User:Djgera/exequiel

From ArchWiki
< User:Djgera
Revision as of 15:35, 27 January 2019 by Djgera (talk | contribs) (openssh)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Hardware configuration

  • Motherboard: Asus M2N32-SLI Deluxe (Firmware: 1603)
  • CPU: AMD Athlon 64 X2 5200+ [ADA5200IAA6CS]
  • RAM: 4 x 1GB OCZ DDR2 800MHz Platinum Rev 2 (4-4-4-15) [OCZ2P800R21G]
  • GPU: EVGA GeForce GT 520 1GB RAM DDR3 | VBIOS: 75.19.1b.00.20 | PN: 01G-P3-1523-KR
  • Audio: Sound Blaster Live! MP3
  • Wifi (PCIe): TP-LINK TL-WN781ND V2.2 (Qualcomm Atheros AR9485)
  • Wifi (USB): TP-LINK TL-WN722N V1.0 (Qualcomm Atheros AR9271)
  • Storage (sda): Western Digital Caviar Black 2TB - 64MB Cache (Firmware: 05.01D05) [WD2001FASS-00W2B0]
  • Storage (sdb): Western Digital Caviar Black 2TB - 64MB Cache (Firmware: 01.00101) [WD2001FASS-00W2B0]
  • Storage (sdc): Western Digital Caviar Black 2TB - 64MB Cache (Firmware: 01.00101) [WD2001FASS-00W2B0]
  • Storage (sdd): Western Digital Caviar Black 2TB - 64MB Cache (Firmware: 05.01D05) [WD2001FASS-00W2B0]
  • Optical Drive: LG DVD-RW SATA Dual Layer (Fimware IL00) [GH20NS15]
  • Power Supply: PowerCooler ATX12V 2.0 PS-500SS 500W
  • Monitor: Dell UltraSharp 24" - (H-IPS panel [LM240WU4-SLB1]) - 1920x1200 - [U2410 / Rev A05]
  • Keyboard/Mouse: Logitech Cordless Desktop EX 100
  • Webcam: Logitech HD Webcam C510
  • Printer: HP Laserjet P1006
  • UPS: APC Back-UPS XS 800CI, [BX800CI-AR] (Firmware: 920.T2 .I USB FW:T3)

Software configuration

HDD partition scheme

Disk /dev/sda: 3907029168 sectors, 1.8 TiB
Logical sector size: 512 bytes
Disk identifier (GUID): 014F724D-394E-4571-9DDA-9A3943BA7F1E
Partition table holds up to 128 entries
First usable sector is 34, last usable sector is 3907029134
Partitions will be aligned on 2048-sector boundaries
Total free space is 34925 sectors (17.1 MiB)

Number  Start (sector)    End (sector)  Size       Code  Name
   1            2048         2099199   1024.0 MiB  8300  
   2         2101248        69210111   32.0 GiB    8300  
   3        69212160       136321023   32.0 GiB    8300  
   4       136323072       169877503   16.0 GiB    8200  
   5       169879552       236988415   32.0 GiB    8300  
   6       236990464      3907006463   1.7 TiB     8300  
Disk /dev/sdb: 2000.4 GB, 2000398934016 bytes, 3907029168 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk label type: dos
Disk identifier: 0xba469f54

   Device Boot      Start         End      Blocks   Id  System
/dev/sdb1            2048  3907029167  1953513560   83  Linux
Disk /dev/sdc: 2000.4 GB, 2000398934016 bytes, 3907029168 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk label type: dos
Disk identifier: 0x15138733

   Device Boot      Start         End      Blocks   Id  System
/dev/sdc1            2048  3907029167  1953513560   83  Linux
Disk /dev/sdd: 2000.4 GB, 2000398934016 bytes, 3907029168 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk label type: dos
Disk identifier: 0xbb1fe300

   Device Boot      Start         End      Blocks   Id  System
/dev/sdd1            2048  3907029167  1953513560   83  Linux

syslinux

syslinux (gptmbr.bin) installed on MBR (sda)

dd bs=440 count=1 conv=notrunc if=/usr/lib/syslinux/gptmbr.bin of=/dev/sda
extlinux -i /boot/syslinux
cp /usr/lib/syslinux/bios/menu.c32 /boot/syslinux/
cp /usr/lib/syslinux/bios/libutil.c32 /boot/syslinux/
/boot/syslinux/syslinux.cfg
timeout 10

ui menu.c32

label memtest86+
    linux ../memtest86+-5.01.bin

label linux-4.12.5
    linux ../vmlinuz-4.12.5
    initrd ../initramfs-4.12.5.img
    append root=UUID=0c46fd32-8210-449d-ab22-c82a413a0e02 rw

label linux-4.12.5-fallback
    linux ../vmlinuz-4.12.5
    initrd ../initramfs-4.12.5-fallback.img
    append root=UUID=0c46fd32-8210-449d-ab22-c82a413a0e02 rw

label linux-4.12.5-rescue
    linux ../vmlinuz-4.12.5
    initrd ../initramfs-4.12.5-rescue.img
    append break=premount

mkinitcpio

/etc/mkinitcpio-djgera.conf
HOOKS="systemd autodetect modconf block filesystems keyboard fsck save_hdd_live"
COMPRESSION="gzip"
/etc/mkinitcpio-rescue.conf
HOOKS="base udev keymap modconf rescue"
COMPRESSION="gzip"


/etc/initcpio/install/save_hdd_live 
#!/bin/bash
build()
{
    add_file /etc/udev/rules.d/69-save-hdd-live.rules
    add_binary hdparm
}

help ()
{
cat <<HELPEOF
  This hook will save your HDD live!
HELPEOF
}


/etc/initcpio/install/rescue
build()
{
    add_all_modules /
    # syslinux
    add_binary extlinux
    add_file /usr/lib/syslinux/bios/gptmbr.bin
    add_file /etc/udev/rules.d/69-save-hdd-live.rules
    add_file "/usr/lib/udev/rules.d/10-dm.rules"
    add_file "/usr/lib/udev/rules.d/13-dm-disk.rules"
    add_file "/usr/lib/udev/rules.d/95-dm-notify.rules"
    add_file "/usr/lib/initcpio/udev/11-dm-initramfs.rules" "/usr/lib/udev/rules.d/11-dm-initramfs.rules"

    # util-linux
    add_binary findmnt
    add_binary blockdev
    add_binary fdisk
    add_binary sfdisk
    add_binary hexdump
    add_binary losetup
    add_binary mkswap
    add_binary umount
    add_binary wipefs

    # e2fsprogs
    add_binary badblocks
    add_binary chattr
    add_binary fsck.ext4
    add_binary lsattr
    add_binary mkfs.ext4
    add_binary tune2fs

    # xfsprogs
    add_binary mkfs.xfs
    add_binary xfs_repair

    # cryptsetup
    add_binary cryptsetup

    # device-mapper
    add_binary dmsetup

    # gptfdisk
    add_binary gdisk

    # rsync
    add_binary rsync

    # coreutils
    add_binary cat
    add_binary cp
    add_binary dd
    add_binary mv
    add_binary rm
    add_binary sync
    add_binary md5sum
    add_binary sha1sum
    add_binary date

    # bash
    add_binary bash

    # findutils
    add_binary find
    add_binary xargs

    # procps-ng
    add_binary free
    add_binary ps
    add_binary slabtop
    add_binary top
    add_binary vmstat

    # smartmontools
    add_binary smartctl
    add_file /usr/share/smartmontools/drivedb.h

    # hdparm
    add_binary hdparm

    # ncurses
    add_file /usr/share/terminfo/l/linux

    # nano
    add_binary nano

    # iproute2
    add_binary ip

    # iw
    add_binary iw
}

help ()
{
cat <<HELPEOF
  Rescue hook!
HELPEOF
}
/etc/pacman.d/hooks/initramfs-update.hook
[Trigger]
Operation = Upgrade
Type = Package
Target = systemd
Target = kmod

[Action]
When = PostTransaction
Exec = /etc/pacman.d/hooks.scripts/initramfs-update.sh
/etc/pacman.d/hooks.scripts/initramfs-update.sh
#!/bin/bash

for k in /boot/vmlinuz-*; do
    v=${k#*-}
    cp -v /boot/initramfs-${v}.img /boot/initramfs-${v}.img.bkp
    mkinitcpio -k ${k} -c /etc/mkinitcpio-djgera.conf -g /boot/initramfs-${v}.img
    cp -v /boot/initramfs-${v}-fallback.img /boot/initramfs-${v}-fallback.img.bkp
    mkinitcpio -S autodetect -k ${k} -c /etc/mkinitcpio-djgera.conf -g /boot/initramfs-${v}-fallback.img
done

systemd

/etc/systemd/system.conf.d/50-DefaultTimeoutSec.conf
[Manager]
DefaultTimeoutStopSec=15s
/etc/systemd/logind.conf.d/50-KillUserProcesses.conf
[Login]
KillUserProcesses=yes
/etc/sysctl.d/99-djgera.conf
kernel.sysrq = 1
localectl
   System Locale: LANG=en_US.UTF-8
       VC Keymap: es
      X11 Layout: es
hostnamectl
   Static hostname: exequiel
         Icon name: computer-desktop
           Chassis: desktop
        Machine ID: cd9e9d24fe37411c3b2d22c14951b1a1
           Boot ID: a5f57d905a094b2f8135d0cfa3656e6b
  Operating System: Arch Linux
            Kernel: Linux 4.4.14
      Architecture: x86-64
timedatectl
      Local time: Tue 2016-07-05 20:59:23 ART
  Universal time: Tue 2016-07-05 23:59:23 UTC
        RTC time: Tue 2016-07-05 23:59:23
       Time zone: America/Buenos_Aires (ART, -0300)
 Network time on: yes
NTP synchronized: yes
 RTC in local TZ: no
# tree /etc/systemd/system
/etc/systemd/system
├── default.target -> /usr/lib/systemd/system/multi-user.target
├── dnsmasq@.service
├── getty.target.wants
│   └── getty@tty1.service -> /usr/lib/systemd/system/getty@.service
├── ghb@.service
├── hddtemp.service.d
│   └── es.conf
├── minidlna@.service
├── multi-user.target.wants
│   ├── apcupsd.service -> /usr/lib/systemd/system/apcupsd.service
│   ├── dnsmasq@apdevnull.service -> /etc/systemd/system/dnsmasq@.service
│   ├── hddtemp.service -> /usr/lib/systemd/system/hddtemp.service
│   ├── hostapd.service -> /usr/lib/systemd/system/hostapd.service
│   ├── iptables.service -> /usr/lib/systemd/system/iptables.service
│   ├── minidlna@gera.service -> /etc/systemd/system/minidlna@.service
│   ├── mpd.service -> /usr/lib/systemd/system/mpd.service
│   ├── nfs-client.target -> /usr/lib/systemd/system/nfs-client.target
│   ├── openvpn@gerardo-desktop.service -> /usr/lib/systemd/system/openvpn@.service
│   ├── org.cups.cupsd.path -> /usr/lib/systemd/system/org.cups.cupsd.path
│   ├── remote-fs.target -> /usr/lib/systemd/system/remote-fs.target
│   ├── smartd.service -> /usr/lib/systemd/system/smartd.service
│   ├── sysstat.service -> /usr/lib/systemd/system/sysstat.service
│   ├── systemd-networkd.service -> /usr/lib/systemd/system/systemd-networkd.service
│   └── vnstat.service -> /usr/lib/systemd/system/vnstat.service
├── printer.target.wants
│   └── org.cups.cupsd.service -> /usr/lib/systemd/system/org.cups.cupsd.service
├── remote-fs.target.wants
│   └── nfs-client.target -> /usr/lib/systemd/system/nfs-client.target
├── smartlog@.service
├── sockets.target.wants
│   ├── org.cups.cupsd.socket -> /usr/lib/systemd/system/org.cups.cupsd.socket
│   ├── smbd.socket -> /usr/lib/systemd/system/smbd.socket
│   └── sshd.socket -> /usr/lib/systemd/system/sshd.socket
├── sysinit.target.wants
│   └── systemd-timesyncd.service -> /usr/lib/systemd/system/systemd-timesyncd.service
├── sysstat.service.wants
│   ├── sysstat-collect.timer -> /usr/lib/systemd/system/sysstat-collect.timer
│   └── sysstat-summary.timer -> /usr/lib/systemd/system/sysstat-summary.timer
├── systemd-logind.service.d
│   └── debug.conf
├── systemd-networkd.service.d
│   └── debug.conf
├── systemd-udevd.service.d
│   └── debug.conf
└── vncserver@.service
/etc/udev/rules.d/69-serial.rules
ACTION=="remove", GOTO="serial_end"

SUBSYSTEM=="tty", KERNEL=="ttyS0", TAG+="uaccess"

LABEL="serial_end"
/etc/udev/rules.d/69-usbserial.rules
ACTION=="remove", GOTO="usbserial_end"

SUBSYSTEM=="tty", KERNEL=="ttyUSB0", TAG+="uaccess"

LABEL="usbserial_end"
/etc/udev/rules.d/10-leds.rules
ACTION=="add", SUBSYSTEM=="leds", ATTRS{idVendor}=="0cf3", ATTRS{idProduct}=="9271", ATTR{trigger}="none"
/etc/udev/rules.d/10-net.rules
SUBSYSTEM=="net", ACTION=="add", ATTR{address}=="00:15:af:01:77:8e", NAME="wifi0"
SUBSYSTEM=="net", ACTION=="add", ATTR{address}=="02:68:1c:67:77:74", NAME="android1"
/etc/udev/rules.d/10-tplink-wn722n.rules
ACTION!="add", GOTO="net_rules_end"
SUBSYSTEM!="net", GOTO="net_rules_end"
KERNEL!="wlan*", GOTO="net_rules_end"

ATTR{address}=="14:cc:20:25:66:38", NAME="wifi2"

LABEL="net_rules_end"
/etc/udev/rules.d/10-tplink-wn781nd.rules
ACTION!="add", GOTO="net_rules_end"
SUBSYSTEM!="net", GOTO="net_rules_end"
KERNEL!="wlan*", GOTO="net_rules_end"

ATTR{address}=="e8:de:27:4e:63:2b", NAME="wifi1"

ATTR{address}=="e8:de:27:4e:63:2b", RUN+="/usr/bin/iw dev wifi1 interface add ap1 type __ap"
ATTR{address}=="e8:de:27:4e:63:2b", RUN+="/usr/bin/ip link set ap1 address e8:de:27:4e:63:2c"

LABEL="net_rules_end"
/etc/systemd/network/10-wlan.link
[Match]
Type=wlan

[Link]
NamePolicy=
/etc/systemd/network/20-ap1.network
[Match]
Name=ap1

[Network]
Address=172.16.92.2/28
/etc/systemd/network/20-net0.link
[Match]
MACAddress=00:17:31:bb:44:19

[Link]
Name=net0
/etc/systemd/network/20-net0.network
[Match]
Name=net0

[Network]
VLAN=net0.150
Address=192.168.91.2/28

[Route]
Gateway=192.168.91.1
PreferredSource=192.168.91.2
Metric=100

[Route]
Gateway=192.168.91.3
Destination=172.16.93.0/28
PreferredSource=192.168.91.2

[Route]
Gateway=192.168.91.3
Destination=10.6.93.0/28
PreferredSource=192.168.91.2

[Route]
Gateway=192.168.91.3
Destination=10.17.93.0/28
PreferredSource=192.168.91.2
/etc/systemd/network/20-net0.150.netdev
[NetDev]
Name=net0.150
Kind=vlan
MACAddress=00:17:31:bb:44:19

[VLAN]
Id=150
/etc/systemd/network/20-net0.150.network
[Match]
Name=net0.150

[Network]
BindCarrier=net0

iptables

/etc/iptables/iptables.rules
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]

-A PREROUTING -i ppp0 -p tcp -m tcp --dport 8080 -j DNAT --to-destination 192.168.91.3:1194
-A PREROUTING -i ppp0 -p udp -m udp --dport 8080 -j DNAT --to-destination 192.168.91.3:1194

-A PREROUTING -i ppp0 -p tcp -m tcp --dport 55555 -j DNAT --to-destination 192.168.91.3
-A PREROUTING -i ppp0 -p udp -m udp --dport 55555 -j DNAT --to-destination 192.168.91.3


-A POSTROUTING -s 172.16.92.0/28 ! -d 192.168.91.0/28 -o net0 -j SNAT --to-source 192.168.91.2

#-A POSTROUTING -s 172.16.92.0/28 -d 192.168.135.0/24 -o tun0 -j SNAT --to-source 10.17.135.204

-A POSTROUTING -s 192.168.91.0/28 -o ppp0 -j MASQUERADE

-A POSTROUTING -s 172.16.92.0/28 -o ppp0 -j MASQUERADE

COMMIT

*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]

-A INPUT -m conntrack --ctstate INVALID -j DROP
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
#-A INPUT -i net0.7 -j ACCEPT

-A INPUT -p icmp --icmp-type echo-request -j ACCEPT
-A INPUT -p icmp -j LOG

-A INPUT -i net0 -m pkttype --pkt-type multicast -j ACCEPT

-A INPUT -s 192.168.91.3/32 -i net0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -s 192.168.91.4/32 -i net0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -s 192.168.91.6/32 -i net0 -p tcp -m tcp --dport 22 -j ACCEPT

-A INPUT -s 192.168.91.3/32 -i net0 -p tcp -m tcp --dport 445 -j ACCEPT
-A INPUT -s 192.168.91.4/32 -i net0 -p tcp -m tcp --dport 445 -j ACCEPT
-A INPUT -s 192.168.91.6/32 -i net0 -p tcp -m tcp --dport 445 -j ACCEPT
#-A INPUT -s 192.168.91.8/32 -i net0 -p tcp -m tcp --dport 445 -j ACCEPT

-A INPUT -s 192.168.91.0/28 -i net0 -p tcp -m tcp --dport 5001 -j ACCEPT
-A INPUT -s 192.168.91.0/28 -i net0 -p udp -m udp --dport 5001 -j ACCEPT

-A INPUT -s 192.168.91.4/32 -i net0 -p tcp -m tcp --dport 6600 -j ACCEPT
-A INPUT -s 192.168.91.6/32 -i net0 -p tcp -m tcp --dport 6600 -j ACCEPT
-A INPUT -s 192.168.91.7/32 -i net0 -p tcp -m tcp --dport 6600 -j ACCEPT

-A INPUT -s 192.168.91.5/32 -i net0 -p tcp -m tcp --dport 8200 -j ACCEPT
-A INPUT -s 192.168.91.6/32 -i net0 -p tcp -m tcp --dport 8200 -j ACCEPT

-A INPUT -s 192.168.91.5/32 -i net0 -p tcp -m tcp --dport 8201 -j ACCEPT
-A INPUT -s 192.168.91.6/32 -i net0 -p tcp -m tcp --dport 8201 -j ACCEPT

-A INPUT -s 192.168.91.5/32 -i net0 -p tcp -m tcp --dport 8202 -j ACCEPT
-A INPUT -s 192.168.91.6/32 -i net0 -p tcp -m tcp --dport 8202 -j ACCEPT


-A INPUT -s 172.16.93.3/32 -i net0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -s 172.16.93.4/32 -i net0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -s 172.16.93.6/32 -i net0 -p tcp -m tcp --dport 22 -j ACCEPT

-A INPUT -s 172.16.93.4/32 -i net0 -p tcp -m tcp --dport 445 -j ACCEPT
-A INPUT -s 172.16.93.6/32 -i net0 -p tcp -m tcp --dport 445 -j ACCEPT

-A INPUT -s 172.16.93.0/28 -i net0 -p tcp -m tcp --dport 5001 -j ACCEPT
-A INPUT -s 172.16.93.0/28 -i net0 -p udp -m udp --dport 5001 -j ACCEPT

-A INPUT -s 172.16.93.6/32 -i net0 -p tcp -m tcp --dport 5901 -j ACCEPT

-A INPUT -s 172.16.93.4/32 -i net0 -p tcp -m tcp --dport 6600 -j ACCEPT
-A INPUT -s 172.16.93.6/32 -i net0 -p tcp -m tcp --dport 6600 -j ACCEPT
-A INPUT -s 172.16.93.7/32 -i net0 -p tcp -m tcp --dport 6600 -j ACCEPT


-A INPUT -i ap1 -m pkttype --pkt-type multicast -j ACCEPT

-A INPUT -s 172.16.92.4/32 -i ap1 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -s 172.16.92.6/32 -i ap1 -p tcp -m tcp --dport 22 -j ACCEPT

-A INPUT -i ap1 -p udp -m udp --sport 68 --dport 67 -j ACCEPT

#-A INPUT -s 172.16.92.0/28 -i ap1 -p udp -m udp --dport 53 -j ACCEPT
#-A INPUT -s 172.16.92.0/28 -i ap1 -p tcp -m tcp --dport 53 -j ACCEPT
#-A INPUT -s 172.16.92.0/28 -i ap1 -p tcp -m tcp --dport 80 -j ACCEPT
#-A INPUT -s 172.16.92.0/28 -i ap1 -p tcp -m tcp --dport 8080 -j ACCEPT

-A INPUT -s 172.16.92.4/32 -i ap1 -p tcp -m tcp --dport 445 -j ACCEPT
-A INPUT -s 172.16.92.6/32 -i ap1 -p tcp -m tcp --dport 445 -j ACCEPT

-A INPUT -s 172.16.92.0/28 -i ap1 -p tcp -m tcp --dport 5001 -j ACCEPT
-A INPUT -s 172.16.92.0/28 -i ap1 -p udp -m udp --dport 5001 -j ACCEPT

-A INPUT -s 172.16.92.6/32 -i ap1 -p tcp -m tcp --dport 5901 -j ACCEPT

-A INPUT -s 172.16.92.4/32 -i ap1 -p tcp -m tcp --dport 6600 -j ACCEPT
-A INPUT -s 172.16.92.6/32 -i ap1 -p tcp -m tcp --dport 6600 -j ACCEPT
-A INPUT -s 172.16.92.7/32 -i ap1 -p tcp -m tcp --dport 6600 -j ACCEPT

-A INPUT -s 172.16.92.5/32 -i ap1 -p tcp -m tcp --dport 8200 -j ACCEPT
-A INPUT -s 172.16.92.6/32 -i ap1 -p tcp -m tcp --dport 8200 -j ACCEPT

-A INPUT -s 172.16.92.5/32 -i ap1 -p tcp -m tcp --dport 8201 -j ACCEPT
-A INPUT -s 172.16.92.6/32 -i ap1 -p tcp -m tcp --dport 8201 -j ACCEPT

-A INPUT -s 172.16.92.5/32 -i ap1 -p tcp -m tcp --dport 8202 -j ACCEPT
-A INPUT -s 172.16.92.6/32 -i ap1 -p tcp -m tcp --dport 8202 -j ACCEPT


-A INPUT -s 10.6.93.4/32 -i net0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -s 10.6.93.6/32 -i net0 -p tcp -m tcp --dport 22 -j ACCEPT

-A INPUT -s 10.6.93.4/32 -i net0 -p tcp -m tcp --dport 445 -j ACCEPT
-A INPUT -s 10.6.93.6/32 -i net0 -p tcp -m tcp --dport 445 -j ACCEPT

-A INPUT -s 10.6.93.6/32 -i net0 -p tcp -m tcp --dport 5901 -j ACCEPT

-A INPUT -s 10.6.93.4/32 -i net0 -p tcp -m tcp --dport 6600 -j ACCEPT
-A INPUT -s 10.6.93.6/32 -i net0 -p tcp -m tcp --dport 6600 -j ACCEPT

-A INPUT -s 10.17.93.4/32 -i net0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -s 10.17.93.6/32 -i net0 -p tcp -m tcp --dport 22 -j ACCEPT

-A INPUT -s 10.17.93.4/32 -i net0 -p tcp -m tcp --dport 445 -j ACCEPT
-A INPUT -s 10.17.93.6/32 -i net0 -p tcp -m tcp --dport 445 -j ACCEPT

-A INPUT -s 10.17.93.6/32 -i net0 -p tcp -m tcp --dport 5901 -j ACCEPT

-A INPUT -s 10.17.93.4/32 -i net0 -p tcp -m tcp --dport 6600 -j ACCEPT
-A INPUT -s 10.17.93.6/32 -i net0 -p tcp -m tcp --dport 6600 -j ACCEPT

-A INPUT -p tcp -j REJECT --reject-with tcp-reset
-A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable
-A INPUT -j REJECT --reject-with icmp-proto-unreachable



-A FORWARD -m conntrack --ctstate INVALID -j DROP

-A FORWARD -s 192.168.91.0/28 -i net0 -o ppp0 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1452
-A FORWARD -s 172.16.92.0/28 -i ap1 -o ppp0 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1452

-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT


-A FORWARD -s 172.16.92.0/28 -i ap1 -o net0 -j ACCEPT

#-A FORWARD -s 172.16.92.0/28 -i ap1 -o tun0 -j ACCEPT

-A FORWARD -s 192.168.91.0/28 -i net0 -o ppp0 -j ACCEPT

-A FORWARD -d 192.168.91.3/32 -i ppp0 -o net0 -p tcp -m tcp --dport 1194 -j ACCEPT
-A FORWARD -d 192.168.91.3/32 -i ppp0 -o net0 -p udp -m udp --dport 1194 -j ACCEPT

-A FORWARD -d 192.168.91.3/32 -i ppp0 -o net0 -p tcp -m tcp --dport 55555 -j ACCEPT
-A FORWARD -d 192.168.91.3/32 -i ppp0 -o net0 -p udp -m udp --dport 55555 -j ACCEPT

-A FORWARD -s 172.16.92.0/28 -i ap1 -o ppp0 -j ACCEPT


-A FORWARD -p tcp -j REJECT --reject-with tcp-reset
-A FORWARD -p udp -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -j REJECT --reject-with icmp-proto-unreachable

#-A OUTPUT -m conntrack --ctstate INVALID -j LOG
#-A OUTPUT -m conntrack --ctstate INVALID -j DROP


COMMIT

glibc

/etc/locale.gen
en_US.UTF-8 UTF-8  
es_AR.UTF-8 UTF-8  

hdparm

/etc/udev/rules.d/69-save-hdd-live.rules
ACTION=="remove", GOTO="save_hdd_live_end"
SUBSYSTEM!="block", GOTO="save_hdd_live_end"

ENV{ID_TYPE}=="disk", ENV{ID_ATA_FEATURE_SET_APM}=="1", RUN+="/usr/bin/hdparm -B 255 $devnode"
ENV{ID_TYPE}=="disk", ENV{ID_ATA_FEATURE_SET_AAM}=="1", RUN+="/usr/bin/hdparm -M 128 $devnode"
ENV{ID_TYPE}=="disk", ENV{ID_ATA_FEATURE_SET_PM}=="1", RUN+="/usr/bin/hdparm -S 0 $devnode"

LABEL="save_hdd_live_end"

smartmontools

/etc/systemd/system/smartlog@.service 
[Unit]
Description=SMART on disk %i

[Service]
ExecStart=/usr/bin/smartctl -a /dev/%i
SyslogIdentifier=smart-%i
/etc/udev/rules.d/70-smartlog.rules
ACTION=="remove", GOTO="smartlog_end"
SUBSYSTEM!="block", GOTO="smartlog_end"
ENV{DEVTYPE}!="disk", GOTO="smartlog_end"

ENV{ID_ATA_FEATURE_SET_SMART_ENABLED}=="1", ENV{SYSTEMD_WANTS}="smartlog@$name.service"

LABEL="smartlog_end"

hddtemp

/etc/systemd/system/hddtemp.service.d/es.conf 
[Service]
ExecStart=
ExecStart=/usr/bin/hddtemp -dF /dev/sda /dev/sdb /dev/sdc /dev/sdd

lm_sensors

/etc/sensors3.conf
chip "atk0110-*"

    label in0 "Vcore"
    label in1 "3.3V"
    label in2 "5V"
    label in3 "12V"
    label fan1 "CPU Vent"
    label fan2 "Lateral Vent"
    label fan3 "Trasero Vent"
    label fan4 "Frontal Sup Vent"
    label fan5 "Frontal Inf Vent"
    ignore fan6
    ignore fan7
    label temp1 "CPU Temp"
    label temp2 "MBD Temp"

chip "k8temp-*"

    label temp1 "CP0 Temp"
    label temp3 "CP1 Temp"

apcupsd

/usr/lib/systemd/system-shutdown/apc_killpower
#!/bin/sh

if [ -f /etc/apcupsd/powerfail -a "$1" = "poweroff" ]; then
    /etc/apcupsd/apccontrol killpower
fi
/root/bin/ups-mailer
#!/bin/sh

TO="<USER>@<DOMAIN>"
export MAILRC="/root/.mailrc"

/usr/bin/apcaccess status | /usr/bin/mail -s "${0##*/} | $(hostname)" "$TO"

exit 0
/etc/apcupsd/killpower
#!/bin/sh

/usr/bin/beep -f 880 -l 500 -r 3 -n -f 440 -l 1000
/usr/bin/apcupsd --killpower

exit 99


/etc/apcupsd/
├── changeme -> /root/bin/ups-mailer
├── commfailure -> /root/bin/ups-mailer
├── commok -> /root/bin/ups-mailer
├── offbattery -> /root/bin/ups-mailer
└── onbattery -> /root/bin/ups-mailer

s-nail

/root/.mailrc
set sendmail="/usr/bin/msmtp"
set from="Gerardo Exequiel Pozzi <USER@DOMAIN>"

msmtp

/root/.msmtprc
account <USER>
host <DOMAIN>
from <USER@DOMAIN>
auth on
tls on
tls_starttls off
tls_trust_file /etc/ssl/certs/ca-certificates.crt
port 465
user <USER>
password <PASSWORD>

mc

/etc/profile.d/mc.sh
alias mc='. /usr/lib/mc/mc-wrapper.sh'

polkit

/etc/polkit-1/rules.d/20-djgera.rules
polkit.addRule(function(action, subject) {
    if (action.id == "org.freedesktop.login1.set-reboot-to-firmware-setup" ||
        action.id == "org.freedesktop.login1.power-off" ||
        action.id == "org.freedesktop.login1.power-off-ignore-inhibit" ||
        action.id == "org.freedesktop.login1.power-off-multiple-sessions" ||
        action.id == "org.freedesktop.login1.halt" ||
        action.id == "org.freedesktop.login1.halt-ignore-inhibit" ||
        action.id == "org.freedesktop.login1.halt-multiple-sessions" ||
        action.id == "org.freedesktop.login1.reboot" ||
        action.id == "org.freedesktop.login1.reboot-ignore-inhibit" ||
        action.id == "org.freedesktop.login1.reboot-multiple-sessions" ||
        action.id == "org.freedesktop.login1.hibernate" ||
        action.id == "org.freedesktop.login1.hibernate-ignore-inhibit" ||
        action.id == "org.freedesktop.login1.hibernate-multiple-sessions" ||
        action.id == "org.freedesktop.login1.suspend" ||
        action.id == "org.freedesktop.login1.suspend-ignore-inhibit" ||
        action.id == "org.freedesktop.login1.suspend-multiple-sessions") {
        return polkit.Result.NO;
    }
});

filesystem

/etc/fstab
tmp                                             /tmp            tmpfs   nodev,nosuid,size=16G                                   0       0

UUID=f63c34bf-5448-46f6-b3a1-207760f9330d       none            swap    defaults                                                0       0

UUID=7eca5326-794a-4351-a27f-9664ec8a9c7b       /boot           ext4    noatime,nosuid,nodev,noexec                             0       2
UUID=0c46fd32-8210-449d-ab22-c82a413a0e02       /               ext4    noatime,nodev                                           0       0
UUID=d69ba98a-3197-45c1-b76c-f015d671d093       /var            ext4    noatime,nosuid,nodev                                    0       2

UUID=439fbecd-d27d-44db-9fba-d778de6bf917       /home           ext4    nofail,noatime,nosuid,nodev                             0       2

UUID=c6b58ef7-0fd8-4ce7-a889-a3a7a59a4cb5       /mnt/data       xfs     ro,noatime,nosuid,nodev,noexec                          0       2

UUID=c12c7856-3fe8-4c43-8d40-17d5e940ef1c       /mnt/neta0      xfs     ro,noatime,nosuid,nodev,noexec,noauto                   0       2
UUID=f87f2e8d-6e65-436f-a888-85b2d6b35e92       /mnt/neta1      xfs     ro,noatime,nosuid,nodev,noexec,noauto                   0       2
UUID=ca2a19da-4812-4554-84f9-ec8ce5b83440       /mnt/neta2      xfs     ro,noatime,nosuid,nodev,noexec,noauto                   0       2

neta                                            /data/neta      overlay ro,noauto,lowerdir=/mnt/neta0:/mnt/neta1:/mnt/neta2     0       0
/mnt/data                                       /data/data      none    ro,bind                                                 0       0

192.168.91.3:/info/info                         /mnt/info       nfs4    ro,noauto,soft,timeo=10,_netdev                         0       0
/etc/crypttab
home UUID=4be73288-be5c-474a-ab9e-77e4aa2b0e86 none nofail
/etc/nsswitch.conf
passwd: files
group: files
shadow: files

publickey: files

hosts: files dns
networks: files

protocols: files
services: files
ethers: files
rpc: files

netgroup: files
/etc/hosts

127.0.0.1       localhost.localdomain   localhost
::1             localhost.localdomain   localhost

192.168.91.1 router
192.168.91.2 exequiel
192.168.91.3 papucho
192.168.91.4 netbook
192.168.91.5 pandetv
192.168.91.6 fonogera
192.168.91.7 fonovero

172.16.92.2 exequiel
172.16.92.4 netbook
172.16.92.5 pandetv
172.16.92.6 fonogera
172.16.92.7 fonovero

172.16.93.3 papucho
172.16.93.4 netbook
172.16.93.6 fonogera
172.16.93.7 fonovero

10.6.93.3 papucho
10.6.93.4 netbook
10.6.93.6 fonogera

10.17.93.3 papucho
10.17.93.4 netbook
10.17.93.6 fonogera

/etc/profile.d/editor.sh
export VISUAL=mcedit
export EDITOR=mcedit

kmod

/etc/modules-load.d/djgera.conf
#fbcon
/etc/modprobe.d/djgera.conf
#blacklist nvidia
blacklist fbcon
blacklist nouveau
blacklist rtl8187
blacklist pata_amd
blacklist snd_hda_intel
/etc/modprobe.d/nvidia.conf
options nvidia_drm modeset=1

xorg-server

/etc/X11/xorg.conf
Section "Device"
    Identifier     "nvidia0"
    Driver         "nvidia"
    Option         "ConnectToAcpid" "Off"
    Option         "TripleBuffer" "On"
    Option         "MetaModes" "nvidia-auto-select {ForceFullCompositionPipeline = On}"
EndSection

hplip

/etc/udev/rules.d/56-hpmud.rules
ACTION!="add", GOTO="hpmud_rules_end"
SUBSYSTEM=="usb", ENV{DEVTYPE}=="usb_device", GOTO="hpmud_usb_rules"

LABEL="hpmud_usb_rules"

ATTR{idVendor}=="03f0", ATTR{idProduct}=="????", OWNER="root", GROUP="lp", MODE="0664", ENV{SYSTEMD_WANTS}="hplip-printer@$env{BUSNUM}:$env{DEVNUM}.service"

LABEL="hpmud_rules_end"

fontconfig

/etc/fonts/conf.d/
10-autohint.conf
30-metric-aliases.conf
30-ttf-liberation-mono.conf
30-ttf-liberation-sans.conf
30-ttf-liberation-serif.conf
30-urw-aliases.conf
40-nonlatin.conf
45-latin.conf
49-sansserif.conf
50-user.conf
51-local.conf
60-latin.conf
65-fonts-persian.conf
65-nonlatin.conf
69-unifont.conf
70-no-bitmaps.conf
70-no-otf.conf
70-no-type1.conf
80-delicious.conf
90-synthetic.conf
/etc/fonts/conf.avail/70-no-type1.conf
<?xml version="1.0"?>
<!DOCTYPE fontconfig SYSTEM "fonts.dtd">
<fontconfig>
 <selectfont>
  <rejectfont>
    <glob>/usr/share/fonts/OTF/*</glob>
  </rejectfont>
 </selectfont>
</fontconfig>

pacman

/etc/pacman.conf
[options]
HoldPkg     = pacman glibc
Architecture = auto

Color
VerbosePkgLists

SigLevel    = Required DatabaseOptional
LocalFileSigLevel = Optional

[core]
Include = /etc/pacman.d/mirrorlist

[extra]
Include = /etc/pacman.d/mirrorlist

[community]
Include = /etc/pacman.d/mirrorlist

linux-firmware

/etc/pacman.d/hooks/linux-firmware.hook
[Trigger]
Operation = Install
Operation = Upgrade
Type = Package
Target = linux-firmware

[Action]
When = PostTransaction
Exec = /usr/bin/cp /usr/lib/firmware/ath9k_htc/htc_9271-1.4.0.fw /usr/lib/firmware/htc_9271.fw

mpd

/etc/mpd.conf
music_directory		"/data/data/musica"
playlist_directory	"/var/lib/mpd/playlists"
db_file			"/var/lib/mpd/mpd.db"
log_file		"syslog"
pid_file		"/var/run/mpd/mpd.pid"
state_file		"/var/lib/mpd/mpdstate"
user			"mpd"
metadata_to_use		"none"
max_playlist_length	"65536"
audio_output {
    type		"alsa"
    name		"default"
}

avrdude

/etc/udev/rules.d/69-usbasp.rules
ACTION=="remove", GOTO="usbasp_end"

SUBSYSTEM=="usb", ATTR{product}=="USBasp", TAG+="uaccess"

LABEL="usbasp_end"

android-tools

/etc/udev/rules.d/69-android.rules
ACTION=="remove", GOTO="android_end"

# Moto G (titan): ADB
SUBSYSTEM=="usb", ATTR{idVendor}=="22b8", TAG+="uaccess"
# Moto G (titan): TWRP
SUBSYSTEM=="usb", ATTR{idVendor}=="18d1", TAG+="uaccess"


LABEL="android_end"

hostapd

/etc/hostapd/hostapd.conf
interface=ap1
hw_mode=g
ieee80211n=1
ht_capab=[SHORT-GI-20][RX-STBC1]
wmm_enabled=1
channel=1
max_num_sta=5

ssid=/dev/null
auth_algs=1
wpa=2
wpa_key_mgmt=WPA-PSK
rsn_pairwise=CCMP
wpa_psk=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

dnsmasq

/etc/systemd/system/dnsmasq@.service
[Unit]
After=network.target

[Service]
ExecStart=/usr/bin/dnsmasq --no-daemon --user=dnsmasq --conf-file=/etc/dnsmasq.d/%I.conf

[Install]
WantedBy=multi-user.target


/etc/dnsmasq.d/apdevnull.conf
interface=ap1
bind-interfaces
listen-address=172.16.92.2
port=0

dhcp-range=172.16.92.4,172.16.92.14,3600
dhcp-option=option:dns-server,8.8.8.8,8.8.4.4

dhcp-host=1C:65:9D:82:EC:C8,172.16.92.4
dhcp-host=84:A4:66:C2:1B:2D,172.16.92.5
dhcp-host=CC:61:E5:52:4E:AF,172.16.92.6
dhcp-host=90:68:C3:80:0C:75,172.16.92.7
dhcp-host=00:1F:A7:D6:0A:EC,172.16.92.8

minidlna

/etc/systemd/system/minidlna@.service
[Unit]
Description=minidlna %I server
After=network.target

[Service]
User=minidlna
Group=minidlna
ExecStart=/usr/bin/minidlnad -S -f /etc/minidlna.d/%I.conf -P /var/run/minidlna/%I/minidlna.pid
ProtectSystem=full
ProtectHome=on
PrivateDevices=on
NoNewPrivileges=on

[Install]
WantedBy=multi-user.target
/etc/minidlna.d/gera.conf
port=8200
network_interface=net0,ap1
user=minidlna
media_dir=V,/data/data/pelis
media_dir=V,/data/data/videos
friendly_name=gera-pc
db_dir=/var/cache/minidlna/gera
inotify=no
enable_tivo=no
strict_dlna=no
serial=31337
model_number=1
minissdpdsocket=/var/run/minissdpd.sock
root_container=V
uuid=82a79d04-f912-4ba4-b79d-183082478d3b
/etc/minidlna.d/neta.conf
port=8201
network_interface=net0,ap1
user=minidlna
media_dir=V,/data/neta
friendly_name=neta-pc
db_dir=/var/cache/minidlna/neta
inotify=no
enable_tivo=no
strict_dlna=no
serial=31337
model_number=1
minissdpdsocket=/var/run/minissdpd.sock
root_container=V
uuid=eba3b9a9-27ee-4060-bf5f-363f28ed1783

ppp

/etc/ppp/peers/telecom
plugin rp-pppoe.so
net0.150
rp_pppoe_service telecom
user telecom
password telecom
linkname telecom
noauth
noipdefault
nodefaultroute
noproxyarp
persist
maxfail 0
holdoff 3
lcp-echo-failure 3
lcp-echo-interval 45
debug
/etc/ppp/ip-up.d/01-defrt.sh
#!/bin/sh

if [ "${LINKNAME}" = "telecom" ]; then
    ip route add default via ${IPREMOTE} dev ${IFNAME} proto static src ${IPLOCAL} metric 50
fi

kwin

/etc/profile.d/kwin_triple_buffer.sh
export KWIN_TRIPLE_BUFFER=1

ghb

/etc/systemd/system/ghb@.service
[Service]
User=djgera
Environment=DISPLAY=%I
Environment=OCL_ICD_VENDORS=none.icd
LimitAS=3G
CPUQuota=100%
CPUSchedulingPolicy=batch
ExecStart=/usr/bin/ghb

vncserver

/etc/systemd/system/vncserver@.service
[Service]
User=djgera
PAMName=login
ExecStartPre=-/usr/bin/vncserver -kill %I
ExecStart=/usr/bin/vncserver -fg %I
ExecStop=-/usr/bin/vncserver -kill %I
/home/djgera/.vnc/config
geometry=1600x900
SecurityTypes=VncAuth

openssh

/etc/ssh/sshd_config
HostKey /etc/ssh/ssh_host_ed25519_key
HostKeyAlgorithms ssh-ed25519
KexAlgorithms curve25519-sha256@libssh.org
PubkeyAcceptedKeyTypes ssh-ed25519
Ciphers chacha20-poly1305@openssh.com
MACs hmac-sha2-512-etm@openssh.com
AuthorizedKeysFile .ssh/authorized_keys
PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM yes

java-runtime-common

/etc/profile.d/java-awt-font.sh
export _JAVA_OPTIONS='-Dawt.useSystemAAFontSettings=on -Dswing.aatext=true'