commit 35acb4920edf1d381cfcaff40b0846a29fb7c620 Author: Miraty Date: Wed Apr 20 00:29:47 2022 +0200 Initial commit diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..bde81ad --- /dev/null +++ b/.gitignore @@ -0,0 +1,4 @@ +/mkosi.cache/ +/mkosi.passphrase +/mkosi.passwd +/mkosi.skeleton/root/.ssh/authorized_keys diff --git a/mkosi.default b/mkosi.default new file mode 100644 index 0000000..b88f628 --- /dev/null +++ b/mkosi.default @@ -0,0 +1,28 @@ +[Validation] +Autologin = yes + +[Output] +Format = directory + +[Content] +BasePackages = yes +WithDocs = yes +WithNetwork = yes +Packages = + tor + torsocks + openssl + certbot + nginx + php-fpm + knot + cargo + sudo + git + man-db + curl + lsof + tree + vim + htop + ncdu diff --git a/mkosi.default.d/arch/mkosi.default b/mkosi.default.d/arch/mkosi.default new file mode 100644 index 0000000..c61086a --- /dev/null +++ b/mkosi.default.d/arch/mkosi.default @@ -0,0 +1,15 @@ +[Distribution] +Distribution = arch + + + +[Output] +Output = /var/lib/machines/niver-arch + +[Content] +Packages = + nginx-mod-headers-more + certbot-nginx + php-sqlite + openssh + iputils diff --git a/mkosi.default.d/debian/mkosi.default b/mkosi.default.d/debian/mkosi.default new file mode 100644 index 0000000..89c3dcd --- /dev/null +++ b/mkosi.default.d/debian/mkosi.default @@ -0,0 +1,17 @@ +[Distribution] +Distribution = debian +Release = bullseye +Mirror = https://deb.debian.org/debian + +[Output] +Output = /var/lib/machines/niver-debian + +[Content] +Packages = + apt-transport-tor + libnginx-mod-http-headers-more-filter + python3-certbot-nginx + knot-dnsutils + php-sqlite3 + openssh-server + iputils-ping diff --git a/mkosi.extra/etc/knot/knot.conf b/mkosi.extra/etc/knot/knot.conf new file mode 100644 index 0000000..43531b9 --- /dev/null +++ b/mkosi.extra/etc/knot/knot.conf @@ -0,0 +1,32 @@ +# Configuration export (Knot DNS 3.1.7) + +server: + version: "Knot" + nsid: "Niver" + rundir: "/run/knot" + user: "knot:knot" + listen: [ "::@42053", "0.0.0.0@42053" ] + +log: + - target: "/var/log/knot/knot.log" + any: "debug" + +database: + storage: "/var/lib/knot" + +policy: + - id: "niver" + algorithm: "ed25519" + nsec3: "on" + +template: + - id: "niver" + storage: "/srv/ns" + file: "%s.zone" + zonefile-load: "difference" + dnssec-signing: "on" + dnssec-policy: "niver" + +zone: + - domain: "niver.test." + template: "niver" diff --git a/mkosi.extra/etc/nginx/default-server.conf b/mkosi.extra/etc/nginx/default-server.conf new file mode 100644 index 0000000..a7fc89f --- /dev/null +++ b/mkosi.extra/etc/nginx/default-server.conf @@ -0,0 +1,26 @@ +server { + listen [::1]:42443 ssl http2 default_server; + listen 127.0.0.1:42443 ssl http2 default_server; + + ssl_certificate /etc/ssl/certs/niver.crt; + ssl_certificate_key /etc/ssl/private/niver.key; + #ssl_stapling off; + + root /srv/php/errors; + try_files index.php index.html $uri $uri/; + index index.php index.html; + + location / { + root /srv/php/errors; + try_files /index.php =500; + index index.php; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_pass unix:/run/php-fpm/errors.sock; + include /etc/nginx/inc/fastcgi.conf; + } + + include /etc/nginx/inc/tls.conf; + include /etc/nginx/inc/errors.conf; + + more_set_headers "Content-Security-Policy : default-src 'none'; frame-ancestors 'none';"; +} diff --git a/mkosi.extra/etc/nginx/http.conf b/mkosi.extra/etc/nginx/http.conf new file mode 100644 index 0000000..2730937 --- /dev/null +++ b/mkosi.extra/etc/nginx/http.conf @@ -0,0 +1,17 @@ +server { + listen [::1]:42080 default_server; + listen 127.0.0.1:42080 default_server; + + return 403; # Don't allow unsecure HTTP requests + + # Display an explanation page + error_page 403 @http403; + location @http403 { + root /srv/php/errors; + try_files /http.php =500; + index http.php; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_pass unix:/run/php-fpm/errors.sock; + include inc/fastcgi.conf; + } +} diff --git a/mkosi.extra/etc/nginx/inc/errors.conf b/mkosi.extra/etc/nginx/inc/errors.conf new file mode 100644 index 0000000..2ccf3db --- /dev/null +++ b/mkosi.extra/etc/nginx/inc/errors.conf @@ -0,0 +1,72 @@ +recursive_error_pages on; + +# 403 Forbidden +error_page 403 @403; +location @403 { + root /srv/php/errors; + try_files /403.html =500; +} + +# 404 Not Found +error_page 404 @local404; +location @local404 { + try_files /404.html /404.md /404.gmi @niver404; +} +location @niver404 { + root /srv/php/errors; + try_files /404.php =500; + index /404.php; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_pass unix:/run/php-fpm/errors.sock; + include inc/fastcgi.conf; + fastcgi_index /404.php; +} + +# 405 Method Not Allowed +error_page 405 @405; +location @405 { + root /srv/php/errors; + try_files /405.html =500; +} + +# 410 Gone +error_page 410 @410; +location @410 { + root /srv/php/errors; + try_files /410.html =500; +} + +# 418 I'm a teapot +error_page 418 @418; +location @418 { + root /srv/php/errors; + try_files /418.html =500; +} + +# 500 Internal Server Error +error_page 500 @500; +location @500 { + root /srv/php/errors; + try_files /500.html =500; +} + +# 502 Bad Gateway +error_page 502 @502; +location @502 { + root /srv/php/errors; + try_files /502.html =500; +} + +# 503 Service Unavailable +error_page 503 @503; +location @503 { + root /srv/php/errors; + try_files /503.html =500; +} + +# 504 Gateway Timeout +error_page 504 @504; +location @504 { + root /srv/php/errors; + try_files /504.html =500; +} diff --git a/mkosi.extra/etc/nginx/inc/fastcgi.conf b/mkosi.extra/etc/nginx/inc/fastcgi.conf new file mode 100644 index 0000000..091738c --- /dev/null +++ b/mkosi.extra/etc/nginx/inc/fastcgi.conf @@ -0,0 +1,26 @@ + +fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; +fastcgi_param QUERY_STRING $query_string; +fastcgi_param REQUEST_METHOD $request_method; +fastcgi_param CONTENT_TYPE $content_type; +fastcgi_param CONTENT_LENGTH $content_length; + +fastcgi_param SCRIPT_NAME $fastcgi_script_name; +fastcgi_param REQUEST_URI $request_uri; +fastcgi_param DOCUMENT_URI $document_uri; +fastcgi_param DOCUMENT_ROOT $document_root; +fastcgi_param SERVER_PROTOCOL $server_protocol; +fastcgi_param REQUEST_SCHEME $scheme; +fastcgi_param HTTPS $https if_not_empty; + +fastcgi_param GATEWAY_INTERFACE CGI/1.1; +fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; + +fastcgi_param REMOTE_ADDR $remote_addr; +fastcgi_param REMOTE_PORT $remote_port; +fastcgi_param SERVER_ADDR $server_addr; +fastcgi_param SERVER_PORT $server_port; +fastcgi_param SERVER_NAME $server_name; + +# PHP only, required if PHP was built with --enable-force-cgi-redirect +fastcgi_param REDIRECT_STATUS 200; diff --git a/mkosi.extra/etc/nginx/inc/ffdhe3072.pem b/mkosi.extra/etc/nginx/inc/ffdhe3072.pem new file mode 100644 index 0000000..fb31ccd --- /dev/null +++ b/mkosi.extra/etc/nginx/inc/ffdhe3072.pem @@ -0,0 +1,11 @@ +-----BEGIN DH PARAMETERS----- +MIIBiAKCAYEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz ++8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a +87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7 +YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi +7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD +ssbzSibBsu/6iGtCOGEfz9zeNVs7ZRkDW7w09N75nAI4YbRvydbmyQd62R0mkff3 +7lmMsPrBhtkcrv4TCYUTknC0EwyTvEN5RPT9RFLi103TZPLiHnH1S/9croKrnJ32 +nuhtK8UiNjoNq8Uhl5sN6todv5pC1cRITgq80Gv6U93vPBsg7j/VnXwl5B0rZsYu +N///////////AgEC +-----END DH PARAMETERS----- diff --git a/mkosi.extra/etc/nginx/inc/ffdhe4096.pem b/mkosi.extra/etc/nginx/inc/ffdhe4096.pem new file mode 100644 index 0000000..3cf0fcb --- /dev/null +++ b/mkosi.extra/etc/nginx/inc/ffdhe4096.pem @@ -0,0 +1,13 @@ +-----BEGIN DH PARAMETERS----- +MIICCAKCAgEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz ++8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a +87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7 +YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi +7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD +ssbzSibBsu/6iGtCOGEfz9zeNVs7ZRkDW7w09N75nAI4YbRvydbmyQd62R0mkff3 +7lmMsPrBhtkcrv4TCYUTknC0EwyTvEN5RPT9RFLi103TZPLiHnH1S/9croKrnJ32 +nuhtK8UiNjoNq8Uhl5sN6todv5pC1cRITgq80Gv6U93vPBsg7j/VnXwl5B0rZp4e +8W5vUsMWTfT7eTDp5OWIV7asfV9C1p9tGHdjzx1VA0AEh/VbpX4xzHpxNciG77Qx +iu1qHgEtnmgyqQdgCpGBMMRtx3j5ca0AOAkpmaMzy4t6Gh25PXFAADwqTs6p+Y0K +zAqCkc3OyX3Pjsm1Wn+IpGtNtahR9EGC4caKAH5eZV9q//////////8CAQI= +-----END DH PARAMETERS----- diff --git a/mkosi.extra/etc/nginx/inc/nginx-types.conf b/mkosi.extra/etc/nginx/inc/nginx-types.conf new file mode 100644 index 0000000..d5b5a36 --- /dev/null +++ b/mkosi.extra/etc/nginx/inc/nginx-types.conf @@ -0,0 +1,1003 @@ +types { +application/A2L a2l; +application/AML aml; +application/andrew-inset ez; +application/ATF atf; +application/ATFX atfx; +application/ATXML atxml; +application/atom+xml atom; +application/atomcat+xml atomcat; +application/atomdeleted+xml atomdeleted; +application/atomsvc+xml atomsvc; +application/atsc-dwd+xml dwd; +application/atsc-held+xml held; +application/atsc-rsat+xml rsat; +application/auth-policy+xml apxml; +application/bacnet-xdd+zip xdd; +application/calendar+xml xcs; +application/cbor cbor; +application/cccex c3ex; +application/ccmp+xml ccmp; +application/ccxml+xml ccxml; +application/CDFX+XML cdfx; +application/cdmi-capability cdmia; +application/cdmi-container cdmic; +application/cdmi-domain cdmid; +application/cdmi-object cdmio; +application/cdmi-queue cdmiq; +application/CEA cea; +application/cellml+xml cellml cml; +application/clue_info+xml clue; +application/cms cmsc; +application/cpl+xml cpl; +application/csrattrs csrattrs; +application/dash+xml mpd; +application/dashdelta mpdd; +application/davmount+xml davmount; +application/DCD dcd; +application/dicom dcm; +application/DII dii; +application/DIT dit; +application/dskpp+xml xmls; +application/dssc+der dssc; +application/dssc+xml xdssc; +application/dvcs dvc; +application/ecmascript es; +application/efi efi; +application/emma+xml emma; +application/emotionml+xml emotionml; +application/epub+zip epub; +application/exi exi; +application/fastinfoset finf; +application/fdt+xml fdt; +application/font-tdpfr pfr; +application/geo+json geojson; +application/geopackage+sqlite3 gpkg; +application/gltf-buffer glbin glbuf; +application/gml+xml gml; +application/gzip gz tgz; +application/hyperstudio stk; +application/inkml+xml ink inkml; +application/ipfix ipfix; +application/its+xml its; +application/javascript js; +application/jrd+json jrd; +application/json json; +application/json-patch+json json-patch; +application/ld+json jsonld; +application/lgr+xml lgr; +application/link-format wlnk; +application/lost+xml lostxml; +application/lostsync+xml lostsyncxml; +application/lpf+zip lpf; +application/LXF lxf; +application/mac-binhex40 hqx; +application/mads+xml mads; +application/marc mrc; +application/marcxml+xml mrcx; +application/mathematica nb ma mb; +application/mathml+xml mml; +application/mbox mbox; +application/metalink4+xml meta4; +application/mets+xml mets; +application/MF4 mf4; +application/mmt-aei+xml maei; +application/mmt-usd+xml musd; +application/mods+xml mods; +application/mp21 m21 mp21; +application/msword doc; +application/mxf mxf; +application/n-quads nq; +application/n-triples nt; +application/ocsp-request orq; +application/ocsp-response ors; +application/octet-stream bin lha lzh exe class so dll img iso; +application/oda oda; +application/ODX odx; +application/oebps-package+xml opf; +application/ogg ogx; +application/oxps oxps; +application/p2p-overlay+xml relo; +application/pdf pdf; +application/PDX pdx; +application/pem-certificate-chain pem; +application/pgp-encrypted pgp; +application/pgp-signature sig; +application/pkcs10 p10; +application/pkcs12 p12 pfx; +application/pkcs7-mime p7m p7c; +application/pkcs7-signature p7s; +application/pkcs8 p8; +application/pkcs8-encrypted p8e; +application/pkix-cert cer; +application/pkix-crl crl; +application/pkix-pkipath pkipath; +application/pkixcmp pki; +application/pls+xml pls; +application/postscript ps eps ai; +application/provenance+xml provx; +application/prs.cww cw cww; +application/prs.hpub+zip hpub; +application/prs.nprend rnd rct; +application/prs.rdf-xml-crypt rdf-crypt; +application/prs.xsf+xml xsf; +application/pskc+xml pskcxml; +application/rdf+xml rdf; +application/route-apd+xml rapd; +application/route-s-tsid+xml sls; +application/route-usd+xml rusd; +application/reginfo+xml rif; +application/relax-ng-compact-syntax rnc; +application/resource-lists-diff+xml rld; +application/resource-lists+xml rl; +application/rfc+xml rfcxml; +application/rls-services+xml rs; +application/rpki-ghostbusters gbr; +application/rpki-manifest mft; +application/rpki-roa roa; +application/rtf rtf; +application/scim+json scim; +application/scvp-cv-request scq; +application/scvp-cv-response scs; +application/scvp-vp-request spq; +application/scvp-vp-response spp; +application/sdp sdp; +application/senml-etch+cbor senml-etchc; +application/senml-etch+json senml-etchj; +application/senml+cbor senmlc; +application/senml+json senml; +application/senml+xml senmlx; +application/senml-exi senmle; +application/sensml+cbor sensmlc; +application/sensml+json sensml; +application/sensml+xml sensmlx; +application/sensml-exi sensmle; +application/sgml-open-catalog soc; +application/shf+xml shf; +application/sieve siv sieve; +application/simple-filter+xml cl; +application/smil+xml smil smi sml; +application/sparql-query rq; +application/sparql-results+xml srx; +application/sql sql; +application/srgs gram; +application/srgs+xml grxml; +application/sru+xml sru; +application/ssml+xml ssml; +application/stix+json stix; +application/swid+xml swidtag; +application/tamp-apex-update tau; +application/tamp-apex-update-confirm auc; +application/tamp-community-update tcu; +application/tamp-community-update-confirm cuc; +application/td+json jsontd; +application/tamp-error ter; +application/tamp-sequence-adjust tsa; +application/tamp-sequence-adjust-confirm sac; +application/tamp-update tur; +application/tamp-update-confirm tuc; +application/tei+xml tei teiCorpus odd; +application/thraud+xml tfi; +application/timestamp-query tsq; +application/timestamp-reply tsr; +application/timestamped-data tsd; +application/trig trig; +application/ttml+xml ttml; +application/urc-grpsheet+xml gsheet; +application/urc-ressheet+xml rsheet; +application/urc-targetdesc+xml td; +application/urc-uisocketdesc+xml uis; +application/vnd.1000minds.decision-model+xml 1km; +application/vnd.3gpp.pic-bw-large plb; +application/vnd.3gpp.pic-bw-small psb; +application/vnd.3gpp.pic-bw-var pvb; +application/vnd.3gpp2.sms sms; +application/vnd.3gpp2.tcap tcap; +application/vnd.3lightssoftware.imagescal imgcal; +application/vnd.3M.Post-it-Notes pwn; +application/vnd.accpac.simply.aso aso; +application/vnd.accpac.simply.imp imp; +application/vnd.acucobol acu; +application/vnd.acucorp atc acutc; +application/vnd.adobe.flash.movie swf; +application/vnd.adobe.formscentral.fcdt fcdt; +application/vnd.adobe.fxp fxp fxpl; +application/vnd.adobe.xdp+xml xdp; +application/vnd.adobe.xfdf xfdf; +application/vnd.afpc.modca list3820 listafp afp pseg3820; +application/vnd.afpc.modca-overlay ovl; +application/vnd.afpc.modca-pagesegment psg; +application/vnd.ahead.space ahead; +application/vnd.airzip.filesecure.azf azf; +application/vnd.airzip.filesecure.azs azs; +application/vnd.amazon.mobi8-ebook azw3; +application/vnd.americandynamics.acc acc; +application/vnd.amiga.ami ami; +application/vnd.android.ota ota; +application/vnd.anki apkg; +application/vnd.anser-web-certificate-issue-initiation cii; +application/vnd.anser-web-funds-transfer-initiation fti; +application/vnd.apple.installer+xml dist distz pkg mpkg; +application/vnd.apple.keynote keynote; +application/vnd.apple.mpegurl m3u8; +application/vnd.apple.numbers numbers; +application/vnd.apple.pages pages; +application/vnd.aristanetworks.swi swi; +application/vnd.artisan+json artisan; +application/vnd.astraea-software.iota iota; +application/vnd.audiograph aep; +application/vnd.autopackage package; +application/vnd.balsamiq.bmml+xml bmml; +application/vnd.banana-accounting ac2; +application/vnd.balsamiq.bmpr bmpr; +application/vnd.blueice.multipass mpm; +application/vnd.bluetooth.ep.oob ep; +application/vnd.bluetooth.le.oob le; +application/vnd.bmi bmi; +application/vnd.businessobjects rep; +application/vnd.cendio.thinlinc.clientconf tlclient; +application/vnd.chemdraw+xml cdxml; +application/vnd.chess-pgn pgn; +application/vnd.chipnuts.karaoke-mmd mmd; +application/vnd.cinderella cdy; +application/vnd.citationstyles.style+xml csl; +application/vnd.claymore cla; +application/vnd.cloanto.rp9 rp9; +application/vnd.clonk.c4group c4g c4d c4f c4p c4u; +application/vnd.cluetrust.cartomobile-config c11amc; +application/vnd.cluetrust.cartomobile-config-pkg c11amz; +application/vnd.coffeescript coffee; +application/vnd.collabio.xodocuments.document xodt; +application/vnd.collabio.xodocuments.document-template xott; +application/vnd.collabio.xodocuments.presentation xodp; +application/vnd.collabio.xodocuments.presentation-template xotp; +application/vnd.collabio.xodocuments.spreadsheet xods; +application/vnd.collabio.xodocuments.spreadsheet-template xots; +application/vnd.comicbook-rar cbr; +application/vnd.comicbook+zip cbz; +application/vnd.commerce-battelle ica icf icd ic0 ic1 ic2 ic3 ic4 ic5 ic6 ic7 ic8; +application/vnd.commonspace csp cst; +application/vnd.contact.cmsg cdbcmsg; +application/vnd.coreos.ignition+json ign ignition; +application/vnd.cosmocaller cmc; +application/vnd.crick.clicker clkx; +application/vnd.crick.clicker.keyboard clkk; +application/vnd.crick.clicker.palette clkp; +application/vnd.crick.clicker.template clkt; +application/vnd.crick.clicker.wordbank clkw; +application/vnd.criticaltools.wbs+xml wbs; +application/vnd.crypto-shade-file ssvc; +application/vnd.ctc-posml pml; +application/vnd.cups-ppd ppd; +application/vnd.curl curl; +application/vnd.dart dart; +application/vnd.data-vision.rdz rdz; +application/vnd.dbf dbf; +application/vnd.debian.binary-package deb udeb; +application/vnd.dece.data uvf uvvf uvd uvvd; +application/vnd.dece.ttml+xml uvt uvvt; +application/vnd.dece.unspecified uvx uvvx; +application/vnd.dece.zip uvz uvvz; +application/vnd.denovo.fcselayout-link fe_launch; +application/vnd.desmume.movie dsm; +application/vnd.dna dna; +application/vnd.document+json docjson; +application/vnd.doremir.scorecloud-binary-document scld; +application/vnd.dpgraph dpg mwc dpgraph; +application/vnd.dreamfactory dfac; +application/vnd.dtg.local.flash fla; +application/vnd.dvb.ait ait; +application/vnd.dvb.service svc; +application/vnd.dynageo geo; +application/vnd.dzr dzr; +application/vnd.ecowin.chart mag; +application/vnd.enliven nml; +application/vnd.epson.esf esf; +application/vnd.epson.msf msf; +application/vnd.epson.quickanime qam; +application/vnd.epson.salt slt; +application/vnd.epson.ssf ssf; +application/vnd.ericsson.quickcall qcall qca; +application/vnd.espass-espass+zip espass; +application/vnd.eszigno3+xml es3 et3; +application/vnd.etsi.asic-e+zip asice sce; +application/vnd.etsi.asic-s+zip asics; +application/vnd.etsi.timestamp-token tst; +application/vnd.exstream-empower+zip mpw; +application/vnd.exstream-package pub; +application/vnd.evolv.ecig.profile ecigprofile; +application/vnd.evolv.ecig.settings ecig; +application/vnd.evolv.ecig.theme ecigtheme; +application/vnd.ezpix-album ez2; +application/vnd.ezpix-package ez3; +application/vnd.fastcopy-disk-image dim; +application/vnd.fdf fdf; +application/vnd.fdsn.mseed msd mseed; +application/vnd.fdsn.seed seed dataless; +application/vnd.ficlab.flb+zip flb; +application/vnd.filmit.zfc zfc; +application/vnd.FloGraphIt gph; +application/vnd.fluxtime.clip ftc; +application/vnd.font-fontforge-sfd sfd; +application/vnd.framemaker fm; +application/vnd.frogans.fnc fnc; +application/vnd.frogans.ltf ltf; +application/vnd.fsc.weblaunch fsc; +application/vnd.fujitsu.oasys oas; +application/vnd.fujitsu.oasys2 oa2; +application/vnd.fujitsu.oasys3 oa3; +application/vnd.fujitsu.oasysgp fg5; +application/vnd.fujitsu.oasysprs bh2; +application/vnd.fujixerox.ddd ddd; +application/vnd.fujixerox.docuworks xdw; +application/vnd.fujixerox.docuworks.binder xbd; +application/vnd.fujixerox.docuworks.container xct; +application/vnd.fuzzysheet fzs; +application/vnd.genomatix.tuxedo txd; +application/vnd.geocube+xml g3 g³; +application/vnd.geogebra.file ggb; +application/vnd.geogebra.tool ggt; +application/vnd.geometry-explorer gex gre; +application/vnd.geonext gxt; +application/vnd.geoplan g2w; +application/vnd.geospace g3w; +application/vnd.gmx gmx; +application/vnd.google-earth.kml+xml kml; +application/vnd.google-earth.kmz kmz; +application/vnd.grafeq gqf gqs; +application/vnd.groove-account gac; +application/vnd.groove-help ghf; +application/vnd.groove-identity-message gim; +application/vnd.groove-injector grv; +application/vnd.groove-tool-message gtm; +application/vnd.groove-tool-template tpl; +application/vnd.groove-vcard vcg; +application/vnd.hal+xml hal; +application/vnd.HandHeld-Entertainment+xml zmm; +application/vnd.hbci hbci hbc kom upa pkd bpd; +application/vnd.hdt hdt; +application/vnd.hhe.lesson-player les; +application/vnd.hp-HPGL hpgl; +application/vnd.hp-hpid hpi hpid; +application/vnd.hp-hps hps; +application/vnd.hp-jlyt jlt; +application/vnd.hp-PCL pcl; +application/vnd.hydrostatix.sof-data sfd-hdstx; +application/vnd.hzn-3d-crossword x3d; +application/vnd.ibm.electronic-media emm; +application/vnd.ibm.MiniPay mpy; +application/vnd.ibm.rights-management irm; +application/vnd.ibm.secure-container sc; +application/vnd.iccprofile icc icm; +application/vnd.ieee.1905 1905.1; +application/vnd.igloader igl; +application/vnd.imagemeter.folder+zip imf; +application/vnd.imagemeter.image+zip imi; +application/vnd.immervision-ivp ivp; +application/vnd.immervision-ivu ivu; +application/vnd.ims.imsccv1p1 imscc; +application/vnd.insors.igm igm; +application/vnd.intercon.formnet xpw xpx; +application/vnd.intergeo i2g; +application/vnd.intu.qbo qbo; +application/vnd.intu.qfx qfx; +application/vnd.ipunplugged.rcprofile rcprofile; +application/vnd.irepository.package+xml irp; +application/vnd.is-xpr xpr; +application/vnd.isac.fcs fcs; +application/vnd.jam jam; +application/vnd.jcp.javame.midlet-rms rms; +application/vnd.jisp jisp; +application/vnd.joost.joda-archive joda; +application/vnd.kahootz ktz ktr; +application/vnd.kde.karbon karbon; +application/vnd.kde.kchart chrt; +application/vnd.kde.kformula kfo; +application/vnd.kde.kivio flw; +application/vnd.kde.kontour kon; +application/vnd.kde.kpresenter kpr kpt; +application/vnd.kde.kspread ksp; +application/vnd.kde.kword kwd kwt; +application/vnd.kenameaapp htke; +application/vnd.kidspiration kia; +application/vnd.Kinar kne knp sdf; +application/vnd.koan skp skd skm skt; +application/vnd.kodak-descriptor sse; +application/vnd.las.las+json lasjson; +application/vnd.las.las+xml lasxml; +application/vnd.llamagraphics.life-balance.desktop lbd; +application/vnd.llamagraphics.life-balance.exchange+xml lbe; +application/vnd.logipipe.circuit+zip lcs lca; +application/vnd.loom loom; +application/vnd.lotus-1-2-3 123 wk4 wk3 wk1; +application/vnd.lotus-approach apr vew; +application/vnd.lotus-freelance prz pre; +application/vnd.lotus-notes nsf ntf ndl ns4 ns3 ns2 nsh nsg; +application/vnd.lotus-organizer or3 or2 org; +application/vnd.lotus-screencam scm; +application/vnd.lotus-wordpro lwp sam; +application/vnd.macports.portpkg portpkg; +application/vnd.mapbox-vector-tile mvt; +application/vnd.marlin.drm.mdcf mdc; +application/vnd.maxmind.maxmind-db mmdb; +application/vnd.mcd mcd; +application/vnd.medcalcdata mc1; +application/vnd.mediastation.cdkey cdkey; +application/vnd.MFER mwf; +application/vnd.mfmp mfm; +application/vnd.micrografx.flo flo; +application/vnd.micrografx.igx igx; +application/vnd.mif mif; +application/vnd.Mobius.DAF daf; +application/vnd.Mobius.DIS dis; +application/vnd.Mobius.MBK mbk; +application/vnd.Mobius.MQY mqy; +application/vnd.Mobius.MSL msl; +application/vnd.Mobius.PLC plc; +application/vnd.Mobius.TXF txf; +application/vnd.mophun.application mpn; +application/vnd.mophun.certificate mpc; +application/vnd.mozilla.xul+xml xul; +application/vnd.ms-3mfdocument 3mf; +application/vnd.ms-artgalry cil; +application/vnd.ms-asf asf; +application/vnd.ms-cab-compressed cab; +application/vnd.ms-excel xls xlm xla xlc xlt xlw; +application/vnd.ms-excel.template.macroEnabled.12 xltm; +application/vnd.ms-excel.addin.macroEnabled.12 xlam; +application/vnd.ms-excel.sheet.binary.macroEnabled.12 xlsb; +application/vnd.ms-excel.sheet.macroEnabled.12 xlsm; +application/vnd.ms-fontobject eot; +application/vnd.ms-htmlhelp chm; +application/vnd.ms-ims ims; +application/vnd.ms-lrm lrm; +application/vnd.ms-officetheme thmx; +application/vnd.ms-powerpoint ppt pps pot; +application/vnd.ms-powerpoint.addin.macroEnabled.12 ppam; +application/vnd.ms-powerpoint.presentation.macroEnabled.12 pptm; +application/vnd.ms-powerpoint.slide.macroEnabled.12 sldm; +application/vnd.ms-powerpoint.slideshow.macroEnabled.12 ppsm; +application/vnd.ms-powerpoint.template.macroEnabled.12 potm; +application/vnd.ms-project mpp mpt; +application/vnd.ms-tnef tnef tnf; +application/vnd.ms-word.document.macroEnabled.12 docm; +application/vnd.ms-word.template.macroEnabled.12 dotm; +application/vnd.ms-works wcm wdb wks wps; +application/vnd.ms-wpl wpl; +application/vnd.ms-xpsdocument xps; +application/vnd.msa-disk-image msa; +application/vnd.mseq mseq; +application/vnd.multiad.creator crtr; +application/vnd.multiad.creator.cif cif; +application/vnd.musician mus; +application/vnd.muvee.style msty; +application/vnd.mynfc taglet; +application/vnd.nervana entity request bkm kcm; +application/vnd.nimn nimn; +application/vnd.nitf nitf; +application/vnd.neurolanguage.nlu nlu; +application/vnd.nintendo.nitro.rom nds; +application/vnd.nintendo.snes.rom sfc smc; +application/vnd.noblenet-directory nnd; +application/vnd.noblenet-sealer nns; +application/vnd.noblenet-web nnw; +application/vnd.nokia.n-gage.ac+xml ac; +application/vnd.nokia.n-gage.data ngdat; +application/vnd.nokia.n-gage.symbian.install n-gage; +application/vnd.nokia.radio-preset rpst; +application/vnd.nokia.radio-presets rpss; +application/vnd.novadigm.EDM edm; +application/vnd.novadigm.EDX edx; +application/vnd.novadigm.EXT ext; +application/vnd.oasis.opendocument.chart odc; +application/vnd.oasis.opendocument.chart-template otc; +application/vnd.oasis.opendocument.database odb; +application/vnd.oasis.opendocument.formula odf; +application/vnd.oasis.opendocument.graphics odg; +application/vnd.oasis.opendocument.graphics-template otg; +application/vnd.oasis.opendocument.image odi; +application/vnd.oasis.opendocument.image-template oti; +application/vnd.oasis.opendocument.presentation odp; +application/vnd.oasis.opendocument.presentation-template otp; +application/vnd.oasis.opendocument.spreadsheet ods; +application/vnd.oasis.opendocument.spreadsheet-template ots; +application/vnd.oasis.opendocument.text odt; +application/vnd.oasis.opendocument.text-master odm; +application/vnd.oasis.opendocument.text-template ott; +application/vnd.oasis.opendocument.text-web oth; +application/vnd.olpc-sugar xo; +application/vnd.oma.dd2+xml dd2; +application/vnd.onepager tam; +application/vnd.onepagertamp tamp; +application/vnd.onepagertamx tamx; +application/vnd.onepagertat tat; +application/vnd.onepagertatp tatp; +application/vnd.onepagertatx tatx; +application/vnd.openblox.game+xml obgx; +application/vnd.openblox.game-binary obg; +application/vnd.openeye.oeb oeb; +application/vnd.openofficeorg.extension oxt; +application/vnd.openstreetmap.data+xml osm; +application/vnd.openxmlformats-officedocument.presentationml.presentation pptx; +application/vnd.openxmlformats-officedocument.presentationml.slide sldx; +application/vnd.openxmlformats-officedocument.presentationml.slideshow ppsx; +application/vnd.openxmlformats-officedocument.presentationml.template potx; +application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx; +application/vnd.openxmlformats-officedocument.spreadsheetml.template xltx; +application/vnd.openxmlformats-officedocument.wordprocessingml.document docx; +application/vnd.openxmlformats-officedocument.wordprocessingml.template dotx; +application/vnd.osa.netdeploy ndc; +application/vnd.osgeo.mapguide.package mgp; +application/vnd.osgi.dp dp; +application/vnd.osgi.subsystem esa; +application/vnd.oxli.countgraph oxlicg; +application/vnd.palm prc pdb pqa oprc; +application/vnd.panoply plp; +application/vnd.patentdive dive; +application/vnd.pawaafile paw; +application/vnd.pg.format str; +application/vnd.pg.osasli ei6; +application/vnd.piaccess.application-license pil; +application/vnd.picsel efif; +application/vnd.pmi.widget wg; +application/vnd.pocketlearn plf; +application/vnd.powerbuilder6 pbd; +application/vnd.preminet preminet; +application/vnd.previewsystems.box box vbox; +application/vnd.proteus.magazine mgz; +application/vnd.psfs psfs; +application/vnd.publishare-delta-tree qps; +application/vnd.pvi.ptid1 ptid; +application/vnd.qualcomm.brew-app-res bar; +application/vnd.Quark.QuarkXPress qxd qxt qwd qwt qxl qxb; +application/vnd.quobject-quoxdocument quox quiz; +application/vnd.rainstor.data tree; +application/vnd.rar rar; +application/vnd.realvnc.bed bed; +application/vnd.recordare.musicxml mxl; +application/vnd.rig.cryptonote cryptonote; +application/vnd.route66.link66+xml link66; +application/vnd.sailingtracker.track st; +application/vnd.sar SAR; +application/vnd.scribus scd sla slaz; +application/vnd.sealed.3df s3df; +application/vnd.sealed.csf scsf; +application/vnd.sealed.doc sdoc sdo s1w; +application/vnd.sealed.eml seml sem; +application/vnd.sealed.mht smht smh; +application/vnd.sealed.ppt sppt s1p; +application/vnd.sealed.tiff stif; +application/vnd.sealed.xls sxls sxl s1e; +application/vnd.sealedmedia.softseal.html stml s1h; +application/vnd.sealedmedia.softseal.pdf spdf spd s1a; +application/vnd.seemail see; +application/vnd.sema sema; +application/vnd.semd semd; +application/vnd.semf semf; +application/vnd.shade-save-file ssv; +application/vnd.shana.informed.formdata ifm; +application/vnd.shana.informed.formtemplate itp; +application/vnd.shana.informed.interchange iif; +application/vnd.shana.informed.package ipk; +application/vnd.shp shp; +application/vnd.shx shx; +application/vnd.sigrok.session sr; +application/vnd.SimTech-MindMapper twd twds; +application/vnd.smaf mmf; +application/vnd.smart.notebook notebook; +application/vnd.smart.teacher teacher; +application/vnd.snesdev-page-table ptrom pt; +application/vnd.software602.filler.form+xml fo; +application/vnd.software602.filler.form-xml-zip zfo; +application/vnd.solent.sdkm+xml sdkm sdkd; +application/vnd.spotfire.dxp dxp; +application/vnd.spotfire.sfs sfs; +application/vnd.sqlite3 sqlite sqlite3; +application/vnd.stepmania.package smzip; +application/vnd.stepmania.stepchart sm; +application/vnd.sun.wadl+xml wadl; +application/vnd.sus-calendar sus susp; +application/vnd.syncml+xml xsm; +application/vnd.syncml.dm+wbxml bdm; +application/vnd.syncml.dm+xml xdm; +application/vnd.syncml.dmddf+xml ddf; +application/vnd.tao.intent-module-archive tao; +application/vnd.tcpdump.pcap pcap cap dmp; +application/vnd.theqvd qvd; +application/vnd.think-cell.ppttc+json ppttc; +application/vnd.tml vfr viaframe; +application/vnd.tmobile-livetv tmo; +application/vnd.trid.tpt tpt; +application/vnd.triscape.mxs mxs; +application/vnd.trueapp tra; +application/vnd.ufdl ufdl ufd frm; +application/vnd.uiq.theme utz; +application/vnd.umajin umj; +application/vnd.unity unityweb; +application/vnd.uoml+xml uoml uo; +application/vnd.uri-map urim urimap; +application/vnd.valve.source.material vmt; +application/vnd.vcx vcx; +application/vnd.vd-study mxi study-inter model-inter; +application/vnd.vectorworks vwx; +application/vnd.veryant.thin istc isws; +application/vnd.ves.encrypted VES; +application/vnd.vidsoft.vidconference vsc; +application/vnd.visio vsd vst vsw vss; +application/vnd.visionary vis; +application/vnd.vsf vsf; +application/vnd.wap.sic sic; +application/vnd.wap.slc slc; +application/vnd.wap.wbxml wbxml; +application/vnd.wap.wmlc wmlc; +application/vnd.wap.wmlscriptc wmlsc; +application/vnd.webturbo wtb; +application/vnd.wfa.p2p p2p; +application/vnd.wfa.wsc wsc; +application/vnd.wmc wmc; +application/vnd.wolfram.mathematica.package m; +application/vnd.wolfram.player nbp; +application/vnd.wordperfect wpd; +application/vnd.wqd wqd; +application/vnd.wt.stf stf; +application/vnd.wv.csp+wbxml wv; +application/vnd.xara xar; +application/vnd.xfdl xfdl xfd; +application/vnd.xmpie.cpkg cpkg; +application/vnd.xmpie.dpkg dpkg; +application/vnd.xmpie.ppkg ppkg; +application/vnd.xmpie.xlim xlim; +application/vnd.yamaha.hv-dic hvd; +application/vnd.yamaha.hv-script hvs; +application/vnd.yamaha.hv-voice hvp; +application/vnd.yamaha.openscoreformat osf; +application/vnd.yamaha.smaf-audio saf; +application/vnd.yamaha.smaf-phrase spf; +application/vnd.yaoweme yme; +application/vnd.yellowriver-custom-menu cmp; +application/vnd.zul zir zirz; +application/vnd.zzazz.deck+xml zaz; +application/voicexml+xml vxml; +application/voucher-cms+json vcj; +application/watcherinfo+xml wif; +application/widget wgt; +application/wsdl+xml wsdl; +application/wspolicy+xml wspolicy; +application/xcap-att+xml xav; +application/xcap-caps+xml xca; +application/xcap-diff+xml xdf; +application/xcap-el+xml xel; +application/xcap-error+xml xer; +application/xcap-ns+xml xns; +application/xhtml+xml xhtml xhtm xht; +application/xliff+xml xlf; +application/xml-dtd dtd; +application/xop+xml xop; +application/xslt+xml xsl xslt; +application/xv+xml mxml xhvml xvml xvm; +application/yang yang; +application/yin+xml yin; +application/zip zip; +application/zstd zst; +audio/32kadpcm 726; +audio/aac adts aac ass; +audio/ac3 ac3; +audio/AMR amr; +audio/AMR-WB awb; +audio/asc acn; +audio/ATRAC-ADVANCED-LOSSLESS aal; +audio/ATRAC-X atx; +audio/ATRAC3 at3 aa3 omg; +audio/basic au snd; +audio/dls dls; +audio/EVRC evc; +audio/EVRCB evb; +audio/EVRCNW enw; +audio/EVRCWB evw; +audio/iLBC lbc; +audio/L16 l16; +audio/mhas mhas; +audio/mobile-xmf mxmf; +audio/mp4 m4a; +audio/mpeg mp3 mpga mp1 mp2; +audio/ogg oga ogg opus spx; +audio/prs.sid sid psid; +audio/qcelp qcp; +audio/SMV smv; +audio/usac loas xhe; +audio/vnd.audikoz koz; +audio/vnd.dece.audio uva uvva; +audio/vnd.digital-winds eol; +audio/vnd.dolby.mlp mlp; +audio/vnd.dts dts; +audio/vnd.dts.hd dtshd; +audio/vnd.everad.plj plj; +audio/vnd.lucent.voice lvp; +audio/vnd.ms-playready.media.pya pya; +audio/vnd.nortel.vbk vbk; +audio/vnd.nuera.ecelp4800 ecelp4800; +audio/vnd.nuera.ecelp7470 ecelp7470; +audio/vnd.nuera.ecelp9600 ecelp9600; +audio/vnd.presonus.multitrack multitrack; +audio/vnd.rip rip; +audio/vnd.sealedmedia.softseal.mpeg smp3 smp s1m; +font/collection ttc; +font/otf otf; +font/ttf ttf; +font/woff woff; +font/woff2 woff2; +image/aces exr; +image/avci avci; +image/avcs avcs; +image/bmp bmp dib; +image/cgm cgm; +image/dicom-rle drle; +image/emf emf; +image/fits fits fit fts; +image/heic heic; +image/heic-sequence heics; +image/heif heif; +image/heif-sequence heifs; +image/hej2k hej2; +image/hsj2 hsj2; +image/gif gif; +image/ief ief; +image/jls jls; +image/jp2 jp2 jpg2; +image/jph jph; +image/jphc jhc; +image/jpeg jpg jpeg jpe jfif; +image/jpm jpm jpgm; +image/jpx jpx jpf; +image/jxr jxr; +image/jxrA jxra; +image/jxrS jxrs; +image/jxs jxs; +image/jxsc jxsc; +image/jxsi jxsi; +image/jxss jxss; +image/ktx ktx; +image/png png; +image/prs.btif btif btf; +image/prs.pti pti; +image/svg+xml svg svgz; +image/t38 t38; +image/tiff tiff tif; +image/tiff-fx tfx; +image/vnd.adobe.photoshop psd; +image/vnd.airzip.accelerator.azv azv; +image/vnd.dece.graphic uvi uvvi uvg uvvg; +image/vnd.djvu djvu djv; +image/vnd.dwg dwg; +image/vnd.dxf dxf; +image/vnd.fastbidsheet fbs; +image/vnd.fpx fpx; +image/vnd.fst fst; +image/vnd.fujixerox.edmics-mmr mmr; +image/vnd.fujixerox.edmics-rlc rlc; +image/vnd.globalgraphics.pgb pgb; +image/vnd.microsoft.icon ico; +image/vnd.mozilla.apng apng; +image/vnd.ms-modi mdi; +image/vnd.radiance hdr rgbe xyze; +image/vnd.sealed.png spng spn s1n; +image/vnd.sealedmedia.softseal.gif sgif sgi s1g; +image/vnd.sealedmedia.softseal.jpg sjpg sjp s1j; +image/vnd.tencent.tap tap; +image/vnd.valve.source.texture vtf; +image/vnd.wap.wbmp wbmp; +image/vnd.xiff xif; +image/vnd.zbrush.pcx pcx; +image/wmf wmf; +message/global u8msg; +message/global-delivery-status u8dsn; +message/global-disposition-notification u8mdn; +message/global-headers u8hdr; +message/rfc822 eml mail art; +model/gltf-binary glb; +model/gltf+json gltf; +model/iges igs iges; +model/mesh msh mesh silo; +model/mtl mtl; +model/obj obj; +model/stl stl; +model/vnd.collada+xml dae; +model/vnd.dwf dwf; +model/vnd.gdl gdl gsm win dor lmp rsm msm ism; +model/vnd.gtw gtw; +model/vnd.moml+xml moml; +model/vnd.mts mts; +model/vnd.opengex ogex; +model/vnd.parasolid.transmit.binary x_b xmt_bin; +model/vnd.parasolid.transmit.text x_t xmt_txt; +model/vnd.usdz+zip usdz; +model/vnd.valve.source.compiled-map bsp; +model/vnd.vtu vtu; +model/vrml wrl vrml; +model/x3d+xml x3db; +model/x3d-vrml x3dv x3dvz; +multipart/vnd.bint.med-plus bmed; +multipart/voice-message vpm; +text/cache-manifest appcache manifest; +text/calendar ics ifb; +text/css css; +text/csv csv; +text/csv-schema csvs; +text/dns soa zone; +text/html html htm; +text/jcr-cnd cnd; +text/markdown markdown md; +text/mizar miz; +text/n3 n3; +text/plain txt asc text pm el c h cc hh cxx hxx f90 conf log; +text/provenance-notation provn; +text/prs.fallenstein.rst rst; +text/prs.lines.tag tag dsc; +text/richtext rtx; +text/sgml sgml sgm; +text/tab-separated-values tsv; +text/troff t tr roff; +text/turtle ttl; +text/uri-list uris uri; +text/vcard vcf vcard; +text/vnd.a a; +text/vnd.abc abc; +text/vnd.ascii-art ascii; +text/vnd.debian.copyright copyright; +text/vnd.DMClientScript dms; +text/vnd.dvb.subtitle sub; +text/vnd.esmertec.theme-descriptor jtd; +text/vnd.ficlab.flt flt; +text/vnd.fly fly; +text/vnd.fmi.flexstor flx; +text/vnd.graphviz gv dot; +text/vnd.hgl hgl; +text/vnd.in3d.3dml 3dml 3dm; +text/vnd.in3d.spot spot spo; +text/vnd.ms-mediapackage mpf; +text/vnd.net2phone.commcenter.command ccc; +text/vnd.senx.warpscript mc2; +text/vnd.si.uricatalogue uric; +text/vnd.sun.j2me.app-descriptor jad; +text/vnd.sosi sos; +text/vnd.trolltech.linguist ts; +text/vnd.wap.si si; +text/vnd.wap.sl sl; +text/vnd.wap.wml wml; +text/vnd.wap.wmlscript wmls; +text/vtt vtt; +text/xml xml xsd rng; +text/xml-external-parsed-entity ent; +video/3gpp 3gp 3gpp; +video/3gpp2 3g2 3gpp2; +video/iso.segment m4s; +video/mj2 mj2 mjp2; +video/mp4 mp4 mpg4 m4v; +video/mpeg mpeg mpg mpe m1v m2v; +video/ogg ogv; +video/quicktime mov qt; +video/vnd.dece.hd uvh uvvh; +video/vnd.dece.mobile uvm uvvm; +video/vnd.dece.mp4 uvu uvvu; +video/vnd.dece.pd uvp uvvp; +video/vnd.dece.sd uvs uvvs; +video/vnd.dece.video uvv uvvv; +video/vnd.dvb.file dvb; +video/vnd.fvt fvt; +video/vnd.mpegurl mxu m4u; +video/vnd.ms-playready.media.pyv pyv; +video/vnd.nokia.interleaved-multimedia nim; +video/vnd.radgamettools.bink bik bk2; +video/vnd.radgamettools.smacker smk; +video/vnd.sealed.mpeg1 smpg s11; +video/vnd.sealed.mpeg4 s14; +video/vnd.sealed.swf sswf ssw; +video/vnd.sealedmedia.softseal.mov smov smo s1q; +video/vnd.youtube.yt yt; +video/vnd.vivo viv; +application/mac-compactpro cpt; +application/metalink+xml metalink; +application/owl+xml owx; +application/rss+xml rss; +application/vnd.android.package-archive apk; +application/vnd.oma.dd+xml dd; +application/vnd.oma.drm.content dcf; +application/vnd.oma.drm.dcf o4a o4v; +application/vnd.oma.drm.message dm; +application/vnd.oma.drm.rights+wbxml drc; +application/vnd.oma.drm.rights+xml dr; +application/vnd.sun.xml.calc sxc; +application/vnd.sun.xml.calc.template stc; +application/vnd.sun.xml.draw sxd; +application/vnd.sun.xml.draw.template std; +application/vnd.sun.xml.impress sxi; +application/vnd.sun.xml.impress.template sti; +application/vnd.sun.xml.math sxm; +application/vnd.sun.xml.writer sxw; +application/vnd.sun.xml.writer.global sxg; +application/vnd.sun.xml.writer.template stw; +application/vnd.symbian.install sis; +application/vnd.wap.mms-message mms; +application/x-annodex anx; +application/x-bcpio bcpio; +application/x-bittorrent torrent; +application/x-bzip2 bz2; +application/x-cdlink vcd; +application/x-chrome-extension crx; +application/x-cpio cpio; +application/x-csh csh; +application/x-director dcr dir dxr; +application/x-dvi dvi; +application/x-futuresplash spl; +application/x-gtar gtar; +application/x-hdf hdf; +application/x-java-archive jar; +application/x-java-jnlp-file jnlp; +application/x-java-pack200 pack; +application/x-killustrator kil; +application/x-latex latex; +application/x-netcdf nc cdf; +application/x-perl pl; +application/x-rpm rpm; +application/x-sh sh; +application/x-shar shar; +application/x-stuffit sit; +application/x-sv4cpio sv4cpio; +application/x-sv4crc sv4crc; +application/x-tar tar; +application/x-tcl tcl; +application/x-tex tex; +application/x-texinfo texinfo texi; +application/x-troff-man man 1 2 3 4 5 6 7 8; +application/x-troff-me me; +application/x-troff-ms ms; +application/x-ustar ustar; +application/x-wais-source src; +application/x-xpinstall xpi; +application/x-xspf+xml xspf; +application/x-xz xz; +audio/midi mid midi kar; +audio/x-aiff aif aiff aifc; +audio/x-annodex axa; +audio/x-flac flac; +audio/x-matroska mka; +audio/x-mod mod ult uni m15 mtm 669 med; +audio/x-mpegurl m3u; +audio/x-ms-wax wax; +audio/x-ms-wma wma; +audio/x-pn-realaudio ram rm; +audio/x-realaudio ra; +audio/x-s3m s3m; +audio/x-stm stm; +audio/x-wav wav; +chemical/x-xyz xyz; +image/webp webp; +image/x-cmu-raster ras; +image/x-portable-anymap pnm; +image/x-portable-bitmap pbm; +image/x-portable-graymap pgm; +image/x-portable-pixmap ppm; +image/x-rgb rgb; +image/x-targa tga; +image/x-xbitmap xbm; +image/x-xpixmap xpm; +image/x-xwindowdump xwd; +text/html-sandboxed sandboxed; +text/x-pod pod; +text/x-setext etx; +video/webm webm; +video/x-annodex axv; +video/x-flv flv; +video/x-javafx fxm; +video/x-matroska mkv; +video/x-matroska-3d mk3d; +video/x-ms-asf asx; +video/x-ms-wm wm; +video/x-ms-wmv wmv; +video/x-ms-wmx wmx; +video/x-ms-wvx wvx; +video/x-msvideo avi; +video/x-sgi-movie movie; +x-conference/x-cooltalk ice; +x-epoc/x-sisx-app sisx; +} diff --git a/mkosi.extra/etc/nginx/inc/niver.conf b/mkosi.extra/etc/nginx/inc/niver.conf new file mode 100644 index 0000000..5dfbfd8 --- /dev/null +++ b/mkosi.extra/etc/nginx/inc/niver.conf @@ -0,0 +1,5 @@ +more_set_headers "Content-Security-Policy : default-src 'self'; object-src 'none'; frame-ancestors 'none'; form-action 'none';"; + +default_type text/plain; + +include inc/tls.conf; diff --git a/mkosi.extra/etc/nginx/inc/security.conf b/mkosi.extra/etc/nginx/inc/security.conf new file mode 100644 index 0000000..f42f6e0 --- /dev/null +++ b/mkosi.extra/etc/nginx/inc/security.conf @@ -0,0 +1,16 @@ +more_set_headers "X-Content-Type-Options : nosniff"; +#more_set_headers "X-XSS-Protection : 1; mode=block"; +#more_set_headers "X-Download-Options : noopen"; +#more_set_headers "X-Permitted-Cross-Domain-Policies : none"; +#more_set_headers "X-Frame-Options : DENY"; +more_set_headers "Referrer-Policy : no-referrer"; +more_set_headers "Strict-Transport-Security : max-age=94608000; includeSubDomains; preload"; +more_clear_headers Server; + +ssl_prefer_server_ciphers off; + +ssl_session_timeout 1d; +ssl_session_cache shared:SSL:50m; +ssl_session_tickets off; + +ssl_early_data off; diff --git a/mkosi.extra/etc/nginx/inc/tls-inter.conf b/mkosi.extra/etc/nginx/inc/tls-inter.conf new file mode 100644 index 0000000..6dabbb4 --- /dev/null +++ b/mkosi.extra/etc/nginx/inc/tls-inter.conf @@ -0,0 +1,5 @@ +ssl_protocols TLSv1.2 TLSv1.3; +ssl_ciphers ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384; +ssl_ecdh_curve X25519:X448; + +include inc/security.conf; diff --git a/mkosi.extra/etc/nginx/inc/tls-laxist.conf b/mkosi.extra/etc/nginx/inc/tls-laxist.conf new file mode 100644 index 0000000..2d78429 --- /dev/null +++ b/mkosi.extra/etc/nginx/inc/tls-laxist.conf @@ -0,0 +1,6 @@ +ssl_protocols TLSv1.2 TLSv1.3; +ssl_ciphers ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-CCM8:DHE-RSA-AES256-CCM8:DHE-RSA-AES128-CCM:DHE-RSA-AES256-CCM; +ssl_ecdh_curve X25519:X448:secp521r1:secp384r1:prime256v1; +ssl_dhparam inc/ffdhe3072.pem; + +include inc/security.conf; diff --git a/mkosi.extra/etc/nginx/inc/tls-strict.conf b/mkosi.extra/etc/nginx/inc/tls-strict.conf new file mode 100644 index 0000000..0490557 --- /dev/null +++ b/mkosi.extra/etc/nginx/inc/tls-strict.conf @@ -0,0 +1,4 @@ +ssl_protocols TLSv1.3; +ssl_ecdh_curve X25519:X448; + +include inc/security.conf; diff --git a/mkosi.extra/etc/nginx/inc/tls.conf b/mkosi.extra/etc/nginx/inc/tls.conf new file mode 100644 index 0000000..0490557 --- /dev/null +++ b/mkosi.extra/etc/nginx/inc/tls.conf @@ -0,0 +1,4 @@ +ssl_protocols TLSv1.3; +ssl_ecdh_curve X25519:X448; + +include inc/security.conf; diff --git a/mkosi.extra/etc/nginx/inc/types.conf b/mkosi.extra/etc/nginx/inc/types.conf new file mode 100644 index 0000000..b349cc8 --- /dev/null +++ b/mkosi.extra/etc/nginx/inc/types.conf @@ -0,0 +1,84 @@ +types { + text/plain txt; + application/octet-stream bin; + + # Hypertext + text/gemini gmi; + text/markdown md; + text/html html; + + # Misc + text/css css; + text/javascript js; + text/csv csv; + text/calendar ics ifb; + text/vtt vtt; + text/dns zone soa; + application/mbox mbox; + application/x-bittorrent torrent; + + # Compressed + application/gzip gz; + application/zip zip; + application/epub+zip epub; + application/pdf pdf; + + # JSON + application/json json; + application/ld+json jsonld; + application/manifest+json webmanifest; + + # XML + application/xml xml; + application/xhtml+xml xhtml; + application/atom+xml atom; + application/atomcat+xml atomcat; + application/atomsvc+xml atomsvc; + application/rss+xml rss; + application/mathml+xml mml; + application/emotionml+xml emotionml; + + # OpenDocument + application/vnd.oasis.opendocument.chart odc; + application/vnd.oasis.opendocument.chart-template otc; + application/vnd.oasis.opendocument.database odb; + application/vnd.oasis.opendocument.formula odf; + application/vnd.oasis.opendocument.formula-template otf; + application/vnd.oasis.opendocument.graphics odg; + application/vnd.oasis.opendocument.graphics-template otg; + application/vnd.oasis.opendocument.image odi; + application/vnd.oasis.opendocument.image-template oti; + application/vnd.oasis.opendocument.presentation odp; + application/vnd.oasis.opendocument.presentation-template otp; + application/vnd.oasis.opendocument.spreadsheet ods; + application/vnd.oasis.opendocument.spreadsheet-template ots; + application/vnd.oasis.opendocument.text odt; + application/vnd.oasis.opendocument.text-master odm; + application/vnd.oasis.opendocument.text-template ott; + application/vnd.oasis.opendocument.text-web oth; + + # Font + font/woff woff; + font/woff2 woff2; + + # Image + image/png png; + image/gif gif; + image/jpeg jpeg jpg; + image/svg+xml svg svgz; + image/webp webp; + image/avif avif; + image/openraster ora; + + # Audio + audio/opus opus; + audio/ogg ogg oga spx; + audio/mpeg mp3; + audio/webm weba; + audio/flac flac; + + # Video + video/ogg ogv; + video/webm webm; + video/mp4 mp4; +} diff --git a/mkosi.extra/etc/nginx/nginx.conf b/mkosi.extra/etc/nginx/nginx.conf new file mode 100644 index 0000000..6acef57 --- /dev/null +++ b/mkosi.extra/etc/nginx/nginx.conf @@ -0,0 +1,42 @@ +load_module "/usr/lib/nginx/modules/ngx_http_headers_more_filter_module.so"; +worker_processes auto; +user nginx nginx; + +events { + worker_connections 1024; +} + +http { + types_hash_bucket_size 128; # Default: 64 + types_hash_max_size 1024; # Default: 1024 + server_names_hash_bucket_size 128; + + # Performance optimisation + sendfile on; + tcp_nopush on; + + # Correct Content-Type header + charset utf-8; + default_type text/plain; + include inc/types.conf; + + # Serve file.gz instead of file if available + gzip_static on; + + # Logging + log_format niver '|$time_local| [$remote_addr]@$server_name {$ssl_protocol $ssl_cipher} "$request" $status $body_bytes_sent "$http_user_agent"'; + access_log /var/log/nginx/access.log niver; + error_log /var/log/nginx/error.log notice; + + # Possible security threats + server_tokens off; + etag off; + autoindex off; + gzip off; + + # Include other configuration + include sites/*.conf; + include ht/*.conf; + include default-server.conf; + include http.conf; +} diff --git a/mkosi.extra/etc/nginx/sites/niver.test.conf b/mkosi.extra/etc/nginx/sites/niver.test.conf new file mode 100644 index 0000000..3e8fcc0 --- /dev/null +++ b/mkosi.extra/etc/nginx/sites/niver.test.conf @@ -0,0 +1,38 @@ +server { + listen [::1]:42443 ssl http2; + listen 127.0.0.1:42443 ssl http2; + server_name niver.test; + + root /srv/php/niver/public; + index index.php index.html index.htm; + try_files $uri $uri/ @extensionless-php; + + include inc/tls.conf; + include inc/errors.conf; + + more_set_headers "Referrer-Policy : same-origin"; + more_set_headers "Content-Security-Policy : default-src 'none'; style-src 'self'; frame-ancestors 'none'; form-action 'self';"; + + location ~ ^/iquane/(db|less|lessphp|inc|niver.log) { + return 403; + } + + location ~ \.inc.php$ { + return 403; + } + + location ~ \.php$ { + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_pass unix:/run/php-fpm/niver.sock; + #fastcgi_index index.php; + include inc/fastcgi.conf; + try_files $uri =404; + } + + location @extensionless-php { + rewrite ^(.*)$ $1.php last; + } + + ssl_certificate /etc/ssl/certs/niver.crt; + ssl_certificate_key /etc/ssl/private/niver.key; +} diff --git a/mkosi.extra/etc/php/php-fpm.d/errors.conf b/mkosi.extra/etc/php/php-fpm.d/errors.conf new file mode 100644 index 0000000..b4db645 --- /dev/null +++ b/mkosi.extra/etc/php/php-fpm.d/errors.conf @@ -0,0 +1,27 @@ +[errors] + +user = php-$pool +group = php-$pool + +listen = /run/php-fpm/$pool.sock + +listen.owner = nginx +listen.group = nginx + +pm = dynamic +pm.max_children = 5 +pm.start_servers = 2 +pm.min_spare_servers = 1 +pm.max_spare_servers = 3 + +access.log = /var/log/php/$pool-access.log + +;chroot = /srv/php/errors +chdir = /srv/php/errors + +catch_workers_output = yes +decorate_workers_output = yes + +clear_env = yes + +security.limit_extensions = .php diff --git a/mkosi.extra/etc/php/php-fpm.d/niver.conf b/mkosi.extra/etc/php/php-fpm.d/niver.conf new file mode 100644 index 0000000..77e98cc --- /dev/null +++ b/mkosi.extra/etc/php/php-fpm.d/niver.conf @@ -0,0 +1,26 @@ +[niver] + +user = php-$pool +group = knot + +listen = /run/php-fpm/$pool.sock + +listen.owner = nginx +listen.group = nginx + +pm = dynamic +pm.max_children = 5 +pm.start_servers = 2 +pm.min_spare_servers = 1 +pm.max_spare_servers = 3 + +access.log = /var/log/php/$pool-access.log + +chdir = /srv/php/$pool + +catch_workers_output = yes +decorate_workers_output = yes + +clear_env = yes + +security.limit_extensions = .php diff --git a/mkosi.extra/etc/ssh/sshd_config b/mkosi.extra/etc/ssh/sshd_config new file mode 100644 index 0000000..80438ae --- /dev/null +++ b/mkosi.extra/etc/ssh/sshd_config @@ -0,0 +1,61 @@ +LogLevel INFO +AllowUsers root +Subsystem sftp internal-sftp +UsePAM yes + +# Network + +AddressFamily any +ListenAddress [::] +ListenAddress 0.0.0.0 +Port 42022 + +# Cryptography + +HostKey /etc/ssh/ed25519 + +Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com +HostKeyAlgorithms ssh-ed25519 +KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org +MACs hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-128-etm@openssh.com + +# Sessions + +PermitRootLogin prohibit-password +StrictModes yes +MaxAuthTries 6 +MaxSessions 1 +MaxStartups 3:20:200 +LoginGraceTime 3m +PrintMotd yes + +# Disable everything + +PermitTTY no +PermitTunnel no + +AllowTcpForwarding no +X11Forwarding no +AllowAgentForwarding no +AllowStreamLocalForwarding no +DisableForwarding yes # Disables all forwarding features, including X11, ssh-agent(1), TCP and StreamLocal. + +PermitUserRC no +PermitUserEnvironment no +IgnoreRhosts yes +AuthorizedKeysFile none + +AuthenticationMethods none +PubkeyAuthentication no +PasswordAuthentication no +KbdInteractiveAuthentication no +PermitEmptyPasswords no +ChallengeResponseAuthentication no + +# Enable what is necessary + +Match User root + PermitTTY yes + PubkeyAuthentication yes + AuthenticationMethods publickey + AuthorizedKeysFile .ssh/authorized_keys diff --git a/mkosi.nspawn b/mkosi.nspawn new file mode 100644 index 0000000..5eb3cc5 --- /dev/null +++ b/mkosi.nspawn @@ -0,0 +1,3 @@ +[Network] +Private=no +VirtualEthernet=no diff --git a/mkosi.postinst b/mkosi.postinst new file mode 100755 index 0000000..8bb18fa --- /dev/null +++ b/mkosi.postinst @@ -0,0 +1,10 @@ +#!/usr/bin/bash + +source /etc/os-release + +if [[ $ID = "arch" ]]; then + systemctl enable sshd + systemctl enable knot + systemctl enable nginx + systemctl enable php-fpm +fi diff --git a/mkosi.prepare b/mkosi.prepare new file mode 100755 index 0000000..1303282 --- /dev/null +++ b/mkosi.prepare @@ -0,0 +1,51 @@ +#!/usr/bin/bash + +# Clean configuration directories (will be filled with mkosi.extra/) +rm -r /etc/nginx/* +rm -r /etc/ssh/* +source /etc/os-release +if [[ $ID = "debian" ]]; then + rm -r /etc/php/7.4/fpm/pool.d/* +fi + +# Create system users +useradd -U -r -s /usr/sbin/nologin nginx +useradd -U -r -s /usr/sbin/nologin php-niver +useradd -U -r -s /usr/sbin/nologin php-errors +useradd -U -r -s /usr/sbin/nologin sftpgo + +# Set proper permissions + +chown -R knot:knot /var/log/knot +chmod -R 700 /var/log/knot + +chown -R knot:php-niver /srv/ns +chmod -R 770 /srv/ns + +chown -R php-niver:nginx /srv/ht +chmod -R 740 /srv/ht + +chown -R php-niver:nginx /srv/php/niver/public/css/ +chmod -R 750 /srv/php/niver/public/css/ + +chown -R php-niver:php-niver /srv/php/niver/db +chmod -R 700 /srv/php/niver/db + +chown -R php-niver:php-niver /srv/php/niver/niver.log +chmod -R 600 /srv/php/niver/niver.log + +# Load configuration in Knot database +systemctl stop knot +sudo -u knot knotc conf-import /etc/knot/knot.conf +systemctl start knot + +# Generate default self-signed TLS key pair +openssl req -subj '/' -new -newkey RSA:3072 -days 3650 -nodes -x509 -keyout /etc/ssl/private/niver.key -out /etc/ssl/certs/niver.crt + +# Generate SSH server key pair +ssh-keygen -f /etc/ssh/ed25519 -t ed25519 -N "" +ssh-keygen -lvf /etc/ssh/ed25519 > /etc/ssh/ed25519.fp + +# Configure PHP-FPM properly +echo "display_errors = On" >> /etc/php/php.ini +echo "extension = pdo_sqlite" >> /etc/php/php.ini diff --git a/mkosi.skeleton/etc/apt/sources.list b/mkosi.skeleton/etc/apt/sources.list new file mode 100644 index 0000000..da07084 --- /dev/null +++ b/mkosi.skeleton/etc/apt/sources.list @@ -0,0 +1,3 @@ +deb tor+http://2s4yqjx5ul6okpp3f2gaunr2syex5jgbfpfvhxxbbjwnrsvbk5v3qbid.onion/debian bullseye main +deb tor+http://2s4yqjx5ul6okpp3f2gaunr2syex5jgbfpfvhxxbbjwnrsvbk5v3qbid.onion/debian bullseye-backports main +deb tor+http://5ajw6aqf3ep7sijnscdzw77t7xq4xjpsy335yb2wiwgouo7yfxtjlmid.onion/debian-security bullseye-security main diff --git a/mkosi.skeleton/etc/pacman.d/mirrorlist b/mkosi.skeleton/etc/pacman.d/mirrorlist new file mode 100644 index 0000000..a8e0ad0 --- /dev/null +++ b/mkosi.skeleton/etc/pacman.d/mirrorlist @@ -0,0 +1,3 @@ +Server = https://mirror.ibakerserver.pt/Arch/$repo/os/$arch +Server = https://arch.juline.tech/$repo/os/$arch +Server = https://mirror.theo546.fr/archlinux/$repo/os/$arch diff --git a/mkosi.skeleton/etc/resolv.conf b/mkosi.skeleton/etc/resolv.conf new file mode 100644 index 0000000..5c089d6 --- /dev/null +++ b/mkosi.skeleton/etc/resolv.conf @@ -0,0 +1 @@ +nameserver 127.0.0.53 diff --git a/mkosi.skeleton/etc/systemd/resolved.conf.d/fdn.conf b/mkosi.skeleton/etc/systemd/resolved.conf.d/fdn.conf new file mode 100644 index 0000000..655bea3 --- /dev/null +++ b/mkosi.skeleton/etc/systemd/resolved.conf.d/fdn.conf @@ -0,0 +1,6 @@ +[Resolve] +# https://www.fdn.fr/actions/dns/ +DNS=2001:910:800::40 2001:910:800::12 80.67.169.40 80.67.169.12 +FallbackDNS= +DNSSEC=yes +Cache=yes diff --git a/mkosi.skeleton/etc/systemd/system/sftpgo.service b/mkosi.skeleton/etc/systemd/system/sftpgo.service new file mode 100644 index 0000000..7d9c6eb --- /dev/null +++ b/mkosi.skeleton/etc/systemd/system/sftpgo.service @@ -0,0 +1,27 @@ +[Unit] +Description=SFTPGo Server +After=network.target + +[Service] +User=sftpgo +Group=sftpgo +Type=simple +WorkingDirectory=/etc/sftpgo +Environment=SFTPGO_CONFIG_DIR=/etc/sftpgo/ +Environment=SFTPGO_LOG_FILE_PATH= +EnvironmentFile=-/etc/sftpgo/sftpgo.env +ExecStart=/usr/local/bin/sftpgo serve +ExecReload=/bin/kill -s HUP $MAINPID +LimitNOFILE=8192 +KillMode=mixed +PrivateTmp=true +Restart=always +RestartSec=10s +NoNewPrivileges=yes +PrivateDevices=yes +DevicePolicy=closed +ProtectSystem=true +RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX + +[Install] +WantedBy=multi-user.target diff --git a/mkosi.skeleton/root/build-maniver.sh b/mkosi.skeleton/root/build-maniver.sh new file mode 100755 index 0000000..193ba0d --- /dev/null +++ b/mkosi.skeleton/root/build-maniver.sh @@ -0,0 +1,5 @@ +#!/usr/bin/bash + +cd /root/maniver +cargo build --release +cp /root/maniver/target/release/maniver /usr/local/bin/maniver diff --git a/mkosi.skeleton/root/build-sftpgo.sh b/mkosi.skeleton/root/build-sftpgo.sh new file mode 100755 index 0000000..f8a37f5 --- /dev/null +++ b/mkosi.skeleton/root/build-sftpgo.sh @@ -0,0 +1,8 @@ +#!/usr/bin/bash + +git clone https://github.com/drakkan/sftpgo /root/sftpgo-src +cd /root/sftpgo-src +git checkout v2.2.2 +apt update +apt install -y golang-1.18 +/usr/lib/go-1.18/bin/go build -tags nogcs,nos3,noazblob,nobolt,nomysql,nopgsql,noportable,nometrics -o /usr/local/bin/sftpgo diff --git a/mkosi.skeleton/root/maniver b/mkosi.skeleton/root/maniver new file mode 160000 index 0000000..2ad9fe6 --- /dev/null +++ b/mkosi.skeleton/root/maniver @@ -0,0 +1 @@ +Subproject commit 2ad9fe6f3d7d3fc44cc03ef569d82dd601b51664 diff --git a/mkosi.skeleton/srv/ns/niver.test.zone b/mkosi.skeleton/srv/ns/niver.test.zone new file mode 100644 index 0000000..c0954e3 --- /dev/null +++ b/mkosi.skeleton/srv/ns/niver.test.zone @@ -0,0 +1,6 @@ +niver.test. 10800 SOA ns1.niver.test. admin.niver.test. 0 21600 7200 3628800 3600 +niver.test. 86400 NS ns1.niver.test. +niver.test. 10800 A 127.0.0.1 +niver.test. 10800 AAAA ::1 +ns1.niver.test. 10800 A 127.0.0.1 +ns1.niver.test. 10800 AAAA ::1 diff --git a/mkosi.skeleton/srv/php/errors/400.html b/mkosi.skeleton/srv/php/errors/400.html new file mode 100644 index 0000000..04bdaf1 --- /dev/null +++ b/mkosi.skeleton/srv/php/errors/400.html @@ -0,0 +1,15 @@ + + + + + + Bad request · HTTP 400 + + +

Bad request

+

+ The request is malformed. +

+ HTTP 400 + + diff --git a/mkosi.skeleton/srv/php/errors/403.html b/mkosi.skeleton/srv/php/errors/403.html new file mode 100644 index 0000000..d678b35 --- /dev/null +++ b/mkosi.skeleton/srv/php/errors/403.html @@ -0,0 +1,15 @@ + + + + + + Access forbidden · HTTP 403 + + +

Access forbidden

+

+ The server refused to process the request for security reasons. +

+ HTTP 403 + + diff --git a/mkosi.skeleton/srv/php/errors/404.en.html b/mkosi.skeleton/srv/php/errors/404.en.html new file mode 100644 index 0000000..f7985d9 --- /dev/null +++ b/mkosi.skeleton/srv/php/errors/404.en.html @@ -0,0 +1,19 @@ + + + + + + File not found · HTTP 404 + + +

File not found

+

+ The server did not find anything at the requested address. +

+ + HTTP 404 + + diff --git a/mkosi.skeleton/srv/php/errors/404.fr.html b/mkosi.skeleton/srv/php/errors/404.fr.html new file mode 100644 index 0000000..3f81091 --- /dev/null +++ b/mkosi.skeleton/srv/php/errors/404.fr.html @@ -0,0 +1,19 @@ + + + + + + Fichier introuvable · HTTP 404 + + +

Fichier introuvable

+

+ Le serveur n'a rien trouvé à l'adresse demandée. +

+ + HTTP 404 + + diff --git a/mkosi.skeleton/srv/php/errors/404.php b/mkosi.skeleton/srv/php/errors/404.php new file mode 100644 index 0000000..425db2f --- /dev/null +++ b/mkosi.skeleton/srv/php/errors/404.php @@ -0,0 +1,20 @@ + diff --git a/mkosi.skeleton/srv/php/errors/405.html b/mkosi.skeleton/srv/php/errors/405.html new file mode 100644 index 0000000..1945473 --- /dev/null +++ b/mkosi.skeleton/srv/php/errors/405.html @@ -0,0 +1,15 @@ + + + + + + Method Not Allowed · HTTP 405 + + +

Method Not Allowed

+

+ The request method is not supported for this resource. +

+ HTTP 405 + + diff --git a/mkosi.skeleton/srv/php/errors/410.html b/mkosi.skeleton/srv/php/errors/410.html new file mode 100644 index 0000000..ff5f6ce --- /dev/null +++ b/mkosi.skeleton/srv/php/errors/410.html @@ -0,0 +1,15 @@ + + + + + + Gone · HTTP 410 + + +

Gone

+

+ The requested resource is not available anymore. +

+ HTTP 410 + + diff --git a/mkosi.skeleton/srv/php/errors/418.html b/mkosi.skeleton/srv/php/errors/418.html new file mode 100644 index 0000000..112b012 --- /dev/null +++ b/mkosi.skeleton/srv/php/errors/418.html @@ -0,0 +1,15 @@ + + + + + + I'm a teapot · HTTP 418 + + +

I'm a teapot

+

+ Your coffee cannot be brewed because this server is a teapot. +

+ HTTP 418 + + diff --git a/mkosi.skeleton/srv/php/errors/500.html b/mkosi.skeleton/srv/php/errors/500.html new file mode 100644 index 0000000..969e90b --- /dev/null +++ b/mkosi.skeleton/srv/php/errors/500.html @@ -0,0 +1,19 @@ + + + + + + Server error · HTTP 500 + + +

Server error

+

+ The server encountered an error and is unable to satisfy your request. +

+ + HTTP 500 + + diff --git a/mkosi.skeleton/srv/php/errors/502.html b/mkosi.skeleton/srv/php/errors/502.html new file mode 100644 index 0000000..e3b10e0 --- /dev/null +++ b/mkosi.skeleton/srv/php/errors/502.html @@ -0,0 +1,19 @@ + + + + + + Bad gateway · HTTP 502 + + +

Bad gateway

+

+ The backend server encountered an error and is unable to satisfy your request. +

+ + HTTP 502 + + diff --git a/mkosi.skeleton/srv/php/errors/503.html b/mkosi.skeleton/srv/php/errors/503.html new file mode 100644 index 0000000..9c624d4 --- /dev/null +++ b/mkosi.skeleton/srv/php/errors/503.html @@ -0,0 +1,19 @@ + + + + + + Service unavailable · HTTP 503 + + +

Service unavailable

+

+ The server cannot handle the request, because it is overloaded or down for maintenance. +

+ + HTTP 503 + + diff --git a/mkosi.skeleton/srv/php/errors/504.html b/mkosi.skeleton/srv/php/errors/504.html new file mode 100644 index 0000000..6b63932 --- /dev/null +++ b/mkosi.skeleton/srv/php/errors/504.html @@ -0,0 +1,19 @@ + + + + + + Gateway timeout · HTTP 504 + + +

Gateway timeout

+

+ The backend server did not send a timely response. +

+ + HTTP 504 + + diff --git a/mkosi.skeleton/srv/php/errors/default-domain.en.html b/mkosi.skeleton/srv/php/errors/default-domain.en.html new file mode 100644 index 0000000..da4e656 --- /dev/null +++ b/mkosi.skeleton/srv/php/errors/default-domain.en.html @@ -0,0 +1,11 @@ + + + + + Broken site + + +

Broken site

+ The site you're trying to reach is misconfigured. This domain seems to be pointing to this server, but this server is not aware of a site using this domain. + + diff --git a/mkosi.skeleton/srv/php/errors/default-ip.en.html b/mkosi.skeleton/srv/php/errors/default-ip.en.html new file mode 100644 index 0000000..92e9057 --- /dev/null +++ b/mkosi.skeleton/srv/php/errors/default-ip.en.html @@ -0,0 +1,11 @@ + + + + + Nothing here + + +

Nothing here

+ You reached Niver's default site using IP address. There's nothing for you here. + + diff --git a/mkosi.skeleton/srv/php/errors/http.html b/mkosi.skeleton/srv/php/errors/http.html new file mode 100644 index 0000000..644aae5 --- /dev/null +++ b/mkosi.skeleton/srv/php/errors/http.html @@ -0,0 +1,23 @@ + + + + + + Not available over unsecure HTTP + + +

Not available over unsecure HTTP

+

+ This server does not accept unsecure HTTP requests. Use HTTPS instead. +

+
+ What happened? + You made a request to the server using the unsecure HTTP protocol (http://). For privacy and security reasons, the server does not accept this, as unsecure HTTP connections can be watched and modified by any device on the way. +
+
+ How to solve this? + You can tell your browser to use HTTPS by prefixing the URL with https://. +
+ HTTP 400 + + diff --git a/mkosi.skeleton/srv/php/errors/http.php b/mkosi.skeleton/srv/php/errors/http.php new file mode 100644 index 0000000..e0e7712 --- /dev/null +++ b/mkosi.skeleton/srv/php/errors/http.php @@ -0,0 +1,45 @@ + + + + + + + + Not available over unsecure HTTP + + +

Not available over unsecure HTTP

+

+ This server does not accept unsecure HTTP requests. Use HTTPS instead. +

+
+ What happened? + You made a request to the server using the unsecure HTTP protocol (http://). For privacy and security reasons, the server does not accept this, as unsecure HTTP connections can be watched and modified by any device on the way. +
+
+ How to solve this? + You can tell your browser to use HTTPS by prefixing the URL with https://. +
+ HTTP 403 + + + + diff --git a/mkosi.skeleton/srv/php/errors/index.php b/mkosi.skeleton/srv/php/errors/index.php new file mode 100644 index 0000000..dfc9602 --- /dev/null +++ b/mkosi.skeleton/srv/php/errors/index.php @@ -0,0 +1,8 @@ + diff --git a/mkosi.skeleton/srv/php/niver b/mkosi.skeleton/srv/php/niver new file mode 160000 index 0000000..9a2eb0a --- /dev/null +++ b/mkosi.skeleton/srv/php/niver @@ -0,0 +1 @@ +Subproject commit 9a2eb0a18e6f5d464af6d130c291dc916a5d73c9 diff --git a/mkosi.skeleton/usr/local/bin/maniver b/mkosi.skeleton/usr/local/bin/maniver new file mode 100755 index 0000000..c8d2a46 Binary files /dev/null and b/mkosi.skeleton/usr/local/bin/maniver differ diff --git a/mkosi.skeleton/usr/local/bin/sftpgo b/mkosi.skeleton/usr/local/bin/sftpgo new file mode 100755 index 0000000..0a7aa99 Binary files /dev/null and b/mkosi.skeleton/usr/local/bin/sftpgo differ diff --git a/mkosi.skeleton/usr/local/share/niver/knot.template b/mkosi.skeleton/usr/local/share/niver/knot.template new file mode 100644 index 0000000..11577c8 --- /dev/null +++ b/mkosi.skeleton/usr/local/share/niver/knot.template @@ -0,0 +1,2 @@ +DOMAIN 3600 SOA ns1.niver.test. admin.niver.test. 1 21600 7200 3628800 3600 +DOMAIN 86400 NS ns1.niver.test. diff --git a/mkosi.skeleton/usr/local/share/niver/nginx/dns.template b/mkosi.skeleton/usr/local/share/niver/nginx/dns.template new file mode 100644 index 0000000..03e9a4d --- /dev/null +++ b/mkosi.skeleton/usr/local/share/niver/nginx/dns.template @@ -0,0 +1,15 @@ +server { + listen [::]:{{HTTPS_PORT}} ssl http2; + listen 0.0.0.0:{{HTTPS_PORT}} ssl http2; + server_name {{DOMAIN}}; + root {{HT_PATH}}/{{USERNAME}}/ht/{{DIR}}; + + ssl_certificate /etc/ssl/certs/niver.crt; + ssl_certificate_key /etc/ssl/private/niver.key; + + include inc/tls.conf; + + location / { + try_files $uri $uri.html $uri/ =404; + } +} diff --git a/mkosi.skeleton/usr/local/share/niver/nginx/onion.template b/mkosi.skeleton/usr/local/share/niver/nginx/onion.template new file mode 100644 index 0000000..98bdf03 --- /dev/null +++ b/mkosi.skeleton/usr/local/share/niver/nginx/onion.template @@ -0,0 +1,9 @@ +server { + listen [::1]:{{INTERNAL_ONION_HTTP_PORT}}; + server_name {{DOMAIN}}; + root {{HT_PATH}}/{{USERNAME}}/ht/{{DIR}}; + + location / { + try_files $uri $uri.html $uri/ =404; + } +}