sastisfy editorconfig check

2025-02-17 14:10:46 +01:00 · 2023-02-21 19:08:54 +02:00 · 2023-02-21 19:08:54 +02:00 · 2e6a03d402
commit 2e6a03d402
parent cff2ac755f
69 changed files with 893 additions and 893 deletions
--- a/.mikaela/pastebinit.xml
+++ b/.mikaela/pastebinit.xml
@ -1,6 +1,6 @@
 <pastebinit>
-    <pastebin>http://sprunge.us</pastebin>
+	<pastebin>http://sprunge.us</pastebin>
-    <author>Mikaela</author>
+	<author>Mikaela</author>
-    <jabberid>mikaela@kapsi.fi</jabberid>
+	<jabberid>mikaela@kapsi.fi</jabberid>
-    <format>text</format>
+	<format>text</format>
 </pastebinit>
--- a/README.md
+++ b/README.md
@ -4,7 +4,7 @@ repository as dotfiles, but historical reasons...
 # Directories explained
 - .mikaela — files that most likely aren't suitable for places where other
-  people than me have access too
+	people than me have access too
 - Windows — files releated to Windows
 - conf — config files like .tmux.conf
 - etc — /etc/
--- a/Windows/.gitattributes
+++ b/Windows/.gitattributes
@ -1 +1 @@
-* text=auto eol=crlf
+*	text=auto eol=crlf
--- a/Windows/10to11/README.md
+++ b/Windows/10to11/README.md
@ -22,11 +22,11 @@ I think the first method is likely the best, but I cannot rule these working
 on another system out yet. They didn't work on my first system tried.
 - `00-AllowUpgradesWithUnsupportedTPMOrCPU.reg` - the official Microsoft
-  recommendation and the only one that should be used. If after reboot
+	recommendation and the only one that should be used. If after reboot
-  nothing happens, maybe try the rest rebooting every failure.
+	nothing happens, maybe try the rest rebooting every failure.
-  - https://support.microsoft.com/windows/windows-11-n-asentaminen-e0edbbfb-cfc5-4011-868b-2ce77ac7c70e
+	- https://support.microsoft.com/windows/windows-11-n-asentaminen-e0edbbfb-cfc5-4011-868b-2ce77ac7c70e
 - `01-LabConfig.reg` - widely reported to work
 - `01-Setup.reg` - ^
 - `02-DevRing.reg` - after joining the Insider program, this should enforce
-  joining to Dev ring which should offer Windows 11 instantly. It may be
+	joining to Dev ring which should offer Windows 11 instantly. It may be
-  advisable to leave after successful update.
+	advisable to leave after successful update.
--- a/Windows/CVE-2018-3639.reg
+++ b/Windows/CVE-2018-3639.reg
--- a/Windows/DoH/README.md
+++ b/Windows/DoH/README.md
@ -3,17 +3,17 @@
 Requires Windows 11.
 - `GPO-EnforceDoH.reg` enables the group policy to require DoH. However it
-  didn't seem to work for me or it allowed me to set the DNS server to not
+	didn't seem to work for me or it allowed me to set the DNS server to not
-  use DoH.
+	use DoH.
 - `DohWellKnownServers` adds DoH support for multiple IPv4 & IPv6 addresses
-  that Windows 11 isn't shipping by default, currently:
+	that Windows 11 isn't shipping by default, currently:
-  - Adguard
+	- Adguard
-  - Cloudflare antimalware
+	- Cloudflare antimalware
-  - DNS0 (& Zero)
+	- DNS0 (& Zero)
-  - Mullvad
+	- Mullvad
-  - Mullvad Adblock
+	- Mullvad Adblock
-  - Quad9 ECS (Windows 11 defaults include Quad9 default)
+	- Quad9 ECS (Windows 11 defaults include Quad9 default)
 ## Configuration
@ -21,6 +21,6 @@ Once Windows knows about the DoH servers (DohWellKnownServers.reg), DNS-over
 HTTPS can be enabled for:
 - All networks: `Windows-I (Settings) -> Network & Internet -> Advanced network settings -> WLAN -> View additional properties -> DNS Server assignment -> Edit`
-  - Same place for Ethernet etc.
+	- Same place for Ethernet etc.
 - Specific network: `Windows-I (Settings) -> Network & Internet -> WiFi -> Connected SSID -> DNS server assignment -> Edit`
-  - Note: if the all networks one is configured, there is a warning about it not being used.
+	- Note: if the all networks one is configured, there is a warning about it not being used.
--- a/Windows/IPv6.reg.markdown
+++ b/Windows/IPv6.reg.markdown
@ -3,6 +3,6 @@ Some kind of explaining for [IPv6.reg](IPv6.reg) like
 - Resolve IPv6 even without native connectivity.
 - Enable Teredo
-  - As EnterpriseClient so it also works when joined into domain.
+	- As EnterpriseClient so it also works when joined into domain.
 - Use `teredo.trex.fi` as Teredo server. This should be replaced with
-  something that is as near as possible.
+	something that is as near as possible.
--- a/Windows/Windows.reg.markdown
+++ b/Windows/Windows.reg.markdown
@ -9,10 +9,10 @@ Windows Registry Editor Version 5.00
 - Make the file Windows Registry Editor script
 - Ask admins for password/PIN in UAC
-  - 2 would ask for yes or no, 0 disable entirely (don't do that).
+	- 2 would ask for yes or no, 0 disable entirely (don't do that).
 - prompt standard users for username and password. 2021-12-19: I don't understand this or the line below.
-  - The other option (1) doesn't even give them UAC prompt so you must
+	- The other option (1) doesn't even give them UAC prompt so you must
-    always login as admin to do anything.
+	always login as admin to do anything.
 ```
 "dontdisplaylastusername"=dword:00000000
@ -39,8 +39,8 @@ Windows Registry Editor Version 5.00
 ```
 - Sets hardware clock to UTC time (doesn't affect system clock!)
-  - qword for 64-bit, dword for 32-bit systems. The actual reg file has
+	- qword for 64-bit, dword for 32-bit systems. The actual reg file has
-    only qword as I haven't seen 32-bit Windowses lately.
+	only qword as I haven't seen 32-bit Windowses lately.
 ```
 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters]
--- a/Windows/time/README.md
+++ b/Windows/time/README.md
@ -7,16 +7,16 @@ w32tm /query /peers
 ```
 - The list is space separated NTP servers, while I think Windows uses SNTP instead
-  of NTP.
+	of NTP.
 - `/resync` may sync current time, but is also required for the GUI
-  (Windows + I, Date & time) and following command to get aware of peers.
+	(Windows + I, Date & time) and following command to get aware of peers.
 - Shows where time is synced from and statistics.
-  - There is also `net time` to sync, I am unsure of the differences while
+	- There is also `net time` to sync, I am unsure of the differences while
-    that may be blocked while the second keeps working. It may also not
+	that may be blocked while the second keeps working. It may also not
-    show all the peers, just the primary one, while `w32tm` is more verbose
+	show all the peers, just the primary one, while `w32tm` is more verbose
-    and has all of them.
+	and has all of them.
 - As Windows doesn't support NTS and probably won't in near future, there is
-  no point in listing distant foreign servers.
+	no point in listing distant foreign servers.
 ## Variations
@ -47,14 +47,14 @@ w32tm /config /syncfromflags:manual /manualpeerlist:"time.cloudflare.com ntp1.ko
 - https://www.netnod.se/nts/network-time-security
 - https://www.vttresearch.com/fi/palvelut/suomen-aika-ntp-palvelu#julkinen
 - https://www.ntppool.org/use.html
-  - Also mentions the syntax for multiple servers, but considering this Elisa
+	- Also mentions the syntax for multiple servers, but considering this Elisa
-    list has so many servers I am only picking one pool address just in case
+	list has so many servers I am only picking one pool address just in case
-    the others somehow fail.
+	the others somehow fail.
 ## Additional reading
 - Above links
 - https://jasoncoltrin.com/2018/08/02/how-to-set-clock-time-on-ad-domain-controller-and-sync-windows-clients/
-  - this file might not exist without this post, while it doesn't mention
+	- this file might not exist without this post, while it doesn't mention
-    multiple servers, uses `time.windows.com` and I am yet to actually touch
+	multiple servers, uses `time.windows.com` and I am yet to actually touch
-    NTP on Windows Server environment.
+	NTP on Windows Server environment.
--- a/conf/conky/conky.conf
+++ b/conf/conky/conky.conf
@ -19,48 +19,48 @@ the Free Software Foundation, either version 3 of the License, or
 This program is distributed in the hope that it will be useful,
 but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 GNU General Public License for more details.
 You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
+along with this program. If not, see <http://www.gnu.org/licenses/>.
 ]]
 conky.config = {
-    alignment = 'top_left',
+	alignment = 'top_left',
-    background = true,
+	background = true,
-    border_width = 1,
+	border_width = 1,
-    cpu_avg_samples = 2,
+	cpu_avg_samples = 2,
-    default_color = '#dedede',
+	default_color = '#dedede',
-    default_outline_color = '#dedede',
+	default_outline_color = '#dedede',
-    default_shade_color = '#dedede',
+	default_shade_color = '#dedede',
-    draw_borders = true,
+	draw_borders = true,
-    draw_graph_borders = true,
+	draw_graph_borders = true,
-    draw_outline = false,
+	draw_outline = false,
-    draw_shades = false,
+	draw_shades = false,
-    use_xft = true,
+	use_xft = true,
-    font = 'DejaVu Sans Mono:size=8',
+	font = 'DejaVu Sans Mono:size=8',
-    gap_x = 6,
+	gap_x = 6,
-    gap_y = 28,
+	gap_y = 28,
-    minimum_height = 5,
+	minimum_height = 5,
-    minimum_width = 5,
+	minimum_width = 5,
-    net_avg_samples = 2,
+	net_avg_samples = 2,
-    no_buffers = true,
+	no_buffers = true,
-    out_to_console = false,
+	out_to_console = false,
-    out_to_stderr = false,
+	out_to_stderr = false,
-    extra_newline = false,
+	extra_newline = false,
-    own_window = true,
+	own_window = true,
-    own_window_transparent = false,
+	own_window_transparent = false,
-    own_window_argb_visual = true,
+	own_window_argb_visual = true,
-    own_window_argb_value = 95,
+	own_window_argb_value = 95,
-    own_window_class = 'Conky',
+	own_window_class = 'Conky',
-    own_window_type = 'override',
+	own_window_type = 'override',
-    stippled_borders = 0,
+	stippled_borders = 0,
-    update_interval = 5,
+	update_interval = 5,
-    uppercase = false,
+	uppercase = false,
-    use_spacer = 'none',
+	use_spacer = 'none',
-    show_graph_scale = false,
+	show_graph_scale = false,
-    show_graph_range = false,
+	show_graph_range = false,
-    double_buffer = true
+	double_buffer = true
 }
 conky.text = [[
@ -72,16 +72,16 @@ ${color grey}Frequency (in GHz):$color $freq_g
 ${color grey}RAM Usage:$color $mem/$memmax - $memperc% ${membar 4}
 ${color grey}Swap Usage:$color $swap/$swapmax - $swapperc% ${swapbar 4}
 ${color grey}CPU Usage:$color $cpu% ${cpubar 4}
-${color grey}Processes:$color $processes  ${color grey}Running:$color $running_processes
+${color grey}Processes:$color $processes ${color grey}Running:$color $running_processes
 $hr
 ${color grey}File systems:
- / $color${fs_used /}/${fs_size /} ${fs_bar 6 /}
+	/ $color${fs_used /}/${fs_size /} ${fs_bar 6 /}
 ${color grey} /home $color${fs_used /home}/${fs_size /home} ${fs_bar 6 /}
 ${color grey}HDD Temperature:${color} $hddtemp °C
 ${color grey}Networking:
- eth0  Up:$color ${upspeed eth0} ${color grey} - Down:$color ${downspeed eth0}
+	eth0 Up:$color ${upspeed eth0} ${color grey} - Down:$color ${downspeed eth0}
- ${color grey}wlan0 Up:$color ${upspeed wlan0} ${color grey} - Down:$color ${downspeed wlan0}
+	${color grey}wlan0 Up:$color ${upspeed wlan0} ${color grey} - Down:$color ${downspeed wlan0}
- ${color grey}yggdrasil Up:$color ${upspeed yggdrasil} ${color grey} - Down:$color ${downspeed yggdrasil}
+	${color grey}yggdrasil Up:$color ${upspeed yggdrasil} ${color grey} - Down:$color ${downspeed yggdrasil}
 $hr
 ${color grey}Sensors${color}
 ${execpi 60 sensors|grep °}
--- a/conf/i3/config
+++ b/conf/i3/config
@ -1,9 +1,9 @@
 # Packages expected (just break line-length!):
 # Debian: i3 suckless-tools j4-dmenu-desktop gnome-screenshot i3lock sudo hibernate playerctl galculator network-manager-gnome redshift-gtk x11-xserver-utils feh rofi libnotify-bin xcompmgr konsole fonts-dejavu dbus-x11 arandr numlockx fcitx-bin fcitx-mozc conky-all flatpak apparmor-notify caffeine kdocker mumble audacious telegram-desktop steam htop kdeconnect nextcloud-client parcimonie lxqt-powermanagement kteatime hsetroot tmux
 # ALSA: alsa-utils apulse coreutils pnmixer
-#    NOTE! apulse is a wrapper and `apulse` is put in front of pulseaudio
+#	 NOTE! apulse is a wrapper and `apulse` is put in front of pulseaudio
-#    requiring app. See also (shell-things) rc/asoundrc for USB headset and
+#	 requiring app. See also (shell-things) rc/asoundrc for USB headset and
-#    similar.
+#	 similar.
 # pulseaudio: pulseaudio-utils pasystray pulsemixer pavucontrol pulseeffects
 # insync: https://www.insynchq.com/downloads
 # Mullvad: https://mullvad.net/download
@ -15,7 +15,7 @@
 # Debian theming: lxappearance gtk-chtheme qt4-qtconfig qt5ct
 # https://askubuntu.com/a/600946
 # + ~/.xprofile specifies GTK_THEME which hopefully gets detected/understood
-#   by browsers etc.
+#	by browsers etc.
 #
 # YES! This file is a monster and there really are that many weird
 # packages!
@ -50,7 +50,7 @@ set $ScreenLockCmd i3lock -c 000000 -p win -f
 # This font is widely installed, provides lots of unicode glyphs, right-to-left
 # text rendering and scalability on retina/hidpi displays (thanks to pango).
 # NOTE! Bigger font than 8 is too big for Kincarron
-#                        7 is too big for Sedric with dpi scaling 144
+#						 7 is too big for Sedric with dpi scaling 144
 #font pango:DejaVu Sans Mono Book 7
 font pango:OpenDyslexic 9
@ -192,27 +192,27 @@ bindsym $mod+Shift+e exec "i3-nagbar -t warning -m 'You pressed the EXIT shortcu
 # resize window (you can also use the mouse for that)
 mode "resize" {
-        # These bindings trigger as soon as you enter the resize mode
+		# These bindings trigger as soon as you enter the resize mode
-        # Pressing left will shrink the window’s width.
+		# Pressing left will shrink the window’s width.
-        # Pressing right will grow the window’s width.
+		# Pressing right will grow the window’s width.
-        # Pressing up will shrink the window’s height.
+		# Pressing up will shrink the window’s height.
-        # Pressing down will grow the window’s height.
+		# Pressing down will grow the window’s height.
-        bindsym j resize shrink width 10 px or 10 ppt
+		bindsym j resize shrink width 10 px or 10 ppt
-        bindsym k resize grow height 10 px or 10 ppt
+		bindsym k resize grow height 10 px or 10 ppt
-        bindsym l resize shrink height 10 px or 10 ppt
+		bindsym l resize shrink height 10 px or 10 ppt
-        bindsym odiaeresis resize grow width 10 px or 10 ppt
+		bindsym odiaeresis resize grow width 10 px or 10 ppt
-        # same bindings, but for the arrow keys
+		# same bindings, but for the arrow keys
-        bindsym Left resize shrink width 10 px or 10 ppt
+		bindsym Left resize shrink width 10 px or 10 ppt
-        bindsym Down resize grow height 10 px or 10 ppt
+		bindsym Down resize grow height 10 px or 10 ppt
-        bindsym Up resize shrink height 10 px or 10 ppt
+		bindsym Up resize shrink height 10 px or 10 ppt
-        bindsym Right resize grow width 10 px or 10 ppt
+		bindsym Right resize grow width 10 px or 10 ppt
-        # back to normal: Enter or Escape or $mod+r
+		# back to normal: Enter or Escape or $mod+r
-        bindsym Return mode "default"
+		bindsym Return mode "default"
-        bindsym Escape mode "default"
+		bindsym Escape mode "default"
-        bindsym $mod+r mode "default"
+		bindsym $mod+r mode "default"
 }
 bindsym $mod+r mode "resize"
@ -277,30 +277,30 @@ set $br_violet #b891f5
 # Start i3bar to display a workspace bar (plus the system information i3status
 # finds out, if available) CHANGEME
 bar {
-        position top
+		position top
-        #status_command LC_ALL=fi_FI.utf8 i3status
+		#status_command LC_ALL=fi_FI.utf8 i3status
-        # Temporary workaround to broken i3status in Fedora
+		# Temporary workaround to broken i3status in Fedora
-        status_command LC_ALL=fi_FI.utf8 i3status-rs ~/.config/i3status-rs/config.toml
+		status_command LC_ALL=fi_FI.utf8 i3status-rs ~/.config/i3status-rs/config.toml
-        # Selenized black from https://github.com/jan-warchol/selenized/blob/master/other-apps/i3/i3-selenized-black.conf
+		# Selenized black from https://github.com/jan-warchol/selenized/blob/master/other-apps/i3/i3-selenized-black.conf
-        colors {
+		colors {
-            separator $blue
+			separator $blue
-            background $bg
+			background $bg
-            statusline $br_white
+			statusline $br_white
-            focused_workspace $green $green $bg
+			focused_workspace $green $green $bg
-            active_workspace $cyan $blue $black
+			active_workspace $cyan $blue $black
-            inactive_workspace $black $black $fg
+			inactive_workspace $black $black $fg
-            urgent_workspace $yellow $yellow $black
+			urgent_workspace $yellow $yellow $black
-               }
+			}
-        # Selenized light from https://github.com/jan-warchol/selenized/blob/master/other-apps/i3/i3-selenized-light.conf
+		# Selenized light from https://github.com/jan-warchol/selenized/blob/master/other-apps/i3/i3-selenized-light.conf
-        #colors {
+		#colors {
-        #    separator $blue
+		#	 separator $blue
-        #    background $bg
+		#	 background $bg
-        #    statusline $br_white
+		#	 statusline $br_white
-        #    focused_workspace $green $green $bg
+		#	 focused_workspace $green $green $bg
-        #    active_workspace $cyan $blue $black
+		#	 active_workspace $cyan $blue $black
-        #    inactive_workspace $black $black $fg
+		#	 inactive_workspace $black $black $fg
-        #    urgent_workspace $yellow $yellow $black
+		#	 urgent_workspace $yellow $yellow $black
-        #       }
+		#		}
 }
 # Selenized black from https://github.com/jan-warchol/selenized/blob/master/other-apps/i3/i3-selenized-black.conf
@ -486,7 +486,7 @@ exec --no-startup-id redshift-gtk -l 60.15937:24.87530
 #exec --no-startup-id redshift-gtk -l 60.46742:26.94508
 # Sedric - 150 % display scaling (HiDPI), see also `xdpyinfo | grep resolution
-#          where 96 = 100 %
+#		 where 96 = 100 %
 #exec --no-startup-id xrandr --dpi 144
 # Sedric, external GPU as primary
@ -535,5 +535,5 @@ exec --no-startup-id redshift-gtk -l 60.15937:24.87530
 # Special keyboard options that WILL CONFUSE YOU.
 # windows+space should change layout, but doesn't, both ctrls do
 # fi allows mostly typing fi/se (identicatal), cz/es.
-#  See also: `man xkeyboard-config` (layouts) `setxkbmap -query` (for current options)
+#	See also: `man xkeyboard-config` (layouts) `setxkbmap -query` (for current options)
 exec --no-startup-id setxkbmap -option compose:menu -option terminate:ctrl_alt_bksp -option nbsp:none -option caps:backspace -option shift:both_capslock -option grp:ctrls_toggle -option grp:win_space_toggle -layout fi,us,epo,ru -variant ,altgr-intl,,phonetic_winkeys
--- a/conf/i3status-rs/config.toml
+++ b/conf/i3status-rs/config.toml
@ -2,10 +2,10 @@
 # based heavily on /usr/share/doc/i3status-rs/example_config.toml & https://github.com/greshake/i3status-rust/tree/master/examples
 # and manpage from search engine
 # Note: I am  not confident that "irstatus-rs" and "i3status-rust" are the same
-#       software.
+#		software.
 # WIP: migration from i3status
-    # contains: (disk /, disk/home,) load, ipv6, wireless, ethernet, battery, volume, (utc) time, (local time)
+	# contains: (disk /, disk/home,) load, ipv6, wireless, ethernet, battery, volume, (utc) time, (local time)
 [theme]
 name = "solarized-dark"
--- a/conf/i3status/config
+++ b/conf/i3status/config
@ -7,21 +7,21 @@
 # If the above line is not correctly displayed, fix your editor first!
 general {
-        output_format = "i3bar"
+		output_format = "i3bar"
-        colors = true
+		colors = true
-        # 1 is horrible with battery status and possibly unnecessary
+		# 1 is horrible with battery status and possibly unnecessary
-        # weight for older devices. 5 appears to be Debian default, and I
+		# weight for older devices. 5 appears to be Debian default, and I
-        # guess it's enough often for seeing if the system is frozen when
+		# guess it's enough often for seeing if the system is frozen when
-        # staring at a clock.
+		# staring at a clock.
-        interval = 5
+		interval = 5
-        # Selenized black from https://github.com/jan-warchol/selenized/blob/master/other-apps/i3/i3status-selenized-black.conf
+		# Selenized black from https://github.com/jan-warchol/selenized/blob/master/other-apps/i3/i3status-selenized-black.conf
-        color_good = "#70b433"
+		color_good = "#70b433"
-        color_degraded = "#dbb32d"
+		color_degraded = "#dbb32d"
-        color_bad = "#ed4a46"
+		color_bad = "#ed4a46"
-        # Selenized light from https://github.com/jan-warchol/selenized/blob/master/other-apps/i3/i3status-selenized-light.conf
+		# Selenized light from https://github.com/jan-warchol/selenized/blob/master/other-apps/i3/i3status-selenized-light.conf
-        #color_good = "#489100"
+		#color_good = "#489100"
-        #color_degraded = "#ad8900"
+		#color_degraded = "#ad8900"
-        #color_bad = "#d2212d"
+		#color_bad = "#d2212d"
 }
 # Logicish: colour changing things at first (load is often red especially
@ -44,50 +44,50 @@ order += "time"
 # Load is first as the treshold may need the most modification here
 load {
-        format = "%1min %5min %15min"
+		format = "%1min %5min %15min"
-        # Defaults to 5, nosmt MDS mitigation disables ½ of the cores
+		# Defaults to 5, nosmt MDS mitigation disables ½ of the cores
-        # X,7 ? https://scoutapm.com/blog/understanding-load-averages
+		# X,7 ? https://scoutapm.com/blog/understanding-load-averages
-        # CHANGEME - apparently whether . or , works depends on locale -.-
+		# CHANGEME - apparently whether . or , works depends on locale -.-
-        # Rbtpzn, the oldest machine from 2006, single core
+		# Rbtpzn, the oldest machine from 2006, single core
-        #max_threshold = "0,7"
+		#max_threshold = "0,7"
-        # Dualcore, mostly everything else
+		# Dualcore, mostly everything else
-        max_threshold = "1,7"
+		max_threshold = "1,7"
-        # Zaldaryn, quadcore
+		# Zaldaryn, quadcore
-        #max_threshold = "3,7"
+		#max_threshold = "3,7"
 }
 wireless _first_ {
-        #format_up = "W: (%quality at %essid, %bitrate / %frequency) %ip"
+		#format_up = "W: (%quality at %essid, %bitrate / %frequency) %ip"
-        format_up = "W:%quality @ %essid (%frequency, %bitrate)"
+		format_up = "W:%quality @ %essid (%frequency, %bitrate)"
-        #format_up = "W:%quality %frequency"
+		#format_up = "W:%quality %frequency"
-        #format_down = "W:🢃"
+		#format_down = "W:🢃"
-        format_down = ""
+		format_down = ""
-        #format_quality = "%3d%s"
+		#format_quality = "%3d%s"
 }
 ethernet _first_ {
-        # if you use %speed, i3status requires root privileges
+		# if you use %speed, i3status requires root privileges
-        #format_up = "E: %ip (%speed)"
+		#format_up = "E: %ip (%speed)"
-        #format_up = "E:🢁"
+		#format_up = "E:🢁"
-        format_up = "E:%speed"
+		format_up = "E:%speed"
-        #format_down = "E:🢃"
+		#format_down = "E:🢃"
-        format_down = ""
+		format_down = ""
 }
 battery all {
-        # %remaining looks horrible especially with updating every second
+		# %remaining looks horrible especially with updating every second
-        format = "🔌%status %percentage %remaining"
+		format = "🔌%status %percentage %remaining"
-        format_down = ""
+		format_down = ""
-        status_full = "🔌☻"
+		status_full = "🔌☻"
-        #status_unk  = "?"
+		#status_unk  = "?"
-        # kincarron battery fix
+		# kincarron battery fix
-        #path = "/sys/class/power_supply/%d/uevent"
+		#path = "/sys/class/power_supply/%d/uevent"
 }
 tztime utc {
-        timezone = "UTC"
+		timezone = "UTC"
-        # ISO 8601ish
+		# ISO 8601ish
-        format = "%Z: %Y-%m-%d %H:%M:%S%z"
+		format = "%Z: %Y-%m-%d %H:%M:%S%z"
 }
 # Date format explanations
@ -106,29 +106,29 @@ tztime utc {
 #tztime local {
 time {
-        # Finnishish formatting with my adjustments
+		# Finnishish formatting with my adjustments
-        format = "%G-W%V-%u (%j/%a/%B) %F %H.%M.%S%z"
+		format = "%G-W%V-%u (%j/%a/%B) %F %H.%M.%S%z"
 }
 volume master {
-        format = "♪: %volume"
+		format = "♪: %volume"
-        format_muted = "♪: muted (%volume)"
+		format_muted = "♪: muted (%volume)"
-        #device = "pulse"
+		#device = "pulse"
 }
 ipv6 {
-        #format_up = "IPv6:🢁"
+		#format_up = "IPv6:🢁"
-        format_up = "6"
+		format_up = "6"
-        #format_down = "IPv6:🢃"
+		#format_down = "IPv6:🢃"
-        format_down = ""
+		format_down = ""
 }
 # %avail vs %free: https://github.com/i3/i3status/issues/349#issuecomment-506565599
 disk / {
-        format = "/: %avail"
+		format = "/: %avail"
 }
 disk /home {
-        format = "/home: %avail"
+		format = "/home: %avail"
 }
--- a/conf/pastebinit.xml
+++ b/conf/pastebinit.xml
@ -1,6 +1,6 @@
 <pastebinit>
-    <pastebin>http://sprunge.us</pastebin>
+	<pastebin>http://sprunge.us</pastebin>
-    <author></author>
+	<author></author>
-    <jabberid></jabberid>
+	<jabberid></jabberid>
-    <format>text</format>
+	<format>text</format>
 </pastebinit>
--- a/conf/pipewire/media-session.d/alsa-monitor.conf
+++ b/conf/pipewire/media-session.d/alsa-monitor.conf
@ -6,130 +6,130 @@
 # then restart pipewire and pipewire-pulse like so: systemctl --user restart pipewire pipewire-pulse
 properties = {
-    # Create a JACK device. This is not enabled by default because
+	# Create a JACK device. This is not enabled by default because
-    # it requires that the PipeWire JACK replacement libraries are
+	# it requires that the PipeWire JACK replacement libraries are
-    # not used by the session manager, in order to be able to
+	# not used by the session manager, in order to be able to
-    # connect to the real JACK server.
+	# connect to the real JACK server.
-    #alsa.jack-device = false
+	#alsa.jack-device = false
-    # Reserve devices.
+	# Reserve devices.
-    #alsa.reserve = true
+	#alsa.reserve = true
 }
 rules = [
-    # An array of matches/actions to evaluate.
+	# An array of matches/actions to evaluate.
-    {
+	{
-        # Rules for matching a device or node. It is an array of
+		# Rules for matching a device or node. It is an array of
-        # properties that all need to match the regexp. If any of the
+		# properties that all need to match the regexp. If any of the
-        # matches work, the actions are executed for the object.
+		# matches work, the actions are executed for the object.
-        matches = [
+		matches = [
-            {
+			{
-                # This matches all cards. These are regular expressions
+				# This matches all cards. These are regular expressions
-                # so "." matches one character and ".*" matches many.
+				# so "." matches one character and ".*" matches many.
-                device.name = "~alsa_card.*"
+				device.name = "~alsa_card.*"
-            }
+			}
-        ]
+		]
-        actions = {
+		actions = {
-            # Actions can update properties on the matched object.
+			# Actions can update properties on the matched object.
-            update-props = {
+			update-props = {
-                # Use ALSA-Card-Profile devices. They use UCM or
+				# Use ALSA-Card-Profile devices. They use UCM or
-                # the profile configuration to configure the device
+				# the profile configuration to configure the device
-                # and mixer settings.
+				# and mixer settings.
-                api.alsa.use-acp = true
+				api.alsa.use-acp = true
-                # Use UCM instead of profile when available. Can be
+				# Use UCM instead of profile when available. Can be
-                # disabled to skip trying to use the UCM profile.
+				# disabled to skip trying to use the UCM profile.
-                #api.alsa.use-ucm = true
+				#api.alsa.use-ucm = true
-                # Don't use the hardware mixer for volume control. It
+				# Don't use the hardware mixer for volume control. It
-                # will only use software volume. The mixer is still used
+				# will only use software volume. The mixer is still used
-                # to mute unused paths based on the selected port.
+				# to mute unused paths based on the selected port.
-                #api.alsa.soft-mixer = false
+				#api.alsa.soft-mixer = false
-                # Ignore decibel settings of the driver. Can be used to
+				# Ignore decibel settings of the driver. Can be used to
-                # work around buggy drivers that report wrong values.
+				# work around buggy drivers that report wrong values.
-                #api.alsa.ignore-dB = false
+				#api.alsa.ignore-dB = false
-                # The profile set to use for the device. Usually this is
+				# The profile set to use for the device. Usually this is
-                # "default.conf" but can be changed with a udev rule
+				# "default.conf" but can be changed with a udev rule
-                # or here.
+				# or here.
-                #device.profile-set = "profileset-name.conf"
+				#device.profile-set = "profileset-name.conf"
-                # The default active profile. Is by default set to "Off".
+				# The default active profile. Is by default set to "Off".
-                #device.profile = "default profile name"
+				#device.profile = "default profile name"
-                # Automatically select the best profile. This is the
+				# Automatically select the best profile. This is the
-                # highest priority available profile. This is disabled
+				# highest priority available profile. This is disabled
-                # here and instead implemented in the session manager
+				# here and instead implemented in the session manager
-                # where it can save and load previous preferences.
+				# where it can save and load previous preferences.
-                api.acp.auto-profile = false
+				api.acp.auto-profile = false
-                # Automatically switch to the highest priority available
+				# Automatically switch to the highest priority available
-                # port. This is disabled here and implemented in the
+				# port. This is disabled here and implemented in the
-                # session manager instead.
+				# session manager instead.
-                api.acp.auto-port = false
+				api.acp.auto-port = false
-                # Other properties can be set here.
+				# Other properties can be set here.
-                #device.nick = "My Device"
+				#device.nick = "My Device"
-            }
+			}
-        }
+		}
-    }
+	}
 # Begin customized config section
-    {
+	{
-        matches = [
+		matches = [
-            {
+			{
-                # This matches your USB headset
+				# This matches your USB headset
-                device.name = "alsa_card.usb-Logitech_Logitech_USB_Headset-00"
+				device.name = "alsa_card.usb-Logitech_Logitech_USB_Headset-00"
-            }
+			}
-        ]
+		]
-        actions = {
+		actions = {
-            # Actions can update properties on the matched object.
+			# Actions can update properties on the matched object.
-            update-props = {
+			update-props = {
-                api.alsa.soft-mixer = true
+				api.alsa.soft-mixer = true
-            }
+			}
-        }
+		}
-    }
+	}
 #End customized config section
-    {
+	{
-        matches = [
+		matches = [
-            {
+			{
-                # Matches all sources. These are regular expressions
+				# Matches all sources. These are regular expressions
-                # so "." matches one character and ".*" matches many.
+				# so "." matches one character and ".*" matches many.
-                node.name = "~alsa_input.*"
+				node.name = "~alsa_input.*"
-            }
+			}
-            {
+			{
-                # Matches all sinks.
+				# Matches all sinks.
-                node.name = "~alsa_output.*"
+				node.name = "~alsa_output.*"
-            }
+			}
-        ]
+		]
-        actions = {
+		actions = {
-            update-props = {
+			update-props = {
-                #node.nick              = "My Node"
+				#node.nick				= "My Node"
-                #node.nick              = null
+				#node.nick				= null
-                #priority.driver        = 100
+				#priority.driver		= 100
-                #priority.session       = 100
+				#priority.session		= 100
-                node.pause-on-idle      = false
+				node.pause-on-idle		= false
-                #resample.quality       = 4
+				#resample.quality		= 4
-                #channelmix.normalize   = false
+				#channelmix.normalize	= false
-                #channelmix.mix-lfe     = false
+				#channelmix.mix-lfe		= false
-                #audio.channels         = 2
+				#audio.channels			= 2
-                #audio.format           = "S16LE"
+				#audio.format			= "S16LE"
-                #audio.rate             = 44100
+				#audio.rate				= 44100
-                #audio.position         = "FL,FR"
+				#audio.position			= "FL,FR"
-                #session.suspend-timeout-seconds = 5      # 0 disables suspend
+				#session.suspend-timeout-seconds = 5		# 0 disables suspend
-                #monitor.channel-volumes = false
+				#monitor.channel-volumes = false
-                #api.alsa.period-size   = 1024
+				#api.alsa.period-size	= 1024
-                #api.alsa.headroom      = 0
+				#api.alsa.headroom		= 0
-                #api.alsa.start-delay   = 0
+				#api.alsa.start-delay	= 0
-                #api.alsa.disable-mmap  = false
+				#api.alsa.disable-mmap	= false
-                #api.alsa.disable-batch = false
+				#api.alsa.disable-batch = false
-                #api.alsa.use-chmap     = false
+				#api.alsa.use-chmap		= false
-            }
+			}
-        }
+		}
-    }
+	}
 ]
--- a/conf/sway/README.md
+++ b/conf/sway/README.md
@ -25,7 +25,7 @@ methods setting fonts):
 - Document text: Noto Serif Regular 11
 - Monospace text: Noto Sans Mono Regular 10
 - Legacy window title text: Noto Serif Bold 11
-  - Apparently this means "apps that don't use client-side decorations"
+	- Apparently this means "apps that don't use client-side decorations"
 The number behind is obviously the number and it's based on what were the
 defaults before I touched them so I am hoping GNOME knows what they are
@ -42,10 +42,10 @@ have trouble handling it, e.g. mpv (makes Ä and Ö and Å all Å) and Firefox
 Other font settings in GNOME-Tweak:
 - Hinting: _a bit_
-  - for no particular reason
+	- for no particular reason
 - Antialiasing: _Subpixel (for LCD-displays)_
-  - I have no idea where there are "standard grayscale" displays that aren't
+	- I have no idea where there are "standard grayscale" displays that aren't
-    LCD.
+	LCD.
 ### Screen mirroring
@ -56,6 +56,6 @@ Workarounds:
 - Use VNC (see my Scripts repo [`bash/swaymirror.bash`](https://gitea.blesmrt.net/mikaela/scripts/src/branch/master/bash/swaymirror.bash))
 - Do something weird with OBS
 - Use a dedicated application that don't seem to be in Fedora repos, flatpak
-  or snap.
+	or snap.
-  - [github.com/Ferdi265/wl-mirror](https://github.com/Ferdi265/wl-mirror)
+	- [github.com/Ferdi265/wl-mirror](https://github.com/Ferdi265/wl-mirror)
-  - [github.com/progandy/wdomirror](https://github.com/progandy/wdomirror)
+	- [github.com/progandy/wdomirror](https://github.com/progandy/wdomirror)
--- a/conf/sway/config.d/README.md
+++ b/conf/sway/config.d/README.md
@ -5,7 +5,7 @@ Thus this `README.md` is not read, even if I happened to carelessly
 copy-paste it in.
 - `autostart-communication.conf` - chat/communication apps I am expected to have
-  open or at least check at times
+	open or at least check at times
 - `autostart-fineid.conf` - Finnish electric identity card, that I also use as SSH key
 - `autostart-utilities.conf` - general utilities, like `nm-applet` or VPN etc.
 - `grimshot.conf` - screenshotting keybinds using `grimshot`
@ -13,15 +13,15 @@ copy-paste it in.
 - `keyboard.conf` - keyboard configuration
 - `media.conf` - media key configuration and autostarts related to it
 - `pointer-accel.conf` - pointer/mouse configuration, mainly setting acceleration
-  profile to `flat`
+	profile to `flat`
 - `README.md` - you are currently reading this :wink:
 - `sedric.conf` - configuration specific to my laptop hostnamed `sedric`
 - `swaybar.conf` - `swaybar` configuration
 - `swayidle.conf` - `swayidle` configuration/autostart
 - `wlsunset-kotka.conf` - `wlsunset` configuration/autostart for my hometown for when
-  I happen to visit for longer period of time
+	I happen to visit for longer period of time
 - `wlsunset-lauttasaari.conf` - `wlsunset` configuration for my home neighbourhood
 - `zz-floating.conf` - configures windows that should float. For some reason
-  that is inherited from my `i3` config, it tells to put float rules above the
+	that is inherited from my `i3` config, it tells to put float rules above the
-  last line, so it should be read last and `z` is the last letter of English
+	last line, so it should be read last and `z` is the last letter of English
-  alphabet so it will hopefully be read last.
+	alphabet so it will hopefully be read last.
--- a/conf/sway/config.d/swayidle.conf
+++ b/conf/sway/config.d/swayidle.conf
@ -1,11 +1,11 @@
 # Copied from `man swayidle`, except the $ScreenLockCmd that I don't
 # want to repeat.
-#  This will lock your screen after 300 seconds of inactivity, then turn off
+#	This will lock your screen after 300 seconds of inactivity, then turn off
-#  your displays after another 300 seconds, and turn your screens back on
+#	your displays after another 300 seconds, and turn your screens back on
-#  when resumed. It will also lock your screen before your computer goes to
+#	when resumed. It will also lock your screen before your computer goes to
-#  sleep.
+#	sleep.
 exec swayidle -w \
-	 timeout 300 "\"$ScreenLockCmd\"" \
+	timeout 300 "\"$ScreenLockCmd\"" \
-	 timeout 600 'swaymsg "output * dpms off"' \
+	timeout 600 'swaymsg "output * dpms off"' \
 	resume 'swaymsg "output * dpms on"' \
-	 before-sleep "\"$ScreenLockCmd\""
+	before-sleep "\"$ScreenLockCmd\""
--- a/conf/tmux-old-ncurses.bash
+++ b/conf/tmux-old-ncurses.bash
@ -2,5 +2,5 @@
 # Intended for systems with ncurses < 6 which is missing TERMINFO
 # for tmux-256color.
 if [[ $TERM == 'tmux-256color' ]]; then
-    export TERM=screen-256color
+	export TERM=screen-256color
 fi
--- a/etc/X11/xorg.conf.d/00-keyboard.conf
+++ b/etc/X11/xorg.conf.d/00-keyboard.conf
@ -1,8 +1,8 @@
 # Read and parsed by systemd-localed. It's probably wise not to edit this file
 # manually too freely.
 Section "InputClass"
-        Identifier "system-keyboard"
+		Identifier "system-keyboard"
-        MatchIsKeyboard "on"
+		MatchIsKeyboard "on"
-        Option "XkbLayout" "fi"
+		Option "XkbLayout" "fi"
-        Option "XkbModel" "compose:menu"
+		Option "XkbModel" "compose:menu"
 EndSection
--- a/etc/dnscrypt-proxy/dnscrypt-proxy.toml
+++ b/etc/dnscrypt-proxy/dnscrypt-proxy.toml
@ -70,31 +70,31 @@ lb_strategy = 'p2'
 # Logging to be enabled by hand on systems needing them
 #[query_log]
-#  file = '/var/log/dnscrypt-proxy/query.log'
+#	file = '/var/log/dnscrypt-proxy/query.log'
 #[nx_log]
-#  file = '/var/log/dnscrypt-proxy/nx.log'
+#	file = '/var/log/dnscrypt-proxy/nx.log'
 [sources]
-  [sources.'public-resolvers']
+	[sources.'public-resolvers']
-  #url = 'https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md'
+	#url = 'https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md'
-  urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md', 'https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md', 'https://cdn.staticaly.com/gh/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md', 'https://evilvibes.com/list/public-resolvers.md']
+	urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md', 'https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md', 'https://cdn.staticaly.com/gh/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md', 'https://evilvibes.com/list/public-resolvers.md']
-  cache_file = '/var/cache/dnscrypt-proxy/public-resolvers.md'
+	cache_file = '/var/cache/dnscrypt-proxy/public-resolvers.md'
-  minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
+	minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
-  refresh_delay = 72
+	refresh_delay = 72
-  prefix = 'public-'
+	prefix = 'public-'
 [sources.'opennic']
- urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/opennic.md', 'https://download.dnscrypt.info/resolvers-list/v2/opennic.md']
+	urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/opennic.md', 'https://download.dnscrypt.info/resolvers-list/v2/opennic.md']
-  minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
+	minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
-  refresh_delay = 72
+	refresh_delay = 72
-  cache_file = '/var/cache/dnscrypt-proxy/opennic.md'
+	cache_file = '/var/cache/dnscrypt-proxy/opennic.md'
-  prefix = 'opennic-'
+	prefix = 'opennic-'
 # 2.0.23 recommended so onions won't be attempted without proxy enabled
 # (5c9edfccfe67474bee2836ada67f955f10e43357)
 # I won't uncomment this until I have updated version everywhere.
 #[sources.'onion-services']
-#  urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/onion-services.md', 'https://download.dnscrypt.info/resolvers-list/v2/onion-services.md']
+#	urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/onion-services.md', 'https://download.dnscrypt.info/resolvers-list/v2/onion-services.md']
-#  minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
+#	minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
-#  cache_file = '/var/cache/dnscrypt-proxy/onion-services.md'
+#	cache_file = '/var/cache/dnscrypt-proxy/onion-services.md'
-#  prefix = 'onion-'
+#	prefix = 'onion-'
--- a/etc/fahclient/config.xml
+++ b/etc/fahclient/config.xml
@ -1,21 +1,21 @@
 <config>
-  <!-- Client Control -->
+	<!-- Client Control -->
-  <client-threads v='2'/>
+	<client-threads v='2'/>
-  <fold-anon v='true'/>
+	<fold-anon v='true'/>
-  <!-- Folding Core -->
+	<!-- Folding Core -->
-  <cpu-usage v='50'/>
+	<cpu-usage v='50'/>
-  <gpu-usage v='50'/>
+	<gpu-usage v='50'/>
-  <!-- Slot Control -->
+	<!-- Slot Control -->
-  <power v='MEDIUM'/>
+	<power v='MEDIUM'/>
-  <!-- User Information -->
+	<!-- User Information -->
-  <passkey v=''/>
+	<passkey v=''/>
-  <team v='201753'/>
+	<team v='201753'/>
-  <user v='Mikaela'/>
+	<user v='Mikaela'/>
-  <!-- Folding Slots -->
+	<!-- Folding Slots -->
-  <slot id='0' type='CPU'/>
+	<slot id='0' type='CPU'/>
-  <slot id='1' type='GPU'/>
+	<slot id='1' type='GPU'/>
 </config>
--- a/etc/install
+++ b/etc/install
@ -15,8 +15,8 @@ chmod a+r /etc/systemd/system/oidentd.socket
 mkdir -p /etc/sysctl.d/
 if [ ! -f /etc/sysctl.d/60-mikaela.conf ]; then
-    cat sysctl.d/60-mikaela.conf > /etc/sysctl.d/60-mikaela.conf
+	cat sysctl.d/60-mikaela.conf > /etc/sysctl.d/60-mikaela.conf
-    chmod a+r /etc/sysctl.d/60-mikaela.conf
+	chmod a+r /etc/sysctl.d/60-mikaela.conf
 fi
 echo 'If you use systemd or oidentd you should "systemctl daemon-reload"'
--- a/etc/nginx/README.md
+++ b/etc/nginx/README.md
@ -8,9 +8,9 @@ cannot read them from here.
 These files may age badly, so here are some hopefully timeless pointers:
 - Generate the config file with https://ssl-config.mozilla.org/ (and if
-  time eats it, try https://github.com/mozilla/ssl-config-generator/ in
+	time eats it, try https://github.com/mozilla/ssl-config-generator/ in
-  hope of finding where it is now. \* Name it 00-something so it will be the first file read and make
+	hope of finding where it is now. \* Name it 00-something so it will be the first file read and make
-  everything a different file.
+	everything a different file.
 - If using my acmesh-ssl.bash script, the files to fill should be like:
 (the script runs `$ACMESH --key-file $NGINXDIR/key.pem --fullchain-file $NGINXDIR/cert.pem --reloadcmd "$SYSTEMCTLRESTART nginx"`)
@ -21,11 +21,11 @@ These files may age badly, so here are some hopefully timeless pointers:
 The header syntax is following, **_THIS LIKELY WON'T TIME WELL, ESPECIALLY CSP_**
 ```
-    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains" always;
+	add_header Strict-Transport-Security "max-age=63072000; includeSubDomains" always;
-    add_header X-Frame-Options "SAMEORIGIN" always;
+	add_header X-Frame-Options "SAMEORIGIN" always;
-    add_header Content-Security-Policy "block-all-mixed-content; default-src 'none'; form-action 'self'; connect-src 'self' ws: wss:; style-src 'self' https: 'unsafe-inline'; script-src 'self'; worker-src 'self'; child-src 'self'; manifest-src 'self'; font-src 'self' https:; media-src 'self' https:; img-src 'self' data: https://user-images.githubusercontent.com" always;
+	add_header Content-Security-Policy "block-all-mixed-content; default-src 'none'; form-action 'self'; connect-src 'self' ws: wss:; style-src 'self' https: 'unsafe-inline'; script-src 'self'; worker-src 'self'; child-src 'self'; manifest-src 'self'; font-src 'self' https:; media-src 'self' https:; img-src 'self' data: https://user-images.githubusercontent.com" always;
-    add_header X-Content-Type-Options "nosniff" always;
+	add_header X-Content-Type-Options "nosniff" always;
-    add_header Referrer-Policy "no-referrer" always;
+	add_header Referrer-Policy "no-referrer" always;
 ```
 The CSP comes from `HEAD "http://[::]:9000/#/chan-1"` to figure out what
@ -33,9 +33,9 @@ TheLounge would be setting without a reverse proxy in front of it. `HEAD` is
 in Debian package `libwww-perl`
 - Refer to tester tools to see if the configuration is fine:
-  - https://observatory.mozilla.org/
+	- https://observatory.mozilla.org/
-  - https://securityheaders.com/
+	- https://securityheaders.com/
-  - https://www.ssllabs.com/ssltest/
+	- https://www.ssllabs.com/ssltest/
 ---
--- a/etc/nginx/conf.d/bitbot.conf
+++ b/etc/nginx/conf.d/bitbot.conf
@ -1,17 +1,17 @@
 server {
-    listen       80;
+	listen		 80;
-    listen       443;
+	listen		 443;
-    listen       14402;
+	listen		 14402;
-    listen       [::]:80;
+	listen		 [::]:80;
-    listen       [::]:443;
+	listen		 [::]:443;
-    listen       [::]:14402;
+	listen		 [::]:14402;
-    ssl_certificate     /etc/nginx/ssl/cert.pem;
+	ssl_certificate	/etc/nginx/ssl/cert.pem;
-    ssl_certificate_key /etc/nginx/ssl/key.pem;
+	ssl_certificate_key	/etc/nginx/ssl/key.pem;
-    server_name  bitbot.relpda.mikaela.info;
+	server_name	bitbot.relpda.mikaela.info;
-    access_log  /var/log/nginx/bitbot.access.log  main;
+	access_log	/var/log/nginx/bitbot.access.log  main;
-    location / {
+	location / {
-        proxy_pass http://[::1]:9050;
+		proxy_pass http://[::1]:9050;
-    }
+	}
 }
--- a/etc/nginx/conf.d/cloudflare.conf
+++ b/etc/nginx/conf.d/cloudflare.conf
@ -1,20 +1,20 @@
- # Cloudflare
+# Cloudflare
-   set_real_ip_from   199.27.128.0/21;
+	set_real_ip_from	199.27.128.0/21;
-   set_real_ip_from   173.245.48.0/20;
+	set_real_ip_from	173.245.48.0/20;
-   set_real_ip_from   103.21.244.0/22;
+	set_real_ip_from	103.21.244.0/22;
-   set_real_ip_from   103.22.200.0/22;
+	set_real_ip_from	103.22.200.0/22;
-   set_real_ip_from   103.31.4.0/22;
+	set_real_ip_from	103.31.4.0/22;
-   set_real_ip_from   141.101.64.0/18;
+	set_real_ip_from	141.101.64.0/18;
-   set_real_ip_from   108.162.192.0/18;
+	set_real_ip_from	108.162.192.0/18;
-   set_real_ip_from   190.93.240.0/20;
+	set_real_ip_from	190.93.240.0/20;
-   set_real_ip_from   188.114.96.0/20;  
+	set_real_ip_from	188.114.96.0/20;
-   set_real_ip_from   197.234.240.0/22;
+	set_real_ip_from	197.234.240.0/22;
-   set_real_ip_from   198.41.128.0/17;
+	set_real_ip_from	198.41.128.0/17;
-   set_real_ip_from   162.158.0.0/15;
+	set_real_ip_from	162.158.0.0/15;
-   set_real_ip_from   104.16.0.0/12;
+	set_real_ip_from	104.16.0.0/12;
-   set_real_ip_from   2400:cb00::/32;
+	set_real_ip_from	2400:cb00::/32;
-   set_real_ip_from   2606:4700::/32;
+	set_real_ip_from	2606:4700::/32;
-   set_real_ip_from   2803:f800::/32;
+	set_real_ip_from	2803:f800::/32;
-   set_real_ip_from   2405:b500::/32;
+	set_real_ip_from	2405:b500::/32;
-   set_real_ip_from   2405:8100::/32;
+	set_real_ip_from	2405:8100::/32;
-   real_ip_header     CF-Connecting-IP;
+	real_ip_header	  CF-Connecting-IP;
--- a/etc/nginx/conf.d/default.conf
+++ b/etc/nginx/conf.d/default.conf
@ -1,57 +1,57 @@
 server {
-    listen       80;
+	listen		 80;
-    listen       443 ssl;
+	listen		 443 ssl;
-    listen       14402 ssl;
+	listen		 14402 ssl;
-    listen       [::]:80 ipv6only=on;
+	listen		 [::]:80 ipv6only=on;
-    listen       [::]:443 ssl ipv6only=on;
+	listen		 [::]:443 ssl ipv6only=on;
-    listen       [::]:14402 ssl ipv6only=on;
+	listen		 [::]:14402 ssl ipv6only=on;
-    ssl_certificate     /etc/nginx/ssl/cert.pem;
+	ssl_certificate		/etc/nginx/ssl/cert.pem;
-    ssl_certificate_key /etc/nginx/ssl/key.pem;
+	ssl_certificate_key /etc/nginx/ssl/key.pem;
-    server_name  relpda.mikaela.info;
+	server_name  relpda.mikaela.info;
-    #charset koi8-r;
+	#charset koi8-r;
-    #access_log  /var/log/nginx/host.access.log  main;
+	#access_log  /var/log/nginx/host.access.log  main;
 #location /api/ {
-#    proxy_pass http://[::1]:9050;
+#	 proxy_pass http://[::1]:9050;
-#    }
+#	 }
-    location / {
+	location / {
-        root   /usr/share/nginx/html;
+		root   /usr/share/nginx/html;
-        index  index.html index.htm;
+		index  index.html index.htm;
-    }
+	}
-    #error_page  404              /404.html;
+	#error_page  404			  /404.html;
-    # redirect server error pages to the static page /50x.html
+	# redirect server error pages to the static page /50x.html
-    #
+	#
-    error_page   500 502 503 504  /50x.html;
+	error_page	 500 502 503 504  /50x.html;
-    location = /50x.html {
+	location = /50x.html {
-        root   /usr/share/nginx/html;
+		root   /usr/share/nginx/html;
-    }
+	}
-    # proxy the PHP scripts to Apache listening on 127.0.0.1:80
+	# proxy the PHP scripts to Apache listening on 127.0.0.1:80
-    #
+	#
-    #location ~ \.php$ {
+	#location ~ \.php$ {
-    #    proxy_pass   http://127.0.0.1;
+	#	 proxy_pass   http://127.0.0.1;
-    #}
+	#}
-    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
+	# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
-    #
+	#
-    #location ~ \.php$ {
+	#location ~ \.php$ {
-    #    root           html;
+	#	 root			html;
-    #    fastcgi_pass   127.0.0.1:9000;
+	#	 fastcgi_pass	127.0.0.1:9000;
-    #    fastcgi_index  index.php;
+	#	 fastcgi_index	index.php;
-    #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
+	#	 fastcgi_param	SCRIPT_FILENAME  /scripts$fastcgi_script_name;
-    #    include        fastcgi_params;
+	#	 include		fastcgi_params;
-    #}
+	#}
-    # deny access to .htaccess files, if Apache's document root
+	# deny access to .htaccess files, if Apache's document root
-    # concurs with nginx's one
+	# concurs with nginx's one
-    #
+	#
-    #location ~ /\.ht {
+	#location ~ /\.ht {
-    #    deny  all;
+	#	 deny  all;
-    #}
+	#}
 }
--- a/etc/nginx/sites-enabled/old/host
+++ b/etc/nginx/sites-enabled/old/host
@ -1,94 +1,94 @@
 server {
-    listen 80 default_server;
+	listen 80 default_server;
-    listen [::]:80 default_server ipv6only=on;
+	listen [::]:80 default_server ipv6only=on;
-    listen 443 default_server ssl http2;
+	listen 443 default_server ssl http2;
-    listen [::]:443 default_server ssl http2 ipv6only=on;
+	listen [::]:443 default_server ssl http2 ipv6only=on;
-    root /var/www/default/;
+	root /var/www/default/;
-    index index.php index.html index.htm;
+	index index.php index.html index.htm;
 ### Generating SSL certificate:
 ## mkdir -p /etc/nginx/ssl && cd /etc/nginx/ssl
 ## openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -keyout nginx.key -out nginx.crt
 ### this takes forever and is used on line 23.
 ## openssl dhparam -out dhparam.pem 4096
-    ssl_certificate /etc/nginx/ssl/nginx.crt;
+	ssl_certificate /etc/nginx/ssl/nginx.crt;
-    ssl_certificate_key /etc/nginx/ssl/nginx.key;
+	ssl_certificate_key /etc/nginx/ssl/nginx.key;
 # ----- begin of Mozilla Server Side TLS recommendations -----
 # **2014-11-07** https://wiki.mozilla.org/Security/Server_Side_TLS
-    ssl_session_timeout 5m;
+	ssl_session_timeout 5m;
-    ssl_session_cache shared:SSL:50m;
+	ssl_session_cache shared:SSL:50m;
-    # Diffie-Hellman parameter for DHE ciphersuites, recommended 4096 bits
+	# Diffie-Hellman parameter for DHE ciphersuites, recommended 4096 bits
-    # See generation on line 14
+	# See generation on line 14
-    ssl_dhparam /etc/nginx/ssl/dhparam.pem;
+	ssl_dhparam /etc/nginx/ssl/dhparam.pem;
-    # Intermediate configuration. tweak to your needs.
+	# Intermediate configuration. tweak to your needs.
-    # comment just for me, don't uncomment.
+	# comment just for me, don't uncomment.
-    #ssl_ciphers '';
+	#ssl_ciphers '';
-    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
-    ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
+	ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
-    ssl_prefer_server_ciphers on;
+	ssl_prefer_server_ciphers on;
-    # Enable this if your want HSTS (recommended)
+	# Enable this if your want HSTS (recommended)
-    add_header Strict-Transport-Security "max-age=15552000; includeSubdomains; preload";
+	add_header Strict-Transport-Security "max-age=15552000; includeSubdomains; preload";
-    add_header X-Frame-Options SAMEORIGIN;
+	add_header X-Frame-Options SAMEORIGIN;
-    add_header Content-Security-Policy upgrade-insecure-requests;
+	add_header Content-Security-Policy upgrade-insecure-requests;
-    add_header X-Xss-Protection "1; mode=block" always;
+	add_header X-Xss-Protection "1; mode=block" always;
-    add_header X-Content-Type-Options "nosniff" always;
+	add_header X-Content-Type-Options "nosniff" always;
-    # OCSP Stapling ---
+	# OCSP Stapling ---
-    # fetch OCSP records from URL in ssl_certificate and cache them
+	# fetch OCSP records from URL in ssl_certificate and cache them
-    ssl_stapling on;
+	ssl_stapling on;
-    ssl_stapling_verify on;
+	ssl_stapling_verify on;
-    ## verify chain of trust of OCSP response using Root CA and Intermediate certs
+	## verify chain of trust of OCSP response using Root CA and Intermediate certs
-    #ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;
+	#ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;
-    #resolver ::1;
+	#resolver ::1;
 # ----- end of Mozilla Server Side TLS recommendations -----
-    location / {
+	location / {
-        # First attempt to serve request as file, then
+		# First attempt to serve request as file, then
-        # as directory, then fall back to displaying a 404.
+		# as directory, then fall back to displaying a 404.
-        try_files $uri $uri/ =404;
+		try_files $uri $uri/ =404;
-        autoindex on;
+		autoindex on;
-    }
+	}
-    # Userdir
+	# Userdir
-    location ~ ^/~(.+?)(/.*)?$ {
+	location ~ ^/~(.+?)(/.*)?$ {
-        alias /home/$1/public_html$2;
+		alias /home/$1/public_html$2;
-        index  index.html index.htm;
+		index  index.html index.htm;
-        autoindex on;
+		autoindex on;
-    }
+	}
-    #error_page 404 /404.html;
+	#error_page 404 /404.html;
-    # redirect server error pages to the static page /50x.html
+	# redirect server error pages to the static page /50x.html
-    #
+	#
-    #error_page 500 502 503 504 /50x.html;
+	#error_page 500 502 503 504 /50x.html;
-    #location = /50x.html {
+	#location = /50x.html {
-    #   root /usr/share/nginx/html;
+	#	root /usr/share/nginx/html;
-    #}
+	#}
-    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
+	# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
-    #
+	#
-    location ~ \.php$ {
+	location ~ \.php$ {
-       fastcgi_split_path_info ^(.+\.php)(/.+)$;
+		fastcgi_split_path_info ^(.+\.php)(/.+)$;
-    #   # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
+	#	# NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
-    #
+	#
-    #   # With php5-cgi alone:
+	#	# With php5-cgi alone:
-    #    fastcgi_pass 127.0.0.1:9000;
+	#	 fastcgi_pass 127.0.0.1:9000;
-    #   # With php5-fpm:
+	#	# With php5-fpm:
-       fastcgi_pass unix:/var/run/php5-fpm.sock;
+		fastcgi_pass unix:/var/run/php5-fpm.sock;
-       fastcgi_index index.php;
+		fastcgi_index index.php;
-       #include fastcgi_params;
+		#include fastcgi_params;
-       include fastcgi.conf;
+		include fastcgi.conf;
-    }
+	}
-    # deny access to .htaccess files, if Apache's document root
+	# deny access to .htaccess files, if Apache's document root
-    # concurs with nginx's one
+	# concurs with nginx's one
-    #
+	#
-    location ~ /\.ht {
+	location ~ /\.ht {
-       deny all;
+		deny all;
-    }
+	}
 }
--- a/etc/nginx/sites-enabled/rproxy
+++ b/etc/nginx/sites-enabled/rproxy
@ -1,23 +1,23 @@
 server {
-    listen 80;
+	listen 80;
-    listen [::]:80;
+	listen [::]:80;
-    listen 443;
+	listen 443;
-    listen [::]:443;
+	listen [::]:443;
-    # Enable this if your want HSTS (recommended)
+	# Enable this if your want HSTS (recommended)
-    add_header Strict-Transport-Security "max-age=15552000; includeSubdomains; preload";
+	add_header Strict-Transport-Security "max-age=15552000; includeSubdomains; preload";
-    add_header X-Frame-Options SAMEORIGIN;
+	add_header X-Frame-Options SAMEORIGIN;
-    add_header Content-Security-Policy upgrade-insecure-requests;
+	add_header Content-Security-Policy upgrade-insecure-requests;
-    add_header X-Xss-Protection "1; mode=block" always;
+	add_header X-Xss-Protection "1; mode=block" always;
-    add_header X-Content-Type-Options "nosniff" always;
+	add_header X-Content-Type-Options "nosniff" always;
-    server_name something.example.org;
+	server_name something.example.org;
 # NOTE: For X-Real-IP & X-Forwarded-For see ../conf.d/rproxy.conf
 # Behind CloudFlare see ../conf.d/cloudflare.conf
 location / {
-    proxy_pass http://localhost:8080;
+	proxy_pass http://localhost:8080;
-    }
+	}
 }
--- a/etc/nginx/sites-enabled/vhost
+++ b/etc/nginx/sites-enabled/vhost
@ -1,67 +1,67 @@
 server {
-    # default_server from default vhost must exist somewhere!
+	# default_server from default vhost must exist somewhere!
-    listen 80;
+	listen 80;
-    listen [::]:80;
+	listen [::]:80;
-    listen 443;
+	listen 443;
-    listen [::]:443;
+	listen [::]:443;
-    # Enable this if your want HSTS (recommended)
+	# Enable this if your want HSTS (recommended)
-    add_header Strict-Transport-Security "max-age=15552000; includeSubdomains; preload";
+	add_header Strict-Transport-Security "max-age=15552000; includeSubdomains; preload";
-    add_header X-Frame-Options SAMEORIGIN;
+	add_header X-Frame-Options SAMEORIGIN;
-    add_header Content-Security-Policy upgrade-insecure-requests;
+	add_header Content-Security-Policy upgrade-insecure-requests;
-    add_header X-Xss-Protection "1; mode=block" always;
+	add_header X-Xss-Protection "1; mode=block" always;
-    add_header X-Content-Type-Options "nosniff" always;
+	add_header X-Content-Type-Options "nosniff" always;
-    root /var/www/vhostdir;
+	root /var/www/vhostdir;
-    index index.php index.html index.htm;
+	index index.php index.html index.htm;
-    # vhost address
+	# vhost address
-    server_name vhost.example.org;
+	server_name vhost.example.org;
-    location / {
+	location / {
-        # First attempt to serve request as file, then
+		# First attempt to serve request as file, then
-        # as directory, then fall back to displaying a 404.
+		# as directory, then fall back to displaying a 404.
-        try_files $uri $uri/ =404;
+		try_files $uri $uri/ =404;
-        autoindex off;
+		autoindex off;
-    }
+	}
-    # Userdir
+	# Userdir
-    #ilocation ~ ^/~(.+?)(/.*)?$ {
+	#ilocation ~ ^/~(.+?)(/.*)?$ {
-    #    alias /home/$1/public_html$2;
+	#	 alias /home/$1/public_html$2;
-    #    index  index.html index.htm;
+	#	 index	index.html index.htm;
-    #    autoindex on;
+	#	 autoindex on;
-    #}
+	#}
-    #error_page 404 /404.html;
+	#error_page 404 /404.html;
-    # redirect server error pages to the static page /50x.html
+	# redirect server error pages to the static page /50x.html
-    #
+	#
-    #error_page 500 502 503 504 /50x.html;
+	#error_page 500 502 503 504 /50x.html;
-    #location = /50x.html {
+	#location = /50x.html {
-    #   root /usr/share/nginx/html;
+	#	root /usr/share/nginx/html;
-    #}
+	#}
-    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
+	# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
-    #
+	#
-    location ~ \.php$ {
+	location ~ \.php$ {
-       fastcgi_split_path_info ^(.+\.php)(/.+)$;
+		fastcgi_split_path_info ^(.+\.php)(/.+)$;
-    #   # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
+	#	# NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
-    #
+	#
-    #   # With php5-cgi alone:
+	#	# With php5-cgi alone:
-    #    fastcgi_pass 127.0.0.1:9000;
+	#	 fastcgi_pass 127.0.0.1:9000;
-    #   # With php5-fpm:
+	#	# With php5-fpm:
-       fastcgi_pass unix:/var/run/php5-fpm.sock;
+		fastcgi_pass unix:/var/run/php5-fpm.sock;
-       fastcgi_index index.php;
+		fastcgi_index index.php;
-       #include fastcgi_params;
+		#include fastcgi_params;
-       include fastcgi.conf;
+		include fastcgi.conf;
-    }
+	}
-    # deny access to .htaccess files, if Apache's document root
+	# deny access to .htaccess files, if Apache's document root
-    # concurs with nginx's one
+	# concurs with nginx's one
-    #
+	#
-    location ~ /\.ht {
+	location ~ /\.ht {
-       deny all;
+		deny all;
-    }
+	}
 }
--- a/etc/oidentd.conf
+++ b/etc/oidentd.conf
@ -6,22 +6,22 @@
 # Deny everything by default
 default {
-    default {
+	default {
-        deny spoof
+		deny spoof
-        deny spoof_all
+		deny spoof_all
-        deny spoof_privport
+		deny spoof_privport
-        deny random
+		deny random
-        deny random_numeric
+		deny random_numeric
-        deny numeric
+		deny numeric
-        deny hide
+		deny hide
-    }
+	}
 }
 # Don't respond to ident request to root
 user root {
-    default {
+	default {
-        force hide
+		force hide
-    }
+	}
 }
 # Allow user znc to spoof when *Identfile is used
@ -33,13 +33,13 @@ user root {
 # /msg *identfile setfile ~/.oidentd.conf
 # /msg *identfile setformat global { reply "%user%" }
 user "znc" {
-    default {
+	default {
-        allow spoof
+		allow spoof
-        allow spoof_all
+		allow spoof_all
-        allow spoof_privport
+		allow spoof_privport
-        deny random
+		deny random
-        deny random_numeric
+		deny random_numeric
-        deny numeric
+		deny numeric
-        deny hide
+		deny hide
-    }
+	}
 }
--- a/etc/pipewire/media-session.d/README.md
+++ b/etc/pipewire/media-session.d/README.md
@ -33,9 +33,9 @@ don't exist by default anymore, they need to be copied and edited separately
 See also:
 - https://gitlab.freedesktop.org/pipewire/pipewire/-/issues/1220
-  - marked as duplicate of: https://gitlab.freedesktop.org/pipewire/pipewire/-/issues/207
+	- marked as duplicate of: https://gitlab.freedesktop.org/pipewire/pipewire/-/issues/207
 ## Bluetooth
 - https://www.redpill-linpro.com/techblog/2021/05/31/better-bluetooth-headset-audio-with-msbc.html
-  - https://web.archive.org/web/20210614103423/https://www.redpill-linpro.com/techblog/2021/05/31/better-bluetooth-headset-audio-with-msbc.html
+	- https://web.archive.org/web/20210614103423/https://www.redpill-linpro.com/techblog/2021/05/31/better-bluetooth-headset-audio-with-msbc.html
--- a/etc/radvd.conf
+++ b/etc/radvd.conf
@ -1,15 +1,15 @@
 interface eth0
 {
-   AdvSendAdvert on;
+	AdvSendAdvert on;
-   AdvOtherConfigFlag on;
+	AdvOtherConfigFlag on;
-   prefix 2001:14b8:100:8397::/64
+	prefix 2001:14b8:100:8397::/64
-   {
+	{
-        AdvOnLink on;
+		AdvOnLink on;
-        AdvAutonomous on;
+		AdvAutonomous on;
-   };
+	};
-   prefix ULA::/64
+	prefix ULA::/64
-   {
+	{
-        AdvOnLink on;
+		AdvOnLink on;
-        AdvAutonomous on;
+		AdvAutonomous on;
-   };
+	};
 };
--- a/etc/resolv.conf
+++ b/etc/resolv.conf
@ -26,9 +26,9 @@ options edns0 single-request-reopen #trust-ad
 # !!! /run/systemd/resolve/stub-resolv.conf !!! /usr/lib/systemd/resolv.conf /run/systemd/resolve/resolv.conf
 # !!! /run/systemd/resolve/stub-resolv.conf !!! contains search domains and doesn't seem to be
-#                                       overwritable and somehow works with Mullvad
+#									   overwritable and somehow works with Mullvad
-#                                       https://github.com/mullvad/mullvadvpn-app/issues/1952
+#									   https://github.com/mullvad/mullvadvpn-app/issues/1952
-# /usr/lib/systemd/resolv.conf          doesn't contain search domains, can
+# /usr/lib/systemd/resolv.conf		  doesn't contain search domains, can
-#                                       get overwritten and "broken"
+#									   get overwritten and "broken"
-# /run/systemd/resolve/resolv.conf      contains uplink resolvers and domains
+# /run/systemd/resolve/resolv.conf	  contains uplink resolvers and domains
-#                                       SHOULDN'T BE USED!
+#									   SHOULDN'T BE USED!
--- a/etc/ssh/ssh_config.d/example.conf
+++ b/etc/ssh/ssh_config.d/example.conf
@ -1,6 +1,6 @@
 #Host example
-  #Hostname compuutteri.example.net
+	#Hostname compuutteri.example.net
-  #Port 12345
+	#Port 12345
-  #IdentityFile /home/username/.ssh/privkey
+	#IdentityFile /home/username/.ssh/privkey
-  #ProxyJump uzanto@komputilo.example.net:2222
+	#ProxyJump uzanto@komputilo.example.net:2222
-  #User account42
+	#User account42
--- a/etc/ssh/sshd_config.d/broken/mikaela-prohibit-password.conf
+++ b/etc/ssh/sshd_config.d/broken/mikaela-prohibit-password.conf
@ -2,6 +2,6 @@
 # in reverse so this file is useless. https://serverfault.com/a/461865
 # & OpenSSH_8.4p1
 Match User mikaela
-    PasswordAuthentication no
+	PasswordAuthentication no
-    AuthenticationMethods publickey
+	AuthenticationMethods publickey
 Match All
--- a/etc/ssh/sshd_config.d/user-permit-password.conf
+++ b/etc/ssh/sshd_config.d/user-permit-password.conf
@ -6,6 +6,6 @@
 # https://serverfault.com/a/461865 OpenSSH_8.4p1
 #Match User someone,somebodyelse,whoever
-#    PasswordAuthentication yes
+#	 PasswordAuthentication yes
-#    AuthenticationMethods any
+#	 AuthenticationMethods any
 #Match All
--- a/etc/systemd/resolved.conf.d/README.md
+++ b/etc/systemd/resolved.conf.d/README.md
@ -12,31 +12,31 @@ sudo systemctl restart systemd-resolved
 ## Files explained
 - `00-defaults.conf` - configuration not touching resolvers. Disables DNSSEC (as
-  systemd-resolved doesn't handle it properly), enables opportunistic DoT and
+	systemd-resolved doesn't handle it properly), enables opportunistic DoT and
-  caching.
+	caching.
 - `dot-*.conf` - configuration to use the DNS provider with DNS-over-TLS. If
-  captive portals are a concern, `DNSOverTLS=no`.
+	captive portals are a concern, `DNSOverTLS=no`.
 - `README.md` - you are reading it right now.
 ## General commentary
 - Based on my test DNSOverTLS is not supported in Ubuntu 18.04.x LTS (however
-  at the time of writing this README.md, the current version is Ubuntu 20.04.0)
+	at the time of writing this README.md, the current version is Ubuntu 20.04.0)
-  (systemd v237). DNSOverTLS became supported in v239, strict mode (yes) in
+	(systemd v237). DNSOverTLS became supported in v239, strict mode (yes) in
-  v243 (big improvements in v244).
+	v243 (big improvements in v244).
-  - TODO: find out when SNI became supported, I have just spotted it in the
+	- TODO: find out when SNI became supported, I have just spotted it in the
-    fine manual in 2020-06-??.
+	fine manual in 2020-06-??.
 - Domains has to be `.~` for them to override DHCP. See https://www.internetsociety.org/blog/2018/12/dns-privacy-in-linux-systemd
-  without which I wouldn't have got this right.
+	without which I wouldn't have got this right.
 - DNSSEC may not work if the system is down for a long time and not updated.
-  Thus `allow-downgrade` may be better for non-tech people, even with the
+	Thus `allow-downgrade` may be better for non-tech people, even with the
-  potential downgrade attack. There are also captive portals, affecting
+	potential downgrade attack. There are also captive portals, affecting
-  `DNSOverTLS`. Both take `yes` or `no` or their own special option,
+	`DNSOverTLS`. Both take `yes` or `no` or their own special option,
-  for DNNSEC the `allow-downgrade`, for DNSOverTLS `opportunistic`.
+	for DNNSEC the `allow-downgrade`, for DNSOverTLS `opportunistic`.
 Other links I have found important and my files are based on:
 - https://wiki.archlinux.org/index.php/Systemd-resolved
-  - Also provides the serious issues systemd-resolved+DNSSEC issues, https://github.com/systemd/systemd/issues/10579 & https://github.com/systemd/systemd/issues/9867
+	- Also provides the serious issues systemd-resolved+DNSSEC issues, https://github.com/systemd/systemd/issues/10579 & https://github.com/systemd/systemd/issues/9867
 - request for strict DOT: https://github.com/systemd/systemd/issues/10755
 - vulnerable to MITM: https://github.com/systemd/systemd/issues/9397
--- a/etc/systemd/system/README.md
+++ b/etc/systemd/system/README.md
@ -4,12 +4,12 @@ subdirectories. The sudirectories won't exist in the real
 and I forget to update this README file if that happens.
 - reflector.service is copied from https://wiki.archlinux.org/index.php/Reflector
-  but uses https instead of http, because there is no reason I would want
+	but uses https instead of http, because there is no reason I would want
-  someone to see what I download.
+	someone to see what I download.
 ## Worth reading
 - Waiting for network devices to have IP address (**I only use this for
-  cables**) https://wiki.freedesktop.org/www/Software/systemd/NetworkTarget/#cutthecraphowdoimakenetwork.targetworkforme
+	cables**) https://wiki.freedesktop.org/www/Software/systemd/NetworkTarget/#cutthecraphowdoimakenetwork.targetworkforme
-  _ systemctl enable NetworkManager-wait-online.service
+	_ systemctl enable NetworkManager-wait-online.service
-  _ systemctl enable systemd-networkd-wait-online.service
+	_ systemctl enable systemd-networkd-wait-online.service
--- a/etc/systemd/system/sailfish/README.md
+++ b/etc/systemd/system/sailfish/README.md
@ -3,4 +3,4 @@ Sailfish OS. It doesn't have cron, so I tried the nearest equivalent
 that is there out-of-box, systemd timers.
 - aliendalvik-stopper again stops android support hourly so it won't waste
-  battery.
+	battery.
--- a/etc/unbound/unbound.conf.d/00-insecure-domains.conf
+++ b/etc/unbound/unbound.conf.d/00-insecure-domains.conf
@ -7,17 +7,17 @@
 server:
 forward-zone:
-    name: "mywifiext.net"
+	name: "mywifiext.net"
-    forward-tls-upstream: no
+	forward-tls-upstream: no
-    forward-addr: 8.8.8.8
+	forward-addr: 8.8.8.8
 forward-zone:
-    name: "tplinkrepeater.net"
+	name: "tplinkrepeater.net"
-    forward-tls-upstream: no
+	forward-tls-upstream: no
-    forward-addr: 8.8.8.8
+	forward-addr: 8.8.8.8
 # Can I refer to subdomain as a zone?
 forward-zone:
-    name: "http.badssl.com"
+	name: "http.badssl.com"
-    forward-tls-upstream: no
+	forward-tls-upstream: no
-    forward-addr: 8.8.8.8
+	forward-addr: 8.8.8.8
--- a/etc/unbound/unbound.conf.d/cache.conf
+++ b/etc/unbound/unbound.conf.d/cache.conf
@ -4,14 +4,14 @@
 # See also MEMORY CONTROL EXAMPLE in man unbound.conf
 server:
-    # bytes in message cache, defaults to 4m
+	# bytes in message cache, defaults to 4m
-    msg-cache-size: 50m
+	msg-cache-size: 50m
-    # bytes in rrset cache, defaults to 4m
+	# bytes in rrset cache, defaults to 4m
-    rrset-cache-size: 50m
+	rrset-cache-size: 50m
-    # nxdomain cache, default 1m
+	# nxdomain cache, default 1m
-    neg-cache-size: 10m
+	neg-cache-size: 10m
-    # Cache results for 15 minutes even if they had a shorter TTL. Cloudflare
+	# Cache results for 15 minutes even if they had a shorter TTL. Cloudflare
-    # zone export used to have 1 second, and I have also been seeing 1
+	# zone export used to have 1 second, and I have also been seeing 1
-    # minute in the wild, I think 5 mins shouldn't break anything, but bigger
+	# minute in the wild, I think 5 mins shouldn't break anything, but bigger
-    # might.
+	# might.
-    cache-min-ttl: 900
+	cache-min-ttl: 900
--- a/etc/unbound/unbound.conf.d/dns-over-tls.conf
+++ b/etc/unbound/unbound.conf.d/dns-over-tls.conf
@ -7,10 +7,10 @@
 # root-auto-trust-anchor-file.conf at least on Debian.
 server:
-  # Debian ca-certificates location
+	# Debian ca-certificates location
-  tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
+	tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
-  # Fedora location
+	# Fedora location
-  #tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
+	#tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
 # Hopefully a reasonable set of non-filtering servers including those
 # listening on 443, preferably Anycast, but not necessarily.
@ -21,37 +21,37 @@ server:
 # (Also I cannot rename this file due to it being linked around))
 forward-zone:
-    name: "."
+	name: "."
-    forward-tls-upstream: yes
+	forward-tls-upstream: yes
-    # Quad9 - Anycast, Switzerland based
+	# Quad9 - Anycast, Switzerland based
-    # Non filtering "insecure" servers without DNSSEC, but that is done
+	# Non filtering "insecure" servers without DNSSEC, but that is done
-    # by Unbound locally anyway.
+	# by Unbound locally anyway.
-    forward-addr: 2620:fe::fe:10@853#dns10.quad9.net
+	forward-addr: 2620:fe::fe:10@853#dns10.quad9.net
-    forward-addr: 9.9.9.10@853#dns10.quad9.net
+	forward-addr: 9.9.9.10@853#dns10.quad9.net
-    forward-addr: 2620:fe::10@853#dns10.quad9.net
+	forward-addr: 2620:fe::10@853#dns10.quad9.net
-    forward-addr: 149.112.112.10@853#dns10.quad9.net
+	forward-addr: 149.112.112.10@853#dns10.quad9.net
-    # Cloudflare DNS - anycast
+	# Cloudflare DNS - anycast
-    forward-addr: 2606:4700:4700::1111@853#cloudflare-dns.com
+	forward-addr: 2606:4700:4700::1111@853#cloudflare-dns.com
-    forward-addr: 1.1.1.1@853#cloudflare-dns.com
+	forward-addr: 1.1.1.1@853#cloudflare-dns.com
-    forward-addr: 2606:4700:4700::1001@853#cloudflare-dns.com
+	forward-addr: 2606:4700:4700::1001@853#cloudflare-dns.com
-    forward-addr: 1.0.0.1@853#cloudflare-dns.com
+	forward-addr: 1.0.0.1@853#cloudflare-dns.com
-    ## DNS-over-TLS on port 443, no filtering. Mainly useful for traveling
+	## DNS-over-TLS on port 443, no filtering. Mainly useful for traveling
-    ## laptops?
+	## laptops?
-    # https://appliedprivacy.net/services/dns/ - Vienna, Austria
+	# https://appliedprivacy.net/services/dns/ - Vienna, Austria
-    #forward-addr: 2a02:1b8:10:234::2@443#dot1.applied-privacy.net
+	#forward-addr: 2a02:1b8:10:234::2@443#dot1.applied-privacy.net
-    #forward-addr: 146.255.56.98@443#dot1.applied-privacy.net
+	#forward-addr: 146.255.56.98@443#dot1.applied-privacy.net
-    # Adguard DNS Unfiltered Anycast
+	# Adguard DNS Unfiltered Anycast
-    forward-addr: 2a10:50c0::1:ff@853#dns-unfiltered.adguard.com
+	forward-addr: 2a10:50c0::1:ff@853#dns-unfiltered.adguard.com
-    forward-addr: 2a10:50c0::2:ff@853#dns-unfiltered.adguard.com
+	forward-addr: 2a10:50c0::2:ff@853#dns-unfiltered.adguard.com
-    forward-addr: 94.140.14.140@853#dns-unfiltered.adguard.com
+	forward-addr: 94.140.14.140@853#dns-unfiltered.adguard.com
-    forward-addr: 94.140.14.141@853#dns-unfiltered.adguard.com
+	forward-addr: 94.140.14.141@853#dns-unfiltered.adguard.com
-    # NextDNS - anycast
+	# NextDNS - anycast
-    forward-addr: 45.90.28.0@853#dns1.nextdns.io
+	forward-addr: 45.90.28.0@853#dns1.nextdns.io
-    forward-addr: 2a07:a8c0::@853#dns1.nextdns.io
+	forward-addr: 2a07:a8c0::@853#dns1.nextdns.io
-    forward-addr: 45.90.30.0@853#dns2.nextdns.io
+	forward-addr: 45.90.30.0@853#dns2.nextdns.io
-    forward-addr: 2a07:a8c1::@853#dns2.nextdns.io
+	forward-addr: 2a07:a8c1::@853#dns2.nextdns.io
--- a/etc/unbound/unbound.conf.d/dns64-over-tls.conf
+++ b/etc/unbound/unbound.conf.d/dns64-over-tls.conf
@ -2,23 +2,23 @@
 # are currently rare. And this is more of a placeholder.
 server:
-  # Debian ca-certificates location
+	# Debian ca-certificates location
-  tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
+	tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
-  # ctrl.blog says this is the Fedora location
+	# ctrl.blog says this is the Fedora location
-  #tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
+	#tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
 # Forward queries to
 forward-zone:
-    name: "."
+	name: "."
-    forward-tls-upstream: yes
+	forward-tls-upstream: yes
-    # Google DNS64 for 64:ff9b::/96
+	# Google DNS64 for 64:ff9b::/96
-    # As of 2019-08-25 this doesn't seem to actually be working, but I hope
+	# As of 2019-08-25 this doesn't seem to actually be working, but I hope
-    # Google will fix it by the time I actually have IPv6 only hosts and
+	# Google will fix it by the time I actually have IPv6 only hosts and
-    # there will be not-Google options.
+	# there will be not-Google options.
-    #forward-addr: 2001:4860:4860::6464@853#dns64.dns.google
+	#forward-addr: 2001:4860:4860::6464@853#dns64.dns.google
-    #forward-addr: 2001:4860:4860::64@853#dns64.dns.google
+	#forward-addr: 2001:4860:4860::64@853#dns64.dns.google
-    # Cloudflare for 64:ff9b::/96
+	# Cloudflare for 64:ff9b::/96
-    forward-addr: 2606:4700:4700::64@853#dns64.cloudflare-dns.com
+	forward-addr: 2606:4700:4700::64@853#dns64.cloudflare-dns.com
-    forward-addr: 2606:4700:4700::6400@853#dns64.cloudflare-dns.com
+	forward-addr: 2606:4700:4700::6400@853#dns64.cloudflare-dns.com
--- a/etc/unbound/unbound.conf.d/dnscrypt-proxy.conf
+++ b/etc/unbound/unbound.conf.d/dnscrypt-proxy.conf
@ -1,5 +1,5 @@
 # From https://wiki.archlinux.org/index.php/DNSCrypt
 do-not-query-localhost: no
 forward-zone:
-    name: "."
+	name: "."
-    forward-addr: 127.0.2.1@53
+	forward-addr: 127.0.2.1@53
--- a/etc/unbound/unbound.conf.d/dot-adguard.conf
+++ b/etc/unbound/unbound.conf.d/dot-adguard.conf
@ -1,15 +1,15 @@
 server:
-  # Debian ca-certificates location
+	# Debian ca-certificates location
-  tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
+	tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
-  # ctrl.blog says this is the Fedora location
+	# ctrl.blog says this is the Fedora location
-  #tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
+	#tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
 forward-zone:
-    name: "."
+	name: "."
-    forward-tls-upstream: yes
+	forward-tls-upstream: yes
-    forward-addr: 2a10:50c0::ad1:ff@853#dns.adguard.com
+	forward-addr: 2a10:50c0::ad1:ff@853#dns.adguard.com
-    forward-addr: 94.140.14.14@853#dns.adguard.com
+	forward-addr: 94.140.14.14@853#dns.adguard.com
-    forward-addr: 2a10:50c0::ad2:ff@853#dns.adguard.com
+	forward-addr: 2a10:50c0::ad2:ff@853#dns.adguard.com
-    forward-addr: 94.140.15.15@853#dns.adguard.com
+	forward-addr: 94.140.15.15@853#dns.adguard.com
 # Updated for https://adguard.com/en/blog/adguard-dns-new-addresses.html
--- a/etc/unbound/unbound.conf.d/dot-fluhable-cache.conf
+++ b/etc/unbound/unbound.conf.d/dot-fluhable-cache.conf
@ -2,25 +2,25 @@
 # Based on https://www.ctrl.blog/entry/unbound-tls-forwarding.html
 server:
-  # Debian ca-certificates location
+	# Debian ca-certificates location
-  tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
+	tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
-  # Fedora location
+	# Fedora location
-  #tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
+	#tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
 # DNS servers that have public button for flushing cache. Privacy not considered.
 forward-zone:
-    name: "."
+	name: "."
-    forward-tls-upstream: yes
+	forward-tls-upstream: yes
-    # Cloudflare / https://1.1.1.1/purge-cache/
+	# Cloudflare / https://1.1.1.1/purge-cache/
-    forward-addr: 2606:4700:4700::1111@853#cloudflare-dns.com
+	forward-addr: 2606:4700:4700::1111@853#cloudflare-dns.com
-    forward-addr: 1.1.1.1@853#cloudflare-dns.com
+	forward-addr: 1.1.1.1@853#cloudflare-dns.com
-    forward-addr: 2606:4700:4700::1001@853#cloudflare-dns.com
+	forward-addr: 2606:4700:4700::1001@853#cloudflare-dns.com
-    forward-addr: 1.0.0.1@853#cloudflare-dns.com
+	forward-addr: 1.0.0.1@853#cloudflare-dns.com
-    # Google / https://dns.google/cache
+	# Google / https://dns.google/cache
-    forward-addr: 8.8.8.8@853#dns.google
+	forward-addr: 8.8.8.8@853#dns.google
-    forward-addr: 8.8.4.4@853#dns.google
+	forward-addr: 8.8.4.4@853#dns.google
-    forward-addr: 2001:4860:4860::8888@853#dns.google
+	forward-addr: 2001:4860:4860::8888@853#dns.google
-    forward-addr: 2001:4860:4860::8844@853#dns.google
+	forward-addr: 2001:4860:4860::8844@853#dns.google
--- a/etc/unbound/unbound.conf.d/dot-mullvad-adblock.conf
+++ b/etc/unbound/unbound.conf.d/dot-mullvad-adblock.conf
@ -1,12 +1,12 @@
 server:
-  # Debian ca-certificates location
+	# Debian ca-certificates location
-  tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
+	tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
-  # ctrl.blog says this is the Fedora location
+	# ctrl.blog says this is the Fedora location
-  #tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
+	#tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
 forward-zone:
-    name: "."
+	name: "."
-    forward-tls-upstream: yes
+	forward-tls-upstream: yes
-    forward-addr: 2a07:e340::3@853#adblock.doh.mullvad.net
+	forward-addr: 2a07:e340::3@853#adblock.doh.mullvad.net
-    forward-addr: 194.242.2.3@853#adblock.doh.mullvad.net
+	forward-addr: 194.242.2.3@853#adblock.doh.mullvad.net
-    forward-addr: 193.19.108.3@853#adblock.doh.mullvad.net
+	forward-addr: 193.19.108.3@853#adblock.doh.mullvad.net
--- a/etc/unbound/unbound.conf.d/dot-mullvad.conf
+++ b/etc/unbound/unbound.conf.d/dot-mullvad.conf
@ -1,12 +1,12 @@
 server:
-  # Debian ca-certificates location
+	# Debian ca-certificates location
-  tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
+	tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
-  # ctrl.blog says this is the Fedora location
+	# ctrl.blog says this is the Fedora location
-  #tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
+	#tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
 forward-zone:
-    name: "."
+	name: "."
-    forward-tls-upstream: yes
+	forward-tls-upstream: yes
-    forward-addr: 2a07:e340::2@853#doh.mullvad.net
+	forward-addr: 2a07:e340::2@853#doh.mullvad.net
-    forward-addr: 194.242.2.2@853#doh.mullvad.net
+	forward-addr: 194.242.2.2@853#doh.mullvad.net
-    forward-addr: 193.19.108.2@853#doh.mullvad.net
+	forward-addr: 193.19.108.2@853#doh.mullvad.net
--- a/etc/unbound/unbound.conf.d/dot-quad9-ecs.conf
+++ b/etc/unbound/unbound.conf.d/dot-quad9-ecs.conf
@ -1,13 +1,13 @@
 server:
-  # Debian ca-certificates location
+	# Debian ca-certificates location
-  tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
+	tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
-  # ctrl.blog says this is the Fedora location
+	# ctrl.blog says this is the Fedora location
-  #tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
+	#tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
 forward-zone:
-    name: "."
+	name: "."
-    forward-tls-upstream: yes
+	forward-tls-upstream: yes
-    forward-addr: 2620:fe::fe:11@853#dns11.quad9.net
+	forward-addr: 2620:fe::fe:11@853#dns11.quad9.net
-    forward-addr: 9.9.9.11@853#dns11.quad9.net
+	forward-addr: 9.9.9.11@853#dns11.quad9.net
-    forward-addr: 2620:fe::11@853#dns11.quad9.net
+	forward-addr: 2620:fe::11@853#dns11.quad9.net
-    forward-addr: 149.112.112.11@853#dns11.quad9.net
+	forward-addr: 149.112.112.11@853#dns11.quad9.net
--- a/etc/unbound/unbound.conf.d/dot-quad9.conf
+++ b/etc/unbound/unbound.conf.d/dot-quad9.conf
@ -1,13 +1,13 @@
 server:
-  # Debian ca-certificates location
+	# Debian ca-certificates location
-  tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
+	tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
-  # ctrl.blog says this is the Fedora location
+	# ctrl.blog says this is the Fedora location
-  #tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
+	#tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
 forward-zone:
-    name: "."
+	name: "."
-    forward-tls-upstream: yes
+	forward-tls-upstream: yes
-    forward-addr: 2620:fe::fe@853#dns.quad9.net
+	forward-addr: 2620:fe::fe@853#dns.quad9.net
-    forward-addr: 9.9.9.9@853#dns.quad9.net
+	forward-addr: 9.9.9.9@853#dns.quad9.net
-    forward-addr: 2620:fe::9@853#dns.quad9.net
+	forward-addr: 2620:fe::9@853#dns.quad9.net
-    forward-addr: 149.112.112.112@853#dns.quad9.net
+	forward-addr: 149.112.112.112@853#dns.quad9.net
--- a/etc/unbound/unbound.conf.d/ipv6.conf
+++ b/etc/unbound/unbound.conf.d/ipv6.conf
@ -1,3 +1,3 @@
 server:
-    # Prefer IPv6 transport for sending DNS queries to internet nameservers.
+	# Prefer IPv6 transport for sending DNS queries to internet nameservers.
-    prefer-ip6: yes
+	prefer-ip6: yes
--- a/etc/unbound/unbound.conf.d/logging.conf
+++ b/etc/unbound/unbound.conf.d/logging.conf
@ -1,10 +1,10 @@
 server:
-    use-syslog: yes
+	use-syslog: yes
-    #logfile: "/tmp/unbound.log"
+	#logfile: "/tmp/unbound.log"
-    # level 0 means no verbosity, only errors. Level 1 gives operational
+	# level 0 means no verbosity, only errors. Level 1 gives operational
-    # information. Level 2 gives detailed operational information. Level 3
+	# information. Level 2 gives detailed operational information. Level 3
-    # gives query level information, output per query.  Level  4  gives
+	# gives query level information, output per query.  Level  4  gives
-    # algorithm  level  information.
+	# algorithm  level  information.
-    verbosity: 2
+	verbosity: 2
-    # Print statistics to the log hourly
+	# Print statistics to the log hourly
-    statistics-interval: 3600
+	statistics-interval: 3600
--- a/etc/unbound/unbound.conf.d/plain-dns64.conf
+++ b/etc/unbound/unbound.conf.d/plain-dns64.conf
@ -2,19 +2,19 @@
 # Check dns64-over-tls.conf instead!
 forward-zone:
-    name: "."
+	name: "."
-    # Cloudflare DNS64 for 64:ff9b::/96
+	# Cloudflare DNS64 for 64:ff9b::/96
-    forward-addr: 2606:4700:4700::64
+	forward-addr: 2606:4700:4700::64
-    forward-addr: 2606:4700:4700::6400
+	forward-addr: 2606:4700:4700::6400
-    # Trex DNS64/NAT64 <http://www.trex.fi/2011/dns64.html>
+	# Trex DNS64/NAT64 <http://www.trex.fi/2011/dns64.html>
-    # > The generated AAAA records point to address blocks in TREX's public
+	# > The generated AAAA records point to address blocks in TREX's public
-    # address space 2001:67c:2b0::/48 so they are usable from anywhere on
+	# address space 2001:67c:2b0::/48 so they are usable from anywhere on
-    # the Internet.
+	# the Internet.
-    forward-addr: 2001:67c:2b0::4
+	forward-addr: 2001:67c:2b0::4
-    forward-addr: 2001:67c:2b0::6
+	forward-addr: 2001:67c:2b0::6
-    # Google DNS64 for 64:ff9b::/96 (reserved NAT64 space)
+	# Google DNS64 for 64:ff9b::/96 (reserved NAT64 space)
-    #forward-addr: 2001:4860:4860::6464
+	#forward-addr: 2001:4860:4860::6464
-    #forward-addr: 2001:4860:4860::64
+	#forward-addr: 2001:4860:4860::64
--- a/etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf
+++ b/etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf
@ -1,6 +1,6 @@
 # This is another Debian default, that I may be missing under Arch, even
 # if the location changes.
 server:
-    # The following line will configure unbound to perform cryptographic
+	# The following line will configure unbound to perform cryptographic
-    # DNSSEC validation using the root trust anchor.
+	# DNSSEC validation using the root trust anchor.
-    auto-trust-anchor-file: "/var/lib/unbound/root.key"
+	auto-trust-anchor-file: "/var/lib/unbound/root.key"
--- a/etc/unbound/unbound.conf.d/threads.conf
+++ b/etc/unbound/unbound.conf.d/threads.conf
@ -1,4 +1,4 @@
 server:
-    # Use two threads, I think more than 1 threads will help with Firefox
+	# Use two threads, I think more than 1 threads will help with Firefox
-    # at times telling name resolution failed
+	# at times telling name resolution failed
-    num-threads: 2
+	num-threads: 2
--- a/6
+++ b/6
@ -18,7 +18,7 @@ cat conf/makepkg.conf > ~/.makepkg.conf
 mkdir -p ~/.config/mpv/
 cat conf/mpv.conf > ~/.config/mpv/mpv.conf
 if [ ! -f ~/.oidentd.conf ]; then
-    cat conf/oidentd.conf > ~/.oidentd.conf
+	cat conf/oidentd.conf > ~/.oidentd.conf
 fi
 mkdir -p ~/.gnupg
 cat gpg/gpg.conf > ~/.gnupg/gpg.conf
@ -37,12 +37,12 @@ bash -x ./chmod&
 if [ -f $HOME/.MIKAELAGREP ]
 then
-    mv $HOME/.MIKAELAGREP $MIKAELA_GREP
+	mv $HOME/.MIKAELAGREP $MIKAELA_GREP
 fi
 if [ -f "$MIKAELA_GREP" ]
 then
-    bash -x .mikaela_install
+	bash -x .mikaela_install
 fi
 set +x
--- a/rc/bashrc
+++ b/rc/bashrc
@ -108,7 +108,7 @@ if [[ $UNAME = Darwin ]]; then
 	alias l="ls -CFGp"
 fi
-# Add an "alert" alias for long running commands.  Use like so:
+# Add an "alert" alias for long running commands. Use like so:
 #	sleep 10; alert
 alias alert='notify-send --urgency=low -i "$([ $? = 0 ] && echo terminal || echo error)" "$(history|tail -n1|sed -e '\''s/^\s*[0-9]\+\s*//;s/[;&|]\s*alert$//'\'')"'
@ -276,7 +276,7 @@ alias nmap-quick-plus="sudo nmap -sV -T4 -O -F --version-light "
 alias nmap-traceroute="sudo nmap -sP -PE -PS22,25,80 -PA21,23,80,3389 -PU -PO --traceroute "
 alias nmap-regular="nmap "
 alias nmap-comprehensive="sudo nmap -sS -sU -T4 -A -v -PE -PP -PS21,22,23,25,80,113,31339 -PA80,113,443,10042 -PO --script all "
-# Little "safer" scan as connecting to only HTTP and HTTPS ports doesn't look so attacking. Copy-paste to .bash_custom and remove  " -p 80,443" if you want to scan all ports which nmap scans by default.
+# Little "safer" scan as connecting to only HTTP and HTTPS ports doesn't look so attacking. Copy-paste to .bash_custom and remove " -p 80,443" if you want to scan all ports which nmap scans by default.
 alias nmap-osscan="sudo nmap -p 80,443 -O -v --osscan-guess --fuzzy "
 # Downloads folder over SSH. Usage: rdownload <host>:<remotefolder> <local_destination> | TIP: use ~/ssh/config to configure hosts.
@ -530,7 +530,7 @@ alias mpvms="mpv --no-video --shuffle"
 # Compatibility with my i3 alsactl mess
 if [ -f ~/.config/asound.state ]
 then
-  alias alsactl="\alsactl -f ~/.config/asound.state"
+	alias alsactl="\alsactl -f ~/.config/asound.state"
 fi
 # More simple SSH file signing, ~/.ssh/signingkey.pub should be a symlink
@ -573,26 +573,26 @@ function ex ()
 {
 if [ -f "$1" ] ; then
 case "$1" in
-	  *.tar)				tar xvf $1			;;
+	*.tar)				tar xvf $1			;;
-	  *.tar.bz2 | *.tbz2 )	tar xjvf $1			;;
+	*.tar.bz2 | *.tbz2 )	tar xjvf $1			;;
-	  *.tar.gz | *.tgz )	tar xzvf $1			;;
+	*.tar.gz | *.tgz )	tar xzvf $1			;;
-	  *.bz2)				bunzip2 $1			;;
+	*.bz2)				bunzip2 $1			;;
-	  *.rar)				unrar x $1			;;
+	*.rar)				unrar x $1			;;
-	  *.gz)					gunzip $1			;;
+	*.gz)					gunzip $1			;;
-	  *.zip)				unzip $1			;;
+	*.zip)				unzip $1			;;
-	  *.Z)					uncompress $1		;;
+	*.Z)					uncompress $1		;;
-	  *.7z)					7z x $1				;;
+	*.7z)					7z x $1				;;
-	  *.xz)					tar xJvf $1			;;
+	*.xz)					tar xJvf $1			;;
-	  *.deb)
+	*.deb)
-		 DIR=${1%%_*.deb}
+		DIR=${1%%_*.deb}
-		 ar xv $1
+		ar xv $1
-		 mkdir ${DIR}
+		mkdir ${DIR}
-		 tar -C ${DIR} -xzvf data.tar.gz		;;
+		tar -C ${DIR} -xzvf data.tar.gz		;;
-	  *.rpm)			   rpm2cpio $1 | cpio -vid	;;
+	*.rpm)			 rpm2cpio $1 | cpio -vid	;;
-	  *)   echo ""${1}" cannot be extracted via extract()"
+	*) echo ""${1}" cannot be extracted via extract()"
 ;;
 	esac
-   else
+else
 	echo ""${1}" is not a valid file"
 fi
 }
--- a/rc/vimrc
+++ b/rc/vimrc
@ -79,9 +79,9 @@ filetype plugin indent on
 " Return to last edit position when opening files (You want this!)
 autocmd BufReadPost *
-	 \ if line("'\"") > 0 && line("'\"") <= line("$") |
+	\ if line("'\"") > 0 && line("'\"") <= line("$") |
-	 \	 exe "normal! g`\"" |
+	\	 exe "normal! g`\"" |
-	 \ endif
+	\ endif
 " I think leaving line endings to git may be more safe
 " dos2unix ^M copied from https://stackoverflow.com/a/5361702/1675649
--- a/rc/zshrc
+++ b/rc/zshrc
@ -11,20 +11,20 @@ UNAME=$(uname)
 # Dynamic window title via https://stackoverflow.com/a/20772424
 ## BREAKS TMUX TITLE CHANGING WHICH IS BETTER THAN THIS.
 #case $TERM in
-#  (*xterm* | *rxvt*)
+#	(*xterm* | *rxvt*)
 	# Write some info to terminal title.
 	# This is seen when the shell prompts for input.
 #	 function precmd {
-#	   print -Pn "\e]0;zsh%L %(1j,%j job%(2j|s|); ,)%~\a"
+#		print -Pn "\e]0;zsh%L %(1j,%j job%(2j|s|); ,)%~\a"
 #	 }
 	# Write command and args to terminal title.
 	# This is seen while the shell waits for a command to complete.
 #	 function preexec {
-#	   printf "\033]0;%s\a" "$1"
+#		printf "\033]0;%s\a" "$1"
 #	 }
 #
-#  ;;
+#;;
 #esac
 # enable terminal bell
@ -232,7 +232,7 @@ alias nmap-quick-plus="sudo nmap -sV -T4 -O -F --version-light "
 alias nmap-traceroute="sudo nmap -sP -PE -PS22,25,80 -PA21,23,80,3389 -PU -PO --traceroute "
 alias nmap-regular="nmap "
 alias nmap-comprehensive="sudo nmap -sS -sU -T4 -A -v -PE -PP -PS21,22,23,25,80,113,31339 -PA80,113,443,10042 -PO --script all "
-# Little "safer" scan as connecting to only HTTP and HTTPS ports doesn't look so attacking. Copy-paste to .zsh_custom and remove  " -p 80,443" if you want to scan all ports which nmap scans by default.
+# Little "safer" scan as connecting to only HTTP and HTTPS ports doesn't look so attacking. Copy-paste to .zsh_custom and remove" -p 80,443" if you want to scan all ports which nmap scans by default.
 alias nmap-osscan="sudo nmap -p 80,443 -O -v --osscan-guess --fuzzy "
 # Downloads folder over SSH. Usage: rdownload <host>:<remotefolder> <local_destination> | TIP: use ~/ssh/config to configure hosts.
@ -281,7 +281,7 @@ if [[ $UNAME = Darwin ]]; then
 	alias l="ls -CFGp"
 fi
-# Add an "alert" alias for long running commands.  Use like so:
+# Add an "alert" alias for long running commands. Use like so:
 alias alert='notify-send --urgency=low -i "$([ $? = 0 ] && echo terminal || echo error)" "$(history|tail -n1|sed -e '\''s/^\s*[0-9]\+\s*//;s/[;&|]\s*alert$//'\'')"'
 ## -- End of aliases which are saved from Ubuntu default bashrc. --
@ -507,7 +507,7 @@ alias mpvms="mpv --no-video --shuffle"
 # Compatibility with my i3 alsactl mess
 if [ -f ~/.config/asound.state ]
 then
-  alias alsactl="\alsactl -f ~/.config/asound.state"
+	alias alsactl="\alsactl -f ~/.config/asound.state"
 fi
 # More simple SSH file signing, ~/.ssh/signingkey.pub should be a symlink
@ -550,26 +550,26 @@ function ex ()
 {
 if [ -f "$1" ] ; then
 case "$1" in
-	  *.tar)				tar xvf $1			;;
+		*.tar)				tar xvf $1			;;
-	  *.tar.bz2 | *.tbz2 )	tar xjvf $1			;;
+		*.tar.bz2 | *.tbz2 )	tar xjvf $1			;;
-	  *.tar.gz | *.tgz )	tar xzvf $1			;;
+		*.tar.gz | *.tgz )	tar xzvf $1			;;
-	  *.bz2)				bunzip2 $1			;;
+		*.bz2)				bunzip2 $1			;;
-	  *.rar)				unrar x $1			;;
+		*.rar)				unrar x $1			;;
-	  *.gz)					gunzip $1			;;
+		 *.gz)					gunzip $1			;;
-	  *.zip)				unzip $1			;;
+		*.zip)				unzip $1			;;
-	  *.Z)					uncompress $1		;;
+		*.Z)					uncompress $1		;;
-	  *.7z)					7z x $1				;;
+		*.7z)					7z x $1				;;
-	  *.xz)					tar xJvf $1			;;
+		*.xz)					tar xJvf $1			;;
-	  *.deb)
+		*.deb)
-		 DIR=${1%%_*.deb}
+		DIR=${1%%_*.deb}
-		 ar xv $1
+		ar xv $1
-		 mkdir ${DIR}
+		mkdir ${DIR}
-		 tar -C ${DIR} -xzvf data.tar.gz		;;
+		tar -C ${DIR} -xzvf data.tar.gz		;;
-	  *.rpm)			   rpm2cpio $1 | cpio -vid	;;
+		*.rpm)				rpm2cpio $1 | cpio -vid	;;
-	  *)   echo ""${1}" cannot be extracted via extract()"
+		*)	 echo ""${1}" cannot be extracted via extract()"
 ;;
 	esac
-   else
+	else
 	echo ""${1}" is not a valid file"
 fi
 }
--- a/var/lib/iwd/README.md
+++ b/var/lib/iwd/README.md
@ -6,14 +6,14 @@ NetworkManager.
 Notes:
 - `git commit`ing the same SSID with different capitalisations breaks
-  Windows and more common macOS setups due to their filesystems being
+	Windows and more common macOS setups due to their filesystems being
-  case-insensitive.
+	case-insensitive.
 - `Settings.AutoConnect=true` is unnecessary as it defaults to true
-  according to `man iwd.network`.
+	according to `man iwd.network`.
 - `IPv6.Enabled=true` defauls to true being also unnecessary.
 - `private-home-sample.psk` has a comment on MAC address override and sends
-  hostname with IPv4 DHCP. `private-cafe-sample.psk` always randomizes MAC
+	hostname with IPv4 DHCP. `private-cafe-sample.psk` always randomizes MAC
-  address and doesn't send hostname.
+	address and doesn't send hostname.
 - The `.open` networks always randomize MAC address too. If a network is
-  private and needs MAC address for captive portal override or something,
+	private and needs MAC address for captive portal override or something,
-  `private-home-sample.psk` should be adjusted from.
+	`private-home-sample.psk` should be adjusted from.