Update content for md

21 files changed, 857 insertions, 0 deletions

diff --git a/gemfeed/examples/conf/frontends/etc/acme-client.conf.tpl b/gemfeed/examples/conf/frontends/etc/acme-client.conf.tpl
new file mode 100644
index 00000000..b52f5b0e
--- /dev/null
+++ b/gemfeed/examples/conf/frontends/etc/acme-client.conf.tpl
@@ -0,0 +1,41 @@
+#
+# $OpenBSD: acme-client.conf,v 1.4 2020/09/17 09:13:06 florian Exp $
+#
+authority letsencrypt {
+	api url "https://acme-v02.api.letsencrypt.org/directory"
+	account key "/etc/acme/letsencrypt-privkey.pem"
+}
+
+authority letsencrypt-staging {
+	api url "https://acme-staging-v02.api.letsencrypt.org/directory"
+	account key "/etc/acme/letsencrypt-staging-privkey.pem"
+}
+
+authority buypass {
+	api url "https://api.buypass.com/acme/directory"
+	account key "/etc/acme/buypass-privkey.pem"
+	contact "mailto:me@example.com"
+}
+
+authority buypass-test {
+	api url "https://api.test4.buypass.no/acme/directory"
+	account key "/etc/acme/buypass-test-privkey.pem"
+	contact "mailto:me@example.com"
+}
+
+<% for my $host (@$acme_hosts) { -%>
+<%   for my $prefix ('', 'www.', 'standby.') { -%>
+domain <%= $prefix.$host %> {
+	domain key "/etc/ssl/private/<%= $prefix.$host %>.key"
+	domain full chain certificate "/etc/ssl/<%= $prefix.$host %>.fullchain.pem"
+	sign with letsencrypt
+}
+<%   } -%>
+<% } -%>
+
+# For the server itself (e.g. TLS, or monitoring)
+domain <%= "$hostname.$domain" %> {
+	domain key "/etc/ssl/private/<%= "$hostname.$domain" %>.key"
+	domain full chain certificate "/etc/ssl/<%= "$hostname.$domain" %>.fullchain.pem"
+	sign with letsencrypt
+}
diff --git a/gemfeed/examples/conf/frontends/etc/dserver/dtail.json.tpl b/gemfeed/examples/conf/frontends/etc/dserver/dtail.json.tpl
new file mode 100644
index 00000000..6b96fbad
--- /dev/null
+++ b/gemfeed/examples/conf/frontends/etc/dserver/dtail.json.tpl
@@ -0,0 +1,127 @@
+{
+  "Client": {
+    "TermColorsEnable": true,
+    "TermColors": {
+      "Remote": {
+        "DelimiterAttr": "Dim",
+        "DelimiterBg": "Blue",
+        "DelimiterFg": "Cyan",
+        "RemoteAttr": "Dim",
+        "RemoteBg": "Blue",
+        "RemoteFg": "White",
+        "CountAttr": "Dim",
+        "CountBg": "Blue",
+        "CountFg": "White",
+        "HostnameAttr": "Bold",
+        "HostnameBg": "Blue",
+        "HostnameFg": "White",
+        "IDAttr": "Dim",
+        "IDBg": "Blue",
+        "IDFg": "White",
+        "StatsOkAttr": "None",
+        "StatsOkBg": "Green",
+        "StatsOkFg": "Black",
+        "StatsWarnAttr": "None",
+        "StatsWarnBg": "Red",
+        "StatsWarnFg": "White",
+        "TextAttr": "None",
+        "TextBg": "Black",
+        "TextFg": "White"
+      },
+      "Client": {
+        "DelimiterAttr": "Dim",
+        "DelimiterBg": "Yellow",
+        "DelimiterFg": "Black",
+        "ClientAttr": "Dim",
+        "ClientBg": "Yellow",
+        "ClientFg": "Black",
+        "HostnameAttr": "Dim",
+        "HostnameBg": "Yellow",
+        "HostnameFg": "Black",
+        "TextAttr": "None",
+        "TextBg": "Black",
+        "TextFg": "White"
+      },
+      "Server": {
+        "DelimiterAttr": "AttrDim",
+        "DelimiterBg": "BgCyan",
+        "DelimiterFg": "FgBlack",
+        "ServerAttr": "AttrDim",
+        "ServerBg": "BgCyan",
+        "ServerFg": "FgBlack",
+        "HostnameAttr": "AttrBold",
+        "HostnameBg": "BgCyan",
+        "HostnameFg": "FgBlack",
+        "TextAttr": "AttrNone",
+        "TextBg": "BgBlack",
+        "TextFg": "FgWhite"
+      },
+      "Common": {
+        "SeverityErrorAttr": "AttrBold",
+        "SeverityErrorBg": "BgRed",
+        "SeverityErrorFg": "FgWhite",
+        "SeverityFatalAttr": "AttrBold",
+        "SeverityFatalBg": "BgMagenta",
+        "SeverityFatalFg": "FgWhite",
+        "SeverityWarnAttr": "AttrBold",
+        "SeverityWarnBg": "BgBlack",
+        "SeverityWarnFg": "FgWhite"
+      },
+      "MaprTable": {
+        "DataAttr": "AttrNone",
+        "DataBg": "BgBlue",
+        "DataFg": "FgWhite",
+        "DelimiterAttr": "AttrDim",
+        "DelimiterBg": "BgBlue",
+        "DelimiterFg": "FgWhite",
+        "HeaderAttr": "AttrBold",
+        "HeaderBg": "BgBlue",
+        "HeaderFg": "FgWhite",
+        "HeaderDelimiterAttr": "AttrDim",
+        "HeaderDelimiterBg": "BgBlue",
+        "HeaderDelimiterFg": "FgWhite",
+        "HeaderSortKeyAttr": "AttrUnderline",
+        "HeaderGroupKeyAttr": "AttrReverse",
+        "RawQueryAttr": "AttrDim",
+        "RawQueryBg": "BgBlack",
+        "RawQueryFg": "FgCyan"
+      }
+    }
+  },
+  "Server": {
+    "SSHBindAddress": "0.0.0.0",
+    "HostKeyFile": "cache/ssh_host_key",
+    "HostKeyBits": 2048,
+    "MapreduceLogFormat": "default",
+    "MaxConcurrentCats": 2,
+    "MaxConcurrentTails": 50,
+    "MaxConnections": 50,
+    "MaxLineLength": 1048576,
+    "Permissions": {
+      "Default": [
+        "readfiles:^/.*$"
+      ],
+      "Users": {
+        "paul": [
+          "readfiles:^/.*$"
+        ],
+        "pbuetow": [
+          "readfiles:^/.*$"
+        ],
+        "jamesblake": [
+          "readfiles:^/tmp/foo.log$",
+          "readfiles:^/.*$",
+          "readfiles:!^/tmp/bar.log$"
+        ]
+      }
+    }
+  },
+  "Common": {
+    "LogDir": "/var/log/dserver",
+    "Logger": "Fout",
+    "LogRotation": "Daily",
+    "CacheDir": "cache",
+    "SSHPort": 2222,
+    "LogLevel": "Info"
+  }
+}
diff --git a/gemfeed/examples/conf/frontends/etc/gogios.cron.tpl b/gemfeed/examples/conf/frontends/etc/gogios.cron.tpl
new file mode 100644
index 00000000..fc6299c3
--- /dev/null
+++ b/gemfeed/examples/conf/frontends/etc/gogios.cron.tpl
@@ -0,0 +1,3 @@
+0 7 * * * <%= $gogios_path %> -renotify >/dev/null
+*/5 8-22 * * * -s <%= $gogios_path %> >/dev/null
+0 3 * * 0 <%= $gogios_path %> -force >/dev/null
diff --git a/gemfeed/examples/conf/frontends/etc/gogios.json.tpl b/gemfeed/examples/conf/frontends/etc/gogios.json.tpl
new file mode 100644
index 00000000..683f9de8
--- /dev/null
+++ b/gemfeed/examples/conf/frontends/etc/gogios.json.tpl
@@ -0,0 +1,98 @@
+<% our $plugin_dir = '/usr/local/libexec/nagios'; -%>
+{
+  "EmailTo": "paul",
+  "EmailFrom": "gogios@mx.buetow.org",
+  "CheckTimeoutS": 10,
+  "CheckConcurrency": 3,
+  "StateDir": "/var/run/gogios",
+  "Checks": {
+    <% for my $host (qw(master standby)) { -%>
+    <%   for my $proto (4, 6) { -%>
+    "Check Ping<%= $proto %> <%= $host %>.buetow.org": {
+      "Plugin": "<%= $plugin_dir %>/check_ping",
+      "Args": ["-H", "<%= $host %>.buetow.org", "-<%= $proto %>", "-w", "100,10%", "-c", "200,15%"],
+      "Retries": 3,
+      "RetryInterval": 3
+    },
+    <%   } -%>
+    <% } -%>
+    <% for my $host (qw(fishfinger blowfish)) { -%>
+    "Check DTail <%= $host %>.buetow.org": {
+      "Plugin": "/usr/local/bin/dtailhealth",
+      "Args": ["--server", "<%= $host %>.buetow.org:2222"],
+      "DependsOn": ["Check Ping4 <%= $host %>.buetow.org", "Check Ping6 <%= $host %>.buetow.org"]
+    },
+    <% } -%>
+    <% for my $host (qw(fishfinger blowfish)) { -%>
+    <%   for my $proto (4, 6) { -%>
+    "Check Ping<%= $proto %> <%= $host %>.buetow.org": {
+      "Plugin": "<%= $plugin_dir %>/check_ping",
+      "Args": ["-H", "<%= $host %>.buetow.org", "-<%= $proto %>", "-w", "100,10%", "-c", "200,15%"],
+      "Retries": 3,
+      "RetryInterval": 3
+    },
+    <%   } -%>
+    "Check TLS Certificate <%= $host %>.buetow.org": {
+      "Plugin": "<%= $plugin_dir %>/check_http",
+      "Args": ["--sni", "-H", "<%= $host %>.buetow.org", "-C", "20" ],
+      "DependsOn": ["Check Ping4 <%= $host %>.buetow.org", "Check Ping6 <%= $host %>.buetow.org"]
+    },
+    <% } -%>
+    <% for my $host (@$acme_hosts) { -%>
+    <%   for my $prefix ('', 'standby.', 'www.') { -%>
+    <%     my $depends_on = $prefix eq 'standby.' ? 'standby.buetow.org' : 'master.buetow.org'; -%>
+    "Check TLS Certificate <%= $prefix . $host %>": {
+      "Plugin": "<%= $plugin_dir %>/check_http",
+      "Args": ["--sni", "-H", "<%= $prefix . $host %>", "-C", "20" ],
+      "DependsOn": ["Check Ping4 <%= $depends_on %>", "Check Ping6 <%= $depends_on %>"]
+    },
+    <%     for my $proto (4, 6) { -%>
+    "Check HTTP IPv<%= $proto %> <%= $prefix . $host %>": {
+      "Plugin": "<%= $plugin_dir %>/check_http",
+      "Args": ["<%= $prefix . $host %>", "-<%= $proto %>"],
+      "DependsOn": ["Check Ping<%= $proto %> <%= $depends_on %>"]
+    },
+    <%     } -%>
+    <%   } -%>
+    <% } -%>
+    <% for my $host (qw(fishfinger blowfish)) { -%>
+    <%   for my $proto (4, 6) { -%>
+    "Check Dig <%= $host %>.buetow.org IPv<%= $proto %>": {
+      "Plugin": "<%= $plugin_dir %>/check_dig",
+      "Args": ["-H", "<%= $host %>.buetow.org", "-l", "buetow.org", "-<%= $proto %>"],
+      "DependsOn": ["Check Ping<%= $proto %> <%= $host %>.buetow.org"]
+    },
+    "Check SMTP <%= $host %>.buetow.org IPv<%= $proto %>": {
+      "Plugin": "<%= $plugin_dir %>/check_smtp",
+      "Args": ["-H", "<%= $host %>.buetow.org", "-<%= $proto %>"],
+      "DependsOn": ["Check Ping<%= $proto %> <%= $host %>.buetow.org"]
+    },
+    "Check Gemini TCP <%= $host %>.buetow.org IPv<%= $proto %>": {
+      "Plugin": "<%= $plugin_dir %>/check_tcp",
+      "Args": ["-H", "<%= $host %>.buetow.org", "-p", "1965", "-<%= $proto %>"],
+      "DependsOn": ["Check Ping<%= $proto %> <%= $host %>.buetow.org"]
+    },
+    <%   } -%>
+    <% } -%>
+    "Check Users <%= $hostname %>": {
+      "Plugin": "<%= $plugin_dir %>/check_users",
+      "Args": ["-w", "2", "-c", "3"]
+    },
+    "Check SWAP <%= $hostname %>": {
+      "Plugin": "<%= $plugin_dir %>/check_swap",
+      "Args": ["-w", "95%", "-c", "90%"]
+    },
+    "Check Procs <%= $hostname %>": {
+      "Plugin": "<%= $plugin_dir %>/check_procs",
+      "Args": ["-w", "80", "-c", "100"]
+    },
+    "Check Disk <%= $hostname %>": {
+      "Plugin": "<%= $plugin_dir %>/check_disk",
+      "Args": ["-w", "30%", "-c", "10%"]
+    },
+    "Check Load <%= $hostname %>": {
+      "Plugin": "<%= $plugin_dir %>/check_load",
+      "Args": ["-w", "2,1,1", "-c", "4,3,3"]
+    }
+  }
+}
diff --git a/gemfeed/examples/conf/frontends/etc/gorum.json.tpl b/gemfeed/examples/conf/frontends/etc/gorum.json.tpl
new file mode 100644
index 00000000..247a9dbf
--- /dev/null
+++ b/gemfeed/examples/conf/frontends/etc/gorum.json.tpl
@@ -0,0 +1,18 @@
+{
+  "StateDir": "/var/run/gorum",
+  "Address": "<%= $hostname.'.'.$domain %>:4321",
+  "EmailTo": "",
+  "EmailFrom": "gorum@mx.buetow.org",
+  "Nodes": {
+    "Blowfish": {
+      "Hostname": "blowfish.buetow.org",
+      "Port": 4321,
+      "Priority": 100
+    },
+    "Fishfinger": {
+      "Hostname": "fishfinger.buetow.org",
+      "Port": 4321,
+      "Priority": 50
+    }
+  }
+}
diff --git a/gemfeed/examples/conf/frontends/etc/httpd.conf.tpl b/gemfeed/examples/conf/frontends/etc/httpd.conf.tpl
new file mode 100644
index 00000000..c3a2764e
--- /dev/null
+++ b/gemfeed/examples/conf/frontends/etc/httpd.conf.tpl
@@ -0,0 +1,184 @@
+<% our @prefixes = ('', 'www.', 'standby.'); -%>
+# Plain HTTP for ACME and HTTPS redirect
+<% for my $host (@$acme_hosts) { for my $prefix (@prefixes) { -%>
+server "<%= $prefix.$host %>" {
+  listen on * port 80
+  log style forwarded 
+  location "/.well-known/acme-challenge/*" {
+    root "/acme"
+    request strip 2
+  }
+  location * {
+    block return 302 "https://$HTTP_HOST$REQUEST_URI"
+  }
+}
+<% } } -%>
+
+# Current server's FQDN (e.g. for mail server ACME cert requests)
+server "<%= "$hostname.$domain" %>" {
+  listen on * port 80
+  log style forwarded 
+  location "/.well-known/acme-challenge/*" {
+    root "/acme"
+    request strip 2
+  }
+  location * {
+    block return 302 "https://<%= "$hostname.$domain" %>"
+  }
+}
+
+server "<%= "$hostname.$domain" %>" {
+  listen on * port 8080
+  log style forwarded 
+  location * {
+    root "/htdocs/buetow.org/self"
+    directory auto index
+  }
+}
+
+# Gemtexter hosts
+<% for my $host (qw/foo.zone stats.foo.zone/) { for my $prefix (@prefixes) { -%>
+server "<%= $prefix.$host %>" {
+  listen on * port 8080
+  log style forwarded 
+  location "/.git*" {
+    block return 302 "https://<%= $prefix.$host %>"
+  }
+  location * {
+    <% if ($prefix eq 'www.') { -%>
+    block return 302 "https://<%= $host %>$REQUEST_URI"
+    <% } else { -%>
+    root "/htdocs/gemtexter/<%= $host %>"
+    directory auto index
+    <% } -%>
+  }
+}
+<% } } -%>
+
+# Redirect to paul.buetow.org
+<% for my $prefix (@prefixes) { -%>
+server "<%= $prefix %>buetow.org" {
+  listen on * port 8080
+  log style forwarded 
+  location * {
+    block return 302 "https://paul.buetow.org$REQUEST_URI"
+  }
+}
+
+# Redirect blog to foo.zone
+server "<%= $prefix %>blog.buetow.org" {
+  listen on * port 8080
+  log style forwarded 
+  location * {
+    block return 302 "https://foo.zone$REQUEST_URI"
+  }
+}
+
+server "<%= $prefix %>snonux.foo" {
+  listen on * port 8080
+  log style forwarded 
+  location * {
+    block return 302 "https://foo.zone/about$REQUEST_URI"
+  }
+}
+
+server "<%= $prefix %>paul.buetow.org" {
+  listen on * port 8080
+  log style forwarded 
+  location * {
+    block return 302 "https://foo.zone/about$REQUEST_URI"
+  }
+}
+<% } -%>
+
+# Redirect to gitub.dtail.dev
+<% for my $prefix (@prefixes) { -%>
+server "<%= $prefix %>dtail.dev" {
+  listen on * port 8080
+  log style forwarded 
+  location * {
+    block return 302 "https://github.dtail.dev$REQUEST_URI"
+  }
+}
+<% } -%>
+
+# Irregular Ninja special hosts
+<% for my $prefix (@prefixes) { -%>
+server "<%= $prefix %>irregular.ninja" {
+  listen on * port 8080
+  log style forwarded 
+  location * {
+    root "/htdocs/irregular.ninja"
+    directory auto index
+  }
+}
+<% } -%>
+
+<% for my $prefix (@prefixes) { -%>
+server "<%= $prefix %>alt.irregular.ninja" {
+  listen on * port 8080
+  log style forwarded 
+  location * {
+    root "/htdocs/alt.irregular.ninja"
+    directory auto index
+  }
+}
+<% } -%>
+
+# joern special host
+<% for my $prefix (@prefixes) { -%>
+server "<%= $prefix %>joern.buetow.org" {
+  listen on * port 8080
+  log style forwarded 
+  location * {
+    root "/htdocs/joern/"
+    directory auto index
+  }
+}
+<% } -%>
+
+# Dory special host
+<% for my $prefix (@prefixes) { -%>
+server "<%= $prefix %>dory.buetow.org" {
+  listen on * port 8080
+  log style forwarded 
+  location * {
+    root "/htdocs/joern/dory.buetow.org"
+    directory auto index
+  }
+}
+<% } -%>
+
+# ecat special host
+<% for my $prefix (@prefixes) { -%>
+server "<%= $prefix %>ecat.buetow.org" {
+  listen on * port 8080
+  log style forwarded 
+  location * {
+    root "/htdocs/joern/ecat.buetow.org"
+    directory auto index
+  }
+}
+<% } -%>
+
+<% for my $prefix (@prefixes) { -%>
+server "<%= $prefix %>fotos.buetow.org" {
+  listen on * port 8080
+  log style forwarded 
+  root "/htdocs/buetow.org/fotos"
+  directory auto index
+}
+<% } -%>
+
+# Defaults
+server "default" {
+  listen on * port 80
+  log style forwarded 
+  block return 302 "https://foo.zone$REQUEST_URI"
+}
+
+server "default" {
+  listen on * port 8080
+  log style forwarded 
+  block return 302 "https://foo.zone$REQUEST_URI"
+}
diff --git a/gemfeed/examples/conf/frontends/etc/inetd.conf b/gemfeed/examples/conf/frontends/etc/inetd.conf
new file mode 100644
index 00000000..13163877
--- /dev/null
+++ b/gemfeed/examples/conf/frontends/etc/inetd.conf
@@ -0,0 +1,2 @@
+127.0.0.1:11965 stream tcp nowait www /usr/local/bin/vger vger -v
+rsync stream tcp nowait root /usr/local/bin/rsync rsyncd --daemon
diff --git a/gemfeed/examples/conf/frontends/etc/login.conf.d/inetd b/gemfeed/examples/conf/frontends/etc/login.conf.d/inetd
new file mode 100644
index 00000000..c8620c41
--- /dev/null
+++ b/gemfeed/examples/conf/frontends/etc/login.conf.d/inetd
@@ -0,0 +1,3 @@
+inetd:\
+    :maxproc=10:\
+    :tc=daemon:
diff --git a/gemfeed/examples/conf/frontends/etc/mail/aliases b/gemfeed/examples/conf/frontends/etc/mail/aliases
new file mode 100644
index 00000000..91bf1d06
--- /dev/null
+++ b/gemfeed/examples/conf/frontends/etc/mail/aliases
@@ -0,0 +1,103 @@
+#
+#	$OpenBSD: aliases,v 1.68 2020/01/24 06:17:37 tedu Exp $
+#
+#  Aliases in this file will NOT be expanded in the header from
+#  Mail, but WILL be visible over networks or from /usr/libexec/mail.local.
+#
+#	>>>>>>>>>>	The program "newaliases" must be run after
+#	>> NOTE >>	this file is updated for any changes to
+#	>>>>>>>>>>	show through to smtpd.
+#
+
+# Basic system aliases -- these MUST be present
+MAILER-DAEMON: postmaster
+postmaster: root
+
+# General redirections for important pseudo accounts
+daemon:	root
+ftp-bugs: root
+operator: root
+www:	root
+admin:	root
+
+# Redirections for pseudo accounts that should not receive mail
+_bgpd: /dev/null
+_dhcp: /dev/null
+_dpb: /dev/null
+_dvmrpd: /dev/null
+_eigrpd: /dev/null
+_file: /dev/null
+_fingerd: /dev/null
+_ftp: /dev/null
+_hostapd: /dev/null
+_identd: /dev/null
+_iked: /dev/null
+_isakmpd: /dev/null
+_iscsid: /dev/null
+_ldapd: /dev/null
+_ldpd: /dev/null
+_mopd: /dev/null
+_nsd: /dev/null
+_ntp: /dev/null
+_ospfd: /dev/null
+_ospf6d: /dev/null
+_pbuild: /dev/null
+_pfetch: /dev/null
+_pflogd: /dev/null
+_ping: /dev/null
+_pkgfetch: /dev/null
+_pkguntar: /dev/null
+_portmap: /dev/null
+_ppp: /dev/null
+_rad: /dev/null
+_radiusd: /dev/null
+_rbootd: /dev/null
+_relayd: /dev/null
+_ripd: /dev/null
+_rstatd: /dev/null
+_rusersd: /dev/null
+_rwalld: /dev/null
+_smtpd: /dev/null
+_smtpq: /dev/null
+_sndio: /dev/null
+_snmpd: /dev/null
+_spamd: /dev/null
+_switchd: /dev/null
+_syslogd: /dev/null
+_tcpdump: /dev/null
+_traceroute: /dev/null
+_tftpd: /dev/null
+_unbound: /dev/null
+_unwind: /dev/null
+_vmd: /dev/null
+_x11:   /dev/null
+_ypldap: /dev/null
+bin:	/dev/null
+build:	/dev/null
+nobody:	/dev/null
+_tftp_proxy: /dev/null
+_ftp_proxy: /dev/null
+_sndiop: /dev/null
+_syspatch: /dev/null
+_slaacd: /dev/null
+sshd:   /dev/null
+
+# Well-known aliases -- these should be filled in!
+root: paul
+manager: root
+dumper: root
+
+# RFC 2142: NETWORK OPERATIONS MAILBOX NAMES
+abuse:		root
+noc:		root
+security:	root
+
+# RFC 2142: SUPPORT MAILBOX NAMES FOR SPECIFIC INTERNET SERVICES
+hostmaster:	root
+# usenet:	root
+# news:		usenet
+webmaster:	root
+# ftp:		root
+
+paul: paul.buetow@protonmail.com
+albena: albena.buetow@protonmail.com
diff --git a/gemfeed/examples/conf/frontends/etc/mail/smtpd.conf.tpl b/gemfeed/examples/conf/frontends/etc/mail/smtpd.conf.tpl
new file mode 100644
index 00000000..7764b345
--- /dev/null
+++ b/gemfeed/examples/conf/frontends/etc/mail/smtpd.conf.tpl
@@ -0,0 +1,23 @@
+# This is the smtpd server system-wide configuration file.
+# See smtpd.conf(5) for more information.
+
+# I used https://www.checktls.com/TestReceiver for testing.
+
+pki "buetow_org_tls" cert "/etc/ssl/<%= "$hostname.$domain" %>.fullchain.pem"
+pki "buetow_org_tls" key "/etc/ssl/private/<%= "$hostname.$domain" %>.key"
+
+table aliases file:/etc/mail/aliases
+table virtualdomains file:/etc/mail/virtualdomains
+table virtualusers file:/etc/mail/virtualusers
+
+listen on socket
+listen on all tls pki "buetow_org_tls" hostname "<%= "$hostname.$domain" %>"
+#listen on all
+
+action localmail mbox alias <aliases>
+action receive mbox virtual <virtualusers>
+action outbound relay
+
+match from any for domain <virtualdomains> action receive
+match from local for local action localmail
+match from local for any action outbound
diff --git a/gemfeed/examples/conf/frontends/etc/mail/virtualdomains b/gemfeed/examples/conf/frontends/etc/mail/virtualdomains
new file mode 100644
index 00000000..b59554ac
--- /dev/null
+++ b/gemfeed/examples/conf/frontends/etc/mail/virtualdomains
@@ -0,0 +1,20 @@
+buetow.org
+paul.buetow.org
+mx.buetow.org
+de.buetow.org
+bg.buetow.org
+uk.buetow.org
+us.buetow.org
+es.buetow.org
+dev.buetow.org
+oss.buetow.org
+ex.buetow.org
+xxx.buetow.org
+newsletter.buetow.org
+gadgets.buetow.org
+orders.buetow.org
+nospam.buetow.org
+snonux.foo
+dtail.dev
+foo.zone
+paul.cyou
diff --git a/gemfeed/examples/conf/frontends/etc/mail/virtualusers b/gemfeed/examples/conf/frontends/etc/mail/virtualusers
new file mode 100644
index 00000000..6cfac58b
--- /dev/null
+++ b/gemfeed/examples/conf/frontends/etc/mail/virtualusers
@@ -0,0 +1,5 @@
+albena@buetow.org albena.buetow@protonmail.com
+joern@buetow.org df2hbradio@gmail.com
+dory@buetow.org df2hbradio@gmail.com
+ecat@buetow.org df2hbradio@gmail.com
+@ paul.buetow@protonmail.com
diff --git a/gemfeed/examples/conf/frontends/etc/myname.tpl b/gemfeed/examples/conf/frontends/etc/myname.tpl
new file mode 100644
index 00000000..dcd4ca04
--- /dev/null
+++ b/gemfeed/examples/conf/frontends/etc/myname.tpl
@@ -0,0 +1 @@
+<%= $fqdns->($vio0_ip) %>
diff --git a/gemfeed/examples/conf/frontends/etc/newsyslog.conf b/gemfeed/examples/conf/frontends/etc/newsyslog.conf
new file mode 100644
index 00000000..bbd1aa55
--- /dev/null
+++ b/gemfeed/examples/conf/frontends/etc/newsyslog.conf
@@ -0,0 +1,14 @@
+# logfile_name		owner:group     mode count size when  flags
+/var/cron/log		root:wheel	600  3     10   *     Z
+/var/log/authlog	root:wheel	640  7     *    168   Z
+/var/log/daemon				640  14    300  *     Z
+/var/log/lpd-errs			640  7     10   *     Z
+/var/log/maillog			640  7     *    24    Z
+/var/log/messages			644  5     300  *     Z
+/var/log/secure				600  7     *    168   Z
+/var/log/wtmp				644  7     *    $M1D4 B ""
+/var/log/xferlog			640  7     250  *     Z
+/var/log/pflog				600  3     250  *     ZB "pkill -HUP -u root -U root -t - -x pflogd"
+/var/www/logs/access.log		644  14    *    $W0   Z "pkill -USR1 -u root -U root -x httpd"
+/var/www/logs/error.log			644  7     250  *     Z "pkill -USR1 -u root -U root -x httpd"
+/var/log/fooodds			640  7     300  *     Z
diff --git a/gemfeed/examples/conf/frontends/etc/rc.conf.local b/gemfeed/examples/conf/frontends/etc/rc.conf.local
new file mode 100644
index 00000000..842f16d7
--- /dev/null
+++ b/gemfeed/examples/conf/frontends/etc/rc.conf.local
@@ -0,0 +1,5 @@
+httpd_flags=
+inetd_flags=
+nsd_flags=
+pkg_scripts="uptimed httpd"
+relayd_flags=
diff --git a/gemfeed/examples/conf/frontends/etc/rc.d/dserver.tpl b/gemfeed/examples/conf/frontends/etc/rc.d/dserver.tpl
new file mode 100755
index 00000000..aec80f54
--- /dev/null
+++ b/gemfeed/examples/conf/frontends/etc/rc.d/dserver.tpl
@@ -0,0 +1,16 @@
+#!/bin/ksh
+
+daemon="/usr/local/bin/dserver"
+daemon_flags="-cfg /etc/dserver/dtail.json"
+daemon_user="_dserver"
+
+. /etc/rc.d/rc.subr
+
+rc_reload=NO
+
+rc_pre() {
+    install -d -o _dserver /var/log/dserver
+    install -d -o _dserver /var/run/dserver/cache
+}
+
+rc_cmd $1 &
diff --git a/gemfeed/examples/conf/frontends/etc/rc.d/gorum.tpl b/gemfeed/examples/conf/frontends/etc/rc.d/gorum.tpl
new file mode 100755
index 00000000..3b4f403d
--- /dev/null
+++ b/gemfeed/examples/conf/frontends/etc/rc.d/gorum.tpl
@@ -0,0 +1,16 @@
+#!/bin/ksh
+
+daemon="/usr/local/bin/gorum"
+daemon_flags="-cfg /etc/gorum.json"
+daemon_user="_gorum"
+daemon_logger="daemon.info"
+
+. /etc/rc.d/rc.subr
+
+rc_reload=NO
+
+rc_pre() {
+    install -d -o _gorum /var/log/gorum
+}
+
+rc_cmd $1 &
diff --git a/gemfeed/examples/conf/frontends/etc/relayd.conf.tpl b/gemfeed/examples/conf/frontends/etc/relayd.conf.tpl
new file mode 100644
index 00000000..1900c0bf
--- /dev/null
+++ b/gemfeed/examples/conf/frontends/etc/relayd.conf.tpl
@@ -0,0 +1,86 @@
+<% our @prefixes = ('', 'www.', 'standby.'); -%>
+log connection
+
+# Wireguard endpoints of the k3s cluster nodes running in FreeBSD bhyve Linux VMs via Wireguard tunnels
+table <f3s> {
+  192.168.2.120
+  192.168.2.121
+  192.168.2.122
+}
+
+# Same backends, separate table for registry service on port 30001
+table <f3s_registry> {
+  192.168.2.120
+  192.168.2.121
+  192.168.2.122
+}
+
+# Local OpenBSD httpd
+table <localhost> {
+  127.0.0.1
+  ::1
+}
+
+http protocol "https" {
+    <% for my $host (@$acme_hosts) { for my $prefix (@prefixes) { -%>
+    tls keypair <%= $prefix.$host -%>
+    <% } } -%>
+    tls keypair <%= $hostname.'.'.$domain -%>
+
+    match request header set "X-Forwarded-For" value "$REMOTE_ADDR"
+    match request header set "X-Forwarded-Proto" value "https"
+    
+    # WebSocket support for audiobookshelf
+    pass header "Connection"
+    pass header "Upgrade"
+    pass header "Sec-WebSocket-Key"
+    pass header "Sec-WebSocket-Version"
+    pass header "Sec-WebSocket-Extensions"
+    pass header "Sec-WebSocket-Protocol"
+    
+    <% for my $host (@$f3s_hosts) { for my $prefix (@prefixes) { -%>
+    <% if ($host eq 'registry.f3s.buetow.org') { -%>
+    match request quick header "Host" value "<%= $prefix.$host -%>" forward to <f3s_registry>
+    <% } else { -%>
+    match request quick header "Host" value "<%= $prefix.$host -%>" forward to <f3s>
+    <% } } } -%>
+}
+
+relay "https4" {
+    listen on <%= $vio0_ip %> port 443 tls
+    protocol "https"
+    forward to <localhost> port 8080
+    forward to <f3s_registry> port 30001 check tcp
+    forward to <f3s> port 80 check tcp
+}
+
+relay "https6" {
+    listen on <%= $ipv6address->($hostname) %> port 443 tls
+    protocol "https"
+    forward to <localhost> port 8080
+    forward to <f3s_registry> port 30001 check tcp
+    forward to <f3s> port 80 check tcp
+}
+
+tcp protocol "gemini" {
+    tls keypair foo.zone
+    tls keypair stats.foo.zone
+    tls keypair snonux.foo
+    tls keypair paul.buetow.org
+    tls keypair standby.foo.zone
+    tls keypair standby.stats.foo.zone
+    tls keypair standby.snonux.foo
+    tls keypair standby.paul.buetow.org
+}
+
+relay "gemini4" {
+    listen on <%= $vio0_ip %> port 1965 tls
+    protocol "gemini"
+    forward to 127.0.0.1 port 11965
+}
+
+relay "gemini6" {
+    listen on <%= $ipv6address->($hostname) %> port 1965 tls
+    protocol "gemini"
+    forward to 127.0.0.1 port 11965
+}
diff --git a/gemfeed/examples/conf/frontends/etc/rsyncd.conf.tpl b/gemfeed/examples/conf/frontends/etc/rsyncd.conf.tpl
new file mode 100644
index 00000000..e9fe3cf8
--- /dev/null
+++ b/gemfeed/examples/conf/frontends/etc/rsyncd.conf.tpl
@@ -0,0 +1,28 @@
+<% my $allow = '*.wg0.wan.buetow.org,*.wg0,localhost'; %>
+max connections = 5
+timeout = 300
+
+[joernshtdocs]
+comment = Joerns htdocs
+path = /var/www/htdocs/joern
+read only = yes
+list = yes
+uid = www
+gid = www
+hosts allow = <%= $allow %>
+
+# [publicgemini]
+# comment = Public Gemini capsule content
+# path = /var/gemini
+# read only = yes
+# list = yes
+# uid = www
+# gid = www
+# hosts allow = <%= $allow %>
+
+# [sslcerts]
+# comment = TLS certificates
+# path = /etc/ssl
+# read only = yes
+# list = yes
+# hosts allow = <%= $allow %>
diff --git a/gemfeed/examples/conf/frontends/etc/taskrc.tpl b/gemfeed/examples/conf/frontends/etc/taskrc.tpl
new file mode 100644
index 00000000..ed97d385
--- /dev/null
+++ b/gemfeed/examples/conf/frontends/etc/taskrc.tpl
@@ -0,0 +1,40 @@
+# [Created by task 2.6.2 7/9/2023 20:52:31]
+# Taskwarrior program configuration file.
+# For more documentation, see https://taskwarrior.org or try 'man task', 'man task-color',
+# 'man task-sync' or 'man taskrc'
+
+# Here is an example of entries that use the default, override and blank values
+#   variable=foo   -- By specifying a value, this overrides the default
+#   variable=      -- By specifying no value, this means no default
+#   #variable=foo  -- By commenting out the line, or deleting it, this uses the default
+
+# You can also refence environment variables:
+#   variable=$HOME/task
+#   variable=$VALUE
+
+# Use the command 'task show' to see all defaults and overrides
+
+# Files
+data.location=/home/git/.task
+
+# To use the default location of the XDG directories,
+# move this configuration file from ~/.taskrc to ~/.config/task/taskrc and uncomment below
+
+#data.location=~/.local/share/task
+#hooks.location=~/.config/task/hooks
+
+# Color theme (uncomment one to use)
+#include light-16.theme
+#include light-256.theme
+#include dark-16.theme
+#include dark-256.theme
+#include dark-red-256.theme
+#include dark-green-256.theme
+#include dark-blue-256.theme
+#include dark-violets-256.theme
+#include dark-yellow-green.theme
+#include dark-gray-256.theme
+#include dark-gray-blue-256.theme
+#include solarized-dark-256.theme
+#include solarized-light-256.theme
+#include no-color.theme
diff --git a/gemfeed/examples/conf/frontends/etc/tmux.conf b/gemfeed/examples/conf/frontends/etc/tmux.conf
new file mode 100644
index 00000000..14493260
--- /dev/null
+++ b/gemfeed/examples/conf/frontends/etc/tmux.conf
@@ -0,0 +1,24 @@
+set-option -g allow-rename off
+set-option -g default-terminal "screen-256color"
+set-option -g history-limit 100000
+set-option -g status-bg '#444444'
+set-option -g status-fg '#ffa500'
+
+set-window-option -g mode-keys vi
+
+bind-key h select-pane -L
+bind-key j select-pane -D
+bind-key k select-pane -U
+bind-key l select-pane -R
+
+bind-key H resize-pane -L 5
+bind-key J resize-pane -D 5
+bind-key K resize-pane -U 5
+bind-key L resize-pane -R 5
+
+bind-key b break-pane -d
+bind-key c new-window -c '#{pane_current_path}'
+bind-key p setw synchronize-panes off
+bind-key P setw synchronize-panes on
+bind-key r source-file ~/.tmux.conf \; display-message "~/.tmux.conf reloaded"
+bind-key T choose-tree