Add src/; Change README.md

src/etc/acme-client.conf

@@ -0,0 +1,22 @@
+#
+# $OpenBSD: acme-client.conf,v 1.4 2017/03/22 11:14:14 benno Exp $
+#
+authority letsencrypt {
+	agreement url "https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf"
+	api url "https://acme-v01.api.letsencrypt.org/directory"
+	account key "/etc/acme/letsencrypt-privkey.pem"
+}
+
+authority letsencrypt-staging {
+	agreement url "https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf"
+	api url "https://acme-staging.api.letsencrypt.org/directory"
+	account key "/etc/acme/letsencrypt-staging-privkey.pem"
+}
+
+domain freedns.afraid.org {
+#	alternative names { acolyte.vedetta.lan }
+	domain key "/etc/ssl/acme/private/freedns.afraid.org.key"
+	domain certificate "/etc/ssl/acme/freedns.afraid.org.crt"
+	domain full chain certificate "/etc/ssl/acme/freedns.afraid.org.fullchain.pem"
+	sign with letsencrypt
+}

src/etc/acme/letsencrypt-privkey.pem

@@ -0,0 +1,3 @@
+-----BEGIN PRIVATE KEY-----
+OpenBSD
+-----END PRIVATE KEY-----

src/etc/authpf/authpf.allow

@@ -0,0 +1 @@
+hauth

src/etc/authpf/authpf.message

@@ -0,0 +1,3 @@
+
+(*) You have internet access to the following ports:
+

src/etc/authpf/authpf.problem

@@ -0,0 +1 @@
+Account problems can be addressed to admin@acolyte.vedetta.lan

src/etc/authpf/users/hauth/authpf.message

@@ -0,0 +1,5 @@
+
+(*) LAN/WLAN access granted on the following ports:
+    all
+(*) Internet access granted on the following ports:
+    ssh, ftp, xmpp-client, pop3s, imaps, smtps, whois

src/etc/authpf/users/hauth/authpf.rules

@@ -0,0 +1,10 @@
+# hauth's rules
+inet_ports="ssh ftp xmpp-client pop3s imaps smtps whois"
+
+pass in log on { lan wlan vether } proto tcp \
+ from $user_ip to !(self:network) port { $inet_ports } \
+ tag AUTHPF_INET
+pass in log on { enc tun } proto tcp \
+ from $user_ip to !(self:network) port { $inet_ports } \
+ keep state (if-bound) \
+ tag AUTHPF_INET

src/etc/boot.conf

@@ -0,0 +1,3 @@
+# For APU2
+stty com0 115200
+set tty com0

src/etc/dhclient.conf

@@ -0,0 +1,8 @@
+interface "em0"
+ {
+  send host-name "acolyte.vedetta.lan";
+  supersede host-name "acolyte.vedetta.lan";
+  ignore domain-name;
+  ignore domain-name-servers;
+  supersede dhcp-lease-time 180;
+ }

src/etc/dhcp6s.conf

@@ -0,0 +1 @@
+option domain-name-servers fd80:1fe9:fcee:1337::ace:face;

src/etc/dhcpd.conf

@@ -0,0 +1,47 @@
+authoritative;
+option domain-name "vedetta.lan";
+option domain-name-servers 10.10.10.10;
+option ntp-servers 192.168.0.1;
+
+shared-network LAN-EM1 {
+	subnet 172.16.0.0 netmask 255.255.255.0 {
+		option routers 172.16.0.1;
+		option broadcast-address 172.16.0.255;
+		option subnet-mask 255.255.255.0;
+		range 172.16.0.100 172.16.0.199;
+		host maria-desktop.vedetta.lan {
+			fixed-address 172.16.0.20;
+			hardware ethernet 00:50:8d:d9:19:32;
+		}
+	}
+}
+
+shared-network LAN-EM2 {
+	subnet 192.168.0.0 netmask 255.255.255.0 {
+		option routers 192.168.0.1;
+		option broadcast-address 192.168.0.255;
+		option subnet-mask 255.255.255.0;
+		range 192.168.0.100 192.168.0.199;
+		host maria-desktop.vedetta.lan {
+			fixed-address 192.168.0.20;
+			hardware ethernet 00:50:8d:d9:19:32;
+		}
+	}
+}
+
+shared-network WLAN-ATHN0 {
+	subnet 10.0.0.0 netmask 255.255.255.0 {
+		option routers 10.0.0.1;
+		option broadcast-address 10.0.0.255;
+		option subnet-mask 255.255.255.0;
+		range 10.0.0.100 10.0.0.199;
+		host horia-mobi {
+			fixed-address 10.0.0.10;
+			hardware ethernet 58:f1:02:19:0b:26;
+		}
+		host maria-tablet {
+			fixed-address 10.0.0.20;
+			hardware ethernet 74:c6:3b:f7:f8:ad;
+		}
+	}
+}

src/etc/fstab

@@ -0,0 +1,12 @@
+85a4b6de12fd2d56.a / ffs rw,softdep,noatime 1 1
+85a4b6de12fd2d56.k /home ffs rw,softdep,noatime,nodev,nosuid 1 2
+#85a4b6de12fd2d56.f /tmp ffs rw,softdep,noatime,nodev,nosuid 1 2
+# mount_mfs /tmp with 256Mb
+swap               /tmp mfs rw,noatime,nodev,nosuid,-s=512000 0 0
+85a4b6de12fd2d56.g /usr ffs rw,softdep,noatime,nodev 1 2
+85a4b6de12fd2d56.h /usr/local ffs rw,softdep,noatime,wxallowed,nodev 1 2
+85a4b6de12fd2d56.j /usr/obj ffs rw,softdep,noatime,nodev,nosuid 1 2
+85a4b6de12fd2d56.i /usr/src ffs rw,softdep,noatime,nodev,nosuid 1 2
+85a4b6de12fd2d56.d /var ffs rw,softdep,noatime,nodev,nosuid 1 2
+85a4b6de12fd2d56.e /var/log ffs rw,softdep,noatime,nodev,nosuid 1 2
+/dev/sd0b none swap sw 0 0

src/etc/group

@@ -0,0 +1,87 @@
+wheel:*:0:root,horia
+daemon:*:1:daemon
+kmem:*:2:root
+sys:*:3:root
+tty:*:4:root
+operator:*:5:root
+bin:*:7:
+wsrc:*:9:
+users:*:10:
+auth:*:11:
+games:*:13:
+staff:*:20:root
+sshd:*:27:
+_portmap:*:28:
+_identd:*:29:
+_rstatd:*:30:
+guest:*:31:root
+_rusersd:*:32:
+_fingerd:*:33:
+_sshagnt:*:34:
+_x11:*:35:
+utmp:*:45:
+_rebound:*:52:
+_unbound:*:53:
+_dpb:*:54:
+_pbuild:*:55:
+_pfetch:*:56:
+_pkgfetch:*:57:
+_pkguntar:*:58:
+_spamd:*:62:
+_radius:*:63:
+_token:*:64:
+_shadow:*:65:
+crontab:*:66:
+www:*:67:
+_isakmpd:*:68:
+network:*:69:
+proxy:*:71:
+authpf:*:72:
+_syslogd:*:73:
+_pflogd:*:74:
+_bgpd:*:75:
+_tcpdump:*:76:
+_dhcp:*:77:
+_mopd:*:78:
+_tftpd:*:79:
+_rbootd:*:80:
+_ppp:*:82:
+_ntp:*:83:
+_ftp:*:84:
+_ospfd:*:85:
+_hostapd:*:86:
+_dvmrpd:*:87:
+_ripd:*:88:
+_relayd:*:89:
+_ospf6d:*:90:
+_snmpd:*:91:
+_rtadvd:*:92:
+_ypldap:*:93:
+_smtpd:*:95:
+_rwalld:*:96:
+_nsd:*:97:
+_ldpd:*:98:
+_sndio:*:99:
+_ldapd:*:100:
+_iked:*:101:
+_iscsid:*:102:
+_smtpq:*:103:
+_file:*:104:
+_radiusd:*:105:
+_eigrpd:*:106:
+_vmd:*:107:
+_tftp_proxy:*:108:
+_ftp_proxy:*:109:
+_sndiop:*:110:
+dialer:*:117:
+nogroup:*:32766:
+nobody:*:32767:
+horia:*:1000:
+hauth:*:1001:
+hsftp:*:1002:
+wobj:*:21:
+_switchd:*:49:
+_traceroute:*:50:
+_ping:*:51:
+_syspatch:*:112:
+_slaacd:*:115:

src/etc/hostname.athn0

@@ -0,0 +1,14 @@
+-inet
+-inet6
+inet 10.0.0.1 255.255.255.0 10.0.0.255
+inet6 2001:470:b35c:cafe::ace:face 64
+inet6 alias fd80:1fe9:fcee:cafe::ace:face 64
+media autoselect
+mode 11g
+mediaopt hostap
+nwid "OpenBSD AP"
+wpakey "secret"
+wpaprotos wpa2
+chan 1
+#-powersave
+up

src/etc/hostname.em0

@@ -0,0 +1,3 @@
+-inet
+-inet6
+dhcp

src/etc/hostname.em1

@@ -0,0 +1,7 @@
+-inet
+-inet6
+inet 172.16.0.1 255.255.255.0 172.16.0.255
+inet6 2001:470:b35c:abba::ace:face 64
+inet6 alias fd80:1fe9:fcee:abba::ace:face 64
+group lan
+up

src/etc/hostname.em2

@@ -0,0 +1,8 @@
+-inet
+-inet6
+inet 192.168.0.1 255.255.255.0 192.168.0.255
+inet6 2001:470:b35c:bead::ace:face 64
+inet6 alias fd80:1fe9:fcee:bead::ace:face 64
+group lan
+group dmz
+up

src/etc/hostname.enc1

@@ -0,0 +1 @@
+up

src/etc/hostname.gif0

@@ -0,0 +1,11 @@
+-inet
+-inet6
+description "Hurricane Electric IPv6 tunnel"
+mtu 1480
+tunnel $(ifconfig egress | awk '$1 ~ /^inet$/{print $2;exit;}') 216.66.38.58
+inet6 2001:470:1c:7b8::2 128
+dest  2001:470:1c:7b8::1
+!route -n add -inet6 default 2001:470:1c:7b8::1
+inet6 alias 2001:470:b35c:ed9e::ace:face 64
+inet6 alias fd80:1fe9:fcee:ed9e::ace:face 64
+!ifconfig $if inet6 delete fe80::6f0:21ff:fe26:dc71

src/etc/hostname.tun0

@@ -0,0 +1 @@
+up

src/etc/hostname.vether0

@@ -0,0 +1,6 @@
+-inet
+-inet6
+lladdr fe:e1:ba:d0:91:13
+inet 10.10.10.10 255.255.255.0 10.10.10.255
+inet6 2001:470:b35c:1337::ace:face 64
+inet6 alias fd80:1fe9:fcee:1337::ace:face 64

src/etc/hosts

@@ -0,0 +1,2 @@
+::1		localhost
+127.0.0.1	localhost

src/etc/httpd.conf

@@ -0,0 +1,40 @@
+# $OpenBSD: httpd.conf,v 1.16 2016/09/17 20:05:59 tj Exp $
+
+#
+# Macros
+#
+
+IPv4="10.10.10.10"
+IPv6="fd80:1fe9:fcee:1337::ace:face"
+
+#
+# Global Options
+#
+
+prefork 3
+
+#
+# Servers
+#
+
+server "freedns.afraid.org" {
+	alias "acolyte.vedetta.lan"
+	listen on $IPv4 port 80
+	listen on $IPv4 tls port 443
+	listen on $IPv6 port 80
+	listen on $IPv6 tls port 443
+	tls certificate "/etc/ssl/acme/freedns.afraid.org.fullchain.pem"
+	tls key "/etc/ssl/acme/private/freedns.afraid.org.key"
+	location "/.well-known/acme-challenge/*" {
+		root "/acme"
+		root strip 2
+	}
+	connection { max requests 500, timeout 3600 }
+	log { access "access.log", error "error.log" }
+	root "/htdocs/freedns.afraid.org"
+}
+
+# Include MIME types instead of the built-in ones
+types {
+	include "/usr/share/misc/mime.types"
+}