[ { "path": ".github/FUNDING.yml", "content": "# You can add one username per supported platform and one custom link\npatreon: jessfraz\n" }, { "path": ".github/workflows/make-test.yml", "content": "on:\n push\nname: make test\njobs:\n test:\n name: make test\n runs-on: ubuntu-latest\n steps:\n - uses: actions/checkout@master\n with:\n fetch-depth: '2'\n - name: make test\n run: make test\n shell: bash\n" }, { "path": ".gitignore", "content": "###Linux###\n\n*~\n\n# KDE directory preferences\n.directory\n\n\n###OSX###\n\n.DS_Store\n.AppleDouble\n.LSOverride\n\n# Icon must ends with two \\r.\nIcon\n\n\n# Thumbnails\n._*\n\n# Files that might appear on external disk\n.Spotlight-V100\n.Trashes\n\nznc/conf/\n\n*.swp\n*.swo\n\nitunes/iTunesSetup.exe\nyubikey/\nkiwi-builder/artifacts\n" }, { "path": "LICENSE", "content": "The MIT License (MIT)\n\nCopyright (c) 2017 Jessie Frazelle\n\nPermission is hereby granted, free of charge, to any person obtaining a copy of\nthis software and associated documentation files (the \"Software\"), to deal in\nthe Software without restriction, including without limitation the rights to\nuse, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of\nthe Software, and to permit persons to whom the Software is furnished to do so,\nsubject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all\ncopies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS\nFOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR\nCOPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER\nIN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN\nCONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n" }, { "path": "Makefile", "content": ".PHONY: build\nbuild: ## Builds all the dockerfiles in the repository.\n\t@$(CURDIR)/build-all.sh\n\n.PHONY: latest-versions\nlatest-versions: ## Checks all the latest versions of the Dockerfile contents.\n\t@$(CURDIR)/latest-versions.sh\n\ncheck_defined = \\\n\t\t\t\t$(strip $(foreach 1,$1, \\\n\t\t\t\t$(call __check_defined,$1,$(strip $(value 2)))))\n__check_defined = \\\n\t\t\t\t $(if $(value $1),, \\\n\t\t\t\t $(error Undefined $1$(if $2, ($2))$(if $(value @), \\\n\t\t\t\t required by target `$@')))\n\n.PHONY: run\nrun: ## Run a Dockerfile from the command at the top of the file (ex. DIR=telnet).\n\t@:$(call check_defined, DIR, directory of the Dockefile)\n\t@$(CURDIR)/run.sh \"$(DIR)\"\n\nREGISTRY := r.j3ss.co\n.PHONY: image\nimage: ## Build a Dockerfile (ex. DIR=telnet).\n\t@:$(call check_defined, DIR, directory of the Dockefile)\n\tdocker build --rm --force-rm -t $(REGISTRY)/$(subst /,:,$(patsubst %/,%,$(DIR))) ./$(DIR)\n\n.PHONY: test\ntest: dockerfiles shellcheck ## Runs the tests on the repository.\n\n.PHONY: dockerfiles\ndockerfiles: ## Tests the changes to the Dockerfiles build.\n\t@$(CURDIR)/test.sh\n\n# if this session isn't interactive, then we don't want to allocate a\n# TTY, which would fail, but if it is interactive, we do want to attach\n# so that the user can send e.g. ^C through.\nINTERACTIVE := $(shell [ -t 0 ] && echo 1 || echo 0)\nifeq ($(INTERACTIVE), 1)\n\tDOCKER_FLAGS += -t\nendif\n\n.PHONY: shellcheck\nshellcheck: ## Runs the shellcheck tests on the scripts.\n\tdocker run --rm -i $(DOCKER_FLAGS) \\\n\t\t--name df-shellcheck \\\n\t\t-v $(CURDIR):/usr/src:ro \\\n\t\t--workdir /usr/src \\\n\t\tr.j3ss.co/shellcheck ./shellcheck.sh\n\n.PHONY: help\nhelp:\n\t@grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | sort | awk 'BEGIN {FS = \":.*?## \"}; {printf \"\\033[36m%-30s\\033[0m %s\\n\", $$1, $$2}'\n" }, { "path": "README.md", "content": "## dockerfiles\n\n[![make test](https://github.com/jessfraz/dockerfiles/workflows/make%20test/badge.svg)](https://github.com/jessfraz/dockerfiles/actions?query=workflow%3A%22make+test%22+branch%3Amaster)\n\nThis is a repo to hold various Dockerfiles for images I create.\n\n\n**Table of Contents**\n\n\n\n- [About](#about)\n- [Resources](#resources)\n * [My dotfiles](#my-dotfiles)\n- [Contributing](#contributing)\n * [Using the `Makefile`](#using-the-makefile)\n\n\n\n## About\n\nAlmost all of these live on dockerhub under [jess](https://hub.docker.com/u/jess/).\nBecause you cannot use notary with autobuilds on dockerhub I also build these\ncontinuously on a private registry at [r.j3ss.co](https://r.j3ss.co/) for public download. (You're\nwelcome.)\n\n## Resources\n\n### My dotfiles\n\nYou may also want to checkout my [dotfiles](https://github.com/jessfraz/dotfiles), specifically the aliases for all these files which are here: [github.com/jessfraz/dotfiles/blob/master/.dockerfunc](https://github.com/jessfraz/dotfiles/blob/master/.dockerfunc).\n\n## Contributing\n\nI try to make sure each Dockerfile has a command at the top to document running it,\nif a file you are looking at does not have a command, please\npull request it!\n\n\n### Using the `Makefile`\n\n```\n$ make help\nbuild Builds all the dockerfiles in the repository.\ndockerfiles Tests the changes to the Dockerfiles build.\nimage Build a Dockerfile (ex. DIR=telnet).\nlatest-versions Checks all the latest versions of the Dockerfile contents.\nrun Run a Dockerfile from the command at the top of the file (ex. DIR=telnet).\nshellcheck Runs the shellcheck tests on the scripts.\ntest Runs the tests on the repository.\n```\n" }, { "path": "ab/Dockerfile", "content": "# ab (apache benchmark)\n# in a container\n#\n# docker run --rm -it \\\n# \tjess/ab\n#\nFROM alpine:latest\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN apk --no-cache add \\\n\tapache2-ssl \\\n\tapache2-utils \\\n\tca-certificates \\\n\thtop\n\nENTRYPOINT [ \"ab\" ]\n" }, { "path": "afterthedeadline/Dockerfile", "content": "FROM openjdk:8-alpine\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN apk add --no-cache \\\n\tca-certificates \\\n\tcurl \\\n\ttar\n\nENV LANG C.UTF-8\n# https://open.afterthedeadline.com/download/download-source-code/\nENV ATD_VERSION 081310\n\nRUN curl -sSL \"http://www.polishmywriting.com/download/atd_distribution${ATD_VERSION}.tgz\" -o /tmp/atd.tar.gz \\\n\t&& mkdir -p /usr/src/atd \\\n\t&& tar -xzf /tmp/atd.tar.gz -C /usr/src/atd --strip-components 1 \\\n\t&& rm /tmp/atd.tar.gz*\n\nWORKDIR /usr/src/atd\nEXPOSE 1049\n\nENTRYPOINT [ \"sh\", \"-c\", \"/usr/src/atd/run.sh\" ]\n" }, { "path": "android-tools/Dockerfile", "content": "FROM debian:sid-slim\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN apt-get update && apt-get install -y \\\n\tadb \\\n\tandroid-tools* \\\n\tca-certificates \\\n\tcurl \\\n\tfastboot \\\n\tusbutils \\\n\t--no-install-recommends \\\n\t&& rm -rf /var/lib/apt/lists/*\n\nENTRYPOINT [ \"bash\" ]\n" }, { "path": "ansible/Dockerfile", "content": "# https://www.ansible.com/\n#\n# docker run --rm \\\n# \t-it \\\n# \t-v ${PWD}/hosts:/etc/ansible/hosts \\\n# \t-v ${PWD}/ansible.cfg:/etc/ansible/ansible.cfg \\\n# \t-v ${HOME}/.ssh:/root/.ssh:ro \\\n# \tansible all -m ping\n#\nFROM python:3-alpine\nLABEL maintainer \"Christian Koep \"\n\nRUN builddeps=' \\\n\t\tmusl-dev \\\n\t\topenssl-dev \\\n\t\tlibffi-dev \\\n\t\tgcc \\\n\t\t' \\\n\t&& apk --no-cache add \\\n\tca-certificates \\\n\t$builddeps \\\n\t&& pip install \\\n\t\tansible \\\n\t&& apk del --purge $builddeps\n\nENTRYPOINT [ \"ansible\" ]\n" }, { "path": "apt-file/Dockerfile", "content": "FROM debian:sid-slim\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN apt-get update && apt-get install -y \\\n\tapt-file \\\n\t--no-install-recommends \\\n\t&& rm -rf /var/lib/apt/lists/*\n\nCMD [ \"bash\" ]\n" }, { "path": "aspell/Dockerfile", "content": "FROM alpine:latest\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN apk add --no-cache \\\n\taspell \\\n\taspell-en\n\nENTRYPOINT [\"aspell\"]\n" }, { "path": "atom/Dockerfile", "content": "# DESCRIPTION:\t Create the atom editor in a container\n# AUTHOR:\t\t Jessie Frazelle \n# COMMENTS:\n#\tThis file describes how to build the atom editor\n#\tin a container with all dependencies installed.\n#\tNote: atom is not a node-webkit app,\n#\tfound this out a little too late into this example\n#\tit uses electron(https://github.com/atom/electron)\n#\tTested on Debian Jessie.\n# USAGE:\n#\t# Download atom Dockerfile\n#\twget https://raw.githubusercontent.com/jessfraz/dockerfiles/master/atom/Dockerfile\n#\n#\t# Build atom image\n#\tdocker build -t atom .\n#\n#\tdocker run -v /tmp/.X11-unix:/tmp/.X11-unix \\\n#\t\t-e DISPLAY=unix$DISPLAY atom\n#\n\n# Base docker image\nFROM debian:bullseye-slim\n\nLABEL maintainer \"Jessie Frazelle \"\n\n# Tell debconf to run in non-interactive mode\nENV DEBIAN_FRONTEND noninteractive\n\nRUN apt-get update && apt-get install -y \\\n\tapt-transport-https \\\n\tca-certificates \\\n\tgnupg \\\n\twget \\\n\t--no-install-recommends\n\n# Add the atom debian repo\nRUN wget -qO- https://packagecloud.io/AtomEditor/atom/gpgkey | apt-key add -\nRUN sh -c 'echo \"deb [arch=amd64] https://packagecloud.io/AtomEditor/atom/any/ any main\" > /etc/apt/sources.list.d/atom.list'\n\n# Install dependencies\nRUN apt-get update && apt-get install -y \\\n\tatom \\\n\tgit \\\n\tgconf2 \\\n\tgconf-service \\\n\tgvfs-bin \\\n\tlibasound2 \\\n\tlibcap2 \\\n\tlibgconf-2-4 \\\n\tlibgtk2.0-0 \\\n\tlibnotify4 \\\n\tlibnss3 \\\n\tlibxkbfile1 \\\n\tlibxss1 \\\n\tlibxtst6 \\\n\tlibx11-xcb-dev \\\n\txdg-utils \\\n\t--no-install-recommends \\\n\t&& rm -rf /var/lib/apt/lists/*\n\n# Autorun atom\nENTRYPOINT [ \"atom\", \"--foreground\" ]\n" }, { "path": "audacity/Dockerfile", "content": "FROM debian:sid-slim\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN apt-get update && apt-get install -y \\\n\taudacity \\\n\t--no-install-recommends \\\n\t&& rm -rf /var/lib/apt/lists/*\n\nENTRYPOINT [ \"audacity\" ]\n" }, { "path": "awscli/Dockerfile", "content": "# Run awscli in a container and list s3 buckets\n#\n# docker run --rm -it \\\n#\t--name awscli \\\n#\tjess/awscli \\\n# s3 ls\n#\n\nFROM alpine:latest\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN apk --no-cache add \\\n\tca-certificates \\\n\tgroff \\\n\tless \\\n\tpython3 \\\n\t&& pip3 install awscli \\\n\t&& mkdir -p /root/.aws \\\n\t&& { \\\n\t\techo '[default]'; \\\n\t\techo 'output = json'; \\\n\t\techo 'region = $AWS_DEFAULT_REGION'; \\\n\t\techo 'aws_access_key_id = $AMAZON_ACCESS_KEY_ID'; \\\n\t\techo 'aws_secret_access_key = $AMAZON_SECRET_ACCESS_KEY'; \\\n\t} > /root/.aws/config\n\nENTRYPOINT [ \"aws\" ]\n" }, { "path": "azure-cli/Dockerfile", "content": "FROM python:3-alpine\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN apk add --no-cache \\\n\tbash\n\nRUN set -x \\\n\t&& apk add --no-cache --virtual .build-deps \\\n\t\tbuild-base \\\n\t\tlibffi-dev \\\n\t\topenssl-dev \\\n\t&& pip install --upgrade \\\n\t\t--pre azure-cli \\\n\t\t--extra-index-url https://azurecliprod.blob.core.windows.net/edge \\\n\t\t--no-cache-dir \\\n\t&& apk del .build-deps\n\nENTRYPOINT\t[ \"az\" ]\n" }, { "path": "bashrc", "content": "#!/bin/bash\n\ncommand_not_found_handle () {\n\t# Check if there is a container image with that name\n\tif ! docker inspect --format '{{ .Author }}' \"$1\" >&/dev/null; then\n\t\techo \"$0: $1: command not found\"\n\t\treturn\n\tfi\n\n\t# Check that it's really the name of the image, not a prefix\n\tif docker inspect --format '{{ .Id }}' \"$1\" | grep -q \"^$1\" ;then\n\t\techo \"$0: $1: command not found\"\n\t\treturn\n\tfi\n\n\t# Add a bunch of (optional) devices\n\t# (Don't add them unconditionally: if they don't exist, it\n\t# would prevent the container from starting)\n\tDEVICES=\n\tfor DEV in /dev/kvm /dev/ttyUSB* /dev/dri/* /dev/snd/*; do\n\t\tif [ -b \"$DEV\" ] || [ -c \"$DEV\" ]; then\n\t\t\tDEVICES=\"$DEVICES --device $DEV:$DEV\"\n\t\tfi\n\tdone\n\n\t# And a few (optional) files\n\t# (Here again, they don't always exist everywhere)\n\tVOLUMES=\n\tfor VOL in /tmp/.X11-unix /run/user; do\n\t\tif [ -e \"$VOL\" ]; then\n\t\t\tVOLUMES=\"$VOLUMES --volume $VOL:$VOL\"\n\t\tfi\n\tdone\n\n\t# Check if we are on a tty to decide whether to allocate one\n\tDASHT=\n\ttty -s && DASHT=-t\n\n\t# shellcheck disable=SC2086\n\t# shellcheck disable=SC2046\n\tdocker run $DASHT -i -u $(whoami) -w \"$HOME\" \\\n\t\t$(env | cut -d= -f1 | awk '{print \"-e\", $1}') \\\n\t\t$DOCKERFILES_RUN_FLAGS \\\n\t\t$DEVICES \\\n\t\t$VOLUMES \\\n\t\t-v /etc/passwd:/etc/passwd:ro \\\n\t\t-v /etc/group:/etc/group:ro \\\n\t\t-v /etc/localtime:/etc/localtime:ro \\\n\t\t-v /home:/home \\\n\t\t\"$@\"\n}\n" }, { "path": "bcc-tools/Dockerfile", "content": "# Usage:\n# docker run --rm -it \\\n#\t--privileged \\\n#\t-v /lib/modules:/lib/modules:ro \\\n#\t-v /usr/src:/usr/src:ro \\\n#\t-v /etc/localtime:/etc/localtime:ro \\\n#\tr.j3ss.co/bcc-tools\n#\nFROM debian:sid-slim\nMAINTAINER Jessica Frazelle \n\nENV PATH /usr/share/bcc/tools:$PATH\n\n# Add non-free apt sources\nRUN sed -i \"s#deb http://deb.debian.org/debian buster main#deb http://deb.debian.org/debian buster main contrib non-free#g\" /etc/apt/sources.list\n\nRUN apt-get update && apt-get install -y \\\n ca-certificates \\\n\tclang \\\n\tcurl \\\n\tgcc \\\n\tgit \\\n\tg++ \\\n --no-install-recommends \\\n && rm -rf /var/lib/apt/lists/*\n\n# Install dependencies for libbcc\n# FROM: https://github.com/iovisor/bcc/blob/master/INSTALL.md#install-build-dependencies\nRUN apt-get update && apt-get install -y \\\n\tdebhelper \\\n\tcmake \\\n\tlibllvm3.9 \\\n\tllvm-dev \\\n\tlibclang-dev \\\n\tlibelf-dev \\\n\tbison \\\n\tflex \\\n\tlibedit-dev \\\n\tclang-format \\\n\tpython \\\n\tpython3-pyroute2 \\\n\tluajit \\\n\tlibluajit-5.1-dev \\\n\tarping \\\n\tiperf \\\n\tethtool \\\n\tdevscripts \\\n\tzlib1g-dev \\\n\tlibfl-dev \\\n --no-install-recommends \\\n && rm -rf /var/lib/apt/lists/*\n\n# Build libbcc\nENV BCC_VERSION v0.14.0\nRUN git clone --depth 1 --branch \"$BCC_VERSION\" https://github.com/iovisor/bcc.git /usr/src/bcc \\\n\t&& ( \\\n\t\tcd /usr/src/bcc \\\n\t\t&& mkdir build \\\n\t\t&& cd build \\\n\t\t&& cmake .. -DCMAKE_INSTALL_PREFIX=/usr \\\n\t\t&& make \\\n\t\t&& make install \\\n\t) \\\n\t&& rm -rf /usr/src/bcc\n\nCOPY entrypoint.sh /usr/local/bin/entrypoint.sh\n\nENTRYPOINT [\"entrypoint.sh\"]\n" }, { "path": "bcc-tools/entrypoint.sh", "content": "#!/bin/bash\nset -e\nset -o pipefail\n\nmount -t debugfs none /sys/kernel/debug/\nexec \"$@\"\n" }, { "path": "beeswithmachineguns/Dockerfile", "content": "FROM alpine:latest\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN apk --no-cache add \\\n\tca-certificates \\\n\tpython \\\n\tpy-boto \\\n\tpy-future \\\n\tpy-paramiko\n\nRUN buildDeps=' \\\n\t\tbuild-base \\\n\t\tgit \\\n\t\tpython-dev \\\n\t' \\\n\tset -x \\\n\t&& apk --no-cache add $buildDeps \\\n\t&& git clone --depth 1 https://github.com/newsapps/beeswithmachineguns /usr/src/beeswithmachineguns \\\n\t&& cd /usr/src/beeswithmachineguns \\\n\t&& python setup.py install \\\n\t&& rm -rf /usr/src/beeswithmachineguns \\\n\t&& apk del $buildDeps\n\nENTRYPOINT [ \"bees\" ]\n" }, { "path": "bpftrace/Dockerfile", "content": "FROM r.j3ss.co/bcc\nMAINTAINER Jessica Frazelle \n\nENV PATH /usr/share/bcc/tools:$PATH\n\n# Add non-free apt sources\nRUN sed -i \"s#deb http://deb.debian.org/debian buster main#deb http://deb.debian.org/debian buster main contrib non-free#g\" /etc/apt/sources.list\n\nRUN apt-get update && apt-get install -y \\\n ca-certificates \\\n\tclang \\\n\tcurl \\\n\tgcc \\\n\tgit \\\n\tg++ \\\n --no-install-recommends \\\n && rm -rf /var/lib/apt/lists/*\n\n# Build bpftrace\nENV BPFTRACE_VERSION v0.10.0\nRUN git clone --depth 1 --branch \"$BPFTRACE_VERSION\" https://github.com/iovisor/bpftrace.git /usr/src/bpftrace \\\n\t&& ( \\\n\t\tcd /usr/src/bpftrace \\\n\t\t&& mkdir build \\\n\t\t&& cd build \\\n\t\t&& cmake -DCMAKE_BUILD_TYPE=Release -DCMAKE_INSTALL_PREFIX=/usr .. \\\n\t\t&& make -j8 \\\n\t\t&& make install \\\n\t) \\\n\t&& rm -rf /usr/src/bpftrace\n\nENTRYPOINT [\"bpftrace\"]\n" }, { "path": "brok/Dockerfile", "content": "FROM haskell:8.8\n\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN cabal update && cabal install brok\n\nCMD [\"brok\"]\n" }, { "path": "browsh/Dockerfile", "content": "FROM debian:bullseye-slim\nLABEL maintainer \"Jessie Frazelle \"\n\n# Install bash and other deps so we have them.\nRUN apt-get update && apt-get install -y \\\n\t\tbash \\\n\t\tbzip2 \\\n\t\tca-certificates \\\n\t\tlibdbus-glib-1-2 \\\n\t\tlibgtk-3-0 \\\n\t\tlibx11-xcb1 \\\n\t\tlibxt6 \\\n\t\ttar \\\n\t\twget \\\n\t\t--no-install-recommends \\\n\t\t&& rm -rf /var/lib/apt/lists/*\n\nRUN wget \"https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews-gambling-porn-social/hosts\" -O /etc/hosts\n\n# Create user and change ownership\nRUN addgroup --gid 666 browsh \\\n\t&& adduser --uid 666 --home /home/browsh --ingroup browsh browsh\n\nWORKDIR /home/browsh\nUSER browsh\n\nRUN mkdir -p /home/browsh/bin\n\nENV PATH=\"/bin:/usr/bin:/usr/local/bin:/home/browsh/bin:${PATH}\"\n\n# Install firefox.\nENV FIREFOX_VERSION 60.0\nRUN set -x \\\n\t&& wget \"https://ftp.mozilla.org/pub/firefox/releases/${FIREFOX_VERSION}/linux-x86_64/en-US/firefox-${FIREFOX_VERSION}.tar.bz2\" -O /tmp/firefox.tar.bz2 \\\n\t&& ( \\\n\t\tcd /tmp \\\n\t\t&& bzip2 -d /tmp/firefox.tar.bz2 \\\n\t\t&& tar -xf /tmp/firefox.tar -C /home/browsh/bin/ --strip-components 1 \\\n\t) \\\n\t&& rm -rf /tmp/firefox* \\\n\t&& firefox --version\n\n# Install browsh.\nENV BROWSH_VERSION 1.6.4\nRUN wget \"https://github.com/browsh-org/browsh/releases/download/v${BROWSH_VERSION}/browsh_${BROWSH_VERSION}_linux_amd64\" -O /home/browsh/bin/browsh \\\n\t&& chmod a+x /home/browsh/bin/browsh\n\n# Firefox behaves quite differently to normal on its first run, so by getting\n# that over and done with here when there's no user to be dissapointed means\n# that all future runs will be consistent.\nRUN TERM=xterm browsh & \\\n\t\tpidsave=$!; \\\n\t\tsleep 10; kill $pidsave || true;\n\nENTRYPOINT [ \"browsh\" ]\n" }, { "path": "build-all.sh", "content": "#!/bin/bash\nset -e\nset -o pipefail\n\nSCRIPT=\"$(cd \"$(dirname \"${BASH_SOURCE[0]}\")\" && pwd)/$(basename \"${BASH_SOURCE[0]}\")\"\nREPO_URL=\"${REPO_URL:-r.j3ss.co}\"\nJOBS=${JOBS:-2}\n\nERRORS=\"$(pwd)/errors\"\n\nbuild_and_push(){\n\tbase=$1\n\tsuite=$2\n\tbuild_dir=$3\n\n\techo \"Building ${REPO_URL}/${base}:${suite} for context ${build_dir}\"\n\tdocker build --rm --force-rm -t \"${REPO_URL}/${base}:${suite}\" \"${build_dir}\" || return 1\n\n\t# on successful build, push the image\n\techo \" --- \"\n\techo \"Successfully built ${base}:${suite} with context ${build_dir}\"\n\techo \" --- \"\n\n\t# try push a few times because notary server sometimes returns 401 for\n\t# absolutely no reason\n\tn=0\n\tuntil [ $n -ge 5 ]; do\n\t\tdocker push --disable-content-trust=false \"${REPO_URL}/${base}:${suite}\" && break\n\t\techo \"Try #$n failed... sleeping for 15 seconds\"\n\t\tn=$((n+1))\n\t\tsleep 15\n\tdone\n\n\t# also push the tag latest for \"stable\" (chrome), \"tools\" (wireguard) or \"3.5\" tags for zookeeper\n\tif [[ \"$suite\" == \"stable\" ]] || [[ \"$suite\" == \"3.6\" ]] || [[ \"$suite\" == \"tools\" ]]; then\n\t\tdocker tag \"${REPO_URL}/${base}:${suite}\" \"${REPO_URL}/${base}:latest\"\n\t\tdocker push --disable-content-trust=false \"${REPO_URL}/${base}:latest\"\n\tfi\n}\n\ndofile() {\n\tf=$1\n\timage=${f%Dockerfile}\n\tbase=${image%%\\/*}\n\tbuild_dir=$(dirname \"$f\")\n\tsuite=${build_dir##*\\/}\n\n\tif [[ -z \"$suite\" ]] || [[ \"$suite\" == \"$base\" ]]; then\n\t\tsuite=latest\n\tfi\n\n\t{\n\t\t$SCRIPT build_and_push \"${base}\" \"${suite}\" \"${build_dir}\"\n\t} || {\n\t# add to errors\n\techo \"${base}:${suite}\" >> \"$ERRORS\"\n}\necho\necho\n}\n\nmain(){\n\t# get the dockerfiles\n\tIFS=$'\\n'\n\tmapfile -t files < <(find -L . -iname '*Dockerfile' | sed 's|./||' | sort)\n\tunset IFS\n\n\t# build all dockerfiles\n\techo \"Running in parallel with ${JOBS} jobs.\"\n\tparallel --tag --verbose --ungroup -j\"${JOBS}\" \"$SCRIPT\" dofile \"{1}\" ::: \"${files[@]}\"\n\n\tif [[ ! -f \"$ERRORS\" ]]; then\n\t\techo \"No errors, hooray!\"\n\telse\n\t\techo \"[ERROR] Some images did not build correctly, see below.\" >&2\n\t\techo \"These images failed: $(cat \"$ERRORS\")\" >&2\n\t\texit 1\n\tfi\n}\n\nrun(){\n\targs=$*\n\tf=$1\n\n\tif [[ \"$f\" == \"\" ]]; then\n\t\tmain \"$args\"\n\telse\n\t\t$args\n\tfi\n}\n\nrun \"$@\"\n" }, { "path": "buttslock/Dockerfile", "content": "#\n# This container will listen to DBus events to be notified when your\n# computer goes to sleep. When such events happen, it will lock the\n# screen with a fancy lock.\n#\n# It needs to be started with a few bind-mounts:\n# - /etc/passwd, /etc/shadow (read-only)\n# - /var/run/dbus, the X11 socket (typically /tmp/.X11-unix)\n# And it also requires the USER and DISPLAY environment variables to be set.\n#\nFROM alpine:latest\n\nRUN apk --no-cache add \\\n\ti3lock \\\n\timagemagick \\\n\tpy-dbus \\\n\tpy-gobject \\\n\tscrot \\\n\tttf-liberation \\\n\txkeyboard-config\n\nCOPY buttslock.py buttslock.sh lock.png /\n\nCMD [\"/buttslock.py\"]\n" }, { "path": "buttslock/buttslock.py", "content": "#!/usr/bin/env python\n\n# Shamelessly pasted from:\n# https://serverfault.com/questions/573379/system-suspend-dbus-upower-signals-are-not-seen\n\nfrom datetime import datetime\nimport dbus\nimport gobject\nfrom dbus.mainloop.glib import DBusGMainLoop\nimport os\n\ndef handle_sleep(*args):\n print \"%s PrepareForSleep%s\" % (datetime.now().ctime(), args)\n if len(args)>0 and args[0]:\n os.system(\"/buttslock.sh\")\n\nDBusGMainLoop(set_as_default=True) # integrate into gobject main loop\nbus = dbus.SystemBus() # connect to system wide dbus\nbus.add_signal_receiver( # define the signal to listen to\n handle_sleep, # callback function\n 'PrepareForSleep', # signal name\n 'org.freedesktop.login1.Manager', # interface\n 'org.freedesktop.login1' # bus name\n)\n\nloop = gobject.MainLoop()\nloop.run()\n\n" }, { "path": "buttslock/buttslock.sh", "content": "#!/bin/sh\n\n# Shamelessly copied from:\n# https://github.com/meskarune/i3lock-fancy\n\n# All options are here: https://www.imagemagick.org/Usage/blur/#blur_args\n#BLURTYPE=\"0x5\" # 7.52s\n#BLURTYPE=\"0x2\" # 4.39s\n#BLURTYPE=\"5x3\" # 3.80s\nBLURTYPE=\"2x8\" # 2.90s\n#BLURTYPE=\"2x3\" # 2.92s\n\n# I still have to figure out how to get imagemagick fonts to work in Alpine\n#FONT=\"-font Liberation-Sans\"\nFONT=\n\nscrot /tmp/scrot.png\nconvert /tmp/scrot.png \\\n -level 0%,100%,0.6 -blur \"$BLURTYPE\" \"$FONT\" \\\n -pointsize 26 -fill white -gravity center \\\n -annotate +0+200 'Type password to unlock' \\\n /tmp/conv.png\ncomposite -gravity center /lock.png /tmp/conv.png /tmp/lock.png\n#i3lock --textcolor=ffffff00 --insidecolor=ffffff1c --ringcolor=ffffff3e --linecolor=ffffff00 --keyhlcolor=00000080 --ringvercolor=00000000 --insidevercolor=0000001c --ringwrongcolor=00000055 --insidewrongcolor=0000001c -i $IMAGE\ni3lock -i /tmp/lock.png --ignore-empty-password\n\n" }, { "path": "cathode/Dockerfile", "content": "FROM debian:bullseye-slim\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN apt-get update && apt-get install -y \\\n\tbuild-essential \\\n\tca-certificates \\\n\tgit \\\n\tqmlscene \\\n\tqt5-qmake \\\n\tqt5-default \\\n\tqtdeclarative5-dev \\\n\tqml-module-qtquick-controls \\\n\tqml-module-qtgraphicaleffects \\\n\tqml-module-qtquick-dialogs \\\n\tqml-module-qtquick-localstorage \\\n\tqml-module-qtquick-window2 \\\n\t--no-install-recommends \\\n\t&& rm -rf /var/lib/apt/lists/*\n\nRUN git clone --depth 1 --recursive https://github.com/Swordfish90/cool-retro-term.git /src\nWORKDIR /src\nRUN qmake \\\n\t&& make\n\nENTRYPOINT [ \"/src/cool-retro-term\" ]\n" }, { "path": "certbot/Dockerfile", "content": "FROM alpine:latest\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN apk --no-cache add \\\n\tbash \\\n\tcertbot\n\nENTRYPOINT [ \"certbot\" ]\n" }, { "path": "cf-reset-cache/Dockerfile", "content": "FROM alpine:latest\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN apk add --no-cache \\\n\tca-certificates \\\n\tpy-boto\n\n\nCOPY ./reset-cache.py /bin/reset-cache.py\n\nCMD [ \"/usr/bin/python\", \"/bin/reset-cache.py\" ]\n" }, { "path": "cf-reset-cache/reset-cache.py", "content": "#!/usr/local/bin/python\n\nimport boto\nimport os\nimport sys\n\n\naccess_key = os.getenv(\"AWS_ACCESS_KEY\")\naccess_secret = os.getenv(\"AWS_SECRET_KEY\")\ncloudfront_dist = os.getenv(\"AWS_CF_DISTRIBUTION_ID\")\nbucket = os.getenv(\"AWS_S3_BUCKET\")\n\nif access_key == \"\" or access_key is None:\n print \"Please set AWS_ACCESS_KEY env variable.\"\n sys.exit(1)\nelif access_secret == \"\" or access_secret is None:\n print \"Please set AWS_SECRET_KEY env variable.\"\n sys.exit(1)\nelif cloudfront_dist == \"\" or cloudfront_dist is None:\n print \"Please set AWS_CF_DISTRIBUTION_ID env variable.\"\n sys.exit(1)\nelif bucket == \"\" or bucket is None:\n print \"Please set AWS_S3_BUCKET env variable.\"\n sys.exit(1)\n\n# get the paths from s3\ns3_conn = boto.connect_s3(access_key, access_secret)\ndocs = s3_conn.get_bucket(bucket)\nitems = []\n\nfor key in docs.list():\n index_file = \"/index.html\"\n if key.name.endswith((index_file)):\n # append the file without the postfix as well\n items.append(key.name.replace(index_file, \"\"))\n items.append(key.name.replace(index_file, \"/\"))\n items.append(key.name)\n\ncf_conn = boto.connect_cloudfront(access_key, access_secret)\ninval_req = cf_conn.create_invalidation_request(cloudfront_dist, items)\n\nprint \"Invalidating these files: \"\nprint items\n\nprint inval_req\nsys.exit(0)\n" }, { "path": "cfssl/Dockerfile", "content": "FROM golang:alpine AS builder\n\nENV PATH /go/bin:/usr/local/go/bin:$PATH\nENV GOPATH /go\n\nRUN apk --no-cache add \\\n\t\tgcc \\\n\t\tgit \\\n\t\tlibc-dev\n\n\nENV CFSSL_VERSION v1.4.1\n\nRUN git clone --depth 1 --branch \"$CFSSL_VERSION\" https://github.com/cloudflare/cfssl.git /go/src/github.com/cloudflare/cfssl\n\nRUN set -x && \\\n\tgo get github.com/cloudflare/cfssl_trust/... && \\\n\tgo get github.com/GeertJohan/go.rice/rice && \\\n\tcd /go/src/github.com/cloudflare/cfssl && rice embed-go -i=./cli/serve && \\\n\tmkdir bin && cd bin && \\\n\tgo build ../cmd/cfssl && \\\n\tgo build ../cmd/cfssljson && \\\n\tgo build ../cmd/mkbundle && \\\n\tgo build ../cmd/multirootca && \\\n\techo \"Build complete.\"\n\nFROM alpine:latest\n\nCOPY --from=builder /go/src/github.com/cloudflare/cfssl_trust /etc/cfssl\nCOPY --from=builder /go/src/github.com/cloudflare/cfssl/bin/ /usr/bin\n\nWORKDIR /etc/cfssl\n\nEXPOSE 8888\n\nENTRYPOINT [\"cfssl\"]\nCMD [\"--help\"]\n" }, { "path": "checkup/Dockerfile", "content": "FROM golang:alpine as builder\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN\tapk --no-cache add \\\n\tca-certificates \\\n\tgcc \\\n\tgit \\\n\tlibc-dev\n\nENV PATH /go/bin:/usr/local/go/bin:$PATH\nENV GOPATH /go\n\nRUN go get github.com/sourcegraph/checkup/cmd/checkup\n\nFROM alpine:latest\n\nCOPY --from=builder /go/bin/checkup /usr/bin/checkup\nCOPY --from=builder /etc/ssl/certs/ /etc/ssl/certs\n\nENTRYPOINT [ \"checkup\" ]\n" }, { "path": "cheese/Dockerfile", "content": "FROM debian:bullseye-slim\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN apt-get update && apt-get install -y \\\n\tcheese \\\n\tlibgl1-mesa-dri \\\n\tlibgl1-mesa-glx \\\n\t--no-install-recommends \\\n\t&& rm -rf /var/lib/apt/lists/*\n\nENTRYPOINT [ \"cheese\" ]\n" }, { "path": "chrome/beta/Dockerfile", "content": "# Run Chrome in a container\n#\n# docker run -it \\\n#\t--net host \\ # may as well YOLO\n#\t--cpuset-cpus 0 \\ # control the cpu\n#\t--memory 512mb \\ # max memory it can use\n#\t-v /tmp/.X11-unix:/tmp/.X11-unix \\ # mount the X11 socket\n#\t-e DISPLAY=unix$DISPLAY \\\n#\t-v $HOME/Downloads:/home/chrome/Downloads \\\n#\t-v $HOME/.config/google-chrome/:/data \\ # if you want to save state\n#\t--security-opt seccomp=$HOME/chrome.json \\\n#\t--device /dev/snd \\ # so we have sound\n#\t--device /dev/dri \\\n#\t-v /dev/shm:/dev/shm \\\n#\t--name chrome \\\n#\tjess/chrome:beta\n#\n# You will want the custom seccomp profile:\n# \twget https://raw.githubusercontent.com/jfrazelle/dotfiles/master/etc/docker/seccomp/chrome.json -O ~/chrome.json\n\n# Base docker image\nFROM debian:bullseye-slim\nLABEL maintainer \"Jessie Frazelle \"\n\n# Install Chrome\nRUN apt-get update && apt-get install -y \\\n\tapt-transport-https \\\n\tca-certificates \\\n\tcurl \\\n\tgnupg \\\n\thicolor-icon-theme \\\n\tlibcanberra-gtk* \\\n\tlibgl1-mesa-dri \\\n\tlibgl1-mesa-glx \\\n\tlibpangox-1.0-0 \\\n\tlibpulse0 \\\n\tlibv4l-0 \\\n\tfonts-symbola \\\n\t--no-install-recommends \\\n\t&& curl -sSL https://dl.google.com/linux/linux_signing_key.pub | apt-key add - \\\n\t&& echo \"deb [arch=amd64] https://dl.google.com/linux/chrome/deb/ stable main\" > /etc/apt/sources.list.d/google.list \\\n\t&& apt-get update && apt-get install -y \\\n\tgoogle-chrome-beta \\\n\t--no-install-recommends \\\n\t&& apt-get purge --auto-remove -y curl \\\n\t&& rm -rf /var/lib/apt/lists/*\n\n# Add chrome user\nRUN groupadd -r chrome && useradd -r -g chrome -G audio,video chrome \\\n && mkdir -p /home/chrome/Downloads && chown -R chrome:chrome /home/chrome\n\nCOPY local.conf /etc/fonts/local.conf\n\n# Run Chrome as non privileged user\nUSER chrome\n\n# Autorun chrome\nENTRYPOINT [ \"google-chrome\" ]\nCMD [ \"--user-data-dir=/data\" ]\n" }, { "path": "chrome/beta/local.conf", "content": "\n\n\n\n\nrgb\n\n\n\n\ntrue\n\n\n\n\nhintslight\n\n\n\n\ntrue\n\n\n\n\nlcddefault\n\n\n\n\nfalse\n\n\n\n" }, { "path": "chrome/stable/Dockerfile", "content": "# Run Chrome in a container\n#\n# docker run -it \\\n#\t--net host \\ # may as well YOLO\n#\t--cpuset-cpus 0 \\ # control the cpu\n#\t--memory 512mb \\ # max memory it can use\n#\t-v /tmp/.X11-unix:/tmp/.X11-unix \\ # mount the X11 socket\n#\t-e DISPLAY=unix$DISPLAY \\\n#\t-v $HOME/Downloads:/home/chrome/Downloads \\\n#\t-v $HOME/.config/google-chrome/:/data \\ # if you want to save state\n#\t--security-opt seccomp=$HOME/chrome.json \\\n#\t--device /dev/snd \\ # so we have sound\n# --device /dev/dri \\\n#\t-v /dev/shm:/dev/shm \\\n#\t--name chrome \\\n#\tjess/chrome\n#\n# You will want the custom seccomp profile:\n# \twget https://raw.githubusercontent.com/jfrazelle/dotfiles/master/etc/docker/seccomp/chrome.json -O ~/chrome.json\n\n# Base docker image\nFROM debian:bullseye-slim\nLABEL maintainer \"Jessie Frazelle \"\n\n# Install Chrome\nRUN apt-get update && apt-get install -y \\\n\tapt-transport-https \\\n\tca-certificates \\\n\tcurl \\\n\tgnupg \\\n\thicolor-icon-theme \\\n\tlibcanberra-gtk* \\\n\tlibgl1-mesa-dri \\\n\tlibgl1-mesa-glx \\\n\tlibpangox-1.0-0 \\\n\tlibpulse0 \\\n\tlibv4l-0 \\\n\tfonts-symbola \\\n\t--no-install-recommends \\\n\t&& curl -sSL https://dl.google.com/linux/linux_signing_key.pub | apt-key add - \\\n\t&& echo \"deb [arch=amd64] https://dl.google.com/linux/chrome/deb/ stable main\" > /etc/apt/sources.list.d/google.list \\\n\t&& apt-get update && apt-get install -y \\\n\tgoogle-chrome-stable \\\n\t--no-install-recommends \\\n\t&& apt-get purge --auto-remove -y curl \\\n\t&& rm -rf /var/lib/apt/lists/*\n\n# Add chrome user\nRUN groupadd -r chrome && useradd -r -g chrome -G audio,video chrome \\\n && mkdir -p /home/chrome/Downloads && chown -R chrome:chrome /home/chrome\n\nCOPY local.conf /etc/fonts/local.conf\n\n# Run Chrome as non privileged user\nUSER chrome\n\n# Autorun chrome\nENTRYPOINT [ \"google-chrome\" ]\nCMD [ \"--user-data-dir=/data\" ]\n" }, { "path": "chrome/stable/local.conf", "content": "\n\n\n\n\nrgb\n\n\n\n\ntrue\n\n\n\n\nhintslight\n\n\n\n\ntrue\n\n\n\n\nlcddefault\n\n\n\n\nfalse\n\n\n\n" }, { "path": "chromium/Dockerfile", "content": "# Run Chromium in a container\n#\n# docker run -it \\\n#\t--net host \\ # may as well YOLO\n#\t--cpuset-cpus 0 \\ # control the cpu\n#\t--memory 512mb \\ # max memory it can use\n#\t-v /tmp/.X11-unix:/tmp/.X11-unix \\ # mount the X11 socket\n#\t-e DISPLAY=unix$DISPLAY \\\n#\t-v $HOME/Downloads:/home/chromium/Downloads \\\n#\t-v $HOME/.config/chromium/:/data \\ # if you want to save state\n#\t--security-opt seccomp=$HOME/chrome.json \\\n#\t--device /dev/snd \\ # so we have sound\n#\t-v /dev/shm:/dev/shm \\\n#\t--name chromium \\\n#\tjess/chromium\n#\n# You will want the custom seccomp profile:\n# \twget https://raw.githubusercontent.com/jfrazelle/dotfiles/master/etc/docker/seccomp/chrome.json -O ~/chrome.json\n\n# Base docker image\nFROM debian:bullseye-slim\nLABEL maintainer \"Jessie Frazelle \"\n\n# Install Chromium\n# Yes, including the Google API Keys sucks but even debian does the same: https://packages.debian.org/stretch/amd64/chromium/filelist\nRUN apt-get update && apt-get install -y \\\n chromium \\\n chromium-l10n \\\n fonts-liberation \\\n fonts-roboto \\\n hicolor-icon-theme \\\n libcanberra-gtk-module \\\n libexif-dev \\\n libgl1-mesa-dri \\\n libgl1-mesa-glx \\\n libpangox-1.0-0 \\\n libv4l-0 \\\n fonts-symbola \\\n --no-install-recommends \\\n && rm -rf /var/lib/apt/lists/* \\\n && mkdir -p /etc/chromium.d/ \\\n && /bin/echo -e 'export GOOGLE_API_KEY=\"AIzaSyCkfPOPZXDKNn8hhgu3JrA62wIgC93d44k\"\\nexport GOOGLE_DEFAULT_CLIENT_ID=\"811574891467.apps.googleusercontent.com\"\\nexport GOOGLE_DEFAULT_CLIENT_SECRET=\"kdloedMFGdGla2P1zacGjAQh\"' > /etc/chromium.d/googleapikeys\n\n# Add chromium user\nRUN groupadd -r chromium && useradd -r -g chromium -G audio,video chromium \\\n && mkdir -p /home/chromium/Downloads && chown -R chromium:chromium /home/chromium\n\n# Run as non privileged user\nUSER chromium\n\nENTRYPOINT [ \"/usr/bin/chromium\" ]\nCMD [ \"--user-data-dir=/data\" ]\n" }, { "path": "clair/Dockerfile", "content": "FROM golang:alpine as builder\n\nRUN apk --no-cache add \\\n\tca-certificates \\\n\tgit \\\n\tmake\n\nENV PATH /go/bin:/usr/local/go/bin:$PATH\nENV GOPATH /go\n\nRUN go get github.com/quay/clair/cmd/clair || true\n\nENV CLAIR_VERSION v2.1.4\n\nWORKDIR /go/src/github.com/quay/clair\n\nRUN git checkout \"${CLAIR_VERSION}\"\n\nRUN go install ./cmd/clair\n\nFROM alpine:latest\n\nRUN apk --no-cache add \\\n\tca-certificates \\\n\tgit \\\n\trpm \\\n\txz\n\nCOPY --from=builder /go/bin/clair /usr/bin/clair\n\nENTRYPOINT [ \"clair\" ]\n" }, { "path": "cli53/Dockerfile", "content": "FROM alpine:latest\n\nRUN apk --no-cache add \\\n\tca-certificates \\\n\tpython \\\n\tpy2-pip \\\n\t&& pip install cli53\n\nENTRYPOINT [ \"cli53\" ]\n" }, { "path": "clisp/.clisprc.lisp", "content": ";;; The following lines added by ql:add-to-init-file:\n#-quicklisp\n(let ((quicklisp-init (merge-pathnames\n \"quicklisp/setup.lisp\"\n (user-homedir-pathname))))\n (when (probe-file quicklisp-init)\n (load quicklisp-init)))\n" }, { "path": "clisp/Dockerfile", "content": "FROM alpine:latest AS cl-k8s\nRUN apk add --no-cache \\\n\tgit\nRUN git clone https://github.com/brendandburns/cl-k8s.git /cl-k8s\n\nFROM debian:bullseye-slim\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN apt-get update && apt-get install -y \\\n\tca-certificates \\\n\tclisp \\\n\twget \\\n\t--no-install-recommends \\\n\t&& rm -rf /var/lib/apt/lists/*\n\nCOPY .clisprc.lisp /home/user/.clisprc.lisp\nCOPY --from=cl-k8s /cl-k8s /home/user/quicklisp/local-projects/cl-k8s\n\n# Install quicklisp\nRUN wget -O /home/user/quicklisp.lisp https://beta.quicklisp.org/quicklisp.lisp\n\nENV HOME /home/user\nRUN useradd --create-home --home-dir $HOME user \\\n\t&& chown -R user:user $HOME\n\nUSER user\n\nWORKDIR $HOME\n\n# Install quicklisp\nRUN clisp -x '(load \"quicklisp.lisp\") (quicklisp-quickstart:install)'\n\nENTRYPOINT [ \"clisp\" ]\n" }, { "path": "cloudapp/Dockerfile", "content": "FROM\truby:alpine\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN\tapk add --no-cache \\\n\tlibcurl\n\nRUN\tset -x \\\n\t&& apk add --no-cache --virtual .build-deps \\\n\tbuild-base \\\n\t&& gem install cloudapp --no-document \\\n\t&& apk del .build-deps\n\nENTRYPOINT\t[\"cloudapp\"]\n" }, { "path": "consul/Dockerfile", "content": "FROM golang:latest as builder\nMAINTAINER Jessica Frazelle \n\nENV PATH /go/bin:/usr/local/go/bin:$PATH\nENV GOPATH /go\n\nRUN apt-get update && apt-get install -y \\\n\tapt-transport-https \\\n\tca-certificates \\\n\tcurl \\\n\tgcc \\\n\tgit \\\n\tmake \\\n\truby-dev \\\n\truby \\\n\t--no-install-recommends \\\n\t&& rm -rf /var/lib/apt/lists/*\n\n# Add yarn to apt repos.\nRUN curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add -\nRUN echo \"deb https://dl.yarnpkg.com/debian/ stable main\" | tee /etc/apt/sources.list.d/yarn.list\n\n# Setup node install.\nRUN curl -sL https://deb.nodesource.com/setup_10.x | bash -\n\nRUN apt-get update && apt-get install -y \\\n\tnodejs \\\n\tyarn \\\n\t--no-install-recommends \\\n\t&& rm -rf /var/lib/apt/lists/*\n\nENV CONSUL_VERSION v1.8.0-beta2\n\nRUN go get github.com/hashicorp/consul || true\n\nWORKDIR /go/src/github.com/hashicorp/consul\n\nRUN git checkout \"${CONSUL_VERSION}\"\n\n# Install deps for UI.\nRUN gem install \\\n\tbundler \\\n\t--no-ri --no-rdoc\n\nRUN cd ui-v2 \\\n\t&& yarn install \\\n\t&& make \\\n\t&& rm -rf ../pkg/web_ui \\\n\t&& mkdir -p ../pkg \\\n\t&& cp -r dist ../pkg/web_ui\n\nRUN TERM=xterm XC_ARCH=\"amd64\" XC_OS=\"linux\" LD_FLAGS=\" -extldflags -static\" make tools static-assets bin \\\n\t&& mv bin/consul /usr/bin/consul\n\nFROM alpine:latest\n\nCOPY --from=builder /usr/bin/consul /usr/bin/consul\nCOPY --from=builder /etc/ssl/certs/ /etc/ssl/certs\n\nENTRYPOINT [ \"consul\" ]\nCMD [ \"--help\" ]\n" }, { "path": "coredns/Dockerfile", "content": "FROM golang:alpine as builder\nLABEL maintainer \"Jessie Frazelle \"\n\nENV PATH /go/bin:/usr/local/go/bin:$PATH\nENV GOPATH /go\n\nRUN apk --no-cache add \\\n\tbash \\\n\tca-certificates \\\n\tgit \\\n\tmake\n\nENV COREDNS_VERSION v1.6.9\n\nRUN git clone --depth 1 --branch ${COREDNS_VERSION} https://github.com/coredns/coredns /go/src/github.com/coredns/coredns\n\nWORKDIR /go/src/github.com/coredns/coredns\n\nRUN make all \\\n\t&& mv coredns /usr/bin/coredns\n\nFROM alpine:latest\n\nCOPY --from=builder /usr/bin/coredns /usr/bin/coredns\nCOPY --from=builder /etc/ssl/certs/ /etc/ssl/certs\n\nENTRYPOINT [ \"coredns\", \"-log\" ]\n" }, { "path": "couchpotato/Dockerfile", "content": "# Couchpotato in a container\n#\n# docker run -d \\\n# \t--restart always \\\n#\t-p 5050:5050 \\\n# \t-v /etc/localtime:/etc/localtime:ro \\\n# \t-v /volumes/couchpotato:/data \\\n#\t--link transmission:transmission \\\n# \t--name couchpotato \\\n# \tjess/couchpotato\n#\nFROM python:2-alpine\nLABEL maintainer \"Jessie Frazelle \"\n\n# machine parsable metadata, for https://github.com/pycampers/dockapt\nLABEL \"registry_image\"=\"r.j3ss.co/couchpotato\"\nLABEL \"docker_run_flags\"=\"-d \\\n \t--restart always \\\n\t-p 5050:5050 \\\n \t-v /etc/localtime:/etc/localtime:ro \\\n \t-v /volumes/couchpotato:/data \\\n\t--link transmission:transmission \\\n \t--name couchpotato\"\n\nRUN apk add --no-cache \\\n\tca-certificates \\\n\tgcc \\\n\tgit \\\n\tlibffi-dev \\\n\tlibxml2-dev \\\n\tlibxslt-dev \\\n\tmusl-dev \\\n\topenssl-dev \\\n\t&& rm -rf /var/lib/apt/lists/*\n\nRUN pip install \\\n\tlxml \\\n\tpyopenssl\n\nEXPOSE 5050\n\nENV COUCHPOTATO_VERSION master\n\nRUN git clone https://github.com/RuudBurger/CouchPotatoServer.git /usr/src/couchpotato \\\n\t&& ( \\\n\t\tcd /usr/src/couchpotato \\\n\t\t&& git checkout \"${COUCHPOTATO_VERSION}\" \\\n\t)\n\nWORKDIR /usr/src/couchpotato\n\nENTRYPOINT [ \"python\", \"CouchPotato.py\", \"--debug\" ]\nCMD [ \"--data_dir\", \"/data\" ]\n" }, { "path": "cura/Dockerfile", "content": "FROM ubuntu:bionic\n\nRUN apt-get update && apt-get install -y \\\n\tca-certificates \\\n\tlibgfortran4 \\\n\tlibssl-dev \\\n\twget \\\n\t--no-install-recommends \\\n\t&& rm -rf /var/lib/apt/lists/*\n\nRUN wget https://gitlab.com/lulzbot3d/cura-le/cura-lulzbot/uploads/0676b39295476b93181fa8a512f34265/cura-lulzbot_3.2.21_amd64.deb -O /tmp/cura.deb \\\n\t&& apt update \\\n\t&& dpkg -i /tmp/cura.deb || true \\\n\t&& apt-get -yf install \\\n\t&& rm -rf /var/lib/apt/lists/* \\\n\t&& rm -rf /tmp/cura.deb\n\nCMD [\"cura-lulzbot\"]\n" }, { "path": "curl/Dockerfile", "content": "#\n# This Dockerfile builds a recent curl with HTTP/2 client support, using\n# a recent nghttp2 build.\n#\n# See the Makefile for how to tag it. If Docker and that image is found, the\n# Go tests use this curl binary for integration tests.\n#\n\nFROM alpine:latest\n\nRUN apk add --no-cache \\\n\tca-certificates \\\n\tnghttp2 \\\n\topenssl\n\nENV CURL_VERSION 7.70.0\n\nRUN set -x \\\n && apk add --no-cache --virtual .build-deps \\\n\t\tg++ \\\n\t\tmake \\\n\t\tnghttp2-dev \\\n\t\topenssl-dev \\\n\t\tperl \\\n\t\tgnupg \\\n\t&& wget https://curl.haxx.se/download/curl-$CURL_VERSION.tar.bz2 \\\n\t&& wget https://curl.haxx.se/download/curl-$CURL_VERSION.tar.bz2.asc \\\n\t&& gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 27EDEAF22F3ABCEB50DB9A125CC908FDB71E12C2 \\\n\t&& gpg --verify curl-$CURL_VERSION.tar.bz2.asc \\\n && tar xjvf curl-$CURL_VERSION.tar.bz2 \\\n && rm curl-$CURL_VERSION.tar.bz2 \\\n && ( \\\n\t\tcd curl-$CURL_VERSION \\\n \t&& ./configure \\\n \t\t--with-nghttp2=/usr \\\n \t--with-ssl \\\n \t--enable-ipv6 \\\n \t--enable-unix-sockets \\\n \t--without-libidn \\\n \t--disable-static \\\n \t--disable-ldap \\\n \t--with-pic \\\n \t&& make \\\n \t&& make install \\\n\t) \\\n && rm -r curl-$CURL_VERSION \\\n && rm -r /usr/share/man \\\n && apk del .build-deps\n\nENTRYPOINT [\"/usr/local/bin/curl\"]\nCMD [\"-h\"]\n" }, { "path": "dcos-cli/Dockerfile", "content": "FROM alpine:latest\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN apk --no-cache add \\\n\tca-certificates \\\n\tpython \\\n\tpy2-pip \\\n\t&& pip install dcoscli\n\n# path to the DCOS CLI binary\nRUN echo 'export PATH=$PATH:/dcos/bin;' >> ~/.bashrc\n\nENTRYPOINT [ \"dcos\" ]\n" }, { "path": "debootstrap/Dockerfile", "content": "FROM debian:bullseye-slim\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN apt-get update && apt-get install -y \\\n\tca-certificates \\\n\tcurl \\\n\tdebootstrap \\\n\tgit \\\n\t--no-install-recommends \\\n\t&& rm -rf /var/lib/apt/lists/*\n\nENTRYPOINT [ \"debootstrap\" ]\n" }, { "path": "distcc/Dockerfile", "content": "FROM debian:sid-slim\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN apt-get update && apt-get install -y \\\n\tca-certificates \\\n\tcurl \\\n\tdistcc \\\n\tgit \\\n\tmake \\\n\tlibncurses5-dev \\\n\tlibssl-dev \\\n\t--no-install-recommends \\\n\t&& rm -rf /var/lib/apt/lists/*\n\nENV HOME /root\nWORKDIR $HOME\n\nCOPY distccd-init /usr/local/bin/distccd-init\n\nENTRYPOINT [ \"distccd-init\" ]\n" }, { "path": "distcc/distccd-init", "content": "#! /bin/sh\n#\n# distccd Debian init.d script contributed by Jason Thomas. (Debian #161136)\n#\n# skeleton\texample file to build /etc/init.d/ scripts.\n#\t\tThis file should be used to construct scripts for /etc/init.d.\n#\n#\t\tWritten by Miquel van Smoorenburg .\n#\t\tModified for Debian GNU/Linux\n#\t\tby Ian Murdock .\n#\n# Version:\t@(#)skeleton 1.9.1 08-Apr-2002 miquels@cistron.nl\n#\nset -e\n\nPATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin\nDAEMON=/usr/bin/distccd\nNAME=distccd\nDAEMON_ARGS=\"--nice=10 --port=4200 --pid-file=/var/run/${NAME}.pid --no-detach $*\"\n\ntest -x $DAEMON || exit 0\n\n\n# we need permission to write to the pid file\ntouch /var/run/$NAME.pid\nchown distccd /var/run/$NAME.pid\n\n# shellcheck disable=SC2086\nexec $DAEMON $DAEMON_ARGS\n" }, { "path": "doctor/Dockerfile", "content": "# DESCRIPTION:\t Run text-based emacs doctor in a container\n# AUTHOR:\t\t Jessie Frazelle \n# COMMENTS:\n#\tThis file describes how to build doctor in a container with all\n#\tdependencies installed.\n#\tTested on Debian Jessie\n# USAGE:\n#\t# Download doctor Dockerfile\n#\twget https://raw.githubusercontent.com/jessfraz/dockerfiles/master/doctor/Dockerfile\n#\n#\t# Build doctor image\n#\tdocker build -t doctor .\n#\n#\tdocker run -it jess/doctor\n#\n\n# Base docker image\nFROM alpine:latest\nLABEL maintainer \"Jessie Frazelle \"\n\n# Install emacs:\n# Note: Emacs is only community repo -> https://pkgs.alpinelinux.org/packages?package=emacs&repo=all&arch=x86_64\nRUN apk --no-cache add \\\n\t--repository http://dl-cdn.alpinelinux.org/alpine/edge/community/ \\\n\temacs\n\n# Autorun doctor\nCMD [\"/usr/bin/emacs\", \"-f\", \"doctor\"]\n" }, { "path": "dunnet/Dockerfile", "content": "# DESCRIPTION:\t Run text-based game dunnet in a container\n# AUTHOR:\t\t Jessie Frazelle \n# COMMENTS:\n#\tThis file describes how to build dunnet in a container with all\n#\tdependencies installed.\n#\tTested on Debian Jessie\n# USAGE:\n#\t# Download dunnet Dockerfile\n#\twget https://raw.githubusercontent.com/jessfraz/dockerfiles/master/dunnet/Dockerfile\n#\n#\t# Build dunnet image\n#\tdocker build -t dunnet .\n#\n#\tdocker run -it dunnet\n#\n\n# Base docker image\nFROM alpine:latest\nLABEL maintainer \"Jessie Frazelle \"\n\n# Install emacs:\n# Note: Emacs is only in community repo -> https://pkgs.alpinelinux.org/packages?package=emacs&repo=all&arch=x86_64\nRUN apk --no-cache add \\\n\t--repository http://dl-cdn.alpinelinux.org/alpine/edge/community/ \\\n\temacs\n\n# Autorun dunnet\nCMD [\"/usr/bin/emacs\", \"-batch\", \"-l\", \"dunnet\"]\n" }, { "path": "evince/Dockerfile", "content": "# Evince in a container\n#\n# docker run -it \\\n#\t-v $HOME/documents/:/root/documents/ \\\n#\t-v /tmp/.X11-unix:/tmp/.X11-unix \\\n#\t-e DISPLAY=$DISPLAY \\\n#\tevince\n#\n\nFROM alpine:latest\nLABEL maintainer \"Christian Koep \"\n\nRUN apk --no-cache add \\\n\t--repository http://dl-cdn.alpinelinux.org/alpine/edge/community \\\n\tevince \\\n\tttf-opensans\n\nCMD [\"/usr/bin/evince\"]\n" }, { "path": "figma-wine/Dockerfile", "content": "# Run figma windows app in a container with wine\n#\n# docker run --rm -it \\\n#\t-v /etc/localtime:/etc/localtime:ro \\\n#\t--cpuset-cpus 0 \\\n#\t-v /tmp/.X11-unix:/tmp/.X11-unix \\\n#\t-e DISPLAY=unix$DISPLAY \\\n#\t--device /dev/snd:/dev/snd \\\n#\t--name figma-wine \\\n#\tjess/figma-wine bash\n#\nFROM r.j3ss.co/wine\nLABEL maintainer \"Jessie Frazelle \"\n\nENV HOME /home/user\nRUN useradd --create-home --home-dir $HOME user \\\n\t&& curl -sSL \"https://desktop.figma.com/win/FigmaSetup.exe\" > ${HOME}/FigmaSetup.exe \\\n\t&& chown -R user:user $HOME\n\nWORKDIR $HOME\nUSER user\n\nRUN echo \"wine runas /trustlevel:0x20000 FigmaSetup.exe\" > /home/user/.bash_history\nRUN echo \"winetricks dotnet45\" >> /home/user/.bash_history\nRUN echo \"winecfg\" >> /home/user/.bash_history\n\nCMD [ \"bash\" ]\n" }, { "path": "firefox/Dockerfile", "content": "FROM debian:sid-slim\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN apt-get update && apt-get install -y \\\n\tdirmngr \\\n\tgnupg \\\n\t--no-install-recommends \\\n\t&& apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 0AB215679C571D1C8325275B9BDB3D89CE49EC21 \\\n\t&& echo \"deb http://ppa.launchpad.net/mozillateam/firefox-next/ubuntu xenial main\" >> /etc/apt/sources.list.d/firefox.list \\\n\t&& apt-get update && apt-get install -y \\\n\tapulse \\\n\tca-certificates \\\n\tffmpeg \\\n\tfirefox \\\n\thicolor-icon-theme \\\n\tlibasound2 \\\n\tlibgl1-mesa-dri \\\n\tlibgl1-mesa-glx \\\n\tlibpulse0 \\\n\tfonts-noto \\\n\tfonts-noto-cjk \\\n\tfonts-noto-color-emoji \\\n\t--no-install-recommends \\\n\t&& rm -rf /var/lib/apt/lists/*\n\nENV LANG en-US\n\nCOPY local.conf /etc/fonts/local.conf\n\nRUN echo 'pref(\"browser.tabs.remote.autostart\", false);' >> /etc/firefox/syspref.js\n\nCOPY entrypoint.sh /usr/bin/startfirefox\n\nENTRYPOINT [ \"startfirefox\" ]\n" }, { "path": "firefox/alpine/Dockerfile", "content": "FROM alpine:latest\n\nLABEL maintainer \"Christian Koep \"\n\nRUN apk add --no-cache \\\n\talsa-lib \\\n\tca-certificates \\\n\tfirefox-esr \\\n\thicolor-icon-theme \\\n\tmesa-dri-intel \\\n\tmesa-gl \\\n\tttf-dejavu\n\nENTRYPOINT [\"/usr/bin/firefox\"]\n" }, { "path": "firefox/entrypoint.sh", "content": "#!/bin/bash\n\nif [[ -e /dev/snd ]]; then\n\texec apulse firefox \"$@\"\nelse\n\texec firefox \"$@\"\nfi\n" }, { "path": "firefox/local.conf", "content": "\n\n\n\n\nrgb\n\n\n\n\ntrue\n\n\n\n\nhintslight\n\n\n\n\ntrue\n\n\n\n\nlcddefault\n\n\n\n\nfalse\n\n\n\n" }, { "path": "fleet/Dockerfile", "content": "FROM golang:alpine AS builder\nMAINTAINER Jessica Frazelle \n\nENV PATH /go/bin:/usr/local/go/bin:$PATH\nENV GOPATH /go\n\nRUN apk add --no-cache \\\n\tca-certificates \\\n\tgcc \\\n\tgit \\\n\tmake \\\n\tnpm \\\n\tyarn\n\nENV FLEET_VERSION 2.6.0\n\nRUN git clone --depth 1 --branch \"${FLEET_VERSION}\" https://github.com/kolide/fleet.git /go/src/github.com/kolide/fleet\n\nWORKDIR /go/src/github.com/kolide/fleet\n\nENV GO111MODULE on\n\nRUN make deps generate\n\nRUN CGO_ENABLED=0 go build -a -tags netgo -ldflags '-w -extldflags \"-static\"' -o /usr/bin/fleet ./cmd/fleet\nRUN CGO_ENABLED=0 go build -a -tags netgo -ldflags '-w -extldflags \"-static\"' -o /usr/bin/fleetctl ./cmd/fleetctl\n\nFROM r.j3ss.co/osquery AS osquery\n\nFROM scratch\n\nCOPY --from=builder /usr/bin/fleet /usr/bin/fleet\nCOPY --from=builder /usr/bin/fleetctl /usr/bin/fleetctl\nCOPY --from=builder /etc/ssl/certs/ /etc/ssl/certs\nCOPY --from=osquery /usr/share/osquery/packs /packs\n\nENTRYPOINT [ \"fleet\" ]\nCMD [ \"--help\" ]\n" }, { "path": "fontforge/Dockerfile", "content": "# Run Fontforge in a container\n#\n# state=$HOME\n# mkdir -p $state/fontforge\n# docker run --rm \\\n# -v /tmp/.X11-unix:/tmp/.X11-unix \\\n# -e DISPLAY=unix$DISPLAY \\\n# -v $state/fontforge:/home/fontforge \\\n# --name fontforge \\\n# fghj/fontforge\n\n# Base docker image\nFROM ubuntu:16.04\nLABEL maintainer \"Axel Svensson \"\n\nRUN apt-get update \\\n && apt-get install -y \\\n software-properties-common \\\n --no-install-recommends \\\n && add-apt-repository ppa:fontforge/fontforge \\\n && apt-get update \\\n && apt-get install -y \\\n fontforge \\\n --no-install-recommends \\\n && rm -rf /var/lib/apt/lists/*\n\nENV HOME /home/fontforge\nRUN useradd --create-home --home-dir $HOME fontforge\nWORKDIR $HOME\nUSER fontforge\nCMD [ \"fontforge\" ]\n\n" }, { "path": "fontpatcher/Dockerfile", "content": "FROM debian:sid-slim\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN apt-get update && apt-get install -y \\\n\tpython-fontforge \\\n\t--no-install-recommends \\\n\t&& rm -rf /var/lib/apt/lists/*\n\nRUN buildDeps=' \\\n\t\tca-certificates \\\n\t\tgit \\\n\t' \\\n\tset -x \\\n\t&& apt-get update \\\n\t&& apt-get install -y $buildDeps --no-install-recommends \\\n\t&& git clone --depth 1 --branch develop https://github.com/Lokaltog/vim-powerline.git /pwrline \\\n\t&& ( \\\n\t\tcd /pwrline \\\n\t\t&& mv fontpatcher/fontpatcher /usr/bin/ \\\n\t\t&& mv fontpatcher/PowerlineSymbols.sfd /usr/bin/ \\\n\t) \\\n\t&& rm -rf /pwrline \\\n\t&& apt-get purge -y --auto-remove $buildDeps \\\n\t&& rm -rf /var/lib/apt/lists/* \\\n\t&& echo \"Build complete.\"\n\nENTRYPOINT [ \"fontpatcher\" ]\n" }, { "path": "fontpatcher/README.md", "content": "# fontpatcher\n\nHow to use:\n\n1. Enter the directory where the font file lives you wish to patch.\n2. Run:\n\n $ docker run --rm -it \\\n -v $(pwd):/workdir \\\n --workdir /workdir \\\n r.j3ss.co/fontpatcher myfontfile.otf\n\n3. You should have a `myfontfile-Powerline.otf` as an artifact.\n4. Copy the font file into ``~/.fonts`` (or another X font directory)::\n\n $ cp MyFontFile-Powerline.otf ~/.fonts\n\n **Note:** If the font is a pure bitmap font (e.g. a PCF font) it will be\n stored in the BDF format. This is usually not a problem, and you may\n convert the font back to the PCF format using ``bdftopcf`` if you want\n to. All other fonts will be stored in the OTF format regardless of the\n original format.\n\n5. Update your font cache::\n\n $ sudo fc-cache -vf\n\n **Note:** If you use vim in rxvt-unicode in the client/daemon mode, you\n may need to close all running terminals as well for the font to be\n updated.\n" }, { "path": "foss-heartbeat/Dockerfile", "content": "FROM python:3-alpine\n\nRUN apk add --no-cache \\\n\tca-certificates \\\n\tbash \\\n\tgfortran \\\n\tlapack \\\n\topenjdk8-jre-base \\\n\tpy3-numpy \\\n\tpy3-scipy\n\n# Install the requirements\nRUN set -x \\\n\t&& apk add --no-cache --virtual .build-deps \\\n\t\tbuild-base \\\n\t\tgit \\\n\t\tlapack-dev \\\n\t\tlibffi-dev \\\n\t\topenssl-dev \\\n\t&& ln -s /usr/include/locale.h /usr/include/xlocale.h \\\n\t&& git clone --depth 1 https://github.com/sarahsharp/foss-heartbeat.git /usr/src/foss-heartbeat \\\n\t&& ( \\\n\t\tcd /usr/src/foss-heartbeat \\\n\t\t&& cat requirements.txt | grep -v numpy | grep -v scipy | tee requirements.txt \\\n\t\t&& pip install -r requirements.txt \\\n\t\t&& pip install statistics \\\n\t) \\\n\t&& apk del .build-deps\n\nWORKDIR /usr/src/foss-heartbeat\n" }, { "path": "freeradius/Dockerfile", "content": "FROM alpine:latest\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN apk --no-cache add \\\n freeradius \\\n\tfreeradius-python \\\n\tfreeradius-radclient \\\n\tfreeradius-sql \\\n\tfreeradius-sqlite \\\n\topenssl-dev \\\n\tpython2 \\\n\tsqlite\n\nENTRYPOINT [ \"radiusd\" ]\nCMD [ \"-xx\",\"-f\" ]\n" }, { "path": "gcalcli/Dockerfile", "content": "FROM alpine:latest\nLABEL maintainer \"Jessie Frazelle \"\n\nENV HOME /home/gcalcli\n\nRUN apk --no-cache add \\\n\tpython3 \\\n\tpython3-dev \\\n\tbuild-base \\\n\t&& adduser -S gcalcli \\\n\t&& chown -R gcalcli $HOME \\\n\t&& pip3 install vobject parsedatetime gcalcli\n\nWORKDIR $HOME\nUSER gcalcli\n\nENTRYPOINT [ \"gcalcli\" ]\n" }, { "path": "gcc/Dockerfile", "content": "FROM debian:bullseye-slim\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN apt-get update && apt-get install -y \\\n\tgcc \\\n\tlibc6-dev \\\n\t--no-install-recommends \\\n\t&& rm -rf /var/lib/apt/lists/*\n" }, { "path": "gcloud/Dockerfile", "content": "FROM python:2-alpine\n\nENV PATH $PATH:/usr/src/google-cloud-sdk/bin\nENV CLOUD_SDK_DOCKER_VERSION 295.0.0\n\nRUN set -x \\\n\t&& apk add --no-cache --virtual .build-deps \\\n\t\tcurl \\\n\t\tca-certificates \\\n\t\ttar \\\n\t&& curl -sSL -o /tmp/google-cloud-sdk.tar.gz \"https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-sdk-${CLOUD_SDK_DOCKER_VERSION}-linux-x86_64.tar.gz\" \\\n\t&& mkdir -p /usr/src/google-cloud-sdk \\\n\t&& tar -xzf /tmp/google-cloud-sdk.tar.gz -C /usr/src/google-cloud-sdk --strip-components 1 \\\n\t&& rm /tmp/google-cloud-sdk.tar.gz \\\n\t&& ( \\\n\t\tcd /usr/src/google-cloud-sdk \\\n\t\t&& ./install.sh \\\n \t--usage-reporting false \\\n \t--path-update false \\\n\t) \\\n\t&& apk del .build-deps \\\n\t&& gcloud components update \\\n\t&& gcloud version\n\nWORKDIR /root\n\nENTRYPOINT [\"gcloud\"]\n" }, { "path": "geary/Dockerfile", "content": "FROM debian:bullseye-slim\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN apt-get update && apt-get install -y \\\n\tgeary \\\n\t--no-install-recommends \\\n\t&& rm -rf /var/lib/apt/lists/*\n\nENTRYPOINT [ \"geary\" ]\n" }, { "path": "ghostscript/Dockerfile", "content": "FROM alpine:latest\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN apk --no-cache add \\\n\tghostscript\n\nENTRYPOINT [\"gs\"]\n" }, { "path": "gimp/Dockerfile", "content": "# Run gimp in a contianer\n#\n# docker run -d \\\n#\t-v /etc/localtime:/etc/localtime:ro \\\n#\t-v /tmp/.X11-unix:/tmp/.X11-unix \\\n#\t-e DISPLAY=unix$DISPLAY \\\n#\t-v $HOME/Pictures:/root/Pictures \\\n#\t--name gimp \\\n#\tjess/gimp\n#\nFROM debian:bullseye-slim\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN apt-get update && apt-get install -y \\\n\tgimp \\\n\t--no-install-recommends \\\n\t&& rm -rf /var/lib/apt/lists/*\n\nENTRYPOINT [ \"gimp\" ]\n" }, { "path": "github-dev/Dockerfile", "content": "FROM golang:alpine\nMAINTAINER Jessica Frazelle \n\nRUN\tapk add --no-cache \\\n\tbash \\\n\tca-certificates \\\n\tcurl \\\n\tgcc \\\n\tgit \\\n\tgnupg \\\n\tjq \\\n\tmake \\\n\tmusl-dev \\\n\tlibseccomp-dev \\\n\tlinux-headers\n\nRUN go get golang.org/x/lint/golint\nRUN go get honnef.co/go/tools/cmd/staticcheck\n# TODO: remove this eventually\nRUN go get golang.org/x/crypto/ssh/terminal\n\nCOPY upload-assets /usr/bin/upload-assets\nCOPY release-email-notification /usr/bin/release-email-notification\nCOPY cleanup-pr-branch /usr/bin/cleanup-pr-branch\n" }, { "path": "github-dev/cleanup-pr-branch", "content": "#!/bin/bash\nset -e\nset -o pipefail\n\nif [[ -n \"$TOKEN\" ]]; then\n\tGITHUB_TOKEN=$TOKEN\nfi\n\nif [[ -z \"$GITHUB_TOKEN\" ]]; then\n\techo \"Set the GITHUB_TOKEN env variable.\"\n\texit 1\nfi\n\nif [[ -z \"$GITHUB_REPOSITORY\" ]]; then\n\techo \"Set the GITHUB_REPOSITORY env variable.\"\n\texit 1\nfi\n\nURI=https://api.github.com\nAPI_VERSION=v3\nAPI_HEADER=\"Accept: application/vnd.github.${API_VERSION}+json\"\nAUTH_HEADER=\"Authorization: token ${GITHUB_TOKEN}\"\n\nmain(){\n\taction=$(jq --raw-output .action \"$GITHUB_EVENT_PATH\")\n\tmerged=$(jq --raw-output .pull_request.merged \"$GITHUB_EVENT_PATH\")\n\n\techo \"action: $action merged: $merged\"\n\n\tif [[ \"$action\" == \"closed\" ]] && [[ \"$merged\" == \"true\" ]]; then\n\t\t# delete the branch.\n\t\tref=$(jq --raw-output .pull_request.head.ref \"$GITHUB_EVENT_PATH\")\n\t\towner=$(jq --raw-output .pull_request.head.repo.owner.login \"$GITHUB_EVENT_PATH\")\n\t\trepo=$(jq --raw-output .pull_request.head.repo.name \"$GITHUB_EVENT_PATH\")\n\n\t\tif [[ \"$ref\" == \"master\" ]]; then\n\t\t\t# Never delete the master branch.\n\t\t\techo \"Will not delete master branch for ${owner}/${repo}, exiting.\"\n\t\t\texit 0\n\t\tfi\n\n\t\techo \"Deleting branch ref $ref for owner ${owner}/${repo}...\"\n\t\tcurl -XDELETE -sSL \\\n\t\t\t-H \"${AUTH_HEADER}\" \\\n\t\t\t-H \"${API_HEADER}\" \\\n\t\t\t\"${URI}/repos/${owner}/${repo}/git/refs/heads/${ref}\"\n\n\t\techo \"Branch delete success!\"\n\tfi\n}\n\nmain \"$@\"\n" }, { "path": "github-dev/release-email-notification", "content": "#!/bin/bash\nset -e\nset -o pipefail\nset -x\n\nif [[ -z \"$MAILGUN_API_KEY\" ]]; then\n\techo \"Set the MAILGUN_API_KEY env variable.\"\n\texit 1\nfi\n\nif [[ -n \"$MAILGUN_DOMAIN\" ]]; then\n\tMAILGUN_DOMAIN_NAME=$MAILGUN_DOMAIN\nfi\n\nif [[ -z \"$MAILGUN_DOMAIN_NAME\" ]]; then\n\techo \"Set the MAILGUN_DOMAIN_NAME env variable.\"\n\texit 1\nfi\n\nif [[ -z \"$TO_NAME\" ]]; then\n\techo \"Set the TO_NAME env variable.\"\n\texit 1\nfi\n\nif [[ -z \"$TO_EMAIL\" ]]; then\n\techo \"Set the TO_EMAIL env variable.\"\n\texit 1\nfi\n\ncurl -sSL --user \"api:${MAILGUN_API_KEY}\" \\\n\t\"https://api.mailgun.net/v3/${MAILGUN_DOMAIN_NAME}/messages\" \\\n\t-F 'from=\"Mailgun API \"' \\\n\t-F \"to=${TO_NAME}\" \\\n\t-F \"to=${TO_EMAIL}\" \\\n\t-F 'subject=\"[github action]: Release '\"${GITHUB_REPOSITORY}\"':'\"${GITHUB_REF}\"' uploaded\"' \\\n\t-F 'text=\"The release has been uploaded for https://github.com/'\"${GITHUB_REPOSITORY}\"'/releases\"'\n" }, { "path": "github-dev/upload-assets", "content": "#!/bin/bash\n\nif [[ -n \"$TOKEN\" ]]; then\n\tGITHUB_TOKEN=$TOKEN\nfi\n\nif [[ -z \"$GITHUB_TOKEN\" ]]; then\n\techo \"Set the GITHUB_TOKEN env variable.\"\n\texit 1\nfi\n\nif [[ -z \"$GITHUB_REPOSITORY\" ]]; then\n\techo \"Set the GITHUB_REPOSITORY env variable.\"\n\texit 1\nfi\n\nif [[ -z \"$GITHUB_REF\" ]]; then\n\techo \"Set the GITHUB_REF env variable.\"\n\texit 1\nfi\n\nURI=https://api.github.com\nAPI_VERSION=v3\nAPI_HEADER=\"Accept: application/vnd.github.${API_VERSION}+json\"\nAUTH_HEADER=\"Authorization: token ${GITHUB_TOKEN}\"\n\nmain(){\n\tlocal files\n\n\tif [ \"$#\" -eq 0 ]; then\n\t\techo \"Must pass files to be uploaded...\"\n\t\texit 1\n\tfi\n\tfiles=( \"$@\" )\n\n\t# Validate the GitHub token.\n\tcurl -o /dev/null -sSL -H \"${AUTH_HEADER}\" -H \"${API_HEADER}\" \"${URI}/repos/${GITHUB_REPOSITORY}\" || { echo \"Error: Invalid repo, token or network issue!\"; exit 1; }\n\n\techo \"Github ref: ${GITHUB_REF}\"\n\n\t# Get the tags.\n\ttag_response=$(curl -sSL -H \"${AUTH_HEADER}\" -H \"${API_HEADER}\" \"${URI}/repos/${GITHUB_REPOSITORY}/tags\")\n\n\ttag_name=$(echo \"$tag_response\" | jq -e --raw-output .[0].name)\n\n\t# Get the latest release.\n\tlatest_response=$(curl -sSL -H \"${AUTH_HEADER}\" -H \"${API_HEADER}\" \"${URI}/repos/${GITHUB_REPOSITORY}/releases/latest\")\n\tlatest_release=$(echo \"$latest_response\" | jq -e --raw-output .tag_name)\n\trelease_id=$(echo \"$latest_response\" | jq -e --raw-output .id)\n\n\tif [[ \"$tag_name\" != \"$latest_release\" ]] || [[ \"$release_id\" == \"null\" ]]; then\n\t\t# Create the release.\n\t\techo \"Creating release for tag name: ${tag_name}\"\n\t\tresponse=$(curl -XPOST -sSL -H \"${AUTH_HEADER}\" -H \"${API_HEADER}\" \"${URI}/repos/${GITHUB_REPOSITORY}/releases\" --data '{\"tag_name\": \"'\"${tag_name}\"'\",\"name\":\"'\"${tag_name}\"'\",\"draft\":false,\"prerelease\":false}')\n\t\trelease_id=$(echo \"$response\" | jq -e --raw-output .id)\n\tfi\n\n\tif [[ \"$release_id\" == \"null\" ]]; then\n\t\techo \"Release ID cannot be null.\"\n\t\texit 1\n\tfi\n\n\n\t# Upload the files.\n\techo \"Uploading files: ${files[*]}\"\n\techo \"For tag name: ${tag_name}\"\n\n\t# shellcheck disable=SC2068\n\tfor file in ${files[@]}; do\n\t\tfilename=$(basename \"$file\")\n\t\trp=$(realpath \"$file\")\n\n\t\tcurl -sSL -H \"${AUTH_HEADER}\" \\\n\t\t\t--data-binary @\"$rp\" \\\n\t\t\t-H \"Content-Type: application/octet-stream\" \\\n\t\t\t\"https://uploads.github.com/repos/${GITHUB_REPOSITORY}/releases/${release_id}/assets?name=${filename}&access_token=${GITHUB_TOKEN}\"\n\n\t\techo \"Successfully uploaded: ${rp}\"\n\tdone\n\n\techo \"Uploading assets to ${tag_name} complete!\"\n}\n\nmain \"$@\"\n" }, { "path": "gitiles/Dockerfile", "content": "FROM l.gcr.io/google/bazel:latest\nLABEL maintainer \"Jessie Frazelle \"\n\n# https://gerrit.googlesource.com/gitiles/\nENV GITILES_VERSION v0.4\n\nRUN apt-get update && apt-get install -y \\\n\tbash \\\n\tca-certificates \\\n\tcurl \\\n\tgit \\\n\topenjdk-8-jdk \\\n\t--no-install-recommends \\\n\t&& rm -rf /var/lib/apt/lists/*\n\n# install bazel\nRUN set -x \\\n\t&& git clone --depth 1 --branch \"${GITILES_VERSION}\" https://gerrit.googlesource.com/gitiles /usr/src/gitiles \\\n\t&& ( \\\n\t\tcd /usr/src/gitiles \\\n\t\t&& bazel build java/com/google/gitiles/dev \\\n\t\t&& cp -rL bazel-bin bin \\\n\t\t&& rm -rf bazel-bin \\\n\t)\n\nCOPY start.sh /usr/bin/start.sh\n\nENTRYPOINT [ \"/usr/bin/start.sh\" ]\n" }, { "path": "gitiles/start.sh", "content": "#!/bin/bash\nset -e\n\nROOT=/usr/src/gitiles\nPROPERTIES=\n\nif [ \"x$1\" != \"x\" ]; then\n\tPROPERTIES=\"--jvm_flag=-Dcom.google.gitiles.configPath=$1\"\nelse\n\tPROPERTIES=\"--jvm_flag=-Dcom.google.gitiles.configPath=/gitfiles.config\"\n\tcat > /gitfiles.config <<-EOF\n\t[gitiles]\n\t\t# Repositories placed here\n\t\tbasePath = /home/git\n\t\t# Do not check they are exported\n\t\texportAll = true\n\t\t# This URL will be displayed as clone URL. DO NOT FORGET TRAILING SLASH!\n\t\tbaseGitUrl = ${BASE_GIT_URL}:\n\t\t# Title of site (doh)\n\t\tsiteTitle = Gitiles - ${SITE_TITLE}\n\t\t# I dunno why, but it is have to be configured.\n\t\tcanonicalHostName = ${SITE_TITLE}\n\t[google]\n\t\tanalyticsId = UA-${GA_ID}\n\tEOF\nfi\n\nPROPERTIES=\"$PROPERTIES --jvm_flag=-Dcom.google.gitiles.sourcePath=$ROOT\"\n\n# shellcheck disable=SC2086\nexec \"${ROOT}/bin/java/com/google/gitiles/dev/dev\" $PROPERTIES\n" }, { "path": "gitserver/Dockerfile", "content": "# Run a git server in a container.\n#\n# docker run --rm -it -p 1234:22 \\\n# \t-e DEBUG=true \\\n# \t-e \"PUBKEY=$(cat ~/.ssh/id_ed25519.pub)\" \\\n# \t--name gitserver \\\n# \tjess/gitserver\nFROM alpine:latest\nLABEL maintainer \"Jessie Frazelle \"\n\nENV HOME /root\n\nRUN apk --no-cache add \\\n\tbash \\\n\tgit \\\n\topenssh \\\n\t&& sed -i \"s/#PasswordAuthentication yes/PasswordAuthentication no/\" /etc/ssh/sshd_config \\\n\t&& sed -i \"s/#PubkeyAuthentication yes/PubkeyAuthentication yes/\" /etc/ssh/sshd_config \\\n\t&& echo -e \"AllowUsers git\\n\" >> /etc/ssh/sshd_config \\\n\t&& echo -e \"Port 22\\n\" >> /etc/ssh/sshd_config \\\n\t&& addgroup git \\\n\t&& adduser -D -S -s /usr/bin/git-shell -h /home/git -g git git \\\n\t&& mkdir -p /home/git/.ssh \\\n\t&& chown -R git:git /home/git \\\n\t&& passwd -u git\n\nENV HOME /home/git\nEXPOSE 22\nWORKDIR $HOME\n\nCOPY ./start.sh /\nCOPY create_repo /usr/bin/create_repo\n\nENTRYPOINT [\"/start.sh\"]\nCMD [\"/usr/sbin/sshd\", \"-D\", \"-e\", \"-f\", \"/etc/ssh/sshd_config\"]\n" }, { "path": "gitserver/create_repo", "content": "#!/bin/bash\nset -e\nset -o pipefail\n\nrepo=$1\nif [[ \"$repo\" != *.git ]]; then\n\trepo=\"${repo}.git\"\nfi\necho \"Creating $repo\"\n(\ncd \"$HOME\"\ngit init --bare \"$repo\"\nchown -R git:git \"$repo\"\n)\n" }, { "path": "gitserver/start.sh", "content": "#!/bin/bash\nset -e\nset -o pipefail\n\n[ \"$DEBUG\" == 'true' ] && set -x\n\nDAEMON=sshd\nHOSTKEY=/etc/ssh/ssh_host_ed25519_key\n\n# create the host key if not already created\nif [[ ! -f \"${HOSTKEY}\" ]]; then\n\tssh-keygen -A\nfi\n\nmkdir -p \"${HOME}/.ssh\"\n# shellcheck disable=SC1091\nsource /etc/profile\n[ \"$PUBKEY\" ] && echo \"$PUBKEY\" > \"${HOME}/.ssh/authorized_keys\"\n\nchown -R git:git \"${HOME}\"\nchmod -R 755 \"${HOME}\"\n\n# Fix permissions, if writable\nif [[ -w \"${HOME}/.ssh\" ]]; then\n chown git:git \"${HOME}/.ssh\" && chmod 700 \"${HOME}/.ssh/\"\nfi\nif [[ -w \"${HOME}/.ssh/authorized_keys\" ]]; then\n chown git:git \"${HOME}/.ssh/authorized_keys\"\n chmod 600 \"${HOME}/.ssh/authorized_keys\"\nfi\n\n# Warn if no config\nif [[ ! -e \"${HOME}/.ssh/authorized_keys\" ]]; then\n echo \"WARNING: No SSH authorized_keys found for git\"\nfi\n\n# set the default shell\nmkdir -p \"${HOME}/git-shell-commands\"\ncat > \"${HOME}/git-shell-commands/no-interactive-login\" <<\\EOF\n#!/bin/sh\nprintf '%s\\n' \"Hi $USER! You've successfully authenticated, but I do not\"\nprintf '%s\\n' \"provide interactive shell access.\"\nexit 128\nEOF\nchmod +x \"${HOME}/git-shell-commands/no-interactive-login\"\n\nstop() {\n echo \"Received SIGINT or SIGTERM. Shutting down $DAEMON\"\n # Get PID\n pid=$(cat \"/var/run/${DAEMON}/${DAEMON}.pid\")\n # Set TERM\n kill -SIGTERM \"${pid}\"\n # Wait for exit\n wait \"${pid}\"\n # All done.\n echo \"Done.\"\n}\n\n# shellcheck disable=SC2145\necho \"Running $@\"\nif [[ \"$(basename \"$1\")\" == \"$DAEMON\" ]]; then\n trap stop SIGINT SIGTERM\n\t# shellcheck disable=SC2068\n $@ &\n pid=\"$!\"\n mkdir -p \"/var/run/${DAEMON}\" && echo \"${pid}\" > \"/var/run/${DAEMON}/${DAEMON}.pid\"\n wait \"${pid}\" && exit $?\nelse\n exec \"$@\"\nfi\n" }, { "path": "gitsome/Dockerfile", "content": "# Run gitsome command line tool:\n# https://github.com/donnemartin/gitsome\n#\n# Usage:\n# \tdocker run --rm -it \\\n# \t\t-v ${HOME}/.gitsomeconfig:/home/anon/.gitsomeconfig \\\n# \t\t-v ${HOME}/.gitsomeconfigurl:/home/anon/.gitsomeconfigurl \\\n#\t\tr.j3ss.co/gitsome\n#\nFROM python:3.5-alpine\n\nRUN apk add --no-cache \\\n\tbash\n\nRUN pip3 install gitsome\n\nENV HOME /home/anon\nRUN adduser -S anon \\\n\t&& chown -R anon $HOME\n\nWORKDIR $HOME\nUSER anon\n\nENTRYPOINT [\"gitsome\"]\n" }, { "path": "gixy/Dockerfile", "content": "# Run gixy command line tool for static nginx analysis:\n# https://github.com/yandex/gixy\n#\n# Usage:\n# \tdocker run --rm -it \\\n# \t\t-v /etc/nginx:/etc/nginx \\\n#\t\tr.j3ss.co/gixy /etc/nginx/nginx.conf\n#\nFROM python:2-alpine\n\nRUN pip install gixy\n\nENTRYPOINT [\"gixy\"]\n" }, { "path": "glxgears/Dockerfile", "content": "# To use:\n#\tdocker run -v /tmp/.X11-unix:/tmp/.X11-unix \\\n#\t\t-e DISPLAY=unix$DISPLAY \\\n#\t\t--device /dev/dri \\\n#\t\tjess/glxgears\n#\n\n# Base docker image\nFROM debian:bullseye-slim\nLABEL maintainer \"Jessie Frazelle \"\n\n# Install all the things\nRUN apt-get update && apt-get install -y \\\n\tmesa-utils \\\n\t--no-install-recommends \\\n\t&& rm -rf /var/lib/apt/lists/*\n\nENV LIBGL_DEBUG verbose\n\nENTRYPOINT [ \"glxgears\" ]\n" }, { "path": "gmail-britta/Dockerfile", "content": "FROM\truby:alpine\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN apk add --no-cache \\\n\tcoreutils\n\nRUN\tset -x \\\n\t&& apk add --no-cache --virtual .build-deps \\\n\tbuild-base \\\n\t&& gem install gmail-britta --no-document \\\n\t&& apk del .build-deps\n" }, { "path": "gnuplot/Dockerfile", "content": "FROM alpine:latest\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN apk --no-cache add \\\n\t--repository http://dl-cdn.alpinelinux.org/alpine/edge/testing/ \\\n\tgnuplot\n\nENTRYPOINT [\"gnuplot\"]\n" }, { "path": "golinks/Dockerfile", "content": "FROM golang:alpine as builder\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN\tapk --no-cache add \\\n\tca-certificates \\\n\tgit\n\nENV PATH /go/bin:/usr/local/go/bin:$PATH\nENV GOPATH /go\n\nRUN go get github.com/kellegous/go || true \\\n\t&& cd /go/src/github.com/kellegous/go \\\n\t&& go build ./cmd/go \\\n\t&& mv go /usr/bin/go\n\n\nFROM alpine:latest\n\nCOPY --from=builder /usr/bin/go /usr/bin/go\nCOPY --from=builder /etc/ssl/certs/ /etc/ssl/certs\n\nENTRYPOINT [ \"go\" ]\n" }, { "path": "gparted/Dockerfile", "content": "# DESCRIPTION:\t Create gparted container with its dependencies\n# AUTHOR:\t\t Jessie Frazelle \n# COMMENTS:\n#\tThis file describes how to build a gparted container with all\n#\tdependencies installed. It uses native X11 unix socket.\n#\tTested on Debian Jessie\n# USAGE:\n#\t# Download gparted Dockerfile\n#\twget https://raw.githubusercontent.com/jessfraz/dockerfiles/master/gparted/Dockerfile\n#\n#\t# Build gparted image\n#\tdocker build -t gparted .\n#\n#\tdocker run -v /tmp/.X11-unix:/tmp/.X11-unix \\\n#\t\t--device=/dev/sda:/dev/sda \\\n#\t\t--device=/dev/mem:/dev/mem \\\n#\t\t--cap-add SYS_RAWIO \\\n#\t\t-e DISPLAY=unix$DISPLAY gparted\n#\n\n# Base docker image\nFROM debian:bullseye-slim\nLABEL maintainer \"Jessie Frazelle \"\n\n# Install Gparted and its dependencies\nRUN apt-get update && apt-get install -y \\\n\tdosfstools \\\n\tgparted \\\n\tlibcanberra-gtk-module \\\n\tprocps \\\n\t--no-install-recommends \\\n\t&& rm -rf /var/lib/apt/lists/*\n\n# Autorun gparted\nCMD [\"/usr/sbin/gparted\"]\n" }, { "path": "guetzli/Dockerfile", "content": "# guetzli\n#\n# docker run --rm -it \\\n# \t-v ${PWD}:/tmp \\\n# \tr.j3ss.co/guetzli:latest \\\n# \t--verbose /tmp/example.jpg /tmp/example.compressed.jpg\n\nFROM alpine:latest\nLABEL maintainer \"Christian Koep \"\n\nRUN apk --no-cache add \\\n\t\tlibpng \\\n\t\tlibstdc++ \\\n\t\tlibgcc\n\nENV GUETZLI_VERSION v1.0.1\nENV APPDIR /usr/src/guetzli\n\nRUN buildDeps=' \\\n \tg++ \\\n\t\tgit \\\n\t\tlibpng-dev \\\n\t\tmake \\\n\t' \\\n\tset -x \\\n\t&& apk --no-cache add $buildDeps \\\n\t&& git clone --depth 1 --branch \"${GUETZLI_VERSION}\" \"https://github.com/google/guetzli.git\" \"${APPDIR}\" \\\n\t&& ( \\\n\t\tcd \"${APPDIR}\" \\\n\t\t&& make \\\n\t\t&& mv \"${APPDIR}/bin/Release/guetzli\" /usr/local/bin/guetzli \\\n\t) \\\n\t&& apk del $buildDeps \\\n\t&& rm -rf \"${APPDIR}\" \\\n\t&& echo \"Build complete.\"\n\nENTRYPOINT [ \"/usr/local/bin/guetzli\" ]\n" }, { "path": "hollywood/Dockerfile", "content": "FROM ubuntu:16.04\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN apt-get update && apt-get install -y \\\n\tsoftware-properties-common \\\n\t--no-install-recommends && \\\n\tadd-apt-repository ppa:hollywood/ppa && \\\n\tapt-get update && \\\n\tapt-get install -y \\\n\tbyobu \\\n\thollywood \\\n\tlocate \\\n\tmlocate \\\n\t--no-install-recommends \\\n\t&& rm -rf /var/lib/apt/lists/* \\\n\t&& updatedb\n\nENV HOME /home/user\nRUN useradd --create-home --home-dir $HOME user \\\n\t&& chown -R user:user $HOME\n\nWORKDIR $HOME\nUSER user\n\nCMD [ \"hollywood\" ]\n" }, { "path": "htop/Dockerfile", "content": "# htop in a container\n#\n# docker run --rm -it \\\n# \t--pid host \\\n# \tjess/htop\n#\nFROM alpine:latest\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN apk --no-cache add \\\n\thtop\n\nCMD [ \"htop\" ]\n" }, { "path": "htpasswd/Dockerfile", "content": "FROM alpine:latest\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN apk add --no-cache \\\n\tapache2-utils\n\nENTRYPOINT [ \"htpasswd\" ]\n" }, { "path": "httpbin/Dockerfile", "content": "# Run HTTPBin in a container\n#\n# USAGE\n# \n# docker run -d \\\n#\t-p 8080:8080 \\\n#\t--name httpbin \\\n#\tjess/httpbin\n#\n\nFROM python:3-alpine\n\nRUN apk add --no-cache --virtual .build-deps \\\n\t\tbuild-base \\\n\t\tlibffi-dev \\\n\t&& pip3 install --no-cache-dir \\\n\t\tgevent \\\n\t\tgunicorn \\\n\t\thttpbin \\\n\t&& apk del .build-deps\n\nCMD [\"gunicorn\", \"-b\", \"0.0.0.0:8080\", \"httpbin:app\", \"-k\", \"gevent\"]\n" }, { "path": "httpie/Dockerfile", "content": "FROM alpine:latest\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN apk --no-cache add \\\n\tca-certificates \\\n\tpython \\\n\tpy2-pip \\\n\t&& pip install httpie httpie-unixsocket\n\nENTRYPOINT [ \"http\" ]\n" }, { "path": "iceweasel/Dockerfile", "content": "FROM debian:bullseye-slim\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN apt-get update && apt-get install -y \\\n\thicolor-icon-theme \\\n\tfirefox-esr \\\n\tlibgl1-mesa-dri \\\n\tlibgl1-mesa-glx \\\n\t--no-install-recommends \\\n\t&& rm -rf /var/lib/apt/lists/*\n\nCOPY local.conf /etc/fonts/local.conf\n\nENTRYPOINT [ \"firefox\" ]\n" }, { "path": "iceweasel/local.conf", "content": "\n\n\n\n\nrgb\n\n\n\n\ntrue\n\n\n\n\nhintslight\n\n\n\n\ntrue\n\n\n\n\nlcddefault\n\n\n\n\nfalse\n\n\n\n" }, { "path": "imagemagick/Dockerfile", "content": "FROM alpine:latest\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN apk --no-cache add \\\n\timagemagick\n\nCMD [ \"echo\", \"Use one of the following commands [ animate | compare | composite | conjure | convert | display | identify | import | mogrify | montage | stream ]\" ]\n" }, { "path": "imagemin/Dockerfile", "content": "# Run imagemin in a container:\n#\n# docker run --rm -it \\\n#\t-v /etc/localtime:/etc/localtime:ro \\\n#\t-v $HOME/Pictures:/root/Pictures \\\n#\t--entrypoint bash \\\n#\tjess/imagemin\n#\nFROM node:alpine\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN apk --no-cache add \\\n\tfile \\\n\tlibpng\n\nRUN set -x \\\n\t&& apk add --no-cache --virtual .build-deps \\\n\t\tautoconf \\\n\t\tautomake \\\n\t\tbuild-base \\\n\t\tlibpng-dev \\\n\t\tnasm \\\n\t&& npm install --global imagemin-cli \\\n\t&& apk del .build-deps\n\nCMD [ \"imagemin\", \"--help\" ]\n" }, { "path": "inkscape/Dockerfile", "content": "# Run inkscape in a container\n#\n# docker run -v /tmp/.X11-unix:/tmp/.X11-unix \\\n#\t-v /inkscape/:/workspace \\\n#\t-e DISPLAY=unix$DISPLAY \\\n#\tjess/inkscape\n#\nFROM ubuntu:16.04\nLABEL maintainer \"Daniel Romero \"\n\nENV DEBIAN_FRONTEND noninteractive\n\nRUN apt-get update && apt-get install -y \\\n\tpython-software-properties \\\n\tsoftware-properties-common\n\nRUN add-apt-repository ppa:inkscape.dev/stable && \\\n\tapt-get update && apt-get install -y \\\n\tinkscape \\\n\t--no-install-recommends \\\n\t&& rm -rf /var/lib/apt/lists/*\n\nVOLUME /workspace\nWORKDIR /workspace\n\nENTRYPOINT [ \"inkscape\" ]\n" }, { "path": "irssi/Dockerfile", "content": "FROM alpine:latest\n\nRUN apk --no-cache add \\\n\tca-certificates \\\n\tperl-datetime \\\n\tperl-timedate\n\nENV HOME /home/user\nRUN adduser -u 1001 -D user \\\n\t&& mkdir -p $HOME/.irssi \\\n\t&& chown -R user:user $HOME\n\nENV LANG C.UTF-8\n\nENV IRSSI_VERSION 1.2.2\n# https://otr.cypherpunks.ca/index.php#downloads\nENV LIB_OTR_VERSION 4.1.1\n# https://github.com/cryptodotis/irssi-otr/releases\nENV IRSSI_OTR_VERSION 1.0.2\n\nRUN set -x \\\n\t&& apk add --no-cache --virtual .build-deps \\\n\t\tautoconf \\\n\t\tautomake \\\n\t\tcurl \\\n\t\tgcc \\\n\t\tglib-dev \\\n\t\tgnupg \\\n\t\tlibc-dev \\\n\t\tlibgcrypt-dev \\\n\t\tlibtool \\\n\t\tlynx \\\n\t\tmake \\\n\t\tncurses-dev \\\n\t\topenssl-dev \\\n\t\tperl-dev \\\n\t\tpkgconf \\\n\t\ttar \\\n\t\txz \\\n\t&& curl -sSL \"https://github.com/irssi/irssi/releases/download/${IRSSI_VERSION}/irssi-${IRSSI_VERSION}.tar.xz\" -o /tmp/irssi.tar.xz \\\n\t&& curl -sSL \"https://github.com/irssi/irssi/releases/download/${IRSSI_VERSION}/irssi-${IRSSI_VERSION}.tar.xz.asc\" -o /tmp/irssi.tar.xz.asc \\\n\t&& export GNUPGHOME=\"$(mktemp -d)\" \\\n# gpg: key DDBEF0E1: public key \"The Irssi project \" imported\n\t&& gpg --no-tty --keyserver ha.pool.sks-keyservers.net --recv-keys 7EE65E3082A5FB06AC7C368D00CCB587DDBEF0E1 \\\n\t&& gpg --batch --verify /tmp/irssi.tar.xz.asc /tmp/irssi.tar.xz \\\n\t&& rm -rf \"$GNUPGHOME\" /tmp/irssi.tar.xz.asc \\\n\t&& mkdir -p /usr/src \\\n\t&& tar -xJf /tmp/irssi.tar.xz -C /usr/src \\\n\t&& rm /tmp/irssi.tar.xz \\\n\t&& ( \\\n\t\tcd /usr/src/irssi-$IRSSI_VERSION \\\n\t\t&& ./configure \\\n\t\t\t--enable-true-color \\\n\t\t\t--with-bot \\\n\t\t\t--with-proxy \\\n\t\t\t--with-socks \\\n\t\t\t--prefix=/usr \\\n\t\t&& make -j$(getconf _NPROCESSORS_ONLN) \\\n\t\t&& make install \\\n\t) \\\n\t&& curl -sSL \"https://otr.cypherpunks.ca/libotr-${LIB_OTR_VERSION}.tar.gz\" -o /tmp/libotr.tar.gz \\\n\t&& curl -sSL \"https://otr.cypherpunks.ca/libotr-${LIB_OTR_VERSION}.tar.gz.asc\" -o /tmp/libotr.tar.gz.asc \\\n\t&& export GNUPGHOME=\"$(mktemp -d)\" \\\n# gpg: key 42C2ABAD: public key \"OTR Dev Team (Signing Key) \" imported\n\t&& curl -sSL https://otr.cypherpunks.ca/gpgkey.asc | gpg --no-tty --import \\\n\t&& gpg --batch --verify /tmp/libotr.tar.gz.asc /tmp/libotr.tar.gz \\\n\t&& rm -rf \"$GNUPGHOME\" /tmp/libotr.tar.gz.asc \\\n\t&& mkdir -p /usr/src/libotr \\\n\t&& tar -xzf /tmp/libotr.tar.gz -C /usr/src/libotr --strip-components 1 \\\n\t&& rm /tmp/libotr.tar.gz \\\n\t&& ( \\\n\t\tcd /usr/src/libotr \\\n\t\t&& ./configure \\\n\t\t\t--with-pic \\\n\t\t\t--prefix=/usr \\\n\t\t&& make \\\n\t\t&& make install \\\n\t) \\\n\t&& mkdir -p /usr/src/irssi-otr \\\n\t&& curl -sSL \"https://github.com/cryptodotis/irssi-otr/archive/v${IRSSI_OTR_VERSION}.tar.gz\" -o /tmp/irssi-otr.tar.gz \\\n\t&& mkdir -p /usr/src/irssi-otr \\\n\t&& tar -xf /tmp/irssi-otr.tar.gz -C /usr/src/irssi-otr --strip-components 1 \\\n\t&& rm -f /tmp/irssi-otr.tar.gz \\\n\t&& ( \\\n\t\tcd /usr/src/irssi-otr \\\n\t\t&& ./bootstrap \\\n\t\t&& ./configure \\\n\t\t\t--prefix=/usr \\\n\t\t&& make \\\n\t\t&& make install \\\n\t) \\\n\t&& rm -rf /usr/src/irssi-$IRSSI_VERSION \\\n\t&& rm -rf /usr/src/libotr \\\n\t&& rm -rf /usr/src/irssi-otr \\\n\t&& runDeps=\"$( \\\n\t\tscanelf --needed --nobanner --recursive /usr \\\n\t\t\t| awk '{ gsub(/,/, \"\\nso:\", $2); print \"so:\" $2 }' \\\n\t\t\t| sort -u \\\n\t\t\t| xargs -r apk info --installed \\\n\t\t\t| sort -u \\\n\t)\" \\\n\t&& apk add --no-cache --virtual .irssi-rundeps $runDeps perl-libwww \\\n\t&& apk del .build-deps\n\nWORKDIR $HOME\nVOLUME $HOME/.irssi\n\nUSER user\nCMD [\"irssi\"]\n" }, { "path": "john/Dockerfile", "content": "FROM alpine:latest\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN apk add --no-cache \\\n\tca-certificates \\\n\tgmp \\\n\tlibgomp\n\nRUN set -x \\\n\t&& apk add --no-cache --virtual .build-deps \\\n\t\tbuild-base \\\n\t\tgcc \\\n\t\tgit \\\n\t\tgmp-dev \\\n\t\tkrb5-dev \\\n\t\tlibressl-dev \\\n\t\tmake \\\n\t\tperl \\\n\t&& git clone --depth 1 https://github.com/magnumripper/JohnTheRipper.git /usr/src/johntheripper \\\n\t&& ( \\\n\t\tcd /usr/src/johntheripper/src \\\n\t\t&& ./configure || cat config.log \\\n\t\t&& make \\\n\t\t&& cp -r ../run/* /usr/local/bin/ \\\n\t) \\\n\t&& rm -rf /usr/src/johntheripper \\\n\t&& apk del .build-deps\n\nCOPY john.ini /root/john.ini\nCOPY passwd.lst /root/passwd.lst\n\nWORKDIR /root\n\nENTRYPOINT [ \"john\" ]\n" }, { "path": "john/john.ini", "content": "#\n# This file is part of John the Ripper password cracker,\n# Copyright (c) 1996-98 by Solar Designer\n#\n\n[Options]\n# Wordlist file name, to be used in batch mode\nWordfile = ~/passwd.lst\n# Use idle cycles only\nIdle = N\n# Crash recovery file saving delay in seconds\nSave = 600\n# Beep when a password is found (who needs this anyway?)\nBeep = N\n" }, { "path": "john/passwd.lst", "content": "_\n!@#$%\n!@#$%^\n!@#$%^&\n!@#$%^&*\n!@#$%^&*\r\n!@#$%^&\r\n!@#$%^\r\n!@#$%\r\n@#$%^&\n@#$%^&\r\n*\n\r\n0000\r\n00000\r\n000000\n000000\r\n00000000\n00000000\r\n0007\n0007\r\n007\n007\r\n007007\n007007\r\n010203\r\n012345\r\n0123456\r\n0123456789\r\n0246\n0249\n0852\r\n098765\r\n0987654321\r\n1\n1\r\n101010\r\n102030\r\n1022\n1022\r\n10sne1\n10sne1\r\n1111\r\n11111\r\n111111\n111111\r\n11111111\r\n112233\r\n11235813\r\n1212\r\n121212\n121212\r\n1213\r\n1214\r\n1225\n1225\r\n123\n123\r\n123123\n123123\r\n123123123\r\n123321\r\n1234\n1234\r\n12345\n12345\r\n123456\n123456\r\n1234567\n1234567\r\n12345678\n12345678\r\n123456789\r\n1234567890\r\n12345678910\r\n123456a\r\n1234qwer\n1234qwer\r\n123654\r\n123789\r\n123abc\n123abc\r\n123go\n123go\r\n123qwe\r\n1313\n1313\r\n131313\n131313\r\n1316\r\n1332\r\n13579\n13579\r\n1412\r\n141414\r\n1430\r\n14430\n147258\r\n147258369\r\n147852\r\n147852369\r\n151515\r\n159357\r\n159753\r\n1701d\n1701d\r\n171717\r\n1818\r\n181818\r\n1911\r\n1928\n1928\r\n1948\r\n1950\r\n1951\n1952\r\n1953\r\n1955\r\n1956\r\n1960\r\n1964\r\n1969\r\n1973\r\n1975\r\n1977\r\n1978\r\n1991\r\n1996\r\n1998\r\n1a2b3c\n1a2b3c\r\n1chris\r\n1kitty\r\n1p2o3i\n1q2w3e\n1q2w3e\r\n1q2w3e4r\r\n1qaz2wsx\r\n1qw23e\n1qw23e\r\n1sanjose\n2000\r\n2001\r\n2020\r\n202020\r\n2112\n2112\r\n21122112\n21122112\r\n212121\r\n22\r\n2200\r\n2222\n2222\r\n222222\r\n2252\r\n232323\r\n242424\r\n246810\r\n252525\r\n2580\r\n2kids\r\n2welcome\n3010\r\n3112\r\n3141\r\n333\r\n333333\r\n3533\r\n369\n369\r\n3bears\r\n4055\r\n4444\n4444\r\n444444\r\n456123\r\n456789\r\n4788\r\n4854\r\n4runner\n4runner\r\n5050\r\n50cent\r\n5201314\r\n5252\n5252\r\n54321\n54321\r\n5555\n5555\r\n55555\r\n555555\r\n5683\n5683\r\n57chevy\r\n6262\r\n6301\r\n654321\n654321\r\n666666\n666666\r\n6969\n6969\r\n696969\n696969\r\n741852\r\n741852963\r\n777\n777\r\n7777\n7777\r\n777777\r\n7777777\r\n789456\r\n789456123\r\n7dwarfs\r\n80486\n8675309\n8675309\r\n87654321\r\n888888\n888888\r\n88888888\r\n90210\n90210\r\n911\n911\r\n92072\n987654\r\n987654321\r\n999999\r\n99999999\n99999999\r\n999999999\r\na\na\r\na12345\na12345\r\na123456\r\na1b2c3\na1b2c3\r\na1b2c3d4\na1b2c3d4\r\naa\r\naaa\naaa\r\naaaa\r\naaaaaa\naaaaaa\r\nAaaaaa\naaliyah\r\naardvark\r\naaron\naaron\r\nabacab\r\nabbott\r\nabby\nabby\r\nabc\nabc\r\nabc123\nabc123\r\nABC123\nABC123\r\nabcd\nabcd\r\nabcd123\r\nabcd1234\nabcd1234\r\nabcde\nabcde\r\nabcdef\nabcdef\r\nAbcdef\nAbcdef\r\nabcdefg\nabcdefg\r\nAbcdefg\nabigail\nabigail\r\nabsolut\nabsolut\r\naccess\naccess\r\naccord\r\naccount\r\nace\r\nacropolis\r\naction\naction\r\nAction\nactive\nactive\r\nacura\nacura\r\nadam\nadam\r\nadg\nadi\r\nadidas\nadidas\r\nAdidas\nadmin\r\nadmin1\r\nadrian\nadrian\r\nadriana\r\nadrock\r\nadvil\naeh\naerobics\r\nafrica\r\nagent\r\nAggies\nAikman\nairborne\r\nAirhead\nairwolf\r\naki123\r\nalaska\nalaska\r\nAlaska\nalbert\nalbert\r\nAlbert\nalberto\r\nalejandra\r\nalejandro\r\nalex\nalex\r\nalex1\nalex1\r\nalexande\nalexander\r\nalexandr\nalexandr\r\nalexandra\r\nalexis\nalexis\r\nAlexis\r\nalfaro\r\nalfred\nalfred\r\nalfredo\r\nali\r\nalice\nalice\r\nalice1\r\nalicia\r\nAlicia\nalien\r\naliens\naliens\r\nalina\r\naline\r\nalison\nalison\r\nallegro\r\nallen\nallen\r\nallison\nallison\r\nallo\nallo\r\nallstate\r\naloha\r\nalpha\nalpha\r\nAlpha\r\nalpha1\nalpha1\r\nalpine\nalpine\r\naltamira\r\nalthea\r\naltima\r\naltima1\r\nalyssa\r\nAlyssa\namanda\namanda\r\nAmanda\namanda1\namanda1\r\namazing\r\namber\namber\r\namelia\r\namelie\namelie\r\namerica\r\nAmerica\namerica7\nAmiga\namigas\r\namigos\r\namistad\r\namorcito\r\namores\r\namour\namour\r\namy\namy\r\nanaconda\r\nanamaria\r\nanders\r\nanderson\nanderson\r\nandre\nandre\r\nandre1\r\nandrea\nandrea\r\nAndrea\nandrea1\r\nandreea\r\nandrei\r\nandres\r\nandrew\nandrew!\r\nandrew\r\nAndrew\nAndrew\r\nandrew1\r\nandromeda\r\nandy\nandy\r\nangel\nangel\r\nangel1\r\nangela\nangela\r\nAngela\nAngela1\nangeles\r\nangelica\r\nangelina\r\nangelito\r\nangelo\r\nangels\nangels\r\nangie\nangie\r\nangie1\r\nangus\nangus\r\nanimal\nanimal\r\nAnimal\nAnimals\nAnimals\r\nanita\r\nann\r\nanna\nanna\r\nanne\nanne\r\nanneli\r\nannette\r\nannie\nannie\r\nantares\r\nanthony\nanthony\r\nAnthony\nAnthony\r\nanthony1\r\nantonio\r\nanything\r\napache\napache\r\napollo\napollo\r\napollo13\napollo13\r\napple\napple\r\napple1\napple1\r\napple2\r\napplepie\r\napples\napples\r\nApples\napril\napril\r\naptiva\r\naqua\r\naquarius\r\naragorn\r\narchie\narchie\r\nArchie\nArctic\nariana\r\nariane\nariane\r\nariel\nariel\r\nAriel\r\narizona\narizona\r\narlene\r\narmando\r\narnold\r\narrow\r\narsenal\r\nartemis\r\narthur\narthur\r\nArthur\nartist\nartist\r\narturo\r\nasdf\nasdf\r\nasdf1234\r\nasdfasdf\r\nasdfg\nasdfg\r\nasdfgh\nasdfgh\r\nAsdfgh\nAsdfgh\r\nasdfghjk\nasdfghjk\r\nasdfghjkl\r\nasdfjkl\nasdfjkl;\nasdfjkl;\r\nasdfjkl\r\nasdf;lkj\r\nashlee\r\nashley\nashley\r\nAshley\nashley1\r\nashraf\r\nashton\r\naspen\naspen\r\nass\nass\r\nasshole\nasshole\r\nAsshole\nassmunch\r\nasterix\nasterix\r\nath\nathena\nathena\r\nattila\nattila\r\naugust\naugust\r\nAugust\naustin\naustin\r\nAustin\nAuthor\nautumn\r\navalon\navalon\r\navatar\r\nAvatar\navenger\r\navenir\r\nawesome\nawesome\r\nAwesome\nayelet\r\naylmer\naylmer\r\nbabes\r\nBabies\nbaby\nbaby\r\nbabyblue\r\nbabyboo\r\nbabyboy\r\nbabydoll\r\nbabyface\r\nbabygirl\r\nbabygirl1\r\nbabygurl\r\nbabyko\r\nbabylon5\nbabylon5\r\nbabylove\r\nbach\nbach\r\nbackup\r\nbadboy\r\nBadboy\nbadger\nbadger\r\nbadgirl\r\nbailey\nbailey\r\nBailey\nBailey\r\nballer\r\nBalls\nbambam\r\nbambi\r\nbamboo\nbamboo\r\nbanana\nbanana\r\nBanana\nbananas\r\nBananas\nbanane\nbandit\nbandit\r\nBandit\nbaraka\r\nbarbara\nbarbara\r\nBarbara\nbarbie\r\nBarbie\nbarcelona\r\nbarn\r\nbarney\nbarney\r\nBarney\nbarney1\r\nbarnyard\r\nbarrett\r\nbarry\nbarry\r\nbart\r\nbartman\r\nBasebal\nbaseball\nbaseball\r\nbasf\nbasf\r\nbasil\nbasil\r\nbasket\nbasket\r\nbaskeT\nBasket\nBasketb\nbasketba\nBasketba\nbasketball\r\nbass\r\nBastard\nBastard\r\nbatista\r\nbatman\nbatman\r\nBatman\nbatman1\r\nbball\r\nbeaches\r\nbeagle\nbeagle\r\nbeaner\nbeaner\r\nBeaner\nbeanie\nbeanie\r\nbeans\r\nbear\nbear\r\nbears\nbears\r\nbeast\r\nbeasty\r\nbeatles\nbeatles\r\nBeatles\nbeatrice\r\nbeatriz\r\nbeautifu\nbeautiful\r\nbeauty\r\nbeaver\nbeaver\r\nBeaver\nbeavis\nbeavis\r\nBeavis\nBeavis\r\nbeavis1\r\nbebe\r\nbebita\r\nbecca\r\nbeckham\r\nbeer\nbeer\r\nbelgium\r\nbelize\r\nbella\r\nbelle\nbelle\r\nbelmont\r\nben\r\nbenfica\r\nbenjamin\nbenjamin\r\nbenji\r\nbenny\nbenny\r\nbenoit\nbenoit\r\nbenson\nbenson\r\nbeowulf\r\nbernard\nbernard\r\nbernardo\r\nbernie\nbernie\r\nberry\r\nbertha\nbertha\r\nberyl\r\nbest\r\nbestfriend\r\nbestfriends\r\nbeta\r\nbetacam\r\nbetsy\r\nbetty\nbetty\r\nbettyboop\r\nbeyonce\r\nbfi\nbharat\r\nbhebhe\r\nbianca\r\nbichon\r\nbigal\r\nbigben\r\nbigbird\nbigbird\r\nBigBird\nbigboss\r\nbigdog\nbigdog\r\nBigdog\nBigfoot\nbiggles\r\nbigmac\nbigmac\r\nbigman\nbigman\r\nbigred\nbigred\r\nbiker\r\nbilbo\nbilbo\r\nbill\nbill\r\nbillabong\r\nbills\r\nbilly\nbilly\r\nbilly1\r\nbimmer\r\nbingo\nbingo\r\nbinky\nbinky\r\nbiochem\r\nbiology\nbiology\r\nBiology\nbird\nbird\r\nbird33\nbird33\r\nbirdie\nbirdie\r\nbirdy\r\nbirthday\r\nbiscuit\r\nbishop\r\nBismillah\r\nbitch\nbitch\r\nbitch1\r\nbiteme\nbiteme\r\nBiteme\nbitter\r\nbiz\r\nblabla\r\nblack\nblack\r\nBlackie\nblackjack\r\nblah\r\nblahblah\r\nblanche\r\nBlaster\nblazer\nblazer\r\nBlazer\nblessed\r\nblessing\r\nblinds\r\nblink182\r\nbliss\r\nblitz\r\nblizzard\nblizzard\r\nblonde\nblonde\r\nblondie\nblondie\r\nBlondie\nblood\r\nblowfish\nblowfish\r\nblowjob\r\nblowme\r\nBlowme\nblue\nblue\r\nbluebird\nbluebird\r\nblueeyes\r\nbluefish\r\nbluejean\r\nblues\r\nbluesky\nbluesky\r\nbmw\nbmw\r\nboat\r\nbob\nbob\r\nbobby\nbobby\r\nbobcat\nbobcat\r\nbogart\r\nbogey\r\nbogus\r\nbombay\r\nbond007\nbond007\r\nBond007\nBond007\r\nBoner\nbonita\r\nbonjour\nbonjour\r\nbonnie\nbonnie\r\nBonnie\nBonzo\r\nboobie\r\nbooboo\nbooboo\r\nBooboo\nBooboo\r\nbooger\nbooger\r\nBooger\nboogie\nboogie\r\nBookit\nboomer\nboomer\r\nBoomer\nbooster\nbooster\r\nboots\nboots\r\nbootsie\nbootsie\r\nboris\nboris\r\nbosco\r\nboss\nboss\r\nboston\nboston\r\nBoston\nBoston\r\nboulder\r\nbourbon\r\nBowling\nbowwow\r\nboxer\r\nboxers\r\nbozo\nbozo\r\nbradley\nbradley\r\nBradley\nbrain\r\nbranch\r\nbrandi\r\nBrandi\nbrandon\nbrandon\r\nBrandon\nbrandon1\r\nbrandy\nbrandy\r\nBrandy\nBrasil\nbraves\nbraves\r\nBraves\nbrazil\r\nBrazil\nbrenda\nbrenda\r\nBrenda\nbrent\r\nbrewster\nbrewster\r\nbrian\nbrian\r\nbrianna\r\nbridge\nbridge\r\nbridges\nbridges\r\nbright\nbright\r\nbritain\r\nbritney\r\nbrittany\r\nBroadway\r\nbroken\r\nbroker\r\nbronco\r\nBroncos\nbronte\r\nbrooke\nbrooke\r\nbrooklyn\r\nbrother\r\nBrowns\nbruce\nbruce\r\nbruno\r\nbrutus\nbrutus\r\nbryan\r\nbubba\nbubba\r\nBubba\nbubba1\nbubba1\r\nbubble\r\nbubblegum\r\nbubbles\nbubbles\r\nBubbles\nbubbles1\r\nbuck\nbuck\r\nbucks\r\nbuddha\r\nBuddha\nbuddy\nbuddy\r\nbuddy1\r\nbudgie\r\nbuffalo\nbuffalo\r\nBuffalo\nbuffett\r\nbuffy\nbuffy\r\nbugs\r\nbugsy\r\nbull\nbull\r\nbulldog\nbulldog\r\nbullet\nbullet\r\nbulls\r\nbullshit\nbullshit\r\nbunny\nbunny\r\nburns\r\nburton\r\nbusiness\nbusiness\r\nbuster\nbuster\r\nBuster\nbutch\nbutch\r\nbutler\nbutler\r\nbutter\r\nbuttercup\r\nbutterfly\r\nbutterfly1\r\nbutthead\nbutthead\r\nButthead\nbutton\nbutton\r\nButton\nbuttons\nbuttons\r\nButtons\nbuzz\nbuzz\r\nbyron\r\nbyteme\nbyteme\r\nc00per\r\ncactus\ncactus\r\ncaesar\ncaesar\r\ncaitlin\ncaitlin\r\ncalendar\r\ncalgary\r\ncaliforn\ncalifornia\r\ncalvin\ncalvin\r\nCalvin\ncalvin1\r\ncamaro\ncamaro\r\nCamaro\ncamay\r\ncamel\r\ncamera\ncamera\r\ncameron\r\ncamila\r\ncamille\r\ncampbell\ncampbell\r\ncamping\ncamping\r\ncanada\ncanada\r\nCanada\ncanced\ncancer\r\nCancer\ncandy\ncandy\r\ncanela\ncanela\r\ncannon\ncannon\r\ncannonda\ncannondale\r\ncanon\ncanon\r\ncantik\r\ncapricorn\r\ncaptain\ncaptain\r\ncar\r\ncarbon\r\ncardinal\ncardinal\r\nCardinal\r\ncarebear\r\ncarl\ncarl\r\ncarlitos\r\ncarlos\ncarlos\r\nCarlos\ncarmen\ncarmen\r\ncarnage\r\ncarol\ncarol\r\nCarol\nCarol\r\ncarol1\r\ncarole\ncarole\r\ncarolina\ncarolina\r\ncaroline\ncaroline\r\ncarolyn\r\ncarrie\ncarrie\r\nCarrie\ncarrot\r\ncarter\r\ncascade\ncascade\r\ncasey\ncasey\r\nCasio\ncasper\ncasper\r\nCasper\ncassandra\r\ncassie\ncassie\r\nCassie\ncastle\ncastle\r\ncat\ncat\r\ncatalina\r\ncatalog\ncatalog\r\ncatch22\r\ncatdog\r\ncatfish\ncatfish\r\ncatherine\r\ncathy\r\ncatnip\r\ncats\ncats\r\ncatwoman\r\ncccccc\ncccccc\r\ncecile\r\ncecilia\r\ncedic\nceleste\r\ncelica\ncelica\r\nceline\nceline\r\nceltic\r\nCeltics\nCeltics\r\ncement\r\ncenter\ncenter\r\nCenter\ncesar\ncesar\r\ncessna\r\ncfi\ncfj\ncgj\nchacha\r\nchad\r\nchainsaw\r\nchalleng\nchallenge\r\nchameleon\r\nchampion\nchampion\r\nChamps\nChamps\r\nchance\nchance\r\nchandler\r\nchanel\nchanel\r\nchang\r\nchange\r\nchangeit\r\nchangeme\nchangeme\r\nChangeme\nChangeme\r\nChangeMe\nChangeMe\r\nchantal\r\nchaos\nchaos\r\nchapman\nchapman\r\ncharger\r\ncharity\ncharity\r\ncharles\ncharles\r\nCharles\ncharlie\ncharlie\r\nCharlie\nCharlie\r\ncharlie1\ncharlie1\r\ncharlott\ncharlotte\r\ncharmed\r\nchat\r\ncheche\r\ncheerleader\r\ncheese\ncheese\r\nCheese\nchelsea\nchelsea\r\nChelsea\nchelsea1\r\ncherry\ncherry\r\ncheryl\ncheryl\r\nCheryl\nchess\r\nchester\r\nChester\nchester1\nchester1\r\nchevy\nchevy\r\nChevy\nChevy1\ncheyenne\r\nchiara\r\nchicago\nchicago\r\nChicago\nchichi\r\nchicken\nchicken\r\nChicken\nchico\nchico\r\nchiefs\r\nChiefs\nchina\nchina\r\nchinacat\r\nchinook\r\nchip\nchip\r\nChipper\nchiquita\nchiquita\r\nchivas\r\nchloe\nchloe\r\nchocolat\nchocolat\r\nchocolate\r\nchouette\r\nchris\nchris\r\nChris\nChris\r\nchris1\nchris1\r\nchris123\r\nchrisbrown\r\nChrissy\nchrist\r\nChrist\nchrist1\r\nchristia\nchristia\r\nchristian\r\nchristin\nchristin\r\nchristina\r\nchristine\r\nchristmas\r\nchristop\nChristop\nchristoph\r\nchristopher\r\nchristy\nchristy\r\nchronos\r\nchubby\r\nchuck\nchuck\r\nChucky\nchurch\nchurch\r\ncicero\r\ncinder\ncinder\r\ncinderella\r\nCindi\ncindy\ncindy\r\ncindy1\r\ncinema\r\ncircuit\r\ncirque\r\ncirrus\r\ncivic\r\ncivil\r\nclaire\nclaire\r\nclancy\nclancy\r\nclapton\r\nclark\nclark\r\nclarkson\r\nclass\nclass\r\nclassroo\nclassroom\r\nclaude\nclaude\r\nclaudel\r\nclaudia\nclaudia\r\nCleaner\ncleo\r\ncliff\r\nclipper\nclipper\r\nclock\r\ncloclo\ncloclo\r\nClover\nclueless\r\ncobain\r\ncobra\ncobra\r\ncocacola\ncocacola\r\ncoco\ncoco\r\ncody\r\ncoffee\ncoffee\r\nCoffee\ncoke\ncoke\r\ncolette\r\ncolleen\ncolleen\r\nColleen\ncollege\ncollege\r\ncolombia\r\ncolor\r\ncolorado\ncolorado\r\ncolors\r\ncolt45\r\ncoltrane\ncoltrane\r\ncolumbia\ncolumbia\r\ncomet\r\ncommander\r\n#!comment:\r\n#!comment: Common passwords, compiled by Solar Designer.\n#!comment: For more wordlists, see http://www.openwall.com/wordlists/\r\n#!comment: in 1996 through 2011. It is assumed to be in the public domain.\r\n#!comment: Last update: 2011/11/20 (3546 entries)\r\n#!comment: occurred in 2006 through 2010.\r\n#!comment: of \"top N passwords\" from major community website compromises that\r\n#!comment: revised to also include common website passwords from public lists\r\n#!comment: systems in mid-1990's, sorted for decreasing number of occurrences\r\n#!comment: (that is, more common passwords are listed first). It has been\r\n#!comment: This list has been compiled by Solar Designer of Openwall Project\r\n#!comment: This list is based on passwords most commonly seen on a set of Unix\r\ncompaq\ncompaq\r\nCompaq\ncompton\ncompton\r\nCompute\ncomputer\ncomputer\r\nComputer\nComputer\r\nconcept\nconcept\r\nconcorde\r\nconfused\r\nconnect\nconnect\r\nconnie\nconnie\r\nConnie\nconnor\r\nconrad\nconrad\r\ncontent\r\ncontrol\ncontrol\r\ncook\r\ncookie\ncookie\r\nCookie\ncookie1\r\ncookies\ncookies\r\ncooking\r\ncool\ncool\r\ncoolbean\r\nCoolman\ncoolness\r\ncooper\ncooper\r\nCooper\ncooter\r\ncopper\ncopper\r\nCopper\ncora\r\ncorazon\r\ncordelia\r\ncorky\r\ncornflake\r\ncorona\ncorona\r\ncorrado\ncorrado\r\ncorvette\r\ncorwin\ncorwin\r\ncosmo\r\ncosmos\ncosmos\r\ncougar\ncougar\r\nCougar\nCougar\r\ncougars\ncougars\r\ncountry\ncountry\r\nCountry\ncourier\r\ncourtney\ncourtney\r\ncowboy\ncowboy\r\nCowboy\nCOWBOY\ncowboys\ncowboys\r\nCowboys\ncows\r\ncoyote\ncoyote\r\ncrack1\r\ncracker\ncracker\r\nCracker\ncraig\ncraig\r\ncrapp\ncrawford\ncrawford\r\ncrazy\r\ncreative\ncreative\r\nCreative\r\ncrescent\r\ncricket\ncricket\r\nCricket\ncristian\r\ncristina\r\ncross\r\ncrow\ncrow\r\ncrowley\r\ncruise\ncruise\r\ncrusader\r\ncrystal\ncrystal\r\ncthulhu\r\ncuda\r\ncuddles\ncuddles\r\ncuervo\r\ncunningham\r\ncunt\r\ncupcake\r\ncurrent\r\ncurtis\ncurtis\r\nCurtis\nCurtis\r\ncuteako\r\ncuteme\r\ncutie\ncutie\r\ncutiepie\r\ncutlass\r\ncyber\r\ncyclone\ncyclone\r\ncynthia\ncynthia\r\ncyrano\ncyrano\r\ndaddy\ndaddy\r\ndaddy1\r\ndaddysgirl\r\ndaedalus\r\ndagger\r\ndagger1\r\ndaily\r\ndaisie\r\ndaisy\ndaisy\r\ndakota\ndakota\r\nDakota\ndale\r\ndallas\ndallas\r\nDallas\ndamian\r\ndammit\r\ndan\ndan\r\ndana\r\ndance\ndance\r\ndancer\ndancer\r\ndancing\r\ndaniel\ndaniel\r\nDaniel\nDaniel\r\ndaniel1\r\ndaniela\r\ndanielle\ndanielle\r\ndanny\ndanny\r\ndaphne\r\ndark1\r\ndarkangel\r\nDarkman\r\ndarkness\r\ndarkstar\r\ndarling\r\ndarren\ndarren\r\ndarryl\r\ndarwin\ndarwin\r\nDarwin\ndasha\ndasha\r\ndatabase\ndatabase\r\ndave\ndave\r\ndavid\ndavid\r\ndavid1\ndavid1\r\ndavids\r\ndawn\ndawn\r\ndaytek\ndaytek\r\ndead\ndead\r\ndeadhead\ndeadhead\r\ndean\ndean\r\ndeath\r\nDeath\ndebbie\ndebbie\r\ndeborah\r\ndecember\ndecember\r\ndecker\r\ndeedee\ndeedee\r\ndeeznuts\r\nDefense\ndelano\r\ndelete\r\ndelfin\r\ndeliver\ndeliver\r\ndelta\ndelta\r\ndemo\ndemo\r\ndemon\r\ndenali\ndenali\r\ndenis\r\ndenise\ndenise\r\nDenise\nDenise\r\ndennis\ndennis\r\nDennis\ndenny\r\nDenver\ndepeche\ndepeche\r\nderek\nderek\r\ndesert\r\ndesign\ndesign\r\ndesiree\r\ndeskjet\r\ndestiny\r\ndetroit\ndetroit\r\nDetroit\ndeutsch\ndeutsch\r\ndevil\r\ndevine\r\ndevon\r\ndexter\ndexter\r\nDexter\ndgj\ndharma\r\ndiablo\ndiablo\r\ndiamond\ndiamond\r\ndiamonds\r\ndiana\ndiana\r\ndiane\ndiane\r\ndianne\r\ndickens\r\ndickhead\ndickhead\r\ndiego\r\ndiesel\r\ndigger\r\nDigger\ndigital\ndigital\r\nDigital\ndigital1\ndilbert\ndilbert\r\ndillweed\r\ndinamo\r\ndipper\r\ndirect1\ndirector\ndirector\r\ndirk\ndirk\r\ndisco\r\ndisney\ndisney\r\nDisney\ndixie\ndixie\r\ndixon\r\ndoc\ndoc\r\ndoctor\ndoctor\r\nDoctor\ndodger\ndodger\r\ndodgers\ndodgers\r\ndog\ndog\r\ndogbert\ndogbert\r\nDoggie\ndoggy\r\nDoggy\ndoitnow\r\ndollar\r\ndollars\ndollars\r\ndolly\r\ndolphin\ndolphin\r\nDolphin\ndolphins\ndolphins\r\ndominic\ndominic\r\ndominique\r\ndomino\ndomino\r\ndon\ndon\r\ndonald\ndonald\r\ndonkey\ndonkey\r\ndonna\ndonna\r\ndontknow\r\nDoobie\ndoogie\ndoogie\r\ndookie\ndookie\r\nDookie\ndoom\ndoom\r\ndoom2\ndoom2\r\ndoors\r\ndork\r\ndorothy\ndorothy\r\nDorothy\ndoudou\r\ndoug\ndoug\r\ndougie\ndougie\r\ndouglas\ndouglas\r\ndowntown\r\ndraft\r\ndragon\ndragon\r\nDragon\nDragon\r\nDRAGON\ndragon1\ndragon1\r\ndragonfl\ndragonfly\r\nDream\ndreamer\ndreamer\r\ndreams\ndreams\r\nDreams\ndriver\r\nDrizzt\ndrowssap\r\nDrums\nduck\nduck\r\nduckie\nduckie\r\ndude\ndude\r\ndudley\r\nduke\nduke\r\ndumbass\r\ndundee\ndundee\r\ndustin\r\nDustin\ndusty\ndusty\r\ndutch\r\ndutchess\r\ndwight\r\nDwight\ndylan\ndylan\r\ne\ne\r\neagle\neagle\r\neagle1\neagle1\r\neagles\neagles\r\nEagles\nEagles\r\neaster\neaster\r\neastern\r\nEatme\neclipse\neclipse\r\neddie\neddie\r\nedith\r\nedmund\r\neduardo\r\nedward\nedward\r\nEdward\neeyore\neeyore\r\neffie\r\neieio\r\neight\r\neinstein\neinstein\r\nelaine\r\nElaine\nelectric\nelectric\r\nelement\r\nelephant\nelephant\r\nelijah\r\nelina1\r\nelissa\r\nelizabet\nelizabeth\r\nElizabeth\r\nella\r\nellen\nellen\r\nelliot\nelliot\r\nelsie\nelsie\r\nelvis\nelvis\r\nElvis\nElwood\ne-mail\ne-mail\r\nemerald\r\nemily\nemily\r\neminem\r\nemmanuel\r\nemmitt\r\nEmmitt\nempire\r\nenergy\nenergy\r\nengage\r\nengland\r\nenigma\nenigma\r\nenrique\r\nenter\nenter\r\nenterprise\r\nentropy\nentropy\r\neric\neric\r\neric1\r\nerika\r\nerin\r\nernie1\r\nescort\r\nescort1\r\nEspanol\nestelle\r\nEsther\r\nestrella\r\nestrellita\r\netoile\netoile\r\neugene\neugene\r\neurope\neurope\r\nevelyn\r\nexcalibu\nexcalibur\r\nexcel\r\nExcept\nexplore\r\nexplorer\nexplorer\r\nexport\nexport\r\nexpress\nexpress\r\nfaculty\r\nfairview\r\nfaith\nfaith\r\nfalcon\nfalcon\r\nFalcon\nfamilia\r\nfamily\nfamily\r\nFamily\nFamily\r\nfamily1\r\nfarmer\nfarmer\r\nFarmer\nFarming\nfarout\r\nfarside\r\nfashion\r\nfatboy\r\nfatima\r\nfaust\r\nfearless\r\nfebruary\r\nfeedback\r\nfelipe\r\nfelix\nfelix\r\nfender\r\nFender\nfenris\r\nferguson\r\nfernanda\r\nfernando\r\nferrari\nferrari\r\nferret\nferret\r\nferris\r\nfgh\nfiction\nfiction\r\nfidel\r\nFigaro\r\nfinance\r\nfiona\nfiona\r\nfire\nfire\r\nfireball\nfireball\r\nfirebird\nfirebird\r\nFirebird\nfireman\nfireman\r\nfirenze\r\nfirst\nfirst\r\nfish\nfish\r\nfish1\nfish1\r\nfisher\nfisher\r\nFisher\nFisher\r\nfishes\r\nfishhead\r\nfishie\r\nfishing\nfishing\r\nFishing\nFishing\r\nflamingo\nflamingo\r\nflanders\r\nflash\nflash\r\nfletch\nfletch\r\nfletcher\nfletcher\r\nfleurs\r\nflight\nflight\r\nflip\nflip\r\nflipper\nflipper\r\nFlipper\nflores\r\nflorida\nflorida\r\nFlorida\nflorida1\r\nflower\nflower\r\nFlower\nflowerpot\r\nflowers\nflowers\r\nFlowers\nfloyd\nfloyd\r\nfluffy\nfluffy\r\nFluffy\nflute\r\nfly\r\nflyboy\r\nflyer\r\nFlyers\nfoobar\nfoobar\r\nfool\nfool\r\nFootbal\nfootball\nfootball\r\nFootball\nfootball1\r\nford\nford\r\nforest\nforest\r\nforever\r\nFortune\r\nforum\r\nforward\r\nfoster\r\nfountain\nfountain\r\nfox\nfox\r\nfoxtrot\nfoxtrot\r\nfozzie\nfozzie\r\nfrance\nfrance\r\nfrancesco\r\nfrancine\r\nfrancis\nfrancis\r\nFrancis\nfrancisco\r\nfrancois\nfrancois\r\nfrank\nfrank\r\nfranka\r\nfrankie\r\nFrankie\nfranklin\nfranklin\r\nfreak1\nfreak1\r\nfred\nfred\r\nfreddie\r\nfreddy\nfreddy\r\nFreddy\r\nfrederic\nfrederic\r\nfree\r\nfreebird\r\nfreedom\nfreedom\r\nFreedom\nfreeman\r\nfrench\r\nfrench1\nfrench1\r\nfriday\nfriday\r\nFriday\nFriday\r\nfriend\nfriend\r\nFriend\nfriends\nfriends\r\nFriends\nFriends\r\nfriendship\r\nfriendster\r\nfrisco\r\nfritz\r\nfrodo\nfrodo\r\nfrog\nfrog\r\nfrog1\nfroggie\r\nfroggies\r\nfroggy\nfroggy\r\nFroggy\nfrogs\nfrogs\r\nfront242\nfront242\r\nFront242\r\nfrontier\r\nFrosty\nfubar\r\nFubar\nfucker\nfucker\r\nFucker\nfuckface\r\nfuckme\nfuckme\r\nFuckme\nfuckoff\nfuckoff\r\nfucku\r\nfuckyou\nfuckyou\r\nFuckyou\nFuckyou\r\nFuckYou\nFuckYou\r\nfuckyou1\r\nfuckyou2\r\nfugazi\nfugazi\r\nfun\nfun\r\nfunguy\r\nfuntime\r\nfuture\nfuture\r\nfuzz\r\ngabby\r\ngabriel\ngabriel\r\ngabriela\r\ngabriell\ngabriell\r\ngaby\ngaby\r\ngaelic\r\ngalaxy\ngalaxy\r\ngalileo\ngalileo\r\ngambit\ngambit\r\nGambit\ngambler\r\ngames\r\ngammaphi\r\nganda\r\ngandako\r\ngandalf\ngandalf\r\nGandalf\nGandalf\r\ngangsta\r\ngangster\r\ngarcia\r\ngarden\ngarden\r\nGarden\ngarfield\ngarfield\r\nGarfield\ngarfunkel\r\ngargoyle\r\ngarlic\ngarlic\r\ngarnet\ngarnet\r\nGarrett\ngarth\r\ngary\ngary\r\ngasman\ngasman\r\ngaston\r\ngateway\ngateway\r\ngateway2\r\ngatita\r\ngatito\r\ngator\ngator\r\ngator1\r\ngemini\ngemini\r\nGemini\ngeneral\ngeneral\r\ngenesis\ngenesis\r\ngenius\ngenius\r\ngeorge\ngeorge\r\nGeorge\ngeorge1\r\ngeorgia\ngeorgia\r\ngerald\ngerald\r\ngerard\r\ngerman\r\nGerman\ngermany\r\ngermany1\r\nGeronimo\r\ngetout\r\nggeorge\r\nghost\nghost\r\ngiants\ngiants\r\nGiants\ngibbons\r\ngibson\ngibson\r\ngigi\r\ngilbert\r\ngilgamesh\r\ngilles\ngilles\r\nginger\nginger\r\nGinger\ngiselle\r\ngizmo\ngizmo\r\nGizmo\nGizmo\r\nglenn\nglenn\r\nglider1\r\nglitter\r\nglobal\nglobal\r\nGlobal\ngloria\r\ngmoney\r\ngo\ngo\r\nGoalie\ngoat\ngoat\r\ngoaway\r\ngoblin\r\ngoblue\ngoblue\r\ngocougs\ngocougs\r\ngod\r\ngodiva\r\ngodzilla\ngodzilla\r\ngoethe\r\ngofish\ngofish\r\ngoforit\ngoforit\r\ngold\ngold\r\ngolden\ngolden\r\nGolden\nGolden\r\ngoldfish\r\nGoldie\ngolf\ngolf\r\ngolfer\ngolfer\r\nGolfer\nGolfing\ngollum\r\ngone\ngone\r\ngoober\ngoober\r\nGoober\nGoober\r\ngood\r\ngood-luck\r\ngoodluck\r\ngoofy\ngoofy\r\ngoogle\r\ngoose\r\ngopher\ngopher\r\nGopher\ngordon\ngordon\r\nGordon\ngorgeous\r\ngrace\ngrace\r\ngracie\r\ngraham\r\ngramps\r\ngrandma\ngrandma\r\nGrandma\ngrant\ngrant\r\ngraphic\ngraphic\r\ngrateful\ngrateful\r\ngravis\r\ngray\ngray\r\ngraymail\ngreed\r\ngreen\ngreen\r\ngreenday\ngreenday\r\ngreg\ngreg\r\ngreg1\r\ngregory\ngregory\r\ngremlin\r\ngreta\r\ngretchen\ngretchen\r\nGretel\r\ngretzky\ngretzky\r\nGriffey\ngrizzly\r\ngroovy\ngroovy\r\nGroovy\ngrover\ngrover\r\nGrover\ngrumpy\ngrumpy\r\nguess\nguess\r\nguest\nguest\r\nguido\nguido\r\nguinness\nguinness\r\nguitar\nguitar\r\nGuitar\nguitar1\r\ngumby\r\ngundam\r\ngunner\ngunner\r\nGunner\ngustavo\r\nGymnast\nh2opolo\nh2opolo\r\nhacker\nhacker\r\nHacker\nHacker\r\nhaggis\r\nhaha\r\nhahaha\r\nhailey\r\nhal\r\nhal9000\nhal9000\r\nhallo\r\nhalloween\r\nhallowell\r\nhamid\r\nhamilton\r\nhamlet\r\nhammer\nhammer\r\nHammer\nHammer\r\nHamster\nhank\r\nhanna\nhanna\r\nhannah\nhannah\r\nhannah1\r\nhansolo\nhansolo\r\nhanson\nhanson\r\nHanson\nhappy\nhappy\r\nhappy1\nhappy1\r\nhappy123\r\nhappyday\nhappyday\r\nhardcore\r\nharley\nharley\r\nHarley\nHarley\r\nHARLEY\r\nharley1\r\nharo\r\nharold\nharold\r\nharriet\r\nharris\r\nharrison\nharrison\r\nharry\nharry\r\nharrypotter\r\nharvard\r\nharvey\nharvey\r\nHarvey\nHatton\nhawaii\r\nHawaii\nhawk\nhawk\r\nhawkeye\r\nHawkeye\nhawkeye1\r\nhayden\r\nhazel\nhazel\r\nhealth\nhealth\r\nhealth1\r\nheart\nheart\r\nhearts\r\nHearts\nheather\nheather\r\nHeather\nHeather\r\nheather1\r\nheather2\r\nheaven\r\nhector\nhector\r\nhedgehog\r\nheidi\nheidi\r\nHeidi\nheikki\r\nhelen\nhelen\r\nhelena\r\nhelene\r\nhell\nhell\r\nhello\nhello\r\nHello\nHello\r\nhello1\nhello1\r\nhello123\r\nhello8\r\nhellohello\r\nhellokitty\r\nhelp\nhelp\r\nhelp123\r\nhelper\r\nhelpme\nhelpme\r\nHelpme\nhendrix\nhendrix\r\nHendrix\nHendrix\r\nhenry\nhenry\r\nHenry\r\nherbert\nherbert\r\nherman\nherman\r\nHerman\nhermes\nhermes\r\nhermosa\r\nhernandez\r\nHershey\nHershey\r\nherzog\r\nheythere\r\nhighland\r\nhilbert\r\nhilda\r\nhillary\r\nhiphop\r\nhistoire\r\nhistory\nhistory\r\nHistory\nhithere\r\nhitler\r\nhobbes\r\nhobbit\r\nHobbit\nhockey\nhockey\r\nHockey\nHockey1\nhola\nhola\r\nholiday\r\nholly\nholly\r\nhollywood\r\nhome\nhome\r\nhomebrew\nhomebrew\r\nhomer\nhomer\r\nHomer\nHomer\r\nhomerj\r\nhonda\nhonda\r\nhonda1\nhonda1\r\nHonda1\nhoney\nhoney\r\nhoneyko\r\nhongkong\r\nhoops\nhoops\r\nhoosier\r\nhootie\nhootie\r\nhope\r\nhorizon\nhorizon\r\nhornet\nhornet\r\nHornets\nhorse\nhorse\r\nhorses\nhorses\r\nhosehead\r\nhotdog\nhotdog\r\nHotdog\nhotmail\r\nhotrod\r\nHotrod\nhotstuff\r\nhottie\r\nhottie1\r\nhouse\nhouse\r\nhouston\nhouston\r\nhoward\nhoward\r\nHoward\nhuang\r\nhudson\r\nhuey\r\nhugh\r\nhugo\r\nhummer\r\nhunter\nhunter\r\nHunter\nHunting\nHuskers\nhuskies\r\nhydrogen\r\ni\r\nib6ub9\nib6ub9\r\nibanez\r\nicecream\nicecream\r\niceman\niceman\r\nIceman\nidiot\nidiot\r\nidontknow\r\nif6was9\r\niforget\r\niguana\niguana\r\nIguana\nihateyou\r\nilmari\r\nilovegod\r\nilovehim\r\nilovejesus\r\niloveme\r\niloveu\r\niloveu2\r\niloveyou\niloveyou!\r\niloveyou\r\niloveyou1\r\niloveyou2\r\nimage\nimage\r\nimagine\nimagine\r\nimissyou\r\nimpact\r\nimpala\nimpala\r\nindian\nindian\r\nindiana\nindiana\r\nindigo\nindigo\r\nindonesia\r\ninfo\ninfo\r\ninformix\ninformix\r\ningvar\r\ninlove\r\ninsane\ninsane\r\ninside\ninside\r\ninsight\r\ninstructor\r\nintegra\r\nintegral\r\nIntel\nintern\nintern\r\ninternet\ninternet\r\nInternet\nInternet\r\nintrepid\r\ninuyasha\r\niomega\r\nireland\nireland\r\nirene\nirene\r\nirina\r\niris\r\nirish\nirish\r\nirmeli\r\nironman\nironman\r\nIronman\nisaac\nisaac\r\nisabel\r\nisabella\r\nisabelle\nisabelle\r\nIsabelle\nisaiah\r\nisis\nisland\nisland\r\nisrael\r\nitalia\nitalia\r\nitaly\nitaly\r\niubire\r\niverson\r\nizzy\r\nj1l2t3\r\njack\njack\r\njackass\r\njackie\njackie\r\nJackie\njackie1\r\njackson\njackson\r\nJackson\nJackson\r\njacob\njacob\r\nJaeger\njaguar\njaguar\r\nJaguar\njake\njake\r\njakey\r\njamaica\njamaica\r\njames\njames\r\njames1\njames1\r\njamesbond\r\njamie\r\njamjam\r\njan\njan\r\njane\njane\r\nJanet\r\njanice\njanice\r\njanine\r\njanuary\r\nJanuary\njapan\njapan\r\njared\njared\r\njasmin\njasmin\r\njasmine\njasmine\r\nJasmine\njasmine1\r\njason\njason\r\njason1\njason1\r\njasper\njasper\r\nJasper\njavier\r\njayden\r\njayjay\r\njayson\r\njazmin\r\njazz\njazz\r\njean\njean\r\njeanette\njeanette\r\njeanne\njeanne\r\nJeanne\nJeanne\r\njedi\r\njeepster\r\njeff\njeff\r\njeffrey\njeffrey\r\nJeffrey\njeffrey1\r\njenifer\njenifer\r\njenni\njenni\r\njennie\r\njennifer\njennifer\r\nJennifer\nJennifer\r\njenny\njenny\r\njenny1\njenny1\r\njensen\njensen\r\njer\r\njeremiah\r\njeremy\njeremy\r\nJeremy\njerome\r\njerry\njerry\r\nJersey\r\njesse\r\njesse1\r\njessica\njessica\r\nJessica\nJessica\r\njessica1\r\njessie\njessie\r\nJessie\njester\r\nJester\njesucristo\r\njesus\njesus\r\njesus1\njesus1\r\njesuschrist\r\njethro\r\njethrotull\r\njetta1\r\njewels\njewels\r\njim\njim\r\njimbo\njimbo\r\nJimbo\njimbob\r\nJimbob\njimi\r\njimmy\r\njkl123\r\njkm\njoanie\r\njoanna\njoanna\r\nJoanna\r\njoanne\r\njoe\njoe\r\njoel\njoel\r\njoelle\r\njoey\njoey\r\njohan\r\njohanna1\r\njohn\njohn\r\njohn316\njohn316\r\njohncena\r\njohnny\njohnny\r\nJohnny\njohnson\njohnson\r\nJohnson\nJohnson\r\njojo\njojo\r\njoker\njoker\r\nJoker\njoker1\r\njonathan\njonathan\r\njordan\njordan\r\nJordan\nJordan\r\njordan1\r\njordan23\njordan23\r\njordie\r\njorge\r\njosee\r\njoseph\njoseph\r\nJoseph\njosh\njosh\r\njoshua\njoshua\r\nJoshua\nJoshua\r\njoshua1\r\njosie\njosie\r\njourney\r\njoy\r\njoyce\r\nJSBach\njubilee\r\njudith\njudith\r\njudy\njudy\r\njuhani\r\njules\r\njulia\njulia\r\njulia2\r\njulian\njulian\r\njuliana\r\njulie\njulie\r\njulie1\njulie1\r\njulien\r\njuliet\r\njulius\r\njumanji\r\njumbo\r\njump\r\njunebug\r\nJunebug\njunior\njunior\r\nJunior\njuniper\r\njupiter\njupiter\r\njussi\r\njustdoit\r\njustice\njustice\r\njustice4\r\njustin\njustin\r\nJustin\njustin1\njustin1\r\njustine\r\njustme\r\nkalamazoo\r\nkali\r\nkangaroo\r\nkaren\nkaren\r\nkaren1\r\nkarin\r\nkarina\r\nkarine\r\nkarla\r\nkarma\r\nkat\r\nkate\r\nkaterina\r\nkatherin\nkatherine\r\nkathleen\nkathleen\r\nKathryn\nkathy\nkathy\r\nkatie\nkatie\r\nKatie\r\nkatie1\r\nkatrina\r\nkayla\r\nKayla\nkcin\r\nkeeper\r\nkeepout\r\nkeith\nkeith\r\nkeith1\r\nkeller\r\nkelly\nkelly\r\nkelly1\nkelly1\r\nkelsey\nkelsey\r\nkendall\r\nkennedy\nkennedy\r\nkenneth\nkenneth\r\nkenny\r\nkerala\r\nkermit\nkermit\r\nkerrya\r\nketchup\r\nkevin\nkevin\r\nkevin1\nkevin1\r\nkhan\nkhan\r\nkidder\r\nkids\nkids\r\nkiller\nkiller\r\nKiller\nKiller\r\nKILLER\r\nKillme\nkim\nkim\r\nkimberly\nkimberly\r\nKinder\nking\nking\r\nkingdom\nkingdom\r\nkingfish\nkingfish\r\nkings\r\nkirk\r\nkissa2\r\nkisses\r\nkissme\r\nkitkat\r\nkitten\r\nKitten\nKitten\r\nkitten12\nKittens\nkitty\nkitty\r\nkittycat\r\nkiwi\r\nkkkkkk\r\nkleenex\nkleenex\r\nknicks\nknicks\r\nknight\nknight\r\nKnight\nKnight\r\nKnights\nkoala\nkoala\r\nkoko\nkoko\r\nkombat\r\nKombat\nkramer\nkramer\r\nkris\r\nkristen\nkristen\r\nKristen\nkristi\nkristi\r\nKristi\nkristin\nkristin\r\nKristin\nkristina\r\nkristine\r\nKristy\nKrystal\nlabtec\r\nlacrosse\nlacrosse\r\nladdie\nladdie\r\nlady\nlady\r\nladybug\nladybug\r\nlakers\nlakers\r\nLakers\nLakota\nlalala\r\nlambda\r\nlamer\nlamer\r\nlance\r\nlarry\nlarry\r\nlarry1\nlarry1\r\nLarson\nlaser\nlaser\r\nLaser\nlaserjet\r\nlassie1\r\nlaura\nlaura\r\nlaurel\r\nlauren\nlauren\r\nLauren\nlaurie\nlaurie\r\nlaw\nlaw\r\nlawrence\r\nlawson\r\nlawyer\r\nleader\r\nleaf\r\nleanne\r\nleblanc\r\nledzep\nledzep\r\nlee\nlee\r\nlegal\r\nlegend\nlegend\r\nlegolas\r\nleland\r\nlemon\r\nLennon\nleo\r\nleon\nleon\r\nleonard\nleonard\r\nleonardo\r\nleslie\nleslie\r\nLeslie\nlestat\nlestat\r\nLestat\nlester\r\nletmein\nletmein\r\nLetmein\nletter\r\nLetter\nletters\r\nlexus1\r\nliberty\r\nLiberty\r\nlibra\r\nlibrary\nlibrary\r\nLibrary\nlife\r\nlight\nlight\r\nLight\nlights\r\nliliana\r\nlilmama\r\nlima\r\nlincoln\nlincoln\r\nlinda\nlinda\r\nlindsay\nlindsay\r\nLindsay\nLindsay\r\nlindsey\nlindsey\r\nLindsey\nlinkinpark\r\nlionel\r\nlionking\nlionking\r\nlions\r\nlipgloss\r\nlisa\nlisa\r\nlissabon\r\nlittle\r\nLittle\nliverpoo\nliverpool\r\nliz\r\nlizard\nlizard\r\nLizard\nLizard\r\nlizzie\r\nlizzy\r\nljf\nlloyd\nlloyd\r\nlogan\nlogan\r\nlogger\r\nlogical\nlogical\r\nlogos\r\nloislane\r\nloki\r\nlokita\r\nlola\r\nlolipop\r\nlolita\r\nlollipop\r\nlollypop\r\nlondon\nlondon\r\nlonely\r\nlonestar\r\nlonger\r\nlonghorn\r\nlooking\r\nlooney\nlooney\r\nLooney\nloren\r\nlorena\r\nlori\r\nlorna\r\nlorraine\nlorraine\r\nlorrie\r\nloser\nloser\r\nLoser\nlost\r\nlotus\r\nlou\r\nlouis\nlouis\r\nlouise\nlouise\r\nLouise\nlove\nlove\r\nlove12\r\nlove123\r\nlovebug\r\nlovelove\r\nlovely\nlovely\r\nlovely1\r\nloveme\nloveme\r\nLoveme\nloveme1\r\nlover\r\nLover\nlover1\r\nloverboy\r\nlovers\r\nloves\r\nloveu\r\nloveya\r\nloveyou\nloveyou\r\nloving\r\nlucas\nlucas\r\nlucia\r\nlucifer\r\nlucky\nlucky\r\nlucky1\nlucky1\r\nlucky14\r\nlucky7\r\nlucy\nlucy\r\nlulu\nlulu\r\nlupita\r\nlynn\nlynn\r\nm\r\nm1911a1\r\nmac\nmac\r\nmacha\nmacha\r\nmacintos\nmacintosh\r\nmacross\r\nmadalina\r\nmaddie\r\nMaddock\nmaddog\nmaddog\r\nMaddog\nMadeline\r\nmadison\nmadison\r\nmadmax\r\nmadoka\r\nmadonna\r\nmaganda\r\nmaggie\nmaggie\r\nMaggie\nmagic\nmagic\r\nmagic1\r\nmagnum\nmagnum\r\nmahal\r\nmahalkita\r\nmahalko\r\nmaiden\r\nmail\r\nmailer\nmailer\r\nmailman\nmailman\r\nmaine\r\nmajor\nmajor\r\nmajordom\nmajordomo\r\nmakeitso\r\nmalcolm\nmalcolm\r\nmaldita\r\nmalibu\r\nMalibu\nmallard\r\nmamita\r\nmanagement\r\nmanchester\r\nmanson\r\nmantra\nmantra\r\nmanuel\r\nmanutd\r\nmarathon\r\nmarc\nmarc\r\nmarcel\nmarcel\r\nmarcos\r\nmarcus\nmarcus\r\nmargaret\nmargaret\r\nMargaret\r\nmargarita\r\nmaria\nmaria\r\nmaria1\r\nmariah\nmariah\r\nmariah1\r\nmarian\r\nmariana\r\nmarie\nmarie\r\nmarie1\r\nmarielle\r\nmarilyn\nmarilyn\r\nmarina\nmarina\r\nmarine\nmarine\r\nmariner\r\nmarino\r\nMarino\nmario\nmario\r\nmariposa\nmariposa\r\nmarisol\r\nmarissa\r\nmark\nmark\r\nmark1\r\nmarket\nmarket\r\nmarlboro\nmarlboro\r\nmarley\nmarley\r\nMarley\nmarlon\r\nmars\nmars\r\nMarshal\nmarshall\r\nmart\r\nmartha\r\nMartha\nmartin\nmartin\r\nMartin\nmartin1\nmartin1\r\nmartinez\r\nmarty\nmarty\r\nmarvin\nmarvin\r\nMarvin\nmary\nmary\r\nmaryjane\nmaryjane\r\nmaster\nmaster\r\nMaster\nMaster\r\nmaster1\nmaster1\r\nMasters\nmath\nmath\r\nmatrix\nmatrix\r\nmatt\nmatt\r\nmatthew\nmatthew\r\nMatthew\nMatthew\r\nmatthew1\r\nmatti1\r\nmattingly\r\nmaurice\nmaurice\r\nmauricio\r\nMaveric\nmaverick\nmaverick\r\nmax\nmax\r\nmaxime\nmaxime\r\nmaxine\r\nmaxmax\r\nmaxwell\nmaxwell\r\nMaxwell\nMaxwell\r\nmayday\nmayday\r\nmazda1\nmazda1\r\nme\nme\r\nmeatloaf\r\nmech\r\nmechanic\r\nmedia\r\nmedical\nmedical\r\nmegan\nmegan\r\nmeggie\r\nmeister\r\nmelanie\nmelanie\r\nmelina\r\nmelissa\nmelissa\r\nMelissa\nMellon\r\nmelody\r\nmelvin\r\nmememe\r\nmemory\nmemory\r\nmemphis\nmemphis\r\nmensuck\r\nmeow\nmeow\r\nmercedes\nmercedes\r\nmercer\r\nmercury\nmercury\r\nmerde\r\nmerlin\nmerlin\r\nMerlin\nmerlot\r\nMerlot\r\nmermaid\r\nmerrill\r\nmetal\nmetal\r\nmetallic\nmetallic\r\nMetallic\r\nmetallica\r\nmexico\nmexico\r\nmhine\r\nmiami\r\nmiamor\r\nmichael\nmichael.\nmichael\r\nMichael\nMichael\r\nmichael1\r\nmichal\r\nmicheal\r\nmichel\nmichel\r\nMichel\r\nMichel1\r\nmichele\nmichele\r\nMichell\nmichelle\nmichelle\r\nMichelle\nMichelle\r\nmichelle1\r\nmichigan\r\nmichou\r\nmickel\r\nmickey\nmickey\r\nMickey\nmickey1\r\nmicro\nmicro\r\nmicrosoft\r\nmidnight\nmidnight\r\nmidori\nmidori\r\nmidvale\r\nmidway\r\nmierda\r\nmiguel\r\nmikael\nmikael\r\nmike\nmike\r\nmike1\nmike1\r\nmikey\nmikey\r\nMikey\nmiki\nmiki\r\nmilagros\r\nmilano\r\nmiles\nmiles\r\nmillenium\r\nmiller\nmiller\r\nMiller\nmillie\nmillie\r\nmillion\nmillion\r\nmimi\nmimi\r\nmindy\nmindy\r\nmine\nmine\r\nminnie\nminnie\r\nMinnie\nminou\nminou\r\nmiracle\r\nmirage\nmirage\r\nmiranda\nmiranda\r\nmiriam\r\nmirror\nmirror\r\nmisha\nmisha\r\nmishka\nmishka\r\nmission\nmission\r\nmissy\nmissy\r\nmisty\nmisty\r\nmitch\nmitch\r\nmitchell\nmitchell\r\nMittens\nmmm\r\nmmmmmm\r\nmmouse\r\nmobile\r\nmobydick\r\nmodem\nmodem\r\nmojo\r\nmolly\nmolly\r\nmolly1\nmolly1\r\nmolson\nmolson\r\nmom\nmom\r\nmommy\r\nmommy1\r\nmonday\nmonday\r\nMonday\nMonday\r\nmonet\nmonet\r\nmoney\nmoney\r\nMoney\r\nmoney1\nmoney1\r\nmonica\nmonica\r\nmonique\nmonique\r\nmonkey\nmonkey\r\nMonkey\nmonkey1\r\nmonkey12\r\nmonkeys\r\nmonopoly\nmonopoly\r\nmonroe\r\nmonster\r\nMonster\nMonster\r\nmontana\nmontana\r\nMontana\nmontana3\r\nmontreal\nmontreal\r\nMontreal\r\nmontrose\r\nmonty\r\nmoocow\nmoocow\r\nmookie\nmookie\r\nmoomoo\nmoomoo\r\nmoon\nmoon\r\nmoonbeam\r\nmoore\r\nmoose\nmoose\r\nmopar\r\nmorecats\r\nmorgan\nmorgan\r\nmoroni\nmoroni\r\nmorpheus\r\nmorris\nmorris\r\nMorris\nmortimer\nmortimer\r\nmother\nmother\r\nMother\nmotor\r\nmotorola\r\nmountain\nmountain\r\nmouse\nmouse\r\nmouse1\nmouse1\r\nmovies\r\nmowgli\r\nmozart\nmozart\r\nmuffin\nmuffin\r\nMuffin\nmulder\r\nmulder1\r\nmunchkin\r\nmurphy\nmurphy\r\nMurphy\nmurray\r\nmuscle\r\nmusic\nmusic\r\nmusica\r\nmustang\nmustang\r\nMustang\nmustang1\r\nmybaby\r\nmylife\r\nmylove\r\nmyself\r\nmyspace\r\nmyspace1\r\nnadia\r\nnadine\r\nnancy\nnancy\r\nnaomi\nnaomi\r\nnapoleon\nnapoleon\r\nnaruto\r\nnascar\nnascar\r\nNascar\nnat\nnat\r\nnatalia\r\nnatalie\r\nnatasha\nnatasha\r\nNatasha\nnathan\nnathan\r\nNathan\nnation\r\nnational\r\nnautica\nnautica\r\nncc1701\nncc1701\r\nNCC1701\nNCC1701\r\nncc1701d\nncc1701d\r\nncc1701e\nncc1701e\r\nne1410s\r\nne1469\nne1469\r\nne14a69\r\nnebraska\nnebraska\r\nneil\r\nneko\r\nnellie\nnellie\r\nnelson\nnelson\r\nNelson\nnemesis\nnemesis\r\nnenita\r\nnermal\r\nnesbit\r\nnesbitt\nnesbitt\r\nnestle\r\nnetware\nnetware\r\nnetwork\nnetwork\r\nneutrino\r\nnew\nnew\r\nnewaccount\r\nnewcourt\nnewcourt\r\nnewlife\r\nnewpass\nnewpass\r\nnews\nnews\r\nnewton\nnewton\r\nNewton\nNewton\r\nnewuser\nnewuser\r\nnewyork\nnewyork\r\nnewyork1\r\nnexus6\r\nnguyen\nnguyen\r\nnicarao\nnicarao\r\nnicholas\nnicholas\r\nNicholas\r\nnichole\r\nnick\nnick\r\nnicklaus\r\nnicolas\r\nnicole\nnicole\r\nNicole\nnicole1\r\nnigel\r\nnightshade\r\nnightwing\r\nnike\r\nniki\nniki\r\nnikita\nnikita\r\nnikki\r\nnimrod\nnimrod\r\nnina\r\nniners\nniners\r\nnintendo\r\nnirvana\nnirvana\r\nNirvana\nnirvana1\nnirvana1\r\nnissan\nnissan\r\nNissan\nnisse\r\nnite\nnite\r\nnokia\r\nnomore\r\nnone\nnone\r\nnone1\r\nnopass\r\nNoriko\r\nnormal\r\nnorman\nnorman\r\nnorton\r\nnotebook\r\nnothing\nnothing\r\nnotta1\r\nnotused\nnotused\r\nnouveau\r\nnovell\r\nnovember\r\nnoway\r\nnss\nnugget\nnugget\r\nnumber1\r\nNumber1\nnumber9\nnumber9\r\nnumbers\r\nnurse\nnurse\r\nnursing\r\nnutmeg\r\noatmeal\noatmeal\r\noaxaca\r\nobiwan\nobiwan\r\nobsession\r\nocean\r\noctober\noctober\r\nOctober\nOctober\r\nohshit\r\noicu812\r\nolive\nolive\r\noliver\noliver\r\nOliver\nolivia\nolivia\r\nolivier\nolivier\r\nollie\r\nolsen\r\nomarion\r\nomega\r\none\none\r\nonelove\r\nonline\nonline\r\nOnline\nopen\nopen\r\nopenup\r\nopera\r\nopus\nopus\r\norange\norange\r\nOrange\noranges\noranges\r\norchid\norchid\r\noregon\r\noreo\r\norion\norion\r\norlando\r\nOrlando\norville\r\noscar\noscar\r\notter\r\nou812\nou812\r\nOU812\nOU812\r\noverkill\r\noxford\noxford\r\nozzy\r\npaagal\r\npacers\npacers\r\nPacers\npacific\npacific\r\npackard\npackard\r\nPackard\npacker\npacker\r\nPacker\npackers\npackers\r\nPackers\npackrat\r\npaint\r\npainter\npainter\r\nPaladin\nPaladin\r\npaloma\r\npam\r\npamela\npamela\r\nPamela\nPamela\r\npancake\r\npanda\npanda\r\npandora\npandora\r\npanget\r\npangit\r\npanic\r\npantera\npantera\r\nPantera\npanther\npanther\r\nPanther\npanthers\r\npaola\r\npapa\npapa\r\nparadigm\r\nparis\nparis\r\npark\r\nparker\nparker\r\nParker\nparola\r\nparrot\nparrot\r\npartner\r\npasaway\r\npascal\npascal\r\npass\npass\r\npassion\npassion\r\npassw0rd\r\npasswd\npasswd\r\nPasswor\npassword\npassword\r\nPassword\nPassword\r\nPASSWORD\r\npassword1\r\npassword2\r\npat\npat\r\npatches\npatches\r\nPatches\npatricia\npatricia\r\npatrick\npatrick\r\nPatrick\npatriots\r\npatton\r\npaul\npaul\r\npaula\npaula\r\npauline\r\npavel\r\npayton\r\npeace\npeace\r\npeach\r\npeaches\npeaches\r\nPeaches\nPeaches\r\npeanut\npeanut\r\nPeanut\npeanuts\r\nPeanuts\r\npearl\npearl\r\npearljam\npearljam\r\npebbles\r\nPebbles\npedro\npedro\r\npedro1\r\npeewee\npeewee\r\nPeewee\npeggy\npeggy\r\npencil\r\npenelope\npenelope\r\npenguin\npenguin\r\nPenguin\npenny\npenny\r\npentium\npentium\r\nPentium\nPentium\r\npeople\r\nPeople\npepper\npepper\r\nPepper\nPepper\r\npepsi\npepsi\r\npercy\npercy\r\nperfect\r\nperforma\r\nperry\nperry\r\nperson\r\npete\npete\r\npeter\npeter\r\nPeter\nPeter\r\npeter1\r\npeterk\r\npeterpan\r\npetey\npetey\r\npetunia\npetunia\r\nPetunia\nphantom\nphantom\r\nphialpha\r\nphil\nphil\r\nphilip\nphilip\r\nphilips\r\nPhillip\nphillips\r\nphish\nphish\r\nphishy\r\nphoenix\nphoenix\r\nPhoenix\r\nphoenix1\nphoenix1\r\nphone\r\nphoto\nphoto\r\npiano\npiano\r\npiano1\r\npianoman\r\npianos\r\npicard\r\nPicard\npicasso\npicasso\r\npickle\npickle\r\nPickle\npicture\npicture\r\npictures\r\npierce\npierce\r\npierre\npierre\r\npigeon\r\npiglet\npiglet\r\nPiglet\nPiglet\r\npimpin\r\npineapple\r\npink\r\npinkfloy\npinkfloyd\r\npinky\r\npioneer\r\npipeline\r\npiper1\r\npirate\npirate\r\npisces\npisces\r\npizza\npizza\r\nplanet\nplanet\r\nplato\nplato\r\nplay\nplay\r\nplayboy\nplayboy\r\nplayer\nplayer\r\nplayers\nplayers\r\nplaygirl\r\nplease\nplease\r\nPlease\nplus\r\npluto\npluto\r\npmc\npoetic\r\npoetry\r\npogiako\r\npoiuyt\npoiuyt\r\npokemon\r\npolar\r\npolaris\r\nPolaris\npole\r\npolice\npolice\r\npolitics\npolitics\r\npollito\r\npolo\npolo\r\npomme\npomme\r\npontiac\r\npoohbear\npoohbear\r\npookey\r\npookie\npookie\r\nPookie\nPookie\r\npookie1\npookie1\r\npoop\r\npoopoo\r\npopcorn\npopcorn\r\nPopcorn\npope\r\npopeye\npopeye\r\nPopeye\npoppy\r\nporsche\nporsche\r\nPorsche\nporsche9\nporsche911\r\nporter\nporter\r\nportland\nportland\r\nportugal\r\npotter\r\npower\npower\r\nppp\nppp\r\nPPP\npraise\npraise\r\nprayer\r\npreciosa\r\nprecious\r\npredator\r\nprelude\r\npremier\r\npreston\npreston\r\npretty\r\nprimus\r\nprince\nprince\r\nPrince\nprincesa\r\nprincesita\r\nprincess\nprincess\r\nPrincess\r\nprincess1\r\nprint\r\nprinting\r\nprof\nprof\r\npromethe\nprometheus\r\nproperty\nproperty\r\nprotel\nprovider\r\npsalms\npsalms\r\npsycho\npsycho\r\nPsycho\npublic\npublic\r\nPuckett\npuddin\r\npulsar\r\npumpkin\npumpkin\r\nPumpkin\npunkin\npunkin\r\npuppies\r\nPuppies\npuppy\npuppy\r\npuppy123\npurple\npurple\r\nPurple\nPurple\r\npurple1\r\npussy\r\npussy1\r\npussycat\r\npyramid\npyramid\r\nPyramid\npyro\r\npython\npython\r\nq1w2e3\nq1w2e3\r\nq1w2e3r4\r\nqazwsx\r\nqqq111\r\nquality\nquality\r\nquebec\nquebec\r\nqueen\r\nqueenie\r\nquentin\r\nquest\nquest\r\nqwaszx\nqwaszx\r\nqwer\r\nqwert\nqwert\r\nQwert\nQwert\r\nqwerty\nqwerty\r\nQwerty\nQwerty\r\nqwerty1\r\nqwerty12\nqwerty12\r\nqwertyui\r\nqwertyuiop\r\nrabbit\nrabbit\r\nRabbit\nRabbit\r\nrabbit1\r\nracer\r\nracerx\nracerx\r\nrachel\nrachel\r\nRachel\nrachelle\r\nRacing\nracoon\nracoon\r\nradar\r\nradio\nradio\r\nrafael\r\nrafiki\r\nRaider\nraiders\nraiders\r\nRaiders\nRaiders\r\nrain\nrain\r\nrainbow\nrainbow\r\nRainbow\nRaistlin\nRaistlin\r\nraleigh\r\nralph\r\nram\r\nrambo\r\nrambo1\nrambo1\r\nrancid\r\nrandom\nrandom\r\nRandom\r\nrandy\nrandy\r\nrandy1\r\nranger\nranger\r\nRanger\nrangers\r\nraptor\nraptor\r\nraquel\nraquel\r\nrascal\nrascal\r\nRasta\nrasta1\r\nrastafarian\r\nratio\r\nraven\nraven\r\nravens\r\nraymond\nraymond\r\nRaymond\nReader\nReading\nreality\nreality\r\nReality\nrebecca\nrebecca\r\nRebecca\nRebecca\r\nrebelde\r\nRebels\nred\nred\r\nred123\r\nredcloud\r\nreddog\nreddog\r\nReddog\nRedDog\nredfish\r\nredman\r\nredrum\nredrum\r\nRedskin\nredskins\r\nredsox\r\nredwing\nredwing\r\nredwood\r\nReebok\nreed\r\nReefer\nreggae\r\nreggie\r\nReggie\nregina\r\nreliant\r\nremember\nremember\r\nremote\r\nrene\r\nrenee\nrenee\r\nRenee\nrenegade\r\nreptile\r\nrepublic\nrepublic\r\nrescue\r\nresearch\nresearch\r\nRetard\nrevolution\r\nrex\r\nreynolds\nreynolds\r\nreznor\nreznor\r\nrhino\r\nrhonda\nrhonda\r\nRhonda\nricardo\r\nricardo1\r\nrichard\nrichard\r\nRichard\nrichard1\r\nrichards\r\nrichmond\r\nricky\nricky\r\nriley\r\nripper\r\nRipper\nripple\r\nrita\r\nriver\nriver\r\nroadrunner\r\nrob\r\nrobbie\nrobbie\r\nRobbie\nrobby\r\nrobert\nrobert\r\nRobert\nRobert\r\nrobert1\nrobert1\r\nroberto\r\nroberts\r\nrobin\nrobin\r\nrobinhoo\nrobinhood\r\nrobocop\r\nrobotech\nrobotech\r\nrobotics\r\nroche\r\nrock\nrock\r\nrocket\nrocket\r\nrocket1\r\nrockie\r\nrocknroll\r\nrockon\r\nrocky\nrocky\r\nrocky1\r\nrodeo\r\nRodman\nrodrigo\r\nroger\nroger\r\nroger1\r\nrogers\r\nroland\r\nrolex\r\nroman\nroman\r\nrommel\r\nronald\nronald\r\nRonald\nronaldo\r\nroni\r\nronnie\r\nrookie\r\nRooster\nrootbeer\r\nRoping\nrose\nrose\r\nrosebud\nrosebud\r\nRosebud\nroses\nroses\r\nrosie\nrosie\r\nRosie\nrosita\r\nrossignol\r\nrotimi\r\nrouge\r\nroute66\r\nroxana\r\nroxy\nroxy\r\nroy\nroy\r\nroyal\nroyal\r\nRoyals\nruby\nruby\r\nrufus\nrufus\r\nrugby\nrugby\r\nrugger\r\nrunner\nrunner\r\nRunner\nrunning\nrunning\r\nrush\r\nRussel\nrussell\nrussell\r\nRussell\nRussell\r\nrusty\nrusty\r\nruth\nruth\r\nruthie\r\nruthless\r\nrux\nruy\nryan\nryan\r\nsabbath\r\nsabina\r\nsabrina\nsabrina\r\nsadie\nsadie\r\nsafety\nsafety\r\nsafety1\r\nsaigon\r\nsailing\nsailing\r\nsailor\nsailor\r\nsaint\r\nsakura\r\nsalasana\r\nsales\nsales\r\nsally\nsally\r\nsalmon\nsalmon\r\nsalut\nsalut\r\nsam\nsam\r\nsamantha\nsamantha\r\nsamiam\r\nsammie\r\nSammie\nsammy\nsammy\r\nSammy\r\nsample123\r\nSampler\nsampson\nsampson\r\nsamsam\r\nsamson\nsamson\r\nSamson\nsamsung\r\nsamuel\nsamuel\r\nSanders\nsandi\r\nsandra\nsandra\r\nsandy\nsandy\r\nSango\nsanjose\r\nsanjose1\nsanta\nsanta\r\nsantiago\r\nsantos\r\nsaphire\r\nsapphire\nsapphire\r\nsarah\nsarah\r\nsarah1\nsarah1\r\nSarah1\nsasha\nsasha\r\nsaskia\nsaskia\r\nsassy\nsassy\r\nsasuke\r\nsatori\r\nsaturday\r\nsaturn\nsaturn\r\nSaturn\r\nsaturn5\r\nsavage\nsavage\r\nsavannah\r\nsaved\r\nsayang\r\nsbdc\nscarecrow\r\nscarface\r\nscarlet\nscarlet\r\nscarlett\nscarlett\r\nScarlett\nschnapps\r\nschool\nschool\r\nSchool\nscience\nscience\r\nScience\nscooby\nscooby\r\nScooby\nscoobydoo\r\nscooter\nscooter\r\nScooter\nscooter1\nscooter1\r\nscorpio\nscorpio\r\nscorpion\nscorpion\r\nscotch\nscotch\r\nscotland\r\nscott\nscott\r\nscott1\r\nscottie\r\nscotty\nscotty\r\nScotty\nscout\nscout\r\nscouts\r\nscrooge\r\nscruffy\nscruffy\r\nscuba\r\nscuba1\nscuba1\r\nsean\nsean\r\nsearch\r\nseattle\nseattle\r\nsebastian\r\nsecret\nsecret\r\nSecret\nsecret3\r\nsecurity\nsecurity\r\nseeker\r\nSendit\nSenior\nseoul\r\nseptembe\nseptember\r\nserena\r\nsergei\nsergei\r\nsergey\r\nsergio\r\nserver\r\nservice\nservice\r\nService\nService\r\nservices\r\nseven\nseven\r\nseven7\nseven7\r\nsex\r\nsexy\nsexy\r\nsexybitch\r\nsexygirl\r\nsexymama\r\nsexyme\r\nshadow\nshadow\r\nShadow\nShadow\r\nshadow1\nshadow1\r\nShadows\nshaggy\r\nshakira\r\nshalom\nshalom\r\nshanghai\r\nshannon\nshannon\r\nShannon\nshanny\r\nshanti\nshanti\r\nshaolin\r\nshark\nshark\r\nsharon\nsharon\r\nSharon\nshasta\r\nshawn\nshawn\r\nshayne\r\nshazam\r\nsheba\nsheba\r\nsheena\nsheena\r\nsheila\nsheila\r\nshelby\nshelby\r\nshelley\nshelley\r\nshelly\nshelly\r\nShelly\nshelter\r\nsherry\nsherry\r\nship\r\nshirley\nshirley\r\nShirley\nshit\nshit\r\nshithead\nshithead\r\nShithead\nshoes\nshoes\r\nshogun\r\nShooter\nshopping\r\nshorty\nshorty\r\nShorty\nshotgun\nshotgun\r\nShotgun\nSidekick\r\nsidney\r\nSidney\nsierra\nsierra\r\nSierra\nSierra\r\nsigmachi\r\nsignal\r\nsignature\r\nsilver\nsilver\r\nSilver\nsilvia\r\nsimba\nsimba\r\nsimba1\r\nsimon\nsimon\r\nsimone\r\nsimple\nsimple\r\nSimple\nsimpsons\r\nsimsim\r\nsinatra\r\nsinger\nsinger\r\nsingle\r\nsirius\r\nsister\r\nskate\r\nskater\r\nSkater\nskeeter\nskeeter\r\nSkeeter\nSkeeter\r\nskibum\r\nskidoo\nskidoo\r\nSkidoo\nskiing\nskiing\r\nSkiing\nSkinny\nskip\r\nskipper\nskipper\r\nskipper1\r\nskippy\nskippy\r\nSkippy\nskittles\r\nskull\r\nskunk\r\nskydive\r\nskyler\r\nskyline\r\nskywalker\r\nslacker\nslacker\r\nslayer\nslayer\r\nSlayer\nsleepy\r\nslick\r\nslider\r\nslideshow\r\nslip\r\nslipknot\r\nsmashing\nsmashing\r\nsmegma\r\nsmile\nsmile\r\nsmile1\r\nsmiles\nsmiles\r\nSmiles\nsmiley\nsmiley\r\nSmiley\nsmiths\nsmiths\r\nsmitty\r\nsmoke\r\nsmokey\nsmokey\r\nSmokey\nSmokey\r\nsmurfy\r\nsnake\nsnake\r\nsnakes\r\nsnapper\r\nsnapple\nsnapple\r\nSnicker\nsnickers\nsnickers\r\nsniper\nsniper\r\nSniper\nsnoop\r\nsnoopdog\nsnoopdog\r\nsnoopy\nsnoopy\r\nSnoopy\nSnoopy\r\nsnow\nsnow\r\nSnowbal\nsnowball\nsnowball\r\nsnowflake\r\nsnowman\nsnowman\r\nsnowski\r\nsnuffy\nsnuffy\r\nsober1\r\nsoccer\nsoccer\r\nSoccer\nsoccer1\nsoccer1\r\nsoftball\nsoftball\r\nsoleil\nsoleil\r\nsolomon\r\nsomething\r\nsonic\r\nsonics\r\nSonics\nsonny\nsonny\r\nsony\r\nsophia\r\nsophie\nsophie\r\nsound\r\nspace\nspace\r\nspain\nspain\r\nSpanish\nspanky\nspanky\r\nSpanky\nsparkle\r\nsparks\r\nsparky\nsparky\r\nSparky\nSparky\r\nsparrow\nsparrow\r\nspartan\r\nspazz\r\nspecial\nspecial\r\nSpecial\nSpeech\nspeedo\nspeedo\r\nspeedy\nspeedy\r\nSpeedy\nSpeedy\r\nspencer\nspencer\r\nsphynx\r\nspider\nspider\r\nSpider\nspiderman\r\nspike\nspike\r\nspike1\r\nspirit\r\nSpirit\nspitfire\nspitfire\r\nspock\r\nsponge\r\nspongebob\r\nspooky\nspooky\r\nspoon\r\nsporting\r\nsports\nsports\r\nSports\nspot\r\nspring\nspring\r\nSpring\nsprite\nsprite\r\nSprite\nsprocket\r\nspunky\nspunky\r\nSpunky\nspurs\r\nsquash\r\nSquirt\nsss\r\nssssss\nssssss\r\nstacey\nstacey\r\nStacey\nstan\r\nstanley\nstanley\r\nStanley\nstar\nstar\r\nstar69\nstar69\r\nstarbuck\r\nstargate\nstargate\r\nstarlight\r\nstars\r\nstart\nstart\r\nstarter\r\nstartrek\nstartrek\r\nStartrek\nstarwars\nstarwars\r\nstation\nstation\r\nstealth\nstealth\r\nsteaua\r\nsteel\r\nsteele\nsteele\r\nsteelers\nsteelers\r\nstella\nstella\r\nsteph\nsteph\r\nsteph1\r\nstephani\nstephani\r\nstephanie\r\nstephen\nstephen\r\nstephi\r\nSterling\r\nsteve\nsteve\r\nsteve1\r\nsteven\nsteven\r\nSteven\nSteven\r\nsteven1\r\nstevens\r\nstever\nstewart\r\nstimpy\nstimpy\r\nStimpy\nsting\r\nsting1\nsting1\r\nstingray\nstingray\r\nstinky\nstinky\r\nstivers\r\nstocks\r\nstone\r\nstorage\r\nstorm\nstorm\r\nstormy\nstormy\r\nstranger\r\nstrat\nstrat\r\nstrato\r\nstrawber\nstrawberry\r\nstretch\r\nStrider\nstrong\r\nstuart\nstuart\r\nstud\r\nstudent\nstudent\r\nStudent\nstudent2\r\nstudio\r\nStudly\nstumpy\r\nstupid\nstupid\r\nStupid\nsuccess\nsuccess\r\nSuccess\nsucker\r\nsuckme\r\nsue\r\nsugar\nsugar\r\nsultan\r\nsummer\nsummer\r\nSummer\nSummer\r\nsummit\r\nsun\nsun\r\nsunbird\nsunbird\r\nsundance\nsundance\r\nsunday\nsunday\r\nsunfire\r\nsunflowe\nsunflower\r\nsunny\nsunny\r\nsunny1\nsunny1\r\nsunrise\nsunrise\r\nsunset\nsunset\r\nSunshin\nsunshine\nsunshine\r\nSunshine\r\nSunShine\nsunshine1\r\nsuper\nsuper\r\nsuperfly\r\nsuperman\nsuperman\r\nSuperman\nSuperman\r\nsuperstar\r\nsupport\nsupport\r\nsupra\nsupra\r\nsurf\nsurf\r\nsurfer\nsurfer\r\nSurfer\nsurfing\r\nsusan\nsusan\r\nSusan\nsusan1\r\nsusana\r\nsusanna\r\nsutton\r\nsuzanne\nsuzanne\r\nsuzuki\nsuzuki\r\nsuzy\r\nSverige\r\nswanson\r\nsweden\r\nsweet\r\nsweet16\r\nsweetheart\r\nsweetie\nsweetie\r\nSweetie\nsweetness\r\nsweetpea\nsweetpea\r\nsweets\r\nSweets\nsweety\nsweety\r\nswim\r\nswimmer\r\nSwimmer\nswimming\nswimming\r\nswitzer\r\nSwoosh\r\nswordfish\r\nsydney\nsydney\r\nSydney\nsylvia\nsylvia\r\nsylvie\nsylvie\r\nsymbol\nsymbol\r\nsystem\nsystem\r\nSystem\nsystem5\r\ntab\r\ntabatha\r\ntacobell\ntacobell\r\ntaffy\ntaffy\r\ntaiwan\r\ntalon\r\ntamara\ntamara\r\nTamara\ntammy\ntammy\r\ntamtam\r\nTandy\ntango\ntango\r\nTanker\ntanner\r\nTanner\ntanya\ntanya\r\ntapani\r\ntara\ntara\r\nTardis\ntargas\r\ntarget\ntarget\r\ntarheel\r\ntarzan\ntarzan\r\ntasha\ntasha\r\nTasha\ntata\r\ntatiana\r\ntattoo\ntattoo\r\ntaurus\ntaurus\r\nTaurus\nTaurus\r\ntaylor\ntaylor\r\nTaylor\nTaylor\r\ntazdevil\r\nTazman\ntazmania\r\ntbird\r\nt-bone\nt-bone\r\nteacher\nteacher\r\nTeacher\nTEACHERS\nteamo\r\ntech\ntech\r\ntechno\ntechno\r\nteddy\nteddy\r\nteddy1\nteddy1\r\nteddybear\r\nteflon\r\nteiubesc\r\ntekiero\r\ntelecom\ntelecom\r\ntemp\ntemp\r\ntemporal\ntemporal\r\ntennis\ntennis\r\nTennis\nTennis\r\ntequiero\r\ntequila\ntequila\r\nteresa\nteresa\r\nTeresa\nterminal\r\nterry\nterry\r\nterry1\r\ntest\ntest\r\ntest1\ntest1\r\ntest123\ntest123\r\ntest2\ntest2\r\ntest3\r\ntester\ntester\r\nTester\ntesti\r\ntesting\ntesting\r\ntesttest\ntesttest\r\ntexas\ntexas\r\nthankyou\r\nthe\r\ntheatre\ntheatre\r\nthebest\r\ntheboss\ntheboss\r\ntheend\r\nthejudge\r\ntheking\ntheking\r\nthelorax\r\nTheman\ntheresa\ntheresa\r\nTheresa\nTheresa\r\nthisisit\r\nthomas\nthomas\r\nThomas\nThomas\r\nthompson\r\nthorne\r\nthrasher\r\nthumper\nthumper\r\nThumper\nthunder\nthunder\r\nThunder\nThunder\r\nthunderb\nthunderbird\r\nthursday\nthursday\r\nthx1138\nthx1138\r\ntiffany\ntiffany\r\nTiffany\ntiger\ntiger\r\ntiger2\r\ntigers\ntigers\r\nTigers\ntigger\ntigger\r\nTigger\nTigger\r\ntigger1\r\ntightend\r\ntigre\ntigre\r\ntika\r\ntim\ntim\r\ntimber\ntimber\r\ntime\ntime\r\ntimothy\ntimothy\r\nTimothy\ntina\ntina\r\ntinker\ntinker\r\ntinkerbell\r\nTinman\ntintin\ntintin\r\ntnt\r\ntoby\ntoby\r\ntoday\ntoday\r\ntokiohotel\r\ntokyo\r\ntom\ntom\r\ntomcat\ntomcat\r\nTomcat\ntommy\ntommy\r\ntony\ntony\r\ntool\r\ntootsie\ntootsie\r\nTootsie\ntopcat\ntopcat\r\ntopgun\ntopgun\r\ntopher\ntopher\r\ntornado\r\ntoronto\ntoronto\r\ntorres\r\ntoshiba\r\ntotal\r\ntoto1\r\ntototo\r\ntoucan\r\ntoyota\ntoyota\r\nTractor\ntracy\ntracy\r\ntraining\ntraining\r\ntransfer\r\ntransit\r\ntransport\r\ntrapper\r\ntrash\r\ntravel\ntravel\r\ntravis\r\nTravis\ntre\r\ntreasure\r\ntrebor\ntrebor\r\ntree\r\ntrees\r\ntrek\ntrek\r\ntrevor\ntrevor\r\nTrevor\ntricia\ntricia\r\ntricky\r\ntrident\ntrident\r\ntrinity\r\ntrish\r\ntristan\ntristan\r\ntriton\r\ntrixie\ntrixie\r\nTrixie\ntrojan\r\ntrombone\r\ntrophy\r\ntrouble\ntrouble\r\nTrouble\ntrout\r\ntruck\ntruck\r\ntrucker\r\nTrucks\ntruelove\r\ntruman\r\ntrumpet\ntrumpet\r\nTrumpet\ntrustno1\r\ntucker\ntucker\r\ntucson\r\ntuesday\ntuesday\r\nTuesday\r\ntula\r\nturbo\nturbo\r\nTurbo\nturbo2\r\nturtle\nturtle\r\nTurtle\ntweety\ntweety\r\nTweety\ntwilight\r\ntwinkle\r\ntwins\ntwins\r\ntyler\ntyler\r\ntyler1\r\nultimate\r\nundead\nundead\r\nundertaker\r\nunicorn\nunicorn\r\nunique\r\nunited\r\nunity\r\nunix\r\nupsilon\r\nursula\r\nuser1\nuser1\r\nutopia\nutopia\r\nvacation\r\nvader\nvader\r\nval\r\nvalentin\nvalentin\r\nvalentina\r\nvalentine\r\nvaleria\r\nvalerie\nvalerie\r\nvalhalla\nvalhalla\r\nvalley\r\nvampire\r\nVampire\nvanessa\r\nVanessa\nvanilla\nvanilla\r\nvedder\r\nvelvet\nvelvet\r\nvenice\r\nvenus\nvenus\r\nvermont\nvermont\r\nVernon\r\nveronica\nveronica\r\nvette\r\nVette\nvicki\r\nvicky\nvicky\r\nvictor\nvictor\r\nvictor1\r\nvictoria\nvictoria\r\nVictoria\nVictoria\r\nvictory\nvictory\r\nvideo\nvideo\r\nviking\nviking\r\nViking\nVikings\nvikram\r\nvincent\nvincent\r\nVincent\r\nvincent1\r\nviolet\nviolet\r\nViolet\nviolin\r\nviper\nviper\r\nViper\nviper1\nviper1\r\nvirago\r\nvirgil\r\nvirginia\nvirginia\r\nvisa\nvisa\r\nvision\nvision\r\nvisual\r\nvolcano\r\nvolley\nvolley\r\nVolley\nVolleyb\nvolleyball\r\nvolvo\nvolvo\r\nvoodoo\nvoodoo\r\nvortex\r\nvoyager\r\nVoyager\nwaiting\r\nwalden\r\nwaldo\r\nwalker\nwalker\r\nwalleye\r\nWalleye\nwally\nwally\r\nwalter\nwalter\r\nwanker\nwanker\r\nwarcraft\nwarcraft\r\nWarez\nwarlock\r\nwarner\nwarner\r\nwarren\nwarren\r\nWarren\nwarrior\nwarrior\r\nWarrior\nwarriors\nwarriors\r\nwater\nwater\r\nwater1\r\nWaterloo\r\nwatson\nwatson\r\nwayne\nwayne\r\nwayne1\r\nweasel\nweasel\r\nwebmaste\nwebmaster\r\nwebster\nwebster\r\nWebster\nWebster\r\nwedge\r\nweezer\r\nWeezer\nwelcome\nwelcome\r\nWelcome1\nwendy\nwendy\r\nwendy1\r\nwesley\nwesley\r\nwestern\nwestern\r\nwestlife\r\nwestside\r\nwhale1\r\nWhales\nWhateve\nwhatever\nwhatever\r\nwheeling\nwheels\nwheels\r\nWheels\nwhisky\nwhisky\r\nwhit\r\nwhite\nwhite\r\nwhitney\nwhitney\r\nwhocares\r\nwhoville\r\nwibble\r\nWicked\nwilbur\nwilbur\r\nwildcat\r\nWildcat\nwill\r\nwilliam\nwilliam\r\nWilliam\nwilliam1\r\nwilliams\nwilliams\r\nwillie\nwillie\r\nWillie\nwillow\nwillow\r\nWillow\r\nwilly\nwilly\r\nWilly\nwilma\r\nwilson\nwilson\r\nWilson\nwin95\nwind\r\nwindow\r\nWindows\nWindows\r\nwindsurf\nwindsurf\r\nwinner\nwinner\r\nwinnie\nwinnie\r\nWinnie\r\nwinniethepooh\r\nwinona\r\nwinston\nwinston\r\nwinter\nwinter\r\nWinter\nwisdom\nwisdom\r\nwizard\nwizard\r\nWizard\nwolf\nwolf\r\nwolf1\nwolf1\r\nwolfgang\nwolfgang\r\nwolfMan\nwolverin\nwolverine\r\nWolverine\r\nwolves\nwolves\r\nWolves\nwombat\nwombat\r\nwombat1\r\nwonder\nwonder\r\nWoodland\nWoodrow\r\nwoody\nwoody\r\nwoofwoof\r\nword\r\nwordpass\r\nworld\r\nwqsb\nwrangler\nwrangler\r\nWrestle\nwright\nwright\r\nwww\r\nxanadu\nxanadu\r\nXanadu\nxanth\r\nxavier\nxavier\r\nxbox360\r\nxcountry\nxcountry\r\nxfiles\nx-files\r\nxfiles\r\nx-men\r\nxxx\nxxx\r\nxxx123\r\nxxxx\nxxxx\r\nxxxxxx\r\nxxxxxxxx\r\nxyz\r\nxyz123\r\ny\r\nyamaha\nyamaha\r\nYamaha\nyankee\r\nyankees\nyankees\r\nYankees\nyellow\nyellow\r\nYellow\nyoda\nyoda\r\nyogibear\r\nyolanda\r\nyomama\nyomama\r\nyoung\nyoung\r\nyourmom\r\nyukon\r\nyvette\r\nyvonne\nyvonne\r\nzacefron\r\nzachary\nzachary\r\nzack\r\nzapata\nzapata\r\nzaphod\nzaphod\r\nZaphod\nzebra\nzebra\r\nzebras\r\nzenith\nzenith\r\nzephyr\nzephyr\r\nzeppelin\nzeppelin\r\nzepplin\r\nzeus\nzeus\r\nzhongguo\nzhongguo\r\nziggy\nziggy\r\nZiggy\nzigzag\r\nzoltan\r\nzombie\nzombie\r\nZombie\nzoomer\r\nzorro\nzorro\r\nZorro\nzxc\r\nzxc123\r\nzxcvb\r\nZxcvb\nzxcvbn\r\nzxcvbnm\nzxcvbnm\r\nZxcvbnm\nZxcvbnm\r\nzzz\r\n" }, { "path": "jq/Dockerfile", "content": "FROM alpine:latest\n\nRUN apk add --no-cache \\\n\tbash \\\n\tca-certificates \\\n\tcurl \\\n\tfindutils \\\n\tgit \\\n\tjq \\\n\topenssh-client\n" }, { "path": "k8scan/Dockerfile", "content": "FROM golang:1.12-alpine as builder\nMAINTAINER Jessica Frazelle \n\nENV PATH /go/bin:/usr/local/go/bin:$PATH\nENV GOPATH /go\n\nRUN\tapk add --no-cache \\\n\tca-certificates \\\n\tgit \\\n\tgcc \\\n\tlibc-dev \\\n\tlibgcc \\\n\tmake\n\n# Get go deps for tests etc.\nRUN go get honnef.co/go/tools/cmd/staticcheck \\\n\t\tgolang.org/x/lint/golint \\\n\t\tgithub.com/google/go-cmp/cmp\n\nWORKDIR /go/src/k8scan\n\nCOPY *.go /go/src/k8scan/\n\nRUN set -x \\\n\t&& go get -d . \\\n\t&& gofmt -s -l . \\\n\t&& go test ./... \\\n\t&& go vet ./... \\\n\t&& golint ./... \\\n\t&& staticcheck ./... \\\n\t&& CGO_ENABLED=0 go build -a -tags netgo -ldflags '-w -extldflags \"-static\"' -o /usr/bin/k8scan *.go \\\n\t&& echo \"Build complete.\"\n\nFROM r.j3ss.co/masscan\n\nCOPY --from=builder /usr/bin/k8scan /usr/bin/k8scan\nCOPY --from=builder /etc/ssl/certs/ /etc/ssl/certs\n\nENTRYPOINT [ \"k8scan\" ]\nCMD [ \"--help\" ]\n" }, { "path": "k8scan/main.go", "content": "package main\n\nimport (\n\t\"context\"\n\t\"crypto/tls\"\n\t\"encoding/json\"\n\t\"errors\"\n\t\"flag\"\n\t\"fmt\"\n\t\"io/ioutil\"\n\t\"log\"\n\t\"net\"\n\t\"net/http\"\n\t\"os\"\n\t\"os/exec\"\n\t\"os/signal\"\n\t\"path/filepath\"\n\t\"strconv\"\n\t\"strings\"\n\t\"sync\"\n\t\"syscall\"\n\t\"time\"\n\n\t\"github.com/Sirupsen/logrus\"\n\tmailgun \"github.com/mailgun/mailgun-go\"\n)\n\nconst (\n\tdefaultCIDR = \"0.0.0.0/0\"\n\n\tarinAPIEndpoint = \"http://whois.arin.net/rest/ip/%s\"\n\n\temailSender = \"k8scan@jessfraz.com\"\n)\n\nvar (\n\ttimeoutPing time.Duration\n\ttimeoutGet time.Duration\n\n\tcidr string\n\n\tdefaultPorts = intSlice{80, 443, 8001, 9001}\n\toriginalPorts string\n\tports intSlice\n\n\tuseMasscan bool\n\n\tmailgunDomain string\n\tmailgunAPIKey string\n\temailRecipient string\n\n\tdebug bool\n)\n\n// intSlice is a slice of ints\ntype intSlice []int\n\n// implement the flag interface for intSlice\nfunc (i *intSlice) String() (out string) {\n\tfor k, v := range *i {\n\t\tif k < len(*i)-1 {\n\t\t\tout += fmt.Sprintf(\"%d,\", v)\n\t\t} else {\n\t\t\tout += fmt.Sprintf(\"%d\", v)\n\t\t}\n\t}\n\treturn out\n}\n\nfunc (i *intSlice) Set(value string) error {\n\toriginalPorts = value\n\n\t// Set the default if nothing was given.\n\tif len(value) <= 0 {\n\t\t*i = defaultPorts\n\t\treturn nil\n\t}\n\n\t// Split on \",\" for individual ports and ranges.\n\tr := strings.Split(value, \",\")\n\tfor _, pr := range r {\n\t\t// Split on \"-\" to denote a range.\n\t\tif strings.Contains(pr, \"-\") {\n\t\t\tp := strings.SplitN(pr, \"-\", 2)\n\t\t\tbegin, err := strconv.Atoi(p[0])\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\t\t\tend, err := strconv.Atoi(p[1])\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\t\t\tif begin > end {\n\t\t\t\treturn fmt.Errorf(\"end port can not be greater than the beginning port: %d > %d\", end, begin)\n\t\t\t}\n\t\t\tfor port := begin; port <= end; port++ {\n\t\t\t\t*i = append(*i, port)\n\t\t\t}\n\n\t\t\tcontinue\n\t\t}\n\n\t\t// It is not a range just parse the port\n\t\tport, err := strconv.Atoi(pr)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t*i = append(*i, port)\n\t}\n\n\treturn nil\n}\n\nfunc init() {\n\tflag.DurationVar(&timeoutPing, \"timeout-ping\", 2*time.Second, \"Timeout for checking that the port is open\")\n\tflag.DurationVar(&timeoutGet, \"timeout-get\", 10*time.Second, \"Timeout for getting the contents of the URL\")\n\n\tflag.StringVar(&cidr, \"cidr\", defaultCIDR, \"IP CIDR to scan\")\n\tflag.Var(&ports, \"ports\", fmt.Sprintf(\"Ports to scan (ex. 80-443 or 80,443,8080 or 1-20,22,80-443) (default %q)\", defaultPorts.String()))\n\n\tflag.BoolVar(&useMasscan, \"masscan\", true, \"Use masscan binary for scanning (this is faster than using pure golang)\")\n\n\tflag.StringVar(&mailgunAPIKey, \"mailgun-api-key\", \"\", \"Mailgun API Key to use for sending email (optional)\")\n\tflag.StringVar(&mailgunDomain, \"mailgun-domain\", \"\", \"Mailgun Domain to use for sending email (optional)\")\n\tflag.StringVar(&emailRecipient, \"email-recipient\", \"\", \"Recipient for email notifications (optional)\")\n\n\tflag.BoolVar(&debug, \"d\", false, \"Run in debug mode\")\n\n\tflag.Usage = func() {\n\t\tflag.PrintDefaults()\n\t}\n\n\tflag.Parse()\n\n\t// Set the log level.\n\tif debug {\n\t\tlogrus.SetLevel(logrus.DebugLevel)\n\t}\n\n\t// Set the default ports.\n\tif len(ports) <= 0 {\n\t\tports = defaultPorts\n\t}\n}\n\nfunc main() {\n\t// On ^C, or SIGTERM handle exit.\n\tc := make(chan os.Signal, 1)\n\tsignal.Notify(c, os.Interrupt)\n\tsignal.Notify(c, syscall.SIGTERM)\n\tgo func() {\n\t\tfor sig := range c {\n\t\t\tlogrus.Infof(\"Received %s, exiting.\", sig.String())\n\t\t\tos.Exit(0)\n\t\t}\n\t}()\n\n\t// Set the logger to nil so we ignore messages from the Dial that don't matter.\n\t// See: https://github.com/golang/go/issues/19895#issuecomment-292793756\n\tlog.SetFlags(0)\n\tlog.SetOutput(ioutil.Discard)\n\n\tlogrus.Infof(\"Scanning for Kubernetes Dashboards and API Servers on %s over port range %s\", cidr, originalPorts)\n\tif len(mailgunDomain) > 0 && len(mailgunAPIKey) > 0 && len(emailRecipient) > 0 {\n\t\tlogrus.Infof(\"Using Mailgun Domain %s, API Key %s to send emails to %s\", mailgunDomain, mailgunAPIKey, emailRecipient)\n\t}\n\tlogrus.Infof(\"This may take a bit...\")\n\n\tvar (\n\t\tstartTime = time.Now()\n\t\twg sync.WaitGroup\n\t)\n\n\tif useMasscan {\n\t\tm, err := doMasscan()\n\t\tif err != nil {\n\t\t\tlogrus.Fatal(err)\n\t\t}\n\n\t\tlogrus.Infof(\"Found %d open ports\", len(m))\n\n\t\tfor _, result := range m {\n\t\t\tfor _, port := range result.Ports {\n\t\t\t\twg.Add(1)\n\t\t\t\tgo func(ip string, port int) {\n\t\t\t\t\tdefer wg.Done()\n\n\t\t\t\t\tscanIP(ip, port)\n\n\t\t\t\t}(result.IP, port.Port)\n\t\t\t}\n\t\t}\n\t} else {\n\t\tip, ipnet, err := net.ParseCIDR(cidr)\n\t\tif err != nil {\n\t\t\tlogrus.Fatal(err)\n\t\t}\n\n\t\tfor ip := ip.Mask(ipnet.Mask); ipnet.Contains(ip); inc(ip) {\n\t\t\tfor _, port := range ports {\n\t\t\t\twg.Add(1)\n\t\t\t\tgo func(ip string, port int) {\n\t\t\t\t\tdefer wg.Done()\n\n\t\t\t\t\t// Check if the port is open.\n\t\t\t\t\tok := portOpen(ip, port)\n\t\t\t\t\tif !ok {\n\t\t\t\t\t\treturn\n\t\t\t\t\t}\n\n\t\t\t\t\tscanIP(ip, port)\n\n\t\t\t\t}(ip.String(), port)\n\t\t\t}\n\t\t}\n\t}\n\n\twg.Wait()\n\n\tsince := time.Since(startTime)\n\tlogrus.Infof(\"Scan took: %s\", since.String())\n}\n\nfunc scanIP(ip string, port int) {\n\t// Check if it's a kubernetes dashboard.\n\tok, uri := isKubernetesDashboard(ip, port)\n\tif !ok {\n\t\treturn\n\t}\n\n\t// Get the info for the ip address.\n\tinfo, err := getIPInfo(ip)\n\tif err != nil {\n\t\tlogrus.Warnf(\"ip info err: %v\", err)\n\t}\n\n\tfmt.Printf(\"%s:%d\\t%s\\t%s\\t%s\\n\",\n\t\tip, port,\n\t\tinfo.Net.Organization.Handle, info.Net.Organization.Name, info.Net.Organization.Reference)\n\n\t// send an email\n\tif len(mailgunDomain) > 0 && len(mailgunAPIKey) > 0 && len(emailRecipient) > 0 {\n\t\tif err := sendEmail(uri, ip, port, info); err != nil {\n\t\t\tlogrus.Warn(err)\n\t\t}\n\t}\n}\n\nfunc portOpen(ip string, port int) bool {\n\tc, err := net.DialTimeout(\"tcp\", fmt.Sprintf(\"%s:%d\", ip, port), timeoutPing)\n\tif err != nil {\n\t\tlogrus.Debugf(\"listen at %s:%d failed: %v\", ip, port, err)\n\t\treturn false\n\t}\n\tif c != nil {\n\t\tc.Close()\n\t}\n\n\treturn true\n}\n\nfunc isKubernetesDashboard(ip string, port int) (bool, string) {\n\tclient := &http.Client{\n\t\tTimeout: timeoutGet,\n\t\tTransport: &http.Transport{\n\t\t\tTLSClientConfig: &tls.Config{\n\t\t\t\tInsecureSkipVerify: true,\n\t\t\t},\n\t\t},\n\t}\n\n\ttryAddrs := []string{\n\t\tfmt.Sprintf(\"http://%s:%d\", ip, port),\n\t\tfmt.Sprintf(\"https://%s:%d\", ip, port),\n\t\tfmt.Sprintf(\"http://%s:%d/api/\", ip, port),\n\t\tfmt.Sprintf(\"https://%s:%d/api/\", ip, port),\n\t}\n\n\tvar (\n\t\tresp *http.Response\n\t\terr = errors.New(\"not yet run\")\n\t\turi string\n\t)\n\n\tfor i := 0; i < len(tryAddrs) && err != nil; i++ {\n\t\turi = tryAddrs[i]\n\t\tresp, err = client.Get(uri)\n\t}\n\tif err != nil {\n\t\tlogrus.Debugf(\"getting %s:%d failed: %v\", ip, port, err)\n\t\treturn false, \"\"\n\t}\n\tdefer resp.Body.Close()\n\n\tb, err := ioutil.ReadAll(resp.Body)\n\tif err != nil {\n\t\treturn false, \"\"\n\t}\n\n\tbody := strings.ToLower(string(b))\n\tif (strings.Contains(body, \"kubernetes\") && strings.Contains(body, \"dashboard\")) ||\n\t\t(strings.Contains(body, `\"versions\"`) && strings.Contains(body, `\"serverAddress`)) ||\n\t\t(strings.Contains(body, `\"paths\"`) && strings.Contains(body, `\"/api\"`)) {\n\t\treturn true, uri\n\t}\n\n\treturn false, \"\"\n}\n\n// ARINResponse describes the data struct that holds the response from ARIN.\ntype ARINResponse struct {\n\tNet NetJSON `json:\"net,omitempty\"`\n}\n\n// NetJSON holds the net data from the ARIN response.\ntype NetJSON struct {\n\tOrganization OrganizationJSON `json:\"orgRef,omitempty\"`\n}\n\n// OrganizationJSON holds the organization data from the ARIN response.\ntype OrganizationJSON struct {\n\tHandle string `json:\"@handle,omitempty\"`\n\tName string `json:\"@name,omitempty\"`\n\tReference string `json:\"$,omitempty\"`\n}\n\n// MasscanResult holds the masscan results data struct.\n// Looks like:\n// [\n// {\n// \"ip\": \"104.198.238.41\",\n// \"timestamp\": \"1531524211\",\n// \"ports\": [\n// {\n// \"port\": 22,\n// \"proto\": \"tcp\",\n// \"status\": \"open\",\n// \"reason\": \"syn-ack\",\n// \"ttl\": 56\n// }\n// ]\n// },\n// ...\n// ]\ntype MasscanResult struct {\n\tIP string `json:\"ip,omitempty\"`\n\tTimestamp MasscanTime `json:\"timestamp,omitempty\"`\n\tPorts []MasscanPort `json:\"ports,omitempty\"`\n}\n\n// MasscanPort defines the data struct for a masscan port.\ntype MasscanPort struct {\n\tPort int `json:\"port,omitempty\"`\n\tProtocol string `json:\"proto,omitempty\"`\n\tStatus string `json:\"status,omitempty\"`\n\tReason string `json:\"reason,omitempty\"`\n\tTTL int `json:\"ttl,omitempty\"`\n}\n\n// MasscanTime is the time format returned by masscan.\ntype MasscanTime struct {\n\ttime.Time\n}\n\n// UnmarshalJSON sets MasscanTime correctly from a string.\nfunc (t *MasscanTime) UnmarshalJSON(b []byte) error {\n\ts := strings.Trim(strings.TrimSpace(string(b)), `\"`)\n\n\ti, err := strconv.ParseInt(s, 10, 64)\n\tif err != nil {\n\t\treturn err\n\t}\n\n\t*t = MasscanTime{time.Unix(i, 0)}\n\n\treturn nil\n}\n\nfunc getIPInfo(ip string) (b ARINResponse, err error) {\n\treq, err := http.NewRequest(http.MethodGet, fmt.Sprintf(arinAPIEndpoint, ip), nil)\n\tif err != nil {\n\t\treturn b, err\n\t}\n\treq.Header.Set(\"Accept\", \"application/json\")\n\n\tresp, err := http.DefaultClient.Do(req)\n\tif err != nil {\n\t\treturn b, err\n\t}\n\tdefer resp.Body.Close()\n\n\tif err := json.NewDecoder(resp.Body).Decode(&b); err != nil {\n\t\treturn b, err\n\t}\n\n\treturn b, nil\n}\n\nfunc inc(ip net.IP) {\n\tfor j := len(ip) - 1; j >= 0; j-- {\n\t\tip[j]++\n\t\tif ip[j] > 0 {\n\t\t\tbreak\n\t\t}\n\t}\n}\n\nfunc sendEmail(uri, ip string, port int, arinInfo ARINResponse) error {\n\tmailgunClient := mailgun.NewMailgun(mailgunDomain, mailgunAPIKey)\n\n\tmsg, _, err := mailgunClient.Send(context.Background(), mailgunClient.NewMessage(\n\t\t/* From */ fmt.Sprintf(\"%s <%s>\", emailSender, emailSender),\n\t\t/* Subject */ fmt.Sprintf(\"[k8scan]: found dashboard %s\", uri),\n\t\t/* Body */ fmt.Sprintf(`Time: %s\n\nIP: %s:%d\nURL: %s\n\nARIN: %s\n\t %s\n\t %s\n`,\n\t\t\ttime.Now().Format(time.UnixDate),\n\t\t\tip,\n\t\t\tport,\n\t\t\turi,\n\t\t\tarinInfo.Net.Organization.Handle,\n\t\t\tarinInfo.Net.Organization.Name,\n\t\t\tarinInfo.Net.Organization.Reference,\n\t\t),\n\t\t/* To */ emailRecipient,\n\t))\n\tif err != nil {\n\t\treturn fmt.Errorf(\"sending Mailgun message failed: response: %#v error: %v\", msg, err)\n\t}\n\n\treturn nil\n}\n\nfunc doMasscan() ([]MasscanResult, error) {\n\t// Create a temporary directory for the output.\n\tdir, err := ioutil.TempDir(os.TempDir(), \"masscan\")\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"creating temporary directory failed: %v\", err)\n\t}\n\tdefer os.RemoveAll(dir)\n\n\tfile := filepath.Join(dir, \"scan.json\")\n\n\tcmd := exec.Command(\"masscan\",\n\t\tfmt.Sprintf(\"-p%s\", ports.String()),\n\t\tcidr,\n\t\t\"--output-format\", \"json\",\n\t\t\"--output-file\", file,\n\t\t\"--rate\", \"1000000\",\n\t\t\"--exclude\", \"255.255.255.255\",\n\t)\n\tcmd.Stdout = os.Stdout\n\tcmd.Stderr = os.Stderr\n\n\tlogrus.Infof(\"Running masscan command: `%s`\", strings.Join(cmd.Args, \" \"))\n\tif err := cmd.Run(); err != nil {\n\t\treturn nil, fmt.Errorf(\"running masscan failed: %v\", err)\n\t}\n\n\tb, err := cleanMasscanOutputFile(file)\n\tif err != nil {\n\t\treturn nil, fmt.Errorf(\"cleaning up masscan file failed: %v\", err)\n\t}\n\n\tm := []MasscanResult{}\n\n\t// Return early if empty.\n\tif len(b) <= 0 {\n\t\treturn m, nil\n\t}\n\n\tif err := json.Unmarshal(b, &m); err != nil {\n\t\treturn nil, fmt.Errorf(\"unmarshal json failed: %v\\nbody: %s\", err, string(b))\n\t}\n\n\tlogrus.Debugf(\"masscan result: %#v\", m)\n\n\treturn m, nil\n}\n\nfunc cleanMasscanOutputFile(file string) ([]byte, error) {\n\tb, err := ioutil.ReadFile(file)\n\tif err != nil {\n\t\treturn nil, err\n\t}\n\n\ts := strings.TrimSpace(string(b))\n\tif len(s) <= 0 {\n\t\treturn nil, nil\n\t}\n\n\treturn []byte(strings.TrimSuffix(s, \",\\n]\") + \"]\"), nil\n}\n" }, { "path": "k8scan/main_test.go", "content": "package main\n\nimport (\n\t\"testing\"\n\n\t\"github.com/google/go-cmp/cmp\"\n)\n\nfunc TestARINResponse(t *testing.T) {\n\tinfo, err := getIPInfo(\"104.40.92.107\")\n\tif err != nil {\n\t\tt.Fatal(err)\n\t}\n\n\tif info.Net.Organization.Handle != \"MSFT\" {\n\t\tt.Fatalf(\"expected handle to be MSFT, got %s\", info.Net.Organization.Handle)\n\t}\n\tif info.Net.Organization.Name != \"Microsoft Corporation\" {\n\t\tt.Fatalf(\"expected handle to be Microsoft Corporation, got %s\", info.Net.Organization.Name)\n\t}\n\tif info.Net.Organization.Reference != \"https://whois.arin.net/rest/org/MSFT\" {\n\t\tt.Fatalf(\"expected reference to be https://whois.arin.net/rest/org/MSFT, got %s\", info.Net.Organization.Reference)\n\t}\n}\n\nfunc TestParsePortRange(t *testing.T) {\n\ttestFuncs := []struct {\n\t\tgiven string\n\t\texpected intSlice\n\t}{\n\t\t{\n\t\t\tgiven: \"\",\n\t\t\texpected: intSlice{80, 443, 8001, 9001},\n\t\t},\n\t\t{\n\t\t\tgiven: \"80,443,9090\",\n\t\t\texpected: intSlice{80, 443, 9090},\n\t\t},\n\t\t{\n\t\t\tgiven: \"80-90\",\n\t\t\texpected: intSlice{80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90},\n\t\t},\n\t\t{\n\t\t\tgiven: \"22-24,80,8080-8083\",\n\t\t\texpected: intSlice{22, 23, 24, 80, 8080, 8081, 8082, 8083},\n\t\t},\n\t\t{\n\t\t\tgiven: \"80\",\n\t\t\texpected: intSlice{80},\n\t\t},\n\t}\n\n\tfor _, testFunc := range testFuncs {\n\t\ti := intSlice{}\n\t\tif err := i.Set(testFunc.given); err != nil {\n\t\t\tt.Fatal(err)\n\t\t}\n\t\tif !cmp.Equal(testFunc.expected, i) {\n\t\t\tt.Fatalf(\"expected: %#v\\ngot: %#v\", testFunc.expected, i)\n\t\t}\n\t}\n}\n" }, { "path": "keepass2/Dockerfile", "content": "# DESCRIPTION:\tCreate keepass2 container with its dependencies\n# AUTHOR:\t\tChristian Koep \n# USAGE:\n#\t# Build keepass2 image\n#\tdocker build -t keepass2 .\n#\n#\t# Run the container and mount your keepass2 database file\n#\tdocker run -it \\\n#\t\t-v /home/$USER/DB.kdbx:/root/DB.kdbx \\\n#\t\t-v /tmp/.X11-unix:/tmp/.X11-unix \\\n#\t\t-v /home/$USER/keepass2-plugins:/usr/lib/keepass2/Plugins \\\n#\t\t-e DISPLAY=$DISPLAY \\\n#\t\tkeepass2 \"$@\"\n#\n# ISSUES:\n#\t# 'Gtk: cannot open display: :0'\n#\tTry to set 'DISPLAY=your_host_ip:0' or run 'xhost +' on your host.\n#\t(see: https://stackoverflow.com/questions/28392949/running-chromium-inside-docker-gtk-cannot-open-display-0)\n#\n\nFROM debian:sid-slim\nLABEL maintainer \"Christian Koep \"\n\nENV DEBIAN_FRONTEND noninteractive\n\nRUN apt-get update && apt-get install -y \\\n\tkeepass2 \\\n\txdotool \\\n\tmono-mcs \\\n\t--no-install-recommends \\\n\t&& rm -rf /var/lib/apt/lists/*\n\nENTRYPOINT [\"/usr/bin/keepass2\"]\n" }, { "path": "keepassxc/Dockerfile", "content": "# keepassxc\n#\n# docker run -d \\\n#\t\t-v /tmp/.X11-unix:/tmp/.X11-unix \\\n#\t\t-v /etc/machine-id:/etc/machine-id:ro \\\n#\t\t-v /usr/share/X11/xkb:/usr/share/X11/xkb/:ro \\\n#\t\t-v $HOME/.config/keepassxc:/root/.config/keepassxc \\\n#\t\t-e DISPLAY=unix$DISPLAY \\\n#\t\tjess/keepassxc\n#\nFROM alpine:latest\nLABEL maintainer \"Christian Koep \"\n\nENV KEEPASSXC_VERSION 2.5.4\n\nRUN buildDeps=' \\\n\t\tautomake \\\n\t\targon2-dev \\\n\t\tbash \\\n\t\tcmake \\\n\t\tcurl-dev \\\n\t\texpat \\\n\t\tg++ \\\n\t\tgcc \\\n\t\tgit \\\n\t\tlibgcrypt-dev \\\n\t\tlibmicrohttpd-dev \\\n\t\tlibqrencode-dev\t\\\n\t\tlibsodium-dev \\\n\t\tmake \\\n\t\tqt5-qtbase-dev \\\n\t\tqt5-qtsvg-dev \\\n\t\tqt5-qttools-dev \\\n\t' \\\n\tset -x \\\n\t&& apk --no-cache add \\\n\t\t$buildDeps \\\n\t&& git clone --depth 1 --branch ${KEEPASSXC_VERSION} https://github.com/keepassxreboot/keepassxc.git /usr/src/keepassxc \\\n\t&& cd /usr/src/keepassxc \\\n\t&& mkdir build \\\n\t&& cd build \\\n\t&& cmake -DWITH_TESTS=ON -DWITH_XC_AUTOTYPE=ON -DWITH_XC_HTTP=ON .. \\\n\t&& make \\\n\t&& make install \\\n\t&& apk del $buildDeps \\\n\t&& rm -rf /usr/src/keepassxc \\\n\t&& echo \"Build complete.\"\n\nRUN\tapk --no-cache add \\\n\t\targon2-libs \\\n\t\tlibcurl \\\n\t\tlibmicrohttpd \\\n\t\tlibgcrypt \\\n\t\tlibqrencode \\\n\t\tlibsodium \\\n\t\tmesa-dri-intel \\\n\t\tqt5-qtbase \\\n\t\tqt5-qtbase-x11 \\\n\t\tqt5-qtsvg \\\n\t\tqt5-qttools \\\n\t\tttf-dejavu\n\nENTRYPOINT [ \"/usr/local/bin/keepassxc\" ]\n" }, { "path": "kernel-builder/Dockerfile", "content": "FROM r.j3ss.co/wireguard:install\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN apt update && apt -y install \\\n\tbash \\\n\tbc \\\n\tbison \\\n\tca-certificates \\\n\tcurl \\\n\tfakeroot \\\n\tflex \\\n\tgit \\\n\tlibgmp-dev \\\n\tlibncurses-dev \\\n\tperl \\\n\ttar \\\n\t--no-install-recommends \\\n\t&& rm -rf /var/lib/apt/lists/*\n\nENV HOME /root\nWORKDIR $HOME\n\nENV JOBS 4\n\nCOPY build_kernel /usr/local/bin/build_kernel\n\nRUN echo \"build_kernel [version]\" > /root/.bash_history\n\nENTRYPOINT [ \"bash\" ]\n" }, { "path": "kernel-builder/build_kernel", "content": "#!/bin/bash\nset -e\nset -o pipefail\n\nlinux_next(){\n\tlocal dir=\"/usr/src/linux-next\"\n\n\t# Check if we already have the source for linux-next checked out.\n\tif [[ -d \"$dir\" ]]; then\n\t\techo \"Updating linux-next tree git remotes...\"\n\t\t(\n\t\tcd \"$dir\"\n\n\t\tgit checkout master\n\t\tgit remote update\n\t\t)\n\telse\n\t\techo \"Cloning the git source for linux...\"\n\t\tgit clone https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git \"$dir\"\n\n\t\techo \"Adding the linux-next git remote...\"\n\t\t(\n\t\tcd \"$dir\"\n\n\t\tgit remote add linux-next https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git\n\t\t)\n\tfi\n\n\techo \"Fetching the linux-next remote and updating tags...\"\n\t(\n\tcd \"$dir\"\n\n\tgit fetch linux-next\n\tgit fetch --tags linux-next\n\t)\n\n\tlocal branch\n\tbranch=\"next-$(date +%Y%m%d)\"\n\techo \"Checking out the correct branch ${branch}...\"\n\t(\n\tcd \"$dir\"\n\n\tgit checkout -b \"$branch\" \"$branch\"\n\t)\n}\n\ninstall_kernel(){\n\tlocal VERSION=$1\n\tlocal OPT=$2\n\tlocal DIR=\"/usr/src/linux-${VERSION}\"\n\n\tif [[ -z $VERSION ]]; then\n\t\techo \"Please specify a kernel version.\"\n\t\texit 1\n\telif [[ \"$VERSION\" == \"next\" ]]; then\n\t\tDIR=\"/usr/src/linux-next\"\n\t\tlinux_next\n\tfi\n\n\tif [[ \"$VERSION\" != \"next\" ]]; then\n\t\tlocal MAJOR_VERSION=${VERSION:0:1}\n\t\tlocal V=( \"${VERSION//./ }\" )\n\t\tlocal MAJOR_MINOR_VERSION=\"${V[0]}.${V[1]}\"\n\n\t\t# Get the kernel source.\n\t\techo \"Getting the kernel source for linux-${VERSION}...\"\n\t\techo \"This might take a bit to download. Hang tight!\"\n\t\tif [[ \"$VERSION\" == *-rc* ]]; then\n\t\t\t[ -d \"$DIR\" ] || curl -sSL \"https://git.kernel.org/torvalds/t/linux-${VERSION}.tar.gz\" | tar -C /usr/src -xz\n\n\t\t\tMAJOR_MINOR_VERSION=\"${MAJOR_VERSION}.x-rcN\"\n\t\telse\n\t\t\t[ -d \"/usr/src/linux-${VERSION}\" ] || curl -sSL \"https://cdn.kernel.org/pub/linux/kernel/v${MAJOR_VERSION}.x/linux-${VERSION}.tar.xz\" | tar -C /usr/src -xJ\n\t\tfi\n\n\t\t# Git clone and apply the patches for the aufs filesystem.\n\t\tif [[ \"$OPT\" == \"aufs\" ]] && [[ ! -d \"${DIR}/fs/aufs\" ]]; then\n\t\t\taufsdir=/aufs4-standalone\n\n\t\t\techo \"Cloning the git patches for the aufs filesystem...\"\n\t\t\tgit clone --depth 1 --branch \"aufs${MAJOR_MINOR_VERSION}\" --single-branch https://github.com/sfjro/aufs4-standalone.git \"$aufsdir\"\n\n\t\t\t(\n\t\t\tcd \"$DIR\"\n\n\t\t\techo \"Applying patch for the aufs filesystem...\"\n\t\t\tgit apply $aufsdir/aufs4-kbuild.patch\n\t\t\tgit apply $aufsdir/aufs4-base.patch\n\t\t\tgit apply $aufsdir/aufs4-mmap.patch\n\t\t\tcp -r $aufsdir/{Documentation,fs} .\n\t\t\tcp $aufsdir/include/uapi/linux/aufs_type.h include/uapi/linux/\n\t\t\t)\n\t\tfi\n\tfi\n\n\n\t# Install Wireguard VPN into the kernel.\n\tif [[ \"$OPT\" == \"wireguard\" ]] && [[ ! -f \"${DIR}/net/wireguard/allowedips.c\" ]]; then\n\t\techo \"Applying patch for Wireguard VPN...\"\n\t\t(\n\t\tcd \"$DIR\"\n\t\t/wireguard/contrib/kernel-tree/create-patch.sh | patch -p1\n\t\t)\n\t\techo \"Patch for Wireguard VPN successfully applied!\"\n\tfi\n\n\t# Copy the config from /usr/src/config if it does not already exist.\n\tif [[ ! -f \"${DIR}/.config\" ]] && [[ -f \"/usr/src/config\" ]]; then\n\t\t(\n\t\tcd \"$DIR\"\n\n\t\tcp ../config .config\n\n\t\t# Add the config options for the aufs filesystem.\n\t\tif [[ \"$OPT\" == \"aufs\" ]]; then\n\t\t\techo \"CONFIG_AUFS_FS=y\" >> .config\n\t\tfi\n\n\t\t# Add the config options for Wireguard VPN.\n\t\tif [[ \"$OPT\" == \"wireguard\" ]]; then\n\t\t\techo \"CONFIG_WIREGUARD=y\" >> .config\n\t\tfi\n\t\t)\n\tfi\n\n\t(\n\tcd \"$DIR\"\n\n\techo \"Building the kernel...\"\n\tmake -j\"$JOBS\"\n\techo \"Installing the modules...\"\n\tmake modules_install\n\techo \"Installing the kernel...\"\n\tmake install\n\t)\n\t(\n\techo \"Stripping the modules...\"\n\tfind /lib/modules/ -name \"*.ko\" -exec strip --strip-unneeded {} +\n\t)\n}\n\n# shellcheck disable=SC2068\ninstall_kernel $@\n\necho \"Kernel successfully installed!\"\necho \"You will now want to run:\"\necho \" update-initramfs -u -k all\"\necho \"and\"\necho \" update-grub2\"\necho \"or the equivalent for your system.\"\n" }, { "path": "kicad/Dockerfile", "content": "FROM debian:bullseye-slim\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN apt-get update && apt-get install -y \\\n\tkicad \\\n\t--no-install-recommends \\\n\t&& rm -rf /var/lib/apt/lists/*\n\nENTRYPOINT [ \"kicad\" ]\n" }, { "path": "kvm/Dockerfile", "content": "# Run libvirt deamon in a container\n#\n# docker run -d \\\n#\t--privileged \\\n#\t-v /var/run/libvirt:/var/run/libvirt \\\n#\t--name kvm \\\n#\tjess/kvm\n#\nFROM debian:sid-slim\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN apt-get update && apt-get install -y \\\n\tdnsmasq \\\n\tgir1.2-spiceclientgtk-3.0 \\\n\tiproute2 \\\n\tiptables \\\n\tlibgl1-mesa-dri \\\n\tlibgl1-mesa-glx \\\n\tlibvirt-daemon-system \\\n\tprocps \\\n\tpython-gi \\\n\tqemu-kvm \\\n\tvirtinst \\\n\tvirt-manager \\\n\tvirt-viewer \\\n\t--no-install-recommends \\\n\t&& rm -rf /var/lib/apt/lists/*\n\nCOPY ./start.sh /start.sh\n\nENTRYPOINT [\"/start.sh\"]\nCMD [\"virt-manager\", \"--no-fork\"]\n" }, { "path": "kvm/start.sh", "content": "#!/bin/bash\nset -e\nset -o pipefail\n\n# add the correct user perms\necho \"Adding the user groups...\"\ngpasswd -a root libvirt\ngpasswd -a root kvm\nchown root:kvm /dev/kvm\n\n# allow root user to use qemu\necho 'user = \"root\"' >> /etc/libvirt/qemu.conf\necho 'group = \"root\"' >> /etc/libvirt/qemu.conf\n\n# create the bridge for networking\necho \"Creating the bridge for networking...\"\nip link add name virt0 type bridge\nip link set dev virt0 up\nbridge link\nip addr add dev virt0 172.20.0.1/16\niptables -t nat -A POSTROUTING -s 172.20.0.1/16 -j MASQUERADE\n\n# start the virtlogd daemon\necho \"Starting virtlogd...\"\nvirtlogd &\n\n# start libvirtd\necho \"Starting libvirtd...\"\nlibvirtd &\n\n# put in a sleep for services to start\necho \"Sleeping while services start...\"\nsleep 5\n\n# start the default networking\necho \"Creating the default networking...\"\nvirsh net-start default\n\n# import existing vms\necho \"Importing any existing VMs...\"\nfor f in /root/kvm/*.xml; do\n\techo \"Importing $(basename \"$f\")...\"\n\tvirsh define \"$f\"\ndone\n\necho \"Starting virt-manager...\"\n# shellcheck disable=SC2068\nexec $@\n" }, { "path": "latest-versions.sh", "content": "#!/bin/bash\n# This script gets the latest GitHub releases for the specified projects.\n\nif [[ -z \"$GITHUB_TOKEN\" ]]; then\n\techo \"Set the GITHUB_TOKEN env variable.\"\n\texit 1\nfi\n\nURI=https://api.github.com\nAPI_VERSION=v3\nAPI_HEADER=\"Accept: application/vnd.github.${API_VERSION}+json\"\nAUTH_HEADER=\"Authorization: token ${GITHUB_TOKEN}\"\n\nget_latest() {\n\tlocal repo=$1\n\n\tlocal resp\n\tresp=$(curl -sSL -H \"${AUTH_HEADER}\" -H \"${API_HEADER}\" \"${URI}/repos/${repo}/releases\")\n\tif [[ \"$repo\" != \"Radarr/Radarr\" ]]; then\n\t\tresp=$(echo \"$resp\" | jq --raw-output '[.[] | select(.prerelease == false)]')\n\tfi\n\tlocal tag\n\ttag=$(echo \"$resp\" | jq -e --raw-output .[0].tag_name)\n\tlocal name\n\tname=$(echo \"$resp\" | jq -e --raw-output .[0].name)\n\n\tif [[ \"$tag\" == \"null\" ]]; then\n\t\t# get the latest tag\n\t\tresp=$(curl -sSL -H \"${AUTH_HEADER}\" -H \"${API_HEADER}\" \"${URI}/repos/${repo}/tags\")\n\t\ttag=$(echo \"$resp\" | jq -e --raw-output .[0].name)\n\t\ttag=${tag#release-}\n\tfi\n\n\tif [[ \"$name\" == \"null\" ]] || [[ \"$name\" == \"\" ]]; then\n\t\tname=\"-\"\n\tfi\n\n\tlocal dir=${repo#*/}\n\n\tif [[ \"$dir\" == \"CouchPotatoServer\" ]]; then\n\t\tdir=\"couchpotato\"\n\telif [[ \"$dir\" == \"cri-o\" ]]; then\n\t\tdir=\"crio\"\n\telif [[ \"$dir\" == \"byte-unixbench\" ]]; then\n\t\tdir=\"unixbench\"\n\telif [[ \"$dir\" == \"Tautulli\" ]]; then\n\t\tdir=\"plexpy\"\n\telif [[ \"$dir\" == \"zookeeper\" ]]; then\n\t\tdir=\"zookeeper/3.6\"\n\telif [[ \"$dir\" == \"oauth2_proxy\" ]]; then\n\t\tdir=\"oauth2-proxy\"\n\tfi\n\n\t# Change to upper case for grep\n\tlocal udir\n\tudir=$(echo $dir | awk '{print toupper($0)}')\n\t# Replace dashes (-) with underscores (_)\n\tudir=${udir//-/_}\n\tudir=${udir%/*}\n\n\tif [[ \"$dir\" == \"wireguard-tools\" ]]; then\n\t\tdir=\"wireguard/install\"\n\t\tudir=\"WIREGUARD_TOOLS\"\n\telif [[ \"$dir\" == \"wireguard-linux-compat\" ]]; then\n\t\tdir=\"wireguard/install\"\n\t\tudir=\"WIREGUARD\"\n\tfi\n\n\tlocal current\n\tif [[ ! -d \"$dir\" ]]; then\n\t\t# If the directory does not exist, then grep all for it\n\t\tcurrent=$(grep -m 1 \"${udir}_VERSION\" -- **/Dockerfile | head -n 1 | awk '{print $(NF)}')\n\telse\n\t\tcurrent=$(grep -m 1 \"${udir}_VERSION\" \"${dir}/Dockerfile\" | awk '{print $(NF)}')\n\tfi\n\n\n\tcompare \"$name\" \"$dir\" \"$tag\" \"$current\" \"https://github.com/${repo}/releases\"\n}\n\nget_latest_unifi() {\n\tlocal latest current\n\tlatest=$(curl -sSL http://www.ubnt.com/downloads/unifi/debian/dists/cloudkey-stable/ubiquiti/binary-armhf/Packages \\\n\t\t| awk 'BEGIN {FS=\"\\n\"; RS=\"\";} /^Package: unifi/' \\\n\t\t| awk '/^Version:/ {print $2}' \\\n\t\t| cut -d- -f1)\n\n\tcurrent=$(grep -m 1 UNIFI_VERSION unifi/Dockerfile | tr '\"' ' ' | awk '{print $(NF)}')\n\n\tcompare unifi unifi \"$latest\" \"$current\" https://www.ubnt.com/download/unifi\n}\n\ncompare() {\n\tlocal name=\"$1\" dir=\"$2\" tag=\"$3\" current=\"$4\" releases=\"$5\"\n\tignore_dirs=( \"mc\" \"zookeeper/3.6\" )\n\n\tif [[ \"$tag\" =~ $current ]] || [[ \"$name\" =~ $current ]] || [[ \"$current\" =~ $tag ]] || [[ \"$current\" == \"master\" ]]; then\n\t\techo -e \"\\\\e[36m${dir}:\\\\e[39m current ${current} | ${tag} | ${name}\"\n\telse\n\t\t# add to the bad versions\n\t\tif [[ ! \" ${ignore_dirs[*]} \" =~ ${dir} ]]; then\n\t\t\tbad_versions+=( \"${dir}\" )\n\t\tfi\n\t\techo -e \"\\\\e[31m${dir}:\\\\e[39m current ${current} | ${tag} | ${name} | ${releases}\"\n\tfi\n}\n\nprojects=(\n\tiovisor/bcc\n\tiovisor/bpftrace\n\tbrowsh-org/browsh\n\tcertbot/certbot\n\tcloudflare/cfssl\n\tquay/clair\n\thashicorp/consul\n\tcoredns/coredns\n\tCouchPotato/CouchPotatoServer\n\tcurl/curl\n\tkolide/fleet\n\tGoogleCloudPlatform/cloud-sdk-docker\n\tgoogle/gitiles\n\tgoogle/guetzli\n\tirssi/irssi\n\tcryptodotis/irssi-otr\n\tkeepassxreboot/keepassxc\n\trobertdavidgraham/masscan\n\tMidnightCommander/mc\n\tzyedidia/micro\n\tmitmproxy/mitmproxy\n\thashicorp/nomad\n\tnzbget/nzbget\n\tpusher/oauth2_proxy\n\tfacebook/osquery\n\thashicorp/packer\n\tTautulli/Tautulli\n\tperkeep/perkeep\n\tpomerium/pomerium\n\tpowershell/powershell\n\tRadarr/Radarr\n\tcesanta/docker_auth\n\tricochet-im/ricochet\n\treverse-shell/routersploit\n\trstudio/rstudio\n\ttarsnap/tarsnap\n\tnginx/nginx\n\tsimplresty/ngx_devel_kit\n\topenresty/luajit2\n\topenresty/lua-cjson\n\topenresty/lua-nginx-module\n\tleev/ngx_http_geoip2_module\n\tmaxmind/libmaxminddb\n\topenresty/lua-resty-core\n\topenresty/lua-resty-lrucache\n\thashicorp/terraform\n\tkdlucas/byte-unixbench\n\tmitchellh/vagrant\n\thashicorp/vault\n\tcontainrrr/watchtower\n\twireguard/wireguard-tools\n\twireguard/wireguard-linux-compat\n\tznc/znc\n\tapache/zookeeper\n\ttianon/gosu\n)\n\nother_projects=(\n\tunifi\n)\n\nbad_versions=()\n\nmain() {\n\t# shellcheck disable=SC2068\n\tfor p in ${projects[@]}; do\n\t\tget_latest \"$p\"\n\tdone\n\t# shellcheck disable=SC2068\n\tfor p in ${other_projects[@]}; do\n\t\tget_latest_\"$p\"\n\tdone\n\n\tif [[ ${#bad_versions[@]} -ne 0 ]]; then\n\t\techo\n\t\techo \"These Dockerfiles are not up to date: ${bad_versions[*]}\" >&2\n\t\texit 1\n\tfi\n}\n\nmain\n" }, { "path": "libreoffice/Dockerfile", "content": "# Run Libreoffice in a container\n\n# docker run -d \\\n#\t-v /etc/localtime:/etc/localtime:ro \\\n#\t-v /tmp/.X11-unix:/tmp/.X11-unix \\\n#\t-e DISPLAY=unix$DISPLAY \\\n#\t-v $HOME/slides:/root/slides \\\n#\t-e GDK_SCALE \\\n#\t-e GDK_DPI_SCALE \\\n#\t--name libreoffice \\\n#\tjess/libreoffice\n#\nFROM alpine:latest\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN apk --no-cache add \\\n\t--repository http://dl-cdn.alpinelinux.org/alpine/edge/testing \\\n\tlibreoffice \\\n\tttf-dejavu\n\nENTRYPOINT [ \"libreoffice\" ]\n" }, { "path": "libvirt-client/Dockerfile", "content": "FROM alpine:latest\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN apk --no-cache add \\\n\tlibvirt-client\n\nENTRYPOINT [ \"virsh\", \"-c\", \"qemu:///system\" ]\n" }, { "path": "lilyterm/Dockerfile", "content": "# To use:\n#\tdocker run -v /tmp/.X11-unix:/tmp/.X11-unix \\\n#\t\t-e DISPLAY=unix$DISPLAY \\\n#\t\tjess/lilyterm\n#\n\n# Base docker image\nFROM debian:bullseye-slim\nLABEL maintainer \"Jessie Frazelle \"\n\n# Install all the things\nRUN apt-get update && apt-get install -y \\\n\tmesa-utils \\\n\tdbus \\\n\tlilyterm \\\n\t--no-install-recommends \\\n\t&& rm -rf /var/lib/apt/lists/*\n\nENTRYPOINT [ \"lilyterm\" ]\n" }, { "path": "linapple/Dockerfile", "content": "FROM alpine:latest\n\nRUN apk --no-cache add \\\n\tca-certificates \\\n\tlibcurl \\\n\tlibgcc \\\n\tlibstdc++ \\\n\tlibzip \\\n\tsdl\n\nRUN set -x \\\n\t&& apk add --no-cache --virtual .build-deps \\\n\t\tbuild-base \\\n\t\tbzip2 \\\n\t\tcurl \\\n\t\tcurl-dev \\\n\t\tlibzip-dev \\\n\t\tmake \\\n\t\tsdl-dev \\\n\t\ttar \\\n\t&& curl -sSL \"https://beotiger.com/download/linapple_src-2b\" -o /tmp/linapple.tar.bz2 \\\n\t&& mkdir -p /usr/src/linapple \\\n\t&& tar -xjf /tmp/linapple.tar.bz2 -C /usr/src/linapple --strip-components=1 \\\n\t&& rm /tmp/linapple.tar.bz2 \\\n\t&& ( \\\n\t\tcd /usr/src/linapple/src \\\n\t\t&& make \\\n\t\t&& make install \\\n\t) \\\n\t&& apk del .build-deps\n\nCOPY Frogger.dsk /usr/src/games/\nCOPY quest1.dsk /usr/src/games/\n\nENTRYPOINT [\"linapple\"]\nCMD [\"-1\", \"/usr/src/games/quest1.dsk\"]\n" }, { "path": "lkp-tests/Dockerfile", "content": "FROM debian:buster-slim\nLABEL maintainer \"Jessie Frazelle \"\n\nENV DEBIAN_FRONTEND noninteractive\n\n# install deps do this in sections so the layers are not mazzive\nRUN dpkg --add-architecture i386 \\\n\t&& apt-get update && apt-get install -y \\\n\tautomake \\\n\tbc \\\n\tbinutils-dev \\\n\tbison \\\n\tbuild-essential \\\n\tbzip2 \\\n\tca-certificates \\\n\tcpio \\\n\tfakeroot \\\n\tflex \\\n\tgawk \\\n\tgcc \\\n\tgit \\\n\tgzip \\\n\thdparm \\\n\tiperf \\\n\tkmod \\\n\t--no-install-recommends \\\n\t&& rm -rf /var/lib/apt/lists/*\n\nRUN apt-get update && apt-get install -y \\\n\tlibaudit-dev \\\n\tlibbabeltrace-ctf-dev \\\n\tlibc6-dev \\\n\tlibc6-dev:i386 \\\n\tlibdw-dev \\\n\tlibiberty-dev \\\n\tlibklibc-dev \\\n\tliblzma-dev \\\n\tlibnuma-dev \\\n\tlibperl-dev \\\n\tlibslang2-dev \\\n\tlibssl-dev \\\n\tlibtool \\\n\tlibunwind-dev \\\n\tlinux-libc-dev \\\n\tlinux-libc-dev:i386 \\\n\tlinux-perf \\\n\t--no-install-recommends \\\n\t&& rm -rf /var/lib/apt/lists/* \\\n\t&& ln -snf /usr/bin/perf_4.9 /usr/bin/perf\n\nRUN apt-get update && apt-get install -y \\\n\tmake \\\n\tnfs-common \\\n\topenssl \\\n\tpatch \\\n\tperl \\\n\tprocps \\\n\tpsmisc \\\n\tpython-dev \\\n\trsync \\\n\trt-tests \\\n\truby \\\n\truby-dev \\\n\tsysstat \\\n\tsystemtap-sdt-dev \\\n\ttime \\\n\twget \\\n\tzlib1g-dev \\\n\t--no-install-recommends \\\n\t&& rm -rf /var/lib/apt/lists/*\n\nENV KERNEL_VERSION v4.13\nENV LKP_GIT_WORK_TREE /usr/src/linux\nRUN git clone -b \"${KERNEL_VERSION}\" https://kernel.googlesource.com/pub/scm/linux/kernel/git/torvalds/linux.git \"${LKP_GIT_WORK_TREE}\"\n\nENV LKP_SRC /usr/src/lkp-tests\nRUN\tgit clone https://github.com/fengguang/lkp-tests.git \"${LKP_SRC}\"\n\nWORKDIR /usr/src/lkp-tests\n\nRUN make install \\\n\t&& lkp install\n\nCOPY runbench /usr/local/bin/runbench\n\nCMD [ \"lkp\" ]\n" }, { "path": "lkp-tests/runbench", "content": "#!/bin/bash\nset -e\nset -o pipefail\n\nARG=$1\nJOB_FILE=\"./jobs/${ARG}.yaml\"\n\nif [[ ! -f \"$JOB_FILE\" ]]; then\n\techo \"$JOB_FILE does not exist, please select a job that is in the jobs directory.\" 1>&2;\n\techo \"For example:\" 1>&2;\n\techo \" runbench hackbench-100\" 1>&2;\n\texit 1\nfi\n\n# mount the debug filesystem\nif ! grep -qs '/sys/kernel/debug' /proc/mounts; then\n\tmount -t debugfs none /sys/kernel/debug/\nfi\n\necho \"Installing dependencies for ${ARG}...\"\nlkp install \"$JOB_FILE\"\n\necho \"Running ${ARG}...\"\nlkp run \"$JOB_FILE\" || true\n\necho \"Getting result from ${ARG}...\"\nlkp stat -p \"${ARG}\"\n" }, { "path": "lpass/Dockerfile", "content": "FROM alpine:latest\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN apk add --no-cache \\\n\tca-certificates \\\n\tcurl \\\n\tlibxml2 \\\n\tlibressl \\\n\txclip \\\n\t--repository http://dl-cdn.alpinelinux.org/alpine/edge/main\n\nRUN set -x \\\n\t&& apk add --no-cache --virtual .build-deps \\\n\t\tautoconf \\\n\t\tautomake \\\n\t\tbuild-base \\\n\t\tcmake \\\n\t\tcurl-dev \\\n\t\tgit \\\n\t\tlibressl-dev \\\n\t\tlibxml2-dev \\\n\t&& git clone --depth 1 https://github.com/LastPass/lastpass-cli.git /usr/src/lastpass-cli \\\n\t&& ( \\\n\t\tcd /usr/src/lastpass-cli \\\n\t\t&& cmake . \\\n\t\t&& make \\\n\t\t&& make install \\\n\t) \\\n\t&& rm -rf /usr/src/lastpass-cli \\\n\t&& apk del .build-deps\n\nENTRYPOINT [ \"lpass\" ]\n" }, { "path": "lynx/Dockerfile", "content": "# Run Lynx in a conatiner\n#\n# docker run --rm -it \\\n#\t--name lynx \\\n#\tjess/lynx github.com/jessfraz\n#\nFROM debian:bullseye-slim\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN apt-get update && apt-get install -y \\\n\tlynx \\\n\t--no-install-recommends \\\n\t&& rm -rf /var/lib/apt/lists/*\n\nENTRYPOINT [ \"lynx\" ]\n" }, { "path": "mailgun/Dockerfile", "content": "FROM r.j3ss.co/curl\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN apk add --no-cache \\\n\tbash\n\nCOPY sendemail /usr/bin/sendemail\n\nENTRYPOINT [ \"sendemail\" ]\n" }, { "path": "mailgun/sendemail", "content": "#!/bin/bash\nset -e\nset -o pipefail\nset -x\n\nif [[ -z \"$MAILGUN_API_KEY\" ]]; then\n\techo \"Set the MAILGUN_API_KEY env variable.\"\n\texit 1\nfi\n\nif [[ -n \"$MAILGUN_DOMAIN\" ]]; then\n\tMAILGUN_DOMAIN_NAME=$MAILGUN_DOMAIN\nfi\n\nif [[ -z \"$MAILGUN_DOMAIN_NAME\" ]]; then\n\techo \"Set the MAILGUN_DOMAIN_NAME env variable.\"\n\texit 1\nfi\n\nif [[ -z \"$TO_NAME\" ]]; then\n\techo \"Set the TO_NAME env variable.\"\n\texit 1\nfi\n\nif [[ -z \"$TO_EMAIL\" ]]; then\n\techo \"Set the TO_EMAIL env variable.\"\n\texit 1\nfi\n\nif [[ -z \"$SUBJECT\" ]]; then\n\techo \"Set the SUBJECT env variable.\"\n\texit 1\nfi\n\nif [[ -z \"$BODY\" ]]; then\n\techo \"Set the BODY env variable.\"\n\texit 1\nfi\n\ncurl -sSL --user \"api:${MAILGUN_API_KEY}\" \\\n\t\"https://api.mailgun.net/v3/${MAILGUN_DOMAIN_NAME}/messages\" \\\n\t-F 'from=\"Mailgun API \"' \\\n\t-F \"to=${TO_NAME}\" \\\n\t-F \"to=${TO_EMAIL}\" \\\n\t-F 'subject=\"'\"${SUBJECT}\"'\"' \\\n\t-F 'text=\"'\"${BODY}\"'\"'\n" }, { "path": "mars/Dockerfile", "content": "FROM openjdk:8-alpine\n\nRUN set -x \\\n\t&& apk add --no-cache --virtual .build-deps \\\n\t\tca-certificates \\\n\t\tcurl \\\n\t&& curl -sSL \"http://courses.missouristate.edu/KenVollmar/mars/MARS_4_5_Aug2014/Mars4_5.jar\" -o /mars.jar \\\n\t&& apk del .build-deps\n\nENTRYPOINT [\"java\", \"-jar\", \"/mars.jar\", \"nc\"]\n" }, { "path": "masscan/Dockerfile", "content": "FROM alpine:latest\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN apk add --no-cache \\\n\tca-certificates \\\n\tlibpcap-dev\n\nENV MASSCAN_VERSION 1.0.5\n\nRUN set -x \\\n\t&& apk add --no-cache --virtual .build-deps \\\n\t\tbuild-base \\\n\t\tclang \\\n\t\tclang-dev \\\n\t\tgit \\\n\t\tlinux-headers \\\n\t&& rm -rf /var/lib/apt/lists/* \\\n\t&& git clone --depth 1 --branch \"$MASSCAN_VERSION\" https://github.com/robertdavidgraham/masscan.git /usr/src/masscan \\\n\t&& ( \\\n\tcd /usr/src/masscan \\\n\t&& make \\\n\t&& make install \\\n\t) \\\n\t&& rm -rf /usr/src/masscan \\\n\t&& apk del .build-deps\n\nENTRYPOINT [ \"masscan\" ]\n" }, { "path": "mc/Dockerfile", "content": "FROM alpine:latest\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN apk add --no-cache \\\n\t\tglib \\\n\t\tlibintl \\\n\t\tlibssh2 \\\n\t\tncurses-libs\n\nENV TERM xterm\n\n# Create user and change ownership\nRUN addgroup -g 1001 -S mc \\\n && adduser -u 1001 -SHG mc mc \\\n && mkdir -p /home/mc/.mc\n\nENV MC_VERSION 4.8.21\n\nRUN set -x \\\n\t&& apk add --no-cache --virtual .build-deps \\\n\t\taspell-dev \\\n\t\tautoconf \\\n\t\tautomake \\\n\t\tbuild-base \\\n\t\tca-certificates \\\n\t\tcurl \\\n\t\te2fsprogs-dev \\\n\t\tgettext-dev \\\n\t\tgit \\\n\t\tglib-dev \\\n\t\tlibssh2-dev \\\n\t\tlibtool \\\n\t\tncurses-dev \\\n\t\tpcre-dev \\\n\t&& git clone --depth 1 --branch \"$MC_VERSION\" https://github.com/MidnightCommander/mc.git /usr/src/mc \\\n\t&& ( \\\n\t\tcd /usr/src/mc \\\n\t\t&& ./autogen.sh \\\n\t\t&& ./configure \\\n\t\t\t--prefix=/usr \\\n\t\t\t--libexecdir=/usr/lib \\\n\t\t\t--mandir=/usr/share/man \\\n\t\t\t--sysconfdir=/etc \\\n\t\t\t--enable-background \\\n\t\t\t--enable-charset \\\n\t\t\t--enable-largefile \\\n\t\t\t--enable-vfs-sftp \\\n\t\t\t--with-internal-edit \\\n\t\t\t--with-mmap \\\n\t\t\t--with-screen=ncurses \\\n\t\t\t--with-subshell \\\n\t\t\t--without-gpm-mouse \\\n\t\t\t--without-included-gettext \\\n\t\t\t--without-x \\\n\t\t\t--enable-aspell \\\n\t\t&& make \\\n\t\t&& make install \\\n\t) \\\n\t&& curl -sSL \"https://raw.githubusercontent.com/nkulikov/mc-solarized-skin/master/solarized.ini\" > /home/mc/.mc/solarized.ini \\\n\t&& rm -rf /usr/src/mc \\\n\t&& apk del .build-deps \\\n\t&& chown -R mc:mc /home/mc\n\nENV HOME=/home/mc\n\nENV MC_SKIN=${HOME}/.mc/solarized.ini\n\nWORKDIR ${HOME}\n\nENTRYPOINT [ \"mc\" ]\n" }, { "path": "mdp/Dockerfile", "content": "FROM debian:bullseye-slim\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN apt-get update && apt-get install -y \\\n\tca-certificates \\\n\tgcc \\\n\tgit \\\n\tlibncurses5 \\\n\tlibncurses5-dev \\\n\tlibncursesw5 \\\n\tlibncursesw5-dev \\\n\tmake \\\n\t--no-install-recommends \\\n\t&& rm -rf /var/lib/apt/lists/*\n\nRUN git clone --depth 1 --recursive https://github.com/visit1985/mdp.git /src\n\nWORKDIR /src\n\nENV TERM\txterm-256color\nENV DEBUG\t1\n\nRUN make \\\n\t&& make install\n\nENTRYPOINT [ \"/usr/local/bin/mdp\" ]\n" }, { "path": "micro/Dockerfile", "content": "FROM golang:alpine as builder\nLABEL maintainer \"Christian Koep \"\n\nRUN apk --no-cache add \\\n\tca-certificates \\\n\tgit \\\n\tmake\n\nENV PATH /go/bin:/usr/local/go/bin:$PATH\nENV GOPATH /go\n\nENV MICRO_VERSION v2.0.4\n\nRUN git clone --depth 1 --branch \"$MICRO_VERSION\" https://github.com/zyedidia/micro /go/src/github.com/zyedidia/micro\n\nWORKDIR /go/src/github.com/zyedidia/micro\n\nRUN make install\n\nFROM alpine:latest\n\nCOPY --from=builder /go/bin/micro /usr/bin/micro\nCOPY --from=builder /etc/ssl/certs/ /etc/ssl/certs\n\nENTRYPOINT [ \"micro\" ]\n" }, { "path": "mitmproxy/Dockerfile", "content": "FROM debian:bullseye-slim\nLABEL maintainer \"Jessie Frazelle \"\n\nENV LANG=en_US.UTF-8\n\nRUN apt-get update && apt-get install -y \\\n\tca-certificates \\\n\tcurl \\\n\t--no-install-recommends \\\n\t&& rm -rf /var/lib/apt/lists/*\n\n# Add our user first to make sure the ID get assigned consistently,\n# regardless of whatever dependencies get added.\nRUN groupadd -r mitmproxy && useradd -r -g mitmproxy mitmproxy \\\n && mkdir -p /home/mitmproxy/.mitmproxy \\\n\t&& chown -R mitmproxy:mitmproxy /home/mitmproxy\n\n# Download the binaries.\nENV MITMPROXY_VERSION 5.1.1\nRUN curl -sSL \"https://snapshots.mitmproxy.org/${MITMPROXY_VERSION}/mitmproxy-${MITMPROXY_VERSION}-linux.tar.gz\" | tar -vxzC /usr/local/bin\n\nVOLUME /home/mitmproxy/.mitmproxy\n\nCOPY docker-entrypoint.sh /usr/local/bin/\n\nEXPOSE 8080 8081\n\nENTRYPOINT [\"docker-entrypoint.sh\"]\nCMD [\"mitmproxy\"]\n" }, { "path": "mitmproxy/docker-entrypoint.sh", "content": "#!/bin/sh\nset -e\n\nMITMPROXY_PATH=\"/home/mitmproxy/.mitmproxy\"\n\nif [ \"$1\" = \"mitmdump\" ] || [ \"$1\" = \"mitmproxy\" ] || [ \"$1\" = \"mitmweb\" ]; then\n\tmkdir -p \"$MITMPROXY_PATH\"\n\tchown -R mitmproxy:mitmproxy \"$MITMPROXY_PATH\"\n\n\tsu mitmproxy -c \"$@\"\nelse\n\texec \"$@\"\nfi\n" }, { "path": "mop/Dockerfile", "content": "# Run mop-tracker in a container\n#\n# docker run -it --rm \\\n# \t-v ~/.moprc:/root/.moprc \\\n# \t--name mop \\\n# \tr.j3ss.co/mop\n#\nFROM golang:alpine as builder\n\nRUN apk --no-cache add \\\n\tca-certificates \\\n\tgit\n\nENV PATH /go/bin:/usr/local/go/bin:$PATH\nENV GOPATH /go\n\nRUN go get github.com/mop-tracker/mop/cmd/mop\n\nFROM alpine:latest\nCOPY --from=builder /go/bin/mop /usr/bin/mop\nCOPY --from=builder /etc/ssl/certs/ /etc/ssl/certs\nENTRYPOINT [ \"mop\" ]\n" }, { "path": "mpd/Dockerfile", "content": "# Music player daemon\n#\n# docker run -d \\\n#\t--device /dev/snd \\\n#\t-v /etc/localtime:/etc/localtime:ro \\\n#\t-v $HOME/.mpd:/var/lib/mpd \\\n#\t-p 6600:6600 \\\n#\t--name mpd \\\n#\tjess/mpd\n#\nFROM debian:sid-slim\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN apt-get update && apt-get install -y \\\n\tmpc \\\n\tmpd \\\n\tnfs-common \\\n\tsudo \\\n\t--no-install-recommends \\\n\t&& rm -rf /var/lib/apt/lists/*\n\nrun mkdir -p /var/lib/mpd/playlists \\\n\t&& mkdir -p /var/lib/mpd/music \\\n\t&& touch /var/lib/mpd/state \\\n\t&& touch /var/lib/mpd/tag_cache \\\n\t&& chmod 0777 -R /var/lib/mpd \\\n\t&& chown -R mpd /var/lib/mpd\n\n# my user needs the ability to mount\n# because all my music is in a nfs mount\nRUN echo \"mpd ALL=NOPASSWD: /usr/bin/mount, /sbin/mount.nfs, /usr/bin/umount\" >> /etc/sudoers\n\nENV HOME /home/mpd\nCOPY mpd.conf /etc/mpd.conf\nCOPY mpd.sh /usr/local/bin/mpd.sh\n\nWORKDIR $HOME\nUSER mpd\n\nENTRYPOINT [ \"/usr/local/bin/mpd.sh\" ]\n" }, { "path": "mpd/mpd.conf", "content": "# An example configuration file for MPD.\n# Read the user manual for documentation: http://www.musicpd.org/doc/user/\n# or /usr/share/doc/mpd/user-manual.html\n\n\n# Files and directories #######################################################\n#\n# This setting controls the top directory which MPD will search to discover the\n# available audio files and add them to the daemon's online database. This \n# setting defaults to the XDG directory, otherwise the music directory will be\n# be disabled and audio files will only be accepted over ipc socket (using\n# file:// protocol) or streaming files over an accepted protocol.\n#\nmusic_directory \"/var/lib/mpd/music\"\n#\n# This setting sets the MPD internal playlist directory. The purpose of this\n# directory is storage for playlists created by MPD. The server will use \n# playlist files not created by the server but only if they are in the MPD\n# format. This setting defaults to playlist saving being disabled.\n#\nplaylist_directory \"/var/lib/mpd/playlists\"\n#\n# This setting sets the location of the MPD database. This file is used to\n# load the database at server start up and store the database while the \n# server is not up. This setting defaults to disabled which will allow\n# MPD to accept files over ipc socket (using file:// protocol) or streaming\n# files over an accepted protocol.\n#\ndb_file \"/var/lib/mpd/tag_cache\"\n# \n# These settings are the locations for the daemon log files for the daemon.\n# These logs are great for troubleshooting, depending on your log_level\n# settings.\n#\n# The special value \"syslog\" makes MPD use the local syslog daemon. This\n# setting defaults to logging to syslog, otherwise logging is disabled.\n#\nlog_file \"/var/log/mpd/mpd.log\"\n#\n# This setting sets the location of the file which stores the process ID\n# for use of mpd --kill and some init scripts. This setting is disabled by\n# default and the pid file will not be stored.\n#\npid_file \"/var/log/mpd/pid\"\n#\n# This setting sets the location of the file which contains information about\n# most variables to get MPD back into the same general shape it was in before\n# it was brought down. This setting is disabled by default and the server \n# state will be reset on server start up.\n#\nstate_file \"/var/lib/mpd/state\"\n#\n# The location of the sticker database. This is a database which\n# manages dynamic information attached to songs.\n#\nsticker_file \"/var/lib/mpd/sticker.sql\"\n#\n###############################################################################\n\n\n# General music daemon options ################################################\n#\n# This setting specifies the user that MPD will run as. MPD should never run as\n# root and you may use this setting to make MPD change its user ID after\n# initialization. This setting is disabled by default and MPD is run as the\n# current user.\n#\nuser \"mpd\"\n#\n# This setting specifies the group that MPD will run as. If not specified\n# primary group of user specified with \"user\" setting will be used (if set).\n# This is useful if MPD needs to be a member of group such as \"audio\" to\n# have permission to use sound card.\n#\ngroup \"audio\"\n#\n# This setting sets the address for the daemon to listen on. Careful attention\n# should be paid if this is assigned to anything other then the default, any.\n# This setting can deny access to control of the daemon. Choose any if you want\n# to have mpd listen on every address\n#\n# For network\nbind_to_address \"localhost\"\n#\n# And for Unix Socket\n#bind_to_address \"/run/mpd/socket\"\n#\n# This setting is the TCP port that is desired for the daemon to get assigned\n# to.\n#\nport \"6600\"\n#\n# This setting controls the type of information which is logged. Available \n# setting arguments are \"default\", \"secure\" or \"verbose\". The \"verbose\" setting\n# argument is recommended for troubleshooting, though can quickly stretch\n# available resources on limited hardware storage.\n#\n#log_level \"default\"\n#\n# If you have a problem with your MP3s ending abruptly it is recommended that \n# you set this argument to \"no\" to attempt to fix the problem. If this solves\n# the problem, it is highly recommended to fix the MP3 files with vbrfix\n# (available as vbrfix in the debian archive), at which\n# point gapless MP3 playback can be enabled.\n#\n#gapless_mp3_playback \"yes\"\n#\n# Setting \"restore_paused\" to \"yes\" puts MPD into pause mode instead\n# of starting playback after startup.\n#\n#restore_paused \"no\"\n#\n# This setting enables MPD to create playlists in a format usable by other\n# music players.\n#\n#save_absolute_paths_in_playlists \"no\"\n#\n# This setting defines a list of tag types that will be extracted during the \n# audio file discovery process. The complete list of possible values can be\n# found in the mpd.conf man page.\n#metadata_to_use \"artist,album,title,track,name,genre,date,composer,performer,disc\"\n#\n# This setting enables automatic update of MPD's database when files in \n# music_directory are changed.\n#\n#auto_update \"yes\"\n#\n# Limit the depth of the directories being watched, 0 means only watch\n# the music directory itself. There is no limit by default.\n#\n#auto_update_depth \"3\"\n#\n###############################################################################\n\n\n# Symbolic link behavior ######################################################\n#\n# If this setting is set to \"yes\", MPD will discover audio files by following \n# symbolic links outside of the configured music_directory.\n#\n#follow_outside_symlinks \"yes\"\n#\n# If this setting is set to \"yes\", MPD will discover audio files by following\n# symbolic links inside of the configured music_directory.\n#\nfollow_inside_symlinks \"yes\"\n#\n###############################################################################\n\n\n# Zeroconf / Avahi Service Discovery ##########################################\n#\n# If this setting is set to \"yes\", service information will be published with\n# Zeroconf / Avahi.\n#\n#zeroconf_enabled \"yes\"\n#\n# The argument to this setting will be the Zeroconf / Avahi unique name for\n# this MPD server on the network.\n#\n#zeroconf_name \"Music Player\"\n#\n###############################################################################\n\n\n# Permissions #################################################################\n#\n# If this setting is set, MPD will require password authorization. The password\n# can setting can be specified multiple times for different password profiles.\n#\n#password \"password@read,add,control,admin\"\n#\n# This setting specifies the permissions a user has who has not yet logged in. \n#\n#default_permissions \"read,add,control,admin\"\n#\n###############################################################################\n\n\n# Database #######################################################################\n#\n\n#database {\n# plugin \"proxy\"\n# host \"other.mpd.host\"\n# port \"6600\"\n#}\n\n# Input #######################################################################\n#\n\ninput {\n plugin \"curl\"\n# proxy \"proxy.isp.com:8080\"\n# proxy_user \"user\"\n# proxy_password \"password\"\n}\n\n#\n###############################################################################\n\n# Audio Output ################################################################\n#\n# MPD supports various audio output types, as well as playing through multiple \n# audio outputs at the same time, through multiple audio_output settings \n# blocks. Setting this block is optional, though the server will only attempt\n# autodetection for one sound card.\n#\n# An example of an ALSA output:\n#\naudio_output {\n type \"alsa\"\n name \"My ALSA Device\"\n# device \"hw:0,0\" # optional\n# mixer_type \"hardware\" # optional\n# mixer_device \"default\" # optional\n# mixer_control \"PCM\" # optional\n# mixer_index \"0\" # optional\n}\n#\n# An example of an OSS output:\n#\n#audio_output {\n# type \"oss\"\n# name \"My OSS Device\"\n# device \"/dev/dsp\" # optional\n# mixer_type \"hardware\" # optional\n# mixer_device \"/dev/mixer\" # optional\n# mixer_control \"PCM\" # optional\n#}\n#\n# An example of a shout output (for streaming to Icecast):\n#\n#audio_output {\n# type \"shout\"\n# encoding \"ogg\" # optional\n# name \"My Shout Stream\"\n# host \"localhost\"\n# port \"8000\"\n# mount \"/mpd.ogg\"\n# password \"hackme\"\n# quality \"5.0\"\n# bitrate \"128\"\n# format \"44100:16:1\"\n# protocol \"icecast2\" # optional\n# user \"source\" # optional\n# description \"My Stream Description\" # optional\n# url \"http://example.com\" # optional\n# genre \"jazz\" # optional\n# public \"no\" # optional\n# timeout \"2\" # optional\n# mixer_type \"software\" # optional\n#}\n#\n# An example of a recorder output:\n#\n#audio_output {\n# type \"recorder\"\n# name \"My recorder\"\n# encoder \"vorbis\" # optional, vorbis or lame\n# path \"/var/lib/mpd/recorder/mpd.ogg\"\n## quality \"5.0\" # do not define if bitrate is defined\n# bitrate \"128\" # do not define if quality is defined\n# format \"44100:16:1\"\n#}\n#\n# An example of a httpd output (built-in HTTP streaming server):\n#\n#audio_output {\n# type \"httpd\"\n# name \"mpd\"\n# encoder \"vorbis\" # optional, vorbis or lame\n# port \"8000\"\n# bind_to_address \"0.0.0.0\" # optional, IPv4 or IPv6\n# quality \"5.0\" # do not define if bitrate is defined\n# bitrate \"128\" # do not define if quality is defined\n# format \"44100:16:1\"\n# max_clients \"0\" # optional 0=no limit\n#}\n#\n# An example of a pulseaudio output (streaming to a remote pulseaudio server)\n# Please see README.Debian if you want mpd to play through the pulseaudio\n# daemon started as part of your graphical desktop session!\n#\n#audio_output {\n# type \"pulse\"\n# name \"My Pulse Output\"\n# server \"remote_server\" # optional\n# sink \"remote_server_sink\" # optional\n#}\n#\n# An example of a winmm output (Windows multimedia API).\n#\n#audio_output {\n# type \"winmm\"\n# name \"My WinMM output\"\n# device \"Digital Audio (S/PDIF) (High Definition Audio Device)\" # optional\n# or\n# device \"0\" # optional\n# mixer_type \"hardware\" # optional\n#}\n#\n# An example of an openal output.\n#\n#audio_output {\n# type \"openal\"\n# name \"My OpenAL output\"\n# device \"Digital Audio (S/PDIF) (High Definition Audio Device)\" # optional\n#}\n#\n## Example \"pipe\" output:\n#\n#audio_output {\n# type \"pipe\"\n# name \"my pipe\"\n# command \"aplay -f cd 2>/dev/null\"\n## Or if you're want to use AudioCompress\n# command \"AudioCompress -m | aplay -f cd 2>/dev/null\"\n## Or to send raw PCM stream through PCM:\n# command \"nc example.org 8765\"\n# format \"44100:16:2\"\n#}\n#\n## An example of a null output (for no audio output):\n#\n#audio_output {\n# type \"null\"\n# name \"My Null Output\"\n# mixer_type \"none\" # optional\n#}\n#\n# If MPD has been compiled with libsamplerate support, this setting specifies \n# the sample rate converter to use. Possible values can be found in the \n# mpd.conf man page or the libsamplerate documentation. By default, this is\n# setting is disabled.\n#\n#samplerate_converter \"Fastest Sinc Interpolator\"\n#\n###############################################################################\n\n\n# Normalization automatic volume adjustments ##################################\n#\n# This setting specifies the type of ReplayGain to use. This setting can have\n# the argument \"off\", \"album\", \"track\" or \"auto\". \"auto\" is a special mode that\n# chooses between \"track\" and \"album\" depending on the current state of\n# random playback. If random playback is enabled then \"track\" mode is used.\n# See for more details about ReplayGain.\n# This setting is off by default.\n#\n#replaygain \"album\"\n#\n# This setting sets the pre-amp used for files that have ReplayGain tags. By\n# default this setting is disabled.\n#\n#replaygain_preamp \"0\"\n#\n# This setting sets the pre-amp used for files that do NOT have ReplayGain tags.\n# By default this setting is disabled.\n#\n#replaygain_missing_preamp \"0\"\n#\n# This setting enables or disables ReplayGain limiting.\n# MPD calculates actual amplification based on the ReplayGain tags\n# and replaygain_preamp / replaygain_missing_preamp setting.\n# If replaygain_limit is enabled MPD will never amplify audio signal\n# above its original level. If replaygain_limit is disabled such amplification\n# might occur. By default this setting is enabled.\n#\n#replaygain_limit \"yes\"\n#\n# This setting enables on-the-fly normalization volume adjustment. This will\n# result in the volume of all playing audio to be adjusted so the output has \n# equal \"loudness\". This setting is disabled by default.\n#\n#volume_normalization \"no\"\n#\n###############################################################################\n\n\n# Character Encoding ##########################################################\n#\n# If file or directory names do not display correctly for your locale then you \n# may need to modify this setting.\n#\nfilesystem_charset \"UTF-8\"\n#\n# This setting controls the encoding that ID3v1 tags should be converted from.\n#\nid3v1_encoding \"UTF-8\"\n#\n###############################################################################\n\n\n# SIDPlay decoder #############################################################\n#\n# songlength_database:\n# Location of your songlengths file, as distributed with the HVSC.\n# The sidplay plugin checks this for matching MD5 fingerprints.\n# See http://www.c64.org/HVSC/DOCUMENTS/Songlengths.faq\n#\n# default_songlength:\n# This is the default playing time in seconds for songs not in the\n# songlength database, or in case you're not using a database.\n# A value of 0 means play indefinitely.\n#\n# filter:\n# Turns the SID filter emulation on or off.\n#\n#decoder {\n# plugin \"sidplay\"\n# songlength_database \"/media/C64Music/DOCUMENTS/Songlengths.txt\"\n# default_songlength \"120\"\n# filter \"true\"\n#}\n#\n###############################################################################\n" }, { "path": "mpd/mpd.sh", "content": "#!/bin/bash\nset -e\nset -o pipefail\n\nmkdir -p /var/lib/mpd/{playlists,music} \\\n\t&& touch /var/lib/mpd/{state,tag_cache} \\\n\t&& chmod 0777 -R /var/lib/mpd \\\n\t&& chown -R mpd /var/lib/mpd\n\nexec mpd --no-daemon --stdout --verbose /etc/mpd.conf \"$@\"\n" }, { "path": "mpsyt/Dockerfile", "content": "FROM python:3-alpine\nLABEL maintainer \"Justin Garrison \"\n\nRUN apk add --no-cache \\\n\tmplayer \\\n\tmpv\n\nRUN pip install mps-youtube\n\nENTRYPOINT [\"mpsyt\"]\n" }, { "path": "mpsyt/README", "content": "mps-youtube\n--------\n\nDocker container for running (mpsyt)[https://github.com/np1/mps-youtube] inside \na docker container.\n\nRun with\n\n```\ndocker run -v /dev/snd:/dev/snd -it --rm --privileged rothgar/mpsyt\n```\n" }, { "path": "mutt/.mutt/mailcap", "content": "application/octet-stream ; echo %s \"can be anything...\" ; copiousoutput\ntext/html ; /usr/bin/elinks -dump %s ; nametemplate=%s.html ; copiousoutput\napplication/pdf ; /usr/bin/zathura %s ; copiousoutput\nimage/* ; /usr/bin/mirage %s ; copiousoutput\naudio/* ; /usr/bin/mplayer %s ; copiousoutput\nvideo/* ; /usr/bin/mplayer %s ; copiousoutput\n" }, { "path": "mutt/.mutt/mutt-colors-solarized-dark-16.muttrc", "content": "# vim: filetype=muttrc\n\n#\n#\n# make sure that you are using mutt linked against slang, not ncurses, or\n# suffer the consequences of weird color issues. use \"mutt -v\" to check this.\n\n# custom body highlights -----------------------------------------------\n# highlight my name and other personally relevant strings\ncolor body yellow default \"(jessie|jessica|frazelle|jfrazelle|jessfraz|jess)\"\n# custom index highlights ----------------------------------------------\n# messages which mention my name in the body\ncolor index yellow default \"~b \\\"jessie|jessfraz|jfrazelle\\\" !~N !~T !~F !~p !~P\"\n#color index J_cream brightwhite \"~b \\\"phil(_g|\\!| gregory| gold)|pgregory\\\" ~N !~T !~F !~p !~P\"\n#color index yellow cyan \"~b \\\"phil(_g|\\!| gregory| gold)|pgregory\\\" ~T !~F !~p !~P\"\n#color index yellow J_magent \"~b \\\"phil(_g|\\!| gregory| gold)|pgregory\\\" ~F !~p !~P\"\n## messages which are in reference to my mails\ncolor index brightmagenta default \"~x \\\"(jess|jessie|jessica.frazelle)\\\\.docker\\\\.com\\\" !~N !~T !~F !~p !~P\"\n#color index J_magent brightwhite \"~x \\\"(mithrandir|aragorn)\\\\.aperiodic\\\\.net|thorin\\\\.hillmgt\\\\.com\\\" ~N !~T !~F !~p !~P\"\n#color index J_magent cyan \"~x \\\"(mithrandir|aragorn)\\\\.aperiodic\\\\.net|thorin\\\\.hillmgt\\\\.com\\\" ~T !~F !~p !~P\"\n#color index J_magent red \"~x \\\"(mithrandir|aragorn)\\\\.aperiodic\\\\.net|thorin\\\\.hillmgt\\\\.com\\\" ~F !~p !~P\"\n\n# for background in 16 color terminal, valid background colors include:\n# base03, bg, black, any of the non brights\n\n# basic colors ---------------------------------------------------------\ncolor normal brightyellow default \ncolor error red default \ncolor tilde black default \ncolor message cyan default \ncolor markers red white \ncolor attachment white default \ncolor search brightmagenta default \n#color status J_black J_status \ncolor status brightyellow black \ncolor indicator brightblack yellow \ncolor tree yellow default # arrow in threads\n\n# basic monocolor screen\nmono bold bold\nmono underline underline\nmono indicator reverse\nmono error bold\n\n# index ----------------------------------------------------------------\n\n#color index red default \"~D(!~p|~p)\" # deleted\n#color index black default ~F # flagged\n#color index brightred default ~= # duplicate messages\n#color index brightgreen default \"~A!~N!~T!~p!~Q!~F!~D!~P\" # the rest\n#color index J_base default \"~A~N!~T!~p!~Q!~F!~D\" # the rest, new\ncolor index red default \"~A\" # all messages\ncolor index brightred default \"~E\" # expired messages\ncolor index blue default \"~N\" # new messages\ncolor index blue default \"~O\" # old messages\ncolor index brightmagenta default \"~Q\" # messages that have been replied to\ncolor index brightgreen default \"~R\" # read messages\ncolor index blue default \"~U\" # unread messages\ncolor index blue default \"~U~$\" # unread, unreferenced messages\ncolor index brightyellow default \"~v\" # messages part of a collapsed thread\ncolor index brightyellow default \"~P\" # messages from me\ncolor index cyan default \"~p!~F\" # messages to me\ncolor index cyan default \"~N~p!~F\" # new messages to me\ncolor index cyan default \"~U~p!~F\" # unread messages to me\ncolor index brightgreen default \"~R~p!~F\" # messages to me\ncolor index red default \"~F\" # flagged messages\ncolor index red default \"~F~p\" # flagged messages to me\ncolor index red default \"~N~F\" # new flagged messages\ncolor index red default \"~N~F~p\" # new flagged messages to me\ncolor index red default \"~U~F~p\" # new flagged messages to me\ncolor index black red \"~D\" # deleted messages\ncolor index brightcyan default \"~v~(!~N)\" # collapsed thread with no unread\ncolor index yellow default \"~v~(~N)\" # collapsed thread with some unread\ncolor index green default \"~N~v~(~N)\" # collapsed thread with unread parent\n# statusbg used to indicated flagged when foreground color shows other status\n# for collapsed thread\ncolor index red black \"~v~(~F)!~N\" # collapsed thread with flagged, no unread\ncolor index yellow black \"~v~(~F~N)\" # collapsed thread with some unread & flagged\ncolor index green black \"~N~v~(~F~N)\" # collapsed thread with unread parent & flagged\ncolor index green black \"~N~v~(~F)\" # collapsed thread with unread parent, no unread inside, but some flagged\ncolor index cyan black \"~v~(~p)\" # collapsed thread with unread parent, no unread inside, some to me directly\ncolor index yellow red \"~v~(~D)\" # thread with deleted (doesn't differentiate between all or partial)\n#color index yellow default \"~(~N)\" # messages in threads with some unread\n#color index green default \"~S\" # superseded messages\n#color index red default \"~T\" # tagged messages\n#color index brightred red \"~=\" # duplicated messages\n\n# message headers ------------------------------------------------------\n\n#color header brightgreen default \"^\"\ncolor hdrdefault brightgreen default \ncolor header brightyellow default \"^(From)\"\ncolor header blue default \"^(Subject)\"\n\n# body -----------------------------------------------------------------\n\ncolor quoted blue default \ncolor quoted1 cyan default \ncolor quoted2 yellow default \ncolor quoted3 red default \ncolor quoted4 brightred default \n\ncolor signature brightgreen default \ncolor bold black default \ncolor underline black default \ncolor normal default default \n#\ncolor body brightcyan default \"[;:][-o][)/(|]\" # emoticons\ncolor body brightcyan default \"[;:][)(|]\" # emoticons\ncolor body brightcyan default \"[*]?((N)?ACK|CU|LOL|SCNR|BRB|BTW|CWYL|\\\n |FWIW|vbg|GD&R|HTH|HTHBE|IMHO|IMNSHO|\\\n |IRL|RTFM|ROTFL|ROFL|YMMV)[*]?\"\ncolor body brightcyan default \"[ ][*][^*]*[*][ ]?\" # more emoticon?\ncolor body brightcyan default \"[ ]?[*][^*]*[*][ ]\" # more emoticon?\n\n## pgp\n\ncolor body red default \"(BAD signature)\"\ncolor body cyan default \"(Good signature)\"\ncolor body brightblack default \"^gpg: Good signature .*\"\ncolor body brightyellow default \"^gpg: \"\ncolor body brightyellow red \"^gpg: BAD signature from.*\"\nmono body bold \"^gpg: Good signature\"\nmono body bold \"^gpg: BAD signature from.*\"\n\n# yes, an insance URL regex\nmono body underline \"([a-z][a-z0-9+-]*://(((([a-z0-9_.!~*'();:&=+$,-]|%[0-9a-f][0-9a-f])*@)?((([a-z0-9]([a-z0-9-]*[a-z0-9])?)\\\\.)*([a-z]([a-z0-9-]*[a-z0-9])?)\\\\.?|[0-9]+\\\\.[0-9]+\\\\.[0-9]+\\\\.[0-9]+)(:[0-9]+)?)|([a-z0-9_.!~*'()$,;:@&=+-]|%[0-9a-f][0-9a-f])+)(/([a-z0-9_.!~*'():@&=+$,-]|%[0-9a-f][0-9a-f])*(;([a-z0-9_.!~*'():@&=+$,-]|%[0-9a-f][0-9a-f])*)*(/([a-z0-9_.!~*'():@&=+$,-]|%[0-9a-f][0-9a-f])*(;([a-z0-9_.!~*'():@&=+$,-]|%[0-9a-f][0-9a-f])*)*)*)?(\\\\?([a-z0-9_.!~*'();/?:@&=+$,-]|%[0-9a-f][0-9a-f])*)?(#([a-z0-9_.!~*'();/?:@&=+$,-]|%[0-9a-f][0-9a-f])*)?|(www|ftp)\\\\.(([a-z0-9]([a-z0-9-]*[a-z0-9])?)\\\\.)*([a-z]([a-z0-9-]*[a-z0-9])?)\\\\.?(:[0-9]+)?(/([-a-z0-9_.!~*'():@&=+$,]|%[0-9a-f][0-9a-f])*(;([-a-z0-9_.!~*'():@&=+$,]|%[0-9a-f][0-9a-f])*)*(/([-a-z0-9_.!~*'():@&=+$,]|%[0-9a-f][0-9a-f])*(;([-a-z0-9_.!~*'():@&=+$,]|%[0-9a-f][0-9a-f])*)*)*)?(\\\\?([-a-z0-9_.!~*'();/?:@&=+$,]|%[0-9a-f][0-9a-f])*)?(#([-a-z0-9_.!~*'();/?:@&=+$,]|%[0-9a-f][0-9a-f])*)?)[^].,:;!)? \\t\\r\\n<>\\\"]\"\n# and a heavy handed email regex\ncolor body brightmagenta default \"((@(([0-9a-z-]+\\\\.)*[0-9a-z-]+\\\\.?|#[0-9]+|\\\\[[0-9]?[0-9]?[0-9]\\\\.[0-9]?[0-9]?[0-9]\\\\.[0-9]?[0-9]?[0-9]\\\\.[0-9]?[0-9]?[0-9]\\\\]),)*@(([0-9a-z-]+\\\\.)*[0-9a-z-]+\\\\.?|#[0-9]+|\\\\[[0-9]?[0-9]?[0-9]\\\\.[0-9]?[0-9]?[0-9]\\\\.[0-9]?[0-9]?[0-9]\\\\.[0-9]?[0-9]?[0-9]\\\\]):)?[0-9a-z_.+%$-]+@(([0-9a-z-]+\\\\.)*[0-9a-z-]+\\\\.?|#[0-9]+|\\\\[[0-2]?[0-9]?[0-9]\\\\.[0-2]?[0-9]?[0-9]\\\\.[0-2]?[0-9]?[0-9]\\\\.[0-2]?[0-9]?[0-9]\\\\])\"\n\n# Various smilies and the like\ncolor body brightwhite default \"<[Gg]>\" # \ncolor body brightwhite default \"<[Bb][Gg]>\" # \ncolor body yellow default \" [;:]-*[})>{(<|]\" # :-) etc...\n# *bold*\ncolor body blue default \"(^|[[:space:][:punct:]])\\\\*[^*]+\\\\*([[:space:][:punct:]]|$)\"\nmono body bold \"(^|[[:space:][:punct:]])\\\\*[^*]+\\\\*([[:space:][:punct:]]|$)\"\n# _underline_\ncolor body blue default \"(^|[[:space:][:punct:]])_[^_]+_([[:space:][:punct:]]|$)\"\nmono body underline \"(^|[[:space:][:punct:]])_[^_]+_([[:space:][:punct:]]|$)\"\n# /italic/ (Sometimes gets directory names)\ncolor body blue default \"(^|[[:space:][:punct:]])/[^/]+/([[:space:][:punct:]]|$)\"\nmono body underline \"(^|[[:space:][:punct:]])/[^/]+/([[:space:][:punct:]]|$)\"\n\n# Border lines.\n#color body blue default \"( *[-+=#*~_]){6,}\"\n\n#folder-hook . \"color status J_black J_status \"\n#folder-hook gmail/inbox \"color status J_black yellow \"\n#folder-hook gmail/important \"color status J_black yellow \"\n\n" }, { "path": "mutt/.mutt/mutt-patch-highlighting.muttrc", "content": "# Patch syntax highlighting \n#color normal white default \ncolor body brightwhite default ^[[:space:]].* \ncolor body yellow default ^(diff).* \n#color body white default ^[\\-\\-\\-].* \n#color body white default ^[\\+\\+\\+].* \n#color body green default ^[\\+].* \n#color body red default ^[\\-].* \n#color body brightblue default [@@].* \ncolor body brightwhite default ^(\\s).* \ncolor body cyan default ^(Signed-off-by).*\ncolor body cyan default ^(Docker-DCO-1.1-Signed-off-by).*\ncolor body brightwhite default ^(Cc)\ncolor body yellow default \"^diff \\-.*\"\ncolor body brightwhite default \"^index [a-f0-9].*\"\ncolor body brightblue default \"^---$\"\ncolor body white default \"^\\-\\-\\- .*\"\ncolor body white default \"^[\\+]{3} .*\"\ncolor body green default \"^[\\+][^\\+]+.*\"\ncolor body red default \"^\\-[^\\-]+.*\"\ncolor body brightblue default \"^@@ .*\"\ncolor body green default \"LGTM\"\ncolor body brightmagenta default \"-- Commit Summary --\"\ncolor body brightmagenta default \"-- File Changes --\"\ncolor body brightmagenta default \"-- Patch Links --\"\ncolor body green default \"^Merged #.*\"\ncolor body red default \"^Closed #.*\"\ncolor body brightblue default \"^Reply to this email.*\"\n\n" }, { "path": "mutt/.mutt/muttrc", "content": "# A basic .muttrc for use with Gmail\n\n# Change the following six lines to match your Gmail account details\nset imap_user = \"%GMAIL_LOGIN%\"\nset imap_pass = \"%GMAIL_PASS%\" # leave blank for prompt\nset smtp_url = \"smtps://$imap_user@%SMTP_SERVER%:465/\"\nset smtp_pass = \"$imap_pass\" # leave blank for prompt\nset from = \"%GMAIL_FROM%\"\nset realname = \"%GMAIL_NAME%\"\nset signature = \"~/.mutt/signature\"\n\n# Change the following line to a different editor you prefer (and update the Dockerfile accordingly, of course).\nset editor = \"vim\"\n\n# I like seeing some headers. :)\nignore *\nunignore date subject x- user-agent posted-to content-type\nunignore to cc bcc reply-to from\nset edit_headers = yes\nmy_hdr X-Docker-Image: jess/mutt\nmy_hdr X-Hack-The-Planet: Yes\nmy_hdr X-Acid-Burn: Yes\n\n# TODO figure out how to use the sidebar more effectively :)\n#set sidebar_visible = no\n\n# Tianon keybindings and settings, because he's special.\nbind pager previous-line\nbind pager next-line\nset resolve = no # uh, don't randomly take me to other messages when I do things\n\n# Basic config, you can leave this as is\nset folder = \"imaps://%IMAP_SERVER%\"\nset spoolfile = \"+INBOX\"\nset imap_check_subscribed\nset hostname = gmail.com\nset mail_check = 60\nset timeout = 300\nset imap_keepalive = 300\nset postponed = \"+[Gmail]/Drafts\"\nset record = \"\" # gmail automatically handles saving sent emails\n\nset header_cache=~/.mutt/cache/headers\nset message_cachedir=~/.mutt/cache/bodies\nset certificate_file=~/.mutt/certificates\n\nset move = no\nset include\nset sort = 'reverse-threads'\nset sort_aux = 'last-date-received'\nset auto_tag = yes\n\nignore \"Authentication-Results:\"\nignore \"DomainKey-Signature:\"\nignore \"DKIM-Signature:\"\nhdr_order Date From To Cc\nalternative_order text/plain text/html *\nauto_view text/html\n\nbind editor complete-query\nbind editor ^T complete\nbind editor noop\n\nset mailcap_path = ~/.mutt/mailcap\n\n# Gmail-style keyboard shortcuts\nmacro index,pager Gi \"=INBOX\" \"Go to Inbox\"\nmacro index,pager Ga \"=[Gmail]/All Mail\" \"Go to All Mail\"\nmacro index,pager Gd \"=[Gmail]/Drafts\" \"Go to Drafts\"\nmacro index,pager Gs \"=[Gmail]/Sent Mail\" \"Go to Sent Mail\"\n\nmacro index,pager a \"unset resolveunset trashNset resolve\"\nmacro index,pager d \";s+[Gmail]/Trash\" \"Trash\"\nmacro index,pager u \";s+INBOX\" \"Move to Inbox\"\nmacro index,pager ! =[Gmail]/Spam \"Report spam\"\nmacro index,pager + =[Gmail]/Important \"Mark as Important\"\nmacro index,pager * =[Gmail]/Starred \"Star Message\"\n\n# colors\nsource ~/.mutt/mutt-colors-solarized-dark-16.muttrc\nsource ~/.mutt/mutt-patch-highlighting.muttrc\n" }, { "path": "mutt/.mutt/signature", "content": "\nJessie Frazelle\n4096R / D4C4 DD60 0D66 F65A 8EFC 511E 18F3 685C 0022 BFF3\nhttps://pgp.mit.edu/pks/lookup?op=get&search=0x18F3685C0022BFF3\n" }, { "path": "mutt/Dockerfile", "content": "# Run Mutt from a container\n\n# docker run -it \\\n#\t-v /etc/localtime:/etc/localtime:ro \\\n#\t-e GMAIL -e GMAIL_NAME \\ # pass env variables to config\n#\t-e GMAIL_PASS -e GMAIL_FROM \\\n#\t-v $HOME/.gnupg:/home/user/.gnupg \\ # so you can encrypt ;)\n#\t--name mutt \\\n#\tjess/mutt\n#\nFROM alpine:latest\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN addgroup -g 1000 user \\\n\t&& adduser -D -h /home/user -G user -u 1000 user\n\nRUN apk --no-cache add \\\n\tca-certificates \\\n\telinks \\\n\tgit \\\n\tgnupg1 \\\n\tlynx \\\n\tmutt \\\n\tmutt-doc \\\n\tvim \\\n\t--repository http://dl-cdn.alpinelinux.org/alpine/edge/main\n\n# a browser is necessary!\nENV BROWSER lynx\n\nUSER user\nENV HOME /home/user\nENV TERM xterm-256color\nRUN mkdir -p $HOME/.mutt/cache/headers $HOME/.mutt/cache/bodies \\\n\t&& touch $HOME/.mutt/certificates\n\n# vim settings\nRUN git clone --depth 1 https://github.com/jessfraz/.vim.git $HOME/.vim \\\n\t&& git clone --depth 1 https://github.com/altercation/vim-colors-solarized $HOME/.vim/bundle/vim-colors-solarized \\\n\t&& cp $HOME/.vim/vimrc $HOME/.vimrc\n\nENV LANG C.UTF-8\n\nCOPY\tentrypoint.sh\t/entrypoint.sh\nCOPY\t.mutt\t\t\t$HOME/.mutt\n\nENTRYPOINT [\"/entrypoint.sh\"]\n\nCMD [\"mutt\", \"-F\", \"~/.mutt/muttrc\"]\n" }, { "path": "mutt/entrypoint.sh", "content": "#!/bin/sh\nset -e\n\nif [ -z \"$GMAIL\" ]; then\n\techo >&2 'error: missing GMAIL environment variable'\n\techo >&2 ' try running again with -e GMAIL=your-email@gmail.com'\n\techo >&2 ' optionally, you can also specify -e GMAIL_PASS'\n\techo >&2 ' -e GMAIL_NAME=\"Your Name\" and GMAIL_FROM=email@your-domain.com'\n\techo >&2 ' if not specified, both default to the value of GMAIL'\n\texit 1\nfi\n\nif [ -z \"$GMAIL_NAME\" ]; then\n\tGMAIL_NAME=\"$GMAIL\"\nfi\n\nif [ -z \"$GMAIL_FROM\" ]; then\n\tGMAIL_FROM=\"$GMAIL\"\nfi\n\nif [ -z \"$IMAP_SERVER\" ]; then\n\tIMAP_SERVER=\"imap.gmail.com:993\"\nfi\n\nif [ -z \"$SMTP_SERVER\" ]; then\n\tSMTP_SERVER=\"smtp.gmail.com\"\nfi\n\nsed -i \"s/%GMAIL_LOGIN%/$GMAIL/g\" \"$HOME/.mutt/muttrc\"\nsed -i \"s/%GMAIL_NAME%/$GMAIL_NAME/g\" \"$HOME/.mutt/muttrc\"\nsed -i \"s/%GMAIL_PASS%/$GMAIL_PASS/g\" \"$HOME/.mutt/muttrc\"\nsed -i \"s/%GMAIL_FROM%/$GMAIL_FROM/g\" \"$HOME/.mutt/muttrc\"\nsed -i \"s/%IMAP_SERVER%/$IMAP_SERVER/g\" \"$HOME/.mutt/muttrc\"\nsed -i \"s/%SMTP_SERVER%/$SMTP_SERVER/g\" \"$HOME/.mutt/muttrc\"\n\nif [ -d \"$HOME/.gnupg\" ]; then\n\t# sane gpg settings to be a good encryption\n\t# social citizen of the world\n\t{\n\t\techo\n\t\tif [ -f \"/etc/Muttrc.gpg.dist\" ]; then\n\t\t\techo 'source /etc/Muttrc.gpg.dist'\n\t\tfi\n\t\tif [ -f \"/usr/share/doc/mutt/samples/gpg.rc\" ]; then\n\t\t\techo 'source /usr/share/doc/mutt/samples/gpg.rc'\n\t\tfi\n\t\tif [ -f \"/usr/share/doc/mutt/examples/gpg.rc\" ]; then\n\t\t\techo 'source /usr/share/doc/mutt/examples/gpg.rc'\n\t\tfi\n\t\tif [ -n \"$GPG_ID\" ]; then\n\t\t\techo \"set pgp_sign_as = $GPG_ID\"\n\t\tfi\n\t\techo 'set crypt_replysign=yes'\n\t\techo 'set crypt_replysignencrypted=yes'\n\t\techo 'set crypt_verify_sig=yes'\n\t\t# auto encrypt replies to encrypted mail\n\t\techo 'set pgp_replyencrypt=yes'\n\t\t# auto sign replies to signed mail\n\t\techo 'set pgp_replysign=yes'\n\t\t# auto sign & encrypt to signed & encrypted mail\n\t\techo 'set pgp_replysignencrypted=yes'\n\t\t# show which keys are no good anymore\n\t\techo 'set pgp_show_unusable=no'\n\t\t# auto sign emails\n\t\techo 'set pgp_autosign=yes'\n\t} >> \"$HOME/.mutt/muttrc\"\nfi\n\nif [ -e \"$HOME/.muttrc.local\" ]; then\n\techo \"source $HOME/.muttrc.local\" >> \"$HOME/.mutt/muttrc\"\nfi\n\nexec \"$@\"\n" }, { "path": "ncmpc/Dockerfile", "content": "# ncmpc is a fully featured MPD client\n# which runs in a terminal (using ncurses)\n#\n# docker run --rm -it \\\n# \t-v /etc/localtime:/etc/localtime:ro \\\n#\t--link mpd:mpd \\\n#\tjess/ncmpc\n#\nFROM debian:sid-slim\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN apt-get update && apt-get install -y \\\n\tncmpc \\\n\t--no-install-recommends \\\n\t&& rm -rf /var/lib/apt/lists/*\n\nENTRYPOINT [ \"ncmpc\" ]\n" }, { "path": "neoman/Dockerfile", "content": "# Run neoman (yubikey-piv-manager) in a container\n#\n# docker run -d \\\n#\t-v /etc/localtime:/etc/localtime:ro \\\n#\t-v /tmp/.X11-unix:/tmp/.X11-unix \\\n#\t-e DISPLAY=unix$DISPLAY \\\n#\t--device /dev/bus/usb \\\n#\t--device /dev/usb \\\n#\t--name neoman \\\n#\tjess/neoman\n#\nFROM ubuntu:16.04\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN apt-get update && apt-get install -y \\\n\tsoftware-properties-common \\\n\t--no-install-recommends && \\\n\tadd-apt-repository ppa:yubico/stable && \\\n\tapt-get update && \\\n\tapt-get install -y \\\n\tpython-setuptools \\\n\tusbutils \\\n\tyubikey-neo-manager \\\n\t&& rm -rf /var/lib/apt/lists/*\n\nENTRYPOINT\t[ \"neoman\" ]\n" }, { "path": "nerdy/Dockerfile", "content": "FROM debian:bullseye-slim\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN apt-get update && apt-get install -y \\\n\tca-certificates \\\n\tcowsay \\\n\tcurl \\\n\tfiglet \\\n\timagemagick \\\n\tjp2a \\\n\tpython \\\n\t--no-install-recommends \\\n\t&& rm -rf /var/lib/apt/lists/*\n\nENV HOME /root\nWORKDIR $HOME\n\nCOPY ./lolcat /usr/bin/lolcat\nCOPY ./clippy.cow /usr/share/cowsay/cows/clippy.cow\n\nRUN echo 'image_me() { convert $1 jpg:- | jp2a ${*:2} -; }' >> $HOME/.bashrc\nRUN echo 'figlet_lolcat() { figlet $1 | lolcat; }' >> $HOME/.bashrc\n\nENTRYPOINT [ \"bash\" ]\n" }, { "path": "nerdy/clippy.cow", "content": "##\n## Would you like some assistance today?\n## https://gist.github.com/raggiskula/2351564\n##\n$the_cow = <] [file ...]')\n parser.add_option('-p', '--spread', type='float', default=3.0,\n help='Rainbow spread')\n parser.add_option('-F', '--freq', type='float', default=0.1,\n help='Rainbow frequency')\n parser.add_option('-S', '--seed', type='int', default=0,\n help='Rainbow seed')\n parser.add_option('-a', '--animate', action='store_true', default=False,\n help='Enable psychedelics')\n parser.add_option('-d', '--duration', type='int', default=12,\n help='Animation duration')\n parser.add_option('-s', '--speed', type='float', default=20.0,\n help='Animation speed')\n parser.add_option('-f', '--force', action='store_true', default=False,\n help='Force colour even when stdout is not a tty')\n\n parser.add_option('-3', action='store_const', dest='mode', const=8,\n help='Force 3 bit colour mode')\n parser.add_option('-4', action='store_const', dest='mode', const=16,\n help='Force 4 bit colour mode')\n parser.add_option('-8', action='store_const', dest='mode', const=256,\n help='Force 8 bit colour mode')\n\n options, args = parser.parse_args()\n options.os = random.randint(0, 256) if options.seed == 0 else options.seed\n options.mode = options.mode or detect_mode()\n\n lolcat = LolCat(mode=options.mode)\n\n if not args:\n args = ['-']\n\n for filename in args:\n fd = sys.stdin if filename == '-' else file(filename)\n lolcat.cat(fd, options)\n\nif __name__ == '__main__':\n sys.exit(run())\n" }, { "path": "nes/Dockerfile", "content": "# NES emulator in a container\n#\n# docker run --rm -d \\\n# \t--device /dev/snd \\\n# \t-v /tmp/.X11-unix:/tmp/.X11-unix \\\n# \t-e DISPLAY=unix$DISPLAY \\\n# \t--device /dev/dri \\\n# \tjess/nes /games/zelda.rom\n#\nFROM debian:sid-slim\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN apt-get update && apt-get install -y \\\n\tbinutils \\\n\tca-certificates \\\n\tgcc \\\n\tgit \\\n\tgolang \\\n\tlibgl1-mesa-dev \\\n\tlibgl1-mesa-dri \\\n\tlibxcursor-dev \\\n\tlibxxf86vm-dev \\\n\tlibxi-dev \\\n\tlibxinerama-dev \\\n\tlibxrandr-dev \\\n\tmercurial \\\n\tportaudio19-dev \\\n\t--no-install-recommends \\\n\t&& rm -rf /var/lib/apt/lists/* \\\n\t&& ldconfig\n\nENV GOPATH /go\nENV PATH /go/bin:$PATH\n\nRUN go get github.com/fogleman/nes\n\nCOPY games /games\n\nENTRYPOINT [ \"nes\" ]\n" }, { "path": "netcat/Dockerfile", "content": "FROM debian:sid-slim\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN apt-get update && apt-get install -y \\\n\tnetcat \\\n\t--no-install-recommends \\\n\t&& rm -rf /var/lib/apt/lists/*\n\nENTRYPOINT [ \"netcat\" ]\n" }, { "path": "nginx-extras/Dockerfile", "content": "FROM debian:bullseye-slim\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN apt-get update && apt-get install -y \\\n\tca-certificates \\\n\tlua-cjson \\\n\tlua-iconv \\\n\tnginx-extras \\\n\t--no-install-recommends \\\n\t&& rm -rf /var/lib/apt/lists/*\n\n# forward request and error logs to docker log collector\nRUN ln -sf /dev/stdout /var/log/nginx/access.log \\\n\t&& ln -sf /dev/stderr /var/log/nginx/error.log\n\nEXPOSE 80 443\n\nCMD [\"nginx\", \"-g\", \"daemon off;\"]\n" }, { "path": "nmap/Dockerfile", "content": "FROM debian:bullseye-slim\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN apt-get update && apt-get install -y \\\n\tnmap \\\n\t--no-install-recommends \\\n\t&& rm -rf /var/lib/apt/lists/*\n\nENTRYPOINT [ \"nmap\" ]\n" }, { "path": "no_new_privs/Dockerfile", "content": "FROM alpine:latest\n\nCOPY nnp /usr/local/bin/nnp\nRUN chmod +s /usr/local/bin/nnp\n\nCMD [\"/usr/local/bin/nnp\"]\n" }, { "path": "no_new_privs/nnp.c", "content": "#include \n#include \n#include \n\nint main(int argc, char *argv[]){\n printf(\"Effective uid: %d\\n\", geteuid());\n return 0;\n}\n" }, { "path": "node-sonos/Dockerfile", "content": "FROM node:alpine\n\nRUN apk add --no-cache \\\n\tbuild-base \\\n\tca-certificates \\\n\tgit \\\n\tpython\n\nRUN git clone --depth 1 https://github.com/jishi/node-sonos-http-api.git /opt/app\n\n# install dependencies\nWORKDIR /opt/app\nRUN npm install --production\n\nEXPOSE 3500/tcp 5005/tcp\n\nCMD [\"npm\", \"start\"]\n" }, { "path": "nomad/Dockerfile", "content": "FROM golang:latest as builder\nMAINTAINER Jessica Frazelle \n\nENV PATH /go/bin:/usr/local/go/bin:$PATH\nENV GOPATH /go\n\nRUN apt-get update && apt-get install -y \\\n\tapt-transport-https \\\n\tca-certificates \\\n\tcurl \\\n --no-install-recommends \\\n && rm -rf /var/lib/apt/lists/* \\\n\t&& curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - \\\n\t&& echo \"deb https://dl.yarnpkg.com/debian/ stable main\" | tee /etc/apt/sources.list.d/yarn.list\n\nRUN curl -sL https://deb.nodesource.com/setup_12.x | bash -\n\nRUN apt-get update && apt-get install -y \\\n\tgcc \\\n\tgit \\\n\tg++ \\\n\tmake \\\n\tnodejs \\\n\tpkgconf \\\n\tpython \\\n\tyarn \\\n\tzip \\\n --no-install-recommends \\\n && rm -rf /var/lib/apt/lists/*\n\nENV NOMAD_VERSION v0.11.2\n\nRUN go get github.com/hashicorp/nomad\n\nWORKDIR /go/src/github.com/hashicorp/nomad\n\nRUN git checkout \"${NOMAD_VERSION}\"\n\nRUN set -x \\\n\t&& make bootstrap ember-dist static-assets \\\n\t&& CGO_ENABLED=1 GOOS=linux GOARCH=amd64 \\\n\t\tgo build \\\n\t\t-ldflags \"-X github.com/hashicorp/nomad/version.GitCommit=$(git rev-parse HEAD) -extldflags -static \" \\\n\t\t-tags \"ui release\" \\\n\t\t-o /usr/bin/nomad\n\nFROM alpine:latest\n\nCOPY --from=builder /usr/bin/nomad /usr/bin/nomad\nCOPY --from=builder /etc/ssl/certs/ /etc/ssl/certs\n\nENTRYPOINT [ \"nomad\" ]\nCMD [ \"--help\" ]\n" }, { "path": "notify-osd/Dockerfile", "content": "# To use:\n# Needs X11 socket and dbus mounted\n#\n# docker run -d \\\n#\t-v /etc/machine-id:/etc/machine-id:ro \\\n#\t-v /etc/localtime:/etc/localtime:ro \\\n#\t-v /tmp/.X11-unix:/tmp/.X11-unix \\\n#\t-v /var/run/dbus:/var/run/dbus \\\n#\t-v /var/run/user/$(id -u):/var/run/user/$(id -u) \\\n#\t$(env | cut -d= -f1 | awk '{print \"-e\", $1}') \\\n#\t-e DISPLAY=unix$DISPLAY \\\n#\t-e DBUS_SESSION_BUS_ADDRESS=\"unix:path=/var/run/user/1000/bus\" \\\n#\t-v /etc/passwd:/etc/passwd:ro \\\n#\t-v /etc/group:/etc/group:ro \\\n#\t-u $(whoami) -w \"$HOME\" \\\n#\t-v $HOME/.Xauthority:$HOME/.Xauthority \\\n#\t--name notify-osd \\\n#\tjess/notify-osd\n\nFROM debian:bullseye-slim\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN apt-get update && apt-get install -y \\\n\tat-spi2-core \\\n\tdbus \\\n\tdbus-x11 \\\n\tlibgl1-mesa-dri \\\n\tlibgl1-mesa-glx \\\n\tlibnotify-bin \\\n\tnotify-osd \\\n\t--no-install-recommends \\\n\t&& rm -rf /var/lib/apt/lists/*\n\nENV HOME /home/user\nRUN useradd --create-home --home-dir $HOME user \\\n\t&& mkdir -p $HOME/.cache/dconf \\\n\t&& mkdir -p $HOME/.dbus \\\n\t&& chown -R user:user $HOME\n\nCOPY org.freedesktop.Notifications.service /usr/share/dbus-1/services/org.freedesktop.Notifications.service\n\nWORKDIR $HOME\n\nUSER user\nENTRYPOINT [\"/usr/lib/x86_64-linux-gnu/notify-osd\"]\n" }, { "path": "notify-osd/org.freedesktop.Notifications.service", "content": "[D-BUS Service]\nName=org.freedesktop.Notifications\nExec=/usr/lib/x86_64-linux-gnu/notify-osd\n" }, { "path": "nzbget/Dockerfile", "content": "FROM python:2-alpine\nLABEL maintainer \"Jessie Frazelle \"\n\nENV LANG \"en_US.UTF-8\"\nENV LANGUAGE \"en_US.UTF-8\"\nENV TERM \"xterm\"\n\nRUN apk add --no-cache \\\n\t\tbash \\\n\t\tca-certificates \\\n\t\tffmpeg \\\n\t\tgit \\\n\t\t--repository https://dl-4.alpinelinux.org/alpine/edge/testing\n\nENV NZBGET_VERSION 21.0\nRUN wget \"https://github.com/nzbget/nzbget/releases/download/v${NZBGET_VERSION}/nzbget-${NZBGET_VERSION}-bin-linux.run\" -O /tmp/nzbget.run \\\n\t&& bash /tmp/nzbget.run --destdir /opt/nzbget \\\n && git clone --depth=1 \"https://github.com/clinton-hall/nzbToMedia.git\" /opt/nzbget/scripts/nzbToMedia \\\n\t&& rm -f /tmp/nzbget.bin\n\nCOPY nzbget.conf /config/nzbget.conf\n\nRUN addgroup -g 666 -S nzbget \\\n\t&& adduser -u 666 -SHG nzbget nzbget \\\n\t&& mkdir -p /movies /downloads /comics /tvseries \\\n\t&& chown -R nzbget:nzbget /movies /downloads /comics /tvseries /config /opt/nzbget\n\nUSER nzbget\n\nENTRYPOINT [ \"/opt/nzbget/nzbget\", \"-s\", \"-o\", \"FlushQueue=no\", \"-o\", \"OutputMode=loggable\", \"-c\", \"/config/nzbget.conf\" ]\n" }, { "path": "nzbget/nzbget.conf", "content": "# Configuration file for NZBGet\r\n\r\n\r\n##############################################################################\r\n### PATHS ###\r\n\r\n# Root directory for all tasks.\r\n#\r\n# On POSIX you can use \"~\" as alias for home directory (e.g. \"~/downloads\").\r\n# On Windows use absolute paths (e.g. \"C:\\Downloads\").\r\nMainDir=${AppDir}/downloads\r\n\r\n# Destination directory for downloaded files.\r\n#\r\n# If you want to distinguish between partially downloaded files and\r\n# completed downloads, use also option .\r\nDestDir=${MainDir}/completed\r\n\r\n# Directory to store intermediate files.\r\n#\r\n# If this option is set (not empty) the files are downloaded into\r\n# this directory first. After successful download of nzb-file (possibly\r\n# after par-repair) the files are moved to destination directory\r\n# (option ). If download or unpack fail the files remain in\r\n# intermediate directory.\r\n#\r\n# Using of intermediate directory can significantly improve unpack\r\n# performance if you can put intermediate directory (option )\r\n# and destination directory (option ) on separate physical\r\n# hard drives.\r\n#\r\n# NOTE: If the option is set to empty value the downloaded\r\n# files are put directly to destination directory (option ).\r\nInterDir=${MainDir}/intermediate\r\n\r\n# Directory for incoming nzb-files.\r\n#\r\n# If a new nzb-file is added to queue via web-interface or RPC-API, it\r\n# is saved into this directory and then processed by extension\r\n# scripts (option ).\r\n#\r\n# This directory is also monitored for new nzb-files. If a new file\r\n# is found it is added to download queue. The directory can have\r\n# sub-directories. A nzb-file queued from a subdirectory is automatically\r\n# assigned to category with sub-directory-name.\r\nNzbDir=${MainDir}/nzb\r\n\r\n# Directory to store program state.\r\n#\r\n# This directory is used to save download queue, history, information\r\n# about fetched RSS feeds, statistics, etc.\r\nQueueDir=${MainDir}/queue\r\n\r\n# Directory to store temporary files.\r\nTempDir=${MainDir}/tmp\r\n\r\n# Directory with web-interface files.\r\n#\r\n# Example: /usr/local/share/nzbget/webui.\r\n#\r\n# NOTE: To disable web-interface set the option to an empty value.\r\n# This however doesn't disable the built-in web-server completely because\r\n# it is also used to serve JSON-/XML-RPC requests.\r\nWebDir=${AppDir}/webui\r\n\r\n# Directory with post-processing and other scripts.\r\n#\r\n# This option may contain multiple directories separated with commas or semicolons.\r\n#\r\n# NOTE: For information on writing scripts visit http://nzbget.net/extension-scripts.\r\nScriptDir=${AppDir}/scripts\r\n\r\n# Lock-file for daemon-mode, POSIX only.\r\n#\r\n# When started in daemon mode the program creates the lock file and\r\n# writes process-id (PID) into it. That info can be used in shell\r\n# scripts. If the lock file can not be created or the lock to the file\r\n# can not be acquired the daemon terminates, preventing unintentional\r\n# starting of multiple daemons.\r\n#\r\n# Set to empty value to disable the creating of the lock-file and the\r\n# check for another running instance (not recommended).\r\nLockFile=${MainDir}/nzbget.lock\r\n\r\n# Where to store log file, if it needs to be created.\r\n#\r\n# NOTE: See also option .\r\nLogFile=${MainDir}/nzbget.log\r\n\r\n# Configuration file template.\r\n#\r\n# Put the path to the example configuration file which comes with\r\n# NZBGet. Web-interface needs this file to read option descriptions.\r\n#\r\n# Do not put here your actual configuration file (typically stored\r\n# in your home directory or in /etc/nzbget.conf) but instead the unchanged\r\n# example configuration file (installed to\r\n# /usr/local/share/nzbget/nzbget.conf).\r\n#\r\n# Example: /usr/local/share/nzbget/nzbget.conf.\r\nConfigTemplate=${AppDir}/webui/nzbget.conf.template\r\n\r\n# Required directories.\r\n#\r\n# List of destination directories to be waited for on program start. Directories\r\n# must be separated with commas or semicolons.\r\n#\r\n# The list of directories is checked on program start. The program waits\r\n# until all directories become available before starting download or\r\n# post-processing. This is useful if the download destination is configured\r\n# on network or external drives, which may require some time to mount on boot.\r\n#\r\n# NOTE: Only directories used in option and option \r\n# (global or per-category) can be waited. Other directories, such as\r\n# option , option and option must be\r\n# available on program start.\r\nRequiredDir=\r\n\r\n# Certificate store file or directory.\r\n#\r\n# Certificate store contains root certificates used for server certificate\r\n# verification when connecting to servers with encryption (TLS/SSL). This\r\n# includes communication with news-servers for article downloading and\r\n# with web-servers (via https) for fetching of rss feeds and nzb-files.\r\n#\r\n# The option can point either to one big file containing all root\r\n# certificates or to a directory containing certificate files, in PEM format.\r\n#\r\n# Example: /etc/ssl/certs/ca-certificates.crt.\r\n#\r\n# NOTE: Certificate verification must be enabled separately via option .\r\n#\r\n# NOTE: For more details visit http://nzbget.net/certificate-verification.\r\nCertStore=${AppDir}/cacert.pem\r\n\r\n##############################################################################\r\n### NEWS-SERVERS ###\r\n\r\n# This section defines which servers NZBGet should connect to.\r\n#\r\n# The servers should be numbered subsequently without holes.\r\n# For example if you configure three servers you should name them as Server1,\r\n# Server2 and Server3. If you need to delete Server2 later you should also\r\n# change the name of Server3 to Server2. Otherwise it will not be properly\r\n# read from the config file. Server number doesn't affect its priority (level).\r\n\r\n# Use this news server (yes, no).\r\n#\r\n# Set to \"no\" to disable the server on program start. Servers can be activated\r\n# later via scheduler tasks or manually via web-interface.\r\n#\r\n# NOTE: Download is not possible when all servers on level 0 are disabled. Servers\r\n# on higher levels are used only if at least one server on level 0 was tried.\r\nServer1.Active=yes\r\n\r\n# Name of news server.\r\n#\r\n# The name is used in UI and for logging. It can be any string, you\r\n# may even leave it empty.\r\nServer1.Name=\r\n\r\n# Level (priority) of news server (0-99).\r\n#\r\n# The servers are ordered by their level. NZBGet first tries to download\r\n# an article from one (any) of level-0-servers. If that server fails,\r\n# NZBGet tries all other level-0-servers. If all servers fail, it proceeds\r\n# with the level-1-servers, etc.\r\n#\r\n# Put your major download servers at level 0 and your fill servers at\r\n# levels 1, 2, etc..\r\n#\r\n# Several servers with the same level may be defined, they have\r\n# the same priority.\r\nServer1.Level=0\r\n\r\n# This is an optional non-reliable server (yes, no).\r\n#\r\n# Marking server as optional tells NZBGet to ignore this server if a\r\n# connection to this server cannot be established. Normally NZBGet\r\n# doesn't try upper-level servers before all servers on current level\r\n# were tried. If a connection to server fails NZBGet waits until the\r\n# server becomes available (it may try others from current level at this\r\n# time). This is usually what you want to avoid exhausting of\r\n# (costly) upper level servers if one of main servers is temporary\r\n# unavailable. However, for less reliable servers you may prefer to ignore\r\n# connection errors and go on with higher-level servers instead.\r\nServer1.Optional=no\r\n\r\n# Group of news server (0-99).\r\n#\r\n# If you have multiple accounts with same conditions (retention, etc.)\r\n# on the same news server, set the same group (greater than 0) for all\r\n# of them. If download fails on one news server, NZBGet does not try\r\n# other servers from the same group.\r\n#\r\n# Value \"0\" means no group defined (default).\r\nServer1.Group=0\r\n\r\n# Host name of news server.\r\nServer1.Host=my.newsserver.com\r\n\r\n# Port to connect to (1-65535).\r\nServer1.Port=119\r\n\r\n# User name to use for authentication.\r\nServer1.Username=user\r\n\r\n# Password to use for authentication.\r\nServer1.Password=pass\r\n\r\n# Server requires \"Join Group\"-command (yes, no).\r\nServer1.JoinGroup=no\r\n\r\n# Encrypted server connection (TLS/SSL) (yes, no).\r\n#\r\n# NOTE: By changing this option you should also change the option \r\n# accordingly because unsecure and encrypted connections use different ports.\r\nServer1.Encryption=no\r\n\r\n# Cipher to use for encrypted server connection.\r\n#\r\n# By default (when the option is empty) the underlying encryption library\r\n# chooses the cipher automatically. To achieve the best performance\r\n# however you can manually select a faster cipher.\r\n#\r\n# See http://nzbget.net/choosing-cipher for details.\r\n#\r\n# NOTE: One of the fastest cipher is RC4. To select it use the cipher string\r\n# \"RC4-MD5\" (if NZBGet was configured to use OpenSSL) or\r\n# \"NONE:+VERS-TLS-ALL:+ARCFOUR-128:+RSA:+MD5:+COMP-ALL\"\r\n# (if NZBGet was configured to use GnuTLS). Note that RC4 is considered insecure\r\n# by the IETF (http://tools.ietf.org/html/rfc7465), but may be sufficient for\r\n# the usage of NZBGet.\r\n#\r\n# NOTE: You may get a TLS handshake error if the news server does\r\n# not support the chosen cipher. You can also get an error \"Could not\r\n# select cipher for TLS\" if the cipher string is not valid.\r\nServer1.Cipher=\r\n\r\n# Maximum number of simultaneous connections to this server (0-999).\r\nServer1.Connections=4\r\n\r\n# Server retention time (days).\r\n#\r\n# How long the articles are stored on the news server. The articles\r\n# whose age exceed the defined server retention time are not tried on\r\n# this news server, the articles are instead considered failed on this\r\n# news server.\r\n#\r\n# Value \"0\" disables retention check.\r\nServer1.Retention=0\r\n\r\n# IP protocol version (auto, ipv4, ipv6).\r\nServer1.IpVersion=auto\r\n\r\n# User comments on this server.\r\n#\r\n# Any text you want to save along with the server definition. For your convenience\r\n# or for usage in custom extension scripts.\r\nServer1.Notes=\r\n\r\n# Second server, on level 0.\r\n\r\n#Server2.Level=0\r\n#Server2.Host=my2.newsserver.com\r\n#Server2.Port=119\r\n#Server2.Username=me\r\n#Server2.Password=mypass\r\n#Server2.JoinGroup=yes\r\n#Server2.Connections=4\r\n\r\n# Third server, on level 1.\r\n\r\n#Server3.Level=1\r\n#Server3.Host=fills.newsserver.com\r\n#Server3.Port=119\r\n#Server3.Username=me2\r\n#Server3.Password=mypass2\r\n#Server3.JoinGroup=yes\r\n#Server3.Connections=1\r\n\r\n\r\n##############################################################################\r\n### SECURITY ###\r\n\r\n# IP on which NZBGet server listen and which clients use to contact NZBGet.\r\n#\r\n# It could be a dns-hostname (e. g. \"mypc\") or an IP address (e. g. \"192.168.1.2\" or\r\n# \"127.0.0.1\").\r\n#\r\n# Your computer may have multiple network interfaces and therefore multiple IP\r\n# addresses. If you want NZBGet to listen to all interfaces and be available from\r\n# all IP-addresses use value \"0.0.0.0\".\r\n#\r\n# NOTE: When you start NZBGet as client (to send remote commands to NZBGet server) and\r\n# the option is set to \"0.0.0.0\" the client will use IP \"127.0.0.1\".\r\n#\r\n# NOTE: If you set the option to \"127.0.0.1\" you will be able to connect to NZBGet\r\n# only from the computer running NZBGet. This restriction applies to web-interface too.\r\n#\r\n# NOTE: NZBGet also supports listening on Unix domain sockets instead of TCP/IP\r\n# sockets. To activate this mode set option to a local path\r\n# (e. g. \"ControlIP=/var/sock\").\r\nControlIP=0.0.0.0\r\n\r\n# Port which NZBGet server and remote client use (1-65535).\r\n#\r\n# NOTE: The communication via this port is not encrypted. For encrypted\r\n# communication see option .\r\nControlPort=6789\r\n\r\n# User name which NZBGet server and remote client use.\r\n#\r\n# Set to empty value to disable user name check (check only password).\r\n#\r\n# NOTE: This option was added in NZBGet 11. Older versions used predefined\r\n# not changeable user name \"nzbget\". Third-party tools or web-sites written\r\n# for older NZBGet versions may not have an option to define user name. In\r\n# this case you should set option to the default value\r\n# \"nzbget\" or use empty value.\r\nControlUsername=hacker\r\n\r\n# Password which NZBGet server and remote client use.\r\n#\r\n# Set to empty value to disable authorization request.\r\nControlPassword=\r\n\r\n# User name for restricted access.\r\n#\r\n# The restricted user can control the program with a few restrictions.\r\n# They have access to the web-interface and can see most of the program\r\n# settings. They however, can not change program settings, view security\r\n# related options or options provided by extension scripts.\r\n#\r\n# Use this user to connect to NZBGet from other programs and web-sites.\r\n#\r\n# In terms of RPC-API the user:\r\n# - cannot use method \"saveconfig\";\r\n# - methods \"config\" and \"saveconfig\" return string \"***\" for\r\n# options those content is protected from the user.\r\n#\r\n# Set to empty value to disable restricted user.\r\n#\r\n# NOTE: Don't forget to change default username/password of the control\r\n# user (options and ).\r\nRestrictedUsername=\r\n\r\n# Password for restricted access.\r\n#\r\n# Set to empty value to disable password check.\r\nRestrictedPassword=\r\n\r\n# User name to add downloads via RPC-API.\r\n#\r\n# Use the AddUsername/AddPassword to give other programs or web-services\r\n# access to NZBGet with only two permissions:\r\n# - add new downloads using RPC-method \"append\";\r\n# - check program version using RPC-method \"version\".\r\n#\r\n# In a case the program/web-service needs more rights use the restricted\r\n# user instead (options and ).\r\n#\r\n# Set to empty value to disable add-user.\r\n#\r\n# NOTE: Don't forget to change default username/password of the control\r\n# user (options and ).\r\nAddUsername=\r\n\r\n# Password for user with add downloads access.\r\n#\r\n# Set to empty value to disable password check.\r\nAddPassword=\r\n\r\n# Authenticate using web-form (yes, no).\r\n#\r\n# The preferred and default way to authenticate in web-interface is using\r\n# HTTP authentication. Web-browsers show a special dialog to enter username\r\n# and password which they then send back to NZBGet. Sometimes browser plugins\r\n# aided at storing and filling of passwords do not work properly with browser's\r\n# built-in dialog. To help with such tools NZBGet provide an alternative\r\n# authentication mechanism via web form.\r\nFormAuth=no\r\n\r\n# Secure control of NZBGet server (yes, no).\r\n#\r\n# Activate the option if you want to access NZBGet built-in web-server\r\n# via HTTPS (web-interface and RPC). You should also provide certificate\r\n# and key files, see option and option .\r\nSecureControl=no\r\n\r\n# Port which NZBGet server and remote client use for encrypted\r\n# communication (1-65535).\r\nSecurePort=6791\r\n\r\n# Full path to certificate file for encrypted communication.\r\n#\r\n# In case of Let's Encrypt: full path to fullchain.pem.\r\nSecureCert=\r\n\r\n# Full path to key file for encrypted communication.\r\n#\r\n# In case of Let's Encrypt: full path to privkey.pem.\r\nSecureKey=\r\n\r\n# IP-addresses allowed to connect without authorization.\r\n#\r\n# Comma separated list of privileged IPs for easy access to NZBGet\r\n# built-in web-server (web-interface and RPC). The connected clients\r\n# have full unrestricted access.\r\n#\r\n# Example: 127.0.0.1,192.168.178.2.\r\n#\r\n# NOTE: Do not use this option if the program works behind another\r\n# web-server because all requests will have the address of this server.\r\nAuthorizedIP=127.0.0.1\r\n\r\n# TLS certificate verification (yes, no).\r\n#\r\n# When connecting to a news server (for downloading) or a web server\r\n# (for fetching of rss feeds and nzb-files) the authenticity of the server\r\n# should be validated using server security certificate. If the check\r\n# fails that means the connection cannot be trusted and must be closed\r\n# with an error message explaining the security issue.\r\n#\r\n# Sometimes servers are improperly configured and the certificate verification\r\n# fails even if there is no hacker attack in place. In that case you should\r\n# inform the server owner about the issue. If you still need to connect to\r\n# servers with invalid certificates you can disable the certificate verification\r\n# but you should know that your connection is insecure and you might be\r\n# connecting to attacker's server without your awareness.\r\n#\r\n# NOTE: Certificate verification requires a list of trusted root certificates,\r\n# which must be configured using option .\r\n#\r\n# NOTE: For more details visit http://nzbget.net/certificate-verification.\r\nCertCheck=yes\r\n\r\n# Automatically check for new releases (none, stable, testing).\r\n#\r\n# None - do not show notifcations;\r\n# Stable - show notifications about new stable releases;\r\n# Testing - show notifications about new stable and testing releases.\r\nUpdateCheck=stable\r\n\r\n# User name for daemon-mode, POSIX only.\r\n#\r\n# Set the user that the daemon normally runs at (POSIX in daemon-mode only).\r\n# Set MainDir with an absolute path to be sure where it will write.\r\n# This allows NZBGet daemon to be launched in rc.local (at boot), and\r\n# download items as a specific user id.\r\n#\r\n# NOTE: This option has effect only if the program was started from\r\n# root-account, otherwise it is ignored and the daemon runs under\r\n# current user id.\r\nDaemonUsername=root\r\n\r\n# Specify default umask (affects file permissions) for newly created\r\n# files, POSIX only (000-1000).\r\n#\r\n# The value should be written in octal form (the same as for \"umask\" shell\r\n# command).\r\n# Empty value or value \"1000\" disable the setting of umask-mode; current\r\n# umask-mode (set via shell) is used in this case.\r\nUMask=1000\r\n\r\n\r\n##############################################################################\r\n### CATEGORIES ###\r\n\r\n# This section defines categories available in web-interface.\r\n\r\n# Category name.\r\n#\r\n# Each nzb-file can be assigned to a category.\r\n# Category name is passed to post-processing script and can be used by it\r\n# to perform category specific processing.\r\nCategory1.Name=Movies\r\n\r\n# Destination directory for this category.\r\n#\r\n# If this option is empty, then the default destination directory\r\n# (option ) is used. In this case if the option \r\n# is active, the program creates a subdirectory with category name within\r\n# destination directory.\r\nCategory1.DestDir=\r\n\r\n# Unpack downloaded nzb-files (yes, no).\r\n#\r\n# For more information see global option .\r\nCategory1.Unpack=yes\r\n\r\n# List of extension scripts for this category.\r\n#\r\n# For more information see global option .\r\nCategory1.Extensions=\r\n\r\n# List of aliases.\r\n#\r\n# When a nzb-file is added from URL, RSS or RPC the category name\r\n# is usually supplied by nzb-site or by application accessing\r\n# NZBGet. Using Aliases you can match their categories with your owns.\r\n#\r\n# Separate aliases with commas or semicolons. Use wildcard characters\r\n# * and ? for pattern matching.\r\n#\r\n# Example: TV - HD, TV - SD, TV*\r\nCategory1.Aliases=\r\n\r\nCategory2.Name=Series\r\nCategory3.Name=Music\r\nCategory4.Name=Software\r\n\r\n\r\n##############################################################################\r\n### RSS FEEDS ###\r\n\r\n# Name of RSS Feed.\r\n#\r\n# The name is used in UI and for logging. It can be any string.\r\n#Feed1.Name=my feed\r\n\r\n# Address (URL) of RSS Feed.\r\n#\r\n# Example: https://myindexer.com/api?apikey=3544646bfd1c535a9654645609800901&t=search&q=game.\r\n#Feed1.URL=\r\n\r\n# Filter rules for items.\r\n#\r\n# Use filter to ignore unwanted items in the feed. In its simplest version\r\n# the filter is a space separated list of words which must be present in\r\n# the item title.\r\n#\r\n# Example: linux debian dvd.\r\n#\r\n# MORE INFO:\r\n# NOTE: This is a short documentation, for more information visit\r\n# http://nzbget.net/rss.\r\n#\r\n# Feed filter consists of rules - one rule per line. Each rule defines\r\n# a search string and a command, which must be performed if the search\r\n# string matches. There are five kinds of rule-commands: Accept,\r\n# Reject, Require, Options, Comment.\r\n#\r\n# NOTE: Since options in the configuration file can not span multiple\r\n# lines, the lines (rules) must be separated with %-character (percent).\r\n#\r\n# Definition of a rule:\r\n# [A:|A(options):|R:|Q:|O(options):|#] search-string\r\n#\r\n# A - declares Accept-rule. Rules are accept-rules by default, the\r\n# \"A:\" can be omitted. If the feed item matches to the rule the\r\n# item is considered good and no further rules are checked.\r\n# R - declares Reject-rule. If the feed item matches to the rule the\r\n# item is considered bad and no further rules are checked.\r\n# Q - declares Require-rule. If the feed item DOES NOT match to the rule\r\n# the item is considered bad and no further rules are checked.\r\n# O - declares Options-rule. If the feed item matches to the rule the\r\n# options declared in the rule are set for the item. The item is\r\n# neither accepted nor rejected via this rule but can be accepted\r\n# later by one of Accept-rules. In this case the item will have its\r\n# options already set (unless the Accept-rule overrides them).\r\n# # - lines starting with # are considered comments and are ignored. You\r\n# can use comments to explain complex rules or to temporary disable\r\n# rules for debugging.\r\n#\r\n# Options allow to set properties on nzb-file. It's a comma-separated\r\n# list of property names with their values.\r\n#\r\n# Definition of an option:\r\n# name:value\r\n#\r\n# Options can be defined using long option names or short names:\r\n# category (cat, c) - set category name, value is a string;\r\n# pause (p) - add nzb in paused or unpaused state, possible\r\n# values are: yes (y), no (n);\r\n# priority (pr, r) - set priority, value is a signed integer number;\r\n# priority+ (pr+, r+) - increase priority, value is a signed integer number;\r\n# dupescore (ds, s) - set duplicate score, value is a signed integer number;\r\n# dupescore+ (ds+, s+) - increase duplicate score, value is a signed integer number;\r\n# dupekey (dk, k) - set duplicate key, value is a string;\r\n# dupekey+ (dk+, k+) - add to duplicate key, value is a string;\r\n# dupemode (dm, m) - set duplicate check mode, possible values\r\n# are: score (s), all (a), force (f);\r\n# rageid\t\t\t\t- generate duplicate key using this rageid\r\n# (integer number) and season/episode numbers;\r\n# series\t\t\t\t- generate duplicate key using series identifier\r\n# (any unique string) and season/episode numbers.\r\n#\r\n# Examples of option definitions:\r\n# Accept(category:my series, pause:yes, priority:100): my show 1080p;\r\n# Options(c:my series, p:y, r:100): 1080p;\r\n# Options(s:1000): 1080p;\r\n# Options(k+:1080p): 1080p;\r\n# Options(dupemode:force): BluRay.\r\n#\r\n# Rule-options override values set in feed-options.\r\n#\r\n# The search-string is similar to used in search engines. It consists of\r\n# search terms separated with spaces. Every term is checked for a feed\r\n# item and if they all succeed the rule is considered matching.\r\n#\r\n# Definition of a term:\r\n# [+|-][field:][command]param\r\n#\r\n# + - declares a positive term. Terms are positive by default,\r\n# the \"+\" can be omitted;\r\n# - - declares a negative term. If the term succeeds the feed\r\n# item is ignored;\r\n# field - field to which apply the term. If not specified\r\n# the default field \"title\" is used;\r\n# command - a special character defining how to interpret the\r\n# parameter (followed after the command):\r\n# @ - search for string \"param\". This is default command,\r\n# the \"@\" can be omitted;\r\n# $ - \"param\" defines a regular expression (using POSIX Extended\r\n# Regular Expressions syntax);\r\n# = - equal;\r\n# < - less than;\r\n# <= - equal or less than;\r\n# > - greater than;\r\n# >= - equal or greater than;\r\n# param - parameter for command.\r\n#\r\n# Commands @ and $ are for use with text fields (title, filename, category,\r\n# link, description, dupekey). Commands =, <, <=, > and >= are for use\r\n# with numeric fields (size, age, imdbid, rageid, season, episode, priority,\r\n# dupescore).\r\n#\r\n# Only fields title, filename and age are always present. The availability of\r\n# other fields depend on rss feed provider.\r\n#\r\n# Any newznab attribute (encoded as \"newznab:attr\" in the RSS feed) can\r\n# be used as search field with prefix \"attr-\", for example \"attr-genre\".\r\n#\r\n# Text search (Command @) supports wildcard characters * (matches\r\n# any number of any characters), ? (matches any one character)\r\n# and # (matches one digit).\r\n# Text search is by default performed against words (word-search mode): the\r\n# field content is separated into words and then each word is checked\r\n# against pattern. If the search pattern starts and ends with * (star)\r\n# the search is performed against the whole field content\r\n# (substring-search mode). If the search pattern contains word separator\r\n# characters (except * and ?) the search is performed on the whole\r\n# field (the word-search would be obviously never successful in this\r\n# case). Word separators are: !\\\"#$%&'()*+,-./:;<=>?@[\\\\]^_`{|}~.\r\n#\r\n# Field \"size\" can have suffixes \"K\" or \"KB\" for kilobytes, \"M\" or \"MB\"\r\n# for megabytes and \"G\" or \"GB\" for gigabytes. Field \"age\" can have\r\n# suffixes \"m\" for minutes, \"h\" for hours and \"d\" for days. If suffix\r\n# is not specified default is days.\r\n#\r\n# Examples (the trailing ; or . is not part of filter):\r\n# 1) A: s01* -category:anime;\r\n# 2) my show WEB-DL;\r\n# 3) *my?show* WEB-DL size:<1.8GB age:>2h;\r\n# 4) R: size:>9GB;\r\n# 5) Q: HDTV.\r\n#\r\n# NOTE: This is a short documentation, for more information visit\r\n# http://nzbget.net/rss.\r\n#Feed1.Filter=\r\n\r\n# How often to check for new items (minutes).\r\n#\r\n# Value \"0\" disables the automatic check of this feed.\r\n#Feed1.Interval=15\r\n\r\n# Treat all items on first fetch as backlog (yes, no).\r\n#\r\n# yes - when the feed is fetched for the very first time (or after\r\n# changing of URL or filter) all existing items are ignored (marked\r\n# as backlog). The items found on subsequent fetches are processed;\r\n# no - all items are processed even on first fetch (or after\r\n# changing of URL or filter).\r\n#Feed1.Backlog=yes\r\n\r\n# Add nzb-files as paused (yes, no).\r\n#Feed1.PauseNzb=no\r\n\r\n# Category for added nzb-files.\r\n#\r\n# NOTE: Feed providers may include category name within response when nzb-file\r\n# is downloaded. If you want to use the providers category leave the option empty.\r\n#Feed1.Category=\r\n\r\n# Priority for added nzb-files (number).\r\n#\r\n# Priority can be any integer value. The web-interface however operates\r\n# with only six predefined priorities: -100 (very low priority), -50\r\n# (low priority), 0 (normal priority, default), 50 (high priority),\r\n# 100 (very high priority) and 900 (force priority). Downloads with\r\n# priorities equal to or greater than 900 are downloaded and\r\n# post-processed even if the program is in paused state (force mode).\r\n#Feed1.Priority=0\r\n\r\n# List of rss feed extension scripts to execute for rss content.\r\n#\r\n# The scripts in the list must be separated with commas or semicolons. All\r\n# scripts must be stored in directory set by option and\r\n# paths relative to must be entered here.\r\n#\r\n# NOTE: For developer documentation visit http://nzbget.net/extension-scripts.\r\n#Feed1.Extensions=\r\n\r\n\r\n##############################################################################\r\n### INCOMING NZBS ###\r\n\r\n# Create subdirectory with category-name in destination-directory (yes, no).\r\nAppendCategoryDir=yes\r\n\r\n# How often incoming-directory (option ) must be checked for new\r\n# nzb-files (seconds).\r\n#\r\n# Value \"0\" disables the check.\r\n#\r\n# NOTE: nzb-files are processed by extension scripts. See option .\r\nNzbDirInterval=5\r\n\r\n# How old nzb-file should at least be for it to be loaded to queue (seconds).\r\n#\r\n# NZBGet checks if nzb-file was not modified in last few seconds, defined by\r\n# this option. That safety interval prevents the loading of files, which\r\n# were not yet completely saved to disk, for example if they are still being\r\n# downloaded in web-browser.\r\nNzbDirFileAge=60\r\n\r\n# Check for duplicate titles (yes, no).\r\n#\r\n# If this option is enabled the program checks by adding of a new nzb-file:\r\n# 1) if history contains the same title (see below) with success status\r\n# the nzb-file is not added to queue;\r\n# 2) if download queue already contains the same title the nzb-file is\r\n# added to queue for backup (if the first file fails);\r\n# 3) if nzb-file contains duplicate entries. This helps to find errors\r\n# in bad nzb-files.\r\n#\r\n# \"Same title\" means the nzb file name is same or the duplicate key is\r\n# same. Duplicate keys are set by fetching from RSS feeds using title\r\n# identifier fields provided by RSS provider (imdbid or rageid/season/episode).\r\n#\r\n# If duplicates were detected only one of them is downloaded. If download\r\n# fails another duplicate is tried. If download succeeds all remaining\r\n# duplicates are deleted from queue.\r\n#\r\n# NOTE: For automatic duplicate handling option must be\r\n# set to \"Delete\", \"Park\" or \"None\". If it is set to \"Pause\" you will need to\r\n# manually unpause another duplicate (if any exists in queue).\r\n#\r\n# NOTE: For more info on duplicates see http://nzbget.net/rss.\r\nDupeCheck=yes\r\n\r\n\r\n##############################################################################\r\n### DOWNLOAD QUEUE ###\r\n\r\n# Flush download queue to disk (yes, no).\r\n#\r\n# Immediately flush file buffers for queue state file. This improves\r\n# safety for the queue file but may decrease disk performance due to\r\n# disabling of disk caching for queue state file.\r\n#\r\n# You can disable this option if it negatively affects disk performance on your\r\n# system. You should create backups of queue-directory (option )\r\n# in that case. Keep the option enabled if your system often crashes.\r\nFlushQueue=yes\r\n\r\n# Continue download of partially downloaded files (yes, no).\r\n#\r\n# If active the current state (the info about what articles were already\r\n# downloaded) is saved every second and is reloaded after restart. This is\r\n# about files included in download jobs (usually rar-files), not about\r\n# download-jobs (nzb-files) itself. Download-jobs are always\r\n# continued regardless of that option.\r\n#\r\n# Disabling this option may slightly reduce disk access and is\r\n# therefore recommended on fast connections.\r\nContinuePartial=yes\r\n\r\n# Propagation delay to your news servers (minutes).\r\n#\r\n# The option sets minimum post age for nzb-files. Very recent files\r\n# are not downloaded to avoid download failures. The files remain\r\n# on hold in the download queue until the propagation delay expires,\r\n# after that they are downloaded.\r\nPropagationDelay=0\r\n\r\n# Memory limit for article cache (megabytes).\r\n#\r\n# Article cache helps to improve performance. First the amount of disk\r\n# operations can be significantly reduced. Second the created files are\r\n# less fragmented, which again speeds up the post-processing (unpacking).\r\n#\r\n# The article cache works best with option which can\r\n# effectively use even small cache (like 50 MB).\r\n#\r\n# If option is disabled the cache should be big enough to\r\n# hold all articles of one file (typically up to 200 MB, sometimes even\r\n# 500 MB). Otherwise the articles are written into temporary directory\r\n# when the cache is full, which degrades performance.\r\n#\r\n# Value \"0\" disables article cache.\r\n#\r\n# In 32 bit mode the maximum allowed value is 1900.\r\n#\r\n# NOTE: Also see option .\r\nArticleCache=100\r\n\r\n# Write decoded articles directly into destination output file (yes, no).\r\n#\r\n# Files are posted to Usenet in multiple pieces (articles). Each file\r\n# typically consists of hundreds of articles.\r\n#\r\n# When option is disabled and the article cache (option\r\n# ) is not active or is full the program saves downloaded\r\n# articles into temporary directory and later reads them all to write\r\n# again into the destination file.\r\n#\r\n# When option is enabled the program at first creates the\r\n# output destination file with required size (total size of all articles),\r\n# then writes the articles directly to this file without creating of any\r\n# temporary files. If article cache (option ) is active\r\n# the downloaded articles are saved into cache first and are written\r\n# into the destination file when the cache flushes. This happen when\r\n# all articles of the file are downloaded or when the cache becomes\r\n# full to 90%.\r\n#\r\n# The direct write relies on the ability of file system to create\r\n# empty files without allocating the space on the drive (sparse files),\r\n# which most modern file systems support including EXT3, EXT4\r\n# and NTFS. The notable exception is HFS+ (default file system on OSX).\r\n#\r\n# The direct write usually improves performance by reducing the amount\r\n# of disk operations but may produce more fragmented files when used\r\n# without article cache.\r\nDirectWrite=yes\r\n\r\n# Memory limit for per connection write buffer (kilobytes).\r\n#\r\n# When downloaded articles are written into disk the OS collects\r\n# data in the internal buffer before flushing it into disk. This option\r\n# controls the size of this buffer per connection/download thread.\r\n#\r\n# Larger buffers decrease the amount of disk operations and help\r\n# producing less fragmented files speeding up the post-processing\r\n# (unpack).\r\n#\r\n# To calculate the maximum memory required for all download threads multiply\r\n# WriteBuffer by number of connections configured in section\r\n# \"NEWS-SERVERS\". The option sets the limit, the actual buffer can be\r\n# smaller if the article size (typically about 500 KB) is below the limit.\r\n#\r\n# Write-buffer is managed by OS (system libraries) and therefore\r\n# the effect of the option is highly OS-dependent.\r\n#\r\n# Recommended value for computers with enough memory: 1024.\r\n#\r\n# Value \"0\" disables the setting of buffer size. In this case a buffer\r\n# of default size (OS and compiler specific) is used, which is usually\r\n# too small (1-4 KB) and therefore not optimal.\r\n#\r\n# NOTE: Also see option .\r\nWriteBuffer=1024\r\n\r\n# How to name downloaded files (auto, article, nzb).\r\n#\r\n# Article - use file names stored in article metadata;\r\n# Nzb - use file names as defined in nzb-file;\r\n# Auto - prefer names from article metadata; for obfuscated files use\r\n# names from nzb-file.\r\n#\r\n# NOTE: This option sets the naming convention for files listed in nzb. It has no\r\n# effect on files extracted from archives.\r\nFileNaming=auto\r\n\r\n# Reorder files within nzbs for optimal download order (yes, no).\r\n#\r\n# When nzb-file is added to queue the files listed within nzb can be in a random\r\n# order. When \"ReorderFiles\" is active the files are automatically sorted\r\n# alphabetically to ensure download of archive parts in correct order. The\r\n# par2-files are moved to the end and then sorted by size.\r\n#\r\n# NOTE: When option is active the files are sorted again after the file\r\n# names become known.\r\nReorderFiles=yes\r\n\r\n# Post-processing strategy (sequential, balanced, aggressive, rocket).\r\n#\r\n# Sequential - downloaded items are post processed from a queue, one item at a\r\n# time, to dedicate the most computer resources to each\r\n# item. Therefore, a post process par repair will prevent another\r\n# task from running even if the item does not require a par repair;\r\n# Balanced - items that do not need par repair are post processed one at a\r\n# time while par repair tasks may also run simultaneously one after\r\n# another at the same time. This means that a post process par\r\n# repair will not prevent another task from running, but at a cost\r\n# of using more computer resource;\r\n# Aggressive - will simultaneously post process up to three items including\r\n# one par repair task;\r\n# Rocket - will simultaneously post process up to six items including one\r\n# or two par repair tasks.\r\n#\r\n# NOTE: Computer resources are in heavy demand when post-processing with\r\n# simultaneous tasks - make sure the hardware is capable.\r\nPostStrategy=balanced\r\n\r\n# Pause if disk space gets below this value (megabytes).\r\n#\r\n# Disk space is checked for directories pointed by option and\r\n# option .\r\n#\r\n# Value \"0\" disables the check.\r\nDiskSpace=250\r\n\r\n# Delete source nzb-file when it is not needed anymore (yes, no).\r\n#\r\n# Enable this option for automatic deletion of source nzb-file from\r\n# incoming directory when the program doesn't require it anymore (the\r\n# nzb-file has been deleted from queue and history).\r\nNzbCleanupDisk=yes\r\n\r\n# Keep the history of downloaded nzb-files (days).\r\n#\r\n# After download and post-processing the items are added to history where\r\n# their status can be checked and they can be post-processed again if\r\n# necessary.\r\n#\r\n# After expiring of defined period:\r\n#\r\n# If option is active the items become hidden and the amount\r\n# of data kept is significantly reduced (for better performance), only\r\n# fields necessary for duplicate check are kept. The item remains in the\r\n# hidden history (forever);\r\n#\r\n# If option is NOT active the items are removed from history.\r\n#\r\n# When a failed item is removed from history or become hidden all downloaded\r\n# files of that item are deleted from disk.\r\n#\r\n# Value \"0\" disables history. Duplicate check will not work.\r\nKeepHistory=30\r\n\r\n# Keep the history of outdated feed items (days).\r\n#\r\n# After fetching of an RSS feed the information about included items (nzb-files)\r\n# is saved to disk. This allows to detect new items on next fetch. Feed\r\n# providers update RSS feeds constantly. Since the feed length is limited\r\n# (usually 100 items or less) the old items get pushed away by new\r\n# ones. When an item is not present in the feed anymore it's not necessary\r\n# to keep the information about this item on the disk.\r\n#\r\n# If option is set to \"0\", the outdated items are deleted from history\r\n# immediately.\r\n#\r\n# Otherwise the items are held in the history for defined number of\r\n# days. Keeping of items for few days helps in situations when feed provider\r\n# has technical issues and may response with empty feeds (or with missing\r\n# items). When the technical issue is fixed the items may reappear in the\r\n# feed causing the program to re-download items if they were not found in\r\n# the feed history.\r\nFeedHistory=7\r\n\r\n# Discard downloaded data (do not write into disk) (yes, no).\r\n#\r\n# This option is for speed test purposes (benchmarking). When enabled the\r\n# downloaded data is not written into disk. The destination files are still\r\n# created but are either empty or contain zeros (depending on other\r\n# options). The post-processing (unpack, repair, etc.) is also completely\r\n# disabled.\r\n#\r\n# NOTE: This option is meant for development purposes. You should not\r\n# activate it except maybe for speed tests.\r\nSkipWrite=no\r\n\r\n# Write article raw data (yes, no).\r\n#\r\n# When enabled the article content is written into disk in raw form without\r\n# processing.\r\n#\r\n# NOTE: This option is meant for development purposes. You should not\r\n# activate it.\r\nRawArticle=no\r\n\r\n##############################################################################\r\n### CONNECTION ###\r\n\r\n# How many retries should be attempted if a download error occurs (0-99).\r\n#\r\n# If download fails because of incomplete or damaged article or due to\r\n# CRC-error the program tries to re-download the article from the same\r\n# news server as many times as defined in this option. If all attempts fail\r\n# the program tries another news server.\r\n#\r\n# If download fails because of \"article or group not found error\" the\r\n# program tries another news server without retrying on the failed server.\r\nArticleRetries=3\r\n\r\n# Article retry interval (seconds).\r\n#\r\n# If download of article fails because of interrupted connection\r\n# the server is temporary blocked until the retry interval expires.\r\nArticleInterval=10\r\n\r\n# Connection timeout for article downloading (seconds).\r\nArticleTimeout=60\r\n\r\n# Number of download attempts for URL fetching (0-99).\r\n#\r\n# If fetching of nzb-file via URL or fetching of RSS feed fails another\r\n# attempt is made after the retry interval (option ).\r\nUrlRetries=3\r\n\r\n# URL fetching retry interval (seconds).\r\n#\r\n# If fetching of nzb-file via URL or fetching of RSS feed fails another\r\n# attempt is made after the retry interval.\r\nUrlInterval=10\r\n\r\n# Connection timeout for URL fetching (seconds).\r\n#\r\n# Connection timeout when fetching nzb-files via URLs and fetching RSS feeds.\r\nUrlTimeout=60\r\n\r\n# Timeout for incoming connections (seconds).\r\n#\r\n# Set timeout for connections from clients (web-browsers and API clients).\r\nRemoteTimeout=90\r\n\r\n# Set the maximum download rate on program start (kilobytes/sec).\r\n#\r\n# The download rate can be changed later in web-interface or via remote calls.\r\n#\r\n# Value \"0\" means no speed control.\r\nDownloadRate=0\r\n\r\n# Maximum number of simultaneous connections for nzb URL downloads (0-999).\r\n#\r\n# When NZB-files are added to queue via URL, the program downloads them\r\n# from the specified URL. The option limits the maximal number of connections\r\n# used for this purpose, when multiple URLs were added at the same time.\r\nUrlConnections=4\r\n\r\n# Force URL-downloads even if download queue is paused (yes, no).\r\n#\r\n# If option is active the URL-downloads (such as appending of nzb-files\r\n# via URL or fetching of RSS feeds and nzb-files from feeds) are performed\r\n# even if download is in paused state.\r\nUrlForce=yes\r\n\r\n# Monthly download volume quota (megabytes).\r\n#\r\n# During download the quota is constantly monitored and the downloading\r\n# is automatically stopped if the limit is reached. Once the next billing month\r\n# starts the \"quota reached\"-status is automatically lifted and the downloading\r\n# continues.\r\n#\r\n# Downloads with force-priority are processed regardless of quota status.\r\n#\r\n# Value \"0\" disables monthly quota check.\r\nMonthlyQuota=0\r\n\r\n# Day of month when the monthly quota starts (1-31).\r\nQuotaStartDay=1\r\n\r\n# Daily download volume quota (megabytes).\r\n#\r\n# See option for details.\r\n#\r\n# Value \"0\" disables daily quota check.\r\nDailyQuota=0\r\n\r\n\r\n##############################################################################\r\n### LOGGING ###\r\n\r\n# How to use log file (none, append, reset, rotate).\r\n#\r\n# none - do not write into log file;\r\n# append - append to the existing log file or create it;\r\n# reset - delete existing log file on program start and create a new one;\r\n# rotate - create new log file for each day, delete old files,\r\n# see option .\r\nWriteLog=append\r\n\r\n# Log file rotation period (days).\r\n#\r\n# Defines how long to keep old log-files, when log rotation is active\r\n# (option is set to \"rotate\").\r\nRotateLog=3\r\n\r\n# How error messages must be printed (screen, log, both, none).\r\nErrorTarget=both\r\n\r\n# How warning messages must be printed (screen, log, both, none).\r\nWarningTarget=both\r\n\r\n# How info messages must be printed (screen, log, both, none).\r\nInfoTarget=both\r\n\r\n# How detail messages must be printed (screen, log, both, none).\r\nDetailTarget=log\r\n\r\n# How debug messages must be printed (screen, log, both, none).\r\n#\r\n# Debug-messages can be printed only if the program was compiled in\r\n# debug-mode: \"./configure --enable-debug\".\r\nDebugTarget=log\r\n\r\n# Number of messages stored in screen buffer (messages).\r\nLogBuffer=1000\r\n\r\n# Create log for each downloaded nzb-file (yes, no).\r\n#\r\n# The messages are saved for each download separately and can be viewed\r\n# at any time in download details dialog or history details dialog.\r\nNzbLog=yes\r\n\r\n# Print call stack trace into log on program crash (Linux and Windows) (yes, no).\r\n#\r\n# Call stack traces are very helpful for debugging. Call stack traces can be\r\n# printed only when the program was compiled in debug mode.\r\nCrashTrace=yes\r\n\r\n# Save memory dump into disk on program crash (Linux only) (yes, no).\r\n#\r\n# Memory dumps (core-files) are very helpful for debugging, especially if\r\n# they were produced by the program compiled in debug mode.\r\n#\r\n# NOTE: Memory dumps may contain sensitive data, like your login/password\r\n# to news-server etc.\r\nCrashDump=no\r\n\r\n# Local time correction (hours or minutes).\r\n#\r\n# The option allows to adjust timestamps when converting system time to\r\n# local time and vice versa. The conversion is used when printing messages\r\n# to the log-file and by option \"TaskX.Time\" in the scheduler settings.\r\n#\r\n# The option is usually not needed if the time zone is set up correctly.\r\n# However, sometimes, especially when using a binary compiled on another\r\n# platform (cross-compiling) the conversion between system and local time\r\n# may not work properly and requires adjustment.\r\n#\r\n# Values in the range -24..+24 are interpreted as hours, other values as minutes.\r\n# Example 1: set time correction to one hour: TimeCorrection=1;\r\n# Example 2: set time correction to one hour and a half: TimeCorrection=90.\r\nTimeCorrection=0\r\n\r\n\r\n##############################################################################\r\n### DISPLAY (TERMINAL) ###\r\n\r\n# Set screen-outputmode (loggable, colored, curses).\r\n#\r\n# loggable - only messages will be printed to standard output;\r\n# colored - prints messages (with simple coloring for messages categories)\r\n# and download progress info; uses escape-sequences to move cursor;\r\n# curses - advanced interactive interface with the ability to edit\r\n# download queue and various output option.\r\nOutputMode=curses\r\n\r\n# Shows NZB-Filename in file list in curses-outputmode (yes, no).\r\n#\r\n# This option controls the initial state of curses-frontend,\r\n# it can be switched on/off in run-time with Z-key.\r\nCursesNzbName=yes\r\n\r\n# Show files in groups (NZB-files) in queue list in curses-outputmode (yes, no).\r\n#\r\n# This option controls the initial state of curses-frontend,\r\n# it can be switched on/off in run-time with G-key.\r\nCursesGroup=no\r\n\r\n# Show timestamps in message list in curses-outputmode (yes, no).\r\n#\r\n# This option controls the initial state of curses-frontend,\r\n# it can be switched on/off in run-time with T-key.\r\nCursesTime=no\r\n\r\n# Update interval for Frontend-output in console mode or remote client\r\n# mode (milliseconds).\r\n#\r\n# Min value 25. Bigger values reduce CPU usage (especially in curses-outputmode)\r\n# and network traffic in remote-client mode.\r\nUpdateInterval=200\r\n\r\n\r\n##############################################################################\r\n### SCHEDULER ###\r\n\r\n# Time to execute the command (HH:MM).\r\n#\r\n# Multiple comma-separated values are accepted.\r\n# An asterisk placed in the hours location will run task every hour (e. g. \"*:00\").\r\n# An asterisk without minutes will run task at program startup (e. g. \"*\").\r\n#\r\n# Examples: \"08:00\", \"00:00,06:00,12:00,18:00\", \"*:00\", \"*,*:00,*:30\".\r\n#\r\n# NOTE: Also see option .\r\n#Task1.Time=08:00\r\n\r\n# Week days to execute the command (1-7).\r\n#\r\n# Comma separated list of week days numbers.\r\n# 1 is Monday.\r\n# Character '-' may be used to define ranges.\r\n#\r\n# Examples: \"1-7\", \"1-5\", \"5,6\", \"1-5, 7\".\r\n#Task1.WeekDays=1-7\r\n\r\n# Command to be executed (PauseDownload, UnpauseDownload, PausePostProcess,\r\n# UnpausePostProcess, PauseScan, UnpauseScan, DownloadRate, Script, Process,\r\n# ActivateServer, DeactivateServer, FetchFeed).\r\n#\r\n# Possible commands:\r\n# PauseDownload - pause download;\r\n# UnpauseDownload - resume download;\r\n# PausePostProcess - pause post-processing;\r\n# UnpausePostProcess - resume post-processing;\r\n# PauseScan - pause scan of incoming nzb-directory;\r\n# UnpauseScan - resume scan of incoming nzb-directory;\r\n# DownloadRate - set download rate limit;\r\n# Script - execute one or multiple scheduler scripts. The scripts\r\n# must be written specially for NZBGet;\r\n# Process - execute an external (any) program;\r\n# ActivateServer - activate news-server;\r\n# DeactivateServer - deactivate news-server;\r\n# FetchFeed - fetch RSS feed.\r\n#\r\n# On start the program checks all tasks and determines current state\r\n# for download-pause, scan-pause, download-rate and active servers.\r\n#Task1.Command=PauseDownload\r\n\r\n# Parameters for the command if needed.\r\n#\r\n# Some scheduler commands require additional parameters:\r\n# DownloadRate - download rate limit to be set (kilobytes/sec).\r\n# Example: 1000.\r\n# NOTE: use value \"0\" to disable download limit (unlimited speed).\r\n# Script - list of scheduler scripts to execute. The scripts in the\r\n# list must be separated with commas or semicolons. All\r\n# scripts must be stored in directory set by option\r\n# and paths relative to must be\r\n# entered here. For developer documentation visit\r\n# http://nzbget.net/extension-scripts;\r\n# Process - path to the program to execute and its parameters.\r\n# Example: /home/user/fetch.sh.\r\n# If filename or any parameter contains spaces it\r\n# must be surrounded with single quotation\r\n# marks. If filename/parameter contains single quotation marks,\r\n# each of them must be replaced (escaped) with two single quotation\r\n# marks and the resulting filename/parameter must be\r\n# surrounded with single quotation marks.\r\n# Example: '/home/user/download/my scripts/task process.sh' 'world''s fun'.\r\n# In this example one parameter (world's fun) is passed\r\n# to the script (task process.sh).\r\n# ActivateServer - comma separated list of news server ids or server names.\r\n# Example: 1,3.\r\n# Example: my news server 1, my news server 2.\r\n# NOTE: server names should not have commas.\r\n# DeactivateServer - see ActivateServer.\r\n# FetchFeed - comma separated list of RSS feed ids or feed names.\r\n# Example: 1,3.\r\n# Example: bookmarks feed, another feed.\r\n# NOTE: feed names should not have commas.\r\n# NOTE: use feed id \"0\" to fetch all feeds.\r\n#Task1.Param=\r\n\r\n#Task2.Time=20:00\r\n#Task2.WeekDays=1-7\r\n#Task2.Command=UnpauseDownload\r\n#Task2.Param=\r\n\r\n\r\n##############################################################################\r\n### CHECK AND REPAIR ###\r\n\r\n# Check CRC of downloaded and decoded articles (yes, no).\r\n#\r\n# Normally this option should be enabled for better detecting of download\r\n# errors and for quick par-verification (option ).\r\nCrcCheck=yes\r\n\r\n# Whether and how par-verification must be performed (auto, always, force, manual).\r\n#\r\n# Auto - par-check is performed when needed. One par2-file is always\r\n# downloaded. Additional par2-files are downloaded if needed\r\n# for repair. Repair is performed if the option \r\n# is enabled;\r\n# Always - check every download (even undamaged). One par2-file is\r\n# always downloaded. Additional par2-files are downloaded\r\n# if needed for repair. Repair is performed if the option\r\n# is enabled;\r\n# Force - force par-check for every download (even undamaged). All\r\n# par2-files are always downloaded. Repair is performed if\r\n# the option is enabled;\r\n# Manual - par-check is skipped. One par2-file is always\r\n# downloaded. If a damaged download is detected, all\r\n# par2-files are downloaded but neither par-check nor par-repair\r\n# take place. The download can be then repaired manually,\r\n# eventually on another faster computer.\r\nParCheck=auto\r\n\r\n# Automatic par-repair after par-verification (yes, no).\r\n#\r\n# If option is set to \"Auto\" or \"Force\" this option defines\r\n# if the download must be repaired when needed. The option can be\r\n# disabled if a computer does not have enough CPU power, since repairing\r\n# may consume too many resources and time on a slow computer.\r\nParRepair=yes\r\n\r\n# What files should be scanned during par-verification (limited, extended,\r\n# full, dupe).\r\n#\r\n# Limited - scan only files belonging to par-set;\r\n# Extended - scan files belonging to par-set first, scan other files until\r\n# all missing files are found;\r\n# Full - scan all files in destination directory. Can be very time\r\n# consuming but may sometimes repair where Limited and Extended fail;\r\n# Dupe - scan files belonging to par-set first, scan other files until\r\n# repair is possible. Even files from other duplicate-downloads\r\n# are scanned. Can be very time consuming but brings best results.\r\nParScan=extended\r\n\r\n# Quick file verification during par-check (yes, no).\r\n#\r\n# If the option is active the files are quickly verified using\r\n# checksums calculated during download; quick verification is very fast\r\n# because it doesn't require the reading of files from disk, NZBGet\r\n# knows checksums of downloaded files and quickly compares them with\r\n# checksums stored in the par-file.\r\n#\r\n# If the option is disabled the files are verified as usual. That's\r\n# slow. Use this if the quick verification doesn't work properly.\r\nParQuick=yes\r\n\r\n# Memory limit for par-repair buffer (megabytes).\r\n#\r\n# Set the amount of RAM that the par-checker may use during repair. Having\r\n# the buffer as big as the total size of all damaged blocks allows for\r\n# the optimal repair speed. The option sets the maximum buffer size, the\r\n# allocated buffer can be smaller.\r\n#\r\n# If you have a lot of RAM set the option to few hundreds (MB) for the\r\n# best repair performance.\r\nParBuffer=100\r\n\r\n# Number of threads to use during par-repair (0-99).\r\n#\r\n# On multi-core CPUs for the best speed set the option to the number of\r\n# logical cores (physical cores + hyper-threading units). If you want\r\n# to utilize the CPU to 100% you may need to add one or two additional threads\r\n# to compensate for wait intervals used for thread synchronization.\r\n#\r\n# On single-core CPUs use only one thread.\r\n#\r\n# Set to '0' to automatically use all available CPU cores (may not\r\n# work on old or exotic platforms).\r\nParThreads=0\r\n\r\n# Files to ignore during par-check.\r\n#\r\n# List of file extensions, file names or file masks to ignore by\r\n# par-rename and par-check. The entries must be separated with\r\n# commas.\r\n#\r\n# The entries must be separated with commas. The entries can be file\r\n# extensions, file names or file masks containing wildcard\r\n# characters * and ?.\r\n#\r\n# If par-rename or par-check detect missing or damaged files they\r\n# will ignore files matching this option and will not initiate\r\n# repair. This avoids time costing repair for unimportant files.\r\n#\r\n# Example: .sfv, .nzb, .nfo\r\nParIgnoreExt=.sfv, .nzb, .nfo\r\n\r\n# Check for renamed and missing files using par-files (yes, no).\r\n#\r\n# Par-rename restores original file names using information stored\r\n# in par2-files. It also detects missing files (files listed in\r\n# par2-files but not present on disk). When enabled the par-rename is\r\n# performed as the first step of post-processing for every nzb-file.\r\n#\r\n# Par-rename is very fast and is highly recommended, especially if\r\n# unpack is disabled.\r\nParRename=yes\r\n\r\n# Check for renamed rar-files (yes, no).\r\n#\r\n# Rar-rename restores original file names using information stored\r\n# in rar-files. When enabled the rar-rename is performed as one of the\r\n# first steps of post-processing for every nzb-file.\r\n#\r\n# Rar-rename is useful for downloads not having par2-files or for\r\n# downloads those files were renamed before creating par2-files. In\r\n# both cases par-rename (option ) can't rename files\r\n# and the rar-rename makes it possible to unpack downloads which\r\n# would fail otherwise.\r\nRarRename=yes\r\n\r\n# Directly rename files during downloading (yes, no).\r\n#\r\n# This is similar to par-renaming (option ) but the files\r\n# are renamed during downloading instead of post-processing stage. This\r\n# requires some tricky handling of files and works only for healthy\r\n# downloads.\r\nDirectRename=yes\r\n\r\n# What to do if download health drops below critical health (delete, park,\r\n# pause, none).\r\n#\r\n# Delete - delete nzb-file from queue, also delete already downloaded files;\r\n# Park - move nzb-file to history, keep already downloaded files. Commands\r\n# \"Download remaining files\" and \"Retry failed articles\" are available\r\n# for this nzb;\r\n# Pause - pause nzb-file;\r\n# None - do nothing (continue download).\r\n#\r\n# NOTE: For automatic duplicate handling option must be set to \"Delete\", \"Park\"\r\n# or \"None\". If it is set to \"Pause\" you will need to manually move another\r\n# duplicate from history to queue. See also option .\r\n#\r\n# NOTE: When option is set to \"Dupe\" the park-action is performed\r\n# only if article completion is below 10% (empirical threshold). This is to\r\n# improve efficiency of dupe par scan mode.\r\nHealthCheck=park\r\n\r\n# Maximum allowed time for par-repair (minutes).\r\n#\r\n# If you use NZBGet on a very slow computer like NAS-device, it may be good to\r\n# limit the time allowed for par-repair. NZBGet calculates the estimated time\r\n# required for par-repair. If the estimated value exceeds the limit defined\r\n# here, NZBGet cancels the repair.\r\n#\r\n# To avoid a false cancellation NZBGet compares the estimated time with\r\n# after the first 5 minutes of repairing, when the calculated\r\n# estimated time is more or less accurate. But in a case if is\r\n# set to a value smaller than 5 minutes, the comparison is made after the first\r\n# whole minute.\r\n#\r\n# Value \"0\" means unlimited.\r\n#\r\n# NOTE: The option limits only the time required for repairing. It doesn't\r\n# affect the first stage of parcheck - verification of files. However, the\r\n# verification speed is constant, it doesn't depend on files integrity and\r\n# therefore it is not necessary to limit the time needed for the first stage.\r\nParTimeLimit=0\r\n\r\n# Pause download queue during check/repair (yes, no).\r\n#\r\n# Enable the option to give CPU more time for par-check/repair. That helps\r\n# to speed up check/repair on slow CPUs with fast connection (e.g. NAS-devices).\r\n#\r\n# NOTE: If parchecker needs additional par-files it temporarily unpauses\r\n# the queue.\r\n#\r\n# NOTE: See also options and .\r\nParPauseQueue=no\r\n\r\n\r\n##############################################################################\r\n### UNPACK ###\r\n\r\n# Unpack downloaded nzb-files (yes, no).\r\n#\r\n# Each download (nzb-file) has a post-processing parameter \"Unpack\". The option\r\n# is the default value assigned to this pp-parameter of the download\r\n# when it is added to queue.\r\n#\r\n# When nzb-file is added to queue it can have a category assigned to it. In this\r\n# case the option overrides the global option .\r\n#\r\n# If the download is damaged and could not be repaired using par-files\r\n# the unpacking is not performed.\r\n#\r\n# If the option is set to \"Auto\" the program tries to unpack\r\n# downloaded files first. If the unpacking fails the par-check/repair\r\n# is performed and the unpack is executed again.\r\nUnpack=yes\r\n\r\n# Directly unpack files during downloading (yes, no).\r\n#\r\n# When active the files are unpacked during downloading instead of post-processing\r\n# stage. This works only for healthy downloads. Damaged downloads are unpacked\r\n# as usual during post-processing stage after par-repair.\r\n#\r\n# NOTE: This option requires unpack to be enabled in general via option .\r\n# NOTE: For best results also activate option and option .\r\nDirectUnpack=yes\r\n\r\n# Pause download queue during unpack (yes, no).\r\n#\r\n# Enable the option to give CPU more time for unpacking. That helps\r\n# to speed up unpacking on slow CPUs.\r\n#\r\n# NOTE: See also options and .\r\nUnpackPauseQueue=no\r\n\r\n# Delete archive files after successful unpacking (yes, no).\r\nUnpackCleanupDisk=yes\r\n\r\n# Full path to unrar executable.\r\n#\r\n# Example: /usr/bin/unrar.\r\n#\r\n# The option can also contain extra switches to pass to unrar. To the\r\n# here defined command line NZBGet adds the following switches:\r\n# x -y -p- -o+ *.rar ./_unpack/\r\n#\r\n# Switch \"x\" is added only if neither \"x\" nor \"e\" were defined in\r\n# the option (this allows you to use switch \"e\" instead of \"x\"). switch\r\n# \"-o+\" is added only if neither \"-o+\" nor \"-o-\" were defined\r\n# in the command line. All other parameters are always added. Parameter\r\n# \"-p-\" is replaced with \"-ppassword\" if a password is set for nzb-file.\r\n#\r\n# Examples:\r\n# 1) ignore file attributes (permissions):\r\n# /usr/bin/unrar x -ai;\r\n# 2) decrease priority of unrar-process:\r\n# nice -n 19 unrar.\r\n#\r\n# For other useful switches refer to unrar documentation.\r\n#\r\n# If unrar is in your PATH you may leave the path part and set only\r\n# the executable name (\"unrar\" on POSIX or \"unrar.exe\" on Windows).\r\nUnrarCmd=${AppDir}/unrar\r\n\r\n# Full path to 7-Zip executable.\r\n#\r\n# Example: /usr/bin/7z.\r\n#\r\n# Similar to option this option can also include extra switches.\r\n#\r\n# If 7-Zip binary is in your PATH you may leave the path part and set only\r\n# the executable name (\"7z\" or \"7za\" on POSIX or \"7z.exe\" on Windows).\r\nSevenZipCmd=${AppDir}/7za\r\n\r\n# Files to delete after successful download.\r\n#\r\n# List of file extensions, file names or file masks to delete after\r\n# successful download. If either unpack or par-check fail the cleanup is\r\n# not performed. If download doesn't contain archives nor par-files\r\n# the cleanup is performed if the health is 100%. If parameter \"unpack\"\r\n# is disabled for that nzb-file the cleanup isn't performed.\r\n#\r\n# The entries must be separated with commas. The entries can be file\r\n# extensions, file names or file masks containing wildcard\r\n# characters * and ?.\r\n#\r\n# Example: .par2, .sfv\r\nExtCleanupDisk=.par2, .sfv\r\n\r\n# Files to ignore during unpack.\r\n#\r\n# List of file extensions to ignore when unpacking archives or renaming\r\n# obfuscated archive files. The entries must be separated with commas.\r\n#\r\n# Archive files with non standard extensions belong to one of two categories: they\r\n# are either obfuscated files or files with special purposes which should not be\r\n# unpacked. List the files of second type here to avoid attempts to unpack them.\r\n#\r\n# This option has effect on two post-processing stages.\r\n#\r\n# First, during rar-rename (option ) rar-files with non-standard\r\n# extensions are renamed back to rar-extension, which is required for successful\r\n# unpacking. Files with extensions listed here will not be renamed.\r\n#\r\n# Second, if during unpack no rar-files are found but instead rar-archives\r\n# with non-rar extensions are found the unpack fails. For files listed here\r\n# no unpack failure occurs and download is considered not having archive\r\n# files and be successful.\r\n#\r\n# Example: .cbr\r\nUnpackIgnoreExt=.cbr\r\n\r\n# Path to file containing unpack passwords.\r\n#\r\n# If the option is set the program will try all passwords from the file\r\n# when unpacking the archives. The file must be a text file containing\r\n# one password per line.\r\n#\r\n# If an nzb-file has a defined password (in the post-processing settings)\r\n# then the password-file is not used for that nzb-file.\r\n#\r\n# NOTE: Trying multiple passwords is a time consuming task. Whenever possible\r\n# passwords should be set per nzb-file in their post-processing settings.\r\nUnpackPassFile=\r\n\r\n\r\n##############################################################################\r\n### EXTENSION SCRIPTS ###\r\n\r\n# List of active extension scripts for new downloads.\r\n#\r\n# Extension scripts associated with nzb-files are executed before, during\r\n# or after download as defined by script developer.\r\n#\r\n# Each download (nzb-file) has its own list of extension scripts; the list\r\n# can be viewed and changed in web-interface in download details dialog or\r\n# via API. Option sets defaults for new downloads; changes\r\n# to option do not affect downloads which are already in queue.\r\n#\r\n# When nzb-file is added to queue it can have a category assigned to it. In this\r\n# case option (if not empty) have precedence and\r\n# defines the scripts for that nzb-file; consequently global option \r\n# has no effect for that nzb-file.\r\n#\r\n# Certain extensions work globally for the whole program instead of\r\n# per-nzb basis. Such extensions are activated once and cannot be overriden\r\n# per category or per nzb.\r\n#\r\n# The scripts in the list must be separated with commas or semicolons. All\r\n# scripts must be stored in directory set by option and\r\n# paths relative to must be entered here.\r\n#\r\n# Example: Cleanup.sh, Move.sh, EMail.py.\r\n#\r\n# NOTE: The script execution order is controlled by option , not\r\n# by their order in option .\r\n#\r\n# NOTE: For the list of interesting extension scripts see\r\n# http://nzbget.net/catalog-of-extension-scripts.\r\n#\r\n# NOTE: For developer documentation visit http://nzbget.net/extension-scripts.\r\nExtensions=\r\n\r\n# Execution order for extension scripts.\r\n#\r\n# If you assign multiple scripts to one nzb-file, they are executed in the\r\n# order defined by this option.\r\n#\r\n# The scripts in the list must be separated with commas or semicolons. All\r\n# scripts must be stored in directory set by option and\r\n# paths relative to must be entered here.\r\n#\r\n# Example: Cleanup.sh, Move.sh.\r\nScriptOrder=\r\n\r\n# Pause download queue during executing of postprocess-script (yes, no).\r\n#\r\n# Enable the option to give CPU more time for postprocess-script. That helps\r\n# to speed up postprocess on slow CPUs with fast connection (e.g. NAS-devices).\r\n#\r\n# NOTE: See also options and .\r\nScriptPauseQueue=no\r\n\r\n# Shell overrides for script interpreters.\r\n#\r\n# By default extension scripts are executed as normal programs. The system finds\r\n# an associated interpreter automatically. If for some reason that doesn't work\r\n# properly you can provide shell overrides here.\r\n#\r\n# This option contains a comma separated list of shell overrides per\r\n# file extension. A shell override consists of file extension (starting with\r\n# dot) followed by equal sign and the full path to script interpreter.\r\n#\r\n# Example: .py=/usr/bin/python2;.py3=/usr/bin/python3;.sh=/usr/bin/bash.\r\nShellOverride=\r\n\r\n# Minimum interval between queue events (seconds).\r\n#\r\n# Extension scripts can opt-in for progress notifcations during\r\n# download. For downloads containing many small files the events can\r\n# be fired way too often increasing load on the system due to script\r\n# execution.\r\n#\r\n# This option allows to reduce the number of calls of scripts by\r\n# skipping \"file-downloaded\"-events if the previous call for the same\r\n# download (nzb-file) were performed a short time ago (as defined by\r\n# the option).\r\n#\r\n# Value \"-1\" disables \"file-downloaded\"-events. Scripts are still\r\n# notified on other events (such as \"nzb-added\" or \"nzb-downloaded\").\r\nEventInterval=0\r\n" }, { "path": "oauth2-proxy/Dockerfile", "content": "FROM golang:alpine as builder\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN\tapk --no-cache add \\\n\tca-certificates \\\n\tgit\n\nENV PATH /go/bin:/usr/local/go/bin:$PATH\nENV GOPATH /go\n\nENV OAUTH2_PROXY_VERSION v5.1.1\n\nRUN go get github.com/pusher/oauth2_proxy || true \\\n\t&& cd /go/src/github.com/pusher/oauth2_proxy \\\n\t&& git checkout \"${OAUTH2_PROXY_VERSION}\" \\\n\t&& go build . \\\n\t&& mv oauth2_proxy /usr/bin/\n\n\nFROM alpine:latest\n\nCOPY --from=builder /usr/bin/oauth2_proxy /usr/bin/oauth2_proxy\nCOPY --from=builder /etc/ssl/certs/ /etc/ssl/certs\n\nENTRYPOINT [ \"oauth2_proxy\" ]\n" }, { "path": "openbmc/Dockerfile", "content": "FROM debian:buster-slim\n\nRUN apt-get update && apt-get install -y \\\n\tbash \\\n\tbuild-essential \\\n\tca-certificates \\\n\tchrpath \\\n\tcurl \\\n\tdiffstat \\\n\tgawk \\\n\tgit \\\n\tlibpixman-1-0 \\\n\tlibsdl1.2-dev \\\n\ttexinfo \\\n\t&& rm -rf /var/lib/apt/lists/*\n\n# Download the latest qemu build from openBMC's fork\nRUN curl -sSL -o /usr/bin/qemu-system-arm https://openpower.xyz/job/openbmc-qemu-build-merge-x86/lastSuccessfulBuild/artifact/qemu/arm-softmmu/qemu-system-arm \\\n\t&& chmod +x /usr/bin/qemu-system-arm\n\n# Download the latest romulus image\nRUN mkdir -p /usr/src/openbmc\nRUN curl -sSL -o /usr/src/openbmc/obmc-phosphor-image-romulus.static.mtd https://openpower.xyz/job/openbmc-build/distro=ubuntu,label=builder,target=romulus/lastSuccessfulBuild/artifact/deploy/images/romulus/obmc-phosphor-image-romulus.static.mtd\n\n#ENV OPENBMC_VERSION 2.7.0\n\n#RUN git clone --depth 1 --branch \"${OPENBMC_VERSION}\" https://github.com/openbmc/openbmc /usr/src/openbmc\n\n#WORKDIR /usr/src/openbmc\n\n#ENV TEMPLATECONF=meta-ibm/meta-palmetto/conf\n\n#RUN bash ./openbmc-env \\\n#\t&& bitbake obmc-phosphor-image\n\nENTRYPOINT [\"qemu-system-arm\", \"-m\", \"256\", \"-M\", \"romulus-bmc\", \"-nographic\", \"-drive\", \"file=/usr/src/openbmc/obmc-phosphor-image-romulus.static.mtd,format=raw,if=mtd\", \"-net\", \"nic\", \"-net\", \"user,hostfwd=:127.0.0.1:2222-:22,hostfwd=:127.0.0.1:2443-:443,hostname=qemu\"]\n" }, { "path": "openscad/Dockerfile", "content": "FROM debian:bullseye-slim\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN apt-get update && apt-get install -y \\\n\topenscad \\\n\t--no-install-recommends \\\n\t&& rm -rf /var/lib/apt/lists/*\n\nENTRYPOINT [ \"openscad\" ]\n" }, { "path": "openvpn/Dockerfile", "content": "FROM alpine:latest\nRUN apk --no-cache add \\\n\topenvpn\n\nRUN mkdir /usr/share/openvpn\nRUN cp /etc/openvpn/* /usr/share/openvpn/\n\nWORKDIR /etc/openvpn\nENTRYPOINT [\"openvpn\"]\n" }, { "path": "openvpn/README.md", "content": "# LMCTVPNFY\n\nLet Me Containerize That VPN For You\n\n\n## How to use this?\n\nDrop your OpenVPN configuration file in this directory.\n\nLet's pretend that it's called `hacktheplanet.ovpn`.\n\nThen all you have to do is to run:\n\n```\ndocker-compose run vpn hacktheplanet.ovpn\n```\n\nIf you need a password (because your OpenVPN configuration specifies `auth-user-pass`) you will be prompted for it.\n\nIf the VPN server pushes routes and so forth, they will be added to your machine, because the Compose file specifies `net: host` so the container runs within the hosts namespace.\n\nIf you **don't** need to specify a password, you can use `docker-compose run -d vpn hacktheplanet.ovpn` to start the container in the background.\n\nIf you OpenVPN configuration needs extra files (certificates etc) you can drop them in this directory too.\n\n\n## How to fix DNS\nTo let OpenVPN change your resolv.conf file you need to add 2 scripts to your configuration to trigger the Alpine provided scripts. \n```\nup /usr/share/openvpn/up.sh\ndown /usr/share/openvpn/down.sh\n```\n\n## Why?\n\nBecause we're the containerati and we like when things are [neatly arranged in their boxes](https://twitter.com/zooeypeng/status/613053137050439681).\n\n" }, { "path": "openvpn/docker-compose.yml", "content": "vpn:\n build: .\n volumes:\n - .:/etc/openvpn\n - /etc/resolv.conf:/etc/resolv.conf\n net: host\n devices:\n - /dev/net/tun:/dev/net/tun\n cap_add:\n - NET_ADMIN\n" }, { "path": "osquery/Dockerfile", "content": "FROM ubuntu:bionic\nLABEL maintainer \"Jessie Frazelle \"\n\nENV DEBIAN_FRONTEND noninteractive\n\nRUN apt-get update && apt-get install -y \\\n\tapt-transport-https \\\n\tca-certificates \\\n\tcurl \\\n\tgnupg2 \\\n\tlibc++1 \\\n\ttar \\\n\txz-utils \\\n\t--no-install-recommends \\\n\t&& rm -rf /var/lib/apt/lists/* \\\n\t&& curl -sSL https://apt.kitware.com/keys/kitware-archive-latest.asc | apt-key add - \\\n\t&& echo 'deb https://apt.kitware.com/ubuntu/ bionic main' > /etc/apt/sources.list.d/cmake.list\n\nENV OSQUERY_VERSION 4.3.0\n\nRUN buildDeps=' \\\n\t\tbison \\\n\t\tclang \\\n\t\tcmake \\\n\t\tflex \\\n\t\tgit \\\n\t\tlibc++-dev \\\n\t\tlibc++abi-dev \\\n\t\tliblzma-dev \\\n\t\tlibssl-dev \\\n\t\tllvm \\\n\t\tmake \\\n\t\tpython \\\n\t\tpython3 \\\n\t' \\\n\t&& set -x \\\n\t&& apt-get update && apt-get install -y $buildDeps --no-install-recommends \\\n\t&& rm -rf /var/lib/apt/lists/* \\\n\t&& mkdir -p /usr/src/osquery/build /usr/share/osquery \\\n\t&& git clone --branch \"${OSQUERY_VERSION}\" --depth 1 https://github.com/osquery/osquery.git /usr/src/osquery/src \\\n\t&& cd /usr/src/osquery \\\n\t&& ls -la src/ \\\n\t&& cd build \\\n\t&& curl -sSL https://github.com/osquery/osquery-toolchain/releases/download/1.0.0/osquery-toolchain-1.0.0.tar.xz | tar -xJ -C /usr/local \\\n\t&& cmake -DOSQUERY_TOOLCHAIN_SYSROOT=/usr/local/osquery-toolchain ../src \\\n\t&& cmake --build . \\\n\t&& mv osquery/osqueryd /usr/bin \\\n\t&& mv package/linux/osqueryctl /usr/bin \\\n\t&& mkdir -p /usr/share/osquery/certs \\\n\t&& cp ../src/tools/deployment/certs.pem /usr/share/osquery/certs/ \\\n\t&& apt-get purge -y --auto-remove $buildDeps \\\n\t&& chmod a+x /usr/bin/osquery* \\\n\t&& cp -r /usr/src/osquery/src/packs /usr/share/osquery/\n\nCOPY osquery.example.conf /etc/osquery/osquery.conf\n\nENV HOME /home/user\nRUN mkdir -p /var/osquery /var/log/osquery \\\n\t&& useradd --create-home --home-dir $HOME user \\\n && chown -R user:user $HOME /etc/osquery /var/osquery /usr/share/osquery /var/log/osquery\n\nWORKDIR $HOME\n\nUSER user\n\nENTRYPOINT [ \"osqueryd\", \"--pidfile\", \"/home/user/osqueryd.pidfile\" ]\nCMD [ \"--config_path=/etc/osquery/osquery.conf\", \"--verbose\", \"--docker_socket=/var/run/docker.sock\", \"--host_identifier=hostname\", \"--disable_distributed=false\", \"--distributed_plugin=tls\" ]\n" }, { "path": "osquery/osquery.example.conf", "content": "{\n // Configure the daemon below:\n \"options\": {\n // Select the osquery config plugin.\n \"config_plugin\": \"filesystem\",\n\n // Select the osquery logging plugin.\n \"logger_plugin\": \"filesystem\",\n\n // The log directory stores info, warning, and errors.\n // If the daemon uses the 'filesystem' logging retriever then the log_dir\n // will also contain the query results.\n //\"logger_path\": \"/var/log/osquery\",\n\n // Set 'disable_logging' to true to prevent writing any info, warning, error\n // logs. If a logging plugin is selected it will still write query results.\n //\"disable_logging\": \"false\",\n\n // Query differential results are logged as change-events to assist log\n // aggregation operations like searching and transactions.\n // Set 'log_result_events' to log differentials as transactions.\n //\"log_result_events\": \"true\",\n\n // Splay the scheduled interval for queries.\n // This is very helpful to prevent system performance impact when scheduling\n // large numbers of queries that run a smaller or similar intervals.\n //\"schedule_splay_percent\": \"10\",\n\n // Write the pid of the osqueryd process to a pidfile/mutex.\n //\"pidfile\": \"/var/osquery/osquery.pidfile\",\n\n // Clear events from the osquery backing store after a number of seconds.\n \"events_expiry\": \"3600\",\n\n // A filesystem path for disk-based backing storage used for events and\n // query results differentials. See also 'use_in_memory_database'.\n \"database_path\": \"/var/osquery/osquery.db\",\n\n // Comma-delimited list of table names to be disabled.\n // This allows osquery to be launched without certain tables.\n //\"disable_tables\": \"foo_bar,time\",\n\n // Enable debug or verbose debug output when logging.\n \"verbose\": \"false\",\n\n // The number of threads for concurrent query schedule execution.\n \"worker_threads\": \"2\",\n\n // Enable schedule profiling, this will fill in averages and totals for\n // system/user CPU time and memory for every query in the schedule.\n // Add a query: \"select * from osquery_schedule\" to record the performances.\n \"enable_monitor\": \"true\"\n },\n\n // Define a schedule of queries:\n \"schedule\": {\n // This is a simple example query that outputs basic system information.\n \"system_info\": {\n // The exact query to run.\n \"query\": \"SELECT hostname, cpu_brand, physical_memory FROM system_info;\",\n // The interval in seconds to run this query, not an exact interval.\n \"interval\": 3600\n }\n },\n\n // Decorators are normal queries that append data to every query.\n \"decorators\": {\n \"load\": [\n \"SELECT uuid AS host_uuid FROM system_info;\",\n \"SELECT user AS username FROM logged_in_users ORDER BY time DESC LIMIT 1;\"\n ]\n },\n\n // Add default osquery packs or install your own.\n //\n // There are several 'default' packs installed with 'make install' or via\n // packages and/or Homebrew.\n //\n // Linux: /usr/share/osquery/packs\n // OS X: /var/osquery/packs\n // Homebrew: /usr/local/share/osquery/packs\n // make install: {PREFIX}/share/osquery/packs\n //\n \"packs\": {\n // \"osquery-monitoring\": \"/usr/share/osquery/packs/osquery-monitoring.conf\",\n // \"incident-response\": \"/usr/share/osquery/packs/incident-response.conf\",\n // \"it-compliance\": \"/usr/share/osquery/packs/it-compliance.conf\",\n // \"osx-attacks\": \"/usr/share/osquery/packs/osx-attacks.conf\",\n // \"vuln-management\": \"/usr/share/osquery/packs/vuln-management.conf\",\n // \"hardware-monitoring\": \"/usr/share/osquery/packs/hardware-monitoring.conf\"\n }\n}\n" }, { "path": "packer/Dockerfile", "content": "FROM golang:alpine as builder\nMAINTAINER Jessica Frazelle \n\nENV PATH /go/bin:/usr/local/go/bin:$PATH\nENV GOPATH /go\n\nRUN\tapk add --no-cache \\\n\tbash \\\n\tca-certificates \\\n\tgcc \\\n\tgit \\\n\tmake \\\n\tzip\n\nENV PACKER_VERSION v1.5.3\n\nRUN go get github.com/hashicorp/packer\n\nWORKDIR /go/src/github.com/hashicorp/packer\n\nRUN git checkout \"${PACKER_VERSION}\"\n\nRUN XC_ARCH=\"amd64\" XC_OS=\"linux\" LD_FLAGS=\" -extldflags -static\" make releasebin \\\n\t&& mv bin/packer /usr/bin/packer\n\nFROM alpine:latest\n\nRUN apk add --no-cache \\\n\tbash \\\n\ttar\n\nCOPY --from=builder /usr/bin/packer /usr/bin/packer\nCOPY --from=builder /etc/ssl/certs/ /etc/ssl/certs\n\nENTRYPOINT [ \"packer\" ]\nCMD [ \"--help\" ]\n" }, { "path": "pandoc/Dockerfile", "content": "FROM debian:bullseye-slim\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN apt-get update && apt-get install -y \\\n\tpandoc \\\n\t--no-install-recommends \\\n\t&& rm -rf /var/lib/apt/lists/*\n\nENTRYPOINT [\"pandoc\"]\n" }, { "path": "parrot-live/Dockerfile", "content": "FROM node:alpine\n\nRUN apk add --no-cache git\nRUN git clone --branch master --depth 1 https://github.com/hugomd/parrot.live.git /src\nWORKDIR /src\nRUN npm install\nCMD [\"node\",\"index.js\"]\n" }, { "path": "pdp-10/its/Dockerfile", "content": "FROM debian:bullseye-slim\n\nRUN apt-get update && apt-get install -y \\\n\tca-certificates \\\n\tsimh \\\n\t--no-install-recommends \\\n\t&& rm -rf /var/lib/apt/lists/*\n\nRUN buildDeps=' \\\n\t\texpect \\\n\t\tgcc \\\n\t\tgit \\\n\t\tlibc6-dev \\\n\t\tmake \\\n\t\tlibncurses5-dev \\\n\t' \\\n\t&& set -x \\\n\t&& apt-get update && apt-get install -y $buildDeps --no-install-recommends \\\n\t&& rm -rf /var/lib/apt/lists/* \\\n\t&& git clone --depth 1 \"https://github.com/PDP-10/its.git\" /usr/src/its \\\n\t&& ( \\\n\t\tcd /usr/src/its \\\n\t\t&& make EMULATOR=simh \\\n\t) \\\n\t&& apt-get purge -y --auto-remove $buildDeps\n\nWORKDIR /usr/src/its\n\nENTRYPOINT [\"./start\"]\n" }, { "path": "perkeep/Dockerfile", "content": "FROM golang:1.10-alpine AS builder\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN\tapk --no-cache add \\\n\tca-certificates \\\n\tgit\n\nENV PERKEEP_VERSION 0.10\n\nRUN mkdir -p /go/src/perkeep.org \\\n\t&& git clone --depth 1 --branch \"${PERKEEP_VERSION}\" https://github.com/perkeep/perkeep.git /go/src/perkeep.org \\\n\t&& cd /go/src/perkeep.org \\\n\t&& go run make.go \\\n\t&& cp -vr /go/bin/* /usr/local/bin/ \\\n\t&& echo \"Build complete.\"\n\nFROM alpine:latest\n\nRUN\tapk --no-cache add \\\n\tca-certificates\n\nCOPY --from=builder /usr/local/bin/pk* /usr/bin/\nCOPY --from=builder /usr/local/bin/perkeepd /usr/bin/perkeepd\n\nENTRYPOINT [ \"perkeepd\" ]\n" }, { "path": "pivman/Dockerfile", "content": "# Run pivman (yubikey-piv-manager) in a container\n#\n# docker run -d \\\n#\t-v /etc/localtime:/etc/localtime:ro \\\n#\t-v /tmp/.X11-unix:/tmp/.X11-unix \\\n#\t-e DISPLAY=unix$DISPLAY \\\n#\t--device /dev/bus/usb \\\n#\t--device /dev/usb \\\n#\t--name pivman \\\n#\tjess/pivman\n#\nFROM ubuntu:16.04\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN apt-get update && apt-get install -y \\\n\tsoftware-properties-common \\\n\t--no-install-recommends && \\\n\tadd-apt-repository ppa:yubico/stable && \\\n\tapt-get update && \\\n\tapt-get install -y \\\n\tusbutils \\\n\tyubikey-piv-manager \\\n\t&& rm -rf /var/lib/apt/lists/*\n\nENTRYPOINT\t[ \"pivman\" ]\n" }, { "path": "plex-home-theater/Dockerfile", "content": "# plex home theater\n#\n# docker run -d -v /tmp/.X11-unix:/tmp/.X11-unix \\\n# \t-e DISPLAY=unix$DISPLAY \\\n# \t--device /dev/snd:/dev/snd \\\n# \t--device /dev/dri:/dev/dri \\\n# \tjess/plex-home-theater\n#\nFROM ubuntu:16.04\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN apt-get update && apt-get install -y \\\n\tsoftware-properties-common \\\n\t--no-install-recommends && \\\n\tadd-apt-repository ppa:plexapp/plexht && \\\n\tadd-apt-repository ppa:pulse-eight/libcec && \\\n\tapt-get update && \\\n\tapt-get install -y \\\n\tplexhometheater \\\n\t&& rm -rf /var/lib/apt/lists/*\n\nENTRYPOINT\t[ \"/usr/bin/plexhometheater.sh\" ]\n" }, { "path": "plexpy/Dockerfile", "content": "# A Python based monitoring and tracking tool for Plex Media Server.\n#\n# docker run -d \\\n# --name=PlexPy \\\n# -v :/data \\\n# -p 8181:8181 \\\n# r.j3ss.co/plexpy\nFROM alpine:latest\n\n# Install required packages.\nRUN apk add --no-cache \\\n\tca-certificates \\\n\tgit \\\n\tpython \\\n\tpy-pip\n\n# Get the source\nENV PLEXPY_VERSION v2.2.4\nRUN git clone https://github.com/Tautulli/Tautulli.git /opt/plexpy \\\n\t&& ( \\\n\t\tcd /opt/plexpy \\\n\t\t&& git checkout \"${PLEXPY_VERSION}\" \\\n\t)\n\n# Volume for Plexpy data.\nVOLUME /data\n\n# Set the working directory.\nWORKDIR /opt/plexpy\n\n# Expose ports.\nEXPOSE 8181\n\n# Define default command.\nENTRYPOINT [\"python\", \"PlexPy.py\"]\nCMD [\"--nolaunch\", \"--datadir=/data\"]\n" }, { "path": "pms/Dockerfile", "content": "# Practical Music Search, an MPD client\n#\n# docker run --rm -it \\\n# \t-v /etc/localtime:/etc/localtime:ro \\\n#\t--link mpd:mpd \\\n#\tjess/pms\n#\nFROM debian:bullseye-slim\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN apt-get update && apt-get install -y \\\n\tpms \\\n\t--no-install-recommends \\\n\t&& rm -rf /var/lib/apt/lists/*\n\nENTRYPOINT [ \"pms\" ]\n" }, { "path": "pomerium/Dockerfile", "content": "FROM golang:alpine as builder\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN\tapk --no-cache add \\\n\tca-certificates \\\n\tgit \\\n\tmake\n\nENV PATH /go/bin:/usr/local/go/bin:$PATH\nENV GOPATH /go\n\nENV POMERIUM_VERSION v0.9.0\n\nRUN go get github.com/pomerium/pomerium || true \\\n\t&& cd /go/src/github.com/pomerium/pomerium \\\n\t&& git checkout \"${POMERIUM_VERSION}\" \\\n\t&& make release \\\n\t&& mv dist/pomerium-linux-amd64 /usr/bin/pomerium\n\n\nFROM alpine:latest\n\nCOPY --from=builder /usr/bin/pomerium /usr/bin/pomerium\nCOPY --from=builder /etc/ssl/certs/ /etc/ssl/certs\n\nENTRYPOINT [ \"pomerium\" ]\n" }, { "path": "pop/.gitignore", "content": "pop.c\n" }, { "path": "pop/Dockerfile", "content": "FROM alpine:latest\n\nCOPY pop /usr/local/bin/pop\n\nCMD [\"/usr/local/bin/pop\"]\n" }, { "path": "postfix/Dockerfile", "content": "FROM alpine:latest\n\nRUN apk add --no-cache \\\n\tbash \\\n\tca-certificates \\\n\tlibsasl \\\n\tmailx \\\n\tpostfix \\\n\trsyslog \\\n\trunit \\\n\t--repository http://dl-cdn.alpinelinux.org/alpine/edge/main\n\nCOPY service /etc/service\nCOPY runit_bootstrap /usr/sbin/runit_bootstrap\nCOPY rsyslog.conf /etc/rsyslog.conf\n\nRUN ln -sf /dev/stdout /var/log/mail.log\n\nSTOPSIGNAL SIGKILL\n\nENTRYPOINT [\"/usr/sbin/runit_bootstrap\"]\n" }, { "path": "postfix/rsyslog.conf", "content": "# rsyslog v5: load input modules\n# If you do not load inputs, nothing happens!\n# You may need to set the module load path if modules are not found.\n\n$ModLoad immark.so # provides --MARK-- message capability\n$ModLoad imuxsock.so # provides support for local system logging (e.g. via logger command)\n#$ModLoad imklog.so # kernel logging (formerly provided by rklogd)\n\n# default permissions for all log files.\n$FileOwner root\n$FileGroup adm\n$FileCreateMode 0640\n$DirCreateMode 0755\n$Umask 0022\n\n# Include configuration files from directory\n$IncludeConfig /etc/rsyslog.d/*\n\n# Check config syntax on startup and abort if unclean (default off)\n#$AbortOnUncleanConfig on\n\n# Reduce repeating messages (default off)\n#$RepeatedMsgReduction on\n\n# Log all kernel messages to the console.\n# Logging much else clutters up the screen.\n#kern.* /dev/console\n\n# Log anything (except mail) of level info or higher.\n# Don't log private authentication messages!\n*.info;mail.none;authpriv.none;cron.none -/var/log/messages\n\n# The authpriv file has restricted access.\nauthpriv.* /var/log/secure\n\n# Log all the mail messages in one place.\nmail.* -/var/log/mail.log\n\n# Log cron stuff\ncron.* -/var/log/cron\n\n# Everybody gets emergency messages\n#*.emerg *\n\n# Save news errors of level crit and higher in a special file.\nuucp,news.crit -/var/log/spooler\n\n# Save boot messages also to boot.log\nlocal7.* /var/log/boot.log\n\n# More configuration examples:\n#\n# Remote Logging (we use TCP for reliable delivery)\n# An on-disk queue is created for this action. If the remote host is\n# down, messages are spooled to disk and sent when it is up again.\n#$WorkDirectory /var/spool/rsyslog # where to place spool files\n#$ActionQueueFileName uniqName # unique name prefix for spool files\n#$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible)\n#$ActionQueueSaveOnShutdown on # save messages to disk on shutdown\n#$ActionQueueType LinkedList # run asynchronously\n#$ActionResumeRetryCount -1 # infinety retries if host is down\n#$ActionResumeInterval 30 # retry interval\n# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional\n#*.* @@remote-host\n\n# Remote Logging with TCP + SSL/TLS\n#$DefaultNetstreamDriver gtls\n#$DefaultNetstreamDriverCAFile /etc/ssl/rsyslog/rsyslog_ca.cert.pem\n#$DefaultNetstreamDriverCertFile /etc/ssl/rsyslog/rsyslog_CLIENT.cert.pem\n#$DefaultNetstreamDriverKeyFile /etc/ssl/rsyslog/rsyslog_CLIENT.key.pem\n#$ActionSendStreamDriverAuthMode x509/name # enable peer authentication\n#$ActionSendStreamDriverPermittedPeer foo # authorize to send encrypted data to server foo\n#$ActionSendStreamDriverMode 1 # run driver in TLS-only mode\n\n# ######### Receiving Messages from Remote Hosts ##########\n# TCP Syslog Server:\n#$ModLoad imtcp # provides TCP syslog reception\n#$TCPServerRun 10514 # start a TCP syslog server at port 10514\n\n# TCP + SSL/TLS Syslog Server:\n#$ModLoad imtcp # provides TCP syslog reception\n#$DefaultNetstreamDriver gtls # use gnuTLS for data encryption\n#$DefaultNetstreamDriverCAFile /etc/ssl/rsyslog/rsyslog_ca.cert.pem\n#$DefaultNetstreamDriverCertFile /etc/ssl/rsyslog/rsyslog_SERVER.cert.pem\n#$DefaultNetstreamDriverKeyFile /etc/ssl/rsyslog/rsyslog_SERVER.key.pem\n#$InputTCPServerStreamDriverMode 1 # run driver in TLS-only mode\n#$InputTCPServerStreamDriverAuthMode x509/name # enable peer authentication\n#$InputTCPServerStreamDriverPermittedPeer bar # authorize client named bar (one line per client)\n#$TCPServerRun 10514 # start a TCP syslog server at port 10514\n\n# UDP Syslog Server:\n$ModLoad imudp.so # provides UDP syslog reception\n$UDPServerRun 514 # start a UDP syslog server at standard port 514\n\n" }, { "path": "postfix/runit_bootstrap", "content": "#!/bin/sh\n\nexec /sbin/runsvdir /etc/service\n" }, { "path": "postfix/service/postfix/run", "content": "#!/bin/bash\nset -e\n\n# Avoid warning: smtputf8_enable is true, but EAI support is not compiled in\necho \"smtputf8_enable = no\" >> /etc/postfix/main.cf\n\ncat >> /etc/postfix/main.cf << EOF\n# limit smtp to loopback interface & compute engine doesn't support ipv6\ninet_interfaces = loopback-only\ninet_protocols = ipv4\nEOF\n\n# Do we want to modify the config first with the script?\n# shellcheck disable=SC1091\n[ -f /etc/service/postfix/run.config ] && source /etc/service/postfix/run.config\n\nif [[ -n \"$MAILNAME\" ]]; then\n\techo \"$MAILNAME\" > /etc/mailname\n\tpostconf -e myorigin=\"/etc/mailname\"\n\n\tcat >> /etc/postfix/main.cf <<- EOF\n\t# Force ehlo behavior\n\tsmtp_always_send_ehlo = yes\n\tsmtp_helo_name = $MAILNAME\n\tEOF\nfi\n\nif [[ -n \"$MY_NETWORKS\" ]]; then\n\tpostconf -e mynetworks=\"$MY_NETWORKS\"\nfi\n\nif [[ -n \"$MY_DESTINATION\" ]]; then\n\tpostconf -e mydestination=\"$MY_DESTINATION\"\nfi\n\nif [[ -n \"$ROOT_ALIAS\" ]]; then\n\tif [[ -f /etc/aliases ]]; then\n\t\tsed -i '/^root:/d' /etc/aliases\n\tfi\n\techo \"root: $ROOT_ALIAS\" >> /etc/aliases\n\tnewaliases\nfi\n\nif [[ -n \"$RELAY\" ]]; then\n\t# setup the relay\n\tcat >> /etc/postfix/main.cf <<- EOF\n\trelayhost = $RELAY\n\n\t# These lines can be used, if the result is not as expected\n\tdebug_peer_list = smtp-relay.gmail.com\n\tdebug_peer_level = 2\n\tEOF\nfi\n\nif [[ -n \"$TLS\" ]]; then\n\t# setup tls\n\tcat >> /etc/postfix/main.cf <<- EOF\n\tsmtp_use_tls = yes\n\tsmtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt\n\tEOF\nfi\n\nif [[ -n \"$SASL_AUTH\" ]]; then\n\tcat >> /etc/postfix/main.cf <<- EOF\n\tsmtp_sasl_auth_enable = yes\n\tsmtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd\n\tsmtp_sasl_security_options = noanonymous\n\tEOF\n\n\t# generate the SASL password map\n\techo \"$RELAY $SASL_AUTH\" > /etc/postfix/sasl_passwd\n\n\t# generate a .db file\n\tpostmap /etc/postfix/sasl_passwd\n\n\t# cleanup\n\trm /etc/postfix/sasl_passwd\n\n\t# set permissions\n\tchmod 600 /etc/postfix/sasl_passwd.db\nfi\n\nif [[ -f \"/usr/libexec/postfix/master\" ]]; then\n\tcmd=\"/usr/libexec/postfix/master\"\nfi\n\nif [[ -f \"/usr/lib/postfix/master\" ]]; then\n\tcmd=\"/usr/lib/postfix/master\"\nfi\n\nif [[ -z \"$cmd\" ]]; then\n\techo \"Could not find postfix master in /usr/lib or /usr/libexec\"\n\texit 1\nfi\n\n\"$cmd\" -c /etc/postfix -d 2>&1\n" }, { "path": "postfix/service/postfix/supervise/.gitignore", "content": "" }, { "path": "postfix/service/rsyslog/run", "content": "#!/bin/bash\nset -e\n\nexec rsyslogd -n\n" }, { "path": "postfix/service/rsyslog/supervise/.gitignore", "content": "" }, { "path": "powershell/Dockerfile", "content": "FROM debian:stretch-slim\nLABEL maintainer \"Christian Koep \"\n\nENV POWERSHELL_VERSION 7.0.1\n\nRUN apt-get update && apt-get install -y \\\n\tca-certificates \\\n\tdpkg \\\n\tlibcurl3 \\\n\tlibicu57 \\\n\tlibssl1.0.2 \\\n\tliblttng-ust0 \\\n\tlibunwind8 \\\n\twget \\\n\t--no-install-recommends \\\n\t&& rm -rf /var/lib/apt/lists/*\n\nRUN cd /usr/src \\\n\t&& wget \"https://github.com/PowerShell/PowerShell/releases/download/v${POWERSHELL_VERSION}/powershell_${POWERSHELL_VERSION}-1.debian.9_amd64.deb\" -O /tmp/powershell.deb \\\n\t&& dpkg -i /tmp/powershell.deb \\\n\t&& ln -snf \"/opt/microsoft/powershell/7/pwsh\" /usr/bin/pwsh \\\n\t&& apt-get install -fy \\\n\t&& rm -rf /var/lib/apt/lists/* /usr/src/* /tmp/powershell.deb \\\n\t&& which pwsh\n\nENTRYPOINT [ \"/usr/bin/pwsh\" ]\n" }, { "path": "powershell-azure/Dockerfile", "content": "FROM r.j3ss.co/powershell:latest\n\n# Install/Update PowerShellGet\nRUN pwsh -c \"Install-Module PowerShellGet -Force\"\n\n# Install Azure PowerShell module\n# Install the Azure Resource Manager modules from the PowerShell Gallery\nRUN pwsh -c \"Install-Module -Name Az -AllowClobber -Force\"\n\nENTRYPOINT [ \"pwsh\" ]\n" }, { "path": "privoxy/Dockerfile", "content": "# run a privoxy in a container and link to a tor socks proxy container\n#\n# docker run -d \\\n#\t--restart always \\\n# \t# the link inside the container must be named \"torproxy\"\n# \t# see: https://github.com/jessfraz/dockerfiles/blob/master/privoxy/privoxy.conf#L1317\n#\t--link torproxy:torproxy \\\n#\t-v /etc/localtime:/etc/localtime:ro \\\n#\t-p 8118:8118 \\\n# \t--name privoxy \\\n# \tjess/privoxy\n#\nFROM alpine:latest\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN apk --no-cache add \\\n\tprivoxy\n\n# expose http port\nEXPOSE 8118\n\n# copy in our privoxy config file\nCOPY privoxy.conf /etc/privoxy/config\n\n# make sure files are owned by privoxy user\nRUN chown -R privoxy /etc/privoxy\n\nUSER privoxy\n\nENTRYPOINT [ \"privoxy\", \"--no-daemon\" ]\nCMD [ \"/etc/privoxy/config\" ]\n" }, { "path": "privoxy/privoxy.conf", "content": "# Sample Configuration File for Privoxy\n#\n# Id: config,v\n#\n# Copyright (C) 2001-2011 Privoxy Developers http://www.privoxy.org/\n#\n####################################################################\n# #\n# Table of Contents #\n# #\n# I. INTRODUCTION #\n# II. FORMAT OF THE CONFIGURATION FILE #\n# #\n# 1. LOCAL SET-UP DOCUMENTATION #\n# 2. CONFIGURATION AND LOG FILE LOCATIONS #\n# 3. DEBUGGING #\n# 4. ACCESS CONTROL AND SECURITY #\n# 5. FORWARDING #\n# 6. WINDOWS GUI OPTIONS #\n# #\n####################################################################\n#\n#\n# I. INTRODUCTION\n# ===============\n#\n# This file holds Privoxy's main configuration. Privoxy detects\n# configuration changes automatically, so you don't have to restart\n# it unless you want to load a different configuration file.\n#\n# The configuration will be reloaded with the first request after\n# the change was done, this request itself will still use the old\n# configuration, though. In other words: it takes two requests before\n# you see the result of your changes. Requests that are dropped due\n# to ACL don't trigger reloads.\n#\n# When starting Privoxy on Unix systems, give the location of this\n# file as last argument. On Windows systems, Privoxy will look for\n# this file with the name 'config.txt' in the current working directory\n# of the Privoxy process.\n#\n#\n# II. FORMAT OF THE CONFIGURATION FILE\n# ====================================\n#\n# Configuration lines consist of an initial keyword followed by a\n# list of values, all separated by whitespace (any number of spaces\n# or tabs). For example,\n#\n# actionsfile default.action\n#\n# Indicates that the actionsfile is named 'default.action'.\n#\n# The '#' indicates a comment. Any part of a line following a '#'\n# is ignored, except if the '#' is preceded by a '\\'.\n#\n# Thus, by placing a # at the start of an existing configuration\n# line, you can make it a comment and it will be treated as if it\n# weren't there. This is called \"commenting out\" an option and can\n# be useful. Removing the # again is called \"uncommenting\".\n#\n# Note that commenting out an option and leaving it at its default\n# are two completely different things! Most options behave very\n# differently when unset. See the \"Effect if unset\" explanation in\n# each option's description for details.\n#\n# Long lines can be continued on the next line by using a `\\' as the\n# last character.\n#\n#\n#\n# 1. LOCAL SET-UP DOCUMENTATION\n# ==============================\n#\n# If you intend to operate Privoxy for more users than just yourself,\n# it might be a good idea to let them know how to reach you, what\n# you block and why you do that, your policies, etc.\n#\n#\n#\n# 1.1. user-manual\n# =================\n#\n# Specifies:\n#\n# Location of the Privoxy User Manual.\n#\n# Type of value:\n#\n# A fully qualified URI\n#\n# Default value:\n#\n# Unset\n#\n# Effect if unset:\n#\n# http://www.privoxy.org/version/user-manual/ will be used,\n# where version is the Privoxy version.\n#\n# Notes:\n#\n# The User Manual URI is the single best source of information on\n# Privoxy, and is used for help links from some of the internal\n# CGI pages. The manual itself is normally packaged with the\n# binary distributions, so you probably want to set this to a\n# locally installed copy.\n#\n# Examples:\n#\n# The best all purpose solution is simply to put the full local\n# PATH to where the User Manual is located:\n#\n# user-manual /usr/share/doc/privoxy/user-manual\n#\n# The User Manual is then available to anyone with\n# access to Privoxy, by following the built-in URL:\n# http://config.privoxy.org/user-manual/ (or the shortcut:\n# http://p.p/user-manual/).\n#\n# If the documentation is not on the local system, it can be\n# accessed from a remote server, as:\n#\n# user-manual http://example.com/privoxy/user-manual/\n#\n# WARNING!!!\n#\n# If set, this option should be the first option in the config\n# file, because it is used while the config file is being read.\n#\nuser-manual /usr/share/doc/privoxy/user-manual\n#\n#\n# 1.2. trust-info-url\n# ====================\n#\n# Specifies:\n#\n# A URL to be displayed in the error page that users will see if\n# access to an untrusted page is denied.\n#\n# Type of value:\n#\n# URL\n#\n# Default value:\n#\n# Unset\n#\n# Effect if unset:\n#\n# No links are displayed on the \"untrusted\" error page.\n#\n# Notes:\n#\n# The value of this option only matters if the experimental trust\n# mechanism has been activated. (See trustfile below.)\n#\n# If you use the trust mechanism, it is a good idea to write\n# up some on-line documentation about your trust policy and to\n# specify the URL(s) here. Use multiple times for multiple URLs.\n#\n# The URL(s) should be added to the trustfile as well, so users\n# don't end up locked out from the information on why they were\n# locked out in the first place!\n#\n#trust-info-url http://www.example.com/why_we_block.html\n#trust-info-url http://www.example.com/what_we_allow.html\n#\n#\n# 1.3. admin-address\n# ===================\n#\n# Specifies:\n#\n# An email address to reach the Privoxy administrator.\n#\n# Type of value:\n#\n# Email address\n#\n# Default value:\n#\n# Unset\n#\n# Effect if unset:\n#\n# No email address is displayed on error pages and the CGI user\n# interface.\n#\n# Notes:\n#\n# If both admin-address and proxy-info-url are unset, the whole\n# \"Local Privoxy Support\" box on all generated pages will not\n# be shown.\n#\n#admin-address privoxy-admin@example.com\n#\n#\n# 1.4. proxy-info-url\n# ====================\n#\n# Specifies:\n#\n# A URL to documentation about the local Privoxy setup,\n# configuration or policies.\n#\n# Type of value:\n#\n# URL\n#\n# Default value:\n#\n# Unset\n#\n# Effect if unset:\n#\n# No link to local documentation is displayed on error pages and\n# the CGI user interface.\n#\n# Notes:\n#\n# If both admin-address and proxy-info-url are unset, the whole\n# \"Local Privoxy Support\" box on all generated pages will not\n# be shown.\n#\n# This URL shouldn't be blocked ;-)\n#\n#proxy-info-url http://www.example.com/proxy-service.html\n#\n#\n# 2. CONFIGURATION AND LOG FILE LOCATIONS\n# ========================================\n#\n# Privoxy can (and normally does) use a number of other files for\n# additional configuration, help and logging. This section of the\n# configuration file tells Privoxy where to find those other files.\n#\n# The user running Privoxy, must have read permission for all\n# configuration files, and write permission to any files that would\n# be modified, such as log files and actions files.\n#\n#\n#\n# 2.1. confdir\n# =============\n#\n# Specifies:\n#\n# The directory where the other configuration files are located.\n#\n# Type of value:\n#\n# Path name\n#\n# Default value:\n#\n# /etc/privoxy (Unix) or Privoxy installation dir (Windows)\n#\n# Effect if unset:\n#\n# Mandatory\n#\n# Notes:\n#\n# No trailing \"/\", please.\n#\nconfdir /etc/privoxy\n#\n#\n# 2.2. templdir\n# ==============\n#\n# Specifies:\n#\n# An alternative directory where the templates are loaded from.\n#\n# Type of value:\n#\n# Path name\n#\n# Default value:\n#\n# unset\n#\n# Effect if unset:\n#\n# The templates are assumed to be located in confdir/template.\n#\n# Notes:\n#\n# Privoxy's original templates are usually overwritten with each\n# update. Use this option to relocate customized templates that\n# should be kept. As template variables might change between\n# updates, you shouldn't expect templates to work with Privoxy\n# releases other than the one they were part of, though.\n#\n#templdir .\n#\n#\n# 2.3. logdir\n# ============\n#\n# Specifies:\n#\n# The directory where all logging takes place (i.e. where the\n# logfile is located).\n#\n# Type of value:\n#\n# Path name\n#\n# Default value:\n#\n# /var/log/privoxy (Unix) or Privoxy installation dir (Windows)\n#\n# Effect if unset:\n#\n# Mandatory\n#\n# Notes:\n#\n# No trailing \"/\", please.\n#\nlogdir /var/log/privoxy\n#\n#\n# 2.4. actionsfile\n# =================\n#\n# Specifies:\n#\n# The actions file(s) to use\n#\n# Type of value:\n#\n# Complete file name, relative to confdir\n#\n# Default values:\n#\n# match-all.action # Actions that are applied to all sites and maybe overruled later on.\n#\n# default.action # Main actions file\n#\n# user.action # User customizations\n#\n# Effect if unset:\n#\n# No actions are taken at all. More or less neutral proxying.\n#\n# Notes:\n#\n# Multiple actionsfile lines are permitted, and are in fact\n# recommended!\n#\n# The default values are default.action, which is the \"main\"\n# actions file maintained by the developers, and user.action,\n# where you can make your personal additions.\n#\n# Actions files contain all the per site and per URL configuration\n# for ad blocking, cookie management, privacy considerations,\n# etc. There is no point in using Privoxy without at least one\n# actions file.\n#\n# Note that since Privoxy 3.0.7, the complete filename, including\n# the \".action\" extension has to be specified. The syntax change\n# was necessary to be consistent with the other file options and\n# to allow previously forbidden characters.\n#\nactionsfile match-all.action # Actions that are applied to all sites and maybe overruled later on.\nactionsfile default.action # Main actions file\nactionsfile user.action # User customizations\n#\n#\n# 2.5. filterfile\n# ================\n#\n# Specifies:\n#\n# The filter file(s) to use\n#\n# Type of value:\n#\n# File name, relative to confdir\n#\n# Default value:\n#\n# default.filter (Unix) or default.filter.txt (Windows)\n#\n# Effect if unset:\n#\n# No textual content filtering takes place, i.e. all +filter{name}\n# actions in the actions files are turned neutral.\n#\n# Notes:\n#\n# Multiple filterfile lines are permitted.\n#\n# The filter files contain content modification rules that use\n# regular expressions. These rules permit powerful changes on the\n# content of Web pages, and optionally the headers as well, e.g.,\n# you could try to disable your favorite JavaScript annoyances,\n# re-write the actual displayed text, or just have some fun\n# playing buzzword bingo with web pages.\n#\n# The +filter{name} actions rely on the relevant filter (name)\n# to be defined in a filter file!\n#\n# A pre-defined filter file called default.filter that contains a\n# number of useful filters for common problems is included in the\n# distribution. See the section on the filter action for a list.\n#\n# It is recommended to place any locally adapted filters into a\n# separate file, such as user.filter.\n#\nfilterfile default.filter\nfilterfile user.filter # User customizations\n#\n#\n# 2.6. logfile\n# =============\n#\n# Specifies:\n#\n# The log file to use\n#\n# Type of value:\n#\n# File name, relative to logdir\n#\n# Default value:\n#\n# Unset (commented out). When activated: logfile (Unix) or\n# privoxy.log (Windows).\n#\n# Effect if unset:\n#\n# No logfile is written.\n#\n# Notes:\n#\n# The logfile is where all logging and error messages are\n# written. The level of detail and number of messages are set with\n# the debug option (see below). The logfile can be useful for\n# tracking down a problem with Privoxy (e.g., it's not blocking\n# an ad you think it should block) and it can help you to monitor\n# what your browser is doing.\n#\n# Depending on the debug options below, the logfile may be a\n# privacy risk if third parties can get access to it. As most\n# users will never look at it, Privoxy 3.0.7 and later only log\n# fatal errors by default.\n#\n# For most troubleshooting purposes, you will have to change that,\n# please refer to the debugging section for details.\n#\n# Your logfile will grow indefinitely, and you will probably\n# want to periodically remove it. On Unix systems, you can do\n# this with a cron job (see \"man cron\"). For Red Hat based Linux\n# distributions, a logrotate script has been included.\n#\n# Any log files must be writable by whatever user Privoxy is\n# being run as (on Unix, default user id is \"privoxy\").\n#\nlogfile logfile\n#\n#\n# 2.7. trustfile\n# ===============\n#\n# Specifies:\n#\n# The name of the trust file to use\n#\n# Type of value:\n#\n# File name, relative to confdir\n#\n# Default value:\n#\n# Unset (commented out). When activated: trust (Unix) or trust.txt\n# (Windows)\n#\n# Effect if unset:\n#\n# The entire trust mechanism is disabled.\n#\n# Notes:\n#\n# The trust mechanism is an experimental feature for building\n# white-lists and should be used with care. It is NOT recommended\n# for the casual user.\n#\n# If you specify a trust file, Privoxy will only allow access to\n# sites that are specified in the trustfile. Sites can be listed\n# in one of two ways:\n#\n# Prepending a ~ character limits access to this site only (and\n# any sub-paths within this site), e.g. ~www.example.com allows\n# access to ~www.example.com/ features/news.html, etc.\n#\n# Or, you can designate sites as trusted referrers, by prepending\n# the name with a + character. The effect is that access to\n# untrusted sites will be granted -- but only if a link from\n# this trusted referrer was used to get there. The link target\n# will then be added to the \"trustfile\" so that future, direct\n# accesses will be granted. Sites added via this mechanism do\n# not become trusted referrers themselves (i.e. they are added\n# with a ~ designation). There is a limit of 512 such entries,\n# after which new entries will not be made.\n#\n# If you use the + operator in the trust file, it may grow\n# considerably over time.\n#\n# It is recommended that Privoxy be compiled with the\n# --disable-force, --disable-toggle and --disable-editor options,\n# if this feature is to be used.\n#\n# Possible applications include limiting Internet access for\n# children.\n#\n#trustfile trust\n#\n#\n# 3. DEBUGGING\n# =============\n#\n# These options are mainly useful when tracing a problem. Note that\n# you might also want to invoke Privoxy with the --no-daemon command\n# line option when debugging.\n#\n#\n#\n# 3.1. debug\n# ===========\n#\n# Specifies:\n#\n# Key values that determine what information gets logged.\n#\n# Type of value:\n#\n# Integer values\n#\n# Default value:\n#\n# 0 (i.e.: only fatal errors (that cause Privoxy to exit) are logged)\n#\n# Effect if unset:\n#\n# Default value is used (see above).\n#\n# Notes:\n#\n# The available debug levels are:\ndebug 1 # Log the destination for each request Privoxy let through. See also debug 1024.\n# debug 2 # show each connection status\n# debug 4 # show I/O status\n# debug 8 # show header parsing\n# debug 16 # log all data written to the network\n# debug 32 # debug force feature\n# debug 64 # debug regular expression filters\n# debug 128 # debug redirects\n# debug 256 # debug GIF de-animation\n# debug 512 # Common Log Format\n# debug 1024 # Log the destination for requests Privoxy didn't let through, and the reason why.\n# debug 2048 # CGI user interface\n# debug 4096 # Startup banner and warnings.\n# debug 8192 # Non-fatal errors\n# debug 32768 # log all data read from the network\n#\n#\n# To select multiple debug levels, you can either add them or\n# use multiple debug lines.\n#\n# A debug level of 1 is informative because it will show you each\n# request as it happens. 1, 1024, 4096 and 8192 are recommended\n# so that you will notice when things go wrong. The other levels\n# are probably only of interest if you are hunting down a specific\n# problem. They can produce a hell of an output (especially 16).\n#\n# Privoxy used to ship with the debug levels recommended above\n# enabled by default, but due to privacy concerns 3.0.7 and later\n# are configured to only log fatal errors.\n#\n# If you are used to the more verbose settings, simply enable\n# the debug lines below again.\n#\n# If you want to use pure CLF (Common Log Format), you should set\n# \"debug 512\" ONLY and not enable anything else.\n#\n# Privoxy has a hard-coded limit for the length of log messages. If\n# it's reached, messages are logged truncated and marked with\n# \"... [too long, truncated]\".\n#\n# Please don't file any support requests without trying to\n# reproduce the problem with increased debug level first. Once\n# you read the log messages, you may even be able to solve the\n# problem on your own.\n#\n#debug 1 # Log the destination for each request Privoxy let through.\n#debug 1024 # Log the destination for requests Privoxy didn't let through, and the reason why.\n#debug 4096 # Startup banner and warnings\ndebug 8192 # Non-fatal errors\n#debug 32768 # Non-fatal errors\n#\n#\n# 3.2. single-threaded\n# =====================\n#\n# Specifies:\n#\n# Whether to run only one server thread.\n#\n# Type of value:\n#\n# None\n#\n# Default value:\n#\n# Unset\n#\n# Effect if unset:\n#\n# Multi-threaded (or, where unavailable: forked) operation,\n# i.e. the ability to serve multiple requests simultaneously.\n#\n# Notes:\n#\n# This option is only there for debugging purposes. It will\n# drastically reduce performance.\n#\n#single-threaded\n#\n#\n# 3.3. hostname\n# ==============\n#\n# Specifies:\n#\n# The hostname shown on the CGI pages.\n#\n# Type of value:\n#\n# Text\n#\n# Default value:\n#\n# Unset\n#\n# Effect if unset:\n#\n# The hostname provided by the operating system is used.\n#\n# Notes:\n#\n# On some misconfigured systems resolving the hostname fails or\n# takes too much time and slows Privoxy down. Setting a fixed\n# hostname works around the problem.\n#\n# In other circumstances it might be desirable to show a hostname\n# other than the one returned by the operating system. For example\n# if the system has several different hostnames and you don't\n# want to use the first one.\n#\n# Note that Privoxy does not validate the specified hostname value.\n#\n#hostname hostname.example.org\n#\n#\n# 4. ACCESS CONTROL AND SECURITY\n# ===============================\n#\n# This section of the config file controls the security-relevant\n# aspects of Privoxy's configuration.\n#\n#\n#\n# 4.1. listen-address\n# ====================\n#\n# Specifies:\n#\n# The address and TCP port on which Privoxy will listen for\n# client requests.\n#\n# Type of value:\n#\n# [IP-Address]:Port\n#\n# [Hostname]:Port\n#\n# Default value:\n#\n# 127.0.0.1:8118\n#\n# Effect if unset:\n#\n# Bind to 127.0.0.1 (IPv4 localhost), port 8118. This is suitable\n# and recommended for home users who run Privoxy on the same\n# machine as their browser.\n#\n# Notes:\n#\n# You will need to configure your browser(s) to this proxy address\n# and port.\n#\n# If you already have another service running on port 8118, or\n# if you want to serve requests from other machines (e.g. on your\n# local network) as well, you will need to override the default.\n#\n# You can use this statement multiple times to make Privoxy listen\n# on more ports or more IP addresses. Suitable if your operating\n# system does not support sharing IPv6 and IPv4 protocols on the\n# same socket.\n#\n# If a hostname is used instead of an IP address, Privoxy will\n# try to resolve it to an IP address and if there are multiple,\n# use the first one returned.\n#\n# If the address for the hostname isn't already known on the\n# system (for example because it's in /etc/hostname), this may\n# result in DNS traffic.\n#\n# If the specified address isn't available on the system, or if\n# the hostname can't be resolved, Privoxy will fail to start.\n#\n# IPv6 addresses containing colons have to be quoted by\n# brackets. They can only be used if Privoxy has been compiled\n# with IPv6 support. If you aren't sure if your version supports\n# it, have a look at http://config.privoxy.org/ show-status.\n#\n# Some operating systems will prefer IPv6 to IPv4 addresses even if\n# the system has no IPv6 connectivity which is usually not expected\n# by the user. Some even rely on DNS to resolve localhost which\n# mean the \"localhost\" address used may not actually be local.\n#\n# It is therefore recommended to explicitly configure the intended\n# IP address instead of relying on the operating system, unless\n# there's a strong reason not to.\n#\n# If you leave out the address, Privoxy will bind to all IPv4\n# interfaces (addresses) on your machine and may become reachable\n# from the Internet and/ or the local network. Be aware that\n# some GNU/Linux distributions modify that behaviour without\n# updating the documentation. Check for non-standard patches if\n# your Privoxyversion behaves differently.\n#\n# If you configure Privoxyto be reachable from the network,\n# consider using access control lists (ACL's, see below), and/or\n# a firewall.\n#\n# If you open Privoxy to untrusted users, you will also\n# want to make sure that the following actions are disabled:\n# enable-edit-actions and enable-remote-toggle\n#\n# With the exception noted above, listening on multiple addresses\n# is currently not supported by Privoxy directly. It can be done\n# on most operating systems by letting a packet filter redirect\n# request for certain addresses to Privoxy, though.\n#\n# Example:\n#\n# Suppose you are running Privoxy on a machine which has the\n# address 192.168.0.1 on your local private network (192.168.0.0)\n# and has another outside connection with a different address. You\n# want it to serve requests from inside only:\n#\n# listen-address 192.168.0.1:8118\n#\n# Suppose you are running Privoxy on an IPv6-capable machine and\n# you want it to listen on the IPv6 address of the loopback device:\n#\n# listen-address [::1]:8118\n#\nlisten-address 0.0.0.0:8118\n#\n#\n# 4.2. toggle\n# ============\n#\n# Specifies:\n#\n# Initial state of \"toggle\" status\n#\n# Type of value:\n#\n# 1 or 0\n#\n# Default value:\n#\n# 1\n#\n# Effect if unset:\n#\n# Act as if toggled on\n#\n# Notes:\n#\n# If set to 0, Privoxy will start in \"toggled off\" mode,\n# i.e. mostly behave like a normal, content-neutral proxy\n# with both ad blocking and content filtering disabled. See\n# enable-remote-toggle below.\n#\n# The windows version will only display the toggle icon in the\n# system tray if this option is present.\n#\ntoggle 1\n#\n#\n# 4.3. enable-remote-toggle\n# ==========================\n#\n# Specifies:\n#\n# Whether or not the web-based toggle feature may be used\n#\n# Type of value:\n#\n# 0 or 1\n#\n# Default value:\n#\n# 0\n#\n# Effect if unset:\n#\n# The web-based toggle feature is disabled.\n#\n# Notes:\n#\n# When toggled off, Privoxy mostly acts like a normal,\n# content-neutral proxy, i.e. doesn't block ads or filter content.\n#\n# Access to the toggle feature can not be controlled separately by\n# \"ACLs\" or HTTP authentication, so that everybody who can access\n# Privoxy (see \"ACLs\" and listen-address above) can toggle it\n# for all users. So this option is not recommended for multi-user\n# environments with untrusted users.\n#\n# Note that malicious client side code (e.g Java) is also capable\n# of using this option.\n#\n# As a lot of Privoxy users don't read documentation, this feature\n# is disabled by default.\n#\n# Note that you must have compiled Privoxy with support for this\n# feature, otherwise this option has no effect.\n#\nenable-remote-toggle 0\n#\n#\n# 4.4. enable-remote-http-toggle\n# ===============================\n#\n# Specifies:\n#\n# Whether or not Privoxy recognizes special HTTP headers to change\n# its behaviour.\n#\n# Type of value:\n#\n# 0 or 1\n#\n# Default value:\n#\n# 0\n#\n# Effect if unset:\n#\n# Privoxy ignores special HTTP headers.\n#\n# Notes:\n#\n# When toggled on, the client can change Privoxy's behaviour by\n# setting special HTTP headers. Currently the only supported\n# special header is \"X-Filter: No\", to disable filtering for\n# the ongoing request, even if it is enabled in one of the\n# action files.\n#\n# This feature is disabled by default. If you are using Privoxy in\n# a environment with trusted clients, you may enable this feature\n# at your discretion. Note that malicious client side code (e.g\n# Java) is also capable of using this feature.\n#\n# This option will be removed in future releases as it has been\n# obsoleted by the more general header taggers.\n#\nenable-remote-http-toggle 0\n#\n#\n# 4.5. enable-edit-actions\n# =========================\n#\n# Specifies:\n#\n# Whether or not the web-based actions file editor may be used\n#\n# Type of value:\n#\n# 0 or 1\n#\n# Default value:\n#\n# 0\n#\n# Effect if unset:\n#\n# The web-based actions file editor is disabled.\n#\n# Notes:\n#\n# Access to the editor can not be controlled separately by\n# \"ACLs\" or HTTP authentication, so that everybody who can access\n# Privoxy (see \"ACLs\" and listen-address above) can modify its\n# configuration for all users.\n#\n# This option is not recommended for environments with untrusted\n# users and as a lot of Privoxy users don't read documentation,\n# this feature is disabled by default.\n#\n# Note that malicious client side code (e.g Java) is also capable\n# of using the actions editor and you shouldn't enable this\n# options unless you understand the consequences and are sure\n# your browser is configured correctly.\n#\n# Note that you must have compiled Privoxy with support for this\n# feature, otherwise this option has no effect.\n#\nenable-edit-actions 0\n#\n#\n# 4.6. enforce-blocks\n# ====================\n#\n# Specifies:\n#\n# Whether the user is allowed to ignore blocks and can \"go there\n# anyway\".\n#\n# Type of value:\n#\n# 0 or 1\n#\n# Default value:\n#\n# 0\n#\n# Effect if unset:\n#\n# Blocks are not enforced.\n#\n# Notes:\n#\n# Privoxy is mainly used to block and filter requests as a service\n# to the user, for example to block ads and other junk that clogs\n# the pipes. Privoxy's configuration isn't perfect and sometimes\n# innocent pages are blocked. In this situation it makes sense to\n# allow the user to enforce the request and have Privoxy ignore\n# the block.\n#\n# In the default configuration Privoxy's \"Blocked\" page contains\n# a \"go there anyway\" link to adds a special string (the force\n# prefix) to the request URL. If that link is used, Privoxy\n# will detect the force prefix, remove it again and let the\n# request pass.\n#\n# Of course Privoxy can also be used to enforce a network\n# policy. In that case the user obviously should not be able to\n# bypass any blocks, and that's what the \"enforce-blocks\" option\n# is for. If it's enabled, Privoxy hides the \"go there anyway\"\n# link. If the user adds the force prefix by hand, it will not\n# be accepted and the circumvention attempt is logged.\n#\n# Examples:\n#\n# enforce-blocks 1\n#\nenforce-blocks 0\n#\n#\n# 4.7. ACLs: permit-access and deny-access\n# =========================================\n#\n# Specifies:\n#\n# Who can access what.\n#\n# Type of value:\n#\n# src_addr[:port][/src_masklen] [dst_addr[:port][/dst_masklen]]\n#\n# Where src_addr and dst_addr are IPv4 addresses in dotted\n# decimal notation or valid DNS names, port is a port number, and\n# src_masklen and dst_masklen are subnet masks in CIDR notation,\n# i.e. integer values from 2 to 30 representing the length\n# (in bits) of the network address. The masks and the whole\n# destination part are optional.\n#\n# If your system implements RFC 3493, then src_addr and dst_addr\n# can be IPv6 addresses delimeted by brackets, port can be a\n# number or a service name, and src_masklen and dst_masklen can\n# be a number from 0 to 128.\n#\n# Default value:\n#\n# Unset\n#\n# If no port is specified, any port will match. If no src_masklen\n# or src_masklen is given, the complete IP address has to match\n# (i.e. 32 bits for IPv4 and 128 bits for IPv6).\n#\n# Effect if unset:\n#\n# Don't restrict access further than implied by listen-address\n#\n# Notes:\n#\n# Access controls are included at the request of ISPs and systems\n# administrators, and are not usually needed by individual\n# users. For a typical home user, it will normally suffice to\n# ensure that Privoxy only listens on the localhost (127.0.0.1)\n# or internal (home) network address by means of the listen-address\n# option.\n#\n# Please see the warnings in the FAQ that Privoxy is not intended\n# to be a substitute for a firewall or to encourage anyone to\n# defer addressing basic security weaknesses.\n#\n# Multiple ACL lines are OK. If any ACLs are specified, Privoxy\n# only talks to IP addresses that match at least one permit-access\n# line and don't match any subsequent deny-access line. In other\n# words, the last match wins, with the default being deny-access.\n#\n# If Privoxy is using a forwarder (see forward below) for a\n# particular destination URL, the dst_addr that is examined is\n# the address of the forwarder and NOT the address of the ultimate\n# target. This is necessary because it may be impossible for the\n# local Privoxy to determine the IP address of the ultimate target\n# (that's often what gateways are used for).\n#\n# You should prefer using IP addresses over DNS names, because\n# the address lookups take time. All DNS names must resolve! You\n# can not use domain patterns like \"*.org\" or partial domain\n# names. If a DNS name resolves to multiple IP addresses, only\n# the first one is used.\n#\n# Some systems allow IPv4 clients to connect to IPv6 server\n# sockets. Then the client's IPv4 address will be translated by the\n# system into IPv6 address space with special prefix ::ffff:0:0/96\n# (so called IPv4 mapped IPv6 address). Privoxy can handle it\n# and maps such ACL addresses automatically.\n#\n# Denying access to particular sites by ACL may have undesired\n# side effects if the site in question is hosted on a machine\n# which also hosts other sites (most sites are).\n#\n# Examples:\n#\n# Explicitly define the default behavior if no ACL and\n# listen-address are set: \"localhost\" is OK. The absence of a\n# dst_addr implies that all destination addresses are OK:\n#\n# permit-access localhost\n#\n#\n# Allow any host on the same class C subnet as www.privoxy.org\n# access to nothing but www.example.com (or other domains hosted\n# on the same system):\n#\n# permit-access www.privoxy.org/24 www.example.com/32\n#\n#\n# Allow access from any host on the 26-bit subnet 192.168.45.64 to\n# anywhere, with the exception that 192.168.45.73 may not access\n# the IP address behind www.dirty-stuff.example.com:\n#\n# permit-access 192.168.45.64/26\n# deny-access 192.168.45.73 www.dirty-stuff.example.com\n#\n# Allow access from the IPv4 network 192.0.2.0/24 even if listening\n# on an IPv6 wild card address (not supported on all platforms):\n#\n# permit-access 192.0.2.0/24\n#\n#\n# This is equivalent to the following line even if listening on\n# an IPv4 address (not supported on all platforms):\n#\n# permit-access [::ffff:192.0.2.0]/120\n#\n#\n# 4.8. buffer-limit\n# ==================\n#\n# Specifies:\n#\n# Maximum size of the buffer for content filtering.\n#\n# Type of value:\n#\n# Size in Kbytes\n#\n# Default value:\n#\n# 4096\n#\n# Effect if unset:\n#\n# Use a 4MB (4096 KB) limit.\n#\n# Notes:\n#\n# For content filtering, i.e. the +filter and +deanimate-gif\n# actions, it is necessary that Privoxy buffers the entire document\n# body. This can be potentially dangerous, since a server could\n# just keep sending data indefinitely and wait for your RAM to\n# exhaust -- with nasty consequences. Hence this option.\n#\n# When a document buffer size reaches the buffer-limit, it is\n# flushed to the client unfiltered and no further attempt to filter\n# the rest of the document is made. Remember that there may be\n# multiple threads running, which might require up to buffer-limit\n# Kbytes each, unless you have enabled \"single-threaded\" above.\n#\nbuffer-limit 4096\n#\n#\n# 5. FORWARDING\n# ==============\n#\n# This feature allows routing of HTTP requests through a chain of\n# multiple proxies.\n#\n# Forwarding can be used to chain Privoxy with a caching proxy to\n# speed up browsing. Using a parent proxy may also be necessary if\n# the machine that Privoxy runs on has no direct Internet access.\n#\n# Note that parent proxies can severely decrease your privacy\n# level. For example a parent proxy could add your IP address to the\n# request headers and if it's a caching proxy it may add the \"Etag\"\n# header to revalidation requests again, even though you configured\n# Privoxy to remove it. It may also ignore Privoxy's header time\n# randomization and use the original values which could be used by\n# the server as cookie replacement to track your steps between visits.\n#\n# Also specified here are SOCKS proxies. Privoxy supports the SOCKS\n# 4 and SOCKS 4A protocols.\n#\n#\n#\n# 5.1. forward\n# =============\n#\n# Specifies:\n#\n# To which parent HTTP proxy specific requests should be routed.\n#\n# Type of value:\n#\n# target_pattern http_parent[:port]\n#\n# where target_pattern is a URL pattern that specifies to which\n# requests (i.e. URLs) this forward rule shall apply. Use /\n# to denote \"all URLs\". http_parent[:port] is the DNS name or\n# IP address of the parent HTTP proxy through which the requests\n# should be forwarded, optionally followed by its listening port\n# (default: 8000). Use a single dot (.) to denote \"no forwarding\".\n#\n# Default value:\n#\n# Unset\n#\n# Effect if unset:\n#\n# Don't use parent HTTP proxies.\n#\n# Notes:\n#\n# If http_parent is \".\", then requests are not forwarded to\n# another HTTP proxy but are made directly to the web servers.\n#\n# http_parent can be a numerical IPv6 address (if RFC 3493 is\n# implemented). To prevent clashes with the port delimiter,\n# the whole IP address has to be put into brackets. On the other\n# hand a target_pattern containing an IPv6 address has to be put\n# into angle brackets (normal brackets are reserved for regular\n# expressions already).\n#\n# Multiple lines are OK, they are checked in sequence, and the\n# last match wins.\n#\n# Examples:\n#\n# Everything goes to an example parent proxy, except SSL on port\n# 443 (which it doesn't handle):\n#\n# forward / parent-proxy.example.org:8080\n# forward :443 .\n#\n#\n# Everything goes to our example ISP's caching proxy, except for\n# requests to that ISP's sites:\n#\n# forward / caching-proxy.isp.example.net:8000\n# forward .isp.example.net .\n#\n#\n# Parent proxy specified by an IPv6 address:\n#\n# forward / [2001:DB8::1]:8000\n#\n#\n# Suppose your parent proxy doesn't support IPv6:\n#\n# forward / parent-proxy.example.org:8000\n# forward ipv6-server.example.org .\n# forward <[2-3][0-9a-f][0-9a-f][0-9a-f]:*> .\n#\n#\n# 5.2. forward-socks4, forward-socks4a and forward-socks5\n# ========================================================\n#\n# Specifies:\n#\n# Through which SOCKS proxy (and optionally to which parent HTTP\n# proxy) specific requests should be routed.\n#\n# Type of value:\n#\n# target_pattern socks_proxy[:port] http_parent[:port]\n#\n# where target_pattern is a URL pattern that specifies to which\n# requests (i.e. URLs) this forward rule shall apply. Use / to\n# denote \"all URLs\". http_parent and socks_proxy are IP addresses\n# in dotted decimal notation or valid DNS names (http_parent may\n# be \".\" to denote \"no HTTP forwarding\"), and the optional port\n# parameters are TCP ports, i.e. integer values from 1 to 65535\n#\n# Default value:\n#\n# Unset\n#\n# Effect if unset:\n#\n# Don't use SOCKS proxies.\n#\n# Notes:\n#\n# Multiple lines are OK, they are checked in sequence, and the\n# last match wins.\n#\n# The difference between forward-socks4 and forward-socks4a\n# is that in the SOCKS 4A protocol, the DNS resolution of the\n# target hostname happens on the SOCKS server, while in SOCKS 4\n# it happens locally.\n#\n# With forward-socks5 the DNS resolution will happen on the remote\n# server as well.\n#\n# socks_proxy and http_parent can be a numerical IPv6 address\n# (if RFC 3493 is implemented). To prevent clashes with the port\n# delimiter, the whole IP address has to be put into brackets. On\n# the other hand a target_pattern containing an IPv6 address has\n# to be put into angle brackets (normal brackets are reserved\n# for regular expressions already).\n#\n# If http_parent is \".\", then requests are not forwarded to another\n# HTTP proxy but are made (HTTP-wise) directly to the web servers,\n# albeit through a SOCKS proxy.\n#\n# Examples:\n#\n# From the company example.com, direct connections are made to all\n# \"internal\" domains, but everything outbound goes through their\n# ISP's proxy by way of example.com's corporate SOCKS 4A gateway\n# to the Internet.\n#\n# forward-socks4a / socks-gw.example.com:1080 www-cache.isp.example.net:8080\n# forward .example.com .\n#\n#\n# A rule that uses a SOCKS 4 gateway for all destinations but no\n# HTTP parent looks like this:\n#\n# forward-socks4 / socks-gw.example.com:1080 .\n#\n#\n# To chain Privoxy and Tor, both running on the same system,\n# you would use something like:\n#\n# forward-socks5 / 127.0.0.1:9050 .\n#\n#\n# The public Tor network can't be used to reach your local network,\n# if you need to access local servers you therefore might want\n# to make some exceptions:\n#\n# forward 192.168.*.*/ .\n# forward 10.*.*.*/ .\n# forward 127.*.*.*/ .\n#\n#\n# Unencrypted connections to systems in these address ranges will\n# be as (un) secure as the local network is, but the alternative\n# is that you can't reach the local network through Privoxy at\n# all. Of course this may actually be desired and there is no\n# reason to make these exceptions if you aren't sure you need them.\n#\n# If you also want to be able to reach servers in your local\n# network by using their names, you will need additional exceptions\n# that look like this:\n#\n# forward localhost/ .\n#\n#\nforward-socks5 / torproxy:9050 .\n#\n# 5.3. forwarded-connect-retries\n# ===============================\n#\n# Specifies:\n#\n# How often Privoxy retries if a forwarded connection request\n# fails.\n#\n# Type of value:\n#\n# Number of retries.\n#\n# Default value:\n#\n# 0\n#\n# Effect if unset:\n#\n# Connections forwarded through other proxies are treated like\n# direct connections and no retry attempts are made.\n#\n# Notes:\n#\n# forwarded-connect-retries is mainly interesting for socks4a\n# connections, where Privoxy can't detect why the connections\n# failed. The connection might have failed because of a DNS timeout\n# in which case a retry makes sense, but it might also have failed\n# because the server doesn't exist or isn't reachable. In this\n# case the retry will just delay the appearance of Privoxy's\n# error message.\n#\n# Note that in the context of this option, \"forwarded connections\"\n# includes all connections that Privoxy forwards through other\n# proxies. This option is not limited to the HTTP CONNECT method.\n#\n# Only use this option, if you are getting lots of\n# forwarding-related error messages that go away when you try again\n# manually. Start with a small value and check Privoxy's logfile\n# from time to time, to see how many retries are usually needed.\n#\n# Due to a bug, this option currently also causes Privoxy to\n# retry in case of certain problems with direct connections.\n#\n# Examples:\n#\n# forwarded-connect-retries 1\n#\nforwarded-connect-retries 0\n#\n#\n# 6. MISCELLANEOUS\n# =================\n#\n# 6.1. accept-intercepted-requests\n# =================================\n#\n# Specifies:\n#\n# Whether intercepted requests should be treated as valid.\n#\n# Type of value:\n#\n# 0 or 1\n#\n# Default value:\n#\n# 0\n#\n# Effect if unset:\n#\n# Only proxy requests are accepted, intercepted requests are\n# treated as invalid.\n#\n# Notes:\n#\n# If you don't trust your clients and want to force them to use\n# Privoxy, enable this option and configure your packet filter\n# to redirect outgoing HTTP connections into Privoxy.\n#\n# Make sure that Privoxy's own requests aren't redirected as well.\n# Additionally take care that Privoxy can't intentionally connect\n# to itself, otherwise you could run into redirection loops if\n# Privoxy's listening port is reachable by the outside or an\n# attacker has access to the pages you visit.\n#\n# Examples:\n#\n# accept-intercepted-requests 1\n#\naccept-intercepted-requests 0\n#\n#\n# 6.2. allow-cgi-request-crunching\n# =================================\n#\n# Specifies:\n#\n# Whether requests to Privoxy's CGI pages can be blocked or\n# redirected.\n#\n# Type of value:\n#\n# 0 or 1\n#\n# Default value:\n#\n# 0\n#\n# Effect if unset:\n#\n# Privoxy ignores block and redirect actions for its CGI pages.\n#\n# Notes:\n#\n# By default Privoxy ignores block or redirect actions for\n# its CGI pages. Intercepting these requests can be useful in\n# multi-user setups to implement fine-grained access control,\n# but it can also render the complete web interface useless and\n# make debugging problems painful if done without care.\n#\n# Don't enable this option unless you're sure that you really\n# need it.\n#\n# Examples:\n#\n# allow-cgi-request-crunching 1\n#\nallow-cgi-request-crunching 0\n#\n#\n# 6.3. split-large-forms\n# =======================\n#\n# Specifies:\n#\n# Whether the CGI interface should stay compatible with broken\n# HTTP clients.\n#\n# Type of value:\n#\n# 0 or 1\n#\n# Default value:\n#\n# 0\n#\n# Effect if unset:\n#\n# The CGI form generate long GET URLs.\n#\n# Notes:\n#\n# Privoxy's CGI forms can lead to rather long URLs. This isn't\n# a problem as far as the HTTP standard is concerned, but it can\n# confuse clients with arbitrary URL length limitations.\n#\n# Enabling split-large-forms causes Privoxy to divide big forms\n# into smaller ones to keep the URL length down. It makes editing\n# a lot less convenient and you can no longer submit all changes\n# at once, but at least it works around this browser bug.\n#\n# If you don't notice any editing problems, there is no reason\n# to enable this option, but if one of the submit buttons appears\n# to be broken, you should give it a try.\n#\n# Examples:\n#\n# split-large-forms 1\n#\nsplit-large-forms 0\n#\n#\n# 6.4. keep-alive-timeout\n# ========================\n#\n# Specifies:\n#\n# Number of seconds after which an open connection will no longer\n# be reused.\n#\n# Type of value:\n#\n# Time in seconds.\n#\n# Default value:\n#\n# None\n#\n# Effect if unset:\n#\n# Connections are not kept alive.\n#\n# Notes:\n#\n# This option allows clients to keep the connection to Privoxy\n# alive. If the server supports it, Privoxy will keep the\n# connection to the server alive as well. Under certain\n# circumstances this may result in speed-ups.\n#\n# By default, Privoxy will close the connection to the server if\n# the client connection gets closed, or if the specified timeout\n# has been reached without a new request coming in. This behaviour\n# can be changed with the connection-sharing option.\n#\n# This option has no effect if Privoxy has been compiled without\n# keep-alive support.\n#\n# Note that a timeout of five seconds as used in the default\n# configuration file significantly decreases the number of\n# connections that will be reused. The value is used because some\n# browsers limit the number of connections they open to a single\n# host and apply the same limit to proxies. This can result in a\n# single website \"grabbing\" all the connections the browser allows,\n# which means connections to other websites can't be opened until\n# the connections currently in use time out.\n#\n# Several users have reported this as a Privoxy bug, so the default\n# value has been reduced. Consider increasing it to 300 seconds\n# or even more if you think your browser can handle it. If your\n# browser appears to be hanging it can't.\n#\n# Examples:\n#\n# keep-alive-timeout 300\n#\nkeep-alive-timeout 5\n#\n#\n# 6.5. default-server-timeout\n# ============================\n#\n# Specifies:\n#\n# Assumed server-side keep-alive timeout if not specified by\n# the server.\n#\n# Type of value:\n#\n# Time in seconds.\n#\n# Default value:\n#\n# None\n#\n# Effect if unset:\n#\n# Connections for which the server didn't specify the keep-alive\n# timeout are not reused.\n#\n# Notes:\n#\n# Enabling this option significantly increases the number of\n# connections that are reused, provided the keep-alive-timeout\n# option is also enabled.\n#\n# While it also increases the number of connections problems when\n# Privoxy tries to reuse a connection that already has been closed\n# on the server side, or is closed while Privoxy is trying to\n# reuse it, this should only be a problem if it happens for the\n# first request sent by the client. If it happens for requests\n# on reused client connections, Privoxy will simply close the\n# connection and the client is supposed to retry the request\n# without bothering the user.\n#\n# Enabling this option is therefore only recommended if the\n# connection-sharing option is disabled.\n#\n# It is an error to specify a value larger than the\n# keep-alive-timeout value.\n#\n# This option has no effect if Privoxy has been compiled without\n# keep-alive support.\n#\n# Examples:\n#\n# default-server-timeout 60\n#\n#default-server-timeout 60\n#\n#\n# 6.6. connection-sharing\n# ========================\n#\n# Specifies:\n#\n# Whether or not outgoing connections that have been kept alive\n# should be shared between different incoming connections.\n#\n# Type of value:\n#\n# 0 or 1\n#\n# Default value:\n#\n# None\n#\n# Effect if unset:\n#\n# Connections are not shared.\n#\n# Notes:\n#\n# This option has no effect if Privoxy has been compiled without\n# keep-alive support, or if it's disabled.\n#\n# Notes:\n#\n# Note that reusing connections doesn't necessary cause\n# speedups. There are also a few privacy implications you should\n# be aware of.\n#\n# If this option is effective, outgoing connections are shared\n# between clients (if there are more than one) and closing the\n# browser that initiated the outgoing connection does no longer\n# affect the connection between Privoxy and the server unless\n# the client's request hasn't been completed yet.\n#\n# If the outgoing connection is idle, it will not be closed until\n# either Privoxy's or the server's timeout is reached. While\n# it's open, the server knows that the system running Privoxy is\n# still there.\n#\n# If there are more than one client (maybe even belonging to\n# multiple users), they will be able to reuse each others\n# connections. This is potentially dangerous in case of\n# authentication schemes like NTLM where only the connection\n# is authenticated, instead of requiring authentication for\n# each request.\n#\n# If there is only a single client, and if said client can keep\n# connections alive on its own, enabling this option has next to\n# no effect. If the client doesn't support connection keep-alive,\n# enabling this option may make sense as it allows Privoxy to keep\n# outgoing connections alive even if the client itself doesn't\n# support it.\n#\n# You should also be aware that enabling this option increases\n# the likelihood of getting the \"No server or forwarder data\"\n# error message, especially if you are using a slow connection\n# to the Internet.\n#\n# This option should only be used by experienced users who\n# understand the risks and can weight them against the benefits.\n#\n# Examples:\n#\n# connection-sharing 1\n#\n#connection-sharing 1\n#\n#\n# 6.7. socket-timeout\n# ====================\n#\n# Specifies:\n#\n# Number of seconds after which a socket times out if no data\n# is received.\n#\n# Type of value:\n#\n# Time in seconds.\n#\n# Default value:\n#\n# None\n#\n# Effect if unset:\n#\n# A default value of 300 seconds is used.\n#\n# Notes:\n#\n# For SOCKS requests the timeout currently doesn't start until\n# the SOCKS server accepted the request. This will be fixed in\n# the next release.\n#\n# Examples:\n#\n# socket-timeout 300\n#\nsocket-timeout 300\n#\n#\n# 6.8. max-client-connections\n# ============================\n#\n# Specifies:\n#\n# Maximum number of client connections that will be served.\n#\n# Type of value:\n#\n# Positive number.\n#\n# Default value:\n#\n# None\n#\n# Effect if unset:\n#\n# Connections are served until a resource limit is reached.\n#\n# Notes:\n#\n# Privoxy creates one thread (or process) for every incoming\n# client connection that isn't rejected based on the access\n# control settings.\n#\n# If the system is powerful enough, Privoxy can theoretically deal\n# with several hundred (or thousand) connections at the same time,\n# but some operating systems enforce resource limits by shutting\n# down offending processes and their default limits may be below\n# the ones Privoxy would require under heavy load.\n#\n# Configuring Privoxy to enforce a connection limit below the\n# thread or process limit used by the operating system makes\n# sure this doesn't happen. Simply increasing the operating\n# system's limit would work too, but if Privoxy isn't the only\n# application running on the system, you may actually want to\n# limit the resources used by Privoxy.\n#\n# If Privoxy is only used by a single trusted user, limiting the\n# number of client connections is probably unnecessary. If there\n# are multiple possibly untrusted users you probably still want\n# to additionally use a packet filter to limit the maximal number\n# of incoming connections per client. Otherwise a malicious user\n# could intentionally create a high number of connections to\n# prevent other users from using Privoxy.\n#\n# Obviously using this option only makes sense if you choose a\n# limit below the one enforced by the operating system.\n#\n# Examples:\n#\n# max-client-connections 256\n#\n#max-client-connections 256\n\n#\n# 6.9. handle-as-empty-doc-returns-ok\n# ====================================\n#\n# Specifies:\n#\n# The status code Privoxy returns for pages blocked with\n# +handle-as-empty-document.\n#\n# Type of value:\n#\n# 0 or 1\n#\n# Default value:\n#\n# 0\n#\n# Effect if unset:\n#\n# Privoxy returns a status 403(forbidden) for all blocked pages.\n#\n# Effect if set:\n#\n# Privoxy returns a status 200(OK) for pages blocked with\n# +handle-as-empty-document and a status 403(Forbidden) for all\n# other blocked pages.\n#\n# Notes:\n#\n# This is a work-around for Firefox bug 492459: \" Websites are no\n# longer rendered if SSL requests for JavaScripts are blocked by a\n# proxy. \" (https:/ /bugzilla.mozilla.org/show_bug.cgi?id=492459)\n# As the bug has been fixed for quite some time this option\n# should no longer be needed and will be removed in a future\n# release. Please speak up if you have a reason why the option\n# should be kept around.\n#\n#handle-as-empty-doc-returns-ok 1\n#\n#\n# 1.6.10. enable-compression\n#\n# Specifies:\n#\n# Whether or not buffered content is compressed before delivery.\n#\n# Type of value:\n#\n# 0 or 1\n#\n# Default value:\n#\n# 0\n#\n# Effect if unset:\n#\n# Privoxy does not compress buffered content.\n#\n# Effect if set:\n#\n# Privoxy compresses buffered content before delivering it to\n# the client, provided the client supports it.\n#\n# Notes:\n#\n# This directive is only supported if Privoxy has been compiled\n# with FEATURE_COMPRESSION, which should not to be confused\n# with FEATURE_ZLIB.\n#\n# Compressing buffered content is mainly useful if Privoxy and the\n# client are running on different systems. If they are running on\n# the same system, enabling compression is likely to slow things\n# down. If you didn't measure otherwise, you should assume that\n# it does and keep this option disabled.\n#\n# Privoxy will not compress buffered content below a certain\n# length.\n#\n#enable-compression 1\n#\n#\n# 1.6.11. compression-level\n#\n# Specifies:\n#\n# The compression level that is passed to the zlib library when\n# compressing buffered content.\n#\n# Type of value:\n#\n# Positive number ranging from 0 to 9.\n#\n# Default value:\n#\n# 1\n#\n# Notes:\n#\n# Compressing the data more takes usually longer than compressing\n# it less or not compressing it at all. Which level is best\n# depends on the connection between Privoxy and the client. If\n# you can't be bothered to benchmark it for yourself, you should\n# stick with the default and keep compression disabled.\n#\n# If compression is disabled, the compression level is irrelevant.\n#\n# Examples:\n#\n# # Best speed (compared to the other levels)\n# compression-level 1\n#\n# # Best compression\n#\t compression-level 9\n#\n# # No compression. Only useful for testing as the added header\n# # slightly increases the amount of data that has to be sent.\n# # If your benchmark shows that using this compression level\n# # is superior to using no compression at all, the benchmark\n# # is likely to be flawed.\n# compression-level 0\n#\n#\n#compression-level 1\n#\n#\n# 7. WINDOWS GUI OPTIONS\n# =======================\n#\n# Privoxy has a number of options specific to the Windows GUI\n# interface:\n#\n#\n# If \"activity-animation\" is set to 1, the Privoxy icon will animate\n# when \"Privoxy\" is active. To turn off, set to 0.\n#\n#activity-animation 1\n#\n# If \"log-messages\" is set to 1, Privoxy will log messages to the\n# console window:\n#\n#log-messages 1\n#\n# If \"log-buffer-size\" is set to 1, the size of the log buffer,\n# i.e. the amount of memory used for the log messages displayed in\n# the console window, will be limited to \"log-max-lines\" (see below).\n#\n# Warning: Setting this to 0 will result in the buffer to grow\n# infinitely and eat up all your memory!\n#\n#log-buffer-size 1\n#\n# log-max-lines is the maximum number of lines held in the log\n# buffer. See above.\n#\n#log-max-lines 200\n#\n# If \"log-highlight-messages\" is set to 1, Privoxy will highlight\n# portions of the log messages with a bold-faced font:\n#\n#log-highlight-messages 1\n#\n# The font used in the console window:\n#\n#log-font-name Comic Sans MS\n#\n# Font size used in the console window:\n#\n#log-font-size 8\n#\n# \"show-on-task-bar\" controls whether or not Privoxy will appear as\n# a button on the Task bar when minimized:\n#\n#show-on-task-bar 0\n#\n# If \"close-button-minimizes\" is set to 1, the Windows close button\n# will minimize Privoxy instead of closing the program (close with\n# the exit option on the File menu).\n#\n#close-button-minimizes 1\n#\n# The \"hide-console\" option is specific to the MS-Win console version\n# of Privoxy. If this option is used, Privoxy will disconnect from\n# and hide the command console.\n#\n#hide-console\n#\n#\n" }, { "path": "protocol/Dockerfile", "content": "FROM alpine:latest\nLABEL maintainer \"James Abley \"\n\nRUN buildDeps=' \\\n ca-certificates \\\n openssl \\\n ' \\\n && apk --no-cache add --update \\\n python3 \\\n $buildDeps \\\n && wget https://github.com/luismartingarcia/protocol/archive/master.zip \\\n && unzip master.zip \\\n && cd protocol-master && python3 setup.py install \\\n && apk del --purge $buildDeps\n\nENTRYPOINT [\"protocol\"]\n" }, { "path": "pulseaudio/Dockerfile", "content": "# Pulseaudio\n#\n# docker run -d \\\n#\t-v /etc/localtime:/etc/localtime:ro \\\n#\t--device /dev/snd \\\n#\t--name pulseaudio \\\n#\t-p 4713:4713 \\\n#\t-v /var/run/dbus:/var/run/dbus \\\n#\t-v /etc/machine-id:/etc/machine-id \\\n#\tjess/pulseaudio\n#\nFROM debian:sid-slim\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN apt-get update && apt-get install -y \\\n\talsa-utils \\\n\tlibasound2 \\\n\tlibasound2-plugins \\\n\tpulseaudio \\\n\tpulseaudio-utils \\\n\t--no-install-recommends \\\n\t&& rm -rf /var/lib/apt/lists/*\n\nENV HOME /home/pulseaudio\nRUN useradd --create-home --home-dir $HOME pulseaudio \\\n\t&& usermod -aG audio,pulse,pulse-access pulseaudio \\\n\t&& chown -R pulseaudio:pulseaudio $HOME\n\nWORKDIR $HOME\nUSER pulseaudio\n\nCOPY default.pa /etc/pulse/default.pa\nCOPY client.conf /etc/pulse/client.conf\nCOPY daemon.conf /etc/pulse/daemon.conf\n\nENTRYPOINT [ \"pulseaudio\" ]\nCMD [ \"--log-level=4\", \"--log-target=stderr\", \"-v\" ]\n" }, { "path": "pulseaudio/client.conf", "content": "# This file is part of PulseAudio.\n#\n# PulseAudio is free software; you can redistribute it and/or modify\n# it under the terms of the GNU Lesser General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# PulseAudio is distributed in the hope that it will be useful, but\n# WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n# General Public License for more details.\n#\n# You should have received a copy of the GNU Lesser General Public License\n# along with PulseAudio; if not, write to the Free Software\n# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307\n# USA.\n\n## Configuration file for PulseAudio clients. See pulse-client.conf(5) for\n## more information. Default values are commented out. Use either ; or # for\n## commenting.\n\n; default-sink =\n; default-source =\n; default-server =\n; default-dbus-server =\n\nautospawn = no\ndaemon-binary = /bin/true \n; extra-arguments = --log-target=syslog\n\n; cookie-file =\n\n; enable-shm = yes\n; shm-size-bytes = 0 # setting this 0 will use the system-default, usually 64 MiB\n\n; auto-connect-localhost = no\n; auto-connect-display = no\n" }, { "path": "pulseaudio/daemon.conf", "content": "# This file is part of PulseAudio.\n#\n# PulseAudio is free software; you can redistribute it and/or modify\n# it under the terms of the GNU Lesser General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# PulseAudio is distributed in the hope that it will be useful, but\n# WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\n# General Public License for more details.\n#\n# You should have received a copy of the GNU Lesser General Public License\n# along with PulseAudio; if not, see .\n\n## Configuration file for the PulseAudio daemon. See pulse-daemon.conf(5) for\n## more information. Default values are commented out. Use either ; or # for\n## commenting.\n\n; daemonize = no\n; fail = yes\n; allow-module-loading = yes\n; allow-exit = yes\n; use-pid-file = yes\n; system-instance = no\n; local-server-type = user\n; enable-shm = yes\n; shm-size-bytes = 0 # setting this 0 will use the system-default, usually 64 MiB\n; lock-memory = no\n; cpu-limit = no\n\n; high-priority = yes\n; nice-level = -11\n\n; realtime-scheduling = yes\n; realtime-priority = 5\n\nexit-idle-time = 180\n; scache-idle-time = 20\n\n; dl-search-path = (depends on architecture)\n\n; load-default-script-file = yes\n; default-script-file = /etc/pulse/default.pa\n\n; log-target = auto\n; log-level = notice\n; log-meta = no\n; log-time = no\n; log-backtrace = 0\n\n; resample-method = speex-float-1\n; enable-remixing = yes\n; enable-lfe-remixing = no\n\nflat-volumes = yes\n\n; rlimit-fsize = -1\n; rlimit-data = -1\n; rlimit-stack = -1\n; rlimit-core = -1\n; rlimit-as = -1\n; rlimit-rss = -1\n; rlimit-nproc = -1\n; rlimit-nofile = 256\n; rlimit-memlock = -1\n; rlimit-locks = -1\n; rlimit-sigpending = -1\n; rlimit-msgqueue = -1\n; rlimit-nice = 31\n; rlimit-rtprio = 9\n; rlimit-rttime = 200000\n\n; default-sample-format = s16le\n; default-sample-rate = 44100\n; alternate-sample-rate = 48000\n; default-sample-channels = 2\n; default-channel-map = front-left,front-right\n\n; default-fragments = 4\n; default-fragment-size-msec = 25\n\n; enable-deferred-volume = yes\n; deferred-volume-safety-margin-usec = 8000\n; deferred-volume-extra-delay-usec = 0\n\n" }, { "path": "pulseaudio/default.pa", "content": "# Replace the *entire* content of this file with these few lines and\n# read the comments\n\n.fail\n # Set tsched=0 here if you experience glitchy playback. This will\n # revert back to interrupt-based scheduling and should fix it.\n #\n # Replace the device= part if you want pulse to use a specific device\n # such as \"dmix\" and \"dsnoop\" so it doesn't lock an hw: device.\n \n # INPUT/RECORD\n load-module module-alsa-source device=\"default\" tsched=1\n \n # OUTPUT/PLAYBACK\n load-module module-alsa-sink device=\"default\" tsched=1 \n \n # Accept clients -- very important\n load-module module-native-protocol-unix\n load-module module-native-protocol-tcp auth-ip-acl=127.0.0.1;192.168.0.0/24 auth-anonymous=1\n\n.nofail\n.ifexists module-x11-publish.so\n # Publish to X11 so the clients know how to connect to Pulse. Will\n # clear itself on unload.\n load-module module-x11-publish\n.endif\n" }, { "path": "radarr/Dockerfile", "content": "FROM alpine:latest\nLABEL maintainer \"Jessie Frazelle \"\n\nENV LANG \"en_US.UTF-8\"\nENV LANGUAGE \"en_US.UTF-8\"\nENV TERM \"xterm\"\n\nRUN apk add --no-cache \\\n\t\tbash \\\n\t\tca-certificates \\\n\t\tlibmediainfo \\\n\t\tmono \\\n\t\ttar \\\n\t\t--repository https://dl-4.alpinelinux.org/alpine/edge/testing\n\n# https://github.com/Radarr/Radarr/releases\nENV RADARR_VERSION 0.2.0.1480\nRUN mkdir -p /opt/radarr \\\n\t&& wget \"https://github.com/Radarr/Radarr/releases/download/v${RADARR_VERSION}/Radarr.develop.${RADARR_VERSION}.linux.tar.gz\" -O /tmp/radarr.tar.gz \\\n\t&& tar -xzvf /tmp/radarr.tar.gz -C /opt/radarr --strip-components 1 \\\n\t&& rm -rf /tmp/radarr.tar.gz\n\nCOPY entrypoint.sh /usr/local/bin/entrypoint.sh\n\n# Create user and change ownership\nRUN addgroup -g 666 -S radarr \\\n\t&& adduser -u 666 -SHG radarr radarr \\\n\t&& mkdir -p /config \\\n\t&& chown -R radarr:radarr /opt/radarr /config\n\nWORKDIR /opt/radarr\n\nUSER radarr\n\nENTRYPOINT [\"entrypoint.sh\"]\n" }, { "path": "radarr/entrypoint.sh", "content": "#!/bin/bash\nset -e\nset -o pipefail\n\nhandle_signal() {\n PID=$!\n echo \"Received signal. PID is ${PID}\"\n kill -s SIGHUP $PID\n}\n\ntrap \"handle_signal\" SIGINT SIGTERM SIGHUP\n\necho \"Starting radarr...\"\nexec mono --debug /opt/radarr/Radarr.exe --no-browser -data=/config & wait\necho \"Stopping radarr...\"\n" }, { "path": "rainbowstream/Dockerfile", "content": "# Run Rainbowstream in a container\n#\n# docker run -it --rm \\\n#\t-v /etc/localtime:/etc/localtime:ro \\\n#\t-v $HOME/.rainbow_oauth:/root/.rainbow_oauth \\ # mount config files\n#\t-v $HOME/.rainbow_config.json:/root/.rainbow_config.json \\\n#\t--name rainbowstream \\\n#\tjess/rainbowstream\n#\nFROM python:2-alpine\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN apk --no-cache add \\\n\tbuild-base \\\n\tca-certificates \\\n\tfreetype \\\n\tfreetype-dev \\\n\topenjpeg-dev \\\n\tzlib-dev\n\nRUN USER=root pip install \\\n\tpillow==2.8.0 \\\n\trainbowstream\n\nENTRYPOINT [ \"rainbowstream\" ]\n" }, { "path": "rdesktop/Dockerfile", "content": "FROM debian:bullseye-slim\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN apt-get update && apt-get install -y \\\n\tlibgssapi-krb5-2 \\\n\trdesktop \\\n\t--no-install-recommends \\\n\t&& rm -rf /var/lib/apt/lists/*\n\nENTRYPOINT [ \"rdesktop\" ]\n" }, { "path": "registry-auth/Dockerfile", "content": "FROM python:2-alpine AS buildbase\nLABEL maintainer \"Jess Frazelle \"\n\nRUN apk add --no-cache \\\n\tbash \\\n\tgo \\\n\tgit \\\n\tgcc \\\n\tg++ \\\n\tlibc-dev \\\n\tlibgcc \\\n\tmake\n\nENV PATH /go/bin:/usr/local/go/bin:$PATH\nENV GOPATH /go\n\nENV DOCKER_AUTH_VERSION 1.5.0\n\nRUN git clone --depth 1 --branch ${DOCKER_AUTH_VERSION} https://github.com/cesanta/docker_auth /go/src/github.com/cesanta/docker_auth\n\nWORKDIR /go/src/github.com/cesanta/docker_auth/auth_server\n\nRUN pip install GitPython\nRUN make deps generate\nRUN go build -o /usr/bin/auth_server --ldflags=--s\n\nFROM alpine:latest\n\nRUN\tapk --no-cache add \\\n\tca-certificates\n\nCOPY --from=buildbase /usr/bin/auth_server /usr/bin/auth_server\n\nENTRYPOINT [ \"auth_server\" ]\nCMD [ \"/config/auth_config.yml\" ]\n" }, { "path": "remmina/Dockerfile", "content": "# Run remmina in a container\n#\n# docker run -d \\\n#\t-v /etc/localtime:/etc/localtime:ro \\\n#\t-v /tmp/.X11-unix:/tmp/.X11-unix \\\n#\t-e DISPLAY=unix$DISPLAY \\\n#\t-v $HOME/.remmina:/root/.remmina \\\n#\t--name remmina \\\n#\tjess/remmina\n#\nFROM ubuntu:16.04\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN apt-get update && apt-get install -y \\\n\tsoftware-properties-common \\\n\t--no-install-recommends && \\\n\tapt-add-repository ppa:remmina-ppa-team/remmina-next && \\\n\tapt-get update && apt-get install -y \\\n\thicolor-icon-theme \\\n\tremmina \\\n\tremmina-plugin-rdp \\\n\t--no-install-recommends \\\n\t&& rm -rf /var/lib/apt/lists/*\n\nENTRYPOINT [ \"remmina\" ]\n" }, { "path": "requestbin/Dockerfile", "content": "FROM python:2-alpine\n\nRUN apk add --no-cache --virtual .build-deps \\\n\t\tbuild-base \\\n\t\tgit \\\n\t\tlibffi-dev \\\n\t\t--repository http://dl-cdn.alpinelinux.org/alpine/edge/main/ \\\n\t&& git clone --depth 1 https://github.com/Runscope/requestbin /src \\\n\t&& sed -i 's/gevent/gevent==1.4.0/' /src/requirements.txt \\\n\t&& echo \"Flask==1.1.1\" >> /src/requirements.txt \\\n\t&& echo \"Werkzeug==0.15.6\" >> /src/requirements.txt \\\n && pip install -r /src/requirements.txt \\\n && rm -rf ~/.pip/cache \\\n\t&& apk del .build-deps\n\nWORKDIR /src\n\nCMD [\"gunicorn\", \"-b\", \"0.0.0.0:8080\", \"requestbin:app\", \"-k\", \"gevent\"]\n" }, { "path": "ricochet/Dockerfile", "content": "# Run ricochet in a container\n# see: https://ricochet.im/\n#\n# docker run -d \\\n#\t--restart always \\\n#\t-v /etc/localtime:/etc/localtime:ro \\\n#\t-v /tmp/.X11-unix:/tmp/.X11-unix \\\n#\t-e DISPLAY=unix$DISPLAY \\\n# \t--name ricochet \\\n# \tjess/ricochet\n#\nFROM debian:sid-slim\nLABEL maintainer \"Jessie Frazelle \"\n\nENV DEBIAN_FRONTEND noninteractive\n\nRUN mkdir -p /etc/xdg/QtProject && \\\n\tapt-get update && apt-get install -y \\\n\tdirmngr \\\n\tgnupg \\\n\tlibasound2 \\\n\tlibfontconfig1 \\\n\tlibgl1-mesa-dri \\\n\tlibgl1-mesa-glx \\\n\tlibx11-xcb1 \\\n\tlibxext6 \\\n\tlibxrender1 \\\n\tqtbase5-dev \\\n\t&& rm -rf /var/lib/apt/lists/*\n\nENV RICOCHET_VERSION 1.1.4\nENV RICOCHET_FINGERPRINT 0xFF97C53F183C045D\n\nRUN buildDeps=' \\\n\t\tbzip2 \\\n\t\tca-certificates \\\n\t\tcurl \\\n\t' \\\n\t&& set -x \\\n\t&& apt-get update && apt-get install -y $buildDeps --no-install-recommends \\\n\t&& rm -rf /var/lib/apt/lists/* \\\n\t&& curl -sSL \"https://ricochet.im/releases/${RICOCHET_VERSION}/ricochet-${RICOCHET_VERSION}-linux-x86_64.tar.bz2\" -o /tmp/ricochet.tar.bz2 \\\n\t&& curl -sSL \"https://ricochet.im/releases/${RICOCHET_VERSION}/ricochet-${RICOCHET_VERSION}-linux-x86_64.tar.bz2.asc\" -o /tmp/ricochet.tar.bz2.asc \\\n\t&& export GNUPGHOME=\"$(mktemp -d)\" \\\n\t&& chmod 600 \"${GNUPGHOME}\" \\\n\t&& curl -sSL https://ricochet.im/john-brooks.asc | gpg --no-tty --import \\\n\t&& gpg --fingerprint --keyid-format LONG ${RICOCHET_FINGERPRINT} | grep \"9032 CAE4 CBFA 933A 5A21 45D5 FF97 C53F 183C 045D\" \\\n\t&& gpg --batch --verify /tmp/ricochet.tar.bz2.asc /tmp/ricochet.tar.bz2 \\\n\t&& tar -vxj --strip-components 1 -C /usr/local/bin -f /tmp/ricochet.tar.bz2 \\\n\t&& rm -rf /tmp/ricochet* \\\n\t&& rm -rf \"${GNUPGHOME}\" \\\n\t&& apt-get purge -y --auto-remove $buildDeps\n\nENTRYPOINT [ \"ricochet\" ]\n" }, { "path": "routersploit/Dockerfile", "content": "FROM debian:buster-slim\nLABEL maintainer \"Christian Koep \"\n\nENV ROUTERSPLOIT_VERSION v3.4.0\n\nRUN apt-get update && apt-get install -y \\\n git \\\n python-requests \\\n python-paramiko \\\n python-pysnmp-common \\\n python-bs4 \\\n --no-install-recommends \\\n && rm -rf /var/lib/apt/lists/* \\\n && git clone --depth 1 --branch \"${ROUTERSPLOIT_VERSION}\" https://github.com/reverse-shell/routersploit /usr/bin/routersploit \\\n && apt-get purge -y --auto-remove \\\n git\n\nWORKDIR \"/usr/bin/routersploit/\"\nENTRYPOINT [ \"./rsf.py\" ]\n" }, { "path": "rstudio/Dockerfile", "content": "# Run RStudio in a container\n#\n# docker run -it \\\n#\t-v /tmp/.X11-unix:/tmp/.X11-unix \\ # mount the X11 socket\n#\t-e DISPLAY=unix$DISPLAY \\\n#\t-v $HOME/rscripts:/root/rscripts \\\n#\t--device /dev/dri \\\n#\t--name rstudio \\\n#\tjess/rstudio\n#\n\n# Base docker image\nFROM debian:bullseye-slim\nLABEL maintainer \"Jessie Frazelle \"\n\n# Install Rstudio deps\nRUN apt-get update && apt-get install -y \\\n\tca-certificates \\\n\tcurl \\\n\tfcitx-frontend-qt5 \\\n\tfcitx-modules \\\n\tfcitx-module-dbus \\\n\tlibasound2 \\\n\tlibclang-dev \\\n\tlibedit2 \\\n\tlibgl1-mesa-dri \\\n\tlibgl1-mesa-glx \\\n\tlibgstreamer1.0-0 \\\n\tlibgstreamer-plugins-base1.0-0 \\\n\tlibjpeg-dev \\\n\tlibjpeg62-turbo \\\n\tlibjpeg62-turbo-dev \\\n\tlibpresage1v5 \\\n\tlibpresage-data \\\n\tlibqt5core5a \\\n\tlibqt5dbus5 \\\n\tlibqt5gui5 \\\n\tlibqt5network5 \\\n\tlibqt5printsupport5 \\\n\tlibqt5webkit5 \\\n\tlibqt5widgets5 \\\n\tlibnss3 \\\n\tlibtiff5 \\\n\tlibxcomposite1 \\\n\tlibxcursor1 \\\n\tlibxslt1.1 \\\n\tlibxtst6 \\\n\tlittler \\\n\tlocales \\\n\tr-base \\\n\tr-base-dev \\\n\tr-recommended \\\n\t--no-install-recommends \\\n\t&& echo \"en_US.UTF-8 UTF-8\" >> /etc/locale.gen \\\n\t&& locale-gen en_US.utf8 \\\n\t&& /usr/sbin/update-locale LANG=en_US.UTF-8 \\\n\t&& rm -rf /var/lib/apt/lists/*\n\n# https://www.rstudio.com/products/rstudio/download/#download\nENV RSTUDIO_VERSION 1.3.959\n\n# Download the source\nRUN curl -sSL \"https://download1.rstudio.org/desktop/bionic/amd64/rstudio-${RSTUDIO_VERSION}-amd64.deb\" -o /tmp/rstudio-amd64.deb \\\n\t&& dpkg -i /tmp/rstudio-amd64.deb \\\n\t&& rm -rf /tmp/*.deb \\\n\t&& ln -f -s /usr/lib/rstudio/bin/rstudio /usr/bin/rstudio\n\n\nENV LC_ALL en_US.UTF-8\nENV LANG en_US.UTF-8\n\n# Set default CRAN repo\nRUN mkdir -p /etc/R \\\n\t&& echo 'options(repos = c(CRAN = \"https://cran.rstudio.com/\"), download.file.method = \"libcurl\")' >> /etc/R/Rprofile.site \\\n && echo 'source(\"/etc/R/Rprofile.site\")' >> /etc/littler.r \\\n\t&& ln -s /usr/share/doc/littler/examples/install.r /usr/local/bin/install.r \\\n\t&& ln -s /usr/share/doc/littler/examples/install2.r /usr/local/bin/install2.r \\\n\t&& ln -s /usr/share/doc/littler/examples/installGithub.r /usr/local/bin/installGithub.r \\\n\t&& ln -s /usr/share/doc/littler/examples/testInstalled.r /usr/local/bin/testInstalled.r \\\n\t&& rm -rf /tmp/downloaded_packages/ /tmp/*.rds \\\n\t&& echo '\"\\e[5~\": history-search-backward' >> /etc/inputrc \\\n\t&& echo '\"\\e[6~\": history-search-backward' >> /etc/inputrc\n\nENV HOME /home/user\nRUN useradd --create-home --home-dir $HOME user \\\n && chown -R user:user $HOME\n\nWORKDIR $HOME\n\nUSER user\n\n# Autorun Rstudio\nENTRYPOINT [ \"rstudio\" ]\n" }, { "path": "rt-tests/Dockerfile", "content": "FROM debian:bullseye-slim\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN apt-get update && apt-get install -y \\\n\trt-tests \\\n\t--no-install-recommends \\\n\t&& rm -rf /var/lib/apt/lists/*\n\nCMD [ \"hackbench\" ]\n" }, { "path": "run.sh", "content": "#!/bin/bash\n#\n# This script allows you to launch several images\n# from this repository once they're built.\n#\n# Make sure you add the `docker run` command\n# in the header of the Dockerfile so the script\n# can find it and execute it.\n#\n# Use pulseaudio/Dockerfile and skype/Dockerfile as examples.\nset -e\nset -o pipefail\n\nif [[ $# -eq 0 ]]; then\n\techo \"Usage: $0 [--test] image1 image2 ...\"\n\texit 1\nfi\n\nif [[ \"$1\" = \"--test\" ]]; then\n\tTEST=1\n\tshift\nfi\n\nfor name in \"$@\"; do\n\tif [[ ! -d \"$name\" ]]; then\n\t\techo \"Unable to find container configuration with name: $name\"\n\t\texit 1\n\tfi\n\n\tscript=$(sed -n '/docker run/,/^#$/p' \"$name/Dockerfile\" | head -n -1 | sed \"s/#//\" | sed \"s#\\\\\\\\##\" | tr '\\n' ' ' | sed \"s/\\$@//\" | sed 's/\"\"//')\n\techo \"Running: $script\"\n\n\tif [ $TEST ]; then\n\t\techo \"$script\"\n\telse\n\t\teval \"$script\"\n\tfi\n\n\tshift\ndone\n" }, { "path": "runc-rootless/Dockerfile", "content": "FROM golang:alpine AS runc\nENV RUNC_VERSION 9f9c96235cc97674e935002fc3d78361b696a69e\nRUN apk add --no-cache \\\n\tbash \\\n\tcurl \\\n\tg++ \\\n\tgit \\\n\tlibseccomp-dev \\\n\tlinux-headers \\\n\tmake\nRUN git clone https://github.com/jessfraz/runc.git \"$GOPATH/src/github.com/opencontainers/runc\" \\\n\t&& cd \"$GOPATH/src/github.com/opencontainers/runc\" \\\n\t&& git checkout -q \"demo-rootless\" \\\n\t&& make static BUILDTAGS=\"seccomp\" EXTRA_FLAGS=\"-buildmode pie\" EXTRA_LDFLAGS=\"-extldflags \\\\\\\"-fno-PIC -static\\\\\\\"\" \\\n\t&& mv runc /usr/bin/runc\n\nFROM alpine:latest\nMAINTAINER Jessica Frazelle \nRUN apk add --no-cache \\\n\tbash \\\n\tshadow \\\n\tshadow-uidmap \\\n\tstrace\nCOPY --from=runc /usr/bin/runc /usr/bin/runc\nCOPY start.sh /usr/bin/start.sh\nENV HOME /home/user\nRUN useradd --create-home --home-dir $HOME user\nCOPY busybox.tar /home/user/busybox.tar\nRUN chown -R user:user $HOME /run /tmp\nUSER user\nWORKDIR $HOME\n\nCMD [\"start.sh\"]\n" }, { "path": "runc-rootless/start.sh", "content": "#!/bin/bash\nset -e\nset -o pipefail\n\nmkdir -p \"${HOME}/rootfs\"\nmkdir -p \"${HOME}/containerroot\"\n\n# untar the rootfs\ntar -C \"${HOME}/rootfs\" -xf \"${HOME}/busybox.tar\"\n\n# create the spec\nrunc spec --rootless\n\n# run the container\nrunc --root \"${HOME}/containerroot\" run mycontainer\n" }, { "path": "s3cmd/Dockerfile", "content": "# s3cmd in a container\n#\n# docker run --rm -it \\\n#\t-e AWS_ACCESS_KEY \\\n#\t-e AWS_SECRET_KEY \\\n#\t-v $(pwd):/root/s3cmd-workspace\n#\t--name s3cmd \\\n#\tjess/s3cmd\n#\nFROM debian:sid-slim\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN apt-get update && apt-get install -y \\\n\tca-certificates \\\n\ts3cmd \\\n\t--no-install-recommends \\\n\t&& rm -rf /var/lib/apt/lists/*\n\n# Setup s3cmd config\nRUN { \\\n\t\techo '[default]'; \\\n\t\techo 'access_key=$AWS_ACCESS_KEY'; \\\n\t\techo 'secret_key=$AWS_SECRET_KEY'; \\\n\t} > ~/.s3cfg\n\nENV HOME /root\nWORKDIR $HOME/s3cmd-workspace\n\nENTRYPOINT [ \"s3cmd\" ]\n" }, { "path": "scudcloud/Dockerfile", "content": "# To use:\n# Needs X11 socket and dbus mounted\n#\n# docker run --rm -it \\\n#\t-v /etc/machine-id:/etc/machine-id:ro \\\n#\t-v /etc/localtime:/etc/localtime:ro \\\n#\t-v /tmp/.X11-unix:/tmp/.X11-unix \\\n#\t-e DISPLAY=unix$DISPLAY \\\n#\t--device /dev/snd:/dev/snd \\\n#\t-v /var/run/dbus:/var/run/dbus \\\n#\t-v $HOME/.scudcloud:/home/user/.config/scudcloud \\\n#\t--name scudcloud \\\n#\tjess/scudcloud\n\nFROM ubuntu:16.04\nLABEL maintainer \"Jessie Frazelle \"\n\nENV DEBIAN_FRONTEND noninteractive\n\nRUN apt-get update && apt-get install -y \\\n\tdbus-x11 \\\n\thunspell-en-us \\\n\tlibnotify-bin \\\n\tpython3-dbus \\\n\tsoftware-properties-common \\\n\t--no-install-recommends && \\\n\tapt-add-repository -y ppa:rael-gc/scudcloud && \\\n\tapt-get update && \\\n\tapt-get install -y \\\n\tscudcloud \\\n\t&& rm -rf /var/lib/apt/lists/*\n\nENV LANG en_US.UTF-8\nENV HOME /home/user\nRUN useradd --create-home --home-dir $HOME user \\\n\t&& chown -R user:user $HOME\n\nUSER user\n\nENTRYPOINT [\"/usr/bin/scudcloud\"]\n" }, { "path": "shellcheck/Dockerfile", "content": "FROM debian:bullseye-slim\n\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN apt-get update && apt-get install -y \\\n\tfile \\\n\tshellcheck \\\n\t--no-install-recommends \\\n\t&& rm -rf /var/lib/apt/lists/*\n\nCMD [\"shellcheck\"]\n" }, { "path": "shellcheck.sh", "content": "#!/bin/bash\nset -e\nset -o pipefail\n\nERRORS=()\n\n# find all executables and run `shellcheck`\nfor f in $(find . -type f -not -iwholename '*.git*' -not -name \"Dockerfile\" | sort -u); do\n\tif file \"$f\" | grep --quiet shell; then\n\t\t{\n\t\t\tshellcheck \"$f\" && echo \"[OK]: sucessfully linted $f\"\n\t\t} || {\n\t\t\t# add to errors\n\t\t\tERRORS+=(\"$f\")\n\t\t}\n\tfi\ndone\n\nif [ ${#ERRORS[@]} -eq 0 ]; then\n\techo \"No errors, hooray\"\nelse\n\techo \"These files failed shellcheck: ${ERRORS[*]}\"\n\texit 1\nfi\n" }, { "path": "shorewall/Dockerfile", "content": "# shorewall in a container\n#\n# docker run --rm -it \\\n# \t--net host \\\n# \t--cap-add NET_ADMIN \\\n#\t--privileged \\\n# \tjess/shorewall\n#\nFROM alpine:latest\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN apk --no-cache add \\\n\tshorewall \\\n\t&& touch /var/log/messages\n\nCOPY ./etc /etc/shorewall\n\nENTRYPOINT [ \"/usr/sbin/shorewall\" ]\n" }, { "path": "shorewall/etc/interfaces", "content": "#\n# Shorewall version 4 - Interfaces File\n#\n# For information about entries in this file, type \"man shorewall-interfaces\"\n#\n# The manpage is also online at\n# http://www.shorewall.net/manpages/shorewall-interfaces.html\n#\n###############################################################################\n?FORMAT 2\n###############################################################################\n#ZONE\t\tINTERFACE\t\tOPTIONS\n- lo ignore\ndock docker0 bridge\nnet all dhcp,physical=+\n" }, { "path": "shorewall/etc/masq", "content": "#\n# Shorewall version 4 - Masq file\n#\n# For information about entries in this file, type \"man shorewall-masq\"\n#\n# The manpage is also online at\n# http://www.shorewall.net/manpages/shorewall-masq.html\n#\n################################################################################################################\n#INTERFACE:DEST\t\tSOURCE\t\tADDRESS\t\tPROTO\tPORT(S)\tIPSEC\tMARK\tUSER/\tSWITCH\tORIGINAL\n#\t\t\t\t\t\t\t\t\t\t\tGROUP\t\tDEST\n#net 172.17.0.0/16\n" }, { "path": "shorewall/etc/policy", "content": "#\n# Shorewall version 4 - Policy File\n#\n# For information about entries in this file, type \"man shorewall-policy\"\n#\n# The manpage is also online at\n# http://www.shorewall.net/manpages/shorewall-policy.html\n#\n###############################################################################\n#SOURCE\t DEST POLICY\t\tLOG\tLIMIT:\t\tCONNLIMIT:\n#\t\t\t\tLEVEL\tBURST\t\tMASK\ndock net ACCEPT\ndock fw ACCEPT\n\nnet dock DROP\nnet all DROP\n\nfw net ACCEPT\nfw dock ACCEPT\n" }, { "path": "shorewall/etc/rules", "content": "#\n# Shorewall version 4 - Rules File\n#\n# For information on the settings in this file, type \"man shorewall-rules\"\n#\n# The manpage is also online at\n# http://www.shorewall.net/manpages/shorewall-rules.html\n#\n######################################################################################################################################################################################################\n#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK CONNLIMIT TIME HEADERS SWITCH HELPER\n# PORT PORT(S)DEST LIMIT GROUP\n?SECTION ALL\n?SECTION ESTABLISHED\n?SECTION RELATED\n?SECTION INVALID\n?SECTION UNTRACKED\n?SECTION NEW\nInvalid(DROP) net $FW tcp\nInvalid(DROP) net dock tcp\nInvalid(DROP) net dock udp\n#SSH(ACCEPT) net $FW\n# on a server you would obviously want to accept here\n#Ping(ACCEPT) net $FW\n" }, { "path": "shorewall/etc/shorewall.conf", "content": "###############################################################################\n#\n# Shorewall Version 4.4 -- /etc/shorewall/shorewall.conf\n#\n# For information about the settings in this file, type \"man shorewall.conf\"\n#\n# Manpage also online at http://www.shorewall.net/manpages/shorewall.conf.html\n###############################################################################\n# S T A R T U P E N A B L E D\n###############################################################################\n\nSTARTUP_ENABLED=Yes\n\n###############################################################################\n# V E R B O S I T Y\n###############################################################################\n\nVERBOSITY=1\n\n###############################################################################\n# L O G G I N G\n###############################################################################\n\nBLACKLIST_LOG_LEVEL=\n\nINVALID_LOG_LEVEL=\n\nLOG_BACKEND=\n\nLOG_MARTIANS=Yes\n\nLOG_VERBOSITY=2\n\nLOGALLNEW=\n\nLOGFILE=/var/log/messages\n\nLOGFORMAT=\"Shorewall:%s:%s:\"\n\nLOGTAGONLY=No\n\nLOGLIMIT=\n\nMACLIST_LOG_LEVEL=info\n\nRELATED_LOG_LEVEL=\n\nRPFILTER_LOG_LEVEL=info\n\nSFILTER_LOG_LEVEL=info\n\nSMURF_LOG_LEVEL=info\n\nSTARTUP_LOG=/var/log/shorewall-init.log\n\nTCP_FLAGS_LOG_LEVEL=info\n\nUNTRACKED_LOG_LEVEL=\n\n###############################################################################\n# L O C A T I O N O F F I L E S A N D D I R E C T O R I E S\n###############################################################################\n\nARPTABLES=\n\nCONFIG_PATH=${CONFDIR}/shorewall:${SHAREDIR}/shorewall\n\nGEOIPDIR=/usr/share/xt_geoip/LE\n\nIPTABLES=\n\nIP=\n\nIPSET=\n\nLOCKFILE=\n\nMODULESDIR=\n\nNFACCT=\n\nPERL=/usr/bin/perl\n\nPATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin\n\nRESTOREFILE=restore\n\nSHOREWALL_SHELL=/bin/sh\n\nSUBSYSLOCK=\n\nTC=\n\n###############################################################################\n# D E F A U L T A C T I O N S / M A C R O S\n###############################################################################\n\nACCEPT_DEFAULT=\"none\"\nDROP_DEFAULT=\"Drop\"\nNFQUEUE_DEFAULT=\"none\"\nQUEUE_DEFAULT=\"none\"\nREJECT_DEFAULT=\"Reject\"\n\n###############################################################################\n# R S H / R C P C O M M A N D S\n###############################################################################\n\nRCP_COMMAND='scp ${files} ${root}@${system}:${destination}'\nRSH_COMMAND='ssh ${root}@${system} ${command}'\n\n###############################################################################\n# F I R E W A L L O P T I O N S\n###############################################################################\n\nACCOUNTING=Yes\n\nACCOUNTING_TABLE=filter\n\nADD_IP_ALIASES=No\n\nADD_SNAT_ALIASES=No\n\nADMINISABSENTMINDED=Yes\n\nBASIC_FILTERS=No\n\nIGNOREUNKNOWNVARIABLES=No\n\nAUTOCOMMENT=Yes\n\nAUTOHELPERS=Yes\n\nAUTOMAKE=No\n\nBLACKLIST=\"NEW,INVALID,UNTRACKED\"\n\nCHAIN_SCRIPTS=No\n\nCLAMPMSS=No\n\nCLEAR_TC=Yes\n\nCOMPLETE=Yes\n\nDEFER_DNS_RESOLUTION=Yes\n\nDISABLE_IPV6=No\n\nDELETE_THEN_ADD=Yes\n\nDETECT_DNAT_IPADDRS=No\n\nDONT_LOAD=\n\nDYNAMIC_BLACKLIST=Yes\n\nEXPAND_POLICIES=Yes\n\nEXPORTMODULES=Yes\n\nFASTACCEPT=Yes\n\nFORWARD_CLEAR_MARK=\n\nHELPERS=\n\nIMPLICIT_CONTINUE=No\n\nINLINE_MATCHES=Yes\n\nIPSET_WARNINGS=Yes\n\nIP_FORWARDING=On\n\nKEEP_RT_TABLES=No\n\nLOAD_HELPERS_ONLY=Yes\n\nLEGACY_FASTSTART=No\n\nMACLIST_TABLE=filter\n\nMACLIST_TTL=\n\nMANGLE_ENABLED=Yes\n\nMAPOLDACTIONS=No\n\nMARK_IN_FORWARD_CHAIN=No\n\nMODULE_SUFFIX=ko\n\nMULTICAST=No\n\nMUTEX_TIMEOUT=60\n\nNULL_ROUTE_RFC1918=No\n\nOPTIMIZE=All\n\nOPTIMIZE_ACCOUNTING=No\n\nREJECT_ACTION=\n\nREQUIRE_INTERFACE=Yes\n\nRESTORE_DEFAULT_ROUTE=Yes\n\nRESTORE_ROUTEMARKS=Yes\n\nRETAIN_ALIASES=No\n\nROUTE_FILTER=No\n\nSAVE_ARPTABLES=No\n\nSAVE_IPSETS=No\n\nTC_ENABLED=Internal\n\nTC_EXPERT=No\n\nTC_PRIOMAP=\"2 3 3 3 2 3 1 1 2 2 2 2 2 2 2 2\"\n\nTRACK_PROVIDERS=Yes\n\nTRACK_RULES=No\n\nUSE_DEFAULT_RT=Yes\n\nUSE_PHYSICAL_NAMES=No\n\nUSE_RT_NAMES=No\n\nWARNOLDCAPVERSION=Yes\n\nZONE2ZONE=-\n\n###############################################################################\n# P A C K E T D I S P O S I T I O N\n###############################################################################\n\nBLACKLIST_DISPOSITION=DROP\n\nINVALID_DISPOSITION=CONTINUE\n\nMACLIST_DISPOSITION=REJECT\n\nRELATED_DISPOSITION=ACCEPT\n\nRPFILTER_DISPOSITION=DROP\n\nSMURF_DISPOSITION=DROP\n\nSFILTER_DISPOSITION=DROP\n\nTCP_FLAGS_DISPOSITION=DROP\n\nUNTRACKED_DISPOSITION=CONTINUE\n\n################################################################################\n# P A C K E T M A R K L A Y O U T\n################################################################################\n\nTC_BITS=\n\nPROVIDER_BITS=\n\nPROVIDER_OFFSET=\n\nMASK_BITS=\n\nZONE_BITS=0\n\n################################################################################\n# L E G A C Y O P T I O N\n# D O N O T D E L E T E O R A L T E R\n################################################################################\n\nIPSECFILE=zones\n\n#LAST LINE -- DO NOT REMOVE\n" }, { "path": "shorewall/etc/zones", "content": "#\n# Shorewall version 4 - Zones File\n#\n# For information about this file, type \"man shorewall-zones\"\n#\n# The manpage is also online at\n# http://www.shorewall.net/manpages/shorewall-zones.html\n#\n###############################################################################\n#ZONE\tTYPE\t\tOPTIONS\t\tIN\t\t\tOUT\n#\t\t\t\t\tOPTIONS\t\t\tOPTIONS\nfw firewall\ndock ipv4\nnet ip\n" }, { "path": "sickbeard/Dockerfile", "content": "# Sickbeard in a container\n#\n# docker run -d \\\n# \t--restart always \\\n#\t-p 8081:8081 \\\n# \t-v /etc/localtime:/etc/localtime:ro \\\n# \t-v /volumes/sickbeard:/data \\\n#\t--link transmission:transmission \\\n# \t--name sickbeard \\\n# \tjess/sickbeard\n#\nFROM alpine:latest\nLABEL maintainer \"Jessie Frazelle \"\n\n\nRUN apk add --no-cache \\\n\t--repository http://dl-cdn.alpinelinux.org/alpine/edge/community \\\n\tca-certificates \\\n\tgit \\\n\tpython \\\n\tpy-pip \\\n\tpy-setuptools\n\nRUN pip install cheetah\n\nENV SICKBEARD_VERSION torrent_1080_subtitles\n\nEXPOSE 8081\n\nRUN git clone https://github.com/junalmeida/Sick-Beard.git /usr/src/sickbeard\n\nWORKDIR /usr/src/sickbeard\n\nENTRYPOINT [ \"python\", \"SickBeard.py\" ]\nCMD [ \"--datadir\", \"/data\" ]\n" }, { "path": "skype/Dockerfile", "content": "# Run skype in a container, requires pulseaudio\n# (but I have a container for that)\n#\n# docker run -v /tmp/.X11-unix:/tmp/.X11-unix \\\n#\t-v $HOME/.Skype:/home/skype/.Skype \\\n#\t-e DISPLAY=unix$DISPLAY \\\n#\t--link pulseaudio:pulseaudio \\\n#\t-e PULSE_SERVER=pulseaudio \\\n#\t--device /dev/video0 \\\n#\t--name skype \\\n#\tjess/skype\n#\nFROM debian:bullseye-slim\n\n# Tell debconf to run in non-interactive mode\nENV DEBIAN_FRONTEND noninteractive\n\nRUN apt-get update && apt-get install -y \\\n\tapt-transport-https \\\n\tca-certificates \\\n\tcurl \\\n\tgnupg \\\n\tprocps \\\n\t--no-install-recommends\n\n# Add the skype debian repo\nRUN curl -sSL https://repo.skype.com/data/SKYPE-GPG-KEY | apt-key add -\nRUN echo \"deb [arch=amd64] https://repo.skype.com/deb stable main\" > /etc/apt/sources.list.d/skype.list\n\nRUN apt-get update && apt-get -y install \\\n\tskypeforlinux \\\n\t--no-install-recommends \\\n\t&& rm -rf /var/lib/apt/lists/*\n\nCOPY run-skype-and-wait-for-exit /usr/local/bin\n\n# Make a user\nENV HOME /home/skype\nRUN useradd --create-home --home-dir $HOME skype \\\n\t&& chown -R skype:skype $HOME \\\n\t&& usermod -a -G audio,video skype\n\nWORKDIR $HOME\nUSER skype\n\n# Start Skype\nENTRYPOINT [\"run-skype-and-wait-for-exit\"]\n\n" }, { "path": "skype/run-skype-and-wait-for-exit", "content": "#!/bin/bash\nskypeforlinux\nsleep 3\nwhile ps -C skypeforlinux >/dev/null;do sleep 3;done\n" }, { "path": "slack/Dockerfile", "content": "# Run slack desktop app in a container\n#\n# docker run --rm -it \\\n#\t-v /etc/localtime:/etc/localtime:ro \\\n#\t-v /tmp/.X11-unix:/tmp/.X11-unix \\\n#\t-e DISPLAY=unix$DISPLAY \\\n#\t--device /dev/snd \\\n#\t--device /dev/dri \\\n#\t--device /dev/video0 \\\n#\t--group-add audio \\\n#\t--group-add video \\\n#\t-v \"${HOME}/.slack:/root/.config/Slack\" \\\n#\t--ipc=\"host\" \\\n#\t--name slack \\\n#\tjess/slack \"$@\"\n\nFROM debian:bullseye-slim\nLABEL maintainer \"Jessie Frazelle \"\n\nENV LC_ALL en_US.UTF-8\nENV LANG en_US.UTF-8\n\nRUN apt-get update && apt-get install -y \\\n\tapt-transport-https \\\n\tca-certificates \\\n\tcurl \\\n\tgnupg \\\n\tlocales \\\n\t--no-install-recommends \\\n\t&& rm -rf /var/lib/apt/lists/*\n\nRUN echo \"en_US.UTF-8 UTF-8\" >> /etc/locale.gen \\\n\t&& locale-gen en_US.utf8 \\\n\t&& /usr/sbin/update-locale LANG=en_US.UTF-8\n\n# Add the slack debian repo\nRUN curl -sSL https://packagecloud.io/slacktechnologies/slack/gpgkey | apt-key add -\nRUN echo \"deb https://packagecloud.io/slacktechnologies/slack/debian/ jessie main\" > /etc/apt/sources.list.d/slacktechnologies_slack.list\n\nRUN apt-get update && apt-get -y install \\\n\tlibasound2 \\\n\tlibgtk-3-0 \\\n\tlibx11-xcb1 \\\n\tlibxkbfile1 \\\n\tslack-desktop \\\n\t--no-install-recommends \\\n\t&& rm -rf /var/lib/apt/lists/*\n\nENTRYPOINT [\"/usr/lib/slack/slack\"]\n" }, { "path": "slapd/Dockerfile", "content": "# Run slapd in a docker container\n#\n# - `LDAP_DOMAIN` sets the LDAP root domain. (e.g. if you provide `foo.bar.com`\n# \there, the root of your directory will be `dc=foo,dc=bar,dc=com`)\n# - `LDAP_ORGANIZATION` sets the human-readable name for your organization (e.g.\n# \t`Acme Widgets Inc.`)\n# - `LDAP_ROOTPASS` sets the LDAP admin user password (i.e. the password for\n# \t`cn=admin,dc=example,dc=com` if your domain was `example.com`)\n#\n# How to start the container:\n#\n# docker run -v /data/ldap:/var/lib/ldap \\\n# \t-e LDAP_DOMAIN=authy.auth.co \\\n# \t-e LDAP_ORGANISATION=\"E Corp\" \\\n# \t-e LDAP_ROOTPASS=fsociety \\\n# \t-d jess/slapd\n#\n# You can load an LDIF file (to set up your directory) like so:\n#\n# docker exec -it your_container ldapadd \\\n# \t-h localhost -p -c -x \\\n# \t-D cn=admin,dc=mycorp,dc=com -W -f data.ldif\n#\n# Be aware that by default the LDAP port is accessible from anywhere if the \\\n# host firewall is unconfigured.\n#\nFROM debian:bullseye-slim\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN apt-get update && LC_ALL=C DEBIAN_FRONTEND=noninteractive \\\n\tapt-get install -y \\\n\tldap-utils \\\n\tslapd \\\n\t--no-install-recommends \\\n\t&& rm -rf /var/lib/apt/lists/*\n\n# Just some default values for fun!\nENV LDAP_ROOTPASS=fsociety LDAP_ORGANIZATION=\"E CORP\" LDAP_DOMAIN=mr.robot.com\n\nCOPY start.sh /start.sh\n\nENTRYPOINT [ \"/start.sh\" ]\n" }, { "path": "slapd/start.sh", "content": "#!/bin/bash\nset -e\nset -o pipefail\n\n: LDAP_ROOTPASS=\"${LDAP_ROOTPASS}\"\n: LDAP_DOMAIN=\"${LDAP_DOMAIN}\"\n: LDAP_ORGANIZATION=\"${LDAP_ORGANIZATION}\"\n\nif [ ! -e /var/lib/ldap/docker_bootstrapped ]; then\n echo \"configuring slapd for first run\"\n\n cat <\"\n\nENV LANG \"en_US.UTF-8\"\nENV LANGUAGE \"en_US.UTF-8\"\nENV TERM \"xterm\"\n\nRUN apk add --no-cache \\\n\t\tbash \\\n\t\tca-certificates \\\n\t\tlibmediainfo \\\n\t\tmono \\\n\t\ttar \\\n\t\t--repository https://dl-4.alpinelinux.org/alpine/edge/testing\n\nENV SONARR_VERSION \"develop\"\nRUN mkdir -p /opt/sonarr \\\n\t&& wget \"http://update.sonarr.tv/v2/${SONARR_VERSION}/mono/NzbDrone.${SONARR_VERSION}.tar.gz\" -O /tmp/sonarr.tar.gz \\\n\t&& tar -xzvf /tmp/sonarr.tar.gz -C /opt/sonarr --strip-components 1 \\\n\t&& rm -rf /tmp/sonarr.tar.gz\n\nCOPY entrypoint.sh /usr/local/bin/entrypoint.sh\n\n# Create user and change ownership\nRUN addgroup -g 666 -S sonarr \\\n\t&& adduser -u 666 -SHG sonarr sonarr \\\n\t&& mkdir -p /config \\\n\t&& chown -R sonarr:sonarr /opt/sonarr /config\n\nWORKDIR /opt/sonarr\n\nUSER sonarr\n\nENTRYPOINT [\"entrypoint.sh\"]\n" }, { "path": "sonarr/entrypoint.sh", "content": "#!/bin/bash\nset -e\nset -o pipefail\n\nhandle_signal() {\n PID=$!\n echo \"Received signal. PID is ${PID}\"\n kill -s SIGHUP $PID\n}\n\ntrap \"handle_signal\" SIGINT SIGTERM SIGHUP\n\necho \"Starting sonarr...\"\nexec mono --debug /opt/sonarr/NzbDrone.exe --no-browser -data=/config & wait\necho \"Stopping sonarr...\"\n" }, { "path": "spotify/Dockerfile", "content": "# Run spotify in a container\n#\n# docker run -d \\\n#\t-v /etc/localtime:/etc/localtime:ro \\\n#\t-v /tmp/.X11-unix:/tmp/.X11-unix \\\n#\t-e DISPLAY=unix$DISPLAY \\\n#\t--device /dev/snd:/dev/snd \\\n#\t-v $HOME/.spotify/config:/home/spotify/.config/spotify \\\n#\t-v $HOME/.spotify/cache:/home/spotify/spotify \\\n#\t--name spotify \\\n#\tjess/spotify\n#\nFROM debian:sid-slim\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN\tapt-get update && apt-get install -y \\\n\tca-certificates \\\n\tcurl \\\n\tdirmngr \\\n\tgnupg \\\n\t--no-install-recommends \\\n\t&& curl -sS https://download.spotify.com/debian/pubkey_0D811D58.gpg | apt-key add - \\\n\t&& echo \"deb http://repository.spotify.com stable non-free\" >> /etc/apt/sources.list.d/spotify.list \\\n\t&& apt-get update && apt-get install -y \\\n\talsa-utils \\\n\tlibgl1-mesa-dri \\\n\tlibgl1-mesa-glx \\\n\tlibpulse0 \\\n\tlibsm6 \\\n\tspotify-client \\\n\txdg-utils \\\n\t--no-install-recommends \\\n\t&& rm -rf /var/lib/apt/lists/*\n\nENV HOME /home/spotify\nRUN useradd --create-home --home-dir $HOME spotify \\\n\t&& gpasswd -a spotify audio \\\n\t&& chown -R spotify:spotify $HOME\n\nWORKDIR $HOME\nUSER spotify\n\n# make search bar text better\nRUN echo \"QLineEdit { color: #000 }\" > /home/spotify/spotify-override.css\n\nENTRYPOINT\t[ \"spotify\" ]\nCMD [ \"-stylesheet=/home/spotify/spotify-override.css\" ]\n" }, { "path": "spotify-wine/Dockerfile", "content": "# Run spotify windows app in a container with wine\n#\n# docker run --rm -it \\\n#\t-v /etc/localtime:/etc/localtime:ro \\\n#\t--cpuset-cpus 0 \\\n#\t-v /tmp/.X11-unix:/tmp/.X11-unix \\\n#\t-e DISPLAY=unix$DISPLAY \\\n#\t--device /dev/snd:/dev/snd \\\n#\t--name spotify-wine \\\n#\tjess/spotify-wine bash\n#\nFROM r.j3ss.co/wine\nLABEL maintainer \"Jessie Frazelle \"\n\nADD https://download.scdn.co/SpotifySetup.exe /usr/src/SpotifySetup.exe\n\nRUN echo \"wine /usr/src/SpotifySetup.exe\" > /root/.bash_history\n\nCMD [ \"bash\" ]\n" }, { "path": "strace/Dockerfile", "content": "FROM alpine:latest\n\nRUN apk add --no-cache \\\n\tbash \\\n\tstrace\n\nENTRYPOINT [\"strace\"]\n" }, { "path": "stress/Dockerfile", "content": "FROM debian:bullseye-slim\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN apt-get update && apt-get install -y \\\n\tstress \\\n\t--no-install-recommends \\\n\t&& rm -rf /var/lib/apt/lists/*\n\nENTRYPOINT [ \"stress\" ]\n" }, { "path": "sublime-text-3/Dockerfile", "content": "# DESCRIPTION:\tCreate sublime-text 3 container with its dependencies (https://www.sublimetext.com/3)\n# AUTHORS:\t\tChristian Koep , Chuck Knox \n# USAGE:\n#\t# Build sublime-text 3 image\n#\tdocker build -t sublime-text:3 .\n#\n#\t# Run the container and mount the local settings and your code\n# # Your code must be under $HOME/Documents, you only need to change it here.\n#\t\tdocker run -d -it \\\n#\t\t\t-w $HOME/Documents \\\n#\t\t\t-v $HOME/.config/sublime-text-3:$HOME/.config/sublime-text-3 \\\n#\t\t\t-v $HOME/Documents:$HOME/Documents \\\n#\t\t\t-v /tmp/.X11-unix:/tmp/.X11-unix \\\n#\t\t\t-v $HOME/.local/share/recently-used.xbel:$HOME/.local/share/recently-used.xbel \\\n#\t\t\t-e DISPLAY=$DISPLAY \\\n#\t\t\t-e NEWUSER=$USER \\\n#\t\t\t-e LANG=en_US.UTF-8 \\\n#\t\t\tsublime-text:3\n#\n# POSSIBLE ISSUES:\n#\t# 'Gtk: cannot open display: :0'\n#\tTry to set 'DISPLAY=your_host_ip:0' or run 'xhost +' on your host.\n#\t(see: https://stackoverflow.com/questions/28392949/running-chromium-inside-docker-gtk-cannot-open-display-0)\n#\n\nFROM debian:bullseye-slim\nLABEL maintainer \"Christian Koep \"\n\nRUN apt-get update && apt-get -y install \\\n\tapt-transport-https \\\n\tca-certificates \\\n\tcurl \\\n\tgnupg \\\n\tlocales \\\n\t--no-install-recommends \\\n\t&& rm -rf /var/lib/apt/lists/*\n\n# Generate system-wide UTF-8 locale\n# Sublime might nag about Ascii issue w/ Package Control otherwise\nRUN echo \"en_US.UTF-8 UTF-8\" > /etc/locale.gen && \\\n\tlocale-gen && \\\n\techo \"LANG=en_US.UTF-8\" > /etc/locale.conf\n\n# Add the sublime debian repo\nRUN curl -sSL https://download.sublimetext.com/sublimehq-pub.gpg | apt-key add -\nRUN echo \"deb https://download.sublimetext.com/ apt/stable/\" > /etc/apt/sources.list.d/sublime-text.list\n\n# Installing the libcanberra-gtk-module gets rid of a lot of annoying error messages.\nRUN apt-get update && apt-get -y install \\\n\tlibcanberra-gtk-module \\\n\tsublime-text \\\n\t--no-install-recommends \\\n\t&& rm -rf /var/lib/apt/lists/*\n\n# In order to prevent writing as root:root in Sublime, we have to run the Sublime Text container\n# as the user that creates the container. Normally we do this by passing $UID.\n# But just passing $UID along isn't enough - Sublime has to be started by a user that exists.\n# By default in the container, the only user that actually exists is root.\n# Therefore we have to create a new user, and start Sublime as that user.\n# This is not possible at build time, so the /run.sh script accepts an environment\n# variable called $NEWUSER that creates a user and group named $USER.\n# Additional note: Sublime puts a lot of stuff in ~/.config, which is mounted at runtime. Without this directory being mounted, settings/packages/etc won't persist.\nCOPY run.sh /run.sh\nRUN chmod +x /run.sh\n\nCMD [\"/run.sh\"]\n" }, { "path": "sublime-text-3/run.sh", "content": "#!/bin/bash\nset -e\nset -o pipefail\n\nCOMMAND=/opt/sublime_text/sublime_text\n\nif [ -z ${NEWUSER+x} ]; then\n\techo \"WARN: No user was defined, defaulting to root.\"\n\techo \"WARN: Sublime will save files as root:root.\"\n\techo \" To prevent this, start the container with -e NEWUSER=\\$USER\"\n\texec \"$COMMAND\" -w\nelse\n\t# The root user already exists, so we only need to do something if\n\t# a user has been specified.\n\tuseradd -s /bin/bash \"$NEWUSER\"\n\t# If you'd like to have Sublime Text add your development folder\n\t# to the current project (i.e. in the sidebar at start), append\n\t# \"-a /home/$NEWUSER/Documents\" (without quotes) into the su -c command below.\n\t# Example: su $NEWUSER -c \"$COMMAND -w -a /home/$NEWUSER/Documents\"\n\tsu \"$NEWUSER\" -c \"$COMMAND -w\"\nfi\n" }, { "path": "t/Dockerfile", "content": "FROM\truby:alpine\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN\tapk add --no-cache \\\n\tca-certificates\n\nRUN\tset -x \\\n\t&& apk add --no-cache --virtual .build-deps \\\n\tbuild-base \\\n\t&& gem install io-console t --no-document \\\n\t&& apk del .build-deps\n\nENTRYPOINT\t[\"t\"]\n" }, { "path": "tarsnap/Dockerfile", "content": "FROM alpine:latest\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN apk add --no-cache \\\n\tca-certificates \\\n\tgnupg \\\n\t&& rm -rf /var/lib/apt/lists/*\n\nENV TARSNAP_VERSION 1.0.39\n\nRUN set -x \\\n\t&& apk add --no-cache --virtual .build-deps \\\n\t\tbuild-base \\\n\t\tcurl \\\n\t\te2fsprogs-libs \\\n\t\te2fsprogs-dev \\\n\t\tmake \\\n\t\topenssl-dev \\\n\t\tperl-digest-sha1 \\\n\t\tperl-utils \\\n\t\ttar \\\n\t\tzlib-dev \\\n\t&& curl -sSL \"https://www.tarsnap.com/download/tarsnap-autoconf-${TARSNAP_VERSION}.tgz\" -o /tmp/tarsnap.tgz \\\n\t&& curl -sSL \"https://www.tarsnap.com/download/tarsnap-sigs-${TARSNAP_VERSION}.asc\" -o /tmp/tarsnap.tgz.asc \\\n\t&& curl -sSL \"https://www.tarsnap.com/tarsnap-signing-key-2015.asc\" | gpg --no-tty --import \\\n\t&& sha=$(gpg --decrypt /tmp/tarsnap.tgz.asc | awk '{ print $4 }') \\\n\t&& if [ \"$sha\" != \"$(shasum -a 256 /tmp/tarsnap.tgz | awk '{ print $1 }')\" ]; then exit 1; fi \\\n\t&& mkdir -p /usr/src/tarsnap \\\n\t&& tar -xzf /tmp/tarsnap.tgz -C /usr/src/tarsnap --strip-components 1 \\\n\t&& rm /tmp/tarsnap.tgz* \\\n\t&& ( \\\n\t\tcd /usr/src/tarsnap \\\n\t\t&& ./configure --prefix=/usr \\\n\t\t&& make \\\n\t\t&& make install \\\n\t) \\\n\t&& rm -rf /usr/src/tarsnap \\\n\t&& apk del .build-deps\n\nENTRYPOINT [ \"tarsnap\" ]\nCMD [ \"--help\" ]\n" }, { "path": "telize/Dockerfile", "content": "FROM shurshun/openresty:latest\n\nSTOPSIGNAL SIGTERM\n\nEXPOSE 80 443\n\nENV TELIZE_VERSION 66063c6c6e5bbbafcf493c5bc7c825f0a6e1b03d\nENV LICENSE_KEY lgNvGyhnUKpa5PJi\n\nRUN apk add --no-cache \\\n\tca-certificates \\\n\tcurl \\\n\tgit\n\nRUN addgroup -S nginx \\\n\t&& adduser -D -S -h /var/cache/nginx -s /sbin/nologin -G nginx nginx\n\nRUN set -x \\\n && mkdir -p /usr/share/GeoIP \\\n && curl -sSL \"https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-Country&license_key=${LICENSE_KEY}&suffix=tar.gz\" | tar -xzf - --strip-components 1 -C /usr/share/GeoIP \\\n && curl -sSL \"https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-City&license_key=${LICENSE_KEY}&suffix=tar.gz\" | tar -xzf - --strip-components 1 -C /usr/share/GeoIP \\\n && curl -sSL \"https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-ASN&license_key=${LICENSE_KEY}&suffix=tar.gz\" | tar -xzf - --strip-components 1 -C /usr/share/GeoIP \\\n && git clone https://github.com/fcambus/telize.git /usr/src/telize \\\n && ( \\\n cd /usr/src/telize \\\n && git checkout \"$TELIZE_VERSION\" \\\n && cp *.conf /etc/nginx/ \\\n ) \\\n && rm -rf /usr/src/telize\n\nCOPY nginx.conf /etc/nginx/nginx.conf\nCOPY mime.types /etc/nginx/mime.types\nCOPY telize.conf /etc/nginx/conf.d/telize.conf\n\nCMD [\"nginx\", \"-g\", \"daemon off;\"]\n" }, { "path": "telize/country-code3.conf", "content": "map $geoip2_country_code $geoip2_country_code3 {\n\t\"AD\" \"AND\";\n\t\"AE\" \"ARE\";\n\t\"AF\" \"AFG\";\n\t\"AG\" \"ATG\";\n\t\"AI\" \"AIA\";\n\t\"AL\" \"ALB\";\n\t\"AM\" \"ARM\";\n\t\"AO\" \"AGO\";\n\t\"AQ\" \"ATA\";\n\t\"AR\" \"ARG\";\n\t\"AS\" \"ASM\";\n\t\"AT\" \"AUT\";\n\t\"AU\" \"AUS\";\n\t\"AW\" \"ABW\";\n\t\"AX\" \"ALA\";\n\t\"AZ\" \"AZE\";\n\t\"BA\" \"BIH\";\n\t\"BB\" \"BRB\";\n\t\"BD\" \"BGD\";\n\t\"BE\" \"BEL\";\n\t\"BF\" \"BFA\";\n\t\"BG\" \"BGR\";\n\t\"BH\" \"BHR\";\n\t\"BI\" \"BDI\";\n\t\"BJ\" \"BEN\";\n\t\"BL\" \"BLM\";\n\t\"BM\" \"BMU\";\n\t\"BN\" \"BRN\";\n\t\"BO\" \"BOL\";\n\t\"BQ\" \"BES\";\n\t\"BR\" \"BRA\";\n\t\"BS\" \"BHS\";\n\t\"BT\" \"BTN\";\n\t\"BV\" \"BVT\";\n\t\"BW\" \"BWA\";\n\t\"BY\" \"BLR\";\n\t\"BZ\" \"BLZ\";\n\t\"CA\" \"CAN\";\n\t\"CC\" \"CCK\";\n\t\"CD\" \"COD\";\n\t\"CF\" \"CAF\";\n\t\"CG\" \"COG\";\n\t\"CH\" \"CHE\";\n\t\"CI\" \"CIV\";\n\t\"CK\" \"COK\";\n\t\"CL\" \"CHL\";\n\t\"CM\" \"CMR\";\n\t\"CN\" \"CHN\";\n\t\"CO\" \"COL\";\n\t\"CR\" \"CRI\";\n\t\"CU\" \"CUB\";\n\t\"CV\" \"CPV\";\n\t\"CW\" \"CUW\";\n\t\"CX\" \"CXR\";\n\t\"CY\" \"CYP\";\n\t\"CZ\" \"CZE\";\n\t\"DE\" \"DEU\";\n\t\"DJ\" \"DJI\";\n\t\"DK\" \"DNK\";\n\t\"DM\" \"DMA\";\n\t\"DO\" \"DOM\";\n\t\"DZ\" \"DZA\";\n\t\"EC\" \"ECU\";\n\t\"EE\" \"EST\";\n\t\"EG\" \"EGY\";\n\t\"EH\" \"ESH\";\n\t\"ER\" \"ERI\";\n\t\"ES\" \"ESP\";\n\t\"ET\" \"ETH\";\n\t\"FI\" \"FIN\";\n\t\"FJ\" \"FJI\";\n\t\"FK\" \"FLK\";\n\t\"FM\" \"FSM\";\n\t\"FO\" \"FRO\";\n\t\"FR\" \"FRA\";\n\t\"GA\" \"GAB\";\n\t\"GB\" \"GBR\";\n\t\"GD\" \"GRD\";\n\t\"GE\" \"GEO\";\n\t\"GF\" \"GUF\";\n\t\"GG\" \"GGY\";\n\t\"GH\" \"GHA\";\n\t\"GI\" \"GIB\";\n\t\"GL\" \"GRL\";\n\t\"GM\" \"GMB\";\n\t\"GN\" \"GIN\";\n\t\"GP\" \"GLP\";\n\t\"GQ\" \"GNQ\";\n\t\"GR\" \"GRC\";\n\t\"GS\" \"SGS\";\n\t\"GT\" \"GTM\";\n\t\"GU\" \"GUM\";\n\t\"GW\" \"GNB\";\n\t\"GY\" \"GUY\";\n\t\"HK\" \"HKG\";\n\t\"HM\" \"HMD\";\n\t\"HN\" \"HND\";\n\t\"HR\" \"HRV\";\n\t\"HT\" \"HTI\";\n\t\"HU\" \"HUN\";\n\t\"ID\" \"IDN\";\n\t\"IE\" \"IRL\";\n\t\"IL\" \"ISR\";\n\t\"IM\" \"IMN\";\n\t\"IN\" \"IND\";\n\t\"IO\" \"IOT\";\n\t\"IQ\" \"IRQ\";\n\t\"IR\" \"IRN\";\n\t\"IS\" \"ISL\";\n\t\"IT\" \"ITA\";\n\t\"JE\" \"JEY\";\n\t\"JM\" \"JAM\";\n\t\"JO\" \"JOR\";\n\t\"JP\" \"JPN\";\n\t\"KE\" \"KEN\";\n\t\"KG\" \"KGZ\";\n\t\"KH\" \"KHM\";\n\t\"KI\" \"KIR\";\n\t\"KM\" \"COM\";\n\t\"KN\" \"KNA\";\n\t\"KP\" \"PRK\";\n\t\"KR\" \"KOR\";\n\t\"KW\" \"KWT\";\n\t\"KY\" \"CYM\";\n\t\"KZ\" \"KAZ\";\n\t\"LA\" \"LAO\";\n\t\"LB\" \"LBN\";\n\t\"LC\" \"LCA\";\n\t\"LI\" \"LIE\";\n\t\"LK\" \"LKA\";\n\t\"LR\" \"LBR\";\n\t\"LS\" \"LSO\";\n\t\"LT\" \"LTU\";\n\t\"LU\" \"LUX\";\n\t\"LV\" \"LVA\";\n\t\"LY\" \"LBY\";\n\t\"MA\" \"MAR\";\n\t\"MC\" \"MCO\";\n\t\"MD\" \"MDA\";\n\t\"ME\" \"MNE\";\n\t\"MF\" \"MAF\";\n\t\"MG\" \"MDG\";\n\t\"MH\" \"MHL\";\n\t\"MK\" \"MKD\";\n\t\"ML\" \"MLI\";\n\t\"MM\" \"MMR\";\n\t\"MN\" \"MNG\";\n\t\"MO\" \"MAC\";\n\t\"MP\" \"MNP\";\n\t\"MQ\" \"MTQ\";\n\t\"MR\" \"MRT\";\n\t\"MS\" \"MSR\";\n\t\"MT\" \"MLT\";\n\t\"MU\" \"MUS\";\n\t\"MV\" \"MDV\";\n\t\"MW\" \"MWI\";\n\t\"MX\" \"MEX\";\n\t\"MY\" \"MYS\";\n\t\"MZ\" \"MOZ\";\n\t\"NA\" \"NAM\";\n\t\"NC\" \"NCL\";\n\t\"NE\" \"NER\";\n\t\"NF\" \"NFK\";\n\t\"NG\" \"NGA\";\n\t\"NI\" \"NIC\";\n\t\"NL\" \"NLD\";\n\t\"NO\" \"NOR\";\n\t\"NP\" \"NPL\";\n\t\"NR\" \"NRU\";\n\t\"NU\" \"NIU\";\n\t\"NZ\" \"NZL\";\n\t\"OM\" \"OMN\";\n\t\"PA\" \"PAN\";\n\t\"PE\" \"PER\";\n\t\"PF\" \"PYF\";\n\t\"PG\" \"PNG\";\n\t\"PH\" \"PHL\";\n\t\"PK\" \"PAK\";\n\t\"PL\" \"POL\";\n\t\"PM\" \"SPM\";\n\t\"PN\" \"PCN\";\n\t\"PR\" \"PRI\";\n\t\"PS\" \"PSE\";\n\t\"PT\" \"PRT\";\n\t\"PW\" \"PLW\";\n\t\"PY\" \"PRY\";\n\t\"QA\" \"QAT\";\n\t\"RE\" \"REU\";\n\t\"RO\" \"ROU\";\n\t\"RS\" \"SRB\";\n\t\"RU\" \"RUS\";\n\t\"RW\" \"RWA\";\n\t\"SA\" \"SAU\";\n\t\"SB\" \"SLB\";\n\t\"SC\" \"SYC\";\n\t\"SD\" \"SDN\";\n\t\"SE\" \"SWE\";\n\t\"SG\" \"SGP\";\n\t\"SH\" \"SHN\";\n\t\"SI\" \"SVN\";\n\t\"SJ\" \"SJM\";\n\t\"SK\" \"SVK\";\n\t\"SL\" \"SLE\";\n\t\"SM\" \"SMR\";\n\t\"SN\" \"SEN\";\n\t\"SO\" \"SOM\";\n\t\"SR\" \"SUR\";\n\t\"SS\" \"SSD\";\n\t\"ST\" \"STP\";\n\t\"SV\" \"SLV\";\n\t\"SX\" \"SXM\";\n\t\"SY\" \"SYR\";\n\t\"SZ\" \"SWZ\";\n\t\"TC\" \"TCA\";\n\t\"TD\" \"TCD\";\n\t\"TF\" \"ATF\";\n\t\"TG\" \"TGO\";\n\t\"TH\" \"THA\";\n\t\"TJ\" \"TJK\";\n\t\"TK\" \"TKL\";\n\t\"TL\" \"TLS\";\n\t\"TM\" \"TKM\";\n\t\"TN\" \"TUN\";\n\t\"TO\" \"TON\";\n\t\"TR\" \"TUR\";\n\t\"TT\" \"TTO\";\n\t\"TV\" \"TUV\";\n\t\"TW\" \"TWN\";\n\t\"TZ\" \"TZA\";\n\t\"UA\" \"UKR\";\n\t\"UG\" \"UGA\";\n\t\"UM\" \"UMI\";\n\t\"US\" \"USA\";\n\t\"UY\" \"URY\";\n\t\"UZ\" \"UZB\";\n\t\"VA\" \"VAT\";\n\t\"VC\" \"VCT\";\n\t\"VE\" \"VEN\";\n\t\"VG\" \"VGB\";\n\t\"VI\" \"VIR\";\n\t\"VN\" \"VNM\";\n\t\"VU\" \"VUT\";\n\t\"WF\" \"WLF\";\n\t\"WS\" \"WSM\";\n\t\"YE\" \"YEM\";\n\t\"YT\" \"MYT\";\n\t\"ZA\" \"ZAF\";\n\t\"ZM\" \"ZMB\";\n\t\"ZW\" \"ZWE\";\n}\n" }, { "path": "telize/mime.types", "content": "types {\n\n# Audio\n audio/midi mid midi kar;\n audio/mp4 aac f4a f4b m4a;\n audio/mpeg mp3;\n audio/ogg oga ogg;\n audio/x-realaudio ra;\n audio/x-wav wav;\n\n# Images\n image/bmp bmp;\n image/gif gif;\n image/jpeg jpeg jpg;\n image/png png;\n image/tiff tif tiff;\n image/vnd.wap.wbmp wbmp;\n image/webp webp;\n image/x-icon ico cur;\n image/x-jng jng;\n\n# JavaScript\n application/javascript js;\n application/json json;\n\n# Manifest files\n application/x-web-app-manifest+json webapp;\n text/cache-manifest manifest appcache;\n\n# Microsoft Office\n application/msword doc;\n application/vnd.ms-excel xls;\n application/vnd.ms-powerpoint ppt;\n application/vnd.openxmlformats-officedocument.wordprocessingml.document docx;\n application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx;\n application/vnd.openxmlformats-officedocument.presentationml.presentation pptx;\n\n# Video\n video/3gpp 3gpp 3gp;\n video/mp4 mp4 m4v f4v f4p;\n video/mpeg mpeg mpg;\n video/ogg ogv;\n video/quicktime mov;\n video/webm webm;\n video/x-flv flv;\n video/x-mng mng;\n video/x-ms-asf asx asf;\n video/x-ms-wmv wmv;\n video/x-msvideo avi;\n\n# Web feeds\n application/xml atom rdf rss xml;\n\n# Web fonts\n application/font-woff woff;\n application/font-woff2 woff2;\n application/vnd.ms-fontobject eot;\n application/x-font-ttf ttc ttf;\n font/opentype otf;\n image/svg+xml svg svgz;\n\n# Other\n application/java-archive jar war ear;\n application/mac-binhex40 hqx;\n application/pdf pdf;\n application/postscript ps eps ai;\n application/rtf rtf;\n application/vnd.wap.wmlc wmlc;\n application/xhtml+xml xhtml;\n application/vnd.google-earth.kml+xml kml;\n application/vnd.google-earth.kmz kmz;\n application/x-7z-compressed 7z;\n application/x-chrome-extension crx;\n application/x-opera-extension oex;\n application/x-xpinstall xpi;\n application/x-cocoa cco;\n application/x-java-archive-diff jardiff;\n application/x-java-jnlp-file jnlp;\n application/x-makeself run;\n application/x-perl pl pm;\n application/x-pilot prc pdb;\n application/x-rar-compressed rar;\n application/x-redhat-package-manager rpm;\n application/x-sea sea;\n application/x-shockwave-flash swf;\n application/x-stuffit sit;\n application/x-tcl tcl tk;\n application/x-x509-ca-cert der pem crt;\n application/x-bittorrent torrent;\n application/zip zip;\n\n application/octet-stream bin exe dll;\n application/octet-stream deb;\n application/octet-stream dmg;\n application/octet-stream iso img;\n application/octet-stream msi msp msm;\n application/octet-stream safariextz;\n\n text/css css;\n text/html html htm shtml;\n text/mathml mml;\n text/plain txt;\n text/vnd.sun.j2me.app-descriptor jad;\n text/vnd.wap.wml wml;\n text/vtt vtt;\n text/x-component htc;\n text/x-vcard vcf;\n\n}\n" }, { "path": "telize/nginx.conf", "content": "include /etc/nginx/modules-enabled/*;\n\nuser nginx;\n\nworker_processes 2;\nworker_rlimit_nofile 8192;\n\npid /run/nginx.pid;\n\nevents {\n\tworker_connections 8000;\n\t# multi_accept on;\n}\n\nhttp {\n\tserver_tokens off;\n\n\tinclude /etc/nginx/mime.types;\n\tdefault_type application/octet-stream;\n\n\t# Update charset_types due to updated mime.types\n\tcharset_types text/xml text/plain text/vnd.wap.wml application/x-javascript application/rss+xml text/css application/javascript application/json;\n\n\t# Format to use in log files\n\tlog_format main '$remote_addr - $remote_user [$time_local] \"$request\" '\n '$status $body_bytes_sent \"$http_referer\" '\n '\"$http_user_agent\" \"$http_x_forwarded_for\"';\n\n\n\t##\n\t# Logging Settings\n\t##\n\n\taccess_log /var/log/nginx/access.log main;\n\terror_log /var/log/nginx/error.log warn;\n\n\t# How long to allow each connection to stay idle; longer values are better\n\t# for each individual client, particularly for SSL, but means that worker\n\t# connections are tied up longer. (Default: 65)\n\tkeepalive_timeout 20;\n\n\t# Speed up file transfers by using sendfile() to copy directly\n\t# between descriptors rather than using read()/write().\n\tsendfile on;\n\n\t# Tell Nginx not to send out partial frames; this increases throughput\n\t# since TCP frames are filled up before being sent out. (adds TCP_CORK)\n\ttcp_nopush on;\n\n\n\t# Compression\n\n\t# Enable Gzip compressed.\n\tgzip on;\n\n\t# Compression level (1-9).\n\t# 5 is a perfect compromise between size and cpu usage, offering about\n\t# 75% reduction for most ascii files (almost identical to level 9).\n\tgzip_comp_level 5;\n\n\t# Don't compress anything that's already small and unlikely to shrink much\n\t# if at all (the default is 20 bytes, which is bad as that usually leads to\n\t# larger files after gzipping).\n\tgzip_min_length 256;\n\n\t# Compress data even for clients that are connecting to us via proxies,\n\t# identified by the \"Via\" header (required for CloudFront).\n\tgzip_proxied any;\n\n\t# Tell proxies to cache both the gzipped and regular version of a resource\n\t# whenever the client's Accept-Encoding capabilities header varies;\n\t# Avoids the issue where a non-gzip capable client (which is extremely rare\n\t# today) would display gibberish if their proxy gave them the gzipped version.\n\tgzip_vary on;\n\n\t# Compress all output labeled with one of the following MIME-types.\n\tgzip_types\n\tapplication/atom+xml\n\tapplication/javascript\n\tapplication/json\n\tapplication/rss+xml\n\tapplication/vnd.ms-fontobject\n\tapplication/x-font-ttf\n\tapplication/x-web-app-manifest+json\n\tapplication/xhtml+xml\n\tapplication/xml\n\tfont/opentype\n\timage/svg+xml\n\timage/x-icon\n\ttext/css\n\ttext/plain\n\ttext/x-component;\n\t# text/html is always compressed by HttpGzipModule\n\n ##\n # GeoIP\n ##\n\n map_hash_bucket_size 64;\n map_hash_max_size 8192;\n\n\tinclude\t\t\t/etc/nginx/country-code3.conf;\n include\t\t\t/etc/nginx/timezone-offset.conf;\n\n\tgeoip2 /usr/share/GeoIP/GeoLite2-City.mmdb {\n $geoip2_continent_code continent code;\n $geoip2_country country names en;\n $geoip2_country_code country iso_code;\n $geoip2_region subdivisions 0 names en;\n $geoip2_region_code subdivisions 0 iso_code;\n $geoip2_city city names en;\n $geoip2_postal_code postal code;\n $geoip2_latitude location latitude;\n $geoip2_longitude location longitude;\n $geoip2_timezone location time_zone;\n }\n\n geoip2 /usr/share/GeoIP/GeoLite2-ASN.mmdb {\n $geoip2_asn autonomous_system_number;\n $geoip2_organization autonomous_system_organization;\n }\n\n # Virtual hosts\n include /etc/nginx/conf.d/telize.conf;\n}\n" }, { "path": "telize/telize.conf", "content": "###############################################################################\n# #\n# Telize 2.0.0 #\n# Copyright (c) 2013-2018, Frederic Cambus #\n# https://www.telize.com #\n# #\n# Created: 2013-08-15 #\n# Last Updated: 2018-03-15 #\n# #\n# Telize is released under the BSD 2-Clause license. #\n# See LICENSE file for details. #\n# #\n###############################################################################\n\nserver {\n\t# Configuration variables\n\tset $cors \"true\";\n\tset $cors_origin \"*\";\n\n\tserver_name 127.0.0.1;\n\n\t# Uncomment when using Telize behind a load balancer\n\t# set_real_ip_from 10.0.0.0/8; # Put your load balancer IP range here\n\t# real_ip_header X-Forwarded-For;\n\n\tcharset_types application/json;\n\n\tkeepalive_timeout 0;\n\tgzip off;\n\n\tlocation ~ /ip$ {\n\t\tcharset off;\n\t\tdefault_type text/plain;\n\n\t\tadd_header Cache-Control no-cache;\n\n\t\tcontent_by_lua_block {\n\t\t\tngx.say(ngx.var.remote_addr)\n\t\t}\n\t}\n\n\tlocation ~ /jsonip$ {\n\t\tcharset utf-8;\n\t\tdefault_type application/json;\n\n\t\tif ($cors = \"true\") {\n\t\t\tadd_header Access-Control-Allow-Origin $cors_origin;\n\t\t}\n\n\t\tcontent_by_lua_block {\n\t\t\tlocal cjson = require \"cjson\"\n\n\t\t\tngx.header[\"Cache-Control\"] = \"no-cache\";\n\n\t\t\tlocal json = cjson.encode({\n\t\t\t\tip = ngx.var.remote_addr\n\t\t\t})\n\n\t\t\tlocal callback = ngx.var.arg_callback\n\n\t\t\tif callback then\n\t\t\t\tngx.say(callback, \"(\", json, \");\")\n\t\t\telse\n\t\t\t\tngx.say(json)\n\t\t\tend\n\t\t}\n\t}\n\n\tlocation ~ /geoip/?(?.*) {\n\t\tif ($ip = \"\") {\n\t\t\tset $ip $remote_addr;\n\t\t}\n\n\t\t# Uncomment when using Telize behind a load balancer, and\n\t\t# comment the directive setting X-Real-IP\n\t\t# proxy_set_header X-Forwarded-For $ip;\n\n\t\tproxy_set_header X-Real-IP $ip;\n\t\tproxy_set_header Host $host;\n\t\tproxy_pass $scheme://127.0.0.1/jsonify?callback=$arg_callback;\n\t}\n\n\tlocation /jsonify {\n\t\tcharset utf-8;\n\t\tdefault_type application/json;\n\n\t\tif ($cors = \"true\") {\n\t\t\tadd_header Access-Control-Allow-Origin $cors_origin;\n\t\t}\n\n\t\tset_real_ip_from 127.0.0.1;\n\n\t\taccess_log off;\n\n\t\tcontent_by_lua_block {\n\t\t\tlocal cjson = require \"cjson\"\n\n\t\t\tngx.header[\"Cache-Control\"] = \"no-cache\";\n\n\t\t\t-- Check for invalid IP addresses\n\t\t\tif ngx.var.remote_addr == \"127.0.0.1\" then\n\t\t\t\tngx.status = ngx.HTTP_BAD_REQUEST\n\t\t\t\tngx.say(cjson.encode({\n\t\t\t\t\tcode = 401,\n\t\t\t\t\tmessage = \"Input string is not a valid IP address\"\n\t\t\t\t}))\n\t\t\t\tngx.exit(ngx.HTTP_OK)\n\t\t\tend\n\n\t\t\tlocal payload = {\n\t\t\t\tip = ngx.var.remote_addr,\n\t\t\t\tcontinent_code = ngx.var.geoip2_continent_code,\n\t\t\t\tcountry = ngx.var.geoip2_country,\n\t\t\t\tcountry_code = ngx.var.geoip2_country_code,\n\t\t\t\tcountry_code3 = ngx.var.geoip2_country_code3,\n\t\t\t\tregion = ngx.var.geoip2_region,\n\t\t\t\tregion_code = ngx.var.geoip2_region_code,\n\t\t\t\tcity = ngx.var.geoip2_city,\n\t\t\t\tpostal_code = ngx.var.geoip2_postal_code,\n\t\t\t\tlatitude = ngx.var.geoip2_latitude,\n\t\t\t\tlongitude = ngx.var.geoip2_longitude,\n\t\t\t\ttimezone = ngx.var.geoip2_timezone,\n\t\t\t\toffset = ngx.var.geoip2_offset,\n\t\t\t\tasn = ngx.var.geoip2_asn,\n\t\t\t\torganization = ngx.var.geoip2_organization,\n\t\t\t}\n\n\t\t\t-- Validate payload\n\t\t\tfor item, value in pairs(payload) do\n\t\t\t\tif payload[item] == \"\" then\n\t\t\t\t\tpayload[item] = nil\n\t\t\t\tend\n\t\t\tend\n\n\t\t\t-- Convert latitude and longitude to numeric values\n\t\t\tif payload.latitude ~= nil and payload.longitude ~= nil then\n\t\t\t\tpayload.latitude = tonumber(payload.latitude)\n\t\t\t\tpayload.longitude = tonumber(payload.longitude)\n\t\t\tend\n\n\t\t\t-- Convert timezone offset to numeric value\n\t\t\tif payload.offset ~= nil then\n\t\t\t\tpayload.offset = tonumber(payload.offset)\n\t\t\tend\n\n\t\t\t-- Convert ASN to numeric value\n\t\t\tif payload.asn ~= nil then\n\t\t\t\tpayload.asn = tonumber(payload.asn)\n\t\t\tend\n\n\t\t\tlocal json = cjson.encode(payload)\n\n\t\t\tlocal callback = ngx.var.arg_callback\n\n\t\t\tif callback ~= \"\" then\n\t\t\t\tngx.say(callback, \"(\", json, \");\")\n\t\t\telse\n\t\t\t\tngx.say(json)\n\t\t\tend\n\t\t}\n\t}\n}\n" }, { "path": "telize/timezone-offset.conf", "content": "map $geoip2_timezone $geoip2_offset {\n\t\"Africa/Abidjan\" 0;\n\t\"Africa/Accra\" 0;\n\t\"Africa/Addis_Ababa\" 10800;\n\t\"Africa/Algiers\" 3600;\n\t\"Africa/Asmara\" 10800;\n\t\"Africa/Asmera\" 10800;\n\t\"Africa/Bamako\" 0;\n\t\"Africa/Bangui\" 3600;\n\t\"Africa/Banjul\" 0;\n\t\"Africa/Bissau\" 0;\n\t\"Africa/Blantyre\" 7200;\n\t\"Africa/Brazzaville\" 3600;\n\t\"Africa/Bujumbura\" 7200;\n\t\"Africa/Cairo\" 7200;\n\t\"Africa/Casablanca\" 0;\n\t\"Africa/Ceuta\" 3600;\n\t\"Africa/Conakry\" 0;\n\t\"Africa/Dakar\" 0;\n\t\"Africa/Dar_es_Salaam\" 10800;\n\t\"Africa/Djibouti\" 10800;\n\t\"Africa/Douala\" 3600;\n\t\"Africa/El_Aaiun\" 0;\n\t\"Africa/Freetown\" 0;\n\t\"Africa/Gaborone\" 7200;\n\t\"Africa/Harare\" 7200;\n\t\"Africa/Johannesburg\" 7200;\n\t\"Africa/Juba\" 10800;\n\t\"Africa/Kampala\" 10800;\n\t\"Africa/Khartoum\" 7200;\n\t\"Africa/Kigali\" 7200;\n\t\"Africa/Kinshasa\" 3600;\n\t\"Africa/Lagos\" 3600;\n\t\"Africa/Libreville\" 3600;\n\t\"Africa/Lome\" 0;\n\t\"Africa/Luanda\" 3600;\n\t\"Africa/Lubumbashi\" 7200;\n\t\"Africa/Lusaka\" 7200;\n\t\"Africa/Malabo\" 3600;\n\t\"Africa/Maputo\" 7200;\n\t\"Africa/Maseru\" 7200;\n\t\"Africa/Mbabane\" 7200;\n\t\"Africa/Mogadishu\" 10800;\n\t\"Africa/Monrovia\" 0;\n\t\"Africa/Nairobi\" 10800;\n\t\"Africa/Ndjamena\" 3600;\n\t\"Africa/Niamey\" 3600;\n\t\"Africa/Nouakchott\" 0;\n\t\"Africa/Ouagadougou\" 0;\n\t\"Africa/Porto-Novo\" 3600;\n\t\"Africa/Sao_Tome\" 3600;\n\t\"Africa/Timbuktu\" 0;\n\t\"Africa/Tripoli\" 7200;\n\t\"Africa/Tunis\" 3600;\n\t\"Africa/Windhoek\" 7200;\n\t\"America/Adak\" -36000;\n\t\"America/Anchorage\" -32400;\n\t\"America/Anguilla\" -14400;\n\t\"America/Antigua\" -14400;\n\t\"America/Araguaina\" -10800;\n\t\"America/Argentina/Buenos_Aires\" -10800;\n\t\"America/Argentina/Catamarca\" -10800;\n\t\"America/Argentina/ComodRivadavia\" -10800;\n\t\"America/Argentina/Cordoba\" -10800;\n\t\"America/Argentina/Jujuy\" -10800;\n\t\"America/Argentina/La_Rioja\" -10800;\n\t\"America/Argentina/Mendoza\" -10800;\n\t\"America/Argentina/Rio_Gallegos\" -10800;\n\t\"America/Argentina/Salta\" -10800;\n\t\"America/Argentina/San_Juan\" -10800;\n\t\"America/Argentina/San_Luis\" -10800;\n\t\"America/Argentina/Tucuman\" -10800;\n\t\"America/Argentina/Ushuaia\" -10800;\n\t\"America/Aruba\" -14400;\n\t\"America/Asuncion\" -10800;\n\t\"America/Atikokan\" -18000;\n\t\"America/Atka\" -36000;\n\t\"America/Bahia\" -10800;\n\t\"America/Bahia_Banderas\" -21600;\n\t\"America/Barbados\" -14400;\n\t\"America/Belem\" -10800;\n\t\"America/Belize\" -21600;\n\t\"America/Blanc-Sablon\" -14400;\n\t\"America/Boa_Vista\" -14400;\n\t\"America/Bogota\" -18000;\n\t\"America/Boise\" -25200;\n\t\"America/Buenos_Aires\" -10800;\n\t\"America/Cambridge_Bay\" -25200;\n\t\"America/Campo_Grande\" -14400;\n\t\"America/Cancun\" -18000;\n\t\"America/Caracas\" -14400;\n\t\"America/Catamarca\" -10800;\n\t\"America/Cayenne\" -10800;\n\t\"America/Cayman\" -18000;\n\t\"America/Chicago\" -21600;\n\t\"America/Chihuahua\" -25200;\n\t\"America/Coral_Harbour\" -18000;\n\t\"America/Cordoba\" -10800;\n\t\"America/Costa_Rica\" -21600;\n\t\"America/Creston\" -25200;\n\t\"America/Cuiaba\" -14400;\n\t\"America/Curacao\" -14400;\n\t\"America/Danmarkshavn\" 0;\n\t\"America/Dawson\" -28800;\n\t\"America/Dawson_Creek\" -25200;\n\t\"America/Denver\" -25200;\n\t\"America/Detroit\" -18000;\n\t\"America/Dominica\" -14400;\n\t\"America/Edmonton\" -25200;\n\t\"America/Eirunepe\" -18000;\n\t\"America/El_Salvador\" -21600;\n\t\"America/Ensenada\" -28800;\n\t\"America/Fort_Nelson\" -25200;\n\t\"America/Fort_Wayne\" -18000;\n\t\"America/Fortaleza\" -10800;\n\t\"America/Glace_Bay\" -14400;\n\t\"America/Godthab\" -10800;\n\t\"America/Goose_Bay\" -14400;\n\t\"America/Grand_Turk\" -14400;\n\t\"America/Grenada\" -14400;\n\t\"America/Guadeloupe\" -14400;\n\t\"America/Guatemala\" -21600;\n\t\"America/Guayaquil\" -18000;\n\t\"America/Guyana\" -14400;\n\t\"America/Halifax\" -14400;\n\t\"America/Havana\" -18000;\n\t\"America/Hermosillo\" -25200;\n\t\"America/Indiana/Indianapolis\" -18000;\n\t\"America/Indiana/Knox\" -21600;\n\t\"America/Indiana/Marengo\" -18000;\n\t\"America/Indiana/Petersburg\" -18000;\n\t\"America/Indiana/Tell_City\" -21600;\n\t\"America/Indiana/Vevay\" -18000;\n\t\"America/Indiana/Vincennes\" -18000;\n\t\"America/Indiana/Winamac\" -18000;\n\t\"America/Indianapolis\" -18000;\n\t\"America/Inuvik\" -25200;\n\t\"America/Iqaluit\" -18000;\n\t\"America/Jamaica\" -18000;\n\t\"America/Jujuy\" -10800;\n\t\"America/Juneau\" -32400;\n\t\"America/Kentucky/Louisville\" -18000;\n\t\"America/Kentucky/Monticello\" -18000;\n\t\"America/Knox_IN\" -21600;\n\t\"America/Kralendijk\" -14400;\n\t\"America/La_Paz\" -14400;\n\t\"America/Lima\" -18000;\n\t\"America/Los_Angeles\" -28800;\n\t\"America/Louisville\" -18000;\n\t\"America/Lower_Princes\" -14400;\n\t\"America/Maceio\" -10800;\n\t\"America/Managua\" -21600;\n\t\"America/Manaus\" -14400;\n\t\"America/Marigot\" -14400;\n\t\"America/Martinique\" -14400;\n\t\"America/Matamoros\" -21600;\n\t\"America/Mazatlan\" -25200;\n\t\"America/Mendoza\" -10800;\n\t\"America/Menominee\" -21600;\n\t\"America/Merida\" -21600;\n\t\"America/Metlakatla\" -32400;\n\t\"America/Mexico_City\" -21600;\n\t\"America/Miquelon\" -10800;\n\t\"America/Moncton\" -14400;\n\t\"America/Monterrey\" -21600;\n\t\"America/Montevideo\" -10800;\n\t\"America/Montreal\" -18000;\n\t\"America/Montserrat\" -14400;\n\t\"America/Nassau\" -18000;\n\t\"America/New_York\" -18000;\n\t\"America/Nipigon\" -18000;\n\t\"America/Nome\" -32400;\n\t\"America/Noronha\" -7200;\n\t\"America/North_Dakota/Beulah\" -21600;\n\t\"America/North_Dakota/Center\" -21600;\n\t\"America/North_Dakota/New_Salem\" -21600;\n\t\"America/Ojinaga\" -25200;\n\t\"America/Panama\" -18000;\n\t\"America/Pangnirtung\" -18000;\n\t\"America/Paramaribo\" -10800;\n\t\"America/Phoenix\" -25200;\n\t\"America/Port-au-Prince\" -18000;\n\t\"America/Port_of_Spain\" -14400;\n\t\"America/Porto_Acre\" -18000;\n\t\"America/Porto_Velho\" -14400;\n\t\"America/Puerto_Rico\" -14400;\n\t\"America/Punta_Arenas\" -10800;\n\t\"America/Rainy_River\" -21600;\n\t\"America/Rankin_Inlet\" -21600;\n\t\"America/Recife\" -10800;\n\t\"America/Regina\" -21600;\n\t\"America/Resolute\" -21600;\n\t\"America/Rio_Branco\" -18000;\n\t\"America/Rosario\" -10800;\n\t\"America/Santa_Isabel\" -28800;\n\t\"America/Santarem\" -10800;\n\t\"America/Santiago\" -10800;\n\t\"America/Santo_Domingo\" -14400;\n\t\"America/Sao_Paulo\" -10800;\n\t\"America/Scoresbysund\" -3600;\n\t\"America/Shiprock\" -25200;\n\t\"America/Sitka\" -32400;\n\t\"America/St_Barthelemy\" -14400;\n\t\"America/St_Johns\" -12600;\n\t\"America/St_Kitts\" -14400;\n\t\"America/St_Lucia\" -14400;\n\t\"America/St_Thomas\" -14400;\n\t\"America/St_Vincent\" -14400;\n\t\"America/Swift_Current\" -21600;\n\t\"America/Tegucigalpa\" -21600;\n\t\"America/Thule\" -14400;\n\t\"America/Thunder_Bay\" -18000;\n\t\"America/Tijuana\" -28800;\n\t\"America/Toronto\" -18000;\n\t\"America/Tortola\" -14400;\n\t\"America/Vancouver\" -28800;\n\t\"America/Virgin\" -14400;\n\t\"America/Whitehorse\" -28800;\n\t\"America/Winnipeg\" -21600;\n\t\"America/Yakutat\" -32400;\n\t\"America/Yellowknife\" -25200;\n\t\"Antarctica/Casey\" 39600;\n\t\"Antarctica/Davis\" 25200;\n\t\"Antarctica/DumontDUrville\" 36000;\n\t\"Antarctica/Macquarie\" 39600;\n\t\"Antarctica/Mawson\" 18000;\n\t\"Antarctica/McMurdo\" 46800;\n\t\"Antarctica/Palmer\" -10800;\n\t\"Antarctica/Rothera\" -10800;\n\t\"Antarctica/South_Pole\" 46800;\n\t\"Antarctica/Syowa\" 10800;\n\t\"Antarctica/Troll\" 0;\n\t\"Antarctica/Vostok\" 21600;\n\t\"Arctic/Longyearbyen\" 3600;\n\t\"Asia/Aden\" 10800;\n\t\"Asia/Almaty\" 21600;\n\t\"Asia/Amman\" 7200;\n\t\"Asia/Anadyr\" 43200;\n\t\"Asia/Aqtau\" 18000;\n\t\"Asia/Aqtobe\" 18000;\n\t\"Asia/Ashgabat\" 18000;\n\t\"Asia/Ashkhabad\" 18000;\n\t\"Asia/Atyrau\" 18000;\n\t\"Asia/Baghdad\" 10800;\n\t\"Asia/Bahrain\" 10800;\n\t\"Asia/Baku\" 14400;\n\t\"Asia/Bangkok\" 25200;\n\t\"Asia/Barnaul\" 25200;\n\t\"Asia/Beirut\" 7200;\n\t\"Asia/Bishkek\" 21600;\n\t\"Asia/Brunei\" 28800;\n\t\"Asia/Calcutta\" 19800;\n\t\"Asia/Chita\" 32400;\n\t\"Asia/Choibalsan\" 28800;\n\t\"Asia/Chongqing\" 28800;\n\t\"Asia/Chungking\" 28800;\n\t\"Asia/Colombo\" 19800;\n\t\"Asia/Dacca\" 21600;\n\t\"Asia/Damascus\" 7200;\n\t\"Asia/Dhaka\" 21600;\n\t\"Asia/Dili\" 32400;\n\t\"Asia/Dubai\" 14400;\n\t\"Asia/Dushanbe\" 18000;\n\t\"Asia/Famagusta\" 7200;\n\t\"Asia/Gaza\" 7200;\n\t\"Asia/Harbin\" 28800;\n\t\"Asia/Hebron\" 7200;\n\t\"Asia/Ho_Chi_Minh\" 25200;\n\t\"Asia/Hong_Kong\" 28800;\n\t\"Asia/Hovd\" 25200;\n\t\"Asia/Irkutsk\" 28800;\n\t\"Asia/Istanbul\" 10800;\n\t\"Asia/Jakarta\" 25200;\n\t\"Asia/Jayapura\" 32400;\n\t\"Asia/Jerusalem\" 7200;\n\t\"Asia/Kabul\" 16200;\n\t\"Asia/Kamchatka\" 43200;\n\t\"Asia/Karachi\" 18000;\n\t\"Asia/Kashgar\" 21600;\n\t\"Asia/Kathmandu\" 20700;\n\t\"Asia/Katmandu\" 20700;\n\t\"Asia/Khandyga\" 32400;\n\t\"Asia/Kolkata\" 19800;\n\t\"Asia/Krasnoyarsk\" 25200;\n\t\"Asia/Kuala_Lumpur\" 28800;\n\t\"Asia/Kuching\" 28800;\n\t\"Asia/Kuwait\" 10800;\n\t\"Asia/Macao\" 28800;\n\t\"Asia/Macau\" 28800;\n\t\"Asia/Magadan\" 39600;\n\t\"Asia/Makassar\" 28800;\n\t\"Asia/Manila\" 28800;\n\t\"Asia/Muscat\" 14400;\n\t\"Asia/Nicosia\" 7200;\n\t\"Asia/Novokuznetsk\" 25200;\n\t\"Asia/Novosibirsk\" 25200;\n\t\"Asia/Omsk\" 21600;\n\t\"Asia/Oral\" 18000;\n\t\"Asia/Phnom_Penh\" 25200;\n\t\"Asia/Pontianak\" 25200;\n\t\"Asia/Pyongyang\" 30600;\n\t\"Asia/Qatar\" 10800;\n\t\"Asia/Qyzylorda\" 21600;\n\t\"Asia/Rangoon\" 23400;\n\t\"Asia/Riyadh\" 10800;\n\t\"Asia/Saigon\" 25200;\n\t\"Asia/Sakhalin\" 39600;\n\t\"Asia/Samarkand\" 18000;\n\t\"Asia/Seoul\" 32400;\n\t\"Asia/Shanghai\" 28800;\n\t\"Asia/Singapore\" 28800;\n\t\"Asia/Srednekolymsk\" 39600;\n\t\"Asia/Taipei\" 28800;\n\t\"Asia/Tashkent\" 18000;\n\t\"Asia/Tbilisi\" 14400;\n\t\"Asia/Tehran\" 12600;\n\t\"Asia/Tel_Aviv\" 7200;\n\t\"Asia/Thimbu\" 21600;\n\t\"Asia/Thimphu\" 21600;\n\t\"Asia/Tokyo\" 32400;\n\t\"Asia/Tomsk\" 25200;\n\t\"Asia/Ujung_Pandang\" 28800;\n\t\"Asia/Ulaanbaatar\" 28800;\n\t\"Asia/Ulan_Bator\" 28800;\n\t\"Asia/Urumqi\" 21600;\n\t\"Asia/Ust-Nera\" 36000;\n\t\"Asia/Vientiane\" 25200;\n\t\"Asia/Vladivostok\" 36000;\n\t\"Asia/Yakutsk\" 32400;\n\t\"Asia/Yangon\" 23400;\n\t\"Asia/Yekaterinburg\" 18000;\n\t\"Asia/Yerevan\" 14400;\n\t\"Atlantic/Azores\" -3600;\n\t\"Atlantic/Bermuda\" -14400;\n\t\"Atlantic/Canary\" 0;\n\t\"Atlantic/Cape_Verde\" -3600;\n\t\"Atlantic/Faeroe\" 0;\n\t\"Atlantic/Faroe\" 0;\n\t\"Atlantic/Jan_Mayen\" 3600;\n\t\"Atlantic/Madeira\" 0;\n\t\"Atlantic/Reykjavik\" 0;\n\t\"Atlantic/South_Georgia\" -7200;\n\t\"Atlantic/St_Helena\" 0;\n\t\"Atlantic/Stanley\" -10800;\n\t\"Australia/ACT\" 39600;\n\t\"Australia/Adelaide\" 37800;\n\t\"Australia/Brisbane\" 36000;\n\t\"Australia/Broken_Hill\" 37800;\n\t\"Australia/Canberra\" 39600;\n\t\"Australia/Currie\" 39600;\n\t\"Australia/Darwin\" 34200;\n\t\"Australia/Eucla\" 31500;\n\t\"Australia/Hobart\" 39600;\n\t\"Australia/LHI\" 39600;\n\t\"Australia/Lindeman\" 36000;\n\t\"Australia/Lord_Howe\" 39600;\n\t\"Australia/Melbourne\" 39600;\n\t\"Australia/NSW\" 39600;\n\t\"Australia/North\" 34200;\n\t\"Australia/Perth\" 28800;\n\t\"Australia/Queensland\" 36000;\n\t\"Australia/South\" 37800;\n\t\"Australia/Sydney\" 39600;\n\t\"Australia/Tasmania\" 39600;\n\t\"Australia/Victoria\" 39600;\n\t\"Australia/West\" 28800;\n\t\"Australia/Yancowinna\" 37800;\n\t\"Europe/Amsterdam\" 3600;\n\t\"Europe/Andorra\" 3600;\n\t\"Europe/Astrakhan\" 14400;\n\t\"Europe/Athens\" 7200;\n\t\"Europe/Belfast\" 0;\n\t\"Europe/Belgrade\" 3600;\n\t\"Europe/Berlin\" 3600;\n\t\"Europe/Bratislava\" 3600;\n\t\"Europe/Brussels\" 3600;\n\t\"Europe/Bucharest\" 7200;\n\t\"Europe/Budapest\" 3600;\n\t\"Europe/Busingen\" 3600;\n\t\"Europe/Chisinau\" 7200;\n\t\"Europe/Copenhagen\" 3600;\n\t\"Europe/Dublin\" 0;\n\t\"Europe/Gibraltar\" 3600;\n\t\"Europe/Guernsey\" 0;\n\t\"Europe/Helsinki\" 7200;\n\t\"Europe/Isle_of_Man\" 0;\n\t\"Europe/Istanbul\" 10800;\n\t\"Europe/Jersey\" 0;\n\t\"Europe/Kaliningrad\" 7200;\n\t\"Europe/Kiev\" 7200;\n\t\"Europe/Kirov\" 10800;\n\t\"Europe/Lisbon\" 0;\n\t\"Europe/Ljubljana\" 3600;\n\t\"Europe/London\" 0;\n\t\"Europe/Luxembourg\" 3600;\n\t\"Europe/Madrid\" 3600;\n\t\"Europe/Malta\" 3600;\n\t\"Europe/Mariehamn\" 7200;\n\t\"Europe/Minsk\" 10800;\n\t\"Europe/Monaco\" 3600;\n\t\"Europe/Moscow\" 10800;\n\t\"Europe/Nicosia\" 7200;\n\t\"Europe/Oslo\" 3600;\n\t\"Europe/Paris\" 3600;\n\t\"Europe/Podgorica\" 3600;\n\t\"Europe/Prague\" 3600;\n\t\"Europe/Riga\" 7200;\n\t\"Europe/Rome\" 3600;\n\t\"Europe/Samara\" 14400;\n\t\"Europe/San_Marino\" 3600;\n\t\"Europe/Sarajevo\" 3600;\n\t\"Europe/Saratov\" 14400;\n\t\"Europe/Simferopol\" 10800;\n\t\"Europe/Skopje\" 3600;\n\t\"Europe/Sofia\" 7200;\n\t\"Europe/Stockholm\" 3600;\n\t\"Europe/Tallinn\" 7200;\n\t\"Europe/Tirane\" 3600;\n\t\"Europe/Tiraspol\" 7200;\n\t\"Europe/Ulyanovsk\" 14400;\n\t\"Europe/Uzhgorod\" 7200;\n\t\"Europe/Vaduz\" 3600;\n\t\"Europe/Vatican\" 3600;\n\t\"Europe/Vienna\" 3600;\n\t\"Europe/Vilnius\" 7200;\n\t\"Europe/Volgograd\" 10800;\n\t\"Europe/Warsaw\" 3600;\n\t\"Europe/Zagreb\" 3600;\n\t\"Europe/Zaporozhye\" 7200;\n\t\"Europe/Zurich\" 3600;\n\t\"Indian/Antananarivo\" 10800;\n\t\"Indian/Chagos\" 21600;\n\t\"Indian/Christmas\" 25200;\n\t\"Indian/Cocos\" 23400;\n\t\"Indian/Comoro\" 10800;\n\t\"Indian/Kerguelen\" 18000;\n\t\"Indian/Mahe\" 14400;\n\t\"Indian/Maldives\" 18000;\n\t\"Indian/Mauritius\" 14400;\n\t\"Indian/Mayotte\" 10800;\n\t\"Indian/Reunion\" 14400;\n\t\"Pacific/Apia\" 50400;\n\t\"Pacific/Auckland\" 46800;\n\t\"Pacific/Bougainville\" 39600;\n\t\"Pacific/Chatham\" 49500;\n\t\"Pacific/Chuuk\" 36000;\n\t\"Pacific/Easter\" -18000;\n\t\"Pacific/Efate\" 39600;\n\t\"Pacific/Enderbury\" 46800;\n\t\"Pacific/Fakaofo\" 46800;\n\t\"Pacific/Fiji\" 43200;\n\t\"Pacific/Funafuti\" 43200;\n\t\"Pacific/Galapagos\" -21600;\n\t\"Pacific/Gambier\" -32400;\n\t\"Pacific/Guadalcanal\" 39600;\n\t\"Pacific/Guam\" 36000;\n\t\"Pacific/Honolulu\" -36000;\n\t\"Pacific/Johnston\" -36000;\n\t\"Pacific/Kiritimati\" 50400;\n\t\"Pacific/Kosrae\" 39600;\n\t\"Pacific/Kwajalein\" 43200;\n\t\"Pacific/Majuro\" 43200;\n\t\"Pacific/Marquesas\" -34200;\n\t\"Pacific/Midway\" -39600;\n\t\"Pacific/Nauru\" 43200;\n\t\"Pacific/Niue\" -39600;\n\t\"Pacific/Norfolk\" 39600;\n\t\"Pacific/Noumea\" 39600;\n\t\"Pacific/Pago_Pago\" -39600;\n\t\"Pacific/Palau\" 32400;\n\t\"Pacific/Pitcairn\" -28800;\n\t\"Pacific/Pohnpei\" 39600;\n\t\"Pacific/Ponape\" 39600;\n\t\"Pacific/Port_Moresby\" 36000;\n\t\"Pacific/Rarotonga\" -36000;\n\t\"Pacific/Saipan\" 36000;\n\t\"Pacific/Samoa\" -39600;\n\t\"Pacific/Tahiti\" -36000;\n\t\"Pacific/Tarawa\" 43200;\n\t\"Pacific/Tongatapu\" 46800;\n\t\"Pacific/Truk\" 36000;\n\t\"Pacific/Wake\" 43200;\n\t\"Pacific/Wallis\" 43200;\n\t\"Pacific/Yap\" 36000;\n}\n" }, { "path": "telize/tz-offset.lua", "content": "#!/usr/bin/env lua\n--[[\n###############################################################################\n# #\n# Telize 2.0.0 #\n# Copyright (c) 2013-2018, Frederic Cambus #\n# https://www.telize.com #\n# #\n# Created: 2013-08-15 #\n# Last Updated: 2018-03-15 #\n# #\n# Telize is released under the BSD 2-Clause license. #\n# See LICENSE file for details. #\n# #\n###############################################################################\n]]--\n\nlocal luatz = require \"luatz\"\n\nlocal timezones = {\n\t\"Africa/Abidjan\",\n\t\"Africa/Accra\",\n\t\"Africa/Addis_Ababa\",\n\t\"Africa/Algiers\",\n\t\"Africa/Asmara\",\n\t\"Africa/Asmera\",\n\t\"Africa/Bamako\",\n\t\"Africa/Bangui\",\n\t\"Africa/Banjul\",\n\t\"Africa/Bissau\",\n\t\"Africa/Blantyre\",\n\t\"Africa/Brazzaville\",\n\t\"Africa/Bujumbura\",\n\t\"Africa/Cairo\",\n\t\"Africa/Casablanca\",\n\t\"Africa/Ceuta\",\n\t\"Africa/Conakry\",\n\t\"Africa/Dakar\",\n\t\"Africa/Dar_es_Salaam\",\n\t\"Africa/Djibouti\",\n\t\"Africa/Douala\",\n\t\"Africa/El_Aaiun\",\n\t\"Africa/Freetown\",\n\t\"Africa/Gaborone\",\n\t\"Africa/Harare\",\n\t\"Africa/Johannesburg\",\n\t\"Africa/Juba\",\n\t\"Africa/Kampala\",\n\t\"Africa/Khartoum\",\n\t\"Africa/Kigali\",\n\t\"Africa/Kinshasa\",\n\t\"Africa/Lagos\",\n\t\"Africa/Libreville\",\n\t\"Africa/Lome\",\n\t\"Africa/Luanda\",\n\t\"Africa/Lubumbashi\",\n\t\"Africa/Lusaka\",\n\t\"Africa/Malabo\",\n\t\"Africa/Maputo\",\n\t\"Africa/Maseru\",\n\t\"Africa/Mbabane\",\n\t\"Africa/Mogadishu\",\n\t\"Africa/Monrovia\",\n\t\"Africa/Nairobi\",\n\t\"Africa/Ndjamena\",\n\t\"Africa/Niamey\",\n\t\"Africa/Nouakchott\",\n\t\"Africa/Ouagadougou\",\n\t\"Africa/Porto-Novo\",\n\t\"Africa/Sao_Tome\",\n\t\"Africa/Timbuktu\",\n\t\"Africa/Tripoli\",\n\t\"Africa/Tunis\",\n\t\"Africa/Windhoek\",\n\t\"America/Adak\",\n\t\"America/Anchorage\",\n\t\"America/Anguilla\",\n\t\"America/Antigua\",\n\t\"America/Araguaina\",\n\t\"America/Argentina/Buenos_Aires\",\n\t\"America/Argentina/Catamarca\",\n\t\"America/Argentina/ComodRivadavia\",\n\t\"America/Argentina/Cordoba\",\n\t\"America/Argentina/Jujuy\",\n\t\"America/Argentina/La_Rioja\",\n\t\"America/Argentina/Mendoza\",\n\t\"America/Argentina/Rio_Gallegos\",\n\t\"America/Argentina/Salta\",\n\t\"America/Argentina/San_Juan\",\n\t\"America/Argentina/San_Luis\",\n\t\"America/Argentina/Tucuman\",\n\t\"America/Argentina/Ushuaia\",\n\t\"America/Aruba\",\n\t\"America/Asuncion\",\n\t\"America/Atikokan\",\n\t\"America/Atka\",\n\t\"America/Bahia\",\n\t\"America/Bahia_Banderas\",\n\t\"America/Barbados\",\n\t\"America/Belem\",\n\t\"America/Belize\",\n\t\"America/Blanc-Sablon\",\n\t\"America/Boa_Vista\",\n\t\"America/Bogota\",\n\t\"America/Boise\",\n\t\"America/Buenos_Aires\",\n\t\"America/Cambridge_Bay\",\n\t\"America/Campo_Grande\",\n\t\"America/Cancun\",\n\t\"America/Caracas\",\n\t\"America/Catamarca\",\n\t\"America/Cayenne\",\n\t\"America/Cayman\",\n\t\"America/Chicago\",\n\t\"America/Chihuahua\",\n\t\"America/Coral_Harbour\",\n\t\"America/Cordoba\",\n\t\"America/Costa_Rica\",\n\t\"America/Creston\",\n\t\"America/Cuiaba\",\n\t\"America/Curacao\",\n\t\"America/Danmarkshavn\",\n\t\"America/Dawson\",\n\t\"America/Dawson_Creek\",\n\t\"America/Denver\",\n\t\"America/Detroit\",\n\t\"America/Dominica\",\n\t\"America/Edmonton\",\n\t\"America/Eirunepe\",\n\t\"America/El_Salvador\",\n\t\"America/Ensenada\",\n\t\"America/Fort_Nelson\",\n\t\"America/Fort_Wayne\",\n\t\"America/Fortaleza\",\n\t\"America/Glace_Bay\",\n\t\"America/Godthab\",\n\t\"America/Goose_Bay\",\n\t\"America/Grand_Turk\",\n\t\"America/Grenada\",\n\t\"America/Guadeloupe\",\n\t\"America/Guatemala\",\n\t\"America/Guayaquil\",\n\t\"America/Guyana\",\n\t\"America/Halifax\",\n\t\"America/Havana\",\n\t\"America/Hermosillo\",\n\t\"America/Indiana/Indianapolis\",\n\t\"America/Indiana/Knox\",\n\t\"America/Indiana/Marengo\",\n\t\"America/Indiana/Petersburg\",\n\t\"America/Indiana/Tell_City\",\n\t\"America/Indiana/Vevay\",\n\t\"America/Indiana/Vincennes\",\n\t\"America/Indiana/Winamac\",\n\t\"America/Indianapolis\",\n\t\"America/Inuvik\",\n\t\"America/Iqaluit\",\n\t\"America/Jamaica\",\n\t\"America/Jujuy\",\n\t\"America/Juneau\",\n\t\"America/Kentucky/Louisville\",\n\t\"America/Kentucky/Monticello\",\n\t\"America/Knox_IN\",\n\t\"America/Kralendijk\",\n\t\"America/La_Paz\",\n\t\"America/Lima\",\n\t\"America/Los_Angeles\",\n\t\"America/Louisville\",\n\t\"America/Lower_Princes\",\n\t\"America/Maceio\",\n\t\"America/Managua\",\n\t\"America/Manaus\",\n\t\"America/Marigot\",\n\t\"America/Martinique\",\n\t\"America/Matamoros\",\n\t\"America/Mazatlan\",\n\t\"America/Mendoza\",\n\t\"America/Menominee\",\n\t\"America/Merida\",\n\t\"America/Metlakatla\",\n\t\"America/Mexico_City\",\n\t\"America/Miquelon\",\n\t\"America/Moncton\",\n\t\"America/Monterrey\",\n\t\"America/Montevideo\",\n\t\"America/Montreal\",\n\t\"America/Montserrat\",\n\t\"America/Nassau\",\n\t\"America/New_York\",\n\t\"America/Nipigon\",\n\t\"America/Nome\",\n\t\"America/Noronha\",\n\t\"America/North_Dakota/Beulah\",\n\t\"America/North_Dakota/Center\",\n\t\"America/North_Dakota/New_Salem\",\n\t\"America/Ojinaga\",\n\t\"America/Panama\",\n\t\"America/Pangnirtung\",\n\t\"America/Paramaribo\",\n\t\"America/Phoenix\",\n\t\"America/Port-au-Prince\",\n\t\"America/Port_of_Spain\",\n\t\"America/Porto_Acre\",\n\t\"America/Porto_Velho\",\n\t\"America/Puerto_Rico\",\n\t\"America/Punta_Arenas\",\n\t\"America/Rainy_River\",\n\t\"America/Rankin_Inlet\",\n\t\"America/Recife\",\n\t\"America/Regina\",\n\t\"America/Resolute\",\n\t\"America/Rio_Branco\",\n\t\"America/Rosario\",\n\t\"America/Santa_Isabel\",\n\t\"America/Santarem\",\n\t\"America/Santiago\",\n\t\"America/Santo_Domingo\",\n\t\"America/Sao_Paulo\",\n\t\"America/Scoresbysund\",\n\t\"America/Shiprock\",\n\t\"America/Sitka\",\n\t\"America/St_Barthelemy\",\n\t\"America/St_Johns\",\n\t\"America/St_Kitts\",\n\t\"America/St_Lucia\",\n\t\"America/St_Thomas\",\n\t\"America/St_Vincent\",\n\t\"America/Swift_Current\",\n\t\"America/Tegucigalpa\",\n\t\"America/Thule\",\n\t\"America/Thunder_Bay\",\n\t\"America/Tijuana\",\n\t\"America/Toronto\",\n\t\"America/Tortola\",\n\t\"America/Vancouver\",\n\t\"America/Virgin\",\n\t\"America/Whitehorse\",\n\t\"America/Winnipeg\",\n\t\"America/Yakutat\",\n\t\"America/Yellowknife\",\n\t\"Antarctica/Casey\",\n\t\"Antarctica/Davis\",\n\t\"Antarctica/DumontDUrville\",\n\t\"Antarctica/Macquarie\",\n\t\"Antarctica/Mawson\",\n\t\"Antarctica/McMurdo\",\n\t\"Antarctica/Palmer\",\n\t\"Antarctica/Rothera\",\n\t\"Antarctica/South_Pole\",\n\t\"Antarctica/Syowa\",\n\t\"Antarctica/Troll\",\n\t\"Antarctica/Vostok\",\n\t\"Arctic/Longyearbyen\",\n\t\"Asia/Aden\",\n\t\"Asia/Almaty\",\n\t\"Asia/Amman\",\n\t\"Asia/Anadyr\",\n\t\"Asia/Aqtau\",\n\t\"Asia/Aqtobe\",\n\t\"Asia/Ashgabat\",\n\t\"Asia/Ashkhabad\",\n\t\"Asia/Atyrau\",\n\t\"Asia/Baghdad\",\n\t\"Asia/Bahrain\",\n\t\"Asia/Baku\",\n\t\"Asia/Bangkok\",\n\t\"Asia/Barnaul\",\n\t\"Asia/Beirut\",\n\t\"Asia/Bishkek\",\n\t\"Asia/Brunei\",\n\t\"Asia/Calcutta\",\n\t\"Asia/Chita\",\n\t\"Asia/Choibalsan\",\n\t\"Asia/Chongqing\",\n\t\"Asia/Chungking\",\n\t\"Asia/Colombo\",\n\t\"Asia/Dacca\",\n\t\"Asia/Damascus\",\n\t\"Asia/Dhaka\",\n\t\"Asia/Dili\",\n\t\"Asia/Dubai\",\n\t\"Asia/Dushanbe\",\n\t\"Asia/Famagusta\",\n\t\"Asia/Gaza\",\n\t\"Asia/Harbin\",\n\t\"Asia/Hebron\",\n\t\"Asia/Ho_Chi_Minh\",\n\t\"Asia/Hong_Kong\",\n\t\"Asia/Hovd\",\n\t\"Asia/Irkutsk\",\n\t\"Asia/Istanbul\",\n\t\"Asia/Jakarta\",\n\t\"Asia/Jayapura\",\n\t\"Asia/Jerusalem\",\n\t\"Asia/Kabul\",\n\t\"Asia/Kamchatka\",\n\t\"Asia/Karachi\",\n\t\"Asia/Kashgar\",\n\t\"Asia/Kathmandu\",\n\t\"Asia/Katmandu\",\n\t\"Asia/Khandyga\",\n\t\"Asia/Kolkata\",\n\t\"Asia/Krasnoyarsk\",\n\t\"Asia/Kuala_Lumpur\",\n\t\"Asia/Kuching\",\n\t\"Asia/Kuwait\",\n\t\"Asia/Macao\",\n\t\"Asia/Macau\",\n\t\"Asia/Magadan\",\n\t\"Asia/Makassar\",\n\t\"Asia/Manila\",\n\t\"Asia/Muscat\",\n\t\"Asia/Nicosia\",\n\t\"Asia/Novokuznetsk\",\n\t\"Asia/Novosibirsk\",\n\t\"Asia/Omsk\",\n\t\"Asia/Oral\",\n\t\"Asia/Phnom_Penh\",\n\t\"Asia/Pontianak\",\n\t\"Asia/Pyongyang\",\n\t\"Asia/Qatar\",\n\t\"Asia/Qyzylorda\",\n\t\"Asia/Rangoon\",\n\t\"Asia/Riyadh\",\n\t\"Asia/Saigon\",\n\t\"Asia/Sakhalin\",\n\t\"Asia/Samarkand\",\n\t\"Asia/Seoul\",\n\t\"Asia/Shanghai\",\n\t\"Asia/Singapore\",\n\t\"Asia/Srednekolymsk\",\n\t\"Asia/Taipei\",\n\t\"Asia/Tashkent\",\n\t\"Asia/Tbilisi\",\n\t\"Asia/Tehran\",\n\t\"Asia/Tel_Aviv\",\n\t\"Asia/Thimbu\",\n\t\"Asia/Thimphu\",\n\t\"Asia/Tokyo\",\n\t\"Asia/Tomsk\",\n\t\"Asia/Ujung_Pandang\",\n\t\"Asia/Ulaanbaatar\",\n\t\"Asia/Ulan_Bator\",\n\t\"Asia/Urumqi\",\n\t\"Asia/Ust-Nera\",\n\t\"Asia/Vientiane\",\n\t\"Asia/Vladivostok\",\n\t\"Asia/Yakutsk\",\n\t\"Asia/Yangon\",\n\t\"Asia/Yekaterinburg\",\n\t\"Asia/Yerevan\",\n\t\"Atlantic/Azores\",\n\t\"Atlantic/Bermuda\",\n\t\"Atlantic/Canary\",\n\t\"Atlantic/Cape_Verde\",\n\t\"Atlantic/Faeroe\",\n\t\"Atlantic/Faroe\",\n\t\"Atlantic/Jan_Mayen\",\n\t\"Atlantic/Madeira\",\n\t\"Atlantic/Reykjavik\",\n\t\"Atlantic/South_Georgia\",\n\t\"Atlantic/St_Helena\",\n\t\"Atlantic/Stanley\",\n\t\"Australia/ACT\",\n\t\"Australia/Adelaide\",\n\t\"Australia/Brisbane\",\n\t\"Australia/Broken_Hill\",\n\t\"Australia/Canberra\",\n\t\"Australia/Currie\",\n\t\"Australia/Darwin\",\n\t\"Australia/Eucla\",\n\t\"Australia/Hobart\",\n\t\"Australia/LHI\",\n\t\"Australia/Lindeman\",\n\t\"Australia/Lord_Howe\",\n\t\"Australia/Melbourne\",\n\t\"Australia/NSW\",\n\t\"Australia/North\",\n\t\"Australia/Perth\",\n\t\"Australia/Queensland\",\n\t\"Australia/South\",\n\t\"Australia/Sydney\",\n\t\"Australia/Tasmania\",\n\t\"Australia/Victoria\",\n\t\"Australia/West\",\n\t\"Australia/Yancowinna\",\n\t\"Europe/Amsterdam\",\n\t\"Europe/Andorra\",\n\t\"Europe/Astrakhan\",\n\t\"Europe/Athens\",\n\t\"Europe/Belfast\",\n\t\"Europe/Belgrade\",\n\t\"Europe/Berlin\",\n\t\"Europe/Bratislava\",\n\t\"Europe/Brussels\",\n\t\"Europe/Bucharest\",\n\t\"Europe/Budapest\",\n\t\"Europe/Busingen\",\n\t\"Europe/Chisinau\",\n\t\"Europe/Copenhagen\",\n\t\"Europe/Dublin\",\n\t\"Europe/Gibraltar\",\n\t\"Europe/Guernsey\",\n\t\"Europe/Helsinki\",\n\t\"Europe/Isle_of_Man\",\n\t\"Europe/Istanbul\",\n\t\"Europe/Jersey\",\n\t\"Europe/Kaliningrad\",\n\t\"Europe/Kiev\",\n\t\"Europe/Kirov\",\n\t\"Europe/Lisbon\",\n\t\"Europe/Ljubljana\",\n\t\"Europe/London\",\n\t\"Europe/Luxembourg\",\n\t\"Europe/Madrid\",\n\t\"Europe/Malta\",\n\t\"Europe/Mariehamn\",\n\t\"Europe/Minsk\",\n\t\"Europe/Monaco\",\n\t\"Europe/Moscow\",\n\t\"Europe/Nicosia\",\n\t\"Europe/Oslo\",\n\t\"Europe/Paris\",\n\t\"Europe/Podgorica\",\n\t\"Europe/Prague\",\n\t\"Europe/Riga\",\n\t\"Europe/Rome\",\n\t\"Europe/Samara\",\n\t\"Europe/San_Marino\",\n\t\"Europe/Sarajevo\",\n\t\"Europe/Saratov\",\n\t\"Europe/Simferopol\",\n\t\"Europe/Skopje\",\n\t\"Europe/Sofia\",\n\t\"Europe/Stockholm\",\n\t\"Europe/Tallinn\",\n\t\"Europe/Tirane\",\n\t\"Europe/Tiraspol\",\n\t\"Europe/Ulyanovsk\",\n\t\"Europe/Uzhgorod\",\n\t\"Europe/Vaduz\",\n\t\"Europe/Vatican\",\n\t\"Europe/Vienna\",\n\t\"Europe/Vilnius\",\n\t\"Europe/Volgograd\",\n\t\"Europe/Warsaw\",\n\t\"Europe/Zagreb\",\n\t\"Europe/Zaporozhye\",\n\t\"Europe/Zurich\",\n\t\"Indian/Antananarivo\",\n\t\"Indian/Chagos\",\n\t\"Indian/Christmas\",\n\t\"Indian/Cocos\",\n\t\"Indian/Comoro\",\n\t\"Indian/Kerguelen\",\n\t\"Indian/Mahe\",\n\t\"Indian/Maldives\",\n\t\"Indian/Mauritius\",\n\t\"Indian/Mayotte\",\n\t\"Indian/Reunion\",\n\t\"Pacific/Apia\",\n\t\"Pacific/Auckland\",\n\t\"Pacific/Bougainville\",\n\t\"Pacific/Chatham\",\n\t\"Pacific/Chuuk\",\n\t\"Pacific/Easter\",\n\t\"Pacific/Efate\",\n\t\"Pacific/Enderbury\",\n\t\"Pacific/Fakaofo\",\n\t\"Pacific/Fiji\",\n\t\"Pacific/Funafuti\",\n\t\"Pacific/Galapagos\",\n\t\"Pacific/Gambier\",\n\t\"Pacific/Guadalcanal\",\n\t\"Pacific/Guam\",\n\t\"Pacific/Honolulu\",\n\t\"Pacific/Johnston\",\n\t\"Pacific/Kiritimati\",\n\t\"Pacific/Kosrae\",\n\t\"Pacific/Kwajalein\",\n\t\"Pacific/Majuro\",\n\t\"Pacific/Marquesas\",\n\t\"Pacific/Midway\",\n\t\"Pacific/Nauru\",\n\t\"Pacific/Niue\",\n\t\"Pacific/Norfolk\",\n\t\"Pacific/Noumea\",\n\t\"Pacific/Pago_Pago\",\n\t\"Pacific/Palau\",\n\t\"Pacific/Pitcairn\",\n\t\"Pacific/Pohnpei\",\n\t\"Pacific/Ponape\",\n\t\"Pacific/Port_Moresby\",\n\t\"Pacific/Rarotonga\",\n\t\"Pacific/Saipan\",\n\t\"Pacific/Samoa\",\n\t\"Pacific/Tahiti\",\n\t\"Pacific/Tarawa\",\n\t\"Pacific/Tongatapu\",\n\t\"Pacific/Truk\",\n\t\"Pacific/Wake\",\n\t\"Pacific/Wallis\",\n\t\"Pacific/Yap\"\n}\n\nlocal utcnow = luatz.time ()\n\nprint(\"map $geoip2_timezone $geoip2_offset {\")\n\nfor loop, timezone in ipairs(timezones) do\n\tprint('\\t\"' .. timezone .. '\" ' ..\n\t luatz.get_tz(timezone):find_current(utcnow).gmtoff .. ';')\nend\n\nprint(\"}\")\n" }, { "path": "telnet/Dockerfile", "content": "# command to run Telnet\n# docker run -it --rm \\\n#\t--log-driver none \\\n#\tjess/telnet towel.blinkenlights.nl\n#\nFROM alpine:latest\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN apk add --no-cache --virtual \\\n\tbusybox-extras\n\nENTRYPOINT [ \"telnet\" ]\n" }, { "path": "termboy/Dockerfile", "content": "# DESCRIPTION:\t Termboy in a container\n# AUTHOR:\t\t Jessie Frazelle \n# COMMENTS:\n#\tThis file describes how to build termboy\n#\tin a container with all dependencies installed.\n#\tTested on Debian Jessie.\n# USAGE:\n#\t# Download termboy Dockerfile\n#\twget https://raw.githubusercontent.com/jessfraz/dockerfiles/master/termboy/Dockerfile\n#\n#\t# Build termboy image\n#\tdocker build -t termboy .\n#\n#\tdocker run -it \\\n#\t\t--device /dev/snd \\\n#\t\ttermboy\n#\n\n# Base docker image\nFROM debian:bullseye-slim\nLABEL maintainer \"Jessie Frazelle \"\n\nENV DEBIAN_FRONTEND noninteractive\n\n# Install dependencies\nRUN apt-get update && apt-get install -y \\\n\tca-certificates \\\n\tconsole-setup \\\n\tconsole-setup-linux \\\n\tg++ \\\n\tgit \\\n\tkbd \\\n\tlibasound2-dev \\\n\tlibncurses5-dev \\\n\tlibncursesw5-dev \\\n\tmake \\\n\tsudo \\\n\t--no-install-recommends \\\n\t&& rm -rf /var/lib/apt/lists/*\n\nRUN git clone --depth 1 https://github.com/dobyrch/termboy /src \\\n\t&& cd /src \\\n\t&& make \\\n\t&& make install || true\n\n\n# add games\nCOPY games /games\n\n# Autorun termboy\nENTRYPOINT [\"/usr/bin/termboy\"]\n" }, { "path": "terraform/Dockerfile", "content": "FROM golang:alpine as builder\nMAINTAINER Jessica Frazelle \n\nENV PATH /go/bin:/usr/local/go/bin:$PATH\nENV GOPATH /go\n\nRUN\tapk add --no-cache \\\n\tbash \\\n\tca-certificates \\\n\tgcc \\\n\tgit \\\n\tmake \\\n\tmusl-dev \\\n\tzip\n\nENV TERRAFORM_VERSION v0.14.7\n\nRUN git clone --depth 1 --branch ${TERRAFORM_VERSION} https://github.com/hashicorp/terraform.git /go/src/github.com/hashicorp/terraform\n\nWORKDIR /go/src/github.com/hashicorp/terraform\n\nRUN CGO_ENABLED=0 go build -a -tags netgo -ldflags '-w -extldflags \"-static\"' \\\n\t-o bin/terraform && \\\n\tmv bin/terraform /usr/bin/terraform\n\nFROM alpine:latest\n\nRUN apk add --no-cache \\\n\tbash \\\n\ttar\n\nCOPY --from=builder /usr/bin/terraform /usr/bin/terraform\nCOPY --from=builder /etc/ssl/certs/ /etc/ssl/certs\n\nENTRYPOINT [ \"terraform\" ]\nCMD [ \"--help\" ]\n" }, { "path": "test.sh", "content": "#!/bin/bash\nset -e\nset -o pipefail\n\n# this is kind of an expensive check, so let's not do this twice if we\n# are running more than one validate bundlescript\nVALIDATE_REPO='https://github.com/jessfraz/dockerfiles.git'\nVALIDATE_BRANCH='master'\n\nVALIDATE_HEAD=\"$(git rev-parse --verify HEAD)\"\n\ngit fetch -q \"$VALIDATE_REPO\" \"refs/heads/$VALIDATE_BRANCH\"\nVALIDATE_UPSTREAM=\"$(git rev-parse --verify FETCH_HEAD)\"\n\nVALIDATE_COMMIT_DIFF=\"$VALIDATE_UPSTREAM...$VALIDATE_HEAD\"\n\nvalidate_diff() {\n\tif [ \"$VALIDATE_UPSTREAM\" != \"$VALIDATE_HEAD\" ]; then\n\t\tgit diff \"$VALIDATE_COMMIT_DIFF\" \"$@\"\n\telse\n\t\tgit diff HEAD~ \"$@\"\n\tfi\n}\n\n# get the dockerfiles changed\nIFS=$'\\n'\n# shellcheck disable=SC2207\nfiles=( $(validate_diff --name-only -- '*Dockerfile') )\nunset IFS\n\n# build the changed dockerfiles\n# shellcheck disable=SC2068\nfor f in ${files[@]}; do\n\tif ! [[ -e \"$f\" ]]; then\n\t\tcontinue\n\tfi\n\n\tbuild_dir=$(dirname \"$f\")\n\tbase=\"${build_dir%%\\/*}\"\n\tsuite=\"${build_dir##$base}\"\n\tsuite=\"${suite##\\/}\"\n\n\tif [[ -z \"$suite\" ]]; then\n\t\tsuite=latest\n\tfi\n\n\t(\n\tset -x\n\tdocker build -t \"${base}:${suite}\" \"${build_dir}\"\n\t)\n\n\techo \" --- \"\n\techo \"Successfully built ${base}:${suite} with context ${build_dir}\"\n\techo \" --- \"\ndone\n" }, { "path": "tetris/Dockerfile", "content": "# DESCRIPTION:\t Run text-based emacs tetris in a container\n# AUTHOR:\t\t Jessie Frazelle \n# COMMENTS:\n#\tThis file describes how to build tetris in a container with all\n#\tdependencies installed.\n#\tTested on Debian Jessie\n# USAGE:\n#\t# Download tetris Dockerfile\n#\twget https://raw.githubusercontent.com/jessfraz/dockerfiles/master/tetris/Dockerfile\n#\n#\t# Build tetris image\n#\tdocker build -t tetris .\n#\n#\tdocker run -it tetris\n#\n\n# Base docker image\nFROM alpine:latest\nLABEL maintainer \"Jessie Frazelle \"\n\n# Install emacs:\n# Note: Emacs is only in community repo -> https://pkgs.alpinelinux.org/packages?package=emacs&repo=all&arch=x86_64\nRUN apk --no-cache add \\\n\t--repository http://dl-cdn.alpinelinux.org/alpine/edge/community/ \\\n\temacs\n\n# Autorun tetris\nCMD [\"/usr/bin/emacs\", \"-f\", \"tetris\"]\n" }, { "path": "texlive/Dockerfile", "content": "# TeX Live and biber\n#\n# Example usage:\n# docker run -it -w '/mnt' -v `pwd`:/mnt texlive /bin/bash -c './compile.sh'\n#\n# Example use case:\n# https://github.com/andygrunwald/FOM-LaTeX-Template\n\nFROM debian:bullseye-slim\nLABEL maintainer \"Christian Koep \"\n\nRUN apt-get update && apt-get install -y \\\n texlive-full \\\n biber \\\n --no-install-recommends \\\n && rm -rf /var/lib/apt/lists/*\n" }, { "path": "tor-browser/alpha/Dockerfile", "content": "# Run tor browser in a container\n#\n# docker run -v /tmp/.X11-unix:/tmp/.X11-unix \\\n#\t-v /dev/snd:/dev/snd \\\n#\t-v /dev/shm:/dev/shm \\\n#\t-v /etc/machine-id:/etc/machine-id:ro \\\n#\t-e DISPLAY=unix$DISPLAY \\\n#\tjess/tor-browser:alpha\n#\nFROM debian:bullseye-slim\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN apt-get update && apt-get install -y \\\n\tca-certificates \\\n\tcurl \\\n\tdirmngr \\\n\tgnupg \\\n\tlibasound2 \\\n\tlibdbus-glib-1-2 \\\n\tlibgtk-3-0 \\\n\tlibxrender1 \\\n\tlibx11-xcb-dev \\\n\tlibx11-xcb1 \\\n\tlibxt6 \\\n\txz-utils \\\n\tfile \\\n\t--no-install-recommends \\\n\t&& rm -rf /var/lib/apt/lists/*\n\nENV HOME /home/user\nRUN useradd --create-home --home-dir $HOME user \\\n\t&& chown -R user:user $HOME\n\nENV LANG C.UTF-8\n\n# https://www.torproject.org/download/alpha/\nENV TOR_VERSION 9.5a12\nENV TOR_FINGERPRINT 0x4E2C6E8793298290\n\n# download tor and check signature\nRUN cd /tmp \\\n\t&& curl -sSOL \"https://www.torproject.org/dist/torbrowser/${TOR_VERSION}/tor-browser-linux64-${TOR_VERSION}_en-US.tar.xz\" \\\n\t&& curl -sSOL \"https://www.torproject.org/dist/torbrowser/${TOR_VERSION}/tor-browser-linux64-${TOR_VERSION}_en-US.tar.xz.asc\" \\\n\t&& export GNUPGHOME=\"$(mktemp -d)\" \\\n\t&& for server in $(shuf -e \\\n\t\t\tha.pool.sks-keyservers.net \\\n\t\t\thkp://p80.pool.sks-keyservers.net:80 \\\n\t\t\tkeyserver.ubuntu.com \\\n\t\t\thkp://keyserver.ubuntu.com:80 \\\n\t\t\tpgp.mit.edu) ; do \\\n\t\tgpg --no-tty --keyserver \"${server}\" --recv-keys ${TOR_FINGERPRINT} && break || : ; \\\n\tdone \\\n\t&& gpg --fingerprint --keyid-format LONG ${TOR_FINGERPRINT} | grep \"Key fingerprint = EF6E 286D DA85 EA2A 4BA7 DE68 4E2C 6E87 9329 8290\" \\\n\t&& gpg --verify tor-browser-linux64-${TOR_VERSION}_en-US.tar.xz.asc \\\n\t&& tar -vxJ --strip-components 1 -C /usr/local/bin -f tor-browser-linux64-${TOR_VERSION}_en-US.tar.xz \\\n\t&& rm -rf tor-browser* \"$GNUPGHOME\" \\\n\t&& chown -R user:user /usr/local/bin\n\n# good fonts\nCOPY local.conf /etc/fonts/local.conf\n\nWORKDIR $HOME\nUSER user\n\nENTRYPOINT [\"/bin/bash\"]\nCMD [ \"/usr/local/bin/Browser/start-tor-browser\", \"--log\", \"/dev/stdout\" ]\n" }, { "path": "tor-browser/alpha/local.conf", "content": "\n\n\n\n\nrgb\n\n\n\n\ntrue\n\n\n\n\nhintslight\n\n\n\n\ntrue\n\n\n\n\nlcddefault\n\n\n\n\nfalse\n\n\n\n" }, { "path": "tor-browser/stable/Dockerfile", "content": "# Run tor browser in a container\n#\n# docker run -v /tmp/.X11-unix:/tmp/.X11-unix \\\n#\t-v /dev/snd:/dev/snd \\\n#\t-v /dev/shm:/dev/shm \\\n#\t-v /etc/machine-id:/etc/machine-id:ro \\\n#\t-e DISPLAY=unix$DISPLAY \\\n#\tjess/tor-browser\n#\nFROM debian:bullseye-slim\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN apt-get update && apt-get install -y \\\n\tca-certificates \\\n\tcurl \\\n\tdirmngr \\\n\tgnupg \\\n\tlibasound2 \\\n\tlibdbus-glib-1-2 \\\n\tlibgtk-3-0 \\\n\tlibxrender1 \\\n\tlibx11-xcb-dev \\\n\tlibx11-xcb1 \\\n\tlibxt6 \\\n\txz-utils \\\n\tfile \\\n\t--no-install-recommends \\\n\t&& rm -rf /var/lib/apt/lists/*\n\nENV HOME /home/user\nRUN useradd --create-home --home-dir $HOME user \\\n\t&& chown -R user:user $HOME\n\nENV LANG C.UTF-8\n\n# https://www.torproject.org/projects/torbrowser.html.en\nENV TOR_VERSION 9.0.10\nENV TOR_FINGERPRINT 0x4E2C6E8793298290\n\n# download tor and check signature\nRUN cd /tmp \\\n\t&& curl -sSOL \"https://dist.torproject.org/torbrowser/${TOR_VERSION}/tor-browser-linux64-${TOR_VERSION}_en-US.tar.xz\" \\\n\t&& curl -sSOL \"https://www.torproject.org/dist/torbrowser/${TOR_VERSION}/tor-browser-linux64-${TOR_VERSION}_en-US.tar.xz.asc\" \\\n\t&& export GNUPGHOME=\"$(mktemp -d)\" \\\n\t&& for server in $(shuf -e \\\n\t\t\tha.pool.sks-keyservers.net \\\n\t\t\thkp://p80.pool.sks-keyservers.net:80 \\\n\t\t\tkeyserver.ubuntu.com \\\n\t\t\thkp://keyserver.ubuntu.com:80 \\\n\t\t\tpgp.mit.edu) ; do \\\n\t\tgpg --no-tty --keyserver \"${server}\" --recv-keys ${TOR_FINGERPRINT} && break || : ; \\\n\tdone \\\n\t&& gpg --fingerprint --keyid-format LONG ${TOR_FINGERPRINT} | grep \"Key fingerprint = EF6E 286D DA85 EA2A 4BA7 DE68 4E2C 6E87 9329 8290\" \\\n\t&& gpg --verify tor-browser-linux64-${TOR_VERSION}_en-US.tar.xz.asc \\\n\t&& tar -vxJ --strip-components 1 -C /usr/local/bin -f tor-browser-linux64-${TOR_VERSION}_en-US.tar.xz \\\n\t&& rm -rf tor-browser* \"$GNUPGHOME\" \\\n\t&& chown -R user:user /usr/local/bin\n\n# good fonts\nCOPY local.conf /etc/fonts/local.conf\n\nWORKDIR $HOME\nUSER user\n\nENTRYPOINT [\"/bin/bash\"]\nCMD [ \"/usr/local/bin/Browser/start-tor-browser\", \"--log\", \"/dev/stdout\" ]\n" }, { "path": "tor-browser/stable/local.conf", "content": "\n\n\n\n\nrgb\n\n\n\n\ntrue\n\n\n\n\nhintslight\n\n\n\n\ntrue\n\n\n\n\nlcddefault\n\n\n\n\nfalse\n\n\n\n" }, { "path": "tor-proxy/Dockerfile", "content": "# run a tor socks proxy in a container\n#\n# docker run -d \\\n#\t--restart always \\\n#\t-v /etc/localtime:/etc/localtime:ro \\\n#\t-p 9050:9050 \\\n# \t--name torproxy \\\n# \tjess/tor-proxy\n#\nFROM alpine:latest\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN apk --no-cache add \\\n\ttor\n\n# expose socks port\nEXPOSE 9050\n\n# copy in our torrc file\nCOPY torrc.default /etc/tor/torrc.default\n\n# make sure files are owned by tor user\nRUN chown -R tor /etc/tor\n\nUSER tor\n\nENTRYPOINT [ \"tor\" ]\nCMD [ \"-f\", \"/etc/tor/torrc.default\" ]\n" }, { "path": "tor-proxy/torrc.default", "content": "## Configuration file for a typical Tor user\n## Last updated 2 September 2014 for Tor 0.2.6.1-alpha.\n## (may or may not work for much older or much newer versions of Tor.)\n##\n## Lines that begin with \"## \" try to explain what's going on. Lines\n## that begin with just \"#\" are disabled commands: you can enable them\n## by removing the \"#\" symbol.\n##\n## See 'man tor', or https://www.torproject.org/docs/tor-manual.html,\n## for more options you can use in this file.\n##\n## Tor will look for this file in various places based on your platform:\n## https://www.torproject.org/docs/faq#torrc\n\n## Tor opens a socks proxy on port 9050 by default -- even if you don't\n## configure one below. Set \"SocksPort 0\" if you plan to run Tor only\n## as a relay, and not make any local application connections yourself.\n#SocksPort 9050 # Default: Bind to localhost:9050 for local connections.\n#SocksPort 192.168.0.1:9100 # Bind to this address:port too.\nSocksPort 0.0.0.0:9050\n\n## Entry policies to allow/deny SOCKS requests based on IP address.\n## First entry that matches wins. If no SocksPolicy is set, we accept\n## all (and only) requests that reach a SocksPort. Untrusted users who\n## can access your SocksPort may be able to learn about the connections\n## you make.\n#SocksPolicy accept 192.168.0.0/16\n#SocksPolicy reject *\n\n## Logs go to stdout at level \"notice\" unless redirected by something\n## else, like one of the below lines. You can have as many Log lines as\n## you want.\n##\n## We advise using \"notice\" in most cases, since anything more verbose\n## may provide sensitive information to an attacker who obtains the logs.\n##\n## Send all messages of level 'notice' or higher to /var/log/tor/notices.log\n#Log notice file /var/log/tor/notices.log\n## Send every possible message to /var/log/tor/debug.log\n#Log debug file /var/log/tor/debug.log\n## Use the system log instead of Tor's logfiles\n#Log notice syslog\n## To send all messages to stderr:\nLog debug stderr\n\n## Uncomment this to start the process in the background... or use\n## --runasdaemon 1 on the command line. This is ignored on Windows;\n## see the FAQ entry if you want Tor to run as an NT service.\n#RunAsDaemon 1\n\n## The directory for keeping all the keys/etc. By default, we store\n## things in $HOME/.tor on Unix, and in Application Data\\tor on Windows.\nDataDirectory /var/lib/tor\n\n## The port on which Tor will listen for local connections from Tor\n## controller applications, as documented in control-spec.txt.\n#ControlPort 9051\n## If you enable the controlport, be sure to enable one of these\n## authentication methods, to prevent attackers from accessing it.\n#HashedControlPassword 16:872860B76453A77D60CA2BB8C1A7042072093276A3D701AD684053EC4C\n#CookieAuthentication 1\n\n############### This section is just for location-hidden services ###\n\n## Once you have configured a hidden service, you can look at the\n## contents of the file \".../hidden_service/hostname\" for the address\n## to tell people.\n##\n## HiddenServicePort x y:z says to redirect requests on port x to the\n## address y:z.\n\n#HiddenServiceDir /var/lib/tor/hidden_service/\n#HiddenServicePort 80 127.0.0.1:80\n\n#HiddenServiceDir /var/lib/tor/other_hidden_service/\n#HiddenServicePort 80 127.0.0.1:80\n#HiddenServicePort 22 127.0.0.1:22\n\n################ This section is just for relays #####################\n#\n## See https://www.torproject.org/docs/tor-doc-relay for details.\n\n## Required: what port to advertise for incoming Tor connections.\n#ORPort 9001\n## If you want to listen on a port other than the one advertised in\n## ORPort (e.g. to advertise 443 but bind to 9090), you can do it as\n## follows. You'll need to do ipchains or other port forwarding\n## yourself to make this work.\n#ORPort 443 NoListen\n#ORPort 127.0.0.1:9090 NoAdvertise\n\n## The IP address or full DNS name for incoming connections to your\n## relay. Leave commented out and Tor will guess.\n#Address noname.example.com\n\n## If you have multiple network interfaces, you can specify one for\n## outgoing traffic to use.\n# OutboundBindAddress 10.0.0.5\n\n## A handle for your relay, so people don't have to refer to it by key.\n#Nickname hacktheplanet\n\n## Define these to limit how much relayed traffic you will allow. Your\n## own traffic is still unthrottled. Note that RelayBandwidthRate must\n## be at least 20 kilobytes per second.\n## Note that units for these config options are bytes (per second), not\n## bits (per second), and that prefixes are binary prefixes, i.e. 2^10,\n## 2^20, etc.\n#RelayBandwidthRate 100 KBytes # Throttle traffic to 100KB/s (800Kbps)\n#RelayBandwidthBurst 200 KBytes # But allow bursts up to 200KB (1600Kb)\n\n## Use these to restrict the maximum traffic per day, week, or month.\n## Note that this threshold applies separately to sent and received bytes,\n## not to their sum: setting \"4 GB\" may allow up to 8 GB total before\n## hibernating.\n##\n## Set a maximum of 4 gigabytes each way per period.\n#AccountingMax 4 GBytes\n## Each period starts daily at midnight (AccountingMax is per day)\n#AccountingStart day 00:00\n## Each period starts on the 3rd of the month at 15:00 (AccountingMax\n## is per month)\n#AccountingStart month 3 15:00\n\n## Administrative contact information for this relay or bridge. This line\n## can be used to contact you if your relay or bridge is misconfigured or\n## something else goes wrong. Note that we archive and publish all\n## descriptors containing these lines and that Google indexes them, so\n## spammers might also collect them. You may want to obscure the fact that\n## it's an email address and/or generate a new address for this purpose.\n#ContactInfo Random Person \n## You might also include your PGP or GPG fingerprint if you have one:\n#ContactInfo ${CONTACT_GPG_FINGERPRINT} ${CONTACT_NAME} ${CONTACT_EMAIL}\n\n## Uncomment this to mirror directory information for others. Please do\n## if you have enough bandwidth.\n#DirPort 9030 # what port to advertise for directory connections\n## If you want to listen on a port other than the one advertised in\n## DirPort (e.g. to advertise 80 but bind to 9091), you can do it as\n## follows. below too. You'll need to do ipchains or other port\n## forwarding yourself to make this work.\n#DirPort 80 NoListen\n#DirPort 127.0.0.1:9091 NoAdvertise\n## Uncomment to return an arbitrary blob of html on your DirPort. Now you\n## can explain what Tor is if anybody wonders why your IP address is\n## contacting them. See contrib/tor-exit-notice.html in Tor's source\n## distribution for a sample.\n#DirPortFrontPage /etc/tor/tor-exit-notice.html\n\n## Uncomment this if you run more than one Tor relay, and add the identity\n## key fingerprint of each Tor relay you control, even if they're on\n## different networks. You declare it here so Tor clients can avoid\n## using more than one of your relays in a single circuit. See\n## https://www.torproject.org/docs/faq#MultipleRelays\n## However, you should never include a bridge's fingerprint here, as it would\n## break its concealability and potentially reveal its IP/TCP address.\n#MyFamily $keyid,$keyid,...\n\n## A comma-separated list of exit policies. They're considered first\n## to last, and the first match wins. If you want to _replace_\n## the default exit policy, end this with either a reject *:* or an\n## accept *:*. Otherwise, you're _augmenting_ (prepending to) the\n## default exit policy. Leave commented to just use the default, which is\n## described in the man page or at\n## https://www.torproject.org/documentation.html\n##\n## Look at https://www.torproject.org/faq-abuse.html#TypicalAbuses\n## for issues you might encounter if you use the default exit policy.\n##\n## If certain IPs and ports are blocked externally, e.g. by your firewall,\n## you should update your exit policy to reflect this -- otherwise Tor\n## users will be told that those destinations are down.\n##\n## For security, by default Tor rejects connections to private (local)\n## networks, including to your public IP address. See the man page entry\n## for ExitPolicyRejectPrivate if you want to allow \"exit enclaving\".\n##\n#ExitPolicy accept *:6660-6667,reject *:* # allow irc ports but no more\n#ExitPolicy accept *:119 # accept nntp as well as default exit policy\n#ExitPolicy reject *:* # no exits allowed\n\n## Bridge relays (or \"bridges\") are Tor relays that aren't listed in the\n## main directory. Since there is no complete public list of them, even an\n## ISP that filters connections to all the known Tor relays probably\n## won't be able to block all the bridges. Also, websites won't treat you\n## differently because they won't know you're running Tor. If you can\n## be a real relay, please do; but if not, be a bridge!\n#BridgeRelay 1\n## By default, Tor will advertise your bridge to users through various\n## mechanisms like https://bridges.torproject.org/. If you want to run\n## a private bridge, for example because you'll give out your bridge\n## address manually to your friends, uncomment this line:\n#PublishServerDescriptor 0\n" }, { "path": "tor-relay/Dockerfile", "content": "# run a tor relay in a container\n#\n# Bridge relay:\n#\tdocker run -d \\\n#\t\t--restart always \\\n#\t\t-v /etc/localtime:/etc/localtime:ro \\\n#\t\t-p 9001:9001 \\\n# \t\t--name tor-relay \\\n# \t\tjess/tor-relay -f /etc/tor/torrc.bridge\n#\n# Exit relay:\n# \tdocker run -d \\\n#\t\t--restart always \\\n#\t\t-v /etc/localtime:/etc/localtime:ro \\\n#\t\t-p 9001:9001 \\\n# \t\t--name tor-relay \\\n# \t\tjess/tor-relay -f /etc/tor/torrc.exit\n#\nFROM alpine:latest\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN apk --no-cache add \\\n\tbash \\\n\ttor\n\n# default port to used for incoming Tor connections\n# can be changed by changing 'ORPort' in torrc\nEXPOSE 9001\n\n# copy in our torrc files\nCOPY torrc.bridge /etc/tor/torrc.bridge\nCOPY torrc.middle /etc/tor/torrc.middle\nCOPY torrc.exit /etc/tor/torrc.exit\n\n# copy the run script\nCOPY run.sh /run.sh\nRUN chmod ugo+rx /run.sh\n\n# default environment variables\nENV RELAY_NICKNAME hacktheplanet\nENV RELAY_TYPE middle\nENV RELAY_BANDWIDTH_RATE 100 KBytes\nENV RELAY_BANDWIDTH_BURST 200 KBytes\nENV RELAY_PORT 9001\n\n# make sure files are owned by tor user\nRUN chown -R tor /etc/tor\n\nUSER tor\n\nRUN mkdir /var/lib/tor/.tor\nVOLUME /var/lib/tor/.tor\nRUN chown -R tor /var/lib/tor/.tor\n\nENTRYPOINT [ \"/run.sh\" ]\n" }, { "path": "tor-relay/README.md", "content": " ### Environment variables\n\n| Name | Description | Default value |\n| ---------------------------- |:----------------------------------------------------------------------------:| -------------:|\n| **RELAY_TYPE** | The type of relay (bridge, middle or exit) | middle |\n| **RELAY_NICKNAME** | The nickname of your relay | hacktheplanet |\n| **CONTACT_GPG_FINGERPRINT** | Your GPG ID or fingerprint | none |\n| **CONTACT_NAME** | Your name | none |\n| **CONTACT_EMAIL** | Your contact email | none |\n| **RELAY_BANDWIDTH_RATE** | Limit how much traffic will be allowed through your relay (must be > 20KB/s) | 100 KBytes |\n| **RELAY_BANDWIDTH_BURST** | Allow temporary bursts up to a certain amount | 200 KBytes |\n| **RELAY_PORT** | Default port used for incoming Tor connections (ORPort) | 9001 |\n" }, { "path": "tor-relay/run.sh", "content": "#!/bin/bash\nset -e\nset -o pipefail\n\nfor relaytype in bridge middle exit; do\n\tfile=\"/etc/tor/torrc.${relaytype}\"\n\n\tsed -i \"s/RELAY_NICKNAME/${RELAY_NICKNAME}/g\" \"$file\"\n\tsed -i \"s/CONTACT_GPG_FINGERPRINT/${CONTACT_GPG_FINGERPRINT}/g\" \"$file\"\n\tsed -i \"s/CONTACT_NAME/${CONTACT_NAME}/g\" \"$file\"\n\tsed -i \"s/CONTACT_EMAIL/${CONTACT_EMAIL}/g\" \"$file\"\n\tsed -i \"s/RELAY_BANDWIDTH_RATE/${RELAY_BANDWIDTH_RATE}/g\" \"$file\"\n\tsed -i \"s/RELAY_BANDWIDTH_BURST/${RELAY_BANDWIDTH_BURST}/g\" \"$file\"\n\tsed -i \"s/RELAY_PORT/${RELAY_PORT}/g\" \"$file\"\ndone\n\nexec tor -f \"/etc/tor/torrc.${RELAY_TYPE}\"\n" }, { "path": "tor-relay/torrc.bridge", "content": "## Configuration file for a typical Tor user\n## Last updated 2 September 2014 for Tor 0.2.6.1-alpha.\n## (may or may not work for much older or much newer versions of Tor.)\n##\n## Lines that begin with \"## \" try to explain what's going on. Lines\n## that begin with just \"#\" are disabled commands: you can enable them\n## by removing the \"#\" symbol.\n##\n## See 'man tor', or https://www.torproject.org/docs/tor-manual.html,\n## for more options you can use in this file.\n##\n## Tor will look for this file in various places based on your platform:\n## https://www.torproject.org/docs/faq#torrc\n\n## Tor opens a socks proxy on port 9050 by default -- even if you don't\n## configure one below. Set \"SocksPort 0\" if you plan to run Tor only\n## as a relay, and not make any local application connections yourself.\n#SocksPort 9050 # Default: Bind to localhost:9050 for local connections.\n#SocksPort 192.168.0.1:9100 # Bind to this address:port too.\n\n## Entry policies to allow/deny SOCKS requests based on IP address.\n## First entry that matches wins. If no SocksPolicy is set, we accept\n## all (and only) requests that reach a SocksPort. Untrusted users who\n## can access your SocksPort may be able to learn about the connections\n## you make.\n#SocksPolicy accept 192.168.0.0/16\n#SocksPolicy reject *\n\n## Logs go to stdout at level \"notice\" unless redirected by something\n## else, like one of the below lines. You can have as many Log lines as\n## you want.\n##\n## We advise using \"notice\" in most cases, since anything more verbose\n## may provide sensitive information to an attacker who obtains the logs.\n##\n## Send all messages of level 'notice' or higher to /var/log/tor/notices.log\n#Log notice file /var/log/tor/notices.log\n## Send every possible message to /var/log/tor/debug.log\n#Log debug file /var/log/tor/debug.log\n## Use the system log instead of Tor's logfiles\n#Log notice syslog\n## To send all messages to stderr:\n#Log debug stderr\n\n## Uncomment this to start the process in the background... or use\n## --runasdaemon 1 on the command line. This is ignored on Windows;\n## see the FAQ entry if you want Tor to run as an NT service.\n#RunAsDaemon 1\n\n## The directory for keeping all the keys/etc. By default, we store\n## things in $HOME/.tor on Unix, and in Application Data\\tor on Windows.\n#DataDirectory /var/lib/tor\n\n## The port on which Tor will listen for local connections from Tor\n## controller applications, as documented in control-spec.txt.\n#ControlPort 9051\n## If you enable the controlport, be sure to enable one of these\n## authentication methods, to prevent attackers from accessing it.\n#HashedControlPassword 16:872860B76453A77D60CA2BB8C1A7042072093276A3D701AD684053EC4C\n#CookieAuthentication 1\n\n############### This section is just for location-hidden services ###\n\n## Once you have configured a hidden service, you can look at the\n## contents of the file \".../hidden_service/hostname\" for the address\n## to tell people.\n##\n## HiddenServicePort x y:z says to redirect requests on port x to the\n## address y:z.\n\n#HiddenServiceDir /var/lib/tor/hidden_service/\n#HiddenServicePort 80 127.0.0.1:80\n\n#HiddenServiceDir /var/lib/tor/other_hidden_service/\n#HiddenServicePort 80 127.0.0.1:80\n#HiddenServicePort 22 127.0.0.1:22\n\n################ This section is just for relays #####################\n#\n## See https://www.torproject.org/docs/tor-doc-relay for details.\n\n## Required: what port to advertise for incoming Tor connections.\nORPort RELAY_PORT\n## If you want to listen on a port other than the one advertised in\n## ORPort (e.g. to advertise 443 but bind to 9090), you can do it as\n## follows. You'll need to do ipchains or other port forwarding\n## yourself to make this work.\n#ORPort 443 NoListen\n#ORPort 127.0.0.1:9090 NoAdvertise\n\n## The IP address or full DNS name for incoming connections to your\n## relay. Leave commented out and Tor will guess.\n#Address noname.example.com\n\n## If you have multiple network interfaces, you can specify one for\n## outgoing traffic to use.\n# OutboundBindAddress 10.0.0.5\n\n## A handle for your relay, so people don't have to refer to it by key.\nNickname RELAY_NICKNAME\n\n## Define these to limit how much relayed traffic you will allow. Your\n## own traffic is still unthrottled. Note that RelayBandwidthRate must\n## be at least 20 kilobytes per second.\n## Note that units for these config options are bytes (per second), not\n## bits (per second), and that prefixes are binary prefixes, i.e. 2^10,\n## 2^20, etc.\n#RelayBandwidthRate 100 KBytes # Throttle traffic to 100KB/s (800Kbps)\n#RelayBandwidthBurst 200 KBytes # But allow bursts up to 200KB (1600Kb)\nRelayBandwidthRate RELAY_BANDWIDTH_RATE\nRelayBandwidthBurst RELAY_BANDWIDTH_BURST\n\n## Use these to restrict the maximum traffic per day, week, or month.\n## Note that this threshold applies separately to sent and received bytes,\n## not to their sum: setting \"4 GB\" may allow up to 8 GB total before\n## hibernating.\n##\n## Set a maximum of 4 gigabytes each way per period.\n#AccountingMax 4 GBytes\n## Each period starts daily at midnight (AccountingMax is per day)\n#AccountingStart day 00:00\n## Each period starts on the 3rd of the month at 15:00 (AccountingMax\n## is per month)\n#AccountingStart month 3 15:00\n\n## Administrative contact information for this relay or bridge. This line\n## can be used to contact you if your relay or bridge is misconfigured or\n## something else goes wrong. Note that we archive and publish all\n## descriptors containing these lines and that Google indexes them, so\n## spammers might also collect them. You may want to obscure the fact that\n## it's an email address and/or generate a new address for this purpose.\n#ContactInfo Random Person \n## You might also include your PGP or GPG fingerprint if you have one:\nContactInfo CONTACT_GPG_FINGERPRINT CONTACT_NAME CONTACT_EMAIL\n\n## Uncomment this to mirror directory information for others. Please do\n## if you have enough bandwidth.\n#DirPort 9030 # what port to advertise for directory connections\n## If you want to listen on a port other than the one advertised in\n## DirPort (e.g. to advertise 80 but bind to 9091), you can do it as\n## follows. below too. You'll need to do ipchains or other port\n## forwarding yourself to make this work.\n#DirPort 80 NoListen\n#DirPort 127.0.0.1:9091 NoAdvertise\n## Uncomment to return an arbitrary blob of html on your DirPort. Now you\n## can explain what Tor is if anybody wonders why your IP address is\n## contacting them. See contrib/tor-exit-notice.html in Tor's source\n## distribution for a sample.\n#DirPortFrontPage /etc/tor/tor-exit-notice.html\n\n## Uncomment this if you run more than one Tor relay, and add the identity\n## key fingerprint of each Tor relay you control, even if they're on\n## different networks. You declare it here so Tor clients can avoid\n## using more than one of your relays in a single circuit. See\n## https://www.torproject.org/docs/faq#MultipleRelays\n## However, you should never include a bridge's fingerprint here, as it would\n## break its concealability and potentially reveal its IP/TCP address.\n#MyFamily $keyid,$keyid,...\n\n## A comma-separated list of exit policies. They're considered first\n## to last, and the first match wins. If you want to _replace_\n## the default exit policy, end this with either a reject *:* or an\n## accept *:*. Otherwise, you're _augmenting_ (prepending to) the\n## default exit policy. Leave commented to just use the default, which is\n## described in the man page or at\n## https://www.torproject.org/documentation.html\n##\n## Look at https://www.torproject.org/faq-abuse.html#TypicalAbuses\n## for issues you might encounter if you use the default exit policy.\n##\n## If certain IPs and ports are blocked externally, e.g. by your firewall,\n## you should update your exit policy to reflect this -- otherwise Tor\n## users will be told that those destinations are down.\n##\n## For security, by default Tor rejects connections to private (local)\n## networks, including to your public IP address. See the man page entry\n## for ExitPolicyRejectPrivate if you want to allow \"exit enclaving\".\n##\n#ExitPolicy accept *:6660-6667,reject *:* # allow irc ports but no more\n#ExitPolicy accept *:119 # accept nntp as well as default exit policy\nExitPolicy reject *:* # no exits allowed\n\n## Bridge relays (or \"bridges\") are Tor relays that aren't listed in the\n## main directory. Since there is no complete public list of them, even an\n## ISP that filters connections to all the known Tor relays probably\n## won't be able to block all the bridges. Also, websites won't treat you\n## differently because they won't know you're running Tor. If you can\n## be a real relay, please do; but if not, be a bridge!\nBridgeRelay 1\n## By default, Tor will advertise your bridge to users through various\n## mechanisms like https://bridges.torproject.org/. If you want to run\n## a private bridge, for example because you'll give out your bridge\n## address manually to your friends, uncomment this line:\n#PublishServerDescriptor 0\n" }, { "path": "tor-relay/torrc.exit", "content": "## Configuration file for a typical Tor user\n## Last updated 2 September 2014 for Tor 0.2.6.1-alpha.\n## (may or may not work for much older or much newer versions of Tor.)\n##\n## Lines that begin with \"## \" try to explain what's going on. Lines\n## that begin with just \"#\" are disabled commands: you can enable them\n## by removing the \"#\" symbol.\n##\n## See 'man tor', or https://www.torproject.org/docs/tor-manual.html,\n## for more options you can use in this file.\n##\n## Tor will look for this file in various places based on your platform:\n## https://www.torproject.org/docs/faq#torrc\n\n## Tor opens a socks proxy on port 9050 by default -- even if you don't\n## configure one below. Set \"SocksPort 0\" if you plan to run Tor only\n## as a relay, and not make any local application connections yourself.\n#SocksPort 9050 # Default: Bind to localhost:9050 for local connections.\n#SocksPort 192.168.0.1:9100 # Bind to this address:port too.\n\n## Entry policies to allow/deny SOCKS requests based on IP address.\n## First entry that matches wins. If no SocksPolicy is set, we accept\n## all (and only) requests that reach a SocksPort. Untrusted users who\n## can access your SocksPort may be able to learn about the connections\n## you make.\n#SocksPolicy accept 192.168.0.0/16\n#SocksPolicy reject *\n\n## Logs go to stdout at level \"notice\" unless redirected by something\n## else, like one of the below lines. You can have as many Log lines as\n## you want.\n##\n## We advise using \"notice\" in most cases, since anything more verbose\n## may provide sensitive information to an attacker who obtains the logs.\n##\n## Send all messages of level 'notice' or higher to /var/log/tor/notices.log\n#Log notice file /var/log/tor/notices.log\n## Send every possible message to /var/log/tor/debug.log\n#Log debug file /var/log/tor/debug.log\n## Use the system log instead of Tor's logfiles\n#Log notice syslog\n## To send all messages to stderr:\n#Log debug stderr\n\n## Uncomment this to start the process in the background... or use\n## --runasdaemon 1 on the command line. This is ignored on Windows;\n## see the FAQ entry if you want Tor to run as an NT service.\n#RunAsDaemon 1\n\n## The directory for keeping all the keys/etc. By default, we store\n## things in $HOME/.tor on Unix, and in Application Data\\tor on Windows.\n#DataDirectory /var/lib/tor\n\n## The port on which Tor will listen for local connections from Tor\n## controller applications, as documented in control-spec.txt.\n#ControlPort 9051\n## If you enable the controlport, be sure to enable one of these\n## authentication methods, to prevent attackers from accessing it.\n#HashedControlPassword 16:872860B76453A77D60CA2BB8C1A7042072093276A3D701AD684053EC4C\n#CookieAuthentication 1\n\n############### This section is just for location-hidden services ###\n\n## Once you have configured a hidden service, you can look at the\n## contents of the file \".../hidden_service/hostname\" for the address\n## to tell people.\n##\n## HiddenServicePort x y:z says to redirect requests on port x to the\n## address y:z.\n\n#HiddenServiceDir /var/lib/tor/hidden_service/\n#HiddenServicePort 80 127.0.0.1:80\n\n#HiddenServiceDir /var/lib/tor/other_hidden_service/\n#HiddenServicePort 80 127.0.0.1:80\n#HiddenServicePort 22 127.0.0.1:22\n\n################ This section is just for relays #####################\n#\n## See https://www.torproject.org/docs/tor-doc-relay for details.\n\n## Required: what port to advertise for incoming Tor connections.\nORPort RELAY_PORT\n## If you want to listen on a port other than the one advertised in\n## ORPort (e.g. to advertise 443 but bind to 9090), you can do it as\n## follows. You'll need to do ipchains or other port forwarding\n## yourself to make this work.\n#ORPort 443 NoListen\n#ORPort 127.0.0.1:9090 NoAdvertise\n\n## The IP address or full DNS name for incoming connections to your\n## relay. Leave commented out and Tor will guess.\n#Address noname.example.com\n\n## If you have multiple network interfaces, you can specify one for\n## outgoing traffic to use.\n# OutboundBindAddress 10.0.0.5\n\n## A handle for your relay, so people don't have to refer to it by key.\nNickname RELAY_NICKNAME\n\n## Define these to limit how much relayed traffic you will allow. Your\n## own traffic is still unthrottled. Note that RelayBandwidthRate must\n## be at least 20 kilobytes per second.\n## Note that units for these config options are bytes (per second), not\n## bits (per second), and that prefixes are binary prefixes, i.e. 2^10,\n## 2^20, etc.\n#RelayBandwidthRate 100 KBytes # Throttle traffic to 100KB/s (800Kbps)\n#RelayBandwidthBurst 200 KBytes # But allow bursts up to 200KB (1600Kb)\nRelayBandwidthRate RELAY_BANDWIDTH_RATE\nRelayBandwidthBurst RELAY_BANDWIDTH_BURST\n\n## Use these to restrict the maximum traffic per day, week, or month.\n## Note that this threshold applies separately to sent and received bytes,\n## not to their sum: setting \"4 GB\" may allow up to 8 GB total before\n## hibernating.\n##\n## Set a maximum of 4 gigabytes each way per period.\n#AccountingMax 4 GBytes\n## Each period starts daily at midnight (AccountingMax is per day)\n#AccountingStart day 00:00\n## Each period starts on the 3rd of the month at 15:00 (AccountingMax\n## is per month)\n#AccountingStart month 3 15:00\n\n## Administrative contact information for this relay or bridge. This line\n## can be used to contact you if your relay or bridge is misconfigured or\n## something else goes wrong. Note that we archive and publish all\n## descriptors containing these lines and that Google indexes them, so\n## spammers might also collect them. You may want to obscure the fact that\n## it's an email address and/or generate a new address for this purpose.\n#ContactInfo Random Person \n## You might also include your PGP or GPG fingerprint if you have one:\nContactInfo CONTACT_GPG_FINGERPRINT CONTACT_NAME CONTACT_EMAIL\n\n## Uncomment this to mirror directory information for others. Please do\n## if you have enough bandwidth.\n#DirPort 9030 # what port to advertise for directory connections\n## If you want to listen on a port other than the one advertised in\n## DirPort (e.g. to advertise 80 but bind to 9091), you can do it as\n## follows. below too. You'll need to do ipchains or other port\n## forwarding yourself to make this work.\n#DirPort 80 NoListen\n#DirPort 127.0.0.1:9091 NoAdvertise\n## Uncomment to return an arbitrary blob of html on your DirPort. Now you\n## can explain what Tor is if anybody wonders why your IP address is\n## contacting them. See contrib/tor-exit-notice.html in Tor's source\n## distribution for a sample.\n#DirPortFrontPage /etc/tor/tor-exit-notice.html\n\n## Uncomment this if you run more than one Tor relay, and add the identity\n## key fingerprint of each Tor relay you control, even if they're on\n## different networks. You declare it here so Tor clients can avoid\n## using more than one of your relays in a single circuit. See\n## https://www.torproject.org/docs/faq#MultipleRelays\n## However, you should never include a bridge's fingerprint here, as it would\n## break its concealability and potentially reveal its IP/TCP address.\n#MyFamily $keyid,$keyid,...\n\n## A comma-separated list of exit policies. They're considered first\n## to last, and the first match wins. If you want to _replace_\n## the default exit policy, end this with either a reject *:* or an\n## accept *:*. Otherwise, you're _augmenting_ (prepending to) the\n## default exit policy. Leave commented to just use the default, which is\n## described in the man page or at\n## https://www.torproject.org/documentation.html\n##\n## Look at https://www.torproject.org/faq-abuse.html#TypicalAbuses\n## for issues you might encounter if you use the default exit policy.\n##\n## If certain IPs and ports are blocked externally, e.g. by your firewall,\n## you should update your exit policy to reflect this -- otherwise Tor\n## users will be told that those destinations are down.\n##\n## For security, by default Tor rejects connections to private (local)\n## networks, including to your public IP address. See the man page entry\n## for ExitPolicyRejectPrivate if you want to allow \"exit enclaving\".\n##\n#ExitPolicy accept *:6660-6667,reject *:* # allow irc ports but no more\n#ExitPolicy accept *:119 # accept nntp as well as default exit policy\n#ExitPolicy reject *:* # no exits allowed\n#\n# Reduced exit policy from https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy\nExitPolicy accept *:20-23 # FTP, SSH, telnet\nExitPolicy accept *:43 # WHOIS\nExitPolicy accept *:53 # DNS\nExitPolicy accept *:79-81 # finger, HTTP\nExitPolicy accept *:88 # kerberos\nExitPolicy accept *:110 # POP3\nExitPolicy accept *:143 # IMAP\nExitPolicy accept *:194 # IRC\nExitPolicy accept *:220 # IMAP3\nExitPolicy accept *:389 # LDAP\nExitPolicy accept *:443 # HTTPS\nExitPolicy accept *:464 # kpasswd\nExitPolicy accept *:465 # URD for SSM (more often: an alternative SUBMISSION port, see 587)\nExitPolicy accept *:531 # IRC/AIM\nExitPolicy accept *:543-544 # Kerberos\nExitPolicy accept *:554 # RTSP\nExitPolicy accept *:563 # NNTP over SSL\nExitPolicy accept *:587 # SUBMISSION (authenticated clients [MUA's like Thunderbird] send mail over STARTTLS SMTP here)\nExitPolicy accept *:636 # LDAP over SSL\nExitPolicy accept *:706 # SILC\nExitPolicy accept *:749 # kerberos\nExitPolicy accept *:873 # rsync\nExitPolicy accept *:902-904 # VMware\nExitPolicy accept *:981 # Remote HTTPS management for firewall\nExitPolicy accept *:989-995 # FTP over SSL, Netnews Administration System, telnets, IMAP over SSL, ircs, POP3 over SSL\nExitPolicy accept *:1194 # OpenVPN\nExitPolicy accept *:1220 # QT Server Admin\nExitPolicy accept *:1293 # PKT-KRB-IPSec\nExitPolicy accept *:1500 # VLSI License Manager\nExitPolicy accept *:1533 # Sametime\nExitPolicy accept *:1677 # GroupWise\nExitPolicy accept *:1723 # PPTP\nExitPolicy accept *:1755 # RTSP\nExitPolicy accept *:1863 # MSNP\nExitPolicy accept *:2082 # Infowave Mobility Server\nExitPolicy accept *:2083 # Secure Radius Service (radsec)\nExitPolicy accept *:2086-2087 # GNUnet, ELI\nExitPolicy accept *:2095-2096 # NBX\nExitPolicy accept *:2102-2104 # Zephyr\nExitPolicy accept *:3128 # SQUID\nExitPolicy accept *:3389 # MS WBT\nExitPolicy accept *:3690 # SVN\nExitPolicy accept *:4321 # RWHOIS\nExitPolicy accept *:4643 # Virtuozzo\nExitPolicy accept *:5050 # MMCC\nExitPolicy accept *:5190 # ICQ\nExitPolicy accept *:5222-5223 # XMPP, XMPP over SSL\nExitPolicy accept *:5228 # Android Market\nExitPolicy accept *:5900 # VNC\nExitPolicy accept *:6660-6669 # IRC\nExitPolicy accept *:6679 # IRC SSL\nExitPolicy accept *:6697 # IRC SSL\nExitPolicy accept *:8000 # iRDMI\nExitPolicy accept *:8008 # HTTP alternate\nExitPolicy accept *:8074 # Gadu-Gadu\nExitPolicy accept *:8080 # HTTP Proxies\nExitPolicy accept *:8082 # HTTPS Electrum Bitcoin port\nExitPolicy accept *:8087-8088 # Simplify Media SPP Protocol, Radan HTTP\nExitPolicy accept *:8332-8333 # Bitcoin\nExitPolicy accept *:8443 # PCsync HTTPS\nExitPolicy accept *:8888 # HTTP Proxies, NewsEDGE\nExitPolicy accept *:9418 # git\nExitPolicy accept *:9999 # distinct\nExitPolicy accept *:10000 # Network Data Management Protocol\nExitPolicy accept *:11371 # OpenPGP hkp (http keyserver protocol)\nExitPolicy accept *:19294 # Google Voice TCP\nExitPolicy accept *:19638 # Ensim control panel\nExitPolicy accept *:50002 # Electrum Bitcoin SSL\nExitPolicy accept *:64738 # Mumble\nExitPolicy reject *:*\n\n## Bridge relays (or \"bridges\") are Tor relays that aren't listed in the\n## main directory. Since there is no complete public list of them, even an\n## ISP that filters connections to all the known Tor relays probably\n## won't be able to block all the bridges. Also, websites won't treat you\n## differently because they won't know you're running Tor. If you can\n## be a real relay, please do; but if not, be a bridge!\n#BridgeRelay 1\n## By default, Tor will advertise your bridge to users through various\n## mechanisms like https://bridges.torproject.org/. If you want to run\n## a private bridge, for example because you'll give out your bridge\n## address manually to your friends, uncomment this line:\n#PublishServerDescriptor 0\n" }, { "path": "tor-relay/torrc.middle", "content": "## Configuration file for a typical Tor user\n## Last updated 2 September 2014 for Tor 0.2.6.1-alpha.\n## (may or may not work for much older or much newer versions of Tor.)\n##\n## Lines that begin with \"## \" try to explain what's going on. Lines\n## that begin with just \"#\" are disabled commands: you can enable them\n## by removing the \"#\" symbol.\n##\n## See 'man tor', or https://www.torproject.org/docs/tor-manual.html,\n## for more options you can use in this file.\n##\n## Tor will look for this file in various places based on your platform:\n## https://www.torproject.org/docs/faq#torrc\n\n## Tor opens a socks proxy on port 9050 by default -- even if you don't\n## configure one below. Set \"SocksPort 0\" if you plan to run Tor only\n## as a relay, and not make any local application connections yourself.\n#SocksPort 9050 # Default: Bind to localhost:9050 for local connections.\n#SocksPort 192.168.0.1:9100 # Bind to this address:port too.\n\n## Entry policies to allow/deny SOCKS requests based on IP address.\n## First entry that matches wins. If no SocksPolicy is set, we accept\n## all (and only) requests that reach a SocksPort. Untrusted users who\n## can access your SocksPort may be able to learn about the connections\n## you make.\n#SocksPolicy accept 192.168.0.0/16\n#SocksPolicy reject *\n\n## Logs go to stdout at level \"notice\" unless redirected by something\n## else, like one of the below lines. You can have as many Log lines as\n## you want.\n##\n## We advise using \"notice\" in most cases, since anything more verbose\n## may provide sensitive information to an attacker who obtains the logs.\n##\n## Send all messages of level 'notice' or higher to /var/log/tor/notices.log\n#Log notice file /var/log/tor/notices.log\n## Send every possible message to /var/log/tor/debug.log\n#Log debug file /var/log/tor/debug.log\n## Use the system log instead of Tor's logfiles\n#Log notice syslog\n## To send all messages to stderr:\n#Log debug stderr\n\n## Uncomment this to start the process in the background... or use\n## --runasdaemon 1 on the command line. This is ignored on Windows;\n## see the FAQ entry if you want Tor to run as an NT service.\n#RunAsDaemon 1\n\n## The directory for keeping all the keys/etc. By default, we store\n## things in $HOME/.tor on Unix, and in Application Data\\tor on Windows.\n#DataDirectory /var/lib/tor\n\n## The port on which Tor will listen for local connections from Tor\n## controller applications, as documented in control-spec.txt.\n#ControlPort 9051\n## If you enable the controlport, be sure to enable one of these\n## authentication methods, to prevent attackers from accessing it.\n#HashedControlPassword 16:872860B76453A77D60CA2BB8C1A7042072093276A3D701AD684053EC4C\n#CookieAuthentication 1\n\n############### This section is just for location-hidden services ###\n\n## Once you have configured a hidden service, you can look at the\n## contents of the file \".../hidden_service/hostname\" for the address\n## to tell people.\n##\n## HiddenServicePort x y:z says to redirect requests on port x to the\n## address y:z.\n\n#HiddenServiceDir /var/lib/tor/hidden_service/\n#HiddenServicePort 80 127.0.0.1:80\n\n#HiddenServiceDir /var/lib/tor/other_hidden_service/\n#HiddenServicePort 80 127.0.0.1:80\n#HiddenServicePort 22 127.0.0.1:22\n\n################ This section is just for relays #####################\n#\n## See https://www.torproject.org/docs/tor-doc-relay for details.\n\n## Required: what port to advertise for incoming Tor connections.\nORPort RELAY_PORT\n## If you want to listen on a port other than the one advertised in\n## ORPort (e.g. to advertise 443 but bind to 9090), you can do it as\n## follows. You'll need to do ipchains or other port forwarding\n## yourself to make this work.\n#ORPort 443 NoListen\n#ORPort 127.0.0.1:9090 NoAdvertise\n\n## The IP address or full DNS name for incoming connections to your\n## relay. Leave commented out and Tor will guess.\n#Address noname.example.com\n\n## If you have multiple network interfaces, you can specify one for\n## outgoing traffic to use.\n# OutboundBindAddress 10.0.0.5\n\n## A handle for your relay, so people don't have to refer to it by key.\nNickname RELAY_NICKNAME\n\n## Define these to limit how much relayed traffic you will allow. Your\n## own traffic is still unthrottled. Note that RelayBandwidthRate must\n## be at least 20 kilobytes per second.\n## Note that units for these config options are bytes (per second), not\n## bits (per second), and that prefixes are binary prefixes, i.e. 2^10,\n## 2^20, etc.\n#RelayBandwidthRate 100 KBytes # Throttle traffic to 100KB/s (800Kbps)\n#RelayBandwidthBurst 200 KBytes # But allow bursts up to 200KB (1600Kb)\nRelayBandwidthRate RELAY_BANDWIDTH_RATE\nRelayBandwidthBurst RELAY_BANDWIDTH_BURST\n\n## Use these to restrict the maximum traffic per day, week, or month.\n## Note that this threshold applies separately to sent and received bytes,\n## not to their sum: setting \"4 GB\" may allow up to 8 GB total before\n## hibernating.\n##\n## Set a maximum of 4 gigabytes each way per period.\n#AccountingMax 4 GBytes\n## Each period starts daily at midnight (AccountingMax is per day)\n#AccountingStart day 00:00\n## Each period starts on the 3rd of the month at 15:00 (AccountingMax\n## is per month)\n#AccountingStart month 3 15:00\n\n## Administrative contact information for this relay or bridge. This line\n## can be used to contact you if your relay or bridge is misconfigured or\n## something else goes wrong. Note that we archive and publish all\n## descriptors containing these lines and that Google indexes them, so\n## spammers might also collect them. You may want to obscure the fact that\n## it's an email address and/or generate a new address for this purpose.\n#ContactInfo Random Person \n## You might also include your PGP or GPG fingerprint if you have one:\nContactInfo CONTACT_GPG_FINGERPRINT CONTACT_NAME CONTACT_EMAIL\n\n## Uncomment this to mirror directory information for others. Please do\n## if you have enough bandwidth.\n#DirPort 9030 # what port to advertise for directory connections\n## If you want to listen on a port other than the one advertised in\n## DirPort (e.g. to advertise 80 but bind to 9091), you can do it as\n## follows. below too. You'll need to do ipchains or other port\n## forwarding yourself to make this work.\n#DirPort 80 NoListen\n#DirPort 127.0.0.1:9091 NoAdvertise\n## Uncomment to return an arbitrary blob of html on your DirPort. Now you\n## can explain what Tor is if anybody wonders why your IP address is\n## contacting them. See contrib/tor-exit-notice.html in Tor's source\n## distribution for a sample.\n#DirPortFrontPage /etc/tor/tor-exit-notice.html\n\n## Uncomment this if you run more than one Tor relay, and add the identity\n## key fingerprint of each Tor relay you control, even if they're on\n## different networks. You declare it here so Tor clients can avoid\n## using more than one of your relays in a single circuit. See\n## https://www.torproject.org/docs/faq#MultipleRelays\n## However, you should never include a bridge's fingerprint here, as it would\n## break its concealability and potentially reveal its IP/TCP address.\n#MyFamily $keyid,$keyid,...\n\n## A comma-separated list of exit policies. They're considered first\n## to last, and the first match wins. If you want to _replace_\n## the default exit policy, end this with either a reject *:* or an\n## accept *:*. Otherwise, you're _augmenting_ (prepending to) the\n## default exit policy. Leave commented to just use the default, which is\n## described in the man page or at\n## https://www.torproject.org/documentation.html\n##\n## Look at https://www.torproject.org/faq-abuse.html#TypicalAbuses\n## for issues you might encounter if you use the default exit policy.\n##\n## If certain IPs and ports are blocked externally, e.g. by your firewall,\n## you should update your exit policy to reflect this -- otherwise Tor\n## users will be told that those destinations are down.\n##\n## For security, by default Tor rejects connections to private (local)\n## networks, including to your public IP address. See the man page entry\n## for ExitPolicyRejectPrivate if you want to allow \"exit enclaving\".\n##\n#ExitPolicy accept *:6660-6667,reject *:* # allow irc ports but no more\n#ExitPolicy accept *:119 # accept nntp as well as default exit policy\nExitPolicy reject *:* # no exits allowed\n\n## Bridge relays (or \"bridges\") are Tor relays that aren't listed in the\n## main directory. Since there is no complete public list of them, even an\n## ISP that filters connections to all the known Tor relays probably\n## won't be able to block all the bridges. Also, websites won't treat you\n## differently because they won't know you're running Tor. If you can\n## be a real relay, please do; but if not, be a bridge!\n#BridgeRelay 1\n## By default, Tor will advertise your bridge to users through various\n## mechanisms like https://bridges.torproject.org/. If you want to run\n## a private bridge, for example because you'll give out your bridge\n## address manually to your friends, uncomment this line:\n#PublishServerDescriptor 0\n" }, { "path": "tor-router/Dockerfile", "content": "# run tor in a container\n#\n# docker run -d \\\n#\t--restart always \\\n#\t-v /etc/localtime:/etc/localtime:ro \\\n#\t-p 9040:22340 \\\n#\t-p 5353:22353 \\\n# \t--name tor-router \\\n# \tjess/tor-router\n#\nFROM debian:sid-slim\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN apt-get update && apt-get install -y \\\n\ttor \\\n\t--no-install-recommends \\\n\t&& rm -rf /var/lib/apt/lists/*\n\nEXPOSE 22340\nEXPOSE 22350\nEXPOSE 22353\n\n# copy in our torrc file\nCOPY torrc.default /etc/tor/torrc.default\n\n# make sure files are owned by tor user\nRUN chown -R debian-tor:debian-tor /etc/tor/torrc.default\n\nUSER debian-tor\n\nENTRYPOINT [ \"tor\" ]\nCMD [ \"-f\", \"/etc/tor/torrc.default\" ]\n" }, { "path": "tor-router/torrc.default", "content": "## Configuration file for a typical Tor user\n## Last updated 2 September 2014 for Tor 0.2.6.1-alpha.\n## (may or may not work for much older or much newer versions of Tor.)\n##\n## Lines that begin with \"## \" try to explain what's going on. Lines\n## that begin with just \"#\" are disabled commands: you can enable them\n## by removing the \"#\" symbol.\n##\n## See 'man tor', or https://www.torproject.org/docs/tor-manual.html,\n## for more options you can use in this file.\n##\n## Tor will look for this file in various places based on your platform:\n## https://www.torproject.org/docs/faq#torrc\n\n## Tor opens a socks proxy on port 9050 by default -- even if you don't\n## configure one below. Set \"SocksPort 0\" if you plan to run Tor only\n## as a relay, and not make any local application connections yourself.\n#SocksPort 9050 # Default: Bind to localhost:9050 for local connections.\n#SocksPort 192.168.0.1:9100 # Bind to this address:port too.\nSocksPort 0.0.0.0:22350\n\nVirtualAddrNetworkIPv4 10.192.0.0/10\nAutomapHostsOnResolve 1\nDNSPort 22353\nDNSListenAddress 0.0.0.0\nTransPort 22340\nTransListenAddress 0.0.0.0\n\n## Entry policies to allow/deny SOCKS requests based on IP address.\n## First entry that matches wins. If no SocksPolicy is set, we accept\n## all (and only) requests that reach a SocksPort. Untrusted users who\n## can access your SocksPort may be able to learn about the connections\n## you make.\n#SocksPolicy accept 192.168.0.0/16\n#SocksPolicy reject *\n\n## Logs go to stdout at level \"notice\" unless redirected by something\n## else, like one of the below lines. You can have as many Log lines as\n## you want.\n##\n## We advise using \"notice\" in most cases, since anything more verbose\n## may provide sensitive information to an attacker who obtains the logs.\n##\n## Send all messages of level 'notice' or higher to /var/log/tor/notices.log\n#Log notice file /var/log/tor/notices.log\n## Send every possible message to /var/log/tor/debug.log\n#Log debug file /var/log/tor/debug.log\n## Use the system log instead of Tor's logfiles\n#Log notice syslog\n## To send all messages to stderr:\n#Log debug stderr\n\n## Uncomment this to start the process in the background... or use\n## --runasdaemon 1 on the command line. This is ignored on Windows;\n## see the FAQ entry if you want Tor to run as an NT service.\n#RunAsDaemon 1\n\n## The directory for keeping all the keys/etc. By default, we store\n## things in $HOME/.tor on Unix, and in Application Data\\tor on Windows.\nDataDirectory /var/lib/tor\n\n## The port on which Tor will listen for local connections from Tor\n## controller applications, as documented in control-spec.txt.\n#ControlPort 9051\n## If you enable the controlport, be sure to enable one of these\n## authentication methods, to prevent attackers from accessing it.\n#HashedControlPassword 16:872860B76453A77D60CA2BB8C1A7042072093276A3D701AD684053EC4C\n#CookieAuthentication 1\n\n############### This section is just for location-hidden services ###\n\n## Once you have configured a hidden service, you can look at the\n## contents of the file \".../hidden_service/hostname\" for the address\n## to tell people.\n##\n## HiddenServicePort x y:z says to redirect requests on port x to the\n## address y:z.\n\n#HiddenServiceDir /var/lib/tor/hidden_service/\n#HiddenServicePort 80 127.0.0.1:80\n\n#HiddenServiceDir /var/lib/tor/other_hidden_service/\n#HiddenServicePort 80 127.0.0.1:80\n#HiddenServicePort 22 127.0.0.1:22\n\n################ This section is just for relays #####################\n#\n## See https://www.torproject.org/docs/tor-doc-relay for details.\n\n## Required: what port to advertise for incoming Tor connections.\n#ORPort 9001\n## If you want to listen on a port other than the one advertised in\n## ORPort (e.g. to advertise 443 but bind to 9090), you can do it as\n## follows. You'll need to do ipchains or other port forwarding\n## yourself to make this work.\n#ORPort 443 NoListen\n#ORPort 127.0.0.1:9090 NoAdvertise\n\n## The IP address or full DNS name for incoming connections to your\n## relay. Leave commented out and Tor will guess.\n#Address noname.example.com\n\n## If you have multiple network interfaces, you can specify one for\n## outgoing traffic to use.\n# OutboundBindAddress 10.0.0.5\n\n## A handle for your relay, so people don't have to refer to it by key.\n#Nickname hacktheplanet\n\n## Define these to limit how much relayed traffic you will allow. Your\n## own traffic is still unthrottled. Note that RelayBandwidthRate must\n## be at least 20 kilobytes per second.\n## Note that units for these config options are bytes (per second), not\n## bits (per second), and that prefixes are binary prefixes, i.e. 2^10,\n## 2^20, etc.\n#RelayBandwidthRate 100 KBytes # Throttle traffic to 100KB/s (800Kbps)\n#RelayBandwidthBurst 200 KBytes # But allow bursts up to 200KB (1600Kb)\n\n## Use these to restrict the maximum traffic per day, week, or month.\n## Note that this threshold applies separately to sent and received bytes,\n## not to their sum: setting \"4 GB\" may allow up to 8 GB total before\n## hibernating.\n##\n## Set a maximum of 4 gigabytes each way per period.\n#AccountingMax 4 GBytes\n## Each period starts daily at midnight (AccountingMax is per day)\n#AccountingStart day 00:00\n## Each period starts on the 3rd of the month at 15:00 (AccountingMax\n## is per month)\n#AccountingStart month 3 15:00\n\n## Administrative contact information for this relay or bridge. This line\n## can be used to contact you if your relay or bridge is misconfigured or\n## something else goes wrong. Note that we archive and publish all\n## descriptors containing these lines and that Google indexes them, so\n## spammers might also collect them. You may want to obscure the fact that\n## it's an email address and/or generate a new address for this purpose.\n#ContactInfo Random Person \n## You might also include your PGP or GPG fingerprint if you have one:\n#ContactInfo ${CONTACT_GPG_FINGERPRINT} ${CONTACT_NAME} ${CONTACT_EMAIL}\n\n## Uncomment this to mirror directory information for others. Please do\n## if you have enough bandwidth.\n#DirPort 9030 # what port to advertise for directory connections\n## If you want to listen on a port other than the one advertised in\n## DirPort (e.g. to advertise 80 but bind to 9091), you can do it as\n## follows. below too. You'll need to do ipchains or other port\n## forwarding yourself to make this work.\n#DirPort 80 NoListen\n#DirPort 127.0.0.1:9091 NoAdvertise\n## Uncomment to return an arbitrary blob of html on your DirPort. Now you\n## can explain what Tor is if anybody wonders why your IP address is\n## contacting them. See contrib/tor-exit-notice.html in Tor's source\n## distribution for a sample.\n#DirPortFrontPage /etc/tor/tor-exit-notice.html\n\n## Uncomment this if you run more than one Tor relay, and add the identity\n## key fingerprint of each Tor relay you control, even if they're on\n## different networks. You declare it here so Tor clients can avoid\n## using more than one of your relays in a single circuit. See\n## https://www.torproject.org/docs/faq#MultipleRelays\n## However, you should never include a bridge's fingerprint here, as it would\n## break its concealability and potentially reveal its IP/TCP address.\n#MyFamily $keyid,$keyid,...\n\n## A comma-separated list of exit policies. They're considered first\n## to last, and the first match wins. If you want to _replace_\n## the default exit policy, end this with either a reject *:* or an\n## accept *:*. Otherwise, you're _augmenting_ (prepending to) the\n## default exit policy. Leave commented to just use the default, which is\n## described in the man page or at\n## https://www.torproject.org/documentation.html\n##\n## Look at https://www.torproject.org/faq-abuse.html#TypicalAbuses\n## for issues you might encounter if you use the default exit policy.\n##\n## If certain IPs and ports are blocked externally, e.g. by your firewall,\n## you should update your exit policy to reflect this -- otherwise Tor\n## users will be told that those destinations are down.\n##\n## For security, by default Tor rejects connections to private (local)\n## networks, including to your public IP address. See the man page entry\n## for ExitPolicyRejectPrivate if you want to allow \"exit enclaving\".\n##\n#ExitPolicy accept *:6660-6667,reject *:* # allow irc ports but no more\n#ExitPolicy accept *:119 # accept nntp as well as default exit policy\n#ExitPolicy reject *:* # no exits allowed\n\n## Bridge relays (or \"bridges\") are Tor relays that aren't listed in the\n## main directory. Since there is no complete public list of them, even an\n## ISP that filters connections to all the known Tor relays probably\n## won't be able to block all the bridges. Also, websites won't treat you\n## differently because they won't know you're running Tor. If you can\n## be a real relay, please do; but if not, be a bridge!\n#BridgeRelay 1\n## By default, Tor will advertise your bridge to users through various\n## mechanisms like https://bridges.torproject.org/. If you want to run\n## a private bridge, for example because you'll give out your bridge\n## address manually to your friends, uncomment this line:\n#PublishServerDescriptor 0\n" }, { "path": "traceroute/Dockerfile", "content": "FROM debian:bullseye-slim\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN apt-get update && apt-get install -y \\\n\ttraceroute \\\n\t--no-install-recommends \\\n\t&& rm -rf /var/lib/apt/lists/*\n\nENTRYPOINT [ \"traceroute\" ]\n" }, { "path": "transfer-sh/Dockerfile", "content": "FROM golang:alpine as builder\nLABEL maintainer \"Jess Frazelle \"\n\nRUN\tapk --no-cache add \\\n\tca-certificates \\\n\tgit\n\nENV PATH /go/bin:/usr/local/go/bin:$PATH\nENV GOPATH /go\n\nENV TRANSFER_SH_VERSION master\n\nRUN\tgit clone --depth 1 --branch ${TRANSFER_SH_VERSION} https://github.com/dutchcoders/transfer.sh /go/src/github.com/dutchcoders/transfer.sh\n\nWORKDIR /go/src/github.com/dutchcoders/transfer.sh\n\nRUN GO111MODULE=on go build -o /usr/bin/transfer.sh\n\n# Create a clean image without build dependencies\nFROM alpine:latest\n\nCOPY --from=builder /usr/bin/transfer.sh /usr/bin/transfer.sh\nCOPY --from=builder /etc/ssl/certs/ /etc/ssl/certs\n\nENTRYPOINT [ \"transfer.sh\" ]\nCMD [ \"--help\" ]\n" }, { "path": "transmission/Dockerfile", "content": "# DESCRIPTION:\t Create transmission container with its dependencies\n# AUTHOR:\t\t Jessie Frazelle \n# COMMENTS:\n#\tThis file describes how to build a transmission container with all\n#\tdependencies installed.\n#\tTested on Debian Jessie\n# USAGE:\n#\t# Download transmission Dockerfile\n#\twget https://raw.githubusercontent.com/jessfraz/dockerfiles/master/transmission/Dockerfile\n#\n#\t# Build transmission image\n#\tdocker build -t jess/transmission .\n#\n#\tdocker run -d --name transmission \\\n#\t\t-v /home/jessie/Torrents:/transmission/download \\\n#\t\t-p 9091:9091 -p 51413:51413 -p 51413:51413/udp \\\n#\t\tjess/transmission\n#\n\n# Base docker image\nFROM alpine:latest\nLABEL maintainer \"Jessie Frazelle \"\n\n# machine parsable metadata, for https://github.com/pycampers/dockapt\nLABEL \"registry_image\"=\"r.j3ss.co/transmission\"\nLABEL \"docker_run_flags\"=\"-d --name transmission \\\n\t\t-v ~/Downloads:/transmission/download \\\n\t\t-p 9091:9091 -p 51413:51413 -p 51413:51413/udp\"\n\nRUN apk --no-cache add \\\n\ttransmission-daemon \\\n\t&& mkdir -p /transmission/download \\\n\t\t/transmission/watch \\\n\t\t/transmission/incomplete \\\n\t\t/transmission/config \\\n\t&& chmod 1777 /transmission\n\nENV TRANSMISSION_HOME /transmission/config\n\nEXPOSE 9091\n\nENTRYPOINT [\"/usr/bin/transmission-daemon\"]\nCMD [ \"--allowed\", \"127.*,10.*,192.168.*,172.16.*,172.17.*,172.18.*,172.19.*,172.20.*,172.21.*,172.22.*,172.23.*,172.24.*,172.25.*,172.26.*,172.27.*,172.28.*,172.29.*,172.30.*,172.31.*,169.254.*\", \"--watch-dir\", \"/transmission/watch\", \"--encryption-preferred\", \"--foreground\", \"--config-dir\", \"/transmission/config\", \"--incomplete-dir\", \"/transmission/incomplete\", \"--dht\", \"--no-auth\", \"--download-dir\", \"/transmission/download\" ]\n" }, { "path": "transmission-ui/Dockerfile", "content": "# DESCRIPTION:\t Create transmission container with its dependencies\n# AUTHOR:\t\t Jessie Frazelle \n# COMMENTS:\n#\tThis file describes how to build a transmission container with all\n#\tdependencies installed. It uses native X11 unix socket.\n#\tTested on Debian Jessie\n# USAGE:\n#\t# Download transmission-ui Dockerfile\n#\twget https://raw.githubusercontent.com/jessfraz/dockerfiles/master/transmission-ui/Dockerfile\n#\n#\t# Build transmission image\n#\tdocker build -t jess/transmission-ui .\n#\n#\tdocker run -v /tmp/.X11-unix:/tmp/.X11-unix \\\n#\t\t-v /home/jessie/Torrents:/Torrents \\\n#\t\t-e DISPLAY=unix$DISPLAY jess/transmission-ui\n#\n\n# Base docker image\nFROM debian:bullseye-slim\nLABEL maintainer \"Jessie Frazelle \"\n\n# Install transmission and its dependencies\nRUN apt-get update && apt-get install -y \\\n\ttransmission-cli \\\n\ttransmission-common \\\n\ttransmission-daemon \\\n\ttransmission-gtk \\\n\t--no-install-recommends \\\n\t&& rm -rf /var/lib/apt/lists/*\n\n# Autorun transmission\nCMD [\"/usr/bin/transmission-gtk\"]\n" }, { "path": "travis/Dockerfile", "content": "FROM\truby:alpine\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN\tapk add --no-cache \\\n\tca-certificates \\\n\tgit\n\nRUN\tset -x \\\n\t&& apk add --no-cache --virtual .build-deps \\\n\tbuild-base \\\n\t&& gem install travis --no-document \\\n\t&& apk del .build-deps\n\nENTRYPOINT\t[\"travis\"]\n" }, { "path": "troff/Dockerfile", "content": "FROM alpine:latest\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN apk --no-cache add \\\n\theirloom-doctools\n\nENTRYPOINT [\"troff\"]\n" }, { "path": "unifi/Dockerfile", "content": "# Run the Ubiquiti UniFi Controller in a container\n#\n# Setup a local directory to store your unifi controller config:\n# \tmkdir -p ~/.config/unifi/\n# \tchmod -R 0700 ~/.config/unifi/\n#\n# If you have already been using a locally installed unifi controller,\n# copy the contents of your existing unifi config:\n#\tcp -R /var/lib/unifi/* ~/.config/unifi/\t# Linux\n#\tcp -R ~/Library/Application\\ Support/UniFi/* ~/.config/unifi/ # MacOS\n#\n# Build the docker image (from directory with this Dockerfile & entrypoint.sh):\n#\tdocker build -t unifi .\n#\n# Start a unifi controller container:\n#\tdocker run \\ # interactive mode isn't necessary\n#\t\t-v ~/.config/unifi:/config \\ # for persistent config\n#\t\t-p 8080:8080 -p 8443:8443 -p 8843:8843 -p 8880:8880 -p 3478:3478/udp \\\n#\t\t--name unifi \\\n#\t\tunifi\n#\n# Access the controller in your browser at: https://127.0.0.1:8443\n#\n# If existing devices are showing up as \"disconnected\" once logged in,\n# SSH into each device and run:\n# \tset-inform http://ip_of_docker_host:8080/inform\n#\n\nFROM ubuntu:16.04\n\n# environment settings\nENV DEBIAN_FRONTEND=\"noninteractive\"\n\n# install deps\nRUN apt-get update && apt-get install -y \\\n\tca-certificates \\\n\tdirmngr \\\n\tgnupg \\\n\t--no-install-recommends \\\n\t&& rm -rf /var/lib/apt/lists/*\n\n# install gosu\nENV GOSU_VERSION 1.12\nRUN set -ex; \\\n\t\\\n\tfetchDeps=' \\\n\t\twget \\\n\t'; \\\n\tapt-get update; \\\n\tapt-get install -y --no-install-recommends $fetchDeps; \\\n\trm -rf /var/lib/apt/lists/*; \\\n\t\\\n\tdpkgArch=\"$(dpkg --print-architecture | awk -F- '{ print $NF }')\"; \\\n\twget -O /usr/local/bin/gosu \"https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch\"; \\\n\twget -O /usr/local/bin/gosu.asc \"https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc\"; \\\n\t\\\n# verify the signature\n\texport GNUPGHOME=\"$(mktemp -d)\"; \\\n for server in $(shuf -e ha.pool.sks-keyservers.net \\\n hkp://p80.pool.sks-keyservers.net:80 \\\n keyserver.ubuntu.com \\\n hkp://keyserver.ubuntu.com:80 \\\n pgp.mit.edu) ; do \\\n gpg --keyserver \"$server\" --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 && break || : ; \\\n done && \\\n\tgpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \\\n\trm -r \"$GNUPGHOME\" /usr/local/bin/gosu.asc; \\\n\t\\\n\tchmod +x /usr/local/bin/gosu; \\\n# verify that the binary works\n\tgosu nobody true; \\\n\t\\\n\tapt-get purge -y --auto-remove $fetchDeps\n\n# add mongo repo\nRUN apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 0C49F3730359A14518585931BC711F9BA15703C6 \\\n\t&& echo \"deb [ arch=amd64,arm64 ] http://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/3.4 multiverse\" >> /etc/apt/sources.list.d/mongo.list\n\n\n# install packages\nRUN apt-get update && apt-get install -y \\\n\tbinutils \\\n\tjsvc \\\n\tmongodb-org-server \\\n\topenjdk-8-jre-headless \\\n\t--no-install-recommends \\\n\t&& rm -rf /var/lib/apt/lists/*\n\n# unifi version\n# From: https://www.ubnt.com/download/unifi/\nENV UNIFI_VERSION \"5.12.72\"\n\n# install unifi\nRUN apt-get update && apt-get install -y \\\n\t\tcurl \\\n\t\t--no-install-recommends \\\n\t&& rm -rf /var/lib/apt/lists/* \\\n\t&& curl -o /tmp/unifi.deb -L \"https://dl.ubnt.com/unifi/${UNIFI_VERSION}/unifi_sysvinit_all.deb\" \\\n\t&& dpkg -i /tmp/unifi.deb \\\n\t&& rm -rf /tmp/unifi.deb \\\n\t&& echo \"Build complete.\"\n\nWORKDIR /config\n\n# 3478 - STUN\n# 8080 - device inform (http)\n# 8443 - web management (https)\n# 8843 - guest portal (https)\n# 8880 - guest portal (http)\n# 6789 - throughput / mobile speedtest (tcp)\n# 10001 - device discovery (udp)\n# ref https://help.ubnt.com/hc/en-us/articles/218506997-UniFi-Ports-Used\nEXPOSE 3478/udp 8080 8081 8443 8843 8880 6789 10001/udp\n\nCOPY entrypoint.sh /usr/local/bin/entrypoint.sh\n\nENTRYPOINT [ \"entrypoint.sh\" ]\nCMD [\"java\", \"-Xmx1024M\", \"-jar\", \"/usr/lib/unifi/lib/ace.jar\", \"start\"]\n" }, { "path": "unifi/entrypoint.sh", "content": "#!/bin/bash\nset -e\nset -o pipefail\n\n# Create the folder heirarchy.\nmkdir -p /config/{data,logs,run}\n\n# Create symlinks for the config\nif [[ -L /usr/lib/unifi/data && ! /usr/lib/unifi/data -ef /config/data ]]; then\n\tunlink /usr/lib/unifi/data\nfi\nif [[ -L /usr/lib/unifi/logs && ! /usr/lib/unifi/logs -ef /config/logs ]]; then\n\tunlink /usr/lib/unifi/logs\nfi\nif [[ -L /usr/lib/unifi/run && ! /usr/lib/unifi/run -ef /config/run ]]; then\n\tunlink /usr/lib/unifi/run\nfi\nif [[ ! -L /usr/lib/unifi/data ]]; then\n\tln -s /config/data /usr/lib/unifi/data\nfi\nif [[ ! -L /usr/lib/unifi/logs ]]; then\n\tln -s /config/logs /usr/lib/unifi/logs\nfi\nif [[ ! -L /usr/lib/unifi/run ]]; then\n\tln -s /config/run /usr/lib/unifi/run\nfi\n\n# Generate a key if it doesn't exist.\nif [[ ! -f /config/data/keystore ]]; then\n\tkeytool -genkey -keyalg RSA -alias unifi -keystore /config/data/keystore \\\n\t\t-storepass aircontrolenterprise -keypass aircontrolenterprise -validity 1825 \\\n\t\t-keysize 4096 -dname \"cn=unifi\"\nfi\n\nchown -R unifi:unifi /config /usr/lib/unifi\n\n# shellcheck disable=SC2068\nexec gosu unifi $@\n" }, { "path": "unixbench/Dockerfile", "content": "FROM alpine:latest\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN apk add --no-cache \\\n\tbash \\\n\tcoreutils \\\n\tdateutils \\\n\tgcc \\\n\tmake \\\n\tmusl-dev \\\n\tperl\n\nENV UNIXBENCH_VERSION v5.1.3\n\nRUN set -x \\\n\t&& apk add --no-cache --virtual .build-deps \\\n\t\tca-certificates \\\n\t\tcurl \\\n\t&& mkdir -p /usr/src/unixbench \\\n\t&& curl -sSL \"https://github.com/kdlucas/byte-unixbench/archive/${UNIXBENCH_VERSION}.tar.gz\" | tar -xzC /usr/src/unixbench --strip-components 2 \\\n\t&& chmod +x /usr/src/unixbench/Run \\\n\t&& apk del .build-deps\n\nWORKDIR /usr/src/unixbench\n\nENTRYPOINT [ \"/usr/src/unixbench/Run\" ]\n" }, { "path": "vagrant/Dockerfile", "content": "FROM debian:bullseye-slim\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN\tapt-get update && apt-get install -y \\\n\tbridge-utils \\\n\tca-certificates \\\n\tcurl \\\n\tgcc \\\n\tlibxslt-dev \\\n\tlibxml2-dev \\\n\tlibvirt0 \\\n\tlibvirt-dev \\\n\tmake \\\n\tpkg-config \\\n\tqemu-kvm \\\n\truby-dev \\\n\tssh \\\n\tzlib1g-dev \\\n\t--no-install-recommends \\\n\t&& rm -rf /var/lib/apt/lists/*\n\nENV\tVAGRANT_VERSION 2.2.9\n\n# download the source\nRUN curl -sSL \"https://releases.hashicorp.com/vagrant/${VAGRANT_VERSION}/vagrant_${VAGRANT_VERSION}_x86_64.deb\" -o /tmp/vagrant-amd64.deb \\\n\t&& dpkg -i /tmp/vagrant-amd64.deb \\\n\t&& rm -rf /tmp/*.deb\n\n# install the libvirt plugin\nRUN vagrant plugin install vagrant-libvirt\n\nENTRYPOINT [ \"vagrant\" ]\n" }, { "path": "vault/Dockerfile", "content": "FROM golang:latest as builder\nLABEL maintainer=\"Jessica Frazelle \"\n\nENV PATH /go/bin:/usr/local/go/bin:$PATH\nENV GOPATH /go\n\nRUN apt-get update && apt-get install -y \\\n\tapt-transport-https \\\n\tca-certificates \\\n\tcurl \\\n --no-install-recommends \\\n && rm -rf /var/lib/apt/lists/* \\\n\t&& curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - \\\n\t&& echo \"deb https://dl.yarnpkg.com/debian/ stable main\" | tee /etc/apt/sources.list.d/yarn.list\n\nRUN curl -sL https://deb.nodesource.com/setup_10.x | bash -\n\nRUN apt-get update && apt-get install -y \\\n\tgcc \\\n\tgit \\\n\tg++ \\\n\tmake \\\n\tnodejs \\\n\tpkgconf \\\n\tpython \\\n\tyarn \\\n\tzip \\\n --no-install-recommends \\\n && rm -rf /var/lib/apt/lists/*\n\nENV VAULT_VERSION v1.4.2\n\nRUN go get github.com/hashicorp/vault || true\n\nWORKDIR /go/src/github.com/hashicorp/vault\n\nRUN git checkout \"${VAULT_VERSION}\"\n\nRUN XC_ARCH=\"amd64\" XC_OS=\"linux\" XC_OSARCH=\"linux/amd64\" LD_FLAGS=\" -extldflags -static \" make bootstrap static-dist bin \\\n\t&& mv bin/vault /usr/bin/vault\n\nFROM alpine:latest\n\nCOPY --from=builder /usr/bin/vault /usr/bin/vault\nCOPY --from=builder /etc/ssl/certs/ /etc/ssl/certs\n\nENTRYPOINT [ \"vault\" ]\nCMD [ \"--help\" ]\n" }, { "path": "viewdocs/Dockerfile", "content": "FROM golang:alpine as builder\nMAINTAINER Jessica Frazelle \n\nENV PATH /go/bin:/usr/local/go/bin:$PATH\nENV GOPATH /go\n\nRUN\tapk add --no-cache \\\n\tca-certificates \\\n\tgit\n\nRUN go get github.com/progrium/viewdocs\n\nWORKDIR /go/src/github.com/progrium/viewdocs\n\nRUN CGO_ENABLED=0 go build -a -tags netgo -ldflags '-w -extldflags \"-static\"' -o /usr/bin/viewdocs *.go\n\nFROM scratch\n\nCOPY --from=builder /usr/bin/viewdocs /usr/bin/viewdocs\nCOPY --from=builder /etc/ssl/certs/ /etc/ssl/certs\n\nENTRYPOINT [ \"viewdocs\" ]\nCMD [ \"--help\" ]\n" }, { "path": "virt-viewer/Dockerfile", "content": "FROM debian:sid-slim\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN apt-get update && apt-get install -y \\\n\tlibgl1-mesa-dri \\\n\tlibgl1-mesa-glx \\\n\tvirt-viewer \\\n\t--no-install-recommends \\\n\t&& rm -rf /var/lib/apt/lists/*\n\nENTRYPOINT [\"virt-viewer\", \"-c\", \"qemu:///system\"]\n" }, { "path": "virtualbox/Dockerfile", "content": "# Run virtualbox in a container\n#\n# docker run -d \\\n# \t-v /tmp/.X11-unix:/tmp/.X11-unix \\\n#\t-e DISPLAY=unix$DISPLAY \\\n#\t--privileged \\\n#\t--name virtualbox \\\n#\tjess/virtualbox\n#\n# On first run it will throw an error that you need to\n# recompile the kernel module with: /etc/init.d/vboxdrv setup\n#\n# Here is how you get it to work:\n# copy the files you need for the module from the container that\n# is currently running to your host\n#\n# first the lib:\n# \tdocker cp virtualbox:/usr/lib/virtualbox /usr/lib\n#\n# then the share\n# \tdocker cp virtualbox:/usr/share/virtualbox /usr/share\n#\n# then run the script:\n# \t/usr/lib/virtualbox/vboxdrv.sh setup\n#\n# it will recompile the module, you can then see it in lsmod\n#\n# then you can remove all the shit you copied\n# \trm -rf /usr/share/virtualbox /usr/lib/virtualbox\n#\nFROM debian:buster-slim\nLABEL maintainer \"Jessie Frazelle \"\n\nENV DEBIAN_FRONTEND noninteractive\n\nRUN apt-get update && apt-get install -y \\\n\tlibcurl4 \\\n\tlibvpx5 \\\n\tprocps \\\n\t--no-install-recommends \\\n\t&& rm -rf /var/lib/apt/lists/*\n\nRUN buildDeps=' \\\n\t\tca-certificates \\\n\t\tcurl \\\n\t\tgnupg \\\n\t' \\\n\t&& set -x \\\n\t&& mkdir -p /etc/xdg/QtProject \\\n\t&& apt-get update && apt-get install -y $buildDeps --no-install-recommends \\\n\t&& rm -rf /var/lib/apt/lists/* \\\n\t&& curl -sSL https://www.virtualbox.org/download/oracle_vbox_2016.asc | apt-key add - \\\n\t&& echo \"deb http://download.virtualbox.org/virtualbox/debian buster contrib\" >> /etc/apt/sources.list.d/virtualbox.list \\\n\t&& apt-get update && apt-get install -y \\\n\tvirtualbox-5.2 \\\n\t--no-install-recommends \\\n\t&& apt-get purge -y --auto-remove $buildDeps\n\nENTRYPOINT\t[ \"/usr/bin/virtualbox\" ]\n" }, { "path": "vlc/Dockerfile", "content": "# VLC media player\n#\n# docker run -d \\\n#\t-v /etc/localtime:/etc/localtime:ro \\\n#\t--device /dev/snd \\\n#\t--device /dev/dri \\\n#\t-v /tmp/.X11-unix:/tmp/.X11-unix \\\n#\t-e DISPLAY=unix$DISPLAY \\\n#\t--name vlc \\\n#\tjess/vlc\n#\nFROM debian:bullseye-slim\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN apt-get update && apt-get install -y \\\n\tlibgl1-mesa-dri \\\n\tlibgl1-mesa-glx \\\n\tvlc \\\n\t--no-install-recommends \\\n\t&& rm -rf /var/lib/apt/lists/*\n\nENV HOME /home/vlc\nRUN useradd --create-home --home-dir $HOME vlc \\\n\t&& chown -R vlc:vlc $HOME \\\n\t&& usermod -a -G audio,video vlc\n\nWORKDIR $HOME\nUSER vlc\n\nENTRYPOINT [ \"vlc\" ]\n" }, { "path": "vscode/Dockerfile", "content": "# Visual Studio Code in a container\n#\tNOTE: Needs the redering device (yeah... idk)\n#\n# docker run -d \\\n# -v /tmp/.X11-unix:/tmp/.X11-unix \\\n# -v $HOME:/home/user \\\n# -e DISPLAY=unix$DISPLAY \\\n# --device /dev/dri \\\n# --name vscode \\\n# jess/vscode\n\nFROM debian:bullseye-slim\nLABEL maintainer \"Jessie Frazelle \"\n\n# Tell debconf to run in non-interactive mode\nENV DEBIAN_FRONTEND noninteractive\n\nRUN apt-get update && apt-get install -y \\\n\tapt-transport-https \\\n\tca-certificates \\\n\tcurl \\\n\tgnupg \\\n\t--no-install-recommends\n\n# Add the vscode debian repo\nRUN curl -sSL https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor | apt-key add -\nRUN echo \"deb [arch=amd64] https://packages.microsoft.com/repos/vscode stable main\" > /etc/apt/sources.list.d/vscode.list\n\nRUN apt-get update && apt-get -y install \\\n\tcode \\\n\tgit \\\n\tlibasound2 \\\n\tlibatk1.0-0 \\\n\tlibcairo2 \\\n\tlibcups2 \\\n\tlibexpat1 \\\n\tlibfontconfig1 \\\n\tlibfreetype6 \\\n\tlibgtk2.0-0 \\\n\tlibpango-1.0-0 \\\n\tlibx11-xcb1 \\\n\tlibxcomposite1 \\\n\tlibxcursor1 \\\n\tlibxdamage1 \\\n\tlibxext6 \\\n\tlibxfixes3 \\\n\tlibxi6 \\\n\tlibxrandr2 \\\n\tlibxrender1 \\\n\tlibxss1 \\\n\tlibxtst6 \\\n\topenssh-client \\\n\t--no-install-recommends \\\n\t&& rm -rf /var/lib/apt/lists/*\n\nENV HOME /home/user\nRUN useradd --create-home --home-dir $HOME user \\\n\t&& chown -R user:user $HOME\n\nCOPY start.sh /usr/local/bin/start.sh\n\nWORKDIR $HOME\n\nCMD [ \"start.sh\" ]\n" }, { "path": "vscode/start.sh", "content": "#!/bin/bash\nset -e\nset -o pipefail\n\nsu user -p -c /usr/share/code/code\n" }, { "path": "wargames/Dockerfile", "content": "FROM alpine:latest\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN apk --no-cache add \\\n\tncurses\n\nRUN set -x \\\n\t&& apk add --no-cache --virtual .build-deps \\\n\tca-certificates \\\n\tgcc \\\n\tgit \\\n\tlibc-dev \\\n\tmake \\\n\t&& git clone --depth 1 https://github.com/abs0/wargames.git /tmp/wargames \\\n\t&& ( \\\n\t\tcd /tmp/wargames \\\n\t\t&& make \\\n\t\t&& make install \\\n\t) \\\n\t&& rm -rf /tmp/wargames \\\n\t&& apk del .build-deps\n\nCMD [ \"wargames\" ]\n" }, { "path": "watchtower/Dockerfile", "content": "FROM golang:alpine as builder\nLABEL maintainer \"Jess Frazelle \"\n\nRUN apk --no-cache add \\\n\tca-certificates \\\n\tgcc \\\n\tgit \\\n\tlibc-dev\n\nENV PATH /go/bin:/usr/local/go/bin:$PATH\nENV GOPATH /go\n\nENV WATCHTOWER_VERSION v1.0.2\n\nRUN git clone --depth 1 --branch ${WATCHTOWER_VERSION} https://github.com/containrrr/watchtower /go/src/github.com/containrrr/watchtower\n\nWORKDIR /go/src/github.com/containrrr/watchtower\n\nRUN GO111MODULE=on go build -o /usr/bin/watchtower\n\nFROM alpine:latest\nCOPY --from=builder /usr/bin/watchtower /usr/bin/watchtower\nCOPY --from=builder /etc/ssl/certs/ /etc/ssl/certs\n\nENTRYPOINT [ \"watchtower\" ]\nCMD [ \"--help\" ]\n" }, { "path": "wee-slack/Dockerfile", "content": "# Usage:\n# \tBuilding\n# \t\tdocker build -t wee-slack .\n#\tRunning (no saved state)\n# \t\tdocker run -it \\\n#\t\t\t-v /etc/localtime:/etc/localtime:ro \\ # for your time\n# \t\t\twee-slack\n# \tRunning (saved state)\n# \t\tdocker run -it \\\n#\t\t\t-v /etc/localtime:/etc/localtime:ro \\ # for your time\n# \t\t\t-v \"${HOME}/.weechat:/home/user/.weechat\" \\\n# \t\t\twee-slack\n#\nFROM alpine:latest\n\nRUN apk add --no-cache \\\n\tca-certificates \\\n\tpython \\\n\tpy2-pip \\\n\tweechat \\\n\tweechat-perl \\\n\tweechat-python\n\nRUN pip install websocket-client\n\nENV HOME /home/user\n\nADD https://raw.githubusercontent.com/rawdigits/wee-slack/master/wee_slack.py /home/user/.weechat/python/autoload/wee_slack.py\n\nRUN adduser -S user -h $HOME \\\n\t&& chown -R user $HOME\n\nWORKDIR $HOME\nUSER user\n\nCMD [ \"weechat\" ]\n" }, { "path": "weechat/Dockerfile", "content": "# Run weechat in a container\n#\n# docker run -it \\\n#\t-v $HOME/.weechat/home/user/.weechat \\\n#\t--name weechat \\\n#\tjess/weechat\n#\n\nFROM alpine:latest\n\nRUN apk add --no-cache \\\n\tweechat \\\n\tweechat-perl \\\n\tweechat-python \\\n\tpython\n\nARG RUNTIME_UID\nENV RUNTIME_UID ${UID:-1000}\nENV HOME /home/user\n\nRUN adduser -D user -u ${RUNTIME_UID} \\\n\t&& chown -R user $HOME\n\nWORKDIR $HOME\nUSER user\n\nENTRYPOINT [ \"weechat\" ]\n" }, { "path": "weechat-matrix/Dockerfile", "content": "# Usage:\n# \tBuilding\n# \t\tdocker build -t weechat-matrix .\n#\tRunning (no saved state)\n# \t\tdocker run -it \\\n#\t\t\t-v /etc/localtime:/etc/localtime:ro \\ # for your time\n# \t\t\tweechat-matrix\n# \tRunning (saved state)\n# \t\tdocker run -it \\\n#\t\t\t-v /etc/localtime:/etc/localtime:ro \\ # for your time\n# \t\t\t-v \"${HOME}/.weechat:/home/user/.weechat\" \\\n# \t\t\tweechat-matrix\n#\nFROM alpine:latest\n\nRUN apk add --no-cache \\\n\tbuild-base \\\n\tca-certificates \\\n\tgit \\\n\tlibffi-dev \\\n\tlibressl-dev \\\n\tolm-dev \\\n\tpython3 \\\n\tpython3-dev \\\n\tpy3-pip \\\n\tweechat \\\n\tweechat-perl \\\n\tweechat-python \\\n\t--repository https://dl-4.alpinelinux.org/alpine/edge/community\n\nENV HOME /home/user\n\nRUN adduser -S user -h $HOME \\\n\t&& chown -R user $HOME \\\n\t&& cd $HOME \\\n\t&& git clone https://github.com/poljar/weechat-matrix.git \\\n\t&& cd weechat-matrix \\\n\t&& pip3 install -r requirements.txt \\\n\t&& pip3 install websocket-client \\\n\t&& make install \\\n\t&& chown -R user $HOME\n\nWORKDIR $HOME\nUSER user\n\nCMD [ \"weechat\" ]\n" }, { "path": "wine/Dockerfile", "content": "# Wine docker image base\nFROM debian:sid-slim\nLABEL maintainer \"Jessie Frazelle \"\n\n# install wine\nRUN echo \"deb http://deb.debian.org/debian sid main contrib\" > /etc/apt/sources.list \\\n\t&& apt-get update && apt-get install -y \\\n\tapt-transport-https \\\n\tcabextract \\\n\tca-certificates \\\n\tcurl \\\n\tgnupg2 \\\n\tfonts-wine \\\n\twinetricks \\\n\t--no-install-recommends && \\\n\tcurl -sSL \"https://dl.winehq.org/wine-builds/winehq.key\" | apt-key add - \\\n\t&& echo \"deb https://dl.winehq.org/wine-builds/debian/ bullseye main\" >> /etc/apt/sources.list \\\n\t&& dpkg --add-architecture i386 && \\\n\tapt-get update && \\\n\tapt-get install -y \\\n\tlibwine \\\n\twinehq-staging \\\n\t--no-install-recommends \\\n\t&& rm -rf /var/lib/apt/lists/*\n\nENV HOME /root\nWORKDIR $HOME\n" }, { "path": "wireguard/install/Dockerfile", "content": "# Usage:\n#\n# This uses a custom installs a kernel module hence the mounts\n\n# docker run --rm -it \\\n# \t--name wireguard \\\n# \t-v /lib/modules:/lib/modules \\\n# \t-v /usr/src:/usr/src:ro \\\n# \tr.j3ss.co/wireguard:install\n#\nFROM debian:sid-slim\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN apt update && apt -y install \\\n\tbuild-essential \\\n\tca-certificates \\\n\tgit \\\n\tkmod \\\n\tlibelf-dev \\\n\tlibmnl-dev \\\n\tpkg-config \\\n\t--no-install-recommends \\\n\t&& rm -rf /var/lib/apt/lists/*\n\n# https://git.zx2c4.com/wireguard-linux-compat/\nENV WIREGUARD_VERSION v1.0.20200520\n# https://git.zx2c4.com/wireguard-tools\nENV WIREGUARD_TOOLS_VERSION v1.0.20200513\n\nRUN set -x \\\n\t&& git clone --depth 1 --branch \"${WIREGUARD_VERSION}\" https://git.zx2c4.com/wireguard-linux-compat.git /wireguard \\\n\t&& git clone --depth 1 --branch \"${WIREGUARD_TOOLS_VERSION}\" https://git.zx2c4.com/wireguard-tools.git /wireguard-tools \\\n\t&& ( \\\n\t\tcd /wireguard-tools/src \\\n\t\t&& make -j$(nproc) \\\n\t\t&& make install \\\n\t\t&& make clean \\\n\t)\n\nCOPY entrypoint.sh /usr/local/bin/entrypoint.sh\n\nENTRYPOINT [ \"/usr/local/bin/entrypoint.sh\" ]\nCMD [ \"wg\", \"--help\" ]\n" }, { "path": "wireguard/install/entrypoint.sh", "content": "#!/bin/sh\nset -e\n\n(\ncd /wireguard/src\necho \"Building the wireguard kernel module...\"\nmake module\necho \"Installing the wireguard kernel module...\"\nmake module-install\necho \"Cleaning up...\"\nmake clean\n)\n\necho \"Successfully built and installed the wireguard kernel module!\"\n\n# shellcheck disable=SC2068\nexec $@\n" }, { "path": "wireguard/tools/Dockerfile", "content": "FROM debian:sid-slim\n\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN apt update && apt -y install \\\n\tca-certificates \\\n\tlibmnl-dev \\\n\t--no-install-recommends \\\n\t&& rm -rf /var/lib/apt/lists/*\n\nCOPY --from=r.j3ss.co/wireguard:install /usr/bin/wg /usr/bin/wg\nCOPY --from=r.j3ss.co/wireguard:install /usr/share/man/man8/wg.8 /usr/share/man/man8/wg.8\n\nENTRYPOINT [\"wg\"]\nCMD [\"--help\"]\n" }, { "path": "wireshark/Dockerfile", "content": "# Run wireshark in a container\n#\n# docker run -d \\\n#\t-v /etc/localtime:/etc/localtime:ro \\\n#\t-v /tmp/.X11-unix:/tmp/.X11-unix \\\n#\t-e DISPLAY=unix$DISPLAY \\\n#\t--name wireshark \\\n#\tjess/wireshark\n#\nFROM ubuntu:16.04\nLABEL maintainer \"Jessie Frazelle \"\n\nENV DEBIAN_FRONTEND=noninteractive\nRUN apt-get update && apt-get install -y \\\n\tsoftware-properties-common \\\n\t--no-install-recommends && \\\n\tadd-apt-repository ppa:wireshark-dev/stable && \\\n\tapt-get update && \\\n\tapt-get install -y \\\n\twireshark \\\n\t&& rm -rf /var/lib/apt/lists/*\n\nENV HOME /home/wireshark\nRUN useradd --create-home --home-dir $HOME wireshark \\\n\t&& chown -R wireshark:wireshark $HOME\n\nRUN chown root:wireshark /usr/bin/dumpcap \\\n\t&& setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /usr/bin/dumpcap\n\nUSER wireshark\n\nWORKDIR wireshark\n\nENTRYPOINT\t[ \"wireshark\" ]\n" }, { "path": "wrk/Dockerfile", "content": "FROM alpine:latest\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN apk --no-cache add \\\n\tca-certificates \\\n\twrk\n\nCMD [ \"wrk\" ]\n" }, { "path": "ykman/Dockerfile", "content": "# Run ykpersonalize in a container\n#\n# docker run --rm -it \\\n# \t--device /dev/bus/usb \\\n# \t--device /dev/usb\n#\t--name ykpersonalize \\\n#\tjess/ykpersonalize\n#\nFROM ubuntu:16.04\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN apt-get update && apt-get install -y \\\n\tpcscd \\\n\tprocps \\\n\tsoftware-properties-common \\\n\t--no-install-recommends && \\\n\tadd-apt-repository ppa:yubico/stable && \\\n\tapt-get update && apt-get install -y \\\n\tyubikey-manager \\\n\t&& rm -rf /var/lib/apt/lists/*\n\nENV LC_ALL=C.UTF-8 LANG=C.UTF-8\n\nWORKDIR /root/\n\nCOPY entrypoint.sh /usr/local/bin/\n\nENTRYPOINT [ \"/usr/local/bin/entrypoint.sh\" ]\nCMD [ \"ykman\", \"--help\" ]\n" }, { "path": "ykman/entrypoint.sh", "content": "#!/bin/bash\nset -e\nset -o pipefail\n\ninit(){\n\tlocal pcscd_running\n\tpcscd_running=$(pgrep pcscd)\n\tif [ -z \"$pcscd_running\" ]; then\n\t\techo \"starting pcscd in backgroud\"\n\t\tpcscd --debug --apdu\n\t\tpcscd --hotplug\n\telse\n\t\techo \"pcscd is running in already: ${pcscd_running}\"\n\tfi\n}\n\ninit\n\n\"$@\"\n" }, { "path": "ykpersonalize/Dockerfile", "content": "# Run ykpersonalize in a container\n#\n# docker run --rm -it \\\n# \t--device /dev/bus/usb \\\n# \t--device /dev/usb\n#\t--name ykpersonalize \\\n#\tjess/ykpersonalize\n#\nFROM ubuntu:16.04\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN apt-get update && apt-get install -y \\\n\tsoftware-properties-common \\\n\t--no-install-recommends && \\\n\tadd-apt-repository ppa:yubico/stable && \\\n\tapt-get update && apt-get install -y \\\n\tca-certificates \\\n\tcurl \\\n\tlibjson0 \\\n\tlibusb-1.0-0 \\\n\tlibyubikey0 \\\n\tpcscd \\\n\tprocps \\\n\tusbutils \\\n\tyubikey-personalization \\\n\tyubico-piv-tool \\\n\t&& rm -rf /var/lib/apt/lists/*\n\nWORKDIR /root/\n\nCOPY entrypoint.sh /usr/local/bin/\n\nENTRYPOINT [ \"/usr/local/bin/entrypoint.sh\" ]\nCMD [ \"ykpersonalize\", \"--help\" ]\n" }, { "path": "ykpersonalize/entrypoint.sh", "content": "#!/bin/bash\nset -e\nset -o pipefail\n\ninit(){\n\tlocal pcscd_running\n\tpcscd_running=$(pgrep pcscd)\n\tif [ -z \"$pcscd_running\" ]; then\n\t\techo \"starting pcscd in backgroud\"\n\t\tpcscd --debug --apdu\n\t\tpcscd --hotplug\n\telse\n\t\techo \"pcscd is running in already: ${pcscd_running}\"\n\tfi\n}\n\ninit\n\n\"$@\"\n" }, { "path": "yubico-piv-tool/Dockerfile", "content": "# Run yubico-piv-tool in a container\n#\n# docker run --rm -it \\\n# \t--device /dev/bus/usb \\\n# \t--device /dev/usb\n#\t--name yubico-piv-tool \\\n#\tjess/yubico-piv-tool\n#\nFROM ubuntu:16.04\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN apt-get update && apt-get install -y \\\n\tsoftware-properties-common \\\n\t--no-install-recommends && \\\n\tadd-apt-repository ppa:yubico/stable && \\\n\tapt-get update && apt-get install -y \\\n\tpcscd \\\n\tprocps \\\n\tusbutils \\\n\tyubico-piv-tool \\\n\t&& rm -rf /var/lib/apt/lists/*\n\nWORKDIR /root/\n\nCOPY entrypoint.sh /usr/local/bin/\n\nENTRYPOINT [ \"/usr/local/bin/entrypoint.sh\" ]\nCMD [ \"yubico-piv-tool\", \"--help\" ]\n" }, { "path": "yubico-piv-tool/entrypoint.sh", "content": "#!/bin/bash\nset -e\nset -o pipefail\n\ninit(){\n\tlocal pcscd_running\n\tpcscd_running=$(pgrep pcscd)\n\tif [ -z \"$pcscd_running\" ]; then\n\t\techo \"starting pcscd in backgroud\"\n\t\tpcscd --debug --apdu\n\t\tpcscd --hotplug\n\telse\n\t\techo \"pcscd is running in already: ${pcscd_running}\"\n\tfi\n}\n\ninit\n\n\"$@\"\n" }, { "path": "znc/Dockerfile", "content": "# Run znc in a container\n#\n# docker run --restart always -d \\\n#\t--name znc \\\n#\t-p 6697:6697 \\\n#\t-v /volumes/znc:/home/user/.znc \\\n#\tjess/znc\n#\nFROM alpine:latest\nLABEL maintainer \"Jessie Frazelle \"\n\nRUN apk add --no-cache \\\n\tca-certificates \\\n\tglib \\\n\tperl \\\n\tperl-datetime \\\n\tperl-libwww\n\nENV HOME /home/user\nRUN adduser -u 1001 -D user \\\n\t&& chown -R user:user $HOME\n\nENV LANG C.UTF-8\n\nENV ZNC_VERSION 1.8.1-rc1\n\nRUN set -x \\\n\t&& apk add --no-cache --virtual .build-deps \\\n\t\tbuild-base \\\n\t\tcurl \\\n\t\tlibressl-dev \\\n\t\tperl-dev \\\n\t\ttar \\\n\t&& curl -sSL \"http://znc.in/releases/znc-${ZNC_VERSION}.tar.gz\" -o /tmp/znc.tar.gz \\\n\t&& mkdir -p /usr/src/znc \\\n\t&& tar -xzf /tmp/znc.tar.gz -C /usr/src/znc --strip-components 1 \\\n\t&& rm /tmp/znc.tar.gz* \\\n\t&& ( \\\n\t\tcd /usr/src/znc \\\n\t\t&& ./configure \\\n\t\t&& make -j8 \\\n\t\t&& make install \\\n\t) \\\n\t&& rm -rf /usr/src/znc \\\n\t&& runDeps=\"$( \\\n\t\tscanelf --needed --nobanner --recursive /usr \\\n\t\t\t| awk '{ gsub(/,/, \"\\nso:\", $2); print \"so:\" $2 }' \\\n\t\t\t| sort -u \\\n\t\t\t| xargs -r apk info --installed \\\n\t\t\t| sort -u \\\n\t)\" \\\n\t&& apk add --no-cache --virtual .irssi-rundeps $runDeps \\\n\t&& apk del .build-deps\n\nWORKDIR $HOME\nUSER user\n\nENTRYPOINT [ \"znc\" ]\nCMD [ \"-f\" ]\n" }, { "path": "zookeeper/3.4/Dockerfile", "content": "FROM openjdk:8-alpine\n\nENV ZOOKEEPER_VERSION 3.4.14\nENV PATH $PATH:/opt/zookeeper/bin/\n\n# the start files for zookeeper use bash\nRUN apk --no-cache add \\\n\tbash\n\nRUN buildDeps=' \\\n\t\tcurl \\\n\t' \\\n\t&& echo \"==> Installing dependencies...\" \\\n\t&& apk --no-cache add --virtual build-deps $buildDeps \\\n\t&& echo \"==> Downloading Zookeeper...\" \\\n\t&& mkdir -p /opt \\\n\t&& curl -sSL \"http://apache.osuosl.org/zookeeper/zookeeper-${ZOOKEEPER_VERSION}/zookeeper-${ZOOKEEPER_VERSION}.tar.gz\" | tar -xzf - -C /opt \\\n\t&& mv /opt/zookeeper-${ZOOKEEPER_VERSION} /opt/zookeeper \\\n\t&& cp /opt/zookeeper/conf/zoo_sample.cfg /opt/zookeeper/conf/zoo.cfg \\\n\t&& apk del build-deps\n\nENTRYPOINT [\"zkServer.sh\", \"start-foreground\"]\n" }, { "path": "zookeeper/3.6/Dockerfile", "content": "FROM openjdk:8-alpine\n\nENV ZOOKEEPER_VERSION 3.6.1\nENV PATH $PATH:/opt/zookeeper/bin/\n\n# the start files for zookeeper use bash\nRUN apk --no-cache add \\\n\tbash\n\nRUN buildDeps=' \\\n\t\tcurl \\\n\t\ttar \\\n\t' \\\n\t&& echo \"==> Installing dependencies...\" \\\n\t&& apk --no-cache add --virtual build-deps $buildDeps \\\n\t&& echo \"==> Downloading Zookeeper...\" \\\n\t&& mkdir -p /opt \\\n\t&& curl -sSL \"http://apache.osuosl.org/zookeeper/zookeeper-${ZOOKEEPER_VERSION}/apache-zookeeper-${ZOOKEEPER_VERSION}-bin.tar.gz\" | tar -xzf - -C /opt \\\n\t&& mv /opt/apache-zookeeper-${ZOOKEEPER_VERSION}-bin /opt/zookeeper \\\n\t&& cp /opt/zookeeper/conf/zoo_sample.cfg /opt/zookeeper/conf/zoo.cfg \\\n\t&& apk del build-deps\n\nENTRYPOINT [\"zkServer.sh\", \"start-foreground\"]\n" }, { "path": "zoom-us/Dockerfile", "content": "# docker run -d --rm \\\n# \t-v /tmp/.X11-unix:/tmp/.X11-unix \\\n# \t-e DISPLAY=unix\\$DISPLAY \\\n#\t--device /dev/video0 \\\n#\t--device /dev/snd:/dev/snd \\\n#\t--device /dev/dri \\\n#\t-v /dev/shm:/dev/shm \\\n#\tjess/zoom-us\n\nFROM debian:sid-slim\n\nENV DEBIAN_FRONTEND noninteractive\n\n# Dependencies for the client .deb\nRUN apt-get update && apt-get install -y \\\n\tca-certificates \\\n\tcurl \\\n\tdesktop-file-utils \\\n\tibus \\\n\tibus-gtk \\\n\tlib32z1 \\\n\tlibx11-6 \\\n\tlibasound2-dev \\\n\tlibegl1-mesa \\\n\tlibxcb-shm0 \\\n\tlibglib2.0-0 \\\n\tlibgl1-mesa-glx \\\n\tlibxrender1 \\\n\tlibxcomposite1 \\\n\tlibxslt1.1 \\\n\tlibgstreamer1.0-dev \\\n\tlibgstreamer-plugins-base1.0-dev \\\n\tlibxi6 \\\n\tlibsm6 \\\n\tlibfontconfig1 \\\n\tlibpulse0 \\\n\tlibsqlite3-0 \\\n\tlibxcb-shape0 \\\n\tlibxcb-xfixes0 \\\n\tlibxcb-randr0 \\\n\tlibxcb-image0 \\\n\tlibxcb-keysyms1 \\\n\tlibxcb-xtest0 \\\n\tlibxtst6 \\\n\tlibnss3 \\\n\tlibxss1 \\\n\tsudo \\\n\t--no-install-recommends \\\n\t&& rm -rf /var/lib/apt/lists/*\n\nARG ZOOM_URL=https://zoom.us/client/latest/zoom_amd64.deb\n\n#install zoom\nRUN curl -sSL $ZOOM_URL -o /tmp/zoom_setup.deb \\\n\t&& dpkg -i /tmp/zoom_setup.deb \\\n\t&& apt-get -f install \\\n\t&& rm /tmp/zoom_setup.deb \\\n\t&& rm -rf /var/lib/apt/lists/*\n\nWORKDIR /usr/bin\nCMD [ \"./zoom\" ]\n" }, { "path": "zsh/.zshrc", "content": "" }, { "path": "zsh/Dockerfile", "content": "FROM alpine:latest\n\nCOPY ./.zshrc /root/.zshrc\n\nRUN apk --no-cache add \\\n\tshadow \\\n\tzsh \\\n\t&& chsh -s /bin/zsh || true\n\nENV SHELL /usr/bin/zsh\n\nWORKDIR /root\nENTRYPOINT [\"/bin/zsh\"]\n" } ]