init commit
diff --git a/apt-cacher/files/acng.conf.Debian b/apt-cacher/files/acng.conf.Debian
new file mode 100644
index 0000000..f8067a8
--- /dev/null
+++ b/apt-cacher/files/acng.conf.Debian
@@ -0,0 +1,423 @@
+{%- from "apt-cacher-ng/map.jinja" import server with context %}
+# This is a configuration file for apt-cacher-ng, a smart caching proxy for
+# software package downloads. It's supposed to be in a directory specified by
+# the -c option of apt-cacher-ng, see apt-cacher-ng(8) for details.
+#
+# NOTE: command line switches and other configuration files matching the same
+# file naming scheme (*.conf) can override values from this file.
+
+# Letter case in variable names does not matter, names and values should be
+# separated with colons. For boolean variables, zero number is considered false,
+# non-zero considered true. If a default value is not explicitly mentioned in
+# the description, the commented value assignments mostly represent the default
+# values of the particular variables.
+
+# Storage directory for downloaded data and related maintenance activity.
+#
+CacheDir: /var/cache/apt-cacher-ng
+
+# Log file directory, can be set empty to disable logging
+#
+LogDir: /var/log/apt-cacher-ng
+
+# A place to look for additional configuration and resource files if they are not
+# found in the configuration directory
+#
+# SupportDir: /usr/lib/apt-cacher-ng
+
+# TCP server port for incoming http (or HTTP proxy) connections.
+# Can be set to 9999 to emulate apt-proxy.
+#
+Port: {{ server.bind.port }}
+
+# Addresses or hostnames to listen on. Multiple addresses must be separated by
+# spaces. Each entry must be an exact local address which is associated with a
+# local interface. DNS resolution is performed using getaddrinfo(3) for all
+# available protocols (IPv4, IPv6, ...). Using a protocol specific format will
+# create binding(s) only on protocol specific socket(s), e.g. 0.0.0.0 will
+# listen only to IPv4.
+#
+# Default: listens on all interfaces and protocols
+#
+# BindAddress: localhost 192.168.7.254 publicNameOnMainInterface
+BindAddress {{ server.bind.address }}
+# The specification of another HTTP proxy which shall be used for downloads.
+# It can include user name and password but see the manual for limitations.
+#
+# Default: uses direct connection
+#
+# Proxy: http://www-proxy.example.net:3128
+# Proxy: https://username:proxypassword@proxy.example.net:3129
+
+# Repository remapping. See manual for details.
+# In this example, some backends files might be generated during package
+# installation using information collected on the system.
+# Examples:
+Remap-debrep: file:deb_mirror*.gz /debian ; file:backends_debian # Debian Archives
+Remap-uburep: file:ubuntu_mirrors /ubuntu ; file:backends_ubuntu # Ubuntu Archives
+Remap-debvol: file:debvol_mirror*.gz /debian-volatile ; file:backends_debvol # Debian Volatile Archives
+Remap-cygwin: file:cygwin_mirrors /cygwin # ; file:backends_cygwin # incomplete, please create this file or specify preferred mirrors here
+Remap-sfnet: file:sfnet_mirrors # ; file:backends_sfnet # incomplete, please create this file or specify preferred mirrors here
+Remap-alxrep: file:archlx_mirrors /archlinux # ; file:backend_archlx # Arch Linux
+Remap-fedora: file:fedora_mirrors # Fedora Linux
+Remap-epel: file:epel_mirrors # Fedora EPEL
+Remap-slrep: file:sl_mirrors # Scientific Linux
+Remap-gentoo: file:gentoo_mirrors.gz /gentoo ; file:backends_gentoo # Gentoo Archives
+
+# This is usually not needed for security.debian.org because it's always the
+# same DNS hostname. However, it might be enabled in order to use hooks
+# or ForceManaged mode or special flags in this context. Not set by default.
+# Remap-secdeb: security.debian.org
+
+# Virtual page accessible in a web browser to see statistics and status
+# information, i.e. under http://localhost:3142/acng-report.html
+#
+# Default: not set, should be set by the system administrator
+#
+ReportPage: acng-report.html
+
+# Socket file for accessing through local UNIX socket instead of TCP/IP. Can be
+# used with inetd bridge or cron client.
+# Default: not set, UNIX socket bridge is disabled.
+#
+# SocketPath:/var/run/apt-cacher-ng/socket
+
+# If set to 1, makes log files be written to disk on every new line. Default
+# is 0, buffers are flushed after the client disconnects. Technically,
+# it's a convenience alias for the Debug option, see below for details.
+#
+# UnbufferLogs: 0
+
+# Enables extended client information in log entries. When set to 0, only
+# activity type, time and transfer sizes are logged.
+#
+# VerboseLog: 1
+
+# Don't detach from the starting console.
+#
+# ForeGround: 0
+
+# Store the pid of the daemon process in the specified text file.
+# Default: disabled
+#
+# PidFile: /var/run/apt-cacher-ng/pid
+
+# Forbid outgoing connections and work without an internet connection or
+# respond with 503 error where it's not possible.
+#
+# Offlinemode: 0
+
+# Forbid downloads from locations that are directly specified in the user
+# request, i.e. all downloads must be processed by the preconfigured remapping
+# backends (see above).
+#
+# ForceManaged: 0
+
+# Days before considering an unreferenced file expired (to be deleted).
+# WARNING: if the value is set too low and particular index files are not
+# available for some days (mirror downtime) then there is a risk of removal of
+# still useful package files.
+#
+ExTreshold: 4
+
+# Stop expiration when a critical problem appears, issue like a failed update
+# of an index file in the preparation step.
+#
+# WARNING: don't set this option to zero or empty without considering possible
+# consequences like a sudden and complete cache data loss.
+#
+# ExAbortOnProblems: 1
+
+# Number of failed nightly expiration runs which are considered acceptable and
+# do not trigger an error notification to the admin (e.g. via daily cron job)
+# before the (day) count is reached. Might be useful with whacky internet
+# connections.
+#
+# Default: a guessed value, 1 if ExTreshold is 5 or more, 0 otherwise.
+#
+# ExSuppressAdminNotification: 1
+
+# Modify file names to work around limitations of some file systems.
+# WARNING: experimental feature, subject to change
+#
+# StupidFs: 0
+
+# Experimental feature for apt-listbugs: pass-through SOAP requests and
+# responses to/from bugs.debian.org.
+# Default: guessed value, true unless ForceManaged is enabled
+#
+# ForwardBtsSoap: 1
+
+# There is a small in-memory cache for DNS resolution data, expired by
+# this timeout (in seconds). Internal caching is disabled if set to a value
+# less than zero.
+#
+# DnsCacheSeconds: 1800
+
+###############################################################################
+#
+# WARNING: don't modify thread and file matching parameters without a clear
+# idea of what is happening behind the scene!
+#
+# Max. count of connection threads kept ready (for faster response in the
+# future). Should be a sane value between 0 and average number of connections,
+# and depend on the amount of spare RAM.
+# MaxStandbyConThreads: 8
+#
+# Hard limit of active thread count for incoming connections, i.e. operation
+# is refused when this value is reached (below zero = unlimited).
+# MaxConThreads: -1
+#
+# Pigeonholing files with regular expressions (static/volatile). Can be
+# overriden here but not should not be done permanently because future update
+# of default settings would not be applied later.
+# VfilePattern = (^|.*/)(Index|Packages(\.gz|\.bz2|\.lzma|\.xz)?|InRelease|Release|Release\.gpg|custom\.gpg|mirrors.txt|Sources(\.gz|\.bz2|\.lzma|\.xz)?|release|index\.db-.*\.gz|Contents-[^/]*(\.gz|\.bz2|\.lzma|\.xz)?|pkglist[^/]*\.bz2|rclist[^/]*\.bz2|meta-release[^/]*|Translation[^/]*(\.gz|\.bz2|\.lzma|\.xz)?|MD5SUMS|SHA1SUMS|((setup|setup-legacy)(\.ini|\.bz2|\.hint)(\.sig)?)|mirrors\.lst|repo(index|md)\.xml(\.asc|\.key)?|directory\.yast|products|content(\.asc|\.key)?|media|filelists\.xml\.gz|filelists\.sqlite\.bz2|repomd\.xml|packages\.[a-zA-Z][a-zA-Z]\.gz|info\.txt|license\.tar\.gz|license\.zip|.*\.(db|files|abs)(\.tar(\.gz|\.bz2|\.lzma|\.xz))?|metalink\?repo|.*prestodelta\.xml\.gz|repodata/.*\.(xml|sqlite)(\.gz|\.bz2|\.lzma|\.xz))$|/dists/.*/installer-[^/]+/[^0-9][^/]+/images/.*
+# PfilePattern = .*(\.d?deb|\.rpm|\.drpm|\.dsc|\.tar(\.gz|\.bz2|\.lzma|\.xz)(\.gpg)?|\.diff(\.gz|\.bz2|\.lzma|\.xz)|\.jigdo|\.template|changelog|copyright|\.udeb|\.debdelta|\.diff/.*\.gz|(Devel)?ReleaseAnnouncement(\?.*)?|[a-f0-9]+-(susedata|updateinfo|primary|deltainfo).xml.gz|fonts/(final/)?[a-z]+32.exe(\?download.*)?|/dists/.*/installer-[^/]+/[0-9][^/]+/images/.*)$
+#
+# Whitelist for expiration, file types not to be removed even when being
+# unreferenced. Default: many parts from VfilePattern where no parent index
+# exists or might be unknown.
+# WfilePattern = (^|.*/)(Release|InRelease|Release\.gpg|custom\.gpg|(Packages|Sources)(\.gz|\.bz2|\.lzma|\.xz)?|Translation[^/]*(\.gz|\.bz2|\.lzma|\.xz)?|MD5SUMS|SHA1SUMS|.*\.xml|.*\.(db|files|abs)(\.tar(\.gz|\.bz2|\.lzma|\.xz))?|[a-z]+32.exe)$|/dists/.*/installer-.*/images/.*
+#
+###############################################################################
+
+# A bitmask type value declaring the loging verbosity and behavior of the error
+# log writing. Non-zero value triggers at least faster log file flushing.
+#
+# Some higher bits only working with a special debug build of apt-cacher-ng,
+# see the manual for details. The setting has an alias named UnbufferLogs.
+#
+# WARNING: this can write significant amount of data into apt-cacher.err logfile.
+#
+# Default: 0
+#
+# Debug:3
+
+# Usually, general purpose proxies like Squid expose the IP address of the
+# client user to the remote server using the X-Forwarded-For HTTP header. This
+# behaviour can be optionally turned on with the Expose-Origin option.
+#
+# ExposeOrigin: 0
+
+# When logging the originating IP address, trust the information supplied by
+# the client in the X-Forwarded-For header.
+#
+# LogSubmittedOrigin: 0
+
+# The version string reported to the peer, to be displayed as HTTP client (and
+# version) in the logs of the mirror.
+#
+# WARNING: Expect side effects! Some archives use this header to guess
+# capabilities of the client (i.e. allow redirection and/or https links) and
+# change their behaviour accordingly but ACNG might not support the expected
+# features.
+#
+# Default:
+#
+# UserAgent: Yet Another HTTP Client/1.2.3p4
+
+# In some cases the Import and Expiration tasks might create fresh volatile
+# data for internal use by reconstructing them using patch files. This
+# by-product might be recompressed with bzip2 and with some luck the resulting
+# file becomes identical to the *.bz2 file on the server which can be used by
+# APT when requesting a complete version of this file.
+# The downside of this feature is higher CPU load on the server during
+# the maintenance tasks, and the outcome might have not much value in a LAN
+# where all clients update their data often and regularly and therefore usually
+# don't need the full version of the index file.
+#
+# RecompBz2: 0
+
+# Network timeout for outgoing connections, in seconds.
+#
+# NetworkTimeout: 60
+
+# Sometimes it makes sense to not store the data in cache and just return the
+# package data to client while it comes in. The following DontCache* parameters
+# can enable this behaviour for certain URL types. The tokens are extended
+# regular expressions which the URLs are evaluated against.
+#
+# DontCacheRequested is applied to the URL as it comes in from the client.
+# Example: exclude packages built with kernel-package for x86
+# DontCacheRequested: linux-.*_10\...\.Custo._i386
+# Example usecase: exclude popular private IP ranges from caching
+# DontCacheRequested: 192.168.0 ^10\..* 172.30
+#
+# DontCacheResolved is applied to URLs after mapping to the target server. If
+# multiple backend servers are specified then it's only matched against the
+# download link for the FIRST possible source (due to implementation limits).
+#
+# Example usecase: all Ubuntu stuff comes from a local mirror (specified as
+# backend), don't cache it again:
+# DontCacheResolved: ubuntumirror.local.net
+#
+# DontCache directive sets (overrides) both, DontCacheResolved and
+# DontCacheRequested. Provided for convenience, see those directives for
+# details.
+#
+# Example:
+# DontCache: .*.local.university.int
+
+# Default permission set of freshly created files and directories, as octal
+# numbers (see chmod(1) for details).
+# Can by limited by the umask value (see umask(2) for details) if it's set in
+# the environment of the starting shell, e.g. in apt-cacher-ng init script or
+# in its configuration file.
+#
+# DirPerms: 00755
+# FilePerms: 00664
+
+# It's possible to use use apt-cacher-ng as a regular web server with a limited
+# feature set, i.e. directory browsing, downloads of any files, Content-Type
+# based on /etc/mime.types, but without sorting, CGI execution, index page
+# redirection and other funny things.
+# To get this behavior, mappings between virtual directories and real
+# directories on the server must be defined with the LocalDirs directive.
+# Virtual and real directories are separated by spaces, multiple pairs are
+# separated by semi-colons. Real directories must be absolute paths.
+# NOTE: Since the names of that key directories share the same namespace as
+# repository names (see Remap-...) it is administrator's job to avoid conflicts
+# between them or explicitly create them.
+#
+# LocalDirs: woo /data/debarchive/woody ; hamm /data/debarchive/hamm
+LocalDirs: acng-doc /usr/share/doc/apt-cacher-ng
+
+# Precache a set of files referenced by specified index files. This can be used
+# to create a partial mirror usable for offline work. There are certain limits
+# and restrictions on the path specification, see manual and the cache control
+# web site for details. A list of (maybe) relevant index files could be
+# retrieved via "apt-get --print-uris update" on a client machine.
+#
+# Example:
+# PrecacheFor: debrep/dists/unstable/*/source/Sources* debrep/dists/unstable/*/binary-amd64/Packages*
+
+# Arbitrary set of data to append to request headers sent over the wire. Should
+# be a well formated HTTP headers part including newlines (DOS style) which
+# can be entered as escape sequences (\r\n).
+#
+# RequestAppendix: X-Tracking-Choice: do-not-track\r\n
+
+# Specifies the IP protocol families to use for remote connections. Order does
+# matter, first specified are considered first. Possible combinations:
+# v6 v4
+# v4 v6
+# v6
+# v4
+# Default: use native order of the system's TCP/IP stack
+#
+# ConnectProto: v6 v4
+
+# Regular expiration algorithm finds package files which are no longer listed
+# in any index file and removes them of them after a safety period.
+# This option allows to keep more versions of a package in the cache after
+# safety period is over.
+#
+# KeepExtraVersions: 1
+
+# Optionally uses TCP access control provided by libwrap, see hosts_access(5)
+# for details. Daemon name is apt-cacher-ng.
+#
+# Default: guessed on startup by looking for explicit mention of apt-cacher-ng
+# in /etc/hosts.allow or /etc/hosts.deny files.
+#
+# UseWrap: 0
+
+# If many machines from the same local network attempt to update index files
+# (apt-get update) at nearly the same time, the known state of these index file
+# is temporarily frozen and multiple requests receive the cached response
+# without contacting the remote server again. This parameter (in seconds)
+# specifies the length of this period before these (volatile) files are
+# considered outdated.
+# Setting this value too low transfers more data and increases remote server
+# load, setting this too high (more than a couple of minutes) increases the
+# risk of delivering inconsistent responses to the clients.
+#
+# FreshIndexMaxAge: 27
+
+# Usually the users are not allowed to specify custom TCP ports of remote
+# mirrors in the requests, only the default HTTP port can be used (as
+# workaround, proxy administrator can create Remap- rules with custom ports).
+# This restriction can be disabled by specifying a list of allowed ports or 0
+# for any port.
+#
+# AllowUserPorts: 80
+
+# Normally the HTTP redirection responses are forwarded to the original caller
+# (i.e. APT) which starts a new download attempt from the new URL. This
+# solution is ok for client configurations with proxy mode but doesn't work
+# well with configurations using URL prefixes in sources.list. To work around
+# this the server can restart its own download with a redirection URL,
+# configured with the following option. The downside is that this might be used
+# to circumvent download source policies by malicious users.
+# The RedirMax option specifies how many such redirects the server is allowed
+# to follow per request, 0 disables the internal redirection.
+# Default: guessed on startup, 0 if ForceManaged is used and 5 otherwise.
+#
+# RedirMax: 5
+
+# There some broken HTTP servers and proxy servers in the wild which don't
+# support the If-Range header correctly and return incorrect data when the
+# contents of a (volatile) file changed. Setting VfileUseRangeOps to zero
+# disables Range-based requests while retrieving volatile files, using
+# If-Modified-Since and requesting the complete file instead. Setting it to
+# a negative value removes even If-Modified-Since headers.
+#
+# VfileUseRangeOps: 1
+
+# Allow data pass-through mode for certain hosts when requested by the client
+# using a CONNECT request. This is particularly useful to allow access to SSL
+# sites (https proxying). The string is a regular expression which should cover
+# the server name with port and must be correctly formated and terminated.
+# Examples:
+# PassThroughPattern: private-ppa\.launchpad\.net:443$
+# PassThroughPattern: .* # this would allow CONNECT to everything
+
+# It's possible that an evil client requests a volatile file but does not
+# retrieve the response and keeps the connection effectively stuck over
+# many hours, blocking the particular file for other download attempts (which
+# leads to not reporting file changes on server side to other users). The work
+# around is the use of alternative file descriptors inside of apt-cacher-ng,
+# however this might cost some extra download traffic due to worse cache usage.
+# The ResponseFreezeDetectTime value specifies when a file descriptor in the
+# mentioned state is to be considered defect and will require special handling.
+# Default time is 500 seconds.
+#
+# ResponseFreezeDetectTime: 500
+
+# Keep outgoing connections alive and reuse them for later downloads from
+# the same server as long as possible.
+#
+# ReuseConnections: 1
+
+# Maximum number of requests sent in a batch to remote servers before the first
+# response is expected. Using higher values can greatly improve average
+# throughput depending on network latency and the implementation of remote
+# servers. Makes most sense when also enabled on the client side, see apt.conf
+# documentation for details.
+#
+# Default: 255 if ReuseConnections is set, 1 otherwise
+#
+# PipelineDepth: 255
+
+# Path to the system directory containing trusted CA certificates used for
+# outgoing connections, see OpenSSL documentation for details.
+#
+# CApath: /etc/ssl/certs
+#
+# Path to a single trusted trusted CA certificate used for outgoing
+# connections, see OpenSSL documentation for details.
+#
+# CAfile:
+
+
+# If this value is set to a (positive) number of seconds then the proxy host
+# specified by Proxy setting will be ignored if a connection to this host
+# could not be established within this time span. The connection will then
+# be made without HTTP proxy for the life time of the particular download
+# stream and it may also affect other users on multiuser systems.
+#
+# NOTE: this feature is highly experimental and is subject to change! It can
+# interfere badly with the per-repository proxy setting.
+#
+# OptProxyTimeout: -1
+