add subset of shared configuration files

2021-07-28 08:18:33 -04:00 · 2021-07-28 08:18:33 -04:00 · d24d24926a
parent 7d70f11b0c
commit d24d24926a
9 changed files with 1502 additions and 0 deletions
--- a/512
+++ b/512
@ -0,0 +1,512 @@
+#!/usr/bin/env bash
+
+# Unofficial Bash strict mode
+set \
+  -o errexit \
+  -o errtrace \
+  -o noglob \
+  -o nounset \
+  -o pipefail
+IFS=$'\n\t'
+shopt -s inherit_errexit
+
+exit_with_error() {
+  echo "${@}" >&2
+  exit 1
+}
+
+check_for_dependencies() {
+  if ((BASH_VERSINFO[0] == 4 && \
+    BASH_VERSINFO[1] < 3 || \
+    BASH_VERSINFO[0] < 4)); then
+    exit_with_error \
+      error:$'\t\t'"${0##*/} requires Bash 4.3+."
+  fi
+
+  if ! { command -v openssl >&- &&
+    [[ $(openssl version) =~ ^OpenSSL\ ([[:digit:]]+)\.([[:digit:]]+) ]] &&
+    ((BASH_REMATCH[1] == 1 && \
+    BASH_REMATCH[2] >= 1 || \
+    BASH_REMATCH[1] > 1)); }; then
+    # shellcheck disable=2016
+    exit_with_error \
+      error:$'\t\t'"${0##*/} requires OpenSSL 1.1.0+," \
+      'but it is not available on $PATH.'
+  fi
+}
+
+parse_cli_arguments() {
+  local -r usage=(
+    "USAGE: ${0}"
+    "[-c/--certbot-dir DIRECTORY]"
+    "[-f/--force-update]"
+    "[-h/--help]"
+    "[-n/--cert-name NAME[,NAME...] [-u/--ocsp-responder URL]]"
+    "[-o/--output-dir DIRECTORY]"
+    "[-q/--quiet]"
+    "[-v/--verbose]"
+    "[-w/--no-reload-webserver]"
+  )
+
+  declare -gl ERROR_ENCOUNTERED
+
+  declare -gi VERBOSITY=1
+  local -r verbosity_error=(
+    "error: -q/--quiet cannot be specified in conjunction with -v/--verbose."
+  )
+
+  while ((${#} > 0)); do
+    local parameter=${1}
+
+    case ${parameter} in
+      -[^-]?*)
+        set -- "-${parameter:1:1}" "-${parameter:2}" "${@:2}"
+        ;;
+      -c | --certbot-dir | --certbot-dir=?*)
+        if [[ -v CERTBOT_DIR ]]; then
+          exit_with_error "${usage[@]}"
+        fi
+
+        if [[ ${parameter} =~ --certbot-dir=(.+) ]]; then
+          CERTBOT_DIR=${BASH_REMATCH[1]}
+        else
+          if [[ -n ${2:-} ]]; then
+            CERTBOT_DIR=${2}
+            shift
+          else
+            exit_with_error "${usage[@]}"
+          fi
+        fi
+
+        CERTBOT_DIR=$(
+          realpath \
+            --canonicalize-missing \
+            --relative-base . \
+            -- "${CERTBOT_DIR}"
+          echo x
+        )
+        CERTBOT_DIR=${CERTBOT_DIR%??}
+        shift
+        ;;
+      -f | --force-update)
+        if [[ ! -v FORCE_UPDATE ]]; then
+          declare -glr FORCE_UPDATE=true
+        fi
+        shift
+        ;;
+      -h | --help)
+        echo >&2 "${usage[@]}"
+        exit
+        ;;
+      -n | --cert-name | --cert-name=?*)
+        if [[ ${parameter} =~ --cert-name=(.+) ]]; then
+          local cert_lineages_value=${BASH_REMATCH[1]}
+          shift
+        else
+          if [[ -n ${2:-} ]]; then
+            local cert_lineages_value=${2}
+            shift 2
+          else
+            exit_with_error "${usage[@]}"
+          fi
+        fi
+
+        # Loop over any lineages passed in the same value of --cert-name.
+        OLDIFS=${IFS}
+        IFS=,
+        declare -Ag CERT_LINEAGES
+        # Check if a hardcoded OCSP responder was specified for this set of
+        # lineages.
+        case ${1:-} in
+          -u | --ocsp-responder)
+            if [[ -n ${2:-} ]]; then
+              for lineage_name in ${cert_lineages_value}; do
+                CERT_LINEAGES["${lineage_name}"]=${2}
+              done
+              shift
+            else
+              exit_with_error "${usage[@]}"
+            fi
+            shift
+            ;;
+          --ocsp-responder=?*)
+            [[ ${1} =~ --ocsp-responder=(.+) ]]
+            for lineage_name in ${cert_lineages_value}; do
+              CERT_LINEAGES["${lineage_name}"]=${BASH_REMATCH[1]}
+            done
+            shift
+            ;;
+          *)
+            # If no OCSP responder was specified, just save the lineage
+            # name as the key, with an empty value.
+            for lineage_name in ${cert_lineages_value}; do
+              CERT_LINEAGES["${lineage_name}"]=
+            done
+            ;;
+        esac
+        unset lineage_name cert_lineages_value
+        IFS=${OLDIFS}
+        ;;
+      -o | --output-dir | --output-dir=?*)
+        if [[ -v OUTPUT_DIR ]]; then
+          exit_with_error "${usage[@]}"
+        fi
+
+        if [[ ${parameter} =~ --output-dir=(.+) ]]; then
+          OUTPUT_DIR=${BASH_REMATCH[1]}
+        else
+          if [[ -n ${2:-} ]]; then
+            OUTPUT_DIR=${2}
+            shift
+          else
+            exit_with_error "${usage[@]}"
+          fi
+        fi
+
+        OUTPUT_DIR=$(
+          realpath \
+            --canonicalize-missing \
+            --relative-base . \
+            -- "${OUTPUT_DIR}"
+          echo x
+        )
+        OUTPUT_DIR=${OUTPUT_DIR%??}
+        shift
+        ;;
+      -q | --quiet)
+        if ((VERBOSITY != 1)); then
+          exit_with_error "${verbosity_error[@]}"
+        else
+          readonly VERBOSITY=0
+          shift
+        fi
+        ;;
+      -v | --verbose)
+        if ((VERBOSITY == 0)); then
+          exit_with_error "${verbosity_error[@]}"
+        else
+          VERBOSITY+=1
+          shift
+        fi
+        ;;
+      -w | --no-reload-webserver)
+        if [[ ! -v RELOAD_WEBSERVER ]]; then
+          declare -glr RELOAD_WEBSERVER=false
+        fi
+        shift
+        ;;
+      *)
+        exit_with_error "${usage[@]}"
+        ;;
+    esac
+  done
+
+  # When not parsed, the stdout and/or stderr output of all external commands
+  # we call in the script is redirected to file descriptor 3.  Depending on the
+  # desired verbosity, we redirect this file descriptor to either stderr or to
+  # /dev/null.
+  if ((VERBOSITY >= 2)); then
+    exec 3>&2
+  else
+    exec 3>/dev/null
+  fi
+}
+
+# Set output directory if necessary and check if it's writeable
+prepare_output_dir() {
+  if [[ -v OUTPUT_DIR ]]; then
+    if [[ ! -e ${OUTPUT_DIR} ]]; then
+      # Don't yet fail if it's not possible to create the directory, so we can
+      # exit with a custom error down below
+      mkdir \
+        --parents \
+        -- "${OUTPUT_DIR}" || true
+    fi
+  else
+    readonly OUTPUT_DIR=.
+  fi
+
+  if [[ ! -w ${OUTPUT_DIR} ]]; then
+    exit_with_error \
+      error:$'\t\t'"no write access to output directory (\"${OUTPUT_DIR}\")"
+  fi
+}
+
+start_in_correct_mode() {
+  # Create temporary directory to store OCSP staple file,
+  # before having checked the certificate status in the response
+  local temp_output_dir
+  temp_output_dir=$(mktemp --directory)
+  readonly temp_output_dir
+  trap "rm -r -- ""${temp_output_dir}" EXIT
+
+  declare -A lineages_processed
+
+  # These two environment variables are set if this script is invoked by Certbot
+  if [[ ! -v RENEWED_DOMAINS || ! -v RENEWED_LINEAGE ]]; then
+    run_standalone
+  else
+    run_as_deploy_hook
+  fi
+
+  print_and_handle_result
+}
+
+# Run in "check one or all certificate lineage(s) managed by Certbot" mode
+# $1 - Path to temporary output directory
+run_standalone() {
+  readonly CERTBOT_DIR=${CERTBOT_DIR:-/etc/letsencrypt}
+
+  if [[ ! -r ${CERTBOT_DIR} || (-d ${CERTBOT_DIR}/live && ! -r ${CERTBOT_DIR}/live) ]]; then
+    exit_with_error \
+      error:$'\t\t'"can't access ${CERTBOT_DIR}/live"
+  fi
+
+  # Check specific lineage if passed on CLI,
+  # or otherwise all lineages in Certbot's dir
+  if [[ -v CERT_LINEAGES[@] ]]; then
+    for lineage_name in "${!CERT_LINEAGES[@]}"; do
+      if [[ -r ${CERTBOT_DIR}/live/${lineage_name} ]]; then
+        fetch_ocsp_response \
+          "--standalone" \
+          "${temp_output_dir}" \
+          "${lineage_name}" \
+          "${CERT_LINEAGES["${lineage_name}"]}"
+      else
+        exit_with_error \
+          "error:"$'\t\t'"can't access ${CERTBOT_DIR}/live/${lineage_name}"
+      fi
+    done
+  else
+    set +f
+    shopt -s nullglob
+    for lineage_dir in "${CERTBOT_DIR}"/live/*; do
+      set -f
+
+      # Skip non-directories, like Certbot's README file
+      [[ -d ${lineage_dir} ]] || continue
+
+      fetch_ocsp_response \
+        "--standalone" "${temp_output_dir}" "${lineage_dir##*/}"
+    done
+    unset lineage_dir
+  fi
+}
+
+# Run in deploy-hook mode, only processing the passed lineage
+# $1 - Path to temporary output directory
+run_as_deploy_hook() {
+  if [[ -v CERTBOT_DIR ]]; then
+    # The directory is already inferred from the environment variable that
+    # Certbot passes
+    exit_with_error \
+      error:$'\t\t'"-c/--certbot-dir cannot be passed" \
+      "when run as Certbot hook"
+  fi
+
+  if [[ -v FORCE_UPDATE ]]; then
+    # When run as deploy hook the behavior of this flag is used by default.
+    # Therefore passing this flag would not have any effect.
+    exit_with_error \
+      error:$'\t\t'"-f/--force-update cannot be passed" \
+      "when run as Certbot hook"
+  fi
+
+  if [[ -v CERT_LINEAGES[@] ]]; then
+    # The certificate lineage is already inferred from the environment
+    # variable that Certbot passes
+    exit_with_error \
+      error:$'\t\t'"-n/--cert-name cannot be passed when run as Certbot hook"
+  fi
+
+  fetch_ocsp_response \
+    --deploy_hook "${temp_output_dir}" "${RENEWED_LINEAGE##*/}"
+}
+
+# Check if it's necessary to fetch a new OCSP response
+check_for_existing_ocsp_staple_file() {
+  [[ -f ${OUTPUT_DIR}/${lineage_name}.der ]] || return 1
+
+  # Validate and verify the existing local OCSP staple file
+  local existing_ocsp_response
+  set +e
+  existing_ocsp_response=$(openssl ocsp \
+    -no_nonce \
+    -issuer "${lineage_dir}/chain.pem" \
+    -cert "${lineage_dir}/cert.pem" \
+    -verify_other "${lineage_dir}/chain.pem" \
+    -respin "${OUTPUT_DIR}/${lineage_name}.der" 2>&3)
+  local -ir existing_ocsp_response_rc=${?}
+  set -e
+  readonly existing_ocsp_response
+
+  ((existing_ocsp_response_rc == 0)) || return 1
+
+  for existing_ocsp_response_line in ${existing_ocsp_response}; do
+    if [[ ${existing_ocsp_response_line} =~ ^[[:blank:]]*"This Update: "(.+)$ ]]; then
+      local -r this_update=${BASH_REMATCH[1]}
+    elif [[ ${existing_ocsp_response_line} =~ ^[[:blank:]]*"Next Update: "(.+)$ ]]; then
+      local -r next_update=${BASH_REMATCH[1]}
+    fi
+  done
+  [[ -n ${this_update:-} && -n ${next_update:-} ]] || return 1
+
+  # Only continue fetching OCSP response if existing response expires within
+  # half of its lifetime.
+  local -ri response_lifetime_in_seconds=$((\
+    $(date +%s --date "${next_update}") - $(date +%s --date "${this_update}")))
+  (($(date +%s) < \
+  $(date +%s --date "${this_update}") + response_lifetime_in_seconds / 2)) || return 1
+}
+
+# Generate file used by ssl_stapling_file in nginx config of websites
+# $1 - Whether to run as a deploy hook for Certbot, or standalone
+# $2 - Path to temporary output directory
+# $3 - Name of certificate lineage
+# $4 - OCSP endpoint (if specified on command line)
+fetch_ocsp_response() {
+  local -r temp_output_dir=${2}
+  local -r lineage_name=${3}
+  case ${1} in
+    --standalone)
+      local -r lineage_dir=${CERTBOT_DIR}/live/${lineage_name}
+
+      if [[ ${FORCE_UPDATE:-} != true ]] &&
+        check_for_existing_ocsp_staple_file; then
+        lineages_processed["${lineage_name}"]="not updated"$'\t'"valid staple file on disk"
+        return
+      fi
+      ;;
+    --deploy_hook)
+      local -r lineage_dir=${RENEWED_LINEAGE}
+      ;;
+    *)
+      return 1
+      ;;
+  esac
+  shift 3
+
+  # Verify that the leaf certificate is still valid. If the certificate is
+  # expired, we don't have to request a (new) OCSP response.
+  local cert_expiry_output
+  set +e
+  cert_expiry_output=$(openssl x509 \
+    -in "${lineage_dir}/cert.pem" \
+    -checkend 0 \
+    -noout 2>&3)
+  local -ri cert_expiry_rc=${?}
+  set -e
+  if ((cert_expiry_rc != 0)); then
+    ERROR_ENCOUNTERED=true
+    lineages_processed["${lineage_name}"]="not updated"
+    if [[ ${cert_expiry_output} == "Certificate will expire" ]]; then
+      lineages_processed["${lineage_name}"]+=$'\t'"leaf certificate expired"
+    fi
+    return
+  fi
+
+  local ocsp_endpoint
+  if [[ -n ${1-} ]]; then
+    ocsp_endpoint=${1}
+  else
+    ocsp_endpoint=$(openssl x509 \
+      -noout \
+      -ocsp_uri \
+      -in "${lineage_dir}/cert.pem" \
+      2>&3)
+  fi
+
+  # Request, verify and temporarily save the actual OCSP response,
+  # and check whether the certificate status is "good"
+  local ocsp_call_output
+  set +e
+  ocsp_call_output=$(openssl ocsp \
+    -no_nonce \
+    -url "${ocsp_endpoint}" \
+    -issuer "${lineage_dir}/chain.pem" \
+    -cert "${lineage_dir}/cert.pem" \
+    -verify_other "${lineage_dir}/chain.pem" \
+    -respout "${temp_output_dir}/${lineage_name}.der" 2>&3)
+  local -ir ocsp_call_rc=${?}
+  set -e
+  readonly ocsp_call_output=${ocsp_call_output#${lineage_dir}/cert.pem: }
+  local -r cert_status=${ocsp_call_output%%$'\n'*}
+
+  if [[ ${ocsp_call_rc} != 0 || ${cert_status} != good ]]; then
+    ERROR_ENCOUNTERED=true
+
+    lineages_processed["${lineage_name}"]="not updated"
+    if ((VERBOSITY >= 2)); then
+      lineages_processed["${lineage_name}"]+=$'\t'"${ocsp_call_output//[[:space:]]/ }"
+    else
+      lineages_processed["${lineage_name}"]+=$'\t'"${cert_status}"
+    fi
+
+    return
+  fi
+
+  # If arrived here status was good, so move OCSP staple file to definitive
+  # folder
+  mv "${temp_output_dir}/${lineage_name}.der" "${OUTPUT_DIR}/"
+
+  lineages_processed["${lineage_name}"]=updated
+}
+
+print_and_handle_result() {
+  local -r header=LINEAGE$'\t'RESULT$'\t'REASON
+
+  for lineage_name in "${!lineages_processed[@]}"; do
+    local lineages_processed_formatted+=$'\n'"${lineage_name}"$'\t'"${lineages_processed["${lineage_name}"]}"
+  done
+  unset lineage_name
+  lineages_processed_formatted=$(sort <<<"${lineages_processed_formatted:-}")
+  readonly lineages_processed_formatted
+
+  if [[ ${RELOAD_WEBSERVER:-} != false ]]; then
+    reload_webserver
+  fi
+
+  local -r output=${header}${lineages_processed_formatted:-}${nginx_status-}
+
+  if ((VERBOSITY >= 1)); then
+    if command -v column >&-; then
+      column -ts$'\t' <<<"${output}"
+    else
+      # shellcheck disable=2016
+      echo >&2 \
+        'Install the BSD utility `column` for properly formatted output.'$'\n'
+      echo "${output}"
+    fi
+  fi
+
+  [[ ${ERROR_ENCOUNTERED:-} != true ]]
+}
+
+reload_webserver() {
+  for lineage_name in "${!lineages_processed[@]}"; do
+    if [[ ${lineages_processed["${lineage_name}"]} == updated ]]; then
+      if nginx -s reload >&3 2>&1; then
+        # The last line includes a leading space, to workaround the lack of the
+        # `-n` flag in later versions of `column`.
+        local -r nginx_status=$'\n\n \t'"nginx reloaded"
+      else
+        ERROR_ENCOUNTERED=true
+        local -r nginx_status=$'\n\n \t'"nginx not reloaded"$'\t'"unable to reload nginx service, try manually"
+      fi
+      break
+    fi
+  done
+  unset lineage_name
+}
+
+main() {
+  check_for_dependencies
+
+  parse_cli_arguments "${@}"
+
+  prepare_output_dir
+
+  start_in_correct_mode
+}
+
+main "${@}"
--- a/certbot-ocsp-fetcher.service
+++ b/certbot-ocsp-fetcher.service
@ -0,0 +1,13 @@
+[Unit]
+Description=Fetch OCSP responses for all certificates issued with Certbot
+
+[Service]
+Type=oneshot
+
+# When systemd v244+ is available, this should be uncommented to enable retries
+# on failure.
+Restart=on-failure
+
+User=root
+Group=root
+ExecStart=/usr/local/bin/certbot-ocsp-fetcher -o /etc/nginx/ocsp-cache
--- a/certbot-ocsp-fetcher.timer
+++ b/certbot-ocsp-fetcher.timer
@ -0,0 +1,10 @@
+[Unit]
+Description=Nightly run certbot-ocsp-fetcher
+
+[Timer]
+OnCalendar=*-*-* 01:00:00
+RandomizedDelaySec=21600
+Persistent=true
+
+[Install]
+WantedBy=timers.target
--- a/2
+++ b/2
@ -0,0 +1,2 @@
+# Static table lookup for hostnames.
+# See hosts(5) for details.
--- a/local.conf
+++ b/local.conf
@ -0,0 +1,36 @@
+net.ipv4.tcp_ecn = 1
+net.ipv4.tcp_slow_start_after_idle = 0
+net.ipv4.tcp_fin_timeout = 30
+net.ipv4.tcp_rfc1337 = 1
+net.ipv4.tcp_tw_reuse = 1
+
+net.ipv4.tcp_max_syn_backlog = 4096
+
+net.ipv4.ip_local_port_range = 1024 65535
+
+net.ipv4.conf.all.send_redirects = 0
+net.ipv4.conf.default.send_redirects = 0
+net.ipv4.conf.all.accept_redirects = 0
+net.ipv4.conf.default.accept_redirects = 0
+
+kernel.yama.ptrace_scope = 2
+
+vm.mmap_rnd_bits = 32
+vm.mmap_rnd_compat_bits = 16
+
+kernel.kptr_restrict = 2
+
+kernel.unprivileged_bpf_disabled = 1
+net.core.bpf_jit_harden = 2
+
+kernel.kexec_load_disabled = 1
+
+kernel.pid_max = 4194304
+
+fs.protected_regular = 2
+fs.protected_fifos = 2
+
+kernel.panic = 10
+kernel.panic_on_oops = 1
+
+dev.tty.ldisc_autoload = 0
--- a/755
+++ b/755
@ -0,0 +1,755 @@
+##
+## Arch Linux repository mirrorlist
+## Generated on 2021-07-18
+##
+
+## Worldwide
+#Server = http://mirrors.evowise.com/archlinux/$repo/os/$arch
+#Server = http://mirror.rackspace.com/archlinux/$repo/os/$arch
+#Server = https://mirror.rackspace.com/archlinux/$repo/os/$arch
+
+## Australia
+#Server = https://mirror.aarnet.edu.au/pub/archlinux/$repo/os/$arch
+#Server = http://archlinux.mirror.digitalpacific.com.au/$repo/os/$arch
+#Server = https://archlinux.mirror.digitalpacific.com.au/$repo/os/$arch
+#Server = http://ftp.iinet.net.au/pub/archlinux/$repo/os/$arch
+#Server = http://mirror.internode.on.net/pub/archlinux/$repo/os/$arch
+#Server = http://mirror.launtel.net.au/repo/arch/$repo/os/$arch
+#Server = https://mirror.launtel.net.au/repo/arch/$repo/os/$arch
+#Server = http://arch.lucassymons.net/$repo/os/$arch
+#Server = https://arch.lucassymons.net/$repo/os/$arch
+#Server = http://syd.mirror.rackspace.com/archlinux/$repo/os/$arch
+#Server = https://syd.mirror.rackspace.com/archlinux/$repo/os/$arch
+#Server = http://ftp.swin.edu.au/archlinux/$repo/os/$arch
+
+## Austria
+#Server = http://mirror.digitalnova.at/archlinux/$repo/os/$arch
+#Server = http://mirror.easyname.at/archlinux/$repo/os/$arch
+#Server = http://mirror.reisenbauer.ee/archlinux/$repo/os/$arch
+#Server = https://mirror.reisenbauer.ee/archlinux/$repo/os/$arch
+
+## Bangladesh
+#Server = http://mirror.xeonbd.com/archlinux/$repo/os/$arch
+
+## Belarus
+#Server = http://ftp.byfly.by/pub/archlinux/$repo/os/$arch
+#Server = http://mirror.datacenter.by/pub/archlinux/$repo/os/$arch
+
+## Belgium
+#Server = http://archlinux.cu.be/$repo/os/$arch
+#Server = http://archlinux.mirror.kangaroot.net/$repo/os/$arch
+#Server = http://mirror.tiguinet.net/arch/$repo/os/$arch
+
+## Bosnia and Herzegovina
+#Server = http://archlinux.mirror.ba/$repo/os/$arch
+
+## Brazil
+#Server = http://br.mirror.archlinux-br.org/$repo/os/$arch
+#Server = http://archlinux.c3sl.ufpr.br/$repo/os/$arch
+#Server = http://www.caco.ic.unicamp.br/archlinux/$repo/os/$arch
+#Server = https://www.caco.ic.unicamp.br/archlinux/$repo/os/$arch
+#Server = http://linorg.usp.br/archlinux/$repo/os/$arch
+#Server = http://archlinux.pop-es.rnp.br/$repo/os/$arch
+#Server = http://mirror.ufam.edu.br/archlinux/$repo/os/$arch
+#Server = http://mirror.ufscar.br/archlinux/$repo/os/$arch
+
+## Bulgaria
+#Server = https://mirror.darklinux.uk/archlinux/$repo/os/$arch
+#Server = http://mirror.host.ag/archlinux/$repo/os/$arch
+#Server = http://mirrors.netix.net/archlinux/$repo/os/$arch
+#Server = http://mirror.telepoint.bg/archlinux/$repo/os/$arch
+#Server = https://mirror.telepoint.bg/archlinux/$repo/os/$arch
+#Server = http://mirrors.uni-plovdiv.net/archlinux/$repo/os/$arch
+#Server = https://mirrors.uni-plovdiv.net/archlinux/$repo/os/$arch
+
+## Canada
+#Server = https://mirror.0xem.ma/arch/$repo/os/$arch
+#Server = http://mirror.cedille.club/archlinux/$repo/os/$arch
+#Server = http://archlinux.mirror.colo-serv.net/$repo/os/$arch
+#Server = http://mirror.csclub.uwaterloo.ca/archlinux/$repo/os/$arch
+#Server = https://mirror.csclub.uwaterloo.ca/archlinux/$repo/os/$arch
+#Server = http://mirror2.evolution-host.com/archlinux/$repo/os/$arch
+#Server = https://mirror2.evolution-host.com/archlinux/$repo/os/$arch
+#Server = http://mirror.its.dal.ca/archlinux/$repo/os/$arch
+#Server = http://muug.ca/mirror/archlinux/$repo/os/$arch
+#Server = https://muug.ca/mirror/archlinux/$repo/os/$arch
+#Server = http://arch.powerfly.ca/$repo/os/$arch
+#Server = https://arch.powerfly.ca/$repo/os/$arch
+#Server = http://archlinux.mirror.rafal.ca/$repo/os/$arch
+#Server = http://mirror.scd31.com/arch/$repo/os/$arch
+#Server = https://mirror.scd31.com/arch/$repo/os/$arch
+#Server = http://mirror.sergal.org/archlinux/$repo/os/$arch
+#Server = https://mirror.sergal.org/archlinux/$repo/os/$arch
+
+## Chile
+#Server = http://mirror.anquan.cl/archlinux/$repo/os/$arch
+#Server = http://mirror.archlinux.cl/$repo/os/$arch
+#Server = http://mirror1.cl.netactuate.com/archlinux/$repo/os/$arch
+#Server = https://mirror1.cl.netactuate.com/archlinux/$repo/os/$arch
+#Server = http://mirror.ufro.cl/archlinux/$repo/os/$arch
+#Server = https://mirror.ufro.cl/archlinux/$repo/os/$arch
+
+## China
+#Server = http://mirrors.163.com/archlinux/$repo/os/$arch
+#Server = http://mirrors.bfsu.edu.cn/archlinux/$repo/os/$arch
+#Server = https://mirrors.bfsu.edu.cn/archlinux/$repo/os/$arch
+#Server = http://mirrors.cqu.edu.cn/archlinux/$repo/os/$arch
+#Server = https://mirrors.cqu.edu.cn/archlinux/$repo/os/$arch
+#Server = http://mirrors.dgut.edu.cn/archlinux/$repo/os/$arch
+#Server = https://mirrors.dgut.edu.cn/archlinux/$repo/os/$arch
+#Server = http://mirrors.hit.edu.cn/archlinux/$repo/os/$arch
+#Server = https://mirrors.hit.edu.cn/archlinux/$repo/os/$arch
+#Server = http://mirror.lzu.edu.cn/archlinux/$repo/os/$arch
+#Server = http://mirrors.neusoft.edu.cn/archlinux/$repo/os/$arch
+#Server = https://mirrors.neusoft.edu.cn/archlinux/$repo/os/$arch
+#Server = http://mirrors.nju.edu.cn/archlinux/$repo/os/$arch
+#Server = https://mirrors.nju.edu.cn/archlinux/$repo/os/$arch
+#Server = http://mirror.redrock.team/archlinux/$repo/os/$arch
+#Server = https://mirror.redrock.team/archlinux/$repo/os/$arch
+#Server = https://mirrors.sjtug.sjtu.edu.cn/archlinux/$repo/os/$arch
+#Server = http://mirrors.tuna.tsinghua.edu.cn/archlinux/$repo/os/$arch
+#Server = https://mirrors.tuna.tsinghua.edu.cn/archlinux/$repo/os/$arch
+#Server = http://mirrors.ustc.edu.cn/archlinux/$repo/os/$arch
+#Server = https://mirrors.ustc.edu.cn/archlinux/$repo/os/$arch
+#Server = https://mirrors.xjtu.edu.cn/archlinux/$repo/os/$arch
+#Server = http://mirrors.zju.edu.cn/archlinux/$repo/os/$arch
+
+## Colombia
+#Server = http://mirrors.udenar.edu.co/archlinux/$repo/os/$arch
+
+## Croatia
+#Server = http://archlinux.iskon.hr/$repo/os/$arch
+
+## Czechia
+#Server = http://mirror.dkm.cz/archlinux/$repo/os/$arch
+#Server = https://mirror.dkm.cz/archlinux/$repo/os/$arch
+#Server = https://europe.mirror.pkgbuild.com/$repo/os/$arch
+#Server = http://ftp.fi.muni.cz/pub/linux/arch/$repo/os/$arch
+#Server = http://ftp.linux.cz/pub/linux/arch/$repo/os/$arch
+#Server = http://gluttony.sin.cvut.cz/arch/$repo/os/$arch
+#Server = https://gluttony.sin.cvut.cz/arch/$repo/os/$arch
+#Server = http://mirrors.nic.cz/archlinux/$repo/os/$arch
+#Server = http://ftp.sh.cvut.cz/arch/$repo/os/$arch
+#Server = https://ftp.sh.cvut.cz/arch/$repo/os/$arch
+#Server = http://mirror.vpsfree.cz/archlinux/$repo/os/$arch
+
+## Denmark
+#Server = http://mirrors.dotsrc.org/archlinux/$repo/os/$arch
+#Server = https://mirrors.dotsrc.org/archlinux/$repo/os/$arch
+#Server = http://mirror.one.com/archlinux/$repo/os/$arch
+#Server = https://mirror.one.com/archlinux/$repo/os/$arch
+
+## Ecuador
+#Server = http://mirror.cedia.org.ec/archlinux/$repo/os/$arch
+#Server = http://mirror.espoch.edu.ec/archlinux/$repo/os/$arch
+#Server = http://mirror.uta.edu.ec/archlinux/$repo/os/$arch
+
+## Estonia
+#Server = http://mirror.cspacehostings.com/archlinux/$repo/os/$arch
+#Server = https://mirror.cspacehostings.com/archlinux/$repo/os/$arch
+#Server = http://mirrors.xtom.ee/archlinux/$repo/os/$arch
+#Server = https://mirrors.xtom.ee/archlinux/$repo/os/$arch
+
+## Finland
+#Server = https://arch.mcstrugs.org/$repo/os/$arch
+#Server = http://mirror.arctic.lol/ArchMirror/$repo/os/$arch
+#Server = http://arch.mirror.far.fi/$repo/os/$arch
+#Server = http://mirror.hosthink.net/archlinux/$repo/os/$arch
+#Server = https://mirror.srv.fail/archlinux/$repo/os/$arch
+#Server = http://mirror.wuki.li/archlinux/$repo/os/$arch
+#Server = https://mirror.wuki.li/archlinux/$repo/os/$arch
+#Server = http://arch.yhtez.xyz/$repo/os/$arch
+#Server = https://arch.yhtez.xyz/$repo/os/$arch
+
+## France
+#Server = http://archlinux.de-labrusse.fr/$repo/os/$arch
+#Server = http://mirror.archlinux.ikoula.com/archlinux/$repo/os/$arch
+#Server = https://archlinux.vi-di.fr/$repo/os/$arch
+#Server = http://archlinux.mirrors.benatherton.com/$repo/os/$arch
+#Server = http://mirror.cyberbits.eu/archlinux/$repo/os/$arch
+#Server = https://mirror.cyberbits.eu/archlinux/$repo/os/$arch
+#Server = http://archlinux.datagr.am/$repo/os/$arch
+#Server = https://mirrors.eric.ovh/arch/$repo/os/$arch
+#Server = http://mirror.ibcp.fr/pub/archlinux/$repo/os/$arch
+#Server = http://mirror.lastmikoi.net/archlinux/$repo/os/$arch
+#Server = https://arch-mirror.cloud.louifox.house/$repo/os/$arch
+#Server = http://archlinux.mailtunnel.eu/$repo/os/$arch
+#Server = https://archlinux.mailtunnel.eu/$repo/os/$arch
+#Server = http://mir.archlinux.fr/$repo/os/$arch
+#Server = http://mirrors.celianvdb.fr/archlinux/$repo/os/$arch
+#Server = https://mirrors.celianvdb.fr/archlinux/$repo/os/$arch
+#Server = http://arch.nimukaito.net/$repo/os/$arch
+#Server = https://arch.nimukaito.net/$repo/os/$arch
+#Server = http://mirror.oldsql.cc/archlinux/$repo/os/$arch
+#Server = https://mirror.oldsql.cc/archlinux/$repo/os/$arch
+#Server = http://archlinux.mirrors.ovh.net/archlinux/$repo/os/$arch
+#Server = http://archlinux.polymorf.fr/$repo/os/$arch
+#Server = http://archlinux.rezopole.net/$repo/os/$arch
+#Server = https://mirrors.slaanesh.org/archlinux/$repo/os/$arch
+#Server = http://mirrors.standaloneinstaller.com/archlinux/$repo/os/$arch
+#Server = https://mirror.sysa.tech/archlinux/$repo/os/$arch
+#Server = https://mirror.thekinrar.fr/archlinux/$repo/os/$arch
+#Server = http://ftp.u-strasbg.fr/linux/distributions/archlinux/$repo/os/$arch
+#Server = https://mirror.wormhole.eu/archlinux/$repo/os/$arch
+#Server = http://mirroir.wptheme.fr/archlinux/$repo/os/$arch
+#Server = https://mirroir.wptheme.fr/archlinux/$repo/os/$arch
+#Server = http://arch.yourlabs.org/$repo/os/$arch
+#Server = https://arch.yourlabs.org/$repo/os/$arch
+
+## Georgia
+#Server = http://archlinux.grena.ge/$repo/os/$arch
+#Server = https://archlinux.grena.ge/$repo/os/$arch
+
+## Germany
+#Server = http://mirror.23media.com/archlinux/$repo/os/$arch
+#Server = https://mirror.23media.com/archlinux/$repo/os/$arch
+#Server = http://ftp.agdsn.de/pub/mirrors/archlinux/$repo/os/$arch
+#Server = https://ftp.agdsn.de/pub/mirrors/archlinux/$repo/os/$arch
+#Server = https://appuals.com/archlinux/$repo/os/$arch
+#Server = http://artfiles.org/archlinux.org/$repo/os/$arch
+#Server = https://mirror.bethselamin.de/$repo/os/$arch
+#Server = http://mirror.chaoticum.net/arch/$repo/os/$arch
+#Server = https://mirror.chaoticum.net/arch/$repo/os/$arch
+#Server = http://mirror.checkdomain.de/archlinux/$repo/os/$arch
+#Server = https://mirror.checkdomain.de/archlinux/$repo/os/$arch
+#Server = http://mirror.clientvps.com/archlinux/$repo/os/$arch
+#Server = https://mirror.clientvps.com/archlinux/$repo/os/$arch
+#Server = https://mirror.dogado.de/archlinux/$repo/os/$arch
+#Server = http://mirror.f4st.host/archlinux/$repo/os/$arch
+#Server = https://mirror.f4st.host/archlinux/$repo/os/$arch
+#Server = http://ftp.fau.de/archlinux/$repo/os/$arch
+#Server = https://ftp.fau.de/archlinux/$repo/os/$arch
+#Server = https://pkg.fef.moe/archlinux/$repo/os/$arch
+#Server = https://dist-mirror.fem.tu-ilmenau.de/archlinux/$repo/os/$arch
+#Server = http://mirror.fsrv.services/archlinux/$repo/os/$arch
+#Server = https://mirror.fsrv.services/archlinux/$repo/os/$arch
+#Server = https://mirror.gnomus.de/$repo/os/$arch
+#Server = http://www.gutscheindrache.com/mirror/archlinux/$repo/os/$arch
+#Server = http://ftp.gwdg.de/pub/linux/archlinux/$repo/os/$arch
+#Server = http://archlinux.honkgong.info/$repo/os/$arch
+#Server = http://ftp.hosteurope.de/mirror/ftp.archlinux.org/$repo/os/$arch
+#Server = http://ftp-stud.hs-esslingen.de/pub/Mirrors/archlinux/$repo/os/$arch
+#Server = http://archlinux.mirror.iphh.net/$repo/os/$arch
+#Server = http://arch.jensgutermuth.de/$repo/os/$arch
+#Server = https://arch.jensgutermuth.de/$repo/os/$arch
+#Server = http://mirror.kumi.systems/archlinux/$repo/os/$arch
+#Server = https://mirror.kumi.systems/archlinux/$repo/os/$arch
+#Server = http://mirror.fra10.de.leaseweb.net/archlinux/$repo/os/$arch
+#Server = https://mirror.fra10.de.leaseweb.net/archlinux/$repo/os/$arch
+#Server = http://mirror.metalgamer.eu/archlinux/$repo/os/$arch
+#Server = https://mirror.metalgamer.eu/archlinux/$repo/os/$arch
+#Server = http://mirror.mikrogravitation.org/archlinux/$repo/os/$arch
+#Server = https://mirror.mikrogravitation.org/archlinux/$repo/os/$arch
+#Server = https://mirror.pkgbuild.com/$repo/os/$arch
+#Server = http://mirror.moson.org/arch/$repo/os/$arch
+#Server = https://mirror.moson.org/arch/$repo/os/$arch
+#Server = http://mirrors.n-ix.net/archlinux/$repo/os/$arch
+#Server = https://mirrors.n-ix.net/archlinux/$repo/os/$arch
+#Server = http://mirror.netcologne.de/archlinux/$repo/os/$arch
+#Server = https://mirror.netcologne.de/archlinux/$repo/os/$arch
+#Server = http://mirrors.niyawe.de/archlinux/$repo/os/$arch
+#Server = https://mirrors.niyawe.de/archlinux/$repo/os/$arch
+#Server = http://mirror.orbit-os.com/archlinux/$repo/os/$arch
+#Server = https://mirror.orbit-os.com/archlinux/$repo/os/$arch
+#Server = http://packages.oth-regensburg.de/archlinux/$repo/os/$arch
+#Server = https://packages.oth-regensburg.de/archlinux/$repo/os/$arch
+#Server = http://phinau.de/arch/$repo/os/$arch
+#Server = https://phinau.de/arch/$repo/os/$arch
+#Server = https://mirror.pseudoform.org/$repo/os/$arch
+#Server = https://www.ratenzahlung.de/mirror/archlinux/$repo/os/$arch
+#Server = http://ftp.halifax.rwth-aachen.de/archlinux/$repo/os/$arch
+#Server = https://ftp.halifax.rwth-aachen.de/archlinux/$repo/os/$arch
+#Server = http://linux.rz.rub.de/archlinux/$repo/os/$arch
+#Server = http://mirror.satis-faction.de/archlinux/$repo/os/$arch
+#Server = https://mirror.satis-faction.de/archlinux/$repo/os/$arch
+#Server = http://mirror.selfnet.de/archlinux/$repo/os/$arch
+#Server = https://mirror.selfnet.de/archlinux/$repo/os/$arch
+#Server = http://ftp.spline.inf.fu-berlin.de/mirrors/archlinux/$repo/os/$arch
+#Server = https://ftp.spline.inf.fu-berlin.de/mirrors/archlinux/$repo/os/$arch
+#Server = http://archlinux.thaller.ws/$repo/os/$arch
+#Server = https://archlinux.thaller.ws/$repo/os/$arch
+#Server = http://ftp.tu-chemnitz.de/pub/linux/archlinux/$repo/os/$arch
+#Server = http://mirror.ubrco.de/archlinux/$repo/os/$arch
+#Server = https://mirror.ubrco.de/archlinux/$repo/os/$arch
+#Server = http://mirror.undisclose.de/archlinux/$repo/os/$arch
+#Server = https://mirror.undisclose.de/archlinux/$repo/os/$arch
+#Server = http://ftp.uni-bayreuth.de/linux/archlinux/$repo/os/$arch
+#Server = http://ftp.uni-hannover.de/archlinux/$repo/os/$arch
+#Server = http://ftp.uni-kl.de/pub/linux/archlinux/$repo/os/$arch
+#Server = http://mirror.united-gameserver.de/archlinux/$repo/os/$arch
+#Server = https://arch.unixpeople.org/$repo/os/$arch
+#Server = http://ftp.wrz.de/pub/archlinux/$repo/os/$arch
+#Server = https://ftp.wrz.de/pub/archlinux/$repo/os/$arch
+#Server = http://mirror.wtnet.de/arch/$repo/os/$arch
+#Server = https://mirror.wtnet.de/arch/$repo/os/$arch
+#Server = http://mirrors.xtom.de/archlinux/$repo/os/$arch
+#Server = https://mirrors.xtom.de/archlinux/$repo/os/$arch
+#Server = http://arch.mirror.zachlge.org/$repo/os/$arch
+#Server = https://arch.mirror.zachlge.org/$repo/os/$arch
+
+## Greece
+#Server = http://ftp.cc.uoc.gr/mirrors/linux/archlinux/$repo/os/$arch
+#Server = https://repo.greeklug.gr/data/pub/linux/archlinux/$repo/os/$arch
+#Server = http://mirrors.myaegean.gr/linux/archlinux/$repo/os/$arch
+#Server = http://ftp.ntua.gr/pub/linux/archlinux/$repo/os/$arch
+#Server = http://ftp.otenet.gr/linux/archlinux/$repo/os/$arch
+
+## Hong Kong
+#Server = https://asia.mirror.pkgbuild.com/$repo/os/$arch
+#Server = http://mirror-hk.koddos.net/archlinux/$repo/os/$arch
+#Server = https://mirror-hk.koddos.net/archlinux/$repo/os/$arch
+#Server = http://hkg.mirror.rackspace.com/archlinux/$repo/os/$arch
+#Server = https://hkg.mirror.rackspace.com/archlinux/$repo/os/$arch
+#Server = https://arch-mirror.wtako.net/$repo/os/$arch
+#Server = http://mirror.xtom.com.hk/archlinux/$repo/os/$arch
+#Server = https://mirror.xtom.com.hk/archlinux/$repo/os/$arch
+
+## Hungary
+#Server = http://ftp.ek-cer.hu/pub/mirrors/ftp.archlinux.org/$repo/os/$arch
+#Server = http://archmirror.hbit.sztaki.hu/archlinux/$repo/os/$arch
+#Server = http://nova.quantum-mirror.hu/mirrors/pub/archlinux/$repo/os/$arch
+#Server = http://quantum-mirror.hu/mirrors/pub/archlinux/$repo/os/$arch
+#Server = http://super.quantum-mirror.hu/mirrors/pub/archlinux/$repo/os/$arch
+#Server = https://nova.quantum-mirror.hu/mirrors/pub/archlinux/$repo/os/$arch
+#Server = https://quantum-mirror.hu/mirrors/pub/archlinux/$repo/os/$arch
+#Server = https://super.quantum-mirror.hu/mirrors/pub/archlinux/$repo/os/$arch
+
+## Iceland
+#Server = http://mirror.system.is/arch/$repo/os/$arch
+#Server = https://mirror.system.is/arch/$repo/os/$arch
+
+## India
+#Server = http://mirror.cse.iitk.ac.in/archlinux/$repo/os/$arch
+#Server = http://mirrors.piconets.webwerks.in/archlinux-mirror/$repo/os/$arch
+#Server = https://mirrors.piconets.webwerks.in/archlinux-mirror/$repo/os/$arch
+
+## Indonesia
+#Server = http://mirror.cloudweeb.com/archlinux/$repo/os/$arch
+#Server = http://mirror.faizuladib.com/archlinux/$repo/os/$arch
+#Server = http://mirror.gi.co.id/archlinux/$repo/os/$arch
+#Server = https://mirror.gi.co.id/archlinux/$repo/os/$arch
+#Server = http://vpsmurah.jagoanhosting.com/archlinux/$repo/os/$arch
+#Server = https://vpsmurah.jagoanhosting.com/archlinux/$repo/os/$arch
+#Server = http://mirror.labkom.id/archlinux/$repo/os/$arch
+#Server = http://mirror.papua.go.id/archlinux/$repo/os/$arch
+#Server = https://mirror.papua.go.id/archlinux/$repo/os/$arch
+#Server = http://mirror.poliwangi.ac.id/archlinux/$repo/os/$arch
+#Server = http://suro.ubaya.ac.id/archlinux/$repo/os/$arch
+#Server = http://mirror.telkomuniversity.ac.id/archlinux/$repo/os/$arch
+#Server = https://mirror.telkomuniversity.ac.id/archlinux/$repo/os/$arch
+
+## Iran
+#Server = http://mirror.hostiran.ir/archlinux/$repo/os/$arch
+#Server = https://mirror.hostiran.ir/archlinux/$repo/os/$arch
+#Server = http://repo.iut.ac.ir/repo/archlinux/$repo/os/$arch
+#Server = http://mirror.nak-mci.ir/arch/$repo/os/$arch
+#Server = http://mirror.rasanegar.com/archlinux/$repo/os/$arch
+#Server = https://mirror.rasanegar.com/archlinux/$repo/os/$arch
+
+## Ireland
+#Server = http://ftp.heanet.ie/mirrors/ftp.archlinux.org/$repo/os/$arch
+#Server = https://ftp.heanet.ie/mirrors/ftp.archlinux.org/$repo/os/$arch
+
+## Israel
+#Server = http://mirror.isoc.org.il/pub/archlinux/$repo/os/$arch
+#Server = https://mirror.isoc.org.il/pub/archlinux/$repo/os/$arch
+#Server = https://archlinux.mivzakim.net/$repo/os/$arch
+
+## Italy
+#Server = https://archmirror.it/repos/$repo/os/$arch
+#Server = http://archlinux.mirror.garr.it/archlinux/$repo/os/$arch
+#Server = http://mirrors.prometeus.net/archlinux/$repo/os/$arch
+#Server = http://archlinux.mirror.server24.net/$repo/os/$arch
+#Server = https://archlinux.mirror.server24.net/$repo/os/$arch
+
+## Japan
+#Server = http://mirrors.cat.net/archlinux/$repo/os/$arch
+#Server = https://mirrors.cat.net/archlinux/$repo/os/$arch
+#Server = http://ftp.tsukuba.wide.ad.jp/Linux/archlinux/$repo/os/$arch
+#Server = http://ftp.jaist.ac.jp/pub/Linux/ArchLinux/$repo/os/$arch
+#Server = https://ftp.jaist.ac.jp/pub/Linux/ArchLinux/$repo/os/$arch
+
+## Kazakhstan
+#Server = http://mirror.hoster.kz/archlinux/$repo/os/$arch
+#Server = https://mirror.hoster.kz/archlinux/$repo/os/$arch
+#Server = http://mirror.ps.kz/archlinux/$repo/os/$arch
+#Server = https://mirror.ps.kz/archlinux/$repo/os/$arch
+
+## Kenya
+#Server = http://archlinux.mirror.liquidtelecom.com/$repo/os/$arch
+#Server = https://archlinux.mirror.liquidtelecom.com/$repo/os/$arch
+
+## Latvia
+#Server = http://archlinux.koyanet.lv/archlinux/$repo/os/$arch
+#Server = https://archlinux.koyanet.lv/archlinux/$repo/os/$arch
+
+## Lithuania
+#Server = http://mirrors.atviras.lt/archlinux/$repo/os/$arch
+#Server = https://mirrors.atviras.lt/archlinux/$repo/os/$arch
+#Server = http://mirrors.ims.nksc.lt/archlinux/$repo/os/$arch
+#Server = https://mirrors.ims.nksc.lt/archlinux/$repo/os/$arch
+
+## Luxembourg
+#Server = http://archlinux.mirror.root.lu/$repo/os/$arch
+
+## Mexico
+#Server = https://arch.mirror.jsc.mx/$repo/os/$arch
+
+## Moldova
+#Server = http://mirror.ihost.md/archlinux/$repo/os/$arch
+#Server = https://mirror.ihost.md/archlinux/$repo/os/$arch
+
+## Monaco
+#Server = http://archlinux.qontinuum.space/$repo/os/$arch
+#Server = https://archlinux.qontinuum.space:4443/$repo/os/$arch
+
+## Netherlands
+#Server = https://archlinux.beccacervello.it/archlinux/$repo/os/$arch
+#Server = http://mirror.cj2.nl/archlinux/$repo/os/$arch
+#Server = https://mirror.cj2.nl/archlinux/$repo/os/$arch
+#Server = https://mirrors.daan.vodka/archlinux/$repo/os/$arch
+#Server = http://mirror.erickochen.nl/archlinux/$repo/os/$arch
+#Server = https://mirror.erickochen.nl/archlinux/$repo/os/$arch
+#Server = http://mirror.i3d.net/pub/archlinux/$repo/os/$arch
+#Server = https://mirror.i3d.net/pub/archlinux/$repo/os/$arch
+#Server = https://arch.jeweet.net/$repo/os/$arch
+#Server = http://mirror.koddos.net/archlinux/$repo/os/$arch
+#Server = https://mirror.koddos.net/archlinux/$repo/os/$arch
+#Server = http://arch.mirrors.lavatech.top/$repo/os/$arch
+#Server = https://arch.mirrors.lavatech.top/$repo/os/$arch
+#Server = http://mirror.ams1.nl.leaseweb.net/archlinux/$repo/os/$arch
+#Server = https://mirror.ams1.nl.leaseweb.net/archlinux/$repo/os/$arch
+#Server = http://archlinux.mirror.liteserver.nl/$repo/os/$arch
+#Server = https://archlinux.mirror.liteserver.nl/$repo/os/$arch
+#Server = http://mirror.lyrahosting.com/archlinux/$repo/os/$arch
+#Server = https://mirror.lyrahosting.com/archlinux/$repo/os/$arch
+#Server = http://mirror.mijn.host/archlinux/$repo/os/$arch
+#Server = https://mirror.mijn.host/archlinux/$repo/os/$arch
+#Server = http://mirror.neostrada.nl/archlinux/$repo/os/$arch
+#Server = https://mirror.neostrada.nl/archlinux/$repo/os/$arch
+#Server = http://ftp.nluug.nl/os/Linux/distr/archlinux/$repo/os/$arch
+#Server = http://archlinux.mirror.pcextreme.nl/$repo/os/$arch
+#Server = https://archlinux.mirror.pcextreme.nl/$repo/os/$arch
+#Server = http://mirror.serverion.com/archlinux/$repo/os/$arch
+#Server = https://mirror.serverion.com/archlinux/$repo/os/$arch
+#Server = http://ftp.snt.utwente.nl/pub/os/linux/archlinux/$repo/os/$arch
+#Server = http://mirror.tarellia.net/distr/archlinux/$repo/os/$arch
+#Server = https://mirror.tarellia.net/distr/archlinux/$repo/os/$arch
+#Server = http://archlinux.mirror.wearetriple.com/$repo/os/$arch
+#Server = https://archlinux.mirror.wearetriple.com/$repo/os/$arch
+#Server = http://mirror-archlinux.webruimtehosting.nl/$repo/os/$arch
+#Server = https://mirror-archlinux.webruimtehosting.nl/$repo/os/$arch
+#Server = http://mirrors.xtom.nl/archlinux/$repo/os/$arch
+#Server = https://mirrors.xtom.nl/archlinux/$repo/os/$arch
+
+## New Caledonia
+#Server = http://mirror.lagoon.nc/pub/archlinux/$repo/os/$arch
+#Server = http://archlinux.nautile.nc/archlinux/$repo/os/$arch
+#Server = https://archlinux.nautile.nc/archlinux/$repo/os/$arch
+
+## New Zealand
+#Server = http://mirror.2degrees.nz/archlinux/$repo/os/$arch
+#Server = https://mirror.2degrees.nz/archlinux/$repo/os/$arch
+#Server = http://mirror.fsmg.org.nz/archlinux/$repo/os/$arch
+#Server = https://mirror.fsmg.org.nz/archlinux/$repo/os/$arch
+#Server = http://mirror.smith.geek.nz/archlinux/$repo/os/$arch
+#Server = https://mirror.smith.geek.nz/archlinux/$repo/os/$arch
+
+## North Macedonia
+#Server = http://arch.softver.org.mk/archlinux/$repo/os/$arch
+#Server = http://mirror.onevip.mk/archlinux/$repo/os/$arch
+#Server = http://mirror.t-home.mk/archlinux/$repo/os/$arch
+#Server = https://mirror.t-home.mk/archlinux/$repo/os/$arch
+
+## Norway
+#Server = http://mirror.archlinux.no/$repo/os/$arch
+#Server = https://mirror.archlinux.no/$repo/os/$arch
+#Server = http://archlinux.uib.no/$repo/os/$arch
+#Server = http://mirror.neuf.no/archlinux/$repo/os/$arch
+#Server = https://mirror.neuf.no/archlinux/$repo/os/$arch
+#Server = http://mirror.terrahost.no/linux/archlinux/$repo/os/$arch
+
+## Pakistan
+#Server = http://repo.inara.pk/archlinux/$repo/os/$arch
+#Server = https://repo.inara.pk/archlinux/$repo/os/$arch
+
+## Paraguay
+#Server = http://archlinux.mirror.py/archlinux/$repo/os/$arch
+
+## Poland
+#Server = http://ftp.icm.edu.pl/pub/Linux/dist/archlinux/$repo/os/$arch
+#Server = https://ftp.icm.edu.pl/pub/Linux/dist/archlinux/$repo/os/$arch
+#Server = http://mirror.juniorjpdj.pl/archlinux/$repo/os/$arch
+#Server = https://mirror.juniorjpdj.pl/archlinux/$repo/os/$arch
+#Server = http://arch.midov.pl/arch/$repo/os/$arch
+#Server = https://arch.midov.pl/arch/$repo/os/$arch
+#Server = http://arch.nixlab.pl/$repo/os/$arch
+#Server = https://arch.nixlab.pl/$repo/os/$arch
+#Server = http://mirror.onet.pl/pub/mirrors/archlinux/$repo/os/$arch
+#Server = http://piotrkosoft.net/pub/mirrors/ftp.archlinux.org/$repo/os/$arch
+#Server = http://mirror.sfinae.tech/pub/mirrors/archlinux/$repo/os/$arch
+#Server = https://mirror.sfinae.tech/pub/mirrors/archlinux/$repo/os/$arch
+#Server = http://repo.skni.umcs.pl/archlinux/$repo/os/$arch
+#Server = https://repo.skni.umcs.pl/archlinux/$repo/os/$arch
+#Server = http://ftp.vectranet.pl/archlinux/$repo/os/$arch
+
+## Portugal
+#Server = http://glua.ua.pt/pub/archlinux/$repo/os/$arch
+#Server = https://glua.ua.pt/pub/archlinux/$repo/os/$arch
+#Server = http://ftp.rnl.tecnico.ulisboa.pt/pub/archlinux/$repo/os/$arch
+#Server = https://ftp.rnl.tecnico.ulisboa.pt/pub/archlinux/$repo/os/$arch
+
+## Romania
+#Server = http://mirrors.chroot.ro/archlinux/$repo/os/$arch
+#Server = https://mirrors.chroot.ro/archlinux/$repo/os/$arch
+#Server = http://mirror.efect.ro/archlinux/$repo/os/$arch
+#Server = https://mirror.efect.ro/archlinux/$repo/os/$arch
+#Server = http://mirrors.go.ro/archlinux/$repo/os/$arch
+#Server = https://mirrors.go.ro/archlinux/$repo/os/$arch
+#Server = http://mirrors.hostico.ro/archlinux/$repo/os/$arch
+#Server = https://mirrors.hostico.ro/archlinux/$repo/os/$arch
+#Server = http://archlinux.mirrors.linux.ro/$repo/os/$arch
+#Server = http://mirrors.m247.ro/archlinux/$repo/os/$arch
+#Server = http://mirrors.nav.ro/archlinux/$repo/os/$arch
+#Server = http://mirrors.nxthost.com/archlinux/$repo/os/$arch
+#Server = https://mirrors.nxthost.com/archlinux/$repo/os/$arch
+#Server = http://mirrors.pidginhost.com/arch/$repo/os/$arch
+#Server = https://mirrors.pidginhost.com/arch/$repo/os/$arch
+
+## Russia
+#Server = http://mirror.surf/archlinux/$repo/os/$arch
+#Server = https://mirror.surf/archlinux/$repo/os/$arch
+#Server = http://mirror.nw-sys.ru/archlinux/$repo/os/$arch
+#Server = https://mirror.nw-sys.ru/archlinux/$repo/os/$arch
+#Server = http://mirrors.powernet.com.ru/archlinux/$repo/os/$arch
+#Server = http://mirror.rol.ru/archlinux/$repo/os/$arch
+#Server = https://mirror.rol.ru/archlinux/$repo/os/$arch
+#Server = http://mirror.truenetwork.ru/archlinux/$repo/os/$arch
+#Server = https://mirror.truenetwork.ru/archlinux/$repo/os/$arch
+#Server = http://mirror.yandex.ru/archlinux/$repo/os/$arch
+#Server = https://mirror.yandex.ru/archlinux/$repo/os/$arch
+#Server = http://archlinux.zepto.cloud/$repo/os/$arch
+
+## Serbia
+#Server = http://arch.petarmaric.com/$repo/os/$arch
+#Server = http://mirror.pmf.kg.ac.rs/archlinux/$repo/os/$arch
+
+## Singapore
+#Server = http://mirror.0x.sg/archlinux/$repo/os/$arch
+#Server = https://mirror.0x.sg/archlinux/$repo/os/$arch
+#Server = http://mirror.aktkn.sg/archlinux/$repo/os/$arch
+#Server = https://mirror.aktkn.sg/archlinux/$repo/os/$arch
+#Server = https://download.nus.edu.sg/mirror/archlinux/$repo/os/$arch
+#Server = http://mirror.guillaumea.fr/archlinux/$repo/os/$arch
+#Server = https://mirror.guillaumea.fr/archlinux/$repo/os/$arch
+#Server = http://mirror.nus.edu.sg/archlinux/$repo/os/$arch
+
+## Slovakia
+#Server = http://mirror.lnx.sk/pub/linux/archlinux/$repo/os/$arch
+#Server = https://mirror.lnx.sk/pub/linux/archlinux/$repo/os/$arch
+#Server = http://tux.rainside.sk/archlinux/$repo/os/$arch
+
+## Slovenia
+#Server = http://archimonde.ts.si/archlinux/$repo/os/$arch
+#Server = https://archimonde.ts.si/archlinux/$repo/os/$arch
+
+## South Africa
+#Server = http://archlinux.za.mirror.allworldit.com/archlinux/$repo/os/$arch
+#Server = https://archlinux.za.mirror.allworldit.com/archlinux/$repo/os/$arch
+#Server = http://za.mirror.archlinux-br.org/$repo/os/$arch
+#Server = http://mirror.is.co.za/mirror/archlinux.org/$repo/os/$arch
+#Server = http://arch.opnmirror.co.za/$repo/os/$arch
+#Server = https://arch.opnmirror.co.za/$repo/os/$arch
+#Server = http://mirrors.urbanwave.co.za/archlinux/$repo/os/$arch
+#Server = https://mirrors.urbanwave.co.za/archlinux/$repo/os/$arch
+
+## South Korea
+#Server = http://mirror.anigil.com/archlinux/$repo/os/$arch
+#Server = https://mirror.anigil.com/archlinux/$repo/os/$arch
+#Server = http://ftp.harukasan.org/archlinux/$repo/os/$arch
+#Server = https://ftp.harukasan.org/archlinux/$repo/os/$arch
+#Server = http://ftp.lanet.kr/pub/archlinux/$repo/os/$arch
+#Server = https://ftp.lanet.kr/pub/archlinux/$repo/os/$arch
+#Server = http://mirror.premi.st/archlinux/$repo/os/$arch
+#Server = https://mirror.premi.st/archlinux/$repo/os/$arch
+
+## Spain
+#Server = https://mirror.cloroformo.org/archlinux/$repo/os/$arch
+#Server = http://mirror.librelabucm.org/archlinux/$repo/os/$arch
+#Server = https://mirror.librelabucm.org/archlinux/$repo/os/$arch
+#Server = http://ftp.rediris.es/mirror/archlinux/$repo/os/$arch
+#Server = http://sharing.thelinuxsect.com/archlinux/$repo/os/$arch
+
+## Sweden
+#Server = http://ftp.acc.umu.se/mirror/archlinux/$repo/os/$arch
+#Server = https://ftp.acc.umu.se/mirror/archlinux/$repo/os/$arch
+#Server = http://ftpmirror.infania.net/mirror/archlinux/$repo/os/$arch
+#Server = https://ftp.ludd.ltu.se/mirrors/archlinux/$repo/os/$arch
+#Server = http://ftp.lysator.liu.se/pub/archlinux/$repo/os/$arch
+#Server = https://ftp.lysator.liu.se/pub/archlinux/$repo/os/$arch
+#Server = http://ftp.myrveln.se/pub/linux/archlinux/$repo/os/$arch
+#Server = https://ftp.myrveln.se/pub/linux/archlinux/$repo/os/$arch
+#Server = https://mirror.osbeck.com/archlinux/$repo/os/$arch
+#Server = http://tedwall.se/archlinux/$repo/os/$arch
+#Server = https://tedwall.se/archlinux/$repo/os/$arch
+
+## Switzerland
+#Server = http://pkg.adfinis.com/archlinux/$repo/os/$arch
+#Server = https://pkg.adfinis.com/archlinux/$repo/os/$arch
+#Server = http://mirror.init7.net/archlinux/$repo/os/$arch
+#Server = https://mirror.init7.net/archlinux/$repo/os/$arch
+#Server = http://mirror.puzzle.ch/archlinux/$repo/os/$arch
+#Server = https://mirror.puzzle.ch/archlinux/$repo/os/$arch
+#Server = https://theswissbay.ch/archlinux/$repo/os/$arch
+#Server = https://mirror.ungleich.ch/mirror/packages/archlinux/$repo/os/$arch
+
+## Taiwan
+#Server = http://archlinux.ccns.ncku.edu.tw/archlinux/$repo/os/$arch
+#Server = http://free.nchc.org.tw/arch/$repo/os/$arch
+#Server = https://free.nchc.org.tw/arch/$repo/os/$arch
+#Server = http://archlinux.cs.nctu.edu.tw/$repo/os/$arch
+#Server = http://shadow.ind.ntou.edu.tw/archlinux/$repo/os/$arch
+#Server = https://shadow.ind.ntou.edu.tw/archlinux/$repo/os/$arch
+#Server = http://ftp.tku.edu.tw/Linux/ArchLinux/$repo/os/$arch
+#Server = http://ftp.yzu.edu.tw/Linux/archlinux/$repo/os/$arch
+#Server = https://ftp.yzu.edu.tw/Linux/archlinux/$repo/os/$arch
+
+## Thailand
+#Server = https://mirror.cyberbits.asia/archlinux/$repo/os/$arch
+#Server = http://mirror.kku.ac.th/archlinux/$repo/os/$arch
+#Server = https://mirror.kku.ac.th/archlinux/$repo/os/$arch
+#Server = http://mirror2.totbb.net/archlinux/$repo/os/$arch
+
+## Turkey
+#Server = http://ftp.linux.org.tr/archlinux/$repo/os/$arch
+#Server = http://mirror.veriteknik.net.tr/archlinux/$repo/os/$arch
+
+## Ukraine
+#Server = http://archlinux.ip-connect.vn.ua/$repo/os/$arch
+#Server = https://archlinux.ip-connect.vn.ua/$repo/os/$arch
+#Server = http://mirror.mirohost.net/archlinux/$repo/os/$arch
+#Server = https://mirror.mirohost.net/archlinux/$repo/os/$arch
+#Server = http://mirrors.nix.org.ua/linux/archlinux/$repo/os/$arch
+#Server = https://mirrors.nix.org.ua/linux/archlinux/$repo/os/$arch
+
+## United Kingdom
+#Server = http://archlinux.uk.mirror.allworldit.com/archlinux/$repo/os/$arch
+#Server = https://archlinux.uk.mirror.allworldit.com/archlinux/$repo/os/$arch
+#Server = http://mirror.bytemark.co.uk/archlinux/$repo/os/$arch
+#Server = https://mirror.bytemark.co.uk/archlinux/$repo/os/$arch
+#Server = http://mirrors.gethosted.online/archlinux/$repo/os/$arch
+#Server = https://mirrors.gethosted.online/archlinux/$repo/os/$arch
+#Server = http://mirrors.manchester.m247.com/arch-linux/$repo/os/$arch
+#Server = http://mirrors.melbourne.co.uk/archlinux/$repo/os/$arch
+#Server = https://mirrors.melbourne.co.uk/archlinux/$repo/os/$arch
+#Server = http://www.mirrorservice.org/sites/ftp.archlinux.org/$repo/os/$arch
+#Server = https://www.mirrorservice.org/sites/ftp.archlinux.org/$repo/os/$arch
+#Server = http://mirror.netweaver.uk/archlinux/$repo/os/$arch
+#Server = https://mirror.netweaver.uk/archlinux/$repo/os/$arch
+#Server = http://lon.mirror.rackspace.com/archlinux/$repo/os/$arch
+#Server = https://lon.mirror.rackspace.com/archlinux/$repo/os/$arch
+#Server = http://arch.serverspace.co.uk/arch/$repo/os/$arch
+#Server = http://archlinux.mirrors.uk2.net/$repo/os/$arch
+#Server = http://mirrors.ukfast.co.uk/sites/archlinux.org/$repo/os/$arch
+#Server = https://mirrors.ukfast.co.uk/sites/archlinux.org/$repo/os/$arch
+
+## United States
+#Server = http://mirrors.acm.wpi.edu/archlinux/$repo/os/$arch
+#Server = http://mirrors.advancedhosters.com/archlinux/$repo/os/$arch
+#Server = http://mirrors.aggregate.org/archlinux/$repo/os/$arch
+#Server = https://america.mirror.pkgbuild.com/$repo/os/$arch
+#Server = http://ca.us.mirror.archlinux-br.org/$repo/os/$arch
+#Server = http://il.us.mirror.archlinux-br.org/$repo/os/$arch
+#Server = http://mirror.arizona.edu/archlinux/$repo/os/$arch
+#Server = https://mirror.arizona.edu/archlinux/$repo/os/$arch
+#Server = http://arlm.tyzoid.com/$repo/os/$arch
+#Server = https://arlm.tyzoid.com/$repo/os/$arch
+#Server = https://mirror.ava.dev/archlinux/$repo/os/$arch
+#Server = http://mirrors.cat.pdx.edu/archlinux/$repo/os/$arch
+#Server = http://mirror.cc.columbia.edu/pub/linux/archlinux/$repo/os/$arch
+#Server = http://arch.mirror.constant.com/$repo/os/$arch
+#Server = https://arch.mirror.constant.com/$repo/os/$arch
+#Server = http://mirror.cs.pitt.edu/archlinux/$repo/os/$arch
+#Server = http://mirror.cs.vt.edu/pub/ArchLinux/$repo/os/$arch
+#Server = http://mirror.cybersecurity.nmt.edu/archlinux/$repo/os/$arch
+#Server = https://mirror.cybersecurity.nmt.edu/archlinux/$repo/os/$arch
+#Server = http://distro.ibiblio.org/archlinux/$repo/os/$arch
+#Server = http://mirror.es.its.nyu.edu/archlinux/$repo/os/$arch
+#Server = http://mirror.ette.biz/archlinux/$repo/os/$arch
+#Server = https://mirror.ette.biz/archlinux/$repo/os/$arch
+#Server = http://mirrors.gigenet.com/archlinux/$repo/os/$arch
+#Server = http://www.gtlib.gatech.edu/pub/archlinux/$repo/os/$arch
+#Server = http://mirror.hackingand.coffee/arch/$repo/os/$arch
+#Server = https://mirror.hackingand.coffee/arch/$repo/os/$arch
+#Server = https://mirror.hodgepodge.dev/archlinux/$repo/os/$arch
+#Server = http://mirror.hostup.org/archlinux/$repo/os/$arch
+#Server = https://mirror.hostup.org/archlinux/$repo/os/$arch
+#Server = http://arch.hu.fo/archlinux/$repo/os/$arch
+#Server = https://arch.hu.fo/archlinux/$repo/os/$arch
+#Server = http://repo.ialab.dsu.edu/archlinux/$repo/os/$arch
+#Server = https://repo.ialab.dsu.edu/archlinux/$repo/os/$arch
+#Server = http://mirrors.kernel.org/archlinux/$repo/os/$arch
+Server = https://mirrors.kernel.org/archlinux/$repo/os/$arch
+#Server = http://mirror.dal10.us.leaseweb.net/archlinux/$repo/os/$arch
+#Server = http://mirror.mia11.us.leaseweb.net/archlinux/$repo/os/$arch
+#Server = http://mirror.sfo12.us.leaseweb.net/archlinux/$repo/os/$arch
+#Server = http://mirror.wdc1.us.leaseweb.net/archlinux/$repo/os/$arch
+#Server = https://mirror.dal10.us.leaseweb.net/archlinux/$repo/os/$arch
+#Server = https://mirror.mia11.us.leaseweb.net/archlinux/$repo/os/$arch
+#Server = https://mirror.sfo12.us.leaseweb.net/archlinux/$repo/os/$arch
+#Server = https://mirror.wdc1.us.leaseweb.net/archlinux/$repo/os/$arch
+#Server = http://mirrors.liquidweb.com/archlinux/$repo/os/$arch
+#Server = http://mirror.lty.me/archlinux/$repo/os/$arch
+#Server = https://mirror.lty.me/archlinux/$repo/os/$arch
+#Server = http://mirrors.lug.mtu.edu/archlinux/$repo/os/$arch
+#Server = https://mirrors.lug.mtu.edu/archlinux/$repo/os/$arch
+#Server = http://mirror.math.princeton.edu/pub/archlinux/$repo/os/$arch
+#Server = http://mirror.metrocast.net/archlinux/$repo/os/$arch
+#Server = http://mirror.kaminski.io/archlinux/$repo/os/$arch
+#Server = https://mirror.kaminski.io/archlinux/$repo/os/$arch
+#Server = http://iad.mirrors.misaka.one/archlinux/$repo/os/$arch
+#Server = https://iad.mirrors.misaka.one/archlinux/$repo/os/$arch
+#Server = http://repo.miserver.it.umich.edu/archlinux/$repo/os/$arch
+#Server = http://mirrors.mit.edu/archlinux/$repo/os/$arch
+#Server = https://mirrors.mit.edu/archlinux/$repo/os/$arch
+#Server = http://mirrors.ocf.berkeley.edu/archlinux/$repo/os/$arch
+#Server = https://mirrors.ocf.berkeley.edu/archlinux/$repo/os/$arch
+#Server = http://archmirror1.octyl.net/$repo/os/$arch
+#Server = https://archmirror1.octyl.net/$repo/os/$arch
+#Server = http://ftp.osuosl.org/pub/archlinux/$repo/os/$arch
+#Server = http://arch.mirrors.pair.com/$repo/os/$arch
+#Server = http://dfw.mirror.rackspace.com/archlinux/$repo/os/$arch
+#Server = http://iad.mirror.rackspace.com/archlinux/$repo/os/$arch
+#Server = http://ord.mirror.rackspace.com/archlinux/$repo/os/$arch
+#Server = https://dfw.mirror.rackspace.com/archlinux/$repo/os/$arch
+#Server = https://iad.mirror.rackspace.com/archlinux/$repo/os/$arch
+#Server = https://ord.mirror.rackspace.com/archlinux/$repo/os/$arch
+#Server = http://plug-mirror.rcac.purdue.edu/archlinux/$repo/os/$arch
+#Server = https://plug-mirror.rcac.purdue.edu/archlinux/$repo/os/$arch
+#Server = http://mirrors.rit.edu/archlinux/$repo/os/$arch
+#Server = https://mirrors.rit.edu/archlinux/$repo/os/$arch
+#Server = http://mirrors.rutgers.edu/archlinux/$repo/os/$arch
+#Server = https://mirrors.rutgers.edu/archlinux/$repo/os/$arch
+#Server = http://mirror.siena.edu/archlinux/$repo/os/$arch
+#Server = http://mirrors.sonic.net/archlinux/$repo/os/$arch
+#Server = https://mirrors.sonic.net/archlinux/$repo/os/$arch
+#Server = http://mirror.phx1.us.spryservers.net/archlinux/$repo/os/$arch
+#Server = https://mirror.phx1.us.spryservers.net/archlinux/$repo/os/$arch
+#Server = http://arch.mirror.square-r00t.net/$repo/os/$arch
+#Server = https://arch.mirror.square-r00t.net/$repo/os/$arch
+#Server = http://mirror.stephen304.com/archlinux/$repo/os/$arch
+#Server = https://mirror.stephen304.com/archlinux/$repo/os/$arch
+#Server = http://ftp.sudhip.com/archlinux/$repo/os/$arch
+#Server = https://ftp.sudhip.com/archlinux/$repo/os/$arch
+#Server = http://mirror.pit.teraswitch.com/archlinux/$repo/os/$arch
+#Server = https://mirror.pit.teraswitch.com/archlinux/$repo/os/$arch
+#Server = http://mirror.umd.edu/archlinux/$repo/os/$arch
+#Server = http://mirror.vtti.vt.edu/archlinux/$repo/os/$arch
+#Server = http://mirrors.xmission.com/archlinux/$repo/os/$arch
+#Server = http://mirrors.xtom.com/archlinux/$repo/os/$arch
+#Server = https://mirrors.xtom.com/archlinux/$repo/os/$arch
+#Server = https://zxcvfdsa.com/arch/$repo/os/$arch
+
+## Vietnam
+#Server = http://f.archlinuxvn.org/archlinux/$repo/os/$arch
+#Server = http://mirror.bizflycloud.vn/archlinux/$repo/os/$arch
--- a/pacman.conf
+++ b/pacman.conf
@ -0,0 +1,45 @@
+[options]
+# The following paths are commented out with their default values listed.
+# If you wish to use different paths, uncomment and update the paths.
+#RootDir     = /
+#DBPath      = /var/lib/pacman/
+#CacheDir    = /var/cache/pacman/pkg/
+LogFile     = /dev/null
+#GPGDir      = /etc/pacman.d/gnupg/
+#HookDir     = /etc/pacman.d/hooks/
+HoldPkg     = pacman glibc
+#XferCommand = /usr/bin/curl -L -C - -f -o %o %u
+#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
+#CleanMethod = KeepInstalled
+Architecture = auto
+
+# Pacman won't upgrade packages listed in IgnorePkg and members of IgnoreGroup
+#IgnorePkg   =
+#IgnoreGroup =
+
+#NoUpgrade   =
+#NoExtract   =
+
+# Misc options
+UseSyslog
+Color
+#NoProgressBar
+CheckSpace
+VerbosePkgLists
+#ParallelDownloads = 5
+ILoveCandy
+
+# By default, pacman accepts packages signed by keys that its local keyring
+# trusts (see pacman-key and its man page), as well as unsigned packages.
+SigLevel    = Required DatabaseOptional
+LocalFileSigLevel = Optional
+#RemoteFileSigLevel = Required
+
+[core]
+Include = /etc/pacman.d/mirrorlist
+
+[extra]
+Include = /etc/pacman.d/mirrorlist
+
+[community]
+Include = /etc/pacman.d/mirrorlist
--- a/119
+++ b/119
@ -0,0 +1,119 @@
+#	$OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $
+
+# This is the sshd server system-wide configuration file.  See
+# sshd_config(5) for more information.
+
+# This sshd was compiled with PATH=/usr/local/sbin:/usr/local/bin:/usr/bin
+
+# The strategy used for options in the default sshd_config shipped with
+# OpenSSH is to specify options with their default value where
+# possible, but leave them commented.  Uncommented options override the
+# default value.
+
+#Port 22
+#AddressFamily any
+#ListenAddress 0.0.0.0
+#ListenAddress ::
+
+HostKey /etc/ssh/ssh_host_ed25519_key
+HostKeyAlgorithms ssh-ed25519
+KexAlgorithms curve25519-sha256
+PubkeyAcceptedKeyTypes ssh-ed25519
+Ciphers chacha20-poly1305@openssh.com,aes128-gcm@openssh.com,aes256-gcm@openssh.com
+MACs hmac-sha2-512-etm@openssh.com
+
+# Ciphers and keying
+#RekeyLimit default none
+
+# Logging
+#SyslogFacility AUTH
+#LogLevel INFO
+
+# Authentication:
+
+#LoginGraceTime 2m
+#PermitRootLogin prohibit-password
+#StrictModes yes
+#MaxAuthTries 6
+#MaxSessions 10
+
+#PubkeyAuthentication yes
+
+# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
+# but this is overridden so installations will only check .ssh/authorized_keys
+AuthorizedKeysFile .ssh/authorized_keys
+
+#AuthorizedPrincipalsFile none
+
+#AuthorizedKeysCommand none
+#AuthorizedKeysCommandUser nobody
+
+# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
+#HostbasedAuthentication no
+# Change to yes if you don't trust ~/.ssh/known_hosts for
+# HostbasedAuthentication
+#IgnoreUserKnownHosts no
+# Don't read the user's ~/.rhosts and ~/.shosts files
+#IgnoreRhosts yes
+
+# To disable tunneled clear text passwords, change to no here!
+PasswordAuthentication no
+#PermitEmptyPasswords no
+
+# Change to no to disable s/key passwords
+ChallengeResponseAuthentication no
+
+# Kerberos options
+#KerberosAuthentication no
+#KerberosOrLocalPasswd yes
+#KerberosTicketCleanup yes
+#KerberosGetAFSToken no
+
+# GSSAPI options
+#GSSAPIAuthentication no
+#GSSAPICleanupCredentials yes
+
+# Set this to 'yes' to enable PAM authentication, account processing,
+# and session processing. If this is enabled, PAM authentication will
+# be allowed through the ChallengeResponseAuthentication and
+# PasswordAuthentication.  Depending on your PAM configuration,
+# PAM authentication via ChallengeResponseAuthentication may bypass
+# the setting of "PermitRootLogin without-password".
+# If you just want the PAM account and session checks to run without
+# PAM authentication, then enable this but set PasswordAuthentication
+# and ChallengeResponseAuthentication to 'no'.
+UsePAM yes
+
+#AllowAgentForwarding yes
+#AllowTcpForwarding yes
+#GatewayPorts no
+#X11Forwarding no
+#X11DisplayOffset 10
+#X11UseLocalhost yes
+#PermitTTY yes
+PrintMotd no # pam does that
+#PrintLastLog yes
+#TCPKeepAlive yes
+#PermitUserEnvironment no
+#Compression delayed
+#ClientAliveInterval 0
+#ClientAliveCountMax 3
+#UseDNS no
+#PidFile /run/sshd.pid
+#MaxStartups 10:30:100
+#PermitTunnel no
+#ChrootDirectory none
+#VersionAddendum none
+
+# no default banner path
+#Banner none
+
+# override default of no subsystems
+Subsystem sftp	/usr/lib/ssh/sftp-server
+
+# Example of overriding settings on a per-user basis
+#Match User anoncvs
+#	X11Forwarding no
+#	AllowTcpForwarding no
+#	PermitTTY no
+#	ForceCommand cvs server
--- a/unbound.conf
+++ b/unbound.conf
@ -0,0 +1,10 @@
+server:
+    qname-minimisation: yes
+    trust-anchor-file: /etc/unbound/trusted-key.key
+    tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
+
+forward-zone:
+    name: "."
+    forward-tls-upstream: yes
+    forward-addr: 1.0.0.1@853#cloudflare-dns.com
+    forward-addr: 1.1.1.1@853#cloudflare-dns.com