Ownercz/ssme-thesis
1
0
Fork 0
mirror of https://github.com/Ownercz/ssme-thesis.git synced 2025-03-02 07:31:08 +01:00
Code Issues Projects Releases Wiki Activity

Attachments

Browse Source
This commit is contained in:
Radim Lipovčan 2019-03-02 15:53:46 +01:00
parent 5afb57b2ff
commit 36df7d5098
67 changed files with 3410 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

118
Thesis.tex
View File

@ -127,6 +127,15 @@
\endgroup
}
%herebedragons
\expandafter\def\expandafter\UrlBreaks\expandafter{\UrlBreaks% save the current one
\do\a\do\b\do\c\do\d\do\e\do\f\do\g\do\h\do\i\do\j%
\do\k\do\l\do\m\do\n\do\o\do\p\do\q\do\r\do\s\do\t%
\do\u\do\v\do\w\do\x\do\y\do\z\do\A\do\B\do\C\do\D%
\do\E\do\F\do\G\do\H\do\I\do\J\do\K\do\L\do\M\do\N%
\do\O\do\P\do\Q\do\R\do\S\do\T\do\U\do\V\do\W\do\X%
\do\1\do\2\do\3\do\4\do\5\do\6\do\7\do\8\do\9\do\0%
\do\Y\do\Z\do/}
%images
\usepackage{graphicx}
\usepackage{float}
@ -3199,13 +3208,62 @@ Downloads latest release of XMR-Stak from developers GitHub page, configures min
Also adds the exception in Windows Defender to ignore Desktop folder as a binary XMR-Stak file is considered as a malicious file for being a mining software.
\printbibliography[heading=bibintoc]
\newpage
\let\cleardoublepage\clearpage
\begingroup
\let\cleardoublepage\clearpage
\appendix
\listofappendices
\newappendix{Responses sorted by country - User research}
\vspace{-2em}
\chapter{List of Attachments}
Electronic attachments are included in the thesis archive of the Masaryk University Information System.
\\
\\
Thesis source code together with electronic attachements is avaiable at \url{https://github.com/Ownercz/ssme-thesis}.
\\
\\
Chapters of this work are also published online at \url{https://ownercz.github.io/ssme-thesis/}.
\\
\\
Following files are included in the attachment archive:
\begin{itemize}
\itemsep0em
\item \texttt{Ansible} directory containing Ansible playbook and roles for Linux and Windows miner deployment.
\item \texttt{Cleansed} directory containing data used for Monero Users and Monero Miners survey.
\item \texttt{Kickstart} directory containing the kickstart file for Centos 7 used in unattended Centos installation.
\item \texttt{Original} directory containing unfiltered data from Monero Users and Monero Miners survey.
\item \texttt{Sql-queries} directory containing sql files that were used for data processing for both surveys.
\item \texttt{Unattended} directory containing the autounattend file for Windows 10 used in unattended Windows 10 installation.
\end{itemize}
\chapter{Paying for services and goods - User research}
\begin{figure}[H]
\center
\begin{tabular}{p{0.4\linewidth}p{0.2\linewidth}p{0.3\linewidth}}
\textbf{Usage} & \textbf{\% usage} & \textbf{\# out of 113 users} \\
Subscriptions & 15 \% & 17 \\
Restaurants & 5 \% & 6 \\
Donations & 45 \% & 51 \\
Art & 5 \% & 6 \\
Electronics & 18 \% & 20 \\
Travelling & 3 \% & 3 \\
E-shops & 19 \% & 22 \\
Darknet markets & 18 \% & 20 \\
Gambling sites & 3 \% & 3 \\
Drugs & 10 \% & 11 \\
Illegal usecases & 5 \% & 6 \\
VPN services & 35 \% & 31 \\
Gift cards & 4 \% & 4 \\
Hosting and IT services & 22 \% & 25 \\
Other & 0 \% & 0
\end{tabular}
\caption{Monero usage for payments.}
\label{table:moneropayusageresearch}
\end{figure}
\chapter{Responses sorted by country - User research}
\vspace{-1em}
\begin{figure}[H]
\center
\begin{footnotesize}
\begin{tabular}{lll}
\textbf{Number of responses} & \textbf{Country shortcode} & \textbf{Country name} \\
31 & US & United States \\
@ -3239,38 +3297,13 @@ Also adds the exception in Windows Defender to ignore Desktop folder as a binary
1 & ES & Spain \\
1 & AF & Afghanistan
\end{tabular}
\end{footnotesize}
\caption{Diploma thesis plan.}
\label{table:countries}
\end{figure}
\newappendix{Paying for services and goods - User research}
\vspace{-2em}
\begin{figure}[H]
\center
\begin{tabular}{p{0.4\linewidth}p{0.2\linewidth}p{0.3\linewidth}}
\textbf{Usage} & \textbf{\% usage} & \textbf{\# out of 113 users} \\
Subscriptions & 15 \% & 17 \\
Restaurants & 5 \% & 6 \\
Donations & 45 \% & 51 \\
Art & 5 \% & 6 \\
Electronics & 18 \% & 20 \\
Travelling & 3 \% & 3 \\
E-shops & 19 \% & 22 \\
Darknet markets & 18 \% & 20 \\
Gambling sites & 3 \% & 3 \\
Drugs & 10 \% & 11 \\
Illegal usecases & 5 \% & 6 \\
VPN services & 35 \% & 31 \\
Gift cards & 4 \% & 4 \\
Hosting and IT services & 22 \% & 25 \\
Other & 0 \% & 0
\end{tabular}
\caption{Monero usage for payments.}
\label{table:moneropayusageresearch}
\end{figure}
\newappendix{Responses sorted by country - Miners research}
\chapter{Responses sorted by country - Miners research}
\vspace{-2em}
\begin{figure}[H]
\center
@ -3306,33 +3339,17 @@ Other & 0 \% & 0
\label{table:countriesminers}
\end{figure}
\newappendix{Queries used for data mining}
\texttt{SELECT count(*) FROM users WHERE Which\TextUnderscore{}services\TextUnderscore{}or\TextUnderscore{}apps\TextUnderscore{}Official\TextUnderscore{}Monero\TextUnderscore{}GUI like 'yes' or Which\TextUnderscore{}services\TextUnderscore{}or\TextUnderscore{}apps\TextUnderscore{}Official\TextUnderscore{}Monero\TextUnderscore{}CLI like 'yes' or Which\TextUnderscore{}services\TextUnderscore{}or\TextUnderscore{}apps\TextUnderscore{}Other\TextUnderscore{}desktop\TextUnderscore{}client like 'yes';
SELECT count(*) FROM users where Which\TextUnderscore{}platforms\TextUnderscore{}do\TextUnderscore{}you\TextUnderscore{}use\TextUnderscore{}to\TextUnderscore{}access\TextUnderscore{}Monero\TextUnderscore{}Android like 'yes' or Which\TextUnderscore{}platforms\TextUnderscore{}do\TextUnderscore{}you\TextUnderscore{}use\TextUnderscore{}to\TextUnderscore{}access\TextUnderscore{}Monero\TextUnderscore{}iOS like 'yes';
SELECT count(*) FROM users where Which\TextUnderscore{}platforms\TextUnderscore{}do\TextUnderscore{}you\TextUnderscore{}use\TextUnderscore{}to\TextUnderscore{}access\TextUnderscore{}Monero\TextUnderscore{}Android like 'yes' and Which\TextUnderscore{}services\TextUnderscore{}or\TextUnderscore{}apps\TextUnderscore{}Monerujo\TextUnderscore{}Android like 'yes';
SELECT count(*) FROM users where Which\TextUnderscore{}platforms\TextUnderscore{}do\TextUnderscore{}you\TextUnderscore{}use\TextUnderscore{}to\TextUnderscore{}access\TextUnderscore{}Monero\TextUnderscore{}Android like 'yes' and Which\TextUnderscore{}services\TextUnderscore{}or\TextUnderscore{}apps\TextUnderscore{}Freewallet\TextUnderscore{}Android like 'yes';
SELECT count(*) FROM users where Which\TextUnderscore{}platforms\TextUnderscore{}do\TextUnderscore{}you\TextUnderscore{}use\TextUnderscore{}to\TextUnderscore{}access\TextUnderscore{}Monero\TextUnderscore{}Android like 'yes' and Which\TextUnderscore{}services\TextUnderscore{}or\TextUnderscore{}apps\TextUnderscore{}Other\TextUnderscore{}Android\TextUnderscore{}wallet like 'yes';
SELECT count(*) FROM users where Which\TextUnderscore{}platforms\TextUnderscore{}do\TextUnderscore{}you\TextUnderscore{}use\TextUnderscore{}to\TextUnderscore{}access\TextUnderscore{}Monero\TextUnderscore{}Android like 'yes';
SELECT count(*) FROM users where Which\TextUnderscore{}platforms\TextUnderscore{}do\TextUnderscore{}you\TextUnderscore{}use\TextUnderscore{}to\TextUnderscore{}access\TextUnderscore{}Monero\TextUnderscore{}iOS like 'yes';
SELECT count(*) FROM users where Which\TextUnderscore{}platforms\TextUnderscore{}do\TextUnderscore{}you\TextUnderscore{}use\TextUnderscore{}to\TextUnderscore{}access\TextUnderscore{}Monero\TextUnderscore{}iOS like 'yes' and Which\TextUnderscore{}services\TextUnderscore{}or\TextUnderscore{}apps\TextUnderscore{}Cake\TextUnderscore{}Wallet\TextUnderscore{}iOS like 'yes';
SELECT count(*) FROM users where Which\TextUnderscore{}platforms\TextUnderscore{}do\TextUnderscore{}you\TextUnderscore{}use\TextUnderscore{}to\TextUnderscore{}access\TextUnderscore{}Monero\TextUnderscore{}iOS like 'yes' and Which\TextUnderscore{}services\TextUnderscore{}or\TextUnderscore{}apps\TextUnderscore{}Freewallet\TextUnderscore{}iOS like 'yes';
SELECT count(*) FROM users where Which\TextUnderscore{}platforms\TextUnderscore{}do\TextUnderscore{}you\TextUnderscore{}use\TextUnderscore{}to\TextUnderscore{}access\TextUnderscore{}Monero\TextUnderscore{}iOS like 'yes' and Which\TextUnderscore{}services\TextUnderscore{}or\TextUnderscore{}apps\TextUnderscore{}Other\TextUnderscore{}iOS\TextUnderscore{}wallet like 'yes';}
\includepdf[pages=1,pagecommand=\newappendix{Monero User Survey},scale=1.1,width=1.1\textwidth]{monerousersurvey.pdf}
\includepdf[pages=1,pagecommand=\chapter{Monero User Survey},scale=1.1,width=1.1\textwidth]{monerousersurvey.pdf}
\label{monero-user-study-pdf}
\includepdf[pages={2,3,4,5,6,7,8,9},scale=1,width=1.1\textwidth, pagecommand={}]{monerousersurvey.pdf}
\includepdf[pages=1,pagecommand=\newappendix{Monero Miners Survey},scale=1,width=1.1\textwidth]{monerominersurvey.pdf}
\includepdf[pages=1,pagecommand=\chapter{Monero Miners Survey},scale=1,width=1.1\textwidth]{monerominersurvey.pdf}
\label{monero-miners-study-pdf}
\includepdf[pages={2,3,4,5,6,7,8,9},scale=1,width=\textwidth, pagecommand={}]{monerominersurvey.pdf}
%\includepdf[pages=1,pagecommand=\chapter{Monero User Survey},scale=0.7]{moneropoolsurvey.pdf}
%\label{monero-pool-study-pdf}
%\includepdf[pages={2,3,4,5},scale=0.7, pagecommand={}]{moneropoolsurvey.pdf}
\newappendix{Kickstart file}
\chapter{Kickstart file}
\label{kickstart}
\begin{lstlisting}
#version=DEVEL
@ -3405,4 +3422,5 @@ pwpolicy luks --minlen=6 --minquality=50 --notstrict --nochanges --notempty
%pivx https://www.reddit.com/r/pivx/comments/7gjjyw/what_are_the_benefits_of_multisig_addresses/
%zcoin https://github.com/zcoinofficial/zcoin/wiki/Information-for-exchanges
%zcoin https://zcoin.io/zcoins-privacy-technology-compares-competition/
\endgroup
\end{document}

2
attachments/ansible/ansible.cfg Normal file
View File

@ -0,0 +1,2 @@
[defaults]
host_key_checking = false

12
attachments/ansible/hosts Normal file
View File

@ -0,0 +1,12 @@
[xmr01]
xmr01.lipovcan.cz ansible_ssh_host=192.168.1.225 ansible_ssh_pass=ssme-thesis ansible_user=root
[win]
192.168.1.221
[win:vars]
ansible_user=ownercz
ansible_password=ssme-thesis
ansible_connection=winrm
ansible_winrm_server_cert_validation=ignore
ansible_port=5986

2
attachments/ansible/roles/ansible-sw-common-apps/README.md Normal file
View File

@ -0,0 +1,2 @@
# Common apps
Installs EPEL, my common apps that I use and disables selinux.

4
attachments/ansible/roles/ansible-sw-common-apps/defaults/main.yml Normal file
View File

@ -0,0 +1,4 @@
---
epel_repo_url: "https://dl.fedoraproject.org/pub/epel/epel-release-latest-{{ ansible_distribution_major_version }}.noarch.rpm"
epel_repo_gpg_key_url: "https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-{{ ansible_distribution_major_version }}"
epel_repofile_path: "/etc/yum.repos.d/epel.repo"

31
attachments/ansible/roles/ansible-sw-common-apps/tasks/main.yml Normal file
View File

@ -0,0 +1,31 @@
---
- name: 1.Check if EPEL repo is already configured.
stat: path={{ epel_repofile_path }}
register: epel_repofile_result
- name: 2.Install EPEL repo.
yum:
name: "{{ epel_repo_url }}"
state: present
register: result
when: not epel_repofile_result.stat.exists
- name: 3.Import EPEL GPG key.
rpm_key:
key: "{{ epel_repo_gpg_key_url }}"
state: present
when: not epel_repofile_result.stat.exists
- name: EPEL
yum:
name: epel-release
state: latest
- name: 4. Install common apps
yum:
name: htop,rsync,screen,tmux,iftop,iotop,nano,git,wget,unzip,mc
state: latest
- selinux:
state: disabled

2
attachments/ansible/roles/ansible-sw-firewalld/README.md Normal file
View File

@ -0,0 +1,2 @@
# Firewalld installation and configuration
Installs Firewalld, sets default zone to public and opens SSH.

16
attachments/ansible/roles/ansible-sw-firewalld/tasks/main.yml Normal file
View File

@ -0,0 +1,16 @@
- name: install firewalld
yum:
name: firewalld
state: latest
- name: Enable firewalld
service: name=firewalld state=started enabled=yes
- name: Set public as default policy
command: firewall-cmd --set-default-zone=public
- name: Allow http/https
command: firewall-cmd --zone=public --permanent --add-service=ssh
- name: Bounce firewalld
service: name=firewalld state=restarted

16
attachments/ansible/roles/ansible-sw-ntp/tasks/main.yml Normal file
View File

@ -0,0 +1,16 @@
- name: install ntpdate
yum:
name: ntpdate
state: latest
- name: Set Prague timezone
command: timedatectl set-timezone Europe/Prague
- name: Sync time
command: ntpdate 1.cz.pool.ntp.org
- cron:
name: "NTP sync time"
minute: "0"
hour: "1"
job: "/usr/sbin/ntpdate -s -u 1.cz.pool.ntp.org > /dev/null 2>&1"
state: present

22
attachments/ansible/roles/ansible-sw-postfix/LICENSE Normal file
View File

@ -0,0 +1,22 @@
The MIT License (MIT)
Copyright (c) 2015 Jeff Widman
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

51
attachments/ansible/roles/ansible-sw-postfix/README.md Normal file
View File

@ -0,0 +1,51 @@
yum-cron
=========
Installs and manages `yum-cron`.
By default this role installs security updates every hour, and checks for but
does not install normal updates daily. For updates that aren't security flaws, I
prefer to delay upgrading until I'm available to fix anything that might go wrong.
Since the daily update level only checks but doesn't download, the notification
message will say "empty transaction", meaning it found an update, but didn't do
anything about it.
Requirements
------------
Tested on CentOS 7.
Will likely work on equivalent RHEL or RHEL derivatives.
Role Variables
--------------
You'll likely want to change the default `email_to` variable to an email address
that you actually monitor.
It's also possible to define special yum settings to for example exclude some packages from auto-updating:
<pre>
#hourly_base_options:
# - "exclude=java*,kernel*"
#daily_base_options: "{{ hourly_base_options }}"
</pre>
Example Playbook
----------------
- hosts: servers
roles:
- { role: yum-cron, email_to: support@rockclimbing.com, tags: ['yum_cron'] }
License
-------
MIT
Author Information
------------------
Jeff Widman jeff@jeffwidman.com
Johan Guldmyr jguldmyr@csc.fi

2
attachments/ansible/roles/ansible-sw-postfix/defaults/main.yml Normal file
View File

@ -0,0 +1,2 @@
login_pass: null
root_mail: serveradmin@lipovcan.cz

5
attachments/ansible/roles/ansible-sw-postfix/handlers/main.yml Normal file
View File

@ -0,0 +1,5 @@
---
# handlers file for yum_cron
- name: restart postfix
service: name=postfix.service state=restarted enabled=yes

22
attachments/ansible/roles/ansible-sw-postfix/meta/main.yml Normal file
View File

@ -0,0 +1,22 @@
---
galaxy_info:
author: Jeff Widman
description: Installs and configures yum-cron
company: RockClimbing.com
license: MIT
min_ansible_version: 1.9
platforms:
- name: EL
versions:
- 7
categories:
- packaging
- system
dependencies: []
# List your role dependencies here, one per line.
# Be sure to remove the '[]' above if you add dependencies
# to this list.

54
attachments/ansible/roles/ansible-sw-postfix/tasks/main.yml Normal file
View File

@ -0,0 +1,54 @@
---
- name: Ensures postfix installed
yum: name=postfix,cyrus-sasl-sql,cyrus-sasl-plain,cyrus-sasl-lib,mailx,cyrus-sasl-plain state=present
- name: Configure main.cf
template: src=main.cf.j2 dest=/etc/postfix/main.cf
- name: Configure sasl_passwd
template: src=sasl_passwd.j2 dest=/etc/postfix/sasl_passwd
- name: Configure relayhost_map
template: src=relayhost_map.j2 dest=/etc/postfix/relayhost_map
when: email is defined
- name: Configure transport
template: src=transport.j2 dest=/etc/postfix/transport
when: false
- name: Delete old config transport
file:
path: /etc/postfix/transport
state: absent
when: false
- name: Delete old config relayhost_map
file:
path: /etc/postfix/relayhost_map
state: absent
when: email is not defined
- name: Map password
shell: postmap /etc/postfix/sasl_passwd
- name: Map relayhost
shell: postmap /etc/postfix/relayhost_map
when: email is defined
- name: Map transport maps
shell: postmap /etc/postfix/transport
when: false
- name: Create root email alias
lineinfile: dest=/etc/aliases regexp="^root" line="root{{':'}} {{ root_mail }}" state=present
notify:
- restart postfix
- name: Run aliases
shell: newaliases
- name: Map aliases even for local mail delivery
shell: postmap /etc/postfix/virtual
- name: Ensures postfix service is running
service: name=postfix.service state=restarted enabled=yes

712
attachments/ansible/roles/ansible-sw-postfix/templates/main.cf.j2 Normal file
View File

@ -0,0 +1,712 @@
# Global Postfix configuration file. This file lists only a subset
# of all parameters. For the syntax, and for a complete parameter
# list, see the postconf(5) manual page (command: "man 5 postconf").
#
# For common configuration examples, see BASIC_CONFIGURATION_README
# and STANDARD_CONFIGURATION_README. To find these documents, use
# the command "postconf html_directory readme_directory", or go to
# http://www.postfix.org/.
#
# For best results, change no more than 2-3 parameters at a time,
# and test if Postfix still works after every change.
# SOFT BOUNCE
#
# The soft_bounce parameter provides a limited safety net for
# testing. When soft_bounce is enabled, mail will remain queued that
# would otherwise bounce. This parameter disables locally-generated
# bounces, and prevents the SMTP server from rejecting mail permanently
# (by changing 5xx replies into 4xx replies). However, soft_bounce
# is no cure for address rewriting mistakes or mail routing mistakes.
#
#soft_bounce = no
# LOCAL PATHNAME INFORMATION
#
# The queue_directory specifies the location of the Postfix queue.
# This is also the root directory of Postfix daemons that run chrooted.
# See the files in examples/chroot-setup for setting up Postfix chroot
# environments on different UNIX systems.
#
queue_directory = /var/spool/postfix
# The command_directory parameter specifies the location of all
# postXXX commands.
#
command_directory = /usr/sbin
# The daemon_directory parameter specifies the location of all Postfix
# daemon programs (i.e. programs listed in the master.cf file). This
# directory must be owned by root.
#
daemon_directory = /usr/libexec/postfix
# The data_directory parameter specifies the location of Postfix-writable
# data files (caches, random numbers). This directory must be owned
# by the mail_owner account (see below).
#
data_directory = /var/lib/postfix
# QUEUE AND PROCESS OWNERSHIP
#
# The mail_owner parameter specifies the owner of the Postfix queue
# and of most Postfix daemon processes. Specify the name of a user
# account THAT DOES NOT SHARE ITS USER OR GROUP ID WITH OTHER ACCOUNTS
# AND THAT OWNS NO OTHER FILES OR PROCESSES ON THE SYSTEM. In
# particular, don't specify nobody or daemon. PLEASE USE A DEDICATED
# USER.
#
mail_owner = postfix
# The default_privs parameter specifies the default rights used by
# the local delivery agent for delivery to external file or command.
# These rights are used in the absence of a recipient user context.
# DO NOT SPECIFY A PRIVILEGED USER OR THE POSTFIX OWNER.
#
#default_privs = nobody
# INTERNET HOST AND DOMAIN NAMES
#
# The myhostname parameter specifies the internet hostname of this
# mail system. The default is to use the fully-qualified domain name
# from gethostname(). $myhostname is used as a default value for many
# other configuration parameters.
#
#myhostname = host.domain.tld
#myhostname = virtual.domain.tld
# The mydomain parameter specifies the local internet domain name.
# The default is to use $myhostname minus the first component.
# $mydomain is used as a default value for many other configuration
# parameters.
#
#mydomain = domain.tld
# SENDING MAIL
#
# The myorigin parameter specifies the domain that locally-posted
# mail appears to come from. The default is to append $myhostname,
# which is fine for small sites. If you run a domain with multiple
# machines, you should (1) change this to $mydomain and (2) set up
# a domain-wide alias database that aliases each user to
# user@that.users.mailhost.
#
# For the sake of consistency between sender and recipient addresses,
# myorigin also specifies the default domain name that is appended
# to recipient addresses that have no @domain part.
#
#myorigin = $myhostname
#myorigin = $mydomain
# RECEIVING MAIL
# The inet_interfaces parameter specifies the network interface
# addresses that this mail system receives mail on. By default,
# the software claims all active interfaces on the machine. The
# parameter also controls delivery of mail to user@[ip.address].
#
# See also the proxy_interfaces parameter, for network addresses that
# are forwarded to us via a proxy or network address translator.
#
# Note: you need to stop/start Postfix when this parameter changes.
#
inet_interfaces = all
#inet_interfaces = $myhostname
#inet_interfaces = $myhostname, localhost
#inet_interfaces = localhost
# Enable IPv4, and IPv6 if supported
inet_protocols = all
# The proxy_interfaces parameter specifies the network interface
# addresses that this mail system receives mail on by way of a
# proxy or network address translation unit. This setting extends
# the address list specified with the inet_interfaces parameter.
#
# You must specify your proxy/NAT addresses when your system is a
# backup MX host for other domains, otherwise mail delivery loops
# will happen when the primary MX host is down.
#
#proxy_interfaces =
#proxy_interfaces = 1.2.3.4
# The mydestination parameter specifies the list of domains that this
# machine considers itself the final destination for.
#
# These domains are routed to the delivery agent specified with the
# local_transport parameter setting. By default, that is the UNIX
# compatible delivery agent that lookups all recipients in /etc/passwd
# and /etc/aliases or their equivalent.
#
# The default is $myhostname + localhost.$mydomain. On a mail domain
# gateway, you should also include $mydomain.
#
# Do not specify the names of virtual domains - those domains are
# specified elsewhere (see VIRTUAL_README).
#
# Do not specify the names of domains that this machine is backup MX
# host for. Specify those names via the relay_domains settings for
# the SMTP server, or use permit_mx_backup if you are lazy (see
# STANDARD_CONFIGURATION_README).
#
# The local machine is always the final destination for mail addressed
# to user@[the.net.work.address] of an interface that the mail system
# receives mail on (see the inet_interfaces parameter).
#
# Specify a list of host or domain names, /file/name or type:table
# patterns, separated by commas and/or whitespace. A /file/name
# pattern is replaced by its contents; a type:table is matched when
# a name matches a lookup key (the right-hand side is ignored).
# Continue long lines by starting the next line with whitespace.
#
# See also below, section "REJECTING MAIL FOR UNKNOWN LOCAL USERS".
#
mydestination = {{ inventory_hostname }}
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,
# mail.$mydomain, www.$mydomain, ftp.$mydomain
# REJECTING MAIL FOR UNKNOWN LOCAL USERS
#
# The local_recipient_maps parameter specifies optional lookup tables
# with all names or addresses of users that are local with respect
# to $mydestination, $inet_interfaces or $proxy_interfaces.
#
# If this parameter is defined, then the SMTP server will reject
# mail for unknown local users. This parameter is defined by default.
#
# To turn off local recipient checking in the SMTP server, specify
# local_recipient_maps = (i.e. empty).
#
# The default setting assumes that you use the default Postfix local
# delivery agent for local delivery. You need to update the
# local_recipient_maps setting if:
#
# - You define $mydestination domain recipients in files other than
# /etc/passwd, /etc/aliases, or the $virtual_alias_maps files.
# For example, you define $mydestination domain recipients in
# the $virtual_mailbox_maps files.
#
# - You redefine the local delivery agent in master.cf.
#
# - You redefine the "local_transport" setting in main.cf.
#
# - You use the "luser_relay", "mailbox_transport", or "fallback_transport"
# feature of the Postfix local delivery agent (see local(8)).
#
# Details are described in the LOCAL_RECIPIENT_README file.
#
# Beware: if the Postfix SMTP server runs chrooted, you probably have
# to access the passwd file via the proxymap service, in order to
# overcome chroot restrictions. The alternative, having a copy of
# the system passwd file in the chroot jail is just not practical.
#
# The right-hand side of the lookup tables is conveniently ignored.
# In the left-hand side, specify a bare username, an @domain.tld
# wild-card, or specify a user@domain.tld address.
#
#local_recipient_maps = unix:passwd.byname $alias_maps
#local_recipient_maps = proxy:unix:passwd.byname $alias_maps
#local_recipient_maps =
# The unknown_local_recipient_reject_code specifies the SMTP server
# response code when a recipient domain matches $mydestination or
# ${proxy,inet}_interfaces, while $local_recipient_maps is non-empty
# and the recipient address or address local-part is not found.
#
# The default setting is 550 (reject mail) but it is safer to start
# with 450 (try again later) until you are certain that your
# local_recipient_maps settings are OK.
#
unknown_local_recipient_reject_code = 550
# TRUST AND RELAY CONTROL
# The mynetworks parameter specifies the list of "trusted" SMTP
# clients that have more privileges than "strangers".
#
# In particular, "trusted" SMTP clients are allowed to relay mail
# through Postfix. See the smtpd_recipient_restrictions parameter
# in postconf(5).
#
# You can specify the list of "trusted" network addresses by hand
# or you can let Postfix do it for you (which is the default).
#
# By default (mynetworks_style = subnet), Postfix "trusts" SMTP
# clients in the same IP subnetworks as the local machine.
# On Linux, this does works correctly only with interfaces specified
# with the "ifconfig" command.
#
# Specify "mynetworks_style = class" when Postfix should "trust" SMTP
# clients in the same IP class A/B/C networks as the local machine.
# Don't do this with a dialup site - it would cause Postfix to "trust"
# your entire provider's network. Instead, specify an explicit
# mynetworks list by hand, as described below.
#
# Specify "mynetworks_style = host" when Postfix should "trust"
# only the local machine.
#
#mynetworks_style = class
#mynetworks_style = subnet
#mynetworks_style = host
# Alternatively, you can specify the mynetworks list by hand, in
# which case Postfix ignores the mynetworks_style setting.
#
# Specify an explicit list of network/netmask patterns, where the
# mask specifies the number of bits in the network part of a host
# address.
#
# You can also specify the absolute pathname of a pattern file instead
# of listing the patterns here. Specify type:table for table-based lookups
# (the value on the table right-hand side is not used).
#
#mynetworks = 168.100.189.0/28, 127.0.0.0/8
#mynetworks = $config_directory/mynetworks
#mynetworks = hash:/etc/postfix/network_table
# The relay_domains parameter restricts what destinations this system will
# relay mail to. See the smtpd_recipient_restrictions description in
# postconf(5) for detailed information.
#
# By default, Postfix relays mail
# - from "trusted" clients (IP address matches $mynetworks) to any destination,
# - from "untrusted" clients to destinations that match $relay_domains or
# subdomains thereof, except addresses with sender-specified routing.
# The default relay_domains value is $mydestination.
#
# In addition to the above, the Postfix SMTP server by default accepts mail
# that Postfix is final destination for:
# - destinations that match $inet_interfaces or $proxy_interfaces,
# - destinations that match $mydestination
# - destinations that match $virtual_alias_domains,
# - destinations that match $virtual_mailbox_domains.
# These destinations do not need to be listed in $relay_domains.
#
# Specify a list of hosts or domains, /file/name patterns or type:name
# lookup tables, separated by commas and/or whitespace. Continue
# long lines by starting the next line with whitespace. A file name
# is replaced by its contents; a type:name table is matched when a
# (parent) domain appears as lookup key.
#
# NOTE: Postfix will not automatically forward mail for domains that
# list this system as their primary or backup MX host. See the
# permit_mx_backup restriction description in postconf(5).
#
#relay_domains = $mydestination
{% if email is defined %}
{{ relay_domains }}
{% endif %}
# INTERNET OR INTRANET
# The relayhost parameter specifies the default host to send mail to
# when no entry is matched in the optional transport(5) table. When
# no relayhost is given, mail is routed directly to the destination.
#
# On an intranet, specify the organizational domain name. If your
# internal DNS uses no MX records, specify the name of the intranet
# gateway host instead.
#
# In the case of SMTP, specify a domain, host, host:port, [host]:port,
# [address] or [address]:port; the form [host] turns off MX lookups.
#
# If you're connected via UUCP, see also the default_transport parameter.
#
#relayhost = $mydomain
#relayhost = [gateway.my.domain]
#relayhost = [mailserver.isp.tld]
#relayhost = uucphost
#relayhost = [an.ip.add.ress]
# REJECTING UNKNOWN RELAY USERS
#
# The relay_recipient_maps parameter specifies optional lookup tables
# with all addresses in the domains that match $relay_domains.
#
# If this parameter is defined, then the SMTP server will reject
# mail for unknown relay users. This feature is off by default.
#
# The right-hand side of the lookup tables is conveniently ignored.
# In the left-hand side, specify an @domain.tld wild-card, or specify
# a user@domain.tld address.
#
#relay_recipient_maps = hash:/etc/postfix/relay_recipients
# INPUT RATE CONTROL
#
# The in_flow_delay configuration parameter implements mail input
# flow control. This feature is turned on by default, although it
# still needs further development (it's disabled on SCO UNIX due
# to an SCO bug).
#
# A Postfix process will pause for $in_flow_delay seconds before
# accepting a new message, when the message arrival rate exceeds the
# message delivery rate. With the default 100 SMTP server process
# limit, this limits the mail inflow to 100 messages a second more
# than the number of messages delivered per second.
#
# Specify 0 to disable the feature. Valid delays are 0..10.
#
#in_flow_delay = 1s
# ADDRESS REWRITING
#
# The ADDRESS_REWRITING_README document gives information about
# address masquerading or other forms of address rewriting including
# username->Firstname.Lastname mapping.
# ADDRESS REDIRECTION (VIRTUAL DOMAIN)
#
# The VIRTUAL_README document gives information about the many forms
# of domain hosting that Postfix supports.
# "USER HAS MOVED" BOUNCE MESSAGES
#
# See the discussion in the ADDRESS_REWRITING_README document.
# TRANSPORT MAP
#
# See the discussion in the ADDRESS_REWRITING_README document.
# ALIAS DATABASE
#
# The alias_maps parameter specifies the list of alias databases used
# by the local delivery agent. The default list is system dependent.
#
# On systems with NIS, the default is to search the local alias
# database, then the NIS alias database. See aliases(5) for syntax
# details.
#
# If you change the alias database, run "postalias /etc/aliases" (or
# wherever your system stores the mail alias file), or simply run
# "newaliases" to build the necessary DBM or DB file.
#
# It will take a minute or so before changes become visible. Use
# "postfix reload" to eliminate the delay.
#
#alias_maps = dbm:/etc/aliases
alias_maps = hash:/etc/aliases
#alias_maps = hash:/etc/aliases, nis:mail.aliases
#alias_maps = netinfo:/aliases
# The alias_database parameter specifies the alias database(s) that
# are built with "newaliases" or "sendmail -bi". This is a separate
# configuration parameter, because alias_maps (see above) may specify
# tables that are not necessarily all under control by Postfix.
#
#alias_database = dbm:/etc/aliases
#alias_database = dbm:/etc/mail/aliases
alias_database = hash:/etc/aliases
#alias_database = hash:/etc/aliases, hash:/opt/majordomo/aliases
# ADDRESS EXTENSIONS (e.g., user+foo)
#
# The recipient_delimiter parameter specifies the separator between
# user names and address extensions (user+foo). See canonical(5),
# local(8), relocated(5) and virtual(5) for the effects this has on
# aliases, canonical, virtual, relocated and .forward file lookups.
# Basically, the software tries user+foo and .forward+foo before
# trying user and .forward.
#
#recipient_delimiter = +
# DELIVERY TO MAILBOX
#
# The home_mailbox parameter specifies the optional pathname of a
# mailbox file relative to a user's home directory. The default
# mailbox file is /var/spool/mail/user or /var/mail/user. Specify
# "Maildir/" for qmail-style delivery (the / is required).
#
#home_mailbox = Mailbox
#home_mailbox = Maildir/
# The mail_spool_directory parameter specifies the directory where
# UNIX-style mailboxes are kept. The default setting depends on the
# system type.
#
#mail_spool_directory = /var/mail
#mail_spool_directory = /var/spool/mail
# The mailbox_command parameter specifies the optional external
# command to use instead of mailbox delivery. The command is run as
# the recipient with proper HOME, SHELL and LOGNAME environment settings.
# Exception: delivery for root is done as $default_user.
#
# Other environment variables of interest: USER (recipient username),
# EXTENSION (address extension), DOMAIN (domain part of address),
# and LOCAL (the address localpart).
#
# Unlike other Postfix configuration parameters, the mailbox_command
# parameter is not subjected to $parameter substitutions. This is to
# make it easier to specify shell syntax (see example below).
#
# Avoid shell meta characters because they will force Postfix to run
# an expensive shell process. Procmail alone is expensive enough.
#
# IF YOU USE THIS TO DELIVER MAIL SYSTEM-WIDE, YOU MUST SET UP AN
# ALIAS THAT FORWARDS MAIL FOR ROOT TO A REAL USER.
#
#mailbox_command = /some/where/procmail
#mailbox_command = /some/where/procmail -a "$EXTENSION"
# The mailbox_transport specifies the optional transport in master.cf
# to use after processing aliases and .forward files. This parameter
# has precedence over the mailbox_command, fallback_transport and
# luser_relay parameters.
#
# Specify a string of the form transport:nexthop, where transport is
# the name of a mail delivery transport defined in master.cf. The
# :nexthop part is optional. For more details see the sample transport
# configuration file.
#
# NOTE: if you use this feature for accounts not in the UNIX password
# file, then you must update the "local_recipient_maps" setting in
# the main.cf file, otherwise the SMTP server will reject mail for
# non-UNIX accounts with "User unknown in local recipient table".
#
# Cyrus IMAP over LMTP. Specify ``lmtpunix cmd="lmtpd"
# listen="/var/imap/socket/lmtp" prefork=0'' in cyrus.conf.
#mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp
# If using the cyrus-imapd IMAP server deliver local mail to the IMAP
# server using LMTP (Local Mail Transport Protocol), this is prefered
# over the older cyrus deliver program by setting the
# mailbox_transport as below:
#
# mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp
#
# The efficiency of LMTP delivery for cyrus-imapd can be enhanced via
# these settings.
#
# local_destination_recipient_limit = 300
# local_destination_concurrency_limit = 5
#
# Of course you should adjust these settings as appropriate for the
# capacity of the hardware you are using. The recipient limit setting
# can be used to take advantage of the single instance message store
# capability of Cyrus. The concurrency limit can be used to control
# how many simultaneous LMTP sessions will be permitted to the Cyrus
# message store.
#
# Cyrus IMAP via command line. Uncomment the "cyrus...pipe" and
# subsequent line in master.cf.
#mailbox_transport = cyrus
# The fallback_transport specifies the optional transport in master.cf
# to use for recipients that are not found in the UNIX passwd database.
# This parameter has precedence over the luser_relay parameter.
#
# Specify a string of the form transport:nexthop, where transport is
# the name of a mail delivery transport defined in master.cf. The
# :nexthop part is optional. For more details see the sample transport
# configuration file.
#
# NOTE: if you use this feature for accounts not in the UNIX password
# file, then you must update the "local_recipient_maps" setting in
# the main.cf file, otherwise the SMTP server will reject mail for
# non-UNIX accounts with "User unknown in local recipient table".
#
#fallback_transport = lmtp:unix:/var/lib/imap/socket/lmtp
#fallback_transport =
# The luser_relay parameter specifies an optional destination address
# for unknown recipients. By default, mail for unknown@$mydestination,
# unknown@[$inet_interfaces] or unknown@[$proxy_interfaces] is returned
# as undeliverable.
#
# The following expansions are done on luser_relay: $user (recipient
# username), $shell (recipient shell), $home (recipient home directory),
# $recipient (full recipient address), $extension (recipient address
# extension), $domain (recipient domain), $local (entire recipient
# localpart), $recipient_delimiter. Specify ${name?value} or
# ${name:value} to expand value only when $name does (does not) exist.
#
# luser_relay works only for the default Postfix local delivery agent.
#
# NOTE: if you use this feature for accounts not in the UNIX password
# file, then you must specify "local_recipient_maps =" (i.e. empty) in
# the main.cf file, otherwise the SMTP server will reject mail for
# non-UNIX accounts with "User unknown in local recipient table".
#
#luser_relay = $user@other.host
#luser_relay = $local@other.host
#luser_relay = admin+$local
# JUNK MAIL CONTROLS
#
# The controls listed here are only a very small subset. The file
# SMTPD_ACCESS_README provides an overview.
# The header_checks parameter specifies an optional table with patterns
# that each logical message header is matched against, including
# headers that span multiple physical lines.
#
# By default, these patterns also apply to MIME headers and to the
# headers of attached messages. With older Postfix versions, MIME and
# attached message headers were treated as body text.
#
# For details, see "man header_checks".
#
#header_checks = regexp:/etc/postfix/header_checks
# FAST ETRN SERVICE
#
# Postfix maintains per-destination logfiles with information about
# deferred mail, so that mail can be flushed quickly with the SMTP
# "ETRN domain.tld" command, or by executing "sendmail -qRdomain.tld".
# See the ETRN_README document for a detailed description.
#
# The fast_flush_domains parameter controls what destinations are
# eligible for this service. By default, they are all domains that
# this server is willing to relay mail to.
#
#fast_flush_domains = $relay_domains
# SHOW SOFTWARE VERSION OR NOT
#
# The smtpd_banner parameter specifies the text that follows the 220
# code in the SMTP server's greeting banner. Some people like to see
# the mail version advertised. By default, Postfix shows no version.
#
# You MUST specify $myhostname at the start of the text. That is an
# RFC requirement. Postfix itself does not care.
#
#smtpd_banner = $myhostname ESMTP $mail_name
#smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
# PARALLEL DELIVERY TO THE SAME DESTINATION
#
# How many parallel deliveries to the same user or domain? With local
# delivery, it does not make sense to do massively parallel delivery
# to the same user, because mailbox updates must happen sequentially,
# and expensive pipelines in .forward files can cause disasters when
# too many are run at the same time. With SMTP deliveries, 10
# simultaneous connections to the same domain could be sufficient to
# raise eyebrows.
#
# Each message delivery transport has its XXX_destination_concurrency_limit
# parameter. The default is $default_destination_concurrency_limit for
# most delivery transports. For the local delivery agent the default is 2.
#local_destination_concurrency_limit = 2
#default_destination_concurrency_limit = 20
# DEBUGGING CONTROL
#
# The debug_peer_level parameter specifies the increment in verbose
# logging level when an SMTP client or server host name or address
# matches a pattern in the debug_peer_list parameter.
#
debug_peer_level = 2
# The debug_peer_list parameter specifies an optional list of domain
# or network patterns, /file/name patterns or type:name tables. When
# an SMTP client or server host name or address matches a pattern,
# increase the verbose logging level by the amount specified in the
# debug_peer_level parameter.
#
#debug_peer_list = 127.0.0.1
#debug_peer_list = some.domain
# The debugger_command specifies the external command that is executed
# when a Postfix daemon program is run with the -D option.
#
# Use "command .. & sleep 5" so that the debugger can attach before
# the process marches on. If you use an X-based debugger, be sure to
# set up your XAUTHORITY environment variable before starting Postfix.
#
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
ddd $daemon_directory/$process_name $process_id & sleep 5
# If you can't use X, use this to capture the call stack when a
# daemon crashes. The result is in a file in the configuration
# directory, and is named after the process name and the process ID.
#
# debugger_command =
# PATH=/bin:/usr/bin:/usr/local/bin; export PATH; (echo cont;
# echo where) | gdb $daemon_directory/$process_name $process_id 2>&1
# >$config_directory/$process_name.$process_id.log & sleep 5
#
# Another possibility is to run gdb under a detached screen session.
# To attach to the screen sesssion, su root and run "screen -r
# <id_string>" where <id_string> uniquely matches one of the detached
# sessions (from "screen -list").
#
# debugger_command =
# PATH=/bin:/usr/bin:/sbin:/usr/sbin; export PATH; screen
# -dmS $process_name gdb $daemon_directory/$process_name
# $process_id & sleep 1
# INSTALL-TIME CONFIGURATION INFORMATION
#
# The following parameters are used when installing a new Postfix version.
#
# sendmail_path: The full pathname of the Postfix sendmail command.
# This is the Sendmail-compatible mail posting interface.
#
sendmail_path = /usr/sbin/sendmail.postfix
# newaliases_path: The full pathname of the Postfix newaliases command.
# This is the Sendmail-compatible command to build alias databases.
#
newaliases_path = /usr/bin/newaliases.postfix
# mailq_path: The full pathname of the Postfix mailq command. This
# is the Sendmail-compatible mail queue listing command.
#
mailq_path = /usr/bin/mailq.postfix
# setgid_group: The group for mail submission and queue management
# commands. This must be a group name with a numerical group ID that
# is not shared with other accounts, not even with the Postfix account.
#
setgid_group = postdrop
# html_directory: The location of the Postfix HTML documentation.
#
html_directory = no
# manpage_directory: The location of the Postfix on-line manual pages.
#
manpage_directory = /usr/share/man
# sample_directory: The location of the Postfix sample configuration files.
# This parameter is obsolete as of Postfix 2.1.
#
sample_directory = /usr/share/doc/postfix-2.10.1/samples
# readme_directory: The location of the Postfix README files.
#
readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES
#Added for gmail connections
{% if email is not defined %}
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
# Secure channel TLS with exact nexthop name match.
smtp_tls_security_level = secure
smtp_tls_mandatory_protocols = TLSv1
smtp_tls_mandatory_ciphers = high
smtp_tls_secure_cert_match = nexthop
smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
relayhost = [smtp.gmail.com]:587
virtual_alias_maps = hash:/etc/postfix/virtual
inet_protocols=ipv4
{% else %}
inet_protocols=ipv4
#mydestination = localhost
#Default Relay Host if not Found in relayhost_map
#relayhost = localhost
smtp_use_tls = yes
smtp_sasl_auth_enable = yes
#Per user or domain auth map
smtp_sender_dependent_authentication = yes
sender_dependent_relayhost_maps = hash:/etc/postfix/relayhost_map
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
{% endif %}

5
attachments/ansible/roles/ansible-sw-postfix/templates/relayhost_map.j2 Normal file
View File

@ -0,0 +1,5 @@
{% if email is defined %}
{% for item in email %}
{{ item.relayhost }}
{% endfor %}
{% endif %}

8
attachments/ansible/roles/ansible-sw-postfix/templates/sasl_passwd.j2 Normal file
View File

@ -0,0 +1,8 @@
{% if login_pass is defined %}
{{ login_pass }}
{% endif %}
{% if email is defined %}
{% for item in email %}
{{ item.login_pass }}
{% endfor %}
{% endif %}

8
attachments/ansible/roles/ansible-sw-postfix/templates/transport.j2 Normal file
View File

@ -0,0 +1,8 @@
{% if login_pass is defined %}
{{ login_pass }}
{% endif %}
{% if email is defined %}
{% for item in email %}
{{ item.login_pass }}
{% endfor %}
{% endif %}

295
attachments/ansible/roles/ansible-sw-postfix/templates/virtual.j2 Normal file
View File

@ -0,0 +1,295 @@
# VIRTUAL(5) VIRTUAL(5)
#
# NAME
# virtual - Postfix virtual alias table format
#
# SYNOPSIS
# postmap /etc/postfix/virtual
#
# postmap -q "string" /etc/postfix/virtual
#
# postmap -q - /etc/postfix/virtual <inputfile
#
# DESCRIPTION
# The optional virtual(5) alias table rewrites recipient
# addresses for all local, all virtual, and all remote mail
# destinations. This is unlike the aliases(5) table which
# is used only for local(8) delivery. Virtual aliasing is
# recursive, and is implemented by the Postfix cleanup(8)
# daemon before mail is queued.
#
# The main applications of virtual aliasing are:
#
# o To redirect mail for one address to one or more
# addresses.
#
# o To implement virtual alias domains where all
# addresses are aliased to addresses in other
# domains.
#
# Virtual alias domains are not to be confused with
# the virtual mailbox domains that are implemented
# with the Postfix virtual(8) mail delivery agent.
# With virtual mailbox domains, each recipient
# address can have its own mailbox.
#
# Virtual aliasing is applied only to recipient envelope
# addresses, and does not affect message headers. Use
# canonical(5) mapping to rewrite header and envelope
# addresses in general.
#
# Normally, the virtual(5) alias table is specified as a
# text file that serves as input to the postmap(1) command.
# The result, an indexed file in dbm or db format, is used
# for fast searching by the mail system. Execute the command
# "postmap /etc/postfix/virtual" to rebuild an indexed file
# after changing the corresponding text file.
#
# When the table is provided via other means such as NIS,
# LDAP or SQL, the same lookups are done as for ordinary
# indexed files.
#
# Alternatively, the table can be provided as a regular-
# expression map where patterns are given as regular expres-
# sions, or lookups can be directed to TCP-based server. In
# those case, the lookups are done in a slightly different
# way as described below under "REGULAR EXPRESSION TABLES"
# or "TCP-BASED TABLES".
#
# CASE FOLDING
# The search string is folded to lowercase before database
# lookup. As of Postfix 2.3, the search string is not case
# folded with database types such as regexp: or pcre: whose
# lookup fields can match both upper and lower case.
#
# TABLE FORMAT
# The input format for the postmap(1) command is as follows:
#
# pattern result
# When pattern matches a mail address, replace it by
# the corresponding result.
#
# blank lines and comments
# Empty lines and whitespace-only lines are ignored,
# as are lines whose first non-whitespace character
# is a `#'.
#
# multi-line text
# A logical line starts with non-whitespace text. A
# line that starts with whitespace continues a logi-
# cal line.
#
# TABLE SEARCH ORDER
# With lookups from indexed files such as DB or DBM, or from
# networked tables such as NIS, LDAP or SQL, patterns are
# tried in the order as listed below:
#
# user@domain address, address, ...
# Redirect mail for user@domain to address. This
# form has the highest precedence.
#
# user address, address, ...
# Redirect mail for user@site to address when site is
# equal to $myorigin, when site is listed in $mydes-
# tination, or when it is listed in $inet_interfaces
# or $proxy_interfaces.
#
# This functionality overlaps with functionality of
# the local aliases(5) database. The difference is
# that virtual(5) mapping can be applied to non-local
# addresses.
#
# @domain address, address, ...
# Redirect mail for other users in domain to address.
# This form has the lowest precedence.
#
# Note: @domain is a wild-card. With this form, the
# Postfix SMTP server accepts mail for any recipient
# in domain, regardless of whether that recipient
# exists. This may turn your mail system into a
# backscatter source: Postfix first accepts mail for
# non-existent recipients and then tries to return
# that mail as "undeliverable" to the often forged
# sender address.
#
# RESULT ADDRESS REWRITING
# The lookup result is subject to address rewriting:
#
# o When the result has the form @otherdomain, the
# result becomes the same user in otherdomain. This
# works only for the first address in a multi-address
# lookup result.
#
# o When "append_at_myorigin=yes", append "@$myorigin"
# to addresses without "@domain".
#
# o When "append_dot_mydomain=yes", append ".$mydomain"
# to addresses without ".domain".
#
# ADDRESS EXTENSION
# When a mail address localpart contains the optional recip-
# ient delimiter (e.g., user+foo@domain), the lookup order
# becomes: user+foo@domain, user@domain, user+foo, user, and
# @domain.
#
# The propagate_unmatched_extensions parameter controls
# whether an unmatched address extension (+foo) is propa-
# gated to the result of table lookup.
#
# VIRTUAL ALIAS DOMAINS
# Besides virtual aliases, the virtual alias table can also
# be used to implement virtual alias domains. With a virtual
# alias domain, all recipient addresses are aliased to
# addresses in other domains.
#
# Virtual alias domains are not to be confused with the vir-
# tual mailbox domains that are implemented with the Postfix
# virtual(8) mail delivery agent. With virtual mailbox
# domains, each recipient address can have its own mailbox.
#
# With a virtual alias domain, the virtual domain has its
# own user name space. Local (i.e. non-virtual) usernames
# are not visible in a virtual alias domain. In particular,
# local aliases(5) and local mailing lists are not visible
# as localname@virtual-alias.domain.
#
# Support for a virtual alias domain looks like:
#
# /etc/postfix/main.cf:
# virtual_alias_maps = hash:/etc/postfix/virtual
#
# Note: some systems use dbm databases instead of hash. See
# the output from "postconf -m" for available database
# types.
#
# /etc/postfix/virtual:
# virtual-alias.domain anything (right-hand content does not matter)
# postmaster@virtual-alias.domain postmaster
# user1@virtual-alias.domain address1
# user2@virtual-alias.domain address2, address3
#
# The virtual-alias.domain anything entry is required for a
# virtual alias domain. Without this entry, mail is rejected
# with "relay access denied", or bounces with "mail loops
# back to myself".
#
# Do not specify virtual alias domain names in the main.cf
# mydestination or relay_domains configuration parameters.
#
# With a virtual alias domain, the Postfix SMTP server
# accepts mail for known-user@virtual-alias.domain, and
# rejects mail for unknown-user@virtual-alias.domain as
# undeliverable.
#
# Instead of specifying the virtual alias domain name via
# the virtual_alias_maps table, you may also specify it via
# the main.cf virtual_alias_domains configuration parameter.
# This latter parameter uses the same syntax as the main.cf
# mydestination configuration parameter.
#
# REGULAR EXPRESSION TABLES
# This section describes how the table lookups change when
# the table is given in the form of regular expressions. For
# a description of regular expression lookup table syntax,
# see regexp_table(5) or pcre_table(5).
#
# Each pattern is a regular expression that is applied to
# the entire address being looked up. Thus, user@domain mail
# addresses are not broken up into their user and @domain
# constituent parts, nor is user+foo broken up into user and
# foo.
#
# Patterns are applied in the order as specified in the ta-
# ble, until a pattern is found that matches the search
# string.
#
# Results are the same as with indexed file lookups, with
# the additional feature that parenthesized substrings from
# the pattern can be interpolated as $1, $2 and so on.
#
# TCP-BASED TABLES
# This section describes how the table lookups change when
# lookups are directed to a TCP-based server. For a descrip-
# tion of the TCP client/server lookup protocol, see tcp_ta-
# ble(5). This feature is not available up to and including
# Postfix version 2.4.
#
# Each lookup operation uses the entire address once. Thus,
# user@domain mail addresses are not broken up into their
# user and @domain constituent parts, nor is user+foo broken
# up into user and foo.
#
# Results are the same as with indexed file lookups.
#
# BUGS
# The table format does not understand quoting conventions.
#
# CONFIGURATION PARAMETERS
# The following main.cf parameters are especially relevant
# to this topic. See the Postfix main.cf file for syntax
# details and for default values. Use the "postfix reload"
# command after a configuration change.
#
# virtual_alias_maps
# List of virtual aliasing tables.
#
# virtual_alias_domains
# List of virtual alias domains. This uses the same
# syntax as the mydestination parameter.
#
# propagate_unmatched_extensions
# A list of address rewriting or forwarding mecha-
# nisms that propagate an address extension from the
# original address to the result. Specify zero or
# more of canonical, virtual, alias, forward,
# include, or generic.
#
# Other parameters of interest:
#
# inet_interfaces
# The network interface addresses that this system
# receives mail on. You need to stop and start Post-
# fix when this parameter changes.
#
# mydestination
# List of domains that this mail system considers
# local.
#
# myorigin
# The domain that is appended to any address that
# does not have a domain.
#
# owner_request_special
# Give special treatment to owner-xxx and xxx-request
# addresses.
#
# proxy_interfaces
# Other interfaces that this machine receives mail on
# by way of a proxy agent or network address transla-
# tor.
#
# SEE ALSO
# cleanup(8), canonicalize and enqueue mail
# postmap(1), Postfix lookup table manager
# postconf(5), configuration parameters
# canonical(5), canonical address mapping
#
# README FILES
# Use "postconf readme_directory" or "postconf html_direc-
# tory" to locate this information.
# ADDRESS_REWRITING_README, address rewriting guide
# DATABASE_README, Postfix lookup table overview
# VIRTUAL_README, domain hosting guide
#
# LICENSE
# The Secure Mailer license must be distributed with this
# software.
#
# AUTHOR(S)
# Wietse Venema
# IBM T.J. Watson Research
# P.O. Box 704
# Yorktown Heights, NY 10598, USA
#
# VIRTUAL(5)
root {{ root_mail }}

12
attachments/ansible/roles/ansible-sw-sshsec/.travis.yml Normal file
View File

@ -0,0 +1,12 @@
---
language: python
python: "2.7"
before_install:
- sudo apt-get update -qq
- sudo apt-get install -qq python-apt python-pycurl
install:
- pip install ansible
script:
- echo localhost > inventory
- ansible-playbook --syntax-check -i inventory role.yml
- ansible-playbook -i inventory role.yml --connection=local --sudo -vvvv

16
attachments/ansible/roles/ansible-sw-sshsec/README.md Normal file
View File

@ -0,0 +1,16 @@
# Ansible Fail2Ban Role
An ansible role for installing fail2ban.
[![Build Status](https://travis-ci.org/resmo/ansible-role-fail2ban.png?branch=master)](https://travis-ci.org/resmo/ansible-role-fail2ban)
## Usage:
---
- hosts: all
remote_user: root
roles:
- resmo.fail2ban
## Homepage:
https://github.com/resmo/ansible-role-fail2ban

19
attachments/ansible/roles/ansible-sw-sshsec/defaults/main.yml Normal file
View File

@ -0,0 +1,19 @@
---
# Enable service on boot
fail2ban_service_enabled: yes
# Allowed setting are: started, stopped
fail2ban_service_state: started
# Allowed setting are: installed, latest
fail2ban_pkg_state: installed
# "ignoreip" can be an IP address, a CIDR mask or a DNS host
fail2ban_config_ignoreip: 127.0.0.1/8
fail2ban_config_bantime: 6000
fail2ban_config_maxretry: 3
fail2ban_config_destemail: info@nehlsen.cz
# Jails
fail2ban_config_jail_ssh_enabled: yes
fail2ban_config_jail_sshddos_enabled: yes

3
attachments/ansible/roles/ansible-sw-sshsec/handlers/main.yml Normal file
View File

@ -0,0 +1,3 @@
---
- name: restart fail2ban
action: service name=fail2ban state=restarted

21
attachments/ansible/roles/ansible-sw-sshsec/meta/main.yml Normal file
View File

@ -0,0 +1,21 @@
---
galaxy_info:
author: René Moser
company: Moser Systems
license: MIT
min_ansible_version: 1.4
platforms:
- name: EL
versions:
- all
- name: Ubuntu
versions:
- all
- name: Debian
versions:
- all
categories:
- system
dependencies: []

9
attachments/ansible/roles/ansible-sw-sshsec/role.yml Normal file
View File

@ -0,0 +1,9 @@
- hosts: localhost
remote_user: root
vars_files:
- 'vars/main.yml'
- 'defaults/main.yml'
tasks:
- include: 'tasks/main.yml'
handlers:
- include: 'handlers/main.yml'

34
attachments/ansible/roles/ansible-sw-sshsec/tasks/main.yml Normal file
View File

@ -0,0 +1,34 @@
---
- name: install fail2ban for Debian
apt: pkg=fail2ban state={{ fail2ban_pkg_state }}
when: ansible_os_family == 'Debian'
tags: package
- name: install fail2ban for RedHat
yum: name=fail2ban state={{ fail2ban_pkg_state }}
when: ansible_os_family == 'RedHat'
tags: package
- name: configure fail2ban local jails
action: template src=jail.local.j2 dest=/etc/fail2ban/jail.local mode=0644
notify: restart fail2ban
tags: configuration
- name: configure fail2ban
action: template src=config.j2 dest=/etc/fail2ban/fail2ban.conf mode=0644
notify: restart fail2ban
tags: configuration
- name: ensure file exists
copy:
content: ""
dest: /var/log/auth.log
- name: start/stop fail2ban service
service: name=fail2ban state={{ fail2ban_service_state }} enabled={{ fail2ban_service_enabled }}
tags: service
- name: start/stop fail2ban service
service: name=fail2ban state=stopped
- name: start/stop fail2ban service
service: name=fail2ban state=started

72
attachments/ansible/roles/ansible-sw-sshsec/templates/config.j2 Normal file
View File

@ -0,0 +1,72 @@
# Fail2Ban main configuration file
#
# Comments: use '#' for comment lines and ';' (following a space) for inline comments
#
# Changes: in most of the cases you should not modify this
# file, but provide customizations in fail2ban.local file, e.g.:
#
# [Definition]
# loglevel = DEBUG
#
[Definition]
# Option: loglevel
# Notes.: Set the log level output.
# CRITICAL
# ERROR
# WARNING
# NOTICE
# INFO
# DEBUG
# Values: [ LEVEL ] Default: ERROR
#
loglevel = DEBUG
# Option: logtarget
# Notes.: Set the log target. This could be a file, SYSLOG, STDERR or STDOUT.
# Only one log target can be specified.
# If you change logtarget from the default value and you are
# using logrotate -- also adjust or disable rotation in the
# corresponding configuration file
# (e.g. /etc/logrotate.d/fail2ban on Debian systems)
# Values: [ STDOUT | STDERR | SYSLOG | FILE ] Default: STDERR
#
logtarget = /var/log/fail2ban.log
# Option: syslogsocket
# Notes: Set the syslog socket file. Only used when logtarget is SYSLOG
# auto uses platform.system() to determine predefined paths
# Values: [ auto | FILE ] Default: auto
syslogsocket = auto
# Option: socket
# Notes.: Set the socket file. This is used to communicate with the daemon. Do
# not remove this file when Fail2ban runs. It will not be possible to
# communicate with the server afterwards.
# Values: [ FILE ] Default: /var/run/fail2ban/fail2ban.sock
#
socket = /var/run/fail2ban/fail2ban.sock
# Option: pidfile
# Notes.: Set the PID file. This is used to store the process ID of the
# fail2ban server.
# Values: [ FILE ] Default: /var/run/fail2ban/fail2ban.pid
#
pidfile = /var/run/fail2ban/fail2ban.pid
# Options: dbfile
# Notes.: Set the file for the fail2ban persistent data to be stored.
# A value of ":memory:" means database is only stored in memory
# and data is lost when fail2ban is stopped.
# A value of "None" disables the database.
# Values: [ None :memory: FILE ] Default: /var/lib/fail2ban/fail2ban.sqlite3
dbfile = /var/lib/fail2ban/fail2ban.sqlite3
# Options: dbpurgeage
# Notes.: Sets age at which bans should be purged from the database
# Values: [ SECONDS ] Default: 86400 (24hours)
dbpurgeage = 86400

34
attachments/ansible/roles/ansible-sw-sshsec/templates/jail.local.j2 Normal file
View File

@ -0,0 +1,34 @@
# Fail2Ban configuration file.
[DEFAULT]
# "ignoreip" can be an IP address, a CIDR mask or a DNS host
ignoreip = {{ fail2ban_config_ignoreip }}
bantime = {{ fail2ban_config_bantime }}
maxretry = {{ fail2ban_config_maxretry }}
findtime = 6000
# Destination email address used solely for the interpolations in
# jail.{conf,local} configuration files.
destemail = {{ fail2ban_config_destemail }}
mta = sendmail
ignoreip = 81.200.53.35,192.168.0.0/16
#
# JAILS
#
[ssh]
enabled = {{ fail2ban_config_jail_ssh_enabled }}
port = ssh
filter = sshd
logpath = /var/log/secure
banaction = firewallcmd-ipset
[ssh-ddos]
enabled = {{ fail2ban_config_jail_sshddos_enabled }}
port = ssh
filter = sshd-ddos
logpath = /var/log/secure
banaction = firewallcmd-ipset

2
attachments/ansible/roles/ansible-sw-sshsec/vars/main.yml Normal file
View File

@ -0,0 +1,2 @@
---
# vars file for ansible-role-fail2ban

2
attachments/ansible/roles/ansible-sw-xmrstak/README.md Normal file
View File

@ -0,0 +1,2 @@
# Common apps
Installs EPEL, my common apps that I use and disables selinux.

27
attachments/ansible/roles/ansible-sw-xmrstak/defaults/main.yml Normal file
View File

@ -0,0 +1,27 @@
---
epel_repo_url: "https://dl.fedoraproject.org/pub/epel/epel-release-latest-{{ ansible_distribution_major_version }}.noarch.rpm"
epel_repo_gpg_key_url: "https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-{{ ansible_distribution_major_version }}"
epel_repofile_path: "/etc/yum.repos.d/epel.repo"
http_port: 8080
http_username: "ownercz"
http_pass: "ssme-thesis"
ipv4_preference: "true"
cpu_config: '"cpu_threads_conf" :
[
{ "low_power_mode" : true, "no_prefetch" : true, "asm" : "auto", "affine_to_cpu" : 0 },
{ "low_power_mode" : true, "no_prefetch" : true, "asm" : "auto", "affine_to_cpu" : 1 },
{ "low_power_mode" : true, "no_prefetch" : true, "asm" : "auto", "affine_to_cpu" : 2 },
{ "low_power_mode" : true, "no_prefetch" : true, "asm" : "auto", "affine_to_cpu" : 3 },
{ "low_power_mode" : true, "no_prefetch" : true, "asm" : "auto", "affine_to_cpu" : 4 },
{ "low_power_mode" : true, "no_prefetch" : true, "asm" : "auto", "affine_to_cpu" : 5 },
],
'
pool_address: "pool.supportxmr.com:3333"
wallet_address: "4A8VqcQVQQ3SfBhbwJss1UijiyqKvqNpi1vBeKppJiY3Y11QK5bs3KEPPkKz7ink8qYP6df8qKwBSLxmnuvV6sUD7K6WmGk"
rig_id: "R610"
pool_password: "x"
use_tls: "false"
currency: "monero"
remotehttp: "true"

100
attachments/ansible/roles/ansible-sw-xmrstak/tasks/main.yml Normal file
View File

@ -0,0 +1,100 @@
---
- name: 1. Install software collections
yum:
name: centos-release-scl
state: latest
- name: 2. Install cmake and asociated tools
yum:
name: cmake3,devtoolset-4-gcc*,hwloc-devel,libmicrohttpd-devel,openssl-devel,make
state: latest
- name: 3. Enable toolset for use in bash
shell: scl enable devtoolset-4 bash
- name: Prepare folder structure
file:
path: /home/{{ item.username }}/xmr-stak
state: absent
with_items: '{{ users }}'
- git:
repo: 'https://github.com/fireice-uk/xmr-stak.git'
dest: /home/{{ item.username }}/xmr-stak
clone: yes
with_items: '{{ users }}'
- file:
path: /home/{{ item.username }}/xmr-stak/build
state: directory
mode: 0755
with_items: '{{ users }}'
- name: Edit bashrc for toolset.
shell: echo 'source scl_source enable devtoolset-4' >> ~/.bashrc
- name: Compile xmr-stak with CPU mining support.
shell: cmake3 .. -DCPU_ENABLE=ON -DCUDA_ENABLE=OFF -DOpenCL_ENABLE=OFF
args:
chdir: /home/{{ item.username }}/xmr-stak/build/
with_items: '{{ users }}'
- name: Make install xmr-stak.
shell: make install
args:
chdir: /home/{{ item.username }}/xmr-stak/build/
with_items: '{{ users }}'
- template:
src: cpu.j2
dest: /home/{{ item.username }}/cpu.txt
owner: {{ item.username }}
group: wheel
mode: 0644
with_items: '{{ users }}'
- template:
src: pools.j2
dest: /home/{{ item.username }}/pools.txt
owner: {{ item.username }}
group: wheel
mode: 0644
with_items: '{{ users }}'
- template:
src: config.j2
dest: /home/{{ item.username }}/config.txt
owner: {{ item.username }}
group: wheel
mode: 0644
with_items: '{{ users }}'
- template:
src: start.j2
dest: /home/{{ item.username }}/xmr-stak/build/bin/start.sh
owner: {{ item.username }}
group: wheel
mode: 0644
with_items: '{{ users }}'
- name: Allow http miner node webserver
command: firewall-cmd --zone=public --permanent --add-port=8080/tcp
when: remotehttp
- cron:
name: "Run stak-xmr"
job: "/home/{{ item.username }}/xmr-stak/build/bin/start.sh > /dev/null 2>&1"
user: {{ item.username }}
with_items: '{{ users }}'
- name: Make start script executable.
file: dest=/home/{{ item.username }}/xmr-stak/build/bin/start.sh mode=a+x
with_items: '{{ users }}'
- name: Make xmr-stak executable.
file: dest=/home/{{ item.username }}/xmr-stak/build/bin/xmr-stak mode=a+x
with_items: '{{ users }}'
- name: Enable hugepages for memory allocation.
shell: echo 'vm.nr_hugepages=128' >> /etc/sysctl.conf
- name: Reload systemcontrol.
shell: sysctl -p

145
attachments/ansible/roles/ansible-sw-xmrstak/templates/config.j2 Normal file
View File

@ -0,0 +1,145 @@
// generated by xmr-stak/2.6.0/8713716/master/lin/cpu/20
/*
* Network timeouts.
* Because of the way this client is written it doesn't need to constantly talk (keep-alive) to the server to make
* sure it is there. We detect a buggy / overloaded server by the call timeout. The default values will be ok for
* nearly all cases. If they aren't the pool has most likely overload issues. Low call timeout values are preferable -
* long timeouts mean that we waste hashes on potentially stale jobs. Connection report will tell you how long the
* server usually takes to process our calls.
*
* call_timeout - How long should we wait for a response from the server before we assume it is dead and drop the connection.
* retry_time - How long should we wait before another connection attempt.
* Both values are in seconds.
* giveup_limit - Limit how many times we try to reconnect to the pool. Zero means no limit. Note that stak miners
* don't mine while the connection is lost, so your computer's power usage goes down to idle.
*/
"call_timeout" : 10,
"retry_time" : 30,
"giveup_limit" : 0,
/*
* Output control.
* Since most people are used to miners printing all the time, that's what we do by default too. This is suboptimal
* really, since you cannot see errors under pages and pages of text and performance stats. Given that we have internal
* performance monitors, there is very little reason to spew out pages of text instead of concise reports.
* Press 'h' (hashrate), 'r' (results) or 'c' (connection) to print reports.
*
* verbose_level - 0 - Don't print anything.
* 1 - Print intro, connection event, disconnect event
* 2 - All of level 1, and new job (block) event if the difficulty is different from the last job
* 3 - All of level 1, and new job (block) event in all cases, result submission event.
* 4 - All of level 3, and automatic hashrate report printing
*
* print_motd - Display messages from your pool operator in the hashrate result.
*/
"verbose_level" : 3,
"print_motd" : true,
/*
* Automatic hashrate report
*
* h_print_time - How often, in seconds, should we print a hashrate report if verbose_level is set to 4.
* This option has no effect if verbose_level is not 4.
*/
"h_print_time" : 60,
/*
* Manual hardware AES override
*
* Some VMs don't report AES capability correctly. You can set this value to true to enforce hardware AES or
* to false to force disable AES or null to let the miner decide if AES is used.
*
* WARNING: setting this to true on a CPU that doesn't support hardware AES will crash the miner.
*/
"aes_override" : null,
/*
* LARGE PAGE SUPPORT
* Large pages need a properly set up OS. It can be difficult if you are not used to systems administration,
* but the performance results are worth the trouble - you will get around 20% boost. Slow memory mode is
* meant as a backup, you won't get stellar results there. If you are running into trouble, especially
* on Windows, please read the common issues in the README and FAQ.
*
* On Linux you will need to configure large page support and increase your memlock limit (ulimit -l).
*
* To set large page support, add the following to "/etc/sysctl.d/60-hugepages.conf":
* vm.nr_hugepages=128
* You WILL need to run "sudo sysctl --system" for these settings to take effect on your system (or reboot).
* In some cases (many threads, very large CPU, etc) you may need more than 128
* (try 256 if there are still complaints from thread inits)
*
* To increase the memlock (ulimit -l), add following lines to /etc/security/limits.d/60-memlock.conf:
* * - memlock 262144
* root - memlock 262144
* You WILL need to log out and log back in for these settings to take effect on your user (no need to reboot, just relogin in your session).
*
* Check with "/sbin/sysctl vm.nr_hugepages ; ulimit -l" to validate
*
* Memory locking means that the kernel can't swap out the page to disk - something that is unlikely to happen on a
* command line system that isn't starved of memory. I haven't observed any difference on a CLI Linux system between
* locked and unlocked memory. If that is your setup see option "no_mlck".
*
*
* use_slow_memory defines our behaviour with regards to large pages. There are three possible options here:
* always - Don't even try to use large pages. Always use slow memory.
* warn - We will try to use large pages, but fall back to slow memory if that fails.
* no_mlck - This option is only relevant on Linux, where we can use large pages without locking memory.
* It will never use slow memory, but it won't attempt to mlock
* never - If we fail to allocate large pages we will print an error and exit.
*/
"use_slow_memory" : "warn",
/*
* TLS Settings
* If you need real security, make sure tls_secure_algo is enabled (otherwise MITM attack can downgrade encryption
* to trivially breakable stuff like DES and MD5), and verify the server's fingerprint through a trusted channel.
*
* tls_secure_algo - Use only secure algorithms. This will make us quit with an error if we can't negotiate a secure algo.
*/
"tls_secure_algo" : true,
/*
* Daemon mode
*
* If you are running the process in the background and you don't need the keyboard reports, set this to true.
* This should solve the hashrate problems on some emulated terminals.
*/
"daemon_mode" : false,
/*
* Output file
*
* output_file - This option will log all output to a file.
*
*/
"output_file" : "",
/*
* Built-in web server
* I like checking my hashrate on my phone. Don't you?
* Keep in mind that you will need to set up port forwarding on your router if you want to access it from
* outside of your home network. Ports lower than 1024 on Linux systems will require root.
*
* httpd_port - Port we should listen on. Default, 0, will switch off the server.
*/
"httpd_port" : {{ http_port }},
/*
* HTTP Authentication
*
* This allows you to set a password to keep people on the Internet from snooping on your hashrate.
* Keep in mind that this is based on HTTP Digest, which is based on MD5. To a determined attacker
* who is able to read your traffic it is as easy to break a bog door latch.
*
* http_login - Login. Empty login disables authentication.
* http_pass - Password.
*/
"http_login" : "{{ http_username }}",
"http_pass" : "{{ http_pass }}",
/*
* prefer_ipv4 - IPv6 preference. If the host is available on both IPv4 and IPv6 net, which one should be choose?
* This setting will only be needed in 2020's. No need to worry about it now.
*/
"prefer_ipv4" : {{ ipv4_preference }},

39
attachments/ansible/roles/ansible-sw-xmrstak/templates/cpu.j2 Normal file
View File

@ -0,0 +1,39 @@
// generated by xmr-stak/2.6.0/8713716/master/lin/cpu/20
/*
* Thread configuration for each thread. Make sure it matches the number above.
* low_power_mode - This can either be a boolean (true or false), or a number between 1 to 5. When set to true,
* this mode will double the cache usage, and double the single thread performance. It will
* consume much less power (as less cores are working), but will max out at around 80-85% of
* the maximum performance. When set to a number N greater than 1, this mode will increase the
* cache usage and single thread performance by N times.
*
* no_prefetch - Some systems can gain up to extra 5% here, but sometimes it will have no difference or make
* things slower.
*
* asm - Allow to switch to a assembler version of cryptonight_v8; allowed value [auto, off, intel_avx, amd_avx]
* - auto: xmr-stak will automatically detect the asm type (default)
* - off: disable the usage of optimized assembler
* - intel_avx: supports Intel cpus with avx instructions e.g. Xeon v2, Core i7/i5/i3 3xxx, Pentium G2xxx, Celeron G1xxx
* - amd_avx: supports AMD cpus with avx instructions e.g. AMD Ryzen 1xxx and 2xxx series
*
* affine_to_cpu - This can be either false (no affinity), or the CPU core number. Note that on hyperthreading
* systems it is better to assign threads to physical cores. On Windows this usually means selecting
* even or odd numbered cpu numbers. For Linux it will be usually the lower CPU numbers, so for a 4
* physical core CPU you should select cpu numbers 0-3.
*
* On the first run the miner will look at your system and suggest a basic configuration that will work,
* you can try to tweak it from there to get the best performance.
*
* A filled out configuration should look like this:
* "cpu_threads_conf" :
* [
* { "low_power_mode" : false, "no_prefetch" : true, "asm" : "auto", "affine_to_cpu" : 0 },
* { "low_power_mode" : false, "no_prefetch" : true, "asm" : "auto", "affine_to_cpu" : 1 },
* ],
* If you do not wish to mine with your CPU(s) then use:
* "cpu_threads_conf" :
* null,
*/
{{ cpu_config }}

53
attachments/ansible/roles/ansible-sw-xmrstak/templates/pools.j2 Normal file
View File

@ -0,0 +1,53 @@
// generated by xmr-stak/2.6.0/8713716/master/lin/cpu/20
/*
* pool_address - Pool address should be in the form "pool.supportxmr.com:3333". Only stratum pools are supported.
* wallet_address - Your wallet, or pool login.
* rig_id - Rig identifier for pool-side statistics (needs pool support).
* pool_password - Can be empty in most cases or "x".
* use_nicehash - Limit the nonce to 3 bytes as required by nicehash.
* use_tls - This option will make us connect using Transport Layer Security.
* tls_fingerprint - Server's SHA256 fingerprint. If this string is non-empty then we will check the server's cert against it.
* pool_weight - Pool weight is a number telling the miner how important the pool is. Miner will mine mostly at the pool
* with the highest weight, unless the pool fails. Weight must be an integer larger than 0.
*
* We feature pools up to 1MH/s. For a more complete list see M5M400's pool list at www.moneropools.com
*/
"pool_list" :
[
{"pool_address" : "{{ pool_address }}", "wallet_address" : "{{ wallet_address }}", "rig_id" : "{{ rig_id }}", "pool_password" : "{{ pool_password }}", "use_nicehash" : false, "use_tls" : {{ use_tls }}, "tls_fingerprint" : "", "pool_weight" : 1 },
],
/*
* Currency to mine. Supported values:
*
* aeon7 (use this for Aeon's new PoW)
* bbscoin (automatic switch with block version 3 to cryptonight_v7)
* bittube (uses cryptonight_bittube2 algorithm)
* graft
* haven (automatic switch with block version 3 to cryptonight_haven)
* intense
* masari
* monero (use this to support Monero's Oct 2018 fork)
* qrl - Quantum Resistant Ledger
* ryo
* turtlecoin
*
* Native algorithms which not depends on any block versions:
*
* # 1MiB scratchpad memory
* cryptonight_lite
* cryptonight_lite_v7
* cryptonight_lite_v7_xor (algorithm used by ipbc)
* # 2MiB scratchpad memory
* cryptonight
* cryptonight_v7
* cryptonight_v8
* # 4MiB scratchpad memory
* cryptonight_bittube2
* cryptonight_haven
* cryptonight_heavy
*/
"currency" : "{{ currency }}",

10
attachments/ansible/roles/ansible-sw-xmrstak/templates/start.j2 Normal file
View File

@ -0,0 +1,10 @@
#!/bin/bash
if screen -list | grep -q "xmrstak"; then
echo "Xmrstak is alive!"
else
echo "Starting xmrstak "
screen -S xmrstak -d -m /home/ownercz/xmr-stak/build/bin/xmr-stak
echo "Xmrstak is online!"
fi

3
attachments/ansible/roles/ansible-sys-disableroot/tasks/main.yml Normal file
View File

@ -0,0 +1,3 @@
- name: Disable remote root login
lineinfile: dest={{ sshd_config }} regexp="^#?PermitRootLogin" line="PermitRootLogin no"
notify: restart sshd

3
attachments/ansible/roles/ansible-sys-hostname/tasks/main.yml Normal file
View File

@ -0,0 +1,3 @@
- name: change hostname to myserver
hostname:
name: "{{ inventory_hostname }}"

15
attachments/ansible/roles/ansible-user-add/tasks/main.yml Normal file
View File

@ -0,0 +1,15 @@
- name: Ansible created sudo accounts
user: name={{ item.username }} state=present groups="users,wheel" update_password="{{ item.updatepassword }}" password="{{ item.password | password_hash('sha512') }}" comment='Ansible created "{{ item.username }}" sudo account'
sudo: yes
when: item.issudo == True
with_items: '{{ users }}'
- name: Ansible created regular accounts
user: name={{ item.username }} state=present groups="users" update_password="{{ item.updatepassword }}" password="{{ item.password | password_hash('sha512') }}" comment='Ansible created "{{ item.username }}" regular account'
sudo: yes
when: item.issudo == False
with_items: '{{ users }}'
# - debug:
# msg:"{{ item.password | password_hash('sha512') }}"
# with_items: '{{ users }}'

24
attachments/ansible/roles/ansible-win-apps/defaults/main.yml Normal file
View File

@ -0,0 +1,24 @@
release_url: "https://github.com/fireice-uk/xmr-stak/releases/download/2.6.0/xmr-stak-win64-2.6.0.zip"
username: "Ownercz"
http_port: 8080
http_username: "ownercz"
http_pass: "ssme-thesis"
ipv4_preference: "true"
cpu_config: '"cpu_threads_conf" :
[
{ "low_power_mode" : true, "no_prefetch" : true, "asm" : "auto", "affine_to_cpu" : 0 },
{ "low_power_mode" : true, "no_prefetch" : true, "asm" : "auto", "affine_to_cpu" : 1 },
{ "low_power_mode" : true, "no_prefetch" : true, "asm" : "auto", "affine_to_cpu" : 2 },
{ "low_power_mode" : true, "no_prefetch" : true, "asm" : "auto", "affine_to_cpu" : 3 },
{ "low_power_mode" : true, "no_prefetch" : true, "asm" : "auto", "affine_to_cpu" : 4 },
{ "low_power_mode" : true, "no_prefetch" : true, "asm" : "auto", "affine_to_cpu" : 5 },
],
'
pool_address: "pool.supportxmr.com:3333"
wallet_address: "4A8VqcQVQQ3SfBhbwJss1UijiyqKvqNpi1vBeKppJiY3Y11QK5bs3KEPPkKz7ink8qYP6df8qKwBSLxmnuvV6sUD7K6WmGk"
rig_id: "R610"
pool_password: "x"
use_tls: "false"
currency: "monero"
remotehttp: "true"

63
attachments/ansible/roles/ansible-win-apps/tasks/main.yml Normal file
View File

@ -0,0 +1,63 @@
- name: Download xmr-stak release
win_get_url:
url: https://github.com/fireice-uk/xmr-stak/releases/download/2.6.0/xmr-stak-win64-2.6.0.zip
dest: C:\Users\ownercz\Desktop\xmr-stak.zip
- name: Unzip xmr-stak archive
win_unzip:
src: C:\Users\ownercz\Desktop\xmr-stak.zip
dest: C:\Users\ownercz\Desktop\xmr-stak-raw
creates: C:\Users\ownercz\Desktop\xmr-stak-raw
- name: Copy a folder recursively where the source is on the remote host
win_copy:
src: C:\Users\ownercz\Desktop\xmr-stak-raw\xmr-stak-win64-2.6.0\
dest: C:\Users\ownercz\Desktop\xmr-stak
remote_src: yes
- name: Copy a folder recursively where the source is on the remote host
win_template:
src: templates/cpu.j2
dest: C:\Users\ownercz\Desktop\xmr-stak\cpu.txt
- name: Copy a folder recursively where the source is on the remote host
win_template:
src: templates/pools.j2
dest: C:\Users\ownercz\Desktop\xmr-stak\pools.txt
- name: Copy a folder recursively where the source is on the remote host
win_template:
src: templates/config.j2
dest: C:\Users\ownercz\Desktop\xmr-stak\config.txt
- name: Copy a folder recursively where the source is on the remote host
win_template:
src: templates/start.j2
dest: C:\Users\ownercz\Desktop\xmr-stak\start.cmd
- name: Download xmr-stak release
win_get_url:
url: https://go.microsoft.com/fwlink/?LinkId=746572
dest: C:\Users\ownercz\Desktop\xmr-stak-raw\runtime.exe
- name: Install 7zip and use a file version for the installation check
win_package:
path: C:\Users\ownercz\Desktop\xmr-stak-raw\runtime.exe
# creates_path: C:\Program Files\7-Zip\7z.exe
# creates_version: 16.04
state: present
product_id: '{BC958BD2-5DAC-3862-BB1A-C1BE0790438D}'
arguments: "/install /passive /norestart /quiet"
- name: create task to run a PS script as NETWORK service on boot
win_scheduled_task:
name: XMR-Stak
description: Run a mining node
actions:
- path: C:\Users\ownercz\Desktop\xmr-stak\start.cmd
triggers:
- type: logon
username: ownercz
run_level: highest
state: present
- win_reboot:

145
attachments/ansible/roles/ansible-win-apps/templates/config.j2 Normal file
View File

@ -0,0 +1,145 @@
// generated by xmr-stak/2.6.0/8713716/master/lin/cpu/20
/*
* Network timeouts.
* Because of the way this client is written it doesn't need to constantly talk (keep-alive) to the server to make
* sure it is there. We detect a buggy / overloaded server by the call timeout. The default values will be ok for
* nearly all cases. If they aren't the pool has most likely overload issues. Low call timeout values are preferable -
* long timeouts mean that we waste hashes on potentially stale jobs. Connection report will tell you how long the
* server usually takes to process our calls.
*
* call_timeout - How long should we wait for a response from the server before we assume it is dead and drop the connection.
* retry_time - How long should we wait before another connection attempt.
* Both values are in seconds.
* giveup_limit - Limit how many times we try to reconnect to the pool. Zero means no limit. Note that stak miners
* don't mine while the connection is lost, so your computer's power usage goes down to idle.
*/
"call_timeout" : 10,
"retry_time" : 30,
"giveup_limit" : 0,
/*
* Output control.
* Since most people are used to miners printing all the time, that's what we do by default too. This is suboptimal
* really, since you cannot see errors under pages and pages of text and performance stats. Given that we have internal
* performance monitors, there is very little reason to spew out pages of text instead of concise reports.
* Press 'h' (hashrate), 'r' (results) or 'c' (connection) to print reports.
*
* verbose_level - 0 - Don't print anything.
* 1 - Print intro, connection event, disconnect event
* 2 - All of level 1, and new job (block) event if the difficulty is different from the last job
* 3 - All of level 1, and new job (block) event in all cases, result submission event.
* 4 - All of level 3, and automatic hashrate report printing
*
* print_motd - Display messages from your pool operator in the hashrate result.
*/
"verbose_level" : 3,
"print_motd" : true,
/*
* Automatic hashrate report
*
* h_print_time - How often, in seconds, should we print a hashrate report if verbose_level is set to 4.
* This option has no effect if verbose_level is not 4.
*/
"h_print_time" : 60,
/*
* Manual hardware AES override
*
* Some VMs don't report AES capability correctly. You can set this value to true to enforce hardware AES or
* to false to force disable AES or null to let the miner decide if AES is used.
*
* WARNING: setting this to true on a CPU that doesn't support hardware AES will crash the miner.
*/
"aes_override" : null,
/*
* LARGE PAGE SUPPORT
* Large pages need a properly set up OS. It can be difficult if you are not used to systems administration,
* but the performance results are worth the trouble - you will get around 20% boost. Slow memory mode is
* meant as a backup, you won't get stellar results there. If you are running into trouble, especially
* on Windows, please read the common issues in the README and FAQ.
*
* On Linux you will need to configure large page support and increase your memlock limit (ulimit -l).
*
* To set large page support, add the following to "/etc/sysctl.d/60-hugepages.conf":
* vm.nr_hugepages=128
* You WILL need to run "sudo sysctl --system" for these settings to take effect on your system (or reboot).
* In some cases (many threads, very large CPU, etc) you may need more than 128
* (try 256 if there are still complaints from thread inits)
*
* To increase the memlock (ulimit -l), add following lines to /etc/security/limits.d/60-memlock.conf:
* * - memlock 262144
* root - memlock 262144
* You WILL need to log out and log back in for these settings to take effect on your user (no need to reboot, just relogin in your session).
*
* Check with "/sbin/sysctl vm.nr_hugepages ; ulimit -l" to validate
*
* Memory locking means that the kernel can't swap out the page to disk - something that is unlikely to happen on a
* command line system that isn't starved of memory. I haven't observed any difference on a CLI Linux system between
* locked and unlocked memory. If that is your setup see option "no_mlck".
*
*
* use_slow_memory defines our behaviour with regards to large pages. There are three possible options here:
* always - Don't even try to use large pages. Always use slow memory.
* warn - We will try to use large pages, but fall back to slow memory if that fails.
* no_mlck - This option is only relevant on Linux, where we can use large pages without locking memory.
* It will never use slow memory, but it won't attempt to mlock
* never - If we fail to allocate large pages we will print an error and exit.
*/
"use_slow_memory" : "warn",
/*
* TLS Settings
* If you need real security, make sure tls_secure_algo is enabled (otherwise MITM attack can downgrade encryption
* to trivially breakable stuff like DES and MD5), and verify the server's fingerprint through a trusted channel.
*
* tls_secure_algo - Use only secure algorithms. This will make us quit with an error if we can't negotiate a secure algo.
*/
"tls_secure_algo" : true,
/*
* Daemon mode
*
* If you are running the process in the background and you don't need the keyboard reports, set this to true.
* This should solve the hashrate problems on some emulated terminals.
*/
"daemon_mode" : false,
/*
* Output file
*
* output_file - This option will log all output to a file.
*
*/
"output_file" : "",
/*
* Built-in web server
* I like checking my hashrate on my phone. Don't you?
* Keep in mind that you will need to set up port forwarding on your router if you want to access it from
* outside of your home network. Ports lower than 1024 on Linux systems will require root.
*
* httpd_port - Port we should listen on. Default, 0, will switch off the server.
*/
"httpd_port" : {{ http_port }},
/*
* HTTP Authentication
*
* This allows you to set a password to keep people on the Internet from snooping on your hashrate.
* Keep in mind that this is based on HTTP Digest, which is based on MD5. To a determined attacker
* who is able to read your traffic it is as easy to break a bog door latch.
*
* http_login - Login. Empty login disables authentication.
* http_pass - Password.
*/
"http_login" : "{{ http_username }}",
"http_pass" : "{{ http_pass }}",
/*
* prefer_ipv4 - IPv6 preference. If the host is available on both IPv4 and IPv6 net, which one should be choose?
* This setting will only be needed in 2020's. No need to worry about it now.
*/
"prefer_ipv4" : {{ ipv4_preference }},

39
attachments/ansible/roles/ansible-win-apps/templates/cpu.j2 Normal file
View File

@ -0,0 +1,39 @@
// generated by xmr-stak/2.6.0/8713716/master/lin/cpu/20
/*
* Thread configuration for each thread. Make sure it matches the number above.
* low_power_mode - This can either be a boolean (true or false), or a number between 1 to 5. When set to true,
* this mode will double the cache usage, and double the single thread performance. It will
* consume much less power (as less cores are working), but will max out at around 80-85% of
* the maximum performance. When set to a number N greater than 1, this mode will increase the
* cache usage and single thread performance by N times.
*
* no_prefetch - Some systems can gain up to extra 5% here, but sometimes it will have no difference or make
* things slower.
*
* asm - Allow to switch to a assembler version of cryptonight_v8; allowed value [auto, off, intel_avx, amd_avx]
* - auto: xmr-stak will automatically detect the asm type (default)
* - off: disable the usage of optimized assembler
* - intel_avx: supports Intel cpus with avx instructions e.g. Xeon v2, Core i7/i5/i3 3xxx, Pentium G2xxx, Celeron G1xxx
* - amd_avx: supports AMD cpus with avx instructions e.g. AMD Ryzen 1xxx and 2xxx series
*
* affine_to_cpu - This can be either false (no affinity), or the CPU core number. Note that on hyperthreading
* systems it is better to assign threads to physical cores. On Windows this usually means selecting
* even or odd numbered cpu numbers. For Linux it will be usually the lower CPU numbers, so for a 4
* physical core CPU you should select cpu numbers 0-3.
*
* On the first run the miner will look at your system and suggest a basic configuration that will work,
* you can try to tweak it from there to get the best performance.
*
* A filled out configuration should look like this:
* "cpu_threads_conf" :
* [
* { "low_power_mode" : false, "no_prefetch" : true, "asm" : "auto", "affine_to_cpu" : 0 },
* { "low_power_mode" : false, "no_prefetch" : true, "asm" : "auto", "affine_to_cpu" : 1 },
* ],
* If you do not wish to mine with your CPU(s) then use:
* "cpu_threads_conf" :
* null,
*/
{{ cpu_config }}

53
attachments/ansible/roles/ansible-win-apps/templates/pools.j2 Normal file
View File

@ -0,0 +1,53 @@
// generated by xmr-stak/2.6.0/8713716/master/lin/cpu/20
/*
* pool_address - Pool address should be in the form "pool.supportxmr.com:3333". Only stratum pools are supported.
* wallet_address - Your wallet, or pool login.
* rig_id - Rig identifier for pool-side statistics (needs pool support).
* pool_password - Can be empty in most cases or "x".
* use_nicehash - Limit the nonce to 3 bytes as required by nicehash.
* use_tls - This option will make us connect using Transport Layer Security.
* tls_fingerprint - Server's SHA256 fingerprint. If this string is non-empty then we will check the server's cert against it.
* pool_weight - Pool weight is a number telling the miner how important the pool is. Miner will mine mostly at the pool
* with the highest weight, unless the pool fails. Weight must be an integer larger than 0.
*
* We feature pools up to 1MH/s. For a more complete list see M5M400's pool list at www.moneropools.com
*/
"pool_list" :
[
{"pool_address" : "{{ pool_address }}", "wallet_address" : "{{ wallet_address }}", "rig_id" : "{{ rig_id }}", "pool_password" : "{{ pool_password }}", "use_nicehash" : false, "use_tls" : {{ use_tls }}, "tls_fingerprint" : "", "pool_weight" : 1 },
],
/*
* Currency to mine. Supported values:
*
* aeon7 (use this for Aeon's new PoW)
* bbscoin (automatic switch with block version 3 to cryptonight_v7)
* bittube (uses cryptonight_bittube2 algorithm)
* graft
* haven (automatic switch with block version 3 to cryptonight_haven)
* intense
* masari
* monero (use this to support Monero's Oct 2018 fork)
* qrl - Quantum Resistant Ledger
* ryo
* turtlecoin
*
* Native algorithms which not depends on any block versions:
*
* # 1MiB scratchpad memory
* cryptonight_lite
* cryptonight_lite_v7
* cryptonight_lite_v7_xor (algorithm used by ipbc)
* # 2MiB scratchpad memory
* cryptonight
* cryptonight_v7
* cryptonight_v8
* # 4MiB scratchpad memory
* cryptonight_bittube2
* cryptonight_haven
* cryptonight_heavy
*/
"currency" : "{{ currency }}",

3
attachments/ansible/roles/ansible-win-apps/templates/start.j2 Normal file
View File

@ -0,0 +1,3 @@
@echo off
start /d "C:\Users\ownercz\Desktop\xmr-stak" xmr-stak.exe
@pause

22
attachments/ansible/roles/ansible-yum-cron/LICENSE Normal file
View File

@ -0,0 +1,22 @@
The MIT License (MIT)
Copyright (c) 2015 Jeff Widman
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

51
attachments/ansible/roles/ansible-yum-cron/README.md Normal file
View File

@ -0,0 +1,51 @@
yum-cron
=========
Installs and manages `yum-cron`.
By default this role installs security updates every hour, and checks for but
does not install normal updates daily. For updates that aren't security flaws, I
prefer to delay upgrading until I'm available to fix anything that might go wrong.
Since the daily update level only checks but doesn't download, the notification
message will say "empty transaction", meaning it found an update, but didn't do
anything about it.
Requirements
------------
Tested on CentOS 7.
Will likely work on equivalent RHEL or RHEL derivatives.
Role Variables
--------------
You'll likely want to change the default `email_to` variable to an email address
that you actually monitor.
It's also possible to define special yum settings to for example exclude some packages from auto-updating:
<pre>
#hourly_base_options:
# - "exclude=java*,kernel*"
#daily_base_options: "{{ hourly_base_options }}"
</pre>
Example Playbook
----------------
- hosts: servers
roles:
- { role: yum-cron, email_to: support@rockclimbing.com, tags: ['yum_cron'] }
License
-------
MIT
Author Information
------------------
Jeff Widman jeff@jeffwidman.com
Johan Guldmyr jguldmyr@csc.fi

33
attachments/ansible/roles/ansible-yum-cron/defaults/main.yml Normal file
View File

@ -0,0 +1,33 @@
---
# defaults file for yum_cron
# Defaults to Ansible inventory hostname.
# If prefer to use system hostname, set to None.
system_name: "{{ inventory_hostname }}"
emit_via: email
output_width: 80
email_from: "root@{{ inventory_hostname }}"
email_to: serveradmin@lipovcan.cz
email_host: localhost
hourly_update_level: security
hourly_update_message: no
hourly_download_updates: no
hourly_apply_updates: no
hourly_random_sleep: 0
#hourly_base_options:
# - "exclude=java*,kernel*"
daily_update_level: security
daily_update_message: yes
daily_download_updates: yes
daily_apply_updates: no
daily_random_sleep: 0
#daily_base_options: "{{ hourly_base_options }}"
yum_cron_clean_what: "all"
yum_cron_clean_enabled: False
#yum_cron_clean_when is what comes after /etc/cron. so /etc/cron.daily/ /etc/cron.monthly
yum_cron_clean_when: "daily"

5
attachments/ansible/roles/ansible-yum-cron/handlers/main.yml Normal file
View File

@ -0,0 +1,5 @@
---
# handlers file for yum_cron
- name: restart yum-cron
service: name=yum-cron state=restarted enabled=yes

22
attachments/ansible/roles/ansible-yum-cron/meta/main.yml Normal file
View File

@ -0,0 +1,22 @@
---
galaxy_info:
author: Jeff Widman
description: Installs and configures yum-cron
company: RockClimbing.com
license: MIT
min_ansible_version: 1.9
platforms:
- name: EL
versions:
- 7
categories:
- packaging
- system
dependencies: []
# List your role dependencies here, one per line.
# Be sure to remove the '[]' above if you add dependencies
# to this list.

26
attachments/ansible/roles/ansible-yum-cron/tasks/main.yml Normal file
View File

@ -0,0 +1,26 @@
---
- name: Ensures yum-cron installed
yum: name=yum-cron state=present
tags: yum-cron
- name: Configure yum-cron.conf
template: src=yum-cron.conf.j2 dest=/etc/yum/yum-cron.conf
notify: restart yum-cron
tags: yum-cron
- name: Configure yum-cron-hourly.conf
template: src=yum-cron-hourly.conf.j2 dest=/etc/yum/yum-cron-hourly.conf
notify: restart yum-cron
tags: yum-cron
- name: Ensures yum-cron service is running
service: name=yum-cron state=started enabled=yes
tags: yum-cron
- name: Configure yum-cron-clean to run a yum clean regularly
template: src=yum_clean_cron.j2 dest=/etc/cron.{{ yum_cron_clean_when }}/yum_clean_cron mode=0755
- name: Disable the pesky yum-hourly in crontab, because we dont use it anyway.
template: src=0yum-hourly.cron.j2 dest=/etc/cron.hourly/0yum-hourly.cron
when: yum_hourly_update_disable == true

11
attachments/ansible/roles/ansible-yum-cron/templates/0yum-hourly.cron.j2 Normal file
View File

@ -0,0 +1,11 @@
#!/bin/bash
# Only run if this flag is set. The flag is created by the yum-cron init
# script when the service is started -- this allows one to use chkconfig and
# the standard "service stop|start" commands to enable or disable yum-cron.
if [[ ! -f /var/lock/subsys/yum-cron ]]; then
exit 0
fi
# Action!
#exec /usr/sbin/yum-cron /etc/yum/yum-cron-hourly.conf

86
attachments/ansible/roles/ansible-yum-cron/templates/yum-cron-hourly.conf.j2 Normal file
View File

@ -0,0 +1,86 @@
[commands]
# What kind of update to use:
# default = yum upgrade
# security = yum --security upgrade
# security-severity:Critical = yum --sec-severity=Critical upgrade
# minimal = yum --bugfix upgrade-minimal
# minimal-security = yum --security upgrade-minimal
# minimal-security-severity:Critical = --sec-severity=Critical upgrade-minimal
update_cmd = {{ hourly_update_level }}
# Whether a message should emitted when updates are available.
update_messages = {{ hourly_update_message }}
# Whether updates should be downloaded when they are available. Note
# that updates_messages must also be yes for updates to be downloaded.
download_updates = {{ hourly_download_updates }}
# Whether updates should be applied when they are available. Note
# that both update_messages and download_updates must also be yes for
# the update to be applied
apply_updates = {{ hourly_apply_updates }}
# Maximum amout of time to randomly sleep, in minutes. The program
# will sleep for a random amount of time between 0 and random_sleep
# minutes before running. This is useful for e.g. staggering the
# times that multiple systems will access update servers. If
# random_sleep is 0 or negative, the program will run immediately.
random_sleep = {{ hourly_random_sleep }}
[emitters]
# Name to use for this system in messages that are emitted. If
# system_name is None, the hostname will be used.
system_name = {{ system_name }}
# How to send messages. Valid options are stdio and email. If
# emit_via includes stdio, messages will be sent to stdout; this is useful
# to have cron send the messages. If emit_via includes email, this
# program will send email itself according to the configured options.
# If emit_via is None or left blank, no messages will be sent.
emit_via = {{ emit_via }}
# The width, in characters, that messages that are emitted should be
# formatted to.
ouput_width = {{ output_width }}
[email]
# The address to send email messages from.
email_from = {{ email_from }}
# List of addresses to send messages to.
email_to = {{ email_to }}
# Name of the host to connect to to send email messages.
email_host = {{ email_host }}
[groups]
# List of groups to update
group_list = None
# The types of group packages to install
group_package_types = mandatory, default
[base]
# This section overrides yum.conf
# Use this to filter Yum core messages
# -4: critical
# -3: critical+errors
# -2: critical+errors+warnings (default)
debuglevel = -2
# skip_broken = True
mdpolicy = group:main
# Uncomment to auto-import new gpg keys (dangerous)
# assumeyes = True
{% if hourly_base_options is defined %}
# Custom yum changes
{% for option in hourly_base_options %}
{{ option }}
{% endfor %}
{% endif %}

87
attachments/ansible/roles/ansible-yum-cron/templates/yum-cron.conf.j2 Normal file
View File

@ -0,0 +1,87 @@
[commands]
# What kind of update to use:
# default = yum upgrade
# security = yum --security upgrade
# security-severity:Critical = yum --sec-severity=Critical upgrade
# minimal = yum --bugfix upgrade-minimal
# minimal-security = yum --security upgrade-minimal
# minimal-security-severity:Critical = --sec-severity=Critical upgrade-minimal
update_cmd = {{ daily_update_level }}
# Whether a message should be emitted when updates are available,
# were downloaded, or applied.
update_messages = {{ daily_update_message }}
# Whether updates should be downloaded when they are available.
download_updates = {{ daily_download_updates }}
# Whether updates should be applied when they are available. Note
# that download_updates must also be yes for the update to be applied.
apply_updates = {{ daily_apply_updates }}
# Maximum amout of time to randomly sleep, in minutes. The program
# will sleep for a random amount of time between 0 and random_sleep
# minutes before running. This is useful for e.g. staggering the
# times that multiple systems will access update servers. If
# random_sleep is 0 or negative, the program will run immediately.
# 6*60 = 360
random_sleep = {{ daily_random_sleep }}
[emitters]
# Name to use for this system in messages that are emitted. If
# system_name is None, the hostname will be used.
system_name = {{ system_name }}
# How to send messages. Valid options are stdio and email. If
# emit_via includes stdio, messages will be sent to stdout; this is useful
# to have cron send the messages. If emit_via includes email, this
# program will send email itself according to the configured options.
# If emit_via is None or left blank, no messages will be sent.
emit_via = {{ emit_via }}
# The width, in characters, that messages that are emitted should be
# formatted to.
ouput_width = {{ output_width }}
[email]
# The address to send email messages from.
email_from = {{ email_from }}
# List of addresses to send messages to.
email_to = {{ email_to }}
# Name of the host to connect to to send email messages.
email_host = {{ email_host }}
[groups]
# NOTE: This only works when group_command != objects, which is now the default
# List of groups to update
group_list = None
# The types of group packages to install
group_package_types = mandatory, default
[base]
# This section overrides yum.conf
# Use this to filter Yum core messages
# -4: critical
# -3: critical+errors
# -2: critical+errors+warnings (default)
debuglevel = -2
# skip_broken = True
mdpolicy = group:main
# Uncomment to auto-import new gpg keys (dangerous)
# assumeyes = True
{% if daily_base_options is defined %}
# Custom yum changes
{% for option in daily_base_options %}
{{ option }}
{% endfor %}
{% endif %}

8
attachments/ansible/roles/ansible-yum-cron/templates/yum_clean_cron.j2 Normal file
View File

@ -0,0 +1,8 @@
#!/bin/sh
/usr/bin/yum clean {{ yum_cron_clean_what }} >/dev/null
EXITVALUE=$?
if [ $EXITVALUE != 0 ]; then
/usr/bin/logger -t yum-cron-clean "ERROR: exited abnormally with [$EXITVALUE]"
fi
exit 0

9
attachments/ansible/roles/ansible-yum-update/tasks/main.yml Normal file
View File

@ -0,0 +1,9 @@
---
- name: install yum security plugin on RHEL 7.X
# when: ansible_os_family == "CentOS"
yum: pkg=yum-plugin-security state=latest
- name: Lets upgrade all packages to the latest version.
yum:
name: '*'
state: latest

25
attachments/ansible/xmr01.yml Normal file
View File

@ -0,0 +1,25 @@
---
- name: Setup xmr01.lipovcan.cz
hosts: xmr01
roles:
- ansible-yum-update
- ansible-sw-common-apps
- ansible-sys-hostname
- ansible-sw-firewalld
- ansible-sw-ntp
- ansible-sw-sshsec
- ansible-yum-cron
- ansible-sw-postfix
- ansible-user-add
- ansible-sw-xmrstak
vars:
login_pass: "[smtp.gmail.com]:587 server@lipovcan.cz:A9tboeJE"
yum_hourly_update_disable: true
users:
- username: ownercz
issudo: false
updatepassword: on_create
password: ssme-thesis
hostname: xmr01.lipovcan.cz

8
attachments/ansible/xmratwin.yml Normal file
View File

@ -0,0 +1,8 @@
---
- name: Setup xmr01.lipovcan.cz
hosts: win
roles:
- ansible-win-apps
vars:
release_url: "https://github.com/fireice-uk/xmr-stak/releases/download/2.6.0/xmr-stak-win64-2.6.0.zip"
username: "Ownercz"

BIN
attachments/cleansed/miners-survey-results.xlsx Normal file
View File

Binary file not shown.

BIN
attachments/cleansed/users-survey-results.xlsx Normal file
View File

Binary file not shown.

53
attachments/kickstart/ks.cfg Normal file
View File

@ -0,0 +1,53 @@
#version=DEVEL
# System authorization information
auth --enableshadow --passalgo=sha512
# Use network installation
url --url="http://ftp.fi.muni.cz/pub/linux/centos/7/os/x86_64/"
repo --name="base" --baseurl=http://ftp.fi.muni.cz/pub/linux/centos/7/os/x86_64/
# Use graphical install
graphical
# Run the Setup Agent on first boot
firstboot --enable
ignoredisk --only-use=sda
# Keyboard layouts
keyboard --vckeymap=us --xlayouts='us'
# System language
lang en_US.UTF-8
# Network information
network --bootproto=dhcp --device=ens192 --ipv6=auto --activate
network --bootproto=dhcp --hostname=changeme.lipovcan.cz
# Reboot after installation
reboot
# Root password
rootpw --iscrypted $6$jtf4WZQD/5Ozocag$5UcoItitnW58zDBojEJd2LO4PqcPx77Bnf01ua46NhwmO1nA3k.itRf7oz4LXRNCrsgkLtnHgIBvQ4R3FUA391
# System services
services --enabled="chronyd"
# System timezone
timezone Europe/Prague --isUtc --ntpservers=tik.cesnet.cz
# System bootloader configuration
bootloader --append=" crashkernel=auto" --location=mbr --boot-drive=sda
autopart --type=lvm
# Clear the Master Boot Record
zerombr
# Partition clearing information
clearpart --all --initlabel
%packages
@^minimal
@core
chrony
kexec-tools
kexec-tools
%end
%addon com_redhat_kdump --enable --reserve-mb='auto'
%end
%anaconda
pwpolicy root --minlen=6 --minquality=50 --notstrict --nochanges --notempty
pwpolicy user --minlen=6 --minquality=50 --notstrict --nochanges --notempty
pwpolicy luks --minlen=6 --minquality=50 --notstrict --nochanges --notempty
%end

BIN
attachments/original/miners-survey-results.xlsx Normal file
View File

Binary file not shown.

BIN
attachments/original/users-survey-results.xlsx Normal file
View File

Binary file not shown.

139
attachments/sql-queries/miners_query.sql Normal file
View File

@ -0,0 +1,139 @@
USE lime_data_1;
SELECT COUNT(*) FROM miners WHERE Why_do_you_mine_Monero_For_profit like 'Yes';
SELECT COUNT(*) FROM miners WHERE Why_do_you_mine_Monero_As_an_investment like 'Yes';
SELECT COUNT(*) FROM miners WHERE Why_do_you_mine_Monero_To_help_securing_the_network like 'Yes';
SELECT COUNT(*) FROM miners WHERE Why_do_you_mine_Monero_It_is_more_profitable_than_other_coins like 'Yes';
SELECT COUNT(*) FROM miners WHERE Why_do_you_mine_Monero_It_is_CPU_mineable like 'Yes';
SELECT COUNT(*) FROM miners WHERE Why_do_you_mine_Monero_To_help_Monero_project like 'Yes';
SELECT COUNT(*) FROM miners WHERE Why_do_you_mine_Monero_Community like 'Yes';
SELECT COUNT(*) FROM miners WHERE Why_do_you_mine_Monero_To_support_nonASIC_mining like 'Yes';
SELECT COUNT(*) FROM miners WHERE Why_do_you_mine_Monero_Other like 'Yes';
SELECT COUNT(*) FROM miners WHERE mine_with_Regular_PC_no_dedicated_mining_rig like 'Yes' AND Response_ID NOT IN (SELECT Response_ID from miners WHERE mine_with_Regular_PC_no_dedicated_mining_rig like 'Yes' AND (mine_with_Mining_rig_GPU_only like 'Yes' OR mine_with_Mining_rig_CPUGPU_combined like 'Yes' OR mine_with_Mining_rig_CPU_only like 'Yes'));
SELECT COUNT(*) FROM miners WHERE mine_with_Work_PC like 'Yes' AND Response_ID NOT IN (SELECT Response_ID from miners WHERE mine_with_Regular_PC_no_dedicated_mining_rig like 'Yes' AND (mine_with_Mining_rig_GPU_only like 'Yes' OR mine_with_Mining_rig_CPUGPU_combined like 'Yes' OR mine_with_Mining_rig_CPU_only like 'Yes'));
SELECT COUNT(*) FROM miners WHERE mine_with_Mining_rig_GPU_only like 'Yes' AND Response_ID NOT IN (SELECT Response_ID from miners WHERE mine_with_Regular_PC_no_dedicated_mining_rig like 'Yes' AND (mine_with_Mining_rig_GPU_only like 'Yes' OR mine_with_Mining_rig_CPUGPU_combined like 'Yes' OR mine_with_Mining_rig_CPU_only like 'Yes'));
SELECT COUNT(*) FROM miners WHERE mine_with_Mining_rig_CPUGPU_combined like 'Yes' AND Response_ID NOT IN (SELECT Response_ID from miners WHERE mine_with_Regular_PC_no_dedicated_mining_rig like 'Yes' AND (mine_with_Mining_rig_GPU_only like 'Yes' OR mine_with_Mining_rig_CPUGPU_combined like 'Yes' OR mine_with_Mining_rig_CPU_only like 'Yes'));
SELECT COUNT(*) FROM miners WHERE mine_with_Mining_rig_CPU_only like 'Yes' AND Response_ID NOT IN (SELECT Response_ID from miners WHERE mine_with_Regular_PC_no_dedicated_mining_rig like 'Yes' AND (mine_with_Mining_rig_GPU_only like 'Yes' OR mine_with_Mining_rig_CPUGPU_combined like 'Yes' OR mine_with_Mining_rig_CPU_only like 'Yes'));
SELECT COUNT(*) FROM miners WHERE mine_with_Branded_server_platform_Dell_HP_SuperMicro_etc like 'Yes';
SELECT COUNT(*) FROM miners WHERE mine_with_Cloud_mining like 'Yes';
SELECT COUNT(*) FROM miners WHERE mine_with_VPS_mining like 'Yes';
SELECT COUNT(*) FROM miners WHERE mine_with_Botnet_mining like 'Yes';
SELECT COUNT(*) FROM miners WHERE mine_with_Nicehash_minepower_buying like 'Yes';
SELECT COUNT(*) FROM miners WHERE mine_with_Other like 'Yes';
AND Response_ID NOT IN (SELECT Response_ID from miners WHERE mine_with_Regular_PC_no_dedicated_mining_rig like 'Yes' AND (mine_with_Mining_rig_GPU_only like 'Yes' OR mine_with_Mining_rig_CPUGPU_combined like 'Yes' OR mine_with_Mining_rig_CPU_only like 'Yes'));
SELECT COUNT(What_is_your_total_hashrate),AVG(What_is_your_total_hashrate) FROM miners WHERE What_is_your_total_hashrate > 0;
SELECT What_is_your_total_hashrate FROM miners WHERE What_is_your_total_hashrate > 0; #median in excel from this data
SELECT COUNT(*),(COUNT(*)*100)/60 FROM miners WHERE _statements_I_mine_in_my_property like 'Yes';
SELECT COUNT(*),(COUNT(*)*100)/60 FROM miners WHERE _statements_I_setup_my_rigs_myself like 'Yes';
SELECT COUNT(*),(COUNT(*)*100)/60 FROM miners WHERE _statements_I_mine_on_Windows like 'Yes';
SELECT COUNT(*),(COUNT(*)*100)/60 FROM miners WHERE _statements_I_mine_on_Linux like 'Yes';
SELECT COUNT(*),(COUNT(*)*100)/60 FROM miners WHERE _statements_I_regularly_clean_my_rigs like 'Yes';
SELECT COUNT(*),(COUNT(*)*100)/60 FROM miners WHERE _statements_I_regularly_update_my_rigs like 'Yes';
SELECT COUNT(*),(COUNT(*)*100)/60 FROM miners WHERE _statements_I_have_a_backup_power_supply_UPS like 'Yes';
SELECT COUNT(*),(COUNT(*)*100)/60 FROM miners WHERE What_software_do_you_use_for_mining_XMR_Stak like 'Yes';
SELECT COUNT(*),(COUNT(*)*100)/60 FROM miners WHERE What_software_do_you_use_for_mining_XMRig like 'Yes';
SELECT COUNT(*),(COUNT(*)*100)/60 FROM miners WHERE What_software_do_you_use_for_mining_XMRig_AMD like 'Yes';
SELECT COUNT(*),(COUNT(*)*100)/60 FROM miners WHERE What_software_do_you_use_for_mining_XMRig_NVIDIA like 'Yes';
SELECT COUNT(*),(COUNT(*)*100)/60 FROM miners WHERE What_software_do_you_use_for_mining_Official_wallet_software like 'Yes';
SELECT COUNT(*),(COUNT(*)*100)/60 FROM miners WHERE What_software_do_you_use_for_mining_MinerGate like 'Yes';
SELECT COUNT(*),(COUNT(*)*100)/60 FROM miners WHERE What_software_do_you_use_for_mining_Other like 'Yes';
SELECT COUNT(*) FROM miners WHERE Do_you_perform_solomining_or_poolmining_Solomining like 'Yes';
SELECT COUNT(*) FROM miners WHERE Do_you_perform_solomining_or_poolmining_Poolmining like 'Yes';
SELECT COUNT(*) FROM miners WHERE Do_you_perform_solomining_or_poolmining_Both like 'Yes';
SELECT COUNT(*),(COUNT(*)*100)/60 FROM miners WHERE obtain_mining_software_Binaries_from_official_Github_repository like 'Yes';
SELECT COUNT(*),(COUNT(*)*100)/60 FROM miners WHERE obtain_mining_software_Compiling_official_Github_repository like 'Yes';
SELECT COUNT(*),(COUNT(*)*100)/60 FROM miners WHERE obtain_mining_software_Forums_with_binaries like 'Yes';
SELECT COUNT(*),(COUNT(*)*100)/60 FROM miners WHERE obtain_mining_software_Filesharing_services like 'Yes';
SELECT COUNT(*),(COUNT(*)*100)/60 FROM miners WHERE obtain_mining_software_Random_Google_source like 'Yes';
SELECT COUNT(*),(COUNT(*)*100)/60 FROM miners WHERE obtain_mining_software_Other like 'Yes';
SELECT COUNT(*),(COUNT(*)*100)/60 FROM miners WHERE Was_your_mining_setup_ever_compromised like 'Yes';
SELECT compromised_What_were_the_consequences FROM miners WHERE compromised_What_were_the_consequences IS NOT NULL;
SELECT COUNT(*),(COUNT(*)*100)/60 FROM miners WHERE In_which_pool_do_you_mine_bohemianpoolcom like 'Yes';
SELECT COUNT(*),(COUNT(*)*100)/60 FROM miners WHERE In_which_pool_do_you_mine_cryptopoolfr like 'Yes';
SELECT COUNT(*),(COUNT(*)*100)/60 FROM miners WHERE In_which_pool_do_you_mine_dwarfpoolcom like 'Yes';
SELECT COUNT(*),(COUNT(*)*100)/60 FROM miners WHERE In_which_pool_do_you_mine_f2poolcom like 'Yes';
SELECT COUNT(*),(COUNT(*)*100)/60 FROM miners WHERE In_which_pool_do_you_mine_hashvaultpro like 'Yes';
SELECT COUNT(*),(COUNT(*)*100)/60 FROM miners WHERE In_which_pool_do_you_mine_minepro like 'Yes';
SELECT COUNT(*),(COUNT(*)*100)/60 FROM miners WHERE In_which_pool_do_you_mine_minergatecom like 'Yes';
SELECT COUNT(*),(COUNT(*)*100)/60 FROM miners WHERE In_which_pool_do_you_mine_minexmrcom like 'Yes';
SELECT COUNT(*),(COUNT(*)*100)/60 FROM miners WHERE In_which_pool_do_you_mine_miningpoolhubcom like 'Yes';
SELECT COUNT(*),(COUNT(*)*100)/60 FROM miners WHERE In_which_pool_do_you_mine_monerohashcom like 'Yes';
SELECT COUNT(*),(COUNT(*)*100)/60 FROM miners WHERE In_which_pool_do_you_mine_monerooceanstream like 'Yes';
SELECT COUNT(*),(COUNT(*)*100)/60 FROM miners WHERE In_which_pool_do_you_mine_moriaxmrcom like 'Yes';
SELECT COUNT(*),(COUNT(*)*100)/60 FROM miners WHERE In_which_pool_do_you_mine_multipoolercom like 'Yes';
SELECT COUNT(*),(COUNT(*)*100)/60 FROM miners WHERE In_which_pool_do_you_mine_nanopoolorg like 'Yes';
SELECT COUNT(*),(COUNT(*)*100)/60 FROM miners WHERE In_which_pool_do_you_mine_omineorg like 'Yes';
SELECT COUNT(*),(COUNT(*)*100)/60 FROM miners WHERE In_which_pool_do_you_mine_poolincom like 'Yes';
SELECT COUNT(*),(COUNT(*)*100)/60 FROM miners WHERE In_which_pool_do_you_mine_steadyhashorg like 'Yes';
SELECT COUNT(*),(COUNT(*)*100)/60 FROM miners WHERE In_which_pool_do_you_mine_supportxmrcom like 'Yes';
SELECT COUNT(*),(COUNT(*)*100)/60 FROM miners WHERE In_which_pool_do_you_mine_xmrpooleu like 'Yes';
SELECT COUNT(*),(COUNT(*)*100)/60 FROM miners WHERE In_which_pool_do_you_mine_xmrpoolnet like 'Yes';
SELECT In_which_pool_do_you_mine_Other FROM miners WHERE In_which_pool_do_you_mine_Other IS NOT NULL;
SELECT COUNT(*),(COUNT(*)*100)/60 FROM miners WHERE choosing_a_pool_Recommendation_by_communityfriend like 'Yes';
SELECT COUNT(*),(COUNT(*)*100)/60 FROM miners WHERE choosing_a_pool_Hashrate like 'Yes';
SELECT COUNT(*),(COUNT(*)*100)/60 FROM miners WHERE choosing_a_pool_Asociated_features_mobile_apps_etc like 'Yes';
SELECT COUNT(*),(COUNT(*)*100)/60 FROM miners WHERE choosing_a_pool_Security_and_range_of_ports like 'Yes';
SELECT COUNT(*),(COUNT(*)*100)/60 FROM miners WHERE choosing_a_pool_Latency like 'Yes';
SELECT COUNT(*),(COUNT(*)*100)/60 FROM miners WHERE choosing_a_pool_Pool_fee like 'Yes';
SELECT COUNT(*),(COUNT(*)*100)/60 FROM miners WHERE choosing_a_pool_Minimal_payout like 'Yes';
SELECT COUNT(*),(COUNT(*)*100)/60 FROM miners WHERE choosing_a_pool_AntiBotnet_policy like 'Yes';
SELECT COUNT(*),(COUNT(*)*100)/60 FROM miners WHERE choosing_a_pool_History_of_the_pool like 'Yes';
SELECT COUNT(*),(COUNT(*)*100)/60 FROM miners WHERE choosing_a_pool_Previous_security_incidents like 'Yes';
SELECT COUNT(*),(COUNT(*)*100)/39,(100-(COUNT(*)*100)/39) FROM miners WHERE Do_you_have_Windows_Update_enabled_by_default like 'Yes';
SELECT COUNT(*),(COUNT(*)*100)/39,(100-(COUNT(*)*100)/39) FROM miners WHERE How_often_do_you_perform_updates_on_your_mining_setup like 'Yes';
SELECT COUNT(*),(COUNT(*)*100)/39,(100-(COUNT(*)*100)/39) FROM miners WHERE How_often_do_you_perform_updates_on_your_mining_setup_Other like 'Yes';
SELECT COUNT(*),(COUNT(*)*100)/39,(100-(COUNT(*)*100)/39) FROM miners WHERE Windows_Are_your_mining_rigs_on_Windows_activated like 'Yes';
SELECT COUNT(*),(COUNT(*)*100)/39,(100-(COUNT(*)*100)/39) FROM miners WHERE Windows_Do_you_wait_some_time_to_apply_updates like 'Yes';
SELECT COUNT(*),(COUNT(*)*100)/39,(100-(COUNT(*)*100)/39) FROM miners WHERE Windows_igpubug like 'Yes';
SELECT COUNT(*),(COUNT(*)*100)/39,(100-(COUNT(*)*100)/39) FROM miners WHERE Windows_Do_you_use_AV_software_on_mining_rigs like 'Yes';
SELECT COUNT(*),(COUNT(*)*100)/39,(100-(COUNT(*)*100)/39) FROM miners WHERE Windows_Do_you_keep_Deffender_enabled_on_Windows like 'Yes';
SELECT COUNT(*),(COUNT(*)*100)/39,(100-(COUNT(*)*100)/39) FROM miners WHERE Windows_Do_you_use_Teamviewer_to_manage_rigs like 'Yes' or Windows_Do_you_use_VNC_to_manage_rigs like 'Yes';
SELECT COUNT(*),(COUNT(*)*100)/39,(100-(COUNT(*)*100)/39) FROM miners WHERE Windows_Do_you_use_VNC_to_manage_rigs like 'Yes';
SELECT COUNT(*),(COUNT(*)*100)/39,(100-(COUNT(*)*100)/39) FROM miners WHERE Windows_Do_you_have_a_firewall_enabled_on_rigs like 'Yes';
SELECT COUNT(*),(COUNT(*)*100)/39,(100-(COUNT(*)*100)/39) FROM miners WHERE Windows_Do_you_use_automation_tools_Eg_Powershell like 'Yes';
SELECT COUNT(*),(COUNT(*)*100)/39,(100-(COUNT(*)*100)/39) FROM miners WHERE Are_your_Windows_miners_automatically_deployed like 'Yes';
SELECT COUNT(*),(COUNT(*)*100)/33,(100-(COUNT(*)*100)/33) FROM miners WHERE Which_Linux_distribution_do_you_use_Red_Hat_Linux like 'Yes';
SELECT COUNT(*),(COUNT(*)*100)/33,(100-(COUNT(*)*100)/33) FROM miners WHERE Which_Linux_distribution_do_you_use_CentOS like 'Yes';
SELECT COUNT(*),(COUNT(*)*100)/33,(100-(COUNT(*)*100)/33) FROM miners WHERE Which_Linux_distribution_do_you_use_Fedora like 'Yes';
SELECT COUNT(*),(COUNT(*)*100)/33,(100-(COUNT(*)*100)/33) FROM miners WHERE Which_Linux_distribution_do_you_use_openSUSE like 'Yes';
SELECT COUNT(*),(COUNT(*)*100)/33,(100-(COUNT(*)*100)/33) FROM miners WHERE Which_Linux_distribution_do_you_use_Ubuntu like 'Yes';
SELECT COUNT(*),(COUNT(*)*100)/33,(100-(COUNT(*)*100)/33) FROM miners WHERE Which_Linux_distribution_do_you_use_Debian like 'Yes';
SELECT COUNT(*),(COUNT(*)*100)/33,(100-(COUNT(*)*100)/33) FROM miners WHERE Which_Linux_distribution_do_you_use_Mining_OS like 'Yes';
SELECT COUNT(*),(COUNT(*)*100)/33,(100-(COUNT(*)*100)/33) FROM miners WHERE Which_Linux_distribution_do_you_use_Other like 'Yes';
SELECT COUNT(*),(COUNT(*)*100)/33,(100-(COUNT(*)*100)/33) FROM miners WHERE How_often_do_you_perform_updates_on_linux_based_miners like 'Yes';
SELECT COUNT(*),(COUNT(*)*100)/33,(100-(COUNT(*)*100)/33) FROM miners WHERE How_often_do_you_perform_updates_on_linux_based_miners_Other like 'Yes';
SELECT COUNT(*),(COUNT(*)*100)/33,(100-(COUNT(*)*100)/33) FROM miners WHERE Do_you_have_SElinux_enabled like 'Yes';
SELECT COUNT(*),(COUNT(*)*100)/33,(100-(COUNT(*)*100)/33) FROM miners WHERE Linux_yumcron like 'Yes';
SELECT COUNT(*),(COUNT(*)*100)/33,(100-(COUNT(*)*100)/33) FROM miners WHERE Linux_systemdcron like 'Yes';
SELECT COUNT(*),(COUNT(*)*100)/33,(100-(COUNT(*)*100)/33) FROM miners WHERE Linux_Do_you_remotely_manage_your_rigs like 'Yes';
SELECT COUNT(*),(COUNT(*)*100)/33,(100-(COUNT(*)*100)/33) FROM miners WHERE Linux_SSH_enabled like 'Yes';
SELECT COUNT(*),(COUNT(*)*100)/33,(100-(COUNT(*)*100)/33) FROM miners WHERE Linux_Do_you_use_Teamviewer like 'Yes';
SELECT COUNT(*),(COUNT(*)*100)/33,(100-(COUNT(*)*100)/33) FROM miners WHERE Linux_Do_you_use_VNC like 'Yes';
SELECT COUNT(*),(COUNT(*)*100)/33,(100-(COUNT(*)*100)/33) FROM miners WHERE Linux_automation like 'Yes';
SELECT COUNT(*),(COUNT(*)*100)/33 ,(100-(COUNT(*)*100)/33) FROM miners WHERE Are_your_Linux_miners_automatically_deployed like 'Yes';
SELECT Which_gender_are_you,COUNT(*),(COUNT(*)*100)/(SELECT DISTINCT COUNT(*) FROM miners) FROM miners GROUP BY Which_gender_are_you ;
SELECT COUNT(In_which_age_group_are_you) FROM miners GROUP BY In_which_age_group_are_you ;
SELECT COUNT(Please_select_your_highest_achieved_level_of_education) FROM miners group by Please_select_your_highest_achieved_level_of_education ;
SELECT COUNT(*),(COUNT(*)*100)/60 FROM miners WHERE Do_you_study_or_work_in_IT_related_field like 'Yes';
SELECT Which_gender_are_you,COUNT(*),(COUNT(*)*100)/(SELECT DISTINCT COUNT(*) FROM miners) FROM miners GROUP BY Which_gender_are_you ;
SELECT In_which_age_group_are_you,COUNT(In_which_age_group_are_you),(COUNT(In_which_age_group_are_you)*100)/(SELECT DISTINCT COUNT(*) FROM miners) FROM miners GROUP BY In_which_age_group_are_you ;
SELECT Please_select_your_highest_achieved_level_of_education,COUNT(Please_select_your_highest_achieved_level_of_education),(COUNT(Please_select_your_highest_achieved_level_of_education)*100)/(SELECT DISTINCT COUNT(*) FROM miners) FROM miners group by Please_select_your_highest_achieved_level_of_education ;
SELECT Do_you_study_or_work_in_IT_related_field,COUNT(Do_you_study_or_work_in_IT_related_field),(COUNT(Do_you_study_or_work_in_IT_related_field)*100)/(SELECT DISTINCT COUNT(*) FROM miners) FROM miners group by Do_you_study_or_work_in_IT_related_field ;
SELECT COUNT(Do_you_study_or_work_in_IT_related_field),(COUNT(*)*100)/60 FROM miners WHERE Do_you_study_or_work_in_IT_related_field like 'Yes';

120
attachments/sql-queries/users_query.sql Normal file
View File

@ -0,0 +1,120 @@
SELECT COUNT(*)
FROM users
WHERE Which_services_or_apps_Official_Monero_GUI LIKE 'yes' OR Which_services_or_apps_Official_Monero_CLI LIKE 'yes' OR Which_services_or_apps_Other_desktop_client LIKE 'yes';
SELECT COUNT(*)
FROM users
WHERE Which_platforms_do_you_use_to_access_Monero_Android LIKE 'yes' OR Which_platforms_do_you_use_to_access_Monero_iOS LIKE 'yes';
SELECT COUNT(*)
FROM users
WHERE Which_platforms_do_you_use_to_access_Monero_Android LIKE 'yes' AND Which_services_or_apps_Monerujo_Android LIKE 'yes';
SELECT COUNT(*)
FROM users
WHERE Which_platforms_do_you_use_to_access_Monero_Android LIKE 'yes' AND Which_services_or_apps_Freewallet_Android LIKE 'yes';
SELECT COUNT(*)
FROM users
WHERE Which_platforms_do_you_use_to_access_Monero_Android LIKE 'yes' AND Which_services_or_apps_Other_Android_wallet LIKE 'yes';
SELECT COUNT(*)
FROM users
WHERE Which_platforms_do_you_use_to_access_Monero_Android LIKE 'yes';
SELECT COUNT(*)
FROM users
WHERE Which_platforms_do_you_use_to_access_Monero_iOS LIKE 'yes';
SELECT COUNT(*)
FROM users
WHERE Which_platforms_do_you_use_to_access_Monero_iOS LIKE 'yes' AND Which_services_or_apps_Cake_Wallet_iOS LIKE 'yes';
SELECT COUNT(*)
FROM users
WHERE Which_platforms_do_you_use_to_access_Monero_iOS LIKE 'yes' AND Which_services_or_apps_Freewallet_iOS LIKE 'yes';
SELECT COUNT(*)
FROM users
WHERE Which_platforms_do_you_use_to_access_Monero_iOS LIKE 'yes' AND Which_services_or_apps_Other_iOS_wallet LIKE 'yes';
SELECT COUNT(*)
FROM users
WHERE Which_services_or_apps_XMRwallet_online_wallet LIKE 'yes' OR Which_services_or_apps_MyMonero_online_wallet LIKE 'yes' OR Which_services_or_apps_Other_online_wallet LIKE 'yes';
SELECT COUNT(*)
FROM users
WHERE Which_services_or_apps_XMRwallet_online_wallet LIKE 'yes';
SELECT COUNT(*)
FROM users
WHERE Which_services_or_apps_MyMonero_online_wallet LIKE 'yes';
SELECT COUNT(*)
FROM users
WHERE Which_services_or_apps_Other_online_wallet LIKE 'yes';
SELECT COUNT(DISTINCT Response_ID)
FROM users
WHERE Which_platforms_do_you_use_to_access_Monero_Windows LIKE 'yes' AND Which_platforms_do_you_use_to_access_Monero_Linux LIKE 'no';
SELECT COUNT(DISTINCT Response_ID)
FROM users
WHERE Which_platforms_do_you_use_to_access_Monero_Windows LIKE 'no' AND Which_platforms_do_you_use_to_access_Monero_Linux LIKE 'yes';
SELECT COUNT(DISTINCT Response_ID)
FROM users
WHERE Which_platforms_do_you_use_to_access_Monero_Windows LIKE 'yes' AND Which_platforms_do_you_use_to_access_Monero_Linux LIKE 'yes';
SELECT COUNT(DISTINCT Response_ID)
FROM users
WHERE Which_services_or_apps_Official_Monero_GUI LIKE 'yes' OR Which_services_or_apps_Official_Monero_CLI LIKE 'yes' OR Which_services_or_apps_Monerujo_Android LIKE 'yes' OR Which_services_or_apps_Cake_Wallet_iOS LIKE 'yes' OR Which_services_or_apps_MyMonero_online_wallet LIKE 'yes';
SELECT COUNT(*) FROM users WHERE How_often_do_you_make_transactions_on_the_Monero_network like 'At least once a day';
SELECT (COUNT(How_often_do_you_make_transactions_on_the_Monero_network)*100)/107,100-((COUNT(How_often_do_you_make_transactions_on_the_Monero_network)*100)/107),COUNT(How_often_do_you_make_transactions_on_the_Monero_network), How_often_do_you_make_transactions_on_the_Monero_network from users GROUP BY How_often_do_you_make_transactions_on_the_Monero_network ;
SELECT COUNT(*) FROM users;
SELECT COUNT(*) FROM users WHERE Do_you_consider_yourself_a_HOLDer LIKE 'yes' AND (How_often_do_you_make_transactions_on_the_Monero_network LIKE 'At least once a day' OR How_often_do_you_make_transactions_on_the_Monero_network LIKE 'At least once a week' OR How_often_do_you_make_transactions_on_the_Monero_network LIKE 'At least once a month') ;
SELECT COUNT(*) FROM users WHERE Do_you_consider_yourself_a_HOLDer LIKE 'yes' OR Do_you_consider_yourself_a_HOLDer LIKE 'no';
SELECT COUNT(*), (COUNT(*)*100)/113 FROM users WHERE Where_do_you_pay_with_Monero_Subscription_services LIKE 'yes';
SELECT COUNT(*), (COUNT(*)*100)/113 FROM users WHERE Where_do_you_pay_with_Monero_Coffee_shops_restaurants_bars LIKE 'yes';
SELECT COUNT(*), (COUNT(*)*100)/113 FROM users WHERE Where_do_you_pay_with_Monero_Donations LIKE 'yes';
SELECT COUNT(*), (COUNT(*)*100)/113 FROM users WHERE Where_do_you_pay_with_Monero_Art LIKE 'yes';
SELECT COUNT(*), (COUNT(*)*100)/113 FROM users WHERE Where_do_you_pay_with_Monero_Electronics LIKE 'yes';
SELECT COUNT(*), (COUNT(*)*100)/113 FROM users WHERE Where_do_you_pay_with_Monero_Travelling LIKE 'yes';
SELECT COUNT(*), (COUNT(*)*100)/113 FROM users WHERE Where_do_you_pay_with_Monero_Eshops LIKE 'yes';
SELECT COUNT(*), (COUNT(*)*100)/113 FROM users WHERE Where_do_you_pay_with_Monero_Darknet_markets LIKE 'yes';
SELECT COUNT(*), (COUNT(*)*100)/113 FROM users WHERE Where_do_you_pay_with_Monero_Drugs LIKE 'yes';
SELECT COUNT(*), (COUNT(*)*100)/113 FROM users WHERE Where_do_you_pay_with_Monero_Poker_and_other_gambling_sites LIKE 'yes';
SELECT COUNT(*), (COUNT(*)*100)/113 FROM users WHERE Where_do_you_pay_with_Monero_Gift_cards LIKE 'yes';
SELECT COUNT(*), (COUNT(*)*100)/113 FROM users WHERE Where_do_you_pay_with_Monero_Illegal_usecases LIKE 'yes';
SELECT COUNT(*), (COUNT(*)*100)/113 FROM users WHERE Where_do_you_pay_with_Monero_VPN_services LIKE 'yes';
SELECT COUNT(*), (COUNT(*)*100)/113 FROM users WHERE Where_do_you_pay_with_Monero_Hosting_and_other_IT_services LIKE 'yes';
SELECT COUNT(*), (COUNT(*)*100)/113 FROM users WHERE Where_do_you_pay_with_Monero_Other LIKE 'yes';
SELECT COUNT(*), (COUNT(*)*100)/113 FROM users WHERE Have_you_ever_been_affected_by_malicious_software LIKE 'yes';
SELECT COUNT(*), (COUNT(*)*100)/113 FROM users WHERE Anonymity_Monero_transactions_are_anonymous LIKE 'yes';
SELECT COUNT(*), (COUNT(*)*100)/113 FROM users WHERE Anonymity_Monero_transactions_are_anonymous LIKE 'uncertain';
SELECT COUNT(*), (COUNT(*)*100)/113 FROM users WHERE Anonymity_Monero_transactions_are_anonymous LIKE 'no';
SELECT COUNT(*), (COUNT(*)*100)/113 FROM users WHERE Anonymity_Monero_transactions_are_anonymous IS NULL;
SELECT COUNT(*), (COUNT(*)*100)/113 FROM users WHERE Anonymity_noone_else_can_see_your_balance_in_wallet LIKE 'yes';
SELECT COUNT(*), (COUNT(*)*100)/113 FROM users WHERE Anonymity_noone_else_can_see_your_balance_in_wallet LIKE 'uncertain';
SELECT COUNT(*), (COUNT(*)*100)/113 FROM users WHERE Anonymity_noone_else_can_see_your_balance_in_wallet LIKE 'no';
SELECT COUNT(*), (COUNT(*)*100)/113 FROM users WHERE Anonymity_noone_else_can_see_your_balance_in_wallet IS NULL;
SELECT COUNT(*), (COUNT(*)*100)/113 FROM users WHERE Anonymity_Kovri_to_access_Monero_network LIKE 'yes';
SELECT COUNT(*), (COUNT(*)*100)/113 FROM users WHERE Anonymity_Kovri_to_access_Monero_network LIKE 'uncertain';
SELECT COUNT(*), (COUNT(*)*100)/113 FROM users WHERE Anonymity_Kovri_to_access_Monero_network LIKE 'no';
SELECT COUNT(*), (COUNT(*)*100)/113 FROM users WHERE Anonymity_Kovri_to_access_Monero_network IS NULL;
SELECT COUNT(*), (COUNT(*)*100)/113 FROM users WHERE Anonymity_DTor_to_access_Monero_network LIKE 'yes';
SELECT COUNT(*), (COUNT(*)*100)/113 FROM users WHERE Anonymity_DTor_to_access_Monero_network LIKE 'uncertain';
SELECT COUNT(*), (COUNT(*)*100)/113 FROM users WHERE Anonymity_DTor_to_access_Monero_network LIKE 'no';
SELECT COUNT(*), (COUNT(*)*100)/113 FROM users WHERE Anonymity_DTor_to_access_Monero_network IS NULL;

422
attachments/unattended/autounattend.xml Normal file
View File

@ -0,0 +1,422 @@
<!--*************************************************
Windows 10 Answer File Generator
Created using Windows AFG found at:
;http://www.windowsafg.com
Installation Notes
Location:
Notes: Enter your comments here...
**************************************************-->
<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
<settings pass="windowsPE">
<component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<SetupUILanguage>
<UILanguage>cs-CZ</UILanguage>
</SetupUILanguage>
<InputLocale>0405:00000405</InputLocale>
<SystemLocale>cs-CZ</SystemLocale>
<UILanguage>cs-CZ</UILanguage>
<UILanguageFallback>cs-CZ</UILanguageFallback>
<UserLocale>cs-CZ</UserLocale>
</component>
<component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<SetupUILanguage>
<UILanguage>cs-CZ</UILanguage>
</SetupUILanguage>
<InputLocale>0405:00000405</InputLocale>
<SystemLocale>cs-CZ</SystemLocale>
<UILanguage>cs-CZ</UILanguage>
<UILanguageFallback>cs-CZ</UILanguageFallback>
<UserLocale>cs-CZ</UserLocale>
</component>
<component name="Microsoft-Windows-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<DiskConfiguration>
<Disk wcm:action="add">
<CreatePartitions>
<CreatePartition wcm:action="add">
<Order>1</Order>
<Type>Primary</Type>
<Size>100</Size>
</CreatePartition>
<CreatePartition wcm:action="add">
<Extend>true</Extend>
<Order>2</Order>
<Type>Primary</Type>
</CreatePartition>
</CreatePartitions>
<ModifyPartitions>
<ModifyPartition wcm:action="add">
<Active>true</Active>
<Format>NTFS</Format>
<Label>System Reserved</Label>
<Order>1</Order>
<PartitionID>1</PartitionID>
<TypeID>0x27</TypeID>
</ModifyPartition>
<ModifyPartition wcm:action="add">
<Active>true</Active>
<Format>NTFS</Format>
<Label>OS</Label>
<Letter>C</Letter>
<Order>2</Order>
<PartitionID>2</PartitionID>
</ModifyPartition>
</ModifyPartitions>
<DiskID>0</DiskID>
<WillWipeDisk>true</WillWipeDisk>
</Disk>
</DiskConfiguration>
<ImageInstall>
<OSImage>
<InstallTo>
<DiskID>0</DiskID>
<PartitionID>2</PartitionID>
</InstallTo>
<InstallToAvailablePartition>false</InstallToAvailablePartition>
</OSImage>
</ImageInstall>
<UserData>
<AcceptEula>true</AcceptEula>
<FullName></FullName>
<Organization></Organization>
<ProductKey>
<Key>W269N-WFGWX-YVC9B-4J6C9-T83GX</Key>
</ProductKey>
</UserData>
</component>
<component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<DiskConfiguration>
<Disk wcm:action="add">
<CreatePartitions>
<CreatePartition wcm:action="add">
<Order>1</Order>
<Type>Primary</Type>
<Size>100</Size>
</CreatePartition>
<CreatePartition wcm:action="add">
<Extend>true</Extend>
<Order>2</Order>
<Type>Primary</Type>
</CreatePartition>
</CreatePartitions>
<ModifyPartitions>
<ModifyPartition wcm:action="add">
<Active>true</Active>
<Format>NTFS</Format>
<Label>System Reserved</Label>
<Order>1</Order>
<PartitionID>1</PartitionID>
<TypeID>0x27</TypeID>
</ModifyPartition>
<ModifyPartition wcm:action="add">
<Active>true</Active>
<Format>NTFS</Format>
<Label>OS</Label>
<Letter>C</Letter>
<Order>2</Order>
<PartitionID>2</PartitionID>
</ModifyPartition>
</ModifyPartitions>
<DiskID>0</DiskID>
<WillWipeDisk>true</WillWipeDisk>
</Disk>
</DiskConfiguration>
<ImageInstall>
<OSImage>
<InstallTo>
<DiskID>0</DiskID>
<PartitionID>2</PartitionID>
</InstallTo>
<InstallToAvailablePartition>false</InstallToAvailablePartition>
</OSImage>
</ImageInstall>
<UserData>
<AcceptEula>true</AcceptEula>
<FullName></FullName>
<Organization></Organization>
<ProductKey>
<Key>W269N-WFGWX-YVC9B-4J6C9-T83GX</Key>
</ProductKey>
</UserData>
</component>
</settings>
<settings pass="offlineServicing">
<component name="Microsoft-Windows-LUA-Settings" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<EnableLUA>false</EnableLUA>
</component>
</settings>
<settings pass="offlineServicing">
<component name="Microsoft-Windows-LUA-Settings" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<EnableLUA>false</EnableLUA>
</component>
</settings>
<settings pass="generalize">
<component name="Microsoft-Windows-Security-SPP" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<SkipRearm>1</SkipRearm>
</component>
</settings>
<settings pass="generalize">
<component name="Microsoft-Windows-Security-SPP" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<SkipRearm>1</SkipRearm>
</component>
</settings>
<settings pass="specialize">
<component name="Microsoft-Windows-International-Core" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<InputLocale>0405:00000405</InputLocale>
<SystemLocale>cs-CZ</SystemLocale>
<UILanguage>cs-CZ</UILanguage>
<UILanguageFallback>cs-CZ</UILanguageFallback>
<UserLocale>cs-CZ</UserLocale>
</component>
<component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<InputLocale>0405:00000405</InputLocale>
<SystemLocale>cs-CZ</SystemLocale>
<UILanguage>cs-CZ</UILanguage>
<UILanguageFallback>cs-CZ</UILanguageFallback>
<UserLocale>cs-CZ</UserLocale>
</component>
<component name="Microsoft-Windows-Security-SPP-UX" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<SkipAutoActivation>true</SkipAutoActivation>
</component>
<component name="Microsoft-Windows-Security-SPP-UX" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<SkipAutoActivation>true</SkipAutoActivation>
</component>
<component name="Microsoft-Windows-SQMApi" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<CEIPEnabled>0</CEIPEnabled>
</component>
<component name="Microsoft-Windows-SQMApi" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<CEIPEnabled>0</CEIPEnabled>
</component>
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<ComputerName>-PC</ComputerName>
<ProductKey>W269N-WFGWX-YVC9B-4J6C9-T83GX</ProductKey>
</component>
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<ComputerName>-PC</ComputerName>
<ProductKey>W269N-WFGWX-YVC9B-4J6C9-T83GX</ProductKey>
</component>
</settings>
<settings pass="oobeSystem">
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<AutoLogon>
<Password>
<Value></Value>
<PlainText>true</PlainText>
</Password>
<Enabled>true</Enabled>
<Username></Username>
</AutoLogon>
<OOBE>
<HideEULAPage>true</HideEULAPage>
<HideOEMRegistrationScreen>true</HideOEMRegistrationScreen>
<HideOnlineAccountScreens>true</HideOnlineAccountScreens>
<HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE>
<NetworkLocation>Home</NetworkLocation>
<SkipUserOOBE>true</SkipUserOOBE>
<SkipMachineOOBE>true</SkipMachineOOBE>
<ProtectYourPC>1</ProtectYourPC>
</OOBE>
<UserAccounts>
<LocalAccounts>
<LocalAccount wcm:action="add">
<Password>
<Value>ssme-thesis</Value>
<PlainText>true</PlainText>
</Password>
<Description></Description>
<DisplayName>ownercz</DisplayName>
<Group>Administrators</Group>
<Name>ownercz</Name>
</LocalAccount>
</LocalAccounts>
</UserAccounts>
<RegisteredOrganization></RegisteredOrganization>
<RegisteredOwner>ownercz</RegisteredOwner>
<DisableAutoDaylightTimeSet>false</DisableAutoDaylightTimeSet>
<FirstLogonCommands>
<SynchronousCommand wcm:action="add">
<Description>Control Panel View</Description>
<Order>1</Order>
<CommandLine>reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel" /v StartupPage /t REG_DWORD /d 1 /f</CommandLine>
<RequiresUserInput>true</RequiresUserInput>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<Order>2</Order>
<Description>Control Panel Icon Size</Description>
<RequiresUserInput>false</RequiresUserInput>
<CommandLine>reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel" /v AllItemsIconView /t REG_DWORD /d 0 /f</CommandLine>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<Order>3</Order>
<RequiresUserInput>false</RequiresUserInput>
<CommandLine>cmd /C wmic useraccount where name="" set PasswordExpires=false</CommandLine>
<Description>Password Never Expires</Description>
</SynchronousCommand>
</FirstLogonCommands>
<TimeZone>Central Europe Standard Time</TimeZone>
</component>
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<AutoLogon>
<Password>
<Value>ssme-thesis</Value>
<PlainText>true</PlainText>
</Password>
<Enabled>true</Enabled>
<Username>ownercz</Username>
</AutoLogon>
<OOBE>
<HideEULAPage>true</HideEULAPage>
<HideOEMRegistrationScreen>true</HideOEMRegistrationScreen>
<HideOnlineAccountScreens>true</HideOnlineAccountScreens>
<HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE>
<NetworkLocation>Home</NetworkLocation>
<SkipUserOOBE>true</SkipUserOOBE>
<SkipMachineOOBE>true</SkipMachineOOBE>
<ProtectYourPC>1</ProtectYourPC>
</OOBE>
<UserAccounts>
<LocalAccounts>
<LocalAccount wcm:action="add">
<Password>
<Value>ssme-thesis</Value>
<PlainText>true</PlainText>
</Password>
<Description></Description>
<DisplayName>ownercz</DisplayName>
<Group>Administrators</Group>
<Name>ownercz</Name>
</LocalAccount>
</LocalAccounts>
</UserAccounts>
<RegisteredOrganization></RegisteredOrganization>
<RegisteredOwner>ownercz</RegisteredOwner>
<DisableAutoDaylightTimeSet>false</DisableAutoDaylightTimeSet>
<FirstLogonCommands>
<SynchronousCommand wcm:action="add">
<Description>Control Panel View</Description>
<Order>1</Order>
<CommandLine>reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel" /v StartupPage /t REG_DWORD /d 1 /f</CommandLine>
<RequiresUserInput>true</RequiresUserInput>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<Order>2</Order>
<Description>Control Panel Icon Size</Description>
<RequiresUserInput>false</RequiresUserInput>
<CommandLine>reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel" /v AllItemsIconView /t REG_DWORD /d 0 /f</CommandLine>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<Order>3</Order>
<RequiresUserInput>false</RequiresUserInput>
<CommandLine>cmd /C wmic useraccount where name="" set PasswordExpires=false</CommandLine>
<Description>Password Never Expires</Description>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c winrm quickconfig -q</CommandLine>
<Description>Win RM quickconfig -q</Description>
<Order>20</Order>
<RequiresUserInput>true</RequiresUserInput>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c winrm quickconfig -transport:http</CommandLine>
<Description>Win RM quickconfig -transport:http</Description>
<Order>21</Order>
<RequiresUserInput>true</RequiresUserInput>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c winrm set winrm/config @{MaxTimeoutms="1800000"}</CommandLine>
<Description>Win RM MaxTimoutms</Description>
<Order>22</Order>
<RequiresUserInput>true</RequiresUserInput>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c winrm set winrm/config/winrs @{MaxMemoryPerShellMB="300"}</CommandLine>
<Description>Win RM MaxMemoryPerShellMB</Description>
<Order>23</Order>
<RequiresUserInput>true</RequiresUserInput>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c winrm set winrm/config/service @{AllowUnencrypted="true"}</CommandLine>
<Description>Win RM AllowUnencrypted</Description>
<Order>24</Order>
<RequiresUserInput>true</RequiresUserInput>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c winrm set winrm/config/service/auth @{Basic="true"}</CommandLine>
<Description>Win RM auth Basic</Description>
<Order>25</Order>
<RequiresUserInput>true</RequiresUserInput>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c winrm set winrm/config/client/auth @{Basic="true"}</CommandLine>
<Description>Win RM auth Basic</Description>
<Order>26</Order>
<RequiresUserInput>true</RequiresUserInput>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c winrm set winrm/config/listener?Address=*+Transport=HTTP @{Port="5985"} </CommandLine>
<Description>Win RM listener Address/Port</Description>
<Order>27</Order>
<RequiresUserInput>true</RequiresUserInput>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c netsh advfirewall firewall set rule group="remote administration" new enable=yes </CommandLine>
<Description>Win RM adv firewall enable</Description>
<Order>29</Order>
<RequiresUserInput>true</RequiresUserInput>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c net stop winrm </CommandLine>
<Description>Stop Win RM Service </Description>
<Order>28</Order>
<RequiresUserInput>true</RequiresUserInput>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>cmd.exe /c net start winrm </CommandLine>
<Description>Start Win RM Service</Description>
<Order>32</Order>
<RequiresUserInput>true</RequiresUserInput>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>powershell -Command &quot;Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Force&quot;</CommandLine>
<Description>Set PowerShell ExecutionPolicy</Description>
<Order>33</Order>
<RequiresUserInput>true</RequiresUserInput>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<Order>34</Order>
<RequiresUserInput>true</RequiresUserInput>
<CommandLine>powershell -Command &quot;Enable-PSRemoting -Force&quot;</CommandLine>
<Description>Enable PowerShell Remoting</Description>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<Order>35</Order>
<RequiresUserInput>true</RequiresUserInput>
<Description>RDP adv firewall enable</Description>
<CommandLine>cmd.exe /c netsh advfirewall firewall set rule group=&quot;Remote Desktop&quot; new enable=yes </CommandLine>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<Order>36</Order>
<CommandLine>cmd.exe /c sc config winrm start= auto</CommandLine>
<RequiresUserInput>true</RequiresUserInput>
<Description>No-Delay Auto start WinRM on boot</Description>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<Order>37</Order>
<RequiresUserInput>true</RequiresUserInput>
<CommandLine>cmd.exe /c netsh advfirewall set allprofiles state off</CommandLine>
<Description>Disable Windows Firewall</Description>
</SynchronousCommand>
<SynchronousCommand wcm:action="add">
<CommandLine>powershell -Command &quot;Set-Item wsman:\localhost\client\trustedhosts *&quot;</CommandLine>
<Description>Set PowerShell ExecutionPolicy</Description>
<Order>38</Order>
<RequiresUserInput>true</RequiresUserInput>
</SynchronousCommand>
</FirstLogonCommands>
<TimeZone>Central Europe Standard Time</TimeZone>
</component>
</settings>
</unattend>