in→docs

2019-08-25 22:15:32 +02:00 · 2019-08-25 22:15:32 +02:00 · 96f5a0771a
commit 96f5a0771a
parent c3af60bbfd
109 changed files with 0 additions and 0 deletions
--- a/docs/index.rst
+++ b/docs/index.rst
@ -0,0 +1,68 @@
+RTFD
+====
+
+.. toctree::
+   :maxdepth: 2
+
+   public/apt/index
+   public/apt-mirror/index
+   public/bash/index
+   public/bind9/index
+   public/c/index
+   public/curl/index
+   public/dd/index
+   public/debian/index
+   public/dns/index
+   public/docker/index
+   public/ffmpeg/index
+   public/firefox/index
+   public/git/index
+   public/git-bash/index
+   public/gnome/index
+   public/gnupg/index
+   public/gource/index
+   public/grub/index
+   public/ifupdown2/index
+   public/isc-dhcp-server/index
+   public/libnss3-tools/index
+   public/libreoffice/index
+   public/lxc/index
+   public/markdown/index
+   public/mdadm/index
+   public/nginx/index
+   public/openssh-client/index
+   public/openssh-server/index
+   public/openssl/index
+   public/pandoc/index
+   public/parted/index
+   public/pdftk/index
+   public/python3/index
+   public/restructuredtext/index
+   public/rsync/index
+   public/smtp/index
+   public/sphinx/index
+   public/squashfs-tools/index
+   public/systemd/index
+   public/tar/index
+   public/texlive/index
+   public/unbound/index
+   public/windows/index
+   public/xorriso/index
+
+.. toctree::
+   :caption: Categories
+   :maxdepth: 2
+
+   public/code
+
+.. toctree::
+   :caption: Personal
+   :maxdepth: 2
+
+   personal/openssh-server/index
+   personal/server/index
+
+.. toctree::
+   :caption: Dispatch
+
+   tasks
--- a/docs/personal/openssh-server/index.rst
+++ b/docs/personal/openssh-server/index.rst
@ -0,0 +1,41 @@
+openssh-server
+==============
+
+::
+
+ LogLevel INFO
+ StrictModes yes
+ Subsystem sftp internal-sftp
+
+ AllowTcpForwarding yes
+ Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com
+ Compression no
+ MaxStartups 10:30:50
+ PermitTunnel no
+ Port 22
+ TCPKeepAlive yes
+ ClientAliveInterval 30
+ X11Forwarding no
+
+ AuthorizedKeysFile .ssh/authorized_keys
+ ChallengeResponseAuthentication no
+ FingerprintHash sha256
+ HostbasedAuthentication no
+ IgnoreRhosts yes
+ HostKey /etc/ssh/ssh_host_ed25519_key
+ HostKeyAlgorithms ssh-ed25519
+ KexAlgorithms curve25519-sha256@libssh.org
+ LoginGraceTime 60
+ MACs hmac-sha2-512-etm@openssh.com
+ PasswordAuthentication no
+ PermitEmptyPasswords no
+ PermitRootLogin prohibit-password
+ PubkeyAuthentication yes
+ UseDNS no
+ UsePAM yes
+
+ DebianBanner no
+ PrintLastLog yes
+ PrintMotd yes
+ Banner none
+ VersionAddendum none
--- a/docs/personal/server/index.rst
+++ b/docs/personal/server/index.rst
@ -0,0 +1,654 @@
+Server
+======
+
+Hardware
+--------
+
+=== ================================
+BHS KS-12
+CPU Intel Xeon W3530 4c/8t @ 2.8 GHz
+RAM 32 GB DDR3 ECC @ 1333 MHz
+HDD 2 × 2 TB
+MAC 00:25:90:7b:d4:38
+WAN 100 Mbps
+=== ================================
+
+Network
+-------
+
+-----+---------+-------------------------------+
+| IP4 | address | 192.99.14.98 /24              |
+|     +---------+-------------------------------+
+|     | gateway | 192.99.14.254                 |
+-----+---------+-------------------------------+
+| IP6 | address | 2607:5300:60:3f62::1          |
+|     +---------+-------------------------------+
+|     | gateway | 2607:5300:60:3fff:ff:ff:ff:ff |
+-----+---------+-------------------------------+
+
+Rescue
+------
+
+.. code:: shell
+
+ ssh-keygen -R rwx.work
+ ssh-keygen -R 192.99.14.98
+ scp /home/user/.ssh/id_ecdsa.pub root@rwx.work:/root/.ssh/authorized_keys
+ scp /etc/bash.bashrc root@rwx.work:/etc/
+
+Partitions
+----------
+
+.. code:: shell
+
+ parted
+
+ select /dev/sda
+ mktable gpt
+ mkpart boot 1 2
+ mkpart raid 2 2000399
+ toggle 1 bios_grub
+
+ select /dev/sdb
+ mktable gpt
+ mkpart boot 1 2
+ mkpart raid 2 2000399
+ toggle 1 bios_grub
+
+ q
+
+.. code:: shell
+
+ mdadm --create /dev/md0 \
+ --level 0 --raid-devices 2 /dev/sd[ab]2
+
+.. code:: shell
+
+ parted /dev/md0
+
+ mktable gpt
+ mkpart data 1 3966966
+ mkpart swap 3966966 4000523
+
+ q
+
+.. code:: shell
+
+ mkswap --label swap \
+ -U d8ee4260-4652-7192-7bb3-ebbadeb835a7 \
+ /dev/md0p2
+ mkfs.ext4 -L data \
+ -U 46527192-7bb3-ebba-deb8-35a7e8606808 \
+ /dev/md0p1
+
+Boot
+----
+
+.. warning:: no ESP boot available!
+
+Prepare a grub.cfg
+
+.. code:: shell
+
+ insmod biosdisk
+ insmod part_gpt
+ insmod mdraid1x
+ insmod ext2
+ insmod search
+ insmod squash4
+ insmod loopback
+ insmod linux
+
+ search --set data --fs-uuid 46527192-7bb3-ebba-deb8-35a7e8606808
+ lmp=/fs/up
+ sfs=filesystem.squashfs
+
+ loopback loop (${data})${lmp}/${sfs}
+
+ linux (loop)/vmlinuz \
+ boot=live \
+ elevator=deadline \
+ ip=frommedia \
+ live-media-path=${lmp} \
+ toram=${sfs}
+
+ initrd (loop)/initrd.img
+
+ boot
+
+.. code:: shell
+
+ grub-mkstandalone \
+ --verbose \
+ --compress xz \
+ --format i386-pc \
+ --output core.img \
+ --themes "" \
+ boot/grub/grub.cfg=grub.cfg \
+ --fonts "" \
+ --locales "" \
+ --install-modules "\
+ biosdisk \
+ part_gpt \
+ mdraid1x \
+ ext2 \
+ search \
+ squash4 \
+ loopback \
+ linux \
+ "
+
+.. todo:: move to public grub
+
+.. code:: shell
+
+ grub-mkstandalone \
+ --verbose \
+ --compress xz \
+ --format x86_64-efi \
+ --output bootx64.efi \
+ --themes "" \
+ boot/grub/grub.cfg=grub.cfg
+
+.. code:: shell
+
+ scp core.img root@rwx.work:
+ cp /usr/lib/grub/i386-pc/boot.img . \
+ /usr/lib/grub/i386-pc/grub-bios-setup \
+ --directory . /dev/sda
+ /usr/lib/grub/i386-pc/grub-bios-setup \
+ --directory . /dev/sdb
+
+* debootstrap
+* apt
+* user account and home directory
+* fstab /d
+* systemd
+* linux-image
+* tops
+* hardware
+* completion
+* network
+* interfaces
+* iputils-ping
+* basics
+* openssh-server fixes (sshd user, /run/sshd)
+* live-boot
+* root
+* inception
+* bridge
+* grub-pc-bin
+* apparmor
+* unbound
+* tree
+* net.ipv4.ip_forward=1
+* net.ipv6.conf.all.forwarding=1
+* nftables
+* nginx-extras
+* root/user authorized_keys
+* curl
+* swap,swappiness
+* enable nftables.service
+* enable lxc.service
+* sources.list file:/
+* syslog-ng
+* ssh on port 80
+* domain certificate private key
+* domain certificate bundle
+* /etc/ssl/openssl.cnf tls 1.3 suites
+* nginx configuration
+* nginx in container
+* nginx host sites
+* python3-sphinx-rtd-theme
+* uwsgi
+* uwsgi-plugin-python3
+* sudo
+
+* /etc/bash.bashrc
+* /etc/fstab (/d)
+* /etc/locale.gen
+* locale-gen
+* /etc/resolv.conf
+* /etc/apt/apt.conf
+* /etc/apt/sources.list
+* apt update
+* apt upgrade
+* live-boot
+* update-initramfs ← update-initramfs.orig
+* openssh-server
+* parted
+* squashfs-tools
+* tree
+* apt clean
+* /etc/ssh/sshd_config
+* mkdir /root/.ssh
+* echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICZAs76kQJ0/Et2NGzhxurK2wE0VhYsG9wl85iCmR9xH" > /root/.ssh/authorized_keys
+* lxc
+* /etc/network/interfaces.d/setup
+
+.. warning:: inet6 dhcp hangs!
+
+::
+
+ auto  lo
+ iface lo inet loopback
+ iface lo inet6 loopback
+
+ auto  br0
+ iface br0 inet static
+       address 10.0.0.254/24
+       bridge_fd 0
+       bridge_maxwait 0
+       bridge_ports enp1s0
+       bridge_stp on
+ iface br0 inet static
+       address 192.99.14.98/24
+       gateway 192.99.14.254
+ iface br0 inet6 static
+       address 2607:5300:60:3f62::1/64
+       gateway 2607:5300:60:3fff:ff:ff:ff:ff
+
+.. warning::
+
+ reboot from container doesn't reload config file
+
+/var/lib/lxc/config
+
+::
+
+ lxc.include = /usr/share/lxc/config/common.conf
+ lxc.mount.entry = /d/mirrors/apt-mirror/debian deb none bind,create=dir,ro 0 0
+ lxc.start.auto = 1
+ lxc.net.0.type = veth
+ lxc.net.0.flags = up
+ lxc.net.0.link = br0
+
+/var/lib/lxc/name/config
+
+::
+
+ lxc.include = /var/lib/lxc/config
+ lxc.mount.entry = /d/d/buster d none bind,create=dir,rw 0 0
+ lxc.rootfs.path = dir:/var/lib/lxc/buster
+ lxc.net.0.veth.pair = buster
+ lxc.net.0.ipv4.address = 10.0.0.1/24
+ lxc.net.0.ipv4.gateway = 10.0.0.254
+
+/etc/nftables.conf
+
+::
+
+ #! /usr/sbin/nft --file
+
+ flush ruleset
+
+ table inet filter {
+     chain input {
+         type filter hook input priority 0; policy accept;
+         iifname "lo" accept
+         ip protocol icmp accept
+         ip6 nexthdr icmp accept
+         tcp dport ssh accept
+         tcp dport domain accept
+         tcp dport http accept
+         tcp dport https accept
+     }
+     chain forward {
+         type filter hook forward priority 0; policy accept;
+     }
+     chain output {
+         type filter hook output priority 0; policy accept;
+     }
+ }
+
+ table ip nat {
+     chain prerouting {
+         type nat hook prerouting priority 0; policy accept;
+         tcp dport 65001 dnat to 10.0.0.1:ssh
+     }
+     chain postrouting {
+         type nat hook postrouting priority 0; policy accept;
+         masquerade
+     }
+ }
+
+Security
+--------
+
+* /etc/sudoers
+
+.. todo:: all directives
+
+::
+
+ user ALL=NOPASSWD: /bin/systemctl restart uwsgi
+
+Web
+---
+
+Configuration
+^^^^^^^^^^^^^
+
+* /etc/nginx/nginx.conf
+
+::
+
+ load_module modules/ngx_http_fancyindex_module.so;
+ load_module modules/ngx_http_headers_more_filter_module.so;
+
+ pid /run/nginx.pid;
+ user user;
+ worker_processes auto;
+
+ events {
+ multi_accept off;
+ worker_connections 512;
+ }
+
+ http {
+
+ # General
+
+ keepalive_timeout 60;
+ sendfile on;
+ server_tokens off;
+ tcp_nopush on;
+ tcp_nodelay on;
+ types_hash_max_size 2048;
+
+ # Names
+
+ server_name_in_redirect off;
+ server_names_hash_bucket_size 128;
+
+ # File types
+
+ include mime.types;
+ default_type application/octet-stream;
+
+ # Security
+
+ ssl_buffer_size 8k;
+ ssl_ciphers "ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ARIA256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384";
+ ssl_ecdh_curve "X448:X25519:P-521";
+ ssl_prefer_server_ciphers on;
+ ssl_protocols TLSv1.3 TLSv1.2;
+ ssl_session_cache shared:ssl_session_cache:16m;
+ ssl_session_tickets off;
+ ssl_session_timeout 15m;
+
+ # Log
+
+ access_log /var/log/nginx/access.log;
+ error_log /var/log/nginx/error.log;
+
+ # Compression
+
+ gzip off;
+
+ # Misc
+
+ client_max_body_size 16m;
+ index index.html;
+
+ # Proxy
+
+ proxy_pass_request_body on;
+ proxy_pass_request_headers on;
+ proxy_redirect off;
+
+ # Headers
+
+ more_clear_headers Server;
+
+ # Includes
+
+ include sites-enabled/*;
+
+ }
+
+.. warning:: almost 1 minute to start the service
+
+::
+
+ ssl_stapling on;
+ ssl_stapling_verify on;
+
+Security
+^^^^^^^^
+
+* /etc/nginx/https.conf
+
+::
+
+ listen 443 ssl http2;
+ listen [::]:443 ssl http2;
+ add_header Expect-CT "enforce,max-age=0" always;
+ add_header Referrer-Policy "no-referrer-when-downgrade" always;
+ add_header Strict-Transport-Security "max-age=31557600;includeSubDomains;preload" always;
+ add_header X-Content-Type-Options "nosniff" always;
+ add_header X-Frame-Options "DENY" always;
+ set $fp "";
+ set $fp "${fp}accelerometer 'none';";
+ set $fp "${fp}ambient-light-sensor 'none';";
+ set $fp "${fp}animations 'self';";
+ set $fp "${fp}autoplay 'none';";
+ set $fp "${fp}camera 'none';";
+ set $fp "${fp}document-domain 'none';";
+ set $fp "${fp}document-write 'none';";
+ set $fp "${fp}encrypted-media 'none';";
+ set $fp "${fp}fullscreen *;";
+ set $fp "${fp}geolocation 'none';";
+ set $fp "${fp}gyroscope 'none';";
+ set $fp "${fp}legacy-image-formats 'none';";
+ set $fp "${fp}magnetometer 'none';";
+ set $fp "${fp}microphone 'none';";
+ set $fp "${fp}midi 'none';";
+ set $fp "${fp}payment 'self';";
+ set $fp "${fp}picture-in-picture 'none';";
+ set $fp "${fp}speaker 'self';";
+ set $fp "${fp}sync-xhr 'none';";
+ set $fp "${fp}unsized-media 'none';";
+ set $fp "${fp}usb 'none';";
+ set $fp "${fp}vertical-scroll 'self';";
+ set $fp "${fp}vr 'none';";
+ add_header Feature-Policy "${fp}" always;
+
+.. todo:: find policy not blocking sphinx search
+
+::
+
+ add_header Content-Security-Policy "default-src 'self'" always;
+
+* /etc/nginx/uwsgi.conf
+
+::
+
+ uwsgi_param client_address   ${remote_addr};
+ uwsgi_param client_port      ${remote_port};
+ uwsgi_param client_ciphers   ${ssl_ciphers};
+ uwsgi_param client_curves    ${ssl_curves};
+
+ uwsgi_param session_reused   ${ssl_session_reused};
+ uwsgi_param session_id       ${ssl_session_id};
+ uwsgi_param session_cipher   ${ssl_cipher};
+ uwsgi_param session_protocol ${ssl_protocol};
+
+ uwsgi_param server_protocol  ${server_protocol};
+ uwsgi_param server_address   ${server_addr};
+ uwsgi_param server_port      ${server_port};
+
+ uwsgi_param request_scheme   ${scheme};
+ uwsgi_param request_host     ${host};
+ uwsgi_param request_document ${document_uri};
+ uwsgi_param request_query    ${query_string};
+ uwsgi_param request_method   ${request_method};
+
+ uwsgi_param content_type     ${content_type};
+ uwsgi_param content_length   ${content_length};
+
+ uwsgi_param client_verify    ${ssl_client_verify};
+ uwsgi_param client_issuer    ${ssl_client_i_dn};
+ uwsgi_param client_subject   ${ssl_client_s_dn};
+ uwsgi_param client_start     ${ssl_client_v_start};
+ uwsgi_param client_remain    ${ssl_client_v_remain};
+ uwsgi_param client_end       ${ssl_client_v_end};
+
+Apps
+^^^^
+
+* /etc/uwsgi/apps-enabled/root.ini
+
+.. code:: ini
+
+ [uwsgi]
+ chown-socket = user
+ uid = user
+ gid = user
+ chdir = /d/projects/root
+ plugins = python3
+ module = __init__
+ callable = app
+ threads = 2
+
+Sites
+^^^^^
+
+* /etc/nginx/sites-enabled/http
+
+::
+
+ server {
+ listen 80 default_server;
+ listen [::]:80 default_server;
+ server_name _;
+ return 301 https://${host}${request_uri};
+ }
+
+* /etc/nginx/sites-enabled/rwx.work
+
+::
+
+ server {
+ include rwx.work.conf;
+ include uwsgi.conf;
+ server_name .rwx.work;
+ location / {
+ uwsgi_pass unix:/run/uwsgi/app/root/socket;
+ }
+ }
+
+ server {
+ include rwx.work.conf;
+ server_name deb.rwx.work;
+ root /d/mirrors/apt-mirror/debian;
+ fancyindex on;
+ }
+
+ server {
+ include rwx.work.conf;
+ server_name docs.rwx.work;
+ root /d/projects/docs/out/docs;
+ }
+
+ server {
+ include rwx.work.conf;
+ server_name sites.rwx.work;
+ root /d/projects/sites/out/content;
+ }
+
+ server {
+ include rwx.work.conf;
+ server_name todo.rwx.work;
+ root /d/projects/todo;
+ }
+
+Certificate and errors
+^^^^^^^^^^^^^^^^^^^^^^
+
+* /etc/nginx/rwx.work.conf
+
+::
+
+ include https.conf;
+ ssl_certificate rwx.work.crt;
+ ssl_certificate_key rwx.work.key;
+ location @error {
+ return https://rwx.work/error/${status};
+ }
+ error_page 496 =496 @error; # Certificate Required
+ error_page 497 =497 @error; # HTTP Request Sent to HTTPS Port
+ error_page
+ 403 # Forbidden
+ 404 # Not Found
+ @error;
+
+* /etc/nginx/rwx.work.key
+
+* /etc/nginx/rwx.work.crt
+
+::
+
+ -----BEGIN CERTIFICATE-----
+ MIIGVTCCBT2gAwIBAgISAxK7abRAlgNZ1QfhWkuBbd/yMA0GCSqGSIb3DQEBCwUA
+ MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
+ ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xOTA4MDQxMjU2MzFaFw0x
+ OTExMDIxMjU2MzFaMBUxEzARBgNVBAMMCioucnd4LndvcmswggIiMA0GCSqGSIb3
+ DQEBAQUAA4ICDwAwggIKAoICAQDnX5lshzKsh9eiFaCxJqJ9Oh7yc9x/br2uIzdG
+ iBoOMVmHNB+3t67JVbFJ/RA38HZ29g2CDyJjY5z7VfdsUxs4caFKExwlXCujNtWS
+ Exj1LO4Y4ykvkQhhbkWgThDiREZv+FNw/D8cV6KjNFrx5QKHjKW++GRCJKl5+9dr
+ YXSCKld0ejFckd5WwajKCAto6ugfayLK/qf4CYj/na1UrgP3a1BSgMrDVdHIjACB
+ khoujVL+tTgNUPBwSR8s5whCaOKdVU4mBO36qc08hQAwqa94ye2ltDDVFULm62vF
+ LW5SeGpjIEaPAsk5xNdjOnm5HlIJjvmNo8m0qiWJ8rcjVxGWJzMmu8JzvZbmy/k+
+ G242C+ECuSAVMPBBZLn28Rc7Lr6YtmEo3phhdwSEDXTnlyluYtVq5Q6B2Iwwbdsb
+ WUa00unUHNDEmOTp6njy/K9vhJF82FyVxXQoCBqAbN8tSk/rshTYDYDPnjcZGi5R
+ okK7m7qeRfDiyLGvuF0xUKFODSuNYmnu2Q4WDNGTXXwsEloIvLflKKYz5vqbQ2f1
+ Il/tKEM0Ok9CUcj1Ty1GdNt3gCLucC8eI22t3QstUla/wiMtoAWeydzi3dneIrQ7
+ SmJ6rfBIxVUXGUFKlsRVBPbFbDj9kEsIUY5pUfUnDYIYVCjqm1F+XGMgGt+nMkaV
+ exuI0QIDAQABo4ICaDCCAmQwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsG
+ AQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRf3Sg57QsE
+ XePyTwCeSEZ7YyA0BDAfBgNVHSMEGDAWgBSoSmpjBH3duubRObemRWXv86jsoTBv
+ BggrBgEFBQcBAQRjMGEwLgYIKwYBBQUHMAGGImh0dHA6Ly9vY3NwLmludC14My5s
+ ZXRzZW5jcnlwdC5vcmcwLwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14My5s
+ ZXRzZW5jcnlwdC5vcmcvMB8GA1UdEQQYMBaCCioucnd4LndvcmuCCHJ3eC53b3Jr
+ MEwGA1UdIARFMEMwCAYGZ4EMAQIBMDcGCysGAQQBgt8TAQEBMCgwJgYIKwYBBQUH
+ AgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIIBAwYKKwYBBAHWeQIEAgSB
+ 9ASB8QDvAHYAKTxRllTIOWW6qlD8WAfUt2+/WHopctykwwz05UVH9HgAAAFsXOrd
+ qgAABAMARzBFAiEAwlPkETp6PtvOY2LgY4j2SAjCRYWgTLwVLVtZs+cQHGcCICk6
+ O3HBqxEugr/onac7MudZow4YhRBCwVIOYsq8q42sAHUAdH7agzGtMxCRIZzOJU9C
+ cMK//V5CIAjGNzV55hB7zFYAAAFsXOrfgQAABAMARjBEAiBMJwKp49s6GmgCkn0I
+ It+05HN8zYhde6Rw5F3KS16r/QIgWL5LHcjdi5pkrEhyr6vWCQg3oO3T/oZusPDu
+ Z3NSsNgwDQYJKoZIhvcNAQELBQADggEBADHetLlUkXFuxk0Yb/PPeErezRCFuwrj
+ 34mzb4Rbgzv5vmSCPhNKqVC//j6ocrF+oA0VFbYncgX4Wugi7SXNR9vOhMxg0a//
+ SkjveXQQ7zAm52NvjGm0Lc25sLXszVvef2T4haBNgB9osIFiLfOHewyFBFOnIvWS
+ yu3Alrwo6xuxZSPLvrCJZlXpiNmJN684KJEvDT8Y9tlWTBHxQl+sP8IpF8EuV9oA
+ Jbrdj7ZhE9guk/y0D/evYU4irV+8sC7pWPdZDLCcqk9X2WLsbyWYqbTQb5c9cLZn
+ OOA0WMwsL9Ly8AAbk1c41mJOKOuvv2+XzVY/NPU3uZCWOXlhqtWyusw=
+ -----END CERTIFICATE-----
+ -----BEGIN CERTIFICATE-----
+ MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/
+ MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
+ DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow
+ SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT
+ GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC
+ AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF
+ q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8
+ SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0
+ Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA
+ a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj
+ /PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T
+ AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG
+ CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv
+ bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k
+ c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw
+ VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC
+ ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz
+ MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu
+ Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF
+ AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo
+ uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/
+ wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu
+ X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG
+ PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6
+ KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg==
+ -----END CERTIFICATE-----
--- a/docs/public/apt-mirror/index.rst
+++ b/docs/public/apt-mirror/index.rst
@ -0,0 +1,18 @@
+apt-mirror
+==========
+
+.. todo:: list files syntax
+
+.. warning::
+
+ Translations archived in xz are not fetched
+
+Workaround:
+
+::
+
+ if ( $filename =~ m{^$component/i18n/Translation-[^./]*\.bz2$} )
+
+::
+
+ if ( $filename =~ m{^$component/i18n/Translation-[^./]*\.(bz2|xz)$} )
--- a/docs/public/apt/configure.rst
+++ b/docs/public/apt/configure.rst
@ -0,0 +1,75 @@
+*********
+Configure
+*********
+
+Keys
+====
+
+.. code:: shell
+
+  apt-key add "path/to/key/file"
+
+Configuration
+=============
+
+* etc/apt/apt.conf
+
+::
+
+  APT::Get::Show-Versions true;
+  Dpkg::Progress-Fancy true;
+
+  Acquire::Check-Valid-Until false;
+
+* etc/apt/preferences
+
+::
+
+  Package: *
+  Pin: release n=stretch-backports
+  Pin-Priority: 400
+
+  Package: *
+  Pin: release n=buster
+  Pin-Priority: 200
+
+  Package: *
+  Pin: release n=sid
+  Pin-Priority: 100
+
+* etc/apt/sources.list
+
+.. todo::
+
+ deb.debian.org ↔ ftp.cc.debian.org
+
+::
+
+  deb-src https://deb.debian.org/debian sid main contrib non-free
+
+  deb [arch=amd64,i386] https://deb.debian.org/debian sid main contrib non-free
+
+  deb [arch=amd64,i386] https://deb.debian.org/debian bullseye main contrib non-free
+  deb [arch=amd64,i386] https://deb.debian.org/debian bullseye-updates main contrib non-free
+  deb [arch=amd64,i386] https://deb.debian.org/debian-security bullseye-security main contrib non-free
+
+  deb [arch=amd64,i386] https://deb.debian.org/debian buster main contrib non-free
+  deb [arch=amd64,i386] https://deb.debian.org/debian buster-backports main contrib non-free
+  deb [arch=amd64,i386] https://deb.debian.org/debian buster-updates main contrib non-free
+  deb [arch=amd64,i386] https://deb.debian.org/debian-security buster/updates main contrib non-free
+
+  deb [arch=amd64] https://deb.debian.org/debian stretch main contrib non-free
+  deb [arch=amd64] https://deb.debian.org/debian stretch-backports main contrib non-free
+  deb [arch=amd64] https://deb.debian.org/debian stretch-updates main contrib non-free
+  deb [arch=amd64] https://deb.debian.org/debian-security stretch/updates main contrib non-free
+
+  deb [arch=amd64] https://deb.debian.org/debian jessie main contrib non-free
+  deb [arch=amd64] https://deb.debian.org/debian-security jessie/updates main contrib non-free
+
+.. warning::
+
+ apt's file protocol handling fails with locations containing spaces
+
+::
+
+  deb file:/media/deb.debian.org/debian stretch main contrib non-free
--- a/docs/public/apt/index.rst
+++ b/docs/public/apt/index.rst
@ -0,0 +1,7 @@
+apt
+===
+
+.. toctree::
+
+   configure
+   upgrade
--- a/docs/public/apt/upgrade.rst
+++ b/docs/public/apt/upgrade.rst
@ -0,0 +1,27 @@
+*******
+Upgrade
+*******
+
+Hold
+====
+
+Hold
+----
+
+.. code:: shell
+
+  apt-mark hold linux-*
+
+Show
+----
+
+.. code:: shell
+
+  apt-mark showhold
+
+Unhold
+------
+
+.. code:: shell
+
+  apt-mark unhold linux-*
--- a/docs/public/bash/configure.rst
+++ b/docs/public/bash/configure.rst
@ -0,0 +1,421 @@
+*********
+Configure
+*********
+
+Configuration
+=============
+
+* etc/bash.bashrc
+
+.. code:: bash
+
+  file="/usr/share/bash-completion/bash_completion"
+  if [ -f "${file}" ]; then
+      source "${file}"
+  fi
+
+  PS1="\
+  ┌ \e[0;31m\t\e[0m\
+   – \e[0;32m\${?}\e[0m\
+   – \e[0;33m\u\e[0m\
+   @ \e[0;34m\h\e[0m\
+  "
+  if git --version &> /dev/null; then
+      PS1="${PS1} –\e[0;35m\$(__git_ps1)\e[0m"
+  fi
+  PS1="${PS1}\n\
+  │\e[0;36m\${PWD}\e[0m\n\
+  └ "
+  PS2="\
+  └ "
+
+  file="/etc/bash.alias"
+  if [ -f "${file}" ]; then
+      source "${file}"
+  fi
+
+Alias
+=====
+
+* etc/bash.alias
+
+Described
+---------
+
+.. code:: bash
+
+  # apt
+
+  # update packages catalog
+  alias aud='apt-get update'
+
+  # show package information
+  alias a='apt-cache show'
+
+  # package versions policy
+  alias ap='apt-cache policy'
+
+  # upgrade forbidding package installation or removal
+  alias aug='apt-get upgrade'
+
+  # upgrade allowing package installation or removal
+  alias adu='apt-get dist-upgrade'
+
+  # install packages
+  alias ai='apt-get install'
+
+  # clean packages cache
+  alias ac='apt-get autoclean;apt-get clean;apt-get autoremove'
+
+  # bash
+
+  # clear terminal
+  alias c='clear'
+
+  # exit terminal
+  alias x='exit'
+
+  # change current directory to its parent
+  alias ..='cd ..'
+
+  # make a directory
+  alias md='mkdir'
+
+  # make a directory after making its parents
+  alias mdp='mkdir --parents'
+
+  # change current directory to the previous one
+  alias pd='cd -'
+
+  # change mode as directory
+  alias cmd='chmod 755'
+
+  # change mode as file
+  alias cmf='chmod 644'
+
+  # change owner as root
+  alias cor='chown 0:0'
+
+  # change owner as user
+  alias cou='chown 1000:1000'
+
+  # look for a string in processes names
+  alias pg='ps -A|grep'
+
+  # kill a process by id
+  alias k='kill -9'
+
+  # kill all instances of a process by name
+  alias ka='killall'
+
+  # grep from current directory with regex
+  alias g='grep -rn . -e'
+
+  # list current directory entries
+  alias l='ls --all --color -l -p --time-style="+%Y%m%d-%H%M%S%-:::z"'
+
+  # git
+
+  # add to index
+  alias ga='git add'
+
+  # add all to index
+  alias gaa='git add --all'
+
+  # create a branch
+  alias gb='git branch'
+
+  # delete a branch
+  alias gbd='git branch --delete'
+
+  # force a branch deletion
+  alias gbdf='git branch --delete --force'
+
+  # list branches
+  alias gbl='git branch --all --list --verbose --verbose'
+
+  # set the link to a remote branch from a local branch
+  alias gbu='git branch -u'
+
+  # clone a remote repository
+  alias gc='git clone'
+
+  # clean untracked files
+  alias gcf='git clean -d --force'
+
+  # index all and commit
+  alias gacm='git add --all;git commit -m'
+
+  # commit the index
+  alias gcm='git commit -m'
+
+  # redo the last commit with a different message
+  alias gcma='git commit --amend -m'
+
+  # make a root commit
+  alias gcmr='git commit --allow-empty --allow-empty-message -m ""'
+
+  # switch to a branch or checkout file(s) from a commit
+  alias gco='git checkout'
+
+  # checkout an orphan branch
+  alias gcoo='git checkout --orphan'
+
+  # checkout development branch
+  alias gcod='git checkout dev'
+
+  # checkout feature branch
+  alias gcof='git checkout f'
+
+  # pick a commit
+  alias gcp='git cherry-pick'
+
+  # abort the commit pick
+  alias gcpa='git cherry-pick --abort'
+
+  # continue the commit pick
+  alias gcpc='git cherry-pick --continue'
+
+  # configure the user name
+  alias gcun='git config user.name'
+
+  # configure the user email
+  alias gcue='git config user.email'
+
+  # differences from last or between commits
+  alias gd='git diff'
+
+  # display what is indexed in cache
+  alias gdc='git diff --cached'
+
+  # differences via external tool
+  alias gdt='git difftool --dir-diff'
+
+  # differences via external tool
+  alias gdw='git diff --word-diff-regex=.'
+
+  # fetch from the remote repository
+  alias gf='git fetch --tags --verbose'
+
+  # fetch from remote repository and prune local orphan branches
+  alias gfp='git fetch --prune --tags --verbose'
+
+  # garbage collect all orphan commits
+  alias ggc='git reflog expire --expire=now --all;git gc --prune=now'
+
+  # initialize a new repository
+  alias gi='git init'
+
+  # initialize a new bare repository
+  alias gib='git init --bare'
+
+  # log commits history
+  alias gl='git log --all --graph \
+  --format="%C(auto)%h%d %C(red)%ai%n%C(auto)%B"'
+
+  # log commits history with patches
+  alias glp='git log --all --graph \
+  --format="%C(auto)%h%d %C(red)%ai%n%C(auto)%B" --patch'
+
+  # log medium information
+  alias glm='git log --all --decorate --graph --pretty=medium'
+
+  # fast-forward to remote branch
+  alias gmf='git merge --ff-only'
+
+  # do a merge commit
+  alias gmc='git merge --no-ff -m'
+
+  # abort the current merge commit
+  alias gma='git merge --abort'
+
+  # squash a branch and index its modifications
+  alias gms='git merge --squash'
+
+  # merge via external tool
+  alias gmt='git mergetool'
+
+  # push to the remote repository
+  alias gp='git push --set-upstream --verbose'
+
+  # delete from the remote repository
+  alias gpd='git push --verbose --delete'
+
+  # force the push to the remote repository
+  alias gpf='git push --set-upstream --verbose --force'
+
+  # rebase current branch onto another
+  alias grb='git rebase'
+
+  # abort current rebase
+  alias grba='git rebase --abort'
+
+  # continue current rebase
+  alias grbc='git rebase --continue'
+
+  # force rebase without fast-forward
+  alias grbf='git rebase --no-ff'
+
+  # rebase interactively
+  alias grbi='git rebase --interactive'
+
+  # list all remote repositories
+  alias grm='git remote'
+
+  # add a new remote repository
+  alias grma='git remote add'
+
+  # list remote repositories
+  alias grml='git remote --verbose'
+
+  # show a connection to a repository
+  alias grms='git remote show'
+
+  # set the location of the remote repository
+  alias grmu='git remote set-url'
+
+  # remove file(s) from index or move current branch pointer
+  alias grs='git reset'
+
+  # move current branch pointer to the development branch
+  alias grsd='git reset dev'
+
+  # wipe modifications or reset current branch to another commit
+  alias grsh='git reset --hard'
+
+  # reset current branch to the development branch
+  alias grshd='git reset --hard dev'
+
+  # current state of repository
+  alias gs='git status --untracked-files=all'
+
+  # show a commit
+  alias gsh='git show'
+
+  # tag a commit
+  alias gt='git tag'
+
+  # delete a tag
+  alias gtd='git tag --delete'
+
+  # rsync
+
+  # synchronize
+  alias rs='rsync --archive --no-whole-file --progress --verbose'
+
+  # no synchronize
+  alias rsn='rsync --archive --no-whole-file --progress --verbose -n'
+
+  # synchronize and delete
+  alias rsd='rsync --archive --no-whole-file --progress --verbose --delete'
+
+  # synchronize and delete
+  alias rsdn='rsync --archive --no-whole-file --progress --verbose --delete -n'
+
+Old
+---
+
+.. code:: bash
+
+  alias c="clear"
+  alias cmd="chmod 755"
+  alias cmf="chmod 644"
+  alias cor="chown 0:0"
+  alias cou="chown 1000:1000"
+  alias k="kill -9"
+  alias ka="killall -9"
+  alias l="ls --all --color=always -l \
+  --indicator-style=slash --time-style=\"+%Y%m%d-%H%M%S%-:::z\""
+  alias pg="ps -A|grep"
+  alias x="exit"
+
+  alias a="apt-cache show"
+  alias ac="apt-get autoclean;apt-get clean;apt-get autoremove"
+  alias acl="apt-get changelog"
+  alias adl="apt-get download"
+  alias adu="apt-get dist-upgrade"
+  alias adus="apt-get dist-upgrade --simulate"
+  alias adub="apt-get dist-upgrade --target-release stretch-backports"
+  alias adubs="apt-get dist-upgrade --target-release stretch-backports --simulate"
+  alias af="apt-get --fix-broken install"
+  alias afs="apt-get --fix-broken install --simulate"
+  alias ai="apt-get install"
+  alias ais="apt-get install --simulate"
+  alias aib="apt-get install --target-release stretch-backports"
+  alias aibs="apt-get install --target-release stretch-backports --simulate"
+  alias ait="apt-get install --target-release testing"
+  alias aits="apt-get install --target-release testing --simulate"
+  alias aiu="apt-get install --target-release unstable"
+  alias aius="apt-get install --target-release unstable --simulate"
+  alias ap="apt-cache policy"
+  alias as="apt-cache search"
+  alias asrc="apt-get source"
+  alias aud="apt-get update"
+  alias aug="apt-get upgrade"
+  alias augs="apt-get upgrade --simulate"
+  alias augb="apt-get upgrade --target-release stretch-backports"
+  alias augbs="apt-get upgrade --target-release stretch-backports --simulate"
+
+  alias ga="git add"
+  alias gaa="git add --all"
+  alias gb="git branch"
+  alias gbd="git branch --delete"
+  alias gbdf="git branch --delete --force"
+  alias gbl="git branch --all --list --verbose --verbose"
+  alias gbu="git branch -u"
+  alias gc="git clone"
+  alias gcf="git clean -d --force"
+  alias gcm="git commit -m"
+  alias gcma="git commit --amend -m"
+  alias gcme="git commit --allow-empty --allow-empty-message -m"
+  alias gco="git checkout"
+  alias gcob="git checkout -b"
+  alias gcoo="git checkout --orphan"
+  alias gcp="git cherry-pick"
+  alias gcpa="git cherry-pick --abort"
+  alias gcpc="git cherry-pick --continue"
+  alias gcue="git config user.email"
+  alias gcun="git config user.name"
+  alias gd="git diff"
+  alias gdc="git diff --word-diff-regex=."
+  alias gdt="git difftool --dir-diff"
+  alias gf="git fetch --tags --verbose"
+  alias gfsnr="git fsck --no-progress --no-reflogs"
+  alias ggc="git reflog expire --expire=now --all; git gc --prune=now"
+  alias gi="git init"
+  alias gib="git init --bare"
+  alias gl="git log --abbrev-commit --all --decorate --graph --format=oneline"
+  alias gla="git log --all --decorate --graph \
+  --format=\"%C(auto)%h %C(red)%an%C(auto)%d %C(reset)%s\""
+  alias glm="git log --all --decorate --graph --format=medium"
+  alias gma="git merge --abort"
+  alias gmc="git merge --no-ff -m"
+  alias gmf="git merge --ff-only"
+  alias gms="git merge --squash"
+  alias gmt="git mergetool"
+  alias gp="git push --set-upstream --tags --verbose"
+  alias gpd="git push --delete origin"
+  alias grb="git rebase"
+  alias grba="git rebase --abort"
+  alias grbc="git rebase --continue"
+  alias grbi="git rebase --interactive"
+  alias grma="git remote add origin"
+  alias grmc="git rm --cached"
+  alias grms="git remote show origin"
+  alias grmu="git remote set-url origin"
+  alias grs="git reset"
+  alias grsh="git reset --hard"
+  alias grshd="git reset --hard dev"
+  alias grshm="git reset --hard master"
+  alias gs="git status --untracked-files"
+  alias gsc="git show"
+  alias gt="git tag"
+  alias gtd="git tag --delete"
+
+  alias rs="rsync --archive --progress --verbose"
+  alias rsn="rsync --archive --progress --verbose -n"
+  alias rsd="rsync --archive --progress --verbose --delete"
+  alias rsdn="rsync --archive --progress --verbose --delete -n"
+
+  alias tc="tar --numeric-owner --verbose --create --auto-compress --file"
+  alias tx="tar --numeric-owner --verbose --extract --file"
--- a/docs/public/bash/index.rst
+++ b/docs/public/bash/index.rst
@ -0,0 +1,7 @@
+bash
+====
+
+.. toctree::
+
+   configure
+   snippets
--- a/docs/public/bash/snippets.rst
+++ b/docs/public/bash/snippets.rst
@ -0,0 +1,26 @@
+********
+Snippets
+********
+
+Start a runnable script file
+============================
+
+.. code:: bash
+
+  #! /bin/bash
+
+Find out current script
+=======================
+
+.. code:: bash
+
+  SCRIPT_FILE="$(realpath "${BASH_SOURCE[0]}")"
+  SCRIPT_DIRECTORY="$(dirname "${SCRIPT_FILE}")"
+  SCRIPT_NAME="$(basename "${SCRIPT_FILE}")"
+
+Quit the interpreter
+====================
+
+.. code:: bash
+
+  exit
--- a/docs/public/bind9/index.rst
+++ b/docs/public/bind9/index.rst
@ -0,0 +1,56 @@
+bind9
+=====
+
+Domain
+------
+
+* /etc/bind/named.conf.local
+
+::
+
+  zone "sub.domain.tld" {
+      type master;
+      file "/etc/bind/db.sub.domain.tld";
+  };
+
+  zone "3.2.1.in-addr.arpa" {
+      type master;
+      file "/etc/bind/db.3.2.1";
+  };
+
+* /etc/bind/db.sub.domain.tld
+
+::
+
+  $TTL 604800
+  @ IN SOA ns.sub.domain.tld. admin.sub.domain.tld. (
+        2 ; Serial
+   604800 ; Refresh
+    86400 ; Retry
+  2419200 ; Expire
+   604800 ; Negative Cache TTL
+  )
+  @ IN NS ns.sub.domain.tld.
+  *.sub.domain.tld. IN A 1.2.3.78
+  ns        IN A 1.2.3.12
+  server    IN A 1.2.3.12
+  dl        IN A 1.2.3.34
+  www       IN A 1.2.3.56
+  *.www     IN CNAME www
+
+* /etc/bind/db.3.2.1
+
+::
+
+  $TTL 604800
+  3.2.1.in-addr.arpa. IN SOA ns.sub.domain.tld. admin.sub.domain.tld. (
+        1 ; Serial
+   604800 ; Refresh
+    86400 ; Retry
+  2419200 ; Expire
+   604800 ; Negative Cache TTL
+  )
+  3.2.1.in-addr.arpa.     IN NS  ns.sub.domain.tld.
+  12.3.2.1.in-addr.arpa.  IN PTR server.sub.domain.tld.
+  34.3.2.1.in-addr.arpa.  IN PTR dl.sub.domain.tld.
+  56.3.2.1.in-addr.arpa.  IN PTR sub.domain.tld.
--- a/docs/public/c/index.rst
+++ b/docs/public/c/index.rst
@ -0,0 +1,104 @@
+c
+=
+
+Imports
+-------
+
+.. code:: c
+
+ #include <stdio.h>
+
+Comments
+--------
+
+.. code:: c
+
+ // single line comment
+ /* multi line comment */
+
+Constants
+---------
+
+.. code:: c
+
+ #define NUMERIC_CONSTANT 123
+
+Main
+----
+
+.. code:: c
+
+ void main() {
+     system("pause");
+ }
+
+Declarations
+------------
+
+.. code:: c
+
+ // unsigned, sizeof()
+ char c = '1';
+ short s = 2;
+ int i = 4;
+ long l = 8;
+ float f = (float)4;
+ double d = (double)8;
+ long double ld = (long double)16;
+
+Output
+------
+
+.. code:: c
+
+ printf("int: %d\n", entry1);
+ printf("float: %.2f\n", f);
+
+Input
+-----
+
+.. code:: c
+
+ scanf("%d%s%d", &entry1, &operator, &entry2);
+
+Conditions
+----------
+
+.. code:: c
+
+ if (condition) {
+     expression1;
+ } else {
+     expression2;
+ }
+
+.. code:: c
+
+ switch (operator) {
+     case '+':
+         expression1;
+         break;
+     default:
+         printf("Nope!\n");
+ }
+
+Loops
+-----
+
+.. code:: c
+
+ for (declarations;conditions;increments) {
+     expression1;
+ }
+
+.. code:: c
+
+ while (condition) {
+     expression1;
+ }
+
+.. code:: c
+
+ do {
+     expression1;
+ } while (condition);
--- a/docs/public/code.rst
+++ b/docs/public/code.rst
@ -0,0 +1,8 @@
+code
+====
+
+.. toctree::
+
+   bash/index
+   c/index
+   python3/index
--- a/docs/public/curl/email.rst
+++ b/docs/public/curl/email.rst
@ -0,0 +1,14 @@
+Send email
+==========
+
+.. code:: shell
+
+ curl \
+ --verbose \
+ --insecure \
+ --ssl-reqd \
+ --url "smtp://sub.domain.tld" \
+ --mail-from "first.last@sub.domain.tld" \
+ --mail-rcpt "first.last@sub.domain.tld" \
+ --user "login:password" \
+ --upload-file -
--- a/docs/public/curl/index.rst
+++ b/docs/public/curl/index.rst
@ -0,0 +1,6 @@
+curl
+====
+
+.. toctree::
+
+   email
--- a/docs/public/dd/index.rst
+++ b/docs/public/dd/index.rst
@ -0,0 +1,11 @@
+dd
+==
+
+.. code:: shell
+
+ dd \
+ if=/input/file \
+ of=/output/file \
+ bs=1048576 \
+ count=1 \
+ status=progress
--- a/docs/public/debian/index.rst
+++ b/docs/public/debian/index.rst
@ -0,0 +1,9 @@
+debian
+======
+
+.. toctree::
+
+   mirror
+   packages
+   repositories
+   system
--- a/docs/public/debian/mirror.rst
+++ b/docs/public/debian/mirror.rst
@ -0,0 +1,57 @@
+******
+Mirror
+******
+
+apt-mirror
+==========
+
+.. todo:: syntax
+
+debmirror
+=========
+
+traditional
+-----------
+
+.. code:: shell
+
+  debmirror \
+  --source \
+  --method="http" \
+  --host="sous.domaine.tld" \
+  --root="chemin/ressource" \
+  --dist="stretch" \
+  --section="main" \
+  --keyring="/etc/apt/trusted.gpg" \
+  --arch="amd64" \
+  --check-gpg \
+  --checksums \
+  --diff="none" \
+  --postcleanup \
+  --progress \
+  --rsync-extra="none" \
+  --timeout=360000 \
+  --verbose \
+  "répertoire_miroirs/nom" \
+
+debian only
+-----------
+
+.. code:: shell
+
+  --di-arch="arches" \
+  --di-dist="stretch" \
+  --i18n \
+  --keyring="/usr/share/keyrings/debian-archive-keyring.gpg" \
+
+violations
+----------
+
+.. code:: shell
+
+  --no-source \
+  --method="https" \
+  --root="/" \
+  --ignore-missing-release \
+  --dist="nom,chemin/ressource" \
+  --section="autre,1.2/main" \
--- a/docs/public/debian/packages.rst
+++ b/docs/public/debian/packages.rst
@ -0,0 +1,201 @@
+********
+Packages
+********
+
+Base
+====
+
+-----------+
+| locales   |
+| apt-utils |
+| dialog    |
+-----------+
+
+System
+======
+
+-------------------+
+| linux-image-amd64 |
+| systemd-sysv      |
+| live-boot         |
+-------------------+
+
+Drivers
+=======
+
+------------------------+
+| firmware-linux-nonfree |
+| firmware-iwlwifi       |
+------------------------+
+
+Architecture
+============
+
+----------------+
+| clonezilla     |
+| debootstrap    |
+| gparted        |
+| squashfs-tools |
+----------------+
+
+Desktop
+=======
+
+------------+
+| gnome      |
+| gnome-core |
+------------+
+
+Commands
+========
+
+.. todo:: link
+
+--------------------------+
+| [bash](../bash/index.md) |
+| bash-completion          |
+--------------------------+
+
+Development
+===========
+
+----------+
+| kdevelop |
+| nuitka   |
+| python3  |
+----------+
+
+Documentation
+=============
+
+--------------------------------+
+| mkdocs                         |
+| pandoc                         |
+| python3-recommonmark           |
+| python3-sphinx                 |
+| python3-sphinx-bootstrap-theme |
+| python3-sphinx-rtd-theme       |
+--------------------------------+
+
+Hardware
+========
+
+-----------+-------+
+| dmidecode |       |
+| pciutils  | lspci |
+| usbutils  | lsusb |
+-----------+-------+
+
+Multimedia
+==========
+
+----------------+
+| audacity       |
+| ffmpeg         |
+| mkvtoolnix     |
+| subtitleeditor |
+| vlc            |
+----------------+
+
+Domain names
+============
+
+---------+
+| bind9   |
+| unbound |
+---------+
+
+Processes
+=========
+
+---------+
+| htop    |
+| iotop   |
+| jnettop |
+---------+
+
+Security
+========
+
+.. todo:: link
+
+----------------------------------------------+-----------------------------------------------+
+| openssh-client                               | Utiliser un service de connexion sécurisée    |
+| [openssh-server](../openssh-server/index.md) | Héberger un service de connexion sécurisée    |
+| sudo                                         | Changer de privilèges le temps d’une commande |
+| tcplay                                       |                                               |
+----------------------------------------------+-----------------------------------------------+
+
+Text
+====
+
+------+
+| nano |
+| vim  |
+------+
+
+Versioning
+==========
+
+--------+
+| git    |
+| gitg   |
+| gource |
+--------+
+
+Virtualization
+==============
+
+---------------------+
+| build-essential     |
+| dkms                |
+| linux-headers-amd64 |
+| lxc                 |
+| virt-manager        |
+---------------------+
+
+Web
+===
+
+-------------+
+| firefox     |
+| firefox-esr |
+| wget        |
+-------------+
+
+To sort
+=======
+
+--------------+
+| apparmor     |
+| curl         |
+| iputils-ping |
+| less         |
+| locate       |
+| man          |
+| ncdu         |
+| numlockx     |
+| qdirstat     |
+| syslog-ng    |
+| tree         |
+--------------+
+
+--------------------------+
+| firmware-linux-free      |
+| firmware-linux-nonfree   |
+| firmware-misc-nonfree    |
+| xserver-xorg-video-intel |
+--------------------------+
+
+---------------------+
+| blender             |
+| deadbeef            |
+| filezilla           |
+| ghex                |
+| hexchat             |
+| libreoffice         |
+| mumble              |
+| texlive-lang-french |
+| texlive-xetex       |
+| thunderbird         |
+---------------------+
--- a/docs/public/debian/repositories.rst
+++ b/docs/public/debian/repositories.rst
@ -0,0 +1,148 @@
+************
+Repositories
+************
+
+Keys
+====
+
+archive
+-------
+
+Master key
+
+* E0B11894F66AEC98 Debian Archive Automatic Signing Key <ftpmaster@debian.org>
+
+Subkey
+
+* 04EE7237B7D453EC Debian Archive Automatic Signing Key (9/stretch) <ftpmaster@debian.org>
+
+Deprecated
+
+* 7638D0442B90D010 Debian Archive Automatic Signing Key (8/jessie) <ftpmaster@debian.org>
+
+security
+--------
+
+* 9D6D8F6BC857C906 Debian Security Archive Automatic Signing Key (8/jessie) <ftpmaster@debian.org>
+
+And, for some reason, this one used with testing/updates
+
+* 8B48AD6246925553 Debian Archive Automatic Signing Key (7.0/wheezy) <ftpmaster@debian.org>
+
+Locations
+=========
+
+* content delivery network
+
+  * https://deb.debian.org/debian
+  * https://deb.debian.org/debian-security
+
+* legacy
+
+  * http://ftp.fr.debian.org/debian
+  * http://ftp.us.debian.org/debian
+  * http://security.debian.org
+
+Structure
+=========
+
+* ? changelogs
+* ? DEP-11
+* ? doc
+* ? extrafiles
+* ? indices
+
+* dists
+
+  * ?
+
+* dists
+
+  * oldstable
+  * oldstable-backports
+  * oldstable-updates
+  * stable
+  * stable-backports
+  * stable-updates
+
+Files
+=====
+
+README
+------
+
+============================= ===================================================
+oldoldstable, or wheezy       the released Debian 7.11
+oldstable, or jessie          the released Debian 8.9
+stable, or stretch            the released Debian 9.2
+oldoldstable-proposed-updates possible updates to Debian 7
+oldstable-proposed-updates    possible updates to Debian 8
+stable-proposed-updates       possible updates to Debian 9
+wheezy-updates                important updates to Debian 7
+jessie-updates                important updates to Debian 8
+stretch-updates               important updates to Debian 9
+testing, or buster            the development version of the next release
+unstable, or sid              untested candidate packages for future releases
+experimental, or rc-buggy     experimental packages to be used on top of unstable
+============================= ===================================================
+
+Release
+-------
+
+contrib main non-free
+
+* ?/Contents-*
+* ?/Contents-source
+* ?/Contents-udeb-*
+* ?/binary-all
+* ?/binary-*
+* ?/debian-installer/binary-all
+* ?/debian-installer/binary-*
+* ?/dep11/Components-*
+* ?/dep11/icons
+* ?/i18n
+* main/installer-*
+* ?/contrib/source
+
+::
+
+  Origin: Debian
+  Label: Debian
+  Suite: stable
+  Version: 9.2
+  Codename: stretch
+  Changelogs: http://metadata.ftp-master.debian.org/changelogs/@CHANGEPATH@_changelog
+  Date: Sat, 07 Oct 2017 09:44:42 UTC
+  Acquire-By-Hash: yes
+  Architectures: amd64 arm64 armel armhf i386 mips mips64el mipsel ppc64el s390x
+  Components: main contrib non-free
+  Description: Debian 9.2 Released 07 October 2017
+  MD5Sum:
+   f9bbab6d94f45e56c672017d8720a24c  1181459 contrib/Contents-amd64
+   …
+  SHA256:
+   e3bf2ecc2ce89bc48e2339b86ceaba9e1fff7d6668eafab1445e7f7990c4802e  1181459 contrib/Contents-amd64
+   …
+
+Packages
+--------
+
+::
+
+  Package: astrometry-data-2mass-00
+  Source: astrometry-data-2mass
+  Version: 1.1
+  Installed-Size: 13882041
+  Maintainer: Debian Astronomy Team <debian-astro-maintainers@lists.alioth.debian.org>
+  Architecture: all
+  Depends: astrometry.net, curl
+  Enhances: astrometry.net
+  Description: Astrometry.net 2MASS index files downloader (2'-2.8')
+  Homepage: http://data.astrometry.net/4200
+  Description-md5: b0effd246d35f7c4108f5a91527965cd
+  Section: contrib/science
+  Priority: optional
+  Filename: pool/contrib/a/astrometry-data-2mass/astrometry-data-2mass-00_1.1_all.deb
+  Size: 3204
+  MD5sum: 1a51ad538ca17d1113802820856dc4d5
+  SHA256: 36eafa5e9dbea55ecea5b2595f0d7c0a591e0831e20ac3ac98a239605074798a
--- a/docs/public/debian/system.rst
+++ b/docs/public/debian/system.rst
@ -0,0 +1,325 @@
+******************
+Image from scratch
+******************
+
+.. todo::
+
+ * /etc/motd
+
+Choices
+=======
+
+have up-to-date mirrors available
+---------------------------------
+
+.. todo:: mirrors
+
+critical base packages
+----------------------
+
+ +-----------+--------------------------------------------------+
+ | locales   | to get localization binaries for system messages |
+ +-----------+--------------------------------------------------+
+ | apt-utils | otherwise packages configuration gets delayed    |
+ +-----------+--------------------------------------------------+
+ | dialog    | to have user interaction possible with APT       |
+ +-----------+--------------------------------------------------+
+
+decide the desired type of system
+---------------------------------
+
+    * le système sera-t-il architecturé
+        * en 64 bits ?
+        * en 32 bits ?
+        * les 2 ?!
+    * le système sera-t-il exécuté
+        * sur une machine physique ?
+        * dans une machine virtuelle ?
+        * dans un conteneur ?
+        * dans un conteneur dans une machine virtuelle ?
+    * le système sera-t-il utilisé
+        * en écriture, sur un support de stockage ?
+        * en lecture, chargé en mémoire au démarrage ?
+
+Install required tools
+======================
+
+ ============== ========================================
+ debootstrap    generate a minimal base file system
+ squashfs-tools archive or unarchive a file system image
+ ============== ========================================
+
+ .. code:: shell
+
+  apt install debootstrap squashfs-tools
+
+Create a base file hierarchy
+============================
+
+prepare the system's directory
+------------------------------
+
+* devenir root
+* créer un répertoire, et s’y positionner
+
+.. code:: shell
+
+ su
+
+.. code:: shell
+
+ mkdir -p "chemin"
+ cd "chemin"
+
+generate the minimal base
+-------------------------
+
+.. code:: shell
+
+ debootstrap \
+ --arch="amd64" \
+ --include="locales,apt-utils,dialog" \
+ --variant="minbase" \
+ "stretch" \
+ . \
+ "miroir"
+
+Configure preinstalled packages
+===============================
+
+define default keyboard layouts
+-------------------------------
+
+* /etc/default/keyboard
+
+::
+
+ XKBMODEL="pc105"
+ XKBLAYOUT="fr,fr"
+ XKBVARIANT="oss,bepo"
+ XKBOPTIONS=""
+ BACKSPACE="guess"
+
+define default locales to generate
+----------------------------------
+
+* etc/default/locale
+
+::
+
+ LANG=en_US.UTF-8
+ LANGUAGE=en_US:en
+ LC_CTYPE="fr_FR.UTF-8"
+ LC_NUMERIC="fr_FR.UTF-8"
+ LC_TIME="fr_FR.UTF-8"
+ LC_COLLATE="fr_FR.UTF-8"
+ LC_MONETARY="fr_FR.UTF-8"
+ LC_MESSAGES="en_US.UTF-8"
+ LC_PAPER="fr_FR.UTF-8"
+ LC_NAME="fr_FR.UTF-8"
+ LC_ADDRESS="fr_FR.UTF-8"
+ LC_TELEPHONE="fr_FR.UTF-8"
+ LC_MEASUREMENT="fr_FR.UTF-8"
+ LC_IDENTIFICATION="fr_FR.UTF-8"
+
+* etc/locale.gen
+
+::
+
+ en_US.UTF-8 UTF-8
+ fr_FR.UTF-8 UTF-8
+
+[configure command shell](../bash/index.md)
+-------------------------------------------
+
+[configure package manager](../apt/index.md)
+--------------------------------------------
+
+redefine hostname
+-----------------
+
+.. code:: shell
+
+ echo "hostname" > "etc/hostname"
+
+provide known file systems
+--------------------------
+
+* etc/fstab
+
+Volume temporaire en RAM
+
+::
+
+ tmpfs /tmp tmpfs auto,mode=1777 0 0
+
+Install additional packages
+===========================
+
+switch into context
+-------------------
+
+.. code:: shell
+
+ mount --bind /proc proc
+ mount --bind /sys sys
+ chroot .
+
+.. todo:: /dev
+
+generate locales
+----------------
+
+.. code:: shell
+
+ locale-gen
+
+define root password
+--------------------
+
+.. code:: shell
+
+ passwd
+
+user, guest, sudo
+-----------------
+
+.. code:: shell
+
+ apt-get install sudo
+
+ useradd -s /bin/bash user
+ mkdir /home/user
+ chown user: /home/user
+ adduser user sudo
+
+ useradd -s /bin/bash guest
+ chown guest: /home/guest
+
+authentications: passwords, SSH keys
+------------------------------------
+
+.. todo:: files
+
+upgrade system
+--------------
+
+* dans tous les cas :
+
+.. code:: shell
+
+ apt-get update
+ apt-get upgrade
+
+* si besoin, car des paquets rétroportés modifient la distribution :
+
+.. code:: shell
+
+ apt-get dist-upgrade
+
+apply system type elements
+--------------------------
+
+================= ==================================================
+linux-image-amd64 s’il ne s’agit pas d’un conteneur
+live-boot         si à destination de boot live
+systemd-sysv      sans quoi le système ne démarrera pas complètement
+================= ==================================================
+
+.. code:: shell
+
+ apt-get install -t stretch-backports "linux-image-amd64"
+ apt-get install "live-boot"
+
+----
+
+initialization settings
+-----------------------
+
+.. code:: shell
+
+ apt-get install -t stretch-backports "systemd-sysv"
+
+* etc/sysctl.conf
+
+Espace mémoire maximum allouable (à augmenter si hébergement de conteneurs)  
+Pourcentage de RAM disponible avant utilisation de la partition d’échange  
+
+.. code:: ini
+
+ vm.max_map_count=1048576
+ vm.swappiness=0
+
+keeping things light
+--------------------
+
+.. code:: shell
+
+ apt-get install --no-install-recommends …
+
+install useful packages
+-----------------------
+
+.. code:: shell
+
+ apt-get install \
+ bash-completion \
+ lxc \
+ less nano vim \
+ pciutils usbutils \
+ python3 \
+ squashfs-tools \
+
+.. code:: shell
+
+ apt-get install -t "stretch-backports" \
+ debootstrap \
+
+install other packages
+----------------------
+
+[Choix de paquets commentés](packages.md)
+
+.. code:: shell
+
+ apt-get install "package1" …
+ apt-get install -t stretch-backports "package1" …
+
+properly switch back from context
+---------------------------------
+
+* vider le cache d’APT
+
+.. code:: shell
+
+ apt-get clean
+
+* s’extraire de l’environnement
+
+.. code:: shell
+
+ exit
+
+* démonter les liens au système hôte
+
+.. code:: shell
+
+ umount sys
+ umount proc
+
+clean up commands history
+-------------------------
+
+* root/.bash_history
+
+Configure installed packages
+============================
+
+.. todo:: files
+
+Archive prepared file system
+============================
+
+.. code:: shell
+
+  mksquashfs . "../name.squashfs" -comp "xz"
--- a/docs/public/dns/hostname.rst
+++ b/docs/public/dns/hostname.rst
@ -0,0 +1,10 @@
+hostname
+========
+
+.. todo:: command
+
+* /etc/hostname
+
+::
+
+ name
--- a/docs/public/dns/hosts.rst
+++ b/docs/public/dns/hosts.rst
@ -0,0 +1,15 @@
+hosts
+=====
+
+* /etc/hosts
+
+localhost
+---------
+
+.. warning:: include hostname or sudo complains
+
+::
+
+  127.0.0.1 localhost
+
+  ::1 localhost
--- a/docs/public/dns/index.rst
+++ b/docs/public/dns/index.rst
@ -0,0 +1,9 @@
+dns
+===
+
+.. toctree::
+   :maxdepth: 2
+
+   hostname
+   hosts
+   resolv
--- a/docs/public/dns/resolv.rst
+++ b/docs/public/dns/resolv.rst
@ -0,0 +1,19 @@
+resolv
+======
+
+* /etc/resolv.conf
+
+cloudflare
+----------
+
+::
+
+ nameserver 1.1.1.1
+
+google
+------
+
+::
+
+ nameserver 8.8.8.8
+ nameserver 8.8.4.4
--- a/docs/public/docker/host.rst
+++ b/docs/public/docker/host.rst
@ -0,0 +1,75 @@
+Host
+====
+
+Stats
+-----
+
+.. code:: shell
+
+ docker info
+
+Images
+------
+
+List
+^^^^
+
+.. code:: shell
+
+ docker images
+
+Import
+^^^^^^
+
+.. code:: shell
+
+ docker import archive_name.tar repository_name:image_name
+
+Remove
+^^^^^^
+
+.. code:: shell
+
+ docker image rm image_name
+
+Containers
+----------
+
+List
+^^^^
+
+.. code:: shell
+
+ docker ps --all
+
+Create
+^^^^^^
+
+.. code:: shell
+
+ docker create \
+ --name container_name \
+ --publish host_port:container_port \
+ repository_name:image_name \
+ command argument_1 …
+
+Start
+^^^^^
+
+.. code:: shell
+
+ docker start container_name
+
+Stop
+^^^^
+
+.. code:: shell
+
+ docker stop container_name
+
+Remove
+^^^^^^
+
+.. code:: shell
+
+ docker rm container_name
--- a/docs/public/docker/index.rst
+++ b/docs/public/docker/index.rst
@ -0,0 +1,6 @@
+docker
+======
+
+.. toctree::
+
+   host
--- a/docs/public/ffmpeg/index.rst
+++ b/docs/public/ffmpeg/index.rst
@ -0,0 +1,6 @@
+ffmpeg
+======
+
+.. toctree::
+
+   snippets
--- a/docs/public/ffmpeg/snippets.rst
+++ b/docs/public/ffmpeg/snippets.rst
@ -0,0 +1,10 @@
+********
+Snippets
+********
+
+Change container
+================
+
+.. code:: bash
+
+  ffmpeg -i input.avi output.mkv
--- a/docs/public/firefox/configure.rst
+++ b/docs/public/firefox/configure.rst
@ -0,0 +1,13 @@
+Configure
+=========
+
+* prefs.js
+* user.js
+
+Client certificates
+-------------------
+
+.. code:: js
+
+ user_pref("security.default_personal_cert", "Ask Every Time");
+ user_pref("security.default_personal_cert", "Select Automatically");
--- a/docs/public/firefox/import_certificate_from_web_page.rst
+++ b/docs/public/firefox/import_certificate_from_web_page.rst
@ -0,0 +1,20 @@
+Import certificate from web page
+================================
+
+Set the web server's MIME types
+
+CA certificate
+--------------
+
+::
+
+ application/x-x509-ca-cert   crt der pem;
+
+Client certificate
+------------------
+
+.. warning:: doesn't work, bug still open
+
+::
+
+ application/x-x509-user-cert p12 pfx;
--- a/docs/public/firefox/index.rst
+++ b/docs/public/firefox/index.rst
@ -0,0 +1,7 @@
+firefox
+=======
+
+.. toctree::
+
+   configure
+   import_certificate_from_web_page
--- a/docs/public/git-bash/index.rst
+++ b/docs/public/git-bash/index.rst
@ -0,0 +1,5 @@
+git-bash
+========
+
+.. todo:: set user's HOME variable to %USERPROFILE%
+.. todo:: execute post-install.bat after archive extraction
--- a/docs/public/git/configure.rst
+++ b/docs/public/git/configure.rst
@ -0,0 +1,32 @@
+Configure
+=========
+
+Identity
+--------
+
+.. code:: shell
+
+  git config user.name "First Last"
+  git config user.email "user@domain.tld"
+
+* ~/.gitconfig
+
+.. code:: ini
+
+  [user]
+      name = "First Last"
+      email = "user@domain.tld"
+
+Auto-build
+----------
+
+.. code:: shell
+
+ git config receive.denyCurrentBranch updateInstead
+
+* .git/hooks/post-receive (+x)
+
+.. code:: shell
+
+ #! /bin/sh
+ ../build_script
--- a/docs/public/git/index.rst
+++ b/docs/public/git/index.rst
@ -0,0 +1,8 @@
+git
+===
+
+.. toctree::
+   :maxdepth: 1
+
+   configure
+   snippets
--- a/docs/public/git/snippets.rst
+++ b/docs/public/git/snippets.rst
@ -0,0 +1,13 @@
+********
+Snippets
+********
+
+TODO
+====
+
+* .gitignore
+* aliases
+* git diff
+
+    * cached (staging area)
+    * character
--- a/docs/public/gnome/configure.rst
+++ b/docs/public/gnome/configure.rst
@ -0,0 +1,54 @@
+*********
+Configure
+*********
+
+General
+=======
+
+Settings
+--------
+
+* automatic date/time
+* automatic timezone
+
+Tweak tool
+----------
+
+* dark theme
+
+dconf
+-----
+
+* backgrounds
+* updates
+
+Applications
+============
+
+Terminal (gnome-terminal)
+-------------------------
+
+* dark variant
+* colors
+* infinite scroll
+
+Files (nautilus)
+----------------
+
+Settings
+
+Text editor (gedit)
+-------------------
+
+Settings
+
+Plugins:
+* git
+
+Keyboard shortcuts
+------------------
+
+Calculator
+----------
+
+Advanced mode
--- a/docs/public/gnome/index.rst
+++ b/docs/public/gnome/index.rst
@ -0,0 +1,5 @@
+gnome
+=====
+
+.. toctree::
+   configure
--- a/docs/public/gnupg/configure.rst
+++ b/docs/public/gnupg/configure.rst
@ -0,0 +1,88 @@
+Configure
+=========
+
+If up:
+
+.. code:: shell
+
+  killall -9 gpg-agent
+  killall -9 dirmngr
+
+wipe if needed
+--------------
+
+.. code:: shell
+
+  rm --force --recursive ~/.gnupg
+  mkdir -m 700 ~/.gnupg
+
+check available algorithms
+--------------------------
+
+.. code:: shell
+
+  gpg --version
+
+avoid default use of SHA256
+---------------------------
+
+* gpg.conf
+
+::
+
+  keyid-format long
+  keyserver-options include-revoked
+  list-options show-uid-validity
+  no-verbose
+  verify-options show-uid-validity
+  with-fingerprint
+  with-keygrip
+  with-subkey-fingerprint
+
+  no-comments
+  no-emit-version
+
+  default-preference-list SHA512 AES256 BZIP2
+
+  cert-digest-algo SHA512
+  cipher-algo AES256
+  compress-algo BZIP2
+  digest-algo SHA512
+
+  personal-cipher-preferences AES256
+  personal-digest-preferences SHA512
+  personal-compress-preferences BZIP2
+
+  s2k-cipher-algo AES256
+  s2k-digest-algo SHA512
+  s2k-mode 3
+  s2k-count 65011712
+
+avoid DL/UL issues, depending on DNS
+------------------------------------
+
+* dirmngr.conf
+
+::
+
+  keyserver hkps://keys.openpgp.org
+  standard-resolver
+
+authenticate
+------------
+
+* gpg-agent.conf
+
+::
+
+  enable-ssh-support
+
+* sshcontrol
+
+KeyGrip to use if there are several
+
+::
+
+  KKEEYYGGRRIIPP
+
+* export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)
--- a/docs/public/gnupg/fun.rst
+++ b/docs/public/gnupg/fun.rst
@ -0,0 +1,50 @@
+“Choose” fingerprint
+====================
+
+.. code:: bash
+
+ #! /bin/bash
+
+ mkdir --parents _
+
+ while true; do
+
+ gpg \
+ --batch \
+ --passphrase '' \
+ --quick-generate-key \
+ 'First Last <first-last@domain.tld>' \
+ ed25519 \
+ cert \
+ 1y \
+ &> /dev/null
+
+ gpg \
+ --armor \
+ --export-secret-keys \
+ 'First Last' > "tmp.gpg"
+
+ name=$(\
+ cat tmp.gpg \
+ | gpg --list-packets \
+ | grep v4 \
+ | awk -F ' ' '{print $9}' \
+ | awk -F ')' '{print $1}' \
+ )
+
+ name="${name:24:4}_${name:28:4}__${name:32:4}_${name:36}"
+ echo "${name}"
+ mv tmp.gpg "_/${name}"
+
+ rm openpgp-revocs.d/*
+ rm private-keys-v1.d/*
+
+ gpg \
+ --batch \
+ --yes \
+ --delete-keys 'First Last'
+
+ rm pubring.kbx*
+ rm trustdb.gpg
+
+ done
--- a/docs/public/gnupg/generate.rst
+++ b/docs/public/gnupg/generate.rst
@ -0,0 +1,54 @@
+Generate
+========
+
+master key
+----------
+
+.. code:: shell
+
+  gpg --expert --full-generate-key
+
+::
+
+  8 → RSA (set your own capabilities)
+  s → toggle the sign capability
+  e → toggle the encrypt capability
+  q → finished
+  4096
+  1y → key expires in 1 year
+  y → this is correct
+  First Last
+  user@domain.tld
+  comment
+  o → ok
+
+.. code:: shell
+
+  gpg --quick-generate-key 'First Last <user@domain.tld>' rsa4096 cert 1y
+
+revocation certificate
+----------------------
+
+.. code:: shell
+
+  gpg --generate-revocation "KeyID" > "FFIINNGGEERRPPRRIINNTT.rev"
+
+::
+
+  y
+
+::
+
+  0 → no reason specified
+  1 → key has been compromised
+  2 → key is superseded
+  3 → key is no longer used
+
+::
+
+  description
+  y
+
+.. warning::
+
+  Hide this file in an encrypted container!
--- a/docs/public/gnupg/index.rst
+++ b/docs/public/gnupg/index.rst
@ -0,0 +1,11 @@
+gnupg
+=====
+
+.. toctree::
+   :maxdepth: 2
+
+   overview
+   configure
+   generate
+   servers
+   fun
--- a/docs/public/gnupg/overview.rst
+++ b/docs/public/gnupg/overview.rst
@ -0,0 +1,186 @@
+********
+OverView
+********
+
+.. todo::
+
+ * setpref, or elsehow at key generation
+ * ! suffix to exclude subkeys
+ * trust key
+ * sign file
+ * sign key
+ * encrypt for [hidden-]recipient
+ * delete secret key
+ * import secret key
+ * refresh keys
+
+List
+====
+
+.. code:: shell
+
+  gpg --list-keys
+
+.. code:: shell
+
+  gpg --list-signatures
+
+Modify
+======
+
+.. code:: shell
+
+  gpg --expert --edit-key "KEY ID"
+
+[…]
+
+::
+
+  save
+
+add a subkey to a master key
+----------------------------
+
+::
+
+  addkey
+  8 → RSA (set your own capabilities)
+
+[…]
+
+::
+
+  q → finished
+  4096
+  1y → key expires in 1 year
+  y → this is correct
+  y → really create
+
+sign
+^^^^
+
+::
+
+  e → toggle the encrypt capability
+
+.. code:: shell
+
+  gpg --quick-add-key FFIINNGGEERRPPRRIINNTT rsa4096 auth 1y
+  gpg --quick-add-key FFIINNGGEERRPPRRIINNTT rsa4096 encr 1y
+  gpg --quick-add-key FFIINNGGEERRPPRRIINNTT rsa4096 sign 1y
+
+encrypt
+^^^^^^^
+
+::
+
+  s → toggle the sign capability
+
+authenticate
+^^^^^^^^^^^^
+
+::
+
+  s → toggle the sign capability
+  e → toggle the encrypt capability
+  a → toggle the authenticate capability
+
+set expiration date
+-------------------
+
+::
+
+  expire
+  1y
+  y
+
+add another UserID
+------------------
+
+::
+
+  adduid
+  First Last
+  user@domain.tld
+  comment
+  o
+
+set primary UserID
+------------------
+
+::
+
+  uid 1
+  primary
+
+Export
+======
+
+private key
+-----------
+
+.. code:: shell
+
+  gpg --armor --export-secret-keys FFIINNGGEERRPPRRIINNTT > key.gpg
+
+private subkeys
+---------------
+
+.. code:: shell
+
+  gpg --armor --export-secret-subkeys FFIINNGGEERRPPRRIINNTT > subkeys.gpg
+
+public key
+----------
+
+.. code:: shell
+
+  gpg --armor --export "Key ID" > id.asc
+
+public SSH key
+--------------
+
+.. code:: shell
+
+  gpg --armor --export-ssh-key "Key ID" > id.pub
+
+Dump
+====
+
+.. code:: shell
+
+  gpg --list-packets
+
+.. code:: shell
+
+  pgpdump pub.asc
+
+Secure
+======
+
+hide the master key in an encrypted container
+---------------------------------------------
+
+* ~/.gnupg/private-keys-v1.d/KKEEYYGGRRIIPP.key
+
+Sign
+====
+
+.. code:: shell
+
+ gpg --armor --detach-sign file
+
+Revoke
+======
+
+.. code:: shell
+
+  gpg --import "FFIINNGGEERRPPRRIINNTT.rev"
+  gpg --send-keys "KEY ID"
+
+Verify
+======
+
+.. code:: shell
+
+ gpg --verify file.asc file
--- a/docs/public/gnupg/servers.rst
+++ b/docs/public/gnupg/servers.rst
@ -0,0 +1,66 @@
+Servers
+=======
+
+Search
+------
+
+.. code:: shell
+
+ gpg \
+ --keyserver hkps://sub.domain.tld \
+ --search-keys "Key ID"
+
+Download
+--------
+
+.. code:: shell
+
+ gpg \
+ --keyserver hkps://sub.domain.tld \
+ --receive-keys "Key ID"
+
+Upload
+------
+
+.. code:: shell
+
+ gpg \
+ --keyserver hkps://sub.domain.tld \
+ --send-keys "Key ID"
+
+Available
+---------
+
+Mitigated
+^^^^^^^^^
+
+* hkps://
+
+::
+
+ keys.openpgp.org
+
+Vulnerable
+^^^^^^^^^^
+
+* hkps://
+
+::
+
+ keyring.debian.org
+ pgp.key-server.io
+ pgp.mit.edu
+ peegeepee.com
+ pgp.rediris.es
+ sks-keyservers.net
+ pgp.surfnet.nl
+ keyserver.ubuntu.com
+
+ # round-robin
+ keys.gnupg.net
+
+* hkp://
+
+::
+
+ pgp.uni-mainz.de
--- a/docs/public/gource/index.rst
+++ b/docs/public/gource/index.rst
@ -0,0 +1,7 @@
+gource
+======
+
+.. toctree::
+   :maxdepth: 1
+
+   render
--- a/docs/public/gource/render.rst
+++ b/docs/public/gource/render.rst
@ -0,0 +1,17 @@
+Render
+======
+
+.. todo:: ffmpeg pipe
+
+.. code:: bash
+
+   gource \
+   --date-format "%Y - %m - %d  /  %H : %M : %S" \
+   -f \
+   --highlight-dirs \
+   --highlight-users \
+   --key \
+   --output-framerate 60 \
+   --start-date "yyyy-mm-dd HH:MM:SS" \
+   --auto-skip-seconds 1 \
+   --seconds-per-day 10
--- a/docs/public/grub/index.rst
+++ b/docs/public/grub/index.rst
@ -0,0 +1,7 @@
+grub
+====
+
+.. toctree::
+
+   modules
+   standalone
--- a/docs/public/grub/modules.rst
+++ b/docs/public/grub/modules.rst
@ -0,0 +1,405 @@
+.. _grub_modules:
+
+Modules
+=======
+
+Included
+--------
+
+======= ==
+memdisk | 
+tar     | 
+======= ==
+
+Mandatory
+---------
+
+====== ==
+normal | 
+====== ==
+
+dependencies
+^^^^^^^^^^^^
+
+======== ==
+boot     | 
+bufio    | 
+crypto   | 
+extcmd   | 
+gettext  | 
+terminal | 
+======== ==
+
+Useful
+------
+
+core
+^^^^
+
+========== ==
+date       | 
+echo       | 
+eval       | 
+help       | 
+keylayouts | 
+ls         | 
+sleep      | 
+test       | 
+true       | 
+========== ==
+
+hw
+^^
+
+========= ==
+cpuid     | 
+lspci     | 
+terminfo  | 
+videoinfo | 
+========= ==
+
+part
+^^^^
+
+========== ==
+lvm        | 
+mdraid1x   | 
+part_bsd   | 
+part_dfly  | 
+part_gpt   | 
+part_msdos | 
+raid5rec   | 
+========== ==
+
+fs
+^^
+
+=========== ==
+btrfs       | 
+exfat       | 
+ext2        | 
+fat         | 
+hfs         | 
+hfspluscomp | 
+iso9660     | 
+ntfscomp    | 
+squash4     | 
+udf         | 
+xfs         | 
+zfs         | 
+=========== ==
+
+file
+^^^^
+
+======== ==
+cat      | 
+cmp      | 
+file     | 
+hexdump  | 
+loadenv  | 
+loopback | 
+probe    | 
+regexp   | 
+search   | 
+======== ==
+
+hash
+^^^^
+
+=========== ==
+hashsum     | 
+gcry_sha1   | 
+gcry_sha256 | 
+gcry_sha512 | 
+=========== ==
+
+action
+^^^^^^
+
+========== ==
+bsd        | 
+configfile | 
+halt       | 
+keystatus  | 
+linux      | 
+read       | 
+reboot     | 
+========== ==
+
+gfx
+^^^
+
+================== ==
+gfxterm_background | 
+jpeg               | 
+png                | 
+================== ==
+
+bench
+^^^^^
+
+========= ==
+progress  | 
+testspeed | 
+========= ==
+
+i386-pc
+^^^^^^^
+
+======== =================================
+biosdisk | detect disks through bios
+drivemap | map drives for windows bullshit
+ntldr    | load windows bootmgr or ntldr
+======== =================================
+
+Useless
+-------
+
+============ ==
+at_keyboard  | 
+gcry_crc     | 
+gcry_md4     | 
+gcry_md5     | 
+mdraid09     | 
+mdraid09_be  | 
+memrw        | 
+random       | 
+tga          | 
+time         | 
+usb_keyboard | 
+usbtest      | 
+videotest    | 
+============ ==
+
+i386-pc
+^^^^^^^
+
+= ==
+? | 
+= ==
+
+Untested
+--------
+
+========== ==
+part_acorn | 
+part_amiga | 
+part_apple | 
+part_dvh   | 
+part_plan  | 
+part_sun   | 
+part_sunpc | 
+========== ==
+
+========= ==
+affs      | 
+afs       | 
+bfs       | 
+cbfs      | 
+cpio      | 
+cpio_be   | 
+hfsplus   | 
+jfs       | 
+minix     | 
+minix_be  | 
+minix2    | 
+minix2_be | 
+minix3    | 
+minix3_be | 
+nilfs2    | 
+ntfs      | 
+procfs    | 
+reiserfs  | 
+romfs     | 
+sfs       | 
+ufs1      | 
+ufs1_be   | 
+ufs2      | 
+========= ==
+
+============== ==
+adler32        | 
+crc64          | 
+gcry_arcfour   | 
+gcry_blowfish  | 
+gcry_camellia  | 
+gcry_cast5     | 
+gcry_des       | 
+gcry_dsa       | 
+gcry_idea      | 
+gcry_rfc2268   | 
+gcry_rijndael  | 
+gcry_rmd160    | 
+gcry_rsa       | 
+gcry_seed      | 
+gcry_serpent   | 
+gcry_tiger     | 
+gcry_twofish   | 
+gcry_whirlpool | 
+============== ==
+
+==================== ==
+acpi
+ahci
+all_video
+aout
+archelp
+ata
+backtrace
+bitmap
+bitmap_scale
+blocklist
+bswap_test
+cbls
+cbmemc
+cbtable
+cbtime
+chain
+cmdline_cat_test
+cmp_test
+cryptodisk
+cs5536
+ctz_test
+datehook
+datetime
+disk
+diskfilter
+div
+div_test
+dm_nv
+ehci
+elf
+exfctest
+font
+fshelp
+functional_test
+geli
+gfxmenu
+gfxterm
+gfxterm_menu
+gptsync
+gzio
+hdparm
+hello
+http
+iorw
+ldm
+legacycfg
+legacy_password_test
+linux16
+lsacpi
+lsmmap
+luks
+lzopio
+macbless
+macho
+memrw
+minicmd
+mmap
+morse
+mpi
+msdospart
+mul_test
+multiboot
+multiboot2
+nativedisk
+net
+newc
+odc
+offsetio
+ohci
+parttool
+password
+password_pbkdf2
+pata
+pbkdf2
+pbkdf2_test
+pcidump
+play
+priority_queue
+
+raid6rec
+relocator
+scsi
+search_fs_file
+search_fs_uuid
+search_label
+serial
+setjmp
+setjmp_test
+setpci
+shift_test
+signature_test
+sleep_test
+spkmodem
+syslinuxcfg
+test_blockarg
+testload
+tftp
+trig
+tr
+uhci
+usb
+usbms
+usbserial_common
+usbserial_ftdi
+usbserial_pl2303
+usbserial_usbdebug
+verify
+video_bochs
+video_cirrus
+video_colors
+video_fb
+video
+videotest_checksum
+xnu
+xnu_uuid
+xnu_uuid_test
+xzio
+zfscrypt
+zfsinfo
+zfs
+==================== ==
+
+x86_64-efi
+^^^^^^^^^^
+
+=========== ==
+appleldr    | 
+efifwsetup  | 
+efi_gop     | 
+efinet      | 
+efi_uga     | 
+fixvideo    | 
+linuxefi    | 
+loadbios    | 
+lsefimmap   | 
+lsefi       | 
+lsefisystab | 
+lssal       | 
+=========== ==
+
+i386-pc
+^^^^^^^
+
+============= ==
+915resolution | 
+cmosdump      | 
+cmostest      | 
+efiemu        | 
+freedos       | 
+gdb           | 
+hwmatch       | 
+lsapm         | 
+mda_text      | 
+pci           | 
+plan9         | 
+pxechain      | 
+pxe           | 
+sendkey       | 
+truecrypt     | 
+vbe           | 
+vga           | 
+vga_text      | 
+============= ==
--- a/docs/public/grub/standalone.rst
+++ b/docs/public/grub/standalone.rst
@ -0,0 +1,316 @@
+************************
+Prepare a boot directory
+************************
+
+Choose useful modules
+=====================
+
+Commented list: :ref:`grub_modules`
+
+Download packages
+=================
+
+current
+-------
+
+================== ===================================
+grub2-common       fichiers v2 communs
+grub-common        fichiers v2 et v1 communs
+grub-efi-amd64     architecture EFI avec installation
+grub-efi-amd64-bin architecture EFI sans installation
+grub-pc            architecture BIOS avec installation
+grub-pc-bin        architecture BIOS avec installation
+================== ===================================
+
+legacy
+------
+
+=========== ============
+grub-efi    transitional
+grub-legacy maintenance
+=========== ============
+
+Put up a functional directory
+=============================
+
+boot/grub/grub.cfg
+
+.. code:: shell
+
+  search --set --fs-uuid "YYYY-MM-DD-hh-mm-ss-cc"
+
+Or at worst:
+
+.. code:: shell
+
+  search --set --label "LA_BEL"
+
+Generate a modular image
+========================
+
+/bin/tar
+
+.. code:: shell
+
+  tar
+  --create
+  --dereference
+  --file='grub.tar'
+  --verbose
+  boot
+
+* moddep.lst
+* kernel.img
+* lzma_decompress.img
+* diskboot.img
+* \*.mod
+
+/usr/bin/grub-mkimage
+
+.. code:: shell
+
+  grub-mkimage
+  --directory='i386-pc'
+  --format='i386-pc'
+  --memdisk='grub.tar'
+  --output='i386-pc/core.img'
+  modules…
+
+i386-pc-eltorito for ISO encapsulation
+
+Make a device bootable
+======================
+
+* boot.img
+* core.img
+
+/usr/sbin/grub-bios-setup
+
+.. code:: shell
+
+  grub-bios-setup \
+  --directory="i386-pc" \
+  /dev/sd?
+
+Prepare a boot menu
+===================
+
+available colors
+----------------
+
+========= ============= =========== ==========
+black     blue          green       cyan
+red       magenta       brown       light-gray
+dark-gray light-blue    light-green light-cyan
+light-red light-magenta yellow      white
+========= ============= =========== ==========
+
+* black backgrounds are actually transparent!
+
+available environment variables
+-------------------------------
+
+==================== =============================
+chosen               4
+color_highlight      black/light-gray
+color_normal         light-gray/black
+default              "${id}"
+gfxmode              1024x768
+gfxpayload           keep
+gfxterm_font         unicode
+lang                 en_US
+locale_dir
+menu_color_highlight white/blue
+menu_color_normal    cyan/blue
+pager                1
+prefix               (hd?,msdos?)/live/boot/2.02-2
+root                 hd?,msdos?
+theme                …/.txt
+timeout              -1
+==================== =============================
+
+======= =====
+cmdpath (hd?)
+======= =====
+
+persistent environment variables file
+-------------------------------------
+
+* /usr/bin/grub-editenv
+
+.. code:: shell
+
+  grub-editenv file create
+  grub-editenv file set variable=value
+  grub-editenv file unset variable
+
+boot a prepared system
+----------------------
+
+.. warning::
+
+  Violent kernel crashes are to be expected if:
+
+  1. the live-media-path has no .squashfs file
+  #. the image basename:
+
+     * doesn't end with .squashfs
+     * is just .squashfs
+     * contains ,
+
+----
+
+* /live/name.squashfs
+
+.. code:: shell
+
+  linux /live/subdir/vmlinuz boot="live" toram="subdir/name.squashfs"
+  initrd /live/subdir/initrd.img
+
+.. code:: shell
+
+  loopback loop /live/dir/name.squashfs
+  linux (loop)/vmlinuz boot="live" toram="dir/name.squashfs"
+  initrd (loop)/initrd.img
+
+* Debian installed
+
+.. code:: shell
+
+  unset path
+  uuid="????????-????-????-????-????????????"
+  search --set="path" --fs-uuid "${uuid}"
+  if [ "${path}" ]; then
+      path="(${path})"
+      linux "${path}/vmlinuz" \
+          elevator=deadline \
+          root=UUID=${uuid}
+      initrd "${path}/initrd.img"
+  fi
+
+* Debian Installer
+
+.. code:: shell
+
+  linux "/path/to/vmlinuz" priority="low"
+
+.. code:: shell
+
+  linux "/path/to/vmlinuz" auto="true" \
+  file="/hd-media/path/to/preseed"
+
+----
+
+.. code:: shell
+
+  initrd /path/to/gtk/initrd.gz
+
+----
+
+* iso-scan's first pass goes only 1 subdirectories level down!
+
+.. todo::
+
+  Test if iso-scan/filename really works
+
+.. code:: shell
+
+  iso-scan/ask_second_pass="true" iso-scan/filename="/path/to/file.iso"
+
+* Debian Live
+
+.. code:: shell
+
+  file="/path/to.iso"
+  loopback loop "${file}"
+  path="(loop)/live"
+  linux "${path}/vmlinuz" boot="live" findiso="${file}" components
+  initrd "${path}/initrd.img"
+
+* PartedMagic
+
+.. code:: shell
+
+  file="/path/to.iso"
+  loopback loop ${file}
+  path="(loop)/pmagic"
+  linux "${path}/bzImage64" iso_filename="${file}" load_ramdisk=1
+  initrd "${path}/initrd.img" "${path}/fu.img" "${path}/m64.img"
+
+* Windows
+
+.. code:: shell
+
+  menuentry "Windows" {
+      drivemap -s (hd0) (hd1)
+      chainloader (hd0,msdos2)+1
+  }
+
+* CloneZilla
+
+.. code:: shell
+
+  file="/path/to/file.iso"
+  loopback loop "${file}"
+  path="(loop)/live"
+  linux "${path}/vmlinuz" findiso="${file}" \
+  boot="live" union="overlay" \
+  username="user" config components \
+  toram="filesystem.squashfs" ip="" \
+  locales="en_US.UTF-8" keyboard-layouts="fr-latin9" \
+
+----
+
+.. code:: shell
+
+  ocs_live_batch="yes" \
+  ocs_prerun="mount /dev/disk/by-uuid/${cz_home} /mnt" \
+  ocs_prerun1="mount --bind /mnt/${cz_partimag} /home/partimag" \
+  ocs_live_run="ocs-live-restore" \
+
+.. code:: shell
+
+  ocs_live_extra_param="\
+  -e1 auto -e2 -t -r -j2 -cs -k \
+  -p reboot restoreparts ask_user ${cz_target}"
+
+.. code:: shell
+
+  ocs_live_extra_param="\
+  -q2 -j2 -rm-win-swap-hib -gs -z1p -i 1000000 -fsck-y \
+  -p reboot saveparts ask_user ${cz_target}"
+
+----
+
+.. code:: shell
+
+  ocs_live_batch="no" \
+  ocs_live_run="ocs-live-general" \
+
+----
+
+.. code:: shell
+
+  initrd "${path}/initrd.img"
+
+* ISO
+
+.. code:: shell
+
+  xorrisofs \
+  \
+  -output live-grub.iso \
+  \
+  -volid "LIVE_GRUB" \
+  -boot-info-table \
+  -no-emul-boot \
+  --modification-date="YYYYMMDDhhmmsscc" \
+  -eltorito-boot live/boot/grub/2.02-2/i386-pc/core.img \
+  -eltorito-catalog "boot.cat" \
+  --boot-catalog-hide \
+  \
+  -exclude live/sources \
+  -exclude live/boot/debian.squashfs/debootstrap \
+  -exclude live/boot/debian.squashfs/live \
+  -root "live" \
+  "live"
--- a/docs/public/ifupdown2/configure.rst
+++ b/docs/public/ifupdown2/configure.rst
@ -0,0 +1,22 @@
+Configure interfaces
+--------------------
+
+* /etc/network/interfaces
+
+.. code:: shell
+
+ source /etc/network/interfaces.d/*
+
+* /etc/network/interfaces.d/lo
+
+::
+
+ auto lo
+ iface lo inet loopback
+
+* /etc/network/interfaces.d/eth0
+
+::
+
+ auto eth0
+ iface eth0 inet dhcp
--- a/docs/public/ifupdown2/index.rst
+++ b/docs/public/ifupdown2/index.rst
@ -0,0 +1,6 @@
+ifupdown2
+=========
+
+.. toctree::
+
+   configure
--- a/docs/public/isc-dhcp-server/index.rst
+++ b/docs/public/isc-dhcp-server/index.rst
@ -0,0 +1,25 @@
+isc-dhcp-server
+===============
+
+Configure
+---------
+
+* /etc/dhcp/dhcpd.conf
+
+::
+
+  option domain-name "sub.domain.tld";
+  option domain-name-servers 1.2.3.200;
+
+  default-lease-time 600;
+  max-lease-time 7200;
+
+  authoritative;
+
+  subnet 1.2.3.0 netmask 255.255.255.0 {
+      range 1.2.3.123 1.2.3.128;
+  }
+  host name {
+      hardware ethernet 01:23:45:67:89:ab;
+      fixed-address 1.2.3.4;
+  }
--- a/docs/public/libnss3-tools/delete.rst
+++ b/docs/public/libnss3-tools/delete.rst
@ -0,0 +1,24 @@
+Delete
+======
+
+.. warning::
+
+ deletion of key removes associated certificate
+
+Key
+---
+
+.. code:: shell
+
+ certutil \
+ -d ~/.mozilla/firefox/default \
+ -F -n "Name"
+
+Certificate
+-----------
+
+.. code:: shell
+
+ certutil \
+ -d ~/.mozilla/firefox/default \
+ -D -n "Name"
--- a/docs/public/libnss3-tools/import.rst
+++ b/docs/public/libnss3-tools/import.rst
@ -0,0 +1,11 @@
+Import
+======
+
+Client certificate
+------------------
+
+.. code:: shell
+
+ pk12util \
+ -d ~/.mozilla/firefox/default \
+ -i /path/to/client_certificate.pfx
--- a/docs/public/libnss3-tools/index.rst
+++ b/docs/public/libnss3-tools/index.rst
@ -0,0 +1,8 @@
+libnss3-tools
+=============
+
+.. toctree::
+
+   import
+   list
+   delete
--- a/docs/public/libnss3-tools/list.rst
+++ b/docs/public/libnss3-tools/list.rst
@ -0,0 +1,20 @@
+List
+====
+
+Certificates
+------------
+
+.. code:: shell
+
+ certutil \
+ -d ~/.mozilla/firefox/default \
+ -L
+
+Keys
+----
+
+.. code:: shell
+
+ certutil \
+ -d ~/.mozilla/firefox/default \
+ -K
--- a/docs/public/libreoffice/convert.rst
+++ b/docs/public/libreoffice/convert.rst
@ -0,0 +1,10 @@
+Convert
+=======
+
+.. code:: shell
+
+ libreoffice \
+ --headless \
+ --convert-to "png" \
+ --outdir "/path/file.png" \
+ input_file.o??
--- a/docs/public/libreoffice/index.rst
+++ b/docs/public/libreoffice/index.rst
@ -0,0 +1,6 @@
+libreoffice
+===========
+
+.. toctree::
+
+   convert
--- a/docs/public/lxc/container.rst
+++ b/docs/public/lxc/container.rst
@ -0,0 +1,170 @@
+*********
+Container
+*********
+
+TODO
+====
+
+* look for creation through debootstrap
+
+Create
+======
+
+.. code:: shell
+
+  lxc-create \
+  --name="container_name" \
+  --template="debian" \
+  -- \
+  --release="stretch" \
+  --mirror="file:/mirrors/debian/debian-stretch" \
+  --security-mirror="file:/mirrors/debian/debian-stretch-security" \
+
+Configure
+=========
+
+In containers/directory/container_name :
+
+* config
+
+.. code:: ini
+
+  lxc.include = /usr/share/lxc/config/debian.common.conf
+
+  lxc.arch = amd64
+  lxc.autodev = 1
+  lxc.kmsg = 0
+  lxc.mount = /var/lib/lxc/container_name/fstab
+  lxc.rootfs = /var/lib/lxc/container_name/rootfs
+  lxc.rootfs.backend = dir
+  lxc.start.auto = 1
+  lxc.utsname = hostname
+
+  lxc.network.type = veth
+
+  lxc.network.flags = up
+  lxc.network.link = br0
+  lxc.network.name = eth0
+  lxc.network.veth.pair = container_name
+  lxc.network.hwaddr = virtual_mac_address
+
+Static addresses variant:
+
+.. code:: ini
+
+  lxc.network.ipv4 = container_ip4/network_mask_bits
+  lxc.network.ipv6 = container_ip6
+
+* fstab
+
+.. warning::
+
+  | Do not forget to create the data directories
+  | otherwise the container start process will fail!
+
+::
+
+  data/directory/container_name data none bind,create=dir
+  /mirrors mirrors none bind,create=dir
+
+* rootfs/
+
+    * TODO Debian configuration
+
+* rootfs/etc/network/interfaces.d/eth0
+
+    if the container uses DHCP:
+
+::
+
+  auto eth0
+  iface eth0 inet dhcp
+
+Start
+=====
+
+.. warning::
+
+  | Be patient, for it can take a container
+  | up to 1 minute to get its network stack up!
+
+.. code:: shell
+
+  lxc-start -n "container_name"
+
+.. code:: shell
+
+  lxc-start --name="container_name"
+
+Run command
+===========
+
+.. code:: shell
+
+  lxc-attach -n "container_name" -- command
+
+.. code:: shell
+
+  lxc-attach --name="container_name" -- command
+
+Stop
+====
+
+.. code:: shell
+
+  lxc-stop -n "container_name"
+
+.. code:: shell
+
+  lxc-stop --name="container_name"
+
+Backup
+======
+
+system
+------
+
+.. code:: shell
+
+  cd containers/directory
+  tar --numeric-owner -cvaf container_name.backup_name.txz container_name
+
+data
+----
+
+.. code:: shell
+
+  cd data/directory
+  tar --numeric-owner -cvaf container_name.backup_name.txz container_name
+
+Destroy
+=======
+
+.. code:: shell
+
+  lxc-destroy -n "container_name"
+
+.. code:: shell
+
+  lxc-destroy --name="container_name"
+
+Restore
+=======
+
+system
+------
+
+.. code:: shell
+
+  cd containers/directory
+  rm --recursive container_name
+  tar --numeric-owner -xvf container_name.backup_name.txz
+
+data
+----
+
+.. code:: shell
+
+  cd data/directory
+  rm --recursive container_name
+  tar --numeric-owner -xvf container_name.backup_name.txz
--- a/docs/public/lxc/host.rst
+++ b/docs/public/lxc/host.rst
@ -0,0 +1,102 @@
+****
+Host
+****
+
+.. warning::
+
+ lxc service has to be enabled for autostart to work
+
+Check
+=====
+
+.. code:: shell
+
+  lxc-checkconfig
+
+List
+====
+
+.. code:: shell
+
+  lxc-ls -f
+
+.. code:: shell
+
+  lxc-ls --fancy
+
+Network bridge
+==============
+
+Create bridge br0 onto host's network main interface:
+
+* /etc/network/interfaces.d/br0
+
+::
+
+  auto br0
+  iface br0 inet static
+      address host_ip/network_mask_bits
+      gateway gateway_ip
+      bridge_fd 0
+      bridge_maxwait 0
+      bridge_ports eth0
+      bridge_stp on
+
+Example with a SoYouStart server:
+
+::
+
+ auto  br0
+ iface br0 inet static
+       address 192.99.37.216/24
+       gateway 192.99.37.254
+       bridge_fd 0
+       bridge_maxwait 0
+       bridge_ports enp4s0
+       bridge_stp on
+ iface br0 inet6 static
+       address 2607:5300:60:4cd8::/64
+       gateway 2607:5300:60:4cff:ff:ff:ff:ff
+       bridge_fd 0
+       bridge_maxwait 0
+       bridge_ports enp4s0
+       bridge_stp on
+
+Service
+=======
+
+Default configuration for new containers:
+
+* /etc/lxc/default.conf
+
+.. code:: ini
+
+  lxc.include = /usr/share/lxc/config/debian.common.conf
+
+  lxc.arch = amd64
+  lxc.autodev = 1
+  lxc.kmsg = 0
+  lxc.rootfs.backend = dir
+  lxc.start.auto = 1
+
+  lxc.network.type = veth
+
+  lxc.network.flags = up
+  lxc.network.link = br0
+  lxc.network.name = eth0
+
+Directories
+===========
+
+* 1 for the containers
+* 1 for their data
+
+.. code:: shell
+
+  mkdir --parents "containers/directory"
+  rmdir "/var/lib/lxc"
+  ln --symbolic "containers/directory" "/var/lib/lxc"
+
+.. code:: shell
+
+  mkdir --parents "data/directory"
--- a/docs/public/lxc/index.rst
+++ b/docs/public/lxc/index.rst
@ -0,0 +1,28 @@
+lxc
+===
+
+.. toctree::
+
+   host
+   container
+   unprivileged
+
+ESX
+---
+
+.. warning::
+
+  | If the host is part of an ESX virtual network architecture,
+  | make sure to configure its virtual switch to avoid packet drops.
+
+* Edit Settings / Policies / Security
+
+=================== ======
+Key                 Value
+=================== ======
+Promiscuous Mode    Accept
+MAC Address Changes Accept
+Forged Transmits    Accept
+=================== ======
+
+.. todo:: same problem with VirtualBox network
--- a/docs/public/lxc/unprivileged.rst
+++ b/docs/public/lxc/unprivileged.rst
@ -0,0 +1,55 @@
+Unprivileged
+============
+
+.. warning:: Work In Progress
+
+Mandatory
+---------
+
+Configuration
+^^^^^^^^^^^^^
+
+* config
+
+::
+
+ lxc.idmap = u 0 100000 65536
+ lxc.idmap = g 0 100000 65536
+
+Permissions
+^^^^^^^^^^^
+
+.. todo:: shift root's uid for rootfs
+
+Not sure
+--------
+
+Packages
+^^^^^^^^
+
+::
+
+ uidmap
+
+Configuration
+^^^^^^^^^^^^^
+
+* /etc/sysctl.conf
+
+::
+
+ kernel.unprivileged_userns_clone=1
+
+* /etc/subgid
+* /etc/subuid
+
+::
+
+ root:100000:65536
+
+* config
+
+::
+
+ lxc.include = /usr/share/lxc/config/userns.conf
+ lxc.apparmor.profile = unconfined
--- a/docs/public/markdown/index.rst
+++ b/docs/public/markdown/index.rst
@ -0,0 +1,6 @@
+markdown
+========
+
+.. toctree::
+
+   syntax
--- a/docs/public/markdown/syntax.rst
+++ b/docs/public/markdown/syntax.rst
@ -0,0 +1,53 @@
+Syntax
+======
+
+.. todo:: tables
+
+Titles
+------
+
+::
+
+ # title 1
+ ## title 2
+ ### title 3
+ #### title 4
+ ##### title 5
+ ###### title 6
+
+Lists
+-----
+
+::
+
+ * element 1
+ * element 2
+   * element 2.1
+   * element 2.2
+     * element 2.2.1
+     * element 2.2.2
+
+Blocks
+------
+
+::
+
+ ```language
+ multi
+ line
+ message
+ ```
+
+Links
+-----
+
+::
+
+ [link_caption](link_address)
+
+Images
+------
+
+::
+
+ ![alternative_text](image_address)
--- a/docs/public/mdadm/creation.rst
+++ b/docs/public/mdadm/creation.rst
@ -0,0 +1,31 @@
+Creation
+========
+
+.. warning::
+
+ Only use partitions, never whole devices,
+ otherwise assembly will fail after reboot!
+
+RAID 0
+------
+
+.. code:: shell
+
+ mdadm --create /dev/md0 --level=0 \
+ --raid-devices=2 /dev/sd[bc]1
+
+RAID 1
+------
+
+.. code:: shell
+
+ mdadm --create /dev/md0 --level=1 \
+ --raid-devices=2 /dev/sd[bc]1
+
+RAID 5
+------
+
+.. code:: shell
+
+ mdadm --create /dev/md0 --level=5 \
+ --raid-devices=3 /dev/sd[b-d]1
--- a/docs/public/mdadm/index.rst
+++ b/docs/public/mdadm/index.rst
@ -0,0 +1,10 @@
+mdadm
+=====
+
+Multi Disk ADMin
+
+.. toctree::
+
+ creation
+ persistence
+ manual
--- a/docs/public/mdadm/manual.rst
+++ b/docs/public/mdadm/manual.rst
@ -0,0 +1,27 @@
+Manual operations
+=================
+
+.. note::
+
+ Use --scan to refer to all known devices
+
+Details
+-------
+
+.. code:: shell
+
+ mdadm --detail /dev/md0
+
+Stop
+----
+
+.. code:: shell
+
+ mdadm --stop /dev/md0
+
+Assemble
+--------
+
+.. code:: shell
+
+ mdadm --assemble /dev/md0
--- a/docs/public/mdadm/persistence.rst
+++ b/docs/public/mdadm/persistence.rst
@ -0,0 +1,14 @@
+Persistence
+===========
+
+* reference the device in configuration
+
+.. code:: shell
+
+ mdadm --detail --scan /dev/md0 >> /etc/mdadm/mdadm.conf
+
+* update the initial file system
+
+.. code:: shell
+
+ update-initramfs -u
--- a/docs/public/nginx/configure.rst
+++ b/docs/public/nginx/configure.rst
@ -0,0 +1,8 @@
+Configure
+=========
+
+* /etc/nginx/nginx.conf
+
+.. warning:: define headers at 1 place only
+
+.. todo:: extract from server
--- a/docs/public/nginx/index.rst
+++ b/docs/public/nginx/index.rst
@ -0,0 +1,7 @@
+nginx
+=====
+
+.. toctree::
+
+ configure
+ serve
--- a/docs/public/nginx/serve.rst
+++ b/docs/public/nginx/serve.rst
@ -0,0 +1,65 @@
+Serve
+=====
+
+* /etc/nginx/sites-available/…
+
+::
+
+ server {
+     listen 80;
+     server_name _;
+     location "/mirrors" {
+         root "/";
+         autoindex on;
+     }
+     location "/" {
+         root "/data/http";
+         autoindex on;
+     }
+ }
+ server {
+     listen 443 ssl http2;
+     server_name "sous.domaine.tld";
+     ssl_certificate "/etc/nginx/certificates/nom.crt";
+     ssl_certificate_key "/etc/nginx/certificates/nom.key";
+     location "/static" {
+         root "/data/https";
+         default_type "text/html";
+         index "index.html";
+     }
+     location "/" {
+         proxy_pass "http://127.0.0.1:8069";
+         proxy_redirect off;
+         proxy_set_header Host $host;
+     }
+ }
+
+Certificates
+------------
+
+::
+
+ application/x-x509-ca-cert   crt der pem;
+ application/x-x509-user-cert pfx;
+
+Check client certificate
+------------------------
+
+::
+
+ location /protected {
+ ssl_client_certificate ca.crt;
+ ssl_verify_client on;
+ }
+
+Redirect http to https
+----------------------
+
+::
+
+ server {
+ listen 80 default_server;
+ listen [::]:80 default_server;
+ server_name _;
+ return 301 https://${host}${request_uri};
+ }
--- a/docs/public/openssh-client/index.rst
+++ b/docs/public/openssh-client/index.rst
@ -0,0 +1,20 @@
+openssh-client
+==============
+
+Configure
+---------
+
+* /etc/ssh/ssh_config
+
+.. todo:: lines
+
+Create key
+----------
+
+* ~/.ssh/id_rsa*
+
+.. code:: shell
+
+  ssh-keygen -b 4096
+
+.. todo:: other arguments
--- a/docs/public/openssh-server/index.rst
+++ b/docs/public/openssh-server/index.rst
@ -0,0 +1,95 @@
+openssh-server
+==============
+
+.. todo:: refresh sshd_config configuration
+
+Check options
+-------------
+
+::
+
+ sshd -t
+ sshd -T
+
+List algorithms
+---------------
+
+::
+
+ ssh -Q cipher
+ ssh -Q cipher-auth
+ ssh -Q mac
+ ssh -Q kex
+ ssh -Q key
+
+Configure
+---------
+
+* /etc/ssh/moduli
+
+Generate usable prime numbers pool.
+
+.. warning::
+
+  These are **VERY** long operations!
+
+.. code:: shell
+
+  ssh-keygen -b 4096 -G 4096.G
+  ssh-keygen -f 4096.G -T moduli
+
+* /etc/ssh/ssh_host_*_key
+
+types: rsa/ed25519/…?
+
+.. code:: shell
+
+  ssh-keygen -b 4096 -f /etc/ssh/ssh_host_rsa_key
+
+* /etc/ssh/sshd_config
+
+::
+
+  # daemon
+  AllowTcpForwarding yes
+  ClientAliveInterval 30
+  Compression no
+  HostKey /etc/ssh/ssh_host_rsa_key
+  IgnoreRhosts yes
+  LogLevel INFO
+  MaxStartups 16:32:64
+  PermitTunnel no
+  Port 22
+  Protocol 2
+  Subsystem sftp internal-sftp
+  TCPKeepAlive yes
+  UseDNS no
+  UseLogin no
+  UsePAM yes
+  X11Forwarding no
+
+  # authentication
+  AuthorizedKeysFile .ssh/authorized_keys
+  ChallengeResponseAuthentication no
+  Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes256-ctr
+  HostbasedAuthentication no
+  KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
+  LoginGraceTime 60
+  MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256
+  PasswordAuthentication no
+  PermitEmptyPasswords no
+  PermitRootLogin without-password
+  PubkeyAuthentication yes
+  StrictModes yes
+  UsePrivilegeSeparation sandbox
+
+  # prompt
+  Banner none
+  DebianBanner no
+  PrintLastLog yes
+  PrintMotd no
+  VersionAddendum none
+
+* authorized_keys
+
+.. todo:: about
--- a/docs/public/openssl/ca/create.rst
+++ b/docs/public/openssl/ca/create.rst
@ -0,0 +1,80 @@
+Create
+======
+
+init
+----
+
+.. code:: shell
+
+  rm --force --recursive "demoCA"
+  mkdir --parents "demoCA/newcerts"
+  echo -n "" > "demoCA/index.txt"
+  echo "00" > "demoCA/serial"
+
+request
+-------
+
+.. code:: shell
+
+  echo -n "\
+  US
+  Region / County (code)
+  City / Place
+  Decreasing / Hierarchy
+  Name
+  Name
+  alias@domain.tld
+  .
+  .
+  " \
+  | \
+  openssl \
+  req \
+  -new \
+  -key "name.pem" \
+  -out "name.csr" \
+  -utf8 \
+
+signature
+---------
+
+.. code:: shell
+
+  openssl \
+  ca \
+  -selfsign \
+  -in "name.csr" \
+  -keyfile "name.pem" \
+  -notext \
+  -out "name.crt" \
+  -startdate 20160801000000Z \
+  -enddate 20180801000000Z \
+  -batch \
+  -extensions "v3_ca" \
+
+----
+
+quick & dirty variant
+---------------------
+
+.. code:: shell
+
+  openssl \
+  ca \
+  -selfsign \
+  -keyfile "private_key.pem" \
+
+----
+
+dirtier certificate only variant
+--------------------------------
+
+.. code:: shell
+
+ openssl \
+ req \
+ -in ca.csr \
+ -x509 \
+ -days 365 \
+ -key ca.key \
+ -out ca.crt
--- a/docs/public/openssl/ca/index.rst
+++ b/docs/public/openssl/ca/index.rst
@ -0,0 +1,7 @@
+Certification Authority
+=======================
+
+.. toctree::
+
+   create
+   sign
--- a/docs/public/openssl/ca/sign.rst
+++ b/docs/public/openssl/ca/sign.rst
@ -0,0 +1,31 @@
+Sign certificate request
+========================
+
+from CA key & certificate
+-------------------------
+
+.. code:: shell
+
+ openssl \
+ x509 \
+ -CA ca.crt \
+ -CAkey ca.key \
+ -req \
+ -in "client.csr" \
+ -days 365 \
+ -out "client.crt" \
+ -set_serial nn
+
+from proper CA
+--------------
+
+.. code:: shell
+
+  openssl \
+  req \
+  -in "certificate_request.csr" \
+  -key "private_key.pem" \
+  -x509 \
+  -set_serial 0 \
+  -days 730 \
+  -out "certificate.crt"
--- a/docs/public/openssl/dispatch.rst
+++ b/docs/public/openssl/dispatch.rst
@ -0,0 +1,150 @@
+List secure ciphers
+===================
+
+.. code:: shell
+
+ openssl ciphers ALL \
+ | sed "s/:/\n/g" \
+ | grep "\(TLS\|ECDHE\)" \
+ | grep "\(POLY1305\|GCM\)" \
+ | grep --invert-match "\(DSA\|PSK\|128\)"
+
+Select cipher suites
+====================
+
+* /etc/ssl/openssl.cnf
+
+::
+
+ [system_default_sect]
+ CipherSuites="TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384"
+
+List curves
+===========
+
+.. code:: shell
+
+ openssl ecparam -list_curves
+
+Generate DHparam file
+=====================
+
+.. code:: shell
+
+ openssl dhparam -out dhparam 4096
+
+Generate private key
+====================
+
+RSA
+---
+
+.. code:: shell
+
+  openssl \
+  genrsa \
+  -out "private_key.pem" \
+  4096
+
+Human readable:
+
+.. code:: shell
+
+  openssl \
+  rsa \
+  -in "private_key.pem" \
+  -text \
+  -noout \
+  > "private_key.txt"
+
+ED25519
+-------
+
+.. code:: shell
+
+  openssl \
+  genpkey \
+  -algorithm ED25519 \
+  > "private_key.pem"
+
+Human readable:
+
+.. code:: shell
+
+  openssl \
+  pkey \
+  -in "private_key.pem" \
+  -text \
+  -noout \
+  > "private_key.txt"
+
+Generate a certificate request
+==============================
+
+* generate a private key
+
+* using . for empty fields, generate the request with:
+
+  * Country Name (2 letter code)
+  * State or Province Name (full name)
+  * Locality Name (eg, city)
+  * Organization Name (eg, company)
+  * Organizational Unit Name (eg, section)
+  * Common Name (e.g. server FQDN or YOUR name)
+  * Email Address
+  * A challenge password
+  * An optional company name
+
+.. code:: shell
+
+  echo -n "\
+  US
+  Region / County (code)
+  City / Place
+  Group / Management / Unit
+  Section
+  certificate_name
+  alias@domain.tld
+  .
+  .
+  " \
+  | \
+  openssl \
+  req \
+  -new \
+  -utf8 \
+  -key "private_key.pem" \
+  -out "certificate_request.csr" \
+  -addext "subjectAltName=DNS:*.domain.tld,DNS:*.sub.domain.tld"
+
+.. warning:: must staple, problems with nginx and apache
+
+.. code:: shell
+
+ -addext "tlsfeature=status_request"
+
+Human readable:
+
+.. code:: shell
+
+  openssl \
+  req \
+  -in "certificate_request.csr" \
+  -text \
+  -noout \
+  > "certificate_request.txt"
+
+Export client P12/PFX
+=====================
+
+* client private key
+* client certificate
+
+.. code:: shell
+
+ openssl \
+ pkcs12 \
+ -export \
+ -out client.pfx \
+ -inkey client.key \
+ -in client.crt
--- a/docs/public/openssl/index.rst
+++ b/docs/public/openssl/index.rst
@ -0,0 +1,7 @@
+openssl
+=======
+
+.. toctree::
+
+   dispatch
+   ca/index
--- a/docs/public/pandoc/build.rst
+++ b/docs/public/pandoc/build.rst
@ -0,0 +1,42 @@
+*****
+Build
+*****
+
+Formats
+=======
+
+Documents
+---------
+
+* html5
+* odt
+* docx
+* latex (--latex-engine="xelatex")
+
+Presentations
+-------------
+
+* beamer
+* dzslides
+* revealjs
+* s5
+* slideous
+* slidy
+
+Generation
+==========
+
+.. code:: shell
+
+  pandoc \
+  --data-dir="directory/path" \
+  --from="markdown" \
+  "input_file" \
+  --to="html5" \
+  --output="output_file" \
+  --standalone \
+  --number-sections \
+  --toc \
+  --toc-depth=3 \
+  --template="template_name" \
+  --css="style/relative/path"
--- a/docs/public/pandoc/index.rst
+++ b/docs/public/pandoc/index.rst
@ -0,0 +1,6 @@
+pandoc
+======
+
+.. toctree::
+
+   build
--- a/docs/public/parted/index.rst
+++ b/docs/public/parted/index.rst
@ -0,0 +1,39 @@
+parted
+======
+
+| Examples with 2 × 2 TB hard disk drives as MBR,
+| for a virtual 4 TB with data and 32 GB of swap as GPT.
+|
+
+MBR
+---
+
+::
+
+ parted /dev/sda
+ mktable msdos
+ mkpart primary 1 2000399
+
+::
+
+ parted /dev/sdb
+ mktable msdos
+ mkpart primary 1 2000399
+
+.. warning::
+
+ The first megabyte makes room for an embedded bootloader.
+
+GPT
+---
+
+::
+
+ parted /dev/md0
+ mktable gpt
+ mkpart data 1 3966128
+ mkpart swap 2 4000527
+
+.. note::
+
+ Start offset of a partition can be inferior than actual free space beginning.
--- a/docs/public/pdftk/index.rst
+++ b/docs/public/pdftk/index.rst
@ -0,0 +1,8 @@
+pdftk
+=====
+
+.. todo:: extract pages
+
+.. todo:: rotate pages
+
+.. todo:: merge documents
--- a/docs/public/python3/index.rst
+++ b/docs/public/python3/index.rst
@ -0,0 +1,13 @@
+python3
+=======
+
+.. todo:: execute command
+.. todo:: handle paths
+.. todo:: browse file hierarchy
+.. todo:: read file
+.. todo:: write file
+
+.. toctree::
+
+   syntax
+   snippets
--- a/docs/public/python3/snippets.rst
+++ b/docs/public/python3/snippets.rst
@ -0,0 +1,31 @@
+Snippets
+========
+
+Hello world
+-----------
+
+.. code:: python3
+
+ if __name__ == "__main__":
+     print("Hello, world!")
+
+Directories
+-----------
+
+Remove
+^^^^^^
+
+.. code:: python3
+
+ import shutil
+ shutil.rmtree(path)
+
+Web
+---
+
+Get
+^^^
+
+.. code:: python3
+
+ requests.get(url).content.decode(charset)
--- a/docs/public/python3/syntax.rst
+++ b/docs/public/python3/syntax.rst
@ -0,0 +1,20 @@
+******
+Syntax
+******
+
+Imports
+=======
+
+.. code:: python3
+
+  import module
+
+module.py → module/__init__.py
+------------------------------
+
+* __init__.py
+
+first/module.py → second/module.py
+----------------------------------
+
+* first
--- a/docs/public/restructuredtext/image.png
+++ b/docs/public/restructuredtext/image.png
--- a/docs/public/restructuredtext/index.rst
+++ b/docs/public/restructuredtext/index.rst
@ -0,0 +1,7 @@
+restructuredtext
+================
+
+.. toctree::
+
+   tree
+   syntax
--- a/docs/public/restructuredtext/syntax.rst
+++ b/docs/public/restructuredtext/syntax.rst
@ -0,0 +1,105 @@
+******
+Syntax
+******
+
+.. todo:: titles
+.. todo:: lists
+.. todo:: code
+.. todo:: tables
+.. todo:: images
+.. todo:: links
+
+Sections
+========
+
+.. code:: restructuredtext
+
+  ####
+  Part
+  ####
+
+  *******
+  Chapter
+  *******
+
+  Section
+  =======
+
+  SubSection
+  ----------
+
+  SubSubSection
+  ^^^^^^^^^^^^^
+
+  Paragraph
+  """""""""
+
+Links
+=====
+
+Internal
+--------
+
+declaration
+^^^^^^^^^^^
+
+.. code:: restructuredtext
+
+ .. label_name:
+
+reference
+^^^^^^^^^
+
+.. code:: restructuredtext
+
+ :ref:`label_name`_
+
+ToSort
+======
+
+.. code:: restructuredtext
+
+  .. raw:: html
+
+     <div></div>
+
+* *1 star*
+* **2 stars**
+* ``2 backquotes``
+
+| After this comma,
+| output new line
+|
+
+.. image:: image.png
+
+.. this is a really useless comment
+
+..
+    multiline
+
+    comment
+
+Indent 0
+
+  Indent 1 which
+  continues here.
+
+    Indent 2
+
+* item
+
+  * subitem
+
+* item
+
+#. first
+#. second
+
+----
+
+.. epigraph::
+
+  No matter where you go, there you are.
+
+  -- Buckaroo Banzai
--- a/docs/public/restructuredtext/tree.rst
+++ b/docs/public/restructuredtext/tree.rst
@ -0,0 +1,7 @@
+****
+Tree
+****
+
+.. code::
+
+  index
--- a/docs/public/rsync/index.rst
+++ b/docs/public/rsync/index.rst
@ -0,0 +1,6 @@
+rsync
+=====
+
+.. toctree::
+
+   snippets
--- a/docs/public/rsync/snippets.rst
+++ b/docs/public/rsync/snippets.rst
@ -0,0 +1,18 @@
+Snippets
+========
+
+Simulate sync with deletion
+---------------------------
+
+.. code:: shell
+
+ rsync \
+ --archive \
+ --chown user:group \
+ --no-whole-file \
+ --progress \
+ --verbose \
+ "/local/directory/" \
+ "user@host:/remote/directory/" \
+ --delete --delete-before --delete-after \
+ --dry-run
--- a/docs/public/smtp/index.rst
+++ b/docs/public/smtp/index.rst
@ -0,0 +1,23 @@
+smtp
+====
+
+Email with attachment
+---------------------
+
+::
+
+ Content-Type: multipart/mixed; boundary="${separator}"; charset="utf8"
+ From: first.last@sub.domain.tld
+ To: first.last@sub.domain.tld
+ Subject: Email subject
+ --${separator}
+ Content-Type: text/plain; charset="utf8"
+
+ Email body
+ --${separator}
+ Content-Disposition: attachment; filename="file name"
+ Content-Transfer-Encoding: base64
+ Content-Type: application/octet-stream
+
+ ${base64}
+ --${separator}--
--- a/docs/public/sphinx/build.rst
+++ b/docs/public/sphinx/build.rst
@ -0,0 +1,32 @@
+Build documentation
+===================
+
+HTML
+----
+
+.. code:: python3
+
+ import sphinx
+
+ sphinx.build_main([
+     '-E',
+     '-j', '2',
+     '-b', 'html',
+     '-D', 'project=Project',
+     '-c', conf_directory,
+     input_directory,
+     output_directory,
+ ])
+
+LaTeX
+-----
+
+.. code:: python3
+
+ '-b', 'latex',
+
+.. todo:: turn make command into xelatex command
+
+.. code:: shell
+
+ make PDFLATEX=xelatex -C build/latex all-pdf
--- a/docs/public/sphinx/configure.rst
+++ b/docs/public/sphinx/configure.rst
@ -0,0 +1,76 @@
+Configure documentation
+=======================
+
+* conf.py
+
+Sphinx
+------
+
+.. code:: python3
+
+ author = 'Author'
+ copyright = ''
+ extensions = [
+     'sphinx.ext.autodoc',
+     'sphinx.ext.doctest',
+     'sphinx.ext.todo',
+     'sphinx.ext.imgmath',
+     'sphinx.ext.ifconfig',
+     'sphinx.ext.viewcode',
+ ]
+ keep_warnings = False
+ language = 'en'
+ master_doc = 'index'
+ project = 'Project'
+ pygments_style = 'sphinx'
+ release = ''
+ show_authors = False
+ source_suffix = [
+     '.rst',
+ ]
+ todo_include_todos = True
+ version = ''
+
+HTML
+----
+
+.. code:: python3
+
+ html_show_copyright = False
+ html_show_sourcelink = True
+ html_show_sphinx = False
+ html_theme = 'sphinx_rtd_theme'
+ html_title = 'Title'
+ html_use_smartypants = False
+
+MarkDown
+--------
+
+.. code:: python3
+
+ source_parsers = {
+     '.md': 'recommonmark.parser.CommonMarkParser',
+ }
+ source_suffix = ['.rst', '.md']
+
+LaTeX
+-----
+
+.. code:: python3
+
+ latex_elements = {
+     'fontenc': r'\usepackage{fontspec}',
+     'fontpkg': r'''
+ \setmainfont{DejaVu Serif}
+ \setsansfont{DejaVu Sans}
+ \setmonofont{DejaVu Sans Mono}
+ ''',
+     'papersize': 'a4paper',
+     'pointsize': '12pt',
+ }
+ latex_documents = [
+     (master_doc, 'FileName.tex', 'Title',
+      'Author', 'howto/manual'),
+ ]
+ latex_use_parts = False
+ latex_keep_old_macro_names = False
--- a/docs/public/sphinx/create.rst
+++ b/docs/public/sphinx/create.rst
@ -0,0 +1,3 @@
+********************
+Create documentation
+********************
--- a/docs/public/sphinx/index.rst
+++ b/docs/public/sphinx/index.rst
@ -0,0 +1,9 @@
+sphinx
+======
+
+.. toctree::
+
+   install
+   configure
+   create
+   build
--- a/docs/public/sphinx/install.rst
+++ b/docs/public/sphinx/install.rst
@ -0,0 +1,13 @@
+Install
+=======
+
+.. code:: shell
+
+ apt install python3-sphinx
+ apt install python3-sphinx-rtd-theme
+
+* if markdown documents
+
+.. code:: shell
+
+ apt install python3-recommonmark
--- a/docs/public/squashfs-tools/index.rst
+++ b/docs/public/squashfs-tools/index.rst
@ -0,0 +1,25 @@
+squashfs-tools
+==============
+
+Archive
+-------
+
+.. code:: shell
+
+ mksquashfs \
+ /directory \
+ /filesystem.squashfs \
+ -b 1m \
+ -comp xz
+
+.. todo:: compression options
+
+Unarchive
+---------
+
+.. code:: shell
+
+ unsquashfs \
+ /filesystem.squashfs
+
+.. todo:: specify output directory's name
--- a/docs/public/systemd/index.rst
+++ b/docs/public/systemd/index.rst
@ -0,0 +1,8 @@
+systemd
+=======
+
+.. toctree::
+
+   system
+   services
+   journal
--- a/docs/public/systemd/journal.rst
+++ b/docs/public/systemd/journal.rst
@ -0,0 +1,3 @@
+***************
+Control journal
+***************
--- a/Show more
+++ b/Show more