Move server and desktop configuration files to their respective directories.

desktop/portage/env/nolto.conf

@@ -0,0 +1,19 @@
+# Inferencium
+# Portage - env - Clang - No LTO
+
+# Copyright 2023 Inference
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+# Version: 1.0.1.2
+
+
+# Flags
+## Hardening flags
+C_SEC="-fstack-clash-protection -fstack-protector-strong -ftrivial-auto-var-init=zero -enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang -fwrapv"
+LD_SEC="-Wl,-z,defs -Wl,-z,now -Wl,-z,relro"
+## Compiler flags
+CFLAGS="-march=znver3 -mtune=znver3 -O2 -pipe ${C_SEC}"
+CXXFLAGS="-march=znver3 -mtune=znver3 -O2 -pipe ${C_SEC}"
+RUSTFLAGS="-C debuginfo=0 -C target-cpu=znver3"
+## Linker flags
+LDFLAGS="-Wl,-O2 -Wl,--strip-all ${LD_SEC}"

desktop/portage/make.conf

@@ -4,7 +4,7 @@
 # Copyright 2022-2023 Inference
 # SPDX-License-Identifier: GPL-3.0-or-later
 
-# Version: 10.0.0.34
+# Version: 13.0.1.38
 
 
 # System
@@ -35,14 +35,17 @@ PORTAGE_CHECKSUM_FILTER="-* sha256 sha512"
 PORTAGE_RSYNC_EXTRA_OPTS="--progress --verbose"
 
 # Flags
+## Hardening flags
+C_SEC="-fstack-clash-protection -fstack-protector-strong -ftrivial-auto-var-init=zero -enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang -fwrapv"
+LD_SEC="-Wl,-z,defs -Wl,-z,now -Wl,-z,relro"
 ## Compiler flags
-CFLAGS="-flto=4 -march=znver3 -mtune=znver3 -O2 -pipe"
+CFLAGS="-flto=thin -march=znver3 -mtune=znver3 -O2 -pipe ${C_SEC}"
-CXXFLAGS="-flto=4 -march=znver3 -mtune=znver3 -O2 -pipe"
+CXXFLAGS="-flto=thin -march=znver3 -mtune=znver3 -O2 -pipe ${C_SEC}"
 RUSTFLAGS="-C debuginfo=0 -C embed-bitcode=y -C lto -C opt-level=2 -C target-cpu=znver3"
 ## Linker flags
-LDFLAGS="-Wl,-O2 -Wl,--strip-all"
+LDFLAGS="-Wl,-O2 -Wl,--strip-all -Wl,--thinlto-jobs=4 ${LD_SEC}"
 ## USE flags
-USE="dbus lto nftables pulseaudio system-av1 system-harfbuzz system-icu system-jpeg system-libvpx system-png system-webp verify-sig wayland"
+USE="clang dbus llvm-libunwind lto nftables pulseaudio system-av1 system-harfbuzz system-icu system-jpeg system-libvpx system-llvm system-png system-webp verify-sig wayland"
 USE="${USE} -ipv6 -systemd -X"
 ## CPU flags
 CPU_FLAGS_X86="aes avx avx2 f16c fma3 mmx mmxext pclmul popcnt rdrand sha sse sse2 sse3 sse4_1 sse4_2 sse4a ssse3"

desktop/portage/package.accept_keywords

@@ -0,0 +1,46 @@
+# Inferencium
+# Portage - package.accept_keywords
+
+# Copyright 2022-2023 Inference
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+# Version: 7.0.0.23
+
+
+app-arch/unrar							~amd64
+dev-lang/rust							~amd64
+dev-libs/date							~amd64
+dev-libs/icu							~amd64
+dev-libs/libfmt							~amd64
+dev-libs/libstrophe						~amd64
+dev-libs/nss							~amd64
+dev-libs/spdlog							~amd64
+dev-libs/wayland-protocols				~amd64
+fs-util/fsverity-utils					~amd64
+gui-apps/waybar							~amd64
+=gui-wm/sway-1.7						~amd64
+<media-gfx/gimp-3.0.0					**
+media-libs/babl							~amd64
+media-libs/dav1d						~amd64
+media-libs/gegl							~amd64
+net-im/profanity						~amd64
+net-misc/ytfzf							~amd64
+sys-auth/elogind						~amd64
+sys-devel/clang							~amd64
+sys-devel/clang-common					~amd64
+sys-devel/clang-runtime					~amd64
+=sys-devel/gcc-12.2.0					~amd64
+sys-devel/lld							~amd64
+sys-devel/llvm							~amd64
+sys-devel/llvm-common					~amd64
+sys-fs/jmtpfs							~amd64
+sys-kernel/inf-kernel					~amd64
+sys-kernel/linux-firmware-desktop		~amd64
+sys-libs/compiler-rt					~amd64
+sys-libs/compiler-rt-sanitizers			~amd64
+sys-libs/libcxx							~amd64
+sys-libs/libcxxabi						~amd64
+sys-libs/libomp							~amd64
+sys-libs/libucontext					~amd64
+virtual/rust							~amd64
+www-client/librewolf					~amd64

desktop/portage/package.env

@@ -4,7 +4,7 @@
 # Copyright 2022-2023 Inference
 # SPDX-License-Identifier: GPL-3.0-or-later
 
-# Version: 7.0.0.41
+# Version: 15.0.0.50
 
 
 # No tmpfs
@@ -48,7 +48,6 @@ app-misc/tmux							nolto.conf
 app-portage/eix							nolto.conf
 app-portage/gemato						nolto.conf
 app-shells/bash							nolto.conf
-app-shells/zsh							nolto.conf
 app-text/asciidoc						nolto.conf
 app-text/enchant						nolto.conf
 app-text/hunspell						nolto.conf
@@ -310,3 +309,27 @@ x11-terms/alacritty						nolto.conf
 x11-themes/gtk-engines-adwaita			nolto.conf
 
 # Basic
+dev-lang/perl							basic.conf
+dev-lang/python							basic.conf
+dev-lua/*							basic.conf
+dev-perl/*							basic.conf
+dev-python/*							basic.conf
+perl-core/*							basic.conf
+
+# GCC - No LTO
+app-shells/zsh							gcc-nolto.conf
+dev-libs/appstream-glib						gcc-nolto.conf
+dev-libs/gobject-introspection					gcc-nolto.conf
+dev-libs/libevent						gcc-nolto.conf
+dev-libs/libxml2						gcc-nolto.conf
+dev-libs/libxslt						gcc-nolto.conf
+sys-libs/libcap							gcc-nolto.conf
+sys-libs/slang							gcc-nolto.conf
+media-libs/libtheora						gcc-nolto.conf
+net-fs/nfs-utils						gcc-nolto.conf
+sys-apps/portage						gcc-nolto.conf
+sys-apps/iproute2						gcc-nolto.conf
+app-crypt/gcr							gcc-nolto.conf
+
+# GCC - Basic
+media-libs/libaom						gcc-basic.conf

desktop/portage/package.license

@@ -0,0 +1,16 @@
+# Inferencium
+# Portage - package.license
+
+# Copyright 2022-2023 Inference
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+# Version: 2.0.0.4
+
+
+*/*										BSD
+*/*										GPL-2
+*/*										GPL-3
+*/*										MIT
+app-arch/unrar							unRAR
+sys-kernel/inf-kernel					linux-firmware
+sys-kernel/linux-firmware-desktop		@BINARY-REDISTRIBUTABLE

desktop/ssh/known_hosts

@@ -12,3 +12,4 @@
 167.235.15.201 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCziBruDpqRXXrC1jzrrKb2Vmh+dHGq/p+1KnSFnNCW8EUbCf6g7ZL6MyyPXMuTysQhrPKofRJq4NXJAnbRaCiq6G91uj008pFCEYkzTUkpS1YksIv75irFWVFu9emdu5ZqU5okCpILsHwTWxn7OJiLchNh99j/xLqDEdc1fRmvlvtmDIISXtrLI5Zn1JPag+azIDxYqUepg5pNNbaFXnrwD+x3na6nzC60dB7LNGL3Q2kl73060zWG04Vb9A8jpVtVPFIG/lcSHj6xHqKkZxUhOP6jFCzb2jz1eAtwanVDKmCsy/76sA1AONSmWR/i2mvvpQVl4i3++3mLjN5vspFe5i+vCqrojWC0GC3MXSovlQ2iLBudeRXhENBH8yA4BgM8T8Z87Ae/sYdtxVzA4B3FEcUytUJX+4XrIzPpY3zxbXlLrEDX89W7cEKe1zLIwhAZdNQHUi9O6otF7drKkJSZcnSOy4ngeMyj+ZQCs3L8v7KvXNcl+QqjKDxIbh5OWJs=
 167.235.15.201 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOr1jw6/ac8wYY3Z950YESMvw3hQEB/lOpdMWihfKkHAJShAQe/FgBPiw2adWwWkTeVHRW+/OKNrSAZHZhf0e/8=
 git.inferencium.net ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDJtyZ0D6ufhL5M/kcW4yddsIsB0BEl2MxXG4hlVolRG
+192.168.1.11 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOD0n998fAlGJYE15zdcdzJeOEx+hC6S/pfDfWZWdb2H

portage/env/nolto.conf

@@ -1,16 +0,0 @@
-# Inferencium
-# Portage - env - GCC - No LTO
-
-# Copyright 2022-2023 Inference
-# SPDX-License-Identifier: GPL-3.0-or-later
-
-# Version: 6.0.0.9
-
-
-# Flags
-## Compiler flags
-CFLAGS="-march=znver3 -mtune=znver3 -O2 -pipe"
-CXXFLAGS="-march=znver3 -mtune=znver3 -O2 -pipe"
-RUSTFLAGS="-C debuginfo=0 -C target-cpu=znver3"
-## Linker flags
-LDFLAGS="-Wl,-O2 -Wl,--strip-all"

portage/package.accept_keywords

@@ -1,46 +0,0 @@
-# Inferencium
-# Portage - package.accept_keywords
-
-# Copyright 2022-2023 Inference
-# SPDX-License-Identifier: GPL-3.0-or-later
-
-# Version: 6.0.0.22
-
-
-app-arch/unrar						~amd64
-dev-lang/rust						~amd64
-dev-libs/date						~amd64
-dev-libs/icu						~amd64
-dev-libs/libfmt						~amd64
-dev-libs/libstrophe					~amd64
-dev-libs/nss						~amd64
-dev-libs/spdlog						~amd64
-dev-libs/wayland-protocols			~amd64
-fs-util/fsverity-utils				~amd64
-gui-apps/waybar						~amd64
-=gui-wm/sway-1.7					~amd64
-<media-gfx/gimp-3.0.0				**
-media-libs/babl						~amd64
-media-libs/dav1d					~amd64
-media-libs/gegl						~amd64
-net-im/profanity					~amd64
-net-misc/ytfzf						~amd64
-sys-auth/elogind					~amd64
-sys-devel/clang						~amd64
-sys-devel/clang-common				~amd64
-sys-devel/clang-runtime				~amd64
-=sys-devel/gcc-12.2.0				~amd64
-sys-devel/lld						~amd64
-sys-devel/llvm						~amd64
-sys-devel/llvm-common				~amd64
-sys-fs/jmtpfs						~amd64
-sys-kernel/inf-kernel				~amd64
-sys-kernel/linux-firmware			~amd64
-sys-libs/compiler-rt				~amd64
-sys-libs/compiler-rt-sanitizers		~amd64
-sys-libs/libcxx						~amd64
-sys-libs/libcxxabi					~amd64
-sys-libs/libomp						~amd64
-sys-libs/libucontext				~amd64
-virtual/rust						~amd64
-www-client/librewolf				~amd64

portage/package.license

@@ -1,16 +0,0 @@
-# Inferencium
-# Portage - package.license
-
-# Copyright 2022-2023 Inference
-# SPDX-License-Identifier: GPL-3.0-or-later
-
-# Version: 1.0.0.3
-
-
-*/*								BSD
-*/*								GPL-2
-*/*								GPL-3
-*/*								MIT
-app-arch/unrar					unRAR
-sys-kernel/inf-kernel			linux-firmware
-sys-kernel/linux-firmware		@BINARY-REDISTRIBUTABLE

server/ejabberd/ejabberd.yml

@@ -0,0 +1,277 @@
+# Inferencium
+# ejabberd - Configuration
+
+# Copyright 2022-2023 Inference
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+# Version: 0.0.0.0
+
+
+# Hosts
+hosts:
+  - inferencium.net
+
+# Hosts configuration
+host_config:
+  inferencium.net:
+    auth_method: internal
+
+# Language
+language: en
+
+# Security
+## Passwords
+auth_password_format: scram
+auth_scram_hash: sha256
+
+## Client-to-Server
+c2s_ciphers:
+  - HIGH
+c2s_protocol_options:
+  - no_sslv3
+  - no_tlsv1
+  - no_compression
+  - cipher_server_preferences
+c2s_tls_compression: false
+
+## Server-to-Server
+s2s_ciphers:
+  - HIGH
+s2s_protocol_options:
+  - no_sslv3
+  - no_tlsv1
+  - no_compression
+  - cipher_server_preferences
+s2s_use_starttls: required
+s2s_tls_compression: false
+s2s_zlib: false
+
+allow_multiple_connections: false
+
+# Logging
+loglevel: info
+hide_sensitive_log_data: false
+
+# Certificates
+certfiles:
+  - "/etc/ejabberd/certs/*/*.pem"
+
+listen:
+  -
+    port: 5222
+    ip: "::"
+    module: ejabberd_c2s
+    max_stanza_size: 262144
+    shaper: c2s_shaper
+    access: c2s
+    starttls_required: true
+  -
+    port: 5223
+    ip: "::"
+    tls: true
+    module: ejabberd_c2s
+    max_stanza_size: 262144
+    shaper: c2s_shaper
+    access: c2s
+    starttls_required: true
+  -
+    port: 5269
+    ip: "::"
+    module: ejabberd_s2s_in
+    max_stanza_size: 524288
+  -
+    port: 5443
+    ip: "::"
+    module: ejabberd_http
+    tls: true
+    request_handlers:
+      /admin: ejabberd_web_admin
+      /api: mod_http_api
+      /bosh: mod_bosh
+      /captcha: ejabberd_captcha
+      /upload: mod_http_upload
+      /ws: ejabberd_http_ws
+  -
+    port: 5280
+    ip: "::"
+    module: ejabberd_http
+    request_handlers:
+      /admin: ejabberd_web_admin
+      /.well-known/acme-challenge: ejabberd_acme
+  -
+    port: 3478
+    ip: "::"
+    transport: udp
+    module: ejabberd_stun
+    use_turn: true
+    ## The server's public IPv4 address:
+    # turn_ipv4_address: "203.0.113.3"
+    ## The server's public IPv6 address:
+    # turn_ipv6_address: "2001:db8::3"
+
+acl:
+  local:
+    user_regexp: ""
+  loopback:
+    ip:
+      - 127.0.0.0/8
+      - ::1/128
+  admin:
+    user:
+      - "admin@inferencium.net"
+
+access_rules:
+  local:
+    allow: local
+  c2s:
+    deny: blocked
+    allow: all
+  announce:
+    allow: admin
+  configure:
+    allow: admin
+  muc_create:
+    allow: local
+  pubsub_createnode:
+    allow: local
+  trusted_network:
+    allow: loopback
+
+api_permissions:
+  "console commands":
+    from:
+      - ejabberd_ctl
+    who: all
+    what: "*"
+  "admin access":
+    who:
+      access:
+        allow:
+          - acl: loopback
+          - acl: admin
+      oauth:
+        scope: "ejabberd:admin"
+        access:
+          allow:
+            - acl: loopback
+            - acl: admin
+    what:
+      - "*"
+      - "!stop"
+      - "!start"
+  "public commands":
+    who:
+      ip: 127.0.0.1/8
+    what:
+      - status
+      - connected_users_number
+
+shaper:
+  normal:
+    rate: 3000
+    burst_size: 20000
+  fast: 100000
+
+shaper_rules:
+  max_user_sessions: 10
+  max_user_offline_messages:
+    5000: admin
+    100: all
+  c2s_shaper:
+    none: admin
+    normal: all
+  s2s_shaper: fast
+
+modules:
+  mod_adhoc: {}
+  mod_admin_extra: {}
+  mod_announce:
+    access: announce
+  mod_avatar: {}
+  mod_blocking: {}
+  mod_bosh: {}
+  mod_caps: {}
+  mod_carboncopy: {}
+  mod_client_state: {}
+  mod_configure: {}
+  mod_disco: {}
+  mod_fail2ban: {}
+  mod_http_api: {}
+  mod_http_upload:
+    custom_headers:
+      "Access-Control-Allow-Origin": "https://@HOST@"
+      "Access-Control-Allow-Methods": "GET,HEAD,PUT,OPTIONS"
+      "Access-Control-Allow-Headers": "Content-Type"
+    max_size: 67108864
+    put_url: https://@HOST@:5443/upload
+  mod_last: {}
+  mod_mam:
+    assume_mam_usage: true
+    default: always
+  mod_mqtt: {}
+  mod_muc:
+    host: muc.xmpp.inferencium.net
+    access:
+      - allow
+    access_admin:
+      - allow: admin
+    access_create: muc_create
+    access_persistent: muc_create
+    access_mam:
+      - allow
+    default_room_options:
+      allow_private_messages: true
+#      allow_private_messages_from_visitors: nobody
+#      allow_voice_requests: false
+      anonymous: false
+      logging: false
+      mam: true
+#      members_only: true
+      persistent: true
+      public: false
+      public_list: false
+  mod_muc_admin: {}
+  mod_offline:
+    access_max_user_messages: max_user_offline_messages
+  mod_ping: {}
+  mod_privacy: {}
+  mod_private: {}
+  mod_proxy65:
+    access: local
+    max_connections: 5
+  mod_pubsub:
+    access_createnode: pubsub_createnode
+    plugins:
+      - flat
+      - pep
+    force_node_config:
+      ## Avoid buggy clients to make their bookmarks public
+      storage:bookmarks:
+        access_model: whitelist
+  mod_push: {}
+  mod_push_keepalive: {}
+  mod_register:
+    ip_access: trusted_network
+  mod_roster:
+    versioning: true
+  mod_s2s_dialback: {}
+  mod_shared_roster: {}
+  mod_stream_mgmt:
+    resend_on_timeout: if_offline
+  mod_stun_disco: {}
+  mod_vcard: {}
+  mod_vcard_xupdate: {}
+  mod_version:
+    show_os: false
+
+default_db: sql
+sql_type: pgsql
+sql_server: "localhost"
+sql_database: "ejabberd"
+sql_username: "ejabberd"
+sql_password: "[REDACTED]"
+
+### Local Variables:
+### mode: yaml
+### End:
+### vim: set filetype=yaml tabstop=8