dreamon.rixotstudio.cz. -;2020._domainkey.dreamon.rixotstudio.cz. 120 IN TXT "v=DKIM1; n=\"dreamon\"; h=rsa-sha256; k=rsa; s=email; p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr/UtumdfuHcGPMUmV/ilYtHZ8yoG4n6G29krAH4/6abcpthr0JMMJhb7yImfRa4yupZPOI6sggMPZNy2vBf89VkLJpf+PT9kZ9Dtbwi0xcRkwO3x5emhZ+DQsEvbZPkakP5qrGIORjWTpPQuit3QN716gwtV+TCnMWT3vF+A+Wz1qiC2DsINg2b45XZYclIIngmhR3YVq17Oai rb8fH24F/plNUQICr7VzI4RQNG8qJhCmcnLt8x1kThoNxX1c1FufUPacTNTUlu2sflUDKUEF+MUq/ng3NaXzyySkpEkeU3j9d3CG+BEfJitBFwEgdJoy7LvpHmjKZDb7ImIG4w8wPlBDorlVwi2Wtj6RsqS7NV7vm4FZ1vkbgA8/xmRbpV6kaz9tG1emKwnu+/8BMNUhzMDxrAta1aYgqR3w1EGId7OWuh7WW57uFOTnlnbzWSb+yo8Paf 8MbpUpYOYLWx8xsbgCqIGYrO8OuaLEqBEDHG7i1FoXUX5wmKM4ouuSsDxA9blce1pO2i7M6MnuO90X/404hptWt6EvTapilXcZb89ktbLvisxS+EcaINJTA0yZNVdfnp38b6uClbYNeCa3jx2C9t70FMwTWdmV1yiBB1bz265vo09dERefLPCHNauG5JQoRbUgDRQeCD1EiQebBdg71XmTRgeZH4CRIyg00CAwEAAQ==" -_adsp._domainkey.dreamon.rixotstudio.cz. 3600 IN TXT "dkim=all" -_dmarc.dreamon.rixotstudio.cz. 3600 IN TXT "v=DMARC1,p=quarantine,sp=quarantine,pct=100,rua=mailto:dmarc-report@rixotstudio.cz!20m,ruf=mailto:authfail@rixotstudio.cz!20m,adkim=r,aspf=r,fo=1,rf=afrf" -dreamon.rixotstudio.cz. 3600 IN TXT "v=spf1 a:dreamon.rixotstudio.cz ip4:78.102.113.209 -all" +;2020._domainkey.dreamon.rixotstudio.cz. IN TXT "v=DKIM1; n=dreamon; h=rsa-sha256; k=rsa; s=email; p=\"MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr/UtumdfuHcGPMUmV/ilYtHZ8yoG4n6G29krAH4/6abcpthr0JMMJhb7yImfRa4yupZPOI6sggMPZNy2vBf89VkLJpf+PT9kZ9Dtbwi0xcRkwO3x5emhZ+DQsEvbZPkakP5qrGIORjWTpPQuit3QN716gwtV+TCnMWT3vF+A+Wz1qiC2DsINg2b45XZYclIIngmhR3YVq17Oai rb8fH24F/plNUQICr7VzI4RQNG8qJhCmcnLt8x1kThoNxX1c1FufUPacTNTUlu2sflUDKUEF+MUq/ng3NaXzyySkpEkeU3j9d3CG+BEfJitBFwEgdJoy7LvpHmjKZDb7ImIG4w8wPlBDorlVwi2Wtj6RsqS7NV7vm4FZ1vkbgA8/xmRbpV6kaz9tG1emKwnu+/8BMNUhzMDxrAta1aYgqR3w1EGId7OWuh7WW57uFOTnlnbzWSb+yo8Paf 8MbpUpYOYLWx8xsbgCqIGYrO8OuaLEqBEDHG7i1FoXUX5wmKM4ouuSsDxA9blce1pO2i7M6MnuO90X/404hptWt6EvTapilXcZb89ktbLvisxS+EcaINJTA0yZNVdfnp38b6uClbYNeCa3jx2C9t70FMwTWdmV1yiBB1bz265vo09dERefLPCHNauG5JQoRbUgDRQeCD1EiQebBdg71XmTRgeZH4CRIyg00CAwEAAQ==\"" +_adsp._domainkey.dreamon.rixotstudio.cz. IN TXT "dkim=all" +_dmarc.dreamon.rixotstudio.cz. IN TXT "v=DMARC1,p=quarantine,sp=quarantine,pct=100,rua=mailto:dmarc-report@rixotstudio.cz!20m,ruf=mailto:authfail@rixotstudio.cz!20m,adkim=r,aspf=r,fo=1,rf=afrf" +dreamon.rixotstudio.cz. IN TXT "v=spf1 a:dreamon.rixotstudio.cz ip4:78.102.113.209 -all" ;; LEONID -leonid.rixotstudio.cz. IN A 94.113.123.218 -mail.leonid.rixotstudio.cz. 3600 IN MX 10 leonid.rixotstudio.cz. +leonid.rixotstudio.cz. IN A 94.113.123.218 +mail.leonid.rixotstudio.cz. IN MX 10 leonid.rixotstudio.cz. smtp.leonid.rixotstudio.cz. IN CNAME leonid.rixotstudio.cz. smtps.leonid.rixotstudio.cz. IN CNAME leonid.rixotstudio.cz. imap.leonid.rixotstudio.cz. IN CNAME leonid.rixotstudio.cz. @@ -44,8 +43,8 @@ imaps.leonid.rixotstudio.cz. IN CNAME leonid.rixotstudio.cz. pop3.leonid.rixotstudio.cz. IN CNAME leonid.rixotstudio.cz. pop3s.leonid.rixotstudio.cz. IN CNAME leonid.rixotstudio.cz. ;; ROGISEK -rogisek IN A 94.113.123.218 -mail.rogisek.rixotstudio.cz. 3600 IN MX 10 rogisek.rixotstudio.cz. +rogisek IN A 94.113.123.218 +mail.rogisek.rixotstudio.cz. IN MX 10 rogisek.rixotstudio.cz. smtp.rogisek.rixotstudio.cz. IN CNAME rogisek.rixotstudio.cz. smtps.rogisek.rixotstudio.cz. IN CNAME rogisek.rixotstudio.cz. imap.rogisek.rixotstudio.cz. IN CNAME rogisek.rixotstudio.cz. @@ -54,7 +53,7 @@ pop3.rogisek.rixotstudio.cz. IN CNAME rogisek.rixotstudio.cz. pop3s.rogisek.rixotstudio.cz. IN CNAME rogisek.rixotstudio.cz. ;; Security challenge -_acme-challenge.dreamon.rixotstudio.cz. IN TXT "EjzaayF_SqOHaWLhgzYiNKXkCoWaxGz75VgIw8BeFlU" +_acme-challenge.dreamon.rixotstudio.cz. IN TXT "EjzaayF_SqOHaWLhgzYiNKXkCoWaxGz75VgIw8BeFlU" _acme-challenge.imap.dreamon.rixotstudio.cz. IN TXT "tJfxA2ebY8Lt93-danryaPrI7JZynaqvHbFLOCGLVzI" -_acme-challenge.imap.rixotstudio.cz. IN TXT "NhFFlS-CYCXKGFOqmr69ypqRts4rgLUf5qVW4VPEl0E" +_acme-challenge.imap.rixotstudio.cz. IN TXT "NhFFlS-CYCXKGFOqmr69ypqRts4rgLUf5qVW4VPEl0E" _acme-challenge.imaps.dreamon.rixotstudio.cz. IN TXT "H4JBnbAuk-pIfNsOy43W56r90Pb6mq_636HjhfVP1_g" diff --git a/imgconf/net-dns/bind/etc/bind/named.conf b/imgconf/net-dns/bind/etc/bind/named.conf index 4efd590..3fb01db 100644 --- a/imgconf/net-dns/bind/etc/bind/named.conf +++ b/imgconf/net-dns/bind/etc/bind/named.conf @@ -1,3 +1,5 @@ +# Relevant: https://kb.isc.org/docs/aa-00711 + options { // Krey: Set directory for bind directory "/bedrock/strata/exherbo/var/bind"; @@ -5,6 +7,8 @@ options { // Krey: Sets Random Device random-device "/dev/random"; + key-directory "/bedrock/strata/exherbo/var/cache/bind/keys"; + // uncomment the following lines to turn on DNS forwarding, // and change the forwarding ip address(es) : //forward first; @@ -13,6 +17,8 @@ options { // 123.123.123.123; //}; + listen-on port 53 { any; }; + listen-on-v6 { none; }; listen-on { 127.0.0.1; }; @@ -26,6 +32,28 @@ options { pid-file "/bedrock/strata/exherbo/run/named/named.pid"; }; +#controls { +# inet 127.0.0.1 port 953 +# allow { 127.0.0.1; } keys { "/etc/bind/rndc.key"; }; +#}; + +logging { + channel named_log{ + file "/var/log/named/bind.log" versions 3 size 2m; + severity info; + print-severity yes; + print-time yes; + print-category yes; + }; + category default { + named_log; + }; + category lame-servers { + null; + }; +}; + + // Briefly, a zone which has been declared delegation-only will be effectively // limited to containing NS RRs for subdomains, but no actual data beyond its // own apex (for example, its SOA RR and apex NS RRset). This can be used to @@ -37,15 +65,21 @@ options { zone "rixotstudio.cz" { type master; file "/bedrock/strata/exherbo/etc/bind/master/rixotstudio.cz"; + update-policy { + grant ddns-key zonesub ANY; + }; allow-transfer { // Current Server IP - 78.102.113.209; - // Secondary DNS IP - nic.cz (wedos.cz) - 46.28.104.66; + 213.220.230.81; + // Wedos - Secondary DNS + 46.28.104.67; }; - allow-update { 78.102.113.209; }; - key-directory "/bedrock/strata/exherbo/var/cache/bind/keys/rixotstudio.cz"; + #allow-update { 213.220.230.81; }; inline-signing yes; + # Only sign DNSKEY with KSK + dnssec-dnskey-kskonly yes; + # expiration time 21d, refresh period 16d + sig-validity-interval 21 16; auto-dnssec maintain; serial-update-method unixtime; }; diff --git a/imgconf/net-dns/bind/etc/bind/named.conf.complex_sample b/imgconf/net-dns/bind/etc/bind/named.conf.complex_sample deleted file mode 100644 index 928dd9e..0000000 --- a/imgconf/net-dns/bind/etc/bind/named.conf.complex_sample +++ /dev/null @@ -1,617 +0,0 @@ -/* - * Copyright (C) Internet Systems Consortium, Inc. ("ISC") - * - * This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. - * - * See the COPYRIGHT file distributed with this work for additional - * information regarding copyright ownership. - */ - -/* - * This is a worthless, nonrunnable example of a named.conf file that has - * every conceivable syntax element in use. We use it to test the parser. - * It could also be used as a conceptual template for users of new features. - */ - -/* - * C-style comments are OK - */ - -// So are C++-style comments - -# So are shell-style comments - -// watch out for ";" -- it's important! - -options { - additional-from-auth true; - additional-from-cache false; - - version "my version string"; - random-device "/dev/random"; - directory "/tmp"; - - port 666; - - sig-validity-interval 33; - -# Obsolete - named-xfer "/usr/libexec/named-xfer"; // _PATH_XFER - - dump-file "named_dump.db"; // _PATH_DUMPFILE - pid-file "/var/run/named.pid"; // _PATH_PIDFILE - statistics-file "named.stats"; // _PATH_STATS - memstatistics-file "named.memstats"; // _PATH_MEMSTATS - - max-cache-ttl 999; - min-cache-ttl 66; - auth-nxdomain yes; // always set AA on NXDOMAIN. - // don't set this to 'no' unless - // you know what you're doing -- older - // servers won't like it. - -# Obsolete - deallocate-on-exit no; - - dialup yes; - -# Obsolete - fake-iquery no; - - fetch-glue yes; - has-old-clients yes; - host-statistics no; - -# Obsolete - multiple-cnames no; // if yes, then a name my have more - // than one CNAME RR. This use - // is non-standard and is not - // recommended, but it is available - // because previous releases supported - // it and it was used by large sites - // for load balancing. - - notify yes; // send NOTIFY messages. You can set - // notify on a zone-by-zone - // basis in the "zone" statement - // see (below) - recursion yes; - rfc2308-type1 no; - -# Obsolete - use-id-pool yes; - -# Obsolete - treat-cr-as-space yes; - - also-notify { 10.0.2.3; }; - - // The "forward" option is only meaningful if you've defined - // forwarders. "first" gives the normal BIND - // forwarding behavior, i.e. ask the forwarders first, and if that - // doesn't work then do the full lookup. You can also say - // "forward only;" which is what used to be specified with - // "slave" or "options forward-only". "only" will never attempt - // a full lookup; only the forwarders will be used. - forward first; - forwarders { - 1.2.3.4; - 5.6.7.8; - }; - - check-names master fail; - check-names slave warn; - check-names response ignore; - - allow-query { any; }; - allow-transfer { any; }; - allow-recursion { !any; }; - blackhole { 45/24; }; - keep-response-order { 46/24; }; - - listen-on { - 10/24; - 10.0.0.3; - }; - - listen-on port 53 { any; }; - - listen-on { 5.6.7.8; }; - - listen-on port 1234 { - !1.2.3.4; - 1.2.3/24; - }; - - listen-on-v6 { - 1:1:1:1:1:1:1:1; - }; - - listen-on-v6 port 777 { - 2:2:2:2:2:2:2:2; - }; - - query-source-v6 address 8:7:6:5:4:3:2:1 port *; - query-source port * address 10.0.0.54 ; - - lame-ttl 444; - - max-transfer-time-in 300; - max-transfer-time-out 10; - max-transfer-idle-in 100; - max-transfer-idle-out 11; - - max-retry-time 1234; - min-retry-time 1111; - max-refresh-time 888; - min-refresh-time 777; - - max-ncache-ttl 333; - min-ncache-ttl 22; - min-roots 15; - serial-queries 34; - - transfer-format one-answer; - - transfers-in 10; - transfers-per-ns 2; - transfers-out 0; - - transfer-source 10.0.0.5; - transfer-source-v6 4:3:2:1:5:6:7:8; - - request-ixfr yes; - provide-ixfr yes; - -# Now called 'provide-ixfr' -# maintain-ixfr-base no; // If yes, keep transaction log file for IXFR - - max-ixfr-log-size 20m; - coresize 100; - datasize 101; - files 230; - max-cache-size 1m; - stacksize 231; - heartbeat-interval 1001; - interface-interval 1002; - statistics-interval 1003; - - topology { - 10/8; - - !1.2.3/24; - - { 1.2/16; 3/8; }; - - - }; - - sortlist { 10/8; 11/8; }; - - tkey-domain "foo.com"; - tkey-dhkey "xyz" 666 ; - - rrset-order { - class IN type A name "foo" order random; - order cyclic; - }; -}; - -/* - * Control listeners, for "ndc". Every nameserver needs at least one. - */ -controls { - // 'inet' lines without a 'port' defaults to 'port 953' - // 'keys' must be used and the list must have at least one entry - inet * port 52 allow { any; } keys { "key2"; }; - unix "/var/run/ndc" perm 0600 owner 0 group 0; // ignored by named. - inet 10.0.0.1 allow { any; key foo; } keys { "key4";}; - inet 10.0.0.2 allow { none; } keys { "key-1"; "key-2"; }; - inet 10.0.0.2 allow { none; }; -}; - -zone "master.demo.zone" { - type master; // what used to be called "primary" - database "somedb -option1 -option2 arg1 arg2 arg3"; - file "master.demo.zone"; - check-names fail; - allow-update { none; }; - allow-update-forwarding { 10.0.0.5; !any; }; - allow-transfer { any; }; - allow-query { any; }; - sig-validity-interval 990; - notify explicit; - also-notify { 1.0.0.1; }; // don't notify any nameservers other - // than those on the NS list for this - // zone - forward first; - forwarders { 10.0.0.3; 1:2:3:4:5:6:7:8; }; -}; - -zone "slave.demo.zone" { - type slave; // what used to be called "secondary" - file "slave.demo.zone"; - ixfr-base "slave.demo.zone.ixfr"; // File name for IXFR transaction log file - masters { - 1.2.3.4 port 10 key "foo"; // where to zone transfer from - 5.6.7.8; - 6.7.8.9 key "zippo"; - }; - transfer-source 10.0.0.53; // fixes multihoming problems - check-names warn; - allow-update { none; }; - allow-transfer { any; }; - allow-update-forwarding { any; }; - allow-query { any; }; - max-transfer-time-in 120; // if not set, global option is used. - max-transfer-time-out 1; // if not set, global option is used. - max-transfer-idle-in 2; // if not set, global option is used. - max-transfer-idle-out 3; // if not set, global option is used. - also-notify { 1.0.0.2; }; - forward only; - forwarders { 10.45.45.45; 10.0.0.3; 1:2:3:4:5:6:7:8; }; -}; - -key "non-viewkey" { secret "YWFh" ; algorithm "zzz" ; }; - -view "test-view" in { - key "viewkey" { algorithm "xxx" ; secret "eXl5" ; }; - also-notify { 10.2.2.3; }; - managed-keys { - foo.com. static 4 3 2 "abdefghijklmnopqrstuvwxyz"; - }; - sig-validity-interval 45; - max-cache-size 100000; - allow-query { 10.0.0.30;}; - additional-from-cache false; - additional-from-auth no; - match-clients { 10.0.0.1 ; }; - check-names master warn; - check-names slave ignore; - check-names response fail; - auth-nxdomain false; - recursion true; - provide-ixfr false; - request-ixfr true; - fetch-glue true; - notify false; - rfc2308-type1 false; - transfer-source 10.0.0.55; - transfer-source-v6 4:3:8:1:5:6:7:8; - query-source port * address 10.0.0.54 ; - query-source-v6 address 6:6:6:6:6:6:6:6 port *; - max-transfer-time-out 45; - max-transfer-idle-out 55; - min-roots 3; - lame-ttl 477; - max-ncache-ttl 333; - max-cache-ttl 777; - transfer-format many-answers; - max-retry-time 7; - min-retry-time 4; - max-refresh-time 999; - min-refresh-time 111; - - zone "view-zone.com" { - type master; - allow-update-forwarding { 10.0.0.34;}; - file "view-zone-master"; - }; - - server 5.6.7.8 { - keys "viewkey"; - }; - - server 10.9.8.7 { - keys "non-viewkey"; - }; - dialup yes; -}; - - -zone "stub.demo.zone" { - type stub; // stub zones are like slave zones, - // except that only the NS records - // are transferred. - dialup yes; - file "stub.demo.zone"; - masters { - 1.2.3.4 ; // where to zone transfer from - 5.6.7.8 port 999; - }; - check-names warn; - allow-update { none; }; - allow-transfer { any; }; - allow-query { any; }; - - max-retry-time 10; - min-retry-time 11; - max-refresh-time 12; - min-refresh-time 13; - - max-transfer-time-in 120; // if not set, global option is used. - pubkey 257 255 1 "a useless key"; - pubkey 257 255 1 "another useless key"; -}; - -zone "." { - type hint; // used to be specified w/ "cache" - file "cache.db"; -// pubkey 257 255 1 "AQP2fHpZ4VMpKo/jc9Fod821uyfY5p8j5h/Am0V/KpBTMZjdXmp9QJe6yFRoIIzkaNCgTIftASdpXGgCwFB2j2KXP/rick6gvEer5VcDEkLR5Q=="; -}; - -managed-keys { - "." static 257 255 1 "AQP2fHpZ4VMpKo/jc9Fod821uyfY5p8j5h/Am0V/KpBTMZjdXmp9QJe6yFRoIIzkaNCgTIftASdpXGgCwFB2j2KXP/rick6gvEer5VcDEkLR5Q=="; -}; - - -acl can_query { !1.2.3/24; any; }; // network 1.2.3.0 mask 255.255.255.0 - // is disallowed; rest are OK -acl can_axfr { 1.2.3.4; can_query; }; // host 1.2.3.4 and any host allowed - // by can_query are OK - -zone "disabled-zone.com" { - type master; - file "bar"; - - max-retry-time 100; - min-retry-time 110; - max-refresh-time 120; - min-refresh-time 130; -}; - -zone "non-default-acl.demo.zone" { - type master; - file "foo"; - allow-query { can_query; }; - allow-transfer { can_axfr; }; - allow-update { - 1.2.3.4; - 5.6.7.8; - }; - pubkey 666 665 664 "key of the beast"; - // Errors trapped by parser: - // identity or name not absolute - // 'wildcard' match type and no wildcard character in name - // - // issues: - // - certain rdatatype values (such as "key") are config file keywords and - // must be quoted or a syntax error will occur. - // - - update-policy { - grant root.domain. subdomain host.domain. A MX CNAME; - grant sub.root.domain. wildcard *.host.domain. A; - grant root.domain. name host.domain. a ns md mf cname soa mb mg - mr "null" wks ptr hinfo minfo mx txt rp afsdb x25 - isdn rt nsap sig "key" px gpos aaaa loc nxt srv naptr kx - cert a6 dname opt unspec uri tkey tsig ; - grant foo.bar.com. self foo.bar.com. a; - }; -}; - -key sample_key { // for TSIG; supported by parser - algorithm hmac-md5; // but not yet implemented in the - secret "eW91ciBzZWNyZXQgaGVyZQ=="; // rest of the server -}; - -key key2 { - algorithm hmac-md5; - secret "ZXJlaCB0ZXJjZXMgcm91eQ=="; -}; - -acl key_acl { key sample_key; }; // a request signed with sample_key - -server 1.2.3.4 { - request-ixfr no; - provide-ixfr no; - bogus no; // if yes, we won't query or listen - // to this server - transfer-format one-answer; // set transfer format for this - // server (see the description of - // 'transfer-format' above) - // if not specified, the global option - // will be used - transfers 0; // not implemented - keys { "sample_key" }; // for TSIG; supported by the parser - // but not yet implemented in the - // rest of the server -# Now called 'request-ixfr' -# support-ixfr yes; // for IXFR supported by server - // if yes, the listed server talks IXFR -}; - -logging { - /* - * All log output goes to one or more "channels"; you can make as - * many of them as you want. - */ - - channel syslog_errors { // this channel will send errors or - syslog user; // or worse to syslog (user facility) - severity error; - }; - - channel stderr_errors { - stderr; - }; - - /* - * Channels have a severity level. Messages at severity levels - * greater than or equal to the channel's level will be logged on - * the channel. In order of decreasing severity, the levels are: - * - * critical a fatal error - * error - * warning - * notice a normal, but significant event - * info an informational message - * debug 1 the least detailed debugging info - * ... - * debug 99 the most detailed debugging info - */ - - /* - * Here are the built-in channels: - * - * channel default_syslog { - * syslog daemon; - * severity info; - * }; - * - * channel default_debug { - * file "named.run"; // note: stderr is used instead - * // of "named.run" if the server - * // is started with the "-f" - * // option. - * severity dynamic; // this means log debugging - * // at whatever debugging level - * // the server is at, and don't - * // log anything if not - * // debugging. - * }; - * - * channel null { // this is the bit bucket; - * file "/dev/null"; // any logging to this channel - * // is discarded. - * }; - * - * channel default_stderr { // writes to stderr - * file ""; // this is illustrative only; - * // there's currently no way - * // of saying "stderr" in the - * // configuration language. - * // i.e. don't try this at home. - * severity info; - * }; - * - * default_stderr only works before the server daemonizes (i.e. - * during initial startup) or when it is running in foreground - * mode (-f command line option). - */ - - /* - * There are many categories, so you can send the logs - * you want to see wherever you want, without seeing logs you - * don't want. Right now the categories are - * - * default the catch-all. many things still - * aren't classified into categories, and - * they all end up here. also, if you - * don't specify any channels for a - * category, the default category is used - * instead. - * config high-level configuration file - * processing - * parser low-level configuration file processing - * queries what used to be called "query logging" - * lame-servers messages like "Lame server on ..." - * statistics - * panic if the server has to shut itself - * down due to an internal problem, it - * logs the problem here (as well as - * in the problem's native category) - * update dynamic update - * ncache negative caching - * xfer-in zone transfers we're receiving - * xfer-out zone transfers we're sending - * db all database operations - * eventlib debugging info from the event system - * (see below) - * packet dumps of packets received and sent - * (see below) - * notify the NOTIFY protocol - * cname messages like "XX points to a CNAME" - * security approved/unapproved requests - * os operating system problems - * insist consistency check failures - * maintenance periodic maintenance - * load zone loading - * response-checks messages like - * "Malformed response ..." - * "wrong ans. name ..." - * "unrelated additional info ..." - * "invalid RR type ..." - * "bad referral ..." - */ - - category parser { - syslog_errors; // you can log to as many channels - default_syslog; // as you want - }; - - category lame-servers { null; }; // don't log these at all - - channel moderate_debug { - file "foo"; // foo - severity debug 3; // level 3 debugging to file - print-time yes; // timestamp log entries - print-category yes; // print category name - print-severity yes; // print severity level - /* - * Note that debugging must have been turned on either - * on the command line or with a signal to get debugging - * output (non-debugging output will still be written to - * this channel). - */ - }; - - channel another { - file "bar" versions 99 size 10M; - severity info; - }; - - channel third { - file "bar" size 100000 versions unlimited; - severity debug; // use default debug level - }; - - /* - * If you don't want to see "zone XXXX loaded" messages but do - * want to see any problems, you could do the following. - */ - channel no_info_messages { - syslog; - severity notice; - }; - - category load { no_info_messages; }; - - /* - * You can also define category "default"; it gets used when no - * "category" statement has been given for a category. - */ - category default { - default_syslog; - moderate_debug; - }; - - /* - * If you don't define category default yourself, the default - * default category will be used. It is - * - * category default { default_syslog; default_debug; }; - */ - - /* - * If you don't define category panic yourself, the default - * panic category will be used. It is - * - * category panic { default_syslog; default_stderr; }; - */ - - /* - * Two categories, 'packet' and 'eventlib', are special. Only one - * channel may be assigned to each of them, and it must be a - * file channel. If you don't define them yourself, they default to - * - * category eventlib { default_debug; }; - * - * category packet { default_debug; }; - */ -}; - -#include "filename"; // can't do within a statement - diff --git a/licences.conf b/licences.conf index 0920d59..c74f9cb 100644 --- a/licences.conf +++ b/licences.conf @@ -1,9 +1,12 @@ # Mask all licences */* -* +# Hotfix +*/* * + ## FSF # GPL-3 -*/* GPL-3 LGPL-3 +*/* GPL-3 LGPL-3 AGPL-3 # LGPL-2.1 */* LGPL-2.1 @@ -28,6 +31,17 @@ */* public-domain # Needs to be checked +*/* cyrus-sasl +*/* Unicode-Data +*/* Artistic-2.0 +*/* as-is +*/* ISC +*/* Apache-2.0 +*/* EPL-2.0 +*/* IPL-1.0 +*/* PSF-2.2 +*/* ZPL-2.1 +*/* PYTHON app-arch/bzip2:0::arbor[>=1.0.8] bzip2-withdocs app-arch/xz:0::arbor[>=5.2.5] public-domain sys-apps/util-linux:0::arbor[>=2.36] ISC @@ -51,6 +65,8 @@ sys-devel/ninja::arbor Apache-2.0 sys-devel/meson::arbor Apache-2.0 dev-libs/icu::arbor icu app-arch/unzip::arbor Info-ZIP +app-editors/vim::arbor vim +app-editors/vim-runtime::arbor vim # Hotfix diff --git a/options.bash b/options.bash index 65fbc56..5e822af 100644 --- a/options.bash +++ b/options.bash @@ -22,12 +22,25 @@ checkpkg "^sys-apps\/sydbox\$" && ${PRINTF:-printf} '%s\n' \ checkpkg "^net-dns\/bind\$" && ${PRINTF:-printf} '%s\n' \ "net-dns/bind::arbor caps" || true +# Dovecot +checkpkg "^net-mail\/dovecot\$" && ${PRINTF:-printf} '%s\n' \ + "net-mail/dovecot::arbor arbon2 tcpd" + # SSH ##@ X509 = To generate X.509 certs ##@ lsns = For DNSSEC support (according to exherbo) checkpkg "^net-misc\/openssh\$" && ${PRINTF:-printf} '%s\n' \ "net-misc/openssh::arbor X509 ldns" || true +# Mutt +checkpkg "^mail-client\/mutt\$" && ${PRINTF:-printf} '%s\n' \ + "mail-client/mutt::arbor ncurses sasl gdbm" || true +# Vim +##@ gpm = Adds support for sys-libs/gpm (Console-based mouse driver) +##@ +checkpkg "^app-editors\/vim\$" && ${PRINTF:-printf} '%s\n' \ + "app-editors/vim::arbor gpm" || true + # Jobs ${PRINTF:-printf} "*/* BUILD_OPTIONS: jobs=%s\\n" "$(${NPROC:-nproc} || ${PRINTF:-printf} 1)" diff --git a/options.conf b/options.conf index 6b5037c..3c0a712 100644 --- a/options.conf +++ b/options.conf @@ -1,14 +1,11 @@ -*/* -* bash-completion threads pulseaudio btrfs openssl \ +*/* -* bash-completion threads pulseaudio btrfs openssl ssl \ TARGETS: -* x86_64-pc-linux-gnu \ - PROVIDERS: -* gnu dhcpcd openssl man krb5 unzip lynx libxml2 dbus-broker ijg-jpeg elfutils pkg-config \ - INPUT_DRIVERS: -* evdev keyboard mouse synaptics consolekit \ + PROVIDERS: -* gnu dhcpcd openssl man krb5 unzip lynx libxml2 dbus-broker ijg-jpeg elfutils pkg-config nftables cronie \ + INPUT_DRIVERS: -* evdev consolekit \ LINGUAS: -* en_US cs \ HOSTS: -* x86_64-pc-linux-gnu -x86_64-pc-linux-musl \ VIDEO_DRIVERS: -* -i915 intel -# Recommended on IRC #exherbo -sys-apps/paludis -python - # Version handling of backend */* \ PYTHON_ABIS: -* 3.6 \ @@ -29,4 +26,7 @@ sys-apps/paludis -python */* BUILD_OPTIONS: -recommended_tests # Unknown dependency +dev-python/Sphinx[=3.1.2] PROVIDERS: imagemagick dev-libs/libxml2:2.0::arbor[=2.9.10-r2] python +dev-lang/perl:5.30::arbor[=5.30.3] berkdb dbm +dev-lang/python:3.6::arbor sqlite diff --git a/repositories/mixi.conf b/repositories/mixi.conf new file mode 100644 index 0000000..ad8adf2 --- /dev/null +++ b/repositories/mixi.conf @@ -0,0 +1,3 @@ +format = e +location = /var/db/paludis/repositories/mixi +sync = git+https://git.exherbo.org/git/dev/mixi.git diff --git a/world b/world index 21d819c..193f7c6 100644 --- a/world +++ b/world @@ -35,7 +35,7 @@ repository/unwritten repository/vim repository/virtualization repository/x11 - +repository/mixi # CORE sys-apps/paludis sys-apps/sydbox @@ -47,10 +47,34 @@ sys-devel/meson app-arch/zstd x11-misc/shared-mime-info net-misc/tor +sys-process/htop + ## Syslog sys-apps/syslog-ng + ## SSH net-misc/openssh +sys-process/cronie # DNS net-dns/bind + +# NETWORK +net-scanner/nmap +net-misc/connman +net-misc/mtr +net-misc/dhcpcd +net-misc/wget +net-misc/aria2 +net-misc/curl +net-firewall/nftables + +# EMAIL +mail-mta/postfix +net-mail/dovecot +mail-filter/spamassassin +mail-client/mutt + +# MISC +app-editors/vim +net-firewall/nftables