├── .bashrc
├── .gitconfig
├── .profile
├── 000-default.conf
├── 001-default-ssl.conf
├── TODO.txt
├── authorized_keys
├── collect.sh
├── crontab
├── ddclient.conf
├── dhcp.conf
├── dns.conf
├── dphys-swapfile
├── flip.pl
├── gitweb.conf
├── hostapd
├── hostapd.conf
├── hosts
├── ifplugd
├── interfaces
├── letsencrypt
├── moduli
├── myapache.local.conf
├── ports.conf
├── profiles.clj
├── security.conf
├── sniff.json
├── sniff.service
├── sources.list
├── sources.list.d
    ├── collabora.list
    └── raspi.list
├── squid.conf
├── ssh_config
├── sshd_config
├── ssl.conf
├── ssl.load
├── sysctl.conf
├── torrc
└── vimrc


/.bashrc:
--------------------------------------------------------------------------------
  1 | # ~/.bashrc: executed by bash(1) for non-login shells.
  2 | # see /usr/share/doc/bash/examples/startup-files (in the package bash-doc)
  3 | # for examples
  4 | 
  5 | # If not running interactively, don't do anything
  6 | [ -z "$PS1" ] && return
  7 | 
  8 | # don't put duplicate lines or lines starting with space in the history.
  9 | # See bash(1) for more options
 10 | HISTCONTROL=ignoreboth
 11 | 
 12 | # append to the history file, don't overwrite it
 13 | shopt -s histappend
 14 | 
 15 | # for setting history length see HISTSIZE and HISTFILESIZE in bash(1)
 16 | HISTSIZE=1000
 17 | HISTFILESIZE=2000
 18 | 
 19 | # check the window size after each command and, if necessary,
 20 | # update the values of LINES and COLUMNS.
 21 | shopt -s checkwinsize
 22 | 
 23 | # If set, the pattern "**" used in a pathname expansion context will
 24 | # match all files and zero or more directories and subdirectories.
 25 | #shopt -s globstar
 26 | 
 27 | # make less more friendly for non-text input files, see lesspipe(1)
 28 | #[ -x /usr/bin/lesspipe ] && eval "$(SHELL=/bin/sh lesspipe)"
 29 | 
 30 | # set variable identifying the chroot you work in (used in the prompt below)
 31 | if [ -z "$debian_chroot" ] && [ -r /etc/debian_chroot ]; then
 32 |     debian_chroot=$(cat /etc/debian_chroot)
 33 | fi
 34 | 
 35 | # set a fancy prompt (non-color, unless we know we "want" color)
 36 | case "$TERM" in
 37 |     xterm-color) color_prompt=yes;;
 38 | esac
 39 | 
 40 | # uncomment for a colored prompt, if the terminal has the capability; turned
 41 | # off by default to not distract the user: the focus in a terminal window
 42 | # should be on the output of commands, not on the prompt
 43 | force_color_prompt=yes
 44 | 
 45 | if [ -n "$force_color_prompt" ]; then
 46 |     if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then
 47 |   # We have color support; assume it's compliant with Ecma-48
 48 |   # (ISO/IEC-6429). (Lack of such support is extremely rare, and such
 49 |   # a case would tend to support setf rather than setaf.)
 50 |   color_prompt=yes
 51 |     else
 52 |   color_prompt=
 53 |     fi
 54 | fi
 55 | 
 56 | if [ "$color_prompt" = yes ]; then
 57 |     PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\] \[\033[01;34m\]\w \$\[\033[00m\] '
 58 | else
 59 |     PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ '
 60 | fi
 61 | unset color_prompt force_color_prompt
 62 | 
 63 | # If this is an xterm set the title to user@host:dir
 64 | case "$TERM" in
 65 | xterm*|rxvt*)
 66 |     PS1="\[\e]0;${debian_chroot:+($debian_chroot)}\u@\h: \w\a\]$PS1"
 67 |     ;;
 68 | *)
 69 |     ;;
 70 | esac
 71 | 
 72 | # enable color support of ls and also add handy aliases
 73 | if [ -x /usr/bin/dircolors ]; then
 74 |     test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)"
 75 |     alias ls='ls --color=auto'
 76 |     #alias dir='dir --color=auto'
 77 |     #alias vdir='vdir --color=auto'
 78 | 
 79 |     alias grep='grep --color=auto'
 80 |     alias fgrep='fgrep --color=auto'
 81 |     alias egrep='egrep --color=auto'
 82 | fi
 83 | 
 84 | # some more ls aliases
 85 | #alias ll='ls -l'
 86 | #alias la='ls -A'
 87 | #alias l='ls -CF'
 88 | 
 89 | # Alias definitions.
 90 | # You may want to put all your additions into a separate file like
 91 | # ~/.bash_aliases, instead of adding them here directly.
 92 | # See /usr/share/doc/bash-doc/examples in the bash-doc package.
 93 | 
 94 | if [ -f ~/.bash_aliases ]; then
 95 |     . ~/.bash_aliases
 96 | fi
 97 | 
 98 | # enable programmable completion features (you don't need to enable
 99 | # this, if it's already enabled in /etc/bash.bashrc and /etc/profile
100 | # sources /etc/bash.bashrc).
101 | if [ -f /etc/bash_completion ] && ! shopt -oq posix; then
102 |     . /etc/bash_completion
103 | fi
104 | 
105 | export ES_JAVA_OPTS="-Xms128m -Xmx128m"
106 | 
107 | export GOPATH=$HOME/go
108 | export PATH=$PATH:/home/pi/gosrc/bin:$GOPATH/bin
109 | 
110 | # added by travis gem
111 | [ -f /home/pi/.travis/travis.sh ] && source /home/pi/.travis/travis.sh
112 | 
113 | export WORKON_HOME=$HOME/.virtualenvs
114 | export PROJECT_HOME=$HOME
115 | source /usr/local/bin/virtualenvwrapper.sh
116 | 


--------------------------------------------------------------------------------
/.gitconfig:
--------------------------------------------------------------------------------
 1 | [user]
 2 | 	email = divergentdave@gmail.com
 3 | 	name = David Cook
 4 | [core]
 5 | 	editor = vim
 6 | [color]
 7 |     ui = auto
 8 | 
 9 | [alias]
10 |     isclean = !/home/pi/git-isclean/git-isclean
11 | 
12 | [diff "asciidiff"]
13 |     textconv = ~/bin/img-ascii-diff
14 | 
15 | [diff "spaceman-diff"]
16 |     command = /usr/local/bin/spaceman-diff
17 | 
18 | [push]
19 |     default = simple
20 | [secrets]
21 | 	providers = git secrets --aws-provider
22 | 	patterns = [A-Z0-9]{20}
23 | 	patterns = (\"|')?(AWS|aws|Aws)?_?(SECRET|secret|Secret)?_?(ACCESS|access|Access)?_?(KEY|key|Key)(\"|')?\\s*(:|=>|=)\\s*(\"|')?[A-Za-z0-9/\\+=]{40}(\"|')?
24 | 	patterns = (\"|')?(AWS|aws|Aws)?_?(ACCOUNT|account|Account)_?(ID|id|Id)?(\"|')?\\s*(:|=>|=)\\s*(\"|')?[0-9]{4}\\-?[0-9]{4}\\-?[0-9]{4}(\"|')?
25 | 	allowed = AKIAIOSFODNN7EXAMPLE
26 | 	allowed = wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
27 | 


--------------------------------------------------------------------------------
/.profile:
--------------------------------------------------------------------------------
 1 | # ~/.profile: executed by the command interpreter for login shells.
 2 | # This file is not read by bash(1), if ~/.bash_profile or ~/.bash_login
 3 | # exists.
 4 | # see /usr/share/doc/bash/examples/startup-files for examples.
 5 | # the files are located in the bash-doc package.
 6 | 
 7 | # the default umask is set in /etc/profile; for setting the umask
 8 | # for ssh logins, install and configure the libpam-umask package.
 9 | #umask 022
10 | 
11 | # if running bash
12 | if [ -n "$BASH_VERSION" ]; then
13 |     # include .bashrc if it exists
14 |     if [ -f "$HOME/.bashrc" ]; then
15 | 	. "$HOME/.bashrc"
16 |     fi
17 | fi
18 | 
19 | # set PATH so it includes user's private bin if it exists
20 | if [ -d "$HOME/bin" ] ; then
21 |     PATH="$HOME/bin:$PATH"
22 | fi
23 | 
24 | export PATH="$HOME/.rbenv/bin:$PATH"
25 | eval "$(rbenv init -)"
26 | 


--------------------------------------------------------------------------------
/000-default.conf:
--------------------------------------------------------------------------------
 1 | <VirtualHost *:80>
 2 | 	ServerAdmin webmaster@localhost
 3 | 
 4 | 	Alias /images /var/tmp/upsidedownternet
 5 | 	<Directory /var/tmp/upsidedownternet>
 6 | 		Require ip 127.0.0.1
 7 | 	</Directory>
 8 | 
 9 | 	Alias /git/static /usr/share/gitweb/static
10 | 	ScriptAliasMatch \
11 | 		"(?x)^/git/(.*/(HEAD | \
12 | 		                info/refs | \
13 | 		                objects/(info/[^/]+ | \
14 | 		                         [0-9a-f]{2}/[0-9a-f]{38} | \
15 | 		                         pack/pack-[0-9a-f]{40}\.(pack|idx)) | \
16 | 		                git-upload-pack))$" \
17 | 		/usr/lib/git-core/git-http-backend/$1
18 | 	ScriptAlias /git /usr/share/gitweb/gitweb.cgi
19 | 	<Directory /usr/share/gitweb>
20 | 		Options +ExecCGI +FollowSymLinks +SymLinksIfOwnerMatch
21 | 		Require all granted
22 | 		AddHandler cgi-script cgi
23 | 		DirectoryIndex gitweb.cgi
24 | 	</Directory>
25 | 	<Directory /usr/lib/git-core/>
26 | 		Options +ExecCGI
27 | 		SetEnv GIT_PROJECT_ROOT /var/lib/git
28 | 		Require all granted
29 | 	</Directory>
30 | 
31 | 	RewriteEngine on
32 | 	RewriteRule ^/images/.* - [L]
33 | 	RewriteRule .* https://davidsherenowitsa.party%{REQUEST_URI}
34 | 
35 | 	ErrorLog ${APACHE_LOG_DIR}/error.log
36 | 
37 | 	# Possible values include: debug, info, notice, warn, error, crit,
38 | 	# alert, emerg.
39 | 	LogLevel warn
40 | 
41 | 	CustomLog ${APACHE_LOG_DIR}/access.log combined
42 | 
43 | 	Header always set X-Frame-Options DENY
44 | </VirtualHost>
45 | 


--------------------------------------------------------------------------------
/001-default-ssl.conf:
--------------------------------------------------------------------------------
  1 | <IfModule ssl_module>
  2 | <VirtualHost *:4443>
  3 | 	ServerName davidsherenowitsa.party
  4 | 	ServerAlias www.davidsherenowitsa.party
  5 | 
  6 | 	ServerAdmin david@davidsherenowitsa.party
  7 | 
  8 | 	DocumentRoot /var/www
  9 | 	<Directory />
 10 | 		Options FollowSymLinks
 11 | 		AllowOverride None
 12 | 	</Directory>
 13 | 	<Directory /var/www/>
 14 | 		Options Indexes FollowSymLinks MultiViews
 15 | 		AllowOverride None
 16 | 		Require all granted
 17 | 	</Directory>
 18 | 	<Directory /var/www/dwg-ci-private/>
 19 | 		AuthType basic
 20 | 		AuthName "CI files"
 21 | 		AuthUserFile /etc/apache2/.htpasswd
 22 | 		Require user travis-user
 23 | 	</Directory>
 24 | 
 25 | 	Alias /git/static /usr/share/gitweb/static
 26 | 	ScriptAliasMatch \
 27 | 		"(?x)^/git/(.*/(HEAD | \
 28 | 		                info/refs | \
 29 | 		                objects/(info/[^/]+ | \
 30 | 		                         [0-9a-f]{2}/[0-9a-f]{38} | \
 31 | 		                         pack/pack-[0-9a-f]{40}\.(pack|idx)) | \
 32 | 		                git-upload-pack))$" \
 33 | 		/usr/lib/git-core/git-http-backend/$1
 34 | 	ScriptAlias /git /usr/share/gitweb/gitweb.cgi
 35 | 	<Directory /usr/share/gitweb>
 36 | 		Options +ExecCGI +FollowSymLinks +SymLinksIfOwnerMatch
 37 | 		Require all granted
 38 | 		AddHandler cgi-script cgi
 39 | 		DirectoryIndex gitweb.cgi
 40 | 	</Directory>
 41 | 	<Directory /usr/lib/git-core/>
 42 | 		Options +ExecCGI
 43 | 		SetEnv GIT_PROJECT_ROOT /var/lib/git
 44 | 		Require all granted
 45 | 	</Directory>
 46 | 
 47 | 	ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
 48 | 	<Directory "/usr/lib/cgi-bin">
 49 | 		AllowOverride None
 50 | 		Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
 51 | 		Require all granted
 52 | 	</Directory>
 53 | 
 54 | 	ErrorLog ${APACHE_LOG_DIR}/error.log
 55 | 
 56 | 	# Possible values include: debug, info, notice, warn, error, crit,
 57 | 	# alert, emerg.
 58 | 	LogLevel warn
 59 | 
 60 | 	CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined
 61 | 
 62 | 	#   SSL Engine Switch:
 63 | 	#   Enable/Disable SSL for this virtual host.
 64 | 	SSLEngine on
 65 | 
 66 | 	#   A self-signed (snakeoil) certificate can be created by installing
 67 | 	#   the ssl-cert package. See
 68 | 	#   /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
 69 | 	#   If both key and certificate are stored in the same file, only the
 70 | 	#   SSLCertificateFile directive is needed.
 71 | 	SSLCertificateFile    /etc/letsencrypt/live/davidsherenowitsa.party/fullchain.pem
 72 | 	SSLCertificateKeyFile /etc/letsencrypt/live/davidsherenowitsa.party/privkey.pem
 73 | 
 74 | 	#   Server Certificate Chain:
 75 | 	#   Point SSLCertificateChainFile at a file containing the
 76 | 	#   concatenation of PEM encoded CA certificates which form the
 77 | 	#   certificate chain for the server certificate. Alternatively
 78 | 	#   the referenced file can be the same as SSLCertificateFile
 79 | 	#   when the CA certificates are directly appended to the server
 80 | 	#   certificate for convinience.
 81 | 	#SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt
 82 | 
 83 | 	#   Certificate Authority (CA):
 84 | 	#   Set the CA certificate verification path where to find CA
 85 | 	#   certificates for client authentication or alternatively one
 86 | 	#   huge file containing all of them (file must be PEM encoded)
 87 | 	#   Note: Inside SSLCACertificatePath you need hash symlinks
 88 | 	#         to point to the certificate files. Use the provided
 89 | 	#         Makefile to update the hash symlinks after changes.
 90 | 	#SSLCACertificatePath /etc/ssl/certs/
 91 | 	#SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt
 92 | 	SSLCACertificateFile /etc/letsencrypt/live/davidsherenowitsa.party/chain.pem
 93 | 
 94 | 	#   Certificate Revocation Lists (CRL):
 95 | 	#   Set the CA revocation path where to find CA CRLs for client
 96 | 	#   authentication or alternatively one huge file containing all
 97 | 	#   of them (file must be PEM encoded)
 98 | 	#   Note: Inside SSLCARevocationPath you need hash symlinks
 99 | 	#         to point to the certificate files. Use the provided
100 | 	#         Makefile to update the hash symlinks after changes.
101 | 	#SSLCARevocationPath /etc/apache2/ssl.crl/
102 | 	#SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl
103 | 
104 | 	#   Client Authentication (Type):
105 | 	#   Client certificate verification type and depth.  Types are
106 | 	#   none, optional, require and optional_no_ca.  Depth is a
107 | 	#   number which specifies how deeply to verify the certificate
108 | 	#   issuer chain before deciding the certificate is not valid.
109 | 	#SSLVerifyClient require
110 | 	#SSLVerifyDepth  10
111 | 
112 | 	#   Access Control:
113 | 	#   With SSLRequire you can do per-directory access control based
114 | 	#   on arbitrary complex boolean expressions containing server
115 | 	#   variable checks and other lookup directives.  The syntax is a
116 | 	#   mixture between C and Perl.  See the mod_ssl documentation
117 | 	#   for more details.
118 | 	#<Location />
119 | 	#SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
120 | 	#            and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
121 | 	#            and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
122 | 	#            and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
123 | 	#            and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20       ) \
124 | 	#           or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
125 | 	#</Location>
126 | 
127 | 	#   SSL Engine Options:
128 | 	#   Set various options for the SSL engine.
129 | 	#   o FakeBasicAuth:
130 | 	#     Translate the client X.509 into a Basic Authorisation.  This means that
131 | 	#     the standard Auth/DBMAuth methods can be used for access control.  The
132 | 	#     user name is the `one line' version of the client's X.509 certificate.
133 | 	#     Note that no password is obtained from the user. Every entry in the user
134 | 	#     file needs this password: `xxj31ZMTZzkVA'.
135 | 	#   o ExportCertData:
136 | 	#     This exports two additional environment variables: SSL_CLIENT_CERT and
137 | 	#     SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
138 | 	#     server (always existing) and the client (only existing when client
139 | 	#     authentication is used). This can be used to import the certificates
140 | 	#     into CGI scripts.
141 | 	#   o StdEnvVars:
142 | 	#     This exports the standard SSL/TLS related `SSL_*' environment variables.
143 | 	#     Per default this exportation is switched off for performance reasons,
144 | 	#     because the extraction step is an expensive operation and is usually
145 | 	#     useless for serving static content. So one usually enables the
146 | 	#     exportation for CGI and SSI requests only.
147 | 	#   o StrictRequire:
148 | 	#     This denies access when "SSLRequireSSL" or "SSLRequire" applied even
149 | 	#     under a "Satisfy any" situation, i.e. when it applies access is denied
150 | 	#     and no other module can change it.
151 | 	#   o OptRenegotiate:
152 | 	#     This enables optimized SSL connection renegotiation handling when SSL
153 | 	#     directives are used in per-directory context.
154 | 	#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
155 | 	<FilesMatch "\.(cgi|shtml|phtml|php)$">
156 | 		SSLOptions +StdEnvVars
157 | 	</FilesMatch>
158 | 	<Directory /usr/lib/cgi-bin>
159 | 		SSLOptions +StdEnvVars
160 | 	</Directory>
161 | 
162 | 	#   SSL Protocol Adjustments:
163 | 	#   The safe and default but still SSL/TLS standard compliant shutdown
164 | 	#   approach is that mod_ssl sends the close notify alert but doesn't wait for
165 | 	#   the close notify alert from client. When you need a different shutdown
166 | 	#   approach you can use one of the following variables:
167 | 	#   o ssl-unclean-shutdown:
168 | 	#     This forces an unclean shutdown when the connection is closed, i.e. no
169 | 	#     SSL close notify alert is send or allowed to received.  This violates
170 | 	#     the SSL/TLS standard but is needed for some brain-dead browsers. Use
171 | 	#     this when you receive I/O errors because of the standard approach where
172 | 	#     mod_ssl sends the close notify alert.
173 | 	#   o ssl-accurate-shutdown:
174 | 	#     This forces an accurate shutdown when the connection is closed, i.e. a
175 | 	#     SSL close notify alert is send and mod_ssl waits for the close notify
176 | 	#     alert of the client. This is 100% SSL/TLS standard compliant, but in
177 | 	#     practice often causes hanging connections with brain-dead browsers. Use
178 | 	#     this only for browsers where you know that their SSL implementation
179 | 	#     works correctly.
180 | 	#   Notice: Most problems of broken clients are also related to the HTTP
181 | 	#   keep-alive facility, so you usually additionally want to disable
182 | 	#   keep-alive for those clients, too. Use variable "nokeepalive" for this.
183 | 	#   Similarly, one has to force some clients to use HTTP/1.0 to workaround
184 | 	#   their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
185 | 	#   "force-response-1.0" for this.
186 | 	BrowserMatch "MSIE [2-6]" \
187 | 		nokeepalive ssl-unclean-shutdown \
188 | 		downgrade-1.0 force-response-1.0
189 | 	# MSIE 7 and newer should be able to use keepalive
190 | 	BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
191 | 
192 | 	# Custom options to improve security (breaking old browsers as needed)
193 | 	SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
194 | 	SSLHonorCipherOrder On
195 | 	SSLCompression Off
196 | 	SSLUseStapling On
197 | 	Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains"
198 | 	Header always set X-Frame-Options DENY
199 | 
200 | </VirtualHost>
201 | 
202 | 	SSLStaplingCache shmcb:${APACHE_RUN_DIR}/ssl_stapling(32768)
203 | 
204 | </IfModule>
205 | 


--------------------------------------------------------------------------------
/TODO.txt:
--------------------------------------------------------------------------------
1 | WebRTCSend w/ OTR
2 | Put Etherpad behind Apache reverse proxy -- needs testing
3 | Backups?
4 | Move upside-down-ternet temporary image directory onto a ramdisk
5 | Figure out how to save a list of manually installed apt packages
6 | 


--------------------------------------------------------------------------------
/authorized_keys:
--------------------------------------------------------------------------------
1 | ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEA6Ny3kiNm2Zy77dn+luwN29EiOu27ye0e8idoEi3lavlrH+BmpuUv8cGTynBtGQ2fVdXYp2xXG6iWkusKJ4NwGks4/bLBDpsN8wikHyGIpOiklFHKjUs9Xc5QMTIdUaL7aBP6eTJ6TN2QtwYlQwl2nm/lWlQvH1XacMSBloAj05zYCZ9B+3WpFsduuE5bOP8IN/XFm7KVozT84FaFIZ37DuFq+7dt1TO8+wvxreXCOfL4TcP85npH2uXypm9bsV7imrGMGDbfnYqo+BplINbUaCU5fGtg8CGCIQp0AiiXbYvRhck23KOcRh/B2Wc/Vf59LZBPVykYNMpXVBaS7GLUGw== PuTTY key for RPi (v2)
2 | ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQBxRMV6WjOmjggJbJJHP7YqRSom8m+OCPTnCGLJWBU9IQsK2dZzxkd7sZygjUqPebxMeabXRMrA7vzOT2JSSXZ4ppBscJT1vjbNNcuCULcfPoSA2GTLEj0FVBuESHM6VMIDeLs7Xkvy59F3v/vk9zxvQGUGCxH3TBBmLBGrgaaOJlRsSZ76XQ2p3xQxSUaQ8U6TrEOFB7WQsDWh6suO/0ryV3LNz+KEgW2/wLkkLVQ3LUbomKzPrYh+HHiGJE/C74d7mo9RZahD1WUwxMyFjcoMvulo9yDqpswB1tB7Aonk4QtAmGy8tuFp03ry7NEm5xYC2X4HPxmfJ1rvn3QzcGej Pi key (PuTTY)
3 | ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAnWpfcDgCgg0iZvtjOCj+3DDTfLazNAYk52Rhu89Wcrp7HnxyEV5JMpACGoMxROeUAsJvYHZIoAodLapYMVdC7pwPzZyJ+1MUYTg25/O2I4X3v9S6SMnvHjHKEidFeJUlZRskD+AKanZJ3YPOOdbjPU7NlVQhxHUuy5fEKf59/7Dt6eNUsSft1/n/oohjleIIw6KysF9RWmPBs85z0dr30HmiMfylkhi6TNhqkaXV1nOz16l7ccVWoHofUNAjPzdeRIfoFr7FkjkwVdsNKvvueSjfNYIAGMFdBqBD4s0X+jAH1LE9bmme5Stdr3K4Mqluw5mV831qVrqDipWTLCBkmw== Git bash key
4 | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCewn5HcGS8pMMBl8IQe3PeLabacLWru7h+jNKgfWINUDc7n0WcmeblYsWHyQxmeXyLCh37fhMo/TpL3kCC6/eMpi32b9Mry69NEk8Hco8LOpyWCVHIOyxfh6fJDYbABGfAbP7oI/2WPa/RHL1w8nDvXd5KQIHAt1TMf+9eOu1PJ6RZD2078r/BdLTjmOn9lv9aux3jcYb1Lx9HdJOwmtkyBLK4hV//g0SBxJaa0iZi78EUbwELktpTm9e7Y31o57HwvJJDjvD42YcCvDJYyEcPb1kpYEGp6j1DTJ3KDz3hCiX30UWFYUwBkh6Bs5L2F0KYGy2ki2DLS9ONyBUKrCsd ES File Explorer SFTP
5 | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDeU5tdzfd94DgooUP8JhvDxb0+Cf97cu/zZlJK8j59FWddxPNAQNwFLLvmuV1fRhKgW0NJmsJ9WEYteYC5ovd9mn4lhgYOY41VjFTfsIaoPBVFxS1JkQa/S33Rtvd0UMsbyW4w30iUnFHV16Yin8gYBZgFvff0hl4j+EM14ai9cOHkXT5PmKeCxNlbP99+8UA2p8otfZNVEnRvamdl/MFNsySDh3bV2qf54B3vUa6c+jtpsP4beKrF+q1fI+NrqJyofLDaIeiLOe+j9osYWClHHz4PryvFuj75U2vAZEvj/hvMGwI5e61Y9WNwqeS6pwv7vMSGEByOKg+6v/M7jmax david@desktop
6 | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCtDckQ63yLuu40OU3HQK8sPw4B+Gm/rSi/a9G/kDhnmyKLUBpn0WZEkdKNy+F3FngS2ger4323HjdndCFiw+0u18vqt9Ra+W/LYMUWRFcspl17WXTQovZH6WEg/v6o+WMnUHVVZTT1HzeukaxoKHK+K/xC6fTpCOdiuY7Dhl/kcTh1RlZbFcRSxzPx9onk7/e1m0JAJCKAMVThDLQw2NhkC7oBGkSICFWq6RuccyK3o11qI5iEwal2Ib9TcdjU7KRzF4ap2q/17YvR556eY/DZz36PK8G6oiLb9oO4oMnSshcVi2DacMZBEuqd14y+TYSrJk/V7IywngLtXD7HE3wx localhost
7 | ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBALxgF6tLQrNvAC7VpzpQJYL7UnuH+OCB1hyfQKQkdm+jivNA8Wzrb2fNCeo16vbCWZq66MDMrsAjnunWYJ/hnWRUEB1nJHCD8RGB/9dI/6L9W8WYm2T1fQGVZHoZJCXkw== JuiceSSH
8 | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMXcsnJLxHkyMKs0AvpZtagFb4dPJ7mOoaoqTw9ydwXYtbirR58bMV/eqZMOpeNwfUFjnCEoCQqs9/ZfIsKZOuYyF8EUHh/LiVe+iuJ74YjGNMUg+FeUkhkSfWgXRt3gcU/yj4JgFBgH7dWkM622ETbfLtw4XDQNCgKA9H79DEfr4pAumGrIBAeDvfpFpavAu/EzPJCNpg7YJZcjS9Hop10btDFt4LCwIJOfWXXE2YbIZpw/Mwg+qGuCSKPOAUaiC/fS4E5or8TvXSddV2Xs+Fd8lyxu5Qxzm2sZz7Re843xEJ9UeN1blOoFpuO8siuvEbRsZlw17vgsraLl0w+vvN david yubikey
9 | 


--------------------------------------------------------------------------------
/collect.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | cp /etc/hostapd/hostapd.conf .
 3 | cp /etc/network/interfaces .
 4 | cp /etc/sysctl.conf .
 5 | cp /etc/squid/squid.conf .
 6 | cp /etc/apache2/conf.d/myapache.local.conf .
 7 | cp /etc/tor/torrc .
 8 | cp /etc/crontab .
 9 | cp /etc/ssh/sshd_config .
10 | cp /home/pi/.ssh/authorized_keys .
11 | cp /etc/apt/sources.list .
12 | cp -r /etc/apt/sources.list.d .
13 | cp /etc/apache2/ports.conf .
14 | cp /etc/apache2/sites-enabled/000-default.conf .
15 | cp /etc/apache2/sites-enabled/001-default-ssl.conf .
16 | cp /etc/apache2/conf-enabled/security.conf .
17 | cp /etc/apache2/mods-enabled/ssl.load .
18 | cp /etc/apache2/mods-enabled/ssl.conf .
19 | cp /etc/dnsmasq.d/dns.conf .
20 | cp /etc/hosts .
21 | cp /etc/dnsmasq.d/dhcp.conf .
22 | cp /etc/default/ifplugd .
23 | cp /etc/default/hostapd .
24 | cp /usr/local/bin/flip.pl .
25 | sudo cat /etc/ddclient.conf | grep -v password > ddclient.conf
26 | cp /etc/dphys-swapfile .
27 | cp /etc/ssh/moduli .
28 | cp ~/.vimrc vimrc
29 | cp /etc/systemd/system/sniff.service .
30 | cp /opt/sniff/sniff.json .
31 | cp ~/.bashrc .
32 | cp ~/.profile .
33 | cp /etc/gitweb.conf .
34 | cp ~/.ssh/config ssh_config
35 | cp ~/.gitconfig .
36 | cp /etc/cron.d/letsencrypt .
37 | cp ~/.lein/profiles.clj .
38 | 


--------------------------------------------------------------------------------
/crontab:
--------------------------------------------------------------------------------
 1 | # /etc/crontab: system-wide crontab
 2 | # Unlike any other crontab you don't have to run the `crontab'
 3 | # command to install the new version when you edit this file
 4 | # and files in /etc/cron.d. These files also have username fields,
 5 | # that none of the other crontabs do.
 6 | 
 7 | SHELL=/bin/sh
 8 | PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
 9 | 
10 | # m h dom mon dow user	command
11 | 17 *	* * *	root    cd / && run-parts --report /etc/cron.hourly
12 | 25 6	* * *	root	test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )
13 | 47 6	* * 7	root	test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.weekly )
14 | 52 6	1 * *	root	test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.monthly )
15 | #
16 | */10 * * * *	proxy	rm /var/tmp/upsidedownternet/*
17 | 


--------------------------------------------------------------------------------
/ddclient.conf:
--------------------------------------------------------------------------------
 1 | # Configuration file for ddclient generated by debconf
 2 | #
 3 | # /etc/ddclient.conf
 4 | 
 5 | protocol=noip
 6 | use=web
 7 | server=dynupdate.no-ip.com
 8 | login=divergentdave
 9 | divergentdave.no-ip.biz
10 | 


--------------------------------------------------------------------------------
/dhcp.conf:
--------------------------------------------------------------------------------
1 | interface=wlan0
2 | dhcp-range=192.168.100.10,192.168.100.50,12h
3 | dhcp-option=option:netmask,255.255.255.0
4 | dhcp-option=option:router,192.168.100.1
5 | dhcp-option=option:dns-server,192.168.100.1
6 | 


--------------------------------------------------------------------------------
/dns.conf:
--------------------------------------------------------------------------------
1 | interface=eth0
2 | no-dhcp-interface=eth0
3 | no-resolv
4 | server=192.168.0.1
5 | server=205.171.3.65
6 | address=/divergentdave.no-ip.biz/192.168.0.5
7 | 


--------------------------------------------------------------------------------
/dphys-swapfile:
--------------------------------------------------------------------------------
1 | CONF_SWAPSIZE=100
2 | 


--------------------------------------------------------------------------------
/flip.pl:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/perl
 2 | 
 3 | # Adapted from http://www.ex-parrot.com/~pete/upside-down-ternet.html
 4 | 
 5 | $directory = "/var/tmp/upsidedownternet";
 6 | umask 0022;
 7 | mkdir($directory, 0775) unless(-d $directory);
 8 | 
 9 | $|=1;
10 | $count = 0;
11 | $pid = $$;
12 | while (<>) {
13 | 	chomp $_;
14 | 	if ($_ =~ /(.*\.jpg)/i) {
15 | 		$url = $1;
16 | 		system("/usr/bin/wget", "-q", "-O", "/var/tmp/upsidedownternet/$pid-$count.jpg", "$url");
17 | 		system("/usr/bin/mogrify", "-flip", "/var/tmp/upsidedownternet/$pid-$count.jpg");
18 | 		print "http://127.0.0.1/images/$pid-$count.jpg\n";
19 | 	}
20 | 	elsif ($_ =~ /(.*\.gif)/i) {
21 | 		$url = $1;
22 | 		system("/usr/bin/wget", "-q", "-O", "/var/tmp/upsidedownternet/$pid-$count.gif", "$url");
23 | 		system("/usr/bin/mogrify", "-flip", "/var/tmp/upsidedownternet/$pid-$count.gif");
24 | 		print "http://127.0.0.1/images/$pid-$count.gif\n";
25 | 	}
26 | 	elsif ($_ =~ /(.*\.png)/i) {
27 | 		$url = $1;
28 | 		system("/usr/bin/wget", "-q", "-O", "/var/tmp/upsidedownternet/$pid-$count.png", "$url");
29 | 		system("/usr/bin/mogrify", "-flip", "/var/tmp/upsidedownternet/$pid-$count.png");
30 | 		print "http://127.0.0.1/images/$pid-$count.png\n";
31 | 	}
32 | 	else {
33 | 		print "$_\n";
34 | 	}
35 | 	$count++;
36 | }
37 | 


--------------------------------------------------------------------------------
/gitweb.conf:
--------------------------------------------------------------------------------
 1 | # path to git projects (<project>.git)
 2 | $projectroot = "/var/lib/git";
 3 | 
 4 | # directory to use for temp files
 5 | $git_temp = "/tmp";
 6 | 
 7 | # target of the home link on top of all pages
 8 | #$home_link = $my_uri || "/";
 9 | 
10 | # html text to include at home page
11 | #$home_text = "indextext.html";
12 | 
13 | # file with project list; by default, simply scan the projectroot dir.
14 | #$projects_list = $projectroot;
15 | 
16 | # stylesheet to use
17 | @stylesheets = ("git/static/gitweb.css");
18 | 
19 | # javascript code for gitweb
20 | $javascript = "git/static/gitweb.js";
21 | 
22 | # logo to use
23 | $logo = "git/static/git-logo.png";
24 | 
25 | # the 'favicon'
26 | $favicon = "git/static/git-favicon.png";
27 | 
28 | # git-diff-tree(1) options to use for generated patches
29 | #@diff_opts = ("-M");
30 | @diff_opts = ();
31 | 


--------------------------------------------------------------------------------
/hostapd:
--------------------------------------------------------------------------------
 1 | # Defaults for hostapd initscript
 2 | #
 3 | # See /usr/share/doc/hostapd/README.Debian for information about alternative
 4 | # methods of managing hostapd.
 5 | #
 6 | # Uncomment and set DAEMON_CONF to the absolute path of a hostapd configuration
 7 | # file and hostapd will be started during system boot. An example configuration
 8 | # file can be found at /usr/share/doc/hostapd/examples/hostapd.conf.gz
 9 | #
10 | DAEMON_CONF="/etc/hostapd/hostapd.conf"
11 | 
12 | # Additional daemon options to be appended to hostapd command:-
13 | # 	-d   show more debug messages (-dd for even more)
14 | # 	-K   include key data in debug messages
15 | # 	-t   include timestamps in some debug messages
16 | #
17 | # Note that -B (daemon mode) and -P (pidfile) options are automatically
18 | # configured by the init.d script and must not be added to DAEMON_OPTS.
19 | #
20 | #DAEMON_OPTS=""
21 | 


--------------------------------------------------------------------------------
/hostapd.conf:
--------------------------------------------------------------------------------
 1 | interface=wlan0
 2 | driver=nl80211
 3 | ssid=Upside-Down-Ternet
 4 | hw_mode=g
 5 | channel=6
 6 | macaddr_acl=0
 7 | auth_algs=1
 8 | ignore_broadcast_ssid=0
 9 | wpa=0
10 | 


--------------------------------------------------------------------------------
/hosts:
--------------------------------------------------------------------------------
 1 | 127.0.0.1	localhost
 2 | 
 3 | # This is why we can't have nice things: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/868812
 4 | #::1		localhost ip6-localhost ip6-loopback
 5 | #fe00::0		ip6-localnet
 6 | #ff00::0		ip6-mcastprefix
 7 | #ff02::1		ip6-allnodes
 8 | #ff02::2		ip6-allrouters
 9 | 
10 | 192.168.0.5	raspberrypi
11 | 


--------------------------------------------------------------------------------
/ifplugd:
--------------------------------------------------------------------------------
 1 | # This file may be changed either manually or by running dpkg-reconfigure.
 2 | #
 3 | # N.B.: dpkg-reconfigure deletes everything from this file except for
 4 | # the assignments to variables INTERFACES, HOTPLUG_INTERFACES, ARGS and
 5 | # SUSPEND_ACTION.  When run it uses the current values of those variables
 6 | # as their default values, thus preserving the administrator's changes.
 7 | #
 8 | # This file is sourced by both the init script /etc/init.d/ifplugd and
 9 | # the udev script /lib/udev/ifplugd.agent to give default values.
10 | # The init script starts ifplugd for all interfaces listed in
11 | # INTERFACES, and the udev script starts ifplugd for all interfaces
12 | # listed in HOTPLUG_INTERFACES. The special value all starts one
13 | # ifplugd for all interfaces being present.
14 | INTERFACES="eth0"
15 | HOTPLUG_INTERFACES=""
16 | ARGS="-q -f -u0 -d10 -w -I"
17 | SUSPEND_ACTION="stop"
18 | 


--------------------------------------------------------------------------------
/interfaces:
--------------------------------------------------------------------------------
 1 | auto lo
 2 | 
 3 | iface lo inet loopback
 4 | iface eth0 inet static
 5 | 	address 192.168.0.5
 6 | 	netmask 255.255.255.0
 7 | 	gateway 192.168.0.1
 8 | 
 9 | allow-hotplug wlan0
10 | 
11 | # disabled wifi defaults
12 | # iface wlan0 inet manual
13 | # wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf
14 | # iface default inet dhcp
15 | 
16 | iface wlan0 inet static
17 | 	address 192.168.100.1
18 | 	netmask 255.255.255.0
19 | 
20 | # router/NAT
21 | up iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
22 | up iptables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
23 | up iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT
24 | 
25 | # upsidedownternet
26 | up iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport 80 -j REDIRECT --to-port 3128
27 | 
28 | # remap privileged port for sniff (to apache or tor bridge)
29 | up iptables -A INPUT -i eth0 -p tcp --dport 443 -j ACCEPT
30 | up iptables -A INPUT -i eth0 -p tcp --dport 4445 -j ACCEPT
31 | up iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 4445
32 | 


--------------------------------------------------------------------------------
/letsencrypt:
--------------------------------------------------------------------------------
1 | # m h dom mon dow user command
2 | 35	11	*	*	*	root	/home/pi/certbot-auto renew --non-interactive >/home/pi/certbot.log 2>&1
3 | 


--------------------------------------------------------------------------------
/moduli:
--------------------------------------------------------------------------------
 1 | 20151017020942 2 6 100 2047 2 F50BF4FEE839CC55493AFBA1034BFB8BD8DA514F5FA94F3961532132ACF891717294EABA04F70C4AA148677C9F3A20C6EBE1D364387C95E046F9A2A99E80737EE5091B642E083D627194185A341ACF7688676F17F45EAADEBD2F98597CA5CA7EB972B43E9CE53F5D743B793AEB919EC7CF8E1A31ED3F689151C33A21789AA8794666737E39D6B03F6E61E7C70C5C9ABC961A849D27F1C5B9CA59BC160B60253C6DE8E46A8DA1E7724495B0F3314A209BEFB264247291A01F080CC364ECB9E876DA8BA354F2C58A970CF28431F42E8C9AB06B73B8AC6F11321D8FF93B3D3A1705D200E26B5F19EA488A1A0043AC3627E508D2B8A831DF06A059072CF000B6A923
 2 | 20151017021342 2 6 100 2047 2 F50BF4FEE839CC55493AFBA1034BFB8BD8DA514F5FA94F3961532132ACF891717294EABA04F70C4AA148677C9F3A20C6EBE1D364387C95E046F9A2A99E80737EE5091B642E083D627194185A341ACF7688676F17F45EAADEBD2F98597CA5CA7EB972B43E9CE53F5D743B793AEB919EC7CF8E1A31ED3F689151C33A21789AA8794666737E39D6B03F6E61E7C70C5C9ABC961A849D27F1C5B9CA59BC160B60253C6DE8E46A8DA1E7724495B0F3314A209BEFB264247291A01F080CC364ECB9E876DA8BA354F2C58A970CF28431F42E8C9AB06B73B8AC6F11321D8FF93B3D3A1705D200E26B5F19EA488A1A0043AC3627E508D2B8A831DF06A059072CF000D4B4AB
 3 | 20151017022112 2 6 100 2047 5 F50BF4FEE839CC55493AFBA1034BFB8BD8DA514F5FA94F3961532132ACF891717294EABA04F70C4AA148677C9F3A20C6EBE1D364387C95E046F9A2A99E80737EE5091B642E083D627194185A341ACF7688676F17F45EAADEBD2F98597CA5CA7EB972B43E9CE53F5D743B793AEB919EC7CF8E1A31ED3F689151C33A21789AA8794666737E39D6B03F6E61E7C70C5C9ABC961A849D27F1C5B9CA59BC160B60253C6DE8E46A8DA1E7724495B0F3314A209BEFB264247291A01F080CC364ECB9E876DA8BA354F2C58A970CF28431F42E8C9AB06B73B8AC6F11321D8FF93B3D3A1705D200E26B5F19EA488A1A0043AC3627E508D2B8A831DF06A059072CF001101347
 4 | 20151017022238 2 6 100 2047 2 F50BF4FEE839CC55493AFBA1034BFB8BD8DA514F5FA94F3961532132ACF891717294EABA04F70C4AA148677C9F3A20C6EBE1D364387C95E046F9A2A99E80737EE5091B642E083D627194185A341ACF7688676F17F45EAADEBD2F98597CA5CA7EB972B43E9CE53F5D743B793AEB919EC7CF8E1A31ED3F689151C33A21789AA8794666737E39D6B03F6E61E7C70C5C9ABC961A849D27F1C5B9CA59BC160B60253C6DE8E46A8DA1E7724495B0F3314A209BEFB264247291A01F080CC364ECB9E876DA8BA354F2C58A970CF28431F42E8C9AB06B73B8AC6F11321D8FF93B3D3A1705D200E26B5F19EA488A1A0043AC3627E508D2B8A831DF06A059072CF001152953
 5 | 20151017022658 2 6 100 2047 2 F50BF4FEE839CC55493AFBA1034BFB8BD8DA514F5FA94F3961532132ACF891717294EABA04F70C4AA148677C9F3A20C6EBE1D364387C95E046F9A2A99E80737EE5091B642E083D627194185A341ACF7688676F17F45EAADEBD2F98597CA5CA7EB972B43E9CE53F5D743B793AEB919EC7CF8E1A31ED3F689151C33A21789AA8794666737E39D6B03F6E61E7C70C5C9ABC961A849D27F1C5B9CA59BC160B60253C6DE8E46A8DA1E7724495B0F3314A209BEFB264247291A01F080CC364ECB9E876DA8BA354F2C58A970CF28431F42E8C9AB06B73B8AC6F11321D8FF93B3D3A1705D200E26B5F19EA488A1A0043AC3627E508D2B8A831DF06A059072CF001361363
 6 | 20151017022940 2 6 100 2047 5 F50BF4FEE839CC55493AFBA1034BFB8BD8DA514F5FA94F3961532132ACF891717294EABA04F70C4AA148677C9F3A20C6EBE1D364387C95E046F9A2A99E80737EE5091B642E083D627194185A341ACF7688676F17F45EAADEBD2F98597CA5CA7EB972B43E9CE53F5D743B793AEB919EC7CF8E1A31ED3F689151C33A21789AA8794666737E39D6B03F6E61E7C70C5C9ABC961A849D27F1C5B9CA59BC160B60253C6DE8E46A8DA1E7724495B0F3314A209BEFB264247291A01F080CC364ECB9E876DA8BA354F2C58A970CF28431F42E8C9AB06B73B8AC6F11321D8FF93B3D3A1705D200E26B5F19EA488A1A0043AC3627E508D2B8A831DF06A059072CF00146942F
 7 | 20151017023047 2 6 100 2047 2 F50BF4FEE839CC55493AFBA1034BFB8BD8DA514F5FA94F3961532132ACF891717294EABA04F70C4AA148677C9F3A20C6EBE1D364387C95E046F9A2A99E80737EE5091B642E083D627194185A341ACF7688676F17F45EAADEBD2F98597CA5CA7EB972B43E9CE53F5D743B793AEB919EC7CF8E1A31ED3F689151C33A21789AA8794666737E39D6B03F6E61E7C70C5C9ABC961A849D27F1C5B9CA59BC160B60253C6DE8E46A8DA1E7724495B0F3314A209BEFB264247291A01F080CC364ECB9E876DA8BA354F2C58A970CF28431F42E8C9AB06B73B8AC6F11321D8FF93B3D3A1705D200E26B5F19EA488A1A0043AC3627E508D2B8A831DF06A059072CF001487213
 8 | 20151017024653 2 6 100 2047 2 F50BF4FEE839CC55493AFBA1034BFB8BD8DA514F5FA94F3961532132ACF891717294EABA04F70C4AA148677C9F3A20C6EBE1D364387C95E046F9A2A99E80737EE5091B642E083D627194185A341ACF7688676F17F45EAADEBD2F98597CA5CA7EB972B43E9CE53F5D743B793AEB919EC7CF8E1A31ED3F689151C33A21789AA8794666737E39D6B03F6E61E7C70C5C9ABC961A849D27F1C5B9CA59BC160B60253C6DE8E46A8DA1E7724495B0F3314A209BEFB264247291A01F080CC364ECB9E876DA8BA354F2C58A970CF28431F42E8C9AB06B73B8AC6F11321D8FF93B3D3A1705D200E26B5F19EA488A1A0043AC3627E508D2B8A831DF06A059072CF001D1E243
 9 | 20151017025242 2 6 100 2047 5 F50BF4FEE839CC55493AFBA1034BFB8BD8DA514F5FA94F3961532132ACF891717294EABA04F70C4AA148677C9F3A20C6EBE1D364387C95E046F9A2A99E80737EE5091B642E083D627194185A341ACF7688676F17F45EAADEBD2F98597CA5CA7EB972B43E9CE53F5D743B793AEB919EC7CF8E1A31ED3F689151C33A21789AA8794666737E39D6B03F6E61E7C70C5C9ABC961A849D27F1C5B9CA59BC160B60253C6DE8E46A8DA1E7724495B0F3314A209BEFB264247291A01F080CC364ECB9E876DA8BA354F2C58A970CF28431F42E8C9AB06B73B8AC6F11321D8FF93B3D3A1705D200E26B5F19EA488A1A0043AC3627E508D2B8A831DF06A059072CF002003A47
10 | 20151017025504 2 6 100 2047 5 F50BF4FEE839CC55493AFBA1034BFB8BD8DA514F5FA94F3961532132ACF891717294EABA04F70C4AA148677C9F3A20C6EBE1D364387C95E046F9A2A99E80737EE5091B642E083D627194185A341ACF7688676F17F45EAADEBD2F98597CA5CA7EB972B43E9CE53F5D743B793AEB919EC7CF8E1A31ED3F689151C33A21789AA8794666737E39D6B03F6E61E7C70C5C9ABC961A849D27F1C5B9CA59BC160B60253C6DE8E46A8DA1E7724495B0F3314A209BEFB264247291A01F080CC364ECB9E876DA8BA354F2C58A970CF28431F42E8C9AB06B73B8AC6F11321D8FF93B3D3A1705D200E26B5F19EA488A1A0043AC3627E508D2B8A831DF06A059072CF0020DDBA7
11 | 20151017025614 2 6 100 2047 2 F50BF4FEE839CC55493AFBA1034BFB8BD8DA514F5FA94F3961532132ACF891717294EABA04F70C4AA148677C9F3A20C6EBE1D364387C95E046F9A2A99E80737EE5091B642E083D627194185A341ACF7688676F17F45EAADEBD2F98597CA5CA7EB972B43E9CE53F5D743B793AEB919EC7CF8E1A31ED3F689151C33A21789AA8794666737E39D6B03F6E61E7C70C5C9ABC961A849D27F1C5B9CA59BC160B60253C6DE8E46A8DA1E7724495B0F3314A209BEFB264247291A01F080CC364ECB9E876DA8BA354F2C58A970CF28431F42E8C9AB06B73B8AC6F11321D8FF93B3D3A1705D200E26B5F19EA488A1A0043AC3627E508D2B8A831DF06A059072CF002116853
12 | 20151017031249 2 6 100 2047 5 F50BF4FEE839CC55493AFBA1034BFB8BD8DA514F5FA94F3961532132ACF891717294EABA04F70C4AA148677C9F3A20C6EBE1D364387C95E046F9A2A99E80737EE5091B642E083D627194185A341ACF7688676F17F45EAADEBD2F98597CA5CA7EB972B43E9CE53F5D743B793AEB919EC7CF8E1A31ED3F689151C33A21789AA8794666737E39D6B03F6E61E7C70C5C9ABC961A849D27F1C5B9CA59BC160B60253C6DE8E46A8DA1E7724495B0F3314A209BEFB264247291A01F080CC364ECB9E876DA8BA354F2C58A970CF28431F42E8C9AB06B73B8AC6F11321D8FF93B3D3A1705D200E26B5F19EA488A1A0043AC3627E508D2B8A831DF06A059072CF002A20C0F
13 | 20151017031344 2 6 100 2047 5 F50BF4FEE839CC55493AFBA1034BFB8BD8DA514F5FA94F3961532132ACF891717294EABA04F70C4AA148677C9F3A20C6EBE1D364387C95E046F9A2A99E80737EE5091B642E083D627194185A341ACF7688676F17F45EAADEBD2F98597CA5CA7EB972B43E9CE53F5D743B793AEB919EC7CF8E1A31ED3F689151C33A21789AA8794666737E39D6B03F6E61E7C70C5C9ABC961A849D27F1C5B9CA59BC160B60253C6DE8E46A8DA1E7724495B0F3314A209BEFB264247291A01F080CC364ECB9E876DA8BA354F2C58A970CF28431F42E8C9AB06B73B8AC6F11321D8FF93B3D3A1705D200E26B5F19EA488A1A0043AC3627E508D2B8A831DF06A059072CF002A2909F
14 | 20151017031513 2 6 100 2047 5 F50BF4FEE839CC55493AFBA1034BFB8BD8DA514F5FA94F3961532132ACF891717294EABA04F70C4AA148677C9F3A20C6EBE1D364387C95E046F9A2A99E80737EE5091B642E083D627194185A341ACF7688676F17F45EAADEBD2F98597CA5CA7EB972B43E9CE53F5D743B793AEB919EC7CF8E1A31ED3F689151C33A21789AA8794666737E39D6B03F6E61E7C70C5C9ABC961A849D27F1C5B9CA59BC160B60253C6DE8E46A8DA1E7724495B0F3314A209BEFB264247291A01F080CC364ECB9E876DA8BA354F2C58A970CF28431F42E8C9AB06B73B8AC6F11321D8FF93B3D3A1705D200E26B5F19EA488A1A0043AC3627E508D2B8A831DF06A059072CF002A81407
15 | 20151017033459 2 6 100 2047 2 F50BF4FEE839CC55493AFBA1034BFB8BD8DA514F5FA94F3961532132ACF891717294EABA04F70C4AA148677C9F3A20C6EBE1D364387C95E046F9A2A99E80737EE5091B642E083D627194185A341ACF7688676F17F45EAADEBD2F98597CA5CA7EB972B43E9CE53F5D743B793AEB919EC7CF8E1A31ED3F689151C33A21789AA8794666737E39D6B03F6E61E7C70C5C9ABC961A849D27F1C5B9CA59BC160B60253C6DE8E46A8DA1E7724495B0F3314A209BEFB264247291A01F080CC364ECB9E876DA8BA354F2C58A970CF28431F42E8C9AB06B73B8AC6F11321D8FF93B3D3A1705D200E26B5F19EA488A1A0043AC3627E508D2B8A831DF06A059072CF0035DB4FB
16 | 20151017034143 2 6 100 2047 2 F50BF4FEE839CC55493AFBA1034BFB8BD8DA514F5FA94F3961532132ACF891717294EABA04F70C4AA148677C9F3A20C6EBE1D364387C95E046F9A2A99E80737EE5091B642E083D627194185A341ACF7688676F17F45EAADEBD2F98597CA5CA7EB972B43E9CE53F5D743B793AEB919EC7CF8E1A31ED3F689151C33A21789AA8794666737E39D6B03F6E61E7C70C5C9ABC961A849D27F1C5B9CA59BC160B60253C6DE8E46A8DA1E7724495B0F3314A209BEFB264247291A01F080CC364ECB9E876DA8BA354F2C58A970CF28431F42E8C9AB06B73B8AC6F11321D8FF93B3D3A1705D200E26B5F19EA488A1A0043AC3627E508D2B8A831DF06A059072CF00392268B
17 | 20151017040421 2 6 100 2047 2 F50BF4FEE839CC55493AFBA1034BFB8BD8DA514F5FA94F3961532132ACF891717294EABA04F70C4AA148677C9F3A20C6EBE1D364387C95E046F9A2A99E80737EE5091B642E083D627194185A341ACF7688676F17F45EAADEBD2F98597CA5CA7EB972B43E9CE53F5D743B793AEB919EC7CF8E1A31ED3F689151C33A21789AA8794666737E39D6B03F6E61E7C70C5C9ABC961A849D27F1C5B9CA59BC160B60253C6DE8E46A8DA1E7724495B0F3314A209BEFB264247291A01F080CC364ECB9E876DA8BA354F2C58A970CF28431F42E8C9AB06B73B8AC6F11321D8FF93B3D3A1705D200E26B5F19EA488A1A0043AC3627E508D2B8A831DF06A059072CF0045DCC5B
18 | 20151017041009 2 6 100 2047 2 F50BF4FEE839CC55493AFBA1034BFB8BD8DA514F5FA94F3961532132ACF891717294EABA04F70C4AA148677C9F3A20C6EBE1D364387C95E046F9A2A99E80737EE5091B642E083D627194185A341ACF7688676F17F45EAADEBD2F98597CA5CA7EB972B43E9CE53F5D743B793AEB919EC7CF8E1A31ED3F689151C33A21789AA8794666737E39D6B03F6E61E7C70C5C9ABC961A849D27F1C5B9CA59BC160B60253C6DE8E46A8DA1E7724495B0F3314A209BEFB264247291A01F080CC364ECB9E876DA8BA354F2C58A970CF28431F42E8C9AB06B73B8AC6F11321D8FF93B3D3A1705D200E26B5F19EA488A1A0043AC3627E508D2B8A831DF06A059072CF00489F4A3
19 | 20151017041814 2 6 100 2047 2 F50BF4FEE839CC55493AFBA1034BFB8BD8DA514F5FA94F3961532132ACF891717294EABA04F70C4AA148677C9F3A20C6EBE1D364387C95E046F9A2A99E80737EE5091B642E083D627194185A341ACF7688676F17F45EAADEBD2F98597CA5CA7EB972B43E9CE53F5D743B793AEB919EC7CF8E1A31ED3F689151C33A21789AA8794666737E39D6B03F6E61E7C70C5C9ABC961A849D27F1C5B9CA59BC160B60253C6DE8E46A8DA1E7724495B0F3314A209BEFB264247291A01F080CC364ECB9E876DA8BA354F2C58A970CF28431F42E8C9AB06B73B8AC6F11321D8FF93B3D3A1705D200E26B5F19EA488A1A0043AC3627E508D2B8A831DF06A059072CF004CCA43B
20 | 20151017042033 2 6 100 2047 2 F50BF4FEE839CC55493AFBA1034BFB8BD8DA514F5FA94F3961532132ACF891717294EABA04F70C4AA148677C9F3A20C6EBE1D364387C95E046F9A2A99E80737EE5091B642E083D627194185A341ACF7688676F17F45EAADEBD2F98597CA5CA7EB972B43E9CE53F5D743B793AEB919EC7CF8E1A31ED3F689151C33A21789AA8794666737E39D6B03F6E61E7C70C5C9ABC961A849D27F1C5B9CA59BC160B60253C6DE8E46A8DA1E7724495B0F3314A209BEFB264247291A01F080CC364ECB9E876DA8BA354F2C58A970CF28431F42E8C9AB06B73B8AC6F11321D8FF93B3D3A1705D200E26B5F19EA488A1A0043AC3627E508D2B8A831DF06A059072CF004DAD5E3
21 | 20151017042403 2 6 100 2047 2 F50BF4FEE839CC55493AFBA1034BFB8BD8DA514F5FA94F3961532132ACF891717294EABA04F70C4AA148677C9F3A20C6EBE1D364387C95E046F9A2A99E80737EE5091B642E083D627194185A341ACF7688676F17F45EAADEBD2F98597CA5CA7EB972B43E9CE53F5D743B793AEB919EC7CF8E1A31ED3F689151C33A21789AA8794666737E39D6B03F6E61E7C70C5C9ABC961A849D27F1C5B9CA59BC160B60253C6DE8E46A8DA1E7724495B0F3314A209BEFB264247291A01F080CC364ECB9E876DA8BA354F2C58A970CF28431F42E8C9AB06B73B8AC6F11321D8FF93B3D3A1705D200E26B5F19EA488A1A0043AC3627E508D2B8A831DF06A059072CF004F1415B
22 | 20151017043720 2 6 100 2047 2 F50BF4FEE839CC55493AFBA1034BFB8BD8DA514F5FA94F3961532132ACF891717294EABA04F70C4AA148677C9F3A20C6EBE1D364387C95E046F9A2A99E80737EE5091B642E083D627194185A341ACF7688676F17F45EAADEBD2F98597CA5CA7EB972B43E9CE53F5D743B793AEB919EC7CF8E1A31ED3F689151C33A21789AA8794666737E39D6B03F6E61E7C70C5C9ABC961A849D27F1C5B9CA59BC160B60253C6DE8E46A8DA1E7724495B0F3314A209BEFB264247291A01F080CC364ECB9E876DA8BA354F2C58A970CF28431F42E8C9AB06B73B8AC6F11321D8FF93B3D3A1705D200E26B5F19EA488A1A0043AC3627E508D2B8A831DF06A059072CF00563C753
23 | 20151017044128 2 6 100 2047 2 F50BF4FEE839CC55493AFBA1034BFB8BD8DA514F5FA94F3961532132ACF891717294EABA04F70C4AA148677C9F3A20C6EBE1D364387C95E046F9A2A99E80737EE5091B642E083D627194185A341ACF7688676F17F45EAADEBD2F98597CA5CA7EB972B43E9CE53F5D743B793AEB919EC7CF8E1A31ED3F689151C33A21789AA8794666737E39D6B03F6E61E7C70C5C9ABC961A849D27F1C5B9CA59BC160B60253C6DE8E46A8DA1E7724495B0F3314A209BEFB264247291A01F080CC364ECB9E876DA8BA354F2C58A970CF28431F42E8C9AB06B73B8AC6F11321D8FF93B3D3A1705D200E26B5F19EA488A1A0043AC3627E508D2B8A831DF06A059072CF005831AFB
24 | 20151017044500 2 6 100 2047 5 F50BF4FEE839CC55493AFBA1034BFB8BD8DA514F5FA94F3961532132ACF891717294EABA04F70C4AA148677C9F3A20C6EBE1D364387C95E046F9A2A99E80737EE5091B642E083D627194185A341ACF7688676F17F45EAADEBD2F98597CA5CA7EB972B43E9CE53F5D743B793AEB919EC7CF8E1A31ED3F689151C33A21789AA8794666737E39D6B03F6E61E7C70C5C9ABC961A849D27F1C5B9CA59BC160B60253C6DE8E46A8DA1E7724495B0F3314A209BEFB264247291A01F080CC364ECB9E876DA8BA354F2C58A970CF28431F42E8C9AB06B73B8AC6F11321D8FF93B3D3A1705D200E26B5F19EA488A1A0043AC3627E508D2B8A831DF06A059072CF0059B8E27
25 | 20151017044627 2 6 100 2047 2 F50BF4FEE839CC55493AFBA1034BFB8BD8DA514F5FA94F3961532132ACF891717294EABA04F70C4AA148677C9F3A20C6EBE1D364387C95E046F9A2A99E80737EE5091B642E083D627194185A341ACF7688676F17F45EAADEBD2F98597CA5CA7EB972B43E9CE53F5D743B793AEB919EC7CF8E1A31ED3F689151C33A21789AA8794666737E39D6B03F6E61E7C70C5C9ABC961A849D27F1C5B9CA59BC160B60253C6DE8E46A8DA1E7724495B0F3314A209BEFB264247291A01F080CC364ECB9E876DA8BA354F2C58A970CF28431F42E8C9AB06B73B8AC6F11321D8FF93B3D3A1705D200E26B5F19EA488A1A0043AC3627E508D2B8A831DF06A059072CF005A16B23
26 | 20151017045744 2 6 100 2047 2 F50BF4FEE839CC55493AFBA1034BFB8BD8DA514F5FA94F3961532132ACF891717294EABA04F70C4AA148677C9F3A20C6EBE1D364387C95E046F9A2A99E80737EE5091B642E083D627194185A341ACF7688676F17F45EAADEBD2F98597CA5CA7EB972B43E9CE53F5D743B793AEB919EC7CF8E1A31ED3F689151C33A21789AA8794666737E39D6B03F6E61E7C70C5C9ABC961A849D27F1C5B9CA59BC160B60253C6DE8E46A8DA1E7724495B0F3314A209BEFB264247291A01F080CC364ECB9E876DA8BA354F2C58A970CF28431F42E8C9AB06B73B8AC6F11321D8FF93B3D3A1705D200E26B5F19EA488A1A0043AC3627E508D2B8A831DF06A059072CF006051623
27 | 20151017045845 2 6 100 2047 2 F50BF4FEE839CC55493AFBA1034BFB8BD8DA514F5FA94F3961532132ACF891717294EABA04F70C4AA148677C9F3A20C6EBE1D364387C95E046F9A2A99E80737EE5091B642E083D627194185A341ACF7688676F17F45EAADEBD2F98597CA5CA7EB972B43E9CE53F5D743B793AEB919EC7CF8E1A31ED3F689151C33A21789AA8794666737E39D6B03F6E61E7C70C5C9ABC961A849D27F1C5B9CA59BC160B60253C6DE8E46A8DA1E7724495B0F3314A209BEFB264247291A01F080CC364ECB9E876DA8BA354F2C58A970CF28431F42E8C9AB06B73B8AC6F11321D8FF93B3D3A1705D200E26B5F19EA488A1A0043AC3627E508D2B8A831DF06A059072CF00606267B
28 | 20151017051042 2 6 100 2047 5 F50BF4FEE839CC55493AFBA1034BFB8BD8DA514F5FA94F3961532132ACF891717294EABA04F70C4AA148677C9F3A20C6EBE1D364387C95E046F9A2A99E80737EE5091B642E083D627194185A341ACF7688676F17F45EAADEBD2F98597CA5CA7EB972B43E9CE53F5D743B793AEB919EC7CF8E1A31ED3F689151C33A21789AA8794666737E39D6B03F6E61E7C70C5C9ABC961A849D27F1C5B9CA59BC160B60253C6DE8E46A8DA1E7724495B0F3314A209BEFB264247291A01F080CC364ECB9E876DA8BA354F2C58A970CF28431F42E8C9AB06B73B8AC6F11321D8FF93B3D3A1705D200E26B5F19EA488A1A0043AC3627E508D2B8A831DF06A059072CF0066C74E7
29 | 20151017051856 2 6 100 2047 2 F50BF4FEE839CC55493AFBA1034BFB8BD8DA514F5FA94F3961532132ACF891717294EABA04F70C4AA148677C9F3A20C6EBE1D364387C95E046F9A2A99E80737EE5091B642E083D627194185A341ACF7688676F17F45EAADEBD2F98597CA5CA7EB972B43E9CE53F5D743B793AEB919EC7CF8E1A31ED3F689151C33A21789AA8794666737E39D6B03F6E61E7C70C5C9ABC961A849D27F1C5B9CA59BC160B60253C6DE8E46A8DA1E7724495B0F3314A209BEFB264247291A01F080CC364ECB9E876DA8BA354F2C58A970CF28431F42E8C9AB06B73B8AC6F11321D8FF93B3D3A1705D200E26B5F19EA488A1A0043AC3627E508D2B8A831DF06A059072CF006B0B80B
30 | 20151017052123 2 6 100 2047 5 F50BF4FEE839CC55493AFBA1034BFB8BD8DA514F5FA94F3961532132ACF891717294EABA04F70C4AA148677C9F3A20C6EBE1D364387C95E046F9A2A99E80737EE5091B642E083D627194185A341ACF7688676F17F45EAADEBD2F98597CA5CA7EB972B43E9CE53F5D743B793AEB919EC7CF8E1A31ED3F689151C33A21789AA8794666737E39D6B03F6E61E7C70C5C9ABC961A849D27F1C5B9CA59BC160B60253C6DE8E46A8DA1E7724495B0F3314A209BEFB264247291A01F080CC364ECB9E876DA8BA354F2C58A970CF28431F42E8C9AB06B73B8AC6F11321D8FF93B3D3A1705D200E26B5F19EA488A1A0043AC3627E508D2B8A831DF06A059072CF006BEFCDF
31 | 20151017052613 2 6 100 2047 2 F50BF4FEE839CC55493AFBA1034BFB8BD8DA514F5FA94F3961532132ACF891717294EABA04F70C4AA148677C9F3A20C6EBE1D364387C95E046F9A2A99E80737EE5091B642E083D627194185A341ACF7688676F17F45EAADEBD2F98597CA5CA7EB972B43E9CE53F5D743B793AEB919EC7CF8E1A31ED3F689151C33A21789AA8794666737E39D6B03F6E61E7C70C5C9ABC961A849D27F1C5B9CA59BC160B60253C6DE8E46A8DA1E7724495B0F3314A209BEFB264247291A01F080CC364ECB9E876DA8BA354F2C58A970CF28431F42E8C9AB06B73B8AC6F11321D8FF93B3D3A1705D200E26B5F19EA488A1A0043AC3627E508D2B8A831DF06A059072CF006E2F95B
32 | 20151017052820 2 6 100 2047 2 F50BF4FEE839CC55493AFBA1034BFB8BD8DA514F5FA94F3961532132ACF891717294EABA04F70C4AA148677C9F3A20C6EBE1D364387C95E046F9A2A99E80737EE5091B642E083D627194185A341ACF7688676F17F45EAADEBD2F98597CA5CA7EB972B43E9CE53F5D743B793AEB919EC7CF8E1A31ED3F689151C33A21789AA8794666737E39D6B03F6E61E7C70C5C9ABC961A849D27F1C5B9CA59BC160B60253C6DE8E46A8DA1E7724495B0F3314A209BEFB264247291A01F080CC364ECB9E876DA8BA354F2C58A970CF28431F42E8C9AB06B73B8AC6F11321D8FF93B3D3A1705D200E26B5F19EA488A1A0043AC3627E508D2B8A831DF06A059072CF006EF0783
33 | 20151017052933 2 6 100 2047 2 F50BF4FEE839CC55493AFBA1034BFB8BD8DA514F5FA94F3961532132ACF891717294EABA04F70C4AA148677C9F3A20C6EBE1D364387C95E046F9A2A99E80737EE5091B642E083D627194185A341ACF7688676F17F45EAADEBD2F98597CA5CA7EB972B43E9CE53F5D743B793AEB919EC7CF8E1A31ED3F689151C33A21789AA8794666737E39D6B03F6E61E7C70C5C9ABC961A849D27F1C5B9CA59BC160B60253C6DE8E46A8DA1E7724495B0F3314A209BEFB264247291A01F080CC364ECB9E876DA8BA354F2C58A970CF28431F42E8C9AB06B73B8AC6F11321D8FF93B3D3A1705D200E26B5F19EA488A1A0043AC3627E508D2B8A831DF06A059072CF006F1A31B
34 | 20151017053054 2 6 100 2047 5 F50BF4FEE839CC55493AFBA1034BFB8BD8DA514F5FA94F3961532132ACF891717294EABA04F70C4AA148677C9F3A20C6EBE1D364387C95E046F9A2A99E80737EE5091B642E083D627194185A341ACF7688676F17F45EAADEBD2F98597CA5CA7EB972B43E9CE53F5D743B793AEB919EC7CF8E1A31ED3F689151C33A21789AA8794666737E39D6B03F6E61E7C70C5C9ABC961A849D27F1C5B9CA59BC160B60253C6DE8E46A8DA1E7724495B0F3314A209BEFB264247291A01F080CC364ECB9E876DA8BA354F2C58A970CF28431F42E8C9AB06B73B8AC6F11321D8FF93B3D3A1705D200E26B5F19EA488A1A0043AC3627E508D2B8A831DF06A059072CF006F5E61F
35 | 20151017053447 2 6 100 2047 5 F50BF4FEE839CC55493AFBA1034BFB8BD8DA514F5FA94F3961532132ACF891717294EABA04F70C4AA148677C9F3A20C6EBE1D364387C95E046F9A2A99E80737EE5091B642E083D627194185A341ACF7688676F17F45EAADEBD2F98597CA5CA7EB972B43E9CE53F5D743B793AEB919EC7CF8E1A31ED3F689151C33A21789AA8794666737E39D6B03F6E61E7C70C5C9ABC961A849D27F1C5B9CA59BC160B60253C6DE8E46A8DA1E7724495B0F3314A209BEFB264247291A01F080CC364ECB9E876DA8BA354F2C58A970CF28431F42E8C9AB06B73B8AC6F11321D8FF93B3D3A1705D200E26B5F19EA488A1A0043AC3627E508D2B8A831DF06A059072CF00712B14F
36 | 20151017054124 2 6 100 2047 5 F50BF4FEE839CC55493AFBA1034BFB8BD8DA514F5FA94F3961532132ACF891717294EABA04F70C4AA148677C9F3A20C6EBE1D364387C95E046F9A2A99E80737EE5091B642E083D627194185A341ACF7688676F17F45EAADEBD2F98597CA5CA7EB972B43E9CE53F5D743B793AEB919EC7CF8E1A31ED3F689151C33A21789AA8794666737E39D6B03F6E61E7C70C5C9ABC961A849D27F1C5B9CA59BC160B60253C6DE8E46A8DA1E7724495B0F3314A209BEFB264247291A01F080CC364ECB9E876DA8BA354F2C58A970CF28431F42E8C9AB06B73B8AC6F11321D8FF93B3D3A1705D200E26B5F19EA488A1A0043AC3627E508D2B8A831DF06A059072CF0074754EF
37 | 20151017054449 2 6 100 2047 2 F50BF4FEE839CC55493AFBA1034BFB8BD8DA514F5FA94F3961532132ACF891717294EABA04F70C4AA148677C9F3A20C6EBE1D364387C95E046F9A2A99E80737EE5091B642E083D627194185A341ACF7688676F17F45EAADEBD2F98597CA5CA7EB972B43E9CE53F5D743B793AEB919EC7CF8E1A31ED3F689151C33A21789AA8794666737E39D6B03F6E61E7C70C5C9ABC961A849D27F1C5B9CA59BC160B60253C6DE8E46A8DA1E7724495B0F3314A209BEFB264247291A01F080CC364ECB9E876DA8BA354F2C58A970CF28431F42E8C9AB06B73B8AC6F11321D8FF93B3D3A1705D200E26B5F19EA488A1A0043AC3627E508D2B8A831DF06A059072CF0075E082B
38 | 20151017054904 2 6 100 2047 5 F50BF4FEE839CC55493AFBA1034BFB8BD8DA514F5FA94F3961532132ACF891717294EABA04F70C4AA148677C9F3A20C6EBE1D364387C95E046F9A2A99E80737EE5091B642E083D627194185A341ACF7688676F17F45EAADEBD2F98597CA5CA7EB972B43E9CE53F5D743B793AEB919EC7CF8E1A31ED3F689151C33A21789AA8794666737E39D6B03F6E61E7C70C5C9ABC961A849D27F1C5B9CA59BC160B60253C6DE8E46A8DA1E7724495B0F3314A209BEFB264247291A01F080CC364ECB9E876DA8BA354F2C58A970CF28431F42E8C9AB06B73B8AC6F11321D8FF93B3D3A1705D200E26B5F19EA488A1A0043AC3627E508D2B8A831DF06A059072CF0077CD89F
39 | 


--------------------------------------------------------------------------------
/myapache.local.conf:
--------------------------------------------------------------------------------
 1 | # Hide upsidedownternet from HTTP clients other than squid
 2 | # This is separately hid from HTTPS clients bouncing off of Pagekite in the default-ssl site
 3 | <Directory /var/tmp/upsidedownternet>
 4 | 	Order Deny,Allow
 5 | 	Deny from all
 6 | 	Allow from 127.0.0.1
 7 | </Directory>
 8 | 
 9 | # Hide all git metadata from everyone
10 | <Directorymatch "^/.*/\.git+/">
11 | 	Order Deny,Allow
12 | 	Deny from all
13 | </Directorymatch>
14 | <Files ~ "^\.git">
15 | 	Order Deny,Allow
16 | 	Deny from all
17 | </Files>
18 | 


--------------------------------------------------------------------------------
/ports.conf:
--------------------------------------------------------------------------------
 1 | # If you just change the port or add more ports here, you will likely also
 2 | # have to change the VirtualHost statement in
 3 | # /etc/apache2/sites-enabled/000-default.conf
 4 | 
 5 | Listen 80
 6 | 
 7 | <IfModule ssl_module>
 8 | 	Listen 4443
 9 | </IfModule>
10 | 
11 | <IfModule mod_gnutls.c>
12 | 	Listen 4443
13 | </IfModule>
14 | 
15 | ServerName davidsherenowitsa.party
16 | 
17 | # vim: syntax=apache ts=4 sw=4 sts=4 sr noet
18 | 


--------------------------------------------------------------------------------
/profiles.clj:
--------------------------------------------------------------------------------
1 | {:user {:dependencies [[cljfmt "0.5.6"]]
2 |         :plugins      [[lein-cljfmt "0.5.6"]
3 |                        [lein-ancient "0.6.10"]
4 |                        [lein-kibit "0.1.4-SNAPSHOT"]
5 |                        [jonase/eastwood "0.2.4"]]
6 |         :repl-options {:timeout 300000}}}
7 | 


--------------------------------------------------------------------------------
/security.conf:
--------------------------------------------------------------------------------
 1 | #
 2 | # Disable access to the entire file system except for the directories that
 3 | # are explicitly allowed later.
 4 | #
 5 | # This currently breaks the configurations that come with some web application
 6 | # Debian packages.
 7 | #
 8 | #<Directory />
 9 | #   AllowOverride None
10 | #   Order Deny,Allow
11 | #   Deny from all
12 | #</Directory>
13 | 
14 | 
15 | # Changing the following options will not really affect the security of the
16 | # server, but might make attacks slightly more difficult in some cases.
17 | 
18 | #
19 | # ServerTokens
20 | # This directive configures what you return as the Server HTTP response
21 | # Header. The default is 'Full' which sends information about the OS-Type
22 | # and compiled in modules.
23 | # Set to one of:  Full | OS | Minimal | Minor | Major | Prod
24 | # where Full conveys the most information, and Prod the least.
25 | #ServerTokens Minimal
26 | ServerTokens OS
27 | #ServerTokens Full
28 | 
29 | #
30 | # Optionally add a line containing the server version and virtual host
31 | # name to server-generated pages (internal error documents, FTP directory
32 | # listings, mod_status and mod_info output etc., but not CGI generated
33 | # documents or custom error documents).
34 | # Set to "EMail" to also include a mailto: link to the ServerAdmin.
35 | # Set to one of:  On | Off | EMail
36 | #ServerSignature Off
37 | ServerSignature On
38 | 
39 | #
40 | # Allow TRACE method
41 | #
42 | # Set to "extended" to also reflect the request body (only for testing and
43 | # diagnostic purposes).
44 | #
45 | # Set to one of:  On | Off | extended
46 | TraceEnable Off
47 | #TraceEnable On
48 | 
49 | #
50 | # Forbid access to version control directories
51 | #
52 | # If you use version control systems in your document root, you should
53 | # probably deny access to their directories. For example, for subversion:
54 | #
55 | <DirectoryMatch "/\.svn">
56 |    Require all denied
57 | </DirectoryMatch>
58 | <DirectoryMatch "/\.git">
59 |    Require all denied
60 | </DirectoryMatch>
61 | 
62 | #
63 | # Setting this header will prevent MSIE from interpreting files as something
64 | # else than declared by the content type in the HTTP headers.
65 | # Requires mod_headers to be enabled.
66 | #
67 | Header set X-Content-Type-Options: "nosniff"
68 | 
69 | #
70 | # Setting this header will prevent other sites from embedding pages from this
71 | # site as frames. This defends against clickjacking attacks.
72 | # Requires mod_headers to be enabled.
73 | #
74 | #Header set X-Frame-Options: "sameorigin"
75 | 
76 | # Adding X-XSS-Protection per recommendation of MDN
77 | Header set X-XSS-Protection: "1; mode=block"
78 | 
79 | # Adding CSP, still need unsafe-inline for now gitweb timezone handling
80 | Header set Content-Security-Policy: "default-src 'self' 'unsafe-inline'"
81 | 
82 | # vim: syntax=apache ts=4 sw=4 sts=4 sr noet
83 | 


--------------------------------------------------------------------------------
/sniff.json:
--------------------------------------------------------------------------------
 1 | {
 2 |     "bind": {
 3 |         "host": "0.0.0.0",
 4 |         "port": 4445
 5 |     },
 6 |     "servers": [
 7 |         {
 8 |             "default": true,
 9 |             "regexp": true,
10 |             "host": "192.168.0.5",
11 |             "names": [
12 |                 "^davidsherenowitsa\\.party$",
13 |                 "^www\\.davidsherenowitsa\\.party$",
14 |                 "^[0-9a-f]{32}\\.[0-9a-f]{32}\\.acme\\.invalid$"
15 |             ],
16 |             "port": 4443
17 |         },
18 |         {
19 |             "default": false,
20 |             "regexp": true,
21 |             "host": "127.0.0.1",
22 |             "names": [
23 |                 "^www\\.[a-z2-7]{4,25}\\.com$"
24 |             ],
25 |             "port": 9090
26 |         }
27 |     ]
28 | }
29 | 


--------------------------------------------------------------------------------
/sniff.service:
--------------------------------------------------------------------------------
 1 | [Unit]
 2 | Description=SNIff
 3 | 
 4 | [Service]
 5 | ExecStart=/home/pi/go/bin/sniff
 6 | WorkingDirectory=/opt/sniff
 7 | User=sniff
 8 | Group=sniff
 9 | PIDFile=/opt/sniff/sniff.pid
10 | 
11 | ; Need to run `sudo systemctl enable sniff.service` for this to take effect
12 | [Install]
13 | WantedBy=multi-user.target
14 | 


--------------------------------------------------------------------------------
/sources.list:
--------------------------------------------------------------------------------
1 | deb tor://mirrordirector.raspbian.org/raspbian/ jessie main contrib non-free rpi
2 | # Uncomment line below then 'apt-get update' to enable 'apt-get source'
3 | #deb-src tor://mirror.ox.ac.uk/sites/archive.raspbian.org/archive/raspbian/ jessie main contrib non-free rpi
4 | deb-src tor://deb.torproject.org/torproject.org jessie main
5 | 


--------------------------------------------------------------------------------
/sources.list.d/collabora.list:
--------------------------------------------------------------------------------
1 | deb tor://raspberrypi.collabora.com wheezy rpi
2 | 


--------------------------------------------------------------------------------
/sources.list.d/raspi.list:
--------------------------------------------------------------------------------
1 | deb tor://archive.raspberrypi.org/debian/ jessie main
2 | # Uncomment line below then 'apt-get update' to enable 'apt-get source'
3 | #deb-src tor://archive.raspberrypi.org/debian/ jessie main
4 | 


--------------------------------------------------------------------------------
/ssh_config:
--------------------------------------------------------------------------------
1 | Host pi
2 |     HostName localhost
3 | 


--------------------------------------------------------------------------------
/sshd_config:
--------------------------------------------------------------------------------
 1 | # Package generated configuration file
 2 | # See the sshd_config(5) manpage for details
 3 | 
 4 | # What ports, IPs and protocols we listen for
 5 | Port 22
 6 | Port 2932
 7 | # Use these options to restrict which interfaces/protocols sshd will bind to
 8 | #ListenAddress ::
 9 | #ListenAddress 0.0.0.0
10 | Protocol 2
11 | # HostKeys for protocol version 2
12 | HostKey /etc/ssh/ssh_host_rsa_key
13 | HostKey /etc/ssh/ssh_host_dsa_key
14 | HostKey /etc/ssh/ssh_host_ecdsa_key
15 | #Privilege Separation is turned on for security
16 | UsePrivilegeSeparation yes
17 | 
18 | # Lifetime and size of ephemeral version 1 server key
19 | KeyRegenerationInterval 3600
20 | ServerKeyBits 1024
21 | 
22 | # Logging
23 | SyslogFacility AUTH
24 | LogLevel INFO
25 | 
26 | # Authentication:
27 | LoginGraceTime 120
28 | PermitRootLogin without-password
29 | StrictModes yes
30 | 
31 | RSAAuthentication yes
32 | PubkeyAuthentication yes
33 | AuthorizedKeysFile	%h/.ssh/authorized_keys
34 | 
35 | # Don't read the user's ~/.rhosts and ~/.shosts files
36 | IgnoreRhosts yes
37 | # For this to work you will also need host keys in /etc/ssh_known_hosts
38 | RhostsRSAAuthentication no
39 | # similar for protocol version 2
40 | HostbasedAuthentication no
41 | # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
42 | #IgnoreUserKnownHosts yes
43 | 
44 | # To enable empty passwords, change to yes (NOT RECOMMENDED)
45 | PermitEmptyPasswords no
46 | 
47 | # Change to yes to enable challenge-response passwords (beware issues with
48 | # some PAM modules and threads)
49 | ChallengeResponseAuthentication no
50 | 
51 | # Change to no to disable tunnelled clear text passwords
52 | PasswordAuthentication no
53 | 
54 | # Kerberos options
55 | #KerberosAuthentication no
56 | #KerberosGetAFSToken no
57 | #KerberosOrLocalPasswd yes
58 | #KerberosTicketCleanup yes
59 | 
60 | # GSSAPI options
61 | #GSSAPIAuthentication no
62 | #GSSAPICleanupCredentials yes
63 | 
64 | X11Forwarding yes
65 | X11DisplayOffset 10
66 | PrintMotd no
67 | PrintLastLog yes
68 | TCPKeepAlive yes
69 | #UseLogin no
70 | 
71 | #MaxStartups 10:30:60
72 | #Banner /etc/issue.net
73 | 
74 | # Allow client to pass locale environment variables
75 | AcceptEnv LANG LC_*
76 | 
77 | Subsystem sftp /usr/lib/openssh/sftp-server
78 | 
79 | # Set this to 'yes' to enable PAM authentication, account processing,
80 | # and session processing. If this is enabled, PAM authentication will
81 | # be allowed through the ChallengeResponseAuthentication and
82 | # PasswordAuthentication.  Depending on your PAM configuration,
83 | # PAM authentication via ChallengeResponseAuthentication may bypass
84 | # the setting of "PermitRootLogin without-password".
85 | # If you just want the PAM account and session checks to run without
86 | # PAM authentication, then enable this but set PasswordAuthentication
87 | # and ChallengeResponseAuthentication to 'no'.
88 | UsePAM yes
89 | 
90 | AllowUsers pi
91 | 


--------------------------------------------------------------------------------
/ssl.conf:
--------------------------------------------------------------------------------
 1 | <IfModule mod_ssl.c>
 2 | 
 3 | 	# Pseudo Random Number Generator (PRNG):
 4 | 	# Configure one or more sources to seed the PRNG of the SSL library.
 5 | 	# The seed data should be of good random quality.
 6 | 	# WARNING! On some platforms /dev/random blocks if not enough entropy
 7 | 	# is available. This means you then cannot use the /dev/random device
 8 | 	# because it would lead to very long connection times (as long as
 9 | 	# it requires to make more entropy available). But usually those
10 | 	# platforms additionally provide a /dev/urandom device which doesn't
11 | 	# block. So, if available, use this one instead. Read the mod_ssl User
12 | 	# Manual for more details.
13 | 	#
14 | 	SSLRandomSeed startup builtin
15 | 	SSLRandomSeed startup file:/dev/urandom 512
16 | 	SSLRandomSeed connect builtin
17 | 	SSLRandomSeed connect file:/dev/urandom 512
18 | 
19 | 	##
20 | 	##  SSL Global Context
21 | 	##
22 | 	##  All SSL configuration in this context applies both to
23 | 	##  the main server and all SSL-enabled virtual hosts.
24 | 	##
25 | 
26 | 	#
27 | 	#   Some MIME-types for downloading Certificates and CRLs
28 | 	#
29 | 	AddType application/x-x509-ca-cert .crt
30 | 	AddType application/x-pkcs7-crl	.crl
31 | 
32 | 	#   Pass Phrase Dialog:
33 | 	#   Configure the pass phrase gathering process.
34 | 	#   The filtering dialog program (`builtin' is a internal
35 | 	#   terminal dialog) has to provide the pass phrase on stdout.
36 | 	SSLPassPhraseDialog  exec:/usr/share/apache2/ask-for-passphrase
37 | 
38 | 	#   Inter-Process Session Cache:
39 | 	#   Configure the SSL Session Cache: First the mechanism 
40 | 	#   to use and second the expiring timeout (in seconds).
41 | 	#   (The mechanism dbm has known memory leaks and should not be used).
42 | 	#SSLSessionCache		 dbm:${APACHE_RUN_DIR}/ssl_scache
43 | 	SSLSessionCache		shmcb:${APACHE_RUN_DIR}/ssl_scache(512000)
44 | 	SSLSessionCacheTimeout  300
45 | 
46 | 	#   Semaphore:
47 | 	#   Configure the path to the mutual exclusion semaphore the
48 | 	#   SSL engine uses internally for inter-process synchronization. 
49 | 	#   (Disabled by default, the global Mutex directive consolidates by default
50 | 	#   this)
51 | 	#Mutex file:${APACHE_LOCK_DIR}/ssl_mutex ssl-cache
52 | 
53 | 
54 | 	#   SSL Cipher Suite:
55 | 	#   List the ciphers that the client is permitted to negotiate. See the
56 | 	#   ciphers(1) man page from the openssl package for list of all available
57 | 	#   options.
58 | 	#   Enable only secure ciphers:
59 | 	SSLCipherSuite HIGH:!aNULL
60 | 
61 | 	# SSL server cipher order preference:
62 | 	# Use server priorities for cipher algorithm choice.
63 | 	# Clients may prefer lower grade encryption.  You should enable this
64 | 	# option if you want to enforce stronger encryption, and can afford
65 | 	# the CPU cost, and did not override SSLCipherSuite in a way that puts
66 | 	# insecure ciphers first.
67 | 	# Default: Off
68 | 	#SSLHonorCipherOrder on
69 | 
70 | 	#   The protocols to enable.
71 | 	#   Available values: all, SSLv3, TLSv1, TLSv1.1, TLSv1.2
72 | 	#   SSL v2  is no longer supported
73 | 	SSLProtocol all -SSLv3
74 | 
75 | 	#   Allow insecure renegotiation with clients which do not yet support the
76 | 	#   secure renegotiation protocol. Default: Off
77 | 	#SSLInsecureRenegotiation on
78 | 
79 | 	#   Whether to forbid non-SNI clients to access name based virtual hosts.
80 | 	#   Default: Off
81 | 	#SSLStrictSNIVHostCheck On
82 | 
83 | </IfModule>
84 | 
85 | # vim: syntax=apache ts=4 sw=4 sts=4 sr noet
86 | 


--------------------------------------------------------------------------------
/ssl.load:
--------------------------------------------------------------------------------
1 | # Depends: setenvif mime socache_shmcb
2 | LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so
3 | 


--------------------------------------------------------------------------------
/sysctl.conf:
--------------------------------------------------------------------------------
 1 | #
 2 | # /etc/sysctl.conf - Configuration file for setting system variables
 3 | # See /etc/sysctl.d/ for additional system variables.
 4 | # See sysctl.conf (5) for information.
 5 | #
 6 | 
 7 | #kernel.domainname = example.com
 8 | 
 9 | # Uncomment the following to stop low-level messages on console
10 | kernel.printk = 3 4 1 3
11 | 
12 | ##############################################################3
13 | # Functions previously found in netbase
14 | #
15 | 
16 | # Uncomment the next two lines to enable Spoof protection (reverse-path filter)
17 | # Turn on Source Address Verification in all interfaces to
18 | # prevent some spoofing attacks
19 | #net.ipv4.conf.default.rp_filter=1
20 | #net.ipv4.conf.all.rp_filter=1
21 | 
22 | # Uncomment the next line to enable TCP/IP SYN cookies
23 | # See http://lwn.net/Articles/277146/
24 | # Note: This may impact IPv6 TCP sessions too
25 | #net.ipv4.tcp_syncookies=1
26 | 
27 | # Uncomment the next line to enable packet forwarding for IPv4
28 | net.ipv4.ip_forward=1
29 | 
30 | # Uncomment the next line to enable packet forwarding for IPv6
31 | #  Enabling this option disables Stateless Address Autoconfiguration
32 | #  based on Router Advertisements for this host
33 | #net.ipv6.conf.all.forwarding=1
34 | 
35 | 
36 | ###################################################################
37 | # Additional settings - these settings can improve the network
38 | # security of the host and prevent against some network attacks
39 | # including spoofing attacks and man in the middle attacks through
40 | # redirection. Some network environments, however, require that these
41 | # settings are disabled so review and enable them as needed.
42 | #
43 | # Do not accept ICMP redirects (prevent MITM attacks)
44 | #net.ipv4.conf.all.accept_redirects = 0
45 | #net.ipv6.conf.all.accept_redirects = 0
46 | # _or_
47 | # Accept ICMP redirects only for gateways listed in our default
48 | # gateway list (enabled by default)
49 | # net.ipv4.conf.all.secure_redirects = 1
50 | #
51 | # Do not send ICMP redirects (we are not a router)
52 | #net.ipv4.conf.all.send_redirects = 0
53 | #
54 | # Do not accept IP source route packets (we are not a router)
55 | #net.ipv4.conf.all.accept_source_route = 0
56 | #net.ipv6.conf.all.accept_source_route = 0
57 | #
58 | # Log Martian Packets
59 | #net.ipv4.conf.all.log_martians = 1
60 | #
61 | 
62 | # rpi tweaks
63 | vm.swappiness=1
64 | vm.min_free_kbytes = 8192
65 | 


--------------------------------------------------------------------------------
/torrc:
--------------------------------------------------------------------------------
  1 | ## Configuration file for a typical Tor user
  2 | ## Last updated 22 September 2015 for Tor 0.2.7.3-alpha.
  3 | ## (may or may not work for much older or much newer versions of Tor.)
  4 | ##
  5 | ## Lines that begin with "## " try to explain what's going on. Lines
  6 | ## that begin with just "#" are disabled commands: you can enable them
  7 | ## by removing the "#" symbol.
  8 | ##
  9 | ## See 'man tor', or https://www.torproject.org/docs/tor-manual.html,
 10 | ## for more options you can use in this file.
 11 | ##
 12 | ## Tor will look for this file in various places based on your platform:
 13 | ## https://www.torproject.org/docs/faq#torrc
 14 | 
 15 | ## Tor opens a SOCKS proxy on port 9050 by default -- even if you don't
 16 | ## configure one below. Set "SOCKSPort 0" if you plan to run Tor only
 17 | ## as a relay, and not make any local application connections yourself.
 18 | #SOCKSPort 9050 # Default: Bind to localhost:9050 for local connections.
 19 | #SOCKSPort 192.168.0.1:9100 # Bind to this address:port too.
 20 | SOCKSPort 9050
 21 | 
 22 | ## Entry policies to allow/deny SOCKS requests based on IP address.
 23 | ## First entry that matches wins. If no SOCKSPolicy is set, we accept
 24 | ## all (and only) requests that reach a SOCKSPort. Untrusted users who
 25 | ## can access your SOCKSPort may be able to learn about the connections
 26 | ## you make.
 27 | #SOCKSPolicy accept 192.168.0.0/16
 28 | #SOCKSPolicy accept6 FC00::/7
 29 | #SOCKSPolicy reject *
 30 | 
 31 | ## Logs go to stdout at level "notice" unless redirected by something
 32 | ## else, like one of the below lines. You can have as many Log lines as
 33 | ## you want.
 34 | ##
 35 | ## We advise using "notice" in most cases, since anything more verbose
 36 | ## may provide sensitive information to an attacker who obtains the logs.
 37 | ##
 38 | ## Send all messages of level 'notice' or higher to /var/log/tor/notices.log
 39 | Log notice file /var/log/tor/notices.log
 40 | ## Send every possible message to /var/log/tor/debug.log
 41 | #Log debug file /var/log/tor/debug.log
 42 | ## Use the system log instead of Tor's logfiles
 43 | #Log notice syslog
 44 | ## To send all messages to stderr:
 45 | #Log debug stderr
 46 | 
 47 | ## Uncomment this to start the process in the background... or use
 48 | ## --runasdaemon 1 on the command line. This is ignored on Windows;
 49 | ## see the FAQ entry if you want Tor to run as an NT service.
 50 | #RunAsDaemon 1
 51 | 
 52 | ## The directory for keeping all the keys/etc. By default, we store
 53 | ## things in $HOME/.tor on Unix, and in Application Data\tor on Windows.
 54 | #DataDirectory /var/lib/tor
 55 | 
 56 | ## The port on which Tor will listen for local connections from Tor
 57 | ## controller applications, as documented in control-spec.txt.
 58 | ControlPort 9051
 59 | ## If you enable the controlport, be sure to enable one of these
 60 | ## authentication methods, to prevent attackers from accessing it.
 61 | #HashedControlPassword 16:872860B76453A77D60CA2BB8C1A7042072093276A3D701AD684053EC4C
 62 | CookieAuthentication 1
 63 | 
 64 | ############### This section is just for location-hidden services ###
 65 | 
 66 | ## Once you have configured a hidden service, you can look at the
 67 | ## contents of the file ".../hidden_service/hostname" for the address
 68 | ## to tell people.
 69 | ##
 70 | ## HiddenServicePort x y:z says to redirect requests on port x to the
 71 | ## address y:z.
 72 | 
 73 | #HiddenServiceDir /var/lib/tor/hidden_service/
 74 | #HiddenServicePort 80 127.0.0.1:80
 75 | 
 76 | #HiddenServiceDir /var/lib/tor/other_hidden_service/
 77 | #HiddenServicePort 80 127.0.0.1:80
 78 | #HiddenServicePort 22 127.0.0.1:22
 79 | 
 80 | ################ This section is just for relays #####################
 81 | #
 82 | ## See https://www.torproject.org/docs/tor-doc-relay for details.
 83 | 
 84 | ## Required: what port to advertise for incoming Tor connections.
 85 | #ORPort 9001
 86 | ## If you want to listen on a port other than the one advertised in
 87 | ## ORPort (e.g. to advertise 443 but bind to 9090), you can do it as
 88 | ## follows.  You'll need to do ipchains or other port forwarding
 89 | ## yourself to make this work.
 90 | ORPort 443 NoListen
 91 | ORPort 9090 NoAdvertise
 92 | 
 93 | ## The IP address or full DNS name for incoming connections to your
 94 | ## relay. Leave commented out and Tor will guess.
 95 | #Address noname.example.com
 96 | 
 97 | ## If you have multiple network interfaces, you can specify one for
 98 | ## outgoing traffic to use.
 99 | # OutboundBindAddress 10.0.0.5
100 | 
101 | ## A handle for your relay, so people don't have to refer to it by key.
102 | Nickname DNCBridgeRPi
103 | 
104 | ## Define these to limit how much relayed traffic you will allow. Your
105 | ## own traffic is still unthrottled. Note that RelayBandwidthRate must
106 | ## be at least 75 kilobytes per second.
107 | ## Note that units for these config options are bytes (per second), not
108 | ## bits (per second), and that prefixes are binary prefixes, i.e. 2^10,
109 | ## 2^20, etc.
110 | #RelayBandwidthRate 100 KBytes  # Throttle traffic to 100KB/s (800Kbps)
111 | #RelayBandwidthBurst 200 KBytes # But allow bursts up to 200KB (1600Kb)
112 | 
113 | ## Use these to restrict the maximum traffic per day, week, or month.
114 | ## Note that this threshold applies separately to sent and received bytes,
115 | ## not to their sum: setting "40 GB" may allow up to 80 GB total before
116 | ## hibernating.
117 | ##
118 | ## Set a maximum of 40 gigabytes each way per period.
119 | #AccountingMax 40 GBytes
120 | ## Each period starts daily at midnight (AccountingMax is per day)
121 | #AccountingStart day 00:00
122 | ## Each period starts on the 3rd of the month at 15:00 (AccountingMax
123 | ## is per month)
124 | #AccountingStart month 3 15:00
125 | 
126 | ## Administrative contact information for this relay or bridge. This line
127 | ## can be used to contact you if your relay or bridge is misconfigured or
128 | ## something else goes wrong. Note that we archive and publish all
129 | ## descriptors containing these lines and that Google indexes them, so
130 | ## spammers might also collect them. You may want to obscure the fact that
131 | ## it's an email address and/or generate a new address for this purpose.
132 | #ContactInfo Random Person <nobody AT example dot com>
133 | ## You might also include your PGP or GPG fingerprint if you have one:
134 | #ContactInfo 0xFFFFFFFF Random Person <nobody AT example dot com>
135 | ContactInfo 0x81CA2E51 David Cook <divergentdave@gmail.com>
136 | 
137 | ## Uncomment this to mirror directory information for others. Please do
138 | ## if you have enough bandwidth.
139 | #DirPort 9030 # what port to advertise for directory connections
140 | ## If you want to listen on a port other than the one advertised in
141 | ## DirPort (e.g. to advertise 80 but bind to 9091), you can do it as
142 | ## follows.  below too. You'll need to do ipchains or other port
143 | ## forwarding yourself to make this work.
144 | #DirPort 80 NoListen
145 | #DirPort 127.0.0.1:9091 NoAdvertise
146 | ## Uncomment to return an arbitrary blob of html on your DirPort. Now you
147 | ## can explain what Tor is if anybody wonders why your IP address is
148 | ## contacting them. See contrib/tor-exit-notice.html in Tor's source
149 | ## distribution for a sample.
150 | #DirPortFrontPage /etc/tor/tor-exit-notice.html
151 | 
152 | DirPort 0
153 | DirReqStatistics 0
154 | 
155 | ## Uncomment this if you run more than one Tor relay, and add the identity
156 | ## key fingerprint of each Tor relay you control, even if they're on
157 | ## different networks. You declare it here so Tor clients can avoid
158 | ## using more than one of your relays in a single circuit. See
159 | ## https://www.torproject.org/docs/faq#MultipleRelays
160 | ## However, you should never include a bridge's fingerprint here, as it would
161 | ## break its concealability and potentially reveal its IP/TCP address.
162 | #MyFamily $keyid,$keyid,...
163 | 
164 | ## A comma-separated list of exit policies. They're considered first
165 | ## to last, and the first match wins.
166 | ##
167 | ## If you want to allow the same ports on IPv4 and IPv6, write your rules
168 | ## using accept/reject *. If you want to allow different ports on IPv4 and
169 | ## IPv6, write your IPv6 rules using accept6/reject6 *6, and your IPv4 rules
170 | ## using accept/reject *4.
171 | ##
172 | ## If you want to _replace_ the default exit policy, end this with either a
173 | ## reject *:* or an accept *:*. Otherwise, you're _augmenting_ (prepending to)
174 | ## the default exit policy. Leave commented to just use the default, which is
175 | ## described in the man page or at
176 | ## https://www.torproject.org/documentation.html
177 | ##
178 | ## Look at https://www.torproject.org/faq-abuse.html#TypicalAbuses
179 | ## for issues you might encounter if you use the default exit policy.
180 | ##
181 | ## If certain IPs and ports are blocked externally, e.g. by your firewall,
182 | ## you should update your exit policy to reflect this -- otherwise Tor
183 | ## users will be told that those destinations are down.
184 | ##
185 | ## For security, by default Tor rejects connections to private (local)
186 | ## networks, including to the configured primary public IPv4 and IPv6 addresses,
187 | ## and any public IPv4 and IPv6 addresses on any interface on the relay.
188 | ## See the man page entry for ExitPolicyRejectPrivate if you want to allow
189 | ## "exit enclaving".
190 | ##
191 | #ExitPolicy accept *:6660-6667,reject *:* # allow irc ports on IPv4 and IPv6 but no more
192 | #ExitPolicy accept *:119 # accept nntp ports on IPv4 and IPv6 as well as default exit policy
193 | #ExitPolicy accept *4:119 # accept nntp ports on IPv4 only as well as default exit policy
194 | #ExitPolicy accept6 *6:119 # accept nntp ports on IPv6 only as well as default exit policy
195 | ExitPolicy reject *:* # no exits allowed
196 | 
197 | ## Bridge relays (or "bridges") are Tor relays that aren't listed in the
198 | ## main directory. Since there is no complete public list of them, even an
199 | ## ISP that filters connections to all the known Tor relays probably
200 | ## won't be able to block all the bridges. Also, websites won't treat you
201 | ## differently because they won't know you're running Tor. If you can
202 | ## be a real relay, please do; but if not, be a bridge!
203 | BridgeRelay 1
204 | ## By default, Tor will advertise your bridge to users through various
205 | ## mechanisms like https://bridges.torproject.org/. If you want to run
206 | ## a private bridge, for example because you'll give out your bridge
207 | ## address manually to your friends, uncomment this line:
208 | #PublishServerDescriptor 0
209 | 
210 | AvoidDiskWrites 1
211 | 
212 | ServerTransportPlugin obfs3,scramblesuit exec /usr/local/bin/obfsproxy managed
213 | ExtORPort auto
214 | 


--------------------------------------------------------------------------------
/vimrc:
--------------------------------------------------------------------------------
 1 | execute pathogen#infect()
 2 | 
 3 | syntax on
 4 | filetype plugin indent on
 5 | 
 6 | " Spaces, not \t
 7 | setlocal shiftwidth=4
 8 | setlocal tabstop=4
 9 | setlocal softtabstop=4
10 | setlocal expandtab
11 | 
12 | " Two space indentation for @konklone's projects
13 | autocmd BufRead,BufNewFile,BufEnter /home/pi/inspectors-general/* setlocal shiftwidth=2 tabstop=2 softtabstop=2
14 | autocmd BufRead,BufNewFile,BufEnter /home/pi/oversight.io/* setlocal shiftwidth=2 tabstop=2 softtabstop=2
15 | autocmd BufRead,BufNewFile,BufEnter /home/pi/oversight.garden/* setlocal shiftwidth=2 tabstop=2 softtabstop=2
16 | autocmd BufRead,BufNewFile,BufEnter /home/pi/citation/* setlocal shiftwidth=2 tabstop=2 softtabstop=2
17 | 
18 | " Three spaces for michael/github
19 | autocmd BufRead,BufNewFile,BufEnter /home/pi/github/* setlocal shiftwidth=3 tabstop=3 softtabstop=3
20 | 
21 | " Tabs for Go projects
22 | autocmd BufRead,BufNewFile,BufEnter /home/pi/go/src/* setlocal expandtab! noexpandtab
23 | 
24 | " Tabs for pdf-redactor
25 | autocmd BufRead,BufNewFile,BufEnter /home/pi/pdf-redactor/* setlocal expandtab! noexpandtab shiftwidth=8 tabstop=8 softtabstop=8
26 | 
27 | autocmd BufNewFile,BufReadPost *.cljc setfiletype clojure
28 | 


--------------------------------------------------------------------------------