├── .gitignore
├── LICENSE
├── README.md
├── script
    └── unbound-gen.rb
└── src
    ├── etc
        ├── .gitignore
        ├── acme-client.conf
        ├── bgpd.conf
        ├── boot.conf
        ├── daily.local
        ├── dhclient.conf
        ├── dhcpd.conf
        ├── doas.conf
        ├── fstab
        ├── hostname.bridge0
        ├── hostname.bridge1
        ├── hostname.bridge2
        ├── hostname.bridge3
        ├── hostname.bridge4
        ├── hostname.em0
        ├── hostname.em1
        ├── hostname.em2
        ├── hostname.em3
        ├── hostname.em4
        ├── hostname.em5
        ├── hostname.enc0
        ├── hostname.vether0
        ├── hostname.vether1
        ├── hostname.vether2
        ├── hostname.vether3
        ├── hostname.vlan0
        ├── hostname.vlan1
        ├── hostname.vlan2
        ├── hosts
        ├── hotplug
        │   └── attach
        ├── httpd.conf
        ├── iked.conf
        ├── installurl
        ├── man.conf
        ├── miniupnpd.conf
        ├── mtree
        │   └── special
        ├── myname
        ├── newsyslog.conf
        ├── pf.conf
        ├── rc.conf.local
        ├── relayd.conf
        ├── resolv.conf
        ├── resolv.conf.tail
        ├── rsnapshot.conf
        ├── snmpd.conf
        ├── ssh
        │   └── sshd_config
        ├── sysctl.conf
        ├── syslog.conf
        ├── ttys
        └── vm.conf
    └── var
        ├── cron
            └── tabs
            │   └── root
        ├── unbound
            └── etc
            │   ├── bongo.zone.conf
            │   └── unbound.conf
        └── www
            ├── etc
                └── resolv.conf
            └── htdocs
                ├── captive
                    └── index.html
                └── default
                    ├── disklabel.min
                    ├── index.html
                    ├── install.conf
                    ├── jesse-install.conf
                    ├── jon-openbsd63-install.conf
                    ├── nycmesh-dns-install.conf
                    └── tor-install.conf


/.gitignore:
--------------------------------------------------------------------------------
1 | mnt
2 | *.key
3 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | MIT License
 2 | 
 3 | Copyright (c) 2018 Jon Williams
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # [kibble.bongo.zone](https://kibble.bongo.zone/)
 2 | My OpenBSD gateway configuration, connected to [NYCMesh](https://nycmesh.net). Intended as a how-to guide, in case I ever break this thing.
 3 | 
 4 | * [dmesg](http://dmesgd.nycbug.org/index.cgi?do=view&id=3701)
 5 | 
 6 | ## Network configuration
 7 | 
 8 | I connect to NYCMesh [Node 1340](https://docs.nycmesh.net/nodes/node-1340/).
 9 | 
10 | ```
11 |  +-------------------+
12 |  | Edge router (NAT) | +-----------------------------------------------------+----------------------+
13 |  +-------+----+------+ | kibble.bongo.zone                                   | vmd                  |
14 |          |    |        |-----------------------------------------------------|----------------------|
15 |          |    v        |                                    3+-----------------+-> nycmesh-dns      |
16 | DE/CIX<--+ NYCMesh     |                                 2+----------------+ | +-> tor              |
17 |               ^        |      bridge 0                1+-------------+     | |                      |
18 |               |        |      +--+--+--+--+---------+-------------------+------+-> <testvms>        |
19 |       +-------+------+ |      |  |  |  |  |         |  |  |  |       |  |  | |                      |
20 |       | nycmesh 1340 | |      +  +  +  +  +         +  +  +  +       +  +  | |                      |
21 |       +-------+------+ |em 0  1  2  3  4  5  vether 0  1  2  3  vlan 0  1  2 |                      |
22 |       802.11ac|        +------+--+--+--------------------------------+--+--+-+----------------------+
23 | +-------------+----+ 1Gbps |  |  |  |                                [  [  [
24 | | nycmesh-lbe-1659 +-------+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~%~~%
25 | +------------------+          |  |  |                                [ VLAN tags
26 |                               |  |  |                                ] 1: antenna admin
27 |          +---------+ 100Mbps  |  |  |    VLAN tag for public SSID    [ 2: egress traffic
28 |          + airport +----------+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~%
29 |          +-+-- --+-+             |  |
30 |            |     |               |  |
31 |            |     v               |  |
32 |            v    802.11a/n+b/g/n  |  |       802.11ac/n+n
33 |          Public     ^            |  |           ^
34 |           WiFi      |            |  |           |
35 |                +----+----+ 1Gbps |  | 1Gbps +---+----+
36 |                | macmini +-------+  +-------+ belkin |
37 |                +---------+                  +--------+
38 | ```
39 | <!-- http://www.asciidraw.com/ -->
40 | 
41 | ## Installation Overview
42 | 1. Configure and install OpenBSD
43 | 2. Install packages
44 | 3. Configure services
45 | 
46 | ### Install packages with `pkg_add` 
47 | 
48 | ```bash
49 | pkg_add alpine arping arpwatch bash bsd-airtools coreutils curl git gmake go hping htop iftop \
50 |  iperf3 irssi keybase libxml lynx miniupnpd mosh nload nmap pkglocatedb py-pip py-setuptools \
51 |  py-virtualenv quirks rsnapshot rsync rtl-sdr snort sshguard the_silver_searcher tmux-mem-cpu-load \
52 |  vim vmm-firmware w3m wget wol zsh
53 | ```
54 | <!--
55 | Try to populate from `pkg_info -m | cut -d ' ' -f 1| sed 's/-[1234567890].*//'`
56 | -->
57 | 
58 | ## Features
59 | 
60 | TODO
61 | 
62 | ## References
63 | 
64 | * [vedetta](https://github.com/vedetta-com/vedetta) - OpenBSD Router Boilerplate
65 | * [FQ-CoDel and pf](https://www.reddit.com/r/openbsd/comments/75ps6h/fqcodel_and_pf/) - Flows queue discpline for `pf`
66 | * [Fixing bufferbloat on your home network with OpenBSD 6.2 or newer](https://pauladamsmith.com/blog/2018/07/fixing-bufferbloat-on-your-home-network-with-openbsd-6.2-or-newer.html)
67 | 
68 | 
69 | <!--
70 | 
71 | Updating files -- mount the root file system in ./mnt using sshfs
72 | 
73 | sshfs -o sshfs_debug -o reconnect root@kibble.bongo.zone:/ ~/mnt/kibble
74 | 
75 | Copy over updated files only:
76 | 
77 | rsync -v --existing mnt/etc/* src/etc
78 | rsync -v --existing mnt/var/* src/var
79 | 
80 | 
81 | -->


--------------------------------------------------------------------------------
/script/unbound-gen.rb:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env ruby
 2 | # quick and dirty dns record generation
 3 | 
 4 | first = ARGV[0].to_i
 5 | last = ARGV[1].to_i
 6 | file = ARGV[2] || '/dev/null'
 7 | zone_prefox = ARGV[3] || "mesh"
 8 | zone_net = ARGV[4] || "net"
 9 | zone_bc = ARGV[5] || "all"
10 | ip_prefix = "10.70.145."
11 | zone_suffix = ".bongo.zone"
12 | 
13 | lines = (File.read file).split "\n"
14 | 
15 | puts "## #{$0} #{ARGV.join ' '}\n"
16 | 
17 | octets = (first..last)
18 | octets.each do |octet|
19 |     ip = "#{ip_prefix}#{octet}"
20 |     com = ""
21 |     com = "#" unless lines.grep(/^[^#].*#{ip}"/).empty?
22 | 
23 |     printed = octet
24 |     printed = zone_net if octet == octets.first
25 |     printed = zone_bc if octet == octets.last
26 |     printed = "#{ip_prefix.gsub /\./,'-'}#{printed}"
27 |     host = "#{zone_prefox}-#{printed}#{zone_suffix}"
28 |     puts %{
29 |         #{com}local-data: "#{host} 300 IN A #{ip}"
30 |         #{com}local-data-ptr: "#{ip} #{host}"
31 | }.chomp.sub(/^\s*/, '').gsub(/\n\s*/,"\n")
32 |     end


--------------------------------------------------------------------------------
/src/etc/.gitignore:
--------------------------------------------------------------------------------
1 | *passwd*
2 | random.seed
3 | *.db
4 | 


--------------------------------------------------------------------------------
/src/etc/acme-client.conf:
--------------------------------------------------------------------------------
 1 | #
 2 | # $OpenBSD: acme-client.conf,v 1.7 2018/04/13 08:24:38 ajacoutot Exp $
 3 | #
 4 | authority letsencrypt {
 5 | 	api url "https://acme-v01.api.letsencrypt.org/directory"
 6 | 	account key "/etc/acme/letsencrypt-privkey.pem"
 7 | }
 8 | 
 9 | authority letsencrypt-staging {
10 | 	api url "https://acme-staging.api.letsencrypt.org/directory"
11 | 	account key "/etc/acme/letsencrypt-staging-privkey.pem"
12 | }
13 | 
14 | domain kibble.bongo.zone {
15 | 	alternative names { portal.kibble.bongo.zone }
16 | 	domain key "/etc/ssl/private/kibble.key"
17 | 	domain certificate "/etc/ssl/kibble.crt"
18 | 	domain full chain certificate "/etc/ssl/kibble.fullchain.pem"
19 | 	sign with letsencrypt
20 |   challengedir "/var/www/acme" 
21 | }
22 | 


--------------------------------------------------------------------------------
/src/etc/bgpd.conf:
--------------------------------------------------------------------------------
  1 | # global configuration
  2 | log updates
  3 | AS 65009
  4 | router-id 10.70.130.139
  5 | network 10.70.145.0/24
  6 | network 199.167.59.73/32
  7 | network inet static
  8 | #network inet rtlabel export
  9 | #network 10.10.10.10/32
 10 | #network inet connected
 11 | # restricted socket for bgplg(8)
 12 | socket "/var/www/run/bgpd.rsock" restricted
 13 | 
 14 | # neighbors and peers
 15 | group "nycmesh" {
 16 | 	neighbor 10.70.130.138 {
 17 |     remote-as 64996
 18 | 		descr	"Node 1340"
 19 | 		announce all
 20 | 		#tcp md5sig password mekmitasdigoat
 21 | 	}
 22 | 	neighbor 10.70.145.196 {
 23 |     remote-as 64986
 24 | 		descr	"Jesse VM"
 25 | 		announce all
 26 | 		#tcp md5sig password mekmitasdigoat
 27 | 	}
 28 | }
 29 | 
 30 | # OpenBSD 6.4 default rules
 31 | deny from any
 32 | deny to any
 33 | 
 34 | # do not send or use routes from EBGP neighbors without
 35 | # further explicit configuration
 36 | #deny from ebgp
 37 | #deny to ebgp
 38 | #
 39 | 
 40 | allow from group nycmesh
 41 | allow to group nycmesh
 42 | 
 43 | match from any set nexthop self
 44 | 
 45 | # allow updates to and from IBGP neighbors
 46 | allow from ibgp
 47 | allow to ibgp
 48 | 
 49 | # filter out prefixes longer than 24 or shorter than 8 bits for IPv4
 50 | # and longer than 48 or shorter than 16 bits for IPv6.
 51 | #allow from any inet prefixlen 8 - 24
 52 | #allow from any inet6 prefixlen 16 - 48
 53 | 
 54 | # accept a default route (since the previous rule blocks this)
 55 | #allow from any prefix 0.0.0.0/0
 56 | #allow from any prefix ::/0
 57 | 
 58 | # Honor requests to gracefully shutdown BGP sessions
 59 | # https://tools.ietf.org/html/draft-ietf-grow-bgp-gshut
 60 | match from any community GRACEFUL_SHUTDOWN set { localpref 0 }
 61 | 
 62 | # https://www.arin.net/announcements/2014/20140130.html
 63 | # This block will be subject to a minimum size allocation of /28 and a
 64 | # maximum size allocation of /24. ARIN should use sparse allocation when
 65 | # possible within that /10 block.
 66 | allow from any prefix 23.128.0.0/10 prefixlen 24 - 28	# ARIN IPv6 transition
 67 | 
 68 | # filter bogus networks according to RFC5735
 69 | deny from any prefix 0.0.0.0/8 prefixlen >= 8		# 'this' network [RFC1122]
 70 | #deny from any prefix 10.0.0.0/8 prefixlen >= 8		# private space [RFC1918]
 71 | deny from any prefix 100.64.0.0/10 prefixlen >= 10	# CGN Shared [RFC6598]
 72 | deny from any prefix 127.0.0.0/8 prefixlen >= 8 	# localhost [RFC1122]
 73 | deny from any prefix 169.254.0.0/16 prefixlen >= 16	# link local [RFC3927]
 74 | deny from any prefix 172.16.0.0/12 prefixlen >= 12	# private space [RFC1918]
 75 | deny from any prefix 192.0.2.0/24 prefixlen >= 24	# TEST-NET-1 [RFC5737]
 76 | deny from any prefix 192.168.0.0/16 prefixlen >= 16	# private space [RFC1918]
 77 | deny from any prefix 198.18.0.0/15 prefixlen >= 15	# benchmarking [RFC2544]
 78 | deny from any prefix 198.51.100.0/24 prefixlen >= 24	# TEST-NET-2 [RFC5737]
 79 | deny from any prefix 203.0.113.0/24 prefixlen >= 24	# TEST-NET-3 [RFC5737]
 80 | deny from any prefix 224.0.0.0/4 prefixlen >= 4 	# multicast
 81 | deny from any prefix 240.0.0.0/4 prefixlen >= 4 	# reserved
 82 | 
 83 | # filter bogus IPv6 networks according to IANA
 84 | deny from any prefix ::/8 prefixlen >= 8
 85 | deny from any prefix 0100::/64 prefixlen >= 64		# Discard-Only [RFC6666]
 86 | deny from any prefix 2001:2::/48 prefixlen >= 48	# BMWG [RFC5180]
 87 | deny from any prefix 2001:10::/28 prefixlen >= 28	# ORCHID [RFC4843]
 88 | deny from any prefix 2001:db8::/32 prefixlen >= 32	# docu range [RFC3849]
 89 | deny from any prefix 3ffe::/16 prefixlen >= 16		# old 6bone
 90 | deny from any prefix fc00::/7 prefixlen >= 7		# unique local unicast
 91 | deny from any prefix fe80::/10 prefixlen >= 10		# link local unicast
 92 | deny from any prefix fec0::/10 prefixlen >= 10		# old site local unicast
 93 | deny from any prefix ff00::/8 prefixlen >= 8		# multicast
 94 | 
 95 | # filter bogon AS numbers
 96 | # http://www.iana.org/assignments/as-numbers/as-numbers.xhtml
 97 | deny from any AS 23456				# AS_TRANS
 98 | deny from any AS 64496 - 64511			# Reserved for use in docs and code RFC5398
 99 | #deny from any AS 64512 - 65534			# Reserved for Private Use RFC6996
100 | deny from any AS 65535				# Reserved RFC7300
101 | deny from any AS 65536 - 65551			# Reserved for use in docs and code RFC5398 
102 | deny from any AS 65552 - 131071			# Reserved
103 | deny from any AS 4200000000 - 4294967294	# Reserved for Private Use RFC6996
104 | deny from any AS 4294967295			# Reserved RFC7300
105 | 


--------------------------------------------------------------------------------
/src/etc/boot.conf:
--------------------------------------------------------------------------------
1 | stty com0 9600
2 | #set tty com0
3 | 


--------------------------------------------------------------------------------
/src/etc/daily.local:
--------------------------------------------------------------------------------
 1 | next_part "Refreshing LetsEncrypt Cert"
 2 | acme-client kibble.bongo.zone && rcctl reload httpd && echo "Updated cert; httpd restarted" || echo "Nothing needed to be done."
 3 | 
 4 | next_part "Checking SMART status for disks"
 5 | for i in /dev/[ws]d*c; do  txt=$(/sbin/atactl "$i" smartstatus 2> /dev/null) && echo "$i": "$txt"; done
 6 | 
 7 | next_part "Looking for Syspatches"
 8 | /usr/sbin/syspatch -c
 9 | 
10 | #ROOTBACKUP=1
11 | SUIDSKIP="/snapshots"
12 | 


--------------------------------------------------------------------------------
/src/etc/dhclient.conf:
--------------------------------------------------------------------------------
 1 | # $OpenBSD: dhclient.conf,v 1.1 2014/08/29 18:05:39 ajacoutot Exp $
 2 | #
 3 | # DHCP Client Configuration
 4 | #
 5 | # See dhclient.conf(5) for possible contents of this file.
 6 | 
 7 | interface "vether2" 
 8 | {
 9 | 	# ignore most options here
10 | 	ignore domain-name, domain-name-servers;
11 | }
12 | 


--------------------------------------------------------------------------------
/src/etc/dhcpd.conf:
--------------------------------------------------------------------------------
  1 | authoritative;
  2 | option domain-name "bongo.zone"; 
  3 | use-host-decl-names on;
  4 | filename "auto_install";
  5 | 
  6 | # Trusted LAN
  7 | subnet 10.70.145.0 netmask 255.255.255.192 {
  8 |   range 10.70.145.40 10.70.145.62;
  9 |   option routers 10.70.145.1;
 10 |   #option domain-name-servers 10.70.145.199;
 11 |   option domain-name-servers 10.70.145.1, 10.10.10.10, 10.70.131.129;
 12 | 
 13 |   host jansky {
 14 |     fixed-address jansky.bongo.zone;
 15 |     hardware ethernet 70:85:c2:af:fb:0c;
 16 |   }
 17 |   host jansky { # Ubuntu
 18 |     fixed-address jansky.bongo.zone;
 19 |     hardware ethernet 70:85:c2:af:fb:0c;
 20 |     hardware ethernet 18:56:80:92:b5:85;
 21 |   }
 22 | 
 23 |   host superstring { # MBPro
 24 |     fixed-address superstring.bongo.zone;
 25 |     hardware ethernet 78:4f:43:60:6e:98;
 26 |   }
 27 |   host planck {
 28 |     fixed-address planck.bongo.zone;
 29 |     #hardware ethernet 74:da:38:8f:b8:d7; # this is the address for the tiny wifi card
 30 |     hardware ethernet b8:27:eb:be:67:20; # this is the ethernet
 31 |     #hardware ethernet 0:8:54:86:c1:60; # thus us the weird janky card from home
 32 | 
 33 |   }
 34 |   host hawking { # IdeaPad
 35 |     fixed-address hawking.bongo.zone;
 36 |     hardware ethernet 64:6e:69:ec:56:c3;
 37 |   }
 38 |   host penrose { # Thinkpad
 39 |     fixed-address penrose.bongo.zone;
 40 |     hardware ethernet 0:24:d7:a:2d:c; # WIFI
 41 |   }
 42 |   host roku {
 43 |     fixed-address roku.bongo.zone;
 44 |     hardware ethernet 0c:62:a6:ae:3a:86;
 45 |   }
 46 |   host roku-wired {
 47 |     fixed-address wired.roku.bongo.zone;
 48 |     hardware ethernet 5c:ad:76:2a:17:5e;
 49 |   }
 50 |   host nycmesh-lbe-1659 {
 51 |     fixed-address nycmesh-lbe-1659.bongo.zone;
 52 |     hardware ethernet fc:ec:da:95:9a:5c;
 53 |   }
 54 |   host nintendo {
 55 |     fixed-address nintendo.bongo.zone;
 56 |     hardware ethernet 98:b6:e9:5:0:4b;
 57 |   }
 58 |   host airport {
 59 |     fixed-address airport.bongo.zone;
 60 |     hardware ethernet 28:37:37:3f:05:4c;
 61 |   }
 62 |   host wemo-switch {
 63 |     fixed-address wemo-switch.bongo.zone;
 64 |     hardware ethernet 08:86:3b:6c:57:c1;
 65 |   }
 66 |   host wemo-motion {
 67 |     fixed-address wemo-motion.bongo.zone;
 68 |     hardware ethernet 08:86:3B:6C:BB:C5;
 69 |   }
 70 |   host belkin { # 802.11AC
 71 |     fixed-address belkin.bongo.zone;
 72 |     hardware ethernet 14:91:82:f7:d2:b0;
 73 |   }
 74 |   host hubble { # NSLU2
 75 |     fixed-address hubble.bongo.zone;
 76 |     hardware ethernet 00:18:39:ab:19:b0;
 77 |   }
 78 |   host steam {
 79 |     fixed-address steam.bongo.zone;
 80 |     hardware ethernet e0:31:9e:16:48:87;
 81 |   }
 82 | 
 83 |   host isp-mb { # SEAMBP2410 / 16" MBPRO 2019 
 84 |     fixed-address isp-mb.bongo.zone;
 85 |     hardware ethernet 3c:22:fb:42:b3:de;
 86 |   }
 87 | }
 88 | 
 89 | # vmd service zone
 90 | subnet 10.70.145.192 netmask 255.255.255.224 {
 91 |   range 10.70.145.216 10.70.145.222;
 92 |   option routers 10.70.145.193;
 93 |   option domain-name-servers 10.70.145.1, 10.10.10.10, 10.70.131.129;
 94 | 
 95 |   host nycmesh-dns {
 96 |     fixed-address nycmesh-dns.bongo.zone, 10.10.10.10;
 97 |     hardware ethernet 00:00:0A:46:91:C2;
 98 |   }
 99 |   host alpine1 {
100 |     fixed-address alpine1.bongo.zone;
101 |     hardware ethernet 00:00:0A:46:91:C3;
102 |   }
103 |   host alpine2 {
104 |     fixed-address alpine2.bongo.zone;
105 |     hardware ethernet 00:00:0A:46:91:C4;
106 |   }
107 |   host docker-jon {
108 |     fixed-address docker-jon.bongo.zone;
109 |     hardware ethernet 00:00:0A:46:91:C7;
110 |   }
111 | }
112 | 
113 | # Untrusted LAN
114 | subnet 10.70.145.224 netmask 255.255.255.224 {
115 |   option domain-name-servers 10.70.145.225, 10.10.10.10, 10.70.131.129;
116 |   option routers 10.70.145.225;
117 |   range 10.70.145.226 10.70.145.254;
118 |   option domain-name "nycmesh.net"; 
119 | }
120 | 


--------------------------------------------------------------------------------
/src/etc/doas.conf:
--------------------------------------------------------------------------------
 1 | # $OpenBSD: doas.conf,v 1.1 2016/09/03 11:58:32 pirofti Exp $
 2 | # Configuration sample file for doas(1).
 3 | # See doas.conf(5) for syntax and examples.
 4 | 
 5 | # Non-exhaustive list of variables needed to build release(8) and ports(7)
 6 | #permit nopass setenv { \
 7 | #    FTPMODE PKG_CACHE PKG_PATH SM_PATH SSH_AUTH_SOCK \
 8 | #    DESTDIR DISTDIR FETCH_CMD FLAVOR GROUP MAKE MAKECONF \
 9 | #    MULTI_PACKAGES NOMAN OKAY_FILES OWNER PKG_DBDIR \
10 | #    PKG_DESTDIR PKG_TMPDIR PORTSDIR RELEASEDIR SHARED_ONLY \
11 | #    SUBPACKAGE WRKOBJDIR SUDO_PORT_V1 } :wsrc
12 | 
13 | # Allow wheel by default
14 | permit persist keepenv :wheel
15 | 


--------------------------------------------------------------------------------
/src/etc/fstab:
--------------------------------------------------------------------------------
 1 | cd6844955f21dab6.b none swap sw
 2 | cd6844955f21dab6.a / ffs rw 1 1
 3 | cd6844955f21dab6.l /home ffs rw,nodev,nosuid,softdep,noatime 1 2
 4 | #cd6844955f21dab6.d /tmp ffs rw,nodev,nosuid,softdep,noatime 1 2
 5 | swap               /tmp mfs rw,nodev,nosuid,-s=2G,-P=/dev/sd0d 0 0
 6 | cd6844955f21dab6.f /usr ffs rw,nodev,softdep,noatime 1 2
 7 | cd6844955f21dab6.h /usr/local ffs rw,wxallowed,nodev,softdep,noatime 1 2
 8 | cd6844955f21dab6.k /usr/obj ffs rw,nodev,nosuid,softdep,noatime 1 2
 9 | cd6844955f21dab6.j /usr/src ffs rw,nodev,nosuid,softdep,noatime 1 2
10 | cd6844955f21dab6.e /var ffs rw,nodev,nosuid,softdep,noatime 1 2
11 | swap               /var/run mfs rw,nodev,nosuid,-s=16M,-P=/var/run 0 0
12 | #6ba08f38bd616529.a /altroot ffs xx 0 0
13 | #6ba08f38bd616529.b /snapshots ffs rw,nodev,noexec,softdep,noatime,noperm,nosuid,noauto 0 2
14 | 79a84123b65f2c16.a /altroot ffs xx 0 0
15 | 79a84123b65f2c16.b /snapshots ffs rw,nodev,noexec,softdep,noatime,noperm,nosuid,noauto 0 0
16 | #10.70.145.14:/zfs/kibble /snapshots nfs rw,net,nodev,nosuid,soft,intr,-b, 0 0
17 | 


--------------------------------------------------------------------------------
/src/etc/hostname.bridge0:
--------------------------------------------------------------------------------
 1 | description "Bridged LAN"
 2 | group lan
 3 | group trusted
 4 | group bridge
 5 | add vether0
 6 | add em1
 7 | add em2
 8 | add em3
 9 | add em4
10 | add em5
11 | add vlan1
12 | # Try to stop the Airport express from sending weird arps
13 | rule block on em1 src 28:37:37:3f:5:4c arp spa 10.70.145.50
14 | # Block STP from Belkin
15 | #blocknonip em3
16 | #link1 # Block non-IP multicast
17 | up
18 | 


--------------------------------------------------------------------------------
/src/etc/hostname.bridge1:
--------------------------------------------------------------------------------
1 | description "Bridged LAN (Untrusted)"
2 | group lan
3 | group untrusted
4 | group bridge
5 | add vether1
6 | add vlan0
7 | up
8 | 


--------------------------------------------------------------------------------
/src/etc/hostname.bridge2:
--------------------------------------------------------------------------------
1 | description "Bridged WAN"
2 | group wan
3 | group bridge
4 | add vether2
5 | add vlan2
6 | up
7 | 


--------------------------------------------------------------------------------
/src/etc/hostname.bridge3:
--------------------------------------------------------------------------------
1 | description "vmd service bridge"
2 | group lan
3 | group trusted
4 | group bridge
5 | add vether3
6 | up
7 | 


--------------------------------------------------------------------------------
/src/etc/hostname.bridge4:
--------------------------------------------------------------------------------
1 | description "vmd test bridge"
2 | group lan
3 | group bridge
4 | up
5 | 


--------------------------------------------------------------------------------
/src/etc/hostname.em0:
--------------------------------------------------------------------------------
1 | description "nycmesh-lbe-1659"
2 | up
3 | 


--------------------------------------------------------------------------------
/src/etc/hostname.em1:
--------------------------------------------------------------------------------
1 | description "Apple Airport Express"
2 | group wifi
3 | group lan
4 | group bridged
5 | group trusted
6 | up
7 | 


--------------------------------------------------------------------------------
/src/etc/hostname.em2:
--------------------------------------------------------------------------------
1 | description "Airport"
2 | group lan
3 | group bridged
4 | group bulk
5 | group trusted
6 | up
7 | 


--------------------------------------------------------------------------------
/src/etc/hostname.em3:
--------------------------------------------------------------------------------
1 | description "Belkin AP"
2 | group lan
3 | group bridged
4 | group trusted
5 | up
6 | 


--------------------------------------------------------------------------------
/src/etc/hostname.em4:
--------------------------------------------------------------------------------
1 | group lan
2 | group bridged
3 | group trusted
4 | up
5 | 


--------------------------------------------------------------------------------
/src/etc/hostname.em5:
--------------------------------------------------------------------------------
1 | group lan
2 | group bridged
3 | group trusted
4 | up
5 | 


--------------------------------------------------------------------------------
/src/etc/hostname.enc0:
--------------------------------------------------------------------------------
1 | description "Admin VPN"
2 | group trusted
3 | up
4 | 


--------------------------------------------------------------------------------
/src/etc/hostname.vether0:
--------------------------------------------------------------------------------
1 | description "LAN for bridge0"
2 | inet 10.70.145.1 255.255.255.192 10.70.145.63
3 | group lan
4 | group trusted
5 | group bridged
6 | 


--------------------------------------------------------------------------------
/src/etc/hostname.vether1:
--------------------------------------------------------------------------------
1 | description "LAN for bridge1"
2 | inet 10.70.145.225 255.255.255.224 10.70.145.255
3 | group lan
4 | group untrusted
5 | group bridged
6 | 


--------------------------------------------------------------------------------
/src/etc/hostname.vether2:
--------------------------------------------------------------------------------
 1 | description "for bridge2"
 2 | group nycmesh
 3 | group bridged
 4 | #!route add -net 10.70.145.0/24 127.0.0.1 -reject -priority 30 # try putting this earlier to see if it fixes lightbeam
 5 | #inet 199.167.59.73 255.255.255.255 NONE
 6 | #dest 10.70.131.129
 7 | #inet6 autoconf
 8 | 
 9 | # BGP peering network
10 | #inet alias 10.70.130.139/31
11 | #inet6 alias fdff:1508:6410:1::22 64
12 | dhcp
13 | 


--------------------------------------------------------------------------------
/src/etc/hostname.vether3:
--------------------------------------------------------------------------------
1 | description "LAN for bridge3"
2 | inet 10.70.145.193 255.255.255.192 10.70.145.223
3 | group lan
4 | group trusted
5 | group bridged
6 | 


--------------------------------------------------------------------------------
/src/etc/hostname.vlan0:
--------------------------------------------------------------------------------
1 | description "Airport Guest Network VLAN"
2 | #create 
3 | parent em1 vnetid 1003
4 | group lan
5 | group untrusted
6 | group bulk
7 | group bridged
8 | up
9 | 


--------------------------------------------------------------------------------
/src/etc/hostname.vlan1:
--------------------------------------------------------------------------------
1 | description "nycmesh-lbe-1659 mgmt VLAN"
2 | parent em0 vnetid 2 
3 | group lan
4 | group trusted
5 | group bridged
6 | up
7 | 


--------------------------------------------------------------------------------
/src/etc/hostname.vlan2:
--------------------------------------------------------------------------------
1 | description "nycmesh-lbe-1659 WAN VLAN"
2 | group nycmesh
3 | group bridged
4 | parent em0 vnetid 3
5 | up
6 | 


--------------------------------------------------------------------------------
/src/etc/hosts:
--------------------------------------------------------------------------------
1 | 127.0.0.1	localhost
2 | ::1		localhost
3 | 10.70.145.33 nycmesh-lbe-1659
4 | 


--------------------------------------------------------------------------------
/src/etc/hotplug/attach:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 |  
 3 | DEVCLASS=$1 
 4 | DEVNAME=$2 
 5 |  
 6 | case $DEVCLASS in 
 7 | 2) 
 8 | 	# disk devices 
 9 | 	disklabel=`/sbin/disklabel $DEVNAME 2>&1 | sed -n '/^label: /s/^label: //p'` 
10 |   duid=`/sbin/disklabel $DEVNAME 2>&1 | sed -n '/^duid: /s/^duid: //p'`
11 |   grep -q $duid /etc/fstab && echo "Attempting to mount any partitions on $DEVNAME $duid: $disklabel"
12 |   echo q  | /sbin/disklabel -E -F /dev/stderr $DEVNAME 2>&1 1> /dev/null | cut -d ' ' -f 1 | xargs -n 1 mount -v
13 | 	;; 
14 | 3) 
15 | 	# network devices; requires hostname.$DEVNAME 
16 | 	#sh /etc/netstart $DEVNAME 
17 | 	;; 
18 | esac
19 | 
20 | 


--------------------------------------------------------------------------------
/src/etc/httpd.conf:
--------------------------------------------------------------------------------
 1 | server "captive.apple.com" {
 2 | 	alias "portal.kibble.bongo.zone"
 3 | 	# since this is first captive portal redirects will end up here
 4 | 	listen on 127.0.0.1 port 80
 5 | 	listen on * port 80
 6 | 	listen on 127.0.0.1 tls port 443
 7 |   listen on * tls port 443
 8 |   tls {
 9 |     certificate "/etc/ssl/kibble.fullchain.pem"
10 |     key "/etc/ssl/private/kibble.key"
11 |   }
12 |   root "/htdocs/captive"
13 |   location "/.well-known/acme-challenge/*" {
14 |     root "/acme"
15 |     request strip 2
16 |   }
17 | 	location match "/(.+)" { 
18 | 		block return 302 "https://portal.kibble.bongo.zone"
19 | 	} 
20 | }
21 | 
22 | server "kibble.bongo.zone" {
23 | 	listen on 127.0.0.1 port 80
24 | 	listen on ::1 port 80
25 | 	listen on * port 80
26 |   location * {
27 |     block return 302 "https://$HTTP_HOST$REQUEST_URI"
28 |   }
29 | }
30 | 
31 | server match "^[%d.]+$" { # This should catch IPv4 numeric hostnames
32 |   listen on 127.0.0.1 port 80
33 |   listen on ::1 port 80
34 |   listen on * port 80
35 |   root "/htdocs/default"
36 |   location "/" {
37 |     block return 302 "https://kibble.bongo.zone$REQUEST_URI"
38 |   }
39 | }
40 | 
41 | server "kibble.bongo.zone" {
42 |   # add alias blocks here
43 | 	listen on 127.0.0.1 tls port 443
44 |   listen on * tls port 443
45 |   tls {
46 |     certificate "/etc/ssl/kibble.fullchain.pem"
47 |     key "/etc/ssl/private/kibble.key"
48 |   }
49 |   root "/htdocs/default"
50 | 	location "/bgplg/*" { 
51 |     root "/htdocs/bgplg"
52 |     request strip 1
53 |   }
54 | 	location "/cgi-bin/*" { 
55 | 		fastcgi 
56 | 		root "" 
57 | 	} 
58 |   location "/.well-known/acme-challenge/*" {
59 |     root "/acme"
60 |     request strip 2
61 |   }
62 |   hsts subdomains
63 | }
64 | 


--------------------------------------------------------------------------------
/src/etc/iked.conf:
--------------------------------------------------------------------------------
 1 | ikev2 "mesh" passive ipcomp esp \
 2 |   from 0.0.0.0/0 to 10.70.145.64/28 \
 3 |   from 10.70.145.0/24 to 10.70.145.64/28 \
 4 |   local 199.167.59.73 peer any \
 5 |   psk 90210foobar2mesh8675309 \
 6 |   config protected-subnet 10.0.0.0/8 \
 7 |   config address 10.70.145.64/28 \
 8 |   config name-server 10.70.145.1 \
 9 |   tag IKED tap enc0
10 | 
11 | #  config protected-subnet 0.0.0.0/0 \
12 | #  config protected-subnet 10.70.145.0/24 \
13 | 


--------------------------------------------------------------------------------
/src/etc/installurl:
--------------------------------------------------------------------------------
1 | https://cloudflare.cdn.openbsd.org/pub/OpenBSD/
2 | 


--------------------------------------------------------------------------------
/src/etc/man.conf:
--------------------------------------------------------------------------------
 1 | #	$OpenBSD: man.conf,v 1.2 2015/03/27 21:17:16 schwarze Exp $
 2 | # man(1)/apropos(1)/makewhatis(8) configuration, see man.conf(5).
 3 | # This sample file shows the default settings.
 4 | 
 5 | # Default search path for manual pages.
 6 | # Copy these three lines, then add, delete, or reorder as desired.
 7 | manpath /usr/share/man
 8 | manpath /usr/X11R6/man
 9 | manpath /usr/local/man
10 | manpath /usr/local/lib/node_modules/npm/man
11 | 
12 | # Options for terminal output.
13 | output width 78
14 | output indent 5
15 | 
16 | # Option for PostScript and PDF output.
17 | output paper letter
18 | 


--------------------------------------------------------------------------------
/src/etc/miniupnpd.conf:
--------------------------------------------------------------------------------
  1 | # WAN network interface
  2 | ext_ifname=vether2
  3 | #ext_ifname=xl1
  4 | # if the WAN interface has several IP addresses, you
  5 | # can specify the one to use below
  6 | ext_ip=199.167.59.73
  7 | 
  8 | # LAN network interfaces IPs / networks
  9 | # there can be multiple listening ips for SSDP traffic.
 10 | # should be under the form nnn.nnn.nnn.nnn/nn
 11 | # It can also be the network interface name (ie "eth0")
 12 | # It if mandatory to use the network interface name to enable IPv6
 13 | # HTTP is available on all interfaces.
 14 | # When MULTIPLE_EXTERNAL_IP is enabled, the external ip
 15 | # address associated with the subnet follows. for example :
 16 | #  listening_ip=192.168.0.1/24 88.22.44.13
 17 | #listening_ip=192.168.0.1/24
 18 | #listening_ip=10.5.0.0/16
 19 | listening_ip=vether0
 20 | # CAUTION: mixing up WAN and LAN interfaces may introduce security risks!
 21 | # be sure to assign the correct interfaces to LAN and WAN and consider
 22 | # implementing UPnP permission rules at the bottom of this configuration file
 23 | 
 24 | # port for HTTP (descriptions and SOAP) traffic. set 0 for autoselect.
 25 | http_port=9660
 26 | # port for HTTPS. set to 0 for autoselect (default)
 27 | #https_port=0
 28 | 
 29 | # path to the unix socket used to communicate with MiniSSDPd
 30 | # If running, MiniSSDPd will manage M-SEARCH answering.
 31 | # default is /var/run/minissdpd.sock
 32 | #minissdpdsocket=/var/run/minissdpd.sock
 33 | 
 34 | # enable NAT-PMP support (default is no)
 35 | #enable_natpmp=yes
 36 | 
 37 | # enable UPNP support (default is yes)
 38 | #enable_upnp=no
 39 | 
 40 | # PCP :
 41 | # configure minimal and maximal lifetime of the port mapping in seconds
 42 | # 120s and 86400s (24h) are suggested values from PCP-base
 43 | #min_lifetime=120
 44 | #max_lifetime=86400
 45 | 
 46 | # chain names for netfilter (not used for pf or ipf).
 47 | # default is MINIUPNPD for both
 48 | #upnp_forward_chain=forwardUPnP
 49 | #upnp_nat_chain=UPnP
 50 | 
 51 | # lease file location
 52 | #lease_file=/var/log/upnp.leases
 53 | 
 54 | # to enable the next few runtime options, see compile time
 55 | # ENABLE_MANUFACTURER_INFO_CONFIGURATION (config.h)
 56 | 
 57 | # name of this service, default is "`uname -s` router"
 58 | #friendly_name=MiniUPnPd router
 59 | 
 60 | # manufacturer name, default is "`uname -s`"
 61 | #manufacturer_name=Manufacturer corp
 62 | 
 63 | # manufacturer url, default is URL of OS verndor
 64 | #manufacturer_url=http://miniupnp.free.fr/
 65 | 
 66 | # model name, default is "`uname -s` router"
 67 | #model_name=Router Model
 68 | 
 69 | # model description, default is "`uname -s` router"
 70 | #model_description=Very Secure Router - Model
 71 | 
 72 | # model url, default is URL of OS vendor
 73 | #model_url=http://miniupnp.free.fr/
 74 | 
 75 | # bitrates reported by daemon in bits per second
 76 | # by default miniupnpd tries to get WAN interface speed
 77 | #bitrate_up=1000000
 78 | #bitrate_down=10000000
 79 | 
 80 | # "secure" mode : when enabled, UPnP client are allowed to add mappings only
 81 | # to their IP.
 82 | secure_mode=yes
 83 | #secure_mode=no
 84 | 
 85 | # default presentation url is http address on port 80
 86 | # If set to an empty string, no presentationURL element will appear
 87 | # in the XML description of the device, which prevents MS Windows
 88 | # from displaying an icon in the "Network Connections" panel.
 89 | #presentation_url=http://www.mylan/index.php
 90 | 
 91 | # report system uptime instead of daemon uptime
 92 | system_uptime=yes
 93 | 
 94 | # notify interval in seconds. default is 30 seconds.
 95 | #notify_interval=240
 96 | notify_interval=60
 97 | 
 98 | # unused rules cleaning.
 99 | # never remove any rule before this threshold for the number
100 | # of redirections is exceeded. default to 20
101 | #clean_ruleset_threshold=10
102 | # clean process work interval in seconds. default to 0 (disabled).
103 | # a 600 seconds (10 minutes) interval makes sense
104 | clean_ruleset_interval=600
105 | 
106 | # log packets in pf (default is no)
107 | #packet_log=no
108 | 
109 | # anchor name in pf (default is miniupnpd)
110 | #anchor=miniupnpd
111 | 
112 | # ALTQ queue in pf
113 | # filter rules must be used for this to be used.
114 | # compile with PF_ENABLE_FILTER_RULES (see config.h file)
115 | #queue=queue_name1
116 | 
117 | # tag name in pf
118 | tag=miniupnp
119 | 
120 | # make filter rules in pf quick or not. default is yes
121 | # active when compiled with PF_ENABLE_FILTER_RULES (see config.h file)
122 | quickrules=no
123 | 
124 | # uuid : generate your own with uuid(1) or uuidgen(1)
125 | #uuid=00000000-0000-0000-0000-000000000000
126 | uuid=54F7B401-C8FF-4DCD-9667-43991DD98A94
127 | 
128 | # serial and model number the daemon will report to clients
129 | # in its XML description
130 | #serial=12345678
131 | #model_number=1
132 | 
133 | # UPnP permission rules
134 | # (allow|deny) (external port range) ip/mask (internal port range)
135 | # A port range is <min port>-<max port> or <port> if there is only
136 | # one port in the range.
137 | # ip/mask format must be nn.nn.nn.nn/nn
138 | # it is advised to only allow redirection of port above 1024
139 | # and to finish the rule set with "deny 0-65535 0.0.0.0/0 0-65535"
140 | # The following default ruleset allows specific LAN side IP addresses
141 | # to request only ephemeral ports. it is recommended that users
142 | # modify the IP ranges to match their own internal networks, and
143 | # also consider implementing network-specific restrictions
144 | # CAUTION: failure to enforce any rules may permit insecure requests to be made!
145 | #allow 1024-65535 192.168.0.0/24 1024-65535
146 | #allow 1024-65535 192.168.1.0/24 1024-65535
147 | allow 10000-65535 10.70.145.0/26 1024-65535
148 | #allow 12345 192.168.7.113/32 54321
149 | deny 0-65535 0.0.0.0/0 0-65535
150 | 


--------------------------------------------------------------------------------
/src/etc/mtree/special:
--------------------------------------------------------------------------------
  1 | #	$OpenBSD: special,v 1.125 2018/02/10 05:56:47 florian Exp $
  2 | #
  3 | # Hand-crafted mtree specification for the dangerous files.
  4 | #
  5 | 
  6 | .		type=dir mode=0755 uname=root gname=wheel
  7 | 
  8 | dev		type=dir mode=0755 uname=root gname=wheel
  9 | fd		type=dir mode=0555 uname=root gname=wheel ignore
 10 | ..	#dev/fd
 11 | kmem		type=char mode=0640 uname=root gname=kmem
 12 | mem		type=char mode=0640 uname=root gname=kmem
 13 | ..	#dev
 14 | 
 15 | etc		type=dir mode=0755 uname=root gname=wheel
 16 | acme-client.conf	type=file mode=0644 uname=root gname=wheel optional
 17 | bgpd.conf	type=file mode=0644 uname=root gname=wheel optional
 18 | chio.conf	type=file mode=0644 uname=root gname=operator optional
 19 | crontab		type=file mode=0600 uname=root gname=wheel optional
 20 | csh.cshrc	type=file mode=0644 uname=root gname=wheel optional
 21 | csh.login	type=file mode=0644 uname=root gname=wheel optional
 22 | csh.logout	type=file mode=0644 uname=root gname=wheel optional
 23 | daily		type=file mode=0644 uname=root gname=wheel
 24 | daily.local	type=file mode=0644 uname=root gname=wheel optional
 25 | dhcpd.conf	type=file mode=0644 uname=root gname=wheel optional
 26 | dvmrpd.conf	type=file mode=0600 uname=root gname=wheel optional
 27 | exports		type=file mode=0644 uname=root gname=wheel optional
 28 | fbtab		type=file mode=0644 uname=root gname=wheel
 29 | fstab		type=file mode=0644 uname=root gname=wheel
 30 | ftpchroot	type=file mode=0644 uname=root gname=wheel optional
 31 | ftpusers	type=file mode=0644 uname=root gname=wheel
 32 | group		type=file mode=0644 uname=root gname=wheel
 33 | hostapd.conf	type=file mode=0600 uname=root gname=wheel optional
 34 | hosts		type=file mode=0644 uname=root gname=wheel
 35 | httpd.conf	type=file mode=0644 uname=root gname=wheel optional
 36 | ifstated.conf	type=file mode=0644 uname=root gname=wheel optional
 37 | iked		type=dir mode=0755 uname=root gname=wheel
 38 | ..	#iked
 39 | iked.conf	type=file mode=0640 uname=root gname=wheel optional
 40 | inetd.conf	type=file mode=0644 uname=root gname=wheel optional
 41 | ipsec.conf	type=file mode=0600 uname=root gname=wheel optional
 42 | isakmpd		type=dir mode=0755 uname=root gname=wheel
 43 | isakmpd.conf	type=file mode=0600 uname=root gname=wheel optional
 44 | isakmpd.policy	type=file mode=0600 uname=root gname=wheel optional
 45 | ..	#isakmpd
 46 | ldapd.conf	type=file mode=0600 uname=root gname=wheel optional
 47 | ldpd.conf	type=file mode=0600 uname=root gname=wheel optional
 48 | login.conf	type=file mode=0644 uname=root gname=wheel
 49 | mail.rc		type=file mode=0644 uname=root gname=wheel
 50 | mailer.conf	type=file mode=0644 uname=root gname=wheel
 51 | master.passwd	type=file mode=0600 uname=root gname=wheel
 52 | monthly		type=file mode=0644 uname=root gname=wheel
 53 | monthly.local	type=file mode=0644 uname=root gname=wheel optional
 54 | mrouted.conf	type=file mode=0644 uname=root gname=wheel optional
 55 | mail		type=dir mode=0755 uname=root gname=wheel
 56 | aliases		type=file mode=0644 uname=root gname=wheel optional
 57 | aliases.db	type=file mode=0644 uname=root gname=wheel optional
 58 | secrets		type=file mode=0640 uname=root gname=_smtpd optional
 59 | secrets.db	type=file mode=0640 uname=root gname=_smtpd optional
 60 | smtpd.conf	type=file mode=0644 uname=root gname=wheel
 61 | spamd.conf	type=file mode=0644 uname=root gname=wheel optional
 62 | ..	#mail
 63 | mtree		type=dir mode=0755 uname=root gname=wheel
 64 | special		type=file mode=0644 uname=root gname=wheel
 65 | ..	#mtree
 66 | moduli		type=file mode=0644 uname=root gname=wheel
 67 | netstart	type=file mode=0644 uname=root gname=wheel
 68 | npppd		type=dir mode=0755 uname=root gname=wheel
 69 | npppd.conf	type=file mode=0640 uname=root gname=wheel
 70 | npppd-users	type=file mode=0600 uname=root gname=wheel
 71 | ..	#npppd
 72 | ntpd.conf	type=file mode=0644 uname=root gname=wheel optional
 73 | ospfd.conf	type=file mode=0600 uname=root gname=wheel optional
 74 | ospf6d.conf	type=file mode=0600 uname=root gname=wheel optional
 75 | passwd		type=file mode=0644 uname=root gname=wheel
 76 | pf.conf		type=file mode=0644 uname=root gname=wheel optional
 77 | printcap	mode=0644 uname=root gname=wheel optional
 78 | radiusd.conf	type=file mode=0600 uname=root gname=wheel optional
 79 | rc		type=file mode=0644 uname=root gname=wheel
 80 | rc.conf		type=file mode=0644 uname=root gname=wheel
 81 | rc.conf.local	type=file mode=0644 uname=root gname=wheel optional
 82 | rc.local	type=file mode=0644 uname=root gname=wheel optional
 83 | rc.securelevel	type=file mode=0644 uname=root gname=wheel optional
 84 | rc.shutdown	type=file mode=0644 uname=root gname=wheel optional
 85 | relayd.conf	type=file mode=0644 uname=root gname=wheel optional
 86 | remote		type=file mode=0644 uname=root gname=wheel optional
 87 | resolv.conf	type=file mode=0644 uname=root gname=wheel optional
 88 | resolv.conf.tail type=file mode=0644 uname=root gname=wheel optional
 89 | rbootd.conf	type=file mode=0644 uname=root gname=wheel optional
 90 | ripd.conf	type=file mode=0600 uname=root gname=wheel optional
 91 | sasyncd.conf	type=file mode=0600 uname=root gname=wheel optional
 92 | sensorsd.conf	type=file mode=0644 uname=root gname=wheel optional
 93 | shells		type=file mode=0644 uname=root gname=wheel
 94 | skey		type=dir mode=01730 uname=root gname=auth optional
 95 | ..	#skey
 96 | snmpd.conf	type=file mode=0644 uname=root gname=wheel optional
 97 | soii.key	type=file mode=0600 uname=root gname=wheel optional
 98 | spwd.db		type=file mode=0640 uname=root gname=_shadow
 99 | ssh		type=dir mode=0755 uname=root gname=wheel optional
100 | ssh_config	type=file mode=0644 uname=root gname=wheel
101 | ssh_host_dsa_key	type=file mode=0600 uname=root gname=wheel optional
102 | ssh_host_dsa_key.pub	type=file mode=0644 uname=root gname=wheel optional
103 | ssh_host_ecdsa_key	type=file mode=0600 uname=root gname=wheel optional
104 | ssh_host_ecdsa_key.pub	type=file mode=0644 uname=root gname=wheel optional
105 | ssh_host_ed25519_key	type=file mode=0600 uname=root gname=wheel optional
106 | ssh_host_ed25519_key.pub	type=file mode=0644 uname=root gname=wheel optional
107 | ssh_host_key	type=file mode=0600 uname=root gname=wheel optional
108 | ssh_host_key.pub	type=file mode=0644 uname=root gname=wheel optional
109 | ssh_host_rsa_key	type=file mode=0600 uname=root gname=wheel optional
110 | ssh_host_rsa_key.pub	type=file mode=0644 uname=root gname=wheel optional
111 | sshd_config	type=file mode=0644 uname=root gname=wheel
112 | ..	#ssh
113 | syslog.conf	type=file mode=0644 uname=root gname=wheel
114 | ttys		type=file mode=0644 uname=root gname=wheel
115 | vm.conf		type=file mode=0644 uname=root gname=wheel optional
116 | weekly		type=file mode=0644 uname=root gname=wheel
117 | weekly.local	type=file mode=0644 uname=root gname=wheel optional
118 | ypldap.conf	type=file mode=0600 uname=root gname=wheel optional
119 | ..	#etc
120 | 
121 | root		type=dir mode=0700 uname=root gname=wheel
122 | .cshrc		type=file mode=0644 uname=root gname=wheel
123 | .login		type=file mode=0644 uname=root gname=wheel
124 | .profile	type=file mode=0644 uname=root gname=wheel
125 | .rhosts		type=file mode=0600 uname=root gname=wheel optional
126 | .ssh		type=dir mode=0700 uname=root gname=wheel
127 | authorized_keys	type=file mode=0600 uname=root gname=wheel
128 | ..	#root/.ssh
129 | ..	#root
130 | 
131 | sbin		type=dir mode=0755 uname=root gname=wheel ignore
132 | ..	#sbin
133 | 
134 | usr		type=dir mode=0755 uname=root gname=wheel
135 | bin		type=dir mode=0755 uname=root gname=wheel ignore
136 | ..	#usr/bin
137 | games		type=dir mode=0755 uname=root gname=wheel optional
138 | ..	#usr/games
139 | include		type=dir mode=0755 uname=root gname=bin ignore
140 | ..	#usr/include
141 | lib		type=dir mode=0755 uname=root gname=wheel ignore
142 | ..	#usr/lib
143 | libdata		type=dir mode=0755 uname=root gname=wheel ignore
144 | ..	#usr/libdata
145 | libexec		type=dir mode=0755 uname=root gname=wheel
146 | auth		type=dir mode=0750 uname=root gname=auth ignore
147 | ..	#usr/libexec/auth
148 | ..	#usr/libexec
149 | local		type=dir mode=0755 uname=root gname=wheel
150 | bin		type=dir mode=0755 uname=root gname=wheel ignore
151 | ..	#usr/local/bin
152 | lib		type=dir mode=0755 uname=root gname=wheel ignore
153 | ..	#usr/local/lib
154 | ..	#usr/local
155 | sbin		type=dir mode=0755 uname=root gname=wheel ignore
156 | ..	#usr/sbin
157 | share		type=dir mode=0755 uname=root gname=wheel ignore
158 | ..	#usr/share
159 | ..	#usr
160 | 
161 | var		type=dir mode=0755 uname=root gname=wheel
162 | account		type=dir mode=0755 uname=root gname=wheel
163 | acct		type=file mode=0644 uname=root gname=wheel optional
164 | ..	#var/account
165 | yp		type=dir mode=0755 uname=root gname=wheel optional ignore
166 | ..	#var/yp
167 | backups		type=dir mode=0700 uname=root gname=wheel ignore
168 | ..	#var/backups
169 | cron		type=dir mode=0555 uname=root gname=wheel
170 | log		type=file mode=0600 uname=root gname=wheel
171 | atjobs		type=dir mode=01770 uname=root gname=crontab ignore
172 | ..	#var/cron/atjobs
173 | tabs		type=dir mode=01730 uname=root gname=crontab ignore
174 | ..	#var/cron/tabs
175 | ..	#var/cron
176 | db		type=dir mode=0755 uname=root gname=wheel
177 | host.random	type=file mode=0600 uname=root gname=wheel optional
178 | kvm_bsd.db	type=file mode=0640 uname=root gname=kmem
179 | ..	#var/db
180 | log		type=dir mode=0755 uname=root gname=wheel
181 | authlog		type=file mode=0640 uname=root gname=wheel
182 | secure		type=file mode=0600 uname=root gname=wheel
183 | wtmp		type=file mode=0644 uname=root gname=wheel
184 | lastlog		type=file mode=0644 uname=root gname=wheel
185 | ..	#var/log
186 | mail		type=dir mode=0755 uname=root gname=wheel ignore
187 | ..	#var/mail
188 | nsd		type=dir mode=0755 uname=root gname=wheel
189 | etc		type=dir mode=0750 uname=root gname=_nsd
190 | ..	#var/nsd/etc
191 | ..	#var/nsd
192 | run		type=dir mode=0755 uname=root gname=wheel
193 | utmp		type=file mode=0664 uname=root gname=utmp
194 | ..	#var/run
195 | spool		type=dir mode=0755 uname=root gname=wheel
196 | ftp		type=dir mode=0555 uname=root gname=wheel optional
197 | bin		type=dir mode=0511 uname=root gname=wheel optional
198 | ..	#var/spool/ftp/bin
199 | etc		type=dir mode=0511 uname=root gname=wheel optional
200 | group		type=file mode=0444 uname=root gname=wheel optional
201 | localtime	type=file mode=0444 uname=root gname=wheel optional
202 | master.passwd	type=file mode=0400 uname=root gname=wheel optional
203 | spwd.db		type=file mode=0400 uname=root gname=wheel optional
204 | motd		type=file mode=0444 uname=root gname=wheel optional
205 | passwd		type=file mode=0444 uname=root gname=wheel optional
206 | pwd.db		type=file mode=0444 uname=root gname=wheel optional
207 | ..	#var/spool/ftp/etc
208 | hidden		type=dir mode=0111 uname=root gname=wheel optional ignore
209 | ..	#var/spool/ftp/hidden
210 | pub		type=dir mode=0555 uname=root gname=wheel optional ignore
211 | ..	#var/spool/ftp/pub
212 | ..	#var/spool/ftp
213 | output		type=dir mode=0755 uname=root gname=wheel ignore
214 | ..	#var/spool/output
215 | ..	#var/spool
216 | 


--------------------------------------------------------------------------------
/src/etc/myname:
--------------------------------------------------------------------------------
1 | kibble.bongo.zone
2 | 


--------------------------------------------------------------------------------
/src/etc/newsyslog.conf:
--------------------------------------------------------------------------------
 1 | #	$OpenBSD: newsyslog.conf,v 1.36 2016/12/27 09:17:52 jca Exp $
 2 | #
 3 | # configuration file for newsyslog
 4 | #
 5 | # logfile_name		owner:group     mode count size when  flags
 6 | /var/cron/log		root:wheel	600  3     10   *     Z
 7 | /var/log/authlog	root:wheel	640  7     *    168   Z
 8 | /var/log/daemon				640  5     300  *     Z
 9 | /var/log/lpd-errs			640  7     10   *     Z
10 | /var/log/maillog			640  7     *    24    Z
11 | /var/log/messages			644  5     300  *     Z
12 | /var/log/secure				600  7     *    168   Z
13 | /var/log/wtmp				644  7     *    $W6D4 B
14 | /var/log/xferlog			640  7     250  *     Z
15 | /var/log/pflog				600  3     250  *     ZB "pkill -HUP -u root -U root -t - -x pflogd"
16 | /var/www/logs/access.log		644  4     *    $W0   Z "pkill -USR1 -u root -U root -x httpd"
17 | /var/www/logs/error.log			644  7     250  *     Z "pkill -USR1 -u root -U root -x httpd"
18 | /var/log/nycmesh-lbe-1659 640  5     300  *     Z
19 | 


--------------------------------------------------------------------------------
/src/etc/pf.conf:
--------------------------------------------------------------------------------
 1 | #	$OpenBSD: pf.conf,v 1.55 2017/12/03 20:40:04 sthen Exp $
 2 | #
 3 | # See pf.conf(5) and /etc/examples/pf.conf
 4 | 
 5 | set skip on lo
 6 | 
 7 | egress_if = vether2
 8 | border_if = vlan2
 9 | capped_if = vlan0
10 | guest_if = vether1
11 | netblock = "10.70.145.0/24"
12 | trusted = "10.70.145.1 - 10.70.145.63"
13 | dmz = "10.70.145.1 - 10.70.145.23"
14 | infrastructure = "10.70.145.24 - 10.70.145.39"
15 | harden = "10.70.145.8 - 10.70.145.23"
16 | mz = "10.70.145.24 - 10.70.145.63"
17 | untrusted = "10.70.145.224/27"
18 | vms = "10.70.145.192/27"
19 | world_ip = "199.167.59.73"
20 | us2 =  $world_ip 
21 | badports = "{ kerberos-sec, vnc, bootps, bootpc, netbios-ns, epmap, netbios-dgm, netbios-ssn, snmp, snmp-trap, microsoft-ds, dhcpv6-client, dhcpv6-server, afpovertcp, mdns, mdnsresponder, syslog }"
22 | mediaserver = "10.70.145.25" # jansky
23 | 
24 | # host plex.tv | grep addr|cut -f 4 -d ' ' | xargs
25 | # host portcheck.transmissionbt.com 
26 | #whatismyip = "{ 87.98.162.88, 54.76.102.118, 52.30.248.117, 54.246.140.185, 54.154.115.144, 52.16.193.193, 54.72.69.247, 54.77.150.142, 63.32.153.75, 63.32.24.1 }"
27 | whatismyip = "{ 54.171.147.115, 54.154.198.3, 54.76.255.232, 52.18.254.79, 52.16.101.236, 54.171.5.253, 52.31.211.151, 63.32.177.143 }"
28 | 
29 | set loginterface $border_if
30 | 
31 | # simple captive portal without a weird SUID script
32 | table <guests> persist 
33 | 
34 | # workaround "2018/08/02 - Error on invalid queue definitions in pf.conf(5)"
35 | queue rootq on $border_if bandwidth 65M max 65M
36 |   queue std parent rootq bandwidth 15M flows 256 qlimit 256 default
37 |   queue http parent rootq bandwidth 15M burst 55M for 200ms flows 256 qlimit 256
38 |   queue ssh parent rootq bandwidth 20M 
39 |     queue ssh_interactive parent ssh bandwidth 10M min 5M flows 50
40 |     queue ssh_bulk parent ssh bandwidth 10M flows 256
41 |   queue low parent rootq bandwidth 5M
42 |     queue bulk parent low bandwidth 10K flows 512 qlimit 1024
43 |     queue untrusted parent low bandwidth 2M max 5M burst 20M for 200ms flows 50 qlimit 50
44 | 
45 | queue capped on $capped_if bandwidth 5M max 100M
46 |   queue untrusted parent capped bandwidth 5M max 5M burst 100M for 200ms flows 50 qlimit 50 default
47 | 
48 | pass quick on $egress_if proto ospf 
49 | #match inet from $medeiaserver to {!(lan:network), !(egress) } \
50 | #  tag BULK
51 | #match inet from {!(lan:network), !(egress) } to $mediaserver \
52 | #  tag BULK
53 | match proto tcp from $mediaserver port = 32400 to {!(lan:network), !(egress) } tag PLEX set queue std
54 | match proto tcp from {!(lan:network), !(egress) } to $mediaserver port = 32400 tag PLEX set queue std
55 | match from $untrusted to any \
56 |   tag UNTRUSTED
57 | match from any to $untrusted \
58 |   tag UNTRUSTED
59 | 
60 | match out inet proto tcp from any to any port {80, 443} \
61 |   set queue http
62 | match inet proto tcp from any to any port 22 \
63 |   set queue(ssh_bulk, ssh_interactive) 
64 | match inet proto tcp from any to any port 5900:5910 \
65 |   set queue(ssh_interactive) # vnc
66 | match inet proto udp from any to any port 60000:61000 \
67 |   set queue(ssh_interactive) # mosh 
68 | match tagged UNTRUSTED \
69 |   set queue(untrusted) 
70 | 
71 | pass		# establish keep-state
72 | 
73 | # Old NAT
74 | pass out on $egress_if inet from any to any nat-to ($egress_if:0)
75 | #pass out on $egress_if inet from (trusted:network) to !(egress) nat-to 10.70.130.139
76 | #pass out on $egress_if inet from (trusted:network) to 192.168.1.0/24  nat-to 192.168.1.2
77 | #pass out on urtwn0 inet from (trusted:network) to !$netblock nat-to (urtwn0)
78 | 


--------------------------------------------------------------------------------
/src/etc/rc.conf.local:
--------------------------------------------------------------------------------
 1 | #bgpd_flags=-v
 2 | apmd_flags=
 3 | arpwatch_flags="-i vether0"
 4 | dhcpd_flags="vether0 vether1 vether3"
 5 | hotplugd_flags=
 6 | httpd_flags=
 7 | iked_flags=
 8 | multicast=YES
 9 | ntpd_flags=-s
10 | pkg_scripts=miniupnpd arpwatch sshguard
11 | relayd_flags=
12 | slowcgi_flags=
13 | snmpd_flags=
14 | sshguard_flags=-l /var/log/authlog -p 1800 -s 7200 -w 68.175.125.234/16 -w 10.70.145.0/24 -b 80:/var/db/sshguard/blacklist.db
15 | syslogd_flags=-u
16 | unbound_flags=
17 | vmd_flags=
18 | 


--------------------------------------------------------------------------------
/src/etc/relayd.conf:
--------------------------------------------------------------------------------
 1 | log state changes
 2 | 
 3 | timeout 2000
 4 | interval 3
 5 | #table <dns-servers> { 10.70.145.194 ip ttl 1 retry 0 } 
 6 | table <dns-servers> { nycmesh-dns.bongo.zone ip ttl 1 retry 0 } 
 7 | router "anycast-dns" { 
 8 | 	route 10.10.10.10/32
 9 | 	#forward to <dns-servers> check icmp
10 |   forward to <dns-servers> check script "/usr/local/bin/mesh-dns-health-check.sh"
11 |   rtlabel export
12 | }
13 | 


--------------------------------------------------------------------------------
/src/etc/resolv.conf:
--------------------------------------------------------------------------------
1 | lookup file bind
2 | nameserver 127.0.0.1
3 | nameserver 10.70.131.129
4 | nameserver 10.10.10.10
5 | 


--------------------------------------------------------------------------------
/src/etc/resolv.conf.tail:
--------------------------------------------------------------------------------
1 | lookup file bind
2 | nameserver 127.0.0.1
3 | #nameserver 10.70.131.129
4 | #nameserver 10.10.10.10
5 | 


--------------------------------------------------------------------------------
/src/etc/rsnapshot.conf:
--------------------------------------------------------------------------------
  1 | #################################################
  2 | # rsnapshot.conf - rsnapshot configuration file #
  3 | #################################################
  4 | #                                               #
  5 | # PLEASE BE AWARE OF THE FOLLOWING RULE:        #
  6 | #                                               #
  7 | # This file requires tabs between elements      #
  8 | #                                               #
  9 | #################################################
 10 | 
 11 | #######################
 12 | # CONFIG FILE VERSION #
 13 | #######################
 14 | 
 15 | config_version	1.2
 16 | 
 17 | ###########################
 18 | # SNAPSHOT ROOT DIRECTORY #
 19 | ###########################
 20 | 
 21 | # All snapshots will be stored under this root directory.
 22 | #
 23 | snapshot_root	/snapshots/rsnapshot
 24 | 
 25 | # If no_create_root is enabled, rsnapshot will not automatically create the
 26 | # snapshot_root directory. This is particularly useful if you are backing
 27 | # up to removable media, such as a FireWire or USB drive.
 28 | #
 29 | no_create_root	1
 30 | 
 31 | #################################
 32 | # EXTERNAL PROGRAM DEPENDENCIES #
 33 | #################################
 34 | 
 35 | # LINUX USERS:   Be sure to uncomment "cmd_cp". This gives you extra features.
 36 | # EVERYONE ELSE: Leave "cmd_cp" commented out for compatibility.
 37 | #
 38 | # See the README file or the man page for more details.
 39 | #
 40 | #cmd_cp		/bin/cp
 41 | 
 42 | # uncomment this to use the rm program instead of the built-in perl routine.
 43 | #
 44 | cmd_rm		/bin/rm
 45 | 
 46 | # rsync must be enabled for anything to work. This is the only command that
 47 | # must be enabled.
 48 | #
 49 | cmd_rsync	/usr/local/bin/rsync
 50 | 
 51 | # Uncomment this to enable remote ssh backups over rsync.
 52 | #
 53 | cmd_ssh	/usr/bin/ssh
 54 | 
 55 | # Comment this out to disable syslog support.
 56 | #
 57 | cmd_logger	/usr/bin/logger
 58 | 
 59 | # Uncomment this to specify the path to "du" for disk usage checks.
 60 | # If you have an older version of "du", you may also want to check the
 61 | # "du_args" parameter below.
 62 | #
 63 | #cmd_du		/usr/bin/du
 64 | 
 65 | # Uncomment this to specify the path to rsnapshot-diff.
 66 | #
 67 | #cmd_rsnapshot_diff	/usr/local/bin/rsnapshot-diff
 68 | 
 69 | # Specify the path to a script (and any optional arguments) to run right
 70 | # before rsnapshot syncs files
 71 | #
 72 | #cmd_preexec	/path/to/preexec/script
 73 | 
 74 | # Specify the path to a script (and any optional arguments) to run right
 75 | # after rsnapshot syncs files
 76 | #
 77 | #cmd_postexec	/path/to/postexec/script
 78 | 
 79 | # Paths to lvcreate, lvremove, mount and umount commands, for use with
 80 | # Linux LVMs.
 81 | #
 82 | #linux_lvm_cmd_lvcreate	/path/to/lvcreate
 83 | #linux_lvm_cmd_lvremove	/path/to/lvremove
 84 | #linux_lvm_cmd_mount	/sbin/mount
 85 | #linux_lvm_cmd_umount	/sbin/umount
 86 | 
 87 | #########################################
 88 | #     BACKUP LEVELS / INTERVALS         #
 89 | # Must be unique and in ascending order #
 90 | # e.g. alpha, beta, gamma, etc.         #
 91 | #########################################
 92 | 
 93 | #retain	alpha	6
 94 | #retain	beta	7
 95 | #retain	gamma	4
 96 | #retain	delta	3
 97 | interval	hourly	24
 98 | interval	daily	7
 99 | interval	weekly	4
100 | interval	monthly	36
101 | 
102 | ############################################
103 | #              GLOBAL OPTIONS              #
104 | # All are optional, with sensible defaults #
105 | ############################################
106 | 
107 | # Verbose level, 1 through 5.
108 | # 1     Quiet           Print fatal errors only
109 | # 2     Default         Print errors and warnings only
110 | # 3     Verbose         Show equivalent shell commands being executed
111 | # 4     Extra Verbose   Show extra verbose information
112 | # 5     Debug mode      Everything
113 | #
114 | verbose		2
115 | 
116 | # Same as "verbose" above, but controls the amount of data sent to the
117 | # logfile, if one is being used. The default is 3.
118 | #
119 | loglevel	3
120 | 
121 | # If you enable this, data will be written to the file you specify. The
122 | # amount of data written is controlled by the "loglevel" parameter.
123 | #
124 | logfile	/var/log/rsnapshot
125 | 
126 | # If enabled, rsnapshot will write a lockfile to prevent two instances
127 | # from running simultaneously (and messing up the snapshot_root).
128 | # If you enable this, make sure the lockfile directory is not world
129 | # writable. Otherwise anyone can prevent the program from running.
130 | #
131 | lockfile	/var/run/rsnapshot.pid
132 | 
133 | # By default, rsnapshot check lockfile, check if PID is running
134 | # and if not, consider lockfile as stale, then start
135 | # Enabling this stop rsnapshot if PID in lockfile is not running
136 | #
137 | #stop_on_stale_lockfile		0
138 | 
139 | # Default rsync args. All rsync commands have at least these options set.
140 | #
141 | #rsync_short_args	-a
142 | #rsync_long_args	--delete --numeric-ids --relative --delete-excluded
143 | 
144 | # ssh has no args passed by default, but you can specify some here.
145 | #
146 | #ssh_args	-p 22
147 | 
148 | # Default arguments for the "du" program (for disk space reporting).
149 | # The GNU version of "du" is preferred. See the man page for more details.
150 | # If your version of "du" doesn't support the -h flag, try -k flag instead.
151 | #
152 | #du_args	-csh
153 | 
154 | # If this is enabled, rsync won't span filesystem partitions within a
155 | # backup point. This essentially passes the -x option to rsync.
156 | # The default is 0 (off).
157 | #
158 | #one_fs		0
159 | 
160 | # The include and exclude parameters, if enabled, simply get passed directly
161 | # to rsync. If you have multiple include/exclude patterns, put each one on a
162 | # separate line. Please look up the --include and --exclude options in the
163 | # rsync man page for more details on how to specify file name patterns. 
164 | # 
165 | #include	???
166 | #include	???
167 | #exclude	???
168 | #exclude	???
169 | exclude	.cache/
170 | 
171 | # The include_file and exclude_file parameters, if enabled, simply get
172 | # passed directly to rsync. Please look up the --include-from and
173 | # --exclude-from options in the rsync man page for more details.
174 | #
175 | #include_file	/path/to/include/file
176 | #exclude_file	/path/to/exclude/file
177 | 
178 | # If your version of rsync supports --link-dest, consider enabling this.
179 | # This is the best way to support special files (FIFOs, etc) cross-platform.
180 | # The default is 0 (off).
181 | #
182 | link_dest	1
183 | 
184 | # When sync_first is enabled, it changes the default behaviour of rsnapshot.
185 | # Normally, when rsnapshot is called with its lowest interval
186 | # (i.e.: "rsnapshot alpha"), it will sync files AND rotate the lowest
187 | # intervals. With sync_first enabled, "rsnapshot sync" handles the file sync,
188 | # and all interval calls simply rotate files. See the man page for more
189 | # details. The default is 0 (off).
190 | #
191 | #sync_first	0
192 | 
193 | # If enabled, rsnapshot will move the oldest directory for each interval
194 | # to [interval_name].delete, then it will remove the lockfile and delete
195 | # that directory just before it exits. The default is 0 (off).
196 | #
197 | #use_lazy_deletes	0
198 | 
199 | # Number of rsync re-tries. If you experience any network problems or
200 | # network card issues that tend to cause ssh to fail with errors like
201 | # "Corrupted MAC on input", for example, set this to a non-zero value
202 | # to have the rsync operation re-tried.
203 | #
204 | #rsync_numtries 0
205 | 
206 | # LVM parameters. Used to backup with creating lvm snapshot before backup
207 | # and removing it after. This should ensure consistency of data in some special
208 | # cases
209 | #
210 | # LVM snapshot(s) size (lvcreate --size option).
211 | #
212 | #linux_lvm_snapshotsize	100M
213 | 
214 | # Name to be used when creating the LVM logical volume snapshot(s).
215 | #
216 | #linux_lvm_snapshotname	rsnapshot
217 | 
218 | # Path to the LVM Volume Groups.
219 | #
220 | #linux_lvm_vgpath	/dev
221 | 
222 | # Mount point to use to temporarily mount the snapshot(s).
223 | #
224 | #linux_lvm_mountpath	/path/to/mount/lvm/snapshot/during/backup
225 | 
226 | ###############################
227 | ### BACKUP POINTS / SCRIPTS ###
228 | ###############################
229 | 
230 | # LOCALHOST
231 | backup	/home/jon	localhost/
232 | backup	/etc/		localhost/
233 | backup	/usr/local/	localhost/
234 | backup	/var/	localhost/
235 | backup	/root/	localhost/
236 | #backup	/var/log/rsnapshot		localhost/
237 | #backup	/etc/passwd	localhost/
238 | #backup	/home/foo/My Documents/		localhost/
239 | #backup	/foo/bar/	localhost/	one_fs=1, rsync_short_args=-urltvpog
240 | #backup_script	/usr/local/bin/backup_pgsql.sh	localhost/postgres/
241 | # You must set linux_lvm_* parameters below before using lvm snapshots
242 | #backup	lvm://vg0/xen-home/	lvm-vg0/xen-home/
243 | 
244 | # root@nycmesh-dns.bongo.zone
245 | backup	root@nycmesh-dns.bongo.zone:/etc/	nycmesh-dns/
246 | backup	root@nycmesh-dns.bongo.zone:/var/	nycmesh-dns/
247 | backup	root@nycmesh-dns.bongo.zone:/root/	nycmesh-dns/
248 | 
249 | # EXAMPLE.COM
250 | #backup_exec	/bin/date "+ backup of example.com started at %c"
251 | #backup	root@example.com:/home/	example.com/	+rsync_long_args=--bwlimit=16,exclude=core
252 | #backup	root@example.com:/etc/	example.com/	exclude=mtab,exclude=core
253 | #backup_exec	ssh root@example.com "mysqldump -A > /var/db/dump/mysql.sql"
254 | #backup	root@example.com:/var/db/dump/	example.com/
255 | #backup_exec	/bin/date "+ backup of example.com ended at %c"
256 | 
257 | # CVS.SOURCEFORGE.NET
258 | #backup_script	/usr/local/bin/backup_rsnapshot_cvsroot.sh	rsnapshot.cvs.sourceforge.net/
259 | 
260 | # RSYNC.SAMBA.ORG
261 | #backup	rsync://rsync.samba.org/rsyncftp/	rsync.samba.org/rsyncftp/
262 | 


--------------------------------------------------------------------------------
/src/etc/snmpd.conf:
--------------------------------------------------------------------------------
 1 | # $OpenBSD: snmpd.conf,v 1.1 2014/07/11 21:20:10 deraadt Exp $
 2 | 
 3 | listen_addr="10.70.145.193"
 4 | listen_addr2="10.70.145.1"
 5 | 
 6 | # Restrict daemon to listen on localhost only
 7 | listen on $listen_addr
 8 | listen on $listen_addr2
 9 | 
10 | read-write disabled
11 | 
12 | # Specify a number of trap receivers
13 | #trap receiver nms.localdomain.local
14 | 
15 | # Adjust the local system information
16 | #system contact "Charlie Root (root@myhost.example.com)"
17 | system description "Powered by OpenBSD"
18 | #system location "Rack A1-24, Room 13"
19 | system services 74
20 | 
21 | # Provide static user-defined SNMP OIDs
22 | oid 1.3.6.1.4.1.30155.42.3.1 name testStringValue read-only string "Test"
23 | oid 1.3.6.1.4.1.30155.42.3.4 name testIntValue read-write integer 1
24 | 
25 | # Enable SNMPv3 USM with authentication, encryption and two defined users
26 | #seclevel enc
27 | #user "user1" authkey "password123" enc aes enckey "321drowssap"
28 | #user "user2" authkey "password456" enckey "654drowssap"
29 | 


--------------------------------------------------------------------------------
/src/etc/ssh/sshd_config:
--------------------------------------------------------------------------------
 1 | #	$OpenBSD: sshd_config,v 1.102 2018/02/16 02:32:40 djm Exp $
 2 | 
 3 | # This is the sshd server system-wide configuration file.  See
 4 | # sshd_config(5) for more information.
 5 | 
 6 | # The strategy used for options in the default sshd_config shipped with
 7 | # OpenSSH is to specify options with their default value where
 8 | # possible, but leave them commented.  Uncommented options override the
 9 | # default value.
10 | 
11 | #Port 22
12 | #AddressFamily any
13 | #ListenAddress 0.0.0.0
14 | #ListenAddress ::
15 | 
16 | #HostKey /etc/ssh/ssh_host_rsa_key
17 | #HostKey /etc/ssh/ssh_host_ecdsa_key
18 | #HostKey /etc/ssh/ssh_host_ed25519_key
19 | 
20 | # Ciphers and keying
21 | #RekeyLimit default none
22 | 
23 | # Logging
24 | #SyslogFacility AUTH
25 | #LogLevel INFO
26 | 
27 | # Authentication:
28 | 
29 | #LoginGraceTime 2m
30 | PermitRootLogin prohibit-password
31 | #StrictModes yes
32 | #MaxAuthTries 6
33 | #MaxSessions 10
34 | 
35 | #PubkeyAuthentication yes
36 | 
37 | # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
38 | # but this is overridden so installations will only check .ssh/authorized_keys
39 | AuthorizedKeysFile	.ssh/authorized_keys
40 | 
41 | #AuthorizedPrincipalsFile none
42 | 
43 | #AuthorizedKeysCommand none
44 | #AuthorizedKeysCommandUser nobody
45 | 
46 | # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
47 | #HostbasedAuthentication no
48 | # Change to yes if you don't trust ~/.ssh/known_hosts for
49 | # HostbasedAuthentication
50 | #IgnoreUserKnownHosts no
51 | # Don't read the user's ~/.rhosts and ~/.shosts files
52 | #IgnoreRhosts yes
53 | 
54 | # To disable tunneled clear text passwords, change to no here!
55 | #PasswordAuthentication yes
56 | #PermitEmptyPasswords no
57 | 
58 | # Change to no to disable s/key passwords
59 | #ChallengeResponseAuthentication yes
60 | 
61 | #AllowAgentForwarding yes
62 | #AllowTcpForwarding yes
63 | #GatewayPorts no
64 | #X11Forwarding no
65 | #X11DisplayOffset 10
66 | #X11UseLocalhost yes
67 | #PermitTTY yes
68 | #PrintMotd yes
69 | #PrintLastLog yes
70 | #TCPKeepAlive yes
71 | #UseLogin no
72 | #PermitUserEnvironment no
73 | #Compression delayed
74 | #ClientAliveInterval 0
75 | #ClientAliveCountMax 3
76 | #UseDNS no
77 | #PidFile /var/run/sshd.pid
78 | #MaxStartups 10:30:100
79 | #PermitTunnel no
80 | #ChrootDirectory none
81 | #VersionAddendum none
82 | 
83 | # no default banner path
84 | #Banner none
85 | 
86 | # override default of no subsystems
87 | Subsystem	sftp	/usr/libexec/sftp-server
88 | 
89 | # Example of overriding settings on a per-user basis
90 | #Match User anoncvs
91 | #	X11Forwarding no
92 | #	AllowTcpForwarding no
93 | #	PermitTTY no
94 | #	ForceCommand cvs server
95 | 


--------------------------------------------------------------------------------
/src/etc/sysctl.conf:
--------------------------------------------------------------------------------
1 | hw.perfpolicy=auto
2 | net.inet.ip.forwarding=1
3 | net.inet.ip.mforwarding=1
4 | net.inet.esp.enable=1
5 | net.inet.ah.enable=1
6 | net.inet.ipcomp.enable=1
7 | net.inet6.ip6.forwarding=1
8 | net.inet6.ip6.mforwarding=1
9 | 


--------------------------------------------------------------------------------
/src/etc/syslog.conf:
--------------------------------------------------------------------------------
 1 | #	$OpenBSD: syslog.conf,v 1.20 2016/12/27 13:38:14 jca Exp $
 2 | 
 3 | # Log everything coming from antenna to a separate file. 
 4 | ++nycmesh-lbe-1659.bongo.zone
 5 | *.*              /var/log/nycmesh-lbe-1659
 6 | +*
 7 | 
 8 | *.notice;auth,authpriv,cron,ftp,kern,lpr,mail,user.none	/var/log/messages
 9 | kern.debug;syslog,user.info				/var/log/messages
10 | auth.info						/var/log/authlog
11 | authpriv.debug						/var/log/secure
12 | cron.info						/var/cron/log
13 | daemon.info						/var/log/daemon
14 | ftp.info						/var/log/xferlog
15 | lpr.debug						/var/log/lpd-errs
16 | mail.info						/var/log/maillog
17 | 
18 | # Uncomment this line to send "important" messages to the system
19 | # console: be aware that this could create lots of output.
20 | #*.err;auth.notice;authpriv.none;kern.debug;mail.crit	/dev/console
21 | 
22 | # Uncomment this to have all messages of notice level and higher
23 | # as well as all authentication messages sent to root.
24 | #*.notice;auth.debug					root
25 | 
26 | # Everyone gets emergency messages.
27 | #*.emerg							*
28 | 
29 | # Uncomment to log to a central host named "loghost".  You need to run
30 | # syslogd with the -u option on the remote host if you are using this.
31 | # (This is also required to log info from things like routers and
32 | # ISDN-equipment).  If you run -u, you are vulnerable to syslog bombing,
33 | # and should consider blocking external syslog packets.
34 | #*.notice;auth,authpriv,cron,ftp,kern,lpr,mail,user.none	@loghost
35 | #auth,daemon,syslog,user.info;authpriv,kern.debug		@loghost
36 | 
37 | # Uncomment to log messages from doas(1) to its own log file.  Matches are done
38 | # based on the program name.
39 | # Program-specific logs:
40 | #!doas
41 | #*.*							/var/log/doas
42 | 


--------------------------------------------------------------------------------
/src/etc/ttys:
--------------------------------------------------------------------------------
   1 | #
   2 | #	$OpenBSD: ttys,v 1.2 2008/01/09 17:39:42 miod Exp $
   3 | #
   4 | # name	getty				type	status		comments
   5 | #
   6 | console	"/usr/libexec/getty std.9600"	vt220	off secure
   7 | ttyC0	"/usr/libexec/getty std.9600"	pccon	on  secure
   8 | ttyC1	"/usr/libexec/getty std.9600"	pccon	on  secure
   9 | ttyC2	"/usr/libexec/getty std.9600"	pccon	on  secure
  10 | ttyC3	"/usr/libexec/getty std.9600"	pccon	on  secure
  11 | ttyC4	"/usr/libexec/getty std.9600"	pccon	off secure
  12 | ttyC5	"/usr/libexec/getty std.9600"	pccon	on  secure
  13 | ttyC6	"/usr/libexec/getty std.9600"	pccon	off secure
  14 | ttyC7	"/usr/libexec/getty std.9600"	pccon	off secure
  15 | ttyC8	"/usr/libexec/getty std.9600"	pccon	off secure
  16 | ttyC9	"/usr/libexec/getty std.9600"	pccon	off secure
  17 | ttyCa	"/usr/libexec/getty std.9600"	pccon	off secure
  18 | ttyCb	"/usr/libexec/getty std.9600"	pccon	off secure
  19 | tty00	"/usr/libexec/getty std.9600"	unknown off
  20 | tty01	"/usr/libexec/getty std.9600"	unknown off
  21 | tty02	"/usr/libexec/getty std.9600"	unknown off
  22 | tty03	"/usr/libexec/getty std.9600"	unknown off
  23 | tty04	"/usr/libexec/getty std.9600"	unknown off
  24 | tty05	"/usr/libexec/getty std.9600"	unknown off
  25 | tty06	"/usr/libexec/getty std.9600"	unknown off
  26 | tty07	"/usr/libexec/getty std.9600"	unknown off
  27 | ttyp0	none				network
  28 | ttyp1	none				network
  29 | ttyp2	none				network
  30 | ttyp3	none				network
  31 | ttyp4	none				network
  32 | ttyp5	none				network
  33 | ttyp6	none				network
  34 | ttyp7	none				network
  35 | ttyp8	none				network
  36 | ttyp9	none				network
  37 | ttypa	none				network
  38 | ttypb	none				network
  39 | ttypc	none				network
  40 | ttypd	none				network
  41 | ttype	none				network
  42 | ttypf	none				network
  43 | ttypg	none				network
  44 | ttyph	none				network
  45 | ttypi	none				network
  46 | ttypj	none				network
  47 | ttypk	none				network
  48 | ttypl	none				network
  49 | ttypm	none				network
  50 | ttypn	none				network
  51 | ttypo	none				network
  52 | ttypp	none				network
  53 | ttypq	none				network
  54 | ttypr	none				network
  55 | ttyps	none				network
  56 | ttypt	none				network
  57 | ttypu	none				network
  58 | ttypv	none				network
  59 | ttypw	none				network
  60 | ttypx	none				network
  61 | ttypy	none				network
  62 | ttypz	none				network
  63 | ttypA	none				network
  64 | ttypB	none				network
  65 | ttypC	none				network
  66 | ttypD	none				network
  67 | ttypE	none				network
  68 | ttypF	none				network
  69 | ttypG	none				network
  70 | ttypH	none				network
  71 | ttypI	none				network
  72 | ttypJ	none				network
  73 | ttypK	none				network
  74 | ttypL	none				network
  75 | ttypM	none				network
  76 | ttypN	none				network
  77 | ttypO	none				network
  78 | ttypP	none				network
  79 | ttypQ	none				network
  80 | ttypR	none				network
  81 | ttypS	none				network
  82 | ttypT	none				network
  83 | ttypU	none				network
  84 | ttypV	none				network
  85 | ttypW	none				network
  86 | ttypX	none				network
  87 | ttypY	none				network
  88 | ttypZ	none				network
  89 | ttyq0	none				network
  90 | ttyq1	none				network
  91 | ttyq2	none				network
  92 | ttyq3	none				network
  93 | ttyq4	none				network
  94 | ttyq5	none				network
  95 | ttyq6	none				network
  96 | ttyq7	none				network
  97 | ttyq8	none				network
  98 | ttyq9	none				network
  99 | ttyqa	none				network
 100 | ttyqb	none				network
 101 | ttyqc	none				network
 102 | ttyqd	none				network
 103 | ttyqe	none				network
 104 | ttyqf	none				network
 105 | ttyqg	none				network
 106 | ttyqh	none				network
 107 | ttyqi	none				network
 108 | ttyqj	none				network
 109 | ttyqk	none				network
 110 | ttyql	none				network
 111 | ttyqm	none				network
 112 | ttyqn	none				network
 113 | ttyqo	none				network
 114 | ttyqp	none				network
 115 | ttyqq	none				network
 116 | ttyqr	none				network
 117 | ttyqs	none				network
 118 | ttyqt	none				network
 119 | ttyqu	none				network
 120 | ttyqv	none				network
 121 | ttyqw	none				network
 122 | ttyqx	none				network
 123 | ttyqy	none				network
 124 | ttyqz	none				network
 125 | ttyqA	none				network
 126 | ttyqB	none				network
 127 | ttyqC	none				network
 128 | ttyqD	none				network
 129 | ttyqE	none				network
 130 | ttyqF	none				network
 131 | ttyqG	none				network
 132 | ttyqH	none				network
 133 | ttyqI	none				network
 134 | ttyqJ	none				network
 135 | ttyqK	none				network
 136 | ttyqL	none				network
 137 | ttyqM	none				network
 138 | ttyqN	none				network
 139 | ttyqO	none				network
 140 | ttyqP	none				network
 141 | ttyqQ	none				network
 142 | ttyqR	none				network
 143 | ttyqS	none				network
 144 | ttyqT	none				network
 145 | ttyqU	none				network
 146 | ttyqV	none				network
 147 | ttyqW	none				network
 148 | ttyqX	none				network
 149 | ttyqY	none				network
 150 | ttyqZ	none				network
 151 | ttyr0	none				network
 152 | ttyr1	none				network
 153 | ttyr2	none				network
 154 | ttyr3	none				network
 155 | ttyr4	none				network
 156 | ttyr5	none				network
 157 | ttyr6	none				network
 158 | ttyr7	none				network
 159 | ttyr8	none				network
 160 | ttyr9	none				network
 161 | ttyra	none				network
 162 | ttyrb	none				network
 163 | ttyrc	none				network
 164 | ttyrd	none				network
 165 | ttyre	none				network
 166 | ttyrf	none				network
 167 | ttyrg	none				network
 168 | ttyrh	none				network
 169 | ttyri	none				network
 170 | ttyrj	none				network
 171 | ttyrk	none				network
 172 | ttyrl	none				network
 173 | ttyrm	none				network
 174 | ttyrn	none				network
 175 | ttyro	none				network
 176 | ttyrp	none				network
 177 | ttyrq	none				network
 178 | ttyrr	none				network
 179 | ttyrs	none				network
 180 | ttyrt	none				network
 181 | ttyru	none				network
 182 | ttyrv	none				network
 183 | ttyrw	none				network
 184 | ttyrx	none				network
 185 | ttyry	none				network
 186 | ttyrz	none				network
 187 | ttyrA	none				network
 188 | ttyrB	none				network
 189 | ttyrC	none				network
 190 | ttyrD	none				network
 191 | ttyrE	none				network
 192 | ttyrF	none				network
 193 | ttyrG	none				network
 194 | ttyrH	none				network
 195 | ttyrI	none				network
 196 | ttyrJ	none				network
 197 | ttyrK	none				network
 198 | ttyrL	none				network
 199 | ttyrM	none				network
 200 | ttyrN	none				network
 201 | ttyrO	none				network
 202 | ttyrP	none				network
 203 | ttyrQ	none				network
 204 | ttyrR	none				network
 205 | ttyrS	none				network
 206 | ttyrT	none				network
 207 | ttyrU	none				network
 208 | ttyrV	none				network
 209 | ttyrW	none				network
 210 | ttyrX	none				network
 211 | ttyrY	none				network
 212 | ttyrZ	none				network
 213 | ttys0	none				network
 214 | ttys1	none				network
 215 | ttys2	none				network
 216 | ttys3	none				network
 217 | ttys4	none				network
 218 | ttys5	none				network
 219 | ttys6	none				network
 220 | ttys7	none				network
 221 | ttys8	none				network
 222 | ttys9	none				network
 223 | ttysa	none				network
 224 | ttysb	none				network
 225 | ttysc	none				network
 226 | ttysd	none				network
 227 | ttyse	none				network
 228 | ttysf	none				network
 229 | ttysg	none				network
 230 | ttysh	none				network
 231 | ttysi	none				network
 232 | ttysj	none				network
 233 | ttysk	none				network
 234 | ttysl	none				network
 235 | ttysm	none				network
 236 | ttysn	none				network
 237 | ttyso	none				network
 238 | ttysp	none				network
 239 | ttysq	none				network
 240 | ttysr	none				network
 241 | ttyss	none				network
 242 | ttyst	none				network
 243 | ttysu	none				network
 244 | ttysv	none				network
 245 | ttysw	none				network
 246 | ttysx	none				network
 247 | ttysy	none				network
 248 | ttysz	none				network
 249 | ttysA	none				network
 250 | ttysB	none				network
 251 | ttysC	none				network
 252 | ttysD	none				network
 253 | ttysE	none				network
 254 | ttysF	none				network
 255 | ttysG	none				network
 256 | ttysH	none				network
 257 | ttysI	none				network
 258 | ttysJ	none				network
 259 | ttysK	none				network
 260 | ttysL	none				network
 261 | ttysM	none				network
 262 | ttysN	none				network
 263 | ttysO	none				network
 264 | ttysP	none				network
 265 | ttysQ	none				network
 266 | ttysR	none				network
 267 | ttysS	none				network
 268 | ttysT	none				network
 269 | ttysU	none				network
 270 | ttysV	none				network
 271 | ttysW	none				network
 272 | ttysX	none				network
 273 | ttysY	none				network
 274 | ttysZ	none				network
 275 | ttyt0	none				network
 276 | ttyt1	none				network
 277 | ttyt2	none				network
 278 | ttyt3	none				network
 279 | ttyt4	none				network
 280 | ttyt5	none				network
 281 | ttyt6	none				network
 282 | ttyt7	none				network
 283 | ttyt8	none				network
 284 | ttyt9	none				network
 285 | ttyta	none				network
 286 | ttytb	none				network
 287 | ttytc	none				network
 288 | ttytd	none				network
 289 | ttyte	none				network
 290 | ttytf	none				network
 291 | ttytg	none				network
 292 | ttyth	none				network
 293 | ttyti	none				network
 294 | ttytj	none				network
 295 | ttytk	none				network
 296 | ttytl	none				network
 297 | ttytm	none				network
 298 | ttytn	none				network
 299 | ttyto	none				network
 300 | ttytp	none				network
 301 | ttytq	none				network
 302 | ttytr	none				network
 303 | ttyts	none				network
 304 | ttytt	none				network
 305 | ttytu	none				network
 306 | ttytv	none				network
 307 | ttytw	none				network
 308 | ttytx	none				network
 309 | ttyty	none				network
 310 | ttytz	none				network
 311 | ttytA	none				network
 312 | ttytB	none				network
 313 | ttytC	none				network
 314 | ttytD	none				network
 315 | ttytE	none				network
 316 | ttytF	none				network
 317 | ttytG	none				network
 318 | ttytH	none				network
 319 | ttytI	none				network
 320 | ttytJ	none				network
 321 | ttytK	none				network
 322 | ttytL	none				network
 323 | ttytM	none				network
 324 | ttytN	none				network
 325 | ttytO	none				network
 326 | ttytP	none				network
 327 | ttytQ	none				network
 328 | ttytR	none				network
 329 | ttytS	none				network
 330 | ttytT	none				network
 331 | ttytU	none				network
 332 | ttytV	none				network
 333 | ttytW	none				network
 334 | ttytX	none				network
 335 | ttytY	none				network
 336 | ttytZ	none				network
 337 | ttyu0	none				network
 338 | ttyu1	none				network
 339 | ttyu2	none				network
 340 | ttyu3	none				network
 341 | ttyu4	none				network
 342 | ttyu5	none				network
 343 | ttyu6	none				network
 344 | ttyu7	none				network
 345 | ttyu8	none				network
 346 | ttyu9	none				network
 347 | ttyua	none				network
 348 | ttyub	none				network
 349 | ttyuc	none				network
 350 | ttyud	none				network
 351 | ttyue	none				network
 352 | ttyuf	none				network
 353 | ttyug	none				network
 354 | ttyuh	none				network
 355 | ttyui	none				network
 356 | ttyuj	none				network
 357 | ttyuk	none				network
 358 | ttyul	none				network
 359 | ttyum	none				network
 360 | ttyun	none				network
 361 | ttyuo	none				network
 362 | ttyup	none				network
 363 | ttyuq	none				network
 364 | ttyur	none				network
 365 | ttyus	none				network
 366 | ttyut	none				network
 367 | ttyuu	none				network
 368 | ttyuv	none				network
 369 | ttyuw	none				network
 370 | ttyux	none				network
 371 | ttyuy	none				network
 372 | ttyuz	none				network
 373 | ttyuA	none				network
 374 | ttyuB	none				network
 375 | ttyuC	none				network
 376 | ttyuD	none				network
 377 | ttyuE	none				network
 378 | ttyuF	none				network
 379 | ttyuG	none				network
 380 | ttyuH	none				network
 381 | ttyuI	none				network
 382 | ttyuJ	none				network
 383 | ttyuK	none				network
 384 | ttyuL	none				network
 385 | ttyuM	none				network
 386 | ttyuN	none				network
 387 | ttyuO	none				network
 388 | ttyuP	none				network
 389 | ttyuQ	none				network
 390 | ttyuR	none				network
 391 | ttyuS	none				network
 392 | ttyuT	none				network
 393 | ttyuU	none				network
 394 | ttyuV	none				network
 395 | ttyuW	none				network
 396 | ttyuX	none				network
 397 | ttyuY	none				network
 398 | ttyuZ	none				network
 399 | ttyv0	none				network
 400 | ttyv1	none				network
 401 | ttyv2	none				network
 402 | ttyv3	none				network
 403 | ttyv4	none				network
 404 | ttyv5	none				network
 405 | ttyv6	none				network
 406 | ttyv7	none				network
 407 | ttyv8	none				network
 408 | ttyv9	none				network
 409 | ttyva	none				network
 410 | ttyvb	none				network
 411 | ttyvc	none				network
 412 | ttyvd	none				network
 413 | ttyve	none				network
 414 | ttyvf	none				network
 415 | ttyvg	none				network
 416 | ttyvh	none				network
 417 | ttyvi	none				network
 418 | ttyvj	none				network
 419 | ttyvk	none				network
 420 | ttyvl	none				network
 421 | ttyvm	none				network
 422 | ttyvn	none				network
 423 | ttyvo	none				network
 424 | ttyvp	none				network
 425 | ttyvq	none				network
 426 | ttyvr	none				network
 427 | ttyvs	none				network
 428 | ttyvt	none				network
 429 | ttyvu	none				network
 430 | ttyvv	none				network
 431 | ttyvw	none				network
 432 | ttyvx	none				network
 433 | ttyvy	none				network
 434 | ttyvz	none				network
 435 | ttyvA	none				network
 436 | ttyvB	none				network
 437 | ttyvC	none				network
 438 | ttyvD	none				network
 439 | ttyvE	none				network
 440 | ttyvF	none				network
 441 | ttyvG	none				network
 442 | ttyvH	none				network
 443 | ttyvI	none				network
 444 | ttyvJ	none				network
 445 | ttyvK	none				network
 446 | ttyvL	none				network
 447 | ttyvM	none				network
 448 | ttyvN	none				network
 449 | ttyvO	none				network
 450 | ttyvP	none				network
 451 | ttyvQ	none				network
 452 | ttyvR	none				network
 453 | ttyvS	none				network
 454 | ttyvT	none				network
 455 | ttyvU	none				network
 456 | ttyvV	none				network
 457 | ttyvW	none				network
 458 | ttyvX	none				network
 459 | ttyvY	none				network
 460 | ttyvZ	none				network
 461 | ttyw0	none				network
 462 | ttyw1	none				network
 463 | ttyw2	none				network
 464 | ttyw3	none				network
 465 | ttyw4	none				network
 466 | ttyw5	none				network
 467 | ttyw6	none				network
 468 | ttyw7	none				network
 469 | ttyw8	none				network
 470 | ttyw9	none				network
 471 | ttywa	none				network
 472 | ttywb	none				network
 473 | ttywc	none				network
 474 | ttywd	none				network
 475 | ttywe	none				network
 476 | ttywf	none				network
 477 | ttywg	none				network
 478 | ttywh	none				network
 479 | ttywi	none				network
 480 | ttywj	none				network
 481 | ttywk	none				network
 482 | ttywl	none				network
 483 | ttywm	none				network
 484 | ttywn	none				network
 485 | ttywo	none				network
 486 | ttywp	none				network
 487 | ttywq	none				network
 488 | ttywr	none				network
 489 | ttyws	none				network
 490 | ttywt	none				network
 491 | ttywu	none				network
 492 | ttywv	none				network
 493 | ttyww	none				network
 494 | ttywx	none				network
 495 | ttywy	none				network
 496 | ttywz	none				network
 497 | ttywA	none				network
 498 | ttywB	none				network
 499 | ttywC	none				network
 500 | ttywD	none				network
 501 | ttywE	none				network
 502 | ttywF	none				network
 503 | ttywG	none				network
 504 | ttywH	none				network
 505 | ttywI	none				network
 506 | ttywJ	none				network
 507 | ttywK	none				network
 508 | ttywL	none				network
 509 | ttywM	none				network
 510 | ttywN	none				network
 511 | ttywO	none				network
 512 | ttywP	none				network
 513 | ttywQ	none				network
 514 | ttywR	none				network
 515 | ttywS	none				network
 516 | ttywT	none				network
 517 | ttywU	none				network
 518 | ttywV	none				network
 519 | ttywW	none				network
 520 | ttywX	none				network
 521 | ttywY	none				network
 522 | ttywZ	none				network
 523 | ttyx0	none				network
 524 | ttyx1	none				network
 525 | ttyx2	none				network
 526 | ttyx3	none				network
 527 | ttyx4	none				network
 528 | ttyx5	none				network
 529 | ttyx6	none				network
 530 | ttyx7	none				network
 531 | ttyx8	none				network
 532 | ttyx9	none				network
 533 | ttyxa	none				network
 534 | ttyxb	none				network
 535 | ttyxc	none				network
 536 | ttyxd	none				network
 537 | ttyxe	none				network
 538 | ttyxf	none				network
 539 | ttyxg	none				network
 540 | ttyxh	none				network
 541 | ttyxi	none				network
 542 | ttyxj	none				network
 543 | ttyxk	none				network
 544 | ttyxl	none				network
 545 | ttyxm	none				network
 546 | ttyxn	none				network
 547 | ttyxo	none				network
 548 | ttyxp	none				network
 549 | ttyxq	none				network
 550 | ttyxr	none				network
 551 | ttyxs	none				network
 552 | ttyxt	none				network
 553 | ttyxu	none				network
 554 | ttyxv	none				network
 555 | ttyxw	none				network
 556 | ttyxx	none				network
 557 | ttyxy	none				network
 558 | ttyxz	none				network
 559 | ttyxA	none				network
 560 | ttyxB	none				network
 561 | ttyxC	none				network
 562 | ttyxD	none				network
 563 | ttyxE	none				network
 564 | ttyxF	none				network
 565 | ttyxG	none				network
 566 | ttyxH	none				network
 567 | ttyxI	none				network
 568 | ttyxJ	none				network
 569 | ttyxK	none				network
 570 | ttyxL	none				network
 571 | ttyxM	none				network
 572 | ttyxN	none				network
 573 | ttyxO	none				network
 574 | ttyxP	none				network
 575 | ttyxQ	none				network
 576 | ttyxR	none				network
 577 | ttyxS	none				network
 578 | ttyxT	none				network
 579 | ttyxU	none				network
 580 | ttyxV	none				network
 581 | ttyxW	none				network
 582 | ttyxX	none				network
 583 | ttyxY	none				network
 584 | ttyxZ	none				network
 585 | ttyy0	none				network
 586 | ttyy1	none				network
 587 | ttyy2	none				network
 588 | ttyy3	none				network
 589 | ttyy4	none				network
 590 | ttyy5	none				network
 591 | ttyy6	none				network
 592 | ttyy7	none				network
 593 | ttyy8	none				network
 594 | ttyy9	none				network
 595 | ttyya	none				network
 596 | ttyyb	none				network
 597 | ttyyc	none				network
 598 | ttyyd	none				network
 599 | ttyye	none				network
 600 | ttyyf	none				network
 601 | ttyyg	none				network
 602 | ttyyh	none				network
 603 | ttyyi	none				network
 604 | ttyyj	none				network
 605 | ttyyk	none				network
 606 | ttyyl	none				network
 607 | ttyym	none				network
 608 | ttyyn	none				network
 609 | ttyyo	none				network
 610 | ttyyp	none				network
 611 | ttyyq	none				network
 612 | ttyyr	none				network
 613 | ttyys	none				network
 614 | ttyyt	none				network
 615 | ttyyu	none				network
 616 | ttyyv	none				network
 617 | ttyyw	none				network
 618 | ttyyx	none				network
 619 | ttyyy	none				network
 620 | ttyyz	none				network
 621 | ttyyA	none				network
 622 | ttyyB	none				network
 623 | ttyyC	none				network
 624 | ttyyD	none				network
 625 | ttyyE	none				network
 626 | ttyyF	none				network
 627 | ttyyG	none				network
 628 | ttyyH	none				network
 629 | ttyyI	none				network
 630 | ttyyJ	none				network
 631 | ttyyK	none				network
 632 | ttyyL	none				network
 633 | ttyyM	none				network
 634 | ttyyN	none				network
 635 | ttyyO	none				network
 636 | ttyyP	none				network
 637 | ttyyQ	none				network
 638 | ttyyR	none				network
 639 | ttyyS	none				network
 640 | ttyyT	none				network
 641 | ttyyU	none				network
 642 | ttyyV	none				network
 643 | ttyyW	none				network
 644 | ttyyX	none				network
 645 | ttyyY	none				network
 646 | ttyyZ	none				network
 647 | ttyz0	none				network
 648 | ttyz1	none				network
 649 | ttyz2	none				network
 650 | ttyz3	none				network
 651 | ttyz4	none				network
 652 | ttyz5	none				network
 653 | ttyz6	none				network
 654 | ttyz7	none				network
 655 | ttyz8	none				network
 656 | ttyz9	none				network
 657 | ttyza	none				network
 658 | ttyzb	none				network
 659 | ttyzc	none				network
 660 | ttyzd	none				network
 661 | ttyze	none				network
 662 | ttyzf	none				network
 663 | ttyzg	none				network
 664 | ttyzh	none				network
 665 | ttyzi	none				network
 666 | ttyzj	none				network
 667 | ttyzk	none				network
 668 | ttyzl	none				network
 669 | ttyzm	none				network
 670 | ttyzn	none				network
 671 | ttyzo	none				network
 672 | ttyzp	none				network
 673 | ttyzq	none				network
 674 | ttyzr	none				network
 675 | ttyzs	none				network
 676 | ttyzt	none				network
 677 | ttyzu	none				network
 678 | ttyzv	none				network
 679 | ttyzw	none				network
 680 | ttyzx	none				network
 681 | ttyzy	none				network
 682 | ttyzz	none				network
 683 | ttyzA	none				network
 684 | ttyzB	none				network
 685 | ttyzC	none				network
 686 | ttyzD	none				network
 687 | ttyzE	none				network
 688 | ttyzF	none				network
 689 | ttyzG	none				network
 690 | ttyzH	none				network
 691 | ttyzI	none				network
 692 | ttyzJ	none				network
 693 | ttyzK	none				network
 694 | ttyzL	none				network
 695 | ttyzM	none				network
 696 | ttyzN	none				network
 697 | ttyzO	none				network
 698 | ttyzP	none				network
 699 | ttyzQ	none				network
 700 | ttyzR	none				network
 701 | ttyzS	none				network
 702 | ttyzT	none				network
 703 | ttyzU	none				network
 704 | ttyzV	none				network
 705 | ttyzW	none				network
 706 | ttyzX	none				network
 707 | ttyzY	none				network
 708 | ttyzZ	none				network
 709 | ttyP0	none				network
 710 | ttyP1	none				network
 711 | ttyP2	none				network
 712 | ttyP3	none				network
 713 | ttyP4	none				network
 714 | ttyP5	none				network
 715 | ttyP6	none				network
 716 | ttyP7	none				network
 717 | ttyP8	none				network
 718 | ttyP9	none				network
 719 | ttyPa	none				network
 720 | ttyPb	none				network
 721 | ttyPc	none				network
 722 | ttyPd	none				network
 723 | ttyPe	none				network
 724 | ttyPf	none				network
 725 | ttyPg	none				network
 726 | ttyPh	none				network
 727 | ttyPi	none				network
 728 | ttyPj	none				network
 729 | ttyPk	none				network
 730 | ttyPl	none				network
 731 | ttyPm	none				network
 732 | ttyPn	none				network
 733 | ttyPo	none				network
 734 | ttyPp	none				network
 735 | ttyPq	none				network
 736 | ttyPr	none				network
 737 | ttyPs	none				network
 738 | ttyPt	none				network
 739 | ttyPu	none				network
 740 | ttyPv	none				network
 741 | ttyPw	none				network
 742 | ttyPx	none				network
 743 | ttyPy	none				network
 744 | ttyPz	none				network
 745 | ttyPA	none				network
 746 | ttyPB	none				network
 747 | ttyPC	none				network
 748 | ttyPD	none				network
 749 | ttyPE	none				network
 750 | ttyPF	none				network
 751 | ttyPG	none				network
 752 | ttyPH	none				network
 753 | ttyPI	none				network
 754 | ttyPJ	none				network
 755 | ttyPK	none				network
 756 | ttyPL	none				network
 757 | ttyPM	none				network
 758 | ttyPN	none				network
 759 | ttyPO	none				network
 760 | ttyPP	none				network
 761 | ttyPQ	none				network
 762 | ttyPR	none				network
 763 | ttyPS	none				network
 764 | ttyPT	none				network
 765 | ttyPU	none				network
 766 | ttyPV	none				network
 767 | ttyPW	none				network
 768 | ttyPX	none				network
 769 | ttyPY	none				network
 770 | ttyPZ	none				network
 771 | ttyQ0	none				network
 772 | ttyQ1	none				network
 773 | ttyQ2	none				network
 774 | ttyQ3	none				network
 775 | ttyQ4	none				network
 776 | ttyQ5	none				network
 777 | ttyQ6	none				network
 778 | ttyQ7	none				network
 779 | ttyQ8	none				network
 780 | ttyQ9	none				network
 781 | ttyQa	none				network
 782 | ttyQb	none				network
 783 | ttyQc	none				network
 784 | ttyQd	none				network
 785 | ttyQe	none				network
 786 | ttyQf	none				network
 787 | ttyQg	none				network
 788 | ttyQh	none				network
 789 | ttyQi	none				network
 790 | ttyQj	none				network
 791 | ttyQk	none				network
 792 | ttyQl	none				network
 793 | ttyQm	none				network
 794 | ttyQn	none				network
 795 | ttyQo	none				network
 796 | ttyQp	none				network
 797 | ttyQq	none				network
 798 | ttyQr	none				network
 799 | ttyQs	none				network
 800 | ttyQt	none				network
 801 | ttyQu	none				network
 802 | ttyQv	none				network
 803 | ttyQw	none				network
 804 | ttyQx	none				network
 805 | ttyQy	none				network
 806 | ttyQz	none				network
 807 | ttyQA	none				network
 808 | ttyQB	none				network
 809 | ttyQC	none				network
 810 | ttyQD	none				network
 811 | ttyQE	none				network
 812 | ttyQF	none				network
 813 | ttyQG	none				network
 814 | ttyQH	none				network
 815 | ttyQI	none				network
 816 | ttyQJ	none				network
 817 | ttyQK	none				network
 818 | ttyQL	none				network
 819 | ttyQM	none				network
 820 | ttyQN	none				network
 821 | ttyQO	none				network
 822 | ttyQP	none				network
 823 | ttyQQ	none				network
 824 | ttyQR	none				network
 825 | ttyQS	none				network
 826 | ttyQT	none				network
 827 | ttyQU	none				network
 828 | ttyQV	none				network
 829 | ttyQW	none				network
 830 | ttyQX	none				network
 831 | ttyQY	none				network
 832 | ttyQZ	none				network
 833 | ttyR0	none				network
 834 | ttyR1	none				network
 835 | ttyR2	none				network
 836 | ttyR3	none				network
 837 | ttyR4	none				network
 838 | ttyR5	none				network
 839 | ttyR6	none				network
 840 | ttyR7	none				network
 841 | ttyR8	none				network
 842 | ttyR9	none				network
 843 | ttyRa	none				network
 844 | ttyRb	none				network
 845 | ttyRc	none				network
 846 | ttyRd	none				network
 847 | ttyRe	none				network
 848 | ttyRf	none				network
 849 | ttyRg	none				network
 850 | ttyRh	none				network
 851 | ttyRi	none				network
 852 | ttyRj	none				network
 853 | ttyRk	none				network
 854 | ttyRl	none				network
 855 | ttyRm	none				network
 856 | ttyRn	none				network
 857 | ttyRo	none				network
 858 | ttyRp	none				network
 859 | ttyRq	none				network
 860 | ttyRr	none				network
 861 | ttyRs	none				network
 862 | ttyRt	none				network
 863 | ttyRu	none				network
 864 | ttyRv	none				network
 865 | ttyRw	none				network
 866 | ttyRx	none				network
 867 | ttyRy	none				network
 868 | ttyRz	none				network
 869 | ttyRA	none				network
 870 | ttyRB	none				network
 871 | ttyRC	none				network
 872 | ttyRD	none				network
 873 | ttyRE	none				network
 874 | ttyRF	none				network
 875 | ttyRG	none				network
 876 | ttyRH	none				network
 877 | ttyRI	none				network
 878 | ttyRJ	none				network
 879 | ttyRK	none				network
 880 | ttyRL	none				network
 881 | ttyRM	none				network
 882 | ttyRN	none				network
 883 | ttyRO	none				network
 884 | ttyRP	none				network
 885 | ttyRQ	none				network
 886 | ttyRR	none				network
 887 | ttyRS	none				network
 888 | ttyRT	none				network
 889 | ttyRU	none				network
 890 | ttyRV	none				network
 891 | ttyRW	none				network
 892 | ttyRX	none				network
 893 | ttyRY	none				network
 894 | ttyRZ	none				network
 895 | ttyS0	none				network
 896 | ttyS1	none				network
 897 | ttyS2	none				network
 898 | ttyS3	none				network
 899 | ttyS4	none				network
 900 | ttyS5	none				network
 901 | ttyS6	none				network
 902 | ttyS7	none				network
 903 | ttyS8	none				network
 904 | ttyS9	none				network
 905 | ttySa	none				network
 906 | ttySb	none				network
 907 | ttySc	none				network
 908 | ttySd	none				network
 909 | ttySe	none				network
 910 | ttySf	none				network
 911 | ttySg	none				network
 912 | ttySh	none				network
 913 | ttySi	none				network
 914 | ttySj	none				network
 915 | ttySk	none				network
 916 | ttySl	none				network
 917 | ttySm	none				network
 918 | ttySn	none				network
 919 | ttySo	none				network
 920 | ttySp	none				network
 921 | ttySq	none				network
 922 | ttySr	none				network
 923 | ttySs	none				network
 924 | ttySt	none				network
 925 | ttySu	none				network
 926 | ttySv	none				network
 927 | ttySw	none				network
 928 | ttySx	none				network
 929 | ttySy	none				network
 930 | ttySz	none				network
 931 | ttySA	none				network
 932 | ttySB	none				network
 933 | ttySC	none				network
 934 | ttySD	none				network
 935 | ttySE	none				network
 936 | ttySF	none				network
 937 | ttySG	none				network
 938 | ttySH	none				network
 939 | ttySI	none				network
 940 | ttySJ	none				network
 941 | ttySK	none				network
 942 | ttySL	none				network
 943 | ttySM	none				network
 944 | ttySN	none				network
 945 | ttySO	none				network
 946 | ttySP	none				network
 947 | ttySQ	none				network
 948 | ttySR	none				network
 949 | ttySS	none				network
 950 | ttyST	none				network
 951 | ttySU	none				network
 952 | ttySV	none				network
 953 | ttySW	none				network
 954 | ttySX	none				network
 955 | ttySY	none				network
 956 | ttySZ	none				network
 957 | ttyT0	none				network
 958 | ttyT1	none				network
 959 | ttyT2	none				network
 960 | ttyT3	none				network
 961 | ttyT4	none				network
 962 | ttyT5	none				network
 963 | ttyT6	none				network
 964 | ttyT7	none				network
 965 | ttyT8	none				network
 966 | ttyT9	none				network
 967 | ttyTa	none				network
 968 | ttyTb	none				network
 969 | ttyTc	none				network
 970 | ttyTd	none				network
 971 | ttyTe	none				network
 972 | ttyTf	none				network
 973 | ttyTg	none				network
 974 | ttyTh	none				network
 975 | ttyTi	none				network
 976 | ttyTj	none				network
 977 | ttyTk	none				network
 978 | ttyTl	none				network
 979 | ttyTm	none				network
 980 | ttyTn	none				network
 981 | ttyTo	none				network
 982 | ttyTp	none				network
 983 | ttyTq	none				network
 984 | ttyTr	none				network
 985 | ttyTs	none				network
 986 | ttyTt	none				network
 987 | ttyTu	none				network
 988 | ttyTv	none				network
 989 | ttyTw	none				network
 990 | ttyTx	none				network
 991 | ttyTy	none				network
 992 | ttyTz	none				network
 993 | ttyTA	none				network
 994 | ttyTB	none				network
 995 | ttyTC	none				network
 996 | ttyTD	none				network
 997 | ttyTE	none				network
 998 | ttyTF	none				network
 999 | ttyTG	none				network
1000 | ttyTH	none				network
1001 | ttyTI	none				network
1002 | ttyTJ	none				network
1003 | ttyTK	none				network
1004 | ttyTL	none				network
1005 | ttyTM	none				network
1006 | ttyTN	none				network
1007 | ttyTO	none				network
1008 | ttyTP	none				network
1009 | ttyTQ	none				network
1010 | ttyTR	none				network
1011 | ttyTS	none				network
1012 | ttyTT	none				network
1013 | ttyTU	none				network
1014 | ttyTV	none				network
1015 | ttyTW	none				network
1016 | ttyTX	none				network
1017 | ttyTY	none				network
1018 | ttyTZ	none				network
1019 | 


--------------------------------------------------------------------------------
/src/etc/vm.conf:
--------------------------------------------------------------------------------
 1 | # $OpenBSD: vm.conf,v 1.8 2017/11/11 02:50:07 mlarkin Exp $
 2 | 
 3 | switch "vmnet" {
 4 | 	interface bridge3
 5 |   group "vm"
 6 | }
 7 | switch "vmnet2" {
 8 | 	interface bridge4
 9 |   group "vm"
10 | }
11 | 
12 | #
13 | # Virtual machines
14 | #
15 | 
16 | vm "nycmesh-dns" {
17 |   enable
18 |   owner jon:wheel
19 |   memory 512M
20 | 	# First disk from 'vmctl create "/home/vm/nycmesh-dns.img" -s 4G'
21 | 	disk "/home/vm/nycmesh-dns.img"
22 |   #boot "/bsd.rd" # For install
23 | 
24 | 	interface { 
25 |     switch "vmnet" 
26 |     locked lladdr 00:00:0A:46:91:C2
27 |   }
28 | }
29 | 
30 | vm "docker-jon" {
31 | #  disable
32 |   owner jon:jon
33 |   memory 2048M
34 | #  disk "/home/jon/debian/boot.img"
35 |   disk "/home/vm/docker-jon.qcow2"
36 |   interface {
37 |     group "docker-jon"
38 |     switch "vmnet"
39 |     locked lladdr 00:00:0A:46:91:C7
40 |   }
41 | }
42 | 
43 | vm "alpine1" {
44 | 	disable
45 | 	owner jon:jon
46 | 	memory 2048M
47 | 	#boot device cdrom # uncomment for install
48 | 	cdrom "/home/vm/alpine-virt-3.11.6-x86_64.iso"
49 | 	disk "/home/vm/alpine-virt1.img"
50 | 	interface {
51 | 		group "k8s"
52 | 		switch "vmnet"
53 | 		locked lladdr 00:00:0A:46:91:C3
54 | 	}
55 | }
56 | vm "alpine2" {
57 | 	disable
58 | 	owner jon:jon
59 | 	memory 2048M
60 | 	boot device cdrom # uncomment for install
61 | 	cdrom "/home/vm/alpine-virt-3.11.6-x86_64.iso"
62 | 	disk "/home/vm/alpine-virt2.img"
63 | 	interface {
64 | 		group "k8s"
65 | 		switch "vmnet"
66 | 		locked lladdr 00:00:0A:46:91:C4
67 | 	}
68 | }
69 | 


--------------------------------------------------------------------------------
/src/var/cron/tabs/root:
--------------------------------------------------------------------------------
 1 | # DO NOT EDIT THIS FILE - edit the master and reinstall.
 2 | # (/tmp/crontab.GcRoQMWnCr installed on Mon Oct  8 14:02:43 2018)
 3 | # (Cron version V5.0)
 4 | #
 5 | SHELL=/bin/sh
 6 | PATH=/bin:/sbin:/usr/bin:/usr/sbin
 7 | HOME=/var/log
 8 | #
 9 | #minute hour    mday    month   wday    command
10 | #
11 | # rotate log files every hour, if necessary
12 | 0       *       *       *       *       /usr/bin/newsyslog
13 | # send log file notifications, if necessary
14 | #1-59   *       *       *       *       /usr/bin/newsyslog -m
15 | #
16 | # do daily/weekly/monthly maintenance
17 | 30      1       *       *       *       /bin/sh /etc/daily
18 | 30      3       *       *       6       /bin/sh /etc/weekly
19 | 30      5       1       *       *       /bin/sh /etc/monthly
20 | #0      *       *       *       *       sleep $((RANDOM \% 2048)) && /usr/libexec/spamd-setup
21 | 0 * * * * /sbin/atactl /dev/sd0c smartstatus >/dev/null
22 | 
23 | # backups
24 | 5 */4 * * * /usr/bin/nice -n19 /usr/local/bin/rsnapshot hourly
25 | 30 3 * * * /usr/bin/nice -n19 /usr/local/bin/rsnapshot daily
26 | 0 3 * * 1 /usr/bin/nice -n19 /usr/local/bin/rsnapshot weekly
27 | 30 2 1 * * /usr/bin/nice -n19 /usr/local/bin/rsnapshot monthly
28 | 


--------------------------------------------------------------------------------
/src/var/unbound/etc/bongo.zone.conf:
--------------------------------------------------------------------------------
  1 | local-zone: "bongo.zone." typetransparent
  2 | local-zone: "145.70.10.in-addr.arpa." typetransparent
  3 | local-zone: "73.59.167.199.in-addr.arpa." typetransparent
  4 | local-data-ptr: "199.167.59.73 kibble.bongo.zone"
  5 | 
  6 | # 0-63 10.70.145.0/26
  7 | ## 1-7 static allocations in DMZ
  8 | local-data: "dmz.kibble.bongo.zone. 300 IN A 10.70.145.1"
  9 | local-data-ptr: "10.70.145.1 dmz.kibble.bongo.zone"
 10 | 
 11 | ## 8-23 DHCP DMZ clients 
 12 | local-data: "superstring.bongo.zone. 300 IN A 10.70.145.16"
 13 | local-data-ptr: "10.70.145.16 superstring.bongo.zone"
 14 | local-data: "hawking.bongo.zone. 300 IN A 10.70.145.17"
 15 | local-data-ptr: "10.70.145.17 hawking.bongo.zone" 
 16 | local-data: "penrose.bongo.zone. 300 IN A 10.70.145.18"
 17 | local-data-ptr: "10.70.145.18 penrose.bongo.zone" # TODO wired 
 18 | local-data: "JonsPowrBook100.bongo.zone. 300 IN A 10.70.145.19"
 19 | local-data-ptr: "10.70.145.19 JonsPowrBook100.bongo.zone" # TODO
 20 | 
 21 | ## 24-39 DHCP fixed clients (IoT, etc.)
 22 | local-data: "wired.roku.bongo.zone. 300 IN A 10.70.145.26"
 23 | local-data-ptr: "10.70.145.26 wired.roku.bongo.zone"
 24 | local-data: "steam.bongo.zone. 300 IN A 10.70.145.27"
 25 | local-data-ptr: "10.70.145.27 steam.bongo.zone"
 26 | local-data: "hubble.bongo.zone. 300 IN A 10.70.145.28"
 27 | local-data-ptr: "10.70.145.28 hubble.bongo.zone"
 28 | local-data: "belkin.bongo.zone. 300 IN A 10.70.145.29"
 29 | local-data-ptr: "10.70.145.29 belkin.bongo.zone"
 30 | local-data: "airport.bongo.zone. 300 IN A 10.70.145.30"
 31 | local-data-ptr: "10.70.145.30 airport.bongo.zone"
 32 | local-data: "discovery.bongo.zone. 300 IN A 10.70.145.31"
 33 | local-data-ptr: "10.70.145.31 discovery.bongo.zone"
 34 | local-data: "planck.bongo.zone. 300 IN A 10.70.145.32"
 35 | local-data-ptr: "10.70.145.32 planck.bongo.zone" #TODO add wired
 36 | local-data: "nycmesh-lbe-1659.bongo.zone. 300 IN A 10.70.145.33"
 37 | local-data-ptr: "10.70.145.33 nycmesh-lbe-1659.bongo.zone"
 38 | local-data: "wemo-switch.bongo.zone. 300 IN A 10.70.145.34"
 39 | local-data-ptr: "10.70.145.34 wemo-switch.bongo.zone"
 40 | local-data: "wemo-motion.bongo.zone. 300 IN A 10.70.145.35"
 41 | local-data-ptr: "10.70.145.35 wemo-motion.bongo.zone"
 42 | local-data: "nintendo.bongo.zone. 300 IN A 10.70.145.36"
 43 | local-data-ptr: "10.70.145.36 nintendo.bongo.zone"
 44 | local-data: "wifi.discovery.bongo.zone. 300 IN A 10.70.145.37"
 45 | local-data-ptr: "10.70.145.37 wifi.discovery.bongo.zone"
 46 | local-data: "nslu.bongo.zone. 300 IN A 10.70.145.38"
 47 | local-data-ptr: "10.70.145.38 nslu.bongo.zone" #TODO
 48 | local-data: "roku.bongo.zone. 300 IN A 10.70.145.39"
 49 | local-data-ptr: "10.70.145.39 roku.bongo.zone"
 50 | 
 51 | ## 40-62 DHCP Pool
 52 | 
 53 | # 64 - 79 10.70.145.64/28 VPN
 54 | ## 65 to 78 VPN Pool
 55 | 
 56 | # 80 - 95 10.70.145.128/28 Reserved
 57 | # 96 - 127 10.70.145.96/27 Reserved
 58 | # 128 - 191 10.70.145.128/26 Reserved
 59 | 
 60 | # 192 - 223 10.70.145.192/27 Reserved
 61 | local-data: "vm.kibble.bongo.zone 300 IN A 10.70.145.193"
 62 | local-data-ptr: "10.70.145.193 vm.kibble.bongo.zone"
 63 | 
 64 | ## 194-222 Virtual Machines (DHCP)
 65 | local-data: "nycmesh-dns.bongo.zone 300 IN A 10.70.145.194"
 66 | local-data-ptr: "10.70.145.194 nycmesh-dns.bongo.zone"
 67 | local-data: "tor.bongo.zone 300 IN A 10.70.145.195"
 68 | local-data-ptr: "10.70.145.195 tor.bongo.zone"
 69 | local-data: "jesse.bongo.zone 300 IN A 10.70.145.196"
 70 | local-data-ptr: "10.70.145.196 jesse.bongo.zone"
 71 | local-data: "jon-openbsd63.bongo.zone 300 IN A 10.70.145.197"
 72 | local-data-ptr: "10.70.145.197 jon-openbsd63.bongo.zone"
 73 | local-data: "jon-openbsd64b.bongo.zone 300 IN A 10.70.145.198"
 74 | local-data-ptr: "10.70.145.198 jon-openbsd64b.bongo.zone"
 75 | local-data: "docker-jon.bongo.zone 300 IN A 10.70.145.199"
 76 | local-data-ptr: "10.70.145.199 docker-jon.bongo.zone"
 77 | 
 78 | # 224-255 10.70.145.224/27 Guest Network
 79 | local-data: "guest.kibble.bongo.zone. 300 IN A 10.70.145.225"
 80 | local-data-ptr: "10.70.145.225 guest.kibble.bongo.zone"
 81 | ## 226-254 Guest Network DHCP
 82 | 
 83 | 
 84 | # Autogenerated records
 85 | ## ./script/unbound-gen.rb 0 63 ./src/var/unbound/etc/bongo.zone.conf mesh
 86 | local-data: "mesh-10-70-145-net.bongo.zone 300 IN A 10.70.145.0"
 87 | local-data-ptr: "10.70.145.0 mesh-10-70-145-net.bongo.zone"
 88 | #local-data: "mesh-10-70-145-1.bongo.zone 300 IN A 10.70.145.1"
 89 | #local-data-ptr: "10.70.145.1 mesh-10-70-145-1.bongo.zone"
 90 | local-data: "mesh-10-70-145-2.bongo.zone 300 IN A 10.70.145.2"
 91 | local-data-ptr: "10.70.145.2 mesh-10-70-145-2.bongo.zone"
 92 | local-data: "mesh-10-70-145-3.bongo.zone 300 IN A 10.70.145.3"
 93 | local-data-ptr: "10.70.145.3 mesh-10-70-145-3.bongo.zone"
 94 | local-data: "mesh-10-70-145-4.bongo.zone 300 IN A 10.70.145.4"
 95 | local-data-ptr: "10.70.145.4 mesh-10-70-145-4.bongo.zone"
 96 | local-data: "mesh-10-70-145-5.bongo.zone 300 IN A 10.70.145.5"
 97 | local-data-ptr: "10.70.145.5 mesh-10-70-145-5.bongo.zone"
 98 | local-data: "mesh-10-70-145-6.bongo.zone 300 IN A 10.70.145.6"
 99 | local-data-ptr: "10.70.145.6 mesh-10-70-145-6.bongo.zone"
100 | local-data: "mesh-10-70-145-7.bongo.zone 300 IN A 10.70.145.7"
101 | local-data-ptr: "10.70.145.7 mesh-10-70-145-7.bongo.zone"
102 | local-data: "mesh-10-70-145-8.bongo.zone 300 IN A 10.70.145.8"
103 | local-data-ptr: "10.70.145.8 mesh-10-70-145-8.bongo.zone"
104 | local-data: "mesh-10-70-145-9.bongo.zone 300 IN A 10.70.145.9"
105 | local-data-ptr: "10.70.145.9 mesh-10-70-145-9.bongo.zone"
106 | local-data: "mesh-10-70-145-10.bongo.zone 300 IN A 10.70.145.10"
107 | local-data-ptr: "10.70.145.10 mesh-10-70-145-10.bongo.zone"
108 | local-data: "mesh-10-70-145-11.bongo.zone 300 IN A 10.70.145.11"
109 | local-data-ptr: "10.70.145.11 mesh-10-70-145-11.bongo.zone"
110 | local-data: "mesh-10-70-145-12.bongo.zone 300 IN A 10.70.145.12"
111 | local-data-ptr: "10.70.145.12 mesh-10-70-145-12.bongo.zone"
112 | local-data: "mesh-10-70-145-13.bongo.zone 300 IN A 10.70.145.13"
113 | local-data-ptr: "10.70.145.13 mesh-10-70-145-13.bongo.zone"
114 | local-data: "mesh-10-70-145-14.bongo.zone 300 IN A 10.70.145.14"
115 | local-data-ptr: "10.70.145.14 mesh-10-70-145-14.bongo.zone"
116 | local-data: "mesh-10-70-145-15.bongo.zone 300 IN A 10.70.145.15"
117 | local-data-ptr: "10.70.145.15 mesh-10-70-145-15.bongo.zone"
118 | #local-data: "mesh-10-70-145-16.bongo.zone 300 IN A 10.70.145.16"
119 | #local-data-ptr: "10.70.145.16 mesh-10-70-145-16.bongo.zone"
120 | #local-data: "mesh-10-70-145-17.bongo.zone 300 IN A 10.70.145.17"
121 | #local-data-ptr: "10.70.145.17 mesh-10-70-145-17.bongo.zone"
122 | #local-data: "mesh-10-70-145-18.bongo.zone 300 IN A 10.70.145.18"
123 | #local-data-ptr: "10.70.145.18 mesh-10-70-145-18.bongo.zone"
124 | #local-data: "mesh-10-70-145-19.bongo.zone 300 IN A 10.70.145.19"
125 | #local-data-ptr: "10.70.145.19 mesh-10-70-145-19.bongo.zone"
126 | local-data: "mesh-10-70-145-20.bongo.zone 300 IN A 10.70.145.20"
127 | local-data-ptr: "10.70.145.20 mesh-10-70-145-20.bongo.zone"
128 | local-data: "mesh-10-70-145-21.bongo.zone 300 IN A 10.70.145.21"
129 | local-data-ptr: "10.70.145.21 mesh-10-70-145-21.bongo.zone"
130 | local-data: "mesh-10-70-145-22.bongo.zone 300 IN A 10.70.145.22"
131 | local-data-ptr: "10.70.145.22 mesh-10-70-145-22.bongo.zone"
132 | local-data: "mesh-10-70-145-23.bongo.zone 300 IN A 10.70.145.23"
133 | local-data-ptr: "10.70.145.23 mesh-10-70-145-23.bongo.zone"
134 | local-data: "mesh-10-70-145-24.bongo.zone 300 IN A 10.70.145.24"
135 | local-data-ptr: "10.70.145.24 mesh-10-70-145-24.bongo.zone"
136 | local-data: "mesh-10-70-145-25.bongo.zone 300 IN A 10.70.145.25"
137 | local-data-ptr: "10.70.145.25 mesh-10-70-145-25.bongo.zone"
138 | #local-data: "mesh-10-70-145-26.bongo.zone 300 IN A 10.70.145.26"
139 | #local-data-ptr: "10.70.145.26 mesh-10-70-145-26.bongo.zone"
140 | #local-data: "mesh-10-70-145-27.bongo.zone 300 IN A 10.70.145.27"
141 | #local-data-ptr: "10.70.145.27 mesh-10-70-145-27.bongo.zone"
142 | #local-data: "mesh-10-70-145-28.bongo.zone 300 IN A 10.70.145.28"
143 | #local-data-ptr: "10.70.145.28 mesh-10-70-145-28.bongo.zone"
144 | #local-data: "mesh-10-70-145-29.bongo.zone 300 IN A 10.70.145.29"
145 | #local-data-ptr: "10.70.145.29 mesh-10-70-145-29.bongo.zone"
146 | #local-data: "mesh-10-70-145-30.bongo.zone 300 IN A 10.70.145.30"
147 | #local-data-ptr: "10.70.145.30 mesh-10-70-145-30.bongo.zone"
148 | #local-data: "mesh-10-70-145-31.bongo.zone 300 IN A 10.70.145.31"
149 | #local-data-ptr: "10.70.145.31 mesh-10-70-145-31.bongo.zone"
150 | #local-data: "mesh-10-70-145-32.bongo.zone 300 IN A 10.70.145.32"
151 | #local-data-ptr: "10.70.145.32 mesh-10-70-145-32.bongo.zone"
152 | #local-data: "mesh-10-70-145-33.bongo.zone 300 IN A 10.70.145.33"
153 | #local-data-ptr: "10.70.145.33 mesh-10-70-145-33.bongo.zone"
154 | #local-data: "mesh-10-70-145-34.bongo.zone 300 IN A 10.70.145.34"
155 | #local-data-ptr: "10.70.145.34 mesh-10-70-145-34.bongo.zone"
156 | #local-data: "mesh-10-70-145-35.bongo.zone 300 IN A 10.70.145.35"
157 | #local-data-ptr: "10.70.145.35 mesh-10-70-145-35.bongo.zone"
158 | #local-data: "mesh-10-70-145-36.bongo.zone 300 IN A 10.70.145.36"
159 | #local-data-ptr: "10.70.145.36 mesh-10-70-145-36.bongo.zone"
160 | #local-data: "mesh-10-70-145-37.bongo.zone 300 IN A 10.70.145.37"
161 | #local-data-ptr: "10.70.145.37 mesh-10-70-145-37.bongo.zone"
162 | #local-data: "mesh-10-70-145-38.bongo.zone 300 IN A 10.70.145.38"
163 | #local-data-ptr: "10.70.145.38 mesh-10-70-145-38.bongo.zone"
164 | #local-data: "mesh-10-70-145-39.bongo.zone 300 IN A 10.70.145.39"
165 | #local-data-ptr: "10.70.145.39 mesh-10-70-145-39.bongo.zone"
166 | local-data: "mesh-10-70-145-40.bongo.zone 300 IN A 10.70.145.40"
167 | local-data-ptr: "10.70.145.40 mesh-10-70-145-40.bongo.zone"
168 | local-data: "mesh-10-70-145-41.bongo.zone 300 IN A 10.70.145.41"
169 | local-data-ptr: "10.70.145.41 mesh-10-70-145-41.bongo.zone"
170 | local-data: "mesh-10-70-145-42.bongo.zone 300 IN A 10.70.145.42"
171 | local-data-ptr: "10.70.145.42 mesh-10-70-145-42.bongo.zone"
172 | local-data: "mesh-10-70-145-43.bongo.zone 300 IN A 10.70.145.43"
173 | local-data-ptr: "10.70.145.43 mesh-10-70-145-43.bongo.zone"
174 | local-data: "mesh-10-70-145-44.bongo.zone 300 IN A 10.70.145.44"
175 | local-data-ptr: "10.70.145.44 mesh-10-70-145-44.bongo.zone"
176 | local-data: "mesh-10-70-145-45.bongo.zone 300 IN A 10.70.145.45"
177 | local-data-ptr: "10.70.145.45 mesh-10-70-145-45.bongo.zone"
178 | local-data: "mesh-10-70-145-46.bongo.zone 300 IN A 10.70.145.46"
179 | local-data-ptr: "10.70.145.46 mesh-10-70-145-46.bongo.zone"
180 | local-data: "mesh-10-70-145-47.bongo.zone 300 IN A 10.70.145.47"
181 | local-data-ptr: "10.70.145.47 mesh-10-70-145-47.bongo.zone"
182 | local-data: "mesh-10-70-145-48.bongo.zone 300 IN A 10.70.145.48"
183 | local-data-ptr: "10.70.145.48 mesh-10-70-145-48.bongo.zone"
184 | local-data: "mesh-10-70-145-49.bongo.zone 300 IN A 10.70.145.49"
185 | local-data-ptr: "10.70.145.49 mesh-10-70-145-49.bongo.zone"
186 | local-data: "mesh-10-70-145-50.bongo.zone 300 IN A 10.70.145.50"
187 | local-data-ptr: "10.70.145.50 mesh-10-70-145-50.bongo.zone"
188 | local-data: "mesh-10-70-145-51.bongo.zone 300 IN A 10.70.145.51"
189 | local-data-ptr: "10.70.145.51 mesh-10-70-145-51.bongo.zone"
190 | local-data: "mesh-10-70-145-52.bongo.zone 300 IN A 10.70.145.52"
191 | local-data-ptr: "10.70.145.52 mesh-10-70-145-52.bongo.zone"
192 | local-data: "mesh-10-70-145-53.bongo.zone 300 IN A 10.70.145.53"
193 | local-data-ptr: "10.70.145.53 mesh-10-70-145-53.bongo.zone"
194 | local-data: "mesh-10-70-145-54.bongo.zone 300 IN A 10.70.145.54"
195 | local-data-ptr: "10.70.145.54 mesh-10-70-145-54.bongo.zone"
196 | local-data: "mesh-10-70-145-55.bongo.zone 300 IN A 10.70.145.55"
197 | local-data-ptr: "10.70.145.55 mesh-10-70-145-55.bongo.zone"
198 | local-data: "mesh-10-70-145-56.bongo.zone 300 IN A 10.70.145.56"
199 | local-data-ptr: "10.70.145.56 mesh-10-70-145-56.bongo.zone"
200 | local-data: "mesh-10-70-145-57.bongo.zone 300 IN A 10.70.145.57"
201 | local-data-ptr: "10.70.145.57 mesh-10-70-145-57.bongo.zone"
202 | local-data: "mesh-10-70-145-58.bongo.zone 300 IN A 10.70.145.58"
203 | local-data-ptr: "10.70.145.58 mesh-10-70-145-58.bongo.zone"
204 | local-data: "mesh-10-70-145-59.bongo.zone 300 IN A 10.70.145.59"
205 | local-data-ptr: "10.70.145.59 mesh-10-70-145-59.bongo.zone"
206 | local-data: "mesh-10-70-145-60.bongo.zone 300 IN A 10.70.145.60"
207 | local-data-ptr: "10.70.145.60 mesh-10-70-145-60.bongo.zone"
208 | local-data: "mesh-10-70-145-61.bongo.zone 300 IN A 10.70.145.61"
209 | local-data-ptr: "10.70.145.61 mesh-10-70-145-61.bongo.zone"
210 | local-data: "mesh-10-70-145-62.bongo.zone 300 IN A 10.70.145.62"
211 | local-data-ptr: "10.70.145.62 mesh-10-70-145-62.bongo.zone"
212 | local-data: "mesh-10-70-145-all.bongo.zone 300 IN A 10.70.145.63"
213 | local-data-ptr: "10.70.145.63 mesh-10-70-145-all.bongo.zone"
214 | ## ./script/unbound-gen.rb 64 79 ./src/var/unbound/etc/bongo.zone.conf vpn
215 | local-data: "vpn-10-70-145-net.bongo.zone 300 IN A 10.70.145.64"
216 | local-data-ptr: "10.70.145.64 vpn-10-70-145-net.bongo.zone"
217 | local-data: "vpn-10-70-145-65.bongo.zone 300 IN A 10.70.145.65"
218 | local-data-ptr: "10.70.145.65 vpn-10-70-145-65.bongo.zone"
219 | local-data: "vpn-10-70-145-66.bongo.zone 300 IN A 10.70.145.66"
220 | local-data-ptr: "10.70.145.66 vpn-10-70-145-66.bongo.zone"
221 | local-data: "vpn-10-70-145-67.bongo.zone 300 IN A 10.70.145.67"
222 | local-data-ptr: "10.70.145.67 vpn-10-70-145-67.bongo.zone"
223 | local-data: "vpn-10-70-145-68.bongo.zone 300 IN A 10.70.145.68"
224 | local-data-ptr: "10.70.145.68 vpn-10-70-145-68.bongo.zone"
225 | local-data: "vpn-10-70-145-69.bongo.zone 300 IN A 10.70.145.69"
226 | local-data-ptr: "10.70.145.69 vpn-10-70-145-69.bongo.zone"
227 | local-data: "vpn-10-70-145-70.bongo.zone 300 IN A 10.70.145.70"
228 | local-data-ptr: "10.70.145.70 vpn-10-70-145-70.bongo.zone"
229 | local-data: "vpn-10-70-145-71.bongo.zone 300 IN A 10.70.145.71"
230 | local-data-ptr: "10.70.145.71 vpn-10-70-145-71.bongo.zone"
231 | local-data: "vpn-10-70-145-72.bongo.zone 300 IN A 10.70.145.72"
232 | local-data-ptr: "10.70.145.72 vpn-10-70-145-72.bongo.zone"
233 | local-data: "vpn-10-70-145-73.bongo.zone 300 IN A 10.70.145.73"
234 | local-data-ptr: "10.70.145.73 vpn-10-70-145-73.bongo.zone"
235 | local-data: "vpn-10-70-145-74.bongo.zone 300 IN A 10.70.145.74"
236 | local-data-ptr: "10.70.145.74 vpn-10-70-145-74.bongo.zone"
237 | local-data: "vpn-10-70-145-75.bongo.zone 300 IN A 10.70.145.75"
238 | local-data-ptr: "10.70.145.75 vpn-10-70-145-75.bongo.zone"
239 | local-data: "vpn-10-70-145-76.bongo.zone 300 IN A 10.70.145.76"
240 | local-data-ptr: "10.70.145.76 vpn-10-70-145-76.bongo.zone"
241 | local-data: "vpn-10-70-145-77.bongo.zone 300 IN A 10.70.145.77"
242 | local-data-ptr: "10.70.145.77 vpn-10-70-145-77.bongo.zone"
243 | local-data: "vpn-10-70-145-78.bongo.zone 300 IN A 10.70.145.78"
244 | local-data-ptr: "10.70.145.78 vpn-10-70-145-78.bongo.zone"
245 | local-data: "vpn-10-70-145-all.bongo.zone 300 IN A 10.70.145.79"
246 | local-data-ptr: "10.70.145.79 vpn-10-70-145-all.bongo.zone"
247 | ## ./script/unbound-gen.rb 80 95 ./src/var/unbound/etc/bongo.zone.conf blackhole
248 | local-data: "blackhole-10-70-145-net.bongo.zone 300 IN A 10.70.145.80"
249 | local-data-ptr: "10.70.145.80 blackhole-10-70-145-net.bongo.zone"
250 | local-data: "blackhole-10-70-145-81.bongo.zone 300 IN A 10.70.145.81"
251 | local-data-ptr: "10.70.145.81 blackhole-10-70-145-81.bongo.zone"
252 | local-data: "blackhole-10-70-145-82.bongo.zone 300 IN A 10.70.145.82"
253 | local-data-ptr: "10.70.145.82 blackhole-10-70-145-82.bongo.zone"
254 | local-data: "blackhole-10-70-145-83.bongo.zone 300 IN A 10.70.145.83"
255 | local-data-ptr: "10.70.145.83 blackhole-10-70-145-83.bongo.zone"
256 | local-data: "blackhole-10-70-145-84.bongo.zone 300 IN A 10.70.145.84"
257 | local-data-ptr: "10.70.145.84 blackhole-10-70-145-84.bongo.zone"
258 | local-data: "blackhole-10-70-145-85.bongo.zone 300 IN A 10.70.145.85"
259 | local-data-ptr: "10.70.145.85 blackhole-10-70-145-85.bongo.zone"
260 | local-data: "blackhole-10-70-145-86.bongo.zone 300 IN A 10.70.145.86"
261 | local-data-ptr: "10.70.145.86 blackhole-10-70-145-86.bongo.zone"
262 | local-data: "blackhole-10-70-145-87.bongo.zone 300 IN A 10.70.145.87"
263 | local-data-ptr: "10.70.145.87 blackhole-10-70-145-87.bongo.zone"
264 | local-data: "blackhole-10-70-145-88.bongo.zone 300 IN A 10.70.145.88"
265 | local-data-ptr: "10.70.145.88 blackhole-10-70-145-88.bongo.zone"
266 | local-data: "blackhole-10-70-145-89.bongo.zone 300 IN A 10.70.145.89"
267 | local-data-ptr: "10.70.145.89 blackhole-10-70-145-89.bongo.zone"
268 | local-data: "blackhole-10-70-145-90.bongo.zone 300 IN A 10.70.145.90"
269 | local-data-ptr: "10.70.145.90 blackhole-10-70-145-90.bongo.zone"
270 | local-data: "blackhole-10-70-145-91.bongo.zone 300 IN A 10.70.145.91"
271 | local-data-ptr: "10.70.145.91 blackhole-10-70-145-91.bongo.zone"
272 | local-data: "blackhole-10-70-145-92.bongo.zone 300 IN A 10.70.145.92"
273 | local-data-ptr: "10.70.145.92 blackhole-10-70-145-92.bongo.zone"
274 | local-data: "blackhole-10-70-145-93.bongo.zone 300 IN A 10.70.145.93"
275 | local-data-ptr: "10.70.145.93 blackhole-10-70-145-93.bongo.zone"
276 | local-data: "blackhole-10-70-145-94.bongo.zone 300 IN A 10.70.145.94"
277 | local-data-ptr: "10.70.145.94 blackhole-10-70-145-94.bongo.zone"
278 | local-data: "blackhole-10-70-145-all.bongo.zone 300 IN A 10.70.145.95"
279 | local-data-ptr: "10.70.145.95 blackhole-10-70-145-all.bongo.zone"
280 | ## ./script/unbound-gen.rb 96 127 ./src/var/unbound/etc/bongo.zone.conf blackhole
281 | local-data: "blackhole-10-70-145-net.bongo.zone 300 IN A 10.70.145.96"
282 | local-data-ptr: "10.70.145.96 blackhole-10-70-145-net.bongo.zone"
283 | local-data: "blackhole-10-70-145-97.bongo.zone 300 IN A 10.70.145.97"
284 | local-data-ptr: "10.70.145.97 blackhole-10-70-145-97.bongo.zone"
285 | local-data: "blackhole-10-70-145-98.bongo.zone 300 IN A 10.70.145.98"
286 | local-data-ptr: "10.70.145.98 blackhole-10-70-145-98.bongo.zone"
287 | local-data: "blackhole-10-70-145-99.bongo.zone 300 IN A 10.70.145.99"
288 | local-data-ptr: "10.70.145.99 blackhole-10-70-145-99.bongo.zone"
289 | local-data: "blackhole-10-70-145-100.bongo.zone 300 IN A 10.70.145.100"
290 | local-data-ptr: "10.70.145.100 blackhole-10-70-145-100.bongo.zone"
291 | local-data: "blackhole-10-70-145-101.bongo.zone 300 IN A 10.70.145.101"
292 | local-data-ptr: "10.70.145.101 blackhole-10-70-145-101.bongo.zone"
293 | local-data: "blackhole-10-70-145-102.bongo.zone 300 IN A 10.70.145.102"
294 | local-data-ptr: "10.70.145.102 blackhole-10-70-145-102.bongo.zone"
295 | local-data: "blackhole-10-70-145-103.bongo.zone 300 IN A 10.70.145.103"
296 | local-data-ptr: "10.70.145.103 blackhole-10-70-145-103.bongo.zone"
297 | local-data: "blackhole-10-70-145-104.bongo.zone 300 IN A 10.70.145.104"
298 | local-data-ptr: "10.70.145.104 blackhole-10-70-145-104.bongo.zone"
299 | local-data: "blackhole-10-70-145-105.bongo.zone 300 IN A 10.70.145.105"
300 | local-data-ptr: "10.70.145.105 blackhole-10-70-145-105.bongo.zone"
301 | local-data: "blackhole-10-70-145-106.bongo.zone 300 IN A 10.70.145.106"
302 | local-data-ptr: "10.70.145.106 blackhole-10-70-145-106.bongo.zone"
303 | local-data: "blackhole-10-70-145-107.bongo.zone 300 IN A 10.70.145.107"
304 | local-data-ptr: "10.70.145.107 blackhole-10-70-145-107.bongo.zone"
305 | local-data: "blackhole-10-70-145-108.bongo.zone 300 IN A 10.70.145.108"
306 | local-data-ptr: "10.70.145.108 blackhole-10-70-145-108.bongo.zone"
307 | local-data: "blackhole-10-70-145-109.bongo.zone 300 IN A 10.70.145.109"
308 | local-data-ptr: "10.70.145.109 blackhole-10-70-145-109.bongo.zone"
309 | local-data: "blackhole-10-70-145-110.bongo.zone 300 IN A 10.70.145.110"
310 | local-data-ptr: "10.70.145.110 blackhole-10-70-145-110.bongo.zone"
311 | local-data: "blackhole-10-70-145-111.bongo.zone 300 IN A 10.70.145.111"
312 | local-data-ptr: "10.70.145.111 blackhole-10-70-145-111.bongo.zone"
313 | local-data: "blackhole-10-70-145-112.bongo.zone 300 IN A 10.70.145.112"
314 | local-data-ptr: "10.70.145.112 blackhole-10-70-145-112.bongo.zone"
315 | local-data: "blackhole-10-70-145-113.bongo.zone 300 IN A 10.70.145.113"
316 | local-data-ptr: "10.70.145.113 blackhole-10-70-145-113.bongo.zone"
317 | local-data: "blackhole-10-70-145-114.bongo.zone 300 IN A 10.70.145.114"
318 | local-data-ptr: "10.70.145.114 blackhole-10-70-145-114.bongo.zone"
319 | local-data: "blackhole-10-70-145-115.bongo.zone 300 IN A 10.70.145.115"
320 | local-data-ptr: "10.70.145.115 blackhole-10-70-145-115.bongo.zone"
321 | local-data: "blackhole-10-70-145-116.bongo.zone 300 IN A 10.70.145.116"
322 | local-data-ptr: "10.70.145.116 blackhole-10-70-145-116.bongo.zone"
323 | local-data: "blackhole-10-70-145-117.bongo.zone 300 IN A 10.70.145.117"
324 | local-data-ptr: "10.70.145.117 blackhole-10-70-145-117.bongo.zone"
325 | local-data: "blackhole-10-70-145-118.bongo.zone 300 IN A 10.70.145.118"
326 | local-data-ptr: "10.70.145.118 blackhole-10-70-145-118.bongo.zone"
327 | local-data: "blackhole-10-70-145-119.bongo.zone 300 IN A 10.70.145.119"
328 | local-data-ptr: "10.70.145.119 blackhole-10-70-145-119.bongo.zone"
329 | local-data: "blackhole-10-70-145-120.bongo.zone 300 IN A 10.70.145.120"
330 | local-data-ptr: "10.70.145.120 blackhole-10-70-145-120.bongo.zone"
331 | local-data: "blackhole-10-70-145-121.bongo.zone 300 IN A 10.70.145.121"
332 | local-data-ptr: "10.70.145.121 blackhole-10-70-145-121.bongo.zone"
333 | local-data: "blackhole-10-70-145-122.bongo.zone 300 IN A 10.70.145.122"
334 | local-data-ptr: "10.70.145.122 blackhole-10-70-145-122.bongo.zone"
335 | local-data: "blackhole-10-70-145-123.bongo.zone 300 IN A 10.70.145.123"
336 | local-data-ptr: "10.70.145.123 blackhole-10-70-145-123.bongo.zone"
337 | local-data: "blackhole-10-70-145-124.bongo.zone 300 IN A 10.70.145.124"
338 | local-data-ptr: "10.70.145.124 blackhole-10-70-145-124.bongo.zone"
339 | local-data: "blackhole-10-70-145-125.bongo.zone 300 IN A 10.70.145.125"
340 | local-data-ptr: "10.70.145.125 blackhole-10-70-145-125.bongo.zone"
341 | local-data: "blackhole-10-70-145-126.bongo.zone 300 IN A 10.70.145.126"
342 | local-data-ptr: "10.70.145.126 blackhole-10-70-145-126.bongo.zone"
343 | local-data: "blackhole-10-70-145-all.bongo.zone 300 IN A 10.70.145.127"
344 | local-data-ptr: "10.70.145.127 blackhole-10-70-145-all.bongo.zone"
345 | ## ./script/unbound-gen.rb 128 191 ./src/var/unbound/etc/bongo.zone.conf blackhole
346 | local-data: "blackhole-10-70-145-net.bongo.zone 300 IN A 10.70.145.128"
347 | local-data-ptr: "10.70.145.128 blackhole-10-70-145-net.bongo.zone"
348 | local-data: "blackhole-10-70-145-129.bongo.zone 300 IN A 10.70.145.129"
349 | local-data-ptr: "10.70.145.129 blackhole-10-70-145-129.bongo.zone"
350 | local-data: "blackhole-10-70-145-130.bongo.zone 300 IN A 10.70.145.130"
351 | local-data-ptr: "10.70.145.130 blackhole-10-70-145-130.bongo.zone"
352 | local-data: "blackhole-10-70-145-131.bongo.zone 300 IN A 10.70.145.131"
353 | local-data-ptr: "10.70.145.131 blackhole-10-70-145-131.bongo.zone"
354 | local-data: "blackhole-10-70-145-132.bongo.zone 300 IN A 10.70.145.132"
355 | local-data-ptr: "10.70.145.132 blackhole-10-70-145-132.bongo.zone"
356 | local-data: "blackhole-10-70-145-133.bongo.zone 300 IN A 10.70.145.133"
357 | local-data-ptr: "10.70.145.133 blackhole-10-70-145-133.bongo.zone"
358 | local-data: "blackhole-10-70-145-134.bongo.zone 300 IN A 10.70.145.134"
359 | local-data-ptr: "10.70.145.134 blackhole-10-70-145-134.bongo.zone"
360 | local-data: "blackhole-10-70-145-135.bongo.zone 300 IN A 10.70.145.135"
361 | local-data-ptr: "10.70.145.135 blackhole-10-70-145-135.bongo.zone"
362 | local-data: "blackhole-10-70-145-136.bongo.zone 300 IN A 10.70.145.136"
363 | local-data-ptr: "10.70.145.136 blackhole-10-70-145-136.bongo.zone"
364 | local-data: "blackhole-10-70-145-137.bongo.zone 300 IN A 10.70.145.137"
365 | local-data-ptr: "10.70.145.137 blackhole-10-70-145-137.bongo.zone"
366 | local-data: "blackhole-10-70-145-138.bongo.zone 300 IN A 10.70.145.138"
367 | local-data-ptr: "10.70.145.138 blackhole-10-70-145-138.bongo.zone"
368 | local-data: "blackhole-10-70-145-139.bongo.zone 300 IN A 10.70.145.139"
369 | local-data-ptr: "10.70.145.139 blackhole-10-70-145-139.bongo.zone"
370 | local-data: "blackhole-10-70-145-140.bongo.zone 300 IN A 10.70.145.140"
371 | local-data-ptr: "10.70.145.140 blackhole-10-70-145-140.bongo.zone"
372 | local-data: "blackhole-10-70-145-141.bongo.zone 300 IN A 10.70.145.141"
373 | local-data-ptr: "10.70.145.141 blackhole-10-70-145-141.bongo.zone"
374 | local-data: "blackhole-10-70-145-142.bongo.zone 300 IN A 10.70.145.142"
375 | local-data-ptr: "10.70.145.142 blackhole-10-70-145-142.bongo.zone"
376 | local-data: "blackhole-10-70-145-143.bongo.zone 300 IN A 10.70.145.143"
377 | local-data-ptr: "10.70.145.143 blackhole-10-70-145-143.bongo.zone"
378 | local-data: "blackhole-10-70-145-144.bongo.zone 300 IN A 10.70.145.144"
379 | local-data-ptr: "10.70.145.144 blackhole-10-70-145-144.bongo.zone"
380 | local-data: "blackhole-10-70-145-145.bongo.zone 300 IN A 10.70.145.145"
381 | local-data-ptr: "10.70.145.145 blackhole-10-70-145-145.bongo.zone"
382 | local-data: "blackhole-10-70-145-146.bongo.zone 300 IN A 10.70.145.146"
383 | local-data-ptr: "10.70.145.146 blackhole-10-70-145-146.bongo.zone"
384 | local-data: "blackhole-10-70-145-147.bongo.zone 300 IN A 10.70.145.147"
385 | local-data-ptr: "10.70.145.147 blackhole-10-70-145-147.bongo.zone"
386 | local-data: "blackhole-10-70-145-148.bongo.zone 300 IN A 10.70.145.148"
387 | local-data-ptr: "10.70.145.148 blackhole-10-70-145-148.bongo.zone"
388 | local-data: "blackhole-10-70-145-149.bongo.zone 300 IN A 10.70.145.149"
389 | local-data-ptr: "10.70.145.149 blackhole-10-70-145-149.bongo.zone"
390 | local-data: "blackhole-10-70-145-150.bongo.zone 300 IN A 10.70.145.150"
391 | local-data-ptr: "10.70.145.150 blackhole-10-70-145-150.bongo.zone"
392 | local-data: "blackhole-10-70-145-151.bongo.zone 300 IN A 10.70.145.151"
393 | local-data-ptr: "10.70.145.151 blackhole-10-70-145-151.bongo.zone"
394 | local-data: "blackhole-10-70-145-152.bongo.zone 300 IN A 10.70.145.152"
395 | local-data-ptr: "10.70.145.152 blackhole-10-70-145-152.bongo.zone"
396 | local-data: "blackhole-10-70-145-153.bongo.zone 300 IN A 10.70.145.153"
397 | local-data-ptr: "10.70.145.153 blackhole-10-70-145-153.bongo.zone"
398 | local-data: "blackhole-10-70-145-154.bongo.zone 300 IN A 10.70.145.154"
399 | local-data-ptr: "10.70.145.154 blackhole-10-70-145-154.bongo.zone"
400 | local-data: "blackhole-10-70-145-155.bongo.zone 300 IN A 10.70.145.155"
401 | local-data-ptr: "10.70.145.155 blackhole-10-70-145-155.bongo.zone"
402 | local-data: "blackhole-10-70-145-156.bongo.zone 300 IN A 10.70.145.156"
403 | local-data-ptr: "10.70.145.156 blackhole-10-70-145-156.bongo.zone"
404 | local-data: "blackhole-10-70-145-157.bongo.zone 300 IN A 10.70.145.157"
405 | local-data-ptr: "10.70.145.157 blackhole-10-70-145-157.bongo.zone"
406 | local-data: "blackhole-10-70-145-158.bongo.zone 300 IN A 10.70.145.158"
407 | local-data-ptr: "10.70.145.158 blackhole-10-70-145-158.bongo.zone"
408 | local-data: "blackhole-10-70-145-159.bongo.zone 300 IN A 10.70.145.159"
409 | local-data-ptr: "10.70.145.159 blackhole-10-70-145-159.bongo.zone"
410 | local-data: "blackhole-10-70-145-160.bongo.zone 300 IN A 10.70.145.160"
411 | local-data-ptr: "10.70.145.160 blackhole-10-70-145-160.bongo.zone"
412 | local-data: "blackhole-10-70-145-161.bongo.zone 300 IN A 10.70.145.161"
413 | local-data-ptr: "10.70.145.161 blackhole-10-70-145-161.bongo.zone"
414 | local-data: "blackhole-10-70-145-162.bongo.zone 300 IN A 10.70.145.162"
415 | local-data-ptr: "10.70.145.162 blackhole-10-70-145-162.bongo.zone"
416 | local-data: "blackhole-10-70-145-163.bongo.zone 300 IN A 10.70.145.163"
417 | local-data-ptr: "10.70.145.163 blackhole-10-70-145-163.bongo.zone"
418 | local-data: "blackhole-10-70-145-164.bongo.zone 300 IN A 10.70.145.164"
419 | local-data-ptr: "10.70.145.164 blackhole-10-70-145-164.bongo.zone"
420 | local-data: "blackhole-10-70-145-165.bongo.zone 300 IN A 10.70.145.165"
421 | local-data-ptr: "10.70.145.165 blackhole-10-70-145-165.bongo.zone"
422 | local-data: "blackhole-10-70-145-166.bongo.zone 300 IN A 10.70.145.166"
423 | local-data-ptr: "10.70.145.166 blackhole-10-70-145-166.bongo.zone"
424 | local-data: "blackhole-10-70-145-167.bongo.zone 300 IN A 10.70.145.167"
425 | local-data-ptr: "10.70.145.167 blackhole-10-70-145-167.bongo.zone"
426 | local-data: "blackhole-10-70-145-168.bongo.zone 300 IN A 10.70.145.168"
427 | local-data-ptr: "10.70.145.168 blackhole-10-70-145-168.bongo.zone"
428 | local-data: "blackhole-10-70-145-169.bongo.zone 300 IN A 10.70.145.169"
429 | local-data-ptr: "10.70.145.169 blackhole-10-70-145-169.bongo.zone"
430 | local-data: "blackhole-10-70-145-170.bongo.zone 300 IN A 10.70.145.170"
431 | local-data-ptr: "10.70.145.170 blackhole-10-70-145-170.bongo.zone"
432 | local-data: "blackhole-10-70-145-171.bongo.zone 300 IN A 10.70.145.171"
433 | local-data-ptr: "10.70.145.171 blackhole-10-70-145-171.bongo.zone"
434 | local-data: "blackhole-10-70-145-172.bongo.zone 300 IN A 10.70.145.172"
435 | local-data-ptr: "10.70.145.172 blackhole-10-70-145-172.bongo.zone"
436 | local-data: "blackhole-10-70-145-173.bongo.zone 300 IN A 10.70.145.173"
437 | local-data-ptr: "10.70.145.173 blackhole-10-70-145-173.bongo.zone"
438 | local-data: "blackhole-10-70-145-174.bongo.zone 300 IN A 10.70.145.174"
439 | local-data-ptr: "10.70.145.174 blackhole-10-70-145-174.bongo.zone"
440 | local-data: "blackhole-10-70-145-175.bongo.zone 300 IN A 10.70.145.175"
441 | local-data-ptr: "10.70.145.175 blackhole-10-70-145-175.bongo.zone"
442 | local-data: "blackhole-10-70-145-176.bongo.zone 300 IN A 10.70.145.176"
443 | local-data-ptr: "10.70.145.176 blackhole-10-70-145-176.bongo.zone"
444 | local-data: "blackhole-10-70-145-177.bongo.zone 300 IN A 10.70.145.177"
445 | local-data-ptr: "10.70.145.177 blackhole-10-70-145-177.bongo.zone"
446 | local-data: "blackhole-10-70-145-178.bongo.zone 300 IN A 10.70.145.178"
447 | local-data-ptr: "10.70.145.178 blackhole-10-70-145-178.bongo.zone"
448 | local-data: "blackhole-10-70-145-179.bongo.zone 300 IN A 10.70.145.179"
449 | local-data-ptr: "10.70.145.179 blackhole-10-70-145-179.bongo.zone"
450 | local-data: "blackhole-10-70-145-180.bongo.zone 300 IN A 10.70.145.180"
451 | local-data-ptr: "10.70.145.180 blackhole-10-70-145-180.bongo.zone"
452 | local-data: "blackhole-10-70-145-181.bongo.zone 300 IN A 10.70.145.181"
453 | local-data-ptr: "10.70.145.181 blackhole-10-70-145-181.bongo.zone"
454 | local-data: "blackhole-10-70-145-182.bongo.zone 300 IN A 10.70.145.182"
455 | local-data-ptr: "10.70.145.182 blackhole-10-70-145-182.bongo.zone"
456 | local-data: "blackhole-10-70-145-183.bongo.zone 300 IN A 10.70.145.183"
457 | local-data-ptr: "10.70.145.183 blackhole-10-70-145-183.bongo.zone"
458 | local-data: "blackhole-10-70-145-184.bongo.zone 300 IN A 10.70.145.184"
459 | local-data-ptr: "10.70.145.184 blackhole-10-70-145-184.bongo.zone"
460 | local-data: "blackhole-10-70-145-185.bongo.zone 300 IN A 10.70.145.185"
461 | local-data-ptr: "10.70.145.185 blackhole-10-70-145-185.bongo.zone"
462 | local-data: "blackhole-10-70-145-186.bongo.zone 300 IN A 10.70.145.186"
463 | local-data-ptr: "10.70.145.186 blackhole-10-70-145-186.bongo.zone"
464 | local-data: "blackhole-10-70-145-187.bongo.zone 300 IN A 10.70.145.187"
465 | local-data-ptr: "10.70.145.187 blackhole-10-70-145-187.bongo.zone"
466 | local-data: "blackhole-10-70-145-188.bongo.zone 300 IN A 10.70.145.188"
467 | local-data-ptr: "10.70.145.188 blackhole-10-70-145-188.bongo.zone"
468 | local-data: "blackhole-10-70-145-189.bongo.zone 300 IN A 10.70.145.189"
469 | local-data-ptr: "10.70.145.189 blackhole-10-70-145-189.bongo.zone"
470 | local-data: "blackhole-10-70-145-190.bongo.zone 300 IN A 10.70.145.190"
471 | local-data-ptr: "10.70.145.190 blackhole-10-70-145-190.bongo.zone"
472 | local-data: "blackhole-10-70-145-all.bongo.zone 300 IN A 10.70.145.191"
473 | local-data-ptr: "10.70.145.191 blackhole-10-70-145-all.bongo.zone"
474 | ## ./script/unbound-gen.rb 192 223 ./src/var/unbound/etc/bongo.zone.conf vm
475 | local-data: "vm-10-70-145-net.bongo.zone 300 IN A 10.70.145.192"
476 | local-data-ptr: "10.70.145.192 vm-10-70-145-net.bongo.zone"
477 | #local-data: "vm-10-70-145-193.bongo.zone 300 IN A 10.70.145.193"
478 | #local-data-ptr: "10.70.145.193 vm-10-70-145-193.bongo.zone"
479 | #local-data: "vm-10-70-145-194.bongo.zone 300 IN A 10.70.145.194"
480 | #local-data-ptr: "10.70.145.194 vm-10-70-145-194.bongo.zone"
481 | #local-data: "vm-10-70-145-195.bongo.zone 300 IN A 10.70.145.195"
482 | #local-data-ptr: "10.70.145.195 vm-10-70-145-195.bongo.zone"
483 | #local-data: "vm-10-70-145-196.bongo.zone 300 IN A 10.70.145.196"
484 | #local-data-ptr: "10.70.145.196 vm-10-70-145-196.bongo.zone"
485 | #local-data: "vm-10-70-145-197.bongo.zone 300 IN A 10.70.145.197"
486 | #local-data-ptr: "10.70.145.197 vm-10-70-145-197.bongo.zone"
487 | #local-data: "vm-10-70-145-198.bongo.zone 300 IN A 10.70.145.198"
488 | #local-data-ptr: "10.70.145.198 vm-10-70-145-198.bongo.zone"
489 | local-data: "vm-10-70-145-199.bongo.zone 300 IN A 10.70.145.199"
490 | local-data-ptr: "10.70.145.199 vm-10-70-145-199.bongo.zone"
491 | local-data: "vm-10-70-145-200.bongo.zone 300 IN A 10.70.145.200"
492 | local-data-ptr: "10.70.145.200 vm-10-70-145-200.bongo.zone"
493 | local-data: "vm-10-70-145-201.bongo.zone 300 IN A 10.70.145.201"
494 | local-data-ptr: "10.70.145.201 vm-10-70-145-201.bongo.zone"
495 | local-data: "vm-10-70-145-202.bongo.zone 300 IN A 10.70.145.202"
496 | local-data-ptr: "10.70.145.202 vm-10-70-145-202.bongo.zone"
497 | local-data: "vm-10-70-145-203.bongo.zone 300 IN A 10.70.145.203"
498 | local-data-ptr: "10.70.145.203 vm-10-70-145-203.bongo.zone"
499 | local-data: "vm-10-70-145-204.bongo.zone 300 IN A 10.70.145.204"
500 | local-data-ptr: "10.70.145.204 vm-10-70-145-204.bongo.zone"
501 | local-data: "vm-10-70-145-205.bongo.zone 300 IN A 10.70.145.205"
502 | local-data-ptr: "10.70.145.205 vm-10-70-145-205.bongo.zone"
503 | local-data: "vm-10-70-145-206.bongo.zone 300 IN A 10.70.145.206"
504 | local-data-ptr: "10.70.145.206 vm-10-70-145-206.bongo.zone"
505 | local-data: "vm-10-70-145-207.bongo.zone 300 IN A 10.70.145.207"
506 | local-data-ptr: "10.70.145.207 vm-10-70-145-207.bongo.zone"
507 | local-data: "vm-10-70-145-208.bongo.zone 300 IN A 10.70.145.208"
508 | local-data-ptr: "10.70.145.208 vm-10-70-145-208.bongo.zone"
509 | local-data: "vm-10-70-145-209.bongo.zone 300 IN A 10.70.145.209"
510 | local-data-ptr: "10.70.145.209 vm-10-70-145-209.bongo.zone"
511 | local-data: "vm-10-70-145-210.bongo.zone 300 IN A 10.70.145.210"
512 | local-data-ptr: "10.70.145.210 vm-10-70-145-210.bongo.zone"
513 | local-data: "vm-10-70-145-211.bongo.zone 300 IN A 10.70.145.211"
514 | local-data-ptr: "10.70.145.211 vm-10-70-145-211.bongo.zone"
515 | local-data: "vm-10-70-145-212.bongo.zone 300 IN A 10.70.145.212"
516 | local-data-ptr: "10.70.145.212 vm-10-70-145-212.bongo.zone"
517 | local-data: "vm-10-70-145-213.bongo.zone 300 IN A 10.70.145.213"
518 | local-data-ptr: "10.70.145.213 vm-10-70-145-213.bongo.zone"
519 | local-data: "vm-10-70-145-214.bongo.zone 300 IN A 10.70.145.214"
520 | local-data-ptr: "10.70.145.214 vm-10-70-145-214.bongo.zone"
521 | local-data: "vm-10-70-145-215.bongo.zone 300 IN A 10.70.145.215"
522 | local-data-ptr: "10.70.145.215 vm-10-70-145-215.bongo.zone"
523 | local-data: "vm-10-70-145-216.bongo.zone 300 IN A 10.70.145.216"
524 | local-data-ptr: "10.70.145.216 vm-10-70-145-216.bongo.zone"
525 | local-data: "vm-10-70-145-217.bongo.zone 300 IN A 10.70.145.217"
526 | local-data-ptr: "10.70.145.217 vm-10-70-145-217.bongo.zone"
527 | local-data: "vm-10-70-145-218.bongo.zone 300 IN A 10.70.145.218"
528 | local-data-ptr: "10.70.145.218 vm-10-70-145-218.bongo.zone"
529 | local-data: "vm-10-70-145-219.bongo.zone 300 IN A 10.70.145.219"
530 | local-data-ptr: "10.70.145.219 vm-10-70-145-219.bongo.zone"
531 | local-data: "vm-10-70-145-220.bongo.zone 300 IN A 10.70.145.220"
532 | local-data-ptr: "10.70.145.220 vm-10-70-145-220.bongo.zone"
533 | local-data: "vm-10-70-145-221.bongo.zone 300 IN A 10.70.145.221"
534 | local-data-ptr: "10.70.145.221 vm-10-70-145-221.bongo.zone"
535 | local-data: "vm-10-70-145-222.bongo.zone 300 IN A 10.70.145.222"
536 | local-data-ptr: "10.70.145.222 vm-10-70-145-222.bongo.zone"
537 | local-data: "vm-10-70-145-all.bongo.zone 300 IN A 10.70.145.223"
538 | local-data-ptr: "10.70.145.223 vm-10-70-145-all.bongo.zone"
539 | ## ./script/unbound-gen.rb 224 255 ./src/var/unbound/etc/bongo.zone.conf public
540 | local-data: "public-10-70-145-net.bongo.zone 300 IN A 10.70.145.224"
541 | local-data-ptr: "10.70.145.224 public-10-70-145-net.bongo.zone"
542 | #local-data: "public-10-70-145-225.bongo.zone 300 IN A 10.70.145.225"
543 | #local-data-ptr: "10.70.145.225 public-10-70-145-225.bongo.zone"
544 | local-data: "public-10-70-145-226.bongo.zone 300 IN A 10.70.145.226"
545 | local-data-ptr: "10.70.145.226 public-10-70-145-226.bongo.zone"
546 | local-data: "public-10-70-145-227.bongo.zone 300 IN A 10.70.145.227"
547 | local-data-ptr: "10.70.145.227 public-10-70-145-227.bongo.zone"
548 | local-data: "public-10-70-145-228.bongo.zone 300 IN A 10.70.145.228"
549 | local-data-ptr: "10.70.145.228 public-10-70-145-228.bongo.zone"
550 | local-data: "public-10-70-145-229.bongo.zone 300 IN A 10.70.145.229"
551 | local-data-ptr: "10.70.145.229 public-10-70-145-229.bongo.zone"
552 | local-data: "public-10-70-145-230.bongo.zone 300 IN A 10.70.145.230"
553 | local-data-ptr: "10.70.145.230 public-10-70-145-230.bongo.zone"
554 | local-data: "public-10-70-145-231.bongo.zone 300 IN A 10.70.145.231"
555 | local-data-ptr: "10.70.145.231 public-10-70-145-231.bongo.zone"
556 | local-data: "public-10-70-145-232.bongo.zone 300 IN A 10.70.145.232"
557 | local-data-ptr: "10.70.145.232 public-10-70-145-232.bongo.zone"
558 | local-data: "public-10-70-145-233.bongo.zone 300 IN A 10.70.145.233"
559 | local-data-ptr: "10.70.145.233 public-10-70-145-233.bongo.zone"
560 | local-data: "public-10-70-145-234.bongo.zone 300 IN A 10.70.145.234"
561 | local-data-ptr: "10.70.145.234 public-10-70-145-234.bongo.zone"
562 | local-data: "public-10-70-145-235.bongo.zone 300 IN A 10.70.145.235"
563 | local-data-ptr: "10.70.145.235 public-10-70-145-235.bongo.zone"
564 | local-data: "public-10-70-145-236.bongo.zone 300 IN A 10.70.145.236"
565 | local-data-ptr: "10.70.145.236 public-10-70-145-236.bongo.zone"
566 | local-data: "public-10-70-145-237.bongo.zone 300 IN A 10.70.145.237"
567 | local-data-ptr: "10.70.145.237 public-10-70-145-237.bongo.zone"
568 | local-data: "public-10-70-145-238.bongo.zone 300 IN A 10.70.145.238"
569 | local-data-ptr: "10.70.145.238 public-10-70-145-238.bongo.zone"
570 | local-data: "public-10-70-145-239.bongo.zone 300 IN A 10.70.145.239"
571 | local-data-ptr: "10.70.145.239 public-10-70-145-239.bongo.zone"
572 | local-data: "public-10-70-145-240.bongo.zone 300 IN A 10.70.145.240"
573 | local-data-ptr: "10.70.145.240 public-10-70-145-240.bongo.zone"
574 | local-data: "public-10-70-145-241.bongo.zone 300 IN A 10.70.145.241"
575 | local-data-ptr: "10.70.145.241 public-10-70-145-241.bongo.zone"
576 | local-data: "public-10-70-145-242.bongo.zone 300 IN A 10.70.145.242"
577 | local-data-ptr: "10.70.145.242 public-10-70-145-242.bongo.zone"
578 | local-data: "public-10-70-145-243.bongo.zone 300 IN A 10.70.145.243"
579 | local-data-ptr: "10.70.145.243 public-10-70-145-243.bongo.zone"
580 | local-data: "public-10-70-145-244.bongo.zone 300 IN A 10.70.145.244"
581 | local-data-ptr: "10.70.145.244 public-10-70-145-244.bongo.zone"
582 | local-data: "public-10-70-145-245.bongo.zone 300 IN A 10.70.145.245"
583 | local-data-ptr: "10.70.145.245 public-10-70-145-245.bongo.zone"
584 | local-data: "public-10-70-145-246.bongo.zone 300 IN A 10.70.145.246"
585 | local-data-ptr: "10.70.145.246 public-10-70-145-246.bongo.zone"
586 | local-data: "public-10-70-145-247.bongo.zone 300 IN A 10.70.145.247"
587 | local-data-ptr: "10.70.145.247 public-10-70-145-247.bongo.zone"
588 | local-data: "public-10-70-145-248.bongo.zone 300 IN A 10.70.145.248"
589 | local-data-ptr: "10.70.145.248 public-10-70-145-248.bongo.zone"
590 | local-data: "public-10-70-145-249.bongo.zone 300 IN A 10.70.145.249"
591 | local-data-ptr: "10.70.145.249 public-10-70-145-249.bongo.zone"
592 | local-data: "public-10-70-145-250.bongo.zone 300 IN A 10.70.145.250"
593 | local-data-ptr: "10.70.145.250 public-10-70-145-250.bongo.zone"
594 | local-data: "public-10-70-145-251.bongo.zone 300 IN A 10.70.145.251"
595 | local-data-ptr: "10.70.145.251 public-10-70-145-251.bongo.zone"
596 | local-data: "public-10-70-145-252.bongo.zone 300 IN A 10.70.145.252"
597 | local-data-ptr: "10.70.145.252 public-10-70-145-252.bongo.zone"
598 | local-data: "public-10-70-145-253.bongo.zone 300 IN A 10.70.145.253"
599 | local-data-ptr: "10.70.145.253 public-10-70-145-253.bongo.zone"
600 | local-data: "public-10-70-145-254.bongo.zone 300 IN A 10.70.145.254"
601 | local-data-ptr: "10.70.145.254 public-10-70-145-254.bongo.zone"
602 | local-data: "public-10-70-145-all.bongo.zone 300 IN A 10.70.145.255"
603 | local-data-ptr: "10.70.145.255 public-10-70-145-all.bongo.zone"
604 | 
605 | # SSHFP
606 | ## :r ! bash -c 'echo kibble.bongo.zone & echo 10.70.145.{1..254} | xargs -P 300 -n 1 dig +short -x 2> /dev/null ' | xargs -P 100 -n 1 ssh-keyscan -D 2> /dev/null | sort | sed 's/.*/local-data: "&"/'
607 | 
608 | local-data: "discovery.bongo.zone. IN SSHFP 1 1 43b247857619a84a3a05cf7a3bb6bafde26e0d3e"
609 | local-data: "discovery.bongo.zone. IN SSHFP 1 2 82ba94248223c499e9a51536fa9a7c17d5f7eb35c89a6cd353dba356ada79763"
610 | local-data: "discovery.bongo.zone. IN SSHFP 3 1 875bf226b6ef5d1451cf9cf0aaff903a6170cd55"
611 | local-data: "discovery.bongo.zone. IN SSHFP 3 2 1b2862136ec8d26b81b1817f071fc51b69ac1cf4fe1aad0d29ec04e8e4dcf2b8"
612 | local-data: "discovery.bongo.zone. IN SSHFP 4 1 f44d13db6483c8525108c4528710029c8b94056d"
613 | local-data: "discovery.bongo.zone. IN SSHFP 4 2 f99209ff10116c62805064af106cb9f5c479225b25d4c4370eeaca2ea52a4b80"
614 | local-data: "dmz.kibble.bongo.zone. IN SSHFP 1 1 2d098b680c83004762cea8c8c75e3c013053a6bd"
615 | local-data: "dmz.kibble.bongo.zone. IN SSHFP 1 2 a2fe76e4ca4f6eeccfde95c1d4bf8f28619e9ec07c83d2ae0660c8c0f463f4ef"
616 | local-data: "dmz.kibble.bongo.zone. IN SSHFP 3 1 450530dadb154b17c9012c8af2c421601f7c2623"
617 | local-data: "dmz.kibble.bongo.zone. IN SSHFP 3 2 d60b4a0ef4edd3a0f09f18753bca5b8565ea9cf1d80a69586b604b111c49c3b0"
618 | local-data: "dmz.kibble.bongo.zone. IN SSHFP 4 1 d6cd15251791c4a1a2c7158a1a2071527691ec82"
619 | local-data: "dmz.kibble.bongo.zone. IN SSHFP 4 2 173617bac52bb67c39977eeb78fec6abafebf2f1711562904b45e064d49182ca"
620 | local-data: "guest.kibble.bongo.zone. IN SSHFP 1 1 2d098b680c83004762cea8c8c75e3c013053a6bd"
621 | local-data: "guest.kibble.bongo.zone. IN SSHFP 1 2 a2fe76e4ca4f6eeccfde95c1d4bf8f28619e9ec07c83d2ae0660c8c0f463f4ef"
622 | local-data: "guest.kibble.bongo.zone. IN SSHFP 3 1 450530dadb154b17c9012c8af2c421601f7c2623"
623 | local-data: "guest.kibble.bongo.zone. IN SSHFP 3 2 d60b4a0ef4edd3a0f09f18753bca5b8565ea9cf1d80a69586b604b111c49c3b0"
624 | local-data: "guest.kibble.bongo.zone. IN SSHFP 4 1 d6cd15251791c4a1a2c7158a1a2071527691ec82"
625 | local-data: "guest.kibble.bongo.zone. IN SSHFP 4 2 173617bac52bb67c39977eeb78fec6abafebf2f1711562904b45e064d49182ca"
626 | local-data: "jesse.bongo.zone. IN SSHFP 1 1 f71920038aa3f1d64cb3dc3464e34b2991fbfebd"
627 | local-data: "jesse.bongo.zone. IN SSHFP 1 2 8172d452a64d2827a9f6b4943b911f4467f4dd02edf4b85d164c363fc6f01f63"
628 | local-data: "jesse.bongo.zone. IN SSHFP 3 1 1d1d502752abb8af87d6eece9fea617b7f56888e"
629 | local-data: "jesse.bongo.zone. IN SSHFP 3 2 f680af68c6bae8f6b8b8e6a4fcdd09d0b5247541850ab82b0ad64ed68fcc3442"
630 | local-data: "jesse.bongo.zone. IN SSHFP 4 1 52d1a8008f08f7e40814abd670173463ac305981"
631 | local-data: "jesse.bongo.zone. IN SSHFP 4 2 4834bf8967c84a55becf8e7d5445fcf7b78d14b18e384dfaea2a05f17b8e480d"
632 | local-data: "kibble.bongo.zone IN SSHFP 1 1 2d098b680c83004762cea8c8c75e3c013053a6bd"
633 | local-data: "kibble.bongo.zone IN SSHFP 1 2 a2fe76e4ca4f6eeccfde95c1d4bf8f28619e9ec07c83d2ae0660c8c0f463f4ef"
634 | local-data: "kibble.bongo.zone IN SSHFP 3 1 450530dadb154b17c9012c8af2c421601f7c2623"
635 | local-data: "kibble.bongo.zone IN SSHFP 3 2 d60b4a0ef4edd3a0f09f18753bca5b8565ea9cf1d80a69586b604b111c49c3b0"
636 | local-data: "kibble.bongo.zone IN SSHFP 4 1 d6cd15251791c4a1a2c7158a1a2071527691ec82"
637 | local-data: "kibble.bongo.zone IN SSHFP 4 2 173617bac52bb67c39977eeb78fec6abafebf2f1711562904b45e064d49182ca"
638 | local-data: "nycmesh-dns.bongo.zone. IN SSHFP 1 1 7d1aba4d741a21a28d2d7e05db12bae0926db376"
639 | local-data: "nycmesh-dns.bongo.zone. IN SSHFP 1 2 4dd99023cb0df65b52723d2a6138e79888788001c17ed74093cbf23b6cbf0625"
640 | local-data: "nycmesh-dns.bongo.zone. IN SSHFP 3 1 d7c3ebf498b4cd0e2fd5d0502d84a4643f7437f7"
641 | local-data: "nycmesh-dns.bongo.zone. IN SSHFP 3 2 1a1b8adb3b4664d0e75eaae46c8e443ed9502bcf7c2cd4af3ef68ad90c6723cc"
642 | local-data: "nycmesh-dns.bongo.zone. IN SSHFP 4 1 240392145e70bc24b2ddfb6600fd5aebca504543"
643 | local-data: "nycmesh-dns.bongo.zone. IN SSHFP 4 2 b1d543495146ddbb1f8076358ecf530cf765a7621c8ce765a08c08ce5353e8ae"
644 | local-data: "nycmesh-lbe-1659.bongo.zone. IN SSHFP 1 1 be797e6ae93092a372ffb1983878036f950d10ae"
645 | local-data: "nycmesh-lbe-1659.bongo.zone. IN SSHFP 1 2 c6649335302525daf4e3116c97f1ff5c0c29b01e7e9481b470137dd25c44cfd6"
646 | local-data: "planck.bongo.zone. IN SSHFP 1 1 f14b6e42ace3403d0e4c6afb984983e81c1d6cde"
647 | local-data: "planck.bongo.zone. IN SSHFP 1 2 f1e64ec7aeb694136ce42c62250d58dd4862ca07fee899ad074e50aafb68cd51"
648 | local-data: "planck.bongo.zone. IN SSHFP 3 1 713cdc06ff97f96069a1bbe65af356bda053a927"
649 | local-data: "planck.bongo.zone. IN SSHFP 3 2 e2b2c24a77df6a980176428051980429dcd438c18bddfc76582caefded0e28d5"
650 | local-data: "planck.bongo.zone. IN SSHFP 4 1 a8ebdb68a753c781e1688faddd2c54b3af5e8850"
651 | local-data: "planck.bongo.zone. IN SSHFP 4 2 9cc4d771ab67d066d79edd661691fb882f915c4af496c48fcf9bd67410946397"
652 | local-data: "superstring.bongo.zone. IN SSHFP 1 1 799afed217eff597ac314482e323e0181f21d436"
653 | local-data: "superstring.bongo.zone. IN SSHFP 1 2 b2e1a01bfd5fb010ec62cf71000e8403599152070fa3fe43b79dd08751649ec0"
654 | local-data: "superstring.bongo.zone. IN SSHFP 3 1 429b351a7f96d693f3c4a348affe85c8190067ed"
655 | local-data: "superstring.bongo.zone. IN SSHFP 3 2 0f1d4c5b9a3a01518600a95e309d45d1e0f6f030c70066d8030dd87f8a1fbee2"
656 | local-data: "superstring.bongo.zone. IN SSHFP 4 1 aa306e7970dd0ad519cc03b2f78428c58359e8a1"
657 | local-data: "superstring.bongo.zone. IN SSHFP 4 2 e00fafebc1876a23e5379c335a9b4155b259586b91dc2172d7fc529817d66316"
658 | local-data: "vm.kibble.bongo.zone. IN SSHFP 1 1 2d098b680c83004762cea8c8c75e3c013053a6bd"
659 | local-data: "vm.kibble.bongo.zone. IN SSHFP 1 2 a2fe76e4ca4f6eeccfde95c1d4bf8f28619e9ec07c83d2ae0660c8c0f463f4ef"
660 | local-data: "vm.kibble.bongo.zone. IN SSHFP 3 1 450530dadb154b17c9012c8af2c421601f7c2623"
661 | local-data: "vm.kibble.bongo.zone. IN SSHFP 3 2 d60b4a0ef4edd3a0f09f18753bca5b8565ea9cf1d80a69586b604b111c49c3b0"
662 | local-data: "vm.kibble.bongo.zone. IN SSHFP 4 1 d6cd15251791c4a1a2c7158a1a2071527691ec82"
663 | local-data: "vm.kibble.bongo.zone. IN SSHFP 4 2 173617bac52bb67c39977eeb78fec6abafebf2f1711562904b45e064d49182ca"
664 | local-data: "wifi.discovery.bongo.zone. IN SSHFP 1 1 43b247857619a84a3a05cf7a3bb6bafde26e0d3e"
665 | local-data: "wifi.discovery.bongo.zone. IN SSHFP 1 2 82ba94248223c499e9a51536fa9a7c17d5f7eb35c89a6cd353dba356ada79763"
666 | local-data: "wifi.discovery.bongo.zone. IN SSHFP 3 1 875bf226b6ef5d1451cf9cf0aaff903a6170cd55"
667 | local-data: "wifi.discovery.bongo.zone. IN SSHFP 3 2 1b2862136ec8d26b81b1817f071fc51b69ac1cf4fe1aad0d29ec04e8e4dcf2b8"
668 | local-data: "wifi.discovery.bongo.zone. IN SSHFP 4 1 f44d13db6483c8525108c4528710029c8b94056d"
669 | local-data: "wifi.discovery.bongo.zone. IN SSHFP 4 2 f99209ff10116c62805064af106cb9f5c479225b25d4c4370eeaca2ea52a4b80"
670 | 


--------------------------------------------------------------------------------
/src/var/unbound/etc/unbound.conf:
--------------------------------------------------------------------------------
 1 | # $OpenBSD: unbound.conf,v 1.7 2016/03/30 01:41:25 sthen Exp $
 2 | 
 3 | server:
 4 | 	interface: 127.0.0.1
 5 | 	#interface: 127.0.0.1@5353	# listen on alternative port
 6 | 	#interface: ::1
 7 |   interface: 10.70.145.1
 8 |   interface: 10.70.145.225
 9 | 	do-ip6: no
10 | 
11 | 	access-control: 0.0.0.0/0 refuse
12 | 	access-control: 127.0.0.0/8 allow
13 | 	access-control: 192.168.0.0/16 allow
14 |   access-control: 10.70.145.0/24 allow
15 | 
16 | 	access-control: ::0/0 refuse
17 | 	access-control: ::1 allow
18 | 
19 | 	hide-identity: yes
20 | 	hide-version: yes
21 | 
22 |   # Include bongo.zone config
23 |   include: /var/unbound/etc/bongo.zone.conf
24 | 
25 | remote-control:
26 | 	control-enable: yes
27 | 	control-use-cert: no
28 | 	control-interface: /var/run/unbound.sock
29 | 
30 | # Use an upstream forwarder (recursive resolver) for specific zones.
31 | #
32 | forward-zone:
33 | 	name: "."				# use for ALL queries
34 |   forward-addr: 10.10.10.10 # nycmesh anycast
35 |   forward-addr: 10.70.131.129 # nycmesh
36 | #	forward-addr: 1.1.1.1	# cloudfront
37 | #	forward-addr: 74.82.42.42		# he.net
38 | #	forward-addr: 2001:470:20::2		# he.net v6
39 | #	forward-addr: 8.8.8.8			# google.com
40 | #	forward-addr: 2001:4860:4860::8888	# google.com v6
41 | #	forward-addr: 208.67.222.222		# opendns.com
42 | 	forward-first: yes			# try direct if forwarder fails
43 | 
44 | forward-zone:
45 | 	name: "mesh."
46 |   forward-addr: 10.10.10.10 # nycmesh anycast
47 |   forward-addr: 10.70.131.129 # nycmesh
48 | 


--------------------------------------------------------------------------------
/src/var/www/etc/resolv.conf:
--------------------------------------------------------------------------------
1 | nameserver 127.0.0.1
2 | nameserver 10.10.10.10
3 | nameserver 10.70.131.129
4 | lookup file bind
5 | 


--------------------------------------------------------------------------------
/src/var/www/htdocs/captive/index.html:
--------------------------------------------------------------------------------
 1 | <html>
 2 | <head>
 3 | <meta HTTP-EQUIV="Pragma" CONTENT="no-cache">
 4 | <style>
 5 | body {
 6 | 	font-family: Arial, Helvetica;
 7 | }
 8 | .logo { float: left; clear: left; padding-right: 3em }
 9 | .columns { 
10 | 	columns: 1 auto; 
11 | 	max-width: 400px;
12 | }
13 | .container {
14 | 	display: table;
15 | 	margin: 0 auto;
16 | }
17 | 
18 | @media only screen and (max-width: 480px), only screen and (max-device-width: 480px) {
19 | 	.columns { columns: auto auto }
20 | 	.logo { float: none }
21 | }
22 | </style>
23 | </head>
24 | <body>
25 | 
26 | <div class="container">
27 | <h1>NYC Mesh<br>Community Wi-Fi</h1>
28 | <div>
29 | <div class="logo">
30 | 	<svg width="128" height="128" xmlns="http://www.w3.org/2000/svg">
31 | 
32 | 	<g>
33 | 	<title>background</title>
34 | 	<rect fill="none" id="canvas_background" height="402" width="582" y="-1" x="-1"/>
35 | 	</g>
36 | 	<g>
37 | 	<title>Layer 1</title>
38 | 	<path id="svg_2" d="m60.96,0l5.52,0c14.98,0.66 29.71,6.57 40.72,16.79c12.46,11.23 19.94,27.53 20.8,44.24l0,5.49c-0.72,17.12 -8.47,33.83 -21.34,45.17c-10.96,9.96 -25.49,15.67 -40.24,16.31l-5.7,0c-14.21,-0.91 -28.19,-6.33 -38.86,-15.85c-13.2,-11.39 -21.2,-28.37 -21.86,-45.77l0,-5.64c0.96,-16.62 8.42,-32.8 20.82,-43.97c10.87,-10.1 25.37,-15.94 40.14,-16.77z" fill="#f1b013"/>
39 | 	<path id="svg_4" d="m57.68,23.75c5.46,-3.86 14.14,-1.11 16.09,5.37c1.16,2.94 0.4,6.08 -0.61,8.93c6.62,8.4 13.18,16.85 19.88,25.19c-2.31,1.29 -4.47,2.85 -6.25,4.82c-7.04,-7.95 -13.26,-16.63 -19.93,-24.91c-3.83,0.34 -8.16,-0.05 -10.88,-3.11c-4.62,-4.43 -3.75,-12.91 1.7,-16.29z" fill="#010000"/>
40 | 	<path id="svg_5" d="m28.79,70.15c6.65,-8.51 13.39,-16.95 20.11,-25.4c1.85,1.99 4.06,3.6 6.35,5.05c-6.66,8.32 -13.22,16.72 -19.85,25.06c3.06,5.34 1.14,13.13 -4.84,15.44c-6.49,3.26 -15.18,-2 -15.09,-9.3c-0.63,-6.94 6.74,-12.54 13.32,-10.85z" fill="#010000"/>
41 | 	<path id="svg_8" d="m96.61,70.62c6.16,-3.23 14.66,1.33 15.15,8.31c0.78,4.93 -2.49,9.9 -7.17,11.42c-3.33,0.71 -6.94,0.45 -9.87,-1.4c-16.28,8.84 -36.28,10.13 -53.66,3.86c1.54,-2.28 2.81,-4.74 3.77,-7.32c14.78,5.5 31.76,3.91 45.67,-3.34c-0.62,-4.66 1.67,-9.65 6.11,-11.53z" fill="#010000"/>
42 | 	</g>
43 | 	</svg>
44 | </div>
45 | <div class="columns">
46 | 	NYC Mesh is a community-owned network. We aim to create a free, resilient, stand-alone system that serves both for daily use and also for emergencies. Please visit <a href="https://nycmesh.net/">nycmesh.net</a> and help us extend the network.
47 | </div>
48 | </div>
49 | </div>
50 | </body>
51 | </html>
52 | 


--------------------------------------------------------------------------------
/src/var/www/htdocs/default/disklabel.min:
--------------------------------------------------------------------------------
1 | / 1M-*
2 | 


--------------------------------------------------------------------------------
/src/var/www/htdocs/default/index.html:
--------------------------------------------------------------------------------
 1 | <html>
 2 | <head>
 3 | <meta HTTP-EQUIV="Pragma" CONTENT="no-cache">
 4 | <style>
 5 | body {
 6 | 	font-family: Arial, Helvetica;
 7 | }
 8 | .logo { float: left; clear: left; padding-right: 3em }
 9 | .columns { 
10 | 	columns: 1 auto; 
11 | 	max-width: 400px;
12 | }
13 | .container {
14 | 	display: table;
15 | 	margin: 0 auto;
16 | }
17 | 
18 | @media only screen and (max-width: 480px), only screen and (max-device-width: 480px) {
19 | 	.columns { columns: auto auto }
20 | 	.logo { float: none }
21 | }
22 | </style>
23 | </head>
24 | <title>kibble.bongo.zone</title>
25 | <body>
26 | 
27 | <div class="container">
28 | <h1>kibble.bongo.zone</h1>
29 | <h2>via NYC Mesh</h2>
30 | <div>
31 | <div class="logo">
32 | 	<svg width="128" height="128" xmlns="http://www.w3.org/2000/svg">
33 | 
34 | 	<g>
35 | 	<title>background</title>
36 | 	<rect fill="none" id="canvas_background" height="402" width="582" y="-1" x="-1"/>
37 | 	</g>
38 | 	<g>
39 | 	<title>Layer 1</title>
40 | 	<path id="svg_2" d="m60.96,0l5.52,0c14.98,0.66 29.71,6.57 40.72,16.79c12.46,11.23 19.94,27.53 20.8,44.24l0,5.49c-0.72,17.12 -8.47,33.83 -21.34,45.17c-10.96,9.96 -25.49,15.67 -40.24,16.31l-5.7,0c-14.21,-0.91 -28.19,-6.33 -38.86,-15.85c-13.2,-11.39 -21.2,-28.37 -21.86,-45.77l0,-5.64c0.96,-16.62 8.42,-32.8 20.82,-43.97c10.87,-10.1 25.37,-15.94 40.14,-16.77z" fill="#f1b013"/>
41 | 	<path id="svg_4" d="m57.68,23.75c5.46,-3.86 14.14,-1.11 16.09,5.37c1.16,2.94 0.4,6.08 -0.61,8.93c6.62,8.4 13.18,16.85 19.88,25.19c-2.31,1.29 -4.47,2.85 -6.25,4.82c-7.04,-7.95 -13.26,-16.63 -19.93,-24.91c-3.83,0.34 -8.16,-0.05 -10.88,-3.11c-4.62,-4.43 -3.75,-12.91 1.7,-16.29z" fill="#010000"/>
42 | 	<path id="svg_5" d="m28.79,70.15c6.65,-8.51 13.39,-16.95 20.11,-25.4c1.85,1.99 4.06,3.6 6.35,5.05c-6.66,8.32 -13.22,16.72 -19.85,25.06c3.06,5.34 1.14,13.13 -4.84,15.44c-6.49,3.26 -15.18,-2 -15.09,-9.3c-0.63,-6.94 6.74,-12.54 13.32,-10.85z" fill="#010000"/>
43 | 	<path id="svg_8" d="m96.61,70.62c6.16,-3.23 14.66,1.33 15.15,8.31c0.78,4.93 -2.49,9.9 -7.17,11.42c-3.33,0.71 -6.94,0.45 -9.87,-1.4c-16.28,8.84 -36.28,10.13 -53.66,3.86c1.54,-2.28 2.81,-4.74 3.77,-7.32c14.78,5.5 31.76,3.91 45.67,-3.34c-0.62,-4.66 1.67,-9.65 6.11,-11.53z" fill="#010000"/>
44 | 	</g>
45 | 	</svg>
46 | </div>
47 | <div class="columns">
48 | 	<p>
49 | 		Welcome to <tt>kibble.bongo.zone</tt>, an autonomous system within <a href="https://nycmesh.net/">NYC Mesh</a>.
50 | 	</p>
51 | 	<ul>
52 | 		<li><a href="https://www.nycmesh.net/map/nodes/1659">Node 1659</a></li>
53 | 		<li>10.70.145.0/24, 10.10.10.10/32, 199.167.59.73/32</li>
54 | 		<li>Private EBGP ASN 65009 - <a href="bgplg/">looking glass</a></li>
55 | 	</ul>
56 | 	<p>
57 | 		<a href="https://github.com/bongozone/kibble">src</a>
58 | 	</p>
59 | </div>
60 | </div>
61 | </div>
62 | </body>
63 | </html>
64 | 


--------------------------------------------------------------------------------
/src/var/www/htdocs/default/install.conf:
--------------------------------------------------------------------------------
 1 | # autoinstall response file for unattended installation
 2 | # https://man.openbsd.org/autoinstall
 3 | #Password for root account = plaintext / encrypt(1) / "*************" to disable
 4 | System hostname? (short form, e.g. 'foo') = openbsd64
 5 | Password for root account = *************
 6 | Change the default console to com0 = yes 
 7 | Which speed should com0 use = 19200
 8 | Public ssh key for root account = ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDRNZfhKezNAmHl8XQyDDxnt2dsTWo+b9GWKyV05kATq6901nWakRjSucufxRR2jDjqvXGlmwh+M00rFv8Nd/+pV0rnJoyymeImp3l7tAo2oH+czfl+i3ZfcKSsNwWEKaWGrAy+boy4FN/3HQ9ZlxZrpyguk6xixLMgx1JI6V8pWbYg8bQd4n2VWUoNzVYTkdbb9tmIbuMm9iVvK2NhUMX+sFOs0AnNmX5lh7OQt1x+gJks2x8SjoYwMpAzg6Ga3ikeKcraDalRgVLmYZ89nspWs9PG3t7G2KXsPt2huWiVoWxrx+XzezVx1IlT3QnidLfGy4KLKLxT5IA07SVETdMr jon@kibble.bongo.zone
 9 | Start sshd(8) by default = yes
10 | Do you expect to run the X Window System = no
11 | Setup a user = no
12 | Allow root ssh login = prohibit-password
13 | What timezone are you in = America/New_York
14 | Which disk is the root disk = sd0
15 | URL to autopartitioning template for disklabel = https://kibble.bongo.zone/disklabel.min
16 | Location of sets? = cd0
17 | Set name(s) = -game* -x* 
18 | Directory does not contain SHA256.sig. Continue without verification? = yes
19 | 


--------------------------------------------------------------------------------
/src/var/www/htdocs/default/jesse-install.conf:
--------------------------------------------------------------------------------
 1 | # autoinstall response file for unattended installation
 2 | # https://man.openbsd.org/autoinstall
 3 | #Password for root account = plaintext / encrypt(1) / "*************" to disable
 4 | Password for root account = *************
 5 | Change the default console to com0 = yes 
 6 | Which speed should com0 use = 19200
 7 | Public ssh key for root account = ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDrIx0EmNnEfd3rU7a/O82tpTEEMrUHj9nzRt/NeD6+1 jesse
 8 | Start sshd(8) by default = yes
 9 | Do you expect to run the X Window System = no
10 | Setup a user = jesse
11 | Password for user = ************* 
12 | Public ssh key for user = ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDrIx0EmNnEfd3rU7a/O82tpTEEMrUHj9nzRt/NeD6+1 jesse
13 | Allow root ssh login = prohibit-password
14 | What timezone are you in = America/New_York
15 | Which disk is the root disk = sd0
16 | URL to autopartitioning template for disklabel = https://kibble.bongo.zone/disklabel.min
17 | Location of sets = http 
18 | HTTP proxy URL = none
19 | HTTP Server = cdn.openbsd.org
20 | Server directory = /pub/OpenBSD/6.3/amd64
21 | Set name(s) = -game* -x*
22 | 


--------------------------------------------------------------------------------
/src/var/www/htdocs/default/jon-openbsd63-install.conf:
--------------------------------------------------------------------------------
 1 | # autoinstall response file for unattended installation
 2 | # https://man.openbsd.org/autoinstall
 3 | #Password for root account = plaintext / encrypt(1) / "*************" to disable
 4 | Password for root account = *************
 5 | Change the default console to com0 = yes 
 6 | Which speed should com0 use = 19200
 7 | Public ssh key for root account = ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDRNZfhKezNAmHl8XQyDDxnt2dsTWo+b9GWKyV05kATq6901nWakRjSucufxRR2jDjqvXGlmwh+M00rFv8Nd/+pV0rnJoyymeImp3l7tAo2oH+czfl+i3ZfcKSsNwWEKaWGrAy+boy4FN/3HQ9ZlxZrpyguk6xixLMgx1JI6V8pWbYg8bQd4n2VWUoNzVYTkdbb9tmIbuMm9iVvK2NhUMX+sFOs0AnNmX5lh7OQt1x+gJks2x8SjoYwMpAzg6Ga3ikeKcraDalRgVLmYZ89nspWs9PG3t7G2KXsPt2huWiVoWxrx+XzezVx1IlT3QnidLfGy4KLKLxT5IA07SVETdMr jon@kibble.bongo.zone
 8 | Start sshd(8) by default = yes
 9 | Do you expect to run the X Window System = no
10 | Setup a user = no
11 | Allow root ssh login = prohibit-password
12 | What timezone are you in = America/New_York
13 | Which disk is the root disk = sd0
14 | URL to autopartitioning template for disklabel = https://kibble.bongo.zone/disklabel.min
15 | Location of sets = http 
16 | HTTP proxy URL = none
17 | HTTP Server = cdn.openbsd.org
18 | Server directory = /pub/OpenBSD/6.3/amd64
19 | Set name(s) = -comp* -game* -x* -man* 
20 | 


--------------------------------------------------------------------------------
/src/var/www/htdocs/default/nycmesh-dns-install.conf:
--------------------------------------------------------------------------------
 1 | # autoinstall response file for unattended installation
 2 | # https://man.openbsd.org/autoinstall
 3 | #Password for root account = plaintext / encrypt(1) / "*************" to disable
 4 | Password for root account = *************
 5 | Change the default console to com0 = yes 
 6 | Which speed should com0 use = 19200
 7 | Public ssh key for root account = ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDRNZfhKezNAmHl8XQyDDxnt2dsTWo+b9GWKyV05kATq6901nWakRjSucufxRR2jDjqvXGlmwh+M00rFv8Nd/+pV0rnJoyymeImp3l7tAo2oH+czfl+i3ZfcKSsNwWEKaWGrAy+boy4FN/3HQ9ZlxZrpyguk6xixLMgx1JI6V8pWbYg8bQd4n2VWUoNzVYTkdbb9tmIbuMm9iVvK2NhUMX+sFOs0AnNmX5lh7OQt1x+gJks2x8SjoYwMpAzg6Ga3ikeKcraDalRgVLmYZ89nspWs9PG3t7G2KXsPt2huWiVoWxrx+XzezVx1IlT3QnidLfGy4KLKLxT5IA07SVETdMr jon@kibble.bongo.zone
 8 | Start sshd(8) by default = yes
 9 | Do you expect to run the X Window System = no
10 | Setup a user = no
11 | Allow root ssh login = prohibit-password
12 | What timezone are you in = America/New_York
13 | Which disk is the root disk = sd0
14 | URL to autopartitioning template for disklabel = https://kibble.bongo.zone/disklabel.min
15 | Location of sets = http 
16 | HTTP proxy URL = none
17 | HTTP Server = cdn.openbsd.org
18 | Server directory = /pub/OpenBSD/6.3/amd64
19 | Set name(s) = -comp* -game* -x* -man* 
20 | 


--------------------------------------------------------------------------------
/src/var/www/htdocs/default/tor-install.conf:
--------------------------------------------------------------------------------
 1 | # autoinstall response file for unattended installation
 2 | # https://man.openbsd.org/autoinstall
 3 | #Password for root account = plaintext / encrypt(1) / "*************" to disable
 4 | Password for root account = *************
 5 | Change the default console to com0 = yes 
 6 | Which speed should com0 use = 19200
 7 | Public ssh key for root account = ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDRNZfhKezNAmHl8XQyDDxnt2dsTWo+b9GWKyV05kATq6901nWakRjSucufxRR2jDjqvXGlmwh+M00rFv8Nd/+pV0rnJoyymeImp3l7tAo2oH+czfl+i3ZfcKSsNwWEKaWGrAy+boy4FN/3HQ9ZlxZrpyguk6xixLMgx1JI6V8pWbYg8bQd4n2VWUoNzVYTkdbb9tmIbuMm9iVvK2NhUMX+sFOs0AnNmX5lh7OQt1x+gJks2x8SjoYwMpAzg6Ga3ikeKcraDalRgVLmYZ89nspWs9PG3t7G2KXsPt2huWiVoWxrx+XzezVx1IlT3QnidLfGy4KLKLxT5IA07SVETdMr jon@kibble.bongo.zone
 8 | Start sshd(8) by default = yes
 9 | Do you expect to run the X Window System = no
10 | Setup a user = no
11 | Allow root ssh login = prohibit-password
12 | What timezone are you in = America/New_York
13 | Which disk is the root disk = sd0
14 | URL to autopartitioning template for disklabel = https://kibble.bongo.zone/disklabel.min
15 | Location of sets = http 
16 | HTTP proxy URL = none
17 | HTTP Server = cdn.openbsd.org
18 | Server directory = /pub/OpenBSD/6.3/amd64
19 | Set name(s) = -comp* -game* -x* -man* 
20 | 


--------------------------------------------------------------------------------