Mikaela/shell-things
1
0
Fork 0
mirror of https://gitea.blesmrt.net/mikaela/shell-things.git synced 2025-08-17 20:07:20 +02:00
Code Issues Projects Releases Wiki Activity

Compare commits

base: Mikaela:8549d037274a844a74bc8266f5bad47ae86ff162
Branches Tags
Mikaela:cxefa
...
compare: Mikaela:a2c3d9248d3e97d45aa2e5251a1db9243be54385
Branches Tags
Mikaela:cxefa

10 Commits
8549d03727 ... a2c3d9248d

Author SHA1 Message Date
Aminda Suomalainen
a2c3d9248d
fix ends of lines 2023-02-21 20:11:35 +02:00
Aminda Suomalainen
bae66cc80e
.pre-commit-config.yaml: enable end-of-file-fixer 2023-02-21 20:09:54 +02:00
Aminda Suomalainen
d2f2829ccc
chmod -x Windows/CVE-2018-3639.reg 2023-02-21 19:34:20 +02:00
Aminda Suomalainen
b39b5db0d4
run prettier on markdown again? 2023-02-21 19:33:31 +02:00
Aminda Suomalainen
5106f8d98e
.editorconfig: markdown uses spaces 2023-02-21 19:32:11 +02:00
Aminda Suomalainen
f5182d90f9
.pre-commit-config.yaml: remove extraneous repos: 2023-02-21 19:28:28 +02:00
Aminda Suomalainen
2e6a03d402
sastisfy editorconfig check 2023-02-21 19:08:54 +02:00
Aminda Suomalainen
cff2ac755f
.pre-commit-config.yaml: add editorconfig-checker.python 2023-02-21 18:23:28 +02:00
Aminda Suomalainen
19994e3286
run prettier 2023-02-21 17:54:39 +02:00
Aminda Suomalainen
314b0996af
.pre-commit-config.yaml: add prettier 2023-02-21 17:52:47 +02:00
86 changed files with 1066 additions and 1057 deletions
Show Stats Expand all files Collapse all files

4
.editorconfig
View File

@ -29,6 +29,9 @@ indent_size = 2
# never seem to do that, maybe I should accept it
[*.{markdown,md}]
trim_trailing_whitespace = false
# Prettier seems to believe spaces are the only way to markdown
indent_style = space
indent_size = 2
# Nim https://nim-lang.org/docs/nep1.html#introduction-spacing-and-whitespace-conventions
[*.nim]
@ -66,4 +69,3 @@ end_of_line = crlf
[*.{cff,yaml,yml}]
indent_style = space
indent_size = 2

1
.mikaela/gpg.conf
View File

@ -112,4 +112,3 @@ trust-model tofu+pgp
# WoT with TOFUs conflict detection, but without positive trust. This may
# be better due to https://gitea.blesmrt.net/mikaela/pgp-alt-wot/ and lsign.
tofu-default-policy unknown

8
.mikaela/pastebinit.xml
View File

@ -1,6 +1,6 @@
<pastebinit>
<pastebin>http://sprunge.us</pastebin>
<author>Mikaela</author>
<jabberid>mikaela@kapsi.fi</jabberid>
<format>text</format>
<pastebin>http://sprunge.us</pastebin>
<author>Mikaela</author>
<jabberid>mikaela@kapsi.fi</jabberid>
<format>text</format>
</pastebinit>

24
.pre-commit-config.yaml
View File

@ -5,12 +5,22 @@
# See https://pre-commit.com for more information
# See https://pre-commit.com/hooks.html for more hooks
repos:
- repo: https://github.com/pre-commit/pre-commit-hooks
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v4.4.0
hooks:
- id: check-case-conflict
- id: check-executables-have-shebangs
- id: check-shebang-scripts-are-executable
- id: destroyed-symlinks
- id: detect-private-key
- id: fix-byte-order-marker
- id: check-case-conflict
- id: check-executables-have-shebangs
- id: check-shebang-scripts-are-executable
- id: destroyed-symlinks
- id: detect-private-key
- id: end-of-file-fixer
- id: fix-byte-order-marker
- repo: https://github.com/pre-commit/mirrors-prettier
rev: "v3.0.0-alpha.4"
hooks:
- id: prettier
- repo: https://github.com/editorconfig-checker/editorconfig-checker.python
rev: "2.7.1"
hooks:
- id: editorconfig-checker
alias: ec

2
CITATION.cff
View File

@ -12,6 +12,6 @@ authors:
family-names: Suomalainen
email: suomalainen+git@mikaela.info
- given-names: git shortlog -sne
repository-code: 'https://gitea.blesmrt.net/Mikaela/shell-things'
repository-code: "https://gitea.blesmrt.net/Mikaela/shell-things"
abstract: dotfiles
license: BSD-3-Clause

15
README.md
View File

@ -1,13 +1,12 @@
Config files that I wish to have everywhere. You could probably call this
repository as dotfiles, but historical reasons...
Directories explained
=====================
# Directories explained
* .mikaela — files that most likely aren't suitable for places where other
- .mikaela — files that most likely aren't suitable for places where other
people than me have access too
* Windows — files releated to Windows
* conf — config files like .tmux.conf
* etc — /etc/
* gpg — GNU Privacy Guard config files, ~/.gnupg/
* rc — bashrc, zshrc, vimrc and apparently \*init files…
- Windows — files releated to Windows
- conf — config files like .tmux.conf
- etc — /etc/
- gpg — GNU Privacy Guard config files, ~/.gnupg/
- rc — bashrc, zshrc, vimrc and apparently \*init files…

2
Windows/.gitattributes vendored
View File

@ -1 +1 @@
* text=auto eol=crlf
* text=auto eol=crlf

14
Windows/10to11/README.md
View File

@ -2,7 +2,7 @@
## WARNING
* READ FIRST: [Microsoft: Installing Windows 11 on devices that don't meet minimum system requirements](https://support.microsoft.com/windows/installing-windows-11-on-devices-that-don-t-meet-minimum-system-requirements-0b2dc4a2-5933-4ad4-9c09-ef0a331518f1)
- READ FIRST: [Microsoft: Installing Windows 11 on devices that don't meet minimum system requirements](https://support.microsoft.com/windows/installing-windows-11-on-devices-that-don-t-meet-minimum-system-requirements-0b2dc4a2-5933-4ad4-9c09-ef0a331518f1)
This is not supported by Microsoft, most of the methods listed here didn't
work for me on the first system I updated, Windows is not my primary operating
@ -14,19 +14,19 @@ affect me.
Sedric, Tassu and Zaldaryn have no TPM or currently supported CPU, while
the health check app says they are only two to six years old.
* https://github.com/AveYo/MediaCreationTool.bat
- https://github.com/AveYo/MediaCreationTool.bat
## Registry files here
I think the first method is likely the best, but I cannot rule these working
on another system out yet. They didn't work on my first system tried.
* `00-AllowUpgradesWithUnsupportedTPMOrCPU.reg` - the official Microsoft
- `00-AllowUpgradesWithUnsupportedTPMOrCPU.reg` - the official Microsoft
recommendation and the only one that should be used. If after reboot
nothing happens, maybe try the rest rebooting every failure.
* https://support.microsoft.com/windows/windows-11-n-asentaminen-e0edbbfb-cfc5-4011-868b-2ce77ac7c70e
* `01-LabConfig.reg` - widely reported to work
* `01-Setup.reg` - ^
* `02-DevRing.reg` - after joining the Insider program, this should enforce
- https://support.microsoft.com/windows/windows-11-n-asentaminen-e0edbbfb-cfc5-4011-868b-2ce77ac7c70e
- `01-LabConfig.reg` - widely reported to work
- `01-Setup.reg` - ^
- `02-DevRing.reg` - after joining the Insider program, this should enforce
joining to Dev ring which should offer Windows 11 instantly. It may be
advisable to leave after successful update.

BIN
Windows/CVE-2018-3639.reg Executable file → Normal file
View File

Binary file not shown.

24
Windows/DoH/README.md
View File

@ -2,25 +2,25 @@
Requires Windows 11.
* `GPO-EnforceDoH.reg` enables the group policy to require DoH. However it
- `GPO-EnforceDoH.reg` enables the group policy to require DoH. However it
didn't seem to work for me or it allowed me to set the DNS server to not
use DoH.
* `DohWellKnownServers` adds DoH support for multiple IPv4 & IPv6 addresses
- `DohWellKnownServers` adds DoH support for multiple IPv4 & IPv6 addresses
that Windows 11 isn't shipping by default, currently:
* Adguard
* Cloudflare antimalware
* DNS0 (& Zero)
* Mullvad
* Mullvad Adblock
* Quad9 ECS (Windows 11 defaults include Quad9 default)
- Adguard
- Cloudflare antimalware
- DNS0 (& Zero)
- Mullvad
- Mullvad Adblock
- Quad9 ECS (Windows 11 defaults include Quad9 default)
## Configuration
Once Windows knows about the DoH servers (DohWellKnownServers.reg), DNS-over
HTTPS can be enabled for:
* All networks: `Windows-I (Settings) -> Network & Internet -> Advanced network settings -> WLAN -> View additional properties -> DNS Server assignment -> Edit`
* Same place for Ethernet etc.
* Specific network: `Windows-I (Settings) -> Network & Internet -> WiFi -> Connected SSID -> DNS server assignment -> Edit`
* Note: if the all networks one is configured, there is a warning about it not being used.
- All networks: `Windows-I (Settings) -> Network & Internet -> Advanced network settings -> WLAN -> View additional properties -> DNS Server assignment -> Edit`
- Same place for Ethernet etc.
- Specific network: `Windows-I (Settings) -> Network & Internet -> WiFi -> Connected SSID -> DNS server assignment -> Edit`
- Note: if the all networks one is configured, there is a warning about it not being used.

8
Windows/IPv6.reg.markdown
View File

@ -1,8 +1,8 @@
Some kind of explaining for [IPv6.reg](IPv6.reg) like
[Windows.reg](Windows.reg) which includes this file has.
* Resolve IPv6 even without native connectivity.
* Enable Teredo
* As EnterpriseClient so it also works when joined into domain.
* Use `teredo.trex.fi` as Teredo server. This should be replaced with
- Resolve IPv6 even without native connectivity.
- Enable Teredo
- As EnterpriseClient so it also works when joined into domain.
- Use `teredo.trex.fi` as Teredo server. This should be replaced with
something that is as near as possible.

40
Windows/Windows.reg.markdown
View File

@ -7,11 +7,11 @@ Windows Registry Editor Version 5.00
"ConsentPromptBehaviorUser"=dword:00000001
```
* Make the file Windows Registry Editor script
* Ask admins for password/PIN in UAC
* 2 would ask for yes or no, 0 disable entirely (don't do that).
* prompt standard users for username and password. 2021-12-19: I don't understand this or the line below.
* The other option (1) doesn't even give them UAC prompt so you must
- Make the file Windows Registry Editor script
- Ask admins for password/PIN in UAC
- 2 would ask for yes or no, 0 disable entirely (don't do that).
- prompt standard users for username and password. 2021-12-19: I don't understand this or the line below.
- The other option (1) doesn't even give them UAC prompt so you must
always login as admin to do anything.
```
@ -24,13 +24,13 @@ Windows Registry Editor Version 5.00
"EnableFirstLogonAnimation"=dword:00000000
```
* Display the user list.
* Allows shutdown without being logged in
* Allows undocking without logging in
* Shows verbose information on login (starting service...)
* Shows output of startup scripts
* Shows output of shutdown scripts
* Disables the first logon animation on Windows 8 and newer
- Display the user list.
- Allows shutdown without being logged in
- Allows undocking without logging in
- Shows verbose information on login (starting service...)
- Shows output of startup scripts
- Shows output of shutdown scripts
- Disables the first logon animation on Windows 8 and newer
```
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\TimeZoneInformation]
@ -38,16 +38,16 @@ Windows Registry Editor Version 5.00
"RealTimeIsUniversal"=qword:00000001
```
* Sets hardware clock to UTC time (doesn't affect system clock!)
* qword for 64-bit, dword for 32-bit systems. The actual reg file has
only qword as I haven't seen 32-bit Windowses lately.
- Sets hardware clock to UTC time (doesn't affect system clock!)
- qword for 64-bit, dword for 32-bit systems. The actual reg file has
only qword as I haven't seen 32-bit Windowses lately.
```
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters]
"AddrConfigControl"=dword:00000000
```
* be able to resolve IPv6 even when connection isn't native.
- be able to resolve IPv6 even when connection isn't native.
```
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TCPIP\v6Transition]
@ -56,13 +56,13 @@ Windows Registry Editor Version 5.00
"Teredo_ServerName"="teredo.trex.fi"
```
* Enable Teredo
* Enable Teredo even when joined to domain.
* Use `teredo.trex.fi` as Teredo server as it's in Finland where I am.
- Enable Teredo
- Enable Teredo even when joined to domain.
- Use `teredo.trex.fi` as Teredo server as it's in Finland where I am.
```
[HKEY_USERS\.DEFAULT\Control Panel\Keyboard]
"InitialKeyboardIndicators"="2147483650"
```
* Enable numlock on boot.
- Enable numlock on boot.

35
Windows/time/README.md
View File

@ -6,33 +6,32 @@ w32tm /resync
w32tm /query /peers
```
* The list is space separated NTP servers, while I think Windows uses SNTP instead
- The list is space separated NTP servers, while I think Windows uses SNTP instead
of NTP.
* `/resync` may sync current time, but is also required for the GUI
- `/resync` may sync current time, but is also required for the GUI
(Windows + I, Date & time) and following command to get aware of peers.
* Shows where time is synced from and statistics.
* There is also `net time` to sync, I am unsure of the differences while
- Shows where time is synced from and statistics.
- There is also `net time` to sync, I am unsure of the differences while
that may be blocked while the second keeps working. It may also not
show all the peers, just the primary one, while `w32tm` is more verbose
and has all of them.
* As Windows doesn't support NTS and probably won't in near future, there is
- As Windows doesn't support NTS and probably won't in near future, there is
no point in listing distant foreign servers.
## Variations
Variations of the timeserver setting command to be kept at hand
### DNA
*Including Moi*
_Including Moi_
```
w32tm /config /syncfromflags:manual /manualpeerlist:"time.cloudflare.com ntp.dnainternet.fi time.mikes.fi time1.mikes.fi time2.mikes.fi time3.mikes.fi pool.ntp.org"
```
* https://www.dna.fi/liikennerajoitukset
* https://asiakaspalvelu.moi.fi/hc/fi/articles/360029789832-Mitk%C3%A4-ovat-Moin-palvelinosoitteet-
- https://www.dna.fi/liikennerajoitukset
- https://asiakaspalvelu.moi.fi/hc/fi/articles/360029789832-Mitk%C3%A4-ovat-Moin-palvelinosoitteet-
### Elisa
@ -40,22 +39,22 @@ w32tm /config /syncfromflags:manual /manualpeerlist:"time.cloudflare.com ntp.dna
w32tm /config /syncfromflags:manual /manualpeerlist:"time.cloudflare.com ntp1.kolumbus.fi ntp2.kolumbus.fi ntp.saunalahti.fi time.mikes.fi time1.mikes.fi time2.mikes.fi time3.mikes.fi pool.ntp.org"
```
* https://elisa.fi/asiakaspalvelu/ohje/tiedonsiirtoportit-porttiohjaukset-palvelimet/
- https://elisa.fi/asiakaspalvelu/ohje/tiedonsiirtoportit-porttiohjaukset-palvelimet/
## Information about servers
* https://www.cloudflare.com/time/
* https://www.netnod.se/nts/network-time-security
* https://www.vttresearch.com/fi/palvelut/suomen-aika-ntp-palvelu#julkinen
* https://www.ntppool.org/use.html
* Also mentions the syntax for multiple servers, but considering this Elisa
- https://www.cloudflare.com/time/
- https://www.netnod.se/nts/network-time-security
- https://www.vttresearch.com/fi/palvelut/suomen-aika-ntp-palvelu#julkinen
- https://www.ntppool.org/use.html
- Also mentions the syntax for multiple servers, but considering this Elisa
list has so many servers I am only picking one pool address just in case
the others somehow fail.
## Additional reading
* Above links
* https://jasoncoltrin.com/2018/08/02/how-to-set-clock-time-on-ad-domain-controller-and-sync-windows-clients/
* this file might not exist without this post, while it doesn't mention
- Above links
- https://jasoncoltrin.com/2018/08/02/how-to-set-clock-time-on-ad-domain-controller-and-sync-windows-clients/
- this file might not exist without this post, while it doesn't mention
multiple servers, uses `time.windows.com` and I am yet to actually touch
NTP on Windows Server environment.

84
conf/conky/conky.conf
View File

@ -19,48 +19,48 @@ the Free Software Foundation, either version 3 of the License, or
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
along with this program. If not, see <http://www.gnu.org/licenses/>.
]]
conky.config = {
alignment = 'top_left',
background = true,
border_width = 1,
cpu_avg_samples = 2,
default_color = '#dedede',
default_outline_color = '#dedede',
default_shade_color = '#dedede',
draw_borders = true,
draw_graph_borders = true,
draw_outline = false,
draw_shades = false,
use_xft = true,
font = 'DejaVu Sans Mono:size=8',
gap_x = 6,
gap_y = 28,
minimum_height = 5,
minimum_width = 5,
net_avg_samples = 2,
no_buffers = true,
out_to_console = false,
out_to_stderr = false,
extra_newline = false,
own_window = true,
own_window_transparent = false,
own_window_argb_visual = true,
own_window_argb_value = 95,
own_window_class = 'Conky',
own_window_type = 'override',
stippled_borders = 0,
update_interval = 5,
uppercase = false,
use_spacer = 'none',
show_graph_scale = false,
show_graph_range = false,
double_buffer = true
alignment = 'top_left',
background = true,
border_width = 1,
cpu_avg_samples = 2,
default_color = '#dedede',
default_outline_color = '#dedede',
default_shade_color = '#dedede',
draw_borders = true,
draw_graph_borders = true,
draw_outline = false,
draw_shades = false,
use_xft = true,
font = 'DejaVu Sans Mono:size=8',
gap_x = 6,
gap_y = 28,
minimum_height = 5,
minimum_width = 5,
net_avg_samples = 2,
no_buffers = true,
out_to_console = false,
out_to_stderr = false,
extra_newline = false,
own_window = true,
own_window_transparent = false,
own_window_argb_visual = true,
own_window_argb_value = 95,
own_window_class = 'Conky',
own_window_type = 'override',
stippled_borders = 0,
update_interval = 5,
uppercase = false,
use_spacer = 'none',
show_graph_scale = false,
show_graph_range = false,
double_buffer = true
}
conky.text = [[
@ -72,16 +72,16 @@ ${color grey}Frequency (in GHz):$color $freq_g
${color grey}RAM Usage:$color $mem/$memmax - $memperc% ${membar 4}
${color grey}Swap Usage:$color $swap/$swapmax - $swapperc% ${swapbar 4}
${color grey}CPU Usage:$color $cpu% ${cpubar 4}
${color grey}Processes:$color $processes ${color grey}Running:$color $running_processes
${color grey}Processes:$color $processes ${color grey}Running:$color $running_processes
$hr
${color grey}File systems:
/ $color${fs_used /}/${fs_size /} ${fs_bar 6 /}
/ $color${fs_used /}/${fs_size /} ${fs_bar 6 /}
${color grey} /home $color${fs_used /home}/${fs_size /home} ${fs_bar 6 /}
${color grey}HDD Temperature:${color} $hddtemp °C
${color grey}Networking:
eth0 Up:$color ${upspeed eth0} ${color grey} - Down:$color ${downspeed eth0}
${color grey}wlan0 Up:$color ${upspeed wlan0} ${color grey} - Down:$color ${downspeed wlan0}
${color grey}yggdrasil Up:$color ${upspeed yggdrasil} ${color grey} - Down:$color ${downspeed yggdrasil}
eth0 Up:$color ${upspeed eth0} ${color grey} - Down:$color ${downspeed eth0}
${color grey}wlan0 Up:$color ${upspeed wlan0} ${color grey} - Down:$color ${downspeed wlan0}
${color grey}yggdrasil Up:$color ${upspeed yggdrasil} ${color grey} - Down:$color ${downspeed yggdrasil}
$hr
${color grey}Sensors${color}
${execpi 60 sensors|grep °}

98
conf/i3/config
View File

@ -1,9 +1,9 @@
# Packages expected (just break line-length!):
# Debian: i3 suckless-tools j4-dmenu-desktop gnome-screenshot i3lock sudo hibernate playerctl galculator network-manager-gnome redshift-gtk x11-xserver-utils feh rofi libnotify-bin xcompmgr konsole fonts-dejavu dbus-x11 arandr numlockx fcitx-bin fcitx-mozc conky-all flatpak apparmor-notify caffeine kdocker mumble audacious telegram-desktop steam htop kdeconnect nextcloud-client parcimonie lxqt-powermanagement kteatime hsetroot tmux
# ALSA: alsa-utils apulse coreutils pnmixer
# NOTE! apulse is a wrapper and `apulse` is put in front of pulseaudio
# requiring app. See also (shell-things) rc/asoundrc for USB headset and
# similar.
# NOTE! apulse is a wrapper and `apulse` is put in front of pulseaudio
# requiring app. See also (shell-things) rc/asoundrc for USB headset and
# similar.
# pulseaudio: pulseaudio-utils pasystray pulsemixer pavucontrol pulseeffects
# insync: https://www.insynchq.com/downloads
# Mullvad: https://mullvad.net/download
@ -15,7 +15,7 @@
# Debian theming: lxappearance gtk-chtheme qt4-qtconfig qt5ct
# https://askubuntu.com/a/600946
# + ~/.xprofile specifies GTK_THEME which hopefully gets detected/understood
# by browsers etc.
# by browsers etc.
#
# YES! This file is a monster and there really are that many weird
# packages!
@ -50,7 +50,7 @@ set $ScreenLockCmd i3lock -c 000000 -p win -f
# This font is widely installed, provides lots of unicode glyphs, right-to-left
# text rendering and scalability on retina/hidpi displays (thanks to pango).
# NOTE! Bigger font than 8 is too big for Kincarron
# 7 is too big for Sedric with dpi scaling 144
# 7 is too big for Sedric with dpi scaling 144
#font pango:DejaVu Sans Mono Book 7
font pango:OpenDyslexic 9
@ -192,27 +192,27 @@ bindsym $mod+Shift+e exec "i3-nagbar -t warning -m 'You pressed the EXIT shortcu
# resize window (you can also use the mouse for that)
mode "resize" {
# These bindings trigger as soon as you enter the resize mode
# These bindings trigger as soon as you enter the resize mode
# Pressing left will shrink the windows width.
# Pressing right will grow the windows width.
# Pressing up will shrink the windows height.
# Pressing down will grow the windows height.
bindsym j resize shrink width 10 px or 10 ppt
bindsym k resize grow height 10 px or 10 ppt
bindsym l resize shrink height 10 px or 10 ppt
bindsym odiaeresis resize grow width 10 px or 10 ppt
# Pressing left will shrink the windows width.
# Pressing right will grow the windows width.
# Pressing up will shrink the windows height.
# Pressing down will grow the windows height.
bindsym j resize shrink width 10 px or 10 ppt
bindsym k resize grow height 10 px or 10 ppt
bindsym l resize shrink height 10 px or 10 ppt
bindsym odiaeresis resize grow width 10 px or 10 ppt
# same bindings, but for the arrow keys
bindsym Left resize shrink width 10 px or 10 ppt
bindsym Down resize grow height 10 px or 10 ppt
bindsym Up resize shrink height 10 px or 10 ppt
bindsym Right resize grow width 10 px or 10 ppt
# same bindings, but for the arrow keys
bindsym Left resize shrink width 10 px or 10 ppt
bindsym Down resize grow height 10 px or 10 ppt
bindsym Up resize shrink height 10 px or 10 ppt
bindsym Right resize grow width 10 px or 10 ppt
# back to normal: Enter or Escape or $mod+r
bindsym Return mode "default"
bindsym Escape mode "default"
bindsym $mod+r mode "default"
# back to normal: Enter or Escape or $mod+r
bindsym Return mode "default"
bindsym Escape mode "default"
bindsym $mod+r mode "default"
}
bindsym $mod+r mode "resize"
@ -277,30 +277,30 @@ set $br_violet #b891f5
# Start i3bar to display a workspace bar (plus the system information i3status
# finds out, if available) CHANGEME
bar {
position top
#status_command LC_ALL=fi_FI.utf8 i3status
# Temporary workaround to broken i3status in Fedora
status_command LC_ALL=fi_FI.utf8 i3status-rs ~/.config/i3status-rs/config.toml
# Selenized black from https://github.com/jan-warchol/selenized/blob/master/other-apps/i3/i3-selenized-black.conf
colors {
separator $blue
background $bg
statusline $br_white
focused_workspace $green $green $bg
active_workspace $cyan $blue $black
inactive_workspace $black $black $fg
urgent_workspace $yellow $yellow $black
}
# Selenized light from https://github.com/jan-warchol/selenized/blob/master/other-apps/i3/i3-selenized-light.conf
#colors {
# separator $blue
# background $bg
# statusline $br_white
# focused_workspace $green $green $bg
# active_workspace $cyan $blue $black
# inactive_workspace $black $black $fg
# urgent_workspace $yellow $yellow $black
# }
position top
#status_command LC_ALL=fi_FI.utf8 i3status
# Temporary workaround to broken i3status in Fedora
status_command LC_ALL=fi_FI.utf8 i3status-rs ~/.config/i3status-rs/config.toml
# Selenized black from https://github.com/jan-warchol/selenized/blob/master/other-apps/i3/i3-selenized-black.conf
colors {
separator $blue
background $bg
statusline $br_white
focused_workspace $green $green $bg
active_workspace $cyan $blue $black
inactive_workspace $black $black $fg
urgent_workspace $yellow $yellow $black
}
# Selenized light from https://github.com/jan-warchol/selenized/blob/master/other-apps/i3/i3-selenized-light.conf
#colors {
# separator $blue
# background $bg
# statusline $br_white
# focused_workspace $green $green $bg
# active_workspace $cyan $blue $black
# inactive_workspace $black $black $fg
# urgent_workspace $yellow $yellow $black
# }
}
# Selenized black from https://github.com/jan-warchol/selenized/blob/master/other-apps/i3/i3-selenized-black.conf
@ -486,7 +486,7 @@ exec --no-startup-id redshift-gtk -l 60.15937:24.87530
#exec --no-startup-id redshift-gtk -l 60.46742:26.94508
# Sedric - 150 % display scaling (HiDPI), see also `xdpyinfo | grep resolution
# where 96 = 100 %
# where 96 = 100 %
#exec --no-startup-id xrandr --dpi 144
# Sedric, external GPU as primary
@ -535,5 +535,5 @@ exec --no-startup-id redshift-gtk -l 60.15937:24.87530
# Special keyboard options that WILL CONFUSE YOU.
# windows+space should change layout, but doesn't, both ctrls do
# fi allows mostly typing fi/se (identicatal), cz/es.
# See also: `man xkeyboard-config` (layouts) `setxkbmap -query` (for current options)
# See also: `man xkeyboard-config` (layouts) `setxkbmap -query` (for current options)
exec --no-startup-id setxkbmap -option compose:menu -option terminate:ctrl_alt_bksp -option nbsp:none -option caps:backspace -option shift:both_capslock -option grp:ctrls_toggle -option grp:win_space_toggle -layout fi,us,epo,ru -variant ,altgr-intl,,phonetic_winkeys

4
conf/i3status-rs/config.toml
View File

@ -2,10 +2,10 @@
# based heavily on /usr/share/doc/i3status-rs/example_config.toml & https://github.com/greshake/i3status-rust/tree/master/examples
# and manpage from search engine
# Note: I am not confident that "irstatus-rs" and "i3status-rust" are the same
# software.
# software.
# WIP: migration from i3status
# contains: (disk /, disk/home,) load, ipv6, wireless, ethernet, battery, volume, (utc) time, (local time)
# contains: (disk /, disk/home,) load, ipv6, wireless, ethernet, battery, volume, (utc) time, (local time)
[theme]
name = "solarized-dark"

116
conf/i3status/config
View File

@ -7,21 +7,21 @@
# If the above line is not correctly displayed, fix your editor first!
general {
output_format = "i3bar"
colors = true
# 1 is horrible with battery status and possibly unnecessary
# weight for older devices. 5 appears to be Debian default, and I
# guess it's enough often for seeing if the system is frozen when
# staring at a clock.
interval = 5
# Selenized black from https://github.com/jan-warchol/selenized/blob/master/other-apps/i3/i3status-selenized-black.conf
color_good = "#70b433"
color_degraded = "#dbb32d"
color_bad = "#ed4a46"
# Selenized light from https://github.com/jan-warchol/selenized/blob/master/other-apps/i3/i3status-selenized-light.conf
#color_good = "#489100"
#color_degraded = "#ad8900"
#color_bad = "#d2212d"
output_format = "i3bar"
colors = true
# 1 is horrible with battery status and possibly unnecessary
# weight for older devices. 5 appears to be Debian default, and I
# guess it's enough often for seeing if the system is frozen when
# staring at a clock.
interval = 5
# Selenized black from https://github.com/jan-warchol/selenized/blob/master/other-apps/i3/i3status-selenized-black.conf
color_good = "#70b433"
color_degraded = "#dbb32d"
color_bad = "#ed4a46"
# Selenized light from https://github.com/jan-warchol/selenized/blob/master/other-apps/i3/i3status-selenized-light.conf
#color_good = "#489100"
#color_degraded = "#ad8900"
#color_bad = "#d2212d"
}
# Logicish: colour changing things at first (load is often red especially
@ -44,50 +44,50 @@ order += "time"
# Load is first as the treshold may need the most modification here
load {
format = "%1min %5min %15min"
# Defaults to 5, nosmt MDS mitigation disables ½ of the cores
# X,7 ? https://scoutapm.com/blog/understanding-load-averages
# CHANGEME - apparently whether . or , works depends on locale -.-
# Rbtpzn, the oldest machine from 2006, single core
#max_threshold = "0,7"
# Dualcore, mostly everything else
max_threshold = "1,7"
# Zaldaryn, quadcore
#max_threshold = "3,7"
format = "%1min %5min %15min"
# Defaults to 5, nosmt MDS mitigation disables ½ of the cores
# X,7 ? https://scoutapm.com/blog/understanding-load-averages
# CHANGEME - apparently whether . or , works depends on locale -.-
# Rbtpzn, the oldest machine from 2006, single core
#max_threshold = "0,7"
# Dualcore, mostly everything else
max_threshold = "1,7"
# Zaldaryn, quadcore
#max_threshold = "3,7"
}
wireless _first_ {
#format_up = "W: (%quality at %essid, %bitrate / %frequency) %ip"
format_up = "W:%quality @ %essid (%frequency, %bitrate)"
#format_up = "W:%quality %frequency"
#format_down = "W:🢃"
format_down = ""
#format_quality = "%3d%s"
#format_up = "W: (%quality at %essid, %bitrate / %frequency) %ip"
format_up = "W:%quality @ %essid (%frequency, %bitrate)"
#format_up = "W:%quality %frequency"
#format_down = "W:🢃"
format_down = ""
#format_quality = "%3d%s"
}
ethernet _first_ {
# if you use %speed, i3status requires root privileges
#format_up = "E: %ip (%speed)"
#format_up = "E:🢁"
format_up = "E:%speed"
#format_down = "E:🢃"
format_down = ""
# if you use %speed, i3status requires root privileges
#format_up = "E: %ip (%speed)"
#format_up = "E:🢁"
format_up = "E:%speed"
#format_down = "E:🢃"
format_down = ""
}
battery all {
# %remaining looks horrible especially with updating every second
format = "🔌%status %percentage %remaining"
format_down = ""
status_full = "🔌☻"
#status_unk = "?"
# kincarron battery fix
#path = "/sys/class/power_supply/%d/uevent"
# %remaining looks horrible especially with updating every second
format = "🔌%status %percentage %remaining"
format_down = ""
status_full = "🔌☻"
#status_unk = "?"
# kincarron battery fix
#path = "/sys/class/power_supply/%d/uevent"
}
tztime utc {
timezone = "UTC"
# ISO 8601ish
format = "%Z: %Y-%m-%d %H:%M:%S%z"
timezone = "UTC"
# ISO 8601ish
format = "%Z: %Y-%m-%d %H:%M:%S%z"
}
# Date format explanations
@ -106,29 +106,29 @@ tztime utc {
#tztime local {
time {
# Finnishish formatting with my adjustments
format = "%G-W%V-%u (%j/%a/%B) %F %H.%M.%S%z"
# Finnishish formatting with my adjustments
format = "%G-W%V-%u (%j/%a/%B) %F %H.%M.%S%z"
}
volume master {
format = "♪: %volume"
format_muted = "♪: muted (%volume)"
#device = "pulse"
format = "♪: %volume"
format_muted = "♪: muted (%volume)"
#device = "pulse"
}
ipv6 {
#format_up = "IPv6:🢁"
format_up = "6"
#format_down = "IPv6:🢃"
format_down = ""
#format_up = "IPv6:🢁"
format_up = "6"
#format_down = "IPv6:🢃"
format_down = ""
}
# %avail vs %free: https://github.com/i3/i3status/issues/349#issuecomment-506565599
disk / {
format = "/: %avail"
format = "/: %avail"
}
disk /home {
format = "/home: %avail"
format = "/home: %avail"
}

1
conf/init.vim
View File

@ -3,4 +3,3 @@
set runtimepath^=~/.vim runtimepath+=~/.vim/after
let &packpath = &runtimepath
source ~/.vimrc

8
conf/pastebinit.xml
View File

@ -1,6 +1,6 @@
<pastebinit>
<pastebin>http://sprunge.us</pastebin>
<author></author>
<jabberid></jabberid>
<format>text</format>
<pastebin>http://sprunge.us</pastebin>
<author></author>
<jabberid></jabberid>
<format>text</format>
</pastebinit>

214
conf/pipewire/media-session.d/alsa-monitor.conf
View File

@ -6,130 +6,130 @@
# then restart pipewire and pipewire-pulse like so: systemctl --user restart pipewire pipewire-pulse
properties = {
# Create a JACK device. This is not enabled by default because
# it requires that the PipeWire JACK replacement libraries are
# not used by the session manager, in order to be able to
# connect to the real JACK server.
#alsa.jack-device = false
# Create a JACK device. This is not enabled by default because
# it requires that the PipeWire JACK replacement libraries are
# not used by the session manager, in order to be able to
# connect to the real JACK server.
#alsa.jack-device = false
# Reserve devices.
#alsa.reserve = true
# Reserve devices.
#alsa.reserve = true
}
rules = [
# An array of matches/actions to evaluate.
{
# Rules for matching a device or node. It is an array of
# properties that all need to match the regexp. If any of the
# matches work, the actions are executed for the object.
matches = [
{
# This matches all cards. These are regular expressions
# so "." matches one character and ".*" matches many.
device.name = "~alsa_card.*"
}
]
actions = {
# Actions can update properties on the matched object.
update-props = {
# Use ALSA-Card-Profile devices. They use UCM or
# the profile configuration to configure the device
# and mixer settings.
api.alsa.use-acp = true
# An array of matches/actions to evaluate.
{
# Rules for matching a device or node. It is an array of
# properties that all need to match the regexp. If any of the
# matches work, the actions are executed for the object.
matches = [
{
# This matches all cards. These are regular expressions
# so "." matches one character and ".*" matches many.
device.name = "~alsa_card.*"
}
]
actions = {
# Actions can update properties on the matched object.
update-props = {
# Use ALSA-Card-Profile devices. They use UCM or
# the profile configuration to configure the device
# and mixer settings.
api.alsa.use-acp = true
# Use UCM instead of profile when available. Can be
# disabled to skip trying to use the UCM profile.
#api.alsa.use-ucm = true
# Use UCM instead of profile when available. Can be
# disabled to skip trying to use the UCM profile.
#api.alsa.use-ucm = true
# Don't use the hardware mixer for volume control. It
# will only use software volume. The mixer is still used
# to mute unused paths based on the selected port.
#api.alsa.soft-mixer = false
# Don't use the hardware mixer for volume control. It
# will only use software volume. The mixer is still used
# to mute unused paths based on the selected port.
#api.alsa.soft-mixer = false
# Ignore decibel settings of the driver. Can be used to
# work around buggy drivers that report wrong values.
#api.alsa.ignore-dB = false
# Ignore decibel settings of the driver. Can be used to
# work around buggy drivers that report wrong values.
#api.alsa.ignore-dB = false
# The profile set to use for the device. Usually this is
# "default.conf" but can be changed with a udev rule
# or here.
#device.profile-set = "profileset-name.conf"
# The profile set to use for the device. Usually this is
# "default.conf" but can be changed with a udev rule
# or here.
#device.profile-set = "profileset-name.conf"
# The default active profile. Is by default set to "Off".
#device.profile = "default profile name"
# The default active profile. Is by default set to "Off".
#device.profile = "default profile name"
# Automatically select the best profile. This is the
# highest priority available profile. This is disabled
# here and instead implemented in the session manager
# where it can save and load previous preferences.
api.acp.auto-profile = false
# Automatically select the best profile. This is the
# highest priority available profile. This is disabled
# here and instead implemented in the session manager
# where it can save and load previous preferences.
api.acp.auto-profile = false
# Automatically switch to the highest priority available
# port. This is disabled here and implemented in the
# session manager instead.
api.acp.auto-port = false
# Automatically switch to the highest priority available
# port. This is disabled here and implemented in the
# session manager instead.
api.acp.auto-port = false
# Other properties can be set here.
#device.nick = "My Device"
}
}
}
# Other properties can be set here.
#device.nick = "My Device"
}
}
}
# Begin customized config section
{
matches = [
{
# This matches your USB headset
device.name = "alsa_card.usb-Logitech_Logitech_USB_Headset-00"
}
]
actions = {
# Actions can update properties on the matched object.
update-props = {
api.alsa.soft-mixer = true
}
}
}
{
matches = [
{
# This matches your USB headset
device.name = "alsa_card.usb-Logitech_Logitech_USB_Headset-00"
}
]
actions = {
# Actions can update properties on the matched object.
update-props = {
api.alsa.soft-mixer = true
}
}
}
#End customized config section
{
matches = [
{
# Matches all sources. These are regular expressions
# so "." matches one character and ".*" matches many.
node.name = "~alsa_input.*"
}
{
# Matches all sinks.
node.name = "~alsa_output.*"
}
]
actions = {
update-props = {
#node.nick = "My Node"
#node.nick = null
#priority.driver = 100
#priority.session = 100
node.pause-on-idle = false
#resample.quality = 4
#channelmix.normalize = false
#channelmix.mix-lfe = false
#audio.channels = 2
#audio.format = "S16LE"
#audio.rate = 44100
#audio.position = "FL,FR"
#session.suspend-timeout-seconds = 5 # 0 disables suspend
#monitor.channel-volumes = false
{
matches = [
{
# Matches all sources. These are regular expressions
# so "." matches one character and ".*" matches many.
node.name = "~alsa_input.*"
}
{
# Matches all sinks.
node.name = "~alsa_output.*"
}
]
actions = {
update-props = {
#node.nick = "My Node"
#node.nick = null
#priority.driver = 100
#priority.session = 100
node.pause-on-idle = false
#resample.quality = 4
#channelmix.normalize = false
#channelmix.mix-lfe = false
#audio.channels = 2
#audio.format = "S16LE"
#audio.rate = 44100
#audio.position = "FL,FR"
#session.suspend-timeout-seconds = 5 # 0 disables suspend
#monitor.channel-volumes = false
#api.alsa.period-size = 1024
#api.alsa.headroom = 0
#api.alsa.start-delay = 0
#api.alsa.disable-mmap = false
#api.alsa.disable-batch = false
#api.alsa.use-chmap = false
}
}
}
#api.alsa.period-size = 1024
#api.alsa.headroom = 0
#api.alsa.start-delay = 0
#api.alsa.disable-mmap = false
#api.alsa.disable-batch = false
#api.alsa.use-chmap = false
}
}
}
]

28
conf/sway/README.md
View File

@ -21,11 +21,11 @@ Apparently Adwaita must be set to dark theme in `gnome-control-center`
Using the same apps and `gnome-tweaks` (as there are probably a lot of
methods setting fonts):
* User-interface text: Noto Serif Regular 10
* Document text: Noto Serif Regular 11
* Monospace text: Noto Sans Mono Regular 10
* Legacy window title text: Noto Serif Bold 11
* Apparently this means "apps that don't use client-side decorations"
- User-interface text: Noto Serif Regular 10
- Document text: Noto Serif Regular 11
- Monospace text: Noto Sans Mono Regular 10
- Legacy window title text: Noto Serif Bold 11
- Apparently this means "apps that don't use client-side decorations"
The number behind is obviously the number and it's based on what were the
defaults before I touched them so I am hoping GNOME knows what they are
@ -41,10 +41,10 @@ have trouble handling it, e.g. mpv (makes Ä and Ö and Å all Å) and Firefox
Other font settings in GNOME-Tweak:
* Hinting: *a bit*
* for no particular reason
* Antialiasing: *Subpixel (for LCD-displays)*
* I have no idea where there are "standard grayscale" displays that aren't
- Hinting: _a bit_
- for no particular reason
- Antialiasing: _Subpixel (for LCD-displays)_
- I have no idea where there are "standard grayscale" displays that aren't
LCD.
### Screen mirroring
@ -53,9 +53,9 @@ Other font settings in GNOME-Tweak:
Workarounds:
* Use VNC (see my Scripts repo [`bash/swaymirror.bash`](https://gitea.blesmrt.net/mikaela/scripts/src/branch/master/bash/swaymirror.bash))
* Do something weird with OBS
* Use a dedicated application that don't seem to be in Fedora repos, flatpak
- Use VNC (see my Scripts repo [`bash/swaymirror.bash`](https://gitea.blesmrt.net/mikaela/scripts/src/branch/master/bash/swaymirror.bash))
- Do something weird with OBS
- Use a dedicated application that don't seem to be in Fedora repos, flatpak
or snap.
* [github.com/Ferdi265/wl-mirror](https://github.com/Ferdi265/wl-mirror)
* [github.com/progandy/wdomirror](https://github.com/progandy/wdomirror)
- [github.com/Ferdi265/wl-mirror](https://github.com/Ferdi265/wl-mirror)
- [github.com/progandy/wdomirror](https://github.com/progandy/wdomirror)

30
conf/sway/config.d/README.md
View File

@ -4,24 +4,24 @@
Thus this `README.md` is not read, even if I happened to carelessly
copy-paste it in.
* `autostart-communication.conf` - chat/communication apps I am expected to have
- `autostart-communication.conf` - chat/communication apps I am expected to have
open or at least check at times
* `autostart-fineid.conf` - Finnish electric identity card, that I also use as SSH key
* `autostart-utilities.conf` - general utilities, like `nm-applet` or VPN etc.
* `grimshot.conf` - screenshotting keybinds using `grimshot`
* `i3-selenized-dark.conf` - selenized dark colour scheme
* `keyboard.conf` - keyboard configuration
* `media.conf` - media key configuration and autostarts related to it
* `pointer-accel.conf` - pointer/mouse configuration, mainly setting acceleration
- `autostart-fineid.conf` - Finnish electric identity card, that I also use as SSH key
- `autostart-utilities.conf` - general utilities, like `nm-applet` or VPN etc.
- `grimshot.conf` - screenshotting keybinds using `grimshot`
- `i3-selenized-dark.conf` - selenized dark colour scheme
- `keyboard.conf` - keyboard configuration
- `media.conf` - media key configuration and autostarts related to it
- `pointer-accel.conf` - pointer/mouse configuration, mainly setting acceleration
profile to `flat`
* `README.md` - you are currently reading this :wink:
* `sedric.conf` - configuration specific to my laptop hostnamed `sedric`
* `swaybar.conf` - `swaybar` configuration
* `swayidle.conf` - `swayidle` configuration/autostart
* `wlsunset-kotka.conf` - `wlsunset` configuration/autostart for my hometown for when
- `README.md` - you are currently reading this :wink:
- `sedric.conf` - configuration specific to my laptop hostnamed `sedric`
- `swaybar.conf` - `swaybar` configuration
- `swayidle.conf` - `swayidle` configuration/autostart
- `wlsunset-kotka.conf` - `wlsunset` configuration/autostart for my hometown for when
I happen to visit for longer period of time
* `wlsunset-lauttasaari.conf` - `wlsunset` configuration for my home neighbourhood
* `zz-floating.conf` - configures windows that should float. For some reason
- `wlsunset-lauttasaari.conf` - `wlsunset` configuration for my home neighbourhood
- `zz-floating.conf` - configures windows that should float. For some reason
that is inherited from my `i3` config, it tells to put float rules above the
last line, so it should be read last and `z` is the last letter of English
alphabet so it will hopefully be read last.

14
conf/sway/config.d/swayidle.conf
View File

@ -1,11 +1,11 @@
# Copied from `man swayidle`, except the $ScreenLockCmd that I don't
# want to repeat.
# This will lock your screen after 300 seconds of inactivity, then turn off
# your displays after another 300 seconds, and turn your screens back on
# when resumed. It will also lock your screen before your computer goes to
# sleep.
# This will lock your screen after 300 seconds of inactivity, then turn off
# your displays after another 300 seconds, and turn your screens back on
# when resumed. It will also lock your screen before your computer goes to
# sleep.
exec swayidle -w \
timeout 300 "\"$ScreenLockCmd\"" \
timeout 600 'swaymsg "output * dpms off"' \
timeout 300 "\"$ScreenLockCmd\"" \
timeout 600 'swaymsg "output * dpms off"' \
resume 'swaymsg "output * dpms on"' \
before-sleep "\"$ScreenLockCmd\""
before-sleep "\"$ScreenLockCmd\""

2
conf/tmux-old-ncurses.bash
View File

@ -2,5 +2,5 @@
# Intended for systems with ncurses < 6 which is missing TERMINFO
# for tmux-256color.
if [[ $TERM == 'tmux-256color' ]]; then
export TERM=screen-256color
export TERM=screen-256color
fi

46
conf/waybar/config.json
View File

@ -2,7 +2,17 @@
"layer": "top",
"position": "left",
"modules-left": ["sway/workspaces", "sway/mode"],
"modules-right": ["cpu", "memory", "battery", "pulseaudio", "sway/language", "network", "bluetooth", "tray", "clock"],
"modules-right": [
"cpu",
"memory",
"battery",
"pulseaudio",
"sway/language",
"network",
"bluetooth",
"tray",
"clock"
],
"sway/window": {
"max-length": 50
},
@ -12,10 +22,10 @@
"memory": {
"format": "RAM {percentage}%"
},
"bluetooth": {
"format": "BT {status}",
"format-connected": "BT {device_alias}",
"format-connected-battery": "BT {device_alias} {device_battery_percentage}%"
"bluetooth": {
"format": "BT {status}",
"format-connected": "BT {device_alias}",
"format-connected-battery": "BT {device_alias} {device_battery_percentage}%"
},
"pulseaudio": {
"format": "VOL {volume}%",
@ -26,25 +36,25 @@
"states": {
"warning": 45,
"critical": 20
},
},
"format": "BAT {capacity}%"
},
"sway/language": {
"format": "KBD {short} {variant}",
"on-click": "swaymsg input type:keyboard xkb_switch_layout next"
},
"network": {
//"interface": "wlan0",
"format": "{ifname}",
"format-wifi": "{frequency}G {signalStrength}% {essid}",
"format-ethernet": "{ifname} up",
"format-disconnected": "",
"tooltip-format": "{ifname}",
"tooltip-format-wifi": "{frequency}G {signalStrength}% {essid}",
"tooltip-format-ethernet": "{ifname} up",
"tooltip-format-disconnected": "Disconnected",
"max-length": 50
},
"network": {
//"interface": "wlan0",
"format": "{ifname}",
"format-wifi": "{frequency}G {signalStrength}% {essid}",
"format-ethernet": "{ifname} up",
"format-disconnected": "",
"tooltip-format": "{ifname}",
"tooltip-format-wifi": "{frequency}G {signalStrength}% {essid}",
"tooltip-format-ethernet": "{ifname} up",
"tooltip-format-disconnected": "Disconnected",
"max-length": 50
},
"clock": {
"format": "{:%a. %d.\n%b.\n%Y-%j\n%G-W%V-%u\n%F\n%H.%M.%S}"
}

76
conf/waybar/style.css
View File

@ -1,75 +1,77 @@
/* https://github.com/jan-warchol/selenized/blob/master/other-apps/wofi/selenized-dark.css */
* {
border: none;
border-radius: 0;
font-family: Noto Sans Mono Regular, monospace;
font-size: 10px;
min-height: 0;
border: none;
border-radius: 0;
font-family: Noto Sans Mono Regular, monospace;
font-size: 10px;
min-height: 0;
}
window#waybar {
background: #103c48;
border-bottom: 3px solid rgba(100, 114, 125, 0.5);
color: white;
background: #103c48;
border-bottom: 3px solid rgba(100, 114, 125, 0.5);
color: white;
}
tooltip {
background: rgba(43, 48, 59, 0.5);
border: 1px solid rgba(100, 114, 125, 0.5);
background: rgba(43, 48, 59, 0.5);
border: 1px solid rgba(100, 114, 125, 0.5);
}
tooltip label {
color: white;
color: white;
}
#workspaces button {
padding: 0 5px;
background: #103c48;
color: white;
border-bottom: 3px solid #103c48;
padding: 0 5px;
background: #103c48;
color: white;
border-bottom: 3px solid #103c48;
}
#workspaces button.focused {
background: #64727D;
border-bottom: 3px solid white;
background: #64727d;
border-bottom: 3px solid white;
}
#mode, #clock, #battery {
padding: 0 10px;
#mode,
#clock,
#battery {
padding: 0 10px;
}
#mode {
background: #103c48;
border-bottom: 3px solid white;
background: #103c48;
border-bottom: 3px solid white;
}
#clock {
background-color: #103c48;
background-color: #103c48;
}
#battery {
background-color: #103c48;
color: white;
background-color: #103c48;
color: white;
}
#battery.charging {
color: white;
background-color: #103c48;
color: white;
background-color: #103c48;
}
@keyframes blink {
to {
background-color: #103c48;
color: white;
}
to {
background-color: #103c48;
color: white;
}
}
#battery.warning:not(.charging) {
background: #f53c3c;
color: white;
animation-name: blink;
animation-duration: 0.5s;
animation-timing-function: linear;
animation-iteration-count: infinite;
animation-direction: alternate;
background: #f53c3c;
color: white;
animation-name: blink;
animation-duration: 0.5s;
animation-timing-function: linear;
animation-iteration-count: infinite;
animation-direction: alternate;
}

8
etc/X11/xorg.conf.d/00-keyboard.conf
View File

@ -1,8 +1,8 @@
# Read and parsed by systemd-localed. It's probably wise not to edit this file
# manually too freely.
Section "InputClass"
Identifier "system-keyboard"
MatchIsKeyboard "on"
Option "XkbLayout" "fi"
Option "XkbModel" "compose:menu"
Identifier "system-keyboard"
MatchIsKeyboard "on"
Option "XkbLayout" "fi"
Option "XkbModel" "compose:menu"
EndSection

17
etc/chrony/README.md
View File

@ -25,23 +25,22 @@ assume that means 2.
Note: -N uses names specified in config instead of reverse name lookupping
then.
* `chrony -N activity` - what sources are doing
* `chrony -N authdata` - can show that server uses NTS
* `chrony -N ntpdata` - a lot of data on the servers
* `chronyc offline` - offline mode
* `chronyc online` - reconnects servers
* `chrony -N sources` - used timeservers and their statuses
* `chrony -N tracking` - local status (stratum and own clock etc.)
- `chrony -N activity` - what sources are doing
- `chrony -N authdata` - can show that server uses NTS
- `chrony -N ntpdata` - a lot of data on the servers
- `chronyc offline` - offline mode
- `chronyc online` - reconnects servers
- `chrony -N sources` - used timeservers and their statuses
- `chrony -N tracking` - local status (stratum and own clock etc.)
### nmap
Checking that something is an NTP server? Needs root:
```
nmap -sU -p 123 --script=ntp-info 192.168.0.1
```
Checking that something has NTS?
```

1
etc/chrony/conf.d/nts-server.conf
View File

@ -2,4 +2,3 @@
# Note the port 4460
ntsserverkey /etc/chrony/tls/etro.mikaela.info.key
ntsservercert /etc/chrony/tls/etro.mikaela.info.crt

6
etc/dnscrypt-proxy/README.md
View File

@ -12,6 +12,6 @@ but that way you must trust DNSSEC, CloudFlare and wherever the CNAME
points to who may not have DNSSEC. If you are using this file
(you shouldn't), you are already trusting me.
[dnscrypt-proxy]:https://github.com/jedisct1/dnscrypt-proxy
[Hyperboria]:https://hyperboria.net/
[Yggdrasil]:https://yggdrasil-network.github.io/
[dnscrypt-proxy]: https://github.com/jedisct1/dnscrypt-proxy
[hyperboria]: https://hyperboria.net/
[yggdrasil]: https://yggdrasil-network.github.io/

36
etc/dnscrypt-proxy/dnscrypt-proxy.toml
View File

@ -70,31 +70,31 @@ lb_strategy = 'p2'
# Logging to be enabled by hand on systems needing them
#[query_log]
# file = '/var/log/dnscrypt-proxy/query.log'
# file = '/var/log/dnscrypt-proxy/query.log'
#[nx_log]
# file = '/var/log/dnscrypt-proxy/nx.log'
# file = '/var/log/dnscrypt-proxy/nx.log'
[sources]
[sources.'public-resolvers']
#url = 'https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md'
urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md', 'https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md', 'https://cdn.staticaly.com/gh/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md', 'https://evilvibes.com/list/public-resolvers.md']
cache_file = '/var/cache/dnscrypt-proxy/public-resolvers.md'
minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
refresh_delay = 72
prefix = 'public-'
[sources.'public-resolvers']
#url = 'https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md'
urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md', 'https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md', 'https://cdn.staticaly.com/gh/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md', 'https://evilvibes.com/list/public-resolvers.md']
cache_file = '/var/cache/dnscrypt-proxy/public-resolvers.md'
minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
refresh_delay = 72
prefix = 'public-'
[sources.'opennic']
urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/opennic.md', 'https://download.dnscrypt.info/resolvers-list/v2/opennic.md']
minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
refresh_delay = 72
cache_file = '/var/cache/dnscrypt-proxy/opennic.md'
prefix = 'opennic-'
urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/opennic.md', 'https://download.dnscrypt.info/resolvers-list/v2/opennic.md']
minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
refresh_delay = 72
cache_file = '/var/cache/dnscrypt-proxy/opennic.md'
prefix = 'opennic-'
# 2.0.23 recommended so onions won't be attempted without proxy enabled
# (5c9edfccfe67474bee2836ada67f955f10e43357)
# I won't uncomment this until I have updated version everywhere.
#[sources.'onion-services']
# urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/onion-services.md', 'https://download.dnscrypt.info/resolvers-list/v2/onion-services.md']
# minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
# cache_file = '/var/cache/dnscrypt-proxy/onion-services.md'
# prefix = 'onion-'
# urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/onion-services.md', 'https://download.dnscrypt.info/resolvers-list/v2/onion-services.md']
# minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
# cache_file = '/var/cache/dnscrypt-proxy/onion-services.md'
# prefix = 'onion-'

30
etc/fahclient/config.xml
View File

@ -1,21 +1,21 @@
<config>
<!-- Client Control -->
<client-threads v='2'/>
<fold-anon v='true'/>
<!-- Client Control -->
<client-threads v='2'/>
<fold-anon v='true'/>
<!-- Folding Core -->
<cpu-usage v='50'/>
<gpu-usage v='50'/>
<!-- Folding Core -->
<cpu-usage v='50'/>
<gpu-usage v='50'/>
<!-- Slot Control -->
<power v='MEDIUM'/>
<!-- Slot Control -->
<power v='MEDIUM'/>
<!-- User Information -->
<passkey v=''/>
<team v='201753'/>
<user v='Mikaela'/>
<!-- User Information -->
<passkey v=''/>
<team v='201753'/>
<user v='Mikaela'/>
<!-- Folding Slots -->
<slot id='0' type='CPU'/>
<slot id='1' type='GPU'/>
<!-- Folding Slots -->
<slot id='0' type='CPU'/>
<slot id='1' type='GPU'/>
</config>

4
etc/install
View File

@ -15,8 +15,8 @@ chmod a+r /etc/systemd/system/oidentd.socket
mkdir -p /etc/sysctl.d/
if [ ! -f /etc/sysctl.d/60-mikaela.conf ]; then
cat sysctl.d/60-mikaela.conf > /etc/sysctl.d/60-mikaela.conf
chmod a+r /etc/sysctl.d/60-mikaela.conf
cat sysctl.d/60-mikaela.conf > /etc/sysctl.d/60-mikaela.conf
chmod a+r /etc/sysctl.d/60-mikaela.conf
fi
echo 'If you use systemd or oidentd you should "systemctl daemon-reload"'

1
etc/mysql/conf.d/feedback.cnf
View File

@ -1,3 +1,2 @@
[mysqld]
feedback=ON

1
etc/mysql/conf.d/performance.cnf
View File

@ -4,4 +4,3 @@ performance_schema = off
[mariadb]
aria_pagecache_buffer_size = 32m
aria_sort_buffer_size = 32m

37
etc/nginx/README.md
View File

@ -1,44 +1,43 @@
Useful nginx files that I will probably need and which I will forget if I
cannot read them from here.
* * * * *
---
## FUTURE WARNING
These files may age badly, so here are some hopefully timeless pointers:
* Generate the config file with https://ssl-config.mozilla.org/ (and if
- Generate the config file with https://ssl-config.mozilla.org/ (and if
time eats it, try https://github.com/mozilla/ssl-config-generator/ in
hope of finding where it is now.
* Name it 00-something so it will be the first file read and make
everything a different file.
* If using my acmesh-ssl.bash script, the files to fill should be like:
hope of finding where it is now. \* Name it 00-something so it will be the first file read and make
everything a different file.
- If using my acmesh-ssl.bash script, the files to fill should be like:
(the script runs `$ACMESH --key-file $NGINXDIR/key.pem --fullchain-file $NGINXDIR/cert.pem --reloadcmd "$SYSTEMCTLRESTART nginx"`)
* `ssl_certificate`, `ssl_trusted_certificate` are `cert.pem`
* `ssl_certificate_key` is `key.pem`
- `ssl_certificate`, `ssl_trusted_certificate` are `cert.pem`
- `ssl_certificate_key` is `key.pem`
The header syntax is following, ***THIS LIKELY WON'T TIME WELL, ESPECIALLY CSP***
The header syntax is following, **_THIS LIKELY WON'T TIME WELL, ESPECIALLY CSP_**
```
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header Content-Security-Policy "block-all-mixed-content; default-src 'none'; form-action 'self'; connect-src 'self' ws: wss:; style-src 'self' https: 'unsafe-inline'; script-src 'self'; worker-src 'self'; child-src 'self'; manifest-src 'self'; font-src 'self' https:; media-src 'self' https:; img-src 'self' data: https://user-images.githubusercontent.com" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer" always;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header Content-Security-Policy "block-all-mixed-content; default-src 'none'; form-action 'self'; connect-src 'self' ws: wss:; style-src 'self' https: 'unsafe-inline'; script-src 'self'; worker-src 'self'; child-src 'self'; manifest-src 'self'; font-src 'self' https:; media-src 'self' https:; img-src 'self' data: https://user-images.githubusercontent.com" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer" always;
```
The CSP comes from `HEAD "http://[::]:9000/#/chan-1"` to figure out what
TheLounge would be setting without a reverse proxy in front of it. `HEAD` is
in Debian package `libwww-perl`
* Refer to tester tools to see if the configuration is fine:
* https://observatory.mozilla.org/
* https://securityheaders.com/
* https://www.ssllabs.com/ssltest/
- Refer to tester tools to see if the configuration is fine:
- https://observatory.mozilla.org/
- https://securityheaders.com/
- https://www.ssllabs.com/ssltest/
* * * * *
---
## Arch

26
etc/nginx/conf.d/bitbot.conf
View File

@ -1,17 +1,17 @@
server {
listen 80;
listen 443;
listen 14402;
listen [::]:80;
listen [::]:443;
listen [::]:14402;
ssl_certificate /etc/nginx/ssl/cert.pem;
ssl_certificate_key /etc/nginx/ssl/key.pem;
server_name bitbot.relpda.mikaela.info;
listen 80;
listen 443;
listen 14402;
listen [::]:80;
listen [::]:443;
listen [::]:14402;
ssl_certificate /etc/nginx/ssl/cert.pem;
ssl_certificate_key /etc/nginx/ssl/key.pem;
server_name bitbot.relpda.mikaela.info;
access_log /var/log/nginx/bitbot.access.log main;
access_log /var/log/nginx/bitbot.access.log main;
location / {
proxy_pass http://[::1]:9050;
}
location / {
proxy_pass http://[::1]:9050;
}
}

40
etc/nginx/conf.d/cloudflare.conf
View File

@ -1,20 +1,20 @@
# Cloudflare
set_real_ip_from 199.27.128.0/21;
set_real_ip_from 173.245.48.0/20;
set_real_ip_from 103.21.244.0/22;
set_real_ip_from 103.22.200.0/22;
set_real_ip_from 103.31.4.0/22;
set_real_ip_from 141.101.64.0/18;
set_real_ip_from 108.162.192.0/18;
set_real_ip_from 190.93.240.0/20;
set_real_ip_from 188.114.96.0/20;
set_real_ip_from 197.234.240.0/22;
set_real_ip_from 198.41.128.0/17;
set_real_ip_from 162.158.0.0/15;
set_real_ip_from 104.16.0.0/12;
set_real_ip_from 2400:cb00::/32;
set_real_ip_from 2606:4700::/32;
set_real_ip_from 2803:f800::/32;
set_real_ip_from 2405:b500::/32;
set_real_ip_from 2405:8100::/32;
real_ip_header CF-Connecting-IP;
# Cloudflare
set_real_ip_from 199.27.128.0/21;
set_real_ip_from 173.245.48.0/20;
set_real_ip_from 103.21.244.0/22;
set_real_ip_from 103.22.200.0/22;
set_real_ip_from 103.31.4.0/22;
set_real_ip_from 141.101.64.0/18;
set_real_ip_from 108.162.192.0/18;
set_real_ip_from 190.93.240.0/20;
set_real_ip_from 188.114.96.0/20;
set_real_ip_from 197.234.240.0/22;
set_real_ip_from 198.41.128.0/17;
set_real_ip_from 162.158.0.0/15;
set_real_ip_from 104.16.0.0/12;
set_real_ip_from 2400:cb00::/32;
set_real_ip_from 2606:4700::/32;
set_real_ip_from 2803:f800::/32;
set_real_ip_from 2405:b500::/32;
set_real_ip_from 2405:8100::/32;
real_ip_header CF-Connecting-IP;

89
etc/nginx/conf.d/default.conf
View File

@ -1,57 +1,56 @@
server {
listen 80;
listen 443 ssl;
listen 14402 ssl;
listen [::]:80 ipv6only=on;
listen [::]:443 ssl ipv6only=on;
listen [::]:14402 ssl ipv6only=on;
ssl_certificate /etc/nginx/ssl/cert.pem;
ssl_certificate_key /etc/nginx/ssl/key.pem;
server_name relpda.mikaela.info;
listen 80;
listen 443 ssl;
listen 14402 ssl;
listen [::]:80 ipv6only=on;
listen [::]:443 ssl ipv6only=on;
listen [::]:14402 ssl ipv6only=on;
ssl_certificate /etc/nginx/ssl/cert.pem;
ssl_certificate_key /etc/nginx/ssl/key.pem;
server_name relpda.mikaela.info;
#charset koi8-r;
#access_log /var/log/nginx/host.access.log main;
#charset koi8-r;
#access_log /var/log/nginx/host.access.log main;
#location /api/ {
# proxy_pass http://[::1]:9050;
# }
# proxy_pass http://[::1]:9050;
# }
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
#error_page 404 /404.html;
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}

142
etc/nginx/sites-enabled/old/host
View File

@ -1,94 +1,94 @@
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
listen 443 default_server ssl http2;
listen [::]:443 default_server ssl http2 ipv6only=on;
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
listen 443 default_server ssl http2;
listen [::]:443 default_server ssl http2 ipv6only=on;
root /var/www/default/;
index index.php index.html index.htm;
root /var/www/default/;
index index.php index.html index.htm;
### Generating SSL certificate:
## mkdir -p /etc/nginx/ssl && cd /etc/nginx/ssl
## openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -keyout nginx.key -out nginx.crt
### this takes forever and is used on line 23.
## openssl dhparam -out dhparam.pem 4096
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
# ----- begin of Mozilla Server Side TLS recommendations -----
# **2014-11-07** https://wiki.mozilla.org/Security/Server_Side_TLS
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:50m;
# Diffie-Hellman parameter for DHE ciphersuites, recommended 4096 bits
# See generation on line 14
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
# Diffie-Hellman parameter for DHE ciphersuites, recommended 4096 bits
# See generation on line 14
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
# Intermediate configuration. tweak to your needs.
# comment just for me, don't uncomment.
#ssl_ciphers '';
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
ssl_prefer_server_ciphers on;
# Intermediate configuration. tweak to your needs.
# comment just for me, don't uncomment.
#ssl_ciphers '';
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
ssl_prefer_server_ciphers on;
# Enable this if your want HSTS (recommended)
add_header Strict-Transport-Security "max-age=15552000; includeSubdomains; preload";
add_header X-Frame-Options SAMEORIGIN;
add_header Content-Security-Policy upgrade-insecure-requests;
add_header X-Xss-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
# Enable this if your want HSTS (recommended)
add_header Strict-Transport-Security "max-age=15552000; includeSubdomains; preload";
add_header X-Frame-Options SAMEORIGIN;
add_header Content-Security-Policy upgrade-insecure-requests;
add_header X-Xss-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
# OCSP Stapling ---
# fetch OCSP records from URL in ssl_certificate and cache them
ssl_stapling on;
ssl_stapling_verify on;
## verify chain of trust of OCSP response using Root CA and Intermediate certs
#ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;
#resolver ::1;
# OCSP Stapling ---
# fetch OCSP records from URL in ssl_certificate and cache them
ssl_stapling on;
ssl_stapling_verify on;
## verify chain of trust of OCSP response using Root CA and Intermediate certs
#ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;
#resolver ::1;
# ----- end of Mozilla Server Side TLS recommendations -----
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
autoindex on;
}
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
autoindex on;
}
# Userdir
location ~ ^/~(.+?)(/.*)?$ {
alias /home/$1/public_html$2;
index index.html index.htm;
autoindex on;
}
# Userdir
location ~ ^/~(.+?)(/.*)?$ {
alias /home/$1/public_html$2;
index index.html index.htm;
autoindex on;
}
#error_page 404 /404.html;
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
#error_page 500 502 503 504 /50x.html;
#location = /50x.html {
# root /usr/share/nginx/html;
#}
# redirect server error pages to the static page /50x.html
#
#error_page 500 502 503 504 /50x.html;
#location = /50x.html {
# root /usr/share/nginx/html;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
#
# # With php5-cgi alone:
# fastcgi_pass 127.0.0.1:9000;
# # With php5-fpm:
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
#include fastcgi_params;
include fastcgi.conf;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
#
# # With php5-cgi alone:
# fastcgi_pass 127.0.0.1:9000;
# # With php5-fpm:
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
#include fastcgi_params;
include fastcgi.conf;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.ht {
deny all;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.ht {
deny all;
}
}

27
etc/nginx/sites-enabled/rproxy
View File

@ -1,23 +1,22 @@
server {
listen 80;
listen [::]:80;
listen 443;
listen [::]:443;
listen 80;
listen [::]:80;
listen 443;
listen [::]:443;
# Enable this if your want HSTS (recommended)
add_header Strict-Transport-Security "max-age=15552000; includeSubdomains; preload";
add_header X-Frame-Options SAMEORIGIN;
add_header Content-Security-Policy upgrade-insecure-requests;
add_header X-Xss-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
# Enable this if your want HSTS (recommended)
add_header Strict-Transport-Security "max-age=15552000; includeSubdomains; preload";
add_header X-Frame-Options SAMEORIGIN;
add_header Content-Security-Policy upgrade-insecure-requests;
add_header X-Xss-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
server_name something.example.org;
server_name something.example.org;
# NOTE: For X-Real-IP & X-Forwarded-For see ../conf.d/rproxy.conf
# Behind CloudFlare see ../conf.d/cloudflare.conf
location / {
proxy_pass http://localhost:8080;
}
proxy_pass http://localhost:8080;
}
}

108
etc/nginx/sites-enabled/vhost
View File

@ -1,67 +1,67 @@
server {
# default_server from default vhost must exist somewhere!
listen 80;
listen [::]:80;
listen 443;
listen [::]:443;
# default_server from default vhost must exist somewhere!
listen 80;
listen [::]:80;
listen 443;
listen [::]:443;
# Enable this if your want HSTS (recommended)
add_header Strict-Transport-Security "max-age=15552000; includeSubdomains; preload";
add_header X-Frame-Options SAMEORIGIN;
add_header Content-Security-Policy upgrade-insecure-requests;
add_header X-Xss-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
# Enable this if your want HSTS (recommended)
add_header Strict-Transport-Security "max-age=15552000; includeSubdomains; preload";
add_header X-Frame-Options SAMEORIGIN;
add_header Content-Security-Policy upgrade-insecure-requests;
add_header X-Xss-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
root /var/www/vhostdir;
index index.php index.html index.htm;
root /var/www/vhostdir;
index index.php index.html index.htm;
# vhost address
server_name vhost.example.org;
# vhost address
server_name vhost.example.org;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
autoindex off;
}
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
autoindex off;
}
# Userdir
#ilocation ~ ^/~(.+?)(/.*)?$ {
# alias /home/$1/public_html$2;
# index index.html index.htm;
# autoindex on;
#}
# Userdir
#ilocation ~ ^/~(.+?)(/.*)?$ {
# alias /home/$1/public_html$2;
# index index.html index.htm;
# autoindex on;
#}
#error_page 404 /404.html;
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
#error_page 500 502 503 504 /50x.html;
#location = /50x.html {
# root /usr/share/nginx/html;
#}
# redirect server error pages to the static page /50x.html
#
#error_page 500 502 503 504 /50x.html;
#location = /50x.html {
# root /usr/share/nginx/html;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
#
# # With php5-cgi alone:
# fastcgi_pass 127.0.0.1:9000;
# # With php5-fpm:
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
#include fastcgi_params;
include fastcgi.conf;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
#
# # With php5-cgi alone:
# fastcgi_pass 127.0.0.1:9000;
# # With php5-fpm:
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
#include fastcgi_params;
include fastcgi.conf;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.ht {
deny all;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.ht {
deny all;
}
}

42
etc/oidentd.conf
View File

@ -6,22 +6,22 @@
# Deny everything by default
default {
default {
deny spoof
deny spoof_all
deny spoof_privport
deny random
deny random_numeric
deny numeric
deny hide
}
default {
deny spoof
deny spoof_all
deny spoof_privport
deny random
deny random_numeric
deny numeric
deny hide
}
}
# Don't respond to ident request to root
user root {
default {
force hide
}
default {
force hide
}
}
# Allow user znc to spoof when *Identfile is used
@ -33,13 +33,13 @@ user root {
# /msg *identfile setfile ~/.oidentd.conf
# /msg *identfile setformat global { reply "%user%" }
user "znc" {
default {
allow spoof
allow spoof_all
allow spoof_privport
deny random
deny random_numeric
deny numeric
deny hide
}
default {
allow spoof
allow spoof_all
allow spoof_privport
deny random
deny random_numeric
deny numeric
deny hide
}
}

14
etc/pipewire/media-session.d/README.md
View File

@ -7,11 +7,11 @@ marking the headset as "Pro-audio" in pavucontrol Settings tab and adjusting
one from `alsamixer` is enough to fix it.
In `alsamixer` having it as pro-audio exposes the sound card in F6 known as
*Logitech USB Headset* and there I see two siliders, *Headphone* and *Mic*,
*Headphone* can apparently be 100 and *Mic* muted when not in use to avoid
_Logitech USB Headset_ and there I see two siliders, _Headphone_ and _Mic_,
_Headphone_ can apparently be 100 and _Mic_ muted when not in use to avoid
it echoing back.
* * * * *
---
The old pulseaudio fix for less than 20 % volume being unhearable is editing
`alsa-monitor.conf` and uncommenting `api.alsa.ignore-dB = true`
@ -32,10 +32,10 @@ don't exist by default anymore, they need to be copied and edited separately
See also:
* https://gitlab.freedesktop.org/pipewire/pipewire/-/issues/1220
* marked as duplicate of: https://gitlab.freedesktop.org/pipewire/pipewire/-/issues/207
- https://gitlab.freedesktop.org/pipewire/pipewire/-/issues/1220
- marked as duplicate of: https://gitlab.freedesktop.org/pipewire/pipewire/-/issues/207
## Bluetooth
* https://www.redpill-linpro.com/techblog/2021/05/31/better-bluetooth-headset-audio-with-msbc.html
* https://web.archive.org/web/20210614103423/https://www.redpill-linpro.com/techblog/2021/05/31/better-bluetooth-headset-audio-with-msbc.html
- https://www.redpill-linpro.com/techblog/2021/05/31/better-bluetooth-headset-audio-with-msbc.html
- https://web.archive.org/web/20210614103423/https://www.redpill-linpro.com/techblog/2021/05/31/better-bluetooth-headset-audio-with-msbc.html

4
etc/pkcs11/modules/README.md
View File

@ -1,7 +1,7 @@
Central configuration for PKCS#11 plugin using software and smartcards.
* https://digisaatio.fi/wiki/P11-kit
* https://www.systutorials.com/docs/linux/man/5-pkcs11.conf/
- https://digisaatio.fi/wiki/P11-kit
- https://www.systutorials.com/docs/linux/man/5-pkcs11.conf/
Remember also [my FINEID notes in the gist/ repo](https://gitea.blesmrt.net/mikaela/gist/src/branch/master/fineid)

24
etc/radvd.conf
View File

@ -1,15 +1,15 @@
interface eth0
{
AdvSendAdvert on;
AdvOtherConfigFlag on;
prefix 2001:14b8:100:8397::/64
{
AdvOnLink on;
AdvAutonomous on;
};
prefix ULA::/64
{
AdvOnLink on;
AdvAutonomous on;
};
AdvSendAdvert on;
AdvOtherConfigFlag on;
prefix 2001:14b8:100:8397::/64
{
AdvOnLink on;
AdvAutonomous on;
};
prefix ULA::/64
{
AdvOnLink on;
AdvAutonomous on;
};
};

12
etc/resolv.conf
View File

@ -26,9 +26,9 @@ options edns0 single-request-reopen #trust-ad
# !!! /run/systemd/resolve/stub-resolv.conf !!! /usr/lib/systemd/resolv.conf /run/systemd/resolve/resolv.conf
# !!! /run/systemd/resolve/stub-resolv.conf !!! contains search domains and doesn't seem to be
# overwritable and somehow works with Mullvad
# https://github.com/mullvad/mullvadvpn-app/issues/1952
# /usr/lib/systemd/resolv.conf doesn't contain search domains, can
# get overwritten and "broken"
# /run/systemd/resolve/resolv.conf contains uplink resolvers and domains
# SHOULDN'T BE USED!
# overwritable and somehow works with Mullvad
# https://github.com/mullvad/mullvadvpn-app/issues/1952
# /usr/lib/systemd/resolv.conf doesn't contain search domains, can
# get overwritten and "broken"
# /run/systemd/resolve/resolv.conf contains uplink resolvers and domains
# SHOULDN'T BE USED!

10
etc/ssh/ssh_config.d/example.conf
View File

@ -1,6 +1,6 @@
#Host example
#Hostname compuutteri.example.net
#Port 12345
#IdentityFile /home/username/.ssh/privkey
#ProxyJump uzanto@komputilo.example.net:2222
#User account42
#Hostname compuutteri.example.net
#Port 12345
#IdentityFile /home/username/.ssh/privkey
#ProxyJump uzanto@komputilo.example.net:2222
#User account42

2
etc/ssh/sshd_config.d/README.md
View File

@ -1,6 +1,6 @@
sshd_config should include something like
Include /etc/ssh/sshd_config.d/*.conf
Include /etc/ssh/sshd_config.d/\*.conf
NOTE: This became supported only at OpenSSHd 8.2 on 2020-02-14.
https://www.openssh.com/txt/release-8.2

4
etc/ssh/sshd_config.d/broken/mikaela-prohibit-password.conf
View File

@ -2,6 +2,6 @@
# in reverse so this file is useless. https://serverfault.com/a/461865
# & OpenSSH_8.4p1
Match User mikaela
PasswordAuthentication no
AuthenticationMethods publickey
PasswordAuthentication no
AuthenticationMethods publickey
Match All

4
etc/ssh/sshd_config.d/user-permit-password.conf
View File

@ -6,6 +6,6 @@
# https://serverfault.com/a/461865 OpenSSH_8.4p1
#Match User someone,somebodyelse,whoever
# PasswordAuthentication yes
# AuthenticationMethods any
# PasswordAuthentication yes
# AuthenticationMethods any
#Match All

22
etc/systemd/resolved.conf.d/README.md
View File

@ -11,24 +11,24 @@ sudo systemctl restart systemd-resolved
## Files explained
* `00-defaults.conf` - configuration not touching resolvers. Disables DNSSEC (as
- `00-defaults.conf` - configuration not touching resolvers. Disables DNSSEC (as
systemd-resolved doesn't handle it properly), enables opportunistic DoT and
caching.
* `dot-*.conf` - configuration to use the DNS provider with DNS-over-TLS. If
- `dot-*.conf` - configuration to use the DNS provider with DNS-over-TLS. If
captive portals are a concern, `DNSOverTLS=no`.
* `README.md` - you are reading it right now.
- `README.md` - you are reading it right now.
## General commentary
* Based on my test DNSOverTLS is not supported in Ubuntu 18.04.x LTS (however
- Based on my test DNSOverTLS is not supported in Ubuntu 18.04.x LTS (however
at the time of writing this README.md, the current version is Ubuntu 20.04.0)
(systemd v237). DNSOverTLS became supported in v239, strict mode (yes) in
v243 (big improvements in v244).
* TODO: find out when SNI became supported, I have just spotted it in the
- TODO: find out when SNI became supported, I have just spotted it in the
fine manual in 2020-06-??.
* Domains has to be `.~` for them to override DHCP. See https://www.internetsociety.org/blog/2018/12/dns-privacy-in-linux-systemd
- Domains has to be `.~` for them to override DHCP. See https://www.internetsociety.org/blog/2018/12/dns-privacy-in-linux-systemd
without which I wouldn't have got this right.
* DNSSEC may not work if the system is down for a long time and not updated.
- DNSSEC may not work if the system is down for a long time and not updated.
Thus `allow-downgrade` may be better for non-tech people, even with the
potential downgrade attack. There are also captive portals, affecting
`DNSOverTLS`. Both take `yes` or `no` or their own special option,
@ -36,7 +36,7 @@ sudo systemctl restart systemd-resolved
Other links I have found important and my files are based on:
* https://wiki.archlinux.org/index.php/Systemd-resolved
* Also provides the serious issues systemd-resolved+DNSSEC issues, https://github.com/systemd/systemd/issues/10579 & https://github.com/systemd/systemd/issues/9867
* request for strict DOT: https://github.com/systemd/systemd/issues/10755
* vulnerable to MITM: https://github.com/systemd/systemd/issues/9397
- https://wiki.archlinux.org/index.php/Systemd-resolved
- Also provides the serious issues systemd-resolved+DNSSEC issues, https://github.com/systemd/systemd/issues/10579 & https://github.com/systemd/systemd/issues/9867
- request for strict DOT: https://github.com/systemd/systemd/issues/10755
- vulnerable to MITM: https://github.com/systemd/systemd/issues/9397

10
etc/systemd/system/README.md
View File

@ -3,13 +3,13 @@ subdirectories. The sudirectories won't exist in the real
`/etc/systemd/system` unless they end `.wants` or `.d` or something similar
and I forget to update this README file if that happens.
* reflector.service is copied from https://wiki.archlinux.org/index.php/Reflector
- reflector.service is copied from https://wiki.archlinux.org/index.php/Reflector
but uses https instead of http, because there is no reason I would want
someone to see what I download.
## Worth reading
* Waiting for network devices to have IP address (**I only use this for
cables**) https://wiki.freedesktop.org/www/Software/systemd/NetworkTarget/#cutthecraphowdoimakenetwork.targetworkforme
* systemctl enable NetworkManager-wait-online.service
* systemctl enable systemd-networkd-wait-online.service
- Waiting for network devices to have IP address (**I only use this for
cables**) https://wiki.freedesktop.org/www/Software/systemd/NetworkTarget/#cutthecraphowdoimakenetwork.targetworkforme
_ systemctl enable NetworkManager-wait-online.service
_ systemctl enable systemd-networkd-wait-online.service

5
etc/systemd/system/ipv6/README.md
View File

@ -1,9 +1,8 @@
The IPv6 files are copied from
https://www.reddit.com/r/raspberry_pi/comments/14vcpz/rpi_as_an_ipv6_router_using_a_sixxs_tunnel_and/
and they are here because they were my biggest difficulty with having Arch
on Pi as IPv6 router.
* Also helpful
https://wiki.archlinux.org/index.php/IPv6_tunnel_broker_setup
on Pi as IPv6 router. \* Also helpful
https://wiki.archlinux.org/index.php/IPv6_tunnel_broker_setup
Miredo.service again is edited from what Arch & Debian ship so it starts
after there is already network connectivity and Unbound is running

1
etc/systemd/system/limnoria.service
View File

@ -21,4 +21,3 @@ User=BOTUSER
[Install]
WantedBy=multi-user.target

2
etc/systemd/system/sailfish/README.md
View File

@ -2,5 +2,5 @@ Services in this directory are meant for my Jolla Phone which runs
Sailfish OS. It doesn't have cron, so I tried the nearest equivalent
that is there out-of-box, systemd timers.
* aliendalvik-stopper again stops android support hourly so it won't waste
- aliendalvik-stopper again stops android support hourly so it won't waste
battery.

18
etc/unbound/unbound.conf.d/00-insecure-domains.conf
View File

@ -7,17 +7,17 @@
server:
forward-zone:
name: "mywifiext.net"
forward-tls-upstream: no
forward-addr: 8.8.8.8
name: "mywifiext.net"
forward-tls-upstream: no
forward-addr: 8.8.8.8
forward-zone:
name: "tplinkrepeater.net"
forward-tls-upstream: no
forward-addr: 8.8.8.8
name: "tplinkrepeater.net"
forward-tls-upstream: no
forward-addr: 8.8.8.8
# Can I refer to subdomain as a zone?
forward-zone:
name: "http.badssl.com"
forward-tls-upstream: no
forward-addr: 8.8.8.8
name: "http.badssl.com"
forward-tls-upstream: no
forward-addr: 8.8.8.8

22
etc/unbound/unbound.conf.d/cache.conf
View File

@ -4,14 +4,14 @@
# See also MEMORY CONTROL EXAMPLE in man unbound.conf
server:
# bytes in message cache, defaults to 4m
msg-cache-size: 50m
# bytes in rrset cache, defaults to 4m
rrset-cache-size: 50m
# nxdomain cache, default 1m
neg-cache-size: 10m
# Cache results for 15 minutes even if they had a shorter TTL. Cloudflare
# zone export used to have 1 second, and I have also been seeing 1
# minute in the wild, I think 5 mins shouldn't break anything, but bigger
# might.
cache-min-ttl: 900
# bytes in message cache, defaults to 4m
msg-cache-size: 50m
# bytes in rrset cache, defaults to 4m
rrset-cache-size: 50m
# nxdomain cache, default 1m
neg-cache-size: 10m
# Cache results for 15 minutes even if they had a shorter TTL. Cloudflare
# zone export used to have 1 second, and I have also been seeing 1
# minute in the wild, I think 5 mins shouldn't break anything, but bigger
# might.
cache-min-ttl: 900

66
etc/unbound/unbound.conf.d/dns-over-tls.conf
View File

@ -7,10 +7,10 @@
# root-auto-trust-anchor-file.conf at least on Debian.
server:
# Debian ca-certificates location
tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
# Fedora location
#tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
# Debian ca-certificates location
tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
# Fedora location
#tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
# Hopefully a reasonable set of non-filtering servers including those
# listening on 443, preferably Anycast, but not necessarily.
@ -21,37 +21,37 @@ server:
# (Also I cannot rename this file due to it being linked around))
forward-zone:
name: "."
forward-tls-upstream: yes
name: "."
forward-tls-upstream: yes
# Quad9 - Anycast, Switzerland based
# Non filtering "insecure" servers without DNSSEC, but that is done
# by Unbound locally anyway.
forward-addr: 2620:fe::fe:10@853#dns10.quad9.net
forward-addr: 9.9.9.10@853#dns10.quad9.net
forward-addr: 2620:fe::10@853#dns10.quad9.net
forward-addr: 149.112.112.10@853#dns10.quad9.net
# Quad9 - Anycast, Switzerland based
# Non filtering "insecure" servers without DNSSEC, but that is done
# by Unbound locally anyway.
forward-addr: 2620:fe::fe:10@853#dns10.quad9.net
forward-addr: 9.9.9.10@853#dns10.quad9.net
forward-addr: 2620:fe::10@853#dns10.quad9.net
forward-addr: 149.112.112.10@853#dns10.quad9.net
# Cloudflare DNS - anycast
forward-addr: 2606:4700:4700::1111@853#cloudflare-dns.com
forward-addr: 1.1.1.1@853#cloudflare-dns.com
forward-addr: 2606:4700:4700::1001@853#cloudflare-dns.com
forward-addr: 1.0.0.1@853#cloudflare-dns.com
# Cloudflare DNS - anycast
forward-addr: 2606:4700:4700::1111@853#cloudflare-dns.com
forward-addr: 1.1.1.1@853#cloudflare-dns.com
forward-addr: 2606:4700:4700::1001@853#cloudflare-dns.com
forward-addr: 1.0.0.1@853#cloudflare-dns.com
## DNS-over-TLS on port 443, no filtering. Mainly useful for traveling
## laptops?
# https://appliedprivacy.net/services/dns/ - Vienna, Austria
#forward-addr: 2a02:1b8:10:234::2@443#dot1.applied-privacy.net
#forward-addr: 146.255.56.98@443#dot1.applied-privacy.net
## DNS-over-TLS on port 443, no filtering. Mainly useful for traveling
## laptops?
# https://appliedprivacy.net/services/dns/ - Vienna, Austria
#forward-addr: 2a02:1b8:10:234::2@443#dot1.applied-privacy.net
#forward-addr: 146.255.56.98@443#dot1.applied-privacy.net
# Adguard DNS Unfiltered Anycast
forward-addr: 2a10:50c0::1:ff@853#dns-unfiltered.adguard.com
forward-addr: 2a10:50c0::2:ff@853#dns-unfiltered.adguard.com
forward-addr: 94.140.14.140@853#dns-unfiltered.adguard.com
forward-addr: 94.140.14.141@853#dns-unfiltered.adguard.com
# Adguard DNS Unfiltered Anycast
forward-addr: 2a10:50c0::1:ff@853#dns-unfiltered.adguard.com
forward-addr: 2a10:50c0::2:ff@853#dns-unfiltered.adguard.com
forward-addr: 94.140.14.140@853#dns-unfiltered.adguard.com
forward-addr: 94.140.14.141@853#dns-unfiltered.adguard.com
# NextDNS - anycast
forward-addr: 45.90.28.0@853#dns1.nextdns.io
forward-addr: 2a07:a8c0::@853#dns1.nextdns.io
forward-addr: 45.90.30.0@853#dns2.nextdns.io
forward-addr: 2a07:a8c1::@853#dns2.nextdns.io
# NextDNS - anycast
forward-addr: 45.90.28.0@853#dns1.nextdns.io
forward-addr: 2a07:a8c0::@853#dns1.nextdns.io
forward-addr: 45.90.30.0@853#dns2.nextdns.io
forward-addr: 2a07:a8c1::@853#dns2.nextdns.io

30
etc/unbound/unbound.conf.d/dns64-over-tls.conf
View File

@ -2,23 +2,23 @@
# are currently rare. And this is more of a placeholder.
server:
# Debian ca-certificates location
tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
# ctrl.blog says this is the Fedora location
#tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
# Debian ca-certificates location
tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
# ctrl.blog says this is the Fedora location
#tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
# Forward queries to
forward-zone:
name: "."
forward-tls-upstream: yes
name: "."
forward-tls-upstream: yes
# Google DNS64 for 64:ff9b::/96
# As of 2019-08-25 this doesn't seem to actually be working, but I hope
# Google will fix it by the time I actually have IPv6 only hosts and
# there will be not-Google options.
#forward-addr: 2001:4860:4860::6464@853#dns64.dns.google
#forward-addr: 2001:4860:4860::64@853#dns64.dns.google
# Google DNS64 for 64:ff9b::/96
# As of 2019-08-25 this doesn't seem to actually be working, but I hope
# Google will fix it by the time I actually have IPv6 only hosts and
# there will be not-Google options.
#forward-addr: 2001:4860:4860::6464@853#dns64.dns.google
#forward-addr: 2001:4860:4860::64@853#dns64.dns.google
# Cloudflare for 64:ff9b::/96
forward-addr: 2606:4700:4700::64@853#dns64.cloudflare-dns.com
forward-addr: 2606:4700:4700::6400@853#dns64.cloudflare-dns.com
# Cloudflare for 64:ff9b::/96
forward-addr: 2606:4700:4700::64@853#dns64.cloudflare-dns.com
forward-addr: 2606:4700:4700::6400@853#dns64.cloudflare-dns.com

4
etc/unbound/unbound.conf.d/dnscrypt-proxy.conf
View File

@ -1,5 +1,5 @@
# From https://wiki.archlinux.org/index.php/DNSCrypt
do-not-query-localhost: no
forward-zone:
name: "."
forward-addr: 127.0.2.1@53
name: "."
forward-addr: 127.0.2.1@53

20
etc/unbound/unbound.conf.d/dot-adguard.conf
View File

@ -1,15 +1,15 @@
server:
# Debian ca-certificates location
tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
# ctrl.blog says this is the Fedora location
#tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
# Debian ca-certificates location
tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
# ctrl.blog says this is the Fedora location
#tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
forward-zone:
name: "."
forward-tls-upstream: yes
forward-addr: 2a10:50c0::ad1:ff@853#dns.adguard.com
forward-addr: 94.140.14.14@853#dns.adguard.com
forward-addr: 2a10:50c0::ad2:ff@853#dns.adguard.com
forward-addr: 94.140.15.15@853#dns.adguard.com
name: "."
forward-tls-upstream: yes
forward-addr: 2a10:50c0::ad1:ff@853#dns.adguard.com
forward-addr: 94.140.14.14@853#dns.adguard.com
forward-addr: 2a10:50c0::ad2:ff@853#dns.adguard.com
forward-addr: 94.140.15.15@853#dns.adguard.com
# Updated for https://adguard.com/en/blog/adguard-dns-new-addresses.html

32
etc/unbound/unbound.conf.d/dot-fluhable-cache.conf
View File

@ -2,25 +2,25 @@
# Based on https://www.ctrl.blog/entry/unbound-tls-forwarding.html
server:
# Debian ca-certificates location
tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
# Fedora location
#tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
# Debian ca-certificates location
tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
# Fedora location
#tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
# DNS servers that have public button for flushing cache. Privacy not considered.
forward-zone:
name: "."
forward-tls-upstream: yes
name: "."
forward-tls-upstream: yes
# Cloudflare / https://1.1.1.1/purge-cache/
forward-addr: 2606:4700:4700::1111@853#cloudflare-dns.com
forward-addr: 1.1.1.1@853#cloudflare-dns.com
forward-addr: 2606:4700:4700::1001@853#cloudflare-dns.com
forward-addr: 1.0.0.1@853#cloudflare-dns.com
# Cloudflare / https://1.1.1.1/purge-cache/
forward-addr: 2606:4700:4700::1111@853#cloudflare-dns.com
forward-addr: 1.1.1.1@853#cloudflare-dns.com
forward-addr: 2606:4700:4700::1001@853#cloudflare-dns.com
forward-addr: 1.0.0.1@853#cloudflare-dns.com
# Google / https://dns.google/cache
forward-addr: 8.8.8.8@853#dns.google
forward-addr: 8.8.4.4@853#dns.google
forward-addr: 2001:4860:4860::8888@853#dns.google
forward-addr: 2001:4860:4860::8844@853#dns.google
# Google / https://dns.google/cache
forward-addr: 8.8.8.8@853#dns.google
forward-addr: 8.8.4.4@853#dns.google
forward-addr: 2001:4860:4860::8888@853#dns.google
forward-addr: 2001:4860:4860::8844@853#dns.google

18
etc/unbound/unbound.conf.d/dot-mullvad-adblock.conf
View File

@ -1,12 +1,12 @@
server:
# Debian ca-certificates location
tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
# ctrl.blog says this is the Fedora location
#tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
# Debian ca-certificates location
tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
# ctrl.blog says this is the Fedora location
#tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
forward-zone:
name: "."
forward-tls-upstream: yes
forward-addr: 2a07:e340::3@853#adblock.doh.mullvad.net
forward-addr: 194.242.2.3@853#adblock.doh.mullvad.net
forward-addr: 193.19.108.3@853#adblock.doh.mullvad.net
name: "."
forward-tls-upstream: yes
forward-addr: 2a07:e340::3@853#adblock.doh.mullvad.net
forward-addr: 194.242.2.3@853#adblock.doh.mullvad.net
forward-addr: 193.19.108.3@853#adblock.doh.mullvad.net

18
etc/unbound/unbound.conf.d/dot-mullvad.conf
View File

@ -1,12 +1,12 @@
server:
# Debian ca-certificates location
tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
# ctrl.blog says this is the Fedora location
#tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
# Debian ca-certificates location
tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
# ctrl.blog says this is the Fedora location
#tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
forward-zone:
name: "."
forward-tls-upstream: yes
forward-addr: 2a07:e340::2@853#doh.mullvad.net
forward-addr: 194.242.2.2@853#doh.mullvad.net
forward-addr: 193.19.108.2@853#doh.mullvad.net
name: "."
forward-tls-upstream: yes
forward-addr: 2a07:e340::2@853#doh.mullvad.net
forward-addr: 194.242.2.2@853#doh.mullvad.net
forward-addr: 193.19.108.2@853#doh.mullvad.net

20
etc/unbound/unbound.conf.d/dot-quad9-ecs.conf
View File

@ -1,13 +1,13 @@
server:
# Debian ca-certificates location
tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
# ctrl.blog says this is the Fedora location
#tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
# Debian ca-certificates location
tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
# ctrl.blog says this is the Fedora location
#tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
forward-zone:
name: "."
forward-tls-upstream: yes
forward-addr: 2620:fe::fe:11@853#dns11.quad9.net
forward-addr: 9.9.9.11@853#dns11.quad9.net
forward-addr: 2620:fe::11@853#dns11.quad9.net
forward-addr: 149.112.112.11@853#dns11.quad9.net
name: "."
forward-tls-upstream: yes
forward-addr: 2620:fe::fe:11@853#dns11.quad9.net
forward-addr: 9.9.9.11@853#dns11.quad9.net
forward-addr: 2620:fe::11@853#dns11.quad9.net
forward-addr: 149.112.112.11@853#dns11.quad9.net

20
etc/unbound/unbound.conf.d/dot-quad9.conf
View File

@ -1,13 +1,13 @@
server:
# Debian ca-certificates location
tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
# ctrl.blog says this is the Fedora location
#tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
# Debian ca-certificates location
tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
# ctrl.blog says this is the Fedora location
#tls-cert-bundle: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
forward-zone:
name: "."
forward-tls-upstream: yes
forward-addr: 2620:fe::fe@853#dns.quad9.net
forward-addr: 9.9.9.9@853#dns.quad9.net
forward-addr: 2620:fe::9@853#dns.quad9.net
forward-addr: 149.112.112.112@853#dns.quad9.net
name: "."
forward-tls-upstream: yes
forward-addr: 2620:fe::fe@853#dns.quad9.net
forward-addr: 9.9.9.9@853#dns.quad9.net
forward-addr: 2620:fe::9@853#dns.quad9.net
forward-addr: 149.112.112.112@853#dns.quad9.net

4
etc/unbound/unbound.conf.d/ipv6.conf
View File

@ -1,3 +1,3 @@
server:
# Prefer IPv6 transport for sending DNS queries to internet nameservers.
prefer-ip6: yes
# Prefer IPv6 transport for sending DNS queries to internet nameservers.
prefer-ip6: yes

18
etc/unbound/unbound.conf.d/logging.conf
View File

@ -1,10 +1,10 @@
server:
use-syslog: yes
#logfile: "/tmp/unbound.log"
# level 0 means no verbosity, only errors. Level 1 gives operational
# information. Level 2 gives detailed operational information. Level 3
# gives query level information, output per query. Level 4 gives
# algorithm level information.
verbosity: 2
# Print statistics to the log hourly
statistics-interval: 3600
use-syslog: yes
#logfile: "/tmp/unbound.log"
# level 0 means no verbosity, only errors. Level 1 gives operational
# information. Level 2 gives detailed operational information. Level 3
# gives query level information, output per query. Level 4 gives
# algorithm level information.
verbosity: 2
# Print statistics to the log hourly
statistics-interval: 3600

26
etc/unbound/unbound.conf.d/plain-dns64.conf
View File

@ -2,19 +2,19 @@
# Check dns64-over-tls.conf instead!
forward-zone:
name: "."
name: "."
# Cloudflare DNS64 for 64:ff9b::/96
forward-addr: 2606:4700:4700::64
forward-addr: 2606:4700:4700::6400
# Cloudflare DNS64 for 64:ff9b::/96
forward-addr: 2606:4700:4700::64
forward-addr: 2606:4700:4700::6400
# Trex DNS64/NAT64 <http://www.trex.fi/2011/dns64.html>
# > The generated AAAA records point to address blocks in TREX's public
# address space 2001:67c:2b0::/48 so they are usable from anywhere on
# the Internet.
forward-addr: 2001:67c:2b0::4
forward-addr: 2001:67c:2b0::6
# Trex DNS64/NAT64 <http://www.trex.fi/2011/dns64.html>
# > The generated AAAA records point to address blocks in TREX's public
# address space 2001:67c:2b0::/48 so they are usable from anywhere on
# the Internet.
forward-addr: 2001:67c:2b0::4
forward-addr: 2001:67c:2b0::6
# Google DNS64 for 64:ff9b::/96 (reserved NAT64 space)
#forward-addr: 2001:4860:4860::6464
#forward-addr: 2001:4860:4860::64
# Google DNS64 for 64:ff9b::/96 (reserved NAT64 space)
#forward-addr: 2001:4860:4860::6464
#forward-addr: 2001:4860:4860::64

6
etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf
View File

@ -1,6 +1,6 @@
# This is another Debian default, that I may be missing under Arch, even
# if the location changes.
server:
# The following line will configure unbound to perform cryptographic
# DNSSEC validation using the root trust anchor.
auto-trust-anchor-file: "/var/lib/unbound/root.key"
# The following line will configure unbound to perform cryptographic
# DNSSEC validation using the root trust anchor.
auto-trust-anchor-file: "/var/lib/unbound/root.key"

6
etc/unbound/unbound.conf.d/threads.conf
View File

@ -1,4 +1,4 @@
server:
# Use two threads, I think more than 1 threads will help with Firefox
# at times telling name resolution failed
num-threads: 2
# Use two threads, I think more than 1 threads will help with Firefox
# at times telling name resolution failed
num-threads: 2

15
etc/xdg/autostart/README.md
View File

@ -1,10 +1,9 @@
System-wide autostart files
===========================
# System-wide autostart files
*Note: this directory is also being used as `~/.local/share/applications`
which populates the app menu, my autostart is thankfully not this
populated.*
_Note: this directory is also being used as `~/.local/share/applications`
which populates the app menu, my autostart is thankfully not this
populated._
* redshift - app that changes screen temperature along the sun
* telegramdesktop - IM app, based on telegram-desktop package
* com.wire.WireDesktop - Wire flatpak based on the flatpak of the same name
- redshift - app that changes screen temperature along the sun
- telegramdesktop - IM app, based on telegram-desktop package
- com.wire.WireDesktop - Wire flatpak based on the flatpak of the same name

10
etc/yum.repos.d/README.md
View File

@ -6,8 +6,8 @@ as the links below.
## Additional repositories
* Begin by `sudo fedora-third-party enable`
* https://github.com/yggdrasil-network/yggdrasil-network.github.io/issues/127#issuecomment-766520311
* https://www.insynchq.com/
* https://keybase.io/docs/the_app/install_linux
* https://rpmfusion.org/Configuration
- Begin by `sudo fedora-third-party enable`
- https://github.com/yggdrasil-network/yggdrasil-network.github.io/issues/127#issuecomment-766520311
- https://www.insynchq.com/
- https://keybase.io/docs/the_app/install_linux
- https://rpmfusion.org/Configuration

1
gpg/gpg.conf
View File

@ -112,4 +112,3 @@ trust-model tofu+pgp
# WoT with TOFUs conflict detection, but without positive trust. This may
# be better due to https://gitea.blesmrt.net/mikaela/pgp-alt-wot/ and lsign.
tofu-default-policy unknown

6
install
View File

@ -18,7 +18,7 @@ cat conf/makepkg.conf > ~/.makepkg.conf
mkdir -p ~/.config/mpv/
cat conf/mpv.conf > ~/.config/mpv/mpv.conf
if [ ! -f ~/.oidentd.conf ]; then
cat conf/oidentd.conf > ~/.oidentd.conf
cat conf/oidentd.conf > ~/.oidentd.conf
fi
mkdir -p ~/.gnupg
cat gpg/gpg.conf > ~/.gnupg/gpg.conf
@ -37,12 +37,12 @@ bash -x ./chmod&
if [ -f $HOME/.MIKAELAGREP ]
then
mv $HOME/.MIKAELAGREP $MIKAELA_GREP
mv $HOME/.MIKAELAGREP $MIKAELA_GREP
fi
if [ -f "$MIKAELA_GREP" ]
then
bash -x .mikaela_install
bash -x .mikaela_install
fi
set +x

42
rc/bashrc
View File

@ -108,7 +108,7 @@ if [[ $UNAME = Darwin ]]; then
alias l="ls -CFGp"
fi
# Add an "alert" alias for long running commands. Use like so:
# Add an "alert" alias for long running commands. Use like so:
# sleep 10; alert
alias alert='notify-send --urgency=low -i "$([ $? = 0 ] && echo terminal || echo error)" "$(history|tail -n1|sed -e '\''s/^\s*[0-9]\+\s*//;s/[;&|]\s*alert$//'\'')"'
@ -276,7 +276,7 @@ alias nmap-quick-plus="sudo nmap -sV -T4 -O -F --version-light "
alias nmap-traceroute="sudo nmap -sP -PE -PS22,25,80 -PA21,23,80,3389 -PU -PO --traceroute "
alias nmap-regular="nmap "
alias nmap-comprehensive="sudo nmap -sS -sU -T4 -A -v -PE -PP -PS21,22,23,25,80,113,31339 -PA80,113,443,10042 -PO --script all "
# Little "safer" scan as connecting to only HTTP and HTTPS ports doesn't look so attacking. Copy-paste to .bash_custom and remove " -p 80,443" if you want to scan all ports which nmap scans by default.
# Little "safer" scan as connecting to only HTTP and HTTPS ports doesn't look so attacking. Copy-paste to .bash_custom and remove " -p 80,443" if you want to scan all ports which nmap scans by default.
alias nmap-osscan="sudo nmap -p 80,443 -O -v --osscan-guess --fuzzy "
# Downloads folder over SSH. Usage: rdownload <host>:<remotefolder> <local_destination> | TIP: use ~/ssh/config to configure hosts.
@ -530,7 +530,7 @@ alias mpvms="mpv --no-video --shuffle"
# Compatibility with my i3 alsactl mess
if [ -f ~/.config/asound.state ]
then
alias alsactl="\alsactl -f ~/.config/asound.state"
alias alsactl="\alsactl -f ~/.config/asound.state"
fi
# More simple SSH file signing, ~/.ssh/signingkey.pub should be a symlink
@ -573,26 +573,26 @@ function ex ()
{
if [ -f "$1" ] ; then
case "$1" in
*.tar) tar xvf $1 ;;
*.tar.bz2 | *.tbz2 ) tar xjvf $1 ;;
*.tar.gz | *.tgz ) tar xzvf $1 ;;
*.bz2) bunzip2 $1 ;;
*.rar) unrar x $1 ;;
*.gz) gunzip $1 ;;
*.zip) unzip $1 ;;
*.Z) uncompress $1 ;;
*.7z) 7z x $1 ;;
*.xz) tar xJvf $1 ;;
*.deb)
DIR=${1%%_*.deb}
ar xv $1
mkdir ${DIR}
tar -C ${DIR} -xzvf data.tar.gz ;;
*.rpm) rpm2cpio $1 | cpio -vid ;;
*) echo ""${1}" cannot be extracted via extract()"
*.tar) tar xvf $1 ;;
*.tar.bz2 | *.tbz2 ) tar xjvf $1 ;;
*.tar.gz | *.tgz ) tar xzvf $1 ;;
*.bz2) bunzip2 $1 ;;
*.rar) unrar x $1 ;;
*.gz) gunzip $1 ;;
*.zip) unzip $1 ;;
*.Z) uncompress $1 ;;
*.7z) 7z x $1 ;;
*.xz) tar xJvf $1 ;;
*.deb)
DIR=${1%%_*.deb}
ar xv $1
mkdir ${DIR}
tar -C ${DIR} -xzvf data.tar.gz ;;
*.rpm) rpm2cpio $1 | cpio -vid ;;
*) echo ""${1}" cannot be extracted via extract()"
;;
esac
else
else
echo ""${1}" is not a valid file"
fi
}

6
rc/vimrc
View File

@ -79,9 +79,9 @@ filetype plugin indent on
" Return to last edit position when opening files (You want this!)
autocmd BufReadPost *
\ if line("'\"") > 0 && line("'\"") <= line("$") |
\ exe "normal! g`\"" |
\ endif
\ if line("'\"") > 0 && line("'\"") <= line("$") |
\ exe "normal! g`\"" |
\ endif
" I think leaving line endings to git may be more safe
" dos2unix ^M copied from https://stackoverflow.com/a/5361702/1675649

50
rc/zshrc
View File

@ -11,20 +11,20 @@ UNAME=$(uname)
# Dynamic window title via https://stackoverflow.com/a/20772424
## BREAKS TMUX TITLE CHANGING WHICH IS BETTER THAN THIS.
#case $TERM in
# (*xterm* | *rxvt*)
# (*xterm* | *rxvt*)
# Write some info to terminal title.
# This is seen when the shell prompts for input.
# function precmd {
# print -Pn "\e]0;zsh%L %(1j,%j job%(2j|s|); ,)%~\a"
# print -Pn "\e]0;zsh%L %(1j,%j job%(2j|s|); ,)%~\a"
# }
# Write command and args to terminal title.
# This is seen while the shell waits for a command to complete.
# function preexec {
# printf "\033]0;%s\a" "$1"
# printf "\033]0;%s\a" "$1"
# }
#
# ;;
#;;
#esac
# enable terminal bell
@ -232,7 +232,7 @@ alias nmap-quick-plus="sudo nmap -sV -T4 -O -F --version-light "
alias nmap-traceroute="sudo nmap -sP -PE -PS22,25,80 -PA21,23,80,3389 -PU -PO --traceroute "
alias nmap-regular="nmap "
alias nmap-comprehensive="sudo nmap -sS -sU -T4 -A -v -PE -PP -PS21,22,23,25,80,113,31339 -PA80,113,443,10042 -PO --script all "
# Little "safer" scan as connecting to only HTTP and HTTPS ports doesn't look so attacking. Copy-paste to .zsh_custom and remove " -p 80,443" if you want to scan all ports which nmap scans by default.
# Little "safer" scan as connecting to only HTTP and HTTPS ports doesn't look so attacking. Copy-paste to .zsh_custom and remove" -p 80,443" if you want to scan all ports which nmap scans by default.
alias nmap-osscan="sudo nmap -p 80,443 -O -v --osscan-guess --fuzzy "
# Downloads folder over SSH. Usage: rdownload <host>:<remotefolder> <local_destination> | TIP: use ~/ssh/config to configure hosts.
@ -281,7 +281,7 @@ if [[ $UNAME = Darwin ]]; then
alias l="ls -CFGp"
fi
# Add an "alert" alias for long running commands. Use like so:
# Add an "alert" alias for long running commands. Use like so:
alias alert='notify-send --urgency=low -i "$([ $? = 0 ] && echo terminal || echo error)" "$(history|tail -n1|sed -e '\''s/^\s*[0-9]\+\s*//;s/[;&|]\s*alert$//'\'')"'
## -- End of aliases which are saved from Ubuntu default bashrc. --
@ -507,7 +507,7 @@ alias mpvms="mpv --no-video --shuffle"
# Compatibility with my i3 alsactl mess
if [ -f ~/.config/asound.state ]
then
alias alsactl="\alsactl -f ~/.config/asound.state"
alias alsactl="\alsactl -f ~/.config/asound.state"
fi
# More simple SSH file signing, ~/.ssh/signingkey.pub should be a symlink
@ -550,26 +550,26 @@ function ex ()
{
if [ -f "$1" ] ; then
case "$1" in
*.tar) tar xvf $1 ;;
*.tar.bz2 | *.tbz2 ) tar xjvf $1 ;;
*.tar.gz | *.tgz ) tar xzvf $1 ;;
*.bz2) bunzip2 $1 ;;
*.rar) unrar x $1 ;;
*.gz) gunzip $1 ;;
*.zip) unzip $1 ;;
*.Z) uncompress $1 ;;
*.7z) 7z x $1 ;;
*.xz) tar xJvf $1 ;;
*.deb)
DIR=${1%%_*.deb}
ar xv $1
mkdir ${DIR}
tar -C ${DIR} -xzvf data.tar.gz ;;
*.rpm) rpm2cpio $1 | cpio -vid ;;
*) echo ""${1}" cannot be extracted via extract()"
*.tar) tar xvf $1 ;;
*.tar.bz2 | *.tbz2 ) tar xjvf $1 ;;
*.tar.gz | *.tgz ) tar xzvf $1 ;;
*.bz2) bunzip2 $1 ;;
*.rar) unrar x $1 ;;
*.gz) gunzip $1 ;;
*.zip) unzip $1 ;;
*.Z) uncompress $1 ;;
*.7z) 7z x $1 ;;
*.xz) tar xJvf $1 ;;
*.deb)
DIR=${1%%_*.deb}
ar xv $1
mkdir ${DIR}
tar -C ${DIR} -xzvf data.tar.gz ;;
*.rpm) rpm2cpio $1 | cpio -vid ;;
*) echo ""${1}" cannot be extracted via extract()"
;;
esac
else
else
echo ""${1}" is not a valid file"
fi
}

14
var/lib/iwd/README.md
View File

@ -5,15 +5,15 @@ NetworkManager.
Notes:
* `git commit`ing the same SSID with different capitalisations breaks
- `git commit`ing the same SSID with different capitalisations breaks
Windows and more common macOS setups due to their filesystems being
case-insensitive.
* `Settings.AutoConnect=true` is unnecessary as it defaults to true
- `Settings.AutoConnect=true` is unnecessary as it defaults to true
according to `man iwd.network`.
* `IPv6.Enabled=true` defauls to true being also unnecessary.
* `private-home-sample.psk` has a comment on MAC address override and sends
hostname with IPv4 DHCP. `private-cafe-sample.psk` always randomizes MAC
address and doesn't send hostname.
* The `.open` networks always randomize MAC address too. If a network is
- `IPv6.Enabled=true` defauls to true being also unnecessary.
- `private-home-sample.psk` has a comment on MAC address override and sends
hostname with IPv4 DHCP. `private-cafe-sample.psk` always randomizes MAC
address and doesn't send hostname.
- The `.open` networks always randomize MAC address too. If a network is
private and needs MAC address for captive portal override or something,
`private-home-sample.psk` should be adjusted from.