add some things before removing them

host_aliases

@@ -0,0 +1,3 @@
+shuttle haggis.no-ip.org
+server csbnw.no-ip.org
+sepia boukefalos.no-ip.org

jenkins/config.xml

@@ -0,0 +1,33 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<hudson>
+  <disabledAdministrativeMonitors/>
+  <version>1.0</version>
+  <numExecutors>2</numExecutors>
+  <mode>NORMAL</mode>
+  <useSecurity>true</useSecurity>
+  <authorizationStrategy class="hudson.security.AuthorizationStrategy$Unsecured"/>
+  <securityRealm class="hudson.security.SecurityRealm$None"/>
+  <disableRememberMe>false</disableRememberMe>
+  <projectNamingStrategy class="jenkins.model.ProjectNamingStrategy$DefaultProjectNamingStrategy"/>
+  <workspaceDir>${ITEM_ROOTDIR}/workspace</workspaceDir>
+  <buildsDir>${ITEM_ROOTDIR}/builds</buildsDir>
+  <jdks/>
+  <viewsTabBar class="hudson.views.DefaultViewsTabBar"/>
+  <myViewsTabBar class="hudson.views.DefaultMyViewsTabBar"/>
+  <clouds/>
+  <scmCheckoutRetryCount>0</scmCheckoutRetryCount>
+  <views>
+    <hudson.model.AllView>
+      <owner class="hudson" reference="../../.."/>
+      <name>all</name>
+      <filterExecutors>false</filterExecutors>
+      <filterQueue>false</filterQueue>
+      <properties class="hudson.model.View$PropertyList"/>
+    </hudson.model.AllView>
+  </views>
+  <primaryView>all</primaryView>
+  <slaveAgentPort>0</slaveAgentPort>
+  <label></label>
+  <nodeProperties/>
+  <globalNodeProperties/>
+</hudson>

jenkins/hudson.model.UpdateCenter.xml

@@ -0,0 +1,7 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<sites>
+  <site>
+    <id>default</id>
+    <url>http://updates.jenkins-ci.org/update-center.json</url>
+  </site>
+</sites>

jenkins/nodeMonitors.xml

@@ -0,0 +1,23 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<hudson.util.DescribableList>
+  <hudson.node__monitors.ArchitectureMonitor>
+    <ignored>false</ignored>
+  </hudson.node__monitors.ArchitectureMonitor>
+  <hudson.node__monitors.ClockMonitor>
+    <ignored>false</ignored>
+  </hudson.node__monitors.ClockMonitor>
+  <hudson.node__monitors.DiskSpaceMonitor>
+    <ignored>false</ignored>
+    <freeSpaceThreshold>1GB</freeSpaceThreshold>
+  </hudson.node__monitors.DiskSpaceMonitor>
+  <hudson.node__monitors.SwapSpaceMonitor>
+    <ignored>false</ignored>
+  </hudson.node__monitors.SwapSpaceMonitor>
+  <hudson.node__monitors.TemporarySpaceMonitor>
+    <ignored>false</ignored>
+    <freeSpaceThreshold>1GB</freeSpaceThreshold>
+  </hudson.node__monitors.TemporarySpaceMonitor>
+  <hudson.node__monitors.ResponseTimeMonitor>
+    <ignored>false</ignored>
+  </hudson.node__monitors.ResponseTimeMonitor>
+</hudson.util.DescribableList>

jenkins/queue.xml

@@ -0,0 +1,5 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<hudson.model.Queue_-State>
+  <counter>0</counter>
+  <items/>
+</hudson.model.Queue_-State>

lighttpd/etc/.lighttpdpassword

@@ -0,0 +1 @@
+user:makreel

lighttpd/etc/lighttpd/global.conf

@@ -0,0 +1,61 @@
+server.modules += ("mod_auth", "mod_setenv")
+
+$SERVER["socket"] == ":81" {
+    server.document-root = "/host/var/www/global"
+    auth.backend = "plain"
+    auth.backend.plain.userfile = "/host/etc/.lighttpdpassword"
+
+    $HTTP["url"] !~ "^(/public/.*|/.well-known/.*)" {
+        auth.require = (
+            "/" => (
+                "method" => "basic",
+                "realm" => "Password protected area",
+                "require" => "valid-user"
+            )
+        )
+    }
+    
+    $HTTP["host"] =~ "^bewind\.veenboer\.online" {
+        url.redirect = ( "^/(.*)" => "https://bewind.veenboer.online/" )
+    }
+}
+
+$SERVER["socket"] == ":443" {
+    server.document-root = "/host/var/www/global"
+
+    # Enable SSL
+    ssl.engine = "enable"
+    ssl.pemfile = "/host/etc/certs/key+certificate.pem"
+    ssl.ca-file = "/host/etc/certs/intermediate.pem"
+    ssl.dh-file = "/host/etc/certs/dh.pem"
+
+    # Increased security, from https://cipherli.st/
+    ssl.honor-cipher-order = "enable"
+    ssl.cipher-list = "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"
+    setenv.add-response-header = (
+        "Strict-Transport-Security" => "max-age=63072000; includeSubdomains; preload",
+        "X-Frame-Options" => "DENY",
+        "X-Content-Type-Options" => "nosniff"
+    )
+    ssl.use-sslv2 = "disable"
+    ssl.use-sslv3 = "disable"
+
+    # Increased security, from https://raymii.org/s/tutorials/HTTP_Strict_Transport_Security_for_Apache_NGINX_and_Lighttpd.html
+    $HTTP["scheme"] == "https" {
+        setenv.add-response-header = (
+            # "Strict-Transport-Security" => "max-age=63072000; includeSubdomains; preload",
+            "X-Frame-Options" => "DENY"
+        )
+    }
+
+    # Authentication
+    auth.backend = "plain"
+    auth.backend.plain.userfile = "/host/etc/.lighttpdpassword"
+    auth.require = (
+        "/" => (
+            "method" => "basic",
+            "realm" => "Password protected area",
+            "require" => "valid-user"
+        )
+    )
+}