{bash,zsh}rc: improve the pacman alias

to help me with linux-lts on Sedric which somehow neded up to Arch Linux

.gitignore

@@ -11,6 +11,7 @@
 !.mailmap
 !.mikaela
 !.mikaela_install
+!.npmrc
 !.nvmrc
 !.pre-commit-config.yaml
 !.prettierignore

.mikaela_install

@@ -1,34 +1,51 @@
 #!/usr/bin/env bash
-# Do not use this script unless you know what you are doing! And even when you
-# are me and know what you are doing, this is a poor practice I really should
-# stop.
+# Do not use this script unless you know what you are doing! And even when
+# thou art I, and know what thou art doing, this is a poor practice I really
+# should stop.
 set -x
 
+# If the latest commit cannot be verified, exit to error.
 git verify-commit HEAD || exit 1
 
+# Place my personal more questionable aliases in place, except that I don't
+# actually use them as I keep forgetting about them.
 cat .mikaela/bash_aliases >~/.bash_aliases
 cat .mikaela/zsh_aliases >~/.zsh_aliases
 
+# I still question whether xinitrc gets read under wayland, but I am not
+# about to start removing this legacy config, just in case of something
+# unexpected.
 cat rc/xinitrc >~/.xinitrc
 
+# My gnupg configuration with questionable options such as always
+# encrypting to me, so paws off.
 mkdir -p ~/.gnupg
 cat .mikaela/gpg.conf >~/.gnupg/gpg.conf
 
+# my name and all in pastes made through pastebinit, if it still even exists
 cat .mikaela/pastebinit.xml >~/.pastebinit.xml
 
+# may change your language to Finnish or do other fun someone else than I
+# wouldn't expect
 cat .mikaela/environment >~/.environment
 
+# my git configuration including the names, addresses, public keys, etc.
 mkdir ~/.config/git
-#cat .mikaela/gitconfig >~/.config/git/config
 git config --global --add include.path '~/.shell-things/.mikaela/gitconfig'
 cat .gitattributes >~/.config/git/attributes
 
+# unless thou art I, thou don't want my authorized_keys on your system.
 mkdir -p ~/.ssh
 cat .mikaela/keys/authorized_keys >~/.ssh/authorized_keys
 cat etc/ssh/ssh_config >~/.ssh/config
 
+# Text editor configuration (with a lot of bloat) that shouldn't be reached
+# anyway since every project should have its own not so bloated editorconfig.
 cat .editorconfig >~/.editorconfig
 
+# Is Firefox installed to the location I generally use? Then apply my
+# autoconfigs. These are very surprising and unexpected unless thou art I,
+# thou have been warned.
 if [ -d ~/.local/firefox/defaults/pref/ ]; then
 	cat conf/autoconfig.js >~/.local/firefox/defaults/pref/autoconfig.js
 	#cat conf/librewolf.overrides.cfg >~/.local/firefox/librewolf.overrides.cfg
@@ -42,6 +59,8 @@ cat conf/firefox-forbidden-policies.js >~/.librewolf/librewolf.overrides.cfg
 #cat conf/librewolf.overrides.cfg >~/.var/app/io.gitlab.librewolf-community/.librewolf/librewolf.overrides.cfg
 cat conf/firefox-forbidden-policies.js >~/.var/app/io.gitlab.librewolf-community/.librewolf/librewolf.overrides.cfg
 
+# Mainly KDE Plasma Integration extension support, but there may be GNOME
+# and similar there too
 mkdir -p ~/.mozilla/native-messaging-hosts
 if [ -d /usr/lib64/mozilla/native-messaging-hosts/ ]; then
 	cp -v /usr/lib64/mozilla/native-messaging-hosts/* ~/.mozilla/native-messaging-hosts
@@ -49,17 +68,20 @@ elif [ -d /usr/lib/mozilla/native-messaging-hosts/ ]; then
 	cp -v /usr/lib/mozilla/native-messaging-hosts/ ~/.mozilla/native-messaging-hosts
 fi
 
+# Desktop menu integration
 mkdir -p ~/.local/share/applications
 ln -nsfv ~/.shell-things/local/share/applications ~/.local/share/applications/shell-things
 mkdir -p ~/.local/share/icons/hicolor/128x128/apps/
 ln -nsfv ~/.local/firefox/browser/chrome/icons/default/default128.png ~/.local/share/icons/hicolor/128x128/apps/a-firefox.png
 
+# Update desktop menu entries
 if hash update-desktop-database 2>/dev/null; then
 	update-desktop-database ~/.local/share/applications
 fi
 
+# Set a marker that this script has been used for the main script to read
 touch ~/.MIKAELA_GREP
 
 set +x
 
-# vim : set ft=sh :
+# vim : set ft=bash :

.npmrc

@@ -0,0 +1 @@
+manage-package-manager-versions=true

.pre-commit-config.yaml

@@ -1,5 +1,3 @@
-# @format
-
 # See https://pre-commit.com for more information
 # See https://pre-commit.ci for more information
 ci:
@@ -35,6 +33,7 @@ repos:
       - id: destroyed-symlinks
       - id: detect-private-key
       - id: fix-byte-order-marker
+      - id: check-merge-conflict
       - id: mixed-line-ending
         args: [--fix=auto]
       - id: pretty-format-json
@@ -62,6 +61,12 @@ repos:
       - id: doctoc
         # https://github.com/Mikaela/gist/blob/master/doctoc.txt
         args: [--update-only, --notitle]
+        #args:  [
+        #    --update-only,
+        #    --title,
+        #    '<em lang="fi">Automaattinen sisällysluettelo</em> / <em
+        #    lang="en">Automatically generated Table of Contents</em>',
+        #  ]
 
   # GitHub Actions etc. configuration validity checking
   - repo: https://github.com/python-jsonschema/check-jsonschema

chmod

@@ -29,4 +29,15 @@ chmod -v 700 ~/.ssh
 touch ~/.ssh/authorized_keys
 chmod -v 600 ~/.ssh/authorized_keys
 
+# if we have support for setting ACL, some of this becomes easier (although maybe redundant)
+if hash setfacl 2> /dev/null; then
+	setfacl --modify u:$(id -un):rw,g:$(id -gn):r,o:r ~/.oidentd.conf
+	setfacl --recursive --modify u:$(id -un):rwX,g:$(id -gn):rX,o:rX ~/public_html/
+
+	# Enabling laziness pt. …
+	if [[ -d ~/.shell-things ]]; then
+		setfacl --recursive --modify u:$(id -un):rwX,g:$(id -gn):rX,o:rX ~/.shell-things/
+	fi
+fi
+
 set +x

conf/Dark-Reader-Settings.json

@@ -0,0 +1,83 @@
+{
+	"automation": {
+		"behavior": "OnOff",
+		"enabled": true,
+		"mode": "system"
+	},
+	"automationBehaviour": "OnOff",
+	"changeBrowserTheme": true,
+	"customThemes": [],
+	"detectDarkTheme": true,
+	"disabledFor": [],
+	"displayedNews": [
+		"mobile",
+		"thanks-2023"
+	],
+	"enableContextMenus": true,
+	"enableForPDF": true,
+	"enableForProtectedPages": true,
+	"enabled": true,
+	"enabledByDefault": true,
+	"enabledFor": [],
+	"fetchNews": true,
+	"location": {
+		"latitude": null,
+		"longitude": null
+	},
+	"notifyOfNews": false,
+	"presets": [],
+	"previewNewDesign": true,
+	"readNews": [
+		"mobile",
+		"detect-dark-theme",
+		"no-war",
+		"chrome-favorites-2021",
+		"thanks-2021",
+		"5m-users",
+		"v4-9-16",
+		"v4-9",
+		"attention",
+		"dr-5-announcement",
+		"2m-users",
+		"automation",
+		"product-hunt-golden-kitty-2018",
+		"time-settings",
+		"safari",
+		"500k-users",
+		"stylish",
+		"product-hunt",
+		"custom-site-settings",
+		"thanks-for-contribution",
+		"dynamic-theme",
+		"thanks-2023"
+	],
+	"schemeVersion": 0,
+	"syncSettings": true,
+	"syncSitesFixes": true,
+	"theme": {
+		"brightness": 100,
+		"contrast": 100,
+		"darkColorScheme": "Default",
+		"darkSchemeBackgroundColor": "#000000",
+		"darkSchemeTextColor": "#ffb700",
+		"engine": "dynamicTheme",
+		"fontFamily": "system-ui",
+		"grayscale": 0,
+		"immediateModify": true,
+		"lightColorScheme": "Default",
+		"lightSchemeBackgroundColor": "#dcdad7",
+		"lightSchemeTextColor": "#181a1b",
+		"mode": 1,
+		"scrollbarColor": "auto",
+		"selectionColor": "auto",
+		"sepia": 0,
+		"styleSystemControls": true,
+		"stylesheet": "",
+		"textStroke": 0,
+		"useFont": true
+	},
+	"time": {
+		"activation": "18:00",
+		"deactivation": "9:00"
+	}
+}

conf/firefox-forbidden-policies.js

@@ -20,16 +20,16 @@ lockPref("cookiebanners.service.mode.privateBrowsing", 2);
 
 // I can set my preferred fonts in an order! :O
 // but obviously this is forbidden in policies.json!
-//lockPref("font.default.el", "serif");
-//lockPref("font.default.x-cyrillic", "serif");
-clearPref("font.default.el");
-clearPref("font.default.x-cyrillic");
-//lockPref("font.default.x-western", "serif");
-clearPref("font.default.x-western");
-// lockPref(
-// 	"font.name-list.monospace.x-cyrillic",
-// 	"Noto Shanns Mono, monospace",
-// );
+lockPref("font.default.el", "serif");
+lockPref("font.default.x-cyrillic", "serif");
+//clearPref("font.default.el");
+//clearPref("font.default.x-cyrillic");
+lockPref("font.default.x-western", "serif");
+//clearPref("font.default.x-western");
+lockPref(
+	"font.name-list.monospace.x-cyrillic",
+	"Roboto Mono, Noto Sans Mono, monospace",
+);
 lockPref(
 	"font.name-list.monospace.x-western",
 	"Roboto Mono, Noto Sans Mono, monospace",
@@ -55,30 +55,31 @@ lockPref("font.name-list.serif.x-western", "Roboto Serif, Noto Serif, serif");
 //clearPref("font.name-list.serif.x-western");
 //
 //lockPref("font.name.monospace.el", "Liberation Mono");
-clearPref("font.name.monospace.el", "Liberation Mono");
+clearPref("font.name.monospace.el");
 //lockPref("font.name.monospace.x-cyrillic", "Liberation Mono");
-clearPref("font.name.monospace.x-cyrillic", "Liberation Mono");
+clearPref("font.name.monospace.x-cyrillic");
 //lockPref("font.name.monospace.x-western", "Liberation Mono");
-clearPref("font.name.monospace.x-western", "Liberation Mono");
+clearPref("font.name.monospace.x-western");
 //
 //lockPref("font.name.sans-serif.el", "Liberation Sans");
 clearPref("font.name.sans-serif.el");
 //lockPref("font.name.sans-serif.x-cyrillic", "Liberation Sans");
-clearPref("font.name.sans-serif.x-cyrillic", "Liberation Sans");
+clearPref("font.name.sans-serif.x-cyrillic");
 //lockPref("font.name.sans-serif.x-western", "Liberation Sans");
-clearPref("font.name.sans-serif.x-western", "Liberation Sans");
+clearPref("font.name.sans-serif.x-western");
 //
 //lockPref("font.name.serif.el", "Liberation Serif");
-clearPref("font.name.serif.el", "Liberation Serif");
+clearPref("font.name.serif.el");
 //lockPref("font.name.serif.x-cyrillic", "Liberation Serif");
-clearPref("font.name.serif.x-cyrillic", "Liberation Serif");
+clearPref("font.name.serif.x-cyrillic");
 //lockPref("font.name.serif.x-western", "Liberation Serif");
-clearPref("font.name.serif.x-western", "Liberation Serif");
+clearPref("font.name.serif.x-western");
 // Allow these fonts regardless of the fingerprinting resistance
 lockPref(
 	"font.system.whitelist",
-	"Liberation Serif, Tinos, Times New Roman, Liberation Sans, Arimo, Arial, Liberation Mono, Cousine, Courier New, Noto Sans, Noto Serif, Noto Mono, OpenDyslexic, Noto Emoji, Noto Color Emoji, Comic Neue, Comic Neue Angular, Comic Neue Angular Light, Comic Neue Angular Light Italic, Comic Neue Light, Twemoji Mozilla, Noto Sans CJK JP, Noto Math, Noto Music, Roboto, Roboto Serif, Roboto Mono, Roboto Flex",
+	"Arimo, Comic Neue, Comic Neue Angular, Comic Neue Angular Light, Comic Neue Angular Light Italic, Comic Neue Light, Cousine, Liberation Mono, Liberation Sans, Liberation Serif, Noto Color Emoji, Noto Emoji, Noto Math, Noto Mono, Noto Sans, Noto Sans CJK JP, Noto Music, Roboto, Roboto Flex, Roboto Mono, Roboto Serif, Tinos, Twemoji Mozilla",
 );
+//clearPref("font.system.whitelist");
 
 // Play animated images only once, accessibility.
 lockPref("image.animation.mode", "once");
@@ -121,10 +122,6 @@ lockPref("reader.parse-on-load.force-enabled", true);
 // Ensure OCSP stapling is enabled, especially if the server has it
 lockPref("security.ssl.enable_ocsp_must_staple", true);
 
-// TODO: Consider removing this when ESR updates as only it needs this for
-// ECH, which is otherwise the default=
-lockPref("security.tls.ech.grease_http3", true);
-
 // New sidebar
 lockPref("sidebar.revamp", true);
 

efi/loader/loader.conf

@@ -1,3 +1,4 @@
+default @saved
 timeout 3
 console-mode auto
 beep true

etc/dracut.conf.d/99-cmdline.conf.sedric

@@ -1,2 +1,2 @@
-kernel_cmdline="root=UUID=c3df30ca-878b-4125-bcb4-ba3ba4398efd rw rd.lvm.lv=fedora_localhost-live/root rd.luks.uuid=luks-f9a33e19-4176-44b3-8e06-2ee7fb70f3d0 mitigations=auto,nosmt btusb.force_scofix=1 btusb.enable_autosuspend=0 cpufreq.default_governor=schedutil rd.driver.blacklist=nouveau modprobe.blacklist=nouveau"
+kernel_cmdline="root=UUID=c3df30ca-878b-4125-bcb4-ba3ba4398efd rw rootflags=subvol=root rd.lvm.lv=fedora_localhost-live/root rd.luks.uuid=luks-f9a33e19-4176-44b3-8e06-2ee7fb70f3d0 mitigations=auto,nosmt btusb.force_scofix=1 btusb.enable_autosuspend=0 cpufreq.default_governor=schedutil rd.driver.blacklist=nouveau modprobe.blacklist=nouveau"
 # vim: filetype=conf

etc/dracut.conf.d/99-hostonly.conf

@@ -0,0 +1,3 @@
+# takes more space, but permits you to perform filesystem conversion
+# and other questionable activities
+hostonly="no"

etc/dracut.conf.d/hostonly.conf

@@ -1 +0,0 @@
-hostonly="yes"

etc/dracut.conf.d/omit_modules.conf

@@ -1 +1,2 @@
 omit_dracutmodules+=" plymouth kernel-modules-extra network-manager network-legacy connman systemd-networkd i18n net-lib kernel-network-modules qemu qemu-net kernel-modules-asahi nfs asahi-firmware network cifs iscsi nvmf "
+# vim: filetype=conf

etc/dracut.conf.d/omit_modules.conf.sedric

@@ -1,2 +1,2 @@
-omit_dracutmodules+=" plymouth tpm2-tss kernel-modules-extra network-manager network-legacy connman systemd-networkd i18n network net-lib kernel-network-modules qemu qemu-net kernel-modules-asahi nfs asahi-firmware network cifs iscsi nvmf "
+omit_dracutmodules+=" plymouth tpm2-tss systemd-pcrphase kernel-modules-extra network-manager network-legacy connman systemd-networkd i18n network net-lib kernel-network-modules qemu qemu-net kernel-modules-asahi nfs asahi-firmware network cifs iscsi nvmf fcoe fcoe-uefi "
 # vim: filetype=conf

etc/firefox/policies/policies.json

@@ -159,6 +159,8 @@
 			"InvalidCertificate": true,
 			"SafeBrowsing": false
 		},
+		"DisableTelemetry": true,
+		"DisableTelemetry_comment": "Protesting Mozilla becoming an Advertising company and less trustworthy entity through 'Privacy Preserving Attribution' / Mozilla Anonym. https://github.com/mozilla/policy-templates/issues/1130",
 		"DisplayBookmarksToolbar": "never",
 		"DontCheckDefaultBrowser": true,
 		"EnableTrackingProtection": {
@@ -185,6 +187,10 @@
 				"install_url": "https://addons.mozilla.org/firefox/downloads/latest/multi-account-container/latest.xpi",
 				"installation_mode": "normal_installed"
 			},
+			"addon@darkreader.org": {
+				"install_url": "https://addons.mozilla.org/firefox/downloads/latest/darkreader/latest.xpi",
+				"installation_mode": "normal_installed"
+			},
 			"jid1-MnnxcxisBPnSXQ-eff@jetpack": {
 				"comment": "While this won't sync and requires manually enabling the other one when the policy is missing, it's less confusing for the automatic configuration not existing. Additionally I have some suspicion towards Mozilla Anonym.",
 				"install_url": "https://www.eff.org/files/privacy-badger-latest.xpi",
@@ -235,6 +241,10 @@
 				"install_url": "https://addons.mozilla.org/firefox/downloads/latest/privacy-pass/latest.xpi",
 				"installation_mode": "force_installed"
 			},
+			"{6a65273e-2b26-40f5-b66e-8eed317307da}": {
+				"install_url": "https://addons.mozilla.org/firefox/downloads/latest/new-tab-suspender/latest.xpi",
+				"installation_mode": "force_installed"
+			},
 			"{8e41107d-2be2-454d-b4b8-c3d7e54d77de}": {
 				"install_url": "https://addons.mozilla.org/firefox/downloads/latest/igplus-extension/latest.xpi",
 				"installation_mode": "normal_installed"

etc/init-browser-policies.bash

@@ -11,6 +11,7 @@ fi
 
 # Firefox and LibreWolf (caution! https://codeberg.org/librewolf/issues/issues/1767)
 mkdir -vp /etc/firefox/policies
+setfacl --recursive --modify=u:root:rwX,o:rX /etc/firefox/policies
 chmod -v a+rx /etc/firefox/
 chmod -v a+rx /etc/firefox/policies/
 touch /etc/firefox/policies/policies.json
@@ -26,29 +27,39 @@ printf "WARNING! LibreWolf default profile may be masked!\nhttps://codeberg.org/
 #    existing.
 
 # Firefox ESR
-ln -fnsv /etc/firefox /etc/firefox-esr
+ln -nsfv /etc/firefox /etc/firefox-esr
 
 # Chromium
 mkdir -vp /etc/opt/chromium/policies/{managed,recommended}
+setfacl --recursive --modify=u:root:rwX,o:rX /etc/firefox/policies
 chmod -v a+rx /etc/opt/chromium/policies/
 chmod -v a+rx /etc/opt/chromium/policies/{managed,recommended}/
 
 # Brave
 mkdir -p /etc/brave
-ln -fnsv /etc/opt/chromium/policies /etc/brave/policies
+setfacl --recursive --modify=u:root:rwX,o:rX /etc/brave
+ln -nsfv /etc/opt/chromium/policies /etc/brave/policies
 
 # Vivaldi
 mkdir -p /etc/chromium
-ln -fnsv /etc/opt/chromium/policies /etc/chromium/policies
+setfacl --recursive --modify=u:root:rwX,o:rX /etc/chromium
+ln -nsfv /etc/opt/chromium/policies /etc/chromium/policies
 
 # Google Chrome
 mkdir -p /etc/opt/chrome
-ln -fnsv /etc/opt/chromium/policies /etc/opt/chrome/policies
+setfacl --recursive --modify=u:root:rwX,o:rX /etc/opt/chrome
+ln -nsfv /etc/opt/chromium/policies /etc/opt/chrome/policies
+
+# Naggig suspicion of another Google Chrome
+mkdir -p /etc/chrome
+setfacl --recursive --modify=u:root:rwX,o:rX /etc/chrome
+ln -nsfv /etc/opt/chromium/policies /etc/chrome/policies
 
 # Microsoft Edge
 # I used to have a separate policy for it so remember to remove this manually
 # if it exists!
 mkdir -p /etc/opt/edge
-ln -fnsv /etc/opt/chromium/policies /etc/opt/edge/policies
+setfacl --recursive --modify=u:root:rwX,o:rX /etc/opt/edge
+ln -nsfv /etc/opt/chromium/policies /etc/opt/edge/policies
 
 set +x

etc/opt/chromium/policies/managed/aminda-extensions.json

@@ -115,6 +115,12 @@
 			"toolbar_pin": "force_pinned",
 			"update_url": "https://clients2.google.com/service/update2/crx"
 		},
+		"cdnapgfjopgaggbmfgbiinmmbdcglnam": {
+			"installation_mode": "normal_installed",
+			"override_update_url": true,
+			"toolbar_pin": "force_pinned",
+			"update_url": "https://clients2.google.com/service/update2/crx"
+		},
 		"cimiefiiaegbelhefglklhhakcgmhkai": {
 			"installation_mode": "force_installed",
 			"override_update_url": true,
@@ -133,6 +139,12 @@
 			"toolbar_pin": "force_pinned",
 			"update_url": "https://clients2.google.com/service/update2/crx"
 		},
+		"eimadpbcbfnmbkopoojfekhnkhdbieeh": {
+			"installation_mode": "normal_installed",
+			"override_update_url": true,
+			"toolbar_pin": "force_pinned",
+			"update_url": "https://clients2.google.com/service/update2/crx"
+		},
 		"fllaojicojecljbmefodhfapmkghcbnh": {
 			"installation_mode": "force_installed",
 			"override_update_url": true,

etc/opt/chromium/policies/managed/aminda-extensions.tsv

@@ -21,3 +21,5 @@ nngceckbapebfimnlniiiahkandclblb	Bitwarden
 obpoeflheeknapimliioeoefbfaakefn	Regrets Reporter	
 odfafepnkmbhccpbejgmiehpchacaeak	uBlock Origin	
 pkehgijcmpdhfbdbbnkijodmdjhbjlgp	PrivacyBadger	
+cdnapgfjopgaggbmfgbiinmmbdcglnam	Open Dyslexic for Chrome
+eimadpbcbfnmbkopoojfekhnkhdbieeh	Dark Reader

etc/systemd/oomd.conf.d/20-oomd.conf

@@ -0,0 +1,11 @@
+[OOM]
+# Default values from ../oomd.conf during systemd 255 (255.10-1.fc40),
+# but remember to read man oomd.conf
+#SwapUsedLimit=90%
+DefaultMemoryPressureLimit=60%
+DefaultMemoryPressureDurationSec=30s
+# I question 90 % being enough and healthy battery charging also uses 80 %,
+# so let's try this since I prioritise not freezing over max utilization.
+SwapUsedLimit=80%
+#DefaultMemoryPressureLimit=
+#DefaultMemoryPressureDurationSec=

etc/systemd/resolved.conf.d/00-defaults.conf

@@ -9,8 +9,7 @@ DNSSEC=true
 # Take the risk of downgrade attacks. Web browser policies enforce
 # DNS-over-HTTPS anyway due to Encrypted Client Hello (ECH) still requiring
 # it.
-#DNSOverTLS=opportunistic
-DNSOverTLS=true
+DNSOverTLS=opportunistic
 Cache=true
 # Consider local DNS servers if they exist.
 DNS=

etc/systemd/resolved.conf.d/10-dot-443.conf

@@ -2,6 +2,6 @@
 # OK, this is not 443, but it bothers me to not have both ports used.
 DNS=[2a02:1b8:10:234::2]:853#dot1.applied-privacy.net 146.255.56.98:853#dot1.applied-privacy.net
 DNS=[2a02:1b8:10:234::2]:443#dot1.applied-privacy.net 146.255.56.98:443#dot1.applied-privacy.net
-#DNSOverTLS=true
+DNSOverTLS=true
 
 # vim: filetype=systemd

etc/systemd/resolved.conf.d/10-dot-adguard.conf

@@ -1,6 +1,6 @@
 [Resolve]
 DNS=94.140.14.14#dns.adguard.com 94.140.15.15#dns.adguard.com 2a10:50c0::ad1:ff#dns.adguard.com 2a10:50c0::ad2:ff#dns.adguard.com
 #DNS=94.140.14.140#unfiltered.adguard-dns.com 94.140.14.141#unfiltered.adguard-dns.com DNS=2a10:50c0::1:ff#unfiltered.adguard-dns.com 2a10:50c0::2:ff#unfiltered.adguard-dns.com
-#DNSOverTLS=true
+DNSOverTLS=true
 
 # vim: filetype=systemd

etc/systemd/resolved.conf.d/10-dot-cloudflare.conf

@@ -3,6 +3,6 @@
 #DNS=2606:4700:4700::1111#cloudflare-dns.com 1.0.0.1#cloudflare-dns.com 2606:4700:4700::1001#cloudflare-dns.com 1.1.1.1#cloudflare-dns.com 2606:4700:4700::1111#one.one.one.one 1.1.1.1#one.one.one.one 1.0.0.1#one.one.one.one  2606:4700:4700::1001#one.one.one.one
 # Malicious domain filtering
 DNS=2606:4700:4700::1112#security.cloudflare-dns.com 2606:4700:4700::1002#security.cloudflare-dns.com 1.1.1.2#security.cloudflare-dns.com 1.0.0.2#security.cloudflare-dns.com
-#DNSOverTLS=true
+DNSOverTLS=true
 
 # vim: filetype=systemd

etc/systemd/resolved.conf.d/10-dot-dns0.conf

@@ -3,6 +3,6 @@ DNS=193.110.81.0#dns0.eu 185.253.5.0#dns0.eu 2a0f:fc80::#dns0.eu 2a0f:fc81::#dns
 #DNS=193.110.81.1#kids.dns0.eu 185.253.5.1#kids.dns0.eu 2a0f:fc80::1#kids.dns0.eu 2a0f:fc81::1#kids.dns0.eu
 #DNS=193.110.81.254#open.dns0.eu 185.253.5.254#open.dns0.eu 2a0f:fc80::ffff#open.dns0.eu 2a0f:fc81::ffff#open.dns0.eu
 #DNS=193.110.81.9#zero.dns0.eu 185.253.5.9#zero.dns0.eu 2a0f:fc80::9#zero.dns0.eu 2a0f:fc81::9#zero.dns0.eu
-#DNSOverTLS=true
+DNSOverTLS=true
 
 # vim: filetype=systemd

etc/systemd/resolved.conf.d/10-dot-mullvad.conf

@@ -4,6 +4,6 @@
 DNS=2a07:e340::4#base.dns.mullvad.net 194.242.2.4#base.dns.mullvad.net
 #DNS=2a07:e340::5#extended.dns.mullvad.net 194.242.2.5#extended.dns.mullvad.net
 #DNS=2a07:e340::9#all.dns.mullvad.net 194.242.2.9#all.dns.mullvad.net
-#DNSOverTLS=true
+DNSOverTLS=true
 
 # vim: filetype=systemd

etc/systemd/resolved.conf.d/10-dot-quad9.conf

@@ -3,17 +3,17 @@
 # encryption, but host a Quad9 node and giving these addresses instead.
 [Resolve]
 # Secure
-DNS=2620:fe::9#dns.quad9.net 2620:fe::fe#dns.quad9.net [2620:fe::9]:8853#dns.quad9.net [2620:fe::fe]:8853#dns.quad9.net
-DNS=149.112.112.112#dns.quad9.net 9.9.9.9#dns.quad9.net 149.112.112.112:8853#dns.quad9.net 9.9.9.9:8853#dns.quad9.net
+#DNS=2620:fe::9#dns.quad9.net 2620:fe::fe#dns.quad9.net [2620:fe::9]:8853#dns.quad9.net [2620:fe::fe]:8853#dns.quad9.net
+#DNS=149.112.112.112#dns.quad9.net 9.9.9.9#dns.quad9.net 149.112.112.112:8853#dns.quad9.net 9.9.9.9:8853#dns.quad9.net
 # No Threat Blocking
 #DNS=2620:fe::10#dns10.quad9.net 2620:fe::fe:10#dns10.quad9.net [2620:fe::10]:8853#dns10.quad9.net [2620:fe::fe:10]:8853#dns10.quad9.net
 #DNS=149.112.112.10#dns10.quad9.net 9.9.9.10#dns10.quad9.net 149.112.112.10:8853#dns10.quad9.net 9.9.9.10:8853#dns10.quad9.net
-# Secure + ECS
-#DNS=2620:fe::11#dns11.quad9.net 2620:fe::fe:11#dns11.quad9.net [2620:fe::11]:8853#dns11.quad9.net [2620:fe::fe:11]:8853#dns11.quad9.net
-#DNS=149.112.112.11#dns11.quad9.net 9.9.9.11#dns11.quad9.net 149.112.112.11:8853#dns11.quad9.net 9.9.9.11:8853#dns11.quad9.net
+# Secure + ECS. IPv4 first so it gets preferred as my Unbound likely prefers IPv6 anyway.
+DNS=149.112.112.11#dns11.quad9.net 9.9.9.11#dns11.quad9.net 149.112.112.11:8853#dns11.quad9.net 9.9.9.11:8853#dns11.quad9.net
+DNS=2620:fe::11#dns11.quad9.net 2620:fe::fe:11#dns11.quad9.net [2620:fe::11]:8853#dns11.quad9.net [2620:fe::fe:11]:8853#dns11.quad9.net
 # No Threat Blocking + ECS
 #DNS=2620:fe::12#dns12.quad9.net 2620:fe::fe:12#dns12.quad9.net [2620:fe::12]:8853#dns12.quad9.net [2620:fe::fe:12]:8853#dns12.quad9.net
 #DNS=9.9.9.12#dns12.quad9.net 149.112.112.12#dns12.quad9.net 9.9.9.12:8853#dns12.quad9.net 149.112.112.12:8853#dns12.quad9.net
-#DNSOverTLS=true
+DNSOverTLS=true
 
 # vim: filetype=systemd

etc/systemd/resolved.conf.d/99-lan-resolver.conf.sample

@@ -8,5 +8,5 @@
 #DNS=192.168.8.1
 # Mikrotik
 #DNS=192.168.88.1
-
+DNSSEC=true
 # vim: filetype=systemd

etc/systemd/system/aminda-nocron-reboot.service

@@ -38,8 +38,9 @@ ExecStart=-/usr/bin/systemctl enable --now sshguard.service
 ExecStart=-/usr/bin/systemctl enable --now unbound.service
 ExecStart=-/usr/bin/systemctl enable --now chrony.service
 ExecStart=-/usr/bin/systemctl enable --now chronyd.service
+ExecStart=-/usr/bin/systemctl enable --now systemd-oomd.service systemd-oomd.socket
 ExecStart=-/bin/chown -R root:${LINUXBREWGROUP} /home/linuxbrew -R
-ExecStart=-/bin/setfacl -R -m g:${LINUXBREWGROUP}:rwx,o:rx /home/linuxbrew
+ExecStart=-/bin/setfacl -R -m g:${LINUXBREWGROUP}:rwX,o:rX /home/linuxbrew
 User=root
 StandardOutput=journal
 StandardError=journal

etc/systemd/system/app.slice.d/90-cpuquota.conf

@@ -0,0 +1,10 @@
+# This file is intended to restrict all apps to 180 % CPU of dualcore, in
+# hopes of preventing system freezing to that. Memory is handled by
+# systemd-oomd.
+[Slice]
+CPUAccounting=true
+#CPUQuota=180%
+# I don't enjoy the sound of fans screaming and I like responsiveness for
+# commands to kill processes locking the system.
+CPUQuota=90%
+# vim: filetype=systemd

etc/unbound/unbound.conf.d/dot-quad9.conf

@@ -17,14 +17,14 @@ forward-zone:
 	name: "."
 	forward-tls-upstream: yes
 	## Secure
-	forward-addr: 2620:fe::fe@853#dns.quad9.net
-	forward-addr: 2620:fe::fe@8853#dns.quad9.net
-	forward-addr: 2620:fe::9@853#dns.quad9.net
-	forward-addr: 2620:fe::9@8853#dns.quad9.net
-	forward-addr: 9.9.9.9@853#dns.quad9.net
-	forward-addr: 9.9.9.9@8853#dns.quad9.net
-	forward-addr: 149.112.112.112@853#dns.quad9.net
-	forward-addr: 149.112.112.112@8853#dns.quad9.net
+	#forward-addr: 2620:fe::fe@853#dns.quad9.net
+	#forward-addr: 2620:fe::fe@8853#dns.quad9.net
+	#forward-addr: 2620:fe::9@853#dns.quad9.net
+	#forward-addr: 2620:fe::9@8853#dns.quad9.net
+	#forward-addr: 9.9.9.9@853#dns.quad9.net
+	#forward-addr: 9.9.9.9@8853#dns.quad9.net
+	#forward-addr: 149.112.112.112@853#dns.quad9.net
+	#forward-addr: 149.112.112.112@8853#dns.quad9.net
 	## No Threat Blocking
 	#forward-addr: 2620:fe::fe:10@853#dns10.quad9.net
 	#forward-addr: 2620:fe::fe:10@8853#dns10.quad9.net
@@ -35,14 +35,14 @@ forward-zone:
 	#forward-addr: 9.9.9.10@853#dns10.quad9.net
 	#forward-addr: 9.9.9.10@8853#dns10.quad9.net
 	## Secure + ECS
-	#forward-addr: 2620:fe::fe:11@853#dns11.quad9.net
-	#forward-addr: 2620:fe::fe:11@8853#dns11.quad9.net
-	#forward-addr: 9.9.9.11@853#dns11.quad9.net
-	#forward-addr: 9.9.9.11@8853#dns11.quad9.net
-	#forward-addr: 2620:fe::11@853#dns11.quad9.net
-	#forward-addr: 2620:fe::11@8853#dns11.quad9.net
-	#forward-addr: 149.112.112.11@853#dns11.quad9.net
-	#forward-addr: 149.112.112.11@8853#dns11.quad9.net
+	forward-addr: 2620:fe::fe:11@853#dns11.quad9.net
+	forward-addr: 2620:fe::fe:11@8853#dns11.quad9.net
+	forward-addr: 9.9.9.11@853#dns11.quad9.net
+	forward-addr: 9.9.9.11@8853#dns11.quad9.net
+	forward-addr: 2620:fe::11@853#dns11.quad9.net
+	forward-addr: 2620:fe::11@8853#dns11.quad9.net
+	forward-addr: 149.112.112.11@853#dns11.quad9.net
+	forward-addr: 149.112.112.11@8853#dns11.quad9.net
 	## No Threat Blocking + ECS
 	#forward-addr: 2620:fe::fe:12@853#dns12.quad9.net
 	#forward-addr: 2620:fe::fe:12@8853#dns12.quad9.net

etc/xdg/autostart/kgx-tmux.desktop

@@ -3,7 +3,7 @@ Version=1.0
 Type=Application
 NoDisplay=true
 Terminal=true
-Exec=kgx --command="sh --norc -c tmux"
+Exec=kgx --command="bash --norc -c tmux"
 Name=Tmux in Console
 Name[fi]=Tmux Consolessa
 Comment=Command line autostart

install

@@ -1,59 +1,100 @@
 #!/usr/bin/env bash
-# Do not use this script unless you know what you are doing!
+# Do not use this script unless you know what you are doing! Even then this
+# script isn't that much above `curl | bash`ing
 set -x
 
+# If my allowed_signers are present, use them, if not, clone them, and try
+# again. The gitconfig expects them here.
 if [ -d ~/src/gitea.blesmrt.net/Mikaela/ssh-allowed_signers ]; then
 	git verify-commit HEAD || exit 1
 	sleep 3
 else
 	echo "Keys not found, cloning..."
+	# -vp - verbose, parent. This comment won't be repeated.
 	mkdir -vp ~/src/gitea.blesmrt.net/Mikaela/
 	git clone https://gitea.blesmrt.net/Mikaela/ssh-allowed_signers.git ~/src/gitea.blesmrt.net/Mikaela/ssh-allowed_signers
+	git verify-commit HEAD || exit 1
+	sleep 3
 fi
 
+# marker that I have ran the other script that runs things like installing
+# my public keys as authorized. See bottom of this script.
 export MIKAELA_GREP=$HOME/.MIKAELA_GREP
 
+# catting the files around, cat used in hopes of not touching permissions
 cat rc/bashrc > ~/.bashrc
 cat conf/tmux.conf > ~/.tmux.conf
 cat rc/zshrc > ~/.zshrc
 cat rc/profile > ~/.profile
+
+# Git config, legacy support for old location as well.
+# The other script appends sourced file, so if thou aren't I, thou should
+# consider it as well; `git config --global --add include.path '~/yourgitconfig'`
 mkdir -vp ~/.config/git
 cat conf/gitconfig > ~/.config/git/config
 touch ~/.gitconfig
 rm ~/.gitconfig
 ln -nsfv ~/.config/git/config ~/.gitconfig
+# Used for `git init` and `git clone`, will contain pre-commit hooks
 mkdir -vp ~/.git-template
+
+# {n,neo}vim
 cat rc/vimrc > ~/.vimrc
 mkdir -vp ~/.config/nvim/
 cat conf/init.vim > ~/.config/nvim/init.vim
 cat conf/makepkg.conf > ~/.makepkg.conf
+
+# the media player
 mkdir -vp ~/.config/mpv/
 cat conf/mpv.conf > ~/.config/mpv/mpv.conf
+
+# if I am performing ident spoofing already, I don't want to touch it
 if [ ! -f ~/.oidentd.conf ]; then
 	cat conf/oidentd.conf > ~/.oidentd.conf
 fi
+
+# In addition to git, my gnupg configuration should be questioned
 mkdir -vp ~/.gnupg
 cat gpg/gpg.conf > ~/.gnupg/gpg.conf
 cat gpg/gpg-agent.conf > ~/.gnupg/gpg-agent.conf
 cat gpg/dirmngr.conf > ~/.gnupg/dirmngr.conf
+# Issues with GPG? SIGHUP dirmngr
 killall -HUP dirmngr
+
+# I don't remember using these in ages and I don't think they apply to
+# wayland
 #cat rc/xinitrc > ~/.xinitrc
 cat conf/pastebinit.xml > ~/.pastebinit.xml
 cat conf/Xresources > ~/.Xresources
+
+# Nice sysinfo script
 mkdir -vp ~/.inxi
 cat conf/inxi.conf > ~/.inxi/inxi.conf
+
+# laziness
 gpg --quiet --import .mikaela/keys/*.asc &
+
+# Utilized by my ssh_config (not to be confused with sshd_config)
 mkdir -vp ~/.ssh/sockets/
+
+# It will get used later
 mkdir -vp ~/.local/bin/
+
+# Setting permissions
 chmod a+xr chmod
 bash -x ./chmod &
+
+# The submodules contain nice things such as fonts
 git submodule update --init &
 
+# Aforementioned git template directory and pre-commit
 if hash pre-commit 2> /dev/null; then
 	pre-commit init-templatedir ~/.git-template
 	pre-commit gc
 fi
 
+# If symlinks are installed, remove dead/dangling ones from ~/.local/bin
+# so corepack won't get confused if those are present
 if hash symlinks 2> /dev/null; then
 	symlinks -d ~/.local/bin/
 else
@@ -61,29 +102,50 @@ else
 	sleep 3
 fi
 
+# node package manager manager
 if hash corepack 2> /dev/null; then
+	# Will install symlinks for pnpm, yarn, etc., but not npm unless
+	# explicitly requested as below
 	corepack enable --install-directory ~/.local/bin/
 	corepack enable npm --install-directory ~/.local/bin/
+	# pnpm can utilize the same packagemanager field as corepack, even when
+	# used alone
+	corepack pnpm config set manage-package-manager-versions=true
+elif hash pnpm 2> /dev/null; then
+	# see above which is more relevant in this case
+	pnpm config set manage-package-manager-versions=true
 else
 	echo "WARNING! corepack is not installed."
 	sleep 3
 fi
 
+# If running as root, which I am doing regardless of not being supposed to,
 if [ "$(id -u)" == "0" ]; then
+	# Enables laziness on checking whether or not apt is installed
 	mkdir -vp /etc/apt/apt.conf.d/
+	# Enables progress bar and colours for apt/dpkg, which are helpful at
+	# times when guesstimating when will things happen
 	echo 'Dpkg::Progress-Fancy "1";' > /etc/apt/apt.conf.d/99progressbar
 	echo 'APT::Color "1";' > /etc/apt/apt.conf.d/99color
+
+	# If some locate variant is installed, now is a great time to ensure its
+	# database is up-to-date. This may also enable automated database
+	# updates.
 	if hash updatedb 2> /dev/null; then
 		(updatedb &)
 	fi
 fi
 
+# If the previously mentioned marker is present, include the even more
+# questionable script (yay!) into our current execution
 if [ -f "$MIKAELA_GREP" ]; then
-	bash -x .mikaela_install
+	. .mikaela_install
 fi
 
+# If git-lfs is installed, configure git with it, otherwise this will just
+# error in forked background process which will no longer hurt the current
+# execution.
 (git lfs install | true &)
 
 set +x
-# vim : set ft=sh :
-#chmod 700 $HOME -R
+# vim : set ft=bash :

local/share/applications/a-chromium.desktop

@@ -0,0 +1,24 @@
+[Desktop Entry]
+Version=1.0
+Name=CHROMIUM
+Exec=/usr/bin/env chromium %U
+Terminal=false
+X-MultipleArgs=false
+Type=Application
+Icon=chromium-browser
+Categories=Network;WebBrowser;
+MimeType=application/pdf;application/rdf+xml;application/rss+xml;application/xhtml+xml;application/xhtml_xml;application/xml;image/gif;image/jpeg;image/png;image/webp;text/html;text/xml;x-scheme-handler/http;x-scheme-handler/https;
+StartupWMClass=Chromium-browser
+Keywords=web;browser;internet;
+Actions=new-window;new-private-window;
+X-Desktop-File-Install-Version=0.26
+
+[Desktop Action new-window]
+Name=Open a New Window
+Name[fi]=Uusi ikkuna
+Exec=chromium %U
+
+[Desktop Action new-private-window]
+Name=Open a New Private Window
+Name[fi]=Uusi yksityinen ikkuna
+Exec=chromium --incognito %U

local/share/dark-mode.d/10-adwaita-breeze-dark.bash

@@ -6,11 +6,13 @@
 
 # GTK Theme
 gsettings set org.gnome.desktop.interface color-scheme 'prefer-dark'
-gsettings set org.gnome.desktop.interface gtk-theme Adwaita
-dbus-send --session --dest=org.kde.GtkConfig --type=method_call /GtkConfig org.kde.GtkConfig.setGtkTheme "string:Adwaita"
-
+#gsettings set org.gnome.desktop.interface gtk-theme Adwaita
+#dbus-send --session --dest=org.kde.GtkConfig --type=method_call /GtkConfig org.kde.GtkConfig.setGtkTheme "string:Adwaita"
+gsettings set org.gnome.desktop.interface gtk-theme Breeze-Dark
+dbus-send --session --dest=org.kde.GtkConfig --type=method_call /GtkConfig org.kde.GtkConfig.setGtkTheme "string:Breeze-Dark"
 # Xfce theme?e
-xfconf-query --channel xsettings --create --type string --property /Net/ThemeName --set Adwaita
+#xfconf-query --channel xsettings --create --type string --property /Net/ThemeName --set Adwaita
+xfconf-query --channel xsettings --create --type string --property /Net/ThemeName --set Breeze-Dark
 
 # Plasma
 lookandfeeltool --platform offscreen --apply "org.kde.breezedark.desktop"

local/share/fonts/.gitignore

@@ -1,9 +1,7 @@
 OpenDyslexic
 ComicShanns
-librebaskerville
-arimo
-carlito
-tinos
 ComicNeue
 ComicNeue-Angular
 SeriousSans
+texlive-opentype
+texlive-truetype

local/share/fonts/arimo

@@ -1 +0,0 @@
-/usr/share/texlive/texmf-dist/fonts/truetype/google/arimo

local/share/fonts/carlito

@@ -1 +0,0 @@
-/usr/share/texlive/texmf-dist/fonts/truetype/google/carlito

local/share/fonts/librebaskerville

@@ -1 +0,0 @@
-/usr/share/texlive/texmf-dist/fonts/truetype/impallari/librebaskerville/

local/share/fonts/texlive-opentype

@@ -0,0 +1 @@
+/usr/share/texlive/texmf-dist/fonts/opentype/

local/share/fonts/texlive-truetype

@@ -0,0 +1 @@
+/usr/share/texlive/texmf-dist/fonts/truetype/

local/share/fonts/tinos

@@ -1 +0,0 @@
-/usr/share/texlive/texmf-dist/fonts/truetype/google/tinos

package.json

@@ -2,6 +2,6 @@
 	"devDependencies": {
 		"@aminda/global-prettier-config": "2024.28.4"
 	},
-	"packageManager": "pnpm@9.6.0+sha512.38dc6fba8dba35b39340b9700112c2fe1e12f10b17134715a4aa98ccf7bb035e76fd981cf0bb384dfa98f8d6af5481c2bef2f4266a24bfa20c34eb7147ce0b5e",
+	"packageManager": "pnpm@9.7.0+sha512.dc09430156b427f5ecfc79888899e1c39d2d690f004be70e05230b72cb173d96839587545d09429b55ac3c429c801b4dc3c0e002f653830a420fa2dd4e3cf9cf",
 	"prettier": "@aminda/global-prettier-config"
 }

rc/bashrc

@@ -97,13 +97,9 @@ case "$TERM" in
 	*) ;;
 esac
 
-# enable color support of ls and also add handy aliases
 if hash dircolors 2> /dev/null; then
 	#test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)"
 	eval $(dircolors --bourne-shell)
-	alias ls='ls --color=auto'
-	alias dir='dir --color=auto'
-	alias vdir='vdir --color=auto'
 fi
 alias grep='grep --color=auto'
 alias fgrep='grep -F --color=auto'
@@ -138,8 +134,12 @@ fi
 if hash lsb_release 2> /dev/null; then
 	(
 		export LC_ALL="en_DK.UTF-8"
-		hostname --all-fqdns &
-		hostname --all-ip-addresses
+		if hash hostname 2> /dev/null; then
+			hostname --all-fqdns &
+			hostname --all-ip-addresses &
+		elif hash hostnamectl 2> /dev/null; then
+			hostnamectl hostname &
+		fi
 		printf "\n"
 		printf "$(uptime --pretty)\t$(uptime)\n"
 		printf "\nPresent:\n"
@@ -255,11 +255,8 @@ else
 fi
 
 # OS X ls colours (copied from https://apple.stackexchange.com/questions/33677/
-export CLICOLOR=1
-export LSCOLORS=gxBxhxDxfxhxhxhxhxcxcx
-
-# znc uses this variable for figuring out hostname
-#export HOSTNAME=$(hostname --fqdn)
+#export CLICOLOR=1
+#export LSCOLORS=gxBxhxDxfxhxhxhxhxcxcx
 
 # Ensure not leaking queries to upstream nameservers (resolv.conf)
 export LOCALDOMAIN=.
@@ -560,8 +557,9 @@ alias connman-wlans='grep -E "Name|Passphrase" /var/lib/connman/wifi*/settings -
 alias lowernocolon="tr -d ':' | tr 'A-Z' 'a-z'"
 
 # I don't want to reinstall exact same versions that I have
-alias pacman="LANG=en pacman --needed"
-#fi
+if hash pacman 2> /dev/null; then
+	alias pacman="LANG=en_DK.UTF-8 pacman --needed"
+fi
 
 # Sailfish Network status, via IRC
 alias sailfish-nstatus='dbus-send --system --type=method_call --print-reply --dest=net.connman / net.connman.Manager.GetServices|less'
@@ -653,6 +651,10 @@ alias journalfu="journalctl --utc --no-hostname --follow"
 alias journalb="journalctl --no-hostname --boot"
 alias journalbu="journalctl --utc --no-hostname --boot"
 
+# To complement my nordvpn-off wrapper
+alias nordvpn-offf="sudo systemctl stop nordvpnd.service;sudo systemctl stop nordvpnd.socket"
+alias nordvpn-off2=nordvpn-offf
+
 # Allow custom aliases to be put in .aliases or .bash_aliases .
 
 # .aliases
@@ -926,6 +928,28 @@ adduser-to-group() {
 	usermod -aG "$2" "$1"
 }
 
+# Lazyish ACL aware ls
+unalias ls > /dev/null 2>&1
+ls() {
+	env ls --all --color=auto --human-readable "$@"
+	if hash getfacl 2> /dev/null; then
+		if [[ -d "$@" || -f "$@" ]]; then
+			printf "\n"
+			getfacl --absolute-names --skip-base "$@"
+		fi
+	fi
+}
+unalias ll > /dev/null 2>&1
+ll() {
+	env ls -l --all --color=auto --human-readable "$@"
+	if hash getfacl 2> /dev/null; then
+		if [[ -d "$@" || -f "$@" ]]; then
+			printf "\n"
+			getfacl --absolute-names --skip-base "$@"
+		fi
+	fi
+}
+
 # Source files for miscannellious modifications.
 
 # acme.sh

rc/zshrc

@@ -31,8 +31,12 @@ fi
 if hash lsb_release 2> /dev/null; then
 	(
 		export LC_ALL="en_DK.UTF-8"
-		hostname --all-fqdns &
-		hostname --all-ip-addresses
+		if hash hostname 2> /dev/null; then
+			hostname --all-fqdns &
+			hostname --all-ip-addresses &
+		elif hash hostnamectl 2> /dev/null; then
+			hostnamectl hostname &
+		fi
 		printf "\n"
 		printf "$(uptime --pretty)\t$(uptime)\n"
 		printf "\nPresent:\n"
@@ -132,6 +136,9 @@ zstyle ':completion:*:kill:*' command 'ps -u $USER -o pid,%cpu,tty,cputime,cmd'
 
 if hash dircolors 2> /dev/null; then
 	eval $(dircolors --bourne-shell)
+	#alias ls='ls --color=auto'
+	#alias dir='dir --color=auto'
+	#alias vdir='vdir --color=auto'
 fi
 
 #####	Environment					7RS56S	#####
@@ -209,11 +216,8 @@ fi
 #fi
 
 # OS X ls colours (copied from https://apple.stackexchange.com/questions/33677/
-export CLICOLOR=1
-export LSCOLORS=gxBxhxDxfxhxhxhxhxcxcx
-
-# znc uses this variable for figuring out hostname
-#export HOSTNAME=$(hostname --fqdn)
+#export CLICOLOR=1
+#export LSCOLORS=gxBxhxDxfxhxhxhxhxcxcx
 
 # Ensure not leaking queries to upstream nameservers (resolv.conf)
 export LOCALDOMAIN=.
@@ -349,9 +353,9 @@ alias theme="prompt "
 
 ## -- Start of aliases which are saved from Ubuntu default bashrc. --
 
-alias ls='ls --color=auto'
-alias dir='dir --color=auto'
-alias vdir='vdir --color=auto'
+#alias ls='ls --color=auto'
+#alias dir='dir --color=auto'
+#alias vdir='vdir --color=auto'
 
 alias grep='grep --color=auto'
 alias fgrep='fgrep -F --color=auto'
@@ -539,8 +543,9 @@ alias connman-wlans='grep -E "Name|Passphrase" /var/lib/connman/wifi*/settings -
 alias lowernocolon="tr -d ':' | tr 'A-Z' 'a-z'"
 
 # I don't want to reinstall exact same versions that I have
-alias pacman="LANG=en pacman --needed"
-#fi
+if hash pacman 2> /dev/null; then
+	alias pacman="LANG=en_DK.UTF-8 pacman --needed"
+fi
 
 # Sailfish Network status, via IRC
 alias sailfish-nstatus='dbus-send --system --type=method_call --print-reply --dest=net.connman / net.connman.Manager.GetServices|less'
@@ -632,6 +637,10 @@ alias journalfu="journalctl --utc --no-hostname --follow"
 alias journalb="journalctl --no-hostname --boot"
 alias journalbu="journalctl --utc --no-hostname --boot"
 
+# To complement my nordvpn-off wrapper
+alias nordvpn-offf="sudo systemctl stop nordvpnd.service;sudo systemctl stop nordvpnd.socket"
+alias nordvpn-off2=nordvpn-offf
+
 # Allow custom aliases to be put in .aliases or .zsh_aliases .
 
 # .aliases
@@ -905,6 +914,28 @@ adduser-to-group() {
 	usermod -aG "$2" "$1"
 }
 
+# Lazyish ACL aware ls
+unalias ls > /dev/null 2>&1
+ls() {
+	env ls --all --color=auto --human-readable "$@"
+	if hash getfacl 2> /dev/null; then
+		if [[ -d "$@" || -f "$@" ]]; then
+			printf "\n"
+			getfacl --absolute-names --skip-base "$@"
+		fi
+	fi
+}
+unalias ll > /dev/null 2>&1
+ll() {
+	env ls -l --all --color=auto --human-readable "$@"
+	if hash getfacl 2> /dev/null; then
+		if [[ -d "$@" || -f "$@" ]]; then
+			printf "\n"
+			getfacl --absolute-names --skip-base "$@"
+		fi
+	fi
+}
+
 # Source files for miscannellious modifications.
 
 # acme.sh