├── README.md ├── bashrc ├── bind ├── named.conf └── named.d │ ├── adblock.home │ ├── pi.home │ ├── printer.home │ ├── router.home │ ├── spotify.home │ ├── torrent.home │ ├── update-zonefile.py │ └── wx.home ├── crontab ├── ddclient └── ddclient.conf ├── installed_packages.txt ├── iptables ├── empty.rules └── iptables.rules ├── irssi ├── chaves.theme ├── config └── scripts │ └── autorun │ └── iNotify.pl ├── nginx └── nginx.conf ├── openvpn ├── client │ └── client.conf ├── easy-rsa │ ├── client.conf │ ├── keys │ │ └── ta.key │ ├── pki │ │ └── .rnd │ └── vars ├── make_config.sh ├── revoke └── server │ ├── ipp.txt │ └── openvpn.conf └── vimrc /README.md: -------------------------------------------------------------------------------- 1 | # Raspberry PI Home Server 2 | This is my Raspberry PI 2 home server. It acts as [a DNS server with adblocking capabilites](https://github.com/reynico/my-raspberry/tree/master/bind), [Dynamic update DNS client](https://github.com/reynico/my-raspberry/tree/master/ddclient), [IRC chat client](https://github.com/reynico/my-raspberry/tree/master/irssi), [Nginx webserver and proxy](https://github.com/reynico/my-raspberry/tree/master/nginx) and [OpenVPN server](https://github.com/reynico/my-raspberry/tree/master/openvpn). All of this running over Arch Linux ARM. 3 | ### To-do 4 | * Implement docker containers (may need a hardware upgrade) 5 | * Implement automation using Ansible 6 | * Implement OpenVPN user creation/delete/manage 7 | -------------------------------------------------------------------------------- /bashrc: -------------------------------------------------------------------------------- 1 | # 2 | # ~/.bashrc 3 | # 4 | 5 | # If not running interactively, don't do anything 6 | [[ $- != *i* ]] && return 7 | export LC_ALL=en_US.UTF-8 8 | alias ls='ls -p --color=auto' 9 | PS1='[\u@\h \W]\$ ' 10 | alias omxplayer="omxplayer -r -o local" 11 | -------------------------------------------------------------------------------- /bind/named.conf: -------------------------------------------------------------------------------- 1 | acl home { 2 | 192.168.1.0/24; 3 | 10.8.0.0/24; 4 | }; 5 | 6 | statistics-channels { 7 | inet 127.0.0.1 port 8053; 8 | }; 9 | 10 | options { 11 | directory "/var/named"; 12 | pid-file "/run/named/named.pid"; 13 | session-keyfile "/var/bind/session.key"; 14 | listen-on { 192.168.1.3; }; 15 | recursion yes; 16 | allow-query { home; }; 17 | allow-recursion { home; }; 18 | allow-transfer { none; }; 19 | allow-update { none; }; 20 | dnssec-enable yes; 21 | dnssec-validation yes; 22 | response-policy { zone "adblock.home"; }; 23 | }; 24 | 25 | zone "pi.home" IN { 26 | type master; 27 | file "/etc/named.d/pi.home"; 28 | }; 29 | 30 | zone "router.home" IN { 31 | type master; 32 | file "/etc/named.d/router.home"; 33 | }; 34 | 35 | zone "spotify.home" IN { 36 | type master; 37 | file "/etc/named.d/spotify.home"; 38 | }; 39 | 40 | zone "torrent.home" IN { 41 | type master; 42 | file "/etc/named.d/torrent.home"; 43 | }; 44 | 45 | zone "wx.home" IN { 46 | type master; 47 | file "/etc/named.d/wx.home"; 48 | }; 49 | 50 | zone "printer.home" IN { 51 | type master; 52 | file "/etc/named.d/printer.home"; 53 | }; 54 | 55 | zone "adblock.home" { 56 | type master; 57 | file "/etc/named.d/adblock.home"; 58 | allow-query { none; }; 59 | }; 60 | 61 | logging { 62 | channel xfer-log { 63 | file "/var/log/named/named.log"; 64 | print-category yes; 65 | print-severity yes; 66 | severity info; 67 | }; 68 | channel queries_log { 69 | file "/var/log/named/queries.log" versions unlimited size 2g; 70 | severity info; 71 | print-time no; 72 | }; 73 | category queries{ queries_log; }; 74 | category xfer-in { xfer-log; }; 75 | category xfer-out { xfer-log; }; 76 | category notify { xfer-log; }; 77 | }; 78 | -------------------------------------------------------------------------------- /bind/named.d/pi.home: -------------------------------------------------------------------------------- 1 | ; pi.home 2 | $TTL 3600 3 | pi.home. IN SOA a.root-servers.net. me@reyni.co. ( 4 | 2017041301 ; Serial 5 | 3H ; refresh after 3 hours 6 | 1H ; retry after 1 hour 7 | 1W ; expire after 1 week 8 | 1D) ; minimum TTL of 1 day 9 | 10 | ; Name Server 11 | IN NS a.root-servers.net. ; VeriSign verteilt (anycast) 12 | IN NS e.root-servers.net. ; ns.nasa.gov, Mountain View, Kalifornien, USA 13 | IN NS l.root-servers.net. ; ICANN verteilt (anycast) 14 | pi.home. IN A 192.168.1.3 15 | -------------------------------------------------------------------------------- /bind/named.d/printer.home: -------------------------------------------------------------------------------- 1 | ; printer.home 2 | $TTL 3600 3 | printer.home. IN SOA a.root-servers.net. me@reyni.co. ( 4 | 2017041301 ; Serial 5 | 3H ; refresh after 3 hours 6 | 1H ; retry after 1 hour 7 | 1W ; exprinterre after 1 week 8 | 1D) ; minimum TTL of 1 day 9 | 10 | ; Name Server 11 | IN NS a.root-servers.net. ; VeriSign verteilt (anycast) 12 | IN NS e.root-servers.net. ; ns.nasa.gov, Mountain View, Kalifornien, USA 13 | IN NS l.root-servers.net. ; ICANN verteilt (anycast) 14 | printer.home. IN A 192.168.1.4 15 | -------------------------------------------------------------------------------- /bind/named.d/router.home: -------------------------------------------------------------------------------- 1 | ; router.home 2 | $TTL 3600 3 | router.home. IN SOA a.root-servers.net. me@reyni.co. ( 4 | 2017041301 ; Serial 5 | 3H ; refresh after 3 hours 6 | 1H ; retry after 1 hour 7 | 1W ; exrouterre after 1 week 8 | 1D) ; minimum TTL of 1 day 9 | 10 | ; Name Server 11 | IN NS a.root-servers.net. ; VeriSign verteilt (anycast) 12 | IN NS e.root-servers.net. ; ns.nasa.gov, Mountain View, Kalifornien, USA 13 | IN NS l.root-servers.net. ; ICANN verteilt (anycast) 14 | router.home. IN A 192.168.1.1 15 | -------------------------------------------------------------------------------- /bind/named.d/spotify.home: -------------------------------------------------------------------------------- 1 | ; pi.home 2 | $TTL 3600 3 | spotify.home. IN SOA a.root-servers.net. me@reyni.co. ( 4 | 2017041301 ; Serial 5 | 3H ; refresh after 3 hours 6 | 1H ; retry after 1 hour 7 | 1W ; expire after 1 week 8 | 1D) ; minimum TTL of 1 day 9 | 10 | ; Name Server 11 | IN NS a.root-servers.net. ; VeriSign verteilt (anycast) 12 | IN NS e.root-servers.net. ; ns.nasa.gov, Mountain View, Kalifornien, USA 13 | IN NS l.root-servers.net. ; ICANN verteilt (anycast) 14 | spotify.home. IN A 192.168.1.3 15 | spotify IN A 192.168.1.3 16 | -------------------------------------------------------------------------------- /bind/named.d/torrent.home: -------------------------------------------------------------------------------- 1 | ; pi.home 2 | $TTL 3600 3 | torrent.home. IN SOA a.root-servers.net. me@reyni.co. ( 4 | 2017041301 ; Serial 5 | 3H ; refresh after 3 hours 6 | 1H ; retry after 1 hour 7 | 1W ; expire after 1 week 8 | 1D) ; minimum TTL of 1 day 9 | 10 | ; Name Server 11 | IN NS a.root-servers.net. ; VeriSign verteilt (anycast) 12 | IN NS e.root-servers.net. ; ns.nasa.gov, Mountain View, Kalifornien, USA 13 | IN NS l.root-servers.net. ; ICANN verteilt (anycast) 14 | torrent.home. IN A 192.168.1.3 15 | torrent IN A 192.168.1.3 16 | -------------------------------------------------------------------------------- /bind/named.d/update-zonefile.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | ''' 4 | Copyright (c) 2018 Daniel Triendl 5 | 6 | Permission is hereby granted, free of charge, to any person obtaining a copy 7 | of this software and associated documentation files (the "Software"), to deal 8 | in the Software without restriction, including without limitation the rights 9 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 | copies of the Software, and to permit persons to whom the Software is 11 | furnished to do so, subject to the following conditions: 12 | 13 | The above copyright notice and this permission notice shall be included in all 14 | copies or substantial portions of the Software. 15 | 16 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 22 | SOFTWARE. 23 | ''' 24 | 25 | import requests 26 | from pathlib import Path 27 | from datetime import datetime 28 | import email.utils as eut 29 | import os 30 | import hashlib 31 | import re 32 | import sys 33 | import dns.zone 34 | import dns.name 35 | from dns.exception import DNSException 36 | import subprocess 37 | import textwrap 38 | import shutil 39 | from argparse import ArgumentParser 40 | 41 | config = { 42 | # Blocklist download request timeout 43 | 'req_timeout_s': 10, 44 | # Also block *.domain.tld 45 | 'wildcard_block': False, 46 | # Cache directory 47 | 'cache': Path('.cache', 'bind_adblock') 48 | } 49 | 50 | regex_domain = '^(127|0)\\.0\\.0\\.(0|1)[\\s\\t]+(?P([a-z0-9\\-_]+\\.)+[a-z][a-z0-9_-]*)$' 51 | regex_no_comment = '^#.*|^$' 52 | 53 | lists = [ 54 | {'url': 'https://pgl.yoyo.org/as/serverlist.php?hostformat=nohtml&showintro=0', 'filter': regex_no_comment}, 55 | {'url': 'http://mirror1.malwaredomains.com/files/justdomains', 'filter': regex_no_comment}, 56 | {'url': 'http://winhelp2002.mvps.org/hosts.txt', 'regex': regex_domain, 'filter': regex_no_comment}, 57 | {'url': 'https://adaway.org/hosts.txt', 'regex': regex_domain, 'filter': regex_no_comment}, 58 | {'url': 'https://hosts-file.net/ad_servers.txt', 'regex': regex_domain, 'filter': regex_no_comment}, 59 | {'url': 'http://someonewhocares.org/hosts/zero/hosts', 'regex': regex_domain, 'filter': regex_no_comment}, 60 | {'url': 'http://www.malwaredomainlist.com/hostslist/hosts.txt', 'regex': regex_domain, 'filter': regex_no_comment}, 61 | 62 | # 63 | # adlists from pi-hole: https://github.com/pi-hole/pi-hole/blob/master/adlists.default 64 | # 65 | # The below list amalgamates several lists we used previously. 66 | # See `https://github.com/StevenBlack/hosts` for details 67 | # StevenBlack's list 68 | {'url': 'https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts', 'regex': regex_domain, 'filter': regex_no_comment}, 69 | 70 | # Cameleon 71 | {'url': 'http://sysctl.org/cameleon/hosts', 'regex': regex_domain, 'filter': regex_no_comment}, 72 | 73 | # Zeustracker 74 | {'url': 'https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist', 'filter': regex_no_comment}, 75 | 76 | # Disconnect.me Tracking 77 | {'url': 'https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt', 'filter': regex_no_comment}, 78 | 79 | # Disconnect.me Ads 80 | {'url': 'https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt', 'filter': regex_no_comment}, 81 | 82 | # Suspicious Domains - SANS ISC 83 | {'url': 'https://isc.sans.edu/feeds/suspiciousdomains_Low.txt', 'filter': regex_no_comment}, 84 | 85 | ] 86 | 87 | def download_list(url): 88 | headers = None 89 | 90 | cache = Path(config['cache'], hashlib.sha1(url.encode()).hexdigest()) 91 | 92 | if cache.is_file(): 93 | last_modified = datetime.utcfromtimestamp(cache.stat().st_mtime) 94 | headers = { 95 | 'If-modified-since': eut.format_datetime(last_modified), 96 | 'User-Agent': 'Bind adblock zonfile updater v1.0 (https://github.com/Trellmor/bind-adblock)' 97 | } 98 | 99 | try: 100 | r = requests.get(url, headers=headers, timeout=config['req_timeout_s']) 101 | 102 | if r.status_code == 200: 103 | with cache.open('w', encoding='utf8') as f: 104 | f.write(r.text) 105 | if 'last-modified' in r.headers: 106 | last_modified = eut.parsedate_to_datetime(r.headers['last-modified']).timestamp() 107 | os.utime(str(cache), times=(last_modified, last_modified)) 108 | 109 | return r.text 110 | except requests.exceptions.RequestException as e: 111 | print(e) 112 | 113 | if cache.is_file(): 114 | with cache.open() as f: 115 | return f.read() 116 | 117 | def check_domain(domain, origin): 118 | if domain == '': 119 | return False 120 | 121 | if config['wildcard_block']: 122 | domain = '*.' + domain 123 | 124 | try: 125 | name = dns.name.from_text(domain, origin) 126 | except DNSException as e: 127 | return False 128 | 129 | return True 130 | 131 | def parse_lists(origin): 132 | domains = set() 133 | origin_name = dns.name.from_text(origin) 134 | for l in lists: 135 | data = download_list(l['url']) 136 | if data: 137 | print(l["url"]) 138 | 139 | lines = data.splitlines() 140 | print("\t{} lines".format(len(lines))) 141 | 142 | c = len(domains) 143 | 144 | for line in data.splitlines(): 145 | domain = '' 146 | 147 | if 'filter' in l: 148 | m = re.match(l['filter'], line) 149 | if m: 150 | continue 151 | 152 | if 'regex' in l: 153 | m = re.match(l['regex'], line) 154 | if m: 155 | domain = m.group('domain') 156 | else: 157 | domain = line 158 | 159 | domain = domain.strip() 160 | if check_domain(domain, origin_name): 161 | domains.add(domain) 162 | 163 | print("\t{} domains".format(len(domains) - c)) 164 | 165 | print("\nTotal\n\t{} domains".format(len(domains))) 166 | return domains 167 | 168 | def load_zone(zonefile, origin): 169 | zone_text = '' 170 | path = Path(zonefile) 171 | 172 | if not path.exists(): 173 | with path.open('w') as f: 174 | f.write('@ 3600 IN SOA @ admin.{}. 0 86400 7200 2592000 86400\n@ 3600 IN NS LOCALHOST.'.format(origin)) 175 | 176 | print(textwrap.dedent('''\ 177 | Zone file "{0}" created. 178 | 179 | Add BIND options entry: 180 | response-policy {{ 181 | zone "{1}" 182 | }}; 183 | 184 | Add BIND zone entry: 185 | zone "{1}" {{ 186 | type master; 187 | file "{0}"; 188 | allow-query {{ none; }}; 189 | }}; 190 | ''').format(path.resolve(), origin)) 191 | 192 | 193 | with path.open('r') as f: 194 | for line in f: 195 | if "CNAME" in line: 196 | break 197 | zone_text += line 198 | 199 | return dns.zone.from_text(zone_text, origin) 200 | 201 | def update_serial(zone): 202 | soa = zone.get_rdataset('@', dns.rdatatype.SOA)[0] 203 | soa.serial += 1 204 | 205 | def check_zone(origin, zonefile): 206 | cmd = ['named-checkzone', '-q', origin, str(zonefile)] 207 | r = subprocess.call(cmd) 208 | return r == 0 209 | 210 | def reload_zone(origin): 211 | cmd = ['rndc', 'reload', origin] 212 | r = subprocess.call(cmd) 213 | if r != 0: 214 | raise Exception('rndc failed with return code {}'.format(r)) 215 | 216 | if __name__ == '__main__': 217 | parser = ArgumentParser(description='Update zone file from public DNS ad blocking lists') 218 | parser.add_argument('--no-bind', dest='no_bind', action='store_true', help='Don\'t try to check/reload bind zone') 219 | parser.add_argument('zonefile', help='path to zone file') 220 | parser.add_argument('origin', help='zone origin') 221 | args = parser.parse_args() 222 | 223 | zone = load_zone(args.zonefile, args.origin) 224 | update_serial(zone) 225 | 226 | if not config['cache'].is_dir(): 227 | config['cache'].mkdir(parents=True) 228 | 229 | domains = parse_lists(args.origin) 230 | 231 | tmpzonefile = Path(config['cache'], 'tempzone') 232 | zone.to_file(str(tmpzonefile)) 233 | 234 | with tmpzonefile.open('a') as f: 235 | for d in (sorted(domains)): 236 | f.write(d + ' IN CNAME .\n') 237 | if config['wildcard_block']: 238 | f.write('*.' + d + ' IN CNAME .\n') 239 | 240 | if args.no_bind: 241 | shutil.move(str(tmpzonefile), str(args.zonefile)) 242 | else: 243 | if check_zone(args.origin, tmpzonefile): 244 | shutil.move(str(tmpzonefile), str(args.zonefile)) 245 | reload_zone(args.origin) 246 | else: 247 | print('Zone file invalid, not loading') 248 | -------------------------------------------------------------------------------- /bind/named.d/wx.home: -------------------------------------------------------------------------------- 1 | ; pi.home 2 | $TTL 3600 3 | wx.home. IN SOA a.root-servers.net. me@reyni.co. ( 4 | 2017041301 ; Serial 5 | 3H ; refresh after 3 hours 6 | 1H ; retry after 1 hour 7 | 1W ; expire after 1 week 8 | 1D) ; minimum TTL of 1 day 9 | 10 | ; Name Server 11 | IN NS a.root-servers.net. ; VeriSign verteilt (anycast) 12 | IN NS e.root-servers.net. ; ns.nasa.gov, Mountain View, Kalifornien, USA 13 | IN NS l.root-servers.net. ; ICANN verteilt (anycast) 14 | wx.home. IN A 192.168.1.5 15 | wx IN A 192.168.1.5 16 | * IN A 192.168.1.5 17 | -------------------------------------------------------------------------------- /crontab: -------------------------------------------------------------------------------- 1 | # Update local library 2 | 00 03 * * * mopidyctl local scan 3 | # Restart mopidy to avoid random hangs 4 | 00 04 * * * systemctl restart mopidy 5 | # Update adblock zonefile on Bind 6 | 00 00 * * * python3 /etc/named.d/update-zonefile.py /etc/named.d/adblock.home adblock.home 1>/var/log/adblock-update.log 2>/var/log/adblock-update.err 7 | -------------------------------------------------------------------------------- /ddclient/ddclient.conf: -------------------------------------------------------------------------------- 1 | daemon=10 2 | syslog=yes 3 | pid=/var/run/ddclient.pid 4 | ssl=no 5 | use=web, web=checkip.dyndns.com/, web-skip='IP Address:' # found after IP Address 6 | 7 | server=api.dynu.com # IP update server. 8 | protocol=dyndns2 9 | login=mylogin 10 | password=mypasswd 11 | MYDOMAI§.DYNU.COM 12 | -------------------------------------------------------------------------------- /installed_packages.txt: -------------------------------------------------------------------------------- 1 | a52dec 0.7.4-9 2 | aalib 1.4rc5-12 3 | acl 2.2.52-4 4 | acpi 1.7-2 5 | alsa-firmware 1.0.29-1 6 | alsa-lib 1.1.4.1-1 7 | alsa-plugins 1.1.4-1 8 | alsa-utils 1.1.4-1 9 | alsaplayer 0.99.81-8 10 | at-spi2-core 2.24.1-1 11 | attr 2.4.47-3 12 | autoconf 2.69-4 13 | automake 1.15.1-1 14 | avahi 0.7-1 15 | axel 2.13.1-1 16 | bash 4.4.012-2 17 | bc 1.07.1-1 18 | bind 9.11.2-2 19 | bind-tools 9.11.2-2 20 | binutils 2.29.0-1 21 | bison 3.0.4-3 22 | blas 3.7.1-2 23 | boost 1.64.0-4 24 | boost-libs 1.64.0-4 25 | bridge-utils 1.6-2 26 | bzip2 1.0.6-6 27 | ca-certificates 20170307-1 28 | ca-certificates-cacert 20140824-4 29 | ca-certificates-mozilla 3.32-1 30 | ca-certificates-utils 20170307-1 31 | cairo 1.14.10-1 32 | cblas 3.7.1-2 33 | cdparanoia 10.2-5 34 | celt 0.11.3-2 35 | certbot 0.17.0-1 36 | chromaprint 1.4.2-1 37 | cifs-utils 6.7-2 38 | compositeproto 0.4.2-3 39 | confuse 3.2.1-1 40 | coreutils 8.28-1 41 | cracklib 2.9.6-1 42 | cronie 1.5.1-1 43 | cryptsetup 1.7.5-1 44 | curl 7.55.1-2 45 | damageproto 1.2.1-3 46 | db 5.3.28-3 47 | dbus 1.10.22-1 48 | dconf 0.26.0+1+g701d19d-1 49 | ddclient 3.8.3-2 50 | debtap 3.1.4-2 51 | desktop-file-utils 0.23-1 52 | despotify-svn 521-2.1 53 | device-mapper 2.02.173-1 54 | dhcpcd 6.11.5-1 55 | dialog 1:1.3_20170509-1 56 | diffutils 3.6-1 57 | ding-libs 0.6.0-1 58 | dkms 2.4.0-2 59 | dmxproto 2.3.1-3 60 | dnssec-anchors 20170711-1 61 | docbook-xml 4.5-6 62 | docbook-xsl 1.79.2-3 63 | dotconf 1.3-4 64 | e2fsprogs 1.43.6-1 65 | easy-rsa 3.0.3-1 66 | elfutils 0.169-2 67 | enca 1.19-1 68 | eventlog 0.2.12-4 69 | expat 2.2.4-1 70 | faac 1.29.3-1 71 | faad2 2.8.1-1 72 | fakeroot 1.22-1 73 | fbset 2.1-5 74 | ffmpeg 1:3.3.3-2 75 | fftw 3.3.6-2 76 | file 5.32-1 77 | filesystem 2017.03-2 78 | findutils 4.6.0-2 79 | fixesproto 5.0+9+g4292ec1-1 80 | flac 1.3.2-1 81 | flex 2.6.4-1 82 | fontconfig 2.12.5-1 83 | fontsproto 2.1.3-2 84 | foomatic-db 3:20170106-1 85 | foomatic-db-gutenprint-ppds 5.2.13-1 86 | foomatic-db-nonfree-ppds 3:20170106-1 87 | freeglut 3.0.0-1 88 | freeimage 3.17.0-2.1 89 | freetds 1.00.44-1 90 | freetype2 2.8-2 91 | fribidi 0.19.7-1 92 | gawk 4.1.4-2 93 | gc 7.6.0-1 94 | gcc 7.2.0-2 95 | gcc-libs 7.2.0-2 96 | gd 2.2.5-1 97 | gdbm 1.13-1 98 | gdk-pixbuf2 2.36.9-1 99 | geoclue2 2.4.7-1 100 | geoip 1.6.10-1 101 | geoip-database 20170801-1 102 | gettext 0.19.8.1-2 103 | ghostscript 9.21-3 104 | giflib 5.1.4-1 105 | git 2.14.1-1 106 | glib-networking 2.50.0-2 107 | glib2 2.52.3-1 108 | glib2-docs 2.52.3-1 109 | glibc 2.26-3 110 | glu 9.0.0-4 111 | gmp 6.1.2-1 112 | gnu-netcat 0.7.1-6 113 | gnupg 2.2.0-1 114 | gnutls 3.5.15-1 115 | gobject-introspection 1.52.1-1 116 | gobject-introspection-runtime 1.52.1-1 117 | gpac 1:0.7.1-3 118 | gpgme 1.9.0-3 119 | gpm 1.20.7-8 120 | graphene 1.6.0-1 121 | graphite 1:1.3.10-1 122 | grep 3.1-1 123 | groff 1.22.3-7 124 | gsettings-desktop-schemas 3.24.0-1 125 | gsm 1.0.16-1 126 | gssproxy 0.6.2-1 127 | gst-libav 1.12.2-1 128 | gst-plugins-bad 1.12.2-4 129 | gst-plugins-base 1.12.2-1 130 | gst-plugins-base-libs 1.12.2-1 131 | gst-plugins-good 1.12.2-1 132 | gst-plugins-ugly 1.12.2-1 133 | gst-python2 1.12.2-1 134 | gstreamer 1.12.2-1 135 | gstreamer0.10 0.10.36-4 136 | gstreamer0.10-base 0.10.36-3 137 | gstreamer0.10-good 0.10.31-11 138 | gstreamer0.10-python 0.10.22-2 139 | gstreamer0.10-ugly 0.10.19-16 140 | gstreamer0.10-ugly-plugins 0.10.19-16 141 | gtk-doc 1.26+10+g01844e7-1 142 | gtk-update-icon-cache 3.22.20-1 143 | guile 2.2.2-1 144 | gzip 1.8-2 145 | harfbuzz 1.5.1-1 146 | harfbuzz-icu 1.5.1-1 147 | haveged 1.9.1-3 148 | help2man 1.47.4-1 149 | hicolor-icon-theme 0.15-1 150 | hspell 1.3-1 151 | htop 2.0.2-2 152 | http-parser 2.7.1-1 153 | hunspell 1.6.2-1 154 | hwids 20170715-1 155 | hyphen 2.8.8-1 156 | i2c-tools 3.1.2-1 157 | iana-etc 20170824-1 158 | icu 59.1-2 159 | idnkit 1.0-3 160 | iftop 1.0pre4-2 161 | ijs 0.35-1 162 | ilmbase 2.2.0-2 163 | imagemagick 6.9.9.12-1 164 | imlib2 1.4.10-1 165 | inetutils 1.9.4-5 166 | inputproto 2.3.2-1 167 | intltool 0.51.0-3 168 | iproute2 4.13.0-1 169 | iptables 1.6.1-1 170 | iputils 20161105.1f2bb12-2 171 | irssi 1.0.4-3 172 | iso-codes 3.75-1 173 | jack 0.125.0-3 174 | jasper 2.0.13-2 175 | jbig2dec 0.13-1 176 | jfsutils 1.1.15-4 177 | js 24.2.0-4 178 | json-c 0.12.1-1 179 | json-glib 1.2.8-1 180 | kbd 2.0.4-1 181 | kbproto 1.0.7-1 182 | keyutils 1.5.10-1 183 | kmod 24-1 184 | krb5 1.15.1-1 185 | ladspa 1.13-6 186 | lame 3.99.5-3 187 | lapack 3.7.1-2 188 | lcms 1.19-5 189 | lcms2 2.8-2 190 | ldb 1.1.29-1 191 | ldns 1.7.0-3 192 | less 487-1 193 | libaio 0.3.110-1 194 | libao 1.2.2-1 195 | libarchive 3.3.2-1 196 | libass 0.13.7-1 197 | libassuan 2.4.3-1 198 | libasyncns 0.8+3+g68cd5af-1 199 | libatomic_ops 7.4.6-1 200 | libavc1394 0.5.4-3 201 | libbluray 1.0.1-1 202 | libbsd 0.8.6-1 203 | libcaca 0.99.beta19-1 204 | libcap 2.25-1 205 | libcap-ng 0.7.8-1 206 | libcddb 1.3.2-4 207 | libcdio 0.94-2 208 | libcdio-paranoia 10.2+0.94+1-2 209 | libcroco 0.6.12+4+g9ad7287-1 210 | libcups 2.2.4-2 211 | libdaemon 0.14-3 212 | libdatrie 0.2.10-2 213 | libdbi 0.9.0-2 214 | libdc1394 2.2.5-1 215 | libdca 0.0.5-5 216 | libdmx 1.1.3-1 217 | libdrm 2.4.83-1 218 | libdv 1.0.0-7 219 | libdvdnav 5.0.3-1 220 | libdvdread 5.0.4-1 221 | libedit 20170329_3.1-1 222 | libelf 0.169-2 223 | libepoxy 1.4.3-1 224 | libevdev 1.5.7-1 225 | libevent 2.1.8-1 226 | libexif 0.6.21-3 227 | libfbclient 2.5.7.27050-3 228 | libfdk-aac 0.1.5-1 229 | libffi 3.2.1-2 230 | libfontenc 1.1.3-1 231 | libftdi 1.3-5 232 | libftdi-compat 0.20-3 233 | libgcrypt 1.8.1-1 234 | libglvnd 0.2.999+g4ba53457-2 235 | libgme 0.6.1-1 236 | libgpg-error 1.27-1 237 | libgudev 231+1+g0841288-1 238 | libice 1.0.9-1 239 | libid3tag 0.15.1b-8 240 | libidn 1.33-2 241 | libiec61883 1.2.0-4 242 | libimobiledevice 1.2.0-6 243 | libinput 1.8.2-1 244 | libirman 0.5.2-1 245 | libjpeg-turbo 1.5.2-1 246 | libksba 1.3.4-2 247 | libldap 2.4.45-4 248 | liblouis 3.3.0-1 249 | liblqr 0.4.2-1 250 | libmad 0.15.1b-7 251 | libmariadbclient 10.1.26-1 252 | libmicrohttpd 0.9.55-1 253 | libmm-glib 1.6.8-1 254 | libmms 0.6.4-2 255 | libmng 2.0.3-1 256 | libmnl 1.0.4-1 257 | libmodplug 0.8.9.0-1 258 | libmp4v2 2.0.0-4 259 | libmpc 1.0.3-2 260 | libmpcdec 1:0.1+r475-1 261 | libmpdclient 2.11-1 262 | libmpeg2 0.5.1-5 263 | libnewt 0.52.20-1 264 | libnftnl 1.0.7-1 265 | libnghttp2 1.23.1-1 266 | libnl 3.3.0-1 267 | libnotify 0.7.7-1 268 | libofa 0.9.3-7 269 | libogg 1.3.2-1 270 | libomxil-bellagio 0.9.3-1 271 | libpaper 1.1.24-10 272 | libpcap 1.8.1-2 273 | libpciaccess 0.13.5-1 274 | libpipeline 1.4.2-1 275 | libplist 2.0.0-1 276 | libpng 1.6.32-1 277 | libproxy 0.4.15-6 278 | libpsl 0.18.0-1 279 | libpulse 11.0-1 280 | libraqm 0.3.0-2 281 | libraw1394 2.1.2-1 282 | librsvg 2:2.40.18-1 283 | libsamplerate 0.1.9-1 284 | libsasl 2.1.26-11 285 | libseccomp 2.3.2-1 286 | libsecret 0.18.5+14+g9980655-1 287 | libshout 1:2.4.1-3 288 | libsidplay 1.36.59-8 289 | libsm 1.2.2-2 290 | libsndfile 1.0.28-1 291 | libsoup 2.58.2-1 292 | libsoxr 0.1.2-1 293 | libspeechd 0.8.7-3 294 | libspotify 12.1.51-3 295 | libsrtp 1:1.5.4-2 296 | libssh 0.7.5-2 297 | libssh2 1.8.0-2 298 | libsystemd 234.11-8 299 | libtasn1 4.12-2 300 | libthai 0.1.26-1 301 | libtheora 1.1.1-3 302 | libtiff 4.0.8-2 303 | libtirpc 1.0.2-1 304 | libtool 2.4.6+40+g6ca5e224-1 305 | libtxc_dxtn 1.0.1-6 306 | libunistring 0.9.7-1 307 | libunwind 1.2.1-1 308 | libusb 1.0.21-2 309 | libusb-compat 0.1.5-1 310 | libusbmuxd 1.0.10-2 311 | libutempter 1.1.6-2 312 | libutil-linux 2.30.1-2 313 | libuv 1.14.0-1 314 | libva 1.8.3-1 315 | libvdpau 1.1.1-2 316 | libvisual 0.4.0-6 317 | libvoikko 4.1.1-1 318 | libvorbis 1.3.5-1 319 | libvpx 1.6.1-1 320 | libwacom 0.24-1 321 | libwbclient 4.6.7-1 322 | libwebp 0.6.0-1 323 | libx11 1.6.5-1 324 | libx264 2:148.20170521-1 325 | libx264-all 2:148.20170521-1 326 | libxau 1.0.8-2 327 | libxaw 1.0.13-1 328 | libxcb 1.12-1 329 | libxcomposite 0.4.4-2 330 | libxcursor 1.1.14-2 331 | libxdamage 1.1.4-2 332 | libxdmcp 1.1.2-1 333 | libxext 1.3.3-1 334 | libxfixes 5.0.3-1 335 | libxfont 1.5.2-1 336 | libxfont2 2.0.1-1 337 | libxft 2.3.2-1 338 | libxi 1.7.9-1 339 | libxinerama 1.1.3-2 340 | libxkbcommon 0.7.2-1 341 | libxkbfile 1.0.9-1 342 | libxml2 2.9.5+6+g07e227ed-1 343 | libxmu 1.1.2-1 344 | libxpm 3.5.12-1 345 | libxrandr 1.5.1-1 346 | libxrender 0.9.10-1 347 | libxres 1.0.7-1 348 | libxshmfence 1.2-1 349 | libxslt 1.1.30-1 350 | libxss 1.2.2-2 351 | libxt 1.1.5-1 352 | libxtst 1.2.3-1 353 | libxv 1.0.11-1 354 | libxvmc 1.0.10-1 355 | libxxf86dga 1.1.4-1 356 | libxxf86vm 1.1.4-1 357 | libyaml 0.1.7-1 358 | libzip 1.2.0-1 359 | licenses 20140629-2 360 | linux-am33x 4.13.0-1 361 | linux-api-headers 4.12.7-1 362 | linux-firmware 20170622.7d2c913-1 363 | linux-raspberrypi-headers 4.9.43-1 364 | lirc 1:0.9.4.d-1 365 | llvm-libs 4.0.1-5 366 | lm_sensors 3.4.0-2 367 | logrotate 3.12.3-1 368 | lsof 4.89-1 369 | lua 5.3.4-2 370 | lua52 5.2.4-2 371 | lz4 1:1.8.0-1 372 | lzo 2.10-1 373 | m4 1.4.18-1 374 | make 4.2.1-2 375 | man-db 2.7.6.1-2 376 | man-pages 4.12-1 377 | mcpp 2.7.2-5 378 | mesa 17.2.0-2 379 | minizip 1:1.2.11-2 380 | mjpegtools 2.1.0-3 381 | mkinitcpio 23-2.1 382 | mkinitcpio-busybox 1.26.1-1 383 | moc 1:2.5.2-1 384 | mopidy 2.1.0-1 385 | mpfr 3.1.5.p2-1 386 | mpg123 1.25.6-1 387 | mplayer 37916-2 388 | mtdev 1.1.5-1 389 | nano 2.8.7-1 390 | ncmpcpp 0.8-1 391 | ncurses 6.0+20170902-1 392 | neon 0.30.2-2 393 | net-snmp 5.7.3-7 394 | net-tools 1.60.20160710git-1 395 | netctl 1.13-2 396 | nettle 3.3-1 397 | nfs-utils 2.1.1-4 398 | nfsidmap 0.26-1 399 | nginx 1.12.1-1 400 | nmap 7.60-1 401 | npth 1.5-1 402 | nspr 4.16-1 403 | nss 3.32-1 404 | ntop 5.0.1-10 405 | ntp 4.2.8.p10-2 406 | ocaml 4.05.0-1.1 407 | ocaml-compiler-libs 4.05.0-1.1 408 | ocaml-ctypes 0.11.5-1 409 | omxplayer-git 507.061425a-1 410 | openal 1.18.1-1 411 | opencore-amr 0.1.5-1 412 | openexr 2.2.0-3 413 | openjpeg 1.5.2-1 414 | openjpeg2 2.2.0-1 415 | openresolv 3.9.0-1 416 | openssh 7.5p1-2 417 | openssl 1.1.0.f-2 418 | openssl-1.0 1.0.2.l-1 419 | openswan 2.6.49.1-1 420 | openvpn 2.4.3-3 421 | opus 1.2.1-1 422 | orc 0.4.27-1 423 | p11-kit 0.23.8-1 424 | package-query 1.8-2 425 | pacman 5.0.2-2.1 426 | pacman-mirrorlist 20170820-1 427 | pam 1.3.0-1 428 | pambase 20130928-1 429 | pango 1.40.12-1 430 | patch 2.7.5-1 431 | pciutils 3.5.4-1 432 | pcre 8.41-1 433 | pcre2 10.23-1 434 | perl 5.26.0-4 435 | perl-digest-sha1 2.13-10 436 | perl-error 0.17025-2 437 | perl-file-basedir 0.07-3 438 | perl-io-socket-ssl 2.048-3 439 | perl-io-string 1.08-10 440 | perl-ipc-system-simple 1.25-3 441 | perl-locale-gettext 1.07-5 442 | perl-net-ssleay 1.81-4 443 | perl-test-pod 1.51-3 444 | perl-timedate 2.30-4 445 | perl-uri 1.72-2 446 | perl-xml-parser 2.44-6 447 | pinentry 1.0.0-1 448 | pixman 0.34.0-1 449 | pkcs11-helper 1.22-2 450 | pkg-config 0.29.2-1 451 | pkgfile 17-1 452 | polkit 0.113+29+g3272a98-1 453 | popt 1.16-9 454 | portaudio 190600_20161030-1 455 | ppp 2.4.7-2 456 | procps-ng 3.3.12-1 457 | psmisc 23.1-1 458 | pth 2.0.7-5.1 459 | pygobject-devel 3.24.1-1 460 | pygobject2-devel 2.28.6-13 461 | python 3.6.2-1 462 | python-acme 0.17.0-1 463 | python-appdirs 1.4.3-1 464 | python-asn1crypto 0.22.0-1 465 | python-beaker 1.8.1-2 466 | python-cffi 1.10.0-1 467 | python-chardet 3.0.4-1 468 | python-configargparse 0.12.0-1 469 | python-configobj 5.0.6-3 470 | python-cryptography 2.0.3-1 471 | python-future 0.16.0-2 472 | python-idna 2.6-1 473 | python-mako 1.0.7-1 474 | python-markupsafe 1.0-1 475 | python-mock 2.0.0-2 476 | python-packaging 16.8-2 477 | python-pafy 0.5.3.1-1 478 | python-parsedatetime 2.4-1 479 | python-pbr 3.1.1-1 480 | python-pip 9.0.1-2 481 | python-ply 3.10-1 482 | python-pycparser 2.18-1 483 | python-pyopenssl 17.2.0-1 484 | python-pyparsing 2.2.0-1 485 | python-pyrfc3339 1.0-2 486 | python-pytz 2017.2-1 487 | python-requests 2.18.4-1 488 | python-setuptools 1:36.3.0-1 489 | python-six 1.10.0-3 490 | python-urllib3 1.22-1 491 | python-werkzeug 0.12.2-1 492 | python-xdg 0.25-4 493 | python-zope-component 4.4.0-1 494 | python-zope-event 4.3.0-1 495 | python-zope-interface 4.4.2-1 496 | python2 2.7.13-4 497 | python2-appdirs 1.4.3-1 498 | python2-asn1crypto 0.22.0-1 499 | python2-backports-abc 0.5-1 500 | python2-cffi 1.10.0-1 501 | python2-chardet 3.0.4-1 502 | python2-cryptography 2.0.3-1 503 | python2-cycler 0.10.0-2 504 | python2-dateutil 2.6.1-1 505 | python2-enum34 1.1.6-1 506 | python2-gobject 3.24.1-1 507 | python2-gobject2 2.28.6-13 508 | python2-idna 2.6-1 509 | python2-ipaddress 1.0.18-1 510 | python2-meld3 1.0.2-1 511 | python2-ndg-httpsclient 0.4.3-1 512 | python2-numpy 1.13.1-2 513 | python2-olefile 0.44-1 514 | python2-packaging 16.8-2 515 | python2-pillow 4.2.1-1 516 | python2-pip 9.0.1-2 517 | python2-ply 3.10-1 518 | python2-pyasn1 0.3.4-1 519 | python2-pycparser 2.18-1 520 | python2-pykka 1.2.0-1 521 | python2-pyopenssl 17.2.0-1 522 | python2-pyparsing 2.2.0-1 523 | python2-requests 2.18.4-1 524 | python2-setuptools 1:36.3.0-1 525 | python2-simplejson 3.11.1-1 526 | python2-singledispatch 3.4.0.3-2 527 | python2-sip 4.19.3-1 528 | python2-six 1.10.0-3 529 | python2-tornado 4.5.2-1 530 | python2-urllib3 1.22-1 531 | qpdf 6.0.0-2 532 | randrproto 1.5.0-1 533 | raspberrypi-firmware 20170822-1 534 | re2 20170801-1 535 | readline 7.0.003-1 536 | recode 3.6-10 537 | recordproto 1.14.2-2 538 | reiserfsprogs 3.6.25-1 539 | renderproto 0.11.1-3 540 | rest 0.8.1-1 541 | rpcbind 0.2.4-3 542 | rrdtool 1.7.0-3 543 | rsync 3.1.2-2 544 | rtl-sdr 20140210-3 545 | rtmidi 2.1.1-1 546 | rtmpdump 1:2.4.r96.fa8646d-3 547 | ruby 2.4.1-3 548 | run-parts 4.8.1-1 549 | s-nail 14.9.3-1 550 | sbc 1.3-1 551 | schroedinger 1.0.11-3 552 | scons 2.5.1-1 553 | scrnsaverproto 1.2.2-2 554 | sdl 1.2.15-9 555 | sdl2 2.0.5-4 556 | sed 4.4-1 557 | shadow 4.5-2 558 | shared-mime-info 1.8-1 559 | sip 4.19.3-1 560 | slang 2.3.1a-1 561 | smbclient 4.6.7-1 562 | snappy 1.1.4-1 563 | socat 1.7.3.2-2 564 | soundtouch 2.0.0-1 565 | source-highlight 3.1.8-12 566 | sox 14.4.2-2 567 | spandsp 0.0.6-1 568 | speech-dispatcher 0.8.7-3 569 | speedtest-cli 1.0.6-1 570 | speex 1.2.0-1 571 | speexdsp 1.2rc3-2.1 572 | sqlite 3.20.1-1 573 | startup-notification 0.12-5 574 | sudo 1.8.21.p2-1 575 | supervisor 3.3.2-1 576 | sysfsutils 2.1.0-9 577 | syslog-ng 3.10.1-2 578 | systemd 234.11-8 579 | systemd-sysvcompat 234.11-8 580 | taglib 1.11.1-1 581 | talloc 2.1.10-1 582 | tar 1.29-2 583 | tcl 8.6.7-1 584 | tdb 1.3.12-1 585 | tevent 1:0.9.31-1 586 | texinfo 6.4-1 587 | thin-provisioning-tools 0.7.1-1 588 | tinycdb 0.78-2 589 | tinyxml 2.6.2-5 590 | tmux 2.5-3 591 | traceroute 2.1.0-1 592 | transmission-cli 2.92-7 593 | tslib 1.12-1 594 | ttf-dejavu 2.37-1 595 | tzdata 2017b-1 596 | unixodbc 2.3.4-2 597 | unzip 6.0-12 598 | upower 0.99.4+12+g402640b-1 599 | usbmuxd 1.1.0-2 600 | usbutils 008-1 601 | util-linux 2.30.1-2 602 | v4l-utils 1.12.5-1 603 | vi 1:070224-2 604 | vid.stab 1.1-1 605 | videoproto 2.3.3-1 606 | vim 8.0.1066-1 607 | vim-runtime 8.0.1066-1 608 | vte-common 0.48.3-1 609 | vulkan-icd-loader 1.0.57.0-1 610 | wavpack 5.1.0-1 611 | wayland 1.14.0-1 612 | wayland-protocols 1.10-1 613 | webrtc-audio-processing 0.3-2 614 | wget 1.19.1-2 615 | which 2.21-2 616 | wildmidi 0.4.1-1 617 | x265 2.5-1 618 | xbitmaps 1.1.1-3 619 | xcb-proto 1.12-3 620 | xcb-util 0.4.0-1 621 | xcb-util-image 0.4.0-1 622 | xcb-util-keysyms 0.4.0-1 623 | xcb-util-renderutil 0.3.9-1 624 | xcb-util-wm 0.4.1-1 625 | xdg-utils 1.1.2-1 626 | xextproto 7.3.0-1 627 | xf86-input-evdev 2.10.5-1 628 | xf86-input-libinput 0.25.1-1 629 | xf86-video-fbdev 0.4.4-7 630 | xf86-video-vesa 2.3.4-4 631 | xf86dgaproto 2.1-3 632 | xf86vidmodeproto 2.3.1-3 633 | xfsprogs 4.12.0-1 634 | xine-lib 1.2.8-3 635 | xineramaproto 1.2.1-3 636 | xkeyboard-config 2.21-2 637 | xl2tpd 1.3.10-1 638 | xorg-bdftopcf 1.0.5-1 639 | xorg-fonts-alias 1.0.3-1 640 | xorg-fonts-encodings 1.0.4-4 641 | xorg-iceauth 1.0.7-1 642 | xorg-luit 1.1.1-2 643 | xorg-mkfontdir 1.0.7-8 644 | xorg-mkfontscale 1.1.2-1 645 | xorg-server-utils 7.6-4 646 | xorg-sessreg 1.1.1-1 647 | xorg-setxkbmap 1.3.1-1 648 | xorg-xauth 1.0.10-1 649 | xorg-xbacklight 1.2.1-1 650 | xorg-xcmsdb 1.0.5-1 651 | xorg-xdpyinfo 1.3.2-1 652 | xorg-xgamma 1.0.6-1 653 | xorg-xhost 1.0.7-1 654 | xorg-xinit 1.3.4-4 655 | xorg-xinput 1.6.2-1 656 | xorg-xkbcomp 1.4.0-1 657 | xorg-xmodmap 1.0.9-1 658 | xorg-xrandr 1.5.0-1 659 | xorg-xrdb 1.1.0-2 660 | xorg-xrefresh 1.0.5-1 661 | xorg-xset 1.2.3-1 662 | xorg-xsetroot 1.1.1-2 663 | xproto 7.0.31-1 664 | xterm 330-1 665 | xvidcore 1.3.4-1 666 | xz 5.2.3-1 667 | yajl 2.1.0-1 668 | yaourt 1.8.1-1 669 | youtube-dl 2017.09.02-1 670 | zita-alsa-pcmi 0.2.0-3 671 | zita-resampler 1.3.0-5 672 | zlib 1:1.2.11-2 673 | zvbi 0.2.35-1 674 | -------------------------------------------------------------------------------- /iptables/empty.rules: -------------------------------------------------------------------------------- 1 | # Empty iptables rule file 2 | *filter 3 | :INPUT ACCEPT [0:0] 4 | :FORWARD ACCEPT [0:0] 5 | :OUTPUT ACCEPT [0:0] 6 | COMMIT 7 | -------------------------------------------------------------------------------- /iptables/iptables.rules: -------------------------------------------------------------------------------- 1 | # Generated by iptables-save v1.6.1 on Sun Sep 17 14:14:52 2017 2 | *nat 3 | :PREROUTING ACCEPT [81:19081] 4 | :INPUT ACCEPT [22:3396] 5 | :OUTPUT ACCEPT [1654:103895] 6 | :POSTROUTING ACCEPT [1654:103895] 7 | -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE 8 | COMMIT 9 | # Completed on Sun Sep 17 14:14:52 2017 10 | # Generated by iptables-save v1.6.1 on Sun Sep 17 14:14:52 2017 11 | *filter 12 | :INPUT ACCEPT [78291:4488419] 13 | :FORWARD ACCEPT [1395:734191] 14 | :OUTPUT ACCEPT [104497:141191593] 15 | COMMIT 16 | # Completed on Sun Sep 17 14:14:52 2017 17 | -------------------------------------------------------------------------------- /irssi/chaves.theme: -------------------------------------------------------------------------------- 1 | irssi-themes/chaves.theme -------------------------------------------------------------------------------- /irssi/config: -------------------------------------------------------------------------------- 1 | servers = ( 2 | # { 3 | # address = "giba.space"; 4 | # chatnet = "mfsec"; 5 | # port = "6697"; 6 | # use_ssl = "yes"; 7 | # ssl_verify = "no"; 8 | # autoconnect = "yes"; 9 | # }, 10 | { 11 | address = "irc.freenode.net"; 12 | chatnet = "freenode"; 13 | port = "6697"; 14 | use_ssl = "yes"; 15 | ssl_verify = "yes"; 16 | autoconnect = "yes"; 17 | } 18 | ); 19 | 20 | chatnets = 21 | { 22 | sysarmy = { type = "IRC"; autosendcmd = "/msg nickserv identify Thepassword123; wait 4000";}; 23 | }; 24 | 25 | channels = ( 26 | { name = "#sysarmy"; chatnet = "freenode"; autojoin = "Yes"; }, 27 | { name = "#ansible"; chatnet = "freenode"; autojoin = "Yes"; }, 28 | { name = "#reddit-argentina"; chatnet = "freenode"; autojoin = "Yes"; }, 29 | { name = "#reddit-homelab"; chatnet = "freenode"; autojoin = "Yes"; }, 30 | { name = "##DevOps"; chatnet = "freenode"; autojoin = "Yes"; }, 31 | { name = "#blockstream-satellite"; chatnet = "freenode"; autojoin = "Yes"; }, 32 | { name = "#linux"; chatnet = "freenode"; autojoin = "Yes"; }, 33 | # { name = "#mfsec"; chatnet = "mfsec"; autojoin = "Yes"; } 34 | ); 35 | 36 | aliases = { 37 | ATAG = "WINDOW SERVER"; 38 | ADDALLCHANS = "SCRIPT EXEC foreach my \\$channel (Irssi::channels()) { Irssi::command(\"CHANNEL ADD -auto \\$channel->{name} \\$channel->{server}->{tag} \\$channel->{key}\")\\;}"; 39 | B = "BAN"; 40 | BACK = "AWAY"; 41 | BANS = "BAN"; 42 | BYE = "QUIT"; 43 | C = "CLEAR"; 44 | CALC = "EXEC - if command -v bc >/dev/null 2>&1\\; then printf '%s=' '$*'\\; echo '$*' | bc -l\\; else echo bc was not found\\; fi"; 45 | CHAT = "DCC CHAT"; 46 | CUBES = "SCRIPT EXEC Irssi::active_win->print(\"%_bases\", MSGLEVEL_CLIENTCRAP) \\; Irssi::active_win->print( do { join '', map { \"%x0\\${_}0\\$_\" } '0'..'9','A'..'F' }, MSGLEVEL_NEVER | MSGLEVEL_CLIENTCRAP) \\; Irssi::active_win->print(\"%_cubes\", MSGLEVEL_CLIENTCRAP) \\; Irssi::active_win->print( do { my \\$y = \\$_*6 \\; join '', map { my \\$x = \\$_ \\; map { \"%x\\$x\\$_\\$x\\$_\" } @{['0'..'9','A'..'Z']}[\\$y .. \\$y+5] } 1..6 }, MSGLEVEL_NEVER | MSGLEVEL_CLIENTCRAP) for 0..5 \\; Irssi::active_win->print(\"%_grays\", MSGLEVEL_CLIENTCRAP) \\; Irssi::active_win->print( do { join '', map { \"%x7\\${_}7\\$_\" } 'A'..'X' }, MSGLEVEL_NEVER | MSGLEVEL_CLIENTCRAP) \\; Irssi::active_win->print(\"%_mIRC extended colours\", MSGLEVEL_CLIENTCRAP) \\; my \\$x \\; \\$x .= sprintf \"\00399,%02d%02d\",\\$_,\\$_ for 0..15 \\; Irssi::active_win->print(\\$x, MSGLEVEL_NEVER | MSGLEVEL_CLIENTCRAP) \\; for my \\$z (0..6) { my \\$x \\; \\$x .= sprintf \"\00399,%02d%02d\",\\$_,\\$_ for 16+(\\$z*12)..16+(\\$z*12)+11 \\; Irssi::active_win->print(\\$x, MSGLEVEL_NEVER | MSGLEVEL_CLIENTCRAP) }"; 47 | DATE = "TIME"; 48 | DEHIGHLIGHT = "DEHILIGHT"; 49 | DESCRIBE = "ACTION"; 50 | DHL = "DEHILIGHT"; 51 | EXEMPTLIST = "MODE $C +e"; 52 | EXIT = "QUIT"; 53 | GOTO = "SCROLLBACK GOTO"; 54 | HIGHLIGHT = "HILIGHT"; 55 | HL = "HILIGHT"; 56 | HOST = "USERHOST"; 57 | INVITELIST = "MODE $C +I"; 58 | J = "JOIN"; 59 | K = "KICK"; 60 | KB = "KICKBAN"; 61 | KN = "KNOCKOUT"; 62 | LAST = "LASTLOG"; 63 | LEAVE = "PART"; 64 | M = "MSG"; 65 | MUB = "UNBAN *"; 66 | N = "NAMES"; 67 | NMSG = "^MSG"; 68 | P = "PART"; 69 | Q = "QUERY"; 70 | RESET = "SET -default"; 71 | RUN = "SCRIPT LOAD"; 72 | SAY = "MSG *"; 73 | SB = "SCROLLBACK"; 74 | SBAR = "STATUSBAR"; 75 | SIGNOFF = "QUIT"; 76 | SV = "MSG * Irssi $J ($V) - http://www.irssi.org"; 77 | T = "TOPIC"; 78 | UB = "UNBAN"; 79 | UMODE = "MODE $N"; 80 | UNSET = "SET -clear"; 81 | W = "WHO"; 82 | WC = "WINDOW CLOSE"; 83 | WG = "WINDOW GOTO"; 84 | WJOIN = "JOIN -window"; 85 | WI = "WHOIS"; 86 | WII = "WHOIS $0 $0"; 87 | WL = "WINDOW LIST"; 88 | WN = "WINDOW NEW HIDDEN"; 89 | WQUERY = "QUERY -window"; 90 | WW = "WHOWAS"; 91 | 1 = "WINDOW GOTO 1"; 92 | 2 = "WINDOW GOTO 2"; 93 | 3 = "WINDOW GOTO 3"; 94 | 4 = "WINDOW GOTO 4"; 95 | 5 = "WINDOW GOTO 5"; 96 | 6 = "WINDOW GOTO 6"; 97 | 7 = "WINDOW GOTO 7"; 98 | 8 = "WINDOW GOTO 8"; 99 | 9 = "WINDOW GOTO 9"; 100 | 10 = "WINDOW GOTO 10"; 101 | 11 = "WINDOW GOTO 11"; 102 | 12 = "WINDOW GOTO 12"; 103 | 13 = "WINDOW GOTO 13"; 104 | 14 = "WINDOW GOTO 14"; 105 | 15 = "WINDOW GOTO 15"; 106 | 16 = "WINDOW GOTO 16"; 107 | 17 = "WINDOW GOTO 17"; 108 | 18 = "WINDOW GOTO 18"; 109 | 19 = "WINDOW GOTO 19"; 110 | 20 = "WINDOW GOTO 20"; 111 | 21 = "WINDOW GOTO 21"; 112 | 22 = "WINDOW GOTO 22"; 113 | 23 = "WINDOW GOTO 23"; 114 | 24 = "WINDOW GOTO 24"; 115 | 25 = "WINDOW GOTO 25"; 116 | 26 = "WINDOW GOTO 26"; 117 | 27 = "WINDOW GOTO 27"; 118 | 28 = "WINDOW GOTO 28"; 119 | 29 = "WINDOW GOTO 29"; 120 | 30 = "WINDOW GOTO 30"; 121 | 31 = "WINDOW GOTO 31"; 122 | 32 = "WINDOW GOTO 32"; 123 | 33 = "WINDOW GOTO 33"; 124 | 34 = "WINDOW GOTO 34"; 125 | 35 = "WINDOW GOTO 35"; 126 | 36 = "WINDOW GOTO 36"; 127 | 37 = "WINDOW GOTO 37"; 128 | 38 = "WINDOW GOTO 38"; 129 | 39 = "WINDOW GOTO 39"; 130 | 40 = "WINDOW GOTO 40"; 131 | 41 = "WINDOW GOTO 41"; 132 | 42 = "WINDOW GOTO 42"; 133 | 43 = "WINDOW GOTO 43"; 134 | 44 = "WINDOW GOTO 44"; 135 | 45 = "WINDOW GOTO 45"; 136 | 46 = "WINDOW GOTO 46"; 137 | 47 = "WINDOW GOTO 47"; 138 | 48 = "WINDOW GOTO 48"; 139 | 49 = "WINDOW GOTO 49"; 140 | 50 = "WINDOW GOTO 50"; 141 | 51 = "WINDOW GOTO 51"; 142 | 52 = "WINDOW GOTO 52"; 143 | 53 = "WINDOW GOTO 53"; 144 | 54 = "WINDOW GOTO 54"; 145 | 55 = "WINDOW GOTO 55"; 146 | 56 = "WINDOW GOTO 56"; 147 | 57 = "WINDOW GOTO 57"; 148 | 58 = "WINDOW GOTO 58"; 149 | 59 = "WINDOW GOTO 59"; 150 | 60 = "WINDOW GOTO 60"; 151 | 61 = "WINDOW GOTO 61"; 152 | 62 = "WINDOW GOTO 62"; 153 | 63 = "WINDOW GOTO 63"; 154 | 64 = "WINDOW GOTO 64"; 155 | 65 = "WINDOW GOTO 65"; 156 | 66 = "WINDOW GOTO 66"; 157 | 67 = "WINDOW GOTO 67"; 158 | 68 = "WINDOW GOTO 68"; 159 | 69 = "WINDOW GOTO 69"; 160 | 70 = "WINDOW GOTO 70"; 161 | 71 = "WINDOW GOTO 71"; 162 | 72 = "WINDOW GOTO 72"; 163 | 73 = "WINDOW GOTO 73"; 164 | 74 = "WINDOW GOTO 74"; 165 | 75 = "WINDOW GOTO 75"; 166 | 76 = "WINDOW GOTO 76"; 167 | 77 = "WINDOW GOTO 77"; 168 | 78 = "WINDOW GOTO 78"; 169 | 79 = "WINDOW GOTO 79"; 170 | 80 = "WINDOW GOTO 80"; 171 | 81 = "WINDOW GOTO 81"; 172 | 82 = "WINDOW GOTO 82"; 173 | 83 = "WINDOW GOTO 83"; 174 | 84 = "WINDOW GOTO 84"; 175 | 85 = "WINDOW GOTO 85"; 176 | 86 = "WINDOW GOTO 86"; 177 | 87 = "WINDOW GOTO 87"; 178 | 88 = "WINDOW GOTO 88"; 179 | 89 = "WINDOW GOTO 89"; 180 | 90 = "WINDOW GOTO 90"; 181 | 91 = "WINDOW GOTO 91"; 182 | 92 = "WINDOW GOTO 92"; 183 | 93 = "WINDOW GOTO 93"; 184 | 94 = "WINDOW GOTO 94"; 185 | 95 = "WINDOW GOTO 95"; 186 | 96 = "WINDOW GOTO 96"; 187 | 97 = "WINDOW GOTO 97"; 188 | 98 = "WINDOW GOTO 98"; 189 | 99 = "WINDOW GOTO 99"; 190 | }; 191 | 192 | statusbar = { 193 | 194 | items = { 195 | 196 | barstart = "{sbstart}"; 197 | barend = "{sbend}"; 198 | 199 | topicbarstart = "{topicsbstart}"; 200 | topicbarend = "{topicsbend}"; 201 | 202 | time = "{sb $Z}"; 203 | user = "{sb {sbnickmode $cumode}$N{sbmode $usermode}{sbaway $A}}"; 204 | 205 | window = "{sb $winref:$tag/$itemname{sbmode $M}}"; 206 | window_empty = "{sb $winref{sbservertag $tag}}"; 207 | 208 | prompt = "{prompt $[.15]itemname}"; 209 | prompt_empty = "{prompt $winname}"; 210 | 211 | topic = " $topic"; 212 | topic_empty = " Irssi v$J - http://www.irssi.org"; 213 | 214 | lag = "{sb Lag: $0-}"; 215 | act = "{sb Act: $0-}"; 216 | more = "-- more --"; 217 | }; 218 | 219 | default = { 220 | 221 | window = { 222 | 223 | disabled = "no"; 224 | type = "window"; 225 | placement = "bottom"; 226 | position = "1"; 227 | visible = "active"; 228 | 229 | items = { 230 | barstart = { priority = "100"; }; 231 | time = { }; 232 | user = { }; 233 | window = { }; 234 | window_empty = { }; 235 | lag = { priority = "-1"; }; 236 | act = { priority = "10"; }; 237 | more = { priority = "-1"; alignment = "right"; }; 238 | barend = { priority = "100"; alignment = "right"; }; 239 | }; 240 | }; 241 | 242 | window_inact = { 243 | 244 | type = "window"; 245 | placement = "bottom"; 246 | position = "1"; 247 | visible = "inactive"; 248 | 249 | items = { 250 | barstart = { priority = "100"; }; 251 | window = { }; 252 | window_empty = { }; 253 | more = { priority = "-1"; alignment = "right"; }; 254 | barend = { priority = "100"; alignment = "right"; }; 255 | }; 256 | }; 257 | 258 | prompt = { 259 | 260 | type = "root"; 261 | placement = "bottom"; 262 | position = "100"; 263 | visible = "always"; 264 | 265 | items = { 266 | prompt = { priority = "-1"; }; 267 | prompt_empty = { priority = "-1"; }; 268 | input = { priority = "10"; }; 269 | }; 270 | }; 271 | 272 | topic = { 273 | 274 | type = "root"; 275 | placement = "top"; 276 | position = "1"; 277 | visible = "always"; 278 | 279 | items = { 280 | topicbarstart = { priority = "100"; }; 281 | topic = { }; 282 | topic_empty = { }; 283 | topicbarend = { priority = "100"; alignment = "right"; }; 284 | }; 285 | }; 286 | }; 287 | }; 288 | settings = { 289 | core = { 290 | real_name = "Nico"; 291 | user_name = "AFIP"; 292 | nick = "AFIP"; 293 | log_timestamp = "%H:%M:%S "; 294 | awaylog_file = "~/irclogs/away.log"; 295 | }; 296 | "fe-text" = { actlist_sort = "refnum"; }; 297 | "fe-common/core" = { 298 | theme = "chaves"; 299 | autolog = "yes"; 300 | #autolog_ignore_targets = "#mfsec"; 301 | }; 302 | }; 303 | logs = { }; 304 | -------------------------------------------------------------------------------- /irssi/scripts/autorun/iNotify.pl: -------------------------------------------------------------------------------- 1 | ## /script load ~/iNotify.pl 2 | 3 | use strict; 4 | use Irssi; 5 | use vars qw($VERSION %IRSSI); 6 | use LWP::UserAgent; 7 | 8 | $VERSION = "0.1"; 9 | %IRSSI = ( 10 | authors => "Nicolas Trippar", 11 | contact => "ntrippar\@gmail.com", 12 | name => "iNotify", 13 | description => "Script", 14 | license => "", 15 | url => "", 16 | changed => "" 17 | ); 18 | 19 | sub notify { 20 | my ($title, $subtitle, $body) = @_; 21 | $body =~ s/["';]//g; 22 | 23 | my $ua = LWP::UserAgent->new; 24 | 25 | my $server_endpoint = "http://127.0.0.1:31337/notify"; 26 | my $application = "Irssi"; 27 | 28 | my $req = HTTP::Request->new(POST => $server_endpoint); 29 | $req->header('content-type' => 'application/json'); 30 | 31 | # # add POST data to HTTP request body 32 | 33 | my $post_data = sprintf('{ 34 | "application": "%s", 35 | "title" : "%s", 36 | "subtitle": "%s", 37 | "body": "%s" 38 | }', $application ,$title, $subtitle, $body); 39 | 40 | $req->content($post_data); 41 | 42 | my $resp = $ua->request($req); 43 | if ($resp->is_success) { 44 | return 1 45 | } 46 | else { 47 | return 0 48 | } 49 | } 50 | 51 | sub notifier_it { 52 | my ($server, $title, $data, $channel, $nick) = @_; 53 | 54 | my $notifier_on_nick = Irssi::settings_get_str('notifier_on_nick'); 55 | 56 | my $current_nick = $server->{nick}; 57 | 58 | # handle normal msgs, not private ones 59 | if($current_nick ne $channel) { 60 | if ($notifier_on_nick && $data =~ m/$current_nick/) { 61 | $data = sprintf("%s: %s", $title, $data); 62 | $title = $channel; 63 | notify($server->{address}, $title, $data); 64 | } 65 | } 66 | } 67 | 68 | sub notifier_public_message { 69 | my ($server, $data, $nick, $mask, $target) = @_; 70 | notifier_it($server, $nick, $data, $target, $nick); 71 | my ($server, $title, $data, $channel, $nick) = @_; 72 | 73 | my $notifier_on_nick = Irssi::settings_get_str('notifier_on_nick'); 74 | my $current_nick = $server->{nick}; 75 | 76 | if ($notifier_on_nick && $data =~ m/$current_nick/) { 77 | $data = sprintf("%s: %s", $nick, $data); 78 | $title = $channel; 79 | notify($server->{address}, $target, $data); 80 | } 81 | 82 | Irssi::signal_continue($server, $data, $nick, $mask, $target); 83 | } 84 | 85 | sub notifier_private_message { 86 | my ($server, $data, $nick, $mask, $target) = @_; 87 | notify($server->{address}, $nick, $data); 88 | Irssi::signal_continue($server, $data, $nick, $mask, $target); 89 | } 90 | 91 | 92 | Irssi::settings_add_str('misc', 'notifier_on_nick', 1); 93 | Irssi::signal_add('message public', 'notifier_public_message'); 94 | Irssi::signal_add('message private', 'notifier_private_message'); 95 | 96 | -------------------------------------------------------------------------------- /nginx/nginx.conf: -------------------------------------------------------------------------------- 1 | worker_processes 1; 2 | user http; 3 | error_log /var/log/nginx/error.log notice; 4 | 5 | events { 6 | worker_connections 1024; 7 | } 8 | 9 | http { 10 | log_format compression '$remote_addr - $remote_user [$time_local] ' 11 | '"$request" $status $body_bytes_sent ' 12 | '"$http_referer" "$http_user_agent" "$gzip_ratio"'; 13 | include mime.types; 14 | default_type application/octet-stream; 15 | sendfile on; 16 | keepalive_timeout 65; 17 | gzip on; 18 | server_names_hash_bucket_size 64; 19 | server { 20 | listen 80; 21 | autoindex on; 22 | root /mnt; 23 | location = /favicon.ico { 24 | log_not_found off; 25 | access_log off; 26 | } 27 | location / { 28 | index index.html index.htm; 29 | } 30 | 31 | location ~ /\. { deny all; } 32 | 33 | error_page 500 502 503 504 /50x.html; 34 | location = /50x.html { 35 | root /usr/share/nginx/html; 36 | } 37 | } 38 | server { 39 | listen 80; 40 | server_name slave.mydomain.com.ar; 41 | root /mnt/InSync/mydomain.com.ar/slave/; 42 | autoindex on; 43 | location = /favicon.ico { 44 | log_not_found off; 45 | access_log off; 46 | } 47 | } 48 | server { 49 | listen 80; 50 | server_name spotify.home; 51 | location / { 52 | proxy_pass http://pi:6680; 53 | proxy_http_version 1.1; 54 | proxy_set_header Upgrade $http_upgrade; 55 | proxy_set_header Connection 'upgrade'; 56 | rewrite /mopidy/(.*) /mopidy/$1 break; 57 | rewrite /images/(.*) /images/$1 break; 58 | rewrite /iris/(.*) /iris/$1 break; 59 | rewrite /(.*) /iris/$1 break; 60 | proxy_redirect off; 61 | } 62 | } 63 | server { 64 | listen 80; 65 | server_name torrent.home; 66 | location / { 67 | proxy_pass http://localhost:9091; 68 | proxy_http_version 1.1; 69 | proxy_pass_header X-Transmission-Session-Id; 70 | proxy_set_header Host $host; 71 | proxy_set_header X-Real-IP $remote_addr; 72 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 73 | } 74 | } 75 | } 76 | -------------------------------------------------------------------------------- /openvpn/client/client.conf: -------------------------------------------------------------------------------- 1 | # Specify that we are a client and that we 2 | # will be pulling certain config file directives 3 | # from the server. 4 | client 5 | 6 | # Use the same setting as you are using on 7 | # the server. 8 | # On most systems, the VPN will not function 9 | # unless you partially or fully disable 10 | # the firewall for the TUN/TAP interface. 11 | dev tun 12 | 13 | # Are we connecting to a TCP or 14 | # UDP server? Use the same setting as 15 | # on the server. 16 | proto udp 17 | 18 | # The hostname/IP and port of the server. 19 | # You can have multiple remote entries 20 | # to load balance between the servers. 21 | remote vpn.myraspberry.com 1194 22 | 23 | # Keep trying indefinitely to resolve the 24 | # host name of the OpenVPN server. Very useful 25 | # on machines which are not permanently connected 26 | # to the internet such as laptops. 27 | resolv-retry infinite 28 | 29 | # Most clients don't need to bind to 30 | # a specific local port number. 31 | nobind 32 | 33 | # Downgrade privileges after initialization (non-Windows only) 34 | user nobody 35 | group nogroup 36 | 37 | # Try to preserve some state across restarts. 38 | persist-key 39 | persist-tun 40 | 41 | cipher AES-128-CBC 42 | auth SHA256 43 | key-direction 1 44 | 45 | remote-cert-tls server 46 | 47 | # Don't enable this unless it is also 48 | # enabled in the server config file. 49 | comp-lzo 50 | 51 | # Set log file verbosity. 52 | verb 3 53 | -------------------------------------------------------------------------------- /openvpn/easy-rsa/client.conf: -------------------------------------------------------------------------------- 1 | ############################################## 2 | # Sample client-side OpenVPN 2.0 config file # 3 | # for connecting to multi-client server. # 4 | # # 5 | # This configuration can be used by multiple # 6 | # clients, however each client should have # 7 | # its own cert and key files. # 8 | # # 9 | # On Windows, you might want to rename this # 10 | # file so it has a .ovpn extension # 11 | ############################################## 12 | 13 | # Specify that we are a client and that we 14 | # will be pulling certain config file directives 15 | # from the server. 16 | client 17 | 18 | # Use the same setting as you are using on 19 | # the server. 20 | # On most systems, the VPN will not function 21 | # unless you partially or fully disable 22 | # the firewall for the TUN/TAP interface. 23 | ;dev tap 24 | dev tun 25 | 26 | # Windows needs the TAP-Win32 adapter name 27 | # from the Network Connections panel 28 | # if you have more than one. On XP SP2, 29 | # you may need to disable the firewall 30 | # for the TAP adapter. 31 | ;dev-node MyTap 32 | 33 | # Are we connecting to a TCP or 34 | # UDP server? Use the same setting as 35 | # on the server. 36 | ;proto tcp 37 | proto udp 38 | 39 | # The hostname/IP and port of the server. 40 | # You can have multiple remote entries 41 | # to load balance between the servers. 42 | remote my-server-2 1194 43 | 44 | # Choose a random host from the remote 45 | # list for load-balancing. Otherwise 46 | # try hosts in the order specified. 47 | ;remote-random 48 | 49 | # Keep trying indefinitely to resolve the 50 | # host name of the OpenVPN server. Very useful 51 | # on machines which are not permanently connected 52 | # to the internet such as laptops. 53 | resolv-retry infinite 54 | 55 | # Most clients don't need to bind to 56 | # a specific local port number. 57 | nobind 58 | 59 | # Downgrade privileges after initialization (non-Windows only) 60 | user nobody 61 | group nogroup 62 | 63 | # Try to preserve some state across restarts. 64 | persist-key 65 | persist-tun 66 | 67 | # If you are connecting through an 68 | # HTTP proxy to reach the actual OpenVPN 69 | # server, put the proxy server/IP and 70 | # port number here. See the man page 71 | # if your proxy server requires 72 | # authentication. 73 | ;http-proxy-retry # retry on connection failures 74 | ;http-proxy [proxy server] [proxy port #] 75 | 76 | # Wireless networks often produce a lot 77 | # of duplicate packets. Set this flag 78 | # to silence duplicate packet warnings. 79 | ;mute-replay-warnings 80 | 81 | # SSL/TLS parms. 82 | # See the server config file for more 83 | # description. It's best to use 84 | # a separate .crt/.key file pair 85 | # for each client. A single ca 86 | # file can be used for all clients. 87 | #ca ca.crt 88 | #cert client.crt 89 | #key client.key 90 | 91 | # Verify server certificate by checking that the 92 | # certicate has the correct key usage set. 93 | # This is an important precaution to protect against 94 | # a potential attack discussed here: 95 | # http://openvpn.net/howto.html#mitm 96 | # 97 | # To use this feature, you will need to generate 98 | # your server certificates with the keyUsage set to 99 | # digitalSignature, keyEncipherment 100 | # and the extendedKeyUsage to 101 | # serverAuth 102 | # EasyRSA can do this for you. 103 | cipher AES-128-CBC 104 | auth SHA256 105 | key-direction 1 106 | 107 | 108 | remote-cert-tls server 109 | 110 | # If a tls-auth key is used on the server 111 | # then every client must also have the key. 112 | ;tls-auth ta.key 1 113 | 114 | # Select a cryptographic cipher. 115 | # If the cipher option is used on the server 116 | # then you must also specify it here. 117 | ;cipher x 118 | 119 | # Enable compression on the VPN link. 120 | # Don't enable this unless it is also 121 | # enabled in the server config file. 122 | comp-lzo 123 | 124 | # Set log file verbosity. 125 | verb 3 126 | 127 | # Silence repeating messages 128 | ;mute 20 129 | 130 | # script-security 2 131 | # up /etc/openvpn/update-resolv-conf 132 | # down /etc/openvpn/update-resolv-conf 133 | -------------------------------------------------------------------------------- /openvpn/easy-rsa/keys/ta.key: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/reynico/my-raspberry/a72f4f5b5ce7aafba64c8228a7ffa7cf23c0d172/openvpn/easy-rsa/keys/ta.key -------------------------------------------------------------------------------- /openvpn/easy-rsa/pki/.rnd: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/reynico/my-raspberry/a72f4f5b5ce7aafba64c8228a7ffa7cf23c0d172/openvpn/easy-rsa/pki/.rnd -------------------------------------------------------------------------------- /openvpn/easy-rsa/vars: -------------------------------------------------------------------------------- 1 | # Easy-RSA 3 parameter settings 2 | 3 | # NOTE: If you installed Easy-RSA from your distro's package manager, don't edit 4 | # this file in place -- instead, you should copy the entire easy-rsa directory 5 | # to another location so future upgrades don't wipe out your changes. 6 | 7 | # HOW TO USE THIS FILE 8 | # 9 | # vars.example contains built-in examples to Easy-RSA settings. You MUST name 10 | # this file 'vars' if you want it to be used as a configuration file. If you do 11 | # not, it WILL NOT be automatically read when you call easyrsa commands. 12 | # 13 | # It is not necessary to use this config file unless you wish to change 14 | # operational defaults. These defaults should be fine for many uses without the 15 | # need to copy and edit the 'vars' file. 16 | # 17 | # All of the editable settings are shown commented and start with the command 18 | # 'set_var' -- this means any set_var command that is uncommented has been 19 | # modified by the user. If you're happy with a default, there is no need to 20 | # define the value to its default. 21 | 22 | # NOTES FOR WINDOWS USERS 23 | # 24 | # Paths for Windows *MUST* use forward slashes, or optionally double-esscaped 25 | # backslashes (single forward slashes are recommended.) This means your path to 26 | # the openssl binary might look like this: 27 | # "C:/Program Files/OpenSSL-Win32/bin/openssl.exe" 28 | 29 | # A little housekeeping: DON'T EDIT THIS SECTION 30 | # 31 | # Easy-RSA 3.x doesn't source into the environment directly. 32 | # Complain if a user tries to do this: 33 | if [ -z "$EASYRSA_CALLER" ]; then 34 | echo "You appear to be sourcing an Easy-RSA 'vars' file." >&2 35 | echo "This is no longer necessary and is disallowed. See the section called" >&2 36 | echo "'How to use this file' near the top comments for more details." >&2 37 | return 1 38 | fi 39 | 40 | # DO YOUR EDITS BELOW THIS POINT 41 | 42 | # This variable should point to the top level of the easy-rsa tree. By default, 43 | # this is taken to be the directory you are currently in. 44 | 45 | #set_var EASYRSA "$PWD" 46 | 47 | # If your OpenSSL command is not in the system PATH, you will need to define the 48 | # path to it here. Normally this means a full path to the executable, otherwise 49 | # you could have left it undefined here and the shown default would be used. 50 | # 51 | # Windows users, remember to use paths with forward-slashes (or escaped 52 | # back-slashes.) Windows users should declare the full path to the openssl 53 | # binary here if it is not in their system PATH. 54 | 55 | #set_var EASYRSA_OPENSSL "openssl" 56 | # 57 | # This sample is in Windows syntax -- edit it for your path if not using PATH: 58 | #set_var EASYRSA_OPENSSL "C:/Program Files/OpenSSL-Win32/bin/openssl.exe" 59 | 60 | # Edit this variable to point to your soon-to-be-created key directory. 61 | # 62 | # WARNING: init-pki will do a rm -rf on this directory so make sure you define 63 | # it correctly! (Interactive mode will prompt before acting.) 64 | 65 | #set_var EASYRSA_PKI "$EASYRSA/pki" 66 | 67 | # Define X509 DN mode. 68 | # This is used to adjust what elements are included in the Subject field as the DN 69 | # (this is the "Distinguished Name.") 70 | # Note that in cn_only mode the Organizational fields further below aren't used. 71 | # 72 | # Choices are: 73 | # cn_only - use just a CN value 74 | # org - use the "traditional" Country/Province/City/Org/OU/email/CN format 75 | 76 | #set_var EASYRSA_DN "cn_only" 77 | 78 | # Organizational fields (used with 'org' mode and ignored in 'cn_only' mode.) 79 | # These are the default values for fields which will be placed in the 80 | # certificate. Don't leave any of these fields blank, although interactively 81 | # you may omit any specific field by typing the "." symbol (not valid for 82 | # email.) 83 | 84 | set_var EASYRSA_REQ_COUNTRY "AR" 85 | set_var EASYRSA_REQ_PROVINCE "Buenos Aires" 86 | set_var EASYRSA_REQ_CITY "Ciudad Autonoma de Buenos Aires" 87 | set_var EASYRSA_REQ_ORG "Raspberry PI 2" 88 | set_var EASYRSA_REQ_EMAIL "email@gmail.com" 89 | set_var EASYRSA_REQ_OU "Raspberry PI 2" 90 | 91 | # Choose a size in bits for your keypairs. The recommended value is 2048. Using 92 | # 2048-bit keys is considered more than sufficient for many years into the 93 | # future. Larger keysizes will slow down TLS negotiation and make key/DH param 94 | # generation take much longer. Values up to 4096 should be accepted by most 95 | # software. Only used when the crypto alg is rsa (see below.) 96 | 97 | #set_var EASYRSA_KEY_SIZE 2048 98 | 99 | # The default crypto mode is rsa; ec can enable elliptic curve support. 100 | # Note that not all software supports ECC, so use care when enabling it. 101 | # Choices for crypto alg are: (each in lower-case) 102 | # * rsa 103 | # * ec 104 | 105 | #set_var EASYRSA_ALGO rsa 106 | 107 | # Define the named curve, used in ec mode only: 108 | 109 | #set_var EASYRSA_CURVE secp384r1 110 | 111 | # In how many days should the root CA key expire? 112 | 113 | #set_var EASYRSA_CA_EXPIRE 3650 114 | 115 | # In how many days should certificates expire? 116 | 117 | #set_var EASYRSA_CERT_EXPIRE 3650 118 | 119 | # How many days until the next CRL publish date? Note that the CRL can still be 120 | # parsed after this timeframe passes. It is only used for an expected next 121 | # publication date. 122 | 123 | #set_var EASYRSA_CRL_DAYS 180 124 | 125 | # Support deprecated "Netscape" extensions? (choices "yes" or "no".) The default 126 | # is "no" to discourage use of deprecated extensions. If you require this 127 | # feature to use with --ns-cert-type, set this to "yes" here. This support 128 | # should be replaced with the more modern --remote-cert-tls feature. If you do 129 | # not use --ns-cert-type in your configs, it is safe (and recommended) to leave 130 | # this defined to "no". When set to "yes", server-signed certs get the 131 | # nsCertType=server attribute, and also get any NS_COMMENT defined below in the 132 | # nsComment field. 133 | 134 | #set_var EASYRSA_NS_SUPPORT "no" 135 | 136 | # When NS_SUPPORT is set to "yes", this field is added as the nsComment field. 137 | # Set this blank to omit it. With NS_SUPPORT set to "no" this field is ignored. 138 | 139 | #set_var EASYRSA_NS_COMMENT "Easy-RSA Generated Certificate" 140 | 141 | # A temp file used to stage cert extensions during signing. The default should 142 | # be fine for most users; however, some users might want an alternative under a 143 | # RAM-based FS, such as /dev/shm or /tmp on some systems. 144 | 145 | #set_var EASYRSA_TEMP_FILE "$EASYRSA_PKI/extensions.temp" 146 | 147 | # !! 148 | # NOTE: ADVANCED OPTIONS BELOW THIS POINT 149 | # PLAY WITH THEM AT YOUR OWN RISK 150 | # !! 151 | 152 | # Broken shell command aliases: If you have a largely broken shell that is 153 | # missing any of these POSIX-required commands used by Easy-RSA, you will need 154 | # to define an alias to the proper path for the command. The symptom will be 155 | # some form of a 'command not found' error from your shell. This means your 156 | # shell is BROKEN, but you can hack around it here if you really need. These 157 | # shown values are not defaults: it is up to you to know what you're doing if 158 | # you touch these. 159 | # 160 | #alias awk="/alt/bin/awk" 161 | #alias cat="/alt/bin/cat" 162 | 163 | # X509 extensions directory: 164 | # If you want to customize the X509 extensions used, set the directory to look 165 | # for extensions here. Each cert type you sign must have a matching filename, 166 | # and an optional file named 'COMMON' is included first when present. Note that 167 | # when undefined here, default behaviour is to look in $EASYRSA_PKI first, then 168 | # fallback to $EASYRSA for the 'x509-types' dir. You may override this 169 | # detection with an explicit dir here. 170 | # 171 | #set_var EASYRSA_EXT_DIR "$EASYRSA/x509-types" 172 | 173 | # OpenSSL config file: 174 | # If you need to use a specific openssl config file, you can reference it here. 175 | # Normally this file is auto-detected from a file named openssl-1.0.cnf from the 176 | # EASYRSA_PKI or EASYRSA dir (in that order.) NOTE that this file is Easy-RSA 177 | # specific and you cannot just use a standard config file, so this is an 178 | # advanced feature. 179 | 180 | #set_var EASYRSA_SSL_CONF "$EASYRSA/openssl-1.0.cnf" 181 | 182 | # Default CN: 183 | # This is best left alone. Interactively you will set this manually, and BATCH 184 | # callers are expected to set this themselves. 185 | 186 | #set_var EASYRSA_REQ_CN "ChangeMe" 187 | 188 | # Cryptographic digest to use. 189 | # Do not change this default unless you understand the security implications. 190 | # Valid choices include: md5, sha1, sha256, sha224, sha384, sha512 191 | 192 | #set_var EASYRSA_DIGEST "sha256" 193 | 194 | # Batch mode. Leave this disabled unless you intend to call Easy-RSA explicitly 195 | # in batch mode without any user input, confirmation on dangerous operations, 196 | # or most output. Setting this to any non-blank string enables batch mode. 197 | 198 | #set_var EASYRSA_BATCH "" 199 | 200 | -------------------------------------------------------------------------------- /openvpn/make_config.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | if [ $# -eq 0 ] 4 | then 5 | echo "Usage: $0 profile" 6 | exit 1 7 | fi 8 | 9 | cd /etc/openvpn/easy-rsa/ 10 | easyrsa build-client-full ${1} nopass 11 | 12 | cat /etc/openvpn/client/client.conf \ 13 | <(echo -e '') \ 14 | /etc/openvpn/easy-rsa/pki/ca.crt \ 15 | <(echo -e '\n') \ 16 | /etc/openvpn/easy-rsa/pki/issued/${1}.crt \ 17 | <(echo -e '\n') \ 18 | /etc/openvpn/easy-rsa/pki/private/${1}.key \ 19 | <(echo -e '\n') \ 20 | /etc/openvpn/easy-rsa/keys/ta.key \ 21 | <(echo -e '') \ 22 | > /etc/openvpn/client/${1}.ovpn 23 | -------------------------------------------------------------------------------- /openvpn/revoke: -------------------------------------------------------------------------------- 1 | easyrsa revoke ubuntu 2 | easyrsa gen-crl 3 | systemctl restart openvpn-server@openvpn 4 | -------------------------------------------------------------------------------- /openvpn/server/ipp.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/reynico/my-raspberry/a72f4f5b5ce7aafba64c8228a7ffa7cf23c0d172/openvpn/server/ipp.txt -------------------------------------------------------------------------------- /openvpn/server/openvpn.conf: -------------------------------------------------------------------------------- 1 | port 1194 2 | proto udp 3 | dev tun0 4 | 5 | ca /etc/openvpn/easy-rsa/pki/ca.crt 6 | cert /etc/openvpn/easy-rsa/pki/issued/vpn.myraspberry.com.crt 7 | key /etc/openvpn/easy-rsa/pki/private/vpn.myraspberry.com.key 8 | dh /etc/openvpn/easy-rsa/pki/dh.pem 9 | 10 | server 10.8.0.0 255.255.255.0 11 | ifconfig-pool-persist ipp.txt 12 | keepalive 10 120 13 | comp-lzo 14 | user nobody 15 | group nobody 16 | persist-key 17 | persist-tun 18 | status /var/log/openvpn-status.log 19 | verb 3 20 | 21 | management 127.0.0.1 7505 22 | log-append /var/log/openvpn 23 | status /tmp/vpn.status 10 24 | 25 | tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0 26 | key-direction 0 27 | cipher AES-128-CBC 28 | auth SHA256 29 | 30 | push "redirect-gateway def1" 31 | push "remote-gateway pi.myraspberry.com" 32 | push "dhcp-option DNS 208.67.222.222" 33 | push "dhcp-option DNS 208.67.220.220" 34 | crl-verify /etc/openvpn/easy-rsa/pki/crl.pem 35 | -------------------------------------------------------------------------------- /vimrc: -------------------------------------------------------------------------------- 1 | set mouse=r 2 | set encoding=utf-8 3 | set expandtab smarttab 4 | set shiftwidth=4 softtabstop=4 tabstop=4 5 | set number 6 | set ignorecase 7 | set hlsearch 8 | syntax enable 9 | --------------------------------------------------------------------------------