From 9208846b5747abcd08792605511a1dd1ab457ccf Mon Sep 17 00:00:00 2001
From: JoeServ <bousset.rudy@gmail.com>
Date: Mon, 27 Feb 2023 15:41:41 +0100
Subject: Jail rework

---
 etc/rc.conf                                        |  38 +--
 root/.cshrc                                        |   4 +-
 usr/local/etc/cgitrc                               |  83 ------
 usr/local/etc/gmid.conf                            |  24 --
 usr/local/etc/nginx/nginx.conf                     | 202 --------------
 usr/local/etc/pf.conf                              |  60 ----
 .../lib/cgit/filters/about-formatting-edited.sh    |  28 --
 usr/local/lib/cgit/filters/html-converters/md2html | 307 ---------------------
 .../lib/cgit/filters/html-converters/org2html      |   2 -
 .../lib/cgit/filters/syntax-highlighting-edited.sh | 121 --------
 var/jail/git/etc/rc.conf                           |   8 +
 var/jail/i2p/etc/rc.conf                           |   8 +
 var/jail/nextcloud/etc/rc.conf                     |   8 +
 var/jail/wireguard/etc/rc.conf                     |  11 +
 var/jail/www/etc/rc.conf                           |  13 +
 var/jail/www/usr/local/etc/cgitrc                  |  83 ++++++
 var/jail/www/usr/local/etc/nginx/nginx.conf        | 144 ++++++++++
 .../lib/cgit/filters/about-formatting-edited.sh    |  28 ++
 .../local/lib/cgit/filters/html-converters/md2html | 307 +++++++++++++++++++++
 .../lib/cgit/filters/html-converters/org2html      |   2 +
 .../lib/cgit/filters/syntax-highlighting-edited.sh | 121 ++++++++
 21 files changed, 756 insertions(+), 846 deletions(-)
 delete mode 100644 usr/local/etc/cgitrc
 delete mode 100644 usr/local/etc/gmid.conf
 delete mode 100644 usr/local/etc/nginx/nginx.conf
 delete mode 100644 usr/local/etc/pf.conf
 delete mode 100755 usr/local/lib/cgit/filters/about-formatting-edited.sh
 delete mode 100755 usr/local/lib/cgit/filters/html-converters/md2html
 delete mode 100755 usr/local/lib/cgit/filters/html-converters/org2html
 delete mode 100755 usr/local/lib/cgit/filters/syntax-highlighting-edited.sh
 create mode 100644 var/jail/git/etc/rc.conf
 create mode 100644 var/jail/i2p/etc/rc.conf
 create mode 100644 var/jail/nextcloud/etc/rc.conf
 create mode 100644 var/jail/wireguard/etc/rc.conf
 create mode 100644 var/jail/www/etc/rc.conf
 create mode 100644 var/jail/www/usr/local/etc/cgitrc
 create mode 100644 var/jail/www/usr/local/etc/nginx/nginx.conf
 create mode 100755 var/jail/www/usr/local/lib/cgit/filters/about-formatting-edited.sh
 create mode 100755 var/jail/www/usr/local/lib/cgit/filters/html-converters/md2html
 create mode 100755 var/jail/www/usr/local/lib/cgit/filters/html-converters/org2html
 create mode 100755 var/jail/www/usr/local/lib/cgit/filters/syntax-highlighting-edited.sh

diff --git a/etc/rc.conf b/etc/rc.conf
index 507adae..c96e4a5 100644
--- a/etc/rc.conf
+++ b/etc/rc.conf
@@ -1,6 +1,9 @@
-hostname="joe"
+hostname="alcatraz"
+clear_tmp_enable="YES"
+tmpmfs="YES"
+tmpsize="256m"
 sshd_enable="YES"
-ntpd_enable="YES"
+ntpd_enable="NO"
 static_routes="linklocal"
 devmatch_blacklist="virtio_random.ko"
 sendmail_enable="NONE"
@@ -8,19 +11,20 @@ sendmail_submit_enable="NONE"
 sendmail_msp_queue_enable="NONE"
 sendmail_outbound_enable="NONE"
 ifconfig_vtnet0="DHCP -rxcsum -tso"
-nginx_enable="YES"
-fcgiwrap_enable="YES"
-fcgiwrap_user="www"
-fcgiwrap_group="www"
-fcgiwrap_socket_owner="www"
-fcgiwrap_socket_group="www"
+#nginx_enable="NO"
+#fcgiwrap_enable="NO"
+#fcgiwrap_user="www"
+#fcgiwrap_group="www"
+#fcgiwrap_socket_owner="www"
+#fcgiwrap_socket_group="www"
 cron_flags="-m ''"
-gmid_enable="YES"
-pf_enable="NO"
-pf_rules="/usr/local/etc/pf.conf"
-plog_enable="NO"
-pflog_logfile="/var/log/pflog"
-obspamd_enable="NO"
-obspamd_flags="-v"
-obspamlogd_enable="NO"
-dovecot_enable="NO"
+jail_enable="YES"
+gateway_enable="YES"
+static_routes="net1"
+route_net1="-net 10.0.0.0/24 95.179.223.82"
+kld_list="if_bridge if_tap if_epair"
+cloned_interfaces="bridge0"
+ifconfig_bridge0="inet 10.0.0.254/24"
+#cloned_interfaces="bridge0 epair0"
+#ifconfig_bridge0="addm vtnet0 addm epair0a up"
+#ifconfig_epair0a="up"
diff --git a/root/.cshrc b/root/.cshrc
index b1c5b5b..fc22012 100644
--- a/root/.cshrc
+++ b/root/.cshrc
@@ -15,8 +15,8 @@ alias ls	ls -lhG
 alias tree	tree -C
 alias c		clear
 alias vim	nvim
-alias diff	colordiff -c
-alias confgit	git --git-dir=/usr/local/git/jozan/joe-conf.git --work-tree=/
+alias confgit	git --git-dir=/var/jail/git/var/git/jozan/joe-conf.git --work-tree=/
+alias jx	jexec
 
 # A righteous umask
 umask 22
diff --git a/usr/local/etc/cgitrc b/usr/local/etc/cgitrc
deleted file mode 100644
index b123224..0000000
--- a/usr/local/etc/cgitrc
+++ /dev/null
@@ -1,83 +0,0 @@
-#
-# cgit config
-#
-
-css=/css/cgit.css
-logo=/img/cgit.png
-favicon=/img/favicon.ico
-
-# if you do not want that webcrawler (like google) index your site
-robots=index, nofollow
-
-# if cgit messes up links, use a virtual-root. For example, cgit.example.org/ has this value:
-virtual-root=/
-
-root-title=GitJoe
-root-desc=where the good code belongs
-root-readme=/usr/local/www/gitjoe/about.html
-footer=/usr/local/www/gitjoe/footer.html
-
-clone-url=git://gitjoe.xyz/$CGIT_REPO_URL
-
-enable-blame=0
-enable-commit-graph=1
-enable-filter-overrides=1
-enable-follow-links=1
-enable-git-config=0
-enable-http-clone=0
-enable-http-serving=0
-enable-index-links=0
-enable-index-owner=0
-enable-log-filecount=1
-enable-log-linecount=1
-enable-remote-branches=1
-enable-subject-links=1
-enable-tree-linenumbers=1
-
-branch-sort=age
-repository-sort=name
-local-time=0
-strict-export=git-daemon-export-ok
-remove-suffix=1
-side-by-side-diffs=0
-section-sort=1
-section-from-path=1
-
-cache-size=0
-
-about-filter=/usr/local/lib/cgit/filters/about-formatting-edited.sh
-source-filter=/usr/local/lib/cgit/filters/syntax-highlighting-edited.sh
-
-snapshots=tar.gz tar.bz2 tar.xz zip
-max-stats=year
-
-readme=:README.md
-readme=:readme.md
-readme=:README.org
-readme=:readme.org
-readme=:README.mkd
-readme=:readme.mkd
-readme=:README.html
-readme=:readme.html
-readme=:README.htm
-readme=:readme.htm
-readme=:README.txt
-readme=:readme.txt
-readme=:README
-readme=:readme
-readme=:INSTALL.md
-readme=:install.md
-readme=:INSTALL.org
-readme=:install.org
-readme=:INSTALL.mkd
-readme=:install.mkd
-readme=:INSTALL.html
-readme=:install.html
-readme=:INSTALL.htm
-readme=:install.htm
-readme=:INSTALL.txt
-readme=:install.txt
-readme=:INSTALL
-readme=:install
-
-scan-path=/usr/local/git
diff --git a/usr/local/etc/gmid.conf b/usr/local/etc/gmid.conf
deleted file mode 100644
index cf7b293..0000000
--- a/usr/local/etc/gmid.conf
+++ /dev/null
@@ -1,24 +0,0 @@
-# drop privileges
-user "_gmid"
-
-# it's a good idea to enable chroot, but
-# beware that can make CGI scripting harder
-#chroot "/var/gemini"
-
-# An example of a server block:
-server "jozanofastora.xyz" {
-	# set the directory to serve; it's relative to the
-	# chroot (if enabled)
-	root "/usr/local/gemini"
-
-	# Set self-signed TLS cert and key.  It's better to keep
-	# the keys outside the chroot.
-	#
-	# You should generate them manually, for example:
-	# openssl req -x509 -newkey rsa:4096 -nodes		\
-	#	-out /usr/local/etc/ssl/gmid/localhost.crt	\
-	#	-keyout /usr/local/etc/ssl/gmid/localhost.key	\
-	# 	-subj "/CN=localhost"
-	cert "/usr/local/etc/letsencrypt/live/jozanofastora.xyz/cert.pem"
-	key  "/usr/local/etc/letsencrypt/live/jozanofastora.xyz/privkey.pem"
-}
diff --git a/usr/local/etc/nginx/nginx.conf b/usr/local/etc/nginx/nginx.conf
deleted file mode 100644
index 3febbf9..0000000
--- a/usr/local/etc/nginx/nginx.conf
+++ /dev/null
@@ -1,202 +0,0 @@
-worker_processes  1;
-
-events {
-	worker_connections  1024;
-}
-
-http {
-	include			mime.types;
-	default_type		application/octet-stream;
-	sendfile		on;
-	keepalive_timeout	65;
-	gzip			on;
-	gzip_vary		on;
-	gzip_min_length		1k;
-	gzip_proxied		expired no-cache no-store private auth;
-	gzip_buffers		4 16k;
-	gzip_http_version	1.1;
-	gzip_comp_level		2;
-	gzip_types		text/plain application/x-javascript application/javascript text/css application/xml application/json;
-
-	map $sent_http_content_type $expires {
-		default                    off;
-		text/css                   15m;
-		application/javascript     15m;
-		~image/                    15m;
-	}
-
-	server{
-		server_name  jozanofastora.xyz;
-		root   /usr/local/www/jozan;
-		index  index.html;
-		expires $expires;
-
-		location / {
-			try_files $uri $uri/ =404;
-		} 
-		location ~ /\.ht {
-			deny all;
-		}
-		location ~ \.cgi$ {
-			include		fastcgi_params;
-			fastcgi_param   SCRIPT_FILENAME $document_root/asm-example.cgi;
-			fastcgi_param   PATH_INFO       $uri;
-			fastcgi_param   HTTP_HOST       $server_name;
-			fastcgi_pass    unix:/var/run/fcgiwrap/fcgiwrap.sock;
-		}
-		error_page  403 /403.html;
-		location = /403.html {
-			root /usr/local/www/jozan/err;
-		}
-		error_page  404 /404.html;
-		location = /404.html {
-			root /usr/local/www/jozan/err;
-		}
-		error_page   500 502 503 504  /50x.html;
-		location = /50x.html {
-			root   /usr/local/www/nginx-dist;
-		}
-	
-	listen 443 ssl;
-	ssl_certificate /usr/local/etc/letsencrypt/live/jozanofastora.xyz/fullchain.pem;
-	ssl_certificate_key /usr/local/etc/letsencrypt/live/jozanofastora.xyz/privkey.pem;
-}
-
-	server {
-		server_name gitjoe.xyz;
-		root /usr/local/www/gitjoe;
-		try_files $uri @cgit;
-		index cgit.cgi;
-
-		location @cgit {
-			include		fastcgi_params;
-			fastcgi_param   SCRIPT_FILENAME $document_root/cgit.cgi;
-			fastcgi_param   PATH_INFO       $uri;
-			fastcgi_param   QUERY_STRING    $args;
-			fastcgi_param   HTTP_HOST       $server_name;
-			fastcgi_param   CGIT_CONFIG	/usr/local/etc/cgitrc;
-			fastcgi_pass    unix:/var/run/fcgiwrap/fcgiwrap.sock;
-
-			gzip off;
-			rewrite ^/([^/]+/.*)?$ /cgit.cgi?url=$1 break;
-		}
-		error_page   500 502 503 504  /50x.html;
-		location = /50x.html {
-			root   /usr/local/www/nginx-dist;
-		}
-
-	listen 443 ssl;
-	ssl_certificate /usr/local/etc/letsencrypt/live/gitjoe.xyz/fullchain.pem;
-	ssl_certificate_key /usr/local/etc/letsencrypt/live/gitjoe.xyz/privkey.pem;
-} 
-	server{
-		server_name  watchoom.gitjoe.xyz;
-		root   /usr/local/www/watchoom;
-		index  index.html;
-		expires $expires;
-
-		location / {
-			try_files $uri $uri/ =404;
-		} 
-		location ~ /\.ht {
-			deny all;
-		}
-		error_page   500 502 503 504  /50x.html;
-		location = /50x.html {
-			root   /usr/local/www/nginx-dist;
-		}
-	
-	listen 443 ssl;
-	ssl_certificate /usr/local/etc/letsencrypt/live/gitjoe.xyz/fullchain.pem;
-	ssl_certificate_key /usr/local/etc/letsencrypt/live/gitjoe.xyz/privkey.pem;
-}
-
-	server {
-		server_name fossil.jozanofastora.xyz;
-		index  index.html;
-		root /usr/local/www/fossiljoe;
-
-		# Bypass Fossil for the static documentation generated from
-		# our source code by Doxygen, so it merges into the embedded
-		# doc URL hierarchy at Fossil’s $ROOT/doc without requiring that
-		# these generated files actually be stored in the repo.  This
-		# also lets us set aggressive caching on these docs, since
-		# they rarely change.
-		location /code/doc/html {
-			root /usr/local/www/fossiljoe;
-
-			location ~* \.(html|ico|css|js|gif|jpg|png)$ {
-				expires 7d;
-				add_header Vary Accept-Encoding;
-				access_log off;
-			}
-		}
-		# Redirect everything else to the Fossil instance
-		location /code {
-			include scgi_params;
-			scgi_param SCRIPT_NAME "/code";
-			scgi_pass 127.0.0.1:12345;
-		}
-}
-
-server{
-	if ($host = gitjoe.xyz) {
-		return 301 https://$host?p=about;
-	}
-
-	server_name  gitjoe.xyz;
-	listen 80;
-	return 404;
-}
-
-server{
-	if ($host = jozanofastora.xyz) {
-		return 301 https://$host$request_uri;
-	}
-
-	server_name  jozanofastora.xyz;
-	listen 80;
-	return 404;
-}
-
-server{
-	if ($host = watchoom.gitjoe.xyz) {
-		return 301 https://$host$request_uri;
-	}
-
-	server_name  watchoom.gitjoe.xyz;
-	listen 80;
-	return 404;
-}
-
-#server {
-#	if ($host = fossil.jozanofastora.xyz) {
-#		return 301 https://$host$request_uri;
-#	}
-#
-#	server_name fossil.jozanofastora.xyz;
-#	listen 80;
-#	return 404;
-#}
-
-server {
-	server_name  www.jozanofastora.xyz;
-	listen 80;
-	listen 443 ssl;
-	rewrite ^/(.*) http://jozanofastora.xyz/$1 permanent;
-	ssl_certificate /usr/local/etc/letsencrypt/live/jozanofastora.xyz/fullchain.pem;
-	ssl_certificate_key /usr/local/etc/letsencrypt/live/jozanofastora.xyz/privkey.pem;
-	return 404;
-}
-
-server {
-
-	server_name  www.gitjoe.xyz git.jozanofastora.xyz;
-	listen 80;
-	listen 443 ssl;
-	rewrite ^/(.*) http://gitjoe.xyz/?p=about permanent;
-	ssl_certificate /usr/local/etc/letsencrypt/live/gitjoe.xyz/fullchain.pem;
-	ssl_certificate_key /usr/local/etc/letsencrypt/live/gitjoe.xyz/privkey.pem;
-	return 404;
-}
-}
diff --git a/usr/local/etc/pf.conf b/usr/local/etc/pf.conf
deleted file mode 100644
index c514fe8..0000000
--- a/usr/local/etc/pf.conf
+++ /dev/null
@@ -1,60 +0,0 @@
-## Set public interface ##
-ext_if="vtnet0"
-
-## set and drop IP ranges on the public interface ##
-martians = "{ 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, \
-	    10.0.0.0/8, 169.254.0.0/16, 192.0.2.0/24, \
-	    0.0.0.0/8, 240.0.0.0/4 }"
-
-table <spamd> persist
-table <spamd-allow> persist
-
-# Allowed webmail services
-#table <webmail> persist file "/usr/local/etc/pf.webmail.ip.conf"
-
-## Skip loop back interface - Skip all PF processing on interface ##
-set skip on lo
-
-## Sets the interface for which PF should gather statistics such as bytes in/out and packets passed/blocked ##
-set loginterface $ext_if
-
-# Deal with attacks based on incorrect handling of packet fragments 
-scrub in all
-
-
-# Pass spamd allow list
-rdr pass log on $ext_if inet proto tcp from <spamd-allow> to $ext_if port smtp \
-	-> 127.0.0.1 port 25
-# Pass webmail servers
-rdr pass log on $ext_if inet proto tcp from <gmail> to $ext_if port smtp \
-	-> 127.0.0.1 port 25
-# pass submission messages.
-pass quick log on $ext_if inet proto tcp from any to $ext_if port submission modulate state
-# Pass unknown mail to spamd
-rdr pass log on $ext_if inet proto tcp from {!<spamd-allow> <spamd>} to $ext_if port smtp \
-	    -> 127.0.0.1 port 8025
-
-## Blocking spoofed packets
-antispoof quick for $ext_if
-
-## Set default policy ##
-block return in log all
-block out all
-
-# Drop all Non-Routable Addresses 
-block drop in quick on $ext_if from $martians to any
-block drop out quick on $ext_if from any to $martians
-
-pass in inet proto tcp to $ext_if port ssh
-
-# Allow Ping-Pong stuff. Be a good sysadmin 
-pass inet proto icmp icmp-type echoreq
-
-# Open up imap/pop3 support
-pass quick on $ext_if proto tcp from any to any port {imap, imaps, pop3, pop3s} modulate state
-
-
-# Allow outgoing traffic
-pass out on $ext_if proto tcp from any to any modulate state
-pass out on $ext_if proto udp from any to any keep state
-#pass quick on $ext_if from any to any port http
diff --git a/usr/local/lib/cgit/filters/about-formatting-edited.sh b/usr/local/lib/cgit/filters/about-formatting-edited.sh
deleted file mode 100755
index cf1140e..0000000
--- a/usr/local/lib/cgit/filters/about-formatting-edited.sh
+++ /dev/null
@@ -1,28 +0,0 @@
-#!/bin/sh
-
-# This may be used with the about-filter or repo.about-filter setting in cgitrc.
-# It passes formatting of about pages to differing programs, depending on the usage.
-
-# Markdown support requires python and markdown-python.
-# RestructuredText support requires python and docutils.
-# Man page support requires groff.
-
-# The following environment variables can be used to retrieve the configuration
-# of the repository for which this script is called:
-# CGIT_REPO_URL        ( = repo.url       setting )
-# CGIT_REPO_NAME       ( = repo.name      setting )
-# CGIT_REPO_PATH       ( = repo.path      setting )
-# CGIT_REPO_OWNER      ( = repo.owner     setting )
-# CGIT_REPO_DEFBRANCH  ( = repo.defbranch setting )
-# CGIT_REPO_SECTION    ( = section        setting )
-# CGIT_REPO_CLONE_URL  ( = repo.clone-url setting )
-
-cd "$(dirname $0)/html-converters/"
-case "$(printf '%s' "$1" | tr '[:upper:]' '[:lower:]')" in
-	*.org) exec ./org2html; ;;
-	*.markdown|*.mdown|*.md|*.mkd) exec ./md2html; ;;
-	*.rst) exec ./rst2html; ;;
-	*.[1-9]) exec ./man2html; ;;
-	*.htm|*.html) exec cat; ;;
-	*.txt|*) exec ./txt2html; ;;
-esac
diff --git a/usr/local/lib/cgit/filters/html-converters/md2html b/usr/local/lib/cgit/filters/html-converters/md2html
deleted file mode 100755
index 7d97b1e..0000000
--- a/usr/local/lib/cgit/filters/html-converters/md2html
+++ /dev/null
@@ -1,307 +0,0 @@
-#!/usr/local/bin/python3.8
-import markdown
-import sys
-import io
-from pygments.formatters import HtmlFormatter
-from markdown.extensions.toc import TocExtension
-sys.stdin = io.TextIOWrapper(sys.stdin.buffer, encoding='utf-8')
-sys.stdout = io.TextIOWrapper(sys.stdout.buffer, encoding='utf-8')
-sys.stdout.write('''
-<style>
-.markdown-body {
-    font-size: 14px;
-    line-height: 1.6;
-    overflow: hidden;
-}
-.markdown-body>*:first-child {
-    margin-top: 0 !important;
-}
-.markdown-body>*:last-child {
-    margin-bottom: 0 !important;
-}
-.markdown-body a.absent {
-    color: #c00;
-}
-.markdown-body a.anchor {
-    display: block;
-    padding-left: 30px;
-    margin-left: -30px;
-    cursor: pointer;
-    position: absolute;
-    top: 0;
-    left: 0;
-    bottom: 0;
-}
-.markdown-body h1, .markdown-body h2, .markdown-body h3, .markdown-body h4, .markdown-body h5, .markdown-body h6 {
-    margin: 20px 0 10px;
-    padding: 0;
-    font-weight: bold;
-    -webkit-font-smoothing: antialiased;
-    cursor: text;
-    position: relative;
-}
-.markdown-body h1 .mini-icon-link, .markdown-body h2 .mini-icon-link, .markdown-body h3 .mini-icon-link, .markdown-body h4 .mini-icon-link, .markdown-body h5 .mini-icon-link, .markdown-body h6 .mini-icon-link {
-    display: none;
-    color: #000;
-}
-.markdown-body h1:hover a.anchor, .markdown-body h2:hover a.anchor, .markdown-body h3:hover a.anchor, .markdown-body h4:hover a.anchor, .markdown-body h5:hover a.anchor, .markdown-body h6:hover a.anchor {
-    text-decoration: none;
-    line-height: 1;
-    padding-left: 0;
-    margin-left: -22px;
-    top: 15%;
-}
-.markdown-body h1:hover a.anchor .mini-icon-link, .markdown-body h2:hover a.anchor .mini-icon-link, .markdown-body h3:hover a.anchor .mini-icon-link, .markdown-body h4:hover a.anchor .mini-icon-link, .markdown-body h5:hover a.anchor .mini-icon-link, .markdown-body h6:hover a.anchor .mini-icon-link {
-    display: inline-block;
-}
-div#cgit .markdown-body h1 a.toclink, div#cgit .markdown-body h2 a.toclink, div#cgit .markdown-body h3 a.toclink, div#cgit .markdown-body h4 a.toclink, div#cgit .markdown-body h5 a.toclink, div#cgit .markdown-body h6 a.toclink {
-    color: black;
-}
-.markdown-body h1 tt, .markdown-body h1 code, .markdown-body h2 tt, .markdown-body h2 code, .markdown-body h3 tt, .markdown-body h3 code, .markdown-body h4 tt, .markdown-body h4 code, .markdown-body h5 tt, .markdown-body h5 code, .markdown-body h6 tt, .markdown-body h6 code {
-    font-size: inherit;
-}
-.markdown-body h1 {
-    font-size: 28px;
-    color: #000;
-}
-.markdown-body h2 {
-    font-size: 24px;
-    border-bottom: 1px solid #ccc;
-    color: #000;
-}
-.markdown-body h3 {
-    font-size: 18px;
-}
-.markdown-body h4 {
-    font-size: 16px;
-}
-.markdown-body h5 {
-    font-size: 14px;
-}
-.markdown-body h6 {
-    color: #777;
-    font-size: 14px;
-}
-.markdown-body p, .markdown-body blockquote, .markdown-body ul, .markdown-body ol, .markdown-body dl, .markdown-body table, .markdown-body pre {
-    margin: 15px 0;
-}
-.markdown-body hr {
-    background: transparent url("/dirty-shade.png") repeat-x 0 0;
-    border: 0 none;
-    color: #ccc;
-    height: 4px;
-    padding: 0;
-}
-.markdown-body>h2:first-child, .markdown-body>h1:first-child, .markdown-body>h1:first-child+h2, .markdown-body>h3:first-child, .markdown-body>h4:first-child, .markdown-body>h5:first-child, .markdown-body>h6:first-child {
-    margin-top: 0;
-    padding-top: 0;
-}
-.markdown-body a:first-child h1, .markdown-body a:first-child h2, .markdown-body a:first-child h3, .markdown-body a:first-child h4, .markdown-body a:first-child h5, .markdown-body a:first-child h6 {
-    margin-top: 0;
-    padding-top: 0;
-}
-.markdown-body h1+p, .markdown-body h2+p, .markdown-body h3+p, .markdown-body h4+p, .markdown-body h5+p, .markdown-body h6+p {
-    margin-top: 0;
-}
-.markdown-body li p.first {
-    display: inline-block;
-}
-.markdown-body ul, .markdown-body ol {
-    padding-left: 30px;
-}
-.markdown-body ul.no-list, .markdown-body ol.no-list {
-    list-style-type: none;
-    padding: 0;
-}
-.markdown-body ul li>:first-child, .markdown-body ul li ul:first-of-type, .markdown-body ul li ol:first-of-type, .markdown-body ol li>:first-child, .markdown-body ol li ul:first-of-type, .markdown-body ol li ol:first-of-type {
-    margin-top: 0px;
-}
-.markdown-body ul li p:last-of-type, .markdown-body ol li p:last-of-type {
-    margin-bottom: 0;
-}
-.markdown-body ul ul, .markdown-body ul ol, .markdown-body ol ol, .markdown-body ol ul {
-    margin-bottom: 0;
-}
-.markdown-body dl {
-    padding: 0;
-}
-.markdown-body dl dt {
-    font-size: 14px;
-    font-weight: bold;
-    font-style: italic;
-    padding: 0;
-    margin: 15px 0 5px;
-}
-.markdown-body dl dt:first-child {
-    padding: 0;
-}
-.markdown-body dl dt>:first-child {
-    margin-top: 0px;
-}
-.markdown-body dl dt>:last-child {
-    margin-bottom: 0px;
-}
-.markdown-body dl dd {
-    margin: 0 0 15px;
-    padding: 0 15px;
-}
-.markdown-body dl dd>:first-child {
-    margin-top: 0px;
-}
-.markdown-body dl dd>:last-child {
-    margin-bottom: 0px;
-}
-.markdown-body blockquote {
-    border-left: 4px solid #DDD;
-    padding: 0 15px;
-    color: #777;
-}
-.markdown-body blockquote>:first-child {
-    margin-top: 0px;
-}
-.markdown-body blockquote>:last-child {
-    margin-bottom: 0px;
-}
-.markdown-body table th {
-    font-weight: bold;
-}
-.markdown-body table th, .markdown-body table td {
-    border: 1px solid #ccc;
-    padding: 6px 13px;
-}
-.markdown-body table tr {
-    border-top: 1px solid #ccc;
-    background-color: #fff;
-}
-.markdown-body table tr:nth-child(2n) {
-    background-color: #f8f8f8;
-}
-.markdown-body img {
-    max-width: 100%;
-    -moz-box-sizing: border-box;
-    box-sizing: border-box;
-}
-.markdown-body span.frame {
-    display: block;
-    overflow: hidden;
-}
-.markdown-body span.frame>span {
-    border: 1px solid #ddd;
-    display: block;
-    float: left;
-    overflow: hidden;
-    margin: 13px 0 0;
-    padding: 7px;
-    width: auto;
-}
-.markdown-body span.frame span img {
-    display: block;
-    float: left;
-}
-.markdown-body span.frame span span {
-    clear: both;
-    color: #333;
-    display: block;
-    padding: 5px 0 0;
-}
-.markdown-body span.align-center {
-    display: block;
-    overflow: hidden;
-    clear: both;
-}
-.markdown-body span.align-center>span {
-    display: block;
-    overflow: hidden;
-    margin: 13px auto 0;
-    text-align: center;
-}
-.markdown-body span.align-center span img {
-    margin: 0 auto;
-    text-align: center;
-}
-.markdown-body span.align-right {
-    display: block;
-    overflow: hidden;
-    clear: both;
-}
-.markdown-body span.align-right>span {
-    display: block;
-    overflow: hidden;
-    margin: 13px 0 0;
-    text-align: right;
-}
-.markdown-body span.align-right span img {
-    margin: 0;
-    text-align: right;
-}
-.markdown-body span.float-left {
-    display: block;
-    margin-right: 13px;
-    overflow: hidden;
-    float: left;
-}
-.markdown-body span.float-left span {
-    margin: 13px 0 0;
-}
-.markdown-body span.float-right {
-    display: block;
-    margin-left: 13px;
-    overflow: hidden;
-    float: right;
-}
-.markdown-body span.float-right>span {
-    display: block;
-    overflow: hidden;
-    margin: 13px auto 0;
-    text-align: right;
-}
-.markdown-body code, .markdown-body tt {
-    margin: 0 2px;
-    padding: 0px 5px;
-    border: 1px solid #eaeaea;
-    background-color: #f8f8f8;
-    border-radius: 3px;
-}
-.markdown-body code {
-    white-space: nowrap;
-}
-.markdown-body pre>code {
-    margin: 0;
-    padding: 0;
-    white-space: pre;
-    border: none;
-    background: transparent;
-}
-.markdown-body .highlight pre, .markdown-body pre {
-    background-color: #f8f8f8;
-    border: 1px solid #ccc;
-    font-size: 13px;
-    line-height: 19px;
-    overflow: auto;
-    padding: 6px 10px;
-    border-radius: 3px;
-}
-.markdown-body pre code, .markdown-body pre tt {
-    margin: 0;
-    padding: 0;
-    background-color: transparent;
-    border: none;
-}
-''')
-sys.stdout.write(HtmlFormatter(style='pastie').get_style_defs('.highlight'))
-sys.stdout.write('''
-</style>   
-''')
-sys.stdout.write("<div class='markdown-body'>")
-sys.stdout.flush()
-# Note: you may want to run this through bleach for sanitization
-markdown.markdownFromFile(
-	output_format="html5",
-	extensions=[
-		"markdown.extensions.fenced_code",
-		"markdown.extensions.codehilite",
-		"markdown.extensions.tables",
-		TocExtension(anchorlink=True)],
-	extension_configs={
-		"markdown.extensions.codehilite":{"css_class":"highlight"}})
-sys.stdout.write("</div>")
diff --git a/usr/local/lib/cgit/filters/html-converters/org2html b/usr/local/lib/cgit/filters/html-converters/org2html
deleted file mode 100755
index e9c3b44..0000000
--- a/usr/local/lib/cgit/filters/html-converters/org2html
+++ /dev/null
@@ -1,2 +0,0 @@
-#!/bin/sh
-pandoc -forg -tgfm | ./md2html
diff --git a/usr/local/lib/cgit/filters/syntax-highlighting-edited.sh b/usr/local/lib/cgit/filters/syntax-highlighting-edited.sh
deleted file mode 100755
index 3de95fa..0000000
--- a/usr/local/lib/cgit/filters/syntax-highlighting-edited.sh
+++ /dev/null
@@ -1,121 +0,0 @@
-#!/bin/sh
-# This script can be used to implement syntax highlighting in the cgit
-# tree-view by referring to this file with the source-filter or repo.source-
-# filter options in cgitrc.
-#
-# This script requires a shell supporting the ${var##pattern} syntax.
-# It is supported by at least dash and bash, however busybox environments
-# might have to use an external call to sed instead.
-#
-# Note: the highlight command (http://www.andre-simon.de/) uses css for syntax
-# highlighting, so you'll probably want something like the following included
-# in your css file:
-#
-# Style definition file generated by highlight 2.4.8, http://www.andre-simon.de/
-#
-# table.blob .num  { color:#2928ff; }
-# table.blob .esc  { color:#ff00ff; }
-# table.blob .str  { color:#ff0000; }
-# table.blob .dstr { color:#818100; }
-# table.blob .slc  { color:#838183; font-style:italic; }
-# table.blob .com  { color:#838183; font-style:italic; }
-# table.blob .dir  { color:#008200; }
-# table.blob .sym  { color:#000000; }
-# table.blob .kwa  { color:#000000; font-weight:bold; }
-# table.blob .kwb  { color:#830000; }
-# table.blob .kwc  { color:#000000; font-weight:bold; }
-# table.blob .kwd  { color:#010181; }
-#
-#
-# Style definition file generated by highlight 2.6.14, http://www.andre-simon.de/
-#
-# body.hl  { background-color:#ffffff; }
-# pre.hl   { color:#000000; background-color:#ffffff; font-size:10pt; font-family:'Courier New';}
-# .hl.num  { color:#2928ff; }
-# .hl.esc  { color:#ff00ff; }
-# .hl.str  { color:#ff0000; }
-# .hl.dstr { color:#818100; }
-# .hl.slc  { color:#838183; font-style:italic; }
-# .hl.com  { color:#838183; font-style:italic; }
-# .hl.dir  { color:#008200; }
-# .hl.sym  { color:#000000; }
-# .hl.line { color:#555555; }
-# .hl.mark { background-color:#ffffbb;}
-# .hl.kwa  { color:#000000; font-weight:bold; }
-# .hl.kwb  { color:#830000; }
-# .hl.kwc  { color:#000000; font-weight:bold; }
-# .hl.kwd  { color:#010181; }
-#
-#
-# Style definition file generated by highlight 3.8, http://www.andre-simon.de/
-#
-# body.hl { background-color:#e0eaee; }
-# pre.hl  { color:#000000; background-color:#e0eaee; font-size:10pt; font-family:'Courier New';}
-# .hl.num { color:#b07e00; }
-# .hl.esc { color:#ff00ff; }
-# .hl.str { color:#bf0303; }
-# .hl.pps { color:#818100; }
-# .hl.slc { color:#838183; font-style:italic; }
-# .hl.com { color:#838183; font-style:italic; }
-# .hl.ppc { color:#008200; }
-# .hl.opt { color:#000000; }
-# .hl.lin { color:#555555; }
-# .hl.kwa { color:#000000; font-weight:bold; }
-# .hl.kwb { color:#0057ae; }
-# .hl.kwc { color:#000000; font-weight:bold; }
-# .hl.kwd { color:#010181; }
-#
-#
-# Style definition file generated by highlight 3.13, http://www.andre-simon.de/
-#
-# body.hl { background-color:#e0eaee; }
-# pre.hl  { color:#000000; background-color:#e0eaee; font-size:10pt; font-family:'Courier New',monospace;}
-# .hl.num { color:#b07e00; }
-# .hl.esc { color:#ff00ff; }
-# .hl.str { color:#bf0303; }
-# .hl.pps { color:#818100; }
-# .hl.slc { color:#838183; font-style:italic; }
-# .hl.com { color:#838183; font-style:italic; }
-# .hl.ppc { color:#008200; }
-# .hl.opt { color:#000000; }
-# .hl.ipl { color:#0057ae; }
-# .hl.lin { color:#555555; }
-# .hl.kwa { color:#000000; font-weight:bold; }
-# .hl.kwb { color:#0057ae; }
-# .hl.kwc { color:#000000; font-weight:bold; }
-# .hl.kwd { color:#010181; }
-#
-#
-# The following environment variables can be used to retrieve the configuration
-# of the repository for which this script is called:
-# CGIT_REPO_URL        ( = repo.url       setting )
-# CGIT_REPO_NAME       ( = repo.name      setting )
-# CGIT_REPO_PATH       ( = repo.path      setting )
-# CGIT_REPO_OWNER      ( = repo.owner     setting )
-# CGIT_REPO_DEFBRANCH  ( = repo.defbranch setting )
-# CGIT_REPO_SECTION    ( = section        setting )
-# CGIT_REPO_CLONE_URL  ( = repo.clone-url setting )
-#
-
-# store filename and extension in local vars
-BASENAME="$1"
-EXTENSION="${BASENAME##*.}"
-
-[ "${BASENAME}" = "${EXTENSION}" ] && EXTENSION=txt
-[ -z "${EXTENSION}" ] && EXTENSION=txt
-
-# map Makefile and Makefile.* to .mk
-[ "${BASENAME%%.*}" = "Makefile" ] && EXTENSION=mk
-
-# highlight versions 2 and 3 have different commandline options. Specifically,
-# the -X option that is used for version 2 is replaced by the -O xhtml option
-# for version 3.
-#
-# Version 2 can be found (for example) on EPEL 5, while version 3 can be
-# found (for example) on EPEL 6.
-#
-# This is for version 2
-#exec highlight --force -f -I -X -S "$EXTENSION" 2>/dev/null
-
-# This is for version 3
-exec highlight --force --inline-css -f -I -O xhtml -S "$EXTENSION" 2>/dev/null
diff --git a/var/jail/git/etc/rc.conf b/var/jail/git/etc/rc.conf
new file mode 100644
index 0000000..30dad04
--- /dev/null
+++ b/var/jail/git/etc/rc.conf
@@ -0,0 +1,8 @@
+# Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable
+dumpdev="NO"
+cron_flags="-m ''"
+sendmail_enable="NONE"
+sendmail_submit_enable="NONE"
+sendmail_msp_queue_enable="NONE"
+sendmail_outbound_enable="NONE"
+sshd_enable="YES"
diff --git a/var/jail/i2p/etc/rc.conf b/var/jail/i2p/etc/rc.conf
new file mode 100644
index 0000000..ffd49a6
--- /dev/null
+++ b/var/jail/i2p/etc/rc.conf
@@ -0,0 +1,8 @@
+# Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable
+dumpdev="NO"
+cron_flags="-m ''"
+sendmail_enable="NONE"
+sendmail_submit_enable="NONE"
+sendmail_msp_queue_enable="NONE"
+sendmail_outbound_enable="NONE"
+i2pd_enable="YES"
diff --git a/var/jail/nextcloud/etc/rc.conf b/var/jail/nextcloud/etc/rc.conf
new file mode 100644
index 0000000..2307f03
--- /dev/null
+++ b/var/jail/nextcloud/etc/rc.conf
@@ -0,0 +1,8 @@
+sshd_enable="NO"
+# Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable
+dumpdev="NO"
+cron_flags="-m ''"
+sendmail_enable="NONE"
+sendmail_submit_enable="NONE"
+sendmail_msp_queue_enable="NONE"
+sendmail_outbound_enable="NONE"
diff --git a/var/jail/wireguard/etc/rc.conf b/var/jail/wireguard/etc/rc.conf
new file mode 100644
index 0000000..48ffe2d
--- /dev/null
+++ b/var/jail/wireguard/etc/rc.conf
@@ -0,0 +1,11 @@
+# Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable
+dumpdev="NO"
+cron_flags="-m ''"
+sendmail_enable="NONE"
+sendmail_submit_enable="NONE"
+sendmail_msp_queue_enable="NONE"
+sendmail_outbound_enable="NONE"
+wireguard_enable="NO"
+wireguard_interfaces="wg0"
+gateway_enable="YES"
+pf_enable="YES"
diff --git a/var/jail/www/etc/rc.conf b/var/jail/www/etc/rc.conf
new file mode 100644
index 0000000..682f65a
--- /dev/null
+++ b/var/jail/www/etc/rc.conf
@@ -0,0 +1,13 @@
+# Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable
+dumpdev="NO"
+cron_flags="-m ''"
+sendmail_enable="NONE"
+sendmail_submit_enable="NONE"
+sendmail_msp_queue_enable="NONE"
+sendmail_outbound_enable="NONE"
+nginx_enable="YES"
+fcgiwrap_enable="YES"
+fcgiwrap_user="www"
+fcgiwrap_group="www"
+fcgiwrap_socket_owner="www"
+fcgiwrap_socket_group="www"
diff --git a/var/jail/www/usr/local/etc/cgitrc b/var/jail/www/usr/local/etc/cgitrc
new file mode 100644
index 0000000..cb8da04
--- /dev/null
+++ b/var/jail/www/usr/local/etc/cgitrc
@@ -0,0 +1,83 @@
+#
+# cgit config
+#
+
+css=/css/cgit.css
+logo=/img/cgit.png
+favicon=/img/favicon.ico
+
+# if you do not want that webcrawler (like google) index your site
+robots=index, nofollow
+
+# if cgit messes up links, use a virtual-root. For example, cgit.example.org/ has this value:
+virtual-root=/
+
+root-title=GitJoe
+root-desc=where the good code belongs
+root-readme=/var/www/gitjoe/about.html
+footer=/var/www/gitjoe/footer.html
+
+clone-url=git://gitjoe.xyz/$CGIT_REPO_URL
+
+enable-blame=0
+enable-commit-graph=1
+enable-filter-overrides=1
+enable-follow-links=1
+enable-git-config=0
+enable-http-clone=0
+enable-http-serving=0
+enable-index-links=0
+enable-index-owner=0
+enable-log-filecount=1
+enable-log-linecount=1
+enable-remote-branches=1
+enable-subject-links=1
+enable-tree-linenumbers=1
+
+branch-sort=age
+repository-sort=name
+local-time=0
+strict-export=git-daemon-export-ok
+remove-suffix=1
+side-by-side-diffs=0
+section-sort=1
+section-from-path=1
+
+cache-size=0
+
+about-filter=/usr/local/lib/cgit/filters/about-formatting-edited.sh
+source-filter=/usr/local/lib/cgit/filters/syntax-highlighting-edited.sh
+
+snapshots=tar.zst tar.gz tar.bz2 tar.xz zip
+max-stats=year
+
+readme=:README.md
+readme=:readme.md
+readme=:README.org
+readme=:readme.org
+readme=:README.mkd
+readme=:readme.mkd
+readme=:README.html
+readme=:readme.html
+readme=:README.htm
+readme=:readme.htm
+readme=:README.txt
+readme=:readme.txt
+readme=:README
+readme=:readme
+readme=:INSTALL.md
+readme=:install.md
+readme=:INSTALL.org
+readme=:install.org
+readme=:INSTALL.mkd
+readme=:install.mkd
+readme=:INSTALL.html
+readme=:install.html
+readme=:INSTALL.htm
+readme=:install.htm
+readme=:INSTALL.txt
+readme=:install.txt
+readme=:INSTALL
+readme=:install
+
+scan-path=/var/mnt/git
diff --git a/var/jail/www/usr/local/etc/nginx/nginx.conf b/var/jail/www/usr/local/etc/nginx/nginx.conf
new file mode 100644
index 0000000..869ff4d
--- /dev/null
+++ b/var/jail/www/usr/local/etc/nginx/nginx.conf
@@ -0,0 +1,144 @@
+worker_processes  1;
+
+events {
+	worker_connections  1024;
+}
+
+http {
+	include			mime.types;
+	default_type		application/octet-stream;
+	sendfile		on;
+	keepalive_timeout	65;
+	gzip			on;
+	gzip_vary		on;
+ 	gzip_min_length		1k;
+ 	gzip_proxied		expired no-cache no-store private auth;
+ 	gzip_buffers		4 16k;
+ 	gzip_http_version	1.1;
+ 	gzip_comp_level		2;
+ 	gzip_types		text/plain application/x-javascript application/javascript text/css application/xml application/json;
+
+	map $sent_http_content_type $expires {
+		default                    off;
+		text/css                   15m;
+		application/javascript     15m;
+		~image/                    15m;
+	}
+
+# JOZAN
+
+	server{
+		server_name  jozan.org;
+		root   /var/www/joe;
+		index  index.html;
+		expires $expires;
+
+		location / {
+			try_files $uri $uri/ =404;
+		} 
+		location ~ /\.ht {
+			deny all;
+		}
+		location ~ \.cgi$ {
+			include		fastcgi_params;
+			fastcgi_param   SCRIPT_FILENAME $document_root/asm-example.cgi;
+			fastcgi_param   PATH_INFO       $uri;
+			fastcgi_param   HTTP_HOST       $server_name;
+			fastcgi_pass    unix:/var/run/fcgiwrap/fcgiwrap.sock;
+		}
+		error_page  403 /403.html;
+		location = /403.html {
+			root /var/www/joe/err;
+		}
+		error_page  404 /404.html;
+		location = /404.html {
+			root /var/www/joe/err;
+		}
+		error_page   500 502 503 504  /50x.html;
+		location = /50x.html {
+			root   /usr/local/www/nginx-dist;
+		}
+	
+    listen 443 ssl; # managed by Certbot
+    ssl_certificate /usr/local/etc/letsencrypt/live/jozan.org/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /usr/local/etc/letsencrypt/live/jozan.org/privkey.pem; # managed by Certbot
+    include /usr/local/etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /usr/local/etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+
+
+}
+
+# GITJOE
+
+	server {
+		server_name gitjoe.xyz;
+		root /var/www/gitjoe;
+		try_files $uri @cgit;
+		index cgit.cgi;
+
+		location @cgit {
+			include		fastcgi_params;
+			fastcgi_param   SCRIPT_FILENAME $document_root/cgit.cgi;
+			fastcgi_param   PATH_INFO       $uri;
+			fastcgi_param   QUERY_STRING    $args;
+			fastcgi_param   HTTP_HOST       $server_name;
+			fastcgi_param   CGIT_CONFIG	/usr/local/etc/cgitrc;
+			fastcgi_pass    unix:/var/run/fcgiwrap/fcgiwrap.sock;
+
+			gzip off;
+			rewrite ^/([^/]+/.*)?$ /cgit.cgi?url=$1 break;
+		}
+		error_page   500 502 503 504  /50x.html;
+		location = /50x.html {
+			root   /usr/local/www/nginx-dist;
+		}
+
+	listen 443 ssl;
+
+    ssl_certificate /usr/local/etc/letsencrypt/live/jozan.org/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /usr/local/etc/letsencrypt/live/jozan.org/privkey.pem; # managed by Certbot
+}
+
+# REDIRECT 80 to 443
+
+server{
+    if ($host = jozan.org) {
+        return 301 https://$host$request_uri;
+    }
+
+
+    if ($host = www.jozanofastora.xyz) {
+        return 301 https://$host$request_uri;
+    } # managed by Certbot
+
+
+    if ($host = jozanofastora.xyz) {
+        return 301 https://$host$request_uri;
+    } # managed by Certbot
+
+
+    if ($host = www.jozan.org) {
+        return 301 https://$host$request_uri;
+    } # managed by Certbot
+
+    if ($host = gitjoe.xyz) {
+        return 301 https://$host$request_uri;
+    } # managed by Certbot
+
+	server_name  jozan.org www.jozan.org jozanofastora.xyz www.jozanofastora.xyz gitjoe.xyz;
+    listen 80;
+    return 404;
+}
+
+# REDIRECT 443 to JOZAN 443
+
+server{
+	listen 443 ssl;
+	server_name www.jozan.org jozanofastora.xyz www.jozanofastora.xyz;
+	return 301 $scheme://jozan.org$request_uri;
+    ssl_certificate /usr/local/etc/letsencrypt/live/jozan.org/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /usr/local/etc/letsencrypt/live/jozan.org/privkey.pem; # managed by Certbot
+    include /usr/local/etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /usr/local/etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+}
+}
diff --git a/var/jail/www/usr/local/lib/cgit/filters/about-formatting-edited.sh b/var/jail/www/usr/local/lib/cgit/filters/about-formatting-edited.sh
new file mode 100755
index 0000000..cf1140e
--- /dev/null
+++ b/var/jail/www/usr/local/lib/cgit/filters/about-formatting-edited.sh
@@ -0,0 +1,28 @@
+#!/bin/sh
+
+# This may be used with the about-filter or repo.about-filter setting in cgitrc.
+# It passes formatting of about pages to differing programs, depending on the usage.
+
+# Markdown support requires python and markdown-python.
+# RestructuredText support requires python and docutils.
+# Man page support requires groff.
+
+# The following environment variables can be used to retrieve the configuration
+# of the repository for which this script is called:
+# CGIT_REPO_URL        ( = repo.url       setting )
+# CGIT_REPO_NAME       ( = repo.name      setting )
+# CGIT_REPO_PATH       ( = repo.path      setting )
+# CGIT_REPO_OWNER      ( = repo.owner     setting )
+# CGIT_REPO_DEFBRANCH  ( = repo.defbranch setting )
+# CGIT_REPO_SECTION    ( = section        setting )
+# CGIT_REPO_CLONE_URL  ( = repo.clone-url setting )
+
+cd "$(dirname $0)/html-converters/"
+case "$(printf '%s' "$1" | tr '[:upper:]' '[:lower:]')" in
+	*.org) exec ./org2html; ;;
+	*.markdown|*.mdown|*.md|*.mkd) exec ./md2html; ;;
+	*.rst) exec ./rst2html; ;;
+	*.[1-9]) exec ./man2html; ;;
+	*.htm|*.html) exec cat; ;;
+	*.txt|*) exec ./txt2html; ;;
+esac
diff --git a/var/jail/www/usr/local/lib/cgit/filters/html-converters/md2html b/var/jail/www/usr/local/lib/cgit/filters/html-converters/md2html
new file mode 100755
index 0000000..a4a43ff
--- /dev/null
+++ b/var/jail/www/usr/local/lib/cgit/filters/html-converters/md2html
@@ -0,0 +1,307 @@
+#!/usr/local/bin/python3.9
+import markdown
+import sys
+import io
+from pygments.formatters import HtmlFormatter
+from markdown.extensions.toc import TocExtension
+sys.stdin = io.TextIOWrapper(sys.stdin.buffer, encoding='utf-8')
+sys.stdout = io.TextIOWrapper(sys.stdout.buffer, encoding='utf-8')
+sys.stdout.write('''
+<style>
+.markdown-body {
+    font-size: 14px;
+    line-height: 1.6;
+    overflow: hidden;
+}
+.markdown-body>*:first-child {
+    margin-top: 0 !important;
+}
+.markdown-body>*:last-child {
+    margin-bottom: 0 !important;
+}
+.markdown-body a.absent {
+    color: #c00;
+}
+.markdown-body a.anchor {
+    display: block;
+    padding-left: 30px;
+    margin-left: -30px;
+    cursor: pointer;
+    position: absolute;
+    top: 0;
+    left: 0;
+    bottom: 0;
+}
+.markdown-body h1, .markdown-body h2, .markdown-body h3, .markdown-body h4, .markdown-body h5, .markdown-body h6 {
+    margin: 20px 0 10px;
+    padding: 0;
+    font-weight: bold;
+    -webkit-font-smoothing: antialiased;
+    cursor: text;
+    position: relative;
+}
+.markdown-body h1 .mini-icon-link, .markdown-body h2 .mini-icon-link, .markdown-body h3 .mini-icon-link, .markdown-body h4 .mini-icon-link, .markdown-body h5 .mini-icon-link, .markdown-body h6 .mini-icon-link {
+    display: none;
+    color: #000;
+}
+.markdown-body h1:hover a.anchor, .markdown-body h2:hover a.anchor, .markdown-body h3:hover a.anchor, .markdown-body h4:hover a.anchor, .markdown-body h5:hover a.anchor, .markdown-body h6:hover a.anchor {
+    text-decoration: none;
+    line-height: 1;
+    padding-left: 0;
+    margin-left: -22px;
+    top: 15%;
+}
+.markdown-body h1:hover a.anchor .mini-icon-link, .markdown-body h2:hover a.anchor .mini-icon-link, .markdown-body h3:hover a.anchor .mini-icon-link, .markdown-body h4:hover a.anchor .mini-icon-link, .markdown-body h5:hover a.anchor .mini-icon-link, .markdown-body h6:hover a.anchor .mini-icon-link {
+    display: inline-block;
+}
+div#cgit .markdown-body h1 a.toclink, div#cgit .markdown-body h2 a.toclink, div#cgit .markdown-body h3 a.toclink, div#cgit .markdown-body h4 a.toclink, div#cgit .markdown-body h5 a.toclink, div#cgit .markdown-body h6 a.toclink {
+    color: black;
+}
+.markdown-body h1 tt, .markdown-body h1 code, .markdown-body h2 tt, .markdown-body h2 code, .markdown-body h3 tt, .markdown-body h3 code, .markdown-body h4 tt, .markdown-body h4 code, .markdown-body h5 tt, .markdown-body h5 code, .markdown-body h6 tt, .markdown-body h6 code {
+    font-size: inherit;
+}
+.markdown-body h1 {
+    font-size: 28px;
+    color: #000;
+}
+.markdown-body h2 {
+    font-size: 24px;
+    border-bottom: 1px solid #ccc;
+    color: #000;
+}
+.markdown-body h3 {
+    font-size: 18px;
+}
+.markdown-body h4 {
+    font-size: 16px;
+}
+.markdown-body h5 {
+    font-size: 14px;
+}
+.markdown-body h6 {
+    color: #777;
+    font-size: 14px;
+}
+.markdown-body p, .markdown-body blockquote, .markdown-body ul, .markdown-body ol, .markdown-body dl, .markdown-body table, .markdown-body pre {
+    margin: 15px 0;
+}
+.markdown-body hr {
+    background: transparent url("/dirty-shade.png") repeat-x 0 0;
+    border: 0 none;
+    color: #ccc;
+    height: 4px;
+    padding: 0;
+}
+.markdown-body>h2:first-child, .markdown-body>h1:first-child, .markdown-body>h1:first-child+h2, .markdown-body>h3:first-child, .markdown-body>h4:first-child, .markdown-body>h5:first-child, .markdown-body>h6:first-child {
+    margin-top: 0;
+    padding-top: 0;
+}
+.markdown-body a:first-child h1, .markdown-body a:first-child h2, .markdown-body a:first-child h3, .markdown-body a:first-child h4, .markdown-body a:first-child h5, .markdown-body a:first-child h6 {
+    margin-top: 0;
+    padding-top: 0;
+}
+.markdown-body h1+p, .markdown-body h2+p, .markdown-body h3+p, .markdown-body h4+p, .markdown-body h5+p, .markdown-body h6+p {
+    margin-top: 0;
+}
+.markdown-body li p.first {
+    display: inline-block;
+}
+.markdown-body ul, .markdown-body ol {
+    padding-left: 30px;
+}
+.markdown-body ul.no-list, .markdown-body ol.no-list {
+    list-style-type: none;
+    padding: 0;
+}
+.markdown-body ul li>:first-child, .markdown-body ul li ul:first-of-type, .markdown-body ul li ol:first-of-type, .markdown-body ol li>:first-child, .markdown-body ol li ul:first-of-type, .markdown-body ol li ol:first-of-type {
+    margin-top: 0px;
+}
+.markdown-body ul li p:last-of-type, .markdown-body ol li p:last-of-type {
+    margin-bottom: 0;
+}
+.markdown-body ul ul, .markdown-body ul ol, .markdown-body ol ol, .markdown-body ol ul {
+    margin-bottom: 0;
+}
+.markdown-body dl {
+    padding: 0;
+}
+.markdown-body dl dt {
+    font-size: 14px;
+    font-weight: bold;
+    font-style: italic;
+    padding: 0;
+    margin: 15px 0 5px;
+}
+.markdown-body dl dt:first-child {
+    padding: 0;
+}
+.markdown-body dl dt>:first-child {
+    margin-top: 0px;
+}
+.markdown-body dl dt>:last-child {
+    margin-bottom: 0px;
+}
+.markdown-body dl dd {
+    margin: 0 0 15px;
+    padding: 0 15px;
+}
+.markdown-body dl dd>:first-child {
+    margin-top: 0px;
+}
+.markdown-body dl dd>:last-child {
+    margin-bottom: 0px;
+}
+.markdown-body blockquote {
+    border-left: 4px solid #DDD;
+    padding: 0 15px;
+    color: #777;
+}
+.markdown-body blockquote>:first-child {
+    margin-top: 0px;
+}
+.markdown-body blockquote>:last-child {
+    margin-bottom: 0px;
+}
+.markdown-body table th {
+    font-weight: bold;
+}
+.markdown-body table th, .markdown-body table td {
+    border: 1px solid #ccc;
+    padding: 6px 13px;
+}
+.markdown-body table tr {
+    border-top: 1px solid #ccc;
+    background-color: #fff;
+}
+.markdown-body table tr:nth-child(2n) {
+    background-color: #f8f8f8;
+}
+.markdown-body img {
+    max-width: 100%;
+    -moz-box-sizing: border-box;
+    box-sizing: border-box;
+}
+.markdown-body span.frame {
+    display: block;
+    overflow: hidden;
+}
+.markdown-body span.frame>span {
+    border: 1px solid #ddd;
+    display: block;
+    float: left;
+    overflow: hidden;
+    margin: 13px 0 0;
+    padding: 7px;
+    width: auto;
+}
+.markdown-body span.frame span img {
+    display: block;
+    float: left;
+}
+.markdown-body span.frame span span {
+    clear: both;
+    color: #333;
+    display: block;
+    padding: 5px 0 0;
+}
+.markdown-body span.align-center {
+    display: block;
+    overflow: hidden;
+    clear: both;
+}
+.markdown-body span.align-center>span {
+    display: block;
+    overflow: hidden;
+    margin: 13px auto 0;
+    text-align: center;
+}
+.markdown-body span.align-center span img {
+    margin: 0 auto;
+    text-align: center;
+}
+.markdown-body span.align-right {
+    display: block;
+    overflow: hidden;
+    clear: both;
+}
+.markdown-body span.align-right>span {
+    display: block;
+    overflow: hidden;
+    margin: 13px 0 0;
+    text-align: right;
+}
+.markdown-body span.align-right span img {
+    margin: 0;
+    text-align: right;
+}
+.markdown-body span.float-left {
+    display: block;
+    margin-right: 13px;
+    overflow: hidden;
+    float: left;
+}
+.markdown-body span.float-left span {
+    margin: 13px 0 0;
+}
+.markdown-body span.float-right {
+    display: block;
+    margin-left: 13px;
+    overflow: hidden;
+    float: right;
+}
+.markdown-body span.float-right>span {
+    display: block;
+    overflow: hidden;
+    margin: 13px auto 0;
+    text-align: right;
+}
+.markdown-body code, .markdown-body tt {
+    margin: 0 2px;
+    padding: 0px 5px;
+    border: 1px solid #eaeaea;
+    background-color: #f8f8f8;
+    border-radius: 3px;
+}
+.markdown-body code {
+    white-space: nowrap;
+}
+.markdown-body pre>code {
+    margin: 0;
+    padding: 0;
+    white-space: pre;
+    border: none;
+    background: transparent;
+}
+.markdown-body .highlight pre, .markdown-body pre {
+    background-color: #f8f8f8;
+    border: 1px solid #ccc;
+    font-size: 13px;
+    line-height: 19px;
+    overflow: auto;
+    padding: 6px 10px;
+    border-radius: 3px;
+}
+.markdown-body pre code, .markdown-body pre tt {
+    margin: 0;
+    padding: 0;
+    background-color: transparent;
+    border: none;
+}
+''')
+sys.stdout.write(HtmlFormatter(style='pastie').get_style_defs('.highlight'))
+sys.stdout.write('''
+</style>   
+''')
+sys.stdout.write("<div class='markdown-body'>")
+sys.stdout.flush()
+# Note: you may want to run this through bleach for sanitization
+markdown.markdownFromFile(
+	output_format="html5",
+	extensions=[
+		"markdown.extensions.fenced_code",
+		"markdown.extensions.codehilite",
+		"markdown.extensions.tables",
+		TocExtension(anchorlink=True)],
+	extension_configs={
+		"markdown.extensions.codehilite":{"css_class":"highlight"}})
+sys.stdout.write("</div>")
diff --git a/var/jail/www/usr/local/lib/cgit/filters/html-converters/org2html b/var/jail/www/usr/local/lib/cgit/filters/html-converters/org2html
new file mode 100755
index 0000000..e9c3b44
--- /dev/null
+++ b/var/jail/www/usr/local/lib/cgit/filters/html-converters/org2html
@@ -0,0 +1,2 @@
+#!/bin/sh
+pandoc -forg -tgfm | ./md2html
diff --git a/var/jail/www/usr/local/lib/cgit/filters/syntax-highlighting-edited.sh b/var/jail/www/usr/local/lib/cgit/filters/syntax-highlighting-edited.sh
new file mode 100755
index 0000000..3de95fa
--- /dev/null
+++ b/var/jail/www/usr/local/lib/cgit/filters/syntax-highlighting-edited.sh
@@ -0,0 +1,121 @@
+#!/bin/sh
+# This script can be used to implement syntax highlighting in the cgit
+# tree-view by referring to this file with the source-filter or repo.source-
+# filter options in cgitrc.
+#
+# This script requires a shell supporting the ${var##pattern} syntax.
+# It is supported by at least dash and bash, however busybox environments
+# might have to use an external call to sed instead.
+#
+# Note: the highlight command (http://www.andre-simon.de/) uses css for syntax
+# highlighting, so you'll probably want something like the following included
+# in your css file:
+#
+# Style definition file generated by highlight 2.4.8, http://www.andre-simon.de/
+#
+# table.blob .num  { color:#2928ff; }
+# table.blob .esc  { color:#ff00ff; }
+# table.blob .str  { color:#ff0000; }
+# table.blob .dstr { color:#818100; }
+# table.blob .slc  { color:#838183; font-style:italic; }
+# table.blob .com  { color:#838183; font-style:italic; }
+# table.blob .dir  { color:#008200; }
+# table.blob .sym  { color:#000000; }
+# table.blob .kwa  { color:#000000; font-weight:bold; }
+# table.blob .kwb  { color:#830000; }
+# table.blob .kwc  { color:#000000; font-weight:bold; }
+# table.blob .kwd  { color:#010181; }
+#
+#
+# Style definition file generated by highlight 2.6.14, http://www.andre-simon.de/
+#
+# body.hl  { background-color:#ffffff; }
+# pre.hl   { color:#000000; background-color:#ffffff; font-size:10pt; font-family:'Courier New';}
+# .hl.num  { color:#2928ff; }
+# .hl.esc  { color:#ff00ff; }
+# .hl.str  { color:#ff0000; }
+# .hl.dstr { color:#818100; }
+# .hl.slc  { color:#838183; font-style:italic; }
+# .hl.com  { color:#838183; font-style:italic; }
+# .hl.dir  { color:#008200; }
+# .hl.sym  { color:#000000; }
+# .hl.line { color:#555555; }
+# .hl.mark { background-color:#ffffbb;}
+# .hl.kwa  { color:#000000; font-weight:bold; }
+# .hl.kwb  { color:#830000; }
+# .hl.kwc  { color:#000000; font-weight:bold; }
+# .hl.kwd  { color:#010181; }
+#
+#
+# Style definition file generated by highlight 3.8, http://www.andre-simon.de/
+#
+# body.hl { background-color:#e0eaee; }
+# pre.hl  { color:#000000; background-color:#e0eaee; font-size:10pt; font-family:'Courier New';}
+# .hl.num { color:#b07e00; }
+# .hl.esc { color:#ff00ff; }
+# .hl.str { color:#bf0303; }
+# .hl.pps { color:#818100; }
+# .hl.slc { color:#838183; font-style:italic; }
+# .hl.com { color:#838183; font-style:italic; }
+# .hl.ppc { color:#008200; }
+# .hl.opt { color:#000000; }
+# .hl.lin { color:#555555; }
+# .hl.kwa { color:#000000; font-weight:bold; }
+# .hl.kwb { color:#0057ae; }
+# .hl.kwc { color:#000000; font-weight:bold; }
+# .hl.kwd { color:#010181; }
+#
+#
+# Style definition file generated by highlight 3.13, http://www.andre-simon.de/
+#
+# body.hl { background-color:#e0eaee; }
+# pre.hl  { color:#000000; background-color:#e0eaee; font-size:10pt; font-family:'Courier New',monospace;}
+# .hl.num { color:#b07e00; }
+# .hl.esc { color:#ff00ff; }
+# .hl.str { color:#bf0303; }
+# .hl.pps { color:#818100; }
+# .hl.slc { color:#838183; font-style:italic; }
+# .hl.com { color:#838183; font-style:italic; }
+# .hl.ppc { color:#008200; }
+# .hl.opt { color:#000000; }
+# .hl.ipl { color:#0057ae; }
+# .hl.lin { color:#555555; }
+# .hl.kwa { color:#000000; font-weight:bold; }
+# .hl.kwb { color:#0057ae; }
+# .hl.kwc { color:#000000; font-weight:bold; }
+# .hl.kwd { color:#010181; }
+#
+#
+# The following environment variables can be used to retrieve the configuration
+# of the repository for which this script is called:
+# CGIT_REPO_URL        ( = repo.url       setting )
+# CGIT_REPO_NAME       ( = repo.name      setting )
+# CGIT_REPO_PATH       ( = repo.path      setting )
+# CGIT_REPO_OWNER      ( = repo.owner     setting )
+# CGIT_REPO_DEFBRANCH  ( = repo.defbranch setting )
+# CGIT_REPO_SECTION    ( = section        setting )
+# CGIT_REPO_CLONE_URL  ( = repo.clone-url setting )
+#
+
+# store filename and extension in local vars
+BASENAME="$1"
+EXTENSION="${BASENAME##*.}"
+
+[ "${BASENAME}" = "${EXTENSION}" ] && EXTENSION=txt
+[ -z "${EXTENSION}" ] && EXTENSION=txt
+
+# map Makefile and Makefile.* to .mk
+[ "${BASENAME%%.*}" = "Makefile" ] && EXTENSION=mk
+
+# highlight versions 2 and 3 have different commandline options. Specifically,
+# the -X option that is used for version 2 is replaced by the -O xhtml option
+# for version 3.
+#
+# Version 2 can be found (for example) on EPEL 5, while version 3 can be
+# found (for example) on EPEL 6.
+#
+# This is for version 2
+#exec highlight --force -f -I -X -S "$EXTENSION" 2>/dev/null
+
+# This is for version 3
+exec highlight --force --inline-css -f -I -O xhtml -S "$EXTENSION" 2>/dev/null
-- 
cgit v1.2.3