5 files changed, 102 insertions, 0 deletions

diff --git a/conf/dnsmasq.conf b/conf/dnsmasq.conf
new file mode 100644
index 0000000..2b523ec
--- /dev/null
+++ b/conf/dnsmasq.conf
@@ -0,0 +1,9 @@
+interface=br0
+domain=localdomain
+dhcp-range=192.168.10.10,192.168.10.253,255.255.255.0,1h
+dhcp-boot=pxelinux.0,pxeserver,192.168.10.1
+pxe-service=x86PC, "Samizdat", pxelinux
+enable-tftp
+tftp-root=/usr/local/lib/samizdat-rhizome/isolinux
+tftp-unique-root
+dhcp-script=/usr/local/bin/dnsmasq-dhcp-script.sh
diff --git a/conf/interfaces.d_eth0 b/conf/interfaces.d_eth0
new file mode 100644
index 0000000..5ec8666
--- /dev/null
+++ b/conf/interfaces.d_eth0
@@ -0,0 +1,28 @@
+# iface eth0 inet static
+#   address 192.168.10.1
+#   netmask 255.255.255.0
+# # post-up ipsec restart
+
+auto br0 eth0
+
+iface br0 inet static
+  address 192.168.10.1
+  netmask 255.255.255.0
+## These are useful for VMs:
+# pre-up   for n in 0 1 2 3 4; do tunctl -t tap$n; done; true
+# pre-down for n in 0 1 2 3 4; do tunctl -d tap$n; done; true
+# bridge_ports eth0 tap0 tap1 tap2 tap3 tap4
+# bridge_maxwait 10
+
+## Enable "internet connection sharing"
+  up iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE
+  up sysctl -w net.ipv4.ip_forward=1
+
+## Disable ipv6 auto-address.
+## This is needed sometimes, if ipv6 breaks ipv4.
+# pre-up echo 0 > /proc/sys/net/ipv6/conf/br0/accept_ra_pinfo
+
+# NB. 'ipsec reload' does not work very well
+  post-up ipsec restart
+
+iface eth0 inet manual
diff --git a/conf/network_if-up.d_samizdat b/conf/network_if-up.d_samizdat
new file mode 100755
index 0000000..4c02c93
--- /dev/null
+++ b/conf/network_if-up.d_samizdat
@@ -0,0 +1,5 @@
+#!/bin/sh
+RULE='OUTPUT -p tcp -d 10.192.0.0/10 -j REDIRECT --to-ports 9040'
+iptables -t nat -D $RULE  2>/dev/null
+[ "$VERBOSITY" -gt 0 ] && set -x
+iptables -t nat -A $RULE
diff --git a/conf/postfix_main.cf b/conf/postfix_main.cf
new file mode 100644
index 0000000..7e11ff1
--- /dev/null
+++ b/conf/postfix_main.cf
@@ -0,0 +1,43 @@
+# See /usr/share/postfix/main.cf.dist for a commented, more complete version
+
+
+# Debian specific:  Specifying a file name will cause the first
+# line of that file to be used as the name.  The Debian default
+# is /etc/mailname.
+myorigin = /etc/mailname
+
+smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
+biff = yes
+
+# appending .domain is the MUA's job.
+append_dot_mydomain = no
+
+# It's 2013; we expect mail to be delivered quickly.  Generate "delayed mail" warnings after 7 minutes.
+delay_warning_time = 7m
+
+readme_directory = no
+
+# TLS parameters
+smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
+smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
+smtpd_use_tls=yes
+smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
+smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
+
+# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
+# information on enabling SSL in the smtp client.
+
+alias_maps = hash:/etc/aliases
+alias_database = hash:/etc/aliases
+relayhost = 
+mynetworks = 127.0.0.0/8 !127.84.111.114/32
+mailbox_size_limit = 0
+recipient_delimiter = +
+inet_interfaces = all
+
+# Samizdat: this is necessary for .onion URLs to resolve (until we implement DNSSEC).
+smtp_host_lookup = native
+# postfix versions before 2.11:
+disable_dns_lookups = yes
+# postfix versions 2.11 and later:
+#smtp_dns_support_level = disabled
diff --git a/conf/torrc b/conf/torrc
new file mode 100644
index 0000000..6e387ec
--- /dev/null
+++ b/conf/torrc
@@ -0,0 +1,17 @@
+SocksPort 9050 # what port to open for local application connections
+SocksListenAddress 127.0.0.1 # accept connections only from localhost
+
+HiddenServiceDir /var/lib/tor/samizdat/
+HiddenServicePort 80
+HiddenServicePort 22
+HiddenServicePort 25
+HiddenServicePort 11371
+
+HiddenServiceDir /var/lib/tor/tracker/
+HiddenServicePort 80 127.0.0.1:8070
+HiddenServicePort 2710 127.0.0.1:2710
+
+AutomapHostsOnResolve 1
+VirtualAddrNetwork 10.192.0.0/10
+DNSPort 553
+TransPort 9040