diff --git a/_debpkgs/_backports.sh b/_debpkgs/_backports.sh
deleted file mode 100644
index a87a0b6b8fee489c35e0e73d8c88c2c69eef109c..0000000000000000000000000000000000000000
--- a/_debpkgs/_backports.sh
+++ /dev/null
@@ -1,32 +0,0 @@
-if [[ $(lsb_release -cs) = "buster" ]]; then
- APT_BACKPORTS_SRC=/etc/apt/sources.list.d/backports.list
- APT_BACKPORTS_REPO=$(lsb_release -cs)-backports
- BACKPORTS_DIRTY=
- if ! [[ -f $APT_BACKPORTS_SRC ]]; then
- echo "deb http://ftp.fi.muni.cz/pub/linux/debian/ $APT_BACKPORTS_REPO main contrib non-free" > $APT_BACKPORTS_SRC
- echo "deb-src http://ftp.fi.muni.cz/pub/linux/debian/ $APT_BACKPORTS_REPO main contrib non-free" >> $APT_BACKPORTS_SRC
- BACKPORTS_DIRTY=1
- fi
- APT_PIN=/etc/apt/preferences.d/
- APT_STABLE_PIN=$APT_PIN/30_stable
- if ! [[ -f $APT_STABLE_PIN ]]; then
- cat > $APT_STABLE_PIN <<EOF
-Package: *
-Pin: release a=stable
-Pin-Priority: 900
-EOF
- BACKPORTS_DIRTY=1
- fi
- APT_BACKPORTS_PIN=$APT_PIN/31_backports
- if ! [[ -f $APT_BACKPORTS_PIN ]]; then
- cat > $APT_BACKPORTS_PIN <<EOF
-Package: *
-Pin: release a=$APT_BACKPORTS_REPO
-Pin-Priority: 750
-EOF
- BACKPORTS_DIRTY=1
- fi
- if [[ -n "$BACKPORTS_DIRTY" ]]; then
- apt update
- fi
-fi
diff --git a/_debpkgs/_basic_paradise.sh b/_debpkgs/_basic_paradise.sh
deleted file mode 100644
index a1f41d86e38fb7fa1dab0c05eed420a180d9bea1..0000000000000000000000000000000000000000
--- a/_debpkgs/_basic_paradise.sh
+++ /dev/null
@@ -1,2 +0,0 @@
-. _basic_system.sh
-apt install -yy nfs-common
diff --git a/_debpkgs/_basic_system.sh b/_debpkgs/_basic_system.sh
deleted file mode 100644
index 8e5421aa2e7f218322cfee8de6a5d3fb938ac799..0000000000000000000000000000000000000000
--- a/_debpkgs/_basic_system.sh
+++ /dev/null
@@ -1,9 +0,0 @@
-set -Eeuxo pipefail
-
-apt install -yy postfix bsd-mailx \
- libnet-ldap-perl \
- krb5-config krb5-user libpam-krb5 oidentd nftables rsync \
- strace sudo screen tcpdump arch-install-scripts acl gnupg curl wget zstd tree \
- unattended-upgrades apt-listchanges \
- build-essential \
- bash-completion apt-file smartmontools
diff --git a/_debpkgs/_common_system.sh b/_debpkgs/_common_system.sh
deleted file mode 100644
index 95827f4d9a0959a43f6ea83edcaea96a3dbad28b..0000000000000000000000000000000000000000
--- a/_debpkgs/_common_system.sh
+++ /dev/null
@@ -1,19 +0,0 @@
-. _backports.sh
-if [[ -n "$APT_BACKPORTS_REPO" ]]; then
- apt install -t $APT_BACKPORTS_REPO -yy git
-fi
-apt install -yy \
- irssi \
- lm-sensors \
- zip \
- htop \
- tree \
- tmux \
- zsh \
- fish \
- moreutils \
- neovim \
- pinentry-curses \
- pinentry-tty \
- pandoc \
- pandoc-citeproc
diff --git a/_debpkgs/_ghc.sh b/_debpkgs/_ghc.sh
deleted file mode 100644
index 0f98cf3cd2dec38a174d97598185b374bf9e9bee..0000000000000000000000000000000000000000
--- a/_debpkgs/_ghc.sh
+++ /dev/null
@@ -1,8 +0,0 @@
-APT_GHC_SRC=/etc/apt/sources.list.d/ghc.list
-APT_GHC_REPO=$(lsb_release -cs)
-if ! [ -f $APT_GHC_SRC ]; then
- apt-key adv --keyserver keyserver.ubuntu.com --recv-keys BA3CBA3FFE22B574
- echo "deb http://downloads.haskell.org/debian $APT_GHC_REPO main" > $APT_GHC_SRC
- apt update
-fi
-apt install -yy ghc-8.10.1 cabal-install-3.2
diff --git a/_debpkgs/_llvm10.sh b/_debpkgs/_llvm10.sh
deleted file mode 100644
index 64180eaec036457fe7d45503cd53ac530e89455c..0000000000000000000000000000000000000000
--- a/_debpkgs/_llvm10.sh
+++ /dev/null
@@ -1,29 +0,0 @@
-APT_LLVM10_SRC=/etc/apt/sources.list.d/llvm10.list
-APT_LLVM10_REPO=llvm-toolchain-$(lsb_release -cs)-10
-if ! [ -f $APT_LLVM10_SRC ]; then
- wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | apt-key add -
- cat > $APT_LLVM10_SRC <<EOF
-deb http://apt.llvm.org/buster/ $APT_LLVM10_REPO main
-deb-src http://apt.llvm.org/buster/ $APT_LLVM10_REPO main
-EOF
- apt update
-fi
-apt install -y -t $APT_LLVM10_REPO \
- libllvm10 \
- llvm-10 \
- llvm-10-dev \
- llvm-10-doc \
- llvm-10-runtime \
- clang-10 \
- clang-tools-10 \
- clang-10-doc \
- libclang-common-10-dev \
- libclang-10-dev \
- libclang1-10 \
- clang-format-10 \
- clangd-10 \
- lldb-10 \
- lld-10 \
- libc++-10-dev \
- libc++abi-10-dev \
- libomp-10-dev
diff --git a/_debpkgs/_postgresql.sh b/_debpkgs/_postgresql.sh
deleted file mode 100644
index b5c48e7688a322adce342a2448d43e0447f9d12d..0000000000000000000000000000000000000000
--- a/_debpkgs/_postgresql.sh
+++ /dev/null
@@ -1,8 +0,0 @@
-APT_PG_SRC=/etc/apt/sources.list.d/postgresql.list
-APT_PG_REPO=$(lsb_release -cs)-pgdg
-if ! [ -f $APT_PG_SRC ]; then
- echo "deb http://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" > $APT_PG_SRC
- wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add -
- apt update
-fi
-apt install -yy -t $APT_PG_REPO postgresql-client-12
diff --git a/_debpkgs/anna.sh b/_debpkgs/anna.sh
deleted file mode 100755
index b621f83b5ed15ae0a7c2c7d069c210884f6b6557..0000000000000000000000000000000000000000
--- a/_debpkgs/anna.sh
+++ /dev/null
@@ -1,12 +0,0 @@
-#!/usr/bin/env bash
-. _basic_paradise.sh
-
-apt install -yy nginx libnginx-mod-http-auth-pam certbot python-certbot-nginx \
- fcgiwrap \
- python-requests # for trac
-
-. _postgresql.sh
-apt install -yy -t $APT_PG_REPO postgresql-12 libpq-dev
-. _ghc.sh
-. _common_system.sh
-
diff --git a/_debpkgs/eval-pv264.sh b/_debpkgs/eval-pv264.sh
deleted file mode 100644
index 32f90ea6ad66818bba0b84c2af0b0be1e11a4d8d..0000000000000000000000000000000000000000
--- a/_debpkgs/eval-pv264.sh
+++ /dev/null
@@ -1,25 +0,0 @@
-systemctl disable dhcpcd # we use Open Nebula context
-. _basic_system.sh
-. _postgresql.sh
-apt install -t $APT_PG_REPO -yy \
- libpq-dev
-. _backports.sh
-if [[ -n "$APT_BACKPORTS_REPO" ]]; then
- apt install -t $APT_BACKPORTS_REPO -yy \
- git \
- cmake \
- ninja-build
-fi
-apt install -yy \
- zlib1g-dev \
- darcs \
- util-linux \
- libldap2-dev \
- libcurl4-gnutls-dev \
- libexpat1-dev \
- libacl1-dev
-. _llvm10.sh
-if ! dpkg -s one-context >&/dev/null; then
- wget https://github.com/OpenNebula/addon-context-linux/releases/download/v5.12.0/one-context_5.12.0-1.deb -O /tmp/one-context.deb
- dpkg --install /tmp/one-context.deb || apt-get install -fy
-fi
diff --git a/_debpkgs/pythia.sh b/_debpkgs/pythia.sh
deleted file mode 100644
index bab7ae10dff2551e4063dbddc5f1dddeca4cd61c..0000000000000000000000000000000000000000
--- a/_debpkgs/pythia.sh
+++ /dev/null
@@ -1,2 +0,0 @@
-. _basic_paradise.sh
-. _common_system.sh
diff --git a/backup.sh b/backup.sh
deleted file mode 100755
index fd3c53fdf738905b2c97073f38d3ceaaf3d12e0d..0000000000000000000000000000000000000000
--- a/backup.sh
+++ /dev/null
@@ -1,24 +0,0 @@
-#!/bin/sh
-
-set -x
-
-FREQ=$1; shift
-POSTGRES=/root/backup/postgres
-BACKUP=/root/backup
-
-if [[ "$FREQ" = "daily" ]]; then
- mkdir -p $POSTGRES
- ssh postgres@anna "pg_dumpall" | xz -9 -T2 > $POSTGRES/postgres-anna.dump.xz
-fi
-
-/usr/bin/rsnapshot -c /root/arch-deploy/rsnapshot/disks.conf $FREQ >&2
-R=$?
-
-if [[ "$FREQ" = "daily" ]]; then
- TS=$BACKUP/daily.0/timestamp
- rm $TS
- date +"%Y-%m-%d_%H-%M-%S" > $TS
-fi
-
-set +x
-{ df -h /backup* /root/backup*; echo; cd $BACKUP; for i in daily.{0..13} weekly.{0..7}; do printf "$i: "; cat $i/timestamp; done; } |& mail -s "backup - antea - $R" xstill@fi.muni.cz
diff --git a/batch.sh b/batch.sh
deleted file mode 100755
index 5cbb06b2b441fdc0bc864f8ec396bcc85822ba56..0000000000000000000000000000000000000000
--- a/batch.sh
+++ /dev/null
@@ -1,9 +0,0 @@
-#!/usr/bin/env bash
-
-set -x
-
-test -z "$BATCH_MACHINES" && BATCH_MACHINES=$(eval echo $(cat machines))
-
-for i in $BATCH_MACHINES; do
- ssh root@$i -tt "/root/arch-deploy/local.sh \"$@\""
-done
diff --git a/bootstrap b/bootstrap
deleted file mode 100755
index 218ea1c63cae97c3ef003f625baaf76183861358..0000000000000000000000000000000000000000
--- a/bootstrap
+++ /dev/null
@@ -1,68 +0,0 @@
-#!/bin/sh
-
-set -ex
-
-DEV=$1
-
-test -b $DEV || { echo "$DEV is not a block device" >& 2; exit 2; }
-mount | grep $DEV && { echo "$DEV is mounted" >& 2; exit 2; }
-pvs | grep $DEV && { echo "$DEV is LVM physical device" >& 2; exit 2; }
-
-sector=$( echo p | fdisk $DEV | grep Units: | cut -d= -f2 | cut -d' ' -f 2)
-
-test $sector -ge 512 || { "Invalid sector size: $sector" >& 2; exit 2; }
-
-# to create the partitions programatically (rather than manually)
-# we're going to simulate the manual input to fdisk
-# The sed script strips off all the comments so that we can
-# document what we're doing in-line with the actual commands
-# Note that a blank line (commented as "defualt" will send a empty
-# line terminated with a newline to take the fdisk default.
-sed -re 's/^[ \t]+([\+0-9a-zA-Z]*)[ \t]*#.*$/\1/' << EOF | fdisk $DEV
- p # print the partion table
- o # delete a partitions
- n # new partition
- p # primary
- 1 # partition number
- # default start offset
- $((1024 * 1024 * 1024 * 16 / $sector)) # 16 GB
- t # set partition type
- 82 # linux swap
- n # new partition
- p # primary partition
- 2 # partition number
- # default start offset
- # fill the disk completely
- a # make a partition bootable
- 2 # bootable partition is partition 2 -- /dev/sd*2
- p # print the in-memory partition table
- w # write the partition table
- q # and we're done
-EOF
-
-SWAP=${DEV}1
-ROOT=${DEV}2
-
-mkswap -L archswap $SWAP
-
-# create XFS filesystem
-mkfs.xfs -f -L arch $ROOT
-
-MOUNT=/mnt/arch
-mkdir -p $MOUNT
-trap "umount $MOUNT" EXIT HUP INT ABRT TERM SEGV
-mount $ROOT $MOUNT
-
-# setup pacman
-bash -c 'sleep 5; find / >& /dev/null' & # generate some entropy for pacman-key
-pacman-key --init
-pacman-key --populate archlinux
-SELF="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
-grep -q '^Server' /etc/pacman.d/mirrorlist || cp $SELF/conf/all/etc/pacman.d/mirrorlist /etc/pacman.d/
-
-pacstrap $MOUNT base base-devel btrfs-progs dhcpcd openssh vim screen bind-tools perl-ldap git curl
-
-genfstab -U -p $MOUNT | grep -v swap >> $MOUNT/etc/fstab
-
-arch-chroot $MOUNT bash -c 'cd /root && git clone https://gitlab.fi.muni.cz/paradise/arch-deploy.git'
-arch-chroot $MOUNT /root/arch-deploy/pdsupdate install $DEV
diff --git a/conf/all/etc/dhcpcd.conf b/conf/all/etc/dhcpcd.conf
deleted file mode 100644
index 0d08f028ed11d69615b1d3a38e4e33bd70b48910..0000000000000000000000000000000000000000
--- a/conf/all/etc/dhcpcd.conf
+++ /dev/null
@@ -1,42 +0,0 @@
-# A sample configuration for dhcpcd.
-# See dhcpcd.conf(5) for details.
-
-# Allow users of this group to interact with dhcpcd via the control socket.
-#controlgroup wheel
-
-# Inform the DHCP server of our hostname for DDNS.
-hostname
-
-# Use the hardware address of the interface for the Client ID.
-#clientid
-# or
-# Use the same DUID + IAID as set in DHCPv6 for DHCPv4 ClientID as per RFC4361.
-# Some non-RFC compliant DHCP servers do not reply with this set.
-# In this case, comment out duid and enable clientid above.
-duid
-
-# Persist interface configuration when dhcpcd exits.
-persistent
-
-# Rapid commit support.
-# Safe to enable by default because it requires the equivalent option set
-# on the server to actually work.
-option rapid_commit
-
-# A list of options to request from the DHCP server.
-option domain_name_servers, domain_name, domain_search, host_name
-option classless_static_routes
-# Respect the network MTU. This is applied to DHCP routes.
-option interface_mtu
-
-# Most distributions have NTP support.
-#option ntp_servers
-
-# A ServerID is required by RFC2131.
-require dhcp_server_identifier
-
-# Generate SLAAC address using the Hardware Address of the interface
-#slaac hwaddr
-# OR generate Stable Private IPv6 Addresses based from the DUID
-slaac hwaddr
-noipv4ll
diff --git a/conf/all/etc/divine.make b/conf/all/etc/divine.make
deleted file mode 100644
index d9d1c9d49222406d576276ebf4d9caf51a485f78..0000000000000000000000000000000000000000
--- a/conf/all/etc/divine.make
+++ /dev/null
@@ -1,6 +0,0 @@
-DEFAULT_FLAVOUR = debug
-OBJ_BASE != basename `pwd`
-ifneq ($(LOGNAME),buildbot)
- OBJ = /var/obj/$(LOGNAME)-divine-$(OBJ_BASE)/
-endif
-STATIC_LDFLAGS = -lltdl
diff --git a/conf/all/etc/environment b/conf/all/etc/environment
deleted file mode 100644
index db93d0ca6a5029271356236e26b73e99797bb41b..0000000000000000000000000000000000000000
--- a/conf/all/etc/environment
+++ /dev/null
@@ -1,7 +0,0 @@
-#
-# This file is parsed by pam_env module
-#
-# Syntax: simple "KEY=VAL" pairs on separate lines
-#
-EDITOR=nano
-CUPS_SERVER=print.fi.muni.cz
diff --git a/conf/all/etc/fstab b/conf/all/etc/fstab
deleted file mode 100644
index 34f38d84957f8acb4a8d42a5219f1d3cee489289..0000000000000000000000000000000000000000
--- a/conf/all/etc/fstab
+++ /dev/null
@@ -1,12 +0,0 @@
-#
-# /etc/fstab: static file system information
-#
-# <file system> <dir> <type> <options> <dump> <pass>
-# /dev/sda2 LABEL=arch
-LABEL=arch / btrfs rw,relatime,space_cache,subvolid=257,subvol=/arch,subvol=arch 0 0
-
-pandora01:/home /home nfs noauto,vers=3,x-systemd.automount,x-systemd.requires=wait-server@pandora01.service,timeo=14 0 0
-pandora01:/backup /backup nfs noauto,vers=3,x-systemd.automount,x-systemd.requires=wait-server@pandora01.service,ro,timeo=14 0 0
-anna:/srv/builds /srv/builds nfs noauto,vers=3,x-systemd.automount,x-systemd.requires=wait-server@anna.service,timeo=14 0 0
-
-LABEL=archswap none swap defaults 0 0
diff --git a/conf/all/etc/krb5.conf b/conf/all/etc/krb5.conf
deleted file mode 100644
index 828286db2aee33ef215b1e3d31539009d91ad4ec..0000000000000000000000000000000000000000
--- a/conf/all/etc/krb5.conf
+++ /dev/null
@@ -1,37 +0,0 @@
-[libdefaults]
- default_realm = "FI.MUNI.CZ"
- encrypt = true
-
-[realms]
- FI.MUNI.CZ = {
- kdc = krb.fi.muni.cz
- kdc = krb1.fi.muni.cz
- admin_server = krb.fi.muni.cz
- }
-# use "kdc = ..." if realm admins haven't put SRV records into DNS
- ATHENA.MIT.EDU = {
- admin_server = kerberos.mit.edu
- }
- ANDREW.CMU.EDU = {
- admin_server = kdc-01.andrew.cmu.edu
- }
-
-[domain_realm]
- .fi.muni.cz = FI.MUNI.CZ
- fi.muni.cz = FI.MUNI.CZ
- mit.edu = ATHENA.MIT.EDU
- csail.mit.edu = CSAIL.MIT.EDU
- .ucsc.edu = CATS.UCSC.EDU
-
-[logging]
-# kdc = CONSOLE
-
-[appdefaults]
- pam = {
- debug = false
- ticket_lifetime = 36000
- renew_lifetime = 36000
- max_timeout = 30
- timeout_shift = 2
- initial_timeout = 1
- }
diff --git a/conf/all/etc/nftables.conf b/conf/all/etc/nftables.conf
deleted file mode 100644
index 5e6aa01670f436b3bc24be7b8270f9775999ac3f..0000000000000000000000000000000000000000
--- a/conf/all/etc/nftables.conf
+++ /dev/null
@@ -1,61 +0,0 @@
-#!/usr/bin/nft -f
-# ipv4/ipv6 Simple & Safe Firewall
-# you can find examples in /usr/share/nftables/
-
-flush ruleset
-
-table inet filter {
- chain input {
- type filter hook input priority 0;
-
- # allow established/related connections
- ct state { established, related } accept
-
- # early drop of invalid connections
- ct state invalid drop
-
- # allow from loopback
- iifname lo accept
-
- # allow libvirt bridge
- iifname virbr0 accept
-
- # allow icmp
- ip protocol icmp accept
- ip6 nexthdr icmpv6 accept
-
- # DHCPv6
- udp sport 547 accept
-
- # allow ssh, http(s)
- tcp dport { ssh, http, https } accept
-
- # NFS
- tcp dport { 111, 2049, 20048, 32765, 32766, 32803, 32769 } accept
- udp dport { 111, 2049, 20048, 32765, 32766, 32803, 32769 } accept
-
- # local network
- ip saddr 147.251.51.160-147.251.51.255 accept
- ip saddr 147.251.48.89 accept # midas (Nikola)
- ip6 saddr 2001:718:801:233::a0-2001:718:801:233::ff accept
-
- # Local services (ident: 113, postgres: 5432)
- ip saddr 147.251.51.160-147.251.51.255 tcp dport { 113, 5432 } accept
- ip6 saddr 2001:718:801:233::a0-2001:718:801:233::ff tcp dport { 113, 5432 } accept
-
- # everything else
- ip saddr 147.251.51.1-147.251.51.159 reject with icmp type port-unreachable # junk from other labs
- log reject with icmpx type port-unreachable
- reject
- }
- chain forward {
- type filter hook forward priority 0;
- drop
- }
- chain output {
- type filter hook output priority 0;
- }
-
-}
-
-# vim:set ts=2 sw=2 et:
diff --git a/conf/all/etc/pacman.conf b/conf/all/etc/pacman.conf
deleted file mode 100644
index 54102ee9279a1a2521bebff96c3f6083a8a0a61a..0000000000000000000000000000000000000000
--- a/conf/all/etc/pacman.conf
+++ /dev/null
@@ -1,106 +0,0 @@
-#
-# /etc/pacman.conf
-#
-# See the pacman.conf(5) manpage for option and repository directives
-
-#
-# GENERAL OPTIONS
-#
-[options]
-# The following paths are commented out with their default values listed.
-# If you wish to use different paths, uncomment and update the paths.
-#RootDir = /
-#DBPath = /var/lib/pacman/
-#CacheDir = /var/cache/pacman/pkg/
-#LogFile = /var/log/pacman.log
-#GPGDir = /etc/pacman.d/gnupg/
-#HookDir = /etc/pacman.d/hooks/
-HoldPkg = pacman glibc
-#XferCommand = /usr/bin/curl -C - -f %u > %o
-#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
-#CleanMethod = KeepInstalled
-#UseDelta = 0.7
-Architecture = auto
-
-# Pacman won't upgrade packages listed in IgnorePkg and members of IgnoreGroup
-#IgnorePkg =
-#IgnoreGroup =
-
-#NoUpgrade =
-#NoExtract =
-
-# Misc options
-#UseSyslog
-#Color
-#TotalDownload
-CheckSpace
-#VerbosePkgLists
-
-# By default, pacman accepts packages signed by keys that its local keyring
-# trusts (see pacman-key and its man page), as well as unsigned packages.
-SigLevel = Required DatabaseOptional
-LocalFileSigLevel = Optional
-#RemoteFileSigLevel = Required
-
-# NOTE: You must run `pacman-key --init` before first using pacman; the local
-# keyring can then be populated with the keys of all official Arch Linux
-# packagers with `pacman-key --populate archlinux`.
-
-#
-# REPOSITORIES
-# - can be defined here or included from another file
-# - pacman will search repositories in the order defined here
-# - local/custom mirrors can be added here or in separate files
-# - repositories listed first will take precedence when packages
-# have identical names, regardless of version number
-# - URLs will have $repo replaced by the name of the current repo
-# - URLs will have $arch replaced by the name of the architecture
-#
-# Repository entries are of the format:
-# [repo-name]
-# Server = ServerName
-# Include = IncludePath
-#
-# The header [repo-name] is crucial - it must be present and
-# uncommented to enable the repo.
-#
-
-# The testing repositories are disabled by default. To enable, uncomment the
-# repo name header and Include lines. You can add preferred servers immediately
-# after the header, and they will be used before the default mirrors.
-
-#[testing]
-#Include = /etc/pacman.d/mirrorlist
-
-[core]
-Server = https://paradise.fi.muni.cz/mirrors/archlinux/local/$repo/os/$arch
-# Include = /etc/pacman.d/mirrorlist
-
-[extra]
-Server = https://paradise.fi.muni.cz/mirrors/archlinux/local/$repo/os/$arch
-# Include = /etc/pacman.d/mirrorlist
-
-#[community-testing]
-Server = https://paradise.fi.muni.cz/mirrors/archlinux/local/$repo/os/$arch
-# Include = /etc/pacman.d/mirrorlist
-
-[community]
-Server = https://paradise.fi.muni.cz/mirrors/archlinux/local/$repo/os/$arch
-# Include = /etc/pacman.d/mirrorlist
-
-# If you want to run 32 bit applications on your x86_64 system,
-# enable the multilib repositories as required here.
-
-#[multilib-testing]
-Server = https://paradise.fi.muni.cz/mirrors/archlinux/local/$repo/os/$arch
-# Include = /etc/pacman.d/mirrorlist
-
-[multilib]
-Server = https://paradise.fi.muni.cz/mirrors/archlinux/local/$repo/os/$arch
-# Include = /etc/pacman.d/mirrorlist
-
-# An example of a custom package repository. See the pacman manpage for
-# tips on creating your own repositories.
-#[custom]
-#SigLevel = Optional TrustAll
-#Server = file:///home/custompkgs
diff --git a/conf/all/etc/pacman.d/mirrorlist b/conf/all/etc/pacman.d/mirrorlist
deleted file mode 100644
index 8e55ad9a4eb568136cd4367a1fd4e80609d9d8d5..0000000000000000000000000000000000000000
--- a/conf/all/etc/pacman.d/mirrorlist
+++ /dev/null
@@ -1,369 +0,0 @@
-##
-## Arch Linux repository mirrorlist
-## Generated on 2015-07-31
-##
-
-## Worldwide
-#Server = https://dgix.ru/mirrors/archlinux/$repo/os/$arch
-#Server = http://mirror.rackspace.com/archlinux/$repo/os/$arch
-
-## Australia
-#Server = http://mirror.aarnet.edu.au/pub/archlinux/$repo/os/$arch
-#Server = http://archlinux.mirror.digitalpacific.com.au/$repo/os/$arch
-#Server = http://ftp.iinet.net.au/pub/archlinux/$repo/os/$arch
-#Server = http://mirror.internode.on.net/pub/archlinux/$repo/os/$arch
-#Server = http://mirror.rackcentral.com.au/archlinux/$repo/os/$arch
-#Server = http://ftp.swin.edu.au/archlinux/$repo/os/$arch
-#Server = http://archlinux.uberglobalmirror.com/$repo/os/$arch
-
-## Austria
-Server = http://mirror.easyname.at/archlinux/$repo/os/$arch
-Server = http://mirror1.htu.tugraz.at/archlinux/$repo/os/$arch
-
-## Bangladesh
-#Server = http://mirrors.ispros.com.bd/archlinux/$repo/os/$arch
-
-## Belarus
-#Server = http://ftp.byfly.by/pub/archlinux/$repo/os/$arch
-#Server = http://mirror.datacenter.by/pub/archlinux/$repo/os/$arch
-
-## Belgium
-#Server = http://archlinux.cu.be/$repo/os/$arch
-#Server = http://archlinux.mirror.kangaroot.net/$repo/os/$arch
-
-## Brazil
-#Server = http://archlinux-br.mirror.host1plus.com/$repo/os/$arch
-#Server = http://archlinux.c3sl.ufpr.br/$repo/os/$arch
-#Server = http://www.las.ic.unicamp.br/pub/archlinux/$repo/os/$arch
-#Server = http://linorg.usp.br/archlinux/$repo/os/$arch
-#Server = http://pet.inf.ufsc.br/mirrors/archlinux/$repo/os/$arch
-#Server = http://archlinux.pop-es.rnp.br/$repo/os/$arch
-
-## Bulgaria
-#Server = http://mirrors.netix.net/archlinux/$repo/os/$arch
-#Server = http://mirror.telepoint.bg/archlinux/$repo/os/$arch
-
-## Canada
-#Server = http://archlinux.dropswitch.net/archlinux/$repo/os/$arch
-#Server = http://mirror.clibre.uqam.ca/archlinux/$repo/os/$arch
-#Server = http://mirror.csclub.uwaterloo.ca/archlinux/$repo/os/$arch
-#Server = http://mirror.its.dal.ca/archlinux/$repo/os/$arch
-#Server = http://archlinux.mirror.rafal.ca/$repo/os/$arch
-#Server = http://archlinux.mirror.vexxhost.com/$repo/os/$arch
-
-## Chile
-#Server = http://mirror.archlinux.cl/$repo/os/$arch
-
-## China
-#Server = http://mirrors.163.com/archlinux/$repo/os/$arch
-#Server = http://mirror.bjtu.edu.cn/archlinux/$repo/os/$arch
-#Server = http://mirrors.cqu.edu.cn/archlinux/$repo/os/$arch
-#Server = http://mirrors.hust.edu.cn/archlinux/$repo/os/$arch
-#Server = http://mirrors.hustunique.com/archlinux/$repo/os/$arch
-#Server = http://mirrors.neusoft.edu.cn/archlinux/$repo/os/$arch
-#Server = http://mirrors.opencas.cn/archlinux/$repo/os/$arch
-#Server = http://run.hit.edu.cn/archlinux/$repo/os/$arch
-#Server = http://mirrors.tuna.tsinghua.edu.cn/archlinux/$repo/os/$arch
-#Server = http://mirrors.ustc.edu.cn/archlinux/$repo/os/$arch
-#Server = https://mirrors.ustc.edu.cn/archlinux/$repo/os/$arch
-#Server = http://mirrors.zju.edu.cn/archlinux/$repo/os/$arch
-
-## Colombia
-#Server = http://mirror.edatel.net.co/archlinux/$repo/os/$arch
-#Server = http://www.laqee.unal.edu.co/archlinux/$repo/os/$arch
-
-## Croatia
-#Server = http://archlinux.iskon.hr/$repo/os/$arch
-
-## Czech Republic
-Server = http://archlinux.mirror.dkm.cz/pub/archlinux/$repo/os/$arch
-Server = http://gluttony.sin.cvut.cz/arch/$repo/os/$arch
-Server = http://mirror.oss.maxcdn.com/archlinux/$repo/os/$arch
-Server = http://mirrors.nic.cz/archlinux/$repo/os/$arch
-Server = http://mirror.vpsfree.cz/archlinux/$repo/os/$arch
-
-## Denmark
-#Server = http://mirrors.dotsrc.org/archlinux/$repo/os/$arch
-#Server = http://mirror.one.com/archlinux/$repo/os/$arch
-
-## Ecuador
-#Server = http://mirror.cedia.org.ec/archlinux/$repo/os/$arch
-#Server = http://mirror.espoch.edu.ec/archlinux/$repo/os/$arch
-#Server = http://mirror.uta.edu.ec/archlinux/$repo/os/$arch
-
-## Estonia
-#Server = http://ftp.eenet.ee/pub/archlinux/$repo/os/$arch
-
-## France
-#Server = http://archlinux.aubrac-medical.fr/$repo/os/$arch
-#Server = http://mirror.archlinux.ikoula.com/archlinux/$repo/os/$arch
-#Server = http://archlinux.vi-di.fr/$repo/os/$arch
-#Server = http://mir.art-software.fr/arch/$repo/os/$arch
-#Server = http://mirror.bitrain.co/archlinux/$repo/os/$arch
-#Server = http://fooo.biz/archlinux/$repo/os/$arch
-#Server = https://fooo.biz/archlinux/$repo/os/$arch
-#Server = http://mirror.ibcp.fr/pub/archlinux/$repo/os/$arch
-#Server = http://mirror.lastmikoi.net/archlinux/$repo/os/$arch
-#Server = http://mirror.lightcone.eu/archlinux/$repo/os/$arch
-#Server = http://archlinux.mailtunnel.eu/$repo/os/$arch
-#Server = https://www.mailtunnel.eu/archlinux/$repo/os/$arch
-#Server = http://mir.archlinux.fr/$repo/os/$arch
-#Server = http://arch.nimukaito.net/$repo/os/$arch
-#Server = http://archlinux.mirrors.ovh.net/archlinux/$repo/os/$arch
-#Server = http://archlinux.mirror.pkern.at/$repo/os/$arch
-#Server = https://archlinux.mirror.pkern.at/$repo/os/$arch
-#Server = http://archlinux.polymorf.fr/$repo/os/$arch
-#Server = http://arch.static.lu/$repo/os/$arch
-#Server = https://arch.static.lu/$repo/os/$arch
-#Server = http://arch.tamcore.eu/$repo/os/$arch
-#Server = http://mirror.tyborek.pl/arch/$repo/os/$arch
-#Server = http://ftp.u-strasbg.fr/linux/distributions/archlinux/$repo/os/$arch
-#Server = http://arch.yourlabs.org/$repo/os/$arch
-
-## Germany
-Server = http://mirror.23media.de/archlinux/$repo/os/$arch
-Server = http://archlinux.limun.org/$repo/os/$arch
-Server = https://archlinux.limun.org/$repo/os/$arch
-Server = http://artfiles.org/archlinux.org/$repo/os/$arch
-Server = http://mirror5.bastelfreak.org/archlinux/$repo/os/$arch
-Server = http://ftp.fau.de/archlinux/$repo/os/$arch
-Server = https://ftp.fau.de/archlinux/$repo/os/$arch
-Server = http://mirror.flipez.de/archlinux/$repo/os/$arch
-Server = http://mirror.fluxent.de/archlinux/$repo/os/$arch
-Server = http://mirror.fs.cx/archlinux/$repo/os/$arch
-Server = https://mirror.fs.cx/archlinux/$repo/os/$arch
-Server = http://mirror.gnomus.de/$repo/os/$arch
-Server = http://arch.packages.gnp-tec.net/$repo/os/$arch
-Server = http://ftp5.gwdg.de/pub/linux/archlinux/$repo/os/$arch
-Server = http://mirror.hactar.bz/$repo/os/$arch
-Server = http://ftp.hawo.stw.uni-erlangen.de/archlinux/$repo/os/$arch
-Server = http://archlinux.honkgong.info/$repo/os/$arch
-Server = https://archlinux.honkgong.info/$repo/os/$arch
-Server = http://ftp.hosteurope.de/mirror/ftp.archlinux.org/$repo/os/$arch
-Server = http://ftp-stud.hs-esslingen.de/pub/Mirrors/archlinux/$repo/os/$arch
-Server = http://mirror.js-webcoding.de/pub/archlinux/$repo/os/$arch
-Server = https://mirror.js-webcoding.de/pub/archlinux/$repo/os/$arch
-Server = http://k42.ch/mirror/archlinux/$repo/os/$arch
-Server = https://k42.ch/mirror/archlinux/$repo/os/$arch
-Server = http://mirror.de.leaseweb.net/archlinux/$repo/os/$arch
-Server = http://mirror.metalgamer.eu/archlinux/$repo/os/$arch
-Server = http://mirror.michael-eckert.net/archlinux/$repo/os/$arch
-Server = http://archlinux.my-universe.com/$repo/os/$arch
-Server = https://archlinux.my-universe.com/$repo/os/$arch
-Server = http://mirrors.n-ix.net/archlinux/$repo/os/$arch
-Server = http://mirror.netcologne.de/archlinux/$repo/os/$arch
-Server = http://mirrors.niyawe.de/archlinux/$repo/os/$arch
-Server = http://ftp.halifax.rwth-aachen.de/archlinux/$repo/os/$arch
-Server = http://linux.rz.rub.de/archlinux/$repo/os/$arch
-Server = http://mirror.selfnet.de/archlinux/$repo/os/$arch
-Server = http://ftp.spline.inf.fu-berlin.de/mirrors/archlinux/$repo/os/$arch
-Server = http://ftp.tu-chemnitz.de/pub/linux/archlinux/$repo/os/$arch
-Server = http://ftp.tuxdroid.org/archlinux/$repo/os/$arch
-Server = http://ftp.uni-bayreuth.de/linux/archlinux/$repo/os/$arch
-Server = http://ftp.uni-hannover.de/archlinux/$repo/os/$arch
-Server = http://ftp.uni-kl.de/pub/linux/archlinux/$repo/os/$arch
-Server = http://mirror.united-gameserver.de/archlinux/$repo/os/$arch
-
-## Greece
-#Server = http://ftp.cc.uoc.gr/mirrors/linux/archlinux/$repo/os/$arch
-#Server = http://foss.aueb.gr/mirrors/linux/archlinux/$repo/os/$arch
-#Server = https://foss.aueb.gr/mirrors/linux/archlinux/$repo/os/$arch
-#Server = http://mirrors.myaegean.gr/linux/archlinux/$repo/os/$arch
-#Server = http://ftp.ntua.gr/pub/linux/archlinux/$repo/os/$arch
-#Server = http://ftp.otenet.gr/linux/archlinux/$repo/os/$arch
-
-## Hungary
-#Server = http://ftp.mfa.kfki.hu/pub/mirrors/ftp.archlinux.org/$repo/os/$arch
-
-## Iceland
-#Server = http://mirror.system.is/arch/$repo/os/$arch
-#Server = https://mirror.system.is/arch/$repo/os/$arch
-
-## India
-#Server = http://mirror.cse.iitk.ac.in/archlinux/$repo/os/$arch
-#Server = http://ftp.iitm.ac.in/archlinux/$repo/os/$arch
-
-## Indonesia
-#Server = http://mirror.kavalinux.com/archlinux/$repo/os/$arch
-#Server = http://mirror.poliwangi.ac.id/archlinux/$repo/os/$arch
-#Server = http://suro.ubaya.ac.id/archlinux/$repo/os/$arch
-
-## Ireland
-#Server = http://ftp.heanet.ie/mirrors/ftp.archlinux.org/$repo/os/$arch
-
-## Israel
-#Server = http://mirror.isoc.org.il/pub/archlinux/$repo/os/$arch
-
-## Italy
-#Server = http://archlinux.openlabto.org/archlinux/$repo/os/$arch
-#Server = http://archlinux.beccacervello.it/archlinux/$repo/os/$arch
-#Server = http://mirrors.prometeus.net/archlinux/$repo/os/$arch
-
-## Japan
-#Server = http://ftp.tsukuba.wide.ad.jp/Linux/archlinux/$repo/os/$arch
-#Server = http://ftp.jaist.ac.jp/pub/Linux/ArchLinux/$repo/os/$arch
-
-## Kazakhstan
-#Server = http://mirror.neolabs.kz/archlinux/$repo/os/$arch
-
-## Latvia
-#Server = http://archlinux.koyanet.lv/archlinux/$repo/os/$arch
-
-## Lithuania
-#Server = http://archlinux.akmc.lt/$repo/os/$arch
-#Server = http://mirrors.atviras.lt/archlinux/$repo/os/$arch
-
-## Luxembourg
-#Server = http://archlinux.mirror.root.lu/$repo/os/$arch
-
-## Macedonia
-#Server = http://arch.softver.org.mk/archlinux/$repo/os/$arch
-#Server = http://mirror.t-home.mk/archlinux/$repo/os/$arch
-
-## Netherlands
-#Server = http://arch.apt-get.eu/$repo/os/$arch
-#Server = http://mirror.i3d.net/pub/archlinux/$repo/os/$arch
-#Server = https://mirror.i3d.net/pub/archlinux/$repo/os/$arch
-#Server = http://mirror.nl.leaseweb.net/archlinux/$repo/os/$arch
-#Server = http://ftp.nluug.nl/os/Linux/distr/archlinux/$repo/os/$arch
-#Server = http://ftp.snt.utwente.nl/pub/os/linux/archlinux/$repo/os/$arch
-
-## New Caledonia
-#Server = http://mirror.lagoon.nc/pub/archlinux/$repo/os/$arch
-#Server = http://archlinux.nautile.nc/archlinux/$repo/os/$arch
-
-## New Zealand
-#Server = http://mirror.xnet.co.nz/pub/archlinux/$repo/os/$arch
-
-## Norway
-#Server = http://mirror.archlinux.no/$repo/os/$arch
-#Server = http://archlinux.uib.no/$repo/os/$arch
-#Server = http://archlinux.neuf.no/$repo/os/$arch
-
-## Philippines
-#Server = http://mirror.rise.ph/archlinux/$repo/os/$arch
-
-## Poland
-#Server = http://mirror.chmuri.net/archmirror/$repo/os/$arch
-#Server = http://arch.midov.pl/arch/$repo/os/$arch
-#Server = http://piotrkosoft.net/pub/mirrors/ftp.archlinux.org/$repo/os/$arch
-#Server = http://ftp.vectranet.pl/archlinux/$repo/os/$arch
-
-## Portugal
-#Server = http://archlinux.dcc.fc.up.pt/$repo/os/$arch
-#Server = http://ftp.rnl.tecnico.ulisboa.pt/pub/archlinux/$repo/os/$arch
-
-## Romania
-#Server = http://mirror.archlinux.ro/archlinux/$repo/os/$arch
-#Server = http://archlinux.mirrors.linux.ro/$repo/os/$arch
-
-## Russia
-#Server = http://dgix.ru/mirrors/archlinux/$repo/os/$arch
-#Server = http://mirror.rol.ru/archlinux/$repo/os/$arch
-#Server = http://mirror.yandex.ru/archlinux/$repo/os/$arch
-
-## Serbia
-#Server = http://mirror.pmf.kg.ac.rs/archlinux/$repo/os/$arch
-
-## Singapore
-#Server = http://download.nus.edu.sg/mirror/arch/$repo/os/$arch
-#Server = http://mirror.nus.edu.sg/archlinux/$repo/os/$arch
-
-## Slovakia
-Server = http://mirror.lnx.sk/pub/linux/archlinux/$repo/os/$arch
-Server = http://tux.rainside.sk/archlinux/$repo/os/$arch
-
-## South Africa
-#Server = http://ftp.wa.co.za/pub/archlinux/$repo/os/$arch
-
-## South Korea
-#Server = http://ftp.kaist.ac.kr/ArchLinux/$repo/os/$arch
-#Server = http://mirror.premi.st/archlinux/$repo/os/$arch
-
-## Spain
-#Server = http://osl.ugr.es/archlinux/$repo/os/$arch
-#Server = http://sunsite.rediris.es/mirror/archlinux/$repo/os/$arch
-
-## Sweden
-#Server = http://ftp.acc.umu.se/mirror/archlinux/$repo/os/$arch
-#Server = http://ftp.df.lth.se/pub/archlinux/$repo/os/$arch
-#Server = http://archlinux.dynamict.se/$repo/os/$arch
-#Server = http://ftp.lysator.liu.se/pub/archlinux/$repo/os/$arch
-#Server = https://ftp.lysator.liu.se/pub/archlinux/$repo/os/$arch
-#Server = http://ftp.myrveln.se/pub/linux/archlinux/$repo/os/$arch
-#Server = https://ftp.myrveln.se/pub/linux/archlinux/$repo/os/$arch
-#Server = http://ftp.portlane.com/pub/os/linux/archlinux/$repo/os/$arch
-
-## Switzerland
-#Server = http://archlinux.puzzle.ch/$repo/os/$arch
-
-## Taiwan
-#Server = http://archlinux.cs.nctu.edu.tw/$repo/os/$arch
-#Server = http://shadow.ind.ntou.edu.tw/archlinux/$repo/os/$arch
-#Server = http://ftp.tku.edu.tw/Linux/ArchLinux/$repo/os/$arch
-#Server = http://ftp.yzu.edu.tw/Linux/archlinux/$repo/os/$arch
-
-## Turkey
-#Server = http://ftp.linux.org.tr/archlinux/$repo/os/$arch
-
-## Ukraine
-#Server = http://archlinux.bln-ua.net/$repo/os/$arch
-#Server = http://mirrors.nix.org.ua/linux/archlinux/$repo/os/$arch
-
-## United Kingdom
-#Server = http://mirror.bytemark.co.uk/archlinux/$repo/os/$arch
-#Server = http://mirror.cinosure.com/archlinux/$repo/os/$arch
-#Server = http://mirrors.manchester.m247.com/arch-linux/$repo/os/$arch
-#Server = http://www.mirrorservice.org/sites/ftp.archlinux.org/$repo/os/$arch
-#Server = http://arch.serverspace.co.uk/arch/$repo/os/$arch
-#Server = http://archlinux.mirrors.uk2.net/$repo/os/$arch
-
-## United States
-#Server = http://mirrors.abscission.net/archlinux/$repo/os/$arch
-#Server = http://mirrors.acm.wpi.edu/archlinux/$repo/os/$arch
-#Server = http://mirrors.advancedhosters.com/archlinux/$repo/os/$arch
-#Server = http://mirrors.aggregate.org/archlinux/$repo/os/$arch
-#Server = http://archlinux.surlyjake.com/archlinux/$repo/os/$arch
-#Server = http://repo.atlantic.net/arch/$repo/os/$arch
-#Server = http://mirrors.cat.pdx.edu/archlinux/$repo/os/$arch
-#Server = http://mirror.cc.columbia.edu/pub/linux/archlinux/$repo/os/$arch
-#Server = http://cosmos.cites.illinois.edu/pub/archlinux/$repo/os/$arch
-#Server = http://mirror.cs.pitt.edu/archlinux/$repo/os/$arch
-#Server = http://mirror.es.its.nyu.edu/archlinux/$repo/os/$arch
-#Server = http://mirror.gawsolutions.us/arch/$repo/os/$arch
-#Server = http://mirrors.gigenet.com/archlinux/$repo/os/$arch
-#Server = http://mirror.grig.io/archlinux/$repo/os/$arch
-#Server = http://www.gtlib.gatech.edu/pub/archlinux/$repo/os/$arch
-#Server = http://mirror.ancl.hawaii.edu/linux/archlinux/$repo/os/$arch
-#Server = http://mirror.htnshost.com/archlinux/$repo/os/$arch
-#Server = http://mirror.jmu.edu/pub/archlinux/$repo/os/$arch
-#Server = http://mirrors.kernel.org/archlinux/$repo/os/$arch
-#Server = https://mirrors.kernel.org/archlinux/$repo/os/$arch
-#Server = http://kwk.pw/$repo/os/$arch
-#Server = https://kwk.pw/$repo/os/$arch
-#Server = http://mirror.us.leaseweb.net/archlinux/$repo/os/$arch
-#Server = http://mirrors.liquidweb.com/archlinux/$repo/os/$arch
-#Server = http://arch.localmsp.org/arch/$repo/os/$arch
-#Server = https://arch.localmsp.org/arch/$repo/os/$arch
-#Server = http://lug.mtu.edu/archlinux/$repo/os/$arch
-#Server = https://lug.mtu.edu/archlinux/$repo/os/$arch
-#Server = http://mirror.metrocast.net/archlinux/$repo/os/$arch
-#Server = http://mirror.nexcess.net/archlinux/$repo/os/$arch
-#Server = http://mirrors.ocf.berkeley.edu/archlinux/$repo/os/$arch
-#Server = https://mirrors.ocf.berkeley.edu/archlinux/$repo/os/$arch
-#Server = http://ftp.osuosl.org/pub/archlinux/$repo/os/$arch
-#Server = http://archlinux.pallissard.net/archlinux/$repo/os/$arch
-#Server = http://mirror.redsox.cc/pub/archlinux/$repo/os/$arch
-#Server = http://mirror.rit.edu/archlinux/$repo/os/$arch
-#Server = http://mirrors.rutgers.edu/archlinux/$repo/os/$arch
-#Server = http://mirror.umd.edu/archlinux/$repo/os/$arch
-#Server = http://mirror.vtti.vt.edu/archlinux/$repo/os/$arch
-#Server = http://mirrors.xmission.com/archlinux/$repo/os/$arch
-#Server = http://mirror.yellowfiber.net/archlinux/$repo/os/$arch
-
-## Vietnam
-#Server = http://f.archlinuxvn.org/archlinux/$repo/os/$arch
-#Server = http://mirror-fpt-telecom.fpt.net/archlinux/$repo/os/$arch
-
-## PDS
-Server = http://paradise.fi.muni.cz/~xstill/paccache
diff --git a/conf/all/etc/pam.d/system-auth b/conf/all/etc/pam.d/system-auth
deleted file mode 100644
index 73461fdb7c1c3030efe315d89a22cab16e1d400a..0000000000000000000000000000000000000000
--- a/conf/all/etc/pam.d/system-auth
+++ /dev/null
@@ -1,21 +0,0 @@
-#%PAM-1.0
-
-auth sufficient pam_krb5.so
-auth required pam_unix.so try_first_pass nullok
-auth optional pam_permit.so
-auth required pam_env.so
-
-account sufficient pam_krb5.so
-account required pam_unix.so
-account optional pam_permit.so
-account required pam_time.so
-
-password sufficient pam_krb5.so
-password required pam_unix.so try_first_pass nullok sha512 shadow
-password optional pam_permit.so
-
-session required pam_limits.so
-session required pam_unix.so
-session optional pam_krb5.so
-session optional pam_permit.so
-
diff --git a/conf/all/etc/pam.d/xlock b/conf/all/etc/pam.d/xlock
deleted file mode 100644
index 0a37e6e13454b077aa266e2fbe474a9a420ecf5a..0000000000000000000000000000000000000000
--- a/conf/all/etc/pam.d/xlock
+++ /dev/null
@@ -1,5 +0,0 @@
-#%PAM-1.0
-auth include system-auth
-account include system-auth
-password include system-auth
-session include system-auth
diff --git a/conf/all/etc/polkit-1/rules.d/inhibit-shutdown.rules b/conf/all/etc/polkit-1/rules.d/inhibit-shutdown.rules
deleted file mode 100644
index 3faf3ef9929cb44958da52c51a5b9ccc2800a448..0000000000000000000000000000000000000000
--- a/conf/all/etc/polkit-1/rules.d/inhibit-shutdown.rules
+++ /dev/null
@@ -1,15 +0,0 @@
-polkit.addRule(function(action, subject) {
- if ( action.id == "org.freedesktop.consolekit.system.stop" ||
- action.id == "org.freedesktop.consolekit.system.restart" ||
- action.id == "org.freedesktop.login1.reboot" ||
- action.id == "org.freedesktop.login1.reboot-multiple-sessions" ||
- action.id == "org.freedesktop.login1.power-off" ||
- action.id == "org.freedesktop.login1.power-off-multiple-sessions" )
- {
- if ( subject.isInGroup("root") ) {
- return polkit.Result.YES;
- } else {
- return polkit.Result.NO;
- }
- }
-});
diff --git a/conf/all/etc/postfix/main.cf b/conf/all/etc/postfix/main.cf
deleted file mode 100644
index f33ef6d09e8c14c7d2ac1c8979157fd1383e646f..0000000000000000000000000000000000000000
--- a/conf/all/etc/postfix/main.cf
+++ /dev/null
@@ -1,682 +0,0 @@
-# Global Postfix configuration file. This file lists only a subset
-# of all parameters. For the syntax, and for a complete parameter
-# list, see the postconf(5) manual page (command: "man 5 postconf").
-#
-# For common configuration examples, see BASIC_CONFIGURATION_README
-# and STANDARD_CONFIGURATION_README. To find these documents, use
-# the command "postconf html_directory readme_directory", or go to
-# http://www.postfix.org/BASIC_CONFIGURATION_README.html etc.
-#
-# For best results, change no more than 2-3 parameters at a time,
-# and test if Postfix still works after every change.
-
-# COMPATIBILITY
-#
-# The compatibility_level determines what default settings Postfix
-# will use for main.cf and master.cf settings. These defaults will
-# change over time.
-#
-# To avoid breaking things, Postfix will use backwards-compatible
-# default settings and log where it uses those old backwards-compatible
-# default settings, until the system administrator has determined
-# if any backwards-compatible default settings need to be made
-# permanent in main.cf or master.cf.
-#
-# When this review is complete, update the compatibility_level setting
-# below as recommended in the RELEASE_NOTES file.
-#
-# The level below is what should be used with new (not upgrade) installs.
-#
-compatibility_level = 2
-
-# SOFT BOUNCE
-#
-# The soft_bounce parameter provides a limited safety net for
-# testing. When soft_bounce is enabled, mail will remain queued that
-# would otherwise bounce. This parameter disables locally-generated
-# bounces, and prevents the SMTP server from rejecting mail permanently
-# (by changing 5xx replies into 4xx replies). However, soft_bounce
-# is no cure for address rewriting mistakes or mail routing mistakes.
-#
-#soft_bounce = no
-
-# LOCAL PATHNAME INFORMATION
-#
-# The queue_directory specifies the location of the Postfix queue.
-# This is also the root directory of Postfix daemons that run chrooted.
-# See the files in examples/chroot-setup for setting up Postfix chroot
-# environments on different UNIX systems.
-#
-queue_directory = /var/spool/postfix
-
-# The command_directory parameter specifies the location of all
-# postXXX commands.
-#
-command_directory = /usr/bin
-
-# The daemon_directory parameter specifies the location of all Postfix
-# daemon programs (i.e. programs listed in the master.cf file). This
-# directory must be owned by root.
-#
-daemon_directory = /usr/lib/postfix/bin
-
-# The data_directory parameter specifies the location of Postfix-writable
-# data files (caches, random numbers). This directory must be owned
-# by the mail_owner account (see below).
-#
-data_directory = /var/lib/postfix
-
-# QUEUE AND PROCESS OWNERSHIP
-#
-# The mail_owner parameter specifies the owner of the Postfix queue
-# and of most Postfix daemon processes. Specify the name of a user
-# account THAT DOES NOT SHARE ITS USER OR GROUP ID WITH OTHER ACCOUNTS
-# AND THAT OWNS NO OTHER FILES OR PROCESSES ON THE SYSTEM. In
-# particular, don't specify nobody or daemon. PLEASE USE A DEDICATED
-# USER.
-#
-mail_owner = postfix
-
-# The default_privs parameter specifies the default rights used by
-# the local delivery agent for delivery to external file or command.
-# These rights are used in the absence of a recipient user context.
-# DO NOT SPECIFY A PRIVILEGED USER OR THE POSTFIX OWNER.
-#
-default_privs = nobody
-
-# INTERNET HOST AND DOMAIN NAMES
-#
-# The myhostname parameter specifies the internet hostname of this
-# mail system. The default is to use the fully-qualified domain name
-# from gethostname(). $myhostname is used as a default value for many
-# other configuration parameters.
-#
-#### myhostname = pegasus07.fi.muni.cz
-#myhostname = virtual.domain.tld
-
-# The mydomain parameter specifies the local internet domain name.
-# The default is to use $myhostname minus the first component.
-# $mydomain is used as a default value for many other configuration
-# parameters.
-#
-mydomain = fi.muni.cz
-
-# SENDING MAIL
-#
-# The myorigin parameter specifies the domain that locally-posted
-# mail appears to come from. The default is to append $myhostname,
-# which is fine for small sites. If you run a domain with multiple
-# machines, you should (1) change this to $mydomain and (2) set up
-# a domain-wide alias database that aliases each user to
-# user@that.users.mailhost.
-#
-# For the sake of consistency between sender and recipient addresses,
-# myorigin also specifies the default domain name that is appended
-# to recipient addresses that have no @domain part.
-#
-#myorigin = $myhostname
-#myorigin = $mydomain
-
-# RECEIVING MAIL
-
-# The inet_interfaces parameter specifies the network interface
-# addresses that this mail system receives mail on. By default,
-# the software claims all active interfaces on the machine. The
-# parameter also controls delivery of mail to user@[ip.address].
-#
-# See also the proxy_interfaces parameter, for network addresses that
-# are forwarded to us via a proxy or network address translator.
-#
-# Note: you need to stop/start Postfix when this parameter changes.
-#
-#inet_interfaces = all
-#inet_interfaces = $myhostname
-#inet_interfaces = $myhostname, localhost
-
-# The proxy_interfaces parameter specifies the network interface
-# addresses that this mail system receives mail on by way of a
-# proxy or network address translation unit. This setting extends
-# the address list specified with the inet_interfaces parameter.
-#
-# You must specify your proxy/NAT addresses when your system is a
-# backup MX host for other domains, otherwise mail delivery loops
-# will happen when the primary MX host is down.
-#
-#proxy_interfaces =
-#proxy_interfaces = 1.2.3.4
-
-# The mydestination parameter specifies the list of domains that this
-# machine considers itself the final destination for.
-#
-# These domains are routed to the delivery agent specified with the
-# local_transport parameter setting. By default, that is the UNIX
-# compatible delivery agent that lookups all recipients in /etc/passwd
-# and /etc/aliases or their equivalent.
-#
-# The default is $myhostname + localhost.$mydomain. On a mail domain
-# gateway, you should also include $mydomain.
-#
-# Do not specify the names of virtual domains - those domains are
-# specified elsewhere (see VIRTUAL_README).
-#
-# Do not specify the names of domains that this machine is backup MX
-# host for. Specify those names via the relay_domains settings for
-# the SMTP server, or use permit_mx_backup if you are lazy (see
-# STANDARD_CONFIGURATION_README).
-#
-# The local machine is always the final destination for mail addressed
-# to user@[the.net.work.address] of an interface that the mail system
-# receives mail on (see the inet_interfaces parameter).
-#
-# Specify a list of host or domain names, /file/name or type:table
-# patterns, separated by commas and/or whitespace. A /file/name
-# pattern is replaced by its contents; a type:table is matched when
-# a name matches a lookup key (the right-hand side is ignored).
-# Continue long lines by starting the next line with whitespace.
-#
-# See also below, section "REJECTING MAIL FOR UNKNOWN LOCAL USERS".
-#
-#mydestination = $myhostname, localhost.$mydomain, localhost
-#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
-#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,
-# mail.$mydomain, www.$mydomain, ftp.$mydomain
-
-# REJECTING MAIL FOR UNKNOWN LOCAL USERS
-#
-# The local_recipient_maps parameter specifies optional lookup tables
-# with all names or addresses of users that are local with respect
-# to $mydestination, $inet_interfaces or $proxy_interfaces.
-#
-# If this parameter is defined, then the SMTP server will reject
-# mail for unknown local users. This parameter is defined by default.
-#
-# To turn off local recipient checking in the SMTP server, specify
-# local_recipient_maps = (i.e. empty).
-#
-# The default setting assumes that you use the default Postfix local
-# delivery agent for local delivery. You need to update the
-# local_recipient_maps setting if:
-#
-# - You define $mydestination domain recipients in files other than
-# /etc/passwd, /etc/aliases, or the $virtual_alias_maps files.
-# For example, you define $mydestination domain recipients in
-# the $virtual_mailbox_maps files.
-#
-# - You redefine the local delivery agent in master.cf.
-#
-# - You redefine the "local_transport" setting in main.cf.
-#
-# - You use the "luser_relay", "mailbox_transport", or "fallback_transport"
-# feature of the Postfix local delivery agent (see local(8)).
-#
-# Details are described in the LOCAL_RECIPIENT_README file.
-#
-# Beware: if the Postfix SMTP server runs chrooted, you probably have
-# to access the passwd file via the proxymap service, in order to
-# overcome chroot restrictions. The alternative, having a copy of
-# the system passwd file in the chroot jail is just not practical.
-#
-# The right-hand side of the lookup tables is conveniently ignored.
-# In the left-hand side, specify a bare username, an @domain.tld
-# wild-card, or specify a user@domain.tld address.
-#
-#local_recipient_maps = unix:passwd.byname $alias_maps
-#local_recipient_maps = proxy:unix:passwd.byname $alias_maps
-local_recipient_maps =
-
-# The unknown_local_recipient_reject_code specifies the SMTP server
-# response code when a recipient domain matches $mydestination or
-# ${proxy,inet}_interfaces, while $local_recipient_maps is non-empty
-# and the recipient address or address local-part is not found.
-#
-# The default setting is 550 (reject mail) but it is safer to start
-# with 450 (try again later) until you are certain that your
-# local_recipient_maps settings are OK.
-#
-unknown_local_recipient_reject_code = 550
-
-# TRUST AND RELAY CONTROL
-
-# The mynetworks parameter specifies the list of "trusted" SMTP
-# clients that have more privileges than "strangers".
-#
-# In particular, "trusted" SMTP clients are allowed to relay mail
-# through Postfix. See the smtpd_recipient_restrictions parameter
-# in postconf(5).
-#
-# You can specify the list of "trusted" network addresses by hand
-# or you can let Postfix do it for you (which is the default).
-#
-# By default (mynetworks_style = subnet), Postfix "trusts" SMTP
-# clients in the same IP subnetworks as the local machine.
-# On Linux, this does works correctly only with interfaces specified
-# with the "ifconfig" command.
-#
-# Specify "mynetworks_style = class" when Postfix should "trust" SMTP
-# clients in the same IP class A/B/C networks as the local machine.
-# Don't do this with a dialup site - it would cause Postfix to "trust"
-# your entire provider's network. Instead, specify an explicit
-# mynetworks list by hand, as described below.
-#
-# Specify "mynetworks_style = host" when Postfix should "trust"
-# only the local machine.
-#
-#mynetworks_style = class
-#mynetworks_style = subnet
-#mynetworks_style = host
-
-# Alternatively, you can specify the mynetworks list by hand, in
-# which case Postfix ignores the mynetworks_style setting.
-#
-# Specify an explicit list of network/netmask patterns, where the
-# mask specifies the number of bits in the network part of a host
-# address.
-#
-# You can also specify the absolute pathname of a pattern file instead
-# of listing the patterns here. Specify type:table for table-based lookups
-# (the value on the table right-hand side is not used).
-#
-#mynetworks = 168.100.189.0/28, 127.0.0.0/8
-#mynetworks = $config_directory/mynetworks
-#mynetworks = hash:/etc/postfix/network_table
-mynetworks = 192.168.0.0/24 192.168.1.0/24
-
-# The relay_domains parameter restricts what destinations this system will
-# relay mail to. See the smtpd_recipient_restrictions description in
-# postconf(5) for detailed information.
-#
-# By default, Postfix relays mail
-# - from "trusted" clients (IP address matches $mynetworks) to any destination,
-# - from "untrusted" clients to destinations that match $relay_domains or
-# subdomains thereof, except addresses with sender-specified routing.
-# The default relay_domains value is $mydestination.
-#
-# In addition to the above, the Postfix SMTP server by default accepts mail
-# that Postfix is final destination for:
-# - destinations that match $inet_interfaces or $proxy_interfaces,
-# - destinations that match $mydestination
-# - destinations that match $virtual_alias_domains,
-# - destinations that match $virtual_mailbox_domains.
-# These destinations do not need to be listed in $relay_domains.
-#
-# Specify a list of hosts or domains, /file/name patterns or type:name
-# lookup tables, separated by commas and/or whitespace. Continue
-# long lines by starting the next line with whitespace. A file name
-# is replaced by its contents; a type:name table is matched when a
-# (parent) domain appears as lookup key.
-#
-# NOTE: Postfix will not automatically forward mail for domains that
-# list this system as their primary or backup MX host. See the
-# permit_mx_backup restriction description in postconf(5).
-#
-#relay_domains = $mydestination
-
-# INTERNET OR INTRANET
-
-# The relayhost parameter specifies the default host to send mail to
-# when no entry is matched in the optional transport(5) table. When
-# no relayhost is given, mail is routed directly to the destination.
-#
-# On an intranet, specify the organizational domain name. If your
-# internal DNS uses no MX records, specify the name of the intranet
-# gateway host instead.
-#
-# In the case of SMTP, specify a domain, host, host:port, [host]:port,
-# [address] or [address]:port; the form [host] turns off MX lookups.
-#
-# If you're connected via UUCP, see also the default_transport parameter.
-#
-#relayhost = $mydomain
-#relayhost = [gateway.my.domain]
-#relayhost = [mailserver.isp.tld]
-#relayhost = uucphost
-#relayhost = [an.ip.add.ress]
-relayhost = relay.fi.muni.cz
-
-# REJECTING UNKNOWN RELAY USERS
-#
-# The relay_recipient_maps parameter specifies optional lookup tables
-# with all addresses in the domains that match $relay_domains.
-#
-# If this parameter is defined, then the SMTP server will reject
-# mail for unknown relay users. This feature is off by default.
-#
-# The right-hand side of the lookup tables is conveniently ignored.
-# In the left-hand side, specify an @domain.tld wild-card, or specify
-# a user@domain.tld address.
-#
-#relay_recipient_maps = hash:/etc/postfix/relay_recipients
-
-# INPUT RATE CONTROL
-#
-# The in_flow_delay configuration parameter implements mail input
-# flow control. This feature is turned on by default, although it
-# still needs further development (it's disabled on SCO UNIX due
-# to an SCO bug).
-#
-# A Postfix process will pause for $in_flow_delay seconds before
-# accepting a new message, when the message arrival rate exceeds the
-# message delivery rate. With the default 100 SMTP server process
-# limit, this limits the mail inflow to 100 messages a second more
-# than the number of messages delivered per second.
-#
-# Specify 0 to disable the feature. Valid delays are 0..10.
-#
-#in_flow_delay = 1s
-
-# ADDRESS REWRITING
-#
-# The ADDRESS_REWRITING_README document gives information about
-# address masquerading or other forms of address rewriting including
-# username->Firstname.Lastname mapping.
-
-# ADDRESS REDIRECTION (VIRTUAL DOMAIN)
-#
-# The VIRTUAL_README document gives information about the many forms
-# of domain hosting that Postfix supports.
-
-# "USER HAS MOVED" BOUNCE MESSAGES
-#
-# See the discussion in the ADDRESS_REWRITING_README document.
-
-# TRANSPORT MAP
-#
-# See the discussion in the ADDRESS_REWRITING_README document.
-
-# ALIAS DATABASE
-#
-# The alias_maps parameter specifies the list of alias databases used
-# by the local delivery agent. The default list is system dependent.
-#
-# On systems with NIS, the default is to search the local alias
-# database, then the NIS alias database. See aliases(5) for syntax
-# details.
-#
-# If you change the alias database, run "postalias /etc/aliases" (or
-# wherever your system stores the mail alias file), or simply run
-# "newaliases" to build the necessary DBM or DB file.
-#
-# It will take a minute or so before changes become visible. Use
-# "postfix reload" to eliminate the delay.
-#
-#alias_maps = dbm:/etc/aliases
-#alias_maps = hash:/etc/aliases
-#alias_maps = hash:/etc/aliases, nis:mail.aliases
-#alias_maps = netinfo:/aliases
-alias_maps = hash:/etc/postfix/aliases
-
-# The alias_database parameter specifies the alias database(s) that
-# are built with "newaliases" or "sendmail -bi". This is a separate
-# configuration parameter, because alias_maps (see above) may specify
-# tables that are not necessarily all under control by Postfix.
-#
-#alias_database = dbm:/etc/aliases
-#alias_database = dbm:/etc/mail/aliases
-#alias_database = hash:/etc/aliases
-#alias_database = hash:/etc/aliases, hash:/opt/majordomo/aliases
-alias_database = $alias_maps
-
-# ADDRESS EXTENSIONS (e.g., user+foo)
-#
-# The recipient_delimiter parameter specifies the separator between
-# user names and address extensions (user+foo). See canonical(5),
-# local(8), relocated(5) and virtual(5) for the effects this has on
-# aliases, canonical, virtual, relocated and .forward file lookups.
-# Basically, the software tries user+foo and .forward+foo before
-# trying user and .forward.
-#
-#recipient_delimiter = +
-
-# DELIVERY TO MAILBOX
-#
-# The home_mailbox parameter specifies the optional pathname of a
-# mailbox file relative to a user's home directory. The default
-# mailbox file is /var/spool/mail/user or /var/mail/user. Specify
-# "Maildir/" for qmail-style delivery (the / is required).
-#
-#home_mailbox = Mailbox
-#home_mailbox = Maildir/
-
-# The mail_spool_directory parameter specifies the directory where
-# UNIX-style mailboxes are kept. The default setting depends on the
-# system type.
-#
-#mail_spool_directory = /var/mail
-mail_spool_directory = /var/spool/mail
-
-# The mailbox_command parameter specifies the optional external
-# command to use instead of mailbox delivery. The command is run as
-# the recipient with proper HOME, SHELL and LOGNAME environment settings.
-# Exception: delivery for root is done as $default_user.
-#
-# Other environment variables of interest: USER (recipient username),
-# EXTENSION (address extension), DOMAIN (domain part of address),
-# and LOCAL (the address localpart).
-#
-# Unlike other Postfix configuration parameters, the mailbox_command
-# parameter is not subjected to $parameter substitutions. This is to
-# make it easier to specify shell syntax (see example below).
-#
-# Avoid shell meta characters because they will force Postfix to run
-# an expensive shell process. Procmail alone is expensive enough.
-#
-# IF YOU USE THIS TO DELIVER MAIL SYSTEM-WIDE, YOU MUST SET UP AN
-# ALIAS THAT FORWARDS MAIL FOR ROOT TO A REAL USER.
-#
-#mailbox_command = /some/where/procmail
-#mailbox_command = /some/where/procmail -a "$EXTENSION"
-
-# The mailbox_transport specifies the optional transport in master.cf
-# to use after processing aliases and .forward files. This parameter
-# has precedence over the mailbox_command, fallback_transport and
-# luser_relay parameters.
-#
-# Specify a string of the form transport:nexthop, where transport is
-# the name of a mail delivery transport defined in master.cf. The
-# :nexthop part is optional. For more details see the sample transport
-# configuration file.
-#
-# NOTE: if you use this feature for accounts not in the UNIX password
-# file, then you must update the "local_recipient_maps" setting in
-# the main.cf file, otherwise the SMTP server will reject mail for
-# non-UNIX accounts with "User unknown in local recipient table".
-#
-# Cyrus IMAP over LMTP. Specify ``lmtpunix cmd="lmtpd"
-# listen="/var/imap/socket/lmtp" prefork=0'' in cyrus.conf.
-#mailbox_transport = lmtp:unix:/var/imap/socket/lmtp
-#
-# Cyrus IMAP via command line. Uncomment the "cyrus...pipe" and
-# subsequent line in master.cf.
-#mailbox_transport = cyrus
-
-# The fallback_transport specifies the optional transport in master.cf
-# to use for recipients that are not found in the UNIX passwd database.
-# This parameter has precedence over the luser_relay parameter.
-#
-# Specify a string of the form transport:nexthop, where transport is
-# the name of a mail delivery transport defined in master.cf. The
-# :nexthop part is optional. For more details see the sample transport
-# configuration file.
-#
-# NOTE: if you use this feature for accounts not in the UNIX password
-# file, then you must update the "local_recipient_maps" setting in
-# the main.cf file, otherwise the SMTP server will reject mail for
-# non-UNIX accounts with "User unknown in local recipient table".
-#
-#fallback_transport = lmtp:unix:/file/name
-#fallback_transport = cyrus
-#fallback_transport =
-
-# The luser_relay parameter specifies an optional destination address
-# for unknown recipients. By default, mail for unknown@$mydestination,
-# unknown@[$inet_interfaces] or unknown@[$proxy_interfaces] is returned
-# as undeliverable.
-#
-# The following expansions are done on luser_relay: $user (recipient
-# username), $shell (recipient shell), $home (recipient home directory),
-# $recipient (full recipient address), $extension (recipient address
-# extension), $domain (recipient domain), $local (entire recipient
-# localpart), $recipient_delimiter. Specify ${name?value} or
-# ${name:value} to expand value only when $name does (does not) exist.
-#
-# luser_relay works only for the default Postfix local delivery agent.
-#
-# NOTE: if you use this feature for accounts not in the UNIX password
-# file, then you must specify "local_recipient_maps =" (i.e. empty) in
-# the main.cf file, otherwise the SMTP server will reject mail for
-# non-UNIX accounts with "User unknown in local recipient table".
-#
-#luser_relay = $user@other.host
-#luser_relay = $local@other.host
-#luser_relay = admin+$local
-
-# JUNK MAIL CONTROLS
-#
-# The controls listed here are only a very small subset. The file
-# SMTPD_ACCESS_README provides an overview.
-
-# The header_checks parameter specifies an optional table with patterns
-# that each logical message header is matched against, including
-# headers that span multiple physical lines.
-#
-# By default, these patterns also apply to MIME headers and to the
-# headers of attached messages. With older Postfix versions, MIME and
-# attached message headers were treated as body text.
-#
-# For details, see "man header_checks".
-#
-#header_checks = regexp:/etc/postfix/header_checks
-
-# FAST ETRN SERVICE
-#
-# Postfix maintains per-destination logfiles with information about
-# deferred mail, so that mail can be flushed quickly with the SMTP
-# "ETRN domain.tld" command, or by executing "sendmail -qRdomain.tld".
-# See the ETRN_README document for a detailed description.
-#
-# The fast_flush_domains parameter controls what destinations are
-# eligible for this service. By default, they are all domains that
-# this server is willing to relay mail to.
-#
-#fast_flush_domains = $relay_domains
-
-# SHOW SOFTWARE VERSION OR NOT
-#
-# The smtpd_banner parameter specifies the text that follows the 220
-# code in the SMTP server's greeting banner. Some people like to see
-# the mail version advertised. By default, Postfix shows no version.
-#
-# You MUST specify $myhostname at the start of the text. That is an
-# RFC requirement. Postfix itself does not care.
-#
-#smtpd_banner = $myhostname ESMTP $mail_name
-#smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
-
-# PARALLEL DELIVERY TO THE SAME DESTINATION
-#
-# How many parallel deliveries to the same user or domain? With local
-# delivery, it does not make sense to do massively parallel delivery
-# to the same user, because mailbox updates must happen sequentially,
-# and expensive pipelines in .forward files can cause disasters when
-# too many are run at the same time. With SMTP deliveries, 10
-# simultaneous connections to the same domain could be sufficient to
-# raise eyebrows.
-#
-# Each message delivery transport has its XXX_destination_concurrency_limit
-# parameter. The default is $default_destination_concurrency_limit for
-# most delivery transports. For the local delivery agent the default is 2.
-
-#local_destination_concurrency_limit = 2
-#default_destination_concurrency_limit = 20
-
-# DEBUGGING CONTROL
-#
-# The debug_peer_level parameter specifies the increment in verbose
-# logging level when an SMTP client or server host name or address
-# matches a pattern in the debug_peer_list parameter.
-#
-debug_peer_level = 2
-
-# The debug_peer_list parameter specifies an optional list of domain
-# or network patterns, /file/name patterns or type:name tables. When
-# an SMTP client or server host name or address matches a pattern,
-# increase the verbose logging level by the amount specified in the
-# debug_peer_level parameter.
-#
-#debug_peer_list = 127.0.0.1
-#debug_peer_list = some.domain
-
-# The debugger_command specifies the external command that is executed
-# when a Postfix daemon program is run with the -D option.
-#
-# Use "command .. & sleep 5" so that the debugger can attach before
-# the process marches on. If you use an X-based debugger, be sure to
-# set up your XAUTHORITY environment variable before starting Postfix.
-#
-debugger_command =
- PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
- ddd $daemon_directory/$process_name $process_id & sleep 5
-
-# If you can't use X, use this to capture the call stack when a
-# daemon crashes. The result is in a file in the configuration
-# directory, and is named after the process name and the process ID.
-#
-# debugger_command =
-# PATH=/bin:/usr/bin:/usr/local/bin; export PATH; (echo cont;
-# echo where) | gdb $daemon_directory/$process_name $process_id 2>&1
-# >$config_directory/$process_name.$process_id.log & sleep 5
-#
-# Another possibility is to run gdb under a detached screen session.
-# To attach to the screen sesssion, su root and run "screen -r
-# <id_string>" where <id_string> uniquely matches one of the detached
-# sessions (from "screen -list").
-#
-# debugger_command =
-# PATH=/bin:/usr/bin:/sbin:/usr/sbin; export PATH; screen
-# -dmS $process_name gdb $daemon_directory/$process_name
-# $process_id & sleep 1
-
-# INSTALL-TIME CONFIGURATION INFORMATION
-#
-# The following parameters are used when installing a new Postfix version.
-#
-# sendmail_path: The full pathname of the Postfix sendmail command.
-# This is the Sendmail-compatible mail posting interface.
-#
-sendmail_path = /usr/bin/sendmail
-
-# newaliases_path: The full pathname of the Postfix newaliases command.
-# This is the Sendmail-compatible command to build alias databases.
-#
-newaliases_path = /usr/bin/newaliases
-
-# mailq_path: The full pathname of the Postfix mailq command. This
-# is the Sendmail-compatible mail queue listing command.
-#
-mailq_path = /usr/bin/mailq
-
-# setgid_group: The group for mail submission and queue management
-# commands. This must be a group name with a numerical group ID that
-# is not shared with other accounts, not even with the Postfix account.
-#
-setgid_group = postdrop
-
-# html_directory: The location of the Postfix HTML documentation.
-#
-html_directory = no
-
-# manpage_directory: The location of the Postfix on-line manual pages.
-#
-manpage_directory = /usr/share/man
-
-# sample_directory: The location of the Postfix sample configuration files.
-# This parameter is obsolete as of Postfix 2.1.
-#
-sample_directory = /etc/postfix
-
-# readme_directory: The location of the Postfix README files.
-#
-readme_directory = /usr/share/doc/postfix
-inet_protocols = ipv4
-meta_directory = /etc/postfix
-shlib_directory = /usr/lib/postfix
diff --git a/conf/all/etc/security/limits.conf b/conf/all/etc/security/limits.conf
deleted file mode 100644
index e689473a250a611e6b89c9da91518c4a2de54e87..0000000000000000000000000000000000000000
--- a/conf/all/etc/security/limits.conf
+++ /dev/null
@@ -1,50 +0,0 @@
-# /etc/security/limits.conf
-#
-#Each line describes a limit for a user in the form:
-#
-#<domain> <type> <item> <value>
-#
-#Where:
-#<domain> can be:
-# - a user name
-# - a group name, with @group syntax
-# - the wildcard *, for default entry
-# - the wildcard %, can be also used with %group syntax,
-# for maxlogin limit
-#
-#<type> can have the two values:
-# - "soft" for enforcing the soft limits
-# - "hard" for enforcing hard limits
-#
-#<item> can be one of the following:
-# - core - limits the core file size (KB)
-# - data - max data size (KB)
-# - fsize - maximum filesize (KB)
-# - memlock - max locked-in-memory address space (KB)
-# - nofile - max number of open file descriptors
-# - rss - max resident set size (KB)
-# - stack - max stack size (KB)
-# - cpu - max CPU time (MIN)
-# - nproc - max number of processes
-# - as - address space limit (KB)
-# - maxlogins - max number of logins for this user
-# - maxsyslogins - max number of logins on the system
-# - priority - the priority to run user process with
-# - locks - max number of file locks the user can hold
-# - sigpending - max number of pending signals
-# - msgqueue - max memory used by POSIX message queues (bytes)
-# - nice - max nice priority allowed to raise to values: [-20, 19]
-# - rtprio - max realtime priority
-#
-#<domain> <type> <item> <value>
-#
-
-* soft core 2097152
-#* hard rss 10000
-#@student hard nproc 20
-#@faculty soft nproc 20
-#@faculty hard nproc 50
-#ftp hard nproc 0
-#@student - maxlogins 4
-
-# End of file
diff --git a/conf/all/etc/ssh/sshd_config b/conf/all/etc/ssh/sshd_config
deleted file mode 100644
index 68f24f1f8bf150bb4bad909a313dbd0a20c55f28..0000000000000000000000000000000000000000
--- a/conf/all/etc/ssh/sshd_config
+++ /dev/null
@@ -1,122 +0,0 @@
-# $OpenBSD: sshd_config,v 1.97 2015/08/06 14:53:21 deraadt Exp $
-
-# This is the sshd server system-wide configuration file. See
-# sshd_config(5) for more information.
-
-# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
-
-# The strategy used for options in the default sshd_config shipped with
-# OpenSSH is to specify options with their default value where
-# possible, but leave them commented. Uncommented options override the
-# default value.
-
-#Port 22
-#AddressFamily any
-#ListenAddress 0.0.0.0
-#ListenAddress ::
-
-#HostKey /etc/ssh/ssh_host_rsa_key
-#HostKey /etc/ssh/ssh_host_dsa_key
-#HostKey /etc/ssh/ssh_host_ecdsa_key
-#HostKey /etc/ssh/ssh_host_ed25519_key
-
-# Lifetime and size of ephemeral version 1 server key
-#KeyRegenerationInterval 1h
-ServerKeyBits 2048
-
-# Ciphers and keying
-#RekeyLimit default none
-
-# Logging
-#SyslogFacility AUTH
-#LogLevel INFO
-
-# Authentication:
-
-#LoginGraceTime 2m
-#PermitRootLogin prohibit-password
-#StrictModes yes
-#MaxAuthTries 6
-MaxSessions 256
-
-#PubkeyAuthentication yes
-
-# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
-# but this is overridden so installations will only check .ssh/authorized_keys
-AuthorizedKeysFile .ssh/authorized_keys
-
-#AuthorizedPrincipalsFile none
-
-#AuthorizedKeysCommand none
-#AuthorizedKeysCommandUser nobody
-
-# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
-#HostbasedAuthentication no
-# Change to yes if you don't trust ~/.ssh/known_hosts for
-# HostbasedAuthentication
-#IgnoreUserKnownHosts no
-# Don't read the user's ~/.rhosts and ~/.shosts files
-#IgnoreRhosts yes
-
-# To disable tunneled clear text passwords, change to no here!
-#PasswordAuthentication yes
-#PermitEmptyPasswords no
-
-# Change to no to disable s/key passwords
-ChallengeResponseAuthentication no
-
-# Kerberos options
-#KerberosAuthentication no
-#KerberosOrLocalPasswd yes
-#KerberosTicketCleanup yes
-#KerberosGetAFSToken no
-
-# GSSAPI options
-#GSSAPIAuthentication no
-#GSSAPICleanupCredentials yes
-
-# Set this to 'yes' to enable PAM authentication, account processing,
-# and session processing. If this is enabled, PAM authentication will
-# be allowed through the ChallengeResponseAuthentication and
-# PasswordAuthentication. Depending on your PAM configuration,
-# PAM authentication via ChallengeResponseAuthentication may bypass
-# the setting of "PermitRootLogin without-password".
-# If you just want the PAM account and session checks to run without
-# PAM authentication, then enable this but set PasswordAuthentication
-# and ChallengeResponseAuthentication to 'no'.
-UsePAM yes
-
-AllowAgentForwarding yes
-AllowTcpForwarding no
-#GatewayPorts no
-#X11Forwarding no
-#X11DisplayOffset 10
-#X11UseLocalhost yes
-#PermitTTY yes
-PrintMotd no # pam does that
-#PrintLastLog yes
-#TCPKeepAlive yes
-#UseLogin no
-#PermitUserEnvironment no
-#Compression delayed
-#ClientAliveInterval 0
-#ClientAliveCountMax 3
-#UseDNS no
-#PidFile /run/sshd.pid
-#MaxStartups 10:30:100
-#PermitTunnel no
-#ChrootDirectory none
-#VersionAddendum none
-
-# no default banner path
-#Banner none
-
-# override default of no subsystems
-Subsystem sftp /usr/lib/ssh/sftp-server
-
-# Example of overriding settings on a per-user basis
-#Match User anoncvs
-# X11Forwarding no
-# AllowTcpForwarding no
-# PermitTTY no
-# ForceCommand cvs server
diff --git a/conf/all/etc/sudoers.d/bench b/conf/all/etc/sudoers.d/bench
deleted file mode 100644
index 6ab2276b61c7408972a0ff6b8b36e4960497f020..0000000000000000000000000000000000000000
--- a/conf/all/etc/sudoers.d/bench
+++ /dev/null
@@ -1 +0,0 @@
-%paradise ALL=(bench) ALL
diff --git a/conf/all/etc/sudoers.d/pds b/conf/all/etc/sudoers.d/pds
deleted file mode 100644
index d7d887d49c4dfe78464110dda8909a361460ba19..0000000000000000000000000000000000000000
--- a/conf/all/etc/sudoers.d/pds
+++ /dev/null
@@ -1,12 +0,0 @@
-## sudoers file.
-##
-## This file MUST be edited with the 'visudo' command as root.
-## Failure to use 'visudo' may result in syntax or file permission errors
-## that prevent sudo from running.
-##
-## See the sudoers man page for the details on how to write a sudoers file.
-##
-
-## Uncomment to allow members of group wheel to execute any command
-%wheel ALL=(ALL) ALL
-
diff --git a/conf/all/etc/sysctl.d/10-ptrace.conf b/conf/all/etc/sysctl.d/10-ptrace.conf
deleted file mode 100644
index eef76ecb8fb1466bc9f94220e57f15d61c3450ae..0000000000000000000000000000000000000000
--- a/conf/all/etc/sysctl.d/10-ptrace.conf
+++ /dev/null
@@ -1,2 +0,0 @@
-# disable ptrace restriction (a user can attach to any of their processes now)
-kernel.yama.ptrace_scope = 0
diff --git a/conf/all/etc/sysctl.d/50-coredump.conf b/conf/all/etc/sysctl.d/50-coredump.conf
deleted file mode 100644
index 6fdfd5373b77a6e3e3e1617e530f23bd938de715..0000000000000000000000000000000000000000
--- a/conf/all/etc/sysctl.d/50-coredump.conf
+++ /dev/null
@@ -1,14 +0,0 @@
-# This file is part of systemd.
-#
-# systemd is free software; you can redistribute it and/or modify it
-# under the terms of the GNU Lesser General Public License as published by
-# the Free Software Foundation; either version 2.1 of the License, or
-# (at your option) any later version.
-
-# See sysctl.d(5) for the description of the files in this directory,
-# and systemd-coredump(8) and core(5) for the explanation of the
-# setting below.
-
-# restore pre-systemd default
-kernel.core_pattern=%e.core
-kernel.core_uses_pid=0
diff --git a/conf/all/etc/systemd/logind.conf b/conf/all/etc/systemd/logind.conf
deleted file mode 100644
index eb06b89c76e210611e8b1e78a4af80019540a755..0000000000000000000000000000000000000000
--- a/conf/all/etc/systemd/logind.conf
+++ /dev/null
@@ -1,35 +0,0 @@
-# This file is part of systemd.
-#
-# systemd is free software; you can redistribute it and/or modify it
-# under the terms of the GNU Lesser General Public License as published by
-# the Free Software Foundation; either version 2.1 of the License, or
-# (at your option) any later version.
-#
-# Entries in this file show the compile time defaults.
-# You can change settings by editing this file.
-# Defaults can be restored by simply deleting this file.
-#
-# See logind.conf(5) for details.
-
-[Login]
-#NAutoVTs=6
-#ReserveVT=6
-KillUserProcesses=no
-#KillOnlyUsers=
-#KillExcludeUsers=root
-#InhibitDelayMaxSec=5
-#HandlePowerKey=poweroff
-#HandleSuspendKey=suspend
-#HandleHibernateKey=hibernate
-#HandleLidSwitch=suspend
-#HandleLidSwitchDocked=ignore
-#PowerKeyIgnoreInhibited=no
-#SuspendKeyIgnoreInhibited=no
-#HibernateKeyIgnoreInhibited=no
-#LidSwitchIgnoreInhibited=yes
-#HoldoffTimeoutSec=30s
-#IdleAction=ignore
-#IdleActionSec=30min
-#RuntimeDirectorySize=10%
-#RemoveIPC=yes
-#UserTasksMax=12288
diff --git a/conf/all/etc/systemd/system/bench.service b/conf/all/etc/systemd/system/bench.service
deleted file mode 100644
index 8970b6a82eaa0287cabc614fd41ed12e777aad19..0000000000000000000000000000000000000000
--- a/conf/all/etc/systemd/system/bench.service
+++ /dev/null
@@ -1,20 +0,0 @@
-[Unit]
-Description=divbench benchmarking setup
-
-[Service]
-Restart=always
-RestartSec=15
-Delegate=true
-CPUAccounting=true
-MemoryAccounting=true
-ExecStart=/bin/bash -c '\
-set -ex;\
-SLICE=`grep memory: /proc/$$$$/cgroup | cut -f3 -d:`; \
-chown bench /sys/fs/cgroup/memory/$$SLICE/memory.limit_in_bytes; \
-chown bench /sys/fs/cgroup/memory/$$SLICE/memory.memsw.limit_in_bytes; \
-sudo -u bench /srv/bench/bench-run.sh'
-KillMode=control-group
-KillSignal=SIGTERM
-
-[Install]
-WantedBy=multi-user.target
diff --git a/conf/all/etc/systemd/system/benchexec-cgroup.service b/conf/all/etc/systemd/system/benchexec-cgroup.service
deleted file mode 100644
index 8b206d82e159fe362da74a23c98197a00844e0eb..0000000000000000000000000000000000000000
--- a/conf/all/etc/systemd/system/benchexec-cgroup.service
+++ /dev/null
@@ -1,30 +0,0 @@
-[Unit]
-Description=Cgroup setup for BenchExec
-Documentation=https://github.com/sosy-lab/benchexec/blob/master/doc/INSTALL.md
-Documentation=https://github.com/sosy-lab/benchexec/blob/master/doc/INDEX.md
-
-[Service]
-# Adjust the following line to configure permissions for cgroup usage.
-# The default gives permissions to users in group "benchexec".
-# You can change the group name, or give permissions to everybody by
-# setting BENCHEXEC_CGROUP_PERM to "a+w".
-Environment=BENCHEXEC_CGROUP_GROUP=benchexec BENCHEXEC_CGROUP_PERM=g+w
-
-Restart=always
-Delegate=true
-CPUAccounting=true
-MemoryAccounting=true
-ExecStart=/bin/bash -c '\
-set -e;\
-mkdir -p /sys/fs/cgroup/{cpuset,freezer}/%c;\
-cd /sys/fs/cgroup/cpuset/;\
-cp cpuset.cpus cpuset.mems system.slice/;\
-cp cpuset.cpus cpuset.mems ./%c;\
-echo $$$$ > ./%c/tasks;\
-[ -z "${BENCHEXEC_CGROUP_GROUP}" ] || chgrp -R ${BENCHEXEC_CGROUP_GROUP} /sys/fs/cgroup/*/%c/;\
-[ -z "${BENCHEXEC_CGROUP_PERM}" ] || chmod -R ${BENCHEXEC_CGROUP_PERM} /sys/fs/cgroup/*/%c/;\
-exec sleep $(( 10 * 365 * 24 * 3600 ))'
-
-[Install]
-WantedBy=multi-user.target
-
diff --git a/conf/all/etc/systemd/system/buildbot-worker.service b/conf/all/etc/systemd/system/buildbot-worker.service
deleted file mode 100644
index 64e68977c66535e2e8e7cd59e756b5e5030f3f34..0000000000000000000000000000000000000000
--- a/conf/all/etc/systemd/system/buildbot-worker.service
+++ /dev/null
@@ -1,16 +0,0 @@
-[Unit]
-Description=Buildbot Worker
-Wants=network.target
-After=network.target
-
-[Service]
-
-WorkingDirectory=/srv/builds/buildbot
-ExecStart=/srv/builds/buildbot/bin/buildbot-worker start --nodaemon worker-%H
-ExecReload=/srv/builds/buildbot/bin/buildbot-worker restart worker-%H
-ExecStop=/srv/builds/buildbot/bin/buildbot-worker stop worker-%H
-Restart=always
-User=buildbot
-
-[Install]
-WantedBy=multi-user.target
diff --git a/conf/all/etc/systemd/system/known_hosts.service b/conf/all/etc/systemd/system/known_hosts.service
deleted file mode 100644
index 35b82a9c897d468994d26f9a47633aac3224514b..0000000000000000000000000000000000000000
--- a/conf/all/etc/systemd/system/known_hosts.service
+++ /dev/null
@@ -1,8 +0,0 @@
-[Unit]
-Description=Sync SSH known_hosts
-RefuseManualStart=no
-RefuseManualStop=yes
-
-[Service]
-Type=oneshot
-ExecStart=/root/arch-deploy/bin/get_ssh_hosts
diff --git a/conf/all/etc/systemd/system/known_hosts.timer b/conf/all/etc/systemd/system/known_hosts.timer
deleted file mode 100644
index 9ae3e47305c398753a49c122ced580f5285e6f2e..0000000000000000000000000000000000000000
--- a/conf/all/etc/systemd/system/known_hosts.timer
+++ /dev/null
@@ -1,11 +0,0 @@
-[Unit]
-RefuseManualStart=no
-RefuseManualStart=no
-RefuseManualStop=no
-
-[Timer]
-Persistent=true
-OnCalendar=*-*-* 00:00:00
-
-[Install]
-WantedBy=default.target
diff --git a/conf/all/etc/systemd/system/wait-server@.service b/conf/all/etc/systemd/system/wait-server@.service
deleted file mode 100644
index 0e91ba6d8c64a9d33c056ca5679d87fb69a6daf2..0000000000000000000000000000000000000000
--- a/conf/all/etc/systemd/system/wait-server@.service
+++ /dev/null
@@ -1,8 +0,0 @@
-[Unit]
-Description=Wait until %i comes online
-After=network-online.target
-Requires=network-online.target
-
-[Service]
-Type=oneshot
-ExecStart=/root/arch-deploy/bin/waitonline %i
diff --git a/conf/all/etc/tmpfiles.d/home.conf b/conf/all/etc/tmpfiles.d/home.conf
deleted file mode 100644
index c49b4e4e2906421ecc0394da7ad06710a525d5df..0000000000000000000000000000000000000000
--- a/conf/all/etc/tmpfiles.d/home.conf
+++ /dev/null
@@ -1,13 +0,0 @@
-# This file is part of systemd.
-#
-# systemd is free software; you can redistribute it and/or modify it
-# under the terms of the GNU Lesser General Public License as published by
-# the Free Software Foundation; either version 2.1 of the License, or
-# (at your option) any later version.
-
-# See tmpfiles.d(5) for details
-
-# Q /home 0755 - - -
-# q /srv 0755 - - -
-d /home 0755 - - -
-d /srv 0755 - - -
diff --git a/conf/all/etc/tmpfiles.d/pds.conf b/conf/all/etc/tmpfiles.d/pds.conf
deleted file mode 100644
index 72953b4852c9620a8467b426f2e2bc744e242855..0000000000000000000000000000000000000000
--- a/conf/all/etc/tmpfiles.d/pds.conf
+++ /dev/null
@@ -1,3 +0,0 @@
-d /backup 0755 - - -
-d /home-archive 0755 - - -
-d /srv/builds 0755 - - -
diff --git a/conf/all/etc/tmpfiles.d/tmp.conf b/conf/all/etc/tmpfiles.d/tmp.conf
deleted file mode 100644
index e8b61c797f5a2de59bc532b4fa4e0009714720eb..0000000000000000000000000000000000000000
--- a/conf/all/etc/tmpfiles.d/tmp.conf
+++ /dev/null
@@ -1,18 +0,0 @@
-# This file is part of systemd.
-#
-# systemd is free software; you can redistribute it and/or modify it
-# under the terms of the GNU Lesser General Public License as published by
-# the Free Software Foundation; either version 2.1 of the License, or
-# (at your option) any later version.
-
-# See tmpfiles.d(5) for details
-
-# Clear tmp directories separately, to make them easier to override
-q /tmp 1777 root root 30d
-q /var/tmp 1777 root root -
-
-# Exclude namespace mountpoints created with PrivateTmp=yes
-x /tmp/systemd-private-%b-*
-X /tmp/systemd-private-%b-*/tmp
-x /var/tmp/systemd-private-%b-*
-X /var/tmp/systemd-private-%b-*/tmp
diff --git a/conf/all/root/.bash_profile b/conf/all/root/.bash_profile
deleted file mode 100644
index 3f56aa0b09e686a00b2dda96dd4eae1cc8832259..0000000000000000000000000000000000000000
--- a/conf/all/root/.bash_profile
+++ /dev/null
@@ -1 +0,0 @@
-[[ -f ~/.bashrc ]] && . ~/.bashrc
diff --git a/conf/all/root/.bashrc b/conf/all/root/.bashrc
deleted file mode 100644
index d3946c88175b61ee03885cce9727494f193a81aa..0000000000000000000000000000000000000000
--- a/conf/all/root/.bashrc
+++ /dev/null
@@ -1,22 +0,0 @@
-export EDITOR=vim
-GREEN="$(tput setaf 2)"
-RED="$(tput setaf 1)"
-REDB="$(tput setab 1)$(tput setaf 0)"
-RESET="$(tput sgr0)"
-
-function status {
- S=$?
- if [[ $S = 0 ]]; then
- echo ${GREEN}
- else
- echo ${REDB}
- fi
- return $S
-}
-
-PROMPT_COMMAND='history -a'
-PS1="\[${RED}\][\u@\h \w]\[\$(status)\](\$?)\$\[${RESET}\] "
-
-alias ls='ls --color=auto'
-alias ll='ls -l'
-alias s='screen'
diff --git a/conf/all/root/.screenrc b/conf/all/root/.screenrc
deleted file mode 100644
index 2650d7e6cab6c87e1403c09206097385de7ec177..0000000000000000000000000000000000000000
--- a/conf/all/root/.screenrc
+++ /dev/null
@@ -1,15 +0,0 @@
-startup_message off
-hardstatus off
-hardstatus alwayslastline
-# hardstatus string '%{= kG}[ %{G}%H %{g}][%= %{= kw}%?%-Lw%?%{r}(%{W}%n*%f%t%?(%u)%?%{r})%{w}%?%+Lw%?%?%= %{g}][%{B} %m-%d %{W} %c %{g}]'
-hardstatus string '%{= kG}[%= %{= kw}%?%-Lw%?%{r}(%{W}%n*%f%t%?(%u)%?%{r})%{w}%?%+Lw%?%?%= %{g}][%{B} %m-%d %{W} %c %{g}]'
-defscrollback 100000
-terminfo rxvt* 'Co#256:AB=\E[48;5;%dm:AF=\E[38;5;%dm'
-termcapinfo xterm* ti@:te@ # X scrolling
-termcapinfo rxvt-unicode ti@:te@:
-
-# 256 colors
-# term rxvt-unicode-256color
-attrcolor b ".I" # allow bold colors - necessary for some reason
-termcapinfo xterm 'Co#256:AB=\E[48;5;%dm:AF=\E[38;5;%dm' # tell screen how to set colors. AB = background, AF=foreground
-defbce on # use current bg color for erased chars
diff --git a/conf/all/root/.toprc b/conf/all/root/.toprc
deleted file mode 100644
index 1a3aa7c44275bd341755d36138d3cc6a5c3e394b..0000000000000000000000000000000000000000
--- a/conf/all/root/.toprc
+++ /dev/null
@@ -1,16 +0,0 @@
-top's Config File (Linux processes with windows)
-Id:i, Mode_altscr=0, Mode_irixps=1, Delay_time=1.500, Curwin=0
-Def fieldscur=¥&K¨³´»½@·º¹56ÄFÅ')*+,-./0128<>?ABCGHIJLMNOPQRSTUVWXYZ[\]^_`abcdefghij
- winflags=193844, sortindx=18, maxtasks=0, graph_cpus=0, graph_mems=0
- summclr=1, msgsclr=1, headclr=3, taskclr=1
-Job fieldscur=¥¦¹·º(³´Ä»½@<§Å)*+,-./012568>?ABCFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghij
- winflags=163124, sortindx=0, maxtasks=0, graph_cpus=2, graph_mems=0
- summclr=6, msgsclr=6, headclr=7, taskclr=6
-Mem fieldscur=¥º»<½¾¿ÀÁMBNÃD34·Å&'()*+,-./0125689FGHIJKLOPQRSTUVWXYZ[\]^_`abcdefghij
- winflags=163124, sortindx=21, maxtasks=0, graph_cpus=2, graph_mems=0
- summclr=5, msgsclr=5, headclr=4, taskclr=5
-Usr fieldscur=¥¦§¨ª°¹·ºÄÅ)+,-./1234568;<=>?@ABCFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghij
- winflags=163124, sortindx=3, maxtasks=0, graph_cpus=2, graph_mems=0
- summclr=3, msgsclr=3, headclr=2, taskclr=3
-Fixed_widest=0, Summ_mscale=2, Task_mscale=1, Zero_suppress=0
-
diff --git a/conf/all/root/.vimrc b/conf/all/root/.vimrc
deleted file mode 100644
index d3edc6b1130aca59cb7724f4708eaabf14abc0d3..0000000000000000000000000000000000000000
--- a/conf/all/root/.vimrc
+++ /dev/null
@@ -1,64 +0,0 @@
-" vim: syntax=vim
-
-syntax on
-"set nu
-set backspace=2
-
-set omnifunc=haskellcomplete#CompleteHaskell
-set autoindent
-"set tabstop=2
-set shiftwidth=2
-set expandtab
-
-set nocompatible " allow not-in-vi features
-"set modeline
-set hlsearch " highlight search matches
-set incsearch " incremental search on
-"set scrolloff=5 " minimally show N lines below/above cursor
-set tabstop=4 " set tabstop to 4
-set softtabstop=2 " set tabstop to 4
-"set expandtab
-"set autoindent " use autoindent
-set shiftwidth=4 " autoindenter 'indent level' width
-"set textwidth=78 " break lines at char 79 automatically
-"set backspace=indent,eol,start " allow backspacing end of line
-set history=120 " save last 120 commands in history
-"set backup " create autobackups
-set ruler " show status line on last line
-"set showcmd " display keys as pressed in normal mode
-set linebreak " break long lines when displaying
-set restorescreen " restore screen state after exit
-"set ttyfast " we have fast terminal
-"set foldcolumn=3 " create fold-open markers on left
-set number " show line numbers on left
-set whichwrap=b,s,[,],<,>,h,l " allow cursor keys to move over line-ends
-let c_space_errors=1
-set tabpagemax=100 " do not limit number of tabs significantly
-
-"latex:
-filetype plugin indent on
-set grepprg=grep\ -nH\ $*
-let g:tex_flavor = "latex"
-
-"spellcheck LaTeX
-autocmd FileType tex setlocal spell spelllang=en_us,cs
-autocmd FileType mdwn setlocal spell spelllang=en_us,cs
-autocmd FileType tmdwn setlocal spell spelllang=en_us,cs
-
-" more bash-like tab completion
-set wildmode=longest,list,full
-set wildmenu
-
-highlight ExtraWhitespace ctermbg=red guibg=red
-" Show trailing whitespace and spaces before a tab:
-match ExtraWhitespace /\s\+$\| \+\ze\t/
-
-map <F6> :!make all
-map <F7> :!autocompile %
-map <F8> :!make all >& /dev/null &
-
-augroup pandoc_syntax
- au! BufNewFile,BufFilePRe,BufRead *.md set filetype=markdown.pandoc
-augroup END
-
-set mouse=a
diff --git a/conf/all/sysctl.d/50-coredump.conf b/conf/all/sysctl.d/50-coredump.conf
deleted file mode 100644
index 6fdfd5373b77a6e3e3e1617e530f23bd938de715..0000000000000000000000000000000000000000
--- a/conf/all/sysctl.d/50-coredump.conf
+++ /dev/null
@@ -1,14 +0,0 @@
-# This file is part of systemd.
-#
-# systemd is free software; you can redistribute it and/or modify it
-# under the terms of the GNU Lesser General Public License as published by
-# the Free Software Foundation; either version 2.1 of the License, or
-# (at your option) any later version.
-
-# See sysctl.d(5) for the description of the files in this directory,
-# and systemd-coredump(8) and core(5) for the explanation of the
-# setting below.
-
-# restore pre-systemd default
-kernel.core_pattern=%e.core
-kernel.core_uses_pid=0
diff --git a/conf/anna/etc/exports b/conf/anna/etc/exports
deleted file mode 100644
index 5c8dbf0bae93505884d76198af74f9cb0ae69451..0000000000000000000000000000000000000000
--- a/conf/anna/etc/exports
+++ /dev/null
@@ -1,6 +0,0 @@
-/srv/builds pythia*.fi.muni.cz(rw,no_subtree_check,root_squash,async,mountpoint)
-/srv/builds pheme*.fi.muni.cz(rw,no_subtree_check,root_squash,async,mountpoint)
-/srv/builds pandora*.fi.muni.cz(rw,no_subtree_check,root_squash,async,mountpoint)
-/srv/builds anna.fi.muni.cz(rw,no_subtree_check,root_squash,async,mountpoint)
-/srv/builds antea.fi.muni.cz(rw,no_subtree_check,root_squash,async,mountpoint)
-/srv/builds arke.fi.muni.cz(rw,no_subtree_check,root_squash,async,mountpoint)
diff --git a/conf/anna/etc/fstab b/conf/anna/etc/fstab
deleted file mode 100644
index eb4dc21ce7c55d92f8ac972e6e7dc078fca46387..0000000000000000000000000000000000000000
--- a/conf/anna/etc/fstab
+++ /dev/null
@@ -1,15 +0,0 @@
-# /dev/mapper/vg0.anna-root
-UUID=6adf96ed-e9de-41dd-9a43-e573cdfb74f3 / xfs rw,relatime,attr2,inode64,logbufs=8,logbsize=32k,noquota 0 1
-
-/dev/mapper/vg0.anna-postgres /srv/postgres ext4 rw,relatime,data=ordered 0 2
-
-pandora01:/home /home nfs noauto,vers=3,x-systemd.automount 0 0
-pandora01:/backup /backup nfs noauto,vers=3,x-systemd.automount 0 0
-pandora01:/srv/www /srv/www nfs noauto,vers=3,x-systemd.automount 0 0
-pandora01:/srv/code /srv/code nfs noauto,vers=3,x-systemd.automount 0 0
-
-pontos02:/home/xstill /home/xstill nfs noauto,vers=3,x-systemd.automount 0 0
-pontos01:/home/xmisenko /home/xmisenko nfs noauto,vers=3,x-systemd.automount 0 0
-pontos03:/home/xadamove /home/xadamove nfs noauto,vers=3,x-systemd.automount 0 0
-pontos04:/home/xondika /home/xondika nfs noauto,vers=3,x-systemd.automount 0 0
-pontos04:/home/xkrumlo1 /home/xkrumlo1 nfs noauto,vers=3,x-systemd.automount 0 0
diff --git a/conf/anna/etc/nftables.conf b/conf/anna/etc/nftables.conf
deleted file mode 100644
index d8211165408d4894a3649569ce5bcdd88cff9bd5..0000000000000000000000000000000000000000
--- a/conf/anna/etc/nftables.conf
+++ /dev/null
@@ -1,59 +0,0 @@
-#!/usr/bin/nft -f
-# ipv4/ipv6 Simple & Safe Firewall
-# you can find examples in /usr/share/nftables/
-
-flush ruleset
-
-table inet filter {
- chain input {
- type filter hook input priority 0;
-
- # allow established/related connections
- ct state { established, related } accept
-
- # early drop of invalid connections
- ct state invalid drop
-
- # allow from loopback
- iifname lo accept
-
- # allow libvirt bridge
- iifname virbr0 accept
-
- # allow icmp
- ip protocol icmp accept
- ip6 nexthdr icmpv6 accept
-
- # DHCPv6
- udp sport 547 accept
-
- # allow ssh, http(s)
- tcp dport { ssh, http, https } accept
-
- # NFS
- tcp dport { 111, 2049, 20048, 32765, 32766, 32803, 32769 } accept
- udp dport { 111, 2049, 20048, 32765, 32766, 32803, 32769 } accept
-
- # matterircd, ZNC
-# tcp dport { 7000, 70001 } accept
-
- # Local services (ident: 113, postgres: 5432)
- ip saddr 147.251.51.160-147.251.51.255 tcp dport { 113, 5432 } accept
- ip6 saddr 2001:718:801:233::a0-2001:718:801:233::ff tcp dport { 113, 5432 } accept
-
- # everything else
- ip saddr 147.251.51.1-147.251.51.159 reject with icmp type port-unreachable # junk from other labs
- reject with icmpx type port-unreachable
- reject
- }
- chain forward {
- type filter hook forward priority 0;
- drop
- }
- chain output {
- type filter hook output priority 0;
- }
-
-}
-
-# vim:set ts=2 sw=2 et:
diff --git a/conf/anna/etc/nginx/mime.types b/conf/anna/etc/nginx/mime.types
deleted file mode 100644
index aefe646733e852653c8f5a075e4dc87d3cd68522..0000000000000000000000000000000000000000
--- a/conf/anna/etc/nginx/mime.types
+++ /dev/null
@@ -1,89 +0,0 @@
-
-types {
- text/html html htm shtml;
- text/css css;
- text/xml xml;
- image/gif gif;
- image/jpeg jpeg jpg;
- application/javascript js;
- application/atom+xml atom;
- application/rss+xml rss;
-
- text/mathml mml;
- text/plain txt c cpp h hpp md bib;
- text/vnd.sun.j2me.app-descriptor jad;
- text/vnd.wap.wml wml;
- text/x-component htc;
-
- image/png png;
- image/tiff tif tiff;
- image/vnd.wap.wbmp wbmp;
- image/x-icon ico;
- image/x-jng jng;
- image/x-ms-bmp bmp;
- image/svg+xml svg svgz;
- image/webp webp;
-
- application/font-woff woff;
- application/java-archive jar war ear;
- application/json json;
- application/mac-binhex40 hqx;
- application/msword doc;
- application/pdf pdf;
- application/postscript ps eps ai;
- application/rtf rtf;
- application/vnd.apple.mpegurl m3u8;
- application/vnd.ms-excel xls;
- application/vnd.ms-fontobject eot;
- application/vnd.ms-powerpoint ppt;
- application/vnd.wap.wmlc wmlc;
- application/vnd.google-earth.kml+xml kml;
- application/vnd.google-earth.kmz kmz;
- application/x-7z-compressed 7z;
- application/x-cocoa cco;
- application/x-java-archive-diff jardiff;
- application/x-java-jnlp-file jnlp;
- application/x-makeself run;
- application/x-perl pl pm;
- application/x-pilot prc pdb;
- application/x-rar-compressed rar;
- application/x-redhat-package-manager rpm;
- application/x-sea sea;
- application/x-shockwave-flash swf;
- application/x-stuffit sit;
- application/x-tcl tcl tk;
- application/x-x509-ca-cert der pem crt;
- application/x-xpinstall xpi;
- application/xhtml+xml xhtml;
- application/xspf+xml xspf;
- application/zip zip;
-
- application/octet-stream bin exe dll;
- application/octet-stream deb;
- application/octet-stream dmg;
- application/octet-stream iso img;
- application/octet-stream msi msp msm;
-
- application/vnd.openxmlformats-officedocument.wordprocessingml.document docx;
- application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx;
- application/vnd.openxmlformats-officedocument.presentationml.presentation pptx;
-
- audio/midi mid midi kar;
- audio/mpeg mp3;
- audio/ogg ogg;
- audio/x-m4a m4a;
- audio/x-realaudio ra;
-
- video/3gpp 3gpp 3gp;
- video/mp2t ts;
- video/mp4 mp4;
- video/mpeg mpeg mpg;
- video/quicktime mov;
- video/webm webm;
- video/x-flv flv;
- video/x-m4v m4v;
- video/x-mng mng;
- video/x-ms-asf asx asf;
- video/x-ms-wmv wmv;
- video/x-msvideo avi;
-}
diff --git a/conf/anna/etc/nginx/nginx.conf b/conf/anna/etc/nginx/nginx.conf
deleted file mode 100644
index c58578d1c0c9db96511d18e61833870d922d0612..0000000000000000000000000000000000000000
--- a/conf/anna/etc/nginx/nginx.conf
+++ /dev/null
@@ -1,363 +0,0 @@
-user www-nginx;
-worker_processes auto;
-pid /run/nginx.pid;
-include /etc/nginx/modules-enabled/*.conf;
-
-events {
- worker_connections 768;
- # multi_accept on;
-}
-
-http {
- include mime.types;
- default_type application/octet-stream;
-
- sendfile on;
- tcp_nopush on;
- tcp_nodelay on;
- keepalive_timeout 65;
- types_hash_max_size 2048;
-
- #gzip on;
-
- # set plaintext data to UTF-8
- charset utf-8;
- charset_types text/plain;
-
- ssl_ciphers HIGH:!CBC:!aNULL:!MD5;
- ssl_protocols TLSv1.2 TLSv1.3;
- ssl_prefer_server_ciphers on;
- ssl_session_cache shared:SSL:10m;
- ssl_session_timeout 180m;
- add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
- add_header X-Frame-Options DENY;
- add_header X-Content-Type-Options nosniff;
- ssl_session_tickets off;
- ssl_stapling on;
- ssl_stapling_verify on;
- # resolver 8.8.8.8 8.8.4.4 valid=300s; # Google DNS Servers
- # resolver_timeout 5s;
- resolver 147.251.48.3;
-
- ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
-
- ##
- # Logging Settings
- ##
-
- access_log /var/log/nginx/access.log;
- error_log /var/log/nginx/error.log;
-
- ##
- # Gzip Settings
- ##
-
- gzip on;
-
- # gzip_vary on;
- # gzip_proxied any;
- # gzip_comp_level 6;
- # gzip_buffers 16 8k;
- # gzip_http_version 1.1;
- # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
-
- ##
- # Virtual Host Configs
- ##
-
- include /etc/nginx/conf.d/*.conf;
- include /etc/nginx/sites-enabled/*;
-
- server {
- listen 80 default_server;
- listen 443 ssl default_server;
- listen [::]:80 default_server;
- listen [::]:443 ssl default_server;
- server_name paradise.fi.muni.cz anna.fi.muni.cz localhost 127.0.0.1;
-
- location / { alias /srv/www/web-paradise/; }
-
-# location ~ ^/~([^/]*)(.*)\.php$ {
-# fastcgi_pass unix:/run/php56-fpm/php-fpm-commonphp.sock;
-# fastcgi_index index.php;
-# fastcgi_param HTTPS $https;
-# fastcgi_param SCRIPT_FILENAME /home/$1/public_html/$2.php;
-# include /etc/nginx/fastcgi_params;
-# }
-
- location ~ ^/~([^/]*)(.*) {
-# index index.html index.php;
- autoindex on;
- alias /home/$1/public_html$2;
- }
-
- location = /~xbarnat/HLIDANI_PISEMEK/ {
-# return 302 https://paradise.fi.muni.cz/examwatch/xbarnat/;
- }
-
- location ~ /examwatch/([^/]*)/ {
- if ($scheme != https) {
- rewrite ^/(.*) https://paradise.fi.muni.cz/$1 redirect;
- }
-
- auth_pam "HlÃdánà pÃsemek / Exam Watch";
- auth_pam_service_name "nginx";
-
-# fastcgi_param SCRIPT_FILENAME /srv/www/cgi/examwatch.pl;
- fastcgi_param NGINX_AUTH_USER $remote_user;
- fastcgi_param EXAMINER $1;
- fastcgi_pass unix:/run/fcgiwrap.socket;
- include fastcgi.conf;
- }
-
-# location ~ ^/yahoda/(.*)\.cgi$ {
-# fastcgi_pass antea.fi.muni.cz:9200; # unix:/tmp/cgi.sock;
-## fastcgi_pass unix:/run/fcgiwrap.socket;
-# fastcgi_index index.cgi;
-# fastcgi_param HTTPS $https;
-# fastcgi_param SCRIPT_FILENAME /srv/www/yahoda/$1.cgi;
-# fastcgi_param REMOTE_USER $remote_user;
-
-# include /etc/nginx/fastcgi_params;
-# }
-
-# location /yahoda {
-# alias /srv/www/yahoda;
-# }
-
- location /papers {
- return 302 https://paradise.fi.muni.cz/publications.html;
- }
-
- location /PDMC {
- alias /srv/www/pdmc;
- }
-
- location /fmics2018 {
- rewrite ^/fmics2018/(.*) http://fmics2018.fi.muni.cz/$1 redirect;
- }
-
-# location ~ ^/hooks/(.*)\.cgi$ {
-# fastcgi_index index.cgi;
-# fastcgi_param SCRIPT_FILENAME /srv/www/hooks/$1.cgi;
-# fastcgi_pass unix:/run/fcgiwrap.socket;
-# include fastcgi.conf;
-# }
-
- location ~ ^/20([0-9][0-9])/(.*)$ {
- alias /srv/www/archive/20$1/$2;
- autoindex on;
- }
-
- location /hooks {
- alias /srv/www/hooks;
- }
-
- location /publications/ {
- return 302 https://paradise.fi.muni.cz/publications.html;
- }
-
- location /parameterSynthesis/ {
- alias /srv/www/parameterSynthesis/;
- }
-
- location /mirrors/archlinux/upstream/ {
- alias /archmirror/upstream/repo/;
- autoindex on;
- }
-
- location /mirrors/archlinux/next/ {
- alias /archmirror/next/repo/;
- autoindex on;
- }
-
- location /mirrors/archlinux/local/ {
- alias /archmirror/local/repo/;
- autoindex on;
- }
-
- location /authdata/ {
- alias /srv/www/web-paradise/authdata/;
- if ($scheme != https) {
- rewrite ^/(.*) https://paradise.fi.muni.cz/$1 redirect;
- }
- auth_pam "ParaDiSe local data";
- auth_pam_service_name "nginx";
- }
- location /auth/ {
- alias /srv/www/web-paradise-auth/;
- if ($scheme != https) {
- rewrite ^/(.*) https://paradise.fi.muni.cz/$1 redirect;
- }
- auth_pam "ParaDiSe local WIKI";
- auth_pam_service_name "nginx";
-
- location /auth/znc/ {
- if ($scheme != https) {
- rewrite ^/(.*) https://paradise.fi.muni.cz/$1 redirect;
- }
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header Authorization "";
- proxy_pass http://127.0.0.1:7002/auth/znc/;
- }
- location /auth/irclogs/ {
- if ($scheme != https) {
- rewrite ^/(.*) https://paradise.fi.muni.cz/$1 redirect;
- }
- location /auth/irclogs/serve.pl {
- fastcgi_index index.cgi;
- fastcgi_param SCRIPT_FILENAME /srv/pdsbot/pdsbot/serve.pl;
- fastcgi_param NGINX_AUTH_USER $remote_user;
- fastcgi_pass unix:/run/fcgiwrap.socket;
- include fastcgi.conf;
- }
- alias /srv/pdsbot/logs/;
- try_files $uri /auth/irclogs/serve.pl;
- default_type text/plain;
- autoindex on;
- }
- }
-
- ssl_certificate /etc/letsencrypt/live/anna.fi.muni.cz/fullchain.pem; # managed by Certbot
- ssl_certificate_key /etc/letsencrypt/live/anna.fi.muni.cz/privkey.pem; # managed by Certbot
-
-}
-
- server {
- listen 80;
- listen 443 ssl;
- listen [::]:80;
- listen [::]:443 ssl;
- server_name divine.fi.muni.cz;
- autoindex on;
-
- location / { alias /srv/www/divine/; }
- location /old { alias /srv/www/divine-old; }
- location /darcs {
- alias /home/xrockai/src/public/divine;
- autoindex on;
- }
-
- location ~ ^/20([0-9][0-9])/(.*)$ {
- alias /srv/www/archive/20$1/$2;
- autoindex on;
- }
-
- location /download/error.html {
- fastcgi_index index.cgi;
- fastcgi_param SCRIPT_FILENAME /srv/www/util/divine_download_error.pl;
- fastcgi_pass unix:/run/fcgiwrap.socket;
- include fastcgi.conf;
- }
-
- location /download/ {
- alias /srv/www/divine/download/;
- error_page 404 403 /download/error.html;
- index /download/error.html;
- autoindex off;
-
- rewrite ^/download.*/([^/]*\.html) /$1 redirect;
- rewrite ^/download.*/([^/]*\.css) /$1 redirect;
- }
-
- location /trac {
- proxy_pass http://127.0.0.1:3002/trac;
- proxy_set_header Host $host;
- }
-
- ssl_certificate /etc/letsencrypt/live/anna.fi.muni.cz/fullchain.pem; # managed by Certbot
- ssl_certificate_key /etc/letsencrypt/live/anna.fi.muni.cz/privkey.pem; # managed by Certbot
-}
-
- server {
- listen 80;
- listen 443 ssl;
- listen [::]:80;
- listen [::]:443 ssl;
- # note that the duplicates here are so that certbot generates
- # certificate for both www and non-www versions, there is still no
- # wildcard cerificate, as that requires extra manual work or DNS plugin
- # for certbot
- server_name rofi.fi.muni.cz ro.fi.muni.cz rofibots.cz rofibots.com www.rofibots.cz www.rofibots.com *.rofibots.cz *.rofibots.com;
- root /srv/www/rofi/;
-
- ssl_certificate /etc/letsencrypt/live/anna.fi.muni.cz/fullchain.pem; # managed by Certbot
- ssl_certificate_key /etc/letsencrypt/live/anna.fi.muni.cz/privkey.pem; # managed by Certbot
- }
-
- server {
- listen 80;
- listen 443 ssl;
- listen [::]:80;
- listen [::]:443 ssl;
- server_name bioinformatika.fi.muni.cz;
-
-
- root /srv/www/sybila/;
-# rewrite ^/_media(.*) /data/media$1;
-# try_files $uri /doku.php?id=$uri&$args;
-
-# location ~ ^(.*)\.php$ {
-# fastcgi_pass unix:/run/php56-fpm/php-fpm-sybila.sock;
-# fastcgi_index index.php;
-# fastcgi_param HTTPS $https;
-# fastcgi_param SCRIPT_FILENAME /srv/www/sybila/$1.php;
-# include /etc/nginx/fastcgi_params;
-# }
-
- ssl_certificate /etc/letsencrypt/live/anna.fi.muni.cz/fullchain.pem; # managed by Certbot
- ssl_certificate_key /etc/letsencrypt/live/anna.fi.muni.cz/privkey.pem; # managed by Certbot
-}
-
- server {
- listen 80;
- listen 443 ssl;
- listen [::]:80;
- listen [::]:443 ssl;
- server_name hsb2015.fi.muni.cz;
- root /srv/www/hsb2015/;
-
- ssl_certificate /etc/letsencrypt/live/anna.fi.muni.cz/fullchain.pem; # managed by Certbot
- ssl_certificate_key /etc/letsencrypt/live/anna.fi.muni.cz/privkey.pem; # managed by Certbot
-}
-
- server {
- listen 80;
- listen 443 ssl;
- listen [::]:80;
- listen [::]:443 ssl;
- server_name sasb2016.fi.muni.cz;
- root /srv/www/sasb2016/;
-
- ssl_certificate /etc/letsencrypt/live/anna.fi.muni.cz/fullchain.pem; # managed by Certbot
- ssl_certificate_key /etc/letsencrypt/live/anna.fi.muni.cz/privkey.pem; # managed by Certbot
-}
-
- server {
- listen 80;
- listen 443 ssl;
- listen [::]:80;
- listen [::]:443 ssl;
- server_name biodivine.fi.muni.cz;
-
- # note: while index only redirects outside, there are other pages
- # reachable by external links, e.g., http://biodivine.fi.muni.cz/aeon
- root /srv/www/biodivine/;
-
-
- ssl_certificate /etc/letsencrypt/live/anna.fi.muni.cz/fullchain.pem; # managed by Certbot
- ssl_certificate_key /etc/letsencrypt/live/anna.fi.muni.cz/privkey.pem; # managed by Certbot
-}
-
- server {
- listen 80;
- listen 443 ssl;
- listen [::]:80;
- listen [::]:443 ssl;
- server_name fmics2018.fi.muni.cz;
- root /srv/www/fmics2018/;
-
- ssl_certificate /etc/letsencrypt/live/anna.fi.muni.cz/fullchain.pem; # managed by Certbot
- ssl_certificate_key /etc/letsencrypt/live/anna.fi.muni.cz/privkey.pem; # managed by Certbot
-}
-}
diff --git a/conf/anna/etc/pam.d/nginx b/conf/anna/etc/pam.d/nginx
deleted file mode 100644
index 9c5526f6cca9735b5a440176b9274ff2d0e40d78..0000000000000000000000000000000000000000
--- a/conf/anna/etc/pam.d/nginx
+++ /dev/null
@@ -1,4 +0,0 @@
-#%PAM-1.0
-
-auth required pam_krb5.so
-account required pam_krb5.so
diff --git a/conf/anna/etc/php56/php-fpm.conf b/conf/anna/etc/php56/php-fpm.conf
deleted file mode 100644
index 3c399a62523eaac362eeb4d901d92a291447ebb0..0000000000000000000000000000000000000000
--- a/conf/anna/etc/php56/php-fpm.conf
+++ /dev/null
@@ -1,551 +0,0 @@
-;;;;;;;;;;;;;;;;;;;;;
-; FPM Configuration ;
-;;;;;;;;;;;;;;;;;;;;;
-
-; All relative paths in this configuration file are relative to PHP's install
-; prefix (/usr). This prefix can be dynamically changed by using the
-; '-p' argument from the command line.
-
-; Include one or more files. If glob(3) exists, it is used to include a bunch of
-; files from a glob(3) pattern. This directive can be used everywhere in the
-; file.
-; Relative path can also be used. They will be prefixed by:
-; - the global prefix if it's been set (-p argument)
-; - /usr otherwise
-;include=/etc/php56/fpm.d/*.conf
-
-;;;;;;;;;;;;;;;;;;
-; Global Options ;
-;;;;;;;;;;;;;;;;;;
-
-[global]
-; Pid file
-; Note: the default prefix is /var
-; Default Value: none
-pid = /run/php56-fpm/php-fpm.pid
-
-; Error log file
-; If it's set to "syslog", log is sent to syslogd instead of being written
-; in a local file.
-; Note: the default prefix is /var
-; Default Value: log/php-fpm.log
-;error_log = log/php-fpm.log
-
-; syslog_facility is used to specify what type of program is logging the
-; message. This lets syslogd specify that messages from different facilities
-; will be handled differently.
-; See syslog(3) for possible values (ex daemon equiv LOG_DAEMON)
-; Default Value: daemon
-;syslog.facility = daemon
-
-; syslog_ident is prepended to every message. If you have multiple FPM
-; instances running on the same server, you can change the default value
-; which must suit common needs.
-; Default Value: php-fpm
-;syslog.ident = php-fpm
-
-; Log level
-; Possible Values: alert, error, warning, notice, debug
-; Default Value: notice
-;log_level = notice
-
-; If this number of child processes exit with SIGSEGV or SIGBUS within the time
-; interval set by emergency_restart_interval then FPM will restart. A value
-; of '0' means 'Off'.
-; Default Value: 0
-;emergency_restart_threshold = 0
-
-; Interval of time used by emergency_restart_interval to determine when
-; a graceful restart will be initiated. This can be useful to work around
-; accidental corruptions in an accelerator's shared memory.
-; Available Units: s(econds), m(inutes), h(ours), or d(ays)
-; Default Unit: seconds
-; Default Value: 0
-;emergency_restart_interval = 0
-
-; Time limit for child processes to wait for a reaction on signals from master.
-; Available units: s(econds), m(inutes), h(ours), or d(ays)
-; Default Unit: seconds
-; Default Value: 0
-;process_control_timeout = 0
-
-; The maximum number of processes FPM will fork. This has been design to control
-; the global number of processes when using dynamic PM within a lot of pools.
-; Use it with caution.
-; Note: A value of 0 indicates no limit
-; Default Value: 0
-; process.max = 128
-
-; Specify the nice(2) priority to apply to the master process (only if set)
-; The value can vary from -19 (highest priority) to 20 (lower priority)
-; Note: - It will only work if the FPM master process is launched as root
-; - The pool process will inherit the master process priority
-; unless it specified otherwise
-; Default Value: no set
-; process.priority = -19
-
-; Send FPM to background. Set to 'no' to keep FPM in foreground for debugging.
-; Default Value: yes
-;daemonize = yes
-
-; Set open file descriptor rlimit for the master process.
-; Default Value: system defined value
-;rlimit_files = 1024
-
-; Set max core size rlimit for the master process.
-; Possible Values: 'unlimited' or an integer greater or equal to 0
-; Default Value: system defined value
-;rlimit_core = 0
-
-; Specify the event mechanism FPM will use. The following is available:
-; - select (any POSIX os)
-; - poll (any POSIX os)
-; - epoll (linux >= 2.5.44)
-; - kqueue (FreeBSD >= 4.1, OpenBSD >= 2.9, NetBSD >= 2.0)
-; - /dev/poll (Solaris >= 7)
-; - port (Solaris >= 10)
-; Default Value: not set (auto detection)
-;events.mechanism = epoll
-
-; When FPM is build with systemd integration, specify the interval,
-; in second, between health report notification to systemd.
-; Set to 0 to disable.
-; Available Units: s(econds), m(inutes), h(ours)
-; Default Unit: seconds
-; Default value: 10
-;systemd_interval = 10
-
-;;;;;;;;;;;;;;;;;;;;
-; Pool Definitions ;
-;;;;;;;;;;;;;;;;;;;;
-
-; Multiple pools of child processes may be started with different listening
-; ports and different management options. The name of the pool will be
-; used in logs and stats. There is no limitation on the number of pools which
-; FPM can handle. Your system will tell you anyway :)
-
-; Start a new pool named 'www'.
-; the variable $pool can we used in any directive and will be replaced by the
-; pool name ('www' here)
-[www-sybila]
-
-; Per pool prefix
-; It only applies on the following directives:
-; - 'access.log'
-; - 'slowlog'
-; - 'listen' (unixsocket)
-; - 'chroot'
-; - 'chdir'
-; - 'php_values'
-; - 'php_admin_values'
-; When not set, the global prefix (or /usr) applies instead.
-; Note: This directive can also be relative to the global prefix.
-; Default Value: none
-;prefix = /path/to/pools/$pool
-
-; Unix user/group of processes
-; Note: The user is mandatory. If the group is not set, the default user's group
-; will be used.
-user = www-sybila
-group = www-sybila
-
-; The address on which to accept FastCGI requests.
-; Valid syntaxes are:
-; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on
-; a specific port;
-; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on
-; a specific port;
-; 'port' - to listen on a TCP socket to all IPv4 addresses on a
-; specific port;
-; '[::]:port' - to listen on a TCP socket to all addresses
-; (IPv6 and IPv4-mapped) on a specific port;
-; '/path/to/unix/socket' - to listen on a unix socket.
-; Note: This value is mandatory.
-;listen = 127.0.0.1:9001
-listen = /run/php56-fpm/php-fpm-sybila.sock
-
-; Set listen(2) backlog.
-; Default Value: 65535 (-1 on FreeBSD and OpenBSD)
-;listen.backlog = 65535
-
-; Set permissions for unix socket, if one is used. In Linux, read/write
-; permissions must be set in order to allow connections from a web server. Many
-; BSD-derived systems allow connections regardless of permissions.
-; Default Values: user and group are set as the running user
-; mode is set to 0660
-listen.owner = www-nginx
-listen.group = www-nginx
-listen.mode = 0660
-; When POSIX Access Control Lists are supported you can set them using
-; these options, value is a comma separated list of user/group names.
-; When set, listen.owner and listen.group are ignored
-;listen.acl_users =
-;listen.acl_groups =
-
-; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect.
-; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original
-; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address
-; must be separated by a comma. If this value is left blank, connections will be
-; accepted from any ip address.
-; Default Value: any
-;listen.allowed_clients = 127.0.0.1
-
-; Specify the nice(2) priority to apply to the pool processes (only if set)
-; The value can vary from -19 (highest priority) to 20 (lower priority)
-; Note: - It will only work if the FPM master process is launched as root
-; - The pool processes will inherit the master process priority
-; unless it specified otherwise
-; Default Value: no set
-; process.priority = -19
-
-; Choose how the process manager will control the number of child processes.
-; Possible Values:
-; static - a fixed number (pm.max_children) of child processes;
-; dynamic - the number of child processes are set dynamically based on the
-; following directives. With this process management, there will be
-; always at least 1 children.
-; pm.max_children - the maximum number of children that can
-; be alive at the same time.
-; pm.start_servers - the number of children created on startup.
-; pm.min_spare_servers - the minimum number of children in 'idle'
-; state (waiting to process). If the number
-; of 'idle' processes is less than this
-; number then some children will be created.
-; pm.max_spare_servers - the maximum number of children in 'idle'
-; state (waiting to process). If the number
-; of 'idle' processes is greater than this
-; number then some children will be killed.
-; ondemand - no children are created at startup. Children will be forked when
-; new requests will connect. The following parameter are used:
-; pm.max_children - the maximum number of children that
-; can be alive at the same time.
-; pm.process_idle_timeout - The number of seconds after which
-; an idle process will be killed.
-; Note: This value is mandatory.
-pm = dynamic
-
-; The number of child processes to be created when pm is set to 'static' and the
-; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'.
-; This value sets the limit on the number of simultaneous requests that will be
-; served. Equivalent to the ApacheMaxClients directive with mpm_prefork.
-; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP
-; CGI. The below defaults are based on a server without much resources. Don't
-; forget to tweak pm.* to fit your needs.
-; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand'
-; Note: This value is mandatory.
-pm.max_children = 5
-
-; The number of child processes created on startup.
-; Note: Used only when pm is set to 'dynamic'
-; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2
-pm.start_servers = 2
-
-; The desired minimum number of idle server processes.
-; Note: Used only when pm is set to 'dynamic'
-; Note: Mandatory when pm is set to 'dynamic'
-pm.min_spare_servers = 1
-
-; The desired maximum number of idle server processes.
-; Note: Used only when pm is set to 'dynamic'
-; Note: Mandatory when pm is set to 'dynamic'
-pm.max_spare_servers = 3
-
-; The number of seconds after which an idle process will be killed.
-; Note: Used only when pm is set to 'ondemand'
-; Default Value: 10s
-;pm.process_idle_timeout = 10s;
-
-; The number of requests each child process should execute before respawning.
-; This can be useful to work around memory leaks in 3rd party libraries. For
-; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.
-; Default Value: 0
-;pm.max_requests = 500
-
-; The URI to view the FPM status page. If this value is not set, no URI will be
-; recognized as a status page. It shows the following informations:
-; pool - the name of the pool;
-; process manager - static, dynamic or ondemand;
-; start time - the date and time FPM has started;
-; start since - number of seconds since FPM has started;
-; accepted conn - the number of request accepted by the pool;
-; listen queue - the number of request in the queue of pending
-; connections (see backlog in listen(2));
-; max listen queue - the maximum number of requests in the queue
-; of pending connections since FPM has started;
-; listen queue len - the size of the socket queue of pending connections;
-; idle processes - the number of idle processes;
-; active processes - the number of active processes;
-; total processes - the number of idle + active processes;
-; max active processes - the maximum number of active processes since FPM
-; has started;
-; max children reached - number of times, the process limit has been reached,
-; when pm tries to start more children (works only for
-; pm 'dynamic' and 'ondemand');
-; Value are updated in real time.
-; Example output:
-; pool: www
-; process manager: static
-; start time: 01/Jul/2011:17:53:49 +0200
-; start since: 62636
-; accepted conn: 190460
-; listen queue: 0
-; max listen queue: 1
-; listen queue len: 42
-; idle processes: 4
-; active processes: 11
-; total processes: 15
-; max active processes: 12
-; max children reached: 0
-;
-; By default the status page output is formatted as text/plain. Passing either
-; 'html', 'xml' or 'json' in the query string will return the corresponding
-; output syntax. Example:
-; http://www.foo.bar/status
-; http://www.foo.bar/status?json
-; http://www.foo.bar/status?html
-; http://www.foo.bar/status?xml
-;
-; By default the status page only outputs short status. Passing 'full' in the
-; query string will also return status for each pool process.
-; Example:
-; http://www.foo.bar/status?full
-; http://www.foo.bar/status?json&full
-; http://www.foo.bar/status?html&full
-; http://www.foo.bar/status?xml&full
-; The Full status returns for each process:
-; pid - the PID of the process;
-; state - the state of the process (Idle, Running, ...);
-; start time - the date and time the process has started;
-; start since - the number of seconds since the process has started;
-; requests - the number of requests the process has served;
-; request duration - the duration in µs of the requests;
-; request method - the request method (GET, POST, ...);
-; request URI - the request URI with the query string;
-; content length - the content length of the request (only with POST);
-; user - the user (PHP_AUTH_USER) (or '-' if not set);
-; script - the main script called (or '-' if not set);
-; last request cpu - the %cpu the last request consumed
-; it's always 0 if the process is not in Idle state
-; because CPU calculation is done when the request
-; processing has terminated;
-; last request memory - the max amount of memory the last request consumed
-; it's always 0 if the process is not in Idle state
-; because memory calculation is done when the request
-; processing has terminated;
-; If the process is in Idle state, then informations are related to the
-; last request the process has served. Otherwise informations are related to
-; the current request being served.
-; Example output:
-; ************************
-; pid: 31330
-; state: Running
-; start time: 01/Jul/2011:17:53:49 +0200
-; start since: 63087
-; requests: 12808
-; request duration: 1250261
-; request method: GET
-; request URI: /test_mem.php?N=10000
-; content length: 0
-; user: -
-; script: /home/fat/web/docs/php/test_mem.php
-; last request cpu: 0.00
-; last request memory: 0
-;
-; Note: There is a real-time FPM status monitoring sample web page available
-; It's available in: /usr/share/php56/fpm/status.html
-;
-; Note: The value must start with a leading slash (/). The value can be
-; anything, but it may not be a good idea to use the .php extension or it
-; may conflict with a real PHP file.
-; Default Value: not set
-;pm.status_path = /status
-
-; The ping URI to call the monitoring page of FPM. If this value is not set, no
-; URI will be recognized as a ping page. This could be used to test from outside
-; that FPM is alive and responding, or to
-; - create a graph of FPM availability (rrd or such);
-; - remove a server from a group if it is not responding (load balancing);
-; - trigger alerts for the operating team (24/7).
-; Note: The value must start with a leading slash (/). The value can be
-; anything, but it may not be a good idea to use the .php extension or it
-; may conflict with a real PHP file.
-; Default Value: not set
-;ping.path = /ping
-
-; This directive may be used to customize the response of a ping request. The
-; response is formatted as text/plain with a 200 response code.
-; Default Value: pong
-;ping.response = pong
-
-; The access log file
-; Default: not set
-;access.log = log/$pool.access.log
-
-; The access log format.
-; The following syntax is allowed
-; %%: the '%' character
-; %C: %CPU used by the request
-; it can accept the following format:
-; - %{user}C for user CPU only
-; - %{system}C for system CPU only
-; - %{total}C for user + system CPU (default)
-; %d: time taken to serve the request
-; it can accept the following format:
-; - %{seconds}d (default)
-; - %{miliseconds}d
-; - %{mili}d
-; - %{microseconds}d
-; - %{micro}d
-; %e: an environment variable (same as $_ENV or $_SERVER)
-; it must be associated with embraces to specify the name of the env
-; variable. Some exemples:
-; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e
-; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e
-; %f: script filename
-; %l: content-length of the request (for POST request only)
-; %m: request method
-; %M: peak of memory allocated by PHP
-; it can accept the following format:
-; - %{bytes}M (default)
-; - %{kilobytes}M
-; - %{kilo}M
-; - %{megabytes}M
-; - %{mega}M
-; %n: pool name
-; %o: output header
-; it must be associated with embraces to specify the name of the header:
-; - %{Content-Type}o
-; - %{X-Powered-By}o
-; - %{Transfert-Encoding}o
-; - ....
-; %p: PID of the child that serviced the request
-; %P: PID of the parent of the child that serviced the request
-; %q: the query string
-; %Q: the '?' character if query string exists
-; %r: the request URI (without the query string, see %q and %Q)
-; %R: remote IP address
-; %s: status (response code)
-; %t: server time the request was received
-; it can accept a strftime(3) format:
-; %d/%b/%Y:%H:%M:%S %z (default)
-; %T: time the log has been written (the request has finished)
-; it can accept a strftime(3) format:
-; %d/%b/%Y:%H:%M:%S %z (default)
-; %u: remote user
-;
-; Default: "%R - %u %t \"%m %r\" %s"
-;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%"
-
-; The log file for slow requests
-; Default Value: not set
-; Note: slowlog is mandatory if request_slowlog_timeout is set
-;slowlog = log/$pool.log.slow
-
-; The timeout for serving a single request after which a PHP backtrace will be
-; dumped to the 'slowlog' file. A value of '0s' means 'off'.
-; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
-; Default Value: 0
-;request_slowlog_timeout = 0
-
-; The timeout for serving a single request after which the worker process will
-; be killed. This option should be used when the 'max_execution_time' ini option
-; does not stop script execution for some reason. A value of '0' means 'off'.
-; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
-; Default Value: 0
-;request_terminate_timeout = 0
-
-; Set open file descriptor rlimit.
-; Default Value: system defined value
-;rlimit_files = 1024
-
-; Set max core size rlimit.
-; Possible Values: 'unlimited' or an integer greater or equal to 0
-; Default Value: system defined value
-;rlimit_core = 0
-
-; Chroot to this directory at the start. This value must be defined as an
-; absolute path. When this value is not set, chroot is not used.
-; Note: you can prefix with '$prefix' to chroot to the pool prefix or one
-; of its subdirectories. If the pool prefix is not set, the global prefix
-; will be used instead.
-; Note: chrooting is a great security feature and should be used whenever
-; possible. However, all PHP paths will be relative to the chroot
-; (error_log, sessions.save_path, ...).
-; Default Value: not set
-;chroot =
-
-; Chdir to this directory at the start.
-; Note: relative path can be used.
-; Default Value: current directory or / when chroot
-;chdir = /srv/http
-
-; Redirect worker stdout and stderr into main error log. If not set, stdout and
-; stderr will be redirected to /dev/null according to FastCGI specs.
-; Note: on highloaded environement, this can cause some delay in the page
-; process time (several ms).
-; Default Value: no
-;catch_workers_output = yes
-
-; Clear environment in FPM workers
-; Prevents arbitrary environment variables from reaching FPM worker processes
-; by clearing the environment in workers before env vars specified in this
-; pool configuration are added.
-; Setting to "no" will make all environment variables available to PHP code
-; via getenv(), $_ENV and $_SERVER.
-; Default Value: yes
-;clear_env = no
-
-; Limits the extensions of the main script FPM will allow to parse. This can
-; prevent configuration mistakes on the web server side. You should only limit
-; FPM to .php extensions to prevent malicious users to use other extensions to
-; exectute php code.
-; Note: set an empty value to allow all extensions.
-; Default Value: .php
-;security.limit_extensions = .php .php3 .php4 .php5
-
-; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from
-; the current environment.
-; Default Value: clean env
-;env[HOSTNAME] = $HOSTNAME
-;env[PATH] = /usr/local/bin:/usr/bin:/bin
-;env[TMP] = /tmp
-;env[TMPDIR] = /tmp
-;env[TEMP] = /tmp
-
-; Additional php.ini defines, specific to this pool of workers. These settings
-; overwrite the values previously defined in the php.ini. The directives are the
-; same as the PHP SAPI:
-; php_value/php_flag - you can set classic ini defines which can
-; be overwritten from PHP call 'ini_set'.
-; php_admin_value/php_admin_flag - these directives won't be overwritten by
-; PHP call 'ini_set'
-; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no.
-
-; Defining 'extension' will load the corresponding shared extension from
-; extension_dir. Defining 'disable_functions' or 'disable_classes' will not
-; overwrite previously defined php.ini values, but will append the new value
-; instead.
-
-; Note: path INI options can be relative and will be expanded with the prefix
-; (pool, global or /usr)
-
-; Default Value: nothing is defined by default except the values in php.ini and
-; specified at startup with the -d argument
-;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com
-;php_flag[display_errors] = off
-;php_admin_value[error_log] = /var/log/fpm-php.www.log
-;php_admin_flag[log_errors] = on
-;php_admin_value[memory_limit] = 32M
-
-[www-commonphp]
-user = www-commonphp
-group = www-commonphp
-listen = /run/php56-fpm/php-fpm-commonphp.sock
-listen.owner = www-nginx
-listen.group = www-nginx
-listen.mode = 0660
-pm = dynamic
-pm.max_children = 5
-pm.start_servers = 2
-pm.min_spare_servers = 1
-pm.max_spare_servers = 3
diff --git a/conf/anna/etc/php56/php.ini b/conf/anna/etc/php56/php.ini
deleted file mode 100644
index 307b2fc5fdcda33c666099e56335ef4bdde6161a..0000000000000000000000000000000000000000
--- a/conf/anna/etc/php56/php.ini
+++ /dev/null
@@ -1,1990 +0,0 @@
-[PHP]
-
-;;;;;;;;;;;;;;;;;;;
-; About php.ini ;
-;;;;;;;;;;;;;;;;;;;
-; PHP's initialization file, generally called php.ini, is responsible for
-; configuring many of the aspects of PHP's behavior.
-
-; PHP attempts to find and load this configuration from a number of locations.
-; The following is a summary of its search order:
-; 1. SAPI module specific location.
-; 2. The PHPRC environment variable. (As of PHP 5.2.0)
-; 3. A number of predefined registry keys on Windows (As of PHP 5.2.0)
-; 4. Current working directory (except CLI)
-; 5. The web server's directory (for SAPI modules), or directory of PHP
-; (otherwise in Windows)
-; 6. The directory from the --with-config-file-path compile time option, or the
-; Windows directory (C:\windows or C:\winnt)
-; See the PHP docs for more specific information.
-; http://php.net/configuration.file
-
-; The syntax of the file is extremely simple. Whitespace and lines
-; beginning with a semicolon are silently ignored (as you probably guessed).
-; Section headers (e.g. [Foo]) are also silently ignored, even though
-; they might mean something in the future.
-
-; Directives following the section heading [PATH=/www/mysite] only
-; apply to PHP files in the /www/mysite directory. Directives
-; following the section heading [HOST=www.example.com] only apply to
-; PHP files served from www.example.com. Directives set in these
-; special sections cannot be overridden by user-defined INI files or
-; at runtime. Currently, [PATH=] and [HOST=] sections only work under
-; CGI/FastCGI.
-; http://php.net/ini.sections
-
-; Directives are specified using the following syntax:
-; directive = value
-; Directive names are *case sensitive* - foo=bar is different from FOO=bar.
-; Directives are variables used to configure PHP or PHP extensions.
-; There is no name validation. If PHP can't find an expected
-; directive because it is not set or is mistyped, a default value will be used.
-
-; The value can be a string, a number, a PHP constant (e.g. E_ALL or M_PI), one
-; of the INI constants (On, Off, True, False, Yes, No and None) or an expression
-; (e.g. E_ALL & ~E_NOTICE), a quoted string ("bar"), or a reference to a
-; previously set variable or directive (e.g. ${foo})
-
-; Expressions in the INI file are limited to bitwise operators and parentheses:
-; | bitwise OR
-; ^ bitwise XOR
-; & bitwise AND
-; ~ bitwise NOT
-; ! boolean NOT
-
-; Boolean flags can be turned on using the values 1, On, True or Yes.
-; They can be turned off using the values 0, Off, False or No.
-
-; An empty string can be denoted by simply not writing anything after the equal
-; sign, or by using the None keyword:
-
-; foo = ; sets foo to an empty string
-; foo = None ; sets foo to an empty string
-; foo = "None" ; sets foo to the string 'None'
-
-; If you use constants in your value, and these constants belong to a
-; dynamically loaded extension (either a PHP extension or a Zend extension),
-; you may only use these constants *after* the line that loads the extension.
-
-;;;;;;;;;;;;;;;;;;;
-; About this file ;
-;;;;;;;;;;;;;;;;;;;
-; PHP comes packaged with two INI files. One that is recommended to be used
-; in production environments and one that is recommended to be used in
-; development environments.
-
-; php.ini-production contains settings which hold security, performance and
-; best practices at its core. But please be aware, these settings may break
-; compatibility with older or less security conscience applications. We
-; recommending using the production ini in production and testing environments.
-
-; php.ini-development is very similar to its production variant, except it is
-; much more verbose when it comes to errors. We recommend using the
-; development version only in development environments, as errors shown to
-; application users can inadvertently leak otherwise secure information.
-
-; This is php.ini-production INI file.
-
-;;;;;;;;;;;;;;;;;;;
-; Quick Reference ;
-;;;;;;;;;;;;;;;;;;;
-; The following are all the settings which are different in either the production
-; or development versions of the INIs with respect to PHP's default behavior.
-; Please see the actual settings later in the document for more details as to why
-; we recommend these changes in PHP's behavior.
-
-; display_errors
-; Default Value: On
-; Development Value: On
-; Production Value: Off
-
-; display_startup_errors
-; Default Value: Off
-; Development Value: On
-; Production Value: Off
-
-; error_reporting
-; Default Value: E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED
-; Development Value: E_ALL
-; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT
-
-; html_errors
-; Default Value: On
-; Development Value: On
-; Production value: On
-
-; log_errors
-; Default Value: Off
-; Development Value: On
-; Production Value: On
-
-; max_input_time
-; Default Value: -1 (Unlimited)
-; Development Value: 60 (60 seconds)
-; Production Value: 60 (60 seconds)
-
-; output_buffering
-; Default Value: Off
-; Development Value: 4096
-; Production Value: 4096
-
-; register_argc_argv
-; Default Value: On
-; Development Value: Off
-; Production Value: Off
-
-; request_order
-; Default Value: None
-; Development Value: "GP"
-; Production Value: "GP"
-
-; session.gc_divisor
-; Default Value: 100
-; Development Value: 1000
-; Production Value: 1000
-
-; session.hash_bits_per_character
-; Default Value: 4
-; Development Value: 5
-; Production Value: 5
-
-; short_open_tag
-; Default Value: On
-; Development Value: Off
-; Production Value: Off
-
-; track_errors
-; Default Value: Off
-; Development Value: On
-; Production Value: Off
-
-; url_rewriter.tags
-; Default Value: "a=href,area=href,frame=src,form=,fieldset="
-; Development Value: "a=href,area=href,frame=src,input=src,form=fakeentry"
-; Production Value: "a=href,area=href,frame=src,input=src,form=fakeentry"
-
-; variables_order
-; Default Value: "EGPCS"
-; Development Value: "GPCS"
-; Production Value: "GPCS"
-
-;;;;;;;;;;;;;;;;;;;;
-; php.ini Options ;
-;;;;;;;;;;;;;;;;;;;;
-; Name for user-defined php.ini (.htaccess) files. Default is ".user.ini"
-;user_ini.filename = ".user.ini"
-
-; To disable this feature set this option to empty value
-;user_ini.filename =
-
-; TTL for user-defined php.ini files (time-to-live) in seconds. Default is 300 seconds (5 minutes)
-;user_ini.cache_ttl = 300
-
-;;;;;;;;;;;;;;;;;;;;
-; Language Options ;
-;;;;;;;;;;;;;;;;;;;;
-
-; Enable the PHP scripting language engine under Apache.
-; http://php.net/engine
-engine = On
-
-; This directive determines whether or not PHP will recognize code between
-; <? and ?> tags as PHP source which should be processed as such. It is
-; generally recommended that <?php and ?> should be used and that this feature
-; should be disabled, as enabling it may result in issues when generating XML
-; documents, however this remains supported for backward compatibility reasons.
-; Note that this directive does not control the <?= shorthand tag, which can be
-; used regardless of this directive.
-; Default Value: On
-; Development Value: Off
-; Production Value: Off
-; http://php.net/short-open-tag
-short_open_tag = Off
-
-; Allow ASP-style <% %> tags.
-; http://php.net/asp-tags
-asp_tags = Off
-
-; The number of significant digits displayed in floating point numbers.
-; http://php.net/precision
-precision = 14
-
-; Output buffering is a mechanism for controlling how much output data
-; (excluding headers and cookies) PHP should keep internally before pushing that
-; data to the client. If your application's output exceeds this setting, PHP
-; will send that data in chunks of roughly the size you specify.
-; Turning on this setting and managing its maximum buffer size can yield some
-; interesting side-effects depending on your application and web server.
-; You may be able to send headers and cookies after you've already sent output
-; through print or echo. You also may see performance benefits if your server is
-; emitting less packets due to buffered output versus PHP streaming the output
-; as it gets it. On production servers, 4096 bytes is a good setting for performance
-; reasons.
-; Note: Output buffering can also be controlled via Output Buffering Control
-; functions.
-; Possible Values:
-; On = Enabled and buffer is unlimited. (Use with caution)
-; Off = Disabled
-; Integer = Enables the buffer and sets its maximum size in bytes.
-; Note: This directive is hardcoded to Off for the CLI SAPI
-; Default Value: Off
-; Development Value: 4096
-; Production Value: 4096
-; http://php.net/output-buffering
-output_buffering = 4096
-
-; You can redirect all of the output of your scripts to a function. For
-; example, if you set output_handler to "mb_output_handler", character
-; encoding will be transparently converted to the specified encoding.
-; Setting any output handler automatically turns on output buffering.
-; Note: People who wrote portable scripts should not depend on this ini
-; directive. Instead, explicitly set the output handler using ob_start().
-; Using this ini directive may cause problems unless you know what script
-; is doing.
-; Note: You cannot use both "mb_output_handler" with "ob_iconv_handler"
-; and you cannot use both "ob_gzhandler" and "zlib.output_compression".
-; Note: output_handler must be empty if this is set 'On' !!!!
-; Instead you must use zlib.output_handler.
-; http://php.net/output-handler
-;output_handler =
-
-; Transparent output compression using the zlib library
-; Valid values for this option are 'off', 'on', or a specific buffer size
-; to be used for compression (default is 4KB)
-; Note: Resulting chunk size may vary due to nature of compression. PHP
-; outputs chunks that are few hundreds bytes each as a result of
-; compression. If you prefer a larger chunk size for better
-; performance, enable output_buffering in addition.
-; Note: You need to use zlib.output_handler instead of the standard
-; output_handler, or otherwise the output will be corrupted.
-; http://php.net/zlib.output-compression
-zlib.output_compression = Off
-
-; http://php.net/zlib.output-compression-level
-;zlib.output_compression_level = -1
-
-; You cannot specify additional output handlers if zlib.output_compression
-; is activated here. This setting does the same as output_handler but in
-; a different order.
-; http://php.net/zlib.output-handler
-;zlib.output_handler =
-
-; Implicit flush tells PHP to tell the output layer to flush itself
-; automatically after every output block. This is equivalent to calling the
-; PHP function flush() after each and every call to print() or echo() and each
-; and every HTML block. Turning this option on has serious performance
-; implications and is generally recommended for debugging purposes only.
-; http://php.net/implicit-flush
-; Note: This directive is hardcoded to On for the CLI SAPI
-implicit_flush = Off
-
-; The unserialize callback function will be called (with the undefined class'
-; name as parameter), if the unserializer finds an undefined class
-; which should be instantiated. A warning appears if the specified function is
-; not defined, or if the function doesn't include/implement the missing class.
-; So only set this entry, if you really want to implement such a
-; callback-function.
-unserialize_callback_func =
-
-; When floats & doubles are serialized store serialize_precision significant
-; digits after the floating point. The default value ensures that when floats
-; are decoded with unserialize, the data will remain the same.
-serialize_precision = 17
-
-; open_basedir, if set, limits all file operations to the defined directory
-; and below. This directive makes most sense if used in a per-directory
-; or per-virtualhost web server configuration file.
-; http://php.net/open-basedir
-; open_basedir = /srv/www/sybila:/tmp
-
-; This directive allows you to disable certain functions for security reasons.
-; It receives a comma-delimited list of function names.
-; http://php.net/disable-functions
-disable_functions =
-
-; This directive allows you to disable certain classes for security reasons.
-; It receives a comma-delimited list of class names.
-; http://php.net/disable-classes
-disable_classes =
-
-; Colors for Syntax Highlighting mode. Anything that's acceptable in
-; <span style="color: ???????"> would work.
-; http://php.net/syntax-highlighting
-;highlight.string = #DD0000
-;highlight.comment = #FF9900
-;highlight.keyword = #007700
-;highlight.default = #0000BB
-;highlight.html = #000000
-
-; If enabled, the request will be allowed to complete even if the user aborts
-; the request. Consider enabling it if executing long requests, which may end up
-; being interrupted by the user or a browser timing out. PHP's default behavior
-; is to disable this feature.
-; http://php.net/ignore-user-abort
-;ignore_user_abort = On
-
-; Determines the size of the realpath cache to be used by PHP. This value should
-; be increased on systems where PHP opens many files to reflect the quantity of
-; the file operations performed.
-; http://php.net/realpath-cache-size
-;realpath_cache_size = 16k
-
-; Duration of time, in seconds for which to cache realpath information for a given
-; file or directory. For systems with rarely changing files, consider increasing this
-; value.
-; http://php.net/realpath-cache-ttl
-;realpath_cache_ttl = 120
-
-; Enables or disables the circular reference collector.
-; http://php.net/zend.enable-gc
-zend.enable_gc = On
-
-; If enabled, scripts may be written in encodings that are incompatible with
-; the scanner. CP936, Big5, CP949 and Shift_JIS are the examples of such
-; encodings. To use this feature, mbstring extension must be enabled.
-; Default: Off
-;zend.multibyte = Off
-
-; Allows to set the default encoding for the scripts. This value will be used
-; unless "declare(encoding=...)" directive appears at the top of the script.
-; Only affects if zend.multibyte is set.
-; Default: ""
-;zend.script_encoding =
-
-;;;;;;;;;;;;;;;;;
-; Miscellaneous ;
-;;;;;;;;;;;;;;;;;
-
-; Decides whether PHP may expose the fact that it is installed on the server
-; (e.g. by adding its signature to the Web server header). It is no security
-; threat in any way, but it makes it possible to determine whether you use PHP
-; on your server or not.
-; http://php.net/expose-php
-expose_php = On
-
-;;;;;;;;;;;;;;;;;;;
-; Resource Limits ;
-;;;;;;;;;;;;;;;;;;;
-
-; Maximum execution time of each script, in seconds
-; http://php.net/max-execution-time
-; Note: This directive is hardcoded to 0 for the CLI SAPI
-max_execution_time = 30
-
-; Maximum amount of time each script may spend parsing request data. It's a good
-; idea to limit this time on productions servers in order to eliminate unexpectedly
-; long running scripts.
-; Note: This directive is hardcoded to -1 for the CLI SAPI
-; Default Value: -1 (Unlimited)
-; Development Value: 60 (60 seconds)
-; Production Value: 60 (60 seconds)
-; http://php.net/max-input-time
-max_input_time = 60
-
-; Maximum input variable nesting level
-; http://php.net/max-input-nesting-level
-;max_input_nesting_level = 64
-
-; How many GET/POST/COOKIE input variables may be accepted
-; max_input_vars = 1000
-
-; Maximum amount of memory a script may consume (128MB)
-; http://php.net/memory-limit
-memory_limit = 128M
-
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-; Error handling and logging ;
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-
-; This directive informs PHP of which errors, warnings and notices you would like
-; it to take action for. The recommended way of setting values for this
-; directive is through the use of the error level constants and bitwise
-; operators. The error level constants are below here for convenience as well as
-; some common settings and their meanings.
-; By default, PHP is set to take action on all errors, notices and warnings EXCEPT
-; those related to E_NOTICE and E_STRICT, which together cover best practices and
-; recommended coding standards in PHP. For performance reasons, this is the
-; recommend error reporting setting. Your production server shouldn't be wasting
-; resources complaining about best practices and coding standards. That's what
-; development servers and development settings are for.
-; Note: The php.ini-development file has this setting as E_ALL. This
-; means it pretty much reports everything which is exactly what you want during
-; development and early testing.
-;
-; Error Level Constants:
-; E_ALL - All errors and warnings (includes E_STRICT as of PHP 5.4.0)
-; E_ERROR - fatal run-time errors
-; E_RECOVERABLE_ERROR - almost fatal run-time errors
-; E_WARNING - run-time warnings (non-fatal errors)
-; E_PARSE - compile-time parse errors
-; E_NOTICE - run-time notices (these are warnings which often result
-; from a bug in your code, but it's possible that it was
-; intentional (e.g., using an uninitialized variable and
-; relying on the fact it is automatically initialized to an
-; empty string)
-; E_STRICT - run-time notices, enable to have PHP suggest changes
-; to your code which will ensure the best interoperability
-; and forward compatibility of your code
-; E_CORE_ERROR - fatal errors that occur during PHP's initial startup
-; E_CORE_WARNING - warnings (non-fatal errors) that occur during PHP's
-; initial startup
-; E_COMPILE_ERROR - fatal compile-time errors
-; E_COMPILE_WARNING - compile-time warnings (non-fatal errors)
-; E_USER_ERROR - user-generated error message
-; E_USER_WARNING - user-generated warning message
-; E_USER_NOTICE - user-generated notice message
-; E_DEPRECATED - warn about code that will not work in future versions
-; of PHP
-; E_USER_DEPRECATED - user-generated deprecation warnings
-;
-; Common Values:
-; E_ALL (Show all errors, warnings and notices including coding standards.)
-; E_ALL & ~E_NOTICE (Show all errors, except for notices)
-; E_ALL & ~E_NOTICE & ~E_STRICT (Show all errors, except for notices and coding standards warnings.)
-; E_COMPILE_ERROR|E_RECOVERABLE_ERROR|E_ERROR|E_CORE_ERROR (Show only errors)
-; Default Value: E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED
-; Development Value: E_ALL
-; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT
-; http://php.net/error-reporting
-error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
-
-; This directive controls whether or not and where PHP will output errors,
-; notices and warnings too. Error output is very useful during development, but
-; it could be very dangerous in production environments. Depending on the code
-; which is triggering the error, sensitive information could potentially leak
-; out of your application such as database usernames and passwords or worse.
-; For production environments, we recommend logging errors rather than
-; sending them to STDOUT.
-; Possible Values:
-; Off = Do not display any errors
-; stderr = Display errors to STDERR (affects only CGI/CLI binaries!)
-; On or stdout = Display errors to STDOUT
-; Default Value: On
-; Development Value: On
-; Production Value: Off
-; http://php.net/display-errors
-display_errors = Off
-
-; The display of errors which occur during PHP's startup sequence are handled
-; separately from display_errors. PHP's default behavior is to suppress those
-; errors from clients. Turning the display of startup errors on can be useful in
-; debugging configuration problems. We strongly recommend you
-; set this to 'off' for production servers.
-; Default Value: Off
-; Development Value: On
-; Production Value: Off
-; http://php.net/display-startup-errors
-display_startup_errors = Off
-
-; Besides displaying errors, PHP can also log errors to locations such as a
-; server-specific log, STDERR, or a location specified by the error_log
-; directive found below. While errors should not be displayed on productions
-; servers they should still be monitored and logging is a great way to do that.
-; Default Value: Off
-; Development Value: On
-; Production Value: On
-; http://php.net/log-errors
-log_errors = On
-
-; Set maximum length of log_errors. In error_log information about the source is
-; added. The default is 1024 and 0 allows to not apply any maximum length at all.
-; http://php.net/log-errors-max-len
-log_errors_max_len = 1024
-
-; Do not log repeated messages. Repeated errors must occur in same file on same
-; line unless ignore_repeated_source is set true.
-; http://php.net/ignore-repeated-errors
-ignore_repeated_errors = Off
-
-; Ignore source of message when ignoring repeated messages. When this setting
-; is On you will not log errors with repeated messages from different files or
-; source lines.
-; http://php.net/ignore-repeated-source
-ignore_repeated_source = Off
-
-; If this parameter is set to Off, then memory leaks will not be shown (on
-; stdout or in the log). This has only effect in a debug compile, and if
-; error reporting includes E_WARNING in the allowed list
-; http://php.net/report-memleaks
-report_memleaks = On
-
-; This setting is on by default.
-;report_zend_debug = 0
-
-; Store the last error/warning message in $php_errormsg (boolean). Setting this value
-; to On can assist in debugging and is appropriate for development servers. It should
-; however be disabled on production servers.
-; Default Value: Off
-; Development Value: On
-; Production Value: Off
-; http://php.net/track-errors
-track_errors = Off
-
-; Turn off normal error reporting and emit XML-RPC error XML
-; http://php.net/xmlrpc-errors
-;xmlrpc_errors = 0
-
-; An XML-RPC faultCode
-;xmlrpc_error_number = 0
-
-; When PHP displays or logs an error, it has the capability of formatting the
-; error message as HTML for easier reading. This directive controls whether
-; the error message is formatted as HTML or not.
-; Note: This directive is hardcoded to Off for the CLI SAPI
-; Default Value: On
-; Development Value: On
-; Production value: On
-; http://php.net/html-errors
-html_errors = On
-
-; If html_errors is set to On *and* docref_root is not empty, then PHP
-; produces clickable error messages that direct to a page describing the error
-; or function causing the error in detail.
-; You can download a copy of the PHP manual from http://php.net/docs
-; and change docref_root to the base URL of your local copy including the
-; leading '/'. You must also specify the file extension being used including
-; the dot. PHP's default behavior is to leave these settings empty, in which
-; case no links to documentation are generated.
-; Note: Never use this feature for production boxes.
-; http://php.net/docref-root
-; Examples
-;docref_root = "/phpmanual/"
-
-; http://php.net/docref-ext
-;docref_ext = .html
-
-; String to output before an error message. PHP's default behavior is to leave
-; this setting blank.
-; http://php.net/error-prepend-string
-; Example:
-;error_prepend_string = "<span style='color: #ff0000'>"
-
-; String to output after an error message. PHP's default behavior is to leave
-; this setting blank.
-; http://php.net/error-append-string
-; Example:
-;error_append_string = "</span>"
-
-; Log errors to specified file. PHP's default behavior is to leave this value
-; empty.
-; http://php.net/error-log
-; Example:
-;error_log = php_errors.log
-; Log errors to syslog (Event Log on Windows).
-;error_log = syslog
-
-;windows.show_crt_warning
-; Default value: 0
-; Development value: 0
-; Production value: 0
-
-;;;;;;;;;;;;;;;;;
-; Data Handling ;
-;;;;;;;;;;;;;;;;;
-
-; The separator used in PHP generated URLs to separate arguments.
-; PHP's default setting is "&".
-; http://php.net/arg-separator.output
-; Example:
-;arg_separator.output = "&"
-
-; List of separator(s) used by PHP to parse input URLs into variables.
-; PHP's default setting is "&".
-; NOTE: Every character in this directive is considered as separator!
-; http://php.net/arg-separator.input
-; Example:
-;arg_separator.input = ";&"
-
-; This directive determines which super global arrays are registered when PHP
-; starts up. G,P,C,E & S are abbreviations for the following respective super
-; globals: GET, POST, COOKIE, ENV and SERVER. There is a performance penalty
-; paid for the registration of these arrays and because ENV is not as commonly
-; used as the others, ENV is not recommended on productions servers. You
-; can still get access to the environment variables through getenv() should you
-; need to.
-; Default Value: "EGPCS"
-; Development Value: "GPCS"
-; Production Value: "GPCS";
-; http://php.net/variables-order
-variables_order = "GPCS"
-
-; This directive determines which super global data (G,P & C) should be
-; registered into the super global array REQUEST. If so, it also determines
-; the order in which that data is registered. The values for this directive
-; are specified in the same manner as the variables_order directive,
-; EXCEPT one. Leaving this value empty will cause PHP to use the value set
-; in the variables_order directive. It does not mean it will leave the super
-; globals array REQUEST empty.
-; Default Value: None
-; Development Value: "GP"
-; Production Value: "GP"
-; http://php.net/request-order
-request_order = "GP"
-
-; This directive determines whether PHP registers $argv & $argc each time it
-; runs. $argv contains an array of all the arguments passed to PHP when a script
-; is invoked. $argc contains an integer representing the number of arguments
-; that were passed when the script was invoked. These arrays are extremely
-; useful when running scripts from the command line. When this directive is
-; enabled, registering these variables consumes CPU cycles and memory each time
-; a script is executed. For performance reasons, this feature should be disabled
-; on production servers.
-; Note: This directive is hardcoded to On for the CLI SAPI
-; Default Value: On
-; Development Value: Off
-; Production Value: Off
-; http://php.net/register-argc-argv
-register_argc_argv = Off
-
-; When enabled, the ENV, REQUEST and SERVER variables are created when they're
-; first used (Just In Time) instead of when the script starts. If these
-; variables are not used within a script, having this directive on will result
-; in a performance gain. The PHP directive register_argc_argv must be disabled
-; for this directive to have any affect.
-; http://php.net/auto-globals-jit
-auto_globals_jit = On
-
-; Whether PHP will read the POST data.
-; This option is enabled by default.
-; Most likely, you won't want to disable this option globally. It causes $_POST
-; and $_FILES to always be empty; the only way you will be able to read the
-; POST data will be through the php://input stream wrapper. This can be useful
-; to proxy requests or to process the POST data in a memory efficient fashion.
-; http://php.net/enable-post-data-reading
-;enable_post_data_reading = Off
-
-; Maximum size of POST data that PHP will accept.
-; Its value may be 0 to disable the limit. It is ignored if POST data reading
-; is disabled through enable_post_data_reading.
-; http://php.net/post-max-size
-post_max_size = 8M
-
-; Automatically add files before PHP document.
-; http://php.net/auto-prepend-file
-auto_prepend_file =
-
-; Automatically add files after PHP document.
-; http://php.net/auto-append-file
-auto_append_file =
-
-; By default, PHP will output a media type using the Content-Type header. To
-; disable this, simply set it to be empty.
-;
-; PHP's built-in default media type is set to text/html.
-; http://php.net/default-mimetype
-default_mimetype = "text/html"
-
-; PHP's default character set is set to UTF-8.
-; http://php.net/default-charset
-default_charset = "UTF-8"
-
-; PHP internal character encoding is set to empty.
-; If empty, default_charset is used.
-; http://php.net/internal-encoding
-;internal_encoding =
-
-; PHP input character encoding is set to empty.
-; If empty, default_charset is used.
-; http://php.net/input-encoding
-;input_encoding =
-
-; PHP output character encoding is set to empty.
-; If empty, default_charset is used.
-; mbstring or iconv output handler is used.
-; See also output_buffer.
-; http://php.net/output-encoding
-;output_encoding =
-
-; Always populate the $HTTP_RAW_POST_DATA variable. PHP's default behavior is
-; to disable this feature and it will be removed in a future version.
-; If post reading is disabled through enable_post_data_reading,
-; $HTTP_RAW_POST_DATA is *NOT* populated.
-; http://php.net/always-populate-raw-post-data
-;always_populate_raw_post_data = -1
-
-;;;;;;;;;;;;;;;;;;;;;;;;;
-; Paths and Directories ;
-;;;;;;;;;;;;;;;;;;;;;;;;;
-
-; UNIX: "/path1:/path2"
-include_path = ".:/usr/share/php56/pear"
-;
-; Windows: "\path1;\path2"
-;include_path = ".;c:\php\includes"
-;
-; PHP's default setting for include_path is ".;/path/to/php/pear"
-; http://php.net/include-path
-
-; The root of the PHP pages, used only if nonempty.
-; if PHP was not compiled with FORCE_REDIRECT, you SHOULD set doc_root
-; if you are running php as a CGI under any web server (other than IIS)
-; see documentation for security issues. The alternate is to use the
-; cgi.force_redirect configuration below
-; http://php.net/doc-root
-doc_root =
-
-; The directory under which PHP opens the script using /~username used only
-; if nonempty.
-; http://php.net/user-dir
-user_dir =
-
-; Directory in which the loadable extensions (modules) reside.
-; http://php.net/extension-dir
-extension_dir = "/usr/lib/php56/modules/"
-; On windows:
-; extension_dir = "ext"
-
-; Directory where the temporary files should be placed.
-; Defaults to the system default (see sys_get_temp_dir)
-; sys_temp_dir = "/tmp"
-
-; Whether or not to enable the dl() function. The dl() function does NOT work
-; properly in multithreaded servers, such as IIS or Zeus, and is automatically
-; disabled on them.
-; http://php.net/enable-dl
-enable_dl = Off
-
-; cgi.force_redirect is necessary to provide security running PHP as a CGI under
-; most web servers. Left undefined, PHP turns this on by default. You can
-; turn it off here AT YOUR OWN RISK
-; **You CAN safely turn this off for IIS, in fact, you MUST.**
-; http://php.net/cgi.force-redirect
-;cgi.force_redirect = 1
-
-; if cgi.nph is enabled it will force cgi to always sent Status: 200 with
-; every request. PHP's default behavior is to disable this feature.
-;cgi.nph = 1
-
-; if cgi.force_redirect is turned on, and you are not running under Apache or Netscape
-; (iPlanet) web servers, you MAY need to set an environment variable name that PHP
-; will look for to know it is OK to continue execution. Setting this variable MAY
-; cause security issues, KNOW WHAT YOU ARE DOING FIRST.
-; http://php.net/cgi.redirect-status-env
-;cgi.redirect_status_env =
-
-; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI. PHP's
-; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok
-; what PATH_INFO is. For more information on PATH_INFO, see the cgi specs. Setting
-; this to 1 will cause PHP CGI to fix its paths to conform to the spec. A setting
-; of zero causes PHP to behave as before. Default is 1. You should fix your scripts
-; to use SCRIPT_FILENAME rather than PATH_TRANSLATED.
-; http://php.net/cgi.fix-pathinfo
-;cgi.fix_pathinfo=1
-
-; FastCGI under IIS (on WINNT based OS) supports the ability to impersonate
-; security tokens of the calling client. This allows IIS to define the
-; security context that the request runs under. mod_fastcgi under Apache
-; does not currently support this feature (03/17/2002)
-; Set to 1 if running under IIS. Default is zero.
-; http://php.net/fastcgi.impersonate
-;fastcgi.impersonate = 1
-
-; Disable logging through FastCGI connection. PHP's default behavior is to enable
-; this feature.
-;fastcgi.logging = 0
-
-; cgi.rfc2616_headers configuration option tells PHP what type of headers to
-; use when sending HTTP response code. If set to 0, PHP sends Status: header that
-; is supported by Apache. When this option is set to 1, PHP will send
-; RFC2616 compliant header.
-; Default is zero.
-; http://php.net/cgi.rfc2616-headers
-;cgi.rfc2616_headers = 0
-
-;;;;;;;;;;;;;;;;
-; File Uploads ;
-;;;;;;;;;;;;;;;;
-
-; Whether to allow HTTP file uploads.
-; http://php.net/file-uploads
-file_uploads = On
-
-; Temporary directory for HTTP uploaded files (will use system default if not
-; specified).
-; http://php.net/upload-tmp-dir
-;upload_tmp_dir =
-
-; Maximum allowed size for uploaded files.
-; http://php.net/upload-max-filesize
-upload_max_filesize = 2M
-
-; Maximum number of files that can be uploaded via a single request
-max_file_uploads = 20
-
-;;;;;;;;;;;;;;;;;;
-; Fopen wrappers ;
-;;;;;;;;;;;;;;;;;;
-
-; Whether to allow the treatment of URLs (like http:// or ftp://) as files.
-; http://php.net/allow-url-fopen
-allow_url_fopen = On
-
-; Whether to allow include/require to open URLs (like http:// or ftp://) as files.
-; http://php.net/allow-url-include
-allow_url_include = Off
-
-; Define the anonymous ftp password (your email address). PHP's default setting
-; for this is empty.
-; http://php.net/from
-;from="john@doe.com"
-
-; Define the User-Agent string. PHP's default setting for this is empty.
-; http://php.net/user-agent
-;user_agent="PHP"
-
-; Default timeout for socket based streams (seconds)
-; http://php.net/default-socket-timeout
-default_socket_timeout = 60
-
-; If your scripts have to deal with files from Macintosh systems,
-; or you are running on a Mac and need to deal with files from
-; unix or win32 systems, setting this flag will cause PHP to
-; automatically detect the EOL character in those files so that
-; fgets() and file() will work regardless of the source of the file.
-; http://php.net/auto-detect-line-endings
-;auto_detect_line_endings = Off
-
-;;;;;;;;;;;;;;;;;;;;;;
-; Dynamic Extensions ;
-;;;;;;;;;;;;;;;;;;;;;;
-
-; If you wish to have an extension loaded automatically, use the following
-; syntax:
-;
-; extension=modulename.extension
-;
-; For example, on Windows:
-;
-; extension=msql.dll
-;
-; ... or under UNIX:
-;
-; extension=msql.so
-;
-; ... or with a path:
-;
-; extension=/path/to/extension/msql.so
-;
-; If you only provide the name of the extension, PHP will look for it in its
-; default extension directory.
-;
-;extension=bcmath.so
-;extension=bz2.so
-;extension=calendar.so
-extension=curl.so
-;extension=dba.so
-;extension=enchant.so
-;extension=exif.so
-;extension=ftp.so
-;extension=gd.so
-extension=gettext.so
-;extension=gmp.so
-;extension=iconv.so
-;extension=imap.so
-;extension=intl.so
-;extension=ldap.so
-;extension=mcrypt.so
-;extension=mssql.so
-;extension=mysql.so
-;extension=mysqli.so
-;extension=odbc.so
-;zend_extension=opcache.so
-;extension=openssl.so
-;extension=pdo_mysql.so
-;extension=pdo_odbc.so
-;extension=pdo_pgsql.so
-;extension=pdo_sqlite.so
-;extension=pgsql.so
-;extension=phar.so
-;extension=posix.so
-;extension=pspell.so
-;extension=shmop.so
-;extension=snmp.so
-;extension=soap.so
-;extension=sockets.so
-;extension=sqlite3.so
-;extension=sysvmsg.so
-;extension=sysvsem.so
-;extension=sysvshm.so
-;extension=tidy.so
-;extension=xmlrpc.so
-;extension=xsl.so
-;extension=zip.so
-
-;;;;;;;;;;;;;;;;;;;
-; Module Settings ;
-;;;;;;;;;;;;;;;;;;;
-
-[CLI Server]
-; Whether the CLI web server uses ANSI color coding in its terminal output.
-cli_server.color = On
-
-[Date]
-; Defines the default timezone used by the date functions
-; http://php.net/date.timezone
-;date.timezone =
-
-; http://php.net/date.default-latitude
-;date.default_latitude = 31.7667
-
-; http://php.net/date.default-longitude
-;date.default_longitude = 35.2333
-
-; http://php.net/date.sunrise-zenith
-;date.sunrise_zenith = 90.583333
-
-; http://php.net/date.sunset-zenith
-;date.sunset_zenith = 90.583333
-
-[filter]
-; http://php.net/filter.default
-;filter.default = unsafe_raw
-
-; http://php.net/filter.default-flags
-;filter.default_flags =
-
-[iconv]
-; Use of this INI entry is deprecated, use global input_encoding instead.
-; If empty, default_charset or input_encoding or iconv.input_encoding is used.
-; The precedence is: default_charset < intput_encoding < iconv.input_encoding
-;iconv.input_encoding =
-
-; Use of this INI entry is deprecated, use global internal_encoding instead.
-; If empty, default_charset or internal_encoding or iconv.internal_encoding is used.
-; The precedence is: default_charset < internal_encoding < iconv.internal_encoding
-;iconv.internal_encoding =
-
-; Use of this INI entry is deprecated, use global output_encoding instead.
-; If empty, default_charset or output_encoding or iconv.output_encoding is used.
-; The precedence is: default_charset < output_encoding < iconv.output_encoding
-; To use an output encoding conversion, iconv's output handler must be set
-; otherwise output encoding conversion cannot be performed.
-;iconv.output_encoding =
-
-[intl]
-;intl.default_locale =
-; This directive allows you to produce PHP errors when some error
-; happens within intl functions. The value is the level of the error produced.
-; Default is 0, which does not produce any errors.
-;intl.error_level = E_WARNING
-
-[sqlite3]
-;sqlite3.extension_dir =
-
-[Pcre]
-;PCRE library backtracking limit.
-; http://php.net/pcre.backtrack-limit
-;pcre.backtrack_limit=100000
-
-;PCRE library recursion limit.
-;Please note that if you set this value to a high number you may consume all
-;the available process stack and eventually crash PHP (due to reaching the
-;stack size limit imposed by the Operating System).
-; http://php.net/pcre.recursion-limit
-;pcre.recursion_limit=100000
-
-[Pdo]
-; Whether to pool ODBC connections. Can be one of "strict", "relaxed" or "off"
-; http://php.net/pdo-odbc.connection-pooling
-;pdo_odbc.connection_pooling=strict
-
-;pdo_odbc.db2_instance_name
-
-[Pdo_mysql]
-; If mysqlnd is used: Number of cache slots for the internal result set cache
-; http://php.net/pdo_mysql.cache_size
-pdo_mysql.cache_size = 2000
-
-; Default socket name for local MySQL connects. If empty, uses the built-in
-; MySQL defaults.
-; http://php.net/pdo_mysql.default-socket
-pdo_mysql.default_socket=
-
-[Phar]
-; http://php.net/phar.readonly
-;phar.readonly = On
-
-; http://php.net/phar.require-hash
-;phar.require_hash = On
-
-;phar.cache_list =
-
-[mail function]
-; For Win32 only.
-; http://php.net/smtp
-SMTP = localhost
-; http://php.net/smtp-port
-smtp_port = 25
-
-; For Win32 only.
-; http://php.net/sendmail-from
-;sendmail_from = me@example.com
-
-; For Unix only. You may supply arguments as well (default: "sendmail -t -i").
-; http://php.net/sendmail-path
-;sendmail_path =
-
-; Force the addition of the specified parameters to be passed as extra parameters
-; to the sendmail binary. These parameters will always replace the value of
-; the 5th parameter to mail().
-;mail.force_extra_parameters =
-
-; Add X-PHP-Originating-Script: that will include uid of the script followed by the filename
-mail.add_x_header = On
-
-; The path to a log file that will log all mail() calls. Log entries include
-; the full path of the script, line number, To address and headers.
-;mail.log =
-; Log mail to syslog (Event Log on Windows).
-;mail.log = syslog
-
-[SQL]
-; http://php.net/sql.safe-mode
-sql.safe_mode = Off
-
-[ODBC]
-; http://php.net/odbc.default-db
-;odbc.default_db = Not yet implemented
-
-; http://php.net/odbc.default-user
-;odbc.default_user = Not yet implemented
-
-; http://php.net/odbc.default-pw
-;odbc.default_pw = Not yet implemented
-
-; Controls the ODBC cursor model.
-; Default: SQL_CURSOR_STATIC (default).
-;odbc.default_cursortype
-
-; Allow or prevent persistent links.
-; http://php.net/odbc.allow-persistent
-odbc.allow_persistent = On
-
-; Check that a connection is still valid before reuse.
-; http://php.net/odbc.check-persistent
-odbc.check_persistent = On
-
-; Maximum number of persistent links. -1 means no limit.
-; http://php.net/odbc.max-persistent
-odbc.max_persistent = -1
-
-; Maximum number of links (persistent + non-persistent). -1 means no limit.
-; http://php.net/odbc.max-links
-odbc.max_links = -1
-
-; Handling of LONG fields. Returns number of bytes to variables. 0 means
-; passthru.
-; http://php.net/odbc.defaultlrl
-odbc.defaultlrl = 4096
-
-; Handling of binary data. 0 means passthru, 1 return as is, 2 convert to char.
-; See the documentation on odbc_binmode and odbc_longreadlen for an explanation
-; of odbc.defaultlrl and odbc.defaultbinmode
-; http://php.net/odbc.defaultbinmode
-odbc.defaultbinmode = 1
-
-;birdstep.max_links = -1
-
-[Interbase]
-; Allow or prevent persistent links.
-ibase.allow_persistent = 1
-
-; Maximum number of persistent links. -1 means no limit.
-ibase.max_persistent = -1
-
-; Maximum number of links (persistent + non-persistent). -1 means no limit.
-ibase.max_links = -1
-
-; Default database name for ibase_connect().
-;ibase.default_db =
-
-; Default username for ibase_connect().
-;ibase.default_user =
-
-; Default password for ibase_connect().
-;ibase.default_password =
-
-; Default charset for ibase_connect().
-;ibase.default_charset =
-
-; Default timestamp format.
-ibase.timestampformat = "%Y-%m-%d %H:%M:%S"
-
-; Default date format.
-ibase.dateformat = "%Y-%m-%d"
-
-; Default time format.
-ibase.timeformat = "%H:%M:%S"
-
-[MySQL]
-; Allow accessing, from PHP's perspective, local files with LOAD DATA statements
-; http://php.net/mysql.allow_local_infile
-mysql.allow_local_infile = On
-
-; Allow or prevent persistent links.
-; http://php.net/mysql.allow-persistent
-mysql.allow_persistent = On
-
-; If mysqlnd is used: Number of cache slots for the internal result set cache
-; http://php.net/mysql.cache_size
-mysql.cache_size = 2000
-
-; Maximum number of persistent links. -1 means no limit.
-; http://php.net/mysql.max-persistent
-mysql.max_persistent = -1
-
-; Maximum number of links (persistent + non-persistent). -1 means no limit.
-; http://php.net/mysql.max-links
-mysql.max_links = -1
-
-; Default port number for mysql_connect(). If unset, mysql_connect() will use
-; the $MYSQL_TCP_PORT or the mysql-tcp entry in /etc/services or the
-; compile-time value defined MYSQL_PORT (in that order). Win32 will only look
-; at MYSQL_PORT.
-; http://php.net/mysql.default-port
-mysql.default_port =
-
-; Default socket name for local MySQL connects. If empty, uses the built-in
-; MySQL defaults.
-; http://php.net/mysql.default-socket
-mysql.default_socket =
-
-; Default host for mysql_connect() (doesn't apply in safe mode).
-; http://php.net/mysql.default-host
-mysql.default_host =
-
-; Default user for mysql_connect() (doesn't apply in safe mode).
-; http://php.net/mysql.default-user
-mysql.default_user =
-
-; Default password for mysql_connect() (doesn't apply in safe mode).
-; Note that this is generally a *bad* idea to store passwords in this file.
-; *Any* user with PHP access can run 'echo get_cfg_var("mysql.default_password")
-; and reveal this password! And of course, any users with read access to this
-; file will be able to reveal the password as well.
-; http://php.net/mysql.default-password
-mysql.default_password =
-
-; Maximum time (in seconds) for connect timeout. -1 means no limit
-; http://php.net/mysql.connect-timeout
-mysql.connect_timeout = 60
-
-; Trace mode. When trace_mode is active (=On), warnings for table/index scans and
-; SQL-Errors will be displayed.
-; http://php.net/mysql.trace-mode
-mysql.trace_mode = Off
-
-[MySQLi]
-
-; Maximum number of persistent links. -1 means no limit.
-; http://php.net/mysqli.max-persistent
-mysqli.max_persistent = -1
-
-; Allow accessing, from PHP's perspective, local files with LOAD DATA statements
-; http://php.net/mysqli.allow_local_infile
-;mysqli.allow_local_infile = On
-
-; Allow or prevent persistent links.
-; http://php.net/mysqli.allow-persistent
-mysqli.allow_persistent = On
-
-; Maximum number of links. -1 means no limit.
-; http://php.net/mysqli.max-links
-mysqli.max_links = -1
-
-; If mysqlnd is used: Number of cache slots for the internal result set cache
-; http://php.net/mysqli.cache_size
-mysqli.cache_size = 2000
-
-; Default port number for mysqli_connect(). If unset, mysqli_connect() will use
-; the $MYSQL_TCP_PORT or the mysql-tcp entry in /etc/services or the
-; compile-time value defined MYSQL_PORT (in that order). Win32 will only look
-; at MYSQL_PORT.
-; http://php.net/mysqli.default-port
-mysqli.default_port = 3306
-
-; Default socket name for local MySQL connects. If empty, uses the built-in
-; MySQL defaults.
-; http://php.net/mysqli.default-socket
-mysqli.default_socket =
-
-; Default host for mysql_connect() (doesn't apply in safe mode).
-; http://php.net/mysqli.default-host
-mysqli.default_host =
-
-; Default user for mysql_connect() (doesn't apply in safe mode).
-; http://php.net/mysqli.default-user
-mysqli.default_user =
-
-; Default password for mysqli_connect() (doesn't apply in safe mode).
-; Note that this is generally a *bad* idea to store passwords in this file.
-; *Any* user with PHP access can run 'echo get_cfg_var("mysqli.default_pw")
-; and reveal this password! And of course, any users with read access to this
-; file will be able to reveal the password as well.
-; http://php.net/mysqli.default-pw
-mysqli.default_pw =
-
-; Allow or prevent reconnect
-mysqli.reconnect = Off
-
-[mysqlnd]
-; Enable / Disable collection of general statistics by mysqlnd which can be
-; used to tune and monitor MySQL operations.
-; http://php.net/mysqlnd.collect_statistics
-mysqlnd.collect_statistics = On
-
-; Enable / Disable collection of memory usage statistics by mysqlnd which can be
-; used to tune and monitor MySQL operations.
-; http://php.net/mysqlnd.collect_memory_statistics
-mysqlnd.collect_memory_statistics = Off
-
-; Size of a pre-allocated buffer used when sending commands to MySQL in bytes.
-; http://php.net/mysqlnd.net_cmd_buffer_size
-;mysqlnd.net_cmd_buffer_size = 2048
-
-; Size of a pre-allocated buffer used for reading data sent by the server in
-; bytes.
-; http://php.net/mysqlnd.net_read_buffer_size
-;mysqlnd.net_read_buffer_size = 32768
-
-[OCI8]
-
-; Connection: Enables privileged connections using external
-; credentials (OCI_SYSOPER, OCI_SYSDBA)
-; http://php.net/oci8.privileged-connect
-;oci8.privileged_connect = Off
-
-; Connection: The maximum number of persistent OCI8 connections per
-; process. Using -1 means no limit.
-; http://php.net/oci8.max-persistent
-;oci8.max_persistent = -1
-
-; Connection: The maximum number of seconds a process is allowed to
-; maintain an idle persistent connection. Using -1 means idle
-; persistent connections will be maintained forever.
-; http://php.net/oci8.persistent-timeout
-;oci8.persistent_timeout = -1
-
-; Connection: The number of seconds that must pass before issuing a
-; ping during oci_pconnect() to check the connection validity. When
-; set to 0, each oci_pconnect() will cause a ping. Using -1 disables
-; pings completely.
-; http://php.net/oci8.ping-interval
-;oci8.ping_interval = 60
-
-; Connection: Set this to a user chosen connection class to be used
-; for all pooled server requests with Oracle 11g Database Resident
-; Connection Pooling (DRCP). To use DRCP, this value should be set to
-; the same string for all web servers running the same application,
-; the database pool must be configured, and the connection string must
-; specify to use a pooled server.
-;oci8.connection_class =
-
-; High Availability: Using On lets PHP receive Fast Application
-; Notification (FAN) events generated when a database node fails. The
-; database must also be configured to post FAN events.
-;oci8.events = Off
-
-; Tuning: This option enables statement caching, and specifies how
-; many statements to cache. Using 0 disables statement caching.
-; http://php.net/oci8.statement-cache-size
-;oci8.statement_cache_size = 20
-
-; Tuning: Enables statement prefetching and sets the default number of
-; rows that will be fetched automatically after statement execution.
-; http://php.net/oci8.default-prefetch
-;oci8.default_prefetch = 100
-
-; Compatibility. Using On means oci_close() will not close
-; oci_connect() and oci_new_connect() connections.
-; http://php.net/oci8.old-oci-close-semantics
-;oci8.old_oci_close_semantics = Off
-
-[PostgreSQL]
-; Allow or prevent persistent links.
-; http://php.net/pgsql.allow-persistent
-pgsql.allow_persistent = On
-
-; Detect broken persistent links always with pg_pconnect().
-; Auto reset feature requires a little overheads.
-; http://php.net/pgsql.auto-reset-persistent
-pgsql.auto_reset_persistent = Off
-
-; Maximum number of persistent links. -1 means no limit.
-; http://php.net/pgsql.max-persistent
-pgsql.max_persistent = -1
-
-; Maximum number of links (persistent+non persistent). -1 means no limit.
-; http://php.net/pgsql.max-links
-pgsql.max_links = -1
-
-; Ignore PostgreSQL backends Notice message or not.
-; Notice message logging require a little overheads.
-; http://php.net/pgsql.ignore-notice
-pgsql.ignore_notice = 0
-
-; Log PostgreSQL backends Notice message or not.
-; Unless pgsql.ignore_notice=0, module cannot log notice message.
-; http://php.net/pgsql.log-notice
-pgsql.log_notice = 0
-
-[Sybase-CT]
-; Allow or prevent persistent links.
-; http://php.net/sybct.allow-persistent
-sybct.allow_persistent = On
-
-; Maximum number of persistent links. -1 means no limit.
-; http://php.net/sybct.max-persistent
-sybct.max_persistent = -1
-
-; Maximum number of links (persistent + non-persistent). -1 means no limit.
-; http://php.net/sybct.max-links
-sybct.max_links = -1
-
-; Minimum server message severity to display.
-; http://php.net/sybct.min-server-severity
-sybct.min_server_severity = 10
-
-; Minimum client message severity to display.
-; http://php.net/sybct.min-client-severity
-sybct.min_client_severity = 10
-
-; Set per-context timeout
-; http://php.net/sybct.timeout
-;sybct.timeout=
-
-;sybct.packet_size
-
-; The maximum time in seconds to wait for a connection attempt to succeed before returning failure.
-; Default: one minute
-;sybct.login_timeout=
-
-; The name of the host you claim to be connecting from, for display by sp_who.
-; Default: none
-;sybct.hostname=
-
-; Allows you to define how often deadlocks are to be retried. -1 means "forever".
-; Default: 0
-;sybct.deadlock_retry_count=
-
-[bcmath]
-; Number of decimal digits for all bcmath functions.
-; http://php.net/bcmath.scale
-bcmath.scale = 0
-
-[browscap]
-; http://php.net/browscap
-;browscap = extra/browscap.ini
-
-[Session]
-; Handler used to store/retrieve data.
-; http://php.net/session.save-handler
-session.save_handler = files
-
-; Argument passed to save_handler. In the case of files, this is the path
-; where data files are stored. Note: Windows users have to change this
-; variable in order to use PHP's session functions.
-;
-; The path can be defined as:
-;
-; session.save_path = "N;/path"
-;
-; where N is an integer. Instead of storing all the session files in
-; /path, what this will do is use subdirectories N-levels deep, and
-; store the session data in those directories. This is useful if
-; your OS has problems with many files in one directory, and is
-; a more efficient layout for servers that handle many sessions.
-;
-; NOTE 1: PHP will not create this directory structure automatically.
-; You can use the script in the ext/session dir for that purpose.
-; NOTE 2: See the section on garbage collection below if you choose to
-; use subdirectories for session storage
-;
-; The file storage module creates files using mode 600 by default.
-; You can change that by using
-;
-; session.save_path = "N;MODE;/path"
-;
-; where MODE is the octal representation of the mode. Note that this
-; does not overwrite the process's umask.
-; http://php.net/session.save-path
-;session.save_path = "/tmp"
-
-; Whether to use strict session mode.
-; Strict session mode does not accept uninitialized session ID and regenerate
-; session ID if browser sends uninitialized session ID. Strict mode protects
-; applications from session fixation via session adoption vulnerability. It is
-; disabled by default for maximum compatibility, but enabling it is encouraged.
-; https://wiki.php.net/rfc/strict_sessions
-session.use_strict_mode = 0
-
-; Whether to use cookies.
-; http://php.net/session.use-cookies
-session.use_cookies = 1
-
-; http://php.net/session.cookie-secure
-;session.cookie_secure =
-
-; This option forces PHP to fetch and use a cookie for storing and maintaining
-; the session id. We encourage this operation as it's very helpful in combating
-; session hijacking when not specifying and managing your own session id. It is
-; not the be-all and end-all of session hijacking defense, but it's a good start.
-; http://php.net/session.use-only-cookies
-session.use_only_cookies = 1
-
-; Name of the session (used as cookie name).
-; http://php.net/session.name
-session.name = PHPSESSID
-
-; Initialize session on request startup.
-; http://php.net/session.auto-start
-session.auto_start = 0
-
-; Lifetime in seconds of cookie or, if 0, until browser is restarted.
-; http://php.net/session.cookie-lifetime
-session.cookie_lifetime = 0
-
-; The path for which the cookie is valid.
-; http://php.net/session.cookie-path
-session.cookie_path = /
-
-; The domain for which the cookie is valid.
-; http://php.net/session.cookie-domain
-session.cookie_domain =
-
-; Whether or not to add the httpOnly flag to the cookie, which makes it inaccessible to browser scripting languages such as JavaScript.
-; http://php.net/session.cookie-httponly
-session.cookie_httponly =
-
-; Handler used to serialize data. php is the standard serializer of PHP.
-; http://php.net/session.serialize-handler
-session.serialize_handler = php
-
-; Defines the probability that the 'garbage collection' process is started
-; on every session initialization. The probability is calculated by using
-; gc_probability/gc_divisor. Where session.gc_probability is the numerator
-; and gc_divisor is the denominator in the equation. Setting this value to 1
-; when the session.gc_divisor value is 100 will give you approximately a 1% chance
-; the gc will run on any give request.
-; Default Value: 1
-; Development Value: 1
-; Production Value: 1
-; http://php.net/session.gc-probability
-session.gc_probability = 1
-
-; Defines the probability that the 'garbage collection' process is started on every
-; session initialization. The probability is calculated by using the following equation:
-; gc_probability/gc_divisor. Where session.gc_probability is the numerator and
-; session.gc_divisor is the denominator in the equation. Setting this value to 1
-; when the session.gc_divisor value is 100 will give you approximately a 1% chance
-; the gc will run on any give request. Increasing this value to 1000 will give you
-; a 0.1% chance the gc will run on any give request. For high volume production servers,
-; this is a more efficient approach.
-; Default Value: 100
-; Development Value: 1000
-; Production Value: 1000
-; http://php.net/session.gc-divisor
-session.gc_divisor = 1000
-
-; After this number of seconds, stored data will be seen as 'garbage' and
-; cleaned up by the garbage collection process.
-; http://php.net/session.gc-maxlifetime
-session.gc_maxlifetime = 1440
-
-; NOTE: If you are using the subdirectory option for storing session files
-; (see session.save_path above), then garbage collection does *not*
-; happen automatically. You will need to do your own garbage
-; collection through a shell script, cron entry, or some other method.
-; For example, the following script would is the equivalent of
-; setting session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes):
-; find /path/to/sessions -cmin +24 -type f | xargs rm
-
-; Check HTTP Referer to invalidate externally stored URLs containing ids.
-; HTTP_REFERER has to contain this substring for the session to be
-; considered as valid.
-; http://php.net/session.referer-check
-session.referer_check =
-
-; How many bytes to read from the file.
-; http://php.net/session.entropy-length
-;session.entropy_length = 32
-
-; Specified here to create the session id.
-; http://php.net/session.entropy-file
-; Defaults to /dev/urandom
-; On systems that don't have /dev/urandom but do have /dev/arandom, this will default to /dev/arandom
-; If neither are found at compile time, the default is no entropy file.
-; On windows, setting the entropy_length setting will activate the
-; Windows random source (using the CryptoAPI)
-;session.entropy_file = /dev/urandom
-
-; Set to {nocache,private,public,} to determine HTTP caching aspects
-; or leave this empty to avoid sending anti-caching headers.
-; http://php.net/session.cache-limiter
-session.cache_limiter = nocache
-
-; Document expires after n minutes.
-; http://php.net/session.cache-expire
-session.cache_expire = 180
-
-; trans sid support is disabled by default.
-; Use of trans sid may risk your users' security.
-; Use this option with caution.
-; - User may send URL contains active session ID
-; to other person via. email/irc/etc.
-; - URL that contains active session ID may be stored
-; in publicly accessible computer.
-; - User may access your site with the same session ID
-; always using URL stored in browser's history or bookmarks.
-; http://php.net/session.use-trans-sid
-session.use_trans_sid = 0
-
-; Select a hash function for use in generating session ids.
-; Possible Values
-; 0 (MD5 128 bits)
-; 1 (SHA-1 160 bits)
-; This option may also be set to the name of any hash function supported by
-; the hash extension. A list of available hashes is returned by the hash_algos()
-; function.
-; http://php.net/session.hash-function
-session.hash_function = 0
-
-; Define how many bits are stored in each character when converting
-; the binary hash data to something readable.
-; Possible values:
-; 4 (4 bits: 0-9, a-f)
-; 5 (5 bits: 0-9, a-v)
-; 6 (6 bits: 0-9, a-z, A-Z, "-", ",")
-; Default Value: 4
-; Development Value: 5
-; Production Value: 5
-; http://php.net/session.hash-bits-per-character
-session.hash_bits_per_character = 5
-
-; The URL rewriter will look for URLs in a defined set of HTML tags.
-; form/fieldset are special; if you include them here, the rewriter will
-; add a hidden <input> field with the info which is otherwise appended
-; to URLs. If you want XHTML conformity, remove the form entry.
-; Note that all valid entries require a "=", even if no value follows.
-; Default Value: "a=href,area=href,frame=src,form=,fieldset="
-; Development Value: "a=href,area=href,frame=src,input=src,form=fakeentry"
-; Production Value: "a=href,area=href,frame=src,input=src,form=fakeentry"
-; http://php.net/url-rewriter.tags
-url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"
-
-; Enable upload progress tracking in $_SESSION
-; Default Value: On
-; Development Value: On
-; Production Value: On
-; http://php.net/session.upload-progress.enabled
-;session.upload_progress.enabled = On
-
-; Cleanup the progress information as soon as all POST data has been read
-; (i.e. upload completed).
-; Default Value: On
-; Development Value: On
-; Production Value: On
-; http://php.net/session.upload-progress.cleanup
-;session.upload_progress.cleanup = On
-
-; A prefix used for the upload progress key in $_SESSION
-; Default Value: "upload_progress_"
-; Development Value: "upload_progress_"
-; Production Value: "upload_progress_"
-; http://php.net/session.upload-progress.prefix
-;session.upload_progress.prefix = "upload_progress_"
-
-; The index name (concatenated with the prefix) in $_SESSION
-; containing the upload progress information
-; Default Value: "PHP_SESSION_UPLOAD_PROGRESS"
-; Development Value: "PHP_SESSION_UPLOAD_PROGRESS"
-; Production Value: "PHP_SESSION_UPLOAD_PROGRESS"
-; http://php.net/session.upload-progress.name
-;session.upload_progress.name = "PHP_SESSION_UPLOAD_PROGRESS"
-
-; How frequently the upload progress should be updated.
-; Given either in percentages (per-file), or in bytes
-; Default Value: "1%"
-; Development Value: "1%"
-; Production Value: "1%"
-; http://php.net/session.upload-progress.freq
-;session.upload_progress.freq = "1%"
-
-; The minimum delay between updates, in seconds
-; Default Value: 1
-; Development Value: 1
-; Production Value: 1
-; http://php.net/session.upload-progress.min-freq
-;session.upload_progress.min_freq = "1"
-
-[MSSQL]
-; Allow or prevent persistent links.
-mssql.allow_persistent = On
-
-; Maximum number of persistent links. -1 means no limit.
-mssql.max_persistent = -1
-
-; Maximum number of links (persistent+non persistent). -1 means no limit.
-mssql.max_links = -1
-
-; Minimum error severity to display.
-mssql.min_error_severity = 10
-
-; Minimum message severity to display.
-mssql.min_message_severity = 10
-
-; Compatibility mode with old versions of PHP 3.0.
-mssql.compatibility_mode = Off
-
-; Connect timeout
-;mssql.connect_timeout = 5
-
-; Query timeout
-;mssql.timeout = 60
-
-; Valid range 0 - 2147483647. Default = 4096.
-;mssql.textlimit = 4096
-
-; Valid range 0 - 2147483647. Default = 4096.
-;mssql.textsize = 4096
-
-; Limits the number of records in each batch. 0 = all records in one batch.
-;mssql.batchsize = 0
-
-; Specify how datetime and datetim4 columns are returned
-; On => Returns data converted to SQL server settings
-; Off => Returns values as YYYY-MM-DD hh:mm:ss
-;mssql.datetimeconvert = On
-
-; Use NT authentication when connecting to the server
-mssql.secure_connection = Off
-
-; Specify max number of processes. -1 = library default
-; msdlib defaults to 25
-; FreeTDS defaults to 4096
-;mssql.max_procs = -1
-
-; Specify client character set.
-; If empty or not set the client charset from freetds.conf is used
-; This is only used when compiled with FreeTDS
-;mssql.charset = "ISO-8859-1"
-
-[Assertion]
-; Assert(expr); active by default.
-; http://php.net/assert.active
-;assert.active = On
-
-; Issue a PHP warning for each failed assertion.
-; http://php.net/assert.warning
-;assert.warning = On
-
-; Don't bail out by default.
-; http://php.net/assert.bail
-;assert.bail = Off
-
-; User-function to be called if an assertion fails.
-; http://php.net/assert.callback
-;assert.callback = 0
-
-; Eval the expression with current error_reporting(). Set to true if you want
-; error_reporting(0) around the eval().
-; http://php.net/assert.quiet-eval
-;assert.quiet_eval = 0
-
-[COM]
-; path to a file containing GUIDs, IIDs or filenames of files with TypeLibs
-; http://php.net/com.typelib-file
-;com.typelib_file =
-
-; allow Distributed-COM calls
-; http://php.net/com.allow-dcom
-;com.allow_dcom = true
-
-; autoregister constants of a components typlib on com_load()
-; http://php.net/com.autoregister-typelib
-;com.autoregister_typelib = true
-
-; register constants casesensitive
-; http://php.net/com.autoregister-casesensitive
-;com.autoregister_casesensitive = false
-
-; show warnings on duplicate constant registrations
-; http://php.net/com.autoregister-verbose
-;com.autoregister_verbose = true
-
-; The default character set code-page to use when passing strings to and from COM objects.
-; Default: system ANSI code page
-;com.code_page=
-
-[mbstring]
-; language for internal character representation.
-; This affects mb_send_mail() and mbstrig.detect_order.
-; http://php.net/mbstring.language
-;mbstring.language = Japanese
-
-; Use of this INI entry is deprecated, use global internal_encoding instead.
-; internal/script encoding.
-; Some encoding cannot work as internal encoding. (e.g. SJIS, BIG5, ISO-2022-*)
-; If empty, default_charset or internal_encoding or iconv.internal_encoding is used.
-; The precedence is: default_charset < internal_encoding < iconv.internal_encoding
-;mbstring.internal_encoding =
-
-; Use of this INI entry is deprecated, use global input_encoding instead.
-; http input encoding.
-; mbstring.encoding_traslation = On is needed to use this setting.
-; If empty, default_charset or input_encoding or mbstring.input is used.
-; The precedence is: default_charset < intput_encoding < mbsting.http_input
-; http://php.net/mbstring.http-input
-;mbstring.http_input =
-
-; Use of this INI entry is deprecated, use global output_encoding instead.
-; http output encoding.
-; mb_output_handler must be registered as output buffer to function.
-; If empty, default_charset or output_encoding or mbstring.http_output is used.
-; The precedence is: default_charset < output_encoding < mbstring.http_output
-; To use an output encoding conversion, mbstring's output handler must be set
-; otherwise output encoding conversion cannot be performed.
-; http://php.net/mbstring.http-output
-;mbstring.http_output =
-
-; enable automatic encoding translation according to
-; mbstring.internal_encoding setting. Input chars are
-; converted to internal encoding by setting this to On.
-; Note: Do _not_ use automatic encoding translation for
-; portable libs/applications.
-; http://php.net/mbstring.encoding-translation
-;mbstring.encoding_translation = Off
-
-; automatic encoding detection order.
-; "auto" detect order is changed according to mbstring.language
-; http://php.net/mbstring.detect-order
-;mbstring.detect_order = auto
-
-; substitute_character used when character cannot be converted
-; one from another
-; http://php.net/mbstring.substitute-character
-;mbstring.substitute_character = none
-
-; overload(replace) single byte functions by mbstring functions.
-; mail(), ereg(), etc are overloaded by mb_send_mail(), mb_ereg(),
-; etc. Possible values are 0,1,2,4 or combination of them.
-; For example, 7 for overload everything.
-; 0: No overload
-; 1: Overload mail() function
-; 2: Overload str*() functions
-; 4: Overload ereg*() functions
-; http://php.net/mbstring.func-overload
-;mbstring.func_overload = 0
-
-; enable strict encoding detection.
-; Default: Off
-;mbstring.strict_detection = On
-
-; This directive specifies the regex pattern of content types for which mb_output_handler()
-; is activated.
-; Default: mbstring.http_output_conv_mimetype=^(text/|application/xhtml\+xml)
-;mbstring.http_output_conv_mimetype=
-
-[gd]
-; Tell the jpeg decode to ignore warnings and try to create
-; a gd image. The warning will then be displayed as notices
-; disabled by default
-; http://php.net/gd.jpeg-ignore-warning
-;gd.jpeg_ignore_warning = 0
-
-[exif]
-; Exif UNICODE user comments are handled as UCS-2BE/UCS-2LE and JIS as JIS.
-; With mbstring support this will automatically be converted into the encoding
-; given by corresponding encode setting. When empty mbstring.internal_encoding
-; is used. For the decode settings you can distinguish between motorola and
-; intel byte order. A decode setting cannot be empty.
-; http://php.net/exif.encode-unicode
-;exif.encode_unicode = ISO-8859-15
-
-; http://php.net/exif.decode-unicode-motorola
-;exif.decode_unicode_motorola = UCS-2BE
-
-; http://php.net/exif.decode-unicode-intel
-;exif.decode_unicode_intel = UCS-2LE
-
-; http://php.net/exif.encode-jis
-;exif.encode_jis =
-
-; http://php.net/exif.decode-jis-motorola
-;exif.decode_jis_motorola = JIS
-
-; http://php.net/exif.decode-jis-intel
-;exif.decode_jis_intel = JIS
-
-[Tidy]
-; The path to a default tidy configuration file to use when using tidy
-; http://php.net/tidy.default-config
-;tidy.default_config = /usr/local/lib/php/default.tcfg
-
-; Should tidy clean and repair output automatically?
-; WARNING: Do not use this option if you are generating non-html content
-; such as dynamic images
-; http://php.net/tidy.clean-output
-tidy.clean_output = Off
-
-[soap]
-; Enables or disables WSDL caching feature.
-; http://php.net/soap.wsdl-cache-enabled
-soap.wsdl_cache_enabled=1
-
-; Sets the directory name where SOAP extension will put cache files.
-; http://php.net/soap.wsdl-cache-dir
-soap.wsdl_cache_dir="/tmp"
-
-; (time to live) Sets the number of second while cached file will be used
-; instead of original one.
-; http://php.net/soap.wsdl-cache-ttl
-soap.wsdl_cache_ttl=86400
-
-; Sets the size of the cache limit. (Max. number of WSDL files to cache)
-soap.wsdl_cache_limit = 5
-
-[sysvshm]
-; A default size of the shared memory segment
-;sysvshm.init_mem = 10000
-
-[ldap]
-; Sets the maximum number of open links or -1 for unlimited.
-ldap.max_links = -1
-
-[mcrypt]
-; For more information about mcrypt settings see http://php.net/mcrypt-module-open
-
-; Directory where to load mcrypt algorithms
-; Default: Compiled in into libmcrypt (usually /usr/local/lib/libmcrypt)
-;mcrypt.algorithms_dir=
-
-; Directory where to load mcrypt modes
-; Default: Compiled in into libmcrypt (usually /usr/local/lib/libmcrypt)
-;mcrypt.modes_dir=
-
-[dba]
-;dba.default_handler=
-
-[opcache]
-; Determines if Zend OPCache is enabled
-;opcache.enable=0
-
-; Determines if Zend OPCache is enabled for the CLI version of PHP
-;opcache.enable_cli=0
-
-; The OPcache shared memory storage size.
-;opcache.memory_consumption=64
-
-; The amount of memory for interned strings in Mbytes.
-;opcache.interned_strings_buffer=4
-
-; The maximum number of keys (scripts) in the OPcache hash table.
-; Only numbers between 200 and 100000 are allowed.
-;opcache.max_accelerated_files=2000
-
-; The maximum percentage of "wasted" memory until a restart is scheduled.
-;opcache.max_wasted_percentage=5
-
-; When this directive is enabled, the OPcache appends the current working
-; directory to the script key, thus eliminating possible collisions between
-; files with the same name (basename). Disabling the directive improves
-; performance, but may break existing applications.
-;opcache.use_cwd=1
-
-; When disabled, you must reset the OPcache manually or restart the
-; webserver for changes to the filesystem to take effect.
-;opcache.validate_timestamps=1
-
-; How often (in seconds) to check file timestamps for changes to the shared
-; memory storage allocation. ("1" means validate once per second, but only
-; once per request. "0" means always validate)
-;opcache.revalidate_freq=2
-
-; Enables or disables file search in include_path optimization
-;opcache.revalidate_path=0
-
-; If disabled, all PHPDoc comments are dropped from the code to reduce the
-; size of the optimized code.
-;opcache.save_comments=1
-
-; If disabled, PHPDoc comments are not loaded from SHM, so "Doc Comments"
-; may be always stored (save_comments=1), but not loaded by applications
-; that don't need them anyway.
-;opcache.load_comments=1
-
-; If enabled, a fast shutdown sequence is used for the accelerated code
-;opcache.fast_shutdown=0
-
-; Allow file existence override (file_exists, etc.) performance feature.
-;opcache.enable_file_override=0
-
-; A bitmask, where each bit enables or disables the appropriate OPcache
-; passes
-;opcache.optimization_level=0xffffffff
-
-;opcache.inherited_hack=1
-;opcache.dups_fix=0
-
-; The location of the OPcache blacklist file (wildcards allowed).
-; Each OPcache blacklist file is a text file that holds the names of files
-; that should not be accelerated. The file format is to add each filename
-; to a new line. The filename may be a full path or just a file prefix
-; (i.e., /var/www/x blacklists all the files and directories in /var/www
-; that start with 'x'). Line starting with a ; are ignored (comments).
-;opcache.blacklist_filename=
-
-; Allows exclusion of large files from being cached. By default all files
-; are cached.
-;opcache.max_file_size=0
-
-; Check the cache checksum each N requests.
-; The default value of "0" means that the checks are disabled.
-;opcache.consistency_checks=0
-
-; How long to wait (in seconds) for a scheduled restart to begin if the cache
-; is not being accessed.
-;opcache.force_restart_timeout=180
-
-; OPcache error_log file name. Empty string assumes "stderr".
-;opcache.error_log=
-
-; All OPcache errors go to the Web server log.
-; By default, only fatal errors (level 0) or errors (level 1) are logged.
-; You can also enable warnings (level 2), info messages (level 3) or
-; debug messages (level 4).
-;opcache.log_verbosity_level=1
-
-; Preferred Shared Memory back-end. Leave empty and let the system decide.
-;opcache.preferred_memory_model=
-
-; Protect the shared memory from unexpected writing during script execution.
-; Useful for internal debugging only.
-;opcache.protect_memory=0
-
-[curl]
-; A default value for the CURLOPT_CAINFO option. This is required to be an
-; absolute path.
-;curl.cainfo =
-
-[openssl]
-; The location of a Certificate Authority (CA) file on the local filesystem
-; to use when verifying the identity of SSL/TLS peers. Most users should
-; not specify a value for this directive as PHP will attempt to use the
-; OS-managed cert stores in its absence. If specified, this value may still
-; be overridden on a per-stream basis via the "cafile" SSL stream context
-; option.
-;openssl.cafile=
-
-; If openssl.cafile is not specified or if the CA file is not found, the
-; directory pointed to by openssl.capath is searched for a suitable
-; certificate. This value must be a correctly hashed certificate directory.
-; Most users should not specify a value for this directive as PHP will
-; attempt to use the OS-managed cert stores in its absence. If specified,
-; this value may still be overridden on a per-stream basis via the "capath"
-; SSL stream context option.
-;openssl.capath=
-
-; Local Variables:
-; tab-width: 4
-; End:
diff --git a/conf/anna/etc/sudoers.d/znc b/conf/anna/etc/sudoers.d/znc
deleted file mode 100644
index 683d69f3f065057358c48774e8f63a4dac8f48d6..0000000000000000000000000000000000000000
--- a/conf/anna/etc/sudoers.d/znc
+++ /dev/null
@@ -1,2 +0,0 @@
-xmrazek7 ALL=/usr/bin/systemctl restart znc,/usr/bin/systemctl start znc,/usr/bin/systemctl stop znc
-xmrazek7 ALL=(znc) ALL
diff --git a/conf/anna/etc/sysctl.d/10-ptrace.conf b/conf/anna/etc/sysctl.d/10-ptrace.conf
deleted file mode 100644
index f3a6d38fde68c3e244839bc407e5ccdad0bab65b..0000000000000000000000000000000000000000
--- a/conf/anna/etc/sysctl.d/10-ptrace.conf
+++ /dev/null
@@ -1 +0,0 @@
-# overrides default of other machines
diff --git a/conf/anna/etc/systemd/system/archmirror.service b/conf/anna/etc/systemd/system/archmirror.service
deleted file mode 100644
index 7eb8f025ad94e0e22773583aa55120d68f7f36eb..0000000000000000000000000000000000000000
--- a/conf/anna/etc/systemd/system/archmirror.service
+++ /dev/null
@@ -1,8 +0,0 @@
-[Unit]
-Description=Archlinux repositories sync
-RefuseManualStart=no
-RefuseManualStop=yes
-
-[Service]
-Type=oneshot
-ExecStart=/archmirror/upstream/syncrepo.sh
diff --git a/conf/anna/etc/systemd/system/archmirror.timer b/conf/anna/etc/systemd/system/archmirror.timer
deleted file mode 100644
index 86fc45e84c0737c6a77f1badc5796dabfce91d8b..0000000000000000000000000000000000000000
--- a/conf/anna/etc/systemd/system/archmirror.timer
+++ /dev/null
@@ -1,12 +0,0 @@
-[Unit]
-Description=Archlinux repositories sync
-RefuseManualStart=no
-RefuseManualStop=no
-
-[Timer]
-OnBootSec=15min
-OnUnitActiveSec=2h
-RandomizedDelaySec=600
-
-[Install]
-WantedBy=default.target
diff --git a/conf/anna/etc/systemd/system/buildbot-master.service b/conf/anna/etc/systemd/system/buildbot-master.service
deleted file mode 100644
index ff46c39401ff24815185989bad6a2c9552a5879a..0000000000000000000000000000000000000000
--- a/conf/anna/etc/systemd/system/buildbot-master.service
+++ /dev/null
@@ -1,17 +0,0 @@
-[Unit]
-Description=Buildbot Master
-Wants=network.target
-After=network.target
-
-[Service]
-Type=forking
-PIDFile=/srv/builds/buildbot/master/twistd.pid
-WorkingDirectory=/srv/builds/buildbot
-ExecStart=/srv/builds/buildbot/bin/buildbot start master
-ExecReload=/srv/builds/buildbot/bin/buildbot reconfig master
-ExecStop=/srv/builds/buildbot/bin/buildbot stop master
-Restart=always
-User=buildbot
-
-[Install]
-WantedBy=multi-user.target
diff --git a/conf/anna/etc/systemd/system/certbot-renew.service b/conf/anna/etc/systemd/system/certbot-renew.service
deleted file mode 100644
index 2972c59abe8c314e0396399fa286b57fe029e5b5..0000000000000000000000000000000000000000
--- a/conf/anna/etc/systemd/system/certbot-renew.service
+++ /dev/null
@@ -1,8 +0,0 @@
-[Unit]
-Description=certbot renew
-RefuseManualStart=no
-RefuseManualStop=yes
-
-[Service]
-Type=oneshot
-ExecStart=/usr/bin/certbot renew
diff --git a/conf/anna/etc/systemd/system/certbot-renew.timer b/conf/anna/etc/systemd/system/certbot-renew.timer
deleted file mode 100644
index 4c86d85b4f103db365b3647eec299068639ab328..0000000000000000000000000000000000000000
--- a/conf/anna/etc/systemd/system/certbot-renew.timer
+++ /dev/null
@@ -1,11 +0,0 @@
-[Unit]
-Description=certbot renew timer
-RefuseManualStart=no
-RefuseManualStop=no
-
-[Timer]
-OnBootSec=300
-OnUnitActiveSec=12h
-
-[Install]
-WantedBy=multi-user.target
diff --git a/conf/anna/etc/systemd/system/fcgiwrap-hooks.service b/conf/anna/etc/systemd/system/fcgiwrap-hooks.service
deleted file mode 100644
index 626ee7d0c9b824e596c194dae16cd3e0e1437123..0000000000000000000000000000000000000000
--- a/conf/anna/etc/systemd/system/fcgiwrap-hooks.service
+++ /dev/null
@@ -1,11 +0,0 @@
-[Unit]
-Description=Simple CGI Server for CGI hooks
-After=nss-user-lookup.target
-
-[Service]
-ExecStart=/usr/sbin/fcgiwrap -s unix:/run/fcgiwrap-hooks.sock
-User=cgi-hooks
-Group=cgi-hooks
-
-[Install]
-Also=fcgiwrap-hooks.socket
diff --git a/conf/anna/etc/systemd/system/fcgiwrap-hooks.socket b/conf/anna/etc/systemd/system/fcgiwrap-hooks.socket
deleted file mode 100644
index 30f69cbe645649d119ad27d56407aeebec170ba2..0000000000000000000000000000000000000000
--- a/conf/anna/etc/systemd/system/fcgiwrap-hooks.socket
+++ /dev/null
@@ -1,8 +0,0 @@
-[Unit]
-Description=fcgiwrap-hooks Socket
-
-[Socket]
-ListenStream=/run/fcgiwrap-hooks.sock
-
-[Install]
-WantedBy=sockets.target
diff --git a/conf/anna/etc/systemd/system/iscsi-thecus.service b/conf/anna/etc/systemd/system/iscsi-thecus.service
deleted file mode 100644
index 3a3440bc916d7a3f84026da4e88a8f8d22fe7040..0000000000000000000000000000000000000000
--- a/conf/anna/etc/systemd/system/iscsi-thecus.service
+++ /dev/null
@@ -1,17 +0,0 @@
-[Unit]
-Description=Connect THECUS iSCSI disks
-Requires=dhcpcd.service
-After=dhcpcd.service
-Wants=network.target
-Before=network.target
-
-[Service]
-Type=oneshot
-RemainAfterExit=yes
-ExecStart=/usr/bin/ip addr add 192.168.1.10/24 dev enp6s0
-ExecStart=/usr/bin/iscsiadm -m discovery -t sendtargets -p 192.168.1.100
-ExecStart=/usr/bin/iscsiadm -m node --targetname=iqn.2016-12.com.thecus.n8800prov2:iscsi.raid5b.raid1 --login -p 192.168.1.100
-ExecStart=/usr/bin/iscsiadm -m node --targetname=iqn.2016-04.com.thecus.n8800prov2:iscsi.3x4t.raid0 --login -p 192.168.1.100
-
-[Install]
-WantedBy=multi-user.target
diff --git a/conf/anna/etc/systemd/system/nginx.service.d/override.conf b/conf/anna/etc/systemd/system/nginx.service.d/override.conf
deleted file mode 100644
index e072e8619c2e4b955100201af4fcf8d6af165b07..0000000000000000000000000000000000000000
--- a/conf/anna/etc/systemd/system/nginx.service.d/override.conf
+++ /dev/null
@@ -1,3 +0,0 @@
-[Service]
-Restart=always
-RestartSec=5
diff --git a/conf/anna/etc/systemd/system/pdsbot.service b/conf/anna/etc/systemd/system/pdsbot.service
deleted file mode 100644
index b2fce767d8a38de8e56c7113ccb349eb29d53af1..0000000000000000000000000000000000000000
--- a/conf/anna/etc/systemd/system/pdsbot.service
+++ /dev/null
@@ -1,17 +0,0 @@
-[Unit]
-Description=PDSbot IRC Bot
-After=network.target remote-fs.target
-
-[Service]
-Type=forking
-User=pdsbot
-Group=pdsbot
-WorkingDirectory=/srv/pdsbot
-Environment="PERL5LIB=/srv/pdsbot/perl5/lib/perl5"
-ExecStart=/usr/bin/perl /srv/pdsbot/pdsbot/bot.pl start
-ExecStop=/usr/bin/perl /srv/pdsbot/pdsbot/bot.pl stop
-Restart=always
-RestartSec=2
-
-[Install]
-WantedBy=multi-user.target
diff --git a/conf/anna/etc/systemd/system/tracd.service b/conf/anna/etc/systemd/system/tracd.service
deleted file mode 100644
index 1980967bb6f018393147e615e57a68d138702726..0000000000000000000000000000000000000000
--- a/conf/anna/etc/systemd/system/tracd.service
+++ /dev/null
@@ -1,14 +0,0 @@
-[Unit]
-Description=Trac service
-After=network.target remote-fs.target nss-lookup.target
-
-[Service]
-Type=simple
-User=trac-divine
-Group=trac-divine
-WorkingDirectory=/srv/www/divine
-ExecStart=/srv/www/divine/trac.install/.local/bin/tracd --port 3002 trac
-Restart=always
-
-[Install]
-WantedBy=multi-user.target
diff --git a/conf/anna/etc/systemd/system/vm-amass.service b/conf/anna/etc/systemd/system/vm-amass.service
deleted file mode 100644
index 0175341e4d241e36d74ad9a52127f80308dc06a2..0000000000000000000000000000000000000000
--- a/conf/anna/etc/systemd/system/vm-amass.service
+++ /dev/null
@@ -1,16 +0,0 @@
-[Unit]
-Description=Initialize infrastructure for VMs
-Wants=network.target vsm-init.service
-After=network.target vms-init.service
-
-[Service]
-Type=simple
-WorkingDirectory=/srv/vms
-ExecStart=/usr/bin/qemu-system-x86_64 -machine accel=kvm -display none -serial unix:/srv/vms/amass-console.sock,server,nowait -m 4096 -smp 2 -drive file=amass-ubuntu.qcow2,if=virtio -boot order=c -net nic,macaddr=52:54:7d:40:00:01,model=virtio -net bridge,br=br_vms
-ExecStop=/usr/bin/bash -c "/usr/bin/echo 'shutdown +0' | /usr/bin/socat -T120 -t120 UNIX-CONNECT:/srv/vms/amass-console.sock 'STDIN,ignoreeof!!STDERR'"
-User=vms
-Group=vms
-
-[Install]
-WantedBy=multi-user.target
-
diff --git a/conf/anna/etc/systemd/system/vms-init.service b/conf/anna/etc/systemd/system/vms-init.service
deleted file mode 100644
index 9fedc8c893bc167bc05c3c6775d078f620cdb146..0000000000000000000000000000000000000000
--- a/conf/anna/etc/systemd/system/vms-init.service
+++ /dev/null
@@ -1,15 +0,0 @@
-[Unit]
-Description=Initialize infrastructure for VMs
-Wants=network.target
-After=network.target
-
-[Service]
-Type=oneshot
-RemainAfterExit=yes
-WorkingDirectory=/srv/vms
-ExecStart=/usr/bin/ip link add name br_vms type bridge
-ExecStart=/usr/bin/ip link set enp6s0 master br_vms
-ExecStop=/usr/bin/ip link delete br_vms
-
-[Install]
-WantedBy=multi-user.target
diff --git a/conf/antea/etc/default/grub b/conf/antea/etc/default/grub
deleted file mode 100644
index ed0b9755a329ec82984c89aec3e04e35782500d1..0000000000000000000000000000000000000000
--- a/conf/antea/etc/default/grub
+++ /dev/null
@@ -1,50 +0,0 @@
-GRUB_DEFAULT=0
-GRUB_TIMEOUT=5
-GRUB_DISTRIBUTOR="Arch"
-GRUB_CMDLINE_LINUX_DEFAULT="quiet console=tty0 console=ttyS1,9600n8"
-GRUB_CMDLINE_LINUX=""
-
-# Preload both GPT and MBR modules so that they are not missed
-GRUB_PRELOAD_MODULES="part_gpt part_msdos"
-
-# Uncomment to enable Hidden Menu, and optionally hide the timeout count
-#GRUB_HIDDEN_TIMEOUT=5
-#GRUB_HIDDEN_TIMEOUT_QUIET=true
-
-## Serial console
-GRUB_SERIAL_COMMAND="serial --speed=9600 --unit=1"
-
-# Uncomment to use basic console
-GRUB_TERMINAL_INPUT="console serial"
-
-# Uncomment to disable graphical terminal
-GRUB_TERMINAL_OUTPUT="console serial"
-
-# The resolution used on graphical terminal
-# note that you can use only modes which your graphic card supports via VBE
-# you can see them in real GRUB with the command `vbeinfo'
-GRUB_GFXMODE=auto
-
-# Uncomment to allow the kernel use the same resolution used by grub
-GRUB_GFXPAYLOAD_LINUX=keep
-
-# Uncomment if you want GRUB to pass to the Linux kernel the old parameter
-# format "root=/dev/xxx" instead of "root=/dev/disk/by-uuid/xxx"
-#GRUB_DISABLE_LINUX_UUID=true
-
-# Uncomment to disable generation of recovery mode menu entries
-GRUB_DISABLE_RECOVERY=true
-
-# Uncomment and set to the desired menu colors. Used by normal and wallpaper
-# modes only. Entries specified as foreground/background.
-#GRUB_COLOR_NORMAL="light-blue/black"
-#GRUB_COLOR_HIGHLIGHT="light-cyan/blue"
-
-# Uncomment one of them for the gfx desired, a image background or a gfxtheme
-#GRUB_BACKGROUND="/path/to/wallpaper"
-#GRUB_THEME="/path/to/gfxtheme"
-
-# Uncomment to get a beep at GRUB start
-#GRUB_INIT_TUNE="480 440 1"
-
-#GRUB_SAVEDEFAULT="true"
diff --git a/conf/antea/etc/exports b/conf/antea/etc/exports
deleted file mode 100644
index c826e62d62c6605d2309ba6740fb329c5ce26ac5..0000000000000000000000000000000000000000
--- a/conf/antea/etc/exports
+++ /dev/null
@@ -1,28 +0,0 @@
-/home pythia*.fi.muni.cz(rw,no_subtree_check,root_squash,async,mountpoint)
-/home psyche*.fi.muni.cz(rw,no_subtree_check,root_squash,async,mountpoint)
-/home pheme*.fi.muni.cz(rw,no_subtree_check,root_squash,async,mountpoint)
-/home pandora*.fi.muni.cz(rw,no_subtree_check,root_squash,async,mountpoint)
-/home anna.fi.muni.cz(rw,no_subtree_check,root_squash,async,mountpoint)
-/home antea.fi.muni.cz(rw,no_subtree_check,root_squash,async,mountpoint)
-/home arke.fi.muni.cz(rw,no_subtree_check,root_squash,async,mountpoint)
-/home midas.fi.muni.cz(rw,no_subtree_check,root_squash,async,mountpoint)
-/backup pythia*.fi.muni.cz(ro,no_subtree_check,root_squash,async,mountpoint)
-/backup psyche*.fi.muni.cz(ro,no_subtree_check,root_squash,async,mountpoint)
-/backup pheme*.fi.muni.cz(ro,no_subtree_check,root_squash,async,mountpoint)
-/backup pandora*.fi.muni.cz(ro,no_subtree_check,root_squash,async,mountpoint)
-/backup anna.fi.muni.cz(ro,no_subtree_check,root_squash,async,mountpoint)
-/backup antea.fi.muni.cz(ro,no_subtree_check,root_squash,async,mountpoint)
-/backup arke.fi.muni.cz(ro,no_subtree_check,root_squash,async,mountpoint)
-/backup midas.fi.muni.cz(ro,no_subtree_check,root_squash,async,mountpoint)
-/srv/code antea.fi.muni.cz(rw,no_subtree_check,root_squash,async,mountpoint)
-/srv/www antea.fi.muni.cz(rw,no_subtree_check,root_squash,async,mountpoint)
-/srv/code anna.fi.muni.cz(rw,no_subtree_check,root_squash,async,mountpoint)
-/srv/www anna.fi.muni.cz(rw,no_subtree_check,root_squash,async,mountpoint)
-/srv/www pythia01.fi.muni.cz(rw,no_subtree_check,root_squash,async,mountpoint)
-/srv/www arke.fi.muni.cz(rw,no_subtree_check,root_squash,async,mountpoint)
-# /srv/builds pythia*.fi.muni.cz(rw,no_subtree_check,root_squash,async,mountpoint)
-# /srv/builds pheme*.fi.muni.cz(rw,no_subtree_check,root_squash,async,mountpoint)
-# /srv/builds pandora*.fi.muni.cz(rw,no_subtree_check,root_squash,async,mountpoint)
-# /srv/builds anna.fi.muni.cz(rw,no_subtree_check,root_squash,async,mountpoint)
-# /srv/builds antea.fi.muni.cz(rw,no_subtree_check,root_squash,async,mountpoint)
-# /srv/builds arke.fi.muni.cz(rw,no_subtree_check,root_squash,async,mountpoint)
diff --git a/conf/antea/etc/fstab b/conf/antea/etc/fstab
deleted file mode 100644
index 189a72f25ba3110cc2a46d034f27cf5fa6626d77..0000000000000000000000000000000000000000
--- a/conf/antea/etc/fstab
+++ /dev/null
@@ -1,18 +0,0 @@
-#
-# /etc/fstab: static file system information
-#
-# <file system> <dir> <type> <options> <dump> <pass>
-# /dev/sda2 LABEL=arch
-LABEL=arch / btrfs rw,relatime,space_cache,subvolid=257,subvol=/arch,subvol=arch 0 0
-# /dev/sdb1 UUID=99049711-c763-4a67-bc72-048c096ba02e
-LABEL=archswap none swap defaults 0 0
-
-/dev/vg.antea/home /home auto x-systemd.automount,x-systemd-requires=iscsi-thecus.service 0 2
-/dev/vg.antea/home_archive /home_archive auto x-systemd.automount,x-systemd-requires=iscsi-thecus.service 0 2
-/dev/vg.antea/www /srv/www ext4 x-systemd.automount,x-systemd-requires=iscsi-thecus.service 0 2
-/dev/vg.antea/code /srv/code ext4 x-systemd.automount,x-systemd-requires=iscsi-thecus.service 0 2
-/dev/vg.antea/backup_old /backup_old ext4 ro,x-systemd.automount,x-systemd-requires=iscsi-thecus.service 0 2
-/dev/vg.antea/backup /root/backup xfs rw,relatime,attr2,inode64,noquota,x-systemd.automount,x-systemd-requires=iscsi-thecus.service 0 2
-/root/backup /backup none ro,bind,x-systemd.requires=/root/backup,x-systemd.automount 0 0
-/dev/vg.antea/data /data auto x-systemd.automount,x-systemd-requires=iscsi-thecus.service 0 2
-anna:/srv/builds /srv/builds nfs noauto,vers=3,x-systemd.automount,timeo=14 0 0
diff --git a/conf/antea/etc/iscsi/iscsid.conf b/conf/antea/etc/iscsi/iscsid.conf
deleted file mode 100644
index b3dcaa63e8fa6ef75d294669631945af029f334f..0000000000000000000000000000000000000000
--- a/conf/antea/etc/iscsi/iscsid.conf
+++ /dev/null
@@ -1,318 +0,0 @@
-#
-# Open-iSCSI default configuration.
-# Could be located at /etc/iscsi/iscsid.conf or ~/.iscsid.conf
-#
-# Note: To set any of these values for a specific node/session run
-# the iscsiadm --mode node --op command for the value. See the README
-# and man page for iscsiadm for details on the --op command.
-#
-
-######################
-# iscsid daemon config
-######################
-#
-# If you want iscsid to start the first time an iscsi tool
-# needs to access it, instead of starting it when the init
-# scripts run, set the iscsid startup command here. This
-# should normally only need to be done by distro package
-# maintainers. If you leave the iscsid daemon running all
-# the time then leave this attribute commented out.
-#
-# Default for Fedora and RHEL. (uncomment to activate).
-# iscsid.startup = /bin/systemctl start iscsid.socket iscsiuio.soccket
-iscsid.startup = /bin/systemctl start open-iscsi.service
-#
-# Default if you are not using systemd (uncomment to activate)
-# iscsid.startup = /usr/bin/service start iscsid
-
-# Check for active mounts on devices reachable through a session
-# and refuse to logout if there are any. Defaults to "No".
-# iscsid.safe_logout = Yes
-
-#############################
-# NIC/HBA and driver settings
-#############################
-# open-iscsi can create a session and bind it to a NIC/HBA.
-# To set this up see the example iface config file.
-
-#*****************
-# Startup settings
-#*****************
-
-# To request that the iscsi initd scripts startup a session set to "automatic".
-# node.startup = automatic
-#
-# To manually startup the session set to "manual". The default is manual.
-node.startup = manual
-
-# For "automatic" startup nodes, setting this to "Yes" will try logins on each
-# available iface until one succeeds, and then stop. The default "No" will try
-# logins on all available ifaces simultaneously.
-node.leading_login = No
-
-# *************
-# CHAP Settings
-# *************
-
-# To enable CHAP authentication set node.session.auth.authmethod
-# to CHAP. The default is None.
-#node.session.auth.authmethod = CHAP
-
-# To set a CHAP username and password for initiator
-# authentication by the target(s), uncomment the following lines:
-#node.session.auth.username = username
-#node.session.auth.password = password
-
-# To set a CHAP username and password for target(s)
-# authentication by the initiator, uncomment the following lines:
-#node.session.auth.username_in = username_in
-#node.session.auth.password_in = password_in
-
-# To enable CHAP authentication for a discovery session to the target
-# set discovery.sendtargets.auth.authmethod to CHAP. The default is None.
-#discovery.sendtargets.auth.authmethod = CHAP
-
-# To set a discovery session CHAP username and password for the initiator
-# authentication by the target(s), uncomment the following lines:
-#discovery.sendtargets.auth.username = username
-#discovery.sendtargets.auth.password = password
-
-# To set a discovery session CHAP username and password for target(s)
-# authentication by the initiator, uncomment the following lines:
-#discovery.sendtargets.auth.username_in = username_in
-#discovery.sendtargets.auth.password_in = password_in
-
-# ********
-# Timeouts
-# ********
-#
-# See the iSCSI README's Advanced Configuration section for tips
-# on setting timeouts when using multipath or doing root over iSCSI.
-#
-# To specify the length of time to wait for session re-establishment
-# before failing SCSI commands back to the application when running
-# the Linux SCSI Layer error handler, edit the line.
-# The value is in seconds and the default is 120 seconds.
-# Special values:
-# - If the value is 0, IO will be failed immediately.
-# - If the value is less than 0, IO will remain queued until the session
-# is logged back in, or until the user runs the logout command.
-node.session.timeo.replacement_timeout = 120
-
-# To specify the time to wait for login to complete, edit the line.
-# The value is in seconds and the default is 15 seconds.
-node.conn[0].timeo.login_timeout = 15
-
-# To specify the time to wait for logout to complete, edit the line.
-# The value is in seconds and the default is 15 seconds.
-node.conn[0].timeo.logout_timeout = 15
-
-# Time interval to wait for on connection before sending a ping.
-node.conn[0].timeo.noop_out_interval = 5
-
-# To specify the time to wait for a Nop-out response before failing
-# the connection, edit this line. Failing the connection will
-# cause IO to be failed back to the SCSI layer. If using dm-multipath
-# this will cause the IO to be failed to the multipath layer.
-node.conn[0].timeo.noop_out_timeout = 5
-
-# To specify the time to wait for abort response before
-# failing the operation and trying a logical unit reset edit the line.
-# The value is in seconds and the default is 15 seconds.
-node.session.err_timeo.abort_timeout = 15
-
-# To specify the time to wait for a logical unit response
-# before failing the operation and trying session re-establishment
-# edit the line.
-# The value is in seconds and the default is 30 seconds.
-node.session.err_timeo.lu_reset_timeout = 30
-
-# To specify the time to wait for a target response
-# before failing the operation and trying session re-establishment
-# edit the line.
-# The value is in seconds and the default is 30 seconds.
-node.session.err_timeo.tgt_reset_timeout = 30
-
-
-#******
-# Retry
-#******
-
-# To specify the number of times iscsid should retry a login
-# if the login attempt fails due to the node.conn[0].timeo.login_timeout
-# expiring modify the following line. Note that if the login fails
-# quickly (before node.conn[0].timeo.login_timeout fires) because the network
-# layer or the target returns an error, iscsid may retry the login more than
-# node.session.initial_login_retry_max times.
-#
-# This retry count along with node.conn[0].timeo.login_timeout
-# determines the maximum amount of time iscsid will try to
-# establish the initial login. node.session.initial_login_retry_max is
-# multiplied by the node.conn[0].timeo.login_timeout to determine the
-# maximum amount.
-#
-# The default node.session.initial_login_retry_max is 8 and
-# node.conn[0].timeo.login_timeout is 15 so we have:
-#
-# node.conn[0].timeo.login_timeout * node.session.initial_login_retry_max =
-# 120 seconds
-#
-# Valid values are any integer value. This only
-# affects the initial login. Setting it to a high value can slow
-# down the iscsi service startup. Setting it to a low value can
-# cause a session to not get logged into, if there are distuptions
-# during startup or if the network is not ready at that time.
-node.session.initial_login_retry_max = 8
-
-################################
-# session and device queue depth
-################################
-
-# To control how many commands the session will queue set
-# node.session.cmds_max to an integer between 2 and 2048 that is also
-# a power of 2. The default is 128.
-node.session.cmds_max = 128
-
-# To control the device's queue depth set node.session.queue_depth
-# to a value between 1 and 1024. The default is 32.
-node.session.queue_depth = 32
-
-##################################
-# MISC SYSTEM PERFORMANCE SETTINGS
-##################################
-
-# For software iscsi (iscsi_tcp) and iser (ib_iser) each session
-# has a thread used to transmit or queue data to the hardware. For
-# cxgb3i you will get a thread per host.
-#
-# Setting the thread's priority to a lower value can lead to higher throughput
-# and lower latencies. The lowest value is -20. Setting the priority to
-# a higher value, can lead to reduced IO performance, but if you are seeing
-# the iscsi or scsi threads dominate the use of the CPU then you may want
-# to set this value higher.
-#
-# Note: For cxgb3i you must set all sessions to the same value, or the
-# behavior is not defined.
-#
-# The default value is -20. The setting must be between -20 and 20.
-node.session.xmit_thread_priority = -20
-
-
-#***************
-# iSCSI settings
-#***************
-
-# To enable R2T flow control (i.e., the initiator must wait for an R2T
-# command before sending any data), uncomment the following line:
-#
-#node.session.iscsi.InitialR2T = Yes
-#
-# To disable R2T flow control (i.e., the initiator has an implied
-# initial R2T of "FirstBurstLength" at offset 0), uncomment the following line:
-#
-# The defaults is No.
-node.session.iscsi.InitialR2T = No
-
-#
-# To disable immediate data (i.e., the initiator does not send
-# unsolicited data with the iSCSI command PDU), uncomment the following line:
-#
-#node.session.iscsi.ImmediateData = No
-#
-# To enable immediate data (i.e., the initiator sends unsolicited data
-# with the iSCSI command packet), uncomment the following line:
-#
-# The default is Yes
-node.session.iscsi.ImmediateData = Yes
-
-# To specify the maximum number of unsolicited data bytes the initiator
-# can send in an iSCSI PDU to a target, edit the following line.
-#
-# The value is the number of bytes in the range of 512 to (2^24-1) and
-# the default is 262144
-node.session.iscsi.FirstBurstLength = 262144
-
-# To specify the maximum SCSI payload that the initiator will negotiate
-# with the target for, edit the following line.
-#
-# The value is the number of bytes in the range of 512 to (2^24-1) and
-# the defauls it 16776192
-node.session.iscsi.MaxBurstLength = 16776192
-
-# To specify the maximum number of data bytes the initiator can receive
-# in an iSCSI PDU from a target, edit the following line.
-#
-# The value is the number of bytes in the range of 512 to (2^24-1) and
-# the default is 262144
-node.conn[0].iscsi.MaxRecvDataSegmentLength = 262144
-
-# To specify the maximum number of data bytes the initiator will send
-# in an iSCSI PDU to the target, edit the following line.
-#
-# The value is the number of bytes in the range of 512 to (2^24-1).
-# Zero is a special case. If set to zero, the initiator will use
-# the target's MaxRecvDataSegmentLength for the MaxXmitDataSegmentLength.
-# The default is 0.
-node.conn[0].iscsi.MaxXmitDataSegmentLength = 0
-
-# To specify the maximum number of data bytes the initiator can receive
-# in an iSCSI PDU from a target during a discovery session, edit the
-# following line.
-#
-# The value is the number of bytes in the range of 512 to (2^24-1) and
-# the default is 32768
-#
-discovery.sendtargets.iscsi.MaxRecvDataSegmentLength = 32768
-
-# To allow the targets to control the setting of the digest checking,
-# with the initiator requesting a preference of enabling the checking, uncomment# one or both of the following lines:
-#node.conn[0].iscsi.HeaderDigest = CRC32C,None
-#node.conn[0].iscsi.DataDigest = CRC32C,None
-#
-# To allow the targets to control the setting of the digest checking,
-# with the initiator requesting a preference of disabling the checking,
-# uncomment one or both of the following lines:
-#node.conn[0].iscsi.HeaderDigest = None,CRC32C
-#node.conn[0].iscsi.DataDigest = None,CRC32C
-#
-# To enable CRC32C digest checking for the header and/or data part of
-# iSCSI PDUs, uncomment one or both of the following lines:
-#node.conn[0].iscsi.HeaderDigest = CRC32C
-#node.conn[0].iscsi.DataDigest = CRC32C
-#
-# To disable digest checking for the header and/or data part of
-# iSCSI PDUs, uncomment one or both of the following lines:
-#node.conn[0].iscsi.HeaderDigest = None
-#node.conn[0].iscsi.DataDigest = None
-#
-# The default is to never use DataDigests or HeaderDigests.
-#
-
-# For multipath configurations, you may want more than one session to be
-# created on each iface record. If node.session.nr_sessions is greater
-# than 1, performing a 'login' for that node will ensure that the
-# appropriate number of sessions is created.
-node.session.nr_sessions = 1
-
-#************
-# Workarounds
-#************
-
-# Some targets like IET prefer after an initiator has sent a task
-# management function like an ABORT TASK or LOGICAL UNIT RESET, that
-# it does not respond to PDUs like R2Ts. To enable this behavior uncomment
-# the following line (The default behavior is Yes):
-node.session.iscsi.FastAbort = Yes
-
-# Some targets like Equalogic prefer that after an initiator has sent
-# a task management function like an ABORT TASK or LOGICAL UNIT RESET, that
-# it continue to respond to R2Ts. To enable this uncomment this line
-# node.session.iscsi.FastAbort = No
-
-# To prevent doing automatic scans that would add unwanted luns to the system
-# we can disable them and have sessions only do manually requested scans.
-# Automatic scans are performed on startup, on login, and on AEN/AER reception
-# on devices supporting it. For HW drivers all sessions will use the value
-# defined in the configuration file. This configuration option is independent
-# of scsi_mod scan parameter. (The default behavior is auto):
-node.session.scan = auto
diff --git a/conf/antea/etc/nftables.conf b/conf/antea/etc/nftables.conf
deleted file mode 100644
index 686fc212fb0f972ee0998126273c4769f6822dda..0000000000000000000000000000000000000000
--- a/conf/antea/etc/nftables.conf
+++ /dev/null
@@ -1,55 +0,0 @@
-#!/usr/bin/nft -f
-# ipv4/ipv6 Simple & Safe Firewall
-# you can find examples in /usr/share/nftables/
-
-flush ruleset
-
-table inet filter {
- chain input {
- type filter hook input priority 0;
-
- # allow established/related connections
- ct state { established, related } accept
-
- # early drop of invalid connections
- ct state invalid drop
-
- # allow from loopback
- iifname lo accept
-
- # allow libvirt bridge
- iifname virbr0 accept
-
- # allow icmp
- ip protocol icmp accept
- ip6 nexthdr icmpv6 accept
-
- # DHCPv6
- udp sport 547 accept
-
- # allow ssh, http(s)
- tcp dport { ssh, http, https } accept
-
- # local network
- iif enp1s0f1 accept
- ip saddr 147.251.51.160-147.251.51.255 accept
- ip saddr 147.251.48.89 accept # midas (Nikola)
- ip6 saddr 2001:718:801:233::a0-2001:718:801:233::ff accept
-
-
- # everything else
- ip saddr 147.251.51.1-147.251.51.159 reject with icmp type port-unreachable # junk from other labs
- reject with icmpx type port-unreachable
- reject
- }
- chain forward {
- type filter hook forward priority 0;
- drop
- }
- chain output {
- type filter hook output priority 0;
- }
-
-}
-
-# vim:set ts=2 sw=2 et:
diff --git a/conf/antea/etc/sysconfig/nfs b/conf/antea/etc/sysconfig/nfs
deleted file mode 100644
index 9bf7dcdd547030931f4139a308c5f894459d3ccc..0000000000000000000000000000000000000000
--- a/conf/antea/etc/sysconfig/nfs
+++ /dev/null
@@ -1,43 +0,0 @@
-#
-# Optional arguments passed to in-kernel lockd
-#LOCKDARG=
-# TCP port rpc.lockd should listen on.
-#LOCKD_TCPPORT=32803
-# UDP port rpc.lockd should listen on.
-#LOCKD_UDPPORT=32769
-#
-# Optional arguments passed to rpc.nfsd. See rpc.nfsd(8)
-RPCNFSDARGS=""
-# Number of nfs server processes to be started.
-# The default is 8.
-# RPCNFSDCOUNT=16
-#
-# Set V4 grace period in seconds
-#NFSD_V4_GRACE=90
-#
-# Set V4 lease period in seconds
-#NFSD_V4_LEASE=90
-#
-# Optional arguments passed to rpc.mountd. See rpc.mountd(8)
-RPCMOUNTDOPTS="-p 20048"
-#
-# Optional arguments passed to rpc.statd. See rpc.statd(8)
-# STATDARG=""
-STATDARGS="-p 32765 -o 32766 -T 32803"
-# Optional arguments passed to sm-notify. See sm-notify(8)
-SMNOTIFYARGS=""
-#
-#
-# Optional arguments passed to rpc.idmapd. See rpc.idmapd(8)
-RPCIDMAPDARGS=""
-#
-# Optional arguments passed to rpc.gssd. See rpc.gssd(8)
-RPCGSSDARGS=""
-# Enable usage of gssproxy. See gssproxy-mech(8).
-GSS_USE_PROXY="yes"
-#
-# Optional arguments passed to rpc.svcgssd. See rpc.svcgssd(8)
-RPCSVCGSSDARGS=""
-#
-# Optional arguments passed to blkmapd. See blkmapd(8)
-BLKMAPDARGS=""
diff --git a/conf/antea/etc/sysctl.d/10-ptrace.conf b/conf/antea/etc/sysctl.d/10-ptrace.conf
deleted file mode 100644
index f3a6d38fde68c3e244839bc407e5ccdad0bab65b..0000000000000000000000000000000000000000
--- a/conf/antea/etc/sysctl.d/10-ptrace.conf
+++ /dev/null
@@ -1 +0,0 @@
-# overrides default of other machines
diff --git a/conf/antea/etc/systemd/system/backup-daily.service b/conf/antea/etc/systemd/system/backup-daily.service
deleted file mode 100644
index b81c6081ba5e8611a369804f0031308c98a9b6a9..0000000000000000000000000000000000000000
--- a/conf/antea/etc/systemd/system/backup-daily.service
+++ /dev/null
@@ -1,8 +0,0 @@
-[Unit]
-Description=daily disk backup
-RefuseManualStart=no
-RefuseManualStop=yes
-
-[Service]
-Type=oneshot
-ExecStart=/usr/bin/bash /root/arch-deploy/backup.sh daily
diff --git a/conf/antea/etc/systemd/system/backup-daily.timer b/conf/antea/etc/systemd/system/backup-daily.timer
deleted file mode 100644
index cc3792077e882846418e40041436ce9dd66941b5..0000000000000000000000000000000000000000
--- a/conf/antea/etc/systemd/system/backup-daily.timer
+++ /dev/null
@@ -1,11 +0,0 @@
-[Unit]
-Description=daily disk backup
-RefuseManualStart=no
-RefuseManualStop=no
-
-[Timer]
-Persistent=true
-OnCalendar=*-*-* 00:10:00
-
-[Install]
-WantedBy=default.target
diff --git a/conf/antea/etc/systemd/system/backup-weekly.service b/conf/antea/etc/systemd/system/backup-weekly.service
deleted file mode 100644
index 891c3c60b70daeda19a851bf702c367f7ff209ea..0000000000000000000000000000000000000000
--- a/conf/antea/etc/systemd/system/backup-weekly.service
+++ /dev/null
@@ -1,9 +0,0 @@
-[Unit]
-Description=weekly disk backup
-RefuseManualStart=no
-RefuseManualStop=yes
-
-[Service]
-Type=oneshot
-ExecStart=/usr/bin/bash /root/arch-deploy/backup.sh weekly
-
diff --git a/conf/antea/etc/systemd/system/backup-weekly.timer b/conf/antea/etc/systemd/system/backup-weekly.timer
deleted file mode 100644
index 371d4dbbb718554ea3f6ac893ed2497aee56ddbc..0000000000000000000000000000000000000000
--- a/conf/antea/etc/systemd/system/backup-weekly.timer
+++ /dev/null
@@ -1,12 +0,0 @@
-[Unit]
-Description=weekly disk backup
-RefuseManualStart=no
-RefuseManualStop=no
-
-[Timer]
-Persistent=true
-OnCalendar=Sat *-*-* 00:00:00
-
-[Install]
-WantedBy=default.target
-
diff --git a/conf/antea/etc/systemd/system/iscsi-thecus.service b/conf/antea/etc/systemd/system/iscsi-thecus.service
deleted file mode 100644
index 12c10973f66ec82409f80689d9d34cb4233eb0c8..0000000000000000000000000000000000000000
--- a/conf/antea/etc/systemd/system/iscsi-thecus.service
+++ /dev/null
@@ -1,15 +0,0 @@
-[Unit]
-Description=Connect THECUS iSCSI disks
-Requires=dhcpcd.service
-After=dhcpcd.service
-Wants=network.target
-Before=network.target
-
-[Service]
-Type=oneshot
-RemainAfterExit=yes
-ExecStart=bash -xc "/usr/bin/ip addr show dev enp1s0f1 | grep -F 192.168.0.10/24 || /usr/bin/ip addr add 192.168.0.10/24 dev enp1s0f1"
-ExecStart=/usr/bin/bash -xc "for i in `/usr/bin/iscsiadm -m discovery -t sendtargets -p 192.168.0.100 | cut -d' ' -f2`; do /usr/bin/iscsiadm -m node --targetname=$i --login -p 192.168.0.100; done"
-
-[Install]
-WantedBy=multi-user.target
diff --git a/conf/antea/etc/systemd/system/pandora01-ip.service b/conf/antea/etc/systemd/system/pandora01-ip.service
deleted file mode 100644
index d20e3d03c4f634d4942dd18568239c70ada849bb..0000000000000000000000000000000000000000
--- a/conf/antea/etc/systemd/system/pandora01-ip.service
+++ /dev/null
@@ -1,15 +0,0 @@
-[Unit]
-Description=Connect to additional address of pandora01
-Requires=dhcpcd.service
-After=dhcpcd.service
-Wants=network.target
-Before=network.target
-
-[Service]
-Type=oneshot
-RemainAfterExit=yes
-ExecStart=/usr/bin/bash -c "/usr/bin/ip addr add $(/usr/bin/dig -t AAAA +short pandora01.fi.muni.cz)/128 dev enp1s0f0"
-ExecStart=/usr/bin/bash -c "/usr/bin/ip addr add $(/usr/bin/dig -t A +short pandora01.fi.muni.cz)/24 dev enp1s0f0"
-
-[Install]
-WantedBy=multi-user.target
diff --git a/conf/arke/etc/default/grub b/conf/arke/etc/default/grub
deleted file mode 100644
index ca14f4aea3d4338cbf894cdd3990f0fb0ac55802..0000000000000000000000000000000000000000
--- a/conf/arke/etc/default/grub
+++ /dev/null
@@ -1,50 +0,0 @@
-GRUB_DEFAULT=0
-GRUB_TIMEOUT=5
-GRUB_DISTRIBUTOR="Arch"
-GRUB_CMDLINE_LINUX_DEFAULT="quiet console=tty0 console=ttyS1,9600n8"
-GRUB_CMDLINE_LINUX=""
-
-# Preload both GPT and MBR modules so that they are not missed
-GRUB_PRELOAD_MODULES="part_gpt part_msdos"
-
-# Uncomment to enable Hidden Menu, and optionally hide the timeout count
-#GRUB_HIDDEN_TIMEOUT=5
-#GRUB_HIDDEN_TIMEOUT_QUIET=true
-
-## Serial console
-GRUB_SERIAL_COMMAND="serial --speed=9600 --unit=0"
-
-# Uncomment to use basic console
-GRUB_TERMINAL_INPUT="console serial"
-
-# Uncomment to disable graphical terminal
-GRUB_TERMINAL_OUTPUT="console serial"
-
-# The resolution used on graphical terminal
-# note that you can use only modes which your graphic card supports via VBE
-# you can see them in real GRUB with the command `vbeinfo'
-GRUB_GFXMODE=auto
-
-# Uncomment to allow the kernel use the same resolution used by grub
-GRUB_GFXPAYLOAD_LINUX=keep
-
-# Uncomment if you want GRUB to pass to the Linux kernel the old parameter
-# format "root=/dev/xxx" instead of "root=/dev/disk/by-uuid/xxx"
-#GRUB_DISABLE_LINUX_UUID=true
-
-# Uncomment to disable generation of recovery mode menu entries
-GRUB_DISABLE_RECOVERY=true
-
-# Uncomment and set to the desired menu colors. Used by normal and wallpaper
-# modes only. Entries specified as foreground/background.
-#GRUB_COLOR_NORMAL="light-blue/black"
-#GRUB_COLOR_HIGHLIGHT="light-cyan/blue"
-
-# Uncomment one of them for the gfx desired, a image background or a gfxtheme
-#GRUB_BACKGROUND="/path/to/wallpaper"
-#GRUB_THEME="/path/to/gfxtheme"
-
-# Uncomment to get a beep at GRUB start
-#GRUB_INIT_TUNE="480 440 1"
-
-#GRUB_SAVEDEFAULT="true"
diff --git a/conf/arke/etc/exports b/conf/arke/etc/exports
deleted file mode 100644
index 069148f03bfe602a8d0aeea7a9ff2f2ef2ad2758..0000000000000000000000000000000000000000
--- a/conf/arke/etc/exports
+++ /dev/null
@@ -1,14 +0,0 @@
-/var/obj pythia*.fi.muni.cz(rw,no_subtree_check,root_squash,async,mountpoint)
-/var/obj pheme*.fi.muni.cz(rw,no_subtree_check,root_squash,async,mountpoint)
-/var/obj pandora*.fi.muni.cz(rw,no_subtree_check,root_squash,async,mountpoint)
-/var/obj anna.fi.muni.cz(rw,no_subtree_check,root_squash,async,mountpoint)
-/var/obj antea.fi.muni.cz(rw,no_subtree_check,root_squash,async,mountpoint)
-/var/obj arke.fi.muni.cz(rw,no_subtree_check,root_squash,async,mountpoint)
-
-/srv/bench pythia*.fi.muni.cz(rw,no_subtree_check,root_squash,async,mountpoint)
-/srv/bench pheme*.fi.muni.cz(rw,no_subtree_check,root_squash,async,mountpoint)
-/srv/bench pandora*.fi.muni.cz(rw,no_subtree_check,root_squash,async,mountpoint)
-/srv/bench anna.fi.muni.cz(rw,no_subtree_check,root_squash,async,mountpoint)
-/srv/bench antea.fi.muni.cz(rw,no_subtree_check,root_squash,async,mountpoint)
-/srv/bench arke.fi.muni.cz(rw,no_subtree_check,root_squash,async,mountpoint)
-/srv/bench aisa.fi.muni.cz(rw,no_subtree_check,root_squash,async,mountpoint)
diff --git a/conf/arke/etc/fstab b/conf/arke/etc/fstab
deleted file mode 100644
index 22296fad853e05986251053bd5a94f3b986293b7..0000000000000000000000000000000000000000
--- a/conf/arke/etc/fstab
+++ /dev/null
@@ -1,16 +0,0 @@
-#
-# /etc/fstab: static file system information
-#
-# <file system> <dir> <type> <options> <dump> <pass>
-# /dev/sda2 LABEL=arch
-LABEL=arch / btrfs rw,relatime,space_cache,subvolid=257,subvol=/arch,subvol=arch 0 0
-
-pandora01:/home /home nfs noauto,vers=3,x-systemd.automount,x-systemd.requires=wait-server@pandora01.service,timeo=14 0 0
-pandora01:/srv/www /srv/www nfs noauto,vers=3,x-systemd.automount,x-systemd.requires=wait-server@pandora01.service,timeo=14 0 0
-pandora01:/backup /backup nfs noauto,vers=3,x-systemd.automount,x-systemd.requires=wait-server@pandora01.service,ro,timeo=14 0 0
-anna:/srv/builds /srv/builds nfs noauto,vers=3,x-systemd.automount,x-systemd.requires=wait-server@anna.service,timeo=14 0 0
-
-LABEL=archswap none swap defaults 0 0
-
-/dev/mapper/vg0.arke-obj /var/obj ext4 rw,relatime,data=ordered 0 2
-/dev/mapper/vg0.arke-bench /srv/bench ext4 rw,relatime,data=ordered 0 2
diff --git a/conf/deb/etc/apt/apt.conf.d/20auto-upgrades b/conf/deb/etc/apt/apt.conf.d/20auto-upgrades
deleted file mode 100644
index 8d6d7c82fe3fa66362f868eed98fe5c841594c52..0000000000000000000000000000000000000000
--- a/conf/deb/etc/apt/apt.conf.d/20auto-upgrades
+++ /dev/null
@@ -1,2 +0,0 @@
-APT::Periodic::Update-Package-Lists "1";
-APT::Periodic::Unattended-Upgrade "1";
diff --git a/conf/deb/etc/apt/apt.conf.d/50unattended-upgrades b/conf/deb/etc/apt/apt.conf.d/50unattended-upgrades
deleted file mode 100644
index a25df87a5b89063a3d0118f8e1cfea65a775aa2f..0000000000000000000000000000000000000000
--- a/conf/deb/etc/apt/apt.conf.d/50unattended-upgrades
+++ /dev/null
@@ -1,146 +0,0 @@
-// Unattended-Upgrade::Origins-Pattern controls which packages are
-// upgraded.
-//
-// Lines below have the format format is "keyword=value,...". A
-// package will be upgraded only if the values in its metadata match
-// all the supplied keywords in a line. (In other words, omitted
-// keywords are wild cards.) The keywords originate from the Release
-// file, but several aliases are accepted. The accepted keywords are:
-// a,archive,suite (eg, "stable")
-// c,component (eg, "main", "contrib", "non-free")
-// l,label (eg, "Debian", "Debian-Security")
-// o,origin (eg, "Debian", "Unofficial Multimedia Packages")
-// n,codename (eg, "jessie", "jessie-updates")
-// site (eg, "http.debian.net")
-// The available values on the system are printed by the command
-// "apt-cache policy", and can be debugged by running
-// "unattended-upgrades -d" and looking at the log file.
-//
-// Within lines unattended-upgrades allows 2 macros whose values are
-// derived from /etc/debian_version:
-// ${distro_id} Installed origin.
-// ${distro_codename} Installed codename (eg, "buster")
-Unattended-Upgrade::Origins-Pattern {
- // Codename based matching:
- // This will follow the migration of a release through different
- // archives (e.g. from testing to stable and later oldstable).
- // Software will be the latest available for the named release,
- // but the Debian release itself will not be automatically upgraded.
-// "origin=Debian,codename=${distro_codename}-updates";
-// "origin=Debian,codename=${distro_codename}-proposed-updates";
- "origin=Debian,codename=${distro_codename},label=Debian";
- "origin=Debian,codename=${distro_codename},label=Debian-Security";
-
- // Archive or Suite based matching:
- // Note that this will silently match a different release after
- // migration to the specified archive (e.g. testing becomes the
- // new stable).
-// "o=Debian,a=stable";
-// "o=Debian,a=stable-updates";
-// "o=Debian,a=proposed-updates";
-// "o=Debian Backports,a=${distro_codename}-backports,l=Debian Backports";
-};
-
-// Python regular expressions, matching packages to exclude from upgrading
-Unattended-Upgrade::Package-Blacklist {
- // The following matches all packages starting with linux-
-// "linux-";
-
- // Use $ to explicitely define the end of a package name. Without
- // the $, "libc6" would match all of them.
-// "libc6$";
-// "libc6-dev$";
-// "libc6-i686$";
-
- // Special characters need escaping
-// "libstdc\+\+6$";
-
- // The following matches packages like xen-system-amd64, xen-utils-4.1,
- // xenstore-utils and libxenstore3.0
-// "(lib)?xen(store)?";
-
- // For more information about Python regular expressions, see
- // https://docs.python.org/3/howto/regex.html
-};
-
-// This option allows you to control if on a unclean dpkg exit
-// unattended-upgrades will automatically run
-// dpkg --force-confold --configure -a
-// The default is true, to ensure updates keep getting installed
-//Unattended-Upgrade::AutoFixInterruptedDpkg "true";
-
-// Split the upgrade into the smallest possible chunks so that
-// they can be interrupted with SIGTERM. This makes the upgrade
-// a bit slower but it has the benefit that shutdown while a upgrade
-// is running is possible (with a small delay)
-//Unattended-Upgrade::MinimalSteps "true";
-
-// Install all updates when the machine is shutting down
-// instead of doing it in the background while the machine is running.
-// This will (obviously) make shutdown slower.
-// Unattended-upgrades increases logind's InhibitDelayMaxSec to 30s.
-// This allows more time for unattended-upgrades to shut down gracefully
-// or even install a few packages in InstallOnShutdown mode, but is still a
-// big step back from the 30 minutes allowed for InstallOnShutdown previously.
-// Users enabling InstallOnShutdown mode are advised to increase
-// InhibitDelayMaxSec even further, possibly to 30 minutes.
-//Unattended-Upgrade::InstallOnShutdown "false";
-
-// Send email to this address for problems or packages upgrades
-// If empty or unset then no email is sent, make sure that you
-// have a working mail setup on your system. A package that provides
-// 'mailx' must be installed. E.g. "user@example.com"
-Unattended-Upgrade::Mail "paradise-unix@vstill.eu";
-
-// Set this value to "true" to get emails only on errors. Default
-// is to always send a mail if Unattended-Upgrade::Mail is set
-//Unattended-Upgrade::MailOnlyOnError "false";
-
-// Remove unused automatically installed kernel-related packages
-// (kernel images, kernel headers and kernel version locked tools).
-//Unattended-Upgrade::Remove-Unused-Kernel-Packages "true";
-
-// Do automatic removal of newly unused dependencies after the upgrade
-//Unattended-Upgrade::Remove-New-Unused-Dependencies "true";
-
-// Do automatic removal of unused packages after the upgrade
-// (equivalent to apt-get autoremove)
-//Unattended-Upgrade::Remove-Unused-Dependencies "false";
-
-// Automatically reboot *WITHOUT CONFIRMATION* if
-// the file /var/run/reboot-required is found after the upgrade
-//Unattended-Upgrade::Automatic-Reboot "false";
-
-// Automatically reboot even if there are users currently logged in
-// when Unattended-Upgrade::Automatic-Reboot is set to true
-//Unattended-Upgrade::Automatic-Reboot-WithUsers "true";
-
-// If automatic reboot is enabled and needed, reboot at the specific
-// time instead of immediately
-// Default: "now"
-//Unattended-Upgrade::Automatic-Reboot-Time "02:00";
-
-// Use apt bandwidth limit feature, this example limits the download
-// speed to 70kb/sec
-//Acquire::http::Dl-Limit "70";
-
-// Enable logging to syslog. Default is False
-// Unattended-Upgrade::SyslogEnable "false";
-
-// Specify syslog facility. Default is daemon
-// Unattended-Upgrade::SyslogFacility "daemon";
-
-// Download and install upgrades only on AC power
-// (i.e. skip or gracefully stop updates on battery)
-// Unattended-Upgrade::OnlyOnACPower "true";
-
-// Download and install upgrades only on non-metered connection
-// (i.e. skip or gracefully stop updates on a metered connection)
-// Unattended-Upgrade::Skip-Updates-On-Metered-Connections "true";
-
-// Verbose logging
-// Unattended-Upgrade::Verbose "false";
-
-// Print debugging information both in unattended-upgrades and
-// in unattended-upgrade-shutdown
-// Unattended-Upgrade::Debug "false";
diff --git a/conf/deb/etc/apt/preferences.d/30_prefer_stable b/conf/deb/etc/apt/preferences.d/30_prefer_stable
deleted file mode 100644
index d883b628e4f1f477311f21719eec0427905159af..0000000000000000000000000000000000000000
--- a/conf/deb/etc/apt/preferences.d/30_prefer_stable
+++ /dev/null
@@ -1,15 +0,0 @@
-Package: *
-Pin: release a=stable
-Pin-Priority: 900
-
-Package: *
-Pin: release a=oldstable
-Pin-Priority: 800
-
-Package: *
-Pin: release a=testing
-Pin-Priority: 600
-
-Package: *
-Pin: release a=sid
-Pin-Priority: 500
diff --git a/conf/deb/etc/apt/preferences.d/31_llvm b/conf/deb/etc/apt/preferences.d/31_llvm
deleted file mode 100644
index cdff7503f661ef205408c675709e0d008c9f232a..0000000000000000000000000000000000000000
--- a/conf/deb/etc/apt/preferences.d/31_llvm
+++ /dev/null
@@ -1,4 +0,0 @@
-Package: *
-Pin: origin "apt.llvm.org"
-Pin-Priority: 950
-
diff --git a/conf/deb/etc/apt/sources.list b/conf/deb/etc/apt/sources.list
deleted file mode 100644
index 8b137891791fe96927ad78e64b0aad7bded08bdc..0000000000000000000000000000000000000000
--- a/conf/deb/etc/apt/sources.list
+++ /dev/null
@@ -1 +0,0 @@
-
diff --git a/conf/deb/etc/apt/sources.list.d/ghc.list b/conf/deb/etc/apt/sources.list.d/ghc.list
deleted file mode 100644
index 86d7cc20564528db2e188ef6080b614cdeba994e..0000000000000000000000000000000000000000
--- a/conf/deb/etc/apt/sources.list.d/ghc.list
+++ /dev/null
@@ -1,2 +0,0 @@
-#@init: apt-key adv --keyserver keyserver.ubuntu.com --recv-keys BA3CBA3FFE22B574
-deb http://downloads.haskell.org/debian stretch main
diff --git a/conf/deb/etc/apt/sources.list.d/llvm-10.list b/conf/deb/etc/apt/sources.list.d/llvm-10.list
deleted file mode 100644
index 05c5d35a439fad47263b643c1d4bdb5891fd6b5d..0000000000000000000000000000000000000000
--- a/conf/deb/etc/apt/sources.list.d/llvm-10.list
+++ /dev/null
@@ -1,4 +0,0 @@
-deb http://apt.llvm.org/buster/ llvm-toolchain-buster-10 main
-deb-src http://apt.llvm.org/buster/ llvm-toolchain-buster-10 main
-
-# vim: ft=debsources
diff --git a/conf/deb/etc/apt/sources.list.d/llvm-9.list b/conf/deb/etc/apt/sources.list.d/llvm-9.list
deleted file mode 100644
index 4aa9da6a215d1784c7c15bd8fedc79c9a6832fd6..0000000000000000000000000000000000000000
--- a/conf/deb/etc/apt/sources.list.d/llvm-9.list
+++ /dev/null
@@ -1,4 +0,0 @@
-deb http://apt.llvm.org/buster/ llvm-toolchain-buster-9 main
-deb-src http://apt.llvm.org/buster/ llvm-toolchain-buster-9 main
-
-# vim: ft=debsources
diff --git a/conf/deb/etc/apt/sources.list.d/postgresql.list b/conf/deb/etc/apt/sources.list.d/postgresql.list
deleted file mode 100644
index 3b518d9043190492bccb58c1c2dd6b5b3178fe18..0000000000000000000000000000000000000000
--- a/conf/deb/etc/apt/sources.list.d/postgresql.list
+++ /dev/null
@@ -1 +0,0 @@
-deb http://apt.postgresql.org/pub/repos/apt buster-pgdg main
diff --git a/conf/deb/etc/apt/sources.list.d/stable.list b/conf/deb/etc/apt/sources.list.d/stable.list
deleted file mode 100644
index 42f9bf2d2adf2c5fd5e86938c50de87a453435d8..0000000000000000000000000000000000000000
--- a/conf/deb/etc/apt/sources.list.d/stable.list
+++ /dev/null
@@ -1,5 +0,0 @@
-deb http://ftp.fi.muni.cz/pub/linux/debian/ stable main contrib non-free
-deb-src http://ftp.fi.muni.cz/pub/linux/debian/ stable main contrib non-free
-
-deb http://security.debian.org/ stable/updates main contrib non-free
-deb-src http://security.debian.org/ stable/updates main contrib non-free
diff --git a/conf/deb/etc/apt/sources.list.d/unstable.list b/conf/deb/etc/apt/sources.list.d/unstable.list
deleted file mode 100644
index 9a184af3b87d438b3be7d553f379bd427ef29e81..0000000000000000000000000000000000000000
--- a/conf/deb/etc/apt/sources.list.d/unstable.list
+++ /dev/null
@@ -1,4 +0,0 @@
-deb http://ftp.fi.muni.cz/pub/linux/debian testing main contrib non-free
-deb http://ftp.fi.muni.cz/pub/linux/debian sid main contrib non-free
-
-# vim: ft=debsources
diff --git a/conf/eval-pv264/etc/krb5.conf b/conf/eval-pv264/etc/krb5.conf
deleted file mode 120000
index 4f47adbf7931fbb7e6bbf85e0f0681c694d7b4d9..0000000000000000000000000000000000000000
--- a/conf/eval-pv264/etc/krb5.conf
+++ /dev/null
@@ -1 +0,0 @@
-../../hesperia/etc/krb5.conf
\ No newline at end of file
diff --git a/conf/eval-pv264/etc/postfix/main.cf b/conf/eval-pv264/etc/postfix/main.cf
deleted file mode 100644
index 6bd02e8af0cec8d24c60cf481b3d3683cc46b0ce..0000000000000000000000000000000000000000
--- a/conf/eval-pv264/etc/postfix/main.cf
+++ /dev/null
@@ -1,45 +0,0 @@
-# See /usr/share/postfix/main.cf.dist for a commented, more complete version
-
-
-# Debian specific: Specifying a file name will cause the first
-# line of that file to be used as the name. The Debian default
-# is /etc/mailname.
-#myorigin = /etc/mailname
-
-smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
-biff = no
-
-# appending .domain is the MUA's job.
-append_dot_mydomain = no
-
-# Uncomment the next line to generate "delayed mail" warnings
-#delay_warning_time = 4h
-
-readme_directory = no
-
-# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
-# fresh installs.
-compatibility_level = 2
-
-# TLS parameters
-smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
-smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
-smtpd_use_tls=yes
-smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
-smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
-
-# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
-# information on enabling SSL in the smtp client.
-
-smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
-myhostname = eval-pv264.fi.muni.cz
-alias_maps = hash:/etc/aliases
-alias_database = hash:/etc/aliases
-myorigin = /etc/mailname
-mydestination = $myhostname, eval-pv264.fi.muni.cz, localhost.fi.muni.cz, localhost
-relayhost = [relay.fi.muni.cz]
-mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
-mailbox_size_limit = 0
-recipient_delimiter = +
-inet_interfaces = all
-inet_protocols = all
diff --git a/conf/graphical/etc/sddm.conf b/conf/graphical/etc/sddm.conf
deleted file mode 100644
index fbbd69e973fc5a78b63047f5ff102cfb5706d08a..0000000000000000000000000000000000000000
--- a/conf/graphical/etc/sddm.conf
+++ /dev/null
@@ -1,105 +0,0 @@
-[Autologin]
-# Autologin again on session exit
-Relogin=false
-
-# Autologin session
-Session=
-
-# Autologin user
-User=
-
-
-[General]
-# Halt command
-HaltCommand=/usr/bin/systemctl poweroff
-
-# Initial NumLock state
-# Valid values: on|off|none
-# If property is set to none, numlock won't be changed
-Numlock=none
-
-# Reboot command
-RebootCommand=/usr/bin/systemctl reboot
-
-
-[Theme]
-# Current theme name
-Current=circles
-
-# Cursor theme
-CursorTheme=
-
-# Face icon directory
-# The files should be in username.face.icon format
-FacesDir=/usr/share/sddm/faces
-
-# Theme directory path
-ThemeDir=/usr/share/sddm/themes
-
-
-[Users]
-# Default $PATH
-DefaultPath=/bin:/usr/bin:/usr/local/bin
-
-# Hidden shells
-# Users with these shells as their default won't be listed
-HideShells=
-
-# Hidden users
-HideUsers=
-
-# Maximum user id for displayed users
-MaximumUid=60000
-
-# Minimum user id for displayed users
-MinimumUid=1000
-
-# Remember the session of the last successfully logged in user
-RememberLastSession=true
-
-# Remember the last successfully logged in user
-RememberLastUser=true
-
-
-[WaylandDisplay]
-# Wayland session script path
-# A script to execute when starting the desktop session
-SessionCommand=/usr/share/sddm/scripts/wayland-session
-
-# Session description directory
-SessionDir=/usr/share/wayland-sessions
-
-
-[XDisplay]
-# Xsetup script path
-# A script to execute when starting the display server
-DisplayCommand=/usr/share/sddm/scripts/Xsetup
-
-# Xstop script path
-# A script to execute when stopping the display server
-DisplayStopCommand=/usr/share/sddm/scripts/Xstop
-
-# Minimum VT
-# The lowest virtual terminal number that will be used.
-MinimumVT=1
-
-# X server arguments
-ServerArguments=-nolisten tcp
-
-# X server path
-ServerPath=/usr/bin/X
-
-# Xsession script path
-# A script to execute when starting the desktop session
-SessionCommand=/usr/share/sddm/scripts/Xsession
-
-# Session description directory
-SessionDir=/usr/share/xsessions
-
-# Xauth path
-XauthPath=/usr/bin/xauth
-
-# Xephyr path
-XephyrPath=/usr/bin/Xephyr
-
-
diff --git a/conf/hesperia/etc/krb5.conf b/conf/hesperia/etc/krb5.conf
deleted file mode 100644
index 60892c12f76b242e80c74e758e3b9519a76a213a..0000000000000000000000000000000000000000
--- a/conf/hesperia/etc/krb5.conf
+++ /dev/null
@@ -1,25 +0,0 @@
-[libdefaults]
- default_realm = "FI.MUNI.CZ"
- encrypt = true
-
-[realms]
- FI.MUNI.CZ = {
- kdc = krb.fi.muni.cz
- kdc = krb1.fi.muni.cz
- admin_server = krb.fi.muni.cz
- }
-
-[domain_realm]
- .fi.muni.cz = FI.MUNI.CZ
- fi.muni.cz = FI.MUNI.CZ
-
-
-[appdefaults]
- pam = {
- debug = false
- ticket_lifetime = 36000
- renew_lifetime = 36000
- max_timeout = 30
- timeout_shift = 2
- initial_timeout = 1
- }
diff --git a/conf/hesperia/etc/nginx.conf b/conf/hesperia/etc/nginx.conf
deleted file mode 100644
index 534c29669a5d8a9c876f1cf0a580232d827cc46f..0000000000000000000000000000000000000000
--- a/conf/hesperia/etc/nginx.conf
+++ /dev/null
@@ -1,222 +0,0 @@
-user nginx;
-worker_processes 1;
-
-load_module /usr/lib/nginx/modules/ngx_http_auth_pam_module.so;
-
-events {
- worker_connections 1024;
-}
-
-
-http {
- include mime.types;
- default_type application/octet-stream;
-
- sendfile on;
- #tcp_nopush on;
-
- #keepalive_timeout 0;
- keepalive_timeout 65;
-
- #gzip on;
-
- # set plaintext data to UTF-8
- charset utf-8;
- charset_types text/html text/xml text/plain text/vnd.wap.wml application/javascript application/rss+xml;
-
- # ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:!ADH:!AECDH:!MD5";
- ssl_ciphers HIGH:!CBC:!aNULL:!MD5;
- ssl_protocols TLSv1.2 TLSv1.3;
- ssl_prefer_server_ciphers on;
- ssl_session_cache shared:SSL:10m;
- ssl_session_timeout 180m;
- ssl_dhparam /etc/nginx/ssl-dhparam.pem;
- add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
- add_header X-Frame-Options DENY;
- add_header X-Content-Type-Options nosniff;
- ssl_session_tickets off;
- ssl_stapling on;
- ssl_stapling_verify on;
- # resolver 8.8.8.8 8.8.4.4 valid=300s; # Google DNS Servers
- # resolver_timeout 5s;
- resolver 147.251.48.3;
- ssl_certificate /etc/nginx/ssl-hesperia-chain.pem;
- ssl_certificate_key /etc/secret/hesperia.fi.muni.cz.key;
-
- upstream exprtest {
- server unix:/run/www/exprtest.sock;
- server 127.0.0.1:8080 backup;
- }
-
- server {
- listen 80 default_server;
- listen 443 ssl default_server;
- server_name hesperia hesperia.fi.muni.cz;
-
- proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504 non_idempotent;
-
- location / {
- alias /srv/www/public/;
- index index.html index.cgi;
-
- location ~ ^/(.*).cgi$ {
- root /srv/www/public;
- fastcgi_index index.cgi;
- fastcgi_pass unix:/run/fcgiwrap.socket;
- fastcgi_param SCRIPT_FILENAME /srv/www/public/$1.cgi;
- include /etc/nginx/fastcgi_params;
- }
- }
-
- location /is {
- allow 127.0.0.1; # allow localhost
- allow 147.251.49.0/24; # allow is
- deny all; # deny everyone else
- proxy_pass http://exprtest/is;
- }
-
- location /internal {
- allow 127.0.0.1; # allow localhost
- deny all; # deny everyone else
- proxy_pass http://exprtest/internal;
- }
-
- location /hint {
- proxy_pass http://exprtest/hint;
- }
-
- location /admin/ {
- if ($scheme != https) {
- rewrite ^/(.*) https://hesperia.fi.muni.cz/$1 redirect;
- }
- auth_pam "Hepseria admin: use FI login & password";
- auth_pam_service_name "nginx_logs";
- rewrite /admin/(.*) /admin/$remote_user/$1 break;
- proxy_pass http://exprtest;
- proxy_set_header X-Auth-User $remote_user;
- proxy_set_header X-Real-IP $remote_addr;
- }
-
- location /update-qdir {
- root /usr/lib/cgi-bin;
- fastcgi_pass unix:/run/fcgiwrap.socket;
- fastcgi_param SCRIPT_FILENAME /usr/lib/cgi-bin/update-qdir.sh;
- include /etc/nginx/fastcgi_params;
- }
-
- location /los/2018/jednoducha {
- if ($scheme != https) {
- rewrite ^/(.*) https://hesperia.fi.muni.cz/$1 redirect;
- }
- auth_basic "Zadejte udaje ze zadani";
- auth_basic_user_file /var/lib/checker/qdir/interlos2018/data-orig/P1-jednoducha/htpasswd;
- alias /var/lib/checker/qdir/interlos2018/data-orig/P1-jednoducha;
- index index.html;
- location /los/2018/jednoducha/submit {
- root /usr/lib/cgi-bin; ##
- fastcgi_pass unix:/run/fcgiwrap.socket;
- fastcgi_param SCRIPT_FILENAME /usr/lib/cgi-bin/test-is.pl;
- include /etc/nginx/fastcgi_params;
- }
- }
-
- location /collector {
- if ($scheme != https) {
- rewrite ^/(.*) https://hesperia.fi.muni.cz/$1 redirect;
- }
- location /collector/pv264 {
- include uwsgi_params;
- uwsgi_pass unix:/run/uwsgi/collector/pv264.socket;
- }
- }
-
- location ~ /logs/([^/]*)/_handler {
- if ($scheme != https) {
- rewrite ^/(.*) https://hesperia.fi.muni.cz/$1 redirect;
- }
- include uwsgi_params;
- uwsgi_param AUTH_USER $remote_user;
- uwsgi_param LOG_COURSE $1;
- uwsgi_pass unix:/run/uwsgi/logs/$1.socket;
-
- auth_pam "$1 logs: use FI login & password";
- auth_pam_service_name "nginx_logs";
- }
-
- location ~ /logs/([^/]*)/ {
- if ($scheme != https) {
- rewrite ^/(.*) https://hesperia.fi.muni.cz/$1 redirect;
- }
- alias /home/$1/logs/$remote_user/;
- auth_pam "$1 logs: use FI login & password";
- auth_pam_service_name "nginx_logs";
- default_type text/pain;
-
- autoindex off;
- error_page 404 403 /logs/$1/_handler;
- index /logs/$1/_handler;
- }
-
- #error_page 404 /404.html;
-
- # redirect server error pages to the static page /50x.html
- #
- # error_page 500 502 503 504 /50x.html;
- # location = /50x.html {
- # root /usr/share/nginx/html;
- # }
-
- location /support {
- alias /home/checker/hsExprTest/src/support;
- }
-
- location /auth {
- alias /srv/www/auth/;
- index index.html index.cgi;
- if ($scheme != https) {
- rewrite ^/(.*) https://hesperia.fi.muni.cz/$1 redirect;
- }
- auth_pam "Checker authorized section (FI login)";
- auth_pam_service_name "nginx";
-
- location ~ ^/auth/(.*).cgi$ {
- root /srv/www/auth;
- fastcgi_index index.cgi;
- fastcgi_pass unix:/run/fcgiwrap.socket;
- fastcgi_param SCRIPT_FILENAME /srv/www/auth/$1.cgi;
- fastcgi_param AUTH_USER_NAME $remote_user;
- include /etc/nginx/fastcgi_params;
- }
- }
-
- location /los/2017/miby {
- if ($scheme != https) {
- rewrite ^/(.*) https://hesperia.fi.muni.cz/$1 redirect;
- }
- proxy_pass http://127.0.0.1:3001/;
- proxy_set_header Host $host;
- }
- ssl_certificate /etc/letsencrypt/live/fja.fi.muni.cz/fullchain.pem; # managed by Certbot
- ssl_certificate_key /etc/letsencrypt/live/fja.fi.muni.cz/privkey.pem; # managed by Certbot
-
-}
-
- server {
- listen 80;
- listen 443 ssl;
- server_name fja fja.fi.muni.cz;
-
- if ($scheme != https) {
- rewrite ^/(.*) https://fja.fi.muni.cz/$1 redirect;
- }
-
- location / { try_files $uri @main; }
- location @main {
- include uwsgi_params;
- uwsgi_pass unix:/run/uwsgi/fjaweb.socket;
- }
- ssl_certificate /etc/letsencrypt/live/fja.fi.muni.cz/fullchain.pem; # managed by Certbot
- ssl_certificate_key /etc/letsencrypt/live/fja.fi.muni.cz/privkey.pem; # managed by Certbot
-
-}
-}
diff --git a/conf/hesperia/etc/postfix/main.cf b/conf/hesperia/etc/postfix/main.cf
deleted file mode 100644
index a9f803e8d5f04dc6bf16ca7ce471dda8461ce039..0000000000000000000000000000000000000000
--- a/conf/hesperia/etc/postfix/main.cf
+++ /dev/null
@@ -1,45 +0,0 @@
-# See /usr/share/postfix/main.cf.dist for a commented, more complete version
-
-
-# Debian specific: Specifying a file name will cause the first
-# line of that file to be used as the name. The Debian default
-# is /etc/mailname.
-#myorigin = /etc/mailname
-
-smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
-biff = no
-
-# appending .domain is the MUA's job.
-append_dot_mydomain = no
-
-# Uncomment the next line to generate "delayed mail" warnings
-#delay_warning_time = 4h
-
-readme_directory = no
-
-# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
-# fresh installs.
-compatibility_level = 2
-
-# TLS parameters
-smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
-smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
-smtpd_use_tls=yes
-smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
-smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
-
-# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
-# information on enabling SSL in the smtp client.
-
-smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
-myhostname = hesperia.fi.muni.cz
-alias_maps = hash:/etc/aliases
-alias_database = hash:/etc/aliases
-myorigin = /etc/mailname
-mydestination = $myhostname, hesperia.fi.muni.cz, localhost.fi.muni.cz, localhost
-relayhost = [relay.fi.muni.cz]
-mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
-mailbox_size_limit = 0
-recipient_delimiter = +
-inet_interfaces = all
-inet_protocols = all
diff --git a/conf/pheme/etc/default/grub b/conf/pheme/etc/default/grub
deleted file mode 100644
index ed0b9755a329ec82984c89aec3e04e35782500d1..0000000000000000000000000000000000000000
--- a/conf/pheme/etc/default/grub
+++ /dev/null
@@ -1,50 +0,0 @@
-GRUB_DEFAULT=0
-GRUB_TIMEOUT=5
-GRUB_DISTRIBUTOR="Arch"
-GRUB_CMDLINE_LINUX_DEFAULT="quiet console=tty0 console=ttyS1,9600n8"
-GRUB_CMDLINE_LINUX=""
-
-# Preload both GPT and MBR modules so that they are not missed
-GRUB_PRELOAD_MODULES="part_gpt part_msdos"
-
-# Uncomment to enable Hidden Menu, and optionally hide the timeout count
-#GRUB_HIDDEN_TIMEOUT=5
-#GRUB_HIDDEN_TIMEOUT_QUIET=true
-
-## Serial console
-GRUB_SERIAL_COMMAND="serial --speed=9600 --unit=1"
-
-# Uncomment to use basic console
-GRUB_TERMINAL_INPUT="console serial"
-
-# Uncomment to disable graphical terminal
-GRUB_TERMINAL_OUTPUT="console serial"
-
-# The resolution used on graphical terminal
-# note that you can use only modes which your graphic card supports via VBE
-# you can see them in real GRUB with the command `vbeinfo'
-GRUB_GFXMODE=auto
-
-# Uncomment to allow the kernel use the same resolution used by grub
-GRUB_GFXPAYLOAD_LINUX=keep
-
-# Uncomment if you want GRUB to pass to the Linux kernel the old parameter
-# format "root=/dev/xxx" instead of "root=/dev/disk/by-uuid/xxx"
-#GRUB_DISABLE_LINUX_UUID=true
-
-# Uncomment to disable generation of recovery mode menu entries
-GRUB_DISABLE_RECOVERY=true
-
-# Uncomment and set to the desired menu colors. Used by normal and wallpaper
-# modes only. Entries specified as foreground/background.
-#GRUB_COLOR_NORMAL="light-blue/black"
-#GRUB_COLOR_HIGHLIGHT="light-cyan/blue"
-
-# Uncomment one of them for the gfx desired, a image background or a gfxtheme
-#GRUB_BACKGROUND="/path/to/wallpaper"
-#GRUB_THEME="/path/to/gfxtheme"
-
-# Uncomment to get a beep at GRUB start
-#GRUB_INIT_TUNE="480 440 1"
-
-#GRUB_SAVEDEFAULT="true"
diff --git a/conf/pheme/etc/fstab b/conf/pheme/etc/fstab
deleted file mode 100644
index b8a495ddf83f59c02fbc680a41cd2e4827be92dd..0000000000000000000000000000000000000000
--- a/conf/pheme/etc/fstab
+++ /dev/null
@@ -1,16 +0,0 @@
-#
-# /etc/fstab: static file system information
-#
-# <file system> <dir> <type> <options> <dump> <pass>
-# /dev/sda2 LABEL=arch
-LABEL=arch / btrfs rw,relatime,space_cache,subvolid=257,subvol=/arch,subvol=arch 0 0
-
-pandora01:/home /home nfs noauto,vers=3,x-systemd.automount,x-systemd.requires=wait-server@pandora01.service,timeo=14 0 0
-pandora01:/backup /backup nfs noauto,vers=3,x-systemd.automount,x-systemd.requires=wait-server@pandora01.service,ro,timeo=14 0 0
-anna:/srv/builds /srv/builds nfs noauto,vers=3,x-systemd.automount,x-systemd.requires=wait-server@anna.service,timeo=14 0 0
-
-arke:/var/obj /var/obj nfs noauto,vers=3,x-systemd.automount,x-systemd.requires=wait-server@arke.service,timeo=14 0 0
-arke:/srv/bench /srv/bench nfs noauto,vers=3,x-systemd.automount,x-systemd.requires=wait-server@arke.service,timeo=14 0 0
-
-LABEL=archswap none swap defaults 0 0
-
diff --git a/conf/server/etc/conf.d/nfs-server.conf b/conf/server/etc/conf.d/nfs-server.conf
deleted file mode 100644
index dcbef5f9162c37744b1cdbb5ded861c25025b449..0000000000000000000000000000000000000000
--- a/conf/server/etc/conf.d/nfs-server.conf
+++ /dev/null
@@ -1,20 +0,0 @@
-# Parameters to be passed to nfs systemd server services
-#
-
-# Options to pass to rpc.nfsd.
-# See rpc.nfsd(8) for more details.
-NFSD_OPTS="-N 2 2"
-
-# ports for NFSv3 statd and lockd
-STATD_OPTS="-p 32765 -o 32766 -T 32803"
-
-# Options for rpc.mountd.
-# If you have a port-based firewall, you might want to set up
-# a fixed port here using the --port option.
-# See rpc.mountd(8) for more details.
-MOUNTD_OPTS="-p 20048"
-#MOUNTD_OPTS=""
-
-# Options to pass to rpc.svcgssd.
-# See rpc.svcgssd(8) for more details.
-SVCGSSD_OPTS=""
diff --git a/conf/server/etc/postfix/main.cf b/conf/server/etc/postfix/main.cf
deleted file mode 100644
index 51bba6c7115b3f7a42da07c28aa23fd9abaeee37..0000000000000000000000000000000000000000
--- a/conf/server/etc/postfix/main.cf
+++ /dev/null
@@ -1,682 +0,0 @@
-# Global Postfix configuration file. This file lists only a subset
-# of all parameters. For the syntax, and for a complete parameter
-# list, see the postconf(5) manual page (command: "man 5 postconf").
-#
-# For common configuration examples, see BASIC_CONFIGURATION_README
-# and STANDARD_CONFIGURATION_README. To find these documents, use
-# the command "postconf html_directory readme_directory", or go to
-# http://www.postfix.org/BASIC_CONFIGURATION_README.html etc.
-#
-# For best results, change no more than 2-3 parameters at a time,
-# and test if Postfix still works after every change.
-
-# COMPATIBILITY
-#
-# The compatibility_level determines what default settings Postfix
-# will use for main.cf and master.cf settings. These defaults will
-# change over time.
-#
-# To avoid breaking things, Postfix will use backwards-compatible
-# default settings and log where it uses those old backwards-compatible
-# default settings, until the system administrator has determined
-# if any backwards-compatible default settings need to be made
-# permanent in main.cf or master.cf.
-#
-# When this review is complete, update the compatibility_level setting
-# below as recommended in the RELEASE_NOTES file.
-#
-# The level below is what should be used with new (not upgrade) installs.
-#
-compatibility_level = 2
-
-# SOFT BOUNCE
-#
-# The soft_bounce parameter provides a limited safety net for
-# testing. When soft_bounce is enabled, mail will remain queued that
-# would otherwise bounce. This parameter disables locally-generated
-# bounces, and prevents the SMTP server from rejecting mail permanently
-# (by changing 5xx replies into 4xx replies). However, soft_bounce
-# is no cure for address rewriting mistakes or mail routing mistakes.
-#
-#soft_bounce = no
-
-# LOCAL PATHNAME INFORMATION
-#
-# The queue_directory specifies the location of the Postfix queue.
-# This is also the root directory of Postfix daemons that run chrooted.
-# See the files in examples/chroot-setup for setting up Postfix chroot
-# environments on different UNIX systems.
-#
-queue_directory = /var/spool/postfix
-
-# The command_directory parameter specifies the location of all
-# postXXX commands.
-#
-command_directory = /usr/bin
-
-# The daemon_directory parameter specifies the location of all Postfix
-# daemon programs (i.e. programs listed in the master.cf file). This
-# directory must be owned by root.
-#
-daemon_directory = /usr/lib/postfix/bin
-
-# The data_directory parameter specifies the location of Postfix-writable
-# data files (caches, random numbers). This directory must be owned
-# by the mail_owner account (see below).
-#
-data_directory = /var/lib/postfix
-
-# QUEUE AND PROCESS OWNERSHIP
-#
-# The mail_owner parameter specifies the owner of the Postfix queue
-# and of most Postfix daemon processes. Specify the name of a user
-# account THAT DOES NOT SHARE ITS USER OR GROUP ID WITH OTHER ACCOUNTS
-# AND THAT OWNS NO OTHER FILES OR PROCESSES ON THE SYSTEM. In
-# particular, don't specify nobody or daemon. PLEASE USE A DEDICATED
-# USER.
-#
-mail_owner = postfix
-
-# The default_privs parameter specifies the default rights used by
-# the local delivery agent for delivery to external file or command.
-# These rights are used in the absence of a recipient user context.
-# DO NOT SPECIFY A PRIVILEGED USER OR THE POSTFIX OWNER.
-#
-default_privs = nobody
-
-# INTERNET HOST AND DOMAIN NAMES
-#
-# The myhostname parameter specifies the internet hostname of this
-# mail system. The default is to use the fully-qualified domain name
-# from gethostname(). $myhostname is used as a default value for many
-# other configuration parameters.
-#
-#myhostname = host.domain.tld
-#myhostname = virtual.domain.tld
-
-# The mydomain parameter specifies the local internet domain name.
-# The default is to use $myhostname minus the first component.
-# $mydomain is used as a default value for many other configuration
-# parameters.
-#
-mydomain = fi.muni.cz
-
-# SENDING MAIL
-#
-# The myorigin parameter specifies the domain that locally-posted
-# mail appears to come from. The default is to append $myhostname,
-# which is fine for small sites. If you run a domain with multiple
-# machines, you should (1) change this to $mydomain and (2) set up
-# a domain-wide alias database that aliases each user to
-# user@that.users.mailhost.
-#
-# For the sake of consistency between sender and recipient addresses,
-# myorigin also specifies the default domain name that is appended
-# to recipient addresses that have no @domain part.
-#
-#myorigin = $myhostname
-#myorigin = $mydomain
-
-# RECEIVING MAIL
-
-# The inet_interfaces parameter specifies the network interface
-# addresses that this mail system receives mail on. By default,
-# the software claims all active interfaces on the machine. The
-# parameter also controls delivery of mail to user@[ip.address].
-#
-# See also the proxy_interfaces parameter, for network addresses that
-# are forwarded to us via a proxy or network address translator.
-#
-# Note: you need to stop/start Postfix when this parameter changes.
-#
-#inet_interfaces = all
-#inet_interfaces = $myhostname
-#inet_interfaces = $myhostname, localhost
-
-# The proxy_interfaces parameter specifies the network interface
-# addresses that this mail system receives mail on by way of a
-# proxy or network address translation unit. This setting extends
-# the address list specified with the inet_interfaces parameter.
-#
-# You must specify your proxy/NAT addresses when your system is a
-# backup MX host for other domains, otherwise mail delivery loops
-# will happen when the primary MX host is down.
-#
-#proxy_interfaces =
-#proxy_interfaces = 1.2.3.4
-
-# The mydestination parameter specifies the list of domains that this
-# machine considers itself the final destination for.
-#
-# These domains are routed to the delivery agent specified with the
-# local_transport parameter setting. By default, that is the UNIX
-# compatible delivery agent that lookups all recipients in /etc/passwd
-# and /etc/aliases or their equivalent.
-#
-# The default is $myhostname + localhost.$mydomain + localhost. On
-# a mail domain gateway, you should also include $mydomain.
-#
-# Do not specify the names of virtual domains - those domains are
-# specified elsewhere (see VIRTUAL_README).
-#
-# Do not specify the names of domains that this machine is backup MX
-# host for. Specify those names via the relay_domains settings for
-# the SMTP server, or use permit_mx_backup if you are lazy (see
-# STANDARD_CONFIGURATION_README).
-#
-# The local machine is always the final destination for mail addressed
-# to user@[the.net.work.address] of an interface that the mail system
-# receives mail on (see the inet_interfaces parameter).
-#
-# Specify a list of host or domain names, /file/name or type:table
-# patterns, separated by commas and/or whitespace. A /file/name
-# pattern is replaced by its contents; a type:table is matched when
-# a name matches a lookup key (the right-hand side is ignored).
-# Continue long lines by starting the next line with whitespace.
-#
-# See also below, section "REJECTING MAIL FOR UNKNOWN LOCAL USERS".
-#
-#mydestination = $myhostname, localhost.$mydomain, localhost
-#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
-#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,
-# mail.$mydomain, www.$mydomain, ftp.$mydomain
-
-# REJECTING MAIL FOR UNKNOWN LOCAL USERS
-#
-# The local_recipient_maps parameter specifies optional lookup tables
-# with all names or addresses of users that are local with respect
-# to $mydestination, $inet_interfaces or $proxy_interfaces.
-#
-# If this parameter is defined, then the SMTP server will reject
-# mail for unknown local users. This parameter is defined by default.
-#
-# To turn off local recipient checking in the SMTP server, specify
-# local_recipient_maps = (i.e. empty).
-#
-# The default setting assumes that you use the default Postfix local
-# delivery agent for local delivery. You need to update the
-# local_recipient_maps setting if:
-#
-# - You define $mydestination domain recipients in files other than
-# /etc/passwd, /etc/aliases, or the $virtual_alias_maps files.
-# For example, you define $mydestination domain recipients in
-# the $virtual_mailbox_maps files.
-#
-# - You redefine the local delivery agent in master.cf.
-#
-# - You redefine the "local_transport" setting in main.cf.
-#
-# - You use the "luser_relay", "mailbox_transport", or "fallback_transport"
-# feature of the Postfix local delivery agent (see local(8)).
-#
-# Details are described in the LOCAL_RECIPIENT_README file.
-#
-# Beware: if the Postfix SMTP server runs chrooted, you probably have
-# to access the passwd file via the proxymap service, in order to
-# overcome chroot restrictions. The alternative, having a copy of
-# the system passwd file in the chroot jail is just not practical.
-#
-# The right-hand side of the lookup tables is conveniently ignored.
-# In the left-hand side, specify a bare username, an @domain.tld
-# wild-card, or specify a user@domain.tld address.
-#
-#local_recipient_maps = unix:passwd.byname $alias_maps
-#local_recipient_maps = proxy:unix:passwd.byname $alias_maps
-local_recipient_maps =
-
-# The unknown_local_recipient_reject_code specifies the SMTP server
-# response code when a recipient domain matches $mydestination or
-# ${proxy,inet}_interfaces, while $local_recipient_maps is non-empty
-# and the recipient address or address local-part is not found.
-#
-# The default setting is 550 (reject mail) but it is safer to start
-# with 450 (try again later) until you are certain that your
-# local_recipient_maps settings are OK.
-#
-unknown_local_recipient_reject_code = 550
-
-# TRUST AND RELAY CONTROL
-
-# The mynetworks parameter specifies the list of "trusted" SMTP
-# clients that have more privileges than "strangers".
-#
-# In particular, "trusted" SMTP clients are allowed to relay mail
-# through Postfix. See the smtpd_recipient_restrictions parameter
-# in postconf(5).
-#
-# You can specify the list of "trusted" network addresses by hand
-# or you can let Postfix do it for you (which is the default).
-#
-# By default (mynetworks_style = subnet), Postfix "trusts" SMTP
-# clients in the same IP subnetworks as the local machine.
-# On Linux, this does works correctly only with interfaces specified
-# with the "ifconfig" command.
-#
-# Specify "mynetworks_style = class" when Postfix should "trust" SMTP
-# clients in the same IP class A/B/C networks as the local machine.
-# Don't do this with a dialup site - it would cause Postfix to "trust"
-# your entire provider's network. Instead, specify an explicit
-# mynetworks list by hand, as described below.
-#
-# Specify "mynetworks_style = host" when Postfix should "trust"
-# only the local machine.
-#
-#mynetworks_style = class
-#mynetworks_style = subnet
-#mynetworks_style = host
-
-# Alternatively, you can specify the mynetworks list by hand, in
-# which case Postfix ignores the mynetworks_style setting.
-#
-# Specify an explicit list of network/netmask patterns, where the
-# mask specifies the number of bits in the network part of a host
-# address.
-#
-# You can also specify the absolute pathname of a pattern file instead
-# of listing the patterns here. Specify type:table for table-based lookups
-# (the value on the table right-hand side is not used).
-#
-#mynetworks = 168.100.189.0/28, 127.0.0.0/8
-#mynetworks = $config_directory/mynetworks
-#mynetworks = hash:/etc/postfix/network_table
-mynetworks = 192.168.0.0/24 192.168.1.0/24
-
-# The relay_domains parameter restricts what destinations this system will
-# relay mail to. See the smtpd_recipient_restrictions description in
-# postconf(5) for detailed information.
-#
-# By default, Postfix relays mail
-# - from "trusted" clients (IP address matches $mynetworks) to any destination,
-# - from "untrusted" clients to destinations that match $relay_domains or
-# subdomains thereof, except addresses with sender-specified routing.
-# The default relay_domains value is $mydestination.
-#
-# In addition to the above, the Postfix SMTP server by default accepts mail
-# that Postfix is final destination for:
-# - destinations that match $inet_interfaces or $proxy_interfaces,
-# - destinations that match $mydestination
-# - destinations that match $virtual_alias_domains,
-# - destinations that match $virtual_mailbox_domains.
-# These destinations do not need to be listed in $relay_domains.
-#
-# Specify a list of hosts or domains, /file/name patterns or type:name
-# lookup tables, separated by commas and/or whitespace. Continue
-# long lines by starting the next line with whitespace. A file name
-# is replaced by its contents; a type:name table is matched when a
-# (parent) domain appears as lookup key.
-#
-# NOTE: Postfix will not automatically forward mail for domains that
-# list this system as their primary or backup MX host. See the
-# permit_mx_backup restriction description in postconf(5).
-#
-#relay_domains = $mydestination
-
-# INTERNET OR INTRANET
-
-# The relayhost parameter specifies the default host to send mail to
-# when no entry is matched in the optional transport(5) table. When
-# no relayhost is given, mail is routed directly to the destination.
-#
-# On an intranet, specify the organizational domain name. If your
-# internal DNS uses no MX records, specify the name of the intranet
-# gateway host instead.
-#
-# In the case of SMTP, specify a domain, host, host:port, [host]:port,
-# [address] or [address]:port; the form [host] turns off MX lookups.
-#
-# If you're connected via UUCP, see also the default_transport parameter.
-#
-#relayhost = $mydomain
-#relayhost = [gateway.my.domain]
-#relayhost = [mailserver.isp.tld]
-#relayhost = uucphost
-#relayhost = [an.ip.add.ress]
-relayhost = [relay.fi.muni.cz]
-
-# REJECTING UNKNOWN RELAY USERS
-#
-# The relay_recipient_maps parameter specifies optional lookup tables
-# with all addresses in the domains that match $relay_domains.
-#
-# If this parameter is defined, then the SMTP server will reject
-# mail for unknown relay users. This feature is off by default.
-#
-# The right-hand side of the lookup tables is conveniently ignored.
-# In the left-hand side, specify an @domain.tld wild-card, or specify
-# a user@domain.tld address.
-#
-#relay_recipient_maps = hash:/etc/postfix/relay_recipients
-
-# INPUT RATE CONTROL
-#
-# The in_flow_delay configuration parameter implements mail input
-# flow control. This feature is turned on by default, although it
-# still needs further development (it's disabled on SCO UNIX due
-# to an SCO bug).
-#
-# A Postfix process will pause for $in_flow_delay seconds before
-# accepting a new message, when the message arrival rate exceeds the
-# message delivery rate. With the default 100 SMTP server process
-# limit, this limits the mail inflow to 100 messages a second more
-# than the number of messages delivered per second.
-#
-# Specify 0 to disable the feature. Valid delays are 0..10.
-#
-#in_flow_delay = 1s
-
-# ADDRESS REWRITING
-#
-# The ADDRESS_REWRITING_README document gives information about
-# address masquerading or other forms of address rewriting including
-# username->Firstname.Lastname mapping.
-
-# ADDRESS REDIRECTION (VIRTUAL DOMAIN)
-#
-# The VIRTUAL_README document gives information about the many forms
-# of domain hosting that Postfix supports.
-
-# "USER HAS MOVED" BOUNCE MESSAGES
-#
-# See the discussion in the ADDRESS_REWRITING_README document.
-
-# TRANSPORT MAP
-#
-# See the discussion in the ADDRESS_REWRITING_README document.
-
-# ALIAS DATABASE
-#
-# The alias_maps parameter specifies the list of alias databases used
-# by the local delivery agent. The default list is system dependent.
-#
-# On systems with NIS, the default is to search the local alias
-# database, then the NIS alias database. See aliases(5) for syntax
-# details.
-#
-# If you change the alias database, run "postalias /etc/aliases" (or
-# wherever your system stores the mail alias file), or simply run
-# "newaliases" to build the necessary DBM or DB file.
-#
-# It will take a minute or so before changes become visible. Use
-# "postfix reload" to eliminate the delay.
-#
-#alias_maps = dbm:/etc/aliases
-#alias_maps = hash:/etc/aliases
-#alias_maps = hash:/etc/aliases, nis:mail.aliases
-#alias_maps = netinfo:/aliases
-alias_maps = hash:/etc/postfix/aliases
-
-# The alias_database parameter specifies the alias database(s) that
-# are built with "newaliases" or "sendmail -bi". This is a separate
-# configuration parameter, because alias_maps (see above) may specify
-# tables that are not necessarily all under control by Postfix.
-#
-#alias_database = dbm:/etc/aliases
-#alias_database = dbm:/etc/mail/aliases
-#alias_database = hash:/etc/aliases
-#alias_database = hash:/etc/aliases, hash:/opt/majordomo/aliases
-alias_database = $alias_maps
-
-# ADDRESS EXTENSIONS (e.g., user+foo)
-#
-# The recipient_delimiter parameter specifies the separator between
-# user names and address extensions (user+foo). See canonical(5),
-# local(8), relocated(5) and virtual(5) for the effects this has on
-# aliases, canonical, virtual, relocated and .forward file lookups.
-# Basically, the software tries user+foo and .forward+foo before
-# trying user and .forward.
-#
-#recipient_delimiter = +
-
-# DELIVERY TO MAILBOX
-#
-# The home_mailbox parameter specifies the optional pathname of a
-# mailbox file relative to a user's home directory. The default
-# mailbox file is /var/spool/mail/user or /var/mail/user. Specify
-# "Maildir/" for qmail-style delivery (the / is required).
-#
-#home_mailbox = Mailbox
-#home_mailbox = Maildir/
-
-# The mail_spool_directory parameter specifies the directory where
-# UNIX-style mailboxes are kept. The default setting depends on the
-# system type.
-#
-#mail_spool_directory = /var/mail
-mail_spool_directory = /var/spool/mail
-
-# The mailbox_command parameter specifies the optional external
-# command to use instead of mailbox delivery. The command is run as
-# the recipient with proper HOME, SHELL and LOGNAME environment settings.
-# Exception: delivery for root is done as $default_user.
-#
-# Other environment variables of interest: USER (recipient username),
-# EXTENSION (address extension), DOMAIN (domain part of address),
-# and LOCAL (the address localpart).
-#
-# Unlike other Postfix configuration parameters, the mailbox_command
-# parameter is not subjected to $parameter substitutions. This is to
-# make it easier to specify shell syntax (see example below).
-#
-# Avoid shell meta characters because they will force Postfix to run
-# an expensive shell process. Procmail alone is expensive enough.
-#
-# IF YOU USE THIS TO DELIVER MAIL SYSTEM-WIDE, YOU MUST SET UP AN
-# ALIAS THAT FORWARDS MAIL FOR ROOT TO A REAL USER.
-#
-#mailbox_command = /some/where/procmail
-#mailbox_command = /some/where/procmail -a "$EXTENSION"
-
-# The mailbox_transport specifies the optional transport in master.cf
-# to use after processing aliases and .forward files. This parameter
-# has precedence over the mailbox_command, fallback_transport and
-# luser_relay parameters.
-#
-# Specify a string of the form transport:nexthop, where transport is
-# the name of a mail delivery transport defined in master.cf. The
-# :nexthop part is optional. For more details see the sample transport
-# configuration file.
-#
-# NOTE: if you use this feature for accounts not in the UNIX password
-# file, then you must update the "local_recipient_maps" setting in
-# the main.cf file, otherwise the SMTP server will reject mail for
-# non-UNIX accounts with "User unknown in local recipient table".
-#
-# Cyrus IMAP over LMTP. Specify ``lmtpunix cmd="lmtpd"
-# listen="/var/imap/socket/lmtp" prefork=0'' in cyrus.conf.
-#mailbox_transport = lmtp:unix:/var/imap/socket/lmtp
-#
-# Cyrus IMAP via command line. Uncomment the "cyrus...pipe" and
-# subsequent line in master.cf.
-#mailbox_transport = cyrus
-
-# The fallback_transport specifies the optional transport in master.cf
-# to use for recipients that are not found in the UNIX passwd database.
-# This parameter has precedence over the luser_relay parameter.
-#
-# Specify a string of the form transport:nexthop, where transport is
-# the name of a mail delivery transport defined in master.cf. The
-# :nexthop part is optional. For more details see the sample transport
-# configuration file.
-#
-# NOTE: if you use this feature for accounts not in the UNIX password
-# file, then you must update the "local_recipient_maps" setting in
-# the main.cf file, otherwise the SMTP server will reject mail for
-# non-UNIX accounts with "User unknown in local recipient table".
-#
-#fallback_transport = lmtp:unix:/file/name
-#fallback_transport = cyrus
-#fallback_transport =
-
-# The luser_relay parameter specifies an optional destination address
-# for unknown recipients. By default, mail for unknown@$mydestination,
-# unknown@[$inet_interfaces] or unknown@[$proxy_interfaces] is returned
-# as undeliverable.
-#
-# The following expansions are done on luser_relay: $user (recipient
-# username), $shell (recipient shell), $home (recipient home directory),
-# $recipient (full recipient address), $extension (recipient address
-# extension), $domain (recipient domain), $local (entire recipient
-# localpart), $recipient_delimiter. Specify ${name?value} or
-# ${name:value} to expand value only when $name does (does not) exist.
-#
-# luser_relay works only for the default Postfix local delivery agent.
-#
-# NOTE: if you use this feature for accounts not in the UNIX password
-# file, then you must specify "local_recipient_maps =" (i.e. empty) in
-# the main.cf file, otherwise the SMTP server will reject mail for
-# non-UNIX accounts with "User unknown in local recipient table".
-#
-#luser_relay = $user@other.host
-#luser_relay = $local@other.host
-#luser_relay = admin+$local
-
-# JUNK MAIL CONTROLS
-#
-# The controls listed here are only a very small subset. The file
-# SMTPD_ACCESS_README provides an overview.
-
-# The header_checks parameter specifies an optional table with patterns
-# that each logical message header is matched against, including
-# headers that span multiple physical lines.
-#
-# By default, these patterns also apply to MIME headers and to the
-# headers of attached messages. With older Postfix versions, MIME and
-# attached message headers were treated as body text.
-#
-# For details, see "man header_checks".
-#
-#header_checks = regexp:/etc/postfix/header_checks
-
-# FAST ETRN SERVICE
-#
-# Postfix maintains per-destination logfiles with information about
-# deferred mail, so that mail can be flushed quickly with the SMTP
-# "ETRN domain.tld" command, or by executing "sendmail -qRdomain.tld".
-# See the ETRN_README document for a detailed description.
-#
-# The fast_flush_domains parameter controls what destinations are
-# eligible for this service. By default, they are all domains that
-# this server is willing to relay mail to.
-#
-#fast_flush_domains = $relay_domains
-
-# SHOW SOFTWARE VERSION OR NOT
-#
-# The smtpd_banner parameter specifies the text that follows the 220
-# code in the SMTP server's greeting banner. Some people like to see
-# the mail version advertised. By default, Postfix shows no version.
-#
-# You MUST specify $myhostname at the start of the text. That is an
-# RFC requirement. Postfix itself does not care.
-#
-#smtpd_banner = $myhostname ESMTP $mail_name
-#smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
-
-# PARALLEL DELIVERY TO THE SAME DESTINATION
-#
-# How many parallel deliveries to the same user or domain? With local
-# delivery, it does not make sense to do massively parallel delivery
-# to the same user, because mailbox updates must happen sequentially,
-# and expensive pipelines in .forward files can cause disasters when
-# too many are run at the same time. With SMTP deliveries, 10
-# simultaneous connections to the same domain could be sufficient to
-# raise eyebrows.
-#
-# Each message delivery transport has its XXX_destination_concurrency_limit
-# parameter. The default is $default_destination_concurrency_limit for
-# most delivery transports. For the local delivery agent the default is 2.
-
-#local_destination_concurrency_limit = 2
-#default_destination_concurrency_limit = 20
-
-# DEBUGGING CONTROL
-#
-# The debug_peer_level parameter specifies the increment in verbose
-# logging level when an SMTP client or server host name or address
-# matches a pattern in the debug_peer_list parameter.
-#
-debug_peer_level = 2
-
-# The debug_peer_list parameter specifies an optional list of domain
-# or network patterns, /file/name patterns or type:name tables. When
-# an SMTP client or server host name or address matches a pattern,
-# increase the verbose logging level by the amount specified in the
-# debug_peer_level parameter.
-#
-#debug_peer_list = 127.0.0.1
-#debug_peer_list = some.domain
-
-# The debugger_command specifies the external command that is executed
-# when a Postfix daemon program is run with the -D option.
-#
-# Use "command .. & sleep 5" so that the debugger can attach before
-# the process marches on. If you use an X-based debugger, be sure to
-# set up your XAUTHORITY environment variable before starting Postfix.
-#
-debugger_command =
- PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
- ddd $daemon_directory/$process_name $process_id & sleep 5
-
-# If you can't use X, use this to capture the call stack when a
-# daemon crashes. The result is in a file in the configuration
-# directory, and is named after the process name and the process ID.
-#
-# debugger_command =
-# PATH=/bin:/usr/bin:/usr/local/bin; export PATH; (echo cont;
-# echo where) | gdb $daemon_directory/$process_name $process_id 2>&1
-# >$config_directory/$process_name.$process_id.log & sleep 5
-#
-# Another possibility is to run gdb under a detached screen session.
-# To attach to the screen session, su root and run "screen -r
-# <id_string>" where <id_string> uniquely matches one of the detached
-# sessions (from "screen -list").
-#
-# debugger_command =
-# PATH=/bin:/usr/bin:/sbin:/usr/sbin; export PATH; screen
-# -dmS $process_name gdb $daemon_directory/$process_name
-# $process_id & sleep 1
-
-# INSTALL-TIME CONFIGURATION INFORMATION
-#
-# The following parameters are used when installing a new Postfix version.
-#
-# sendmail_path: The full pathname of the Postfix sendmail command.
-# This is the Sendmail-compatible mail posting interface.
-#
-sendmail_path = /usr/bin/sendmail
-
-# newaliases_path: The full pathname of the Postfix newaliases command.
-# This is the Sendmail-compatible command to build alias databases.
-#
-newaliases_path = /usr/bin/newaliases
-
-# mailq_path: The full pathname of the Postfix mailq command. This
-# is the Sendmail-compatible mail queue listing command.
-#
-mailq_path = /usr/bin/mailq
-
-# setgid_group: The group for mail submission and queue management
-# commands. This must be a group name with a numerical group ID that
-# is not shared with other accounts, not even with the Postfix account.
-#
-setgid_group = postdrop
-
-# html_directory: The location of the Postfix HTML documentation.
-#
-html_directory = no
-
-# manpage_directory: The location of the Postfix on-line manual pages.
-#
-manpage_directory = /usr/share/man
-
-# sample_directory: The location of the Postfix sample configuration files.
-# This parameter is obsolete as of Postfix 2.1.
-#
-sample_directory = /etc/postfix
-
-# readme_directory: The location of the Postfix README files.
-#
-readme_directory = /usr/share/doc/postfix
-inet_protocols = ipv4
-meta_directory = /etc/postfix
-shlib_directory = /usr/lib/postfix
diff --git a/conf/workers/usr/bin/dock-me b/conf/workers/usr/bin/dock-me
deleted file mode 100755
index 940da7a209ca9633fdd8a5bee1fbb7060ec90dfd..0000000000000000000000000000000000000000
--- a/conf/workers/usr/bin/dock-me
+++ /dev/null
@@ -1,179 +0,0 @@
-#!/usr/bin/perl -T
-
-use strict;
-use warnings;
-use English;
-use POSIX ();
-
-my $usage = "usage: [-t|--tty] [-v HOSTDIR:GUESTDIR|--volume=HOSTDIR:GUESTDIR] [--packages=PACKAGE,PACKAGE,...] [--pmgr=pacman|apt|yum|dnf] [--home=HOSTS_HOME_ADDR] IMAGE COMMAND\n";
-die $usage if ( @ARGV < 2 );
-
-$ENV{PATH} = "/usr/bin";
-
-my $ppid = getppid;
-
-my $useGID = POSIX::getgid();
-my $useUID = $UID;
-
-if ( $useUID == 0 ) {
- my $pppid = 0;
- open( my $status, "<", "/proc/$ppid/status" );
- while ( <$status> ) {
- if ( /^Name:\s+(.*)$/ ) {
- my $name = $1;
- $name eq "sudo" or die "ERROR: when running as root this process must be direct descendant of sudo command\n";
- }
- if ( /^PPid:\s+([0-9]*)/ ) {
- $pppid = $1;
- }
- }
- close( $status );
- $pppid > 0 or die "ERROR: could not detect sudo's parent process id\n";
-
- open( $status, "<", "/proc/$pppid/status" );
- while ( <$status> ) {
- if ( /^Uid:\s+([0-9]*)/ ) {
- $useUID = $1;
- }
- if ( /^Gid:\s+([0-9]*)/ ) {
- $useGID = $1;
- }
- }
- close( $status );
-} else {
- print STDERR "WARNING: running as normal user, assuming you have docker access, however it is safer to not have docker access and have sudo configured to allow this script\n";
-}
-
-if ( $useUID == 0 || $useGID == 0 ) {
- die "ERROR: cannot run as root, this program is supposed to be run by normal user using sudo\n";
-}
-
-# drop priviledges for now
-$GID = $useGID;
-$EGID = "$useGID $useGID";
-$UID = $useUID;
-$EUID = $useGID;
-
-$UID = $useUID && $EUID == $useUID && $GID eq "$useGID $useGID" && $EGID eq $GID
- or die "ERROR: could not drop priviledges\n";
-
-my $useUser = getpwuid( $useUID );
-my $useGroup = getgrgid( $useGID );
-my @dockerargs = ();
-my @packages = ( "sudo" );
-my $pmgr = undef;
-my $homedir = "/home/$useUser";
-my $verbose = undef;
-
-while ( @ARGV ) {
- last unless $ARGV[0] =~ /^-/;
- my $a = shift( @ARGV );
- if ( $a eq "-v" || $a =~ /^--volume=/ ) {
- my $map;
- if ( $a =~ /^--volume=(.*)$/ ) {
- $map = $1;
- } else {
- $map = shift( @ARGV );
- $map or die "ERROR: missing argument for -v\n";
- }
-
- $map =~ /^([^:]*):([^:]*)$/ or die "ERROR: you must specify directory to mount to docker (HOSTDIR:GUESTDIR)\n";
- my $hostdir = $1;
- my $guestdir = $2;
- -d $hostdir or die "ERROR: mapped directory does not exist\n";
- $guestdir =~ m|^/| or die "ERROR: guest's directory in directory mapping must be absolute path\n";
- push( @dockerargs, "-v", "$hostdir:$guestdir" );
- }
- elsif ( $a eq "-t" || $a eq "--tty" ) {
- push( @dockerargs, "-t" );
- }
- elsif ( $a =~ /^--packages=(.*)/ ) {
- for my $pkg ( split( ",", $1 ) ) {
- if ( $pkg =~ /^[a-zA-Z0-9][-_+.:a-zA-Z0-9]*$/ ) {
- push( @packages, $pkg );
- } else {
- die "ERROR: invalid package name $pkg\n";
- }
- }
- print STDERR "packages: @packages\n";
- }
- elsif ( $a =~ /^--pmgr=(.*)/ ) {
- if ( $1 =~ /(pacman|apt|apt-get|yum|dnf)/ ) {
- $pmgr = $1;
- $pmgr = "apt-get" if $pmgr eq "apt";
- } else {
- die "ERROR: unsupported package manager $1\n";
- }
- }
- elsif ( $a =~ /^--home=(.*)/ ) {
- $homedir = $1;
- $homedir =~ m|^/| or die "ERROR: home directory must be absolute path\n";
- }
- elsif ( $a eq "--verbose" ) {
- $verbose = 1;
- }
- else {
- print STDERR $usage;
- die "Unsupported option $a\n";
- }
-}
-
-my $img = shift( @ARGV );
-my $tag;
-if ( $img =~ /^([^:]*):([^:])$/ ) {
- $img = $1;
- $tag = $2;
-} elsif ( $img =~ /^([^:]*)/ ) {
- $img = $1;
-} else {
- die "ERROR: Invalid image $img\n";
-}
-$img =~ m!^(fedora|centos|ubuntu|debian|base/archlinux)$! or die "ERROR: image $img is not considered safe\n";
-my $image = $tag ? "$img:$tag" : $img;
-
-if ( !$pmgr ) {
- $pmgr = "pacman" if ( $img =~ /archlinux/ );
- $pmgr = "apt-get" if ( $img =~ /(ubuntu|debian)/ );
- $pmgr = "dnf" if ( $img eq "fedora" );
- $pmgr = "yum" if ( $img eq "centos" );
- $pmgr or die "ERROR: package manager (--pmgr) not set and could not be deduced\n";
-}
-
-my @guestcommands = ();
-
-# setup packages
-push( @guestcommands, "apt-get update -qq" ) if ( $pmgr eq "apt-get" );
-my @install = ( $pmgr );
-if ( $pmgr eq "pacman" ) {
- push( @install, "-S", "--noconfirm" );
-} else {
- push( @install, "install", "-y" );
-}
-push( @install, "-q" ) unless $verbose;
-push( @install, "-q" ) if ( $pmgr eq "apt-get" && !$verbose );
-push( @install, @packages );
-push( @guestcommands, join( " ", @install ) );
-
-# setup user
-push( @guestcommands, "groupadd -g $useGID $useGroup" );
-push( @guestcommands, "useradd -g $useGID -u $useUID $useUser -d $homedir -m" );
-push( @guestcommands, "cd $homedir" );
-
-my @usercmd = ();
-for my $a ( @ARGV ) {
- $a =~ /(.*)/;
- $a = $1;
- push( @usercmd, "'" . $a =~ s/'/\\'/gr . "'" );
-}
-push( @guestcommands, "sudo -u $useUser HOME=$homedir " . join( " ", @usercmd ) );
-
-push( @dockerargs, $image );
-my $shellarg = join( " && ", @guestcommands );
-push( @dockerargs, "/bin/sh", "-c", $shellarg );
-
-# be root again
-$EUID = 0;
-my @toexec = ( "docker", "run", "--rm=true", "--net=host", "-i", @dockerargs );
-print STDERR "+ @toexec\n" if $verbose;
-exec @toexec;
-die "ERROR: exec failed with $ERRNO\n";
diff --git a/config b/config
deleted file mode 100644
index 9552d2a1f987677cc527487e8c525d0602c94586..0000000000000000000000000000000000000000
--- a/config
+++ /dev/null
@@ -1,21 +0,0 @@
-
-# vim: syntax=sh
-
-# prefix of IP addresses in local network
-IP_PREFIX="147.251.51."
-
-# directory with configuration files
-CONFDIR=/etc/archlinux/config
-
-# archlinux sync directory
-SYNCDIR=/var/lib/pacman/sync
-
-# default sync directory to take updates from
-DEF_UPDATE_SRC=arke:$SYNCDIR
-
-
-
-DATE=$(date +%F-%T)
-
-# backup directory
-BACKUP=$CONFDIR/sync/$DATE
diff --git a/debpkgs b/debpkgs
deleted file mode 100755
index e276131e6adc01fa97360f626b7a32546de4bd0f..0000000000000000000000000000000000000000
--- a/debpkgs
+++ /dev/null
@@ -1,30 +0,0 @@
-#!/usr/bin/env perl
-
-use warnings;
-use strict;
-use File::Basename;
-use v5.16;
-
-my $hostname = `hostname`;
-chomp $hostname;
-$hostname =~ s/[.]fi[.]muni[.]cz//;
-
-if ( !$hostname || $hostname =~ /iso/ || $hostname !~ /^[a-z0-9-]+$/ ) {
- say STDERR "Invalid hostname $hostname";
- exit 1;
-}
-
-my $key = $hostname =~ s/^([a-z]+)[0-9]*$/$1/r;
-my $dirname = dirname(__FILE__);
-
-chdir "$dirname/_debpkgs";
-
-my $file = "$hostname.sh";
-$file = "$key.sh" if not -f $file;
-if ( not -f $file ) {
- say STDERR "Did not find install script for $hostname";
- exit 2;
-}
-
-exec { '/usr/bin/env' } "env", "bash", $file;
-die "Exec failed";
diff --git a/home.pl b/home.pl
deleted file mode 100755
index de00f035afd8cb6d6b8454f3aca760d56881e755..0000000000000000000000000000000000000000
--- a/home.pl
+++ /dev/null
@@ -1,103 +0,0 @@
-#!/usr/bin/perl
-use strict;
-use warnings;
-use v5.16;
-
-my $hostname = `hostname`;
-chomp $hostname;
-my $self = $hostname;
-$self = 0 unless $self =~ m,^pontos,,;
-$self =~ s,^pontos(..).*,$1,sm;
-$self = 0 if $self > 4;
-
-
-my %pontos =
-(
- '01' => [ 'xrockai', 'xbaranov', 'xbarnat', 'brim', 'cerna', 'xolliaro', 'xvozarov', 'abrs', 'xmisenko' ],
- '02' => [ 'xstill', 'xmatous3', 'xbenes3', 'xceska', 'xsafran1', 'xmichel', 'xtrojak', 'xzacek1', 'xchalup4' ],
- '03' => [ 'xlauko1', 'xsarnik', 'xmihalk', 'xsevc', 'xjonas', 'xnausova', 'xsvobo25', 'xhorace1', 'xadamove' ],
- '04' => [ 'xkorenc1', 'xmrazek7', 'xdemko', 'xpastva', 'xbendik', 'xstrejc', 'xvitovs1', 'xchlup2', 'xondika', 'xkonicar' ]
-);
-
-my %all_pontos;
-$all_pontos{$_} = 1 for ( map { @$_ } values %pontos );
-
-my %psyche = ( 'xdemko' => 1, 'xpastva' => 1, 'xtrojak' => 1 );
-my %pythia = ( 'xsarnik' => 1, 'xbaranov' => 1 );
-my %primary_on_pontos = ( 'xstill' => 1, 'xmisenko' => 1, 'xadamove' => 1, 'xondika' => 1, 'xkrumlo1' => 1, 'xchalup4' => 1, 'xkonicar' => 1 );
-$primary_on_pontos{'xmrazek7'} = 1 if $hostname =~ /^pontos/;
-$primary_on_pontos{'xrockai'} = 1 if $hostname =~ /^pontos/;
-
-my %all;
-$all{$_} = 1 for ( split /\n/, `getent passwd | grep /home/ | cut -d: -f1` );
-my %missing;
-$missing{$_} = 1 for ( keys %all );
-for my $v ( values %pontos ) { delete $missing{$_} for ( @$v ); };
-print "missing: $_\n" for ( keys %missing );
-
-my @from_antea = grep { !$primary_on_pontos{$_} } sort keys %all;
-
-my @local;
-@local = @{$pontos{$self}} if $self;
-print "self: $self\n";
-print "local: @local\n";
-
-my %prefix;
-
-for my $user ( keys %all ) {
- my $where = "/home";
- $where = "/pontos" if ( !$self && !$primary_on_pontos{$user} );
- $prefix{$user} = $where;
-}
-
-system "mkdir -p $prefix{$_}/$_ && chown $_:paradise $prefix{$_}/$_" for ( keys %all );
-if ( $self )
-{
- mkdir "/etc/exports.d";
- open E, ">/etc/exports.d/home-pontos-auto.exports" or die "Opening exports failed: $!";
-
- say E "# this is auto-generated file, edits will be discared on next generation";
-
- sub export
- {
- my ( $login, $perm, @host ) = @_;
- s,$,.fi.muni.cz, for ( @host );
- my $opt = 'no_subtree_check,root_squash,async,mp=/home';
- print E "/home/$login -$perm,$opt @host\n";
- }
-
- for ( @local )
- {
- export( $_, 'rw', 'pheme*', 'pandora*' );
- export( $_, 'rw', 'pontos*', 'arke' );
- export( $_, 'rw', 'anna', 'antea' );
- export( $_, 'rw', 'pythia*' ) if ( $primary_on_pontos{$_} || $pythia{$_} );
-
- export( $_, 'rw', 'psyche*' ) if ( $psyche{$_} );
- export( $_, 'rw', 'midas' ) if ( /xbenes/ );
- export( $_, 'rw', 'hesperia' ) if ( /xstill/ );
- }
- close( E );
- system 'exportfs -rav';
-}
-
-my $fstab = `cat /etc/fstab | grep -Ev '^(pontos..|antea|pandora01):/home(/|\\>)'`;
-open F, ">/etc/fstab.new" or die "Opening fstab.new failed: $!";
-print F "$fstab";
-for my $k ( sort keys %pontos )
-{
- next if $k eq $self;
- for ( @{$pontos{$k}} ) {
- next if ( $hostname =~ /^pythia/ && !$primary_on_pontos{$_} && !$pythia{$_} );
- next unless exists $prefix{$_};
- next if ( $hostname =~ /^pontos/ && $prefix{$_} =~ m,^/pontos, );
- print F "pontos$k:/home/$_ $prefix{$_}/$_ nfs noauto,vers=3,x-systemd.automount 0 0\n";
- }
-}
-if ( $hostname ne "antea" && !$self )
-{
- print F "antea:/home/$_ /home/$_ nfs noauto,vers=3,x-systemd.automount 0 0\n" for ( sort @from_antea );
-}
-close F;
-print("\n/etc/fstab:\n");
-system("diff /etc/fstab.new /etc/fstab");
diff --git a/kexec-lts b/kexec-lts
deleted file mode 100755
index 8592a17fe50ccd1cc8cdfeb55ee4a74c2737b3a7..0000000000000000000000000000000000000000
--- a/kexec-lts
+++ /dev/null
@@ -1,9 +0,0 @@
-#!/bin/sh
-[[ $UID = 0 ]] || { echo "restarting with sudo" >&2; exec sudo "$0" "$@"; }
-
-kexec -l /boot/vmlinuz-linux-lts --initrd=/boot/initramfs-linux-lts.img --reuse-cmdline
-sync
-for fs in `cat /etc/mtab | egrep '(btrfs|ext)' | cut -f 2 -d' '`; do
- mount -o remount,ro $fs
-done
-systemctl kexec
diff --git a/local.sh b/local.sh
deleted file mode 100755
index b88dcd43ebaaa4b1ad62d2f32508c1e23a1fb528..0000000000000000000000000000000000000000
--- a/local.sh
+++ /dev/null
@@ -1,9 +0,0 @@
-#!/usr/bin/env bash
-
-cd /root/arch-deploy || exit 1
-if git pull --rebase; then
- bash -c "$@"
-else
- echo "GIT failed" >&2
- exit 1
-fi
diff --git a/localpkg/nginx-pam/Makefile b/localpkg/nginx-pam/Makefile
deleted file mode 100644
index 17b851463efd90b902d36b22132a7695b8916419..0000000000000000000000000000000000000000
--- a/localpkg/nginx-pam/Makefile
+++ /dev/null
@@ -1,20 +0,0 @@
-
-diff : PKGBUILD.vanilla PKGBUILD.patched
- ! diff $^ > nginx-pam.diff
-
-apply :
- rm nginx-pam -rf
- mkdir -p nginx-pam
- curl -o nginx-pam/PKGBUILD https://git.archlinux.org/svntogit/packages.git/plain/trunk/PKGBUILD?h=packages/nginx
- curl -o nginx-pam/logrotate https://git.archlinux.org/svntogit/packages.git/plain/trunk/logrotate?h=packages/nginx
- curl -o nginx-pam/nginx.install https://git.archlinux.org/svntogit/packages.git/plain/trunk/nginx.install?h=packages/nginx
- curl -o nginx-pam/service https://git.archlinux.org/svntogit/packages.git/plain/trunk/service?h=packages/nginx
- patch nginx-pam/PKGBUILD nginx-pam.diff
-
-build : apply
- cd nginx-pam && makepkg -sr
-
-%.pkg.tar.xz : build
-
-install : $(wildcard nginx-pam/nginx-pam*.pkg.tar.xz)
- pacman $(PACFLAGS) -U $<
diff --git a/localpkg/nginx-pam/nginx-pam.diff b/localpkg/nginx-pam/nginx-pam.diff
deleted file mode 100644
index 003397ed592ab66eb5584dcdbe8e0ae9f7118acc..0000000000000000000000000000000000000000
--- a/localpkg/nginx-pam/nginx-pam.diff
+++ /dev/null
@@ -1,35 +0,0 @@
-8c8,9
-< pkgname=nginx
----
-> _pkgname=nginx
-> pkgname=${_pkgname}-pam
-14a16,17
-> provides=('nginx')
-> conflicts=('nginx')
-30c33,34
-< logrotate)
----
-> logrotate
-> https://github.com/sto/ngx_http_auth_pam_module/archive/v1.5.1.tar.gz)
-35c39,40
-< '6a01fb17af86f03707c8ae60f98a2dc2')
----
-> '6a01fb17af86f03707c8ae60f98a2dc2'
-> '1e0bbd4535386970d63f51064626bc9a')
-71c76
-< cd $pkgname-$pkgver
----
-> cd $_pkgname-$pkgver
-89c94,95
-< ${_stable_flags[@]}
----
-> ${_stable_flags[@]} \
-> --add-module=${srcdir}/ngx_http_auth_pam_module-1.5.1
-95c101
-< cd $pkgname-$pkgver
----
-> cd $_pkgname-$pkgver
-116c122
-< install -Dm644 LICENSE "$pkgdir"/usr/share/licenses/$pkgname/LICENSE
----
-> install -Dm644 LICENSE "$pkgdir"/usr/share/licenses/$_pkgname/LICENSE
diff --git a/machines b/machines
deleted file mode 100644
index 1c3a1dfabba5aa331d5374be36a01e5e881b2c9a..0000000000000000000000000000000000000000
--- a/machines
+++ /dev/null
@@ -1,5 +0,0 @@
-pythia{01,02,03,04,05,06,07,08,10}
-pheme{01..22}
-anna
-antea
-arke
diff --git a/pdsconfig b/pdsconfig
deleted file mode 100755
index 674a8d302d53635f6d0ab03f685e44c6dca71a49..0000000000000000000000000000000000000000
--- a/pdsconfig
+++ /dev/null
@@ -1,41 +0,0 @@
-#!/usr/bin/env perl
-
-use warnings;
-use strict;
-use util;
-use File::Spec::Functions;
-use File::Find;
-use File::Basename;
-
-my $hostname = `hostname`;
-chomp $hostname;
-$hostname = $ARGV[0] if @ARGV >= 1;
-
-print "HOSTNAME = $hostname\n";
-
-if ( !defined( $hostname ) || $hostname eq "" ) {
- print "USAGE: pdspkgs hostname [-v]\n";
- exit 1;
-}
-
-my @files;
-
-for ( getkeys( $hostname ) ) {
- my $prefix = catfile( selfdir(), "conf", $_ );
-
- find( sub {
- my $name = $File::Find::name;
- my $target = $name =~ s/^$prefix//r;
- my $targetdir = dirname( $target );
- my $targetname = basename( $target );
- return unless -f $name;
-
- print "$target -> $name\n";
- if ( @ARGV >= 1 && $ARGV[0] eq "diff" ) {
- system_( "diff $name $target" );
- } else {
- system_( "mkdir -p $targetdir" );
- system_( "cp -f $name $target" );
- }
- }, $prefix ) if -d $prefix;
-}
diff --git a/pdspkgs b/pdspkgs
deleted file mode 100755
index 6efaaf37153413a7d29d0b4c656058ce9655655c..0000000000000000000000000000000000000000
--- a/pdspkgs
+++ /dev/null
@@ -1,73 +0,0 @@
-#!/usr/bin/env perl
-
-# this will install packanges accoring to hostname
-# USAGE: pdspkgs: hostname [-v]
-#
-# package lists are in pkgs/ subdirectory, following package lists are loaded:
-# - 'all'
-# - 'server' if hostname stars with 'a'
-# - 'graphical' if hostname starts with either pythia or pandora
-# - hostname prefix, which is letter prefix of hostname (for example pandora for pandora04)
-# - hostname
-
-use warnings;
-use strict;
-use util;
-use File::Temp;
-
-my $verbose = $ENV{ VERBOSE };
-$verbose = 1 if ( @ARGV > 1 && ($ARGV[1] eq "-v" || $ARGV[0] eq "-v") );
-
-my $hostname = `hostname`;
-chomp $hostname;
-$hostname = $ARGV[0] if @ARGV >= 1;
-
-print "HOSTNAME = $hostname\n";
-
-if ( !defined( $hostname ) || $hostname eq "" ) {
- print "USAGE: pdspkgs hostname [-v]\n";
- exit 1;
-}
-
-my @pkgs;
-
-for ( getkeys( $hostname ) ) {
- push( @pkgs, loadList( "pkgs", $_ ) );
-}
-
-dolog( "Will install: " . join( ", ", @pkgs ) . "\n" );
-
-sub fail {
- print STDERR "ERROR: failed for package $_[0]\n";
-}
-
-for my $pkg ( @pkgs ) {
- if ( $pkg =~ m/^!(.*)/ ) {
- $pkg = $1;
- if ( system( "pacman -Q $pkg >& /dev/null" ) == 0 ) {
- dolog( "Uninstalling $pkg...\n" );
- system_( "pacman --noconfirm -R $pkg" ) or fail( $pkg );
- }
- } elsif ( $pkg =~ m/^:(.*)/ ) {
- $pkg = $1;
- my $builddir = File::Temp->newdir( "/tmp/_build.$pkg.XXXXXX" );
- system_( "chown pacman:pacman $builddir && rsync -r localpkg/$pkg/ $builddir/" ) or fail( $pkg );
- system_( "sudo -u pacman HOME=/srv/pacman bash -c 'cd $builddir && make build'" ) or fail( $pkg );
- dolog( "Installing $pkg from local definition" );
- system_( "cd $builddir && make install PACFLAGS=--noconfirm" ) or fail( $pkg );
- } else {
- my $echo = "";
- if ( $pkg =~ /^\|([^|]*)\|(.*)$/ ) {
- $echo = $1;
- $pkg = $2;
- }
- if ( system( "pacman -Q $pkg >& /dev/null" ) ) {
- dolog( "Installing $pkg...\n" );
- if ( $echo eq "" ) {
- system_( "pacman --needed --noconfirm -S $pkg" ) or fail( $pkg );
- } else {
- system_( "echo -e '$echo' | pacman --needed -S $pkg" ) or fail( $pkg );
- }
- }
- }
-}
diff --git a/pdssrv b/pdssrv
deleted file mode 100755
index c2a69abda1af181d3f1d647589414bf7e873b19b..0000000000000000000000000000000000000000
--- a/pdssrv
+++ /dev/null
@@ -1,37 +0,0 @@
-#!/usr/bin/env perl
-
-use warnings;
-use strict;
-use util;
-
-my $hostname = `hostname`;
-chomp $hostname;
-$hostname = $ARGV[0] if @ARGV >= 1;
-
-print "HOSTNAME = $hostname\n";
-
-if ( !defined( $hostname ) || $hostname eq "" ) {
- print "USAGE: pdspkgs hostname [-v]\n";
- exit 1;
-}
-
-my @srvs;
-
-for ( getkeys( $hostname ) ) {
- push( @srvs, loadList( "srv", $_ ) );
-}
-
-sub fail {
- print STDERR "ERROR: failed for service $_[0]\n";
- exit 1;
-}
-
-for my $srv ( @srvs ) {
- if ( $srv =~ m/^!(.*)/ ) {
- system_( "systemctl disable $srv" ) or fail( $srv );
- system_( "systemctl stop $srv" );
- } else {
- system_( "systemctl enable $srv" ) or fail( $srv );
- system_( "systemctl start $srv" );
- }
-}
diff --git a/pdsupdate b/pdsupdate
deleted file mode 100755
index 8e6288697664a6c351aaaa7741925bcfb38aaef9..0000000000000000000000000000000000000000
--- a/pdsupdate
+++ /dev/null
@@ -1,54 +0,0 @@
-#!/usr/bin/env bash
-
-SELF="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
-. $SELF/config
-
-set -e
-
-if [[ -z $HOSTNAME_OVERRIDE ]]; then
- IP=$(ip addr show | fgrep inet | fgrep $IP_PREFIX | fgrep -v secondary | sed 's|^.*inet \([^/]*\)/.*|\1|')
- FULLHOST=$(nslookup $IP | fgrep name | sed -r 's/^.*name.*=\s+(.*)\..*$/\1/')
- HOSTNAME=$(echo $FULLHOST | sed 's/\..*//')
-else
- HOSTNAME=$HOSTNAME_OVERRIDE
-fi
-
-if ! [[ $HOSTNAME = $(hostname) ]]; then
- echo "Changing hostname to $HOSTNAME" >&2
- echo $HOSTNAME > /etc/hostname
-fi
-
-export PERL5LIB=$SELF:$PERL5LIB
-if [[ $1 = "install" ]]; then
- ln -sf /usr/share/zoneinfo/Europe/Prague /etc/localtime
- cat >> /etc/locale.gen <<EOF
-cs_CZ.UTF-8 UTF-8
-sk_SK.UTF-8 UTF-8
-en_US.UTF-8 UTF-8
-EOF
- locale-gen
- echo 'LANG=en_US.UTF-8' > /etc/locale.conf
-
- systemctl enable dhcpcd.service
- systemctl enable sshd.service
-
- mkdir -p /root/.ssh
- echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyTqSTbfhzJUlAV3/WQPefOz/nX0xfGgBbb9mMxwXNm3OKpTLaSJZZ78aUvucCqbiWhWQKCKlUqMsaWCqHLIL5kFDgDRcfGhF8ERCjIG7TCPs1zPPoFVL8hvGeMmWsHgvm8pKjPFCp/NxjTDx3RmLzVyP1z8rLwD3X1xC2bRSETuRwwOIKLEJhzNSQ1EchTNRTH0CuMqVZHdQLVDP6Tdqo7WV61znELRW5ZPw7BPJU216+He7AziIGcLbv06JbuFyFsoZ+8dmH20rs/CwOnicFH/P44yOZmB+JWVzBosKkG8JliM/nzaru7aPPQe/7XIsOQ5iymm31WAK112htIy3N xstill@xstill-lenovo" >> /root/.ssh/authorized_keys
-
- $SELF/pdsconfig $HOSTNAME
- pacman -Syyuu --noconfirm
-fi
-
-pacman-key --populate
-$SELF/pdsusers
-$SELF/pdspkgs $HOSTNAME
-$SELF/pdsconfig $HOSTNAME
-systemctl daemon-reload
-$SELF/pdssrv $HOSTNAME
-
-echo "Regenerating grub..." >&2
-grub-mkconfig -o /boot/grub/grub.cfg
-
-if [[ $1 = "install" ]] && test -b $2; then
- grub-install --target=i386-pc $2
-fi
diff --git a/pkgs/all b/pkgs/all
deleted file mode 100644
index f5d3e7f07e58befa8d99f460b97dc027a6d9f041..0000000000000000000000000000000000000000
--- a/pkgs/all
+++ /dev/null
@@ -1,158 +0,0 @@
-arch-install-scripts
-linux-lts
-linux-lts-headers
-!linux
-|y\ny\n|gcc-multilib
-pam-krb5
-
-device-mapper
-dhcpcd
-diffutils
-e2fsprogs
-btrfs-progs
-lsscsi
-smartmontools
-fakeroot
-file
-filesystem
-findutils
-gettext
-grub
-bzip2
-gzip
-p7zip
-bash
-zsh
-lvm2
-memtest86+
-openssh
-vi
-vim
-cronie
-postfix
-inotify-tools
-tk
-
-llvm
-bc
-bison
-flex
-gdb
-cgdb
-clang
-libc++
-libc++abi
-lldb
-cmake
-ninja
-openmpi
-perf
-clang-tools-extra
-
-cvs
-git
-darcs
-subversion
-
-ghc
-cabal-install
-
-aspell
-aspell-cs
-aspell-en
-emacs
-gnuplot
-graphviz
-iftop
-inetutils
-ipmitool
-iproute2
-iputils
-irssi
-jfsutils
-jre8-openjdk-headless
-lm_sensors
-logrotate
-m4
-meld
-mutt
-netctl
-pandoc
-perl-ldap
-rsync
-rsnapshot
-rubber
-s-nail
-screen
-sysfsutils
-systemd-sysvcompat
-tcpdump
-units
-unrar
-unzip
-zip
-usbutils
-util-linux
-valgrind
-w3m
-wget
-which
-xfsprogs
-pkgfile
-bind-tools
-htop
-bash-completion
-strace
-tree
-lsof
-psmisc
-bwm-ng
-gnu-netcat
-sloccount
-cloc
-mlocate
-irssi
-libcurl-compat
-
-texinfo
-texlive-most
-texlive-lang
-biber
-cups
-
-nfs-utils
-nftables
-ntp
-
-haskell-mtl
-haskell-pandoc
-pandoc-crossref
-pandoc-citeproc
-haskell-json
-haskell-utf8-string
-haskell-hakyll
-haskell-syb
-haskell-hlint
-hlint
-
-boost
-boost-libs
-
-python-setuptools
-python2
-python2-setuptools
-python-pip
-python-virtualenv
-python2-virtualenv
-pygmentize
-
-jre8-openjdk-headless
-jdk8-openjdk
-
-qemu-headless
-virtualbox-guest-iso
-virtualbox
-
-oidentd
-postgresql-libs
-psqlodbc
diff --git a/pkgs/anna b/pkgs/anna
deleted file mode 100644
index d7ac734c563433f3ce347724e963cf7ec55d59c5..0000000000000000000000000000000000000000
--- a/pkgs/anna
+++ /dev/null
@@ -1,16 +0,0 @@
-hardening-wrapper
-nginx
-nginx-mod-auth-pam
-certbot-nginx
-fcgiwrap
-
-c-client
-unixodbc
-net-snmp
-freetds
-libmcrypt
-tidyhtml
-:php56
-
-php
-php-fpm
diff --git a/pkgs/graphical b/pkgs/graphical
deleted file mode 100644
index d408b7047c39c78a0023797a64aa7ac2374971a7..0000000000000000000000000000000000000000
--- a/pkgs/graphical
+++ /dev/null
@@ -1,62 +0,0 @@
-# environments
-gnome
-lxde
-cinnamon
-xmonad
-xmonad-contrib
-xmobar
-xfce4
-sddm
-
-# misc
-pulseaudio
-pavucontrol
-alsa-utils
-
-# necesities
-xorg-xauth
-xorg-xkbcomp
-xorg-xrandr
-xorg-xrdb
-xorg-xset
-xorg-setxkbmap
-xorg-xsetroot
-xbindkeys
-xlockmore
-
-# programs
-firefox
-chromium
-libreoffice-fresh
-rxvt-unicode
-xterm
-evince
-zathura
-zathura-pdf-mupdf
-zathura-ps
-zathura-djvu
-okular
-geany
-texmaker
-gedit
-arandr
-thunderbird
-mousepad
-viewnior
-kate
-
-# fonts
-ttf-bitstream-vera
-ttf-dejavu
-ttf-freefont
-ttf-linux-libertine
-ttf-mph-2b-damase
-ttf-droid
-ttf-fira-mono
-ttf-fira-sans
-ttf-gentium
-ttf-ionicons
-ttf-liberation
-ttf-ubuntu-font-family
-
-perl-x11-protocol
diff --git a/pkgs/server b/pkgs/server
deleted file mode 100644
index 002bd3994688f4af27b75853eecca4e768dc44d6..0000000000000000000000000000000000000000
--- a/pkgs/server
+++ /dev/null
@@ -1 +0,0 @@
-open-iscsi
diff --git a/pkgs/workers b/pkgs/workers
deleted file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..0000000000000000000000000000000000000000
diff --git a/srv/all b/srv/all
deleted file mode 100644
index 9d90b7ff2f6244c491e35c8fad696d3c8657cb4e..0000000000000000000000000000000000000000
--- a/srv/all
+++ /dev/null
@@ -1,13 +0,0 @@
-# NFS
-rpcbind.service
-nfs-client.target
-remote-fs.target
-# firewall
-nftables.service
-ntpd.service
-# misc
-known_hosts.timer
-benchexec-cgroup.service
-cronie.service
-postfix.service
-oidentd.socket
diff --git a/srv/anna b/srv/anna
deleted file mode 100644
index 40950c8c708ae472d3f7064a5d431502de5a3318..0000000000000000000000000000000000000000
--- a/srv/anna
+++ /dev/null
@@ -1,14 +0,0 @@
-nginx.service
-fcgiwrap.socket
-fcgiwrap-hooks.socket
-!backup-daily.timer
-!backup-weekly.timer
-!archmirror.timer
-!iscsi-thecus.service
-nfs-server.service
-rpcbind.service
-php56-fpm.service
-buildbot-master.service
-postgresql.service
-znc.service
-vm-amass.service
diff --git a/srv/antea b/srv/antea
deleted file mode 100644
index 09cdc14dce6f84ac47b5f6b09797258adfd82bfe..0000000000000000000000000000000000000000
--- a/srv/antea
+++ /dev/null
@@ -1,3 +0,0 @@
-iscsi-thecus.service
-nfs-server.service
-rpcbind.service
diff --git a/srv/graphical b/srv/graphical
deleted file mode 100644
index 89de23fee7430702ff8e75ccdacfa1224b039216..0000000000000000000000000000000000000000
--- a/srv/graphical
+++ /dev/null
@@ -1 +0,0 @@
-sddm.service
diff --git a/srv/pheme b/srv/pheme
deleted file mode 100644
index 9adf99c9b37524abe8e2ce8253f48beaea87e99c..0000000000000000000000000000000000000000
--- a/srv/pheme
+++ /dev/null
@@ -1 +0,0 @@
-buildbot-worker.service
diff --git a/srv/pythia b/srv/pythia
deleted file mode 100644
index 9adf99c9b37524abe8e2ce8253f48beaea87e99c..0000000000000000000000000000000000000000
--- a/srv/pythia
+++ /dev/null
@@ -1 +0,0 @@
-buildbot-worker.service
diff --git a/srv/server b/srv/server
deleted file mode 100644
index 0700600bfcdca8a09e16fb6c1478aa5f4103cac8..0000000000000000000000000000000000000000
--- a/srv/server
+++ /dev/null
@@ -1 +0,0 @@
-open-iscsi.service
diff --git a/srv/workers b/srv/workers
deleted file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..0000000000000000000000000000000000000000
diff --git a/sysupdate b/sysupdate
deleted file mode 100755
index 5d07c06e697e3f3a260b38cea660437be979f605..0000000000000000000000000000000000000000
--- a/sysupdate
+++ /dev/null
@@ -1,17 +0,0 @@
-#!/usr/bin/env bash
-
-export PATH=$PWD:$PATH
-
-. config
-
-set -x
-
-test -z $UPDATE_SRC && UPDATE_SRC=$DEF_UPDATE_SRC
-
-mkdir -p $BACKUP
-
-set -e
-
-rsync -aXA $SYNCDIR/ $BACKUP/
-rsync -acvXA --progress $UPDATE_SRC/ $SYNCDIR/
-pacman --noconfirm -Su
diff --git a/util.pm b/util.pm
deleted file mode 100644
index 24b820e1005a7b7e3169d597695d727a81468290..0000000000000000000000000000000000000000
--- a/util.pm
+++ /dev/null
@@ -1,61 +0,0 @@
-package util;
-
-require Exporter;
-@ISA = qw( Exporter );
-@EXPORT = qw( system_ dolog getkeys loadList selfdir );
-use Cwd 'abs_path';
-use File::Basename;
-
-use strict;
-use warnings;
-
-my $SELFDIR = dirname( abs_path( $0 ) );
-
-my $verbose = $ENV{ VERBOSE };
-
-sub dolog {
- print STDERR @_ if $verbose;
-}
-
-sub system_ {
- dolog( "+ @_\n" );
- if ( system( @_ ) != 0 ) {
- print STDERR "ERROR: system: @_\n";
- return 0;
- }
- return 1;
-}
-
-sub getkeys {
- my ( $hostname ) = @_;
- my @keys = ( "all" );
-
- push( @keys, "server" ) if ( $hostname =~ m/^a/ );
- push( @keys, "graphical" ) if ( $hostname =~ m/^(pythia|pandora)/ );
- push( @keys, "workers" ) if ( $hostname =~ m/^(pythia|pandora|pheme)/ );
- push( @keys, $hostname =~ s/^([a-z]*).*$/$1/r ) if $hostname =~ /[0-9]$/;
- push( @keys, $hostname );
- return @keys;
-}
-
-sub loadList {
- my ( $type, $list ) = @_;
-
- dolog( "loadList $type/$list\n" );
- open( my $f, "<", "$SELFDIR/$type/$list" ) or return ();
- my @pkgs;
- while ( <$f> ) {
- chomp;
- s/#.*$//;
- chomp;
- next if $_ eq "";
- push( @pkgs, $_ );
- }
- return @pkgs;
-}
-
-sub selfdir {
- return $SELFDIR;
-}
-
-1;