fix ends of lines

.editorconfig

@@ -29,6 +29,9 @@ indent_size = 2
 # never seem to do that, maybe I should accept it
 [*.{markdown,md}]
 trim_trailing_whitespace = false
+# Prettier seems to believe spaces are the only way to markdown
+indent_style = space
+indent_size = 2
 
 # Nim https://nim-lang.org/docs/nep1.html#introduction-spacing-and-whitespace-conventions
 [*.nim]
@@ -66,4 +69,3 @@ end_of_line = crlf
 [*.{cff,yaml,yml}]
 indent_style = space
 indent_size = 2
-

.mikaela/gpg.conf

@@ -5,7 +5,7 @@
 # This file is free software; as a special exception the author gives
 # unlimited permission to copy and/or distribute it, with or without
 # modifications, as long as this notice is preserved.
-# 
+#
 # This file is distributed in the hope that it will be useful, but
 # WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
 # implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
@@ -112,4 +112,3 @@ trust-model tofu+pgp
 # WoT with TOFU’s conflict detection, but without positive trust. This may
 # be better due to https://gitea.blesmrt.net/mikaela/pgp-alt-wot/ and lsign.
 tofu-default-policy unknown
-

.mikaela/pastebinit.xml

@@ -1,6 +1,6 @@
-<pastebinit> 
+<pastebinit>
-    <pastebin>http://sprunge.us</pastebin>
+	<pastebin>http://sprunge.us</pastebin>
-    <author>Mikaela</author>
+	<author>Mikaela</author>
-    <jabberid>mikaela@kapsi.fi</jabberid>
+	<jabberid>mikaela@kapsi.fi</jabberid>
-    <format>text</format>
+	<format>text</format>
 </pastebinit>

.pre-commit-config.yaml

@@ -5,12 +5,22 @@
 # See https://pre-commit.com for more information
 # See https://pre-commit.com/hooks.html for more hooks
 repos:
--   repo: https://github.com/pre-commit/pre-commit-hooks
+  - repo: https://github.com/pre-commit/pre-commit-hooks
     rev: v4.4.0
     hooks:
-    -   id: check-case-conflict
+      - id: check-case-conflict
-    -   id: check-executables-have-shebangs
+      - id: check-executables-have-shebangs
-    -   id: check-shebang-scripts-are-executable
+      - id: check-shebang-scripts-are-executable
-    -   id: destroyed-symlinks
+      - id: destroyed-symlinks
-    -   id: detect-private-key
+      - id: detect-private-key
-    -   id: fix-byte-order-marker
+      - id: end-of-file-fixer
+      - id: fix-byte-order-marker
+  - repo: https://github.com/pre-commit/mirrors-prettier
+    rev: "v3.0.0-alpha.4"
+    hooks:
+      - id: prettier
+  - repo: https://github.com/editorconfig-checker/editorconfig-checker.python
+    rev: "2.7.1"
+    hooks:
+      - id: editorconfig-checker
+        alias: ec

CITATION.cff

@@ -12,6 +12,6 @@ authors:
     family-names: Suomalainen
     email: suomalainen+git@mikaela.info
   - given-names: git shortlog -sne
-repository-code: 'https://gitea.blesmrt.net/Mikaela/shell-things'
+repository-code: "https://gitea.blesmrt.net/Mikaela/shell-things"
 abstract: dotfiles
 license: BSD-3-Clause

LICENSE

@@ -1,4 +1,4 @@
-Copyright (c) <year> <owner>. 
+Copyright (c) <year> <owner>.
 
 Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
 

README.md

@@ -1,13 +1,12 @@
 Config files that I wish to have everywhere. You could probably call this
 repository as dotfiles, but historical reasons...
 
-Directories explained
+# Directories explained
-=====================
 
-* .mikaela — files that most likely aren't suitable for places where other
+- .mikaela — files that most likely aren't suitable for places where other
   people than me have access too
-* Windows — files releated to Windows
+- Windows — files releated to Windows
-* conf — config files like .tmux.conf
+- conf — config files like .tmux.conf
-* etc — /etc/
+- etc — /etc/
-* gpg — GNU Privacy Guard config files, ~/.gnupg/
+- gpg — GNU Privacy Guard config files, ~/.gnupg/
-* rc — bashrc, zshrc, vimrc and apparently \*init files…
+- rc — bashrc, zshrc, vimrc and apparently \*init files…

Windows/.gitattributes

@@ -1 +1 @@
-* text=auto eol=crlf
+*	text=auto eol=crlf

Windows/10to11/README.md

@@ -2,7 +2,7 @@
 
 ## WARNING
 
-* READ FIRST: [Microsoft: Installing Windows 11 on devices that don't meet minimum system requirements](https://support.microsoft.com/windows/installing-windows-11-on-devices-that-don-t-meet-minimum-system-requirements-0b2dc4a2-5933-4ad4-9c09-ef0a331518f1)
+- READ FIRST: [Microsoft: Installing Windows 11 on devices that don't meet minimum system requirements](https://support.microsoft.com/windows/installing-windows-11-on-devices-that-don-t-meet-minimum-system-requirements-0b2dc4a2-5933-4ad4-9c09-ef0a331518f1)
 
 This is not supported by Microsoft, most of the methods listed here didn't
 work for me on the first system I updated, Windows is not my primary operating
@@ -14,19 +14,19 @@ affect me.
 Sedric, Tassu and Zaldaryn have no TPM or currently supported CPU, while
 the health check app says they are only two to six years old.
 
-* https://github.com/AveYo/MediaCreationTool.bat
+- https://github.com/AveYo/MediaCreationTool.bat
 
 ## Registry files here
 
 I think the first method is likely the best, but I cannot rule these working
 on another system out yet. They didn't work on my first system tried.
 
-* `00-AllowUpgradesWithUnsupportedTPMOrCPU.reg` - the official Microsoft
+- `00-AllowUpgradesWithUnsupportedTPMOrCPU.reg` - the official Microsoft
   recommendation and the only one that should be used. If after reboot
   nothing happens, maybe try the rest rebooting every failure.
-  * https://support.microsoft.com/windows/windows-11-n-asentaminen-e0edbbfb-cfc5-4011-868b-2ce77ac7c70e
+  - https://support.microsoft.com/windows/windows-11-n-asentaminen-e0edbbfb-cfc5-4011-868b-2ce77ac7c70e
-* `01-LabConfig.reg` - widely reported to work
+- `01-LabConfig.reg` - widely reported to work
-* `01-Setup.reg` - ^
+- `01-Setup.reg` - ^
-* `02-DevRing.reg` - after joining the Insider program, this should enforce
+- `02-DevRing.reg` - after joining the Insider program, this should enforce
   joining to Dev ring which should offer Windows 11 instantly. It may be
   advisable to leave after successful update.

Windows/DoH/README.md

@@ -2,25 +2,25 @@
 
 Requires Windows 11.
 
-* `GPO-EnforceDoH.reg` enables the group policy to require DoH. However it
+- `GPO-EnforceDoH.reg` enables the group policy to require DoH. However it
   didn't seem to work for me or it allowed me to set the DNS server to not
   use DoH.
 
-* `DohWellKnownServers` adds DoH support for multiple IPv4 & IPv6 addresses
+- `DohWellKnownServers` adds DoH support for multiple IPv4 & IPv6 addresses
   that Windows 11 isn't shipping by default, currently:
-  * Adguard
+  - Adguard
-  * Cloudflare antimalware
+  - Cloudflare antimalware
-  * DNS0 (& Zero)
+  - DNS0 (& Zero)
-  * Mullvad
+  - Mullvad
-  * Mullvad Adblock
+  - Mullvad Adblock
-  * Quad9 ECS (Windows 11 defaults include Quad9 default)
+  - Quad9 ECS (Windows 11 defaults include Quad9 default)
 
 ## Configuration
 
 Once Windows knows about the DoH servers (DohWellKnownServers.reg), DNS-over
 HTTPS can be enabled for:
 
-* All networks: `Windows-I (Settings) -> Network & Internet -> Advanced network settings -> WLAN -> View additional properties -> DNS Server assignment -> Edit`
+- All networks: `Windows-I (Settings) -> Network & Internet -> Advanced network settings -> WLAN -> View additional properties -> DNS Server assignment -> Edit`
-  * Same place for Ethernet etc.
+  - Same place for Ethernet etc.
-* Specific network: `Windows-I (Settings) -> Network & Internet -> WiFi -> Connected SSID -> DNS server assignment -> Edit`
+- Specific network: `Windows-I (Settings) -> Network & Internet -> WiFi -> Connected SSID -> DNS server assignment -> Edit`
-  * Note: if the all networks one is configured, there is a warning about it not being used.
+  - Note: if the all networks one is configured, there is a warning about it not being used.

Windows/IPv6-no_privacy.bat

@@ -6,4 +6,4 @@ netsh interface ipv6 set global randomizeidentifiers=disabled store=persistent
 netsh interface ipv6 set privacy state=disabled store=active
 netsh interface ipv6 set privacy state=disabled store=persistent
 pause
-echo on
+echo on

Windows/IPv6-no_randomization.bat

@@ -4,4 +4,4 @@ pause
 netsh interface ipv6 set global randomizeidentifiers=disabled store=active
 netsh interface ipv6 set global randomizeidentifiers=disabled store=persistent
 pause
-echo on
+echo on

Windows/IPv6.reg.markdown

@@ -1,8 +1,8 @@
 Some kind of explaining for [IPv6.reg](IPv6.reg) like
 [Windows.reg](Windows.reg) which includes this file has.
 
-* Resolve IPv6 even without native connectivity.
+- Resolve IPv6 even without native connectivity.
-* Enable Teredo
+- Enable Teredo
-    * As EnterpriseClient so it also works when joined into domain.
+  - As EnterpriseClient so it also works when joined into domain.
-* Use `teredo.trex.fi` as Teredo server. This should be replaced with
+- Use `teredo.trex.fi` as Teredo server. This should be replaced with
   something that is as near as possible.

Windows/Windows.reg.markdown

@@ -7,11 +7,11 @@ Windows Registry Editor Version 5.00
 "ConsentPromptBehaviorUser"=dword:00000001
 ```
 
-* Make the file Windows Registry Editor script
+- Make the file Windows Registry Editor script
-* Ask admins for password/PIN in UAC
+- Ask admins for password/PIN in UAC
-    * 2 would ask for yes or no, 0 disable entirely (don't do that).
+  - 2 would ask for yes or no, 0 disable entirely (don't do that).
-* prompt standard users for username and password. 2021-12-19: I don't understand this or the line below.
+- prompt standard users for username and password. 2021-12-19: I don't understand this or the line below.
-    * The other option (1) doesn't even give them UAC prompt so you must
+  - The other option (1) doesn't even give them UAC prompt so you must
     always login as admin to do anything.
 
 ```
@@ -24,13 +24,13 @@ Windows Registry Editor Version 5.00
 "EnableFirstLogonAnimation"=dword:00000000
 ```
 
-* Display the user list.
+- Display the user list.
-* Allows shutdown without being logged in
+- Allows shutdown without being logged in
-* Allows undocking without logging in
+- Allows undocking without logging in
-* Shows verbose information on login (starting service...)
+- Shows verbose information on login (starting service...)
-* Shows output of startup scripts
+- Shows output of startup scripts
-* Shows output of shutdown scripts
+- Shows output of shutdown scripts
-* Disables the first logon animation on Windows 8 and newer
+- Disables the first logon animation on Windows 8 and newer
 
 ```
 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\TimeZoneInformation]
@@ -38,16 +38,16 @@ Windows Registry Editor Version 5.00
 "RealTimeIsUniversal"=qword:00000001
 ```
 
-* Sets hardware clock to UTC time (doesn't affect system clock!)
+- Sets hardware clock to UTC time (doesn't affect system clock!)
-    * qword for 64-bit, dword for 32-bit systems. The actual reg file has
+  - qword for 64-bit, dword for 32-bit systems. The actual reg file has
-      only qword as I haven't seen 32-bit Windowses lately.
+    only qword as I haven't seen 32-bit Windowses lately.
 
 ```
 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters]
 "AddrConfigControl"=dword:00000000
 ```
 
-* be able to resolve IPv6 even when connection isn't native.
+- be able to resolve IPv6 even when connection isn't native.
 
 ```
 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TCPIP\v6Transition]
@@ -56,13 +56,13 @@ Windows Registry Editor Version 5.00
 "Teredo_ServerName"="teredo.trex.fi"
 ```
 
-* Enable Teredo
+- Enable Teredo
-* Enable Teredo even when joined to domain.
+- Enable Teredo even when joined to domain.
-* Use `teredo.trex.fi` as Teredo server as it's in Finland where I am.
+- Use `teredo.trex.fi` as Teredo server as it's in Finland where I am.
 
 ```
 [HKEY_USERS\.DEFAULT\Control Panel\Keyboard]
 "InitialKeyboardIndicators"="2147483650"
 ```
 
-* Enable numlock on boot.
+- Enable numlock on boot.

Windows/autohotkey/CapsLockToBackspace.ahk

@@ -1 +1 @@
-CapsLock:: Send {BackSpace}
+CapsLock:: Send {BackSpace}

Windows/time/README.md

@@ -6,33 +6,32 @@ w32tm /resync
 w32tm /query /peers
 ```
 
-* The list is space separated NTP servers, while I think Windows uses SNTP instead
+- The list is space separated NTP servers, while I think Windows uses SNTP instead
   of NTP.
-* `/resync` may sync current time, but is also required for the GUI
+- `/resync` may sync current time, but is also required for the GUI
   (Windows + I, Date & time) and following command to get aware of peers.
-* Shows where time is synced from and statistics.
+- Shows where time is synced from and statistics.
-  * There is also `net time` to sync, I am unsure of the differences while
+  - There is also `net time` to sync, I am unsure of the differences while
     that may be blocked while the second keeps working. It may also not
     show all the peers, just the primary one, while `w32tm` is more verbose
     and has all of them.
-* As Windows doesn't support NTS and probably won't in near future, there is
+- As Windows doesn't support NTS and probably won't in near future, there is
   no point in listing distant foreign servers.
 
-
 ## Variations
 
 Variations of the timeserver setting command to be kept at hand
 
 ### DNA
 
-*Including Moi*
+_Including Moi_
 
 ```
 w32tm /config /syncfromflags:manual /manualpeerlist:"time.cloudflare.com ntp.dnainternet.fi time.mikes.fi time1.mikes.fi time2.mikes.fi time3.mikes.fi pool.ntp.org"
 ```
 
-* https://www.dna.fi/liikennerajoitukset
+- https://www.dna.fi/liikennerajoitukset
-* https://asiakaspalvelu.moi.fi/hc/fi/articles/360029789832-Mitk%C3%A4-ovat-Moin-palvelinosoitteet-
+- https://asiakaspalvelu.moi.fi/hc/fi/articles/360029789832-Mitk%C3%A4-ovat-Moin-palvelinosoitteet-
 
 ### Elisa
 
@@ -40,22 +39,22 @@ w32tm /config /syncfromflags:manual /manualpeerlist:"time.cloudflare.com ntp.dna
 w32tm /config /syncfromflags:manual /manualpeerlist:"time.cloudflare.com ntp1.kolumbus.fi ntp2.kolumbus.fi ntp.saunalahti.fi time.mikes.fi time1.mikes.fi time2.mikes.fi time3.mikes.fi pool.ntp.org"
 ```
 
-* https://elisa.fi/asiakaspalvelu/ohje/tiedonsiirtoportit-porttiohjaukset-palvelimet/
+- https://elisa.fi/asiakaspalvelu/ohje/tiedonsiirtoportit-porttiohjaukset-palvelimet/
 
 ## Information about servers
 
-* https://www.cloudflare.com/time/
+- https://www.cloudflare.com/time/
-* https://www.netnod.se/nts/network-time-security
+- https://www.netnod.se/nts/network-time-security
-* https://www.vttresearch.com/fi/palvelut/suomen-aika-ntp-palvelu#julkinen
+- https://www.vttresearch.com/fi/palvelut/suomen-aika-ntp-palvelu#julkinen
-* https://www.ntppool.org/use.html
+- https://www.ntppool.org/use.html
-  * Also mentions the syntax for multiple servers, but considering this Elisa
+  - Also mentions the syntax for multiple servers, but considering this Elisa
     list has so many servers I am only picking one pool address just in case
     the others somehow fail.
 
 ## Additional reading
 
-* Above links
+- Above links
-* https://jasoncoltrin.com/2018/08/02/how-to-set-clock-time-on-ad-domain-controller-and-sync-windows-clients/
+- https://jasoncoltrin.com/2018/08/02/how-to-set-clock-time-on-ad-domain-controller-and-sync-windows-clients/
-  * this file might not exist without this post, while it doesn't mention
+  - this file might not exist without this post, while it doesn't mention
     multiple servers, uses `time.windows.com` and I am yet to actually touch
     NTP on Windows Server environment.

chmod

@@ -1,5 +1,5 @@
 #!/usr/bin/env bash
-# This script removes permissions from other people than the owner to 
+# This script removes permissions from other people than the owner to
 # files/folders that they don't have access to and where they don't need
 # access.
 set -x

conf/conky/conky.conf

@@ -19,48 +19,48 @@ the Free Software Foundation, either version 3 of the License, or
 
 This program is distributed in the hope that it will be useful,
 but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 GNU General Public License for more details.
 You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
+along with this program. If not, see <http://www.gnu.org/licenses/>.
 ]]
 
 conky.config = {
-    alignment = 'top_left',
+	alignment = 'top_left',
-    background = true,
+	background = true,
-    border_width = 1,
+	border_width = 1,
-    cpu_avg_samples = 2,
+	cpu_avg_samples = 2,
-    default_color = '#dedede',
+	default_color = '#dedede',
-    default_outline_color = '#dedede',
+	default_outline_color = '#dedede',
-    default_shade_color = '#dedede',
+	default_shade_color = '#dedede',
-    draw_borders = true,
+	draw_borders = true,
-    draw_graph_borders = true,
+	draw_graph_borders = true,
-    draw_outline = false,
+	draw_outline = false,
-    draw_shades = false,
+	draw_shades = false,
-    use_xft = true,
+	use_xft = true,
-    font = 'DejaVu Sans Mono:size=8',
+	font = 'DejaVu Sans Mono:size=8',
-    gap_x = 6,
+	gap_x = 6,
-    gap_y = 28,
+	gap_y = 28,
-    minimum_height = 5,
+	minimum_height = 5,
-    minimum_width = 5,
+	minimum_width = 5,
-    net_avg_samples = 2,
+	net_avg_samples = 2,
-    no_buffers = true,
+	no_buffers = true,
-    out_to_console = false,
+	out_to_console = false,
-    out_to_stderr = false,
+	out_to_stderr = false,
-    extra_newline = false,
+	extra_newline = false,
-    own_window = true,
+	own_window = true,
-    own_window_transparent = false,
+	own_window_transparent = false,
-    own_window_argb_visual = true,
+	own_window_argb_visual = true,
-    own_window_argb_value = 95,
+	own_window_argb_value = 95,
-    own_window_class = 'Conky',
+	own_window_class = 'Conky',
-    own_window_type = 'override',
+	own_window_type = 'override',
-    stippled_borders = 0,
+	stippled_borders = 0,
-    update_interval = 5,
+	update_interval = 5,
-    uppercase = false,
+	uppercase = false,
-    use_spacer = 'none',
+	use_spacer = 'none',
-    show_graph_scale = false,
+	show_graph_scale = false,
-    show_graph_range = false,
+	show_graph_range = false,
-    double_buffer = true
+	double_buffer = true
 }
 
 conky.text = [[
@@ -72,16 +72,16 @@ ${color grey}Frequency (in GHz):$color $freq_g
 ${color grey}RAM Usage:$color $mem/$memmax - $memperc% ${membar 4}
 ${color grey}Swap Usage:$color $swap/$swapmax - $swapperc% ${swapbar 4}
 ${color grey}CPU Usage:$color $cpu% ${cpubar 4}
-${color grey}Processes:$color $processes  ${color grey}Running:$color $running_processes
+${color grey}Processes:$color $processes ${color grey}Running:$color $running_processes
 $hr
 ${color grey}File systems:
- / $color${fs_used /}/${fs_size /} ${fs_bar 6 /}
+	/ $color${fs_used /}/${fs_size /} ${fs_bar 6 /}
 ${color grey} /home $color${fs_used /home}/${fs_size /home} ${fs_bar 6 /}
 ${color grey}HDD Temperature:${color} $hddtemp °C
 ${color grey}Networking:
- eth0  Up:$color ${upspeed eth0} ${color grey} - Down:$color ${downspeed eth0}
+	eth0 Up:$color ${upspeed eth0} ${color grey} - Down:$color ${downspeed eth0}
- ${color grey}wlan0 Up:$color ${upspeed wlan0} ${color grey} - Down:$color ${downspeed wlan0}
+	${color grey}wlan0 Up:$color ${upspeed wlan0} ${color grey} - Down:$color ${downspeed wlan0}
- ${color grey}yggdrasil Up:$color ${upspeed yggdrasil} ${color grey} - Down:$color ${downspeed yggdrasil}
+	${color grey}yggdrasil Up:$color ${upspeed yggdrasil} ${color grey} - Down:$color ${downspeed yggdrasil}
 $hr
 ${color grey}Sensors${color}
 ${execpi 60 sensors|grep °}

conf/i3/config

@@ -1,9 +1,9 @@
 # Packages expected (just break line-length!):
 # Debian: i3 suckless-tools j4-dmenu-desktop gnome-screenshot i3lock sudo hibernate playerctl galculator network-manager-gnome redshift-gtk x11-xserver-utils feh rofi libnotify-bin xcompmgr konsole fonts-dejavu dbus-x11 arandr numlockx fcitx-bin fcitx-mozc conky-all flatpak apparmor-notify caffeine kdocker mumble audacious telegram-desktop steam htop kdeconnect nextcloud-client parcimonie lxqt-powermanagement kteatime hsetroot tmux
 # ALSA: alsa-utils apulse coreutils pnmixer
-#    NOTE! apulse is a wrapper and `apulse` is put in front of pulseaudio
+#	 NOTE! apulse is a wrapper and `apulse` is put in front of pulseaudio
-#    requiring app. See also (shell-things) rc/asoundrc for USB headset and
+#	 requiring app. See also (shell-things) rc/asoundrc for USB headset and
-#    similar.
+#	 similar.
 # pulseaudio: pulseaudio-utils pasystray pulsemixer pavucontrol pulseeffects
 # insync: https://www.insynchq.com/downloads
 # Mullvad: https://mullvad.net/download
@@ -15,7 +15,7 @@
 # Debian theming: lxappearance gtk-chtheme qt4-qtconfig qt5ct
 # https://askubuntu.com/a/600946
 # + ~/.xprofile specifies GTK_THEME which hopefully gets detected/understood
-#   by browsers etc.
+#	by browsers etc.
 #
 # YES! This file is a monster and there really are that many weird
 # packages!
@@ -50,7 +50,7 @@ set $ScreenLockCmd i3lock -c 000000 -p win -f
 # This font is widely installed, provides lots of unicode glyphs, right-to-left
 # text rendering and scalability on retina/hidpi displays (thanks to pango).
 # NOTE! Bigger font than 8 is too big for Kincarron
-#                        7 is too big for Sedric with dpi scaling 144
+#						 7 is too big for Sedric with dpi scaling 144
 #font pango:DejaVu Sans Mono Book 7
 font pango:OpenDyslexic 9
 
@@ -192,27 +192,27 @@ bindsym $mod+Shift+e exec "i3-nagbar -t warning -m 'You pressed the EXIT shortcu
 
 # resize window (you can also use the mouse for that)
 mode "resize" {
-        # These bindings trigger as soon as you enter the resize mode
+		# These bindings trigger as soon as you enter the resize mode
 
-        # Pressing left will shrink the window’s width.
+		# Pressing left will shrink the window’s width.
-        # Pressing right will grow the window’s width.
+		# Pressing right will grow the window’s width.
-        # Pressing up will shrink the window’s height.
+		# Pressing up will shrink the window’s height.
-        # Pressing down will grow the window’s height.
+		# Pressing down will grow the window’s height.
-        bindsym j resize shrink width 10 px or 10 ppt
+		bindsym j resize shrink width 10 px or 10 ppt
-        bindsym k resize grow height 10 px or 10 ppt
+		bindsym k resize grow height 10 px or 10 ppt
-        bindsym l resize shrink height 10 px or 10 ppt
+		bindsym l resize shrink height 10 px or 10 ppt
-        bindsym odiaeresis resize grow width 10 px or 10 ppt
+		bindsym odiaeresis resize grow width 10 px or 10 ppt
 
-        # same bindings, but for the arrow keys
+		# same bindings, but for the arrow keys
-        bindsym Left resize shrink width 10 px or 10 ppt
+		bindsym Left resize shrink width 10 px or 10 ppt
-        bindsym Down resize grow height 10 px or 10 ppt
+		bindsym Down resize grow height 10 px or 10 ppt
-        bindsym Up resize shrink height 10 px or 10 ppt
+		bindsym Up resize shrink height 10 px or 10 ppt
-        bindsym Right resize grow width 10 px or 10 ppt
+		bindsym Right resize grow width 10 px or 10 ppt
 
-        # back to normal: Enter or Escape or $mod+r
+		# back to normal: Enter or Escape or $mod+r
-        bindsym Return mode "default"
+		bindsym Return mode "default"
-        bindsym Escape mode "default"
+		bindsym Escape mode "default"
-        bindsym $mod+r mode "default"
+		bindsym $mod+r mode "default"
 }
 
 bindsym $mod+r mode "resize"
@@ -277,30 +277,30 @@ set $br_violet #b891f5
 # Start i3bar to display a workspace bar (plus the system information i3status
 # finds out, if available) CHANGEME
 bar {
-        position top
+		position top
-        #status_command LC_ALL=fi_FI.utf8 i3status
+		#status_command LC_ALL=fi_FI.utf8 i3status
-        # Temporary workaround to broken i3status in Fedora
+		# Temporary workaround to broken i3status in Fedora
-        status_command LC_ALL=fi_FI.utf8 i3status-rs ~/.config/i3status-rs/config.toml
+		status_command LC_ALL=fi_FI.utf8 i3status-rs ~/.config/i3status-rs/config.toml
-        # Selenized black from https://github.com/jan-warchol/selenized/blob/master/other-apps/i3/i3-selenized-black.conf
+		# Selenized black from https://github.com/jan-warchol/selenized/blob/master/other-apps/i3/i3-selenized-black.conf
-        colors {
+		colors {
-            separator $blue
+			separator $blue
-            background $bg
+			background $bg
-            statusline $br_white
+			statusline $br_white
-            focused_workspace $green $green $bg
+			focused_workspace $green $green $bg
-            active_workspace $cyan $blue $black
+			active_workspace $cyan $blue $black
-            inactive_workspace $black $black $fg
+			inactive_workspace $black $black $fg
-            urgent_workspace $yellow $yellow $black
+			urgent_workspace $yellow $yellow $black
-               }
+			}
-        # Selenized light from https://github.com/jan-warchol/selenized/blob/master/other-apps/i3/i3-selenized-light.conf
+		# Selenized light from https://github.com/jan-warchol/selenized/blob/master/other-apps/i3/i3-selenized-light.conf
-        #colors {
+		#colors {
-        #    separator $blue
+		#	 separator $blue
-        #    background $bg
+		#	 background $bg
-        #    statusline $br_white
+		#	 statusline $br_white
-        #    focused_workspace $green $green $bg
+		#	 focused_workspace $green $green $bg
-        #    active_workspace $cyan $blue $black
+		#	 active_workspace $cyan $blue $black
-        #    inactive_workspace $black $black $fg
+		#	 inactive_workspace $black $black $fg
-        #    urgent_workspace $yellow $yellow $black
+		#	 urgent_workspace $yellow $yellow $black
-        #       }
+		#		}
 }
 
 # Selenized black from https://github.com/jan-warchol/selenized/blob/master/other-apps/i3/i3-selenized-black.conf
@@ -486,7 +486,7 @@ exec --no-startup-id redshift-gtk -l 60.15937:24.87530
 #exec --no-startup-id redshift-gtk -l 60.46742:26.94508
 
 # Sedric - 150 % display scaling (HiDPI), see also `xdpyinfo | grep resolution
-#          where 96 = 100 %
+#		 where 96 = 100 %
 #exec --no-startup-id xrandr --dpi 144
 
 # Sedric, external GPU as primary
@@ -535,5 +535,5 @@ exec --no-startup-id redshift-gtk -l 60.15937:24.87530
 # Special keyboard options that WILL CONFUSE YOU.
 # windows+space should change layout, but doesn't, both ctrls do
 # fi allows mostly typing fi/se (identicatal), cz/es.
-#  See also: `man xkeyboard-config` (layouts) `setxkbmap -query` (for current options)
+#	See also: `man xkeyboard-config` (layouts) `setxkbmap -query` (for current options)
 exec --no-startup-id setxkbmap -option compose:menu -option terminate:ctrl_alt_bksp -option nbsp:none -option caps:backspace -option shift:both_capslock -option grp:ctrls_toggle -option grp:win_space_toggle -layout fi,us,epo,ru -variant ,altgr-intl,,phonetic_winkeys

conf/i3status-rs/config.toml

@@ -2,10 +2,10 @@
 # based heavily on /usr/share/doc/i3status-rs/example_config.toml & https://github.com/greshake/i3status-rust/tree/master/examples
 # and manpage from search engine
 # Note: I am  not confident that "irstatus-rs" and "i3status-rust" are the same
-#       software.
+#		software.
 
 # WIP: migration from i3status
-    # contains: (disk /, disk/home,) load, ipv6, wireless, ethernet, battery, volume, (utc) time, (local time)
+	# contains: (disk /, disk/home,) load, ipv6, wireless, ethernet, battery, volume, (utc) time, (local time)
 
 [theme]
 name = "solarized-dark"

conf/i3status/config

@@ -7,21 +7,21 @@
 # If the above line is not correctly displayed, fix your editor first!
 
 general {
-        output_format = "i3bar"
+		output_format = "i3bar"
-        colors = true
+		colors = true
-        # 1 is horrible with battery status and possibly unnecessary
+		# 1 is horrible with battery status and possibly unnecessary
-        # weight for older devices. 5 appears to be Debian default, and I
+		# weight for older devices. 5 appears to be Debian default, and I
-        # guess it's enough often for seeing if the system is frozen when
+		# guess it's enough often for seeing if the system is frozen when
-        # staring at a clock.
+		# staring at a clock.
-        interval = 5
+		interval = 5
-        # Selenized black from https://github.com/jan-warchol/selenized/blob/master/other-apps/i3/i3status-selenized-black.conf
+		# Selenized black from https://github.com/jan-warchol/selenized/blob/master/other-apps/i3/i3status-selenized-black.conf
-        color_good = "#70b433"
+		color_good = "#70b433"
-        color_degraded = "#dbb32d"
+		color_degraded = "#dbb32d"
-        color_bad = "#ed4a46"
+		color_bad = "#ed4a46"
-        # Selenized light from https://github.com/jan-warchol/selenized/blob/master/other-apps/i3/i3status-selenized-light.conf
+		# Selenized light from https://github.com/jan-warchol/selenized/blob/master/other-apps/i3/i3status-selenized-light.conf
-        #color_good = "#489100"
+		#color_good = "#489100"
-        #color_degraded = "#ad8900"
+		#color_degraded = "#ad8900"
-        #color_bad = "#d2212d"
+		#color_bad = "#d2212d"
 }
 
 # Logicish: colour changing things at first (load is often red especially
@@ -44,50 +44,50 @@ order += "time"
 
 # Load is first as the treshold may need the most modification here
 load {
-        format = "%1min %5min %15min"
+		format = "%1min %5min %15min"
-        # Defaults to 5, nosmt MDS mitigation disables ½ of the cores
+		# Defaults to 5, nosmt MDS mitigation disables ½ of the cores
-        # X,7 ? https://scoutapm.com/blog/understanding-load-averages
+		# X,7 ? https://scoutapm.com/blog/understanding-load-averages
-        # CHANGEME - apparently whether . or , works depends on locale -.-
+		# CHANGEME - apparently whether . or , works depends on locale -.-
-        # Rbtpzn, the oldest machine from 2006, single core
+		# Rbtpzn, the oldest machine from 2006, single core
-        #max_threshold = "0,7"
+		#max_threshold = "0,7"
-        # Dualcore, mostly everything else
+		# Dualcore, mostly everything else
-        max_threshold = "1,7"
+		max_threshold = "1,7"
-        # Zaldaryn, quadcore
+		# Zaldaryn, quadcore
-        #max_threshold = "3,7"
+		#max_threshold = "3,7"
 }
 
 wireless _first_ {
-        #format_up = "W: (%quality at %essid, %bitrate / %frequency) %ip"
+		#format_up = "W: (%quality at %essid, %bitrate / %frequency) %ip"
-        format_up = "W:%quality @ %essid (%frequency, %bitrate)"
+		format_up = "W:%quality @ %essid (%frequency, %bitrate)"
-        #format_up = "W:%quality %frequency"
+		#format_up = "W:%quality %frequency"
-        #format_down = "W:🢃"
+		#format_down = "W:🢃"
-        format_down = ""
+		format_down = ""
-        #format_quality = "%3d%s"
+		#format_quality = "%3d%s"
 }
 
 ethernet _first_ {
-        # if you use %speed, i3status requires root privileges
+		# if you use %speed, i3status requires root privileges
-        #format_up = "E: %ip (%speed)"
+		#format_up = "E: %ip (%speed)"
-        #format_up = "E:🢁"
+		#format_up = "E:🢁"
-        format_up = "E:%speed"
+		format_up = "E:%speed"
-        #format_down = "E:🢃"
+		#format_down = "E:🢃"
-        format_down = ""
+		format_down = ""
 }
 
 battery all {
-        # %remaining looks horrible especially with updating every second
+		# %remaining looks horrible especially with updating every second
-        format = "🔌%status %percentage %remaining"
+		format = "🔌%status %percentage %remaining"
-        format_down = ""
+		format_down = ""
-        status_full = "🔌☻"
+		status_full = "🔌☻"
-        #status_unk  = "?"
+		#status_unk  = "?"
-        # kincarron battery fix
+		# kincarron battery fix
-        #path = "/sys/class/power_supply/%d/uevent"
+		#path = "/sys/class/power_supply/%d/uevent"
 }
 
 tztime utc {
-        timezone = "UTC"
+		timezone = "UTC"
-        # ISO 8601ish
+		# ISO 8601ish
-        format = "%Z: %Y-%m-%d %H:%M:%S%z"
+		format = "%Z: %Y-%m-%d %H:%M:%S%z"
 }
 
 # Date format explanations
@@ -106,29 +106,29 @@ tztime utc {
 
 #tztime local {
 time {
-        # Finnishish formatting with my adjustments
+		# Finnishish formatting with my adjustments
-        format = "%G-W%V-%u (%j/%a/%B) %F %H.%M.%S%z"
+		format = "%G-W%V-%u (%j/%a/%B) %F %H.%M.%S%z"
 }
 
 volume master {
-        format = "♪: %volume"
+		format = "♪: %volume"
-        format_muted = "♪: muted (%volume)"
+		format_muted = "♪: muted (%volume)"
-        #device = "pulse"
+		#device = "pulse"
 }
 
 ipv6 {
-        #format_up = "IPv6:🢁"
+		#format_up = "IPv6:🢁"
-        format_up = "6"
+		format_up = "6"
-        #format_down = "IPv6:🢃"
+		#format_down = "IPv6:🢃"
-        format_down = ""
+		format_down = ""
 }
 
 # %avail vs %free: https://github.com/i3/i3status/issues/349#issuecomment-506565599
 
 disk / {
-        format = "/: %avail"
+		format = "/: %avail"
 }
 
 disk /home {
-        format = "/home: %avail"
+		format = "/home: %avail"
 }

conf/init.vim

@@ -3,4 +3,3 @@
 set runtimepath^=~/.vim runtimepath+=~/.vim/after
 	let &packpath = &runtimepath
 source ~/.vimrc
-

conf/pastebinit.xml

@@ -1,6 +1,6 @@
-<pastebinit> 
+<pastebinit>
-    <pastebin>http://sprunge.us</pastebin>
+	<pastebin>http://sprunge.us</pastebin>
-    <author></author>
+	<author></author>
-    <jabberid></jabberid>
+	<jabberid></jabberid>
-    <format>text</format>
+	<format>text</format>
 </pastebinit>

conf/pipewire/media-session.d/alsa-monitor.conf

@@ -6,130 +6,130 @@
 # then restart pipewire and pipewire-pulse like so: systemctl --user restart pipewire pipewire-pulse
 
 properties = {
-    # Create a JACK device. This is not enabled by default because
+	# Create a JACK device. This is not enabled by default because
-    # it requires that the PipeWire JACK replacement libraries are
+	# it requires that the PipeWire JACK replacement libraries are
-    # not used by the session manager, in order to be able to
+	# not used by the session manager, in order to be able to
-    # connect to the real JACK server.
+	# connect to the real JACK server.
-    #alsa.jack-device = false
+	#alsa.jack-device = false
 
-    # Reserve devices.
+	# Reserve devices.
-    #alsa.reserve = true
+	#alsa.reserve = true
 }
 
 rules = [
-    # An array of matches/actions to evaluate.
+	# An array of matches/actions to evaluate.
-    {
+	{
-        # Rules for matching a device or node. It is an array of
+		# Rules for matching a device or node. It is an array of
-        # properties that all need to match the regexp. If any of the
+		# properties that all need to match the regexp. If any of the
-        # matches work, the actions are executed for the object.
+		# matches work, the actions are executed for the object.
-        matches = [
+		matches = [
-            {
+			{
-                # This matches all cards. These are regular expressions
+				# This matches all cards. These are regular expressions
-                # so "." matches one character and ".*" matches many.
+				# so "." matches one character and ".*" matches many.
-                device.name = "~alsa_card.*"
+				device.name = "~alsa_card.*"
-            }
+			}
-        ]
+		]
-        actions = {
+		actions = {
-            # Actions can update properties on the matched object.
+			# Actions can update properties on the matched object.
-            update-props = {
+			update-props = {
-                # Use ALSA-Card-Profile devices. They use UCM or
+				# Use ALSA-Card-Profile devices. They use UCM or
-                # the profile configuration to configure the device
+				# the profile configuration to configure the device
-                # and mixer settings.
+				# and mixer settings.
-                api.alsa.use-acp = true
+				api.alsa.use-acp = true
 
-                # Use UCM instead of profile when available. Can be
+				# Use UCM instead of profile when available. Can be
-                # disabled to skip trying to use the UCM profile.
+				# disabled to skip trying to use the UCM profile.
-                #api.alsa.use-ucm = true
+				#api.alsa.use-ucm = true
 
-                # Don't use the hardware mixer for volume control. It
+				# Don't use the hardware mixer for volume control. It
-                # will only use software volume. The mixer is still used
+				# will only use software volume. The mixer is still used
-                # to mute unused paths based on the selected port.
+				# to mute unused paths based on the selected port.
-                #api.alsa.soft-mixer = false
+				#api.alsa.soft-mixer = false
 
-                # Ignore decibel settings of the driver. Can be used to
+				# Ignore decibel settings of the driver. Can be used to
-                # work around buggy drivers that report wrong values.
+				# work around buggy drivers that report wrong values.
-                #api.alsa.ignore-dB = false
+				#api.alsa.ignore-dB = false
 
-                # The profile set to use for the device. Usually this is
+				# The profile set to use for the device. Usually this is
-                # "default.conf" but can be changed with a udev rule
+				# "default.conf" but can be changed with a udev rule
-                # or here.
+				# or here.
-                #device.profile-set = "profileset-name.conf"
+				#device.profile-set = "profileset-name.conf"
 
-                # The default active profile. Is by default set to "Off".
+				# The default active profile. Is by default set to "Off".
-                #device.profile = "default profile name"
+				#device.profile = "default profile name"
 
-                # Automatically select the best profile. This is the
+				# Automatically select the best profile. This is the
-                # highest priority available profile. This is disabled
+				# highest priority available profile. This is disabled
-                # here and instead implemented in the session manager
+				# here and instead implemented in the session manager
-                # where it can save and load previous preferences.
+				# where it can save and load previous preferences.
-                api.acp.auto-profile = false
+				api.acp.auto-profile = false
 
-                # Automatically switch to the highest priority available
+				# Automatically switch to the highest priority available
-                # port. This is disabled here and implemented in the
+				# port. This is disabled here and implemented in the
-                # session manager instead.
+				# session manager instead.
-                api.acp.auto-port = false
+				api.acp.auto-port = false
 
-                # Other properties can be set here.
+				# Other properties can be set here.
-                #device.nick = "My Device"
+				#device.nick = "My Device"
-            }
+			}
-        }
+		}
-    }
+	}
 
 # Begin customized config section
 
-    {
+	{
-        matches = [
+		matches = [
-            {
+			{
-                # This matches your USB headset
+				# This matches your USB headset
-                device.name = "alsa_card.usb-Logitech_Logitech_USB_Headset-00"
+				device.name = "alsa_card.usb-Logitech_Logitech_USB_Headset-00"
-            }
+			}
-        ]
+		]
-        actions = {
+		actions = {
-            # Actions can update properties on the matched object.
+			# Actions can update properties on the matched object.
-            update-props = {
+			update-props = {
-                api.alsa.soft-mixer = true
+				api.alsa.soft-mixer = true
-            }
+			}
-        }
+		}
-    }
+	}
 
 #End customized config section
 
-    {
+	{
-        matches = [
+		matches = [
-            {
+			{
-                # Matches all sources. These are regular expressions
+				# Matches all sources. These are regular expressions
-                # so "." matches one character and ".*" matches many.
+				# so "." matches one character and ".*" matches many.
-                node.name = "~alsa_input.*"
+				node.name = "~alsa_input.*"
-            }
+			}
-            {
+			{
-                # Matches all sinks.
+				# Matches all sinks.
-                node.name = "~alsa_output.*"
+				node.name = "~alsa_output.*"
-            }
+			}
-        ]
+		]
-        actions = {
+		actions = {
-            update-props = {
+			update-props = {
-                #node.nick              = "My Node"
+				#node.nick				= "My Node"
-                #node.nick              = null
+				#node.nick				= null
-                #priority.driver        = 100
+				#priority.driver		= 100
-                #priority.session       = 100
+				#priority.session		= 100
-                node.pause-on-idle      = false
+				node.pause-on-idle		= false
-                #resample.quality       = 4
+				#resample.quality		= 4
-                #channelmix.normalize   = false
+				#channelmix.normalize	= false
-                #channelmix.mix-lfe     = false
+				#channelmix.mix-lfe		= false
-                #audio.channels         = 2
+				#audio.channels			= 2
-                #audio.format           = "S16LE"
+				#audio.format			= "S16LE"
-                #audio.rate             = 44100
+				#audio.rate				= 44100
-                #audio.position         = "FL,FR"
+				#audio.position			= "FL,FR"
-                #session.suspend-timeout-seconds = 5      # 0 disables suspend
+				#session.suspend-timeout-seconds = 5		# 0 disables suspend
-                #monitor.channel-volumes = false
+				#monitor.channel-volumes = false
 
-                #api.alsa.period-size   = 1024
+				#api.alsa.period-size	= 1024
-                #api.alsa.headroom      = 0
+				#api.alsa.headroom		= 0
-                #api.alsa.start-delay   = 0
+				#api.alsa.start-delay	= 0
-                #api.alsa.disable-mmap  = false
+				#api.alsa.disable-mmap	= false
-                #api.alsa.disable-batch = false
+				#api.alsa.disable-batch = false
-                #api.alsa.use-chmap     = false
+				#api.alsa.use-chmap		= false
-            }
+			}
-        }
+		}
-    }
+	}
 ]

conf/sway/README.md

@@ -6,11 +6,11 @@ but as I love include directives, a lot is in the config.d.
 
 ## Themes
 
-My i3 config says that on Debian the packages are: 
+My i3 config says that on Debian the packages are:
 `sudo apt install lxappearance gtk-chtheme qt4-qtconfig qt5ct`
 
 The source for that is marked as https://askubuntu.com/a/600946
-Additionally apparently my `~/.xprofile` specifies `GTK_THEME` which 
+Additionally apparently my `~/.xprofile` specifies `GTK_THEME` which
 I have hoped to get get detected/understood by browsers etc, but I think
 I decided to not import that to Sway which naturally doesn't read xprofile.
 
@@ -21,11 +21,11 @@ Apparently Adwaita must be set to dark theme in `gnome-control-center`
 Using the same apps and `gnome-tweaks` (as there are probably a lot of
 methods setting fonts):
 
-* User-interface text: Noto Serif Regular 10
+- User-interface text: Noto Serif Regular 10
-* Document text: Noto Serif Regular 11
+- Document text: Noto Serif Regular 11
-* Monospace text: Noto Sans Mono Regular 10
+- Monospace text: Noto Sans Mono Regular 10
-* Legacy window title text: Noto Serif Bold 11
+- Legacy window title text: Noto Serif Bold 11
-  * Apparently this means "apps that don't use client-side decorations"
+  - Apparently this means "apps that don't use client-side decorations"
 
 The number behind is obviously the number and it's based on what were the
 defaults before I touched them so I am hoping GNOME knows what they are
@@ -41,10 +41,10 @@ have trouble handling it, e.g. mpv (makes Ä and Ö and Å all Å) and Firefox
 
 Other font settings in GNOME-Tweak:
 
-* Hinting: *a bit*
+- Hinting: _a bit_
-  * for no particular reason
+  - for no particular reason
-* Antialiasing: *Subpixel (for LCD-displays)*
+- Antialiasing: _Subpixel (for LCD-displays)_
-  * I have no idea where there are "standard grayscale" displays that aren't
+  - I have no idea where there are "standard grayscale" displays that aren't
     LCD.
 
 ### Screen mirroring
@@ -53,9 +53,9 @@ Other font settings in GNOME-Tweak:
 
 Workarounds:
 
-* Use VNC (see my Scripts repo [`bash/swaymirror.bash`](https://gitea.blesmrt.net/mikaela/scripts/src/branch/master/bash/swaymirror.bash))
+- Use VNC (see my Scripts repo [`bash/swaymirror.bash`](https://gitea.blesmrt.net/mikaela/scripts/src/branch/master/bash/swaymirror.bash))
-* Do something weird with OBS
+- Do something weird with OBS
-* Use a dedicated application that don't seem to be in Fedora repos, flatpak
+- Use a dedicated application that don't seem to be in Fedora repos, flatpak
   or snap.
-  * [github.com/Ferdi265/wl-mirror](https://github.com/Ferdi265/wl-mirror)
+  - [github.com/Ferdi265/wl-mirror](https://github.com/Ferdi265/wl-mirror)
-  * [github.com/progandy/wdomirror](https://github.com/progandy/wdomirror)
+  - [github.com/progandy/wdomirror](https://github.com/progandy/wdomirror)

conf/sway/config.d/README.md

@@ -4,24 +4,24 @@
 Thus this `README.md` is not read, even if I happened to carelessly
 copy-paste it in.
 
-* `autostart-communication.conf` - chat/communication apps I am expected to have
+- `autostart-communication.conf` - chat/communication apps I am expected to have
   open or at least check at times
-* `autostart-fineid.conf` - Finnish electric identity card, that I also use as SSH key
+- `autostart-fineid.conf` - Finnish electric identity card, that I also use as SSH key
-* `autostart-utilities.conf` - general utilities, like `nm-applet` or VPN etc.
+- `autostart-utilities.conf` - general utilities, like `nm-applet` or VPN etc.
-* `grimshot.conf` - screenshotting keybinds using `grimshot`
+- `grimshot.conf` - screenshotting keybinds using `grimshot`
-* `i3-selenized-dark.conf` - selenized dark colour scheme
+- `i3-selenized-dark.conf` - selenized dark colour scheme
-* `keyboard.conf` - keyboard configuration
+- `keyboard.conf` - keyboard configuration
-* `media.conf` - media key configuration and autostarts related to it
+- `media.conf` - media key configuration and autostarts related to it
-* `pointer-accel.conf` - pointer/mouse configuration, mainly setting acceleration
+- `pointer-accel.conf` - pointer/mouse configuration, mainly setting acceleration
   profile to `flat`
-* `README.md` - you are currently reading this :wink:
+- `README.md` - you are currently reading this :wink:
-* `sedric.conf` - configuration specific to my laptop hostnamed `sedric`
+- `sedric.conf` - configuration specific to my laptop hostnamed `sedric`
-* `swaybar.conf` - `swaybar` configuration
+- `swaybar.conf` - `swaybar` configuration
-* `swayidle.conf` - `swayidle` configuration/autostart
+- `swayidle.conf` - `swayidle` configuration/autostart
-* `wlsunset-kotka.conf` - `wlsunset` configuration/autostart for my hometown for when
+- `wlsunset-kotka.conf` - `wlsunset` configuration/autostart for my hometown for when
   I happen to visit for longer period of time
-* `wlsunset-lauttasaari.conf` - `wlsunset` configuration for my home neighbourhood
+- `wlsunset-lauttasaari.conf` - `wlsunset` configuration for my home neighbourhood
-* `zz-floating.conf` - configures windows that should float. For some reason
+- `zz-floating.conf` - configures windows that should float. For some reason
   that is inherited from my `i3` config, it tells to put float rules above the
   last line, so it should be read last and `z` is the last letter of English
   alphabet so it will hopefully be read last.

conf/sway/config.d/swayidle.conf

@@ -1,11 +1,11 @@
 # Copied from `man swayidle`, except the $ScreenLockCmd that I don't
 # want to repeat.
-#  This will lock your screen after 300 seconds of inactivity, then turn off
+#	This will lock your screen after 300 seconds of inactivity, then turn off
-#  your displays after another 300 seconds, and turn your screens back on
+#	your displays after another 300 seconds, and turn your screens back on
-#  when resumed. It will also lock your screen before your computer goes to
+#	when resumed. It will also lock your screen before your computer goes to
-#  sleep.
+#	sleep.
 exec swayidle -w \
-	 timeout 300 "\"$ScreenLockCmd\"" \
+	timeout 300 "\"$ScreenLockCmd\"" \
-	 timeout 600 'swaymsg "output * dpms off"' \
+	timeout 600 'swaymsg "output * dpms off"' \
 	resume 'swaymsg "output * dpms on"' \
-	 before-sleep "\"$ScreenLockCmd\""
+	before-sleep "\"$ScreenLockCmd\""

conf/tmux-old-ncurses.bash

@@ -2,5 +2,5 @@
 # Intended for systems with ncurses < 6 which is missing TERMINFO
 # for tmux-256color.
 if [[ $TERM == 'tmux-256color' ]]; then
-    export TERM=screen-256color
+	export TERM=screen-256color
 fi

conf/waybar/config.json

@@ -2,7 +2,17 @@
 	"layer": "top",
 	"position": "left",
 	"modules-left": ["sway/workspaces", "sway/mode"],
-	"modules-right": ["cpu", "memory", "battery", "pulseaudio", "sway/language", "network", "bluetooth", "tray", "clock"],
+	"modules-right": [
+		"cpu",
+		"memory",
+		"battery",
+		"pulseaudio",
+		"sway/language",
+		"network",
+		"bluetooth",
+		"tray",
+		"clock"
+	],
 	"sway/window": {
 		"max-length": 50
 	},
@@ -12,10 +22,10 @@
 	"memory": {
 		"format": "RAM {percentage}%"
 	},
-"bluetooth": {
+	"bluetooth": {
-	"format": "BT {status}",
+		"format": "BT {status}",
-	"format-connected": "BT {device_alias}",
+		"format-connected": "BT {device_alias}",
-	"format-connected-battery": "BT {device_alias} {device_battery_percentage}%"
+		"format-connected-battery": "BT {device_alias} {device_battery_percentage}%"
 	},
 	"pulseaudio": {
 		"format": "VOL {volume}%",
@@ -26,25 +36,25 @@
 		"states": {
 			"warning": 45,
 			"critical": 20
-	},
+		},
 		"format": "BAT {capacity}%"
 	},
 	"sway/language": {
 		"format": "KBD {short} {variant}",
 		"on-click": "swaymsg input type:keyboard xkb_switch_layout next"
 	},
-"network": {
+	"network": {
-	//"interface": "wlan0",
+		//"interface": "wlan0",
-	"format": "{ifname}",
+		"format": "{ifname}",
-	"format-wifi": "{frequency}G {signalStrength}% {essid}",
+		"format-wifi": "{frequency}G {signalStrength}% {essid}",
-	"format-ethernet": "{ifname} up",
+		"format-ethernet": "{ifname} up",
-	"format-disconnected": "",
+		"format-disconnected": "",
-	"tooltip-format": "{ifname}",
+		"tooltip-format": "{ifname}",
-	"tooltip-format-wifi": "{frequency}G {signalStrength}% {essid}",
+		"tooltip-format-wifi": "{frequency}G {signalStrength}% {essid}",
-	"tooltip-format-ethernet": "{ifname} up",
+		"tooltip-format-ethernet": "{ifname} up",
-	"tooltip-format-disconnected": "Disconnected",
+		"tooltip-format-disconnected": "Disconnected",
-	"max-length": 50
+		"max-length": 50
-},
+	},
 	"clock": {
 		"format": "{:%a. %d.\n%b.\n%Y-%j\n%G-W%V-%u\n%F\n%H.%M.%S}"
 	}

conf/waybar/style.css

@@ -1,75 +1,77 @@
 /* https://github.com/jan-warchol/selenized/blob/master/other-apps/wofi/selenized-dark.css */
 
 * {
-    border: none;
+	border: none;
-    border-radius: 0;
+	border-radius: 0;
-    font-family: Noto Sans Mono Regular, monospace;
+	font-family: Noto Sans Mono Regular, monospace;
-    font-size: 10px;
+	font-size: 10px;
-    min-height: 0;
+	min-height: 0;
 }
 
 window#waybar {
-    background: #103c48;
+	background: #103c48;
-    border-bottom: 3px solid rgba(100, 114, 125, 0.5);
+	border-bottom: 3px solid rgba(100, 114, 125, 0.5);
-    color: white;
+	color: white;
 }
 
 tooltip {
-  background: rgba(43, 48, 59, 0.5);
+	background: rgba(43, 48, 59, 0.5);
-  border: 1px solid rgba(100, 114, 125, 0.5);
+	border: 1px solid rgba(100, 114, 125, 0.5);
 }
 tooltip label {
-  color: white;
+	color: white;
 }
 
 #workspaces button {
-    padding: 0 5px;
+	padding: 0 5px;
-    background: #103c48;
+	background: #103c48;
-    color: white;
+	color: white;
-    border-bottom: 3px solid #103c48;
+	border-bottom: 3px solid #103c48;
 }
 
 #workspaces button.focused {
-    background: #64727D;
+	background: #64727d;
-    border-bottom: 3px solid white;
+	border-bottom: 3px solid white;
 }
 
-#mode, #clock, #battery {
+#mode,
-    padding: 0 10px;
+#clock,
+#battery {
+	padding: 0 10px;
 }
 
 #mode {
-    background: #103c48;
+	background: #103c48;
-    border-bottom: 3px solid white;
+	border-bottom: 3px solid white;
 }
 
 #clock {
-    background-color: #103c48;
+	background-color: #103c48;
 }
 
 #battery {
-    background-color: #103c48;
+	background-color: #103c48;
-    color: white;
+	color: white;
 }
 
 #battery.charging {
-    color: white;
+	color: white;
-    background-color: #103c48;
+	background-color: #103c48;
 }
 
 @keyframes blink {
-    to {
+	to {
-        background-color: #103c48;
+		background-color: #103c48;
-        color: white;
+		color: white;
-    }
+	}
 }
 
 #battery.warning:not(.charging) {
-    background: #f53c3c;
+	background: #f53c3c;
-    color: white;
+	color: white;
-    animation-name: blink;
+	animation-name: blink;
-    animation-duration: 0.5s;
+	animation-duration: 0.5s;
-    animation-timing-function: linear;
+	animation-timing-function: linear;
-    animation-iteration-count: infinite;
+	animation-iteration-count: infinite;
-    animation-direction: alternate;
+	animation-direction: alternate;
 }

etc/X11/xorg.conf.d/00-keyboard.conf

@@ -1,8 +1,8 @@
 # Read and parsed by systemd-localed. It's probably wise not to edit this file
 # manually too freely.
 Section "InputClass"
-        Identifier "system-keyboard"
+		Identifier "system-keyboard"
-        MatchIsKeyboard "on"
+		MatchIsKeyboard "on"
-        Option "XkbLayout" "fi"
+		Option "XkbLayout" "fi"
-        Option "XkbModel" "compose:menu"
+		Option "XkbModel" "compose:menu"
 EndSection

etc/apt/sources.list/ubuntu

@@ -46,4 +46,4 @@ deb-src http://security.ubuntu.com/ubuntu/ CODENAME-security main restricted
 deb http://security.ubuntu.com/ubuntu/ CODENAME-security universe
 deb-src http://security.ubuntu.com/ubuntu/ CODENAME-security universe
 deb http://security.ubuntu.com/ubuntu/ CODENAME-security multiverse
-deb-src http://security.ubuntu.com/ubuntu/ CODENAME-security multiverse
+deb-src http://security.ubuntu.com/ubuntu/ CODENAME-security multiverse

etc/chrony/README.md

@@ -25,23 +25,22 @@ assume that means 2.
 Note: -N uses names specified in config instead of reverse name lookupping
 then.
 
-* `chrony -N activity` - what sources are doing
+- `chrony -N activity` - what sources are doing
-* `chrony -N authdata` - can show that server uses NTS
+- `chrony -N authdata` - can show that server uses NTS
-* `chrony -N ntpdata`  - a lot of data on the servers
+- `chrony -N ntpdata` - a lot of data on the servers
-* `chronyc offline`    - offline mode
+- `chronyc offline` - offline mode
-* `chronyc online`     - reconnects servers
+- `chronyc online` - reconnects servers
-* `chrony -N sources`  - used timeservers and their statuses
+- `chrony -N sources` - used timeservers and their statuses
-* `chrony -N tracking` - local status (stratum and own clock etc.)
+- `chrony -N tracking` - local status (stratum and own clock etc.)
-
 
 ### nmap
 
-
 Checking that something is an NTP server? Needs root:
 
 ```
 nmap -sU -p 123 --script=ntp-info 192.168.0.1
 ```
+
 Checking that something has NTS?
 
 ```

etc/chrony/conf.d/nts-server.conf

@@ -2,4 +2,3 @@
 # Note the port 4460
 ntsserverkey /etc/chrony/tls/etro.mikaela.info.key
 ntsservercert /etc/chrony/tls/etro.mikaela.info.crt
-

etc/dnscrypt-proxy/README.md

@@ -12,6 +12,6 @@ but that way you must trust DNSSEC, CloudFlare and wherever the CNAME
 points to who may not have DNSSEC. If you are using this file
 (you shouldn't), you are already trusting me.
 
-[dnscrypt-proxy]:https://github.com/jedisct1/dnscrypt-proxy
+[dnscrypt-proxy]: https://github.com/jedisct1/dnscrypt-proxy
-[Hyperboria]:https://hyperboria.net/
+[hyperboria]: https://hyperboria.net/
-[Yggdrasil]:https://yggdrasil-network.github.io/
+[yggdrasil]: https://yggdrasil-network.github.io/

etc/dnscrypt-proxy/dnscrypt-proxy.toml

@@ -70,31 +70,31 @@ lb_strategy = 'p2'
 
 # Logging to be enabled by hand on systems needing them
 #[query_log]
-#  file = '/var/log/dnscrypt-proxy/query.log'
+#	file = '/var/log/dnscrypt-proxy/query.log'
 #[nx_log]
-#  file = '/var/log/dnscrypt-proxy/nx.log'
+#	file = '/var/log/dnscrypt-proxy/nx.log'
 
 [sources]
-  [sources.'public-resolvers']
+	[sources.'public-resolvers']
-  #url = 'https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md'
+	#url = 'https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md'
-  urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md', 'https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md', 'https://cdn.staticaly.com/gh/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md', 'https://evilvibes.com/list/public-resolvers.md']
+	urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md', 'https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md', 'https://cdn.staticaly.com/gh/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md', 'https://evilvibes.com/list/public-resolvers.md']
-  cache_file = '/var/cache/dnscrypt-proxy/public-resolvers.md'
+	cache_file = '/var/cache/dnscrypt-proxy/public-resolvers.md'
-  minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
+	minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
-  refresh_delay = 72
+	refresh_delay = 72
-  prefix = 'public-'
+	prefix = 'public-'
 
 [sources.'opennic']
- urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/opennic.md', 'https://download.dnscrypt.info/resolvers-list/v2/opennic.md']
+	urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/opennic.md', 'https://download.dnscrypt.info/resolvers-list/v2/opennic.md']
-  minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
+	minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
-  refresh_delay = 72
+	refresh_delay = 72
-  cache_file = '/var/cache/dnscrypt-proxy/opennic.md'
+	cache_file = '/var/cache/dnscrypt-proxy/opennic.md'
-  prefix = 'opennic-'
+	prefix = 'opennic-'
 
 # 2.0.23 recommended so onions won't be attempted without proxy enabled
 # (5c9edfccfe67474bee2836ada67f955f10e43357)
 # I won't uncomment this until I have updated version everywhere.
 #[sources.'onion-services']
-#  urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/onion-services.md', 'https://download.dnscrypt.info/resolvers-list/v2/onion-services.md']
+#	urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/onion-services.md', 'https://download.dnscrypt.info/resolvers-list/v2/onion-services.md']
-#  minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
+#	minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
-#  cache_file = '/var/cache/dnscrypt-proxy/onion-services.md'
+#	cache_file = '/var/cache/dnscrypt-proxy/onion-services.md'
-#  prefix = 'onion-'
+#	prefix = 'onion-'

etc/fahclient/config.xml

@@ -1,21 +1,21 @@
 <config>
-  <!-- Client Control -->
+	<!-- Client Control -->
-  <client-threads v='2'/>
+	<client-threads v='2'/>
-  <fold-anon v='true'/>
+	<fold-anon v='true'/>
 
-  <!-- Folding Core -->
+	<!-- Folding Core -->
-  <cpu-usage v='50'/>
+	<cpu-usage v='50'/>
-  <gpu-usage v='50'/>
+	<gpu-usage v='50'/>
 
-  <!-- Slot Control -->
+	<!-- Slot Control -->
-  <power v='MEDIUM'/>
+	<power v='MEDIUM'/>
 
-  <!-- User Information -->
+	<!-- User Information -->
-  <passkey v=''/>
+	<passkey v=''/>
-  <team v='201753'/>
+	<team v='201753'/>
-  <user v='Mikaela'/>
+	<user v='Mikaela'/>
 
-  <!-- Folding Slots -->
+	<!-- Folding Slots -->
-  <slot id='0' type='CPU'/>
+	<slot id='0' type='CPU'/>
-  <slot id='1' type='GPU'/>
+	<slot id='1' type='GPU'/>
 </config>

etc/install

@@ -15,8 +15,8 @@ chmod a+r /etc/systemd/system/oidentd.socket
 
 mkdir -p /etc/sysctl.d/
 if [ ! -f /etc/sysctl.d/60-mikaela.conf ]; then
-    cat sysctl.d/60-mikaela.conf > /etc/sysctl.d/60-mikaela.conf
+	cat sysctl.d/60-mikaela.conf > /etc/sysctl.d/60-mikaela.conf
-    chmod a+r /etc/sysctl.d/60-mikaela.conf
+	chmod a+r /etc/sysctl.d/60-mikaela.conf
 fi
 
 echo 'If you use systemd or oidentd you should "systemctl daemon-reload"'

etc/mysql/conf.d/feedback.cnf

@@ -1,3 +1,2 @@
 [mysqld]
 feedback=ON
-

etc/mysql/conf.d/performance.cnf

@@ -4,4 +4,3 @@ performance_schema = off
 [mariadb]
 aria_pagecache_buffer_size = 32m
 aria_sort_buffer_size = 32m
-

etc/nginx/README.md

@@ -1,44 +1,43 @@
 Useful nginx files that I will probably need and which I will forget if I
 cannot read them from here.
 
-* * * * *
+---
 
 ## FUTURE WARNING
 
 These files may age badly, so here are some hopefully timeless pointers:
 
-* Generate the config file with https://ssl-config.mozilla.org/ (and if
+- Generate the config file with https://ssl-config.mozilla.org/ (and if
   time eats it, try https://github.com/mozilla/ssl-config-generator/ in
-  hope of finding where it is now.
+  hope of finding where it is now. \* Name it 00-something so it will be the first file read and make
-      * Name it 00-something so it will be the first file read and make
+  everything a different file.
-        everything a different file.
+- If using my acmesh-ssl.bash script, the files to fill should be like:
-* If using my acmesh-ssl.bash script, the files to fill should be like:
 
 (the script runs `$ACMESH --key-file $NGINXDIR/key.pem --fullchain-file $NGINXDIR/cert.pem --reloadcmd "$SYSTEMCTLRESTART nginx"`)
 
-* `ssl_certificate`, `ssl_trusted_certificate` are `cert.pem`
+- `ssl_certificate`, `ssl_trusted_certificate` are `cert.pem`
-* `ssl_certificate_key` is `key.pem`
+- `ssl_certificate_key` is `key.pem`
 
-The header syntax is following, ***THIS LIKELY WON'T TIME WELL, ESPECIALLY CSP***
+The header syntax is following, **_THIS LIKELY WON'T TIME WELL, ESPECIALLY CSP_**
 
 ```
-    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains" always;
+  add_header Strict-Transport-Security "max-age=63072000; includeSubDomains" always;
-    add_header X-Frame-Options "SAMEORIGIN" always;
+  add_header X-Frame-Options "SAMEORIGIN" always;
-    add_header Content-Security-Policy "block-all-mixed-content; default-src 'none'; form-action 'self'; connect-src 'self' ws: wss:; style-src 'self' https: 'unsafe-inline'; script-src 'self'; worker-src 'self'; child-src 'self'; manifest-src 'self'; font-src 'self' https:; media-src 'self' https:; img-src 'self' data: https://user-images.githubusercontent.com" always;
+  add_header Content-Security-Policy "block-all-mixed-content; default-src 'none'; form-action 'self'; connect-src 'self' ws: wss:; style-src 'self' https: 'unsafe-inline'; script-src 'self'; worker-src 'self'; child-src 'self'; manifest-src 'self'; font-src 'self' https:; media-src 'self' https:; img-src 'self' data: https://user-images.githubusercontent.com" always;
-    add_header X-Content-Type-Options "nosniff" always;
+  add_header X-Content-Type-Options "nosniff" always;
-    add_header Referrer-Policy "no-referrer" always;
+  add_header Referrer-Policy "no-referrer" always;
 ```
 
 The CSP comes from `HEAD "http://[::]:9000/#/chan-1"` to figure out what
 TheLounge would be setting without a reverse proxy in front of it. `HEAD` is
 in Debian package `libwww-perl`
 
-* Refer to tester tools to see if the configuration is fine:
+- Refer to tester tools to see if the configuration is fine:
-    * https://observatory.mozilla.org/
+  - https://observatory.mozilla.org/
-    * https://securityheaders.com/
+  - https://securityheaders.com/
-    * https://www.ssllabs.com/ssltest/
+  - https://www.ssllabs.com/ssltest/
 
-* * * * *
+---
 
 ## Arch
 

etc/nginx/conf.d/bitbot.conf

@@ -1,17 +1,17 @@
 server {
-    listen       80;
+	listen		 80;
-    listen       443;
+	listen		 443;
-    listen       14402;
+	listen		 14402;
-    listen       [::]:80;
+	listen		 [::]:80;
-    listen       [::]:443;
+	listen		 [::]:443;
-    listen       [::]:14402;
+	listen		 [::]:14402;
-    ssl_certificate     /etc/nginx/ssl/cert.pem;
+	ssl_certificate	/etc/nginx/ssl/cert.pem;
-    ssl_certificate_key /etc/nginx/ssl/key.pem;
+	ssl_certificate_key	/etc/nginx/ssl/key.pem;
-    server_name  bitbot.relpda.mikaela.info;
+	server_name	bitbot.relpda.mikaela.info;
 
-    access_log  /var/log/nginx/bitbot.access.log  main;
+	access_log	/var/log/nginx/bitbot.access.log  main;
 
-    location / {
+	location / {
-        proxy_pass http://[::1]:9050;
+		proxy_pass http://[::1]:9050;
-    }
+	}
 }

etc/nginx/conf.d/cloudflare.conf

@@ -1,20 +1,20 @@
- # Cloudflare
+# Cloudflare
-   set_real_ip_from   199.27.128.0/21;
+	set_real_ip_from	199.27.128.0/21;
-   set_real_ip_from   173.245.48.0/20;
+	set_real_ip_from	173.245.48.0/20;
-   set_real_ip_from   103.21.244.0/22;
+	set_real_ip_from	103.21.244.0/22;
-   set_real_ip_from   103.22.200.0/22;
+	set_real_ip_from	103.22.200.0/22;
-   set_real_ip_from   103.31.4.0/22;
+	set_real_ip_from	103.31.4.0/22;
-   set_real_ip_from   141.101.64.0/18;
+	set_real_ip_from	141.101.64.0/18;
-   set_real_ip_from   108.162.192.0/18;
+	set_real_ip_from	108.162.192.0/18;
-   set_real_ip_from   190.93.240.0/20;
+	set_real_ip_from	190.93.240.0/20;
-   set_real_ip_from   188.114.96.0/20;  
+	set_real_ip_from	188.114.96.0/20;
-   set_real_ip_from   197.234.240.0/22;
+	set_real_ip_from	197.234.240.0/22;
-   set_real_ip_from   198.41.128.0/17;
+	set_real_ip_from	198.41.128.0/17;
-   set_real_ip_from   162.158.0.0/15;
+	set_real_ip_from	162.158.0.0/15;
-   set_real_ip_from   104.16.0.0/12;
+	set_real_ip_from	104.16.0.0/12;
-   set_real_ip_from   2400:cb00::/32;
+	set_real_ip_from	2400:cb00::/32;
-   set_real_ip_from   2606:4700::/32;
+	set_real_ip_from	2606:4700::/32;
-   set_real_ip_from   2803:f800::/32;
+	set_real_ip_from	2803:f800::/32;
-   set_real_ip_from   2405:b500::/32;
+	set_real_ip_from	2405:b500::/32;
-   set_real_ip_from   2405:8100::/32;
+	set_real_ip_from	2405:8100::/32;
-   real_ip_header     CF-Connecting-IP;
+	real_ip_header	  CF-Connecting-IP;

etc/nginx/conf.d/default.conf

@@ -1,57 +1,56 @@
 server {
-    listen       80;
+	listen		 80;
-    listen       443 ssl;
+	listen		 443 ssl;
-    listen       14402 ssl;
+	listen		 14402 ssl;
-    listen       [::]:80 ipv6only=on;
+	listen		 [::]:80 ipv6only=on;
-    listen       [::]:443 ssl ipv6only=on;
+	listen		 [::]:443 ssl ipv6only=on;
-    listen       [::]:14402 ssl ipv6only=on;
+	listen		 [::]:14402 ssl ipv6only=on;
-    ssl_certificate     /etc/nginx/ssl/cert.pem;
+	ssl_certificate		/etc/nginx/ssl/cert.pem;
-    ssl_certificate_key /etc/nginx/ssl/key.pem;
+	ssl_certificate_key /etc/nginx/ssl/key.pem;
-    server_name  relpda.mikaela.info;
+	server_name  relpda.mikaela.info;
 
-    #charset koi8-r;
+	#charset koi8-r;
-    #access_log  /var/log/nginx/host.access.log  main;
+	#access_log  /var/log/nginx/host.access.log  main;
 
 #location /api/ {
-#    proxy_pass http://[::1]:9050;
+#	 proxy_pass http://[::1]:9050;
-#    }
+#	 }
 
 
-    location / {
+	location / {
-        root   /usr/share/nginx/html;
+		root   /usr/share/nginx/html;
-        index  index.html index.htm;
+		index  index.html index.htm;
-    }
+	}
 
-    #error_page  404              /404.html;
+	#error_page  404			  /404.html;
 
-    # redirect server error pages to the static page /50x.html
+	# redirect server error pages to the static page /50x.html
-    #
+	#
-    error_page   500 502 503 504  /50x.html;
+	error_page	 500 502 503 504  /50x.html;
-    location = /50x.html {
+	location = /50x.html {
-        root   /usr/share/nginx/html;
+		root   /usr/share/nginx/html;
-    }
+	}
 
-    # proxy the PHP scripts to Apache listening on 127.0.0.1:80
+	# proxy the PHP scripts to Apache listening on 127.0.0.1:80
-    #
+	#
-    #location ~ \.php$ {
+	#location ~ \.php$ {
-    #    proxy_pass   http://127.0.0.1;
+	#	 proxy_pass   http://127.0.0.1;
-    #}
+	#}
 
-    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
+	# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
-    #
+	#
-    #location ~ \.php$ {
+	#location ~ \.php$ {
-    #    root           html;
+	#	 root			html;
-    #    fastcgi_pass   127.0.0.1:9000;
+	#	 fastcgi_pass	127.0.0.1:9000;
-    #    fastcgi_index  index.php;
+	#	 fastcgi_index	index.php;
-    #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
+	#	 fastcgi_param	SCRIPT_FILENAME  /scripts$fastcgi_script_name;
-    #    include        fastcgi_params;
+	#	 include		fastcgi_params;
-    #}
+	#}
 
-    # deny access to .htaccess files, if Apache's document root
+	# deny access to .htaccess files, if Apache's document root
-    # concurs with nginx's one
+	# concurs with nginx's one
-    #
+	#
-    #location ~ /\.ht {
+	#location ~ /\.ht {
-    #    deny  all;
+	#	 deny  all;
-    #}
+	#}
 }
-

etc/nginx/sites-enabled/old/host

@@ -1,94 +1,94 @@
 server {
-    listen 80 default_server;
+	listen 80 default_server;
-    listen [::]:80 default_server ipv6only=on;
+	listen [::]:80 default_server ipv6only=on;
-    listen 443 default_server ssl http2;
+	listen 443 default_server ssl http2;
-    listen [::]:443 default_server ssl http2 ipv6only=on;
+	listen [::]:443 default_server ssl http2 ipv6only=on;
 
-    root /var/www/default/;
+	root /var/www/default/;
-    index index.php index.html index.htm;
+	index index.php index.html index.htm;
 
 ### Generating SSL certificate:
 ## mkdir -p /etc/nginx/ssl && cd /etc/nginx/ssl
 ## openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -keyout nginx.key -out nginx.crt
 ### this takes forever and is used on line 23.
 ## openssl dhparam -out dhparam.pem 4096
-    ssl_certificate /etc/nginx/ssl/nginx.crt;
+	ssl_certificate /etc/nginx/ssl/nginx.crt;
-    ssl_certificate_key /etc/nginx/ssl/nginx.key;
+	ssl_certificate_key /etc/nginx/ssl/nginx.key;
 # ----- begin of Mozilla Server Side TLS recommendations -----
 # **2014-11-07** https://wiki.mozilla.org/Security/Server_Side_TLS
-    ssl_session_timeout 5m;
+	ssl_session_timeout 5m;
-    ssl_session_cache shared:SSL:50m;
+	ssl_session_cache shared:SSL:50m;
 
-    # Diffie-Hellman parameter for DHE ciphersuites, recommended 4096 bits
+	# Diffie-Hellman parameter for DHE ciphersuites, recommended 4096 bits
-    # See generation on line 14
+	# See generation on line 14
-    ssl_dhparam /etc/nginx/ssl/dhparam.pem;
+	ssl_dhparam /etc/nginx/ssl/dhparam.pem;
 
-    # Intermediate configuration. tweak to your needs.
+	# Intermediate configuration. tweak to your needs.
-    # comment just for me, don't uncomment.
+	# comment just for me, don't uncomment.
-    #ssl_ciphers '';
+	#ssl_ciphers '';
-    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
-    ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
+	ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
-    ssl_prefer_server_ciphers on;
+	ssl_prefer_server_ciphers on;
 
-    # Enable this if your want HSTS (recommended)
+	# Enable this if your want HSTS (recommended)
-    add_header Strict-Transport-Security "max-age=15552000; includeSubdomains; preload";
+	add_header Strict-Transport-Security "max-age=15552000; includeSubdomains; preload";
-    add_header X-Frame-Options SAMEORIGIN;
+	add_header X-Frame-Options SAMEORIGIN;
-    add_header Content-Security-Policy upgrade-insecure-requests;
+	add_header Content-Security-Policy upgrade-insecure-requests;
-    add_header X-Xss-Protection "1; mode=block" always;
+	add_header X-Xss-Protection "1; mode=block" always;
-    add_header X-Content-Type-Options "nosniff" always;
+	add_header X-Content-Type-Options "nosniff" always;
 
-    # OCSP Stapling ---
+	# OCSP Stapling ---
-    # fetch OCSP records from URL in ssl_certificate and cache them
+	# fetch OCSP records from URL in ssl_certificate and cache them
-    ssl_stapling on;
+	ssl_stapling on;
-    ssl_stapling_verify on;
+	ssl_stapling_verify on;
-    ## verify chain of trust of OCSP response using Root CA and Intermediate certs
+	## verify chain of trust of OCSP response using Root CA and Intermediate certs
-    #ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;
+	#ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;
-    #resolver ::1;
+	#resolver ::1;
 # ----- end of Mozilla Server Side TLS recommendations -----
 
-    location / {
+	location / {
-        # First attempt to serve request as file, then
+		# First attempt to serve request as file, then
-        # as directory, then fall back to displaying a 404.
+		# as directory, then fall back to displaying a 404.
-        try_files $uri $uri/ =404;
+		try_files $uri $uri/ =404;
-        autoindex on;
+		autoindex on;
-    }
+	}
 
-    # Userdir
+	# Userdir
-    location ~ ^/~(.+?)(/.*)?$ {
+	location ~ ^/~(.+?)(/.*)?$ {
-        alias /home/$1/public_html$2;
+		alias /home/$1/public_html$2;
-        index  index.html index.htm;
+		index  index.html index.htm;
-        autoindex on;
+		autoindex on;
-    }
+	}
 
 
-    #error_page 404 /404.html;
+	#error_page 404 /404.html;
 
-    # redirect server error pages to the static page /50x.html
+	# redirect server error pages to the static page /50x.html
-    #
+	#
-    #error_page 500 502 503 504 /50x.html;
+	#error_page 500 502 503 504 /50x.html;
-    #location = /50x.html {
+	#location = /50x.html {
-    #   root /usr/share/nginx/html;
+	#	root /usr/share/nginx/html;
-    #}
+	#}
 
-    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
+	# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
-    #
+	#
-    location ~ \.php$ {
+	location ~ \.php$ {
-       fastcgi_split_path_info ^(.+\.php)(/.+)$;
+		fastcgi_split_path_info ^(.+\.php)(/.+)$;
-    #   # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
+	#	# NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
-    #
+	#
-    #   # With php5-cgi alone:
+	#	# With php5-cgi alone:
-    #    fastcgi_pass 127.0.0.1:9000;
+	#	 fastcgi_pass 127.0.0.1:9000;
-    #   # With php5-fpm:
+	#	# With php5-fpm:
-       fastcgi_pass unix:/var/run/php5-fpm.sock;
+		fastcgi_pass unix:/var/run/php5-fpm.sock;
-       fastcgi_index index.php;
+		fastcgi_index index.php;
-       #include fastcgi_params;
+		#include fastcgi_params;
-       include fastcgi.conf;
+		include fastcgi.conf;
-    }
+	}
 
-    # deny access to .htaccess files, if Apache's document root
+	# deny access to .htaccess files, if Apache's document root
-    # concurs with nginx's one
+	# concurs with nginx's one
-    #
+	#
-    location ~ /\.ht {
+	location ~ /\.ht {
-       deny all;
+		deny all;
-    }
+	}
 }

etc/nginx/sites-enabled/rproxy

@@ -1,23 +1,22 @@
 server {
-    listen 80;
+	listen 80;
-    listen [::]:80;
+	listen [::]:80;
-    listen 443;
+	listen 443;
-    listen [::]:443;
+	listen [::]:443;
 
-    # Enable this if your want HSTS (recommended)
+	# Enable this if your want HSTS (recommended)
-    add_header Strict-Transport-Security "max-age=15552000; includeSubdomains; preload";
+	add_header Strict-Transport-Security "max-age=15552000; includeSubdomains; preload";
-    add_header X-Frame-Options SAMEORIGIN;
+	add_header X-Frame-Options SAMEORIGIN;
-    add_header Content-Security-Policy upgrade-insecure-requests;
+	add_header Content-Security-Policy upgrade-insecure-requests;
-    add_header X-Xss-Protection "1; mode=block" always;
+	add_header X-Xss-Protection "1; mode=block" always;
-    add_header X-Content-Type-Options "nosniff" always;
+	add_header X-Content-Type-Options "nosniff" always;
 
-    server_name something.example.org;
+	server_name something.example.org;
 
 # NOTE: For X-Real-IP & X-Forwarded-For see ../conf.d/rproxy.conf
 # Behind CloudFlare see ../conf.d/cloudflare.conf
 
 location / {
-    proxy_pass http://localhost:8080;
+	proxy_pass http://localhost:8080;
-    }
+	}
 }
-

etc/nginx/sites-enabled/vhost

@@ -1,67 +1,67 @@
 server {
 
-    # default_server from default vhost must exist somewhere!
+	# default_server from default vhost must exist somewhere!
-    listen 80;
+	listen 80;
-    listen [::]:80;
+	listen [::]:80;
-    listen 443;
+	listen 443;
-    listen [::]:443;
+	listen [::]:443;
 
-    # Enable this if your want HSTS (recommended)
+	# Enable this if your want HSTS (recommended)
-    add_header Strict-Transport-Security "max-age=15552000; includeSubdomains; preload";
+	add_header Strict-Transport-Security "max-age=15552000; includeSubdomains; preload";
-    add_header X-Frame-Options SAMEORIGIN;
+	add_header X-Frame-Options SAMEORIGIN;
-    add_header Content-Security-Policy upgrade-insecure-requests;
+	add_header Content-Security-Policy upgrade-insecure-requests;
-    add_header X-Xss-Protection "1; mode=block" always;
+	add_header X-Xss-Protection "1; mode=block" always;
-    add_header X-Content-Type-Options "nosniff" always;
+	add_header X-Content-Type-Options "nosniff" always;
 
-    root /var/www/vhostdir;
+	root /var/www/vhostdir;
-    index index.php index.html index.htm;
+	index index.php index.html index.htm;
 
-    # vhost address
+	# vhost address
-    server_name vhost.example.org;
+	server_name vhost.example.org;
 
-    location / {
+	location / {
-        # First attempt to serve request as file, then
+		# First attempt to serve request as file, then
-        # as directory, then fall back to displaying a 404.
+		# as directory, then fall back to displaying a 404.
-        try_files $uri $uri/ =404;
+		try_files $uri $uri/ =404;
-        autoindex off;
+		autoindex off;
-    }
+	}
 
-    # Userdir
+	# Userdir
-    #ilocation ~ ^/~(.+?)(/.*)?$ {
+	#ilocation ~ ^/~(.+?)(/.*)?$ {
-    #    alias /home/$1/public_html$2;
+	#	 alias /home/$1/public_html$2;
-    #    index  index.html index.htm;
+	#	 index	index.html index.htm;
-    #    autoindex on;
+	#	 autoindex on;
-    #}
+	#}
 
 
-    #error_page 404 /404.html;
+	#error_page 404 /404.html;
 
-    # redirect server error pages to the static page /50x.html
+	# redirect server error pages to the static page /50x.html
-    #
+	#
-    #error_page 500 502 503 504 /50x.html;
+	#error_page 500 502 503 504 /50x.html;
-    #location = /50x.html {
+	#location = /50x.html {
-    #   root /usr/share/nginx/html;
+	#	root /usr/share/nginx/html;
-    #}
+	#}
 
-    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
+	# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
-    #
+	#
-    location ~ \.php$ {
+	location ~ \.php$ {
-       fastcgi_split_path_info ^(.+\.php)(/.+)$;
+		fastcgi_split_path_info ^(.+\.php)(/.+)$;
-    #   # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
+	#	# NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
-    #
+	#
-    #   # With php5-cgi alone:
+	#	# With php5-cgi alone:
-    #    fastcgi_pass 127.0.0.1:9000;
+	#	 fastcgi_pass 127.0.0.1:9000;
-    #   # With php5-fpm:
+	#	# With php5-fpm:
-       fastcgi_pass unix:/var/run/php5-fpm.sock;
+		fastcgi_pass unix:/var/run/php5-fpm.sock;
-       fastcgi_index index.php;
+		fastcgi_index index.php;
-       #include fastcgi_params;
+		#include fastcgi_params;
-       include fastcgi.conf;
+		include fastcgi.conf;
-    }
+	}
 
-    # deny access to .htaccess files, if Apache's document root
+	# deny access to .htaccess files, if Apache's document root
-    # concurs with nginx's one
+	# concurs with nginx's one
-    #
+	#
-    location ~ /\.ht {
+	location ~ /\.ht {
-       deny all;
+		deny all;
-    }
+	}
 }

etc/oidentd.conf

@@ -6,22 +6,22 @@
 
 # Deny everything by default
 default {
-    default {
+	default {
-        deny spoof
+		deny spoof
-        deny spoof_all
+		deny spoof_all
-        deny spoof_privport
+		deny spoof_privport
-        deny random
+		deny random
-        deny random_numeric
+		deny random_numeric
-        deny numeric
+		deny numeric
-        deny hide
+		deny hide
-    }
+	}
 }
 
 # Don't respond to ident request to root
 user root {
-    default {
+	default {
-        force hide
+		force hide
-    }
+	}
 }
 
 # Allow user znc to spoof when *Identfile is used
@@ -33,13 +33,13 @@ user root {
 # /msg *identfile setfile ~/.oidentd.conf
 # /msg *identfile setformat global { reply "%user%" }
 user "znc" {
-    default {
+	default {
-        allow spoof
+		allow spoof
-        allow spoof_all
+		allow spoof_all
-        allow spoof_privport
+		allow spoof_privport
-        deny random
+		deny random
-        deny random_numeric
+		deny random_numeric
-        deny numeric
+		deny numeric
-        deny hide
+		deny hide
-    }
+	}
 }

etc/pipewire/media-session.d/README.md

@@ -7,11 +7,11 @@ marking the headset as "Pro-audio" in pavucontrol Settings tab and adjusting
 one from `alsamixer` is enough to fix it.
 
 In `alsamixer` having it as pro-audio exposes the sound card in F6 known as
-*Logitech USB Headset* and there I see two siliders, *Headphone* and *Mic*,
+_Logitech USB Headset_ and there I see two siliders, _Headphone_ and _Mic_,
-*Headphone* can apparently be 100 and *Mic* muted when not in use to avoid
+_Headphone_ can apparently be 100 and _Mic_ muted when not in use to avoid
 it echoing back.
 
-* * * * *
+---
 
 The old pulseaudio fix for less than 20 % volume being unhearable is editing
 `alsa-monitor.conf` and uncommenting `api.alsa.ignore-dB = true`
@@ -32,10 +32,10 @@ don't exist by default anymore, they need to be copied and edited separately
 
 See also:
 
-* https://gitlab.freedesktop.org/pipewire/pipewire/-/issues/1220
+- https://gitlab.freedesktop.org/pipewire/pipewire/-/issues/1220
-  * marked as duplicate of: https://gitlab.freedesktop.org/pipewire/pipewire/-/issues/207
+  - marked as duplicate of: https://gitlab.freedesktop.org/pipewire/pipewire/-/issues/207
 
 ## Bluetooth
 
-* https://www.redpill-linpro.com/techblog/2021/05/31/better-bluetooth-headset-audio-with-msbc.html
+- https://www.redpill-linpro.com/techblog/2021/05/31/better-bluetooth-headset-audio-with-msbc.html
-  * https://web.archive.org/web/20210614103423/https://www.redpill-linpro.com/techblog/2021/05/31/better-bluetooth-headset-audio-with-msbc.html
+  - https://web.archive.org/web/20210614103423/https://www.redpill-linpro.com/techblog/2021/05/31/better-bluetooth-headset-audio-with-msbc.html

etc/pkcs11/modules/README.md

@@ -1,7 +1,7 @@
 Central configuration for PKCS#11 plugin using software and smartcards.
 
-* https://digisaatio.fi/wiki/P11-kit
+- https://digisaatio.fi/wiki/P11-kit
-* https://www.systutorials.com/docs/linux/man/5-pkcs11.conf/
+- https://www.systutorials.com/docs/linux/man/5-pkcs11.conf/
 
 Remember also [my FINEID notes in the gist/ repo](https://gitea.blesmrt.net/mikaela/gist/src/branch/master/fineid)
 

etc/radvd.conf

@@ -1,15 +1,15 @@
 interface eth0
 {
-   AdvSendAdvert on;
+	AdvSendAdvert on;
-   AdvOtherConfigFlag on;
+	AdvOtherConfigFlag on;
-   prefix 2001:14b8:100:8397::/64
+	prefix 2001:14b8:100:8397::/64
-   {
+	{
-        AdvOnLink on;
+		AdvOnLink on;
-        AdvAutonomous on;
+		AdvAutonomous on;
-   };
+	};
-   prefix ULA::/64
+	prefix ULA::/64
-   {
+	{
-        AdvOnLink on;
+		AdvOnLink on;
-        AdvAutonomous on;
+		AdvAutonomous on;
-   };
+	};
 };

etc/resolv.conf

@@ -26,9 +26,9 @@ options edns0 single-request-reopen #trust-ad
 # !!! /run/systemd/resolve/stub-resolv.conf !!! /usr/lib/systemd/resolv.conf /run/systemd/resolve/resolv.conf
 
 # !!! /run/systemd/resolve/stub-resolv.conf !!! contains search domains and doesn't seem to be
-#                                       overwritable and somehow works with Mullvad
+#									   overwritable and somehow works with Mullvad
-#                                       https://github.com/mullvad/mullvadvpn-app/issues/1952
+#									   https://github.com/mullvad/mullvadvpn-app/issues/1952
-# /usr/lib/systemd/resolv.conf          doesn't contain search domains, can
+# /usr/lib/systemd/resolv.conf		  doesn't contain search domains, can
-#                                       get overwritten and "broken"
+#									   get overwritten and "broken"
-# /run/systemd/resolve/resolv.conf      contains uplink resolvers and domains
+# /run/systemd/resolve/resolv.conf	  contains uplink resolvers and domains
-#                                       SHOULDN'T BE USED!
+#									   SHOULDN'T BE USED!

etc/ssh/ssh_config.d/example.conf

@@ -1,6 +1,6 @@
 #Host example
-  #Hostname compuutteri.example.net
+	#Hostname compuutteri.example.net
-  #Port 12345
+	#Port 12345
-  #IdentityFile /home/username/.ssh/privkey
+	#IdentityFile /home/username/.ssh/privkey
-  #ProxyJump uzanto@komputilo.example.net:2222
+	#ProxyJump uzanto@komputilo.example.net:2222
-  #User account42
+	#User account42

etc/ssh/sshd_config.d/README.md

@@ -1,6 +1,6 @@
 sshd_config should include something like
 
-Include /etc/ssh/sshd_config.d/*.conf
+Include /etc/ssh/sshd_config.d/\*.conf
 
 NOTE: This became supported only at OpenSSHd 8.2 on 2020-02-14.
 https://www.openssh.com/txt/release-8.2

etc/ssh/sshd_config.d/broken/mikaela-prohibit-password.conf

@@ -2,6 +2,6 @@
 # in reverse so this file is useless. https://serverfault.com/a/461865
 # & OpenSSH_8.4p1
 Match User mikaela
-    PasswordAuthentication no
+	PasswordAuthentication no
-    AuthenticationMethods publickey
+	AuthenticationMethods publickey
 Match All

etc/ssh/sshd_config.d/user-permit-password.conf

@@ -6,6 +6,6 @@
 # https://serverfault.com/a/461865 OpenSSH_8.4p1
 
 #Match User someone,somebodyelse,whoever
-#    PasswordAuthentication yes
+#	 PasswordAuthentication yes
-#    AuthenticationMethods any
+#	 AuthenticationMethods any
 #Match All

etc/systemd/resolved.conf.d/README.md

@@ -11,24 +11,24 @@ sudo systemctl restart systemd-resolved
 
 ## Files explained
 
-* `00-defaults.conf` - configuration not touching resolvers. Disables DNSSEC (as
+- `00-defaults.conf` - configuration not touching resolvers. Disables DNSSEC (as
   systemd-resolved doesn't handle it properly), enables opportunistic DoT and
   caching.
-* `dot-*.conf` - configuration to use the DNS provider with DNS-over-TLS. If
+- `dot-*.conf` - configuration to use the DNS provider with DNS-over-TLS. If
   captive portals are a concern, `DNSOverTLS=no`.
-* `README.md` - you are reading it right now.
+- `README.md` - you are reading it right now.
 
 ## General commentary
 
-* Based on my test DNSOverTLS is not supported in Ubuntu 18.04.x LTS (however
+- Based on my test DNSOverTLS is not supported in Ubuntu 18.04.x LTS (however
   at the time of writing this README.md, the current version is Ubuntu 20.04.0)
   (systemd v237). DNSOverTLS became supported in v239, strict mode (yes) in
   v243 (big improvements in v244).
-  * TODO: find out when SNI became supported, I have just spotted it in the
+  - TODO: find out when SNI became supported, I have just spotted it in the
     fine manual in 2020-06-??.
-* Domains has to be `.~` for them to override DHCP. See https://www.internetsociety.org/blog/2018/12/dns-privacy-in-linux-systemd
+- Domains has to be `.~` for them to override DHCP. See https://www.internetsociety.org/blog/2018/12/dns-privacy-in-linux-systemd
   without which I wouldn't have got this right.
-* DNSSEC may not work if the system is down for a long time and not updated.
+- DNSSEC may not work if the system is down for a long time and not updated.
   Thus `allow-downgrade` may be better for non-tech people, even with the
   potential downgrade attack. There are also captive portals, affecting
   `DNSOverTLS`. Both take `yes` or `no` or their own special option,
@@ -36,7 +36,7 @@ sudo systemctl restart systemd-resolved
 
 Other links I have found important and my files are based on:
 
-* https://wiki.archlinux.org/index.php/Systemd-resolved
+- https://wiki.archlinux.org/index.php/Systemd-resolved
-  * Also provides the serious issues systemd-resolved+DNSSEC issues, https://github.com/systemd/systemd/issues/10579 & https://github.com/systemd/systemd/issues/9867
+  - Also provides the serious issues systemd-resolved+DNSSEC issues, https://github.com/systemd/systemd/issues/10579 & https://github.com/systemd/systemd/issues/9867
-* request for strict DOT: https://github.com/systemd/systemd/issues/10755
+- request for strict DOT: https://github.com/systemd/systemd/issues/10755
-* vulnerable to MITM: https://github.com/systemd/systemd/issues/9397
+- vulnerable to MITM: https://github.com/systemd/systemd/issues/9397

etc/systemd/system/README.md

@@ -3,13 +3,13 @@ subdirectories. The sudirectories won't exist in the real
 `/etc/systemd/system` unless they end `.wants` or `.d` or something similar
 and I forget to update this README file if that happens.
 
-* reflector.service is copied from https://wiki.archlinux.org/index.php/Reflector
+- reflector.service is copied from https://wiki.archlinux.org/index.php/Reflector
   but uses https instead of http, because there is no reason I would want
   someone to see what I download.
 
 ## Worth reading
 
-* Waiting for network devices to have IP address (**I only use this for
+- Waiting for network devices to have IP address (**I only use this for
-cables**) https://wiki.freedesktop.org/www/Software/systemd/NetworkTarget/#cutthecraphowdoimakenetwork.targetworkforme
+  cables**) https://wiki.freedesktop.org/www/Software/systemd/NetworkTarget/#cutthecraphowdoimakenetwork.targetworkforme
-    * systemctl enable NetworkManager-wait-online.service
+  _ systemctl enable NetworkManager-wait-online.service
-    * systemctl enable systemd-networkd-wait-online.service
+  _ systemctl enable systemd-networkd-wait-online.service

etc/systemd/system/ipv6/README.md

@@ -1,9 +1,8 @@
 The IPv6 files are copied from
 https://www.reddit.com/r/raspberry_pi/comments/14vcpz/rpi_as_an_ipv6_router_using_a_sixxs_tunnel_and/
 and they are here because they were my biggest difficulty with having Arch
-on Pi as IPv6 router.
+on Pi as IPv6 router. \* Also helpful
-    * Also helpful
+https://wiki.archlinux.org/index.php/IPv6_tunnel_broker_setup
-      https://wiki.archlinux.org/index.php/IPv6_tunnel_broker_setup
 
 Miredo.service again is edited from what Arch & Debian ship so it starts
 after there is already network connectivity and Unbound is running

etc/systemd/system/limnoria.service

@@ -21,4 +21,3 @@ User=BOTUSER
 
 [Install]
 WantedBy=multi-user.target
-

etc/systemd/system/sailfish/README.md

@@ -2,5 +2,5 @@ Services in this directory are meant for my Jolla Phone which runs
 Sailfish OS. It doesn't have cron, so I tried the nearest equivalent
 that is there out-of-box, systemd timers.
 
-* aliendalvik-stopper again stops android support hourly so it won't waste
+- aliendalvik-stopper again stops android support hourly so it won't waste
   battery.

etc/unbound/unbound.conf.d/00-insecure-domains.conf

@@ -7,17 +7,17 @@
 
 server:
 forward-zone:
-    name: "mywifiext.net"
+	name: "mywifiext.net"
-    forward-tls-upstream: no
+	forward-tls-upstream: no
-    forward-addr: 8.8.8.8
+	forward-addr: 8.8.8.8
 
 forward-zone:
-    name: "tplinkrepeater.net"
+	name: "tplinkrepeater.net"
-    forward-tls-upstream: no
+	forward-tls-upstream: no
-    forward-addr: 8.8.8.8
+	forward-addr: 8.8.8.8
 
 # Can I refer to subdomain as a zone?
 forward-zone:
-    name: "http.badssl.com"
+	name: "http.badssl.com"
-    forward-tls-upstream: no
+	forward-tls-upstream: no
-    forward-addr: 8.8.8.8
+	forward-addr: 8.8.8.8

etc/unbound/unbound.conf.d/cache.conf

@@ -4,14 +4,14 @@
 # See also MEMORY CONTROL EXAMPLE in man unbound.conf
 
 server:
-    # bytes in message cache, defaults to 4m
+	# bytes in message cache, defaults to 4m
-    msg-cache-size: 50m
+	msg-cache-size: 50m
-    # bytes in rrset cache, defaults to 4m
+	# bytes in rrset cache, defaults to 4m
-    rrset-cache-size: 50m
+	rrset-cache-size: 50m
-    # nxdomain cache, default 1m
+	# nxdomain cache, default 1m
-    neg-cache-size: 10m
+	neg-cache-size: 10m
-    # Cache results for 15 minutes even if they had a shorter TTL. Cloudflare
+	# Cache results for 15 minutes even if they had a shorter TTL. Cloudflare
-    # zone export used to have 1 second, and I have also been seeing 1
+	# zone export used to have 1 second, and I have also been seeing 1
-    # minute in the wild, I think 5 mins shouldn't break anything, but bigger
+	# minute in the wild, I think 5 mins shouldn't break anything, but bigger
-    # might.
+	# might.
-    cache-min-ttl: 900
+	cache-min-ttl: 900

etc/unbound/unbound.conf.d/dns-over-tls.conf

@@ -7,10 +7,10 @@
 # root-auto-trust-anchor-file.conf at least on Debian.
 
 server:
-  # Debian ca-certificates location
+	# Debian ca-certificates location
-  tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
+	tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
-  # Fedora location
+	# Fedora location
-  #tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
+	#tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
 
 # Hopefully a reasonable set of non-filtering servers including those
 # listening on 443, preferably Anycast, but not necessarily.
@@ -21,37 +21,37 @@ server:
 # (Also I cannot rename this file due to it being linked around))
 
 forward-zone:
-    name: "."
+	name: "."
-    forward-tls-upstream: yes
+	forward-tls-upstream: yes
 
-    # Quad9 - Anycast, Switzerland based
+	# Quad9 - Anycast, Switzerland based
-    # Non filtering "insecure" servers without DNSSEC, but that is done
+	# Non filtering "insecure" servers without DNSSEC, but that is done
-    # by Unbound locally anyway.
+	# by Unbound locally anyway.
-    forward-addr: 2620:fe::fe:10@853#dns10.quad9.net
+	forward-addr: 2620:fe::fe:10@853#dns10.quad9.net
-    forward-addr: 9.9.9.10@853#dns10.quad9.net
+	forward-addr: 9.9.9.10@853#dns10.quad9.net
-    forward-addr: 2620:fe::10@853#dns10.quad9.net
+	forward-addr: 2620:fe::10@853#dns10.quad9.net
-    forward-addr: 149.112.112.10@853#dns10.quad9.net
+	forward-addr: 149.112.112.10@853#dns10.quad9.net
 
-    # Cloudflare DNS - anycast
+	# Cloudflare DNS - anycast
-    forward-addr: 2606:4700:4700::1111@853#cloudflare-dns.com
+	forward-addr: 2606:4700:4700::1111@853#cloudflare-dns.com
-    forward-addr: 1.1.1.1@853#cloudflare-dns.com
+	forward-addr: 1.1.1.1@853#cloudflare-dns.com
-    forward-addr: 2606:4700:4700::1001@853#cloudflare-dns.com
+	forward-addr: 2606:4700:4700::1001@853#cloudflare-dns.com
-    forward-addr: 1.0.0.1@853#cloudflare-dns.com
+	forward-addr: 1.0.0.1@853#cloudflare-dns.com
 
-    ## DNS-over-TLS on port 443, no filtering. Mainly useful for traveling
+	## DNS-over-TLS on port 443, no filtering. Mainly useful for traveling
-    ## laptops?
+	## laptops?
-    # https://appliedprivacy.net/services/dns/ - Vienna, Austria
+	# https://appliedprivacy.net/services/dns/ - Vienna, Austria
-    #forward-addr: 2a02:1b8:10:234::2@443#dot1.applied-privacy.net
+	#forward-addr: 2a02:1b8:10:234::2@443#dot1.applied-privacy.net
-    #forward-addr: 146.255.56.98@443#dot1.applied-privacy.net
+	#forward-addr: 146.255.56.98@443#dot1.applied-privacy.net
 
-    # Adguard DNS Unfiltered Anycast
+	# Adguard DNS Unfiltered Anycast
-    forward-addr: 2a10:50c0::1:ff@853#dns-unfiltered.adguard.com
+	forward-addr: 2a10:50c0::1:ff@853#dns-unfiltered.adguard.com
-    forward-addr: 2a10:50c0::2:ff@853#dns-unfiltered.adguard.com
+	forward-addr: 2a10:50c0::2:ff@853#dns-unfiltered.adguard.com
-    forward-addr: 94.140.14.140@853#dns-unfiltered.adguard.com
+	forward-addr: 94.140.14.140@853#dns-unfiltered.adguard.com
-    forward-addr: 94.140.14.141@853#dns-unfiltered.adguard.com
+	forward-addr: 94.140.14.141@853#dns-unfiltered.adguard.com
 
-    # NextDNS - anycast
+	# NextDNS - anycast
-    forward-addr: 45.90.28.0@853#dns1.nextdns.io
+	forward-addr: 45.90.28.0@853#dns1.nextdns.io
-    forward-addr: 2a07:a8c0::@853#dns1.nextdns.io
+	forward-addr: 2a07:a8c0::@853#dns1.nextdns.io
-    forward-addr: 45.90.30.0@853#dns2.nextdns.io
+	forward-addr: 45.90.30.0@853#dns2.nextdns.io
-    forward-addr: 2a07:a8c1::@853#dns2.nextdns.io
+	forward-addr: 2a07:a8c1::@853#dns2.nextdns.io

etc/unbound/unbound.conf.d/dns64-over-tls.conf

@@ -2,23 +2,23 @@
 # are currently rare. And this is more of a placeholder.
 
 server:
-  # Debian ca-certificates location
+	# Debian ca-certificates location
-  tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
+	tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
-  # ctrl.blog says this is the Fedora location
+	# ctrl.blog says this is the Fedora location
-  #tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
+	#tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
 
 # Forward queries to
 forward-zone:
-    name: "."
+	name: "."
-    forward-tls-upstream: yes
+	forward-tls-upstream: yes
 
-    # Google DNS64 for 64:ff9b::/96
+	# Google DNS64 for 64:ff9b::/96
-    # As of 2019-08-25 this doesn't seem to actually be working, but I hope
+	# As of 2019-08-25 this doesn't seem to actually be working, but I hope
-    # Google will fix it by the time I actually have IPv6 only hosts and
+	# Google will fix it by the time I actually have IPv6 only hosts and
-    # there will be not-Google options.
+	# there will be not-Google options.
-    #forward-addr: 2001:4860:4860::6464@853#dns64.dns.google
+	#forward-addr: 2001:4860:4860::6464@853#dns64.dns.google
-    #forward-addr: 2001:4860:4860::64@853#dns64.dns.google
+	#forward-addr: 2001:4860:4860::64@853#dns64.dns.google
 
-    # Cloudflare for 64:ff9b::/96
+	# Cloudflare for 64:ff9b::/96
-    forward-addr: 2606:4700:4700::64@853#dns64.cloudflare-dns.com
+	forward-addr: 2606:4700:4700::64@853#dns64.cloudflare-dns.com
-    forward-addr: 2606:4700:4700::6400@853#dns64.cloudflare-dns.com
+	forward-addr: 2606:4700:4700::6400@853#dns64.cloudflare-dns.com

etc/unbound/unbound.conf.d/dnscrypt-proxy.conf

@@ -1,5 +1,5 @@
 # From https://wiki.archlinux.org/index.php/DNSCrypt
 do-not-query-localhost: no
 forward-zone:
-    name: "."
+	name: "."
-    forward-addr: 127.0.2.1@53
+	forward-addr: 127.0.2.1@53

etc/unbound/unbound.conf.d/dot-adguard.conf

@@ -1,15 +1,15 @@
 server:
-  # Debian ca-certificates location
+	# Debian ca-certificates location
-  tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
+	tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
-  # ctrl.blog says this is the Fedora location
+	# ctrl.blog says this is the Fedora location
-  #tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
+	#tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
 
 forward-zone:
-    name: "."
+	name: "."
-    forward-tls-upstream: yes
+	forward-tls-upstream: yes
-    forward-addr: 2a10:50c0::ad1:ff@853#dns.adguard.com
+	forward-addr: 2a10:50c0::ad1:ff@853#dns.adguard.com
-    forward-addr: 94.140.14.14@853#dns.adguard.com
+	forward-addr: 94.140.14.14@853#dns.adguard.com
-    forward-addr: 2a10:50c0::ad2:ff@853#dns.adguard.com
+	forward-addr: 2a10:50c0::ad2:ff@853#dns.adguard.com
-    forward-addr: 94.140.15.15@853#dns.adguard.com
+	forward-addr: 94.140.15.15@853#dns.adguard.com
 
 # Updated for https://adguard.com/en/blog/adguard-dns-new-addresses.html

etc/unbound/unbound.conf.d/dot-fluhable-cache.conf

@@ -2,25 +2,25 @@
 # Based on https://www.ctrl.blog/entry/unbound-tls-forwarding.html
 
 server:
-  # Debian ca-certificates location
+	# Debian ca-certificates location
-  tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
+	tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
-  # Fedora location
+	# Fedora location
-  #tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
+	#tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
 
 # DNS servers that have public button for flushing cache. Privacy not considered.
 
 forward-zone:
-    name: "."
+	name: "."
-    forward-tls-upstream: yes
+	forward-tls-upstream: yes
 
-    # Cloudflare / https://1.1.1.1/purge-cache/
+	# Cloudflare / https://1.1.1.1/purge-cache/
-    forward-addr: 2606:4700:4700::1111@853#cloudflare-dns.com
+	forward-addr: 2606:4700:4700::1111@853#cloudflare-dns.com
-    forward-addr: 1.1.1.1@853#cloudflare-dns.com
+	forward-addr: 1.1.1.1@853#cloudflare-dns.com
-    forward-addr: 2606:4700:4700::1001@853#cloudflare-dns.com
+	forward-addr: 2606:4700:4700::1001@853#cloudflare-dns.com
-    forward-addr: 1.0.0.1@853#cloudflare-dns.com
+	forward-addr: 1.0.0.1@853#cloudflare-dns.com
 
-    # Google / https://dns.google/cache
+	# Google / https://dns.google/cache
-    forward-addr: 8.8.8.8@853#dns.google
+	forward-addr: 8.8.8.8@853#dns.google
-    forward-addr: 8.8.4.4@853#dns.google
+	forward-addr: 8.8.4.4@853#dns.google
-    forward-addr: 2001:4860:4860::8888@853#dns.google
+	forward-addr: 2001:4860:4860::8888@853#dns.google
-    forward-addr: 2001:4860:4860::8844@853#dns.google
+	forward-addr: 2001:4860:4860::8844@853#dns.google

etc/unbound/unbound.conf.d/dot-mullvad-adblock.conf

@@ -1,12 +1,12 @@
 server:
-  # Debian ca-certificates location
+	# Debian ca-certificates location
-  tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
+	tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
-  # ctrl.blog says this is the Fedora location
+	# ctrl.blog says this is the Fedora location
-  #tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
+	#tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
 
 forward-zone:
-    name: "."
+	name: "."
-    forward-tls-upstream: yes
+	forward-tls-upstream: yes
-    forward-addr: 2a07:e340::3@853#adblock.doh.mullvad.net
+	forward-addr: 2a07:e340::3@853#adblock.doh.mullvad.net
-    forward-addr: 194.242.2.3@853#adblock.doh.mullvad.net
+	forward-addr: 194.242.2.3@853#adblock.doh.mullvad.net
-    forward-addr: 193.19.108.3@853#adblock.doh.mullvad.net
+	forward-addr: 193.19.108.3@853#adblock.doh.mullvad.net

etc/unbound/unbound.conf.d/dot-mullvad.conf

@@ -1,12 +1,12 @@
 server:
-  # Debian ca-certificates location
+	# Debian ca-certificates location
-  tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
+	tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
-  # ctrl.blog says this is the Fedora location
+	# ctrl.blog says this is the Fedora location
-  #tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
+	#tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
 
 forward-zone:
-    name: "."
+	name: "."
-    forward-tls-upstream: yes
+	forward-tls-upstream: yes
-    forward-addr: 2a07:e340::2@853#doh.mullvad.net
+	forward-addr: 2a07:e340::2@853#doh.mullvad.net
-    forward-addr: 194.242.2.2@853#doh.mullvad.net
+	forward-addr: 194.242.2.2@853#doh.mullvad.net
-    forward-addr: 193.19.108.2@853#doh.mullvad.net
+	forward-addr: 193.19.108.2@853#doh.mullvad.net

etc/unbound/unbound.conf.d/dot-quad9-ecs.conf

@@ -1,13 +1,13 @@
 server:
-  # Debian ca-certificates location
+	# Debian ca-certificates location
-  tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
+	tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
-  # ctrl.blog says this is the Fedora location
+	# ctrl.blog says this is the Fedora location
-  #tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
+	#tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
 
 forward-zone:
-    name: "."
+	name: "."
-    forward-tls-upstream: yes
+	forward-tls-upstream: yes
-    forward-addr: 2620:fe::fe:11@853#dns11.quad9.net
+	forward-addr: 2620:fe::fe:11@853#dns11.quad9.net
-    forward-addr: 9.9.9.11@853#dns11.quad9.net
+	forward-addr: 9.9.9.11@853#dns11.quad9.net
-    forward-addr: 2620:fe::11@853#dns11.quad9.net
+	forward-addr: 2620:fe::11@853#dns11.quad9.net
-    forward-addr: 149.112.112.11@853#dns11.quad9.net
+	forward-addr: 149.112.112.11@853#dns11.quad9.net

etc/unbound/unbound.conf.d/dot-quad9.conf

@@ -1,13 +1,13 @@
 server:
-  # Debian ca-certificates location
+	# Debian ca-certificates location
-  tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
+	tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
-  # ctrl.blog says this is the Fedora location
+	# ctrl.blog says this is the Fedora location
-  #tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
+	#tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
 
 forward-zone:
-    name: "."
+	name: "."
-    forward-tls-upstream: yes
+	forward-tls-upstream: yes
-    forward-addr: 2620:fe::fe@853#dns.quad9.net
+	forward-addr: 2620:fe::fe@853#dns.quad9.net
-    forward-addr: 9.9.9.9@853#dns.quad9.net
+	forward-addr: 9.9.9.9@853#dns.quad9.net
-    forward-addr: 2620:fe::9@853#dns.quad9.net
+	forward-addr: 2620:fe::9@853#dns.quad9.net
-    forward-addr: 149.112.112.112@853#dns.quad9.net
+	forward-addr: 149.112.112.112@853#dns.quad9.net

etc/unbound/unbound.conf.d/ipv6.conf

@@ -1,3 +1,3 @@
 server:
-    # Prefer IPv6 transport for sending DNS queries to internet nameservers.
+	# Prefer IPv6 transport for sending DNS queries to internet nameservers.
-    prefer-ip6: yes
+	prefer-ip6: yes

etc/unbound/unbound.conf.d/logging.conf

@@ -1,10 +1,10 @@
 server:
-    use-syslog: yes
+	use-syslog: yes
-    #logfile: "/tmp/unbound.log"
+	#logfile: "/tmp/unbound.log"
-    # level 0 means no verbosity, only errors. Level 1 gives operational
+	# level 0 means no verbosity, only errors. Level 1 gives operational
-    # information. Level 2 gives detailed operational information. Level 3
+	# information. Level 2 gives detailed operational information. Level 3
-    # gives query level information, output per query.  Level  4  gives
+	# gives query level information, output per query.  Level  4  gives
-    # algorithm  level  information.
+	# algorithm  level  information.
-    verbosity: 2
+	verbosity: 2
-    # Print statistics to the log hourly
+	# Print statistics to the log hourly
-    statistics-interval: 3600
+	statistics-interval: 3600

etc/unbound/unbound.conf.d/plain-dns64.conf

@@ -2,19 +2,19 @@
 # Check dns64-over-tls.conf instead!
 
 forward-zone:
-    name: "."
+	name: "."
 
-    # Cloudflare DNS64 for 64:ff9b::/96
+	# Cloudflare DNS64 for 64:ff9b::/96
-    forward-addr: 2606:4700:4700::64
+	forward-addr: 2606:4700:4700::64
-    forward-addr: 2606:4700:4700::6400
+	forward-addr: 2606:4700:4700::6400
 
-    # Trex DNS64/NAT64 <http://www.trex.fi/2011/dns64.html>
+	# Trex DNS64/NAT64 <http://www.trex.fi/2011/dns64.html>
-    # > The generated AAAA records point to address blocks in TREX's public
+	# > The generated AAAA records point to address blocks in TREX's public
-    # address space 2001:67c:2b0::/48 so they are usable from anywhere on
+	# address space 2001:67c:2b0::/48 so they are usable from anywhere on
-    # the Internet.
+	# the Internet.
-    forward-addr: 2001:67c:2b0::4
+	forward-addr: 2001:67c:2b0::4
-    forward-addr: 2001:67c:2b0::6
+	forward-addr: 2001:67c:2b0::6
 
-    # Google DNS64 for 64:ff9b::/96 (reserved NAT64 space)
+	# Google DNS64 for 64:ff9b::/96 (reserved NAT64 space)
-    #forward-addr: 2001:4860:4860::6464
+	#forward-addr: 2001:4860:4860::6464
-    #forward-addr: 2001:4860:4860::64
+	#forward-addr: 2001:4860:4860::64

etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf

@@ -1,6 +1,6 @@
 # This is another Debian default, that I may be missing under Arch, even
 # if the location changes.
 server:
-    # The following line will configure unbound to perform cryptographic
+	# The following line will configure unbound to perform cryptographic
-    # DNSSEC validation using the root trust anchor.
+	# DNSSEC validation using the root trust anchor.
-    auto-trust-anchor-file: "/var/lib/unbound/root.key"
+	auto-trust-anchor-file: "/var/lib/unbound/root.key"

etc/unbound/unbound.conf.d/threads.conf

@@ -1,4 +1,4 @@
 server:
-    # Use two threads, I think more than 1 threads will help with Firefox
+	# Use two threads, I think more than 1 threads will help with Firefox
-    # at times telling name resolution failed
+	# at times telling name resolution failed
-    num-threads: 2
+	num-threads: 2

etc/xdg/autostart/README.md

@@ -1,10 +1,9 @@
-System-wide autostart files
+# System-wide autostart files
-===========================
 
-*Note: this directory is also being used as `~/.local/share/applications`
+_Note: this directory is also being used as `~/.local/share/applications`
- which populates the app menu, my autostart is thankfully not this
+which populates the app menu, my autostart is thankfully not this
- populated.*
+populated._
 
-* redshift - app that changes screen temperature along the sun
+- redshift - app that changes screen temperature along the sun
-* telegramdesktop - IM app, based on telegram-desktop package
+- telegramdesktop - IM app, based on telegram-desktop package
-* com.wire.WireDesktop - Wire flatpak based on the flatpak of the same name
+- com.wire.WireDesktop - Wire flatpak based on the flatpak of the same name

etc/yum.repos.d/README.md

@@ -6,8 +6,8 @@ as the links below.
 
 ## Additional repositories
 
-* Begin by `sudo fedora-third-party enable`
+- Begin by `sudo fedora-third-party enable`
-* https://github.com/yggdrasil-network/yggdrasil-network.github.io/issues/127#issuecomment-766520311
+- https://github.com/yggdrasil-network/yggdrasil-network.github.io/issues/127#issuecomment-766520311
-* https://www.insynchq.com/
+- https://www.insynchq.com/
-* https://keybase.io/docs/the_app/install_linux
+- https://keybase.io/docs/the_app/install_linux
-* https://rpmfusion.org/Configuration
+- https://rpmfusion.org/Configuration

gpg/gpg.conf

@@ -5,7 +5,7 @@
 # This file is free software; as a special exception the author gives
 # unlimited permission to copy and/or distribute it, with or without
 # modifications, as long as this notice is preserved.
-# 
+#
 # This file is distributed in the hope that it will be useful, but
 # WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
 # implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
@@ -112,4 +112,3 @@ trust-model tofu+pgp
 # WoT with TOFU’s conflict detection, but without positive trust. This may
 # be better due to https://gitea.blesmrt.net/mikaela/pgp-alt-wot/ and lsign.
 tofu-default-policy unknown
-

install

@@ -18,7 +18,7 @@ cat conf/makepkg.conf > ~/.makepkg.conf
 mkdir -p ~/.config/mpv/
 cat conf/mpv.conf > ~/.config/mpv/mpv.conf
 if [ ! -f ~/.oidentd.conf ]; then
-    cat conf/oidentd.conf > ~/.oidentd.conf
+	cat conf/oidentd.conf > ~/.oidentd.conf
 fi
 mkdir -p ~/.gnupg
 cat gpg/gpg.conf > ~/.gnupg/gpg.conf
@@ -37,12 +37,12 @@ bash -x ./chmod&
 
 if [ -f $HOME/.MIKAELAGREP ]
 then
-    mv $HOME/.MIKAELAGREP $MIKAELA_GREP
+	mv $HOME/.MIKAELAGREP $MIKAELA_GREP
 fi
 
 if [ -f "$MIKAELA_GREP" ]
 then
-    bash -x .mikaela_install
+	bash -x .mikaela_install
 fi
 
 set +x

rc/bashrc

@@ -108,7 +108,7 @@ if [[ $UNAME = Darwin ]]; then
 	alias l="ls -CFGp"
 fi
 
-# Add an "alert" alias for long running commands.  Use like so:
+# Add an "alert" alias for long running commands. Use like so:
 #	sleep 10; alert
 alias alert='notify-send --urgency=low -i "$([ $? = 0 ] && echo terminal || echo error)" "$(history|tail -n1|sed -e '\''s/^\s*[0-9]\+\s*//;s/[;&|]\s*alert$//'\'')"'
 
@@ -276,7 +276,7 @@ alias nmap-quick-plus="sudo nmap -sV -T4 -O -F --version-light "
 alias nmap-traceroute="sudo nmap -sP -PE -PS22,25,80 -PA21,23,80,3389 -PU -PO --traceroute "
 alias nmap-regular="nmap "
 alias nmap-comprehensive="sudo nmap -sS -sU -T4 -A -v -PE -PP -PS21,22,23,25,80,113,31339 -PA80,113,443,10042 -PO --script all "
-# Little "safer" scan as connecting to only HTTP and HTTPS ports doesn't look so attacking. Copy-paste to .bash_custom and remove  " -p 80,443" if you want to scan all ports which nmap scans by default.
+# Little "safer" scan as connecting to only HTTP and HTTPS ports doesn't look so attacking. Copy-paste to .bash_custom and remove " -p 80,443" if you want to scan all ports which nmap scans by default.
 alias nmap-osscan="sudo nmap -p 80,443 -O -v --osscan-guess --fuzzy "
 
 # Downloads folder over SSH. Usage: rdownload <host>:<remotefolder> <local_destination> | TIP: use ~/ssh/config to configure hosts.
@@ -530,7 +530,7 @@ alias mpvms="mpv --no-video --shuffle"
 # Compatibility with my i3 alsactl mess
 if [ -f ~/.config/asound.state ]
 then
-  alias alsactl="\alsactl -f ~/.config/asound.state"
+	alias alsactl="\alsactl -f ~/.config/asound.state"
 fi
 
 # More simple SSH file signing, ~/.ssh/signingkey.pub should be a symlink
@@ -573,26 +573,26 @@ function ex ()
 {
 if [ -f "$1" ] ; then
 case "$1" in
-	  *.tar)				tar xvf $1			;;
+	*.tar)				tar xvf $1			;;
-	  *.tar.bz2 | *.tbz2 )	tar xjvf $1			;;
+	*.tar.bz2 | *.tbz2 )	tar xjvf $1			;;
-	  *.tar.gz | *.tgz )	tar xzvf $1			;;
+	*.tar.gz | *.tgz )	tar xzvf $1			;;
-	  *.bz2)				bunzip2 $1			;;
+	*.bz2)				bunzip2 $1			;;
-	  *.rar)				unrar x $1			;;
+	*.rar)				unrar x $1			;;
-	  *.gz)					gunzip $1			;;
+	*.gz)					gunzip $1			;;
-	  *.zip)				unzip $1			;;
+	*.zip)				unzip $1			;;
-	  *.Z)					uncompress $1		;;
+	*.Z)					uncompress $1		;;
-	  *.7z)					7z x $1				;;
+	*.7z)					7z x $1				;;
-	  *.xz)					tar xJvf $1			;;
+	*.xz)					tar xJvf $1			;;
-	  *.deb)
+	*.deb)
-		 DIR=${1%%_*.deb}
+		DIR=${1%%_*.deb}
-		 ar xv $1
+		ar xv $1
-		 mkdir ${DIR}
+		mkdir ${DIR}
-		 tar -C ${DIR} -xzvf data.tar.gz		;;
+		tar -C ${DIR} -xzvf data.tar.gz		;;
-	  *.rpm)			   rpm2cpio $1 | cpio -vid	;;
+	*.rpm)			 rpm2cpio $1 | cpio -vid	;;
-	  *)   echo ""${1}" cannot be extracted via extract()"
+	*) echo ""${1}" cannot be extracted via extract()"
 ;;
 	esac
-   else
+else
 	echo ""${1}" is not a valid file"
 fi
 }

rc/vimrc

@@ -79,9 +79,9 @@ filetype plugin indent on
 
 " Return to last edit position when opening files (You want this!)
 autocmd BufReadPost *
-	 \ if line("'\"") > 0 && line("'\"") <= line("$") |
+	\ if line("'\"") > 0 && line("'\"") <= line("$") |
-	 \	 exe "normal! g`\"" |
+	\	 exe "normal! g`\"" |
-	 \ endif
+	\ endif
 
 " I think leaving line endings to git may be more safe
 " dos2unix ^M copied from https://stackoverflow.com/a/5361702/1675649

rc/zshrc

@@ -11,20 +11,20 @@ UNAME=$(uname)
 # Dynamic window title via https://stackoverflow.com/a/20772424
 ## BREAKS TMUX TITLE CHANGING WHICH IS BETTER THAN THIS.
 #case $TERM in
-#  (*xterm* | *rxvt*)
+#	(*xterm* | *rxvt*)
 
 	# Write some info to terminal title.
 	# This is seen when the shell prompts for input.
 #	 function precmd {
-#	   print -Pn "\e]0;zsh%L %(1j,%j job%(2j|s|); ,)%~\a"
+#		print -Pn "\e]0;zsh%L %(1j,%j job%(2j|s|); ,)%~\a"
 #	 }
 	# Write command and args to terminal title.
 	# This is seen while the shell waits for a command to complete.
 #	 function preexec {
-#	   printf "\033]0;%s\a" "$1"
+#		printf "\033]0;%s\a" "$1"
 #	 }
 #
-#  ;;
+#;;
 #esac
 
 # enable terminal bell
@@ -232,7 +232,7 @@ alias nmap-quick-plus="sudo nmap -sV -T4 -O -F --version-light "
 alias nmap-traceroute="sudo nmap -sP -PE -PS22,25,80 -PA21,23,80,3389 -PU -PO --traceroute "
 alias nmap-regular="nmap "
 alias nmap-comprehensive="sudo nmap -sS -sU -T4 -A -v -PE -PP -PS21,22,23,25,80,113,31339 -PA80,113,443,10042 -PO --script all "
-# Little "safer" scan as connecting to only HTTP and HTTPS ports doesn't look so attacking. Copy-paste to .zsh_custom and remove  " -p 80,443" if you want to scan all ports which nmap scans by default.
+# Little "safer" scan as connecting to only HTTP and HTTPS ports doesn't look so attacking. Copy-paste to .zsh_custom and remove" -p 80,443" if you want to scan all ports which nmap scans by default.
 alias nmap-osscan="sudo nmap -p 80,443 -O -v --osscan-guess --fuzzy "
 
 # Downloads folder over SSH. Usage: rdownload <host>:<remotefolder> <local_destination> | TIP: use ~/ssh/config to configure hosts.
@@ -281,7 +281,7 @@ if [[ $UNAME = Darwin ]]; then
 	alias l="ls -CFGp"
 fi
 
-# Add an "alert" alias for long running commands.  Use like so:
+# Add an "alert" alias for long running commands. Use like so:
 alias alert='notify-send --urgency=low -i "$([ $? = 0 ] && echo terminal || echo error)" "$(history|tail -n1|sed -e '\''s/^\s*[0-9]\+\s*//;s/[;&|]\s*alert$//'\'')"'
 
 ## -- End of aliases which are saved from Ubuntu default bashrc. --
@@ -507,7 +507,7 @@ alias mpvms="mpv --no-video --shuffle"
 # Compatibility with my i3 alsactl mess
 if [ -f ~/.config/asound.state ]
 then
-  alias alsactl="\alsactl -f ~/.config/asound.state"
+	alias alsactl="\alsactl -f ~/.config/asound.state"
 fi
 
 # More simple SSH file signing, ~/.ssh/signingkey.pub should be a symlink
@@ -550,26 +550,26 @@ function ex ()
 {
 if [ -f "$1" ] ; then
 case "$1" in
-	  *.tar)				tar xvf $1			;;
+		*.tar)				tar xvf $1			;;
-	  *.tar.bz2 | *.tbz2 )	tar xjvf $1			;;
+		*.tar.bz2 | *.tbz2 )	tar xjvf $1			;;
-	  *.tar.gz | *.tgz )	tar xzvf $1			;;
+		*.tar.gz | *.tgz )	tar xzvf $1			;;
-	  *.bz2)				bunzip2 $1			;;
+		*.bz2)				bunzip2 $1			;;
-	  *.rar)				unrar x $1			;;
+		*.rar)				unrar x $1			;;
-	  *.gz)					gunzip $1			;;
+		 *.gz)					gunzip $1			;;
-	  *.zip)				unzip $1			;;
+		*.zip)				unzip $1			;;
-	  *.Z)					uncompress $1		;;
+		*.Z)					uncompress $1		;;
-	  *.7z)					7z x $1				;;
+		*.7z)					7z x $1				;;
-	  *.xz)					tar xJvf $1			;;
+		*.xz)					tar xJvf $1			;;
-	  *.deb)
+		*.deb)
-		 DIR=${1%%_*.deb}
+		DIR=${1%%_*.deb}
-		 ar xv $1
+		ar xv $1
-		 mkdir ${DIR}
+		mkdir ${DIR}
-		 tar -C ${DIR} -xzvf data.tar.gz		;;
+		tar -C ${DIR} -xzvf data.tar.gz		;;
-	  *.rpm)			   rpm2cpio $1 | cpio -vid	;;
+		*.rpm)				rpm2cpio $1 | cpio -vid	;;
-	  *)   echo ""${1}" cannot be extracted via extract()"
+		*)	 echo ""${1}" cannot be extracted via extract()"
 ;;
 	esac
-   else
+	else
 	echo ""${1}" is not a valid file"
 fi
 }

var/lib/iwd/README.md

@@ -5,15 +5,15 @@ NetworkManager.
 
 Notes:
 
-* `git commit`ing the same SSID with different capitalisations breaks
+- `git commit`ing the same SSID with different capitalisations breaks
   Windows and more common macOS setups due to their filesystems being
   case-insensitive.
-* `Settings.AutoConnect=true` is unnecessary as it defaults to true
+- `Settings.AutoConnect=true` is unnecessary as it defaults to true
   according to `man iwd.network`.
-* `IPv6.Enabled=true` defauls to true being also unnecessary.
+- `IPv6.Enabled=true` defauls to true being also unnecessary.
-* `private-home-sample.psk` has a comment on MAC address override and sends
+- `private-home-sample.psk` has a comment on MAC address override and sends
-   hostname with IPv4 DHCP. `private-cafe-sample.psk` always randomizes MAC
+  hostname with IPv4 DHCP. `private-cafe-sample.psk` always randomizes MAC
-   address and doesn't send hostname.
+  address and doesn't send hostname.
-* The `.open` networks always randomize MAC address too. If a network is
+- The `.open` networks always randomize MAC address too. If a network is
   private and needs MAC address for captive portal override or something,
   `private-home-sample.psk` should be adjusted from.