From 9208846b5747abcd08792605511a1dd1ab457ccf Mon Sep 17 00:00:00 2001
From: JoeServ <bousset.rudy@gmail.com>
Date: Mon, 27 Feb 2023 15:41:41 +0100
Subject: Jail rework

---
 var/jail/git/etc/rc.conf                           |   8 +
 var/jail/i2p/etc/rc.conf                           |   8 +
 var/jail/nextcloud/etc/rc.conf                     |   8 +
 var/jail/wireguard/etc/rc.conf                     |  11 +
 var/jail/www/etc/rc.conf                           |  13 +
 var/jail/www/usr/local/etc/cgitrc                  |  83 ++++++
 var/jail/www/usr/local/etc/nginx/nginx.conf        | 144 ++++++++++
 .../lib/cgit/filters/about-formatting-edited.sh    |  28 ++
 .../local/lib/cgit/filters/html-converters/md2html | 307 +++++++++++++++++++++
 .../lib/cgit/filters/html-converters/org2html      |   2 +
 .../lib/cgit/filters/syntax-highlighting-edited.sh | 121 ++++++++
 11 files changed, 733 insertions(+)
 create mode 100644 var/jail/git/etc/rc.conf
 create mode 100644 var/jail/i2p/etc/rc.conf
 create mode 100644 var/jail/nextcloud/etc/rc.conf
 create mode 100644 var/jail/wireguard/etc/rc.conf
 create mode 100644 var/jail/www/etc/rc.conf
 create mode 100644 var/jail/www/usr/local/etc/cgitrc
 create mode 100644 var/jail/www/usr/local/etc/nginx/nginx.conf
 create mode 100755 var/jail/www/usr/local/lib/cgit/filters/about-formatting-edited.sh
 create mode 100755 var/jail/www/usr/local/lib/cgit/filters/html-converters/md2html
 create mode 100755 var/jail/www/usr/local/lib/cgit/filters/html-converters/org2html
 create mode 100755 var/jail/www/usr/local/lib/cgit/filters/syntax-highlighting-edited.sh

(limited to 'var')

diff --git a/var/jail/git/etc/rc.conf b/var/jail/git/etc/rc.conf
new file mode 100644
index 0000000..30dad04
--- /dev/null
+++ b/var/jail/git/etc/rc.conf
@@ -0,0 +1,8 @@
+# Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable
+dumpdev="NO"
+cron_flags="-m ''"
+sendmail_enable="NONE"
+sendmail_submit_enable="NONE"
+sendmail_msp_queue_enable="NONE"
+sendmail_outbound_enable="NONE"
+sshd_enable="YES"
diff --git a/var/jail/i2p/etc/rc.conf b/var/jail/i2p/etc/rc.conf
new file mode 100644
index 0000000..ffd49a6
--- /dev/null
+++ b/var/jail/i2p/etc/rc.conf
@@ -0,0 +1,8 @@
+# Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable
+dumpdev="NO"
+cron_flags="-m ''"
+sendmail_enable="NONE"
+sendmail_submit_enable="NONE"
+sendmail_msp_queue_enable="NONE"
+sendmail_outbound_enable="NONE"
+i2pd_enable="YES"
diff --git a/var/jail/nextcloud/etc/rc.conf b/var/jail/nextcloud/etc/rc.conf
new file mode 100644
index 0000000..2307f03
--- /dev/null
+++ b/var/jail/nextcloud/etc/rc.conf
@@ -0,0 +1,8 @@
+sshd_enable="NO"
+# Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable
+dumpdev="NO"
+cron_flags="-m ''"
+sendmail_enable="NONE"
+sendmail_submit_enable="NONE"
+sendmail_msp_queue_enable="NONE"
+sendmail_outbound_enable="NONE"
diff --git a/var/jail/wireguard/etc/rc.conf b/var/jail/wireguard/etc/rc.conf
new file mode 100644
index 0000000..48ffe2d
--- /dev/null
+++ b/var/jail/wireguard/etc/rc.conf
@@ -0,0 +1,11 @@
+# Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable
+dumpdev="NO"
+cron_flags="-m ''"
+sendmail_enable="NONE"
+sendmail_submit_enable="NONE"
+sendmail_msp_queue_enable="NONE"
+sendmail_outbound_enable="NONE"
+wireguard_enable="NO"
+wireguard_interfaces="wg0"
+gateway_enable="YES"
+pf_enable="YES"
diff --git a/var/jail/www/etc/rc.conf b/var/jail/www/etc/rc.conf
new file mode 100644
index 0000000..682f65a
--- /dev/null
+++ b/var/jail/www/etc/rc.conf
@@ -0,0 +1,13 @@
+# Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable
+dumpdev="NO"
+cron_flags="-m ''"
+sendmail_enable="NONE"
+sendmail_submit_enable="NONE"
+sendmail_msp_queue_enable="NONE"
+sendmail_outbound_enable="NONE"
+nginx_enable="YES"
+fcgiwrap_enable="YES"
+fcgiwrap_user="www"
+fcgiwrap_group="www"
+fcgiwrap_socket_owner="www"
+fcgiwrap_socket_group="www"
diff --git a/var/jail/www/usr/local/etc/cgitrc b/var/jail/www/usr/local/etc/cgitrc
new file mode 100644
index 0000000..cb8da04
--- /dev/null
+++ b/var/jail/www/usr/local/etc/cgitrc
@@ -0,0 +1,83 @@
+#
+# cgit config
+#
+
+css=/css/cgit.css
+logo=/img/cgit.png
+favicon=/img/favicon.ico
+
+# if you do not want that webcrawler (like google) index your site
+robots=index, nofollow
+
+# if cgit messes up links, use a virtual-root. For example, cgit.example.org/ has this value:
+virtual-root=/
+
+root-title=GitJoe
+root-desc=where the good code belongs
+root-readme=/var/www/gitjoe/about.html
+footer=/var/www/gitjoe/footer.html
+
+clone-url=git://gitjoe.xyz/$CGIT_REPO_URL
+
+enable-blame=0
+enable-commit-graph=1
+enable-filter-overrides=1
+enable-follow-links=1
+enable-git-config=0
+enable-http-clone=0
+enable-http-serving=0
+enable-index-links=0
+enable-index-owner=0
+enable-log-filecount=1
+enable-log-linecount=1
+enable-remote-branches=1
+enable-subject-links=1
+enable-tree-linenumbers=1
+
+branch-sort=age
+repository-sort=name
+local-time=0
+strict-export=git-daemon-export-ok
+remove-suffix=1
+side-by-side-diffs=0
+section-sort=1
+section-from-path=1
+
+cache-size=0
+
+about-filter=/usr/local/lib/cgit/filters/about-formatting-edited.sh
+source-filter=/usr/local/lib/cgit/filters/syntax-highlighting-edited.sh
+
+snapshots=tar.zst tar.gz tar.bz2 tar.xz zip
+max-stats=year
+
+readme=:README.md
+readme=:readme.md
+readme=:README.org
+readme=:readme.org
+readme=:README.mkd
+readme=:readme.mkd
+readme=:README.html
+readme=:readme.html
+readme=:README.htm
+readme=:readme.htm
+readme=:README.txt
+readme=:readme.txt
+readme=:README
+readme=:readme
+readme=:INSTALL.md
+readme=:install.md
+readme=:INSTALL.org
+readme=:install.org
+readme=:INSTALL.mkd
+readme=:install.mkd
+readme=:INSTALL.html
+readme=:install.html
+readme=:INSTALL.htm
+readme=:install.htm
+readme=:INSTALL.txt
+readme=:install.txt
+readme=:INSTALL
+readme=:install
+
+scan-path=/var/mnt/git
diff --git a/var/jail/www/usr/local/etc/nginx/nginx.conf b/var/jail/www/usr/local/etc/nginx/nginx.conf
new file mode 100644
index 0000000..869ff4d
--- /dev/null
+++ b/var/jail/www/usr/local/etc/nginx/nginx.conf
@@ -0,0 +1,144 @@
+worker_processes  1;
+
+events {
+	worker_connections  1024;
+}
+
+http {
+	include			mime.types;
+	default_type		application/octet-stream;
+	sendfile		on;
+	keepalive_timeout	65;
+	gzip			on;
+	gzip_vary		on;
+ 	gzip_min_length		1k;
+ 	gzip_proxied		expired no-cache no-store private auth;
+ 	gzip_buffers		4 16k;
+ 	gzip_http_version	1.1;
+ 	gzip_comp_level		2;
+ 	gzip_types		text/plain application/x-javascript application/javascript text/css application/xml application/json;
+
+	map $sent_http_content_type $expires {
+		default                    off;
+		text/css                   15m;
+		application/javascript     15m;
+		~image/                    15m;
+	}
+
+# JOZAN
+
+	server{
+		server_name  jozan.org;
+		root   /var/www/joe;
+		index  index.html;
+		expires $expires;
+
+		location / {
+			try_files $uri $uri/ =404;
+		} 
+		location ~ /\.ht {
+			deny all;
+		}
+		location ~ \.cgi$ {
+			include		fastcgi_params;
+			fastcgi_param   SCRIPT_FILENAME $document_root/asm-example.cgi;
+			fastcgi_param   PATH_INFO       $uri;
+			fastcgi_param   HTTP_HOST       $server_name;
+			fastcgi_pass    unix:/var/run/fcgiwrap/fcgiwrap.sock;
+		}
+		error_page  403 /403.html;
+		location = /403.html {
+			root /var/www/joe/err;
+		}
+		error_page  404 /404.html;
+		location = /404.html {
+			root /var/www/joe/err;
+		}
+		error_page   500 502 503 504  /50x.html;
+		location = /50x.html {
+			root   /usr/local/www/nginx-dist;
+		}
+	
+    listen 443 ssl; # managed by Certbot
+    ssl_certificate /usr/local/etc/letsencrypt/live/jozan.org/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /usr/local/etc/letsencrypt/live/jozan.org/privkey.pem; # managed by Certbot
+    include /usr/local/etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /usr/local/etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+
+
+}
+
+# GITJOE
+
+	server {
+		server_name gitjoe.xyz;
+		root /var/www/gitjoe;
+		try_files $uri @cgit;
+		index cgit.cgi;
+
+		location @cgit {
+			include		fastcgi_params;
+			fastcgi_param   SCRIPT_FILENAME $document_root/cgit.cgi;
+			fastcgi_param   PATH_INFO       $uri;
+			fastcgi_param   QUERY_STRING    $args;
+			fastcgi_param   HTTP_HOST       $server_name;
+			fastcgi_param   CGIT_CONFIG	/usr/local/etc/cgitrc;
+			fastcgi_pass    unix:/var/run/fcgiwrap/fcgiwrap.sock;
+
+			gzip off;
+			rewrite ^/([^/]+/.*)?$ /cgit.cgi?url=$1 break;
+		}
+		error_page   500 502 503 504  /50x.html;
+		location = /50x.html {
+			root   /usr/local/www/nginx-dist;
+		}
+
+	listen 443 ssl;
+
+    ssl_certificate /usr/local/etc/letsencrypt/live/jozan.org/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /usr/local/etc/letsencrypt/live/jozan.org/privkey.pem; # managed by Certbot
+}
+
+# REDIRECT 80 to 443
+
+server{
+    if ($host = jozan.org) {
+        return 301 https://$host$request_uri;
+    }
+
+
+    if ($host = www.jozanofastora.xyz) {
+        return 301 https://$host$request_uri;
+    } # managed by Certbot
+
+
+    if ($host = jozanofastora.xyz) {
+        return 301 https://$host$request_uri;
+    } # managed by Certbot
+
+
+    if ($host = www.jozan.org) {
+        return 301 https://$host$request_uri;
+    } # managed by Certbot
+
+    if ($host = gitjoe.xyz) {
+        return 301 https://$host$request_uri;
+    } # managed by Certbot
+
+	server_name  jozan.org www.jozan.org jozanofastora.xyz www.jozanofastora.xyz gitjoe.xyz;
+    listen 80;
+    return 404;
+}
+
+# REDIRECT 443 to JOZAN 443
+
+server{
+	listen 443 ssl;
+	server_name www.jozan.org jozanofastora.xyz www.jozanofastora.xyz;
+	return 301 $scheme://jozan.org$request_uri;
+    ssl_certificate /usr/local/etc/letsencrypt/live/jozan.org/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /usr/local/etc/letsencrypt/live/jozan.org/privkey.pem; # managed by Certbot
+    include /usr/local/etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /usr/local/etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+}
+}
diff --git a/var/jail/www/usr/local/lib/cgit/filters/about-formatting-edited.sh b/var/jail/www/usr/local/lib/cgit/filters/about-formatting-edited.sh
new file mode 100755
index 0000000..cf1140e
--- /dev/null
+++ b/var/jail/www/usr/local/lib/cgit/filters/about-formatting-edited.sh
@@ -0,0 +1,28 @@
+#!/bin/sh
+
+# This may be used with the about-filter or repo.about-filter setting in cgitrc.
+# It passes formatting of about pages to differing programs, depending on the usage.
+
+# Markdown support requires python and markdown-python.
+# RestructuredText support requires python and docutils.
+# Man page support requires groff.
+
+# The following environment variables can be used to retrieve the configuration
+# of the repository for which this script is called:
+# CGIT_REPO_URL        ( = repo.url       setting )
+# CGIT_REPO_NAME       ( = repo.name      setting )
+# CGIT_REPO_PATH       ( = repo.path      setting )
+# CGIT_REPO_OWNER      ( = repo.owner     setting )
+# CGIT_REPO_DEFBRANCH  ( = repo.defbranch setting )
+# CGIT_REPO_SECTION    ( = section        setting )
+# CGIT_REPO_CLONE_URL  ( = repo.clone-url setting )
+
+cd "$(dirname $0)/html-converters/"
+case "$(printf '%s' "$1" | tr '[:upper:]' '[:lower:]')" in
+	*.org) exec ./org2html; ;;
+	*.markdown|*.mdown|*.md|*.mkd) exec ./md2html; ;;
+	*.rst) exec ./rst2html; ;;
+	*.[1-9]) exec ./man2html; ;;
+	*.htm|*.html) exec cat; ;;
+	*.txt|*) exec ./txt2html; ;;
+esac
diff --git a/var/jail/www/usr/local/lib/cgit/filters/html-converters/md2html b/var/jail/www/usr/local/lib/cgit/filters/html-converters/md2html
new file mode 100755
index 0000000..a4a43ff
--- /dev/null
+++ b/var/jail/www/usr/local/lib/cgit/filters/html-converters/md2html
@@ -0,0 +1,307 @@
+#!/usr/local/bin/python3.9
+import markdown
+import sys
+import io
+from pygments.formatters import HtmlFormatter
+from markdown.extensions.toc import TocExtension
+sys.stdin = io.TextIOWrapper(sys.stdin.buffer, encoding='utf-8')
+sys.stdout = io.TextIOWrapper(sys.stdout.buffer, encoding='utf-8')
+sys.stdout.write('''
+<style>
+.markdown-body {
+    font-size: 14px;
+    line-height: 1.6;
+    overflow: hidden;
+}
+.markdown-body>*:first-child {
+    margin-top: 0 !important;
+}
+.markdown-body>*:last-child {
+    margin-bottom: 0 !important;
+}
+.markdown-body a.absent {
+    color: #c00;
+}
+.markdown-body a.anchor {
+    display: block;
+    padding-left: 30px;
+    margin-left: -30px;
+    cursor: pointer;
+    position: absolute;
+    top: 0;
+    left: 0;
+    bottom: 0;
+}
+.markdown-body h1, .markdown-body h2, .markdown-body h3, .markdown-body h4, .markdown-body h5, .markdown-body h6 {
+    margin: 20px 0 10px;
+    padding: 0;
+    font-weight: bold;
+    -webkit-font-smoothing: antialiased;
+    cursor: text;
+    position: relative;
+}
+.markdown-body h1 .mini-icon-link, .markdown-body h2 .mini-icon-link, .markdown-body h3 .mini-icon-link, .markdown-body h4 .mini-icon-link, .markdown-body h5 .mini-icon-link, .markdown-body h6 .mini-icon-link {
+    display: none;
+    color: #000;
+}
+.markdown-body h1:hover a.anchor, .markdown-body h2:hover a.anchor, .markdown-body h3:hover a.anchor, .markdown-body h4:hover a.anchor, .markdown-body h5:hover a.anchor, .markdown-body h6:hover a.anchor {
+    text-decoration: none;
+    line-height: 1;
+    padding-left: 0;
+    margin-left: -22px;
+    top: 15%;
+}
+.markdown-body h1:hover a.anchor .mini-icon-link, .markdown-body h2:hover a.anchor .mini-icon-link, .markdown-body h3:hover a.anchor .mini-icon-link, .markdown-body h4:hover a.anchor .mini-icon-link, .markdown-body h5:hover a.anchor .mini-icon-link, .markdown-body h6:hover a.anchor .mini-icon-link {
+    display: inline-block;
+}
+div#cgit .markdown-body h1 a.toclink, div#cgit .markdown-body h2 a.toclink, div#cgit .markdown-body h3 a.toclink, div#cgit .markdown-body h4 a.toclink, div#cgit .markdown-body h5 a.toclink, div#cgit .markdown-body h6 a.toclink {
+    color: black;
+}
+.markdown-body h1 tt, .markdown-body h1 code, .markdown-body h2 tt, .markdown-body h2 code, .markdown-body h3 tt, .markdown-body h3 code, .markdown-body h4 tt, .markdown-body h4 code, .markdown-body h5 tt, .markdown-body h5 code, .markdown-body h6 tt, .markdown-body h6 code {
+    font-size: inherit;
+}
+.markdown-body h1 {
+    font-size: 28px;
+    color: #000;
+}
+.markdown-body h2 {
+    font-size: 24px;
+    border-bottom: 1px solid #ccc;
+    color: #000;
+}
+.markdown-body h3 {
+    font-size: 18px;
+}
+.markdown-body h4 {
+    font-size: 16px;
+}
+.markdown-body h5 {
+    font-size: 14px;
+}
+.markdown-body h6 {
+    color: #777;
+    font-size: 14px;
+}
+.markdown-body p, .markdown-body blockquote, .markdown-body ul, .markdown-body ol, .markdown-body dl, .markdown-body table, .markdown-body pre {
+    margin: 15px 0;
+}
+.markdown-body hr {
+    background: transparent url("/dirty-shade.png") repeat-x 0 0;
+    border: 0 none;
+    color: #ccc;
+    height: 4px;
+    padding: 0;
+}
+.markdown-body>h2:first-child, .markdown-body>h1:first-child, .markdown-body>h1:first-child+h2, .markdown-body>h3:first-child, .markdown-body>h4:first-child, .markdown-body>h5:first-child, .markdown-body>h6:first-child {
+    margin-top: 0;
+    padding-top: 0;
+}
+.markdown-body a:first-child h1, .markdown-body a:first-child h2, .markdown-body a:first-child h3, .markdown-body a:first-child h4, .markdown-body a:first-child h5, .markdown-body a:first-child h6 {
+    margin-top: 0;
+    padding-top: 0;
+}
+.markdown-body h1+p, .markdown-body h2+p, .markdown-body h3+p, .markdown-body h4+p, .markdown-body h5+p, .markdown-body h6+p {
+    margin-top: 0;
+}
+.markdown-body li p.first {
+    display: inline-block;
+}
+.markdown-body ul, .markdown-body ol {
+    padding-left: 30px;
+}
+.markdown-body ul.no-list, .markdown-body ol.no-list {
+    list-style-type: none;
+    padding: 0;
+}
+.markdown-body ul li>:first-child, .markdown-body ul li ul:first-of-type, .markdown-body ul li ol:first-of-type, .markdown-body ol li>:first-child, .markdown-body ol li ul:first-of-type, .markdown-body ol li ol:first-of-type {
+    margin-top: 0px;
+}
+.markdown-body ul li p:last-of-type, .markdown-body ol li p:last-of-type {
+    margin-bottom: 0;
+}
+.markdown-body ul ul, .markdown-body ul ol, .markdown-body ol ol, .markdown-body ol ul {
+    margin-bottom: 0;
+}
+.markdown-body dl {
+    padding: 0;
+}
+.markdown-body dl dt {
+    font-size: 14px;
+    font-weight: bold;
+    font-style: italic;
+    padding: 0;
+    margin: 15px 0 5px;
+}
+.markdown-body dl dt:first-child {
+    padding: 0;
+}
+.markdown-body dl dt>:first-child {
+    margin-top: 0px;
+}
+.markdown-body dl dt>:last-child {
+    margin-bottom: 0px;
+}
+.markdown-body dl dd {
+    margin: 0 0 15px;
+    padding: 0 15px;
+}
+.markdown-body dl dd>:first-child {
+    margin-top: 0px;
+}
+.markdown-body dl dd>:last-child {
+    margin-bottom: 0px;
+}
+.markdown-body blockquote {
+    border-left: 4px solid #DDD;
+    padding: 0 15px;
+    color: #777;
+}
+.markdown-body blockquote>:first-child {
+    margin-top: 0px;
+}
+.markdown-body blockquote>:last-child {
+    margin-bottom: 0px;
+}
+.markdown-body table th {
+    font-weight: bold;
+}
+.markdown-body table th, .markdown-body table td {
+    border: 1px solid #ccc;
+    padding: 6px 13px;
+}
+.markdown-body table tr {
+    border-top: 1px solid #ccc;
+    background-color: #fff;
+}
+.markdown-body table tr:nth-child(2n) {
+    background-color: #f8f8f8;
+}
+.markdown-body img {
+    max-width: 100%;
+    -moz-box-sizing: border-box;
+    box-sizing: border-box;
+}
+.markdown-body span.frame {
+    display: block;
+    overflow: hidden;
+}
+.markdown-body span.frame>span {
+    border: 1px solid #ddd;
+    display: block;
+    float: left;
+    overflow: hidden;
+    margin: 13px 0 0;
+    padding: 7px;
+    width: auto;
+}
+.markdown-body span.frame span img {
+    display: block;
+    float: left;
+}
+.markdown-body span.frame span span {
+    clear: both;
+    color: #333;
+    display: block;
+    padding: 5px 0 0;
+}
+.markdown-body span.align-center {
+    display: block;
+    overflow: hidden;
+    clear: both;
+}
+.markdown-body span.align-center>span {
+    display: block;
+    overflow: hidden;
+    margin: 13px auto 0;
+    text-align: center;
+}
+.markdown-body span.align-center span img {
+    margin: 0 auto;
+    text-align: center;
+}
+.markdown-body span.align-right {
+    display: block;
+    overflow: hidden;
+    clear: both;
+}
+.markdown-body span.align-right>span {
+    display: block;
+    overflow: hidden;
+    margin: 13px 0 0;
+    text-align: right;
+}
+.markdown-body span.align-right span img {
+    margin: 0;
+    text-align: right;
+}
+.markdown-body span.float-left {
+    display: block;
+    margin-right: 13px;
+    overflow: hidden;
+    float: left;
+}
+.markdown-body span.float-left span {
+    margin: 13px 0 0;
+}
+.markdown-body span.float-right {
+    display: block;
+    margin-left: 13px;
+    overflow: hidden;
+    float: right;
+}
+.markdown-body span.float-right>span {
+    display: block;
+    overflow: hidden;
+    margin: 13px auto 0;
+    text-align: right;
+}
+.markdown-body code, .markdown-body tt {
+    margin: 0 2px;
+    padding: 0px 5px;
+    border: 1px solid #eaeaea;
+    background-color: #f8f8f8;
+    border-radius: 3px;
+}
+.markdown-body code {
+    white-space: nowrap;
+}
+.markdown-body pre>code {
+    margin: 0;
+    padding: 0;
+    white-space: pre;
+    border: none;
+    background: transparent;
+}
+.markdown-body .highlight pre, .markdown-body pre {
+    background-color: #f8f8f8;
+    border: 1px solid #ccc;
+    font-size: 13px;
+    line-height: 19px;
+    overflow: auto;
+    padding: 6px 10px;
+    border-radius: 3px;
+}
+.markdown-body pre code, .markdown-body pre tt {
+    margin: 0;
+    padding: 0;
+    background-color: transparent;
+    border: none;
+}
+''')
+sys.stdout.write(HtmlFormatter(style='pastie').get_style_defs('.highlight'))
+sys.stdout.write('''
+</style>   
+''')
+sys.stdout.write("<div class='markdown-body'>")
+sys.stdout.flush()
+# Note: you may want to run this through bleach for sanitization
+markdown.markdownFromFile(
+	output_format="html5",
+	extensions=[
+		"markdown.extensions.fenced_code",
+		"markdown.extensions.codehilite",
+		"markdown.extensions.tables",
+		TocExtension(anchorlink=True)],
+	extension_configs={
+		"markdown.extensions.codehilite":{"css_class":"highlight"}})
+sys.stdout.write("</div>")
diff --git a/var/jail/www/usr/local/lib/cgit/filters/html-converters/org2html b/var/jail/www/usr/local/lib/cgit/filters/html-converters/org2html
new file mode 100755
index 0000000..e9c3b44
--- /dev/null
+++ b/var/jail/www/usr/local/lib/cgit/filters/html-converters/org2html
@@ -0,0 +1,2 @@
+#!/bin/sh
+pandoc -forg -tgfm | ./md2html
diff --git a/var/jail/www/usr/local/lib/cgit/filters/syntax-highlighting-edited.sh b/var/jail/www/usr/local/lib/cgit/filters/syntax-highlighting-edited.sh
new file mode 100755
index 0000000..3de95fa
--- /dev/null
+++ b/var/jail/www/usr/local/lib/cgit/filters/syntax-highlighting-edited.sh
@@ -0,0 +1,121 @@
+#!/bin/sh
+# This script can be used to implement syntax highlighting in the cgit
+# tree-view by referring to this file with the source-filter or repo.source-
+# filter options in cgitrc.
+#
+# This script requires a shell supporting the ${var##pattern} syntax.
+# It is supported by at least dash and bash, however busybox environments
+# might have to use an external call to sed instead.
+#
+# Note: the highlight command (http://www.andre-simon.de/) uses css for syntax
+# highlighting, so you'll probably want something like the following included
+# in your css file:
+#
+# Style definition file generated by highlight 2.4.8, http://www.andre-simon.de/
+#
+# table.blob .num  { color:#2928ff; }
+# table.blob .esc  { color:#ff00ff; }
+# table.blob .str  { color:#ff0000; }
+# table.blob .dstr { color:#818100; }
+# table.blob .slc  { color:#838183; font-style:italic; }
+# table.blob .com  { color:#838183; font-style:italic; }
+# table.blob .dir  { color:#008200; }
+# table.blob .sym  { color:#000000; }
+# table.blob .kwa  { color:#000000; font-weight:bold; }
+# table.blob .kwb  { color:#830000; }
+# table.blob .kwc  { color:#000000; font-weight:bold; }
+# table.blob .kwd  { color:#010181; }
+#
+#
+# Style definition file generated by highlight 2.6.14, http://www.andre-simon.de/
+#
+# body.hl  { background-color:#ffffff; }
+# pre.hl   { color:#000000; background-color:#ffffff; font-size:10pt; font-family:'Courier New';}
+# .hl.num  { color:#2928ff; }
+# .hl.esc  { color:#ff00ff; }
+# .hl.str  { color:#ff0000; }
+# .hl.dstr { color:#818100; }
+# .hl.slc  { color:#838183; font-style:italic; }
+# .hl.com  { color:#838183; font-style:italic; }
+# .hl.dir  { color:#008200; }
+# .hl.sym  { color:#000000; }
+# .hl.line { color:#555555; }
+# .hl.mark { background-color:#ffffbb;}
+# .hl.kwa  { color:#000000; font-weight:bold; }
+# .hl.kwb  { color:#830000; }
+# .hl.kwc  { color:#000000; font-weight:bold; }
+# .hl.kwd  { color:#010181; }
+#
+#
+# Style definition file generated by highlight 3.8, http://www.andre-simon.de/
+#
+# body.hl { background-color:#e0eaee; }
+# pre.hl  { color:#000000; background-color:#e0eaee; font-size:10pt; font-family:'Courier New';}
+# .hl.num { color:#b07e00; }
+# .hl.esc { color:#ff00ff; }
+# .hl.str { color:#bf0303; }
+# .hl.pps { color:#818100; }
+# .hl.slc { color:#838183; font-style:italic; }
+# .hl.com { color:#838183; font-style:italic; }
+# .hl.ppc { color:#008200; }
+# .hl.opt { color:#000000; }
+# .hl.lin { color:#555555; }
+# .hl.kwa { color:#000000; font-weight:bold; }
+# .hl.kwb { color:#0057ae; }
+# .hl.kwc { color:#000000; font-weight:bold; }
+# .hl.kwd { color:#010181; }
+#
+#
+# Style definition file generated by highlight 3.13, http://www.andre-simon.de/
+#
+# body.hl { background-color:#e0eaee; }
+# pre.hl  { color:#000000; background-color:#e0eaee; font-size:10pt; font-family:'Courier New',monospace;}
+# .hl.num { color:#b07e00; }
+# .hl.esc { color:#ff00ff; }
+# .hl.str { color:#bf0303; }
+# .hl.pps { color:#818100; }
+# .hl.slc { color:#838183; font-style:italic; }
+# .hl.com { color:#838183; font-style:italic; }
+# .hl.ppc { color:#008200; }
+# .hl.opt { color:#000000; }
+# .hl.ipl { color:#0057ae; }
+# .hl.lin { color:#555555; }
+# .hl.kwa { color:#000000; font-weight:bold; }
+# .hl.kwb { color:#0057ae; }
+# .hl.kwc { color:#000000; font-weight:bold; }
+# .hl.kwd { color:#010181; }
+#
+#
+# The following environment variables can be used to retrieve the configuration
+# of the repository for which this script is called:
+# CGIT_REPO_URL        ( = repo.url       setting )
+# CGIT_REPO_NAME       ( = repo.name      setting )
+# CGIT_REPO_PATH       ( = repo.path      setting )
+# CGIT_REPO_OWNER      ( = repo.owner     setting )
+# CGIT_REPO_DEFBRANCH  ( = repo.defbranch setting )
+# CGIT_REPO_SECTION    ( = section        setting )
+# CGIT_REPO_CLONE_URL  ( = repo.clone-url setting )
+#
+
+# store filename and extension in local vars
+BASENAME="$1"
+EXTENSION="${BASENAME##*.}"
+
+[ "${BASENAME}" = "${EXTENSION}" ] && EXTENSION=txt
+[ -z "${EXTENSION}" ] && EXTENSION=txt
+
+# map Makefile and Makefile.* to .mk
+[ "${BASENAME%%.*}" = "Makefile" ] && EXTENSION=mk
+
+# highlight versions 2 and 3 have different commandline options. Specifically,
+# the -X option that is used for version 2 is replaced by the -O xhtml option
+# for version 3.
+#
+# Version 2 can be found (for example) on EPEL 5, while version 3 can be
+# found (for example) on EPEL 6.
+#
+# This is for version 2
+#exec highlight --force -f -I -X -S "$EXTENSION" 2>/dev/null
+
+# This is for version 3
+exec highlight --force --inline-css -f -I -O xhtml -S "$EXTENSION" 2>/dev/null
-- 
cgit v1.2.3