Git-Mirrors/graphene-os-server-infrastructure
1
0
Fork 0
mirror of https://github.com/GrapheneOS/infrastructure.git synced 2024-12-22 13:45:02 -05:00
Code Issues Packages Projects Releases Wiki Activity

add subset of shared configuration files

Browse Source
This commit is contained in:
Daniel Micay 2021-07-28 08:18:33 -04:00
parent 7d70f11b0c
commit d24d24926a
9 changed files with 1502 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

512
certbot-ocsp-fetcher Executable file
View File

@ -0,0 +1,512 @@
#!/usr/bin/env bash
# Unofficial Bash strict mode
set \
-o errexit \
-o errtrace \
-o noglob \
-o nounset \
-o pipefail
IFS=$'\n\t'
shopt -s inherit_errexit
exit_with_error() {
echo "${@}" >&2
exit 1
}
check_for_dependencies() {
if ((BASH_VERSINFO[0] == 4 && \
BASH_VERSINFO[1] < 3 || \
BASH_VERSINFO[0] < 4)); then
exit_with_error \
error:$'\t\t'"${0##*/} requires Bash 4.3+."
fi
if ! { command -v openssl >&- &&
[[ $(openssl version) =~ ^OpenSSL\ ([[:digit:]]+)\.([[:digit:]]+) ]] &&
((BASH_REMATCH[1] == 1 && \
BASH_REMATCH[2] >= 1 || \
BASH_REMATCH[1] > 1)); }; then
# shellcheck disable=2016
exit_with_error \
error:$'\t\t'"${0##*/} requires OpenSSL 1.1.0+," \
'but it is not available on $PATH.'
fi
}
parse_cli_arguments() {
local -r usage=(
"USAGE: ${0}"
"[-c/--certbot-dir DIRECTORY]"
"[-f/--force-update]"
"[-h/--help]"
"[-n/--cert-name NAME[,NAME...] [-u/--ocsp-responder URL]]"
"[-o/--output-dir DIRECTORY]"
"[-q/--quiet]"
"[-v/--verbose]"
"[-w/--no-reload-webserver]"
)
declare -gl ERROR_ENCOUNTERED
declare -gi VERBOSITY=1
local -r verbosity_error=(
"error: -q/--quiet cannot be specified in conjunction with -v/--verbose."
)
while ((${#} > 0)); do
local parameter=${1}
case ${parameter} in
-[^-]?*)
set -- "-${parameter:1:1}" "-${parameter:2}" "${@:2}"
;;
-c | --certbot-dir | --certbot-dir=?*)
if [[ -v CERTBOT_DIR ]]; then
exit_with_error "${usage[@]}"
fi
if [[ ${parameter} =~ --certbot-dir=(.+) ]]; then
CERTBOT_DIR=${BASH_REMATCH[1]}
else
if [[ -n ${2:-} ]]; then
CERTBOT_DIR=${2}
shift
else
exit_with_error "${usage[@]}"
fi
fi
CERTBOT_DIR=$(
realpath \
--canonicalize-missing \
--relative-base . \
-- "${CERTBOT_DIR}"
echo x
)
CERTBOT_DIR=${CERTBOT_DIR%??}
shift
;;
-f | --force-update)
if [[ ! -v FORCE_UPDATE ]]; then
declare -glr FORCE_UPDATE=true
fi
shift
;;
-h | --help)
echo >&2 "${usage[@]}"
exit
;;
-n | --cert-name | --cert-name=?*)
if [[ ${parameter} =~ --cert-name=(.+) ]]; then
local cert_lineages_value=${BASH_REMATCH[1]}
shift
else
if [[ -n ${2:-} ]]; then
local cert_lineages_value=${2}
shift 2
else
exit_with_error "${usage[@]}"
fi
fi
# Loop over any lineages passed in the same value of --cert-name.
OLDIFS=${IFS}
IFS=,
declare -Ag CERT_LINEAGES
# Check if a hardcoded OCSP responder was specified for this set of
# lineages.
case ${1:-} in
-u | --ocsp-responder)
if [[ -n ${2:-} ]]; then
for lineage_name in ${cert_lineages_value}; do
CERT_LINEAGES["${lineage_name}"]=${2}
done
shift
else
exit_with_error "${usage[@]}"
fi
shift
;;
--ocsp-responder=?*)
[[ ${1} =~ --ocsp-responder=(.+) ]]
for lineage_name in ${cert_lineages_value}; do
CERT_LINEAGES["${lineage_name}"]=${BASH_REMATCH[1]}
done
shift
;;
*)
# If no OCSP responder was specified, just save the lineage
# name as the key, with an empty value.
for lineage_name in ${cert_lineages_value}; do
CERT_LINEAGES["${lineage_name}"]=
done
;;
esac
unset lineage_name cert_lineages_value
IFS=${OLDIFS}
;;
-o | --output-dir | --output-dir=?*)
if [[ -v OUTPUT_DIR ]]; then
exit_with_error "${usage[@]}"
fi
if [[ ${parameter} =~ --output-dir=(.+) ]]; then
OUTPUT_DIR=${BASH_REMATCH[1]}
else
if [[ -n ${2:-} ]]; then
OUTPUT_DIR=${2}
shift
else
exit_with_error "${usage[@]}"
fi
fi
OUTPUT_DIR=$(
realpath \
--canonicalize-missing \
--relative-base . \
-- "${OUTPUT_DIR}"
echo x
)
OUTPUT_DIR=${OUTPUT_DIR%??}
shift
;;
-q | --quiet)
if ((VERBOSITY != 1)); then
exit_with_error "${verbosity_error[@]}"
else
readonly VERBOSITY=0
shift
fi
;;
-v | --verbose)
if ((VERBOSITY == 0)); then
exit_with_error "${verbosity_error[@]}"
else
VERBOSITY+=1
shift
fi
;;
-w | --no-reload-webserver)
if [[ ! -v RELOAD_WEBSERVER ]]; then
declare -glr RELOAD_WEBSERVER=false
fi
shift
;;
*)
exit_with_error "${usage[@]}"
;;
esac
done
# When not parsed, the stdout and/or stderr output of all external commands
# we call in the script is redirected to file descriptor 3. Depending on the
# desired verbosity, we redirect this file descriptor to either stderr or to
# /dev/null.
if ((VERBOSITY >= 2)); then
exec 3>&2
else
exec 3>/dev/null
fi
}
# Set output directory if necessary and check if it's writeable
prepare_output_dir() {
if [[ -v OUTPUT_DIR ]]; then
if [[ ! -e ${OUTPUT_DIR} ]]; then
# Don't yet fail if it's not possible to create the directory, so we can
# exit with a custom error down below
mkdir \
--parents \
-- "${OUTPUT_DIR}" || true
fi
else
readonly OUTPUT_DIR=.
fi
if [[ ! -w ${OUTPUT_DIR} ]]; then
exit_with_error \
error:$'\t\t'"no write access to output directory (\"${OUTPUT_DIR}\")"
fi
}
start_in_correct_mode() {
# Create temporary directory to store OCSP staple file,
# before having checked the certificate status in the response
local temp_output_dir
temp_output_dir=$(mktemp --directory)
readonly temp_output_dir
trap "rm -r -- ""${temp_output_dir}" EXIT
declare -A lineages_processed
# These two environment variables are set if this script is invoked by Certbot
if [[ ! -v RENEWED_DOMAINS || ! -v RENEWED_LINEAGE ]]; then
run_standalone
else
run_as_deploy_hook
fi
print_and_handle_result
}
# Run in "check one or all certificate lineage(s) managed by Certbot" mode
# $1 - Path to temporary output directory
run_standalone() {
readonly CERTBOT_DIR=${CERTBOT_DIR:-/etc/letsencrypt}
if [[ ! -r ${CERTBOT_DIR} || (-d ${CERTBOT_DIR}/live && ! -r ${CERTBOT_DIR}/live) ]]; then
exit_with_error \
error:$'\t\t'"can't access ${CERTBOT_DIR}/live"
fi
# Check specific lineage if passed on CLI,
# or otherwise all lineages in Certbot's dir
if [[ -v CERT_LINEAGES[@] ]]; then
for lineage_name in "${!CERT_LINEAGES[@]}"; do
if [[ -r ${CERTBOT_DIR}/live/${lineage_name} ]]; then
fetch_ocsp_response \
"--standalone" \
"${temp_output_dir}" \
"${lineage_name}" \
"${CERT_LINEAGES["${lineage_name}"]}"
else
exit_with_error \
"error:"$'\t\t'"can't access ${CERTBOT_DIR}/live/${lineage_name}"
fi
done
else
set +f
shopt -s nullglob
for lineage_dir in "${CERTBOT_DIR}"/live/*; do
set -f
# Skip non-directories, like Certbot's README file
[[ -d ${lineage_dir} ]] || continue
fetch_ocsp_response \
"--standalone" "${temp_output_dir}" "${lineage_dir##*/}"
done
unset lineage_dir
fi
}
# Run in deploy-hook mode, only processing the passed lineage
# $1 - Path to temporary output directory
run_as_deploy_hook() {
if [[ -v CERTBOT_DIR ]]; then
# The directory is already inferred from the environment variable that
# Certbot passes
exit_with_error \
error:$'\t\t'"-c/--certbot-dir cannot be passed" \
"when run as Certbot hook"
fi
if [[ -v FORCE_UPDATE ]]; then
# When run as deploy hook the behavior of this flag is used by default.
# Therefore passing this flag would not have any effect.
exit_with_error \
error:$'\t\t'"-f/--force-update cannot be passed" \
"when run as Certbot hook"
fi
if [[ -v CERT_LINEAGES[@] ]]; then
# The certificate lineage is already inferred from the environment
# variable that Certbot passes
exit_with_error \
error:$'\t\t'"-n/--cert-name cannot be passed when run as Certbot hook"
fi
fetch_ocsp_response \
--deploy_hook "${temp_output_dir}" "${RENEWED_LINEAGE##*/}"
}
# Check if it's necessary to fetch a new OCSP response
check_for_existing_ocsp_staple_file() {
[[ -f ${OUTPUT_DIR}/${lineage_name}.der ]] || return 1
# Validate and verify the existing local OCSP staple file
local existing_ocsp_response
set +e
existing_ocsp_response=$(openssl ocsp \
-no_nonce \
-issuer "${lineage_dir}/chain.pem" \
-cert "${lineage_dir}/cert.pem" \
-verify_other "${lineage_dir}/chain.pem" \
-respin "${OUTPUT_DIR}/${lineage_name}.der" 2>&3)
local -ir existing_ocsp_response_rc=${?}
set -e
readonly existing_ocsp_response
((existing_ocsp_response_rc == 0)) || return 1
for existing_ocsp_response_line in ${existing_ocsp_response}; do
if [[ ${existing_ocsp_response_line} =~ ^[[:blank:]]*"This Update: "(.+)$ ]]; then
local -r this_update=${BASH_REMATCH[1]}
elif [[ ${existing_ocsp_response_line} =~ ^[[:blank:]]*"Next Update: "(.+)$ ]]; then
local -r next_update=${BASH_REMATCH[1]}
fi
done
[[ -n ${this_update:-} && -n ${next_update:-} ]] || return 1
# Only continue fetching OCSP response if existing response expires within
# half of its lifetime.
local -ri response_lifetime_in_seconds=$((\
$(date +%s --date "${next_update}") - $(date +%s --date "${this_update}")))
(($(date +%s) < \
$(date +%s --date "${this_update}") + response_lifetime_in_seconds / 2)) || return 1
}
# Generate file used by ssl_stapling_file in nginx config of websites
# $1 - Whether to run as a deploy hook for Certbot, or standalone
# $2 - Path to temporary output directory
# $3 - Name of certificate lineage
# $4 - OCSP endpoint (if specified on command line)
fetch_ocsp_response() {
local -r temp_output_dir=${2}
local -r lineage_name=${3}
case ${1} in
--standalone)
local -r lineage_dir=${CERTBOT_DIR}/live/${lineage_name}
if [[ ${FORCE_UPDATE:-} != true ]] &&
check_for_existing_ocsp_staple_file; then
lineages_processed["${lineage_name}"]="not updated"$'\t'"valid staple file on disk"
return
fi
;;
--deploy_hook)
local -r lineage_dir=${RENEWED_LINEAGE}
;;
*)
return 1
;;
esac
shift 3
# Verify that the leaf certificate is still valid. If the certificate is
# expired, we don't have to request a (new) OCSP response.
local cert_expiry_output
set +e
cert_expiry_output=$(openssl x509 \
-in "${lineage_dir}/cert.pem" \
-checkend 0 \
-noout 2>&3)
local -ri cert_expiry_rc=${?}
set -e
if ((cert_expiry_rc != 0)); then
ERROR_ENCOUNTERED=true
lineages_processed["${lineage_name}"]="not updated"
if [[ ${cert_expiry_output} == "Certificate will expire" ]]; then
lineages_processed["${lineage_name}"]+=$'\t'"leaf certificate expired"
fi
return
fi
local ocsp_endpoint
if [[ -n ${1-} ]]; then
ocsp_endpoint=${1}
else
ocsp_endpoint=$(openssl x509 \
-noout \
-ocsp_uri \
-in "${lineage_dir}/cert.pem" \
2>&3)
fi
# Request, verify and temporarily save the actual OCSP response,
# and check whether the certificate status is "good"
local ocsp_call_output
set +e
ocsp_call_output=$(openssl ocsp \
-no_nonce \
-url "${ocsp_endpoint}" \
-issuer "${lineage_dir}/chain.pem" \
-cert "${lineage_dir}/cert.pem" \
-verify_other "${lineage_dir}/chain.pem" \
-respout "${temp_output_dir}/${lineage_name}.der" 2>&3)
local -ir ocsp_call_rc=${?}
set -e
readonly ocsp_call_output=${ocsp_call_output#${lineage_dir}/cert.pem: }
local -r cert_status=${ocsp_call_output%%$'\n'*}
if [[ ${ocsp_call_rc} != 0 || ${cert_status} != good ]]; then
ERROR_ENCOUNTERED=true
lineages_processed["${lineage_name}"]="not updated"
if ((VERBOSITY >= 2)); then
lineages_processed["${lineage_name}"]+=$'\t'"${ocsp_call_output//[[:space:]]/ }"
else
lineages_processed["${lineage_name}"]+=$'\t'"${cert_status}"
fi
return
fi
# If arrived here status was good, so move OCSP staple file to definitive
# folder
mv "${temp_output_dir}/${lineage_name}.der" "${OUTPUT_DIR}/"
lineages_processed["${lineage_name}"]=updated
}
print_and_handle_result() {
local -r header=LINEAGE$'\t'RESULT$'\t'REASON
for lineage_name in "${!lineages_processed[@]}"; do
local lineages_processed_formatted+=$'\n'"${lineage_name}"$'\t'"${lineages_processed["${lineage_name}"]}"
done
unset lineage_name
lineages_processed_formatted=$(sort <<<"${lineages_processed_formatted:-}")
readonly lineages_processed_formatted
if [[ ${RELOAD_WEBSERVER:-} != false ]]; then
reload_webserver
fi
local -r output=${header}${lineages_processed_formatted:-}${nginx_status-}
if ((VERBOSITY >= 1)); then
if command -v column >&-; then
column -ts$'\t' <<<"${output}"
else
# shellcheck disable=2016
echo >&2 \
'Install the BSD utility `column` for properly formatted output.'$'\n'
echo "${output}"
fi
fi
[[ ${ERROR_ENCOUNTERED:-} != true ]]
}
reload_webserver() {
for lineage_name in "${!lineages_processed[@]}"; do
if [[ ${lineages_processed["${lineage_name}"]} == updated ]]; then
if nginx -s reload >&3 2>&1; then
# The last line includes a leading space, to workaround the lack of the
# `-n` flag in later versions of `column`.
local -r nginx_status=$'\n\n \t'"nginx reloaded"
else
ERROR_ENCOUNTERED=true
local -r nginx_status=$'\n\n \t'"nginx not reloaded"$'\t'"unable to reload nginx service, try manually"
fi
break
fi
done
unset lineage_name
}
main() {
check_for_dependencies
parse_cli_arguments "${@}"
prepare_output_dir
start_in_correct_mode
}
main "${@}"

13
certbot-ocsp-fetcher.service Normal file
View File

@ -0,0 +1,13 @@
[Unit]
Description=Fetch OCSP responses for all certificates issued with Certbot
[Service]
Type=oneshot
# When systemd v244+ is available, this should be uncommented to enable retries
# on failure.
Restart=on-failure
User=root
Group=root
ExecStart=/usr/local/bin/certbot-ocsp-fetcher -o /etc/nginx/ocsp-cache

10
certbot-ocsp-fetcher.timer Normal file
View File

@ -0,0 +1,10 @@
[Unit]
Description=Nightly run certbot-ocsp-fetcher
[Timer]
OnCalendar=*-*-* 01:00:00
RandomizedDelaySec=21600
Persistent=true
[Install]
WantedBy=timers.target

2
hosts Normal file
View File

@ -0,0 +1,2 @@
# Static table lookup for hostnames.
# See hosts(5) for details.

36
local.conf Normal file
View File

@ -0,0 +1,36 @@
net.ipv4.tcp_ecn = 1
net.ipv4.tcp_slow_start_after_idle = 0
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_rfc1337 = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_max_syn_backlog = 4096
net.ipv4.ip_local_port_range = 1024 65535
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
kernel.yama.ptrace_scope = 2
vm.mmap_rnd_bits = 32
vm.mmap_rnd_compat_bits = 16
kernel.kptr_restrict = 2
kernel.unprivileged_bpf_disabled = 1
net.core.bpf_jit_harden = 2
kernel.kexec_load_disabled = 1
kernel.pid_max = 4194304
fs.protected_regular = 2
fs.protected_fifos = 2
kernel.panic = 10
kernel.panic_on_oops = 1
dev.tty.ldisc_autoload = 0

755
mirrorlist Normal file
View File

@ -0,0 +1,755 @@
##
## Arch Linux repository mirrorlist
## Generated on 2021-07-18
##
## Worldwide
#Server = http://mirrors.evowise.com/archlinux/$repo/os/$arch
#Server = http://mirror.rackspace.com/archlinux/$repo/os/$arch
#Server = https://mirror.rackspace.com/archlinux/$repo/os/$arch
## Australia
#Server = https://mirror.aarnet.edu.au/pub/archlinux/$repo/os/$arch
#Server = http://archlinux.mirror.digitalpacific.com.au/$repo/os/$arch
#Server = https://archlinux.mirror.digitalpacific.com.au/$repo/os/$arch
#Server = http://ftp.iinet.net.au/pub/archlinux/$repo/os/$arch
#Server = http://mirror.internode.on.net/pub/archlinux/$repo/os/$arch
#Server = http://mirror.launtel.net.au/repo/arch/$repo/os/$arch
#Server = https://mirror.launtel.net.au/repo/arch/$repo/os/$arch
#Server = http://arch.lucassymons.net/$repo/os/$arch
#Server = https://arch.lucassymons.net/$repo/os/$arch
#Server = http://syd.mirror.rackspace.com/archlinux/$repo/os/$arch
#Server = https://syd.mirror.rackspace.com/archlinux/$repo/os/$arch
#Server = http://ftp.swin.edu.au/archlinux/$repo/os/$arch
## Austria
#Server = http://mirror.digitalnova.at/archlinux/$repo/os/$arch
#Server = http://mirror.easyname.at/archlinux/$repo/os/$arch
#Server = http://mirror.reisenbauer.ee/archlinux/$repo/os/$arch
#Server = https://mirror.reisenbauer.ee/archlinux/$repo/os/$arch
## Bangladesh
#Server = http://mirror.xeonbd.com/archlinux/$repo/os/$arch
## Belarus
#Server = http://ftp.byfly.by/pub/archlinux/$repo/os/$arch
#Server = http://mirror.datacenter.by/pub/archlinux/$repo/os/$arch
## Belgium
#Server = http://archlinux.cu.be/$repo/os/$arch
#Server = http://archlinux.mirror.kangaroot.net/$repo/os/$arch
#Server = http://mirror.tiguinet.net/arch/$repo/os/$arch
## Bosnia and Herzegovina
#Server = http://archlinux.mirror.ba/$repo/os/$arch
## Brazil
#Server = http://br.mirror.archlinux-br.org/$repo/os/$arch
#Server = http://archlinux.c3sl.ufpr.br/$repo/os/$arch
#Server = http://www.caco.ic.unicamp.br/archlinux/$repo/os/$arch
#Server = https://www.caco.ic.unicamp.br/archlinux/$repo/os/$arch
#Server = http://linorg.usp.br/archlinux/$repo/os/$arch
#Server = http://archlinux.pop-es.rnp.br/$repo/os/$arch
#Server = http://mirror.ufam.edu.br/archlinux/$repo/os/$arch
#Server = http://mirror.ufscar.br/archlinux/$repo/os/$arch
## Bulgaria
#Server = https://mirror.darklinux.uk/archlinux/$repo/os/$arch
#Server = http://mirror.host.ag/archlinux/$repo/os/$arch
#Server = http://mirrors.netix.net/archlinux/$repo/os/$arch
#Server = http://mirror.telepoint.bg/archlinux/$repo/os/$arch
#Server = https://mirror.telepoint.bg/archlinux/$repo/os/$arch
#Server = http://mirrors.uni-plovdiv.net/archlinux/$repo/os/$arch
#Server = https://mirrors.uni-plovdiv.net/archlinux/$repo/os/$arch
## Canada
#Server = https://mirror.0xem.ma/arch/$repo/os/$arch
#Server = http://mirror.cedille.club/archlinux/$repo/os/$arch
#Server = http://archlinux.mirror.colo-serv.net/$repo/os/$arch
#Server = http://mirror.csclub.uwaterloo.ca/archlinux/$repo/os/$arch
#Server = https://mirror.csclub.uwaterloo.ca/archlinux/$repo/os/$arch
#Server = http://mirror2.evolution-host.com/archlinux/$repo/os/$arch
#Server = https://mirror2.evolution-host.com/archlinux/$repo/os/$arch
#Server = http://mirror.its.dal.ca/archlinux/$repo/os/$arch
#Server = http://muug.ca/mirror/archlinux/$repo/os/$arch
#Server = https://muug.ca/mirror/archlinux/$repo/os/$arch
#Server = http://arch.powerfly.ca/$repo/os/$arch
#Server = https://arch.powerfly.ca/$repo/os/$arch
#Server = http://archlinux.mirror.rafal.ca/$repo/os/$arch
#Server = http://mirror.scd31.com/arch/$repo/os/$arch
#Server = https://mirror.scd31.com/arch/$repo/os/$arch
#Server = http://mirror.sergal.org/archlinux/$repo/os/$arch
#Server = https://mirror.sergal.org/archlinux/$repo/os/$arch
## Chile
#Server = http://mirror.anquan.cl/archlinux/$repo/os/$arch
#Server = http://mirror.archlinux.cl/$repo/os/$arch
#Server = http://mirror1.cl.netactuate.com/archlinux/$repo/os/$arch
#Server = https://mirror1.cl.netactuate.com/archlinux/$repo/os/$arch
#Server = http://mirror.ufro.cl/archlinux/$repo/os/$arch
#Server = https://mirror.ufro.cl/archlinux/$repo/os/$arch
## China
#Server = http://mirrors.163.com/archlinux/$repo/os/$arch
#Server = http://mirrors.bfsu.edu.cn/archlinux/$repo/os/$arch
#Server = https://mirrors.bfsu.edu.cn/archlinux/$repo/os/$arch
#Server = http://mirrors.cqu.edu.cn/archlinux/$repo/os/$arch
#Server = https://mirrors.cqu.edu.cn/archlinux/$repo/os/$arch
#Server = http://mirrors.dgut.edu.cn/archlinux/$repo/os/$arch
#Server = https://mirrors.dgut.edu.cn/archlinux/$repo/os/$arch
#Server = http://mirrors.hit.edu.cn/archlinux/$repo/os/$arch
#Server = https://mirrors.hit.edu.cn/archlinux/$repo/os/$arch
#Server = http://mirror.lzu.edu.cn/archlinux/$repo/os/$arch
#Server = http://mirrors.neusoft.edu.cn/archlinux/$repo/os/$arch
#Server = https://mirrors.neusoft.edu.cn/archlinux/$repo/os/$arch
#Server = http://mirrors.nju.edu.cn/archlinux/$repo/os/$arch
#Server = https://mirrors.nju.edu.cn/archlinux/$repo/os/$arch
#Server = http://mirror.redrock.team/archlinux/$repo/os/$arch
#Server = https://mirror.redrock.team/archlinux/$repo/os/$arch
#Server = https://mirrors.sjtug.sjtu.edu.cn/archlinux/$repo/os/$arch
#Server = http://mirrors.tuna.tsinghua.edu.cn/archlinux/$repo/os/$arch
#Server = https://mirrors.tuna.tsinghua.edu.cn/archlinux/$repo/os/$arch
#Server = http://mirrors.ustc.edu.cn/archlinux/$repo/os/$arch
#Server = https://mirrors.ustc.edu.cn/archlinux/$repo/os/$arch
#Server = https://mirrors.xjtu.edu.cn/archlinux/$repo/os/$arch
#Server = http://mirrors.zju.edu.cn/archlinux/$repo/os/$arch
## Colombia
#Server = http://mirrors.udenar.edu.co/archlinux/$repo/os/$arch
## Croatia
#Server = http://archlinux.iskon.hr/$repo/os/$arch
## Czechia
#Server = http://mirror.dkm.cz/archlinux/$repo/os/$arch
#Server = https://mirror.dkm.cz/archlinux/$repo/os/$arch
#Server = https://europe.mirror.pkgbuild.com/$repo/os/$arch
#Server = http://ftp.fi.muni.cz/pub/linux/arch/$repo/os/$arch
#Server = http://ftp.linux.cz/pub/linux/arch/$repo/os/$arch
#Server = http://gluttony.sin.cvut.cz/arch/$repo/os/$arch
#Server = https://gluttony.sin.cvut.cz/arch/$repo/os/$arch
#Server = http://mirrors.nic.cz/archlinux/$repo/os/$arch
#Server = http://ftp.sh.cvut.cz/arch/$repo/os/$arch
#Server = https://ftp.sh.cvut.cz/arch/$repo/os/$arch
#Server = http://mirror.vpsfree.cz/archlinux/$repo/os/$arch
## Denmark
#Server = http://mirrors.dotsrc.org/archlinux/$repo/os/$arch
#Server = https://mirrors.dotsrc.org/archlinux/$repo/os/$arch
#Server = http://mirror.one.com/archlinux/$repo/os/$arch
#Server = https://mirror.one.com/archlinux/$repo/os/$arch
## Ecuador
#Server = http://mirror.cedia.org.ec/archlinux/$repo/os/$arch
#Server = http://mirror.espoch.edu.ec/archlinux/$repo/os/$arch
#Server = http://mirror.uta.edu.ec/archlinux/$repo/os/$arch
## Estonia
#Server = http://mirror.cspacehostings.com/archlinux/$repo/os/$arch
#Server = https://mirror.cspacehostings.com/archlinux/$repo/os/$arch
#Server = http://mirrors.xtom.ee/archlinux/$repo/os/$arch
#Server = https://mirrors.xtom.ee/archlinux/$repo/os/$arch
## Finland
#Server = https://arch.mcstrugs.org/$repo/os/$arch
#Server = http://mirror.arctic.lol/ArchMirror/$repo/os/$arch
#Server = http://arch.mirror.far.fi/$repo/os/$arch
#Server = http://mirror.hosthink.net/archlinux/$repo/os/$arch
#Server = https://mirror.srv.fail/archlinux/$repo/os/$arch
#Server = http://mirror.wuki.li/archlinux/$repo/os/$arch
#Server = https://mirror.wuki.li/archlinux/$repo/os/$arch
#Server = http://arch.yhtez.xyz/$repo/os/$arch
#Server = https://arch.yhtez.xyz/$repo/os/$arch
## France
#Server = http://archlinux.de-labrusse.fr/$repo/os/$arch
#Server = http://mirror.archlinux.ikoula.com/archlinux/$repo/os/$arch
#Server = https://archlinux.vi-di.fr/$repo/os/$arch
#Server = http://archlinux.mirrors.benatherton.com/$repo/os/$arch
#Server = http://mirror.cyberbits.eu/archlinux/$repo/os/$arch
#Server = https://mirror.cyberbits.eu/archlinux/$repo/os/$arch
#Server = http://archlinux.datagr.am/$repo/os/$arch
#Server = https://mirrors.eric.ovh/arch/$repo/os/$arch
#Server = http://mirror.ibcp.fr/pub/archlinux/$repo/os/$arch
#Server = http://mirror.lastmikoi.net/archlinux/$repo/os/$arch
#Server = https://arch-mirror.cloud.louifox.house/$repo/os/$arch
#Server = http://archlinux.mailtunnel.eu/$repo/os/$arch
#Server = https://archlinux.mailtunnel.eu/$repo/os/$arch
#Server = http://mir.archlinux.fr/$repo/os/$arch
#Server = http://mirrors.celianvdb.fr/archlinux/$repo/os/$arch
#Server = https://mirrors.celianvdb.fr/archlinux/$repo/os/$arch
#Server = http://arch.nimukaito.net/$repo/os/$arch
#Server = https://arch.nimukaito.net/$repo/os/$arch
#Server = http://mirror.oldsql.cc/archlinux/$repo/os/$arch
#Server = https://mirror.oldsql.cc/archlinux/$repo/os/$arch
#Server = http://archlinux.mirrors.ovh.net/archlinux/$repo/os/$arch
#Server = http://archlinux.polymorf.fr/$repo/os/$arch
#Server = http://archlinux.rezopole.net/$repo/os/$arch
#Server = https://mirrors.slaanesh.org/archlinux/$repo/os/$arch
#Server = http://mirrors.standaloneinstaller.com/archlinux/$repo/os/$arch
#Server = https://mirror.sysa.tech/archlinux/$repo/os/$arch
#Server = https://mirror.thekinrar.fr/archlinux/$repo/os/$arch
#Server = http://ftp.u-strasbg.fr/linux/distributions/archlinux/$repo/os/$arch
#Server = https://mirror.wormhole.eu/archlinux/$repo/os/$arch
#Server = http://mirroir.wptheme.fr/archlinux/$repo/os/$arch
#Server = https://mirroir.wptheme.fr/archlinux/$repo/os/$arch
#Server = http://arch.yourlabs.org/$repo/os/$arch
#Server = https://arch.yourlabs.org/$repo/os/$arch
## Georgia
#Server = http://archlinux.grena.ge/$repo/os/$arch
#Server = https://archlinux.grena.ge/$repo/os/$arch
## Germany
#Server = http://mirror.23media.com/archlinux/$repo/os/$arch
#Server = https://mirror.23media.com/archlinux/$repo/os/$arch
#Server = http://ftp.agdsn.de/pub/mirrors/archlinux/$repo/os/$arch
#Server = https://ftp.agdsn.de/pub/mirrors/archlinux/$repo/os/$arch
#Server = https://appuals.com/archlinux/$repo/os/$arch
#Server = http://artfiles.org/archlinux.org/$repo/os/$arch
#Server = https://mirror.bethselamin.de/$repo/os/$arch
#Server = http://mirror.chaoticum.net/arch/$repo/os/$arch
#Server = https://mirror.chaoticum.net/arch/$repo/os/$arch
#Server = http://mirror.checkdomain.de/archlinux/$repo/os/$arch
#Server = https://mirror.checkdomain.de/archlinux/$repo/os/$arch
#Server = http://mirror.clientvps.com/archlinux/$repo/os/$arch
#Server = https://mirror.clientvps.com/archlinux/$repo/os/$arch
#Server = https://mirror.dogado.de/archlinux/$repo/os/$arch
#Server = http://mirror.f4st.host/archlinux/$repo/os/$arch
#Server = https://mirror.f4st.host/archlinux/$repo/os/$arch
#Server = http://ftp.fau.de/archlinux/$repo/os/$arch
#Server = https://ftp.fau.de/archlinux/$repo/os/$arch
#Server = https://pkg.fef.moe/archlinux/$repo/os/$arch
#Server = https://dist-mirror.fem.tu-ilmenau.de/archlinux/$repo/os/$arch
#Server = http://mirror.fsrv.services/archlinux/$repo/os/$arch
#Server = https://mirror.fsrv.services/archlinux/$repo/os/$arch
#Server = https://mirror.gnomus.de/$repo/os/$arch
#Server = http://www.gutscheindrache.com/mirror/archlinux/$repo/os/$arch
#Server = http://ftp.gwdg.de/pub/linux/archlinux/$repo/os/$arch
#Server = http://archlinux.honkgong.info/$repo/os/$arch
#Server = http://ftp.hosteurope.de/mirror/ftp.archlinux.org/$repo/os/$arch
#Server = http://ftp-stud.hs-esslingen.de/pub/Mirrors/archlinux/$repo/os/$arch
#Server = http://archlinux.mirror.iphh.net/$repo/os/$arch
#Server = http://arch.jensgutermuth.de/$repo/os/$arch
#Server = https://arch.jensgutermuth.de/$repo/os/$arch
#Server = http://mirror.kumi.systems/archlinux/$repo/os/$arch
#Server = https://mirror.kumi.systems/archlinux/$repo/os/$arch
#Server = http://mirror.fra10.de.leaseweb.net/archlinux/$repo/os/$arch
#Server = https://mirror.fra10.de.leaseweb.net/archlinux/$repo/os/$arch
#Server = http://mirror.metalgamer.eu/archlinux/$repo/os/$arch
#Server = https://mirror.metalgamer.eu/archlinux/$repo/os/$arch
#Server = http://mirror.mikrogravitation.org/archlinux/$repo/os/$arch
#Server = https://mirror.mikrogravitation.org/archlinux/$repo/os/$arch
#Server = https://mirror.pkgbuild.com/$repo/os/$arch
#Server = http://mirror.moson.org/arch/$repo/os/$arch
#Server = https://mirror.moson.org/arch/$repo/os/$arch
#Server = http://mirrors.n-ix.net/archlinux/$repo/os/$arch
#Server = https://mirrors.n-ix.net/archlinux/$repo/os/$arch
#Server = http://mirror.netcologne.de/archlinux/$repo/os/$arch
#Server = https://mirror.netcologne.de/archlinux/$repo/os/$arch
#Server = http://mirrors.niyawe.de/archlinux/$repo/os/$arch
#Server = https://mirrors.niyawe.de/archlinux/$repo/os/$arch
#Server = http://mirror.orbit-os.com/archlinux/$repo/os/$arch
#Server = https://mirror.orbit-os.com/archlinux/$repo/os/$arch
#Server = http://packages.oth-regensburg.de/archlinux/$repo/os/$arch
#Server = https://packages.oth-regensburg.de/archlinux/$repo/os/$arch
#Server = http://phinau.de/arch/$repo/os/$arch
#Server = https://phinau.de/arch/$repo/os/$arch
#Server = https://mirror.pseudoform.org/$repo/os/$arch
#Server = https://www.ratenzahlung.de/mirror/archlinux/$repo/os/$arch
#Server = http://ftp.halifax.rwth-aachen.de/archlinux/$repo/os/$arch
#Server = https://ftp.halifax.rwth-aachen.de/archlinux/$repo/os/$arch
#Server = http://linux.rz.rub.de/archlinux/$repo/os/$arch
#Server = http://mirror.satis-faction.de/archlinux/$repo/os/$arch
#Server = https://mirror.satis-faction.de/archlinux/$repo/os/$arch
#Server = http://mirror.selfnet.de/archlinux/$repo/os/$arch
#Server = https://mirror.selfnet.de/archlinux/$repo/os/$arch
#Server = http://ftp.spline.inf.fu-berlin.de/mirrors/archlinux/$repo/os/$arch
#Server = https://ftp.spline.inf.fu-berlin.de/mirrors/archlinux/$repo/os/$arch
#Server = http://archlinux.thaller.ws/$repo/os/$arch
#Server = https://archlinux.thaller.ws/$repo/os/$arch
#Server = http://ftp.tu-chemnitz.de/pub/linux/archlinux/$repo/os/$arch
#Server = http://mirror.ubrco.de/archlinux/$repo/os/$arch
#Server = https://mirror.ubrco.de/archlinux/$repo/os/$arch
#Server = http://mirror.undisclose.de/archlinux/$repo/os/$arch
#Server = https://mirror.undisclose.de/archlinux/$repo/os/$arch
#Server = http://ftp.uni-bayreuth.de/linux/archlinux/$repo/os/$arch
#Server = http://ftp.uni-hannover.de/archlinux/$repo/os/$arch
#Server = http://ftp.uni-kl.de/pub/linux/archlinux/$repo/os/$arch
#Server = http://mirror.united-gameserver.de/archlinux/$repo/os/$arch
#Server = https://arch.unixpeople.org/$repo/os/$arch
#Server = http://ftp.wrz.de/pub/archlinux/$repo/os/$arch
#Server = https://ftp.wrz.de/pub/archlinux/$repo/os/$arch
#Server = http://mirror.wtnet.de/arch/$repo/os/$arch
#Server = https://mirror.wtnet.de/arch/$repo/os/$arch
#Server = http://mirrors.xtom.de/archlinux/$repo/os/$arch
#Server = https://mirrors.xtom.de/archlinux/$repo/os/$arch
#Server = http://arch.mirror.zachlge.org/$repo/os/$arch
#Server = https://arch.mirror.zachlge.org/$repo/os/$arch
## Greece
#Server = http://ftp.cc.uoc.gr/mirrors/linux/archlinux/$repo/os/$arch
#Server = https://repo.greeklug.gr/data/pub/linux/archlinux/$repo/os/$arch
#Server = http://mirrors.myaegean.gr/linux/archlinux/$repo/os/$arch
#Server = http://ftp.ntua.gr/pub/linux/archlinux/$repo/os/$arch
#Server = http://ftp.otenet.gr/linux/archlinux/$repo/os/$arch
## Hong Kong
#Server = https://asia.mirror.pkgbuild.com/$repo/os/$arch
#Server = http://mirror-hk.koddos.net/archlinux/$repo/os/$arch
#Server = https://mirror-hk.koddos.net/archlinux/$repo/os/$arch
#Server = http://hkg.mirror.rackspace.com/archlinux/$repo/os/$arch
#Server = https://hkg.mirror.rackspace.com/archlinux/$repo/os/$arch
#Server = https://arch-mirror.wtako.net/$repo/os/$arch
#Server = http://mirror.xtom.com.hk/archlinux/$repo/os/$arch
#Server = https://mirror.xtom.com.hk/archlinux/$repo/os/$arch
## Hungary
#Server = http://ftp.ek-cer.hu/pub/mirrors/ftp.archlinux.org/$repo/os/$arch
#Server = http://archmirror.hbit.sztaki.hu/archlinux/$repo/os/$arch
#Server = http://nova.quantum-mirror.hu/mirrors/pub/archlinux/$repo/os/$arch
#Server = http://quantum-mirror.hu/mirrors/pub/archlinux/$repo/os/$arch
#Server = http://super.quantum-mirror.hu/mirrors/pub/archlinux/$repo/os/$arch
#Server = https://nova.quantum-mirror.hu/mirrors/pub/archlinux/$repo/os/$arch
#Server = https://quantum-mirror.hu/mirrors/pub/archlinux/$repo/os/$arch
#Server = https://super.quantum-mirror.hu/mirrors/pub/archlinux/$repo/os/$arch
## Iceland
#Server = http://mirror.system.is/arch/$repo/os/$arch
#Server = https://mirror.system.is/arch/$repo/os/$arch
## India
#Server = http://mirror.cse.iitk.ac.in/archlinux/$repo/os/$arch
#Server = http://mirrors.piconets.webwerks.in/archlinux-mirror/$repo/os/$arch
#Server = https://mirrors.piconets.webwerks.in/archlinux-mirror/$repo/os/$arch
## Indonesia
#Server = http://mirror.cloudweeb.com/archlinux/$repo/os/$arch
#Server = http://mirror.faizuladib.com/archlinux/$repo/os/$arch
#Server = http://mirror.gi.co.id/archlinux/$repo/os/$arch
#Server = https://mirror.gi.co.id/archlinux/$repo/os/$arch
#Server = http://vpsmurah.jagoanhosting.com/archlinux/$repo/os/$arch
#Server = https://vpsmurah.jagoanhosting.com/archlinux/$repo/os/$arch
#Server = http://mirror.labkom.id/archlinux/$repo/os/$arch
#Server = http://mirror.papua.go.id/archlinux/$repo/os/$arch
#Server = https://mirror.papua.go.id/archlinux/$repo/os/$arch
#Server = http://mirror.poliwangi.ac.id/archlinux/$repo/os/$arch
#Server = http://suro.ubaya.ac.id/archlinux/$repo/os/$arch
#Server = http://mirror.telkomuniversity.ac.id/archlinux/$repo/os/$arch
#Server = https://mirror.telkomuniversity.ac.id/archlinux/$repo/os/$arch
## Iran
#Server = http://mirror.hostiran.ir/archlinux/$repo/os/$arch
#Server = https://mirror.hostiran.ir/archlinux/$repo/os/$arch
#Server = http://repo.iut.ac.ir/repo/archlinux/$repo/os/$arch
#Server = http://mirror.nak-mci.ir/arch/$repo/os/$arch
#Server = http://mirror.rasanegar.com/archlinux/$repo/os/$arch
#Server = https://mirror.rasanegar.com/archlinux/$repo/os/$arch
## Ireland
#Server = http://ftp.heanet.ie/mirrors/ftp.archlinux.org/$repo/os/$arch
#Server = https://ftp.heanet.ie/mirrors/ftp.archlinux.org/$repo/os/$arch
## Israel
#Server = http://mirror.isoc.org.il/pub/archlinux/$repo/os/$arch
#Server = https://mirror.isoc.org.il/pub/archlinux/$repo/os/$arch
#Server = https://archlinux.mivzakim.net/$repo/os/$arch
## Italy
#Server = https://archmirror.it/repos/$repo/os/$arch
#Server = http://archlinux.mirror.garr.it/archlinux/$repo/os/$arch
#Server = http://mirrors.prometeus.net/archlinux/$repo/os/$arch
#Server = http://archlinux.mirror.server24.net/$repo/os/$arch
#Server = https://archlinux.mirror.server24.net/$repo/os/$arch
## Japan
#Server = http://mirrors.cat.net/archlinux/$repo/os/$arch
#Server = https://mirrors.cat.net/archlinux/$repo/os/$arch
#Server = http://ftp.tsukuba.wide.ad.jp/Linux/archlinux/$repo/os/$arch
#Server = http://ftp.jaist.ac.jp/pub/Linux/ArchLinux/$repo/os/$arch
#Server = https://ftp.jaist.ac.jp/pub/Linux/ArchLinux/$repo/os/$arch
## Kazakhstan
#Server = http://mirror.hoster.kz/archlinux/$repo/os/$arch
#Server = https://mirror.hoster.kz/archlinux/$repo/os/$arch
#Server = http://mirror.ps.kz/archlinux/$repo/os/$arch
#Server = https://mirror.ps.kz/archlinux/$repo/os/$arch
## Kenya
#Server = http://archlinux.mirror.liquidtelecom.com/$repo/os/$arch
#Server = https://archlinux.mirror.liquidtelecom.com/$repo/os/$arch
## Latvia
#Server = http://archlinux.koyanet.lv/archlinux/$repo/os/$arch
#Server = https://archlinux.koyanet.lv/archlinux/$repo/os/$arch
## Lithuania
#Server = http://mirrors.atviras.lt/archlinux/$repo/os/$arch
#Server = https://mirrors.atviras.lt/archlinux/$repo/os/$arch
#Server = http://mirrors.ims.nksc.lt/archlinux/$repo/os/$arch
#Server = https://mirrors.ims.nksc.lt/archlinux/$repo/os/$arch
## Luxembourg
#Server = http://archlinux.mirror.root.lu/$repo/os/$arch
## Mexico
#Server = https://arch.mirror.jsc.mx/$repo/os/$arch
## Moldova
#Server = http://mirror.ihost.md/archlinux/$repo/os/$arch
#Server = https://mirror.ihost.md/archlinux/$repo/os/$arch
## Monaco
#Server = http://archlinux.qontinuum.space/$repo/os/$arch
#Server = https://archlinux.qontinuum.space:4443/$repo/os/$arch
## Netherlands
#Server = https://archlinux.beccacervello.it/archlinux/$repo/os/$arch
#Server = http://mirror.cj2.nl/archlinux/$repo/os/$arch
#Server = https://mirror.cj2.nl/archlinux/$repo/os/$arch
#Server = https://mirrors.daan.vodka/archlinux/$repo/os/$arch
#Server = http://mirror.erickochen.nl/archlinux/$repo/os/$arch
#Server = https://mirror.erickochen.nl/archlinux/$repo/os/$arch
#Server = http://mirror.i3d.net/pub/archlinux/$repo/os/$arch
#Server = https://mirror.i3d.net/pub/archlinux/$repo/os/$arch
#Server = https://arch.jeweet.net/$repo/os/$arch
#Server = http://mirror.koddos.net/archlinux/$repo/os/$arch
#Server = https://mirror.koddos.net/archlinux/$repo/os/$arch
#Server = http://arch.mirrors.lavatech.top/$repo/os/$arch
#Server = https://arch.mirrors.lavatech.top/$repo/os/$arch
#Server = http://mirror.ams1.nl.leaseweb.net/archlinux/$repo/os/$arch
#Server = https://mirror.ams1.nl.leaseweb.net/archlinux/$repo/os/$arch
#Server = http://archlinux.mirror.liteserver.nl/$repo/os/$arch
#Server = https://archlinux.mirror.liteserver.nl/$repo/os/$arch
#Server = http://mirror.lyrahosting.com/archlinux/$repo/os/$arch
#Server = https://mirror.lyrahosting.com/archlinux/$repo/os/$arch
#Server = http://mirror.mijn.host/archlinux/$repo/os/$arch
#Server = https://mirror.mijn.host/archlinux/$repo/os/$arch
#Server = http://mirror.neostrada.nl/archlinux/$repo/os/$arch
#Server = https://mirror.neostrada.nl/archlinux/$repo/os/$arch
#Server = http://ftp.nluug.nl/os/Linux/distr/archlinux/$repo/os/$arch
#Server = http://archlinux.mirror.pcextreme.nl/$repo/os/$arch
#Server = https://archlinux.mirror.pcextreme.nl/$repo/os/$arch
#Server = http://mirror.serverion.com/archlinux/$repo/os/$arch
#Server = https://mirror.serverion.com/archlinux/$repo/os/$arch
#Server = http://ftp.snt.utwente.nl/pub/os/linux/archlinux/$repo/os/$arch
#Server = http://mirror.tarellia.net/distr/archlinux/$repo/os/$arch
#Server = https://mirror.tarellia.net/distr/archlinux/$repo/os/$arch
#Server = http://archlinux.mirror.wearetriple.com/$repo/os/$arch
#Server = https://archlinux.mirror.wearetriple.com/$repo/os/$arch
#Server = http://mirror-archlinux.webruimtehosting.nl/$repo/os/$arch
#Server = https://mirror-archlinux.webruimtehosting.nl/$repo/os/$arch
#Server = http://mirrors.xtom.nl/archlinux/$repo/os/$arch
#Server = https://mirrors.xtom.nl/archlinux/$repo/os/$arch
## New Caledonia
#Server = http://mirror.lagoon.nc/pub/archlinux/$repo/os/$arch
#Server = http://archlinux.nautile.nc/archlinux/$repo/os/$arch
#Server = https://archlinux.nautile.nc/archlinux/$repo/os/$arch
## New Zealand
#Server = http://mirror.2degrees.nz/archlinux/$repo/os/$arch
#Server = https://mirror.2degrees.nz/archlinux/$repo/os/$arch
#Server = http://mirror.fsmg.org.nz/archlinux/$repo/os/$arch
#Server = https://mirror.fsmg.org.nz/archlinux/$repo/os/$arch
#Server = http://mirror.smith.geek.nz/archlinux/$repo/os/$arch
#Server = https://mirror.smith.geek.nz/archlinux/$repo/os/$arch
## North Macedonia
#Server = http://arch.softver.org.mk/archlinux/$repo/os/$arch
#Server = http://mirror.onevip.mk/archlinux/$repo/os/$arch
#Server = http://mirror.t-home.mk/archlinux/$repo/os/$arch
#Server = https://mirror.t-home.mk/archlinux/$repo/os/$arch
## Norway
#Server = http://mirror.archlinux.no/$repo/os/$arch
#Server = https://mirror.archlinux.no/$repo/os/$arch
#Server = http://archlinux.uib.no/$repo/os/$arch
#Server = http://mirror.neuf.no/archlinux/$repo/os/$arch
#Server = https://mirror.neuf.no/archlinux/$repo/os/$arch
#Server = http://mirror.terrahost.no/linux/archlinux/$repo/os/$arch
## Pakistan
#Server = http://repo.inara.pk/archlinux/$repo/os/$arch
#Server = https://repo.inara.pk/archlinux/$repo/os/$arch
## Paraguay
#Server = http://archlinux.mirror.py/archlinux/$repo/os/$arch
## Poland
#Server = http://ftp.icm.edu.pl/pub/Linux/dist/archlinux/$repo/os/$arch
#Server = https://ftp.icm.edu.pl/pub/Linux/dist/archlinux/$repo/os/$arch
#Server = http://mirror.juniorjpdj.pl/archlinux/$repo/os/$arch
#Server = https://mirror.juniorjpdj.pl/archlinux/$repo/os/$arch
#Server = http://arch.midov.pl/arch/$repo/os/$arch
#Server = https://arch.midov.pl/arch/$repo/os/$arch
#Server = http://arch.nixlab.pl/$repo/os/$arch
#Server = https://arch.nixlab.pl/$repo/os/$arch
#Server = http://mirror.onet.pl/pub/mirrors/archlinux/$repo/os/$arch
#Server = http://piotrkosoft.net/pub/mirrors/ftp.archlinux.org/$repo/os/$arch
#Server = http://mirror.sfinae.tech/pub/mirrors/archlinux/$repo/os/$arch
#Server = https://mirror.sfinae.tech/pub/mirrors/archlinux/$repo/os/$arch
#Server = http://repo.skni.umcs.pl/archlinux/$repo/os/$arch
#Server = https://repo.skni.umcs.pl/archlinux/$repo/os/$arch
#Server = http://ftp.vectranet.pl/archlinux/$repo/os/$arch
## Portugal
#Server = http://glua.ua.pt/pub/archlinux/$repo/os/$arch
#Server = https://glua.ua.pt/pub/archlinux/$repo/os/$arch
#Server = http://ftp.rnl.tecnico.ulisboa.pt/pub/archlinux/$repo/os/$arch
#Server = https://ftp.rnl.tecnico.ulisboa.pt/pub/archlinux/$repo/os/$arch
## Romania
#Server = http://mirrors.chroot.ro/archlinux/$repo/os/$arch
#Server = https://mirrors.chroot.ro/archlinux/$repo/os/$arch
#Server = http://mirror.efect.ro/archlinux/$repo/os/$arch
#Server = https://mirror.efect.ro/archlinux/$repo/os/$arch
#Server = http://mirrors.go.ro/archlinux/$repo/os/$arch
#Server = https://mirrors.go.ro/archlinux/$repo/os/$arch
#Server = http://mirrors.hostico.ro/archlinux/$repo/os/$arch
#Server = https://mirrors.hostico.ro/archlinux/$repo/os/$arch
#Server = http://archlinux.mirrors.linux.ro/$repo/os/$arch
#Server = http://mirrors.m247.ro/archlinux/$repo/os/$arch
#Server = http://mirrors.nav.ro/archlinux/$repo/os/$arch
#Server = http://mirrors.nxthost.com/archlinux/$repo/os/$arch
#Server = https://mirrors.nxthost.com/archlinux/$repo/os/$arch
#Server = http://mirrors.pidginhost.com/arch/$repo/os/$arch
#Server = https://mirrors.pidginhost.com/arch/$repo/os/$arch
## Russia
#Server = http://mirror.surf/archlinux/$repo/os/$arch
#Server = https://mirror.surf/archlinux/$repo/os/$arch
#Server = http://mirror.nw-sys.ru/archlinux/$repo/os/$arch
#Server = https://mirror.nw-sys.ru/archlinux/$repo/os/$arch
#Server = http://mirrors.powernet.com.ru/archlinux/$repo/os/$arch
#Server = http://mirror.rol.ru/archlinux/$repo/os/$arch
#Server = https://mirror.rol.ru/archlinux/$repo/os/$arch
#Server = http://mirror.truenetwork.ru/archlinux/$repo/os/$arch
#Server = https://mirror.truenetwork.ru/archlinux/$repo/os/$arch
#Server = http://mirror.yandex.ru/archlinux/$repo/os/$arch
#Server = https://mirror.yandex.ru/archlinux/$repo/os/$arch
#Server = http://archlinux.zepto.cloud/$repo/os/$arch
## Serbia
#Server = http://arch.petarmaric.com/$repo/os/$arch
#Server = http://mirror.pmf.kg.ac.rs/archlinux/$repo/os/$arch
## Singapore
#Server = http://mirror.0x.sg/archlinux/$repo/os/$arch
#Server = https://mirror.0x.sg/archlinux/$repo/os/$arch
#Server = http://mirror.aktkn.sg/archlinux/$repo/os/$arch
#Server = https://mirror.aktkn.sg/archlinux/$repo/os/$arch
#Server = https://download.nus.edu.sg/mirror/archlinux/$repo/os/$arch
#Server = http://mirror.guillaumea.fr/archlinux/$repo/os/$arch
#Server = https://mirror.guillaumea.fr/archlinux/$repo/os/$arch
#Server = http://mirror.nus.edu.sg/archlinux/$repo/os/$arch
## Slovakia
#Server = http://mirror.lnx.sk/pub/linux/archlinux/$repo/os/$arch
#Server = https://mirror.lnx.sk/pub/linux/archlinux/$repo/os/$arch
#Server = http://tux.rainside.sk/archlinux/$repo/os/$arch
## Slovenia
#Server = http://archimonde.ts.si/archlinux/$repo/os/$arch
#Server = https://archimonde.ts.si/archlinux/$repo/os/$arch
## South Africa
#Server = http://archlinux.za.mirror.allworldit.com/archlinux/$repo/os/$arch
#Server = https://archlinux.za.mirror.allworldit.com/archlinux/$repo/os/$arch
#Server = http://za.mirror.archlinux-br.org/$repo/os/$arch
#Server = http://mirror.is.co.za/mirror/archlinux.org/$repo/os/$arch
#Server = http://arch.opnmirror.co.za/$repo/os/$arch
#Server = https://arch.opnmirror.co.za/$repo/os/$arch
#Server = http://mirrors.urbanwave.co.za/archlinux/$repo/os/$arch
#Server = https://mirrors.urbanwave.co.za/archlinux/$repo/os/$arch
## South Korea
#Server = http://mirror.anigil.com/archlinux/$repo/os/$arch
#Server = https://mirror.anigil.com/archlinux/$repo/os/$arch
#Server = http://ftp.harukasan.org/archlinux/$repo/os/$arch
#Server = https://ftp.harukasan.org/archlinux/$repo/os/$arch
#Server = http://ftp.lanet.kr/pub/archlinux/$repo/os/$arch
#Server = https://ftp.lanet.kr/pub/archlinux/$repo/os/$arch
#Server = http://mirror.premi.st/archlinux/$repo/os/$arch
#Server = https://mirror.premi.st/archlinux/$repo/os/$arch
## Spain
#Server = https://mirror.cloroformo.org/archlinux/$repo/os/$arch
#Server = http://mirror.librelabucm.org/archlinux/$repo/os/$arch
#Server = https://mirror.librelabucm.org/archlinux/$repo/os/$arch
#Server = http://ftp.rediris.es/mirror/archlinux/$repo/os/$arch
#Server = http://sharing.thelinuxsect.com/archlinux/$repo/os/$arch
## Sweden
#Server = http://ftp.acc.umu.se/mirror/archlinux/$repo/os/$arch
#Server = https://ftp.acc.umu.se/mirror/archlinux/$repo/os/$arch
#Server = http://ftpmirror.infania.net/mirror/archlinux/$repo/os/$arch
#Server = https://ftp.ludd.ltu.se/mirrors/archlinux/$repo/os/$arch
#Server = http://ftp.lysator.liu.se/pub/archlinux/$repo/os/$arch
#Server = https://ftp.lysator.liu.se/pub/archlinux/$repo/os/$arch
#Server = http://ftp.myrveln.se/pub/linux/archlinux/$repo/os/$arch
#Server = https://ftp.myrveln.se/pub/linux/archlinux/$repo/os/$arch
#Server = https://mirror.osbeck.com/archlinux/$repo/os/$arch
#Server = http://tedwall.se/archlinux/$repo/os/$arch
#Server = https://tedwall.se/archlinux/$repo/os/$arch
## Switzerland
#Server = http://pkg.adfinis.com/archlinux/$repo/os/$arch
#Server = https://pkg.adfinis.com/archlinux/$repo/os/$arch
#Server = http://mirror.init7.net/archlinux/$repo/os/$arch
#Server = https://mirror.init7.net/archlinux/$repo/os/$arch
#Server = http://mirror.puzzle.ch/archlinux/$repo/os/$arch
#Server = https://mirror.puzzle.ch/archlinux/$repo/os/$arch
#Server = https://theswissbay.ch/archlinux/$repo/os/$arch
#Server = https://mirror.ungleich.ch/mirror/packages/archlinux/$repo/os/$arch
## Taiwan
#Server = http://archlinux.ccns.ncku.edu.tw/archlinux/$repo/os/$arch
#Server = http://free.nchc.org.tw/arch/$repo/os/$arch
#Server = https://free.nchc.org.tw/arch/$repo/os/$arch
#Server = http://archlinux.cs.nctu.edu.tw/$repo/os/$arch
#Server = http://shadow.ind.ntou.edu.tw/archlinux/$repo/os/$arch
#Server = https://shadow.ind.ntou.edu.tw/archlinux/$repo/os/$arch
#Server = http://ftp.tku.edu.tw/Linux/ArchLinux/$repo/os/$arch
#Server = http://ftp.yzu.edu.tw/Linux/archlinux/$repo/os/$arch
#Server = https://ftp.yzu.edu.tw/Linux/archlinux/$repo/os/$arch
## Thailand
#Server = https://mirror.cyberbits.asia/archlinux/$repo/os/$arch
#Server = http://mirror.kku.ac.th/archlinux/$repo/os/$arch
#Server = https://mirror.kku.ac.th/archlinux/$repo/os/$arch
#Server = http://mirror2.totbb.net/archlinux/$repo/os/$arch
## Turkey
#Server = http://ftp.linux.org.tr/archlinux/$repo/os/$arch
#Server = http://mirror.veriteknik.net.tr/archlinux/$repo/os/$arch
## Ukraine
#Server = http://archlinux.ip-connect.vn.ua/$repo/os/$arch
#Server = https://archlinux.ip-connect.vn.ua/$repo/os/$arch
#Server = http://mirror.mirohost.net/archlinux/$repo/os/$arch
#Server = https://mirror.mirohost.net/archlinux/$repo/os/$arch
#Server = http://mirrors.nix.org.ua/linux/archlinux/$repo/os/$arch
#Server = https://mirrors.nix.org.ua/linux/archlinux/$repo/os/$arch
## United Kingdom
#Server = http://archlinux.uk.mirror.allworldit.com/archlinux/$repo/os/$arch
#Server = https://archlinux.uk.mirror.allworldit.com/archlinux/$repo/os/$arch
#Server = http://mirror.bytemark.co.uk/archlinux/$repo/os/$arch
#Server = https://mirror.bytemark.co.uk/archlinux/$repo/os/$arch
#Server = http://mirrors.gethosted.online/archlinux/$repo/os/$arch
#Server = https://mirrors.gethosted.online/archlinux/$repo/os/$arch
#Server = http://mirrors.manchester.m247.com/arch-linux/$repo/os/$arch
#Server = http://mirrors.melbourne.co.uk/archlinux/$repo/os/$arch
#Server = https://mirrors.melbourne.co.uk/archlinux/$repo/os/$arch
#Server = http://www.mirrorservice.org/sites/ftp.archlinux.org/$repo/os/$arch
#Server = https://www.mirrorservice.org/sites/ftp.archlinux.org/$repo/os/$arch
#Server = http://mirror.netweaver.uk/archlinux/$repo/os/$arch
#Server = https://mirror.netweaver.uk/archlinux/$repo/os/$arch
#Server = http://lon.mirror.rackspace.com/archlinux/$repo/os/$arch
#Server = https://lon.mirror.rackspace.com/archlinux/$repo/os/$arch
#Server = http://arch.serverspace.co.uk/arch/$repo/os/$arch
#Server = http://archlinux.mirrors.uk2.net/$repo/os/$arch
#Server = http://mirrors.ukfast.co.uk/sites/archlinux.org/$repo/os/$arch
#Server = https://mirrors.ukfast.co.uk/sites/archlinux.org/$repo/os/$arch
## United States
#Server = http://mirrors.acm.wpi.edu/archlinux/$repo/os/$arch
#Server = http://mirrors.advancedhosters.com/archlinux/$repo/os/$arch
#Server = http://mirrors.aggregate.org/archlinux/$repo/os/$arch
#Server = https://america.mirror.pkgbuild.com/$repo/os/$arch
#Server = http://ca.us.mirror.archlinux-br.org/$repo/os/$arch
#Server = http://il.us.mirror.archlinux-br.org/$repo/os/$arch
#Server = http://mirror.arizona.edu/archlinux/$repo/os/$arch
#Server = https://mirror.arizona.edu/archlinux/$repo/os/$arch
#Server = http://arlm.tyzoid.com/$repo/os/$arch
#Server = https://arlm.tyzoid.com/$repo/os/$arch
#Server = https://mirror.ava.dev/archlinux/$repo/os/$arch
#Server = http://mirrors.cat.pdx.edu/archlinux/$repo/os/$arch
#Server = http://mirror.cc.columbia.edu/pub/linux/archlinux/$repo/os/$arch
#Server = http://arch.mirror.constant.com/$repo/os/$arch
#Server = https://arch.mirror.constant.com/$repo/os/$arch
#Server = http://mirror.cs.pitt.edu/archlinux/$repo/os/$arch
#Server = http://mirror.cs.vt.edu/pub/ArchLinux/$repo/os/$arch
#Server = http://mirror.cybersecurity.nmt.edu/archlinux/$repo/os/$arch
#Server = https://mirror.cybersecurity.nmt.edu/archlinux/$repo/os/$arch
#Server = http://distro.ibiblio.org/archlinux/$repo/os/$arch
#Server = http://mirror.es.its.nyu.edu/archlinux/$repo/os/$arch
#Server = http://mirror.ette.biz/archlinux/$repo/os/$arch
#Server = https://mirror.ette.biz/archlinux/$repo/os/$arch
#Server = http://mirrors.gigenet.com/archlinux/$repo/os/$arch
#Server = http://www.gtlib.gatech.edu/pub/archlinux/$repo/os/$arch
#Server = http://mirror.hackingand.coffee/arch/$repo/os/$arch
#Server = https://mirror.hackingand.coffee/arch/$repo/os/$arch
#Server = https://mirror.hodgepodge.dev/archlinux/$repo/os/$arch
#Server = http://mirror.hostup.org/archlinux/$repo/os/$arch
#Server = https://mirror.hostup.org/archlinux/$repo/os/$arch
#Server = http://arch.hu.fo/archlinux/$repo/os/$arch
#Server = https://arch.hu.fo/archlinux/$repo/os/$arch
#Server = http://repo.ialab.dsu.edu/archlinux/$repo/os/$arch
#Server = https://repo.ialab.dsu.edu/archlinux/$repo/os/$arch
#Server = http://mirrors.kernel.org/archlinux/$repo/os/$arch
Server = https://mirrors.kernel.org/archlinux/$repo/os/$arch
#Server = http://mirror.dal10.us.leaseweb.net/archlinux/$repo/os/$arch
#Server = http://mirror.mia11.us.leaseweb.net/archlinux/$repo/os/$arch
#Server = http://mirror.sfo12.us.leaseweb.net/archlinux/$repo/os/$arch
#Server = http://mirror.wdc1.us.leaseweb.net/archlinux/$repo/os/$arch
#Server = https://mirror.dal10.us.leaseweb.net/archlinux/$repo/os/$arch
#Server = https://mirror.mia11.us.leaseweb.net/archlinux/$repo/os/$arch
#Server = https://mirror.sfo12.us.leaseweb.net/archlinux/$repo/os/$arch
#Server = https://mirror.wdc1.us.leaseweb.net/archlinux/$repo/os/$arch
#Server = http://mirrors.liquidweb.com/archlinux/$repo/os/$arch
#Server = http://mirror.lty.me/archlinux/$repo/os/$arch
#Server = https://mirror.lty.me/archlinux/$repo/os/$arch
#Server = http://mirrors.lug.mtu.edu/archlinux/$repo/os/$arch
#Server = https://mirrors.lug.mtu.edu/archlinux/$repo/os/$arch
#Server = http://mirror.math.princeton.edu/pub/archlinux/$repo/os/$arch
#Server = http://mirror.metrocast.net/archlinux/$repo/os/$arch
#Server = http://mirror.kaminski.io/archlinux/$repo/os/$arch
#Server = https://mirror.kaminski.io/archlinux/$repo/os/$arch
#Server = http://iad.mirrors.misaka.one/archlinux/$repo/os/$arch
#Server = https://iad.mirrors.misaka.one/archlinux/$repo/os/$arch
#Server = http://repo.miserver.it.umich.edu/archlinux/$repo/os/$arch
#Server = http://mirrors.mit.edu/archlinux/$repo/os/$arch
#Server = https://mirrors.mit.edu/archlinux/$repo/os/$arch
#Server = http://mirrors.ocf.berkeley.edu/archlinux/$repo/os/$arch
#Server = https://mirrors.ocf.berkeley.edu/archlinux/$repo/os/$arch
#Server = http://archmirror1.octyl.net/$repo/os/$arch
#Server = https://archmirror1.octyl.net/$repo/os/$arch
#Server = http://ftp.osuosl.org/pub/archlinux/$repo/os/$arch
#Server = http://arch.mirrors.pair.com/$repo/os/$arch
#Server = http://dfw.mirror.rackspace.com/archlinux/$repo/os/$arch
#Server = http://iad.mirror.rackspace.com/archlinux/$repo/os/$arch
#Server = http://ord.mirror.rackspace.com/archlinux/$repo/os/$arch
#Server = https://dfw.mirror.rackspace.com/archlinux/$repo/os/$arch
#Server = https://iad.mirror.rackspace.com/archlinux/$repo/os/$arch
#Server = https://ord.mirror.rackspace.com/archlinux/$repo/os/$arch
#Server = http://plug-mirror.rcac.purdue.edu/archlinux/$repo/os/$arch
#Server = https://plug-mirror.rcac.purdue.edu/archlinux/$repo/os/$arch
#Server = http://mirrors.rit.edu/archlinux/$repo/os/$arch
#Server = https://mirrors.rit.edu/archlinux/$repo/os/$arch
#Server = http://mirrors.rutgers.edu/archlinux/$repo/os/$arch
#Server = https://mirrors.rutgers.edu/archlinux/$repo/os/$arch
#Server = http://mirror.siena.edu/archlinux/$repo/os/$arch
#Server = http://mirrors.sonic.net/archlinux/$repo/os/$arch
#Server = https://mirrors.sonic.net/archlinux/$repo/os/$arch
#Server = http://mirror.phx1.us.spryservers.net/archlinux/$repo/os/$arch
#Server = https://mirror.phx1.us.spryservers.net/archlinux/$repo/os/$arch
#Server = http://arch.mirror.square-r00t.net/$repo/os/$arch
#Server = https://arch.mirror.square-r00t.net/$repo/os/$arch
#Server = http://mirror.stephen304.com/archlinux/$repo/os/$arch
#Server = https://mirror.stephen304.com/archlinux/$repo/os/$arch
#Server = http://ftp.sudhip.com/archlinux/$repo/os/$arch
#Server = https://ftp.sudhip.com/archlinux/$repo/os/$arch
#Server = http://mirror.pit.teraswitch.com/archlinux/$repo/os/$arch
#Server = https://mirror.pit.teraswitch.com/archlinux/$repo/os/$arch
#Server = http://mirror.umd.edu/archlinux/$repo/os/$arch
#Server = http://mirror.vtti.vt.edu/archlinux/$repo/os/$arch
#Server = http://mirrors.xmission.com/archlinux/$repo/os/$arch
#Server = http://mirrors.xtom.com/archlinux/$repo/os/$arch
#Server = https://mirrors.xtom.com/archlinux/$repo/os/$arch
#Server = https://zxcvfdsa.com/arch/$repo/os/$arch
## Vietnam
#Server = http://f.archlinuxvn.org/archlinux/$repo/os/$arch
#Server = http://mirror.bizflycloud.vn/archlinux/$repo/os/$arch

45
pacman.conf Normal file
View File

@ -0,0 +1,45 @@
[options]
# The following paths are commented out with their default values listed.
# If you wish to use different paths, uncomment and update the paths.
#RootDir = /
#DBPath = /var/lib/pacman/
#CacheDir = /var/cache/pacman/pkg/
LogFile = /dev/null
#GPGDir = /etc/pacman.d/gnupg/
#HookDir = /etc/pacman.d/hooks/
HoldPkg = pacman glibc
#XferCommand = /usr/bin/curl -L -C - -f -o %o %u
#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
#CleanMethod = KeepInstalled
Architecture = auto
# Pacman won't upgrade packages listed in IgnorePkg and members of IgnoreGroup
#IgnorePkg =
#IgnoreGroup =
#NoUpgrade =
#NoExtract =
# Misc options
UseSyslog
Color
#NoProgressBar
CheckSpace
VerbosePkgLists
#ParallelDownloads = 5
ILoveCandy
# By default, pacman accepts packages signed by keys that its local keyring
# trusts (see pacman-key and its man page), as well as unsigned packages.
SigLevel = Required DatabaseOptional
LocalFileSigLevel = Optional
#RemoteFileSigLevel = Required
[core]
Include = /etc/pacman.d/mirrorlist
[extra]
Include = /etc/pacman.d/mirrorlist
[community]
Include = /etc/pacman.d/mirrorlist

119
sshd_config Normal file
View File

@ -0,0 +1,119 @@
# $OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/local/sbin:/usr/local/bin:/usr/bin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options override the
# default value.
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
HostKey /etc/ssh/ssh_host_ed25519_key
HostKeyAlgorithms ssh-ed25519
KexAlgorithms curve25519-sha256
PubkeyAcceptedKeyTypes ssh-ed25519
Ciphers chacha20-poly1305@openssh.com,aes128-gcm@openssh.com,aes256-gcm@openssh.com
MACs hmac-sha2-512-etm@openssh.com
# Ciphers and keying
#RekeyLimit default none
# Logging
#SyslogFacility AUTH
#LogLevel INFO
# Authentication:
#LoginGraceTime 2m
#PermitRootLogin prohibit-password
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
#PubkeyAuthentication yes
# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile .ssh/authorized_keys
#AuthorizedPrincipalsFile none
#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no
#PermitEmptyPasswords no
# Change to no to disable s/key passwords
ChallengeResponseAuthentication no
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes
#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
PrintMotd no # pam does that
#PrintLastLog yes
#TCPKeepAlive yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none
# no default banner path
#Banner none
# override default of no subsystems
Subsystem sftp /usr/lib/ssh/sftp-server
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# PermitTTY no
# ForceCommand cvs server

10
unbound.conf Normal file
View File

@ -0,0 +1,10 @@
server:
qname-minimisation: yes
trust-anchor-file: /etc/unbound/trusted-key.key
tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
forward-zone:
name: "."
forward-tls-upstream: yes
forward-addr: 1.0.0.1@853#cloudflare-dns.com
forward-addr: 1.1.1.1@853#cloudflare-dns.com