From: Frank Brehm <frank@brehm-online.com>
Date: Mon, 4 May 2020 14:44:16 +0000 (+0200)
Subject: saving uncommitted changes in /etc prior to apt run
X-Git-Url: https://git.uhu-banane.org/?a=commitdiff_plain;h=599c309c91cb4ae82469e904ecf1b3764c4a8fc5;p=config%2Fbruni%2Fetc-mint-new1.git

saving uncommitted changes in /etc prior to apt run
---

diff --git a/.etckeeper b/.etckeeper
index 93078d5..cc86380 100755
--- a/.etckeeper
+++ b/.etckeeper
@@ -565,6 +565,10 @@ maybe chmod 0644 'bind/db.255'
 maybe chmod 0644 'bind/db.empty'
 maybe chmod 0644 'bind/db.local'
 maybe chmod 0644 'bind/db.root'
+maybe chgrp 'bind' 'bind/named-acl.conf'
+maybe chmod 0644 'bind/named-acl.conf'
+maybe chgrp 'bind' 'bind/named-log.conf'
+maybe chmod 0644 'bind/named-log.conf'
 maybe chgrp 'bind' 'bind/named.conf'
 maybe chmod 0644 'bind/named.conf'
 maybe chgrp 'bind' 'bind/named.conf.default-zones'
diff --git a/NetworkManager/system-connections/eth0 b/NetworkManager/system-connections/eth0
new file mode 100644
index 0000000..91b7c04
--- /dev/null
+++ b/NetworkManager/system-connections/eth0
@@ -0,0 +1,20 @@
+[connection]
+id=eth0
+uuid=296b8121-62ca-354b-bd4a-e33b0341ee34
+type=ethernet
+autoconnect-priority=-999
+permissions=
+timestamp=1588593584
+
+[ethernet]
+mac-address=44:8A:5B:CD:BF:48
+mac-address-blacklist=
+
+[ipv4]
+dns-search=
+method=auto
+
+[ipv6]
+addr-gen-mode=stable-privacy
+dns-search=
+method=auto
diff --git a/apparmor.d/local/usr.sbin.named b/apparmor.d/local/usr.sbin.named
index e69de29..862964a 100644
--- a/apparmor.d/local/usr.sbin.named
+++ b/apparmor.d/local/usr.sbin.named
@@ -0,0 +1,3 @@
+# /var/lib/samba/private/** rwmk,
+# /usr/lib/x86_64-linux-gnu/** rwmk,
+# /dev/urandom rwmk,
diff --git a/apparmor.d/usr.sbin.named b/apparmor.d/usr.sbin.named
index 4d94706..6d52342 100644
--- a/apparmor.d/usr.sbin.named
+++ b/apparmor.d/usr.sbin.named
@@ -51,6 +51,8 @@
   # syslog do the heavy lifting.
   /var/log/named/** rw,
   /var/log/named/ rw,
+  /var/log/bind/** rw,
+  /var/log/bind/ rw,
 
   # gssapi
   /var/lib/sss/pubconf/krb5.include.d/** r,
diff --git a/apt/sources.list.d/plexmediaserver.list b/apt/sources.list.d/plexmediaserver.list
index fbf9252..3c32ab5 100644
--- a/apt/sources.list.d/plexmediaserver.list
+++ b/apt/sources.list.d/plexmediaserver.list
@@ -1,3 +1,3 @@
 # When enabling this repo please remember to add the PlexPublic.Key into the apt setup.
 # wget -q https://downloads.plex.tv/plex-keys/PlexSign.key -O - | sudo apt-key add -
-#deb https://downloads.plex.tv/repo/deb/ public main
+deb https://downloads.plex.tv/repo/deb/ public main
diff --git a/bind/named-acl.conf b/bind/named-acl.conf
new file mode 100644
index 0000000..71c6f44
--- /dev/null
+++ b/bind/named-acl.conf
@@ -0,0 +1,48 @@
+//###############################################################
+//# Bind9-Konfigurationsdatei - Access-Control-Listen
+//# /etc/bind/named-acl.conf
+//#
+//# Host Bruni
+//#
+//###############################################################
+
+//###############################################################
+//# Access-Control-Listen
+
+/* Deny transfers by default except for the listed hosts.
+ * If we have other name servers, place them here.
+ */
+acl "xfer" {
+    none;
+};
+
+/*
+ * You might put in here some ips which are allowed to use the cache or
+ * recursive queries
+ */
+acl "trusted" {
+    127.0.0.0/8;
+    ::1/128;
+};
+
+acl "local_ips" {
+    127.0.0.0/8;
+    10.0.0.0/8;
+    192.168.0.0/16;
+    172.16.0.0/12;
+    ::1/128;
+    fe80::/10;
+};
+
+acl "private_ips" {
+    10.12.11.0/24;
+    192.168.122.0/24;
+    2001:6f8:1db7::/64;
+    2001:6f8:1c00:365::/64;
+    2a02:8109:9300:488::/64;
+    2a02:8109:ae3f:fa04::/64;
+    2a02:8109:9ec0:cf4::/64;
+    2a01:238:4225:6e00:8f8c:808a:7fb8:88df;
+};
+
+# vim: ts=4 filetype=named noai
diff --git a/bind/named-log.conf b/bind/named-log.conf
new file mode 100644
index 0000000..ca2cc6f
--- /dev/null
+++ b/bind/named-log.conf
@@ -0,0 +1,87 @@
+//###############################################################
+//# Bind9-Konfigurationsdatei Logging
+//# /etc/bind/named-log.conf
+//#
+//# Host Bruni
+//#
+//###############################################################
+
+//###############################################################
+//# Angaben zum Logging
+
+logging {
+
+	//---------------------------------------
+	// Channels
+
+	channel complete_debug {
+		file "/var/log/bind/complete-debug.log";
+		print-category yes;
+		print-severity yes;
+		print-time yes;
+		severity debug 99;
+	};
+
+	channel logtofile {
+		file "/var/log/bind/named.log";
+		print-category yes;
+		print-severity yes;
+		print-time yes;
+		severity info;
+	};
+
+	channel moderate_debug {
+		file "/var/log/bind/debug.log";
+		print-category yes;
+		print-severity yes;
+		print-time yes;
+		severity debug 1;
+	};
+
+	channel query_logging {
+		file "/var/log/bind/query.log";
+		print-time yes;
+	};
+
+	channel security_file {
+		file "/var/log/bind/security.log";
+		print-category yes;
+		print-severity yes;
+		print-time yes;
+		severity dynamic;
+	};
+
+	channel syslog-warning {
+		syslog daemon;
+		severity warning;
+	};
+
+
+	//---------------------------------------
+	// Categories
+
+	category default {
+		default_debug;
+		logtofile;
+	};
+
+	category general {
+		logtofile;
+		syslog-warning;
+	};
+
+	category lame-servers {
+		null;
+	};
+
+	category queries {
+ 		query_logging;
+	};
+
+	category security {
+		security_file;
+	};
+
+};
+
+# vim: ts=4 filetype=named noai
diff --git a/bind/named.conf b/bind/named.conf
index 880786a..150d3a3 100644
--- a/bind/named.conf
+++ b/bind/named.conf
@@ -6,6 +6,10 @@
 //
 // If you are just adding zones, please do that in /etc/bind/named.conf.local
 
+include "/etc/bind/named-acl.conf";
 include "/etc/bind/named.conf.options";
+include "/etc/bind/named-log.conf";
 include "/etc/bind/named.conf.local";
 include "/etc/bind/named.conf.default-zones";
+
+# vim: ts=4 filetype=named noai
diff --git a/bind/named.conf.local b/bind/named.conf.local
index 7a57b10..ec318aa 100644
--- a/bind/named.conf.local
+++ b/bind/named.conf.local
@@ -6,3 +6,47 @@
 // organization
 //include "/etc/bind/zones.rfc1918";
 
+//###############################################################
+//# Forward-Zonen
+
+zone "nexunus.de" IN {
+    type forward;
+    forwarders {
+        138.201.28.135;
+        185.48.118.128;
+        162.254.24.33;
+        185.102.95.107;
+    };
+};
+
+zone "nexunus.com" IN {
+    type forward;
+    forwarders {
+        138.201.28.135;
+        185.48.118.128;
+        162.254.24.33;
+        185.102.95.107;
+    };
+};
+
+zone "nexunus.net" IN {
+    type forward;
+    forwarders {
+        138.201.28.135;
+        185.48.118.128;
+        162.254.24.33;
+        185.102.95.107;
+    };
+};
+
+zone "11.12.10.in-addr.arpa" IN {
+    type forward;
+    forward only;
+    forwarders {
+        185.48.118.128;
+        162.254.24.33;
+        185.102.95.107;
+    };
+};
+
+# vim: ts=4 filetype=named noai noet
diff --git a/bind/named.conf.options b/bind/named.conf.options
index b1bef51..cb9cc32 100644
--- a/bind/named.conf.options
+++ b/bind/named.conf.options
@@ -22,5 +22,78 @@ options {
 
 	auth-nxdomain no;    # conform to RFC1035
 	listen-on-v6 { any; };
+	listen-on { any; };
+
+	allow-query {
+		/*
+		 * Accept queries from our "trusted" ACL.  We will
+		 * allow anyone to query our master zones below.
+		 * This prevents us from becoming a free DNS server
+		 * to the masses.
+		 */
+		trusted;
+		local_ips;
+		private_ips;
+	};
+
+	allow-query-cache {
+		/* Use the cache for the "trusted" ACL. */
+		trusted;
+		local_ips;
+		private_ips;
+	};
+
+	allow-recursion {
+		/* Only trusted addresses are allowed to use recursion. */
+		trusted;
+		local_ips;
+		private_ips;
+	};
+
+	allow-transfer {
+		/* Zone tranfers are denied by default. */
+		trusted;
+		private_ips;
+	};
+
+	allow-update {
+		/* Don't allow updates, e.g. via nsupdate. */
+		none;
+	};
+
+	/*
+	* If you've got a DNS server around at your upstream provider, enter its
+	* IP address here, and enable the line below. This will make you benefit
+	* from its cache, thus reduce overall DNS traffic in the Internet.
+	*
+	* Uncomment the following lines to turn on DNS forwarding, and change
+	*  and/or update the forwarding ip address(es):
+	*/
+	forward first;
+	forwarders {
+	//	123.123.123.123;	// Your ISP NS
+	//	124.124.124.124;	// Your ISP NS
+	//	4.2.2.1;		// Level3 Public DNS
+	//	4.2.2.2;		// Level3 Public DNS
+		10.12.11.254;
+		8.8.8.8;		// Google Open DNS
+		8.8.4.4;		// Google Open DNS
+	};
+
+};
+
+// Managed Keys
+include "/etc/bind/bind.keys";
+
+include "/etc/bind/rndc.key";
+
+controls {
+    inet 127.0.0.1 port 953 allow {
+        127.0.0.1;
+        ::1/128;
+    } keys {
+        "rndc-key";
+    };
 };
 
+# vim: ts=4 filetype=named noai
diff --git a/default/local_service b/default/local_service
new file mode 100644
index 0000000..aee39a8
--- /dev/null
+++ b/default/local_service
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+# TIMEOUT_ON_STOP=5
+
+# vim: et ts=4
diff --git a/libvirt/qemu/Lena.xml b/libvirt/qemu/Lena.xml
new file mode 100644
index 0000000..288a970
--- /dev/null
+++ b/libvirt/qemu/Lena.xml
@@ -0,0 +1,137 @@
+<!--
+WARNING: THIS IS AN AUTO-GENERATED FILE. CHANGES TO IT ARE LIKELY TO BE
+OVERWRITTEN AND LOST. Changes to this xml configuration should be made using:
+  virsh edit Lena
+or other application using the libvirt API.
+-->
+
+<domain type='kvm'>
+  <name>Lena</name>
+  <uuid>cf6ccd52-b20d-4162-a8f5-4f2776d6cabf</uuid>
+  <memory unit='KiB'>4194304</memory>
+  <currentMemory unit='KiB'>4194304</currentMemory>
+  <vcpu placement='static'>2</vcpu>
+  <os>
+    <type arch='x86_64' machine='pc-i440fx-bionic'>hvm</type>
+    <boot dev='hd'/>
+  </os>
+  <features>
+    <acpi/>
+    <apic/>
+    <vmport state='off'/>
+  </features>
+  <cpu mode='host-model' check='partial'>
+    <model fallback='allow'/>
+  </cpu>
+  <clock offset='utc'>
+    <timer name='rtc' tickpolicy='catchup'/>
+    <timer name='pit' tickpolicy='delay'/>
+    <timer name='hpet' present='no'/>
+  </clock>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>destroy</on_crash>
+  <pm>
+    <suspend-to-mem enabled='no'/>
+    <suspend-to-disk enabled='no'/>
+  </pm>
+  <devices>
+    <emulator>/usr/bin/kvm-spice</emulator>
+    <disk type='file' device='disk'>
+      <driver name='qemu' type='qcow2'/>
+      <source file='/var/lib/images/lena-vda.qcow2'/>
+      <target dev='hda' bus='ide'/>
+      <address type='drive' controller='0' bus='0' target='0' unit='0'/>
+    </disk>
+    <disk type='file' device='cdrom'>
+      <driver name='qemu' type='raw'/>
+      <target dev='hdb' bus='ide'/>
+      <readonly/>
+      <address type='drive' controller='0' bus='0' target='0' unit='1'/>
+    </disk>
+    <disk type='file' device='disk'>
+      <driver name='qemu' type='qcow2'/>
+      <source file='/var/lib/images/lena-vdb.qcow2'/>
+      <target dev='vdb' bus='virtio'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x0a' function='0x0'/>
+    </disk>
+    <controller type='usb' index='0' model='ich9-ehci1'>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x7'/>
+    </controller>
+    <controller type='usb' index='0' model='ich9-uhci1'>
+      <master startport='0'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0' multifunction='on'/>
+    </controller>
+    <controller type='usb' index='0' model='ich9-uhci2'>
+      <master startport='2'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x1'/>
+    </controller>
+    <controller type='usb' index='0' model='ich9-uhci3'>
+      <master startport='4'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x2'/>
+    </controller>
+    <controller type='pci' index='0' model='pci-root'/>
+    <controller type='virtio-serial' index='0'>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x06' function='0x0'/>
+    </controller>
+    <controller type='ide' index='0'>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x1'/>
+    </controller>
+    <filesystem type='mount' accessmode='squash'>
+      <source dir='/data/shared'/>
+      <target dir='shared'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x0b' function='0x0'/>
+    </filesystem>
+    <interface type='bridge'>
+      <mac address='52:54:00:07:f4:24'/>
+      <source bridge='br0'/>
+      <model type='virtio'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
+    </interface>
+    <serial type='pty'>
+      <target type='isa-serial' port='0'>
+        <model name='isa-serial'/>
+      </target>
+    </serial>
+    <console type='pty'>
+      <target type='serial' port='0'/>
+    </console>
+    <channel type='unix'>
+      <target type='virtio' name='org.qemu.guest_agent.0'/>
+      <address type='virtio-serial' controller='0' bus='0' port='1'/>
+    </channel>
+    <channel type='spicevmc'>
+      <target type='virtio' name='com.redhat.spice.0'/>
+      <address type='virtio-serial' controller='0' bus='0' port='2'/>
+    </channel>
+    <input type='tablet' bus='usb'>
+      <address type='usb' bus='0' port='1'/>
+    </input>
+    <input type='mouse' bus='ps2'/>
+    <input type='keyboard' bus='ps2'/>
+    <graphics type='spice' autoport='yes' keymap='de'>
+      <listen type='address'/>
+      <image compression='off'/>
+    </graphics>
+    <sound model='ich6'>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
+    </sound>
+    <video>
+      <model type='qxl' ram='65536' vram='65536' vgamem='16384' heads='1' primary='yes'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/>
+    </video>
+    <redirdev bus='usb' type='spicevmc'>
+      <address type='usb' bus='0' port='2'/>
+    </redirdev>
+    <redirdev bus='usb' type='spicevmc'>
+      <address type='usb' bus='0' port='3'/>
+    </redirdev>
+    <memballoon model='virtio'>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x08' function='0x0'/>
+    </memballoon>
+    <rng model='virtio'>
+      <backend model='random'>/dev/urandom</backend>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x09' function='0x0'/>
+    </rng>
+  </devices>
+</domain>
diff --git a/libvirt/qemu/Vera.xml b/libvirt/qemu/Vera.xml
new file mode 100644
index 0000000..2b7c200
--- /dev/null
+++ b/libvirt/qemu/Vera.xml
@@ -0,0 +1,132 @@
+<!--
+WARNING: THIS IS AN AUTO-GENERATED FILE. CHANGES TO IT ARE LIKELY TO BE
+OVERWRITTEN AND LOST. Changes to this xml configuration should be made using:
+  virsh edit Vera
+or other application using the libvirt API.
+-->
+
+<domain type='kvm'>
+  <name>Vera</name>
+  <uuid>13b82c27-3adf-4be8-b705-04e15894611f</uuid>
+  <memory unit='KiB'>2097152</memory>
+  <currentMemory unit='KiB'>2097152</currentMemory>
+  <vcpu placement='static'>2</vcpu>
+  <os>
+    <type arch='x86_64' machine='pc-i440fx-bionic'>hvm</type>
+    <boot dev='hd'/>
+    <bootmenu enable='yes'/>
+  </os>
+  <features>
+    <acpi/>
+    <apic/>
+    <vmport state='off'/>
+  </features>
+  <cpu mode='host-model' check='partial'>
+    <model fallback='allow'/>
+  </cpu>
+  <clock offset='utc'>
+    <timer name='rtc' tickpolicy='catchup'/>
+    <timer name='pit' tickpolicy='delay'/>
+    <timer name='hpet' present='no'/>
+  </clock>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>destroy</on_crash>
+  <pm>
+    <suspend-to-mem enabled='no'/>
+    <suspend-to-disk enabled='no'/>
+  </pm>
+  <devices>
+    <emulator>/usr/bin/kvm-spice</emulator>
+    <disk type='file' device='disk'>
+      <driver name='qemu' type='qcow2'/>
+      <source file='/var/lib/images/vera-vda.qcow2'/>
+      <target dev='vda' bus='virtio'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x08' function='0x0'/>
+    </disk>
+    <disk type='file' device='cdrom'>
+      <driver name='qemu' type='raw'/>
+      <target dev='hda' bus='ide'/>
+      <readonly/>
+      <address type='drive' controller='0' bus='0' target='0' unit='0'/>
+    </disk>
+    <controller type='usb' index='0' model='ich9-ehci1'>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x06' function='0x7'/>
+    </controller>
+    <controller type='usb' index='0' model='ich9-uhci1'>
+      <master startport='0'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x06' function='0x0' multifunction='on'/>
+    </controller>
+    <controller type='usb' index='0' model='ich9-uhci2'>
+      <master startport='2'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x06' function='0x1'/>
+    </controller>
+    <controller type='usb' index='0' model='ich9-uhci3'>
+      <master startport='4'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x06' function='0x2'/>
+    </controller>
+    <controller type='pci' index='0' model='pci-root'/>
+    <controller type='ide' index='0'>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x1'/>
+    </controller>
+    <controller type='virtio-serial' index='0'>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x0'/>
+    </controller>
+    <filesystem type='mount' accessmode='squash'>
+      <source dir='/data/shared'/>
+      <target dir='shared'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
+    </filesystem>
+    <interface type='bridge'>
+      <mac address='52:54:00:50:03:ff'/>
+      <source bridge='br0'/>
+      <model type='virtio'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
+    </interface>
+    <serial type='pty'>
+      <target type='isa-serial' port='0'>
+        <model name='isa-serial'/>
+      </target>
+    </serial>
+    <console type='pty'>
+      <target type='serial' port='0'/>
+    </console>
+    <channel type='unix'>
+      <target type='virtio' name='org.qemu.guest_agent.0'/>
+      <address type='virtio-serial' controller='0' bus='0' port='1'/>
+    </channel>
+    <channel type='spicevmc'>
+      <target type='virtio' name='com.redhat.spice.0'/>
+      <address type='virtio-serial' controller='0' bus='0' port='2'/>
+    </channel>
+    <input type='tablet' bus='usb'>
+      <address type='usb' bus='0' port='1'/>
+    </input>
+    <input type='mouse' bus='ps2'/>
+    <input type='keyboard' bus='ps2'/>
+    <graphics type='spice' autoport='yes'>
+      <listen type='address'/>
+      <image compression='off'/>
+    </graphics>
+    <sound model='ich6'>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/>
+    </sound>
+    <video>
+      <model type='qxl' ram='65536' vram='65536' vgamem='16384' heads='1' primary='yes'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/>
+    </video>
+    <redirdev bus='usb' type='spicevmc'>
+      <address type='usb' bus='0' port='2'/>
+    </redirdev>
+    <redirdev bus='usb' type='spicevmc'>
+      <address type='usb' bus='0' port='3'/>
+    </redirdev>
+    <memballoon model='virtio'>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x09' function='0x0'/>
+    </memballoon>
+    <rng model='virtio'>
+      <backend model='random'>/dev/urandom</backend>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x0a' function='0x0'/>
+    </rng>
+  </devices>
+</domain>
diff --git a/systemd/system/local.service b/systemd/system/local.service
new file mode 100644
index 0000000..ba700ac
--- /dev/null
+++ b/systemd/system/local.service
@@ -0,0 +1,12 @@
+[Unit]
+Description=Executed scripts after booting
+After=remote-fs.target postfix.service networking.service rsyslog.service ssh.service bind9.service netfilter-persistent.service libvirt-guests.service mariadb.service
+
+[Service]
+ExecStart=/usr/local/sbin/local_service start
+ExecStop=/usr/local/sbin/local_service stop
+Type=oneshot
+RemainAfterExit=yes
+
+[Install]
+WantedBy=multi-user.target
diff --git a/systemd/system/multi-user.target.wants/local.service b/systemd/system/multi-user.target.wants/local.service
new file mode 120000
index 0000000..0a7150a
--- /dev/null
+++ b/systemd/system/multi-user.target.wants/local.service
@@ -0,0 +1 @@
+/etc/systemd/system/local.service
\ No newline at end of file