Mikaela/shell-things
1
0
Fork 0
mirror of https://gitea.blesmrt.net/mikaela/shell-things.git synced 2025-06-27 09:47:20 +02:00
Code Issues Projects Releases Wiki Activity

Compare commits

base: Mikaela:8586fd7dc108af86d3738cb521ec72ebd4522338
Branches Tags
Mikaela:cxefa
...
compare: Mikaela:ec235e7f9019311e9ac988604c1b070e9583f961
Branches Tags
Mikaela:cxefa

11 Commits
8586fd7dc1 ... ec235e7f90

Author SHA1 Message Date
Aminda Suomalainen
ec235e7f90
.pre-commit-config.yaml: python doesn't need the minor version 2024-07-23 18:05:09 +03:00
Aminda Suomalainen
ed3cd60a42
xdg/autostart: tmux in kgx 2024-07-23 17:38:08 +03:00
Aminda Suomalainen
70b7380e8f
aminda-nocron: ensure at least one of these runs sometime 2024-07-23 17:29:53 +03:00
Aminda Suomalainen
b3e2989c19
systemd: add user units nordvpn-off.{service,timer} 2024-07-23 17:17:18 +03:00
Aminda Suomalainen
ee8720a71b
{bash,zsh}rc: add pyenv shims to $PATH 2024-07-23 15:48:21 +03:00
Aminda Suomalainen
d630796e6d
introduce pyenv to the repo 2024-07-23 15:47:59 +03:00
Aminda Suomalainen
6362661113
sysctl.d/00-ptrace-restricted.conf: drop from 3 to 2 (no to admin-only) 2024-07-23 15:18:35 +03:00
Aminda Suomalainen
d5c7bc8160
.pre-commit-config.yaml: Kali Linux compatibility (will this break something else?) 2024-07-23 15:10:29 +03:00
Aminda Suomalainen
58dc23dae4
systemd/aminda-duperemove.service: add a drop-in rootfs.conf 2024-07-23 15:01:10 +03:00
Aminda Suomalainen
d98b2ebd22
crontab: workaround nordvpn breaking ssh remotely 2024-07-23 12:45:16 +03:00
Aminda Suomalainen
28b72a211a
sshd.service.d: never-fail 2024-07-23 12:41:39 +03:00
16 changed files with 58 additions and 8 deletions
Show Stats Expand all files Collapse all files

1
.gitignore vendored
View File

@ -14,6 +14,7 @@
!.nvmrc !.nvmrc
!.pre-commit-config.yaml !.pre-commit-config.yaml
!.prettierignore !.prettierignore
!.python-version
!.renovate-shared.json* !.renovate-shared.json*
!.reuse !.reuse

6
.pre-commit-config.yaml
View File

@ -10,8 +10,10 @@ ci:
autoupdate_schedule: quarterly autoupdate_schedule: quarterly
default_language_version: default_language_version:
node: lts node: "lts"
ruby: .ruby-version # Remember .python-version !
python: "3.12"
ruby: ".ruby-version"
repos: repos:
- repo: https://github.com/pre-commit/pre-commit-hooks - repo: https://github.com/pre-commit/pre-commit-hooks

1
.python-version Normal file
View File

@ -0,0 +1 @@
3.12.4

7
etc/sysctl.d/00-ptrace-restricted.conf
View File

@ -1,5 +1,8 @@
# Only let child processes to be debugged # Only let child processes to be debugged
# https://www.kernel.org/doc/html/latest/admin-guide/LSM/Yama.html # https://www.kernel.org/doc/html/latest/admin-guide/LSM/Yama.html
#kernel.yama.ptrace_scope = 1 #kernel.yama.ptrace_scope = 1
# Disable debuggers entirely # Only processes with CAP_SYS_PTRACE capability are allowed unless children
kernel.yama.ptrace_scope = 3 # call PTRACE_TRACEME.
kernel.yama.ptrace_scope = 2
# Disable debuggers entirely. Cannot be unset [without reboot].
#kernel.yama.ptrace_scope = 3

1
etc/systemd/system/.gitignore vendored Normal file
View File

@ -0,0 +1 @@
ssh.service.d

6
etc/systemd/system/aminda-duperemove.service.d/rootfs.conf Normal file
View File

@ -0,0 +1,6 @@
[Service]
# This drop-in will make the service deduplicate everything.
# WARNING: This is most likely a bad idea. My excuse is this system being on
# a small USB STICK with nothing important on it, what is yours?
ExecStart=
ExecStart=-/usr/bin/duperemove -rdhq --hashfile=/root/rootfs.hash /

6
etc/systemd/system/aminda-nocron-reboot.service
View File

@ -5,8 +5,10 @@ Wants=sysctl-p--system.service
[Service] [Service]
Type=oneshot Type=oneshot
TimeoutStartSec=infinity TimeoutStartSec=infinity
# - means it can fail, without failing those after it # - means it can fail, without failing those after it.
# I always want DNS. # These aren't given --now as THEY WOULD INFINITE LOOP.
ExecStartPre=-/usr/bin/systemctl enable aminda-nocron-rebootish.service
ExecStartPre=-/usr/bin/systemctl enable aminda-nocron-rebootish.timer
ExecStartPre=-/usr/bin/systemctl enable --now unbound.service ExecStartPre=-/usr/bin/systemctl enable --now unbound.service
ExecStartPre=-/usr/bin/systemctl enable --now systemd-resolved.service ExecStartPre=-/usr/bin/systemctl enable --now systemd-resolved.service
ExecStartPre=-/usr/sbin/sysctl net.ipv6.conf.all.disable_ipv6=0 ExecStartPre=-/usr/sbin/sysctl net.ipv6.conf.all.disable_ipv6=0

2
etc/systemd/system/aminda-nocron-rebootish.service
View File

@ -6,6 +6,8 @@ Type=oneshot
TimeoutStartSec=infinity TimeoutStartSec=infinity
# - means it can fail, without failing those after it # - means it can fail, without failing those after it
# Another attempt at ensuring Yggdrasil works with nordvpnd # Another attempt at ensuring Yggdrasil works with nordvpnd
ExecStartPre=-/usr/bin/systemctl enable --now aminda-nocron-reboot.service
ExecStartPre=-/usr/bin/systemctl enable --now aminda-nocron-reboot.timer
ExecStartPre=-/usr/sbin/sysctl net.ipv6.conf.all.disable_ipv6=0 ExecStartPre=-/usr/sbin/sysctl net.ipv6.conf.all.disable_ipv6=0
ExecStartPre=-/usr/bin/systemctl enable --now tlp ExecStartPre=-/usr/bin/systemctl enable --now tlp
ExecStart=-/usr/bin/systemctl restart yggdrasil.service ExecStart=-/usr/bin/systemctl restart yggdrasil.service

1
etc/systemd/system/ssh.service.d Symbolic link
View File

@ -0,0 +1 @@
sshd.service.d

1
etc/systemd/system/sshd.service.d/never-fail.conf Symbolic link
View File

@ -0,0 +1 @@
../service.d/never-fail.conf

6
etc/systemd/user/nordvpn-off.service Normal file
View File

@ -0,0 +1,6 @@
[Unit]
Description=Disconnect and disable NordVPN on user systemd start
[Service]
Type=oneshot
ExecStart=/usr/local/bin/nordvpn-off

11
etc/systemd/user/nordvpn-off.timer Normal file
View File

@ -0,0 +1,11 @@
[Unit]
Description=Turn off NordVPN on login
[Timer]
OnUnitActiveSec=1
OnBootSec=2
RandomizedDelaySec=3
Persistent=true
[Install]
WantedBy=timers.target

10
etc/xdg/autostart/kgx-tmux.desktop Normal file
View File

@ -0,0 +1,10 @@
[Desktop Entry]
Version=1.0
Type=Application
NoDisplay=true
Terminal=true
Exec=kgx --command="sh --norc -c tmux"
Name=Tmux in Console
Name[fi]=Tmux Consolessa
Comment=Command line autostart
Comment[fi]=Komentorivin automaattikäynnistys

2
rc/bashrc
View File

@ -311,7 +311,7 @@ fi
# https://github.com/pyenv/pyenv # https://github.com/pyenv/pyenv
if [ -d ~/.pyenv/bin ]; then if [ -d ~/.pyenv/bin ]; then
PATH="$HOME/.pyenv/bin:$PATH" PATH="$HOME/.pyenv/bin:$HOME/.pyenv/shims:$PATH"
pyenv init > /dev/null 2>&1 pyenv init > /dev/null 2>&1
# Worth considering (and verifying before running) # Worth considering (and verifying before running)
# git clone https://github.com/pyenv/pyenv-virtualenv.git $(pyenv root)/plugins/pyenv-virtualenv # git clone https://github.com/pyenv/pyenv-virtualenv.git $(pyenv root)/plugins/pyenv-virtualenv

2
rc/zshrc
View File

@ -276,7 +276,7 @@ fi
# https://github.com/pyenv/pyenv # https://github.com/pyenv/pyenv
if [ -d ~/.pyenv/bin ]; then if [ -d ~/.pyenv/bin ]; then
PATH="$HOME/.pyenv/bin:$PATH" PATH="$HOME/.pyenv/bin:$HOME/.pyenv/shims:$PATH"
pyenv init > /dev/null 2>&1 pyenv init > /dev/null 2>&1
# Worth considering (and verifying before running) # Worth considering (and verifying before running)
# git clone https://github.com/pyenv/pyenv-virtualenv.git $(pyenv root)/plugins/pyenv-virtualenv # git clone https://github.com/pyenv/pyenv-virtualenv.git $(pyenv root)/plugins/pyenv-virtualenv

3
var/spool/cron/root
View File

@ -1,3 +1,6 @@
# Workaround it appearing to break SSH especially on family PC
@reboot /bin/bash -c "/bin/nordvpn set killswitch off;/usr/bin/systemctl disable --now nordvpnd.{service.socket} --quiet"
# Ensure /etc/sysctl.d/ gets read # Ensure /etc/sysctl.d/ gets read
@reboot /usr/sbin/sysctl -p --system >/dev/null 2>&1 @reboot /usr/sbin/sysctl -p --system >/dev/null 2>&1