AniNIX/Kapisi
3
0
Fork 0
Code Issues 30 Pull Requests 1 Projects 1 Releases Wiki Activity

Compare commits

merge into: AniNIX:25u
Branches Tags
AniNIX:main AniNIX:geoip AniNIX:improved-ipam AniNIX:25u
AniNIX:0.0
...
pull from: AniNIX:geoip
Branches Tags
AniNIX:geoip AniNIX:main AniNIX:improved-ipam AniNIX:25u
AniNIX:0.0

41 Commits
25u ... geoip

Author SHA1 Message Date
DarkFeather
ad6e48d7e0 Adding geoip module and instituting a deny variable for vhosts to consume 2025-12-02 14:43:49 -06:00
DarkFeather
31992aa487 Moving KiwiIRC websocket behind Nginx instead of dedicated external port 2025-10-21 15:31:32 -05:00
DarkFeather
571455802b Catchup 2025-10-21 14:04:09 -05:00
DarkFeather
4df485af5d Updates for requirements 2025-10-21 13:55:07 -05:00
DarkFeather
365e476b82 Update for internal subdomains as well as external 2025-10-21 13:54:23 -05:00
DarkFeather
c7f88d988b IRC Update for KiwiIRC 1.7 2025-10-21 13:52:25 -05:00
DarkFeather
333a987dac Moving these hooks to AniNIX/Uniglot 2025-10-09 20:37:39 -05:00
DarkFeather
40355ea6e0 Updates for Foundation JS 2025-10-09 20:36:31 -05:00
DarkFeather
b50de1e4f7 Styling updates for Gitea upgrades 2025-09-30 17:14:49 -05:00
DarkFeather
25c9872a0a Updates for AniNIX/Password 2025-09-29 16:33:35 -05:00
DarkFeather
78af592485 Updates for latest inspircd & anope 2025-09-29 16:33:05 -05:00
DarkFeather
a14dfd6562 Password package update 2025-04-27 15:25:54 -05:00
DarkFeather
6864492ce4 Community is gone. https://archlinux.org/news/cleaning-up-old-repositories/ 2025-04-15 14:33:51 -05:00
DarkFeather
35eabff91a Removing unneeded packages 2025-04-15 14:32:41 -05:00
DarkFeather
16ed6e85dc Need latest on config 2025-04-15 14:31:23 -05:00
DarkFeather
02bf4326a3 Deprecating wolfpack.aninix.net subdomain 2025-04-15 14:24:56 -05:00
DarkFeather
405fcb4447 Formatting 2025-04-15 14:03:32 -05:00
DarkFeather
5089c82710 Inventory sanity checks 2025-04-15 13:59:53 -05:00
DarkFeather
7962727fb3 Updates for yggdrasil 2025-04-15 13:58:49 -05:00
DarkFeather
a82bd54091 Linting 2025-04-12 06:58:34 -05:00
DarkFeather
17f900003f Moving WolfPack output to /home instead of /srv for users to access with SFTP & Cyberbrain 2025-04-12 06:42:45 -05:00
DarkFeather
9f131ca0a9 Adding AIDE to HIDS tools 2025-04-12 04:36:22 -05:00
DarkFeather
b6692593a3 Fixing text 2025-04-12 02:59:24 -05:00
DarkFeather
81960d92b0 Updating generate-monitoring to use TrackIPEntries 2025-04-12 02:58:38 -05:00
DarkFeather
59b3181d61 Updates for packages 2024-09-02 23:54:57 -05:00
project2501
f139ea55b4 ++precommit-hooks/playbook-lint-check 2024-08-22 15:30:41 -05:00
project2501
2e154389de patching-verification.yml -- trailing whitespace 2024-08-22 10:39:18 -05:00
DarkFeather
f5ef18851c First round injecting news articles into homepages using serverside precompiled snippets 2024-08-20 00:17:09 -05:00
DarkFeather
8886b572b0 Rebuild Pacman keyring 2024-08-12 17:30:29 -05:00
DarkFeather
a17e2c6fe9 Updates for Raspberry Pi 12 Bookworm 2024-07-23 14:18:32 -05:00
DarkFeather
9366d8b6d7 Catch up for Foundation 2024-04-05 13:16:42 -05:00
DarkFeather
5c3eb7f358 Moving VMs to Host cpu emulation 2024-04-04 13:15:38 -05:00
DarkFeather
33cf371a0d Updating roles 2024-04-01 00:53:08 -05:00
DarkFeather
9aa0a89b79 Seeding Aether 2024-04-01 00:52:29 -05:00
DarkFeather
3a01543c8b Capturing APC automation 2024-04-01 00:49:36 -05:00
DarkFeather
87973dfb6e Simplifying group management 2024-04-01 00:49:02 -05:00
DarkFeather
85286b5412 Catching up with automation 2024-04-01 00:47:05 -05:00
DarkFeather
6f36d515e3 AniNIX/Wiki#21 -- effecting renames for policy 2024-04-01 00:44:23 -05:00
DarkFeather
323b4dd306 Pathing updates for Gitea 1.21.5 -- custom/public to custom/public/assets 2024-03-07 12:28:46 -06:00
DarkFeather
e75d03a313 Update for automated response around poorly behaving archlinux-keyring weekly timer; rename Sora role to Password 2024-03-07 12:27:21 -06:00
DarkFeather
930441ae9a Adding enforcement exit code 2024-01-18 12:04:30 -06:00
237 changed files with 3923 additions and 2743 deletions
Expand all files Collapse all files

6
.gitignore vendored
View File

@@ -1,12 +1,14 @@
# Generated files # Generated files
roles/Node/files/*-vm.service roles/Node/files/*-vm.service
roles/Nazara/files/dns roles/Chappaai/files/dns
roles/Nazara/files/dhcp roles/Chappaai/files/dhcp
roles/Node/files/vm-definitions/** roles/Node/files/vm-definitions/**
roles/ShadowArch/files/mirrorlist roles/ShadowArch/files/mirrorlist
roles/Sharingan/files/monit/checks/availability roles/Sharingan/files/monit/checks/availability
roles/Foundation/files/custom/public/img/** roles/Foundation/files/custom/public/img/**
roles/Maat/files/pacoloco.yaml
venv/** venv/**
wiki/
wiki/** wiki/**
**/pkg/** **/pkg/**
**/src/** **/src/**

6
PKGBUILD
View File

@@ -1,10 +1,6 @@
pkgname="$(git config remote.origin.url | rev | cut -f 1 -d '/' | rev | sed 's/.git$//')" pkgname="$(git config remote.origin.url | rev | cut -f 1 -d '/' | rev | sed 's/.git$//')"
pkgver="$(git describe --tag --abbrev=0)"."$(git rev-parse --short HEAD)" pkgver="$(git describe --tag --abbrev=0)"."$(( `git log "$(git describe --tag --abbrev=0)"..HEAD | grep -c commit` + 1 ))"."$(git rev-parse --short HEAD)"
pkgrel=1 pkgrel=1
pkgrel() {
git log "$(git describe --tag --abbrev=0)"..HEAD | grep -c commit
}
epoch="$(git log | grep -c commit)"
pkgdesc="$(head -n 1 README.md)" pkgdesc="$(head -n 1 README.md)"
arch=("x86_64") arch=("x86_64")
url="$(git config remote.origin.url | sed 's/.git$//')" url="$(git config remote.origin.url | sed 's/.git$//')"

6
README.md
View File

@@ -2,7 +2,9 @@ This project is our Infrastructure-as-Code solution, detailing the deployment &
# Etymology # Etymology
It is named after the fictional Star Wars Imperial Intelligence organization that oversaw the various divisions of Intelligence and orchestrated their operations. Like its namesake, this project oversees the various tools within our ecosystem and enforces compliance with standards. It is named after flagship carrier Kapisi from the game [Homeworld: Deserts of Kharak](https://store.steampowered.com/app/281610?snr=5000_5100___primarylinks). The carrier was the command and production center of Operation Khadiim, an expedition to understand an anomaly on their world & escape the fanaticism of their Gaalsien rivals. The S'jet were able to succeed in this mission not only due to the military efficacy of their forces but also through the research and production capabilities available to the Kapisi.
This project seeks to give other admins and engineers to launch their own infrastructures and break out of any strangleholds that may have entangled them, whether that is tribalism, vendor lock, or stigma.
# Relevant Files and Software # Relevant Files and Software
@@ -12,7 +14,7 @@ export ANSIBLE_VAULT_PASSWORD_FILE=$HOME/password-store/${organization}.vault.pa
export ANSIBLE_VAULT_FILE=$HOME/password-store/${organization}.vault export ANSIBLE_VAULT_FILE=$HOME/password-store/${organization}.vault
``` ```
Take a look at `examples/msn0.yml` as an example inventory -- make sure you populate one of your own. Take a look at `examples/msn0.yml` as an example inventory -- make sure you populate one of your own. The scripts here expect inventories to have layers of groups -- the top group under `all` must be managed vs. unmanaged. The rest of the scripts use YAMLPath to sort out the rest of the groups.
Once you have your vault and inventory, use [AniNIX/ShadowArch](/AniNIX/ShadowArch) with your hypervisor to provision the base image for your machines, or [Raspbian](https://www.raspberrypi.org/). Once you have your vault and inventory, use [AniNIX/ShadowArch](/AniNIX/ShadowArch) with your hypervisor to provision the base image for your machines, or [Raspbian](https://www.raspberrypi.org/).

5
bin/deploy-role
View File

@@ -1,5 +1,8 @@
#!/bin/bash #!/bin/bash
# Ensure we are in the source directory.
cd $(dirname $0)/..
# Role is first argument # Role is first argument
role="$1" role="$1"
if [ -z "$role" ]; then if [ -z "$role" ]; then
@@ -25,7 +28,7 @@ fi
while [ ! -d .git ]; do while [ ! -d .git ]; do
cd .. cd ..
if [ "$PWD" == '/' ]; then if [ "$PWD" == '/' ]; then
echo "This needs to be run from the Ubiqtorate checkout" echo "This needs to be run from the Kapisi checkout"
exit 3 exit 3
fi fi
done done

52
bin/deploy-tasks Executable file
View File

@@ -0,0 +1,52 @@
#!/bin/bash
# Role is first argument
taskfile="$1"
if [ -z "$taskfile" ]; then
echo Need a taskfile as first argument.
exit 1
fi
# Ensure we are in the source directory.
cd $(dirname $1)/..
# Handle verbosity
if [ "$1" == "-v" ]; then
set -x
shift
taskfile="$1"
fi
# Handle usage
if [ "$taskfile" == "-h" ] || [ "$taskfile" == "--help" ]; then
echo "Usage: $0 -h"
echo " $0 \$taskfile \$targetgroup [\$optional_inventory]"
exit 0
fi
# Find the root of the git clone
while [ ! -d .git ]; do
cd ..
if [ "$PWD" == '/' ]; then
echo "This needs to be run from the Kapisi checkout"
exit 3
fi
done
# Get the targetgroup
targetgroup="$2"
if [ -z "$targetgroup" ]; then
targetgroup="$taskfile" # Deploy a taskfile to the server named for that function
fi
# Allow an inventory override
inventory="$3"
if [ -z "$inventory" ]; then
inventory=examples/msn0.yml
fi
# Invoke the one-taskfile playbook for the taskfile on the targetgroup
ansible-playbook -i "$inventory" -e "taskfile=$taskfile" -e "targets=$targetgroup" "$(dirname $0)/../playbooks/one-taskfile.yml"
# and return the exit status
exit $?

5
bin/full-deploy
View File

@@ -1,5 +1,8 @@
#!/bin/bash #!/bin/bash
# Ensure we are in the source directory.
cd $(dirname $0)/..
# Arguments # Arguments
inventory="$1" inventory="$1"
if [ "$inventory" == "-h" ] || [ "$inventory" == "--help" ]; then if [ "$inventory" == "-h" ] || [ "$inventory" == "--help" ]; then
@@ -14,7 +17,7 @@ fi
while [ ! -d .git ]; do while [ ! -d .git ]; do
cd .. cd ..
if [ "$PWD" == '/' ]; then if [ "$PWD" == '/' ]; then
echo "This needs to be run from the Ubiqtorate checkout" echo "This needs to be run from the Kapisi checkout"
exit 3 exit 3
fi fi
done done

43
bin/generate-monitoring.py
View File

@@ -3,7 +3,7 @@
# #
# Description: This file generates the DNS and DHCP files for pihole. # Description: This file generates the DNS and DHCP files for pihole.
# #
# Package: AniNIX/Ubiqtorate # Package: AniNIX/Kapisi
# Copyright: WTFPL # Copyright: WTFPL
# #
# Author: DarkFeather <darkfeather@aninix.net> # Author: DarkFeather <darkfeather@aninix.net>
@@ -11,44 +11,40 @@
import os import os
import subprocess import subprocess
import sys import sys
import re
import yaml import yaml
from kapisi_lib import *
rolepath='../roles/Sharingan/files' rolepath='../roles/Sharingan/files'
monfilepath=rolepath+"/monit/checks/availability" monfilepath=rolepath+"/monit/checks/availability"
def WriteMonitoringEntry(content,hosttype,hostclass): def WriteMonitoringEntry(entryset):
### Create the ping-based monitoring entry ### Create the ping-based monitoring entry
# param content: the yaml content to parse # param entryset: Entries matched from the inventory
# param hosttype: managed or unmanaged
# param hostclass: the type of host as classified in the yaml
global monfile global monfile
with open(monfilepath,'a') as monfile: with open(monfilepath,'a') as monfile:
# Write host entries # Write host entries
for host in content['all']['children'][hosttype]['children'][hostclass]['hosts']: for host in entryset:
try: try:
hostname= host + '.' + content['all']['vars']['replica_domain'] monfile.write('check program ' + host + '_ping_mon with path "/usr/lib/monitoring-plugins/check_ping -H ' + entryset[host][2] + ' -w 100,50% -c 1000,100% -p 3 -t 60 -4"\n')
monfile.write('check program ' + host + '_ping_mon with path "/usr/lib/monitoring-plugins/check_ping -H ' + hostname + ' -w 100,50% -c 1000,100% -p 3 -t 60 -4"\n') monfile.write(' if status != 0 for 3 times within 5 cycles then exec "/etc/monit.d/scripts/critical ' + entryset[host][2] + ' is not online."\n\n')
monfile.write(' if status != 0 for 3 times within 5 cycles then exec "/etc/monit.d/scripts/critical ' + hostname + ' is not online."\n\n')
except: except:
print(host + ' is not complete for monitoring.') print(host + ' is not complete for monitoring.')
def WriteSSHMonitoringEntry(content,hosttype,hostclass): def WriteSSHMonitoringEntry(entryset):
### Create the ping-based monitoring entry ### Create the ping-based monitoring entry
# param content: the yaml content to parse # param entryset: Entries matched from the inventory
# param hosttype: managed or unmanaged
# param hostclass: the type of host as classified in the yaml
global monfile global monfile
with open(monfilepath,'a') as monfile: with open(monfilepath,'a') as monfile:
# Write host entries # Write host entries
for host in content['all']['children'][hosttype]['children'][hostclass]['hosts']: for host in entryset:
try: try:
hostname= host + '.' + content['all']['vars']['replica_domain'] monfile.write('check program ' + host + '_ssh_mon with path "/usr/lib/monitoring-plugins/check_ssh -H ' + entryset[host][2] + '"\n')
monfile.write('check program ' + host + '_ssh_mon with path "/usr/lib/monitoring-plugins/check_ssh -H ' + hostname + '"\n') monfile.write(' if status != 0 for 3 times within 5 cycles then exec "/etc/monit.d/scripts/critical ' + host + ' is not responding to SSH."\n\n')
monfile.write(' if status != 0 for 3 times within 5 cycles then exec "/etc/monit.d/scripts/critical ' + hostname + ' is not responding to SSH."\n\n')
except: except:
print(host + ' is not complete for monitoring.') print(host + ' is not complete for monitoring.')
@@ -61,19 +57,12 @@ def GenerateFiles(file):
os.mkdir(rolepath) os.mkdir(rolepath)
# Parse the yaml # Parse the yaml
with open(file, 'r') as stream: entryset = TrackIPEntries(file,searchstring='all.children.managed.**.ip')
content = yaml.safe_load(stream)
if os.path.isfile(monfilepath): os.remove(monfilepath) if os.path.isfile(monfilepath): os.remove(monfilepath)
# Add DNS entries for each host WriteSSHMonitoringEntry(entryset)
hosttype = 'managed' WriteMonitoringEntry(entryset)
for hostclass in ['physical','virtual','geth_hubs']:
#WriteMonitoringEntry(content,hosttype,hostclass)
WriteSSHMonitoringEntry(content,hosttype,hostclass)
hosttype = 'unmanaged'
for hostclass in ['ovas','appliances']:
WriteMonitoringEntry(content,hosttype,hostclass)
if __name__ == '__main__': if __name__ == '__main__':
if len(sys.argv) != 2: if len(sys.argv) != 2:

73
bin/generate-pihole-dns-dhcp.py
View File

@@ -1,51 +1,46 @@
#!/usr/bin/env python3 #!/usr/bin/env python3
# File: generate-pihole-dns-dhcp.py # File: generate-pihole-dns-dhcp.py
# #
# Description: This file generates the DNS and DHCP files for pihole. # Description: This file generates the DNS and DHCP files for pihole.
# # It expects that the inventory has two levels of grouping.
# Package: AniNIX/Ubiqtorate #
# Package: AniNIX/Kapisi
# Copyright: WTFPL # Copyright: WTFPL
# #
# Author: DarkFeather <darkfeather@aninix.net> # Author: DarkFeather <darkfeather@aninix.net>
import os import os
import re
import subprocess import subprocess
import sys import sys
import yaml from kapisi_lib import *
rolepath='../roles/Nazara/files' rolepath='../roles/Chappaai/files'
dnsfilepath=rolepath+"/dns" dnsfilepath=rolepath+"/dns"
dhcpfilepath=rolepath+"/dhcp" dhcpfilepath=rolepath+"/dhcp"
entryset={}
def WriteDHCPEntry(content,hosttype,hostclass): def WriteDHCPEntries(dhcpfile):
### Create the DHCP entry ### Create the DHCP entry
# param content: the yaml content to parse # param content: the yaml content to parse
# param hosttype: managed or unmanaged # param hosttype: managed or unmanaged
# param hostclass: the type of host as classified in the yaml # param hostclass: the type of host as classified in the yaml
global dhcpfile global entryset
for host in entryset:
# Entries should be:
# dhcp-host=mac,ip,fqdn
dhcpfile.write('dhcp-host=' + entryset[host][1] + ',' + entryset[host][0] + ',' + entryset[host][2] + '\n')
with open(dhcpfilepath,'a') as dhcpfile: def WriteDNSEntries(dnsfile):
for host in content['all']['children'][hosttype]['children'][hostclass]['hosts']:
try:
dhcpfile.write('dhcp-host=' + content['all']['children'][hosttype]['children'][hostclass]['hosts'][host]['mac'] + ',' + content['all']['children'][hosttype]['children'][hostclass]['hosts'][host]['ip'] + ',' + host + '.' + content['all']['vars']['replica_domain'] + '\n')
except:
print(host + ' is not complete for DHCP.')
def WriteDNSEntry(content,hosttype,hostclass):
### Create the DNS entry ### Create the DNS entry
# param content: the yaml content to parse # param content: the yaml content to parse
# param hosttype: managed or unmanaged # param hosttype: managed or unmanaged
# param hostclass: the type of host as classified in the yaml # param hostclass: the type of host as classified in the yaml
global dnsfile global entryset
for host in entryset:
with open(dnsfilepath,'a') as dnsfile: # Entries should be:
# ip host fqdn
# Write host entries dnsfile.write(entryset[host][0] + ' ' + entryset[host][2] + ' ' + host + '\n')
for host in content['all']['children'][hosttype]['children'][hostclass]['hosts']:
try:
dnsfile.write(content['all']['children'][hosttype]['children'][hostclass]['hosts'][host]['ip'] + ' ' + host + '.' + content['all']['vars']['replica_domain'] + ' ' + host + '\n')
except:
print(host + ' is not complete for DNS.')
def GenerateFiles(file): def GenerateFiles(file):
### Open the file and parse it ### Open the file and parse it
@@ -58,29 +53,29 @@ def GenerateFiles(file):
# Parse the yaml # Parse the yaml
with open(file, 'r') as stream: with open(file, 'r') as stream:
content = yaml.safe_load(stream) content = yaml.safe_load(stream)
external_domain = content['all']['vars']['external_domain']
# Clear the DNS file # Clear the DNS file
with open(dhcpfilepath,'w') as dhcpfile: with open(dhcpfilepath,'w') as dhcpfile:
dhcpfile.write('dhcp-range='+content['all']['vars']['dhcprange']+'\n') dhcpfile.write('dhcp-range='+content['all']['vars']['dhcprange']+'\n')
dhcpfile.write('dhcp-option=option:dns-server,'+content['all']['vars']['dns']+'\n\n') dhcpfile.write('dhcp-option=option:dns-server,'+content['all']['vars']['dns']+'\n\n')
dhcpfile.write('dhcp-range='+content['all']['vars']['staticrange']+'\n') dhcpfile.write('dhcp-range='+content['all']['vars']['staticrange']+'\n')
WriteDHCPEntries(dhcpfile)
with open(dnsfilepath,'w') as dnsfile: with open(dnsfilepath,'w') as dnsfile:
vips=subprocess.run(["/bin/bash", "-c", "echo | openssl s_client -connect "+content['all']['vars']['external_domain']+":443 | openssl x509 -text -noout | grep DNS: | tr ',' '\n' | sed 's/\s\+DNS://' | grep -ivE ^"+content['all']['vars']['external_domain']+" | tr '\n' ' '"], capture_output=True).stdout.decode("utf-8") dnsfile.write(content['all']['vars']['webfront']+' '+external_domain+' '+content['all']['vars']['internal_subdomains'].replace(' ','.'+external_domain+' ')+'.'+external_domain+' '+content['all']['vars']['external_subdomains'].replace(' ','.'+external_domain+' ')+'.'+external_domain+' '+content['all']['vars']['hosted_domains']+"\n")
dnsfile.write(content['all']['vars']['webfront']+' '+content['all']['vars']['external_domain']+' '+vips+"\n") WriteDNSEntries(dnsfile)
print('Files should be in '+rolepath);
# Add DNS entries for each host
hosttype = 'managed'
for hostclass in ['physical','virtual','geth_hubs']:
WriteDNSEntry(content,hosttype,hostclass)
WriteDHCPEntry(content,hosttype,hostclass)
hosttype = 'unmanaged'
for hostclass in ['ovas','test_ovas','appliances','adhoc_appliances','iot']:
WriteDNSEntry(content,hosttype,hostclass)
WriteDHCPEntry(content,hosttype,hostclass)
### Main function
# param sys.argv: Input arguments
if __name__ == '__main__': if __name__ == '__main__':
if len(sys.argv) != 2: if len(sys.argv) < 2:
print("You need to supply an inventory file.") print("You need to supply an inventory file.")
sys.exit(1) sys.exit(1)
if len(sys.argv) == 3:
entryset = TrackIPEntries(sys.argv[1],sys.argv[2])
else:
entryset = TrackIPEntries(sys.argv[1])
GenerateFiles(sys.argv[1]) GenerateFiles(sys.argv[1])
#dumper.dump(entryset)
sys.exit(0) sys.exit(0)

2
bin/generate-ssh-keyscan
View File

@@ -1,6 +1,6 @@
#!/bin/bash #!/bin/bash
# File: gen-ssh-keyscan # File: ./generate-ssh-keyscan
# #
# Description: This file generates a known_host block for the inventory. # Description: This file generates a known_host block for the inventory.
# #

4
bin/generate-systemd-vms.py
View File

@@ -3,7 +3,7 @@
# #
# Description: This file generates the systemd.service files that run our VM's # Description: This file generates the systemd.service files that run our VM's
# #
# Package: AniNIX/Ubiqtorate # Package: AniNIX/Kapisi
# Copyright: WTFPL # Copyright: WTFPL
# #
# Author: DarkFeather <darkfeather@aninix.net> # Author: DarkFeather <darkfeather@aninix.net>
@@ -54,7 +54,7 @@ def WriteVMFile(content,hosttype,hostclass):
vmfile.write('[Service]\n') vmfile.write('[Service]\n')
vmfile.write('ExecStart=/usr/sbin/qemu-system-x86_64 -name AniNIX/' + host + ' -machine type=pc,accel=kvm') vmfile.write('ExecStart=/usr/sbin/qemu-system-x86_64 -name AniNIX/' + host + ' -machine type=pc,accel=kvm')
if 'uefi' in content['all']['children'][hosttype]['children'][hostclass]['hosts'][host].keys(): vmfile.write(' -bios /usr/share/edk2-ovmf/x64/OVMF.fd') if 'uefi' in content['all']['children'][hosttype]['children'][hostclass]['hosts'][host].keys(): vmfile.write(' -bios /usr/share/edk2-ovmf/x64/OVMF.fd')
vmfile.write(' -cpu qemu64 -smp ' + cores + ' ' + disks + ' -net nic,macaddr=' + mac + ',model=virtio -net bridge,br=' + bridge + ' -vga std -nographic -vnc :' + str(vnc) + ' -m size=' + str(memory) + 'G -device virtio-rng-pci\n') vmfile.write(' -cpu host -smp ' + cores + ' ' + disks + ' -net nic,macaddr=' + mac + ',model=virtio -net bridge,br=' + bridge + ' -vga std -nographic -vnc :' + str(vnc) + ' -m size=' + str(memory) + 'G -device virtio-rng-pci\n')
vmfile.write('ExecReload=/bin/kill -HUP $MAINPID\n') vmfile.write('ExecReload=/bin/kill -HUP $MAINPID\n')
vmfile.write('KillMode=process\n') vmfile.write('KillMode=process\n')
vmfile.write('Restart=always\n') vmfile.write('Restart=always\n')

72
bin/kapisi_lib.py Normal file
View File

@@ -0,0 +1,72 @@
import re
import yaml
from types import SimpleNamespace
from yamlpath.common import Parsers
from yamlpath.wrappers import ConsolePrinter
from yamlpath import Processor
from yamlpath import YAMLPath
from yamlpath.exceptions import YAMLPathException
def TrackIPEntries(yaml_file,searchstring='all.children.**.ip'):
### Try to parse an Ansible inventory for hosts with the 'ip' attribute.
# param file: the file to parse
# return: a populated entry set in form [{Host,[ip,mac,fqdn]},...]
# Borrowing from upstream author's example at https://pypi.org/project/yamlpath/
entryset = {}
replicadomain = GetReplicaDomain(yaml_file)
# The various classes of this library must be able to write messages somewhere
# when things go bad.
#logging_args = SimpleNamespace(quiet=True, verbose=False, debug=False)
logging_args = SimpleNamespace(quiet=True, verbose=True, debug=True)
log = ConsolePrinter(logging_args)
# Prep the YAML parser
yaml = Parsers.get_yaml_editor()
(yaml_data, doc_loaded) = Parsers.get_yaml_data(yaml, log, yaml_file)
if not doc_loaded:
exit(1)
processor = Processor(log, yaml_data)
yaml_path = YAMLPath(searchstring)
# Create a regex pattern to remove the end of the path
ippattern = re.compile('\\.ip$')
try:
for node_coordinate in processor.get_nodes(yaml_path, mustexist=True):
# Strip the path to the host entry.
path = ippattern.sub("",str(node_coordinate.path))
# Pull the IP
ip = str(node_coordinate.node)
# Pull the hosname
splitpath = path.split('.')
hostname = splitpath[len(splitpath)-1]
#print("Got {} from '{}''.".format(ip,path))
# Path the MAC
mac_yaml_path = YAMLPath(path+".mac")
mac=""
try:
for node_coordinate in processor.get_nodes(mac_yaml_path, mustexist=True):
mac = str(node_coordinate.node)
except YAMLPathException as ex:
log.error(ex)
# Add the host to the entryset.
entryset.update({ hostname : [ip,mac,hostname+'.'+replicadomain] })
except YAMLPathException as ex:
log.error(ex)
finally:
return entryset
def GetReplicaDomain(file):
'''
Return the defined replica domain
'''
with open(file, 'r') as stream:
content = yaml.safe_load(stream)
return content['all']['vars']['replica_domain']

15
bin/tmux-hosts
View File

@@ -17,11 +17,11 @@ group=all
offset=0 offset=0
unset inventory unset inventory
function usage() { function usage() {
# Show helptext # Show helptext
# param retcode: what to exit # param retcode: what to exit
retcode="$1" retcode="$1"
echo "Usage: $0 [ -o offset ] [-g group ] -i inventory.yml" echo "Usage: $0 [ -o offset ] [-g group ] [-i inventory.yml]"
echo " $0 -h" echo " $0 -h"
echo "Group is optional -- add it if you only want to look at a specific subset." echo "Group is optional -- add it if you only want to look at a specific subset."
echo "Add -v for verbosity." echo "Add -v for verbosity."
@@ -41,7 +41,7 @@ function tmuxHosts() {
name="$group-$offset" name="$group-$offset"
# If no TMUX session started, then add one with four panes. # If no TMUX session started, then add one with four panes.
if [ -z "$TMUX" ]; then if [ -z "$TMUX" ]; then
tmux new-session -s "$name" -d "/bin/bash -l -c ssh\\ $host1" tmux new-session -s "$name" -d "/bin/bash -l -c ssh\\ $host1"
tmux select-window -t "$name":0 tmux select-window -t "$name":0
tmux split-window "/bin/bash -l -c ssh\\ $host2" tmux split-window "/bin/bash -l -c ssh\\ $host2"
@@ -51,7 +51,7 @@ function tmuxHosts() {
tmux setw synchronize-panes tmux setw synchronize-panes
tmux a -d -t "$name" tmux a -d -t "$name"
# Otherwise, add a new window to the current session with all four sessions. # Otherwise, add a new window to the current session with all four sessions.
else else
tmux new-window -n "$name" "/bin/bash -l -c ssh\\ $host1" tmux new-window -n "$name" "/bin/bash -l -c ssh\\ $host1"
tmux select-window -t "$name" tmux select-window -t "$name"
tmux split-window "/bin/bash -l -c ssh\\ $host2" tmux split-window "/bin/bash -l -c ssh\\ $host2"
@@ -76,12 +76,11 @@ if [ "$(basename $0)" == "tmux-hosts" ]; then
*) usage 1 ;; *) usage 1 ;;
esac esac
done done
if [ -z "$inventory" ]; then if [ -z "$inventory" ]; then
echo Need an inventory. inventory=$(grep -E ^inventory ~/.ansible.cfg | cut -f 2 -d '=')
usage 2;
fi fi
tmuxHosts $(ansible -i "$inventory" --list-hosts "$group"\ tmuxHosts $(ansible -i "$inventory" --list-hosts "$group"\
| grep -v hosts\ \( \ | grep -v hosts\ \( \
| sed 's/\s\+//g' \ | sed 's/\s\+//g' \

219
examples/msn0.yml
View File

@@ -1,10 +1,14 @@
all: all:
vars: vars:
# Environment-wide data # Environment-wide data
external_domain: aninix.net external_domain: "aninix.net"
external_subdomains: "cyberbrain foundation irc lykos maat password sharingan singularity superintendent www yggdrasil"
internal_subdomains: "ircservices"
hosted_domains: "travelpawscvt.com"
replica_domain: "MSN0.AniNIX.net" replica_domain: "MSN0.AniNIX.net"
time_zone: "America/Chicago" time_zone: "America/Chicago"
# Services used by all # Services used by all
main_subnet: 10.0.1.0
router: 10.0.1.1 router: 10.0.1.1
netmask: 24 netmask: 24
dhcprange: '10.0.1.224,10.0.1.254,255.255.255.0,12h' dhcprange: '10.0.1.224,10.0.1.254,255.255.255.0,12h'
@@ -19,84 +23,109 @@ all:
ansible_become_method: sudo ansible_become_method: sudo
ansible_become_user: root ansible_become_user: root
static: false static: false
wireless_ssid: 'Shadowfeed' wireless_ssid: 'Shadownet'
ansible_python_interpreter: auto_silent ansible_python_interpreter: auto_silent
aether_primary: 'Yggdrasil'
ldap: ldap:
server: "10.0.1.3" server: "10.0.1.3"
orgdn: "dc=aninix,dc=net" orgdn: "dc=aninix,dc=net"
binduser: 'binduser' binduser: 'binduser'
userou: 'ou=People' userou: 'ou=People'
groupou: 'ou=Group'
filter: '(&(objectClass=person)(!(pwdReset=TRUE)))'
organization: # Information about the group organization: # Information about the group
admin: 'DarkFeather' admin: 'DarkFeather'
email: 'ircs://irc.aninix.net:6697/DarkFeather' email: 'ircs://irc.aninix.net:6697/DarkFeather'
displayname: 'AniNIX' displayname: 'AniNIX'
gpgkey: '904DE6275579CB589D85720C1CC1E3F4ED06F296' gpgkey: '904DE6275579CB589D85720C1CC1E3F4ED06F296'
ssl: # Standard SSL cryptographic standards ssl: # Standard SSL cryptographic standards
identity: 'aninix.net-0001' # The Let's Encrypt identity to use identity: 'aninix.net-0002' # The Let's Encrypt identity to use
ciphersuite: "!NULL:!SSLv2:!SSLv3:!TLSv1:EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH" ciphersuite: "!NULL:!SSLv2:!SSLv3:!TLSv1:EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"
Aether_nodes:
- DedSec.msn0.aninix.net
operational_countries:
- 'US'
children: children:
managed: managed:
children: children:
physical: # 10.0.1.0/28 physical: # 10.0.1.0/28
hosts: hosts:
Nazara: Chappaai:
ipinterface: eth0 ipinterface: eth0
ip: 10.0.1.2 ip: 10.0.1.2
mac: B8:27:EB:B6:AA:0C mac: e4:5f:01:01:ff:9b
static: true
Node1:
ipinterface: enp1s0
ip: 10.0.1.5
mac: FA:EC:43:87:4D:2D
tap: true
ups: 'aps'
Node2:
ipinterface: enp1s0
ip: 10.0.1.7
mac: 56:02:ef:2c:1f:7c
tap: true
ups: 'cyberpower'
Node3:
ipinterface: enp1s0
ip: 10.0.1.8
mac: B2:C6:2C:02:B2:6E
tap: true
Nodelet0:
ipinterface: eth0
ip: 10.0.1.9
mac: b8:27:eb:9a:73:dd
static: true
k3s_primary: true
Nodelet1:
ipinterface: eth0
ip: 10.0.1.10
mac: E4:5F:01:01:FF:9C
static: true
Nodelet2:
ipinterface: eth0
ip: 10.0.1.11
mac: E4:5F:01:01:FF:D5
static: true
Nodelet3:
ipinterface: eth0
ip: 10.0.1.12
mac: E4:5F:01:01:FF:96
static: true
Nodelet4:
ipinterface: eth0
ip: 10.0.1.13
mac: E4:5F:01:01:FF:E4
static: true static: true
children:
Node:
hosts:
Node1:
ipinterface: enp1s0
ip: 10.0.1.5
mac: fa:ec:43:87:4d:2d
tap: true
ups: 'aps'
active_vms:
- Yggdrasil
Node2:
ipinterface: enp1s0
ip: 10.0.1.7
mac: 56:02:ef:2c:1f:7c
tap: true
active_vms:
- DarkNet
- Maat
- Sharingan
- Superintendent
Node3:
ipinterface: enp1s0
ip: 10.0.1.8
mac: b2:c6:2c:02:b2:6e
tap: true
active_vms:
- TDS-Jump
Geth:
hosts:
Geth0:
ipinterface: eth0
ip: 10.0.1.9
mac: b8:27:eb:09:a1:a0
static: true
k3s_primary: true
Geth1:
ipinterface: eth0
ip: 10.0.1.10
mac: e4:5f:01:01:ff:9c
static: true
Geth2:
ipinterface: eth0
ip: 10.0.1.11
mac: e4:5f:01:01:ff:d5
static: true
Geth3:
ipinterface: eth0
ip: 10.0.1.12
mac: e4:5f:01:01:ff:96
static: true
Geth4:
ipinterface: eth0
ip: 10.0.1.13
mac: e4:5f:01:01:ff:e4
static: true
Geth5:
ipinterface: eth0
ip: 10.0.1.14
mac: b8:27:eb:81:f5:4b
static: true
virtual: # 10.0.1.16/28 virtual: # 10.0.1.16/28
vars: vars:
hosts: hosts:
Sharingan: Sharingan:
node: Node2
ip: 10.0.1.16 ip: 10.0.1.16
ipinterface: ens3 ipinterface: ens3
mac: 00:15:5D:01:02:10 mac: 00:15:5d:01:02:10
cores: 4 cores: 4
memory: 4 memory: 6
vnc: 8 vnc: 8
bridge: br0 bridge: br0
uefi: true uefi: true
@@ -106,63 +135,62 @@ all:
# On hold because of https://aninix.net/DarkFeather/MSN0/issues/6 # On hold because of https://aninix.net/DarkFeather/MSN0/issues/6
holdpkg: "elasticsearch graylog mongodb44-bin mongodb-tools-bin" holdpkg: "elasticsearch graylog mongodb44-bin mongodb-tools-bin"
DarkNet: DarkNet:
node: Node2
ipinterface: ens3 ipinterface: ens3
ip: 10.0.1.17 ip: 10.0.1.17
mac: 00:15:5D:01:02:05 mac: 00:15:5d:01:02:05
cores: 4 cores: 2
memory: 4 memory: 2
vnc: 9 vnc: 9
bridge: br0 bridge: br0
disks: disks:
- '-drive format=raw,index=0,media=disk,file=/dev/sdb' - '-drive format=raw,index=0,media=disk,file=/dev/sdb'
wolfpack_config: 'gitea@foundation.aninix.net:DarkFeather/WolfPack-Config.git' wolfpack_config: 'gitea@foundation.aninix.net:DarkFeather/WolfPack-Config.git'
Maat: Maat:
node: Node2
ip: 10.0.1.18 ip: 10.0.1.18
ipinterface: ens3 ipinterface: ens3
mac: 00:15:5d:01:02:07 mac: 00:15:5d:01:02:07
cores: 2 cores: 2
memory: 2 memory: 2
bridge: br0 bridge: br0
vscan_enabled: true
vnc: 7 vnc: 7
disks: disks:
- '-drive format=qcow2,l2-cache-size=8M,file=/mnt/cage2/vm/Maat.qcow2' - '-drive format=qcow2,l2-cache-size=8M,file=/mnt/cage2/vm/Maat.qcow2'
Yggdrasil: Yggdrasil:
node: Node1 ipinterface: ens3
ipinterface: enp1s0f0
ip: 10.0.1.3 ip: 10.0.1.3
mac: 00:25:90:0d:6e:86 mac: 00:25:90:0d:6e:86
static: true static: true
sslidentity: aninix.net-0001 sslidentity: aninix.net-0002
secdetection: true secdetection: true
iptv_location: "Milwaukee|Madison" iptv_location: "ToonamiAftermathEast.us|TVSClassicMovies.us|UniversalComedy|ABCNewsLive"
aether_source: true aether_source: true
cores: 8 cores: 8
memory: 16 memory: 10
bridge: br0 bridge: br0
vnc: 1 vnc: 1
vscan_enabled: true
disks: disks:
- '-drive format=raw,index=0,media=disk,file=/dev/sda' - '-drive format=raw,index=0,media=disk,file=/dev/sda'
- '-drive format=raw,index=0,media=disk,file=/dev/sdb' - '-drive format=raw,index=0,media=disk,file=/dev/sdb'
- '-drive format=raw,index=0,media=disk,file=/dev/sdc' - '-drive format=raw,index=0,media=disk,file=/dev/sdc'
- '-drive format=raw,index=0,media=disk,file=/dev/sdd' - '-drive format=raw,index=0,media=disk,file=/dev/sdd'
geth_hubs: # 10.0.1.32/28 Vergil: # 10.0.1.32/28
vars: vars:
motion_enabled: yes motion_enabled: yes
hosts: hosts:
Geth-Hub-1: Vergil1:
ip: 10.0.1.32 ip: 10.0.1.32
mac: 84:16:F9:14:15:C5 mac: b8:27:eb:e3:ff:59
rotate: 0 rotate: 0
remote: NS-RC4NA-14 remote: NS-RC4NA-14
Geth-Hub-2: Vergil2:
ip: 10.0.1.33 ip: 10.0.1.33
mac: 84:16:F9:13:B6:E6 mac: b8:27:eb:cf:26:88
motion_enabled: no motion_enabled: no
rotate: 180 rotate: 180
remote: NS-RC4NA-14 remote: NS-RC4NA-14
Geth-Hub-3: Vergil3:
ip: 10.0.1.34 ip: 10.0.1.34
mac: b8:27:eb:60:73:68 mac: b8:27:eb:60:73:68
rotate: 90 rotate: 90
@@ -172,10 +200,9 @@ all:
# Both OVA groups are in the same subnet -- test_ovas aren't monitored # Both OVA groups are in the same subnet -- test_ovas aren't monitored
ovas: # 10.0.1.48/28 ovas: # 10.0.1.48/28
hosts: hosts:
Geth: Superintendent:
node: Node2
ip: 10.0.1.49 ip: 10.0.1.49
mac: DE:8B:9E:19:55:1E mac: de:8b:9e:19:55:1e
cores: 2 cores: 2
memory: 2 memory: 2
vnc: 6 vnc: 6
@@ -186,7 +213,6 @@ all:
test_ovas: # 10.0.1.48/28 test_ovas: # 10.0.1.48/28
hosts: hosts:
TDS-Jump: TDS-Jump:
node: Node2
ip: 10.0.1.48 ip: 10.0.1.48
mac: 00:15:5d:01:02:08 mac: 00:15:5d:01:02:08
cores: 2 cores: 2
@@ -194,7 +220,7 @@ all:
vnc: 4 vnc: 4
bridge: br0 bridge: br0
disks: disks:
- '-drive format=qcow2,l2-cache-size=8M,file=/mnt/cage2/vm/TDSJump.qcow2' - '-drive format=qcow2,l2-cache-size=8M,file=/srv/node/vm/TDSJump.qcow2'
DedNet: DedNet:
ip: 10.0.1.50 ip: 10.0.1.50
mac: 00:15:5d:01:02:09 mac: 00:15:5d:01:02:09
@@ -248,15 +274,15 @@ all:
# appliances are monitored -- adhoc_appliances are convenience only and not monitored. # appliances are monitored -- adhoc_appliances are convenience only and not monitored.
appliances: appliances:
hosts: # 10.0.1.64/27 hosts: # 10.0.1.64/27
Shadowfeed: # Router must be at root Shadownet: # Router must be at root
ip: 10.0.1.1 ip: 10.0.1.1
mac: 2c:30:33:64:f4:03 mac: 2c:30:33:64:f4:03
Print: # Print is excepted for legacy setup reasons before we laid out subnets. Print: # Print is excepted for legacy setup reasons before we laid out subnets.
ip: 10.0.1.6 ip: 10.0.1.6
mac: 00:80:92:77:CE:E4 mac: 00:80:92:77:ce:e4
Geth-Eyes: Geth-Eyes:
ip: 10.0.1.68 ip: 10.0.1.68
mac: 9C:A3:AA:33:A3:99 mac: 9c:a3:aa:33:a3:99
# "Core-Console": # "Core-Console":
# ip: 10.0.1.74 # ip: 10.0.1.74
# mac: 00:25:90:0D:82:5B # mac: 00:25:90:0D:82:5B
@@ -267,41 +293,46 @@ all:
hosts: # 10.0.1.64/27 hosts: # 10.0.1.64/27
DarkFeather: DarkFeather:
ip: 10.0.1.64 ip: 10.0.1.64
mac: D0:40:EF:D4:14:CF mac: f4:2b:8c:10:31:44
Lykos: Lykos:
ip: 10.0.1.65 ip: 10.0.1.65
mac: 70:74:14:4F:8E:42 mac: 70:74:14:4f:8e:42
Games: Node0:
ip: 10.0.1.66 ip: 10.0.1.66
mac: E0:BE:03:77:0E:88 mac: 70:32:17:46:49:89
LivingRoomTV: LivingRoomTV:
ip: 10.0.1.69 ip: 10.0.1.69
mac: 80:D2:1D:17:63:0E mac: 80:d2:1d:17:63:0e
BedRoomTV: BedRoomTV:
ip: 10.0.1.70 ip: 10.0.1.70
mac: 80:D2:1D:17:63:0F mac: a4:77:33:4c:2a:44
TrainingRoomTV: TrainingRoomTV:
ip: 10.0.1.71 ip: 10.0.1.71
mac: 80:D2:1D:17:63:10 mac: 80:d2:1d:17:63:10
Tachikoma: BT:
ip: 10.0.1.72 ip: 10.0.1.72
mac: 90:0f:0c:1a:d3:23 mac: 8a:00:aa:7f:df:d1
DedSec: DedSec:
ip: 10.0.1.73 ip: 10.0.1.73
mac: 34:F6:4B:36:12:8F mac: d4:e9:8a:7d:79:b3
# dhcp build space: 10.0.1.224/27 # dhcp build space: 10.0.1.224/27
iot: # 10.0.2.0/24 iot: # 10.0.2.0/24
hosts: hosts:
LinKeuei: # Nest Thermostat
LivingRoomRegulator:
ip: 10.0.2.2 ip: 10.0.2.2
mac: 64:16:66:08:57:F5 mac: 64:16:66:08:57:f5
Canary: # Nest Protect
Monitor:
ip: 10.0.2.3 ip: 10.0.2.3
mac: 18:B4:30:2F:F1:37 mac: 18:b4:30:2f:f1:37
Charon: # Chamberlain My-Q
Gatekeeper:
ip: 10.0.2.4 ip: 10.0.2.4
mac: 64:52:99:14:28:2B mac: 64:52:99:14:28:2b
# CanoptekAleph: physical, no network # iRobot Roomba
CanoptekBek: # CaretakerAlpha has no network
CaretakerBravo:
ip: 10.0.2.5 ip: 10.0.2.5
mac: 40:9F:38:95:06:34 mac: 40:9f:38:95:06:34
# CaretakerCharlie has no network

91
playbooks/deploy.yml
View File

@@ -2,74 +2,39 @@
# deploy.yml # deploy.yml
# #
# This playbook details how an entire datacenter should be deployed # This playbook details how an entire datacenter should be deployed
# #
# Parameters: # Parameters:
# threads: Number of threads to use; default is 16. # threads: Number of threads to use; default is 16.
# #
- hosts: Nazara
order: sorted
serial: "{{ threads | default('16') }}"
gather_facts: true
ignore_unreachable: true
vars_files:
- "{{ lookup('env', 'ANSIBLE_VAULT_FILE') }}"
vars:
- ansible_password: "{{ passwords[inventory_hostname] }}"
- ansible_become_password: "{{ passwords[inventory_hostname] }}"
roles:
- Nazara
- hosts: managed - hosts: managed
order: sorted
serial: "{{ threads | default('16') }}" serial: "{{ threads | default('16') }}"
gather_facts: true gather_facts: true
ignore_unreachable: true ignore_unreachable: true
vars_files:
- "{{ lookup('env', 'ANSIBLE_VAULT_FILE') }}"
vars: # This is the only segment that should need these variables, as the basics role should take care of sudo and the SSH key.
- ansible_password: "{{ passwords[inventory_hostname] }}"
- ansible_become_password: "{{ passwords[inventory_hostname] }}"
roles: roles:
- ShadowArch - ShadowArch
- SSH - SSH
- Sharingan - Sharingan
- hosts: physical
gather_facts: true
ignore_unreachable: true
roles:
- hardware
- hosts: Yggdrasil - hosts: Yggdrasil
order: sorted
serial: "{{ threads | default('16') }}"
gather_facts: true gather_facts: true
ignore_unreachable: true ignore_unreachable: true
vars_files: roles:
- "{{ lookup('env', 'ANSIBLE_VAULT_FILE') }}" - Aether
roles:
- hardware
- SSL
- WebServer
- IRC
- WolfPack
- Foundation - Foundation
- Yggrasil - Grimoire
- IRC
- hosts: geth_hubs - Password
order: sorted - SSL
serial: "{{ threads | default('16') }}" - TheRaven
gather_facts: true - WebServer
ignore_unreachable: true - WolfPack
vars_files: - Yggdrasil
- "{{ lookup('env', 'ANSIBLE_VAULT_FILE') }}"
roles:
- Geth-Hub
- hosts: Node1,Node2,Node3
order: sorted
serial: "{{ threads | default('16') }}"
gather_facts: true
ignore_unreachable: true
vars_files:
- "{{ lookup('env', 'ANSIBLE_VAULT_FILE') }}"
roles:
- hardware
- Node
- hosts: DarkNet - hosts: DarkNet
order: sorted order: sorted
@@ -81,3 +46,23 @@
roles: roles:
- DarkNet - DarkNet
- WolfPack - WolfPack
- hosts: "{{ item }}"
gather_facts: true
ignore_unreachable: true
roles:
- "{{ item }}"
loop:
- Chappaai
- Maat
- Geth
- Node
- Vergil
#- DedSec
#- BT
- hosts: Node3
gather_facts: true
ignore_unreachable: true
roles:
- Cyberbrain

10
playbooks/patching-verification.yml
View File

@@ -1,6 +1,6 @@
--- ---
# patching.yml # patching.yml
# #
# Variables: # Variables:
# - hosts: what hosts in the inventory to use # - hosts: what hosts in the inventory to use
# - threads: how many to check in parallel # - threads: how many to check in parallel
@@ -8,12 +8,12 @@
order: sorted order: sorted
serial: "{{ threads | default('4') }}" serial: "{{ threads | default('4') }}"
ignore_unreachable: true ignore_unreachable: true
vars: vars:
ansible_become: no ansible_become: no
tasks: tasks:
- name: Check updates - name: Check updates
yum: yum:
list=updates list=updates
update_cache=true update_cache=true
ignore_errors: true ignore_errors: true
@@ -21,7 +21,7 @@
- name: Patching succeeded - name: Patching succeeded
ignore_errors: true ignore_errors: true
assert: assert:
that: that:
- yumupdates.results|length == 0 - yumupdates.results|length == 0
- df_output.stdout is search("rhel-7-server-rpms-nist") - df_output.stdout is search("rhel-7-server-rpms-nist")

25
playbooks/patching.yml
View File

@@ -9,36 +9,23 @@
# Patch then restart a node # Patch then restart a node
# #
# #
- hosts: physical,virtual - hosts: "{{ targets | default('virtual') }}"
order: sorted
serial: 4
vars:
ansible_become: yes
ansible_become_method: sudo
tasks:
- package:
name: archlinux-keyring
state: latest
- hosts: virtual,geth-hubs
order: sorted order: sorted
serial: 4 serial: 4
vars: vars:
ansible_become: yes ansible_become: yes
ansible_become_method: sudo ansible_become_method: sudo
vars_files:
- "{{ lookup('env', 'ANSIBLE_VAULT_FILE') }}"
roles: roles:
- patching - patching
- hosts: physical - hosts: physical
order: sorted order: sorted
ignore_unreachable: true
serial: 4 serial: 4
vars: vars:
ansible_become: yes ansible_become: yes
ansible_become_method: sudo ansible_become_method: sudo
vars_files: tasks:
- "{{ lookup('env', 'ANSIBLE_VAULT_FILE') }}"
roles: - include_role:
- patching name: patching
when: targets is unset

33
playbooks/rebuild-pacman-keyring.yml Normal file
View File

@@ -0,0 +1,33 @@
---
- hosts: "{{ targets | default('all') }}"
become: true
gather_facts: false
tasks:
- name: Clean
command: rm -Rf /etc/pacman.d/gnupg
- name: Initialize keyring
command: /usr/bin/pacman-key --init
- name: Add ArchLinux
command: /usr/bin/pacman-key --populate archlinux
- name: Add AniNIX
command: /usr/bin/pacman-key --populate aninix
- name: Locally sign AniNIX
command: /usr/bin/pacman-key --lsign 904DE6275579CB589D85720C1CC1E3F4ED06F296
- name: Update DB
command: /usr/bin/pacman-key --updatedb
- name: Update packages
pacman:
name:
- archlinux-keyring
- ShadowArch
state: latest
update_cache: true

52
playbooks/verify-inventory.yml Normal file
View File

@@ -0,0 +1,52 @@
---
- hosts: "{{ targets | default('managed') }}"
become: true
tasks:
- name: Verify IP
ignore_errors: true
register: status
assert:
that:
- "ip in ansible_default_ipv4.address"
- debug:
msg: "Inventory IP {{ ip }} for {{ inventory_hostname }} doesn't match configured {{ ansible_default_ipv4.address }}"
when: status.failed
- name: Verify MAC
ignore_errors: true
register: status
assert:
that:
- "mac in ansible_default_ipv4.macaddress"
- debug:
msg: "Inventory MAC {{ mac }} for {{ inventory_hostname }} doesn't match configured {{ ansible_default_ipv4.macaddress }}"
when: status.failed
- name: Verify cores
ignore_errors: true
when: cores is defined
register: corescheck
assert:
that:
- "cores == ansible_processor_cores"
- debug:
msg: "Inventory {{ cores }} cores for {{ inventory_hostname }} doesn't match configured {{ ansible_processor_cores }}"
when: cores is defined and corescheck.failed
- name: Verify memory
ignore_errors: true
register: memcheck
when: memory is defined
assert:
that:
- "memory == (ansible_memtotal_mb - ansible_memtotal_mb % 1000)/ 1000 + 1 " # hasty rounding
- debug:
msg: "Inventory {{ memory }} GB memory for {{ inventory_hostname }} doesn't match configured {{ (ansible_memtotal_mb - ansible_memtotal_mb % 1000)/ 1000 + 1 }} GB"
when: memory is defined and memcheck.failed

3
precommit-hooks/ensure-apps-are-short
View File

@@ -2,8 +2,11 @@
# Webserver apps directory should be short -- apps that fail this category should become their own. # Webserver apps directory should be short -- apps that fail this category should become their own.
retcode=0
for file in `find roles/WebServer/files/apps -type f`; do for file in `find roles/WebServer/files/apps -type f`; do
if [[ $(wc -l "$file" | awk '{ print $1; }') -gt 10 ]]; then if [[ $(wc -l "$file" | awk '{ print $1; }') -gt 10 ]]; then
echo "$file" is too long to be deployed as a mini-app under the WebServer role. echo "$file" is too long to be deployed as a mini-app under the WebServer role.
retcode=1
fi fi
done done
exit $retcode

10
precommit-hooks/find-bad-ipam
View File

@@ -1,12 +1,12 @@
#!/usr/bin/bash #!/usr/bin/bash
# File: find-bad-ipam # File: find-bad-ipam
# #
# Description: This file finds bad IPAM entries in an inventory. # Description: This file finds bad IPAM entries in an inventory.
# #
# Package: AniNIX/Ubiqtorate # Package: AniNIX/Ubiqtorate
# Copyright: WTFPL # Copyright: WTFPL
# #
# Author: DarkFeather <ircs://aninix.net:6697/DarkFeather> # Author: DarkFeather <ircs://aninix.net:6697/DarkFeather>
file="examples/msn0.yml" file="examples/msn0.yml"
@@ -14,7 +14,7 @@ file="examples/msn0.yml"
function findBadTerm() { function findBadTerm() {
### Check for a term to be duplicated. ### Check for a term to be duplicated.
# param file: the file # param file: the file
# param term: the term to search for duplicates # param term: the term to search for duplicates
file="$1" file="$1"
term="$2" term="$2"
results="$(grep -i "$term:" "$file" | tr '[[:upper:]]' '[[:lower:]]' | sed 's/\s+'"$term"':\s*//' | sort | uniq -c | grep -vE '^\s+1\s+' )" results="$(grep -i "$term:" "$file" | tr '[[:upper:]]' '[[:lower:]]' | sed 's/\s+'"$term"':\s*//' | sort | uniq -c | grep -vE '^\s+1\s+' )"
@@ -26,7 +26,7 @@ function findBadTerm() {
fi fi
} }
function Usage() { function Usage() {
### Helptext ### Helptext
# param retcode: what to return # param retcode: what to return
retcode="$1" retcode="$1"

9
precommit-hooks/find-data-files
View File

@@ -1,9 +0,0 @@
#!/bin/bash
result="$(find roles/*/{files,templates} -type f -exec file {} \; | grep -Ev ASCII\ text\|empty\|Unicode\ text | grep -v motd.txt.j2)"
if [ -n "$result" ]; then
echo "These files need to be evaluated -- generally, don't commit data files to Git."
echo "$result"
exit 1
fi
exit 0

17
precommit-hooks/find-mismatched-macs Executable file
View File

@@ -0,0 +1,17 @@
#!/bin/bash
export IFS="
"
retcode=0
for macline in `grep -E '^\s+mac: ' examples/*.yml`; do
if [ "${macline}" != "${macline,,}" ]; then
mac="$( echo "${macline}" | awk '{ print $2; }')"
retcode=1
echo "${mac} has mismatched case -- should be lower."
sed -i "s/${mac}/${mac,,}/g" examples/*.yml
echo "Attempted replacement."
fi
done
exit $retcode

11
precommit-hooks/find-passwords-in-files
View File

@@ -28,3 +28,14 @@ if [ $? -ne 1 ]; then
echo Otherwise, convert any files above to templates and encode the passphrase into your vault. echo Otherwise, convert any files above to templates and encode the passphrase into your vault.
exit 1; exit 1;
fi fi
IFS="
"
for i in `ansible-vault decrypt --output - ${ANSIBLE_VAULT_FILE} | sed 's/\s\?-\?\s\?[A-Za-z0-9_]\+://' | grep -vE '\||password|^\s\?$|#|https://' | sed "s/^ \+['\"]\?//" | sed "s/[\"']\s\?//" | sort | uniq`; do
grep -rlF "${i}" .
if [ $? -ne 1 ]; then
echo "A secret starting with $(echo "$i" | cut -c 1-7) was found in the files above."
exit 1;
fi
done

0
precommit-hooks/playbook-lint-check Executable file
View File

1
requirements.txt
View File

@@ -1,4 +1,5 @@
pyaml pyaml
yamlpath
pytest pytest
python3-nmap python3-nmap
simplejson simplejson

7
roles/Aether/README.md Normal file
View File

@@ -0,0 +1,7 @@
See [AniNIX/Aether](/AniNIX/Aether) for complete details of the tool.
Role requirements:
* `secrets['Aether']` in Vault
* A YAML list of nodes under the key `Aether_nodes` in Vault
* A host called 'Core' to act as the source
* 22/tcp/sftp access through firewalls to the Core host from any clients

3
roles/Aether/files/backup-entries/Yggdrasil/gitea.backup.script Normal file
View File

@@ -0,0 +1,3 @@
#!/bin/bash
### Gitea ###
tar cvzf "$BACKUPDIR"/gitea.tgz /var/lib/gitea/data

3
roles/Aether/files/backup-entries/Yggdrasil/grimoire.backup.script Normal file
View File

@@ -0,0 +1,3 @@
#!/bin/bash
### Grimoire ###
sudo -u postgres pg_dumpall > "$BACKUPDIR"/grimoire.sql

3
roles/Aether/files/backup-entries/Yggdrasil/irc.backup.script Normal file
View File

@@ -0,0 +1,3 @@
#!/bin/bash
### IRC Services ###
cp /opt/anope/data/anope.db "$BACKUPDIR"

9
roles/Aether/files/backup-entries/Yggdrasil/wiki.backup.script Normal file
View File

@@ -0,0 +1,9 @@
#!/bin/bash
### Wiki ###
mkdir "$BACKUPDIR"/wiki/
for i in `find /usr/share/webapps/ -maxdepth 1 -type d | grep mediawiki`; do
foldername="$(echo "$i" | rev | cut -f 1 -d '/' | rev)"
dbname="$(grep '^\$wgDBname' "$i"/LocalSettings.php | cut -f 2 -d \")"
$BACKUPCMD "${i}"/LocalSettings.php "$BACKUPDIR"/wiki/"$foldername"-localsettings.php
sudo -u postgres pg_dump "$dbname" > "$BACKUPDIR"/wiki/"$dbname".psql
done

3
roles/Aether/files/backup-entries/Yggdrasil/yggdrasil.backup.script Normal file
View File

@@ -0,0 +1,3 @@
#!/bin/bash
### Yggdrasil -- File & SHA list only for space reasons ###
cp /srv/yggdrasil/library.sha256 "$BACKUPDIR"/yggdrasil.library.sha256

146
roles/Aether/files/yggdrasil-check.conf Normal file
View File

@@ -0,0 +1,146 @@
# Example configuration file for AIDE.
# More information about configuration options available in the aide.conf manpage.
@@define DBDIR /var/lib/aide
@@define LOGDIR /var/log/aide
# The location of the database to be read.
database_in=file:@@{DBDIR}/aide.db.gz
# The location of the database to be written.
#database_out=sql:host:port:database:login_name:passwd:table
#database_out=file:aide.db.new
database_out=file:@@{DBDIR}/aide.db.new.gz
# Whether to gzip the output to database
gzip_dbout=yes
# Default.
log_level=warning
report_level=changed_attributes
report_url=file:@@{LOGDIR}/aide.log
report_url=stdout
#report_url=stderr
#
# Here are all the attributes we can check
#p: permissions
#i: inode
#n: number of links
#l: link name
#u: user
#g: group
#s: size
###b: block count
#m: mtime
#a: atime
#c: ctime
#S: check for growing size
#I: ignore changed filename
#ANF: allow new files
#ARF: allow removed files
#
# Here are all the digests we can use
#md5: md5 checksum
#sha1: sha1 checksum
#sha256: sha256 checksum
#sha512: sha512 checksum
#rmd160: rmd160 checksum
#tiger: tiger checksum
#haval: haval checksum
#crc32: crc32 checksum
#gost: gost checksum
#whirlpool: whirlpool checksum
# These are the default rules
#R: p+i+l+n+u+g+s+m+c+md5
#L: p+i+l+n+u+g
#E: Empty group
#>: Growing logfile p+l+u+g+i+n+S
# You can create custom rules - my home made rule definition goes like this
ALLXTRAHASHES = sha1+rmd160+sha256+sha512+whirlpool+tiger+haval+gost+crc32
ALLXTRAHASHES = sha1+rmd160+sha256+sha512+tiger
# Everything but access time (Ie. all changes)
EVERYTHING = R+ALLXTRAHASHES
# Sane, with multiple hashes
# NORMAL = R+rmd160+sha256+whirlpool
NORMAL = R+rmd160+sha256
# For directories, don't bother doing hashes
DIR = p+i+n+u+g+acl+xattrs
# Access control only
PERMS = p+i+u+g+acl
# Logfile are special, in that they often change
LOG = >
# Just do md5 and sha256 hashes
LSPP = R+sha256
# Some files get updated automatically, so the inode/ctime/mtime change
# but we want to know when the data inside them changes
DATAONLY = p+n+u+g+s+acl+xattrs+md5+sha256+rmd160+tiger
# Next decide what directories/files you want in the database.
/boot NORMAL
/bin NORMAL
/sbin NORMAL
/lib NORMAL
/lib64 NORMAL
/opt NORMAL
/usr NORMAL
/root NORMAL
# These are too volatile
!/usr/src
!/usr/tmp
# Check only permissions, inode, user and group for /etc, but
# cover some important files closely.
/etc PERMS
!/etc/mtab
# Ignore backup files
!/etc/.*~
/etc/exports NORMAL
/etc/fstab NORMAL
/etc/passwd NORMAL
/etc/group NORMAL
/etc/gshadow NORMAL
/etc/shadow NORMAL
/etc/security/opasswd NORMAL
/etc/hosts.allow NORMAL
/etc/hosts.deny NORMAL
/etc/sudoers NORMAL
/etc/skel NORMAL
/etc/logrotate.d NORMAL
/etc/resolv.conf DATAONLY
/etc/nscd.conf NORMAL
/etc/securetty NORMAL
# Shell/X starting files
/etc/profile NORMAL
/etc/bashrc NORMAL
/etc/bash_completion.d/ NORMAL
/etc/login.defs NORMAL
/etc/zprofile NORMAL
/etc/zshrc NORMAL
/etc/zlogin NORMAL
/etc/zlogout NORMAL
/etc/profile.d/ NORMAL
/etc/X11/ NORMAL
# Ignore logs
!/var/lib/pacman/.*
!/var/cache/.*
!/var/log/.*
!/var/run/.*
!/var/spool/.*

27
roles/Aether/tasks/client.yml Normal file
View File

@@ -0,0 +1,27 @@
---
- name: Copy the key
become: true
copy:
dest: /home/aether/.ssh/aether
content: "{{ aether_key.stdout }}"
- name: Copy the public key
become: true
copy:
dest: /home/aether/.ssh/aether.pub
content: "{{ aether_key.stdout }}"
- name: Enable the service
become: yes
service:
name: aether.timer
state: enabled
running: yes
- name: Enable the service - 2
become: yes
service:
name: aether-gen.timer
state: disabled
running: no

64
roles/Aether/tasks/main.yml Normal file
View File

@@ -0,0 +1,64 @@
---
- name: Install the package
become: true
ignore_errors: true
package:
name: Aether
state: present
- name: Validate the user
vars:
service_account: aether
include_tasks: ../roles/common/service_account.yml
- name: Ensure the Aether identity is protected.
become: true
file:
path: "{{ item }}"
state: directory
owner: aether
group: aether
mode: 0700
loop:
- /home/aether/.ssh
- /usr/local/etc/Aether
- /usr/local/etc/Aether/backup-entries
- /usr/local/backup
- name: Ensure the Aether identity exists
delegate_to: Core # Core will track the identity that will then be shared to everyone else.
become: true
command:
creates: /home/aether/.ssh/aether
chdir: /home/aether/.ssh/
cmd: ssh-keygen -t ed25519 -N "" -f ./aether
- name: Read the Aether identity
become: true
delegate_to: '{{ aether_primary }}'
command: cat /home/aether/.ssh/aether
register: aether_key
- name: Read the Aether public identity
become: true
delegate_to: '{{ aether_primary }}'
command: cat /home/aether/.ssh/aether.pub
register: aether_pubkey
- include_tasks: source.yml
when: "{{ inventory_hostname }} is {{ aether_primary }}"
- include_tasks: client.yml
when: "{{ inventory_hostname }} is {{ aether_primary }}"
- name: Ensure the Aether identity files are protected.
become: true
file:
path: "{{ item }}"
owner: aether
group: aether
mode: 0600
loop:
- /home/aether/.ssh/aether
- /home/aether/.ssh/aether.pub

42
roles/Aether/tasks/source.yml Normal file
View File

@@ -0,0 +1,42 @@
---
- name: Copy the backup scripts
become: yes
copy:
src: "backup-entries/{{ inventory_hostname }}"
dest: "/usr/local/etc/Aether/backup-entries"
owner: aether
group: aether
- name: Seed the backup passphrase
become: yes
copy:
content: "{{ passwords['Aether'] }}"
dest: "/usr/local/etc/Aether/pass.txt"
owner: aether
group: aether
mode: 0600
- name: Enable the generation service
become: yes
when: "{{ inventory_hostname }} == 'Core'"
service:
name: aether-gen.timer
state: enabled
running: yes
- name: Enable the generation service - 2
become: yes
when: "{{ inventory_hostname }} == 'Core'"
service:
name: aether.timer
state: disabled
running: no
- name: Set up the authorized_keys
template:
src: authorized_keys.j2
dest: /home/aether/.ssh/authorized_keys
mode: 0600
owner: aether
group: aether

18
roles/Chappaai/README.md Normal file
View File

@@ -0,0 +1,18 @@
A Chappaai host is a gateway to accessing other hosts. It is a safeguard against admin error.
## Etymology
Chappaai hosts are named to follow the non-English naming of the Stargate network by the other denizens of the galaxy.
They are the first line of defense against administrative error -- similar to the way that [Stargate Command](https://stargate.fandom.com/wiki/Stargate_Command) was for Earth. They prevent admins from being locked out of correcting their changes and are connected to everything in the ecosystem. They also control DNS, which allows a sort of subliminal control of the entire ecosystem. This prevents infiltration by infections (similar to Goauld) and in fact can be the extinction of any DNS-enabled malware in the ecosystem by sinkholing the Command-and-Control.
## Capacity and Components
A Chappaai host needs minimal CPU or memory.
## Hosted Services and Entities
Chappaai should host a Pihole installation and [SSH](../Services/SSH.md). It should be linked by NAT to an obscure port to the outside world.
## Connections
Any host should be able to connect to a Chappaai with SSH and X11, and it should be able to dial to any service provider.
## Additional Reference
Chappaai hosts should be deployed alongside any Hypervisor. They can be as simple as a Pi-hole with SSH access, and they should be allowed to receive SSH connections from a non-tcp/22/ssh port.

0
roles/Nazara/files/pihole-FTL.conf → roles/Chappaai/files/pihole-FTL.conf
View File

12
roles/Nazara/tasks/main.yml → roles/Chappaai/tasks/main.yml
View File

@@ -17,7 +17,7 @@
- name: Ensure pihole web admin password - name: Ensure pihole web admin password
become: yes become: yes
command: "pihole -a -p {{ passwords['Nazara'] }}" command: "pihole -a -p {{ passwords['Chappaai'] }}"
# when: pihole_install.changed # when: pihole_install.changed
- name: Generate DNS/DHCP from inventory - name: Generate DNS/DHCP from inventory
@@ -25,7 +25,7 @@
run_once: true run_once: true
command: "python3 ../bin/generate-pihole-dns-dhcp.py {{ inventory_file }}" command: "python3 ../bin/generate-pihole-dns-dhcp.py {{ inventory_file }}"
- name: Nazara DNS - name: Chappaai DNS
become: yes become: yes
register: dns_updated register: dns_updated
copy: copy:
@@ -35,7 +35,7 @@
group: pihole group: pihole
mode: 0644 mode: 0644
- name: Nazara DHCP - name: Chappaai DHCP
become: yes become: yes
register: dhcp_updated register: dhcp_updated
copy: copy:
@@ -45,7 +45,7 @@
group: root group: root
mode: 0644 mode: 0644
- name: Nazara Configuration - name: Chappaai Configuration
become: yes become: yes
register: conf_updated register: conf_updated
copy: copy:
@@ -56,7 +56,7 @@
mode: 0644 mode: 0644
- name: Nazara DHCP Leases dir - name: Chappaai DHCP Leases dir
become: yes become: yes
file: file:
path: /var/lib/misc/ path: /var/lib/misc/
@@ -65,7 +65,7 @@
group: root group: root
mode: 0777 mode: 0777
- name: Nazara DHCP Leases - name: Chappaai DHCP Leases
become: yes become: yes
file: file:
path: /var/lib/misc/dnsmasq.leases path: /var/lib/misc/dnsmasq.leases

2
roles/DarkNet/tasks/main.yml
View File

@@ -20,6 +20,8 @@
mode: 0600 mode: 0600
owner: openvpn owner: openvpn
group: network group: network
# Must ensure that we have the latest.
force: true
- name: OpenVPN Auth part 1 - name: OpenVPN Auth part 1
become: yes become: yes

44
roles/Foundation/README.md
View File

@@ -3,26 +3,18 @@ The Foundation is a one-stop shop for source code from AniNIX developers -- it's
# Etymology # Etymology
The etymology of the Foundation is twofold. First and foremost, the AniNIX attempts to automate any new package it is using as much as possible, and as such the Foundation holds the very basis on which the AniNIX is built. The etymology of the Foundation is twofold. First and foremost, the AniNIX attempts to automate any new package it is using as much as possible, and as such the Foundation holds the very basis on which the AniNIX is built.
Secondly, the Foundation is the third piece of the charity trinity for the AniNIX, along with the Wiki and the [https://aninix.net/pages/charity.php short-term charity projects]. The AniNIX puts a lot of time into designing its projects and making sure they work. Rather than forcing others to redo this work, we offer commented code and documentation so that the process is transparent but the work-by-hand is minimized.[[Category:Charity]] Secondly, the Foundation is the third piece of the charity trinity for the AniNIX, along with the Wiki and the [https://aninix.net/pages/charity.php short-term charity projects]. The AniNIX puts a lot of time into designing its projects and making sure they work. Rather than forcing others to redo this work, we offer commented code and documentation so that the process is transparent but the work-by-hand is minimized.
# Relevant Files and Software # Relevant Files and Software
The Git system was created by the Linux project to manage changes to the kernel and has been on the rise for some time among Version Control Systems (VCS's) with projects like GitHub. The AniNIX self-hosts the repositories in [file:///srv/foundation/ the Foundation server folder] on [[Core]]. The Git system was created by the Linux project to manage changes to the kernel and has been on the rise for some time among Version Control Systems (VCS's) with projects like GitHub. The AniNIX self-hosts the repositories in [the Foundation server folder](file:///srv/foundation/) on Yggdrasil for the sake of the largest filesystem.
[[WebServer]] is configured to translate the repository to [https://aninix.net/foundation/ the Web-accessible format] via the ArchLinux cgit package. Review the package list at that link and identify the source packages you want to use. Then use the following to clone the source, generally best done to /usr/local/src/ on Linux. Please note that the AniNIX uses Webserver translation to eliminate the need for a .git suffix -- web requests will show in CGIT, while Git clone requests will pull the package all from the same URL. Right-click on your package of choice from the web interface's index page and then clone that address. <pre> [WebServer](../WebServer) is configured to translate the repository to [https://foundation.aninix.net/](foundation.aninix.net) via the Gitea package. AniNIX projects will live under that organization. Review the package list at that link and identify the source packages you want to use. The UI will tell you how to copy the link to clone.
git clone https://aninix.net/foundation/<packagename>
</pre>
New packages should make sure to refer to the [[Development Best Practices]] to ensure they are compliant with standards; if you notice an issue with the Foundation's code, make sure to submit a [[QANs|QAN]]. [[TeamGreen|AniNIX::TeamGreen]] should be running regressions on these projects. New packages should make sure to refer to the [Development Best Practices](/AniNIX/Wiki/) to ensure they are compliant with standards; if you notice an issue with the Foundation's code, make sure to submit a [[QANs|QAN]]. [[TeamGreen|AniNIX::TeamGreen]] should be running regressions on these projects.
You can use [https://aur.archlinux.org/packages/hexedit-advanced-search/ Hexedit] to edit [file:///usr/share/webapps/cgit/cgit.cgi cgit.cgi] to have a different name, such as "AniNIX::Foundation Web". You can use [https://aur.archlinux.org/packages/hexedit-advanced-search/ Hexedit] to edit [file:///usr/share/webapps/cgit/cgit.cgi cgit.cgi] to have a different name, such as "AniNIX::Foundation Web".
## Dependencies ## Dependencies
For CentOS, one needs to use the following steps to install Mono. Packages like Cryptoworkbench, Heartbeat, Cerberus, and others require this.
* yum install bison gettext glib2 freetype fontconfig libpng libpng-devel libX11 libX11-devel glib2-devel libgdi* libexif glibc-devel urw-fonts java unzip gcc gcc-c++ automake autoconf libtool make bzip2 wget
* [https://download.mono-project.com/sources/mono/ Download Mono source]
* tar xjvf the source package
* configure; make; make install
*Note:* We used to declare the INSTALLER variable at the top of Makefiles, but no longer do. Non-ShadowArch installs should double check dependencies against the PKGBUILD files manually. We will try to keep this list short. *Note:* We used to declare the INSTALLER variable at the top of Makefiles, but no longer do. Non-ShadowArch installs should double check dependencies against the PKGBUILD files manually. We will try to keep this list short.
# Available Clients # Available Clients
@@ -30,36 +22,30 @@ To get a client to access the Foundation, use one of the following or visit
* ArchLinux: pacman -S git * ArchLinux: pacman -S git
* Ubuntu: apt-get install git * Ubuntu: apt-get install git
* RHEL/CentOS: yum install git * RHEL/CentOS: yum install git
* Windows: [https://git-scm.com/download/win Go here], but please be aware that file paths and such are coded for Linux. Windows users will need to conduct extensive code review to install these packages. * Windows: [https://git-scm.com/download/win Git-Bash] is the recommended client.
* Please be aware that file paths and such are coded for Linux. Windows users will need to conduct extensive code review to install these packages.
* Users are also strongly recommended to install [https://www.gpg4win.org/index.html gpg4win] in order to sign commits with their GPG key.
* Mac: [https://git-scm.com/download/mac Go here] * Mac: [https://git-scm.com/download/mac Go here]
Each package will need to be checked out individually. Each package will need to be checked out individually.
**Alternatively**: ArchLinux users can add the following segment to the bottom of pacman.conf to install the packages as bundled by the AniNIX. We're working on adding GPG signing -- in the meantime, security-conscious users should build from source anyway.
<pre>
[AniNIX::Foundation]
SigLevel = Optional TrustAll
Server = https://aninix.net/foundation/
</pre>
# Equivalents or Competition # Equivalents or Competition
The most famous equivalent is [https://github.com GitHub]. Other source code control systems exist, including some provided by employers or academic institutions -- GitLab provides an enterprise-style implementation. Other protocol implementations vary widely -- Mercurial, Bazaar, and SVN are other revision control systems others use. We appreciate the flexibility of Git. The most famous equivalent is [https://github.com](GitHub). Other source code control systems exist, including some provided by employers or academic institutions -- GitLab provides an enterprise-style implementation. Other protocol implementations vary widely -- Mercurial, Bazaar, and SVN are other revision control systems others use. We appreciate the flexibility of Git.
# Additional Reference # Additional Reference
Some core Git tools are leveraged in specific ways for the AniNIX. Some core Git tools are leveraged in specific ways for the AniNIX.
## Config for Author ## Config for Author
Even though the [[Talk:IRC#Why_Not_SMTP|AniNIX doesn't use SMTP]], we still use the @aninix.net suffix for the user.email config property on branches. All commits, therefore, should have the proper-case of the user's [[IRC|AniNIX::IRC]] handle as the user.name attribute, and the lower-cased username followed by @aninix.net for the user.email attribute. [We don't use SMTP.](/AniNIX/Wiki/issues/8) We recommend GPG keys be created with your IRC address included, in the format `ircs://aninix.net:6697/$username`. This will throw some complaints if your project gets mirrored to GitHub, as GitHub wants your key to be verified through email, but within our ecosystem the commits will be verified.
## Tags for Semantic Versioning To do this, see [our encryption article](https://aninix.net/AniNIX/Wiki/src/branch/main/Articles/Getting_Started_With_Encryption.md#GPG_Keys).
We version our projects according to [https://semver.org/ Semantic Versioning] -- this versioning is established using the git tag as major and minor version, the git commit as the patch, and the number of commits since the tag as the ArchLinux release note.
[https://aninix.net/cgit/cgit.cgi/HelloWorld/tree/PKGBUILD Our HelloWorld PKGBUILD] demonstrates this -- most of the metadata for the package is populated directly by git, and only dependencies are tracked in the PKGBUILD itself. ## Development Standards
If you are developing projects for the AniNIX organization or want to use our standards, ensure that the project is cloned with [AniNIX/Uniglot](/AniNIX/Uniglot)'s `uniglot-clone`. This will run pre-commit hooks to check your project.
## Branches for Functional Improvements ## Branches for Functional Improvements
All major functional improvements being worked should be tracked in a branch. The branch name should be the same as the [[QANs|QAN]] for which the branch was started or the functional concept's shortname. All major functional improvements being worked should be tracked in a branch. The branch name should be linked to the issue for which the branch was started or the functional concept's shortname.
## Filter-branch to Prune ## Filter-branch to Prune
Git maintains a history of all files. If you need to remove files permanently, GitHub maintains [https://help.github.com/articles/removing-sensitive-data-from-a-repository/ an article] on how to use "git filter-branch" to purge it. Git maintains a history of all files. If you need to remove files permanently, GitHub maintains [an article](https://help.github.com/articles/removing-sensitive-data-from-a-repository/) on how to use `git filter-branch` to purge it.
}}
[[Category:Public_Service]]

9
roles/Foundation/files/custom/bin/gen-aninix-custom
View File

@@ -1,6 +1,6 @@
#!/bin/bash #!/bin/bash
URI=https://aninix.net/assets/css/theme-arc-green.css URI=https://aninix.net/assets/css/theme-gitea-dark.css
# Gitea arc-green palette # Gitea arc-green palette
BOLDTEXT='#87ab63' BOLDTEXT='#87ab63'
@@ -52,7 +52,7 @@ a {
| sed "s/$ROW/$ANINIXROW/gI" \ | sed "s/$ROW/$ANINIXROW/gI" \
| sed "s/$NAV/$ANINIXNAV/gI" \ | sed "s/$NAV/$ANINIXNAV/gI" \
| sed "s/$HOVER/$ANINIXHOVER/gI" \ | sed "s/$HOVER/$ANINIXHOVER/gI" \
| sed "s/$BGCOLOR/$ANINIXBG/gI" > /var/lib/gitea/custom/public/css/theme-aninix.css | sed "s/$BGCOLOR/$ANINIXBG/gI" > /var/lib/gitea/custom/public/assets/css/theme-aninix.css
cd /var/lib/gitea/web-snippets cd /var/lib/gitea/web-snippets
head="$(curl -ks https://aninix.net/ | grep -B 99999 -E '^<div class="home"')" head="$(curl -ks https://aninix.net/ | grep -B 99999 -E '^<div class="home"')"
@@ -60,5 +60,8 @@ foot="$(curl -ks https://aninix.net/ | grep -A 99999 -E '<footer>')"
for i in `find . -type f`; do for i in `find . -type f`; do
(echo "$head" (echo "$head"
cat "$i" cat "$i"
echo "$foot") > /var/lib/gitea/custom/public/"$i".html echo "$foot") > /var/lib/gitea/custom/public/assets/"$i".html
done done
# AniNIX Martial Arts Special Sauce
sed -i 's#/user/login?redirect_to=%2f#/user/login?redirect_to=%2FMartialArts#g' /var/lib/gitea/custom/public/assets/martialarts/index.html

31
roles/Foundation/files/custom/public/assets/js/aninix.js Normal file
View File

@@ -0,0 +1,31 @@
/* RSS Reading */
function insertNewsSnippet(snippet,tag) {
/* DOM XML handling has been too problematic, so we are now using git-hooks to pre-generate the snippet. This function injects that snippet.
* param snippet: URI for the snippet
* param tag: div tag to overwrite
*/
var http_request = false;
http_request = new XMLHttpRequest();
http_request.open("GET",snippet,true);
http_request.setRequestHeader("Cache-Control", "no-cache");
http_request.setRequestHeader("Pragma", "no-cache");
http_request.onreadystatechange = function() {
if (http_request.readyState == 4) {
if (http_request.status == 200) {
if (http_request.responseText != null) {
document.getElementById(tag).innerHTML = http_request.responseText;
} else {
alert("Failed to receive RSS file from the server - file not found.");
return false;
}
}
}
}
http_request.send(null);
}
/* Contact Obfuscation */
function insertContactInfo() {
document.getElementById('contact-insert').innerHTML = '<b>Contact Us:</b><br/>Emai' + 'l: aninix' + '@' + 'proto' + 'n.me <br/>Phone: (60' + '8) 56' + '1-3607';
}

472
roles/Foundation/files/custom/public/css/emby-web-dark-theme-BenZuser.css
View File

@@ -1,472 +0,0 @@
/* Borrowed from https://rawgit.com/BenZuser/Emby-Web-Dark-Themes-CSS/master/RED/theme.css */
/*
_________________________________________________________________________
------------------------- COLOR HEX & RGB CODES -------------------------
RED : #E81123 & (232, 17, 35)
DARK COLOR : #94131E
ORANGE : #FF8000 & (255, 128, 0)
DARK COLOR : #BF6000
ORANGE PLEX : #CC7B19 & (204, 123, 25)
DARK COLOR : #B35A00
YELLOW : #BDBD00 & (189, 189, 0)
DARK COLOR : #757500
GREEN : #52B54B & (82, 181, 75)
DARK COLOR : #3E8437
BLUE : #4285F4 & (66, 133, 244)
DARK COLOR : #0C57D6
BLUE DARK : #3367d6 & (51,103,214)
BLUE DARK (DARK) : #1f4698
PURPLE : #673AB7 & (103, 58, 183)
DARK COLOR : #3F2471
GRAY : #7F7F7F & (127, 127, 127)
DARK COLOR : #535353
PINK : #F707DF & (247, 7, 223)
DARK COLOR : #C604B3
*/
/*
_________________________________________________________________________
----------------------- EMBY THEME : ACCENT COLORS ----------------------
---------- Table of Contents ----------
1. ACCENT COLORS
1.1 Buttons
1.1.1 Checkboxes
1.1.2 Rectangles
1.1.3 Links & Text buttons
1.1.4 Others
1.2 Details
1.2.1 Circles
1.2.2 Indicators
1.2.3 Fonts
1.2.4 Icons
1.2.5 Dialogs & Action Sheets
1.2.6 Others
1.3 Fixes
2. MISCELLANEOUS MODIFICATIONS
2.1 Buttons
2.2 Details
2.2.1 Scrollbars
2.2.2 Logos
2.2.3 Others
2.3 Fixes
2.3.1 Dark Colors
*/
/* ------------------------ 1. ACCENT COLORS ------------------------- */
/* ----- 1.1 Buttons ----- */
/* 1.1.1 Checkboxes */
.emby-checkbox:checked + span + span + .checkboxOutline > .checkboxOutlineTick {
background-color: #E81123 !important; }
.emby-checkbox:checked + span + span + .checkboxOutline,
.progressring-spiner {
border-color: #E81123 !important; }
.emby-checkbox:focus + span + .emby-checkbox-focushelper {
background-color: #E81123 !important;
opacity: 0.26 !important; }
/* 1.1.2 Rectangles */
.raised {
background: #404040 !important;
color: #fff !important; }
.button-submit, .button-accent {
background: #E81123 !important;
color: #fff; }
.raised-mini.emby-button {
background: #E81123 !important;
color: #ffffff !important; }
/* Restart */
.btnRestartContainer.emby-button {
background: #E81123 !important;
color: #fff; }
/* Play & Resume */
.btnPlaySimple.emby-button {
background: #E81123 !important;
color: #fff; }
.btnResume.emby-button {
background: #94131E !important;
color: #fff; }
/* 1.1.3 Links & Text buttons */
.button-link, .button-flat-accent, .button-accent-flat,
.textlink {
color: #E81123 !important; }
.button-link:hover, .button-flat-accent:hover,
.button-accent-flat:hover, .textlink:hover {
color: #9b9b9b !important; }
.button-link:active, .button-flat-accent:active,
.button-accent-flat:active, .textlink:active {
color: #94131E !important; }
/* Top Header */
.emby-tab-button-active {
color: #E81123 !important; }
/* 1.1.4 Others */
/* Alpha Picker */
.alphaPickerButton-selected, .alphaPickerButton-tv:focus {
background-color: #E81123 !important;
color: #fff !important; }
/* Radio Buttons */
.mdl-radio__inner-circle {
background: #E81123 !important; }
.mdl-radio__button:checked + .mdl-radio__label + .mdl-radio__outer-circle {
border: 2px solid #E81123 !important; }
.mdl-radio__button:checked:focus + .mdl-radio__label + .mdl-radio__outer-circle + .mdl-radio__inner-circle {
-webkit-box-shadow: 0 0 0 10px rgba(232, 17, 35, 0.26) !important;
box-shadow: 0 0 0 10px rgba(232, 17, 35, 0.26) !important; }
/* Control Group Buttons */
div[data-role="controlgroup"] a.ui-btn-active[data-role='button'] {
background: #E81123 !important;
color: #ffffff !important; }
/* ----- 1.2 Details ----- */
/* 1.2.1 Circles */
/*.listItemIcon:not(.listItemIcon-transparent) {
background-color: $accent-color !important; }*/
.dashboardSection i.listItemIcon.md-icon {
background-color: #E81123 !important; }
.scheduledTaskPaperIconItem[data-status="Running"] i.listItemIcon.md-icon {
background-color: #94131E !important; }
/* Focus Helper circles */
.paper-icon-button-light:focus {
color: #E81123 !important; }
/* 1.2.2 Indicators */
.countIndicator, .playedIndicator {
background: #E81123 !important; }
.levelNormal {
background-color: #E81123 !important; }
.fullSyncIndicator {
background: #E81123 !important;
color: #fff; }
.playstatebutton-played i, .ratingbutton-withrating i {
color: #E81123 !important; }
p#pUpToDate i.md-icon {
background-color: #E81123 !important; }
/* Loading Spinners */
.mdl-spinner__layer-1, .mdl-spinner__layer-2, .mdl-spinner__layer-3,
.mdl-spinner__layer-4 {
border-color: #E81123 !important; }
.progressring-spiner {
border: 0.25em solid #E81123 !important; }
/* 1.2.3 Fonts */
.selectLabelFocused, .textareaLabelFocused, .inputLabelFocused {
color: #E81123 !important; }
.secondary.listItemBodyText span, div#divRunningTasks span {
color: #E81123 !important; }
/* 1.2.4 Icons */
.starIcon, .mediaInfoTimerIcon {
color: #E81123 !important; }
/* Top Header */
.btnActiveCast {
color: #E81123 !important; }
/* Now Playing Bar & Now Playing Page */
.repeatActive,
button.btnCommand.repeatToggleButton.autoSize.nowPlayingPageRepeatActive {
color: #E81123 !important; }
/* 1.2.5 Dialogs & Action Sheets */
/* 1.2.6 Others */
/* General Accent Color Modifications */
:focus {
outline: #E81123 auto 5px; }
select:focus {
border-color: #E81123 !important; }
::selection {
background-color: #94131E !important; }
.emby-input:focus, .emby-textarea:focus {
border-color: #E81123 !important; }
/* Google Now Playing Bar & Now Playing Page */
.iconOsdProgressInner, .mdl-slider__background-lower, .sliderBubble,
.mdl-slider::-webkit-slider-thumb {
background: #E81123 !important; }
.mdl-slider:focus::-webkit-slider-thumb {
-webkit-box-shadow: 0 0 0 10px rgba(232, 17, 35, 0.26);
box-shadow: 0 0 0 10px rgba(232, 17, 35, 0.26) !important; }
/* Firefox Now Playing Bar & Now Playing Page */
.mdl-slider::-moz-range-thumb, .mdl-slider::-moz-range-progress {
background: #E81123 !important; }
.mdl-slider:focus::-moz-range-thumb {
box-shadow: 0 0 0 10px rgba(232, 17, 35, 0.26) !important; }
/* Progress Bars */
.itemProgressBarForeground {
background-color: #E81123 !important; }
.taskProgressInner {
background: #E81123 !important; }
/* Google Progress Bars */
progress::-webkit-progress-value {
background: #E81123 !important; }
/* Firefox Progress Bars */
progress::-moz-progress-bar {
background: #E81123 !important; }
/* Edge Progress Bars */
progress {
background: #E81123 !important; }
/* Main Drawers */
.navMenuDivider {
background: #262626 !important; }
.adminDrawerLogo {
border-bottom: 1px solid #262626 !important; }
.mainDrawer {
background: #181818 !important; }
.sidebarHeader {
color: #bbbbbb !important; }
.navMenuOption {
color: #ffffff !important; }
.navMenuOption.navMenuOption-selected {
background: #252528 !important;
color: #E81123 !important; }
.navMenuOption:hover {
background: #252528 !important;
color: #9b9b9b !important; }
/* Metadata Editor */
div.jstree-wholerow.jstree-wholerow-clicked:hover,
div.jstree-wholerow.jstree-wholerow-clicked,
div.jstree-wholerow.jstree-wholerow-hovered {
background: #252528 !important; }
.jstree-anchor.jstree-clicked,
.jstree-anchor.jstree-clicked.jstree-hovered {
background: #252528 !important;
color: #E81123 !important; }
/* Multi-select */
.itemSelectionPanel {
border: 1px solid #E81123 !important; }
.selectionCommandsPanel {
background: #E81123 !important;
color: #fff; }
/* upNextDialog */
.upNextDialog-countdownText {
color: #E81123 !important; }
/* Selection Bars */
.emby-select-selectionbar, .emby-textarea-selectionbar,
.emby-input-selectionbar {
background-color: #E81123 !important; }
/* Media Info Detail Image */
.itemDetailImage.loaded:hover {
border: 1px solid #E81123 !important; }
/* 1.3 Fixes */
/* ------------------ 2. MISCELLANEOUS MODIFICATIONS ----------------- */
/* ----- 2.1 Buttons ----- */
/* Circles */
.fab {
background-color: transparent !important;
-webkit-box-shadow: none !important;
box-shadow: none !important;
-webkit-transition: none !important;
-o-transition: none !important;
transition: none !important; }
/* ----- 2.2 Details ----- */
/* 2.2.1 Scrollbars */
/* Google Chrome */
::-webkit-scrollbar-corner {
background-color: #3B3B3B; }
::-webkit-scrollbar {
width: 10px;
height: 10px;
background-color: #3B3B3B; }
::-webkit-scrollbar-thumb {
-webkit-border-radius: 2px;
border-radius: 2px;
background: #888888; }
/* Google Chrome - Dashboard Drawer */
div.scrollContainer.smoothScrollY::-webkit-scrollbar-corner {
background-color: transparent !important; }
div.scrollContainer.smoothScrollY::-webkit-scrollbar {
width: 2px;
height: 2px;
background-color: transparent !important; }
div.scrollContainer.smoothScrollY::-webkit-scrollbar-thumb {
-webkit-border-radius: 2px;
border-radius: 2px;
background: #888888; }
/* Google Chrome - Filter Dialog */
.dynamicFilterDialog::-webkit-scrollbar-corner {
background-color: transparent !important; }
.dynamicFilterDialog::-webkit-scrollbar {
width: 2px;
height: 2px;
background-color: transparent !important; }
.dynamicFilterDialog::-webkit-scrollbar-thumb {
-webkit-border-radius: 2px;
border-radius: 2px;
background: #888888; }
/* 2.2.2 Logos */
/* Login Page */
.imgLogoIcon {
content: url(https://cdn.rawgit.com/BenZuser/Emby-Dark-Themes-Resources/master/images/logos-and-icons/RED/logo.png) !important; }
/* Main Drawer Mobile */
.adminDrawerLogo img {
content: url(https://cdn.rawgit.com/BenZuser/Emby-Dark-Themes-Resources/master/images/logos-and-icons/RED/logo.png) !important; }
/* Home Page */
.pageTitleWithLogo {
background-image: url(https://cdn.rawgit.com/BenZuser/Emby-Dark-Themes-Resources/master/images/logos-and-icons/RED/logo.png) !important; }
/* 2.2.3 Others */
/* CSS Box */
#txtCustomCss {
height: 300px !important;
overflow-y: scroll !important; }
/* Select Box */
select option {
background-color: #2b2b2b !important;
color: #ffffff !important; }
/* Dialogs */
.formDialogHeader:not(.formDialogHeader-clear),
.formDialogFooter:not(.formDialogFooter-clear) {
background-color: #121212 !important;
color: #fff; }
/* Headers */
.skinHeader {
background-color: #080808 !important;
color: #fff !important; }
.skinHeader-withBackground {
background-color: #080808 !important; }
@supports (backdrop-filter: blur(1.5em)) or (-webkit-backdrop-filter: blur(1.5em)) {
.skinHeader-blurred {
background: rgba(20, 20, 20, 0.7) !important;
-webkit-backdrop-filter: blur(1.5em) !important;
backdrop-filter: blur(1.5em) !important; } }
.skinHeader.semiTransparent {
-webkit-backdrop-filter: none !important;
backdrop-filter: none !important;
background-color: rgba(0, 0, 0, 0.4) !important;
background-image: -webkit-gradient(linear, left top, left bottom, color-stop(10%, rgba(0, 0, 0, 0.7)), color-stop(10%, transparent)) !important;
background-image: -webkit-linear-gradient(top, rgba(0, 0, 0, 0.7) 10%, transparent) !important;
background-image: -moz-linear-gradient(top, rgba(0, 0, 0, 0.7) 10%, transparent) !important;
background-image: -o-linear-gradient(top, rgba(0, 0, 0, 0.7) 10%, transparent) !important;
background-image: linear-gradient(to bottom, rgba(0, 0, 0, 0.7) 10%, transparent) !important; }
.appfooter {
background: #080808 !important;
color: #fff !important; }
@supports (backdrop-filter: blur(10px)) or (-webkit-backdrop-filter: blur(10px)) {
.appfooter-blurred {
background: rgba(24, 24, 24, 0.7) !important;
-webkit-backdrop-filter: blur(20px) !important;
backdrop-filter: blur(20px) !important; } }
/* TV Global Modifications */
.emby-tab-button-active.emby-button-tv {
color: #fff !important; }
.guide-channelHeaderCell, .guide-channelTimeslotHeader {
background: #2e2e2e !important; }
.guide-programTextIcon {
color: #1e1e1e !important;
background: #555 !important; }
.guide-headerTimeslots {
color: #ccc !important; }
/* ----- 2.3 Fixes ----- */
/* 2.3.1 Dark Colors */
.autoorganizetable tbody tr:nth-child(odd) td, .autoorganizetable tbody tr:nth-child(odd) th {
background-color: #222326 !important; }
.autoorganizetable > .table > tbody > tr {
border: 1px solid #222326 !important; }
/*
_____________________________________________________________________
Emby Dark Themes is maintained by Ben Z (BenZuser)
with the contribution of Happy2Play.
_____________________________________________________________________
*/
/* TEMPORARY FIXES */
/* Links */
.searchSuggestionsList a, .noItemsMessage a, a.lnkPremiere {
color: #E81123 !important; }
.searchSuggestionsList a:hover, .noItemsMessage a:hover,
a.lnkPremiere:hover {
color: #9b9b9b !important; }
.searchSuggestionsList a:active, .noItemsMessage a:active,
a.lnkPremiere:active {
color: #94131E !important; }

16
roles/Foundation/files/custom/public/css/theme-aninix.css
View File

File diff suppressed because one or more lines are too long

271
roles/Foundation/files/custom/public/thank-you.html
View File

@@ -1,271 +0,0 @@
<!DOCTYPE html>
<html lang="en-US" class="theme-">
<head data-suburl="">
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta http-equiv="x-ua-compatible" content="ie=edge">
<title> AniNIX </title>
<link rel="manifest" href="/manifest.json" crossorigin="use-credentials">
<meta name="theme-color" content="#ff0000">
<meta name="author" content="AniNIX::Foundation" />
<meta name="description" content="AniNIX::Foundation \\ Code, documentation, and information sharing powered by Gitea (git with a cup of tea)" />
<meta name="keywords" content="go,git,self-hosted,gitea,aninix,aninix::foundation">
<meta name="referrer" content="no-referrer" />
<meta name="_csrf" content="iI1Kkrppem-yCnHGCll-UshSK6A6MTYwMDcwNjM3MTUxOTU5NzYxNg" />
<script>
/*
@licstart The following is the entire license notice for the
JavaScript code in this page.
Copyright (c) 2016 The Gitea Authors
Copyright (c) 2015 The Gogs Authors
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
---
Licensing information for additional javascript libraries can be found at:
{{StaticUrlPrefix}}/vendor/librejs.html
@licend The above is the entire license notice
for the JavaScript code in this page.
*/
</script>
<script>
window.config = {
AppVer: '1.12.4',
AppSubUrl: '',
StaticUrlPrefix: '',
UseServiceWorker: true ,
csrf: 'iI1Kkrppem-yCnHGCll-UshSK6A6MTYwMDcwNjM3MTUxOTU5NzYxNg',
HighlightJS: false,
Minicolors: false,
SimpleMDE: false,
Tribute: false,
U2F: false,
Heatmap: false,
heatmapUser: null,
NotificationSettings: {
MinTimeout: 10000 ,
TimeoutStep: 10000 ,
MaxTimeout: 60000 ,
EventSourceUpdateTime: 10000 ,
},
};
</script>
<link rel="shortcut icon" href="/img/favicon.png">
<link rel="mask-icon" href="/img/gitea-safari.svg" color="#609926">
<link rel="fluid-icon" href="/img/gitea-lg.png" title="AniNIX">
<link rel="stylesheet" href="/vendor/assets/font-awesome/css/font-awesome.min.css">
<link rel="stylesheet" href="/fomantic/semantic.min.css?v=d8d448774563cec3783c3b65d4e914b6">
<link rel="stylesheet" href="/css/index.css?v=d8d448774563cec3783c3b65d4e914b6">
<noscript>
<style>
.dropdown:hover > .menu { display: block; }
.ui.secondary.menu .dropdown.item > .menu { margin-top: 0; }
</style>
</noscript>
<style class="list-search-style"></style>
<meta property="og:title" content="AniNIX">
<meta property="og:type" content="website" />
<meta property="og:image" content="/img/gitea-lg.png" />
<meta property="og:url" content="https://foundation.aninix.net/" />
<meta property="og:description" content="AniNIX::Foundation \\ Code, documentation, and information sharing powered by Gitea (git with a cup of tea)">
<meta property="og:site_name" content="AniNIX" />
<link rel="stylesheet" href="/css/theme-aninix.css?v=d8d448774563cec3783c3b65d4e914b6">
<link rel="icon" type="image/png" href="/img/AniNIX.png" />
<link rel="alternate" type="application/rss+xml" title="AniNIX::RSS" href="/aninix.xml" />
<link rel='apple-touch-icon' sizes='180x180' href='/img/AniNIX.png' />
<meta name='apple-mobile-web-app-capable' content='yes' />
</head>
<body>
<div class="full height">
<noscript>This website works better with JavaScript.</noscript>
<div class="ui top secondary stackable main menu following bar light">
<div class="ui container" id="navbar">
<div class="item brand" style="justify-content: space-between;">
<a href="/">
<img class="ui mini image" src="/img/gitea-sm.png">
</a>
<div class="ui basic icon button mobile-only" id="navbar-expand-toggle">
<i class="sidebar icon"></i>
</div>
</div>
<a class="item active" href="/">Home</a>
<a class="item " href="/explore/repos">Explore</a>
<a class="item" target="_blank" id="chat" href="https://irc.aninix.net/">Chat</a>
<a class="item" target="_blank" id="pwdchange" href="https://password.aninix.net/">Change Password</a>
<a class="item" id="martialarts" href="/martialarts/">Martial Arts</a>
<a class="item" target="_blank" rel="noopener noreferrer" href="https://docs.gitea.io">Help</a>
<div class="right stackable menu">
<a class="item" href="/user/sign_up">
<svg class="svg octicon-person" width="16" height="16" aria-hidden="true"><use xlink:href="#octicon-person" /></svg> Register
</a>
<a class="item" rel="nofollow" href="/user/login?redirect_to=">
<svg class="svg octicon-sign-in" width="16" height="16" aria-hidden="true"><use xlink:href="#octicon-sign-in" /></svg> Sign In
</a>
</div>
</div>
</div>
<div class="home">
<h2>Thank you for your purchase!</h2>
<footer>
<div class="ui container">
<div class="ui left">
Powered by Gitea Page: <strong>0ms</strong> Template: <strong>0ms</strong>
</div>
<div class="ui right links">
<div class="ui language bottom floating slide up dropdown link item">
<i class="world icon"></i>
<div class="text">English</div>
<div class="menu">
<a lang="en-US" class="item active selected" href="#">English</a>
<a lang="zh-CN" class="item " href="?lang=zh-CN">简体中文</a>
<a lang="zh-HK" class="item " href="?lang=zh-HK">繁體中文(香港)</a>
<a lang="zh-TW" class="item " href="?lang=zh-TW">繁體中文(台灣)</a>
<a lang="de-DE" class="item " href="?lang=de-DE">Deutsch</a>
<a lang="fr-FR" class="item " href="?lang=fr-FR">français</a>
<a lang="nl-NL" class="item " href="?lang=nl-NL">Nederlands</a>
<a lang="lv-LV" class="item " href="?lang=lv-LV">latviešu</a>
<a lang="ru-RU" class="item " href="?lang=ru-RU">русский</a>
<a lang="uk-UA" class="item " href="?lang=uk-UA">Українська</a>
<a lang="ja-JP" class="item " href="?lang=ja-JP">日本語</a>
<a lang="es-ES" class="item " href="?lang=es-ES">español</a>
<a lang="pt-BR" class="item " href="?lang=pt-BR">português do Brasil</a>
<a lang="pl-PL" class="item " href="?lang=pl-PL">polski</a>
<a lang="bg-BG" class="item " href="?lang=bg-BG">български</a>
<a lang="it-IT" class="item " href="?lang=it-IT">italiano</a>
<a lang="fi-FI" class="item " href="?lang=fi-FI">suomi</a>
<a lang="tr-TR" class="item " href="?lang=tr-TR">Türkçe</a>
<a lang="cs-CZ" class="item " href="?lang=cs-CZ">čeština</a>
<a lang="sr-SP" class="item " href="?lang=sr-SP">српски</a>
<a lang="sv-SE" class="item " href="?lang=sv-SE">svenska</a>
<a lang="ko-KR" class="item " href="?lang=ko-KR">한국어</a>
</div>
</div>
<a href="/vendor/librejs.html" data-jslicense="1">JavaScript licenses</a>
<a href="/api/swagger">API</a>
<a target="_blank" rel="noopener noreferrer" href="https://gitea.io">Website</a>
</div>
</div>
</footer>
<script src="/js/jquery.js?v=d8d448774563cec3783c3b65d4e914b6"></script>
<script src="/fomantic/semantic.min.js?v=d8d448774563cec3783c3b65d4e914b6"></script>
<script src="/js/index.js?v=d8d448774563cec3783c3b65d4e914b6"></script>
<script type="text/javascript">
var _gaq = _gaq || [];
_gaq.push(['_setAccount', 'UA-18148792-3']);
_gaq.push(['_trackPageview']);
(function() {
var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
})();
</script>
<script src="https://redalert.battleforthenet.com/widget.js" async></script>
<script type="text/javascript">
document.getElementsByClassName('brand')[0].children[0].children[0].src="/img/AniNIX.png";
$('meta[property=og\\:image]').attr('content', '/img/AniNIX.png');
$('link[rel="mask-icon"]').attr('href', '/img/AniNIX.png');
$('link[rel="mask-icon"]').attr('color', '#000000');
document.getElementsById("pwdchange").setAttribute("target","_blank");
document.getElementsById("chat").setAttribute("target","_blank");
</script>
</body>
</html>

1
roles/Foundation/files/custom/templates/custom/header.tmpl
View File

@@ -2,3 +2,4 @@
<link rel="alternate" type="application/rss+xml" title="AniNIX/RSS" href="/aninix.xml" /> <link rel="alternate" type="application/rss+xml" title="AniNIX/RSS" href="/aninix.xml" />
<link rel='apple-touch-icon' sizes='180x180' href='/assets/img/AniNIX.png' /> <link rel='apple-touch-icon' sizes='180x180' href='/assets/img/AniNIX.png' />
<meta name='apple-mobile-web-app-capable' content='yes' /> <meta name='apple-mobile-web-app-capable' content='yes' />
<script src="/assets/js/aninix.js"></script>

181
roles/Foundation/files/custom/templates/home.tmpl
View File

@@ -1,88 +1,123 @@
{{template "base/head" .}} {{template "base/head" .}}
<!-- BEGIN CUSTOM HOME --> <!-- BEGIN CUSTOM HOME -->
<div class="home"> <div class="home">
<div class="ui stackable middle very relaxed page grid">
<div class="sixteen wide center aligned centered column"> <!-- Title/Logo -->
<div> <div class="ui stackable middle very relaxed page grid">
<img class="logo" src="{{AppSubUrl}}/assets/img/avatar_default.png" />
</div>
<div class="hero">
<h1 class="ui icon header title">
AniNIX
</h1>
<h2>Welcome to the network</h2>
</div>
</div>
</div>
<div class="ui stackable middle very relaxed page grid">
<div class="eight wide center column">
<h1 class="hero ui icon header">
<img width=20px height=20px src='/assets/img/icons/FoundationIcon.png'/>
<a href="https://foundation.aninix.net/explore/repos">Open source security</a>
</h1>
<p class="large">
The AniNIX's primary goal is to ensure everyone has access to the knowledge they need to build a low-cost, secure platform. We make all our source-code accessible and open-source.
</p>
</div>
<div class="eight wide center column">
<h1 class="hero ui icon header">
<img width=20px height=20px src='/assets/img/icons/IRCIcon.png'/>
<a href='ircs://aninix.net:6697/#lobby'>Contact us anytime</a>
</h1>
<p class="large">
We run an open IRC network -- we'd love to connect with you there. Not familiar with IRC? No worries -- we have a <a href="https://irc.aninix.net/" target=_blank alt="AniNIX/IRC (Web)" id="webchat">webchat</a> available.
</p> </div>
</div>
<div class="ui stackable middle very relaxed page grid">
<div class="eight wide center column">
<h1 class="hero ui icon header">
<img width=20px height=20px src="/assets/img/icons/WikiIcon.png"/>
<a href="/AniNIX/Wiki">Open documentation</a>
</h1>
<p class="large">
We maintain a Wiki to document how and why we do what we do. Hopefully, it can both help others to learn more about computing and spark discussion with the community at large.
</p>
</div>
<div class="eight wide center column">
<h1 class="hero ui icon header">
<img width=20px height=20x src="/assets/img/icons/MaatIcon.png"/>
<a href="https://maat.aninix.net/">Downloads</a>
</h1>
<p class="large">
We offer downloads from our AniNIX::Maat continuous-deployment system, including static files and packages for <a href="https://archlinux.org/">ArchLinux-style distributions.</a>
</p>
</div>
</div>
<hr style="margin-top: 50px;" />
<div class="sixteen wide center aligned centered column"> <div class="sixteen wide center aligned centered column">
<div class="hero"> <div>
<h2>Webapps</h2> <img class="logo" src="/assets/img/avatar_default.png" />
<p>We host a number of web apps to make our users' lives easier.
</div> </div>
<div class="ui stackable middle very relaxed page grid"> <div class="hero">
<div class="four wide center column"><a title="AniNIX/Singularity" href="https://singularity.aninix.net"><img style="width: 50px; height:auto; margin: 0; padding: 0 auto;" alt=RSS src="/assets/img/icons/SingularityIcon.png" /><p>AniNIX/Singularity (News powered by TT-RSS)</p></a></div> <h1 class="ui icon header title"> AniNIX </h1>
<div class="four wide center column"><a title="AniNIX/Yggdrasil" href="https://yggdrasil.aninix.net"><img style="width: 50px; height:auto; margin: 0; padding: 0 auto;" src="/assets/img/icons/YggdrasilIcon.png" /><p>AniNIX/Yggdrasil (Media powered by Emby)</p></a></div> <h2>Welcome to the network</h2>
<div class="four wide center column"><a title="AniNIX/Sharingan" href="https://sharingan.aninix.net"><img src="/assets/img/icons/SharinganIcon.png" style="width: 50px; height:auto; margin: 0; padding: 0 auto;" /><p>AniNIX/Sharingan (Monitoring powered by Nagios)</p></a></div>
<div class="four wide center column"><a title="AniNIX/WolfPack" href="https://wolfpack.aninix.net"><img src="/assets/img/icons/WolfPackIcon.png" style="width: 50px; height:auto; margin: 0; padding: 0 auto;" /><p>AniNIX/WolfPack (Botnet download results)</p></a></div>
</div> </div>
</div> </div>
<hr style="margin-top: 50px;" /> </div>
<!-- End title/logo -->
<!-- Top row -->
<div class="ui stackable middle very relaxed page grid">
<!-- Open-source widget -->
<div class="eight wide center column">
<h1 class="hero ui icon header">
<img width=20px height=20px src='/assets/img/icons/Foundation.png'/>
<a href="/explore/repos">Open source security</a>
</h1>
<p class="large">
The AniNIX's primary goal is to ensure everyone has access to the knowledge they need to build a low-cost, secure platform. We make all our source-code accessible and open-source.
</p>
</div>
<!-- IRC Widget -->
<div class="eight wide center column">
<h1 id="contact" class="hero ui icon header">
<img width=20px height=20px src='/assets/img/icons/IRC.png'/>
<a href='ircs://aninix.net:6697/#lobby'>Contact us anytime</a>
</h1>
<p class="large">
We run an open IRC network -- we'd love to connect with you there. Not familiar with IRC? No worries -- we have a <a href="https://irc.aninix.net/" target=_blank alt="AniNIX/IRC (Web)" id="webchat">webchat</a> available.
</p>
</div>
</div>
<!-- End top row -->
<!-- Bottom row -->
<div class="ui stackable middle very relaxed page grid">
<!-- AniNIX/Wiki widget -->
<div class="eight wide center column">
<h1 class="hero ui icon header">
<img width=20px height=20px src="/assets/img/icons/Wiki.png"/>
<a href="/AniNIX/Wiki">Open documentation</a>
</h1>
<p class="large">
We maintain a Wiki to document how and why we do what we do. Hopefully, it can both help others to learn more about computing and spark discussion with the community at large.
</p>
</div>
<!-- AniNIX/Maat widget -->
<div class="eight wide center column">
<h1 class="hero ui icon header">
<img width=20px height=20x src="/assets/img/icons/Maat.png"/>
<a href="https://maat.aninix.net/">Downloads</a>
</h1>
<p class="large">
We offer downloads from our AniNIX/Maat continuous-deployment system, including static files and packages for <a href="https://archlinux.org/">ArchLinux-style distributions.</a>
</p>
</div>
</div>
<!-- End bottom row -->
<hr style="margin-top: 50px;" />
<!-- Apps -->
<div class="ui stackable middle very relaxed page grid">
<div class="sixteen wide center aligned centered column hero">
<h2 id="apps">Webapps</h2>
<p>We host a number of web apps to make our users' lives easier.
</div>
<div class="four wide center column"><a title="AniNIX/Singularity" href="https://singularity.aninix.net"><img style="width: 50px; height:auto; margin: 0; padding: 0 auto;" alt=RSS src="/assets/img/icons/Singularity.png" /><p>Singularity</p></a><p>News powered by TT-RSS</p></div>
<div class="four wide center column"><a title="AniNIX/Yggdrasil" href="https://yggdrasil.aninix.net"><img style="width: 50px; height:auto; margin: 0; padding: 0 auto;" src="/assets/img/icons/Yggdrasil.png" /><p>Yggdrasil</p></a><p>Media powered by Emby</p></div>
<div class="four wide center column"><a title="AniNIX/Sharingan" href="https://sharingan.aninix.net"><img src="/assets/img/icons/Sharingan.png" style="width: 50px; height:auto; margin: 0; padding: 0 auto;" /><p>Sharingan</p></a><p>Monitoring powered by Graylog</p></div>
<div class="four wide center column"><a title="AniNIX/Cyberbrain" href="https://cyberbrain.aninix.net"><img src="/assets/img/icons/Cyberbrain.png" style="width: 50px; height:auto; margin: 0; padding: 0 auto;" /><p>Cyberbrain</p></a><p>SFTP Dropbox</p></div>
</div>
<!-- End apps -->
<hr style="margin-top: 50px;" />
<!-- News -->
<div class="ui stackable middle very relaxed page grid">
<div class="sixteen wide center aligned centered column"> <div class="sixteen wide center aligned centered column">
<div class="hero"> <div class="hero" id="news"></div>
<script type="text/javascript">
insertNewsSnippet("https://aninix.net/assets/rss-snippets/aninix","news");
</script>
</div>
</div>
</div>
<!-- Social -->
<div class="ui stackable middle very relaxed page grid">
<div class="sixteen wide center aligned centered column">
<div class="hero" id="social">
<h2>Follow us on social media</h2> <h2>Follow us on social media</h2>
<p>We want to stay in touch with you, so we are present on the social media platforms we find applicable.<br/> Have one you want us on? Contact us and let us know!</p> <p>We want to stay in touch with you, so we are present on the social media platforms we find applicable.<br/> Have one you want us on? Contact us and let us know!</p>
</div> </div>
<div class="ui stackable middle very relaxed page grid">
<div class="two wide center column"><!--placeholder--><p>&nbsp;</p></div>
<div class="two wide center column"><a title=AniNIX/RSS href="/assets/aninix.xml"><img style="width: 50px; height:auto; margin: 0; padding: 0 auto;" alt=RSS src="/assets/img/social/rss.png" /></a></div>
<div class="two wide center column"><a title=Discord href="https://discord.gg/2bmggfR"><img alt=Discord style="width: 50px; height:auto; margin: 0; padding: 0 auto;" src="/assets/img/social/discord.ico" /></a></div>
<div class="two wide center column"><a title=GitHub href="https://github.com/AniNIX"><img alt=GitHub src="/assets/img/social/github.png" style="width: 50px; height:auto; margin: 0; padding: 0 auto;" /></a></div>
<div class="two wide center column"><a title=YouTube href="https://www.youtube.com/channel/UCe-WNM2mbI51xoVZp3K_wFQ"><img src="/assets/img/social/youtube.png" style="width: 50px; height:auto; margin: 0; padding: 0 auto;" /></a></div>
<div class="two wide center column"><a title=LinkedIn href="https://www.linkedin.com/groups/13577720"><img style="width: 50px; height:auto; margin: 0; padding: 0 auto;" src="/assets/img/social/linkedin.png" /></a></div>
<div class="two wide center column"><a title=Facebook href="https://facebook.com/aninixnetwork"><img style="width: 50px; height:auto; margin: 0; padding: 0 auto;" src="/assets/img/social/facebook.png" /></a></div>
<div class="two wide center column"><!--placeholder--><p>&nbsp;</p></div>
</div>
</div> </div>
<div class="two wide center column"><!--placeholder--><p>&nbsp;</p></div>
<div class="two wide center column"><a title=AniNIX/RSS href="/assets/aninix.xml"><img style="width: 50px; height:auto; margin: 0; padding: 0 auto;" alt=RSS src="/assets/img/social/rss.png" /></a></div>
<div class="two wide center column"><a title=Discord href="https://discord.gg/2bmggfR"><img alt=Discord style="width: 50px; height:auto; margin: 0; padding: 0 auto;" src="/assets/img/social/discord.ico" /></a></div>
<div class="two wide center column"><a title=GitHub href="https://github.com/AniNIX"><img alt=GitHub src="/assets/img/social/github.png" style="width: 50px; height:auto; margin: 0; padding: 0 auto;" /></a></div>
<div class="two wide center column"><a title=YouTube href="https://www.youtube.com/channel/UCe-WNM2mbI51xoVZp3K_wFQ"><img src="/assets/img/social/youtube.png" style="width: 50px; height:auto; margin: 0; padding: 0 auto;" /></a></div>
<div class="two wide center column"><a title=LinkedIn href="https://www.linkedin.com/groups/13577720"><img style="width: 50px; height:auto; margin: 0; padding: 0 auto;" src="/assets/img/social/linkedin.png" /></a></div>
<div class="two wide center column"><a title=Facebook href="https://facebook.com/aninixnetwork"><img style="width: 50px; height:auto; margin: 0; padding: 0 auto;" src="/assets/img/social/facebook.png" /></a></div>
<div class="two wide center column"><!--placeholder--><p>&nbsp;</p></div>
</div>
</div> </div>
<!-- END CUSTOM HOME --> <!-- END CUSTOM HOME -->
{{template "base/footer" .}} {{template "base/footer" .}}

199
roles/Foundation/files/web-snippets/martialarts/index
View File

@@ -1,82 +1,117 @@
<div class="ui stackable middle very relaxed page grid"> <!-- Title/logo-->
<div class="sixteen wide center aligned centered column"> <div class="ui stackable middle very relaxed page grid">
<!--<div class="ui negative message"><p>We are open despite COVID-19 -- those attending in person will need to sign a waiver of health and follow all state requirements, including wearing a mask.</p></div>--> <div class="sixteen wide center aligned centered column">
<div> <!--<div class="ui negative message"><p>We are open despite COVID-19 -- those attending in person will need to sign a waiver of health and follow all state requirements, including wearing a mask.</p></div>-->
<img class="logo" src="/assets/img/icons/MartialArtsIcon.png" /> <div>
</div> <img class="logo" src="/assets/img/icons/MartialArts.png" />
<div class="hero"> </div>
<h1 class="ui icon header title"> <div class="hero">
AniNIX Martial Arts <h1 class="ui icon header title">
</h1> AniNIX Martial Arts
<h2>Open-source, research-driven self-defense and personal health</h2> </h1>
<p>AniNIX Martial Arts is a small martial arts collective focusing on research-driven martial arts. Our core style is USHF HapKiDo, but we are influenced by HEMA, Razmafzar, Kali, Shaolin, Silat, JKD, BJJ, and many other systems. We are a research-driven group -- we encourage cross-training with other systems and will bring in new concepts regularly. The class is open to all experience levels, gender identity, gender expression, sexual orientation, religious or cultural identity, socioecomic status, or age (above 14), in Southcentral Wisconsin -- we will fit your training to your needs and goals.</p><p>Drop-ins are welcome, and registration is cheap. We hope you'll give us a chance to show you what we can do.</p> <h2>Open-source, research-driven self-defense and personal health</h2>
</div> <p>AniNIX Martial Arts is a small martial arts collective focusing on research-driven martial arts. Our core style is USHF HapKiDo, but we are influenced by HEMA, Razmafzar, Kali, Shaolin, Silat, JKD, BJJ, and many other systems. We are a research-driven group -- we encourage cross-training with other systems and will bring in new concepts regularly. The class is open to all experience levels, gender identity, gender expression, sexual orientation, religious or cultural identity, socioecomic status, or age (above 14), in Southcentral Wisconsin -- we will fit your training to your needs and goals.</p><p>Drop-ins are welcome, and registration is cheap. We hope you'll give us a chance to show you what we can do.</p>
</div> </div>
</div> </div>
<div class="ui stackable middle very relaxed page grid"> </div>
<div class="eight wide center column"> <!-- End title/logo -->
<h1 class="hero ui icon header">
<img width=20px height=20px src='/assets/img/icons/FoundationIcon.png'/> <!-- Top row -->
<a href="/mawiki">Open-source</a> <div class="ui stackable middle very relaxed page grid">
</h1>
<p class="large"> <!-- Open-source widget -->
We want your training with our system to become a part of your life. This means that we provide access to a revision-controlled copy of our notes that all our students can download, keep, and contribute to. We're tired of the old era where how the system works is kept hidden from students and piecemealed out as a marketing ploy -- we want to be as trasparent as possible in how our program and our martial art function. Transparency keeps our instructors honest and our students engaged -- this means a better martial arts experience for everyone. <div class="eight wide center column">
</p> <h1 class="hero ui icon header">
</div> <img width=20px height=20px src='/assets/img/icons/Foundation.png'/>
<div class="eight wide center column"> <a href="/MartialArts/Wiki/src/branch/main/README.md">Open-source</a>
<h1 class="hero ui icon header"> </h1>
<img width=20px height=20px src='/assets/img/ushf.jpg'/> <p>
<a href='https://ushapkidofederation.wordpress.com/'>Research-driven</a> We want your training with our system to become a part of your life. This means that we provide access to a revision-controlled copy of our notes that all our students can download, keep, and contribute to. We're tired of the old era where how the system works is kept hidden from students and piecemealed out as a marketing ploy -- we want to be as trasparent as possible in how our program and our martial art function. Transparency keeps our instructors honest and our students engaged -- this means a better martial arts experience for everyone.
</h1> </p>
<p class="large"> </div>
Our system is always growing. We are a United States HapKiDo Federation (USHF) school, and that gives us access to high-quality instructors and seminar material each year from across the US. We also maintain good relationships with other schools in our area -- we want our students to examine what they're learing and make sure that it works, and that means looking at different perspectives.
</p> </div> <!-- Research widget -->
</div> <div class="eight wide center column">
<div class="ui stackable middle very relaxed page grid"> <h1 class="hero ui icon header">
<div class="eight wide center column"> <img width=20px height=20px src='/assets/img/ushf.jpg'/>
<h1 class="hero ui icon header"> <a href='https://ushapkidofederation.wordpress.com/'>Research-driven</a>
<img width=20px height=20px src="/assets/img/icons/MartialArtsIcon.png"/> </h1>
<a href="/martialarts/index.html#storefront">Low-cost</a> <p>
</h1> Our system is always growing. We are a United States HapKiDo Federation (USHF) school, and that gives us access to high-quality instructors and seminar material each year from across the US. We also maintain good relationships with other schools in our area -- we want our students to examine what they're learing and make sure that it works, and that means looking at different perspectives.
<p class="large">We are non-profit group -- we train because we feel like it makes life better, not to make money. As such, our costs are publicly documented and our rates match the same. Classes will be informed of potential changes to costs well in advance, and we use recurring payments. We want you thinking about your training, not how you're going to pay for it.</p> </p>
<p class="large"> </div>
<ul style="text-align: left;">
<li><b>Cost:</b> $10 per month in-person; $5 per month livestream -- pay below.</li> </div>
<li><b>Lessons:</b>Tuesdays 7-8:30 p.m.</li> <!-- End top row -->
<li><b>Sparring:</b>Tuesdays 6-7 p.m.</li>
<li><b>Shaolin Workouts:</b> Saturday mornings at 8 a.m. </li> <!-- Bottom row -->
<li><b>Location:</b> <a href="https://g.page/aninix-martial-arts?share">225 Blaser Drive, Belleville, WI</a></li> <div class="ui stackable middle very relaxed page grid">
<li><b>What to bring:</b> Exercise clothes and water</li>
</ul></p> <!-- Low-cost widget -->
</div> <div class="eight wide center column">
<div class="eight wide center column"> <h1 class="hero ui icon header">
<h1 class="hero ui icon header"> <img width=20px height=20px src="/assets/img/icons/MartialArts.png"/>
<img width=20px height=20x src="/assets/img/icons/IRCIcon.png"/> <a href="/martialarts/index.html#storefront">Low-cost</a>
<a href="/martialarts/index.html#social">Real-life First</a> </h1>
</h1> <p>We are non-profit group -- we train because we feel like it makes life better, not to make money. As such, our costs are publicly documented and our rates match the same. Classes will be informed of potential changes to costs well in advance, and we use recurring payments. We want you thinking about your training, not how you're going to pay for it.</p>
<p class="large"> <p>
Everyone is welcome! Class attendance is not mandated and belt-testing is not required to train. As a courtesy, please inform the class of your absence or intended late arrival -- real-life comes first, and we're happy to work with your needs. As long as one person shows, we'll have class -- the smaller the class, the more tailored it is, but the bigger classes mean more partners and body types.</p> <ul style="text-align: left;">
<p class="large"> <li><b>Cost:</b> Free</li>
Our focus is also on what you will actually use. While we appreciate traditional and esoteric training for self-development, our weekly classes are focused on modern techniques and training methods so that you get the most out of your time. Our goal is to help create a community of prepared and healthy citizens, and we believe martial arts helps build that in a way no other activity can. <li><b>Lessons:</b>Tuesdays 7-8:30 p.m.</li>
</p> <li><b>Sparring:</b>Tuesdays 6-7 p.m.</li>
</div> <li><b>Shaolin Workouts:</b> Saturday mornings at 8 a.m. </li>
</div> <li><b>Location:</b> <a href="https://g.page/aninix-martial-arts?share">225 Blaser Drive, Belleville, WI</a></li>
<hr style="margin-top: 50px;" /> <li><b>What to bring:</b> Exercise clothes and water</li>
<div class="ui stackable middle very relaxed page grid" id="social"> <li id='contact-insert'>
<div class="sixteen wide center aligned centered column"> <script type="text/javascript">
<div class="hero"> insertContactInfo();
<h2 id=social>Follow us on social media</h2> </script>
<p class=large>We want to stay in touch with you, so we are present on the social media platforms we find applicable.<br/> Have one you want us on? Contact us and let us know!</p> </li>
</div> </ul></p>
<div class="ui stackable middle very relaxed page grid" id="social"> </div>
<div class="two wide center column"><p>&nbsp;</p></div>
<div class="two wide center column"><a title=RSS href="/martialarts/maqotw.xml"><img style="width: 50px; height:auto; margin: 0; padding: 0 auto;" alt=RSS src="/assets/img/social/rss.png" /></a></div> <!-- Real-life widget -->
<div class="two wide center column"><a title=Discord href="https://discord.gg/2bmggfR"><img alt=Discord style="width: 50px; height:auto; margin: 0; padding: 0 auto;" src="/assets/img/social/discord.ico" /></a></div> <div class="eight wide center column">
<div class="two wide center column"><a title=NextDoor href="https://nextdoor.com/news_feed/?post=112835813"><img alt=NextDoor src="/assets/img/social/nextdoor.png" style="width: 50px; height:auto; margin: 0; padding: 0 auto;" /></a></div> <h1 class="hero ui icon header">
<div class="two wide center column"><a title=YouTube href="https://www.youtube.com/channel/UCVAkee-WaInnZbPn16bqzrw/about?view_as=subscriber"><img src="/assets/img/social/youtube.png" style="width: 50px; height:auto; margin: 0; padding: 0 auto;" /></a></div> <img width=20px height=20x src="/assets/img/icons/IRC.png"/>
<div class="two wide center column"><a title=Strava href="https://www.strava.com/clubs/aninixmartialarts"><img style="width: 50px; height:auto; margin: 0; padding: 0 auto;" src="/assets/img/social/strava.png" /></a></div> <a href="/martialarts/index.html#social">Real-life First</a>
<div class="two wide center column"><a title=Facebook href="https://www.facebook.com/groups/aninixmartialarts/"><img style="width: 50px; height:auto; margin: 0; padding: 0 auto;" src="/assets/img/social/facebook.png" /></a></div> </h1>
<div class="two wide center column"><p>&nbsp;</p></div> <p>
</div> Everyone is welcome! Class attendance is not mandated and belt-testing is not required to train. As a courtesy, please inform the class of your absence or intended late arrival -- real-life comes first, and we're happy to work with your needs. As long as one person shows, we'll have class -- the smaller the class, the more tailored it is, but the bigger classes mean more partners and body types.</p>
</div> <p>
</div> Our focus is also on what you will actually use. While we appreciate traditional and esoteric training for self-development, our weekly classes are focused on modern techniques and training methods so that you get the most out of your time. Our goal is to help create a community of prepared and healthy citizens, and we believe martial arts helps build that in a way no other activity can.
</p>
</div>
</div>
<!-- End bottom row -->
<!-- News -->
<hr style="margin-top: 50px;" />
<div class="ui stackable middle very relaxed page grid">
<div class="sixteen wide center aligned centered column">
<div class=hero id=news>
<script type="text/javascript">
insertNewsSnippet("https://aninix.net/assets/rss-snippets/maqotw","news");
</script>
</div>
</div>
</div>
<!-- Social -->
<div class="ui stackable middle very relaxed page grid">
<div class="sixteen wide center aligned centered column">
<div class="hero" id=social>
<h2>Follow us on social media</h2>
<p class=large>We want to stay in touch with you, so we are present on the social media platforms we find applicable.<br/> Have one you want us on? Contact us and let us know!</p>
</div>
</div>
<div class="two wide center column"><p>&nbsp;</p></div>
<div class="two wide center column"><a title=RSS href="/martialarts/maqotw.xml"><img style="width: 50px; height:auto; margin: 0; padding: 0 auto;" alt=RSS src="/assets/img/social/rss.png" /></a></div>
<div class="two wide center column"><a title=Discord href="https://discord.gg/2bmggfR"><img alt=Discord style="width: 50px; height:auto; margin: 0; padding: 0 auto;" src="/assets/img/social/discord.ico" /></a></div>
<div class="two wide center column"><a title=NextDoor href="https://nextdoor.com/news_feed/?post=112835813"><img alt=NextDoor src="/assets/img/social/nextdoor.png" style="width: 50px; height:auto; margin: 0; padding: 0 auto;" /></a></div>
<div class="two wide center column"><a title=YouTube href="https://www.youtube.com/channel/UCVAkee-WaInnZbPn16bqzrw/about?view_as=subscriber"><img src="/assets/img/social/youtube.png" style="width: 50px; height:auto; margin: 0; padding: 0 auto;" /></a></div>
<div class="two wide center column"><a title=Strava href="https://www.strava.com/clubs/aninixmartialarts"><img style="width: 50px; height:auto; margin: 0; padding: 0 auto;" src="/assets/img/social/strava.png" /></a></div>
<div class="two wide center column"><a title=Facebook href="https://www.facebook.com/groups/aninixmartialarts/"><img style="width: 50px; height:auto; margin: 0; padding: 0 auto;" src="/assets/img/social/facebook.png" /></a></div>
<div class="two wide center column"><p>&nbsp;</p></div>
</div>

107
roles/Foundation/files/web-snippets/pay/index
View File

@@ -1,107 +0,0 @@
<div class="ui stackable middle very relaxed page grid">
<script src="https://js.stripe.com/v3"></script>
<div class="sixteen wide center aligned centered column">
<h1 class="ui icon header title">
AniNIX
</h1>
<h2>Our Storefront</h2>
<p>We have limited service offerings available. Please contact an admin on IRC first to arrange the contract, then use the item below to pay the invoice.</p>
</div>
</div>
</div>
<div class="ui stackable middle very relaxed page grid">
<div class="sixteen wide center column" >
<h1 class="hero ui icon header">
<img width=20px height=20px src='/assets/img/icons/CoreIcon.png'/>
Cybersecurity Consulting
</h1>
<p class="large">The AniNIX offers cybersecurity consulting and advice services on a limited basis. We bill at $20 an hour -- please select your need below after negotiating with an admin.</p>
<p class="large">
<form action="./storefront.html" id="hours">
<label for="hourcount">Hours required</label>
<select name="hourcount" id="hourscount">
<option value="1">1</option>
<option value="2">2</option>
<option value="3">3</option>
<option value="4">4</option>
<option value="5">5</option>
<option value="6">6</option>
<option value="7">7</option>
<option value="8">8</option>
<option value="9">9</option>
<option value="10">10</option>
<option value="11">11</option>
<option value="12">12</option>
<option value="13">13</option>
<option value="14">14</option>
<option value="15">15</option>
<option value="16">16</option>
<option value="17">17</option>
<option value="18">18</option>
<option value="19">19</option>
<option value="20">20</option>
</select>
<br/>
</form>
<!-- START STRIPE CODE -->
<!-- Create a button that your customers click to complete their purchase. Customize the styling to suit your branding. -->
<button
style="background-color:#6772E5;color:#FFF;padding:8px 12px;border:0;border-radius:4px;font-size:1em"
id="checkout-button-price_1HTuehI49P1uFPoXCW9pJg5E"
role="link"
type="button"
>
Checkout
</button>
<div id="error-message"></div>
<script>
(function() {
var stripe = Stripe('pk_live_51HThYnI49P1uFPoX5ARnHSpT9D08Gbfux6O25waFLpPBsnZoLDuqopFAZeLfu0CbbICxEnPZOOLkDLTlcNjkazs100ElKcF2QX');
var checkoutButton = document.getElementById('checkout-button-price_1HTuehI49P1uFPoXCW9pJg5E');
checkoutButton.addEventListener('click', function () {
// When the customer clicks on the button, redirect
// them to Checkout.
stripe.redirectToCheckout({
lineItems: [{price: 'price_1HTuehI49P1uFPoXCW9pJg5E', quantity: parseInt(document.getElementById('hourscount').value)}],
mode: 'payment',
// Do not rely on the redirect to the successUrl for fulfilling
// purchases, customers may not always reach the success_url after
// a successful payment.
// Instead use one of the strategies described in
// https://stripe.com/docs/payments/checkout/fulfill-orders
successUrl: window.location.protocol + '//aninix.net/pay/thank-you.html',
cancelUrl: window.location.protocol + '//aninix.net/pay/storefront.html',
})
.then(function (result) {
if (result.error) {
// If `redirectToCheckout` fails due to a browser or network
// error, display the localized error message to your customer.
var displayError = document.getElementById('error-message');
displayError.textContent = result.error.message;
}
});
});
})();
</script>
<! -- END STRIPE CODE -->
</p>
</div>
</div>
<div class="ui stackable middle very relaxed page grid">
<div class="sixteen wide center column" >
<hr style="margin-top: 50px;" />
<h2>Donate</h2>
<p>If you like what we do, you can also donate on one of these platforms:</p>
<ul style="width:500px;text-align: left;margin:auto;">
<li><a href="https://store.steampowered.com/wishlist/id/darkfeather664/#sort=order">Steam (games)</a></li>
<li><a href="https://www.amazon.com/hz/wishlist/ls/3CORZU03RNWST?ref_=wl_share">Amazon (hardware)</a></li>
<li>BTC 38Nd3SgytdvSmcX3gfHeNAE2B6aPyYbS7s</li>
<li>Coinbase USDC 0x21a05e628Ed622F7594f62Ea3C764bAEF7fE3Bf3</li>
</ul>
</div>
</div>

12
roles/Foundation/files/web-snippets/pay/thank-you
View File

@@ -1,12 +0,0 @@
<div class="ui stackable middle very relaxed page grid">
<div class="sixteen wide center aligned centered column">
<div>
<img class="logo" src="/assets/img/icons/CoreIcon.png" />
</div>
<div class="hero">
<h2 class="ui icon header title">
Thank you for your purchase!
</h2>
</div>
</div>
</div>

31
roles/Foundation/tasks/main.yml
View File

@@ -5,12 +5,6 @@
name: name:
- gitea - gitea
- name: BitBot
become: yes
git:
repo: https://github.com/jesopo/bitbot.git
dest: /opt/bitbot
- name: Make directories - name: Make directories
become: yes become: yes
file: file:
@@ -27,7 +21,7 @@
register: config register: config
template: template:
src: app.ini.j2 src: app.ini.j2
dest: /var/lib/gitea/custom/conf/app.ini dest: /etc/gitea/app.ini
owner: gitea owner: gitea
group: gitea group: gitea
mode: 0750 mode: 0750
@@ -53,7 +47,7 @@
become: yes become: yes
get_url: get_url:
url: https://github.com/BenZuser/Emby-Web-Dark-Themes-CSS/raw/master/RED/theme.css url: https://github.com/BenZuser/Emby-Web-Dark-Themes-CSS/raw/master/RED/theme.css
dest: /var/lib/gitea/custom/public/css/emby-web-dark-theme-BenZuser.css dest: /var/lib/gitea/custom/public/assets/css/emby-web-dark-theme-BenZuser.css
owner: gitea owner: gitea
group: gitea group: gitea
@@ -65,23 +59,6 @@
owner: gitea owner: gitea
group: gitea group: gitea
- name: Service file
become: yes
register: servicefile
copy:
src: foundation.service
dest: /usr/lib/systemd/system
owner: root
group: root
mode: 0755
- name: Ensure default service disabled
become: yes
service:
name: gitea
state: stopped
enabled: no
- name: Generate pages - name: Generate pages
become: yes become: yes
register: custompages register: custompages
@@ -89,8 +66,8 @@
- name: Restart service - name: Restart service
become: yes become: yes
when: config.changed or servicefile.changed or custompages.changed when: config.changed or custompages.changed
service: service:
name: foundation name: gitea
state: restarted state: restarted
enabled: yes enabled: yes

447
roles/Foundation/templates/app.ini.j2
View File

@@ -8,35 +8,36 @@ APP_NAME = AniNIX
RUN_USER = gitea RUN_USER = gitea
; Either "dev", "prod" or "test", default is "dev" ; Either "dev", "prod" or "test", default is "dev"
RUN_MODE = prod RUN_MODE = prod
WORK_PATH = /var/lib/gitea
[repository] [repository]
ROOT = repos ROOT = repos
SCRIPT_TYPE = bash SCRIPT_TYPE = bash
; Default ANSI charset ; Default ANSI charset
ANSI_CHARSET = ANSI_CHARSET =
; Force every new repository to be private ; Force every new repository to be private
FORCE_PRIVATE = false FORCE_PRIVATE = false
; Default privacy setting when creating a new repository, allowed values: last, private, public. Default is last which means the last setting used. ; Default privacy setting when creating a new repository, allowed values: last, private, public. Default is last which means the last setting used.
DEFAULT_PRIVATE = last DEFAULT_PRIVATE = last
; Global limit of repositories per user, applied at creation time. -1 means no limit ; Global limit of repositories per user, applied at creation time. -1 means no limit
MAX_CREATION_LIMIT = -1 MAX_CREATION_LIMIT = -1
; Preferred Licenses to place at the top of the List ; Preferred Licenses to place at the top of the List
; The name here must match the filename in conf/license or custom/conf/license ; The name here must match the filename in conf/license or custom/conf/license
PREFERRED_LICENSES = AniNIX-WTFPL PREFERRED_LICENSES = AniNIX-WTFPL
; Disable the ability to interact with repositories using the HTTP protocol ; Disable the ability to interact with repositories using the HTTP protocol
DISABLE_HTTP_GIT = false DISABLE_HTTP_GIT = false
; Value for Access-Control-Allow-Origin header, default is not to present ; Value for Access-Control-Allow-Origin header, default is not to present
; WARNING: This maybe harmful to you website if you do not give it a right value. ; WARNING: This maybe harmful to you website if you do not give it a right value.
ACCESS_CONTROL_ALLOW_ORIGIN = ACCESS_CONTROL_ALLOW_ORIGIN =
; Force ssh:// clone url instead of scp-style uri when default SSH port is used ; Force ssh:// clone url instead of scp-style uri when default SSH port is used
USE_COMPAT_SSH_URI = false USE_COMPAT_SSH_URI = false
; Close issues as long as a commit on any branch marks it as fixed ; Close issues as long as a commit on any branch marks it as fixed
DEFAULT_CLOSE_ISSUES_VIA_COMMITS_IN_ANY_BRANCH = false DEFAULT_CLOSE_ISSUES_VIA_COMMITS_IN_ANY_BRANCH = false
[repository.editor] [repository.editor]
; List of file extensions for which lines should be wrapped in the CodeMirror editor ; List of file extensions for which lines should be wrapped in the CodeMirror editor
; Separate extensions with a comma. To line wrap files without an extension, just put a comma ; Separate extensions with a comma. To line wrap files without an extension, just put a comma
LINE_WRAP_EXTENSIONS = .txt,.md,.markdown,.mdown,.mkd, LINE_WRAP_EXTENSIONS = .txt,.md,.markdown,.mdown,.mkd,
; Valid file modes that have a preview API associated with them, such as api/v1/markdown ; Valid file modes that have a preview API associated with them, such as api/v1/markdown
; Separate the values by commas. The preview tab in edit mode won't be displayed if the file extension doesn't match ; Separate the values by commas. The preview tab in edit mode won't be displayed if the file extension doesn't match
PREVIEWABLE_FILE_MODES = markdown PREVIEWABLE_FILE_MODES = markdown
@@ -49,15 +50,15 @@ LOCAL_WIKI_PATH = tmp/local-wiki
[repository.upload] [repository.upload]
; Whether repository file uploads are enabled. Defaults to `true` ; Whether repository file uploads are enabled. Defaults to `true`
ENABLED = true ENABLED = true
; Path for uploads. Defaults to `data/tmp/uploads` (tmp gets deleted on gitea restart) ; Path for uploads. Defaults to `data/tmp/uploads` (tmp gets deleted on gitea restart)
TEMP_PATH = data/tmp/uploads TEMP_PATH = data/tmp/uploads
; One or more allowed types, e.g. image/jpeg|image/png. Nothing means any file type ; One or more allowed types, e.g. image/jpeg|image/png. Nothing means any file type
ALLOWED_TYPES = ALLOWED_TYPES =
; Max size of each file in megabytes. Defaults to 3MB ; Max size of each file in megabytes. Defaults to 3MB
FILE_MAX_SIZE = 3 FILE_MAX_SIZE = 3
; Max number of files per upload. Defaults to 5 ; Max number of files per upload. Defaults to 5
MAX_FILES = 5 MAX_FILES = 5
[repository.pull-request] [repository.pull-request]
; List of prefixes used in Pull Request title to mark them as Work In Progress ; List of prefixes used in Pull Request title to mark them as Work In Progress
@@ -70,138 +71,140 @@ LOCK_REASONS = Too heated,Off-topic,Resolved,Spam
[cors] [cors]
; More information about CORS can be found here: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#The_HTTP_response_headers ; More information about CORS can be found here: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#The_HTTP_response_headers
; enable cors headers (disabled by default) ; enable cors headers (disabled by default)
ENABLED = false ENABLED = false
; scheme of allowed requests ; scheme of allowed requests
SCHEME = http SCHEME = http
; list of requesting domains that are allowed ; list of requesting domains that are allowed
ALLOW_DOMAIN = * ALLOW_DOMAIN = *
; allow subdomains of headers listed above to request ; allow subdomains of headers listed above to request
ALLOW_SUBDOMAIN = false ALLOW_SUBDOMAIN = false
; list of methods allowed to request ; list of methods allowed to request
METHODS = GET,HEAD,POST,PUT,PATCH,DELETE,OPTIONS METHODS = GET,HEAD,POST,PUT,PATCH,DELETE,OPTIONS
; max time to cache response ; max time to cache response
MAX_AGE = 10m MAX_AGE = 10m
; allow request with credentials ; allow request with credentials
ALLOW_CREDENTIALS = false ALLOW_CREDENTIALS = false
[ui] [ui]
; Number of repositories that are displayed on one explore page ; Number of repositories that are displayed on one explore page
EXPLORE_PAGING_NUM = 20 EXPLORE_PAGING_NUM = 20
; Number of issues that are displayed on one page ; Number of issues that are displayed on one page
ISSUE_PAGING_NUM = 10 ISSUE_PAGING_NUM = 10
; Number of maximum commits displayed in one activity feed ; Number of maximum commits displayed in one activity feed
FEED_MAX_COMMIT_NUM = 5 FEED_MAX_COMMIT_NUM = 5
; Number of maximum commits displayed in commit graph. ; Number of maximum commits displayed in commit graph.
GRAPH_MAX_COMMIT_NUM = 100 GRAPH_MAX_COMMIT_NUM = 100
; Number of line of codes shown for a code comment ; Number of line of codes shown for a code comment
CODE_COMMENT_LINES = 4 CODE_COMMENT_LINES = 4
; Value of `theme-color` meta tag, used by Android >= 5.0 ; Value of `theme-color` meta tag, used by Android >= 5.0
; An invalid color like "none" or "disable" will have the default style ; An invalid color like "none" or "disable" will have the default style
; More info: https://developers.google.com/web/updates/2014/11/Support-for-theme-color-in-Chrome-39-for-Android ; More info: https://developers.google.com/web/updates/2014/11/Support-for-theme-color-in-Chrome-39-for-Android
THEME_COLOR_META_TAG = `#ff0000` THEME_COLOR_META_TAG = `#ff0000`
; Max size of files to be displayed (default is 8MiB) ; Max size of files to be displayed (default is 8MiB)
MAX_DISPLAY_FILE_SIZE = 8388608 MAX_DISPLAY_FILE_SIZE = 8388608
; Whether the email of the user should be shown in the Explore Users page ; Whether the email of the user should be shown in the Explore Users page
SHOW_USER_EMAIL = true SHOW_USER_EMAIL = true
; Set the default theme for the Gitea install ; Set the default theme for the Gitea install
DEFAULT_THEME = aninix DEFAULT_THEME = aninix
; All available themes. Allow users select personalized themes regardless of the value of `DEFAULT_THEME`. ; All available themes. Allow users select personalized themes regardless of the value of `DEFAULT_THEME`.
THEMES = gitea,arc-green,aninix THEMES = gitea-light,gitea-dark,aninix
; Whether the full name of the users should be shown where possible. If the full name isn't set, the username will be used. ; Whether the full name of the users should be shown where possible. If the full name isn't set, the username will be used.
DEFAULT_SHOW_FULL_NAME = false DEFAULT_SHOW_FULL_NAME = false
; Disabling since we can check as a pre-commit hook
AMBIGUOUS_UNICODE_DETECTION = false
[ui.admin] [ui.admin]
; Number of users that are displayed on one page ; Number of users that are displayed on one page
USER_PAGING_NUM = 50 USER_PAGING_NUM = 50
; Number of repos that are displayed on one page ; Number of repos that are displayed on one page
REPO_PAGING_NUM = 50 REPO_PAGING_NUM = 50
; Number of notices that are displayed on one page ; Number of notices that are displayed on one page
NOTICE_PAGING_NUM = 25 NOTICE_PAGING_NUM = 25
; Number of organizations that are displayed on one page ; Number of organizations that are displayed on one page
ORG_PAGING_NUM = 50 ORG_PAGING_NUM = 50
[ui.user] [ui.user]
; Number of repos that are displayed on one page ; Number of repos that are displayed on one page
REPO_PAGING_NUM = 15 REPO_PAGING_NUM = 15
[ui.meta] [ui.meta]
AUTHOR = AniNIX::Foundation AUTHOR = AniNIX/Foundation
DESCRIPTION = AniNIX::Foundation \\ Code, documentation, and information sharing powered by Gitea (git with a cup of tea) DESCRIPTION = AniNIX/Foundation | Code, documentation, and information sharing powered by Gitea (git with a cup of tea)
KEYWORDS = go,git,self-hosted,gitea,aninix,aninix::foundation KEYWORDS = go,git,self-hosted,gitea,aninix,aninix::foundation
[markdown] [markdown]
; Enable hard line break extension ; Enable hard line break extension
ENABLE_HARD_LINE_BREAK = false ENABLE_HARD_LINE_BREAK = false
; List of custom URL-Schemes that are allowed as links when rendering Markdown ; List of custom URL-Schemes that are allowed as links when rendering Markdown
; for example git,magnet ; for example git,magnet
CUSTOM_URL_SCHEMES = CUSTOM_URL_SCHEMES =
; List of file extensions that should be rendered/edited as Markdown ; List of file extensions that should be rendered/edited as Markdown
; Separate the extensions with a comma. To render files without any extension as markdown, just put a comma ; Separate the extensions with a comma. To render files without any extension as markdown, just put a comma
FILE_EXTENSIONS = .md,.markdown,.mdown,.mkd FILE_EXTENSIONS = .md,.markdown,.mdown,.mkd
[server] [server]
; The protocol the server listens on. One of 'http', 'https', 'unix' or 'fcgi'. ; The protocol the server listens on. One of 'http', 'https', 'unix' or 'fcgi'.
PROTOCOL = http PROTOCOL = http
DOMAIN = {{ external_domain }} DOMAIN = {{ external_domain }}
ROOT_URL = https://{{ external_domain }}/ ROOT_URL = https://{{ external_domain }}/
; The address to listen on. Either a IPv4/IPv6 address or the path to a unix socket. ; The address to listen on. Either a IPv4/IPv6 address or the path to a unix socket.
HTTP_ADDR = 0.0.0.0 HTTP_ADDR = 0.0.0.0
HTTP_PORT = 3000 HTTP_PORT = 3000
; If REDIRECT_OTHER_PORT is true, and PROTOCOL is set to https an http server ; If REDIRECT_OTHER_PORT is true, and PROTOCOL is set to https an http server
; will be started on PORT_TO_REDIRECT and it will redirect plain, non-secure http requests to the main ; will be started on PORT_TO_REDIRECT and it will redirect plain, non-secure http requests to the main
; ROOT_URL. Defaults are false for REDIRECT_OTHER_PORT and 80 for ; ROOT_URL. Defaults are false for REDIRECT_OTHER_PORT and 80 for
; PORT_TO_REDIRECT. ; PORT_TO_REDIRECT.
REDIRECT_OTHER_PORT = false REDIRECT_OTHER_PORT = false
PORT_TO_REDIRECT = 3000 PORT_TO_REDIRECT = 3000
; Permission for unix socket ; Permission for unix socket
UNIX_SOCKET_PERMISSION = 660 UNIX_SOCKET_PERMISSION = 660
; Local (DMZ) URL for Gitea workers (such as SSH update) accessing web service. ; Local (DMZ) URL for Gitea workers (such as SSH update) accessing web service.
; In most cases you do not need to change the default value. ; In most cases you do not need to change the default value.
; Alter it only if your SSH server node is not the same as HTTP node. ; Alter it only if your SSH server node is not the same as HTTP node.
; Do not set this variable if PROTOCOL is set to 'unix'. ; Do not set this variable if PROTOCOL is set to 'unix'.
LOCAL_ROOT_URL = %(PROTOCOL)s://%(HTTP_ADDR)s:%(HTTP_PORT)s/ LOCAL_ROOT_URL = %(PROTOCOL)s://%(HTTP_ADDR)s:%(HTTP_PORT)s/
; Disable SSH feature when not available ; Disable SSH feature when not available
DISABLE_SSH = false DISABLE_SSH = false
; Whether to use the builtin SSH server or not. ; Whether to use the builtin SSH server or not.
START_SSH_SERVER = false START_SSH_SERVER = false
; Username to use for the builtin SSH server. If blank, then it is the value of RUN_USER. ; Username to use for the builtin SSH server. If blank, then it is the value of RUN_USER.
BUILTIN_SSH_SERVER_USER = BUILTIN_SSH_SERVER_USER =
; Domain name to be exposed in clone URL ; Domain name to be exposed in clone URL
SSH_DOMAIN = foundation.aninix.net SSH_DOMAIN = foundation.aninix.net
; The network interface the builtin SSH server should listen on ; The network interface the builtin SSH server should listen on
SSH_LISTEN_HOST = SSH_LISTEN_HOST =
; Port number to be exposed in clone URL ; Port number to be exposed in clone URL
SSH_PORT = 22 SSH_PORT = 22
; The port number the builtin SSH server should listen on ; The port number the builtin SSH server should listen on
SSH_LISTEN_PORT = %(SSH_PORT)s SSH_LISTEN_PORT = %(SSH_PORT)s
; Root path of SSH directory, default is '~/.ssh', but you have to use '/home/git/.ssh'. ; Root path of SSH directory, default is '~/.ssh', but you have to use '/home/git/.ssh'.
SSH_ROOT_PATH = SSH_ROOT_PATH =
; Gitea will create a authorized_keys file by default when it is not using the internal ssh server ; Gitea will create a authorized_keys file by default when it is not using the internal ssh server
; If you intend to use the AuthorizedKeysCommand functionality then you should turn this off. ; If you intend to use the AuthorizedKeysCommand functionality then you should turn this off.
SSH_CREATE_AUTHORIZED_KEYS_FILE = true SSH_CREATE_AUTHORIZED_KEYS_FILE = true
; For the built-in SSH server, choose the ciphers to support for SSH connections, ; For the built-in SSH server, choose the ciphers to support for SSH connections,
; for system SSH this setting has no effect ; for system SSH this setting has no effect
SSH_SERVER_CIPHERS = aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, arcfour256, arcfour128 SSH_SERVER_CIPHERS = aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, arcfour256, arcfour128
; For the built-in SSH server, choose the key exchange algorithms to support for SSH connections, ; For the built-in SSH server, choose the key exchange algorithms to support for SSH connections,
; for system SSH this setting has no effect ; for system SSH this setting has no effect
SSH_SERVER_KEY_EXCHANGES = diffie-hellman-group1-sha1, diffie-hellman-group14-sha1, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, curve25519-sha256@libssh.org SSH_SERVER_KEY_EXCHANGES = diffie-hellman-group1-sha1, diffie-hellman-group14-sha1, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, curve25519-sha256@libssh.org
; For the built-in SSH server, choose the MACs to support for SSH connections, ; For the built-in SSH server, choose the MACs to support for SSH connections,
; for system SSH this setting has no effect ; for system SSH this setting has no effect
SSH_SERVER_MACS = hmac-sha2-256-etm@openssh.com, hmac-sha2-256, hmac-sha1, hmac-sha1-96 SSH_SERVER_MACS = hmac-sha2-256-etm@openssh.com, hmac-sha2-256, hmac-sha1, hmac-sha1-96
; Directory to create temporary files in when testing public keys using ssh-keygen, ; Directory to create temporary files in when testing public keys using ssh-keygen,
; default is the system temporary directory. ; default is the system temporary directory.
SSH_KEY_TEST_PATH = SSH_KEY_TEST_PATH =
; Path to ssh-keygen, default is 'ssh-keygen' which means the shell is responsible for finding out which one to call. ; Path to ssh-keygen, default is 'ssh-keygen' which means the shell is responsible for finding out which one to call.
SSH_KEYGEN_PATH = ssh-keygen SSH_KEYGEN_PATH = ssh-keygen
; Enable SSH Authorized Key Backup when rewriting all keys, default is true ; Enable SSH Authorized Key Backup when rewriting all keys, default is true
SSH_BACKUP_AUTHORIZED_KEYS = true SSH_BACKUP_AUTHORIZED_KEYS = true
; Enable exposure of SSH clone URL to anonymous visitors, default is false ; Enable exposure of SSH clone URL to anonymous visitors, default is false
SSH_EXPOSE_ANONYMOUS = false SSH_EXPOSE_ANONYMOUS = false
; Indicate whether to check minimum key size with corresponding type ; Indicate whether to check minimum key size with corresponding type
MINIMUM_KEY_SIZE_CHECK = false MINIMUM_KEY_SIZE_CHECK = false
; Disable CDN even in "prod" mode ; Disable CDN even in "prod" mode
OFFLINE_MODE = true OFFLINE_MODE = true
DISABLE_ROUTER_LOG = false DISABLE_ROUTER_LOG = false
; Generate steps: ; Generate steps:
; $ ./gitea cert -ca=true -duration=8760h0m0s -host=myhost.example.com ; $ ./gitea cert -ca=true -duration=8760h0m0s -host=myhost.example.com
; ;
@@ -209,30 +212,30 @@ DISABLE_ROUTER_LOG = false
; not forget to export the private key): ; not forget to export the private key):
; $ openssl pkcs12 -in cert.pfx -out cert.pem -nokeys ; $ openssl pkcs12 -in cert.pfx -out cert.pem -nokeys
; $ openssl pkcs12 -in cert.pfx -out key.pem -nocerts -nodes ; $ openssl pkcs12 -in cert.pfx -out key.pem -nocerts -nodes
CERT_FILE = custom/https/cert.pem CERT_FILE = custom/https/cert.pem
KEY_FILE = custom/https/key.pem KEY_FILE = custom/https/key.pem
; Root directory containing templates and static files. ; Root directory containing templates and static files.
; default is the path where Gitea is executed ; default is the path where Gitea is executed
STATIC_ROOT_PATH = /usr/share/gitea STATIC_ROOT_PATH = /usr/share/gitea
; Default path for App data ; Default path for App data
APP_DATA_PATH = data APP_DATA_PATH = data
; Application level GZIP support ; Application level GZIP support
ENABLE_GZIP = false ENABLE_GZIP = false
; Application profiling (memory and cpu) ; Application profiling (memory and cpu)
; For "web" command it listens on localhost:6060 ; For "web" command it listens on localhost:6060
; For "serve" command it dumps to disk at PPROF_DATA_PATH as (cpuprofile|memprofile)_<username>_<temporary id> ; For "serve" command it dumps to disk at PPROF_DATA_PATH as (cpuprofile|memprofile)_<username>_<temporary id>
ENABLE_PPROF = false ENABLE_PPROF = false
; PPROF_DATA_PATH, use an absolute path when you start gitea as service ; PPROF_DATA_PATH, use an absolute path when you start gitea as service
PPROF_DATA_PATH = data/tmp/pprof PPROF_DATA_PATH = data/tmp/pprof
; Landing page, can be "home", "explore", or "organizations" ; Landing page, can be "home", "explore", or "organizations"
LANDING_PAGE = home LANDING_PAGE = home
; Enables git-lfs support. true or false, default is false. ; Enables git-lfs support. true or false, default is false.
LFS_START_SERVER = true LFS_START_SERVER = true
; Where your lfs files reside, default is data/lfs. ; Where your lfs files reside, default is data/lfs.
; LFS authentication secret, change this yourself ; LFS authentication secret, change this yourself
LFS_JWT_SECRET = {{ secrets.Foundation.lfs_jwt_secret }} LFS_JWT_SECRET = {{ secrets.Foundation.lfs_jwt_secret }}
; LFS authentication validity period (in time.Duration), pushes taking longer than this may fail. ; LFS authentication validity period (in time.Duration), pushes taking longer than this may fail.
LFS_HTTP_AUTH_EXPIRY = 20m LFS_HTTP_AUTH_EXPIRY = 20m
[lfs] [lfs]
PATH = data/lfs PATH = data/lfs
@@ -240,47 +243,47 @@ PATH = data/lfs
; Define allowed algorithms and their minimum key length (use -1 to disable a type) ; Define allowed algorithms and their minimum key length (use -1 to disable a type)
[ssh.minimum_key_sizes] [ssh.minimum_key_sizes]
ED25519 = 256 ED25519 = 256
ECDSA = 256 ECDSA = 256
RSA = 2048 RSA = 2048
DSA = 1024 DSA = 1024
[database] [database]
; Either "mysql", "postgres", "mssql" or "sqlite3", it's your choice ; Either "mysql", "postgres", "mssql" or "sqlite3", it's your choice
DB_TYPE = postgres DB_TYPE = postgres
HOST = 127.0.0.1:5432 HOST = 127.0.0.1:5432
NAME = gitea NAME = gitea
USER = gitea USER = gitea
; Use PASSWD = `your password` for quoting if you use special characters in the password. ; Use PASSWD = `your password` for quoting if you use special characters in the password.
PASSWD = {{ secrets.Foundation.database_password }} PASSWD = {{ secrets.Foundation.database_password }}
; For Postgres, either "disable" (default), "require", or "verify-full" ; For Postgres, either "disable" (default), "require", or "verify-full"
; For MySQL, either "false" (default), "true", or "skip-verify" ; For MySQL, either "false" (default), "true", or "skip-verify"
SSL_MODE = disable SSL_MODE = disable
; For MySQL only, either "utf8" or "utf8mb4", default is "utf8". ; For MySQL only, either "utf8" or "utf8mb4", default is "utf8".
; NOTICE: for "utf8mb4" you must use MySQL InnoDB > 5.6. Gitea is unable to check this. ; NOTICE: for "utf8mb4" you must use MySQL InnoDB > 5.6. Gitea is unable to check this.
CHARSET = utf8 CHARSET = utf8
; For "sqlite3" and "tidb", use an absolute path when you start gitea as service ; For "sqlite3" and "tidb", use an absolute path when you start gitea as service
PATH = data/gitea.db PATH = data/gitea.db
; For "sqlite3" only. Query timeout ; For "sqlite3" only. Query timeout
SQLITE_TIMEOUT = 500 SQLITE_TIMEOUT = 500
; For iterate buffer, default is 50 ; For iterate buffer, default is 50
ITERATE_BUFFER_SIZE = 50 ITERATE_BUFFER_SIZE = 50
; Show the database generated SQL ; Show the database generated SQL
LOG_SQL = false LOG_SQL = false
; Maximum number of DB Connect retries ; Maximum number of DB Connect retries
DB_RETRIES = 10 DB_RETRIES = 10
; Backoff time per DB retry (time.Duration) ; Backoff time per DB retry (time.Duration)
DB_RETRY_BACKOFF = 3s DB_RETRY_BACKOFF = 3s
[indexer] [indexer]
; Issue indexer type, currently support: bleve or db, default is bleve ; Issue indexer type, currently support: bleve or db, default is bleve
ISSUE_INDEXER_TYPE = bleve ISSUE_INDEXER_TYPE = bleve
; Issue indexer storage path, available when ISSUE_INDEXER_TYPE is bleve ; Issue indexer storage path, available when ISSUE_INDEXER_TYPE is bleve
ISSUE_INDEXER_PATH = indexers/issues.bleve ISSUE_INDEXER_PATH = indexers/issues.bleve
; When `ISSUE_INDEXER_QUEUE_TYPE` is `redis`, this will store the redis connection string. ; When `ISSUE_INDEXER_QUEUE_TYPE` is `redis`, this will store the redis connection string.
; repo indexer by default disabled, since it uses a lot of disk space ; repo indexer by default disabled, since it uses a lot of disk space
REPO_INDEXER_ENABLED = false REPO_INDEXER_ENABLED = false
REPO_INDEXER_PATH = indexers/repos.bleve REPO_INDEXER_PATH = indexers/repos.bleve
MAX_FILE_SIZE = 1048576 MAX_FILE_SIZE = 1048576
[admin] [admin]
; Disallow regular (non-admin) users from creating organizations. ; Disallow regular (non-admin) users from creating organizations.
@@ -288,23 +291,23 @@ DISABLE_REGULAR_ORG_CREATION = true
[security] [security]
; Whether the installer is disabled ; Whether the installer is disabled
INSTALL_LOCK = true INSTALL_LOCK = true
; !!CHANGE THIS TO KEEP YOUR USER DATA SAFE!! ; !!CHANGE THIS TO KEEP YOUR USER DATA SAFE!!
SECRET_KEY = {{ secrets.Foundation.secret_key }} SECRET_KEY = {{ secrets.Foundation.secret_key }}
; How long to remember that an user is logged in before requiring relogin (in days) ; How long to remember that an user is logged in before requiring relogin (in days)
LOGIN_REMEMBER_DAYS = 7 LOGIN_REMEMBER_DAYS = 7
COOKIE_USERNAME = gitea_awesome COOKIE_USERNAME = gitea_awesome
COOKIE_REMEMBER_NAME = gitea_incredible COOKIE_REMEMBER_NAME = gitea_incredible
; Reverse proxy authentication header name of user name ; Reverse proxy authentication header name of user name
REVERSE_PROXY_AUTHENTICATION_USER = X-WEBAUTH-USER REVERSE_PROXY_AUTHENTICATION_USER = X-WEBAUTH-USER
REVERSE_PROXY_AUTHENTICATION_EMAIL = X-WEBAUTH-EMAIL REVERSE_PROXY_AUTHENTICATION_EMAIL = X-WEBAUTH-EMAIL
; The minimum password length for new Users ; The minimum password length for new Users
MIN_PASSWORD_LENGTH = 6 MIN_PASSWORD_LENGTH = 6
; Set to true to allow users to import local server paths ; Set to true to allow users to import local server paths
IMPORT_LOCAL_PATHS = false IMPORT_LOCAL_PATHS = false
; Set to true to prevent all users (including admin) from creating custom git hooks ; Set to true to prevent all users (including admin) from creating custom git hooks
DISABLE_GIT_HOOKS = false DISABLE_GIT_HOOKS = false
INTERNAL_TOKEN = {{ secrets.Foundation.internal_token }} INTERNAL_TOKEN = {{ secrets.Foundation.internal_token }}
[openid] [openid]
; ;
@@ -333,164 +336,164 @@ ENABLE_OPENID_SIGNIN = FALSE
; Space separated. ; Space separated.
; Only these would be allowed if non-blank. ; Only these would be allowed if non-blank.
; Example value: trusted.domain.org trusted.domain.net ; Example value: trusted.domain.org trusted.domain.net
WHITELISTED_URIS = WHITELISTED_URIS =
; Forbidden URI patterns (POSIX regexp). ; Forbidden URI patterns (POSIX regexp).
; Space separated. ; Space separated.
; Only used if WHITELISTED_URIS is blank. ; Only used if WHITELISTED_URIS is blank.
; Example value: loadaverage.org/badguy stackexchange.com/.*spammer ; Example value: loadaverage.org/badguy stackexchange.com/.*spammer
BLACKLISTED_URIS = BLACKLISTED_URIS =
ENABLE_OPENID_SIGNUP = false ENABLE_OPENID_SIGNUP = false
[service] [service]
; Time limit to confirm account/email registration ; Time limit to confirm account/email registration
ACTIVE_CODE_LIVE_MINUTES = 180 ACTIVE_CODE_LIVE_MINUTES = 180
; Time limit to perform the reset of a forgotten password ; Time limit to perform the reset of a forgotten password
RESET_PASSWD_CODE_LIVE_MINUTES = 180 RESET_PASSWD_CODE_LIVE_MINUTES = 180
; Whether a new user needs to confirm their email when registering. ; Whether a new user needs to confirm their email when registering.
REGISTER_EMAIL_CONFIRM = false REGISTER_EMAIL_CONFIRM = false
; List of domain names that are allowed to be used to register on a Gitea instance ; List of domain names that are allowed to be used to register on a Gitea instance
; gitea.io,example.com ; gitea.io,example.com
EMAIL_DOMAIN_ALLOWLIST = EMAIL_DOMAIN_ALLOWLIST =
; Disallow registration, only allow admins to create accounts. ; Disallow registration, only allow admins to create accounts.
DISABLE_REGISTRATION = true DISABLE_REGISTRATION = true
; Allow registration only using third-party services, it works only when DISABLE_REGISTRATION is false ; Allow registration only using third-party services, it works only when DISABLE_REGISTRATION is false
ALLOW_ONLY_EXTERNAL_REGISTRATION = false ALLOW_ONLY_EXTERNAL_REGISTRATION = false
; User must sign in to view anything. ; User must sign in to view anything.
REQUIRE_SIGNIN_VIEW = false REQUIRE_SIGNIN_VIEW = false
; Mail notification ; Mail notification
ENABLE_NOTIFY_MAIL = false ENABLE_NOTIFY_MAIL = false
; More detail: https://github.com/gogits/gogs/issues/165 ; More detail: https://github.com/gogits/gogs/issues/165
ENABLE_REVERSE_PROXY_AUTHENTICATION = false ENABLE_REVERSE_PROXY_AUTHENTICATION = false
ENABLE_REVERSE_PROXY_AUTO_REGISTRATION = false ENABLE_REVERSE_PROXY_AUTO_REGISTRATION = false
ENABLE_REVERSE_PROXY_EMAIL = false ENABLE_REVERSE_PROXY_EMAIL = false
; Enable captcha validation for registration ; Enable captcha validation for registration
ENABLE_CAPTCHA = false ENABLE_CAPTCHA = false
; Type of captcha you want to use. Options: image, recaptcha ; Type of captcha you want to use. Options: image, recaptcha
CAPTCHA_TYPE = image CAPTCHA_TYPE = image
; Enable recaptcha to use Google's recaptcha service ; Enable recaptcha to use Google's recaptcha service
; Go to https://www.google.com/recaptcha/admin to sign up for a key ; Go to https://www.google.com/recaptcha/admin to sign up for a key
RECAPTCHA_SECRET = RECAPTCHA_SECRET =
RECAPTCHA_SITEKEY = RECAPTCHA_SITEKEY =
; Change this to use recaptcha.net or other recaptcha service ; Change this to use recaptcha.net or other recaptcha service
RECAPTCHA_URL = https://www.google.com/recaptcha/ RECAPTCHA_URL = https://www.google.com/recaptcha/
; Default value for KeepEmailPrivate ; Default value for KeepEmailPrivate
; Each new user will get the value of this setting copied into their profile ; Each new user will get the value of this setting copied into their profile
DEFAULT_KEEP_EMAIL_PRIVATE = false DEFAULT_KEEP_EMAIL_PRIVATE = false
; Default value for AllowCreateOrganization ; Default value for AllowCreateOrganization
; Every new user will have rights set to create organizations depending on this setting ; Every new user will have rights set to create organizations depending on this setting
DEFAULT_ALLOW_CREATE_ORGANIZATION = false DEFAULT_ALLOW_CREATE_ORGANIZATION = false
; Either "public", "limited" or "private", default is "public" ; Either "public", "limited" or "private", default is "public"
; Limited is for signed user only ; Limited is for signed user only
; Private is only for member of the organization ; Private is only for member of the organization
; Public is for everyone ; Public is for everyone
DEFAULT_ORG_VISIBILITY = public DEFAULT_ORG_VISIBILITY = public
; Default value for EnableDependencies ; Default value for EnableDependencies
; Repositories will use dependencies by default depending on this setting ; Repositories will use dependencies by default depending on this setting
DEFAULT_ENABLE_DEPENDENCIES = true DEFAULT_ENABLE_DEPENDENCIES = true
; Enable heatmap on users profiles. ; Enable heatmap on users profiles.
ENABLE_USER_HEATMAP = true ENABLE_USER_HEATMAP = true
; Enable Timetracking ; Enable Timetracking
ENABLE_TIMETRACKING = true ENABLE_TIMETRACKING = true
; Default value for EnableTimetracking ; Default value for EnableTimetracking
; Repositories will use timetracking by default depending on this setting ; Repositories will use timetracking by default depending on this setting
DEFAULT_ENABLE_TIMETRACKING = true DEFAULT_ENABLE_TIMETRACKING = true
; Default value for AllowOnlyContributorsToTrackTime ; Default value for AllowOnlyContributorsToTrackTime
; Only users with write permissions can track time if this is true ; Only users with write permissions can track time if this is true
DEFAULT_ALLOW_ONLY_CONTRIBUTORS_TO_TRACK_TIME = true DEFAULT_ALLOW_ONLY_CONTRIBUTORS_TO_TRACK_TIME = true
; Default value for the domain part of the user's email address in the git log ; Default value for the domain part of the user's email address in the git log
; if he has set KeepEmailPrivate to true. The user's email will be replaced with a ; if he has set KeepEmailPrivate to true. The user's email will be replaced with a
; concatenation of the user name in lower case, "@" and NO_REPLY_ADDRESS. ; concatenation of the user name in lower case, "@" and NO_REPLY_ADDRESS.
NO_REPLY_ADDRESS = noreply.aninix.net NO_REPLY_ADDRESS = noreply.aninix.net
; Show Registration button ; Show Registration button
SHOW_REGISTRATION_BUTTON = true SHOW_REGISTRATION_BUTTON = true
; Default value for AutoWatchNewRepos ; Default value for AutoWatchNewRepos
; When adding a repo to a team or creating a new repo all team members will watch the ; When adding a repo to a team or creating a new repo all team members will watch the
; repo automatically if enabled ; repo automatically if enabled
AUTO_WATCH_NEW_REPOS = true AUTO_WATCH_NEW_REPOS = true
[webhook] [webhook]
; Hook task queue length, increase if webhook shooting starts hanging ; Hook task queue length, increase if webhook shooting starts hanging
QUEUE_LENGTH = 1000 QUEUE_LENGTH = 1000
; Deliver timeout in seconds ; Deliver timeout in seconds
DELIVER_TIMEOUT = 5 DELIVER_TIMEOUT = 5
; Allow insecure certification ; Allow insecure certification
SKIP_TLS_VERIFY = false SKIP_TLS_VERIFY = false
; Number of history information in each page ; Number of history information in each page
PAGING_NUM = 10 PAGING_NUM = 10
ALLOWED_HOST_LIST = ::1/128, 127.0.0.1/32 ALLOWED_HOST_LIST = ::1/128, 127.0.0.1/32
; We don't use mail ; We don't use mail
[mailer] [mailer]
ENABLED = false ENABLED = false
[cache] [cache]
; Either "memory", "redis", or "memcache", default is "memory" ; Either "memory", "redis", or "memcache", default is "memory"
ADAPTER = memory ADAPTER = memory
; For "memory" only, GC interval in seconds, default is 60 ; For "memory" only, GC interval in seconds, default is 60
INTERVAL = 60 INTERVAL = 60
; For "redis" and "memcache", connection host address ; For "redis" and "memcache", connection host address
; redis: network=tcp,addr=:6379,password=macaron,db=0,pool_size=100,idle_timeout=180 ; redis: network=tcp,addr=:6379,password=macaron,db=0,pool_size=100,idle_timeout=180
; memcache: `127.0.0.1:11211` ; memcache: `127.0.0.1:11211`
HOST = HOST =
; Time to keep items in cache if not used, default is 16 hours. ; Time to keep items in cache if not used, default is 16 hours.
; Setting it to 0 disables caching ; Setting it to 0 disables caching
ITEM_TTL = 16h ITEM_TTL = 16h
[session] [session]
; Either "memory", "file", or "redis", default is "memory" ; Either "memory", "file", or "redis", default is "memory"
PROVIDER = file PROVIDER = file
; Provider config options ; Provider config options
; memory: doesn't have any config yet ; memory: doesn't have any config yet
; file: session file path, e.g. `data/sessions` ; file: session file path, e.g. `data/sessions`
; redis: network=tcp,addr=:6379,password=macaron,db=0,pool_size=100,idle_timeout=180 ; redis: network=tcp,addr=:6379,password=macaron,db=0,pool_size=100,idle_timeout=180
; mysql: go-sql-driver/mysql dsn config string, e.g. `root:password@/session_table` ; mysql: go-sql-driver/mysql dsn config string, e.g. `root:password@/session_table`
PROVIDER_CONFIG = data/sessions PROVIDER_CONFIG = data/sessions
; Session cookie name ; Session cookie name
COOKIE_NAME = i_like_gitea COOKIE_NAME = i_like_gitea
; If you use session in https only, default is false ; If you use session in https only, default is false
COOKIE_SECURE = true COOKIE_SECURE = true
; Enable set cookie, default is true ; Enable set cookie, default is true
ENABLE_SET_COOKIE = true ENABLE_SET_COOKIE = true
; Session GC time interval in seconds, default is 86400 (1 day) ; Session GC time interval in seconds, default is 86400 (1 day)
GC_INTERVAL_TIME = 86400 GC_INTERVAL_TIME = 86400
; Session life time in seconds, default is 86400 (1 day) ; Session life time in seconds, default is 86400 (1 day)
SESSION_LIFE_TIME = 86400 SESSION_LIFE_TIME = 86400
[picture] [picture]
AVATAR_UPLOAD_PATH = data/avatars AVATAR_UPLOAD_PATH = avatars
REPOSITORY_AVATAR_UPLOAD_PATH = data/repo-avatars REPOSITORY_AVATAR_UPLOAD_PATH = repo-avatars
; How Gitea deals with missing repository avatars ; How Gitea deals with missing repository avatars
; none = no avatar will be displayed; random = random avatar will be displayed; image = default image will be used ; none = no avatar will be displayed; random = random avatar will be displayed; image = default image will be used
REPOSITORY_AVATAR_FALLBACK = none REPOSITORY_AVATAR_FALLBACK = none
REPOSITORY_AVATAR_FALLBACK_IMAGE = /img/repo_default.png REPOSITORY_AVATAR_FALLBACK_IMAGE = /img/repo_default.png
; Max Width and Height of uploaded avatars. ; Max Width and Height of uploaded avatars.
; This is to limit the amount of RAM used when resizing the image. ; This is to limit the amount of RAM used when resizing the image.
AVATAR_MAX_WIDTH = 4096 AVATAR_MAX_WIDTH = 4096
AVATAR_MAX_HEIGHT = 3072 AVATAR_MAX_HEIGHT = 3072
; Maximum alloved file size for uploaded avatars. ; Maximum alloved file size for uploaded avatars.
; This is to limit the amount of RAM used when resizing the image. ; This is to limit the amount of RAM used when resizing the image.
AVATAR_MAX_FILE_SIZE = 1048576 AVATAR_MAX_FILE_SIZE = 1048576
; Chinese users can choose "duoshuo" ; Chinese users can choose "duoshuo"
; or a custom avatar source, like: http://cn.gravatar.com/avatar/ ; or a custom avatar source, like: http://cn.gravatar.com/avatar/
GRAVATAR_SOURCE = gravatar GRAVATAR_SOURCE = gravatar
; This value will always be true in offline mode. ; This value will always be true in offline mode.
DISABLE_GRAVATAR = true DISABLE_GRAVATAR = true
; Federated avatar lookup uses DNS to discover avatar associated ; Federated avatar lookup uses DNS to discover avatar associated
; with emails, see https://www.libravatar.org ; with emails, see https://www.libravatar.org
; This value will always be false in offline mode or when Gravatar is disabled. ; This value will always be false in offline mode or when Gravatar is disabled.
ENABLE_FEDERATED_AVATAR = false ENABLE_FEDERATED_AVATAR = false
[attachment] [attachment]
; Whether attachments are enabled. Defaults to `true` ; Whether attachments are enabled. Defaults to `true`
ENABLED = true ENABLED = true
; Path for attachments. Defaults to `data/attachments` ; Path for attachments. Defaults to `data/attachments`
PATH = data/attachments PATH = data/attachments
; One or more allowed types, e.g. image/jpeg|image/png ; One or more allowed types, e.g. image/jpeg|image/png
ALLOWED_TYPES = image/jpeg|image/png|application/zip|application/gzip ALLOWED_TYPES = image/jpeg|image/png|application/zip|application/gzip
; Max size of each file. Defaults to 4MB ; Max size of each file. Defaults to 4MB
MAX_SIZE = 4 MAX_SIZE = 4
; Max number of files per upload. Defaults to 5 ; Max number of files per upload. Defaults to 5
MAX_FILES = 5 MAX_FILES = 5
[time] [time]
; Specifies the format for fully outputted dates. Defaults to RFC1123 ; Specifies the format for fully outputted dates. Defaults to RFC1123
@@ -499,33 +502,28 @@ MAX_FILES = 5
FORMAT = FORMAT =
[log] [log]
ROOT_PATH = %(GITEA_WORK_DIR)/log ROOT_PATH = /var/log/gitea/
; Either "console", "file", "conn", "smtp" or "database", default is "console"
; Use comma to separate multiple modes, e.g. "console, file"
MODE = console MODE = console
LEVEL = Info ; Either "Trace", "Debug", "Info", "Warn", "Error", "Critical", default is "Trace"
LEVEL = Warn
; Either "Trace", "Debug", "Info", "Warn", "Error", "Critical", default is "None"
STACKTRACE_LEVEL = None STACKTRACE_LEVEL = None
logger.router.MODE = , logger.router.MODE = ,
logger.xorm.MODE = , logger.xorm.MODE = ,
logger.access.MODE = logger.access.MODE = console
ROOT_PATH = /var/log/gitea/
; Either "console", "file", "conn", "smtp" or "database", default is "console"
; Use comma to separate multiple modes, e.g. "console, file"
MODE = console
; Buffer length of the channel, keep it as it is if you don't know what it is. ; Buffer length of the channel, keep it as it is if you don't know what it is.
BUFFER_LEN = 10000 BUFFER_LEN = 10000
; Either "Trace", "Debug", "Info", "Warn", "Error", "Critical", default is "Info" ; Either "Trace", "Debug", "Info", "Warn", "Error", "Critical", default is "Info"
ACCESS_LOG_TEMPLATE = {{ '{{' }}.Ctx.RemoteAddr{{ '}}' }} - {{ '{{' }}.Identity{{ '}}' }} {{ '{{' }}.Start.Format "[02/Jan/2006:15:04:05 -0700]" {{ '}}' }} "{{ '{{' }}.Ctx.Req.Method{{ '}}' }} {{ '{{' }}.Ctx.Req.RequestURI{{ '}}' }} {{ '{{' }}.Ctx.Req.Proto{{ '}}' }}" {{ '{{' }}.ResponseWriter.Status{{ '}}' }} {{ '{{' }}.ResponseWriter.Size{{ '}}' }} "{{ '{{' }}.Ctx.Req.Referer{{ '}}' }}\" \"{{ '{{' }}.Ctx.Req.UserAgent{{ '}}' }}" ;ACCESS_LOG_TEMPLATE =
logger.access.MODE = console
; Either "Trace", "Debug", "Info", "Warn", "Error", "Critical", default is "Trace"
LEVEL = Info
; Either "Trace", "Debug", "Info", "Warn", "Error", "Critical", default is "None"
STACKTRACE_LEVEL = Critical
; Generic log modes ; Generic log modes
[log.x] [log.x]
FLAGS = stdflags FLAGS = stdflags
EXPRESSION = EXPRESSION =
PREFIX = PREFIX =
COLORIZE = false COLORIZE = false
; For "console" mode only ; For "console" mode only
[log.console] [log.console]
@@ -536,54 +534,54 @@ COLORIZE = true
; For "file" mode only ; For "file" mode only
[log.file] [log.file]
LEVEL = LEVEL =
; Set the file_name for the logger. If this is a relative path this ; Set the file_name for the logger. If this is a relative path this
; will be relative to ROOT_PATH ; will be relative to ROOT_PATH
FILE_NAME = FILE_NAME =
; This enables automated log rotate(switch of following options), default is true ; This enables automated log rotate(switch of following options), default is true
LOG_ROTATE = true LOG_ROTATE = true
; Max number of lines in a single file, default is 1000000 ; Max number of lines in a single file, default is 1000000
MAX_LINES = 1000000 MAX_LINES = 1000000
; Max size shift of a single file, default is 28 means 1 << 28, 256MB ; Max size shift of a single file, default is 28 means 1 << 28, 256MB
MAX_SIZE_SHIFT = 28 MAX_SIZE_SHIFT = 28
; Segment log daily, default is true ; Segment log daily, default is true
DAILY_ROTATE = true DAILY_ROTATE = true
; delete the log file after n days, default is 7 ; delete the log file after n days, default is 7
MAX_DAYS = 7 MAX_DAYS = 7
; compress logs with gzip ; compress logs with gzip
COMPRESS = true COMPRESS = true
; compression level see godoc for compress/gzip ; compression level see godoc for compress/gzip
COMPRESSION_LEVEL = -1 COMPRESSION_LEVEL = -1
; For "conn" mode only ; For "conn" mode only
[log.conn] [log.conn]
LEVEL = LEVEL =
; Reconnect host for every single message, default is false ; Reconnect host for every single message, default is false
RECONNECT_ON_MSG = false RECONNECT_ON_MSG = false
; Try to reconnect when connection is lost, default is false ; Try to reconnect when connection is lost, default is false
RECONNECT = false RECONNECT = false
; Either "tcp", "unix" or "udp", default is "tcp" ; Either "tcp", "unix" or "udp", default is "tcp"
PROTOCOL = tcp PROTOCOL = tcp
; Host address ; Host address
ADDR = ADDR =
; For "smtp" mode only ; For "smtp" mode only
[log.smtp] [log.smtp]
LEVEL = LEVEL =
; Name displayed in mail title, default is "Diagnostic message from server" ; Name displayed in mail title, default is "Diagnostic message from server"
SUBJECT = Diagnostic message from server SUBJECT = Diagnostic message from server
; Mail server ; Mail server
HOST = HOST =
; Mailer user name and password ; Mailer user name and password
USER = USER =
; Use PASSWD = `your password` for quoting if you use special characters in the password. ; Use PASSWD = `your password` for quoting if you use special characters in the password.
PASSWD = PASSWD =
; Receivers, can be one or more, e.g. 1@example.com,2@example.com ; Receivers, can be one or more, e.g. 1@example.com,2@example.com
RECEIVERS = RECEIVERS =
[cron] [cron]
; Enable running cron tasks periodically. ; Enable running cron tasks periodically.
ENABLED = true ENABLED = true
; Run cron tasks when Gitea starts. ; Run cron tasks when Gitea starts.
RUN_AT_START = false RUN_AT_START = false
@@ -594,90 +592,90 @@ SCHEDULE = @every 10m
; Repository health check ; Repository health check
[cron.repo_health_check] [cron.repo_health_check]
SCHEDULE = @every 24h SCHEDULE = @every 24h
TIMEOUT = 60s TIMEOUT = 60s
; Arguments for command 'git fsck', e.g. "--unreachable --tags" ; Arguments for command 'git fsck', e.g. "--unreachable --tags"
; see more on http://git-scm.com/docs/git-fsck ; see more on http://git-scm.com/docs/git-fsck
ARGS = ARGS =
; Check repository statistics ; Check repository statistics
[cron.check_repo_stats] [cron.check_repo_stats]
RUN_AT_START = true RUN_AT_START = true
SCHEDULE = @every 24h SCHEDULE = @every 24h
; Clean up old repository archives ; Clean up old repository archives
[cron.archive_cleanup] [cron.archive_cleanup]
; Whether to enable the job ; Whether to enable the job
ENABLED = true ENABLED = true
; Whether to always run at least once at start up time (if ENABLED) ; Whether to always run at least once at start up time (if ENABLED)
RUN_AT_START = true RUN_AT_START = true
; Time interval for job to run ; Time interval for job to run
SCHEDULE = @every 24h SCHEDULE = @every 24h
; Archives created more than OLDER_THAN ago are subject to deletion ; Archives created more than OLDER_THAN ago are subject to deletion
OLDER_THAN = 24h OLDER_THAN = 24h
; Synchronize external user data (only LDAP user synchronization is supported) ; Synchronize external user data (only LDAP user synchronization is supported)
[cron.sync_external_users] [cron.sync_external_users]
; Synchronize external user data when starting server (default false) ; Synchronize external user data when starting server (default false)
RUN_AT_START = false RUN_AT_START = false
; Interval as a duration between each synchronization (default every 24h) ; Interval as a duration between each synchronization (default every 24h)
SCHEDULE = @every 24h SCHEDULE = @every 24h
; Create new users, update existing user data and disable users that are not in external source anymore (default) ; Create new users, update existing user data and disable users that are not in external source anymore (default)
; or only create new users if UPDATE_EXISTING is set to false ; or only create new users if UPDATE_EXISTING is set to false
UPDATE_EXISTING = true UPDATE_EXISTING = true
[git] [git]
; Disables highlight of added and removed changes ; Disables highlight of added and removed changes
DISABLE_DIFF_HIGHLIGHT = false DISABLE_DIFF_HIGHLIGHT = false
; Max number of lines allowed in a single file in diff view ; Max number of lines allowed in a single file in diff view
MAX_GIT_DIFF_LINES = 1000 MAX_GIT_DIFF_LINES = 1000
; Max number of allowed characters in a line in diff view ; Max number of allowed characters in a line in diff view
MAX_GIT_DIFF_LINE_CHARACTERS = 5000 MAX_GIT_DIFF_LINE_CHARACTERS = 5000
; Max number of files shown in diff view ; Max number of files shown in diff view
MAX_GIT_DIFF_FILES = 100 MAX_GIT_DIFF_FILES = 100
; Arguments for command 'git gc', e.g. "--aggressive --auto" ; Arguments for command 'git gc', e.g. "--aggressive --auto"
; see more on http://git-scm.com/docs/git-gc/ ; see more on http://git-scm.com/docs/git-gc/
GC_ARGS = GC_ARGS =
; If use git wire protocol version 2 when git version >= 2.18, default is true, set to false when you always want git wire protocol version 1 ; If use git wire protocol version 2 when git version >= 2.18, default is true, set to false when you always want git wire protocol version 1
EnableAutoGitWireProtocol = true EnableAutoGitWireProtocol = true
; Operation timeout in seconds ; Operation timeout in seconds
[git.timeout] [git.timeout]
DEFAULT = 360 DEFAULT = 360
MIGRATE = 600 MIGRATE = 600
MIRROR = 300 MIRROR = 300
CLONE = 300 CLONE = 300
PULL = 300 PULL = 300
GC = 60 GC = 60
[mirror] [mirror]
; Default interval as a duration between each check ; Default interval as a duration between each check
DEFAULT_INTERVAL = 8h DEFAULT_INTERVAL = 8h
; Min interval as a duration must be > 1m ; Min interval as a duration must be > 1m
MIN_INTERVAL = 10m MIN_INTERVAL = 10m
[api] [api]
; Enables Swagger. True or false; default is true. ; Enables Swagger. True or false; default is true.
ENABLE_SWAGGER = true ENABLE_SWAGGER = true
; Max number of items in a page ; Max number of items in a page
MAX_RESPONSE_ITEMS = 50 MAX_RESPONSE_ITEMS = 50
; Default paging number of api ; Default paging number of api
DEFAULT_PAGING_NUM = 30 DEFAULT_PAGING_NUM = 30
; Default and maximum number of items per page for git trees api ; Default and maximum number of items per page for git trees api
DEFAULT_GIT_TREES_PER_PAGE = 1000 DEFAULT_GIT_TREES_PER_PAGE = 1000
; Default size of a blob returned by the blobs API (default is 10MiB) ; Default size of a blob returned by the blobs API (default is 10MiB)
DEFAULT_MAX_BLOB_SIZE = 10485760 DEFAULT_MAX_BLOB_SIZE = 10485760
[oauth2] [oauth2]
; Enables OAuth2 provider ; Enables OAuth2 provider
ENABLE = true ENABLE = true
; Lifetime of an OAuth2 access token in seconds ; Lifetime of an OAuth2 access token in seconds
ACCESS_TOKEN_EXPIRATION_TIME = 3600 ACCESS_TOKEN_EXPIRATION_TIME = 3600
; Lifetime of an OAuth2 access token in hours ; Lifetime of an OAuth2 access token in hours
REFRESH_TOKEN_EXPIRATION_TIME = 730 REFRESH_TOKEN_EXPIRATION_TIME = 730
; Check if refresh token got already used ; Check if refresh token got already used
INVALIDATE_REFRESH_TOKENS = false INVALIDATE_REFRESH_TOKENS = false
; OAuth2 authentication secret for access and refresh tokens, change this a unique string. ; OAuth2 authentication secret for access and refresh tokens, change this a unique string.
JWT_SECRET = {{ secrets.Foundation.jwt_secret }} JWT_SECRET = {{ secrets.Foundation.jwt_secret }}
[i18n] [i18n]
LANGS = en-US,zh-CN,zh-HK,zh-TW,de-DE,fr-FR,nl-NL,lv-LV,ru-RU,uk-UA,ja-JP,es-ES,pt-BR,pl-PL,bg-BG,it-IT,fi-FI,tr-TR,cs-CZ,sr-SP,sv-SE,ko-KR LANGS = en-US,zh-CN,zh-HK,zh-TW,de-DE,fr-FR,nl-NL,lv-LV,ru-RU,uk-UA,ja-JP,es-ES,pt-BR,pl-PL,bg-BG,it-IT,fi-FI,tr-TR,cs-CZ,sr-SP,sv-SE,ko-KR
@@ -721,24 +719,23 @@ ko-KR = ko
[highlight.mapping] [highlight.mapping]
[other] [other]
SHOW_FOOTER_BRANDING = false SHOW_FOOTER_BRANDING = false
; Show version information about Gitea and Go in the footer ; Show version information about Gitea and Go in the footer
SHOW_FOOTER_VERSION = false SHOW_FOOTER_VERSION = false
; Show template execution time in the footer ; Show template execution time in the footer
SHOW_FOOTER_TEMPLATE_LOAD_TIME = true SHOW_FOOTER_TEMPLATE_LOAD_TIME = true
[markup.asciidoc] [markup.asciidoc]
ENABLED = false ENABLED = false
; List of file extensions that should be rendered by an external command ; List of file extensions that should be rendered by an external command
FILE_EXTENSIONS = .adoc,.asciidoc FILE_EXTENSIONS = .adoc,.asciidoc
; External command to render all matching extensions ; External command to render all matching extensions
RENDER_COMMAND = asciidoc --out-file=- - RENDER_COMMAND = asciidoc --out-file=- -
; Don't pass the file on STDIN, pass the filename as argument instead. ; Don't pass the file on STDIN, pass the filename as argument instead.
IS_INPUT_FILE = false IS_INPUT_FILE = false
[metrics] [metrics]
; Enables metrics endpoint. True or false; default is false. ; Enables metrics endpoint. True or false; default is false.
ENABLED = false ENABLED = false
; If you want to add authorization, specify a token here ; If you want to add authorization, specify a token here
TOKEN = TOKEN =

4
roles/IRC/files/services/ircservices.service → roles/IRC/files/services/anope.service
View File

@@ -6,10 +6,10 @@ After=network.target
[Service] [Service]
Type=simple Type=simple
PIDFile=/run/anope/anope.pid PIDFile=/run/anope/anope.pid
ExecStart=/opt/anope/bin/services --confdir=/etc/anope/ --dbdir=/opt/anope/data --localedir=/opt/anope/locale --logdir=/var/log/anope --modulesdir=/opt/anope/lib --nofork ExecStart=/usr/bin/services --confdir=/etc/anope/ --dbdir=/opt/anope/data --logdir=/var/log/anope --localedir=/usr/lib/anope/locale --modulesdir=/usr/lib/anope --nofork
ExecReload=/bin/kill -1 $MAINPID ExecReload=/bin/kill -1 $MAINPID
Restart=always Restart=always
User=ircd User=anope
Group=ircd Group=ircd
[Install] [Install]

6
roles/IRC/files/services/irc.service → roles/IRC/files/services/inspircd.service
View File

@@ -5,12 +5,12 @@ After=network.target
[Service] [Service]
Type=forking Type=forking
PIDFile=/var/lib/inspircd/inspircd.pid PIDFile=/var/lib//inspircd.pid
ExecStart=/usr/bin/inspircd ExecStart=/usr/bin/
ExecReload=kill -HUP $MAINPID ExecReload=kill -HUP $MAINPID
ExecStop=kill $MAINPID ExecStop=kill $MAINPID
Restart=always Restart=always
User=ircd User=inspircd
Group=ircd Group=ircd
[Install] [Install]

15
roles/IRC/files/services/ircweb.service
View File

@@ -1,15 +0,0 @@
[Unit]
Description=AniNIX/IRC Web Client
After=network.target irc.service ircservices.service
[Service]
WorkingDirectory=/usr/local/src/KiwiIRC/
ExecStart=/bin/sh ./kiwi -f
ExecReload=/bin/kill -HUP $MAINPID
KillMode=control-group
Restart=always
User=ircd
Group=ircd
[Install]
WantedBy=multi-user.target

55
roles/IRC/tasks/daemon.yml
View File

@@ -5,12 +5,22 @@
file: file:
state: directory state: directory
path: "{{ item }}" path: "{{ item }}"
owner: ircd owner: inspircd
group: ircd group: ircd
mode: 0750 mode: 0750
loop: loop:
- "/var/log/inspircd" - "/var/log/inspircd"
- "/etc/inspircd" - "/etc/inspircd"
- "/etc/inspircd/data/"
- name: Socket directory permissions
become: yes
file:
state: directory
path: /run/inspircd
owner: inspircd
group: ircd
mode: 0755
- name: Generate dhparam - name: Generate dhparam
become: yes become: yes
@@ -23,40 +33,24 @@
file: file:
state: file state: file
path: /etc/inspircd/dhparams.pem path: /etc/inspircd/dhparams.pem
owner: ircd owner: inspircd
group: ircd group: ircd
mode: 0640 mode: 0640
- name: Add ircd user to ssl - name: Add inspircd user to ssl
become: yes become: yes
user: user:
name: ircd name: inspircd
groups: ssl groups: ssl,ircd
append: yes append: yes
- name: Copy service file
become: yes
register: servicesfile
copy:
src: services/irc.service
dest: /usr/lib/systemd/system/irc.service
owner: root
group: root
mode: 0644
- name: Reload services
when: servicesfile.changed
become: yes
systemd:
daemon_reload: true
- name: Copy config and fill in attributes - name: Copy config and fill in attributes
register: templatefiles register: templatefiles
become: yes become: yes
template: template:
src: "inspircd/{{ item }}.j2" src: "inspircd/{{ item }}.j2"
dest: "/etc/inspircd/{{ item }}" dest: "/etc/inspircd/{{ item }}"
owner: ircd owner: inspircd
group: ircd group: ircd
mode: 0600 mode: 0600
loop: loop:
@@ -67,20 +61,11 @@
- rules.txt - rules.txt
- motd.txt - motd.txt
- name: Tracking directory
become: yes
file:
dest: "/etc/inspircd/data/"
owner: ircd
group: ircd
mode: 0750
state: directory
- name: Ensure tracking files - name: Ensure tracking files
become: yes become: yes
file: file:
dest: "/etc/inspircd/{{ item }}" dest: "/etc/inspircd/{{ item }}"
owner: ircd owner: inspircd
group: ircd group: ircd
mode: 0600 mode: 0600
loop: loop:
@@ -90,13 +75,13 @@
- name: Ensure service running - name: Ensure service running
become: yes become: yes
service: service:
name: irc name: inspircd
state: started state: started
enabled: yes enabled: yes
- name: Reload on config change - name: Reload on config change
become: yes become: yes
when: templatefiles.changed or servicesfile.changed when: templatefiles.changed
service: service:
name: irc name: inspircd
state: reloaded state: reloaded

19
roles/IRC/tasks/services.yml
View File

@@ -1,11 +1,18 @@
--- ---
- name: Add anope user to ircd
become: yes
user:
name: anope
groups: ircd
append: yes
- name: Ensure directory permissions - name: Ensure directory permissions
become: yes become: yes
file: file:
state: directory state: directory
path: "{{ item }}" path: "{{ item }}"
owner: ircd owner: anope
group: ircd group: ircd
mode: 0700 mode: 0700
loop: loop:
@@ -20,7 +27,7 @@
template: template:
src: "anope/{{ item }}.j2" src: "anope/{{ item }}.j2"
dest: "/etc/anope/{{ item }}" dest: "/etc/anope/{{ item }}"
owner: ircd owner: anope
group: ircd group: ircd
mode: 0600 mode: 0600
loop: loop:
@@ -38,8 +45,8 @@
become: yes become: yes
register: servicesfile register: servicesfile
copy: copy:
src: services/ircservices.service src: services/anope.service
dest: /usr/lib/systemd/system/ircservices.service dest: /usr/lib/systemd/system/anope.service
owner: root owner: root
group: root group: root
mode: 0644 mode: 0644
@@ -53,7 +60,7 @@
- name: Ensure service running - name: Ensure service running
become: yes become: yes
service: service:
name: ircservices name: anope
state: started state: started
enabled: yes enabled: yes
@@ -61,5 +68,5 @@
become: yes become: yes
when: templatefiles.changed or servicesfile.changed when: templatefiles.changed or servicesfile.changed
service: service:
name: ircservices name: anope
state: reloaded state: reloaded

80
roles/IRC/tasks/web.yml
View File

@@ -1,58 +1,30 @@
--- ---
- name: Clone KiwiIRC - name: KiwiIRC Packages
become: yes become: yes
git: package:
repo: https://github.com/prawnsalad/KiwiIRC.git name:
dest: /usr/local/src/KiwiIRC - kiwiirc-server-bin
update: no state: present
# Need to capture AniNIX skinning of client as well as client build process. - name: Update permissions
become: yes
file:
path: "{{ item }}"
recurse: yes
owner: ircd
group: http
loop:
- /etc/kiwiirc
- /usr/share/kiwiirc
- name: Update permissions - name: Populate config
become: yes become: yes
file: template:
path: /usr/local/src/KiwiIRC src: "kiwiirc/{{ item }}.j2"
recurse: yes dest: "/etc/kiwiirc/{{ item }}"
owner: ircd owner: ircd
group: ircd group: http
mode: 0640
- name: Populate config loop:
become: yes - "client.json"
register: config
template:
src: kiwiirc/config.js.j2
dest: /usr/local/src/KiwiIRC/config.js
owner: ircd
group: ircd
mode: 0600
- name: Copy service file
become: yes
register: servicesfile
copy:
src: services/ircweb.service
dest: /usr/lib/systemd/system/ircweb.service
owner: root
group: root
mode: 0644
- name: Reload services
when: servicesfile.changed
become: yes
systemd:
daemon_reload: true
- name: Ensure service running
become: yes
service:
name: ircweb
state: started
enabled: yes
- name: Reload on config change
become: yes
when: config.changed or servicesfile.changed
service:
name: ircweb
state: reloaded

4
roles/IRC/templates/anope/modules.conf.j2
View File

@@ -36,7 +36,7 @@ module
* Admin credentials used for performing searches and adding users. * Admin credentials used for performing searches and adding users.
*/ */
admin_binddn = "uid=binduser,{{ ldap['userou'] }},{{ ldap['orgdn'] }}" admin_binddn = "uid=binduser,{{ ldap['userou'] }},{{ ldap['orgdn'] }}"
admin_password = "{{ secrets['Sora']['bindpassword'] }}" admin_password = "{{ secrets['Password']['bindpassword'] }}"
} }
} }
@@ -91,7 +91,7 @@ module
* *
* If not set, then registration is not blocked. * If not set, then registration is not blocked.
*/ */
#disable_register_reason = "To register on this network, contact a netadmin in #lobby. They will need to add an AniNIX/Sora LDAP account for you." #disable_register_reason = "To register on this network, contact a netadmin in #lobby. They will need to add an AniNIX/Password LDAP account for you."
/* /*
* If set, the reason to give the users who try to "/msg NickServ SET EMAIL". * If set, the reason to give the users who try to "/msg NickServ SET EMAIL".

13
roles/IRC/templates/anope/services.conf.j2
View File

@@ -135,7 +135,7 @@ uplink
* *
* NOTE: On some shell providers, this will not be an option. * NOTE: On some shell providers, this will not be an option.
*/ */
host = "10.0.1.3" host = "127.0.0.1"
/* /*
* Enable if Services should connect using IPv6. * Enable if Services should connect using IPv6.
@@ -221,19 +221,10 @@ serverinfo
* *
* This directive tells Anope which IRCd Protocol to speak when connecting. * This directive tells Anope which IRCd Protocol to speak when connecting.
* You MUST modify this to match the IRCd you run. * You MUST modify this to match the IRCd you run.
*
* Supported:
* - bahamut
* - inspircd11
* - inspircd12
* - inspircd20
* - plexus
* - ratbox
* - unreal
*/ */
module module
{ {
name = "inspircd20" name = "inspircd3"
/* /*
* Some protocol modules can enforce mode locks server-side. This reduces the spam caused by * Some protocol modules can enforce mode locks server-side. This reduces the spam caused by

22
roles/IRC/templates/inspircd/inspircd.conf.j2
View File

@@ -1,5 +1,4 @@
# Includes # Includes
<config format="xml">
<include file="/etc/inspircd/opers.conf"> <include file="/etc/inspircd/opers.conf">
<include file="/etc/inspircd/links.conf"> <include file="/etc/inspircd/links.conf">
<include file="/etc/inspircd/modules.conf"> <include file="/etc/inspircd/modules.conf">
@@ -54,6 +53,7 @@
limit="500" limit="500"
localmax="500" localmax="500"
maxconnwarn="on" maxconnwarn="on"
maxchans="20"
modes="+wx" modes="+wx"
pingfreq="120" pingfreq="120"
port="6697" port="6697"
@@ -81,7 +81,16 @@
tlsv13="yes"> tlsv13="yes">
<openssl onrehash="yes"> <openssl onrehash="yes">
# Websockets
<connect
name="websockets"
allow="/run/inspircd/websocket.sock">
<bind
path="/run/inspircd/websocket.sock"
type="clients"
hook="websocket"
permissions="0777"
replace="yes">
# Performance # Performance
<performance <performance
@@ -91,6 +100,8 @@
softlimit="1024" softlimit="1024"
quietbursts="yes"> quietbursts="yes">
<log method="file" type="* -USERINPUT -USEROUTPUT" level="default" target="/var/log/inspircd/inspircd.log" flush="1"> <log method="file" type="* -USERINPUT -USEROUTPUT" level="default" target="/var/log/inspircd/inspircd.log" flush="1">
# If things aren't working as intended, flip the commenting of the lines above and below here. Make sure to remove /tmp/ircd.log afterwards.
#<log method="file" type="* -USERINPUT -USEROUTPUT" level="debug" target="/tmp/ircd.log" flush="5">
<pid file="/var/lib/inspircd/inspircd.pid"> <pid file="/var/lib/inspircd/inspircd.pid">
<options <options
@@ -119,7 +130,7 @@
defaultmodes="not" defaultmodes="not"
moronbanner="You're banned! Contact {{ organization['email'] }} with the ERROR line below for help." xlinemessage="You're banned! Contact {{ organization['email'] }} with the ERROR line below for help."
exemptchanops="nonick:v flood:o" exemptchanops="nonick:v flood:o"
invitebypassmodes="yes" invitebypassmodes="yes"
nosnoticestack="no" nosnoticestack="no"
@@ -134,7 +145,7 @@
hidemodes="eI" hidemodes="eI"
hideulines="no" hideulines="no"
flatlinks="no" flatlinks="no"
hidewhois="" hideserver=""
hidebans="no" hidebans="no"
hidekills="" hidekills=""
hidesplits="yes" hidesplits="yes"
@@ -152,9 +163,8 @@
maxquit="255" maxquit="255"
maxtopic="307" maxtopic="307"
maxkick="255" maxkick="255"
maxgecos="128" maxreal="128"
maxaway="200"> maxaway="200">
<channels users="20" opers="60">
<maxlist chan="*" limit="60"> <maxlist chan="*" limit="60">
<whowas <whowas
groupsize="10" groupsize="10"

2
roles/IRC/templates/inspircd/links.conf.j2
View File

@@ -3,7 +3,7 @@
<link name="ircservices.{{ external_domain }}" <link name="ircservices.{{ external_domain }}"
ipaddr="core.{{ replica_domain }}" ipaddr="core.{{ replica_domain }}"
port="8067" port="8067"
allowmask="10.0.1.3/32" allowmask="127.0.0.1"
sendpass="{{ secrets['IRC']['servicespass'] }}" sendpass="{{ secrets['IRC']['servicespass'] }}"
recvpass="{{ secrets['IRC']['servicespass'] }}"> recvpass="{{ secrets['IRC']['servicespass'] }}">

23
roles/IRC/templates/inspircd/modules.conf.j2
View File

@@ -8,6 +8,8 @@
# SHA256 module: Allows other modules to generate SHA256 hashes, # SHA256 module: Allows other modules to generate SHA256 hashes,
# usually for cryptographic uses and security. # usually for cryptographic uses and security.
<module name="m_sha256.so"> <module name="m_sha256.so">
# SHA1 module
<module name="m_sha1.so">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Abbreviation module: Provides the ability to abbreviate commands a-la # Abbreviation module: Provides the ability to abbreviate commands a-la
@@ -54,8 +56,8 @@
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Block CAPS module: Adds channel mode +B, blocks all-CAPS messages. # Block CAPS module: Adds channel mode +B, blocks all-CAPS messages.
<module name="m_blockcaps.so"> <module name="m_anticaps.so">
<blockcaps percent="50" <anticaps percent="50"
minlen="5" minlen="5"
capsmap="ABCDEFGHIJKLMNOPQRSTUVWXYZ! "> capsmap="ABCDEFGHIJKLMNOPQRSTUVWXYZ! ">
@@ -402,15 +404,20 @@
# integration with services packages. # integration with services packages.
<module name="m_topiclock.so"> <module name="m_topiclock.so">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Userip module: Adds the /USERIP command.
# Allows users to query their own IP, also allows opers to query the IP
# of anyone else.
<module name="m_userip.so">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Spanning tree module: Allows linking of servers using the spanning # Spanning tree module: Allows linking of servers using the spanning
# tree protocol (see the READ THIS BIT section above). # tree protocol (see the READ THIS BIT section above).
# You will almost always want to load this. # You will almost always want to load this.
# #
<module name="m_spanningtree.so"> <module name="m_spanningtree.so">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# CBAN module: This module adds the /CBAN command which allows server
# operators to prevent channels matching a glob from being created.
<module name="cban">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Websocket module: allow websocket clients to connect
<module name="websocket">
<wsorigin allow="https://irc.{{ external_domain }}">

2
roles/IRC/templates/inspircd/motd.txt.j2
View File

@@ -31,7 +31,7 @@ You should check which channels you want to join.
Type the following to get a list: Type the following to get a list:
/list /list
You will need to request an AniNIX/Sora LDAP You will need to request an AniNIX/Password LDAP
account from an op or founder in #lobby to be account from an op or founder in #lobby to be
able to log in. If you already have an account, able to log in. If you already have an account,
use the following to authenticate: use the following to authenticate:

2
roles/IRC/templates/inspircd/opers.conf.j2
View File

@@ -8,5 +8,5 @@
# Operators are tracked in the vault. # Operators are tracked in the vault.
{% for oper in secrets['IRC']['opers'] %} {% for oper in secrets['IRC']['opers'] %}
<oper name="{{ oper }}" password="{{ secrets['IRC']['opers'][oper] }}" hash="sha256" host="*@127.0.0.1 *@10.0.1.* *@localhost *@aninix.net" type="NetAdmin"> <oper name="{{ oper }}" password="{{ secrets['IRC']['opers'][oper] }}" hash="sha256" host="*@127.0.0.1 *@10.0.1.* *@localhost *@{{ external_domain }}" type="NetAdmin" maxchans="60">
{% endfor %} {% endfor %}

36
roles/IRC/templates/kiwiirc/client.json.j2 Normal file
View File

@@ -0,0 +1,36 @@
{
"windowTitle": "{{ organization['displayname'] }}/IRC | Web IRC client",
"startupScreen": "welcome",
"kiwiServer": "https://irc.{{ external_domain }}/webirc/websocket/",
"restricted": true,
"hideSettings": false,
"hideAdvancedSettings": true,
"theme": "Dark",
"themes": [
{ "name": "Default", "url": "static/themes/default" },
{ "name": "Dark", "url": "static/themes/dark" },
{ "name": "Coffee", "url": "static/themes/coffee" },
{ "name": "GrayFox", "url": "static/themes/grayfox" },
{ "name": "Nightswatch", "url": "static/themes/nightswatch" },
{ "name": "Osprey", "url": "static/themes/osprey" },
{ "name": "Radioactive", "url": "static/themes/radioactive" },
{ "name": "Sky", "url": "static/themes/sky" },
{ "name": "Elite", "url": "static/themes/elite" }
],
"startupOptions" : {
"infoContent": "<img src='https://{{ external_domain }}/assets/img/AniNIX.png' style='width:100%;height:auto;' /><h3>{{ organization['displayname'] }}/IRC</h3>Log in with your AniNIX account.",
"channel": "#lobby",
"nick": "Guest?",
"server": "irc.{{ external_domain }}",
"direct_path": "/websocket/",
"port": 443,
"direct": true,
"tls": true
},
"embedly": {
"key": ""
},
"plugins": [
{ "name": "customise", "url": "static/plugins/customise.html" }
]
}

259
roles/IRC/templates/kiwiirc/config.js.j2
View File

@@ -1,259 +0,0 @@
var conf = {};
// Run the Kiwi server under a different user/group
conf.user = "ircd";
conf.group = "ircd";
// Log file location
conf.log = "kiwi.log";
/*
* Server listen blocks
*/
// Do not edit this line!
conf.servers = [];
// Example server block
conf.servers.push({
port: 7778,
address: "127.0.0.1"
});
// Example SSL server block
//conf.servers.push({
// port: 7777,
// address: "0.0.0.0",
//
// ssl: true,
// ssl_key: "server.key",
// ssl_cert: "cert.pem"
//});
// Network interface for outgoing connections
conf.outgoing_address = {
IPv4: '0.0.0.0'
//IPv6: '::'
};
// Do we want to enable the built in Identd server?
conf.identd = {
enabled: false,
port: 113,
address: "0.0.0.0"
};
// Where the client files are
conf.public_http = "client/";
// Transports available to the client.
// Behind an Apache reverse proxy? Uncomment the below - Apache does not support websockets!
//conf.client_transports = ['polling'];
// Max connections per connection. 0 to disable
conf.max_client_conns = 5;
// Max connections per server. 0 to disable.
// Setting is ignored if:
// - There is a WEBIRC password configured for the server,
// - Kiwi is configured to send the client's ip as a username for the server, or
// - Kiwi is running in restricted server mode.
conf.max_server_conns = 0;
/*
* Default encoding to be used by the server
* As specified and limited to iconv-lite library support.
*/
conf.default_encoding = 'utf8';
/*
* Default GECOS (real name) for IRC connections
* %n will be replaced with the users nick
* %h will be replaced with the users hostname
*/
conf.default_gecos = '%n@%h is using a Web IRC client';
/*
* Default ident / username for IRC connections
* %n will be replaced with the users nick
* %h will be replaced with the users hostname
* %i will be replaced with a hexed value of the users IP
*/
conf.default_ident = '%i';
/*
* Default quit message
* If a browser gets disconnected without sending a QUIT command, this
* message will be used instead.
*/
conf.quit_message = 'http://www.kiwiirc.com/ - A hand-crafted IRC client';
/*
* Auto reconnect if the IRC server disconnects a kiwi user
* Hundreds of connected users getting disconnected then reconnecting at once may see
* high CPU usage causing further dropouts. Set to false if under high usage.
*/
conf.ircd_reconnect = true;
/*
* Client side plugins
* Array of URLs that will be loaded into the browser when the client first loads up
* See http://github.com/prawnsalad/KiwiIRC/wiki/Client-plugins
*/
conf.client_plugins = [
// "http://server.com/kiwi/plugins/myplugin.html"
];
// Directory to find the server modules
conf.module_dir = "../server_modules/";
// Which modules to load
conf.modules = [
// Open a TCP port to control the Kiwi server (default port 8888)
// "control",
// Automatically reload CSS files when a theme changes
// "client_file_watcher",
];
// WebIRC password enabled for this server
conf.webirc_pass = "";
// Use the above *OR* the below webirc_pass option
// Multiple WebIRC passwords may be used for multiple servers
//conf.webirc_pass = {
// "irc.network.com": "configured_webirc_password",
// "127.0.0.1": "foobar"
//};
// Whether to verify IRC servers' SSL certificates against built-in well-known certificate authorities
conf.reject_unauthorised_certificates = false;
/*
* Reverse proxy settings
* Reverse proxies that have been reported to work can be found at:
* https://kiwiirc.com/docs/installing/proxies
*/
// Whitelisted HTTP proxies in CIDR format
conf.http_proxies = ["127.0.0.1/32"];
// Header that contains the real-ip from the HTTP proxy
conf.http_proxy_ip_header = "x-forwarded-for";
// Base HTTP path to the KIWI IRC client (eg. /kiwi)
conf.http_base_path = "/kiwi";
/*
* SOCKS (version 5) proxy settings
* This feature is only available on node 0.10.0 and above.
* Do not enable it if you're running 0.8 or below or Bad Things will happen.
*/
conf.socks_proxy = {};
// Enable proxying outbound connections through a SOCKS proxy
conf.socks_proxy.enabled = false;
// Proxy *all* outbound connections through a SOCKS proxy
conf.socks_proxy.all = false;
// Use SOCKS proxy for these hosts only (if conf.sock_proxy.all === false)
conf.socks_proxy.proxy_hosts = [
"irc.{{ external_domain }}"
];
// Host and port for the SOCKS proxy
conf.socks_proxy.address = '127.0.0.1';
conf.socks_proxy.port = 1080;
// Username and password for the SOCKS proxy
// Set user to null to disable password authentication
conf.socks_proxy.user = null;
conf.socks_proxy.pass = null;
// Default settings for the client. These may be changed in the browser
conf.client = {
server: 'localhost',
port: 6667,
ssl: false,
channel: '#lobby',
channel_key: '',
nick: 'kiwi_?',
settings: {
theme: 'cli',
text_theme: 'default',
channel_list_style: 'tabs',
scrollback: 250,
show_joins_parts: true,
show_timestamps: false,
use_24_hour_timestamps: true,
mute_sounds: false,
show_emoticons: true,
ignore_new_queries: false,
count_all_activity: false,
show_autocomplete_slideout: true,
locale: null // null = use the browser locale settings
},
window_title: '{{ organization['displayname'] }}/IRC | KiwiIRC Webchat'
};
// List of themes available for the user to choose from
conf.client_themes = [
'relaxed',
'mini',
'cli',
'basic'
];
// If set, the client may only connect to this 1 IRC server
conf.restrict_server = "127.0.0.1";
conf.restrict_server_port = 6667;
conf.restrict_server_ssl = false;
//conf.restrict_server_password = "";
/*
* If running multiple kiwi servers you may specify them here.
* Note: All kiwi servers must have the same conf.http_base_path config option.
*
* To force the client to connect to one other kiwi server, use:
* conf.client.kiwi_server = 'https://kiwi-server2.com';
*
* To force the client to connect to a random kiwi server from a list, use:
* conf.client.kiwi_server = ['https://kiwi-server1.com', 'https://kiwi-server2.com'];
*/
//conf.client.kiwi_server = '';
/*
* Do not amend the below lines unless you understand the changes!
*/
module.exports.production = conf;

33
roles/Maat/files/aur.list
View File

@@ -1,77 +1,56 @@
https://aur.archlinux.org/acidrip.git https://aur.archlinux.org/acidrip.git
https://aur.archlinux.org/aide.git https://aur.archlinux.org/aide.git
https://aur.archlinux.org/animecheck-git.git
https://aur.archlinux.org/anope.git https://aur.archlinux.org/anope.git
https://aur.archlinux.org/ascii-invaders.git https://aur.archlinux.org/ascii-invaders.git
https://aur.archlinux.org/autopsy.git https://aur.archlinux.org/autopsy.git
https://aur.archlinux.org/brave-bin.git
https://aur.archlinux.org/brother-mfc-j430w.git https://aur.archlinux.org/brother-mfc-j430w.git
https://aur.archlinux.org/brscan4.git https://aur.archlinux.org/brscan4.git
https://aur.archlinux.org/carbonyl-bin.git https://aur.archlinux.org/carbonyl-bin.git
https://aur.archlinux.org/castnow-git.git https://aur.archlinux.org/castnow-git.git
https://aur.archlinux.org/ccrypt.git https://aur.archlinux.org/ccrypt.git
https://aur.archlinux.org/chromium-pepper-flash.git
https://aur.archlinux.org/defcon.git
https://aur.archlinux.org/discord-cli-git.git
https://aur.archlinux.org/discord-irc.git https://aur.archlinux.org/discord-irc.git
https://aur.archlinux.org/downgrader.git
https://aur.archlinux.org/dotnet-core-bin.git https://aur.archlinux.org/dotnet-core-bin.git
https://aur.archlinux.org/dotnet-runtime-bin.git
https://aur.archlinux.org/freeme2.git https://aur.archlinux.org/freeme2.git
https://aur.archlinux.org/genymotion.git https://aur.archlinux.org/genymotion.git
https://aur.archlinux.org/gnome-alsamixer.git https://aur.archlinux.org/gnome-alsamixer.git
https://aur.archlinux.org/google-chrome.git https://aur.archlinux.org/google-chrome.git
https://aur.archlinux.org/google-earth.git
https://aur.archlinux.org/googlecl.git https://aur.archlinux.org/googlecl.git
https://aur.archlinux.org/googler.git https://aur.archlinux.org/googler.git
https://aur.archlinux.org/graylog.git https://aur.archlinux.org/graylog.git
https://aur.archlinux.org/graylog-collector-sidecar.git https://aur.archlinux.org/graylog-collector-sidecar.git
https://aur.archlinux.org/gsa.git
https://aur.archlinux.org/gstreamer0.10-ffmpeg.git
https://aur.archlinux.org/gtk-xfce-engine.git https://aur.archlinux.org/gtk-xfce-engine.git
https://aur.archlinux.org/gvmd.git
https://aur.archlinux.org/gyazo.git https://aur.archlinux.org/gyazo.git
https://aur.archlinux.org/helloworld.git
https://aur.archlinux.org/injection.git https://aur.archlinux.org/injection.git
https://aur.archlinux.org/inspircd.git https://aur.archlinux.org/inspircd.git
https://aur.archlinux.org/irker.git https://aur.archlinux.org/irker.git
https://aur.archlinux.org/jmtpfs.git https://aur.archlinux.org/jmtpfs.git
https://aur.archlinux.org/jpcsp.git
https://aur.archlinux.org/js.git https://aur.archlinux.org/js.git
https://aur.archlinux.org/kpcli.git https://aur.archlinux.org/kiwiirc-server-bin.git
https://aur.archlinux.org/lib32-glib.git
https://aur.archlinux.org/libdaq.git https://aur.archlinux.org/libdaq.git
https://aur.archlinux.org/libdwarf-20140413.git https://aur.archlinux.org/libdwarf-20140413.git
https://aur.archlinux.org/libiconv.git
https://aur.archlinux.org/maya.git
https://aur.archlinux.org/meshlab.git
https://aur.archlinux.org/mkinitcpio-dropbear.git https://aur.archlinux.org/mkinitcpio-dropbear.git
https://aur.archlinux.org/mkinitcpio-netconf.git https://aur.archlinux.org/mkinitcpio-netconf.git
https://aur.archlinux.org/mkinitcpio-utils.git https://aur.archlinux.org/mkinitcpio-utils.git
https://aur.archlinux.org/mpir.git https://aur.archlinux.org/mpir.git
https://aur.archlinux.org/mongodb-bin.git https://aur.archlinux.org/mongodb-bin.git
https://aur.archlinux.org/mongodb-tools-bin.git https://aur.archlinux.org/mongodb-tools-bin.git
https://aur.archlinux.org/mongosh-bin.git
https://aur.archlinux.org/nordvpn-bin.git https://aur.archlinux.org/nordvpn-bin.git
https://aur.archlinux.org/oinkmaster.git https://aur.archlinux.org/oinkmaster.git
https://aur.archlinux.org/openresty.git https://aur.archlinux.org/openresty.git
https://aur.archlinux.org/openvas-scanner.git
https://aur.archlinux.org/openvisualtraceroute.git https://aur.archlinux.org/openvisualtraceroute.git
https://aur.archlinux.org/ospd.git https://aur.archlinux.org/ospd.git
https://aur.archlinux.org/ospd-openvas.git
https://aur.archlinux.org/ossec-local.git
https://aur.archlinux.org/pwm.git
https://aur.archlinux.org/pcmciautils.git https://aur.archlinux.org/pcmciautils.git
https://aur.archlinux.org/pdfshuffler.git
https://aur.archlinux.org/pear-net-ldap2.git https://aur.archlinux.org/pear-net-ldap2.git
https://aur.archlinux.org/perl-clipboard.git https://aur.archlinux.org/perl-clipboard.git
https://aur.archlinux.org/perl-crypt-rijndael.git https://aur.archlinux.org/perl-crypt-rijndael.git
https://aur.archlinux.org/perl-expect.git https://aur.archlinux.org/perl-expect.git
https://aur.archlinux.org/perl-file-keepass.git
https://aur.archlinux.org/perl-net-sftp-foreign.git https://aur.archlinux.org/perl-net-sftp-foreign.git
https://aur.archlinux.org/perl-php-serialization.git https://aur.archlinux.org/perl-php-serialization.git
https://aur.archlinux.org/perl-sys-mmap.git https://aur.archlinux.org/perl-sys-mmap.git
https://aur.archlinux.org/perl-term-shellui.git https://aur.archlinux.org/perl-term-shellui.git
https://aur.archlinux.org/php-pear.git https://aur.archlinux.org/php-pear.git
https://aur.archlinux.org/php-zts.git
https://aur.archlinux.org/pm-utils.git https://aur.archlinux.org/pm-utils.git
https://aur.archlinux.org/powerpanel.git https://aur.archlinux.org/powerpanel.git
https://aur.archlinux.org/python-aiohttp.git https://aur.archlinux.org/python-aiohttp.git
@@ -92,16 +71,14 @@ https://aur.archlinux.org/savage.git
https://aur.archlinux.org/self-service-password.git https://aur.archlinux.org/self-service-password.git
https://aur.archlinux.org/smarty3.git https://aur.archlinux.org/smarty3.git
https://aur.archlinux.org/suricata.git https://aur.archlinux.org/suricata.git
https://aur.archlinux.org/swfdec.git https://aur.archlinux.org/tor-browser-bin.git
https://aur.archlinux.org/swfdec-gnome.git
https://aur.archlinux.org/systemdjournal2gelf.git
https://aur.archlinux.org/tor-browser-en.git
https://aur.archlinux.org/trid.git https://aur.archlinux.org/trid.git
https://aur.archlinux.org/tt-rss-auth-ldap-git.git https://aur.archlinux.org/tt-rss-auth-ldap-git.git
https://aur.archlinux.org/udisks.git https://aur.archlinux.org/udisks.git
https://aur.archlinux.org/undvd.git https://aur.archlinux.org/undvd.git
https://aur.archlinux.org/uniglot.git https://aur.archlinux.org/uniglot.git
https://aur.archlinux.org/unvanquished.git https://aur.archlinux.org/unvanquished.git
https://aur.archlinux.org/unvanquished-data.git
https://aur.archlinux.org/vbam-gtk.git https://aur.archlinux.org/vbam-gtk.git
https://aur.archlinux.org/xfce4-mixer.git https://aur.archlinux.org/xfce4-mixer.git
https://aur.archlinux.org/xorg-server-utils.git https://aur.archlinux.org/xorg-server-utils.git

14
roles/Maat/files/pacoloco.yaml
View File

@@ -1,14 +0,0 @@
port: 9129
download_timeout: 3600 # download will timeout after 3600 seconds
cache_dir: /var/cache/pacoloco
purge_files_after: 360000 # 360000 seconds or 100 hours, 0 to disable
repos:
archlinux:
urls:
- http://mirrors.gigenet.com/archlinux/
- http://mnvoip.mm.fcix.net/archlinux/
- http://mirrors.kernel.org/archlinux/
- http://ftp.osuosl.org/pub/archlinux/
- https://mnvoip.mm.fcix.net/archlinux/
- http://southfront.mm.fcix.net/archlinux/
user_agent: Pacoloco

8
roles/Maat/tasks/main.yml
View File

@@ -17,6 +17,7 @@
- name: Maat configuration - name: Maat configuration
become: yes become: yes
register: aurlist
copy: copy:
src: aur.list src: aur.list
dest: /usr/local/etc/Maat/aur.list dest: /usr/local/etc/Maat/aur.list
@@ -28,6 +29,13 @@
state: restarted state: restarted
enabled: yes enabled: yes
- name: Start Maat build cycle
become: yes
when: aurlist.changed
service:
name: maat.service
state: started
- name: Generate mirrorlist - name: Generate mirrorlist
delegate_to: localhost delegate_to: localhost
run_once: yes run_once: yes

16
roles/Nazara/README.md
View File

@@ -1,16 +0,0 @@
A Nazara host is a gateway to accessing other hosts. It is a safeguard against admin error.
## Etymology
Nazara hosts are named because they are the first line of defense against administrative error -- they prevent admins from being locked out of correcting their changes and are connected to everything in the ecosystem. They also control DNS, which allows a sort of subliminal control of the entire ecosystem. This is akin to the mastermind [Reaper AI](https://masseffect.fandom.com/wiki/Sovereign) from the Mass Effect franchise, and in fact can be the extinction of any DNS-enabled malware in the ecosystem by sinkholing the Command-and-Control.
## Capacity and Components
A Nazara host needs minimal CPU or memory.
## Hosted Services and Entities
Nazara should host a Pihole installation and [SSH](../Services/SSH.md). It should be NAT'ed to an obscure port to the outside world.
## Connections
Any host should be able to connect to a Nazara with SSH and X11, and it should be able to dial to any service provider.
## Additional Reference
Nazara hosts should be deployed alongside any Hypervisor. They can be as simple as a Pi-hole with SSH access, and they should be allowed to receive SSH connections from a non-tcp/22/ssh port.

8
roles/Node/tasks/main.yml
View File

@@ -61,3 +61,11 @@
when: qemubr.changed or br0.changed when: qemubr.changed or br0.changed
debug: debug:
msg: You may need to restart VMs on the Node. msg: You may need to restart VMs on the Node.
- name: Enable VMs
become: yes
with_items: "{{ active_vms }}"
service:
name: "{{ item }}-vm.service"
state: started
enabled: yes

14
roles/Node/templates/vm.service.j2
View File

@@ -1,14 +0,0 @@
[Unit]
Description=AniNIX/{{ inventory_hostname }}
After=network.target
[Service]
ExecStart=/usr/sbin/qemu-system-x86_64 -name AniNIX/{{ inventory_hostname }} -machine type=pc,accel=kvm -bios /usr/share/edk2-ovmf/x64/OVMF.fd -cpu host -smp {{ cores }} {{ disks }} -net nic,macaddr={{ mac }},model=virtio -net bridge,br={{ bridge }} -vga std -nographic -vnc :{{ vnc }} -m size={{ memory }}G -device virtio-rng-pci
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
Restart=always
User=root
Group=root
[Install]
WantedBy=multi-user.target

19
roles/Password/README.md Normal file
View File

@@ -0,0 +1,19 @@
Sora is the [LDAP](https://en.wikipedia.org/wiki/LDAP)-enabled central credential store of the AniNIX -- end users will have accounts here.
# Etymology
A password is a ubiquitous method of asymmetric authentication. Militaries will use simple challenges & passwords to authenticate individuals b
# Relevant Files and Software
Most of the configuration initially is handled by the [https://aninix.net/foundation/ConfigPackages ConfigPackages'] Sora Makefile.
We use [file:///etc/openldap/users.d](a users.d) folder to hold the default user definitions. uidNumber should generally start from 10000 and the .ldif files should never be deleted to track the maximum uidNumber.
# Available Clients
Most services on AniNIX, ranging from SSH & IRC to web services like AniNIX/Foundation and AniNIX/Singularity, are LDAP clients. Our exceptions are below:
* MediaWiki (LDAP dropped out of support)
* AniNIX/Superintendent (client path not yet identified)
# Equivalents or Competition
Both Google and Facebook offer distributed authentication systems. Google in particular is a good equivalent, as some of the services used by this network rely on its authentication for various products it provides internally.
The AniNIX is not presently set up or planning to do distributed authentication.

3
roles/Password/bin/sora-dump-config Executable file
View File

@@ -0,0 +1,3 @@
#!/bin/bash
slapcat -a "(!(entryDN:dnSubtreeMatch:=ou=People,dc=aninix,dc=net))"

19
roles/Password/files/nsswitch.conf Normal file
View File

@@ -0,0 +1,19 @@
# Begin /etc/nsswitch.conf
passwd: files ldap
group: files ldap
shadow: files ldap
publickey: files
hosts: files dns myhostname
networks: files
protocols: files
services: files
ethers: files
rpc: files
netgroup: files
# End /etc/nsswitch.conf

12
roles/Password/files/pam.d/atd Normal file
View File

@@ -0,0 +1,12 @@
#%PAM-1.0
auth required pam_unix.so
auth required pam_env.so
account required pam_access.so
account required pam_unix.so
account required pam_time.so
session required pam_loginuid.so
session required pam_limits.so
session required pam_unix.so

6
roles/Password/files/pam.d/chfn Normal file
View File

@@ -0,0 +1,6 @@
#%PAM-1.0
auth sufficient pam_rootok.so
auth required pam_unix.so
account required pam_unix.so
session required pam_unix.so
password required pam_permit.so

4
roles/Password/files/pam.d/chpasswd Normal file
View File

@@ -0,0 +1,4 @@
#%PAM-1.0
auth sufficient pam_rootok.so
account required pam_permit.so
password include system-auth

6
roles/Password/files/pam.d/chsh Normal file
View File

@@ -0,0 +1,6 @@
#%PAM-1.0
auth sufficient pam_rootok.so
auth required pam_unix.so
account required pam_unix.so
session required pam_unix.so
password required pam_permit.so

11
roles/Password/files/pam.d/crond Normal file
View File

@@ -0,0 +1,11 @@
#
# The PAM configuration file for the cron daemon
#
#
# Although no PAM authentication is called, auth modules
# are used for credential setting
auth include system-auth
account required pam_access.so
account include system-auth
session required pam_loginuid.so
session include system-auth

3
roles/Password/files/pam.d/cups Normal file
View File

@@ -0,0 +1,3 @@
auth required pam_unix.so
account required pam_unix.so
session required pam_unix.so

4
roles/Password/files/pam.d/groupmems Normal file
View File

@@ -0,0 +1,4 @@
#%PAM-1.0
auth sufficient pam_rootok.so
account required pam_permit.so
password include system-auth

7
roles/Password/files/pam.d/login Normal file
View File

@@ -0,0 +1,7 @@
#%PAM-1.0
auth requisite pam_nologin.so
auth include system-local-login
account include system-local-login
session include system-local-login
password include system-local-login

4
roles/Password/files/pam.d/newusers Normal file
View File

@@ -0,0 +1,4 @@
#%PAM-1.0
auth sufficient pam_rootok.so
account required pam_permit.so
password include system-auth

9
roles/Password/files/pam.d/other Normal file
View File

@@ -0,0 +1,9 @@
#%PAM-1.0
auth required pam_deny.so
auth required pam_warn.so
account required pam_deny.so
account required pam_warn.so
password required pam_deny.so
password required pam_warn.so
session required pam_deny.so
session required pam_warn.so

5
roles/Password/files/pam.d/passwd Normal file
View File

@@ -0,0 +1,5 @@
#%PAM-1.0
#password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3
#password required pam_unix.so sha512 shadow use_authtok
password sufficient pam_ldap.so
password required pam_unix.so sha512 shadow nullok

4
roles/Password/files/pam.d/passwd.pacnew Normal file
View File

@@ -0,0 +1,4 @@
#%PAM-1.0
auth include system-auth
account include system-auth
password include system-auth

3
roles/Password/files/pam.d/postgresql Normal file
View File

@@ -0,0 +1,3 @@
auth required pam_unix.so
account required pam_unix.so
session required pam_unix.so

8
roles/Password/files/pam.d/remote Normal file
View File

@@ -0,0 +1,8 @@
#%PAM-1.0
auth required pam_securetty.so
auth requisite pam_nologin.so
auth include system-remote-login
account include system-remote-login
session include system-remote-login
password include system-remote-login

13
roles/Password/files/pam.d/rlogin Normal file
View File

@@ -0,0 +1,13 @@
#%PAM-1.0
# For root login to succeed here with pam_securetty, "rlogin" must be
# listed in /etc/securetty.
auth required pam_nologin.so
auth required pam_securetty.so
auth required pam_env.so
auth sufficient pam_rhosts.so
auth include system-auth
account include system-auth
password include system-auth
session optional pam_keyinit.so force revoke
session required pam_loginuid.so
session include system-auth

11
roles/Password/files/pam.d/rsh Normal file
View File

@@ -0,0 +1,11 @@
#%PAM-1.0
# For root login to succeed here with pam_securetty, "rsh" must be
# listed in /etc/securetty.
auth required pam_nologin.so
auth required pam_securetty.so
auth required pam_env.so
auth required pam_rhosts.so
account include system-auth
session optional pam_keyinit.so force revoke
session required pam_loginuid.so
session include system-auth

4
roles/Password/files/pam.d/runuser Normal file
View File

@@ -0,0 +1,4 @@
#%PAM-1.0
auth sufficient pam_rootok.so
session include system-login

4
roles/Password/files/pam.d/runuser-l Normal file
View File

@@ -0,0 +1,4 @@
#%PAM-1.0
auth sufficient pam_rootok.so
session include system-login

1
roles/Password/files/pam.d/screen Normal file
View File

@@ -0,0 +1 @@
auth required pam_unix.so

6
roles/Password/files/pam.d/sshd Normal file
View File

@@ -0,0 +1,6 @@
#%PAM-1.0
auth include system-remote-login
account include system-remote-login
password include system-remote-login
session include system-remote-login

6
roles/Password/files/pam.d/sssd-shadowutils Normal file
View File

@@ -0,0 +1,6 @@
#%PAM-1.0
auth [success=done ignore=ignore default=die] pam_unix.so nullok try_first_pass
auth required pam_deny.so
account required pam_unix.so
account required pam_permit.so

14
roles/Password/files/pam.d/su Normal file
View File

@@ -0,0 +1,14 @@
#%PAM-1.0
auth sufficient pam_ldap.so
auth sufficient pam_rootok.so
# Uncomment the following line to implicitly trust users in the "wheel" group.
#auth sufficient pam_wheel.so trust use_uid
# Uncomment the following line to require a user to be in the "wheel" group.
#auth required pam_wheel.so use_uid
auth required pam_unix.so use_first_pass
account sufficient pam_ldap.so
account required pam_unix.so
session sufficient pam_ldap.so
session required pam_unix.so

12
roles/Password/files/pam.d/su-l Normal file
View File

@@ -0,0 +1,12 @@
#%PAM-1.0
auth sufficient pam_rootok.so
# Uncomment the following line to implicitly trust users in the "wheel" group.
#auth sufficient pam_wheel.so trust use_uid
# Uncomment the following line to require a user to be in the "wheel" group.
#auth required pam_wheel.so use_uid
auth sufficient pam_ldap.so
auth required pam_unix.so use_first_pass
account sufficient pam_ldap.so
account required pam_unix.so
session sufficient pam_ldap.so
session required pam_unix.so

10
roles/Password/files/pam.d/su-l.pacnew Normal file
View File

@@ -0,0 +1,10 @@
#%PAM-1.0
auth sufficient pam_rootok.so
# Uncomment the following line to implicitly trust users in the "wheel" group.
#auth sufficient pam_wheel.so trust use_uid
# Uncomment the following line to require a user to be in the "wheel" group.
#auth required pam_wheel.so use_uid
auth required pam_unix.so
account required pam_unix.so
session required pam_unix.so
password include system-auth

Some files were not shown because too many files have changed in this diff Show More