1.1--- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2+++ b/caddy/Caddyfile Sat Apr 27 01:57:33 2024 +0000
1.3@@ -0,0 +1,40 @@
1.4+# The Caddyfile is an easy way to configure your Caddy web server.
1.5+#
1.6+# https://caddyserver.com/docs/caddyfile
1.7+#
1.8+# The configuration below serves a welcome page over HTTP on port 80.
1.9+# To use your own domain name (with automatic HTTPS), first make
1.10+# sure your domain's A/AAAA DNS records are properly pointed to
1.11+# this machine's public IP, then replace the line below with your
1.12+# domain name.
1.13+#
1.14+# https://caddyserver.com/docs/caddyfile/concepts#addresses
1.15+
1.16+{
1.17+ # Restrict the admin interface to a local unix file socket whose directory
1.18+ # is restricted to caddy:caddy. By default the TCP socket allows arbitrary
1.19+ # modification for any process and user that has access to the local
1.20+ # interface. If admin over TCP is turned on one should make sure
1.21+ # implications are well understood.
1.22+ admin "unix//run/caddy/admin.socket"
1.23+}
1.24+
1.25+http:// {
1.26+ # Set this path to your site's directory.
1.27+ root * /usr/share/caddy
1.28+
1.29+ # Enable the static file server.
1.30+ file_server
1.31+
1.32+ # Another common task is to set up a reverse proxy:
1.33+ # reverse_proxy localhost:8080
1.34+
1.35+ # Or serve a PHP site through php-fpm:
1.36+ # php_fastcgi localhost:9000
1.37+
1.38+ # Refer to the directive documentation for more options.
1.39+ # https://caddyserver.com/docs/caddyfile/directives
1.40+}
1.41+
1.42+# Import additional caddy config files in /etc/caddy/conf.d/
1.43+import /etc/caddy/conf.d/*
2.1--- /dev/null Thu Jan 01 00:00:00 1970 +0000
2.2+++ b/dnsmasq.conf Sat Apr 27 01:57:33 2024 +0000
2.3@@ -0,0 +1,689 @@
2.4+# Configuration file for dnsmasq.
2.5+#
2.6+# Format is one option per line, legal options are the same
2.7+# as the long options legal on the command line. See
2.8+# "/usr/sbin/dnsmasq --help" or "man 8 dnsmasq" for details.
2.9+
2.10+# Listen on this specific port instead of the standard DNS port
2.11+# (53). Setting this to zero completely disables DNS function,
2.12+# leaving only DHCP and/or TFTP.
2.13+#port=5353
2.14+
2.15+# The following two options make you a better netizen, since they
2.16+# tell dnsmasq to filter out queries which the public DNS cannot
2.17+# answer, and which load the servers (especially the root servers)
2.18+# unnecessarily. If you have a dial-on-demand link they also stop
2.19+# these requests from bringing up the link unnecessarily.
2.20+
2.21+# Never forward plain names (without a dot or domain part)
2.22+#domain-needed
2.23+# Never forward addresses in the non-routed address spaces.
2.24+#bogus-priv
2.25+
2.26+# Uncomment these to enable DNSSEC validation and caching:
2.27+# (Requires dnsmasq to be built with DNSSEC option.)
2.28+#conf-file=/usr/share/dnsmasq/trust-anchors.conf
2.29+#dnssec
2.30+
2.31+# Replies which are not DNSSEC signed may be legitimate, because the domain
2.32+# is unsigned, or may be forgeries. Setting this option tells dnsmasq to
2.33+# check that an unsigned reply is OK, by finding a secure proof that a DS
2.34+# record somewhere between the root and the domain does not exist.
2.35+# The cost of setting this is that even queries in unsigned domains will need
2.36+# one or more extra DNS queries to verify.
2.37+#dnssec-check-unsigned
2.38+
2.39+# Uncomment this to filter useless windows-originated DNS requests
2.40+# which can trigger dial-on-demand links needlessly.
2.41+# Note that (amongst other things) this blocks all SRV requests,
2.42+# so don't use it if you use eg Kerberos, SIP, XMMP or Google-talk.
2.43+# This option only affects forwarding, SRV records originating for
2.44+# dnsmasq (via srv-host= lines) are not suppressed by it.
2.45+#filterwin2k
2.46+
2.47+# Change this line if you want dns to get its upstream servers from
2.48+# somewhere other that /etc/resolv.conf
2.49+#resolv-file=
2.50+
2.51+# By default, dnsmasq will send queries to any of the upstream
2.52+# servers it knows about and tries to favour servers to are known
2.53+# to be up. Uncommenting this forces dnsmasq to try each query
2.54+# with each server strictly in the order they appear in
2.55+# /etc/resolv.conf
2.56+#strict-order
2.57+
2.58+# If you don't want dnsmasq to read /etc/resolv.conf or any other
2.59+# file, getting its servers from this file instead (see below), then
2.60+# uncomment this.
2.61+#no-resolv
2.62+
2.63+# If you don't want dnsmasq to poll /etc/resolv.conf or other resolv
2.64+# files for changes and re-read them then uncomment this.
2.65+#no-poll
2.66+
2.67+# Add other name servers here, with domain specs if they are for
2.68+# non-public domains.
2.69+#server=/localnet/192.168.0.1
2.70+
2.71+# Example of routing PTR queries to nameservers: this will send all
2.72+# address->name queries for 192.168.3/24 to nameserver 10.1.2.3
2.73+#server=/3.168.192.in-addr.arpa/10.1.2.3
2.74+
2.75+# Add local-only domains here, queries in these domains are answered
2.76+# from /etc/hosts or DHCP only.
2.77+#local=/localnet/
2.78+
2.79+# Add domains which you want to force to an IP address here.
2.80+# The example below send any host in double-click.net to a local
2.81+# web-server.
2.82+#address=/double-click.net/127.0.0.1
2.83+
2.84+# --address (and --server) work with IPv6 addresses too.
2.85+#address=/www.thekelleys.org.uk/fe80::20d:60ff:fe36:f83
2.86+
2.87+# Add the IPs of all queries to yahoo.com, google.com, and their
2.88+# subdomains to the vpn and search ipsets:
2.89+#ipset=/yahoo.com/google.com/vpn,search
2.90+
2.91+# Add the IPs of all queries to yahoo.com, google.com, and their
2.92+# subdomains to netfilters sets, which is equivalent to
2.93+# 'nft add element ip test vpn { ... }; nft add element ip test search { ... }'
2.94+#nftset=/yahoo.com/google.com/ip#test#vpn,ip#test#search
2.95+
2.96+# Use netfilters sets for both IPv4 and IPv6:
2.97+# This adds all addresses in *.yahoo.com to vpn4 and vpn6 for IPv4 and IPv6 addresses.
2.98+#nftset=/yahoo.com/4#ip#test#vpn4
2.99+#nftset=/yahoo.com/6#ip#test#vpn6
2.100+
2.101+# You can control how dnsmasq talks to a server: this forces
2.102+# queries to 10.1.2.3 to be routed via eth1
2.103+# server=10.1.2.3@eth1
2.104+
2.105+# and this sets the source (ie local) address used to talk to
2.106+# 10.1.2.3 to 192.168.1.1 port 55 (there must be an interface with that
2.107+# IP on the machine, obviously).
2.108+# server=10.1.2.3@192.168.1.1#55
2.109+
2.110+# If you want dnsmasq to change uid and gid to something other
2.111+# than the default, edit the following lines.
2.112+#user=
2.113+#group=
2.114+
2.115+# If you want dnsmasq to listen for DHCP and DNS requests only on
2.116+# specified interfaces (and the loopback) give the name of the
2.117+# interface (eg eth0) here.
2.118+# Repeat the line for more than one interface.
2.119+#interface=
2.120+# Or you can specify which interface _not_ to listen on
2.121+#except-interface=
2.122+# Or which to listen on by address (remember to include 127.0.0.1 if
2.123+# you use this.)
2.124+#listen-address=
2.125+# If you want dnsmasq to provide only DNS service on an interface,
2.126+# configure it as shown above, and then use the following line to
2.127+# disable DHCP and TFTP on it.
2.128+#no-dhcp-interface=
2.129+
2.130+# On systems which support it, dnsmasq binds the wildcard address,
2.131+# even when it is listening on only some interfaces. It then discards
2.132+# requests that it shouldn't reply to. This has the advantage of
2.133+# working even when interfaces come and go and change address. If you
2.134+# want dnsmasq to really bind only the interfaces it is listening on,
2.135+# uncomment this option. About the only time you may need this is when
2.136+# running another nameserver on the same machine.
2.137+#bind-interfaces
2.138+
2.139+# If you don't want dnsmasq to read /etc/hosts, uncomment the
2.140+# following line.
2.141+#no-hosts
2.142+# or if you want it to read another file, as well as /etc/hosts, use
2.143+# this.
2.144+#addn-hosts=/etc/banner_add_hosts
2.145+
2.146+# Set this (and domain: see below) if you want to have a domain
2.147+# automatically added to simple names in a hosts-file.
2.148+#expand-hosts
2.149+
2.150+# Set the domain for dnsmasq. this is optional, but if it is set, it
2.151+# does the following things.
2.152+# 1) Allows DHCP hosts to have fully qualified domain names, as long
2.153+# as the domain part matches this setting.
2.154+# 2) Sets the "domain" DHCP option thereby potentially setting the
2.155+# domain of all systems configured by DHCP
2.156+# 3) Provides the domain part for "expand-hosts"
2.157+#domain=thekelleys.org.uk
2.158+
2.159+# Set a different domain for a particular subnet
2.160+#domain=wireless.thekelleys.org.uk,192.168.2.0/24
2.161+
2.162+# Same idea, but range rather then subnet
2.163+#domain=reserved.thekelleys.org.uk,192.68.3.100,192.168.3.200
2.164+
2.165+# Uncomment this to enable the integrated DHCP server, you need
2.166+# to supply the range of addresses available for lease and optionally
2.167+# a lease time. If you have more than one network, you will need to
2.168+# repeat this for each network on which you want to supply DHCP
2.169+# service.
2.170+#dhcp-range=192.168.0.50,192.168.0.150,12h
2.171+
2.172+# This is an example of a DHCP range where the netmask is given. This
2.173+# is needed for networks we reach the dnsmasq DHCP server via a relay
2.174+# agent. If you don't know what a DHCP relay agent is, you probably
2.175+# don't need to worry about this.
2.176+#dhcp-range=192.168.0.50,192.168.0.150,255.255.255.0,12h
2.177+
2.178+# This is an example of a DHCP range which sets a tag, so that
2.179+# some DHCP options may be set only for this network.
2.180+#dhcp-range=set:red,192.168.0.50,192.168.0.150
2.181+
2.182+# Use this DHCP range only when the tag "green" is set.
2.183+#dhcp-range=tag:green,192.168.0.50,192.168.0.150,12h
2.184+
2.185+# Specify a subnet which can't be used for dynamic address allocation,
2.186+# is available for hosts with matching --dhcp-host lines. Note that
2.187+# dhcp-host declarations will be ignored unless there is a dhcp-range
2.188+# of some type for the subnet in question.
2.189+# In this case the netmask is implied (it comes from the network
2.190+# configuration on the machine running dnsmasq) it is possible to give
2.191+# an explicit netmask instead.
2.192+#dhcp-range=192.168.0.0,static
2.193+
2.194+# Enable DHCPv6. Note that the prefix-length does not need to be specified
2.195+# and defaults to 64 if missing/
2.196+#dhcp-range=1234::2, 1234::500, 64, 12h
2.197+
2.198+# Do Router Advertisements, BUT NOT DHCP for this subnet.
2.199+#dhcp-range=1234::, ra-only
2.200+
2.201+# Do Router Advertisements, BUT NOT DHCP for this subnet, also try and
2.202+# add names to the DNS for the IPv6 address of SLAAC-configured dual-stack
2.203+# hosts. Use the DHCPv4 lease to derive the name, network segment and
2.204+# MAC address and assume that the host will also have an
2.205+# IPv6 address calculated using the SLAAC algorithm.
2.206+#dhcp-range=1234::, ra-names
2.207+
2.208+# Do Router Advertisements, BUT NOT DHCP for this subnet.
2.209+# Set the lifetime to 46 hours. (Note: minimum lifetime is 2 hours.)
2.210+#dhcp-range=1234::, ra-only, 48h
2.211+
2.212+# Do DHCP and Router Advertisements for this subnet. Set the A bit in the RA
2.213+# so that clients can use SLAAC addresses as well as DHCP ones.
2.214+#dhcp-range=1234::2, 1234::500, slaac
2.215+
2.216+# Do Router Advertisements and stateless DHCP for this subnet. Clients will
2.217+# not get addresses from DHCP, but they will get other configuration information.
2.218+# They will use SLAAC for addresses.
2.219+#dhcp-range=1234::, ra-stateless
2.220+
2.221+# Do stateless DHCP, SLAAC, and generate DNS names for SLAAC addresses
2.222+# from DHCPv4 leases.
2.223+#dhcp-range=1234::, ra-stateless, ra-names
2.224+
2.225+# Do router advertisements for all subnets where we're doing DHCPv6
2.226+# Unless overridden by ra-stateless, ra-names, et al, the router
2.227+# advertisements will have the M and O bits set, so that the clients
2.228+# get addresses and configuration from DHCPv6, and the A bit reset, so the
2.229+# clients don't use SLAAC addresses.
2.230+#enable-ra
2.231+
2.232+# Supply parameters for specified hosts using DHCP. There are lots
2.233+# of valid alternatives, so we will give examples of each. Note that
2.234+# IP addresses DO NOT have to be in the range given above, they just
2.235+# need to be on the same network. The order of the parameters in these
2.236+# do not matter, it's permissible to give name, address and MAC in any
2.237+# order.
2.238+
2.239+# Always allocate the host with Ethernet address 11:22:33:44:55:66
2.240+# The IP address 192.168.0.60
2.241+#dhcp-host=11:22:33:44:55:66,192.168.0.60
2.242+
2.243+# Always set the name of the host with hardware address
2.244+# 11:22:33:44:55:66 to be "fred"
2.245+#dhcp-host=11:22:33:44:55:66,fred
2.246+
2.247+# Always give the host with Ethernet address 11:22:33:44:55:66
2.248+# the name fred and IP address 192.168.0.60 and lease time 45 minutes
2.249+#dhcp-host=11:22:33:44:55:66,fred,192.168.0.60,45m
2.250+
2.251+# Give a host with Ethernet address 11:22:33:44:55:66 or
2.252+# 12:34:56:78:90:12 the IP address 192.168.0.60. Dnsmasq will assume
2.253+# that these two Ethernet interfaces will never be in use at the same
2.254+# time, and give the IP address to the second, even if it is already
2.255+# in use by the first. Useful for laptops with wired and wireless
2.256+# addresses.
2.257+#dhcp-host=11:22:33:44:55:66,12:34:56:78:90:12,192.168.0.60
2.258+
2.259+# Give the machine which says its name is "bert" IP address
2.260+# 192.168.0.70 and an infinite lease
2.261+#dhcp-host=bert,192.168.0.70,infinite
2.262+
2.263+# Always give the host with client identifier 01:02:02:04
2.264+# the IP address 192.168.0.60
2.265+#dhcp-host=id:01:02:02:04,192.168.0.60
2.266+
2.267+# Always give the InfiniBand interface with hardware address
2.268+# 80:00:00:48:fe:80:00:00:00:00:00:00:f4:52:14:03:00:28:05:81 the
2.269+# ip address 192.168.0.61. The client id is derived from the prefix
2.270+# ff:00:00:00:00:00:02:00:00:02:c9:00 and the last 8 pairs of
2.271+# hex digits of the hardware address.
2.272+#dhcp-host=id:ff:00:00:00:00:00:02:00:00:02:c9:00:f4:52:14:03:00:28:05:81,192.168.0.61
2.273+
2.274+# Always give the host with client identifier "marjorie"
2.275+# the IP address 192.168.0.60
2.276+#dhcp-host=id:marjorie,192.168.0.60
2.277+
2.278+# Enable the address given for "judge" in /etc/hosts
2.279+# to be given to a machine presenting the name "judge" when
2.280+# it asks for a DHCP lease.
2.281+#dhcp-host=judge
2.282+
2.283+# Never offer DHCP service to a machine whose Ethernet
2.284+# address is 11:22:33:44:55:66
2.285+#dhcp-host=11:22:33:44:55:66,ignore
2.286+
2.287+# Ignore any client-id presented by the machine with Ethernet
2.288+# address 11:22:33:44:55:66. This is useful to prevent a machine
2.289+# being treated differently when running under different OS's or
2.290+# between PXE boot and OS boot.
2.291+#dhcp-host=11:22:33:44:55:66,id:*
2.292+
2.293+# Send extra options which are tagged as "red" to
2.294+# the machine with Ethernet address 11:22:33:44:55:66
2.295+#dhcp-host=11:22:33:44:55:66,set:red
2.296+
2.297+# Send extra options which are tagged as "red" to
2.298+# any machine with Ethernet address starting 11:22:33:
2.299+#dhcp-host=11:22:33:*:*:*,set:red
2.300+
2.301+# Give a fixed IPv6 address and name to client with
2.302+# DUID 00:01:00:01:16:d2:83:fc:92:d4:19:e2:d8:b2
2.303+# Note the MAC addresses CANNOT be used to identify DHCPv6 clients.
2.304+# Note also that the [] around the IPv6 address are obligatory.
2.305+#dhcp-host=id:00:01:00:01:16:d2:83:fc:92:d4:19:e2:d8:b2, fred, [1234::5]
2.306+
2.307+# Ignore any clients which are not specified in dhcp-host lines
2.308+# or /etc/ethers. Equivalent to ISC "deny unknown-clients".
2.309+# This relies on the special "known" tag which is set when
2.310+# a host is matched.
2.311+#dhcp-ignore=tag:!known
2.312+
2.313+# Send extra options which are tagged as "red" to any machine whose
2.314+# DHCP vendorclass string includes the substring "Linux"
2.315+#dhcp-vendorclass=set:red,Linux
2.316+
2.317+# Send extra options which are tagged as "red" to any machine one
2.318+# of whose DHCP userclass strings includes the substring "accounts"
2.319+#dhcp-userclass=set:red,accounts
2.320+
2.321+# Send extra options which are tagged as "red" to any machine whose
2.322+# MAC address matches the pattern.
2.323+#dhcp-mac=set:red,00:60:8C:*:*:*
2.324+
2.325+# If this line is uncommented, dnsmasq will read /etc/ethers and act
2.326+# on the ethernet-address/IP pairs found there just as if they had
2.327+# been given as --dhcp-host options. Useful if you keep
2.328+# MAC-address/host mappings there for other purposes.
2.329+#read-ethers
2.330+
2.331+# Send options to hosts which ask for a DHCP lease.
2.332+# See RFC 2132 for details of available options.
2.333+# Common options can be given to dnsmasq by name:
2.334+# run "dnsmasq --help dhcp" to get a list.
2.335+# Note that all the common settings, such as netmask and
2.336+# broadcast address, DNS server and default route, are given
2.337+# sane defaults by dnsmasq. You very likely will not need
2.338+# any dhcp-options. If you use Windows clients and Samba, there
2.339+# are some options which are recommended, they are detailed at the
2.340+# end of this section.
2.341+
2.342+# Override the default route supplied by dnsmasq, which assumes the
2.343+# router is the same machine as the one running dnsmasq.
2.344+#dhcp-option=3,1.2.3.4
2.345+
2.346+# Do the same thing, but using the option name
2.347+#dhcp-option=option:router,1.2.3.4
2.348+
2.349+# Override the default route supplied by dnsmasq and send no default
2.350+# route at all. Note that this only works for the options sent by
2.351+# default (1, 3, 6, 12, 28) the same line will send a zero-length option
2.352+# for all other option numbers.
2.353+#dhcp-option=3
2.354+
2.355+# Set the NTP time server addresses to 192.168.0.4 and 10.10.0.5
2.356+#dhcp-option=option:ntp-server,192.168.0.4,10.10.0.5
2.357+
2.358+# Send DHCPv6 option. Note [] around IPv6 addresses.
2.359+#dhcp-option=option6:dns-server,[1234::77],[1234::88]
2.360+
2.361+# Send DHCPv6 option for namservers as the machine running
2.362+# dnsmasq and another.
2.363+#dhcp-option=option6:dns-server,[::],[1234::88]
2.364+
2.365+# Ask client to poll for option changes every six hours. (RFC4242)
2.366+#dhcp-option=option6:information-refresh-time,6h
2.367+
2.368+# Set option 58 client renewal time (T1). Defaults to half of the
2.369+# lease time if not specified. (RFC2132)
2.370+#dhcp-option=option:T1,1m
2.371+
2.372+# Set option 59 rebinding time (T2). Defaults to 7/8 of the
2.373+# lease time if not specified. (RFC2132)
2.374+#dhcp-option=option:T2,2m
2.375+
2.376+# Set the NTP time server address to be the same machine as
2.377+# is running dnsmasq
2.378+#dhcp-option=42,0.0.0.0
2.379+
2.380+# Set the NIS domain name to "welly"
2.381+#dhcp-option=40,welly
2.382+
2.383+# Set the default time-to-live to 50
2.384+#dhcp-option=23,50
2.385+
2.386+# Set the "all subnets are local" flag
2.387+#dhcp-option=27,1
2.388+
2.389+# Send the etherboot magic flag and then etherboot options (a string).
2.390+#dhcp-option=128,e4:45:74:68:00:00
2.391+#dhcp-option=129,NIC=eepro100
2.392+
2.393+# Specify an option which will only be sent to the "red" network
2.394+# (see dhcp-range for the declaration of the "red" network)
2.395+# Note that the tag: part must precede the option: part.
2.396+#dhcp-option = tag:red, option:ntp-server, 192.168.1.1
2.397+
2.398+# The following DHCP options set up dnsmasq in the same way as is specified
2.399+# for the ISC dhcpcd in
2.400+# https://web.archive.org/web/20040313070105/http://us1.samba.org/samba/ftp/docs/textdocs/DHCP-Server-Configuration.txt
2.401+# adapted for a typical dnsmasq installation where the host running
2.402+# dnsmasq is also the host running samba.
2.403+# you may want to uncomment some or all of them if you use
2.404+# Windows clients and Samba.
2.405+#dhcp-option=19,0 # option ip-forwarding off
2.406+#dhcp-option=44,0.0.0.0 # set netbios-over-TCP/IP nameserver(s) aka WINS server(s)
2.407+#dhcp-option=45,0.0.0.0 # netbios datagram distribution server
2.408+#dhcp-option=46,8 # netbios node type
2.409+
2.410+# Send an empty WPAD option. This may be REQUIRED to get windows 7 to behave.
2.411+#dhcp-option=252,"\n"
2.412+
2.413+# Send RFC-3397 DNS domain search DHCP option. WARNING: Your DHCP client
2.414+# probably doesn't support this......
2.415+#dhcp-option=option:domain-search,eng.apple.com,marketing.apple.com
2.416+
2.417+# Send RFC-3442 classless static routes (note the netmask encoding)
2.418+#dhcp-option=121,192.168.1.0/24,1.2.3.4,10.0.0.0/8,5.6.7.8
2.419+
2.420+# Send vendor-class specific options encapsulated in DHCP option 43.
2.421+# The meaning of the options is defined by the vendor-class so
2.422+# options are sent only when the client supplied vendor class
2.423+# matches the class given here. (A substring match is OK, so "MSFT"
2.424+# matches "MSFT" and "MSFT 5.0"). This example sets the
2.425+# mtftp address to 0.0.0.0 for PXEClients.
2.426+#dhcp-option=vendor:PXEClient,1,0.0.0.0
2.427+
2.428+# Send microsoft-specific option to tell windows to release the DHCP lease
2.429+# when it shuts down. Note the "i" flag, to tell dnsmasq to send the
2.430+# value as a four-byte integer - that's what microsoft wants. See
2.431+# http://technet2.microsoft.com/WindowsServer/en/library/a70f1bb7-d2d4-49f0-96d6-4b7414ecfaae1033.mspx?mfr=true
2.432+#dhcp-option=vendor:MSFT,2,1i
2.433+
2.434+# Send the Encapsulated-vendor-class ID needed by some configurations of
2.435+# Etherboot to allow is to recognise the DHCP server.
2.436+#dhcp-option=vendor:Etherboot,60,"Etherboot"
2.437+
2.438+# Send options to PXELinux. Note that we need to send the options even
2.439+# though they don't appear in the parameter request list, so we need
2.440+# to use dhcp-option-force here.
2.441+# See http://syslinux.zytor.com/pxe.php#special for details.
2.442+# Magic number - needed before anything else is recognised
2.443+#dhcp-option-force=208,f1:00:74:7e
2.444+# Configuration file name
2.445+#dhcp-option-force=209,configs/common
2.446+# Path prefix
2.447+#dhcp-option-force=210,/tftpboot/pxelinux/files/
2.448+# Reboot time. (Note 'i' to send 32-bit value)
2.449+#dhcp-option-force=211,30i
2.450+
2.451+# Set the boot filename for netboot/PXE. You will only need
2.452+# this if you want to boot machines over the network and you will need
2.453+# a TFTP server; either dnsmasq's built-in TFTP server or an
2.454+# external one. (See below for how to enable the TFTP server.)
2.455+#dhcp-boot=pxelinux.0
2.456+
2.457+# The same as above, but use custom tftp-server instead machine running dnsmasq
2.458+#dhcp-boot=pxelinux,server.name,192.168.1.100
2.459+
2.460+# Boot for iPXE. The idea is to send two different
2.461+# filenames, the first loads iPXE, and the second tells iPXE what to
2.462+# load. The dhcp-match sets the ipxe tag for requests from iPXE.
2.463+#dhcp-boot=undionly.kpxe
2.464+#dhcp-match=set:ipxe,175 # iPXE sends a 175 option.
2.465+#dhcp-boot=tag:ipxe,http://boot.ipxe.org/demo/boot.php
2.466+
2.467+# Encapsulated options for iPXE. All the options are
2.468+# encapsulated within option 175
2.469+#dhcp-option=encap:175, 1, 5b # priority code
2.470+#dhcp-option=encap:175, 176, 1b # no-proxydhcp
2.471+#dhcp-option=encap:175, 177, string # bus-id
2.472+#dhcp-option=encap:175, 189, 1b # BIOS drive code
2.473+#dhcp-option=encap:175, 190, user # iSCSI username
2.474+#dhcp-option=encap:175, 191, pass # iSCSI password
2.475+
2.476+# Test for the architecture of a netboot client. PXE clients are
2.477+# supposed to send their architecture as option 93. (See RFC 4578)
2.478+#dhcp-match=peecees, option:client-arch, 0 #x86-32
2.479+#dhcp-match=itanics, option:client-arch, 2 #IA64
2.480+#dhcp-match=hammers, option:client-arch, 6 #x86-64
2.481+#dhcp-match=mactels, option:client-arch, 7 #EFI x86-64
2.482+
2.483+# Do real PXE, rather than just booting a single file, this is an
2.484+# alternative to dhcp-boot.
2.485+#pxe-prompt="What system shall I netboot?"
2.486+# or with timeout before first available action is taken:
2.487+#pxe-prompt="Press F8 for menu.", 60
2.488+
2.489+# Available boot services. for PXE.
2.490+#pxe-service=x86PC, "Boot from local disk"
2.491+
2.492+# Loads <tftp-root>/pxelinux.0 from dnsmasq TFTP server.
2.493+#pxe-service=x86PC, "Install Linux", pxelinux
2.494+
2.495+# Loads <tftp-root>/pxelinux.0 from TFTP server at 1.2.3.4.
2.496+# Beware this fails on old PXE ROMS.
2.497+#pxe-service=x86PC, "Install Linux", pxelinux, 1.2.3.4
2.498+
2.499+# Use bootserver on network, found my multicast or broadcast.
2.500+#pxe-service=x86PC, "Install windows from RIS server", 1
2.501+
2.502+# Use bootserver at a known IP address.
2.503+#pxe-service=x86PC, "Install windows from RIS server", 1, 1.2.3.4
2.504+
2.505+# If you have multicast-FTP available,
2.506+# information for that can be passed in a similar way using options 1
2.507+# to 5. See page 19 of
2.508+# http://download.intel.com/design/archives/wfm/downloads/pxespec.pdf
2.509+
2.510+
2.511+# Enable dnsmasq's built-in TFTP server
2.512+#enable-tftp
2.513+
2.514+# Set the root directory for files available via FTP.
2.515+#tftp-root=/var/ftpd
2.516+
2.517+# Do not abort if the tftp-root is unavailable
2.518+#tftp-no-fail
2.519+
2.520+# Make the TFTP server more secure: with this set, only files owned by
2.521+# the user dnsmasq is running as will be send over the net.
2.522+#tftp-secure
2.523+
2.524+# This option stops dnsmasq from negotiating a larger blocksize for TFTP
2.525+# transfers. It will slow things down, but may rescue some broken TFTP
2.526+# clients.
2.527+#tftp-no-blocksize
2.528+
2.529+# Set the boot file name only when the "red" tag is set.
2.530+#dhcp-boot=tag:red,pxelinux.red-net
2.531+
2.532+# An example of dhcp-boot with an external TFTP server: the name and IP
2.533+# address of the server are given after the filename.
2.534+# Can fail with old PXE ROMS. Overridden by --pxe-service.
2.535+#dhcp-boot=/var/ftpd/pxelinux.0,boothost,192.168.0.3
2.536+
2.537+# If there are multiple external tftp servers having a same name
2.538+# (using /etc/hosts) then that name can be specified as the
2.539+# tftp_servername (the third option to dhcp-boot) and in that
2.540+# case dnsmasq resolves this name and returns the resultant IP
2.541+# addresses in round robin fashion. This facility can be used to
2.542+# load balance the tftp load among a set of servers.
2.543+#dhcp-boot=/var/ftpd/pxelinux.0,boothost,tftp_server_name
2.544+
2.545+# Set the limit on DHCP leases, the default is 150
2.546+#dhcp-lease-max=150
2.547+
2.548+# The DHCP server needs somewhere on disk to keep its lease database.
2.549+# This defaults to a sane location, but if you want to change it, use
2.550+# the line below.
2.551+#dhcp-leasefile=/var/lib/misc/dnsmasq.leases
2.552+
2.553+# Set the DHCP server to authoritative mode. In this mode it will barge in
2.554+# and take over the lease for any client which broadcasts on the network,
2.555+# whether it has a record of the lease or not. This avoids long timeouts
2.556+# when a machine wakes up on a new network. DO NOT enable this if there's
2.557+# the slightest chance that you might end up accidentally configuring a DHCP
2.558+# server for your campus/company accidentally. The ISC server uses
2.559+# the same option, and this URL provides more information:
2.560+# http://www.isc.org/files/auth.html
2.561+#dhcp-authoritative
2.562+
2.563+# Set the DHCP server to enable DHCPv4 Rapid Commit Option per RFC 4039.
2.564+# In this mode it will respond to a DHCPDISCOVER message including a Rapid Commit
2.565+# option with a DHCPACK including a Rapid Commit option and fully committed address
2.566+# and configuration information. This must only be enabled if either the server is
2.567+# the only server for the subnet, or multiple servers are present and they each
2.568+# commit a binding for all clients.
2.569+#dhcp-rapid-commit
2.570+
2.571+# Run an executable when a DHCP lease is created or destroyed.
2.572+# The arguments sent to the script are "add" or "del",
2.573+# then the MAC address, the IP address and finally the hostname
2.574+# if there is one.
2.575+#dhcp-script=/bin/echo
2.576+
2.577+# Set the cachesize here.
2.578+#cache-size=150
2.579+
2.580+# If you want to disable negative caching, uncomment this.
2.581+#no-negcache
2.582+
2.583+# Normally responses which come from /etc/hosts and the DHCP lease
2.584+# file have Time-To-Live set as zero, which conventionally means
2.585+# do not cache further. If you are happy to trade lower load on the
2.586+# server for potentially stale date, you can set a time-to-live (in
2.587+# seconds) here.
2.588+#local-ttl=
2.589+
2.590+# If you want dnsmasq to detect attempts by Verisign to send queries
2.591+# to unregistered .com and .net hosts to its sitefinder service and
2.592+# have dnsmasq instead return the correct NXDOMAIN response, uncomment
2.593+# this line. You can add similar lines to do the same for other
2.594+# registries which have implemented wildcard A records.
2.595+#bogus-nxdomain=64.94.110.11
2.596+
2.597+# If you want to fix up DNS results from upstream servers, use the
2.598+# alias option. This only works for IPv4.
2.599+# This alias makes a result of 1.2.3.4 appear as 5.6.7.8
2.600+#alias=1.2.3.4,5.6.7.8
2.601+# and this maps 1.2.3.x to 5.6.7.x
2.602+#alias=1.2.3.0,5.6.7.0,255.255.255.0
2.603+# and this maps 192.168.0.10->192.168.0.40 to 10.0.0.10->10.0.0.40
2.604+#alias=192.168.0.10-192.168.0.40,10.0.0.0,255.255.255.0
2.605+
2.606+# Change these lines if you want dnsmasq to serve MX records.
2.607+
2.608+# Return an MX record named "maildomain.com" with target
2.609+# servermachine.com and preference 50
2.610+#mx-host=maildomain.com,servermachine.com,50
2.611+
2.612+# Set the default target for MX records created using the localmx option.
2.613+#mx-target=servermachine.com
2.614+
2.615+# Return an MX record pointing to the mx-target for all local
2.616+# machines.
2.617+#localmx
2.618+
2.619+# Return an MX record pointing to itself for all local machines.
2.620+#selfmx
2.621+
2.622+# Change the following lines if you want dnsmasq to serve SRV
2.623+# records. These are useful if you want to serve ldap requests for
2.624+# Active Directory and other windows-originated DNS requests.
2.625+# See RFC 2782.
2.626+# You may add multiple srv-host lines.
2.627+# The fields are <name>,<target>,<port>,<priority>,<weight>
2.628+# If the domain part if missing from the name (so that is just has the
2.629+# service and protocol sections) then the domain given by the domain=
2.630+# config option is used. (Note that expand-hosts does not need to be
2.631+# set for this to work.)
2.632+
2.633+# A SRV record sending LDAP for the example.com domain to
2.634+# ldapserver.example.com port 389
2.635+#srv-host=_ldap._tcp.example.com,ldapserver.example.com,389
2.636+
2.637+# A SRV record sending LDAP for the example.com domain to
2.638+# ldapserver.example.com port 389 (using domain=)
2.639+#domain=example.com
2.640+#srv-host=_ldap._tcp,ldapserver.example.com,389
2.641+
2.642+# Two SRV records for LDAP, each with different priorities
2.643+#srv-host=_ldap._tcp.example.com,ldapserver.example.com,389,1
2.644+#srv-host=_ldap._tcp.example.com,ldapserver.example.com,389,2
2.645+
2.646+# A SRV record indicating that there is no LDAP server for the domain
2.647+# example.com
2.648+#srv-host=_ldap._tcp.example.com
2.649+
2.650+# The following line shows how to make dnsmasq serve an arbitrary PTR
2.651+# record. This is useful for DNS-SD. (Note that the
2.652+# domain-name expansion done for SRV records _does_not
2.653+# occur for PTR records.)
2.654+#ptr-record=_http._tcp.dns-sd-services,"New Employee Page._http._tcp.dns-sd-services"
2.655+
2.656+# Change the following lines to enable dnsmasq to serve TXT records.
2.657+# These are used for things like SPF and zeroconf. (Note that the
2.658+# domain-name expansion done for SRV records _does_not
2.659+# occur for TXT records.)
2.660+
2.661+#Example SPF.
2.662+#txt-record=example.com,"v=spf1 a -all"
2.663+
2.664+#Example zeroconf
2.665+#txt-record=_http._tcp.example.com,name=value,paper=A4
2.666+
2.667+# Provide an alias for a "local" DNS name. Note that this _only_ works
2.668+# for targets which are names from DHCP or /etc/hosts. Give host
2.669+# "bert" another name, bertrand
2.670+#cname=bertrand,bert
2.671+
2.672+# For debugging purposes, log each DNS query as it passes through
2.673+# dnsmasq.
2.674+#log-queries
2.675+
2.676+# Log lots of extra information about DHCP transactions.
2.677+#log-dhcp
2.678+
2.679+# Include another lot of configuration options.
2.680+#conf-file=/etc/dnsmasq.more.conf
2.681+#conf-dir=/etc/dnsmasq.d
2.682+
2.683+# Include all the files in a directory except those ending in .bak
2.684+#conf-dir=/etc/dnsmasq.d,.bak
2.685+
2.686+# Include all files in a directory which end in .conf
2.687+#conf-dir=/etc/dnsmasq.d/,*.conf
2.688+
2.689+# If a DHCP client claims that its name is "wpad", ignore that.
2.690+# This fixes a security hole. see CERT Vulnerability VU#598349
2.691+#dhcp-name-match=set:wpad-ignore,wpad
2.692+#dhcp-ignore-names=tag:wpad-ignore
3.1--- /dev/null Thu Jan 01 00:00:00 1970 +0000
3.2+++ b/efiboot/loader/entries/archiso-x86_64-linux.conf Sat Apr 27 01:57:33 2024 +0000
3.3@@ -0,0 +1,4 @@
3.4+title Zor GUI (x86_64, UEFI)
3.5+linux /%INSTALL_DIR%/boot/x86_64/vmlinuz-linux
3.6+initrd /%INSTALL_DIR%/boot/x86_64/initramfs-linux.img
3.7+options archisobasedir=%INSTALL_DIR% archisolabel=%ARCHISO_LABEL%
4.1--- /dev/null Thu Jan 01 00:00:00 1970 +0000
4.2+++ b/efiboot/loader/loader.conf Sat Apr 27 01:57:33 2024 +0000
4.3@@ -0,0 +1,2 @@
4.4+timeout 3
4.5+default archiso-x86_64-linux.conf
5.1--- /dev/null Thu Jan 01 00:00:00 1970 +0000
5.2+++ b/healthd.conf Sat Apr 27 01:57:33 2024 +0000
5.3@@ -0,0 +1,17 @@
5.4+#
5.5+# /etc/healthd.conf
5.6+#
5.7+
5.8+# reset any pending alarms on startup
5.9+ALARM_RESET="yes"
5.10+
5.11+# where to sent mails on alarm
5.12+ADMIN_EMAIL="root"
5.13+
5.14+# Seconds to sleep when alarm detected before checking again
5.15+# If you want to fill up your mail inbox set this to 2. ;-)
5.16+ALARM_SLEEP=600
5.17+
5.18+# command to run in background on each alarm
5.19+# N.B.: If you choose to use the beep command, you'll need to install it: pacman -S beep
5.20+ALARM_CMD="beep -f 800 -l 500 -d 500 -r 600"
6.1--- /dev/null Thu Jan 01 00:00:00 1970 +0000
6.2+++ b/host.conf Sat Apr 27 01:57:33 2024 +0000
6.3@@ -0,0 +1,4 @@
6.4+# Resolver configuration file.
6.5+# See host.conf(5) for details.
6.6+
6.7+multi on
7.1--- /dev/null Thu Jan 01 00:00:00 1970 +0000
7.2+++ b/locale.conf Sat Apr 27 01:57:33 2024 +0000
7.3@@ -0,0 +1,1 @@
7.4+LANG=en_US.UTF-8
8.1--- /dev/null Thu Jan 01 00:00:00 1970 +0000
8.2+++ b/modprobe.d/kvm_amd.conf Sat Apr 27 01:57:33 2024 +0000
8.3@@ -0,0 +1,1 @@
8.4+options kvm_amd nested=1
8.5\ No newline at end of file
10.1--- /dev/null Thu Jan 01 00:00:00 1970 +0000
10.2+++ b/packages.x86_64 Sat Apr 27 01:57:33 2024 +0000
10.3@@ -0,0 +1,71 @@
10.4+# baseline
10.5+base
10.6+linux
10.7+syslinux
10.8+linux-firmware
10.9+
10.10+# core
10.11+openssh
10.12+memtest86+
10.13+edk2-shell
10.14+zsh
10.15+connman
10.16+iwd
10.17+tmux
10.18+git
10.19+zstd
10.20+emacs
10.21+
10.22+# bootstrap
10.23+arch-install-scripts
10.24+mkinitcpio
10.25+mkinitcpio-archiso
10.26+grub
10.27+
10.28+# basics
10.29+# sshfs
10.30+
10.31+# operator
10.32+# autossh
10.33+# socat
10.34+# python
10.35+# rustup
10.36+# nodejs
10.37+# nginx
10.38+# tor
10.39+# wireguard-tools
10.40+# nmap
10.41+# mtools
10.42+# usbutils
10.43+# smartmontools
10.44+# ncmpcpp
10.45+# man-pages
10.46+# man-db
10.47+# qemu
10.48+# make
10.49+# cmake
10.50+# clang
10.51+# llvm
10.52+# lld
10.53+# lldb
10.54+# mpd
10.55+
10.56+# gui
10.57+# xorg-xinit
10.58+# xorg-server
10.59+# xorg-xmodmap
10.60+# xorg-xauth
10.61+# xorg-xrandr
10.62+# xorg-xhost
10.63+# xorg-xclock
10.64+# xf86-video-nouveau
10.65+# xf86-input-libinput
10.66+# xf86-input-synaptics
10.67+# chromium
10.68+# kitty
10.69+# awesome
10.70+# nitrokey-app
10.71+
10.72+# ak47
10.73+#usbmuxd
10.74+#tcpdump
10.75\ No newline at end of file
11.1--- /dev/null Thu Jan 01 00:00:00 1970 +0000
11.2+++ b/pacman.conf Sat Apr 27 01:57:33 2024 +0000
11.3@@ -0,0 +1,27 @@
11.4+[options]
11.5+HoldPkg = pacman glibc
11.6+Architecture = auto
11.7+UseSyslog
11.8+Color
11.9+TotalDownload
11.10+CheckSpace
11.11+VerbosePkgLists
11.12+ILoveCandy
11.13+SigLevel = Required DatabaseOptional
11.14+LocalFileSigLevel = Optional
11.15+
11.16+#[shed]
11.17+#SigLevel = Optional TrustAll
11.18+#Server = file:///mnt/shed/pacman/
11.19+
11.20+[core]
11.21+Include = /etc/pacman.d/mirrorlist
11.22+
11.23+[extra]
11.24+Include = /etc/pacman.d/mirrorlist
11.25+
11.26+#[community-testing]
11.27+#Include = /etc/pacman.d/mirrorlist
11.28+
11.29+[community]
11.30+Include = /etc/pacman.d/mirrorlist