commit 35acb4920edf1d381cfcaff40b0846a29fb7c620
Author: Miraty <miraty@antopie.org>
Date:   Wed Apr 20 00:29:47 2022 +0200

    Initial commit

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..bde81ad
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,4 @@
+/mkosi.cache/
+/mkosi.passphrase
+/mkosi.passwd
+/mkosi.skeleton/root/.ssh/authorized_keys
diff --git a/mkosi.default b/mkosi.default
new file mode 100644
index 0000000..b88f628
--- /dev/null
+++ b/mkosi.default
@@ -0,0 +1,28 @@
+[Validation]
+Autologin = yes
+
+[Output]
+Format = directory
+
+[Content]
+BasePackages = yes
+WithDocs = yes
+WithNetwork = yes
+Packages =
+	tor
+	torsocks
+	openssl
+	certbot
+	nginx
+	php-fpm
+	knot
+	cargo
+	sudo
+	git
+	man-db
+	curl
+	lsof
+	tree
+	vim
+	htop
+	ncdu
diff --git a/mkosi.default.d/arch/mkosi.default b/mkosi.default.d/arch/mkosi.default
new file mode 100644
index 0000000..c61086a
--- /dev/null
+++ b/mkosi.default.d/arch/mkosi.default
@@ -0,0 +1,15 @@
+[Distribution]
+Distribution = arch
+
+
+
+[Output]
+Output = /var/lib/machines/niver-arch
+
+[Content]
+Packages =
+	nginx-mod-headers-more
+	certbot-nginx
+	php-sqlite
+	openssh
+	iputils
diff --git a/mkosi.default.d/debian/mkosi.default b/mkosi.default.d/debian/mkosi.default
new file mode 100644
index 0000000..89c3dcd
--- /dev/null
+++ b/mkosi.default.d/debian/mkosi.default
@@ -0,0 +1,17 @@
+[Distribution]
+Distribution = debian
+Release = bullseye
+Mirror = https://deb.debian.org/debian
+
+[Output]
+Output = /var/lib/machines/niver-debian
+
+[Content]
+Packages =
+	apt-transport-tor
+	libnginx-mod-http-headers-more-filter
+	python3-certbot-nginx
+	knot-dnsutils
+	php-sqlite3
+	openssh-server
+	iputils-ping
diff --git a/mkosi.extra/etc/knot/knot.conf b/mkosi.extra/etc/knot/knot.conf
new file mode 100644
index 0000000..43531b9
--- /dev/null
+++ b/mkosi.extra/etc/knot/knot.conf
@@ -0,0 +1,32 @@
+# Configuration export (Knot DNS 3.1.7)
+
+server:
+  version: "Knot"
+  nsid: "Niver"
+  rundir: "/run/knot"
+  user: "knot:knot"
+  listen: [ "::@42053", "0.0.0.0@42053" ]
+
+log:
+  - target: "/var/log/knot/knot.log"
+    any: "debug"
+
+database:
+  storage: "/var/lib/knot"
+
+policy:
+  - id: "niver"
+    algorithm: "ed25519"
+    nsec3: "on"
+
+template:
+  - id: "niver"
+    storage: "/srv/ns"
+    file: "%s.zone"
+    zonefile-load: "difference"
+    dnssec-signing: "on"
+    dnssec-policy: "niver"
+
+zone:
+  - domain: "niver.test."
+    template: "niver"
diff --git a/mkosi.extra/etc/nginx/default-server.conf b/mkosi.extra/etc/nginx/default-server.conf
new file mode 100644
index 0000000..a7fc89f
--- /dev/null
+++ b/mkosi.extra/etc/nginx/default-server.conf
@@ -0,0 +1,26 @@
+server {
+	listen [::1]:42443 ssl http2 default_server;
+	listen 127.0.0.1:42443 ssl http2 default_server;
+
+	ssl_certificate /etc/ssl/certs/niver.crt;
+	ssl_certificate_key /etc/ssl/private/niver.key;
+	#ssl_stapling off;
+
+	root /srv/php/errors;
+	try_files index.php index.html $uri $uri/;
+	index index.php index.html;
+
+	location / {
+		root /srv/php/errors;
+		try_files /index.php =500;
+		index index.php;
+		fastcgi_split_path_info ^(.+\.php)(/.+)$;
+		fastcgi_pass unix:/run/php-fpm/errors.sock;
+		include /etc/nginx/inc/fastcgi.conf;
+	}
+
+	include /etc/nginx/inc/tls.conf;
+	include /etc/nginx/inc/errors.conf;
+
+	more_set_headers "Content-Security-Policy : default-src 'none'; frame-ancestors 'none';";
+}
diff --git a/mkosi.extra/etc/nginx/http.conf b/mkosi.extra/etc/nginx/http.conf
new file mode 100644
index 0000000..2730937
--- /dev/null
+++ b/mkosi.extra/etc/nginx/http.conf
@@ -0,0 +1,17 @@
+server {
+	listen [::1]:42080 default_server;
+	listen 127.0.0.1:42080 default_server;
+
+	return 403; # Don't allow unsecure HTTP requests
+
+	# Display an explanation page
+	error_page 403 @http403;
+	location @http403 {
+		root /srv/php/errors;
+		try_files /http.php =500;
+		index http.php;
+		fastcgi_split_path_info ^(.+\.php)(/.+)$;
+		fastcgi_pass unix:/run/php-fpm/errors.sock;
+		include inc/fastcgi.conf;
+	}
+}
diff --git a/mkosi.extra/etc/nginx/inc/errors.conf b/mkosi.extra/etc/nginx/inc/errors.conf
new file mode 100644
index 0000000..2ccf3db
--- /dev/null
+++ b/mkosi.extra/etc/nginx/inc/errors.conf
@@ -0,0 +1,72 @@
+recursive_error_pages on;
+
+# 403 Forbidden
+error_page 403 @403;
+location @403 {
+	root /srv/php/errors;
+	try_files /403.html =500;
+}
+
+# 404 Not Found
+error_page 404 @local404;
+location @local404 {
+	try_files /404.html /404.md /404.gmi @niver404;
+}
+location @niver404 {
+	root /srv/php/errors;
+	try_files /404.php =500;
+	index /404.php;
+	fastcgi_split_path_info ^(.+\.php)(/.+)$;
+	fastcgi_pass unix:/run/php-fpm/errors.sock;
+	include inc/fastcgi.conf;
+	fastcgi_index /404.php;
+}
+
+# 405 Method Not Allowed
+error_page 405 @405;
+location @405 {
+	root /srv/php/errors;
+	try_files /405.html =500;
+}
+
+# 410 Gone
+error_page 410 @410;
+location @410 {
+	root /srv/php/errors;
+	try_files /410.html =500;
+}
+
+# 418 I'm a teapot
+error_page 418 @418;
+location @418 {
+	root /srv/php/errors;
+	try_files /418.html =500;
+}
+
+# 500 Internal Server Error
+error_page 500 @500;
+location @500 {
+	root /srv/php/errors;
+	try_files /500.html =500;
+}
+
+# 502 Bad Gateway
+error_page 502 @502;
+location @502 {
+	root /srv/php/errors;
+	try_files /502.html =500;
+}
+
+# 503 Service Unavailable
+error_page 503 @503;
+location @503 {
+	root /srv/php/errors;
+	try_files /503.html =500;
+}
+
+# 504 Gateway Timeout
+error_page 504 @504;
+location @504 {
+	root /srv/php/errors;
+	try_files /504.html =500;
+}
diff --git a/mkosi.extra/etc/nginx/inc/fastcgi.conf b/mkosi.extra/etc/nginx/inc/fastcgi.conf
new file mode 100644
index 0000000..091738c
--- /dev/null
+++ b/mkosi.extra/etc/nginx/inc/fastcgi.conf
@@ -0,0 +1,26 @@
+
+fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
+fastcgi_param  QUERY_STRING       $query_string;
+fastcgi_param  REQUEST_METHOD     $request_method;
+fastcgi_param  CONTENT_TYPE       $content_type;
+fastcgi_param  CONTENT_LENGTH     $content_length;
+
+fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
+fastcgi_param  REQUEST_URI        $request_uri;
+fastcgi_param  DOCUMENT_URI       $document_uri;
+fastcgi_param  DOCUMENT_ROOT      $document_root;
+fastcgi_param  SERVER_PROTOCOL    $server_protocol;
+fastcgi_param  REQUEST_SCHEME     $scheme;
+fastcgi_param  HTTPS              $https if_not_empty;
+
+fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
+fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;
+
+fastcgi_param  REMOTE_ADDR        $remote_addr;
+fastcgi_param  REMOTE_PORT        $remote_port;
+fastcgi_param  SERVER_ADDR        $server_addr;
+fastcgi_param  SERVER_PORT        $server_port;
+fastcgi_param  SERVER_NAME        $server_name;
+
+# PHP only, required if PHP was built with --enable-force-cgi-redirect
+fastcgi_param  REDIRECT_STATUS    200;
diff --git a/mkosi.extra/etc/nginx/inc/ffdhe3072.pem b/mkosi.extra/etc/nginx/inc/ffdhe3072.pem
new file mode 100644
index 0000000..fb31ccd
--- /dev/null
+++ b/mkosi.extra/etc/nginx/inc/ffdhe3072.pem
@@ -0,0 +1,11 @@
+-----BEGIN DH PARAMETERS-----
+MIIBiAKCAYEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz
++8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a
+87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7
+YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi
+7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD
+ssbzSibBsu/6iGtCOGEfz9zeNVs7ZRkDW7w09N75nAI4YbRvydbmyQd62R0mkff3
+7lmMsPrBhtkcrv4TCYUTknC0EwyTvEN5RPT9RFLi103TZPLiHnH1S/9croKrnJ32
+nuhtK8UiNjoNq8Uhl5sN6todv5pC1cRITgq80Gv6U93vPBsg7j/VnXwl5B0rZsYu
+N///////////AgEC
+-----END DH PARAMETERS-----
diff --git a/mkosi.extra/etc/nginx/inc/ffdhe4096.pem b/mkosi.extra/etc/nginx/inc/ffdhe4096.pem
new file mode 100644
index 0000000..3cf0fcb
--- /dev/null
+++ b/mkosi.extra/etc/nginx/inc/ffdhe4096.pem
@@ -0,0 +1,13 @@
+-----BEGIN DH PARAMETERS-----
+MIICCAKCAgEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz
++8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a
+87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7
+YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi
+7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD
+ssbzSibBsu/6iGtCOGEfz9zeNVs7ZRkDW7w09N75nAI4YbRvydbmyQd62R0mkff3
+7lmMsPrBhtkcrv4TCYUTknC0EwyTvEN5RPT9RFLi103TZPLiHnH1S/9croKrnJ32
+nuhtK8UiNjoNq8Uhl5sN6todv5pC1cRITgq80Gv6U93vPBsg7j/VnXwl5B0rZp4e
+8W5vUsMWTfT7eTDp5OWIV7asfV9C1p9tGHdjzx1VA0AEh/VbpX4xzHpxNciG77Qx
+iu1qHgEtnmgyqQdgCpGBMMRtx3j5ca0AOAkpmaMzy4t6Gh25PXFAADwqTs6p+Y0K
+zAqCkc3OyX3Pjsm1Wn+IpGtNtahR9EGC4caKAH5eZV9q//////////8CAQI=
+-----END DH PARAMETERS-----
diff --git a/mkosi.extra/etc/nginx/inc/nginx-types.conf b/mkosi.extra/etc/nginx/inc/nginx-types.conf
new file mode 100644
index 0000000..d5b5a36
--- /dev/null
+++ b/mkosi.extra/etc/nginx/inc/nginx-types.conf
@@ -0,0 +1,1003 @@
+types {
+application/A2L					a2l;
+application/AML					aml;
+application/andrew-inset			ez;
+application/ATF					atf;
+application/ATFX				atfx;
+application/ATXML				atxml;
+application/atom+xml				atom;
+application/atomcat+xml				atomcat;
+application/atomdeleted+xml			atomdeleted;
+application/atomsvc+xml				atomsvc;
+application/atsc-dwd+xml			dwd;
+application/atsc-held+xml			held;
+application/atsc-rsat+xml			rsat;
+application/auth-policy+xml			apxml;
+application/bacnet-xdd+zip			xdd;
+application/calendar+xml			xcs;
+application/cbor				cbor;
+application/cccex				c3ex;
+application/ccmp+xml				ccmp;
+application/ccxml+xml				ccxml;
+application/CDFX+XML				cdfx;
+application/cdmi-capability			cdmia;
+application/cdmi-container			cdmic;
+application/cdmi-domain				cdmid;
+application/cdmi-object				cdmio;
+application/cdmi-queue				cdmiq;
+application/CEA					cea;
+application/cellml+xml				cellml cml;
+application/clue_info+xml			clue;
+application/cms					cmsc;
+application/cpl+xml				cpl;
+application/csrattrs				csrattrs;
+application/dash+xml				mpd;
+application/dashdelta				mpdd;
+application/davmount+xml			davmount;
+application/DCD					dcd;
+application/dicom				dcm;
+application/DII					dii;
+application/DIT					dit;
+application/dskpp+xml				xmls;
+application/dssc+der				dssc;
+application/dssc+xml				xdssc;
+application/dvcs				dvc;
+application/ecmascript				es;
+application/efi					efi;
+application/emma+xml				emma;
+application/emotionml+xml			emotionml;
+application/epub+zip				epub;
+application/exi					exi;
+application/fastinfoset				finf;
+application/fdt+xml				fdt;
+application/font-tdpfr				pfr;
+application/geo+json				geojson;
+application/geopackage+sqlite3			gpkg;
+application/gltf-buffer				glbin glbuf;
+application/gml+xml				gml;
+application/gzip				gz tgz;
+application/hyperstudio				stk;
+application/inkml+xml				ink inkml;
+application/ipfix				ipfix;
+application/its+xml				its;
+application/javascript				js;
+application/jrd+json				jrd;
+application/json				json;
+application/json-patch+json			json-patch;
+application/ld+json				jsonld;
+application/lgr+xml				lgr;
+application/link-format				wlnk;
+application/lost+xml				lostxml;
+application/lostsync+xml			lostsyncxml;
+application/lpf+zip				lpf;
+application/LXF					lxf;
+application/mac-binhex40			hqx;
+application/mads+xml				mads;
+application/marc				mrc;
+application/marcxml+xml				mrcx;
+application/mathematica				nb ma mb;
+application/mathml+xml				mml;
+application/mbox				mbox;
+application/metalink4+xml			meta4;
+application/mets+xml				mets;
+application/MF4					mf4;
+application/mmt-aei+xml				maei;
+application/mmt-usd+xml				musd;
+application/mods+xml				mods;
+application/mp21				m21 mp21;
+application/msword				doc;
+application/mxf					mxf;
+application/n-quads				nq;
+application/n-triples				nt;
+application/ocsp-request			orq;
+application/ocsp-response			ors;
+application/octet-stream		bin lha lzh exe class so dll img iso;
+application/oda					oda;
+application/ODX					odx;
+application/oebps-package+xml			opf;
+application/ogg					ogx;
+application/oxps				oxps;
+application/p2p-overlay+xml			relo;
+application/pdf					pdf;
+application/PDX					pdx;
+application/pem-certificate-chain		pem;
+application/pgp-encrypted			pgp;
+application/pgp-signature			sig;
+application/pkcs10				p10;
+application/pkcs12				p12 pfx;
+application/pkcs7-mime				p7m p7c;
+application/pkcs7-signature			p7s;
+application/pkcs8				p8;
+application/pkcs8-encrypted			p8e;
+application/pkix-cert				cer;
+application/pkix-crl				crl;
+application/pkix-pkipath			pkipath;
+application/pkixcmp				pki;
+application/pls+xml				pls;
+application/postscript				ps eps ai;
+application/provenance+xml			provx;
+application/prs.cww				cw cww;
+application/prs.hpub+zip			hpub;
+application/prs.nprend				rnd rct;
+application/prs.rdf-xml-crypt			rdf-crypt;
+application/prs.xsf+xml				xsf;
+application/pskc+xml				pskcxml;
+application/rdf+xml				rdf;
+application/route-apd+xml			rapd;
+application/route-s-tsid+xml			sls;
+application/route-usd+xml			rusd;
+application/reginfo+xml				rif;
+application/relax-ng-compact-syntax		rnc;
+application/resource-lists-diff+xml		rld;
+application/resource-lists+xml			rl;
+application/rfc+xml				rfcxml;
+application/rls-services+xml			rs;
+application/rpki-ghostbusters			gbr;
+application/rpki-manifest			mft;
+application/rpki-roa				roa;
+application/rtf					rtf;
+application/scim+json				scim;
+application/scvp-cv-request			scq;
+application/scvp-cv-response			scs;
+application/scvp-vp-request			spq;
+application/scvp-vp-response			spp;
+application/sdp					sdp;
+application/senml-etch+cbor			senml-etchc;
+application/senml-etch+json			senml-etchj;
+application/senml+cbor				senmlc;
+application/senml+json				senml;
+application/senml+xml				senmlx;
+application/senml-exi				senmle;
+application/sensml+cbor				sensmlc;
+application/sensml+json				sensml;
+application/sensml+xml				sensmlx;
+application/sensml-exi				sensmle;
+application/sgml-open-catalog			soc;
+application/shf+xml				shf;
+application/sieve				siv sieve;
+application/simple-filter+xml			cl;
+application/smil+xml				smil smi sml;
+application/sparql-query			rq;
+application/sparql-results+xml			srx;
+application/sql					sql;
+application/srgs				gram;
+application/srgs+xml				grxml;
+application/sru+xml				sru;
+application/ssml+xml				ssml;
+application/stix+json				stix;
+application/swid+xml				swidtag;
+application/tamp-apex-update			tau;
+application/tamp-apex-update-confirm		auc;
+application/tamp-community-update		tcu;
+application/tamp-community-update-confirm	cuc;
+application/td+json				jsontd;
+application/tamp-error				ter;
+application/tamp-sequence-adjust		tsa;
+application/tamp-sequence-adjust-confirm	sac;
+application/tamp-update				tur;
+application/tamp-update-confirm			tuc;
+application/tei+xml				tei teiCorpus odd;
+application/thraud+xml				tfi;
+application/timestamp-query			tsq;
+application/timestamp-reply			tsr;
+application/timestamped-data			tsd;
+application/trig				trig;
+application/ttml+xml				ttml;
+application/urc-grpsheet+xml			gsheet;
+application/urc-ressheet+xml			rsheet;
+application/urc-targetdesc+xml			td;
+application/urc-uisocketdesc+xml		uis;
+application/vnd.1000minds.decision-model+xml	1km;
+application/vnd.3gpp.pic-bw-large		plb;
+application/vnd.3gpp.pic-bw-small		psb;
+application/vnd.3gpp.pic-bw-var			pvb;
+application/vnd.3gpp2.sms			sms;
+application/vnd.3gpp2.tcap			tcap;
+application/vnd.3lightssoftware.imagescal	imgcal;
+application/vnd.3M.Post-it-Notes		pwn;
+application/vnd.accpac.simply.aso		aso;
+application/vnd.accpac.simply.imp		imp;
+application/vnd.acucobol			acu;
+application/vnd.acucorp				atc acutc;
+application/vnd.adobe.flash.movie		swf;
+application/vnd.adobe.formscentral.fcdt		fcdt;
+application/vnd.adobe.fxp			fxp fxpl;
+application/vnd.adobe.xdp+xml			xdp;
+application/vnd.adobe.xfdf			xfdf;
+application/vnd.afpc.modca			list3820 listafp afp pseg3820;
+application/vnd.afpc.modca-overlay		ovl;
+application/vnd.afpc.modca-pagesegment		psg;
+application/vnd.ahead.space			ahead;
+application/vnd.airzip.filesecure.azf		azf;
+application/vnd.airzip.filesecure.azs		azs;
+application/vnd.amazon.mobi8-ebook		azw3;
+application/vnd.americandynamics.acc		acc;
+application/vnd.amiga.ami			ami;
+application/vnd.android.ota			ota;
+application/vnd.anki				apkg;
+application/vnd.anser-web-certificate-issue-initiation	cii;
+application/vnd.anser-web-funds-transfer-initiation	fti;
+application/vnd.apple.installer+xml		dist distz pkg mpkg;
+application/vnd.apple.keynote			keynote;
+application/vnd.apple.mpegurl			m3u8;
+application/vnd.apple.numbers			numbers;
+application/vnd.apple.pages			pages;
+application/vnd.aristanetworks.swi		swi;
+application/vnd.artisan+json			artisan;
+application/vnd.astraea-software.iota		iota;
+application/vnd.audiograph			aep;
+application/vnd.autopackage			package;
+application/vnd.balsamiq.bmml+xml		bmml;
+application/vnd.banana-accounting		ac2;
+application/vnd.balsamiq.bmpr			bmpr;
+application/vnd.blueice.multipass		mpm;
+application/vnd.bluetooth.ep.oob		ep;
+application/vnd.bluetooth.le.oob		le;
+application/vnd.bmi				bmi;
+application/vnd.businessobjects			rep;
+application/vnd.cendio.thinlinc.clientconf	tlclient;
+application/vnd.chemdraw+xml			cdxml;
+application/vnd.chess-pgn			pgn;
+application/vnd.chipnuts.karaoke-mmd		mmd;
+application/vnd.cinderella			cdy;
+application/vnd.citationstyles.style+xml	csl;
+application/vnd.claymore			cla;
+application/vnd.cloanto.rp9			rp9;
+application/vnd.clonk.c4group			c4g c4d c4f c4p c4u;
+application/vnd.cluetrust.cartomobile-config	c11amc;
+application/vnd.cluetrust.cartomobile-config-pkg	c11amz;
+application/vnd.coffeescript			coffee;
+application/vnd.collabio.xodocuments.document	xodt;
+application/vnd.collabio.xodocuments.document-template	xott;
+application/vnd.collabio.xodocuments.presentation	xodp;
+application/vnd.collabio.xodocuments.presentation-template	xotp;
+application/vnd.collabio.xodocuments.spreadsheet	xods;
+application/vnd.collabio.xodocuments.spreadsheet-template	xots;
+application/vnd.comicbook-rar			cbr;
+application/vnd.comicbook+zip			cbz;
+application/vnd.commerce-battelle	ica icf icd ic0 ic1 ic2 ic3 ic4 ic5 ic6 ic7 ic8;
+application/vnd.commonspace			csp cst;
+application/vnd.contact.cmsg			cdbcmsg;
+application/vnd.coreos.ignition+json		ign ignition;
+application/vnd.cosmocaller			cmc;
+application/vnd.crick.clicker			clkx;
+application/vnd.crick.clicker.keyboard		clkk;
+application/vnd.crick.clicker.palette		clkp;
+application/vnd.crick.clicker.template		clkt;
+application/vnd.crick.clicker.wordbank		clkw;
+application/vnd.criticaltools.wbs+xml		wbs;
+application/vnd.crypto-shade-file		ssvc;
+application/vnd.ctc-posml			pml;
+application/vnd.cups-ppd			ppd;
+application/vnd.curl				curl;
+application/vnd.dart				dart;
+application/vnd.data-vision.rdz			rdz;
+application/vnd.dbf				dbf;
+application/vnd.debian.binary-package		deb udeb;
+application/vnd.dece.data			uvf uvvf uvd uvvd;
+application/vnd.dece.ttml+xml			uvt uvvt;
+application/vnd.dece.unspecified		uvx uvvx;
+application/vnd.dece.zip			uvz uvvz;
+application/vnd.denovo.fcselayout-link		fe_launch;
+application/vnd.desmume.movie			dsm;
+application/vnd.dna				dna;
+application/vnd.document+json			docjson;
+application/vnd.doremir.scorecloud-binary-document	scld;
+application/vnd.dpgraph				dpg mwc dpgraph;
+application/vnd.dreamfactory			dfac;
+application/vnd.dtg.local.flash			fla;
+application/vnd.dvb.ait				ait;
+application/vnd.dvb.service			svc;
+application/vnd.dynageo				geo;
+application/vnd.dzr				dzr;
+application/vnd.ecowin.chart			mag;
+application/vnd.enliven				nml;
+application/vnd.epson.esf			esf;
+application/vnd.epson.msf			msf;
+application/vnd.epson.quickanime		qam;
+application/vnd.epson.salt			slt;
+application/vnd.epson.ssf			ssf;
+application/vnd.ericsson.quickcall		qcall qca;
+application/vnd.espass-espass+zip		espass;
+application/vnd.eszigno3+xml			es3 et3;
+application/vnd.etsi.asic-e+zip			asice sce;
+application/vnd.etsi.asic-s+zip			asics;
+application/vnd.etsi.timestamp-token		tst;
+application/vnd.exstream-empower+zip		mpw;
+application/vnd.exstream-package		pub;
+application/vnd.evolv.ecig.profile		ecigprofile;
+application/vnd.evolv.ecig.settings		ecig;
+application/vnd.evolv.ecig.theme		ecigtheme;
+application/vnd.ezpix-album			ez2;
+application/vnd.ezpix-package			ez3;
+application/vnd.fastcopy-disk-image		dim;
+application/vnd.fdf				fdf;
+application/vnd.fdsn.mseed			msd mseed;
+application/vnd.fdsn.seed			seed dataless;
+application/vnd.ficlab.flb+zip			flb;
+application/vnd.filmit.zfc			zfc;
+application/vnd.FloGraphIt			gph;
+application/vnd.fluxtime.clip			ftc;
+application/vnd.font-fontforge-sfd		sfd;
+application/vnd.framemaker			fm;
+application/vnd.frogans.fnc			fnc;
+application/vnd.frogans.ltf			ltf;
+application/vnd.fsc.weblaunch			fsc;
+application/vnd.fujitsu.oasys			oas;
+application/vnd.fujitsu.oasys2			oa2;
+application/vnd.fujitsu.oasys3			oa3;
+application/vnd.fujitsu.oasysgp			fg5;
+application/vnd.fujitsu.oasysprs		bh2;
+application/vnd.fujixerox.ddd			ddd;
+application/vnd.fujixerox.docuworks		xdw;
+application/vnd.fujixerox.docuworks.binder	xbd;
+application/vnd.fujixerox.docuworks.container	xct;
+application/vnd.fuzzysheet			fzs;
+application/vnd.genomatix.tuxedo		txd;
+application/vnd.geocube+xml			g3 g³;
+application/vnd.geogebra.file			ggb;
+application/vnd.geogebra.tool			ggt;
+application/vnd.geometry-explorer		gex gre;
+application/vnd.geonext				gxt;
+application/vnd.geoplan				g2w;
+application/vnd.geospace			g3w;
+application/vnd.gmx				gmx;
+application/vnd.google-earth.kml+xml		kml;
+application/vnd.google-earth.kmz		kmz;
+application/vnd.grafeq				gqf gqs;
+application/vnd.groove-account			gac;
+application/vnd.groove-help			ghf;
+application/vnd.groove-identity-message		gim;
+application/vnd.groove-injector			grv;
+application/vnd.groove-tool-message		gtm;
+application/vnd.groove-tool-template		tpl;
+application/vnd.groove-vcard			vcg;
+application/vnd.hal+xml				hal;
+application/vnd.HandHeld-Entertainment+xml	zmm;
+application/vnd.hbci				hbci hbc kom upa pkd bpd;
+application/vnd.hdt				hdt;
+application/vnd.hhe.lesson-player		les;
+application/vnd.hp-HPGL				hpgl;
+application/vnd.hp-hpid				hpi hpid;
+application/vnd.hp-hps				hps;
+application/vnd.hp-jlyt				jlt;
+application/vnd.hp-PCL				pcl;
+application/vnd.hydrostatix.sof-data		sfd-hdstx;
+application/vnd.hzn-3d-crossword		x3d;
+application/vnd.ibm.electronic-media		emm;
+application/vnd.ibm.MiniPay			mpy;
+application/vnd.ibm.rights-management		irm;
+application/vnd.ibm.secure-container		sc;
+application/vnd.iccprofile			icc icm;
+application/vnd.ieee.1905			1905.1;
+application/vnd.igloader			igl;
+application/vnd.imagemeter.folder+zip		imf;
+application/vnd.imagemeter.image+zip		imi;
+application/vnd.immervision-ivp			ivp;
+application/vnd.immervision-ivu			ivu;
+application/vnd.ims.imsccv1p1			imscc;
+application/vnd.insors.igm			igm;
+application/vnd.intercon.formnet		xpw xpx;
+application/vnd.intergeo			i2g;
+application/vnd.intu.qbo			qbo;
+application/vnd.intu.qfx			qfx;
+application/vnd.ipunplugged.rcprofile		rcprofile;
+application/vnd.irepository.package+xml		irp;
+application/vnd.is-xpr				xpr;
+application/vnd.isac.fcs			fcs;
+application/vnd.jam				jam;
+application/vnd.jcp.javame.midlet-rms		rms;
+application/vnd.jisp				jisp;
+application/vnd.joost.joda-archive		joda;
+application/vnd.kahootz				ktz ktr;
+application/vnd.kde.karbon			karbon;
+application/vnd.kde.kchart			chrt;
+application/vnd.kde.kformula			kfo;
+application/vnd.kde.kivio			flw;
+application/vnd.kde.kontour			kon;
+application/vnd.kde.kpresenter			kpr kpt;
+application/vnd.kde.kspread			ksp;
+application/vnd.kde.kword			kwd kwt;
+application/vnd.kenameaapp			htke;
+application/vnd.kidspiration			kia;
+application/vnd.Kinar				kne knp sdf;
+application/vnd.koan				skp skd skm skt;
+application/vnd.kodak-descriptor		sse;
+application/vnd.las.las+json			lasjson;
+application/vnd.las.las+xml			lasxml;
+application/vnd.llamagraphics.life-balance.desktop	lbd;
+application/vnd.llamagraphics.life-balance.exchange+xml	lbe;
+application/vnd.logipipe.circuit+zip		lcs lca;
+application/vnd.loom				loom;
+application/vnd.lotus-1-2-3			123 wk4 wk3 wk1;
+application/vnd.lotus-approach			apr vew;
+application/vnd.lotus-freelance			prz pre;
+application/vnd.lotus-notes			nsf ntf ndl ns4 ns3 ns2 nsh nsg;
+application/vnd.lotus-organizer			or3 or2 org;
+application/vnd.lotus-screencam			scm;
+application/vnd.lotus-wordpro			lwp sam;
+application/vnd.macports.portpkg		portpkg;
+application/vnd.mapbox-vector-tile		mvt;
+application/vnd.marlin.drm.mdcf			mdc;
+application/vnd.maxmind.maxmind-db		mmdb;
+application/vnd.mcd				mcd;
+application/vnd.medcalcdata			mc1;
+application/vnd.mediastation.cdkey		cdkey;
+application/vnd.MFER				mwf;
+application/vnd.mfmp				mfm;
+application/vnd.micrografx.flo			flo;
+application/vnd.micrografx.igx			igx;
+application/vnd.mif				mif;
+application/vnd.Mobius.DAF			daf;
+application/vnd.Mobius.DIS			dis;
+application/vnd.Mobius.MBK			mbk;
+application/vnd.Mobius.MQY			mqy;
+application/vnd.Mobius.MSL			msl;
+application/vnd.Mobius.PLC			plc;
+application/vnd.Mobius.TXF			txf;
+application/vnd.mophun.application		mpn;
+application/vnd.mophun.certificate		mpc;
+application/vnd.mozilla.xul+xml			xul;
+application/vnd.ms-3mfdocument			3mf;
+application/vnd.ms-artgalry			cil;
+application/vnd.ms-asf				asf;
+application/vnd.ms-cab-compressed		cab;
+application/vnd.ms-excel			xls xlm xla xlc xlt xlw;
+application/vnd.ms-excel.template.macroEnabled.12	xltm;
+application/vnd.ms-excel.addin.macroEnabled.12	xlam;
+application/vnd.ms-excel.sheet.binary.macroEnabled.12	xlsb;
+application/vnd.ms-excel.sheet.macroEnabled.12	xlsm;
+application/vnd.ms-fontobject			eot;
+application/vnd.ms-htmlhelp			chm;
+application/vnd.ms-ims				ims;
+application/vnd.ms-lrm				lrm;
+application/vnd.ms-officetheme			thmx;
+application/vnd.ms-powerpoint			ppt pps pot;
+application/vnd.ms-powerpoint.addin.macroEnabled.12	ppam;
+application/vnd.ms-powerpoint.presentation.macroEnabled.12	pptm;
+application/vnd.ms-powerpoint.slide.macroEnabled.12	sldm;
+application/vnd.ms-powerpoint.slideshow.macroEnabled.12	ppsm;
+application/vnd.ms-powerpoint.template.macroEnabled.12	potm;
+application/vnd.ms-project			mpp mpt;
+application/vnd.ms-tnef				tnef tnf;
+application/vnd.ms-word.document.macroEnabled.12	docm;
+application/vnd.ms-word.template.macroEnabled.12	dotm;
+application/vnd.ms-works			wcm wdb wks wps;
+application/vnd.ms-wpl				wpl;
+application/vnd.ms-xpsdocument			xps;
+application/vnd.msa-disk-image			msa;
+application/vnd.mseq				mseq;
+application/vnd.multiad.creator			crtr;
+application/vnd.multiad.creator.cif		cif;
+application/vnd.musician			mus;
+application/vnd.muvee.style			msty;
+application/vnd.mynfc				taglet;
+application/vnd.nervana				entity request bkm kcm;
+application/vnd.nimn				nimn;
+application/vnd.nitf				nitf;
+application/vnd.neurolanguage.nlu		nlu;
+application/vnd.nintendo.nitro.rom		nds;
+application/vnd.nintendo.snes.rom		sfc smc;
+application/vnd.noblenet-directory		nnd;
+application/vnd.noblenet-sealer			nns;
+application/vnd.noblenet-web			nnw;
+application/vnd.nokia.n-gage.ac+xml		ac;
+application/vnd.nokia.n-gage.data		ngdat;
+application/vnd.nokia.n-gage.symbian.install	n-gage;
+application/vnd.nokia.radio-preset		rpst;
+application/vnd.nokia.radio-presets		rpss;
+application/vnd.novadigm.EDM			edm;
+application/vnd.novadigm.EDX			edx;
+application/vnd.novadigm.EXT			ext;
+application/vnd.oasis.opendocument.chart			odc;
+application/vnd.oasis.opendocument.chart-template		otc;
+application/vnd.oasis.opendocument.database			odb;
+application/vnd.oasis.opendocument.formula			odf;
+application/vnd.oasis.opendocument.graphics			odg;
+application/vnd.oasis.opendocument.graphics-template		otg;
+application/vnd.oasis.opendocument.image			odi;
+application/vnd.oasis.opendocument.image-template		oti;
+application/vnd.oasis.opendocument.presentation			odp;
+application/vnd.oasis.opendocument.presentation-template	otp;
+application/vnd.oasis.opendocument.spreadsheet			ods;
+application/vnd.oasis.opendocument.spreadsheet-template		ots;
+application/vnd.oasis.opendocument.text				odt;
+application/vnd.oasis.opendocument.text-master			odm;
+application/vnd.oasis.opendocument.text-template		ott;
+application/vnd.oasis.opendocument.text-web			oth;
+application/vnd.olpc-sugar			xo;
+application/vnd.oma.dd2+xml			dd2;
+application/vnd.onepager			tam;
+application/vnd.onepagertamp			tamp;
+application/vnd.onepagertamx			tamx;
+application/vnd.onepagertat			tat;
+application/vnd.onepagertatp			tatp;
+application/vnd.onepagertatx			tatx;
+application/vnd.openblox.game+xml		obgx;
+application/vnd.openblox.game-binary		obg;
+application/vnd.openeye.oeb			oeb;
+application/vnd.openofficeorg.extension		oxt;
+application/vnd.openstreetmap.data+xml		osm;
+application/vnd.openxmlformats-officedocument.presentationml.presentation pptx;
+application/vnd.openxmlformats-officedocument.presentationml.slide	sldx;
+application/vnd.openxmlformats-officedocument.presentationml.slideshow	ppsx;
+application/vnd.openxmlformats-officedocument.presentationml.template	potx;
+application/vnd.openxmlformats-officedocument.spreadsheetml.sheet	xlsx;
+application/vnd.openxmlformats-officedocument.spreadsheetml.template	xltx;
+application/vnd.openxmlformats-officedocument.wordprocessingml.document	docx;
+application/vnd.openxmlformats-officedocument.wordprocessingml.template	dotx;
+application/vnd.osa.netdeploy			ndc;
+application/vnd.osgeo.mapguide.package		mgp;
+application/vnd.osgi.dp				dp;
+application/vnd.osgi.subsystem			esa;
+application/vnd.oxli.countgraph			oxlicg;
+application/vnd.palm				prc pdb pqa oprc;
+application/vnd.panoply				plp;
+application/vnd.patentdive			dive;
+application/vnd.pawaafile			paw;
+application/vnd.pg.format		    	str;
+application/vnd.pg.osasli			ei6;
+application/vnd.piaccess.application-license	pil;
+application/vnd.picsel				efif;
+application/vnd.pmi.widget			wg;
+application/vnd.pocketlearn			plf;
+application/vnd.powerbuilder6			pbd;
+application/vnd.preminet			preminet;
+application/vnd.previewsystems.box		box vbox;
+application/vnd.proteus.magazine		mgz;
+application/vnd.psfs				psfs;
+application/vnd.publishare-delta-tree		qps;
+application/vnd.pvi.ptid1			ptid;
+application/vnd.qualcomm.brew-app-res		bar;
+application/vnd.Quark.QuarkXPress		qxd qxt qwd qwt qxl qxb;
+application/vnd.quobject-quoxdocument		quox quiz;
+application/vnd.rainstor.data			tree;
+application/vnd.rar				rar;
+application/vnd.realvnc.bed			bed;
+application/vnd.recordare.musicxml		mxl;
+application/vnd.rig.cryptonote			cryptonote;
+application/vnd.route66.link66+xml		link66;
+application/vnd.sailingtracker.track		st;
+application/vnd.sar				SAR;
+application/vnd.scribus				scd sla slaz;
+application/vnd.sealed.3df			s3df;
+application/vnd.sealed.csf			scsf;
+application/vnd.sealed.doc			sdoc sdo s1w;
+application/vnd.sealed.eml			seml sem;
+application/vnd.sealed.mht			smht smh;
+application/vnd.sealed.ppt			sppt s1p;
+application/vnd.sealed.tiff			stif;
+application/vnd.sealed.xls			sxls sxl s1e;
+application/vnd.sealedmedia.softseal.html	stml s1h;
+application/vnd.sealedmedia.softseal.pdf	spdf spd s1a;
+application/vnd.seemail				see;
+application/vnd.sema				sema;
+application/vnd.semd				semd;
+application/vnd.semf				semf;
+application/vnd.shade-save-file			ssv;
+application/vnd.shana.informed.formdata		ifm;
+application/vnd.shana.informed.formtemplate	itp;
+application/vnd.shana.informed.interchange	iif;
+application/vnd.shana.informed.package		ipk;
+application/vnd.shp				shp;
+application/vnd.shx				shx;
+application/vnd.sigrok.session			sr;
+application/vnd.SimTech-MindMapper		twd twds;
+application/vnd.smaf				mmf;
+application/vnd.smart.notebook			notebook;
+application/vnd.smart.teacher			teacher;
+application/vnd.snesdev-page-table		ptrom pt;
+application/vnd.software602.filler.form+xml	fo;
+application/vnd.software602.filler.form-xml-zip	zfo;
+application/vnd.solent.sdkm+xml			sdkm sdkd;
+application/vnd.spotfire.dxp			dxp;
+application/vnd.spotfire.sfs			sfs;
+application/vnd.sqlite3				sqlite sqlite3;
+application/vnd.stepmania.package		smzip;
+application/vnd.stepmania.stepchart		sm;
+application/vnd.sun.wadl+xml			wadl;
+application/vnd.sus-calendar			sus susp;
+application/vnd.syncml+xml			xsm;
+application/vnd.syncml.dm+wbxml			bdm;
+application/vnd.syncml.dm+xml			xdm;
+application/vnd.syncml.dmddf+xml		ddf;
+application/vnd.tao.intent-module-archive	tao;
+application/vnd.tcpdump.pcap			pcap cap dmp;
+application/vnd.theqvd				qvd;
+application/vnd.think-cell.ppttc+json		ppttc;
+application/vnd.tml				vfr viaframe;
+application/vnd.tmobile-livetv			tmo;
+application/vnd.trid.tpt			tpt;
+application/vnd.triscape.mxs			mxs;
+application/vnd.trueapp				tra;
+application/vnd.ufdl				ufdl ufd frm;
+application/vnd.uiq.theme			utz;
+application/vnd.umajin				umj;
+application/vnd.unity				unityweb;
+application/vnd.uoml+xml			uoml uo;
+application/vnd.uri-map				urim urimap;
+application/vnd.valve.source.material		vmt;
+application/vnd.vcx				vcx;
+application/vnd.vd-study			mxi study-inter model-inter;
+application/vnd.vectorworks			vwx;
+application/vnd.veryant.thin			istc isws;
+application/vnd.ves.encrypted			VES;
+application/vnd.vidsoft.vidconference		vsc;
+application/vnd.visio				vsd vst vsw vss;
+application/vnd.visionary			vis;
+application/vnd.vsf				vsf;
+application/vnd.wap.sic				sic;
+application/vnd.wap.slc				slc;
+application/vnd.wap.wbxml			wbxml;
+application/vnd.wap.wmlc			wmlc;
+application/vnd.wap.wmlscriptc			wmlsc;
+application/vnd.webturbo			wtb;
+application/vnd.wfa.p2p				p2p;
+application/vnd.wfa.wsc				wsc;
+application/vnd.wmc				wmc;
+application/vnd.wolfram.mathematica.package	m;
+application/vnd.wolfram.player			nbp;
+application/vnd.wordperfect			wpd;
+application/vnd.wqd				wqd;
+application/vnd.wt.stf				stf;
+application/vnd.wv.csp+wbxml			wv;
+application/vnd.xara				xar;
+application/vnd.xfdl				xfdl xfd;
+application/vnd.xmpie.cpkg			cpkg;
+application/vnd.xmpie.dpkg			dpkg;
+application/vnd.xmpie.ppkg			ppkg;
+application/vnd.xmpie.xlim			xlim;
+application/vnd.yamaha.hv-dic			hvd;
+application/vnd.yamaha.hv-script		hvs;
+application/vnd.yamaha.hv-voice			hvp;
+application/vnd.yamaha.openscoreformat		osf;
+application/vnd.yamaha.smaf-audio		saf;
+application/vnd.yamaha.smaf-phrase		spf;
+application/vnd.yaoweme				yme;
+application/vnd.yellowriver-custom-menu		cmp;
+application/vnd.zul				zir zirz;
+application/vnd.zzazz.deck+xml			zaz;
+application/voicexml+xml			vxml;
+application/voucher-cms+json			vcj;
+application/watcherinfo+xml			wif;
+application/widget				wgt;
+application/wsdl+xml				wsdl;
+application/wspolicy+xml			wspolicy;
+application/xcap-att+xml			xav;
+application/xcap-caps+xml			xca;
+application/xcap-diff+xml			xdf;
+application/xcap-el+xml				xel;
+application/xcap-error+xml			xer;
+application/xcap-ns+xml				xns;
+application/xhtml+xml				xhtml xhtm xht;
+application/xliff+xml				xlf;
+application/xml-dtd				dtd;
+application/xop+xml				xop;
+application/xslt+xml				xsl xslt;
+application/xv+xml				mxml xhvml xvml xvm;
+application/yang				yang;
+application/yin+xml				yin;
+application/zip					zip;
+application/zstd				zst;
+audio/32kadpcm					726;
+audio/aac					adts aac ass;
+audio/ac3					ac3;
+audio/AMR					amr;
+audio/AMR-WB					awb;
+audio/asc					acn;
+audio/ATRAC-ADVANCED-LOSSLESS			aal;
+audio/ATRAC-X					atx;
+audio/ATRAC3					at3 aa3 omg;
+audio/basic					au snd;
+audio/dls					dls;
+audio/EVRC					evc;
+audio/EVRCB					evb;
+audio/EVRCNW					enw;
+audio/EVRCWB					evw;
+audio/iLBC					lbc;
+audio/L16					l16;
+audio/mhas					mhas;
+audio/mobile-xmf				mxmf;
+audio/mp4					m4a;
+audio/mpeg					mp3 mpga mp1 mp2;
+audio/ogg					oga ogg opus spx;
+audio/prs.sid					sid psid;
+audio/qcelp					qcp;
+audio/SMV					smv;
+audio/usac					loas xhe;
+audio/vnd.audikoz				koz;
+audio/vnd.dece.audio				uva uvva;
+audio/vnd.digital-winds				eol;
+audio/vnd.dolby.mlp				mlp;
+audio/vnd.dts					dts;
+audio/vnd.dts.hd				dtshd;
+audio/vnd.everad.plj				plj;
+audio/vnd.lucent.voice				lvp;
+audio/vnd.ms-playready.media.pya		pya;
+audio/vnd.nortel.vbk				vbk;
+audio/vnd.nuera.ecelp4800			ecelp4800;
+audio/vnd.nuera.ecelp7470			ecelp7470;
+audio/vnd.nuera.ecelp9600			ecelp9600;
+audio/vnd.presonus.multitrack			multitrack;
+audio/vnd.rip					rip;
+audio/vnd.sealedmedia.softseal.mpeg		smp3 smp s1m;
+font/collection					ttc;
+font/otf					otf;
+font/ttf					ttf;
+font/woff					woff;
+font/woff2					woff2;
+image/aces					exr;
+image/avci					avci;
+image/avcs					avcs;
+image/bmp					bmp dib;
+image/cgm					cgm;
+image/dicom-rle					drle;
+image/emf					emf;
+image/fits					fits fit fts;
+image/heic					heic;
+image/heic-sequence				heics;
+image/heif					heif;
+image/heif-sequence				heifs;
+image/hej2k					hej2;
+image/hsj2					hsj2;
+image/gif					gif;
+image/ief					ief;
+image/jls					jls;
+image/jp2					jp2 jpg2;
+image/jph					jph;
+image/jphc					jhc;
+image/jpeg					jpg jpeg jpe jfif;
+image/jpm					jpm jpgm;
+image/jpx					jpx jpf;
+image/jxr					jxr;
+image/jxrA					jxra;
+image/jxrS					jxrs;
+image/jxs					jxs;
+image/jxsc					jxsc;
+image/jxsi					jxsi;
+image/jxss					jxss;
+image/ktx					ktx;
+image/png					png;
+image/prs.btif					btif btf;
+image/prs.pti					pti;
+image/svg+xml					svg svgz;
+image/t38					t38;
+image/tiff					tiff tif;
+image/tiff-fx					tfx;
+image/vnd.adobe.photoshop			psd;
+image/vnd.airzip.accelerator.azv		azv;
+image/vnd.dece.graphic				uvi uvvi uvg uvvg;
+image/vnd.djvu					djvu djv;
+image/vnd.dwg					dwg;
+image/vnd.dxf					dxf;
+image/vnd.fastbidsheet				fbs;
+image/vnd.fpx					fpx;
+image/vnd.fst					fst;
+image/vnd.fujixerox.edmics-mmr			mmr;
+image/vnd.fujixerox.edmics-rlc			rlc;
+image/vnd.globalgraphics.pgb			pgb;
+image/vnd.microsoft.icon			ico;
+image/vnd.mozilla.apng				apng;
+image/vnd.ms-modi				mdi;
+image/vnd.radiance				hdr rgbe xyze;
+image/vnd.sealed.png				spng spn s1n;
+image/vnd.sealedmedia.softseal.gif		sgif sgi s1g;
+image/vnd.sealedmedia.softseal.jpg		sjpg sjp s1j;
+image/vnd.tencent.tap				tap;
+image/vnd.valve.source.texture			vtf;
+image/vnd.wap.wbmp				wbmp;
+image/vnd.xiff					xif;
+image/vnd.zbrush.pcx				pcx;
+image/wmf					wmf;
+message/global					u8msg;
+message/global-delivery-status			u8dsn;
+message/global-disposition-notification		u8mdn;
+message/global-headers				u8hdr;
+message/rfc822					eml mail art;
+model/gltf-binary				glb;
+model/gltf+json					gltf;
+model/iges					igs iges;
+model/mesh					msh mesh silo;
+model/mtl					mtl;
+model/obj					obj;
+model/stl					stl;
+model/vnd.collada+xml				dae;
+model/vnd.dwf					dwf;
+model/vnd.gdl					gdl gsm win dor lmp rsm msm ism;
+model/vnd.gtw					gtw;
+model/vnd.moml+xml				moml;
+model/vnd.mts					mts;
+model/vnd.opengex				ogex;
+model/vnd.parasolid.transmit.binary		x_b xmt_bin;
+model/vnd.parasolid.transmit.text		x_t xmt_txt;
+model/vnd.usdz+zip				usdz;
+model/vnd.valve.source.compiled-map		bsp;
+model/vnd.vtu					vtu;
+model/vrml					wrl vrml;
+model/x3d+xml					x3db;
+model/x3d-vrml					x3dv x3dvz;
+multipart/vnd.bint.med-plus			bmed;
+multipart/voice-message				vpm;
+text/cache-manifest				appcache manifest;
+text/calendar					ics ifb;
+text/css					css;
+text/csv					csv;
+text/csv-schema					csvs;
+text/dns					soa zone;
+text/html					html htm;
+text/jcr-cnd					cnd;
+text/markdown					markdown md;
+text/mizar					miz;
+text/n3						n3;
+text/plain		txt asc text pm el c h cc hh cxx hxx f90 conf log;
+text/provenance-notation			provn;
+text/prs.fallenstein.rst			rst;
+text/prs.lines.tag				tag dsc;
+text/richtext					rtx;
+text/sgml					sgml sgm;
+text/tab-separated-values			tsv;
+text/troff					t tr roff;
+text/turtle					ttl;
+text/uri-list					uris uri;
+text/vcard					vcf vcard;
+text/vnd.a					a;
+text/vnd.abc					abc;
+text/vnd.ascii-art				ascii;
+text/vnd.debian.copyright			copyright;
+text/vnd.DMClientScript				dms;
+text/vnd.dvb.subtitle				sub;
+text/vnd.esmertec.theme-descriptor		jtd;
+text/vnd.ficlab.flt				flt;
+text/vnd.fly					fly;
+text/vnd.fmi.flexstor				flx;
+text/vnd.graphviz				gv dot;
+text/vnd.hgl					hgl;
+text/vnd.in3d.3dml				3dml 3dm;
+text/vnd.in3d.spot				spot spo;
+text/vnd.ms-mediapackage			mpf;
+text/vnd.net2phone.commcenter.command		ccc;
+text/vnd.senx.warpscript			mc2;
+text/vnd.si.uricatalogue			uric;
+text/vnd.sun.j2me.app-descriptor		jad;
+text/vnd.sosi					sos;
+text/vnd.trolltech.linguist			ts;
+text/vnd.wap.si					si;
+text/vnd.wap.sl					sl;
+text/vnd.wap.wml				wml;
+text/vnd.wap.wmlscript				wmls;
+text/vtt					vtt;
+text/xml					xml xsd rng;
+text/xml-external-parsed-entity			ent;
+video/3gpp					3gp 3gpp;
+video/3gpp2					3g2 3gpp2;
+video/iso.segment				m4s;
+video/mj2					mj2 mjp2;
+video/mp4					mp4 mpg4 m4v;
+video/mpeg					mpeg mpg mpe m1v m2v;
+video/ogg					ogv;
+video/quicktime					mov qt;
+video/vnd.dece.hd				uvh uvvh;
+video/vnd.dece.mobile				uvm uvvm;
+video/vnd.dece.mp4				uvu uvvu;
+video/vnd.dece.pd				uvp uvvp;
+video/vnd.dece.sd				uvs uvvs;
+video/vnd.dece.video				uvv uvvv;
+video/vnd.dvb.file				dvb;
+video/vnd.fvt					fvt;
+video/vnd.mpegurl				mxu m4u;
+video/vnd.ms-playready.media.pyv		pyv;
+video/vnd.nokia.interleaved-multimedia		nim;
+video/vnd.radgamettools.bink			bik bk2;
+video/vnd.radgamettools.smacker			smk;
+video/vnd.sealed.mpeg1				smpg s11;
+video/vnd.sealed.mpeg4				s14;
+video/vnd.sealed.swf				sswf ssw;
+video/vnd.sealedmedia.softseal.mov		smov smo s1q;
+video/vnd.youtube.yt				yt;
+video/vnd.vivo					viv;
+application/mac-compactpro			cpt;
+application/metalink+xml			metalink;
+application/owl+xml				owx;
+application/rss+xml				rss;
+application/vnd.android.package-archive		apk;
+application/vnd.oma.dd+xml			dd;
+application/vnd.oma.drm.content			dcf;
+application/vnd.oma.drm.dcf			o4a o4v;
+application/vnd.oma.drm.message			dm;
+application/vnd.oma.drm.rights+wbxml		drc;
+application/vnd.oma.drm.rights+xml		dr;
+application/vnd.sun.xml.calc			sxc;
+application/vnd.sun.xml.calc.template		stc;
+application/vnd.sun.xml.draw			sxd;
+application/vnd.sun.xml.draw.template		std;
+application/vnd.sun.xml.impress			sxi;
+application/vnd.sun.xml.impress.template	sti;
+application/vnd.sun.xml.math			sxm;
+application/vnd.sun.xml.writer			sxw;
+application/vnd.sun.xml.writer.global		sxg;
+application/vnd.sun.xml.writer.template		stw;
+application/vnd.symbian.install			sis;
+application/vnd.wap.mms-message			mms;
+application/x-annodex				anx;
+application/x-bcpio				bcpio;
+application/x-bittorrent			torrent;
+application/x-bzip2				bz2;
+application/x-cdlink				vcd;
+application/x-chrome-extension			crx;
+application/x-cpio				cpio;
+application/x-csh				csh;
+application/x-director				dcr dir dxr;
+application/x-dvi				dvi;
+application/x-futuresplash			spl;
+application/x-gtar				gtar;
+application/x-hdf				hdf;
+application/x-java-archive			jar;
+application/x-java-jnlp-file			jnlp;
+application/x-java-pack200			pack;
+application/x-killustrator			kil;
+application/x-latex				latex;
+application/x-netcdf				nc cdf;
+application/x-perl				pl;
+application/x-rpm				rpm;
+application/x-sh				sh;
+application/x-shar				shar;
+application/x-stuffit				sit;
+application/x-sv4cpio				sv4cpio;
+application/x-sv4crc				sv4crc;
+application/x-tar				tar;
+application/x-tcl				tcl;
+application/x-tex				tex;
+application/x-texinfo				texinfo texi;
+application/x-troff-man				man 1 2 3 4 5 6 7 8;
+application/x-troff-me				me;
+application/x-troff-ms				ms;
+application/x-ustar				ustar;
+application/x-wais-source			src;
+application/x-xpinstall				xpi;
+application/x-xspf+xml				xspf;
+application/x-xz				xz;
+audio/midi					mid midi kar;
+audio/x-aiff					aif aiff aifc;
+audio/x-annodex					axa;
+audio/x-flac					flac;
+audio/x-matroska				mka;
+audio/x-mod					mod ult uni m15 mtm 669 med;
+audio/x-mpegurl					m3u;
+audio/x-ms-wax					wax;
+audio/x-ms-wma					wma;
+audio/x-pn-realaudio				ram rm;
+audio/x-realaudio				ra;
+audio/x-s3m					s3m;
+audio/x-stm					stm;
+audio/x-wav					wav;
+chemical/x-xyz					xyz;
+image/webp					webp;
+image/x-cmu-raster				ras;
+image/x-portable-anymap				pnm;
+image/x-portable-bitmap				pbm;
+image/x-portable-graymap			pgm;
+image/x-portable-pixmap				ppm;
+image/x-rgb					rgb;
+image/x-targa					tga;
+image/x-xbitmap					xbm;
+image/x-xpixmap					xpm;
+image/x-xwindowdump				xwd;
+text/html-sandboxed				sandboxed;
+text/x-pod					pod;
+text/x-setext					etx;
+video/webm					webm;
+video/x-annodex					axv;
+video/x-flv					flv;
+video/x-javafx					fxm;
+video/x-matroska				mkv;
+video/x-matroska-3d				mk3d;
+video/x-ms-asf					asx;
+video/x-ms-wm					wm;
+video/x-ms-wmv					wmv;
+video/x-ms-wmx					wmx;
+video/x-ms-wvx					wvx;
+video/x-msvideo					avi;
+video/x-sgi-movie				movie;
+x-conference/x-cooltalk				ice;
+x-epoc/x-sisx-app				sisx;
+}
diff --git a/mkosi.extra/etc/nginx/inc/niver.conf b/mkosi.extra/etc/nginx/inc/niver.conf
new file mode 100644
index 0000000..5dfbfd8
--- /dev/null
+++ b/mkosi.extra/etc/nginx/inc/niver.conf
@@ -0,0 +1,5 @@
+more_set_headers "Content-Security-Policy : default-src 'self'; object-src 'none'; frame-ancestors 'none'; form-action 'none';";
+
+default_type text/plain;
+
+include inc/tls.conf; 
diff --git a/mkosi.extra/etc/nginx/inc/security.conf b/mkosi.extra/etc/nginx/inc/security.conf
new file mode 100644
index 0000000..f42f6e0
--- /dev/null
+++ b/mkosi.extra/etc/nginx/inc/security.conf
@@ -0,0 +1,16 @@
+more_set_headers "X-Content-Type-Options : nosniff";
+#more_set_headers "X-XSS-Protection : 1; mode=block";
+#more_set_headers "X-Download-Options : noopen";
+#more_set_headers "X-Permitted-Cross-Domain-Policies : none";
+#more_set_headers "X-Frame-Options : DENY";
+more_set_headers "Referrer-Policy : no-referrer";
+more_set_headers "Strict-Transport-Security : max-age=94608000; includeSubDomains; preload";
+more_clear_headers Server;
+
+ssl_prefer_server_ciphers off;
+
+ssl_session_timeout 1d;
+ssl_session_cache shared:SSL:50m;
+ssl_session_tickets off;
+
+ssl_early_data off;
diff --git a/mkosi.extra/etc/nginx/inc/tls-inter.conf b/mkosi.extra/etc/nginx/inc/tls-inter.conf
new file mode 100644
index 0000000..6dabbb4
--- /dev/null
+++ b/mkosi.extra/etc/nginx/inc/tls-inter.conf
@@ -0,0 +1,5 @@
+ssl_protocols TLSv1.2 TLSv1.3;
+ssl_ciphers ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384;
+ssl_ecdh_curve X25519:X448;
+
+include inc/security.conf;
diff --git a/mkosi.extra/etc/nginx/inc/tls-laxist.conf b/mkosi.extra/etc/nginx/inc/tls-laxist.conf
new file mode 100644
index 0000000..2d78429
--- /dev/null
+++ b/mkosi.extra/etc/nginx/inc/tls-laxist.conf
@@ -0,0 +1,6 @@
+ssl_protocols TLSv1.2 TLSv1.3;
+ssl_ciphers ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-CCM8:DHE-RSA-AES256-CCM8:DHE-RSA-AES128-CCM:DHE-RSA-AES256-CCM;
+ssl_ecdh_curve X25519:X448:secp521r1:secp384r1:prime256v1;
+ssl_dhparam inc/ffdhe3072.pem;
+
+include inc/security.conf;
diff --git a/mkosi.extra/etc/nginx/inc/tls-strict.conf b/mkosi.extra/etc/nginx/inc/tls-strict.conf
new file mode 100644
index 0000000..0490557
--- /dev/null
+++ b/mkosi.extra/etc/nginx/inc/tls-strict.conf
@@ -0,0 +1,4 @@
+ssl_protocols TLSv1.3;
+ssl_ecdh_curve X25519:X448;
+
+include inc/security.conf;
diff --git a/mkosi.extra/etc/nginx/inc/tls.conf b/mkosi.extra/etc/nginx/inc/tls.conf
new file mode 100644
index 0000000..0490557
--- /dev/null
+++ b/mkosi.extra/etc/nginx/inc/tls.conf
@@ -0,0 +1,4 @@
+ssl_protocols TLSv1.3;
+ssl_ecdh_curve X25519:X448;
+
+include inc/security.conf;
diff --git a/mkosi.extra/etc/nginx/inc/types.conf b/mkosi.extra/etc/nginx/inc/types.conf
new file mode 100644
index 0000000..b349cc8
--- /dev/null
+++ b/mkosi.extra/etc/nginx/inc/types.conf
@@ -0,0 +1,84 @@
+types {
+	text/plain               txt;
+	application/octet-stream bin;
+
+	# Hypertext
+	text/gemini     gmi;
+	text/markdown   md;
+	text/html       html;
+
+	# Misc
+	text/css                 css;
+	text/javascript          js;
+	text/csv                 csv;
+	text/calendar            ics ifb;
+	text/vtt                 vtt;
+	text/dns                 zone soa;
+	application/mbox         mbox;
+	application/x-bittorrent torrent;
+
+	# Compressed
+	application/gzip     gz;
+	application/zip      zip;
+	application/epub+zip epub;
+	application/pdf      pdf;
+
+	# JSON
+	application/json          json;
+	application/ld+json       jsonld;
+	application/manifest+json webmanifest;
+
+	# XML
+	application/xml           xml;
+	application/xhtml+xml     xhtml;
+	application/atom+xml      atom;
+	application/atomcat+xml   atomcat;
+	application/atomsvc+xml   atomsvc;
+	application/rss+xml       rss;
+	application/mathml+xml    mml;
+	application/emotionml+xml emotionml;
+
+	# OpenDocument
+	application/vnd.oasis.opendocument.chart                 odc;
+	application/vnd.oasis.opendocument.chart-template        otc;
+	application/vnd.oasis.opendocument.database              odb;
+	application/vnd.oasis.opendocument.formula               odf;
+	application/vnd.oasis.opendocument.formula-template      otf;
+	application/vnd.oasis.opendocument.graphics              odg;
+	application/vnd.oasis.opendocument.graphics-template     otg;
+	application/vnd.oasis.opendocument.image                 odi;
+	application/vnd.oasis.opendocument.image-template        oti;
+	application/vnd.oasis.opendocument.presentation          odp;
+	application/vnd.oasis.opendocument.presentation-template otp;
+	application/vnd.oasis.opendocument.spreadsheet           ods;
+	application/vnd.oasis.opendocument.spreadsheet-template  ots;
+	application/vnd.oasis.opendocument.text                  odt;
+	application/vnd.oasis.opendocument.text-master           odm;
+	application/vnd.oasis.opendocument.text-template         ott;
+	application/vnd.oasis.opendocument.text-web              oth;
+
+	# Font
+	font/woff  woff;
+	font/woff2 woff2;
+
+	# Image
+	image/png        png;
+	image/gif        gif;
+	image/jpeg       jpeg jpg;
+	image/svg+xml    svg svgz;
+	image/webp       webp;
+	image/avif       avif;
+	image/openraster ora;
+
+	# Audio
+	audio/opus               opus;
+	audio/ogg                ogg oga spx;
+	audio/mpeg               mp3;
+	audio/webm               weba;
+	audio/flac               flac;
+
+	# Video
+	video/ogg                ogv;
+	video/webm               webm;
+	video/mp4                mp4;
+}
diff --git a/mkosi.extra/etc/nginx/nginx.conf b/mkosi.extra/etc/nginx/nginx.conf
new file mode 100644
index 0000000..6acef57
--- /dev/null
+++ b/mkosi.extra/etc/nginx/nginx.conf
@@ -0,0 +1,42 @@
+load_module "/usr/lib/nginx/modules/ngx_http_headers_more_filter_module.so";
+worker_processes auto;
+user nginx nginx;
+
+events {
+	worker_connections 1024;
+}
+
+http {
+	types_hash_bucket_size 128; # Default: 64
+	types_hash_max_size 1024; # Default: 1024
+	server_names_hash_bucket_size 128;
+
+	# Performance optimisation
+	sendfile on;
+	tcp_nopush on;
+
+	# Correct Content-Type header
+	charset utf-8;
+	default_type text/plain;
+	include inc/types.conf;
+
+	# Serve file.gz instead of file if available
+	gzip_static on;
+
+	# Logging
+	log_format niver '|$time_local| [$remote_addr]@$server_name {$ssl_protocol $ssl_cipher} "$request" $status $body_bytes_sent "$http_user_agent"';
+	access_log /var/log/nginx/access.log niver;
+	error_log /var/log/nginx/error.log notice;
+
+	# Possible security threats
+	server_tokens off;
+	etag off;
+	autoindex off;
+	gzip off;
+
+	# Include other configuration
+	include sites/*.conf;
+	include ht/*.conf;
+	include default-server.conf;
+	include http.conf;
+}
diff --git a/mkosi.extra/etc/nginx/sites/niver.test.conf b/mkosi.extra/etc/nginx/sites/niver.test.conf
new file mode 100644
index 0000000..3e8fcc0
--- /dev/null
+++ b/mkosi.extra/etc/nginx/sites/niver.test.conf
@@ -0,0 +1,38 @@
+server {
+	listen [::1]:42443 ssl http2;
+	listen 127.0.0.1:42443 ssl http2;
+	server_name niver.test;
+
+	root /srv/php/niver/public;
+	index index.php index.html index.htm;
+	try_files $uri $uri/ @extensionless-php;
+
+	include inc/tls.conf;
+	include inc/errors.conf;
+
+	more_set_headers "Referrer-Policy : same-origin";
+	more_set_headers "Content-Security-Policy : default-src 'none'; style-src 'self'; frame-ancestors 'none'; form-action 'self';";
+
+	location ~ ^/iquane/(db|less|lessphp|inc|niver.log) {
+		return 403;
+	}
+
+	location ~ \.inc.php$ {
+		return 403;
+	}
+
+	location ~ \.php$ {
+		fastcgi_split_path_info ^(.+\.php)(/.+)$;
+		fastcgi_pass unix:/run/php-fpm/niver.sock;
+		#fastcgi_index index.php;
+		include inc/fastcgi.conf;
+		try_files $uri =404;
+	}
+
+	location @extensionless-php {
+		rewrite ^(.*)$ $1.php last;
+	}
+
+	ssl_certificate /etc/ssl/certs/niver.crt;
+	ssl_certificate_key /etc/ssl/private/niver.key;
+}
diff --git a/mkosi.extra/etc/php/php-fpm.d/errors.conf b/mkosi.extra/etc/php/php-fpm.d/errors.conf
new file mode 100644
index 0000000..b4db645
--- /dev/null
+++ b/mkosi.extra/etc/php/php-fpm.d/errors.conf
@@ -0,0 +1,27 @@
+[errors]
+
+user = php-$pool
+group = php-$pool
+
+listen = /run/php-fpm/$pool.sock
+
+listen.owner = nginx
+listen.group = nginx
+
+pm = dynamic
+pm.max_children = 5
+pm.start_servers = 2
+pm.min_spare_servers = 1
+pm.max_spare_servers = 3
+
+access.log = /var/log/php/$pool-access.log
+
+;chroot = /srv/php/errors
+chdir = /srv/php/errors
+
+catch_workers_output = yes
+decorate_workers_output = yes
+
+clear_env = yes
+
+security.limit_extensions = .php
diff --git a/mkosi.extra/etc/php/php-fpm.d/niver.conf b/mkosi.extra/etc/php/php-fpm.d/niver.conf
new file mode 100644
index 0000000..77e98cc
--- /dev/null
+++ b/mkosi.extra/etc/php/php-fpm.d/niver.conf
@@ -0,0 +1,26 @@
+[niver]
+
+user = php-$pool
+group = knot
+
+listen = /run/php-fpm/$pool.sock
+
+listen.owner = nginx
+listen.group = nginx
+
+pm = dynamic
+pm.max_children = 5
+pm.start_servers = 2
+pm.min_spare_servers = 1
+pm.max_spare_servers = 3
+
+access.log = /var/log/php/$pool-access.log
+
+chdir = /srv/php/$pool
+
+catch_workers_output = yes
+decorate_workers_output = yes
+
+clear_env = yes
+
+security.limit_extensions = .php
diff --git a/mkosi.extra/etc/ssh/sshd_config b/mkosi.extra/etc/ssh/sshd_config
new file mode 100644
index 0000000..80438ae
--- /dev/null
+++ b/mkosi.extra/etc/ssh/sshd_config
@@ -0,0 +1,61 @@
+LogLevel INFO
+AllowUsers root
+Subsystem sftp internal-sftp
+UsePAM yes
+
+# Network
+
+AddressFamily any
+ListenAddress [::]
+ListenAddress 0.0.0.0
+Port 42022
+
+# Cryptography
+
+HostKey /etc/ssh/ed25519
+
+Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com
+HostKeyAlgorithms ssh-ed25519
+KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org
+MACs hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-128-etm@openssh.com
+
+# Sessions
+
+PermitRootLogin prohibit-password
+StrictModes yes
+MaxAuthTries 6
+MaxSessions 1
+MaxStartups 3:20:200
+LoginGraceTime 3m
+PrintMotd yes
+
+# Disable everything
+
+PermitTTY no
+PermitTunnel no
+
+AllowTcpForwarding no
+X11Forwarding no
+AllowAgentForwarding no
+AllowStreamLocalForwarding no
+DisableForwarding yes # Disables all forwarding features, including X11, ssh-agent(1), TCP and StreamLocal.
+
+PermitUserRC no
+PermitUserEnvironment no
+IgnoreRhosts yes
+AuthorizedKeysFile none
+
+AuthenticationMethods none
+PubkeyAuthentication no
+PasswordAuthentication no
+KbdInteractiveAuthentication no
+PermitEmptyPasswords no
+ChallengeResponseAuthentication no
+
+# Enable what is necessary
+
+Match User root
+	PermitTTY yes
+	PubkeyAuthentication yes
+	AuthenticationMethods publickey
+	AuthorizedKeysFile .ssh/authorized_keys
diff --git a/mkosi.nspawn b/mkosi.nspawn
new file mode 100644
index 0000000..5eb3cc5
--- /dev/null
+++ b/mkosi.nspawn
@@ -0,0 +1,3 @@
+[Network]
+Private=no
+VirtualEthernet=no
diff --git a/mkosi.postinst b/mkosi.postinst
new file mode 100755
index 0000000..8bb18fa
--- /dev/null
+++ b/mkosi.postinst
@@ -0,0 +1,10 @@
+#!/usr/bin/bash
+
+source /etc/os-release
+
+if [[ $ID = "arch" ]]; then
+	systemctl enable sshd
+	systemctl enable knot
+	systemctl enable nginx
+	systemctl enable php-fpm
+fi
diff --git a/mkosi.prepare b/mkosi.prepare
new file mode 100755
index 0000000..1303282
--- /dev/null
+++ b/mkosi.prepare
@@ -0,0 +1,51 @@
+#!/usr/bin/bash
+
+# Clean configuration directories (will be filled with mkosi.extra/)
+rm -r /etc/nginx/*
+rm -r /etc/ssh/*
+source /etc/os-release
+if [[ $ID = "debian" ]]; then
+	rm -r /etc/php/7.4/fpm/pool.d/*
+fi
+
+# Create system users
+useradd -U -r -s /usr/sbin/nologin nginx
+useradd -U -r -s /usr/sbin/nologin php-niver
+useradd -U -r -s /usr/sbin/nologin php-errors
+useradd -U -r -s /usr/sbin/nologin sftpgo
+
+# Set proper permissions
+
+chown -R knot:knot /var/log/knot
+chmod -R 700 /var/log/knot
+
+chown -R knot:php-niver /srv/ns
+chmod -R 770 /srv/ns
+
+chown -R php-niver:nginx /srv/ht
+chmod -R 740 /srv/ht
+
+chown -R php-niver:nginx /srv/php/niver/public/css/
+chmod -R 750 /srv/php/niver/public/css/
+
+chown -R php-niver:php-niver /srv/php/niver/db
+chmod -R 700 /srv/php/niver/db
+
+chown -R php-niver:php-niver /srv/php/niver/niver.log
+chmod -R 600 /srv/php/niver/niver.log
+
+# Load configuration in Knot database
+systemctl stop knot
+sudo -u knot knotc conf-import /etc/knot/knot.conf
+systemctl start knot
+
+# Generate default self-signed TLS key pair
+openssl req -subj '/' -new -newkey RSA:3072 -days 3650 -nodes -x509 -keyout /etc/ssl/private/niver.key -out /etc/ssl/certs/niver.crt
+
+# Generate SSH server key pair
+ssh-keygen -f /etc/ssh/ed25519 -t ed25519 -N ""
+ssh-keygen -lvf /etc/ssh/ed25519 > /etc/ssh/ed25519.fp
+
+# Configure PHP-FPM properly
+echo "display_errors = On" >> /etc/php/php.ini
+echo "extension = pdo_sqlite" >> /etc/php/php.ini
diff --git a/mkosi.skeleton/etc/apt/sources.list b/mkosi.skeleton/etc/apt/sources.list
new file mode 100644
index 0000000..da07084
--- /dev/null
+++ b/mkosi.skeleton/etc/apt/sources.list
@@ -0,0 +1,3 @@
+deb tor+http://2s4yqjx5ul6okpp3f2gaunr2syex5jgbfpfvhxxbbjwnrsvbk5v3qbid.onion/debian bullseye main
+deb tor+http://2s4yqjx5ul6okpp3f2gaunr2syex5jgbfpfvhxxbbjwnrsvbk5v3qbid.onion/debian bullseye-backports main
+deb tor+http://5ajw6aqf3ep7sijnscdzw77t7xq4xjpsy335yb2wiwgouo7yfxtjlmid.onion/debian-security bullseye-security main
diff --git a/mkosi.skeleton/etc/pacman.d/mirrorlist b/mkosi.skeleton/etc/pacman.d/mirrorlist
new file mode 100644
index 0000000..a8e0ad0
--- /dev/null
+++ b/mkosi.skeleton/etc/pacman.d/mirrorlist
@@ -0,0 +1,3 @@
+Server = https://mirror.ibakerserver.pt/Arch/$repo/os/$arch
+Server = https://arch.juline.tech/$repo/os/$arch
+Server = https://mirror.theo546.fr/archlinux/$repo/os/$arch
diff --git a/mkosi.skeleton/etc/resolv.conf b/mkosi.skeleton/etc/resolv.conf
new file mode 100644
index 0000000..5c089d6
--- /dev/null
+++ b/mkosi.skeleton/etc/resolv.conf
@@ -0,0 +1 @@
+nameserver 127.0.0.53
diff --git a/mkosi.skeleton/etc/systemd/resolved.conf.d/fdn.conf b/mkosi.skeleton/etc/systemd/resolved.conf.d/fdn.conf
new file mode 100644
index 0000000..655bea3
--- /dev/null
+++ b/mkosi.skeleton/etc/systemd/resolved.conf.d/fdn.conf
@@ -0,0 +1,6 @@
+[Resolve]
+# https://www.fdn.fr/actions/dns/
+DNS=2001:910:800::40 2001:910:800::12 80.67.169.40 80.67.169.12
+FallbackDNS=
+DNSSEC=yes
+Cache=yes
diff --git a/mkosi.skeleton/etc/systemd/system/sftpgo.service b/mkosi.skeleton/etc/systemd/system/sftpgo.service
new file mode 100644
index 0000000..7d9c6eb
--- /dev/null
+++ b/mkosi.skeleton/etc/systemd/system/sftpgo.service
@@ -0,0 +1,27 @@
+[Unit]
+Description=SFTPGo Server
+After=network.target
+
+[Service]
+User=sftpgo
+Group=sftpgo
+Type=simple
+WorkingDirectory=/etc/sftpgo
+Environment=SFTPGO_CONFIG_DIR=/etc/sftpgo/
+Environment=SFTPGO_LOG_FILE_PATH=
+EnvironmentFile=-/etc/sftpgo/sftpgo.env
+ExecStart=/usr/local/bin/sftpgo serve
+ExecReload=/bin/kill -s HUP $MAINPID
+LimitNOFILE=8192
+KillMode=mixed
+PrivateTmp=true
+Restart=always
+RestartSec=10s
+NoNewPrivileges=yes
+PrivateDevices=yes
+DevicePolicy=closed
+ProtectSystem=true
+RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
+
+[Install]
+WantedBy=multi-user.target
diff --git a/mkosi.skeleton/root/build-maniver.sh b/mkosi.skeleton/root/build-maniver.sh
new file mode 100755
index 0000000..193ba0d
--- /dev/null
+++ b/mkosi.skeleton/root/build-maniver.sh
@@ -0,0 +1,5 @@
+#!/usr/bin/bash
+
+cd /root/maniver
+cargo build --release
+cp /root/maniver/target/release/maniver /usr/local/bin/maniver
diff --git a/mkosi.skeleton/root/build-sftpgo.sh b/mkosi.skeleton/root/build-sftpgo.sh
new file mode 100755
index 0000000..f8a37f5
--- /dev/null
+++ b/mkosi.skeleton/root/build-sftpgo.sh
@@ -0,0 +1,8 @@
+#!/usr/bin/bash
+
+git clone https://github.com/drakkan/sftpgo /root/sftpgo-src
+cd /root/sftpgo-src
+git checkout v2.2.2
+apt update
+apt install -y golang-1.18
+/usr/lib/go-1.18/bin/go build -tags nogcs,nos3,noazblob,nobolt,nomysql,nopgsql,noportable,nometrics -o /usr/local/bin/sftpgo
diff --git a/mkosi.skeleton/root/maniver b/mkosi.skeleton/root/maniver
new file mode 160000
index 0000000..2ad9fe6
--- /dev/null
+++ b/mkosi.skeleton/root/maniver
@@ -0,0 +1 @@
+Subproject commit 2ad9fe6f3d7d3fc44cc03ef569d82dd601b51664
diff --git a/mkosi.skeleton/srv/ns/niver.test.zone b/mkosi.skeleton/srv/ns/niver.test.zone
new file mode 100644
index 0000000..c0954e3
--- /dev/null
+++ b/mkosi.skeleton/srv/ns/niver.test.zone
@@ -0,0 +1,6 @@
+niver.test.     10800 SOA  ns1.niver.test. admin.niver.test. 0 21600 7200 3628800 3600
+niver.test.     86400 NS   ns1.niver.test.
+niver.test.     10800 A    127.0.0.1
+niver.test.     10800 AAAA ::1
+ns1.niver.test. 10800 A    127.0.0.1
+ns1.niver.test. 10800 AAAA ::1
diff --git a/mkosi.skeleton/srv/php/errors/400.html b/mkosi.skeleton/srv/php/errors/400.html
new file mode 100644
index 0000000..04bdaf1
--- /dev/null
+++ b/mkosi.skeleton/srv/php/errors/400.html
@@ -0,0 +1,15 @@
+<!DOCTYPE html>
+<html lang="en">
+	<head>
+		<meta charset="UTF-8">
+		<meta name="viewport" content="width=device-width, initial-scale=1">
+		<title>Bad request · HTTP 400</title>
+	</head>
+	<body>
+		<h1>Bad request</h1>
+		<p>
+			The request is malformed.
+		</p>
+		<small><code>HTTP 400</code></small>
+	</body>
+</html>
diff --git a/mkosi.skeleton/srv/php/errors/403.html b/mkosi.skeleton/srv/php/errors/403.html
new file mode 100644
index 0000000..d678b35
--- /dev/null
+++ b/mkosi.skeleton/srv/php/errors/403.html
@@ -0,0 +1,15 @@
+<!DOCTYPE html>
+<html lang="en">
+	<head>
+		<meta charset="UTF-8">
+		<meta name="viewport" content="width=device-width, initial-scale=1">
+		<title>Access forbidden · HTTP 403</title>
+	</head>
+	<body>
+		<h1>Access forbidden</h1>
+		<p>
+			The server refused to process the request for security reasons.
+		</p>
+		<small><code>HTTP 403</code></small>
+	</body>
+</html>
diff --git a/mkosi.skeleton/srv/php/errors/404.en.html b/mkosi.skeleton/srv/php/errors/404.en.html
new file mode 100644
index 0000000..f7985d9
--- /dev/null
+++ b/mkosi.skeleton/srv/php/errors/404.en.html
@@ -0,0 +1,19 @@
+<!DOCTYPE html>
+<html lang="en">
+	<head>
+		<meta charset="UTF-8">
+		<meta name="viewport" content="width=device-width, initial-scale=1">
+		<title>File not found · HTTP 404</title>
+	</head>
+	<body>
+		<h1>File not found</h1>
+		<p>
+			The server did not find anything at the requested address.
+		</p>
+		<ul>
+			<li>The file may have been moved or deleted.</li>
+			<li>Perhaps the address was mistyped.</li>
+		</ul>
+		<small><code>HTTP 404</code></small>
+	</body>
+</html>
diff --git a/mkosi.skeleton/srv/php/errors/404.fr.html b/mkosi.skeleton/srv/php/errors/404.fr.html
new file mode 100644
index 0000000..3f81091
--- /dev/null
+++ b/mkosi.skeleton/srv/php/errors/404.fr.html
@@ -0,0 +1,19 @@
+<!DOCTYPE html>
+<html lang="fr">
+	<head>
+		<meta charset="UTF-8">
+		<meta name="viewport" content="width=device-width, initial-scale=1">
+		<title>Fichier introuvable · HTTP 404</title>
+	</head>
+	<body>
+		<h1>Fichier introuvable</h1>
+		<p>
+			Le serveur n'a rien trouvé à l'adresse demandée.
+		</p>
+		<ul>
+			<li>Le fichier a put être déplacé ou supprimé.</li>
+			<li>L'adresse a peut-être été mal saisie.</li>
+		</ul>
+		<small><code>HTTP 404</code></small>
+	</body>
+</html>
diff --git a/mkosi.skeleton/srv/php/errors/404.php b/mkosi.skeleton/srv/php/errors/404.php
new file mode 100644
index 0000000..425db2f
--- /dev/null
+++ b/mkosi.skeleton/srv/php/errors/404.php
@@ -0,0 +1,20 @@
+<?php
+if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) {
+	$clientLocales = $_SERVER['HTTP_ACCEPT_LANGUAGE'];
+	$clientLocales = preg_replace("#[A-Z0-9]|q=|;|-|\.#", "", $clientLocales);
+	$clientLocales = explode(',', $clientLocales);
+	$availableLocales = array('en', 'fr');
+	foreach ($clientLocales as $clientLocale) {
+	if (in_array($clientLocale, $availableLocales)) {
+		$locale = $clientLocale;
+		break;
+	}
+	}
+}
+
+if (isset($locale) AND $locale == "fr")
+	echo file_get_contents("404.fr.html");
+else
+	echo file_get_contents("404.en.html");
+
+?>
diff --git a/mkosi.skeleton/srv/php/errors/405.html b/mkosi.skeleton/srv/php/errors/405.html
new file mode 100644
index 0000000..1945473
--- /dev/null
+++ b/mkosi.skeleton/srv/php/errors/405.html
@@ -0,0 +1,15 @@
+<!DOCTYPE html>
+<html lang="en">
+	<head>
+		<meta charset="UTF-8">
+		<meta name="viewport" content="width=device-width, initial-scale=1">
+		<title>Method Not Allowed · HTTP 405</title>
+	</head>
+	<body>
+		<h1>Method Not Allowed</h1>
+		<p>
+			The request method is not supported for this resource.
+		</p>
+		<small><code>HTTP 405</code></small>
+	</body>
+</html>
diff --git a/mkosi.skeleton/srv/php/errors/410.html b/mkosi.skeleton/srv/php/errors/410.html
new file mode 100644
index 0000000..ff5f6ce
--- /dev/null
+++ b/mkosi.skeleton/srv/php/errors/410.html
@@ -0,0 +1,15 @@
+<!DOCTYPE html>
+<html lang="en">
+	<head>
+		<meta charset="UTF-8">
+		<meta name="viewport" content="width=device-width, initial-scale=1">
+		<title>Gone · HTTP 410</title>
+	</head>
+	<body>
+		<h1>Gone</h1>
+		<p>
+			The requested resource is not available anymore.
+		</p>
+		<small><code>HTTP 410</code></small>
+	</body>
+</html>
diff --git a/mkosi.skeleton/srv/php/errors/418.html b/mkosi.skeleton/srv/php/errors/418.html
new file mode 100644
index 0000000..112b012
--- /dev/null
+++ b/mkosi.skeleton/srv/php/errors/418.html
@@ -0,0 +1,15 @@
+<!DOCTYPE html>
+<html lang="en">
+	<head>
+		<meta charset="UTF-8">
+		<meta name="viewport" content="width=device-width, initial-scale=1">
+		<title>I'm a teapot · HTTP 418</title>
+	</head>
+	<body>
+		<h1>I'm a teapot</h1>
+		<p>
+			Your coffee cannot be brewed because this server is a teapot.
+		</p>
+		<small><code>HTTP 418</code></small>
+	</body>
+</html>
diff --git a/mkosi.skeleton/srv/php/errors/500.html b/mkosi.skeleton/srv/php/errors/500.html
new file mode 100644
index 0000000..969e90b
--- /dev/null
+++ b/mkosi.skeleton/srv/php/errors/500.html
@@ -0,0 +1,19 @@
+<!DOCTYPE html>
+<html lang="en">
+	<head>
+		<meta charset="UTF-8">
+		<meta name="viewport" content="width=device-width, initial-scale=1">
+		<title>Server error · HTTP 500</title>
+	</head>
+	<body>
+		<h1>Server error</h1>
+		<p>
+			The server encountered an error and is unable to satisfy your request.
+		</p>
+		<ul>
+			<li>This error is probably temporary.</li>
+			<li>If it isn't, you can try to contact an administrator.</li>
+		</ul>
+		<small><code>HTTP 500</code></small>
+	</body>
+</html>
diff --git a/mkosi.skeleton/srv/php/errors/502.html b/mkosi.skeleton/srv/php/errors/502.html
new file mode 100644
index 0000000..e3b10e0
--- /dev/null
+++ b/mkosi.skeleton/srv/php/errors/502.html
@@ -0,0 +1,19 @@
+<!DOCTYPE html>
+<html lang="en">
+	<head>
+		<meta charset="UTF-8">
+		<meta name="viewport" content="width=device-width, initial-scale=1">
+		<title>Bad gateway · HTTP 502</title>
+	</head>
+	<body>
+		<h1>Bad gateway</h1>
+		<p>
+			The backend server encountered an error and is unable to satisfy your request.
+		</p>
+		<ul>
+			<li>This error is probably temporary.</li>
+			<li>If it isn't, you can try to contact an administrator.</li>
+		</ul>
+		<small><code>HTTP 502</code></small>
+	</body>
+</html>
diff --git a/mkosi.skeleton/srv/php/errors/503.html b/mkosi.skeleton/srv/php/errors/503.html
new file mode 100644
index 0000000..9c624d4
--- /dev/null
+++ b/mkosi.skeleton/srv/php/errors/503.html
@@ -0,0 +1,19 @@
+<!DOCTYPE html>
+<html lang="en">
+	<head>
+		<meta charset="UTF-8">
+		<meta name="viewport" content="width=device-width, initial-scale=1">
+		<title>Service unavailable · HTTP 503</title>
+	</head>
+	<body>
+		<h1>Service unavailable</h1>
+		<p>
+			The server cannot handle the request, because it is overloaded or down for maintenance.
+		</p>
+		<ul>
+			<li>This error is probably temporary.</li>
+			<li>If it isn't, you can try to contact an administrator.</li>
+		</ul>
+		<small><code>HTTP 503</code></small>
+	</body>
+</html>
diff --git a/mkosi.skeleton/srv/php/errors/504.html b/mkosi.skeleton/srv/php/errors/504.html
new file mode 100644
index 0000000..6b63932
--- /dev/null
+++ b/mkosi.skeleton/srv/php/errors/504.html
@@ -0,0 +1,19 @@
+<!DOCTYPE html>
+<html lang="en">
+	<head>
+		<meta charset="UTF-8">
+		<meta name="viewport" content="width=device-width, initial-scale=1">
+		<title>Gateway timeout · HTTP 504</title>
+	</head>
+	<body>
+		<h1>Gateway timeout</h1>
+		<p>
+			The backend server did not send a timely response.
+		</p>
+		<ul>
+			<li>This error is probably temporary.</li>
+			<li>If it isn't, you can try to contact an administrator.</li>
+		</ul>
+		<small><code>HTTP 504</code></small>
+	</body>
+</html>
diff --git a/mkosi.skeleton/srv/php/errors/default-domain.en.html b/mkosi.skeleton/srv/php/errors/default-domain.en.html
new file mode 100644
index 0000000..da4e656
--- /dev/null
+++ b/mkosi.skeleton/srv/php/errors/default-domain.en.html
@@ -0,0 +1,11 @@
+<!DOCTYPE HTML>
+<html lang="en">
+	<head>
+		<meta charset="UTF-8">
+		<title>Broken site</title>
+	</head>
+	<body>
+		<h1>Broken site</h1>
+		The site you're trying to reach is misconfigured. This domain seems to be pointing to this server, but this server is not aware of a site using this domain.
+	</body>
+</html>
diff --git a/mkosi.skeleton/srv/php/errors/default-ip.en.html b/mkosi.skeleton/srv/php/errors/default-ip.en.html
new file mode 100644
index 0000000..92e9057
--- /dev/null
+++ b/mkosi.skeleton/srv/php/errors/default-ip.en.html
@@ -0,0 +1,11 @@
+<!DOCTYPE HTML>
+<html lang="en">
+	<head>
+		<meta charset="UTF-8">
+		<title>Nothing here</title>
+	</head>
+	<body>
+		<h1>Nothing here</h1>
+		You reached Niver's default site using IP address. There's nothing for you here.
+	</body>
+</html>
diff --git a/mkosi.skeleton/srv/php/errors/http.html b/mkosi.skeleton/srv/php/errors/http.html
new file mode 100644
index 0000000..644aae5
--- /dev/null
+++ b/mkosi.skeleton/srv/php/errors/http.html
@@ -0,0 +1,23 @@
+<!DOCTYPE html>
+<html lang="en">
+	<head>
+		<meta charset="UTF-8">
+		<meta name="viewport" content="width=device-width, initial-scale=1">
+		<title>Not available over unsecure HTTP</title>
+	</head>
+	<body>
+		<h1>Not available over unsecure HTTP</h1>
+		<p>
+			This server does not accept unsecure HTTP requests. Use HTTPS instead.
+		</p>
+	<details open="">
+		<summary>What happened?</summary>
+		You made a request to the server using the unsecure HTTP protocol (<code>http://</code>). For privacy and security reasons, the server does not accept this, as unsecure HTTP connections can be watched and modified by any device on the way.
+	</details>
+	<details>
+		<summary>How to solve this?</summary>
+		You can tell your browser to use HTTPS by prefixing the URL with <code>https://</code>.
+	</details>
+		<small><code>HTTP 400</code></small>
+	</body>
+</html>
diff --git a/mkosi.skeleton/srv/php/errors/http.php b/mkosi.skeleton/srv/php/errors/http.php
new file mode 100644
index 0000000..e0e7712
--- /dev/null
+++ b/mkosi.skeleton/srv/php/errors/http.php
@@ -0,0 +1,45 @@
+<?php
+if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) {
+	$clientLocales = $_SERVER['HTTP_ACCEPT_LANGUAGE'];
+	$clientLocales = preg_replace("#[A-Z0-9]|q=|;|-|\.#", "", $clientLocales);
+	$clientLocales = explode(',', $clientLocales);
+	$availableLocales = array('en', 'fr');
+	foreach ($clientLocales as $clientLocale) {
+	if (in_array($clientLocale, $availableLocales)) {
+		$locale = $clientLocale;
+		break;
+	}
+	}
+}
+
+if (isset($locale) AND $locale == "fr") {
+#	echo file_get_contents("404.fr.html");
+#else { ?>
+
+<!DOCTYPE html>
+<html lang="en">
+	<head>
+		<meta charset="UTF-8">
+		<meta name="viewport" content="width=device-width, initial-scale=1">
+		<title>Not available over unsecure HTTP</title>
+	</head>
+	<body>
+		<h1>Not available over unsecure HTTP</h1>
+		<p>
+	This server does not accept unsecure HTTP requests. <a href="<?php echo htmlspecialchars($_SERVER['QUERY_STRING']);
+
+?>">Use HTTPS</a> instead.
+		</p>
+		<details open="">
+			<summary>What happened?</summary>
+			You made a request to the server using the unsecure HTTP protocol (<code>http://</code>). For privacy and security reasons, the server does not accept this, as unsecure HTTP connections can be watched and modified by any device on the way.
+		</details>
+		<details>
+			<summary>How to solve this?</summary>
+			You can tell your browser to use HTTPS by prefixing the URL with <code>https://</code>.
+		</details>
+		<small><code>HTTP 403</code></small>
+	</body>
+</html>
+
+<?php } ?>
diff --git a/mkosi.skeleton/srv/php/errors/index.php b/mkosi.skeleton/srv/php/errors/index.php
new file mode 100644
index 0000000..dfc9602
--- /dev/null
+++ b/mkosi.skeleton/srv/php/errors/index.php
@@ -0,0 +1,8 @@
+<?php
+
+if (filter_var(str_replace(array("[", "]"), "", $_SERVER['HTTP_HOST']), FILTER_VALIDATE_IP))
+	echo file_get_contents("default-ip.en.html");
+else
+	echo file_get_contents("default-domain.en.html");
+
+?>
diff --git a/mkosi.skeleton/srv/php/niver b/mkosi.skeleton/srv/php/niver
new file mode 160000
index 0000000..9a2eb0a
--- /dev/null
+++ b/mkosi.skeleton/srv/php/niver
@@ -0,0 +1 @@
+Subproject commit 9a2eb0a18e6f5d464af6d130c291dc916a5d73c9
diff --git a/mkosi.skeleton/usr/local/bin/maniver b/mkosi.skeleton/usr/local/bin/maniver
new file mode 100755
index 0000000..c8d2a46
Binary files /dev/null and b/mkosi.skeleton/usr/local/bin/maniver differ
diff --git a/mkosi.skeleton/usr/local/bin/sftpgo b/mkosi.skeleton/usr/local/bin/sftpgo
new file mode 100755
index 0000000..0a7aa99
Binary files /dev/null and b/mkosi.skeleton/usr/local/bin/sftpgo differ
diff --git a/mkosi.skeleton/usr/local/share/niver/knot.template b/mkosi.skeleton/usr/local/share/niver/knot.template
new file mode 100644
index 0000000..11577c8
--- /dev/null
+++ b/mkosi.skeleton/usr/local/share/niver/knot.template
@@ -0,0 +1,2 @@
+DOMAIN 3600 SOA ns1.niver.test. admin.niver.test. 1 21600 7200 3628800 3600
+DOMAIN 86400 NS ns1.niver.test.
diff --git a/mkosi.skeleton/usr/local/share/niver/nginx/dns.template b/mkosi.skeleton/usr/local/share/niver/nginx/dns.template
new file mode 100644
index 0000000..03e9a4d
--- /dev/null
+++ b/mkosi.skeleton/usr/local/share/niver/nginx/dns.template
@@ -0,0 +1,15 @@
+server {
+	listen [::]:{{HTTPS_PORT}} ssl http2;
+	listen 0.0.0.0:{{HTTPS_PORT}} ssl http2;
+	server_name {{DOMAIN}};
+	root {{HT_PATH}}/{{USERNAME}}/ht/{{DIR}};
+
+	ssl_certificate /etc/ssl/certs/niver.crt;
+	ssl_certificate_key /etc/ssl/private/niver.key;
+
+	include inc/tls.conf;
+
+	location / {
+		try_files $uri $uri.html $uri/ =404;
+	}
+}
diff --git a/mkosi.skeleton/usr/local/share/niver/nginx/onion.template b/mkosi.skeleton/usr/local/share/niver/nginx/onion.template
new file mode 100644
index 0000000..98bdf03
--- /dev/null
+++ b/mkosi.skeleton/usr/local/share/niver/nginx/onion.template
@@ -0,0 +1,9 @@
+server {
+	listen [::1]:{{INTERNAL_ONION_HTTP_PORT}};
+	server_name {{DOMAIN}};
+	root {{HT_PATH}}/{{USERNAME}}/ht/{{DIR}};
+
+	location / {
+		try_files $uri $uri.html $uri/ =404;
+	}
+}