🦈🏠🐜❗ Initial Commit ❗🐜🦈🏠

files/config/dhcp/dhcpd4.conf

@@ -0,0 +1,102 @@
+######
+#Domain REPLACE_DOMAIN is dynamic DNS
+#
+#DHCP                        REPLACE_IPV4_ADDRESS
+
+
+key rndc-key {
+algorithm hmac-md5;
+secret REPLACE_WITH_RNDC_KEY;
+}
+
+zone REPLACE_DOMAIN {
+primary 127.0.0.1;
+key rndc-key;
+}
+
+zone in-addr.arpa. {
+primary 127.0.0.1;
+key rndc-key;
+}
+
+#option T150 code 150 = string;
+#option wpad-url code 252 = text;
+#option wpad-url "http://REPLACE_DOMAIN/wpad.dat ";
+
+authoritative;
+ddns-ttl 3600;
+ddns-updates on;
+ddns-update-style interim;
+update-static-leases on;
+update-conflict-detection off;
+update-optimization on;
+use-host-decl-names on;
+ddns-domainname "REPLACE_DOMAIN";
+ddns-rev-domainname "in-addr.arpa.";
+allow client-updates;
+allow unknown-clients;
+allow booting ;
+allow bootp ;
+next-server REPLACE_IPV4_ADDRESS;
+filename "linux.0";
+max-lease-time 3600;
+default-lease-time 3600;
+dynamic-bootp-lease-length 3600;
+
+subnet REPLACE_IPV4_SUBNET netmask REPLACE_IPV4_NETMASK {
+dynamic-bootp-lease-length 3600;
+option slp-directory-agent true REPLACE_IPV4_ADDRESS;
+option log-servers REPLACE_IPV4_ADDRESS;
+option time-servers REPLACE_IPV4_ADDRESS;
+allow client-updates;
+ddns-updates on;
+update-conflict-detection off;
+update-static-leases true;
+option routers REPLACE_IPV4_GATEWAY;
+option subnet-mask REPLACE_IPV4_NETMASK;
+option nis-domain "REPLACE_DOMAIN";
+option domain-name "REPLACE_DOMAIN";
+option domain-search "REPLACE_DOMAIN";
+option domain-name-servers REPLACE_IPV4_ADDRESS;
+option time-offset -18000;
+option ntp-servers REPLACE_IPV4_ADDRESS;
+option netbios-name-servers REPLACE_IPV4_ADDRESS;
+option netbios-node-type 8;
+range dynamic-bootp REPLACE_IPV4_ADDR_START REPLACE_IPV4_ADDR_END;
+default-lease-time 3600;
+max-lease-time 3600;
+authoritative;
+allow unknown-clients;
+allow booting;
+allow bootp;
+update-static-leases on;
+next-server REPLACE_IPV4_ADDRESS;
+filename "pxelinux.0";
+}
+
+option architecture-type code 93 = unsigned integer 16;
+
+class "pxeclients" {
+    match if substring (option vendor-class-identifier, 0, 9) = "PXEClient";
+
+    if option architecture-type = 0 {
+        filename "pxelinux.0";
+    } elsif option architecture-type = 9 {
+        filename "syslinux64.efi";
+    } elsif option architecture-type = 7 {
+        filename "syslinux64.efi";
+    } elsif option architecture-type = 6 {
+        filename "syslinux32.efi";
+    }
+}
+
+## Begin Fixed Addresses ##
+#Servers                        REPLACE_IPV4_ADDRESS
+#################################################
+
+# host ddns {
+#   hardware ethernet 52:54:00:8f:c5:cb;
+#   fixed-address REPLACE_IPV4_ADDRESS;
+#   ddns-hostname monitor;
+#   ddns-domainname "REPLACE_DOMAIN";
+# }

files/config/dhcp/dhcpd6.conf

@@ -0,0 +1,99 @@
+#Domain REPLACE_DOMAIN is dynamic DNS
+#
+#Servers                        REPLACE_IPV6_ADDR
+
+key rndc-key {
+algorithm hmac-md5;
+secret REPLACE_WITH_RNDC_KEY;
+}
+
+zone REPLACE_DOMAIN {
+primary 127.0.0.1;
+key rndc-key;
+}
+
+zone ip6.arpa {
+primary 127.0.0.1;
+key rndc-key;
+}
+
+#option T150 code 150 = string;
+#option wpad-url code 252 = text;
+#option wpad-url "http://REPLACE_DOMAIN/wpad.dat";
+
+authoritative;
+ddns-ttl 3600;
+ddns-updates on;
+ddns-update-style interim;
+update-static-leases on;
+update-conflict-detection off;
+update-optimization on;
+use-host-decl-names on;
+ddns-domainname "REPLACE_DOMAIN";
+ddns-rev-domainname "ip6.arpa.";
+allow client-updates;
+allow unknown-clients;
+allow booting ;
+allow bootp ;
+option dhcp6.bootfile-url "tftp://[REPLACE_IPV6_ADDRESS]/linux.0";
+option dhcp6.bootfile-url code 59 = string ;
+max-lease-time 43200;
+default-lease-time 43200;
+dynamic-bootp-lease-length 43200;
+
+subnet6 REPLACE_IPV6_SUBNET/REPLACE_IPV6_SUBNET {
+dynamic-bootp-lease-length 3600;
+allow client-updates;
+ddns-ttl 43200;
+ddns-updates on;
+ddns-update-style standard;
+update-static-leases on;
+update-static-leases true;
+update-conflict-detection off;
+update-optimization false;
+use-host-decl-names on;
+ddns-domainname "REPLACE_DOMAIN";
+ddns-rev-domainname "ip6.arpa";
+option subnet-mask IPV4_ADDR_NETMASK;
+option nis-domain "REPLACE_DOMAIN";
+option domain-name "REPLACE_DOMAIN";
+option dhcp6.name-servers REPLACE_IPV6_ADDRESS;
+option time-offset -18000;
+option netbios-node-type 8;
+option dhcp6.domain-search "REPLACE_DOMAIN";
+range6 REPLACE_IPV6_ADDR_START REPLACE_IPV6_ADDR_END;
+default-lease-time 43200;
+max-lease-time 43200;
+authoritative;
+allow unknown-clients;
+allow booting;
+allow bootp;
+option dhcp6.bootfile-url "tftp://[REPLACE_IPV6_ADDRESS]/linux.0";
+}
+
+option architecture-type code 93 = unsigned integer 16;
+
+class "pxeclients" {
+    match if substring (option vendor-class-identifier, 0, 9) = "PXEClient";
+
+    if option architecture-type = 0 {
+        filename "pxelinux.0";
+    } elsif option architecture-type = 9 {
+        filename "syslinux64.efi";
+    } elsif option architecture-type = 7 {
+        filename "syslinux64.efi";
+    } elsif option architecture-type = 6 {
+        filename "syslinux32.efi";
+    }
+}
+
+## Begin Fixed Addresses ##
+#Servers                        REPLACE_IPV6_ADDRESS
+#################################################
+
+# host ddns {
+#   hardware ethernet 00:50:56:a1:87:a8;
+#   fixed-address6 REPLACE_IPV6_ADDRESS;
+#   ddns-hostname ddns;
+#   ddns-domainname "REPLACE_DOMAIN";
+# }

files/config/named.conf

@@ -0,0 +1,38 @@
+#
+options {
+version "";
+directory "/var/named";
+pid-file "/var/run/named/named.pid";
+dump-file "/var/named/data/dump.db";
+memstatistics-file "/var/log/named/mem.stats";
+statistics-file "/var/log/named/named.stats";
+zone-statistics yes;
+max-cache-size 15m;
+interface-interval 60;
+lame-ttl 0;
+max-ncache-ttl 10800;
+recursion yes;
+allow-transfer { any; };
+allow-recursion { any; };
+allow-query { any; };
+transfer-format many-answers;
+listen-on { any; };
+listen-on-v6 { any; };
+notify yes;
+also-notify { };
+dnssec-validation auto;
+managed-keys-directory "/etc/named/keys/";
+
+forwarders { 1.1.1.1; 8.8.8.8; 8.8.4.4; 9.9.9.9; };
+};
+
+include "/etc/named/config/0000-logging.conf";
+include "/etc/named/config/0001-rndc.key";
+include "/etc/named/config/0001-rndc.conf";
+include "/etc/named/config/0002-acl.conf";
+
+include "/etc/named/zones/000-hint.conf";
+include "/etc/named/zones/000-localhost.zone";
+include "/etc/named/zones/000-localdomain.zone";
+include "/etc/named/zones/001-ddns.zone";
+include "/etc/named/zones/000-tor.zone";

files/config/named/certbot-update.conf

@@ -0,0 +1,8 @@
+#Certbot DNS 
+dns_rfc2136_server = 127.0.0.1
+# TSIG key name
+dns_rfc2136_name = certbot.
+# TSIG key secret
+dns_rfc2136_secret = REPLACE_WITH_RNDC_KEY
+# TSIG key algorithm
+dns_rfc2136_algorithm = HMAC-MD5

files/config/named/common/001-soa.inc

@@ -0,0 +1,9 @@
+;default soa records
+$TTL 38400  ; 10 hours 40 minutes
+@       IN SOA  dns dns-admin (
+        2021040901 ; serial
+        10800      ; refresh (3 hours)
+        3600       ; retry (1 hour)
+        1209600    ; expire (2 weeks)
+        38400      ; minimum (10 hours 40 minutes)
+        )

files/config/named/common/002-nameservers.inc

@@ -0,0 +1,2 @@
+;default nameservers
+@         IN    NS      dns

files/config/named/common/003-dns.inc

@@ -0,0 +1,8 @@
+;local dns
+dns        IN    A           REPLACE_IPV4_ADDRESS
+dns        IN    AAAA        REPLACE_IPV6_ADDRESS
+
+default._domainkey      IN      TXT     ( "v=DKIM1; k=rsa; "
+          "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDWQ16IV4OzWniRotqTNUvuwO5KknZMm5F5cOQl+Ch20Zm5D3RSL27AcjGE8DXIlkADDG3jFoXKOPilmCyf6ikqDX9PwBpeveY6ugaASMl6DHK4PSGZby6EmFuNu59kIpPJXac7Wwvy7Kd5mWVTZBxQt3ersDf8KRzL+Akr0IE7DwIDAQAB" )  ;
+*.default._domainkey      IN      TXT     ( "v=DKIM1; k=rsa; "
+          "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDWQ16IV4OzWniRotqTNUvuwO5KknZMm5F5cOQl+Ch20Zm5D3RSL27AcjGE8DXIlkADDG3jFoXKOPilmCyf6ikqDX9PwBpeveY6ugaASMl6DHK4PSGZby6EmFuNu59kIpPJXac7Wwvy7Kd5mWVTZBxQt3ersDf8KRzL+Akr0IE7DwIDAQAB" )  ;

files/config/named/config/0000-logging.conf

@@ -0,0 +1,104 @@
+logging {
+  # channel default {
+  #   file "/data/log/dns/default.log";
+  #   severity debug;
+  #   print-category yes;
+  #   print-severity yes;
+  #   print-time yes;
+  #   };
+  # category lame-servers {
+  #   default;
+  #   };
+  # category dispatch {
+  #   default;
+  #   };
+  # category network {
+  #   default;
+  #   };
+  # category unmatched {
+  #   default;
+  #   };
+  # category client {
+  #   default;
+  #   };
+  # category resolver {
+  #   default;
+  #   };
+  # category config {
+  #   default;
+  #   };
+  # category database {
+  #   default;
+  #   };
+  # category general {
+  #   default;
+  #   };
+  # category default {
+  #   default;
+  #   };
+
+  channel security {
+    file "/data/log/dns/default.log";
+    severity dynamic;
+    print-severity yes;
+    print-time yes;
+    };
+  category security {
+    security;
+    };
+  category dnssec {
+    security;
+    };
+
+  channel xfer-in {
+    file "/data/log/dns/default.log";
+    severity info;
+    print-category yes;
+    print-severity yes;
+    print-time yes;
+    };
+  category xfer-in {
+    xfer-in;
+    };
+  channel xfer-out {
+    file "/data/log/dns/default.log";
+    severity info;
+    print-category yes;
+    print-severity yes;
+    print-time yes;
+    };
+  category xfer-out {
+    xfer-out;
+    };
+
+  channel update {
+    file "/data/log/dns/default.log";
+    severity info;
+    print-category yes;
+    print-severity yes;
+    print-time yes;
+    };
+  category update {
+    update;
+    };
+
+  channel notify {
+    file "/data/log/dns/default.log";
+    severity info;
+    print-category yes;
+    print-severity yes;
+    print-time yes;
+    };
+  category notify {
+    notify;
+    };
+
+  channel querylog {
+    file "/data/log/dns/default.log";
+    severity info;
+    print-time yes;
+    };
+  category queries {
+    querylog;
+    };
+};

files/config/named/config/0001-rndc.conf

@@ -0,0 +1,3 @@
+controls {
+        inet 127.0.0.1 allow { trusted; } keys { "rndc-key"; };
+};

files/config/named/config/0001-rndc.key

@@ -0,0 +1,4 @@
+key "rndc-key" {
+  algorithm hmac-md5;
+  secret "REPLACE_WITH_RNDC_KEY";
+};

files/config/named/config/0002-acl.conf

@@ -0,0 +1,10 @@
+ acl "trusted" {
+    127.0.0.0/8;
+    10.0.0.0/8;
+    172.0.0.0/12;
+    192.168.0.0/16;
+    ::1/128;
+    2001:db8:edfa:1234::/64;
+    localhost;
+    localnets;
+};

files/config/named/hosted/host.ddns.conf

@@ -0,0 +1,5 @@
+;host info
+@          HINFO       "HP DL360" "CentOS"
+*          HINFO       "HP DL360" "CentOS"
+@          IN  TXT     "Hosted on REPLACE_DOMAIN"
+*          IN  TXT     "Hosted on REPLACE_DOMAIN"

files/config/named/hosted/ip.ddns.conf

@@ -0,0 +1,5 @@
+;default server
+@        IN      A         REPLACE_IPV4_ADDRESS
+*        IN      A         REPLACE_IPV4_ADDRESS
+@        IN      AAAA      REPLACE_IPV6_ADDRESS
+*        IN      AAAA      REPLACE_IPV6_ADDRESS

files/config/named/keys/managed-keys.bind

@@ -0,0 +1,33 @@
+$ORIGIN .
+$TTL 0	; 0 seconds
+@			IN SOA	. . (
+				1930       ; serial
+				0          ; refresh (0 seconds)
+				0          ; retry (0 seconds)
+				0          ; expire (0 seconds)
+				0          ; minimum (0 seconds)
+				)
+			KEYDATA	20201227202202 20180303084353 19700101000000 257 3 8 (
+				AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQ
+				bSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh
+				/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWA
+				JQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXp
+				oY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3
+				LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGO
+				Yl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGc
+				LmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0=
+				) ; KSK; alg = RSASHA256; key id = 19036
+				; next refresh: Sun, 27 Dec 2020 20:22:02 GMT
+				; trusted since: Sat, 03 Mar 2018 08:43:53 GMT
+			KEYDATA	20201227202202 20180303084353 19700101000000 257 3 8 (
+				AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTO
+				iW1vkIbzxeF3+/4RgWOq7HrxRixHlFlExOLAJr5emLvN
+				7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5
+				LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF0jLHwVN8
+				efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7
+				pr+eoZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLY
+				A4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnXGXws
+				9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU=
+				) ; KSK; alg = RSASHA256; key id = 20326
+				; next refresh: Sun, 27 Dec 2020 20:22:02 GMT
+				; trusted since: Sat, 03 Mar 2018 08:43:53 GMT

files/config/named/zones/000-hint.conf

@@ -0,0 +1,4 @@
+zone "." in {
+        type hint;
+        file "data/hint";
+};

files/config/named/zones/000-localdomain.zone

@@ -0,0 +1,6 @@
+zone "local" {
+    type master;
+    file "data/localdomain.conf";
+    allow-update { trusted; };
+    allow-transfer { trusted; };
+};

files/config/named/zones/000-localhost.zone

@@ -0,0 +1,14 @@
+zone "localhost" {
+       type master;
+       file "data/localhost.zone";
+};
+
+zone "0.0.127.in-addr.arpa" {
+       type master;
+       file "data/localhost4.rev";
+};
+
+zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" {
+       type master;
+       file "data/localhost6.rev";
+};

files/config/named/zones/000-tor.zone

@@ -0,0 +1,10 @@
+zone "onion"  {
+   type forward;
+   forward only;
+   forwarders { 127.0.0.1 port 8053; };
+};
+zone "exit"  {
+   type forward;
+   forward only;
+   forwarders { 127.0.0.1 port 8053; };
+};

files/config/named/zones/001-ddns.zone

@@ -0,0 +1,21 @@
+zone "REPLACE_DOMAIN" {
+    type master;
+    file "dynamic/ddns.zone";
+    allow-update { trusted; };
+    allow-transfer { trusted; };
+};
+
+zone "in-addr.arpa" {
+    type master;
+    file "reverse/in-addr.arpa.rev";
+    allow-update { trusted; };
+    allow-transfer { trusted; };
+
+};
+
+zone "ip6.arpa" {
+    type master;
+    file "reverse/ip6.arpa.rev";
+    allow-update { trusted; };
+    allow-transfer { trusted; };
+};

files/config/radvd.conf

@@ -0,0 +1,10 @@
+# RADVD with DHCPd6 configuration
+# /etc/radvd.conf
+interface eth0 {
+        AdvManagedFlag on;
+        AdvSendAdvert on;
+#        AdvAutonomous off;
+        AdvOtherConfigFlag on;
+        MinRtrAdvInterval 3;
+        MaxRtrAdvInterval 60;
+};

files/config/tor/torrc

@@ -0,0 +1,49 @@
+## https://github.com/torproject/tor/blob/main/src/config/torrc.sample.in
+############### Configuration file for a typical Tor user
+ControlSocket /run/tor/control
+ControlSocketsGroupWritable 1
+CookieAuthentication 1
+CookieAuthFile /run/tor/control.authcookie
+CookieAuthFileGroupReadable 1
+SOCKSPort 9050
+SOCKSPolicy accept *
+RunAsDaemon 0
+DataDirectory /var/lib/tor
+ControlPort 9051
+Log notice stderr
+#HashedControlPassword 16:kfhkajdsfhkjadhfiuhfhdjcahsf
+
+############### dnsforwarder
+DNSPort 8053
+AutomapHostsOnResolve 1
+AutomapHostsSuffixes .exit,.onion
+
+############### This section is just for location-hidden services ###
+#HiddenServiceDir /data/tor/hidden/default
+#HiddenServicePort 22 127.0.0.2:22
+
+################ This section is just for relays #####################
+#ORPort 9001
+#ORPort 443 NoListen
+#ORPort 127.0.0.1:9090 NoAdvertise
+#Address noname.example.com
+# OutboundBindAddress 10.0.0.5
+#Nickname ididnteditheconfig
+#RelayBandwidthRate 100 KBytes  # Throttle traffic to 100KB/s (800Kbps)
+#RelayBandwidthBurst 200 KBytes # But allow bursts up to 200KB (1600Kb)
+#AccountingMax 40 GBytes
+#AccountingStart day 00:00
+#AccountingStart month 3 15:00
+#ContactInfo Random Person <nobody AT example dot com>
+#DirPort 9030 # what port to advertise for directory connections
+#DirPort 80 NoListen
+#DirPort 127.0.0.1:9091 NoAdvertise
+#DirPortFrontPage /etc/tor/tor-exit-notice.html
+#MyFamily $keyid,$keyid,...
+#ExitPolicy accept *:6660-6667,reject *:* # allow irc ports on IPv4 and IPv6 but no more
+#ExitPolicy accept *:119 # accept nntp ports on IPv4 and IPv6 as well as default exit policy
+#ExitPolicy accept *4:119 # accept nntp ports on IPv4 only as well as default exit policy
+#ExitPolicy accept6 *6:119 # accept nntp ports on IPv6 only as well as default exit policy
+#ExitPolicy reject *:* # no exits allowed
+#BridgeRelay 1
+#PublishServerDescriptor 0