Add ".editorconfig"

This allows customisation of the behaviour of the front-end in regards
to indent styles and indent sizes, among other options.

.editorconfig

@@ -0,0 +1,28 @@
+root = true
+
+[*]
+indent_style = tab
+indent_size = 4
+tab_width = 4
+end_of_line = lf
+charset = utf-8
+trim_trailing_whitespace = true
+insert_final_newline = false
+
+[*.{go,tmpl,html}]
+indent_style = tab
+
+[templates/custom/*.tmpl]
+insert_final_newline = false
+
+[templates/swagger/v1_json.tmpl]
+indent_style = space
+
+[templates/user/auth/oidc_wellknown.tmpl]
+indent_style = space
+
+[Makefile]
+indent_style = tab
+
+[*.svg]
+insert_final_newline = false

docinfo.html

@@ -0,0 +1,6 @@
+<style>
+h1, h2, h3, h4, h5, h6, .h-link {
+		color: #ffffff;
+		font-style: bold;
+}
+</style>

readme.adoc

@@ -0,0 +1,57 @@
+= Documentation
+:docinfo: shared
+
+Inferencium documentation.
+
+
+[id=branches]
+== [.h-link]#<<branches,Branches>>#
+
+=== https://src.inferencium.net/Inferencium/doc/src/branch/main/[main]
+
+Documentation root directory files pre-alpha development and alpha testing occurs in this branch. +
+Feature-complete modifications of this branch are merged to beta branch for beta testing.
+
+=== https://src.inferencium.net/Inferencium/doc/src/branch/security/[security]
+
+Documentation security files pre-alpha development and alpha testing occurs in this branch. +
+Feature-complete modifications of this branch are merged to beta branch for beta testing.
+
+=== https://src.inferencium.net/Inferencium/doc/src/branch/spec/[spec]
+
+Documentation specification files pre-alpha development and alpha testing occurs in this branch. +
+Feature-complete modifications of this branch are merged to beta branch for beta testing.
+
+=== https://src.inferencium.net/Inferencium/doc/src/branch/license/[license]
+
+Documentation license files pre-alpha and alpha testing occurs in this branch. +
+Feature-complete modifications of this branch are merged to beta branch for beta testing.
+
+=== https://src.inferencium.net/Inferencium/doc/src/branch/beta/[beta]
+
+Feature-complete beta testing of merged code from development branches occurs in this branch. +
+Merges from development branches to this branch are squashed, and the updated versions of the
+individual files are mentioned in the commit messages.
+
+=== https://src.inferencium.net/Inferencium/doc/src/branch/stable/[stable]
+
+Feature-complete and tested versions from beta branch are stored in this branch. +
+Merges from beta branch to this branch are squashed, and the updated versions of the individual
+files are mentioned in the commit messages. +
+This branch contains code used in production.
+
+
+[id=security]
+== [.h-link]#<<security,Security>>#
+
+All files are checked for security issues; however, it is always the user's responsibility to audit
+the code before installing and/or executing it. Inferencium takes no responsibility for any security
+issues which may arise due to usage of this repository.
+
+
+[id=licensing]
+== [.h-link]#<<licensing,Licensing>>#
+
+All content is licensed under
+https://src.inferencium.net/Inferencium/doc/src/branch/stable/license/CC-BY-4.0.txt[Creative Commons Attribution 4.0 International]
+license.

security/hardened_malloc.adoc

@@ -1,64 +0,0 @@
-= GrapheneOS hardened_malloc
-
-// Copyright 2023 Jake Winters
-// SPDX-License-Identifier: CC-BY-4.0
-
-Version: 0.1.1.13
-
-
-This documentation contains instructions to use
-https://github.com/GrapheneOS/hardened_malloc[GrapheneOS hardened_malloc] memory allocator as the
-system's default memory allocator. These instructions apply to both musl and glibc C libraries on
-Unix-based and Unix-like systems. hardened_malloc can also be used per-application and/or per-user,
-in which case root permissions are not required; this documentation focuses on system-wide usage
-of hardened_malloc, assumes root privileges, and assumes the compiled library will be located in a
-path readable by all users of the system.
-
-
-== Increase Permitted Amount of Memory Pages
-
-Add `vm.max_map_count = 1048576` to `/etc/sysctl.conf` to accommodate hardened_malloc's large amount
-of guard pages.
-
-== Clone hardened_malloc Source Code
-
-`$ git clone https://github.com/GrapheneOS/hardened_malloc.git`
-
-== Enter hardened_malloc Local Git Repository
-
-`$ cd hardened_malloc/`
-
-== Compile hardened_malloc
-
-`$ make <arguments>`
-
-`CONFIG_N_ARENA=n` can be adjusted to increase parallel performance at the expense of memory usage,
-or decrease memory usage at the expense of parallel performance, where `n` is an integer. Higher
-values prefer parallel performance, lower values prefer lower memory usage. The number of arenas has
-no impact on the security properties of hardened_malloc.
-
-* Minimum number of arenas: 1
-* Maximum number of arenas: 256
-
-For extra security, `CONFIG_SEAL_METADATA=true` can be used in order to control whether Memory
-Protection Keys are used to disable access to all writable allocator state outside of the memory
-allocator code. It's currently disabled by default due to a significant performance cost for this
-use case on current generation hardware. Whether or not this feature is enabled, the metadata is all
-contained within an isolated memory region with high entropy random guard regions around it.
-
-For low-memory systems, `VARIANT=light` can be used to compile the light variant of hardened_malloc,
-which sacrifices some security for much less memory usage.
-
-For all compile-time options, see the
-https://github.com/GrapheneOS/hardened_malloc#configuration[configuration section] of
-hardened_malloc's extensive official documentation.
-
-== Copy Compiled hardened_malloc Library
-
-`# cp out/libhardened_malloc.so <target_path>`
-
-== Set System to Preload hardened_malloc on Boot
-
-musl-based systems: Add `export LD_PRELOAD="<hardened_malloc_path>"` to `/etc/environment` +
- +
-glibc-based systems: Add `<hardened_malloc_path>` to `/etc/ld.so.preload`

security/openssl_selfsigned_certificate_chain.adoc

@@ -1,83 +0,0 @@
-= OpenSSL Self-signed Certificate Chain
-
-// Copyright 2023 Jake Winters
-// SPDX-License-Identifier: CC-BY-4.0
-
-Version: 0.0.5.14
-
-
-This documentation contains the complete set of commands to create a new OpenSSL self-signed
-certificate chain with V3 subjectAltName (SAN) extensions enabled.
-Multiple SANs can be included in a certificate by adding each domain as a comma-delimited string.
-Each key can be encrypted or unencrypted, with multiple encryption options; AES is recommended.
-Optional verification can also be performed between multiple levels of certificates to ensure the
-chain of trust is valid.
-
-
-== Create Certificate Authority Key
-
-`openssl genrsa -aes256 -out ca-key.pem 4096`
-
-== Verify Certificate Authority Key
-
-`openssl rsa -noout -text -in ca-key.pem`
-
-== Create Certificate Authority Certificate
-
-`openssl req -new -x509 -days 3653 -extensions v3_ca -key ca-key.pem -out ca-crt.pem`
-
-== Convert Certificate to PEM Format
-
-`openssl x509 -in ca-crt.pem -out ca-crt.pem -outform PEM`
-
-== Verify Certificate Authority Certificate
-
-`openssl x509 -noout -text -in ca-crt.pem`
-
-== Create Intermediate Certificate Authority Key
-
-`openssl genrsa -aes256 -out intermediate-key.pem 4096`
-
-== Verify Intermediate Certificate Authority Key
-
-`openssl rsa -noout -text -in intermediate-key.pem`
-
-== Create Intermediate Certificate Signing Request
-
-`openssl req -new -sha256 -key intermediate-key.pem -out intermediate-csr.pem`
-
-== Create Intermediate Certificate Authority Certificate
-
-`openssl ca -config intermediate.conf -extensions v3_intermediate_ca -days 1096 -notext -md sha256 -in intermediate-csr.pem -out intermediate-crt.pem`
-
-== Verify Intermediate Certificate Authority Certificate
-
-`openssl x509 -noout -text -in intermediate-crt.pem`
-
-== Verify Chain of Trust (CA to Intermediate)
-
-`openssl verify -CAfile ca-crt.pem intermediate-crt.pem`
-
-== Create Server Key
-
-`openssl genrsa -aes256 -out server-key.pem 2048`
-
-== Verify Server Key
-
-`openssl rsa -noout -text -in server-key.pem`
-
-== Create Server Cerificate Signing Request
-
-`openssl req -new -sha256 -subj "/C=/ST=/L=/O=/CN=" -addext "subjectAltName = DNS.1:" -key server-key.pem -out server-csr.pem`
-
-== Create Server Certificate
-
-`openssl x509 -sha256 -req  -days 365 -in server-csr.pem -CA intermediate-crt.pem -CAkey intermediate-key.pem -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=DNS.1:")) -out server-crt.pem`
-
-== Verify Server Certificate
-
-`openssl x509 -noout -text -in server-crt.pem`
-
-== Verify Chain of Trust (Intermediate to Server)
-
-`openssl verify -CAfile intermediate-crt.pem server-crt.pem`

security/security_levels.adoc

@@ -1,71 +0,0 @@
-= Security Levels
-
-// Copyright 2023 Jake Winters
-// SPDX-License-Identifier: CC-BY-4.0
-
-Version: 1.0.2.7
-
-
-== S0
-
-Intended access: Public
-
-Encryption: None
-
-Signing: Optional
-
-== S1
-
-Intended access: Authorised users of S1 or lower security levels
-
-Encryption: Enforced
-
-Signing: Enforced
-
-Permitted symmetrical encryption ciphers (order of preference):
-
-* AES
-* ChaCha20*
-* Twofish
-
-== S2
-
-Intended access: Authorised users of S2 or lower security levels
-
-Encryption: Enforced
-
-Signing: Enforced
-
-Permitted symmetrical encryption ciphers (order of preference):
-
-* AES
-* ChaCha20*
-* Twofish
-
-== S3
-
-Intended access: Authorised users of s3 or lower security levels
-
-Encryption: Enforced
-
-Signing: Enforced
-
-Permitted symmetrical encryption ciphers (order of preference):
-
-* AES
-* ChaCha20*
-
-== S4
-
-Intended access: Authorised users of s4 or lower security levels
-
-Encryption: Enforced
-
-Signing: Enforced
-
-Permitted symmetrical encryption ciphers (order of preference):
-
-* AES
-* ChaCha20*
-
-*Preferred when hardware-accelerated AES is unavailable.