initial import

bin/closehome.sh

@@ -0,0 +1,21 @@
+#!/usr/bin/env bash
+
+_LUKS=chome
+_MOUNT=/home
+
+# mount
+if mountpoint -q ${_MOUNT}; then
+  sudo umount ${_MOUNT}
+  if mountpoint -q ${_MOUNT}; then
+    echo "umount failed"
+    exit 1
+  fi
+fi
+# LUKS
+if [[ -e /dev/mapper/${_LUKS} ]]; then
+  sudo cryptsetup luksClose ${_LUKS}
+  if [[ -e /dev/mapper/${_LUKS} ]]; then
+    echo "luksClose failed"
+    exit 1
+  fi
+fi

bin/d11add.sh

@@ -0,0 +1,20 @@
+#!/bin/sh
+#
+# run after a Debian minimal install w/SSH server
+
+apt-get update
+
+echo "iptables-persistent iptables-persistent/autosave_v4 boolean true" | debconf-set-selections
+echo "iptables-persistent iptables-persistent/autosave_v6 boolean true" | debconf-set-selections
+echo "unattended-upgrades unattended-upgrades/enable_auto_updates boolean true" | debconf-set-selections
+
+apt-get install \
+  aptitude bc binutils build-essential cryptsetup curl dnsmasq dnsutils \
+  dosfstools exfatprogs gdisk git gpg iptables-persistent keyutils lm-sensors \
+  mutt ncat net-tools parted pigz pinentry-tty psmisc rclone rsync sqlite3 \
+  strace sudo tmux unattended-upgrades unzip vim-nox whois zip
+
+apt-get install --no-install-recommends smem
+
+systemctl disable bluetooth.service remote-fs.target rsync.service
+systemctl enable unattended-upgrades netfilter-persistent

bin/debup.sh

@@ -0,0 +1,35 @@
+#!/usr/bin/env bash
+
+echo "Clearing journald > 30 days"
+sudo journalctl --vacuum-time=30d
+
+echo "Applying system upgrades"
+sudo apt-get update
+sudo apt-get autoclean
+sudo apt-get upgrade
+
+## rclone in LTS is too old
+function upgrade_rclone() {
+  echo "Checking rclone..."
+  # get installed version
+  _LOCAL=$(dpkg-query --showformat='${Version}' --show rclone)
+
+  # get latest version, strip leading "v" (v1.55.1 -> 1.55.1)
+  _REMOTE=$(curl -s "https://api.github.com/repos/rclone/rclone/releases/latest" | grep -Po '"tag_name": "\K.*?(?=")')
+  _REMOTE=${_REMOTE#v}
+
+  # bash doesn't see versions as numbers, but as strings
+  if [[ "${_LOCAL}" != "${_REMOTE}" ]]; then
+    echo "Upgrading rclone - installed ${_LOCAL}, latest ${_REMOTE}"
+    curl -o /tmp/rclone-latest.deb \
+      "https://downloads.rclone.org/rclone-current-linux-amd64.deb"
+    if [[ $? -eq 0 ]]; then
+      sudo apt-get install /tmp/rclone-latest.deb
+      rm -f /tmp/rclone-latest.deb
+    fi
+  else
+    echo "Installed rclone is the latest - ${_LOCAL}"
+  fi
+}
+
+upgrade_rclone

bin/localbak.sh

@@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+#
+# ensure pinentry-tty is installed
+
+DTS=$(date "+%Y%m%d%H%M")
+TGZ="bkp/syslocal-${DTS}.tgz"
+TGT="remote:"
+
+cd "${HOME}" || exit 1
+[[ -d system ]] || exit 1
+[[ -d bkp ]] || exit 1
+
+echo "Creating ${TGZ} ..."
+tar -czf "${TGZ}" system/*
+echo "Encrypting ${TGZ} ..."
+gpg -c "${TGZ}"
+echo "Removing unencrypted ${TGZ} ..."
+rm -v "${TGZ}"
+echo "Syncing backups..."
+rclone -PL sync bkp/ "${TGT}"

bin/openhome.sh

@@ -0,0 +1,38 @@
+#!/usr/bin/env bash
+#
+# /dev/sda2 -> /home
+# installed packages: cryptsetup keyutils
+# loaded modules: dm_crypt
+#
+# prep/test:
+#  cryptsetup -h sha256 -c aes-xts-plain64 -s 512 luksFormat /dev/sda2
+#  cryptsetup luksOpen /dev/sda2 chome
+#  mkfs.ext4 -E lazy_itable_init=0,lazy_journal_init=0 /dev/mapper/chome
+#  touch /home/.undermnt
+#  mount /dev/mapper/chome /home
+#  umount /home
+#  cryptsetup luksClose cdata
+
+_DEV=/dev/sda2
+_LUKS=chome
+_MOUNT=/home
+
+# LUKS
+if [[ ! -e /dev/mapper/${_LUKS} ]]; then
+  sudo cryptsetup luksOpen ${_DEV} ${_LUKS}
+fi
+# mount
+if [[ ! -e /dev/mapper/${_LUKS} ]]; then
+  echo "luksOpen failed"
+  exit 1
+else
+  if ! mountpoint -q ${_MOUNT}; then
+    sudo mount /dev/mapper/${_LUKS} ${_MOUNT}
+  fi
+fi
+# verify
+if mountpoint -q ${_MOUNT}; then
+  df -h ${_MOUNT}
+else
+  echo "mount failed"
+fi

etc/apt/apt.conf.d/01clean

@@ -0,0 +1,6 @@
+// keep /var/cache/apt clean
+
+APT::Clean-Installed "true";
+APT::Keep-Downloaded-Packages "false";
+APT::Get::Install-Recommends "false";
+APT::Get::Install-Suggests "false";

etc/apt/apt.conf.d/02periodic

@@ -0,0 +1,7 @@
+// used with unattended-upgrades
+
+APT::Periodic::Enable "1";
+APT::Periodic::Update-Package-Lists "1";
+APT::Periodic::Download-Upgradeable-Packages "1";
+APT::Periodic::AutocleanInterval "5";
+APT::Periodic::Unattended-Upgrade "1";

etc/default/grub.txt

@@ -0,0 +1,15 @@
+# disable mitigations, audit
+
+GRUB_CMDLINE_LINUX="mitigations=off audit=0 quiet"
+
+# set resume partition (swap) for a laptop
+
+GRUB_CMDLINE_LINUX="resume=UUID=11111111-aaaa-2222-bbbb-333333333333"
+
+# disable AMD switchable graphics (run with pure Intel)
+
+GRUB_CMDLINE_LINUX="modprobe.blacklist=amdgpu,radeon"
+
+# various amdgpu/radeon possible tweaks cheatsheet
+
+GRUB_CMDLINE_LINUX="amdgpu.si_support=1 amdgpu.dpm=0 amdgpu.runpm=0 amdgpu.aspm=0 amdgpu.bapm=0 radeon.si_support=0"

etc/dnsmasq.d/local.conf

@@ -0,0 +1,11 @@
+# /etc/dnsmasq.d/local.conf
+#
+# some distros will require you to uncomment in /etc/dnsmasq.conf:
+#  conf-dir=/etc/dnsmasq.d
+
+listen-address=127.0.0.1
+no-resolv
+no-poll
+server=8.8.8.8
+server=1.1.1.1
+server=9.9.9.10

etc/iptables/rules.v4

@@ -0,0 +1,11 @@
+*filter
+:INPUT ACCEPT [0:0]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
+-A INPUT -p icmp -j ACCEPT
+-A INPUT -i lo -j ACCEPT
+-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
+-A INPUT -j REJECT --reject-with icmp-host-prohibited
+-A FORWARD -j REJECT --reject-with icmp-host-prohibited
+COMMIT

etc/iptables/rules.v6

@@ -0,0 +1,11 @@
+*filter
+:INPUT ACCEPT [0:0]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
+-A INPUT -p ipv6-icmp -j ACCEPT
+-A INPUT -i lo -j ACCEPT
+-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
+-A INPUT -j REJECT --reject-with icmp6-adm-prohibited
+-A FORWARD -j REJECT --reject-with icmp6-adm-prohibited
+COMMIT

etc/modprobe.d/amdgpu.conf

@@ -0,0 +1,3 @@
+# blacklist amdgpu module
+
+blacklist amdgpu

etc/modprobe.d/iwlwifi.conf

@@ -0,0 +1,3 @@
+# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969264
+
+options iwlwifi enable_ini=N

etc/modprobe.d/mac80211.conf

@@ -0,0 +1,3 @@
+# https://bugzilla.kernel.org/show_bug.cgi?id=203709
+
+options mac80211 beacon_loss_count=50 probe_wait_ms=5000

etc/modprobe.d/radeon.conf

@@ -0,0 +1,3 @@
+# blacklist radeon module
+
+blacklist radeon

etc/modprobe.d/snd-intel.conf

@@ -0,0 +1,3 @@
+# disable intel sound module from going into low-power mode
+
+options snd-hda-intel power_save=0 power_save_controller=N

etc/network/interfaces.d/wlp2s0

@@ -0,0 +1,10 @@
+# use 'wpa_passphrase <ssid> <psk> >> <this file>' to get wpa-psk
+
+auto wlp2s0
+iface wlp2s0 inet static
+    wpa-ssid <ssid>
+    wpa-psk  <encoded string>
+    address  192.168.1.21
+    netmask  255.255.255.0
+    gateway  192.168.1.1
+    dns-nameservers 8.8.8.8 1.1.1.1 192.168.12.1

etc/systemd/journald.conf.d/logtime.conf

@@ -0,0 +1,4 @@
+# reduce time journald keeps logs
+
+[Journal]
+MaxRetentionSec=1week

etc/systemd/logind.conf.d/killprocs.conf

@@ -0,0 +1,4 @@
+# kill user processes on logout
+
+[Login]
+KillUserProcesses=yes

etc/systemd/logind.conf.d/laptoplid.conf

@@ -0,0 +1,7 @@
+# disable laptop lid switch handling
+# (laptop as always-on server)
+
+[Login]
+HandleLidSwitch=ignore
+HandleLidSwitchExternalPower=ignore
+HandleLidSwitchDocked=ignore

etc/udev/rules.d/61-rfkill.rules

@@ -0,0 +1,16 @@
+# Set ACLs for console users on /dev/rfkill
+# http://anonscm.debian.org/viewvc/pkg-gnome/desktop/unstable/gnome-bluetooth/debian/61-gnome-bluetooth-rfkill.rules?view=markup
+# This is necessary until a daemon can properly handle access to the
+# kill switch
+# http://bugs.debian.org/563902
+# https://bugzilla.redhat.com/show_bug.cgi?id=514798
+
+# logind
+# https://bugzilla.redhat.com/show_bug.cgi?id=733326
+KERNEL=="rfkill", SUBSYSTEM=="misc", TAG+="uaccess"
+
+# ConsoleKit
+ENV{ACL_MANAGE}=="0", GOTO="rfkill_bluetooth_end"
+ACTION!="add|change", GOTO="rfkill_bluetooth_end"
+KERNEL=="rfkill", SUBSYSTEM=="misc", TAG+="udev-acl"
+LABEL="rfkill_bluetooth_end"

etc/udev/rules.d/99-hide-partitions.rules

@@ -0,0 +1,4 @@
+# hide a system partition, such as Windows, from Linux desktops (udisks)
+
+KERNEL=="sda1",ENV{UDISKS_IGNORE}="1"
+KERNEL=="sda2",ENV{UDISKS_IGNORE}="1"

etc/zabbix/README.md

@@ -0,0 +1,7 @@
+## zabbix active
+
+These configs are for running Zabbix server in "active mode", where the agents phone home instead of the server reaching out to poll them ("passive").
+
+This lessons the load on poller processes the server needs to run and manage; if a client does not phone home within X amount of time after first contact, an alert is raised. Clients use a PSK that must be first configured in the server.
+
+The server must allow the clients to connect inbound to the port (iptables, etc.) but the clients do not need any firewall rules for the server to connect to them.

etc/zabbix/userparameter_md.conf

@@ -0,0 +1,4 @@
+UserParameter=md.discover,ls /sys/class/block | awk 'BEGIN{printf "{\"data\":["}; /^md[0-9]+$/ {printf c"{\"{#MDNAME}\":\""$1"\"}";c=","}; END{print "]}"}'
+UserParameter=md.degraded[*],cat /sys/block/$1/md/degraded
+UserParameter=md.sync_action[*],cat /sys/block/$1/md/sync_action
+UserParameter=md.raid_disks[*],cat /sys/block/$1/md/raid_disks

etc/zabbix/zabbix_agentd.conf-deb

@@ -0,0 +1,406 @@
+# This is a configuration file for Zabbix agent daemon (Unix)
+# To get more information about Zabbix, visit http://www.zabbix.com
+
+############ GENERAL PARAMETERS #################
+
+### Option: PidFile
+#	Name of PID file.
+#
+# Mandatory: no
+# Default:
+# PidFile=/tmp/zabbix_agentd.pid
+
+PidFile=/var/run/zabbix/zabbix_agentd.pid
+
+### Option: LogType
+#	Specifies where log messages are written to:
+#		system  - syslog
+#		file    - file specified with LogFile parameter
+#		console - standard output
+#
+# Mandatory: no
+# Default:
+# LogType=file
+
+### Option: LogFile
+#	Log file name for LogType 'file' parameter.
+#
+# Mandatory: no
+# Default:
+# LogFile=
+
+LogFile=/var/log/zabbix/zabbix_agentd.log
+
+### Option: LogFileSize
+#	Maximum size of log file in MB.
+#	0 - disable automatic log rotation.
+#
+# Mandatory: no
+# Range: 0-1024
+# Default:
+# LogFileSize=1
+
+LogFileSize=0
+
+### Option: DebugLevel
+#	Specifies debug level:
+#	0 - basic information about starting and stopping of Zabbix processes
+#	1 - critical information
+#	2 - error information
+#	3 - warnings
+#	4 - for debugging (produces lots of information)
+#	5 - extended debugging (produces even more information)
+#
+# Mandatory: no
+# Range: 0-5
+# Default:
+# DebugLevel=3
+
+### Option: SourceIP
+#	Source IP address for outgoing connections.
+#
+# Mandatory: no
+# Default:
+# SourceIP=
+
+### Option: EnableRemoteCommands
+#	Whether remote commands from Zabbix server are allowed.
+#	0 - not allowed
+#	1 - allowed
+#
+# Mandatory: no
+# Default:
+# EnableRemoteCommands=0
+
+### Option: LogRemoteCommands
+#	Enable logging of executed shell commands as warnings.
+#	0 - disabled
+#	1 - enabled
+#
+# Mandatory: no
+# Default:
+# LogRemoteCommands=0
+
+##### Passive checks related
+
+### Option: Server
+#	List of comma delimited IP addresses, optionally in CIDR notation, or hostnames of Zabbix servers.
+#	Incoming connections will be accepted only from the hosts listed here.
+#	If IPv6 support is enabled then '127.0.0.1', '::127.0.0.1', '::ffff:127.0.0.1' are treated equally and '::/0' will allow any IPv4 or IPv6 address.
+#	'0.0.0.0/0' can be used to allow any IPv4 address.
+#	Example: Server=127.0.0.1,192.168.1.0/24,::1,2001:db8::/32,zabbix.domain
+#
+# Mandatory: no
+# Default:
+# Server=
+
+#Server=127.0.0.1
+
+### Option: ListenPort
+#	Agent will listen on this port for connections from the server.
+#
+# Mandatory: no
+# Range: 1024-32767
+# Default:
+# ListenPort=10050
+
+### Option: ListenIP
+#	List of comma delimited IP addresses that the agent should listen on.
+#	First IP address is sent to Zabbix server if connecting to it to retrieve list of active checks.
+#
+# Mandatory: no
+# Default:
+# ListenIP=0.0.0.0
+
+### Option: StartAgents
+#	Number of pre-forked instances of zabbix_agentd that process passive checks.
+#	If set to 0, disables passive checks and the agent will not listen on any TCP port.
+#
+# Mandatory: no
+# Range: 0-100
+# Default:
+# StartAgents=3
+
+StartAgents=0
+
+##### Active checks related
+
+### Option: ServerActive
+#	List of comma delimited IP:port (or hostname:port) pairs of Zabbix servers for active checks.
+#	If port is not specified, default port is used.
+#	IPv6 addresses must be enclosed in square brackets if port for that host is specified.
+#	If port is not specified, square brackets for IPv6 addresses are optional.
+#	If this parameter is not specified, active checks are disabled.
+#	Example: ServerActive=127.0.0.1:20051,zabbix.domain,[::1]:30051,::1,[12fc::1]
+#
+# Mandatory: no
+# Default:
+# ServerActive=
+
+ServerActive=111.222.111.222
+
+### Option: Hostname
+#	Unique, case sensitive hostname.
+#	Required for active checks and must match hostname as configured on the server.
+#	Value is acquired from HostnameItem if undefined.
+#
+# Mandatory: no
+# Default:
+# Hostname=
+
+Hostname=hostname.example.com
+
+### Option: HostnameItem
+#	Item used for generating Hostname if it is undefined. Ignored if Hostname is defined.
+#	Does not support UserParameters or aliases.
+#
+# Mandatory: no
+# Default:
+# HostnameItem=system.hostname
+
+### Option: HostMetadata
+#	Optional parameter that defines host metadata.
+#	Host metadata is used at host auto-registration process.
+#	An agent will issue an error and not start if the value is over limit of 255 characters.
+#	If not defined, value will be acquired from HostMetadataItem.
+#
+# Mandatory: no
+# Range: 0-255 characters
+# Default:
+# HostMetadata=
+
+### Option: HostMetadataItem
+#	Optional parameter that defines an item used for getting host metadata.
+#	Host metadata is used at host auto-registration process.
+#	During an auto-registration request an agent will log a warning message if
+#	the value returned by specified item is over limit of 255 characters.
+#	This option is only used when HostMetadata is not defined.
+#
+# Mandatory: no
+# Default:
+# HostMetadataItem=
+
+### Option: RefreshActiveChecks
+#	How often list of active checks is refreshed, in seconds.
+#
+# Mandatory: no
+# Range: 60-3600
+# Default:
+# RefreshActiveChecks=120
+
+### Option: BufferSend
+#	Do not keep data longer than N seconds in buffer.
+#
+# Mandatory: no
+# Range: 1-3600
+# Default:
+# BufferSend=5
+
+### Option: BufferSize
+#	Maximum number of values in a memory buffer. The agent will send
+#	all collected data to Zabbix Server or Proxy if the buffer is full.
+#
+# Mandatory: no
+# Range: 2-65535
+# Default:
+# BufferSize=100
+
+### Option: MaxLinesPerSecond
+#	Maximum number of new lines the agent will send per second to Zabbix Server
+#	or Proxy processing 'log' and 'logrt' active checks.
+#	The provided value will be overridden by the parameter 'maxlines',
+#	provided in 'log' or 'logrt' item keys.
+#
+# Mandatory: no
+# Range: 1-1000
+# Default:
+# MaxLinesPerSecond=20
+
+############ ADVANCED PARAMETERS #################
+
+### Option: Alias
+#	Sets an alias for an item key. It can be used to substitute long and complex item key with a smaller and simpler one.
+#	Multiple Alias parameters may be present. Multiple parameters with the same Alias key are not allowed.
+#	Different Alias keys may reference the same item key.
+#	For example, to retrieve the ID of user 'zabbix':
+#	Alias=zabbix.userid:vfs.file.regexp[/etc/passwd,^zabbix:.:([0-9]+),,,,\1]
+#	Now shorthand key zabbix.userid may be used to retrieve data.
+#	Aliases can be used in HostMetadataItem but not in HostnameItem parameters.
+#
+# Mandatory: no
+# Range:
+# Default:
+
+### Option: Timeout
+#	Spend no more than Timeout seconds on processing
+#
+# Mandatory: no
+# Range: 1-30
+# Default:
+# Timeout=3
+
+### Option: AllowRoot
+#	Allow the agent to run as 'root'. If disabled and the agent is started by 'root', the agent
+#	will try to switch to the user specified by the User configuration option instead.
+#	Has no effect if started under a regular user.
+#	0 - do not allow
+#	1 - allow
+#
+# Mandatory: no
+# Default:
+# AllowRoot=0
+
+### Option: User
+#	Drop privileges to a specific, existing user on the system.
+#	Only has effect if run as 'root' and AllowRoot is disabled.
+#
+# Mandatory: no
+# Default:
+# User=zabbix
+
+### Option: Include
+#	You may include individual files or all files in a directory in the configuration file.
+#	Installing Zabbix will create include directory in /usr/local/etc, unless modified during the compile time.
+#
+# Mandatory: no
+# Default:
+# Include=
+
+Include=/etc/zabbix/zabbix_agentd.d/*.conf
+
+# Include=/usr/local/etc/zabbix_agentd.userparams.conf
+# Include=/usr/local/etc/zabbix_agentd.conf.d/
+# Include=/usr/local/etc/zabbix_agentd.conf.d/*.conf
+
+####### USER-DEFINED MONITORED PARAMETERS #######
+
+### Option: UnsafeUserParameters
+#	Allow all characters to be passed in arguments to user-defined parameters.
+#	The following characters are not allowed:
+#	\ ' " ` * ? [ ] { } ~ $ ! & ; ( ) < > | # @
+#	Additionally, newline characters are not allowed.
+#	0 - do not allow
+#	1 - allow
+#
+# Mandatory: no
+# Range: 0-1
+# Default:
+# UnsafeUserParameters=0
+
+### Option: UserParameter
+#	User-defined parameter to monitor. There can be several user-defined parameters.
+#	Format: UserParameter=<key>,<shell command>
+#	See 'zabbix_agentd' directory for examples.
+#
+# Mandatory: no
+# Default:
+# UserParameter=
+
+####### LOADABLE MODULES #######
+
+### Option: LoadModulePath
+#	Full path to location of agent modules.
+#	Default depends on compilation options.
+#
+# Mandatory: no
+# Default:
+# LoadModulePath=${libdir}/modules
+
+### Option: LoadModule
+#	Module to load at agent startup. Modules are used to extend functionality of the agent.
+#	Format: LoadModule=<module.so>
+#	The modules must be located in directory specified by LoadModulePath.
+#	It is allowed to include multiple LoadModule parameters.
+#
+# Mandatory: no
+# Default:
+# LoadModule=
+
+####### TLS-RELATED PARAMETERS #######
+
+### Option: TLSConnect
+#	How the agent should connect to server or proxy. Used for active checks.
+#	Only one value can be specified:
+#		unencrypted - connect without encryption
+#		psk         - connect using TLS and a pre-shared key
+#		cert        - connect using TLS and a certificate
+#
+# Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection)
+# Default:
+# TLSConnect=unencrypted
+
+TLSConnect=psk
+
+### Option: TLSAccept
+#	What incoming connections to accept.
+#	Multiple values can be specified, separated by comma:
+#		unencrypted - accept connections without encryption
+#		psk         - accept connections secured with TLS and a pre-shared key
+#		cert        - accept connections secured with TLS and a certificate
+#
+# Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection)
+# Default:
+# TLSAccept=unencrypted
+
+TLSAccept=psk
+
+### Option: TLSCAFile
+#	Full pathname of a file containing the top-level CA(s) certificates for
+#	peer certificate verification.
+#
+# Mandatory: no
+# Default:
+# TLSCAFile=
+
+### Option: TLSCRLFile
+#	Full pathname of a file containing revoked certificates.
+#
+# Mandatory: no
+# Default:
+# TLSCRLFile=
+
+### Option: TLSServerCertIssuer
+#      Allowed server certificate issuer.
+#
+# Mandatory: no
+# Default:
+# TLSServerCertIssuer=
+
+### Option: TLSServerCertSubject
+#      Allowed server certificate subject.
+#
+# Mandatory: no
+# Default:
+# TLSServerCertSubject=
+
+### Option: TLSCertFile
+#	Full pathname of a file containing the agent certificate or certificate chain.
+#
+# Mandatory: no
+# Default:
+# TLSCertFile=
+
+### Option: TLSKeyFile
+#	Full pathname of a file containing the agent private key.
+#
+# Mandatory: no
+# Default:
+# TLSKeyFile=
+
+### Option: TLSPSKIdentity
+#	Unique, case sensitive string used to identify the pre-shared key.
+#
+# Mandatory: no
+# Default:
+# TLSPSKIdentity=
+
+TLSPSKIdentity=PSK001
+
+### Option: TLSPSKFile
+#	Full pathname of a file containing the pre-shared key.
+#
+# Mandatory: no
+# Default:
+# TLSPSKFile=
+
+TLSPSKFile=/etc/zabbix/zabbix_agentd.psk

etc/zabbix/zabbix_agentd.conf-rpm

@@ -0,0 +1,402 @@
+# This is a configuration file for Zabbix agent daemon (Unix)
+# To get more information about Zabbix, visit http://www.zabbix.com
+
+############ GENERAL PARAMETERS #################
+
+### Option: PidFile
+#	Name of PID file.
+#
+# Mandatory: no
+# Default:
+# PidFile=/tmp/zabbix_agentd.pid
+
+PidFile=/var/run/zabbix/zabbix_agentd.pid
+
+### Option: LogType
+#	Specifies where log messages are written to:
+#		system  - syslog
+#		file    - file specified with LogFile parameter
+#		console - standard output
+#
+# Mandatory: no
+# Default:
+# LogType=file
+
+### Option: LogFile
+#	Log file name for LogType 'file' parameter.
+#
+# Mandatory: no
+# Default:
+# LogFile=
+
+LogFile=/var/log/zabbix-agent/zabbix_agentd.log
+
+### Option: LogFileSize
+#	Maximum size of log file in MB.
+#	0 - disable automatic log rotation.
+#
+# Mandatory: no
+# Range: 0-1024
+# Default:
+# LogFileSize=1
+
+LogFileSize=0
+
+### Option: DebugLevel
+#	Specifies debug level:
+#	0 - basic information about starting and stopping of Zabbix processes
+#	1 - critical information
+#	2 - error information
+#	3 - warnings
+#	4 - for debugging (produces lots of information)
+#	5 - extended debugging (produces even more information)
+#
+# Mandatory: no
+# Range: 0-5
+# Default:
+# DebugLevel=3
+
+### Option: SourceIP
+#	Source IP address for outgoing connections.
+#
+# Mandatory: no
+# Default:
+# SourceIP=
+
+### Option: EnableRemoteCommands
+#	Whether remote commands from Zabbix server are allowed.
+#	0 - not allowed
+#	1 - allowed
+#
+# Mandatory: no
+# Default:
+# EnableRemoteCommands=0
+
+### Option: LogRemoteCommands
+#	Enable logging of executed shell commands as warnings.
+#	0 - disabled
+#	1 - enabled
+#
+# Mandatory: no
+# Default:
+# LogRemoteCommands=0
+
+##### Passive checks related
+
+### Option: Server
+#	List of comma delimited IP addresses (or hostnames) of Zabbix servers.
+#	Incoming connections will be accepted only from the hosts listed here.
+#	If IPv6 support is enabled then '127.0.0.1', '::127.0.0.1', '::ffff:127.0.0.1' are treated equally.
+#
+# Mandatory: no
+# Default:
+# Server=
+
+#Server=127.0.0.1
+
+### Option: ListenPort
+#	Agent will listen on this port for connections from the server.
+#
+# Mandatory: no
+# Range: 1024-32767
+# Default:
+# ListenPort=10050
+
+### Option: ListenIP
+#	List of comma delimited IP addresses that the agent should listen on.
+#	First IP address is sent to Zabbix server if connecting to it to retrieve list of active checks.
+#
+# Mandatory: no
+# Default:
+# ListenIP=0.0.0.0
+
+### Option: StartAgents
+#	Number of pre-forked instances of zabbix_agentd that process passive checks.
+#	If set to 0, disables passive checks and the agent will not listen on any TCP port.
+#
+# Mandatory: no
+# Range: 0-100
+# Default:
+# StartAgents=3
+
+StartAgents=0
+
+##### Active checks related
+
+### Option: ServerActive
+#	List of comma delimited IP:port (or hostname:port) pairs of Zabbix servers for active checks.
+#	If port is not specified, default port is used.
+#	IPv6 addresses must be enclosed in square brackets if port for that host is specified.
+#	If port is not specified, square brackets for IPv6 addresses are optional.
+#	If this parameter is not specified, active checks are disabled.
+#	Example: ServerActive=127.0.0.1:20051,zabbix.domain,[::1]:30051,::1,[12fc::1]
+#
+# Mandatory: no
+# Default:
+# ServerActive=
+
+ServerActive=111.222.111.222
+
+### Option: Hostname
+#	Unique, case sensitive hostname.
+#	Required for active checks and must match hostname as configured on the server.
+#	Value is acquired from HostnameItem if undefined.
+#
+# Mandatory: no
+# Default:
+# Hostname=
+
+Hostname=hostname.example.com
+
+### Option: HostnameItem
+#	Item used for generating Hostname if it is undefined. Ignored if Hostname is defined.
+#	Does not support UserParameters or aliases.
+#
+# Mandatory: no
+# Default:
+# HostnameItem=system.hostname
+
+### Option: HostMetadata
+#	Optional parameter that defines host metadata.
+#	Host metadata is used at host auto-registration process.
+#	An agent will issue an error and not start if the value is over limit of 255 characters.
+#	If not defined, value will be acquired from HostMetadataItem.
+#
+# Mandatory: no
+# Range: 0-255 characters
+# Default:
+# HostMetadata=
+
+### Option: HostMetadataItem
+#	Optional parameter that defines an item used for getting host metadata.
+#	Host metadata is used at host auto-registration process.
+#	During an auto-registration request an agent will log a warning message if
+#	the value returned by specified item is over limit of 255 characters.
+#	This option is only used when HostMetadata is not defined.
+#
+# Mandatory: no
+# Default:
+# HostMetadataItem=
+
+### Option: RefreshActiveChecks
+#	How often list of active checks is refreshed, in seconds.
+#
+# Mandatory: no
+# Range: 60-3600
+# Default:
+# RefreshActiveChecks=120
+
+### Option: BufferSend
+#	Do not keep data longer than N seconds in buffer.
+#
+# Mandatory: no
+# Range: 1-3600
+# Default:
+# BufferSend=5
+
+### Option: BufferSize
+#	Maximum number of values in a memory buffer. The agent will send
+#	all collected data to Zabbix Server or Proxy if the buffer is full.
+#
+# Mandatory: no
+# Range: 2-65535
+# Default:
+# BufferSize=100
+
+### Option: MaxLinesPerSecond
+#	Maximum number of new lines the agent will send per second to Zabbix Server
+#	or Proxy processing 'log' and 'logrt' active checks.
+#	The provided value will be overridden by the parameter 'maxlines',
+#	provided in 'log' or 'logrt' item keys.
+#
+# Mandatory: no
+# Range: 1-1000
+# Default:
+# MaxLinesPerSecond=20
+
+############ ADVANCED PARAMETERS #################
+
+### Option: Alias
+#	Sets an alias for an item key. It can be used to substitute long and complex item key with a smaller and simpler one.
+#	Multiple Alias parameters may be present. Multiple parameters with the same Alias key are not allowed.
+#	Different Alias keys may reference the same item key.
+#	For example, to retrieve the ID of user 'zabbix':
+#	Alias=zabbix.userid:vfs.file.regexp[/etc/passwd,^zabbix:.:([0-9]+),,,,\1]
+#	Now shorthand key zabbix.userid may be used to retrieve data.
+#	Aliases can be used in HostMetadataItem but not in HostnameItem parameters.
+#
+# Mandatory: no
+# Range:
+# Default:
+
+### Option: Timeout
+#	Spend no more than Timeout seconds on processing
+#
+# Mandatory: no
+# Range: 1-30
+# Default:
+# Timeout=3
+
+### Option: AllowRoot
+#	Allow the agent to run as 'root'. If disabled and the agent is started by 'root', the agent
+#	will try to switch to the user specified by the User configuration option instead.
+#	Has no effect if started under a regular user.
+#	0 - do not allow
+#	1 - allow
+#
+# Mandatory: no
+# Default:
+# AllowRoot=0
+
+### Option: User
+#	Drop privileges to a specific, existing user on the system.
+#	Only has effect if run as 'root' and AllowRoot is disabled.
+#
+# Mandatory: no
+# Default:
+# User=zabbix
+
+### Option: Include
+#	You may include individual files or all files in a directory in the configuration file.
+#	Installing Zabbix will create include directory in /etc/zabbix, unless modified during the compile time.
+#
+# Mandatory: no
+# Default:
+# Include=
+
+# Include=/etc/zabbix/zabbix_agentd.userparams.conf
+# Include=/etc/zabbix/zabbix_agentd.conf.d/
+Include=/etc/zabbix/zabbix_agentd.conf.d/*.conf
+
+####### USER-DEFINED MONITORED PARAMETERS #######
+
+### Option: UnsafeUserParameters
+#	Allow all characters to be passed in arguments to user-defined parameters.
+#	The following characters are not allowed:
+#	\ ' " ` * ? [ ] { } ~ $ ! & ; ( ) < > | # @
+#	Additionally, newline characters are not allowed.
+#	0 - do not allow
+#	1 - allow
+#
+# Mandatory: no
+# Range: 0-1
+# Default:
+# UnsafeUserParameters=0
+
+### Option: UserParameter
+#	User-defined parameter to monitor. There can be several user-defined parameters.
+#	Format: UserParameter=<key>,<shell command>
+#	See 'zabbix_agentd' directory for examples.
+#
+# Mandatory: no
+# Default:
+# UserParameter=
+
+####### LOADABLE MODULES #######
+
+### Option: LoadModulePath
+#	Full path to location of agent modules.
+#	Default depends on compilation options.
+#
+# Mandatory: no
+# Default:
+# LoadModulePath=${libdir}/modules
+
+### Option: LoadModule
+#	Module to load at agent startup. Modules are used to extend functionality of the agent.
+#	Format: LoadModule=<module.so>
+#	The modules must be located in directory specified by LoadModulePath.
+#	It is allowed to include multiple LoadModule parameters.
+#
+# Mandatory: no
+# Default:
+# LoadModule=
+
+####### TLS-RELATED PARAMETERS #######
+
+### Option: TLSConnect
+#	How the agent should connect to server or proxy. Used for active checks.
+#	Only one value can be specified:
+#		unencrypted - connect without encryption
+#		psk         - connect using TLS and a pre-shared key
+#		cert        - connect using TLS and a certificate
+#
+# Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection)
+# Default:
+# TLSConnect=unencrypted
+
+TLSConnect=psk
+
+### Option: TLSAccept
+#	What incoming connections to accept.
+#	Multiple values can be specified, separated by comma:
+#		unencrypted - accept connections without encryption
+#		psk         - accept connections secured with TLS and a pre-shared key
+#		cert        - accept connections secured with TLS and a certificate
+#
+# Mandatory: yes, if TLS certificate or PSK parameters are defined (even for 'unencrypted' connection)
+# Default:
+# TLSAccept=unencrypted
+
+TLSAccept=psk
+
+### Option: TLSCAFile
+#	Full pathname of a file containing the top-level CA(s) certificates for
+#	peer certificate verification.
+#
+# Mandatory: no
+# Default:
+# TLSCAFile=
+
+### Option: TLSCRLFile
+#	Full pathname of a file containing revoked certificates.
+#
+# Mandatory: no
+# Default:
+# TLSCRLFile=
+
+### Option: TLSServerCertIssuer
+#      Allowed server certificate issuer.
+#
+# Mandatory: no
+# Default:
+# TLSServerCertIssuer=
+
+### Option: TLSServerCertSubject
+#      Allowed server certificate subject.
+#
+# Mandatory: no
+# Default:
+# TLSServerCertSubject=
+
+### Option: TLSCertFile
+#	Full pathname of a file containing the agent certificate or certificate chain.
+#
+# Mandatory: no
+# Default:
+# TLSCertFile=
+
+### Option: TLSKeyFile
+#	Full pathname of a file containing the agent private key.
+#
+# Mandatory: no
+# Default:
+# TLSKeyFile=
+
+### Option: TLSPSKIdentity
+#	Unique, case sensitive string used to identify the pre-shared key.
+#
+# Mandatory: no
+# Default:
+# TLSPSKIdentity=
+
+TLSPSKIdentity=PSK001
+
+### Option: TLSPSKFile
+#	Full pathname of a file containing the pre-shared key.
+#
+# Mandatory: no
+# Default:
+# TLSPSKFile=
+
+TLSPSKFile=/etc/zabbix/zabbix_agentd.psk

etc/zabbix/zabbix_server.conf

@@ -0,0 +1,700 @@
+# This is a configuration file for Zabbix server daemon
+# To get more information about Zabbix, visit http://www.zabbix.com
+
+############ GENERAL PARAMETERS #################
+
+### Option: ListenPort
+#	Listen port for trapper.
+#
+# Mandatory: no
+# Range: 1024-32767
+# Default:
+# ListenPort=10051
+
+### Option: SourceIP
+#	Source IP address for outgoing connections.
+#
+# Mandatory: no
+# Default:
+# SourceIP=
+
+### Option: LogType
+#	Specifies where log messages are written to:
+#		system  - syslog
+#		file    - file specified with LogFile parameter
+#		console - standard output
+#
+# Mandatory: no
+# Default:
+# LogType=file
+
+### Option: LogFile
+#	Log file name for LogType 'file' parameter.
+#
+# Mandatory: no
+# Default:
+# LogFile=
+
+LogFile=/var/log/zabbix/zabbix_server.log
+
+### Option: LogFileSize
+#	Maximum size of log file in MB.
+#	0 - disable automatic log rotation.
+#
+# Mandatory: no
+# Range: 0-1024
+# Default:
+# LogFileSize=1
+
+LogFileSize=0
+
+### Option: DebugLevel
+#	Specifies debug level:
+#	0 - basic information about starting and stopping of Zabbix processes
+#	1 - critical information
+#	2 - error information
+#	3 - warnings
+#	4 - for debugging (produces lots of information)
+#	5 - extended debugging (produces even more information)
+#
+# Mandatory: no
+# Range: 0-5
+# Default:
+# DebugLevel=3
+
+### Option: PidFile
+#	Name of PID file.
+#
+# Mandatory: no
+# Default:
+# PidFile=/tmp/zabbix_server.pid
+
+PidFile=/var/run/zabbix/zabbix_server.pid
+
+### Option: SocketDir
+#	IPC socket directory.
+#       Directory to store IPC sockets used by internal Zabbix services.
+#
+# Mandatory: no
+# Default:
+# SocketDir=/tmp
+
+SocketDir=/var/run/zabbix
+
+### Option: DBHost
+#	Database host name.
+#	If set to localhost, socket is used for MySQL.
+#	If set to empty string, socket is used for PostgreSQL.
+#
+# Mandatory: no
+# Default:
+# DBHost=localhost
+
+### Option: DBName
+#	Database name.
+#	For SQLite3 path to database file must be provided. DBUser and DBPassword are ignored.
+#
+# Mandatory: yes
+# Default:
+# DBName=
+
+DBName=zabbix
+
+### Option: DBSchema
+#	Schema name. Used for IBM DB2 and PostgreSQL.
+#
+# Mandatory: no
+# Default:
+# DBSchema=
+
+### Option: DBUser
+#	Database user. Ignored for SQLite.
+#
+# Mandatory: no
+# Default:
+# DBUser=
+
+DBUser=zabbix
+
+### Option: DBPassword
+#	Database password. Ignored for SQLite.
+#	Comment this line if no password is used.
+#
+# Mandatory: no
+# Default:
+# DBPassword=
+
+DBPassword=xxxxxxxxxxxxxx
+
+### Option: DBSocket
+#	Path to MySQL socket.
+#
+# Mandatory: no
+# Default:
+# DBSocket=/tmp/mysql.sock
+
+DBSocket=/var/lib/mysql/mysql.sock
+
+### Option: DBPort
+#	Database port when not using local socket. Ignored for SQLite.
+#
+# Mandatory: no
+# Range: 1024-65535
+# Default (for MySQL):
+# DBPort=3306
+
+### Option: HistoryStorageURL
+#	History storage HTTP[S] URL.
+#
+# Mandatory: no
+# Default:
+# HistoryStorageURL=
+
+### Option: HistoryStorageTypes
+#	Comma separated list of value types to be sent to the history storage.
+#
+# Mandatory: no
+# Default:
+# HistoryStorageTypes=uint,dbl,str,log,text
+
+############ ADVANCED PARAMETERS ################
+
+### Option: StartPollers
+#	Number of pre-forked instances of pollers.
+#
+# Mandatory: no
+# Range: 0-1000
+# Default:
+# StartPollers=5
+
+StartPollers=0
+
+### Option: StartIPMIPollers
+#	Number of pre-forked instances of IPMI pollers.
+#       The IPMI manager process is automatically started when at least one IPMI poller is started.
+#
+# Mandatory: no
+# Range: 0-1000
+# Default:
+# StartIPMIPollers=0
+
+### Option: StartPreprocessors
+#	Number of pre-forked instances of preprocessing workers.
+#       The preprocessing manager process is automatically started when preprocessor worker is started.
+#
+# Mandatory: no
+# Range: 1-1000
+# Default:
+# StartPreprocessors=3
+
+StartPreprocessors=1
+
+### Option: StartPollersUnreachable
+#	Number of pre-forked instances of pollers for unreachable hosts (including IPMI and Java).
+#	At least one poller for unreachable hosts must be running if regular, IPMI or Java pollers
+#	are started.
+#
+# Mandatory: no
+# Range: 0-1000
+# Default:
+# StartPollersUnreachable=1
+
+StartPollersUnreachable=0
+
+### Option: StartTrappers
+#	Number of pre-forked instances of trappers.
+#	Trappers accept incoming connections from Zabbix sender, active agents and active proxies.
+#	At least one trapper process must be running to display server availability and view queue
+#	in the frontend.
+#
+# Mandatory: no
+# Range: 0-1000
+# Default:
+# StartTrappers=5
+
+StartTrappers=2
+
+### Option: StartPingers
+#	Number of pre-forked instances of ICMP pingers.
+#
+# Mandatory: no
+# Range: 0-1000
+# Default:
+# StartPingers=1
+
+StartPingers=0
+
+### Option: StartDiscoverers
+#	Number of pre-forked instances of discoverers.
+#
+# Mandatory: no
+# Range: 0-250
+# Default:
+# StartDiscoverers=1
+
+StartDiscoverers=0
+
+### Option: StartHTTPPollers
+#	Number of pre-forked instances of HTTP pollers.
+#
+# Mandatory: no
+# Range: 0-1000
+# Default:
+# StartHTTPPollers=1
+
+StartHTTPPollers=1
+
+### Option: StartTimers
+#	Number of pre-forked instances of timers.
+#	Timers process time-based trigger functions and maintenance periods.
+#	Only the first timer process handles the maintenance periods.
+#
+# Mandatory: no
+# Range: 1-1000
+# Default:
+# StartTimers=1
+
+### Option: StartEscalators
+#	Number of pre-forked instances of escalators.
+#
+# Mandatory: no
+# Range: 0-100
+# Default:
+# StartEscalators=1
+
+### Option: StartAlerters
+#	Number of pre-forked instances of alerters.
+#	Alerters send the notifications created by action operations.
+#
+# Mandatory: no
+# Range: 0-100
+# Default:
+# StartAlerters=3
+
+StartAlerters=1
+
+### Option: JavaGateway
+#	IP address (or hostname) of Zabbix Java gateway.
+#	Only required if Java pollers are started.
+#
+# Mandatory: no
+# Default:
+# JavaGateway=
+
+### Option: JavaGatewayPort
+#	Port that Zabbix Java gateway listens on.
+#
+# Mandatory: no
+# Range: 1024-32767
+# Default:
+# JavaGatewayPort=10052
+
+### Option: StartJavaPollers
+#	Number of pre-forked instances of Java pollers.
+#
+# Mandatory: no
+# Range: 0-1000
+# Default:
+# StartJavaPollers=0
+
+### Option: StartVMwareCollectors
+#	Number of pre-forked vmware collector instances.
+#
+# Mandatory: no
+# Range: 0-250
+# Default:
+# StartVMwareCollectors=0
+
+### Option: VMwareFrequency
+#	How often Zabbix will connect to VMware service to obtain a new data.
+#
+# Mandatory: no
+# Range: 10-86400
+# Default:
+# VMwareFrequency=60
+
+### Option: VMwarePerfFrequency
+#	How often Zabbix will connect to VMware service to obtain performance data.
+#
+# Mandatory: no
+# Range: 10-86400
+# Default:
+# VMwarePerfFrequency=60
+
+### Option: VMwareCacheSize
+#	Size of VMware cache, in bytes.
+#	Shared memory size for storing VMware data.
+#	Only used if VMware collectors are started.
+#
+# Mandatory: no
+# Range: 256K-2G
+# Default:
+# VMwareCacheSize=8M
+
+### Option: VMwareTimeout
+#	Specifies how many seconds vmware collector waits for response from VMware service.
+#
+# Mandatory: no
+# Range: 1-300
+# Default:
+# VMwareTimeout=10
+
+### Option: SNMPTrapperFile
+#	Temporary file used for passing data from SNMP trap daemon to the server.
+#	Must be the same as in zabbix_trap_receiver.pl or SNMPTT configuration file.
+#
+# Mandatory: no
+# Default:
+# SNMPTrapperFile=/tmp/zabbix_traps.tmp
+
+SNMPTrapperFile=/var/log/snmptrap/snmptrap.log
+
+### Option: StartSNMPTrapper
+#	If 1, SNMP trapper process is started.
+#
+# Mandatory: no
+# Range: 0-1
+# Default:
+# StartSNMPTrapper=0
+
+### Option: ListenIP
+#	List of comma delimited IP addresses that the trapper should listen on.
+#	Trapper will listen on all network interfaces if this parameter is missing.
+#
+# Mandatory: no
+# Default:
+# ListenIP=0.0.0.0
+
+# ListenIP=127.0.0.1
+
+### Option: HousekeepingFrequency
+#	How often Zabbix will perform housekeeping procedure (in hours).
+#	Housekeeping is removing outdated information from the database.
+#	To prevent Housekeeper from being overloaded, no more than 4 times HousekeepingFrequency
+#	hours of outdated information are deleted in one housekeeping cycle, for each item.
+#	To lower load on server startup housekeeping is postponed for 30 minutes after server start.
+#	With HousekeepingFrequency=0 the housekeeper can be only executed using the runtime control option.
+#	In this case the period of outdated information deleted in one housekeeping cycle is 4 times the
+#	period since the last housekeeping cycle, but not less than 4 hours and not greater than 4 days.
+#
+# Mandatory: no
+# Range: 0-24
+# Default:
+# HousekeepingFrequency=1
+
+### Option: MaxHousekeeperDelete
+#	The table "housekeeper" contains "tasks" for housekeeping procedure in the format:
+#	[housekeeperid], [tablename], [field], [value].
+#	No more than 'MaxHousekeeperDelete' rows (corresponding to [tablename], [field], [value])
+#	will be deleted per one task in one housekeeping cycle.
+#	SQLite3 does not use this parameter, deletes all corresponding rows without a limit.
+#	If set to 0 then no limit is used at all. In this case you must know what you are doing!
+#
+# Mandatory: no
+# Range: 0-1000000
+# Default:
+# MaxHousekeeperDelete=5000
+
+### Option: CacheSize
+#	Size of configuration cache, in bytes.
+#	Shared memory size for storing host, item and trigger data.
+#
+# Mandatory: no
+# Range: 128K-8G
+# Default:
+# CacheSize=8M
+
+### Option: CacheUpdateFrequency
+#	How often Zabbix will perform update of configuration cache, in seconds.
+#
+# Mandatory: no
+# Range: 1-3600
+# Default:
+# CacheUpdateFrequency=60
+
+### Option: StartDBSyncers
+#	Number of pre-forked instances of DB Syncers.
+#
+# Mandatory: no
+# Range: 1-100
+# Default:
+# StartDBSyncers=4
+
+StartDBSyncers=1
+
+### Option: HistoryCacheSize
+#	Size of history cache, in bytes.
+#	Shared memory size for storing history data.
+#
+# Mandatory: no
+# Range: 128K-2G
+# Default:
+# HistoryCacheSize=16M
+
+### Option: HistoryIndexCacheSize
+#	Size of history index cache, in bytes.
+#	Shared memory size for indexing history cache.
+#
+# Mandatory: no
+# Range: 128K-2G
+# Default:
+# HistoryIndexCacheSize=4M
+
+### Option: TrendCacheSize
+#	Size of trend cache, in bytes.
+#	Shared memory size for storing trends data.
+#
+# Mandatory: no
+# Range: 128K-2G
+# Default:
+# TrendCacheSize=4M
+
+### Option: ValueCacheSize
+#	Size of history value cache, in bytes.
+#	Shared memory size for caching item history data requests.
+#	Setting to 0 disables value cache.
+#
+# Mandatory: no
+# Range: 0,128K-64G
+# Default:
+# ValueCacheSize=8M
+
+### Option: Timeout
+#	Specifies how long we wait for agent, SNMP device or external check (in seconds).
+#
+# Mandatory: no
+# Range: 1-30
+# Default:
+# Timeout=3
+
+Timeout=4
+
+### Option: TrapperTimeout
+#	Specifies how many seconds trapper may spend processing new data.
+#
+# Mandatory: no
+# Range: 1-300
+# Default:
+# TrapperTimeout=300
+
+### Option: UnreachablePeriod
+#	After how many seconds of unreachability treat a host as unavailable.
+#
+# Mandatory: no
+# Range: 1-3600
+# Default:
+# UnreachablePeriod=45
+
+### Option: UnavailableDelay
+#	How often host is checked for availability during the unavailability period, in seconds.
+#
+# Mandatory: no
+# Range: 1-3600
+# Default:
+# UnavailableDelay=60
+
+### Option: UnreachableDelay
+#	How often host is checked for availability during the unreachability period, in seconds.
+#
+# Mandatory: no
+# Range: 1-3600
+# Default:
+# UnreachableDelay=15
+
+### Option: AlertScriptsPath
+#	Full path to location of custom alert scripts.
+#	Default depends on compilation options.
+#
+# Mandatory: no
+# Default:
+# AlertScriptsPath=${datadir}/zabbix/alertscripts
+
+AlertScriptsPath=/usr/lib/zabbix/alertscripts
+
+### Option: ExternalScripts
+#	Full path to location of external scripts.
+#	Default depends on compilation options.
+#
+# Mandatory: no
+# Default:
+# ExternalScripts=${datadir}/zabbix/externalscripts
+
+ExternalScripts=/usr/lib/zabbix/externalscripts
+
+### Option: FpingLocation
+#	Location of fping.
+#	Make sure that fping binary has root ownership and SUID flag set.
+#
+# Mandatory: no
+# Default:
+# FpingLocation=/usr/sbin/fping
+
+### Option: Fping6Location
+#	Location of fping6.
+#	Make sure that fping6 binary has root ownership and SUID flag set.
+#	Make empty if your fping utility is capable to process IPv6 addresses.
+#
+# Mandatory: no
+# Default:
+# Fping6Location=/usr/sbin/fping6
+
+### Option: SSHKeyLocation
+#	Location of public and private keys for SSH checks and actions.
+#
+# Mandatory: no
+# Default:
+# SSHKeyLocation=
+
+### Option: LogSlowQueries
+#	How long a database query may take before being logged (in milliseconds).
+#	Only works if DebugLevel set to 3, 4 or 5.
+#	0 - don't log slow queries.
+#
+# Mandatory: no
+# Range: 1-3600000
+# Default:
+# LogSlowQueries=0
+
+LogSlowQueries=3000
+
+### Option: TmpDir
+#	Temporary directory.
+#
+# Mandatory: no
+# Default:
+# TmpDir=/tmp
+
+### Option: StartProxyPollers
+#	Number of pre-forked instances of pollers for passive proxies.
+#
+# Mandatory: no
+# Range: 0-250
+# Default:
+# StartProxyPollers=1
+
+StartProxyPollers=0
+
+### Option: ProxyConfigFrequency
+#	How often Zabbix Server sends configuration data to a Zabbix Proxy in seconds.
+#	This parameter is used only for proxies in the passive mode.
+#
+# Mandatory: no
+# Range: 1-3600*24*7
+# Default:
+# ProxyConfigFrequency=3600
+
+### Option: ProxyDataFrequency
+#	How often Zabbix Server requests history data from a Zabbix Proxy in seconds.
+#	This parameter is used only for proxies in the passive mode.
+#
+# Mandatory: no
+# Range: 1-3600
+# Default:
+# ProxyDataFrequency=1
+
+### Option: AllowRoot
+#	Allow the server to run as 'root'. If disabled and the server is started by 'root', the server
+#	will try to switch to the user specified by the User configuration option instead.
+#	Has no effect if started under a regular user.
+#	0 - do not allow
+#	1 - allow
+#
+# Mandatory: no
+# Default:
+# AllowRoot=0
+
+### Option: User
+#	Drop privileges to a specific, existing user on the system.
+#	Only has effect if run as 'root' and AllowRoot is disabled.
+#
+# Mandatory: no
+# Default:
+# User=zabbix
+
+### Option: Include
+#	You may include individual files or all files in a directory in the configuration file.
+#	Installing Zabbix will create include directory in /usr/local/etc, unless modified during the compile time.
+#
+# Mandatory: no
+# Default:
+# Include=
+
+# Include=/usr/local/etc/zabbix_server.general.conf
+# Include=/usr/local/etc/zabbix_server.conf.d/
+# Include=/usr/local/etc/zabbix_server.conf.d/*.conf
+
+### Option: SSLCertLocation
+#	Location of SSL client certificates.
+#	This parameter is used only in web monitoring.
+#
+# Mandatory: no
+# Default:
+# SSLCertLocation=${datadir}/zabbix/ssl/certs
+
+### Option: SSLKeyLocation
+#	Location of private keys for SSL client certificates.
+#	This parameter is used only in web monitoring.
+#
+# Mandatory: no
+# Default:
+# SSLKeyLocation=${datadir}/zabbix/ssl/keys
+
+### Option: SSLCALocation
+#	Override the location of certificate authority (CA) files for SSL server certificate verification.
+#	If not set, system-wide directory will be used.
+#	This parameter is used only in web monitoring and SMTP authentication.
+#
+# Mandatory: no
+# Default:
+# SSLCALocation=
+
+####### LOADABLE MODULES #######
+
+### Option: LoadModulePath
+#	Full path to location of server modules.
+#	Default depends on compilation options.
+#
+# Mandatory: no
+# Default:
+# LoadModulePath=${libdir}/modules
+
+### Option: LoadModule
+#	Module to load at server startup. Modules are used to extend functionality of the server.
+#	Format: LoadModule=<module.so>
+#	The modules must be located in directory specified by LoadModulePath.
+#	It is allowed to include multiple LoadModule parameters.
+#
+# Mandatory: no
+# Default:
+# LoadModule=
+
+####### TLS-RELATED PARAMETERS #######
+
+### Option: TLSCAFile
+#	Full pathname of a file containing the top-level CA(s) certificates for
+#	peer certificate verification.
+#
+# Mandatory: no
+# Default:
+# TLSCAFile=
+
+### Option: TLSCRLFile
+#	Full pathname of a file containing revoked certificates.
+#
+# Mandatory: no
+# Default:
+# TLSCRLFile=
+
+### Option: TLSCertFile
+#	Full pathname of a file containing the server certificate or certificate chain.
+#
+# Mandatory: no
+# Default:
+# TLSCertFile=
+
+### Option: TLSKeyFile
+#	Full pathname of a file containing the server private key.
+#
+# Mandatory: no
+# Default:
+# TLSKeyFile=

home/bashrc

@@ -0,0 +1,16 @@
+
+PATH=$PATH:$HOME/.local/bin:$HOME/bin
+QUOTING_STYLE=literal
+BC_ENV_ARGS="-l -q"
+export PATH QUOTING_STYLE BC_ENV_ARGS
+
+alias vi="vim"
+unset SSH_ASKPASS
+
+HISTCONTROL="ignoredups"
+HISTTIMEFORMAT='%Y-%m-%d %H:%M  '
+HISTSIZE=1000
+HISTFILESIZE=2000
+
+shopt -s cmdhist histappend
+shopt -s checkwinsize

home/gitconfig

@@ -0,0 +1,2 @@
+[pull]
+	rebase = false

home/gpg-agent.conf

@@ -0,0 +1,3 @@
+pinentry-program /usr/bin/pinentry-tty
+allow-loopback-pinentry
+disable-scdaemon

home/inputrc

@@ -0,0 +1,8 @@
+#
+# ~/.inputrc
+#
+
+# man readline
+set colored-stats On
+set mark-symlinked-directories On
+set enable-bracketed-paste Off

home/selected_editor

@@ -0,0 +1,2 @@
+# Generated by /usr/bin/select-editor
+SELECTED_EDITOR="/usr/bin/vim.nox"

home/tmux.conf

@@ -0,0 +1 @@
+set-option -g mouse on

home/vimrc

@@ -0,0 +1,90 @@
+" ~/.vimrc
+
+" This must be first  - it changes other options as a side effect
+set nocompatible    " use Vim settings, rather then Vi settings
+
+set shortmess+=I    " get rid of the intro screen on blank file
+set background=dark " this works better for text mode white-on-black terms
+set backspace=2     " allow backspacing over everything in insert mode
+set esckeys         " allow cursor keys in insert mode
+set noautoindent    " always set autoindenting off
+set shiftwidth=4    " number of spaces used for autoindent insertions
+set tabstop=4       " tabstop positions
+
+set nobackup        " backups are for wimps
+set history=250     " keep 250 lines of command line history
+
+set noerrorbells    " damn that beep to hell
+set visualbell      " enable terminal visual bell, but...
+set t_vb=           " ...unset the code to do it. (MacVim needs this)
+set magic           " use 'magic' patterns  (extended regexp) in search
+set ignorecase      " ignore case during searches
+set smartcase       " all lower/upper = case insensitive, \c \C overrides
+
+set laststatus=2    " show status line, even if only one buffer
+set report=0        " show report on all (0) changes
+set lazyredraw      " do not update screen while executing macros
+set ruler           " show the cursor position all the time
+set showcmd         " show current uncompleted command
+set showmode        " show current mode
+set showmatch       " show matching brackets
+
+" tone down that dang bold highlighting, folks
+" highlight=8b,db,es,hs,mb,Mn,nu,rs,sr,tb,vr,ws
+set highlight=8r,db,es,hs,mb,Mr,nu,rs,sr,tb,vr,ws
+
+" highlight extra/unwanted whitespace
+autocmd ColorScheme * highlight ExtraWhitespace ctermbg=red guibg=red
+highlight ExtraWhitespace ctermbg=red guibg=red guifg=red
+match ExtraWhitespace /\s\+$\| \+\ze\t/
+
+" do not jump to first character with page commands, ie keep the cursor
+" in the current column.
+set nostartofline
+
+" what info to store from an editing session in the viminfo file
+set viminfo='50,\"100,:100,n~/.viminfo
+
+" allow the last line to be a modeline - useful when
+" the last line gives the preferred textwidth
+set modeline
+set modelines=1
+
+" add the dash ('-'), the dot ('.'), and the '@' as "letters" to "words".
+" this makes it possible to expand email addresses, eg: joe-www@foo.org
+set iskeyword=@,48-57,_,192-255,-,.,@-@
+
+" which chars/keys to allow eol wrapping (:help whichwrap)
+set whichwrap=<,>,[,]
+
+" enable wrapping but without linebreaks
+set wrap
+set linebreak
+set nolist        " list disables linebreak
+set textwidth=0
+set wrapmargin=0
+set formatoptions+=l
+
+" When you forgot to sudo before editing a file
+cmap w!! w !sudo tee > /dev/null %
+
+" When the backspace key sends a "delete" character
+" then you simply map the "delete" to a "backspace" (CTRL-H):
+map <Del> <C-H>
+
+" Don't use Ex mode, use Q for formatting
+map Q gq
+
+" Make shift-insert work like in Xterm
+map <S-Insert> <MiddleMouse>
+map! <S-Insert> <MiddleMouse>
+
+" Make p in Visual mode replace the selected text with the "" register.
+vnoremap p <Esc>:let current_reg = @"<CR>gvdi<C-R>=current_reg<CR><Esc>
+
+" Switch syntax highlighting on, when the terminal has colors
+" Also switch on highlighting the last used search pattern.
+if &t_Co > 2 || has("gui_running")
+  syntax on
+  set hlsearch
+endif