HistoryPurge

2024-10-24 23:02:19 +08:00 · 2024-10-24 23:02:19 +08:00 · 5febeb6fd9
commit 5febeb6fd9
153 changed files with 4560 additions and 0 deletions
--- a/12
+++ b/12
@ -0,0 +1,12 @@
 BSD Zero Clause License
 Permission to use, copy, modify, and/or distribute this software for any
 purpose with or without fee is hereby granted.
 THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH
 REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
 AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT,
 INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
 LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
 OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 PERFORMANCE OF THIS SOFTWARE.
--- a/README.md
+++ b/README.md
@ -0,0 +1,8 @@
 Collection of Dockerfiles
 ## docker on macvlan
 On Linux, docker macvlan driver can be used to simplify routing. To create a macvlan network:
 ```bash
 docker network create -d macvlan --subnet=192.168.86.0/24 --ip-range=192.168.86.96/27 --gateway=192.168.86.1 -o parent=enp7s0f1 macvlan
 ```
--- a/alpine/adminer/Dockerfile
+++ b/alpine/adminer/Dockerfile
@ -0,0 +1,10 @@
 FROM alpine:latest
 LABEL description="adminer on alpine"
 LABEL maintainer="racken@one27.cf"
 ENV container docker
 RUN apk update; apk add bash tini php8-pdo_mysql php8-fpm nginx php8-session supervisor
 RUN mkdir -p /var/www/html /etc/supervisor.d
 COPY nginx-default.conf /etc/nginx/http.d/default.conf
 RUN wget https://github.com/vrana/adminer/releases/download/v4.8.1/adminer-4.8.1-mysql-en.php -O /var/www/html/adminer.php
 COPY run.ini /etc/supervisor.d/run.ini
 CMD ["/usr/bin/supervisord", "-n"]
--- a/alpine/adminer/nginx-default.conf
+++ b/alpine/adminer/nginx-default.conf
@ -0,0 +1,19 @@
 server {
 	listen 80 default_server;
 	listen [::]:80 default_server;
 	root /var/www/html;
 	# You may need this to prevent return 404 recursion.
 	location = /404.html {
 		internal;
 	}
  location ~ [^/]\.php(/|$) {
    fastcgi_split_path_info ^(.+?\.php)(/.*)$;
    fastcgi_param HTTP_PROXY "";
    fastcgi_pass 127.0.0.1:9000;
    fastcgi_param SCRIPT_FILENAME  $document_root$fastcgi_script_name;
    fastcgi_index index.php;
    include fastcgi_params;
  }
 }
--- a/alpine/adminer/run.ini
+++ b/alpine/adminer/run.ini
@ -0,0 +1,10 @@
 [program:nginx]
 command=/usr/sbin/nginx -g 'daemon off;'
 autostart=true
 autorestart=true
 [program:phpfpm]
 command=/usr/sbin/php-fpm8 -F
 autostart=true
 autorestart=true
--- a/alpine/aliyuncli/Dockerfile
+++ b/alpine/aliyuncli/Dockerfile
@ -0,0 +1,9 @@
 # aliyuncli requires python2
 FROM alpine:3.10
 ENV container docker
 RUN apk update; apk upgrade; apk add py2-pip jq bash gcc libc-dev python2-dev libffi-dev rust cargo openssl-dev py2-cryptography sqlite
 RUN pip install aliyuncli aliyun-python-sdk-ecs aliyun-python-sdk-nas aliyun-python-sdk-ram aliyun-python-sdk-slb aliyun-python-sdk-rds
 COPY get-instances.sh /root/get-instances.sh
 COPY ec2-matching.sh /root/ec2-matching.sh
 RUN chmod 755 /root/*.sh
 ENTRYPOINT ["/bin/bash"]
--- a/alpine/aliyuncli/README.md
+++ b/alpine/aliyuncli/README.md
@ -0,0 +1,17 @@
 # Authentication
 ```
 $ aliyuncli  configure
 Aliyun Access Key ID [None]: 
 Aliyun Access Key Secret [None]: 
 Default Region Id [None]: cn-hongkong
 Default output format [None]: 
 ```
 # Sample usage
 /root/get-instances.sh
 # More aliyuncli usage
 ```
 aliyuncli  ecs DescribeInstances --MaxResults 100 | jq -cr '.Instances.Instance[] | [.InstanceName,.InstanceType,.CpuOptions.CoreCount,.Memory,.OSType,.InstanceId,.OSNameEn,.ZoneId] | @csv'
 aliyuncli  ecs DescribeDisks --MaxResults 200 | jq -cr '.Disks.Disk[] | [.InstanceId, .Size, .ZoneId] | @csv'
 ```
--- a/alpine/aliyuncli/ec2-matching.sh
+++ b/alpine/aliyuncli/ec2-matching.sh
@ -0,0 +1,33 @@
 #!/bin/bash
 cat <<EOF > /tmp/ec2-raw.txt
 m5.large	2	8	
 m5.xlarge	4	16
 m5.2xlarge	8	32
 m5.4xlarge	16	64
 m5.8xlarge	32	128
 c5.large	2	4	
 c5.xlarge	4	8
 c5.2xlarge	8	16
 c5.4xlarge	16	32	
 c5.9xlarge	36	72	
 c5.12xlarge	48	96
 r5.large	2	16
 r5.xlarge	4	32
 r5.2xlarge	8	64
 r5.4xlarge	16	128
 r5.8xlarge	32	256
 EOF
 if [ ! -f ec2-size-match.db ]; then
 echo "create table instances(instance varchar(30), cpu int, ram int)" | sqlite3 ec2-size-match.db
 cat /tmp/ec2-raw.txt | while read a b c; do
 echo "insert into instances values(\"$a\", \"$b\", \"$c\");" | sqlite3 ec2-size-match.db
 done
 fi
 RESULT=$(echo "select instance from instances where cpu = \"$1\" and ram = \"$2\";" | sqlite3 ec2-size-match.db)
 if [ -z "$RESULT" ]; then
 echo manual-match
 else
 echo $RESULT
 fi 
--- a/alpine/aliyuncli/get-instances.sh
+++ b/alpine/aliyuncli/get-instances.sh
@ -0,0 +1,15 @@
 #!/bin/bash
 echo "InstanceName","InstanceSize","vcpu","ram","OS","InstanceId","OSVersion","Location","TotalDiskSize","MatchingEC2"
 aliyuncli ecs DescribeInstances --MaxResults 100 | \
 jq -cr '.Instances.Instance[] | [.InstanceName,.InstanceType,.Cpu,.Memory,.OSType,.InstanceId,.OSNameEn,.ZoneId] | @csv' \
 > /tmp/instances.csv
 aliyuncli ecs DescribeDisks --MaxResults 200 | jq -cr '.Disks.Disk[] | [.Size,.InstanceId] | @csv' > /tmp/disks.csv
 cat /tmp/instances.csv | while read l; do
 i=$(echo $l | awk -F, '{print $6}')
 DISK=$(grep $i /tmp/disks.csv | awk -F, '{SUM+=$1}; END {print SUM}')
 CPU=$(echo $l | awk -F, '{print $3}')
 RAM=$(echo $l | awk -F, '{print $4/1024}')
 echo -n "$l,$DISK,"
 ./ec2-matching.sh $CPU $RAM
 done
--- a/alpine/azcli/Dockerfile
+++ b/alpine/azcli/Dockerfile
@ -0,0 +1,7 @@
 FROM alpine:latest
 ENV container docker
 RUN apk update; apk add python3 py3-apipkg gcc python3-dev linux-headers libffi libffi-dev py3-cffi musl-dev openssl-dev jq make bash
 RUN pip3 install azure-cli
 ENV PS1 "azcli-2.0.80 $ "
 ENTRYPOINT ["/bin/bash"]
--- a/alpine/azcli/build.sh
+++ b/alpine/azcli/build.sh
@ -0,0 +1 @@
 docker build --network macvlan -t alpine/azcli .
--- a/alpine/dante/Dockerfile
+++ b/alpine/dante/Dockerfile
@ -0,0 +1,10 @@
 FROM alpine:latest
 LABEL description="Dante socks5 server"
 LABEL maintainer="xpk@headdesk.me"
 ENV container docker
 RUN apk update; apk add tini dante-server dante
 #RUN addgroup -g 3000 ctnuser && adduser -u 3000 -G ctnuser -D ctnuser
 #USER ctnuser
 COPY sockd.conf /etc/sockd.conf
 ENTRYPOINT ["/sbin/tini", "--"]
 CMD ["/usr/sbin/sockd"]
--- a/alpine/dante/build.sh
+++ b/alpine/dante/build.sh
@ -0,0 +1,2 @@
 export DOCKER_BUILDKIT=1
 docker build --network host -t alpine/dante .
--- a/alpine/dante/restart.sh
+++ b/alpine/dante/restart.sh
@ -0,0 +1,2 @@
 docker rm -f sockd
 ./start.sh
--- a/alpine/dante/sockd.conf
+++ b/alpine/dante/sockd.conf
@ -0,0 +1,30 @@
 # logoutput: stdout
 errorlog: stderr
 #user.privileged: root
 user.unprivileged: nobody
 # The listening network interface or address.
 internal: 0.0.0.0 port=11080
 # The proxying network interface or address.
 external: eth0
 # socks-rules determine what is proxied through the external interface.
 # The default of "none" permits anonymous access.
 socksmethod: none
 # client-rules determine who can connect to the internal interface.
 # The default of "none" permits anonymous access.
 clientmethod: none
 client pass {
        from: 192.168.86.0/24 to: 0.0.0.0/0
        log: connect disconnect error
 }
 socks pass {
        from: 192.168.86.0/24 to: 0.0.0.0/0
        log: connect disconnect error
 }
--- a/alpine/dante/start.sh
+++ b/alpine/dante/start.sh
@ -0,0 +1,2 @@
 #!/bin/bash
 docker run -d --name sockd --network macvlan --cpus 2 --memory 1g --restart always --ip 192.168.86.18 alpine/dante
--- a/alpine/ebcli/Dockerfile
+++ b/alpine/ebcli/Dockerfile
@ -0,0 +1,10 @@
 FROM alpine:latest
 LABEL description="AWS ebcli on Alpine"
 LABEL maintainer="racken@one27.cf"
 ENV container docker
 RUN apk add python openssl wget curl git bash gcc make musl-dev zlib-dev libffi-dev bzip2-dev openssl-dev readline-dev
 RUN git clone https://github.com/aws/aws-elastic-beanstalk-cli-setup.git
 RUN ./aws-elastic-beanstalk-cli-setup/scripts/bundled_installer
 RUN /root/.pyenv/versions/3.7.2/bin/pip install awscli
 ENV PATH="/root/.ebcli-virtual-env/executables:/root/.pyenv/versions/3.7.2/bin:$PATH"
 CMD ["/bin/bash"]
--- a/alpine/ebcli/Dockerfile-new
+++ b/alpine/ebcli/Dockerfile-new
@ -0,0 +1,10 @@
 LABEL maintainer="racken@one27.cf"
 LABEL description="AWS ebcli on Alpine"
 FROM alpine:latest
 ENV container docker
 RUN apk add python openssl wget curl git bash gcc make musl-dev zlib-dev libffi-dev bzip2-dev openssl-dev readline-dev
 RUN git clone https://github.com/aws/aws-elastic-beanstalk-cli-setup.git
 RUN ./aws-elastic-beanstalk-cli-setup/scripts/bundled_installer
 RUN /root/.pyenv/versions/3.7.2/bin/pip install awscli
 ENV PATH="/root/.ebcli-virtual-env/executables:/root/.pyenv/versions/3.7.2/bin:$PATH"
 CMD ["/bin/bash"]
--- a/alpine/flarectl/Dockerfile
+++ b/alpine/flarectl/Dockerfile
@ -0,0 +1,8 @@
 FROM alpine:latest
 # Set a working directory
 RUN apk add go bash jq
 RUN go install github.com/cloudflare/cloudflare-go/cmd/flarectl@latest
 RUN echo "export PATH=/root/go/bin:$PATH" >> /root/.bashrc
 ENTRYPOINT [ "/bin/bash" ]
--- a/alpine/flarectl/README.md
+++ b/alpine/flarectl/README.md
@ -0,0 +1,9 @@
 # Usage:
 ```
 export CF_API_KEY=xxx
 export CF_API_EMAIL=yyy
 flarectl dns l --zone your-domain.com
 ```
 # Reference:
 https://pkg.go.dev/github.com/cloudflare/cloudflare-go/cmd/flarectl#section-readme
--- a/alpine/flarectl/monitoring.sh
+++ b/alpine/flarectl/monitoring.sh
@ -0,0 +1,9 @@
 cfcli zones -f json | jq -cr '.[] | .name,.id' | paste - -  | awk '{print $1,$2}' | while read d k; do
 cfcli ls -d $d -f json  | jq -cr '.[] | select(.type == "A") | .name' | while read s; do
 echo curl -X POST \"https://api.cloudflare.com/client/v4/zones/$k/healthchecks\" \
     -H \"X-Auth-Email: ken.fong@rackspace.com\" \
     -H \"X-Auth-Key: xxx\" \
     -H \"Content-Type: application/json\" \
     --data \'\{\"name\":\"site-monitor\",\"description\":\"Health check\",\"check_regions\":[\"SEAS\"],\"type\":\"HTTPS\",\"consecutive_successes\":1,\"consecutive_fails\":2,\"http_config\":\{\"method\":\"GET\",\"port\":443,\"path\":\"/\",\"expected_codes\":[\"200\"],\"follow_redirects\":true,\"allow_insecure\":false,\"timeout\":5,\"retries\":2,\"interval\":60,\"address\":\"$s\"\}\'
 done    
 done
--- a/alpine/flarectl/setenv-cl.sh.asc
+++ b/alpine/flarectl/setenv-cl.sh.asc
@ -0,0 +1,17 @@
 -----BEGIN PGP MESSAGE-----
 Comment: To decrypt, save the entire message to a file and then run gpg -d <file>
 hQGMA3pyazT9EturAQwA1qGGGxhOFYt5ibmXHxS6TzVO1ETRF3bzv8Zk2u3Yg1fn
 FBa3Vsqnar4KFHxWhc1nNA3qqR4+RXLgSe9Uq9nUiJ2XYLqysqbD9LnMdSKLWTWW
 XY8jkQMHlQ5esHxx4N7aiztaCr1Ga/yT4d2zPrWeUMm75iZhpXE4K/0IR97GssaP
 neH5zMbTQq60M4Umcx9HJyIfI9t6vcP9dGw+OyB5aqCgyGZMmfGMdfGLGrhJu3Nz
 LA+0rZ6iotM1YDX4WOFP0+IfGqSffceeDdVJUVsZUAp5eDQUbTsJyGtS43LGzZ1X
 1ith1Sm2lDAX0yH0v06GGPQYptlF1g7JcwQMEc96wQbl78/mjqA6owU/N7zHjs6E
 xdEVKg4CIkDHf4q7e961MXoKcDt9LBpzIm4osGF0PAVcQFJezyyCe3fUPBsHwJ0C
 L6SugTZe6AjiVRG/vhXieYD01z9fPPX7m66w+0mqfYQ9rVWVXjImBJR37ApvIyfJ
 ic0SA18Sbrj+i4CevLGo0p8B+hZe5A5hG9WzVa30Z+ubOWB7lJLm59vP6tzTFqUa
 9vOQC/8jSs5z6NVEqlxBijdvWs5oIyzC8Ufc+62DchdPVq85bRDuma6/KagpI7Hy
 4bzm9eNBz+pk7dJl0XybGnFvwpTISzN3ZtWazwtvhFzZSUt/zY0ZiZOLxjAUnwO4
 FrHaT/3Cs7gPuIDg/rIg9q3GLuh7RHd7ZhoBxdbammQ=
 =bzPr
 -----END PGP MESSAGE-----
--- a/alpine/flarectl/setenv-rs.sh.asc
+++ b/alpine/flarectl/setenv-rs.sh.asc
@ -0,0 +1,17 @@
 -----BEGIN PGP MESSAGE-----
 Comment: To decrypt, save the entire message to a file and then run gpg -d <file>
 hQGMA3pyazT9EturAQv+Jek+09cSCj1XccwH37c3deVa2UFHB1p1oI7B4iRLkaKH
 CBzQCUR4f0W7DI9AwBbmd21OHzirgfs9S1UL/ygHQPukNI8D3esRKq6dCMLyctHQ
 MG/q1MvRQVF4EtHmFkQoChnGEQBmpREv2xaEzOPNM7RyDZk6vktplUfGDKW78jB6
 oORrAyIMI+kKFG7QI5Zx8XlZWh1+IueXUybK040InVck9t5ge3cvMIgtvnSh4bng
 9X7ZhLKopURGrniNNNjO2i9aD3+jDJu/LFkzo1pQfgcSRix2l1la2YYB6e11AV/Q
 A8AWcorXofD6vo6n7PuCISmX9PWxxPjzggkFjRXyg85vLUDVWFk7lPgAT4PQ9T3Q
 OKcY5KWHPQSIv77iqN72JbKoTKbFvYvZOXbnJRaapn+Mce6WpSuBprhhxsSW4y/T
 8vum3w/yooDEB/ZV46IZcat9h1c9MOlJlpzzkULtYbwKZstkheM27ac2ht1wqwt0
 yY8nork7HE6OrxCDFRkz0p8B1IxalHAyMEuUnaZFxG590hY9lajKelUhXGfNusDk
 FvEBvu6RcXU+wH11rnzHJeOr+QXkPCPM6bGGVGRpPsi0FYuquwOm9zv0YjWR/Ljv
 07KrAwql3Lrd8GljqtY4viouJ58FPj44vLfpZxHI1EZHtTOVVheZ7IgGKRRY0Z01
 E6CuZIrAyCzD9HJ3kjBh/N3PjWfS1dRckarYAwm4mF8=
 =y9Ol
 -----END PGP MESSAGE-----
--- a/alpine/flarectl/setenv.sh
+++ b/alpine/flarectl/setenv.sh
@ -0,0 +1,4 @@
 export CF_API_KEY=
 export CF_API_EMAIL=
 #CF_API_DOMAIN
--- a/alpine/fpmredis/Dockerfile
+++ b/alpine/fpmredis/Dockerfile
@ -0,0 +1,11 @@
 FROM alpine:latest
 ENV container docker
 RUN apk update; apk upgrade; apk add php83-gd php83-session php83-json php83-fpm php83-mysqlnd php83-mysqli php83-mbstring php83-xml php83-redis php83-curl php83-gmp bash php83-pdo_mysql php83-zip php83-dom php83-xmlwriter php83-xmlreader php83-ctype php83-simplexml php83-intl php83-iconv supervisor php83-opcache php83-posix php83-fileinfo php83-pecl-imagick php83-bcmath php83-pcntl php83-cli php83-sysvsem php83-exif php83-sodium php83-bz2
 COPY supervisord.conf /etc/supervisord.conf
 COPY fpm-www.conf /etc/php83/php-fpm.d/www.conf
 COPY nc-upgrade.sh /var/www/nc-upgrade.sh
 COPY php.ini /etc/php83/php.ini
 # RUN sed -i -e 's/^disable_functions.*/disable_functions=exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,eval,base64_decode/g' -e 's/^expose_php.*/expose_php=off/g' -e 's/^memory_limit.*/memory_limit=512M/g' -e 's/^session.save_handler.*/session.save_handler=redis/g'  /etc/php83/php.ini
 RUN echo 'session.save_path = "tcp://192.168.86.212:6379"' >> /etc/php83/php.ini
 EXPOSE 9000
 CMD ["/usr/bin/supervisord", "-n"]
--- a/alpine/fpmredis/Dockerfile-old
+++ b/alpine/fpmredis/Dockerfile-old
@ -0,0 +1,7 @@
 FROM alpine
 ENV container docker
 RUN apk update; apk upgrade; apk add supervisor php7-gd php7-session php7-json php7-fpm php7-mysqlnd php7-mysqli php7-mbstring php7-xml php7-redis php7-curl php7-gmp bash apache2-webdav php7-pdo_mysql php7-zip php7-dom php7-xmlwriter php7-xmlreader php7-ctype php7-simplexml php7-intl php7-iconv
 COPY supervisord.conf /etc/supervisord.conf
 COPY fpm-www.conf /etc/php7/php-fpm.d/www.conf
 EXPOSE 9000
 CMD ["/usr/bin/supervisord", "-n"]
--- a/alpine/fpmredis/Dockerfile-php7
+++ b/alpine/fpmredis/Dockerfile-php7
@ -0,0 +1,10 @@
 FROM alpine
 ENV container docker
 RUN apk update; apk upgrade; apk add php7-gd php7-session php7-json php7-fpm php7-mysqlnd php7-mysqli php7-mbstring php7-xml php7-redis php7-curl php7-gmp bash php7-pdo_mysql php7-zip php7-dom php7-xmlwriter php7-xmlreader php7-ctype php7-simplexml php7-intl php7-iconv redis supervisor php7-opcache php7-posix php7-fileinfo php7-pecl-imagick php7-bcmath php7-pcntl php7-cli
 COPY supervisord.conf /etc/supervisord.conf
 COPY fpm-www.conf /etc/php7/php-fpm.d/www.conf
 RUN sed -i -e 's/^disable_functions.*/disable_functions=exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,eval,base64_decode/g' /etc/php7/php.ini
 RUN sed -i -e 's/^expose_php.*/expose_php=off/g' /etc/php7/php.ini
 RUN sed -i -e 's/^memory_limit.*/memory_limit=512M/g' /etc/php7/php.ini
 EXPOSE 9000
 CMD ["/usr/bin/supervisord", "-n"]
--- a/alpine/fpmredis/Dockerfile-php81
+++ b/alpine/fpmredis/Dockerfile-php81
@ -0,0 +1,9 @@
 FROM alpine:3.16
 ENV container docker
 RUN apk update; apk upgrade; apk add php81-gd php81-session php81-json php81-fpm php81-mysqlnd php81-mysqli php81-mbstring php81-xml php81-redis php81-curl php81-gmp bash php81-pdo_mysql php81-zip php81-dom php81-xmlwriter php81-xmlreader php81-ctype php81-simplexml php81-intl php81-iconv redis supervisor php81-opcache php81-posix php81-fileinfo php81-pecl-imagick php81-bcmath php81-pcntl php81-cli
 COPY supervisord.conf /etc/supervisord.conf
 COPY fpm-www.conf /etc/php81/php-fpm.d/www.conf
 RUN sed -i -e 's/^disable_functions.*/disable_functions=exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,eval,base64_decode/g' -e 's/^expose_php.*/expose_php=off/g' -e 's/^memory_limit.*/memory_limit=512M/g' -e 's/^session.save_handler.*/session.save_handler=redis/g'  /etc/php81/php.ini
 RUN echo 'session.save_path = "tcp://192.168.86.212:6379"' >> /etc/php81/php.ini
 EXPOSE 9000
 CMD ["/usr/bin/supervisord", "-n"]
--- a/alpine/fpmredis/README.md
+++ b/alpine/fpmredis/README.md
@ -0,0 +1 @@
 nextcloud does not support php 7.4+.
--- a/alpine/fpmredis/apache-vhosts.conf
+++ b/alpine/fpmredis/apache-vhosts.conf
@ -0,0 +1,67 @@
 LoadModule dav_module /usr/lib/apache2/mod_dav.so
 # Enable php-fpm integration
 <Proxy "fcgi://127.0.0.1:9000" enablereuse=on max=10>
 </Proxy>
 <FilesMatch ".+\.ph(ar|p|tml)$">
        SetHandler "proxy:fcgi://127.0.0.1:9000"
 </FilesMatch>
 DirectoryIndex /index.php index.php
 <VirtualHost *:80>
 	# this site is now behind nginx
 	# https://www.headdesk.me/Nginx_reverse_proxy_container
 	# requires ondrej ppa
 	# Protocols h2c http/1.1
 	# vhost for music share
 	# access with user xpk.music / qwer-tyui-asdf-ghjk-zxcv
 	ServerName xpk.headdesk.me
 	ServerAlias localhost
 	DocumentRoot /var/www/nextcloud
 	ErrorLog /var/log/apache2/xpk.headdesk.me.err
 	LogLevel error
 	CustomLog /var/log/apache2/xpk.headdesk.me.log combined
 	Alias /music /nas/music
 	<Location /music>
 		Options Indexes
 		DAV on
 		#AuthType Digest
 		#AuthName "XPKMusic"
 		#AuthDigestProvider file
 		AuthType Basic
 		AuthName "XPK Music"
 		#AuthUserFile "/etc/apache2/webdav.passwd"
 		AuthUserFile "/etc/apache2/xpkmusic.paswd"
 		<Limit GET PROPFIND>
            		require valid-user
    		</Limit>
 	</Location>
 	Alias /nextcloud /var/www/nextcloud
 	<Location /nextcloud>
 		Require all granted
 	</Location>
        <Directory /var/www/nextcloud/>
          Options +FollowSymlinks
          AllowOverride All
        <IfModule mod_dav.c>
         Dav off
        </IfModule>
         SetEnv HOME /var/www/nextcloud
         SetEnv HTTP_HOME /var/www/nextcloud
        </Directory>
 	<Directory /var/www/nextcloud/data/>
 		Require all denied
 	</Directory>
 </VirtualHost>
--- a/alpine/fpmredis/backup.tar
+++ b/alpine/fpmredis/backup.tar
--- a/alpine/fpmredis/build.sh
+++ b/alpine/fpmredis/build.sh
@ -0,0 +1,2 @@
 export DOCKER_BUILDKIT=1
 docker build --pull --network host -t alpine/fpmredis .
--- a/alpine/fpmredis/c8-php8-backup.tar
+++ b/alpine/fpmredis/c8-php8-backup.tar
--- a/alpine/fpmredis/fpm-www.conf
+++ b/alpine/fpmredis/fpm-www.conf
@ -0,0 +1,23 @@
 [www]
 user = nobody
 group = nobody
 listen = 0.0.0.0:9000
 pm = dynamic
 pm.max_children = 50
 pm.start_servers = 10
 pm.min_spare_servers = 10
 pm.max_spare_servers = 20
 pm.process_idle_timeout = 20s
 pm.max_requests = 500
 php_admin_flag[log_errors] = on                          
 php_admin_value[error_log] = /var/log/fpm-$pool.error.log                                                                            
 php_admin_value[disable_functions] = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignal
 php_admin_value[memory_limit] = 512M                                                                                                 
 php_admin_value[upload_max_filesize] = 800M
 php_admin_value[post_max_size] = 850M
 ; needed by nextcloud
 env[HOSTNAME] = $HOSTNAME
 env[PATH] = /usr/local/bin:/usr/bin:/bin
 env[TMP] = /tmp
 env[TMPDIR] = /tmp
 env[TEMP] = /tmp
--- a/alpine/fpmredis/nc-upgrade.sh
+++ b/alpine/fpmredis/nc-upgrade.sh
@ -0,0 +1,17 @@
 #!/bin/bash
 cp /etc/php81/php.ini /etc/php81/php.ini-orig  
 sed -i -e '/^disable_function/d' /etc/php81/php.ini
 VERSION=$1
 cd /var/www/nextcloud
 cp nextcloud/config/config.php .
 cp -ap nextcloud/data/ data/
 apk add axel sudo 
 axel https://download.nextcloud.com/server/releases/nextcloud-$VERSION.zip
 unzip -o -q nextcloud-$VERSION.zip
 cp config.php  nextcloud/config/
 cp -ap data nextcloud/
 chown -R xfs:xfs nextcloud
 cd nextcloud
 sudo -u xfs php81 occ upgrade
 sudo -u xfs php81 occ maintenance:mode --off
 cp /etc/php81/php.ini-orig  /etc/php81/php.ini
--- a/alpine/fpmredis/php.ini
+++ b/alpine/fpmredis/php.ini
--- a/alpine/fpmredis/restart.sh
+++ b/alpine/fpmredis/restart.sh
@ -0,0 +1,2 @@
 docker ps -a | grep nextcloud-fpm | awk '{print $1}' | xargs docker rm -f
 ./start.sh
--- a/alpine/fpmredis/start.sh
+++ b/alpine/fpmredis/start.sh
@ -0,0 +1,3 @@
 docker run --cpus=4 --name nextcloud-fpm -v /var/www/nextcloud:/var/www/nextcloud:rw \
 -v /var/run/mysqld/mysqld.sock:/var/run/mysqld/mysqld.sock:rw \
 -it -d -m 4g --net macvlan --ip 192.168.86.210 --restart=always alpine/fpmredis
--- a/alpine/fpmredis/supervisord.conf
+++ b/alpine/fpmredis/supervisord.conf
@ -0,0 +1,25 @@
 [unix_http_server]
 file=/run/supervisord.sock   ; (the path to the socket file)
 [supervisord]
 logfile=/var/log/supervisord.log ; (main log file;default $CWD/supervisord.log)
 loglevel=error
 logfile_maxbytes=10MB
 logfile_backups=7
 user=root
 [rpcinterface:supervisor]
 supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
 [supervisorctl]
 serverurl=unix:///run/supervisord.sock ; use a unix:// URL  for a unix socket
 #[program:redis]
 #command=redis-server
 #stderr_logfile = /var/log/supervisord-redis.err
 #stdout_logfile = /var/log/supervisord-redis.log
 [program:phpfpm]
 command=/usr/sbin/php-fpm82 -c /etc/php82/php-fpm.conf -F
 stderr_logfile = /var/log/supervisord-fpm.err
 stdout_logfile = /var/log/supervisord-fpm.log
--- a/alpine/gcloudcli/Dockerfile
+++ b/alpine/gcloudcli/Dockerfile
@ -0,0 +1,9 @@
 FROM alpine:3.16
 ENV container docker
 RUN apk update; apk upgrade; apk add jq bash wget curl python3 sqlite
 RUN wget -q -O- https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-sdk-368.0.0-linux-x86_64.tar.gz | tar zxf -
 COPY *.sh /root/
 RUN chmod 755 /root/*.sh
 RUN /google-cloud-sdk/install.sh -q
 RUN echo 'export PATH=/google-cloud-sdk/bin:$PATH' > /root/.bashrc
 ENTRYPOINT ["/bin/bash"]
--- a/alpine/gcloudcli/README.md
+++ b/alpine/gcloudcli/README.md
@ -0,0 +1,96 @@
 # notes
 There is no need to build your own image. Use the ones on docker hub. e.g. google/cloud-sdk:alpine
 See https://hub.docker.com/r/google/cloud-sdk/
 # usage
 gcloud init
 You will then be prompted to sign in with a URL and enter a default region. For Hong Kong, it is asia-northeast1-c.
 asia-east1-a Changhua County, Taiwan
 asia-east1-b Changhua County, Taiwan
 asia-east1-c Changhua County, Taiwan
 asia-east2-a Hong Kong, APAC
 asia-east2-b Hong Kong, APAC
 asia-east2-c Hong Kong, APAC
 asia-northeast1-a Tokyo, Japan, APAC 
 asia-northeast1-b Tokyo, Japan, APAC 
 asia-northeast1-c Tokyo, Japan, APAC 
 asia-northeast2-a Osaka, Japan, APAC 
 asia-northeast2-b Osaka, Japan, APAC 
 asia-northeast2-c Osaka, Japan, APAC 
 asia-northeast3-a Seoul, South Korea, APAC 
 asia-northeast3-b Seoul, South Korea, APAC 
 asia-northeast3-c Seoul, South Korea, APAC 
 asia-south1-a Mumbai, India APAC
 asia-south1-b Mumbai, India APAC
 asia-south1-c Mumbai, India APAC
 asia-south2-a Delhi, India APAC 
 asia-south2-b Delhi, India APAC 
 asia-south2-c Delhi, India APAC 
 asia-southeast1-a Jurong West, Singapore
 asia-southeast1-b Jurong West, Singapore
 asia-southeast1-c Jurong West, Singapore
 asia-southeast2-a Jakarta, Indonesia, APAC
 asia-southeast2-b Jakarta, Indonesia, APAC
 asia-southeast2-c Jakarta, Indonesia, APAC
 australia-southeast1-a Sydney, Australia
 australia-southeast1-b Sydney, Australia
 australia-southeast1-c Sydney, Australia
 australia-southeast2-a Melbourne, Australia
 australia-southeast2-b     
 australia-southeast2-c Melbourne, Australia
 europe-central2-a     
 europe-central2-b     
 europe-central2-c Warsaw, Poland, Europe
 europe-north1-a Hamina, Finland, Europe
 europe-north1-b Hamina, Finland, Europe
 europe-north1-c Hamina, Finland, Europe 
 europe-west1-b St. Ghislain, Belgium, Europe
 europe-west1-c St. Ghislain, Belgium, Europe
 europe-west1-d St. Ghislain, Belgium, Europe
 europe-west2-a London, England, Europe 
 europe-west2-b London, England, Europe 
 europe-west2-c London, England, Europe
 europe-west3-a Frankfurt, Germany Europe
 europe-west3-b Frankfurt, Germany Europe
 europe-west3-c Frankfurt, Germany Europe
 europe-west4-a Eemshaven, Netherlands, Europe
 europe-west4-b Eemshaven, Netherlands, Europe 
 europe-west4-c Eemshaven, Netherlands, Europe 
 europe-west6-a Zurich, Switzerland, Europe 
 europe-west6-b Zurich, Switzerland, Europe 
 europe-west6-c Zurich, Switzerland, Europe 
 northamerica-northeast1-a Montréal, Québec, North America 
 northamerica-northeast1-b Montréal, Québec, North America 
 northamerica-northeast1-c Montréal, Québec, North America 
 northamerica-northeast2-a Toronto, Ontario, North America 
 northamerica-northeast2-b Toronto, Ontario, North America 
 northamerica-northeast2-c Toronto, Ontario, North America 
 southamerica-east1-a Osasco, São Paulo, Brazil, South
 southamerica-east1-b Osasco, São Paulo, Brazil, South
 southamerica-east1-c Osasco, São Paulo, Brazil, South
 southamerica-west1-a,b,c Santiago, Chile, South America 
 us-central1-a Council Bluffs, Iowa, North America
 us-central1-b Council Bluffs, Iowa, North America
 us-central1-c Council Bluffs, Iowa, North America
 us-central1-f Council Bluffs, Iowa, North America
 us-east1-b Moncks Corner, South Carolina, North
 us-east1-c Moncks Corner, South Carolina, North
 us-east1-d Moncks Corner, South Carolina, North
 us-east4-a Ashburn, Virginia, North America 
 us-east4-b Ashburn, Virginia, North America 
 us-east4-c Ashburn, Virginia, North America 
 us-west1-a The Dalles, Oregon, North America
 us-west1-b The Dalles, Oregon, North America
 us-west1-c The Dalles, Oregon, North America
 us-west2-a Los Angeles, California, North America
 us-west2-b Los Angeles, California, North America
 us-west2-c Los Angeles, California, North America
 us-west3-a     
 us-west3-b     
 us-west3-c Salt Lake City, Utah, North
 us-west4-a Las Vegas, Nevada, North America
 us-west4-b Las Vegas, Nevada, North America
 us-west4-c Las Vegas, Nevada, North America
--- a/alpine/gcloudcli/ec2-matching.sh
+++ b/alpine/gcloudcli/ec2-matching.sh
@ -0,0 +1,34 @@
 #!/bin/bash
 cat <<EOF > /tmp/ec2-raw.txt
 m5.large	2	8	
 m5.xlarge	4	16
 m5.2xlarge	8	32
 m5.4xlarge	16	64
 m5.8xlarge	32	128
 c5.large	2	4	
 c5.xlarge	4	8
 c5.2xlarge	8	16
 c5.4xlarge	16	32	
 c5.9xlarge	36	72	
 c5.12xlarge	48	96
 r5.large	2	16
 r5.xlarge	4	32
 r5.2xlarge	8	64
 r5.4xlarge	16	128
 r5.8xlarge	32	256
 EOF
 if [ ! -f ec2-size-match.db ]; then
 echo "create table instances(instance varchar(30), cpu int, ram int)" | sqlite3 ec2-size-match.db
 cat /tmp/ec2-raw.txt | while read a b c; do
 echo "insert into instances values(\"$a\", \"$b\", \"$c\");" | sqlite3 ec2-size-match.db
 done
 fi
 RESULT=$(echo "select instance from instances where cpu = \"$1\" and ram = \"$2\";" | sqlite3 ec2-size-match.db)
 if [ -z "$RESULT" ]; then
 echo manual-match
 else
 echo $RESULT
 fi 
--- a/alpine/gcloudcli/get-instances.sh
+++ b/alpine/gcloudcli/get-instances.sh
@ -0,0 +1,20 @@
 #!/bin/bash
 echo "id,name,size,disksize,os,cpu,ram,ec2"
 gcloud compute instances list --filter="status=running" --format=json | jq -cr '.[] | [.id, .name, (.machineType | split("/")[10]), (.disks[] | .diskSizeGb), (.disks[] | .licenses[0] | split("/")[9]),(.zone | split("/")[8])] | @csv' > /tmp/instances.csv
 cat /tmp/instances.csv | while read l; do
 echo -n $l,
 INSTSIZE=$(echo $l | awk -F, '{print $3}' | tr -d \")
 gcloud compute machine-types describe $INSTSIZE --zone asia-northeast1-c --format json | jq -cr '[.guestCpus,.memoryMb] | @csv'
 done > /tmp/instances2.csv
 cat /tmp/instances2.csv | while read l; do
 echo -n $l,
 CPU=$(echo $l | awk -F, '{print $(NF-1)}')
 RAM1=$(echo $l | awk -F, '{print $NF}')
 RAM2=$(echo $RAM1/1024 | bc)
 /root/ec2-matching.sh $CPU $RAM2
 done
--- a/alpine/haproxy/Dockerfile
+++ b/alpine/haproxy/Dockerfile
@ -0,0 +1,7 @@
 FROM alpine:latest
 ENV container docker
 RUN apk update; apk upgrade; apk add haproxy tzdata
 COPY haproxy.cfg /etc/haproxy/haproxy.cfg
 RUN ln -s /usr/share/zoneinfo/Asia/Hong_Kong /etc/localtime
 EXPOSE 41080
 CMD [ "/usr/sbin/haproxy", "-f", "/etc/haproxy/haproxy.cfg", "-db" ]
--- a/alpine/haproxy/README.md
+++ b/alpine/haproxy/README.md
@ -0,0 +1,3 @@
 Access stats:
 http://192.168.86.208:44644/stats
--- a/alpine/haproxy/build.sh
+++ b/alpine/haproxy/build.sh
@ -0,0 +1,2 @@
 export DOCKER_BUILDKIT=1
 docker build --network host -t alpine/haproxy .
--- a/alpine/haproxy/haproxy.cfg
+++ b/alpine/haproxy/haproxy.cfg
@ -0,0 +1,31 @@
 global                                                                                     
 	log 		192.168.86.10 local0 notice
 	chroot      /var/lib/haproxy
 	pidfile     /var/run/haproxy.pid
 	maxconn     600
 	user        haproxy
 	group       haproxy
 	daemon
 defaults
 	log global
    mode tcp
    timeout client 10s
    timeout connect 5s
    timeout server 10s
 frontend stats
 	mode http
 	bind *:44644
 	stats enable
 	stats uri /stats
 	stats refresh 10s
 	stats auth admin:qwerty-asdf-1234
 frontend socks-front  
 	bind *:41080
 	default_backend socks-back
 backend socks-back
 	server appgate 192.168.86.22:9080 check
 	server ism 192.168.86.18:11080 check backup
--- a/alpine/haproxy/restart-haproxy.sh
+++ b/alpine/haproxy/restart-haproxy.sh
@ -0,0 +1,4 @@
 docker stop haproxy
 docker rm haproxy
 sleep 5
 /my/container-config/alpine/haproxy/start-haproxy.sh
--- a/alpine/haproxy/start-haproxy.sh
+++ b/alpine/haproxy/start-haproxy.sh
@ -0,0 +1,3 @@
 # haproxy socks container
 docker run --name haproxy \
 --net macvlan --ip 192.168.86.208 -d --restart=always alpine/haproxy
--- a/alpine/iamctl/Dockerfile
+++ b/alpine/iamctl/Dockerfile
@ -0,0 +1,10 @@
 FROM alpine:3.16
 LABEL description="iamctl on alpine"
 ENV container docker
 RUN apk add bash git py3-pip vim aws-cli aws-cli-doc jq
 RUN git clone https://github.com/aws-samples/aws-iamctl.git /tmp/aws-iamctl
 RUN cd /tmp/aws-iamctl; python3 setup.py install
 COPY equivalency_list.json /tmp/aws-iamctl/
 COPY iam.json /tmp/aws-iamctl/
 ENV PS1 "[iamctl] \w $ "
 ENTRYPOINT ["/bin/bash"]
--- a/alpine/iamctl/equivalency_list.json
+++ b/alpine/iamctl/equivalency_list.json
@ -0,0 +1 @@
 {"accountid": ["123456789012", "234567890123"], "accountprefix1": ["apples-production", "oranges-production", "apples-development", "oranges-development"]}
--- a/alpine/iamctl/iam.json
+++ b/alpine/iamctl/iam.json
--- a/alpine/jenkins/Dockerfile
+++ b/alpine/jenkins/Dockerfile
@ -0,0 +1,18 @@
 FROM alpine:latest
 LABEL description="Jenkins"
 LABEL maintainer="racken@one27.cf"
 LABEL notes="Get initial admin password by docker exec -it <container-id> and cat /root/.jenkins/secrets/initialAdminPassword"
 LABEL java-version="openjdk11"
 LABEL jenkins-version="2.222.3"
 LABEL exposed-port="8080"
 LABEL jenkins-path="/jenkins"
 ENV container docker
 RUN apk add openjdk11 wget openjdk11-jre-headless ttf-dejavu; mkdir /opt/tomcat
 WORKDIR /opt/tomcat
 RUN wget -q -O- http://ftp.cuhk.edu.hk/pub/packages/apache.org/tomcat/tomcat-9/v9.0.34/bin/apache-tomcat-9.0.34.tar.gz | tar zxf - --strip-components=1
 RUN rm -rf /opt/tomcat/webapps/ROOT
 RUN wget -q -O /opt/tomcat/webapps/jenkins.war http://mirrors.jenkins.io/war-stable/latest/jenkins.war
 ENV JAVA_HOME="/usr"
 ENV JAVA_OPTS="-Djava.awt.headless=true -Xmx2g -Dhudson.DNSMultiCast.disabled=true -Duser.timezone=Asia/Hong_Kong"
 EXPOSE 8080
 CMD ["/opt/tomcat/bin/catalina.sh", "run"]
--- a/alpine/jenkins/start.sh
+++ b/alpine/jenkins/start.sh
@ -0,0 +1,3 @@
 docker run --name jenkins --cpus 2 \
 --net macvlan --ip 192.168.86.211 -d --restart=always alpine-jenkins
--- a/alpine/nginx-with-volume/Dockerfile
+++ b/alpine/nginx-with-volume/Dockerfile
@ -0,0 +1,8 @@
 FROM alpine:latest
 ENV container docker
 VOLUME /var/www
 RUN apk update; apk upgrade; apk add nginx nginx-mod-http-dav-ext
 RUN mkdir -p /run/nginx
 COPY index.html /var/www/index.html
 EXPOSE 80
 CMD [ "/usr/sbin/nginx", "-c", "/etc/nginx/nginx.conf" ]
--- a/alpine/nginx-with-volume/README.md
+++ b/alpine/nginx-with-volume/README.md
@ -0,0 +1,6 @@
 # Revision notes
 20191206: since 1.17.6, /var/www/nextcloud needs to be mounted. not sure why it worked before... also created xpknet and assigned static IP to containers. nginx is on 192.168.188.2 and fpm on 192.168.188.10
 20191206: changed to macvlan. nginx is on 192.168.86.3 and fpm on 192.168.86.4
 # General notes
 dav is needed for enpass
--- a/alpine/nginx-with-volume/build.sh
+++ b/alpine/nginx-with-volume/build.sh
@ -0,0 +1,2 @@
 export DOCKER_BUILDKIT=1
 docker build --network host -t alpine/nginx-v .
--- a/alpine/nginx-with-volume/index.html
+++ b/alpine/nginx-with-volume/index.html
@ -0,0 +1,5 @@
 <p>
 <br>
 <center>
 <a href=https://xpk.headdesk.me/mon>Go to observium</a>
 </center>
--- a/alpine/nginx-with-volume/nginx.conf
+++ b/alpine/nginx-with-volume/nginx.conf
@ -0,0 +1,254 @@
 user  nginx;
 worker_processes  2;
 daemon off;
 load_module "modules/ngx_http_dav_ext_module.so";
 error_log /var/log/nginx/error-local.log warn;
 pid        /var/run/nginx.pid;
 events {
    worker_connections   2000;
 }
 http {
  server_tokens off;
  include       /etc/nginx/mime.types;
  default_type  application/octet-stream;
  sendfile        on;
  keepalive_timeout  65;
  client_max_body_size 200M;
  gzip on;
  gzip_min_length  1100;
  gzip_buffers     4 8k;
  gzip_types       text/plain;
 	# caching
 	proxy_cache_path /tmp/nginx-cache levels=1:2 keys_zone=zone1:10m max_size=1G;
 	proxy_temp_path /tmp/nginx-proxy 1 2;
 	proxy_cache_key "$scheme$request_method$host$request_uri";
 	proxy_ignore_headers Expires Cache-Control;
 	proxy_cache_use_stale error timeout invalid_header http_502;
 	proxy_cache_bypass $cookie_session;
 	proxy_no_cache $cookie_session;
 	proxy_headers_hash_max_size 1024;
 	proxy_headers_hash_bucket_size 128;
 	log_format cached '$remote_addr '
 		'"$request" $status $body_bytes_sent '
 		'"$http_referer" "$http_user_agent" $upstream_cache_status';
 	# Useragent ACL: works but ubuntu online accounts does not provide any useragent
  #map $http_user_agent $useragent_acl {
  #  	default deny;
  # 	~(Desktop|Chrome|Nextcloud-iOS|Nextcloud-android|mirall|Mozilla/5\.0|git|ansible-httpget|Go-http-client) allow;
  #}
 	#        _                 _                     _ _
 	#  _ __ | |__  _ __       | |__   __ _ _ __   __| | | ___ _ __
 	# | '_ \| '_ \| '_ \ _____| '_ \ / _` | '_ \ / _` | |/ _ \ '__|
 	# | |_) | | | | |_) |_____| | | | (_| | | | | (_| | |  __/ |
 	# | .__/|_| |_| .__/      |_| |_|\__,_|_| |_|\__,_|_|\___|_|
 	# |_|         |_|
 	#
 	upstream php-handler {
    	server 192.168.86.210:9000;
    	#server unix:/var/run/php/php7.2-fpm.sock;
 	}
  server {
  	listen 80 default_server;
 		# root /var/www/null;
 		root /var/www/letsencrypt;
 		# for letsencrypt / acme-tiny
 		location /.well-known {
 			try_files $uri $uri/ =404;
 		}
        	location /.well-known/acme-challenge/ {
               		alias /var/www/letsencrypt/;
        	}
 		location / {
        		return 301 https://$host$request_uri;
    		}
 		# Useragent ACL
    #		if ($useragent_acl = deny) {
    #    		return 403;
    #		}
 	# letsencrypt validation
 	#location /.well-known/acme-challenge/ {
      	#	alias /var/www/letsencrypt/;
 	#}
 	#if ($http_x_forwarded_proto != "https") {
 #		return 301 https://$host$request_uri;
 #	}
  }
  server {
 		listen 443 ssl http2 default_server;
 		root /var/www;
 		# still need TLS1.2 for Lixil Jenkins git pull
 		ssl_protocols TLSv1.2 TLSv1.3;
 		ssl_ecdh_curve secp521r1:secp384r1:prime256v1;
 		ssl_ciphers TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-GCM-SHA256;
 		ssl_prefer_server_ciphers on;
 		ssl_session_timeout  10m;
 		ssl_session_cache shared:SSL:10m;
 		ssl_session_tickets off;
 		add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
 		add_header X-Frame-Options SAMEORIGIN;
 		add_header X-Content-Type-Options nosniff;
 		add_header X-XSS-Protection "1; mode=block";
 		add_header X-Robots-Tag "noindex, nofollow";
 		add_header X-Download-Options noopen;
 		add_header X-Permitted-Cross-Domain-Policies none;
 		add_header Referrer-Policy no-referrer;
 		ssl_certificate /home/ssl/xpk.headdesk.me.crt;
 		ssl_certificate_key /home/ssl/xpk.headdesk.me.key;
 		# filter out PROPFIND in access log
 		set $logme 1;
 		if ($request_method = PROPFIND) {
     		set $logme 0;
 		}
 		access_log /var/log/nginx/access.log cached if=$logme;
 		# Useragent ACL
 		# if ($useragent_acl = deny) {
 	    #		return 403;
 		#}
 		#location / {
  	#		proxy_pass http://192.168.86.10:8080/;
    #			proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    #			proxy_set_header X-Real-IP $remote_addr;
    #			proxy_set_header HTTP_X_FORWARDED_PROTO https;
    #			proxy_set_header Host $host;
    #			proxy_cache_bypass $http_pragma    $http_authorization;
    #		}
 	        # letsencrypt validation
        	location /.well-known/acme-challenge/ {
                	alias /var/www/letsencrypt/;
        	}
 		fastcgi_hide_header X-Powered-By;
 		location = /.well-known/carddav {
 		    return 301 $scheme://$host:$server_port/nextcloud/remote.php/dav;
  		}
  		location = /.well-known/caldav {
    			return 301 $scheme://$host:$server_port/nextcloud/remote.php/dav;
  		}
    		location /nextcloud/ {
     			rewrite ^ /nextcloud/index.php;
  		}
   		location ~ ^\/nextcloud\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
       			deny all;
  		}
  		location ~ ^\/nextcloud\/(?:\.|autotest|occ|issue|indie|db_|console) {
     			deny all;
  		}
 		location ~ ^\/nextcloud\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
 			fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
 			set $path_info $fastcgi_path_info;
 			try_files $fastcgi_script_name =404;
 			include fastcgi_params;
 			fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
 			fastcgi_param PATH_INFO $path_info;
 			fastcgi_param HTTPS on;
 			# Avoid sending the security headers twice
 			fastcgi_param modHeadersAvailable true;
 			# Enable pretty urls
 			fastcgi_param front_controller_active true;
 			fastcgi_pass php-handler;
 			fastcgi_intercept_errors on;
 			fastcgi_request_buffering off;
 		}
 		location ~ ^\/nextcloud\/(?:updater|oc[ms]-provider)(?:$|\/) {
 			try_files $uri/ =404;
 			index index.php;
 		}
 		location ~ ^\/nextcloud.*\.(?:css|js|woff2?|svg|gif|map)$ {
 		    	try_files $uri /nextcloud/index.php$request_uri;
 		    	add_header Cache-Control "public, max-age=15778463";
 		    	add_header X-Content-Type-Options nosniff;
 		    	add_header X-XSS-Protection "1; mode=block";
 		    	add_header X-Robots-Tag "noindex, nofollow";
 		    	add_header X-Download-Options noopen;
 		    	add_header X-Permitted-Cross-Domain-Policies none;
 		    	add_header Referrer-Policy no-referrer;
 		}
 		location ~ ^\/nextcloud.*\.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ {
  		  	try_files $uri /nextcloud/index.php$request_uri;
 		}
 		location /git/ {
 			proxy_pass http://192.168.86.53:3000/;
 			proxy_set_header X-Forwarded-For $remote_addr;
 			proxy_set_header X-Real-IP $remote_addr;
 			proxy_set_header HTTP_X_FORWARDED_PROTO https;
 			proxy_set_header Host $host;
 			proxy_http_version 1.1;
 			# caching: do not enable, causes cross account caching!
 			# proxy_cache zone1;
 			# proxy_cache_valid 200 302 5m;
 			# proxy_cache_valid any 10m;
 		}
 		location /pad/ {
 			proxy_pass http://192.168.86.51:9001/;
 			proxy_set_header X-Forwarded-For $remote_addr;
 			proxy_set_header X-Real-IP $remote_addr;
 			proxy_set_header HTTP_X_FORWARDED_PROTO https;
 			proxy_set_header Host $host;
 			proxy_http_version 1.1;
 			proxy_cookie_path / "/pad; HTTPOnly; Secure";
 			proxy_cookie_flags express secure httponly;
 		}
 		location /jenkins/ {
 			proxy_pass http://192.168.86.55:8080/jenkins/;
 			proxy_redirect     default;
 			proxy_set_header X-Forwarded-For $remote_addr;
 			proxy_set_header X-Real-IP $remote_addr;
 			proxy_set_header HTTP_X_FORWARDED_PROTO https;
 			proxy_set_header Host $host;
 			proxy_http_version 1.1;
 		}
 		location /mon/ {
 			proxy_pass http://192.168.86.57/;
 			proxy_buffering off;
 			proxy_redirect     default;
 			proxy_set_header X-Forwarded-For $remote_addr;
 			proxy_set_header X-Real-IP $remote_addr;
 			proxy_set_header HTTP_X_FORWARDED_PROTO https;
 			proxy_set_header Host $host;
 			proxy_http_version 1.1;
            		proxy_cookie_path / "/mon; HTTPOnly; Secure";
            		proxy_cookie_flags express secure httponly;
 		}
 		location /enpass/ {
 			root /var/www;
 			auth_basic enpass;
 			auth_basic_user_file /var/www/enpass/.htpass;
 	    		dav_methods     PUT DELETE MKCOL COPY MOVE;
  			dav_ext_methods PROPFIND OPTIONS;
    			dav_access      user:rw group:rw all:r;
 			create_full_put_path  on;
 			autoindex on;
 		}
  }
 }
--- a/alpine/nginx-with-volume/restart-nginx.sh
+++ b/alpine/nginx-with-volume/restart-nginx.sh
@ -0,0 +1,4 @@
 docker stop nginx
 docker rm nginx
 sleep 5
 /my/container-config/alpine/nginx/start-nginx.sh
--- a/alpine/nginx-with-volume/start-nginx.sh
+++ b/alpine/nginx-with-volume/start-nginx.sh
@ -0,0 +1,14 @@
 # nginx container
 docker run --name nginx -v /my/container-config/alpine/nginx/nginx.conf:/etc/nginx/nginx.conf:ro \
 -m 2g -v /my/sites/ssl-cert:/home/ssl \
 -v /var/www/nextcloud:/var/www/nextcloud:ro \
 -v /var/www/enpass:/var/www/enpass:rw \
 -v /var/www/letsencrypt:/var/www/letsencrypt:ro \
 --net macvlan --ip 192.168.86.209 -d --restart=always alpine/nginx
 # clearlinux/nginx
 #docker run --name nginx -v /my/container-config/nginx/nginx.conf:/etc/nginx/nginx.conf:ro \
 #-v /etc/letsencrypt:/etc/letsencrypt:ro -m 2g \
 #-v /var/www/nextcloud:/var/www/nextcloud:ro \
 #--net macvlan --ip 192.168.86.3 -d --restart=always clearlinux/nginx
--- a/alpine/nginx/Dockerfile
+++ b/alpine/nginx/Dockerfile
@ -0,0 +1,7 @@
 FROM alpine:latest
 ENV container docker
 RUN apk update; apk upgrade; apk add nginx nginx-mod-http-dav-ext
 RUN mkdir -p /run/nginx
 COPY index.html /var/www/index.html
 EXPOSE 80
 CMD [ "/usr/sbin/nginx", "-c", "/etc/nginx/nginx.conf" ]
--- a/alpine/nginx/README.md
+++ b/alpine/nginx/README.md
@ -0,0 +1,6 @@
 # Revision notes
 20191206: since 1.17.6, /var/www/nextcloud needs to be mounted. not sure why it worked before... also created xpknet and assigned static IP to containers. nginx is on 192.168.188.2 and fpm on 192.168.188.10
 20191206: changed to macvlan. nginx is on 192.168.86.3 and fpm on 192.168.86.4
 # General notes
 dav is needed for enpass
--- a/alpine/nginx/build.sh
+++ b/alpine/nginx/build.sh
@ -0,0 +1,2 @@
 export DOCKER_BUILDKIT=1
 docker build --network host -t alpine/nginx .
--- a/alpine/nginx/index.html
+++ b/alpine/nginx/index.html
@ -0,0 +1,5 @@
 <p>
 <br>
 <center>
 <a href=https://xpk.headdesk.me/mon>Go to observium</a>
 </center>
--- a/alpine/nginx/nginx.conf
+++ b/alpine/nginx/nginx.conf
@ -0,0 +1,301 @@
 user  nginx;
 worker_processes  2;
 daemon off;
 load_module "modules/ngx_http_dav_ext_module.so";
 error_log /var/log/nginx/error-local.log warn;
 pid        /var/run/nginx.pid;
 events {
    worker_connections   2000;
 }
 http {
  server_tokens off;
  include       /etc/nginx/mime.types;
  default_type  application/octet-stream;
  sendfile        on;
  keepalive_timeout  65;
  client_max_body_size 200M;
  gzip on;
  gzip_min_length  1100;
  gzip_buffers     4 8k;
  gzip_types       text/plain;
 	# caching
 	proxy_cache_path /tmp/nginx-cache levels=1:2 keys_zone=zone1:10m max_size=1G;
 	proxy_temp_path /tmp/nginx-proxy 1 2;
 	proxy_cache_key "$scheme$request_method$host$request_uri";
 	proxy_ignore_headers Expires Cache-Control;
 	proxy_cache_use_stale error timeout invalid_header http_502;
 	proxy_cache_bypass $cookie_session;
 	proxy_no_cache $cookie_session;
 	proxy_headers_hash_max_size 1024;
 	proxy_headers_hash_bucket_size 128;
 	log_format cached '$remote_addr '
 		'"$request" $status $body_bytes_sent '
 		'"$http_referer" "$http_user_agent" $upstream_cache_status';
 	# Useragent ACL
 	map $http_user_agent $blockagent {
        default         	0;
        ~*Bytespider    	1;
        ~*Yandex        	1;
 		~*DotBot			1;
 		~*Chrome/104.0.0.0 	1;
 		~*l9explore			1;
 		~*ImagesiftBot		1;
 	}	
 	#        _                 _                     _ _
 	#  _ __ | |__  _ __       | |__   __ _ _ __   __| | | ___ _ __
 	# | '_ \| '_ \| '_ \ _____| '_ \ / _` | '_ \ / _` | |/ _ \ '__|
 	# | |_) | | | | |_) |_____| | | | (_| | | | | (_| | |  __/ |
 	# | .__/|_| |_| .__/      |_| |_|\__,_|_| |_|\__,_|_|\___|_|
 	# |_|         |_|
 	#
 	upstream php-handler {
    	server 192.168.86.210:9000;
    	#server unix:/var/run/php/php7.2-fpm.sock;
 	}
  server {
  	listen 80 default_server;
 		# root /var/www/null;
 		root /var/www/letsencrypt;
 		# for letsencrypt / acme-tiny
 		location /.well-known {
 			try_files $uri $uri/ =404;
 		}
        	location /.well-known/acme-challenge/ {
               		alias /var/www/letsencrypt/;
        	}
 		location / {
        		return 301 https://$host$request_uri;
    		}
 		# Useragent ACL
 		if ($blockagent) {return 403;}
 	# letsencrypt validation
 	#location /.well-known/acme-challenge/ {
      	#	alias /var/www/letsencrypt/;
 	#}
 	#if ($http_x_forwarded_proto != "https") {
 #		return 301 https://$host$request_uri;
 #	}
  }
  server {
 		listen 443 ssl default_server;
 		http2 on;
 		root /var/www;
 		# still need TLS1.2 for Lixil Jenkins git pull
 		ssl_protocols TLSv1.2 TLSv1.3;
 		ssl_ecdh_curve secp521r1:secp384r1:prime256v1;
 		ssl_ciphers TLS_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:AES256-GCM-SHA384;
 		ssl_prefer_server_ciphers on;
 		ssl_session_timeout  10m;
 		ssl_session_cache shared:SSL:10m;
 		ssl_session_tickets off;
 		add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
 		add_header X-Frame-Options SAMEORIGIN;
 		add_header X-Content-Type-Options nosniff;
 		add_header X-XSS-Protection "1; mode=block";
 		add_header X-Robots-Tag "noindex, nofollow";
 		add_header X-Download-Options noopen;
 		add_header X-Permitted-Cross-Domain-Policies none;
 		add_header Referrer-Policy no-referrer;
 		ssl_certificate /home/ssl/xpk.headdesk.me.crt;
 		ssl_certificate_key /home/ssl/xpk.headdesk.me.key;
 		# filter out PROPFIND in access log
 		set $logme 1;
 		if ($request_method = PROPFIND) {
     		set $logme 0;
 		}
 		#access_log /var/log/nginx/access.log cached if=$logme;
 		access_log syslog:server=192.168.86.10,nohostname cached if=$logme;
 		# Useragent ACL
 		# if ($useragent_acl = deny) {
 	    #		return 403;
 		#}
 		# try again
 		if ($blockagent) {return 403;}
 		#location / {
  	#		proxy_pass http://192.168.86.10:8080/;
    #			proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    #			proxy_set_header X-Real-IP $remote_addr;
    #			proxy_set_header HTTP_X_FORWARDED_PROTO https;
    #			proxy_set_header Host $host;
    #			proxy_cache_bypass $http_pragma    $http_authorization;
    #		}
 	        # letsencrypt validation
        	location /.well-known/acme-challenge/ {
                	alias /var/www/letsencrypt/;
        	}
 		fastcgi_hide_header X-Powered-By;
 		location = /.well-known/carddav {
 		    return 301 $scheme://$host:$server_port/nextcloud/remote.php/dav;
  		}
  		location = /.well-known/caldav {
    			return 301 $scheme://$host:$server_port/nextcloud/remote.php/dav;
  		}
    	location /nextcloud/ {
     			rewrite ^ /nextcloud/index.php;
  		}
   		location ~ ^\/nextcloud\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
       			deny all;
  		}
  		location ~ ^\/nextcloud\/(?:\.|autotest|occ|issue|indie|db_|console) {
     			deny all;
  		}
 		location ~ ^\/nextcloud\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
 			fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
 			set $path_info $fastcgi_path_info;
 			try_files $fastcgi_script_name =404;
 			include fastcgi_params;
 			fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
 			fastcgi_param PATH_INFO $path_info;
 			fastcgi_param HTTPS on;
 			# Avoid sending the security headers twice
 			fastcgi_param modHeadersAvailable true;
 			# Enable pretty urls
 			fastcgi_param front_controller_active true;
 			fastcgi_pass php-handler;
 			fastcgi_intercept_errors on;
 			fastcgi_request_buffering off;
 		}
 		location ~ ^\/nextcloud\/(?:updater|oc[ms]-provider)(?:$|\/) {
 			try_files $uri/ =404;
 			index index.php;
 		}
 		location ~ ^\/nextcloud.*\.(?:css|js|woff2?|svg|gif|map)$ {
 		    	try_files $uri /nextcloud/index.php$request_uri;
 		    	add_header Cache-Control "public, max-age=15778463";
 		    	add_header X-Content-Type-Options nosniff;
 		    	add_header X-XSS-Protection "1; mode=block";
 		    	add_header X-Robots-Tag "noindex, nofollow";
 		    	add_header X-Download-Options noopen;
 		    	add_header X-Permitted-Cross-Domain-Policies none;
 		    	add_header Referrer-Policy no-referrer;
 		}
 		location ~ ^\/nextcloud.*\.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ {
  		  	try_files $uri /nextcloud/index.php$request_uri;
 		}
 		location /git/ {
 			proxy_pass http://192.168.86.53:3000/;
 			proxy_set_header X-Forwarded-For $remote_addr;
 			proxy_set_header X-Real-IP $remote_addr;
 			proxy_set_header HTTP_X_FORWARDED_PROTO https;
 			proxy_set_header Host $host;
 			proxy_http_version 1.1;
 			# caching: do not enable, causes cross account caching!
 			# proxy_cache zone1;
 			# proxy_cache_valid 200 302 5m;
 			# proxy_cache_valid any 10m;
 		}
 		location /pad/ {
 			proxy_pass http://192.168.86.51:9001/;
 			proxy_set_header X-Forwarded-For $remote_addr;
 			proxy_set_header X-Real-IP $remote_addr;
 			proxy_set_header HTTP_X_FORWARDED_PROTO https;
 			proxy_set_header Host $host;
 			proxy_http_version 1.1;
 			proxy_cookie_path / "/pad; HTTPOnly; Secure";
 			proxy_cookie_flags express secure httponly;
 		}
 		location /jenkins/ {
 			proxy_pass http://192.168.86.55:8080/jenkins/;
 			proxy_redirect     default;
 			proxy_set_header X-Forwarded-For $remote_addr;
 			proxy_set_header X-Real-IP $remote_addr;
 			proxy_set_header HTTP_X_FORWARDED_PROTO https;
 			proxy_set_header Host $host;
 			proxy_http_version 1.1;
 		}
 		location /mon/ {
 			proxy_pass http://192.168.86.57/;
 			proxy_buffering off;
 			proxy_redirect     default;
 			proxy_set_header X-Forwarded-For $remote_addr;
 			proxy_set_header X-Real-IP $remote_addr;
 			proxy_set_header HTTP_X_FORWARDED_PROTO https;
 			proxy_set_header Host $host;
 			proxy_http_version 1.1;
            		proxy_cookie_path / "/mon; HTTPOnly; Secure";
            		proxy_cookie_flags express secure httponly;
 		}
 		location /enpass/ {
 			root /var/www;
 			auth_basic enpass;
 			auth_basic_user_file /var/www/enpass/.htpass;
 	    		dav_methods     PUT DELETE MKCOL COPY MOVE;
  			dav_ext_methods PROPFIND OPTIONS;
    			dav_access      user:rw group:rw all:r;
 			create_full_put_path  on;
 			autoindex on;
 		}
  }
  server {
        listen 443 ssl;
 		server_name mon.headdesk.me;
        http2 on;
        root /var/www;
        ssl_protocols TLSv1.3;
        ssl_ecdh_curve secp521r1:secp384r1:prime256v1;
        ssl_ciphers TLS_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:AES256-GCM-SHA384;
        ssl_prefer_server_ciphers on;
        ssl_session_timeout  10m;
        ssl_session_cache shared:SSL:10m;
        ssl_session_tickets off;
        add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
        add_header X-Frame-Options SAMEORIGIN;
        add_header X-Content-Type-Options nosniff;
        add_header X-XSS-Protection "1; mode=block";
        add_header X-Robots-Tag "noindex, nofollow";
        add_header X-Download-Options noopen;
        add_header X-Permitted-Cross-Domain-Policies none;
        add_header Referrer-Policy no-referrer;
        ssl_certificate /home/ssl/mon.headdesk.me.crt;
        ssl_certificate_key /home/ssl/mon.headdesk.me.key;
 		location / {
 		    proxy_pass http://192.168.86.57/;
    		proxy_buffering off;
    		proxy_redirect default;
    		proxy_set_header X-Forwarded-For $remote_addr;
    		proxy_set_header X-Real-IP $remote_addr;
    		proxy_set_header HTTP_X_FORWARDED_PROTO https;
    		proxy_set_header Host $host;
    		proxy_http_version 1.1;
            #proxy_cookie_path / "/mon; HTTPOnly; Secure";
            #proxy_cookie_flags express secure httponly;
 		}
 	}
 }
--- a/alpine/nginx/restart-nginx.sh
+++ b/alpine/nginx/restart-nginx.sh
@ -0,0 +1,4 @@
 docker stop nginx
 docker rm nginx
 sleep 5
 /my/container-config/alpine/nginx/start-nginx.sh
--- a/alpine/nginx/start-nginx.sh
+++ b/alpine/nginx/start-nginx.sh
@ -0,0 +1,14 @@
 # nginx container
 docker run --name nginx -v /my/container-config/alpine/nginx/nginx.conf:/etc/nginx/nginx.conf:ro \
 -m 2g -v /my/sites/ssl-cert:/home/ssl \
 -v /var/www/nextcloud:/var/www/nextcloud:ro \
 -v /var/www/enpass:/var/www/enpass:rw \
 -v /var/www/letsencrypt:/var/www/letsencrypt:ro \
 --net macvlan --ip 192.168.86.209 -d --restart=always alpine/nginx
 # clearlinux/nginx
 #docker run --name nginx -v /my/container-config/nginx/nginx.conf:/etc/nginx/nginx.conf:ro \
 #-v /etc/letsencrypt:/etc/letsencrypt:ro -m 2g \
 #-v /var/www/nextcloud:/var/www/nextcloud:ro \
 #--net macvlan --ip 192.168.86.3 -d --restart=always clearlinux/nginx
--- a/alpine/openstack-cli/Dockerfile
+++ b/alpine/openstack-cli/Dockerfile
@ -0,0 +1,7 @@
 FROM alpine
 LABEL description="Openstack cli on alpine"
 LABEL maintainer="racken@one27.cf"
 ENV container docker
 RUN apk update; apk add py3-pip gcc python3-dev musl-dev linux-headers libffi-dev bash
 RUN pip3 install python-openstackclient
 ENTRYPOINT ["/bin/bash"]
--- a/alpine/ping/Dockerfile
+++ b/alpine/ping/Dockerfile
@ -0,0 +1,5 @@
 FROM alpine:latest
 LABEL description="ping test on alpine"
 LABEL maintainer="racken@one27.cf"
 ENV container docker
 CMD ["ping", "-qi5", "210.0.248.38"]
--- a/alpine/pma/Dockerfile
+++ b/alpine/pma/Dockerfile
@ -0,0 +1,13 @@
 FROM alpine:latest
 LABEL description="phpmyadmin on alpine"
 LABEL maintainer="racken@one27.cf"
 ENV container docker
 RUN apk update; apk add bash tini php81-pdo_mysql php81-fpm nginx php81-session supervisor unzip php81-iconv php81-mysqli php81-xml php81-mbstring
 RUN mkdir -p /var/www/html /etc/supervisor.d
 COPY nginx-default.conf /etc/nginx/http.d/default.conf
 RUN wget -O /tmp/pma.zip https://files.phpmyadmin.net/phpMyAdmin/5.2.1/phpMyAdmin-5.2.1-all-languages.zip
 RUN unzip -qd /var/www/html /tmp/pma.zip; mv /var/www/html/phpMyAdmin* /var/www/html/pma; rm -f /tmp/pma.zip
 COPY config.inc.php /var/www/html/pma/config.inc.php
 RUN mkdir -p /var/www/html/pma/tmp/; chmod 777 /var/www/html/pma/tmp/
 COPY run.ini /etc/supervisor.d/run.ini
 CMD ["/usr/bin/supervisord", "-n"]
--- a/alpine/pma/config.inc.php
+++ b/alpine/pma/config.inc.php
@ -0,0 +1,36 @@
 <?php
 /**
 * phpMyAdmin sample configuration, you can use it as base for
 * manual configuration. For easier setup you can use setup/
 *
 * All directives are explained in documentation in the doc/ folder
 * or at <https://docs.phpmyadmin.net/>.
 */
 declare(strict_types=1);
 /**
 * This is needed for cookie based authentication to encrypt password in
 * cookie. Needs to be 32 chars long.
 */
 $cfg['blowfish_secret'] = 'Z2RVfRex/rIuhv2AAJXQuzbllMs5PelMIWWMCO4Aoag=';
 /**
 * Servers configuration
 */
 $i = 0;
 /**
 * First server
 */
 $i++;
 /* Authentication type */
 $cfg['Servers'][$i]['auth_type'] = 'cookie';
 /* Server parameters */
 $cfg['Servers'][$i]['host'] = 'localhost';
 $cfg['Servers'][$i]['compress'] = false;
 $cfg['Servers'][$i]['AllowNoPassword'] = false;
 $cfg['UploadDir'] = '';
 $cfg['SaveDir'] = '';
 $cfg['AllowArbitraryServer'] = true;
--- a/alpine/pma/nginx-default.conf
+++ b/alpine/pma/nginx-default.conf
@ -0,0 +1,23 @@
 server {
 	listen 80 default_server;
 	listen [::]:80 default_server;
 	root /var/www/html;
 	# You may need this to prevent return 404 recursion.
 	location = /404.html {
 		internal;
 	}
  location / {
     index index.php index.html;
  }
  location ~ [^/]\.php(/|$) {
    fastcgi_split_path_info ^(.+?\.php)(/.*)$;
    fastcgi_param HTTP_PROXY "";
    fastcgi_pass 127.0.0.1:9000;
    fastcgi_param SCRIPT_FILENAME  $document_root$fastcgi_script_name;
    fastcgi_index index.php;
    include fastcgi_params;
  }
 }
--- a/alpine/pma/refresh-service.sh
+++ b/alpine/pma/refresh-service.sh
@ -0,0 +1,5 @@
 aws ecr get-login-password --region ap-southeast-1 | docker login --username AWS --password-stdin 728959568254.dkr.ecr.ap-southeast-1.amazonaws.com/
 docker push 728959568254.dkr.ecr.ap-southeast-1.amazonaws.com/lixil-cms/phpmyadmin
 aws ecs update-service --cluster dev-apse1-lixil-cms-ecs-cluster --service dev-lixil-pma-service --force-new-deployment
 aws ecs update-service --cluster staging-apse1-lixil-cms-ecs-cluster --service staging-apse1-lixil-cms-pma-service --force-new-deployment
 aws ecs update-service --cluster prod-apse1-lixil-cms-ecs-cluster --service prod-apse1-lixil-cms-pma-service --force-new-deployment
--- a/alpine/pma/run.ini
+++ b/alpine/pma/run.ini
@ -0,0 +1,10 @@
 [program:nginx]
 command=/usr/sbin/nginx -g 'daemon off;'
 autostart=true
 autorestart=true
 [program:phpfpm]
 command=/usr/sbin/php-fpm81 -F
 autostart=true
 autorestart=true
--- a/alpine/privoxy/Dockerfile
+++ b/alpine/privoxy/Dockerfile
@ -0,0 +1,10 @@
 FROM alpine:latest
 LABEL description="Privoxy web proxy"
 LABEL maintainer="racken@one27.cf"
 ENV container docker
 RUN apk update; apk add tini privoxy
 RUN cd /etc/privoxy; touch default.filter user.filter; mv match-all.action.new match-all.action; mv user.action.new user.action
 COPY default.action /etc/privoxy/default.action
 COPY config /etc/privoxy/config
 ENTRYPOINT ["/sbin/tini", "--"]
 CMD ["/usr/sbin/privoxy", "--no-daemon", "--user", "privoxy", "/etc/privoxy/config"]
--- a/alpine/privoxy/config
+++ b/alpine/privoxy/config
@ -0,0 +1,33 @@
 user-manual /usr/share/doc/privoxy/user-manual
 confdir /etc/privoxy
 #actionsfile match-all.action # Actions that are applied to all sites and maybe overruled later on.
 #actionsfile default.action   # Main actions file
 #actionsfile user.action      # User customizations
 #filterfile default.filter
 #filterfile user.filter      # User customizations
 listen-address :8086
 toggle 0
 enable-remote-toggle  0
 enable-remote-http-toggle  0
 enable-edit-actions 0
 enforce-blocks 0
 buffer-limit 4096
 enable-proxy-authentication-forwarding 1
 forwarded-connect-retries  0
 accept-intercepted-requests 0
 allow-cgi-request-crunching 0
 split-large-forms 0
 keep-alive-timeout 15
 tolerate-pipelining 1
 socket-timeout 300
 permit-access 192.168.86.0/24
 permit-access [fc00::0]/64
 logdir /var/log/privoxy
 logfile privoxy.log
 #debug 1024
 #log-messages   1
 receive-buffer-size 32768
 listen-backlog 512
 max-client-connections 512
 socket-timeout 180
 tolerate-pipelining 1
--- a/alpine/privoxy/default.action
+++ b/alpine/privoxy/default.action
@ -0,0 +1,2 @@
 {-block}
 .*
--- a/alpine/privoxy/restart.sh
+++ b/alpine/privoxy/restart.sh
@ -0,0 +1,2 @@
 docker rm -f privoxy
 ./start.sh
--- a/alpine/privoxy/start.sh
+++ b/alpine/privoxy/start.sh
@ -0,0 +1,2 @@
 #!/bin/bash
 docker run -d --name privoxy --network macvlan --cpus 2 --memory 1g --restart always --ip 192.168.86.18 alpine/privoxy
--- a/alpine/redis/Dockerfile
+++ b/alpine/redis/Dockerfile
@ -0,0 +1,10 @@
 FROM alpine:latest
 LABEL description="Redis for use with gitea"
 LABEL maintainer="racken@one27.cf"
 ENV container docker
 RUN apk add bash tini redis
 #RUN addgroup -g 3000 ctnuser && adduser -u 3000 -G ctnuser -D ctnuser
 RUN sed -i -e 's/^bind.*/bind 0.0.0.0/g' -e 's/^protected-mode.*/protected-mode no/g' -e 's/^timeout.*/timeout 60/g' -e 's/^\(logfile.*\)/## \1/g' /etc/redis.conf
 RUN chown -R redis:redis /var/log/redis
 USER redis
 ENTRYPOINT ["/sbin/tini", "--", "/usr/bin/redis-server", "/etc/redis.conf"]
--- a/alpine/redis/build.sh
+++ b/alpine/redis/build.sh
@ -0,0 +1,2 @@
 export DOCKER_BUILDKIT=1
 docker build --network host -t alpine/redis .
--- a/alpine/redis/restart.sh
+++ b/alpine/redis/restart.sh
@ -0,0 +1,2 @@
 docker rm -f redis
 docker run -d --name redis --network macvlan --ip 192.168.86.212 --restart=always alpine/redis
--- a/alpine/squid/Dockerfile
+++ b/alpine/squid/Dockerfile
@ -0,0 +1,7 @@
 FROM alpine:latest
 LABEL description="squid on alpine"
 LABEL maintainer="racken@one27.cf"
 ENV container docker
 RUN apk update; apk add squid bash tini
 ENTRYPOINT ["/sbin/tini", "--"]
 CMD ["/usr/sbin/squid",  "-N"]
--- a/alpine/squid/start.sh
+++ b/alpine/squid/start.sh
@ -0,0 +1,3 @@
 docker run --name squid --cpus 2 -m 800m \
 --net macvlan --ip 192.168.86.88 -d --restart=always alpine-squid
--- a/alpine/terraform13/Dockerfile
+++ b/alpine/terraform13/Dockerfile
@ -0,0 +1,9 @@
 FROM alpine:latest
 LABEL description="Terraform1.3 on Alpine"
 LABEL maintainer="xpk@headdesk.me"
 ENV container docker
 RUN apk update
 RUN apk add wget curl git bash libarchive-tools aws-cli
 RUN wget -qO - https://releases.hashicorp.com/terraform/1.3.9/terraform_1.3.9_linux_amd64.zip | bsdtar -xOf - > /usr/bin/terraform
 RUN chmod 755 /usr/bin/terraform
 CMD ["/bin/bash"]
--- a/alpine/terraform13/build.sh
+++ b/alpine/terraform13/build.sh
@ -0,0 +1,3 @@
 #!/bin/bash
 export DOCKER_BUILDKIT=1
 docker buildx build --network host -t alpine/terraform13 .
--- a/alpine/tini-test/Dockerfile
+++ b/alpine/tini-test/Dockerfile
@ -0,0 +1,10 @@
 FROM alpine:latest
 LABEL description="tini test"
 LABEL maintainer="racken@one27.cf"
 ENV container docker
 RUN apk add bash tini
 #ENV TINI_VERSION v0.19.0
 #ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini /tini
 #RUN chmod +x /tini
 ENTRYPOINT ["/sbin/tini", "--"]
 CMD ["/bin/bash"]
--- a/alpine/valkey/Dockerfile
+++ b/alpine/valkey/Dockerfile
@ -0,0 +1,8 @@
 FROM alpine:latest
 LABEL description="Valkey server"
 LABEL maintainer="racken@one27.cf"
 ENV container docker
 RUN apk add bash tini valkey valkey-cli
 COPY valkey.conf /etc/valkey/valkey.conf
 USER valkey
 ENTRYPOINT ["/sbin/tini", "--", "/usr/bin/valkey-server", "/etc/valkey/valkey.conf"]
--- a/alpine/valkey/build.sh
+++ b/alpine/valkey/build.sh
@ -0,0 +1,2 @@
 export DOCKER_BUILDKIT=1
 docker build --network host -t alpine/valkey .
--- a/alpine/valkey/restart.sh
+++ b/alpine/valkey/restart.sh
@ -0,0 +1,3 @@
 docker rm -f valkey
 #docker run -d --name valkey --network macvlan --ip 192.168.86.212 --restart=always alpine/valkey
 docker run -d --name valkey --network macvlan --ip 192.168.86.212 --restart=always valkey/valkey
--- a/alpine/valkey/valkey.conf
+++ b/alpine/valkey/valkey.conf
@ -0,0 +1,79 @@
 #bind 127.0.0.1 -::1
 protected-mode no
 port 6379
 tcp-backlog 511
 unixsocket /run/valkey/valkey.sock
 unixsocketperm 770
 timeout 0
 tcp-keepalive 300
 loglevel notice
 syslog-enabled yes
 syslog-ident valkey
 databases 16
 always-show-logo no
 set-proc-title yes
 proc-title-template "{title} {listen-addr} {server-mode}"
 locale-collate ""
 stop-writes-on-bgsave-error yes
 rdbcompression yes
 rdbchecksum yes
 dbfilename dump.rdb
 rdb-del-sync-files no
 dir /var/lib/valkey
 replica-serve-stale-data yes
 replica-read-only yes
 repl-diskless-sync yes
 repl-diskless-sync-delay 5
 repl-diskless-sync-max-replicas 0
 repl-diskless-load disabled
 repl-disable-tcp-nodelay no
 replica-priority 100
 acllog-max-len 128
 lazyfree-lazy-eviction no
 lazyfree-lazy-expire no
 lazyfree-lazy-server-del no
 replica-lazy-flush no
 lazyfree-lazy-user-del no
 lazyfree-lazy-user-flush no
 io-threads 4
 oom-score-adj no
 oom-score-adj-values 0 200 800
 disable-thp yes
 appendonly no
 appendfilename "appendonly.aof"
 appenddirname "appendonlydir"
 appendfsync everysec
 no-appendfsync-on-rewrite no
 auto-aof-rewrite-percentage 100
 auto-aof-rewrite-min-size 64mb
 aof-load-truncated yes
 aof-use-rdb-preamble yes
 aof-timestamp-enabled no
 slowlog-log-slower-than 10000
 slowlog-max-len 128
 latency-monitor-threshold 0
 notify-keyspace-events ""
 hash-max-listpack-entries 512
 hash-max-listpack-value 64
 list-max-listpack-size -2
 list-compress-depth 0
 set-max-intset-entries 512
 set-max-listpack-entries 128
 set-max-listpack-value 64
 zset-max-listpack-entries 128
 zset-max-listpack-value 64
 hll-sparse-max-bytes 3000
 stream-node-max-bytes 4096
 stream-node-max-entries 100
 activerehashing yes
 client-output-buffer-limit normal 0 0 0
 client-output-buffer-limit replica 256mb 64mb 60
 client-output-buffer-limit pubsub 32mb 8mb 60
 hz 10
 dynamic-hz yes
 aof-rewrite-incremental-fsync yes
 rdb-save-incremental-fsync yes
 jemalloc-bg-thread yes
 include /etc/valkey/valkey.d/*.conf
--- a/centos6/dp-tools/Dockerfile
+++ b/centos6/dp-tools/Dockerfile
@ -0,0 +1,15 @@
 FROM centos:6
 LABEL description="Legacy Datapipe tools for Linux team"
 LABEL notes="These tools may be supported by Dan Drowns from LDP"
 ENV container docker
 RUN yum -y install epel-release
 RUN rpm -ivh http://repo.openfusion.net/centos6-x86_64/openfusion-release-0.7-1.of.el6.noarch.rpm
 RUN yum -y install wget perl perl-SOAP-Lite perl-PAR-Dist perl-parent perl-DBI perl-Frontier-RPC perl-Frontier-RPC-Client perl-Crypt-SSLeay expect perl-Expect perl-IO-Stty perl-TermReadKey perl-Mozilla-CA perl-Try-Tiny
 RUN rpm -e httpd mod_perl --nodeps
 RUN wget -q --no-check-certificate -O/dp-tools.tgz https://files.unix.cl.datapipe.net/index.php/s/jfTZMT6EZrAmHrb/download
 WORKDIR /
 RUN tar zxf dp-tools.tgz
 COPY README /root/README
 ENV PATH="$PATH:/dp/tools/maps-3.1.5/bin:/dp/tools/ssutils/bin:/dp/tools/serverlogin"
 ENV PS1 "see /root/README $ "
 ENTRYPOINT ["/bin/bash"]
--- a/centos6/dp-tools/README
+++ b/centos6/dp-tools/README
@ -0,0 +1,8 @@
 # LDP tools
 3 tools can be found under /dp/tools:
 - maps: works with vDNS, use Rackspace RSA token
 - serverlogin: works with vDNS, use Rackspace RSA token
 - ssutils: cli tool for logging into LDP servers, talks to secretserver
 # sources
 https://github.datapipe.net/abob/ssutils
--- a/centos7/filegw/Dockerfile
+++ b/centos7/filegw/Dockerfile
@ -0,0 +1,9 @@
 FROM centos:7
 LABEL description="Smb file File gateway"
 ENV container docker
 RUN rm -f /etc/yum.repos.d/*.repo
 COPY centos-vault.repo /etc/yum.repos.d/centos-vault.repo
 RUN yum -y install samba4 samba4-client
 COPY smb.conf /etc/samba/smb.conf
 COPY run.sh /run.sh
 ENTRYPOINT ["/run.sh"]
--- a/centos7/filegw/centos-vault.repo
+++ b/centos7/filegw/centos-vault.repo
@ -0,0 +1,36 @@
 # C7.8.2003
 [C7.8.2003-base]
 name=CentOS-7.8.2003 - Base
 baseurl=http://vault.centos.org/7.8.2003/os/$basearch/
 gpgcheck=1
 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
 enabled=1
 [C7.8.2003-updates]
 name=CentOS-7.8.2003 - Updates
 baseurl=http://vault.centos.org/7.8.2003/updates/$basearch/
 gpgcheck=1
 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
 enabled=1
 [C7.8.2003-extras]
 name=CentOS-7.8.2003 - Extras
 baseurl=http://vault.centos.org/7.8.2003/extras/$basearch/
 gpgcheck=1
 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
 enabled=0
 [C7.8.2003-centosplus]
 name=CentOS-7.8.2003 - CentOSPlus
 baseurl=http://vault.centos.org/7.8.2003/centosplus/$basearch/
 gpgcheck=1
 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
 enabled=0
 [C7.8.2003-fasttrack]
 name=CentOS-7.8.2003 - Fasttrack
 baseurl=http://vault.centos.org/7.8.2003/fasttrack/$basearch/
 gpgcheck=1
 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
 enabled=0
--- a/centos7/filegw/run.sh
+++ b/centos7/filegw/run.sh
@ -0,0 +1,6 @@
 #!/bin/bash
 /usr/sbin/smbd -FS --no-process-group &
 /usr/sbin/nmbd -F &
 wait 
 exit $?
--- a/centos7/filegw/smb.conf
+++ b/centos7/filegw/smb.conf
@ -0,0 +1,30 @@
 [global]
 map to guest = Bad Password
        workgroup = ZOOLO
        server string = File Gateway
        netbios name = FILEGW
        hosts allow = 127. 192.168.86.
        security = user
        passdb backend = tdbsam
        load printers = no
        printing = bsd
 [music]
    comment = Music
    browseable = Yes
    read only = Yes
    path = /nas/music
    public = Yes
    writable = No
    printable = No
    guest ok = yes
    guest only = yes
 [movies]
    comment = Movies
    browseable = Yes
    read only = Yes
    path = /nas/movies
    public = Yes
    writable = No
    printable = No
    guest ok = yes
    guest only = yes
--- a/centos7/filegw/start.sh
+++ b/centos7/filegw/start.sh
@ -0,0 +1 @@
 docker run -d --name filegw --network macvlan -v /nas/music:/nas/music:ro -v /nas/movies:/nas/movies:ro --restart always centos7/filegw
--- a/centos8/ebcli/Dockerfile
+++ b/centos8/ebcli/Dockerfile
@ -0,0 +1,7 @@
 FROM centos:8
 ENV container docker
 RUN yum -y install gcc make git python3 zlib-devel openssl-devel ncurses-devel libffi-devel sqlite-devel readline-devel bzip2-devel
 RUN git clone https://github.com/aws/aws-elastic-beanstalk-cli-setup.git
 RUN ./aws-elastic-beanstalk-cli-setup/scripts/bundled_installer
 ENV PATH="/root/.ebcli-virtual-env/executables:/root/.pyenv/versions/3.7.2/bin:$PATH"
 CMD ["/bin/bash"]
--- a/Show More
+++ b/Show More
		`@ -0,0 +1 @@`
							`docker build --network macvlan -t alpine/azcli .`
		`@ -0,0 +1,2 @@`
							`export DOCKER_BUILDKIT=1`
							`docker build --network host -t alpine/dante .`
		`@ -0,0 +1,2 @@`
							`#!/bin/bash`
							`docker run -d --name sockd --network macvlan --cpus 2 --memory 1g --restart always --ip 192.168.86.18 alpine/dante`
		`@ -0,0 +1,2 @@`
							`export DOCKER_BUILDKIT=1`
							`docker build --pull --network host -t alpine/fpmredis .`
		`@ -0,0 +1,2 @@`
							`docker ps -a \| grep nextcloud-fpm \| awk '{print $1}' \| xargs docker rm -f`
							`./start.sh`
		`@ -0,0 +1,3 @@`
							`Access stats:`

							`http://192.168.86.208:44644/stats`
		`@ -0,0 +1,2 @@`
							`export DOCKER_BUILDKIT=1`
							`docker build --network host -t alpine/haproxy .`
		`@ -0,0 +1 @@`
							`{"accountid": ["123456789012", "234567890123"], "accountprefix1": ["apples-production", "oranges-production", "apples-development", "oranges-development"]}`
		`@ -0,0 +1,3 @@`
							`docker run --name jenkins --cpus 2 \`
							`--net macvlan --ip 192.168.86.211 -d --restart=always alpine-jenkins`
		`@ -0,0 +1,2 @@`
							`export DOCKER_BUILDKIT=1`
							`docker build --network host -t alpine/nginx-v .`