.pre-commit-config.yaml: python doesn't need the minor version

.gitignore

@@ -14,6 +14,7 @@
 !.nvmrc
 !.pre-commit-config.yaml
 !.prettierignore
+!.python-version
 !.renovate-shared.json*
 !.reuse
 

.pre-commit-config.yaml

@@ -10,8 +10,10 @@ ci:
   autoupdate_schedule: quarterly
 
 default_language_version:
-  node: lts
-  ruby: .ruby-version
+  node: "lts"
+  # Remember .python-version !
+  python: "3.12"
+  ruby: ".ruby-version"
 
 repos:
   - repo: https://github.com/pre-commit/pre-commit-hooks

.python-version

@@ -0,0 +1 @@
+3.12.4

etc/sysctl.d/00-ptrace-restricted.conf

@@ -1,5 +1,8 @@
 # Only let child processes to be debugged
 # https://www.kernel.org/doc/html/latest/admin-guide/LSM/Yama.html
 #kernel.yama.ptrace_scope = 1
-# Disable debuggers entirely
-kernel.yama.ptrace_scope = 3
+# Only processes with CAP_SYS_PTRACE capability are allowed unless children
+# call PTRACE_TRACEME.
+kernel.yama.ptrace_scope = 2
+# Disable debuggers entirely. Cannot be unset [without reboot].
+#kernel.yama.ptrace_scope = 3

etc/systemd/system/.gitignore

@@ -0,0 +1 @@
+ssh.service.d

etc/systemd/system/aminda-duperemove.service.d/rootfs.conf

@@ -0,0 +1,6 @@
+[Service]
+# This drop-in will make the service deduplicate everything.
+# WARNING: This is most likely a bad idea. My excuse is this system being on
+# a small USB STICK with nothing important on it, what is yours?
+ExecStart=
+ExecStart=-/usr/bin/duperemove -rdhq --hashfile=/root/rootfs.hash /

etc/systemd/system/aminda-nocron-reboot.service

@@ -5,8 +5,10 @@ Wants=sysctl-p--system.service
 [Service]
 Type=oneshot
 TimeoutStartSec=infinity
-# - means it can fail, without failing those after it
-# I always want DNS.
+# - means it can fail, without failing those after it.
+# These aren't given --now as THEY WOULD INFINITE LOOP.
+ExecStartPre=-/usr/bin/systemctl enable aminda-nocron-rebootish.service
+ExecStartPre=-/usr/bin/systemctl enable  aminda-nocron-rebootish.timer
 ExecStartPre=-/usr/bin/systemctl enable --now unbound.service
 ExecStartPre=-/usr/bin/systemctl enable --now systemd-resolved.service
 ExecStartPre=-/usr/sbin/sysctl net.ipv6.conf.all.disable_ipv6=0

etc/systemd/system/aminda-nocron-rebootish.service

@@ -6,6 +6,8 @@ Type=oneshot
 TimeoutStartSec=infinity
 # - means it can fail, without failing those after it
 # Another attempt at ensuring Yggdrasil works with nordvpnd
+ExecStartPre=-/usr/bin/systemctl enable --now aminda-nocron-reboot.service
+ExecStartPre=-/usr/bin/systemctl enable --now aminda-nocron-reboot.timer
 ExecStartPre=-/usr/sbin/sysctl net.ipv6.conf.all.disable_ipv6=0
 ExecStartPre=-/usr/bin/systemctl enable --now tlp
 ExecStart=-/usr/bin/systemctl restart yggdrasil.service

etc/systemd/system/ssh.service.d

@@ -0,0 +1 @@
+sshd.service.d

etc/systemd/system/sshd.service.d/never-fail.conf

@@ -0,0 +1 @@
+../service.d/never-fail.conf

etc/systemd/user/nordvpn-off.service

@@ -0,0 +1,6 @@
+[Unit]
+Description=Disconnect and disable NordVPN on user systemd start
+
+[Service]
+Type=oneshot
+ExecStart=/usr/local/bin/nordvpn-off

etc/systemd/user/nordvpn-off.timer

@@ -0,0 +1,11 @@
+[Unit]
+Description=Turn off NordVPN on login
+
+[Timer]
+OnUnitActiveSec=1
+OnBootSec=2
+RandomizedDelaySec=3
+Persistent=true
+
+[Install]
+WantedBy=timers.target

etc/xdg/autostart/kgx-tmux.desktop

@@ -0,0 +1,10 @@
+[Desktop Entry]
+Version=1.0
+Type=Application
+NoDisplay=true
+Terminal=true
+Exec=kgx --command="sh --norc -c tmux"
+Name=Tmux in Console
+Name[fi]=Tmux Consolessa
+Comment=Command line autostart
+Comment[fi]=Komentorivin automaattikäynnistys

rc/bashrc

@@ -311,7 +311,7 @@ fi
 
 # https://github.com/pyenv/pyenv
 if [ -d ~/.pyenv/bin ]; then
-	PATH="$HOME/.pyenv/bin:$PATH"
+	PATH="$HOME/.pyenv/bin:$HOME/.pyenv/shims:$PATH"
 	pyenv init > /dev/null 2>&1
 	# Worth considering (and verifying before running)
 	# git clone https://github.com/pyenv/pyenv-virtualenv.git $(pyenv root)/plugins/pyenv-virtualenv

rc/zshrc

@@ -276,7 +276,7 @@ fi
 
 # https://github.com/pyenv/pyenv
 if [ -d ~/.pyenv/bin ]; then
-	PATH="$HOME/.pyenv/bin:$PATH"
+	PATH="$HOME/.pyenv/bin:$HOME/.pyenv/shims:$PATH"
 	pyenv init > /dev/null 2>&1
 	# Worth considering (and verifying before running)
 	# git clone https://github.com/pyenv/pyenv-virtualenv.git $(pyenv root)/plugins/pyenv-virtualenv

var/spool/cron/root

@@ -1,3 +1,6 @@
+# Workaround it appearing to break SSH especially on family PC
+@reboot /bin/bash -c "/bin/nordvpn set killswitch off;/usr/bin/systemctl disable --now nordvpnd.{service.socket} --quiet"
+
 # Ensure /etc/sysctl.d/ gets read
 @reboot /usr/sbin/sysctl -p --system >/dev/null 2>&1