From 9208846b5747abcd08792605511a1dd1ab457ccf Mon Sep 17 00:00:00 2001
From: JoeServ <bousset.rudy@gmail.com>
Date: Mon, 27 Feb 2023 15:41:41 +0100
Subject: Jail rework
---
var/jail/git/etc/rc.conf | 8 +
var/jail/i2p/etc/rc.conf | 8 +
var/jail/nextcloud/etc/rc.conf | 8 +
var/jail/wireguard/etc/rc.conf | 11 +
var/jail/www/etc/rc.conf | 13 +
var/jail/www/usr/local/etc/cgitrc | 83 ++++++
var/jail/www/usr/local/etc/nginx/nginx.conf | 144 ++++++++++
.../lib/cgit/filters/about-formatting-edited.sh | 28 ++
.../local/lib/cgit/filters/html-converters/md2html | 307 +++++++++++++++++++++
.../lib/cgit/filters/html-converters/org2html | 2 +
.../lib/cgit/filters/syntax-highlighting-edited.sh | 121 ++++++++
11 files changed, 733 insertions(+)
create mode 100644 var/jail/git/etc/rc.conf
create mode 100644 var/jail/i2p/etc/rc.conf
create mode 100644 var/jail/nextcloud/etc/rc.conf
create mode 100644 var/jail/wireguard/etc/rc.conf
create mode 100644 var/jail/www/etc/rc.conf
create mode 100644 var/jail/www/usr/local/etc/cgitrc
create mode 100644 var/jail/www/usr/local/etc/nginx/nginx.conf
create mode 100755 var/jail/www/usr/local/lib/cgit/filters/about-formatting-edited.sh
create mode 100755 var/jail/www/usr/local/lib/cgit/filters/html-converters/md2html
create mode 100755 var/jail/www/usr/local/lib/cgit/filters/html-converters/org2html
create mode 100755 var/jail/www/usr/local/lib/cgit/filters/syntax-highlighting-edited.sh
(limited to 'var')
diff --git a/var/jail/git/etc/rc.conf b/var/jail/git/etc/rc.conf
new file mode 100644
index 0000000..30dad04
--- /dev/null
+++ b/var/jail/git/etc/rc.conf
@@ -0,0 +1,8 @@
+# Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable
+dumpdev="NO"
+cron_flags="-m ''"
+sendmail_enable="NONE"
+sendmail_submit_enable="NONE"
+sendmail_msp_queue_enable="NONE"
+sendmail_outbound_enable="NONE"
+sshd_enable="YES"
diff --git a/var/jail/i2p/etc/rc.conf b/var/jail/i2p/etc/rc.conf
new file mode 100644
index 0000000..ffd49a6
--- /dev/null
+++ b/var/jail/i2p/etc/rc.conf
@@ -0,0 +1,8 @@
+# Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable
+dumpdev="NO"
+cron_flags="-m ''"
+sendmail_enable="NONE"
+sendmail_submit_enable="NONE"
+sendmail_msp_queue_enable="NONE"
+sendmail_outbound_enable="NONE"
+i2pd_enable="YES"
diff --git a/var/jail/nextcloud/etc/rc.conf b/var/jail/nextcloud/etc/rc.conf
new file mode 100644
index 0000000..2307f03
--- /dev/null
+++ b/var/jail/nextcloud/etc/rc.conf
@@ -0,0 +1,8 @@
+sshd_enable="NO"
+# Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable
+dumpdev="NO"
+cron_flags="-m ''"
+sendmail_enable="NONE"
+sendmail_submit_enable="NONE"
+sendmail_msp_queue_enable="NONE"
+sendmail_outbound_enable="NONE"
diff --git a/var/jail/wireguard/etc/rc.conf b/var/jail/wireguard/etc/rc.conf
new file mode 100644
index 0000000..48ffe2d
--- /dev/null
+++ b/var/jail/wireguard/etc/rc.conf
@@ -0,0 +1,11 @@
+# Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable
+dumpdev="NO"
+cron_flags="-m ''"
+sendmail_enable="NONE"
+sendmail_submit_enable="NONE"
+sendmail_msp_queue_enable="NONE"
+sendmail_outbound_enable="NONE"
+wireguard_enable="NO"
+wireguard_interfaces="wg0"
+gateway_enable="YES"
+pf_enable="YES"
diff --git a/var/jail/www/etc/rc.conf b/var/jail/www/etc/rc.conf
new file mode 100644
index 0000000..682f65a
--- /dev/null
+++ b/var/jail/www/etc/rc.conf
@@ -0,0 +1,13 @@
+# Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable
+dumpdev="NO"
+cron_flags="-m ''"
+sendmail_enable="NONE"
+sendmail_submit_enable="NONE"
+sendmail_msp_queue_enable="NONE"
+sendmail_outbound_enable="NONE"
+nginx_enable="YES"
+fcgiwrap_enable="YES"
+fcgiwrap_user="www"
+fcgiwrap_group="www"
+fcgiwrap_socket_owner="www"
+fcgiwrap_socket_group="www"
diff --git a/var/jail/www/usr/local/etc/cgitrc b/var/jail/www/usr/local/etc/cgitrc
new file mode 100644
index 0000000..cb8da04
--- /dev/null
+++ b/var/jail/www/usr/local/etc/cgitrc
@@ -0,0 +1,83 @@
+#
+# cgit config
+#
+
+css=/css/cgit.css
+logo=/img/cgit.png
+favicon=/img/favicon.ico
+
+# if you do not want that webcrawler (like google) index your site
+robots=index, nofollow
+
+# if cgit messes up links, use a virtual-root. For example, cgit.example.org/ has this value:
+virtual-root=/
+
+root-title=GitJoe
+root-desc=where the good code belongs
+root-readme=/var/www/gitjoe/about.html
+footer=/var/www/gitjoe/footer.html
+
+clone-url=git://gitjoe.xyz/$CGIT_REPO_URL
+
+enable-blame=0
+enable-commit-graph=1
+enable-filter-overrides=1
+enable-follow-links=1
+enable-git-config=0
+enable-http-clone=0
+enable-http-serving=0
+enable-index-links=0
+enable-index-owner=0
+enable-log-filecount=1
+enable-log-linecount=1
+enable-remote-branches=1
+enable-subject-links=1
+enable-tree-linenumbers=1
+
+branch-sort=age
+repository-sort=name
+local-time=0
+strict-export=git-daemon-export-ok
+remove-suffix=1
+side-by-side-diffs=0
+section-sort=1
+section-from-path=1
+
+cache-size=0
+
+about-filter=/usr/local/lib/cgit/filters/about-formatting-edited.sh
+source-filter=/usr/local/lib/cgit/filters/syntax-highlighting-edited.sh
+
+snapshots=tar.zst tar.gz tar.bz2 tar.xz zip
+max-stats=year
+
+readme=:README.md
+readme=:readme.md
+readme=:README.org
+readme=:readme.org
+readme=:README.mkd
+readme=:readme.mkd
+readme=:README.html
+readme=:readme.html
+readme=:README.htm
+readme=:readme.htm
+readme=:README.txt
+readme=:readme.txt
+readme=:README
+readme=:readme
+readme=:INSTALL.md
+readme=:install.md
+readme=:INSTALL.org
+readme=:install.org
+readme=:INSTALL.mkd
+readme=:install.mkd
+readme=:INSTALL.html
+readme=:install.html
+readme=:INSTALL.htm
+readme=:install.htm
+readme=:INSTALL.txt
+readme=:install.txt
+readme=:INSTALL
+readme=:install
+
+scan-path=/var/mnt/git
diff --git a/var/jail/www/usr/local/etc/nginx/nginx.conf b/var/jail/www/usr/local/etc/nginx/nginx.conf
new file mode 100644
index 0000000..869ff4d
--- /dev/null
+++ b/var/jail/www/usr/local/etc/nginx/nginx.conf
@@ -0,0 +1,144 @@
+worker_processes 1;
+
+events {
+ worker_connections 1024;
+}
+
+http {
+ include mime.types;
+ default_type application/octet-stream;
+ sendfile on;
+ keepalive_timeout 65;
+ gzip on;
+ gzip_vary on;
+ gzip_min_length 1k;
+ gzip_proxied expired no-cache no-store private auth;
+ gzip_buffers 4 16k;
+ gzip_http_version 1.1;
+ gzip_comp_level 2;
+ gzip_types text/plain application/x-javascript application/javascript text/css application/xml application/json;
+
+ map $sent_http_content_type $expires {
+ default off;
+ text/css 15m;
+ application/javascript 15m;
+ ~image/ 15m;
+ }
+
+# JOZAN
+
+ server{
+ server_name jozan.org;
+ root /var/www/joe;
+ index index.html;
+ expires $expires;
+
+ location / {
+ try_files $uri $uri/ =404;
+ }
+ location ~ /\.ht {
+ deny all;
+ }
+ location ~ \.cgi$ {
+ include fastcgi_params;
+ fastcgi_param SCRIPT_FILENAME $document_root/asm-example.cgi;
+ fastcgi_param PATH_INFO $uri;
+ fastcgi_param HTTP_HOST $server_name;
+ fastcgi_pass unix:/var/run/fcgiwrap/fcgiwrap.sock;
+ }
+ error_page 403 /403.html;
+ location = /403.html {
+ root /var/www/joe/err;
+ }
+ error_page 404 /404.html;
+ location = /404.html {
+ root /var/www/joe/err;
+ }
+ error_page 500 502 503 504 /50x.html;
+ location = /50x.html {
+ root /usr/local/www/nginx-dist;
+ }
+
+ listen 443 ssl; # managed by Certbot
+ ssl_certificate /usr/local/etc/letsencrypt/live/jozan.org/fullchain.pem; # managed by Certbot
+ ssl_certificate_key /usr/local/etc/letsencrypt/live/jozan.org/privkey.pem; # managed by Certbot
+ include /usr/local/etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+ ssl_dhparam /usr/local/etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+
+
+}
+
+# GITJOE
+
+ server {
+ server_name gitjoe.xyz;
+ root /var/www/gitjoe;
+ try_files $uri @cgit;
+ index cgit.cgi;
+
+ location @cgit {
+ include fastcgi_params;
+ fastcgi_param SCRIPT_FILENAME $document_root/cgit.cgi;
+ fastcgi_param PATH_INFO $uri;
+ fastcgi_param QUERY_STRING $args;
+ fastcgi_param HTTP_HOST $server_name;
+ fastcgi_param CGIT_CONFIG /usr/local/etc/cgitrc;
+ fastcgi_pass unix:/var/run/fcgiwrap/fcgiwrap.sock;
+
+ gzip off;
+ rewrite ^/([^/]+/.*)?$ /cgit.cgi?url=$1 break;
+ }
+ error_page 500 502 503 504 /50x.html;
+ location = /50x.html {
+ root /usr/local/www/nginx-dist;
+ }
+
+ listen 443 ssl;
+
+ ssl_certificate /usr/local/etc/letsencrypt/live/jozan.org/fullchain.pem; # managed by Certbot
+ ssl_certificate_key /usr/local/etc/letsencrypt/live/jozan.org/privkey.pem; # managed by Certbot
+}
+
+# REDIRECT 80 to 443
+
+server{
+ if ($host = jozan.org) {
+ return 301 https://$host$request_uri;
+ }
+
+
+ if ($host = www.jozanofastora.xyz) {
+ return 301 https://$host$request_uri;
+ } # managed by Certbot
+
+
+ if ($host = jozanofastora.xyz) {
+ return 301 https://$host$request_uri;
+ } # managed by Certbot
+
+
+ if ($host = www.jozan.org) {
+ return 301 https://$host$request_uri;
+ } # managed by Certbot
+
+ if ($host = gitjoe.xyz) {
+ return 301 https://$host$request_uri;
+ } # managed by Certbot
+
+ server_name jozan.org www.jozan.org jozanofastora.xyz www.jozanofastora.xyz gitjoe.xyz;
+ listen 80;
+ return 404;
+}
+
+# REDIRECT 443 to JOZAN 443
+
+server{
+ listen 443 ssl;
+ server_name www.jozan.org jozanofastora.xyz www.jozanofastora.xyz;
+ return 301 $scheme://jozan.org$request_uri;
+ ssl_certificate /usr/local/etc/letsencrypt/live/jozan.org/fullchain.pem; # managed by Certbot
+ ssl_certificate_key /usr/local/etc/letsencrypt/live/jozan.org/privkey.pem; # managed by Certbot
+ include /usr/local/etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+ ssl_dhparam /usr/local/etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+}
+}
diff --git a/var/jail/www/usr/local/lib/cgit/filters/about-formatting-edited.sh b/var/jail/www/usr/local/lib/cgit/filters/about-formatting-edited.sh
new file mode 100755
index 0000000..cf1140e
--- /dev/null
+++ b/var/jail/www/usr/local/lib/cgit/filters/about-formatting-edited.sh
@@ -0,0 +1,28 @@
+#!/bin/sh
+
+# This may be used with the about-filter or repo.about-filter setting in cgitrc.
+# It passes formatting of about pages to differing programs, depending on the usage.
+
+# Markdown support requires python and markdown-python.
+# RestructuredText support requires python and docutils.
+# Man page support requires groff.
+
+# The following environment variables can be used to retrieve the configuration
+# of the repository for which this script is called:
+# CGIT_REPO_URL ( = repo.url setting )
+# CGIT_REPO_NAME ( = repo.name setting )
+# CGIT_REPO_PATH ( = repo.path setting )
+# CGIT_REPO_OWNER ( = repo.owner setting )
+# CGIT_REPO_DEFBRANCH ( = repo.defbranch setting )
+# CGIT_REPO_SECTION ( = section setting )
+# CGIT_REPO_CLONE_URL ( = repo.clone-url setting )
+
+cd "$(dirname $0)/html-converters/"
+case "$(printf '%s' "$1" | tr '[:upper:]' '[:lower:]')" in
+ *.org) exec ./org2html; ;;
+ *.markdown|*.mdown|*.md|*.mkd) exec ./md2html; ;;
+ *.rst) exec ./rst2html; ;;
+ *.[1-9]) exec ./man2html; ;;
+ *.htm|*.html) exec cat; ;;
+ *.txt|*) exec ./txt2html; ;;
+esac
diff --git a/var/jail/www/usr/local/lib/cgit/filters/html-converters/md2html b/var/jail/www/usr/local/lib/cgit/filters/html-converters/md2html
new file mode 100755
index 0000000..a4a43ff
--- /dev/null
+++ b/var/jail/www/usr/local/lib/cgit/filters/html-converters/md2html
@@ -0,0 +1,307 @@
+#!/usr/local/bin/python3.9
+import markdown
+import sys
+import io
+from pygments.formatters import HtmlFormatter
+from markdown.extensions.toc import TocExtension
+sys.stdin = io.TextIOWrapper(sys.stdin.buffer, encoding='utf-8')
+sys.stdout = io.TextIOWrapper(sys.stdout.buffer, encoding='utf-8')
+sys.stdout.write('''
+<style>
+.markdown-body {
+ font-size: 14px;
+ line-height: 1.6;
+ overflow: hidden;
+}
+.markdown-body>*:first-child {
+ margin-top: 0 !important;
+}
+.markdown-body>*:last-child {
+ margin-bottom: 0 !important;
+}
+.markdown-body a.absent {
+ color: #c00;
+}
+.markdown-body a.anchor {
+ display: block;
+ padding-left: 30px;
+ margin-left: -30px;
+ cursor: pointer;
+ position: absolute;
+ top: 0;
+ left: 0;
+ bottom: 0;
+}
+.markdown-body h1, .markdown-body h2, .markdown-body h3, .markdown-body h4, .markdown-body h5, .markdown-body h6 {
+ margin: 20px 0 10px;
+ padding: 0;
+ font-weight: bold;
+ -webkit-font-smoothing: antialiased;
+ cursor: text;
+ position: relative;
+}
+.markdown-body h1 .mini-icon-link, .markdown-body h2 .mini-icon-link, .markdown-body h3 .mini-icon-link, .markdown-body h4 .mini-icon-link, .markdown-body h5 .mini-icon-link, .markdown-body h6 .mini-icon-link {
+ display: none;
+ color: #000;
+}
+.markdown-body h1:hover a.anchor, .markdown-body h2:hover a.anchor, .markdown-body h3:hover a.anchor, .markdown-body h4:hover a.anchor, .markdown-body h5:hover a.anchor, .markdown-body h6:hover a.anchor {
+ text-decoration: none;
+ line-height: 1;
+ padding-left: 0;
+ margin-left: -22px;
+ top: 15%;
+}
+.markdown-body h1:hover a.anchor .mini-icon-link, .markdown-body h2:hover a.anchor .mini-icon-link, .markdown-body h3:hover a.anchor .mini-icon-link, .markdown-body h4:hover a.anchor .mini-icon-link, .markdown-body h5:hover a.anchor .mini-icon-link, .markdown-body h6:hover a.anchor .mini-icon-link {
+ display: inline-block;
+}
+div#cgit .markdown-body h1 a.toclink, div#cgit .markdown-body h2 a.toclink, div#cgit .markdown-body h3 a.toclink, div#cgit .markdown-body h4 a.toclink, div#cgit .markdown-body h5 a.toclink, div#cgit .markdown-body h6 a.toclink {
+ color: black;
+}
+.markdown-body h1 tt, .markdown-body h1 code, .markdown-body h2 tt, .markdown-body h2 code, .markdown-body h3 tt, .markdown-body h3 code, .markdown-body h4 tt, .markdown-body h4 code, .markdown-body h5 tt, .markdown-body h5 code, .markdown-body h6 tt, .markdown-body h6 code {
+ font-size: inherit;
+}
+.markdown-body h1 {
+ font-size: 28px;
+ color: #000;
+}
+.markdown-body h2 {
+ font-size: 24px;
+ border-bottom: 1px solid #ccc;
+ color: #000;
+}
+.markdown-body h3 {
+ font-size: 18px;
+}
+.markdown-body h4 {
+ font-size: 16px;
+}
+.markdown-body h5 {
+ font-size: 14px;
+}
+.markdown-body h6 {
+ color: #777;
+ font-size: 14px;
+}
+.markdown-body p, .markdown-body blockquote, .markdown-body ul, .markdown-body ol, .markdown-body dl, .markdown-body table, .markdown-body pre {
+ margin: 15px 0;
+}
+.markdown-body hr {
+ background: transparent url("/dirty-shade.png") repeat-x 0 0;
+ border: 0 none;
+ color: #ccc;
+ height: 4px;
+ padding: 0;
+}
+.markdown-body>h2:first-child, .markdown-body>h1:first-child, .markdown-body>h1:first-child+h2, .markdown-body>h3:first-child, .markdown-body>h4:first-child, .markdown-body>h5:first-child, .markdown-body>h6:first-child {
+ margin-top: 0;
+ padding-top: 0;
+}
+.markdown-body a:first-child h1, .markdown-body a:first-child h2, .markdown-body a:first-child h3, .markdown-body a:first-child h4, .markdown-body a:first-child h5, .markdown-body a:first-child h6 {
+ margin-top: 0;
+ padding-top: 0;
+}
+.markdown-body h1+p, .markdown-body h2+p, .markdown-body h3+p, .markdown-body h4+p, .markdown-body h5+p, .markdown-body h6+p {
+ margin-top: 0;
+}
+.markdown-body li p.first {
+ display: inline-block;
+}
+.markdown-body ul, .markdown-body ol {
+ padding-left: 30px;
+}
+.markdown-body ul.no-list, .markdown-body ol.no-list {
+ list-style-type: none;
+ padding: 0;
+}
+.markdown-body ul li>:first-child, .markdown-body ul li ul:first-of-type, .markdown-body ul li ol:first-of-type, .markdown-body ol li>:first-child, .markdown-body ol li ul:first-of-type, .markdown-body ol li ol:first-of-type {
+ margin-top: 0px;
+}
+.markdown-body ul li p:last-of-type, .markdown-body ol li p:last-of-type {
+ margin-bottom: 0;
+}
+.markdown-body ul ul, .markdown-body ul ol, .markdown-body ol ol, .markdown-body ol ul {
+ margin-bottom: 0;
+}
+.markdown-body dl {
+ padding: 0;
+}
+.markdown-body dl dt {
+ font-size: 14px;
+ font-weight: bold;
+ font-style: italic;
+ padding: 0;
+ margin: 15px 0 5px;
+}
+.markdown-body dl dt:first-child {
+ padding: 0;
+}
+.markdown-body dl dt>:first-child {
+ margin-top: 0px;
+}
+.markdown-body dl dt>:last-child {
+ margin-bottom: 0px;
+}
+.markdown-body dl dd {
+ margin: 0 0 15px;
+ padding: 0 15px;
+}
+.markdown-body dl dd>:first-child {
+ margin-top: 0px;
+}
+.markdown-body dl dd>:last-child {
+ margin-bottom: 0px;
+}
+.markdown-body blockquote {
+ border-left: 4px solid #DDD;
+ padding: 0 15px;
+ color: #777;
+}
+.markdown-body blockquote>:first-child {
+ margin-top: 0px;
+}
+.markdown-body blockquote>:last-child {
+ margin-bottom: 0px;
+}
+.markdown-body table th {
+ font-weight: bold;
+}
+.markdown-body table th, .markdown-body table td {
+ border: 1px solid #ccc;
+ padding: 6px 13px;
+}
+.markdown-body table tr {
+ border-top: 1px solid #ccc;
+ background-color: #fff;
+}
+.markdown-body table tr:nth-child(2n) {
+ background-color: #f8f8f8;
+}
+.markdown-body img {
+ max-width: 100%;
+ -moz-box-sizing: border-box;
+ box-sizing: border-box;
+}
+.markdown-body span.frame {
+ display: block;
+ overflow: hidden;
+}
+.markdown-body span.frame>span {
+ border: 1px solid #ddd;
+ display: block;
+ float: left;
+ overflow: hidden;
+ margin: 13px 0 0;
+ padding: 7px;
+ width: auto;
+}
+.markdown-body span.frame span img {
+ display: block;
+ float: left;
+}
+.markdown-body span.frame span span {
+ clear: both;
+ color: #333;
+ display: block;
+ padding: 5px 0 0;
+}
+.markdown-body span.align-center {
+ display: block;
+ overflow: hidden;
+ clear: both;
+}
+.markdown-body span.align-center>span {
+ display: block;
+ overflow: hidden;
+ margin: 13px auto 0;
+ text-align: center;
+}
+.markdown-body span.align-center span img {
+ margin: 0 auto;
+ text-align: center;
+}
+.markdown-body span.align-right {
+ display: block;
+ overflow: hidden;
+ clear: both;
+}
+.markdown-body span.align-right>span {
+ display: block;
+ overflow: hidden;
+ margin: 13px 0 0;
+ text-align: right;
+}
+.markdown-body span.align-right span img {
+ margin: 0;
+ text-align: right;
+}
+.markdown-body span.float-left {
+ display: block;
+ margin-right: 13px;
+ overflow: hidden;
+ float: left;
+}
+.markdown-body span.float-left span {
+ margin: 13px 0 0;
+}
+.markdown-body span.float-right {
+ display: block;
+ margin-left: 13px;
+ overflow: hidden;
+ float: right;
+}
+.markdown-body span.float-right>span {
+ display: block;
+ overflow: hidden;
+ margin: 13px auto 0;
+ text-align: right;
+}
+.markdown-body code, .markdown-body tt {
+ margin: 0 2px;
+ padding: 0px 5px;
+ border: 1px solid #eaeaea;
+ background-color: #f8f8f8;
+ border-radius: 3px;
+}
+.markdown-body code {
+ white-space: nowrap;
+}
+.markdown-body pre>code {
+ margin: 0;
+ padding: 0;
+ white-space: pre;
+ border: none;
+ background: transparent;
+}
+.markdown-body .highlight pre, .markdown-body pre {
+ background-color: #f8f8f8;
+ border: 1px solid #ccc;
+ font-size: 13px;
+ line-height: 19px;
+ overflow: auto;
+ padding: 6px 10px;
+ border-radius: 3px;
+}
+.markdown-body pre code, .markdown-body pre tt {
+ margin: 0;
+ padding: 0;
+ background-color: transparent;
+ border: none;
+}
+''')
+sys.stdout.write(HtmlFormatter(style='pastie').get_style_defs('.highlight'))
+sys.stdout.write('''
+</style>
+''')
+sys.stdout.write("<div class='markdown-body'>")
+sys.stdout.flush()
+# Note: you may want to run this through bleach for sanitization
+markdown.markdownFromFile(
+ output_format="html5",
+ extensions=[
+ "markdown.extensions.fenced_code",
+ "markdown.extensions.codehilite",
+ "markdown.extensions.tables",
+ TocExtension(anchorlink=True)],
+ extension_configs={
+ "markdown.extensions.codehilite":{"css_class":"highlight"}})
+sys.stdout.write("</div>")
diff --git a/var/jail/www/usr/local/lib/cgit/filters/html-converters/org2html b/var/jail/www/usr/local/lib/cgit/filters/html-converters/org2html
new file mode 100755
index 0000000..e9c3b44
--- /dev/null
+++ b/var/jail/www/usr/local/lib/cgit/filters/html-converters/org2html
@@ -0,0 +1,2 @@
+#!/bin/sh
+pandoc -forg -tgfm | ./md2html
diff --git a/var/jail/www/usr/local/lib/cgit/filters/syntax-highlighting-edited.sh b/var/jail/www/usr/local/lib/cgit/filters/syntax-highlighting-edited.sh
new file mode 100755
index 0000000..3de95fa
--- /dev/null
+++ b/var/jail/www/usr/local/lib/cgit/filters/syntax-highlighting-edited.sh
@@ -0,0 +1,121 @@
+#!/bin/sh
+# This script can be used to implement syntax highlighting in the cgit
+# tree-view by referring to this file with the source-filter or repo.source-
+# filter options in cgitrc.
+#
+# This script requires a shell supporting the ${var##pattern} syntax.
+# It is supported by at least dash and bash, however busybox environments
+# might have to use an external call to sed instead.
+#
+# Note: the highlight command (http://www.andre-simon.de/) uses css for syntax
+# highlighting, so you'll probably want something like the following included
+# in your css file:
+#
+# Style definition file generated by highlight 2.4.8, http://www.andre-simon.de/
+#
+# table.blob .num { color:#2928ff; }
+# table.blob .esc { color:#ff00ff; }
+# table.blob .str { color:#ff0000; }
+# table.blob .dstr { color:#818100; }
+# table.blob .slc { color:#838183; font-style:italic; }
+# table.blob .com { color:#838183; font-style:italic; }
+# table.blob .dir { color:#008200; }
+# table.blob .sym { color:#000000; }
+# table.blob .kwa { color:#000000; font-weight:bold; }
+# table.blob .kwb { color:#830000; }
+# table.blob .kwc { color:#000000; font-weight:bold; }
+# table.blob .kwd { color:#010181; }
+#
+#
+# Style definition file generated by highlight 2.6.14, http://www.andre-simon.de/
+#
+# body.hl { background-color:#ffffff; }
+# pre.hl { color:#000000; background-color:#ffffff; font-size:10pt; font-family:'Courier New';}
+# .hl.num { color:#2928ff; }
+# .hl.esc { color:#ff00ff; }
+# .hl.str { color:#ff0000; }
+# .hl.dstr { color:#818100; }
+# .hl.slc { color:#838183; font-style:italic; }
+# .hl.com { color:#838183; font-style:italic; }
+# .hl.dir { color:#008200; }
+# .hl.sym { color:#000000; }
+# .hl.line { color:#555555; }
+# .hl.mark { background-color:#ffffbb;}
+# .hl.kwa { color:#000000; font-weight:bold; }
+# .hl.kwb { color:#830000; }
+# .hl.kwc { color:#000000; font-weight:bold; }
+# .hl.kwd { color:#010181; }
+#
+#
+# Style definition file generated by highlight 3.8, http://www.andre-simon.de/
+#
+# body.hl { background-color:#e0eaee; }
+# pre.hl { color:#000000; background-color:#e0eaee; font-size:10pt; font-family:'Courier New';}
+# .hl.num { color:#b07e00; }
+# .hl.esc { color:#ff00ff; }
+# .hl.str { color:#bf0303; }
+# .hl.pps { color:#818100; }
+# .hl.slc { color:#838183; font-style:italic; }
+# .hl.com { color:#838183; font-style:italic; }
+# .hl.ppc { color:#008200; }
+# .hl.opt { color:#000000; }
+# .hl.lin { color:#555555; }
+# .hl.kwa { color:#000000; font-weight:bold; }
+# .hl.kwb { color:#0057ae; }
+# .hl.kwc { color:#000000; font-weight:bold; }
+# .hl.kwd { color:#010181; }
+#
+#
+# Style definition file generated by highlight 3.13, http://www.andre-simon.de/
+#
+# body.hl { background-color:#e0eaee; }
+# pre.hl { color:#000000; background-color:#e0eaee; font-size:10pt; font-family:'Courier New',monospace;}
+# .hl.num { color:#b07e00; }
+# .hl.esc { color:#ff00ff; }
+# .hl.str { color:#bf0303; }
+# .hl.pps { color:#818100; }
+# .hl.slc { color:#838183; font-style:italic; }
+# .hl.com { color:#838183; font-style:italic; }
+# .hl.ppc { color:#008200; }
+# .hl.opt { color:#000000; }
+# .hl.ipl { color:#0057ae; }
+# .hl.lin { color:#555555; }
+# .hl.kwa { color:#000000; font-weight:bold; }
+# .hl.kwb { color:#0057ae; }
+# .hl.kwc { color:#000000; font-weight:bold; }
+# .hl.kwd { color:#010181; }
+#
+#
+# The following environment variables can be used to retrieve the configuration
+# of the repository for which this script is called:
+# CGIT_REPO_URL ( = repo.url setting )
+# CGIT_REPO_NAME ( = repo.name setting )
+# CGIT_REPO_PATH ( = repo.path setting )
+# CGIT_REPO_OWNER ( = repo.owner setting )
+# CGIT_REPO_DEFBRANCH ( = repo.defbranch setting )
+# CGIT_REPO_SECTION ( = section setting )
+# CGIT_REPO_CLONE_URL ( = repo.clone-url setting )
+#
+
+# store filename and extension in local vars
+BASENAME="$1"
+EXTENSION="${BASENAME##*.}"
+
+[ "${BASENAME}" = "${EXTENSION}" ] && EXTENSION=txt
+[ -z "${EXTENSION}" ] && EXTENSION=txt
+
+# map Makefile and Makefile.* to .mk
+[ "${BASENAME%%.*}" = "Makefile" ] && EXTENSION=mk
+
+# highlight versions 2 and 3 have different commandline options. Specifically,
+# the -X option that is used for version 2 is replaced by the -O xhtml option
+# for version 3.
+#
+# Version 2 can be found (for example) on EPEL 5, while version 3 can be
+# found (for example) on EPEL 6.
+#
+# This is for version 2
+#exec highlight --force -f -I -X -S "$EXTENSION" 2>/dev/null
+
+# This is for version 3
+exec highlight --force --inline-css -f -I -O xhtml -S "$EXTENSION" 2>/dev/null
--
cgit v1.2.3