kreyren/paludis-config
1
0
Fork 0
Code Issues 2 Pull Requests Releases Activity

sync

Browse Source
This commit is contained in:
root 2020-10-14 14:09:59 +02:00
parent 5682fe1229
commit 5444dca990
10 changed files with 129 additions and 655 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored Normal file
View File

@ -0,0 +1,2 @@
# Ignore editor files
*.swp

2
bashrc
View File

@ -30,4 +30,4 @@ CBUILD="x86_64-pc-linux-gnu"
export PALUDIS_PATCHDIR="$ROOT/etc/paludis/paludis" export PALUDIS_PATCHDIR="$ROOT/etc/paludis/paludis"
. "${PALUDIS_DIR:-/etc/paludis}/libs/shell/sysconf.bash" #. "${PALUDIS_DIR:-/etc/paludis}/libs/shell/imgconf.bash"

47
imgconf/net-dns/bind/etc/bind/master/rixotstudio.cz
View File

@ -1,42 +1,41 @@
;; Can be tested using clear; named-checkzone rixotstudio.cz rixotstudio.cz ;; Can be tested using clear; named-checkzone rixotstudio.cz rixotstudio.cz
$TTL 3600 $TTL 300
$ORIGIN rixotstudio.cz. $ORIGIN rixotstudio.cz.
@ 300 IN NS ns.wedos.cz.
@ IN SOA ( @ IN SOA (
ns1.rixotstudio.cz. ; MNAME ns.dreamon.rixotstudio.cz. ; MNAME
hostmaster.rixotstudio.cz. ; RNAME hostmaster.dreamon.rixotstudio.cz. ; RNAME
2020042100 ; SERIAL 2020042123 ; SERIAL
8H ; REFRESH 8H ; REFRESH
2H ; RETRY 2H ; RETRY
1W ; EXPIRY 1W ; EXPIRY
2H ; MINIMUM Negative Cache TTL 2H ; MINIMUM Negative Cache TTL
) )
;; NS ;; NS
@ 300 IN NS dreamon.rixotstudio.cz. ;@ 300 IN NS ns.dreamon.rixotstudio.cz.
@ 3600 IN NS ns.wedos.cz.
@ 3600 IN NS ns.wedos.net.
@ 3600 IN NS ns.wedos.eu.
@ 3600 IN NS ns.wedos.com.
;; DEFAULT ;; DEFAULT
rixotstudio.cz IN CNAME dreamon.rixotstudio.cz ;rixotstudio.cz. IN CNAME dreamon.rixotstudio.cz
mail.rixotstudio.cz. IN MX 10 dreamon.rixotstudio.cz. ;ns.rixotstudio.cz. IN CNAME 213.220.230.81
ns.dreamon.rixotstudio.cz. IN A 213.220.230.81
mail.rixotstudio.cz. IN MX 10 dreamon.rixotstudio.cz.
openpgpkey.rixotstudio.cz. IN CNAME wkd.keys.openpgp.org. openpgpkey.rixotstudio.cz. IN CNAME wkd.keys.openpgp.org.
;rixotstudio.cz. IN DS 8837 13 2 <DIGEST> ;rixotstudio.cz. IN DS 64022 14 2 9EE542B149F2AFF449677D3425FBB2573208FED686E81800FD0630841309F68B
;; DREAMON ;; DREAMON
dreamon.rixotstudio.cz. IN A 78.102.113.209 dreamon.rixotstudio.cz. IN A 213.220.230.81
mail.dreamon.rixotstudio.cz. 3600 IN MX 10 dreamon.rixotstudio.cz. mail.dreamon.rixotstudio.cz. IN MX 10 dreamon.rixotstudio.cz.
smtp.dreamon.rixotstudio.cz IN CNAME dreamon.rixotstudio.cz. smtp.dreamon.rixotstudio.cz IN CNAME dreamon.rixotstudio.cz.
smtps.dreamon.rixotstudio.cz IN CNAME dreamon.rixotstudio.cz. smtps.dreamon.rixotstudio.cz IN CNAME dreamon.rixotstudio.cz.
imap.dreamon.rixotstudio.cz IN CNAME dreamon.rixotstudio.cz. imap.dreamon.rixotstudio.cz IN CNAME dreamon.rixotstudio.cz.
imaps.dreamon.rixotstudio.cz IN CNAME dreamon.rixotstudio.cz. imaps.dreamon.rixotstudio.cz IN CNAME dreamon.rixotstudio.cz.
pop3.dreamon.rixotstudio.cz IN CNAME dreamon.rixotstudio.cz. pop3.dreamon.rixotstudio.cz IN CNAME dreamon.rixotstudio.cz.
pop3s.dreamon.rixotstudio.cz IN CNAME dreamon.rixotstudio.cz. pop3s.dreamon.rixotstudio.cz IN CNAME dreamon.rixotstudio.cz.
;2020._domainkey.dreamon.rixotstudio.cz. 120 IN TXT "v=DKIM1; n=\"dreamon\"; h=rsa-sha256; k=rsa; s=email; p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr/UtumdfuHcGPMUmV/ilYtHZ8yoG4n6G29krAH4/6abcpthr0JMMJhb7yImfRa4yupZPOI6sggMPZNy2vBf89VkLJpf+PT9kZ9Dtbwi0xcRkwO3x5emhZ+DQsEvbZPkakP5qrGIORjWTpPQuit3QN716gwtV+TCnMWT3vF+A+Wz1qiC2DsINg2b45XZYclIIngmhR3YVq17Oai rb8fH24F/plNUQICr7VzI4RQNG8qJhCmcnLt8x1kThoNxX1c1FufUPacTNTUlu2sflUDKUEF+MUq/ng3NaXzyySkpEkeU3j9d3CG+BEfJitBFwEgdJoy7LvpHmjKZDb7ImIG4w8wPlBDorlVwi2Wtj6RsqS7NV7vm4FZ1vkbgA8/xmRbpV6kaz9tG1emKwnu+/8BMNUhzMDxrAta1aYgqR3w1EGId7OWuh7WW57uFOTnlnbzWSb+yo8Paf 8MbpUpYOYLWx8xsbgCqIGYrO8OuaLEqBEDHG7i1FoXUX5wmKM4ouuSsDxA9blce1pO2i7M6MnuO90X/404hptWt6EvTapilXcZb89ktbLvisxS+EcaINJTA0yZNVdfnp38b6uClbYNeCa3jx2C9t70FMwTWdmV1yiBB1bz265vo09dERefLPCHNauG5JQoRbUgDRQeCD1EiQebBdg71XmTRgeZH4CRIyg00CAwEAAQ==" ;2020._domainkey.dreamon.rixotstudio.cz. IN TXT "v=DKIM1; n=dreamon; h=rsa-sha256; k=rsa; s=email; p=\"MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr/UtumdfuHcGPMUmV/ilYtHZ8yoG4n6G29krAH4/6abcpthr0JMMJhb7yImfRa4yupZPOI6sggMPZNy2vBf89VkLJpf+PT9kZ9Dtbwi0xcRkwO3x5emhZ+DQsEvbZPkakP5qrGIORjWTpPQuit3QN716gwtV+TCnMWT3vF+A+Wz1qiC2DsINg2b45XZYclIIngmhR3YVq17Oai rb8fH24F/plNUQICr7VzI4RQNG8qJhCmcnLt8x1kThoNxX1c1FufUPacTNTUlu2sflUDKUEF+MUq/ng3NaXzyySkpEkeU3j9d3CG+BEfJitBFwEgdJoy7LvpHmjKZDb7ImIG4w8wPlBDorlVwi2Wtj6RsqS7NV7vm4FZ1vkbgA8/xmRbpV6kaz9tG1emKwnu+/8BMNUhzMDxrAta1aYgqR3w1EGId7OWuh7WW57uFOTnlnbzWSb+yo8Paf 8MbpUpYOYLWx8xsbgCqIGYrO8OuaLEqBEDHG7i1FoXUX5wmKM4ouuSsDxA9blce1pO2i7M6MnuO90X/404hptWt6EvTapilXcZb89ktbLvisxS+EcaINJTA0yZNVdfnp38b6uClbYNeCa3jx2C9t70FMwTWdmV1yiBB1bz265vo09dERefLPCHNauG5JQoRbUgDRQeCD1EiQebBdg71XmTRgeZH4CRIyg00CAwEAAQ==\""
_adsp._domainkey.dreamon.rixotstudio.cz. 3600 IN TXT "dkim=all" _adsp._domainkey.dreamon.rixotstudio.cz. IN TXT "dkim=all"
_dmarc.dreamon.rixotstudio.cz. 3600 IN TXT "v=DMARC1,p=quarantine,sp=quarantine,pct=100,rua=mailto:dmarc-report@rixotstudio.cz!20m,ruf=mailto:authfail@rixotstudio.cz!20m,adkim=r,aspf=r,fo=1,rf=afrf" _dmarc.dreamon.rixotstudio.cz. IN TXT "v=DMARC1,p=quarantine,sp=quarantine,pct=100,rua=mailto:dmarc-report@rixotstudio.cz!20m,ruf=mailto:authfail@rixotstudio.cz!20m,adkim=r,aspf=r,fo=1,rf=afrf"
dreamon.rixotstudio.cz. 3600 IN TXT "v=spf1 a:dreamon.rixotstudio.cz ip4:78.102.113.209 -all" dreamon.rixotstudio.cz. IN TXT "v=spf1 a:dreamon.rixotstudio.cz ip4:78.102.113.209 -all"
;; LEONID ;; LEONID
leonid.rixotstudio.cz. IN A 94.113.123.218 leonid.rixotstudio.cz. IN A 94.113.123.218
mail.leonid.rixotstudio.cz. 3600 IN MX 10 leonid.rixotstudio.cz. mail.leonid.rixotstudio.cz. IN MX 10 leonid.rixotstudio.cz.
smtp.leonid.rixotstudio.cz. IN CNAME leonid.rixotstudio.cz. smtp.leonid.rixotstudio.cz. IN CNAME leonid.rixotstudio.cz.
smtps.leonid.rixotstudio.cz. IN CNAME leonid.rixotstudio.cz. smtps.leonid.rixotstudio.cz. IN CNAME leonid.rixotstudio.cz.
imap.leonid.rixotstudio.cz. IN CNAME leonid.rixotstudio.cz. imap.leonid.rixotstudio.cz. IN CNAME leonid.rixotstudio.cz.
@ -44,8 +43,8 @@ imaps.leonid.rixotstudio.cz. IN CNAME leonid.rixotstudio.cz.
pop3.leonid.rixotstudio.cz. IN CNAME leonid.rixotstudio.cz. pop3.leonid.rixotstudio.cz. IN CNAME leonid.rixotstudio.cz.
pop3s.leonid.rixotstudio.cz. IN CNAME leonid.rixotstudio.cz. pop3s.leonid.rixotstudio.cz. IN CNAME leonid.rixotstudio.cz.
;; ROGISEK ;; ROGISEK
rogisek IN A 94.113.123.218 rogisek IN A 94.113.123.218
mail.rogisek.rixotstudio.cz. 3600 IN MX 10 rogisek.rixotstudio.cz. mail.rogisek.rixotstudio.cz. IN MX 10 rogisek.rixotstudio.cz.
smtp.rogisek.rixotstudio.cz. IN CNAME rogisek.rixotstudio.cz. smtp.rogisek.rixotstudio.cz. IN CNAME rogisek.rixotstudio.cz.
smtps.rogisek.rixotstudio.cz. IN CNAME rogisek.rixotstudio.cz. smtps.rogisek.rixotstudio.cz. IN CNAME rogisek.rixotstudio.cz.
imap.rogisek.rixotstudio.cz. IN CNAME rogisek.rixotstudio.cz. imap.rogisek.rixotstudio.cz. IN CNAME rogisek.rixotstudio.cz.
@ -54,7 +53,7 @@ pop3.rogisek.rixotstudio.cz. IN CNAME rogisek.rixotstudio.cz.
pop3s.rogisek.rixotstudio.cz. IN CNAME rogisek.rixotstudio.cz. pop3s.rogisek.rixotstudio.cz. IN CNAME rogisek.rixotstudio.cz.
;; Security challenge ;; Security challenge
_acme-challenge.dreamon.rixotstudio.cz. IN TXT "EjzaayF_SqOHaWLhgzYiNKXkCoWaxGz75VgIw8BeFlU" _acme-challenge.dreamon.rixotstudio.cz. IN TXT "EjzaayF_SqOHaWLhgzYiNKXkCoWaxGz75VgIw8BeFlU"
_acme-challenge.imap.dreamon.rixotstudio.cz. IN TXT "tJfxA2ebY8Lt93-danryaPrI7JZynaqvHbFLOCGLVzI" _acme-challenge.imap.dreamon.rixotstudio.cz. IN TXT "tJfxA2ebY8Lt93-danryaPrI7JZynaqvHbFLOCGLVzI"
_acme-challenge.imap.rixotstudio.cz. IN TXT "NhFFlS-CYCXKGFOqmr69ypqRts4rgLUf5qVW4VPEl0E" _acme-challenge.imap.rixotstudio.cz. IN TXT "NhFFlS-CYCXKGFOqmr69ypqRts4rgLUf5qVW4VPEl0E"
_acme-challenge.imaps.dreamon.rixotstudio.cz. IN TXT "H4JBnbAuk-pIfNsOy43W56r90Pb6mq_636HjhfVP1_g" _acme-challenge.imaps.dreamon.rixotstudio.cz. IN TXT "H4JBnbAuk-pIfNsOy43W56r90Pb6mq_636HjhfVP1_g"

44
imgconf/net-dns/bind/etc/bind/named.conf
View File

@ -1,3 +1,5 @@
# Relevant: https://kb.isc.org/docs/aa-00711
options { options {
// Krey: Set directory for bind // Krey: Set directory for bind
directory "/bedrock/strata/exherbo/var/bind"; directory "/bedrock/strata/exherbo/var/bind";
@ -5,6 +7,8 @@ options {
// Krey: Sets Random Device // Krey: Sets Random Device
random-device "/dev/random"; random-device "/dev/random";
key-directory "/bedrock/strata/exherbo/var/cache/bind/keys";
// uncomment the following lines to turn on DNS forwarding, // uncomment the following lines to turn on DNS forwarding,
// and change the forwarding ip address(es) : // and change the forwarding ip address(es) :
//forward first; //forward first;
@ -13,6 +17,8 @@ options {
// 123.123.123.123; // 123.123.123.123;
//}; //};
listen-on port 53 { any; };
listen-on-v6 { none; }; listen-on-v6 { none; };
listen-on { 127.0.0.1; }; listen-on { 127.0.0.1; };
@ -26,6 +32,28 @@ options {
pid-file "/bedrock/strata/exherbo/run/named/named.pid"; pid-file "/bedrock/strata/exherbo/run/named/named.pid";
}; };
#controls {
# inet 127.0.0.1 port 953
# allow { 127.0.0.1; } keys { "/etc/bind/rndc.key"; };
#};
logging {
channel named_log{
file "/var/log/named/bind.log" versions 3 size 2m;
severity info;
print-severity yes;
print-time yes;
print-category yes;
};
category default {
named_log;
};
category lame-servers {
null;
};
};
// Briefly, a zone which has been declared delegation-only will be effectively // Briefly, a zone which has been declared delegation-only will be effectively
// limited to containing NS RRs for subdomains, but no actual data beyond its // limited to containing NS RRs for subdomains, but no actual data beyond its
// own apex (for example, its SOA RR and apex NS RRset). This can be used to // own apex (for example, its SOA RR and apex NS RRset). This can be used to
@ -37,15 +65,21 @@ options {
zone "rixotstudio.cz" { zone "rixotstudio.cz" {
type master; type master;
file "/bedrock/strata/exherbo/etc/bind/master/rixotstudio.cz"; file "/bedrock/strata/exherbo/etc/bind/master/rixotstudio.cz";
update-policy {
grant ddns-key zonesub ANY;
};
allow-transfer { allow-transfer {
// Current Server IP // Current Server IP
78.102.113.209; 213.220.230.81;
// Secondary DNS IP - nic.cz (wedos.cz) // Wedos - Secondary DNS
46.28.104.66; 46.28.104.67;
}; };
allow-update { 78.102.113.209; }; #allow-update { 213.220.230.81; };
key-directory "/bedrock/strata/exherbo/var/cache/bind/keys/rixotstudio.cz";
inline-signing yes; inline-signing yes;
# Only sign DNSKEY with KSK
dnssec-dnskey-kskonly yes;
# expiration time 21d, refresh period 16d
sig-validity-interval 21 16;
auto-dnssec maintain; auto-dnssec maintain;
serial-update-method unixtime; serial-update-method unixtime;
}; };

617
imgconf/net-dns/bind/etc/bind/named.conf.complex_sample
View File

@ -1,617 +0,0 @@
/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
/*
* This is a worthless, nonrunnable example of a named.conf file that has
* every conceivable syntax element in use. We use it to test the parser.
* It could also be used as a conceptual template for users of new features.
*/
/*
* C-style comments are OK
*/
// So are C++-style comments
# So are shell-style comments
// watch out for ";" -- it's important!
options {
additional-from-auth true;
additional-from-cache false;
version "my version string";
random-device "/dev/random";
directory "/tmp";
port 666;
sig-validity-interval 33;
# Obsolete
named-xfer "/usr/libexec/named-xfer"; // _PATH_XFER
dump-file "named_dump.db"; // _PATH_DUMPFILE
pid-file "/var/run/named.pid"; // _PATH_PIDFILE
statistics-file "named.stats"; // _PATH_STATS
memstatistics-file "named.memstats"; // _PATH_MEMSTATS
max-cache-ttl 999;
min-cache-ttl 66;
auth-nxdomain yes; // always set AA on NXDOMAIN.
// don't set this to 'no' unless
// you know what you're doing -- older
// servers won't like it.
# Obsolete
deallocate-on-exit no;
dialup yes;
# Obsolete
fake-iquery no;
fetch-glue yes;
has-old-clients yes;
host-statistics no;
# Obsolete
multiple-cnames no; // if yes, then a name my have more
// than one CNAME RR. This use
// is non-standard and is not
// recommended, but it is available
// because previous releases supported
// it and it was used by large sites
// for load balancing.
notify yes; // send NOTIFY messages. You can set
// notify on a zone-by-zone
// basis in the "zone" statement
// see (below)
recursion yes;
rfc2308-type1 no;
# Obsolete
use-id-pool yes;
# Obsolete
treat-cr-as-space yes;
also-notify { 10.0.2.3; };
// The "forward" option is only meaningful if you've defined
// forwarders. "first" gives the normal BIND
// forwarding behavior, i.e. ask the forwarders first, and if that
// doesn't work then do the full lookup. You can also say
// "forward only;" which is what used to be specified with
// "slave" or "options forward-only". "only" will never attempt
// a full lookup; only the forwarders will be used.
forward first;
forwarders {
1.2.3.4;
5.6.7.8;
};
check-names master fail;
check-names slave warn;
check-names response ignore;
allow-query { any; };
allow-transfer { any; };
allow-recursion { !any; };
blackhole { 45/24; };
keep-response-order { 46/24; };
listen-on {
10/24;
10.0.0.3;
};
listen-on port 53 { any; };
listen-on { 5.6.7.8; };
listen-on port 1234 {
!1.2.3.4;
1.2.3/24;
};
listen-on-v6 {
1:1:1:1:1:1:1:1;
};
listen-on-v6 port 777 {
2:2:2:2:2:2:2:2;
};
query-source-v6 address 8:7:6:5:4:3:2:1 port *;
query-source port * address 10.0.0.54 ;
lame-ttl 444;
max-transfer-time-in 300;
max-transfer-time-out 10;
max-transfer-idle-in 100;
max-transfer-idle-out 11;
max-retry-time 1234;
min-retry-time 1111;
max-refresh-time 888;
min-refresh-time 777;
max-ncache-ttl 333;
min-ncache-ttl 22;
min-roots 15;
serial-queries 34;
transfer-format one-answer;
transfers-in 10;
transfers-per-ns 2;
transfers-out 0;
transfer-source 10.0.0.5;
transfer-source-v6 4:3:2:1:5:6:7:8;
request-ixfr yes;
provide-ixfr yes;
# Now called 'provide-ixfr'
# maintain-ixfr-base no; // If yes, keep transaction log file for IXFR
max-ixfr-log-size 20m;
coresize 100;
datasize 101;
files 230;
max-cache-size 1m;
stacksize 231;
heartbeat-interval 1001;
interface-interval 1002;
statistics-interval 1003;
topology {
10/8;
!1.2.3/24;
{ 1.2/16; 3/8; };
};
sortlist { 10/8; 11/8; };
tkey-domain "foo.com";
tkey-dhkey "xyz" 666 ;
rrset-order {
class IN type A name "foo" order random;
order cyclic;
};
};
/*
* Control listeners, for "ndc". Every nameserver needs at least one.
*/
controls {
// 'inet' lines without a 'port' defaults to 'port 953'
// 'keys' must be used and the list must have at least one entry
inet * port 52 allow { any; } keys { "key2"; };
unix "/var/run/ndc" perm 0600 owner 0 group 0; // ignored by named.
inet 10.0.0.1 allow { any; key foo; } keys { "key4";};
inet 10.0.0.2 allow { none; } keys { "key-1"; "key-2"; };
inet 10.0.0.2 allow { none; };
};
zone "master.demo.zone" {
type master; // what used to be called "primary"
database "somedb -option1 -option2 arg1 arg2 arg3";
file "master.demo.zone";
check-names fail;
allow-update { none; };
allow-update-forwarding { 10.0.0.5; !any; };
allow-transfer { any; };
allow-query { any; };
sig-validity-interval 990;
notify explicit;
also-notify { 1.0.0.1; }; // don't notify any nameservers other
// than those on the NS list for this
// zone
forward first;
forwarders { 10.0.0.3; 1:2:3:4:5:6:7:8; };
};
zone "slave.demo.zone" {
type slave; // what used to be called "secondary"
file "slave.demo.zone";
ixfr-base "slave.demo.zone.ixfr"; // File name for IXFR transaction log file
masters {
1.2.3.4 port 10 key "foo"; // where to zone transfer from
5.6.7.8;
6.7.8.9 key "zippo";
};
transfer-source 10.0.0.53; // fixes multihoming problems
check-names warn;
allow-update { none; };
allow-transfer { any; };
allow-update-forwarding { any; };
allow-query { any; };
max-transfer-time-in 120; // if not set, global option is used.
max-transfer-time-out 1; // if not set, global option is used.
max-transfer-idle-in 2; // if not set, global option is used.
max-transfer-idle-out 3; // if not set, global option is used.
also-notify { 1.0.0.2; };
forward only;
forwarders { 10.45.45.45; 10.0.0.3; 1:2:3:4:5:6:7:8; };
};
key "non-viewkey" { secret "YWFh" ; algorithm "zzz" ; };
view "test-view" in {
key "viewkey" { algorithm "xxx" ; secret "eXl5" ; };
also-notify { 10.2.2.3; };
managed-keys {
foo.com. static 4 3 2 "abdefghijklmnopqrstuvwxyz";
};
sig-validity-interval 45;
max-cache-size 100000;
allow-query { 10.0.0.30;};
additional-from-cache false;
additional-from-auth no;
match-clients { 10.0.0.1 ; };
check-names master warn;
check-names slave ignore;
check-names response fail;
auth-nxdomain false;
recursion true;
provide-ixfr false;
request-ixfr true;
fetch-glue true;
notify false;
rfc2308-type1 false;
transfer-source 10.0.0.55;
transfer-source-v6 4:3:8:1:5:6:7:8;
query-source port * address 10.0.0.54 ;
query-source-v6 address 6:6:6:6:6:6:6:6 port *;
max-transfer-time-out 45;
max-transfer-idle-out 55;
min-roots 3;
lame-ttl 477;
max-ncache-ttl 333;
max-cache-ttl 777;
transfer-format many-answers;
max-retry-time 7;
min-retry-time 4;
max-refresh-time 999;
min-refresh-time 111;
zone "view-zone.com" {
type master;
allow-update-forwarding { 10.0.0.34;};
file "view-zone-master";
};
server 5.6.7.8 {
keys "viewkey";
};
server 10.9.8.7 {
keys "non-viewkey";
};
dialup yes;
};
zone "stub.demo.zone" {
type stub; // stub zones are like slave zones,
// except that only the NS records
// are transferred.
dialup yes;
file "stub.demo.zone";
masters {
1.2.3.4 ; // where to zone transfer from
5.6.7.8 port 999;
};
check-names warn;
allow-update { none; };
allow-transfer { any; };
allow-query { any; };
max-retry-time 10;
min-retry-time 11;
max-refresh-time 12;
min-refresh-time 13;
max-transfer-time-in 120; // if not set, global option is used.
pubkey 257 255 1 "a useless key";
pubkey 257 255 1 "another useless key";
};
zone "." {
type hint; // used to be specified w/ "cache"
file "cache.db";
// pubkey 257 255 1 "AQP2fHpZ4VMpKo/jc9Fod821uyfY5p8j5h/Am0V/KpBTMZjdXmp9QJe6yFRoIIzkaNCgTIftASdpXGgCwFB2j2KXP/rick6gvEer5VcDEkLR5Q==";
};
managed-keys {
"." static 257 255 1 "AQP2fHpZ4VMpKo/jc9Fod821uyfY5p8j5h/Am0V/KpBTMZjdXmp9QJe6yFRoIIzkaNCgTIftASdpXGgCwFB2j2KXP/rick6gvEer5VcDEkLR5Q==";
};
acl can_query { !1.2.3/24; any; }; // network 1.2.3.0 mask 255.255.255.0
// is disallowed; rest are OK
acl can_axfr { 1.2.3.4; can_query; }; // host 1.2.3.4 and any host allowed
// by can_query are OK
zone "disabled-zone.com" {
type master;
file "bar";
max-retry-time 100;
min-retry-time 110;
max-refresh-time 120;
min-refresh-time 130;
};
zone "non-default-acl.demo.zone" {
type master;
file "foo";
allow-query { can_query; };
allow-transfer { can_axfr; };
allow-update {
1.2.3.4;
5.6.7.8;
};
pubkey 666 665 664 "key of the beast";
// Errors trapped by parser:
// identity or name not absolute
// 'wildcard' match type and no wildcard character in name
//
// issues:
// - certain rdatatype values (such as "key") are config file keywords and
// must be quoted or a syntax error will occur.
//
update-policy {
grant root.domain. subdomain host.domain. A MX CNAME;
grant sub.root.domain. wildcard *.host.domain. A;
grant root.domain. name host.domain. a ns md mf cname soa mb mg
mr "null" wks ptr hinfo minfo mx txt rp afsdb x25
isdn rt nsap sig "key" px gpos aaaa loc nxt srv naptr kx
cert a6 dname opt unspec uri tkey tsig ;
grant foo.bar.com. self foo.bar.com. a;
};
};
key sample_key { // for TSIG; supported by parser
algorithm hmac-md5; // but not yet implemented in the
secret "eW91ciBzZWNyZXQgaGVyZQ=="; // rest of the server
};
key key2 {
algorithm hmac-md5;
secret "ZXJlaCB0ZXJjZXMgcm91eQ==";
};
acl key_acl { key sample_key; }; // a request signed with sample_key
server 1.2.3.4 {
request-ixfr no;
provide-ixfr no;
bogus no; // if yes, we won't query or listen
// to this server
transfer-format one-answer; // set transfer format for this
// server (see the description of
// 'transfer-format' above)
// if not specified, the global option
// will be used
transfers 0; // not implemented
keys { "sample_key" }; // for TSIG; supported by the parser
// but not yet implemented in the
// rest of the server
# Now called 'request-ixfr'
# support-ixfr yes; // for IXFR supported by server
// if yes, the listed server talks IXFR
};
logging {
/*
* All log output goes to one or more "channels"; you can make as
* many of them as you want.
*/
channel syslog_errors { // this channel will send errors or
syslog user; // or worse to syslog (user facility)
severity error;
};
channel stderr_errors {
stderr;
};
/*
* Channels have a severity level. Messages at severity levels
* greater than or equal to the channel's level will be logged on
* the channel. In order of decreasing severity, the levels are:
*
* critical a fatal error
* error
* warning
* notice a normal, but significant event
* info an informational message
* debug 1 the least detailed debugging info
* ...
* debug 99 the most detailed debugging info
*/
/*
* Here are the built-in channels:
*
* channel default_syslog {
* syslog daemon;
* severity info;
* };
*
* channel default_debug {
* file "named.run"; // note: stderr is used instead
* // of "named.run" if the server
* // is started with the "-f"
* // option.
* severity dynamic; // this means log debugging
* // at whatever debugging level
* // the server is at, and don't
* // log anything if not
* // debugging.
* };
*
* channel null { // this is the bit bucket;
* file "/dev/null"; // any logging to this channel
* // is discarded.
* };
*
* channel default_stderr { // writes to stderr
* file "<stderr>"; // this is illustrative only;
* // there's currently no way
* // of saying "stderr" in the
* // configuration language.
* // i.e. don't try this at home.
* severity info;
* };
*
* default_stderr only works before the server daemonizes (i.e.
* during initial startup) or when it is running in foreground
* mode (-f command line option).
*/
/*
* There are many categories, so you can send the logs
* you want to see wherever you want, without seeing logs you
* don't want. Right now the categories are
*
* default the catch-all. many things still
* aren't classified into categories, and
* they all end up here. also, if you
* don't specify any channels for a
* category, the default category is used
* instead.
* config high-level configuration file
* processing
* parser low-level configuration file processing
* queries what used to be called "query logging"
* lame-servers messages like "Lame server on ..."
* statistics
* panic if the server has to shut itself
* down due to an internal problem, it
* logs the problem here (as well as
* in the problem's native category)
* update dynamic update
* ncache negative caching
* xfer-in zone transfers we're receiving
* xfer-out zone transfers we're sending
* db all database operations
* eventlib debugging info from the event system
* (see below)
* packet dumps of packets received and sent
* (see below)
* notify the NOTIFY protocol
* cname messages like "XX points to a CNAME"
* security approved/unapproved requests
* os operating system problems
* insist consistency check failures
* maintenance periodic maintenance
* load zone loading
* response-checks messages like
* "Malformed response ..."
* "wrong ans. name ..."
* "unrelated additional info ..."
* "invalid RR type ..."
* "bad referral ..."
*/
category parser {
syslog_errors; // you can log to as many channels
default_syslog; // as you want
};
category lame-servers { null; }; // don't log these at all
channel moderate_debug {
file "foo"; // foo
severity debug 3; // level 3 debugging to file
print-time yes; // timestamp log entries
print-category yes; // print category name
print-severity yes; // print severity level
/*
* Note that debugging must have been turned on either
* on the command line or with a signal to get debugging
* output (non-debugging output will still be written to
* this channel).
*/
};
channel another {
file "bar" versions 99 size 10M;
severity info;
};
channel third {
file "bar" size 100000 versions unlimited;
severity debug; // use default debug level
};
/*
* If you don't want to see "zone XXXX loaded" messages but do
* want to see any problems, you could do the following.
*/
channel no_info_messages {
syslog;
severity notice;
};
category load { no_info_messages; };
/*
* You can also define category "default"; it gets used when no
* "category" statement has been given for a category.
*/
category default {
default_syslog;
moderate_debug;
};
/*
* If you don't define category default yourself, the default
* default category will be used. It is
*
* category default { default_syslog; default_debug; };
*/
/*
* If you don't define category panic yourself, the default
* panic category will be used. It is
*
* category panic { default_syslog; default_stderr; };
*/
/*
* Two categories, 'packet' and 'eventlib', are special. Only one
* channel may be assigned to each of them, and it must be a
* file channel. If you don't define them yourself, they default to
*
* category eventlib { default_debug; };
*
* category packet { default_debug; };
*/
};
#include "filename"; // can't do within a statement

18
licences.conf
View File

@ -1,9 +1,12 @@
# Mask all licences # Mask all licences
*/* -* */* -*
# Hotfix
*/* *
## FSF ## FSF
# GPL-3 # GPL-3
*/* GPL-3 LGPL-3 */* GPL-3 LGPL-3 AGPL-3
# LGPL-2.1 # LGPL-2.1
*/* LGPL-2.1 */* LGPL-2.1
@ -28,6 +31,17 @@
*/* public-domain */* public-domain
# Needs to be checked # Needs to be checked
*/* cyrus-sasl
*/* Unicode-Data
*/* Artistic-2.0
*/* as-is
*/* ISC
*/* Apache-2.0
*/* EPL-2.0
*/* IPL-1.0
*/* PSF-2.2
*/* ZPL-2.1
*/* PYTHON
app-arch/bzip2:0::arbor[>=1.0.8] bzip2-withdocs app-arch/bzip2:0::arbor[>=1.0.8] bzip2-withdocs
app-arch/xz:0::arbor[>=5.2.5] public-domain app-arch/xz:0::arbor[>=5.2.5] public-domain
sys-apps/util-linux:0::arbor[>=2.36] ISC sys-apps/util-linux:0::arbor[>=2.36] ISC
@ -51,6 +65,8 @@ sys-devel/ninja::arbor Apache-2.0
sys-devel/meson::arbor Apache-2.0 sys-devel/meson::arbor Apache-2.0
dev-libs/icu::arbor icu dev-libs/icu::arbor icu
app-arch/unzip::arbor Info-ZIP app-arch/unzip::arbor Info-ZIP
app-editors/vim::arbor vim
app-editors/vim-runtime::arbor vim
# Hotfix # Hotfix

13
options.bash
View File

@ -22,12 +22,25 @@ checkpkg "^sys-apps\/sydbox\$" && ${PRINTF:-printf} '%s\n' \
checkpkg "^net-dns\/bind\$" && ${PRINTF:-printf} '%s\n' \ checkpkg "^net-dns\/bind\$" && ${PRINTF:-printf} '%s\n' \
"net-dns/bind::arbor caps" || true "net-dns/bind::arbor caps" || true
# Dovecot
checkpkg "^net-mail\/dovecot\$" && ${PRINTF:-printf} '%s\n' \
"net-mail/dovecot::arbor arbon2 tcpd"
# SSH # SSH
##@ X509 = To generate X.509 certs ##@ X509 = To generate X.509 certs
##@ lsns = For DNSSEC support (according to exherbo) ##@ lsns = For DNSSEC support (according to exherbo)
checkpkg "^net-misc\/openssh\$" && ${PRINTF:-printf} '%s\n' \ checkpkg "^net-misc\/openssh\$" && ${PRINTF:-printf} '%s\n' \
"net-misc/openssh::arbor X509 ldns" || true "net-misc/openssh::arbor X509 ldns" || true
# Mutt
checkpkg "^mail-client\/mutt\$" && ${PRINTF:-printf} '%s\n' \
"mail-client/mutt::arbor ncurses sasl gdbm" || true
# Vim
##@ gpm = Adds support for sys-libs/gpm (Console-based mouse driver)
##@
checkpkg "^app-editors\/vim\$" && ${PRINTF:-printf} '%s\n' \
"app-editors/vim::arbor gpm" || true
# Jobs # Jobs
${PRINTF:-printf} "*/* BUILD_OPTIONS: jobs=%s\\n" "$(${NPROC:-nproc} || ${PRINTF:-printf} 1)" ${PRINTF:-printf} "*/* BUILD_OPTIONS: jobs=%s\\n" "$(${NPROC:-nproc} || ${PRINTF:-printf} 1)"

12
options.conf
View File

@ -1,14 +1,11 @@
*/* -* bash-completion threads pulseaudio btrfs openssl \ */* -* bash-completion threads pulseaudio btrfs openssl ssl \
TARGETS: -* x86_64-pc-linux-gnu \ TARGETS: -* x86_64-pc-linux-gnu \
PROVIDERS: -* gnu dhcpcd openssl man krb5 unzip lynx libxml2 dbus-broker ijg-jpeg elfutils pkg-config \ PROVIDERS: -* gnu dhcpcd openssl man krb5 unzip lynx libxml2 dbus-broker ijg-jpeg elfutils pkg-config nftables cronie \
INPUT_DRIVERS: -* evdev keyboard mouse synaptics consolekit \ INPUT_DRIVERS: -* evdev consolekit \
LINGUAS: -* en_US cs \ LINGUAS: -* en_US cs \
HOSTS: -* x86_64-pc-linux-gnu -x86_64-pc-linux-musl \ HOSTS: -* x86_64-pc-linux-gnu -x86_64-pc-linux-musl \
VIDEO_DRIVERS: -* -i915 intel VIDEO_DRIVERS: -* -i915 intel
# Recommended on IRC #exherbo
sys-apps/paludis -python
# Version handling of backend # Version handling of backend
*/* \ */* \
PYTHON_ABIS: -* 3.6 \ PYTHON_ABIS: -* 3.6 \
@ -29,4 +26,7 @@ sys-apps/paludis -python
*/* BUILD_OPTIONS: -recommended_tests */* BUILD_OPTIONS: -recommended_tests
# Unknown dependency # Unknown dependency
dev-python/Sphinx[=3.1.2] PROVIDERS: imagemagick
dev-libs/libxml2:2.0::arbor[=2.9.10-r2] python dev-libs/libxml2:2.0::arbor[=2.9.10-r2] python
dev-lang/perl:5.30::arbor[=5.30.3] berkdb dbm
dev-lang/python:3.6::arbor sqlite

3
repositories/mixi.conf Normal file
View File

@ -0,0 +1,3 @@
format = e
location = /var/db/paludis/repositories/mixi
sync = git+https://git.exherbo.org/git/dev/mixi.git

26
world
View File

@ -35,7 +35,7 @@ repository/unwritten
repository/vim repository/vim
repository/virtualization repository/virtualization
repository/x11 repository/x11
repository/mixi
# CORE # CORE
sys-apps/paludis sys-apps/paludis
sys-apps/sydbox sys-apps/sydbox
@ -47,10 +47,34 @@ sys-devel/meson
app-arch/zstd app-arch/zstd
x11-misc/shared-mime-info x11-misc/shared-mime-info
net-misc/tor net-misc/tor
sys-process/htop
## Syslog ## Syslog
sys-apps/syslog-ng sys-apps/syslog-ng
## SSH ## SSH
net-misc/openssh net-misc/openssh
sys-process/cronie
# DNS # DNS
net-dns/bind net-dns/bind
# NETWORK
net-scanner/nmap
net-misc/connman
net-misc/mtr
net-misc/dhcpcd
net-misc/wget
net-misc/aria2
net-misc/curl
net-firewall/nftables
# EMAIL
mail-mta/postfix
net-mail/dovecot
mail-filter/spamassassin
mail-client/mutt
# MISC
app-editors/vim
net-firewall/nftables