Mikaela/shell-things
1
0
Fork 0
mirror of https://gitea.blesmrt.net/mikaela/shell-things.git synced 2024-11-23 19:59:21 +01:00
Code Issues Projects Releases Wiki Activity

sastisfy editorconfig check

Browse Source
This commit is contained in:
Aminda Suomalainen 2023-02-21 19:08:54 +02:00
parent cff2ac755f
commit 2e6a03d402
Signed by: Mikaela
SSH Key Fingerprint: SHA256:CXLULpqNBdUKB6E6fLA1b/4SzG0HvKD19PbIePU175Q
69 changed files with 893 additions and 893 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.mikaela/gpg.conf
View File

@ -5,7 +5,7 @@
# This file is free software; as a special exception the author gives
# unlimited permission to copy and/or distribute it, with or without
# modifications, as long as this notice is preserved.
#
#
# This file is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

10
.mikaela/pastebinit.xml
View File

@ -1,6 +1,6 @@
<pastebinit>
<pastebin>http://sprunge.us</pastebin>
<author>Mikaela</author>
<jabberid>mikaela@kapsi.fi</jabberid>
<format>text</format>
<pastebinit>
<pastebin>http://sprunge.us</pastebin>
<author>Mikaela</author>
<jabberid>mikaela@kapsi.fi</jabberid>
<format>text</format>
</pastebinit>

2
LICENSE
View File

@ -1,4 +1,4 @@
Copyright (c) <year> <owner>.
Copyright (c) <year> <owner>.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

2
README.md
View File

@ -4,7 +4,7 @@ repository as dotfiles, but historical reasons...
# Directories explained
- .mikaela — files that most likely aren't suitable for places where other
people than me have access too
people than me have access too
- Windows — files releated to Windows
- conf — config files like .tmux.conf
- etc — /etc/

2
Windows/.gitattributes vendored
View File

@ -1 +1 @@
* text=auto eol=crlf
* text=auto eol=crlf

10
Windows/10to11/README.md
View File

@ -22,11 +22,11 @@ I think the first method is likely the best, but I cannot rule these working
on another system out yet. They didn't work on my first system tried.
- `00-AllowUpgradesWithUnsupportedTPMOrCPU.reg` - the official Microsoft
recommendation and the only one that should be used. If after reboot
nothing happens, maybe try the rest rebooting every failure.
- https://support.microsoft.com/windows/windows-11-n-asentaminen-e0edbbfb-cfc5-4011-868b-2ce77ac7c70e
recommendation and the only one that should be used. If after reboot
nothing happens, maybe try the rest rebooting every failure.
- https://support.microsoft.com/windows/windows-11-n-asentaminen-e0edbbfb-cfc5-4011-868b-2ce77ac7c70e
- `01-LabConfig.reg` - widely reported to work
- `01-Setup.reg` - ^
- `02-DevRing.reg` - after joining the Insider program, this should enforce
joining to Dev ring which should offer Windows 11 instantly. It may be
advisable to leave after successful update.
joining to Dev ring which should offer Windows 11 instantly. It may be
advisable to leave after successful update.

BIN
Windows/CVE-2018-3639.reg
View File

Binary file not shown.

22
Windows/DoH/README.md
View File

@ -3,17 +3,17 @@
Requires Windows 11.
- `GPO-EnforceDoH.reg` enables the group policy to require DoH. However it
didn't seem to work for me or it allowed me to set the DNS server to not
use DoH.
didn't seem to work for me or it allowed me to set the DNS server to not
use DoH.
- `DohWellKnownServers` adds DoH support for multiple IPv4 & IPv6 addresses
that Windows 11 isn't shipping by default, currently:
- Adguard
- Cloudflare antimalware
- DNS0 (& Zero)
- Mullvad
- Mullvad Adblock
- Quad9 ECS (Windows 11 defaults include Quad9 default)
that Windows 11 isn't shipping by default, currently:
- Adguard
- Cloudflare antimalware
- DNS0 (& Zero)
- Mullvad
- Mullvad Adblock
- Quad9 ECS (Windows 11 defaults include Quad9 default)
## Configuration
@ -21,6 +21,6 @@ Once Windows knows about the DoH servers (DohWellKnownServers.reg), DNS-over
HTTPS can be enabled for:
- All networks: `Windows-I (Settings) -> Network & Internet -> Advanced network settings -> WLAN -> View additional properties -> DNS Server assignment -> Edit`
- Same place for Ethernet etc.
- Same place for Ethernet etc.
- Specific network: `Windows-I (Settings) -> Network & Internet -> WiFi -> Connected SSID -> DNS server assignment -> Edit`
- Note: if the all networks one is configured, there is a warning about it not being used.
- Note: if the all networks one is configured, there is a warning about it not being used.

2
Windows/IPv6-no_privacy.bat
View File

@ -6,4 +6,4 @@ netsh interface ipv6 set global randomizeidentifiers=disabled store=persistent
netsh interface ipv6 set privacy state=disabled store=active
netsh interface ipv6 set privacy state=disabled store=persistent
pause
echo on
echo on

2
Windows/IPv6-no_randomization.bat
View File

@ -4,4 +4,4 @@ pause
netsh interface ipv6 set global randomizeidentifiers=disabled store=active
netsh interface ipv6 set global randomizeidentifiers=disabled store=persistent
pause
echo on
echo on

4
Windows/IPv6.reg.markdown
View File

@ -3,6 +3,6 @@ Some kind of explaining for [IPv6.reg](IPv6.reg) like
- Resolve IPv6 even without native connectivity.
- Enable Teredo
- As EnterpriseClient so it also works when joined into domain.
- As EnterpriseClient so it also works when joined into domain.
- Use `teredo.trex.fi` as Teredo server. This should be replaced with
something that is as near as possible.
something that is as near as possible.

10
Windows/Windows.reg.markdown
View File

@ -9,10 +9,10 @@ Windows Registry Editor Version 5.00
- Make the file Windows Registry Editor script
- Ask admins for password/PIN in UAC
- 2 would ask for yes or no, 0 disable entirely (don't do that).
- 2 would ask for yes or no, 0 disable entirely (don't do that).
- prompt standard users for username and password. 2021-12-19: I don't understand this or the line below.
- The other option (1) doesn't even give them UAC prompt so you must
always login as admin to do anything.
- The other option (1) doesn't even give them UAC prompt so you must
always login as admin to do anything.
```
"dontdisplaylastusername"=dword:00000000
@ -39,8 +39,8 @@ Windows Registry Editor Version 5.00
```
- Sets hardware clock to UTC time (doesn't affect system clock!)
- qword for 64-bit, dword for 32-bit systems. The actual reg file has
only qword as I haven't seen 32-bit Windowses lately.
- qword for 64-bit, dword for 32-bit systems. The actual reg file has
only qword as I haven't seen 32-bit Windowses lately.
```
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters]

2
Windows/autohotkey/CapsLockToBackspace.ahk
View File

@ -1 +1 @@
CapsLock:: Send {BackSpace}
CapsLock:: Send {BackSpace}

26
Windows/time/README.md
View File

@ -7,16 +7,16 @@ w32tm /query /peers
```
- The list is space separated NTP servers, while I think Windows uses SNTP instead
of NTP.
of NTP.
- `/resync` may sync current time, but is also required for the GUI
(Windows + I, Date & time) and following command to get aware of peers.
(Windows + I, Date & time) and following command to get aware of peers.
- Shows where time is synced from and statistics.
- There is also `net time` to sync, I am unsure of the differences while
that may be blocked while the second keeps working. It may also not
show all the peers, just the primary one, while `w32tm` is more verbose
and has all of them.
- There is also `net time` to sync, I am unsure of the differences while
that may be blocked while the second keeps working. It may also not
show all the peers, just the primary one, while `w32tm` is more verbose
and has all of them.
- As Windows doesn't support NTS and probably won't in near future, there is
no point in listing distant foreign servers.
no point in listing distant foreign servers.
## Variations
@ -47,14 +47,14 @@ w32tm /config /syncfromflags:manual /manualpeerlist:"time.cloudflare.com ntp1.ko
- https://www.netnod.se/nts/network-time-security
- https://www.vttresearch.com/fi/palvelut/suomen-aika-ntp-palvelu#julkinen
- https://www.ntppool.org/use.html
- Also mentions the syntax for multiple servers, but considering this Elisa
list has so many servers I am only picking one pool address just in case
the others somehow fail.
- Also mentions the syntax for multiple servers, but considering this Elisa
list has so many servers I am only picking one pool address just in case
the others somehow fail.
## Additional reading
- Above links
- https://jasoncoltrin.com/2018/08/02/how-to-set-clock-time-on-ad-domain-controller-and-sync-windows-clients/
- this file might not exist without this post, while it doesn't mention
multiple servers, uses `time.windows.com` and I am yet to actually touch
NTP on Windows Server environment.
- this file might not exist without this post, while it doesn't mention
multiple servers, uses `time.windows.com` and I am yet to actually touch
NTP on Windows Server environment.

2
chmod
View File

@ -1,5 +1,5 @@
#!/usr/bin/env bash
# This script removes permissions from other people than the owner to
# This script removes permissions from other people than the owner to
# files/folders that they don't have access to and where they don't need
# access.
set -x

84
conf/conky/conky.conf
View File

@ -19,48 +19,48 @@ the Free Software Foundation, either version 3 of the License, or
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
along with this program. If not, see <http://www.gnu.org/licenses/>.
]]
conky.config = {
alignment = 'top_left',
background = true,
border_width = 1,
cpu_avg_samples = 2,
default_color = '#dedede',
default_outline_color = '#dedede',
default_shade_color = '#dedede',
draw_borders = true,
draw_graph_borders = true,
draw_outline = false,
draw_shades = false,
use_xft = true,
font = 'DejaVu Sans Mono:size=8',
gap_x = 6,
gap_y = 28,
minimum_height = 5,
minimum_width = 5,
net_avg_samples = 2,
no_buffers = true,
out_to_console = false,
out_to_stderr = false,
extra_newline = false,
own_window = true,
own_window_transparent = false,
own_window_argb_visual = true,
own_window_argb_value = 95,
own_window_class = 'Conky',
own_window_type = 'override',
stippled_borders = 0,
update_interval = 5,
uppercase = false,
use_spacer = 'none',
show_graph_scale = false,
show_graph_range = false,
double_buffer = true
alignment = 'top_left',
background = true,
border_width = 1,
cpu_avg_samples = 2,
default_color = '#dedede',
default_outline_color = '#dedede',
default_shade_color = '#dedede',
draw_borders = true,
draw_graph_borders = true,
draw_outline = false,
draw_shades = false,
use_xft = true,
font = 'DejaVu Sans Mono:size=8',
gap_x = 6,
gap_y = 28,
minimum_height = 5,
minimum_width = 5,
net_avg_samples = 2,
no_buffers = true,
out_to_console = false,
out_to_stderr = false,
extra_newline = false,
own_window = true,
own_window_transparent = false,
own_window_argb_visual = true,
own_window_argb_value = 95,
own_window_class = 'Conky',
own_window_type = 'override',
stippled_borders = 0,
update_interval = 5,
uppercase = false,
use_spacer = 'none',
show_graph_scale = false,
show_graph_range = false,
double_buffer = true
}
conky.text = [[
@ -72,16 +72,16 @@ ${color grey}Frequency (in GHz):$color $freq_g
${color grey}RAM Usage:$color $mem/$memmax - $memperc% ${membar 4}
${color grey}Swap Usage:$color $swap/$swapmax - $swapperc% ${swapbar 4}
${color grey}CPU Usage:$color $cpu% ${cpubar 4}
${color grey}Processes:$color $processes ${color grey}Running:$color $running_processes
${color grey}Processes:$color $processes ${color grey}Running:$color $running_processes
$hr
${color grey}File systems:
/ $color${fs_used /}/${fs_size /} ${fs_bar 6 /}
/ $color${fs_used /}/${fs_size /} ${fs_bar 6 /}
${color grey} /home $color${fs_used /home}/${fs_size /home} ${fs_bar 6 /}
${color grey}HDD Temperature:${color} $hddtemp °C
${color grey}Networking:
eth0 Up:$color ${upspeed eth0} ${color grey} - Down:$color ${downspeed eth0}
${color grey}wlan0 Up:$color ${upspeed wlan0} ${color grey} - Down:$color ${downspeed wlan0}
${color grey}yggdrasil Up:$color ${upspeed yggdrasil} ${color grey} - Down:$color ${downspeed yggdrasil}
eth0 Up:$color ${upspeed eth0} ${color grey} - Down:$color ${downspeed eth0}
${color grey}wlan0 Up:$color ${upspeed wlan0} ${color grey} - Down:$color ${downspeed wlan0}
${color grey}yggdrasil Up:$color ${upspeed yggdrasil} ${color grey} - Down:$color ${downspeed yggdrasil}
$hr
${color grey}Sensors${color}
${execpi 60 sensors|grep °}

98
conf/i3/config
View File

@ -1,9 +1,9 @@
# Packages expected (just break line-length!):
# Debian: i3 suckless-tools j4-dmenu-desktop gnome-screenshot i3lock sudo hibernate playerctl galculator network-manager-gnome redshift-gtk x11-xserver-utils feh rofi libnotify-bin xcompmgr konsole fonts-dejavu dbus-x11 arandr numlockx fcitx-bin fcitx-mozc conky-all flatpak apparmor-notify caffeine kdocker mumble audacious telegram-desktop steam htop kdeconnect nextcloud-client parcimonie lxqt-powermanagement kteatime hsetroot tmux
# ALSA: alsa-utils apulse coreutils pnmixer
# NOTE! apulse is a wrapper and `apulse` is put in front of pulseaudio
# requiring app. See also (shell-things) rc/asoundrc for USB headset and
# similar.
# NOTE! apulse is a wrapper and `apulse` is put in front of pulseaudio
# requiring app. See also (shell-things) rc/asoundrc for USB headset and
# similar.
# pulseaudio: pulseaudio-utils pasystray pulsemixer pavucontrol pulseeffects
# insync: https://www.insynchq.com/downloads
# Mullvad: https://mullvad.net/download
@ -15,7 +15,7 @@
# Debian theming: lxappearance gtk-chtheme qt4-qtconfig qt5ct
# https://askubuntu.com/a/600946
# + ~/.xprofile specifies GTK_THEME which hopefully gets detected/understood
# by browsers etc.
# by browsers etc.
#
# YES! This file is a monster and there really are that many weird
# packages!
@ -50,7 +50,7 @@ set $ScreenLockCmd i3lock -c 000000 -p win -f
# This font is widely installed, provides lots of unicode glyphs, right-to-left
# text rendering and scalability on retina/hidpi displays (thanks to pango).
# NOTE! Bigger font than 8 is too big for Kincarron
# 7 is too big for Sedric with dpi scaling 144
# 7 is too big for Sedric with dpi scaling 144
#font pango:DejaVu Sans Mono Book 7
font pango:OpenDyslexic 9
@ -192,27 +192,27 @@ bindsym $mod+Shift+e exec "i3-nagbar -t warning -m 'You pressed the EXIT shortcu
# resize window (you can also use the mouse for that)
mode "resize" {
# These bindings trigger as soon as you enter the resize mode
# These bindings trigger as soon as you enter the resize mode
# Pressing left will shrink the windows width.
# Pressing right will grow the windows width.
# Pressing up will shrink the windows height.
# Pressing down will grow the windows height.
bindsym j resize shrink width 10 px or 10 ppt
bindsym k resize grow height 10 px or 10 ppt
bindsym l resize shrink height 10 px or 10 ppt
bindsym odiaeresis resize grow width 10 px or 10 ppt
# Pressing left will shrink the windows width.
# Pressing right will grow the windows width.
# Pressing up will shrink the windows height.
# Pressing down will grow the windows height.
bindsym j resize shrink width 10 px or 10 ppt
bindsym k resize grow height 10 px or 10 ppt
bindsym l resize shrink height 10 px or 10 ppt
bindsym odiaeresis resize grow width 10 px or 10 ppt
# same bindings, but for the arrow keys
bindsym Left resize shrink width 10 px or 10 ppt
bindsym Down resize grow height 10 px or 10 ppt
bindsym Up resize shrink height 10 px or 10 ppt
bindsym Right resize grow width 10 px or 10 ppt
# same bindings, but for the arrow keys
bindsym Left resize shrink width 10 px or 10 ppt
bindsym Down resize grow height 10 px or 10 ppt
bindsym Up resize shrink height 10 px or 10 ppt
bindsym Right resize grow width 10 px or 10 ppt
# back to normal: Enter or Escape or $mod+r
bindsym Return mode "default"
bindsym Escape mode "default"
bindsym $mod+r mode "default"
# back to normal: Enter or Escape or $mod+r
bindsym Return mode "default"
bindsym Escape mode "default"
bindsym $mod+r mode "default"
}
bindsym $mod+r mode "resize"
@ -277,30 +277,30 @@ set $br_violet #b891f5
# Start i3bar to display a workspace bar (plus the system information i3status
# finds out, if available) CHANGEME
bar {
position top
#status_command LC_ALL=fi_FI.utf8 i3status
# Temporary workaround to broken i3status in Fedora
status_command LC_ALL=fi_FI.utf8 i3status-rs ~/.config/i3status-rs/config.toml
# Selenized black from https://github.com/jan-warchol/selenized/blob/master/other-apps/i3/i3-selenized-black.conf
colors {
separator $blue
background $bg
statusline $br_white
focused_workspace $green $green $bg
active_workspace $cyan $blue $black
inactive_workspace $black $black $fg
urgent_workspace $yellow $yellow $black
}
# Selenized light from https://github.com/jan-warchol/selenized/blob/master/other-apps/i3/i3-selenized-light.conf
#colors {
# separator $blue
# background $bg
# statusline $br_white
# focused_workspace $green $green $bg
# active_workspace $cyan $blue $black
# inactive_workspace $black $black $fg
# urgent_workspace $yellow $yellow $black
# }
position top
#status_command LC_ALL=fi_FI.utf8 i3status
# Temporary workaround to broken i3status in Fedora
status_command LC_ALL=fi_FI.utf8 i3status-rs ~/.config/i3status-rs/config.toml
# Selenized black from https://github.com/jan-warchol/selenized/blob/master/other-apps/i3/i3-selenized-black.conf
colors {
separator $blue
background $bg
statusline $br_white
focused_workspace $green $green $bg
active_workspace $cyan $blue $black
inactive_workspace $black $black $fg
urgent_workspace $yellow $yellow $black
}
# Selenized light from https://github.com/jan-warchol/selenized/blob/master/other-apps/i3/i3-selenized-light.conf
#colors {
# separator $blue
# background $bg
# statusline $br_white
# focused_workspace $green $green $bg
# active_workspace $cyan $blue $black
# inactive_workspace $black $black $fg
# urgent_workspace $yellow $yellow $black
# }
}
# Selenized black from https://github.com/jan-warchol/selenized/blob/master/other-apps/i3/i3-selenized-black.conf
@ -486,7 +486,7 @@ exec --no-startup-id redshift-gtk -l 60.15937:24.87530
#exec --no-startup-id redshift-gtk -l 60.46742:26.94508
# Sedric - 150 % display scaling (HiDPI), see also `xdpyinfo | grep resolution
# where 96 = 100 %
# where 96 = 100 %
#exec --no-startup-id xrandr --dpi 144
# Sedric, external GPU as primary
@ -535,5 +535,5 @@ exec --no-startup-id redshift-gtk -l 60.15937:24.87530
# Special keyboard options that WILL CONFUSE YOU.
# windows+space should change layout, but doesn't, both ctrls do
# fi allows mostly typing fi/se (identicatal), cz/es.
# See also: `man xkeyboard-config` (layouts) `setxkbmap -query` (for current options)
# See also: `man xkeyboard-config` (layouts) `setxkbmap -query` (for current options)
exec --no-startup-id setxkbmap -option compose:menu -option terminate:ctrl_alt_bksp -option nbsp:none -option caps:backspace -option shift:both_capslock -option grp:ctrls_toggle -option grp:win_space_toggle -layout fi,us,epo,ru -variant ,altgr-intl,,phonetic_winkeys

4
conf/i3status-rs/config.toml
View File

@ -2,10 +2,10 @@
# based heavily on /usr/share/doc/i3status-rs/example_config.toml & https://github.com/greshake/i3status-rust/tree/master/examples
# and manpage from search engine
# Note: I am not confident that "irstatus-rs" and "i3status-rust" are the same
# software.
# software.
# WIP: migration from i3status
# contains: (disk /, disk/home,) load, ipv6, wireless, ethernet, battery, volume, (utc) time, (local time)
# contains: (disk /, disk/home,) load, ipv6, wireless, ethernet, battery, volume, (utc) time, (local time)
[theme]
name = "solarized-dark"

116
conf/i3status/config
View File

@ -7,21 +7,21 @@
# If the above line is not correctly displayed, fix your editor first!
general {
output_format = "i3bar"
colors = true
# 1 is horrible with battery status and possibly unnecessary
# weight for older devices. 5 appears to be Debian default, and I
# guess it's enough often for seeing if the system is frozen when
# staring at a clock.
interval = 5
# Selenized black from https://github.com/jan-warchol/selenized/blob/master/other-apps/i3/i3status-selenized-black.conf
color_good = "#70b433"
color_degraded = "#dbb32d"
color_bad = "#ed4a46"
# Selenized light from https://github.com/jan-warchol/selenized/blob/master/other-apps/i3/i3status-selenized-light.conf
#color_good = "#489100"
#color_degraded = "#ad8900"
#color_bad = "#d2212d"
output_format = "i3bar"
colors = true
# 1 is horrible with battery status and possibly unnecessary
# weight for older devices. 5 appears to be Debian default, and I
# guess it's enough often for seeing if the system is frozen when
# staring at a clock.
interval = 5
# Selenized black from https://github.com/jan-warchol/selenized/blob/master/other-apps/i3/i3status-selenized-black.conf
color_good = "#70b433"
color_degraded = "#dbb32d"
color_bad = "#ed4a46"
# Selenized light from https://github.com/jan-warchol/selenized/blob/master/other-apps/i3/i3status-selenized-light.conf
#color_good = "#489100"
#color_degraded = "#ad8900"
#color_bad = "#d2212d"
}
# Logicish: colour changing things at first (load is often red especially
@ -44,50 +44,50 @@ order += "time"
# Load is first as the treshold may need the most modification here
load {
format = "%1min %5min %15min"
# Defaults to 5, nosmt MDS mitigation disables ½ of the cores
# X,7 ? https://scoutapm.com/blog/understanding-load-averages
# CHANGEME - apparently whether . or , works depends on locale -.-
# Rbtpzn, the oldest machine from 2006, single core
#max_threshold = "0,7"
# Dualcore, mostly everything else
max_threshold = "1,7"
# Zaldaryn, quadcore
#max_threshold = "3,7"
format = "%1min %5min %15min"
# Defaults to 5, nosmt MDS mitigation disables ½ of the cores
# X,7 ? https://scoutapm.com/blog/understanding-load-averages
# CHANGEME - apparently whether . or , works depends on locale -.-
# Rbtpzn, the oldest machine from 2006, single core
#max_threshold = "0,7"
# Dualcore, mostly everything else
max_threshold = "1,7"
# Zaldaryn, quadcore
#max_threshold = "3,7"
}
wireless _first_ {
#format_up = "W: (%quality at %essid, %bitrate / %frequency) %ip"
format_up = "W:%quality @ %essid (%frequency, %bitrate)"
#format_up = "W:%quality %frequency"
#format_down = "W:🢃"
format_down = ""
#format_quality = "%3d%s"
#format_up = "W: (%quality at %essid, %bitrate / %frequency) %ip"
format_up = "W:%quality @ %essid (%frequency, %bitrate)"
#format_up = "W:%quality %frequency"
#format_down = "W:🢃"
format_down = ""
#format_quality = "%3d%s"
}
ethernet _first_ {
# if you use %speed, i3status requires root privileges
#format_up = "E: %ip (%speed)"
#format_up = "E:🢁"
format_up = "E:%speed"
#format_down = "E:🢃"
format_down = ""
# if you use %speed, i3status requires root privileges
#format_up = "E: %ip (%speed)"
#format_up = "E:🢁"
format_up = "E:%speed"
#format_down = "E:🢃"
format_down = ""
}
battery all {
# %remaining looks horrible especially with updating every second
format = "🔌%status %percentage %remaining"
format_down = ""
status_full = "🔌☻"
#status_unk = "?"
# kincarron battery fix
#path = "/sys/class/power_supply/%d/uevent"
# %remaining looks horrible especially with updating every second
format = "🔌%status %percentage %remaining"
format_down = ""
status_full = "🔌☻"
#status_unk = "?"
# kincarron battery fix
#path = "/sys/class/power_supply/%d/uevent"
}
tztime utc {
timezone = "UTC"
# ISO 8601ish
format = "%Z: %Y-%m-%d %H:%M:%S%z"
timezone = "UTC"
# ISO 8601ish
format = "%Z: %Y-%m-%d %H:%M:%S%z"
}
# Date format explanations
@ -106,29 +106,29 @@ tztime utc {
#tztime local {
time {
# Finnishish formatting with my adjustments
format = "%G-W%V-%u (%j/%a/%B) %F %H.%M.%S%z"
# Finnishish formatting with my adjustments
format = "%G-W%V-%u (%j/%a/%B) %F %H.%M.%S%z"
}
volume master {
format = "♪: %volume"
format_muted = "♪: muted (%volume)"
#device = "pulse"
format = "♪: %volume"
format_muted = "♪: muted (%volume)"
#device = "pulse"
}
ipv6 {
#format_up = "IPv6:🢁"
format_up = "6"
#format_down = "IPv6:🢃"
format_down = ""
#format_up = "IPv6:🢁"
format_up = "6"
#format_down = "IPv6:🢃"
format_down = ""
}
# %avail vs %free: https://github.com/i3/i3status/issues/349#issuecomment-506565599
disk / {
format = "/: %avail"
format = "/: %avail"
}
disk /home {
format = "/home: %avail"
format = "/home: %avail"
}

10
conf/pastebinit.xml
View File

@ -1,6 +1,6 @@
<pastebinit>
<pastebin>http://sprunge.us</pastebin>
<author></author>
<jabberid></jabberid>
<format>text</format>
<pastebinit>
<pastebin>http://sprunge.us</pastebin>
<author></author>
<jabberid></jabberid>
<format>text</format>
</pastebinit>

214
conf/pipewire/media-session.d/alsa-monitor.conf
View File

@ -6,130 +6,130 @@
# then restart pipewire and pipewire-pulse like so: systemctl --user restart pipewire pipewire-pulse
properties = {
# Create a JACK device. This is not enabled by default because
# it requires that the PipeWire JACK replacement libraries are
# not used by the session manager, in order to be able to
# connect to the real JACK server.
#alsa.jack-device = false
# Create a JACK device. This is not enabled by default because
# it requires that the PipeWire JACK replacement libraries are
# not used by the session manager, in order to be able to
# connect to the real JACK server.
#alsa.jack-device = false
# Reserve devices.
#alsa.reserve = true
# Reserve devices.
#alsa.reserve = true
}
rules = [
# An array of matches/actions to evaluate.
{
# Rules for matching a device or node. It is an array of
# properties that all need to match the regexp. If any of the
# matches work, the actions are executed for the object.
matches = [
{
# This matches all cards. These are regular expressions
# so "." matches one character and ".*" matches many.
device.name = "~alsa_card.*"
}
]
actions = {
# Actions can update properties on the matched object.
update-props = {
# Use ALSA-Card-Profile devices. They use UCM or
# the profile configuration to configure the device
# and mixer settings.
api.alsa.use-acp = true
# An array of matches/actions to evaluate.
{
# Rules for matching a device or node. It is an array of
# properties that all need to match the regexp. If any of the
# matches work, the actions are executed for the object.
matches = [
{
# This matches all cards. These are regular expressions
# so "." matches one character and ".*" matches many.
device.name = "~alsa_card.*"
}
]
actions = {
# Actions can update properties on the matched object.
update-props = {
# Use ALSA-Card-Profile devices. They use UCM or
# the profile configuration to configure the device
# and mixer settings.
api.alsa.use-acp = true
# Use UCM instead of profile when available. Can be
# disabled to skip trying to use the UCM profile.
#api.alsa.use-ucm = true
# Use UCM instead of profile when available. Can be
# disabled to skip trying to use the UCM profile.
#api.alsa.use-ucm = true
# Don't use the hardware mixer for volume control. It
# will only use software volume. The mixer is still used
# to mute unused paths based on the selected port.
#api.alsa.soft-mixer = false
# Don't use the hardware mixer for volume control. It
# will only use software volume. The mixer is still used
# to mute unused paths based on the selected port.
#api.alsa.soft-mixer = false
# Ignore decibel settings of the driver. Can be used to
# work around buggy drivers that report wrong values.
#api.alsa.ignore-dB = false
# Ignore decibel settings of the driver. Can be used to
# work around buggy drivers that report wrong values.
#api.alsa.ignore-dB = false
# The profile set to use for the device. Usually this is
# "default.conf" but can be changed with a udev rule
# or here.
#device.profile-set = "profileset-name.conf"
# The profile set to use for the device. Usually this is
# "default.conf" but can be changed with a udev rule
# or here.
#device.profile-set = "profileset-name.conf"
# The default active profile. Is by default set to "Off".
#device.profile = "default profile name"
# The default active profile. Is by default set to "Off".
#device.profile = "default profile name"
# Automatically select the best profile. This is the
# highest priority available profile. This is disabled
# here and instead implemented in the session manager
# where it can save and load previous preferences.
api.acp.auto-profile = false
# Automatically select the best profile. This is the
# highest priority available profile. This is disabled
# here and instead implemented in the session manager
# where it can save and load previous preferences.
api.acp.auto-profile = false
# Automatically switch to the highest priority available
# port. This is disabled here and implemented in the
# session manager instead.
api.acp.auto-port = false
# Automatically switch to the highest priority available
# port. This is disabled here and implemented in the
# session manager instead.
api.acp.auto-port = false
# Other properties can be set here.
#device.nick = "My Device"
}
}
}
# Other properties can be set here.
#device.nick = "My Device"
}
}
}
# Begin customized config section
{
matches = [
{
# This matches your USB headset
device.name = "alsa_card.usb-Logitech_Logitech_USB_Headset-00"
}
]
actions = {
# Actions can update properties on the matched object.
update-props = {
api.alsa.soft-mixer = true
}
}
}
{
matches = [
{
# This matches your USB headset
device.name = "alsa_card.usb-Logitech_Logitech_USB_Headset-00"
}
]
actions = {
# Actions can update properties on the matched object.
update-props = {
api.alsa.soft-mixer = true
}
}
}
#End customized config section
{
matches = [
{
# Matches all sources. These are regular expressions
# so "." matches one character and ".*" matches many.
node.name = "~alsa_input.*"
}
{
# Matches all sinks.
node.name = "~alsa_output.*"
}
]
actions = {
update-props = {
#node.nick = "My Node"
#node.nick = null
#priority.driver = 100
#priority.session = 100
node.pause-on-idle = false
#resample.quality = 4
#channelmix.normalize = false
#channelmix.mix-lfe = false
#audio.channels = 2
#audio.format = "S16LE"
#audio.rate = 44100
#audio.position = "FL,FR"
#session.suspend-timeout-seconds = 5 # 0 disables suspend
#monitor.channel-volumes = false
{
matches = [
{
# Matches all sources. These are regular expressions
# so "." matches one character and ".*" matches many.
node.name = "~alsa_input.*"
}
{
# Matches all sinks.
node.name = "~alsa_output.*"
}
]
actions = {
update-props = {
#node.nick = "My Node"
#node.nick = null
#priority.driver = 100
#priority.session = 100
node.pause-on-idle = false
#resample.quality = 4
#channelmix.normalize = false
#channelmix.mix-lfe = false
#audio.channels = 2
#audio.format = "S16LE"
#audio.rate = 44100
#audio.position = "FL,FR"
#session.suspend-timeout-seconds = 5 # 0 disables suspend
#monitor.channel-volumes = false
#api.alsa.period-size = 1024
#api.alsa.headroom = 0
#api.alsa.start-delay = 0
#api.alsa.disable-mmap = false
#api.alsa.disable-batch = false
#api.alsa.use-chmap = false
}
}
}
#api.alsa.period-size = 1024
#api.alsa.headroom = 0
#api.alsa.start-delay = 0
#api.alsa.disable-mmap = false
#api.alsa.disable-batch = false
#api.alsa.use-chmap = false
}
}
}
]

14
conf/sway/README.md
View File

@ -25,7 +25,7 @@ methods setting fonts):
- Document text: Noto Serif Regular 11
- Monospace text: Noto Sans Mono Regular 10
- Legacy window title text: Noto Serif Bold 11
- Apparently this means "apps that don't use client-side decorations"
- Apparently this means "apps that don't use client-side decorations"
The number behind is obviously the number and it's based on what were the
defaults before I touched them so I am hoping GNOME knows what they are
@ -42,10 +42,10 @@ have trouble handling it, e.g. mpv (makes Ä and Ö and Å all Å) and Firefox
Other font settings in GNOME-Tweak:
- Hinting: _a bit_
- for no particular reason
- for no particular reason
- Antialiasing: _Subpixel (for LCD-displays)_
- I have no idea where there are "standard grayscale" displays that aren't
LCD.
- I have no idea where there are "standard grayscale" displays that aren't
LCD.
### Screen mirroring
@ -56,6 +56,6 @@ Workarounds:
- Use VNC (see my Scripts repo [`bash/swaymirror.bash`](https://gitea.blesmrt.net/mikaela/scripts/src/branch/master/bash/swaymirror.bash))
- Do something weird with OBS
- Use a dedicated application that don't seem to be in Fedora repos, flatpak
or snap.
- [github.com/Ferdi265/wl-mirror](https://github.com/Ferdi265/wl-mirror)
- [github.com/progandy/wdomirror](https://github.com/progandy/wdomirror)
or snap.
- [github.com/Ferdi265/wl-mirror](https://github.com/Ferdi265/wl-mirror)
- [github.com/progandy/wdomirror](https://github.com/progandy/wdomirror)

12
conf/sway/config.d/README.md
View File

@ -5,7 +5,7 @@ Thus this `README.md` is not read, even if I happened to carelessly
copy-paste it in.
- `autostart-communication.conf` - chat/communication apps I am expected to have
open or at least check at times
open or at least check at times
- `autostart-fineid.conf` - Finnish electric identity card, that I also use as SSH key
- `autostart-utilities.conf` - general utilities, like `nm-applet` or VPN etc.
- `grimshot.conf` - screenshotting keybinds using `grimshot`
@ -13,15 +13,15 @@ copy-paste it in.
- `keyboard.conf` - keyboard configuration
- `media.conf` - media key configuration and autostarts related to it
- `pointer-accel.conf` - pointer/mouse configuration, mainly setting acceleration
profile to `flat`
profile to `flat`
- `README.md` - you are currently reading this :wink:
- `sedric.conf` - configuration specific to my laptop hostnamed `sedric`
- `swaybar.conf` - `swaybar` configuration
- `swayidle.conf` - `swayidle` configuration/autostart
- `wlsunset-kotka.conf` - `wlsunset` configuration/autostart for my hometown for when
I happen to visit for longer period of time
I happen to visit for longer period of time
- `wlsunset-lauttasaari.conf` - `wlsunset` configuration for my home neighbourhood
- `zz-floating.conf` - configures windows that should float. For some reason
that is inherited from my `i3` config, it tells to put float rules above the
last line, so it should be read last and `z` is the last letter of English
alphabet so it will hopefully be read last.
that is inherited from my `i3` config, it tells to put float rules above the
last line, so it should be read last and `z` is the last letter of English
alphabet so it will hopefully be read last.

14
conf/sway/config.d/swayidle.conf
View File

@ -1,11 +1,11 @@
# Copied from `man swayidle`, except the $ScreenLockCmd that I don't
# want to repeat.
# This will lock your screen after 300 seconds of inactivity, then turn off
# your displays after another 300 seconds, and turn your screens back on
# when resumed. It will also lock your screen before your computer goes to
# sleep.
# This will lock your screen after 300 seconds of inactivity, then turn off
# your displays after another 300 seconds, and turn your screens back on
# when resumed. It will also lock your screen before your computer goes to
# sleep.
exec swayidle -w \
timeout 300 "\"$ScreenLockCmd\"" \
timeout 600 'swaymsg "output * dpms off"' \
timeout 300 "\"$ScreenLockCmd\"" \
timeout 600 'swaymsg "output * dpms off"' \
resume 'swaymsg "output * dpms on"' \
before-sleep "\"$ScreenLockCmd\""
before-sleep "\"$ScreenLockCmd\""

2
conf/tmux-old-ncurses.bash
View File

@ -2,5 +2,5 @@
# Intended for systems with ncurses < 6 which is missing TERMINFO
# for tmux-256color.
if [[ $TERM == 'tmux-256color' ]]; then
export TERM=screen-256color
export TERM=screen-256color
fi

8
etc/X11/xorg.conf.d/00-keyboard.conf
View File

@ -1,8 +1,8 @@
# Read and parsed by systemd-localed. It's probably wise not to edit this file
# manually too freely.
Section "InputClass"
Identifier "system-keyboard"
MatchIsKeyboard "on"
Option "XkbLayout" "fi"
Option "XkbModel" "compose:menu"
Identifier "system-keyboard"
MatchIsKeyboard "on"
Option "XkbLayout" "fi"
Option "XkbModel" "compose:menu"
EndSection

2
etc/apt/sources.list/ubuntu
View File

@ -46,4 +46,4 @@ deb-src http://security.ubuntu.com/ubuntu/ CODENAME-security main restricted
deb http://security.ubuntu.com/ubuntu/ CODENAME-security universe
deb-src http://security.ubuntu.com/ubuntu/ CODENAME-security universe
deb http://security.ubuntu.com/ubuntu/ CODENAME-security multiverse
deb-src http://security.ubuntu.com/ubuntu/ CODENAME-security multiverse
deb-src http://security.ubuntu.com/ubuntu/ CODENAME-security multiverse

36
etc/dnscrypt-proxy/dnscrypt-proxy.toml
View File

@ -70,31 +70,31 @@ lb_strategy = 'p2'
# Logging to be enabled by hand on systems needing them
#[query_log]
# file = '/var/log/dnscrypt-proxy/query.log'
# file = '/var/log/dnscrypt-proxy/query.log'
#[nx_log]
# file = '/var/log/dnscrypt-proxy/nx.log'
# file = '/var/log/dnscrypt-proxy/nx.log'
[sources]
[sources.'public-resolvers']
#url = 'https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md'
urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md', 'https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md', 'https://cdn.staticaly.com/gh/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md', 'https://evilvibes.com/list/public-resolvers.md']
cache_file = '/var/cache/dnscrypt-proxy/public-resolvers.md'
minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
refresh_delay = 72
prefix = 'public-'
[sources.'public-resolvers']
#url = 'https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md'
urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md', 'https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md', 'https://cdn.staticaly.com/gh/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md', 'https://evilvibes.com/list/public-resolvers.md']
cache_file = '/var/cache/dnscrypt-proxy/public-resolvers.md'
minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
refresh_delay = 72
prefix = 'public-'
[sources.'opennic']
urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/opennic.md', 'https://download.dnscrypt.info/resolvers-list/v2/opennic.md']
minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
refresh_delay = 72
cache_file = '/var/cache/dnscrypt-proxy/opennic.md'
prefix = 'opennic-'
urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/opennic.md', 'https://download.dnscrypt.info/resolvers-list/v2/opennic.md']
minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
refresh_delay = 72
cache_file = '/var/cache/dnscrypt-proxy/opennic.md'
prefix = 'opennic-'
# 2.0.23 recommended so onions won't be attempted without proxy enabled
# (5c9edfccfe67474bee2836ada67f955f10e43357)
# I won't uncomment this until I have updated version everywhere.
#[sources.'onion-services']
# urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/onion-services.md', 'https://download.dnscrypt.info/resolvers-list/v2/onion-services.md']
# minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
# cache_file = '/var/cache/dnscrypt-proxy/onion-services.md'
# prefix = 'onion-'
# urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/onion-services.md', 'https://download.dnscrypt.info/resolvers-list/v2/onion-services.md']
# minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
# cache_file = '/var/cache/dnscrypt-proxy/onion-services.md'
# prefix = 'onion-'

30
etc/fahclient/config.xml
View File

@ -1,21 +1,21 @@
<config>
<!-- Client Control -->
<client-threads v='2'/>
<fold-anon v='true'/>
<!-- Client Control -->
<client-threads v='2'/>
<fold-anon v='true'/>
<!-- Folding Core -->
<cpu-usage v='50'/>
<gpu-usage v='50'/>
<!-- Folding Core -->
<cpu-usage v='50'/>
<gpu-usage v='50'/>
<!-- Slot Control -->
<power v='MEDIUM'/>
<!-- Slot Control -->
<power v='MEDIUM'/>
<!-- User Information -->
<passkey v=''/>
<team v='201753'/>
<user v='Mikaela'/>
<!-- User Information -->
<passkey v=''/>
<team v='201753'/>
<user v='Mikaela'/>
<!-- Folding Slots -->
<slot id='0' type='CPU'/>
<slot id='1' type='GPU'/>
<!-- Folding Slots -->
<slot id='0' type='CPU'/>
<slot id='1' type='GPU'/>
</config>

4
etc/install
View File

@ -15,8 +15,8 @@ chmod a+r /etc/systemd/system/oidentd.socket
mkdir -p /etc/sysctl.d/
if [ ! -f /etc/sysctl.d/60-mikaela.conf ]; then
cat sysctl.d/60-mikaela.conf > /etc/sysctl.d/60-mikaela.conf
chmod a+r /etc/sysctl.d/60-mikaela.conf
cat sysctl.d/60-mikaela.conf > /etc/sysctl.d/60-mikaela.conf
chmod a+r /etc/sysctl.d/60-mikaela.conf
fi
echo 'If you use systemd or oidentd you should "systemctl daemon-reload"'

22
etc/nginx/README.md
View File

@ -8,9 +8,9 @@ cannot read them from here.
These files may age badly, so here are some hopefully timeless pointers:
- Generate the config file with https://ssl-config.mozilla.org/ (and if
time eats it, try https://github.com/mozilla/ssl-config-generator/ in
hope of finding where it is now. \* Name it 00-something so it will be the first file read and make
everything a different file.
time eats it, try https://github.com/mozilla/ssl-config-generator/ in
hope of finding where it is now. \* Name it 00-something so it will be the first file read and make
everything a different file.
- If using my acmesh-ssl.bash script, the files to fill should be like:
(the script runs `$ACMESH --key-file $NGINXDIR/key.pem --fullchain-file $NGINXDIR/cert.pem --reloadcmd "$SYSTEMCTLRESTART nginx"`)
@ -21,11 +21,11 @@ These files may age badly, so here are some hopefully timeless pointers:
The header syntax is following, **_THIS LIKELY WON'T TIME WELL, ESPECIALLY CSP_**
```
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header Content-Security-Policy "block-all-mixed-content; default-src 'none'; form-action 'self'; connect-src 'self' ws: wss:; style-src 'self' https: 'unsafe-inline'; script-src 'self'; worker-src 'self'; child-src 'self'; manifest-src 'self'; font-src 'self' https:; media-src 'self' https:; img-src 'self' data: https://user-images.githubusercontent.com" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer" always;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header Content-Security-Policy "block-all-mixed-content; default-src 'none'; form-action 'self'; connect-src 'self' ws: wss:; style-src 'self' https: 'unsafe-inline'; script-src 'self'; worker-src 'self'; child-src 'self'; manifest-src 'self'; font-src 'self' https:; media-src 'self' https:; img-src 'self' data: https://user-images.githubusercontent.com" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer" always;
```
The CSP comes from `HEAD "http://[::]:9000/#/chan-1"` to figure out what
@ -33,9 +33,9 @@ TheLounge would be setting without a reverse proxy in front of it. `HEAD` is
in Debian package `libwww-perl`
- Refer to tester tools to see if the configuration is fine:
- https://observatory.mozilla.org/
- https://securityheaders.com/
- https://www.ssllabs.com/ssltest/
- https://observatory.mozilla.org/
- https://securityheaders.com/
- https://www.ssllabs.com/ssltest/
---

26
etc/nginx/conf.d/bitbot.conf
View File

@ -1,17 +1,17 @@
server {
listen 80;
listen 443;
listen 14402;
listen [::]:80;
listen [::]:443;
listen [::]:14402;
ssl_certificate /etc/nginx/ssl/cert.pem;
ssl_certificate_key /etc/nginx/ssl/key.pem;
server_name bitbot.relpda.mikaela.info;
listen 80;
listen 443;
listen 14402;
listen [::]:80;
listen [::]:443;
listen [::]:14402;
ssl_certificate /etc/nginx/ssl/cert.pem;
ssl_certificate_key /etc/nginx/ssl/key.pem;
server_name bitbot.relpda.mikaela.info;
access_log /var/log/nginx/bitbot.access.log main;
access_log /var/log/nginx/bitbot.access.log main;
location / {
proxy_pass http://[::1]:9050;
}
location / {
proxy_pass http://[::1]:9050;
}
}

40
etc/nginx/conf.d/cloudflare.conf
View File

@ -1,20 +1,20 @@
# Cloudflare
set_real_ip_from 199.27.128.0/21;
set_real_ip_from 173.245.48.0/20;
set_real_ip_from 103.21.244.0/22;
set_real_ip_from 103.22.200.0/22;
set_real_ip_from 103.31.4.0/22;
set_real_ip_from 141.101.64.0/18;
set_real_ip_from 108.162.192.0/18;
set_real_ip_from 190.93.240.0/20;
set_real_ip_from 188.114.96.0/20;
set_real_ip_from 197.234.240.0/22;
set_real_ip_from 198.41.128.0/17;
set_real_ip_from 162.158.0.0/15;
set_real_ip_from 104.16.0.0/12;
set_real_ip_from 2400:cb00::/32;
set_real_ip_from 2606:4700::/32;
set_real_ip_from 2803:f800::/32;
set_real_ip_from 2405:b500::/32;
set_real_ip_from 2405:8100::/32;
real_ip_header CF-Connecting-IP;
# Cloudflare
set_real_ip_from 199.27.128.0/21;
set_real_ip_from 173.245.48.0/20;
set_real_ip_from 103.21.244.0/22;
set_real_ip_from 103.22.200.0/22;
set_real_ip_from 103.31.4.0/22;
set_real_ip_from 141.101.64.0/18;
set_real_ip_from 108.162.192.0/18;
set_real_ip_from 190.93.240.0/20;
set_real_ip_from 188.114.96.0/20;
set_real_ip_from 197.234.240.0/22;
set_real_ip_from 198.41.128.0/17;
set_real_ip_from 162.158.0.0/15;
set_real_ip_from 104.16.0.0/12;
set_real_ip_from 2400:cb00::/32;
set_real_ip_from 2606:4700::/32;
set_real_ip_from 2803:f800::/32;
set_real_ip_from 2405:b500::/32;
set_real_ip_from 2405:8100::/32;
real_ip_header CF-Connecting-IP;

88
etc/nginx/conf.d/default.conf
View File

@ -1,57 +1,57 @@
server {
listen 80;
listen 443 ssl;
listen 14402 ssl;
listen [::]:80 ipv6only=on;
listen [::]:443 ssl ipv6only=on;
listen [::]:14402 ssl ipv6only=on;
ssl_certificate /etc/nginx/ssl/cert.pem;
ssl_certificate_key /etc/nginx/ssl/key.pem;
server_name relpda.mikaela.info;
listen 80;
listen 443 ssl;
listen 14402 ssl;
listen [::]:80 ipv6only=on;
listen [::]:443 ssl ipv6only=on;
listen [::]:14402 ssl ipv6only=on;
ssl_certificate /etc/nginx/ssl/cert.pem;
ssl_certificate_key /etc/nginx/ssl/key.pem;
server_name relpda.mikaela.info;
#charset koi8-r;
#access_log /var/log/nginx/host.access.log main;
#charset koi8-r;
#access_log /var/log/nginx/host.access.log main;
#location /api/ {
# proxy_pass http://[::1]:9050;
# }
# proxy_pass http://[::1]:9050;
# }
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
#error_page 404 /404.html;
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}

142
etc/nginx/sites-enabled/old/host
View File

@ -1,94 +1,94 @@
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
listen 443 default_server ssl http2;
listen [::]:443 default_server ssl http2 ipv6only=on;
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
listen 443 default_server ssl http2;
listen [::]:443 default_server ssl http2 ipv6only=on;
root /var/www/default/;
index index.php index.html index.htm;
root /var/www/default/;
index index.php index.html index.htm;
### Generating SSL certificate:
## mkdir -p /etc/nginx/ssl && cd /etc/nginx/ssl
## openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -keyout nginx.key -out nginx.crt
### this takes forever and is used on line 23.
## openssl dhparam -out dhparam.pem 4096
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
# ----- begin of Mozilla Server Side TLS recommendations -----
# **2014-11-07** https://wiki.mozilla.org/Security/Server_Side_TLS
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:50m;
# Diffie-Hellman parameter for DHE ciphersuites, recommended 4096 bits
# See generation on line 14
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
# Diffie-Hellman parameter for DHE ciphersuites, recommended 4096 bits
# See generation on line 14
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
# Intermediate configuration. tweak to your needs.
# comment just for me, don't uncomment.
#ssl_ciphers '';
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
ssl_prefer_server_ciphers on;
# Intermediate configuration. tweak to your needs.
# comment just for me, don't uncomment.
#ssl_ciphers '';
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
ssl_prefer_server_ciphers on;
# Enable this if your want HSTS (recommended)
add_header Strict-Transport-Security "max-age=15552000; includeSubdomains; preload";
add_header X-Frame-Options SAMEORIGIN;
add_header Content-Security-Policy upgrade-insecure-requests;
add_header X-Xss-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
# Enable this if your want HSTS (recommended)
add_header Strict-Transport-Security "max-age=15552000; includeSubdomains; preload";
add_header X-Frame-Options SAMEORIGIN;
add_header Content-Security-Policy upgrade-insecure-requests;
add_header X-Xss-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
# OCSP Stapling ---
# fetch OCSP records from URL in ssl_certificate and cache them
ssl_stapling on;
ssl_stapling_verify on;
## verify chain of trust of OCSP response using Root CA and Intermediate certs
#ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;
#resolver ::1;
# OCSP Stapling ---
# fetch OCSP records from URL in ssl_certificate and cache them
ssl_stapling on;
ssl_stapling_verify on;
## verify chain of trust of OCSP response using Root CA and Intermediate certs
#ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;
#resolver ::1;
# ----- end of Mozilla Server Side TLS recommendations -----
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
autoindex on;
}
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
autoindex on;
}
# Userdir
location ~ ^/~(.+?)(/.*)?$ {
alias /home/$1/public_html$2;
index index.html index.htm;
autoindex on;
}
# Userdir
location ~ ^/~(.+?)(/.*)?$ {
alias /home/$1/public_html$2;
index index.html index.htm;
autoindex on;
}
#error_page 404 /404.html;
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
#error_page 500 502 503 504 /50x.html;
#location = /50x.html {
# root /usr/share/nginx/html;
#}
# redirect server error pages to the static page /50x.html
#
#error_page 500 502 503 504 /50x.html;
#location = /50x.html {
# root /usr/share/nginx/html;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
#
# # With php5-cgi alone:
# fastcgi_pass 127.0.0.1:9000;
# # With php5-fpm:
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
#include fastcgi_params;
include fastcgi.conf;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
#
# # With php5-cgi alone:
# fastcgi_pass 127.0.0.1:9000;
# # With php5-fpm:
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
#include fastcgi_params;
include fastcgi.conf;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.ht {
deny all;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.ht {
deny all;
}
}

26
etc/nginx/sites-enabled/rproxy
View File

@ -1,23 +1,23 @@
server {
listen 80;
listen [::]:80;
listen 443;
listen [::]:443;
listen 80;
listen [::]:80;
listen 443;
listen [::]:443;
# Enable this if your want HSTS (recommended)
add_header Strict-Transport-Security "max-age=15552000; includeSubdomains; preload";
add_header X-Frame-Options SAMEORIGIN;
add_header Content-Security-Policy upgrade-insecure-requests;
add_header X-Xss-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
# Enable this if your want HSTS (recommended)
add_header Strict-Transport-Security "max-age=15552000; includeSubdomains; preload";
add_header X-Frame-Options SAMEORIGIN;
add_header Content-Security-Policy upgrade-insecure-requests;
add_header X-Xss-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
server_name something.example.org;
server_name something.example.org;
# NOTE: For X-Real-IP & X-Forwarded-For see ../conf.d/rproxy.conf
# Behind CloudFlare see ../conf.d/cloudflare.conf
location / {
proxy_pass http://localhost:8080;
}
proxy_pass http://localhost:8080;
}
}

108
etc/nginx/sites-enabled/vhost
View File

@ -1,67 +1,67 @@
server {
# default_server from default vhost must exist somewhere!
listen 80;
listen [::]:80;
listen 443;
listen [::]:443;
# default_server from default vhost must exist somewhere!
listen 80;
listen [::]:80;
listen 443;
listen [::]:443;
# Enable this if your want HSTS (recommended)
add_header Strict-Transport-Security "max-age=15552000; includeSubdomains; preload";
add_header X-Frame-Options SAMEORIGIN;
add_header Content-Security-Policy upgrade-insecure-requests;
add_header X-Xss-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
# Enable this if your want HSTS (recommended)
add_header Strict-Transport-Security "max-age=15552000; includeSubdomains; preload";
add_header X-Frame-Options SAMEORIGIN;
add_header Content-Security-Policy upgrade-insecure-requests;
add_header X-Xss-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
root /var/www/vhostdir;
index index.php index.html index.htm;
root /var/www/vhostdir;
index index.php index.html index.htm;
# vhost address
server_name vhost.example.org;
# vhost address
server_name vhost.example.org;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
autoindex off;
}
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
autoindex off;
}
# Userdir
#ilocation ~ ^/~(.+?)(/.*)?$ {
# alias /home/$1/public_html$2;
# index index.html index.htm;
# autoindex on;
#}
# Userdir
#ilocation ~ ^/~(.+?)(/.*)?$ {
# alias /home/$1/public_html$2;
# index index.html index.htm;
# autoindex on;
#}
#error_page 404 /404.html;
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
#error_page 500 502 503 504 /50x.html;
#location = /50x.html {
# root /usr/share/nginx/html;
#}
# redirect server error pages to the static page /50x.html
#
#error_page 500 502 503 504 /50x.html;
#location = /50x.html {
# root /usr/share/nginx/html;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
#
# # With php5-cgi alone:
# fastcgi_pass 127.0.0.1:9000;
# # With php5-fpm:
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
#include fastcgi_params;
include fastcgi.conf;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
#
# # With php5-cgi alone:
# fastcgi_pass 127.0.0.1:9000;
# # With php5-fpm:
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
#include fastcgi_params;
include fastcgi.conf;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.ht {
deny all;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.ht {
deny all;
}
}

42
etc/oidentd.conf
View File

@ -6,22 +6,22 @@
# Deny everything by default
default {
default {
deny spoof
deny spoof_all
deny spoof_privport
deny random
deny random_numeric
deny numeric
deny hide
}
default {
deny spoof
deny spoof_all
deny spoof_privport
deny random
deny random_numeric
deny numeric
deny hide
}
}
# Don't respond to ident request to root
user root {
default {
force hide
}
default {
force hide
}
}
# Allow user znc to spoof when *Identfile is used
@ -33,13 +33,13 @@ user root {
# /msg *identfile setfile ~/.oidentd.conf
# /msg *identfile setformat global { reply "%user%" }
user "znc" {
default {
allow spoof
allow spoof_all
allow spoof_privport
deny random
deny random_numeric
deny numeric
deny hide
}
default {
allow spoof
allow spoof_all
allow spoof_privport
deny random
deny random_numeric
deny numeric
deny hide
}
}

4
etc/pipewire/media-session.d/README.md
View File

@ -33,9 +33,9 @@ don't exist by default anymore, they need to be copied and edited separately
See also:
- https://gitlab.freedesktop.org/pipewire/pipewire/-/issues/1220
- marked as duplicate of: https://gitlab.freedesktop.org/pipewire/pipewire/-/issues/207
- marked as duplicate of: https://gitlab.freedesktop.org/pipewire/pipewire/-/issues/207
## Bluetooth
- https://www.redpill-linpro.com/techblog/2021/05/31/better-bluetooth-headset-audio-with-msbc.html
- https://web.archive.org/web/20210614103423/https://www.redpill-linpro.com/techblog/2021/05/31/better-bluetooth-headset-audio-with-msbc.html
- https://web.archive.org/web/20210614103423/https://www.redpill-linpro.com/techblog/2021/05/31/better-bluetooth-headset-audio-with-msbc.html

24
etc/radvd.conf
View File

@ -1,15 +1,15 @@
interface eth0
{
AdvSendAdvert on;
AdvOtherConfigFlag on;
prefix 2001:14b8:100:8397::/64
{
AdvOnLink on;
AdvAutonomous on;
};
prefix ULA::/64
{
AdvOnLink on;
AdvAutonomous on;
};
AdvSendAdvert on;
AdvOtherConfigFlag on;
prefix 2001:14b8:100:8397::/64
{
AdvOnLink on;
AdvAutonomous on;
};
prefix ULA::/64
{
AdvOnLink on;
AdvAutonomous on;
};
};

12
etc/resolv.conf
View File

@ -26,9 +26,9 @@ options edns0 single-request-reopen #trust-ad
# !!! /run/systemd/resolve/stub-resolv.conf !!! /usr/lib/systemd/resolv.conf /run/systemd/resolve/resolv.conf
# !!! /run/systemd/resolve/stub-resolv.conf !!! contains search domains and doesn't seem to be
# overwritable and somehow works with Mullvad
# https://github.com/mullvad/mullvadvpn-app/issues/1952
# /usr/lib/systemd/resolv.conf doesn't contain search domains, can
# get overwritten and "broken"
# /run/systemd/resolve/resolv.conf contains uplink resolvers and domains
# SHOULDN'T BE USED!
# overwritable and somehow works with Mullvad
# https://github.com/mullvad/mullvadvpn-app/issues/1952
# /usr/lib/systemd/resolv.conf doesn't contain search domains, can
# get overwritten and "broken"
# /run/systemd/resolve/resolv.conf contains uplink resolvers and domains
# SHOULDN'T BE USED!

10
etc/ssh/ssh_config.d/example.conf
View File

@ -1,6 +1,6 @@
#Host example
#Hostname compuutteri.example.net
#Port 12345
#IdentityFile /home/username/.ssh/privkey
#ProxyJump uzanto@komputilo.example.net:2222
#User account42
#Hostname compuutteri.example.net
#Port 12345
#IdentityFile /home/username/.ssh/privkey
#ProxyJump uzanto@komputilo.example.net:2222
#User account42

4
etc/ssh/sshd_config.d/broken/mikaela-prohibit-password.conf
View File

@ -2,6 +2,6 @@
# in reverse so this file is useless. https://serverfault.com/a/461865
# & OpenSSH_8.4p1
Match User mikaela
PasswordAuthentication no
AuthenticationMethods publickey
PasswordAuthentication no
AuthenticationMethods publickey
Match All

4
etc/ssh/sshd_config.d/user-permit-password.conf
View File

@ -6,6 +6,6 @@
# https://serverfault.com/a/461865 OpenSSH_8.4p1
#Match User someone,somebodyelse,whoever
# PasswordAuthentication yes
# AuthenticationMethods any
# PasswordAuthentication yes
# AuthenticationMethods any
#Match All

28
etc/systemd/resolved.conf.d/README.md
View File

@ -12,31 +12,31 @@ sudo systemctl restart systemd-resolved
## Files explained
- `00-defaults.conf` - configuration not touching resolvers. Disables DNSSEC (as
systemd-resolved doesn't handle it properly), enables opportunistic DoT and
caching.
systemd-resolved doesn't handle it properly), enables opportunistic DoT and
caching.
- `dot-*.conf` - configuration to use the DNS provider with DNS-over-TLS. If
captive portals are a concern, `DNSOverTLS=no`.
captive portals are a concern, `DNSOverTLS=no`.
- `README.md` - you are reading it right now.
## General commentary
- Based on my test DNSOverTLS is not supported in Ubuntu 18.04.x LTS (however
at the time of writing this README.md, the current version is Ubuntu 20.04.0)
(systemd v237). DNSOverTLS became supported in v239, strict mode (yes) in
v243 (big improvements in v244).
- TODO: find out when SNI became supported, I have just spotted it in the
fine manual in 2020-06-??.
at the time of writing this README.md, the current version is Ubuntu 20.04.0)
(systemd v237). DNSOverTLS became supported in v239, strict mode (yes) in
v243 (big improvements in v244).
- TODO: find out when SNI became supported, I have just spotted it in the
fine manual in 2020-06-??.
- Domains has to be `.~` for them to override DHCP. See https://www.internetsociety.org/blog/2018/12/dns-privacy-in-linux-systemd
without which I wouldn't have got this right.
without which I wouldn't have got this right.
- DNSSEC may not work if the system is down for a long time and not updated.
Thus `allow-downgrade` may be better for non-tech people, even with the
potential downgrade attack. There are also captive portals, affecting
`DNSOverTLS`. Both take `yes` or `no` or their own special option,
for DNNSEC the `allow-downgrade`, for DNSOverTLS `opportunistic`.
Thus `allow-downgrade` may be better for non-tech people, even with the
potential downgrade attack. There are also captive portals, affecting
`DNSOverTLS`. Both take `yes` or `no` or their own special option,
for DNNSEC the `allow-downgrade`, for DNSOverTLS `opportunistic`.
Other links I have found important and my files are based on:
- https://wiki.archlinux.org/index.php/Systemd-resolved
- Also provides the serious issues systemd-resolved+DNSSEC issues, https://github.com/systemd/systemd/issues/10579 & https://github.com/systemd/systemd/issues/9867
- Also provides the serious issues systemd-resolved+DNSSEC issues, https://github.com/systemd/systemd/issues/10579 & https://github.com/systemd/systemd/issues/9867
- request for strict DOT: https://github.com/systemd/systemd/issues/10755
- vulnerable to MITM: https://github.com/systemd/systemd/issues/9397

10
etc/systemd/system/README.md
View File

@ -4,12 +4,12 @@ subdirectories. The sudirectories won't exist in the real
and I forget to update this README file if that happens.
- reflector.service is copied from https://wiki.archlinux.org/index.php/Reflector
but uses https instead of http, because there is no reason I would want
someone to see what I download.
but uses https instead of http, because there is no reason I would want
someone to see what I download.
## Worth reading
- Waiting for network devices to have IP address (**I only use this for
cables**) https://wiki.freedesktop.org/www/Software/systemd/NetworkTarget/#cutthecraphowdoimakenetwork.targetworkforme
_ systemctl enable NetworkManager-wait-online.service
_ systemctl enable systemd-networkd-wait-online.service
cables**) https://wiki.freedesktop.org/www/Software/systemd/NetworkTarget/#cutthecraphowdoimakenetwork.targetworkforme
_ systemctl enable NetworkManager-wait-online.service
_ systemctl enable systemd-networkd-wait-online.service

2
etc/systemd/system/sailfish/README.md
View File

@ -3,4 +3,4 @@ Sailfish OS. It doesn't have cron, so I tried the nearest equivalent
that is there out-of-box, systemd timers.
- aliendalvik-stopper again stops android support hourly so it won't waste
battery.
battery.

18
etc/unbound/unbound.conf.d/00-insecure-domains.conf
View File

@ -7,17 +7,17 @@
server:
forward-zone:
name: "mywifiext.net"
forward-tls-upstream: no
forward-addr: 8.8.8.8
name: "mywifiext.net"
forward-tls-upstream: no
forward-addr: 8.8.8.8
forward-zone:
name: "tplinkrepeater.net"
forward-tls-upstream: no
forward-addr: 8.8.8.8
name: "tplinkrepeater.net"
forward-tls-upstream: no
forward-addr: 8.8.8.8
# Can I refer to subdomain as a zone?
forward-zone:
name: "http.badssl.com"
forward-tls-upstream: no
forward-addr: 8.8.8.8
name: "http.badssl.com"
forward-tls-upstream: no
forward-addr: 8.8.8.8

22
etc/unbound/unbound.conf.d/cache.conf
View File

@ -4,14 +4,14 @@
# See also MEMORY CONTROL EXAMPLE in man unbound.conf
server:
# bytes in message cache, defaults to 4m
msg-cache-size: 50m
# bytes in rrset cache, defaults to 4m
rrset-cache-size: 50m
# nxdomain cache, default 1m
neg-cache-size: 10m
# Cache results for 15 minutes even if they had a shorter TTL. Cloudflare
# zone export used to have 1 second, and I have also been seeing 1
# minute in the wild, I think 5 mins shouldn't break anything, but bigger
# might.
cache-min-ttl: 900
# bytes in message cache, defaults to 4m
msg-cache-size: 50m
# bytes in rrset cache, defaults to 4m
rrset-cache-size: 50m
# nxdomain cache, default 1m
neg-cache-size: 10m
# Cache results for 15 minutes even if they had a shorter TTL. Cloudflare
# zone export used to have 1 second, and I have also been seeing 1
# minute in the wild, I think 5 mins shouldn't break anything, but bigger
# might.
cache-min-ttl: 900

66
etc/unbound/unbound.conf.d/dns-over-tls.conf
View File

@ -7,10 +7,10 @@
# root-auto-trust-anchor-file.conf at least on Debian.
server:
# Debian ca-certificates location
tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
# Fedora location
#tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
# Debian ca-certificates location
tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
# Fedora location
#tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
# Hopefully a reasonable set of non-filtering servers including those
# listening on 443, preferably Anycast, but not necessarily.
@ -21,37 +21,37 @@ server:
# (Also I cannot rename this file due to it being linked around))
forward-zone:
name: "."
forward-tls-upstream: yes
name: "."
forward-tls-upstream: yes
# Quad9 - Anycast, Switzerland based
# Non filtering "insecure" servers without DNSSEC, but that is done
# by Unbound locally anyway.
forward-addr: 2620:fe::fe:10@853#dns10.quad9.net
forward-addr: 9.9.9.10@853#dns10.quad9.net
forward-addr: 2620:fe::10@853#dns10.quad9.net
forward-addr: 149.112.112.10@853#dns10.quad9.net
# Quad9 - Anycast, Switzerland based
# Non filtering "insecure" servers without DNSSEC, but that is done
# by Unbound locally anyway.
forward-addr: 2620:fe::fe:10@853#dns10.quad9.net
forward-addr: 9.9.9.10@853#dns10.quad9.net
forward-addr: 2620:fe::10@853#dns10.quad9.net
forward-addr: 149.112.112.10@853#dns10.quad9.net
# Cloudflare DNS - anycast
forward-addr: 2606:4700:4700::1111@853#cloudflare-dns.com
forward-addr: 1.1.1.1@853#cloudflare-dns.com
forward-addr: 2606:4700:4700::1001@853#cloudflare-dns.com
forward-addr: 1.0.0.1@853#cloudflare-dns.com
# Cloudflare DNS - anycast
forward-addr: 2606:4700:4700::1111@853#cloudflare-dns.com
forward-addr: 1.1.1.1@853#cloudflare-dns.com
forward-addr: 2606:4700:4700::1001@853#cloudflare-dns.com
forward-addr: 1.0.0.1@853#cloudflare-dns.com
## DNS-over-TLS on port 443, no filtering. Mainly useful for traveling
## laptops?
# https://appliedprivacy.net/services/dns/ - Vienna, Austria
#forward-addr: 2a02:1b8:10:234::2@443#dot1.applied-privacy.net
#forward-addr: 146.255.56.98@443#dot1.applied-privacy.net
## DNS-over-TLS on port 443, no filtering. Mainly useful for traveling
## laptops?
# https://appliedprivacy.net/services/dns/ - Vienna, Austria
#forward-addr: 2a02:1b8:10:234::2@443#dot1.applied-privacy.net
#forward-addr: 146.255.56.98@443#dot1.applied-privacy.net
# Adguard DNS Unfiltered Anycast
forward-addr: 2a10:50c0::1:ff@853#dns-unfiltered.adguard.com
forward-addr: 2a10:50c0::2:ff@853#dns-unfiltered.adguard.com
forward-addr: 94.140.14.140@853#dns-unfiltered.adguard.com
forward-addr: 94.140.14.141@853#dns-unfiltered.adguard.com
# Adguard DNS Unfiltered Anycast
forward-addr: 2a10:50c0::1:ff@853#dns-unfiltered.adguard.com
forward-addr: 2a10:50c0::2:ff@853#dns-unfiltered.adguard.com
forward-addr: 94.140.14.140@853#dns-unfiltered.adguard.com
forward-addr: 94.140.14.141@853#dns-unfiltered.adguard.com
# NextDNS - anycast
forward-addr: 45.90.28.0@853#dns1.nextdns.io
forward-addr: 2a07:a8c0::@853#dns1.nextdns.io
forward-addr: 45.90.30.0@853#dns2.nextdns.io
forward-addr: 2a07:a8c1::@853#dns2.nextdns.io
# NextDNS - anycast
forward-addr: 45.90.28.0@853#dns1.nextdns.io
forward-addr: 2a07:a8c0::@853#dns1.nextdns.io
forward-addr: 45.90.30.0@853#dns2.nextdns.io
forward-addr: 2a07:a8c1::@853#dns2.nextdns.io

30
etc/unbound/unbound.conf.d/dns64-over-tls.conf
View File

@ -2,23 +2,23 @@
# are currently rare. And this is more of a placeholder.
server:
# Debian ca-certificates location
tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
# ctrl.blog says this is the Fedora location
#tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
# Debian ca-certificates location
tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
# ctrl.blog says this is the Fedora location
#tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
# Forward queries to
forward-zone:
name: "."
forward-tls-upstream: yes
name: "."
forward-tls-upstream: yes
# Google DNS64 for 64:ff9b::/96
# As of 2019-08-25 this doesn't seem to actually be working, but I hope
# Google will fix it by the time I actually have IPv6 only hosts and
# there will be not-Google options.
#forward-addr: 2001:4860:4860::6464@853#dns64.dns.google
#forward-addr: 2001:4860:4860::64@853#dns64.dns.google
# Google DNS64 for 64:ff9b::/96
# As of 2019-08-25 this doesn't seem to actually be working, but I hope
# Google will fix it by the time I actually have IPv6 only hosts and
# there will be not-Google options.
#forward-addr: 2001:4860:4860::6464@853#dns64.dns.google
#forward-addr: 2001:4860:4860::64@853#dns64.dns.google
# Cloudflare for 64:ff9b::/96
forward-addr: 2606:4700:4700::64@853#dns64.cloudflare-dns.com
forward-addr: 2606:4700:4700::6400@853#dns64.cloudflare-dns.com
# Cloudflare for 64:ff9b::/96
forward-addr: 2606:4700:4700::64@853#dns64.cloudflare-dns.com
forward-addr: 2606:4700:4700::6400@853#dns64.cloudflare-dns.com

4
etc/unbound/unbound.conf.d/dnscrypt-proxy.conf
View File

@ -1,5 +1,5 @@
# From https://wiki.archlinux.org/index.php/DNSCrypt
do-not-query-localhost: no
forward-zone:
name: "."
forward-addr: 127.0.2.1@53
name: "."
forward-addr: 127.0.2.1@53

20
etc/unbound/unbound.conf.d/dot-adguard.conf
View File

@ -1,15 +1,15 @@
server:
# Debian ca-certificates location
tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
# ctrl.blog says this is the Fedora location
#tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
# Debian ca-certificates location
tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
# ctrl.blog says this is the Fedora location
#tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
forward-zone:
name: "."
forward-tls-upstream: yes
forward-addr: 2a10:50c0::ad1:ff@853#dns.adguard.com
forward-addr: 94.140.14.14@853#dns.adguard.com
forward-addr: 2a10:50c0::ad2:ff@853#dns.adguard.com
forward-addr: 94.140.15.15@853#dns.adguard.com
name: "."
forward-tls-upstream: yes
forward-addr: 2a10:50c0::ad1:ff@853#dns.adguard.com
forward-addr: 94.140.14.14@853#dns.adguard.com
forward-addr: 2a10:50c0::ad2:ff@853#dns.adguard.com
forward-addr: 94.140.15.15@853#dns.adguard.com
# Updated for https://adguard.com/en/blog/adguard-dns-new-addresses.html

32
etc/unbound/unbound.conf.d/dot-fluhable-cache.conf
View File

@ -2,25 +2,25 @@
# Based on https://www.ctrl.blog/entry/unbound-tls-forwarding.html
server:
# Debian ca-certificates location
tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
# Fedora location
#tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
# Debian ca-certificates location
tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
# Fedora location
#tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
# DNS servers that have public button for flushing cache. Privacy not considered.
forward-zone:
name: "."
forward-tls-upstream: yes
name: "."
forward-tls-upstream: yes
# Cloudflare / https://1.1.1.1/purge-cache/
forward-addr: 2606:4700:4700::1111@853#cloudflare-dns.com
forward-addr: 1.1.1.1@853#cloudflare-dns.com
forward-addr: 2606:4700:4700::1001@853#cloudflare-dns.com
forward-addr: 1.0.0.1@853#cloudflare-dns.com
# Cloudflare / https://1.1.1.1/purge-cache/
forward-addr: 2606:4700:4700::1111@853#cloudflare-dns.com
forward-addr: 1.1.1.1@853#cloudflare-dns.com
forward-addr: 2606:4700:4700::1001@853#cloudflare-dns.com
forward-addr: 1.0.0.1@853#cloudflare-dns.com
# Google / https://dns.google/cache
forward-addr: 8.8.8.8@853#dns.google
forward-addr: 8.8.4.4@853#dns.google
forward-addr: 2001:4860:4860::8888@853#dns.google
forward-addr: 2001:4860:4860::8844@853#dns.google
# Google / https://dns.google/cache
forward-addr: 8.8.8.8@853#dns.google
forward-addr: 8.8.4.4@853#dns.google
forward-addr: 2001:4860:4860::8888@853#dns.google
forward-addr: 2001:4860:4860::8844@853#dns.google

18
etc/unbound/unbound.conf.d/dot-mullvad-adblock.conf
View File

@ -1,12 +1,12 @@
server:
# Debian ca-certificates location
tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
# ctrl.blog says this is the Fedora location
#tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
# Debian ca-certificates location
tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
# ctrl.blog says this is the Fedora location
#tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
forward-zone:
name: "."
forward-tls-upstream: yes
forward-addr: 2a07:e340::3@853#adblock.doh.mullvad.net
forward-addr: 194.242.2.3@853#adblock.doh.mullvad.net
forward-addr: 193.19.108.3@853#adblock.doh.mullvad.net
name: "."
forward-tls-upstream: yes
forward-addr: 2a07:e340::3@853#adblock.doh.mullvad.net
forward-addr: 194.242.2.3@853#adblock.doh.mullvad.net
forward-addr: 193.19.108.3@853#adblock.doh.mullvad.net

18
etc/unbound/unbound.conf.d/dot-mullvad.conf
View File

@ -1,12 +1,12 @@
server:
# Debian ca-certificates location
tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
# ctrl.blog says this is the Fedora location
#tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
# Debian ca-certificates location
tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
# ctrl.blog says this is the Fedora location
#tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
forward-zone:
name: "."
forward-tls-upstream: yes
forward-addr: 2a07:e340::2@853#doh.mullvad.net
forward-addr: 194.242.2.2@853#doh.mullvad.net
forward-addr: 193.19.108.2@853#doh.mullvad.net
name: "."
forward-tls-upstream: yes
forward-addr: 2a07:e340::2@853#doh.mullvad.net
forward-addr: 194.242.2.2@853#doh.mullvad.net
forward-addr: 193.19.108.2@853#doh.mullvad.net

20
etc/unbound/unbound.conf.d/dot-quad9-ecs.conf
View File

@ -1,13 +1,13 @@
server:
# Debian ca-certificates location
tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
# ctrl.blog says this is the Fedora location
#tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
# Debian ca-certificates location
tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
# ctrl.blog says this is the Fedora location
#tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
forward-zone:
name: "."
forward-tls-upstream: yes
forward-addr: 2620:fe::fe:11@853#dns11.quad9.net
forward-addr: 9.9.9.11@853#dns11.quad9.net
forward-addr: 2620:fe::11@853#dns11.quad9.net
forward-addr: 149.112.112.11@853#dns11.quad9.net
name: "."
forward-tls-upstream: yes
forward-addr: 2620:fe::fe:11@853#dns11.quad9.net
forward-addr: 9.9.9.11@853#dns11.quad9.net
forward-addr: 2620:fe::11@853#dns11.quad9.net
forward-addr: 149.112.112.11@853#dns11.quad9.net

20
etc/unbound/unbound.conf.d/dot-quad9.conf
View File

@ -1,13 +1,13 @@
server:
# Debian ca-certificates location
tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
# ctrl.blog says this is the Fedora location
#tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
# Debian ca-certificates location
tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
# ctrl.blog says this is the Fedora location
#tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
forward-zone:
name: "."
forward-tls-upstream: yes
forward-addr: 2620:fe::fe@853#dns.quad9.net
forward-addr: 9.9.9.9@853#dns.quad9.net
forward-addr: 2620:fe::9@853#dns.quad9.net
forward-addr: 149.112.112.112@853#dns.quad9.net
name: "."
forward-tls-upstream: yes
forward-addr: 2620:fe::fe@853#dns.quad9.net
forward-addr: 9.9.9.9@853#dns.quad9.net
forward-addr: 2620:fe::9@853#dns.quad9.net
forward-addr: 149.112.112.112@853#dns.quad9.net

4
etc/unbound/unbound.conf.d/ipv6.conf
View File

@ -1,3 +1,3 @@
server:
# Prefer IPv6 transport for sending DNS queries to internet nameservers.
prefer-ip6: yes
# Prefer IPv6 transport for sending DNS queries to internet nameservers.
prefer-ip6: yes

18
etc/unbound/unbound.conf.d/logging.conf
View File

@ -1,10 +1,10 @@
server:
use-syslog: yes
#logfile: "/tmp/unbound.log"
# level 0 means no verbosity, only errors. Level 1 gives operational
# information. Level 2 gives detailed operational information. Level 3
# gives query level information, output per query. Level 4 gives
# algorithm level information.
verbosity: 2
# Print statistics to the log hourly
statistics-interval: 3600
use-syslog: yes
#logfile: "/tmp/unbound.log"
# level 0 means no verbosity, only errors. Level 1 gives operational
# information. Level 2 gives detailed operational information. Level 3
# gives query level information, output per query. Level 4 gives
# algorithm level information.
verbosity: 2
# Print statistics to the log hourly
statistics-interval: 3600

26
etc/unbound/unbound.conf.d/plain-dns64.conf
View File

@ -2,19 +2,19 @@
# Check dns64-over-tls.conf instead!
forward-zone:
name: "."
name: "."
# Cloudflare DNS64 for 64:ff9b::/96
forward-addr: 2606:4700:4700::64
forward-addr: 2606:4700:4700::6400
# Cloudflare DNS64 for 64:ff9b::/96
forward-addr: 2606:4700:4700::64
forward-addr: 2606:4700:4700::6400
# Trex DNS64/NAT64 <http://www.trex.fi/2011/dns64.html>
# > The generated AAAA records point to address blocks in TREX's public
# address space 2001:67c:2b0::/48 so they are usable from anywhere on
# the Internet.
forward-addr: 2001:67c:2b0::4
forward-addr: 2001:67c:2b0::6
# Trex DNS64/NAT64 <http://www.trex.fi/2011/dns64.html>
# > The generated AAAA records point to address blocks in TREX's public
# address space 2001:67c:2b0::/48 so they are usable from anywhere on
# the Internet.
forward-addr: 2001:67c:2b0::4
forward-addr: 2001:67c:2b0::6
# Google DNS64 for 64:ff9b::/96 (reserved NAT64 space)
#forward-addr: 2001:4860:4860::6464
#forward-addr: 2001:4860:4860::64
# Google DNS64 for 64:ff9b::/96 (reserved NAT64 space)
#forward-addr: 2001:4860:4860::6464
#forward-addr: 2001:4860:4860::64

6
etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf
View File

@ -1,6 +1,6 @@
# This is another Debian default, that I may be missing under Arch, even
# if the location changes.
server:
# The following line will configure unbound to perform cryptographic
# DNSSEC validation using the root trust anchor.
auto-trust-anchor-file: "/var/lib/unbound/root.key"
# The following line will configure unbound to perform cryptographic
# DNSSEC validation using the root trust anchor.
auto-trust-anchor-file: "/var/lib/unbound/root.key"

6
etc/unbound/unbound.conf.d/threads.conf
View File

@ -1,4 +1,4 @@
server:
# Use two threads, I think more than 1 threads will help with Firefox
# at times telling name resolution failed
num-threads: 2
# Use two threads, I think more than 1 threads will help with Firefox
# at times telling name resolution failed
num-threads: 2

2
gpg/gpg.conf
View File

@ -5,7 +5,7 @@
# This file is free software; as a special exception the author gives
# unlimited permission to copy and/or distribute it, with or without
# modifications, as long as this notice is preserved.
#
#
# This file is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

6
install
View File

@ -18,7 +18,7 @@ cat conf/makepkg.conf > ~/.makepkg.conf
mkdir -p ~/.config/mpv/
cat conf/mpv.conf > ~/.config/mpv/mpv.conf
if [ ! -f ~/.oidentd.conf ]; then
cat conf/oidentd.conf > ~/.oidentd.conf
cat conf/oidentd.conf > ~/.oidentd.conf
fi
mkdir -p ~/.gnupg
cat gpg/gpg.conf > ~/.gnupg/gpg.conf
@ -37,12 +37,12 @@ bash -x ./chmod&
if [ -f $HOME/.MIKAELAGREP ]
then
mv $HOME/.MIKAELAGREP $MIKAELA_GREP
mv $HOME/.MIKAELAGREP $MIKAELA_GREP
fi
if [ -f "$MIKAELA_GREP" ]
then
bash -x .mikaela_install
bash -x .mikaela_install
fi
set +x

42
rc/bashrc
View File

@ -108,7 +108,7 @@ if [[ $UNAME = Darwin ]]; then
alias l="ls -CFGp"
fi
# Add an "alert" alias for long running commands. Use like so:
# Add an "alert" alias for long running commands. Use like so:
# sleep 10; alert
alias alert='notify-send --urgency=low -i "$([ $? = 0 ] && echo terminal || echo error)" "$(history|tail -n1|sed -e '\''s/^\s*[0-9]\+\s*//;s/[;&|]\s*alert$//'\'')"'
@ -276,7 +276,7 @@ alias nmap-quick-plus="sudo nmap -sV -T4 -O -F --version-light "
alias nmap-traceroute="sudo nmap -sP -PE -PS22,25,80 -PA21,23,80,3389 -PU -PO --traceroute "
alias nmap-regular="nmap "
alias nmap-comprehensive="sudo nmap -sS -sU -T4 -A -v -PE -PP -PS21,22,23,25,80,113,31339 -PA80,113,443,10042 -PO --script all "
# Little "safer" scan as connecting to only HTTP and HTTPS ports doesn't look so attacking. Copy-paste to .bash_custom and remove " -p 80,443" if you want to scan all ports which nmap scans by default.
# Little "safer" scan as connecting to only HTTP and HTTPS ports doesn't look so attacking. Copy-paste to .bash_custom and remove " -p 80,443" if you want to scan all ports which nmap scans by default.
alias nmap-osscan="sudo nmap -p 80,443 -O -v --osscan-guess --fuzzy "
# Downloads folder over SSH. Usage: rdownload <host>:<remotefolder> <local_destination> | TIP: use ~/ssh/config to configure hosts.
@ -530,7 +530,7 @@ alias mpvms="mpv --no-video --shuffle"
# Compatibility with my i3 alsactl mess
if [ -f ~/.config/asound.state ]
then
alias alsactl="\alsactl -f ~/.config/asound.state"
alias alsactl="\alsactl -f ~/.config/asound.state"
fi
# More simple SSH file signing, ~/.ssh/signingkey.pub should be a symlink
@ -573,26 +573,26 @@ function ex ()
{
if [ -f "$1" ] ; then
case "$1" in
*.tar) tar xvf $1 ;;
*.tar.bz2 | *.tbz2 ) tar xjvf $1 ;;
*.tar.gz | *.tgz ) tar xzvf $1 ;;
*.bz2) bunzip2 $1 ;;
*.rar) unrar x $1 ;;
*.gz) gunzip $1 ;;
*.zip) unzip $1 ;;
*.Z) uncompress $1 ;;
*.7z) 7z x $1 ;;
*.xz) tar xJvf $1 ;;
*.deb)
DIR=${1%%_*.deb}
ar xv $1
mkdir ${DIR}
tar -C ${DIR} -xzvf data.tar.gz ;;
*.rpm) rpm2cpio $1 | cpio -vid ;;
*) echo ""${1}" cannot be extracted via extract()"
*.tar) tar xvf $1 ;;
*.tar.bz2 | *.tbz2 ) tar xjvf $1 ;;
*.tar.gz | *.tgz ) tar xzvf $1 ;;
*.bz2) bunzip2 $1 ;;
*.rar) unrar x $1 ;;
*.gz) gunzip $1 ;;
*.zip) unzip $1 ;;
*.Z) uncompress $1 ;;
*.7z) 7z x $1 ;;
*.xz) tar xJvf $1 ;;
*.deb)
DIR=${1%%_*.deb}
ar xv $1
mkdir ${DIR}
tar -C ${DIR} -xzvf data.tar.gz ;;
*.rpm) rpm2cpio $1 | cpio -vid ;;
*) echo ""${1}" cannot be extracted via extract()"
;;
esac
else
else
echo ""${1}" is not a valid file"
fi
}

6
rc/vimrc
View File

@ -79,9 +79,9 @@ filetype plugin indent on
" Return to last edit position when opening files (You want this!)
autocmd BufReadPost *
\ if line("'\"") > 0 && line("'\"") <= line("$") |
\ exe "normal! g`\"" |
\ endif
\ if line("'\"") > 0 && line("'\"") <= line("$") |
\ exe "normal! g`\"" |
\ endif
" I think leaving line endings to git may be more safe
" dos2unix ^M copied from https://stackoverflow.com/a/5361702/1675649

50
rc/zshrc
View File

@ -11,20 +11,20 @@ UNAME=$(uname)
# Dynamic window title via https://stackoverflow.com/a/20772424
## BREAKS TMUX TITLE CHANGING WHICH IS BETTER THAN THIS.
#case $TERM in
# (*xterm* | *rxvt*)
# (*xterm* | *rxvt*)
# Write some info to terminal title.
# This is seen when the shell prompts for input.
# function precmd {
# print -Pn "\e]0;zsh%L %(1j,%j job%(2j|s|); ,)%~\a"
# print -Pn "\e]0;zsh%L %(1j,%j job%(2j|s|); ,)%~\a"
# }
# Write command and args to terminal title.
# This is seen while the shell waits for a command to complete.
# function preexec {
# printf "\033]0;%s\a" "$1"
# printf "\033]0;%s\a" "$1"
# }
#
# ;;
#;;
#esac
# enable terminal bell
@ -232,7 +232,7 @@ alias nmap-quick-plus="sudo nmap -sV -T4 -O -F --version-light "
alias nmap-traceroute="sudo nmap -sP -PE -PS22,25,80 -PA21,23,80,3389 -PU -PO --traceroute "
alias nmap-regular="nmap "
alias nmap-comprehensive="sudo nmap -sS -sU -T4 -A -v -PE -PP -PS21,22,23,25,80,113,31339 -PA80,113,443,10042 -PO --script all "
# Little "safer" scan as connecting to only HTTP and HTTPS ports doesn't look so attacking. Copy-paste to .zsh_custom and remove " -p 80,443" if you want to scan all ports which nmap scans by default.
# Little "safer" scan as connecting to only HTTP and HTTPS ports doesn't look so attacking. Copy-paste to .zsh_custom and remove" -p 80,443" if you want to scan all ports which nmap scans by default.
alias nmap-osscan="sudo nmap -p 80,443 -O -v --osscan-guess --fuzzy "
# Downloads folder over SSH. Usage: rdownload <host>:<remotefolder> <local_destination> | TIP: use ~/ssh/config to configure hosts.
@ -281,7 +281,7 @@ if [[ $UNAME = Darwin ]]; then
alias l="ls -CFGp"
fi
# Add an "alert" alias for long running commands. Use like so:
# Add an "alert" alias for long running commands. Use like so:
alias alert='notify-send --urgency=low -i "$([ $? = 0 ] && echo terminal || echo error)" "$(history|tail -n1|sed -e '\''s/^\s*[0-9]\+\s*//;s/[;&|]\s*alert$//'\'')"'
## -- End of aliases which are saved from Ubuntu default bashrc. --
@ -507,7 +507,7 @@ alias mpvms="mpv --no-video --shuffle"
# Compatibility with my i3 alsactl mess
if [ -f ~/.config/asound.state ]
then
alias alsactl="\alsactl -f ~/.config/asound.state"
alias alsactl="\alsactl -f ~/.config/asound.state"
fi
# More simple SSH file signing, ~/.ssh/signingkey.pub should be a symlink
@ -550,26 +550,26 @@ function ex ()
{
if [ -f "$1" ] ; then
case "$1" in
*.tar) tar xvf $1 ;;
*.tar.bz2 | *.tbz2 ) tar xjvf $1 ;;
*.tar.gz | *.tgz ) tar xzvf $1 ;;
*.bz2) bunzip2 $1 ;;
*.rar) unrar x $1 ;;
*.gz) gunzip $1 ;;
*.zip) unzip $1 ;;
*.Z) uncompress $1 ;;
*.7z) 7z x $1 ;;
*.xz) tar xJvf $1 ;;
*.deb)
DIR=${1%%_*.deb}
ar xv $1
mkdir ${DIR}
tar -C ${DIR} -xzvf data.tar.gz ;;
*.rpm) rpm2cpio $1 | cpio -vid ;;
*) echo ""${1}" cannot be extracted via extract()"
*.tar) tar xvf $1 ;;
*.tar.bz2 | *.tbz2 ) tar xjvf $1 ;;
*.tar.gz | *.tgz ) tar xzvf $1 ;;
*.bz2) bunzip2 $1 ;;
*.rar) unrar x $1 ;;
*.gz) gunzip $1 ;;
*.zip) unzip $1 ;;
*.Z) uncompress $1 ;;
*.7z) 7z x $1 ;;
*.xz) tar xJvf $1 ;;
*.deb)
DIR=${1%%_*.deb}
ar xv $1
mkdir ${DIR}
tar -C ${DIR} -xzvf data.tar.gz ;;
*.rpm) rpm2cpio $1 | cpio -vid ;;
*) echo ""${1}" cannot be extracted via extract()"
;;
esac
else
else
echo ""${1}" is not a valid file"
fi
}

14
var/lib/iwd/README.md
View File

@ -6,14 +6,14 @@ NetworkManager.
Notes:
- `git commit`ing the same SSID with different capitalisations breaks
Windows and more common macOS setups due to their filesystems being
case-insensitive.
Windows and more common macOS setups due to their filesystems being
case-insensitive.
- `Settings.AutoConnect=true` is unnecessary as it defaults to true
according to `man iwd.network`.
according to `man iwd.network`.
- `IPv6.Enabled=true` defauls to true being also unnecessary.
- `private-home-sample.psk` has a comment on MAC address override and sends
hostname with IPv4 DHCP. `private-cafe-sample.psk` always randomizes MAC
address and doesn't send hostname.
hostname with IPv4 DHCP. `private-cafe-sample.psk` always randomizes MAC
address and doesn't send hostname.
- The `.open` networks always randomize MAC address too. If a network is
private and needs MAC address for captive portal override or something,
`private-home-sample.psk` should be adjusted from.
private and needs MAC address for captive portal override or something,
`private-home-sample.psk` should be adjusted from.