60-ioschedulers.rules added

Make rules for the servers manually.

bash_completion.d/autoconf

@@ -0,0 +1 @@
+/usr/share/bash-completion/autoconf

bash_completion.d/automake

@@ -0,0 +1 @@
+/usr/share/bash-completion/automake

bash_completion.d/bzip2

@@ -0,0 +1 @@
+/usr/share/bash-completion/bzip2

bash_completion.d/configure

@@ -0,0 +1 @@
+/usr/share/bash-completion/configure

bash_completion.d/crontab

@@ -0,0 +1 @@
+/usr/share/bash-completion/crontab

bash_completion.d/dd

@@ -0,0 +1 @@
+/usr/share/bash-completion/dd

bash_completion.d/eselect

@@ -0,0 +1 @@
+/usr/share/bash-completion/eselect

bash_completion.d/gcc

@@ -0,0 +1 @@
+/usr/share/bash-completion/gcc

bash_completion.d/gdb

@@ -0,0 +1 @@
+/usr/share/bash-completion/gdb

bash_completion.d/gentoo

@@ -0,0 +1 @@
+/usr/share/bash-completion/gentoo

bash_completion.d/git

@@ -0,0 +1 @@
+/usr/share/bash-completion/git

bash_completion.d/gzip

@@ -0,0 +1 @@
+/usr/share/bash-completion/gzip

bash_completion.d/iconv

@@ -0,0 +1 @@
+/usr/share/bash-completion/iconv

bash_completion.d/layman

@@ -0,0 +1 @@
+/usr/share/bash-completion/layman

bash_completion.d/lsof

@@ -0,0 +1 @@
+/usr/share/bash-completion/lsof

bash_completion.d/lzma

@@ -0,0 +1 @@
+/usr/share/bash-completion/lzma

bash_completion.d/make

@@ -0,0 +1 @@
+/usr/share/bash-completion/make

bash_completion.d/man

@@ -0,0 +1 @@
+/usr/share/bash-completion/man

bash_completion.d/mc

@@ -0,0 +1 @@
+/usr/share/bash-completion/mc

bash_completion.d/mount

@@ -0,0 +1 @@
+/usr/share/bash-completion/mount

bash_completion.d/mpc

@@ -0,0 +1 @@
+/usr/share/bash-completion/mpc

bash_completion.d/mplayer

@@ -0,0 +1 @@
+/usr/share/bash-completion/mplayer

bash_completion.d/nmap

@@ -0,0 +1 @@
+/usr/share/bash-completion/nmap

bash_completion.d/perl

@@ -0,0 +1 @@
+/usr/share/bash-completion/perl

bash_completion.d/pkg-config

@@ -0,0 +1 @@
+/usr/share/bash-completion/pkg-config

bash_completion.d/python

@@ -0,0 +1 @@
+/usr/share/bash-completion/python

bash_completion.d/qemu

@@ -0,0 +1 @@
+/usr/share/bash-completion/qemu

bash_completion.d/screen

@@ -0,0 +1 @@
+/usr/share/bash-completion/screen

bash_completion.d/sh

@@ -0,0 +1 @@
+/usr/share/bash-completion/sh

bash_completion.d/smartctl

@@ -0,0 +1 @@
+/usr/share/bash-completion/smartctl

bash_completion.d/ssh

@@ -0,0 +1 @@
+/usr/share/bash-completion/ssh

bash_completion.d/sshfs

@@ -0,0 +1 @@
+/usr/share/bash-completion/sshfs

bash_completion.d/strace

@@ -0,0 +1 @@
+/usr/share/bash-completion/strace

bash_completion.d/subversion

@@ -0,0 +1 @@
+/usr/share/bash-completion/subversion

bash_completion.d/tar

@@ -0,0 +1 @@
+/usr/share/bash-completion/tar

bash_completion.d/tcpdump

@@ -0,0 +1 @@
+/usr/share/bash-completion/tcpdump

bash_completion.d/unrar

@@ -0,0 +1 @@
+/usr/share/bash-completion/unrar

bash_completion.d/vim

@@ -0,0 +1 @@
+/usr/share/bash-completion/vim

bash_completion.d/wol

@@ -0,0 +1 @@
+/usr/share/bash-completion/wol

bash_completion.d/xz

@@ -0,0 +1 @@
+/usr/share/bash-completion/xz

conf.d/consolefont

@@ -0,0 +1,5 @@
+#CONSOLEFONT="default8x16"
+CONSOLEFONT="cyr-sun16"
+#CONSOLEFONT="ter-k14n"
+#consoletranslation="8859-1_to_uni"
+#unicodemap="iso01"

conf.d/hwclock

@@ -0,0 +1,7 @@
+clock="local"
+timezone="Europe/Moscow"
+srm="no"
+arc="no"
+clock_systohc="YES"
+clock_hctosys="YES"
+clock_args=""

conf.d/keymaps

@@ -0,0 +1,6 @@
+keymap="-u ru"
+windowkeys="YES"
+extended_keymaps=""
+dumpkeys_charset=""
+fix_euro="NO"
+

cron.daily/mlocate

@@ -0,0 +1,51 @@
+#! /bin/sh
+set -e
+
+# check if we run on battery and if so then don't run
+if which on_ac_power >/dev/null 2>&1; then
+	ON_BATTERY=0
+	on_ac_power >/dev/null 2>&1 || ON_BATTERY=$?
+	if [ "${ON_BATTERY}" -eq 1 ]; then
+			exit 0
+	fi
+fi
+
+# check if we are already running (lockfile)
+LOCKFILE="/var/lock/mlocate.daily.lock"
+if [ -e "${LOCKFILE}" ]; then
+	echo >&2 "Warning: \"${LOCKFILE}\" already present, not running updatedb."
+	exit 1
+fi
+touch "${LOCKFILE}"
+# trap the lockfile only if we really run the updatedb
+trap "rm -f ${LOCKFILE}" EXIT
+
+# source the user specified variables
+if [ -f /etc/mlocate-cron.conf ]; then
+	. /etc/mlocate-cron.conf
+fi
+
+# check the config file
+NODEVS=""
+if [ ! -f /etc/updatedb.conf ]; then
+	NODEVS=$(awk '$1 == "nodev" && $2 != "rootfs" { print $2 }' /proc/filesystems)
+fi
+
+# alter the priority of the updatedb process
+if [ -x /usr/bin/renice ]; then
+	/usr/bin/renice +${NICE:-19} -p $$ > /dev/null 2>&1
+fi
+if [ -x /usr/bin/ionice ] && /usr/bin/ionice -c3 true 2>/dev/null; then
+	/usr/bin/ionice -c${IONICE_CLASS:-2} -n${IONICE_PRIORITY:-7} -p $$ > /dev/null 2>&1
+fi
+
+# Cleanup old temp files from previous unsuccessful runs
+rm -f /var/lib/mlocate/mlocate.db.*
+
+# run the updatedb if possible
+if [ -x /usr/bin/updatedb ]; then
+	/usr/bin/updatedb -f "${NODEVS}"
+else
+	echo >&2 "Warning: \"/usr/bin/updatedb\" is not executable, unable to run updatedb."
+	exit 0
+fi

cron.weekly/logcheck.cron

@@ -0,0 +1,12 @@
+#!/bin/bash
+
+set -e
+
+which logcheck &>/dev/null || exit 0
+
+if [ ! -d /var/lock/logcheck ]; then
+	mkdir -p /var/lock/logcheck
+fi
+chown -R logcheck:logcheck /var/lock/logcheck
+
+su -s /bin/bash -c /usr/sbin/logcheck logcheck

cron.weekly/mlocate

@@ -0,0 +1,51 @@
+#! /bin/sh
+set -e
+
+# check if we run on battery and if so then don't run
+if which on_ac_power >/dev/null 2>&1; then
+	ON_BATTERY=0
+	on_ac_power >/dev/null 2>&1 || ON_BATTERY=$?
+	if [ "${ON_BATTERY}" -eq 1 ]; then
+			exit 0
+	fi
+fi
+
+# check if we are already running (lockfile)
+LOCKFILE="/var/lock/mlocate.daily.lock"
+if [ -e "${LOCKFILE}" ]; then
+	echo >&2 "Warning: \"${LOCKFILE}\" already present, not running updatedb."
+	exit 1
+fi
+touch "${LOCKFILE}"
+# trap the lockfile only if we really run the updatedb
+trap "rm -f ${LOCKFILE}" EXIT
+
+# source the user specified variables
+if [ -f /etc/mlocate-cron.conf ]; then
+	. /etc/mlocate-cron.conf
+fi
+
+# check the config file
+NODEVS=""
+if [ ! -f /etc/updatedb.conf ]; then
+	NODEVS=$(awk '$1 == "nodev" && $2 != "rootfs" { print $2 }' /proc/filesystems)
+fi
+
+# alter the priority of the updatedb process
+if [ -x /usr/bin/renice ]; then
+	/usr/bin/renice +${NICE:-19} -p $$ > /dev/null 2>&1
+fi
+if [ -x /usr/bin/ionice ] && /usr/bin/ionice -c3 true 2>/dev/null; then
+	/usr/bin/ionice -c${IONICE_CLASS:-2} -n${IONICE_PRIORITY:-7} -p $$ > /dev/null 2>&1
+fi
+
+# Cleanup old temp files from previous unsuccessful runs
+rm -f /var/lib/mlocate/mlocate.db.*
+
+# run the updatedb if possible
+if [ -x /usr/bin/updatedb ]; then
+	/usr/bin/updatedb -f "${NODEVS}"
+else
+	echo >&2 "Warning: \"/usr/bin/updatedb\" is not executable, unable to run updatedb."
+	exit 0
+fi

deltup/getdelta.rc

@@ -0,0 +1,64 @@
+
+# we de not get kde-deltas from a delta-up-server, since kde provides own xdelta-files
+KDE_MIRROR="ftp://ftp.kde.org/pub/kde/stable"
+
+# set this to one or more (space separated) URI ending with '/' if you want to check one or more local mirror(s) first
+# most people just leave it empty.
+LOCAL_MIRROR=""
+
+# deltup-server to use
+DELTUP_SERVER="http://linux01.gwdg.de/~nlissne/deltup.php"
+
+# command to use for downloading
+#FETCH="/usr/bin/wget --trust-server-names -t 1 --passive-ftp"
+FETCH="/usr/bin/wget -t 1 --passive-ftp"
+#FETCH="/usr/bin/wget -t 1 --passive-ftp --no-check-certificate"
+
+# number of seconds to wait before a queued request is retried
+QUEUERETRY="15"
+
+# the maximum queuepos you would accept (if higher download full archive instead)
+MAXIMUM_ACCEPTABLE_QUEUEPOS="15"
+
+# when a dtu-request is queued - how long should we wait max. before downloading the original archive instead (in seconds)
+QUEUETIMEOUT="30"
+
+# set to "true", if you want getdelta.sh to use Pkunk's integrity check for the old file before downloading dtu-files
+CHECK_OLD_FILE="true"
+
+# set to "true", if you want getdelta.sh to delete the old file, if patch was succesful
+REMOVE_OLD="true"
+
+# a list of files not to be removed by REMOVE_OLD feature
+DO_NOT_REMOVE="/etc/deltup/do_not_remove"
+
+# set this to "true" if you want getdelta.sh to delete old versions that seems to be corrupt,
+# or to "false" if you want to delete them manually
+# note: getdelta.sh will not use these files anyway
+REMOVE_INCOMPLETE_OLD_FILES="true"
+
+# set to "true", if you want verbose outputs (later to be set to a level [0-3])
+VERBOSITY="true"
+
+# set to "true", if you want colorful messages, "false" if not.
+COLOR="true"
+
+# set to a writable file (or to "/dev/null" if you do not want this) this is not used, if VERBOSITY is false
+LOGFILE="/var/log/getdelta.log"
+
+# set to "true" if you want a temporarily log only (deleted when getdelta is finished)
+DELETE_LOG="true"
+
+# set to "true", if you want messages from this script in a separate window
+# set to "false", if you do not start getdelta.sh from an Xsession or if you 
+#                 do not have permissions to open terminals on the Xserver
+SEPARATED_WINDOW="false"
+
+# the terminal application to use for the separated window
+TERM_APP="aterm -tr -trsb -fg white -bg black -sh 70 -e tail -f "
+
+# the bandwidth in bytes per second. configure this if you want to reduce timeouts on small files
+BANDWIDTH="1"
+
+# command to use for downloading; first parameter is the filename, second the url
+FETCHNAME="$FETCH -O"

eix-sync.conf

@@ -0,0 +1 @@
+*

eixrc/00-eixrc

@@ -0,0 +1,43 @@
+# /etc/eixrc/00-eixrc
+#
+# All non-hidden files in /etc/eixrc
+# (or a subdirectory thereof) are read in alphabetical order.
+#
+# In these files system-wide defaults for variables related to eix can
+# be stored, i.e. the variables set in files override the built-in defaults.
+# Both can be overridden by ~/.eixrc and by environment variables.
+#
+# It is strongly recommended to set here only those variables which you
+# want to *differ* from the built-in defaults (or for which you have a
+# particular reason why the default should never change with an eix update).
+#
+# *Otherwise you might miss changes in the defaults in newer eix versions*
+# which may result in confusing behavior of the eix binaries.
+#
+# If you want to get a file containing the setting of all related variables
+# in the current/defaults state, redirect the output of options --dump
+# or --dump-defaults, respectively.
+#
+# However once more: To avoid unexpected problems
+#
+#   *IT IS NOT RECOMMENDED TO SET _ALL_ VARIABLES* in /etc/eixrc/*
+#
+# Only set those for which you have a reason to do so!
+#
+# For the available variables and their defaults, see the output of the
+# options --dump or --dump-defaults.
+# For more detailed explanations see the manpage of eix.
+PORTDIR_CACHE_METHOD='sqlite'
+OVERLAY_CACHE_METHOD='sqlite'
+
+COLOR_INST_VERSION="white,1;blue|33,1;%{BG1}|black;green|30,1;%{BG3}"
+
+BG0=none;
+BG1=none;
+BG2=none;
+BG3=none;
+
+COLORSCHEME0=0;
+COLORSCHEME1=0;
+COLORSCHEME2=0;
+COLORSCHEME3=0;

env.d/02locale

@@ -0,0 +1,2 @@
+LANG="ru_RU.UTF-8"
+LC_COLLATE="C"

fail2ban/action.d/mail-buffered.local

@@ -0,0 +1,3 @@
+[Definition]
+actionstart =
+actionstop =

fail2ban/action.d/mail-whois-lines.local

@@ -0,0 +1,3 @@
+[Definition]
+actionstart =
+actionstop =

fail2ban/action.d/mail-whois.local

@@ -0,0 +1,3 @@
+[Definition]
+actionstart =
+actionstop =

fail2ban/action.d/mail.conf.local

@@ -0,0 +1,3 @@
+[Definition]
+actionstart =
+actionstop =

fail2ban/action.d/sendmail-buffered.local

@@ -0,0 +1,3 @@
+[Definition]
+actionstart =
+actionstop =

fail2ban/action.d/sendmail-common.local

@@ -0,0 +1,3 @@
+[Definition]
+actionstart =
+actionstop =

fail2ban/action.d/sendmail-whois-lines.local

@@ -0,0 +1,3 @@
+[Definition]
+actionstart =
+actionstop =

fail2ban/action.d/sendmail-whois.local

@@ -0,0 +1,3 @@
+[Definition]
+actionstart =
+actionstop =

fail2ban/filter.d/lighttpd-fastcgi.conf

@@ -0,0 +1,18 @@
+# Fail2Ban configuration file
+#
+# Author: Arturo 'Buanzo' Busleiman <buanzo@buanzo.com.ar>
+#
+
+[Definition]
+
+# Option:  failregex
+# Notes.:  regex to match ALERTS as notified by lighttpd's FastCGI Module
+# Values:  TEXT
+#
+failregex = .*ALERT\ -\ .*attacker\ \'<HOST>\'
+
+# Option:  ignoreregex
+# Notes.:  regex to ignore. If this regex matches, the line is ignored.
+# Values:  TEXT
+#
+ignoreregex = 

fail2ban/filter.d/nginx-auth.conf

@@ -0,0 +1,12 @@
+#
+# Auth filter /etc/fail2ban/filter.d/nginx-auth.conf:
+#
+# Blocks IPs that fail to authenticate using basic authentication
+#
+[Definition]
+ 
+failregex = no user/password was provided for basic authentication.*client: <HOST>
+            user .* was not found in.*client: <HOST>
+            user .* password mismatch.*client: <HOST>
+ 
+ignoreregex =

fail2ban/filter.d/nginx-login.conf

@@ -0,0 +1,9 @@
+#
+# Login filter /etc/fail2ban/filter.d/nginx-login.conf:
+#
+# Blocks IPs that fail to authenticate using web application's log in page
+#
+# Scan access log for HTTP 200 + POST /sessions => failed log in
+[Definition]
+failregex = ^<HOST> -.*POST /sessions HTTP/1\.." 200
+ignoreregex =

fail2ban/filter.d/nginx-noscript.conf

@@ -0,0 +1,10 @@
+# Noscript filter /etc/fail2ban/filter.d/nginx-noscript.conf:
+#
+# Block IPs trying to execute scripts such as .php, .pl, .exe and other funny scripts.
+#
+# Matches e.g.
+# 192.168.1.1 - - "GET /something.php
+#
+[Definition]
+failregex = ^<HOST> -.*GET.*(\.php|\.asp|\.exe|\.pl|\.cgi|\scgi)
+ignoreregex =

fail2ban/filter.d/nginx-proxy.conf

@@ -0,0 +1,10 @@
+# Proxy filter /etc/fail2ban/filter.d/proxy.conf:
+#
+# Block IPs trying to use server as proxy.
+#
+# Matches e.g.
+# 192.168.1.1 - - "GET http://www.something.com/
+#
+[Definition]
+failregex = ^<HOST> -.*GET http.*
+ignoreregex =

fail2ban/jail.local

@@ -0,0 +1,194 @@
+[DEFAULT]
+ignoreip  = 127.0.0.1/8 192.168.1.0/24
+bantime   = 600
+findtime  = 600
+maxretry  = 5
+backend   = auto
+destemail = backbone@backbone.ws
+banaction = iptables-multiport
+mta       = sendmail
+protocol  = tcp
+
+[ssh-iptables]
+enabled  = true
+action   = iptables[name=SSH, port=ssh, protocol=tcp]
+           sendmail-whois[name=SSH, dest=backbone@backbone.ws]
+logpath  = /var/log/messages
+
+[ssh-ddos]
+enabled  = true
+action   = iptables[name=SSHDDOS, port=ssh, protocol=tcp]
+           sendmail-whois[name=SSH-DDOS, dest=backbone@backbone.ws]
+logpath  = /var/log/messages
+
+[pure-ftpd]
+enabled  = true
+action   = iptables[name=pureftpd, port=ftp, protocol=tcp]
+           sendmail-whois[name=Pure-FTPd, dest=backbone@backbone.ws]
+# logpath  = /var/log/pureftpd.log
+logpath  = /var/log/messages
+
+[sendmail-auth]
+enabled  = true
+action   = iptables-multiport[name=sendmail-auth, port="submission,465,smtp", protocol=tcp]
+           sendmail-whois[name=Sendmail-Auth, dest=backbone@backbone.ws]
+logpath  = /var/log/mail.log
+
+[sendmail-reject]
+enabled  = true
+action   = iptables-multiport[name=sendmail-auth, port="submission,465,smtp", protocol=tcp]
+           sendmail-whois[name=Sendmail-Reject, dest=backbone@backbone.ws]
+logpath  = /var/log/mail.log
+
+[nginx-http-auth]
+enabled  = true
+action   = iptables-multiport[name=nginx-http-auth,port="80,443"]
+           sendmail-whois[name=Nginx-Http-Auth, dest=backbone@backbone.ws]
+logpath  = /var/log/nginx/error_log
+
+[squid]
+enabled  = true
+action   = iptables-multiport[name=squid,port="80,443,8080"]
+           sendmail-whois[name=Squid, dest=backbone@backbone.ws]
+logpath  = /var/log/squid/access.log
+
+[postfix-tcpwrapper]
+enabled  = true
+action   = hostsdeny[file=/not/a/standard/path/hosts.deny]
+           sendmail-whois[name=Postfix-TCPWrapper, dest=backbone@backbone.ws]
+logpath  = /var/log/mail.log
+
+[php-url-fopen]
+enabled  = true
+action   = iptables-multiport[name=php-url-open, port="http,https"]
+           sendmail-whois[name=PHP-URL-Fopen, dest=backbone@backbone.ws]
+logpath  = /var/log/lighttpd/access.log
+
+[lighttpd-auth]
+enabled  = true
+action   = iptables-multiport[name=lighttpd-auth, port="http,https"]
+           sendmail-whois[name=Lighttpd-Auth, dest=backbone@backbone.ws]
+logpath  = /var/log/lighttpd/error.log
+
+[named-refused-tcp]
+enabled  = true
+action   = iptables-multiport[name=Named, port="domain,953", protocol=tcp]
+           sendmail-whois[name=Named, dest=backbone@backbone.ws]
+logpath  = /var/log/messages
+
+[nsd]
+enabled  = true
+action   = iptables-multiport[name=nsd-tcp, port="domain", protocol=tcp]
+           iptables-multiport[name=nsd-udp, port="domain", protocol=udp]
+           sendmail-whois[name=Nsd, dest=backbone@backbone.ws]
+logpath  = /var/log/messages
+
+[ejabberd-auth]
+enabled  = true
+action   = iptables[name=ejabberd, port=xmpp-client, protocol=tcp]
+           sendmail-whois[name=Ejabberd-Auth, dest=backbone@backbone.ws]
+logpath  = /var/log/jabber/ejabberd.log
+
+[recidive]
+enabled  = true
+action   = iptables-allports[name=recidive,protocol=all]
+           sendmail-whois[name=Recidive, dest=backbone@backbone.ws]
+bantime  = 86400
+findtime = 86400
+
+[exim]
+enabled  = true
+action   = iptables-multiport[name=exim,port="25,465,587"]
+           sendmail-whois[name=Exim, dest=backbone@backbone.ws]
+logpath  = /var/log/exim/exim_main.log
+
+[exim-spam]
+enabled  = true
+action   = iptables-multiport[name=exim-spam,port="25,465,587"]
+           sendmail-whois[name=Exim-Spam, dest=backbone@backbone.ws]
+logpath  = /var/log/exim/exim_main.log
+
+[perdition]
+enabled  = true
+action   = iptables-multiport[name=perdition,port="110,143,993,995"]
+           sendmail-whois[name=Perdition, dest=backbone@backbone.ws]
+logpath  = /var/log/mail.log
+
+[dovecot]
+enabled  = true
+action   = iptables-multiport[name=dovecot, port="pop3,pop3s,imap,imaps,submission,465,sieve", protocol=tcp]
+           sendmail-whois[name=Dovecot, dest=backbone@backbone.ws]
+logpath  = /var/log/mail.log
+
+[dovecot-auth]
+enabled  = true
+action   = iptables-multiport[name=dovecot-auth, port="pop3,pop3s,imap,imaps,submission,465,sieve", protocol=tcp]
+           sendmail-whois[name=Dovecot-Auth, dest=backbone@backbone.ws]
+logpath  = /var/log/mail.log
+
+[solid-pop3d]
+enabled  = true
+action   = iptables-multiport[name=solid-pop3, port="pop3,pop3s", protocol=tcp]
+           sendmail-whois[name=Solid-POP3d, dest=backbone@backbone.ws]
+logpath  = /var/log/mail.log
+
+[ssh-blocklist]
+enabled  = true
+action   = iptables[name=SSH, port=ssh, protocol=tcp]
+           sendmail-whois[name=SSH-Blocklist, dest=backbone@backbone.ws]
+logpath  = /var/log/messages
+
+# Kolan: Additional filters/rules
+[nginx-auth]
+enabled  = true
+filter   = nginx-auth
+action   = iptables-multiport[name=nginx-auth, port="http,https", protocol=tcp]
+           sendmail-whois[name=Nginx-Auth, dest=backbone@backbone.ws]
+logpath  = /var/log/nginx/localhost.error_log
+bantime  = 3600
+maxretry = 3
+             
+[nginx-login]
+enabled  = true
+filter   = nginx-login
+action   = iptables-multiport[name=nginx-login, port="http,https", protocol=tcp]
+           sendmail-whois[name=Nginx-Login, dest=backbone@backbone.ws]
+logpath  = /var/log/nginx*/*access*log
+bantime  = 600
+maxretry = 6
+             
+[nginx-badbots]
+enabled  = true
+filter   = apache-badbots
+action   = iptables-multiport[name=nginx-badbots, port="http,https", protocol=tcp]
+           sendmail-whois[name=Nginx-BadBots, dest=backbone@backbone.ws]
+logpath  = /var/log/nginx*/*access*log
+bantime  = 86400
+maxretry = 1
+             
+[nginx-noscript]
+enabled  = true
+filter   = nginx-noscript
+action   = iptables-multiport[name=nginx-noscript, port="http,https", protocol=tcp]
+           sendmail-whois[name=Nginx-Noscript, dest=backbone@backbone.ws]
+logpath  = /var/log/nginx*/*access*log
+maxretry = 6
+bantime  = 86400
+
+[nginx-proxy]
+enabled  = true
+filter   = nginx-proxy
+action   = iptables-multiport[name=nginx-proxy, port="http,https", protocol=tcp]
+           sendmail-whois[name=Nginx-Proxy, dest=backbone@backbone.ws]
+logpath  = /var/log/nginx*/*access*log
+maxretry = 0
+bantime  = 86400
+
+[lighttpd-fastcgi]
+enabled  = true
+port     = http,https
+filter   = lighttpd-fastcgi
+action   = iptables-multiport[name=lighttpd-fastcgi, port="http,https", protocol=tcp]
+           sendmail-whois[name=Lighttpd-FastCGI, dest=backbone@backbone.ws]
+logpath = /var/log/lighttpd/error.log
+maxretry = 2

fonts/conf.d/10-autohint.conf

@@ -0,0 +1 @@
+../conf.avail/10-autohint.conf

fonts/conf.d/10-no-sub-pixel.conf

@@ -0,0 +1 @@
+../conf.avail/10-no-sub-pixel.conf

fonts/conf.d/10-scale-bitmap-fonts.conf

@@ -0,0 +1 @@
+../conf.avail/10-scale-bitmap-fonts.conf

fonts/conf.d/30-metric-aliases.conf

@@ -0,0 +1 @@
+../conf.avail/30-metric-aliases.conf

fonts/conf.d/40-nonlatin.conf

@@ -0,0 +1 @@
+../conf.avail/40-nonlatin.conf

fonts/conf.d/45-latin.conf

@@ -0,0 +1 @@
+../conf.avail/45-latin.conf

fonts/conf.d/49-sansserif.conf

@@ -0,0 +1 @@
+../conf.avail/49-sansserif.conf

fonts/conf.d/50-user.conf

@@ -0,0 +1 @@
+../conf.avail/50-user.conf

fonts/conf.d/51-local.conf

@@ -0,0 +1 @@
+../conf.avail/51-local.conf

fonts/conf.d/57-dejavu-sans-mono.conf

@@ -0,0 +1 @@
+/etc/fonts/conf.avail/57-dejavu-sans-mono.conf

fonts/conf.d/57-dejavu-sans.conf

@@ -0,0 +1 @@
+/etc/fonts/conf.avail/57-dejavu-sans.conf

fonts/conf.d/65-fonts-persian.conf

@@ -0,0 +1 @@
+../conf.avail/65-fonts-persian.conf

fonts/conf.d/65-nonlatin.conf

@@ -0,0 +1 @@
+../conf.avail/65-nonlatin.conf

fonts/local.conf

@@ -0,0 +1,38 @@
+<?xml version="1.0"?>
+<!DOCTYPE fontconfig SYSTEM "fonts.dtd">
+<fontconfig>
+
+<!-- Отключаю autohinter для крупных шрифтов -->
+<match target="font">
+	<test compare="more" name="size" qual="any">
+		<double>9</double>
+	</test>
+	<edit mode="assign" name="autohint">
+		<bool>false</bool>
+	</edit>
+</match>
+<match target="font">
+	<test compare="more" name="pixelsize" qual="any">
+		<double>10</double>
+	</test>
+	<edit mode="assign" name="autohint">
+		<bool>false</bool>
+	</edit>
+</match>
+<!-- Отключаю autohinter для жирных шрифтов -->
+<match target="font">
+	<test name="weight" compare="more">
+		<const>medium</const>
+	</test>
+	<edit name="autohint" mode="assign">
+		<bool>false</bool>
+	</edit>
+</match>
+
+<!-- Указываю dpi -->
+<match target="pattern">
+	<edit name="dpi" mode="assign"><double>99</double></edit>
+</match>
+
+</fontconfig>
+

laptop-mode/batt-start/restore_sysctl.sh

@@ -0,0 +1 @@
+/usr/sbin/sysctl --quiet --system

laptop-mode/batt-stop/restore_sysctl.sh

@@ -0,0 +1 @@
+/usr/sbin/sysctl --quiet --system

local.d/hpet.start

@@ -0,0 +1,7 @@
+# /etc/conf.d/local.start
+
+# This is a good place to load any misc programs
+# on startup (use &>/dev/null to hide output)
+
+echo hpet >/sys/devices/system/clocksource/clocksource0/current_clocksource
+

local.d/ioschedulers.start

@@ -0,0 +1,16 @@
+#!/bin/sh
+
+# none (IOPS=60/20) mq-deadline (IOPS=70/23) kyber (IOPS=78/26) bfq (IOPS=47/16)
+# none (18/6) mq-deadline (19/6.3) kyber (20/6.68) bfq (20/6.79)
+scheduler=mq-deadline
+
+# Set on noop scheduler for hdds with NCQ
+for D in /sys/block/{sd?,nvme*}; do
+    S=$D/queue/scheduler
+    #Q=$D/device/queue_depth
+    #if [[ "$(cat $Q)" == "31" ]]; then
+        echo $D: $(cat $S) - set schedule to $scheduler
+        #echo noop > $S
+        echo $scheduler > $S
+    #fi
+done

local.d/tuxonice.start

@@ -0,0 +1,3 @@
+# /etc/conf.d/local.start
+
+echo 1 >/sys/power/tuxonice/no_multithreaded_io

local.d/vm.start

@@ -0,0 +1,6 @@
+# /etc/conf.d/local.start
+
+# This is a good place to load any misc programs
+# on startup (use &>/dev/null to hide output)
+
+chmod o+rw /dev/kvm

locale.gen

@@ -0,0 +1,5 @@
+en_US ISO-8859-1
+en_US.UTF-8 UTF-8
+ru_RU.UTF-8 UTF-8
+ru_RU.KOI8-R KOI8-R
+ru_RU.CP1251 CP1251

locale.nopurge

@@ -0,0 +1,7 @@
+MANDELETE
+SHOWFREEDSPACE
+VERBOSE
+#NOCOLOR
+ru
+ru_RU
+ru_RU.UTF-8

logcheck/ignore.d.server/backbone

@@ -0,0 +1,43 @@
+# dovecot
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot(\[[0-9]+\])?: (pop3|imap)-login: Login: user=<[-_.@[:alnum:]]+>, method=[[:alnum:]-]+, rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+.*$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot(\[[0-9]+\])?: (pop3|imap)\([^)]*\): Disconnected: Logged out.*$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot(\[[0-9]+\])?: (pop3|imap)\([^)]*\): Connection closed in.*$
+
+# cron
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ (CROND|crond|run-crons)(\[[0-9]+\])?: .*$
+
+# syn-flood
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: IPTables SYN-FLOOD: .*$
+
+# pure-ftpd
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ pure-ftpd(\[[0-9]+\])?: [^[]*\[INFO\].*$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ pure-ftpd(\[[0-9]+\])?: [^[]*\[NOTICE\].*$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ pure-ftpd(\[[0-9]+\])?: \([^)]+\) \[WARNING\] Authentication failed for user .*$
+
+# sshd
+#^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd(\[[0-9]+\])?: .*$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd(\[[0-9]+\])?: (Connection closed by invalid|Invalid user|Did not receive identification|Connection closed by|Received disconnect from|Disconnecting authenticating user|error: maximum authentication|Disconnected from|Disconnecting invalid user|Unable to negotiate with|Bad protocol version identification|error: Received disconnect from).*$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd(\[[0-9]+\])?: Connection reset by .*$
+
+# sshguard
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshguard(\[[0-9]+\])?: [0-9.]+ has already been blocked$
+
+# nscd
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ nscd(\[[0-9]+\])?: .*$
+
+# dovecot
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot(\[[0-9]+\])?: imap\([^)]+\): (Logged out|Connection closed|Disconnected for inactivity).*$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot(\[[0-9]+\])?: imap-login: (Aborted login|Disconnected).*$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot(\[[0-9]+\])?: auth: Warning: auth client [0-9]+ disconnected.*$
+
+# postfix
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix(\/smtp|\/master)?d?(\[[0-9]+\])?: (disconnect from|warning: hostname [^ ]+ does not resolve to address|improper command pipelining|[0-9ABCDEF]+: client=|warning:|using backwards-compatible default setting).*$
+
+# auth
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ auth(\[[0-9]+\])?: pam_unix\(smtp:auth\): (check pass; user unknown|authentication failure).*$
+
+# ntpd
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ntpd(\[[0-9]+\])?: .*$
+
+# syslog-ng
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ syslog-ng(\[[0-9]+\])?: .*$

mozpluggerrc

@@ -0,0 +1,379 @@
+# Configure file for MozPlugger
+# Version: Jan 20, 2013
+#
+# This file is part of mozplugger a fork of plugger, for list of developers 
+# see the README file.
+#
+# Commands which are not installed on your system will not be used.
+#
+# NOTE!! After changing this file, mozplugger-update must be executed.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111, USA.
+
+
+### m4 macros ###
+
+changequote([,])
+
+### Helpers
+
+### MPlayer
+
+#define(MP_CMD,[mplayer -quiet -nojoystick -nofs -zoom -osdlevel 0 $1 </dev/null])
+define(MP_CMD,[mpv -really-quiet $1 </dev/null])
+
+#define(MP_EMBED,[embed noisy ignore_errors: MP_CMD(-xy $width -wid $window $1)])
+define(MP_EMBED,[embed noisy ignore_errors: MP_CMD(--autofit=$width -wid $window $1)])
+
+#define(MP_NOEMBED,[noembed noisy ignore_errors maxaspect swallow(MPlayer): MP_CMD($1)])
+define(MP_NOEMBED,[noembed noisy ignore_errors maxaspect swallow(mpv): MP_CMD($1)])
+
+# If you want a small controls in top left corner of embedded window when using
+# mplayer then uncomment the first and comment the second below 
+
+#define(MP_VIDEO_STREAM,[controls stream MP_EMBED($1 "$file")
+#	stream MP_NOEMBED($1 "$file")])
+
+define(MP_VIDEO_STREAM,[stream MP_EMBED($1 "$file")
+	stream MP_NOEMBED($1 "$file")])
+
+define(MP_VIDEO_PLAYLIST, [fmatch($1) MP_EMBED(-playlist "$file")
+	                   fmatch($1) MP_NOEMBED(-playlist "$file")])
+# Special case for Quicktime
+define(MP_LINKS,[stream links noisy ignore_errors: MP_CMD($1)])
+
+#define(MP_AUDIO,[mplayer -quiet -nojoystick $1 </dev/null])
+define(MP_AUDIO,[mpv -really-quiet $1 </dev/null])
+
+#define(MP_AUDIO_STREAM,[controls stream noisy ignore_errors: mplayer -quiet -nojoystick $1 "$file" </dev/null])
+define(MP_AUDIO_STREAM,[controls stream noisy ignore_errors: mpv -really-quiet $1 "$file" </dev/null])
+
+### Totem
+
+define(TM_CMD,[totem $1</dev/null])
+
+define(TM_EMBED,[embed noisy ignore_errors fill swallow(Totem): TM_CMD(--toggle-controls $1)])
+
+define(TM_NOEMBED,[nokill noembed noisy ignore_errors: TM_CMD($1)])
+
+
+define(TM_VIDEO_STREAM,[stream TM_EMBED("$file")
+	stream TM_NOEMBED("$file")])
+
+# Special case for Quicktime
+define(TM_LINKS,[stream links nokill noembed noisy ignore_errors: TM_CMD($1)])
+
+define(TM_AUDIO_STREAM,[controls stream noisy ignore_errors: TM_CMD("$file")])
+
+### OpenOffice
+# Note the single dash in front of the view command!
+define([OO],[swallow(VCLSalFrame) fill: ooffice2.0 -nologo -norestore -view "$file"
+	swallow(VCLSalFrame) fill: ooffice -nologo -norestore -view "$file"
+	swallow(libreoffice) fill: libreoffice --nologo --norestore --view "$file"
+	swallow(VCLSalFrame) fill: soffice --nologo --norestore -view "$file"])
+
+### GV
+define(GV_OPTS,[--safer --quiet --antialias -geometry +9000+9000])
+define(GV_FLAGS,[repeat noisy swallow(gv) fill])
+define(GV,[GV_FLAGS(): gv GV_OPTS() "$file"])
+
+### Video ###
+
+video/mpeg:mpeg,mpg,mpe:MPEG animation
+video/x-mpeg:mpeg,mpg,mpe:MPEG animation
+video/x-mpeg2:mpv2,mp2ve:MPEG2 animation
+	MP_VIDEO_STREAM()
+	TM_VIDEO_STREAM()
+        nokill noisy: xine -pq "$file"
+	loop: mtvp -l -W$window "$file"
+	: mtvp -W$window "$file"
+	loop: xanim +Av100 -Zr +W$window +q +f "$file"
+	: xanim +Av100 -Zr +W$window +q +Ze +f "$file"
+
+video/mp4:mp4:MPEG4 animation
+video/msvideo:avi:AVI animation
+video/x-msvideo:avi:AVI animation
+application/octet-stream:mkv,m4v:AVI animation
+video/fli:fli,flc:FLI animation
+video/x-fli:fli,flc:FLI animation
+	MP_VIDEO_STREAM()
+	TM_VIDEO_STREAM()
+        nokill noisy: xine -pq "$file"
+
+video/x-theora:ogg:OGG stream with video
+video/theora:ogg:OGG stream with video
+video/ogg:ogg:OGG stream with video
+video/x-ogg:ogm,ogv:OGG stream with video
+	MP_VIDEO_STREAM()
+	TM_VIDEO_STREAM()
+
+video/dl:dl:DL animation
+video/x-dl:dl:DL animation
+video/sgi-movie:movie,movi,mv:SGI animation
+video/x-sgi-movie:movie,movi,mv:SGI animation
+video/anim:iff,anim5,anim3,anim7:IFF animation
+video/x-anim:iff,anim5,anim3,anim7:IFF animation
+	loop: xanim +Av100 -Zr +W$window +q +f "$file"
+	: xanim +Av100 -Zr +W$window +q +Ze +f "$file"
+
+
+### Audio ###
+
+audio/mid:midi,mid:MIDI audio file
+audio/x-mid:midi,mid:MIDI audio file
+audio/midi:midi,mid:MIDI audio file
+audio/x-midi:midi,mid:MIDI audio file
+	controls noisy stream: timidity -Od "$file"
+	controls: playmidi "$file"
+
+audio/mod:mod:Soundracker audio Module
+audio/x-mod:mod:Soundracker audio Module
+	controls loop noisy: mikmod -q --interpolate "$file"
+	controls noisy: mikmod -q --interpolate "$file"
+	controls loop noisy: xmp -l --nocmd "$file"
+	controls noisy: xmp --nocmd "$file"
+
+audio/mp3:mp3:MPEG audio
+audio/x-mp3:mp3:MPEG audio
+audio/mpeg2:mp2:MPEG audio
+audio/x-mpeg2:mp2:MPEG audio
+audio/mpeg3:mp3:MPEG audio
+audio/x-mpeg3:mp3:MPEG audio
+audio/mpeg:mpa,abs,mpega:MPEG audio
+audio/x-mpeg:mpa,abs,mpega:MPEG audio
+	MP_AUDIO_STREAM()
+	TM_AUDIO_STREAM()
+	controls: mpg321 -q "$file"
+	controls: mpg123 -q "$file"
+	controls: splay -t 200 "$file"
+	controls: amp -b 200 -q "$file"
+	controls: maplay "$file"
+	controls: mpeg3play "$file"
+	nokill noisy : xmms -e -p "$file"
+	repeat noisy swallow(alsaplayer): alsaplayer -q "$file"
+
+audio/mpeg-url:m3u:MPEG music resource locator
+audio/x-mpeg-url:m3u:MPEG music resource locator
+audio/mpegurl:m3u:MPEG music resource locator
+audio/x-mpegurl:m3u:MPEG music resource locator
+audio/x-scpls:pls:Shoutcast Playlists
+#	controls: mpg321 -q -@ "$file"
+	nokill noisy : xmms -e -p "$file"
+
+audio/x-ogg:ogg:OGG audio
+application/x-ogg:ogg:OGG audio
+application/ogg:ogg:OGG audio
+	MP_AUDIO_STREAM()
+	TM_AUDIO_STREAM()
+	controls stream noisy: ogg123 -q -b 128 "$file"
+	nokill noisy : xmms -e -p "$file"
+
+audio/flac:flac:FLAC audio
+audio/x-flac:flac:FLAC audio
+application/x-flac:flac:FLAC audio
+	MP_AUDIO_STREAM()
+	nokill noisy : xmms -e -p "$file"
+
+audio/x-sidtune:sid,psid:Commodore 64 Audio
+audio/sidtune:sid,psid:Commodore 64 Audio
+audio/psid:psid,sid:Commodore 64 Audio
+audio/x-psid:psid,sid:Commodore 64 Audio
+	controls noisy: sidplay -16 -f44100 -a "$file"
+
+audio/basic:au,snd:Basic audio file
+audio/x-basic:au,snd:Basic audio file
+	controls: play "$file"
+	controls: sox "$file" -t .au - > /dev/audio
+
+### Documents ###
+
+image/sun-raster:rs:SUN raster image
+image/x-sun-raster:rs:SUN raster image
+image/x-rgb:rgb:RGB Image
+image/x-portable-pixmap:ppm:PPM Image
+image/x-portable-graymap:pgm:PGM Image
+image/x-portable-bitmap:pbm:PBM Image
+image/x-portable-anymap:pnm:PBM Image
+image/tiff:tiff,tif:TIFF image
+image/x-tiff:tiff,tif:TIFF image
+	exits: display -window $window -backdrop "$file"
+	repeat noisy swallow(gqview) fill: gqview -t "$file"
+	swallow(:) maxaspect: xv -ima -igeom +9000+9000 -geometry +9000+9000 "$file"
+	repeat swallow(Sdtimage) fill: sdtimage "$file"
+	swallow(*qiv:) fill maxaspect: qiv -n "$file"
+
+image/x-xcf:xcf:Gimp Image
+image/xcf:xcf:Gimp Image
+application/x-gimp:xcf:Gimp Image
+application/gimp:xcf:Gimp Image
+application/photoshop:psd:PhotoShop Image
+application/x-photoshop:psd:PhotoShop Image
+	exits: display -window $window -backdrop "$file"
+
+application/pdf:pdf:PDF file
+application/x-pdf:pdf:PDF file
+text/pdf:pdf:PDF file
+text/x-pdf:pdf:PDF file
+#        repeat swallow(acroread) fill : acroread -openInNewWindow /a "$fragment" "$file"
+	repeat noisy swallow(kpdf) fill: kpdf "$file"
+	repeat noisy swallow(Xpdf) fill: xpdf -g +9000+9000 "$file"
+        repeat noisy swallow(epdfview) fill: epdfview "$file"
+	GV()
+	links noisy : okular "$file"
+	links noisy exits: evince "$file"
+        links exits: acroread /a "$fragment" "$file"
+# We don't swallow evince, acroread or okular as those apps done play ball when swallowed
+# http://www.mozdev.org/bugs/show_bug.cgi?id=20686, 24322,
+
+application/x-dvi:dvi:DVI file
+        repeat swallow(kdvi) fill: kdvi "$file"
+	repeat swallow(xdvi) fill: xdvi -safer -hush -geometry +9000+9000 "$file"
+
+application/x-postscript:ps:PostScript file
+application/postscript:ps:PostScript file
+	GV()
+	repeat noisy fill exits: evince "$file"
+
+application/x-rtf:rtf:Rich Text Format
+application/rtf:rtf:Rich Text Format
+text/rtf:rtf:Rich Text Format
+	OO()
+	repeat noisy swallow(AbiWord) fill: abiword --nosplash --geometry +9000+9000 "$file"
+	repeat noisy swallow(kword): kword "$file"
+	repeat noisy swallow(Ted) fill: Ted "$file"
+
+application/x-msword:doc,dot:Microsoft Word Document
+application/msword:doc,dot:Microsoft Word Document
+	OO()
+	repeat noisy swallow(kword): kword "$file"
+	repeat noisy swallow(AbiWord) fill: abiword --nosplash --geometry +9000+9000 "$file"
+
+application/vnd.ms-excel:xls,xlb:Microsoft Excel Document
+	OO()
+	repeat swallow(Gnumeric) fill: gnumeric "$file"
+
+# OpenOffice MimeTypes (http://framework.openoffice.org/documentation/mimetypes/mimetypes.html)
+application/vnd.sun.xml.writer:sxw:OpenOffice Writer 6.0 documents
+application/so7_vnd.sun.xml.writer:sxw:OpenOffice Writer 7.0 documents
+application/vnd.sun.xml.writer.template:stw:OpenOffice Writer 6.0 templates
+application/vnd.sun.xml.writer.global:sxg:OpenOffice Writer 6.0 global documents
+application/vnd.stardivision.writer:sdw:StarWriter 5.x documents
+application/vnd.stardivision.writer-global:sgl:StarWriter 5.x global documents
+application/x-starwriter:sdw:StarWriter 4.x documents
+application/vnd.sun.xml.calc:sxc:OpenOffice Calc 6.0 spreadsheets
+application/so7_vnd.sun.xml.calc:sxc:OpenOffice Calc 7.0 spreadsheets
+application/vnd.sun.xml.calc.template:stc:OpenOffice Calc 6.0 templates
+application/vnd.stardivision.calc:sdc:StarCalc 5.x spreadsheets
+application/x-starcalc:sdc:StarCalc 4.x spreadsheets
+application/vnd.lotus-1-2-3: 123, wk1: Lotus 1-2-3 Document
+application/vnd.sun.xml.draw:sxd:OpenOffice Draw 6.0 documents
+application/so7_vnd.sun.xml.draw:sxc:StarOffice Draw 7.0 documents
+application/vnd.sun.xml.draw.template:std:OpenOffice Draw 6.0 templates
+application/vnd.stardivision.draw:sda:StarDraw 5.x documents
+application/x-stardraw:sda:StarDraw 4.x documents
+application/vnd.sun.xml.impress:sxi:OpenOffice Impress 6.0 presentations
+application/so7_vnd.sun.xml.impress:sxi:StarOffice 7.0 Impress presentations
+application/vnd.sun.xml.impress.template:sti:OpenOffice Impress 6.0 templates
+application/vnd.stardivision.impress:sdd:StarImpress 5.x presentations
+application/vnd.stardivision.impress-packed:sdp:StarImpress Packed 5.x files
+application/x-starimpress:sdd:StarImpress 4.x presentations
+application/vnd.ms-powerpoint:ppt:PowerPoint Slideshow
+application/mspowerpoint:ppt,ppz,pps,pot:PowerPoint Slideshow
+application/vnd.sun.xml.math:sxm:OpenOffice Math 6.0 documents
+application/so7_vnd.sun.xml.math:sxm:StarOffice 7.0 Math documents
+application/vnd.stardivision.math:smf:StarMath 5.x documents
+application/x-starmath:smf:StarMath 4.x documents
+application/vnd.oasis.opendocument.text:odt,ODT:OASIS OpenDocument Text
+application/vnd.oasis.opendocument.spreadsheet:ods,ODS:OASIS OpenDocument SpreadSheet
+application/vnd.oasis.opendocument.presentation:odp,ODP:OASIS OpenDocument Presentation
+	OO()
+
+chemical/x-pdb:pdb: Protein Data Bank file
+model/x-pdb:pdb: Protein Data Bank file
+	swallow(rasmol) fill: rasmol "$file"
+        swallow(molecule) fill: /usr/X11R6/lib/xscreensaver/molecule -delay 20000 -geometry +9000+9000 -no-spin -molecule "$file"
+
+application/bge:blend:Blender Game Engine
+        swallow(%f): blenderplayer $file
+
+# Quick time, some webpages use Javascript to check plugin name
+[[QuickTime Plug-in 7.6.9 @7.6.9]]
+
+application/x-quicktimeplayer:mov:Quicktime animation
+image/x-macpaint:pntg,mov:Quicktime animation
+video/quicktime:mov,qt:Quicktime animation
+video/x-quicktime:mov,qt:Quicktime animation
+	MP_VIDEO_STREAM()
+        MP_LINKS("$file")
+	TM_VIDEO_STREAM()
+        TM_LINKS("$file")
+	stream links : xine -pq "$file"
+	nokill noisy: xine -pq "$file"
+
+# Real player, some webpages use Javascript to check plugin name
+[[RealPlayer 9 @9]]
+
+audio/x-pn-realaudio-plugin:rpm:RealPlayer Plugin Metafile
+audio/x-pn-realaudio:ra,rm,ram:Realaudio-plugin resource locator
+audio/x-realaudio:ra,rm,ram:RealAudio file
+application/vnd.rn-realmedia:rm:RealMedia file
+application/smil:smi:RealPlayer
+audio/vnd.rn-realaudio:ra,ram:RealAudio file
+audio/vnd.rn-realvideo:rv:RealVideo file
+	nokill stream: hxplay "$file"
+        nokill stream: realplay "$file"
+
+[[Windows Media Player Plug-in @10.1]]
+
+application/x-mplayer2:*:Windows Media video
+video/x-ms-asf:asf,asx:Windows Media video
+video/x-ms-wm:wm:Windows Media video
+video/x-ms-wmv:wmv:Windows Media video
+video/x-ms-wvx:wvx:Windows Media video
+video/x-ms-asf-plugin:*:Window Media video
+        MP_VIDEO_PLAYLIST(%.asx)
+	MP_VIDEO_STREAM()
+	TM_VIDEO_STREAM()
+
+application/asx:asx:Windows Media video
+	MP_VIDEO_STREAM(-playlist)
+	TM_VIDEO_STREAM()
+
+audio/wav:wav:Microsoft wave file
+audio/x-wav:wav:Microsoft wave file
+audio/x-pn-wav:wav:Microsoft wave file
+audio/x-pn-windows-acm:wav:Microsoft wave file
+        controls: play "$file"
+	controls: wavplay -q "$file"
+	controls noisy: bplay "$file"
+	controls: splay "$file"
+	nokill noisy : xmms -e -p "$file"
+ 	repeat noisy swallow(alsaplayer): alsaplayer -q "$file"
+
+audio/x-ms-wax:wax:Windows Media Audio
+	MP_AUDIO_STREAM(-playlist-playlist))
+	TM_AUDIO_STREAM()
+
+audio/x-ms-wma:wma:Windows Media Audio
+	MP_AUDIO_STREAM()
+	TM_AUDIO_STREAM()
+
+
+#[[Shockwave Flash @11,2,202,332]]
+# 11.2 r202
+#application/x-shockwave-flash:swf:Shockwave Flash
+#application/futuresplash:spl:FutureSplash Player
+#	MP_AUDIO_STREAM()
+

nanorc

@@ -0,0 +1,295 @@
+## Use auto-indentation.
+set autoindent
+
+## Backup files to filename~.
+# set backup
+
+## The directory to put unique backup files in.
+# set backupdir ""
+
+## Do backwards searches by default.
+set backwards
+
+## Use bold text instead of reverse video text.
+set boldtext
+
+## The characters treated as closing brackets when justifying
+## paragraphs.  They cannot contain blank characters.  Only closing
+## punctuation, optionally followed by closing brackets, can end
+## sentences.
+##
+set brackets ""')>]}"
+
+## Do case sensitive searches by default.
+# set casesensitive
+
+## Constantly display the cursor position in the statusbar.  Note that
+## this overrides "quickblank".
+set const
+
+## Use cut to end of line by default.
+set cut
+
+## Set the line length for wrapping text and justifying paragraphs.
+## If fill is 0 or less, the line length will be the screen width less
+## this number.
+##
+set fill -8
+
+## Enable ~/.nano_history for saving and reading search/replace strings.
+# set historylog
+
+## The opening and closing brackets that can be found by bracket
+## searches.  They cannot contain blank characters.  The former set must
+## come before the latter set, and both must be in the same order.
+##
+set matchbrackets "(<[{)>]}"
+
+## Use the blank line below the titlebar as extra editing space.
+set morespace
+
+## Enable mouse support, if available for your system.  When enabled,
+## mouse clicks can be used to place the cursor, set the mark (with a
+## double click), and execute shortcuts.  The mouse will work in the X
+## Window System, and on the console when gpm is running.
+##
+# set mouse
+
+## Allow multiple file buffers (inserting a file will put it into a
+## separate buffer).  You must have configured with --enable-multibuffer
+## for this to work.
+##
+set multibuffer
+
+## Don't convert files from DOS/Mac format.
+# set noconvert
+
+## Don't follow symlinks when writing files.
+# set nofollow
+
+## Don't display the helpful shortcut lists at the bottom of the screen.
+# set nohelp
+
+## Don't add newlines to the ends of files.
+# set nonewlines
+
+## Don't wrap text at all.
+# set nowrap
+
+## Set operating directory.  nano will not read or write files outside
+## this directory and its subdirectories.  Also, the current directory
+## is changed to here, so any files are inserted from this dir.  A blank
+## string means the operating directory feature is turned off.
+##
+# set operatingdir ""
+
+## Preserve the XON and XOFF keys (^Q and ^S).
+# set preserve
+
+## The characters treated as closing punctuation when justifying
+## paragraphs.  They cannot contain blank characters.  Only closing
+## punctuation, optionally followed by closing brackets, can end
+## sentences.
+##
+# set punct "!.?"
+
+## Do quick statusbar blanking.  Statusbar messages will disappear after
+## 1 keystroke instead of 26.  Note that "const" overrides this.
+##
+# set quickblank
+
+## The email-quote string, used to justify email-quoted paragraphs.
+## This is an extended regular expression if your system supports them,
+## otherwise a literal string.  Default:
+# set quotestr "^([ 	]*[#:>\|}])+"
+## if you have extended regular expression support, otherwise:
+# set quotestr "> "
+
+## Fix Backspace/Delete confusion problem.
+# set rebinddelete
+
+## Fix numeric keypad key confusion problem.
+# set rebindkeypad
+
+## Do extended regular expression searches by default.
+set regexp
+
+## Make the Home key smarter.  When Home is pressed anywhere but at the
+## very beginning of non-whitespace characters on a line, the cursor
+## will jump to that beginning (either forwards or backwards).  If the
+## cursor is already at that position, it will jump to the true
+## beginning of the line.
+# set smarthome
+
+## Use smooth scrolling as the default.
+# set smooth
+
+## Enable soft line wrapping (AKA full line display).
+# set softwrap
+
+## Use this spelling checker instead of the internal one.  This option
+## does not properly have a default value.
+##
+# set speller "aspell -x -c"
+
+## Allow nano to be suspended.
+# set suspend
+
+## Use this tab size instead of the default; it must be greater than 0.
+# set tabsize 8
+
+## Convert typed tabs to spaces.
+# set tabstospaces
+
+## Save automatically on exit, don't prompt.
+# set tempfile
+
+## Enable the new (EXPERIMENTAL) generic undo code, not just for line
+## cuts.
+# set undo
+
+## Disallow file modification.  Why would you want this in an rcfile? ;)
+# set view
+
+## The two single-column characters used to display the first characters
+## of tabs and spaces.  187 in ISO 8859-1 (0000BB in Unicode) and 183 in
+## ISO-8859-1 (0000B7 in Unicode) seem to be good values for these.
+# set whitespace "  "
+
+## Detect word boundaries more accurately by treating punctuation
+## characters as parts of words.
+# set wordbounds
+
+
+## Color setup
+##
+## Format:
+##
+## syntax "short description" ["filename regex" ...]
+##
+## The "none" syntax is reserved; specifying it on the command line is
+## the same as not having a syntax at all.  The "default" syntax is
+## special: it takes no filename regexes, and applies to files that
+## don't match any other syntax's filename regexes.
+##
+## color foreground,background "regex" ["regex"...]
+## or
+## icolor foreground,background "regex" ["regex"...]
+##
+## "color" will do case sensitive matches, while "icolor" will do case
+## insensitive matches.
+##
+## Valid colors: white, black, red, blue, green, yellow, magenta, cyan.
+## For foreground colors, you may use the prefix "bright" to get a
+## stronger highlight.
+##
+## To use multi-line regexes, use the start="regex" end="regex"
+## [start="regex" end="regex"...] format.
+##
+## If your system supports transparency, not specifying a background
+## color will use a transparent color.  If you don't want this, be sure
+## to set the background color to black or white.
+##
+## If you wish, you may put your syntaxes in separate files.  You can
+## make use of such files (which can only include "syntax", "color", and
+## "icolor" commands) as follows:
+##
+## include "/path/to/syntax_file.nanorc"
+##
+## Unless otherwise noted, the name of the syntax file (without the
+## ".nanorc" extension) should be the same as the "short description"
+## name inside that file.  These names are kept fairly short to make
+## them easier to remember and faster to type using nano's -Y option.
+##
+## All regexes should be extended regular expressions.
+
+## Key bindings
+## Please see nanorc(5) for more details on this
+##
+## Here are some samples to get you going
+##
+# bind M-W nowrap main
+# bind M-A casesens search
+# bind ^S research main
+
+## Set this if your backspace key sends delete most of the time (2.1.3+)
+# bind kdel backspace all
+
+
+## Nanorc files
+include "/usr/share/nano/nanorc.nanorc"
+
+## C/C++
+include "/usr/share/nano/c.nanorc"
+
+## Makefiles
+include "/usr/share/nano/makefile.nanorc"
+
+## Cascading Style Sheets
+include "/usr/share/nano/css.nanorc"
+
+## Debian files
+include "/usr/share/nano/debian.nanorc"
+
+## Gentoo files
+include "/usr/share/nano/gentoo.nanorc"
+
+## HTML
+include "/usr/share/nano/html.nanorc"
+
+## PHP
+include "/usr/share/nano/php.nanorc"
+
+## TCL
+include "/usr/share/nano/tcl.nanorc"
+
+## TeX
+include "/usr/share/nano/tex.nanorc"
+
+## Quoted emails (under e.g. mutt)
+include "/usr/share/nano/mutt.nanorc"
+
+## Patch files
+include "/usr/share/nano/patch.nanorc"
+
+## Manpages
+include "/usr/share/nano/man.nanorc"
+
+## Groff
+include "/usr/share/nano/groff.nanorc"
+
+## Perl
+include "/usr/share/nano/perl.nanorc"
+
+## Python
+include "/usr/share/nano/python.nanorc"
+
+## Ruby
+include "/usr/share/nano/ruby.nanorc"
+
+## Java
+include "/usr/share/nano/java.nanorc"
+
+## Fortran
+include "/usr/share/nano/fortran.nanorc"
+
+## Objective-C
+include "/usr/share/nano/objc.nanorc"
+
+## OCaml
+include "/usr/share/nano/ocaml.nanorc"
+
+## AWK
+include "/usr/share/nano/awk.nanorc"
+
+## Assembler
+include "/usr/share/nano/asm.nanorc"
+
+## Bourne shell scripts
+include "/usr/share/nano/sh.nanorc"
+
+## POV-Ray
+include "/usr/share/nano/pov.nanorc"
+
+## XML-type files
+include "/usr/share/nano/xml.nanorc"

portage/color.map

@@ -0,0 +1 @@
+yellow=darkyellow

rc.conf

@@ -0,0 +1,30 @@
+#rc_parallel="YES"
+#rc_interactive="YES"
+rc_shell=/sbin/sulogin
+#rc_depend_strict="YES"
+#rc_hotplug="!net.*"
+#rc_logger="YES"
+#rc_log_path="/var/log/rc.log"
+#rc_verbose=no
+#rc_env_allow="VAR1 VAR2"
+#rc_start_wait=5000
+#rc_nostop=""
+#rc_crashed_stop=NO
+rc_crashed_start=YES
+#rc_nocolor=NO
+unicode="YES"
+#rc_fuser_timeout=60
+#extra_net_fs_list=""
+#export SSD_NICELEVEL="-19"
+#rc_ulimit="-u 30"
+#rc_sys=""
+rc_tty_number=12
+
+# Dependency Fixes
+rc_bumblebee_need="!vgl !xdm"
+rc_dnsmasq_need="!net"
+rc_ntpd_need="!net"
+rc_preload_use="!ntpd"
+rc_local_after="!ntpd"
+rc_ejabberd_need="epmd"
+rc_rabbitmq_need="epmd"

sysctl.d/12309.conf

@@ -0,0 +1,21 @@
+# swap usage (default = 60)
+vm.swappiness = 1
+# (default = 100)
+vm.vfs_cache_pressure = 50
+
+# http://www.linux.org.ru/wiki/en/User:shimon/12309
+# reduce memory size allowed to process (default = 0 )
+vm.overcommit_memory = 0
+# memory allowed to process: total_swap + total_ram * overcommit_ratio / 100 (default = 50 )
+vm.overcommit_ratio = 10
+# disk buffer size (default = 0 )
+vm.dirty_bytes = 16777216
+# disk buffer size (default = 0 )
+vm.dirty_background_bytes = 33554432
+# For old kernels <2.6.30 (default = 40)
+#vm.dirty_ratio = 40
+# For old kernels <2.6.30 (default = 10)
+#vm.dirty_background_ratio = 10
+# https://github.com/zen-kernel/zen-kernel/issues/81#issuecomment-260779930
+vm.dirty_expire_centisecs = 100
+vm.dirty_writeback_centisecs = 300

sysctl.d/net.conf

@@ -0,0 +1,15 @@
+# ip forwarding (default = 0)
+net.ipv4.ip_forward = 0
+# filtering by source IP address (default = 0)
+net.ipv4.conf.all.rp_filter = 1
+net.ipv4.conf.default.rp_filter = 1
+# ICMP-messages for routes (default = 1)
+net.ipv4.conf.default.accept_redirects = 0
+# enable secure redirects (default = 1)
+net.ipv4.conf.all.secure_redirects = 1
+# forbid sender to define route (default = 0)
+net.ipv4.conf.default.accept_source_route = 0
+# Invalidate / discard packets when the route for outbound
+# traffic differs from the route of incoming traffic
+net.ipv4.conf.default.rp_filter = 1
+net.ipv4.conf.all.rp_filter = 1

sysctl.d/other.conf

@@ -0,0 +1,4 @@
+# reboot on kernel panic, seconds (default = 0)
+kernel.panic = 5
+# several multimedia apps require this option
+kernel.shmmax = 2147483647

timezone

@@ -0,0 +1 @@
+Europe/Moscow

udev/rules.d/60-ioschedulers.rules

@@ -0,0 +1,6 @@
+# set scheduler for NVMe
+ACTION=="add|change", KERNEL=="nvme[0-9]n[0-9]", ATTR{queue/scheduler}="mq-deadline"
+# set scheduler for SSD and eMMC
+ACTION=="add|change", KERNEL=="sd[a-z]|mmcblk[0-9]*", ATTR{queue/rotational}=="0", ATTR{queue/scheduler}="mq-deadline"
+# set scheduler for rotating disks
+ACTION=="add|change", KERNEL=="sd[a-z]", ATTR{queue/rotational}=="1", ATTR{queue/scheduler}="mq-deadline"