From: Christian Heller <c.heller@plomlompom.de> Date: Mon, 24 Feb 2025 20:12:52 +0000 (+0100) Subject: Move old stuff into archived/, maybe delete later. X-Git-Url: https://plomlompom.com/repos/%22https:/validator.w3.org/%7B%7Bdb.prefix%7D%7D/bar%20baz.html?a=commitdiff_plain;p=config Move old stuff into archived/, maybe delete later. --- diff --git a/all_new_2018/apt-mark/all b/all_new_2018/apt-mark/all deleted file mode 100644 index f748f3b..0000000 --- a/all_new_2018/apt-mark/all +++ /dev/null @@ -1,9 +0,0 @@ -# connectivity: ifupdown seems necessary everyhwere, isc-dhcp-client -# unpredictably so -ifupdown -isc-dhcp-client -# git for the setup directory; cloning works with ca-certificates -ca-certificates -git -# to avoid constant warnings about no locale being found -locales diff --git a/all_new_2018/apt-mark/server b/all_new_2018/apt-mark/server deleted file mode 100644 index 4f7fc5d..0000000 --- a/all_new_2018/apt-mark/server +++ /dev/null @@ -1,7 +0,0 @@ -# needed to log in to server via ssh -openssh-server -# provides /etc/inputrc and understanding of ctrl+arrow key combos -readline-common -# provides systemd scripts that configure iptables via /etc/iptables/* -iptables-persistent -# this line is here because the shell "read" in install_for_target.sh ignores lines without final newline \ No newline at end of file diff --git a/all_new_2018/borg.sh b/all_new_2018/borg.sh deleted file mode 100755 index 18321b1..0000000 --- a/all_new_2018/borg.sh +++ /dev/null @@ -1,145 +0,0 @@ -#!/bin/sh -set -e - -standard_repo="borg" -config_file="${HOME}/.borgrepos" - -usage() { - echo "Need operation as argument, one of:" - echo "init" - echo "store" - echo "check" - echo "export_keyfiles" - echo "orgpush" - echo "orgpull" - false -} - -read_pw() { - if [ "${#SSH_AGENT_PID}" -eq 0 ]; then - eval $(ssh-agent) - echo "ssh-add" - stty -echo - ssh-add - stty echo - fi - if [ "${#BORG_PASSPHRASE}" -eq 0 ]; then - stty -echo - printf "Borg passphrase: " - read password - stty echo - printf "\n" - export BORG_PASSPHRASE="${password}" - fi -} - -if [ ! -f "${config_file}" ]; then - echo '# file read ends at last newline' >> "${config_file}" -fi -if [ "$#" -lt 1 ]; then - usage -fi -first_arg="$1" -shift -if [ "${first_arg}" = "init" ]; then - if [ ! "$#" -eq 1 ]; then - echo "Need exactly one argument: target of form user@server" - false - fi - target="$1" - echo "Initializing: ${target}" - borg init --verbose --encryption=keyfile "${target}:${standard_repo}" - tmp_file="/tmp/new_borgrepos" - echo "${target}" > "${tmp_file}" - cat "${config_file}" >> "${tmp_file}" - cp "${tmp_file}" "${config_file}" -elif [ "${first_arg}" = "store" ]; then - if [ ! "$#" -eq 2 ]; then - echo "Need precisely two arguments: archive name and path to archive." - false - fi - archive_name=$1 - shift - to_backup="$@" - read_pw - cat "${config_file}" | while read line; do - first_char=$(echo "${line}" | cut -c1) - if [ "${first_char}" = "#" ]; then - continue - fi - repo="${line}:${standard_repo}" - archive="${repo}::${archive_name}-{utcnow:%Y-%m-%dT%H:%M}" - echo "Creating archive: ${archive}" - borg create --verbose --list "${archive}" "${to_backup}" - done -elif [ "${first_arg}" = "check" ]; then - if [ ! "$#" -eq 0 ]; then - echo "Need no arguments" - false - fi - read_pw - cat "${config_file}" | while read line; do - first_char=$(echo "${line}" | cut -c1) - if [ "${first_char}" = "#" ]; then - continue - fi - repo="${line}:${standard_repo}" - echo "Checking repo: ${repo}" - borg check --verbose "${repo}" - done -elif [ "${first_arg}" = "export_keyfiles" ]; then - if [ ! "$#" -eq 1 ]; then - echo "Need output tar file name." - false - fi - tar_target="${1}" - tmp_dir="${HOME}/.borgtmp" - keyfiles_dir="${tmp_dir}/borg_keyfiles" - mkdir -p "${keyfiles_dir}" - cat "${config_file}" | while read line; do - first_char=$(echo "${line}" | cut -c1) - if [ "${first_char}" = "#" ]; then - continue - fi - repo="${line}:${standard_repo}" - borg key export "${repo}" "${keyfiles_dir}/${line}" - done - cur_dir="$(pwd)" - cd "${tmp_dir}" - target=$(basename "${keyfiles_dir}") - tar cf "${tar_target}" "${target}" - mv "${tar_target}" "${cur_dir}" - cd - rm -rf "${tmp_dir}" -elif [ "${first_arg}" = "orgpush" ]; then - archive_name="orgdir" - to_backup=~/org - read_pw - cat "${config_file}" | while read line; do - first_char=$(echo "${line}" | cut -c1) - if [ "${first_char}" = "#" ]; then - continue - fi - repo="${line}:${standard_repo}" - archive="${repo}::${archive_name}-{utcnow:%Y-%m-%dT%H:%M}" - echo "Creating archive: ${archive}" - borg create --verbose --list "${archive}" "${to_backup}" --exclude ~/org/.git - done -elif [ "${first_arg}" = "orgpull" ]; then - archive_name="orgdir" - read_pw - cd / - cat "${config_file}" | while read line; do - first_char=$(echo "${line}" | cut -c1) - if [ "${first_char}" = "#" ]; then - continue - fi - repo="${line}:${standard_repo}" - archive=$(borg list "${repo}" | grep "${orgdir}" | tail -1 | cut -f1 -d' ') - echo "Pulling archive: ${archive}" - borg extract --verbose "${repo}::${archive}" - break - done -else - usage -fi diff --git a/all_new_2018/linkable_etc_files/all/etc/apt/apt.conf.d/99_minimize_dependencies b/all_new_2018/linkable_etc_files/all/etc/apt/apt.conf.d/99_minimize_dependencies deleted file mode 100644 index 4aaef79..0000000 --- a/all_new_2018/linkable_etc_files/all/etc/apt/apt.conf.d/99_minimize_dependencies +++ /dev/null @@ -1,4 +0,0 @@ -APT::AutoRemove::RecommendsImportant "false"; -APT::AutoRemove::SuggestsImportant "false"; -APT::Install-Recommends "false"; -APT::Install-Suggests "false"; diff --git a/all_new_2018/linkable_etc_files/all/etc/apt/sources.list b/all_new_2018/linkable_etc_files/all/etc/apt/sources.list deleted file mode 100644 index 68064c6..0000000 --- a/all_new_2018/linkable_etc_files/all/etc/apt/sources.list +++ /dev/null @@ -1,4 +0,0 @@ -deb http://deb.debian.org/debian stretch main contrib non-free -deb http://deb.debian.org/debian-security/ stretch/updates main contrib non-free -deb http://deb.debian.org/debian stretch-updates main contrib non-free -deb http://ftp.debian.org/debian stretch-backports main contrib non-free \ No newline at end of file diff --git a/all_new_2018/linkable_etc_files/all/etc/locale.gen b/all_new_2018/linkable_etc_files/all/etc/locale.gen deleted file mode 100644 index a28cfa4..0000000 --- a/all_new_2018/linkable_etc_files/all/etc/locale.gen +++ /dev/null @@ -1,483 +0,0 @@ -# This file lists locales that you wish to have built. You can find a list -# of valid supported locales at /usr/share/i18n/SUPPORTED, and you can add -# user defined locales to /usr/local/share/i18n/SUPPORTED. If you change -# this file, you need to rerun locale-gen. - - -# aa_DJ ISO-8859-1 -# aa_DJ.UTF-8 UTF-8 -# aa_ER UTF-8 -# aa_ER@saaho UTF-8 -# aa_ET UTF-8 -# af_ZA ISO-8859-1 -# af_ZA.UTF-8 UTF-8 -# ak_GH UTF-8 -# am_ET UTF-8 -# an_ES ISO-8859-15 -# an_ES.UTF-8 UTF-8 -# anp_IN UTF-8 -# ar_AE ISO-8859-6 -# ar_AE.UTF-8 UTF-8 -# ar_BH ISO-8859-6 -# ar_BH.UTF-8 UTF-8 -# ar_DZ ISO-8859-6 -# ar_DZ.UTF-8 UTF-8 -# ar_EG ISO-8859-6 -# ar_EG.UTF-8 UTF-8 -# ar_IN UTF-8 -# ar_IQ ISO-8859-6 -# ar_IQ.UTF-8 UTF-8 -# ar_JO ISO-8859-6 -# ar_JO.UTF-8 UTF-8 -# ar_KW ISO-8859-6 -# ar_KW.UTF-8 UTF-8 -# ar_LB ISO-8859-6 -# ar_LB.UTF-8 UTF-8 -# ar_LY ISO-8859-6 -# ar_LY.UTF-8 UTF-8 -# ar_MA ISO-8859-6 -# ar_MA.UTF-8 UTF-8 -# ar_OM ISO-8859-6 -# ar_OM.UTF-8 UTF-8 -# ar_QA ISO-8859-6 -# ar_QA.UTF-8 UTF-8 -# ar_SA ISO-8859-6 -# ar_SA.UTF-8 UTF-8 -# ar_SD ISO-8859-6 -# ar_SD.UTF-8 UTF-8 -# ar_SS UTF-8 -# ar_SY ISO-8859-6 -# ar_SY.UTF-8 UTF-8 -# ar_TN ISO-8859-6 -# ar_TN.UTF-8 UTF-8 -# ar_YE ISO-8859-6 -# ar_YE.UTF-8 UTF-8 -# as_IN UTF-8 -# ast_ES ISO-8859-15 -# ast_ES.UTF-8 UTF-8 -# ayc_PE UTF-8 -# az_AZ UTF-8 -# be_BY CP1251 -# be_BY.UTF-8 UTF-8 -# be_BY@latin UTF-8 -# bem_ZM UTF-8 -# ber_DZ UTF-8 -# ber_MA UTF-8 -# bg_BG CP1251 -# bg_BG.UTF-8 UTF-8 -# bhb_IN.UTF-8 UTF-8 -# bho_IN UTF-8 -# bn_BD UTF-8 -# bn_IN UTF-8 -# bo_CN UTF-8 -# bo_IN UTF-8 -# br_FR ISO-8859-1 -# br_FR.UTF-8 UTF-8 -# br_FR@euro ISO-8859-15 -# brx_IN UTF-8 -# bs_BA ISO-8859-2 -# bs_BA.UTF-8 UTF-8 -# byn_ER UTF-8 -# ca_AD ISO-8859-15 -# ca_AD.UTF-8 UTF-8 -# ca_ES ISO-8859-1 -# ca_ES.UTF-8 UTF-8 -# ca_ES.UTF-8@valencia UTF-8 -# ca_ES@euro ISO-8859-15 -# ca_ES@valencia ISO-8859-15 -# ca_FR ISO-8859-15 -# ca_FR.UTF-8 UTF-8 -# ca_IT ISO-8859-15 -# ca_IT.UTF-8 UTF-8 -# ce_RU UTF-8 -# chr_US UTF-8 -# cmn_TW UTF-8 -# crh_UA UTF-8 -# cs_CZ ISO-8859-2 -# cs_CZ.UTF-8 UTF-8 -# csb_PL UTF-8 -# cv_RU UTF-8 -# cy_GB ISO-8859-14 -# cy_GB.UTF-8 UTF-8 -# da_DK ISO-8859-1 -# da_DK.UTF-8 UTF-8 -# de_AT ISO-8859-1 -# de_AT.UTF-8 UTF-8 -# de_AT@euro ISO-8859-15 -# de_BE ISO-8859-1 -# de_BE.UTF-8 UTF-8 -# de_BE@euro ISO-8859-15 -# de_CH ISO-8859-1 -# de_CH.UTF-8 UTF-8 -# de_DE ISO-8859-1 -# de_DE.UTF-8 UTF-8 -# de_DE@euro ISO-8859-15 -# de_IT ISO-8859-1 -# de_IT.UTF-8 UTF-8 -# de_LI.UTF-8 UTF-8 -# de_LU ISO-8859-1 -# de_LU.UTF-8 UTF-8 -# de_LU@euro ISO-8859-15 -# doi_IN UTF-8 -# dv_MV UTF-8 -# dz_BT UTF-8 -# el_CY ISO-8859-7 -# el_CY.UTF-8 UTF-8 -# el_GR ISO-8859-7 -# el_GR.UTF-8 UTF-8 -# en_AG UTF-8 -# en_AU ISO-8859-1 -# en_AU.UTF-8 UTF-8 -# en_BW ISO-8859-1 -# en_BW.UTF-8 UTF-8 -# en_CA ISO-8859-1 -# en_CA.UTF-8 UTF-8 -# en_DK ISO-8859-1 -# en_DK.ISO-8859-15 ISO-8859-15 -# en_DK.UTF-8 UTF-8 -# en_GB ISO-8859-1 -# en_GB.ISO-8859-15 ISO-8859-15 -# en_GB.UTF-8 UTF-8 -# en_HK ISO-8859-1 -# en_HK.UTF-8 UTF-8 -# en_IE ISO-8859-1 -# en_IE.UTF-8 UTF-8 -# en_IE@euro ISO-8859-15 -# en_IL UTF-8 -# en_IN UTF-8 -# en_NG UTF-8 -# en_NZ ISO-8859-1 -# en_NZ.UTF-8 UTF-8 -# en_PH ISO-8859-1 -# en_PH.UTF-8 UTF-8 -# en_SG ISO-8859-1 -# en_SG.UTF-8 UTF-8 -# en_US ISO-8859-1 -# en_US.ISO-8859-15 ISO-8859-15 -en_US.UTF-8 UTF-8 -# en_ZA ISO-8859-1 -# en_ZA.UTF-8 UTF-8 -# en_ZM UTF-8 -# en_ZW ISO-8859-1 -# en_ZW.UTF-8 UTF-8 -# eo UTF-8 -# es_AR ISO-8859-1 -# es_AR.UTF-8 UTF-8 -# es_BO ISO-8859-1 -# es_BO.UTF-8 UTF-8 -# es_CL ISO-8859-1 -# es_CL.UTF-8 UTF-8 -# es_CO ISO-8859-1 -# es_CO.UTF-8 UTF-8 -# es_CR ISO-8859-1 -# es_CR.UTF-8 UTF-8 -# es_CU UTF-8 -# es_DO ISO-8859-1 -# es_DO.UTF-8 UTF-8 -# es_EC ISO-8859-1 -# es_EC.UTF-8 UTF-8 -# es_ES ISO-8859-1 -# es_ES.UTF-8 UTF-8 -# es_ES@euro ISO-8859-15 -# es_GT ISO-8859-1 -# es_GT.UTF-8 UTF-8 -# es_HN ISO-8859-1 -# es_HN.UTF-8 UTF-8 -# es_MX ISO-8859-1 -# es_MX.UTF-8 UTF-8 -# es_NI ISO-8859-1 -# es_NI.UTF-8 UTF-8 -# es_PA ISO-8859-1 -# es_PA.UTF-8 UTF-8 -# es_PE ISO-8859-1 -# es_PE.UTF-8 UTF-8 -# es_PR ISO-8859-1 -# es_PR.UTF-8 UTF-8 -# es_PY ISO-8859-1 -# es_PY.UTF-8 UTF-8 -# es_SV ISO-8859-1 -# es_SV.UTF-8 UTF-8 -# es_US ISO-8859-1 -# es_US.UTF-8 UTF-8 -# es_UY ISO-8859-1 -# es_UY.UTF-8 UTF-8 -# es_VE ISO-8859-1 -# es_VE.UTF-8 UTF-8 -# et_EE ISO-8859-1 -# et_EE.ISO-8859-15 ISO-8859-15 -# et_EE.UTF-8 UTF-8 -# eu_ES ISO-8859-1 -# eu_ES.UTF-8 UTF-8 -# eu_ES@euro ISO-8859-15 -# eu_FR ISO-8859-1 -# eu_FR.UTF-8 UTF-8 -# eu_FR@euro ISO-8859-15 -# fa_IR UTF-8 -# ff_SN UTF-8 -# fi_FI ISO-8859-1 -# fi_FI.UTF-8 UTF-8 -# fi_FI@euro ISO-8859-15 -# fil_PH UTF-8 -# fo_FO ISO-8859-1 -# fo_FO.UTF-8 UTF-8 -# fr_BE ISO-8859-1 -# fr_BE.UTF-8 UTF-8 -# fr_BE@euro ISO-8859-15 -# fr_CA ISO-8859-1 -# fr_CA.UTF-8 UTF-8 -# fr_CH ISO-8859-1 -# fr_CH.UTF-8 UTF-8 -# fr_FR ISO-8859-1 -# fr_FR.UTF-8 UTF-8 -# fr_FR@euro ISO-8859-15 -# fr_LU ISO-8859-1 -# fr_LU.UTF-8 UTF-8 -# fr_LU@euro ISO-8859-15 -# fur_IT UTF-8 -# fy_DE UTF-8 -# fy_NL UTF-8 -# ga_IE ISO-8859-1 -# ga_IE.UTF-8 UTF-8 -# ga_IE@euro ISO-8859-15 -# gd_GB ISO-8859-15 -# gd_GB.UTF-8 UTF-8 -# gez_ER UTF-8 -# gez_ER@abegede UTF-8 -# gez_ET UTF-8 -# gez_ET@abegede UTF-8 -# gl_ES ISO-8859-1 -# gl_ES.UTF-8 UTF-8 -# gl_ES@euro ISO-8859-15 -# gu_IN UTF-8 -# gv_GB ISO-8859-1 -# gv_GB.UTF-8 UTF-8 -# ha_NG UTF-8 -# hak_TW UTF-8 -# he_IL ISO-8859-8 -# he_IL.UTF-8 UTF-8 -# hi_IN UTF-8 -# hne_IN UTF-8 -# hr_HR ISO-8859-2 -# hr_HR.UTF-8 UTF-8 -# hsb_DE ISO-8859-2 -# hsb_DE.UTF-8 UTF-8 -# ht_HT UTF-8 -# hu_HU ISO-8859-2 -# hu_HU.UTF-8 UTF-8 -# hy_AM UTF-8 -# hy_AM.ARMSCII-8 ARMSCII-8 -# ia_FR UTF-8 -# id_ID ISO-8859-1 -# id_ID.UTF-8 UTF-8 -# ig_NG UTF-8 -# ik_CA UTF-8 -# is_IS ISO-8859-1 -# is_IS.UTF-8 UTF-8 -# it_CH ISO-8859-1 -# it_CH.UTF-8 UTF-8 -# it_IT ISO-8859-1 -# it_IT.UTF-8 UTF-8 -# it_IT@euro ISO-8859-15 -# iu_CA UTF-8 -# ja_JP.EUC-JP EUC-JP -# ja_JP.UTF-8 UTF-8 -# ka_GE GEORGIAN-PS -# ka_GE.UTF-8 UTF-8 -# kk_KZ PT154 -# kk_KZ.RK1048 RK1048 -# kk_KZ.UTF-8 UTF-8 -# kl_GL ISO-8859-1 -# kl_GL.UTF-8 UTF-8 -# km_KH UTF-8 -# kn_IN UTF-8 -# ko_KR.EUC-KR EUC-KR -# ko_KR.UTF-8 UTF-8 -# kok_IN UTF-8 -# ks_IN UTF-8 -# ks_IN@devanagari UTF-8 -# ku_TR ISO-8859-9 -# ku_TR.UTF-8 UTF-8 -# kw_GB ISO-8859-1 -# kw_GB.UTF-8 UTF-8 -# ky_KG UTF-8 -# lb_LU UTF-8 -# lg_UG ISO-8859-10 -# lg_UG.UTF-8 UTF-8 -# li_BE UTF-8 -# li_NL UTF-8 -# lij_IT UTF-8 -# ln_CD UTF-8 -# lo_LA UTF-8 -# lt_LT ISO-8859-13 -# lt_LT.UTF-8 UTF-8 -# lv_LV ISO-8859-13 -# lv_LV.UTF-8 UTF-8 -# lzh_TW UTF-8 -# mag_IN UTF-8 -# mai_IN UTF-8 -# mg_MG ISO-8859-15 -# mg_MG.UTF-8 UTF-8 -# mhr_RU UTF-8 -# mi_NZ ISO-8859-13 -# mi_NZ.UTF-8 UTF-8 -# mk_MK ISO-8859-5 -# mk_MK.UTF-8 UTF-8 -# ml_IN UTF-8 -# mn_MN UTF-8 -# mni_IN UTF-8 -# mr_IN UTF-8 -# ms_MY ISO-8859-1 -# ms_MY.UTF-8 UTF-8 -# mt_MT ISO-8859-3 -# mt_MT.UTF-8 UTF-8 -# my_MM UTF-8 -# nan_TW UTF-8 -# nan_TW@latin UTF-8 -# nb_NO ISO-8859-1 -# nb_NO.UTF-8 UTF-8 -# nds_DE UTF-8 -# nds_NL UTF-8 -# ne_NP UTF-8 -# nhn_MX UTF-8 -# niu_NU UTF-8 -# niu_NZ UTF-8 -# nl_AW UTF-8 -# nl_BE ISO-8859-1 -# nl_BE.UTF-8 UTF-8 -# nl_BE@euro ISO-8859-15 -# nl_NL ISO-8859-1 -# nl_NL.UTF-8 UTF-8 -# nl_NL@euro ISO-8859-15 -# nn_NO ISO-8859-1 -# nn_NO.UTF-8 UTF-8 -# nr_ZA UTF-8 -# nso_ZA UTF-8 -# oc_FR ISO-8859-1 -# oc_FR.UTF-8 UTF-8 -# om_ET UTF-8 -# om_KE ISO-8859-1 -# om_KE.UTF-8 UTF-8 -# or_IN UTF-8 -# os_RU UTF-8 -# pa_IN UTF-8 -# pa_PK UTF-8 -# pap_AW UTF-8 -# pap_CW UTF-8 -# pl_PL ISO-8859-2 -# pl_PL.UTF-8 UTF-8 -# ps_AF UTF-8 -# pt_BR ISO-8859-1 -# pt_BR.UTF-8 UTF-8 -# pt_PT ISO-8859-1 -# pt_PT.UTF-8 UTF-8 -# pt_PT@euro ISO-8859-15 -# quz_PE UTF-8 -# raj_IN UTF-8 -# ro_RO ISO-8859-2 -# ro_RO.UTF-8 UTF-8 -# ru_RU ISO-8859-5 -# ru_RU.CP1251 CP1251 -# ru_RU.KOI8-R KOI8-R -# ru_RU.UTF-8 UTF-8 -# ru_UA KOI8-U -# ru_UA.UTF-8 UTF-8 -# rw_RW UTF-8 -# sa_IN UTF-8 -# sat_IN UTF-8 -# sc_IT UTF-8 -# sd_IN UTF-8 -# sd_IN@devanagari UTF-8 -# se_NO UTF-8 -# sgs_LT UTF-8 -# shs_CA UTF-8 -# si_LK UTF-8 -# sid_ET UTF-8 -# sk_SK ISO-8859-2 -# sk_SK.UTF-8 UTF-8 -# sl_SI ISO-8859-2 -# sl_SI.UTF-8 UTF-8 -# so_DJ ISO-8859-1 -# so_DJ.UTF-8 UTF-8 -# so_ET UTF-8 -# so_KE ISO-8859-1 -# so_KE.UTF-8 UTF-8 -# so_SO ISO-8859-1 -# so_SO.UTF-8 UTF-8 -# sq_AL ISO-8859-1 -# sq_AL.UTF-8 UTF-8 -# sq_MK UTF-8 -# sr_ME UTF-8 -# sr_RS UTF-8 -# sr_RS@latin UTF-8 -# ss_ZA UTF-8 -# st_ZA ISO-8859-1 -# st_ZA.UTF-8 UTF-8 -# sv_FI ISO-8859-1 -# sv_FI.UTF-8 UTF-8 -# sv_FI@euro ISO-8859-15 -# sv_SE ISO-8859-1 -# sv_SE.ISO-8859-15 ISO-8859-15 -# sv_SE.UTF-8 UTF-8 -# sw_KE UTF-8 -# sw_TZ UTF-8 -# szl_PL UTF-8 -# ta_IN UTF-8 -# ta_LK UTF-8 -# tcy_IN.UTF-8 UTF-8 -# te_IN UTF-8 -# tg_TJ KOI8-T -# tg_TJ.UTF-8 UTF-8 -# th_TH TIS-620 -# th_TH.UTF-8 UTF-8 -# the_NP UTF-8 -# ti_ER UTF-8 -# ti_ET UTF-8 -# tig_ER UTF-8 -# tk_TM UTF-8 -# tl_PH ISO-8859-1 -# tl_PH.UTF-8 UTF-8 -# tn_ZA UTF-8 -# tr_CY ISO-8859-9 -# tr_CY.UTF-8 UTF-8 -# tr_TR ISO-8859-9 -# tr_TR.UTF-8 UTF-8 -# ts_ZA UTF-8 -# tt_RU UTF-8 -# tt_RU@iqtelif UTF-8 -# ug_CN UTF-8 -# uk_UA KOI8-U -# uk_UA.UTF-8 UTF-8 -# unm_US UTF-8 -# ur_IN UTF-8 -# ur_PK UTF-8 -# uz_UZ ISO-8859-1 -# uz_UZ.UTF-8 UTF-8 -# uz_UZ@cyrillic UTF-8 -# ve_ZA UTF-8 -# vi_VN UTF-8 -# wa_BE ISO-8859-1 -# wa_BE.UTF-8 UTF-8 -# wa_BE@euro ISO-8859-15 -# wae_CH UTF-8 -# wal_ET UTF-8 -# wo_SN UTF-8 -# xh_ZA ISO-8859-1 -# xh_ZA.UTF-8 UTF-8 -# yi_US CP1255 -# yi_US.UTF-8 UTF-8 -# yo_NG UTF-8 -# yue_HK UTF-8 -# zh_CN GB2312 -# zh_CN.GB18030 GB18030 -# zh_CN.GBK GBK -# zh_CN.UTF-8 UTF-8 -# zh_HK BIG5-HKSCS -# zh_HK.UTF-8 UTF-8 -# zh_SG GB2312 -# zh_SG.GBK GBK -# zh_SG.UTF-8 UTF-8 -# zh_TW BIG5 -# zh_TW.EUC-TW EUC-TW -# zh_TW.UTF-8 UTF-8 -# zu_ZA ISO-8859-1 -# zu_ZA.UTF-8 UTF-8 diff --git a/all_new_2018/linkable_etc_files/all/etc/timezone b/all_new_2018/linkable_etc_files/all/etc/timezone deleted file mode 100644 index 94d5acc..0000000 --- a/all_new_2018/linkable_etc_files/all/etc/timezone +++ /dev/null @@ -1 +0,0 @@ -Europe/Berlin diff --git a/all_new_2018/linkable_etc_files/mail/etc/aliases b/all_new_2018/linkable_etc_files/mail/etc/aliases deleted file mode 100644 index 59c52b4..0000000 --- a/all_new_2018/linkable_etc_files/mail/etc/aliases +++ /dev/null @@ -1,23 +0,0 @@ -# /etc/aliases - -# As per RFC 2142. -mailer-daemon: plom -postmaster: plom -hostmaster: plom -usenet: plom -news: plom -webmaster: plom -www: plom -ftp: plom -abuse: plom -noc: plom -security: plom -root: plom - -# Personal aliases. -plomlompom: plom -christian.heller: plom -christian_heller: plom -christianheller: plom -c.heller: plom -heller: plom diff --git a/all_new_2018/linkable_etc_files/mail/etc/dovecot/conf.d/99-auth.conf b/all_new_2018/linkable_etc_files/mail/etc/dovecot/conf.d/99-auth.conf deleted file mode 100644 index 4a8549c..0000000 --- a/all_new_2018/linkable_etc_files/mail/etc/dovecot/conf.d/99-auth.conf +++ /dev/null @@ -1,3 +0,0 @@ -# This is only necessary when we use dovecot's LMTP mechanism to receive -# mail from postfix. -auth_username_format = %Ln diff --git a/all_new_2018/linkable_etc_files/mail/etc/dovecot/conf.d/99-lmtp.conf b/all_new_2018/linkable_etc_files/mail/etc/dovecot/conf.d/99-lmtp.conf deleted file mode 100644 index 097f04e..0000000 --- a/all_new_2018/linkable_etc_files/mail/etc/dovecot/conf.d/99-lmtp.conf +++ /dev/null @@ -1,4 +0,0 @@ -# Add sieve filtering. -protocol lmtp { - mail_plugins = $mail_plugins sieve -} diff --git a/all_new_2018/linkable_etc_files/mail/etc/dovecot/conf.d/99-mail.conf b/all_new_2018/linkable_etc_files/mail/etc/dovecot/conf.d/99-mail.conf deleted file mode 100644 index 1ea9178..0000000 --- a/all_new_2018/linkable_etc_files/mail/etc/dovecot/conf.d/99-mail.conf +++ /dev/null @@ -1 +0,0 @@ -mail_privileged_group = mail \ No newline at end of file diff --git a/all_new_2018/linkable_etc_files/mail/etc/dovecot/conf.d/99-master.conf b/all_new_2018/linkable_etc_files/mail/etc/dovecot/conf.d/99-master.conf deleted file mode 100644 index f8c5b43..0000000 --- a/all_new_2018/linkable_etc_files/mail/etc/dovecot/conf.d/99-master.conf +++ /dev/null @@ -1,20 +0,0 @@ -service auth { - unix_listener auth-userdb { - } - - unix_listener /var/spool/postfix/private/auth { - mode = 0660 - user = postfix - group = postfix - } -} - -# We don't strictly need to provide a LMTP server to fetch mail from -# postfix, but we do if we want to do sophisticated stuff like sieve -# filtering on the way. -service lmtp { - inet_listener lmtp { - address = 127.0.0.1 - port = 2424 - } -} diff --git a/all_new_2018/linkable_etc_files/mail/etc/dovecot/conf.d/99-ssl.conf b/all_new_2018/linkable_etc_files/mail/etc/dovecot/conf.d/99-ssl.conf deleted file mode 100644 index 7fa2f5f..0000000 --- a/all_new_2018/linkable_etc_files/mail/etc/dovecot/conf.d/99-ssl.conf +++ /dev/null @@ -1 +0,0 @@ -ssl = required diff --git a/all_new_2018/linkable_etc_files/mail/etc/iptables/rules.v4 b/all_new_2018/linkable_etc_files/mail/etc/iptables/rules.v4 deleted file mode 100644 index 2950321..0000000 --- a/all_new_2018/linkable_etc_files/mail/etc/iptables/rules.v4 +++ /dev/null @@ -1,20 +0,0 @@ -*filter -:INPUT DROP [0:0] -:FORWARD DROP [0:0] -:OUTPUT ACCEPT [0:0] -# otherwise self-referential connections to local host will fail --A INPUT -i lo -j ACCEPT -# this enables ping etc. --A INPUT -p icmp -j ACCEPT -# tolerate any inbound connections requested by our server, no matter the port --A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -# SSH --A INPUT -p tcp --dport 22 -j ACCEPT -# SMTP (allowing for STARTTLS); necessary for mail server to mail server banter --A INPUT -p tcp --dport 25 -j ACCEPT -# SMTPS, for mail server to mail user agent communication --A INPUT -p tcp --dport 465 -j ACCEPT -# IMAPS --A INPUT -p tcp --dport 993 -j ACCEPT -COMMIT -# this last line is here because iptables-restore ignores the final command if no newline follows it \ No newline at end of file diff --git a/all_new_2018/linkable_etc_files/mail/etc/mailutils.conf b/all_new_2018/linkable_etc_files/mail/etc/mailutils.conf deleted file mode 100644 index 44efe26..0000000 --- a/all_new_2018/linkable_etc_files/mail/etc/mailutils.conf +++ /dev/null @@ -1,4 +0,0 @@ -# mailutils by default uses the FQDN as the mail domain name, fix this -address { - email-domain REPLACE_maildomain_ECALPER; -}; diff --git a/all_new_2018/linkable_etc_files/mail/etc/opendkim.conf b/all_new_2018/linkable_etc_files/mail/etc/opendkim.conf deleted file mode 100644 index dbd31b4..0000000 --- a/all_new_2018/linkable_etc_files/mail/etc/opendkim.conf +++ /dev/null @@ -1,86 +0,0 @@ -# This is a basic configuration that can easily be adapted to suit a standard -# installation. For more advanced options, see opendkim.conf(5) and/or -# /usr/share/doc/opendkim/examples/opendkim.conf.sample. - -# Log to syslog -Syslog yes -# Required to use local socket with MTAs that access the socket as a non- -# privileged user (e.g. Postfix) -UMask 007 - -# Sign for example.com with key in /etc/dkimkeys/dkim.key using -# selector '2007' (e.g. 2007._domainkey.example.com) -#Domain example.com -#KeyFile /etc/dkimkeys/dkim.key -#Selector 2007 -Domain REPLACE_Domain_ECALPER -KeyFile /etc/dkimkeys/REPLACE_Selector_ECALPER.private -Selector REPLACE_Selector_ECALPER - -# Commonly-used options; the commented-out versions show the defaults. -#Canonicalization simple -#Mode sv -#SubDomains no -#SubDomains yes -Canonicalization relaxed/simple - -# Socket smtp://localhost -# -# ## Socket socketspec -# ## -# ## Names the socket where this filter should listen for milter connections -# ## from the MTA. Required. Should be in one of these forms: -# ## -# ## inet:port@address to listen on a specific interface -# ## inet:port to listen on all interfaces -# ## local:/path/to/socket to listen on a UNIX domain socket -# -#Socket inet:8892@localhost -#Socket local:/var/run/opendkim/opendkim.sock -Socket inet:12301@localhost - -## PidFile filename -### default (none) -### -### Name of the file where the filter should write its pid before beginning -### normal operations. -# -PidFile /var/run/opendkim/opendkim.pid - - -# Always oversign From (sign using actual From and a null From to prevent -# malicious signatures header fields (From and/or others) between the signer -# and the verifier. From is oversigned by default in the Debian pacakge -# because it is often the identity key used by reputation systems and thus -# somewhat security sensitive. -OversignHeaders From - -## ResolverConfiguration filename -## default (none) -## -## Specifies a configuration file to be passed to the Unbound library that -## performs DNS queries applying the DNSSEC protocol. See the Unbound -## documentation at http://unbound.net for the expected content of this file. -## The results of using this and the TrustAnchorFile setting at the same -## time are undefined. -## In Debian, /etc/unbound/unbound.conf is shipped as part of the Suggested -## unbound package - -# ResolverConfiguration /etc/unbound/unbound.conf - -## TrustAnchorFile filename -## default (none) -## -## Specifies a file from which trust anchor data should be read when doing -## DNS queries and applying the DNSSEC protocol. See the Unbound documentation -## at http://unbound.net for the expected format of this file. - -TrustAnchorFile /usr/share/dns/root.key - -## Userid userid -### default (none) -### -### Change to user "userid" before starting normal operation? May include -### a group ID as well, separated from the userid by a colon. -# -UserID opendkim \ No newline at end of file diff --git a/all_new_2018/linkable_etc_files/mail/etc/postfix/main.cf b/all_new_2018/linkable_etc_files/mail/etc/postfix/main.cf deleted file mode 100644 index 7074961..0000000 --- a/all_new_2018/linkable_etc_files/mail/etc/postfix/main.cf +++ /dev/null @@ -1,59 +0,0 @@ -# See /usr/share/postfix/main.cf.dist for a commented, more complete version - - -# Debian specific: Specifying a file name will cause the first -# line of that file to be used as the name. The Debian default -# is /etc/mailname. -#myorigin = /etc/mailname - -smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) -biff = no - -# appending .domain is the MUA's job. -append_dot_mydomain = no - -# Uncomment the next line to generate "delayed mail" warnings -#delay_warning_time = 4h - -readme_directory = no - -# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on -# fresh installs. -compatibility_level = 2 - -# TLS parameters (excluding smtpd_tls_(cert|key)_file for own adaption below) -smtpd_use_tls=yes -smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache -smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache - -# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for -# information on enabling SSL in the smtp client. - -smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination -myorigin = /etc/mailname -myhostname = REPLACE_myhostname_ECALPER -alias_maps = hash:/etc/aliases -alias_database = hash:/etc/aliases -mydestination = $myhostname localhost.$mydomain localhost REPLACE_mydomain_if_domainwide_ECALPER -relayhost = -mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 -mailbox_size_limit = 0 -recipient_delimiter = + -inet_interfaces = all -inet_protocols = all - -# plomlompom-specific adaptions to allow TLS and SASL via LetsEncrypt/Dovecot. -smtpd_tls_cert_file=/etc/letsencrypt/live/${myhostname}/fullchain.pem -smtpd_tls_key_file=/etc/letsencrypt/live/${myhostname}/privkey.pem -smtpd_sasl_type = dovecot -smtpd_sasl_path = private/auth - -# connect to opendkim -smtpd_milters = inet:localhost:12301 -non_smtpd_milters = inet:localhost:12301 - -# transport mail to dovecot; not strictly needed, as even without this -# postfix will throw mail to /var/mail/USER to be found by dovecot for -# serving via IMAP etc.; but using dovecot's LMTP server for delivery -# allows us to do stuff like dovecot-side sieve filtering. -mailbox_transport = lmtp:inet:127.0.0.1:2424 \ No newline at end of file diff --git a/all_new_2018/linkable_etc_files/mail/etc/postfix/master.cf b/all_new_2018/linkable_etc_files/mail/etc/postfix/master.cf deleted file mode 100644 index bce1262..0000000 --- a/all_new_2018/linkable_etc_files/mail/etc/postfix/master.cf +++ /dev/null @@ -1,124 +0,0 @@ -# -# Postfix master process configuration file. For details on the format -# of the file, see the master(5) manual page (command: "man 5 master" or -# on-line: http://www.postfix.org/master.5.html). -# -# Do not forget to execute "postfix reload" after editing this file. -# -# ========================================================================== -# service type private unpriv chroot wakeup maxproc command + args -# (yes) (yes) (no) (never) (100) -# ========================================================================== -smtp inet n - y - - smtpd -#smtp inet n - y - 1 postscreen -#smtpd pass - - y - - smtpd -#dnsblog unix - - y - 0 dnsblog -#tlsproxy unix - - y - 0 tlsproxy -#submission inet n - y - - smtpd -# -o syslog_name=postfix/submission -# -o smtpd_tls_security_level=encrypt -# -o smtpd_sasl_auth_enable=yes -# -o smtpd_reject_unlisted_recipient=no -# -o smtpd_client_restrictions=$mua_client_restrictions -# -o smtpd_helo_restrictions=$mua_helo_restrictions -# -o smtpd_sender_restrictions=$mua_sender_restrictions -# -o smtpd_recipient_restrictions= -# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject -# -o milter_macro_daemon_name=ORIGINATING -smtps inet n - y - - smtpd - -o syslog_name=postfix/smtps - -o smtpd_tls_wrappermode=yes - -o smtpd_sasl_auth_enable=yes - -o smtpd_reject_unlisted_recipient=no -# -o smtpd_client_restrictions=$mua_client_restrictions -# -o smtpd_helo_restrictions=$mua_helo_restrictions -# -o smtpd_sender_restrictions=$mua_sender_restrictions -# -o smtpd_recipient_restrictions= -# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject -# -o milter_macro_daemon_name=ORIGINATING -#628 inet n - y - - qmqpd -pickup unix n - y 60 1 pickup -cleanup unix n - y - 0 cleanup -qmgr unix n - n 300 1 qmgr -#qmgr unix n - n 300 1 oqmgr -tlsmgr unix - - y 1000? 1 tlsmgr -rewrite unix - - y - - trivial-rewrite -bounce unix - - y - 0 bounce -defer unix - - y - 0 bounce -trace unix - - y - 0 bounce -verify unix - - y - 1 verify -flush unix n - y 1000? 0 flush -proxymap unix - - n - - proxymap -proxywrite unix - - n - 1 proxymap -smtp unix - - y - - smtp -relay unix - - y - - smtp -# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 -showq unix n - y - - showq -error unix - - y - - error -retry unix - - y - - error -discard unix - - y - - discard -local unix - n n - - local -virtual unix - n n - - virtual -lmtp unix - - y - - lmtp -anvil unix - - y - 1 anvil -scache unix - - y - 1 scache -# -# ==================================================================== -# Interfaces to non-Postfix software. Be sure to examine the manual -# pages of the non-Postfix software to find out what options it wants. -# -# Many of the following services use the Postfix pipe(8) delivery -# agent. See the pipe(8) man page for information about ${recipient} -# and other message envelope options. -# ==================================================================== -# -# maildrop. See the Postfix MAILDROP_README file for details. -# Also specify in main.cf: maildrop_destination_recipient_limit=1 -# -maildrop unix - n n - - pipe - flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient} -# -# ==================================================================== -# -# Recent Cyrus versions can use the existing "lmtp" master.cf entry. -# -# Specify in cyrus.conf: -# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4 -# -# Specify in main.cf one or more of the following: -# mailbox_transport = lmtp:inet:localhost -# virtual_transport = lmtp:inet:localhost -# -# ==================================================================== -# -# Cyrus 2.1.5 (Amos Gouaux) -# Also specify in main.cf: cyrus_destination_recipient_limit=1 -# -#cyrus unix - n n - - pipe -# user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user} -# -# ==================================================================== -# Old example of delivery via Cyrus. -# -#old-cyrus unix - n n - - pipe -# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user} -# -# ==================================================================== -# -# See the Postfix UUCP_README file for configuration details. -# -uucp unix - n n - - pipe - flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) -# -# Other external delivery methods. -# -ifmail unix - n n - - pipe - flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) -bsmtp unix - n n - - pipe - flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient -scalemail-backend unix - n n - 2 pipe - flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension} -mailman unix - n n - - pipe - flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py - ${nexthop} ${user} - diff --git a/all_new_2018/linkable_etc_files/mail/etc/systemd/system/fetchmail.service b/all_new_2018/linkable_etc_files/mail/etc/systemd/system/fetchmail.service deleted file mode 100644 index dc8acb4..0000000 --- a/all_new_2018/linkable_etc_files/mail/etc/systemd/system/fetchmail.service +++ /dev/null @@ -1,8 +0,0 @@ -[Unit] -Description=Run plom's fetchmail - -[Service] -Type=oneshot -User=plom -# fetchmail returns 1 when no new mail, we want to catch that -ExecStart=/bin/sh -c 'fetchmail || [ $? -eq 1 ]' diff --git a/all_new_2018/linkable_etc_files/mail/etc/systemd/system/pingmail.service b/all_new_2018/linkable_etc_files/mail/etc/systemd/system/pingmail.service deleted file mode 100644 index e332114..0000000 --- a/all_new_2018/linkable_etc_files/mail/etc/systemd/system/pingmail.service +++ /dev/null @@ -1,7 +0,0 @@ -[Unit] -Description=Run pingmail check - -[Service] -Type=oneshot -User=plom -ExecStart=/bin/sh -c '~/pingmail/pingmail check' diff --git a/all_new_2018/linkable_etc_files/mail/etc/systemd/system/timers.target.wants/fetchmail.timer b/all_new_2018/linkable_etc_files/mail/etc/systemd/system/timers.target.wants/fetchmail.timer deleted file mode 100644 index c67e8e7..0000000 --- a/all_new_2018/linkable_etc_files/mail/etc/systemd/system/timers.target.wants/fetchmail.timer +++ /dev/null @@ -1,8 +0,0 @@ -[Unit] -Description=Run fetchmail once every minute - -[Timer] -OnCalendar=*-*-* *:*:00 - -[Install] -WantedBy=timers.target diff --git a/all_new_2018/linkable_etc_files/mail/etc/systemd/system/timers.target.wants/pingmail.timer b/all_new_2018/linkable_etc_files/mail/etc/systemd/system/timers.target.wants/pingmail.timer deleted file mode 100644 index dba0c9f..0000000 --- a/all_new_2018/linkable_etc_files/mail/etc/systemd/system/timers.target.wants/pingmail.timer +++ /dev/null @@ -1,8 +0,0 @@ -[Unit] -Description=Run pingmail check once every hour - -[Timer] -OnCalendar=*-*-* *:00:00 - -[Install] -WantedBy=timers.target diff --git a/all_new_2018/linkable_etc_files/play/etc/systemd/system/encrypt_chatlogs.service b/all_new_2018/linkable_etc_files/play/etc/systemd/system/encrypt_chatlogs.service deleted file mode 100644 index d0fcb9c..0000000 --- a/all_new_2018/linkable_etc_files/play/etc/systemd/system/encrypt_chatlogs.service +++ /dev/null @@ -1,6 +0,0 @@ -[Unit] -Description=Pull website repo -[Service] -Type=oneshot -User=plom -ExecStart=/bin/sh -c '~/encrypter.sh' diff --git a/all_new_2018/linkable_etc_files/play/etc/systemd/system/timers.target.wants/encrypt_chatlogs.timer b/all_new_2018/linkable_etc_files/play/etc/systemd/system/timers.target.wants/encrypt_chatlogs.timer deleted file mode 100644 index 79a6e1e..0000000 --- a/all_new_2018/linkable_etc_files/play/etc/systemd/system/timers.target.wants/encrypt_chatlogs.timer +++ /dev/null @@ -1,8 +0,0 @@ -[Unit] -Description=Attempt encryption of old chatlogs once every minute. - -[Timer] -OnCalendar=*-*-* *:*:00 - -[Install] -WantedBy=timers.target \ No newline at end of file diff --git a/all_new_2018/linkable_etc_files/sendonly/etc/aliases b/all_new_2018/linkable_etc_files/sendonly/etc/aliases deleted file mode 100644 index 01e159c..0000000 --- a/all_new_2018/linkable_etc_files/sendonly/etc/aliases +++ /dev/null @@ -1,3 +0,0 @@ -# /etc/aliases -postmaster: root -root: plom@plomlompom.com \ No newline at end of file diff --git a/all_new_2018/linkable_etc_files/sendonly/etc/postfix/main.cf b/all_new_2018/linkable_etc_files/sendonly/etc/postfix/main.cf deleted file mode 100644 index d081783..0000000 --- a/all_new_2018/linkable_etc_files/sendonly/etc/postfix/main.cf +++ /dev/null @@ -1,38 +0,0 @@ -# See /usr/share/postfix/main.cf.dist for a commented, more complete version - - -# Debian specific: Specifying a file name will cause the first -# line of that file to be used as the name. The Debian default -# is /etc/mailname. -#myorigin = /etc/mailname - -smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) -biff = no - -# appending .domain is the MUA's job. -append_dot_mydomain = no - -# Uncomment the next line to generate "delayed mail" warnings -#delay_warning_time = 4h - -readme_directory = no - -# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on -# fresh installs. -compatibility_level = 2 - -# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for -# information on enabling SSL in the smtp client. - -smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination -myorigin = /etc/mailname -myhostname = $myorigin -alias_maps = hash:/etc/aliases -alias_database = hash:/etc/aliases -mydestination = $myhostname localhost.$mydomain localhost -relayhost = -mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 -mailbox_size_limit = 0 -recipient_delimiter = + -inet_interfaces = loopback-only -inet_protocols = all \ No newline at end of file diff --git a/all_new_2018/linkable_etc_files/server/etc/iptables/rules.v4 b/all_new_2018/linkable_etc_files/server/etc/iptables/rules.v4 deleted file mode 100644 index 8e0b1f6..0000000 --- a/all_new_2018/linkable_etc_files/server/etc/iptables/rules.v4 +++ /dev/null @@ -1,14 +0,0 @@ -*filter -:INPUT DROP [0:0] -:FORWARD DROP [0:0] -:OUTPUT ACCEPT [0:0] -# otherwise self-referential connections to local host will fail --A INPUT -i lo -j ACCEPT -# tolerate any inbound connections requested by our server, no matter the port --A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -# this enables ping etc. --A INPUT -p icmp -j ACCEPT -# SSH --A INPUT -p tcp --dport 22 -j ACCEPT -COMMIT -# this last line is here because iptables-restore ignores the final command if no newline follows it \ No newline at end of file diff --git a/all_new_2018/linkable_etc_files/server/etc/ssh/sshd_config b/all_new_2018/linkable_etc_files/server/etc/ssh/sshd_config deleted file mode 100644 index 89d08ac..0000000 --- a/all_new_2018/linkable_etc_files/server/etc/ssh/sshd_config +++ /dev/null @@ -1,126 +0,0 @@ -# $OpenBSD: sshd_config,v 1.100 2016/08/15 12:32:04 naddy Exp $ - -# This is the sshd server system-wide configuration file. See -# sshd_config(5) for more information. - -# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin - -# The strategy used for options in the default sshd_config shipped with -# OpenSSH is to specify options with their default value where -# possible, but leave them commented. Uncommented options override the -# default value. - -Port 22 -#AddressFamily any -#ListenAddress 0.0.0.0 -#ListenAddress :: - -#HostKey /etc/ssh/ssh_host_rsa_key -#HostKey /etc/ssh/ssh_host_ecdsa_key -#HostKey /etc/ssh/ssh_host_ed25519_key - -# Ciphers and keying -#RekeyLimit default none - -# Logging -#SyslogFacility AUTH -#LogLevel INFO - -# Authentication: - -#LoginGraceTime 2m -PermitRootLogin no # plomlompom's security rule -#StrictModes yes -#MaxAuthTries 6 -#MaxSessions 10 - -#PubkeyAuthentication yes - -# Expect .ssh/authorized_keys2 to be disregarded by default in future. -#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2 - -#AuthorizedPrincipalsFile none - -#AuthorizedKeysCommand none -#AuthorizedKeysCommandUser nobody - -# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts -#HostbasedAuthentication no -# Change to yes if you don't trust ~/.ssh/known_hosts for -# HostbasedAuthentication -#IgnoreUserKnownHosts no -# Don't read the user's ~/.rhosts and ~/.shosts files -#IgnoreRhosts yes - -# To disable tunneled clear text passwords, change to no here! -#PasswordAuthentication yes -#PermitEmptyPasswords no - -# Change to yes to enable challenge-response passwords (beware issues with -# some PAM modules and threads) -ChallengeResponseAuthentication no - -# Kerberos options -#KerberosAuthentication no -#KerberosOrLocalPasswd yes -#KerberosTicketCleanup yes -#KerberosGetAFSToken no - -# GSSAPI options -#GSSAPIAuthentication no -#GSSAPICleanupCredentials yes -#GSSAPIStrictAcceptorCheck yes -#GSSAPIKeyExchange no - -# Set this to 'yes' to enable PAM authentication, account processing, -# and session processing. If this is enabled, PAM authentication will -# be allowed through the ChallengeResponseAuthentication and -# PasswordAuthentication. Depending on your PAM configuration, -# PAM authentication via ChallengeResponseAuthentication may bypass -# the setting of "PermitRootLogin yes -# If you just want the PAM account and session checks to run without -# PAM authentication, then enable this but set PasswordAuthentication -# and ChallengeResponseAuthentication to 'no'. -UsePAM yes - -#AllowAgentForwarding yes -#AllowTcpForwarding yes -#GatewayPorts no -X11Forwarding yes -#X11DisplayOffset 10 -#X11UseLocalhost yes -#PermitTTY yes -PrintMotd no -#PrintLastLog yes -#TCPKeepAlive yes -#UseLogin no -#UsePrivilegeSeparation sandbox -#PermitUserEnvironment no -#Compression delayed -#ClientAliveInterval 0 -#ClientAliveCountMax 3 -#UseDNS no -#PidFile /var/run/sshd.pid -#MaxStartups 10:30:100 -#PermitTunnel no -#ChrootDirectory none -#VersionAddendum none - -# no default banner path -#Banner none - -# Allow client to pass locale environment variables -AcceptEnv LANG LC_* - -# override default of no subsystems -Subsystem sftp /usr/lib/openssh/sftp-server - -# Example of overriding settings on a per-user basis -#Match User anoncvs -# X11Forwarding no -# AllowTcpForwarding no -# PermitTTY no -# ForceCommand cvs server - -ClientAliveInterval 120 -PasswordAuthentication no # plomlompom's security rule diff --git a/all_new_2018/linkable_etc_files/web/etc/cron.d/certbot b/all_new_2018/linkable_etc_files/web/etc/cron.d/certbot deleted file mode 100644 index 1fd8aaf..0000000 --- a/all_new_2018/linkable_etc_files/web/etc/cron.d/certbot +++ /dev/null @@ -1,17 +0,0 @@ -# /etc/cron.d/certbot: crontab entries for the certbot package -# -# Upstream recommends attempting renewal twice a day -# -# Eventually, this will be an opportunity to validate certificates -# haven't been revoked, etc. Renewal will only occur if expiration -# is within 30 days. -SHELL=/bin/sh -PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin - -# plomlompom added the --webroot -w /var/www/html/ so that renewal -# works with nginx running, and the nginx reload post-hook so that -# the new certificates are linked to by nginx. Note that by default -# we rely on the systemd timer service file instead of this cronjob, -# but since both are installed by the certbot package to serve which -# ever of the two is used, we cautiously adapt both of them too. -0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(3600))' && certbot -q renew --webroot -w /var/www/html/ --post-hook "service nginx reload" diff --git a/all_new_2018/linkable_etc_files/web/etc/gitweb.conf b/all_new_2018/linkable_etc_files/web/etc/gitweb.conf deleted file mode 100644 index 71ce3c5..0000000 --- a/all_new_2018/linkable_etc_files/web/etc/gitweb.conf +++ /dev/null @@ -1,19 +0,0 @@ -# path to git projects (<project>.git) -$projectroot = "/var/public_repos"; - -# directory to use for temp files -# explicitely set by Debian so it's probably a good choice -$git_temp = "/tmp"; - -# git-diff-tree(1) options to use for generated patches -# we don't want to to guess renames, so empty -@diff_opts = (); - -# Base path for where to find the repos for cloning. -@git_base_url_list = ('https://REPLACE_fqdn_ECALPER/repos/clone'); - -# allow snapshots -$feature{'snapshot'}{'default'} = ['zip', 'tgz']; - -# insert header for GDPR compliance -$site_header = "/var/www/header.html" diff --git a/all_new_2018/linkable_etc_files/web/etc/iptables/rules.v4 b/all_new_2018/linkable_etc_files/web/etc/iptables/rules.v4 deleted file mode 100644 index 9b714c6..0000000 --- a/all_new_2018/linkable_etc_files/web/etc/iptables/rules.v4 +++ /dev/null @@ -1,18 +0,0 @@ -*filter -:INPUT DROP [0:0] -:FORWARD DROP [0:0] -:OUTPUT ACCEPT [0:0] -# otherwise self-referential connections to local host will fail --A INPUT -i lo -j ACCEPT -# tolerate any inbound connections requested by our server, no matter the port --A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -# this enables ping etc. --A INPUT -p icmp -j ACCEPT -# SSH --A INPUT -p tcp --dport 22 -j ACCEPT -# HTTP --A INPUT -p tcp --dport 80 -j ACCEPT -# HTTPS --A INPUT -p tcp --dport 443 -j ACCEPT -COMMIT -# this last line is here because iptables-restore ignores the final command if no newline follows it \ No newline at end of file diff --git a/all_new_2018/linkable_etc_files/web/etc/nginx/nginx.conf b/all_new_2018/linkable_etc_files/web/etc/nginx/nginx.conf deleted file mode 100644 index f1be9e6..0000000 --- a/all_new_2018/linkable_etc_files/web/etc/nginx/nginx.conf +++ /dev/null @@ -1,84 +0,0 @@ -# system integration -user www-data; -worker_processes auto; -pid /run/nginx.pid; - -# we need this for the xslt_stylesheet directive below -#load_module modules/ngx_http_xslt_filter_module.so; - -# is expected even if empty -events { -} - -http { - # define content-type headers - types { - text/html html htm shtml; - text/css css; - text/xml xml; - text/plain txt sh rst md asc; - application/xhtml+xml xhtml; - application/pdf pdf; - image/jpeg jpg jpeg; - image/png png; - } - default_type application/octet_stream; - charset utf-8; - - # logging deactivated due to GDPR - #access_log /var/log/nginx/access.log; - #error_log /var/log/nginx/error.log; - - # HTTP server: only enforce HTTPS - server { - listen 80; - return 301 https://$host$request_uri; - } - - # HTTPS server - server { - listen 443 ssl; - server_name REPLACE_fqdn_ECALPER; - ssl_certificate /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/privkey.pem; - root /var/www/html/; - index index.html index.htm index.nginx-debian.html; - - # serve /var/www/public_repos/* for HTTPS git cloning - location ~ /repos/clone(/.*) { - include fastcgi_params; - fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend; - fastcgi_param GIT_HTTP_EXPORT_ALL ""; - fastcgi_param GIT_PROJECT_ROOT /var/public_repos; - fastcgi_param PATH_INFO $1; - fastcgi_pass unix:/var/run/fcgiwrap.socket; - } - - # gitweb static files - location /repos/static/ { - alias /usr/share/gitweb/static/; - } - - # gitweb; this needs packages fcgiwrap and gitweb - location /repos/ { - include fastcgi_params; - fastcgi_param SCRIPT_FILENAME /usr/share/gitweb/gitweb.cgi; - fastcgi_param GITWEB_CONFIG /etc/gitweb.conf; - fastcgi_pass unix:/var/run/fcgiwrap.socket; - } - - # login-protected IRC logs - location ~ /irclogs/([^/]+)/ { - auth_basic "$1 logs"; - auth_basic_user_file /var/www/irclogs_pw/$1; - autoindex on; - } - - ## entry for IRC logs - #location /irclogs/ { - # autoindex on; - # autoindex_format xml; - # xslt_stylesheet /var/www/autoindex.xslt; - #} - } -} diff --git a/all_new_2018/linkable_etc_files/web/etc/systemd/system/certbot.service b/all_new_2018/linkable_etc_files/web/etc/systemd/system/certbot.service deleted file mode 100644 index 0d20d1f..0000000 --- a/all_new_2018/linkable_etc_files/web/etc/systemd/system/certbot.service +++ /dev/null @@ -1,11 +0,0 @@ -[Unit] -Description=Certbot -Documentation=file:///usr/share/doc/python-certbot-doc/html/index.html -Documentation=https://letsencrypt.readthedocs.io/en/latest/ -[Service] -# plomlompom added the --webroot -w /var/www/html/ so that renewal -# works with nginx running, and the nginx reload post-hook so that -# the new certificates are linked to by nginx. -Type=oneshot -ExecStart=/usr/bin/certbot -q renew --webroot -w /var/www/html/ --post-hook "service nginx reload" -PrivateTmp=true \ No newline at end of file diff --git a/all_new_2018/linkable_etc_files/web/etc/systemd/system/plomlombot.service b/all_new_2018/linkable_etc_files/web/etc/systemd/system/plomlombot.service deleted file mode 100644 index a4f6769..0000000 --- a/all_new_2018/linkable_etc_files/web/etc/systemd/system/plomlombot.service +++ /dev/null @@ -1,11 +0,0 @@ -[Unit] -Description=plomlombot screen - -[Service] -Type=simple -User=plom -ExecStart=/bin/sh -c '~/plomlombot_daemon.sh' -Restart=always - -[Install] -WantedBy=multi-user.target diff --git a/all_new_2018/setup_scripts/add_encryption_key.sh b/all_new_2018/setup_scripts/add_encryption_key.sh deleted file mode 100755 index 71a9488..0000000 --- a/all_new_2018/setup_scripts/add_encryption_key.sh +++ /dev/null @@ -1,30 +0,0 @@ -#!/bin/sh -set -e - -# Ensure we have a GPG target to encrypt to. -if [ $# -lt 1 ]; then - echo "Need public key ID as argument." - false -fi -gpg_key="$1" - -config_tree_prefix="${HOME}/config/all_new_2018" -apt -y install gnupg dirmngr -keyservers='sks-keyservers.net/ keys.gnupg.net' -set +e -while true; do - do_break=0 - for keyserver in $(echo "${keyservers}"); do - su plom -c "gpg --no-tty --keyserver $keyserver --recv-key ${gpg_key}" - if [ $? -eq "0" ]; then - do_break=1 - break - fi - echo "Attempt with keyserver ${keyserver} unsuccessful, trying other." - done - if [ "${do_break}" -eq "1" ]; then - break - fi -done -set -e -# TODO: We may remove dirmngr here if only this script installed it. diff --git a/all_new_2018/setup_scripts/hardlink_etc.sh b/all_new_2018/setup_scripts/hardlink_etc.sh deleted file mode 100755 index 9d9acc2..0000000 --- a/all_new_2018/setup_scripts/hardlink_etc.sh +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/sh -# Hard link files to those in argument-selected subdirectories of -# linkable_etc_files//, e.g. link /etc/foo/bar to -# linkable_etc_files/$1/etc/foo/bar and so on. Create directories as -# necessary. We do the hard linking so files that should be readable to -# non-root in /etc/ remain so despite having a path below /root/, as -# symbolic links point into /root/ without making the targets readable -# to non-root. -# CAUTION: This removes original files at the affected paths. -set -e - -config_tree_prefix="${HOME}/config/all_new_2018" -linkable_files_dir="${config_tree_prefix}/linkable_etc_files" - -for target in "$@"; do - cd "${linkable_files_dir}/${target}" - for path in $(find . -type f); do - linking=$(echo "${path}" | cut -c2-) - linked=$(realpath "${path}") - dir=$(dirname "${linking}") - mkdir -p "${dir}" - ln -f "${linked}" "${linking}" - done -done diff --git a/all_new_2018/setup_scripts/init_user_and_keybased_login.sh b/all_new_2018/setup_scripts/init_user_and_keybased_login.sh deleted file mode 100755 index 6a46c20..0000000 --- a/all_new_2018/setup_scripts/init_user_and_keybased_login.sh +++ /dev/null @@ -1,52 +0,0 @@ -#!/bin/sh -# This script turns a fresh server with password-based root access to -# one of only key-based access and only to new non-root account plom. -# -# CAUTION: This is optimized for a *fresh* setup. It will overwrite any -# pre-existing ~/.ssh/authorized_keys of user plom with one that solely -# contains the local ~/.ssh/id_rsa.pub, and also any old -# /etc/ssh/sshd_config. -# -# Dependencies: ssh, scp, sshpass, ~/.ssh/id_rsa.pub, properly -# configured sshd_config file in reach. -set -e - -# Location auf a sshd_config with "PermitRootLogin no" and -# "PasswordAuthentication no". -config_tree_prefix="${HOME}/config/all_new_2018" -linkable_files_dir="${config_tree_prefix}/linkable_etc_files/server" -system_path_sshd_config='/etc/ssh/sshd_config' -local_path_sshd_config="${linkable_files_dir}/${system_path_sshd_config}" - -# Ensure we have a server name as argument. -if [ $# -eq 0 ]; then - echo "Need server as argument." - false -fi -server="$1" - -# Ask for root password only once, sshpass will re-use it then often. -stty -echo -printf "Server root password: " -read PW_ROOT -stty echo -printf "\n" -export SSHPASS="${PW_ROOT}" - -# Create user plom, and his ~/.ssh/authorized_keys based on the local -# ~/.ssh/id_rsa.pub; ensure the result has proper permissions and -# ownerships. Then disable root and pw login by copying over the -# sshd_config and restart ssh daemon. -# -# This could be a line or two shorter by using ssh-copy-id, but that -# would require setting a password for user plom otherwise not needed. -sshpass -e scp ~/.ssh/id_rsa.pub root@"${server}":/tmp/authorized_keys -sshpass -e ssh root@"${server}" \ - 'useradd -m plom && '\ - 'mkdir /home/plom/.ssh && '\ - 'chown plom:plom /home/plom/.ssh && '\ - 'chown plom:plom /tmp/authorized_keys && '\ - 'chmod u=rw,go= /tmp/authorized_keys && '\ - 'mv /tmp/authorized_keys /home/plom/.ssh/' -sshpass -e scp "${local_path_sshd_config}" root@"${server}":"${system_path_sshd_config}" -sshpass -e ssh root@"${server}" 'service ssh restart' diff --git a/all_new_2018/setup_scripts/install_for_target.sh b/all_new_2018/setup_scripts/install_for_target.sh deleted file mode 100755 index 53914d6..0000000 --- a/all_new_2018/setup_scripts/install_for_target.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/sh -# Walks through the package names in the argument-selected files of -# apt-mark/ and ensures the respective packages are installed. -# -# Ignores anything in an apt-mark/ file after the last newline. -set -e - -config_tree_prefix="${HOME}/config/all_new_2018" -aptmark_dir="${config_tree_prefix}/apt-mark" - -for target in "$@"; do - path="${aptmark_dir}/${target}" - cat "${path}" | while read line; do - echo "$line" - if [ ! $(echo "${line}" | cut -c1) = "#" ]; then - apt-get -y install "${line}" - fi - done -done diff --git a/all_new_2018/setup_scripts/letsencrypt.sh b/all_new_2018/setup_scripts/letsencrypt.sh deleted file mode 100755 index 29ed3b6..0000000 --- a/all_new_2018/setup_scripts/letsencrypt.sh +++ /dev/null @@ -1,31 +0,0 @@ -#!/bin/sh -# Certify current server with LetsEncrypt. -# Uses hostname -f for the domain we want to certify. -set -e - -# Ensure we have a mail address as argument. -if [ $# -lt 1 ]; then - echo "Need mail address as argument." - false -fi -mail_address="$1" - -# We need certbot to get LetsEncrypt certificates. -apt install -y certbot - -# If port 80 blocked by iptables, open it. -set +e -iptables -C INPUT -p tcp --dport 80 -j ACCEPT -open_iptables="$?" -set -e -if [ "${open_iptables}" -eq "1" ]; then - iptables -A INPUT -p tcp --dport 80 -j ACCEPT -fi - -# Create new certificate and copy it to /etc/letsencrypt. -certbot certonly --standalone --agree-tos -m "${mail_address}" -d "$(hostname -f)" - -# Remove iptables rule to open port 80 if we added it. -if [ "${open_iptables}" -eq "1" ]; then - iptables -D INPUT -p tcp --dport 80 -j ACCEPT -fi diff --git a/all_new_2018/setup_scripts/letsencrypt_get.sh b/all_new_2018/setup_scripts/letsencrypt_get.sh deleted file mode 100755 index c2b3e9f..0000000 --- a/all_new_2018/setup_scripts/letsencrypt_get.sh +++ /dev/null @@ -1,20 +0,0 @@ -#!/bin/sh -# Copy over LetsEncrypt certificates from another server. -set -e - -# Ensure we have a server name as argument. -if [ $# -lt 1 ]; then - echo "Need server as argument." - false -fi -server="$1" - -# Copy over. -ssh -t plom@${server} 'su -c "cd /etc/ && tar cf letsencrypt.tar letsencrypt && chown plom:plom letsencrypt.tar && mv letsencrypt.tar /home/plom/"' -scp plom@${server}:~/letsencrypt.tar . -apt -y install certbot -rmdir /etc/letsencrypt -mv letsencrypt.tar /etc/ -cd /etc/ -tar xf letsencrypt.tar -rm letsencrypt.tar diff --git a/all_new_2018/setup_scripts/mirror_dir.sh b/all_new_2018/setup_scripts/mirror_dir.sh deleted file mode 100755 index 0fc03aa..0000000 --- a/all_new_2018/setup_scripts/mirror_dir.sh +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/sh -# Mirror directory tree from remote to local server, keeping the path. -set -e - -if [ $# -lt 2 ]; then - echo "Need server and directory as arguments." - false -fi -server=$1 -dir=$2 -path_package=/tmp/delete.tar - -eval `ssh-agent` -ssh-add -cd -ssh plom@"${server}" "cd \"${dir}\" && tar cf ${path_package} ." -scp plom@"${server}":"${path_package}" "${path_package}" -mkdir -p "${dir}" -cd "${dir}" -tar xf "${path_package}" -cd -rm "${path_package}" -ssh plom@"${server}" rm "${path_package}" diff --git a/all_new_2018/setup_scripts/prepare_to_meet_server.sh b/all_new_2018/setup_scripts/prepare_to_meet_server.sh deleted file mode 100755 index 13d05ca..0000000 --- a/all_new_2018/setup_scripts/prepare_to_meet_server.sh +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/sh -# Do some of the steps necessary to SSH (key-based) with another server. -set -e - -target="$1" - -# We need a public key to copy over, so generate it if not found. -if [ ! -f ~/.ssh/id_rsa.pub ]; then - ssh-keygen -fi - -# Add target to ~/.ssh/known_hosts so we don't get -# asked for permission at inopportune moments. -ssh-keyscan -H "$target" >> ~/.ssh/known_hosts - -# Tell user what to do. -echo "APPEND FOLLOWING TO TARGET'S ~/.ssh/authorized_keys:" -cat ~/.ssh/id_rsa.pub diff --git a/all_new_2018/setup_scripts/purge_nonrequireds.sh b/all_new_2018/setup_scripts/purge_nonrequireds.sh deleted file mode 100755 index e444a55..0000000 --- a/all_new_2018/setup_scripts/purge_nonrequireds.sh +++ /dev/null @@ -1,26 +0,0 @@ -#!/bin/sh -# This script removes all Debian packages that are not of Priority -# "required" or not depended on by packages of priority "required" -# or not listed in the argument-selected files of apt-mark/. -set -e - -config_tree_prefix="${HOME}/config/all_new_2018" -aptmark_dir="${config_tree_prefix}/apt-mark" - -dpkg-query -Wf '${Package} ${Priority}\n' | grep ' required' | sed 's/ required//' > /tmp/list_white_unsorted -for target in "$@"; do - path="${aptmark_dir}/${target}" - cat "${path}" | while read line; do - if [ ! $(echo "${line}" | cut -c1) = "#" ]; then - echo "${line}" >> /tmp/list_white_unsorted - fi - done -done -sort /tmp/list_white_unsorted > /tmp/list_white -dpkg-query -Wf '${Package}\n' > /tmp/list_all_packages -sort /tmp/list_all_packages > /tmp/foo -mv /tmp/foo /tmp/list_all_packages -comm -3 /tmp/list_all_packages /tmp/list_white > /tmp/list_black -apt-mark auto `cat /tmp/list_black` -DEBIAN_FRONTEND=noninteractive apt-get -y --purge autoremove -rm /tmp/list_all_packages /tmp/list_white_unsorted /tmp/list_white /tmp/list_black diff --git a/all_new_2018/setup_scripts/set_hostname_and_fqdn.sh b/all_new_2018/setup_scripts/set_hostname_and_fqdn.sh deleted file mode 100755 index 3f95590..0000000 --- a/all_new_2018/setup_scripts/set_hostname_and_fqdn.sh +++ /dev/null @@ -1,45 +0,0 @@ -#!/bin/sh -# Sets hostname and optionally FQDN. -# -# Calls hostname, writes to /etc/hostname and /etc/hosts. For /etc/hosts -# writing follows recommendations from Debian manual at -# <https://www.debian.org/doc/manuals/debian-reference/ch05.en.html> -# (section "The hostname resolution") on how to map hostname and possibly -# FQDN to a permanent IP if present (we assume here any non-private IP -# and non-loopback IP returned by hostname -I to fulfill that criterion -# on our systems) or to 127.0.1.1 if not. On the reasoning for separating -# localhost and hostname mapping to different IPs, see -# <https://unix.stackexchange.com/a/13087>. -set -e - -hostname="$1" -fqdn="$2" -if [ "${hostname}" = "" ]; then - echo "Need hostname as argument." - false -fi -echo "${hostname}" > /etc/hostname -hostname "${hostname}" - -final_ip="127.0.1.1" -for ip in $(hostname -I); do - range_1=$(echo "${ip}" | cut -d "." -f 1) - range_2=$(echo "${ip}" | cut -d "." -f 2) - if [ "${range_1}" -eq 127 ]; then - continue - elif [ "${range_1}" -eq 10 ]; then - continue - elif [ "${range_1}" -eq 172 ]; then - if [ "${range_2}" -ge 16 ] && [ "${range_2}" -le 31 ]; then - continue - fi - elif [ "${range_1}" -eq 192 ]; then - if [ "${range_2}" -eq 168 ]; then - continue - fi - fi - final_ip="${ip}" -done - -echo "127.0.0.1 localhost.localdomain localhost" > /etc/hosts -echo "${final_ip} ${fqdn} ${hostname}" >> /etc/hosts diff --git a/all_new_2018/setup_scripts/setup_mail.sh b/all_new_2018/setup_scripts/setup_mail.sh deleted file mode 100755 index 2080705..0000000 --- a/all_new_2018/setup_scripts/setup_mail.sh +++ /dev/null @@ -1,94 +0,0 @@ -#/bin/sh -set -e - -# Check we have the necessary arguments. -if [ $# -lt 2 ]; then - echo "Give arguments of mail domain and DKIM selector." - echo "Also, if hosting mail for entire domain, give third argument 'domainwide'." - false -fi -mail_domain="$1" -dkim_selector="$2" -domainwide="$3" - -config_tree_prefix="${HOME}/config/all_new_2018" -setup_scripts_dir="${config_tree_prefix}/setup_scripts" -cd "${setup_scripts_dir}" - -# Set up DKIM key. Only keep opendkim-tools on system if pre-installed. -mkdir -p /etc/dkimkeys/ -set +e -dpkg -s opendkim-tools &> /dev/null -preinstalled="$?" -set -e -if [ ! "${preinstalled}" -eq "0" ]; then - apt install -y opendkim-tools -fi -opendkim-genkey -s "${dkim_selector}" -mv "${dkim_selector}.private" /etc/dkimkeys/ -if [ ! "${preinstalled}" -eq "0" ]; then - apt -y --purge autoremove opendkim-tools -fi - -# Link and adapt mail-server-specific /etc/ files. -./hardlink_etc.sh mail -sed -i "s/REPLACE_maildomain_ECALPER/${mail_domain}/g" /etc/mailutils.conf -sed -i "s/REPLACE_Domain_ECALPER/${mail_domain}/g" /etc/opendkim.conf -sed -i "s/REPLACE_Selector_ECALPER/${dkim_selector}/g" /etc/opendkim.conf -sed -i "s/REPLACE_myhostname_ECALPER/$(hostname -f)/g" /etc/postfix/main.cf -if [ "${domainwide}" = "domainwide" ]; then - sed -i 's/REPLACE_mydomain_if_domainwide_ECALPER/$mydomain/g' /etc/postfix/main.cf -else - sed -i 's/REPLACE_mydomain_if_domainwide_ECALPER//g' /etc/postfix/main.cf -fi -# Since we re-set the iptables rules, we need to reload them. -iptables-restore /etc/iptables/rules.v4 - -# Some useful debconf selections. -echo "postfix postfix/main_mailer_type string 'Internet Site'" | debconf-set-selections -echo "ssl_cert = </etc/letsencrypt/live/$(hostname -f)/fullchain.pem" > /etc/dovecot/conf.d/99-ssl-certs.conf -echo "ssl_key = </etc/letsencrypt/live/$(hostname -f)/privkey.pem" >> /etc/dovecot/conf.d/99-ssl-certs.conf - -# The second line should not be necessary due to the first line, but for -# some reason the installation forgets to set up /etc/mailname early -# enough to not (when running newaliases) stumble over its absence. -echo "postfix postfix/mailname string ${mail_domain}" | debconf-set-selections -echo "${mail_domain}" > /etc/mailname - -# Everything should now be ready for installations. Note that we don't -# strictly need dovecot-lmtpd, as postfix will deliver mail to /var/mail/USER -# in any case, to be found by dovecot; we use it as a transport mechanism to -# allow for sophisticated stuff like dovecot-side sieve filtering (installed -# with dovecot-sieve). -apt install -y -o Dpkg::Options::=--force-confold postfix dovecot-imapd dovecot-lmtpd dovecot-sieve opendkim -cp "${config_tree_prefix}/user_files/dovecot.sieve" /home/plom/.dovecot.sieve -chown plom:plom /home/plom/.dovecot.sieve - -# Pingmail setup. -apt install -y mailutils -cp "${config_tree_prefix}/user_files/pingmailrc" /home/plom/.pingmailrc -chown plom:plom /home/plom/.pingmailrc -su plom -c "cd && git clone https://plomlompom.com/repos/clone/pingmail.git" - -# In addition to our postfix server receiving mails, we funnel mails from a -# POP3 account into dovecot via fetchmail. It might make sense to adapt the -# ~/.dovecot.sieve to move mails targeted to the fetched mail account to their -# own mbox. -apt -y install fetchmail -cp "${config_tree_prefix}/user_files/fetchmailrc" /home/plom/.fetchmailrc -chown plom:plom /home/plom/.fetchmailrc -chmod 0700 /home/plom/.fetchmailrc - -# Pingmail and fetchmail have some systemd timers waiting. To let systemd -# know about them, do this. -systemctl daemon-reload - -# Final advice to user. -echo "TODO: Ensure MX entry for your system in your DNS configuration." -echo "TODO: Ensure a proper SPF entry for this system in your DNS configuration; something like 'v=spf1 mx -all' mapped to your host." -echo "TODO: passwd plom for IMAPS login" -echo "TODO: adapt /home/plom/.fetchmailrc and then do: systemctl start fetchmail.timer" -echo "TODO: adapt /home/plom/.dovecot.sieve and /home/plom/.pingmailrc (sieve mail by pingmail target person into mbox defined in .pingmailrc), then run: systemctl start pingmail.timer" -echo "TODO: Add the follow DMARK entry as TXT to your DNS configugration: 'v=DMARC1; p=none; rua=mailto:plom+dmarc@plomlompom.com;' mapped to _dmarc" -echo "TODO: Add the following DKIM entry to your DNS configuration (possibly with slightly changed host entry â if your mail domain includes a subdomain, append that with a dot):" -cat "${dkim_selector}.txt" diff --git a/all_new_2018/setup_scripts/setup_play.sh b/all_new_2018/setup_scripts/setup_play.sh deleted file mode 100755 index f37be49..0000000 --- a/all_new_2018/setup_scripts/setup_play.sh +++ /dev/null @@ -1,36 +0,0 @@ -#!/bin/sh -set -e - -# Ensure we have a GPG target to encrypt to. -if [ $# -lt 1 ]; then - echo "Need public key ID as argument." - false -fi -gpg_key="$1" - -config_tree_prefix="${HOME}/config/all_new_2018" -setup_scripts_dir="${config_tree_prefix}/setup_scripts" -cd "${setup_scripts_dir}" - -# If anything strange happens, let root send mail to us. -./setup_sendonly.sh - -# Apart from weechat, vim and screen will also be useful for everyday activity. -apt -y install weechat screen vim - -# Link and copy over files. -./hardlink_etc.sh play -cp "${config_tree_prefix}/user_files/encrypter.sh" /home/plom/ -chown plom:plom /home/plom/encrypter.sh -cp "${config_tree_prefix}/user_files/weechat-wrapper.sh" /home/plom/ -chown plom:plom /home/plom/weechat-wrapper.sh -cp "${config_tree_prefix}/user_files/weechatrc" /home/plom/.weechatrc -chown plom:plom /home/plom/.weechatrc -apt -y install screen -echo "$gpg_key" > /home/plom/.encrypt_target -chown plom:plom /home/plom/.encrypt_target - -# Start encrypt_chatlogs job. -./add_encryption_key.sh "${gpg_key}" -systemctl daemon-reload -systemctl start encrypt_chatlogs.timer diff --git a/all_new_2018/setup_scripts/setup_plomlombot.sh b/all_new_2018/setup_scripts/setup_plomlombot.sh deleted file mode 100755 index de22ef3..0000000 --- a/all_new_2018/setup_scripts/setup_plomlombot.sh +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/sh -set -e - -# Ensure we have a GPG target to encrypt to. -if [ $# -lt 1 ]; then - echo "Need public key ID as argument." - false -fi -gpg_key="$1" - -config_tree_prefix="${HOME}/config/all_new_2018" -irclogs_dir=/var/www/html/irclogs -irclogs_pw_dir=/var/www/irclogs_pw - -./add_encryption_key.sh "${gpg_key}" -apt -y install screen python3-venv -cp "${config_tree_prefix}"/user_files/plomlombot_daemon.sh /home/plom/ -chown plom:plom /home/plom/plomlombot_daemon.sh -su plom -c "cd && git clone /var/public_repos/plomlombot-irc" -systemctl enable /etc/systemd/system/plomlombot.service -service plomlombot start -mkdir -p "${irclogs_dir}" -chown -R plom:plom "${irclogs_dir}" -mkdir -p "${irclogs_pw_dir}" -chown -R plom:plom "${irclogs_pw_dir}" -echo "Don't forget to add a file ~/.plomlombot with content such as:" -echo "gpg_key ${gpg_key}" -echo "bot: SCREEN_SESSION_NAME BOT_NAME #CHANNEL_NAME IRC_SERVER_NAME LOGS_USER LOGS_PW" -echo "# file should end in newline or non-interpreted line such as this" diff --git a/all_new_2018/setup_scripts/setup_sendonly.sh b/all_new_2018/setup_scripts/setup_sendonly.sh deleted file mode 100755 index e761eeb..0000000 --- a/all_new_2018/setup_scripts/setup_sendonly.sh +++ /dev/null @@ -1,14 +0,0 @@ -#!/bin/sh -# This sets up the minimum of a mail server necessary to send out mails -# to the world. -set -e - -config_tree_prefix="${HOME}/config/all_new_2018" -setup_scripts_dir="${config_tree_prefix}/setup_scripts" -cd "${setup_scripts_dir}" - -./hardlink_etc.sh sendonly -echo "postfix postfix/main_mailer_type string 'Internet Site'" | debconf-set-selections -echo "postfix postfix/mailname string $(hostname -f)" | debconf-set-selections -echo "$(hostname -f)" > /etc/mailname -apt install -y postfix diff --git a/all_new_2018/setup_scripts/setup_server.sh b/all_new_2018/setup_scripts/setup_server.sh deleted file mode 100755 index 172d8d2..0000000 --- a/all_new_2018/setup_scripts/setup_server.sh +++ /dev/null @@ -1,52 +0,0 @@ -#!/bin/sh -# Next setup steps for a server whose login policy has just been set from -# the outside via ./init_user_and_keybased_login.sh. -set -e - -# Provide maximum input for set_hostname_and_fqdn.sh. -if [ "$#" -ne 2 ]; then - echo 'Need exactly two arguments (hostname, FQDN).' - false -fi -hostname="$1" -fqdn="$2" - -config_tree_prefix="${HOME}/config/all_new_2018" -setup_scripts_dir="${config_tree_prefix}/setup_scripts" -cd "${setup_scripts_dir}" - -# Adapt /etc/ to our needs by hardlinking into ./linkable_etc_files. This -# will set basic configurations affecting following steps, such as setup -# of APT and the locale selection, so needs to be right at the beginning. -./hardlink_etc.sh all server - -# Set hostname and FQDN. -./set_hostname_and_fqdn.sh "${hostname}" "${fqdn}" - -# Some debconf selections we don't want to get asked during coming -# install actions. -echo 'iptables-persistent iptables-persistent/autosave_v4 boolean false' | debconf-set-selections -echo 'iptables-persistent iptables-persistent/autosave_v6 boolean false' | debconf-set-selections - -# Ensure package installation state as defined by what packages are -# defined as required by Debian policy and by settings in ./apt-mark/. -apt update -./install_for_target.sh all server -./purge_nonrequireds.sh all server - -# Ensure our desired locale is available. -locale-gen - -# Only upgrade after reducing the system to the desired minimum, so that -# we don't need to get more data than necessary. -apt -y dist-upgrade - -# Set Berlin localtime. -ln -sf /usr/share/zoneinfo/Europe/Berlin /etc/localtime - -# If we have not yet set the shell for user plom, ensure it here. This -# is mostly for convenience. -usermod -s /bin/bash plom - -# We want to be able to use ALL our servers as borg backup destinations. -apt -y install borgbackup diff --git a/all_new_2018/setup_scripts/setup_web.sh b/all_new_2018/setup_scripts/setup_web.sh deleted file mode 100755 index 400aa22..0000000 --- a/all_new_2018/setup_scripts/setup_web.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/sh -# Set up plomlompom.com web server. -set -e - -config_tree_prefix="${HOME}/config/all_new_2018" -setup_scripts_dir="${config_tree_prefix}/setup_scripts" -cd "${setup_scripts_dir}" - -./hardlink_etc.sh web -./setup_sendonly.sh -sed -i "s/REPLACE_fqdn_ECALPER/$(hostname -f)/g" /etc/nginx/nginx.conf -sed -i "s/REPLACE_fqdn_ECALPER/$(hostname -f)/g" /etc/gitweb.conf -cd /var/ -rm -rf www -git clone plom@core.plomlompom.com:repos/website www -apt -y -o Dpkg::Options::=--force-confold install nginx gitweb fcgiwrap -mkdir /var/public_repos -chown plom:plom /var/public_repos -iptables-restore /etc/iptables/rules.v4 diff --git a/all_new_2018/user_files/dovecot.sieve b/all_new_2018/user_files/dovecot.sieve deleted file mode 100644 index 5346309..0000000 --- a/all_new_2018/user_files/dovecot.sieve +++ /dev/null @@ -1,8 +0,0 @@ -require ["fileinto"]; -require ["mailbox"]; -if address :is "from" "foo@bar.com" { - fileinto :create "foo"; -} -if address :is :domain "to" "example.com" { - fileinto :create "example.com"; -} diff --git a/all_new_2018/user_files/encrypter.sh b/all_new_2018/user_files/encrypter.sh deleted file mode 100755 index e2ebd44..0000000 --- a/all_new_2018/user_files/encrypter.sh +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/sh -# Encrypt dated weechatlog files older than one day to GPG target defined in -# ~/.encrypt_target -set -e - -gpg_key=$(cat ~/.encrypt_target) -cd ~/weechatlogs/irc/ -find . -regextype posix-egrep -regex '^.*/.*/.*\.[0-9]{4}-[0-9]{2}-[0-9]{2}\.weechatlog$' -type f -mtime +1 -exec gpg --recipient "${gpg_key}" --trust-model always --encrypt {} \; -exec rm {} \; - diff --git a/all_new_2018/user_files/fetchmailrc b/all_new_2018/user_files/fetchmailrc deleted file mode 100755 index b437563..0000000 --- a/all_new_2018/user_files/fetchmailrc +++ /dev/null @@ -1,2 +0,0 @@ -# remove "keep" if you're sure about your setup; it keeps mails on server from getting deleted -poll mail.example.com protocol pop3 username "foo@example.com" password "PASSWORD" ssl keep diff --git a/all_new_2018/user_files/pingmailrc b/all_new_2018/user_files/pingmailrc deleted file mode 100644 index 46bcbfe..0000000 --- a/all_new_2018/user_files/pingmailrc +++ /dev/null @@ -1,45 +0,0 @@ -# place for test files whose modification times are used to track lifesigns -testdir=$HOME'/.pingmail' - -# modification time is the last time a ping was sent or a lifetime received -ping_touch=$testdir'/ping_touch' - -# modification time is when the count for sending checker a warning mail starts -reminder_touch=$testdir'/reminder_touch' - -# how long to wait for lifesigns before sending a ping; double is time to wait -# for a lifesign before sending a warning message to checker -wait_time=86400 - -# address of the checker, receives warning message after too long wait -checker_address='bar@example.org' - -# address of the checked person, ping is sent here -checked_address='foo@example.org' - -# content of ping message sent to checked person -subj2checked='[pingmail] Ping!' -msg2checked='Hi!\n -\nThis is an automated mail ping from '$checker_address'. -\nRespond to show that you are still alive!' - -# content of warning message sent to checker -id_target='foo' -subj2checker='[pingmail] No recent life signs from '$id_target -reminder_time=`expr $wait_time \* 2` -msg2checker='pingmail reporting in:\n -\nNo life signs from '$id_target' for the last '$reminder_time' seconds. -\nMaybe you should give them a call to check if they are okay.' - -# mail client command reading message body from stdin and subject from parameter -mailclient_s='mail -s' - -# mailbox file to check for most recent life sign -mbox=$HOME'/mail/foo' - -# to recursively search for most recent matches to $matchstring as lifesigns -#maildir=$HOME'/mail' - -# pattern to search $maildir for recursively for lifesigns -#checked_address_escaped=`echo $checked_address | sed 's/\./\\./g'` -#matchstring='^From: .*('$checked_address_escaped'|alternate@example\.org)' diff --git a/all_new_2018/user_files/plomlombot_daemon.sh b/all_new_2018/user_files/plomlombot_daemon.sh deleted file mode 100755 index 5cf1f6a..0000000 --- a/all_new_2018/user_files/plomlombot_daemon.sh +++ /dev/null @@ -1,55 +0,0 @@ -#!/bin/sh -set -e - -# Repeatedly parse config file for GPG key and bot screen configs. -path=~/.plomlombot -db_dir="${HOME}/plomlombot_db" -irclogs_dir=/var/www/html/irclogs -irclogs_pw_dir=/var/www/irclogs_pw -while true; do - if [ -f "${path}" ]; then - cat "${path}" | while read line; do - first_word=$(echo -n "${line}" | cut -d' ' -f1) - - # Read "bot:" line, start bot screen session from it if not yet existing, - # set up irclogs dir if not yet existing. - if [ "${first_word}" = "bot:" ]; then - session_name=$(echo -n "${line}" | cut -d' ' -f2) - bot_name=$(echo -n "${line}" | cut -d' ' -f3) - channel_name=$(echo -n "${line}" | cut -d' ' -f4) - shortened_channel_name="${channel_name}" - first_char=$(echo -n "${channel_name}" | cut -c1) - if [ "${first_char}" = "#" ]; then - shortened_channel_name=$(echo -n "${channel_name}" | cut -c2-) - fi - server_name=$(echo -n "${line}" | cut -d' ' -f5) - login_user=$(echo -n "${line}" | cut -d' ' -f6) - login_pw=$(echo -n "${line}" | cut -d' ' -f7) - set +e - screen -S "${session_name}" -Q select . > /dev/null - start_screen=$? - set -e - if [ "${start_screen}" -eq "1" ]; then - cd ~/plomlombot-irc - LANG="en_US.UTF-8" screen -d -m -S "${session_name}" ./run.sh -r 604800 -n "${bot_name}" -s "${server_name}" "${channel_name}" - fi - md5_server=$(echo -n "${server_name}" | md5sum | cut -d' ' -f1) - md5_channel=$(echo -n "${channel_name}" | md5sum | cut -d' ' -f1) - logs_dir="${db_dir}/${md5_server}/${md5_channel}/logs" - # FIXME: Note the trouble we will have if we have the same channel - # name on different servers ⦠- ln -sfn "${logs_dir}" "${irclogs_dir}/${shortened_channel_name}" - echo "${login_user}":'{PLAIN}'"${login_pw}" > "${irclogs_pw_dir}/${shortened_channel_name}" - - # If "gpg" line, encrypt old raw logs to that GPG key. - elif [ "${first_word}" = "gpg_key" ]; then - key=$(echo -n "${line}" | cut -d' ' -f2) - mkdir -p ~/plomlombot_db - cd ~/plomlombot_db - find . -path '*/*/raw_logs/*.txt' -mtime +1 -type f -exec gpg --recipient "${key}" --trust-model always --encrypt {} \; -exec rm {} \; - fi - - done - sleep 1 - fi -done diff --git a/all_new_2018/user_files/weechat-wrapper.sh b/all_new_2018/user_files/weechat-wrapper.sh deleted file mode 100755 index 4625dd8..0000000 --- a/all_new_2018/user_files/weechat-wrapper.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh - -# Enforce ~/.weechatrc as sole persistent weechat config file. -#~/config/bin/simplemail.sh ~/config/mails/weechat_restart_reminder -rm -rf ~/.weechat/ -WEECHATCONF=`tr '\n' ';' < ~/.weechatrc` -weechat -r "$WEECHATCONF" -rm -rf ~/.weechat/ diff --git a/all_new_2018/user_files/weechatrc b/all_new_2018/user_files/weechatrc deleted file mode 100644 index ab30c17..0000000 --- a/all_new_2018/user_files/weechatrc +++ /dev/null @@ -1,7 +0,0 @@ -/set logger.file.path ~/weechatlogs -/set logger.file.flush_delay 0 -/set logger.mask.irc "irc/$server/$channel.%Y-%m-%d.weechatlog" -/set weechat.bar.status.items "[time],[buffer_last_number],[buffer_plugin],buffer_number+:+buffer_name+(buffer_modes)+{buffer_nicklist_count}+buffer_zoom+buffer_filter,[lag],[hotlist],completion,scroll,[otr]" -/set weechat.color.chat_nick_colors "lightcyan" -/server add freenode irc.freenode.net -nicks=plimlompom,plimlomp0m,pliml0mp0m -realname="foo bar" -autojoin=#plomlompomtest -/connect freenode diff --git a/ansible/config.yml b/ansible/config.yml deleted file mode 100644 index 3386c91..0000000 --- a/ansible/config.yml +++ /dev/null @@ -1,117 +0,0 @@ ---- -- hosts: all - user: root - become: yes - tasks: - - - name: ensure directories for symlinks exist - file: state=directory dest={{item}} - with_lines: cat ~/config/ansible/files/dirs | sed -e 's/ *#.*$//' - - name: symlink system files - file: state=hard force=yes src={{item}} dest={{item|basename|regex_replace('___','/')}} - with_fileglob: ~/config/ansible/files/system/* - - name: set hostname for current session - shell: hostname w530 - - # Init package management. - - name: update package lists - apt: update_cache=yes - - name: APT - dist-upgrade - apt: upgrade=dist - - # Ensure power management. - - name: ensure power management tools are installed - apt: name={{item}} state=present - with_lines: cat ~/config/ansible/files/apt-mark/power_management | sed -e 's/ *#.*$//' - - name: start TLP - shell: tlp start - - # Configure console. - # - # For some reason, some settings are only applied two reboots after this. - - name: symlink console config files - file: state=link force=yes src={{item}} dest={{item|basename|regex_replace('___','/')}} - with_fileglob: ~/config/ansible/files/console/* - - name: ensure locales and console-setup are installed - apt: name={{item}} state=present - with_lines: cat ~/config/ansible/files/apt-mark/console | sed -e 's/ *#.*$//' - - name: generate en_US.UTF-8 locale - locale_gen: name=en_US.UTF-8 state=present - - name: run setupcon to apply console settings from /etc/default/ - command: setupcon - - # Miscellaneous. - - name: Ensure dotfile symlinks - file: state=link force=yes src={{item}} dest=~/.{{item|basename}} - with_fileglob: - - ~/config/dotfiles/minimal/* - - ~/config/dotfiles/root/* - - name: ensure ~/.vimbackups directory - file: state=directory dest=~/.vimbackups - - name: ensure man-db, manpages are installed - apt: name={{item}} state=present - with_lines: cat ~/config/ansible/files/apt-mark/man | sed -e 's/ *#.*$//' - - name: set /etc/localtime - file: state=link force=yes src=/usr/share/zoneinfo/Europe/Berlin dest=/etc/localtime - - name: ensure various useful tools are installed â sudo, git, vim, less, openssh - apt: name={{item}} state=present - with_lines: cat ~/config/ansible/files/apt-mark/various_useful | sed -e 's/ *#.*$//' - - name: ensure boot messages are not cleared on start up - replace: dest=/etc/systemd/system/getty.target.wants/getty@tty1.service regexp='^TTYVTDisallocate=yes.*$' replace='TTYVTDisallocate=no' - - # Config user. - - name: create user plom with sudo privileges and bash shell - user: name=plom groups=sudo shell=/bin/bash - - name: have config repo in user directory - git: repo=https://github.com/plomlompom/config dest=/home/plom/config - become_user: plom - become_method: su - - # Ensure X window environment. - - name: ensure minimal X window environment - apt: name={{item}} state=present - with_lines: cat ~/config/ansible/files/apt-mark/minimal_x | sed -e 's/ *#.*$//' - - name: ensure 3d acceleration and optimus switch - apt: name={{item}} state=present - with_lines: cat ~/config/ansible/files/apt-mark/3d_acceleration | sed -e 's/ *#.*$//' - - name: ensure user plom is in bumblebee group - user: name=plom groups=bumblebee append=yes - - name: ensure basic X tools - apt: name={{item}} state=present - with_lines: cat ~/config/ansible/files/apt-mark/basic_x_tools | sed -e 's/ *#.*$//' - - # Set up pentadactyl. - - name: ensure browser environment - apt: name={{item}} state=present - with_lines: cat ~/config/ansible/files/apt-mark/browser_environment | sed -e 's/ *#.*$//' - - # Ensure wifi. - - name: ensure wifi configuration - apt: name={{item}} state=present - with_lines: cat ~/config/ansible/files/apt-mark/wifi | sed -e 's/ *#.*$//' - - # Ensure audio/video consumption necessities. - - name: ensure multimedia tools - apt: name={{item}} state=present - with_lines: cat ~/config/ansible/files/apt-mark/multimedia | sed -e 's/ *#.*$//' - - # Ensure hotkeys. - # - # For some reason, the brightness hotkeys still won't be available unless acpid is restarted (yes, after reboot). - - name: ensure hotkeys - apt: name={{item}} state=present - with_lines: cat ~/config/ansible/files/apt-mark/hotkeys | sed -e 's/ *#.*$//' - - # Remove undesired packages - - name: collect desired packages - shell: cat files/apt-mark/* | sed -e 's/ *#.*$//' > /tmp/white_list_unsorted && sort /tmp/white_list_unsorted > /tmp/white_list_sorted - - name: collect currently installed packages - shell: dpkg-query -Wf '${Package}\n' > /tmp/all_unsorted && sort /tmp/all_unsorted > /tmp/all_sorted - - name: create black list of packages to mark as automatically installed from the difference between the required packages and the packages currently installed - shell: comm -3 /tmp/all_sorted /tmp/white_list_sorted > /tmp/list_black - - name: mark all packages from black list as automatically installed - shell: apt-mark auto $(cat /tmp/list_black) - - name: mark all packages from white list as manually installed - shell: apt-mark manual $(cat /tmp/white_list_unsorted) - - name: purge all packages automatically installed that are not depended on - shell: DEBIAN_FRONTEND=noninteractive apt-get -y --purge autoremove diff --git a/ansible/config_new.yml b/ansible/config_new.yml deleted file mode 100644 index f3bd3f5..0000000 --- a/ansible/config_new.yml +++ /dev/null @@ -1,147 +0,0 @@ ---- -- hosts: all - user: root - become: yes - tasks: - - - name: ensure directories for symlinks exist - file: state=directory dest={{item}} - with_lines: cat ~/config/ansible/files/dirs_new | sed -e 's/ *#.*$//' - - name: symlink system files - file: state=hard force=yes src={{item}} dest={{item|basename|regex_replace('___','/')}} - with_fileglob: - - ~/config/ansible/files/system_new/minimal/* - - ~/config/ansible/files/system_new/{{ system_name }}/* - - name: set hostname for current session - shell: hostname {{ system_name }} - - # Init package management. - - name: add palemoon repo signing key - apt_key: - url: https://download.opensuse.org/repositories/home:stevenpusser/Debian_9.0/Release.key - state: present - - name: update package lists - apt: update_cache=yes - - name: APT - dist-upgrade - apt: upgrade=dist - - # Ensure packages needed for disk encryption on startup (how does this work?) - - name: ensure power management tools are installed - apt: name={{item}} state=present - with_lines: - - cat ~/config/ansible/files/apt-mark_new/minimal/disk_encryption | sed -e 's/ *#.*$//' - - # Ensure power management. - - name: ensure power management tools are installed - apt: name={{item}} state=present - with_lines: - - cat ~/config/ansible/files/apt-mark_new/minimal/power_management | sed -e 's/ *#.*$//' - - cat ~/config/ansible/files/apt-mark_new/X200s/power_management | sed -e 's/ *#.*$//' - - name: start TLP - shell: tlp start - - # Configure console. - # - # For some reason, some settings are only applied two reboots after this. - - name: symlink console config files - file: state=link force=yes src={{item}} dest={{item|basename|regex_replace('___','/')}} - with_fileglob: ~/config/ansible/files/console/* - - name: ensure locales and console-setup are installed - apt: name={{item}} state=present - with_lines: cat ~/config/ansible/files/apt-mark_new/minimal/console | sed -e 's/ *#.*$//' - - name: generate en_US.UTF-8 locale - locale_gen: name=en_US.UTF-8 state=present - - name: Touch keyboard config file so setupcon does not ignore it. - command: touch /etc/default/keyboard - - name: run setupcon to apply console settings from /etc/default/ - command: setupcon - - # Miscellaneous. - - name: Ensure dotfile symlinks - file: state=link force=yes src={{item}} dest=~/.{{item|basename}} - with_fileglob: - - ~/config/dotfiles/minimal/* - - ~/config/dotfiles/root/* - - name: ensure ~/.vimbackups directory - file: state=directory dest=~/.vimbackups - - name: ensure man-db, manpages are installed - apt: name={{item}} state=present - with_lines: cat ~/config/ansible/files/apt-mark_new/minimal/man | sed -e 's/ *#.*$//' - - name: set /etc/localtime - file: state=link force=yes src=/usr/share/zoneinfo/Europe/Berlin dest=/etc/localtime - - name: ensure various useful tools are installed â sudo, git, vim, less, openssh - apt: name={{item}} state=present - with_lines: cat ~/config/ansible/files/apt-mark_new/minimal/various_useful | sed -e 's/ *#.*$//' - - name: ensure boot messages are not cleared on start up - replace: dest=/etc/systemd/system/getty.target.wants/getty@tty1.service regexp='^TTYVTDisallocate=yes.*$' replace='TTYVTDisallocate=no' - - # Config user. - - name: create user plom with sudo privileges and bash shell - user: name=plom groups=sudo shell=/bin/bash - #- name: have config repo in user directory - # git: repo=https://github.com/plomlompom/config dest=/home/plom/config - # become_user: plom - # become_method: su - - # Ensure X window environment. - - name: ensure minimal X window environment - apt: name={{item}} state=present - with_lines: cat ~/config/ansible/files/apt-mark_new/minimal/minimal_x | sed -e 's/ *#.*$//' - - name: ensure 3d acceleration - apt: name={{item}} state=present - with_lines: cat ~/config/ansible/files/apt-mark_new/minimal/3d_acceleration | sed -e 's/ *#.*$//' - #- name: ensure optimus switch - # apt: name={{item}} state=present - # with_lines: cat ~/config/ansible/files/apt-mark_new/W530/3d_acceleration | sed -e 's/ *#.*$//' - #- name: ensure user plom is in bumblebee group - # user: name=plom groups=bumblebee append=yes - - name: ensure basic X tools - apt: name={{item}} state=present - with_lines: cat ~/config/ansible/files/apt-mark_new/minimal/basic_x_tools | sed -e 's/ *#.*$//' - - ## Set up browser environment. - #- name: ensure qutebrowser - # include: tasks/qutebrowser.yml - - name: ensure browser environment - apt: name={{item}} state=present - with_lines: cat ~/config/ansible/files/apt-mark_new/minimal/browser_environment | sed -e 's/ *#.*$//' - - # Ensure wifi. - - name: ensure wifi configuration - apt: name={{item}} state=present - with_lines: - - cat ~/config/ansible/files/apt-mark_new/minimal/wifi | sed -e 's/ *#.*$//' - - cat ~/config/ansible/files/apt-mark_new/X200s/wifi | sed -e 's/ *#.*$//' - #- name: ensure wicd - # apt: name={{item}} state=present - # with_lines: cat ~/config/ansible/files/apt-mark_new/W530/wicd | sed -e 's/ *#.*$//' - - # Ensure audio/video consumption necessities. - - name: ensure multimedia tools - apt: name={{item}} state=present - with_lines: cat ~/config/ansible/files/apt-mark_new/minimal/multimedia | sed -e 's/ *#.*$//' - #- name: ensure multimedia tools - # apt: name={{item}} state=present - # with_lines: cat ~/config/ansible/files/apt-mark_new/W530/multimedia | sed -e 's/ *#.*$//' - - # Ensure hotkeys. - # - # For some reason, the brightness hotkeys still won't be available unless acpid is restarted (yes, after reboot). - #- name: ensure hotkeys - # apt: name={{item}} state=present - # with_lines: cat ~/config/ansible/files/apt-mark/hotkeys | sed -e 's/ *#.*$//' - - # Remove undesired packages - - name: collect desired packages - shell: cat files/apt-mark_new/minimal/* files/apt-mark_new/{{ system_name }}/* | sed -e 's/ *#.*$//' > /tmp/white_list_unsorted && sort /tmp/white_list_unsorted > /tmp/white_list_sorted - - name: collect currently installed packages - shell: dpkg-query -Wf '${Package}\n' > /tmp/all_unsorted && sort /tmp/all_unsorted > /tmp/all_sorted - - name: create black list of packages to mark as automatically installed from the difference between the required packages and the packages currently installed - shell: comm -3 /tmp/all_sorted /tmp/white_list_sorted > /tmp/list_black - - name: mark all packages from black list as automatically installed - shell: apt-mark auto $(cat /tmp/list_black) - - name: mark all packages from white list as manually installed - shell: apt-mark manual $(cat /tmp/white_list_unsorted) - - name: purge all packages automatically installed that are not depended on - shell: DEBIAN_FRONTEND=noninteractive apt-get -y --purge autoremove - diff --git a/ansible/files/apt-mark/3d_acceleration b/ansible/files/apt-mark/3d_acceleration deleted file mode 100644 index 7d0ba5b..0000000 --- a/ansible/files/apt-mark/3d_acceleration +++ /dev/null @@ -1,5 +0,0 @@ -bumblebee-nvidia -libgl1-mesa-dri # tested as necessary for OpenGL 3D acceleration to work -libglu1-mesa # tested as necessary for OpenGL 3D acceleration to work -linux-headers-amd64 # tested as necessary to build proper nvidia-driver module -primus # bridge by which bumblebee will deliver Nvidia-renderend content to Intel card diff --git a/ansible/files/apt-mark/basic_x_tools b/ansible/files/apt-mark/basic_x_tools deleted file mode 100644 index 9c68622..0000000 --- a/ansible/files/apt-mark/basic_x_tools +++ /dev/null @@ -1,7 +0,0 @@ -i3 -i3status -python3 # this is what the i3status wrapper is written in -redshift -suckless-tools # contains dmenu; not using virtual packages as that won't be marked manually installed -xterm -x11-xserver-utils # includes xrdb which applies .Xresources files diff --git a/ansible/files/apt-mark/browser_environment b/ansible/files/apt-mark/browser_environment deleted file mode 100644 index cc9575c..0000000 --- a/ansible/files/apt-mark/browser_environment +++ /dev/null @@ -1,4 +0,0 @@ -iceweasel -vim-gtk # used by pentadactyl for text editing -xul-ext-noscript -xul-ext-pentadactyl diff --git a/ansible/files/apt-mark/console b/ansible/files/apt-mark/console deleted file mode 100644 index 01bcbf8..0000000 --- a/ansible/files/apt-mark/console +++ /dev/null @@ -1,2 +0,0 @@ -console-setup -locales diff --git a/ansible/files/apt-mark/core b/ansible/files/apt-mark/core deleted file mode 100644 index 43afba8..0000000 --- a/ansible/files/apt-mark/core +++ /dev/null @@ -1,55 +0,0 @@ -base-files -base-passwd -bash -bsdutils -coreutils -dash -debconf -debianutils -diffutils -dpkg -e2fslibs -e2fsprogs -findutils -gcc-6-base -grep -gzip -hostname -init-system-helpers -libacl1 -libattr1 -libblkid1 -libc6 -libc-bin -libcomerr2 -libfdisk1 -libgcc1 -liblzma5 -libmount1 -libpam0g -libpam-modules -libpam-modules-bin -libpam-runtime -libpcre3 -libselinux1 -libsepol1 -libsmartcols1 -libss2 -libtinfo5 -libuuid1 -login -lsb-base -mawk -mount -multiarch-support -ncurses-base -ncurses-bin -passwd -perl-base -sed -sensible-utils -sysvinit-utils -tar -tzdata -util-linux -zlib1g diff --git a/ansible/files/apt-mark/hotkeys b/ansible/files/apt-mark/hotkeys deleted file mode 100644 index f11bdfa..0000000 --- a/ansible/files/apt-mark/hotkeys +++ /dev/null @@ -1 +0,0 @@ -acpid # captures hotkey presses and triggers respective /etc/acpi/events/* diff --git a/ansible/files/apt-mark/man b/ansible/files/apt-mark/man deleted file mode 100644 index f688e67..0000000 --- a/ansible/files/apt-mark/man +++ /dev/null @@ -1,2 +0,0 @@ -man-db -manpages diff --git a/ansible/files/apt-mark/minimal_ansible_environment b/ansible/files/apt-mark/minimal_ansible_environment deleted file mode 100644 index f9f4097..0000000 --- a/ansible/files/apt-mark/minimal_ansible_environment +++ /dev/null @@ -1,3 +0,0 @@ -ansible -ifupdown # needed for internet connectivity -isc-dhcp-client # needed for internet connectivity diff --git a/ansible/files/apt-mark/minimal_x b/ansible/files/apt-mark/minimal_x deleted file mode 100644 index f785794..0000000 --- a/ansible/files/apt-mark/minimal_x +++ /dev/null @@ -1,4 +0,0 @@ -libpam-systemd # needed to start X as non-root -xinit # contains startx -xserver-xorg-core -xserver-xorg-input-evdev # supports all input devices the kernel knows about diff --git a/ansible/files/apt-mark/multimedia b/ansible/files/apt-mark/multimedia deleted file mode 100644 index 0b6d9ef..0000000 --- a/ansible/files/apt-mark/multimedia +++ /dev/null @@ -1,6 +0,0 @@ -alsa-utils -eject -ffmpeg # somehow this is needed to make youtube-dl grab 1080p versions of videos -libdvd-pkg # decss stuff -mpv -youtube-dl # needed by mpv to directly work YouTube URLs diff --git a/ansible/files/apt-mark/power_management b/ansible/files/apt-mark/power_management deleted file mode 100644 index 3dba602..0000000 --- a/ansible/files/apt-mark/power_management +++ /dev/null @@ -1,2 +0,0 @@ -acpi-call-dkms # needed for tlp to access Thinkpad-specific features -tlp diff --git a/ansible/files/apt-mark/various_useful b/ansible/files/apt-mark/various_useful deleted file mode 100644 index e37a898..0000000 --- a/ansible/files/apt-mark/various_useful +++ /dev/null @@ -1,5 +0,0 @@ -git -less -openssh-client -sudo -vim diff --git a/ansible/files/apt-mark/wifi b/ansible/files/apt-mark/wifi deleted file mode 100644 index 0d9d93c..0000000 --- a/ansible/files/apt-mark/wifi +++ /dev/null @@ -1,4 +0,0 @@ -firmware-iwlwifi # wifi driver -wicd-cli # thanks to my own wicd_wrapper.sh should be enough for most stuff -wicd-curses # although this currently is very buggy -wicd-gtk # workaround for when wicd-curses fails diff --git a/ansible/files/apt-mark_new/W530/3d_acceleration b/ansible/files/apt-mark_new/W530/3d_acceleration deleted file mode 100644 index 1b7e696..0000000 --- a/ansible/files/apt-mark_new/W530/3d_acceleration +++ /dev/null @@ -1,3 +0,0 @@ -bumblebee-nvidia -linux-headers-amd64 # tested as necessary to build proper nvidia-driver module -primus # bridge by which bumblebee will deliver Nvidia-renderend content to Intel card diff --git a/ansible/files/apt-mark_new/W530/browser_environment b/ansible/files/apt-mark_new/W530/browser_environment deleted file mode 100644 index cc9575c..0000000 --- a/ansible/files/apt-mark_new/W530/browser_environment +++ /dev/null @@ -1,4 +0,0 @@ -iceweasel -vim-gtk # used by pentadactyl for text editing -xul-ext-noscript -xul-ext-pentadactyl diff --git a/ansible/files/apt-mark_new/W530/hotkeys b/ansible/files/apt-mark_new/W530/hotkeys deleted file mode 100644 index f11bdfa..0000000 --- a/ansible/files/apt-mark_new/W530/hotkeys +++ /dev/null @@ -1 +0,0 @@ -acpid # captures hotkey presses and triggers respective /etc/acpi/events/* diff --git a/ansible/files/apt-mark_new/W530/multimedia b/ansible/files/apt-mark_new/W530/multimedia deleted file mode 100644 index 219097d..0000000 --- a/ansible/files/apt-mark_new/W530/multimedia +++ /dev/null @@ -1,3 +0,0 @@ -eject -ffmpeg # somehow this is needed to make youtube-dl grab 1080p versions of videos -libdvd-pkg # decss stuff diff --git a/ansible/files/apt-mark_new/W530/wicd b/ansible/files/apt-mark_new/W530/wicd deleted file mode 100644 index 55d86fe..0000000 --- a/ansible/files/apt-mark_new/W530/wicd +++ /dev/null @@ -1,3 +0,0 @@ -wicd-cli # thanks to my own wicd_wrapper.sh should be enough for most stuff -wicd-curses # although this currently is very buggy -wicd-gtk # workaround for when wicd-curses fails diff --git a/ansible/files/apt-mark_new/X200s/multimedia b/ansible/files/apt-mark_new/X200s/multimedia deleted file mode 100644 index dbcf4ee..0000000 --- a/ansible/files/apt-mark_new/X200s/multimedia +++ /dev/null @@ -1,4 +0,0 @@ -alsa-utils -ffmpeg # somehow this is needed to make youtube-dl grab 1080p versions of videos -mpv -youtube-dl # needed by mpv to directly work YouTube URLs diff --git a/ansible/files/apt-mark_new/X200s/power_management b/ansible/files/apt-mark_new/X200s/power_management deleted file mode 100644 index f6954bf..0000000 --- a/ansible/files/apt-mark_new/X200s/power_management +++ /dev/null @@ -1,2 +0,0 @@ -tp-smapi-dkms -linux-headers-amd64 diff --git a/ansible/files/apt-mark_new/X200s/wifi b/ansible/files/apt-mark_new/X200s/wifi deleted file mode 100644 index a0e499d..0000000 --- a/ansible/files/apt-mark_new/X200s/wifi +++ /dev/null @@ -1 +0,0 @@ -wpasupplicant diff --git a/ansible/files/apt-mark_new/minimal/3d_acceleration b/ansible/files/apt-mark_new/minimal/3d_acceleration deleted file mode 100644 index aa318bd..0000000 --- a/ansible/files/apt-mark_new/minimal/3d_acceleration +++ /dev/null @@ -1,2 +0,0 @@ -libglu1-mesa # tested as necessary for OpenGL 3D acceleration to work -libgl1-mesa-dri # tested as necessary for OpenGL 3D acceleration to work diff --git a/ansible/files/apt-mark_new/minimal/basic_x_tools b/ansible/files/apt-mark_new/minimal/basic_x_tools deleted file mode 100644 index 9c68622..0000000 --- a/ansible/files/apt-mark_new/minimal/basic_x_tools +++ /dev/null @@ -1,7 +0,0 @@ -i3 -i3status -python3 # this is what the i3status wrapper is written in -redshift -suckless-tools # contains dmenu; not using virtual packages as that won't be marked manually installed -xterm -x11-xserver-utils # includes xrdb which applies .Xresources files diff --git a/ansible/files/apt-mark_new/minimal/browser_environment b/ansible/files/apt-mark_new/minimal/browser_environment deleted file mode 100644 index 536ea49..0000000 --- a/ansible/files/apt-mark_new/minimal/browser_environment +++ /dev/null @@ -1 +0,0 @@ -palemoon diff --git a/ansible/files/apt-mark_new/minimal/console b/ansible/files/apt-mark_new/minimal/console deleted file mode 100644 index 01bcbf8..0000000 --- a/ansible/files/apt-mark_new/minimal/console +++ /dev/null @@ -1,2 +0,0 @@ -console-setup -locales diff --git a/ansible/files/apt-mark_new/minimal/core b/ansible/files/apt-mark_new/minimal/core deleted file mode 100644 index 43afba8..0000000 --- a/ansible/files/apt-mark_new/minimal/core +++ /dev/null @@ -1,55 +0,0 @@ -base-files -base-passwd -bash -bsdutils -coreutils -dash -debconf -debianutils -diffutils -dpkg -e2fslibs -e2fsprogs -findutils -gcc-6-base -grep -gzip -hostname -init-system-helpers -libacl1 -libattr1 -libblkid1 -libc6 -libc-bin -libcomerr2 -libfdisk1 -libgcc1 -liblzma5 -libmount1 -libpam0g -libpam-modules -libpam-modules-bin -libpam-runtime -libpcre3 -libselinux1 -libsepol1 -libsmartcols1 -libss2 -libtinfo5 -libuuid1 -login -lsb-base -mawk -mount -multiarch-support -ncurses-base -ncurses-bin -passwd -perl-base -sed -sensible-utils -sysvinit-utils -tar -tzdata -util-linux -zlib1g diff --git a/ansible/files/apt-mark_new/minimal/disk_encryption b/ansible/files/apt-mark_new/minimal/disk_encryption deleted file mode 100644 index 67ecd10..0000000 --- a/ansible/files/apt-mark_new/minimal/disk_encryption +++ /dev/null @@ -1,2 +0,0 @@ -cryptsetup -udev diff --git a/ansible/files/apt-mark_new/minimal/man b/ansible/files/apt-mark_new/minimal/man deleted file mode 100644 index f688e67..0000000 --- a/ansible/files/apt-mark_new/minimal/man +++ /dev/null @@ -1,2 +0,0 @@ -man-db -manpages diff --git a/ansible/files/apt-mark_new/minimal/minimal_ansible_environment b/ansible/files/apt-mark_new/minimal/minimal_ansible_environment deleted file mode 100644 index f9f4097..0000000 --- a/ansible/files/apt-mark_new/minimal/minimal_ansible_environment +++ /dev/null @@ -1,3 +0,0 @@ -ansible -ifupdown # needed for internet connectivity -isc-dhcp-client # needed for internet connectivity diff --git a/ansible/files/apt-mark_new/minimal/minimal_x b/ansible/files/apt-mark_new/minimal/minimal_x deleted file mode 100644 index f785794..0000000 --- a/ansible/files/apt-mark_new/minimal/minimal_x +++ /dev/null @@ -1,4 +0,0 @@ -libpam-systemd # needed to start X as non-root -xinit # contains startx -xserver-xorg-core -xserver-xorg-input-evdev # supports all input devices the kernel knows about diff --git a/ansible/files/apt-mark_new/minimal/multimedia b/ansible/files/apt-mark_new/minimal/multimedia deleted file mode 100644 index 0bcc060..0000000 --- a/ansible/files/apt-mark_new/minimal/multimedia +++ /dev/null @@ -1,3 +0,0 @@ -alsa-utils -mpv -youtube-dl # needed by mpv to directly work YouTube URLs diff --git a/ansible/files/apt-mark_new/minimal/power_management b/ansible/files/apt-mark_new/minimal/power_management deleted file mode 100644 index 3dba602..0000000 --- a/ansible/files/apt-mark_new/minimal/power_management +++ /dev/null @@ -1,2 +0,0 @@ -acpi-call-dkms # needed for tlp to access Thinkpad-specific features -tlp diff --git a/ansible/files/apt-mark_new/minimal/various_useful b/ansible/files/apt-mark_new/minimal/various_useful deleted file mode 100644 index e37a898..0000000 --- a/ansible/files/apt-mark_new/minimal/various_useful +++ /dev/null @@ -1,5 +0,0 @@ -git -less -openssh-client -sudo -vim diff --git a/ansible/files/apt-mark_new/minimal/wifi b/ansible/files/apt-mark_new/minimal/wifi deleted file mode 100644 index 4b8432d..0000000 --- a/ansible/files/apt-mark_new/minimal/wifi +++ /dev/null @@ -1 +0,0 @@ -firmware-iwlwifi # wifi driver diff --git a/ansible/files/console/___etc___default___console-setup b/ansible/files/console/___etc___default___console-setup deleted file mode 100644 index 090d241..0000000 --- a/ansible/files/console/___etc___default___console-setup +++ /dev/null @@ -1,4 +0,0 @@ -CHARMAP="UTF-8" -CODESET="Lat15" -FONTFACE="Terminus" -FONTSIZE="6x12" diff --git a/ansible/files/console/___etc___default___keyboard b/ansible/files/console/___etc___default___keyboard deleted file mode 100644 index 7f08e30..0000000 --- a/ansible/files/console/___etc___default___keyboard +++ /dev/null @@ -1,4 +0,0 @@ -# setting XKBMODEL to the questionable default seems to be necessary and works nicely -# curiously, putting a comment on the same line as a variable setting seems to break things -XKBMODEL="pc105" -XKBLAYOUT="de" diff --git a/ansible/files/dirs b/ansible/files/dirs deleted file mode 100644 index 269b746..0000000 --- a/ansible/files/dirs +++ /dev/null @@ -1,2 +0,0 @@ -/etc/wicd -/etc/acpi/events diff --git a/ansible/files/dirs_new b/ansible/files/dirs_new deleted file mode 100644 index 0739bb8..0000000 --- a/ansible/files/dirs_new +++ /dev/null @@ -1 +0,0 @@ -/etc/wicd diff --git a/ansible/files/system/___etc___X11___xorg.conf.forced_nvidia b/ansible/files/system/___etc___X11___xorg.conf.forced_nvidia deleted file mode 100644 index 605a10d..0000000 --- a/ansible/files/system/___etc___X11___xorg.conf.forced_nvidia +++ /dev/null @@ -1,34 +0,0 @@ -# This is the Optimus-specific configuration recommended by the "NVIDIA -# Accelerated Linux Graphics Drivre README and Installation Guide", Chapter 32 -# "Offloading Graphics Display with RandR 1.4" -# (<http://us.download.nvidia.com/XFree86/Linux-x86/346.35/README/randr14.html>) -# with the "AllowEmptyInitialConfigratuion" added as described by -# <http://us.download.nvidia.com/XFree86/Linux-x86/346.35/README/randr14.html>. - -Section "ServerLayout" - Identifier "layout" - Screen 0 "nvidia" - Inactive "intel" -EndSection - -Section "Device" - Identifier "nvidia" - Driver "nvidia" - BusID "PCI:01:00:0" - Option "AllowEmptyInitialConfiguration" -EndSection - -Section "Screen" - Identifier "nvidia" - Device "nvidia" -EndSection - -Section "Device" - Identifier "intel" - Driver "modesetting" -EndSection - -Section "Screen" - Identifier "intel" - Device "intel" -EndSection diff --git a/ansible/files/system/___etc___acpi___events___plom-brightness-down b/ansible/files/system/___etc___acpi___events___plom-brightness-down deleted file mode 100644 index 8d718d2..0000000 --- a/ansible/files/system/___etc___acpi___events___plom-brightness-down +++ /dev/null @@ -1,2 +0,0 @@ -event=video/brightnessdown -action=/root/config/bin/w530_backlight.sh - diff --git a/ansible/files/system/___etc___acpi___events___plom-brightness-up b/ansible/files/system/___etc___acpi___events___plom-brightness-up deleted file mode 100644 index 864ce5f..0000000 --- a/ansible/files/system/___etc___acpi___events___plom-brightness-up +++ /dev/null @@ -1,2 +0,0 @@ -event=video/brightnessup -action=/root/config/bin/w530_backlight.sh + diff --git a/ansible/files/system/___etc___acpi___events___plom-micmute b/ansible/files/system/___etc___acpi___events___plom-micmute deleted file mode 100644 index 2aab48e..0000000 --- a/ansible/files/system/___etc___acpi___events___plom-micmute +++ /dev/null @@ -1,2 +0,0 @@ -event=button/f20 -action=amixer set Mic toggle diff --git a/ansible/files/system/___etc___acpi___events___plom-mute b/ansible/files/system/___etc___acpi___events___plom-mute deleted file mode 100644 index 3c40988..0000000 --- a/ansible/files/system/___etc___acpi___events___plom-mute +++ /dev/null @@ -1,2 +0,0 @@ -event=button/mute -action=amixer set Master toggle diff --git a/ansible/files/system/___etc___acpi___events___plom-volume-down b/ansible/files/system/___etc___acpi___events___plom-volume-down deleted file mode 100644 index 7658b1c..0000000 --- a/ansible/files/system/___etc___acpi___events___plom-volume-down +++ /dev/null @@ -1,2 +0,0 @@ -event=button/volumedown -action=amixer set Master 10- diff --git a/ansible/files/system/___etc___acpi___events___plom-volume-up b/ansible/files/system/___etc___acpi___events___plom-volume-up deleted file mode 100644 index 9ba779f..0000000 --- a/ansible/files/system/___etc___acpi___events___plom-volume-up +++ /dev/null @@ -1,2 +0,0 @@ -event=button/volumeup -action=amixer set Master 10+ diff --git a/ansible/files/system/___etc___apt___apt.conf.d___99mindeps b/ansible/files/system/___etc___apt___apt.conf.d___99mindeps deleted file mode 100644 index 4aaef79..0000000 --- a/ansible/files/system/___etc___apt___apt.conf.d___99mindeps +++ /dev/null @@ -1,4 +0,0 @@ -APT::AutoRemove::RecommendsImportant "false"; -APT::AutoRemove::SuggestsImportant "false"; -APT::Install-Recommends "false"; -APT::Install-Suggests "false"; diff --git a/ansible/files/system/___etc___apt___sources.list b/ansible/files/system/___etc___apt___sources.list deleted file mode 100644 index e64d6ee..0000000 --- a/ansible/files/system/___etc___apt___sources.list +++ /dev/null @@ -1,4 +0,0 @@ -deb http://ftp.debian.org/debian/ stretch main contrib non-free -deb http://ftp.debian.org/debian/ stretch-updates main contrib non-free -deb http://ftp.debian.org/debian stretch-backports main contrib non-free -deb http://security.debian.org/ stretch/updates main contrib non-free diff --git a/ansible/files/system/___etc___default___tlp b/ansible/files/system/___etc___default___tlp deleted file mode 100644 index 6db0f60..0000000 --- a/ansible/files/system/___etc___default___tlp +++ /dev/null @@ -1,278 +0,0 @@ -# ------------------------------------------------------------------------------ -# tlp - Parameters for power save -# See full explanation: http://linrunner.de/en/tlp/docs/tlp-configuration.html - -# Hint: some features are disabled by default, remove the leading # to enable -# them. - -# Set to 0 to disable, 1 to enable TLP. -TLP_ENABLE=1 - -# Operation mode when no power supply can be detected: AC, BAT -# Concerns some desktop and embedded hardware only. -TLP_DEFAULT_MODE=AC - -# Seconds laptop mode has to wait after the disk goes idle before doing a sync. -# Non-zero value enables, zero disables laptop mode. -DISK_IDLE_SECS_ON_AC=0 -DISK_IDLE_SECS_ON_BAT=2 - -# Dirty page values (timeouts in secs). -MAX_LOST_WORK_SECS_ON_AC=15 -MAX_LOST_WORK_SECS_ON_BAT=60 - -# Hint: CPU parameters below are disabled by default, remove the leading # -# to enable them, otherwise kernel default values are used. - -# Select a CPU frequency scaling governor. -# Intel Core i processor with intel_pstate driver: -# powersave(*), performance -# Older hardware with acpi-cpufreq driver: -# ondemand(*), powersave, performance, conservative -# (*) is recommended. -# Hint: use tlp-stat -p to show the active driver and available governors. -# Important: -# You *must* disable your distribution's governor settings or conflicts will -# occur. ondemand is sufficient for *almost all* workloads, you should know -# what you're doing! -#CPU_SCALING_GOVERNOR_ON_AC=powersave -#CPU_SCALING_GOVERNOR_ON_BAT=powersave - -# Set the min/max frequency available for the scaling governor. -# Possible values strongly depend on your CPU. For available frequencies see -# the output of tlp-stat -p. -#CPU_SCALING_MIN_FREQ_ON_AC=0 -#CPU_SCALING_MAX_FREQ_ON_AC=0 -#CPU_SCALING_MIN_FREQ_ON_BAT=0 -#CPU_SCALING_MAX_FREQ_ON_BAT=0 - -# Set Intel P-state performance: 0..100 (%) -# Limit the max/min P-state to control the power dissipation of the CPU. -# Values are stated as a percentage of the available performance. -# Requires an Intel Core i processor with intel_pstate driver. -#CPU_MIN_PERF_ON_AC=0 -#CPU_MAX_PERF_ON_AC=100 -#CPU_MIN_PERF_ON_BAT=0 -#CPU_MAX_PERF_ON_BAT=30 - -# Set the CPU "turbo boost" feature: 0=disable, 1=allow -# Requires an Intel Core i processor. -# Important: -# - This may conflict with your distribution's governor settings -# - A value of 1 does *not* activate boosting, it just allows it -#CPU_BOOST_ON_AC=1 -#CPU_BOOST_ON_BAT=0 - -# Minimize number of used CPU cores/hyper-threads under light load conditions -SCHED_POWERSAVE_ON_AC=0 -SCHED_POWERSAVE_ON_BAT=1 - -# Kernel NMI Watchdog: -# 0=disable (default, saves power), 1=enable (for kernel debugging only) -NMI_WATCHDOG=0 - -# Change CPU voltages aka "undervolting" - Kernel with PHC patch required -# Frequency voltage pairs are written to: -# /sys/devices/system/cpu/cpu0/cpufreq/phc_controls -# CAUTION: only use this, if you thoroughly understand what you are doing! -#PHC_CONTROLS="F:V F:V F:V F:V" - -# Set CPU performance versus energy savings policy: -# performance, normal, powersave -# Requires kernel module msr and x86_energy_perf_policy from linux-tools -ENERGY_PERF_POLICY_ON_AC=performance -ENERGY_PERF_POLICY_ON_BAT=powersave - -# Hard disk devices; separate multiple devices with spaces (default: sda). -# Devices can be specified by disk ID also (lookup with: tlp diskid). -DISK_DEVICES="sda sdb" - -# Hard disk advanced power management level: 1..254, 255 (max saving, min, off) -# Levels 1..127 may spin down the disk; 255 allowable on most drives. -# Separate values for multiple disks with spaces. Use the special value 'keep' -# to keep the hardware default for the particular disk. -DISK_APM_LEVEL_ON_AC="254 254" -DISK_APM_LEVEL_ON_BAT="128 128" - -# Hard disk spin down timeout: -# 0: spin down disabled -# 1..240: timeouts from 5s to 20min (in units of 5s) -# 241..251: timeouts from 30min to 5.5 hours (in units of 30min) -# See 'man hdparm' for details. -# Separate values for multiple disks with spaces. Use the special value 'keep' -# to keep the hardware default for the particular disk. -#DISK_SPINDOWN_TIMEOUT_ON_AC="0 0" -#DISK_SPINDOWN_TIMEOUT_ON_BAT="0 0" - -# Select IO scheduler for the disk devices: cfq, deadline, noop (Default: cfq); -# Separate values for multiple disks with spaces. Use the special value 'keep' -# to keep the kernel default scheduler for the particular disk. -#DISK_IOSCHED="cfq cfq" - -# SATA aggressive link power management (ALPM): -# min_power, medium_power, max_performance -SATA_LINKPWR_ON_AC=max_performance -SATA_LINKPWR_ON_BAT=min_power - -# Exclude SATA host devices from link power management. -# Separate multiple hosts with spaces. -#SATA_LINKPWR_BLACKLIST="host1" - -# Runtime Power Management for AHCI controllers and disks: -# on=disable, auto=enable -# EXPERIMENTAL ** WARNING: auto will most likely cause system lockups/data loss -#AHCI_RUNTIME_PM_ON_AC=on -#AHCI_RUNTIME_PM_ON_BAT=on - -# Seconds of inactivity before disk is suspended -AHCI_RUNTIME_PM_TIMEOUT=15 - -# PCI Express Active State Power Management (PCIe ASPM): -# default, performance, powersave -PCIE_ASPM_ON_AC=performance -PCIE_ASPM_ON_BAT=powersave - -# Radeon graphics clock speed (profile method): low, mid, high, auto, default; -# auto = mid on BAT, high on AC; default = use hardware defaults. -# (Kernel >= 2.6.35 only, open-source radeon driver explicitly) -RADEON_POWER_PROFILE_ON_AC=high -RADEON_POWER_PROFILE_ON_BAT=low - -# Radeon dynamic power management method (DPM): battery, performance -# (Kernel >= 3.11 only, requires boot option radeon.dpm=1) -RADEON_DPM_STATE_ON_AC=performance -RADEON_DPM_STATE_ON_BAT=battery - -# Radeon DPM performance level: auto, low, high; auto is recommended. -RADEON_DPM_PERF_LEVEL_ON_AC=auto -RADEON_DPM_PERF_LEVEL_ON_BAT=auto - -# WiFi power saving mode: on=enable, off=disable; not supported by all adapters. -WIFI_PWR_ON_AC=off -WIFI_PWR_ON_BAT=on - -# Disable wake on LAN: Y/N -WOL_DISABLE=Y - -# Enable audio power saving for Intel HDA, AC97 devices (timeout in secs). -# A value of 0 disables, >=1 enables power save. -SOUND_POWER_SAVE_ON_AC=0 -SOUND_POWER_SAVE_ON_BAT=1 - -# Disable controller too (HDA only): Y/N -SOUND_POWER_SAVE_CONTROLLER=Y - -# Set to 1 to power off optical drive in UltraBay/MediaBay when running on -# battery. A value of 0 disables this feature (Default). -# Drive can be powered on again by releasing (and reinserting) the eject lever -# or by pressing the disc eject button on newer models. -# Note: an UltraBay/MediaBay hard disk is never powered off. -BAY_POWEROFF_ON_BAT=0 -# Optical drive device to power off (default sr0). -BAY_DEVICE="sr0" - -# Runtime Power Management for PCI(e) bus devices: on=disable, auto=enable -RUNTIME_PM_ON_AC=on -RUNTIME_PM_ON_BAT=auto - -# Runtime PM for *all* PCI(e) bus devices, except blacklisted ones: -# 0=disable, 1=enable -RUNTIME_PM_ALL=1 - -# Exclude PCI(e) device adresses the following list from Runtime PM -# (separate with spaces). Use lspci to get the adresses (1st column). -#RUNTIME_PM_BLACKLIST="bb:dd.f 11:22.3 44:55.6" - -# Exclude PCI(e) devices assigned to the listed drivers from Runtime PM -# (should prevent accidential power on of hybrid graphics' discrete part). -# Default is "radeon nouveau"; use "" to disable the feature completely. -# Separate multiple drivers with spaces. -RUNTIME_PM_DRIVER_BLACKLIST="radeon nouveau" - -# Set to 0 to disable, 1 to enable USB autosuspend feature. -USB_AUTOSUSPEND=1 - -# Exclude listed devices from USB autosuspend (separate with spaces). -# Use lsusb to get the ids. -# Note: input devices (usbhid) are excluded automatically (see below) -#USB_BLACKLIST="1111:2222 3333:4444" - -# WWAN devices are excluded from USB autosuspend: 0=do not exclude / 1=exclude -USB_BLACKLIST_WWAN=1 - -# Include listed devices into USB autosuspend even if already excluded -# by the driver or WWAN blacklists above (separate with spaces). -# Use lsusb to get the ids. -#USB_WHITELIST="1111:2222 3333:4444" - -# Set to 1 to disable autosuspend before shutdown, 0 to do nothing -# (workaround for USB devices that cause shutdown problems). -#USB_AUTOSUSPEND_DISABLE_ON_SHUTDOWN=1 - -# Restore radio device state (Bluetooth, WiFi, WWAN) from previous shutdown -# on system startup: 0=disable, 1=enable. -# Hint: the parameters DEVICES_TO_DISABLE/ENABLE_ON_STARTUP/SHUTDOWN below -# are ignored when this is enabled! -RESTORE_DEVICE_STATE_ON_STARTUP=0 - -# Radio devices to disable on startup: bluetooth, wifi, wwan. -# Separate multiple devices with spaces. -DEVICES_TO_DISABLE_ON_STARTUP="bluetooth wifi wwan" - -# Radio devices to enable on startup: bluetooth, wifi, wwan. -# Separate multiple devices with spaces. -#DEVICES_TO_ENABLE_ON_STARTUP="wifi" - -# Radio devices to disable on shutdown: bluetooth, wifi, wwan -# (workaround for devices that are blocking shutdown). -#DEVICES_TO_DISABLE_ON_SHUTDOWN="bluetooth wifi wwan" - -# Radio devices to enable on shutdown: bluetooth, wifi, wwan -# (to prevent other operating systems from missing radios). -#DEVICES_TO_ENABLE_ON_SHUTDOWN="wwan" - -# Radio devices to enable on AC: bluetooth, wifi, wwan -#DEVICES_TO_ENABLE_ON_AC="bluetooth wifi wwan" - -# Radio devices to disable on battery: bluetooth, wifi, wwan -#DEVICES_TO_DISABLE_ON_BAT="bluetooth wifi wwan" - -# Radio devices to disable on battery when not in use (not connected): -# bluetooth, wifi, wwan -DEVICES_TO_DISABLE_ON_BAT_NOT_IN_USE="bluetooth wifi wwan" - -# Battery charge thresholds (ThinkPad only, tp-smapi or acpi-call kernel module -# required). Charging starts when the remaining capacity falls below the -# START_CHARGE_THRESH value and stops when exceeding the STOP_CHARGE_THRESH value. -# Main / Internal battery (values in %) -START_CHARGE_THRESH_BAT0=10 -STOP_CHARGE_THRESH_BAT0=95 -# Ultrabay / Slice / Replaceable battery (values in %) -START_CHARGE_THRESH_BAT1=10 -STOP_CHARGE_THRESH_BAT1=95 - -# ------------------------------------------------------------------------------ -# tlp-rdw - Parameters for the radio device wizard -# Possible devices: bluetooth, wifi, wwan - -# Hints: -# - Parameters are disabled by default, remove the leading # to enable them. -# - Separate multiple radio devices with spaces. - -# Radio devices to disable on connect. -#DEVICES_TO_DISABLE_ON_LAN_CONNECT="wifi wwan" -#DEVICES_TO_DISABLE_ON_WIFI_CONNECT="wwan" -#DEVICES_TO_DISABLE_ON_WWAN_CONNECT="wifi" - -# Radio devices to enable on disconnect. -#DEVICES_TO_ENABLE_ON_LAN_DISCONNECT="wifi wwan" -#DEVICES_TO_ENABLE_ON_WIFI_DISCONNECT="" -#DEVICES_TO_ENABLE_ON_WWAN_DISCONNECT="" - -# Radio devices to enable/disable when docked. -#DEVICES_TO_ENABLE_ON_DOCK="" -#DEVICES_TO_DISABLE_ON_DOCK="" - -# Radio devices to enable/disable when undocked. -#DEVICES_TO_ENABLE_ON_UNDOCK="wifi" -#DEVICES_TO_DISABLE_ON_UNDOCK="" diff --git a/ansible/files/system/___etc___hostname b/ansible/files/system/___etc___hostname deleted file mode 100644 index 8769fca..0000000 --- a/ansible/files/system/___etc___hostname +++ /dev/null @@ -1 +0,0 @@ -w530 diff --git a/ansible/files/system/___etc___hosts b/ansible/files/system/___etc___hosts deleted file mode 100644 index d920e4f..0000000 --- a/ansible/files/system/___etc___hosts +++ /dev/null @@ -1,7 +0,0 @@ -127.0.0.1 localhost -127.0.1.1 w530 - -# The following lines are desirable for IPv6 capable hosts -::1 localhost ip6-localhost ip6-loopback -ff02::1 ip6-allnodes -ff02::2 ip6-allrouters diff --git a/ansible/files/system/___etc___profile b/ansible/files/system/___etc___profile deleted file mode 100644 index 5884d7b..0000000 --- a/ansible/files/system/___etc___profile +++ /dev/null @@ -1,35 +0,0 @@ -# /etc/profile: system-wide .profile file for the Bourne shell (sh(1)) -# and Bourne compatible shells (bash(1), ksh(1), ash(1), ...). - -if [ "`id -u`" -eq 0 ]; then - PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" -else - PATH="/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games" -fi -export PATH - -if [ "${PS1-}" ]; then - if [ "${BASH-}" ] && [ "$BASH" != "/bin/sh" ]; then - # The file bash.bashrc already sets the default PS1. - # PS1='\h:\w\$ ' - if [ -f /etc/bash.bashrc ]; then - . /etc/bash.bashrc - fi - else - if [ "`id -u`" -eq 0 ]; then - PS1='# ' - else - PS1='$ ' - fi - fi -fi - -if [ -d /etc/profile.d ]; then - for i in /etc/profile.d/*.sh; do - if [ -r $i ]; then - . $i - fi - done - unset i -fi -export LC_ALL="en_US.UTF-8" diff --git a/ansible/files/system/___etc___systemd___logind.conf b/ansible/files/system/___etc___systemd___logind.conf deleted file mode 100644 index 7a9004a..0000000 --- a/ansible/files/system/___etc___systemd___logind.conf +++ /dev/null @@ -1,38 +0,0 @@ -# This file is part of systemd. -# -# systemd is free software; you can redistribute it and/or modify it -# under the terms of the GNU Lesser General Public License as published by -# the Free Software Foundation; either version 2.1 of the License, or -# (at your option) any later version. -# -# Entries in this file show the compile time defaults. -# You can change settings by editing this file. -# Defaults can be restored by simply deleting this file. -# -# See logind.conf(5) for details. - -[Login] -#NAutoVTs=6 -#ReserveVT=6 -#KillUserProcesses=no -#KillOnlyUsers= -#KillExcludeUsers=root -#InhibitDelayMaxSec=5 -#HandlePowerKey=poweroff -#HandleSuspendKey=suspend -#HandleHibernateKey=hibernate -#HandleLidSwitch=suspend -#HandleLidSwitchDocked=ignore -#PowerKeyIgnoreInhibited=no -#SuspendKeyIgnoreInhibited=no -#HibernateKeyIgnoreInhibited=no -#LidSwitchIgnoreInhibited=yes -#HoldoffTimeoutSec=30s -#IdleAction=ignore -#IdleActionSec=30min -#RuntimeDirectorySize=10% -#RemoveIPC=yes -#InhibitorsMax=8192 -#SessionsMax=8192 -#UserTasksMax=33% -HandleLidSwitch=hibernate diff --git a/ansible/files/system/___etc___timezone b/ansible/files/system/___etc___timezone deleted file mode 100644 index 94d5acc..0000000 --- a/ansible/files/system/___etc___timezone +++ /dev/null @@ -1 +0,0 @@ -Europe/Berlin diff --git a/ansible/files/system/___etc___wicd___manager-settings.conf b/ansible/files/system/___etc___wicd___manager-settings.conf deleted file mode 100644 index d2ef3ee..0000000 --- a/ansible/files/system/___etc___wicd___manager-settings.conf +++ /dev/null @@ -1,24 +0,0 @@ -[Settings] -backend = external -wireless_interface = wlp3s0 -wired_interface = enp0s25 -wpa_driver = wext -always_show_wired_interface = False -use_global_dns = False -global_dns_1 = None -global_dns_2 = None -global_dns_3 = None -global_dns_dom = None -global_search_dom = None -auto_reconnect = True -debug_mode = False -wired_connect_mode = 1 -signal_display_type = 0 -should_verify_ap = 1 -dhcp_client = 0 -link_detect_tool = 0 -flush_tool = 0 -sudo_app = 0 -prefer_wired = False -show_never_connect = True - diff --git a/ansible/files/system_new/W530/___etc___X11___xorg.conf.forced_nvidia b/ansible/files/system_new/W530/___etc___X11___xorg.conf.forced_nvidia deleted file mode 100644 index e651031..0000000 --- a/ansible/files/system_new/W530/___etc___X11___xorg.conf.forced_nvidia +++ /dev/null @@ -1,34 +0,0 @@ -# This is the Optimus-specific configuration recommended by the "NVIDIA -# Accelerated Linux Graphics Driver README and Installation Guide", Chapter 32 -# "Offloading Graphics Display with RandR 1.4" -# (<http://us.download.nvidia.com/XFree86/Linux-x86/346.35/README/randr14.html>) -# with the "AllowEmptyInitialConfigratuion" added as described by -# <http://us.download.nvidia.com/XFree86/Linux-x86/346.35/README/randr14.html>. - -Section "ServerLayout" - Identifier "layout" - Screen 0 "nvidia" - Inactive "intel" -EndSection - -Section "Device" - Identifier "nvidia" - Driver "nvidia" - BusID "PCI:01:00:0" - Option "AllowEmptyInitialConfiguration" -EndSection - -Section "Screen" - Identifier "nvidia" - Device "nvidia" -EndSection - -Section "Device" - Identifier "intel" - Driver "modesetting" -EndSection - -Section "Screen" - Identifier "intel" - Device "intel" -EndSection diff --git a/ansible/files/system_new/W530/___etc___hostname b/ansible/files/system_new/W530/___etc___hostname deleted file mode 100644 index 4d385ae..0000000 --- a/ansible/files/system_new/W530/___etc___hostname +++ /dev/null @@ -1 +0,0 @@ -W530 diff --git a/ansible/files/system_new/W530/___etc___hosts b/ansible/files/system_new/W530/___etc___hosts deleted file mode 100644 index c6f72a5..0000000 --- a/ansible/files/system_new/W530/___etc___hosts +++ /dev/null @@ -1,7 +0,0 @@ -127.0.0.1 localhost -127.0.1.1 W530 - -# The following lines are desirable for IPv6 capable hosts -::1 localhost ip6-localhost ip6-loopback -ff02::1 ip6-allnodes -ff02::2 ip6-allrouters diff --git a/ansible/files/system_new/W530/___etc___wicd___manager-settings.conf b/ansible/files/system_new/W530/___etc___wicd___manager-settings.conf deleted file mode 100644 index d2ef3ee..0000000 --- a/ansible/files/system_new/W530/___etc___wicd___manager-settings.conf +++ /dev/null @@ -1,24 +0,0 @@ -[Settings] -backend = external -wireless_interface = wlp3s0 -wired_interface = enp0s25 -wpa_driver = wext -always_show_wired_interface = False -use_global_dns = False -global_dns_1 = None -global_dns_2 = None -global_dns_3 = None -global_dns_dom = None -global_search_dom = None -auto_reconnect = True -debug_mode = False -wired_connect_mode = 1 -signal_display_type = 0 -should_verify_ap = 1 -dhcp_client = 0 -link_detect_tool = 0 -flush_tool = 0 -sudo_app = 0 -prefer_wired = False -show_never_connect = True - diff --git a/ansible/files/system_new/X200s/___etc___hostname b/ansible/files/system_new/X200s/___etc___hostname deleted file mode 100644 index d241415..0000000 --- a/ansible/files/system_new/X200s/___etc___hostname +++ /dev/null @@ -1 +0,0 @@ -X200s diff --git a/ansible/files/system_new/X200s/___etc___hosts b/ansible/files/system_new/X200s/___etc___hosts deleted file mode 100644 index b275ecb..0000000 --- a/ansible/files/system_new/X200s/___etc___hosts +++ /dev/null @@ -1,7 +0,0 @@ -127.0.0.1 localhost -127.0.1.1 X200s - -# The following lines are desirable for IPv6 capable hosts -::1 localhost ip6-localhost ip6-loopback -ff02::1 ip6-allnodes -ff02::2 ip6-allrouters diff --git a/ansible/files/system_new/minimal/___etc___apt___apt.conf.d___99mindeps b/ansible/files/system_new/minimal/___etc___apt___apt.conf.d___99mindeps deleted file mode 100644 index 4aaef79..0000000 --- a/ansible/files/system_new/minimal/___etc___apt___apt.conf.d___99mindeps +++ /dev/null @@ -1,4 +0,0 @@ -APT::AutoRemove::RecommendsImportant "false"; -APT::AutoRemove::SuggestsImportant "false"; -APT::Install-Recommends "false"; -APT::Install-Suggests "false"; diff --git a/ansible/files/system_new/minimal/___etc___apt___sources.list b/ansible/files/system_new/minimal/___etc___apt___sources.list deleted file mode 100644 index e64d6ee..0000000 --- a/ansible/files/system_new/minimal/___etc___apt___sources.list +++ /dev/null @@ -1,4 +0,0 @@ -deb http://ftp.debian.org/debian/ stretch main contrib non-free -deb http://ftp.debian.org/debian/ stretch-updates main contrib non-free -deb http://ftp.debian.org/debian stretch-backports main contrib non-free -deb http://security.debian.org/ stretch/updates main contrib non-free diff --git a/ansible/files/system_new/minimal/___etc___apt___sources.list.d___palemoon.list b/ansible/files/system_new/minimal/___etc___apt___sources.list.d___palemoon.list deleted file mode 100644 index f90488e..0000000 --- a/ansible/files/system_new/minimal/___etc___apt___sources.list.d___palemoon.list +++ /dev/null @@ -1 +0,0 @@ -deb http://download.opensuse.org/repositories/home:/stevenpusser/Debian_9.0/ / diff --git a/ansible/files/system_new/minimal/___etc___default___tlp b/ansible/files/system_new/minimal/___etc___default___tlp deleted file mode 100644 index 6db0f60..0000000 --- a/ansible/files/system_new/minimal/___etc___default___tlp +++ /dev/null @@ -1,278 +0,0 @@ -# ------------------------------------------------------------------------------ -# tlp - Parameters for power save -# See full explanation: http://linrunner.de/en/tlp/docs/tlp-configuration.html - -# Hint: some features are disabled by default, remove the leading # to enable -# them. - -# Set to 0 to disable, 1 to enable TLP. -TLP_ENABLE=1 - -# Operation mode when no power supply can be detected: AC, BAT -# Concerns some desktop and embedded hardware only. -TLP_DEFAULT_MODE=AC - -# Seconds laptop mode has to wait after the disk goes idle before doing a sync. -# Non-zero value enables, zero disables laptop mode. -DISK_IDLE_SECS_ON_AC=0 -DISK_IDLE_SECS_ON_BAT=2 - -# Dirty page values (timeouts in secs). -MAX_LOST_WORK_SECS_ON_AC=15 -MAX_LOST_WORK_SECS_ON_BAT=60 - -# Hint: CPU parameters below are disabled by default, remove the leading # -# to enable them, otherwise kernel default values are used. - -# Select a CPU frequency scaling governor. -# Intel Core i processor with intel_pstate driver: -# powersave(*), performance -# Older hardware with acpi-cpufreq driver: -# ondemand(*), powersave, performance, conservative -# (*) is recommended. -# Hint: use tlp-stat -p to show the active driver and available governors. -# Important: -# You *must* disable your distribution's governor settings or conflicts will -# occur. ondemand is sufficient for *almost all* workloads, you should know -# what you're doing! -#CPU_SCALING_GOVERNOR_ON_AC=powersave -#CPU_SCALING_GOVERNOR_ON_BAT=powersave - -# Set the min/max frequency available for the scaling governor. -# Possible values strongly depend on your CPU. For available frequencies see -# the output of tlp-stat -p. -#CPU_SCALING_MIN_FREQ_ON_AC=0 -#CPU_SCALING_MAX_FREQ_ON_AC=0 -#CPU_SCALING_MIN_FREQ_ON_BAT=0 -#CPU_SCALING_MAX_FREQ_ON_BAT=0 - -# Set Intel P-state performance: 0..100 (%) -# Limit the max/min P-state to control the power dissipation of the CPU. -# Values are stated as a percentage of the available performance. -# Requires an Intel Core i processor with intel_pstate driver. -#CPU_MIN_PERF_ON_AC=0 -#CPU_MAX_PERF_ON_AC=100 -#CPU_MIN_PERF_ON_BAT=0 -#CPU_MAX_PERF_ON_BAT=30 - -# Set the CPU "turbo boost" feature: 0=disable, 1=allow -# Requires an Intel Core i processor. -# Important: -# - This may conflict with your distribution's governor settings -# - A value of 1 does *not* activate boosting, it just allows it -#CPU_BOOST_ON_AC=1 -#CPU_BOOST_ON_BAT=0 - -# Minimize number of used CPU cores/hyper-threads under light load conditions -SCHED_POWERSAVE_ON_AC=0 -SCHED_POWERSAVE_ON_BAT=1 - -# Kernel NMI Watchdog: -# 0=disable (default, saves power), 1=enable (for kernel debugging only) -NMI_WATCHDOG=0 - -# Change CPU voltages aka "undervolting" - Kernel with PHC patch required -# Frequency voltage pairs are written to: -# /sys/devices/system/cpu/cpu0/cpufreq/phc_controls -# CAUTION: only use this, if you thoroughly understand what you are doing! -#PHC_CONTROLS="F:V F:V F:V F:V" - -# Set CPU performance versus energy savings policy: -# performance, normal, powersave -# Requires kernel module msr and x86_energy_perf_policy from linux-tools -ENERGY_PERF_POLICY_ON_AC=performance -ENERGY_PERF_POLICY_ON_BAT=powersave - -# Hard disk devices; separate multiple devices with spaces (default: sda). -# Devices can be specified by disk ID also (lookup with: tlp diskid). -DISK_DEVICES="sda sdb" - -# Hard disk advanced power management level: 1..254, 255 (max saving, min, off) -# Levels 1..127 may spin down the disk; 255 allowable on most drives. -# Separate values for multiple disks with spaces. Use the special value 'keep' -# to keep the hardware default for the particular disk. -DISK_APM_LEVEL_ON_AC="254 254" -DISK_APM_LEVEL_ON_BAT="128 128" - -# Hard disk spin down timeout: -# 0: spin down disabled -# 1..240: timeouts from 5s to 20min (in units of 5s) -# 241..251: timeouts from 30min to 5.5 hours (in units of 30min) -# See 'man hdparm' for details. -# Separate values for multiple disks with spaces. Use the special value 'keep' -# to keep the hardware default for the particular disk. -#DISK_SPINDOWN_TIMEOUT_ON_AC="0 0" -#DISK_SPINDOWN_TIMEOUT_ON_BAT="0 0" - -# Select IO scheduler for the disk devices: cfq, deadline, noop (Default: cfq); -# Separate values for multiple disks with spaces. Use the special value 'keep' -# to keep the kernel default scheduler for the particular disk. -#DISK_IOSCHED="cfq cfq" - -# SATA aggressive link power management (ALPM): -# min_power, medium_power, max_performance -SATA_LINKPWR_ON_AC=max_performance -SATA_LINKPWR_ON_BAT=min_power - -# Exclude SATA host devices from link power management. -# Separate multiple hosts with spaces. -#SATA_LINKPWR_BLACKLIST="host1" - -# Runtime Power Management for AHCI controllers and disks: -# on=disable, auto=enable -# EXPERIMENTAL ** WARNING: auto will most likely cause system lockups/data loss -#AHCI_RUNTIME_PM_ON_AC=on -#AHCI_RUNTIME_PM_ON_BAT=on - -# Seconds of inactivity before disk is suspended -AHCI_RUNTIME_PM_TIMEOUT=15 - -# PCI Express Active State Power Management (PCIe ASPM): -# default, performance, powersave -PCIE_ASPM_ON_AC=performance -PCIE_ASPM_ON_BAT=powersave - -# Radeon graphics clock speed (profile method): low, mid, high, auto, default; -# auto = mid on BAT, high on AC; default = use hardware defaults. -# (Kernel >= 2.6.35 only, open-source radeon driver explicitly) -RADEON_POWER_PROFILE_ON_AC=high -RADEON_POWER_PROFILE_ON_BAT=low - -# Radeon dynamic power management method (DPM): battery, performance -# (Kernel >= 3.11 only, requires boot option radeon.dpm=1) -RADEON_DPM_STATE_ON_AC=performance -RADEON_DPM_STATE_ON_BAT=battery - -# Radeon DPM performance level: auto, low, high; auto is recommended. -RADEON_DPM_PERF_LEVEL_ON_AC=auto -RADEON_DPM_PERF_LEVEL_ON_BAT=auto - -# WiFi power saving mode: on=enable, off=disable; not supported by all adapters. -WIFI_PWR_ON_AC=off -WIFI_PWR_ON_BAT=on - -# Disable wake on LAN: Y/N -WOL_DISABLE=Y - -# Enable audio power saving for Intel HDA, AC97 devices (timeout in secs). -# A value of 0 disables, >=1 enables power save. -SOUND_POWER_SAVE_ON_AC=0 -SOUND_POWER_SAVE_ON_BAT=1 - -# Disable controller too (HDA only): Y/N -SOUND_POWER_SAVE_CONTROLLER=Y - -# Set to 1 to power off optical drive in UltraBay/MediaBay when running on -# battery. A value of 0 disables this feature (Default). -# Drive can be powered on again by releasing (and reinserting) the eject lever -# or by pressing the disc eject button on newer models. -# Note: an UltraBay/MediaBay hard disk is never powered off. -BAY_POWEROFF_ON_BAT=0 -# Optical drive device to power off (default sr0). -BAY_DEVICE="sr0" - -# Runtime Power Management for PCI(e) bus devices: on=disable, auto=enable -RUNTIME_PM_ON_AC=on -RUNTIME_PM_ON_BAT=auto - -# Runtime PM for *all* PCI(e) bus devices, except blacklisted ones: -# 0=disable, 1=enable -RUNTIME_PM_ALL=1 - -# Exclude PCI(e) device adresses the following list from Runtime PM -# (separate with spaces). Use lspci to get the adresses (1st column). -#RUNTIME_PM_BLACKLIST="bb:dd.f 11:22.3 44:55.6" - -# Exclude PCI(e) devices assigned to the listed drivers from Runtime PM -# (should prevent accidential power on of hybrid graphics' discrete part). -# Default is "radeon nouveau"; use "" to disable the feature completely. -# Separate multiple drivers with spaces. -RUNTIME_PM_DRIVER_BLACKLIST="radeon nouveau" - -# Set to 0 to disable, 1 to enable USB autosuspend feature. -USB_AUTOSUSPEND=1 - -# Exclude listed devices from USB autosuspend (separate with spaces). -# Use lsusb to get the ids. -# Note: input devices (usbhid) are excluded automatically (see below) -#USB_BLACKLIST="1111:2222 3333:4444" - -# WWAN devices are excluded from USB autosuspend: 0=do not exclude / 1=exclude -USB_BLACKLIST_WWAN=1 - -# Include listed devices into USB autosuspend even if already excluded -# by the driver or WWAN blacklists above (separate with spaces). -# Use lsusb to get the ids. -#USB_WHITELIST="1111:2222 3333:4444" - -# Set to 1 to disable autosuspend before shutdown, 0 to do nothing -# (workaround for USB devices that cause shutdown problems). -#USB_AUTOSUSPEND_DISABLE_ON_SHUTDOWN=1 - -# Restore radio device state (Bluetooth, WiFi, WWAN) from previous shutdown -# on system startup: 0=disable, 1=enable. -# Hint: the parameters DEVICES_TO_DISABLE/ENABLE_ON_STARTUP/SHUTDOWN below -# are ignored when this is enabled! -RESTORE_DEVICE_STATE_ON_STARTUP=0 - -# Radio devices to disable on startup: bluetooth, wifi, wwan. -# Separate multiple devices with spaces. -DEVICES_TO_DISABLE_ON_STARTUP="bluetooth wifi wwan" - -# Radio devices to enable on startup: bluetooth, wifi, wwan. -# Separate multiple devices with spaces. -#DEVICES_TO_ENABLE_ON_STARTUP="wifi" - -# Radio devices to disable on shutdown: bluetooth, wifi, wwan -# (workaround for devices that are blocking shutdown). -#DEVICES_TO_DISABLE_ON_SHUTDOWN="bluetooth wifi wwan" - -# Radio devices to enable on shutdown: bluetooth, wifi, wwan -# (to prevent other operating systems from missing radios). -#DEVICES_TO_ENABLE_ON_SHUTDOWN="wwan" - -# Radio devices to enable on AC: bluetooth, wifi, wwan -#DEVICES_TO_ENABLE_ON_AC="bluetooth wifi wwan" - -# Radio devices to disable on battery: bluetooth, wifi, wwan -#DEVICES_TO_DISABLE_ON_BAT="bluetooth wifi wwan" - -# Radio devices to disable on battery when not in use (not connected): -# bluetooth, wifi, wwan -DEVICES_TO_DISABLE_ON_BAT_NOT_IN_USE="bluetooth wifi wwan" - -# Battery charge thresholds (ThinkPad only, tp-smapi or acpi-call kernel module -# required). Charging starts when the remaining capacity falls below the -# START_CHARGE_THRESH value and stops when exceeding the STOP_CHARGE_THRESH value. -# Main / Internal battery (values in %) -START_CHARGE_THRESH_BAT0=10 -STOP_CHARGE_THRESH_BAT0=95 -# Ultrabay / Slice / Replaceable battery (values in %) -START_CHARGE_THRESH_BAT1=10 -STOP_CHARGE_THRESH_BAT1=95 - -# ------------------------------------------------------------------------------ -# tlp-rdw - Parameters for the radio device wizard -# Possible devices: bluetooth, wifi, wwan - -# Hints: -# - Parameters are disabled by default, remove the leading # to enable them. -# - Separate multiple radio devices with spaces. - -# Radio devices to disable on connect. -#DEVICES_TO_DISABLE_ON_LAN_CONNECT="wifi wwan" -#DEVICES_TO_DISABLE_ON_WIFI_CONNECT="wwan" -#DEVICES_TO_DISABLE_ON_WWAN_CONNECT="wifi" - -# Radio devices to enable on disconnect. -#DEVICES_TO_ENABLE_ON_LAN_DISCONNECT="wifi wwan" -#DEVICES_TO_ENABLE_ON_WIFI_DISCONNECT="" -#DEVICES_TO_ENABLE_ON_WWAN_DISCONNECT="" - -# Radio devices to enable/disable when docked. -#DEVICES_TO_ENABLE_ON_DOCK="" -#DEVICES_TO_DISABLE_ON_DOCK="" - -# Radio devices to enable/disable when undocked. -#DEVICES_TO_ENABLE_ON_UNDOCK="wifi" -#DEVICES_TO_DISABLE_ON_UNDOCK="" diff --git a/ansible/files/system_new/minimal/___etc___profile b/ansible/files/system_new/minimal/___etc___profile deleted file mode 100644 index 5884d7b..0000000 --- a/ansible/files/system_new/minimal/___etc___profile +++ /dev/null @@ -1,35 +0,0 @@ -# /etc/profile: system-wide .profile file for the Bourne shell (sh(1)) -# and Bourne compatible shells (bash(1), ksh(1), ash(1), ...). - -if [ "`id -u`" -eq 0 ]; then - PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" -else - PATH="/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games" -fi -export PATH - -if [ "${PS1-}" ]; then - if [ "${BASH-}" ] && [ "$BASH" != "/bin/sh" ]; then - # The file bash.bashrc already sets the default PS1. - # PS1='\h:\w\$ ' - if [ -f /etc/bash.bashrc ]; then - . /etc/bash.bashrc - fi - else - if [ "`id -u`" -eq 0 ]; then - PS1='# ' - else - PS1='$ ' - fi - fi -fi - -if [ -d /etc/profile.d ]; then - for i in /etc/profile.d/*.sh; do - if [ -r $i ]; then - . $i - fi - done - unset i -fi -export LC_ALL="en_US.UTF-8" diff --git a/ansible/files/system_new/minimal/___etc___systemd___logind.conf b/ansible/files/system_new/minimal/___etc___systemd___logind.conf deleted file mode 100644 index 7a9004a..0000000 --- a/ansible/files/system_new/minimal/___etc___systemd___logind.conf +++ /dev/null @@ -1,38 +0,0 @@ -# This file is part of systemd. -# -# systemd is free software; you can redistribute it and/or modify it -# under the terms of the GNU Lesser General Public License as published by -# the Free Software Foundation; either version 2.1 of the License, or -# (at your option) any later version. -# -# Entries in this file show the compile time defaults. -# You can change settings by editing this file. -# Defaults can be restored by simply deleting this file. -# -# See logind.conf(5) for details. - -[Login] -#NAutoVTs=6 -#ReserveVT=6 -#KillUserProcesses=no -#KillOnlyUsers= -#KillExcludeUsers=root -#InhibitDelayMaxSec=5 -#HandlePowerKey=poweroff -#HandleSuspendKey=suspend -#HandleHibernateKey=hibernate -#HandleLidSwitch=suspend -#HandleLidSwitchDocked=ignore -#PowerKeyIgnoreInhibited=no -#SuspendKeyIgnoreInhibited=no -#HibernateKeyIgnoreInhibited=no -#LidSwitchIgnoreInhibited=yes -#HoldoffTimeoutSec=30s -#IdleAction=ignore -#IdleActionSec=30min -#RuntimeDirectorySize=10% -#RemoveIPC=yes -#InhibitorsMax=8192 -#SessionsMax=8192 -#UserTasksMax=33% -HandleLidSwitch=hibernate diff --git a/ansible/files/system_new/minimal/___etc___timezone b/ansible/files/system_new/minimal/___etc___timezone deleted file mode 100644 index 94d5acc..0000000 --- a/ansible/files/system_new/minimal/___etc___timezone +++ /dev/null @@ -1 +0,0 @@ -Europe/Berlin diff --git a/ansible/run_root.sh b/ansible/run_root.sh deleted file mode 100755 index 02856c2..0000000 --- a/ansible/run_root.sh +++ /dev/null @@ -1 +0,0 @@ -ansible-playbook -i 'localhost,' -c local config.yml diff --git a/ansible/run_root_new.sh b/ansible/run_root_new.sh deleted file mode 100755 index 36408a8..0000000 --- a/ansible/run_root_new.sh +++ /dev/null @@ -1 +0,0 @@ -ansible-playbook -i 'localhost,' -e system_name=X200s -c local config_new.yml diff --git a/ansible/run_user.sh b/ansible/run_user.sh deleted file mode 100755 index e52b521..0000000 --- a/ansible/run_user.sh +++ /dev/null @@ -1 +0,0 @@ -ansible-playbook -i 'localhost,' -c local user.yml diff --git a/ansible/run_user_new.sh b/ansible/run_user_new.sh deleted file mode 100755 index 510faad..0000000 --- a/ansible/run_user_new.sh +++ /dev/null @@ -1 +0,0 @@ -ansible-playbook -i 'localhost,' -e system_name=X200s -c local user_new.yml diff --git a/ansible/tasks/initial_purge.yml b/ansible/tasks/initial_purge.yml deleted file mode 100644 index 63fddd9..0000000 --- a/ansible/tasks/initial_purge.yml +++ /dev/null @@ -1,25 +0,0 @@ ---- - -- name: collect officially required packages - shell: dpkg-query -Wf '${Package} ${Priority}\n' | grep ' required' | sed 's/ required//' > /tmp/list_white_unsorted - -- name: add "ifupdown" and "isc-dhcp-client" (to keep internet connection afterwards) and "ansible" (to keep its modules available for continuing the configuration) to required packages - shell: echo 'ifupdown' >> /tmp/list_white_unsorted && echo 'isc-dhcp-client' >> /tmp/list_white_unsorted && echo 'ansible' >> /tmp/list_white_unsorted && sort /tmp/list_white_unsorted > /tmp/list_white - -- name: collect currently installed packages - shell: dpkg-query -Wf '${Package}\n' > /tmp/list_all_packages && sort /tmp/list_all_packages > /tmp/foo && mv /tmp/foo /tmp/list_all_packages - -- name: create black list of packages to mark as automatically installed from the difference between the required packages and the packages currently installed - shell: comm -3 /tmp/list_all_packages /tmp/list_white > /tmp/list_black - -- name: mark all packages from black list as automatically installed - shell: apt-mark auto $(cat /tmp/list_black) - -- name: purge all packages automatically installed that are not depended on - shell: DEBIAN_FRONTEND=noninteractive apt-get -y --purge autoremove - -- name: ensure flags directory exists - file: path=flags state=directory - -- name: set initial_purge_happened flag, so that this whole process does not get repeated - file: path=flags/initial_purge_happened state=touch diff --git a/ansible/tasks/qutebrowser.yml b/ansible/tasks/qutebrowser.yml deleted file mode 100644 index 916c854..0000000 --- a/ansible/tasks/qutebrowser.yml +++ /dev/null @@ -1,45 +0,0 @@ ---- - -- name: Set qutebrowser, python3-pypeg2 facts. - set_fact: - qutebrowser_deb_url: https://github.com/qutebrowser/qutebrowser/releases/download/v0.11.0/qutebrowser_0.11.0-1_all.deb - python3pypeg2_deb_url: https://qutebrowser.org/python3-pypeg2_2.15.2-1_all.deb - qutebrowser_deb_path: /tmp/qutebrowser.deb - python3pypeg2_deb_path: /tmp/python3-pypeg2.deb - -- name: Check if qutebrowser is installed. - command: dpkg-query -W qutebrowser - register: qutebrowser_debcheck - failed_when: qutebrowser_debcheck.rc > 1 - changed_when: qutebrowser_debcheck.rc == 1 - -- name: Check if qutebrowser-dependency python3-pypeg2 is installed. - command: dpkg-query -W python3-pypeg2 - register: python3pypeg2_debcheck - failed_when: python3pypeg2_debcheck.rc > 1 - changed_when: python3pypeg2_debcheck.rc == 1 - when: qutebrowser_debcheck.rc == 1 - -- name: Download python3-pypeg2 package. - get_url: url={{ python3pypeg2_deb_url }} dest={{ python3pypeg2_deb_path }} - when: qutebrowser_debcheck.rc == 1 and python3pypeg2_debcheck.rc == 1 - -- name: Download qutebrowser package. - get_url: url={{ qutebrowser_deb_url }} dest={{ qutebrowser_deb_path }} - when: qutebrowser_debcheck.rc == 1 - -# We use command: apt as a workaround because the Ansible apt module installs -# the Depends of the .deb marked as manual while we want them marked as auto. -- name: Install python3-pypeg2 package, - command: apt install --yes "{{ python3pypeg2_deb_path}}" - when: qutebrowser_debcheck.rc == 1 and python3pypeg2_debcheck.rc == 1 - -- name: Mark python3-pypeg2 package as automatically installed. - command: apt-mark auto python3-pypeg2 - when: qutebrowser_debcheck.rc == 1 and python3pypeg2_debcheck.rc == 1 - -# We use command: apt as a workaround because the Ansible apt module installs -# the Depends of the .deb marked as manual while we want them marked as auto. -- name: Install qutebrowser package. - command: apt install --yes "{{ qutebrowser_deb_path}}" - when: qutebrowser_debcheck.rc == 1 diff --git a/ansible/user.yml b/ansible/user.yml deleted file mode 100644 index 07dd189..0000000 --- a/ansible/user.yml +++ /dev/null @@ -1,13 +0,0 @@ -- hosts: all - tasks: - - - name: ensure ~/.vimbackups directory - file: state=directory dest=~/.vimbackups - - name: Ensure dotfile symlinks - file: state=link force=yes src={{item}} dest=~/.{{item|basename}} - with_fileglob: - - ~/config/dotfiles/minimal/* - - ~/config/dotfiles/user/thinkpad/minimal/* - - ~/config/dotfiles/user/thinkpad/W530/* - - name: ensure ~/downloads directory - file: state=directory dest=~/downloads diff --git a/ansible/user_new.yml b/ansible/user_new.yml deleted file mode 100644 index d6f46af..0000000 --- a/ansible/user_new.yml +++ /dev/null @@ -1,13 +0,0 @@ -- hosts: all - tasks: - - - name: ensure ~/.vimbackups directory - file: state=directory dest=~/.vimbackups - - name: Ensure dotfile symlinks - file: state=link force=yes src={{item}} dest=~/.{{item|basename}} - with_fileglob: - - ~/config/dotfiles/minimal/* - - ~/config/dotfiles/user/thinkpad/minimal/* - - ~/config/dotfiles/user/thinkpad/{{ system_name }}/* - - name: ensure ~/downloads directory - file: state=directory dest=~/downloads diff --git a/archive_plomroma.py b/archive_plomroma.py deleted file mode 100755 index 0ad89b7..0000000 --- a/archive_plomroma.py +++ /dev/null @@ -1,86 +0,0 @@ -#!/usr/bin/env python3 -import lxml -import argparse -# use with `find status.plomlompom.com -type f -name "*.html" -exec ./archive_plomroma.py -f {} \;` - -parser = argparse.ArgumentParser(description="archive plom's self-hosted pleroma feed") -parser.add_argument("-f", "--file", dest="file", required=True, help="HTML file to process") -args = parser.parse_args() -print("processing", args.file) - -def print_tree(node, level=0): - tag = node.tag - id = node.get("id") - classes = node.get("class") - text = (node.text or "").strip() - attributes_info = [] - if id: - attributes_info.append(f"id='{id}'") - if classes: - attributes_info.append(f"class='{classes}'") - attr_str = " ".join(attributes_info) - print(" " * level + f"<{tag} {attr_str}>", end="") - if text: - print(f" -> {text}") - else: - print() - for child in node: - print_tree(child, level + 1) - -with open(args.file, "r", encoding="utf-8") as file: - content = file.read() -from lxml import html -tree = html.fromstring(content) - -atom_links = tree.xpath('/html/head/link[@rel="alternate"]') -for atom_link in atom_links: - atom_link.getparent().remove(atom_link) -comments = tree.xpath('//comment()') -for comment in comments: - comment.getparent().remove(comment) -forms = tree.xpath('//form') -for form in forms: - form.getparent().remove(form) - - -def has_class(context, element, class_name): - classes = element[0].get('class', '').split() - return class_name in classes -ns = lxml.etree.FunctionNamespace(None) -ns['has-class'] = has_class -matching_divs = tree.xpath('//div[has-class(., "activity") and .//div[has-class(., "p-author")] and .//bdi[has-class(., "p-name") and string()!="plomlompom"]]') -imgs = tree.xpath('//img') -for img in imgs: - src = img.get('src') - if src and not src.startswith('https://status.plomlompom.com/'): - img.attrib.pop('src', None) - alt = img.get('alt') - if alt and not alt.startswith('../'): - img.attrib.pop('alt', None) - title = img.get('title') - if title and not title.startswith('../'): - img.attrib.pop('title', None) -removal_notice = "[Removed foreign content for static archive, follow permalink on date to see original.]" -for activity_div in matching_divs: - details = activity_div.xpath('.//details[./div[has-class]]') - for detail in details: - new_div = lxml.etree.Element("div") - new_div.text = removal_notice - detail.getparent().replace(detail, new_div) - e_contents = activity_div.xpath('.//div[has-class(., "e-content") or has-class(., "activity-content")]') - for content in e_contents: - content.clear() - content.text = removal_notice - -header = """ -<p style="text-align: right;"><a href="https://plomlompom.com/contact.html">contact</a> / <a href="https://plomlompom.com/privacy.html">privacy</a></p> -<p>plomroma (archived): This site is a static archive of a Pleroma instance formerly hosted by me, to preserve my own messages from that time. Foreign content has been removed, but may still be available via links.</p> -<hr /> -""" -tree.body.insert(0, html.fromstring(header)) - -# print_tree(tree) -with open(args.file, "w", encoding="utf-8") as file: - file.write(html.tostring(tree, pretty_print=True, encoding="utf-8").decode("utf-8")) - -print("done") diff --git a/archived/all_new_2018/apt-mark/all b/archived/all_new_2018/apt-mark/all new file mode 100644 index 0000000..f748f3b --- /dev/null +++ b/archived/all_new_2018/apt-mark/all @@ -0,0 +1,9 @@ +# connectivity: ifupdown seems necessary everyhwere, isc-dhcp-client +# unpredictably so +ifupdown +isc-dhcp-client +# git for the setup directory; cloning works with ca-certificates +ca-certificates +git +# to avoid constant warnings about no locale being found +locales diff --git a/archived/all_new_2018/apt-mark/server b/archived/all_new_2018/apt-mark/server new file mode 100644 index 0000000..4f7fc5d --- /dev/null +++ b/archived/all_new_2018/apt-mark/server @@ -0,0 +1,7 @@ +# needed to log in to server via ssh +openssh-server +# provides /etc/inputrc and understanding of ctrl+arrow key combos +readline-common +# provides systemd scripts that configure iptables via /etc/iptables/* +iptables-persistent +# this line is here because the shell "read" in install_for_target.sh ignores lines without final newline \ No newline at end of file diff --git a/archived/all_new_2018/borg.sh b/archived/all_new_2018/borg.sh new file mode 100755 index 0000000..18321b1 --- /dev/null +++ b/archived/all_new_2018/borg.sh @@ -0,0 +1,145 @@ +#!/bin/sh +set -e + +standard_repo="borg" +config_file="${HOME}/.borgrepos" + +usage() { + echo "Need operation as argument, one of:" + echo "init" + echo "store" + echo "check" + echo "export_keyfiles" + echo "orgpush" + echo "orgpull" + false +} + +read_pw() { + if [ "${#SSH_AGENT_PID}" -eq 0 ]; then + eval $(ssh-agent) + echo "ssh-add" + stty -echo + ssh-add + stty echo + fi + if [ "${#BORG_PASSPHRASE}" -eq 0 ]; then + stty -echo + printf "Borg passphrase: " + read password + stty echo + printf "\n" + export BORG_PASSPHRASE="${password}" + fi +} + +if [ ! -f "${config_file}" ]; then + echo '# file read ends at last newline' >> "${config_file}" +fi +if [ "$#" -lt 1 ]; then + usage +fi +first_arg="$1" +shift +if [ "${first_arg}" = "init" ]; then + if [ ! "$#" -eq 1 ]; then + echo "Need exactly one argument: target of form user@server" + false + fi + target="$1" + echo "Initializing: ${target}" + borg init --verbose --encryption=keyfile "${target}:${standard_repo}" + tmp_file="/tmp/new_borgrepos" + echo "${target}" > "${tmp_file}" + cat "${config_file}" >> "${tmp_file}" + cp "${tmp_file}" "${config_file}" +elif [ "${first_arg}" = "store" ]; then + if [ ! "$#" -eq 2 ]; then + echo "Need precisely two arguments: archive name and path to archive." + false + fi + archive_name=$1 + shift + to_backup="$@" + read_pw + cat "${config_file}" | while read line; do + first_char=$(echo "${line}" | cut -c1) + if [ "${first_char}" = "#" ]; then + continue + fi + repo="${line}:${standard_repo}" + archive="${repo}::${archive_name}-{utcnow:%Y-%m-%dT%H:%M}" + echo "Creating archive: ${archive}" + borg create --verbose --list "${archive}" "${to_backup}" + done +elif [ "${first_arg}" = "check" ]; then + if [ ! "$#" -eq 0 ]; then + echo "Need no arguments" + false + fi + read_pw + cat "${config_file}" | while read line; do + first_char=$(echo "${line}" | cut -c1) + if [ "${first_char}" = "#" ]; then + continue + fi + repo="${line}:${standard_repo}" + echo "Checking repo: ${repo}" + borg check --verbose "${repo}" + done +elif [ "${first_arg}" = "export_keyfiles" ]; then + if [ ! "$#" -eq 1 ]; then + echo "Need output tar file name." + false + fi + tar_target="${1}" + tmp_dir="${HOME}/.borgtmp" + keyfiles_dir="${tmp_dir}/borg_keyfiles" + mkdir -p "${keyfiles_dir}" + cat "${config_file}" | while read line; do + first_char=$(echo "${line}" | cut -c1) + if [ "${first_char}" = "#" ]; then + continue + fi + repo="${line}:${standard_repo}" + borg key export "${repo}" "${keyfiles_dir}/${line}" + done + cur_dir="$(pwd)" + cd "${tmp_dir}" + target=$(basename "${keyfiles_dir}") + tar cf "${tar_target}" "${target}" + mv "${tar_target}" "${cur_dir}" + cd + rm -rf "${tmp_dir}" +elif [ "${first_arg}" = "orgpush" ]; then + archive_name="orgdir" + to_backup=~/org + read_pw + cat "${config_file}" | while read line; do + first_char=$(echo "${line}" | cut -c1) + if [ "${first_char}" = "#" ]; then + continue + fi + repo="${line}:${standard_repo}" + archive="${repo}::${archive_name}-{utcnow:%Y-%m-%dT%H:%M}" + echo "Creating archive: ${archive}" + borg create --verbose --list "${archive}" "${to_backup}" --exclude ~/org/.git + done +elif [ "${first_arg}" = "orgpull" ]; then + archive_name="orgdir" + read_pw + cd / + cat "${config_file}" | while read line; do + first_char=$(echo "${line}" | cut -c1) + if [ "${first_char}" = "#" ]; then + continue + fi + repo="${line}:${standard_repo}" + archive=$(borg list "${repo}" | grep "${orgdir}" | tail -1 | cut -f1 -d' ') + echo "Pulling archive: ${archive}" + borg extract --verbose "${repo}::${archive}" + break + done +else + usage +fi diff --git a/archived/all_new_2018/linkable_etc_files/all/etc/apt/apt.conf.d/99_minimize_dependencies b/archived/all_new_2018/linkable_etc_files/all/etc/apt/apt.conf.d/99_minimize_dependencies new file mode 100644 index 0000000..4aaef79 --- /dev/null +++ b/archived/all_new_2018/linkable_etc_files/all/etc/apt/apt.conf.d/99_minimize_dependencies @@ -0,0 +1,4 @@ +APT::AutoRemove::RecommendsImportant "false"; +APT::AutoRemove::SuggestsImportant "false"; +APT::Install-Recommends "false"; +APT::Install-Suggests "false"; diff --git a/archived/all_new_2018/linkable_etc_files/all/etc/apt/sources.list b/archived/all_new_2018/linkable_etc_files/all/etc/apt/sources.list new file mode 100644 index 0000000..68064c6 --- /dev/null +++ b/archived/all_new_2018/linkable_etc_files/all/etc/apt/sources.list @@ -0,0 +1,4 @@ +deb http://deb.debian.org/debian stretch main contrib non-free +deb http://deb.debian.org/debian-security/ stretch/updates main contrib non-free +deb http://deb.debian.org/debian stretch-updates main contrib non-free +deb http://ftp.debian.org/debian stretch-backports main contrib non-free \ No newline at end of file diff --git a/archived/all_new_2018/linkable_etc_files/all/etc/locale.gen b/archived/all_new_2018/linkable_etc_files/all/etc/locale.gen new file mode 100644 index 0000000..a28cfa4 --- /dev/null +++ b/archived/all_new_2018/linkable_etc_files/all/etc/locale.gen @@ -0,0 +1,483 @@ +# This file lists locales that you wish to have built. You can find a list +# of valid supported locales at /usr/share/i18n/SUPPORTED, and you can add +# user defined locales to /usr/local/share/i18n/SUPPORTED. If you change +# this file, you need to rerun locale-gen. + + +# aa_DJ ISO-8859-1 +# aa_DJ.UTF-8 UTF-8 +# aa_ER UTF-8 +# aa_ER@saaho UTF-8 +# aa_ET UTF-8 +# af_ZA ISO-8859-1 +# af_ZA.UTF-8 UTF-8 +# ak_GH UTF-8 +# am_ET UTF-8 +# an_ES ISO-8859-15 +# an_ES.UTF-8 UTF-8 +# anp_IN UTF-8 +# ar_AE ISO-8859-6 +# ar_AE.UTF-8 UTF-8 +# ar_BH ISO-8859-6 +# ar_BH.UTF-8 UTF-8 +# ar_DZ ISO-8859-6 +# ar_DZ.UTF-8 UTF-8 +# ar_EG ISO-8859-6 +# ar_EG.UTF-8 UTF-8 +# ar_IN UTF-8 +# ar_IQ ISO-8859-6 +# ar_IQ.UTF-8 UTF-8 +# ar_JO ISO-8859-6 +# ar_JO.UTF-8 UTF-8 +# ar_KW ISO-8859-6 +# ar_KW.UTF-8 UTF-8 +# ar_LB ISO-8859-6 +# ar_LB.UTF-8 UTF-8 +# ar_LY ISO-8859-6 +# ar_LY.UTF-8 UTF-8 +# ar_MA ISO-8859-6 +# ar_MA.UTF-8 UTF-8 +# ar_OM ISO-8859-6 +# ar_OM.UTF-8 UTF-8 +# ar_QA ISO-8859-6 +# ar_QA.UTF-8 UTF-8 +# ar_SA ISO-8859-6 +# ar_SA.UTF-8 UTF-8 +# ar_SD ISO-8859-6 +# ar_SD.UTF-8 UTF-8 +# ar_SS UTF-8 +# ar_SY ISO-8859-6 +# ar_SY.UTF-8 UTF-8 +# ar_TN ISO-8859-6 +# ar_TN.UTF-8 UTF-8 +# ar_YE ISO-8859-6 +# ar_YE.UTF-8 UTF-8 +# as_IN UTF-8 +# ast_ES ISO-8859-15 +# ast_ES.UTF-8 UTF-8 +# ayc_PE UTF-8 +# az_AZ UTF-8 +# be_BY CP1251 +# be_BY.UTF-8 UTF-8 +# be_BY@latin UTF-8 +# bem_ZM UTF-8 +# ber_DZ UTF-8 +# ber_MA UTF-8 +# bg_BG CP1251 +# bg_BG.UTF-8 UTF-8 +# bhb_IN.UTF-8 UTF-8 +# bho_IN UTF-8 +# bn_BD UTF-8 +# bn_IN UTF-8 +# bo_CN UTF-8 +# bo_IN UTF-8 +# br_FR ISO-8859-1 +# br_FR.UTF-8 UTF-8 +# br_FR@euro ISO-8859-15 +# brx_IN UTF-8 +# bs_BA ISO-8859-2 +# bs_BA.UTF-8 UTF-8 +# byn_ER UTF-8 +# ca_AD ISO-8859-15 +# ca_AD.UTF-8 UTF-8 +# ca_ES ISO-8859-1 +# ca_ES.UTF-8 UTF-8 +# ca_ES.UTF-8@valencia UTF-8 +# ca_ES@euro ISO-8859-15 +# ca_ES@valencia ISO-8859-15 +# ca_FR ISO-8859-15 +# ca_FR.UTF-8 UTF-8 +# ca_IT ISO-8859-15 +# ca_IT.UTF-8 UTF-8 +# ce_RU UTF-8 +# chr_US UTF-8 +# cmn_TW UTF-8 +# crh_UA UTF-8 +# cs_CZ ISO-8859-2 +# cs_CZ.UTF-8 UTF-8 +# csb_PL UTF-8 +# cv_RU UTF-8 +# cy_GB ISO-8859-14 +# cy_GB.UTF-8 UTF-8 +# da_DK ISO-8859-1 +# da_DK.UTF-8 UTF-8 +# de_AT ISO-8859-1 +# de_AT.UTF-8 UTF-8 +# de_AT@euro ISO-8859-15 +# de_BE ISO-8859-1 +# de_BE.UTF-8 UTF-8 +# de_BE@euro ISO-8859-15 +# de_CH ISO-8859-1 +# de_CH.UTF-8 UTF-8 +# de_DE ISO-8859-1 +# de_DE.UTF-8 UTF-8 +# de_DE@euro ISO-8859-15 +# de_IT ISO-8859-1 +# de_IT.UTF-8 UTF-8 +# de_LI.UTF-8 UTF-8 +# de_LU ISO-8859-1 +# de_LU.UTF-8 UTF-8 +# de_LU@euro ISO-8859-15 +# doi_IN UTF-8 +# dv_MV UTF-8 +# dz_BT UTF-8 +# el_CY ISO-8859-7 +# el_CY.UTF-8 UTF-8 +# el_GR ISO-8859-7 +# el_GR.UTF-8 UTF-8 +# en_AG UTF-8 +# en_AU ISO-8859-1 +# en_AU.UTF-8 UTF-8 +# en_BW ISO-8859-1 +# en_BW.UTF-8 UTF-8 +# en_CA ISO-8859-1 +# en_CA.UTF-8 UTF-8 +# en_DK ISO-8859-1 +# en_DK.ISO-8859-15 ISO-8859-15 +# en_DK.UTF-8 UTF-8 +# en_GB ISO-8859-1 +# en_GB.ISO-8859-15 ISO-8859-15 +# en_GB.UTF-8 UTF-8 +# en_HK ISO-8859-1 +# en_HK.UTF-8 UTF-8 +# en_IE ISO-8859-1 +# en_IE.UTF-8 UTF-8 +# en_IE@euro ISO-8859-15 +# en_IL UTF-8 +# en_IN UTF-8 +# en_NG UTF-8 +# en_NZ ISO-8859-1 +# en_NZ.UTF-8 UTF-8 +# en_PH ISO-8859-1 +# en_PH.UTF-8 UTF-8 +# en_SG ISO-8859-1 +# en_SG.UTF-8 UTF-8 +# en_US ISO-8859-1 +# en_US.ISO-8859-15 ISO-8859-15 +en_US.UTF-8 UTF-8 +# en_ZA ISO-8859-1 +# en_ZA.UTF-8 UTF-8 +# en_ZM UTF-8 +# en_ZW ISO-8859-1 +# en_ZW.UTF-8 UTF-8 +# eo UTF-8 +# es_AR ISO-8859-1 +# es_AR.UTF-8 UTF-8 +# es_BO ISO-8859-1 +# es_BO.UTF-8 UTF-8 +# es_CL ISO-8859-1 +# es_CL.UTF-8 UTF-8 +# es_CO ISO-8859-1 +# es_CO.UTF-8 UTF-8 +# es_CR ISO-8859-1 +# es_CR.UTF-8 UTF-8 +# es_CU UTF-8 +# es_DO ISO-8859-1 +# es_DO.UTF-8 UTF-8 +# es_EC ISO-8859-1 +# es_EC.UTF-8 UTF-8 +# es_ES ISO-8859-1 +# es_ES.UTF-8 UTF-8 +# es_ES@euro ISO-8859-15 +# es_GT ISO-8859-1 +# es_GT.UTF-8 UTF-8 +# es_HN ISO-8859-1 +# es_HN.UTF-8 UTF-8 +# es_MX ISO-8859-1 +# es_MX.UTF-8 UTF-8 +# es_NI ISO-8859-1 +# es_NI.UTF-8 UTF-8 +# es_PA ISO-8859-1 +# es_PA.UTF-8 UTF-8 +# es_PE ISO-8859-1 +# es_PE.UTF-8 UTF-8 +# es_PR ISO-8859-1 +# es_PR.UTF-8 UTF-8 +# es_PY ISO-8859-1 +# es_PY.UTF-8 UTF-8 +# es_SV ISO-8859-1 +# es_SV.UTF-8 UTF-8 +# es_US ISO-8859-1 +# es_US.UTF-8 UTF-8 +# es_UY ISO-8859-1 +# es_UY.UTF-8 UTF-8 +# es_VE ISO-8859-1 +# es_VE.UTF-8 UTF-8 +# et_EE ISO-8859-1 +# et_EE.ISO-8859-15 ISO-8859-15 +# et_EE.UTF-8 UTF-8 +# eu_ES ISO-8859-1 +# eu_ES.UTF-8 UTF-8 +# eu_ES@euro ISO-8859-15 +# eu_FR ISO-8859-1 +# eu_FR.UTF-8 UTF-8 +# eu_FR@euro ISO-8859-15 +# fa_IR UTF-8 +# ff_SN UTF-8 +# fi_FI ISO-8859-1 +# fi_FI.UTF-8 UTF-8 +# fi_FI@euro ISO-8859-15 +# fil_PH UTF-8 +# fo_FO ISO-8859-1 +# fo_FO.UTF-8 UTF-8 +# fr_BE ISO-8859-1 +# fr_BE.UTF-8 UTF-8 +# fr_BE@euro ISO-8859-15 +# fr_CA ISO-8859-1 +# fr_CA.UTF-8 UTF-8 +# fr_CH ISO-8859-1 +# fr_CH.UTF-8 UTF-8 +# fr_FR ISO-8859-1 +# fr_FR.UTF-8 UTF-8 +# fr_FR@euro ISO-8859-15 +# fr_LU ISO-8859-1 +# fr_LU.UTF-8 UTF-8 +# fr_LU@euro ISO-8859-15 +# fur_IT UTF-8 +# fy_DE UTF-8 +# fy_NL UTF-8 +# ga_IE ISO-8859-1 +# ga_IE.UTF-8 UTF-8 +# ga_IE@euro ISO-8859-15 +# gd_GB ISO-8859-15 +# gd_GB.UTF-8 UTF-8 +# gez_ER UTF-8 +# gez_ER@abegede UTF-8 +# gez_ET UTF-8 +# gez_ET@abegede UTF-8 +# gl_ES ISO-8859-1 +# gl_ES.UTF-8 UTF-8 +# gl_ES@euro ISO-8859-15 +# gu_IN UTF-8 +# gv_GB ISO-8859-1 +# gv_GB.UTF-8 UTF-8 +# ha_NG UTF-8 +# hak_TW UTF-8 +# he_IL ISO-8859-8 +# he_IL.UTF-8 UTF-8 +# hi_IN UTF-8 +# hne_IN UTF-8 +# hr_HR ISO-8859-2 +# hr_HR.UTF-8 UTF-8 +# hsb_DE ISO-8859-2 +# hsb_DE.UTF-8 UTF-8 +# ht_HT UTF-8 +# hu_HU ISO-8859-2 +# hu_HU.UTF-8 UTF-8 +# hy_AM UTF-8 +# hy_AM.ARMSCII-8 ARMSCII-8 +# ia_FR UTF-8 +# id_ID ISO-8859-1 +# id_ID.UTF-8 UTF-8 +# ig_NG UTF-8 +# ik_CA UTF-8 +# is_IS ISO-8859-1 +# is_IS.UTF-8 UTF-8 +# it_CH ISO-8859-1 +# it_CH.UTF-8 UTF-8 +# it_IT ISO-8859-1 +# it_IT.UTF-8 UTF-8 +# it_IT@euro ISO-8859-15 +# iu_CA UTF-8 +# ja_JP.EUC-JP EUC-JP +# ja_JP.UTF-8 UTF-8 +# ka_GE GEORGIAN-PS +# ka_GE.UTF-8 UTF-8 +# kk_KZ PT154 +# kk_KZ.RK1048 RK1048 +# kk_KZ.UTF-8 UTF-8 +# kl_GL ISO-8859-1 +# kl_GL.UTF-8 UTF-8 +# km_KH UTF-8 +# kn_IN UTF-8 +# ko_KR.EUC-KR EUC-KR +# ko_KR.UTF-8 UTF-8 +# kok_IN UTF-8 +# ks_IN UTF-8 +# ks_IN@devanagari UTF-8 +# ku_TR ISO-8859-9 +# ku_TR.UTF-8 UTF-8 +# kw_GB ISO-8859-1 +# kw_GB.UTF-8 UTF-8 +# ky_KG UTF-8 +# lb_LU UTF-8 +# lg_UG ISO-8859-10 +# lg_UG.UTF-8 UTF-8 +# li_BE UTF-8 +# li_NL UTF-8 +# lij_IT UTF-8 +# ln_CD UTF-8 +# lo_LA UTF-8 +# lt_LT ISO-8859-13 +# lt_LT.UTF-8 UTF-8 +# lv_LV ISO-8859-13 +# lv_LV.UTF-8 UTF-8 +# lzh_TW UTF-8 +# mag_IN UTF-8 +# mai_IN UTF-8 +# mg_MG ISO-8859-15 +# mg_MG.UTF-8 UTF-8 +# mhr_RU UTF-8 +# mi_NZ ISO-8859-13 +# mi_NZ.UTF-8 UTF-8 +# mk_MK ISO-8859-5 +# mk_MK.UTF-8 UTF-8 +# ml_IN UTF-8 +# mn_MN UTF-8 +# mni_IN UTF-8 +# mr_IN UTF-8 +# ms_MY ISO-8859-1 +# ms_MY.UTF-8 UTF-8 +# mt_MT ISO-8859-3 +# mt_MT.UTF-8 UTF-8 +# my_MM UTF-8 +# nan_TW UTF-8 +# nan_TW@latin UTF-8 +# nb_NO ISO-8859-1 +# nb_NO.UTF-8 UTF-8 +# nds_DE UTF-8 +# nds_NL UTF-8 +# ne_NP UTF-8 +# nhn_MX UTF-8 +# niu_NU UTF-8 +# niu_NZ UTF-8 +# nl_AW UTF-8 +# nl_BE ISO-8859-1 +# nl_BE.UTF-8 UTF-8 +# nl_BE@euro ISO-8859-15 +# nl_NL ISO-8859-1 +# nl_NL.UTF-8 UTF-8 +# nl_NL@euro ISO-8859-15 +# nn_NO ISO-8859-1 +# nn_NO.UTF-8 UTF-8 +# nr_ZA UTF-8 +# nso_ZA UTF-8 +# oc_FR ISO-8859-1 +# oc_FR.UTF-8 UTF-8 +# om_ET UTF-8 +# om_KE ISO-8859-1 +# om_KE.UTF-8 UTF-8 +# or_IN UTF-8 +# os_RU UTF-8 +# pa_IN UTF-8 +# pa_PK UTF-8 +# pap_AW UTF-8 +# pap_CW UTF-8 +# pl_PL ISO-8859-2 +# pl_PL.UTF-8 UTF-8 +# ps_AF UTF-8 +# pt_BR ISO-8859-1 +# pt_BR.UTF-8 UTF-8 +# pt_PT ISO-8859-1 +# pt_PT.UTF-8 UTF-8 +# pt_PT@euro ISO-8859-15 +# quz_PE UTF-8 +# raj_IN UTF-8 +# ro_RO ISO-8859-2 +# ro_RO.UTF-8 UTF-8 +# ru_RU ISO-8859-5 +# ru_RU.CP1251 CP1251 +# ru_RU.KOI8-R KOI8-R +# ru_RU.UTF-8 UTF-8 +# ru_UA KOI8-U +# ru_UA.UTF-8 UTF-8 +# rw_RW UTF-8 +# sa_IN UTF-8 +# sat_IN UTF-8 +# sc_IT UTF-8 +# sd_IN UTF-8 +# sd_IN@devanagari UTF-8 +# se_NO UTF-8 +# sgs_LT UTF-8 +# shs_CA UTF-8 +# si_LK UTF-8 +# sid_ET UTF-8 +# sk_SK ISO-8859-2 +# sk_SK.UTF-8 UTF-8 +# sl_SI ISO-8859-2 +# sl_SI.UTF-8 UTF-8 +# so_DJ ISO-8859-1 +# so_DJ.UTF-8 UTF-8 +# so_ET UTF-8 +# so_KE ISO-8859-1 +# so_KE.UTF-8 UTF-8 +# so_SO ISO-8859-1 +# so_SO.UTF-8 UTF-8 +# sq_AL ISO-8859-1 +# sq_AL.UTF-8 UTF-8 +# sq_MK UTF-8 +# sr_ME UTF-8 +# sr_RS UTF-8 +# sr_RS@latin UTF-8 +# ss_ZA UTF-8 +# st_ZA ISO-8859-1 +# st_ZA.UTF-8 UTF-8 +# sv_FI ISO-8859-1 +# sv_FI.UTF-8 UTF-8 +# sv_FI@euro ISO-8859-15 +# sv_SE ISO-8859-1 +# sv_SE.ISO-8859-15 ISO-8859-15 +# sv_SE.UTF-8 UTF-8 +# sw_KE UTF-8 +# sw_TZ UTF-8 +# szl_PL UTF-8 +# ta_IN UTF-8 +# ta_LK UTF-8 +# tcy_IN.UTF-8 UTF-8 +# te_IN UTF-8 +# tg_TJ KOI8-T +# tg_TJ.UTF-8 UTF-8 +# th_TH TIS-620 +# th_TH.UTF-8 UTF-8 +# the_NP UTF-8 +# ti_ER UTF-8 +# ti_ET UTF-8 +# tig_ER UTF-8 +# tk_TM UTF-8 +# tl_PH ISO-8859-1 +# tl_PH.UTF-8 UTF-8 +# tn_ZA UTF-8 +# tr_CY ISO-8859-9 +# tr_CY.UTF-8 UTF-8 +# tr_TR ISO-8859-9 +# tr_TR.UTF-8 UTF-8 +# ts_ZA UTF-8 +# tt_RU UTF-8 +# tt_RU@iqtelif UTF-8 +# ug_CN UTF-8 +# uk_UA KOI8-U +# uk_UA.UTF-8 UTF-8 +# unm_US UTF-8 +# ur_IN UTF-8 +# ur_PK UTF-8 +# uz_UZ ISO-8859-1 +# uz_UZ.UTF-8 UTF-8 +# uz_UZ@cyrillic UTF-8 +# ve_ZA UTF-8 +# vi_VN UTF-8 +# wa_BE ISO-8859-1 +# wa_BE.UTF-8 UTF-8 +# wa_BE@euro ISO-8859-15 +# wae_CH UTF-8 +# wal_ET UTF-8 +# wo_SN UTF-8 +# xh_ZA ISO-8859-1 +# xh_ZA.UTF-8 UTF-8 +# yi_US CP1255 +# yi_US.UTF-8 UTF-8 +# yo_NG UTF-8 +# yue_HK UTF-8 +# zh_CN GB2312 +# zh_CN.GB18030 GB18030 +# zh_CN.GBK GBK +# zh_CN.UTF-8 UTF-8 +# zh_HK BIG5-HKSCS +# zh_HK.UTF-8 UTF-8 +# zh_SG GB2312 +# zh_SG.GBK GBK +# zh_SG.UTF-8 UTF-8 +# zh_TW BIG5 +# zh_TW.EUC-TW EUC-TW +# zh_TW.UTF-8 UTF-8 +# zu_ZA ISO-8859-1 +# zu_ZA.UTF-8 UTF-8 diff --git a/archived/all_new_2018/linkable_etc_files/all/etc/timezone b/archived/all_new_2018/linkable_etc_files/all/etc/timezone new file mode 100644 index 0000000..94d5acc --- /dev/null +++ b/archived/all_new_2018/linkable_etc_files/all/etc/timezone @@ -0,0 +1 @@ +Europe/Berlin diff --git a/archived/all_new_2018/linkable_etc_files/mail/etc/aliases b/archived/all_new_2018/linkable_etc_files/mail/etc/aliases new file mode 100644 index 0000000..59c52b4 --- /dev/null +++ b/archived/all_new_2018/linkable_etc_files/mail/etc/aliases @@ -0,0 +1,23 @@ +# /etc/aliases + +# As per RFC 2142. +mailer-daemon: plom +postmaster: plom +hostmaster: plom +usenet: plom +news: plom +webmaster: plom +www: plom +ftp: plom +abuse: plom +noc: plom +security: plom +root: plom + +# Personal aliases. +plomlompom: plom +christian.heller: plom +christian_heller: plom +christianheller: plom +c.heller: plom +heller: plom diff --git a/archived/all_new_2018/linkable_etc_files/mail/etc/dovecot/conf.d/99-auth.conf b/archived/all_new_2018/linkable_etc_files/mail/etc/dovecot/conf.d/99-auth.conf new file mode 100644 index 0000000..4a8549c --- /dev/null +++ b/archived/all_new_2018/linkable_etc_files/mail/etc/dovecot/conf.d/99-auth.conf @@ -0,0 +1,3 @@ +# This is only necessary when we use dovecot's LMTP mechanism to receive +# mail from postfix. +auth_username_format = %Ln diff --git a/archived/all_new_2018/linkable_etc_files/mail/etc/dovecot/conf.d/99-lmtp.conf b/archived/all_new_2018/linkable_etc_files/mail/etc/dovecot/conf.d/99-lmtp.conf new file mode 100644 index 0000000..097f04e --- /dev/null +++ b/archived/all_new_2018/linkable_etc_files/mail/etc/dovecot/conf.d/99-lmtp.conf @@ -0,0 +1,4 @@ +# Add sieve filtering. +protocol lmtp { + mail_plugins = $mail_plugins sieve +} diff --git a/archived/all_new_2018/linkable_etc_files/mail/etc/dovecot/conf.d/99-mail.conf b/archived/all_new_2018/linkable_etc_files/mail/etc/dovecot/conf.d/99-mail.conf new file mode 100644 index 0000000..1ea9178 --- /dev/null +++ b/archived/all_new_2018/linkable_etc_files/mail/etc/dovecot/conf.d/99-mail.conf @@ -0,0 +1 @@ +mail_privileged_group = mail \ No newline at end of file diff --git a/archived/all_new_2018/linkable_etc_files/mail/etc/dovecot/conf.d/99-master.conf b/archived/all_new_2018/linkable_etc_files/mail/etc/dovecot/conf.d/99-master.conf new file mode 100644 index 0000000..f8c5b43 --- /dev/null +++ b/archived/all_new_2018/linkable_etc_files/mail/etc/dovecot/conf.d/99-master.conf @@ -0,0 +1,20 @@ +service auth { + unix_listener auth-userdb { + } + + unix_listener /var/spool/postfix/private/auth { + mode = 0660 + user = postfix + group = postfix + } +} + +# We don't strictly need to provide a LMTP server to fetch mail from +# postfix, but we do if we want to do sophisticated stuff like sieve +# filtering on the way. +service lmtp { + inet_listener lmtp { + address = 127.0.0.1 + port = 2424 + } +} diff --git a/archived/all_new_2018/linkable_etc_files/mail/etc/dovecot/conf.d/99-ssl.conf b/archived/all_new_2018/linkable_etc_files/mail/etc/dovecot/conf.d/99-ssl.conf new file mode 100644 index 0000000..7fa2f5f --- /dev/null +++ b/archived/all_new_2018/linkable_etc_files/mail/etc/dovecot/conf.d/99-ssl.conf @@ -0,0 +1 @@ +ssl = required diff --git a/archived/all_new_2018/linkable_etc_files/mail/etc/iptables/rules.v4 b/archived/all_new_2018/linkable_etc_files/mail/etc/iptables/rules.v4 new file mode 100644 index 0000000..2950321 --- /dev/null +++ b/archived/all_new_2018/linkable_etc_files/mail/etc/iptables/rules.v4 @@ -0,0 +1,20 @@ +*filter +:INPUT DROP [0:0] +:FORWARD DROP [0:0] +:OUTPUT ACCEPT [0:0] +# otherwise self-referential connections to local host will fail +-A INPUT -i lo -j ACCEPT +# this enables ping etc. +-A INPUT -p icmp -j ACCEPT +# tolerate any inbound connections requested by our server, no matter the port +-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT +# SSH +-A INPUT -p tcp --dport 22 -j ACCEPT +# SMTP (allowing for STARTTLS); necessary for mail server to mail server banter +-A INPUT -p tcp --dport 25 -j ACCEPT +# SMTPS, for mail server to mail user agent communication +-A INPUT -p tcp --dport 465 -j ACCEPT +# IMAPS +-A INPUT -p tcp --dport 993 -j ACCEPT +COMMIT +# this last line is here because iptables-restore ignores the final command if no newline follows it \ No newline at end of file diff --git a/archived/all_new_2018/linkable_etc_files/mail/etc/mailutils.conf b/archived/all_new_2018/linkable_etc_files/mail/etc/mailutils.conf new file mode 100644 index 0000000..44efe26 --- /dev/null +++ b/archived/all_new_2018/linkable_etc_files/mail/etc/mailutils.conf @@ -0,0 +1,4 @@ +# mailutils by default uses the FQDN as the mail domain name, fix this +address { + email-domain REPLACE_maildomain_ECALPER; +}; diff --git a/archived/all_new_2018/linkable_etc_files/mail/etc/opendkim.conf b/archived/all_new_2018/linkable_etc_files/mail/etc/opendkim.conf new file mode 100644 index 0000000..dbd31b4 --- /dev/null +++ b/archived/all_new_2018/linkable_etc_files/mail/etc/opendkim.conf @@ -0,0 +1,86 @@ +# This is a basic configuration that can easily be adapted to suit a standard +# installation. For more advanced options, see opendkim.conf(5) and/or +# /usr/share/doc/opendkim/examples/opendkim.conf.sample. + +# Log to syslog +Syslog yes +# Required to use local socket with MTAs that access the socket as a non- +# privileged user (e.g. Postfix) +UMask 007 + +# Sign for example.com with key in /etc/dkimkeys/dkim.key using +# selector '2007' (e.g. 2007._domainkey.example.com) +#Domain example.com +#KeyFile /etc/dkimkeys/dkim.key +#Selector 2007 +Domain REPLACE_Domain_ECALPER +KeyFile /etc/dkimkeys/REPLACE_Selector_ECALPER.private +Selector REPLACE_Selector_ECALPER + +# Commonly-used options; the commented-out versions show the defaults. +#Canonicalization simple +#Mode sv +#SubDomains no +#SubDomains yes +Canonicalization relaxed/simple + +# Socket smtp://localhost +# +# ## Socket socketspec +# ## +# ## Names the socket where this filter should listen for milter connections +# ## from the MTA. Required. Should be in one of these forms: +# ## +# ## inet:port@address to listen on a specific interface +# ## inet:port to listen on all interfaces +# ## local:/path/to/socket to listen on a UNIX domain socket +# +#Socket inet:8892@localhost +#Socket local:/var/run/opendkim/opendkim.sock +Socket inet:12301@localhost + +## PidFile filename +### default (none) +### +### Name of the file where the filter should write its pid before beginning +### normal operations. +# +PidFile /var/run/opendkim/opendkim.pid + + +# Always oversign From (sign using actual From and a null From to prevent +# malicious signatures header fields (From and/or others) between the signer +# and the verifier. From is oversigned by default in the Debian pacakge +# because it is often the identity key used by reputation systems and thus +# somewhat security sensitive. +OversignHeaders From + +## ResolverConfiguration filename +## default (none) +## +## Specifies a configuration file to be passed to the Unbound library that +## performs DNS queries applying the DNSSEC protocol. See the Unbound +## documentation at http://unbound.net for the expected content of this file. +## The results of using this and the TrustAnchorFile setting at the same +## time are undefined. +## In Debian, /etc/unbound/unbound.conf is shipped as part of the Suggested +## unbound package + +# ResolverConfiguration /etc/unbound/unbound.conf + +## TrustAnchorFile filename +## default (none) +## +## Specifies a file from which trust anchor data should be read when doing +## DNS queries and applying the DNSSEC protocol. See the Unbound documentation +## at http://unbound.net for the expected format of this file. + +TrustAnchorFile /usr/share/dns/root.key + +## Userid userid +### default (none) +### +### Change to user "userid" before starting normal operation? May include +### a group ID as well, separated from the userid by a colon. +# +UserID opendkim \ No newline at end of file diff --git a/archived/all_new_2018/linkable_etc_files/mail/etc/postfix/main.cf b/archived/all_new_2018/linkable_etc_files/mail/etc/postfix/main.cf new file mode 100644 index 0000000..7074961 --- /dev/null +++ b/archived/all_new_2018/linkable_etc_files/mail/etc/postfix/main.cf @@ -0,0 +1,59 @@ +# See /usr/share/postfix/main.cf.dist for a commented, more complete version + + +# Debian specific: Specifying a file name will cause the first +# line of that file to be used as the name. The Debian default +# is /etc/mailname. +#myorigin = /etc/mailname + +smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) +biff = no + +# appending .domain is the MUA's job. +append_dot_mydomain = no + +# Uncomment the next line to generate "delayed mail" warnings +#delay_warning_time = 4h + +readme_directory = no + +# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on +# fresh installs. +compatibility_level = 2 + +# TLS parameters (excluding smtpd_tls_(cert|key)_file for own adaption below) +smtpd_use_tls=yes +smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache +smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache + +# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for +# information on enabling SSL in the smtp client. + +smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination +myorigin = /etc/mailname +myhostname = REPLACE_myhostname_ECALPER +alias_maps = hash:/etc/aliases +alias_database = hash:/etc/aliases +mydestination = $myhostname localhost.$mydomain localhost REPLACE_mydomain_if_domainwide_ECALPER +relayhost = +mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 +mailbox_size_limit = 0 +recipient_delimiter = + +inet_interfaces = all +inet_protocols = all + +# plomlompom-specific adaptions to allow TLS and SASL via LetsEncrypt/Dovecot. +smtpd_tls_cert_file=/etc/letsencrypt/live/${myhostname}/fullchain.pem +smtpd_tls_key_file=/etc/letsencrypt/live/${myhostname}/privkey.pem +smtpd_sasl_type = dovecot +smtpd_sasl_path = private/auth + +# connect to opendkim +smtpd_milters = inet:localhost:12301 +non_smtpd_milters = inet:localhost:12301 + +# transport mail to dovecot; not strictly needed, as even without this +# postfix will throw mail to /var/mail/USER to be found by dovecot for +# serving via IMAP etc.; but using dovecot's LMTP server for delivery +# allows us to do stuff like dovecot-side sieve filtering. +mailbox_transport = lmtp:inet:127.0.0.1:2424 \ No newline at end of file diff --git a/archived/all_new_2018/linkable_etc_files/mail/etc/postfix/master.cf b/archived/all_new_2018/linkable_etc_files/mail/etc/postfix/master.cf new file mode 100644 index 0000000..bce1262 --- /dev/null +++ b/archived/all_new_2018/linkable_etc_files/mail/etc/postfix/master.cf @@ -0,0 +1,124 @@ +# +# Postfix master process configuration file. For details on the format +# of the file, see the master(5) manual page (command: "man 5 master" or +# on-line: http://www.postfix.org/master.5.html). +# +# Do not forget to execute "postfix reload" after editing this file. +# +# ========================================================================== +# service type private unpriv chroot wakeup maxproc command + args +# (yes) (yes) (no) (never) (100) +# ========================================================================== +smtp inet n - y - - smtpd +#smtp inet n - y - 1 postscreen +#smtpd pass - - y - - smtpd +#dnsblog unix - - y - 0 dnsblog +#tlsproxy unix - - y - 0 tlsproxy +#submission inet n - y - - smtpd +# -o syslog_name=postfix/submission +# -o smtpd_tls_security_level=encrypt +# -o smtpd_sasl_auth_enable=yes +# -o smtpd_reject_unlisted_recipient=no +# -o smtpd_client_restrictions=$mua_client_restrictions +# -o smtpd_helo_restrictions=$mua_helo_restrictions +# -o smtpd_sender_restrictions=$mua_sender_restrictions +# -o smtpd_recipient_restrictions= +# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject +# -o milter_macro_daemon_name=ORIGINATING +smtps inet n - y - - smtpd + -o syslog_name=postfix/smtps + -o smtpd_tls_wrappermode=yes + -o smtpd_sasl_auth_enable=yes + -o smtpd_reject_unlisted_recipient=no +# -o smtpd_client_restrictions=$mua_client_restrictions +# -o smtpd_helo_restrictions=$mua_helo_restrictions +# -o smtpd_sender_restrictions=$mua_sender_restrictions +# -o smtpd_recipient_restrictions= +# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject +# -o milter_macro_daemon_name=ORIGINATING +#628 inet n - y - - qmqpd +pickup unix n - y 60 1 pickup +cleanup unix n - y - 0 cleanup +qmgr unix n - n 300 1 qmgr +#qmgr unix n - n 300 1 oqmgr +tlsmgr unix - - y 1000? 1 tlsmgr +rewrite unix - - y - - trivial-rewrite +bounce unix - - y - 0 bounce +defer unix - - y - 0 bounce +trace unix - - y - 0 bounce +verify unix - - y - 1 verify +flush unix n - y 1000? 0 flush +proxymap unix - - n - - proxymap +proxywrite unix - - n - 1 proxymap +smtp unix - - y - - smtp +relay unix - - y - - smtp +# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 +showq unix n - y - - showq +error unix - - y - - error +retry unix - - y - - error +discard unix - - y - - discard +local unix - n n - - local +virtual unix - n n - - virtual +lmtp unix - - y - - lmtp +anvil unix - - y - 1 anvil +scache unix - - y - 1 scache +# +# ==================================================================== +# Interfaces to non-Postfix software. Be sure to examine the manual +# pages of the non-Postfix software to find out what options it wants. +# +# Many of the following services use the Postfix pipe(8) delivery +# agent. See the pipe(8) man page for information about ${recipient} +# and other message envelope options. +# ==================================================================== +# +# maildrop. See the Postfix MAILDROP_README file for details. +# Also specify in main.cf: maildrop_destination_recipient_limit=1 +# +maildrop unix - n n - - pipe + flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient} +# +# ==================================================================== +# +# Recent Cyrus versions can use the existing "lmtp" master.cf entry. +# +# Specify in cyrus.conf: +# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4 +# +# Specify in main.cf one or more of the following: +# mailbox_transport = lmtp:inet:localhost +# virtual_transport = lmtp:inet:localhost +# +# ==================================================================== +# +# Cyrus 2.1.5 (Amos Gouaux) +# Also specify in main.cf: cyrus_destination_recipient_limit=1 +# +#cyrus unix - n n - - pipe +# user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user} +# +# ==================================================================== +# Old example of delivery via Cyrus. +# +#old-cyrus unix - n n - - pipe +# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user} +# +# ==================================================================== +# +# See the Postfix UUCP_README file for configuration details. +# +uucp unix - n n - - pipe + flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) +# +# Other external delivery methods. +# +ifmail unix - n n - - pipe + flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) +bsmtp unix - n n - - pipe + flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient +scalemail-backend unix - n n - 2 pipe + flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension} +mailman unix - n n - - pipe + flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py + ${nexthop} ${user} + diff --git a/archived/all_new_2018/linkable_etc_files/mail/etc/systemd/system/fetchmail.service b/archived/all_new_2018/linkable_etc_files/mail/etc/systemd/system/fetchmail.service new file mode 100644 index 0000000..dc8acb4 --- /dev/null +++ b/archived/all_new_2018/linkable_etc_files/mail/etc/systemd/system/fetchmail.service @@ -0,0 +1,8 @@ +[Unit] +Description=Run plom's fetchmail + +[Service] +Type=oneshot +User=plom +# fetchmail returns 1 when no new mail, we want to catch that +ExecStart=/bin/sh -c 'fetchmail || [ $? -eq 1 ]' diff --git a/archived/all_new_2018/linkable_etc_files/mail/etc/systemd/system/pingmail.service b/archived/all_new_2018/linkable_etc_files/mail/etc/systemd/system/pingmail.service new file mode 100644 index 0000000..e332114 --- /dev/null +++ b/archived/all_new_2018/linkable_etc_files/mail/etc/systemd/system/pingmail.service @@ -0,0 +1,7 @@ +[Unit] +Description=Run pingmail check + +[Service] +Type=oneshot +User=plom +ExecStart=/bin/sh -c '~/pingmail/pingmail check' diff --git a/archived/all_new_2018/linkable_etc_files/mail/etc/systemd/system/timers.target.wants/fetchmail.timer b/archived/all_new_2018/linkable_etc_files/mail/etc/systemd/system/timers.target.wants/fetchmail.timer new file mode 100644 index 0000000..c67e8e7 --- /dev/null +++ b/archived/all_new_2018/linkable_etc_files/mail/etc/systemd/system/timers.target.wants/fetchmail.timer @@ -0,0 +1,8 @@ +[Unit] +Description=Run fetchmail once every minute + +[Timer] +OnCalendar=*-*-* *:*:00 + +[Install] +WantedBy=timers.target diff --git a/archived/all_new_2018/linkable_etc_files/mail/etc/systemd/system/timers.target.wants/pingmail.timer b/archived/all_new_2018/linkable_etc_files/mail/etc/systemd/system/timers.target.wants/pingmail.timer new file mode 100644 index 0000000..dba0c9f --- /dev/null +++ b/archived/all_new_2018/linkable_etc_files/mail/etc/systemd/system/timers.target.wants/pingmail.timer @@ -0,0 +1,8 @@ +[Unit] +Description=Run pingmail check once every hour + +[Timer] +OnCalendar=*-*-* *:00:00 + +[Install] +WantedBy=timers.target diff --git a/archived/all_new_2018/linkable_etc_files/play/etc/systemd/system/encrypt_chatlogs.service b/archived/all_new_2018/linkable_etc_files/play/etc/systemd/system/encrypt_chatlogs.service new file mode 100644 index 0000000..d0fcb9c --- /dev/null +++ b/archived/all_new_2018/linkable_etc_files/play/etc/systemd/system/encrypt_chatlogs.service @@ -0,0 +1,6 @@ +[Unit] +Description=Pull website repo +[Service] +Type=oneshot +User=plom +ExecStart=/bin/sh -c '~/encrypter.sh' diff --git a/archived/all_new_2018/linkable_etc_files/play/etc/systemd/system/timers.target.wants/encrypt_chatlogs.timer b/archived/all_new_2018/linkable_etc_files/play/etc/systemd/system/timers.target.wants/encrypt_chatlogs.timer new file mode 100644 index 0000000..79a6e1e --- /dev/null +++ b/archived/all_new_2018/linkable_etc_files/play/etc/systemd/system/timers.target.wants/encrypt_chatlogs.timer @@ -0,0 +1,8 @@ +[Unit] +Description=Attempt encryption of old chatlogs once every minute. + +[Timer] +OnCalendar=*-*-* *:*:00 + +[Install] +WantedBy=timers.target \ No newline at end of file diff --git a/archived/all_new_2018/linkable_etc_files/sendonly/etc/aliases b/archived/all_new_2018/linkable_etc_files/sendonly/etc/aliases new file mode 100644 index 0000000..01e159c --- /dev/null +++ b/archived/all_new_2018/linkable_etc_files/sendonly/etc/aliases @@ -0,0 +1,3 @@ +# /etc/aliases +postmaster: root +root: plom@plomlompom.com \ No newline at end of file diff --git a/archived/all_new_2018/linkable_etc_files/sendonly/etc/postfix/main.cf b/archived/all_new_2018/linkable_etc_files/sendonly/etc/postfix/main.cf new file mode 100644 index 0000000..d081783 --- /dev/null +++ b/archived/all_new_2018/linkable_etc_files/sendonly/etc/postfix/main.cf @@ -0,0 +1,38 @@ +# See /usr/share/postfix/main.cf.dist for a commented, more complete version + + +# Debian specific: Specifying a file name will cause the first +# line of that file to be used as the name. The Debian default +# is /etc/mailname. +#myorigin = /etc/mailname + +smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) +biff = no + +# appending .domain is the MUA's job. +append_dot_mydomain = no + +# Uncomment the next line to generate "delayed mail" warnings +#delay_warning_time = 4h + +readme_directory = no + +# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on +# fresh installs. +compatibility_level = 2 + +# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for +# information on enabling SSL in the smtp client. + +smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination +myorigin = /etc/mailname +myhostname = $myorigin +alias_maps = hash:/etc/aliases +alias_database = hash:/etc/aliases +mydestination = $myhostname localhost.$mydomain localhost +relayhost = +mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 +mailbox_size_limit = 0 +recipient_delimiter = + +inet_interfaces = loopback-only +inet_protocols = all \ No newline at end of file diff --git a/archived/all_new_2018/linkable_etc_files/server/etc/iptables/rules.v4 b/archived/all_new_2018/linkable_etc_files/server/etc/iptables/rules.v4 new file mode 100644 index 0000000..8e0b1f6 --- /dev/null +++ b/archived/all_new_2018/linkable_etc_files/server/etc/iptables/rules.v4 @@ -0,0 +1,14 @@ +*filter +:INPUT DROP [0:0] +:FORWARD DROP [0:0] +:OUTPUT ACCEPT [0:0] +# otherwise self-referential connections to local host will fail +-A INPUT -i lo -j ACCEPT +# tolerate any inbound connections requested by our server, no matter the port +-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT +# this enables ping etc. +-A INPUT -p icmp -j ACCEPT +# SSH +-A INPUT -p tcp --dport 22 -j ACCEPT +COMMIT +# this last line is here because iptables-restore ignores the final command if no newline follows it \ No newline at end of file diff --git a/archived/all_new_2018/linkable_etc_files/server/etc/ssh/sshd_config b/archived/all_new_2018/linkable_etc_files/server/etc/ssh/sshd_config new file mode 100644 index 0000000..89d08ac --- /dev/null +++ b/archived/all_new_2018/linkable_etc_files/server/etc/ssh/sshd_config @@ -0,0 +1,126 @@ +# $OpenBSD: sshd_config,v 1.100 2016/08/15 12:32:04 naddy Exp $ + +# This is the sshd server system-wide configuration file. See +# sshd_config(5) for more information. + +# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin + +# The strategy used for options in the default sshd_config shipped with +# OpenSSH is to specify options with their default value where +# possible, but leave them commented. Uncommented options override the +# default value. + +Port 22 +#AddressFamily any +#ListenAddress 0.0.0.0 +#ListenAddress :: + +#HostKey /etc/ssh/ssh_host_rsa_key +#HostKey /etc/ssh/ssh_host_ecdsa_key +#HostKey /etc/ssh/ssh_host_ed25519_key + +# Ciphers and keying +#RekeyLimit default none + +# Logging +#SyslogFacility AUTH +#LogLevel INFO + +# Authentication: + +#LoginGraceTime 2m +PermitRootLogin no # plomlompom's security rule +#StrictModes yes +#MaxAuthTries 6 +#MaxSessions 10 + +#PubkeyAuthentication yes + +# Expect .ssh/authorized_keys2 to be disregarded by default in future. +#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2 + +#AuthorizedPrincipalsFile none + +#AuthorizedKeysCommand none +#AuthorizedKeysCommandUser nobody + +# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts +#HostbasedAuthentication no +# Change to yes if you don't trust ~/.ssh/known_hosts for +# HostbasedAuthentication +#IgnoreUserKnownHosts no +# Don't read the user's ~/.rhosts and ~/.shosts files +#IgnoreRhosts yes + +# To disable tunneled clear text passwords, change to no here! +#PasswordAuthentication yes +#PermitEmptyPasswords no + +# Change to yes to enable challenge-response passwords (beware issues with +# some PAM modules and threads) +ChallengeResponseAuthentication no + +# Kerberos options +#KerberosAuthentication no +#KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes +#KerberosGetAFSToken no + +# GSSAPI options +#GSSAPIAuthentication no +#GSSAPICleanupCredentials yes +#GSSAPIStrictAcceptorCheck yes +#GSSAPIKeyExchange no + +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will +# be allowed through the ChallengeResponseAuthentication and +# PasswordAuthentication. Depending on your PAM configuration, +# PAM authentication via ChallengeResponseAuthentication may bypass +# the setting of "PermitRootLogin yes +# If you just want the PAM account and session checks to run without +# PAM authentication, then enable this but set PasswordAuthentication +# and ChallengeResponseAuthentication to 'no'. +UsePAM yes + +#AllowAgentForwarding yes +#AllowTcpForwarding yes +#GatewayPorts no +X11Forwarding yes +#X11DisplayOffset 10 +#X11UseLocalhost yes +#PermitTTY yes +PrintMotd no +#PrintLastLog yes +#TCPKeepAlive yes +#UseLogin no +#UsePrivilegeSeparation sandbox +#PermitUserEnvironment no +#Compression delayed +#ClientAliveInterval 0 +#ClientAliveCountMax 3 +#UseDNS no +#PidFile /var/run/sshd.pid +#MaxStartups 10:30:100 +#PermitTunnel no +#ChrootDirectory none +#VersionAddendum none + +# no default banner path +#Banner none + +# Allow client to pass locale environment variables +AcceptEnv LANG LC_* + +# override default of no subsystems +Subsystem sftp /usr/lib/openssh/sftp-server + +# Example of overriding settings on a per-user basis +#Match User anoncvs +# X11Forwarding no +# AllowTcpForwarding no +# PermitTTY no +# ForceCommand cvs server + +ClientAliveInterval 120 +PasswordAuthentication no # plomlompom's security rule diff --git a/archived/all_new_2018/linkable_etc_files/web/etc/cron.d/certbot b/archived/all_new_2018/linkable_etc_files/web/etc/cron.d/certbot new file mode 100644 index 0000000..1fd8aaf --- /dev/null +++ b/archived/all_new_2018/linkable_etc_files/web/etc/cron.d/certbot @@ -0,0 +1,17 @@ +# /etc/cron.d/certbot: crontab entries for the certbot package +# +# Upstream recommends attempting renewal twice a day +# +# Eventually, this will be an opportunity to validate certificates +# haven't been revoked, etc. Renewal will only occur if expiration +# is within 30 days. +SHELL=/bin/sh +PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin + +# plomlompom added the --webroot -w /var/www/html/ so that renewal +# works with nginx running, and the nginx reload post-hook so that +# the new certificates are linked to by nginx. Note that by default +# we rely on the systemd timer service file instead of this cronjob, +# but since both are installed by the certbot package to serve which +# ever of the two is used, we cautiously adapt both of them too. +0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(3600))' && certbot -q renew --webroot -w /var/www/html/ --post-hook "service nginx reload" diff --git a/archived/all_new_2018/linkable_etc_files/web/etc/gitweb.conf b/archived/all_new_2018/linkable_etc_files/web/etc/gitweb.conf new file mode 100644 index 0000000..71ce3c5 --- /dev/null +++ b/archived/all_new_2018/linkable_etc_files/web/etc/gitweb.conf @@ -0,0 +1,19 @@ +# path to git projects (<project>.git) +$projectroot = "/var/public_repos"; + +# directory to use for temp files +# explicitely set by Debian so it's probably a good choice +$git_temp = "/tmp"; + +# git-diff-tree(1) options to use for generated patches +# we don't want to to guess renames, so empty +@diff_opts = (); + +# Base path for where to find the repos for cloning. +@git_base_url_list = ('https://REPLACE_fqdn_ECALPER/repos/clone'); + +# allow snapshots +$feature{'snapshot'}{'default'} = ['zip', 'tgz']; + +# insert header for GDPR compliance +$site_header = "/var/www/header.html" diff --git a/archived/all_new_2018/linkable_etc_files/web/etc/iptables/rules.v4 b/archived/all_new_2018/linkable_etc_files/web/etc/iptables/rules.v4 new file mode 100644 index 0000000..9b714c6 --- /dev/null +++ b/archived/all_new_2018/linkable_etc_files/web/etc/iptables/rules.v4 @@ -0,0 +1,18 @@ +*filter +:INPUT DROP [0:0] +:FORWARD DROP [0:0] +:OUTPUT ACCEPT [0:0] +# otherwise self-referential connections to local host will fail +-A INPUT -i lo -j ACCEPT +# tolerate any inbound connections requested by our server, no matter the port +-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT +# this enables ping etc. +-A INPUT -p icmp -j ACCEPT +# SSH +-A INPUT -p tcp --dport 22 -j ACCEPT +# HTTP +-A INPUT -p tcp --dport 80 -j ACCEPT +# HTTPS +-A INPUT -p tcp --dport 443 -j ACCEPT +COMMIT +# this last line is here because iptables-restore ignores the final command if no newline follows it \ No newline at end of file diff --git a/archived/all_new_2018/linkable_etc_files/web/etc/nginx/nginx.conf b/archived/all_new_2018/linkable_etc_files/web/etc/nginx/nginx.conf new file mode 100644 index 0000000..f1be9e6 --- /dev/null +++ b/archived/all_new_2018/linkable_etc_files/web/etc/nginx/nginx.conf @@ -0,0 +1,84 @@ +# system integration +user www-data; +worker_processes auto; +pid /run/nginx.pid; + +# we need this for the xslt_stylesheet directive below +#load_module modules/ngx_http_xslt_filter_module.so; + +# is expected even if empty +events { +} + +http { + # define content-type headers + types { + text/html html htm shtml; + text/css css; + text/xml xml; + text/plain txt sh rst md asc; + application/xhtml+xml xhtml; + application/pdf pdf; + image/jpeg jpg jpeg; + image/png png; + } + default_type application/octet_stream; + charset utf-8; + + # logging deactivated due to GDPR + #access_log /var/log/nginx/access.log; + #error_log /var/log/nginx/error.log; + + # HTTP server: only enforce HTTPS + server { + listen 80; + return 301 https://$host$request_uri; + } + + # HTTPS server + server { + listen 443 ssl; + server_name REPLACE_fqdn_ECALPER; + ssl_certificate /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/privkey.pem; + root /var/www/html/; + index index.html index.htm index.nginx-debian.html; + + # serve /var/www/public_repos/* for HTTPS git cloning + location ~ /repos/clone(/.*) { + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend; + fastcgi_param GIT_HTTP_EXPORT_ALL ""; + fastcgi_param GIT_PROJECT_ROOT /var/public_repos; + fastcgi_param PATH_INFO $1; + fastcgi_pass unix:/var/run/fcgiwrap.socket; + } + + # gitweb static files + location /repos/static/ { + alias /usr/share/gitweb/static/; + } + + # gitweb; this needs packages fcgiwrap and gitweb + location /repos/ { + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME /usr/share/gitweb/gitweb.cgi; + fastcgi_param GITWEB_CONFIG /etc/gitweb.conf; + fastcgi_pass unix:/var/run/fcgiwrap.socket; + } + + # login-protected IRC logs + location ~ /irclogs/([^/]+)/ { + auth_basic "$1 logs"; + auth_basic_user_file /var/www/irclogs_pw/$1; + autoindex on; + } + + ## entry for IRC logs + #location /irclogs/ { + # autoindex on; + # autoindex_format xml; + # xslt_stylesheet /var/www/autoindex.xslt; + #} + } +} diff --git a/archived/all_new_2018/linkable_etc_files/web/etc/systemd/system/certbot.service b/archived/all_new_2018/linkable_etc_files/web/etc/systemd/system/certbot.service new file mode 100644 index 0000000..0d20d1f --- /dev/null +++ b/archived/all_new_2018/linkable_etc_files/web/etc/systemd/system/certbot.service @@ -0,0 +1,11 @@ +[Unit] +Description=Certbot +Documentation=file:///usr/share/doc/python-certbot-doc/html/index.html +Documentation=https://letsencrypt.readthedocs.io/en/latest/ +[Service] +# plomlompom added the --webroot -w /var/www/html/ so that renewal +# works with nginx running, and the nginx reload post-hook so that +# the new certificates are linked to by nginx. +Type=oneshot +ExecStart=/usr/bin/certbot -q renew --webroot -w /var/www/html/ --post-hook "service nginx reload" +PrivateTmp=true \ No newline at end of file diff --git a/archived/all_new_2018/linkable_etc_files/web/etc/systemd/system/plomlombot.service b/archived/all_new_2018/linkable_etc_files/web/etc/systemd/system/plomlombot.service new file mode 100644 index 0000000..a4f6769 --- /dev/null +++ b/archived/all_new_2018/linkable_etc_files/web/etc/systemd/system/plomlombot.service @@ -0,0 +1,11 @@ +[Unit] +Description=plomlombot screen + +[Service] +Type=simple +User=plom +ExecStart=/bin/sh -c '~/plomlombot_daemon.sh' +Restart=always + +[Install] +WantedBy=multi-user.target diff --git a/archived/all_new_2018/setup_scripts/add_encryption_key.sh b/archived/all_new_2018/setup_scripts/add_encryption_key.sh new file mode 100755 index 0000000..71a9488 --- /dev/null +++ b/archived/all_new_2018/setup_scripts/add_encryption_key.sh @@ -0,0 +1,30 @@ +#!/bin/sh +set -e + +# Ensure we have a GPG target to encrypt to. +if [ $# -lt 1 ]; then + echo "Need public key ID as argument." + false +fi +gpg_key="$1" + +config_tree_prefix="${HOME}/config/all_new_2018" +apt -y install gnupg dirmngr +keyservers='sks-keyservers.net/ keys.gnupg.net' +set +e +while true; do + do_break=0 + for keyserver in $(echo "${keyservers}"); do + su plom -c "gpg --no-tty --keyserver $keyserver --recv-key ${gpg_key}" + if [ $? -eq "0" ]; then + do_break=1 + break + fi + echo "Attempt with keyserver ${keyserver} unsuccessful, trying other." + done + if [ "${do_break}" -eq "1" ]; then + break + fi +done +set -e +# TODO: We may remove dirmngr here if only this script installed it. diff --git a/archived/all_new_2018/setup_scripts/hardlink_etc.sh b/archived/all_new_2018/setup_scripts/hardlink_etc.sh new file mode 100755 index 0000000..9d9acc2 --- /dev/null +++ b/archived/all_new_2018/setup_scripts/hardlink_etc.sh @@ -0,0 +1,24 @@ +#!/bin/sh +# Hard link files to those in argument-selected subdirectories of +# linkable_etc_files//, e.g. link /etc/foo/bar to +# linkable_etc_files/$1/etc/foo/bar and so on. Create directories as +# necessary. We do the hard linking so files that should be readable to +# non-root in /etc/ remain so despite having a path below /root/, as +# symbolic links point into /root/ without making the targets readable +# to non-root. +# CAUTION: This removes original files at the affected paths. +set -e + +config_tree_prefix="${HOME}/config/all_new_2018" +linkable_files_dir="${config_tree_prefix}/linkable_etc_files" + +for target in "$@"; do + cd "${linkable_files_dir}/${target}" + for path in $(find . -type f); do + linking=$(echo "${path}" | cut -c2-) + linked=$(realpath "${path}") + dir=$(dirname "${linking}") + mkdir -p "${dir}" + ln -f "${linked}" "${linking}" + done +done diff --git a/archived/all_new_2018/setup_scripts/init_user_and_keybased_login.sh b/archived/all_new_2018/setup_scripts/init_user_and_keybased_login.sh new file mode 100755 index 0000000..6a46c20 --- /dev/null +++ b/archived/all_new_2018/setup_scripts/init_user_and_keybased_login.sh @@ -0,0 +1,52 @@ +#!/bin/sh +# This script turns a fresh server with password-based root access to +# one of only key-based access and only to new non-root account plom. +# +# CAUTION: This is optimized for a *fresh* setup. It will overwrite any +# pre-existing ~/.ssh/authorized_keys of user plom with one that solely +# contains the local ~/.ssh/id_rsa.pub, and also any old +# /etc/ssh/sshd_config. +# +# Dependencies: ssh, scp, sshpass, ~/.ssh/id_rsa.pub, properly +# configured sshd_config file in reach. +set -e + +# Location auf a sshd_config with "PermitRootLogin no" and +# "PasswordAuthentication no". +config_tree_prefix="${HOME}/config/all_new_2018" +linkable_files_dir="${config_tree_prefix}/linkable_etc_files/server" +system_path_sshd_config='/etc/ssh/sshd_config' +local_path_sshd_config="${linkable_files_dir}/${system_path_sshd_config}" + +# Ensure we have a server name as argument. +if [ $# -eq 0 ]; then + echo "Need server as argument." + false +fi +server="$1" + +# Ask for root password only once, sshpass will re-use it then often. +stty -echo +printf "Server root password: " +read PW_ROOT +stty echo +printf "\n" +export SSHPASS="${PW_ROOT}" + +# Create user plom, and his ~/.ssh/authorized_keys based on the local +# ~/.ssh/id_rsa.pub; ensure the result has proper permissions and +# ownerships. Then disable root and pw login by copying over the +# sshd_config and restart ssh daemon. +# +# This could be a line or two shorter by using ssh-copy-id, but that +# would require setting a password for user plom otherwise not needed. +sshpass -e scp ~/.ssh/id_rsa.pub root@"${server}":/tmp/authorized_keys +sshpass -e ssh root@"${server}" \ + 'useradd -m plom && '\ + 'mkdir /home/plom/.ssh && '\ + 'chown plom:plom /home/plom/.ssh && '\ + 'chown plom:plom /tmp/authorized_keys && '\ + 'chmod u=rw,go= /tmp/authorized_keys && '\ + 'mv /tmp/authorized_keys /home/plom/.ssh/' +sshpass -e scp "${local_path_sshd_config}" root@"${server}":"${system_path_sshd_config}" +sshpass -e ssh root@"${server}" 'service ssh restart' diff --git a/archived/all_new_2018/setup_scripts/install_for_target.sh b/archived/all_new_2018/setup_scripts/install_for_target.sh new file mode 100755 index 0000000..53914d6 --- /dev/null +++ b/archived/all_new_2018/setup_scripts/install_for_target.sh @@ -0,0 +1,19 @@ +#!/bin/sh +# Walks through the package names in the argument-selected files of +# apt-mark/ and ensures the respective packages are installed. +# +# Ignores anything in an apt-mark/ file after the last newline. +set -e + +config_tree_prefix="${HOME}/config/all_new_2018" +aptmark_dir="${config_tree_prefix}/apt-mark" + +for target in "$@"; do + path="${aptmark_dir}/${target}" + cat "${path}" | while read line; do + echo "$line" + if [ ! $(echo "${line}" | cut -c1) = "#" ]; then + apt-get -y install "${line}" + fi + done +done diff --git a/archived/all_new_2018/setup_scripts/letsencrypt.sh b/archived/all_new_2018/setup_scripts/letsencrypt.sh new file mode 100755 index 0000000..29ed3b6 --- /dev/null +++ b/archived/all_new_2018/setup_scripts/letsencrypt.sh @@ -0,0 +1,31 @@ +#!/bin/sh +# Certify current server with LetsEncrypt. +# Uses hostname -f for the domain we want to certify. +set -e + +# Ensure we have a mail address as argument. +if [ $# -lt 1 ]; then + echo "Need mail address as argument." + false +fi +mail_address="$1" + +# We need certbot to get LetsEncrypt certificates. +apt install -y certbot + +# If port 80 blocked by iptables, open it. +set +e +iptables -C INPUT -p tcp --dport 80 -j ACCEPT +open_iptables="$?" +set -e +if [ "${open_iptables}" -eq "1" ]; then + iptables -A INPUT -p tcp --dport 80 -j ACCEPT +fi + +# Create new certificate and copy it to /etc/letsencrypt. +certbot certonly --standalone --agree-tos -m "${mail_address}" -d "$(hostname -f)" + +# Remove iptables rule to open port 80 if we added it. +if [ "${open_iptables}" -eq "1" ]; then + iptables -D INPUT -p tcp --dport 80 -j ACCEPT +fi diff --git a/archived/all_new_2018/setup_scripts/letsencrypt_get.sh b/archived/all_new_2018/setup_scripts/letsencrypt_get.sh new file mode 100755 index 0000000..c2b3e9f --- /dev/null +++ b/archived/all_new_2018/setup_scripts/letsencrypt_get.sh @@ -0,0 +1,20 @@ +#!/bin/sh +# Copy over LetsEncrypt certificates from another server. +set -e + +# Ensure we have a server name as argument. +if [ $# -lt 1 ]; then + echo "Need server as argument." + false +fi +server="$1" + +# Copy over. +ssh -t plom@${server} 'su -c "cd /etc/ && tar cf letsencrypt.tar letsencrypt && chown plom:plom letsencrypt.tar && mv letsencrypt.tar /home/plom/"' +scp plom@${server}:~/letsencrypt.tar . +apt -y install certbot +rmdir /etc/letsencrypt +mv letsencrypt.tar /etc/ +cd /etc/ +tar xf letsencrypt.tar +rm letsencrypt.tar diff --git a/archived/all_new_2018/setup_scripts/mirror_dir.sh b/archived/all_new_2018/setup_scripts/mirror_dir.sh new file mode 100755 index 0000000..0fc03aa --- /dev/null +++ b/archived/all_new_2018/setup_scripts/mirror_dir.sh @@ -0,0 +1,23 @@ +#!/bin/sh +# Mirror directory tree from remote to local server, keeping the path. +set -e + +if [ $# -lt 2 ]; then + echo "Need server and directory as arguments." + false +fi +server=$1 +dir=$2 +path_package=/tmp/delete.tar + +eval `ssh-agent` +ssh-add +cd +ssh plom@"${server}" "cd \"${dir}\" && tar cf ${path_package} ." +scp plom@"${server}":"${path_package}" "${path_package}" +mkdir -p "${dir}" +cd "${dir}" +tar xf "${path_package}" +cd +rm "${path_package}" +ssh plom@"${server}" rm "${path_package}" diff --git a/archived/all_new_2018/setup_scripts/prepare_to_meet_server.sh b/archived/all_new_2018/setup_scripts/prepare_to_meet_server.sh new file mode 100755 index 0000000..13d05ca --- /dev/null +++ b/archived/all_new_2018/setup_scripts/prepare_to_meet_server.sh @@ -0,0 +1,18 @@ +#!/bin/sh +# Do some of the steps necessary to SSH (key-based) with another server. +set -e + +target="$1" + +# We need a public key to copy over, so generate it if not found. +if [ ! -f ~/.ssh/id_rsa.pub ]; then + ssh-keygen +fi + +# Add target to ~/.ssh/known_hosts so we don't get +# asked for permission at inopportune moments. +ssh-keyscan -H "$target" >> ~/.ssh/known_hosts + +# Tell user what to do. +echo "APPEND FOLLOWING TO TARGET'S ~/.ssh/authorized_keys:" +cat ~/.ssh/id_rsa.pub diff --git a/archived/all_new_2018/setup_scripts/purge_nonrequireds.sh b/archived/all_new_2018/setup_scripts/purge_nonrequireds.sh new file mode 100755 index 0000000..e444a55 --- /dev/null +++ b/archived/all_new_2018/setup_scripts/purge_nonrequireds.sh @@ -0,0 +1,26 @@ +#!/bin/sh +# This script removes all Debian packages that are not of Priority +# "required" or not depended on by packages of priority "required" +# or not listed in the argument-selected files of apt-mark/. +set -e + +config_tree_prefix="${HOME}/config/all_new_2018" +aptmark_dir="${config_tree_prefix}/apt-mark" + +dpkg-query -Wf '${Package} ${Priority}\n' | grep ' required' | sed 's/ required//' > /tmp/list_white_unsorted +for target in "$@"; do + path="${aptmark_dir}/${target}" + cat "${path}" | while read line; do + if [ ! $(echo "${line}" | cut -c1) = "#" ]; then + echo "${line}" >> /tmp/list_white_unsorted + fi + done +done +sort /tmp/list_white_unsorted > /tmp/list_white +dpkg-query -Wf '${Package}\n' > /tmp/list_all_packages +sort /tmp/list_all_packages > /tmp/foo +mv /tmp/foo /tmp/list_all_packages +comm -3 /tmp/list_all_packages /tmp/list_white > /tmp/list_black +apt-mark auto `cat /tmp/list_black` +DEBIAN_FRONTEND=noninteractive apt-get -y --purge autoremove +rm /tmp/list_all_packages /tmp/list_white_unsorted /tmp/list_white /tmp/list_black diff --git a/archived/all_new_2018/setup_scripts/set_hostname_and_fqdn.sh b/archived/all_new_2018/setup_scripts/set_hostname_and_fqdn.sh new file mode 100755 index 0000000..3f95590 --- /dev/null +++ b/archived/all_new_2018/setup_scripts/set_hostname_and_fqdn.sh @@ -0,0 +1,45 @@ +#!/bin/sh +# Sets hostname and optionally FQDN. +# +# Calls hostname, writes to /etc/hostname and /etc/hosts. For /etc/hosts +# writing follows recommendations from Debian manual at +# <https://www.debian.org/doc/manuals/debian-reference/ch05.en.html> +# (section "The hostname resolution") on how to map hostname and possibly +# FQDN to a permanent IP if present (we assume here any non-private IP +# and non-loopback IP returned by hostname -I to fulfill that criterion +# on our systems) or to 127.0.1.1 if not. On the reasoning for separating +# localhost and hostname mapping to different IPs, see +# <https://unix.stackexchange.com/a/13087>. +set -e + +hostname="$1" +fqdn="$2" +if [ "${hostname}" = "" ]; then + echo "Need hostname as argument." + false +fi +echo "${hostname}" > /etc/hostname +hostname "${hostname}" + +final_ip="127.0.1.1" +for ip in $(hostname -I); do + range_1=$(echo "${ip}" | cut -d "." -f 1) + range_2=$(echo "${ip}" | cut -d "." -f 2) + if [ "${range_1}" -eq 127 ]; then + continue + elif [ "${range_1}" -eq 10 ]; then + continue + elif [ "${range_1}" -eq 172 ]; then + if [ "${range_2}" -ge 16 ] && [ "${range_2}" -le 31 ]; then + continue + fi + elif [ "${range_1}" -eq 192 ]; then + if [ "${range_2}" -eq 168 ]; then + continue + fi + fi + final_ip="${ip}" +done + +echo "127.0.0.1 localhost.localdomain localhost" > /etc/hosts +echo "${final_ip} ${fqdn} ${hostname}" >> /etc/hosts diff --git a/archived/all_new_2018/setup_scripts/setup_mail.sh b/archived/all_new_2018/setup_scripts/setup_mail.sh new file mode 100755 index 0000000..2080705 --- /dev/null +++ b/archived/all_new_2018/setup_scripts/setup_mail.sh @@ -0,0 +1,94 @@ +#/bin/sh +set -e + +# Check we have the necessary arguments. +if [ $# -lt 2 ]; then + echo "Give arguments of mail domain and DKIM selector." + echo "Also, if hosting mail for entire domain, give third argument 'domainwide'." + false +fi +mail_domain="$1" +dkim_selector="$2" +domainwide="$3" + +config_tree_prefix="${HOME}/config/all_new_2018" +setup_scripts_dir="${config_tree_prefix}/setup_scripts" +cd "${setup_scripts_dir}" + +# Set up DKIM key. Only keep opendkim-tools on system if pre-installed. +mkdir -p /etc/dkimkeys/ +set +e +dpkg -s opendkim-tools &> /dev/null +preinstalled="$?" +set -e +if [ ! "${preinstalled}" -eq "0" ]; then + apt install -y opendkim-tools +fi +opendkim-genkey -s "${dkim_selector}" +mv "${dkim_selector}.private" /etc/dkimkeys/ +if [ ! "${preinstalled}" -eq "0" ]; then + apt -y --purge autoremove opendkim-tools +fi + +# Link and adapt mail-server-specific /etc/ files. +./hardlink_etc.sh mail +sed -i "s/REPLACE_maildomain_ECALPER/${mail_domain}/g" /etc/mailutils.conf +sed -i "s/REPLACE_Domain_ECALPER/${mail_domain}/g" /etc/opendkim.conf +sed -i "s/REPLACE_Selector_ECALPER/${dkim_selector}/g" /etc/opendkim.conf +sed -i "s/REPLACE_myhostname_ECALPER/$(hostname -f)/g" /etc/postfix/main.cf +if [ "${domainwide}" = "domainwide" ]; then + sed -i 's/REPLACE_mydomain_if_domainwide_ECALPER/$mydomain/g' /etc/postfix/main.cf +else + sed -i 's/REPLACE_mydomain_if_domainwide_ECALPER//g' /etc/postfix/main.cf +fi +# Since we re-set the iptables rules, we need to reload them. +iptables-restore /etc/iptables/rules.v4 + +# Some useful debconf selections. +echo "postfix postfix/main_mailer_type string 'Internet Site'" | debconf-set-selections +echo "ssl_cert = </etc/letsencrypt/live/$(hostname -f)/fullchain.pem" > /etc/dovecot/conf.d/99-ssl-certs.conf +echo "ssl_key = </etc/letsencrypt/live/$(hostname -f)/privkey.pem" >> /etc/dovecot/conf.d/99-ssl-certs.conf + +# The second line should not be necessary due to the first line, but for +# some reason the installation forgets to set up /etc/mailname early +# enough to not (when running newaliases) stumble over its absence. +echo "postfix postfix/mailname string ${mail_domain}" | debconf-set-selections +echo "${mail_domain}" > /etc/mailname + +# Everything should now be ready for installations. Note that we don't +# strictly need dovecot-lmtpd, as postfix will deliver mail to /var/mail/USER +# in any case, to be found by dovecot; we use it as a transport mechanism to +# allow for sophisticated stuff like dovecot-side sieve filtering (installed +# with dovecot-sieve). +apt install -y -o Dpkg::Options::=--force-confold postfix dovecot-imapd dovecot-lmtpd dovecot-sieve opendkim +cp "${config_tree_prefix}/user_files/dovecot.sieve" /home/plom/.dovecot.sieve +chown plom:plom /home/plom/.dovecot.sieve + +# Pingmail setup. +apt install -y mailutils +cp "${config_tree_prefix}/user_files/pingmailrc" /home/plom/.pingmailrc +chown plom:plom /home/plom/.pingmailrc +su plom -c "cd && git clone https://plomlompom.com/repos/clone/pingmail.git" + +# In addition to our postfix server receiving mails, we funnel mails from a +# POP3 account into dovecot via fetchmail. It might make sense to adapt the +# ~/.dovecot.sieve to move mails targeted to the fetched mail account to their +# own mbox. +apt -y install fetchmail +cp "${config_tree_prefix}/user_files/fetchmailrc" /home/plom/.fetchmailrc +chown plom:plom /home/plom/.fetchmailrc +chmod 0700 /home/plom/.fetchmailrc + +# Pingmail and fetchmail have some systemd timers waiting. To let systemd +# know about them, do this. +systemctl daemon-reload + +# Final advice to user. +echo "TODO: Ensure MX entry for your system in your DNS configuration." +echo "TODO: Ensure a proper SPF entry for this system in your DNS configuration; something like 'v=spf1 mx -all' mapped to your host." +echo "TODO: passwd plom for IMAPS login" +echo "TODO: adapt /home/plom/.fetchmailrc and then do: systemctl start fetchmail.timer" +echo "TODO: adapt /home/plom/.dovecot.sieve and /home/plom/.pingmailrc (sieve mail by pingmail target person into mbox defined in .pingmailrc), then run: systemctl start pingmail.timer" +echo "TODO: Add the follow DMARK entry as TXT to your DNS configugration: 'v=DMARC1; p=none; rua=mailto:plom+dmarc@plomlompom.com;' mapped to _dmarc" +echo "TODO: Add the following DKIM entry to your DNS configuration (possibly with slightly changed host entry â if your mail domain includes a subdomain, append that with a dot):" +cat "${dkim_selector}.txt" diff --git a/archived/all_new_2018/setup_scripts/setup_play.sh b/archived/all_new_2018/setup_scripts/setup_play.sh new file mode 100755 index 0000000..f37be49 --- /dev/null +++ b/archived/all_new_2018/setup_scripts/setup_play.sh @@ -0,0 +1,36 @@ +#!/bin/sh +set -e + +# Ensure we have a GPG target to encrypt to. +if [ $# -lt 1 ]; then + echo "Need public key ID as argument." + false +fi +gpg_key="$1" + +config_tree_prefix="${HOME}/config/all_new_2018" +setup_scripts_dir="${config_tree_prefix}/setup_scripts" +cd "${setup_scripts_dir}" + +# If anything strange happens, let root send mail to us. +./setup_sendonly.sh + +# Apart from weechat, vim and screen will also be useful for everyday activity. +apt -y install weechat screen vim + +# Link and copy over files. +./hardlink_etc.sh play +cp "${config_tree_prefix}/user_files/encrypter.sh" /home/plom/ +chown plom:plom /home/plom/encrypter.sh +cp "${config_tree_prefix}/user_files/weechat-wrapper.sh" /home/plom/ +chown plom:plom /home/plom/weechat-wrapper.sh +cp "${config_tree_prefix}/user_files/weechatrc" /home/plom/.weechatrc +chown plom:plom /home/plom/.weechatrc +apt -y install screen +echo "$gpg_key" > /home/plom/.encrypt_target +chown plom:plom /home/plom/.encrypt_target + +# Start encrypt_chatlogs job. +./add_encryption_key.sh "${gpg_key}" +systemctl daemon-reload +systemctl start encrypt_chatlogs.timer diff --git a/archived/all_new_2018/setup_scripts/setup_plomlombot.sh b/archived/all_new_2018/setup_scripts/setup_plomlombot.sh new file mode 100755 index 0000000..de22ef3 --- /dev/null +++ b/archived/all_new_2018/setup_scripts/setup_plomlombot.sh @@ -0,0 +1,29 @@ +#!/bin/sh +set -e + +# Ensure we have a GPG target to encrypt to. +if [ $# -lt 1 ]; then + echo "Need public key ID as argument." + false +fi +gpg_key="$1" + +config_tree_prefix="${HOME}/config/all_new_2018" +irclogs_dir=/var/www/html/irclogs +irclogs_pw_dir=/var/www/irclogs_pw + +./add_encryption_key.sh "${gpg_key}" +apt -y install screen python3-venv +cp "${config_tree_prefix}"/user_files/plomlombot_daemon.sh /home/plom/ +chown plom:plom /home/plom/plomlombot_daemon.sh +su plom -c "cd && git clone /var/public_repos/plomlombot-irc" +systemctl enable /etc/systemd/system/plomlombot.service +service plomlombot start +mkdir -p "${irclogs_dir}" +chown -R plom:plom "${irclogs_dir}" +mkdir -p "${irclogs_pw_dir}" +chown -R plom:plom "${irclogs_pw_dir}" +echo "Don't forget to add a file ~/.plomlombot with content such as:" +echo "gpg_key ${gpg_key}" +echo "bot: SCREEN_SESSION_NAME BOT_NAME #CHANNEL_NAME IRC_SERVER_NAME LOGS_USER LOGS_PW" +echo "# file should end in newline or non-interpreted line such as this" diff --git a/archived/all_new_2018/setup_scripts/setup_sendonly.sh b/archived/all_new_2018/setup_scripts/setup_sendonly.sh new file mode 100755 index 0000000..e761eeb --- /dev/null +++ b/archived/all_new_2018/setup_scripts/setup_sendonly.sh @@ -0,0 +1,14 @@ +#!/bin/sh +# This sets up the minimum of a mail server necessary to send out mails +# to the world. +set -e + +config_tree_prefix="${HOME}/config/all_new_2018" +setup_scripts_dir="${config_tree_prefix}/setup_scripts" +cd "${setup_scripts_dir}" + +./hardlink_etc.sh sendonly +echo "postfix postfix/main_mailer_type string 'Internet Site'" | debconf-set-selections +echo "postfix postfix/mailname string $(hostname -f)" | debconf-set-selections +echo "$(hostname -f)" > /etc/mailname +apt install -y postfix diff --git a/archived/all_new_2018/setup_scripts/setup_server.sh b/archived/all_new_2018/setup_scripts/setup_server.sh new file mode 100755 index 0000000..172d8d2 --- /dev/null +++ b/archived/all_new_2018/setup_scripts/setup_server.sh @@ -0,0 +1,52 @@ +#!/bin/sh +# Next setup steps for a server whose login policy has just been set from +# the outside via ./init_user_and_keybased_login.sh. +set -e + +# Provide maximum input for set_hostname_and_fqdn.sh. +if [ "$#" -ne 2 ]; then + echo 'Need exactly two arguments (hostname, FQDN).' + false +fi +hostname="$1" +fqdn="$2" + +config_tree_prefix="${HOME}/config/all_new_2018" +setup_scripts_dir="${config_tree_prefix}/setup_scripts" +cd "${setup_scripts_dir}" + +# Adapt /etc/ to our needs by hardlinking into ./linkable_etc_files. This +# will set basic configurations affecting following steps, such as setup +# of APT and the locale selection, so needs to be right at the beginning. +./hardlink_etc.sh all server + +# Set hostname and FQDN. +./set_hostname_and_fqdn.sh "${hostname}" "${fqdn}" + +# Some debconf selections we don't want to get asked during coming +# install actions. +echo 'iptables-persistent iptables-persistent/autosave_v4 boolean false' | debconf-set-selections +echo 'iptables-persistent iptables-persistent/autosave_v6 boolean false' | debconf-set-selections + +# Ensure package installation state as defined by what packages are +# defined as required by Debian policy and by settings in ./apt-mark/. +apt update +./install_for_target.sh all server +./purge_nonrequireds.sh all server + +# Ensure our desired locale is available. +locale-gen + +# Only upgrade after reducing the system to the desired minimum, so that +# we don't need to get more data than necessary. +apt -y dist-upgrade + +# Set Berlin localtime. +ln -sf /usr/share/zoneinfo/Europe/Berlin /etc/localtime + +# If we have not yet set the shell for user plom, ensure it here. This +# is mostly for convenience. +usermod -s /bin/bash plom + +# We want to be able to use ALL our servers as borg backup destinations. +apt -y install borgbackup diff --git a/archived/all_new_2018/setup_scripts/setup_web.sh b/archived/all_new_2018/setup_scripts/setup_web.sh new file mode 100755 index 0000000..400aa22 --- /dev/null +++ b/archived/all_new_2018/setup_scripts/setup_web.sh @@ -0,0 +1,19 @@ +#!/bin/sh +# Set up plomlompom.com web server. +set -e + +config_tree_prefix="${HOME}/config/all_new_2018" +setup_scripts_dir="${config_tree_prefix}/setup_scripts" +cd "${setup_scripts_dir}" + +./hardlink_etc.sh web +./setup_sendonly.sh +sed -i "s/REPLACE_fqdn_ECALPER/$(hostname -f)/g" /etc/nginx/nginx.conf +sed -i "s/REPLACE_fqdn_ECALPER/$(hostname -f)/g" /etc/gitweb.conf +cd /var/ +rm -rf www +git clone plom@core.plomlompom.com:repos/website www +apt -y -o Dpkg::Options::=--force-confold install nginx gitweb fcgiwrap +mkdir /var/public_repos +chown plom:plom /var/public_repos +iptables-restore /etc/iptables/rules.v4 diff --git a/archived/all_new_2018/user_files/dovecot.sieve b/archived/all_new_2018/user_files/dovecot.sieve new file mode 100644 index 0000000..5346309 --- /dev/null +++ b/archived/all_new_2018/user_files/dovecot.sieve @@ -0,0 +1,8 @@ +require ["fileinto"]; +require ["mailbox"]; +if address :is "from" "foo@bar.com" { + fileinto :create "foo"; +} +if address :is :domain "to" "example.com" { + fileinto :create "example.com"; +} diff --git a/archived/all_new_2018/user_files/encrypter.sh b/archived/all_new_2018/user_files/encrypter.sh new file mode 100755 index 0000000..e2ebd44 --- /dev/null +++ b/archived/all_new_2018/user_files/encrypter.sh @@ -0,0 +1,9 @@ +#!/bin/sh +# Encrypt dated weechatlog files older than one day to GPG target defined in +# ~/.encrypt_target +set -e + +gpg_key=$(cat ~/.encrypt_target) +cd ~/weechatlogs/irc/ +find . -regextype posix-egrep -regex '^.*/.*/.*\.[0-9]{4}-[0-9]{2}-[0-9]{2}\.weechatlog$' -type f -mtime +1 -exec gpg --recipient "${gpg_key}" --trust-model always --encrypt {} \; -exec rm {} \; + diff --git a/archived/all_new_2018/user_files/fetchmailrc b/archived/all_new_2018/user_files/fetchmailrc new file mode 100755 index 0000000..b437563 --- /dev/null +++ b/archived/all_new_2018/user_files/fetchmailrc @@ -0,0 +1,2 @@ +# remove "keep" if you're sure about your setup; it keeps mails on server from getting deleted +poll mail.example.com protocol pop3 username "foo@example.com" password "PASSWORD" ssl keep diff --git a/archived/all_new_2018/user_files/pingmailrc b/archived/all_new_2018/user_files/pingmailrc new file mode 100644 index 0000000..46bcbfe --- /dev/null +++ b/archived/all_new_2018/user_files/pingmailrc @@ -0,0 +1,45 @@ +# place for test files whose modification times are used to track lifesigns +testdir=$HOME'/.pingmail' + +# modification time is the last time a ping was sent or a lifetime received +ping_touch=$testdir'/ping_touch' + +# modification time is when the count for sending checker a warning mail starts +reminder_touch=$testdir'/reminder_touch' + +# how long to wait for lifesigns before sending a ping; double is time to wait +# for a lifesign before sending a warning message to checker +wait_time=86400 + +# address of the checker, receives warning message after too long wait +checker_address='bar@example.org' + +# address of the checked person, ping is sent here +checked_address='foo@example.org' + +# content of ping message sent to checked person +subj2checked='[pingmail] Ping!' +msg2checked='Hi!\n +\nThis is an automated mail ping from '$checker_address'. +\nRespond to show that you are still alive!' + +# content of warning message sent to checker +id_target='foo' +subj2checker='[pingmail] No recent life signs from '$id_target +reminder_time=`expr $wait_time \* 2` +msg2checker='pingmail reporting in:\n +\nNo life signs from '$id_target' for the last '$reminder_time' seconds. +\nMaybe you should give them a call to check if they are okay.' + +# mail client command reading message body from stdin and subject from parameter +mailclient_s='mail -s' + +# mailbox file to check for most recent life sign +mbox=$HOME'/mail/foo' + +# to recursively search for most recent matches to $matchstring as lifesigns +#maildir=$HOME'/mail' + +# pattern to search $maildir for recursively for lifesigns +#checked_address_escaped=`echo $checked_address | sed 's/\./\\./g'` +#matchstring='^From: .*('$checked_address_escaped'|alternate@example\.org)' diff --git a/archived/all_new_2018/user_files/plomlombot_daemon.sh b/archived/all_new_2018/user_files/plomlombot_daemon.sh new file mode 100755 index 0000000..5cf1f6a --- /dev/null +++ b/archived/all_new_2018/user_files/plomlombot_daemon.sh @@ -0,0 +1,55 @@ +#!/bin/sh +set -e + +# Repeatedly parse config file for GPG key and bot screen configs. +path=~/.plomlombot +db_dir="${HOME}/plomlombot_db" +irclogs_dir=/var/www/html/irclogs +irclogs_pw_dir=/var/www/irclogs_pw +while true; do + if [ -f "${path}" ]; then + cat "${path}" | while read line; do + first_word=$(echo -n "${line}" | cut -d' ' -f1) + + # Read "bot:" line, start bot screen session from it if not yet existing, + # set up irclogs dir if not yet existing. + if [ "${first_word}" = "bot:" ]; then + session_name=$(echo -n "${line}" | cut -d' ' -f2) + bot_name=$(echo -n "${line}" | cut -d' ' -f3) + channel_name=$(echo -n "${line}" | cut -d' ' -f4) + shortened_channel_name="${channel_name}" + first_char=$(echo -n "${channel_name}" | cut -c1) + if [ "${first_char}" = "#" ]; then + shortened_channel_name=$(echo -n "${channel_name}" | cut -c2-) + fi + server_name=$(echo -n "${line}" | cut -d' ' -f5) + login_user=$(echo -n "${line}" | cut -d' ' -f6) + login_pw=$(echo -n "${line}" | cut -d' ' -f7) + set +e + screen -S "${session_name}" -Q select . > /dev/null + start_screen=$? + set -e + if [ "${start_screen}" -eq "1" ]; then + cd ~/plomlombot-irc + LANG="en_US.UTF-8" screen -d -m -S "${session_name}" ./run.sh -r 604800 -n "${bot_name}" -s "${server_name}" "${channel_name}" + fi + md5_server=$(echo -n "${server_name}" | md5sum | cut -d' ' -f1) + md5_channel=$(echo -n "${channel_name}" | md5sum | cut -d' ' -f1) + logs_dir="${db_dir}/${md5_server}/${md5_channel}/logs" + # FIXME: Note the trouble we will have if we have the same channel + # name on different servers ⦠+ ln -sfn "${logs_dir}" "${irclogs_dir}/${shortened_channel_name}" + echo "${login_user}":'{PLAIN}'"${login_pw}" > "${irclogs_pw_dir}/${shortened_channel_name}" + + # If "gpg" line, encrypt old raw logs to that GPG key. + elif [ "${first_word}" = "gpg_key" ]; then + key=$(echo -n "${line}" | cut -d' ' -f2) + mkdir -p ~/plomlombot_db + cd ~/plomlombot_db + find . -path '*/*/raw_logs/*.txt' -mtime +1 -type f -exec gpg --recipient "${key}" --trust-model always --encrypt {} \; -exec rm {} \; + fi + + done + sleep 1 + fi +done diff --git a/archived/all_new_2018/user_files/weechat-wrapper.sh b/archived/all_new_2018/user_files/weechat-wrapper.sh new file mode 100755 index 0000000..4625dd8 --- /dev/null +++ b/archived/all_new_2018/user_files/weechat-wrapper.sh @@ -0,0 +1,8 @@ +#!/bin/sh + +# Enforce ~/.weechatrc as sole persistent weechat config file. +#~/config/bin/simplemail.sh ~/config/mails/weechat_restart_reminder +rm -rf ~/.weechat/ +WEECHATCONF=`tr '\n' ';' < ~/.weechatrc` +weechat -r "$WEECHATCONF" +rm -rf ~/.weechat/ diff --git a/archived/all_new_2018/user_files/weechatrc b/archived/all_new_2018/user_files/weechatrc new file mode 100644 index 0000000..ab30c17 --- /dev/null +++ b/archived/all_new_2018/user_files/weechatrc @@ -0,0 +1,7 @@ +/set logger.file.path ~/weechatlogs +/set logger.file.flush_delay 0 +/set logger.mask.irc "irc/$server/$channel.%Y-%m-%d.weechatlog" +/set weechat.bar.status.items "[time],[buffer_last_number],[buffer_plugin],buffer_number+:+buffer_name+(buffer_modes)+{buffer_nicklist_count}+buffer_zoom+buffer_filter,[lag],[hotlist],completion,scroll,[otr]" +/set weechat.color.chat_nick_colors "lightcyan" +/server add freenode irc.freenode.net -nicks=plimlompom,plimlomp0m,pliml0mp0m -realname="foo bar" -autojoin=#plomlompomtest +/connect freenode diff --git a/archived/ansible/config.yml b/archived/ansible/config.yml new file mode 100644 index 0000000..3386c91 --- /dev/null +++ b/archived/ansible/config.yml @@ -0,0 +1,117 @@ +--- +- hosts: all + user: root + become: yes + tasks: + + - name: ensure directories for symlinks exist + file: state=directory dest={{item}} + with_lines: cat ~/config/ansible/files/dirs | sed -e 's/ *#.*$//' + - name: symlink system files + file: state=hard force=yes src={{item}} dest={{item|basename|regex_replace('___','/')}} + with_fileglob: ~/config/ansible/files/system/* + - name: set hostname for current session + shell: hostname w530 + + # Init package management. + - name: update package lists + apt: update_cache=yes + - name: APT - dist-upgrade + apt: upgrade=dist + + # Ensure power management. + - name: ensure power management tools are installed + apt: name={{item}} state=present + with_lines: cat ~/config/ansible/files/apt-mark/power_management | sed -e 's/ *#.*$//' + - name: start TLP + shell: tlp start + + # Configure console. + # + # For some reason, some settings are only applied two reboots after this. + - name: symlink console config files + file: state=link force=yes src={{item}} dest={{item|basename|regex_replace('___','/')}} + with_fileglob: ~/config/ansible/files/console/* + - name: ensure locales and console-setup are installed + apt: name={{item}} state=present + with_lines: cat ~/config/ansible/files/apt-mark/console | sed -e 's/ *#.*$//' + - name: generate en_US.UTF-8 locale + locale_gen: name=en_US.UTF-8 state=present + - name: run setupcon to apply console settings from /etc/default/ + command: setupcon + + # Miscellaneous. + - name: Ensure dotfile symlinks + file: state=link force=yes src={{item}} dest=~/.{{item|basename}} + with_fileglob: + - ~/config/dotfiles/minimal/* + - ~/config/dotfiles/root/* + - name: ensure ~/.vimbackups directory + file: state=directory dest=~/.vimbackups + - name: ensure man-db, manpages are installed + apt: name={{item}} state=present + with_lines: cat ~/config/ansible/files/apt-mark/man | sed -e 's/ *#.*$//' + - name: set /etc/localtime + file: state=link force=yes src=/usr/share/zoneinfo/Europe/Berlin dest=/etc/localtime + - name: ensure various useful tools are installed â sudo, git, vim, less, openssh + apt: name={{item}} state=present + with_lines: cat ~/config/ansible/files/apt-mark/various_useful | sed -e 's/ *#.*$//' + - name: ensure boot messages are not cleared on start up + replace: dest=/etc/systemd/system/getty.target.wants/getty@tty1.service regexp='^TTYVTDisallocate=yes.*$' replace='TTYVTDisallocate=no' + + # Config user. + - name: create user plom with sudo privileges and bash shell + user: name=plom groups=sudo shell=/bin/bash + - name: have config repo in user directory + git: repo=https://github.com/plomlompom/config dest=/home/plom/config + become_user: plom + become_method: su + + # Ensure X window environment. + - name: ensure minimal X window environment + apt: name={{item}} state=present + with_lines: cat ~/config/ansible/files/apt-mark/minimal_x | sed -e 's/ *#.*$//' + - name: ensure 3d acceleration and optimus switch + apt: name={{item}} state=present + with_lines: cat ~/config/ansible/files/apt-mark/3d_acceleration | sed -e 's/ *#.*$//' + - name: ensure user plom is in bumblebee group + user: name=plom groups=bumblebee append=yes + - name: ensure basic X tools + apt: name={{item}} state=present + with_lines: cat ~/config/ansible/files/apt-mark/basic_x_tools | sed -e 's/ *#.*$//' + + # Set up pentadactyl. + - name: ensure browser environment + apt: name={{item}} state=present + with_lines: cat ~/config/ansible/files/apt-mark/browser_environment | sed -e 's/ *#.*$//' + + # Ensure wifi. + - name: ensure wifi configuration + apt: name={{item}} state=present + with_lines: cat ~/config/ansible/files/apt-mark/wifi | sed -e 's/ *#.*$//' + + # Ensure audio/video consumption necessities. + - name: ensure multimedia tools + apt: name={{item}} state=present + with_lines: cat ~/config/ansible/files/apt-mark/multimedia | sed -e 's/ *#.*$//' + + # Ensure hotkeys. + # + # For some reason, the brightness hotkeys still won't be available unless acpid is restarted (yes, after reboot). + - name: ensure hotkeys + apt: name={{item}} state=present + with_lines: cat ~/config/ansible/files/apt-mark/hotkeys | sed -e 's/ *#.*$//' + + # Remove undesired packages + - name: collect desired packages + shell: cat files/apt-mark/* | sed -e 's/ *#.*$//' > /tmp/white_list_unsorted && sort /tmp/white_list_unsorted > /tmp/white_list_sorted + - name: collect currently installed packages + shell: dpkg-query -Wf '${Package}\n' > /tmp/all_unsorted && sort /tmp/all_unsorted > /tmp/all_sorted + - name: create black list of packages to mark as automatically installed from the difference between the required packages and the packages currently installed + shell: comm -3 /tmp/all_sorted /tmp/white_list_sorted > /tmp/list_black + - name: mark all packages from black list as automatically installed + shell: apt-mark auto $(cat /tmp/list_black) + - name: mark all packages from white list as manually installed + shell: apt-mark manual $(cat /tmp/white_list_unsorted) + - name: purge all packages automatically installed that are not depended on + shell: DEBIAN_FRONTEND=noninteractive apt-get -y --purge autoremove diff --git a/archived/ansible/config_new.yml b/archived/ansible/config_new.yml new file mode 100644 index 0000000..f3bd3f5 --- /dev/null +++ b/archived/ansible/config_new.yml @@ -0,0 +1,147 @@ +--- +- hosts: all + user: root + become: yes + tasks: + + - name: ensure directories for symlinks exist + file: state=directory dest={{item}} + with_lines: cat ~/config/ansible/files/dirs_new | sed -e 's/ *#.*$//' + - name: symlink system files + file: state=hard force=yes src={{item}} dest={{item|basename|regex_replace('___','/')}} + with_fileglob: + - ~/config/ansible/files/system_new/minimal/* + - ~/config/ansible/files/system_new/{{ system_name }}/* + - name: set hostname for current session + shell: hostname {{ system_name }} + + # Init package management. + - name: add palemoon repo signing key + apt_key: + url: https://download.opensuse.org/repositories/home:stevenpusser/Debian_9.0/Release.key + state: present + - name: update package lists + apt: update_cache=yes + - name: APT - dist-upgrade + apt: upgrade=dist + + # Ensure packages needed for disk encryption on startup (how does this work?) + - name: ensure power management tools are installed + apt: name={{item}} state=present + with_lines: + - cat ~/config/ansible/files/apt-mark_new/minimal/disk_encryption | sed -e 's/ *#.*$//' + + # Ensure power management. + - name: ensure power management tools are installed + apt: name={{item}} state=present + with_lines: + - cat ~/config/ansible/files/apt-mark_new/minimal/power_management | sed -e 's/ *#.*$//' + - cat ~/config/ansible/files/apt-mark_new/X200s/power_management | sed -e 's/ *#.*$//' + - name: start TLP + shell: tlp start + + # Configure console. + # + # For some reason, some settings are only applied two reboots after this. + - name: symlink console config files + file: state=link force=yes src={{item}} dest={{item|basename|regex_replace('___','/')}} + with_fileglob: ~/config/ansible/files/console/* + - name: ensure locales and console-setup are installed + apt: name={{item}} state=present + with_lines: cat ~/config/ansible/files/apt-mark_new/minimal/console | sed -e 's/ *#.*$//' + - name: generate en_US.UTF-8 locale + locale_gen: name=en_US.UTF-8 state=present + - name: Touch keyboard config file so setupcon does not ignore it. + command: touch /etc/default/keyboard + - name: run setupcon to apply console settings from /etc/default/ + command: setupcon + + # Miscellaneous. + - name: Ensure dotfile symlinks + file: state=link force=yes src={{item}} dest=~/.{{item|basename}} + with_fileglob: + - ~/config/dotfiles/minimal/* + - ~/config/dotfiles/root/* + - name: ensure ~/.vimbackups directory + file: state=directory dest=~/.vimbackups + - name: ensure man-db, manpages are installed + apt: name={{item}} state=present + with_lines: cat ~/config/ansible/files/apt-mark_new/minimal/man | sed -e 's/ *#.*$//' + - name: set /etc/localtime + file: state=link force=yes src=/usr/share/zoneinfo/Europe/Berlin dest=/etc/localtime + - name: ensure various useful tools are installed â sudo, git, vim, less, openssh + apt: name={{item}} state=present + with_lines: cat ~/config/ansible/files/apt-mark_new/minimal/various_useful | sed -e 's/ *#.*$//' + - name: ensure boot messages are not cleared on start up + replace: dest=/etc/systemd/system/getty.target.wants/getty@tty1.service regexp='^TTYVTDisallocate=yes.*$' replace='TTYVTDisallocate=no' + + # Config user. + - name: create user plom with sudo privileges and bash shell + user: name=plom groups=sudo shell=/bin/bash + #- name: have config repo in user directory + # git: repo=https://github.com/plomlompom/config dest=/home/plom/config + # become_user: plom + # become_method: su + + # Ensure X window environment. + - name: ensure minimal X window environment + apt: name={{item}} state=present + with_lines: cat ~/config/ansible/files/apt-mark_new/minimal/minimal_x | sed -e 's/ *#.*$//' + - name: ensure 3d acceleration + apt: name={{item}} state=present + with_lines: cat ~/config/ansible/files/apt-mark_new/minimal/3d_acceleration | sed -e 's/ *#.*$//' + #- name: ensure optimus switch + # apt: name={{item}} state=present + # with_lines: cat ~/config/ansible/files/apt-mark_new/W530/3d_acceleration | sed -e 's/ *#.*$//' + #- name: ensure user plom is in bumblebee group + # user: name=plom groups=bumblebee append=yes + - name: ensure basic X tools + apt: name={{item}} state=present + with_lines: cat ~/config/ansible/files/apt-mark_new/minimal/basic_x_tools | sed -e 's/ *#.*$//' + + ## Set up browser environment. + #- name: ensure qutebrowser + # include: tasks/qutebrowser.yml + - name: ensure browser environment + apt: name={{item}} state=present + with_lines: cat ~/config/ansible/files/apt-mark_new/minimal/browser_environment | sed -e 's/ *#.*$//' + + # Ensure wifi. + - name: ensure wifi configuration + apt: name={{item}} state=present + with_lines: + - cat ~/config/ansible/files/apt-mark_new/minimal/wifi | sed -e 's/ *#.*$//' + - cat ~/config/ansible/files/apt-mark_new/X200s/wifi | sed -e 's/ *#.*$//' + #- name: ensure wicd + # apt: name={{item}} state=present + # with_lines: cat ~/config/ansible/files/apt-mark_new/W530/wicd | sed -e 's/ *#.*$//' + + # Ensure audio/video consumption necessities. + - name: ensure multimedia tools + apt: name={{item}} state=present + with_lines: cat ~/config/ansible/files/apt-mark_new/minimal/multimedia | sed -e 's/ *#.*$//' + #- name: ensure multimedia tools + # apt: name={{item}} state=present + # with_lines: cat ~/config/ansible/files/apt-mark_new/W530/multimedia | sed -e 's/ *#.*$//' + + # Ensure hotkeys. + # + # For some reason, the brightness hotkeys still won't be available unless acpid is restarted (yes, after reboot). + #- name: ensure hotkeys + # apt: name={{item}} state=present + # with_lines: cat ~/config/ansible/files/apt-mark/hotkeys | sed -e 's/ *#.*$//' + + # Remove undesired packages + - name: collect desired packages + shell: cat files/apt-mark_new/minimal/* files/apt-mark_new/{{ system_name }}/* | sed -e 's/ *#.*$//' > /tmp/white_list_unsorted && sort /tmp/white_list_unsorted > /tmp/white_list_sorted + - name: collect currently installed packages + shell: dpkg-query -Wf '${Package}\n' > /tmp/all_unsorted && sort /tmp/all_unsorted > /tmp/all_sorted + - name: create black list of packages to mark as automatically installed from the difference between the required packages and the packages currently installed + shell: comm -3 /tmp/all_sorted /tmp/white_list_sorted > /tmp/list_black + - name: mark all packages from black list as automatically installed + shell: apt-mark auto $(cat /tmp/list_black) + - name: mark all packages from white list as manually installed + shell: apt-mark manual $(cat /tmp/white_list_unsorted) + - name: purge all packages automatically installed that are not depended on + shell: DEBIAN_FRONTEND=noninteractive apt-get -y --purge autoremove + diff --git a/archived/ansible/files/apt-mark/3d_acceleration b/archived/ansible/files/apt-mark/3d_acceleration new file mode 100644 index 0000000..7d0ba5b --- /dev/null +++ b/archived/ansible/files/apt-mark/3d_acceleration @@ -0,0 +1,5 @@ +bumblebee-nvidia +libgl1-mesa-dri # tested as necessary for OpenGL 3D acceleration to work +libglu1-mesa # tested as necessary for OpenGL 3D acceleration to work +linux-headers-amd64 # tested as necessary to build proper nvidia-driver module +primus # bridge by which bumblebee will deliver Nvidia-renderend content to Intel card diff --git a/archived/ansible/files/apt-mark/basic_x_tools b/archived/ansible/files/apt-mark/basic_x_tools new file mode 100644 index 0000000..9c68622 --- /dev/null +++ b/archived/ansible/files/apt-mark/basic_x_tools @@ -0,0 +1,7 @@ +i3 +i3status +python3 # this is what the i3status wrapper is written in +redshift +suckless-tools # contains dmenu; not using virtual packages as that won't be marked manually installed +xterm +x11-xserver-utils # includes xrdb which applies .Xresources files diff --git a/archived/ansible/files/apt-mark/browser_environment b/archived/ansible/files/apt-mark/browser_environment new file mode 100644 index 0000000..cc9575c --- /dev/null +++ b/archived/ansible/files/apt-mark/browser_environment @@ -0,0 +1,4 @@ +iceweasel +vim-gtk # used by pentadactyl for text editing +xul-ext-noscript +xul-ext-pentadactyl diff --git a/archived/ansible/files/apt-mark/console b/archived/ansible/files/apt-mark/console new file mode 100644 index 0000000..01bcbf8 --- /dev/null +++ b/archived/ansible/files/apt-mark/console @@ -0,0 +1,2 @@ +console-setup +locales diff --git a/archived/ansible/files/apt-mark/core b/archived/ansible/files/apt-mark/core new file mode 100644 index 0000000..43afba8 --- /dev/null +++ b/archived/ansible/files/apt-mark/core @@ -0,0 +1,55 @@ +base-files +base-passwd +bash +bsdutils +coreutils +dash +debconf +debianutils +diffutils +dpkg +e2fslibs +e2fsprogs +findutils +gcc-6-base +grep +gzip +hostname +init-system-helpers +libacl1 +libattr1 +libblkid1 +libc6 +libc-bin +libcomerr2 +libfdisk1 +libgcc1 +liblzma5 +libmount1 +libpam0g +libpam-modules +libpam-modules-bin +libpam-runtime +libpcre3 +libselinux1 +libsepol1 +libsmartcols1 +libss2 +libtinfo5 +libuuid1 +login +lsb-base +mawk +mount +multiarch-support +ncurses-base +ncurses-bin +passwd +perl-base +sed +sensible-utils +sysvinit-utils +tar +tzdata +util-linux +zlib1g diff --git a/archived/ansible/files/apt-mark/hotkeys b/archived/ansible/files/apt-mark/hotkeys new file mode 100644 index 0000000..f11bdfa --- /dev/null +++ b/archived/ansible/files/apt-mark/hotkeys @@ -0,0 +1 @@ +acpid # captures hotkey presses and triggers respective /etc/acpi/events/* diff --git a/archived/ansible/files/apt-mark/man b/archived/ansible/files/apt-mark/man new file mode 100644 index 0000000..f688e67 --- /dev/null +++ b/archived/ansible/files/apt-mark/man @@ -0,0 +1,2 @@ +man-db +manpages diff --git a/archived/ansible/files/apt-mark/minimal_ansible_environment b/archived/ansible/files/apt-mark/minimal_ansible_environment new file mode 100644 index 0000000..f9f4097 --- /dev/null +++ b/archived/ansible/files/apt-mark/minimal_ansible_environment @@ -0,0 +1,3 @@ +ansible +ifupdown # needed for internet connectivity +isc-dhcp-client # needed for internet connectivity diff --git a/archived/ansible/files/apt-mark/minimal_x b/archived/ansible/files/apt-mark/minimal_x new file mode 100644 index 0000000..f785794 --- /dev/null +++ b/archived/ansible/files/apt-mark/minimal_x @@ -0,0 +1,4 @@ +libpam-systemd # needed to start X as non-root +xinit # contains startx +xserver-xorg-core +xserver-xorg-input-evdev # supports all input devices the kernel knows about diff --git a/archived/ansible/files/apt-mark/multimedia b/archived/ansible/files/apt-mark/multimedia new file mode 100644 index 0000000..0b6d9ef --- /dev/null +++ b/archived/ansible/files/apt-mark/multimedia @@ -0,0 +1,6 @@ +alsa-utils +eject +ffmpeg # somehow this is needed to make youtube-dl grab 1080p versions of videos +libdvd-pkg # decss stuff +mpv +youtube-dl # needed by mpv to directly work YouTube URLs diff --git a/archived/ansible/files/apt-mark/power_management b/archived/ansible/files/apt-mark/power_management new file mode 100644 index 0000000..3dba602 --- /dev/null +++ b/archived/ansible/files/apt-mark/power_management @@ -0,0 +1,2 @@ +acpi-call-dkms # needed for tlp to access Thinkpad-specific features +tlp diff --git a/archived/ansible/files/apt-mark/various_useful b/archived/ansible/files/apt-mark/various_useful new file mode 100644 index 0000000..e37a898 --- /dev/null +++ b/archived/ansible/files/apt-mark/various_useful @@ -0,0 +1,5 @@ +git +less +openssh-client +sudo +vim diff --git a/archived/ansible/files/apt-mark/wifi b/archived/ansible/files/apt-mark/wifi new file mode 100644 index 0000000..0d9d93c --- /dev/null +++ b/archived/ansible/files/apt-mark/wifi @@ -0,0 +1,4 @@ +firmware-iwlwifi # wifi driver +wicd-cli # thanks to my own wicd_wrapper.sh should be enough for most stuff +wicd-curses # although this currently is very buggy +wicd-gtk # workaround for when wicd-curses fails diff --git a/archived/ansible/files/apt-mark_new/W530/3d_acceleration b/archived/ansible/files/apt-mark_new/W530/3d_acceleration new file mode 100644 index 0000000..1b7e696 --- /dev/null +++ b/archived/ansible/files/apt-mark_new/W530/3d_acceleration @@ -0,0 +1,3 @@ +bumblebee-nvidia +linux-headers-amd64 # tested as necessary to build proper nvidia-driver module +primus # bridge by which bumblebee will deliver Nvidia-renderend content to Intel card diff --git a/archived/ansible/files/apt-mark_new/W530/browser_environment b/archived/ansible/files/apt-mark_new/W530/browser_environment new file mode 100644 index 0000000..cc9575c --- /dev/null +++ b/archived/ansible/files/apt-mark_new/W530/browser_environment @@ -0,0 +1,4 @@ +iceweasel +vim-gtk # used by pentadactyl for text editing +xul-ext-noscript +xul-ext-pentadactyl diff --git a/archived/ansible/files/apt-mark_new/W530/hotkeys b/archived/ansible/files/apt-mark_new/W530/hotkeys new file mode 100644 index 0000000..f11bdfa --- /dev/null +++ b/archived/ansible/files/apt-mark_new/W530/hotkeys @@ -0,0 +1 @@ +acpid # captures hotkey presses and triggers respective /etc/acpi/events/* diff --git a/archived/ansible/files/apt-mark_new/W530/multimedia b/archived/ansible/files/apt-mark_new/W530/multimedia new file mode 100644 index 0000000..219097d --- /dev/null +++ b/archived/ansible/files/apt-mark_new/W530/multimedia @@ -0,0 +1,3 @@ +eject +ffmpeg # somehow this is needed to make youtube-dl grab 1080p versions of videos +libdvd-pkg # decss stuff diff --git a/archived/ansible/files/apt-mark_new/W530/wicd b/archived/ansible/files/apt-mark_new/W530/wicd new file mode 100644 index 0000000..55d86fe --- /dev/null +++ b/archived/ansible/files/apt-mark_new/W530/wicd @@ -0,0 +1,3 @@ +wicd-cli # thanks to my own wicd_wrapper.sh should be enough for most stuff +wicd-curses # although this currently is very buggy +wicd-gtk # workaround for when wicd-curses fails diff --git a/archived/ansible/files/apt-mark_new/X200s/multimedia b/archived/ansible/files/apt-mark_new/X200s/multimedia new file mode 100644 index 0000000..dbcf4ee --- /dev/null +++ b/archived/ansible/files/apt-mark_new/X200s/multimedia @@ -0,0 +1,4 @@ +alsa-utils +ffmpeg # somehow this is needed to make youtube-dl grab 1080p versions of videos +mpv +youtube-dl # needed by mpv to directly work YouTube URLs diff --git a/archived/ansible/files/apt-mark_new/X200s/power_management b/archived/ansible/files/apt-mark_new/X200s/power_management new file mode 100644 index 0000000..f6954bf --- /dev/null +++ b/archived/ansible/files/apt-mark_new/X200s/power_management @@ -0,0 +1,2 @@ +tp-smapi-dkms +linux-headers-amd64 diff --git a/archived/ansible/files/apt-mark_new/X200s/wifi b/archived/ansible/files/apt-mark_new/X200s/wifi new file mode 100644 index 0000000..a0e499d --- /dev/null +++ b/archived/ansible/files/apt-mark_new/X200s/wifi @@ -0,0 +1 @@ +wpasupplicant diff --git a/archived/ansible/files/apt-mark_new/minimal/3d_acceleration b/archived/ansible/files/apt-mark_new/minimal/3d_acceleration new file mode 100644 index 0000000..aa318bd --- /dev/null +++ b/archived/ansible/files/apt-mark_new/minimal/3d_acceleration @@ -0,0 +1,2 @@ +libglu1-mesa # tested as necessary for OpenGL 3D acceleration to work +libgl1-mesa-dri # tested as necessary for OpenGL 3D acceleration to work diff --git a/archived/ansible/files/apt-mark_new/minimal/basic_x_tools b/archived/ansible/files/apt-mark_new/minimal/basic_x_tools new file mode 100644 index 0000000..9c68622 --- /dev/null +++ b/archived/ansible/files/apt-mark_new/minimal/basic_x_tools @@ -0,0 +1,7 @@ +i3 +i3status +python3 # this is what the i3status wrapper is written in +redshift +suckless-tools # contains dmenu; not using virtual packages as that won't be marked manually installed +xterm +x11-xserver-utils # includes xrdb which applies .Xresources files diff --git a/archived/ansible/files/apt-mark_new/minimal/browser_environment b/archived/ansible/files/apt-mark_new/minimal/browser_environment new file mode 100644 index 0000000..536ea49 --- /dev/null +++ b/archived/ansible/files/apt-mark_new/minimal/browser_environment @@ -0,0 +1 @@ +palemoon diff --git a/archived/ansible/files/apt-mark_new/minimal/console b/archived/ansible/files/apt-mark_new/minimal/console new file mode 100644 index 0000000..01bcbf8 --- /dev/null +++ b/archived/ansible/files/apt-mark_new/minimal/console @@ -0,0 +1,2 @@ +console-setup +locales diff --git a/archived/ansible/files/apt-mark_new/minimal/core b/archived/ansible/files/apt-mark_new/minimal/core new file mode 100644 index 0000000..43afba8 --- /dev/null +++ b/archived/ansible/files/apt-mark_new/minimal/core @@ -0,0 +1,55 @@ +base-files +base-passwd +bash +bsdutils +coreutils +dash +debconf +debianutils +diffutils +dpkg +e2fslibs +e2fsprogs +findutils +gcc-6-base +grep +gzip +hostname +init-system-helpers +libacl1 +libattr1 +libblkid1 +libc6 +libc-bin +libcomerr2 +libfdisk1 +libgcc1 +liblzma5 +libmount1 +libpam0g +libpam-modules +libpam-modules-bin +libpam-runtime +libpcre3 +libselinux1 +libsepol1 +libsmartcols1 +libss2 +libtinfo5 +libuuid1 +login +lsb-base +mawk +mount +multiarch-support +ncurses-base +ncurses-bin +passwd +perl-base +sed +sensible-utils +sysvinit-utils +tar +tzdata +util-linux +zlib1g diff --git a/archived/ansible/files/apt-mark_new/minimal/disk_encryption b/archived/ansible/files/apt-mark_new/minimal/disk_encryption new file mode 100644 index 0000000..67ecd10 --- /dev/null +++ b/archived/ansible/files/apt-mark_new/minimal/disk_encryption @@ -0,0 +1,2 @@ +cryptsetup +udev diff --git a/archived/ansible/files/apt-mark_new/minimal/man b/archived/ansible/files/apt-mark_new/minimal/man new file mode 100644 index 0000000..f688e67 --- /dev/null +++ b/archived/ansible/files/apt-mark_new/minimal/man @@ -0,0 +1,2 @@ +man-db +manpages diff --git a/archived/ansible/files/apt-mark_new/minimal/minimal_ansible_environment b/archived/ansible/files/apt-mark_new/minimal/minimal_ansible_environment new file mode 100644 index 0000000..f9f4097 --- /dev/null +++ b/archived/ansible/files/apt-mark_new/minimal/minimal_ansible_environment @@ -0,0 +1,3 @@ +ansible +ifupdown # needed for internet connectivity +isc-dhcp-client # needed for internet connectivity diff --git a/archived/ansible/files/apt-mark_new/minimal/minimal_x b/archived/ansible/files/apt-mark_new/minimal/minimal_x new file mode 100644 index 0000000..f785794 --- /dev/null +++ b/archived/ansible/files/apt-mark_new/minimal/minimal_x @@ -0,0 +1,4 @@ +libpam-systemd # needed to start X as non-root +xinit # contains startx +xserver-xorg-core +xserver-xorg-input-evdev # supports all input devices the kernel knows about diff --git a/archived/ansible/files/apt-mark_new/minimal/multimedia b/archived/ansible/files/apt-mark_new/minimal/multimedia new file mode 100644 index 0000000..0bcc060 --- /dev/null +++ b/archived/ansible/files/apt-mark_new/minimal/multimedia @@ -0,0 +1,3 @@ +alsa-utils +mpv +youtube-dl # needed by mpv to directly work YouTube URLs diff --git a/archived/ansible/files/apt-mark_new/minimal/power_management b/archived/ansible/files/apt-mark_new/minimal/power_management new file mode 100644 index 0000000..3dba602 --- /dev/null +++ b/archived/ansible/files/apt-mark_new/minimal/power_management @@ -0,0 +1,2 @@ +acpi-call-dkms # needed for tlp to access Thinkpad-specific features +tlp diff --git a/archived/ansible/files/apt-mark_new/minimal/various_useful b/archived/ansible/files/apt-mark_new/minimal/various_useful new file mode 100644 index 0000000..e37a898 --- /dev/null +++ b/archived/ansible/files/apt-mark_new/minimal/various_useful @@ -0,0 +1,5 @@ +git +less +openssh-client +sudo +vim diff --git a/archived/ansible/files/apt-mark_new/minimal/wifi b/archived/ansible/files/apt-mark_new/minimal/wifi new file mode 100644 index 0000000..4b8432d --- /dev/null +++ b/archived/ansible/files/apt-mark_new/minimal/wifi @@ -0,0 +1 @@ +firmware-iwlwifi # wifi driver diff --git a/archived/ansible/files/console/___etc___default___console-setup b/archived/ansible/files/console/___etc___default___console-setup new file mode 100644 index 0000000..090d241 --- /dev/null +++ b/archived/ansible/files/console/___etc___default___console-setup @@ -0,0 +1,4 @@ +CHARMAP="UTF-8" +CODESET="Lat15" +FONTFACE="Terminus" +FONTSIZE="6x12" diff --git a/archived/ansible/files/console/___etc___default___keyboard b/archived/ansible/files/console/___etc___default___keyboard new file mode 100644 index 0000000..7f08e30 --- /dev/null +++ b/archived/ansible/files/console/___etc___default___keyboard @@ -0,0 +1,4 @@ +# setting XKBMODEL to the questionable default seems to be necessary and works nicely +# curiously, putting a comment on the same line as a variable setting seems to break things +XKBMODEL="pc105" +XKBLAYOUT="de" diff --git a/archived/ansible/files/dirs b/archived/ansible/files/dirs new file mode 100644 index 0000000..269b746 --- /dev/null +++ b/archived/ansible/files/dirs @@ -0,0 +1,2 @@ +/etc/wicd +/etc/acpi/events diff --git a/archived/ansible/files/dirs_new b/archived/ansible/files/dirs_new new file mode 100644 index 0000000..0739bb8 --- /dev/null +++ b/archived/ansible/files/dirs_new @@ -0,0 +1 @@ +/etc/wicd diff --git a/archived/ansible/files/system/___etc___X11___xorg.conf.forced_nvidia b/archived/ansible/files/system/___etc___X11___xorg.conf.forced_nvidia new file mode 100644 index 0000000..605a10d --- /dev/null +++ b/archived/ansible/files/system/___etc___X11___xorg.conf.forced_nvidia @@ -0,0 +1,34 @@ +# This is the Optimus-specific configuration recommended by the "NVIDIA +# Accelerated Linux Graphics Drivre README and Installation Guide", Chapter 32 +# "Offloading Graphics Display with RandR 1.4" +# (<http://us.download.nvidia.com/XFree86/Linux-x86/346.35/README/randr14.html>) +# with the "AllowEmptyInitialConfigratuion" added as described by +# <http://us.download.nvidia.com/XFree86/Linux-x86/346.35/README/randr14.html>. + +Section "ServerLayout" + Identifier "layout" + Screen 0 "nvidia" + Inactive "intel" +EndSection + +Section "Device" + Identifier "nvidia" + Driver "nvidia" + BusID "PCI:01:00:0" + Option "AllowEmptyInitialConfiguration" +EndSection + +Section "Screen" + Identifier "nvidia" + Device "nvidia" +EndSection + +Section "Device" + Identifier "intel" + Driver "modesetting" +EndSection + +Section "Screen" + Identifier "intel" + Device "intel" +EndSection diff --git a/archived/ansible/files/system/___etc___acpi___events___plom-brightness-down b/archived/ansible/files/system/___etc___acpi___events___plom-brightness-down new file mode 100644 index 0000000..8d718d2 --- /dev/null +++ b/archived/ansible/files/system/___etc___acpi___events___plom-brightness-down @@ -0,0 +1,2 @@ +event=video/brightnessdown +action=/root/config/bin/w530_backlight.sh - diff --git a/archived/ansible/files/system/___etc___acpi___events___plom-brightness-up b/archived/ansible/files/system/___etc___acpi___events___plom-brightness-up new file mode 100644 index 0000000..864ce5f --- /dev/null +++ b/archived/ansible/files/system/___etc___acpi___events___plom-brightness-up @@ -0,0 +1,2 @@ +event=video/brightnessup +action=/root/config/bin/w530_backlight.sh + diff --git a/archived/ansible/files/system/___etc___acpi___events___plom-micmute b/archived/ansible/files/system/___etc___acpi___events___plom-micmute new file mode 100644 index 0000000..2aab48e --- /dev/null +++ b/archived/ansible/files/system/___etc___acpi___events___plom-micmute @@ -0,0 +1,2 @@ +event=button/f20 +action=amixer set Mic toggle diff --git a/archived/ansible/files/system/___etc___acpi___events___plom-mute b/archived/ansible/files/system/___etc___acpi___events___plom-mute new file mode 100644 index 0000000..3c40988 --- /dev/null +++ b/archived/ansible/files/system/___etc___acpi___events___plom-mute @@ -0,0 +1,2 @@ +event=button/mute +action=amixer set Master toggle diff --git a/archived/ansible/files/system/___etc___acpi___events___plom-volume-down b/archived/ansible/files/system/___etc___acpi___events___plom-volume-down new file mode 100644 index 0000000..7658b1c --- /dev/null +++ b/archived/ansible/files/system/___etc___acpi___events___plom-volume-down @@ -0,0 +1,2 @@ +event=button/volumedown +action=amixer set Master 10- diff --git a/archived/ansible/files/system/___etc___acpi___events___plom-volume-up b/archived/ansible/files/system/___etc___acpi___events___plom-volume-up new file mode 100644 index 0000000..9ba779f --- /dev/null +++ b/archived/ansible/files/system/___etc___acpi___events___plom-volume-up @@ -0,0 +1,2 @@ +event=button/volumeup +action=amixer set Master 10+ diff --git a/archived/ansible/files/system/___etc___apt___apt.conf.d___99mindeps b/archived/ansible/files/system/___etc___apt___apt.conf.d___99mindeps new file mode 100644 index 0000000..4aaef79 --- /dev/null +++ b/archived/ansible/files/system/___etc___apt___apt.conf.d___99mindeps @@ -0,0 +1,4 @@ +APT::AutoRemove::RecommendsImportant "false"; +APT::AutoRemove::SuggestsImportant "false"; +APT::Install-Recommends "false"; +APT::Install-Suggests "false"; diff --git a/archived/ansible/files/system/___etc___apt___sources.list b/archived/ansible/files/system/___etc___apt___sources.list new file mode 100644 index 0000000..e64d6ee --- /dev/null +++ b/archived/ansible/files/system/___etc___apt___sources.list @@ -0,0 +1,4 @@ +deb http://ftp.debian.org/debian/ stretch main contrib non-free +deb http://ftp.debian.org/debian/ stretch-updates main contrib non-free +deb http://ftp.debian.org/debian stretch-backports main contrib non-free +deb http://security.debian.org/ stretch/updates main contrib non-free diff --git a/archived/ansible/files/system/___etc___default___tlp b/archived/ansible/files/system/___etc___default___tlp new file mode 100644 index 0000000..6db0f60 --- /dev/null +++ b/archived/ansible/files/system/___etc___default___tlp @@ -0,0 +1,278 @@ +# ------------------------------------------------------------------------------ +# tlp - Parameters for power save +# See full explanation: http://linrunner.de/en/tlp/docs/tlp-configuration.html + +# Hint: some features are disabled by default, remove the leading # to enable +# them. + +# Set to 0 to disable, 1 to enable TLP. +TLP_ENABLE=1 + +# Operation mode when no power supply can be detected: AC, BAT +# Concerns some desktop and embedded hardware only. +TLP_DEFAULT_MODE=AC + +# Seconds laptop mode has to wait after the disk goes idle before doing a sync. +# Non-zero value enables, zero disables laptop mode. +DISK_IDLE_SECS_ON_AC=0 +DISK_IDLE_SECS_ON_BAT=2 + +# Dirty page values (timeouts in secs). +MAX_LOST_WORK_SECS_ON_AC=15 +MAX_LOST_WORK_SECS_ON_BAT=60 + +# Hint: CPU parameters below are disabled by default, remove the leading # +# to enable them, otherwise kernel default values are used. + +# Select a CPU frequency scaling governor. +# Intel Core i processor with intel_pstate driver: +# powersave(*), performance +# Older hardware with acpi-cpufreq driver: +# ondemand(*), powersave, performance, conservative +# (*) is recommended. +# Hint: use tlp-stat -p to show the active driver and available governors. +# Important: +# You *must* disable your distribution's governor settings or conflicts will +# occur. ondemand is sufficient for *almost all* workloads, you should know +# what you're doing! +#CPU_SCALING_GOVERNOR_ON_AC=powersave +#CPU_SCALING_GOVERNOR_ON_BAT=powersave + +# Set the min/max frequency available for the scaling governor. +# Possible values strongly depend on your CPU. For available frequencies see +# the output of tlp-stat -p. +#CPU_SCALING_MIN_FREQ_ON_AC=0 +#CPU_SCALING_MAX_FREQ_ON_AC=0 +#CPU_SCALING_MIN_FREQ_ON_BAT=0 +#CPU_SCALING_MAX_FREQ_ON_BAT=0 + +# Set Intel P-state performance: 0..100 (%) +# Limit the max/min P-state to control the power dissipation of the CPU. +# Values are stated as a percentage of the available performance. +# Requires an Intel Core i processor with intel_pstate driver. +#CPU_MIN_PERF_ON_AC=0 +#CPU_MAX_PERF_ON_AC=100 +#CPU_MIN_PERF_ON_BAT=0 +#CPU_MAX_PERF_ON_BAT=30 + +# Set the CPU "turbo boost" feature: 0=disable, 1=allow +# Requires an Intel Core i processor. +# Important: +# - This may conflict with your distribution's governor settings +# - A value of 1 does *not* activate boosting, it just allows it +#CPU_BOOST_ON_AC=1 +#CPU_BOOST_ON_BAT=0 + +# Minimize number of used CPU cores/hyper-threads under light load conditions +SCHED_POWERSAVE_ON_AC=0 +SCHED_POWERSAVE_ON_BAT=1 + +# Kernel NMI Watchdog: +# 0=disable (default, saves power), 1=enable (for kernel debugging only) +NMI_WATCHDOG=0 + +# Change CPU voltages aka "undervolting" - Kernel with PHC patch required +# Frequency voltage pairs are written to: +# /sys/devices/system/cpu/cpu0/cpufreq/phc_controls +# CAUTION: only use this, if you thoroughly understand what you are doing! +#PHC_CONTROLS="F:V F:V F:V F:V" + +# Set CPU performance versus energy savings policy: +# performance, normal, powersave +# Requires kernel module msr and x86_energy_perf_policy from linux-tools +ENERGY_PERF_POLICY_ON_AC=performance +ENERGY_PERF_POLICY_ON_BAT=powersave + +# Hard disk devices; separate multiple devices with spaces (default: sda). +# Devices can be specified by disk ID also (lookup with: tlp diskid). +DISK_DEVICES="sda sdb" + +# Hard disk advanced power management level: 1..254, 255 (max saving, min, off) +# Levels 1..127 may spin down the disk; 255 allowable on most drives. +# Separate values for multiple disks with spaces. Use the special value 'keep' +# to keep the hardware default for the particular disk. +DISK_APM_LEVEL_ON_AC="254 254" +DISK_APM_LEVEL_ON_BAT="128 128" + +# Hard disk spin down timeout: +# 0: spin down disabled +# 1..240: timeouts from 5s to 20min (in units of 5s) +# 241..251: timeouts from 30min to 5.5 hours (in units of 30min) +# See 'man hdparm' for details. +# Separate values for multiple disks with spaces. Use the special value 'keep' +# to keep the hardware default for the particular disk. +#DISK_SPINDOWN_TIMEOUT_ON_AC="0 0" +#DISK_SPINDOWN_TIMEOUT_ON_BAT="0 0" + +# Select IO scheduler for the disk devices: cfq, deadline, noop (Default: cfq); +# Separate values for multiple disks with spaces. Use the special value 'keep' +# to keep the kernel default scheduler for the particular disk. +#DISK_IOSCHED="cfq cfq" + +# SATA aggressive link power management (ALPM): +# min_power, medium_power, max_performance +SATA_LINKPWR_ON_AC=max_performance +SATA_LINKPWR_ON_BAT=min_power + +# Exclude SATA host devices from link power management. +# Separate multiple hosts with spaces. +#SATA_LINKPWR_BLACKLIST="host1" + +# Runtime Power Management for AHCI controllers and disks: +# on=disable, auto=enable +# EXPERIMENTAL ** WARNING: auto will most likely cause system lockups/data loss +#AHCI_RUNTIME_PM_ON_AC=on +#AHCI_RUNTIME_PM_ON_BAT=on + +# Seconds of inactivity before disk is suspended +AHCI_RUNTIME_PM_TIMEOUT=15 + +# PCI Express Active State Power Management (PCIe ASPM): +# default, performance, powersave +PCIE_ASPM_ON_AC=performance +PCIE_ASPM_ON_BAT=powersave + +# Radeon graphics clock speed (profile method): low, mid, high, auto, default; +# auto = mid on BAT, high on AC; default = use hardware defaults. +# (Kernel >= 2.6.35 only, open-source radeon driver explicitly) +RADEON_POWER_PROFILE_ON_AC=high +RADEON_POWER_PROFILE_ON_BAT=low + +# Radeon dynamic power management method (DPM): battery, performance +# (Kernel >= 3.11 only, requires boot option radeon.dpm=1) +RADEON_DPM_STATE_ON_AC=performance +RADEON_DPM_STATE_ON_BAT=battery + +# Radeon DPM performance level: auto, low, high; auto is recommended. +RADEON_DPM_PERF_LEVEL_ON_AC=auto +RADEON_DPM_PERF_LEVEL_ON_BAT=auto + +# WiFi power saving mode: on=enable, off=disable; not supported by all adapters. +WIFI_PWR_ON_AC=off +WIFI_PWR_ON_BAT=on + +# Disable wake on LAN: Y/N +WOL_DISABLE=Y + +# Enable audio power saving for Intel HDA, AC97 devices (timeout in secs). +# A value of 0 disables, >=1 enables power save. +SOUND_POWER_SAVE_ON_AC=0 +SOUND_POWER_SAVE_ON_BAT=1 + +# Disable controller too (HDA only): Y/N +SOUND_POWER_SAVE_CONTROLLER=Y + +# Set to 1 to power off optical drive in UltraBay/MediaBay when running on +# battery. A value of 0 disables this feature (Default). +# Drive can be powered on again by releasing (and reinserting) the eject lever +# or by pressing the disc eject button on newer models. +# Note: an UltraBay/MediaBay hard disk is never powered off. +BAY_POWEROFF_ON_BAT=0 +# Optical drive device to power off (default sr0). +BAY_DEVICE="sr0" + +# Runtime Power Management for PCI(e) bus devices: on=disable, auto=enable +RUNTIME_PM_ON_AC=on +RUNTIME_PM_ON_BAT=auto + +# Runtime PM for *all* PCI(e) bus devices, except blacklisted ones: +# 0=disable, 1=enable +RUNTIME_PM_ALL=1 + +# Exclude PCI(e) device adresses the following list from Runtime PM +# (separate with spaces). Use lspci to get the adresses (1st column). +#RUNTIME_PM_BLACKLIST="bb:dd.f 11:22.3 44:55.6" + +# Exclude PCI(e) devices assigned to the listed drivers from Runtime PM +# (should prevent accidential power on of hybrid graphics' discrete part). +# Default is "radeon nouveau"; use "" to disable the feature completely. +# Separate multiple drivers with spaces. +RUNTIME_PM_DRIVER_BLACKLIST="radeon nouveau" + +# Set to 0 to disable, 1 to enable USB autosuspend feature. +USB_AUTOSUSPEND=1 + +# Exclude listed devices from USB autosuspend (separate with spaces). +# Use lsusb to get the ids. +# Note: input devices (usbhid) are excluded automatically (see below) +#USB_BLACKLIST="1111:2222 3333:4444" + +# WWAN devices are excluded from USB autosuspend: 0=do not exclude / 1=exclude +USB_BLACKLIST_WWAN=1 + +# Include listed devices into USB autosuspend even if already excluded +# by the driver or WWAN blacklists above (separate with spaces). +# Use lsusb to get the ids. +#USB_WHITELIST="1111:2222 3333:4444" + +# Set to 1 to disable autosuspend before shutdown, 0 to do nothing +# (workaround for USB devices that cause shutdown problems). +#USB_AUTOSUSPEND_DISABLE_ON_SHUTDOWN=1 + +# Restore radio device state (Bluetooth, WiFi, WWAN) from previous shutdown +# on system startup: 0=disable, 1=enable. +# Hint: the parameters DEVICES_TO_DISABLE/ENABLE_ON_STARTUP/SHUTDOWN below +# are ignored when this is enabled! +RESTORE_DEVICE_STATE_ON_STARTUP=0 + +# Radio devices to disable on startup: bluetooth, wifi, wwan. +# Separate multiple devices with spaces. +DEVICES_TO_DISABLE_ON_STARTUP="bluetooth wifi wwan" + +# Radio devices to enable on startup: bluetooth, wifi, wwan. +# Separate multiple devices with spaces. +#DEVICES_TO_ENABLE_ON_STARTUP="wifi" + +# Radio devices to disable on shutdown: bluetooth, wifi, wwan +# (workaround for devices that are blocking shutdown). +#DEVICES_TO_DISABLE_ON_SHUTDOWN="bluetooth wifi wwan" + +# Radio devices to enable on shutdown: bluetooth, wifi, wwan +# (to prevent other operating systems from missing radios). +#DEVICES_TO_ENABLE_ON_SHUTDOWN="wwan" + +# Radio devices to enable on AC: bluetooth, wifi, wwan +#DEVICES_TO_ENABLE_ON_AC="bluetooth wifi wwan" + +# Radio devices to disable on battery: bluetooth, wifi, wwan +#DEVICES_TO_DISABLE_ON_BAT="bluetooth wifi wwan" + +# Radio devices to disable on battery when not in use (not connected): +# bluetooth, wifi, wwan +DEVICES_TO_DISABLE_ON_BAT_NOT_IN_USE="bluetooth wifi wwan" + +# Battery charge thresholds (ThinkPad only, tp-smapi or acpi-call kernel module +# required). Charging starts when the remaining capacity falls below the +# START_CHARGE_THRESH value and stops when exceeding the STOP_CHARGE_THRESH value. +# Main / Internal battery (values in %) +START_CHARGE_THRESH_BAT0=10 +STOP_CHARGE_THRESH_BAT0=95 +# Ultrabay / Slice / Replaceable battery (values in %) +START_CHARGE_THRESH_BAT1=10 +STOP_CHARGE_THRESH_BAT1=95 + +# ------------------------------------------------------------------------------ +# tlp-rdw - Parameters for the radio device wizard +# Possible devices: bluetooth, wifi, wwan + +# Hints: +# - Parameters are disabled by default, remove the leading # to enable them. +# - Separate multiple radio devices with spaces. + +# Radio devices to disable on connect. +#DEVICES_TO_DISABLE_ON_LAN_CONNECT="wifi wwan" +#DEVICES_TO_DISABLE_ON_WIFI_CONNECT="wwan" +#DEVICES_TO_DISABLE_ON_WWAN_CONNECT="wifi" + +# Radio devices to enable on disconnect. +#DEVICES_TO_ENABLE_ON_LAN_DISCONNECT="wifi wwan" +#DEVICES_TO_ENABLE_ON_WIFI_DISCONNECT="" +#DEVICES_TO_ENABLE_ON_WWAN_DISCONNECT="" + +# Radio devices to enable/disable when docked. +#DEVICES_TO_ENABLE_ON_DOCK="" +#DEVICES_TO_DISABLE_ON_DOCK="" + +# Radio devices to enable/disable when undocked. +#DEVICES_TO_ENABLE_ON_UNDOCK="wifi" +#DEVICES_TO_DISABLE_ON_UNDOCK="" diff --git a/archived/ansible/files/system/___etc___hostname b/archived/ansible/files/system/___etc___hostname new file mode 100644 index 0000000..8769fca --- /dev/null +++ b/archived/ansible/files/system/___etc___hostname @@ -0,0 +1 @@ +w530 diff --git a/archived/ansible/files/system/___etc___hosts b/archived/ansible/files/system/___etc___hosts new file mode 100644 index 0000000..d920e4f --- /dev/null +++ b/archived/ansible/files/system/___etc___hosts @@ -0,0 +1,7 @@ +127.0.0.1 localhost +127.0.1.1 w530 + +# The following lines are desirable for IPv6 capable hosts +::1 localhost ip6-localhost ip6-loopback +ff02::1 ip6-allnodes +ff02::2 ip6-allrouters diff --git a/archived/ansible/files/system/___etc___profile b/archived/ansible/files/system/___etc___profile new file mode 100644 index 0000000..5884d7b --- /dev/null +++ b/archived/ansible/files/system/___etc___profile @@ -0,0 +1,35 @@ +# /etc/profile: system-wide .profile file for the Bourne shell (sh(1)) +# and Bourne compatible shells (bash(1), ksh(1), ash(1), ...). + +if [ "`id -u`" -eq 0 ]; then + PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" +else + PATH="/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games" +fi +export PATH + +if [ "${PS1-}" ]; then + if [ "${BASH-}" ] && [ "$BASH" != "/bin/sh" ]; then + # The file bash.bashrc already sets the default PS1. + # PS1='\h:\w\$ ' + if [ -f /etc/bash.bashrc ]; then + . /etc/bash.bashrc + fi + else + if [ "`id -u`" -eq 0 ]; then + PS1='# ' + else + PS1='$ ' + fi + fi +fi + +if [ -d /etc/profile.d ]; then + for i in /etc/profile.d/*.sh; do + if [ -r $i ]; then + . $i + fi + done + unset i +fi +export LC_ALL="en_US.UTF-8" diff --git a/archived/ansible/files/system/___etc___systemd___logind.conf b/archived/ansible/files/system/___etc___systemd___logind.conf new file mode 100644 index 0000000..7a9004a --- /dev/null +++ b/archived/ansible/files/system/___etc___systemd___logind.conf @@ -0,0 +1,38 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. +# +# Entries in this file show the compile time defaults. +# You can change settings by editing this file. +# Defaults can be restored by simply deleting this file. +# +# See logind.conf(5) for details. + +[Login] +#NAutoVTs=6 +#ReserveVT=6 +#KillUserProcesses=no +#KillOnlyUsers= +#KillExcludeUsers=root +#InhibitDelayMaxSec=5 +#HandlePowerKey=poweroff +#HandleSuspendKey=suspend +#HandleHibernateKey=hibernate +#HandleLidSwitch=suspend +#HandleLidSwitchDocked=ignore +#PowerKeyIgnoreInhibited=no +#SuspendKeyIgnoreInhibited=no +#HibernateKeyIgnoreInhibited=no +#LidSwitchIgnoreInhibited=yes +#HoldoffTimeoutSec=30s +#IdleAction=ignore +#IdleActionSec=30min +#RuntimeDirectorySize=10% +#RemoveIPC=yes +#InhibitorsMax=8192 +#SessionsMax=8192 +#UserTasksMax=33% +HandleLidSwitch=hibernate diff --git a/archived/ansible/files/system/___etc___timezone b/archived/ansible/files/system/___etc___timezone new file mode 100644 index 0000000..94d5acc --- /dev/null +++ b/archived/ansible/files/system/___etc___timezone @@ -0,0 +1 @@ +Europe/Berlin diff --git a/archived/ansible/files/system/___etc___wicd___manager-settings.conf b/archived/ansible/files/system/___etc___wicd___manager-settings.conf new file mode 100644 index 0000000..d2ef3ee --- /dev/null +++ b/archived/ansible/files/system/___etc___wicd___manager-settings.conf @@ -0,0 +1,24 @@ +[Settings] +backend = external +wireless_interface = wlp3s0 +wired_interface = enp0s25 +wpa_driver = wext +always_show_wired_interface = False +use_global_dns = False +global_dns_1 = None +global_dns_2 = None +global_dns_3 = None +global_dns_dom = None +global_search_dom = None +auto_reconnect = True +debug_mode = False +wired_connect_mode = 1 +signal_display_type = 0 +should_verify_ap = 1 +dhcp_client = 0 +link_detect_tool = 0 +flush_tool = 0 +sudo_app = 0 +prefer_wired = False +show_never_connect = True + diff --git a/archived/ansible/files/system_new/W530/___etc___X11___xorg.conf.forced_nvidia b/archived/ansible/files/system_new/W530/___etc___X11___xorg.conf.forced_nvidia new file mode 100644 index 0000000..e651031 --- /dev/null +++ b/archived/ansible/files/system_new/W530/___etc___X11___xorg.conf.forced_nvidia @@ -0,0 +1,34 @@ +# This is the Optimus-specific configuration recommended by the "NVIDIA +# Accelerated Linux Graphics Driver README and Installation Guide", Chapter 32 +# "Offloading Graphics Display with RandR 1.4" +# (<http://us.download.nvidia.com/XFree86/Linux-x86/346.35/README/randr14.html>) +# with the "AllowEmptyInitialConfigratuion" added as described by +# <http://us.download.nvidia.com/XFree86/Linux-x86/346.35/README/randr14.html>. + +Section "ServerLayout" + Identifier "layout" + Screen 0 "nvidia" + Inactive "intel" +EndSection + +Section "Device" + Identifier "nvidia" + Driver "nvidia" + BusID "PCI:01:00:0" + Option "AllowEmptyInitialConfiguration" +EndSection + +Section "Screen" + Identifier "nvidia" + Device "nvidia" +EndSection + +Section "Device" + Identifier "intel" + Driver "modesetting" +EndSection + +Section "Screen" + Identifier "intel" + Device "intel" +EndSection diff --git a/archived/ansible/files/system_new/W530/___etc___hostname b/archived/ansible/files/system_new/W530/___etc___hostname new file mode 100644 index 0000000..4d385ae --- /dev/null +++ b/archived/ansible/files/system_new/W530/___etc___hostname @@ -0,0 +1 @@ +W530 diff --git a/archived/ansible/files/system_new/W530/___etc___hosts b/archived/ansible/files/system_new/W530/___etc___hosts new file mode 100644 index 0000000..c6f72a5 --- /dev/null +++ b/archived/ansible/files/system_new/W530/___etc___hosts @@ -0,0 +1,7 @@ +127.0.0.1 localhost +127.0.1.1 W530 + +# The following lines are desirable for IPv6 capable hosts +::1 localhost ip6-localhost ip6-loopback +ff02::1 ip6-allnodes +ff02::2 ip6-allrouters diff --git a/archived/ansible/files/system_new/W530/___etc___wicd___manager-settings.conf b/archived/ansible/files/system_new/W530/___etc___wicd___manager-settings.conf new file mode 100644 index 0000000..d2ef3ee --- /dev/null +++ b/archived/ansible/files/system_new/W530/___etc___wicd___manager-settings.conf @@ -0,0 +1,24 @@ +[Settings] +backend = external +wireless_interface = wlp3s0 +wired_interface = enp0s25 +wpa_driver = wext +always_show_wired_interface = False +use_global_dns = False +global_dns_1 = None +global_dns_2 = None +global_dns_3 = None +global_dns_dom = None +global_search_dom = None +auto_reconnect = True +debug_mode = False +wired_connect_mode = 1 +signal_display_type = 0 +should_verify_ap = 1 +dhcp_client = 0 +link_detect_tool = 0 +flush_tool = 0 +sudo_app = 0 +prefer_wired = False +show_never_connect = True + diff --git a/archived/ansible/files/system_new/X200s/___etc___hostname b/archived/ansible/files/system_new/X200s/___etc___hostname new file mode 100644 index 0000000..d241415 --- /dev/null +++ b/archived/ansible/files/system_new/X200s/___etc___hostname @@ -0,0 +1 @@ +X200s diff --git a/archived/ansible/files/system_new/X200s/___etc___hosts b/archived/ansible/files/system_new/X200s/___etc___hosts new file mode 100644 index 0000000..b275ecb --- /dev/null +++ b/archived/ansible/files/system_new/X200s/___etc___hosts @@ -0,0 +1,7 @@ +127.0.0.1 localhost +127.0.1.1 X200s + +# The following lines are desirable for IPv6 capable hosts +::1 localhost ip6-localhost ip6-loopback +ff02::1 ip6-allnodes +ff02::2 ip6-allrouters diff --git a/archived/ansible/files/system_new/minimal/___etc___apt___apt.conf.d___99mindeps b/archived/ansible/files/system_new/minimal/___etc___apt___apt.conf.d___99mindeps new file mode 100644 index 0000000..4aaef79 --- /dev/null +++ b/archived/ansible/files/system_new/minimal/___etc___apt___apt.conf.d___99mindeps @@ -0,0 +1,4 @@ +APT::AutoRemove::RecommendsImportant "false"; +APT::AutoRemove::SuggestsImportant "false"; +APT::Install-Recommends "false"; +APT::Install-Suggests "false"; diff --git a/archived/ansible/files/system_new/minimal/___etc___apt___sources.list b/archived/ansible/files/system_new/minimal/___etc___apt___sources.list new file mode 100644 index 0000000..e64d6ee --- /dev/null +++ b/archived/ansible/files/system_new/minimal/___etc___apt___sources.list @@ -0,0 +1,4 @@ +deb http://ftp.debian.org/debian/ stretch main contrib non-free +deb http://ftp.debian.org/debian/ stretch-updates main contrib non-free +deb http://ftp.debian.org/debian stretch-backports main contrib non-free +deb http://security.debian.org/ stretch/updates main contrib non-free diff --git a/archived/ansible/files/system_new/minimal/___etc___apt___sources.list.d___palemoon.list b/archived/ansible/files/system_new/minimal/___etc___apt___sources.list.d___palemoon.list new file mode 100644 index 0000000..f90488e --- /dev/null +++ b/archived/ansible/files/system_new/minimal/___etc___apt___sources.list.d___palemoon.list @@ -0,0 +1 @@ +deb http://download.opensuse.org/repositories/home:/stevenpusser/Debian_9.0/ / diff --git a/archived/ansible/files/system_new/minimal/___etc___default___tlp b/archived/ansible/files/system_new/minimal/___etc___default___tlp new file mode 100644 index 0000000..6db0f60 --- /dev/null +++ b/archived/ansible/files/system_new/minimal/___etc___default___tlp @@ -0,0 +1,278 @@ +# ------------------------------------------------------------------------------ +# tlp - Parameters for power save +# See full explanation: http://linrunner.de/en/tlp/docs/tlp-configuration.html + +# Hint: some features are disabled by default, remove the leading # to enable +# them. + +# Set to 0 to disable, 1 to enable TLP. +TLP_ENABLE=1 + +# Operation mode when no power supply can be detected: AC, BAT +# Concerns some desktop and embedded hardware only. +TLP_DEFAULT_MODE=AC + +# Seconds laptop mode has to wait after the disk goes idle before doing a sync. +# Non-zero value enables, zero disables laptop mode. +DISK_IDLE_SECS_ON_AC=0 +DISK_IDLE_SECS_ON_BAT=2 + +# Dirty page values (timeouts in secs). +MAX_LOST_WORK_SECS_ON_AC=15 +MAX_LOST_WORK_SECS_ON_BAT=60 + +# Hint: CPU parameters below are disabled by default, remove the leading # +# to enable them, otherwise kernel default values are used. + +# Select a CPU frequency scaling governor. +# Intel Core i processor with intel_pstate driver: +# powersave(*), performance +# Older hardware with acpi-cpufreq driver: +# ondemand(*), powersave, performance, conservative +# (*) is recommended. +# Hint: use tlp-stat -p to show the active driver and available governors. +# Important: +# You *must* disable your distribution's governor settings or conflicts will +# occur. ondemand is sufficient for *almost all* workloads, you should know +# what you're doing! +#CPU_SCALING_GOVERNOR_ON_AC=powersave +#CPU_SCALING_GOVERNOR_ON_BAT=powersave + +# Set the min/max frequency available for the scaling governor. +# Possible values strongly depend on your CPU. For available frequencies see +# the output of tlp-stat -p. +#CPU_SCALING_MIN_FREQ_ON_AC=0 +#CPU_SCALING_MAX_FREQ_ON_AC=0 +#CPU_SCALING_MIN_FREQ_ON_BAT=0 +#CPU_SCALING_MAX_FREQ_ON_BAT=0 + +# Set Intel P-state performance: 0..100 (%) +# Limit the max/min P-state to control the power dissipation of the CPU. +# Values are stated as a percentage of the available performance. +# Requires an Intel Core i processor with intel_pstate driver. +#CPU_MIN_PERF_ON_AC=0 +#CPU_MAX_PERF_ON_AC=100 +#CPU_MIN_PERF_ON_BAT=0 +#CPU_MAX_PERF_ON_BAT=30 + +# Set the CPU "turbo boost" feature: 0=disable, 1=allow +# Requires an Intel Core i processor. +# Important: +# - This may conflict with your distribution's governor settings +# - A value of 1 does *not* activate boosting, it just allows it +#CPU_BOOST_ON_AC=1 +#CPU_BOOST_ON_BAT=0 + +# Minimize number of used CPU cores/hyper-threads under light load conditions +SCHED_POWERSAVE_ON_AC=0 +SCHED_POWERSAVE_ON_BAT=1 + +# Kernel NMI Watchdog: +# 0=disable (default, saves power), 1=enable (for kernel debugging only) +NMI_WATCHDOG=0 + +# Change CPU voltages aka "undervolting" - Kernel with PHC patch required +# Frequency voltage pairs are written to: +# /sys/devices/system/cpu/cpu0/cpufreq/phc_controls +# CAUTION: only use this, if you thoroughly understand what you are doing! +#PHC_CONTROLS="F:V F:V F:V F:V" + +# Set CPU performance versus energy savings policy: +# performance, normal, powersave +# Requires kernel module msr and x86_energy_perf_policy from linux-tools +ENERGY_PERF_POLICY_ON_AC=performance +ENERGY_PERF_POLICY_ON_BAT=powersave + +# Hard disk devices; separate multiple devices with spaces (default: sda). +# Devices can be specified by disk ID also (lookup with: tlp diskid). +DISK_DEVICES="sda sdb" + +# Hard disk advanced power management level: 1..254, 255 (max saving, min, off) +# Levels 1..127 may spin down the disk; 255 allowable on most drives. +# Separate values for multiple disks with spaces. Use the special value 'keep' +# to keep the hardware default for the particular disk. +DISK_APM_LEVEL_ON_AC="254 254" +DISK_APM_LEVEL_ON_BAT="128 128" + +# Hard disk spin down timeout: +# 0: spin down disabled +# 1..240: timeouts from 5s to 20min (in units of 5s) +# 241..251: timeouts from 30min to 5.5 hours (in units of 30min) +# See 'man hdparm' for details. +# Separate values for multiple disks with spaces. Use the special value 'keep' +# to keep the hardware default for the particular disk. +#DISK_SPINDOWN_TIMEOUT_ON_AC="0 0" +#DISK_SPINDOWN_TIMEOUT_ON_BAT="0 0" + +# Select IO scheduler for the disk devices: cfq, deadline, noop (Default: cfq); +# Separate values for multiple disks with spaces. Use the special value 'keep' +# to keep the kernel default scheduler for the particular disk. +#DISK_IOSCHED="cfq cfq" + +# SATA aggressive link power management (ALPM): +# min_power, medium_power, max_performance +SATA_LINKPWR_ON_AC=max_performance +SATA_LINKPWR_ON_BAT=min_power + +# Exclude SATA host devices from link power management. +# Separate multiple hosts with spaces. +#SATA_LINKPWR_BLACKLIST="host1" + +# Runtime Power Management for AHCI controllers and disks: +# on=disable, auto=enable +# EXPERIMENTAL ** WARNING: auto will most likely cause system lockups/data loss +#AHCI_RUNTIME_PM_ON_AC=on +#AHCI_RUNTIME_PM_ON_BAT=on + +# Seconds of inactivity before disk is suspended +AHCI_RUNTIME_PM_TIMEOUT=15 + +# PCI Express Active State Power Management (PCIe ASPM): +# default, performance, powersave +PCIE_ASPM_ON_AC=performance +PCIE_ASPM_ON_BAT=powersave + +# Radeon graphics clock speed (profile method): low, mid, high, auto, default; +# auto = mid on BAT, high on AC; default = use hardware defaults. +# (Kernel >= 2.6.35 only, open-source radeon driver explicitly) +RADEON_POWER_PROFILE_ON_AC=high +RADEON_POWER_PROFILE_ON_BAT=low + +# Radeon dynamic power management method (DPM): battery, performance +# (Kernel >= 3.11 only, requires boot option radeon.dpm=1) +RADEON_DPM_STATE_ON_AC=performance +RADEON_DPM_STATE_ON_BAT=battery + +# Radeon DPM performance level: auto, low, high; auto is recommended. +RADEON_DPM_PERF_LEVEL_ON_AC=auto +RADEON_DPM_PERF_LEVEL_ON_BAT=auto + +# WiFi power saving mode: on=enable, off=disable; not supported by all adapters. +WIFI_PWR_ON_AC=off +WIFI_PWR_ON_BAT=on + +# Disable wake on LAN: Y/N +WOL_DISABLE=Y + +# Enable audio power saving for Intel HDA, AC97 devices (timeout in secs). +# A value of 0 disables, >=1 enables power save. +SOUND_POWER_SAVE_ON_AC=0 +SOUND_POWER_SAVE_ON_BAT=1 + +# Disable controller too (HDA only): Y/N +SOUND_POWER_SAVE_CONTROLLER=Y + +# Set to 1 to power off optical drive in UltraBay/MediaBay when running on +# battery. A value of 0 disables this feature (Default). +# Drive can be powered on again by releasing (and reinserting) the eject lever +# or by pressing the disc eject button on newer models. +# Note: an UltraBay/MediaBay hard disk is never powered off. +BAY_POWEROFF_ON_BAT=0 +# Optical drive device to power off (default sr0). +BAY_DEVICE="sr0" + +# Runtime Power Management for PCI(e) bus devices: on=disable, auto=enable +RUNTIME_PM_ON_AC=on +RUNTIME_PM_ON_BAT=auto + +# Runtime PM for *all* PCI(e) bus devices, except blacklisted ones: +# 0=disable, 1=enable +RUNTIME_PM_ALL=1 + +# Exclude PCI(e) device adresses the following list from Runtime PM +# (separate with spaces). Use lspci to get the adresses (1st column). +#RUNTIME_PM_BLACKLIST="bb:dd.f 11:22.3 44:55.6" + +# Exclude PCI(e) devices assigned to the listed drivers from Runtime PM +# (should prevent accidential power on of hybrid graphics' discrete part). +# Default is "radeon nouveau"; use "" to disable the feature completely. +# Separate multiple drivers with spaces. +RUNTIME_PM_DRIVER_BLACKLIST="radeon nouveau" + +# Set to 0 to disable, 1 to enable USB autosuspend feature. +USB_AUTOSUSPEND=1 + +# Exclude listed devices from USB autosuspend (separate with spaces). +# Use lsusb to get the ids. +# Note: input devices (usbhid) are excluded automatically (see below) +#USB_BLACKLIST="1111:2222 3333:4444" + +# WWAN devices are excluded from USB autosuspend: 0=do not exclude / 1=exclude +USB_BLACKLIST_WWAN=1 + +# Include listed devices into USB autosuspend even if already excluded +# by the driver or WWAN blacklists above (separate with spaces). +# Use lsusb to get the ids. +#USB_WHITELIST="1111:2222 3333:4444" + +# Set to 1 to disable autosuspend before shutdown, 0 to do nothing +# (workaround for USB devices that cause shutdown problems). +#USB_AUTOSUSPEND_DISABLE_ON_SHUTDOWN=1 + +# Restore radio device state (Bluetooth, WiFi, WWAN) from previous shutdown +# on system startup: 0=disable, 1=enable. +# Hint: the parameters DEVICES_TO_DISABLE/ENABLE_ON_STARTUP/SHUTDOWN below +# are ignored when this is enabled! +RESTORE_DEVICE_STATE_ON_STARTUP=0 + +# Radio devices to disable on startup: bluetooth, wifi, wwan. +# Separate multiple devices with spaces. +DEVICES_TO_DISABLE_ON_STARTUP="bluetooth wifi wwan" + +# Radio devices to enable on startup: bluetooth, wifi, wwan. +# Separate multiple devices with spaces. +#DEVICES_TO_ENABLE_ON_STARTUP="wifi" + +# Radio devices to disable on shutdown: bluetooth, wifi, wwan +# (workaround for devices that are blocking shutdown). +#DEVICES_TO_DISABLE_ON_SHUTDOWN="bluetooth wifi wwan" + +# Radio devices to enable on shutdown: bluetooth, wifi, wwan +# (to prevent other operating systems from missing radios). +#DEVICES_TO_ENABLE_ON_SHUTDOWN="wwan" + +# Radio devices to enable on AC: bluetooth, wifi, wwan +#DEVICES_TO_ENABLE_ON_AC="bluetooth wifi wwan" + +# Radio devices to disable on battery: bluetooth, wifi, wwan +#DEVICES_TO_DISABLE_ON_BAT="bluetooth wifi wwan" + +# Radio devices to disable on battery when not in use (not connected): +# bluetooth, wifi, wwan +DEVICES_TO_DISABLE_ON_BAT_NOT_IN_USE="bluetooth wifi wwan" + +# Battery charge thresholds (ThinkPad only, tp-smapi or acpi-call kernel module +# required). Charging starts when the remaining capacity falls below the +# START_CHARGE_THRESH value and stops when exceeding the STOP_CHARGE_THRESH value. +# Main / Internal battery (values in %) +START_CHARGE_THRESH_BAT0=10 +STOP_CHARGE_THRESH_BAT0=95 +# Ultrabay / Slice / Replaceable battery (values in %) +START_CHARGE_THRESH_BAT1=10 +STOP_CHARGE_THRESH_BAT1=95 + +# ------------------------------------------------------------------------------ +# tlp-rdw - Parameters for the radio device wizard +# Possible devices: bluetooth, wifi, wwan + +# Hints: +# - Parameters are disabled by default, remove the leading # to enable them. +# - Separate multiple radio devices with spaces. + +# Radio devices to disable on connect. +#DEVICES_TO_DISABLE_ON_LAN_CONNECT="wifi wwan" +#DEVICES_TO_DISABLE_ON_WIFI_CONNECT="wwan" +#DEVICES_TO_DISABLE_ON_WWAN_CONNECT="wifi" + +# Radio devices to enable on disconnect. +#DEVICES_TO_ENABLE_ON_LAN_DISCONNECT="wifi wwan" +#DEVICES_TO_ENABLE_ON_WIFI_DISCONNECT="" +#DEVICES_TO_ENABLE_ON_WWAN_DISCONNECT="" + +# Radio devices to enable/disable when docked. +#DEVICES_TO_ENABLE_ON_DOCK="" +#DEVICES_TO_DISABLE_ON_DOCK="" + +# Radio devices to enable/disable when undocked. +#DEVICES_TO_ENABLE_ON_UNDOCK="wifi" +#DEVICES_TO_DISABLE_ON_UNDOCK="" diff --git a/archived/ansible/files/system_new/minimal/___etc___profile b/archived/ansible/files/system_new/minimal/___etc___profile new file mode 100644 index 0000000..5884d7b --- /dev/null +++ b/archived/ansible/files/system_new/minimal/___etc___profile @@ -0,0 +1,35 @@ +# /etc/profile: system-wide .profile file for the Bourne shell (sh(1)) +# and Bourne compatible shells (bash(1), ksh(1), ash(1), ...). + +if [ "`id -u`" -eq 0 ]; then + PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" +else + PATH="/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games" +fi +export PATH + +if [ "${PS1-}" ]; then + if [ "${BASH-}" ] && [ "$BASH" != "/bin/sh" ]; then + # The file bash.bashrc already sets the default PS1. + # PS1='\h:\w\$ ' + if [ -f /etc/bash.bashrc ]; then + . /etc/bash.bashrc + fi + else + if [ "`id -u`" -eq 0 ]; then + PS1='# ' + else + PS1='$ ' + fi + fi +fi + +if [ -d /etc/profile.d ]; then + for i in /etc/profile.d/*.sh; do + if [ -r $i ]; then + . $i + fi + done + unset i +fi +export LC_ALL="en_US.UTF-8" diff --git a/archived/ansible/files/system_new/minimal/___etc___systemd___logind.conf b/archived/ansible/files/system_new/minimal/___etc___systemd___logind.conf new file mode 100644 index 0000000..7a9004a --- /dev/null +++ b/archived/ansible/files/system_new/minimal/___etc___systemd___logind.conf @@ -0,0 +1,38 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. +# +# Entries in this file show the compile time defaults. +# You can change settings by editing this file. +# Defaults can be restored by simply deleting this file. +# +# See logind.conf(5) for details. + +[Login] +#NAutoVTs=6 +#ReserveVT=6 +#KillUserProcesses=no +#KillOnlyUsers= +#KillExcludeUsers=root +#InhibitDelayMaxSec=5 +#HandlePowerKey=poweroff +#HandleSuspendKey=suspend +#HandleHibernateKey=hibernate +#HandleLidSwitch=suspend +#HandleLidSwitchDocked=ignore +#PowerKeyIgnoreInhibited=no +#SuspendKeyIgnoreInhibited=no +#HibernateKeyIgnoreInhibited=no +#LidSwitchIgnoreInhibited=yes +#HoldoffTimeoutSec=30s +#IdleAction=ignore +#IdleActionSec=30min +#RuntimeDirectorySize=10% +#RemoveIPC=yes +#InhibitorsMax=8192 +#SessionsMax=8192 +#UserTasksMax=33% +HandleLidSwitch=hibernate diff --git a/archived/ansible/files/system_new/minimal/___etc___timezone b/archived/ansible/files/system_new/minimal/___etc___timezone new file mode 100644 index 0000000..94d5acc --- /dev/null +++ b/archived/ansible/files/system_new/minimal/___etc___timezone @@ -0,0 +1 @@ +Europe/Berlin diff --git a/archived/ansible/run_root.sh b/archived/ansible/run_root.sh new file mode 100755 index 0000000..02856c2 --- /dev/null +++ b/archived/ansible/run_root.sh @@ -0,0 +1 @@ +ansible-playbook -i 'localhost,' -c local config.yml diff --git a/archived/ansible/run_root_new.sh b/archived/ansible/run_root_new.sh new file mode 100755 index 0000000..36408a8 --- /dev/null +++ b/archived/ansible/run_root_new.sh @@ -0,0 +1 @@ +ansible-playbook -i 'localhost,' -e system_name=X200s -c local config_new.yml diff --git a/archived/ansible/run_user.sh b/archived/ansible/run_user.sh new file mode 100755 index 0000000..e52b521 --- /dev/null +++ b/archived/ansible/run_user.sh @@ -0,0 +1 @@ +ansible-playbook -i 'localhost,' -c local user.yml diff --git a/archived/ansible/run_user_new.sh b/archived/ansible/run_user_new.sh new file mode 100755 index 0000000..510faad --- /dev/null +++ b/archived/ansible/run_user_new.sh @@ -0,0 +1 @@ +ansible-playbook -i 'localhost,' -e system_name=X200s -c local user_new.yml diff --git a/archived/ansible/tasks/initial_purge.yml b/archived/ansible/tasks/initial_purge.yml new file mode 100644 index 0000000..63fddd9 --- /dev/null +++ b/archived/ansible/tasks/initial_purge.yml @@ -0,0 +1,25 @@ +--- + +- name: collect officially required packages + shell: dpkg-query -Wf '${Package} ${Priority}\n' | grep ' required' | sed 's/ required//' > /tmp/list_white_unsorted + +- name: add "ifupdown" and "isc-dhcp-client" (to keep internet connection afterwards) and "ansible" (to keep its modules available for continuing the configuration) to required packages + shell: echo 'ifupdown' >> /tmp/list_white_unsorted && echo 'isc-dhcp-client' >> /tmp/list_white_unsorted && echo 'ansible' >> /tmp/list_white_unsorted && sort /tmp/list_white_unsorted > /tmp/list_white + +- name: collect currently installed packages + shell: dpkg-query -Wf '${Package}\n' > /tmp/list_all_packages && sort /tmp/list_all_packages > /tmp/foo && mv /tmp/foo /tmp/list_all_packages + +- name: create black list of packages to mark as automatically installed from the difference between the required packages and the packages currently installed + shell: comm -3 /tmp/list_all_packages /tmp/list_white > /tmp/list_black + +- name: mark all packages from black list as automatically installed + shell: apt-mark auto $(cat /tmp/list_black) + +- name: purge all packages automatically installed that are not depended on + shell: DEBIAN_FRONTEND=noninteractive apt-get -y --purge autoremove + +- name: ensure flags directory exists + file: path=flags state=directory + +- name: set initial_purge_happened flag, so that this whole process does not get repeated + file: path=flags/initial_purge_happened state=touch diff --git a/archived/ansible/tasks/qutebrowser.yml b/archived/ansible/tasks/qutebrowser.yml new file mode 100644 index 0000000..916c854 --- /dev/null +++ b/archived/ansible/tasks/qutebrowser.yml @@ -0,0 +1,45 @@ +--- + +- name: Set qutebrowser, python3-pypeg2 facts. + set_fact: + qutebrowser_deb_url: https://github.com/qutebrowser/qutebrowser/releases/download/v0.11.0/qutebrowser_0.11.0-1_all.deb + python3pypeg2_deb_url: https://qutebrowser.org/python3-pypeg2_2.15.2-1_all.deb + qutebrowser_deb_path: /tmp/qutebrowser.deb + python3pypeg2_deb_path: /tmp/python3-pypeg2.deb + +- name: Check if qutebrowser is installed. + command: dpkg-query -W qutebrowser + register: qutebrowser_debcheck + failed_when: qutebrowser_debcheck.rc > 1 + changed_when: qutebrowser_debcheck.rc == 1 + +- name: Check if qutebrowser-dependency python3-pypeg2 is installed. + command: dpkg-query -W python3-pypeg2 + register: python3pypeg2_debcheck + failed_when: python3pypeg2_debcheck.rc > 1 + changed_when: python3pypeg2_debcheck.rc == 1 + when: qutebrowser_debcheck.rc == 1 + +- name: Download python3-pypeg2 package. + get_url: url={{ python3pypeg2_deb_url }} dest={{ python3pypeg2_deb_path }} + when: qutebrowser_debcheck.rc == 1 and python3pypeg2_debcheck.rc == 1 + +- name: Download qutebrowser package. + get_url: url={{ qutebrowser_deb_url }} dest={{ qutebrowser_deb_path }} + when: qutebrowser_debcheck.rc == 1 + +# We use command: apt as a workaround because the Ansible apt module installs +# the Depends of the .deb marked as manual while we want them marked as auto. +- name: Install python3-pypeg2 package, + command: apt install --yes "{{ python3pypeg2_deb_path}}" + when: qutebrowser_debcheck.rc == 1 and python3pypeg2_debcheck.rc == 1 + +- name: Mark python3-pypeg2 package as automatically installed. + command: apt-mark auto python3-pypeg2 + when: qutebrowser_debcheck.rc == 1 and python3pypeg2_debcheck.rc == 1 + +# We use command: apt as a workaround because the Ansible apt module installs +# the Depends of the .deb marked as manual while we want them marked as auto. +- name: Install qutebrowser package. + command: apt install --yes "{{ qutebrowser_deb_path}}" + when: qutebrowser_debcheck.rc == 1 diff --git a/archived/ansible/user.yml b/archived/ansible/user.yml new file mode 100644 index 0000000..07dd189 --- /dev/null +++ b/archived/ansible/user.yml @@ -0,0 +1,13 @@ +- hosts: all + tasks: + + - name: ensure ~/.vimbackups directory + file: state=directory dest=~/.vimbackups + - name: Ensure dotfile symlinks + file: state=link force=yes src={{item}} dest=~/.{{item|basename}} + with_fileglob: + - ~/config/dotfiles/minimal/* + - ~/config/dotfiles/user/thinkpad/minimal/* + - ~/config/dotfiles/user/thinkpad/W530/* + - name: ensure ~/downloads directory + file: state=directory dest=~/downloads diff --git a/archived/ansible/user_new.yml b/archived/ansible/user_new.yml new file mode 100644 index 0000000..d6f46af --- /dev/null +++ b/archived/ansible/user_new.yml @@ -0,0 +1,13 @@ +- hosts: all + tasks: + + - name: ensure ~/.vimbackups directory + file: state=directory dest=~/.vimbackups + - name: Ensure dotfile symlinks + file: state=link force=yes src={{item}} dest=~/.{{item|basename}} + with_fileglob: + - ~/config/dotfiles/minimal/* + - ~/config/dotfiles/user/thinkpad/minimal/* + - ~/config/dotfiles/user/thinkpad/{{ system_name }}/* + - name: ensure ~/downloads directory + file: state=directory dest=~/downloads diff --git a/archived/archive_plomroma.py b/archived/archive_plomroma.py new file mode 100755 index 0000000..0ad89b7 --- /dev/null +++ b/archived/archive_plomroma.py @@ -0,0 +1,86 @@ +#!/usr/bin/env python3 +import lxml +import argparse +# use with `find status.plomlompom.com -type f -name "*.html" -exec ./archive_plomroma.py -f {} \;` + +parser = argparse.ArgumentParser(description="archive plom's self-hosted pleroma feed") +parser.add_argument("-f", "--file", dest="file", required=True, help="HTML file to process") +args = parser.parse_args() +print("processing", args.file) + +def print_tree(node, level=0): + tag = node.tag + id = node.get("id") + classes = node.get("class") + text = (node.text or "").strip() + attributes_info = [] + if id: + attributes_info.append(f"id='{id}'") + if classes: + attributes_info.append(f"class='{classes}'") + attr_str = " ".join(attributes_info) + print(" " * level + f"<{tag} {attr_str}>", end="") + if text: + print(f" -> {text}") + else: + print() + for child in node: + print_tree(child, level + 1) + +with open(args.file, "r", encoding="utf-8") as file: + content = file.read() +from lxml import html +tree = html.fromstring(content) + +atom_links = tree.xpath('/html/head/link[@rel="alternate"]') +for atom_link in atom_links: + atom_link.getparent().remove(atom_link) +comments = tree.xpath('//comment()') +for comment in comments: + comment.getparent().remove(comment) +forms = tree.xpath('//form') +for form in forms: + form.getparent().remove(form) + + +def has_class(context, element, class_name): + classes = element[0].get('class', '').split() + return class_name in classes +ns = lxml.etree.FunctionNamespace(None) +ns['has-class'] = has_class +matching_divs = tree.xpath('//div[has-class(., "activity") and .//div[has-class(., "p-author")] and .//bdi[has-class(., "p-name") and string()!="plomlompom"]]') +imgs = tree.xpath('//img') +for img in imgs: + src = img.get('src') + if src and not src.startswith('https://status.plomlompom.com/'): + img.attrib.pop('src', None) + alt = img.get('alt') + if alt and not alt.startswith('../'): + img.attrib.pop('alt', None) + title = img.get('title') + if title and not title.startswith('../'): + img.attrib.pop('title', None) +removal_notice = "[Removed foreign content for static archive, follow permalink on date to see original.]" +for activity_div in matching_divs: + details = activity_div.xpath('.//details[./div[has-class]]') + for detail in details: + new_div = lxml.etree.Element("div") + new_div.text = removal_notice + detail.getparent().replace(detail, new_div) + e_contents = activity_div.xpath('.//div[has-class(., "e-content") or has-class(., "activity-content")]') + for content in e_contents: + content.clear() + content.text = removal_notice + +header = """ +<p style="text-align: right;"><a href="https://plomlompom.com/contact.html">contact</a> / <a href="https://plomlompom.com/privacy.html">privacy</a></p> +<p>plomroma (archived): This site is a static archive of a Pleroma instance formerly hosted by me, to preserve my own messages from that time. Foreign content has been removed, but may still be available via links.</p> +<hr /> +""" +tree.body.insert(0, html.fromstring(header)) + +# print_tree(tree) +with open(args.file, "w", encoding="utf-8") as file: + file.write(html.tostring(tree, pretty_print=True, encoding="utf-8").decode("utf-8")) + +print("done") diff --git a/archived/bin/broiler_in.sh b/archived/bin/broiler_in.sh new file mode 100755 index 0000000..5b16ddd --- /dev/null +++ b/archived/bin/broiler_in.sh @@ -0,0 +1,3 @@ +#!/bin/sh +cd ~/plomlombot-irc +./run.sh -r 604800 -n broiler_in "#nodrama.de" diff --git a/archived/bin/hubbabubba.sh b/archived/bin/hubbabubba.sh new file mode 100755 index 0000000..50cc0f6 --- /dev/null +++ b/archived/bin/hubbabubba.sh @@ -0,0 +1,3 @@ +#!/bin/sh +cd ~/plomlombot-irc +./run.sh -r 604800 -n hubbabubba "#freakazoid" diff --git a/archived/bin/i3status_wrapper.py b/archived/bin/i3status_wrapper.py new file mode 100755 index 0000000..aa7b7c2 --- /dev/null +++ b/archived/bin/i3status_wrapper.py @@ -0,0 +1,26 @@ +#!/usr/bin/env python3 +# -*- coding: utf-8 -*- + +# Inspired by http://code.stapelberg.de/git/i3status/tree/contrib/wrapper.py + +import sys +import json +import subprocess + +def print_nonbuffered(message): + sys.stdout.write(message) + sys.stdout.flush() + +if __name__ == '__main__': + print_nonbuffered(sys.stdin.readline()) + print_nonbuffered(sys.stdin.readline()) + while True: + line, prefix = sys.stdin.readline(), '' + if line.startswith(','): + line, prefix = line[1:], ',' + j = json.loads(line) + if '1' == subprocess.getoutput('xset q | grep LED')[65]: + j.insert(len(j), {'full_text' : 'CAPS', + 'separator_block_width': 40, + 'color': '#FF0000'}) + print_nonbuffered(prefix+json.dumps(j)) diff --git a/archived/bin/install_certs.sh b/archived/bin/install_certs.sh new file mode 100755 index 0000000..5ef46b0 --- /dev/null +++ b/archived/bin/install_certs.sh @@ -0,0 +1,7 @@ +#!/bin/sh + +set -e +set -x + +~/letsencrypt/letsencrypt-auto certonly --standalone -d dump.plomlompom.com +~/letsencrypt/letsencrypt-auto certonly --standalone -d htwtxt.plomlompom.com diff --git a/archived/bin/network.sh b/archived/bin/network.sh new file mode 100755 index 0000000..5f88461 --- /dev/null +++ b/archived/bin/network.sh @@ -0,0 +1,65 @@ +#!/bin/sh + +eth_interface=enp0s25 +wifi_interface=wls1 + +ensure_wifi_on() { + if [ ! "$(wifi)" = "wifi = on" ]; then + #wifi on + ip link set "$wifi_interface" up + fi +} + +if ! echo "${1}"; then + echo 'No command given.' + print_usage + exit 1 +elif [ "${1}" = 'eth_connect' ]; then + ip link set "$eth_interface" up + dhclient "$eth_interface" + +elif [ "${1}" = 'eth_disconnect' ]; then + ip link set "$eth_interface" down + +elif [ "${1}" = 'wifi_scan' ]; then + ensure_wifi_on + ip link set "$wifi_interface" up + iw dev "$wifi_interface" scan | grep SSID + +elif [ "${1}" = 'wifi_connect_open' ]; then + ensure_wifi_on + iw dev "$wifi_interface" connect "${2}" + dhclient "$wifi_interface" + #ip route delete default + #ip route add default via 192.168.1.1 dev wls1 + +elif [ "${1}" = 'wifi_connect_wep_ascii' ]; then + ensure_wifi_on + iw dev "$wifi_interface" connect "${2}" key 0:"${3}" + dhclient "$wifi_interface" + +elif [ "${1}" = 'wifi_connect_wep_hex' ]; then + ensure_wifi_on + iw dev "$wifi_interface" connect "${2}" key d:0:"${3}" + dhclient "$wifi_interface" + +elif [ "${1}" = 'wifi_connect_wpa' ]; then + ensure_wifi_on + wpa_passphrase "${2}" "${3}" > /tmp/wpa_supplicant.conf + wpa_supplicant -B -i "$wifi_interface" -c /tmp/wpa_supplicant.conf + dhclient "$wifi_interface" + +elif [ "${1}" = 'wifi_disconnect' ]; then + ip link set "$wifi_interface" down + +else + echo 'Available commands:' + echo ' eth_connect' + echo ' eth_disconnect' + echo ' wifi_scan' + echo ' wifi_connect_open SSID' + echo ' wifi_connect_wep_ascii SSID KEY' + echo ' wifi_connect_wep_hex SSID KEY' + echo ' wifi_connect_wpa SSID KEY' + echo ' wifi_disconnect' +fi diff --git a/archived/bin/plomlombot.sh b/archived/bin/plomlombot.sh new file mode 100755 index 0000000..1153d2d --- /dev/null +++ b/archived/bin/plomlombot.sh @@ -0,0 +1,3 @@ +#!/bin/sh +cd ~/plomlombot-irc +./run.sh -r 604800 -n botlomplom "#zrolaps" diff --git a/archived/bin/renew_certs.sh b/archived/bin/renew_certs.sh new file mode 100755 index 0000000..d1853b5 --- /dev/null +++ b/archived/bin/renew_certs.sh @@ -0,0 +1,5 @@ +#!/bin/sh + +service nginx stop +~/letsencrypt/letsencrypt-auto renew +service nginx restart diff --git a/archived/bin/setup_opendkim.sh b/archived/bin/setup_opendkim.sh new file mode 100755 index 0000000..ce1e3d5 --- /dev/null +++ b/archived/bin/setup_opendkim.sh @@ -0,0 +1,65 @@ +#!/bin/sh +set -e +selector=$1 +file=$2 + +if [ ! -n "$selector" ]; then + cat << EOF +Usage: $0 SELECTOR [KEYFILE] - set up DKIM system and configuration + +If existing KEYFILE is given, set up DKIM to use SELECTOR and apply key from +KEYFILE. + +If existing KEYFILE is not given, generate KEYFILE and DNS TXT file for +SELECTOR. +EOF + exit +fi + +if [ ! "$(id -u)" -eq "0" ]; then + echo "Must be run as root." + exit 1 +fi + +set -x +apt-get -y install opendkim + +if [ ! -n "$file" ]; then + apt-get -y install opendkim-tools + opendkim-genkey -d plomlompom.com -s $selector + apt-get -y --purge autoremove opendkim-tools + set +x + echo + echo 'Generated key file at '$selector'.private.' + echo 'Also generated '$selector'.txt, APPLY its content below to your DNS' \ + 'record.' + echo 'AFTER the waiting time for DNS propagation RERUN this script with' \ + 'the key file as SECOND parameter (still use selector as first one).' + echo + cat $selector.txt +else + if [ ! -f "$file" ]; then + set +x + echo + echo "Keyfile $file does not exist." + exit 1 + fi + cp ~/config/systemfiles/opendkim.conf /etc/opendkim.conf + sed -r -i 's/^#Selector .*$/Selector '$selector'/' /etc/opendkim.conf + mkdir -p /etc/opendkim + if [ -f /etc/opendkim/dkim.key ]; then + cp /etc/opendkim/dkim.key /etc/opendkim/dkim.key~ + fi + cp $file /etc/opendkim/dkim.key + cp ~/config/systemfiles/main.cf /etc/postfix/main.cf + cat >> /etc/postfix/main.cf << EOF + +# Use opendkim at given port as mail filter. +non_smtpd_milters = inet:localhost:12301 +EOF + service opendkim restart + service postfix restart + set +x + echo + echo 'Ensure the DKIM TXT entry in your DNS record matches!' +fi diff --git a/archived/bin/setup_starttls.sh b/archived/bin/setup_starttls.sh new file mode 100755 index 0000000..3b306c2 --- /dev/null +++ b/archived/bin/setup_starttls.sh @@ -0,0 +1,38 @@ +#!/bin/sh +set -x +set -e +key=$1 +cert=$2 + +if [ ! "$(id -u)" -eq "0" ]; then + echo "Must be run as root." + exit 1 +fi + +key_target=/etc/postfix/key.pem +if [ ! -n "$key" ]; then + if [ ! -f "${key_target}" ]; then + (umask 077; openssl genrsa -out "${key_target}" 2048) + fi +else + cp "$key" "${key_target}" +fi + +fqdn=$(postconf -h myhostname) +cert_target=/etc/postfix/cert.pem +if [ ! -n "$cert" ]; then + if [ ! -f "${cert_target}" ]; then + openssl req -new -key "${key_target}" -x509 -subj "/CN=${fqdn}" -days 3650 -out "${cert_target}" + fi +else + cp "$cert" "${cert_target}" +fi + +cat >> /etc/postfix/main.cf << EOF + +# Enable server-side STARTTLS. +smtpd_tls_cert_file = /etc/postfix/cert.pem +smtpd_tls_key_file = /etc/postfix/key.pem +smtpd_tls_security_level = may +EOF +service postfix restart diff --git a/archived/bin/simplemail.sh b/archived/bin/simplemail.sh new file mode 100755 index 0000000..af0eb1a --- /dev/null +++ b/archived/bin/simplemail.sh @@ -0,0 +1,9 @@ +#!/bin/sh +# +# This mails to user plom the message in the file named by the first parameter, +# decoded with the first line as subject and everything below the second line +# as the message body. + +subject=`head -1 $1` +body=`tail -n +3 $1` +echo "$body" | mutt -s "$subject" plom diff --git a/archived/bin/simplemail_out.sh b/archived/bin/simplemail_out.sh new file mode 100755 index 0000000..8340944 --- /dev/null +++ b/archived/bin/simplemail_out.sh @@ -0,0 +1,9 @@ +#!/bin/sh +# +# This mails to plom@plomlompom.com the message in the file named by the first +# parameter, decoded with the first line as subject and everything below the +# second line as the message body. + +subject=`head -1 $1` +body=`tail -n +3 $1` +echo "$body" | mutt -s "$subject" plom@plomlompom.com diff --git a/archived/bin/start_htwtxt.sh b/archived/bin/start_htwtxt.sh new file mode 100755 index 0000000..e5ee45a --- /dev/null +++ b/archived/bin/start_htwtxt.sh @@ -0,0 +1,8 @@ +#!/bin/sh +$GOPATH/bin/htwtxt \ + --contact 'see http://www.plomlompom.de/' \ + --mailport 587 \ + --mailserver smtp.gmail.com \ + --mailuser christian.heller@gmail.com \ + --port 8000 \ + --signup diff --git a/archived/bin/symlink.sh b/archived/bin/symlink.sh new file mode 100755 index 0000000..d653a0b --- /dev/null +++ b/archived/bin/symlink.sh @@ -0,0 +1,41 @@ +#!/bin/sh + +set -x +set -e + +dir_minimal=~/config/dotfiles/minimal +dir_user_prefix=~/config/dotfiles/user +dir_user_minimal=$dir_user_prefix/minimal +dir_user_machine=$dir_user_prefix/$1/minimal +if [ "$3" = "" ]; then + dir_user_variety=$dir_user_prefix/$1/$2 +else + dir_user_variety=$dir_user_prefix/$1/$2/minimal +fi +dir_user_subvariety=$dir_user_prefix/$1/$2/$3 +dir_root=~/config/dotfiles/root +homedir=`echo ~` +find ~ -lname $homedir'/config/*' -delete +for file in `ls $dir_minimal`; do + ln -fs $dir_minimal/$file ~/.$file +done +if [ "$(id -u)" -eq "0" ]; then + for file in `ls $dir_root`; do + ln -fs $dir_root/$file ~/.$file + done +else + for file in `ls $dir_user_minimal`; do + ln -fs $dir_user_minimal/$file ~/.$file + done + for file in `ls $dir_user_machine`; do + ln -fs $dir_user_machine/$file ~/.$file + done + for file in `ls $dir_user_variety`; do + ln -fs $dir_user_variety/$file ~/.$file + done + if [ ! "$3" = "" ]; then + for file in `ls $dir_user_subvariety`; do + ln -fs $dir_user_subvariety/$file ~/.$file + done + fi +fi diff --git a/archived/bin/w530_backlight.sh b/archived/bin/w530_backlight.sh new file mode 100755 index 0000000..5b24fa7 --- /dev/null +++ b/archived/bin/w530_backlight.sh @@ -0,0 +1,32 @@ +#!/bin/sh + +# A very primitive backlight setter with a hardcoded backlight path, to replace +# xbacklight which currently does not work on my system. + +if ! echo "${1}" | egrep -q '^[0-9]+$' && ! [ "${1}" = "+" -o "${1}" = "-" ]; then + echo 'Argument must be a number, or "+", or "-".' + exit 1 +fi +backlight_dir=/sys/class/backlight/intel_backlight +max_brightness=$(cat "${backlight_dir}"/max_brightness) +target="${backlight_dir}"/brightness +if [ "${1}" = "+" -o "${1}" = "-" ]; then + fract=$(expr "${max_brightness}" / 20) + cur_brightness=$(cat "${backlight_dir}"/brightness) + brightness=$(expr "${cur_brightness}" "${1}" "${fract}") + if [ "${brightness}" -gt "${max_brightness}" ]; then + brightness="${max_brightness}" + elif [ "${brightness}" -lt "0" ]; then + brightness=0 + fi + sudo sh -c 'echo '"${brightness}"' > '"${target}" + exit 0 +fi +percentage=${1} +if [ "${percentage}" = '100' ]; then + sudo sh -c 'echo '"${max_brightness}"' > '"${target}" +else + fract=$(expr "${max_brightness}" / 100) + brightness=$(expr "${percentage}" \* "${fract}") + sudo sh -c 'echo '"${brightness}"' > '"${target}" +fi diff --git a/archived/bin/w530_startx_force_nvidia.sh b/archived/bin/w530_startx_force_nvidia.sh new file mode 100755 index 0000000..3c3ca59 --- /dev/null +++ b/archived/bin/w530_startx_force_nvidia.sh @@ -0,0 +1,13 @@ +#!/bin/sh + +# Undo bumblebee setup. +sudo service bumblebeed stop +sudo modprobe nvidia-drm +sudo update-alternatives --set glx /usr/lib/nvidia + +# Use special xorg.conf and pass NVIDIA_DIRECT directive to .xinitrc. +NVIDIA_DIRECT=1 startx -- -config xorg.conf.forced_nvidia + +# Recreate bumblebee setup. +sudo service bumblebeed start +sudo update-alternatives --auto glx diff --git a/archived/bin/weechat-wrapper.sh b/archived/bin/weechat-wrapper.sh new file mode 100755 index 0000000..333c9d1 --- /dev/null +++ b/archived/bin/weechat-wrapper.sh @@ -0,0 +1,8 @@ +#!/bin/sh + +# Enforce ~/.weechatrc as sole persistent weechat config file. +~/config/bin/simplemail.sh ~/config/mails/weechat_restart_reminder +rm -rf ~/.weechat/ +WEECHATCONF=`tr '\n' ';' < ~/.weechatrc` +weechat -r "$WEECHATCONF" +rm -rf ~/.weechat/ diff --git a/archived/bin/wicd-wrapper.sh b/archived/bin/wicd-wrapper.sh new file mode 100755 index 0000000..8ed74bd --- /dev/null +++ b/archived/bin/wicd-wrapper.sh @@ -0,0 +1,67 @@ +#!/bin/sh + +check_wifi_id_set() { + if ! echo "${1}" | egrep -q '^[0-9]+$'; then + echo 'Wifi identifier must be integer.' + exit 1 + fi +} + +ensure_wifi_on() { + if [ ! "$(wifi)" = "wifi = on" ]; then + sudo wifi on + fi +} + +print_usage() { + echo 'Available commands:' + echo ' eth_connect' + echo ' eth_disconnect' + echo ' wifi_scan' + echo ' wifi_info WIFI_ID' + echo ' wifi_set_wpa WIFI_ID KEY' + echo ' wifi_connect WIFI_ID' + echo ' wifi_disconnect' +} + +if ! echo "${1}"; then + echo 'No command given.' + print_usage + exit 1 +elif [ "${1}" = 'eth_connect' ]; then + wicd-cli --wired --connect + +elif [ "${1}" = 'eth_disconnect' ]; then + wicd-cli --wired --disconnect + +elif [ "${1}" = 'wifi_scan' ]; then + ensure_wifi_on + wicd-cli --wireless --scan + wicd-cli --wireless --list-networks + +elif [ "${1}" = 'wifi_info' ]; then + check_wifi_id_set "${2}" + wicd-cli --wireless --network="${2}" --network-details + +elif [ "${1}" = 'wifi_set_wpa' ]; then + check_wifi_id_set "${2}" + if ! echo "${3}" ; then + echo 'No key set.' + exit 1 + fi + wicd-cli --wireless --network="${2}" --network-property=enctype --set-to=wpa + wicd-cli --wireless --network="${2}" --network-property=key --set-to="${3}" + +elif [ "${1}" = 'wifi_connect' ]; then + ensure_wifi_on + check_wifi_id_set "${2}" + wicd-cli --wireless --network="${2}" --connect + +elif [ "${1}" = 'wifi_disconnect' ]; then + wicd-cli --wireless --disconnect + +else + echo 'Unknown command.' + print_usage + exit 1 +fi diff --git a/archived/bin/zinskritik.sh b/archived/bin/zinskritik.sh new file mode 100755 index 0000000..9ad293a --- /dev/null +++ b/archived/bin/zinskritik.sh @@ -0,0 +1,3 @@ +#!/bin/sh +cd ~/plomlombot-irc +./run.sh -r 604800 -n histomat "#freie-gesellschaft" diff --git a/archived/buster/apt-mark/all b/archived/buster/apt-mark/all new file mode 100644 index 0000000..4b760bc --- /dev/null +++ b/archived/buster/apt-mark/all @@ -0,0 +1,12 @@ +# connectivity: ifupdown seems necessary everyhwere, isc-dhcp-client +# unpredictably so +ifupdown +isc-dhcp-client +# git for the setup directory; cloning works with ca-certificates +ca-certificates +git +# to avoid constant warnings about no locale being found +locales +# extremely useful for basic network debugging; missed these more than once in an emergency +netcat +iputils-ping diff --git a/archived/buster/apt-mark/desktop b/archived/buster/apt-mark/desktop new file mode 100644 index 0000000..f537318 --- /dev/null +++ b/archived/buster/apt-mark/desktop @@ -0,0 +1,2 @@ +# so that grub learns about kernel updates +grub-pc diff --git a/archived/buster/apt-mark/dumpsite b/archived/buster/apt-mark/dumpsite new file mode 100644 index 0000000..a87852a --- /dev/null +++ b/archived/buster/apt-mark/dumpsite @@ -0,0 +1,13 @@ +wget +# for blog and zettel +pandoc +# for blog +html2text +uuid-runtime +python3 +# for url_catcher daemon +python3-venv +build-essential +python3-dev +screen +postfix diff --git a/archived/buster/apt-mark/eeepc b/archived/buster/apt-mark/eeepc new file mode 100644 index 0000000..73a755f --- /dev/null +++ b/archived/buster/apt-mark/eeepc @@ -0,0 +1,3 @@ +# for wifi +firmware-ralink +# diff --git a/archived/buster/apt-mark/mail b/archived/buster/apt-mark/mail new file mode 100644 index 0000000..1ef369d --- /dev/null +++ b/archived/buster/apt-mark/mail @@ -0,0 +1,17 @@ +# smtp server +postfix +# opendkim +opendkim +opendkim-tools +# for pingmail +mailutils +# ssl +certbot +# IMAPS +pwgen +dovecot-imapd +# sieve filtering +dovecot-lmtpd +dovecot-sieve +# to funnel mail from additional server +fetchmail diff --git a/archived/buster/apt-mark/old_server b/archived/buster/apt-mark/old_server new file mode 100644 index 0000000..c3d995b --- /dev/null +++ b/archived/buster/apt-mark/old_server @@ -0,0 +1,2 @@ +# because it contains ifconfig +net-tools diff --git a/archived/buster/apt-mark/peertube b/archived/buster/apt-mark/peertube new file mode 100644 index 0000000..5b73bac --- /dev/null +++ b/archived/buster/apt-mark/peertube @@ -0,0 +1,15 @@ +ffmpeg +postgresql +postgresql-contrib +openssl +redis-server +python-dev +# only needed for setup +g++ +make +git +curl +unzip +libncurses5 +pwgen +wget diff --git a/archived/buster/apt-mark/play b/archived/buster/apt-mark/play new file mode 100644 index 0000000..154f7e7 --- /dev/null +++ b/archived/buster/apt-mark/play @@ -0,0 +1,4 @@ +weechat +screen +gnupg +dirmngr diff --git a/archived/buster/apt-mark/pleroma b/archived/buster/apt-mark/pleroma new file mode 100644 index 0000000..ec7a134 --- /dev/null +++ b/archived/buster/apt-mark/pleroma @@ -0,0 +1,5 @@ +# Pleroma DB +postgresql +postgresql-contrib +# only needed for setup +pwgen diff --git a/archived/buster/apt-mark/pleroma_otp b/archived/buster/apt-mark/pleroma_otp new file mode 100644 index 0000000..4805a43 --- /dev/null +++ b/archived/buster/apt-mark/pleroma_otp @@ -0,0 +1,4 @@ +# only needed for setup +curl +unzip +libncurses5 diff --git a/archived/buster/apt-mark/pleroma_source b/archived/buster/apt-mark/pleroma_source new file mode 100644 index 0000000..2b1cd35 --- /dev/null +++ b/archived/buster/apt-mark/pleroma_source @@ -0,0 +1,4 @@ +# only needed for setup +build-essential +wget +gnupg diff --git a/archived/buster/apt-mark/seedbox b/archived/buster/apt-mark/seedbox new file mode 100644 index 0000000..37b941e --- /dev/null +++ b/archived/buster/apt-mark/seedbox @@ -0,0 +1,8 @@ +# needed for rtorrent config setup +curl +# needed for torrenting +rtorrent +# needed for torrenting session +screen +# needed for upload/download +rsync diff --git a/archived/buster/apt-mark/server b/archived/buster/apt-mark/server new file mode 100644 index 0000000..2ab22d2 --- /dev/null +++ b/archived/buster/apt-mark/server @@ -0,0 +1,6 @@ +# so we can login at all ⦠+openssh-server +# firewalling +nftables +# We want to be able to use ALL our servers as borg backup destinations. +borgbackup diff --git a/archived/buster/apt-mark/thinkpad b/archived/buster/apt-mark/thinkpad new file mode 100644 index 0000000..6a780f2 --- /dev/null +++ b/archived/buster/apt-mark/thinkpad @@ -0,0 +1,7 @@ +# for wifi +firmware-iwlwifi +# for tlp +tlp +tp-smapi-dkms +linux-headers-amd64 +# diff --git a/archived/buster/apt-mark/user b/archived/buster/apt-mark/user new file mode 100644 index 0000000..ece05a4 --- /dev/null +++ b/archived/buster/apt-mark/user @@ -0,0 +1,77 @@ +# to avoid booting problems with encrypted LVM, see <https://askubuntu.com/a/1105848> +cryptsetup-initramfs +lvm2 +# this provides setupcon which reads /etc/default/console-setup +console-setup +# without this, systemd-logind won't run, and so not detect lid close for hibernation +dbus +# for wifi +wicd-curses +wicd-gtk +# for X to start at all +xserver-xorg-video-intel +# X input: keyboard and touchpad +xserver-xorg-input-evdev +xserver-xorg-input-synaptics +# for startx +xinit +# for xrdb +x11-xserver-utils +# for startx to run for non-root user +libpam-systemd +# window environment +i3 +i3status +suckless-tools +xterm +# to get sleepy at night +redshift +# for alsamixer +alsa-utils +# for xterm and browser unicode display +ttf-unifont +# also useful +vim +sudo +less +man-db +manpages +procps +# firefox dependencies +libdbus-glib-1-2 +libgtk-3-0 +# firefox installation dependencies (remove later?) +curl +python3 +bzip2 +wget +jq +unzip +# to mount encrypted USB stick and use its contents +pmount +cryptsetup +openssh-client +# for syncing +borgbackup +# emacs +emacs25 +emacs-common-non-dfsg +emacs-el +elpa-ledger +ledger +elpa-elfeed +# mail setup +isync +notmuch +elpa-notmuch +pinentry-gtk2 +# to mount Android phone +go-mtpfs +# to use HP Deskjet F380 scanner from GIMP +sane-utils +libsane-hpaio +xsane +# to use HP Deskjet F380 printer +cups +hplip +# diff --git a/archived/buster/apt-mark/w530 b/archived/buster/apt-mark/w530 new file mode 100644 index 0000000..e69de29 diff --git a/archived/buster/apt-mark/web b/archived/buster/apt-mark/web new file mode 100644 index 0000000..4912b8a --- /dev/null +++ b/archived/buster/apt-mark/web @@ -0,0 +1,4 @@ +nginx-light +# for SSL +certbot +python3-certbot-nginx diff --git a/archived/buster/apt-mark/website b/archived/buster/apt-mark/website new file mode 100644 index 0000000..c046f50 --- /dev/null +++ b/archived/buster/apt-mark/website @@ -0,0 +1,8 @@ +# for gitweb +gitweb +fcgiwrap +# for plomlombot +gnupg +dirmngr +python3-venv +screen diff --git a/archived/buster/apt-mark/x200s b/archived/buster/apt-mark/x200s new file mode 100644 index 0000000..e69de29 diff --git a/archived/buster/etc_files/all/etc/apt/apt.conf.d/99_minimize_dependencies b/archived/buster/etc_files/all/etc/apt/apt.conf.d/99_minimize_dependencies new file mode 100644 index 0000000..4aaef79 --- /dev/null +++ b/archived/buster/etc_files/all/etc/apt/apt.conf.d/99_minimize_dependencies @@ -0,0 +1,4 @@ +APT::AutoRemove::RecommendsImportant "false"; +APT::AutoRemove::SuggestsImportant "false"; +APT::Install-Recommends "false"; +APT::Install-Suggests "false"; diff --git a/archived/buster/etc_files/all/etc/apt/sources.list b/archived/buster/etc_files/all/etc/apt/sources.list new file mode 100644 index 0000000..349e8a6 --- /dev/null +++ b/archived/buster/etc_files/all/etc/apt/sources.list @@ -0,0 +1,4 @@ +deb http://deb.debian.org/debian buster main contrib non-free +deb http://deb.debian.org/debian-security/ buster/updates main contrib non-free +deb http://deb.debian.org/debian buster-updates main contrib non-free +deb http://ftp.debian.org/debian buster-backports main contrib non-free diff --git a/archived/buster/etc_files/all/etc/default/locale b/archived/buster/etc_files/all/etc/default/locale new file mode 100644 index 0000000..dd6eee3 --- /dev/null +++ b/archived/buster/etc_files/all/etc/default/locale @@ -0,0 +1 @@ +LANG="en_US.UTF-8" diff --git a/archived/buster/etc_files/all/etc/locale.gen b/archived/buster/etc_files/all/etc/locale.gen new file mode 100644 index 0000000..a28cfa4 --- /dev/null +++ b/archived/buster/etc_files/all/etc/locale.gen @@ -0,0 +1,483 @@ +# This file lists locales that you wish to have built. You can find a list +# of valid supported locales at /usr/share/i18n/SUPPORTED, and you can add +# user defined locales to /usr/local/share/i18n/SUPPORTED. If you change +# this file, you need to rerun locale-gen. + + +# aa_DJ ISO-8859-1 +# aa_DJ.UTF-8 UTF-8 +# aa_ER UTF-8 +# aa_ER@saaho UTF-8 +# aa_ET UTF-8 +# af_ZA ISO-8859-1 +# af_ZA.UTF-8 UTF-8 +# ak_GH UTF-8 +# am_ET UTF-8 +# an_ES ISO-8859-15 +# an_ES.UTF-8 UTF-8 +# anp_IN UTF-8 +# ar_AE ISO-8859-6 +# ar_AE.UTF-8 UTF-8 +# ar_BH ISO-8859-6 +# ar_BH.UTF-8 UTF-8 +# ar_DZ ISO-8859-6 +# ar_DZ.UTF-8 UTF-8 +# ar_EG ISO-8859-6 +# ar_EG.UTF-8 UTF-8 +# ar_IN UTF-8 +# ar_IQ ISO-8859-6 +# ar_IQ.UTF-8 UTF-8 +# ar_JO ISO-8859-6 +# ar_JO.UTF-8 UTF-8 +# ar_KW ISO-8859-6 +# ar_KW.UTF-8 UTF-8 +# ar_LB ISO-8859-6 +# ar_LB.UTF-8 UTF-8 +# ar_LY ISO-8859-6 +# ar_LY.UTF-8 UTF-8 +# ar_MA ISO-8859-6 +# ar_MA.UTF-8 UTF-8 +# ar_OM ISO-8859-6 +# ar_OM.UTF-8 UTF-8 +# ar_QA ISO-8859-6 +# ar_QA.UTF-8 UTF-8 +# ar_SA ISO-8859-6 +# ar_SA.UTF-8 UTF-8 +# ar_SD ISO-8859-6 +# ar_SD.UTF-8 UTF-8 +# ar_SS UTF-8 +# ar_SY ISO-8859-6 +# ar_SY.UTF-8 UTF-8 +# ar_TN ISO-8859-6 +# ar_TN.UTF-8 UTF-8 +# ar_YE ISO-8859-6 +# ar_YE.UTF-8 UTF-8 +# as_IN UTF-8 +# ast_ES ISO-8859-15 +# ast_ES.UTF-8 UTF-8 +# ayc_PE UTF-8 +# az_AZ UTF-8 +# be_BY CP1251 +# be_BY.UTF-8 UTF-8 +# be_BY@latin UTF-8 +# bem_ZM UTF-8 +# ber_DZ UTF-8 +# ber_MA UTF-8 +# bg_BG CP1251 +# bg_BG.UTF-8 UTF-8 +# bhb_IN.UTF-8 UTF-8 +# bho_IN UTF-8 +# bn_BD UTF-8 +# bn_IN UTF-8 +# bo_CN UTF-8 +# bo_IN UTF-8 +# br_FR ISO-8859-1 +# br_FR.UTF-8 UTF-8 +# br_FR@euro ISO-8859-15 +# brx_IN UTF-8 +# bs_BA ISO-8859-2 +# bs_BA.UTF-8 UTF-8 +# byn_ER UTF-8 +# ca_AD ISO-8859-15 +# ca_AD.UTF-8 UTF-8 +# ca_ES ISO-8859-1 +# ca_ES.UTF-8 UTF-8 +# ca_ES.UTF-8@valencia UTF-8 +# ca_ES@euro ISO-8859-15 +# ca_ES@valencia ISO-8859-15 +# ca_FR ISO-8859-15 +# ca_FR.UTF-8 UTF-8 +# ca_IT ISO-8859-15 +# ca_IT.UTF-8 UTF-8 +# ce_RU UTF-8 +# chr_US UTF-8 +# cmn_TW UTF-8 +# crh_UA UTF-8 +# cs_CZ ISO-8859-2 +# cs_CZ.UTF-8 UTF-8 +# csb_PL UTF-8 +# cv_RU UTF-8 +# cy_GB ISO-8859-14 +# cy_GB.UTF-8 UTF-8 +# da_DK ISO-8859-1 +# da_DK.UTF-8 UTF-8 +# de_AT ISO-8859-1 +# de_AT.UTF-8 UTF-8 +# de_AT@euro ISO-8859-15 +# de_BE ISO-8859-1 +# de_BE.UTF-8 UTF-8 +# de_BE@euro ISO-8859-15 +# de_CH ISO-8859-1 +# de_CH.UTF-8 UTF-8 +# de_DE ISO-8859-1 +# de_DE.UTF-8 UTF-8 +# de_DE@euro ISO-8859-15 +# de_IT ISO-8859-1 +# de_IT.UTF-8 UTF-8 +# de_LI.UTF-8 UTF-8 +# de_LU ISO-8859-1 +# de_LU.UTF-8 UTF-8 +# de_LU@euro ISO-8859-15 +# doi_IN UTF-8 +# dv_MV UTF-8 +# dz_BT UTF-8 +# el_CY ISO-8859-7 +# el_CY.UTF-8 UTF-8 +# el_GR ISO-8859-7 +# el_GR.UTF-8 UTF-8 +# en_AG UTF-8 +# en_AU ISO-8859-1 +# en_AU.UTF-8 UTF-8 +# en_BW ISO-8859-1 +# en_BW.UTF-8 UTF-8 +# en_CA ISO-8859-1 +# en_CA.UTF-8 UTF-8 +# en_DK ISO-8859-1 +# en_DK.ISO-8859-15 ISO-8859-15 +# en_DK.UTF-8 UTF-8 +# en_GB ISO-8859-1 +# en_GB.ISO-8859-15 ISO-8859-15 +# en_GB.UTF-8 UTF-8 +# en_HK ISO-8859-1 +# en_HK.UTF-8 UTF-8 +# en_IE ISO-8859-1 +# en_IE.UTF-8 UTF-8 +# en_IE@euro ISO-8859-15 +# en_IL UTF-8 +# en_IN UTF-8 +# en_NG UTF-8 +# en_NZ ISO-8859-1 +# en_NZ.UTF-8 UTF-8 +# en_PH ISO-8859-1 +# en_PH.UTF-8 UTF-8 +# en_SG ISO-8859-1 +# en_SG.UTF-8 UTF-8 +# en_US ISO-8859-1 +# en_US.ISO-8859-15 ISO-8859-15 +en_US.UTF-8 UTF-8 +# en_ZA ISO-8859-1 +# en_ZA.UTF-8 UTF-8 +# en_ZM UTF-8 +# en_ZW ISO-8859-1 +# en_ZW.UTF-8 UTF-8 +# eo UTF-8 +# es_AR ISO-8859-1 +# es_AR.UTF-8 UTF-8 +# es_BO ISO-8859-1 +# es_BO.UTF-8 UTF-8 +# es_CL ISO-8859-1 +# es_CL.UTF-8 UTF-8 +# es_CO ISO-8859-1 +# es_CO.UTF-8 UTF-8 +# es_CR ISO-8859-1 +# es_CR.UTF-8 UTF-8 +# es_CU UTF-8 +# es_DO ISO-8859-1 +# es_DO.UTF-8 UTF-8 +# es_EC ISO-8859-1 +# es_EC.UTF-8 UTF-8 +# es_ES ISO-8859-1 +# es_ES.UTF-8 UTF-8 +# es_ES@euro ISO-8859-15 +# es_GT ISO-8859-1 +# es_GT.UTF-8 UTF-8 +# es_HN ISO-8859-1 +# es_HN.UTF-8 UTF-8 +# es_MX ISO-8859-1 +# es_MX.UTF-8 UTF-8 +# es_NI ISO-8859-1 +# es_NI.UTF-8 UTF-8 +# es_PA ISO-8859-1 +# es_PA.UTF-8 UTF-8 +# es_PE ISO-8859-1 +# es_PE.UTF-8 UTF-8 +# es_PR ISO-8859-1 +# es_PR.UTF-8 UTF-8 +# es_PY ISO-8859-1 +# es_PY.UTF-8 UTF-8 +# es_SV ISO-8859-1 +# es_SV.UTF-8 UTF-8 +# es_US ISO-8859-1 +# es_US.UTF-8 UTF-8 +# es_UY ISO-8859-1 +# es_UY.UTF-8 UTF-8 +# es_VE ISO-8859-1 +# es_VE.UTF-8 UTF-8 +# et_EE ISO-8859-1 +# et_EE.ISO-8859-15 ISO-8859-15 +# et_EE.UTF-8 UTF-8 +# eu_ES ISO-8859-1 +# eu_ES.UTF-8 UTF-8 +# eu_ES@euro ISO-8859-15 +# eu_FR ISO-8859-1 +# eu_FR.UTF-8 UTF-8 +# eu_FR@euro ISO-8859-15 +# fa_IR UTF-8 +# ff_SN UTF-8 +# fi_FI ISO-8859-1 +# fi_FI.UTF-8 UTF-8 +# fi_FI@euro ISO-8859-15 +# fil_PH UTF-8 +# fo_FO ISO-8859-1 +# fo_FO.UTF-8 UTF-8 +# fr_BE ISO-8859-1 +# fr_BE.UTF-8 UTF-8 +# fr_BE@euro ISO-8859-15 +# fr_CA ISO-8859-1 +# fr_CA.UTF-8 UTF-8 +# fr_CH ISO-8859-1 +# fr_CH.UTF-8 UTF-8 +# fr_FR ISO-8859-1 +# fr_FR.UTF-8 UTF-8 +# fr_FR@euro ISO-8859-15 +# fr_LU ISO-8859-1 +# fr_LU.UTF-8 UTF-8 +# fr_LU@euro ISO-8859-15 +# fur_IT UTF-8 +# fy_DE UTF-8 +# fy_NL UTF-8 +# ga_IE ISO-8859-1 +# ga_IE.UTF-8 UTF-8 +# ga_IE@euro ISO-8859-15 +# gd_GB ISO-8859-15 +# gd_GB.UTF-8 UTF-8 +# gez_ER UTF-8 +# gez_ER@abegede UTF-8 +# gez_ET UTF-8 +# gez_ET@abegede UTF-8 +# gl_ES ISO-8859-1 +# gl_ES.UTF-8 UTF-8 +# gl_ES@euro ISO-8859-15 +# gu_IN UTF-8 +# gv_GB ISO-8859-1 +# gv_GB.UTF-8 UTF-8 +# ha_NG UTF-8 +# hak_TW UTF-8 +# he_IL ISO-8859-8 +# he_IL.UTF-8 UTF-8 +# hi_IN UTF-8 +# hne_IN UTF-8 +# hr_HR ISO-8859-2 +# hr_HR.UTF-8 UTF-8 +# hsb_DE ISO-8859-2 +# hsb_DE.UTF-8 UTF-8 +# ht_HT UTF-8 +# hu_HU ISO-8859-2 +# hu_HU.UTF-8 UTF-8 +# hy_AM UTF-8 +# hy_AM.ARMSCII-8 ARMSCII-8 +# ia_FR UTF-8 +# id_ID ISO-8859-1 +# id_ID.UTF-8 UTF-8 +# ig_NG UTF-8 +# ik_CA UTF-8 +# is_IS ISO-8859-1 +# is_IS.UTF-8 UTF-8 +# it_CH ISO-8859-1 +# it_CH.UTF-8 UTF-8 +# it_IT ISO-8859-1 +# it_IT.UTF-8 UTF-8 +# it_IT@euro ISO-8859-15 +# iu_CA UTF-8 +# ja_JP.EUC-JP EUC-JP +# ja_JP.UTF-8 UTF-8 +# ka_GE GEORGIAN-PS +# ka_GE.UTF-8 UTF-8 +# kk_KZ PT154 +# kk_KZ.RK1048 RK1048 +# kk_KZ.UTF-8 UTF-8 +# kl_GL ISO-8859-1 +# kl_GL.UTF-8 UTF-8 +# km_KH UTF-8 +# kn_IN UTF-8 +# ko_KR.EUC-KR EUC-KR +# ko_KR.UTF-8 UTF-8 +# kok_IN UTF-8 +# ks_IN UTF-8 +# ks_IN@devanagari UTF-8 +# ku_TR ISO-8859-9 +# ku_TR.UTF-8 UTF-8 +# kw_GB ISO-8859-1 +# kw_GB.UTF-8 UTF-8 +# ky_KG UTF-8 +# lb_LU UTF-8 +# lg_UG ISO-8859-10 +# lg_UG.UTF-8 UTF-8 +# li_BE UTF-8 +# li_NL UTF-8 +# lij_IT UTF-8 +# ln_CD UTF-8 +# lo_LA UTF-8 +# lt_LT ISO-8859-13 +# lt_LT.UTF-8 UTF-8 +# lv_LV ISO-8859-13 +# lv_LV.UTF-8 UTF-8 +# lzh_TW UTF-8 +# mag_IN UTF-8 +# mai_IN UTF-8 +# mg_MG ISO-8859-15 +# mg_MG.UTF-8 UTF-8 +# mhr_RU UTF-8 +# mi_NZ ISO-8859-13 +# mi_NZ.UTF-8 UTF-8 +# mk_MK ISO-8859-5 +# mk_MK.UTF-8 UTF-8 +# ml_IN UTF-8 +# mn_MN UTF-8 +# mni_IN UTF-8 +# mr_IN UTF-8 +# ms_MY ISO-8859-1 +# ms_MY.UTF-8 UTF-8 +# mt_MT ISO-8859-3 +# mt_MT.UTF-8 UTF-8 +# my_MM UTF-8 +# nan_TW UTF-8 +# nan_TW@latin UTF-8 +# nb_NO ISO-8859-1 +# nb_NO.UTF-8 UTF-8 +# nds_DE UTF-8 +# nds_NL UTF-8 +# ne_NP UTF-8 +# nhn_MX UTF-8 +# niu_NU UTF-8 +# niu_NZ UTF-8 +# nl_AW UTF-8 +# nl_BE ISO-8859-1 +# nl_BE.UTF-8 UTF-8 +# nl_BE@euro ISO-8859-15 +# nl_NL ISO-8859-1 +# nl_NL.UTF-8 UTF-8 +# nl_NL@euro ISO-8859-15 +# nn_NO ISO-8859-1 +# nn_NO.UTF-8 UTF-8 +# nr_ZA UTF-8 +# nso_ZA UTF-8 +# oc_FR ISO-8859-1 +# oc_FR.UTF-8 UTF-8 +# om_ET UTF-8 +# om_KE ISO-8859-1 +# om_KE.UTF-8 UTF-8 +# or_IN UTF-8 +# os_RU UTF-8 +# pa_IN UTF-8 +# pa_PK UTF-8 +# pap_AW UTF-8 +# pap_CW UTF-8 +# pl_PL ISO-8859-2 +# pl_PL.UTF-8 UTF-8 +# ps_AF UTF-8 +# pt_BR ISO-8859-1 +# pt_BR.UTF-8 UTF-8 +# pt_PT ISO-8859-1 +# pt_PT.UTF-8 UTF-8 +# pt_PT@euro ISO-8859-15 +# quz_PE UTF-8 +# raj_IN UTF-8 +# ro_RO ISO-8859-2 +# ro_RO.UTF-8 UTF-8 +# ru_RU ISO-8859-5 +# ru_RU.CP1251 CP1251 +# ru_RU.KOI8-R KOI8-R +# ru_RU.UTF-8 UTF-8 +# ru_UA KOI8-U +# ru_UA.UTF-8 UTF-8 +# rw_RW UTF-8 +# sa_IN UTF-8 +# sat_IN UTF-8 +# sc_IT UTF-8 +# sd_IN UTF-8 +# sd_IN@devanagari UTF-8 +# se_NO UTF-8 +# sgs_LT UTF-8 +# shs_CA UTF-8 +# si_LK UTF-8 +# sid_ET UTF-8 +# sk_SK ISO-8859-2 +# sk_SK.UTF-8 UTF-8 +# sl_SI ISO-8859-2 +# sl_SI.UTF-8 UTF-8 +# so_DJ ISO-8859-1 +# so_DJ.UTF-8 UTF-8 +# so_ET UTF-8 +# so_KE ISO-8859-1 +# so_KE.UTF-8 UTF-8 +# so_SO ISO-8859-1 +# so_SO.UTF-8 UTF-8 +# sq_AL ISO-8859-1 +# sq_AL.UTF-8 UTF-8 +# sq_MK UTF-8 +# sr_ME UTF-8 +# sr_RS UTF-8 +# sr_RS@latin UTF-8 +# ss_ZA UTF-8 +# st_ZA ISO-8859-1 +# st_ZA.UTF-8 UTF-8 +# sv_FI ISO-8859-1 +# sv_FI.UTF-8 UTF-8 +# sv_FI@euro ISO-8859-15 +# sv_SE ISO-8859-1 +# sv_SE.ISO-8859-15 ISO-8859-15 +# sv_SE.UTF-8 UTF-8 +# sw_KE UTF-8 +# sw_TZ UTF-8 +# szl_PL UTF-8 +# ta_IN UTF-8 +# ta_LK UTF-8 +# tcy_IN.UTF-8 UTF-8 +# te_IN UTF-8 +# tg_TJ KOI8-T +# tg_TJ.UTF-8 UTF-8 +# th_TH TIS-620 +# th_TH.UTF-8 UTF-8 +# the_NP UTF-8 +# ti_ER UTF-8 +# ti_ET UTF-8 +# tig_ER UTF-8 +# tk_TM UTF-8 +# tl_PH ISO-8859-1 +# tl_PH.UTF-8 UTF-8 +# tn_ZA UTF-8 +# tr_CY ISO-8859-9 +# tr_CY.UTF-8 UTF-8 +# tr_TR ISO-8859-9 +# tr_TR.UTF-8 UTF-8 +# ts_ZA UTF-8 +# tt_RU UTF-8 +# tt_RU@iqtelif UTF-8 +# ug_CN UTF-8 +# uk_UA KOI8-U +# uk_UA.UTF-8 UTF-8 +# unm_US UTF-8 +# ur_IN UTF-8 +# ur_PK UTF-8 +# uz_UZ ISO-8859-1 +# uz_UZ.UTF-8 UTF-8 +# uz_UZ@cyrillic UTF-8 +# ve_ZA UTF-8 +# vi_VN UTF-8 +# wa_BE ISO-8859-1 +# wa_BE.UTF-8 UTF-8 +# wa_BE@euro ISO-8859-15 +# wae_CH UTF-8 +# wal_ET UTF-8 +# wo_SN UTF-8 +# xh_ZA ISO-8859-1 +# xh_ZA.UTF-8 UTF-8 +# yi_US CP1255 +# yi_US.UTF-8 UTF-8 +# yo_NG UTF-8 +# yue_HK UTF-8 +# zh_CN GB2312 +# zh_CN.GB18030 GB18030 +# zh_CN.GBK GBK +# zh_CN.UTF-8 UTF-8 +# zh_HK BIG5-HKSCS +# zh_HK.UTF-8 UTF-8 +# zh_SG GB2312 +# zh_SG.GBK GBK +# zh_SG.UTF-8 UTF-8 +# zh_TW BIG5 +# zh_TW.EUC-TW EUC-TW +# zh_TW.UTF-8 UTF-8 +# zu_ZA ISO-8859-1 +# zu_ZA.UTF-8 UTF-8 diff --git a/archived/buster/etc_files/all/etc/timezone b/archived/buster/etc_files/all/etc/timezone new file mode 100644 index 0000000..94d5acc --- /dev/null +++ b/archived/buster/etc_files/all/etc/timezone @@ -0,0 +1 @@ +Europe/Berlin diff --git a/archived/buster/etc_files/dumpsite/etc/nginx/sites-available/dumpsite.nginx b/archived/buster/etc_files/dumpsite/etc/nginx/sites-available/dumpsite.nginx new file mode 100644 index 0000000..25c2d62 --- /dev/null +++ b/archived/buster/etc_files/dumpsite/etc/nginx/sites-available/dumpsite.nginx @@ -0,0 +1,28 @@ +server { + listen 443 ssl; + server_name REPLACE_fqdn_ECALPER; + ssl_certificate /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/privkey.pem; + root /var/www-dump/; + + location /dump/ { + autoindex on; + } + + location /geheim/ { + auth_basic "geheim geheim"; + auth_basic_user_file /var/www-dump/password_geheim; + autoindex on; + } + + location /zettel/ { + # rewrite non-suffixed filenames to .html ones + rewrite ^(/zettel/(.*/)*[^./]+)$ $1.html; + autoindex on; + } + + location /uwsgi/ { + include uwsgi_params; + uwsgi_pass 127.0.0.1:3031; + } +} diff --git a/archived/buster/etc_files/dumpsite/etc/systemd/system/url_catcher.service b/archived/buster/etc_files/dumpsite/etc/systemd/system/url_catcher.service new file mode 100644 index 0000000..45d079c --- /dev/null +++ b/archived/buster/etc_files/dumpsite/etc/systemd/system/url_catcher.service @@ -0,0 +1,12 @@ +[Unit] +Description=url_catcher screen + +[Service] +Type=forking +User=plom +# The LC_ALL fixes submission failing on some articles. +ExecStart=/bin/sh -c 'LC_ALL=en_US.UTF8 cd ~/url-catcher && screen -d -m ./run.sh' +Restart=always + +[Install] +WantedBy=multi-user.target diff --git a/archived/buster/etc_files/eeepc/etc/systemd/logind.conf b/archived/buster/etc_files/eeepc/etc/systemd/logind.conf new file mode 100644 index 0000000..6a61f0b --- /dev/null +++ b/archived/buster/etc_files/eeepc/etc/systemd/logind.conf @@ -0,0 +1,8 @@ +# This file is part of systemd. +# +# See logind.conf(5) for details. + +[Login] +# Note that with the standard Buster kernel this won't work due to +# <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919227>. +HandleLidSwitch=hibernate diff --git a/archived/buster/etc_files/mail/etc/aliases b/archived/buster/etc_files/mail/etc/aliases new file mode 100644 index 0000000..5c52e6f --- /dev/null +++ b/archived/buster/etc_files/mail/etc/aliases @@ -0,0 +1,24 @@ +# /etc/aliases +# maps whom what is sent to + +# As per RFC 2142. +mailer-daemon: plom +postmaster: plom +hostmaster: plom +usenet: plom +news: plom +webmaster: plom +www: plom +ftp: plom +abuse: plom +noc: plom +security: plom +root: plom + +# Personal aliases. +plomlompom: plom +christian.heller: plom +christian_heller: plom +christianheller: plom +c.heller: plom +heller: plom diff --git a/archived/buster/etc_files/mail/etc/dovecot/conf.d/99-lmtp-sieve-filtering.conf b/archived/buster/etc_files/mail/etc/dovecot/conf.d/99-lmtp-sieve-filtering.conf new file mode 100644 index 0000000..eaf927b --- /dev/null +++ b/archived/buster/etc_files/mail/etc/dovecot/conf.d/99-lmtp-sieve-filtering.conf @@ -0,0 +1,18 @@ +# This is only necessary when we use dovecot's LMTP mechanism to receive +# mail from postfix. +auth_username_format = %Ln + +# Add sieve filtering. +protocol lmtp { + mail_plugins = $mail_plugins sieve +} + +# We don't strictly need to provide a LMTP server to fetch mail from +# postfix, but we do if we want to do sophisticated stuff like sieve +# filtering on the way. +service lmtp { + inet_listener lmtp { + address = 127.0.0.1 + port = 2424 + } +} diff --git a/archived/buster/etc_files/mail/etc/dovecot/conf.d/99-smtp-sasl.conf b/archived/buster/etc_files/mail/etc/dovecot/conf.d/99-smtp-sasl.conf new file mode 100644 index 0000000..d076d63 --- /dev/null +++ b/archived/buster/etc_files/mail/etc/dovecot/conf.d/99-smtp-sasl.conf @@ -0,0 +1,10 @@ +service auth { + unix_listener auth-userdb { + } + + unix_listener /var/spool/postfix/private/auth { + mode = 0660 + user = postfix + group = postfix + } +} diff --git a/archived/buster/etc_files/mail/etc/mailutils.conf b/archived/buster/etc_files/mail/etc/mailutils.conf new file mode 100644 index 0000000..44efe26 --- /dev/null +++ b/archived/buster/etc_files/mail/etc/mailutils.conf @@ -0,0 +1,4 @@ +# mailutils by default uses the FQDN as the mail domain name, fix this +address { + email-domain REPLACE_maildomain_ECALPER; +}; diff --git a/archived/buster/etc_files/mail/etc/nftables.conf b/archived/buster/etc_files/mail/etc/nftables.conf new file mode 100755 index 0000000..747d214 --- /dev/null +++ b/archived/buster/etc_files/mail/etc/nftables.conf @@ -0,0 +1,24 @@ +#!/usr/sbin/nft -f + +flush ruleset + +table inet filter { + chain input { + type filter hook input priority 0; policy drop; + iif lo accept comment "accept localhost traffic" + ct state invalid drop comment "drop invalid connections" + ct state established, related accept comment "accept traffic originated from us" + tcp dport 22 accept comment "accept SSH on default port" + tcp dport 25 accept comment "accept SMTP (allowing for STARTTLS); necessary for mail server to mail server banter, i.e. for receiving mails" + tcp dport 80 accept comment "accept HTTP; necessary for Certbot HTTP challenge" + tcp dport 465 accept comment "accept SMTPS; for mail user agent to mail server, i.e. for sending mails" + tcp dport 993 accept comment "accept IMAPS; for reading/downloading mails" + ip protocol icmp icmp type echo-request accept comment "accept ICMP for pinging" + } + chain forward { + type filter hook forward priority 0; policy drop; + } + chain output { + type filter hook output priority 0; policy accept; + } +} diff --git a/archived/buster/etc_files/mail/etc/systemd/system/fetchmail_old_account.service b/archived/buster/etc_files/mail/etc/systemd/system/fetchmail_old_account.service new file mode 100644 index 0000000..dc8acb4 --- /dev/null +++ b/archived/buster/etc_files/mail/etc/systemd/system/fetchmail_old_account.service @@ -0,0 +1,8 @@ +[Unit] +Description=Run plom's fetchmail + +[Service] +Type=oneshot +User=plom +# fetchmail returns 1 when no new mail, we want to catch that +ExecStart=/bin/sh -c 'fetchmail || [ $? -eq 1 ]' diff --git a/archived/buster/etc_files/mail/etc/systemd/system/fetchmail_old_account.timer b/archived/buster/etc_files/mail/etc/systemd/system/fetchmail_old_account.timer new file mode 100644 index 0000000..0568eeb --- /dev/null +++ b/archived/buster/etc_files/mail/etc/systemd/system/fetchmail_old_account.timer @@ -0,0 +1,8 @@ +[Unit] +Description=Run fetchmail once every minute + +[Timer] +OnCalendar=minutely + +[Install] +WantedBy=timers.target diff --git a/archived/buster/etc_files/mail/etc/systemd/system/pingmail.service b/archived/buster/etc_files/mail/etc/systemd/system/pingmail.service new file mode 100644 index 0000000..e332114 --- /dev/null +++ b/archived/buster/etc_files/mail/etc/systemd/system/pingmail.service @@ -0,0 +1,7 @@ +[Unit] +Description=Run pingmail check + +[Service] +Type=oneshot +User=plom +ExecStart=/bin/sh -c '~/pingmail/pingmail check' diff --git a/archived/buster/etc_files/mail/etc/systemd/system/pingmail.timer b/archived/buster/etc_files/mail/etc/systemd/system/pingmail.timer new file mode 100644 index 0000000..dba0c9f --- /dev/null +++ b/archived/buster/etc_files/mail/etc/systemd/system/pingmail.timer @@ -0,0 +1,8 @@ +[Unit] +Description=Run pingmail check once every hour + +[Timer] +OnCalendar=*-*-* *:00:00 + +[Install] +WantedBy=timers.target diff --git a/archived/buster/etc_files/old_server/etc/apt/sources.list b/archived/buster/etc_files/old_server/etc/apt/sources.list new file mode 100644 index 0000000..a1fbdb0 --- /dev/null +++ b/archived/buster/etc_files/old_server/etc/apt/sources.list @@ -0,0 +1,4 @@ +deb http://deb.debian.org/debian stretch main contrib non-free +deb http://deb.debian.org/debian-security/ stretch/updates main contrib non-free +deb http://deb.debian.org/debian stretch-updates main contrib non-free +deb http://ftp.debian.org/debian stretch-backports main contrib non-free diff --git a/archived/buster/etc_files/play/etc/systemd/system/encrypt_chatlogs.service b/archived/buster/etc_files/play/etc/systemd/system/encrypt_chatlogs.service new file mode 100644 index 0000000..bc81613 --- /dev/null +++ b/archived/buster/etc_files/play/etc/systemd/system/encrypt_chatlogs.service @@ -0,0 +1,6 @@ +[Unit] +Description=Attempt encryption of old chat logs +[Service] +Type=oneshot +User=plom +ExecStart=/bin/sh -c '~/weechatlogs_encrypter.sh' diff --git a/archived/buster/etc_files/play/etc/systemd/system/encrypt_chatlogs.timer b/archived/buster/etc_files/play/etc/systemd/system/encrypt_chatlogs.timer new file mode 100644 index 0000000..79a6e1e --- /dev/null +++ b/archived/buster/etc_files/play/etc/systemd/system/encrypt_chatlogs.timer @@ -0,0 +1,8 @@ +[Unit] +Description=Attempt encryption of old chatlogs once every minute. + +[Timer] +OnCalendar=*-*-* *:*:00 + +[Install] +WantedBy=timers.target \ No newline at end of file diff --git a/archived/buster/etc_files/pleroma/var/lib/pleroma/static/instance/panel.html b/archived/buster/etc_files/pleroma/var/lib/pleroma/static/instance/panel.html new file mode 100644 index 0000000..8e2e67f --- /dev/null +++ b/archived/buster/etc_files/pleroma/var/lib/pleroma/static/instance/panel.html @@ -0,0 +1,4 @@ +<div style="margin: 1em;"> + <p>Privacy: Visitor IP addresses are anonymized in the logs.</p> + <p>Contact: See <a href="https://plomlompom.com/contact.html">plomlompom.com contact page</a>.</p> +</div> diff --git a/archived/buster/etc_files/pleroma/var/lib/pleroma/static/robots.txt b/archived/buster/etc_files/pleroma/var/lib/pleroma/static/robots.txt new file mode 100644 index 0000000..eb05362 --- /dev/null +++ b/archived/buster/etc_files/pleroma/var/lib/pleroma/static/robots.txt @@ -0,0 +1,2 @@ +User-agent: * +Disallow: diff --git a/archived/buster/etc_files/pleroma/var/lib/pleroma/static/static/terms-of-service.html b/archived/buster/etc_files/pleroma/var/lib/pleroma/static/static/terms-of-service.html new file mode 100644 index 0000000..7268bac --- /dev/null +++ b/archived/buster/etc_files/pleroma/var/lib/pleroma/static/static/terms-of-service.html @@ -0,0 +1 @@ +This is <a href="https://plomlompom.com">plomlompom</a>'s personal single-user Pleroma instance. diff --git a/archived/buster/etc_files/server/etc/nftables.conf b/archived/buster/etc_files/server/etc/nftables.conf new file mode 100755 index 0000000..efbc182 --- /dev/null +++ b/archived/buster/etc_files/server/etc/nftables.conf @@ -0,0 +1,20 @@ +#!/usr/sbin/nft -f + +flush ruleset + +table inet filter { + chain input { + type filter hook input priority 0; policy drop; + iif lo accept comment "accept localhost traffic" + ct state invalid drop comment "drop invalid connections" + ct state established, related accept comment "accept traffic originated from us" + tcp dport 22 accept comment "accept SSH on default port" + ip protocol icmp icmp type echo-request accept comment "accept ICMP for pinging" + } + chain forward { + type filter hook forward priority 0; policy drop; + } + chain output { + type filter hook output priority 0; policy accept; + } +} diff --git a/archived/buster/etc_files/server/etc/ssh/sshd_config b/archived/buster/etc_files/server/etc/ssh/sshd_config new file mode 100644 index 0000000..857962b --- /dev/null +++ b/archived/buster/etc_files/server/etc/ssh/sshd_config @@ -0,0 +1,124 @@ +# $OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $ + +# This is the sshd server system-wide configuration file. See +# sshd_config(5) for more information. + +# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin + +# The strategy used for options in the default sshd_config shipped with +# OpenSSH is to specify options with their default value where +# possible, but leave them commented. Uncommented options override the +# default value. + +Port 22 +#AddressFamily any +#ListenAddress 0.0.0.0 +#ListenAddress :: + +#HostKey /etc/ssh/ssh_host_rsa_key +#HostKey /etc/ssh/ssh_host_ecdsa_key +#HostKey /etc/ssh/ssh_host_ed25519_key + +# Ciphers and keying +#RekeyLimit default none + +# Logging +#SyslogFacility AUTH +#LogLevel INFO + +# Authentication: + +#LoginGraceTime 2m +PermitRootLogin no # plomlompom's security rule +#StrictModes yes +#MaxAuthTries 6 +#MaxSessions 10 + +#PubkeyAuthentication yes + +# Expect .ssh/authorized_keys2 to be disregarded by default in future. +#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2 + +#AuthorizedPrincipalsFile none + +#AuthorizedKeysCommand none +#AuthorizedKeysCommandUser nobody + +# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts +#HostbasedAuthentication no +# Change to yes if you don't trust ~/.ssh/known_hosts for +# HostbasedAuthentication +#IgnoreUserKnownHosts no +# Don't read the user's ~/.rhosts and ~/.shosts files +#IgnoreRhosts yes + +# To disable tunneled clear text passwords, change to no here! +#PasswordAuthentication yes +#PermitEmptyPasswords no + +# Change to yes to enable challenge-response passwords (beware issues with +# some PAM modules and threads) +ChallengeResponseAuthentication no + +# Kerberos options +#KerberosAuthentication no +#KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes +#KerberosGetAFSToken no + +# GSSAPI options +#GSSAPIAuthentication no +#GSSAPICleanupCredentials yes +#GSSAPIStrictAcceptorCheck yes +#GSSAPIKeyExchange no + +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will +# be allowed through the ChallengeResponseAuthentication and +# PasswordAuthentication. Depending on your PAM configuration, +# PAM authentication via ChallengeResponseAuthentication may bypass +# the setting of "PermitRootLogin yes +# If you just want the PAM account and session checks to run without +# PAM authentication, then enable this but set PasswordAuthentication +# and ChallengeResponseAuthentication to 'no'. +UsePAM yes + +#AllowAgentForwarding yes +#AllowTcpForwarding yes +#GatewayPorts no +X11Forwarding yes +#X11DisplayOffset 10 +#X11UseLocalhost yes +#PermitTTY yes +PrintMotd no +#PrintLastLog yes +#TCPKeepAlive yes +#PermitUserEnvironment no +#Compression delayed +#ClientAliveInterval 0 +#ClientAliveCountMax 3 +#UseDNS no +#PidFile /var/run/sshd.pid +#MaxStartups 10:30:100 +#PermitTunnel no +#ChrootDirectory none +#VersionAddendum none + +# no default banner path +#Banner none + +# Allow client to pass locale environment variables +AcceptEnv LANG LC_* + +# override default of no subsystems +Subsystem sftp /usr/lib/openssh/sftp-server + +# Example of overriding settings on a per-user basis +#Match User anoncvs +# X11Forwarding no +# AllowTcpForwarding no +# PermitTTY no +# ForceCommand cvs server + +ClientAliveInterval 120 +PasswordAuthentication no # plomlompom's security rule diff --git a/archived/buster/etc_files/thinkpad/etc/default/tlp b/archived/buster/etc_files/thinkpad/etc/default/tlp new file mode 100644 index 0000000..b73846b --- /dev/null +++ b/archived/buster/etc_files/thinkpad/etc/default/tlp @@ -0,0 +1,306 @@ +# ------------------------------------------------------------------------------ +# tlp - Parameters for power saving +# See full explanation: http://linrunner.de/en/tlp/docs/tlp-configuration.html + +# Hint: some features are disabled by default, remove the leading # to enable +# them. + +# Set to 0 to disable, 1 to enable TLP. +TLP_ENABLE=1 + +# Operation mode when no power supply can be detected: AC, BAT. +# Concerns some desktop and embedded hardware only. +TLP_DEFAULT_MODE=AC + +# Operation mode select: 0=depend on power source, 1=always use TLP_DEFAULT_MODE +# Hint: use in conjunction with TLP_DEFAULT_MODE=BAT for BAT settings on AC. +TLP_PERSISTENT_DEFAULT=0 + +# Seconds laptop mode has to wait after the disk goes idle before doing a sync. +# Non-zero value enables, zero disables laptop mode. +DISK_IDLE_SECS_ON_AC=0 +DISK_IDLE_SECS_ON_BAT=2 + +# Dirty page values (timeouts in secs). +MAX_LOST_WORK_SECS_ON_AC=15 +MAX_LOST_WORK_SECS_ON_BAT=60 + +# Hint: CPU parameters below are disabled by default, remove the leading # +# to enable them, otherwise kernel default values are used. + +# Select a CPU frequency scaling governor. +# Intel Core i processor with intel_pstate driver: +# powersave(*), performance. +# Older hardware with acpi-cpufreq driver: +# ondemand(*), powersave, performance, conservative, schedutil. +# (*) is recommended. +# Hint: use tlp-stat -p to show the active driver and available governors. +# Important: +# powersave for intel_pstate and ondemand for acpi-cpufreq are power +# efficient for *almost all* workloads and therefore kernel and most +# distributions have chosen them as defaults. If you still want to change, +# you should know what you're doing! You *must* disable your distribution's +# governor settings or conflicts will occur. +#CPU_SCALING_GOVERNOR_ON_AC=powersave +#CPU_SCALING_GOVERNOR_ON_BAT=powersave + +# Set the min/max frequency available for the scaling governor. +# Possible values strongly depend on your CPU. For available frequencies see +# the output of tlp-stat -p. +#CPU_SCALING_MIN_FREQ_ON_AC=0 +#CPU_SCALING_MAX_FREQ_ON_AC=0 +#CPU_SCALING_MIN_FREQ_ON_BAT=0 +#CPU_SCALING_MAX_FREQ_ON_BAT=0 + +# Set energy performance hints (HWP) for Intel P-state governor: +# performance, balance_performance, default, balance_power, power +# Values are given in order of increasing power saving. +# Note: Intel Skylake or newer CPU and Kernel >= 4.10 required. +CPU_HWP_ON_AC=balance_performance +CPU_HWP_ON_BAT=balance_power + +# Set Intel P-state performance: 0..100 (%). +# Limit the max/min P-state to control the power dissipation of the CPU. +# Values are stated as a percentage of the available performance. +# Requires an Intel Core i processor with intel_pstate driver. +#CPU_MIN_PERF_ON_AC=0 +#CPU_MAX_PERF_ON_AC=100 +#CPU_MIN_PERF_ON_BAT=0 +#CPU_MAX_PERF_ON_BAT=30 + +# Set the CPU "turbo boost" feature: 0=disable, 1=allow +# Requires an Intel Core i processor. +# Important: +# - This may conflict with your distribution's governor settings +# - A value of 1 does *not* activate boosting, it just allows it +#CPU_BOOST_ON_AC=1 +#CPU_BOOST_ON_BAT=0 + +# Minimize number of used CPU cores/hyper-threads under light load conditions: +# 0=disable, 1=enable. +SCHED_POWERSAVE_ON_AC=0 +SCHED_POWERSAVE_ON_BAT=1 + +# Kernel NMI Watchdog: +# 0=disable (default, saves power), 1=enable (for kernel debugging only). +NMI_WATCHDOG=0 + +# Change CPU voltages aka "undervolting" - Kernel with PHC patch required. +# Frequency voltage pairs are written to: +# /sys/devices/system/cpu/cpu0/cpufreq/phc_controls +# CAUTION: only use this, if you thoroughly understand what you are doing! +#PHC_CONTROLS="F:V F:V F:V F:V" + +# Set CPU performance versus energy savings policy: +# performance, balance-performance, default, balance-power, power. +# Values are given in order of increasing power saving. +# Requires kernel module msr and x86_energy_perf_policy from linux-tools. +ENERGY_PERF_POLICY_ON_AC=performance +ENERGY_PERF_POLICY_ON_BAT=power + +# Disk devices; separate multiple devices with spaces (default: sda). +# Devices can be specified by disk ID also (lookup with: tlp diskid). +DISK_DEVICES="sda sdb" + +# Disk advanced power management level: 1..254, 255 (max saving, min, off). +# Levels 1..127 may spin down the disk; 255 allowable on most drives. +# Separate values for multiple disks with spaces. Use the special value 'keep' +# to keep the hardware default for the particular disk. +DISK_APM_LEVEL_ON_AC="254 254" +DISK_APM_LEVEL_ON_BAT="128 128" + +# Hard disk spin down timeout: +# 0: spin down disabled +# 1..240: timeouts from 5s to 20min (in units of 5s) +# 241..251: timeouts from 30min to 5.5 hours (in units of 30min) +# See 'man hdparm' for details. +# Separate values for multiple disks with spaces. Use the special value 'keep' +# to keep the hardware default for the particular disk. +#DISK_SPINDOWN_TIMEOUT_ON_AC="0 0" +#DISK_SPINDOWN_TIMEOUT_ON_BAT="0 0" + +# Select IO scheduler for the disk devices: cfq, deadline, noop (Default: cfq). +# Separate values for multiple disks with spaces. Use the special value 'keep' +# to keep the kernel default scheduler for the particular disk. +#DISK_IOSCHED="cfq cfq" + +# AHCI link power management (ALPM) for disk devices: +# min_power, med_power_with_dipm(*), medium_power, max_performance. +# (*) Kernel >= 4.15 required, then recommended. +# Multiple values separated with spaces are tried sequentially until success. +SATA_LINKPWR_ON_AC="med_power_with_dipm max_performance" +SATA_LINKPWR_ON_BAT="med_power_with_dipm min_power" + +# Exclude host devices from AHCI link power management. +# Separate multiple hosts with spaces. +#SATA_LINKPWR_BLACKLIST="host1" + +# Runtime Power Management for AHCI host and disks devices: +# on=disable, auto=enable. +# EXPERIMENTAL ** WARNING: auto will most likely cause system lockups/data loss. +#AHCI_RUNTIME_PM_ON_AC=on +#AHCI_RUNTIME_PM_ON_BAT=on + +# Seconds of inactivity before disk is suspended. +AHCI_RUNTIME_PM_TIMEOUT=15 + +# PCI Express Active State Power Management (PCIe ASPM): +# default, performance, powersave. +PCIE_ASPM_ON_AC=performance +PCIE_ASPM_ON_BAT=powersave + +# Radeon graphics clock speed (profile method): low, mid, high, auto, default; +# auto = mid on BAT, high on AC; default = use hardware defaults. +RADEON_POWER_PROFILE_ON_AC=high +RADEON_POWER_PROFILE_ON_BAT=low + +# Radeon dynamic power management method (DPM): battery, performance. +RADEON_DPM_STATE_ON_AC=performance +RADEON_DPM_STATE_ON_BAT=battery + +# Radeon DPM performance level: auto, low, high; auto is recommended. +RADEON_DPM_PERF_LEVEL_ON_AC=auto +RADEON_DPM_PERF_LEVEL_ON_BAT=auto + +# WiFi power saving mode: on=enable, off=disable; not supported by all adapters. +WIFI_PWR_ON_AC=off +WIFI_PWR_ON_BAT=on + +# Disable wake on LAN: Y/N. +WOL_DISABLE=Y + +# Enable audio power saving for Intel HDA, AC97 devices (timeout in secs). +# A value of 0 disables, >=1 enables power saving (recommended: 1). +SOUND_POWER_SAVE_ON_AC=0 +SOUND_POWER_SAVE_ON_BAT=1 + +# Disable controller too (HDA only): Y/N. +SOUND_POWER_SAVE_CONTROLLER=Y + +# Power off optical drive in UltraBay/MediaBay: 0=disable, 1=enable. +# Drive can be powered on again by releasing (and reinserting) the eject lever +# or by pressing the disc eject button on newer models. +# Note: an UltraBay/MediaBay hard disk is never powered off. +BAY_POWEROFF_ON_AC=0 +BAY_POWEROFF_ON_BAT=0 +# Optical drive device to power off (default sr0). +BAY_DEVICE="sr0" + +# Runtime Power Management for PCI(e) bus devices: on=disable, auto=enable. +RUNTIME_PM_ON_AC=on +RUNTIME_PM_ON_BAT=auto + +# Exclude PCI(e) device adresses the following list from Runtime PM +# (separate with spaces). Use lspci to get the adresses (1st column). +#RUNTIME_PM_BLACKLIST="bb:dd.f 11:22.3 44:55.6" + +# Exclude PCI(e) devices assigned to the listed drivers from Runtime PM. +# Default when unconfigured is "amdgpu nouveau nvidia radeon" which +# prevents accidential power-on of dGPU in hybrid graphics setups. +# Use "" to disable the feature completely. +# Separate multiple drivers with spaces. +#RUNTIME_PM_DRIVER_BLACKLIST="amdgpu nouveau nvidia radeon" + +# Set to 0 to disable, 1 to enable USB autosuspend feature. +USB_AUTOSUSPEND=1 + +# Exclude listed devices from USB autosuspend (separate with spaces). +# Use lsusb to get the ids. +# Note: input devices (usbhid) are excluded automatically +#USB_BLACKLIST="1111:2222 3333:4444" + +# Bluetooth devices are excluded from USB autosuspend: +# 0=do not exclude, 1=exclude. +USB_BLACKLIST_BTUSB=0 + +# Phone devices are excluded from USB autosuspend: +# 0=do not exclude, 1=exclude (enable charging). +USB_BLACKLIST_PHONE=0 + +# Printers are excluded from USB autosuspend: +# 0=do not exclude, 1=exclude. +USB_BLACKLIST_PRINTER=1 + +# WWAN devices are excluded from USB autosuspend: +# 0=do not exclude, 1=exclude. +USB_BLACKLIST_WWAN=1 + +# Include listed devices into USB autosuspend even if already excluded +# by the blacklists above (separate with spaces). +# Use lsusb to get the ids. +#USB_WHITELIST="1111:2222 3333:4444" + +# Set to 1 to disable autosuspend before shutdown, 0 to do nothing +# (workaround for USB devices that cause shutdown problems). +#USB_AUTOSUSPEND_DISABLE_ON_SHUTDOWN=1 + +# Restore radio device state (Bluetooth, WiFi, WWAN) from previous shutdown +# on system startup: 0=disable, 1=enable. +# Hint: the parameters DEVICES_TO_DISABLE/ENABLE_ON_STARTUP/SHUTDOWN below +# are ignored when this is enabled! +RESTORE_DEVICE_STATE_ON_STARTUP=0 + +# Radio devices to disable on startup: bluetooth, wifi, wwan. +# Separate multiple devices with spaces. +#DEVICES_TO_DISABLE_ON_STARTUP="bluetooth wifi wwan" + +# Radio devices to enable on startup: bluetooth, wifi, wwan. +# Separate multiple devices with spaces. +#DEVICES_TO_ENABLE_ON_STARTUP="wifi" + +# Radio devices to disable on shutdown: bluetooth, wifi, wwan. +# (workaround for devices that are blocking shutdown). +#DEVICES_TO_DISABLE_ON_SHUTDOWN="bluetooth wifi wwan" + +# Radio devices to enable on shutdown: bluetooth, wifi, wwan. +# (to prevent other operating systems from missing radios). +#DEVICES_TO_ENABLE_ON_SHUTDOWN="wwan" + +# Radio devices to enable on AC: bluetooth, wifi, wwan. +#DEVICES_TO_ENABLE_ON_AC="bluetooth wifi wwan" + +# Radio devices to disable on battery: bluetooth, wifi, wwan. +#DEVICES_TO_DISABLE_ON_BAT="bluetooth wifi wwan" + +# Radio devices to disable on battery when not in use (not connected): +# bluetooth, wifi, wwan. +#DEVICES_TO_DISABLE_ON_BAT_NOT_IN_USE="bluetooth wifi wwan" + +# Battery charge thresholds (ThinkPad only, tp-smapi or acpi-call kernel module +# required). Charging starts when the remaining capacity falls below the +# START_CHARGE_THRESH value and stops when exceeding the STOP_CHARGE_THRESH value. +# Main / Internal battery (values in %) +START_CHARGE_THRESH_BAT0=75 +STOP_CHARGE_THRESH_BAT0=80 +# Ultrabay / Slice / Replaceable battery (values in %) +#START_CHARGE_THRESH_BAT1=75 +#STOP_CHARGE_THRESH_BAT1=80 + +# Restore charge thresholds when AC is unplugged: 0=disable, 1=enable. +#RESTORE_THRESHOLDS_ON_BAT=1 + +# ------------------------------------------------------------------------------ +# tlp-rdw - Parameters for the radio device wizard +# Possible devices: bluetooth, wifi, wwan. + +# Hints: +# - Parameters are disabled by default, remove the leading # to enable them +# - Separate multiple radio devices with spaces + +# Radio devices to disable on connect. +#DEVICES_TO_DISABLE_ON_LAN_CONNECT="wifi wwan" +#DEVICES_TO_DISABLE_ON_WIFI_CONNECT="wwan" +#DEVICES_TO_DISABLE_ON_WWAN_CONNECT="wifi" + +# Radio devices to enable on disconnect. +#DEVICES_TO_ENABLE_ON_LAN_DISCONNECT="wifi wwan" +#DEVICES_TO_ENABLE_ON_WIFI_DISCONNECT="" +#DEVICES_TO_ENABLE_ON_WWAN_DISCONNECT="" + +# Radio devices to enable/disable when docked. +#DEVICES_TO_ENABLE_ON_DOCK="" +#DEVICES_TO_DISABLE_ON_DOCK="" + +# Radio devices to enable/disable when undocked. +#DEVICES_TO_ENABLE_ON_UNDOCK="wifi" +#DEVICES_TO_DISABLE_ON_UNDOCK="" diff --git a/archived/buster/etc_files/thinkpad/etc/systemd/logind.conf b/archived/buster/etc_files/thinkpad/etc/systemd/logind.conf new file mode 100644 index 0000000..1098229 --- /dev/null +++ b/archived/buster/etc_files/thinkpad/etc/systemd/logind.conf @@ -0,0 +1,6 @@ +# This file is part of systemd. +# +# See logind.conf(5) for details. + +[Login] +HandleLidSwitch=hibernate diff --git a/archived/buster/etc_files/user/etc/cups/printers.conf b/archived/buster/etc_files/user/etc/cups/printers.conf new file mode 100644 index 0000000..3475600 --- /dev/null +++ b/archived/buster/etc_files/user/etc/cups/printers.conf @@ -0,0 +1,20 @@ +# Printer configuration file for CUPS v2.2.10 +# Written by cupsd +# DO NOT EDIT THIS FILE WHEN CUPSD IS RUNNING +<Printer HP_Deskjet_F300_series> +UUID urn:uuid:e856a26d-66f8-327a-4dca-0d8a09f87a25 +Info HP Deskjet F300 series +Location +MakeModel HP Deskjet f300 Series, hpcups 3.18.12 +DeviceURI hp:/usb/Deskjet_F300_series?serial=CN63VB21TM04KH +State Idle +Type 36892 +Accepting Yes +Shared No +JobSheets none none +QuotaPeriod 0 +PageLimit 0 +KLimit 0 +OpPolicy default +ErrorPolicy retry-job +</Printer> diff --git a/archived/buster/etc_files/user/etc/default/console-setup b/archived/buster/etc_files/user/etc/default/console-setup new file mode 100644 index 0000000..090d241 --- /dev/null +++ b/archived/buster/etc_files/user/etc/default/console-setup @@ -0,0 +1,4 @@ +CHARMAP="UTF-8" +CODESET="Lat15" +FONTFACE="Terminus" +FONTSIZE="6x12" diff --git a/archived/buster/etc_files/user/opt/firefox/blank.html b/archived/buster/etc_files/user/opt/firefox/blank.html new file mode 100644 index 0000000..79e707e --- /dev/null +++ b/archived/buster/etc_files/user/opt/firefox/blank.html @@ -0,0 +1 @@ +not quite blank diff --git a/archived/buster/etc_files/user/opt/firefox/defaults/pref/autoconfig.js b/archived/buster/etc_files/user/opt/firefox/defaults/pref/autoconfig.js new file mode 100644 index 0000000..cf8ea80 --- /dev/null +++ b/archived/buster/etc_files/user/opt/firefox/defaults/pref/autoconfig.js @@ -0,0 +1,4 @@ +// We set up AutoConfig according to <https://support.mozilla.org/en-US/kb/customizing-firefox-using-autoconfig>, see firefox.cfg comments on why we need it +pref("general.config.filename", "firefox.cfg"); +pref("general.config.obscure_value", 0); + diff --git a/archived/buster/etc_files/user/opt/firefox/firefox.cfg b/archived/buster/etc_files/user/opt/firefox/firefox.cfg new file mode 100644 index 0000000..b321153 --- /dev/null +++ b/archived/buster/etc_files/user/opt/firefox/firefox.cfg @@ -0,0 +1,18 @@ +// do not put any code into this first line, as it gets ignored by Firefox + +// we zero extensions.autoDisableScopes so our pre-installed extensions activate by default +pref("extensions.autoDisableScopes", 0); + +// we turn off annoying setup popups and pages; these settings are the result more of trial and error than thorough understanding by me, so more research might be warranted to discipline them +pref("startup.homepage_welcome_url", "file:///opt/firefox/blank.html"); +pref("browser.startup.homepage", "file:///opt/firefox/blank.html"); +pref("browser.startup.blankWindow", true); +pref("datareporting.policy.firstRunURL", ""); +pref("browser.shell.checkDefaultBrowser", false); +pref("datareporting.policy.dataSubmissionPolicyBypassNotification", true); + +// use socks proxy by default +pref("network.proxy.type", 1); +pref("network.proxy.socks", "localhost"); +pref("network.proxy.socks_port", 9999); +pref("network.proxy.remote_dns", true); diff --git a/archived/buster/etc_files/user/usr/share/applications/firefox.desktop b/archived/buster/etc_files/user/usr/share/applications/firefox.desktop new file mode 100644 index 0000000..cb8d354 --- /dev/null +++ b/archived/buster/etc_files/user/usr/share/applications/firefox.desktop @@ -0,0 +1,3 @@ +[Desktop Entry] +Name=Firefox +Exec=/usr/local/bin/firefox %u diff --git a/archived/buster/etc_files/web/etc/nftables.conf b/archived/buster/etc_files/web/etc/nftables.conf new file mode 100755 index 0000000..ec6732a --- /dev/null +++ b/archived/buster/etc_files/web/etc/nftables.conf @@ -0,0 +1,22 @@ +#!/usr/sbin/nft -f + +flush ruleset + +table inet filter { + chain input { + type filter hook input priority 0; policy drop; + iif lo accept comment "accept localhost traffic" + ct state invalid drop comment "drop invalid connections" + ct state established, related accept comment "accept traffic originated from us" + tcp dport 22 accept comment "accept SSH on default port" + tcp dport 80 accept comment "accept HTTP on default port" + tcp dport 443 accept comment "accept HTTPS on default port" + ip protocol icmp icmp type echo-request accept comment "accept ICMP for pinging" + } + chain forward { + type filter hook forward priority 0; policy drop; + } + chain output { + type filter hook output priority 0; policy accept; + } +} diff --git a/archived/buster/etc_files/web/etc/nginx/nginx.conf b/archived/buster/etc_files/web/etc/nginx/nginx.conf new file mode 100644 index 0000000..8320425 --- /dev/null +++ b/archived/buster/etc_files/web/etc/nginx/nginx.conf @@ -0,0 +1,38 @@ +# system integration +user www-data; +worker_processes auto; +pid /run/nginx.pid; +include /etc/nginx/modules-enabled/*.conf; + +# is expected even if empty +events { +} + +http { + # define content-type headers + include /etc/nginx/mime.types; + charset utf-8; + + # Some standard optimizations, i.e. Debian default. Explained in + # <https://thoughts.t37.net/nginx-optimization-understanding-sendfile-tcp-nodelay-and-tcp-nopush-c55cdd276765> + # Not that I understand it all ⦠+ sendfile on; + tcp_nopush on; + tcp_nodelay on; + + # logging deactivated due to GDPR + #access_log /var/log/nginx/access.log; + #error_log /var/log/nginx/error.log; + access_log off; + error_log off; + + # virtual hosts: sites-enabled is the Debian way, conf.d the NGINX default + include /etc/nginx/conf.d/*.conf; + include /etc/nginx/sites-enabled/*; + + # Redirect all HTTP requests to HTTPS. + server { + listen 80; + return 301 https://$host$request_uri; + } +} diff --git a/archived/buster/etc_files/website/etc/gitweb.conf b/archived/buster/etc_files/website/etc/gitweb.conf new file mode 100644 index 0000000..88dea47 --- /dev/null +++ b/archived/buster/etc_files/website/etc/gitweb.conf @@ -0,0 +1,22 @@ +# path to git projects (<project>.git) +$projectroot = "/var/repos"; + +# don't show repos without git-daemon-export-ok file +$export_ok = "git-daemon-export-ok"; + +# directory to use for temp files +# explicitely set by Debian so it's probably a good choice +$git_temp = "/tmp"; + +# git-diff-tree(1) options to use for generated patches +# we don't want to to guess renames, so empty +@diff_opts = (); + +# Base path for where to find the repos for cloning. +@git_base_url_list = ('https://REPLACE_fqdn_ECALPER/repos/clone'); + +# allow snapshots +$feature{'snapshot'}{'default'} = ['zip', 'tgz']; + +# insert header for GDPR compliance +$site_header = "/var/www/header.html" diff --git a/archived/buster/etc_files/website/etc/nginx/sites-available/website.nginx b/archived/buster/etc_files/website/etc/nginx/sites-available/website.nginx new file mode 100644 index 0000000..cbad304 --- /dev/null +++ b/archived/buster/etc_files/website/etc/nginx/sites-available/website.nginx @@ -0,0 +1,40 @@ +server { + listen 443 ssl; + server_name REPLACE_fqdn_ECALPER; + ssl_certificate /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/privkey.pem; + root /var/www/html/; + index index.html index.htm index.nginx-debian.html; + + # serve /var/repos/* for HTTPS git cloning + location ~ /repos/clone(/.*) { + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend; + # Commented out so only repos are served that contain a + # git-daemon-export-ok file. + # fastcgi_param GIT_HTTP_EXPORT_ALL ""; + fastcgi_param GIT_PROJECT_ROOT /var/repos; + fastcgi_param PATH_INFO $1; + fastcgi_pass unix:/var/run/fcgiwrap.socket; + } + + # gitweb static files + location /repos/static/ { + alias /usr/share/gitweb/static/; + } + + # gitweb; this needs packages fcgiwrap and gitweb + location /repos/ { + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME /usr/share/gitweb/gitweb.cgi; + fastcgi_param GITWEB_CONFIG /etc/gitweb.conf; + fastcgi_pass unix:/var/run/fcgiwrap.socket; + } + + # login-protected IRC logs + location ~ ^/irclogs/([^/]+)/ { + auth_basic "$1 logs"; + auth_basic_user_file /var/www/irclogs_pw/$1; + autoindex on; + } +} diff --git a/archived/buster/etc_files/website/etc/systemd/system/plomlombot.service b/archived/buster/etc_files/website/etc/systemd/system/plomlombot.service new file mode 100644 index 0000000..a4f6769 --- /dev/null +++ b/archived/buster/etc_files/website/etc/systemd/system/plomlombot.service @@ -0,0 +1,11 @@ +[Unit] +Description=plomlombot screen + +[Service] +Type=simple +User=plom +ExecStart=/bin/sh -c '~/plomlombot_daemon.sh' +Restart=always + +[Install] +WantedBy=multi-user.target diff --git a/archived/buster/etc_files/x200s/etc/wicd/manager-settings.conf b/archived/buster/etc_files/x200s/etc/wicd/manager-settings.conf new file mode 100644 index 0000000..de12c6c --- /dev/null +++ b/archived/buster/etc_files/x200s/etc/wicd/manager-settings.conf @@ -0,0 +1,24 @@ +[Settings] +backend = external +wireless_interface = wls1 +wired_interface = enp0s25 +wpa_driver = wext +always_show_wired_interface = False +use_global_dns = False +global_dns_1 = None +global_dns_2 = None +global_dns_3 = None +global_dns_dom = None +global_search_dom = None +auto_reconnect = True +debug_mode = 0 +wired_connect_mode = 1 +signal_display_type = 0 +should_verify_ap = 1 +dhcp_client = 0 +link_detect_tool = 0 +flush_tool = 0 +sudo_app = 0 +prefer_wired = False +show_never_connect = True + diff --git a/archived/buster/etc_files/x220/etc/wicd/manager-settings.conf b/archived/buster/etc_files/x220/etc/wicd/manager-settings.conf new file mode 100644 index 0000000..985df76 --- /dev/null +++ b/archived/buster/etc_files/x220/etc/wicd/manager-settings.conf @@ -0,0 +1,24 @@ +[Settings] +backend = external +wireless_interface = wlp3s0 +wired_interface = enp0s25 +wpa_driver = wext +always_show_wired_interface = False +use_global_dns = False +global_dns_1 = None +global_dns_2 = None +global_dns_3 = None +global_dns_dom = None +global_search_dom = None +auto_reconnect = True +debug_mode = 0 +wired_connect_mode = 1 +signal_display_type = 0 +should_verify_ap = 1 +dhcp_client = 0 +link_detect_tool = 0 +flush_tool = 0 +sudo_app = 0 +prefer_wired = False +show_never_connect = True + diff --git a/archived/buster/home_files/eeepc/.config/i3status/config b/archived/buster/home_files/eeepc/.config/i3status/config new file mode 100644 index 0000000..207bef4 --- /dev/null +++ b/archived/buster/home_files/eeepc/.config/i3status/config @@ -0,0 +1,82 @@ +# plomlompom's i3 status bar configuration + +# Activate colors; set update interval of one second. +general { + colors = true + interval = 1 +} + +# Selection / order of status elements. +order += "disk /" +order += "disk /home/" +order += "wireless wlp2s0" +order += "ethernet enp1s0" +order += "battery 0" +order += "cpu_usage" +order += "load" +order += "cpu_temperature 0" +order += "time" +order += "volume master" + +# How much space is left in / ? +disk "/" { + format = "/: %avail of %total" + separator_block_width = 25 +} + +# How much space is left in /home/ ? +disk "/home/" { + format = "/home: %avail of %total" + separator_block_width = 25 +} + +# WLAN status: show IP and connection quality or "down". +wireless wlp2s0 { + format_up = "w: (%quality at %essid) %ip" + format_down = "w: down" + separator_block_width = 10 +} + +# Ethernet status: show IP or "down". +ethernet enp1s0 { + format_up = "e: %ip" + format_down = "e: down" + separator_block_width = 25 +} + +# Battery status: show FULL/CHARGING/BATTERY, storage, time left. +battery 0 { + format = "b: %status %percentage %remaining" + separator_block_width = 25 +} + +# Show CPU usage. +cpu_usage { + format = "cpu: %usage" + separator_block_width = 10 +} + +# Show system load during last 1/5/15 minutes. +load { + format = "%1min %5min %15min" + separator_block_width = 25 +} + +# Show CPU temperature in degrees of celsius. +cpu_temperature 0 { + format = "%degrees °C" + separator_block_width = 25 +} + +# Show date/time/timezone as "year-month-day hour:minute:second +# timezone_numeric/timezone_alphabetic". +time { + format = "%Y-%m-%d %H:%M:%S %z/%Z" + separator_block_width = 25 +} + +volume master { + format = "âª: %volume" + format_muted = "âª: muted (%volume)" + separator_block_width = 25 +} diff --git a/archived/buster/home_files/minimal/.bashrc b/archived/buster/home_files/minimal/.bashrc new file mode 100644 index 0000000..5ee9ad8 --- /dev/null +++ b/archived/buster/home_files/minimal/.bashrc @@ -0,0 +1,26 @@ +# Settings for interactive shells. + +# Fancy colors for ls. +alias ls="ls --color=auto" + +# Use vim as default editor for anything. +export VISUAL=vim +export EDITOR=$VISUAL + +# Colored prompt with username, hostname, date/time, directory. +colornumber=7 # Default to white if no color set via colornumber dotfile. +colornumber_file=~/.shell_prompt_color +if [ -f $colornumber_file ]; then + colornumber=`cat $colornumber_file` +fi +tput_color="$(tput setaf $colornumber)$(tput bold)" +tput_reset="$(tput sgr0)" +# Bash confuses the line length when not told to not count escape sequences. +if [ ! "$BASH" = "" ]; then + tput_color="\[$tput_color\]" + tput_reset="\[$tput_reset\]" +fi +PS1="${tput_color}["\$\(date\ +%Y-%m-%d/%H:%M:%S/%Z\)" $(whoami)@$(hostname):"\$\(pwd\)"]$ $tput_reset" +PS2="${tput_color}> $tput_reset" +PS3="${tput_color}select: $tput_reset" +PS4="${tput_color}+ $tput_reset" diff --git a/archived/buster/home_files/root/.shell_prompt_color b/archived/buster/home_files/root/.shell_prompt_color new file mode 100644 index 0000000..d00491f --- /dev/null +++ b/archived/buster/home_files/root/.shell_prompt_color @@ -0,0 +1 @@ +1 diff --git a/archived/buster/home_files/user/.Xresources b/archived/buster/home_files/user/.Xresources new file mode 100644 index 0000000..45b10af --- /dev/null +++ b/archived/buster/home_files/user/.Xresources @@ -0,0 +1,56 @@ +! otherwise various applications will assume merely 8 colors +XTerm.termName: xterm-256color + +! font +! actually, "mono" is already the default for faceName (it will +! pick whatever fc-match mono delivers), but we need to set _some_ +! faceName to trigger XTerm activating TrueType fonts +! (XTerm*fontRender by itself won't do the trick), and we want +! TrueType fonts because, well, they scale better, and XTerm lets them +! fall back on alternatives (hi there ttf-unifont) when a Unicode +! glyph is not found +XTerm*faceName: mono + +! white on black +XTerm*reverseVideo: on + +! blink screen instead of sound +XTerm*visualBell: on + +! proper ALT as META key treatment +XTerm*eightBitInput: false + +! font sizes +XTerm*faceSize: 8 +XTerm*faceSize1: 4 +XTerm*faceSize2: 5 +XTerm*faceSize3: 6 +XTerm*faceSize4: 8 +XTerm*faceSize5: 14 +XTerm*faceSize6: 25 + +! colors +! black +XTerm*color0: #202020 +XTerm*color8: #3F3F3F +! red +XTerm*color1: #A82020 +XTerm*color9: #E82020 +! green +XTerm*color2: #20A820 +XTerm*color10: #20E820 +! yellow +XTerm*color3: #A8A820 +XTerm*color11: #E8E820 +! blue +XTerm*color4: #3F3FFF +XTerm*color12: #9F9FFF +! magenta +XTerm*color5: #A83FFF +XTerm*color13: #E89FFF +! cyan +XTerm*color6: #3FA8FF +XTerm*color14: #9FE8FF +! white +XTerm*color7: #A8A8A8 +XTerm*color15: #E8E8E8 diff --git a/archived/buster/home_files/user/.borgrepos b/archived/buster/home_files/user/.borgrepos new file mode 100644 index 0000000..c40eee3 --- /dev/null +++ b/archived/buster/home_files/user/.borgrepos @@ -0,0 +1,4 @@ +plom@plomlompom.com +plom@mail.plomlompom.com +plom@play.plomlompom.com +# file read ends at last newline diff --git a/archived/buster/home_files/user/.config/i3/config b/archived/buster/home_files/user/.config/i3/config new file mode 100644 index 0000000..19c654e --- /dev/null +++ b/archived/buster/home_files/user/.config/i3/config @@ -0,0 +1,83 @@ +# plomlompom's i3-wm configuration + +# Font for i3 text +font pango:Terminus 8px + +# Force "tabbed" as default layout for new windows. +workspace_layout tabbed + +# Make the Windows key the modifier key for all i3-wm actions. +set $mod Mod4 +floating_modifier $mod + +# Launch xterm. +bindsym $mod+Return exec xterm + +# Launch programs via dmenu. +bindsym $mod+d exec dmenu_run +bindsym $mod+x exec dmenu_run + +# Kill window. +bindsym $mod+Shift+Q kill + +# Move focus between windows. +bindsym $mod+Left focus left +bindsym $mod+Down focus down +bindsym $mod+Up focus up +bindsym $mod+Right focus right + +# Don't move focus with mouse. +focus_follows_mouse no + +# Move windows. +bindsym $mod+Shift+Left move left +bindsym $mod+Shift+Down move down +bindsym $mod+Shift+Up move up +bindsym $mod+Shift+Right move right + +# Resize windows +bindsym $mod+h resize shrink width 1 px or 1 ppt +bindsym $mod+l resize grow width 1 px or 1 ppt +bindsym $mod+j resize shrink height +bindsym $mod+k resize grow height + +# Toggle fullscreen for focused window. +bindsym $mod+f fullscreen + +# Toggle floating of window, focus on floating or tabbed windows. +bindsym $mod+Shift+space floating toggle +bindsym $mod+space focus mode_toggle + +# Switch to workspace x. +bindsym $mod+1 workspace 1 +bindsym $mod+2 workspace 2 +bindsym $mod+3 workspace 3 +bindsym $mod+4 workspace 4 +bindsym $mod+5 workspace 5 +bindsym $mod+6 workspace 6 +bindsym $mod+7 workspace 7 +bindsym $mod+8 workspace 8 +bindsym $mod+9 workspace 9 +bindsym $mod+0 workspace 10 + +# Move window to workspace x. +bindsym $mod+Shift+exclam move workspace 1 +bindsym $mod+Shift+quotedbl move workspace 2 +bindsym $mod+Shift+section move workspace 3 +bindsym $mod+Shift+dollar move workspace 4 +bindsym $mod+Shift+percent move workspace 5 +bindsym $mod+Shift+ampersand move workspace 6 +bindsym $mod+Shift+slash move workspace 7 +bindsym $mod+Shift+parenleft move workspace 8 +bindsym $mod+Shift+parenright move workspace 9 +bindsym $mod+Shift+equal move workspace 10 + +# Reload i3 config file, restart (keeping sesion) i3, exit i3. +bindsym $mod+Shift+C reload +bindsym $mod+Shift+R restart +bindsym $mod+Shift+P exit + +# Select "i3status" as i3 status bar. +bar { + status_command i3status +} diff --git a/archived/buster/home_files/user/.emacs.d/init.el b/archived/buster/home_files/user/.emacs.d/init.el new file mode 100644 index 0000000..fbec980 --- /dev/null +++ b/archived/buster/home_files/user/.emacs.d/init.el @@ -0,0 +1,323 @@ +;; general layout +;; ============== + +;; need no stinkin emacs help screen as start up, and no menu bar +(setq inhibit-startup-screen t) +(menu-bar-mode -1) + +;; highlight cursor line, parentheses +(global-hl-line-mode 1) +(show-paren-mode 1) + +;; show line numbers, use separator space +(global-linum-mode) +(setq linum-format "%d ") + +;; count cursor column, row in mode line +(setq column-number-mode t) + +;; settings to make GUI tolerable +(if window-system + (progn + (add-to-list 'default-frame-alist '(foreground-color . "white")) + (add-to-list 'default-frame-alist '(background-color . "black")) + (set-face-attribute 'default nil :height 80) + (scroll-bar-mode -1) + (setq visible-bell t) + (setq linum-format "%d"))) + +;; use as default browser what XDG offers +(setq-default browse-url-browser-function 'browse-url-xdg-open) + + + +;; general keybindings +;; =================== + +;; create and use a minimal global map using just the self-insert command +;; bindings and a selection of some to me very common keystrokes +(setq minimal-map (make-sparse-keymap)) +(substitute-key-definition 'self-insert-command 'self-insert-command + minimal-map global-map) +(use-global-map minimal-map) +(global-set-key (kbd "DEL") 'backward-delete-char-untabify) +(global-set-key (kbd "RET") 'newline) +(global-set-key (kbd "TAB") 'indent-for-tab-command) +(global-set-key (kbd "<up>") 'previous-line) +(global-set-key (kbd "<down>") 'next-line) +(global-set-key (kbd "<left>") 'left-char) +(global-set-key (kbd "<right>") 'right-char) +(global-set-key (kbd "<prior>") 'scroll-down-command) +(global-set-key (kbd "<next>") 'scroll-up-command) +(global-set-key (kbd "M-x") 'execute-extended-command) +(global-set-key (kbd "C-g") 'keyboard-quit) +;(global-set-key (kbd "<f3>") 'kmacro-start-macro-or-insert-counter) +;(global-set-key (kbd "<f4>") 'kmacro-end-or-call-macro) +;; note how to switch back to the original map: (use-global-map global-map) +(setq shr-map (make-sparse-keymap)) ; got annoying in elfeed-show on URLs + + + +;; minibuffer +;; ========== + +;; incremental minibuffer completion +(icomplete-mode 1) + + + +;; text editing +;; ============ + +;; tabs are evil +(setq-default indent-tabs-mode nil) +(setq-default tab-width 4) +(setq indent-line-function 'insert-tab) + +;; show trailing whitespace +(setq-default show-trailing-whitespace 1) + +;; on save, ask whether to ensure text file's last line ends in a +;; newline character +(setq require-final-newline 1) + +;; use dedicated directory for version-controlled, endless backups; +;; never delete old versions +(setq make-backup-files t + backup-directory-alist `(("." . "~/.emacs_backups")) + backup-by-copying t + version-control t + delete-old-versions 1) ;; neither t nor nil: never delete + + +;; package management +;; ================== + +;; where we get packages from +(setq package-archives '(("gnu" . "https://elpa.gnu.org/packages/") + ("melpa-unstable" . "https://melpa.org/packages/") + ("melpa-stable" . "https://stable.melpa.org/packages/"))) + +;; ensure certain packages are installed (actually, we use Debian repos here) +;; credit to <https://stackoverflow.com/a/10093312> +;(setq package-list '(elfeed ledger-mode)) +;(package-initialize) +;(dolist (package package-list) +; (unless (package-installed-p package) +; (package-install package))) + + + +;;; window management +;;; ================= +; +;;; track window configurations to allow window config undo +;(winner-mode 1) + + + +;; mail setup +;; ========== + +(setq send-mail-function 'smtpmail-send-it) +(setq smtpmail-smtp-server "mail.plomlompom.com") +(setq smtpmail-smtp-service 465) +(setq smtpmail-stream-type 'ssl) +(setq smtpmail-smtp-user "plom") +(setq mml-secure-openpgp-encrypt-to-self t) +(add-hook 'message-setup-hook 'mml-secure-sign-pgpmime) + +;(setq gnutls-log-level 0) + +;; if we don't set this, we get this warning: +;; gnutls.c: [1] Note that the security level of the Diffie-Hellman key exchange +;; has been lowered to 256 bits and this may allow decryption of the session data +(setq gnutls-min-prime-bits 1024) + +;; there is a WEIRD bug somewhere in /network-stream-open-tls/ that disappears the +;; stream process, seemingly unless the /message/ function is called at the right +;; place (earliest in /nsm-verify-connection/ right before the "cond" there, latest +;; in /network-stream-get-response/ right after "(goto-char start)"; this works +;; unless /inhibit_message/ is set, indicating that writing to the *Messages* +;; buffer is not relevant, but maybe writing to the echo area is); activing the +;; gnutls logging is just a hack to achieve such calls to /message/ in the +;; /network-stream-open-tls/ flow. +(setq gnutls-log-level 1) ; miraculously makes smtpmail work + +;; constructs From: domain if mail composer directly called (from without +;; notmuch), but we don't actually intend to do that +;(setq mail-host-address "plomlompom.com") + +;; otherwise notmuch becomes extremely slow in some cases +(setq-default notmuch-show-indent-content nil) + +;; this only works if we use notmuch-mua-send instead of message-send +(setq notmuch-fcc-dirs '(("plom@plomlompom.com" . "maildir/Sent"))) + +;; this gets rid of "i-did-not-set--mail-host-address--so-tickle-me" +;; in the message ID +(setq mail-host-address "plomlompom.com") + +;; notmuch saved searches +(setq notmuch-saved-searches + '((:name "inbox" :query "tag:unread and folder:inbox") + (:name "all" :query "tag:unread not folder:maildir/Trash") + (:name "plomlompom.de" :query "tag:unread and folder:maildir/plomlompom.de") + (:name "nebenan" :query "tag:unread and folder:maildir/nebenan") + (:name "reflect-info" :query "tag:unread and folder:maildir/reflect-info") + (:name "gmail" :query "tag:unread and folder:maildir/gmail.com") + (:name "mutter" :query "tag:unread and folder:maildir/mutter"))) + + + +;; org mode +;; ======== + +;; unsure why, but to re-set the key map, we not only have to explicitely do it +;; only after org-mode loading, but also have to explicitely overwrite the +;; C-c keybinding; TODO: investigate +(with-eval-after-load 'org + (setq org-mode-map (make-sparse-keymap)) + (define-key org-mode-map (kbd "C-c") nil) + (define-key org-mode-map (kbd "TAB") 'org-cycle) + (define-key org-mode-map (kbd "<backtab>") 'org-shifttab)) + +;; don't truncate lines by default +(setq org-startup-truncated nil) + +;; basic org-capture config +(setq org-capture-templates + '(("x" "test" plain (file "~/org/notes.org") "%T: %?"))) +(add-hook 'org-capture-mode-hook 'evil-insert-state) + +;; agenda view on startup +(load-library "find-lisp") +(setq org-agenda-files (find-lisp-find-files "~/org" "\.org$")) +(setq org-agenda-span 90) +(setq org-agenda-use-time-grid nil) +(add-hook 'emacs-startup-hook (lambda () + (org-agenda-list) + (switch-to-buffer "*Org Agenda*") + (other-window 1))) + +;;; for calendar, use ISO date style +;(setq calendar-date-style 'iso) +;(setq diary-number-of-entries 7) +;(diary) +;(setq org-agenda-time-grid '((today require-timed remove-match) +; #("----------------" 0 16 (org-heading t)) +; (0 200 400 600 800 1000 1200 +; 1400 1600 1800 2000 2200))) + +;; empty org-agenda-mode keybindings +(add-hook 'org-agenda-mode-hook + (lambda () + (setq org-agenda-mode-map (make-sparse-keymap)))) +(add-hook 'org-agenda-mode-hook + (lambda () + (use-local-map (make-sparse-keymap)))) + +;; org-publish-all +(setq org-publish-project-alist + '( + ("website" + :base-directory "~/org/web/" + :base-extension "org" + :publishing-directory "~/html/" + :recursive t + :publishing-function org-html-publish-to-html + :headline-levels 4 ; Just the default for this project. + :auto-preamble t + ))) + +;; use [ki:] syntax to hide stuff from exports +(defun classify-information (text backend info) + "Replaces '[ki:WHATEVER]' with '[klassifizierte Information]'." + (replace-regexp-in-string "\\[ki:[^\]]*\]" "[klassifizierte Information]" text)) +(add-hook 'org-export-filter-plain-text-functions 'classify-information) + +;; add HTML validator link to exports +(setq org-html-validation-link "<a href=\"https://validator.w3.org/check?uri=referer\">Validate</a>") + + + +;;; Info mode +;;; ========= + +(setq Info-mode-map (make-sparse-keymap)) +(define-key Info-mode-map (kbd "RET") 'Info-follow-nearest-node) +(define-key Info-mode-map (kbd "u") 'Info-up) +(define-key Info-mode-map (kbd "TAB") 'Info-next-reference) +(define-key Info-mode-map (kbd "<backtab>") 'Info-prev-reference) +(define-key Info-mode-map (kbd "H") 'Info-history-back) +(define-key Info-mode-map (kbd "L") 'Info-history-forward) +(define-key Info-mode-map (kbd "I") 'Info-goto-node) +(define-key Info-mode-map (kbd "i") 'Info-index) + + + +;; help mode +;; ========= + +(setq help-mode-map (make-sparse-keymap)) +(define-key help-mode-map (kbd "TAB") 'forward-button) +(define-key help-mode-map (kbd "RET") 'help-follow) +(define-key help-mode-map (kbd "<backtab>") 'backward-button) + + + +;; elfeed +;; ====== + +(require 'elfeed) ; needed so we can set the font faces +(set-face-background 'elfeed-search-title-face "magenta") +(set-face-background 'elfeed-search-unread-count-face "magenta") +(setq elfeed-feeds + '("https://capsurvival.blogspot.com/feeds/posts/default" + "https://jungle.world/rss.xml" + "http://news.dieweltistgarnichtso.net/bin/index.xml" + "https://taz.de/!s=&ExportStatus=Intern&SuchRahmen=Online;rss/" + "http://www.tagesschau.de/xml/atom")) +(setq elfeed-search-mode-map (make-sparse-keymap)) +(define-key elfeed-search-mode-map (kbd "RET") 'elfeed-search-show-entry) +(defun elfeed-search-mark-as-read() (interactive) + (elfeed-search-untag-all 'unread)) +(define-key elfeed-search-mode-map (kbd "r") 'elfeed-search-mark-as-read) +(define-key elfeed-search-mode-map (kbd "R") 'elfeed-search-tag-all-unread) +(define-key elfeed-search-mode-map (kbd "f") 'elfeed-search-live-filter) +(define-key elfeed-search-mode-map (kbd "u") 'elfeed-update) +(setq elfeed-show-mode-map (make-sparse-keymap)) +(define-key elfeed-show-mode-map (kbd "u") 'elfeed) +(define-key elfeed-show-mode-map (kbd "TAB") 'shr-next-link) +(define-key elfeed-show-mode-map (kbd "<backtab>") 'shr-previous-link) +(define-key elfeed-show-mode-map (kbd "a") 'elfeed-show-prev) +(define-key elfeed-show-mode-map (kbd "d") 'elfeed-show-next) +(define-key elfeed-show-mode-map (kbd "y") 'shr-copy-url) +(define-key elfeed-show-mode-map (kbd "RET") 'shr-browse-url) + + + +;; eww +;; === + +(setq eww-mode-map (make-sparse-keymap)) +(define-key eww-mode-map (kbd "TAB") 'shr-next-link) +(define-key eww-mode-map (kbd "<backtab>") 'shr-previous-link) +(define-key eww-mode-map (kbd "H") 'eww-back-url) +(define-key eww-mode-map (kbd "L") 'eww-forward-url) + + + +;; ledger +;; ====== +(setq ledger-mode-map (make-sparse-keymap)) +(define-key ledger-mode-map (kbd "TAB") 'ledger-magic-tab) + + + +;;; plomvi mode +;;; =========== + +(defvar plomvi-return-combo (kbd "C-c")) +(load "~/public_repos/plomvi.el/plomvi.el") +(plomvi-global-mode 1) diff --git a/archived/buster/home_files/user/.gitconfig b/archived/buster/home_files/user/.gitconfig new file mode 100644 index 0000000..8967d25 --- /dev/null +++ b/archived/buster/home_files/user/.gitconfig @@ -0,0 +1,3 @@ +[user] + email = c.heller@plomlompom.de + name = Christian Heller diff --git a/archived/buster/home_files/user/.mbsyncrc b/archived/buster/home_files/user/.mbsyncrc new file mode 100644 index 0000000..6a0e5cd --- /dev/null +++ b/archived/buster/home_files/user/.mbsyncrc @@ -0,0 +1,28 @@ +IMAPAccount plom +# Address to connect to +Host mail.plomlompom.com +User plom +# For some reason, mbsync doesn't accept a PassCmd output beyond 79 chars, +# therefore the pw in ~/.authinfo should not be longer than that. +PassCmd "cat ~/.authinfo | cut -d' ' -f8-" +SSLType IMAPS +AuthMechs LOGIN + +IMAPStore core-remote +Account plom + +MaildirStore core-local +# The trailing "/" is important +Path ~/mail/maildir/ +Inbox ~/mail/inbox/ + +Channel core +Master :core-remote: +Slave :core-local: +Patterns * +# Automatically create missing mailboxes, both locally and on the server +Create Both +# Save the synchronization state files in the relevant directory +SyncState * +# If a mail is marked T ("Trashed") or deleted, remove it for real everywhere +Expunge Both diff --git a/archived/buster/home_files/user/.notmuch-config b/archived/buster/home_files/user/.notmuch-config new file mode 100644 index 0000000..9532761 --- /dev/null +++ b/archived/buster/home_files/user/.notmuch-config @@ -0,0 +1,9 @@ +[database] +path=/home/plom/mail +[search] +exclude_tags=deleted;spam; +# the fields below set the From: if the mail composer is called from +# within notmuch +[user] +name=Christian Heller +primary_email=plom@plomlompom.com diff --git a/archived/buster/home_files/user/.shell_prompt_color b/archived/buster/home_files/user/.shell_prompt_color new file mode 100644 index 0000000..0cfbf08 --- /dev/null +++ b/archived/buster/home_files/user/.shell_prompt_color @@ -0,0 +1 @@ +2 diff --git a/archived/buster/home_files/user/.tridactylrc b/archived/buster/home_files/user/.tridactylrc new file mode 100644 index 0000000..e39e5a0 --- /dev/null +++ b/archived/buster/home_files/user/.tridactylrc @@ -0,0 +1,13 @@ +sanitize tridactyllocal tridactylsync +guiset statuspanel top-right +guiset tabs autohide +set newtab file:///opt/firefox/blank.html +autocmd DocStart www.reddit.com urlmodify -t www.reddit old.reddit +bind / fillcmdline find +bind n findnext 1 +bind N findnext -1 +set findcase insensitive +bind j scrollline 3 +bind k scrollline -3 +set hintuppercase false +set searchengine duckduckgo diff --git a/archived/buster/home_files/user/.xinitrc b/archived/buster/home_files/user/.xinitrc new file mode 100644 index 0000000..c7a0a66 --- /dev/null +++ b/archived/buster/home_files/user/.xinitrc @@ -0,0 +1,17 @@ +# X init configuration + +# Set keymap. +setxkbmap de + +# Map CapsLock to Compose key. +xmodmap -e "clear Lock" +xmodmap -e "keycode 66 = Multi_key" + +# Load xterm settings +xrdb -merge ~/.Xresources + +# Redshift to Berlin, Germany. +redshift -rl 53:13 & + +# Launch window manager. +i3 diff --git a/archived/buster/home_files/user/mail_sync.sh b/archived/buster/home_files/user/mail_sync.sh new file mode 100755 index 0000000..6962800 --- /dev/null +++ b/archived/buster/home_files/user/mail_sync.sh @@ -0,0 +1,43 @@ +#!/bin/sh +set -e + +basedir="/home/plom/mail/maildir/" +# Ensure directories exist for all "dir:*" tags. +for tag in $(notmuch search --output=tags '*'); do + if [ ! $(echo "${tag}" | cut -c-4) = "dir:" ]; then + continue + fi + target_dir="${basedir}"$(echo "${tag}" | cut -c5-)"/cur/" + if [ ! -d "${target_dir}" ]; then + echo "Directory ${target_dir} does not exist." + exit 1 + fi +done + +# Ensure all "dir:*"-tagged mails are in proper directories, +# remove all "dir:*" tags. +for tag in $(notmuch search --output=tags '*'); do + if [ ! $(echo "${tag}" | cut -c-4) = "dir:" ]; then + continue + fi + target_dir="${basedir}"$(echo "${tag}" | cut -c5-)"/cur/" + for f in $(notmuch search --output=files tag:"${tag}"); do + new_name=$(basename "${f}" | sed -e 's/,U=[0-9]*//') + target_path="${target_dir}${new_name}" + if [ ! "${target_path}" = "${f}" ]; then + echo "Moving ${f} to ${target_path}." + mv "${f}" "${target_path}" + fi + done + notmuch tag -"${tag}" tag:"${tag}" +done + +# Remove all "deleted"-tagged files from maildirs. +notmuch search --output=files tag:deleted | while read f; do + echo "Deleting ${f}" + rm "${f}" +done + +# Sync changes back to server and update notmuch index. +mbsync -a +notmuch new diff --git a/archived/buster/home_files/user/public_repos/repos b/archived/buster/home_files/user/public_repos/repos new file mode 100644 index 0000000..27eb028 --- /dev/null +++ b/archived/buster/home_files/user/public_repos/repos @@ -0,0 +1,7 @@ +# List of repos we want cloned in ~/public_repos +config +pingmail.git +plomlombot-irc.git +plomrogue +plomrogue2-experiments +plomvi.el diff --git a/archived/buster/home_files/w530/.config/i3status/config b/archived/buster/home_files/w530/.config/i3status/config new file mode 100644 index 0000000..b9fb15f --- /dev/null +++ b/archived/buster/home_files/w530/.config/i3status/config @@ -0,0 +1,82 @@ +# plomlompom's i3 status bar configuration + +# Activate colors; set update interval of one second. +general { + colors = true + interval = 1 +} + +# Selection / order of status elements. +order += "disk /" +order += "disk /home/" +order += "wireless wlp3s0" +order += "ethernet enp0s25" +order += "battery 0" +order += "cpu_usage" +order += "load" +order += "cpu_temperature 0" +order += "time" +order += "volume master" + +# How much space is left in / ? +disk "/" { + format = "/: %avail available of %total" + separator_block_width = 25 +} + +# How much space is left in /home ? +disk "/home/" { + format = "/home: %avail available of %total" + separator_block_width = 25 +} + +# WLAN status: show IP and connection quality or "down". +wireless wlp3s0 { + format_up = "w: (%quality at %essid) %ip" + format_down = "w: down" + separator_block_width = 10 +} + +# Ethernet status: show IP or "down". +ethernet enp0s25 { + format_up = "e: %ip" + format_down = "e: down" + separator_block_width = 25 +} + +# Battery status: show FULL/CHARGING/BATTERY, storage, time left. +battery 0 { + format = "b: %status %percentage %remaining" + separator_block_width = 25 +} + +# Show CPU usage. +cpu_usage { + format = "cpu: %usage" + separator_block_width = 10 +} + +# Show system load during last 1/5/15 minutes. +load { + format = "%1min %5min %15min" + separator_block_width = 25 +} + +# Show CPU temperature in degrees of celsius. +cpu_temperature 0 { + format = "%degrees °C" + separator_block_width = 25 +} + +# Show date/time/timezone as "year-month-day hour:minute:second +# timezone_numeric/timezone_alphabetic". +time { + format = "%Y-%m-%d %H:%M:%S %z/%Z" + separator_block_width = 25 +} + +volume master { + format = "âª: %volume" + format_muted = "âª: muted (%volume)" + separator_block_width = 25 +} diff --git a/archived/buster/home_files/x200s/.config/i3status/config b/archived/buster/home_files/x200s/.config/i3status/config new file mode 100644 index 0000000..256f174 --- /dev/null +++ b/archived/buster/home_files/x200s/.config/i3status/config @@ -0,0 +1,82 @@ +# plomlompom's i3 status bar configuration + +# Activate colors; set update interval of one second. +general { + colors = true + interval = 1 +} + +# Selection / order of status elements. +order += "disk /" +order += "disk /home/" +order += "wireless wls1" +order += "ethernet enp0s25" +order += "battery 0" +order += "cpu_usage" +order += "load" +order += "cpu_temperature 0" +order += "time" +order += "volume master" + +# How much space is left in / ? +disk "/" { + format = "/: %avail available of %total" + separator_block_width = 25 +} + +# How much space is left in /home ? +disk "/home/" { + format = "/home: %avail available of %total" + separator_block_width = 25 +} + +# WLAN status: show IP and connection quality or "down". +wireless wls1 { + format_up = "w: (%quality at %essid) %ip" + format_down = "w: down" + separator_block_width = 10 +} + +# Ethernet status: show IP or "down". +ethernet enp0s25 { + format_up = "e: %ip" + format_down = "e: down" + separator_block_width = 25 +} + +# Battery status: show FULL/CHARGING/BATTERY, storage, time left. +battery 0 { + format = "b: %status %percentage %remaining" + separator_block_width = 25 +} + +# Show CPU usage. +cpu_usage { + format = "cpu: %usage" + separator_block_width = 10 +} + +# Show system load during last 1/5/15 minutes. +load { + format = "%1min %5min %15min" + separator_block_width = 25 +} + +# Show CPU temperature in degrees of celsius. +cpu_temperature 0 { + format = "%degrees °C" + separator_block_width = 25 +} + +# Show date/time/timezone as "year-month-day hour:minute:second +# timezone_numeric/timezone_alphabetic". +time { + format = "%Y-%m-%d %H:%M:%S %z/%Z" + separator_block_width = 25 +} + +volume master { + format = "âª: %volume" + format_muted = "âª: muted (%volume)" + separator_block_width = 25 +} diff --git a/archived/buster/home_files/x220/.config/i3status/config b/archived/buster/home_files/x220/.config/i3status/config new file mode 100644 index 0000000..b9fb15f --- /dev/null +++ b/archived/buster/home_files/x220/.config/i3status/config @@ -0,0 +1,82 @@ +# plomlompom's i3 status bar configuration + +# Activate colors; set update interval of one second. +general { + colors = true + interval = 1 +} + +# Selection / order of status elements. +order += "disk /" +order += "disk /home/" +order += "wireless wlp3s0" +order += "ethernet enp0s25" +order += "battery 0" +order += "cpu_usage" +order += "load" +order += "cpu_temperature 0" +order += "time" +order += "volume master" + +# How much space is left in / ? +disk "/" { + format = "/: %avail available of %total" + separator_block_width = 25 +} + +# How much space is left in /home ? +disk "/home/" { + format = "/home: %avail available of %total" + separator_block_width = 25 +} + +# WLAN status: show IP and connection quality or "down". +wireless wlp3s0 { + format_up = "w: (%quality at %essid) %ip" + format_down = "w: down" + separator_block_width = 10 +} + +# Ethernet status: show IP or "down". +ethernet enp0s25 { + format_up = "e: %ip" + format_down = "e: down" + separator_block_width = 25 +} + +# Battery status: show FULL/CHARGING/BATTERY, storage, time left. +battery 0 { + format = "b: %status %percentage %remaining" + separator_block_width = 25 +} + +# Show CPU usage. +cpu_usage { + format = "cpu: %usage" + separator_block_width = 10 +} + +# Show system load during last 1/5/15 minutes. +load { + format = "%1min %5min %15min" + separator_block_width = 25 +} + +# Show CPU temperature in degrees of celsius. +cpu_temperature 0 { + format = "%degrees °C" + separator_block_width = 25 +} + +# Show date/time/timezone as "year-month-day hour:minute:second +# timezone_numeric/timezone_alphabetic". +time { + format = "%Y-%m-%d %H:%M:%S %z/%Z" + separator_block_width = 25 +} + +volume master { + format = "âª: %volume" + format_muted = "âª: muted (%volume)" + separator_block_width = 25 +} diff --git a/archived/buster/other_files/append_opendkim.conf b/archived/buster/other_files/append_opendkim.conf new file mode 100644 index 0000000..ee5dc14 --- /dev/null +++ b/archived/buster/other_files/append_opendkim.conf @@ -0,0 +1,6 @@ + +# plomlompom customizations +Domain REPLACE_maildomain_ECALPER +KeyFile /etc/dkimkeys/REPLACE_selector_ECALPER.private +Selector REPLACE_selector_ECALPER +Socket inet:8892@localhost diff --git a/archived/buster/other_files/append_pleroma_config b/archived/buster/other_files/append_pleroma_config new file mode 100644 index 0000000..54a65d0 --- /dev/null +++ b/archived/buster/other_files/append_pleroma_config @@ -0,0 +1,24 @@ + +########################################## +# below this: customizations by plomlompom + +config :pleroma, :instance, + registrations_open: false, + safe_dm_mentions: true, + cleanup_attachments: true + +config :pleroma, :frontend_configurations, + pleroma_fe: %{ + showInstanceSpecificPanel: true, + background: "/pixel.png", + logo: "/pixel.png" + } + +config :pleroma, :chat, + enabled: false + +config :pleroma, Pleroma.Captcha, + enabled: false + +config :pleroma, :static_fe, + enabled: true diff --git a/archived/buster/other_files/append_postfix_main.cf b/archived/buster/other_files/append_postfix_main.cf new file mode 100644 index 0000000..385058c --- /dev/null +++ b/archived/buster/other_files/append_postfix_main.cf @@ -0,0 +1,23 @@ + +# TLS certs +smtpd_tls_cert_file=/etc/letsencrypt/live/${myhostname}/fullchain.pem +smtpd_tls_key_file=/etc/letsencrypt/live/${myhostname}/privkey.pem + +# OpenDKIM milter +non_smtpd_milters = inet:localhost:8892 +smtpd_milters = inet:localhost:8892 + +# transport mail to dovecot; not strictly needed, as even without this +# postfix will throw mail to /var/mail/USER to be found by dovecot for +# serving via IMAP etc.; but using dovecot's LMTP server for delivery +# allows us to do stuff like dovecot-side sieve filtering. +mailbox_transport = lmtp:inet:127.0.0.1:2424 + +# to authenticate on SMTP, we need a SASL mechanism; we talk to dovecot +# for this, since it provides one +smtpd_sasl_type = dovecot +smtpd_sasl_path = private/auth +smtpd_sasl_auth_enable = yes + +# we append mail domain here for if it is different than $myhostname +mydestination = $myhostname localhost.$mydomain localhost REPLACE_maildomain_ECALPER diff --git a/archived/buster/other_files/append_postfix_master.cf b/archived/buster/other_files/append_postfix_master.cf new file mode 100644 index 0000000..5d1aa3c --- /dev/null +++ b/archived/buster/other_files/append_postfix_master.cf @@ -0,0 +1,4 @@ + +# Run SMTPS on port 465, enforce TLS there. +smtps inet n - y - - smtpd + -o smtpd_tls_wrappermode=yes diff --git a/archived/buster/other_files/blog_hook_post-receive b/archived/buster/other_files/blog_hook_post-receive new file mode 100755 index 0000000..b671248 --- /dev/null +++ b/archived/buster/other_files/blog_hook_post-receive @@ -0,0 +1,17 @@ +#!/bin/sh +blog_dir=~/blog +export GIT_DIR=$(pwd) +export GIT_WORK_TREE="$blog_dir" +git checkout -f +cd "$GIT_WORK_TREE" +redo +git add metadata/author metadata/url metadata/title metadata/*.tmpl metadata/automatic_metadata captchas/linkable/* +count=$(ls -1 metadata/*.automatic_metadata 2>/dev/null | wc -l) +if [ "$count" != 0 ]; then + git add metadata/*.automatic_metadata +fi +status=$(git status -s) +n_updates=$(printf "$status" | grep -vE '^\?\?' | wc -l) +if [ "$n_updates" -gt 0 ]; then + git commit -a -m 'Update metadata' +fi diff --git a/archived/buster/other_files/dovecot.sieve b/archived/buster/other_files/dovecot.sieve new file mode 100644 index 0000000..5346309 --- /dev/null +++ b/archived/buster/other_files/dovecot.sieve @@ -0,0 +1,8 @@ +require ["fileinto"]; +require ["mailbox"]; +if address :is "from" "foo@bar.com" { + fileinto :create "foo"; +} +if address :is :domain "to" "example.com" { + fileinto :create "example.com"; +} diff --git a/archived/buster/other_files/dumpsite_index.html b/archived/buster/other_files/dumpsite_index.html new file mode 100644 index 0000000..0c2093f --- /dev/null +++ b/archived/buster/other_files/dumpsite_index.html @@ -0,0 +1,3 @@ +<!DOCTYPE html> +<meta charset="UTF-8"> +<a href="blog">Zum Blog?</a> diff --git a/archived/buster/other_files/fetchmailrc b/archived/buster/other_files/fetchmailrc new file mode 100755 index 0000000..b437563 --- /dev/null +++ b/archived/buster/other_files/fetchmailrc @@ -0,0 +1,2 @@ +# remove "keep" if you're sure about your setup; it keeps mails on server from getting deleted +poll mail.example.com protocol pop3 username "foo@example.com" password "PASSWORD" ssl keep diff --git a/archived/buster/other_files/peertube_production.yaml b/archived/buster/other_files/peertube_production.yaml new file mode 100644 index 0000000..86804e2 --- /dev/null +++ b/archived/buster/other_files/peertube_production.yaml @@ -0,0 +1,375 @@ +listen: + hostname: 'localhost' + port: 9000 + +# Correspond to your reverse proxy server_name/listen configuration +webserver: + https: true + hostname: 'example.com' + port: 443 + +rates_limit: + api: + # 50 attempts in 10 seconds + window: 10 seconds + max: 50 + login: + # 15 attempts in 5 min + window: 5 minutes + max: 15 + signup: + # 2 attempts in 5 min (only succeeded attempts are taken into account) + window: 5 minutes + max: 2 + ask_send_email: + # 3 attempts in 5 min + window: 5 minutes + max: 3 + +# Proxies to trust to get real client IP +# If you run PeerTube just behind a local proxy (nginx), keep 'loopback' +# If you run PeerTube behind a remote proxy, add the proxy IP address (or subnet) +trust_proxy: + - 'loopback' + +# Your database name will be "peertube"+database.suffix +database: + password: 'peertube' + hostname: 'localhost' + port: 5432 + suffix: '_prod' + username: 'peertube' + pool: + max: 5 + +# Redis server for short time storage +# You can also specify a 'socket' path to a unix socket but first need to +# comment out hostname and port +redis: + hostname: 'localhost' + port: 6379 + auth: null + db: 0 + +# SMTP server to send emails +smtp: + hostname: null + port: 465 # If you use StartTLS: 587 + username: null + password: null + tls: true # If you use StartTLS: false + disable_starttls: false + ca_file: null # Used for self signed certificates + from_address: 'admin@example.com' + +email: + body: + signature: "PeerTube" + subject: + prefix: "[PeerTube]" + +# From the project root directory +storage: + tmp: '/var/www/peertube/storage/tmp/' # Use to download data (imports etc), store uploaded files before processing... + avatars: '/var/www/peertube/storage/avatars/' + videos: '/var/www/peertube/storage/videos/' + streaming_playlists: '/var/www/peertube/storage/streaming-playlists/' + redundancy: '/var/www/peertube/storage/redundancy/' + logs: '/var/www/peertube/storage/logs/' + previews: '/var/www/peertube/storage/previews/' + thumbnails: '/var/www/peertube/storage/thumbnails/' + torrents: '/var/www/peertube/storage/torrents/' + captions: '/var/www/peertube/storage/captions/' + cache: '/var/www/peertube/storage/cache/' + plugins: '/var/www/peertube/storage/plugins/' + +log: + level: 'info' # debug/info/warning/error + rotation: + enabled : true # Enabled by default, if disabled make sure that 'storage.logs' is pointing to a folder handled by logrotate + maxFileSize: 12MB + maxFiles: 20 + anonymizeIP: true + +search: + # Add ability to fetch remote videos/actors by their URI, that may not be federated with your instance + # If enabled, the associated group will be able to "escape" from the instance follows + # That means they will be able to follow channels, watch videos, list videos of non followed instances + remote_uri: + users: true + anonymous: false + +trending: + videos: + interval_days: 7 # Compute trending videos for the last x days + +# Cache remote videos on your server, to help other instances to broadcast the video +# You can define multiple caches using different sizes/strategies +# Once you have defined your strategies, choose which instances you want to cache in admin -> manage follows -> following +redundancy: + videos: + check_interval: '1 hour' # How often you want to check new videos to cache + strategies: # Just uncomment strategies you want +# - +# size: '10GB' +# # Minimum time the video must remain in the cache. Only accept values > 10 hours (to not overload remote instances) +# min_lifetime: '48 hours' +# strategy: 'most-views' # Cache videos that have the most views +# - +# size: '10GB' +# # Minimum time the video must remain in the cache. Only accept values > 10 hours (to not overload remote instances) +# min_lifetime: '48 hours' +# strategy: 'trending' # Cache trending videos +# - +# size: '10GB' +# # Minimum time the video must remain in the cache. Only accept values > 10 hours (to not overload remote instances) +# min_lifetime: '48 hours' +# strategy: 'recently-added' # Cache recently added videos +# min_views: 10 # Having at least x views + +csp: + enabled: false + report_only: true # CSP directives are still being tested, so disable the report only mode at your own risk! + report_uri: + +tracker: + # If you disable the tracker, you disable the P2P aspect of PeerTube + enabled: true + # Only handle requests on your videos. + # If you set this to false it means you have a public tracker. + # Then, it is possible that clients overload your instance with external torrents + private: true + # Reject peers that do a lot of announces (could improve privacy of TCP/UDP peers) + reject_too_many_announces: false + +history: + videos: + # If you want to limit users videos history + # -1 means there is no limitations + # Other values could be '6 months' or '30 days' etc (PeerTube will periodically delete old entries from database) + max_age: -1 + +views: + videos: + # PeerTube creates a database entry every hour for each video to track views over a period of time + # This is used in particular by the Trending page + # PeerTube could remove old remote video views if you want to reduce your database size (video view counter will not be altered) + # -1 means no cleanup + # Other values could be '6 months' or '30 days' etc (PeerTube will periodically delete old entries from database) + remote: + max_age: -1 + +plugins: + # The website PeerTube will ask for available PeerTube plugins and themes + # This is an unmoderated plugin index, so only install plugins/themes you trust + index: + enabled: true + check_latest_versions_interval: '12 hours' # How often you want to check new plugins/themes versions + url: 'https://packages.joinpeertube.org' + + +############################################################################### +# +# From this point, all the following keys can be overridden by the web interface +# (local-production.json file). If you need to change some values, prefer to +# use the web interface because the configuration will be automatically +# reloaded without any need to restart PeerTube. +# +# /!\ If you already have a local-production.json file, the modification of the +# following keys will have no effect /!\. +# +############################################################################### + +cache: + previews: + size: 500 # Max number of previews you want to cache + captions: + size: 500 # Max number of video captions/subtitles you want to cache + +admin: + # Used to generate the root user at first startup + # And to receive emails from the contact form + email: 'admin@example.com' + +contact_form: + enabled: true + +signup: + enabled: false + limit: 10 # When the limit is reached, registrations are disabled. -1 == unlimited + requires_email_verification: false + filters: + cidr: # You can specify CIDR ranges to whitelist (empty = no filtering) or blacklist + whitelist: [] + blacklist: [] + +user: + # Default value of maximum video BYTES the user can upload (does not take into account transcoded files). + # -1 == unlimited + video_quota: -1 + video_quota_daily: -1 + +# If enabled, the video will be transcoded to mp4 (x264) with "faststart" flag +# In addition, if some resolutions are enabled the mp4 video file will be transcoded to these new resolutions. +# Please, do not disable transcoding since many uploaded videos will not work +transcoding: + enabled: true + # Allow your users to upload .mkv, .mov, .avi, .flv videos + allow_additional_extensions: true + # If a user uploads an audio file, PeerTube will create a video by merging the preview file and the audio file + allow_audio_files: true + threads: 1 + resolutions: # Only created if the original video has a higher resolution, uses more storage! + 0p: false # audio-only (creates mp4 without video stream, always created when enabled) + 240p: true + 360p: true + 480p: true + 720p: true + 1080p: true + 2160p: false + + # Generate videos in a WebTorrent format (what we do since the first PeerTube release) + # If you also enabled the hls format, it will multiply videos storage by 2 + # If disabled, breaks federation with PeerTube instances < 2.1 + webtorrent: + enabled: true + + # /!\ Requires ffmpeg >= 4.1 + # Generate HLS playlists and fragmented MP4 files. Better playback than with WebTorrent: + # * Resolution change is smoother + # * Faster playback in particular with long videos + # * More stable playback (less bugs/infinite loading) + # If you also enabled the webtorrent format, it will multiply videos storage by 2 + hls: + enabled: true + +import: + # Add ability for your users to import remote videos (from YouTube, torrent...) + videos: + http: # Classic HTTP or all sites supported by youtube-dl https://rg3.github.io/youtube-dl/supportedsites.html + enabled: false + # You can use an HTTP/HTTPS/SOCKS proxy with youtube-dl + proxy: + enabled: false + url: "" + torrent: # Magnet URI or torrent file (use classic TCP/UDP/WebSeed to download the file) + enabled: false + +auto_blacklist: + # New videos automatically blacklisted so moderators can review before publishing + videos: + of_users: + enabled: false + +# Instance settings +instance: + name: 'PlomTube' + short_description: '' + description: 'Personal PeerTube instance by plomlompom (see https://plomlompom.com) for his own videos.' # Support markdown + terms: '**Privacy**: Videos here are streamed via the BitTorrent protocol, which might expose your IP to other peers â see the "P2P & Privacy" section [here](/about/peertube). Internally, site visits are logged by the PeerTube software, but with IPs anonymized. **Contact**: See https://plomlompom.com/contact.html' # Support markdown + code_of_conduct: '' # Supports markdown + + # Who moderates the instance? What is the policy regarding NSFW videos? Political videos? etc + moderation_information: '' # Supports markdown + + # Why did you create this instance? + creation_reason: '' + + # Who is behind the instance? A single person? A non profit? + administrator: '' + + # How long do you plan to maintain this instance? + maintenance_lifetime: '' + + # How will you pay the PeerTube instance server? With your own funds? With users donations? Advertising? + business_model: '' + + # If you want to explain on what type of hardware your PeerTube instance runs + # Example: "2 vCore, 2GB RAM..." + hardware_information: '' # Supports Markdown + + # What are the main languages of your instance? To interact with your users for example + # Uncomment or add the languages you want + # List of supported languages: https://peertube.cpy.re/api/v1/videos/languages + languages: +# - en +# - es +# - fr + + # You can specify the main categories of your instance (dedicated to music, gaming or politics etc) + # Uncomment or add the category ids you want + # List of supported categories: https://peertube.cpy.re/api/v1/videos/categories + categories: +# - 1 # Music +# - 2 # Films +# - 3 # Vehicles +# - 4 # Art +# - 5 # Sports +# - 6 # Travels +# - 7 # Gaming +# - 8 # People +# - 9 # Comedy +# - 10 # Entertainment +# - 11 # News & Politics +# - 12 # How To +# - 13 # Education +# - 14 # Activism +# - 15 # Science & Technology +# - 16 # Animals +# - 17 # Kids +# - 18 # Food + + default_client_route: '/videos/trending' + + # Whether or not the instance is dedicated to NSFW content + # Enabling it will allow other administrators to know that you are mainly federating sensitive content + # Moreover, the NSFW checkbox on video upload will be automatically checked by default + is_nsfw: false + # By default, "do_not_list" or "blur" or "display" NSFW videos + # Could be overridden per user with a setting + default_nsfw_policy: 'do_not_list' + + customizations: + javascript: '' # Directly your JavaScript code (without <script> tags). Will be eval at runtime + css: '' # Directly your CSS code (without <style> tags). Will be injected at runtime + # Robot.txt rules. To disallow robots to crawl your instance and disallow indexation of your site, add '/' to "Disallow:' + robots: | + User-agent: * + Disallow: + # Security.txt rules. To discourage researchers from testing your instance and disable security.txt integration, set this to an empty string. + securitytxt: + "# If you would like to report a security issue\n# you may report it to:\nContact: https://github.com/Chocobozzz/PeerTube/blob/develop/SECURITY.md\nContact: mailto:" + +services: + # Cards configuration to format video in Twitter + twitter: + username: '@Chocobozzz' # Indicates the Twitter account for the website or platform on which the content was published + # If true, a video player will be embedded in the Twitter feed on PeerTube video share + # If false, we use an image link card that will redirect on your PeerTube instance + # Change it to "true", and then test on https://cards-dev.twitter.com/validator to see if you are whitelisted + whitelisted: false + +followers: + instance: + # Allow or not other instances to follow yours + enabled: true + # Whether or not an administrator must manually validate a new follower + manual_approval: false + +followings: + instance: + # If you want to automatically follow back new instance followers + # If this option is enabled, use the mute feature instead of deleting followings + # /!\ Don't enable this if you don't have a reactive moderation team /!\ + auto_follow_back: + enabled: false + + # If you want to automatically follow instances of the public index + # If this option is enabled, use the mute feature instead of deleting followings + # /!\ Don't enable this if you don't have a reactive moderation team /!\ + auto_follow_index: + enabled: false + index_url: 'https://instances.joinpeertube.org' + +theme: + default: 'default' diff --git a/archived/buster/other_files/pingmailrc b/archived/buster/other_files/pingmailrc new file mode 100644 index 0000000..46bcbfe --- /dev/null +++ b/archived/buster/other_files/pingmailrc @@ -0,0 +1,45 @@ +# place for test files whose modification times are used to track lifesigns +testdir=$HOME'/.pingmail' + +# modification time is the last time a ping was sent or a lifetime received +ping_touch=$testdir'/ping_touch' + +# modification time is when the count for sending checker a warning mail starts +reminder_touch=$testdir'/reminder_touch' + +# how long to wait for lifesigns before sending a ping; double is time to wait +# for a lifesign before sending a warning message to checker +wait_time=86400 + +# address of the checker, receives warning message after too long wait +checker_address='bar@example.org' + +# address of the checked person, ping is sent here +checked_address='foo@example.org' + +# content of ping message sent to checked person +subj2checked='[pingmail] Ping!' +msg2checked='Hi!\n +\nThis is an automated mail ping from '$checker_address'. +\nRespond to show that you are still alive!' + +# content of warning message sent to checker +id_target='foo' +subj2checker='[pingmail] No recent life signs from '$id_target +reminder_time=`expr $wait_time \* 2` +msg2checker='pingmail reporting in:\n +\nNo life signs from '$id_target' for the last '$reminder_time' seconds. +\nMaybe you should give them a call to check if they are okay.' + +# mail client command reading message body from stdin and subject from parameter +mailclient_s='mail -s' + +# mailbox file to check for most recent life sign +mbox=$HOME'/mail/foo' + +# to recursively search for most recent matches to $matchstring as lifesigns +#maildir=$HOME'/mail' + +# pattern to search $maildir for recursively for lifesigns +#checked_address_escaped=`echo $checked_address | sed 's/\./\\./g'` +#matchstring='^From: .*('$checked_address_escaped'|alternate@example\.org)' diff --git a/archived/buster/other_files/pixel.png b/archived/buster/other_files/pixel.png new file mode 100644 index 0000000..45d6db2 Binary files /dev/null and b/archived/buster/other_files/pixel.png differ diff --git a/archived/buster/other_files/pleroma_panel.html b/archived/buster/other_files/pleroma_panel.html new file mode 100644 index 0000000..8e2e67f --- /dev/null +++ b/archived/buster/other_files/pleroma_panel.html @@ -0,0 +1,4 @@ +<div style="margin: 1em;"> + <p>Privacy: Visitor IP addresses are anonymized in the logs.</p> + <p>Contact: See <a href="https://plomlompom.com/contact.html">plomlompom.com contact page</a>.</p> +</div> diff --git a/archived/buster/other_files/pleroma_robots.txt b/archived/buster/other_files/pleroma_robots.txt new file mode 100644 index 0000000..eb05362 --- /dev/null +++ b/archived/buster/other_files/pleroma_robots.txt @@ -0,0 +1,2 @@ +User-agent: * +Disallow: diff --git a/archived/buster/other_files/pleroma_terms-of-service.html b/archived/buster/other_files/pleroma_terms-of-service.html new file mode 100644 index 0000000..7268bac --- /dev/null +++ b/archived/buster/other_files/pleroma_terms-of-service.html @@ -0,0 +1 @@ +This is <a href="https://plomlompom.com">plomlompom</a>'s personal single-user Pleroma instance. diff --git a/archived/buster/other_files/plomlombot_daemon.sh b/archived/buster/other_files/plomlombot_daemon.sh new file mode 100755 index 0000000..a9285bf --- /dev/null +++ b/archived/buster/other_files/plomlombot_daemon.sh @@ -0,0 +1,62 @@ +#!/bin/sh +set -e + +# Repeatedly parse config file for GPG key and bot screen configs. +path=~/.plomlombot +db_dir="${HOME}/plomlombot_db" +irclogs_dir=/var/www/html/irclogs +irclogs_pw_dir=/var/www/irclogs_pw +hostname_mod_epoch=$(stat -c%Y /etc/hostname) +while true; do + if [ -f "${path}" ]; then + cat "${path}" | while read line; do + first_word=$(echo -n "${line}" | cut -d' ' -f1) + + # Read "bot:" line, start bot screen session from it if not yet existing, + # set up irclogs dir if not yet existing. + if [ "${first_word}" = "bot:" ]; then + session_name=$(echo -n "${line}" | cut -d' ' -f2) + bot_name=$(echo -n "${line}" | cut -d' ' -f3) + channel_name=$(echo -n "${line}" | cut -d' ' -f4) + shortened_channel_name="${channel_name}" + first_char=$(echo -n "${channel_name}" | cut -c1) + if [ "${first_char}" = "#" ]; then + shortened_channel_name=$(echo -n "${channel_name}" | cut -c2-) + fi + server_name=$(echo -n "${line}" | cut -d' ' -f5) + login_user=$(echo -n "${line}" | cut -d' ' -f6) + login_pw=$(echo -n "${line}" | cut -d' ' -f7) + add_option=$(echo -n "${line}" | cut -d' ' -f8-) + set +e + screen -S "${session_name}" -Q select . > /dev/null + start_screen=$? + set -e + if [ "${start_screen}" -eq "1" ]; then + cd ~/plomlombot-irc + LANG="en_US.UTF-8" screen -d -m -S "${session_name}" ./run.sh -r 604800 -n "${bot_name}" -s "${server_name}" -c "${channel_name}" ${add_option} + fi + md5_server=$(echo -n "${server_name}" | md5sum | cut -d' ' -f1) + md5_channel=$(echo -n "${channel_name}" | md5sum | cut -d' ' -f1) + logs_dir="${db_dir}/${md5_server}/${md5_channel}/logs" + # FIXME: Note the trouble we will have if we have the same channel + # name on different servers ⦠+ ln -sfn "${logs_dir}" "${irclogs_dir}/${shortened_channel_name}" + echo "${login_user}":'{PLAIN}'"${login_pw}" > "${irclogs_pw_dir}/${shortened_channel_name}" + + # If "gpg_key" line, encrypt old raw logs to that GPG key. + elif [ "${first_word}" = "gpg_key" ]; then + key=$(echo -n "${line}" | cut -d' ' -f2) + mkdir -p ~/plomlombot_db + cd ~/plomlombot_db + # Dirty hack: To avoid trouble with GPG key expiration, fake + # system to something reasonbly old (younger than key creation, + # older than expiration) by taking the mod datetime of + # /etc/hostname, which should have last be changed when the + # system was set up. + find . -path '*/*/raw_logs/*.txt' -mtime +1 -type f -exec gpg --recipient "${key}" --trust-model always --faked-system-time="${hostname_mod_epoch}" --encrypt {} \; -exec rm {} \; + fi + + done + sleep 1 + fi +done diff --git a/archived/buster/other_files/plomlombot_hook_post-receive b/archived/buster/other_files/plomlombot_hook_post-receive new file mode 100755 index 0000000..c4627af --- /dev/null +++ b/archived/buster/other_files/plomlombot_hook_post-receive @@ -0,0 +1,2 @@ +#!/bin/sh +GIT_WORK_TREE=/home/plom/plomlombot-irc git checkout -f diff --git a/archived/buster/other_files/url-catcher_customizations.json b/archived/buster/other_files/url-catcher_customizations.json new file mode 100644 index 0000000..acc4778 --- /dev/null +++ b/archived/buster/other_files/url-catcher_customizations.json @@ -0,0 +1,13 @@ +{ + "translations": { + "wrongCaptcha": "Captcha leider falsch.", + "invalidURL": "Falsch formatierte URL.", + "recordedURL": "URL aufgezeichnet (wird gesichtet und bei Angemessenheit dem Artikel angefügt): ", + "pleaseWait": "Zu viele Versuche von dieser IP. So viele Sekunden warten: " + }, + "mailConfig": { + "to": "plom+url_catcher@plomlompom.com", + "from": "plom+url_catcher@plomlompom.com" + }, + "slowdownReset": 3600 +} diff --git a/archived/buster/other_files/website_hook_post-receive b/archived/buster/other_files/website_hook_post-receive new file mode 100755 index 0000000..26d1cce --- /dev/null +++ b/archived/buster/other_files/website_hook_post-receive @@ -0,0 +1,2 @@ +#!/bin/sh +GIT_WORK_TREE=/var/www git checkout -f diff --git a/archived/buster/other_files/weechat-wrapper.sh b/archived/buster/other_files/weechat-wrapper.sh new file mode 100755 index 0000000..b433574 --- /dev/null +++ b/archived/buster/other_files/weechat-wrapper.sh @@ -0,0 +1,7 @@ +#!/bin/sh + +# Enforce ~/.weechatrc as sole persistent weechat config file. +rm -rf ~/.weechat/ +WEECHATCONF=`tr '\n' ';' < ~/.weechatrc` +weechat -r "$WEECHATCONF" +rm -rf ~/.weechat/ diff --git a/archived/buster/other_files/weechatlogs_encrypter.sh b/archived/buster/other_files/weechatlogs_encrypter.sh new file mode 100755 index 0000000..9e177d3 --- /dev/null +++ b/archived/buster/other_files/weechatlogs_encrypter.sh @@ -0,0 +1,16 @@ +#!/bin/sh +# Encrypt dated weechatlog files older than one day to GPG target defined in +# ~/.encrypt_target +set -e + +gpg_key=$(cat ~/.encrypt_target) +cd ~/weechatlogs/irc/ + +# Dirty hack: To avoid trouble with GPG key expiration, fake +# system to something reasonbly old (younger than key creation, +# older than expiration) by taking the mod datetime of +# /etc/hostname, which should have last be changed when the +# system was set up. +hostname_mod_epoch=$(stat -c%Y /etc/hostname) +find . -regextype posix-egrep -regex '^.*/.*/.*\.[0-9]{4}-[0-9]{2}-[0-9]{2}\.weechatlog$' -type f -mtime +1 -exec gpg --recipient "${gpg_key}" --trust-model always --faked-system-time="${hostname_mod_epoch}" --encrypt {} \; -exec rm {} \; + diff --git a/archived/buster/other_files/weechatrc b/archived/buster/other_files/weechatrc new file mode 100644 index 0000000..089c441 --- /dev/null +++ b/archived/buster/other_files/weechatrc @@ -0,0 +1,8 @@ +/set logger.file.path ~/weechatlogs +/set logger.file.flush_delay 0 +/set logger.mask.irc "irc/$server/$channel.%Y-%m-%d.weechatlog" +/set weechat.bar.status.items "[time],[buffer_last_number],[buffer_plugin],buffer_number+:+buffer_name+(buffer_modes)+{buffer_nicklist_count}+buffer_zoom+buffer_filter,[lag],[hotlist],completion,scroll,[otr]" +/set weechat.color.chat_nick_colors "lightcyan" +/server add freenode irc.freenode.net -nicks=plimlompom,plimlomp0m,pliml0mp0m -realname="foo bar" -autojoin=#plomlompomtest +/connect freenode +/bar hide buflist diff --git a/archived/buster/other_files/zettel_hook_post-receive b/archived/buster/other_files/zettel_hook_post-receive new file mode 100755 index 0000000..3bea5b2 --- /dev/null +++ b/archived/buster/other_files/zettel_hook_post-receive @@ -0,0 +1,5 @@ +#!/bin/sh +ZETTELDIR=/home/plom/zettel +GIT_WORK_TREE=$ZETTELDIR git checkout -f +cd $ZETTELDIR +redo diff --git a/archived/buster/setup_scripts/backup_app.sh b/archived/buster/setup_scripts/backup_app.sh new file mode 100755 index 0000000..9b37b14 --- /dev/null +++ b/archived/buster/setup_scripts/backup_app.sh @@ -0,0 +1,29 @@ +#!/bin/sh +set -e +set -x + +if [ "$#" -lt 3 ]; then + echo 'Need at least three arguments: service name, DB name, and backup directory names.' + false +fi +app="$1" +db_name="$2" +shift 2 + +cd /tmp +rm -rf "${app}_backup" +mkdir "${app}_backup" +chmod 777 "${app}_backup" + +service "${app}" stop + +su postgres -lc "pg_dump -d ${db_name} --format=custom -f /tmp/${app}_backup/${db_name}.pgdump" +for target in "$@"; do + mkdir -p $(dirname "${app}_backup${target}") + cp -a "${target}" "${app}_backup${target}" +done + +tar cf "${app}_backup.tar" "${app}_backup" +rm -rf "${app}_backup" +chown plom:plom "${app}_backup.tar" +mv "${app}_backup.tar" /home/plom diff --git a/archived/buster/setup_scripts/copy_dirtree.sh b/archived/buster/setup_scripts/copy_dirtree.sh new file mode 100755 index 0000000..c0cb9bf --- /dev/null +++ b/archived/buster/setup_scripts/copy_dirtree.sh @@ -0,0 +1,30 @@ +#!/bin/sh +# Copy files in argument-selected subdirectories of $1 to subdirectories +# of $2 (which may be an empty string), e.g. with $1 of "etc_files", $2 +# of "" and $3 of "all", copy files below etc_files/all such as +# etc_files/all/etc/foo/bar to equivalent locations below / such as +# /etc/foo/bar. Create directories as necessary. Multiple arguments after +# $3 are possible. +# +# CAUTION: This removes original files at the affected paths. +set -e + +if [ "$#" -lt 3 ]; then + echo 'Need arguments: source root, target root, modules.' + false +fi +source_root="$1" +target_root="$2" +shift 2 + +for target_module in "$@"; do + mkdir -p "${source_root}/${target_module}" + cd "${source_root}/${target_module}" + for path in $(find . -type f); do + target_path="${target_root}"$(echo "${path}" | cut -c2-) + source_path=$(realpath "${path}") + dir=$(dirname "${target_path}") + mkdir -p "${dir}" + cp "${source_path}" "${target_path}" + done +done diff --git a/archived/buster/setup_scripts/init_user_and_keybased_login.sh b/archived/buster/setup_scripts/init_user_and_keybased_login.sh new file mode 100755 index 0000000..298bafa --- /dev/null +++ b/archived/buster/setup_scripts/init_user_and_keybased_login.sh @@ -0,0 +1,56 @@ +#!/bin/sh +# This script turns a fresh server with password-based root access to +# one of only key-based access and only to new non-root account plom. +# +# CAUTION: This is optimized for a *fresh* setup. It will overwrite any +# pre-existing ~/.ssh/authorized_keys of user plom with one that solely +# contains the local ~/.ssh/id_rsa.pub, and also any old +# /etc/ssh/sshd_config. +# +# Dependencies: ssh, scp, sshpass, ~/.ssh/id_rsa.pub, properly +# configured sshd_config file in reach. +set -e + +# Location auf a sshd_config with "PermitRootLogin no" and +# "PasswordAuthentication no". +config_tree_prefix="${HOME}/public_repos/config/buster" +linkable_files_dir="${config_tree_prefix}/etc_files/server" +system_path_sshd_config='/etc/ssh/sshd_config' +local_path_sshd_config="${linkable_files_dir}${system_path_sshd_config}" + +# Ensure we have a server name as argument. +if [ $# -eq 0 ]; then + echo "Need server as argument." + false +fi +server="$1" + +# Ask for root password only once, sshpass will re-use it then often. +stty -echo +printf "(Old) server root password: " +read PW_ROOT +stty echo +printf "\n" +export SSHPASS="${PW_ROOT}" + +# This will be used to log-in as root from plom account. +echo 'Asking for new root password.' +ssh root@"${server}" "passwd" + +# Create user plom, and his ~/.ssh/authorized_keys based on the local +# ~/.ssh/id_rsa.pub; ensure the result has proper permissions and +# ownerships. Then disable root and pw login by copying over the +# sshd_config and restart ssh daemon. +# +# This could be a line or two shorter by using ssh-copy-id, but that +# would require setting a password for user plom otherwise not needed. +sshpass -e scp ~/.ssh/id_rsa.pub root@"${server}":/tmp/authorized_keys +sshpass -e ssh root@"${server}" \ + 'useradd -m plom && '\ + 'mkdir /home/plom/.ssh && '\ + 'chown plom:plom /home/plom/.ssh && '\ + 'chown plom:plom /tmp/authorized_keys && '\ + 'chmod u=rw,go= /tmp/authorized_keys && '\ + 'mv /tmp/authorized_keys /home/plom/.ssh/' +sshpass -e scp "${local_path_sshd_config}" root@"${server}":"${system_path_sshd_config}" +sshpass -e ssh root@"${server}" 'service ssh restart' diff --git a/archived/buster/setup_scripts/init_user_login.sh b/archived/buster/setup_scripts/init_user_login.sh new file mode 100755 index 0000000..7f3536a --- /dev/null +++ b/archived/buster/setup_scripts/init_user_login.sh @@ -0,0 +1,35 @@ +#!/bin/sh +set -e + +# Location auf a sshd_config with "PermitRootLogin no" and +# "PasswordAuthentication no". +config_tree_prefix="${HOME}/public_repos/config/buster" +linkable_files_dir="${config_tree_prefix}/etc_files/server" +system_path_sshd_config='/etc/ssh/sshd_config' +local_path_sshd_config="${linkable_files_dir}${system_path_sshd_config}" + +# Ensure we have a server name as argument. +if [ $# -eq 0 ]; then + echo "Need server as argument." + false +fi +server="$1" + +# So we're only asked once ⦠+eval $(ssh-agent) +ssh-add + +# This will be used to log-in as root from plom account. +echo 'Asking for new root password.' +ssh root@"${server}" "passwd" + +# Set up plom's ~/.ssh/authorized_keys from root's. +ssh root@"${server}" 'useradd -m plom' +ssh root@"${server}" 'mkdir /home/plom/.ssh' +ssh root@"${server}" 'chown plom:plom /home/plom/.ssh' +ssh root@"${server}" 'cp /root/.ssh/authorized_keys /home/plom/.ssh/' +ssh root@"${server}" 'chown plom:plom /home/plom/.ssh/authorized_keys' + +# Set up SSH config and remove direct SSH login to root. +scp "${local_path_sshd_config}" root@"${server}":"${system_path_sshd_config}" +ssh root@"${server}" 'rm -rf /root/.ssh && service ssh restart' diff --git a/archived/buster/setup_scripts/install_for_target.sh b/archived/buster/setup_scripts/install_for_target.sh new file mode 100755 index 0000000..853a672 --- /dev/null +++ b/archived/buster/setup_scripts/install_for_target.sh @@ -0,0 +1,20 @@ +#!/bin/sh +# Walks through the package names in the argument-selected files of +# apt-mark/ and ensures the respective packages are installed. +# +# Ignores anything in an apt-mark/ file after the last newline. +set -e + +config_tree_prefix="${HOME}/config/buster" +aptmark_dir="${config_tree_prefix}/apt-mark" + +for target in "$@"; do + path="${aptmark_dir}/${target}" + # TODO: continue if file at $path not found, to get rid of dummy files + cat "${path}" | while read line; do + echo "$line" + if [ ! $(echo "${line}" | cut -c1) = "#" ]; then + DEBIAN_FRONTEND=noninteractive apt-get -y -o Dpkg::Options::=--force-confold install "${line}" + fi + done +done diff --git a/archived/buster/setup_scripts/migrate_app.sh b/archived/buster/setup_scripts/migrate_app.sh new file mode 100755 index 0000000..9ae8c8d --- /dev/null +++ b/archived/buster/setup_scripts/migrate_app.sh @@ -0,0 +1,39 @@ +#!/bin/sh +set -e +set -x + +if [ "$#" -lt 2 ]; then + echo 'Need two arguments: old server IP, and service name.' + false +fi +if [ ! "$2" = "pleroma_otp" ] && [ ! "$2" = "pleroma_source" ] && [ ! "$2" = "peertube" ]; then + echo "Need legal service name (pleroma_otp or pleroma_source or peertube)." + false +fi +server_ip="$1" +app="$2" +service="$2" +if [ "${app}" = "pleroma_otp" ]; then + db_name="pleroma" + dirs="/var/lib/pleroma/uploads /etc/pleroma" + service=pleroma +elif [ "${app}" = "pleroma_source" ]; then + db_name="pleroma" + dirs="/var/lib/pleroma/uploads /opt/pleroma/config" + service=pleroma +elif [ "${app}" = "peertube" ]; then + db_name="peertube_prod" + dirs="/var/www/peertube/storage /var/www/peertube/config" +fi + +config_tree_prefix="${HOME}/config/buster" +setup_scripts_dir="${config_tree_prefix}/setup_scripts" + +cd "${setup_scripts_dir}" +./prepare_to_meet_server.sh "${server_ip}" +read -p'Hit Enter when you are done.' ignore +eval $(ssh-agent) && ssh-add +echo 'Enter password for root on target server next.' +ssh plom@"${server_ip}" "su -lc \"cd config/buster/setup_scripts && git pull && ./backup_app.sh ${service} ${db_name} ${dirs}\"" +scp plom@"${server_ip}":~/${service}_backup.tar /home/plom/${service}_backup.tar +./restore_app.sh "${app}" "${db_name}" diff --git a/archived/buster/setup_scripts/migrate_borg.sh b/archived/buster/setup_scripts/migrate_borg.sh new file mode 100755 index 0000000..a119b16 --- /dev/null +++ b/archived/buster/setup_scripts/migrate_borg.sh @@ -0,0 +1,17 @@ +#!/bin/sh +set -e + +if [ "$#" -ne 1 ]; then + echo 'Need old server IP.' + false +fi +old_server="$1" +config_tree_prefix="${HOME}/config/buster" +cp "${config_tree_prefix}/setup_scripts/prepare_to_meet_server.sh" /home/plom/ +chown plom:plom /home/plom/prepare_to_meet_server.sh +su -lc "./prepare_to_meet_server.sh ${old_server}" plom +read -p'Hit Enter when you are done.' ignore +rm /home/plom/prepare_to_meet_server.sh +cp "${config_tree_prefix}/setup_scripts/mirror_dir.sh" /home/plom/ +su -lc "./mirror_dir.sh ${old_server} /home/plom/borg" plom +rm /home/plom/mirror_dir.sh diff --git a/archived/buster/setup_scripts/mirror_dir.sh b/archived/buster/setup_scripts/mirror_dir.sh new file mode 100755 index 0000000..0fc03aa --- /dev/null +++ b/archived/buster/setup_scripts/mirror_dir.sh @@ -0,0 +1,23 @@ +#!/bin/sh +# Mirror directory tree from remote to local server, keeping the path. +set -e + +if [ $# -lt 2 ]; then + echo "Need server and directory as arguments." + false +fi +server=$1 +dir=$2 +path_package=/tmp/delete.tar + +eval `ssh-agent` +ssh-add +cd +ssh plom@"${server}" "cd \"${dir}\" && tar cf ${path_package} ." +scp plom@"${server}":"${path_package}" "${path_package}" +mkdir -p "${dir}" +cd "${dir}" +tar xf "${path_package}" +cd +rm "${path_package}" +ssh plom@"${server}" rm "${path_package}" diff --git a/archived/buster/setup_scripts/prepare_to_meet_server.sh b/archived/buster/setup_scripts/prepare_to_meet_server.sh new file mode 100755 index 0000000..df2aa41 --- /dev/null +++ b/archived/buster/setup_scripts/prepare_to_meet_server.sh @@ -0,0 +1,22 @@ +#!/bin/sh +# Do some of the steps necessary to SSH (key-based) with another server. +set -e + +if [ "$#" -ne 1 ]; then + echo 'Need server IP as argument.' + false +fi +target="$1" + +# We need a public key to copy over, so generate it if not found. +if [ ! -f ~/.ssh/id_rsa.pub ]; then + ssh-keygen -N "" +fi + +# Add target to ~/.ssh/known_hosts so we don't get +# asked for permission at inopportune moments. +ssh-keyscan -H "$target" >> ~/.ssh/known_hosts + +# Tell user what to do. +echo "APPEND FOLLOWING TO TARGET'S ~/.ssh/authorized_keys:" +cat ~/.ssh/id_rsa.pub diff --git a/archived/buster/setup_scripts/purge_nonrequireds.sh b/archived/buster/setup_scripts/purge_nonrequireds.sh new file mode 100755 index 0000000..af2d61b --- /dev/null +++ b/archived/buster/setup_scripts/purge_nonrequireds.sh @@ -0,0 +1,30 @@ +#!/bin/sh +# This script removes all Debian packages that are not of Priority +# "required" or not depended on by packages of priority "required" +# or not listed in the argument-selected files of apt-mark/. +set -e + +config_tree_prefix="${HOME}/config/buster" +aptmark_dir="${config_tree_prefix}/apt-mark" + +dpkg-query -Wf '${Package} ${Priority}\n' | grep ' required' | sed 's/ required//' > /tmp/list_white_unsorted +for target in "$@"; do + path="${aptmark_dir}/${target}" + cat "${path}" | while read line; do + if [ ! $(echo "${line}" | cut -c1) = "#" ]; then + echo "${line}" >> /tmp/list_white_unsorted + fi + done +done +sort /tmp/list_white_unsorted > /tmp/list_white +dpkg-query -Wf '${Package}\n' > /tmp/list_all_packages +sort /tmp/list_all_packages > /tmp/foo +mv /tmp/foo /tmp/list_all_packages +comm -3 /tmp/list_all_packages /tmp/list_white > /tmp/list_black +apt-mark auto `cat /tmp/list_black` +DEBIAN_FRONTEND=noninteractive apt-get -y --purge autoremove +rm /tmp/list_all_packages /tmp/list_white_unsorted /tmp/list_white /tmp/list_black + +# Somehow, auto-mounts get undone by all of this, so re-mount /etc/fstab. +# TODO: Find out why. +mount -a diff --git a/archived/buster/setup_scripts/restore_app.sh b/archived/buster/setup_scripts/restore_app.sh new file mode 100755 index 0000000..817c07d --- /dev/null +++ b/archived/buster/setup_scripts/restore_app.sh @@ -0,0 +1,53 @@ +#!/bin/sh +set -e +set -x + +if [ "$#" -lt 2 ]; then + echo 'Need two arguments: service name and DB name.' + false +fi +if [ ! "$1" = "pleroma_otp" ] && [ ! "$1" = "pleroma_source" ] && [ ! "$1" = "peertube" ]; then + echo "Need legal service name (pleroma_otp or pleroma_source or peertube)." + false +fi +app="$1" +db_name="$2" +service="$1" +if [ "${app}" = "pleroma_source" ] || [ "${app}" = "pleroma_otp" ]; then + service=pleroma +fi + +service "${service}" stop + +mv "/home/plom/${service}_backup.tar" /tmp/ +cd /tmp +tar xf "${service}_backup.tar" + +su postgres -c "pg_restore -c -1 -d ${db_name} ${service}_backup/${db_name}.pgdump" +rm "${service}_backup/${db_name}.pgdump" + +cd "${service}_backup" +for path in $(find . -type f); do + if [ "${app}" = "pleroma_source" ]; then + if [ "${path}" = './opt/pleroma/config/prod.secret.exs' ]; then + continue # skip file that contains passwords + fi + fi + target_path=$(echo "${path}" | cut -c2-) + source_path=$(realpath "${path}") + dir=$(dirname "${target_path}") + mkdir -p "${dir}" + cp -a "${source_path}" "${target_path}" +done + +# TODO: Horrible hack, improve. +if [ "${app}" = "pleroma_otp" ]; then + db_pw=$(cat /etc/pleroma/config.exs | grep password | sed 's/[ ]*password\: *//g' | sed 's/,//g' | sed 's/"//g') +elif [ "${app}" = "peertube" ]; then + db_pw=$(cat /var/www/peertube/config/production.yaml | grep password | head -1 | sed "s/[ ]*password\: *//g" | sed "s/'//g") +fi +if [ "${app}" = "pleroma_otp" ] || [ "${app}" = "peertube" ]; then + su postgres -lc "psql -c \"ALTER USER ${service} WITH PASSWORD '${db_pw}';\"" +fi + +service "${service}" start diff --git a/archived/buster/setup_scripts/set_hostname_and_fqdn.sh b/archived/buster/setup_scripts/set_hostname_and_fqdn.sh new file mode 100755 index 0000000..a3b9f9a --- /dev/null +++ b/archived/buster/setup_scripts/set_hostname_and_fqdn.sh @@ -0,0 +1,50 @@ +#!/bin/sh +# Sets hostname and optionally FQDN. +# +# Calls hostname, writes to /etc/hostname and /etc/hosts. For /etc/hosts +# writing follows recommendations from Debian manual at +# <https://www.debian.org/doc/manuals/debian-reference/ch05.en.html> +# (section "The hostname resolution") on how to map hostname and possibly +# FQDN to a permanent IP if present (we assume here any non-private IP +# and non-loopback IP returned by hostname -I to fulfill that criterion +# on our systems) or to 127.0.1.1 if not. On the reasoning for separating +# localhost and hostname mapping to different IPs, see +# <https://unix.stackexchange.com/a/13087>. +# +# Ignores IPv6s. +set -e + +hostname="$1" +fqdn="$2" +if [ "${hostname}" = "" ]; then + echo "Need hostname as argument." + false +fi +echo "${hostname}" > /etc/hostname +hostname "${hostname}" + +final_ip="127.0.1.1" +for ip in $(hostname -I); do + if [ $(echo "${ip}" | grep ':' | wc -l) -eq 1 ]; then + continue + fi + range_1=$(echo "${ip}" | cut -d "." -f 1) + range_2=$(echo "${ip}" | cut -d "." -f 2) + if [ "${range_1}" -eq 127 ]; then + continue + elif [ "${range_1}" -eq 10 ]; then + continue + elif [ "${range_1}" -eq 172 ]; then + if [ "${range_2}" -ge 16 ] && [ "${range_2}" -le 31 ]; then + continue + fi + elif [ "${range_1}" -eq 192 ]; then + if [ "${range_2}" -eq 168 ]; then + continue + fi + fi + final_ip="${ip}" +done + +echo "127.0.0.1 localhost.localdomain localhost" > /etc/hosts +echo "${final_ip} ${fqdn} ${hostname}" >> /etc/hosts diff --git a/archived/buster/setup_scripts/setup.sh b/archived/buster/setup_scripts/setup.sh new file mode 100755 index 0000000..cd120e9 --- /dev/null +++ b/archived/buster/setup_scripts/setup.sh @@ -0,0 +1,39 @@ +#!/bin/sh +set -e + +# Provide maximum input for set_hostname_and_fqdn.sh. +if [ "$#" -lt 2 ]; then + echo 'Need at least two arguments (hostname, FQDN).' + false +fi +hostname="$1" +fqdn="$2" +shift 2 + +config_tree_prefix="${HOME}/config/buster" +setup_scripts_dir="${config_tree_prefix}/setup_scripts" +cd "${setup_scripts_dir}" + +# Adapt /etc/ to our needs by copying from ./etc_files. This will set +# basic configurations affecting following steps, such as setup of APT +# and the locale selection, so needs to be right at the beginning. +./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" all "$@" + +# Set hostname and FQDN. +./set_hostname_and_fqdn.sh "${hostname}" "${fqdn}" + +# Ensure package installation state as defined by what packages are +# defined as required by Debian policy and by settings in ./apt-mark/. +apt update +./install_for_target.sh all "$@" +./purge_nonrequireds.sh all "$@" + +# Ensure our desired locale is available. +locale-gen + +# Only upgrade after reducing the system to the desired minimum, so that +# we don't need to get more data than necessary. +apt -y dist-upgrade + +# Set Berlin localtime. +ln -sf /usr/share/zoneinfo/Europe/Berlin /etc/localtime diff --git a/archived/buster/setup_scripts/setup_desktop.sh b/archived/buster/setup_scripts/setup_desktop.sh new file mode 100755 index 0000000..97488e1 --- /dev/null +++ b/archived/buster/setup_scripts/setup_desktop.sh @@ -0,0 +1,94 @@ +#!/bin/sh +set -e + +if [ "$#" -ne 1 ]; then + echo 'Need exactly one argument (system name).' + false +fi +if [ ! "$1" = "eeepc" ] && [ ! "$1" = "x200s" ] && [ ! "$1" = "x220" ] && [ ! "$1" = "w530" ]; then + echo "Need legal system name." + false +fi +system_name="$1" + +# Set up system without user environment. +config_tree_prefix="${HOME}/config/buster" +setup_scripts_dir="${config_tree_prefix}/setup_scripts" +cd "${setup_scripts_dir}" +if [ "$1" = "x200s" ] || [ "$1" = "x220" ] || [ "$1" = "w530" ]; then + ./setup.sh "${system_name}" "" user desktop thinkpad "${system_name}" +else + ./setup.sh "${system_name}" "" user desktop "${system_name}" +fi +# For hibernation on lid switch to work, we need a newer kernel on the EeePC, +# see <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919227>. +if [ "${system_name}" = "eeepc" ]; then + apt -y install -t buster-backports linux-image-amd64 +fi + +# Set up printer. +lpadmin -p 'HP_Deskjet_F300_series' -m 'drv:///hpcups.drv/hp-deskjet_f300_series.ppd' -o 'OutputMode=NormalGray' -E +service cups restart + +# Install Firefox directly from Mozilla. +firefox_release="68.4.1esr" +firefox_filename="firefox-${firefox_release}.tar.bz2" +url_firefox="https://ftp.mozilla.org/pub/firefox/releases/${firefox_release}/linux-x86_64/en-US/${firefox_filename}" +wget "${url_firefox}" +mv "${firefox_filename}" /opt/ +cd /opt/ +tar xf "${firefox_filename}" +rm "${firefox_filename}" +ln -s /opt/firefox/firefox /usr/local/bin/ +update-alternatives --install /usr/bin/x-www-browser x-www-browser /opt/firefox/firefox 200 +update-alternatives --set x-www-browser /opt/firefox/firefox + +# Install Firefox plugins. +# See <https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/Distribution_options/Sideloading_add-ons> +extensions_dir="/usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/" +mkdir -p "${extensions_dir}" +umatrix_version="1.4.0" +umatrix_xpi="uMatrix.firefox.xpi" +url_umatrix="https://github.com/gorhill/uMatrix/releases/download/${umatrix_version}/${umatrix_xpi}" +wget "${url_umatrix}" +name=$(unzip -p "${umatrix_xpi}" manifest.json | jq -r .applications.gecko.id) +mv "${umatrix_xpi}" "${name}".xpi +tridactyl_version="1.17.1pre3355" +tridactyl_xpi="tridactyl_beta-${tridactyl_version}-an+fx.xpi" +url_tridactyl="https://tridactyl.cmcaine.co.uk/betas/${tridactyl_xpi}" +wget "${url_tridactyl}" +name=$(unzip -p "${tridactyl_xpi}" manifest.json | jq -r .applications.gecko.id) +mv "${tridactyl_xpi}" "${name}.xpi" +mv *.xpi "${extensions_dir}" + +# Set up user environments. +secrets_dev="sdb" +source_dir_secrets="/media/${secrets_dev}/to_usb" +target_dir_secrets="/home/plom/tmp_secrets" +cd "${setup_scripts_dir}" +./copy_dirtree.sh "${config_tree_prefix}/home_files" "/root" minimal root +set +e +HOME_DIR_EXISTS=$([ ! -d "/home/plom" ]; echo $?) +set -e +adduser --disabled-password --gecos "" plom +usermod -a -G sudo plom +passwd plom +if [ "${HOME_DIR_EXISTS}" -eq 0 ]; then + echo "Put secrets drive into slot for /dev/${secrets_dev}." + while [ ! -e /dev/"${secrets_dev}" ]; do + sleep 1 + done + stty -echo + printf "Secrets passphrase: " + read secrets_pass + stty echo + echo "" # newline so user knows their input return was accepted + echo "${secrets_pass}" | pmount /dev/"${secrets_dev}" + cp -a "${source_dir_secrets}" "${target_dir_secrets}" + chown -R plom:plom "${target_dir_secrets}" + pumount "${secrets_dev}" + echo "You can remove /dev/${secrets_dev} now." + cp setup_home.sh /home/plom + chown plom:plom /home/plom/setup_home.sh + SECRETS_PASS="${secrets_pass}" su -c "cd && ./setup_home.sh ${system_name}" plom +fi diff --git a/archived/buster/setup_scripts/setup_dumpsite.sh b/archived/buster/setup_scripts/setup_dumpsite.sh new file mode 100755 index 0000000..c2592d8 --- /dev/null +++ b/archived/buster/setup_scripts/setup_dumpsite.sh @@ -0,0 +1,102 @@ +#!/bin/sh +set -e + +if [ "$#" -ne 4 ]; then + echo 'Need domain name and mail and old server and repos source ("local" or "remote"?).' + false +fi +if [ ! "$4" = "local" ] && [ ! "$4" = "remote" ]; then + echo "Need legal repo source name." + false +fi +domain="$1" +mail="$2" +old_server="$3" +repos_source="$4" + +read -p"Only continue if hostname is not domain of url_catcher's target mail address, else abort!" ignore + +# Install configs, set up firewall. +echo "postfix postfix/main_mailer_type string 'Internet Site'" | debconf-set-selections +echo "postfix postfix/mailname string $(hostname -f)" | debconf-set-selections +config_tree_prefix="${HOME}/config/buster" +./install_for_target.sh web dumpsite +./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" web dumpsite +nft -f /etc/nftables.conf + +# Set up letsencrypt certificate. TODO: Is it auto-renewed? +ln -sf /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default +certbot --nginx --agree-tos --redirect --no-eff-email -m "${mail}" -d "${domain}" +rm /etc/nginx/sites-enabled/default + +# Set up connection to old dump server. +cp "${config_tree_prefix}/setup_scripts/prepare_to_meet_server.sh" /home/plom/ +chown plom:plom /home/plom/prepare_to_meet_server.sh +su -lc "./prepare_to_meet_server.sh ${old_server}" plom +read -p'Hit Enter when you are done.' ignore +rm /home/plom/prepare_to_meet_server.sh + +# Set up dump dirs. +mkdir /var/www-dump +chown plom:plom /var/www-dump +dump_dir=dump +geheim_dir=geheim +su -lc "ln -s /home/plom/${dump_dir} /var/www-dump/${dump_dir}" plom +su -lc "ln -s /home/plom/${geheim_dir} /var/www-dump/${geheim_dir}" plom +cp "${config_tree_prefix}/setup_scripts/mirror_dir.sh" /home/plom/ +su -lc "./mirror_dir.sh ${old_server} /home/plom/${dump_dir}" plom +su -lc "./mirror_dir.sh ${old_server} /home/plom/${geheim_dir}" plom +su -lc "scp plom@${old_server}:/var/www-dump/password_geheim ~" plom +mv /home/plom/password_geheim /var/www-dump/password_geheim +rm /home/plom/mirror_dir.sh + +# Set up redo. +wget http://news.dieweltistgarnichtso.net/bin/archives/redo-sh.tar.gz +tar -moxzf redo-sh.tar.gz -C /usr/local + +# Set up zettel. +su -lc "git clone --mirror ${old_server}:zettel.git" plom +cp "${config_tree_prefix}/other_files/zettel_hook_post-receive" /home/plom/zettel.git/hooks/post-receive +su -lc "git clone ~/zettel.git && cd zettel && redo" plom +su -lc "ln -s /home/plom/zettel /var/www-dump/zettel" plom +# NOTE: Locally, to update content, clone zettel.git, not zettel. + +# Set up redo blog. +su -lc "git clone --mirror ${old_server}:blog.git" plom +cp "${config_tree_prefix}/other_files/blog_hook_post-receive" /home/plom/blog.git/hooks/post-receive +su -lc "git clone ~/blog.git" plom +# TODO: set up like plomlombot repo (with post-recieve hook)? +if [ "$repo_source" = "local"]; then + su -lc "git clone /var/repos/redo-blog" plom +else + su -lc "git clone https://plomlompom.com/repos/clone/redo-blog" plom +fi +su -lc "cd redo-blog && ./add_dir.sh ~/blog" plom +su -lc "cd blog && redo" plom +su -lc "ln -s /home/plom/blog/public /var/www-dump/blog" plom +# NOTE: Locally, to update content, clone blog.git, not blog. + +# Set up url catcher. +# TODO: set up like plomlombot repo (with post-recieve hook)? +if [ "$repo_source" = "local"]; then + su -lc "git clone /var/repos/url-catcher" plom +else + su -lc "git clone https://plomlompom.com/repos/clone/url-catcher" plom +fi +su -lc "cd url-catcher && ln -s ../blog/captchas/linkable/ captchas" plom +cp "${config_tree_prefix}/other_files/url-catcher_customizations.json" /home/plom/url-catcher/customizations.json +systemctl enable url_catcher.service +service url_catcher start +cp "${config_tree_prefix}/setup_scripts/mirror_dir.sh" /home/plom/ +su -lc "./mirror_dir.sh ${old_server} /home/plom/url-catcher/ips" plom +su -lc "./mirror_dir.sh ${old_server} /home/plom/url-catcher/lists" plom +rm /home/plom/mirror_dir.sh + +# Set up index.html +cp "${config_tree_prefix}/other_files/dumpsite_index.html" /var/www-dump/index.html + +# Prepare NGINX. +sed -i "s/REPLACE_fqdn_ECALPER/${domain}/g" /etc/nginx/sites-available/dumpsite.nginx +ln -s /etc/nginx/sites-available/dumpsite.nginx /etc/nginx/sites-enabled/dumpsite.nginx + +service nginx restart diff --git a/archived/buster/setup_scripts/setup_home.sh b/archived/buster/setup_scripts/setup_home.sh new file mode 100755 index 0000000..24f4c67 --- /dev/null +++ b/archived/buster/setup_scripts/setup_home.sh @@ -0,0 +1,102 @@ +#!/bin/sh +set -e + +if [ "$#" -ne 1 ]; then + echo 'Need exactly one argument (system name).' + false +fi +if [ ! "$1" = "eeepc" ] && [ ! "$1" = "x200s" ]&& [ ! "$1" = "x220" ]; then + echo "Need legal system name." + false +fi +system_name="$1" + +public_repos_dir="${HOME}/public_repos" +config_tree_prefix="${public_repos_dir}/config" +path_borgscript="${config_tree_prefix}/all_new_2018/borg.sh" +config_tree_buster="${config_tree_prefix}/buster" +setup_scripts_dir="${config_tree_buster}/setup_scripts" +repos_list_file="${public_repos_dir}/repos" +dir_secrets="${HOME}/tmp_secrets" +borgkeys_dir=~/.config/borg/keys +borgrepos_file=~/.borgrepos +ssh_dir=~/.ssh +authinfo_file=.authinfo +maildir=~/mail/maildir + +ensure_repo() { + repo_name="${1}" + if [ ! -d "${public_repos_dir}/${repo_name}" ]; then + cd "${public_repos_dir}" + git clone plom@plomlompom.com:/var/repos/${repo_name} + fi +} + +# Set up iniitial non-public parts of infrastructure: SSH authentication. +cd "${dir_secrets}" +mkdir -p "${ssh_dir}" +echo "Setting up .ssh" +cp id_rsa ~/.ssh +stty -echo +ssh-keygen -y -f ~/.ssh/id_rsa > ~/.ssh/id_rsa.pub +stty echo +eval $(ssh-agent) +ssh-add +ssh-keyscan -H "plomlompom.com" >> ~/.ssh/known_hosts + +# Clone config to copy dotfiles etc. from it. +cd +mkdir -p "${public_repos_dir}" +ensure_repo config +cd "${setup_scripts_dir}" +./copy_dirtree.sh "${config_tree_buster}/home_files" "${HOME}" minimal user "${system_name}" + +# Set up native messenger for tridactyl. +version='ef9f02d0da258f68d7faf8898707f6d83d90d07a' +curl -fsSl "https://raw.githubusercontent.com/tridactyl/tridactyl/${version}/native/install.sh" | bash + +# Set up further non-public parts of infrastructure. +cd "${dir_secrets}" +script -c 'gpg --import secret_keys.asc' /dev/null +tar xf borg_keyfiles.tar +mkdir -p "${borgkeys_dir}" +mv borg_keyfiles/* "${borgkeys_dir}" +# .authinfo may not be present on every secrets drive yet +if [ -f "${authinfo_file}" ]; then + cp "${authinfo_file}" ~ +fi +cd +rm -rf "${dir_secrets}" + +# Sync org dir via borgbackup. For this we need the borgbackup servers +# in our .ssh/known_hosts file. +cat "${borgrepos_file}" | while read line; do + first_char=$(echo "${line}" | cut -c1) + if [ "${first_char}" = "#" ]; then + continue + fi + server=$(echo "${line}" | sed 's/.*@//') + ssh-keyscan "${server}" >> "${ssh_dir}"/known_hosts +done +BORG_PASSPHRASE="${SECRETS_PASS}" "${path_borgscript}" orgpull + +# Fill ~/public_repos. +cat "${repos_list_file}" | while read line; do + first_char=$(echo "${line}" | cut -c1) + if [ "${first_char}" = "#" ]; then + continue + fi + ensure_repo "${line}" +done + +# Set up e-mail system. Note that we only do mbsync if the imap pass file +# is found. It may not be present on every secrets drive yet, so we have to +# deal with the possibility of it being absent at this point. +mkdir -p "${maildir}" # expected by mbsync/isync +if [ -f "${HOME}/${authinfo_file}" ]; then + mbsync -a + notmuch new +fi + +# Final note on how to integrate tridactyl. +echo "TODO: As tridactyl user, don't forget to do :source on the first Firefox run, wait a little while (Tridactyl needs to walk through all commands in the .tridactylrc) and then re-start." diff --git a/archived/buster/setup_scripts/setup_mail.sh b/archived/buster/setup_scripts/setup_mail.sh new file mode 100755 index 0000000..c749f27 --- /dev/null +++ b/archived/buster/setup_scripts/setup_mail.sh @@ -0,0 +1,121 @@ +#!/bin/sh +set -e + +# Check we have the necessary arguments. +if [ "$#" -lt 1 ]; then + echo 'Need mail for letsencrypt, mail domain, and optionally old server IP.' + false +fi +mail="$1" +mail_domain="$2" +old_server="$3" + +read -p'You sure you entered the correct mail domain? (not the server domain, but what comes after the @ in your mail addresses) If not, abort here!' ignore + +config_tree_prefix="${HOME}/config/buster" +echo "postfix postfix/main_mailer_type string 'Internet Site'" | debconf-set-selections +echo "postfix postfix/mailname string ${mail_domain}" | debconf-set-selections +./install_for_target.sh mail +./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" mail +nft -f /etc/nftables.conf + +# Rebuild aliases DB from /etc/aliases +newaliases + +# Update config files without overwriting defaults. +cat "${config_tree_prefix}/other_files/append_postfix_main.cf" >> /etc/postfix/main.cf +cat "${config_tree_prefix}/other_files/append_postfix_master.cf" >> /etc/postfix/master.cf +cat "${config_tree_prefix}/other_files/append_opendkim.conf" >> /etc/opendkim.conf + +# Set up letsencrypt certificate. We need this for STARTTLS on port +# 25/SMTP (some mail servers refuse delivering mails here if no +# STARTTLS available) and transport-layer TLS on port 465 (for +# user-to-server SMTPS) +# TODO: Is it auto-renewed? +certbot certonly --standalone --agree-tos --no-eff-email -m "${mail}" -d "$(hostname -f)" + +# For if FQDN != mail domain name. +sed -i "s/REPLACE_maildomain_ECALPER/${mail_domain}/g" /etc/mailutils.conf +sed -i "s/REPLACE_maildomain_ECALPER/${mail_domain}/g" /etc/postfix/main.cf + +# OpenDKIM setup. +selector=$(hostname)$(date +%Y%m%d) +opendkim-genkey -d "${mail_domain}" -D /etc/dkimkeys -s "${selector}" +sed -i "s/REPLACE_maildomain_ECALPER/${mail_domain}/g" /etc/opendkim.conf +sed -i "s/REPLACE_selector_ECALPER/${selector}/g" /etc/opendkim.conf + +# Dovecot sieve filtering via LMTP. Without this, mail only gets +# delivered to /var/mail/â¦, with it /var/mail/⦠remains the fallback +# inbox, but all else is sieve-filtered to ~/mail/. +cp "${config_tree_prefix}/other_files/dovecot.sieve" /home/plom/.dovecot.sieve +chown plom:plom /home/plom/.dovecot.sieve + +# In addition to our postfix server receiving mails, we funnel mails from a +# POP3 account into dovecot via fetchmail. It might make sense to adapt the +# ~/.dovecot.sieve to move mails targeted to the fetched mail account to their +# own mbox. +cp "${config_tree_prefix}/other_files/fetchmailrc" /home/plom/.fetchmailrc +chown plom:plom /home/plom/.fetchmailrc +chmod 0700 /home/plom/.fetchmailrc + +# Pingmail setup. +cp "${config_tree_prefix}/other_files/pingmailrc" /home/plom/.pingmailrc +chown plom:plom /home/plom/.pingmailrc +su -lc "cd && git clone https://plomlompom.com/repos/clone/pingmail" plom + +# To allow IMAPS access. +echo "ssl_cert = </etc/letsencrypt/live/$(hostname -f)/fullchain.pem" > /etc/dovecot/conf.d/99-ssl-certs.conf +echo "ssl_key = </etc/letsencrypt/live/$(hostname -f)/privkey.pem" >> /etc/dovecot/conf.d/99-ssl-certs.conf +password=$(pwgen -s 100 1) +echo "plom:${password}" | chpasswd + +# Get old mail data, shutdown old postfix server. +if [ "${old_server}" != "" ]; then + cp "${config_tree_prefix}/setup_scripts/prepare_to_meet_server.sh" /home/plom/ + su -lc "./prepare_to_meet_server.sh ${old_server}" plom + read -p'Hit Enter when you are done.' ignore + rm /home/plom/prepare_to_meet_server.sh + su -lc "scp plom@${old_server}:.dovecot.sieve ~" plom + su -lc "scp plom@${old_server}:.fetchmailrc ~" plom + su -lc "scp plom@${old_server}:.pingmailrc ~" plom + su -lc "ssh -t plom@${old_server} \"su -lc 'service postfix stop'\"" plom + su -lc "ssh plom@${old_server} \"su -lc 'systemctl disable fetchmail_old_account.timer'\"" plom + su -lc "ssh plom@${old_server} \"su -lc 'service fetchmail_old_account stop'\"" plom + #su -lc "ssh -t plom@${old_server} \"su -lc 'service fetchmail stop'\"" plom + cp "${config_tree_prefix}/setup_scripts/mirror_dir.sh" /home/plom/ + su -lc "./mirror_dir.sh ${old_server} /home/plom/mail" plom + rm /home/plom/mirror_dir.sh + touch /var/mail/plom + chown plom:mail /var/mail/plom + chmod 0600 /var/mail/plom + su -lc "scp plom@${old_server}:/var/mail/plom /var/mail/plom" plom +fi + +# Start everything anew to ensure new configurations. +service opendkim restart +service postfix restart +service dovecot restart + +# Pingmail and fetchmail have some systemd timers waiting. To let systemd +# know about them, do this. +systemctl daemon-reload +systemctl enable --now fetchmail_old_account.timer +systemctl enable --now pingmail.timer + +# Final advice to user. +echo "To put into DNS:" +cat "/etc/dkimkeys/${selector}.txt" +echo "If subdomain, append .subdomain to _domainkeys!" +echo "Also ensure DMARC record of 'v=DMARC1; p=none; rua=mailto:plom+dmarc@plomlompom.com;' as TXT entry at _dmarc or, if subdomain, _dmarc.subdomain" +echo "Also ensure SPF record of 'v=spf1 mx -all' as TXT entry at @ or subdomain" +echo "Also ensure reverse DNS lookup for our IP points to $(hostname -f)" +echo "Also ensure MX record of priority 10 for @ or subdomain pointing to $(hostname -f)" +echo "IMAPS password for user plom is: ${password}" +echo "Also don't forget borgbackup migration â¦" + +# todo just for proper mail /sending/: +# * how to check IP safety +# https://talosintelligence.com/reputation_center/lookup?search=$IP +# http://www.anti-abuse.org/multi-rbl-check-results/?host= +# https://www.dnsbl.info/dnsbl-database-check.php +# note that none of these catch the IPs that gmx etc. reject diff --git a/archived/buster/setup_scripts/setup_peertube.sh b/archived/buster/setup_scripts/setup_peertube.sh new file mode 100755 index 0000000..fb9afc9 --- /dev/null +++ b/archived/buster/setup_scripts/setup_peertube.sh @@ -0,0 +1,76 @@ +#!/bin/sh +set -e + +# Heavily inspired by +# <https://github.com/Chocobozzz/PeerTube/blob/develop/support/doc/production.md> +# and +# <https://github.com/Chocobozzz/PeerTube/blob/develop/support/doc/dependencies.md> + +if [ "$#" -ne 2 ]; then + echo 'Need domain name, mail_address as arguments.' + false +fi +domain="$1" +mail="$2" + +# Install dependencies, set up firewall. +config_tree_prefix="${HOME}/config/buster" +./install_for_target.sh web peertube +./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" web +nft -f /etc/nftables.conf + +# Get NodeJS. See +# <https://github.com/nodesource/distributions/blob/master/README.md> +curl -sL https://deb.nodesource.com/setup_10.x | bash - +apt-get install -y nodejs + +# Get Yarn. See +# <https://classic.yarnpkg.com/en/docs/install#debian-stable> +curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - +echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list +apt update && apt install yarn + +systemctl start redis postgresql + +# Prepare user and DB. +useradd -m -d /var/www/peertube -s /bin/bash -p peertube peertube +db_pw=$(pwgen -s 100 1) +su postgres -lc "psql -c \"CREATE USER peertube WITH PASSWORD '${db_pw}';\"" +su -l postgres -c 'createdb -O peertube -E UTF8 -T template0 peertube_prod' +su -l postgres -c 'psql -c "CREATE EXTENSION pg_trgm;" peertube_prod' +su -l postgres -c 'psql -c "CREATE EXTENSION unaccent;" peertube_prod' + +# Install and configure PeerTube from latest version. +VERSION=$(curl -s https://api.github.com/repos/chocobozzz/peertube/releases/latest | grep tag_name | cut -d '"' -f 4) && echo "Latest Peertube version is $VERSION" +cd /var/www/peertube && su -l peertube -c "mkdir config storage versions && cd versions" +su -l peertube -c "wget -q 'https://github.com/Chocobozzz/PeerTube/releases/download/${VERSION}/peertube-${VERSION}.zip'" +su -l peertube -c "unzip peertube-${VERSION}.zip && rm peertube-${VERSION}.zip" +su -l peertube -c "ln -s peertube-${VERSION} ./peertube-latest" +su -l peertube -c "cd peertube-latest && yarn install --production --pure-lockfile" + +# Configure PeerTube. +cp "${config_tree_prefix}/other_files/peertube_production.yaml" /var/www/peertube/config/production.yaml +chown peertube:peertube /var/www/peertube/config/production.yaml +sed -i "s/admin\@example\.com/${mail}/g" config/production.yaml +sed -i "s/example\.com/${domain}/g" config/production.yaml +sed -i "s/password: 'peertube'/password: '${db_pw}'/g" config/production.yaml + +# Set up letsencrypt certificate. TODO: Is it auto-renewed? +ln -sf /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default +certbot --nginx --agree-tos --redirect --no-eff-email -m "${mail}" -d "${domain}" +rm /etc/nginx/sites-enabled/default + +# Configure NGINX. +cp /var/www/peertube/peertube-latest/support/nginx/peertube /etc/nginx/sites-available/peertube +sed -i "s/peertube.example.com/${domain}/g" /etc/nginx/sites-available/peertube +sed -i -E 's/^([[:space:]]*)(access_log|error_log)([[:space:]])/\1# \2\3/g' /etc/nginx/sites-available/peertube +ln -s /etc/nginx/sites-available/peertube /etc/nginx/sites-enabled/peertube + +# Configure systemd and start PeerTube through it. +cp /var/www/peertube/peertube-latest/support/systemd/peertube.service /etc/systemd/system/ +systemctl daemon-reload +systemctl enable peertube +systemctl start peertube + +# Restart NGINX. +service nginx restart diff --git a/archived/buster/setup_scripts/setup_play.sh b/archived/buster/setup_scripts/setup_play.sh new file mode 100755 index 0000000..2f3cb7d --- /dev/null +++ b/archived/buster/setup_scripts/setup_play.sh @@ -0,0 +1,55 @@ +#!/bin/sh +set -e +set -x + +if [ "$#" -lt 1 ]; then + echo "Need public key ID and optionally old server IP." + false +fi +gpg_key="$1" +old_server="$2" + +config_tree_prefix="${HOME}/config/buster" +./install_for_target.sh play +./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" play +cp "${config_tree_prefix}/other_files/weechatrc" /home/plom/.weechatrc +cp "${config_tree_prefix}/other_files/weechat-wrapper.sh" /home/plom/ +cp "${config_tree_prefix}/other_files/weechatlogs_encrypter.sh" /home/plom/ +chown plom:plom /home/plom/*weechat* +chown plom:plom /home/plom/.weechatrc +echo "${gpg_key}" > /home/plom/.encrypt_target +chown plom:plom /home/plom/.encrypt_target + +# TODO refactor with setup_website.sh +# Add encryption key. +keyservers='sks-keyservers.net/ keys.gnupg.net' +set +e +while true; do + do_break=0 + for keyserver in $(echo "${keyservers}"); do + su plom -c "gpg --no-tty --keyserver $keyserver --recv-key ${gpg_key}" + if [ $? -eq "0" ]; then + do_break=1 + break + fi + echo "Attempt with keyserver ${keyserver} unsuccessful, trying other." + done + if [ "${do_break}" -eq "1" ]; then + break + fi +done +set -e + +if [ "${old_server}" != "" ]; then + cp "${config_tree_prefix}/setup_scripts/prepare_to_meet_server.sh" /home/plom/ + su -lc "./prepare_to_meet_server.sh ${old_server}" plom + read -p'Hit Enter when you are done.' ignore + rm /home/plom/prepare_to_meet_server.sh + su -lc "scp plom@${old_server}:.ssh/authorized_keys .ssh/authorized_keys" plom + su -lc "scp plom@${old_server}:.weechatrc ~" plom + cp "${config_tree_prefix}/setup_scripts/mirror_dir.sh" /home/plom/ + su -lc "./mirror_dir.sh ${old_server} /home/plom/weechatlogs" plom + rm /home/plom/mirror_dir.sh +fi + +systemctl enable --now encrypt_chatlogs.timer diff --git a/archived/buster/setup_scripts/setup_pleroma_otp.sh b/archived/buster/setup_scripts/setup_pleroma_otp.sh new file mode 100755 index 0000000..7a38d79 --- /dev/null +++ b/archived/buster/setup_scripts/setup_pleroma_otp.sh @@ -0,0 +1,94 @@ +#!/bin/sh +set -e +# Heavily inspired by <https://docs.pleroma.social/otp_en.html> + +if [ "$#" -ne 2 ]; then + echo 'Need domain name, mail_address as arguments.' + false +fi +domain="$1" +mail="$2" + +# Install dependencies, set up firewall. +config_tree_prefix="${HOME}/config/buster" +./install_for_target.sh web pleroma pleroma_otp +./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" web pleroma +nft -f /etc/nftables.conf + +# Set up letsencrypt certificate. TODO: Is it auto-renewed? +ln -sf /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default +certbot --nginx --agree-tos --redirect --no-eff-email -m "${mail}" -d "${domain}" +rm /etc/nginx/sites-enabled/default + +# Prepare user. +adduser --system --shell /bin/false --home /opt/pleroma pleroma + +# Download and unzip latest stable release, set up Pleroma dirs. +export FLAVOUR='amd64' +su pleroma -s $SHELL -lc " +curl 'https://git.pleroma.social/api/v4/projects/2/jobs/artifacts/stable/download?job=$FLAVOUR' -o /tmp/pleroma.zip +unzip /tmp/pleroma.zip -d /tmp/ +" +su pleroma -s $SHELL -lc " +mv /tmp/release/* /opt/pleroma +rmdir /tmp/release +rm /tmp/pleroma.zip +" +mkdir -p /var/lib/pleroma/uploads +chown -R pleroma /var/lib/pleroma +mkdir -p /etc/pleroma +chown -R pleroma /etc/pleroma + +# Configure and set up DB. +su pleroma -s $SHELL -lc "./bin/pleroma_ctl instance gen \ +--output /etc/pleroma/config.exs \ +--output-psql /tmp/setup_db.psql \ +--domain ${domain} \ +--instance-name plom-roma \ +--admin-email ${mail} \ +--notify-email ${mail} \ +--dbhost localhost \ +--dbname pleroma \ +--dbuser pleroma \ +--db-configurable N \ +--rum N \ +--indexable Y \ +--uploads-dir /var/lib/pleroma/uploads \ +--static-dir /var/lib/pleroma/static \ +--listen-ip 127.0.0.1 \ +--listen-port 4000 \ +--dbpass $(pwgen -s 100 1)" +su postgres -s $SHELL -lc "psql -f /tmp/setup_db.psql" +su pleroma -s $SHELL -lc "./bin/pleroma_ctl migrate" + +# Since the OTP release does not support .secret.exs configuration +# files, we hack our own alternative by simply appending custom +# configurations to /etc/config.exs. +cat "${config_tree_prefix}/other_files/append_pleroma_config" >> /etc/pleroma/config.exs + +# Single-pixel picture hack for removing Pleroma FE images. +cp "${config_tree_prefix}/other_files/pixel.png" /var/lib/pleroma/static/ +chown pleroma:nogroup /var/lib/pleroma/static/pixel.png + +# Info panel and TOS. +#mkdir -p /var/lib/pleroma/static/instance +#mkdir -p /var/lib/pleroma/static/static +#cp "${config_tree_prefix}/other_files/pleroma_panel.html" /var/lib/pleroma/static/instance/panel.html +#cp "${config_tree_prefix}/other_files/pleroma_terms-of-service.html" /var/lib/pleroma/static/static/terms-of-service.html +#cp "${config_tree_prefix}/other_files/pleroma_robots.txt" /var/lib/pleroma/static/robots.txt + +# Hack to fix <https://git.pleroma.social/pleroma/pleroma/issues/1616> +curl https://git.pleroma.social/pleroma/pleroma/-/raw/4271cfb81a8983f5ec6a878cab1fb3fbd164245d/priv/static/static/static-fe.css?inline=false >> /var/lib/pleroma/static/static/static-fe.css + +# Prepare NGINX config for Pleroma. +cp /opt/pleroma/installation/pleroma.nginx /etc/nginx/sites-available/pleroma.nginx +sed -i "s/example\.tld/${domain}/g" /etc/nginx/sites-available/pleroma.nginx +ln -s /etc/nginx/sites-available/pleroma.nginx /etc/nginx/sites-enabled/pleroma.nginx + +# Systemd integration. +cp /opt/pleroma/installation/pleroma.service /etc/systemd/system/pleroma.service +systemctl start pleroma +systemctl enable pleroma + +# Only restart NGINX with Pleroma running. +service nginx restart diff --git a/archived/buster/setup_scripts/setup_pleroma_source.sh b/archived/buster/setup_scripts/setup_pleroma_source.sh new file mode 100755 index 0000000..2385fb4 --- /dev/null +++ b/archived/buster/setup_scripts/setup_pleroma_source.sh @@ -0,0 +1,94 @@ +#!/bin/sh +set -e +set -x +# Heavily inspired by <https://docs-develop.pleroma.social/backend/installation/debian_based_en/> + +if [ "$#" -ne 2 ]; then + echo 'Need domain name, mail_address as arguments.' + false +fi +domain="$1" +mail="$2" + +# Install dependencies, configs, set up firewall. +config_tree_prefix="${HOME}/config/buster" +./install_for_target.sh web pleroma pleroma_source +./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" web pleroma +nft -f /etc/nftables.conf + +# Prepare user. +adduser --system --group --shell /bin/false --home /var/lib/pleroma pleroma + +# Setup Erlang. +wget -P /tmp/ https://packages.erlang-solutions.com/erlang-solutions_1.0_all.deb +dpkg -i /tmp/erlang-solutions_1.0_all.deb +apt update +apt -y install elixir erlang-dev erlang-tools erlang-parsetools erlang-eldap erlang-ssh erlang-xmerl + +mkdir -p /opt/pleroma +chown -R pleroma:pleroma /opt/pleroma +su pleroma -s $SHELL -lc 'git clone -b develop https://git.pleroma.social/pleroma/pleroma /opt/pleroma' +su pleroma -s $SHELL -lc 'mix local.hex --force' +su pleroma -s $SHELL -lc 'mix local.rebar --force' +su pleroma -s $SHELL -lc "cd /opt/pleroma &&\ +mix deps.get &&\ +mix pleroma.instance gen \ +--output config/generated_config.exs \ +--output-psql /tmp/setup_db.psql \ +--domain ${domain} \ +--instance-name plomroma \ +--admin-email ${mail} \ +--notify-email ${mail} \ +--dbhost localhost \ +--dbname pleroma \ +--dbuser pleroma \ +--db-configurable N \ +--rum N \ +--indexable Y \ +--uploads-dir /var/lib/pleroma/uploads \ +--static-dir /var/lib/pleroma/static \ +--listen-ip 127.0.0.1 \ +--listen-port 4000 \ +--dbpass $(pwgen -s 100 1) &&\ +mv config/{generated_config.exs,prod.secret.exs}" +su postgres -s $SHELL -lc 'psql -f /tmp/setup_db.psql' +su pleroma -s $SHELL -lc 'cd /opt/pleroma && MIX_ENV=prod mix ecto.migrate' + +# Add our own plom.exs and import it to prod.secret.exs +echo '' >> /opt/pleroma/config/prod.secret.exs +echo 'import_config "plom.exs"' >> /opt/pleroma/config/prod.secret.exs +echo 'import Config' > /opt/pleroma/config/plom.exs +cat "${config_tree_prefix}/other_files/append_pleroma_config" >> /opt/pleroma/config/plom.exs + +# Single-pixel picture hack for removing Pleroma FE images. +cp "${config_tree_prefix}/other_files/pixel.png" /var/lib/pleroma/static/ +chown pleroma:nogroup /var/lib/pleroma/static/pixel.png + +# Info panel and TOS. +#mkdir -p /var/lib/pleroma/static/instance +#mkdir -p /var/lib/pleroma/static/static +#cp "${config_tree_prefix}/other_files/pleroma_panel.html" /var/lib/pleroma/static/instance/panel.html +#cp "${config_tree_prefix}/other_files/pleroma_terms-of-service.html" /var/lib/pleroma/static/static/terms-of-service.html +#cp "${config_tree_prefix}/other_files/pleroma_robots.txt" /var/lib/pleroma/static/robots.txt + +# Upload directory. For some reason this does not exist yet here. +mkdir -p /var/lib/pleroma/uploads +chown pleroma:nogroup /var/lib/pleroma/uploads + +# Set up letsencrypt certificate. TODO: Is it auto-renewed? +ln -sf /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default +certbot --nginx --agree-tos --redirect --no-eff-email -m "${mail}" -d "${domain}" +rm /etc/nginx/sites-enabled/default + +# Prepare NGINX config for Pleroma. +cp /opt/pleroma/installation/pleroma.nginx /etc/nginx/sites-available/pleroma.nginx +sed -i "s/example\.tld/${domain}/g" /etc/nginx/sites-available/pleroma.nginx +ln -s /etc/nginx/sites-available/pleroma.nginx /etc/nginx/sites-enabled/pleroma.nginx + +# Systemd integration. +cp /opt/pleroma/installation/pleroma.service /etc/systemd/system/pleroma.service +systemctl start pleroma +systemctl enable pleroma + +# Only restart NGINX with Pleroma running. +service nginx restart diff --git a/archived/buster/setup_scripts/setup_seedbox.sh b/archived/buster/setup_scripts/setup_seedbox.sh new file mode 100755 index 0000000..32c7791 --- /dev/null +++ b/archived/buster/setup_scripts/setup_seedbox.sh @@ -0,0 +1,12 @@ +#!/bin/sh +set -e + +./install_for_target.sh seedbox + +# As according to <https://rtorrent-docs.readthedocs.io/en/latest/cookbook.html#modernized-configuration-template> +su -lc "curl -Ls 'https://raw.githubusercontent.com/wiki/rakshasa/rtorrent/CONFIG-Template.md' | grep -A9999 '^######' | grep -B9999 '^### END' | sed -re \"s:/home/USERNAME:\$HOME:\" >~/.rtorrent.rc" plom +su -lc "mkdir ~/rtorrent" plom + +# As according to <https://unix.stackexchange.com/a/475485> +chmod u+s /usr/bin/screen +chmod 755 /var/run/screen diff --git a/archived/buster/setup_scripts/setup_server.sh b/archived/buster/setup_scripts/setup_server.sh new file mode 100755 index 0000000..fa4cc6e --- /dev/null +++ b/archived/buster/setup_scripts/setup_server.sh @@ -0,0 +1,26 @@ +#!/bin/sh +# Next setup steps for a server whose login policy has just been set from +# the outside via ./init_user_and_keybased_login.sh. +set -e + +# Provide maximum input for set_hostname_and_fqdn.sh. +if [ "$#" -lt 2 ]; then + echo 'Need exactly two arguments (hostname, FQDN).' + false +fi +hostname="$1" +fqdn="$2" +additional_arg="$3" + +# Set up system without user environment. +config_tree_prefix="${HOME}/config/buster" +setup_scripts_dir="${config_tree_prefix}/setup_scripts" +cd "${setup_scripts_dir}" +./setup.sh "${hostname}" "${fqdn}" server "${additional_arg}" + +# If we have not yet set the shell for user plom, ensure it here. This +# is mostly for convenience. +usermod -s /bin/bash plom + +# Enable firewall. +systemctl enable nftables.service diff --git a/archived/buster/setup_scripts/setup_website.sh b/archived/buster/setup_scripts/setup_website.sh new file mode 100755 index 0000000..d1dc91d --- /dev/null +++ b/archived/buster/setup_scripts/setup_website.sh @@ -0,0 +1,137 @@ +#!/bin/sh +set -e + +if [ "$#" -ne 4 ] && [ "$#" -ne 5 ]; then + echo 'Need domain name and mail and key ID and init state and possibly old server IP as argument.' + false +fi +if [ ! "$4" = "copy" ] && [ ! "$4" = "new" ] && [ ! "$4" = "upgrade" ]; then + echo "Need init state to be either 'copy' or 'new' or 'upgrade'" + false +fi +if [ ! "$4" = "new" ] && [ "$#" -ne 5 ]; then + echo "With init state != 'new' need fifth argument old server IP." + false +fi +domain="$1" +mail="$2" +gpg_key="$3" +init_state="$4" +old_server="$5" + +# NOTE: init_state=upgrade is for migration from older stretch server setup + +# Install configs, set up firewall. +config_tree_prefix="${HOME}/config/buster" +./install_for_target.sh web website +./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" web website +nft -f /etc/nftables.conf + +# Set up letsencrypt certificate. TODO: Is it auto-renewed? +ln -sf /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default +certbot --nginx --agree-tos --redirect --no-eff-email -m "${mail}" -d "${domain}" +rm /etc/nginx/sites-enabled/default + +# Set up connection to old server. +if [ ! "${init_state}" = "new" ]; then + cp "${config_tree_prefix}/setup_scripts/prepare_to_meet_server.sh" /home/plom/ + chown plom:plom /home/plom/prepare_to_meet_server.sh + su -lc "./prepare_to_meet_server.sh ${old_server}" plom + read -p'Hit Enter when you are done.' ignore + rm /home/plom/prepare_to_meet_server.sh +fi + +# Set up repos dir. +# To use this dir, "git clone --mirror" repo source paths into it as user plom. +# As user plom, touch git-daemon-export-ok files into it to make the repo +# publically available. +if [ "${init_state}" = "new" ]; then + mkdir /var/repos + chown plom:plom /var/repos +else + cp "${config_tree_prefix}/setup_scripts/mirror_dir.sh" /home/plom/ + chmod a+w /var + if [ "${init_state}" = "copy" ]; then + su -lc "./mirror_dir.sh ${old_server} /var/repos" plom + else + su -lc "./mirror_dir.sh ${old_server} /var/public_repos" plom + fi + chmod a-w /var + rm /home/plom/mirror_dir.sh +fi + +# Prepare NGINX and GitWeb config. +sed -i "s/REPLACE_fqdn_ECALPER/${domain}/g" /etc/gitweb.conf +sed -i "s/REPLACE_fqdn_ECALPER/${domain}/g" /etc/nginx/sites-available/website.nginx +ln -s /etc/nginx/sites-available/website.nginx /etc/nginx/sites-enabled/website.nginx + +# Set up website. TODO: use non-/var/www dir for better separation to dump site +rm -rf /var/www +mkdir /var/www +chown plom:plom /var/www +if [ "${init_state}" = "upgrade" ]; then + # This assumes the old core.plomlompom.com filesystem hierarchy. + su -lc "cd /var/repos && git clone --mirror plom@core.plomlompom.com:repos/website" plom +elif [ "${init_state}" = "new" ]; then + su -lc "cd /var/repos && git init --bare website.git" plom +fi +cp "${config_tree_prefix}/other_files/website_hook_post-receive" /var/repos/website.git/hooks/post-receive +su -lc 'cd /var/www && git clone /var/repos/website.git .' plom + +# Add encryption key. +keyservers='sks-keyservers.net/ keys.gnupg.net' +set +e +while true; do + do_break=0 + for keyserver in $(echo "${keyservers}"); do + su plom -c "gpg --no-tty --keyserver $keyserver --recv-key ${gpg_key}" + if [ $? -eq "0" ]; then + do_break=1 + break + fi + echo "Attempt with keyserver ${keyserver} unsuccessful, trying other." + done + if [ "${do_break}" -eq "1" ]; then + break + fi +done +set -e + +# Set up plomlombot. +irclogs_dir=/var/www/html/irclogs +irclogs_pw_dir=/var/www/irclogs_pw +mkdir -p "${irclogs_dir}" +chown -R plom:plom "${irclogs_dir}" +mkdir -p "${irclogs_pw_dir}" +chown -R plom:plom "${irclogs_pw_dir}" +if [ "${init_state}" = "new" ]; then + # Handle the case that the repo is in the old pre-buster server setup â + # even then, the URL should be the same. + su -lc "cd /var/repos && git clone --mirror https://plomlompom.com/repos/clone/plomlombot-irc" plom + su -lc "touch /var/repos/plomlombot-irc.git/git-daemon-export-ok" plom + cp "${config_tree_prefix}/other_files/plomlombot_hook_post-receive" /var/repos/plomlombot-irc.git/hooks/post-receive +fi +su -lc "git clone /var/repos/plomlombot-irc.git" plom +cp "${config_tree_prefix}/other_files/plomlombot_daemon.sh" /home/plom/ +chown plom:plom /home/plom/plomlombot_daemon.sh +if [ "${init_state}" = "new" ]; then + echo 'bot: plomlombog plomlombog #plomlomtest irc.freenode.net foo bar' >> /home/plom/.plomlombot + chown plom:plom /home/plom/.plomlombot +else + cp "${config_tree_prefix}/setup_scripts/mirror_dir.sh" /home/plom/ + su -lc "./mirror_dir.sh ${old_server} /home/plom/plomlombot_db" plom + rm /home/plom/mirror_dir.sh + su -lc "scp plom@${old_server}:.plomlombot ~" plom + su -lc "ssh plom@${old_server} \"su -lc 'service plomlombot stop'\"" plom +fi +systemctl enable plomlombot.service +service plomlombot start + +# In the above step, we might have created a root-owned /var/www/html â +# fix this here. +chown -R plom:plom /var/www/html + +# TODO: +# - rename /home/plom/public_repos to /home/plom/repos + +service nginx restart diff --git a/archived/buster/setup_scripts/update_pleroma_source.sh b/archived/buster/setup_scripts/update_pleroma_source.sh new file mode 100755 index 0000000..cf63eb8 --- /dev/null +++ b/archived/buster/setup_scripts/update_pleroma_source.sh @@ -0,0 +1,9 @@ +#!/bin/sh +set -e +set -x + +# Heavily inspired by <https://docs-develop.pleroma.social/backend/administration/updating/> +su pleroma -s $SHELL -lc 'cd /opt/pleroma && git pull && mix deps.get' +service pleroma stop +su pleroma -s $SHELL -lc 'MIX_ENV=prod cd /opt/pleroma && mix ecto.migrate' +service pleroma start diff --git a/archived/buster/setup_scripts/upgrade_peertube.sh b/archived/buster/setup_scripts/upgrade_peertube.sh new file mode 100755 index 0000000..2f434a7 --- /dev/null +++ b/archived/buster/setup_scripts/upgrade_peertube.sh @@ -0,0 +1,48 @@ +#!/bin/sh +set -e + +# Heavily inspired by +# <https://docs.joinpeertube.org/#/install-any-os?id=upgrade> + +# backup DB +SQL_BACKUP_PATH="backup/sql-peertube_prod-$(date -Im).bak" +cd /var/www/peertube/ +su peertube -c 'mkdir -p backup' +su postgres -c "pg_dump -F c peertube_prod" | su peertube -c "tee ${SQL_BACKUP_PATH}" > /dev/null + +# Get new PeerTube version. +VERSION=$(curl -s https://api.github.com/repos/chocobozzz/peertube/releases/latest | grep tag_name | cut -d '"' -f 4) && echo "Latest Peertube version is $VERSION" +cd /var/www/peertube/versions +su peertube -c "wget -q \"https://github.com/Chocobozzz/PeerTube/releases/download/${VERSION}/peertube-${VERSION}.zip\"" +su peertube -c "unzip -o peertube-${VERSION}.zip && rm peertube-${VERSION}.zip" + +# Yarn new PeerTube. +su -l peertube -c "cd /var/www/peertube/versions/peertube-${VERSION} && yarn install --production --pure-lockfile" + +# Copy new default.yaml (TODO: find out what it does) +su peertube -c "cp /var/www/peertube/versions/peertube-${VERSION}/config/default.yaml /var/www/peertube/config/default.yaml" + +set +e +echo +echo "Check differences between new and old production.yaml[.example]" +diff /var/www/peertube/versions/peertube-${VERSION}/config/production.yaml.example /var/www/peertube/config/production.yaml +echo +set -e + +# Link new PeerTube as latest one. +cd /var/www/peertube +unlink ./peertube-latest +su peertube -c "ln -s versions/peertube-${VERSION} ./peertube-latest" + +set +e +echo +echo "Check differences between new and old NGINX files" +cd /var/www/peertube/versions +diff "$(ls --sort=t | head -2 | tail -1)/support/nginx/peertube" "$(ls --sort=t | head -1)/support/nginx/peertube" +echo +echo "Check differences between new and old systemd unit files" +diff "$(ls --sort=t | head -2 | tail -1)/support/systemd/peertube.service" "$(ls --sort=t | head -1)/support/systemd/peertube.service" +echo +set -e + +service peertube restart diff --git a/archived/dotfiles/minimal/bashrc b/archived/dotfiles/minimal/bashrc new file mode 100644 index 0000000..4a80025 --- /dev/null +++ b/archived/dotfiles/minimal/bashrc @@ -0,0 +1,9 @@ +# Bash as a non-login shell in non-POSIX-mode does not read in the startup +# script at the path in $ENV. This forces it to still read in the ~/.shinit +# startup script for non-login shells. + +. ~/.shinit + +export NVM_DIR="$HOME/.nvm" +[ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" # This loads nvm +[ -s "$NVM_DIR/bash_completion" ] && \. "$NVM_DIR/bash_completion" # This loads nvm bash_completion diff --git a/archived/dotfiles/minimal/gitconfig b/archived/dotfiles/minimal/gitconfig new file mode 100644 index 0000000..5cdc162 --- /dev/null +++ b/archived/dotfiles/minimal/gitconfig @@ -0,0 +1,3 @@ +[user] + name = Christian Heller + email = c.heller@plomlompom.de diff --git a/archived/dotfiles/minimal/profile b/archived/dotfiles/minimal/profile new file mode 100644 index 0000000..c39fc53 --- /dev/null +++ b/archived/dotfiles/minimal/profile @@ -0,0 +1,8 @@ +# Initialization for login shells. + +# Tell interactive shells to look in ~/.shinit for setup. +ENV=$HOME/.shinit +export ENV +. $ENV + +export PATH="$HOME/.cargo/bin:$PATH" diff --git a/archived/dotfiles/minimal/shinit b/archived/dotfiles/minimal/shinit new file mode 100644 index 0000000..25d1396 --- /dev/null +++ b/archived/dotfiles/minimal/shinit @@ -0,0 +1,37 @@ +# Settings for interactive shells. + +# Ensure shell truly is interactive to avoid confusing non-interactive shells. +if [[ $- == *i* ]]; then + + # Fancy colors for ls. + alias ls="ls --color=auto" + + # Use vim as default editor for anything. + export VISUAL=vim + export EDITOR=$VISUAL + + # Colored prompt with username, hostname, date/time, directory. + colornumber=7 # Default to white if no color set via colornumber dotfile. + colornumber_file=~/.shinit_color + if [ -f $colornumber_file ]; then + colornumber=`cat $colornumber_file` + fi + tput_color="$(tput setaf $colornumber)$(tput bold)" + tput_reset="$(tput sgr0)" + # Bash confuses the line length when not told to not count escape sequences. + if [ ! "$BASH" = "" ]; then + tput_color="\[$tput_color\]" + tput_reset="\[$tput_reset\]" + fi + PS1="${tput_color}["\$\(date\ +%Y-%m-%d/%H:%M:%S/%Z\)" $USER@$(hostname):"\$\(pwd\)"]$ $tput_reset" + PS2="${tput_color}> $tput_reset" + PS3="${tput_color}select: $tput_reset" + PS4="${tput_color}+ $tput_reset" + + # Add local additions. + local_shinit_file=~/.shinit_add + if [ -f $local_shinit_file ]; then + . $local_shinit_file + fi + +fi diff --git a/archived/dotfiles/minimal/vimrc b/archived/dotfiles/minimal/vimrc new file mode 100644 index 0000000..8c923e6 --- /dev/null +++ b/archived/dotfiles/minimal/vimrc @@ -0,0 +1,30 @@ +" Activate syntax highlighting. +syntax on +filetype plugin on + +" Number lines. +set number + +"" Don't add unsolicited final newline. +"set binary + +" Indentation rules (tabs to 4 spaces). +set expandtab +set shiftwidth=2 +set softtabstop=2 + +" Backups. +set backup +set backupdir=~/.vimbackups +let myvar = strftime("%Y-%m-%d_%H-%M-%S") +let myvar = "set backupext=_". myvar +execute myvar + +" Keep syntax highlighting healthy. +autocmd BufEnter * :syntax sync fromstart + +" Mark the 80-th column. +set colorcolumn=80 + +" Source additions +source ~/.vimrc_add diff --git a/archived/dotfiles/root/shinit_color b/archived/dotfiles/root/shinit_color new file mode 100644 index 0000000..d00491f --- /dev/null +++ b/archived/dotfiles/root/shinit_color @@ -0,0 +1 @@ +1 diff --git a/archived/dotfiles/root/vimrc_add b/archived/dotfiles/root/vimrc_add new file mode 100644 index 0000000..e69de29 diff --git a/archived/dotfiles/user/server/minimal/mailfilter b/archived/dotfiles/user/server/minimal/mailfilter new file mode 100644 index 0000000..ca0ef47 --- /dev/null +++ b/archived/dotfiles/user/server/minimal/mailfilter @@ -0,0 +1,25 @@ +DEFAULT="$HOME/mail/new_inbox/" +logfile "$HOME/.mailfilter.log" + +if ( /^To: .*heller@talon\.one.*/:D || /^Subject: .*Talon*/:D ) +{ + DIR="$HOME/mail/talonone/" + `mkdir -p $DIR/{cur,new,tmp}` + to $DIR +} + +if ( /^Subject: Postfix SMTP server: errors from /:D && \ + /^From: Mail Delivery System <MAILER-DAEMON@plomlompom\.com>/:D && \ + /^To: Postmaster <postmaster@plomlompom\.com>/:D ) +{ + DIR="$HOME/mail/new_postfix_smtp_server_errors_from/" + `mkdir -p $DIR/{cur,new,tmp}` + to $DIR +} + +if ( /^From: \"Nebenan\.de\" \<noreply@nebenan\.de\>/:D ) +{ + DIR="$HOME/mail/nebenan_de/" + `mkdir -p $DIR/{cur,new,tmp}` + to $DIR +} diff --git a/archived/dotfiles/user/server/minimal/muttrc b/archived/dotfiles/user/server/minimal/muttrc new file mode 100644 index 0000000..d87fc08 --- /dev/null +++ b/archived/dotfiles/user/server/minimal/muttrc @@ -0,0 +1,66 @@ +# plomlompom's mutt configuration file + +# Define mailboxes. +set mbox_type=Maildir +set folder=/home/plom/mail +set spoolfile=$folder/inbox +set mbox=$folder/archive +set record=$folder/sent +set postponed=$folder/postponed + +# Move read messages from $spoolfile to $mbox. +set move=yes + +# Macro to a mailboxes view built from all folders below ~/mail. +macro index,pager y <change-folder>?<toggle-mailboxes> +mailboxes `ls /home/plom/mail | sed -e 's/^/=/' | tr "\n" " "` + +# What goes into the default header display. +ignore * +unignore from: subject to cc date + +# Force some variables for From: and Message-ID: generation. +set realname="Christian Heller" + +# Allow me to reply myself. +set reply_self = yes + +# Only scroll in the current message, not across messages. +set pager_stop = yes + +# Sort message top-down new-old. +set sort=reverse-date + +# Ensure visibility of attachments. The second line handles (in an ugly way) the +# issue of mails that use the content-type of multipart/alternative wrongly, by +# omitting from the text/plain alternative relevant multimedia files attached to +# the multipart/related alternative that contains text/html and said files. This +# will in certain cases make the pager default to displaying the HTML variant of +# a mail when a plain text one is available, but this is preferable to hiding +# potentially important attachments. +set index_format="%4C %Z %?X?[%X]& ? %{%b %d} %-15.15L (%?l?%4l&%4c?) %s" +alternative_order multipart/related text/plain text/html + +# Defaults from /usr/share/doc/mutt/examples/gpg.rc +set pgp_decode_command="gpg --status-fd=2 %?p?--passphrase-fd 0? --no-verbose --quiet --batch --output - %f" +set pgp_verify_command="gpg --status-fd=2 --no-verbose --quiet --batch --output - --verify %s %f" +set pgp_decrypt_command="gpg --status-fd=2 %?p?--passphrase-fd 0? --no-verbose --quiet --batch --output - %f" +set pgp_sign_command="gpg --no-verbose --batch --quiet --output - %?p?--passphrase-fd 0? --armor --detach-sign --textmode %?a?-u %a? %f" +set pgp_clearsign_command="gpg --no-verbose --batch --quiet --output - %?p?--passphrase-fd 0? --armor --textmode --clearsign %?a?-u %a? %f" +set pgp_encrypt_only_command="/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust -- -r %r -- %f" +set pgp_encrypt_sign_command="/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust -- -r %r -- %f" +set pgp_import_command="gpg --no-verbose --import %f" +set pgp_export_command="gpg --no-verbose --export --armor %r" +set pgp_verify_key_command="gpg --verbose --batch --fingerprint --check-sigs %r" +set pgp_list_pubring_command="gpg --no-verbose --batch --quiet --with-colons --list-keys %r" +set pgp_list_secring_command="gpg --no-verbose --batch --quiet --with-colons --list-secret-keys %r" +set pgp_good_sign="^\\[GNUPG:\\] GOODSIG" + +# Further stuff from http://codesorcery.net/old/mutt/mutt-gnupg-howto +set pgp_autosign=yes +set pgp_sign_as=0x98F64A5F +set pgp_replyencrypt=yes +set pgp_timeout=1800 + +# Promoting my public key. +my_hdr X-PGP-Key: https://dump.plomlompom.com/dump/plomlompom.asc diff --git a/archived/dotfiles/user/server/minimal/vimrc_add b/archived/dotfiles/user/server/minimal/vimrc_add new file mode 100644 index 0000000..e69de29 diff --git a/archived/dotfiles/user/server/personal/minimal/getmail/getmailrc b/archived/dotfiles/user/server/personal/minimal/getmail/getmailrc new file mode 100644 index 0000000..0f89085 --- /dev/null +++ b/archived/dotfiles/user/server/personal/minimal/getmail/getmailrc @@ -0,0 +1,17 @@ +# plomlompom's getmail configuration + +# Where and how to get mail from. +[retriever] +type = SimplePOP3SSLRetriever +server = mail.klostein.com +username = c.heller@plomlompom.de + +# Let procmail take charge of incoming mail. Use user-defined rc file. +[destination] +type = MDA_external +path = /usr/bin/procmail +arguments = ("-m", "/home/plom/.procmailrc") + +# Delete retrieved mail from server. +[options] +delete = false diff --git a/archived/dotfiles/user/server/personal/minimal/procmailrc b/archived/dotfiles/user/server/personal/minimal/procmailrc new file mode 100644 index 0000000..91bcd36 --- /dev/null +++ b/archived/dotfiles/user/server/personal/minimal/procmailrc @@ -0,0 +1,72 @@ +# plomlompom's procmail configuration + +MAILDIR=/home/plom/mail +DEFAULT=$MAILDIR/inbox/ + +:0 +* ^To: Bisdahin <termin@bisdahin.de> +bisdahin/ + +:0 +* ^From: Doodle <mailer@doodle.com> +doodle/ + +:0 +* ^From: FetLife <donotreply@fetlifemail\.com> +fetlife/ + +:0 +* ^From: Flattr <no-reply@flattr.com> +flattr/ + +:0 +* ^From: noreply@statusnetondemand.net +identica/ + +:0 +* ^From: .*@linkedin\.com +linkedin/ + +:0 +* ^To: .*forum@detrans.de +ML-detrans/ + +:0 +* ^To: .*liste-ff-medien@gruene-jugend.de +ML-gj-medien/ + +:0 +* ^To: wann-klettern-wir@googlegroups\.com +ML-klettern/ + +:0 +* ^Subject: \[schildower-kreis-info\] +schildower_kreis/ + +:0 +* ^Subject: .*\[reflect-info\] +reflect-info/ + +:0 +* ^To: .*st-berlin@smjg.org +ML-smjg-berlin/ + +:0 +* ^Subject: Logwatch for plomlompom\.com \(Linux\) +serverlogs/ + +:0 +* ^Subject: ***SPAM*** +spam-suspect/ + +:0 +* ^Subject: .*talon.* +talonone/ + +:0 +* ^From: Twitter +twitter/ + +:0 +* ^From: Computerspielemuseum +computerspielemuseum/ diff --git a/archived/dotfiles/user/server/personal/minimal/shinit_add b/archived/dotfiles/user/server/personal/minimal/shinit_add new file mode 100644 index 0000000..02d6a99 --- /dev/null +++ b/archived/dotfiles/user/server/personal/minimal/shinit_add @@ -0,0 +1,4 @@ +# Server-specific .shinit additions. + +# Wrapper for weechat to force local config file on it anew on each run. +alias weechat="~/config/bin/weechat-wrapper.sh" diff --git a/archived/dotfiles/user/server/personal/minimal/weechatrc b/archived/dotfiles/user/server/personal/minimal/weechatrc new file mode 100644 index 0000000..3601d48 --- /dev/null +++ b/archived/dotfiles/user/server/personal/minimal/weechatrc @@ -0,0 +1,13 @@ +/set logger.file.path ~/weechatlogs +/set logger.file.flush_delay 0 +/script install otr.py +/set weechat.bar.status.items "[time],[buffer_last_number],[buffer_plugin],buffer_number+:+buffer_name+(buffer_modes)+{buffer_nicklist_count}+buffer_zoom+buffer_filter,[lag],[hotlist],completion,scroll,[otr]" +/set weechat.color.chat_nick_colors "lightcyan" +/server add localhost localhost +/connect localhost +/server del freenode +/server add freenode irc.freenode.net -nicks=plomlompom,plomlomp0m,ploml0mp0m,pl0ml0mp0m -realname="Christian Heller" -autojoin=#nodrama.de,#twitter.de,#freie-gesellschaft,#zrolaps,#twtxt,#freakazoid,#nodrama.finance,#unordentlich +/server add rizon irc.rizon.net -nicks=AlfredEdel,AlfredEde1,A1fredEdel,A1fredEde1 -autojoin=#8chan-deutsch,#mememagic -username=foo +/server add quakenet irc.quakenet.org -nicks=plomlompom,plomlomp0m,ploml0mp0m,pl0ml0mp0m -realname="Christian Heller" -autojoin=#rgrd +/connect freenode +/connect rizon diff --git a/archived/dotfiles/user/server/personal/plomlompom.com/shinit_color b/archived/dotfiles/user/server/personal/plomlompom.com/shinit_color new file mode 100644 index 0000000..b8626c4 --- /dev/null +++ b/archived/dotfiles/user/server/personal/plomlompom.com/shinit_color @@ -0,0 +1 @@ +4 diff --git a/archived/dotfiles/user/server/personal/test.plomlompom.com/shinit_color b/archived/dotfiles/user/server/personal/test.plomlompom.com/shinit_color new file mode 100644 index 0000000..00750ed --- /dev/null +++ b/archived/dotfiles/user/server/personal/test.plomlompom.com/shinit_color @@ -0,0 +1 @@ +3 diff --git a/archived/dotfiles/user/server/public/shinit_add b/archived/dotfiles/user/server/public/shinit_add new file mode 100644 index 0000000..6db1bac --- /dev/null +++ b/archived/dotfiles/user/server/public/shinit_add @@ -0,0 +1,4 @@ +# Server-specific .shinit additions. + +# Golang dev environment +export GOPATH=~/gopath diff --git a/archived/dotfiles/user/server/public/shinit_color b/archived/dotfiles/user/server/public/shinit_color new file mode 100644 index 0000000..1e8b314 --- /dev/null +++ b/archived/dotfiles/user/server/public/shinit_color @@ -0,0 +1 @@ +6 diff --git a/archived/dotfiles/user/thinkpad/W530/Xresources-local b/archived/dotfiles/user/thinkpad/W530/Xresources-local new file mode 100644 index 0000000..c0418e5 --- /dev/null +++ b/archived/dotfiles/user/thinkpad/W530/Xresources-local @@ -0,0 +1,40 @@ +! font size +XTerm*faceSize: 8 +xterm*VT100*faceSize1: 7 +xterm*VT100*faceSize2: 8 +xterm*VT100*faceSize3: 9 +xterm*VT100*faceSize4: 10 +xterm*VT100*faceSize5: 12 +xterm*VT100*faceSize6: 15 + +! black +*color0: #202020 +*color8: #3F3F3F + +! red +*color1: #A82020 +*color9: #E82020 + +! green +*color2: #20A820 +*color10: #20E820 + +! yellow +*color3: #A8A820 +*color11: #E8E820 + +! blue +*color4: #3F3FFF +*color12: #9F9FFF + +! magenta +*color5: #A83FFF +*color13: #E89FFF + +! cyan +*color6: #3FA8FF +*color14: #9FE8FF + +! white +*color7: #A8A8A8 +*color15: #E8E8E8 diff --git a/archived/dotfiles/user/thinkpad/W530/i3status.conf b/archived/dotfiles/user/thinkpad/W530/i3status.conf new file mode 100644 index 0000000..f566ffe --- /dev/null +++ b/archived/dotfiles/user/thinkpad/W530/i3status.conf @@ -0,0 +1,88 @@ +# plomlompom's i3 status bar configuration + +# Activate colors; set update interval of one second. +general { + colors = true + interval = 1 +} + +# Selection / order of status elements. +order += "disk /" +order += "disk /home" +order += "wireless wlp3s0" +order += "ethernet enp0s25" +order += "battery 0" +order += "cpu_usage" +order += "load" +order += "cpu_temperature 0" +order += "cpu_temperature 1" +order += "time" +order += "volume master" + +# How much space is left in / ? +disk "/" { + format = "/: %avail available of %total" + separator_block_width = 10 +} + +# How much space is left in /home ? +disk "/home" { + format = "/home: %avail available of %total" + separator_block_width = 40 +} + + +# WLAN status: show IP and connection quality or "down". +wireless wlp3s0 { + format_up = "w: (%quality at %essid) %ip" + format_down = "w: down" + separator_block_width = 10 +} + +# Ethernet status: show IP or "down". +ethernet enp0s25 { + format_up = "e: %ip" + format_down = "e: down" + separator_block_width = 40 +} + +# Battery status: show FULL/CHARGING/BATTERY, storage, time left. +battery 0 { + format = "b: %status %percentage %remaining" + separator_block_width = 40 +} + +# Show CPU usage. +cpu_usage { + format = "cpu: %usage" + separator_block_width = 10 +} + +# Show system load during last 1/5/15 minutes. +load { + format = "%1min %5min %15min" + separator_block_width = 40 +} + +# Show CPU temperature in degrees of celsius. +cpu_temperature 0 { + format = "%degrees °C" + separator_block_width = 10 +} +cpu_temperature 1 { + format = "%degrees °C" + separator_block_width = 40 +} + +# Show date/time/timezone as "year-month-day hour:minute:second +# timezone_numeric/timezone_alphabetic". +time { + format = "%Y-%m-%d %H:%M:%S %z/%Z" + separator_block_width = 40 +} + +volume master { + format = "âª: %volume" + format_muted = "âª: muted (%volume)" + separator_block_width = 40 +} diff --git a/archived/dotfiles/user/thinkpad/X200s/Xresources-local b/archived/dotfiles/user/thinkpad/X200s/Xresources-local new file mode 100644 index 0000000..32c741c --- /dev/null +++ b/archived/dotfiles/user/thinkpad/X200s/Xresources-local @@ -0,0 +1,34 @@ +! font size +XTerm*faceSize: 8 + +! black +*color0: #000000 +*color8: #3F3F3F + +! red +*color1: #BF0000 +*color9: #FF0000 + +! green +*color2: #00BF00 +*color10: #00FF00 + +! yellow +*color3: #BFBF00 +*color11: #FFFF00 + +! blue +*color4: #3F3FFF +*color12: #9F9FFF + +! magenta +*color5: #BF3FFF +*color13: #FFF9FF + +! cyan +*color6: #3FBFFF +*color14: #9FFFFF + +! white +*color7: #BFBFBF +*color15: #FFFFFF diff --git a/archived/dotfiles/user/thinkpad/X200s/i3status.conf b/archived/dotfiles/user/thinkpad/X200s/i3status.conf new file mode 100644 index 0000000..dcc1ad0 --- /dev/null +++ b/archived/dotfiles/user/thinkpad/X200s/i3status.conf @@ -0,0 +1,62 @@ +# plomlompom's i3 status bar configuration + +# Activate colors; set update interval of one second. +general { + colors = true + interval = 1 +} + +# Selection / order of status elements. +order += "disk /" +order += "disk /home" +order += "wireless wls1" +order += "ethernet enp0s25" +order += "battery 0" +order += "cpu_temperature 0" +order += "load" +order += "time" + +# How much space is left in / ? +disk "/" { + format = "%free" +} + +# How much space is left in /home ? +disk "/home" { + format = "%free" +} + + +# WLAN status: show IP and connection quality or "down". +wireless wls1 { + format_up = "W: (%quality at %essid) %ip" + format_down = "W: down" +} + +# Ethernet status: show IP or "down". +ethernet enp0s25 { + format_up = "E: %ip" + format_down = "E: down" +} + +# Battery status: show FULL/CHARGING/BATTERY, storage, time left. +battery 0 { + format = "%status %percentage %remaining" +} + +# Show CPU temperature in degrees of celsius. +cpu_temperature 0 { + format = "T: %degrees °C" +} + +# Show system load during last 1/5/15 minutes. +load { + format = "L: %1min %5min %15min" +} + +# Show date/time/timezone as "year-month-day hour:minute:second +# timezone_numeric/timezone_alphabetic". +time { + + format = "%Y-%m-%d %H:%M:%S %z/%Z" +} diff --git a/archived/dotfiles/user/thinkpad/minimal/Xresources b/archived/dotfiles/user/thinkpad/minimal/Xresources new file mode 100644 index 0000000..a7d31f3 --- /dev/null +++ b/archived/dotfiles/user/thinkpad/minimal/Xresources @@ -0,0 +1,7 @@ +! font +XTerm*faceName: -misc-fixed-medium-r-normal--13-120-75-75-C-70-iso10646-1 +XTerm*reverseVideo: on +XTerm*visualBell: on + +! proper ALT as META key treatment +XTerm*eightBitInput: false diff --git a/archived/dotfiles/user/thinkpad/minimal/i3 b/archived/dotfiles/user/thinkpad/minimal/i3 new file mode 100644 index 0000000..d388a23 --- /dev/null +++ b/archived/dotfiles/user/thinkpad/minimal/i3 @@ -0,0 +1,84 @@ +# plomlompom's i3-wm configuration + +# Font for i3 text +font pango:Terminus 11px +#font -misc-fixed-medium-r-normal--13-120-75-75-C-70-iso10646-1 + +# Force "tabbed" as default layout for new windows. +workspace_layout tabbed + +# Make the Windows key the modifier key for all i3-wm actions. +set $mod Mod4 +floating_modifier $mod + +# Launch xterm. +bindsym $mod+Return exec xterm -r + +# Launch programs via dmenu. +bindsym $mod+d exec dmenu_run +bindsym $mod+x exec dmenu_run + +# Kill window. +bindsym $mod+Shift+Q kill + +# Move focus between windows. +bindsym $mod+Left focus left +bindsym $mod+Down focus down +bindsym $mod+Up focus up +bindsym $mod+Right focus right + +# Don't move focus with mouse. +focus_follows_mouse no + +# Move windows. +bindsym $mod+Shift+Left move left +bindsym $mod+Shift+Down move down +bindsym $mod+Shift+Up move up +bindsym $mod+Shift+Right move right + +# Resize windows +bindsym $mod+h resize shrink width 1 px or 1 ppt +bindsym $mod+l resize grow width 1 px or 1 ppt +bindsym $mod+j resize shrink height +bindsym $mod+k resize grow height + +# Toggle fullscreen for focused window. +bindsym $mod+f fullscreen + +# Toggle floating of window, focus on floating or tabbed windows. +bindsym $mod+Shift+space floating toggle +bindsym $mod+space focus mode_toggle + +# Switch to workspace x. +bindsym $mod+1 workspace 1 +bindsym $mod+2 workspace 2 +bindsym $mod+3 workspace 3 +bindsym $mod+4 workspace 4 +bindsym $mod+5 workspace 5 +bindsym $mod+6 workspace 6 +bindsym $mod+7 workspace 7 +bindsym $mod+8 workspace 8 +bindsym $mod+9 workspace 9 +bindsym $mod+0 workspace 10 + +# Move window to workspace x. +bindsym $mod+Shift+exclam move workspace 1 +bindsym $mod+Shift+quotedbl move workspace 2 +bindsym $mod+Shift+section move workspace 3 +bindsym $mod+Shift+dollar move workspace 4 +bindsym $mod+Shift+percent move workspace 5 +bindsym $mod+Shift+ampersand move workspace 6 +bindsym $mod+Shift+slash move workspace 7 +bindsym $mod+Shift+parenleft move workspace 8 +bindsym $mod+Shift+parenright move workspace 9 +bindsym $mod+Shift+equal move workspace 10 + +# Reload i3 config file, restart (keeping sesion) i3, exit i3. +bindsym $mod+Shift+C reload +bindsym $mod+Shift+R restart +bindsym $mod+Shift+P exit + +# Select "i3status" as i3 status bar. +bar { + status_command i3status | ~/config/bin/i3status_wrapper.py +} diff --git a/archived/dotfiles/user/thinkpad/minimal/pentadactylrc b/archived/dotfiles/user/thinkpad/minimal/pentadactylrc new file mode 100644 index 0000000..5f62966 --- /dev/null +++ b/archived/dotfiles/user/thinkpad/minimal/pentadactylrc @@ -0,0 +1,20 @@ +set! browser.startup.page=3 +set! privacy.donottrackheader.enabled=true +set! network.cookie.lifetimePolicy=2 +set! browser.formfill.enable=false +set! browser.block.target_new_window=true +set! browser.download.lastDir=~/downloads +"set! javascript.enabled=false +"set! permissions.default.image=2 +set! general.useragent.override=foo +set! signon.rememberSignons=false +set! network.proxy.socks=localhost +set! network.proxy.socks_port=9999 +set! network.proxy.type=1 +set go=CMsbr +set showtabline=never +highlight Hint -append font: "Droid Sans Mono"; margin: 0em; padding: 0.1em; padding-right: 0.2em; +command plom open http://www.plomlompom.de/PlomWiki/plomwiki.php?title=Start +set fc=ignore +set ds=duckduckgo +set visualbell diff --git a/archived/dotfiles/user/thinkpad/minimal/shinit_color b/archived/dotfiles/user/thinkpad/minimal/shinit_color new file mode 100644 index 0000000..0cfbf08 --- /dev/null +++ b/archived/dotfiles/user/thinkpad/minimal/shinit_color @@ -0,0 +1 @@ +2 diff --git a/archived/dotfiles/user/thinkpad/minimal/vimrc_add b/archived/dotfiles/user/thinkpad/minimal/vimrc_add new file mode 100644 index 0000000..96acb52 --- /dev/null +++ b/archived/dotfiles/user/thinkpad/minimal/vimrc_add @@ -0,0 +1 @@ +" source ~/.vimrc_vimgo diff --git a/archived/dotfiles/user/thinkpad/minimal/xinitrc b/archived/dotfiles/user/thinkpad/minimal/xinitrc new file mode 100644 index 0000000..44d3822 --- /dev/null +++ b/archived/dotfiles/user/thinkpad/minimal/xinitrc @@ -0,0 +1,32 @@ +# X init configuration + +# Set keymap. +setxkbmap de + +# Read in X configuration. +xrdb -merge ~/.Xresources +xrdb -merge ~/.Xresources-local + +# Redshift to Berlin, Germany. +redshift -rl 53:13 & + +# Enforce QWERTZ. (Why twice?) +setxkbmap de + +# Use CapsLock as Ctrl, against the Emacs pinky. +setxkbmap -option caps:ctrl_modifier + +# Set up compose key. +xmodmap ~/.Xmodmap + +# Optionally, for certain Optimus systems with a first GPU connected to the +# display and a second (NVidia) GPU providing 3D acceleration, use the first GPU +# as sink for the second. This may confuse DPI settings, so re-set those. +if [ "${NVIDIA_DIRECT}" ]; then + xrandr --setprovideroutputsource modesetting NVIDIA-0 + xrandr --auto + xrandr --dpi 96 +fi + +# Launch window manager. +i3 -c ~/.i3 diff --git a/archived/jessie_postinstall.sh b/archived/jessie_postinstall.sh new file mode 100755 index 0000000..0b628e5 --- /dev/null +++ b/archived/jessie_postinstall.sh @@ -0,0 +1,338 @@ +#!/bin/sh +set -x +set -e + +if [ ! "$1" = "thinkpad" ] && [ ! "$1" = "server" ]; then + echo "Need argument." + false +fi +if [ "$1" = "thinkpad" ] && [ ! "$2" = "X200s" ] && [ ! "$2" = "T450s" ]; then + echo "Need Thinkpad type." + false +fi +if [ "$1" = "server" ] && [ ! "$2" = "personal" ] && [ ! "$2" = "public" ]; then + echo "Need server purpose." + false +fi +if [ "$2" = "personal" ] && [ ! "$3" = "test.plomlompom.com" ] && \ + [ ! "$3" = "plomlompom.com" ]; then + echo "Need server domain" + false +fi + +# Some important variables +if [ "$3" = "plomlompom.com" ]; then + hostname="plomlompom" +elif [ "$3" = "test.plomlompom.com" ]; then + hostname="test.plomlompom" +elif [ "$2" = "public" ]; then + hostname="htwtxt.plomlompom" +elif [ "$2" = "X200s" ]; then + hostname="X200s" +elif [ "$2" = "T450s" ]; then + hostname="T450s" +fi + +if [ "$1" = "server" ]; then + # Set root pw. + passwd +fi + +# Post-installation reduction. +dpkg-query -Wf '${Package} ${Priority}\n' | grep ' required' | sed \ + 's/ required//' > list_white_unsorted +echo 'ifupdown' >> list_white_unsorted +echo 'isc-dhcp-client' >> list_white_unsorted +sort list_white_unsorted > list_white +dpkg-query -Wf '${Package}\n' > list_all_packages +sort list_all_packages > foo +mv foo list_all_packages +comm -3 list_all_packages list_white > list_black +apt-mark auto `cat list_black` +echo 'APT::AutoRemove::RecommendsImportant "false";' > /etc/apt/apt.conf.d/99mindeps +echo 'APT::AutoRemove::SuggestsImportant "false";' >> /etc/apt/apt.conf.d/99mindeps +DEBIAN_FRONTEND=noninteractive apt-get -y --purge autoremove +rm list_all_packages list_white_unsorted list_white list_black +echo 'APT::Install-Recommends "false";' >> /etc/apt/apt.conf.d/99mindeps +echo 'APT::Install-Suggests "false";' >> /etc/apt/apt.conf.d/99mindeps + +# Set hostname and FQDN. +echo $hostname > /etc/hostname +hostname $hostname +if [ "$1" = "server" ]; then + echo '127.0.0.1 localhost' > /etc/hosts + ip=`hostname -I | cut -d " " -f 1` + echo "$ip $hostname.com $hostname" >> /etc/hosts + + # Call dhclient on startup. + cat > /etc/systemd/system/dhclient.service << EOF +[Unit] +Description=Ethernet connection + +[Service] +ExecStart=/sbin/dhclient eth0 + +[Install] +WantedBy=multi-user.target +EOF + systemctl enable /etc/systemd/system/dhclient.service +fi + +# Package management config, system upgrade. +echo 'deb http://ftp.debian.org/debian/ jessie main contrib non-free' \ + > /etc/apt/sources.list +echo 'deb http://security.debian.org/ jessie/updates main contrib non-free' \ + >> /etc/apt/sources.list +echo 'deb http://ftp.debian.org/debian/ jessie-updates main contrib non-free' \ + >> /etc/apt/sources.list +if [ "$1" = "thinkpad" ] || [ "$2" = "public" ]; then + echo 'deb http://ftp.debian.org/debian/ jessie-backports main contrib' \ +' non-free' >> /etc/apt/sources.list + echo 'deb http://ftp.debian.org/debian/ testing main contrib non-free' \ + >> /etc/apt/sources.list + echo 'deb http://security.debian.org/ testing/updates main contrib' \ +' non-free' >> /etc/apt/sources.list + echo 'deb http://ftp.debian.org/debian/ testing-updates main contrib' \ +' non-free' >> /etc/apt/sources.list + echo 'APT::Default-Release "stable";' \ + >> /etc/apt/apt.conf.d/99defaultrelease +fi +if [ "$1" = "thinkpad" ]; then + dhclient eth0 +fi +apt-get update +apt-get -y dist-upgrade + +# Set up manuals. +apt-get -y install man-db manpages less + +if [ "$1" = "thinkpad" ]; then + # Power management as per <http://thinkwiki.de/TLP_-_Linux_Stromsparen>. + echo '' >> /etc/apt/sources.list + echo 'deb http://repo.linrunner.de/debian jessie main' \ + >> /etc/apt/sources.list + apt-key adv --keyserver pool.sks-keyservers.net --recv-keys CD4E8809 + apt-get update + apt-get -y install linux-headers-amd64 tlp tp-smapi-dkms + sed -i 's/^#START_CHARGE_THRESH_BAT0/START_CHARGE_THRESH_BAT0=10 '\ +'#START_CHARGE_THRESH_BAT0/' /etc/default/tlp + sed -i 's/^#STOP_CHARGE_THRESH_BAT0/STOP_CHARGE_THRESH_BAT0=95 '\ +'#STOP_CHARGE_THRESH_BAT0/' /etc/default/tlp + sed -i 's/^#START_CHARGE_THRESH_BAT1/START_CHARGE_THRESH_BAT0=10 '\ +'#START_CHARGE_THRESH_BAT1/' /etc/default/tlp + sed -i 's/^#STOP_CHARGE_THRESH_BAT1/STOP_CHARGE_THRESH_BAT0=95 '\ +'#STOP_CHARGE_THRESH_BAT1/' /etc/default/tlp + sed -i 's/^#DEVICES_TO_DISABLE_ON_STARTUP/DEVICES_TO_DISABLE_ON_STARTUP='\ +'"bluetooth wifi wwan" #DEVICES_TO_DISABLE_ON_STARTUP/' /etc/default/tlp + tlp start +fi + +# Don't clear boot messages on start up. +sed -i 's/^TTYVTDisallocate=yes$/TTYVTDisallocate=no/g' \ + /etc/systemd/system/getty.target.wants/getty\@tty1.service + +# Set up timezone. +echo 'Europe/Berlin' > /etc/timezone +cp /usr/share/zoneinfo/Europe/Berlin /etc/localtime + +# Locale config. +apt-get -y install locales +echo 'en_US.UTF-8 UTF-8' >> /etc/locale.gen +locale-gen + +if [ "$1" = "thinkpad" ]; then + # Console config. + DEBIAN_FRONTEND=nointeractive apt-get -y install console-setup + echo 'ACTIVE_CONSOLES="/dev/tty[1-6]"' > /etc/default/console-setup + echo 'CHARMAP="UTF-8"' >> /etc/default/console-setup + echo 'CODESET="Lat15"' >> /etc/default/console-setup + echo 'FONTFACE="TerminusBold"' >> /etc/default/console-setup + echo 'FONTSIZE="8x16"' >> /etc/default/console-setup + echo 'export LC_ALL="en_US.UTF-8"' >> /etc/profile + sed -i 's/^XKBLAYOUT/XKBLAYOUT="de" # XKBLAYOUT/g' /etc/default/keyboard + service keyboard-setup restart +fi + +# Clone git repository. +apt-get -y install ca-certificates +apt-get -y install git +git clone http://github.com/plomlompom/config +config/bin/symlink.sh + +# Add user. Remove old user's config/ if it exists. +useradd -m -s /bin/bash plom +rm -rf /home/plom/config +su - plom -c 'git clone http://github.com/plomlompom/config /home/plom/config' +su plom -c '/home/plom/config/bin/symlink.sh '$1' '$2' '$3 + +# Allow user to sudo. +if [ "$1" = "thinkpad" ]; then + apt-get -y install sudo + adduser plom sudo +fi + +# Set up editor. +mkdir -p .vimbackups +su plom -c 'mkdir -p /home/plom/.vimbackups/' +apt-get -y install vim + +if [ "$1" = "server" ]; then + # Set up ssh-guard. + apt-get -y install sshguard rsyslog + + # Set up openssh-server. + apt-get -y install openssh-server + + # Set up mail system. + su plom -c 'mkdir -p /home/plom/mail/' + su plom -c 'mkdir -p /home/plom/mail/inbox/{cur,new,tmp}' + su plom -c 'mkdir -p /home/plom/mail/new_inbox/{cur,new,tmp}' + sed -i 's/^delete = true$/delete = false/g' \ + /home/plom/config/dotfiles/user/server/personal/minimal/getmail/getmailrc + DEBIAN_FRONTEND=noninteractive apt-get -y install mutt postfix maildrop + cp config/systemfiles/main.cf /etc/postfix/main.cf + sed -i 's/HOSTNAME/'$hostname.com'/g' /etc/postfix/main.cf + cp config/systemfiles/aliases /etc/aliases + newaliases + service postfix restart + if [ "$2" = "personal" ]; then + apt-get -y install getmail4 procmail + fi + + # Set up regular system update reminder. + apt-get -y install cron + su plom -c "echo '0 18 * * 0 ~/config/bin/simplemail.sh '\ + '~/config/mails/update_reminder' | crontab -" + + if [ "$2" = "personal" ]; then + # Set up screen/weechat/OTR/bitlbee. Make bitlbee listen only locally. + apt-get -y install screen weechat-plugins python-potr bitlbee + sed -i 's/^# DaemonInterface/DaemonInterface = 127.0.0.1 '\ +'# DaemonInterface/' /etc/bitlbee/bitlbee.conf + sedtest=`grep -E '^DaemonInterface = 127.0.0.1 #' \ + /etc/bitlbee/bitlbee.conf | wc -l | cut -d ' ' -f 1` + if [ 0 -eq $sedtest ]; then + false + fi + cp config/systemfiles/weechat.service \ + /etc/systemd/system/weechat.service + systemctl enable /etc/systemd/system/weechat.service + + # Send instructions mail. + config/bin/simplemail.sh config/mails/server_postinstall_finished + + elif [ "$2" = "public" ]; then + + # Set up htwtxt and environment. + apt-get -y install screen + apt-get -y -t jessie-backports install golang + su - plom -c 'git clone https://github.com/plomlompom/htwtxt $GOPATH/src/htwtxt' + su - plom -c 'go get htwtxt' + path=`su - plom -c 'echo $GOPATH/bin/htwtxt'` + su - plom -c 'mkdir -p ~/htwtxt' + cp config/systemfiles/htwtxt_restart_reminder.service \ + /etc/systemd/system/htwtxt_restart_reminder.service + systemctl enable /etc/systemd/system/htwtxt_restart_reminder.service + + # Set up nginx and letsencrypt. + apt-get -y install nginx + cp config/systemfiles/nginx.conf /etc/nginx/nginx.conf + cd ~ + git clone https://github.com/letsencrypt/letsencrypt + echo '0 18 * * 0 ~/config/bin/renew_certs.sh' | crontab - + + # Set up plomlombot. + apt-get -y install python3 python3-venv python3-pip + su - plom -c 'cd && git clone http://github.com/plomlompom/plomlombot-irc' + su - plom -c 'mkdir -p ~/plomlombot_db' + cp config/systemfiles/plomlombot.service \ + /etc/systemd/system/plomlombot.service + systemctl enable /etc/systemd/system/plomlombot.service + + # Set up plomlombot logging infrastructure. + mkdir -p /var/www/html/irclogs/ + ln -s /home/plom/plomlombot_db/6f322d574618816aa2d6d1ceb4fd2551/3c0248e76a1de3a6ee5bf3421f7379b0/logs/ /var/www/html/irclogs/zrolaps + touch /var/www/password_irclogs_zrolaps + ln -s /home/plom/plomlombot_db/6f322d574618816aa2d6d1ceb4fd2551/657eea42f86866f2954d39f92a6c71ff/logs/ /var/www/html/irclogs/nodrama.de + touch /var/www/password_irclogs_nodrama_de + ln -s /home/plom/plomlombot_db/6f322d574618816aa2d6d1ceb4fd2551/a083c5d5efca3734294fa656692990b6/logs/ /var/www/html/irclogs/freakazoid + touch /var/www/password_irclogs_freakazoid + + # Set up other web-served directories. + su - plom -c 'mkdir -p /home/plom/dump' + ln -s /home/plom/dump/ /var/www/html/dump + su - plom -c 'mkdir -p /home/plom/geheim' + ln -s /home/plom/geheim/ /var/www/html/geheim + su - plom -c 'mkdir -p /home/plom/lesekreis' + ln -s /home/plom/geheim/ /var/www/html/lesekreis + su - plom -c 'mkdir -p /home/plom/zettel' + ln -s /home/plom/zettel/ /var/www/html/zettel + su - plom -c 'git init --bare /home/plom/zettel.git' + su - plom -c 'cp ~/config/systemfiles/post-update ~/zettel.git/hooks/' + su - plom -c 'chmod a+x /home/plom/zettel.git/hooks/post-update' + + # Install website generator tools + apt-get -y install pandoc wget + wget http://news.dieweltistgarnichtso.net/bin/archives/redo-sh.tar.gz + tar -oxzf redo-sh.tar.gz -C /usr/local + rm redo-sh.tar.gz + apt-get --purge autoremove wget + fi + +elif [ "$1" = "thinkpad" ]; then + # Set up networking (wifi!). + apt-get -y install firmware-iwlwifi + DEBIAN_FRONTEND=noninteractive apt-get -y install wicd-curses + sed -i 's/^wired_interface = .*$/wired_interface = eth0/g' \ + /etc/wicd/manager-settings.conf + sed -i 's/^wireless_interface = .*$/wireless_interface = wlan0/g' \ + /etc/wicd/manager-settings.conf + systemctl restart wicd + + # Set up hibernation on lid close. + echo 'HandleLidSwitch=hibernate' >> /etc/systemd/logind.conf + + # Set up sound. + usermod -aG audio plom + apt-get -y install alsa-utils + if [ "$2" = "X200s" ]; then + amixer -c 0 sset Master playback 100% unmute + elif [ "$2" = "T450s" ]; then + amixer -c 1 sset Master playback 100% unmute + # Re-order souncards so the commonly used one is the first one. + echo 'options snd_hda_intel index=1,0' >> /etc/modprobe.d/sound.conf + fi + + # Set up window system, i3, redshift. + apt-get -y install xserver-xorg xinit xterm i3 i3status dmenu redshift + + # Set up OpenGL and hardware acceleration. + if [ "$2" = "X200s" ]; then + apt-get -y install i965-va-driver + elif [ "$2" = "T450s" ]; then + apt-get -y -t jessie-backports install xserver-xorg-video-intel + fi + apt-get -y install libgl1-mesa-dri + usermod -aG video plom + + # Install xrandr. + apt-get -y install x11-xserver-utils + + # Set up pentadactyl. + apt-get -y install iceweasel xul-ext-noscript + apt-get -y -t jessie-backports install xul-ext-pentadactyl + apt-get -y install vim-gtk + su plom -c 'mkdir -p /home/plom/downloads/' + + # Set up openssh-client. + apt-get -y install openssh-client +fi + +# Set password for user. +passwd plom + +# Clean up. +rm jessie_postinstall.sh + +# Finalize everything with a reboot. +echo "You may reboot now with the 'reboot' command unless there's more to do." diff --git a/archived/mails/htwtxt_restart b/archived/mails/htwtxt_restart new file mode 100644 index 0000000..8247df9 --- /dev/null +++ b/archived/mails/htwtxt_restart @@ -0,0 +1,5 @@ +[SYSADMIN] [HTWTXT] Restart reminder + +The virtual server hosting the htwtxt server was restarted, so the htwtxt server +itself needs to be restarted too, via (in screen) its +~/config/bin/start_htwtxt.sh. diff --git a/archived/mails/server_postinstall_finished b/archived/mails/server_postinstall_finished new file mode 100644 index 0000000..75253c9 --- /dev/null +++ b/archived/mails/server_postinstall_finished @@ -0,0 +1,23 @@ +[SYSADMIN] Server post-installation TODO + +The server post-installation script seems to have run successfully. Remember to +perform the following tasks: + +- once when mail system set-up seems stable, in + config/dotfiles_user_server/getmail/getmailrc, set [options] delete = true + +- ensure the following DNS TXT record for @: v=spf1 mx -all + +- run (as root) config/bin/setup_opendkim.sh $selector to set up system for DKIM + key signing, with a second parameter $keyfile if a key already exists; without + second parameter, this will generate a new key and print the DNS record to add + +- run (as root) config/bin/setup_starttls.sh to set up server-side STARTTLS for + mail; optionally run with paths to 1) a key file and 2) a cert file as + arguments if those exist to re-use existing ones + +- in the screen weechat/bitlbee session (run "screen -dr"), switch to the + &bitlbee channel, register with a password ("register", "/oper . [password]"), + and set up Jabber account with password ("account add jabber + plomlompom@jabber.ccc.de", "/oper . [password]"), then activate it ("account + on") diff --git a/archived/mails/update_reminder b/archived/mails/update_reminder new file mode 100644 index 0000000..81dd02c --- /dev/null +++ b/archived/mails/update_reminder @@ -0,0 +1,7 @@ +[SYSADMIN] System updating reminder + +This is your regular reminder to run: + +apt-get update +apt-get upgrade +apt-get dist-upgrade diff --git a/archived/mails/weechat_restart_reminder b/archived/mails/weechat_restart_reminder new file mode 100644 index 0000000..3aecea2 --- /dev/null +++ b/archived/mails/weechat_restart_reminder @@ -0,0 +1,5 @@ +[SYSADMIN] weechat restarted, re-identify! + +Your weechat was restarted, so don't forget to re-identify on freenode to +nickserv via "/msg nickserv identify [password]", and on bitlbee by joining +&bitlbee, "identify", "/oper . [password]", and "account on". diff --git a/archived/notes b/archived/notes new file mode 100644 index 0000000..1dcf1b4 --- /dev/null +++ b/archived/notes @@ -0,0 +1,54 @@ +some stuff I need to incorporate later on: + +the blog post-update git hook: + + + +#!/bin/sh +blog_dir=~/blog +export GIT_DIR=$(pwd) +export GIT_WORK_TREE="$blog_dir" +git checkout -f +cd "$GIT_WORK_TREE" +redo +git add metadata/author metadata/url metadata/title metadata/*.tmpl metadata/automatic_metadata captchas/linkable/* +count=$(ls -1 metadata/*.automatic_metadata 2>/dev/null | wc -l) +if [ "$count" != 0 ]; then + git add metadata/*.automatic_metadata +fi +status=$(git status -s) +n_updates=$(printf "$status" | grep -vE '^\?\?' | wc -l) +if [ "$n_updates" -gt 0 ]; then + git commit -a -m 'Update metadata' +fi + + +furthermore, the url_catcher virtualenv run.sh script needs this (to compile uwsgi): + +apt-get install python3.4-dev + + +also, these: + +# /etc/systemd/system/url_catcher.service + +[Unit] +Description=URL catcher + +[Service] +Type=forking +User=plom +ExecStart=/bin/sh -c 'LC_ALL=en_US.UTF8 screen -d -m ~/url_catcher.sh' + +[Install] +WantedBy=multi-user.target + + + +and url_catcher.sh: + +#!/bin/sh + +cd ~ +cd url-catcher +./run.sh diff --git a/archived/raspbian/.alsoftrc b/archived/raspbian/.alsoftrc new file mode 100644 index 0000000..21db2a5 --- /dev/null +++ b/archived/raspbian/.alsoftrc @@ -0,0 +1,3 @@ +# for minetest sound to work +[alsa] +mmap = false diff --git a/archived/raspbian/.asoundrc b/archived/raspbian/.asoundrc new file mode 100644 index 0000000..46eb301 --- /dev/null +++ b/archived/raspbian/.asoundrc @@ -0,0 +1,73 @@ +# using hdmi0 for TV stereo, hdmi1 for a 5.1 speaker set-up +# unfortunately, a non-square speaker number creates some noise +# therefore for hdmi1 we declare 8 speakers, but re-map them to 6 speakers +pcm.hdmi0 { + type hw + card 0 +} +pcm.hdmi1 { + type route + slave { + pcm "hw:1,0" + channels 8 + } + ttable { + 0.0 = 1 + 1.1 = 1 + 2.2 = 1 + 3.3 = 1 + 4.4 = 1 + 5.5 = 1 + 6.0 = 0.5 + 6.2 = 0.5 + 7.1 = 0.5 + 7.3 = 0.5 + } +} + +# upmix stereo to 5.1 â so we can watch stereo YouTube on all speakers +# with this: $ chromium-browser --alsa-output-device=stereo51 +# (numbers taken from <https://www.volkerschatz.com/noise/alsa.html>) +pcm.stereo51 { + type route + slave { + pcm "hw:1,0" + channels 8 + } + ttable { + 0.0 = 1 + 0.2 = -0.6 + 0.3 = -0.39 + 0.4 = 0.5 + 0.5 = 0.5 + 1.1 = 1 + 1.2 = -0.6 + 1.3 = -0.39 + 1.4 = 0.5 + 1.5 = 0.5 + } +} + +# default to hdmi0, overwrite with AUDIO_HDMI=1 env prefix +pcm.!default { + type plug + slave.pcm { + @func concat + strings [ + "hdmi" + { + @func getenv + vars [ AUDIO_HDMI ] + default "0" + } + ] + } +} +ctl.!default { + type hw + card { + @func getenv + vars [ AUDIO_HDMI ] + default 0 + } +} diff --git a/archived/raspbian/.bash_aliases b/archived/raspbian/.bash_aliases new file mode 100644 index 0000000..5036cb4 --- /dev/null +++ b/archived/raspbian/.bash_aliases @@ -0,0 +1,11 @@ +# for whatever reason, emulationstation gets some strange screen flicker issues +# if the second display is activated, so ensure it is only started with that off +alias emulationstation="xrandr --output HDMI-2 --off && emulationstation" + +# since the second HDMI only outputs sound with video, we have to ensure it's +# activated with xrandr if we want to use it for surround sound setup +alias mpv51="xrandr --output HDMI-2 --auto && AUDIO_HDMI=1 mpv --alsa-ignore-chmap '--audio-channels=5.1(alsa)'" +alias chromium-upmix="xrandr --output HDMI-2 --auto && chromium-browser --alsa-output-device=stereo51" +alias alsamixer51="AUDIO_HDMI=1 alsamixer" +# see vlc -H why these +alias vlc51="xrandr --output HDMI-2 --auto && vlc --alsa-audio-device=hdmi1 --alsa-audio-channels=4199" diff --git a/archived/setup_go.sh b/archived/setup_go.sh new file mode 100755 index 0000000..fc2f344 --- /dev/null +++ b/archived/setup_go.sh @@ -0,0 +1,44 @@ +#!/bin/sh + +set -e +set -x + +url=$1 + +ensure_line() { + add_string="$1" + file="$2" + test=`grep "$add_string" "$file" | wc -l` + if [ $test -lt 1 ]; then + echo "$add_string" >> "$file" + fi +} + +filename=temp_golang_binary + +if [ "$url" = "" ]; then + echo 'Need URL of current go package' + exit 1 +fi +sudo rm -rf /usr/local/go +sudo apt-get -y install wget +wget -O $filename $url +sudo tar -C /usr/local -xzf $filename +rm $filename +ensure_line 'export PATH=$PATH:/usr/local/go/bin' ~/.shinit_add +ensure_line 'export GOPATH=~/gopath' ~/.shinit_add +sudo apt-get -y install vim-pathogen +rm -rf ~/.vim/bundle/vim-go +git clone https://github.com/fatih/vim-go.git ~/.vim/bundle/vim-go +ensure_line 'source ~/.vimrc_vimgo' ~/.vimrc_add +cat << EOF > ~/.vimrc_vimgo +" vim-go: Make vim-go run. +call pathogen#infect() +let g:go_disable_autoinstall = 0 +" vim-go: Highlight +let g:go_highlight_functions = 1 +let g:go_highlight_methods = 1 +let g:go_highlight_structs = 1 +let g:go_highlight_operators = 1 +let g:go_highlight_build_constraints = 1 +EOF diff --git a/archived/stretch/apt-mark/seedbox b/archived/stretch/apt-mark/seedbox new file mode 100644 index 0000000..37b941e --- /dev/null +++ b/archived/stretch/apt-mark/seedbox @@ -0,0 +1,8 @@ +# needed for rtorrent config setup +curl +# needed for torrenting +rtorrent +# needed for torrenting session +screen +# needed for upload/download +rsync diff --git a/archived/stretch/etc_files/server/etc/ssh/sshd_config b/archived/stretch/etc_files/server/etc/ssh/sshd_config new file mode 100644 index 0000000..89d08ac --- /dev/null +++ b/archived/stretch/etc_files/server/etc/ssh/sshd_config @@ -0,0 +1,126 @@ +# $OpenBSD: sshd_config,v 1.100 2016/08/15 12:32:04 naddy Exp $ + +# This is the sshd server system-wide configuration file. See +# sshd_config(5) for more information. + +# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin + +# The strategy used for options in the default sshd_config shipped with +# OpenSSH is to specify options with their default value where +# possible, but leave them commented. Uncommented options override the +# default value. + +Port 22 +#AddressFamily any +#ListenAddress 0.0.0.0 +#ListenAddress :: + +#HostKey /etc/ssh/ssh_host_rsa_key +#HostKey /etc/ssh/ssh_host_ecdsa_key +#HostKey /etc/ssh/ssh_host_ed25519_key + +# Ciphers and keying +#RekeyLimit default none + +# Logging +#SyslogFacility AUTH +#LogLevel INFO + +# Authentication: + +#LoginGraceTime 2m +PermitRootLogin no # plomlompom's security rule +#StrictModes yes +#MaxAuthTries 6 +#MaxSessions 10 + +#PubkeyAuthentication yes + +# Expect .ssh/authorized_keys2 to be disregarded by default in future. +#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2 + +#AuthorizedPrincipalsFile none + +#AuthorizedKeysCommand none +#AuthorizedKeysCommandUser nobody + +# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts +#HostbasedAuthentication no +# Change to yes if you don't trust ~/.ssh/known_hosts for +# HostbasedAuthentication +#IgnoreUserKnownHosts no +# Don't read the user's ~/.rhosts and ~/.shosts files +#IgnoreRhosts yes + +# To disable tunneled clear text passwords, change to no here! +#PasswordAuthentication yes +#PermitEmptyPasswords no + +# Change to yes to enable challenge-response passwords (beware issues with +# some PAM modules and threads) +ChallengeResponseAuthentication no + +# Kerberos options +#KerberosAuthentication no +#KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes +#KerberosGetAFSToken no + +# GSSAPI options +#GSSAPIAuthentication no +#GSSAPICleanupCredentials yes +#GSSAPIStrictAcceptorCheck yes +#GSSAPIKeyExchange no + +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will +# be allowed through the ChallengeResponseAuthentication and +# PasswordAuthentication. Depending on your PAM configuration, +# PAM authentication via ChallengeResponseAuthentication may bypass +# the setting of "PermitRootLogin yes +# If you just want the PAM account and session checks to run without +# PAM authentication, then enable this but set PasswordAuthentication +# and ChallengeResponseAuthentication to 'no'. +UsePAM yes + +#AllowAgentForwarding yes +#AllowTcpForwarding yes +#GatewayPorts no +X11Forwarding yes +#X11DisplayOffset 10 +#X11UseLocalhost yes +#PermitTTY yes +PrintMotd no +#PrintLastLog yes +#TCPKeepAlive yes +#UseLogin no +#UsePrivilegeSeparation sandbox +#PermitUserEnvironment no +#Compression delayed +#ClientAliveInterval 0 +#ClientAliveCountMax 3 +#UseDNS no +#PidFile /var/run/sshd.pid +#MaxStartups 10:30:100 +#PermitTunnel no +#ChrootDirectory none +#VersionAddendum none + +# no default banner path +#Banner none + +# Allow client to pass locale environment variables +AcceptEnv LANG LC_* + +# override default of no subsystems +Subsystem sftp /usr/lib/openssh/sftp-server + +# Example of overriding settings on a per-user basis +#Match User anoncvs +# X11Forwarding no +# AllowTcpForwarding no +# PermitTTY no +# ForceCommand cvs server + +ClientAliveInterval 120 +PasswordAuthentication no # plomlompom's security rule diff --git a/archived/stretch/setup_scripts/init_user_and_keybased_login.sh b/archived/stretch/setup_scripts/init_user_and_keybased_login.sh new file mode 100755 index 0000000..cea582f --- /dev/null +++ b/archived/stretch/setup_scripts/init_user_and_keybased_login.sh @@ -0,0 +1,56 @@ +#!/bin/sh +# This script turns a fresh server with password-based root access into +# one of only key-based access and only to new non-root account plom. +# +# CAUTION: This is optimized for a *fresh* setup. It will overwrite any +# pre-existing ~/.ssh/authorized_keys of user plom with one that solely +# contains the local ~/.ssh/id_rsa.pub, and also any old +# /etc/ssh/sshd_config. +# +# Dependencies: ssh, scp, sshpass, ~/.ssh/id_rsa.pub, properly +# configured sshd_config file in reach. +set -e + +# Location of an sshd_config with "PermitRootLogin no" and +# "PasswordAuthentication no". +config_tree_prefix="${HOME}/public_repos/config/stretch" +linkable_files_dir="${config_tree_prefix}/etc_files/server" +system_path_sshd_config='/etc/ssh/sshd_config' +local_path_sshd_config="${linkable_files_dir}${system_path_sshd_config}" + +# Ensure we have a server name as argument. +if [ $# -eq 0 ]; then + echo "Need server as argument." + false +fi +server="$1" + +# This will be used to log-in as root from plom account. +echo 'First, enter the old root password; then enter new password twice.' +ssh root@"${server}" "passwd" + +# Save root password for sshpass +stty -echo +printf "Re-enter new server root password: " +read PW_ROOT +stty echo +printf "\n" +export SSHPASS="${PW_ROOT}" + +# Create user plom, and his ~/.ssh/authorized_keys based on the local +# ~/.ssh/id_rsa.pub; ensure the result has proper permissions and +# ownerships. Then disable root and pw login by copying over the +# sshd_config and restart ssh daemon. +# +# This could be a line or two shorter by using ssh-copy-id, but that +# would require setting a password for user plom otherwise not needed. +sshpass -e scp ~/.ssh/id_rsa.pub root@"${server}":/tmp/authorized_keys +sshpass -e ssh root@"${server}" \ + 'useradd -m plom && '\ + 'mkdir /home/plom/.ssh && '\ + 'chown plom:plom /home/plom/.ssh && '\ + 'chown plom:plom /tmp/authorized_keys && '\ + 'chmod u=rw,go= /tmp/authorized_keys && '\ + 'mv /tmp/authorized_keys /home/plom/.ssh/' +sshpass -e scp "${local_path_sshd_config}" root@"${server}":"${system_path_sshd_config}" +sshpass -e ssh root@"${server}" 'service ssh restart' diff --git a/archived/stretch/setup_scripts/install_for_target.sh b/archived/stretch/setup_scripts/install_for_target.sh new file mode 100755 index 0000000..3a42c4d --- /dev/null +++ b/archived/stretch/setup_scripts/install_for_target.sh @@ -0,0 +1,20 @@ +#!/bin/sh +# Walks through the package names in the argument-selected files of +# apt-mark/ and ensures the respective packages are installed. +# +# Ignores anything in an apt-mark/ file after the last newline. +set -e + +config_tree_prefix="${HOME}/config/stretch" +aptmark_dir="${config_tree_prefix}/apt-mark" + +for target in "$@"; do + path="${aptmark_dir}/${target}" + # TODO: continue if file at $path not found, to get rid of dummy files + cat "${path}" | while read line; do + echo "$line" + if [ ! $(echo "${line}" | cut -c1) = "#" ]; then + DEBIAN_FRONTEND=noninteractive apt-get -y -o Dpkg::Options::=--force-confold install "${line}" + fi + done +done diff --git a/archived/stretch/setup_scripts/setup_seedbox.sh b/archived/stretch/setup_scripts/setup_seedbox.sh new file mode 100755 index 0000000..a2d2187 --- /dev/null +++ b/archived/stretch/setup_scripts/setup_seedbox.sh @@ -0,0 +1,13 @@ +#!/bin/sh +set -e + +./install_for_target.sh seedbox + +# As according to <https://rtorrent-docs.readthedocs.io/en/latest/cookbook.html#modernized-configuration-template> +su -lc "curl -Ls 'https://raw.githubusercontent.com/wiki/rakshasa/rtorrent/CONFIG-Template.md' | grep -A9999 '^######' | grep -B9999 '^### END' | sed -re \"s:/home/USERNAME:\$HOME:\" >~/.rtorrent.rc" plom +su -lc "echo 'pieces.hash.on_completion.set = no' >> ~/.rtorrent.rc" plom +su -lc "mkdir ~/rtorrent" plom + +# As according to <https://unix.stackexchange.com/a/475485> +chmod u+s /usr/bin/screen +chmod 755 /var/run/screen diff --git a/archived/systemfiles/aliases b/archived/systemfiles/aliases new file mode 100644 index 0000000..59c52b4 --- /dev/null +++ b/archived/systemfiles/aliases @@ -0,0 +1,23 @@ +# /etc/aliases + +# As per RFC 2142. +mailer-daemon: plom +postmaster: plom +hostmaster: plom +usenet: plom +news: plom +webmaster: plom +www: plom +ftp: plom +abuse: plom +noc: plom +security: plom +root: plom + +# Personal aliases. +plomlompom: plom +christian.heller: plom +christian_heller: plom +christianheller: plom +c.heller: plom +heller: plom diff --git a/archived/systemfiles/htwtxt_restart_reminder.service b/archived/systemfiles/htwtxt_restart_reminder.service new file mode 100644 index 0000000..a1e0ad8 --- /dev/null +++ b/archived/systemfiles/htwtxt_restart_reminder.service @@ -0,0 +1,12 @@ +# /etc/systemd/system/weechat.service + +[Unit] +Description=htwtxt restart reminder + +[Service] +Type=forking +User=plom +ExecStart=/bin/sh -c '~/config/bin/simplemail_out.sh ~/config/mails/htwtxt_restart' + +[Install] +WantedBy=multi-user.target diff --git a/archived/systemfiles/main.cf b/archived/systemfiles/main.cf new file mode 100644 index 0000000..f1a7a8d --- /dev/null +++ b/archived/systemfiles/main.cf @@ -0,0 +1,16 @@ +# /etc/postfix/main.cf + +# Use maildrop as MDA. +mailbox_command = /usr/bin/maildrop + +# Restrictive relaying policy. +smtpd_relay_restrictions = permit_mynetworks defer_unauth_destination + +# What domains to receive mail for: names of local server. +mydestination = HOSTNAME, localhost + +# What clients to relay mail from: only local server. +mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 + +# Paranoid maximum error notification. +notify_classes=2bounce, bounce, data, delay, policy, protocol, resource, software diff --git a/archived/systemfiles/nginx.conf b/archived/systemfiles/nginx.conf new file mode 100644 index 0000000..3def78d --- /dev/null +++ b/archived/systemfiles/nginx.conf @@ -0,0 +1,90 @@ +# system integration +user www-data; +pid /run/nginx.pid; + +# is expected even if empty +events { +} + +http { + # define content-type headers + types { + text/html html htm shtml; + text/css css; + text/xml xml; + text/plain txt sh rst md; + application/xhtml+xml xhtml; + application/pdf pdf; + image/jpeg jpg jpeg; + image/png png; + } + default_type application/octet_stream; + charset utf-8; + + # logging + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log; + + # enforce https + server { + listen 80; + return 301 https://$host$request_uri; + } + + # IRC logs + server { + listen 443 ssl; + server_name dump.plomlompom.com; + ssl_certificate /etc/letsencrypt/live/dump.plomlompom.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/dump.plomlompom.com/privkey.pem; + root /var/www/html/; + location /zettel/ { + # rewrite non-suffixed filenames to .html ones + rewrite ^(/zettel/(.*/)*[^./]+)$ $1.html; + autoindex on; + } + location /dump/ { + autoindex on; + } + location /geheim/ { + auth_basic "geheim geheim"; + auth_basic_user_file /var/www/password_geheim; + autoindex on; + } + location /irclogs/zrolaps/ { + auth_basic "#zrolaps logs"; + auth_basic_user_file /var/www/password_irclogs_zrolaps; + autoindex on; + } + location /irclogs/nodrama.de/ { + auth_basic "#nodrama.de logs"; + auth_basic_user_file /var/www/password_irclogs_nodrama_de; + autoindex on; + } + location /irclogs/freakazoid/ { + auth_basic "#freakazoid logs"; + auth_basic_user_file /var/www/password_irclogs_freakazoid; + autoindex on; + } + location /lesekreis/ { + auth_basic "Quellen Lesekreis"; + auth_basic_user_file /var/www/password_lesekreis; + autoindex on; + } + location /uwsgi/ { + include uwsgi_params; + uwsgi_pass 127.0.0.1:3031; + } + } + + # htwtxt + server { + listen 443 ssl; + server_name htwtxt.plomlompom.com; + ssl_certificate /etc/letsencrypt/live/htwtxt.plomlompom.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/htwtxt.plomlompom.com/privkey.pem; + location / { + proxy_pass http://127.0.0.1:8000; + } + } +} diff --git a/archived/systemfiles/opendkim.conf b/archived/systemfiles/opendkim.conf new file mode 100644 index 0000000..2bd3c19 --- /dev/null +++ b/archived/systemfiles/opendkim.conf @@ -0,0 +1,22 @@ +# The domain for which mails are signed. +Domain plomlompom.com + +# Location of the private key to sign mails with. +KeyFile /etc/opendkim/dkim.key + +# Identifies the signing key; useful when replacing it. +#Selector keyname + +# Canonicalize the body strictly for signing, but the header (more legitimately +# subject to reformatting by forwarding servers) less so. +Canonicalization relaxed/simple + +# Invalidate the signature of mails to which additional From fields were added +# after the signing. (See RFC for details on how this works.) +OversignHeaders From + +# Where to communicate with the MTA. +Socket inet:12301@localhost + +# Don't act as root. +UserID opendkim:opendkim diff --git a/archived/systemfiles/plomlombot.service b/archived/systemfiles/plomlombot.service new file mode 100644 index 0000000..8c992d8 --- /dev/null +++ b/archived/systemfiles/plomlombot.service @@ -0,0 +1,12 @@ +# /etc/systemd/system/plomlombot.service + +[Unit] +Description=plomlombot screen + +[Service] +Type=forking +User=plom +ExecStart=/bin/sh -c 'LC_ALL=en_US.UTF8 screen -d -m ~/config/bin/plomlombot.sh && screen -d -m ~/config/bin/broiler_in.sh && screen -d -m ~/config/bin/hubbabubba.sh && screen -d -m ~/config/bin/zinskritik.sh' + +[Install] +WantedBy=multi-user.target diff --git a/archived/systemfiles/post-update b/archived/systemfiles/post-update new file mode 100755 index 0000000..3bea5b2 --- /dev/null +++ b/archived/systemfiles/post-update @@ -0,0 +1,5 @@ +#!/bin/sh +ZETTELDIR=/home/plom/zettel +GIT_WORK_TREE=$ZETTELDIR git checkout -f +cd $ZETTELDIR +redo diff --git a/archived/systemfiles/weechat.service b/archived/systemfiles/weechat.service new file mode 100644 index 0000000..5fb3e0f --- /dev/null +++ b/archived/systemfiles/weechat.service @@ -0,0 +1,12 @@ +# /etc/systemd/system/weechat.service + +[Unit] +Description=weechat screen + +[Service] +Type=forking +User=plom +ExecStart=/bin/sh -c 'LC_ALL=en_US.UTF8 screen -d -m ~/config/bin/weechat-wrapper.sh' + +[Install] +WantedBy=multi-user.target diff --git a/archived/update_key.sh b/archived/update_key.sh new file mode 100755 index 0000000..23b07ca --- /dev/null +++ b/archived/update_key.sh @@ -0,0 +1,14 @@ +#!/bin/sh +set -e + +if [ "$#" -ne 1 ]; then + echo "Need exactly one argument: public key ID." + false +fi +gpg_key="$1" +keyservers='keyserver.ubuntu.com pgp.surf.nl pgp.rediris.es' +set +e +for keyserver in $(echo "${keyservers}"); do + gpg --no-tty --keyserver $keyserver --send-key "${gpg_key}" +done +set -e diff --git a/bin/broiler_in.sh b/bin/broiler_in.sh deleted file mode 100755 index 5b16ddd..0000000 --- a/bin/broiler_in.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/sh -cd ~/plomlombot-irc -./run.sh -r 604800 -n broiler_in "#nodrama.de" diff --git a/bin/hubbabubba.sh b/bin/hubbabubba.sh deleted file mode 100755 index 50cc0f6..0000000 --- a/bin/hubbabubba.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/sh -cd ~/plomlombot-irc -./run.sh -r 604800 -n hubbabubba "#freakazoid" diff --git a/bin/i3status_wrapper.py b/bin/i3status_wrapper.py deleted file mode 100755 index aa7b7c2..0000000 --- a/bin/i3status_wrapper.py +++ /dev/null @@ -1,26 +0,0 @@ -#!/usr/bin/env python3 -# -*- coding: utf-8 -*- - -# Inspired by http://code.stapelberg.de/git/i3status/tree/contrib/wrapper.py - -import sys -import json -import subprocess - -def print_nonbuffered(message): - sys.stdout.write(message) - sys.stdout.flush() - -if __name__ == '__main__': - print_nonbuffered(sys.stdin.readline()) - print_nonbuffered(sys.stdin.readline()) - while True: - line, prefix = sys.stdin.readline(), '' - if line.startswith(','): - line, prefix = line[1:], ',' - j = json.loads(line) - if '1' == subprocess.getoutput('xset q | grep LED')[65]: - j.insert(len(j), {'full_text' : 'CAPS', - 'separator_block_width': 40, - 'color': '#FF0000'}) - print_nonbuffered(prefix+json.dumps(j)) diff --git a/bin/install_certs.sh b/bin/install_certs.sh deleted file mode 100755 index 5ef46b0..0000000 --- a/bin/install_certs.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/sh - -set -e -set -x - -~/letsencrypt/letsencrypt-auto certonly --standalone -d dump.plomlompom.com -~/letsencrypt/letsencrypt-auto certonly --standalone -d htwtxt.plomlompom.com diff --git a/bin/network.sh b/bin/network.sh deleted file mode 100755 index 5f88461..0000000 --- a/bin/network.sh +++ /dev/null @@ -1,65 +0,0 @@ -#!/bin/sh - -eth_interface=enp0s25 -wifi_interface=wls1 - -ensure_wifi_on() { - if [ ! "$(wifi)" = "wifi = on" ]; then - #wifi on - ip link set "$wifi_interface" up - fi -} - -if ! echo "${1}"; then - echo 'No command given.' - print_usage - exit 1 -elif [ "${1}" = 'eth_connect' ]; then - ip link set "$eth_interface" up - dhclient "$eth_interface" - -elif [ "${1}" = 'eth_disconnect' ]; then - ip link set "$eth_interface" down - -elif [ "${1}" = 'wifi_scan' ]; then - ensure_wifi_on - ip link set "$wifi_interface" up - iw dev "$wifi_interface" scan | grep SSID - -elif [ "${1}" = 'wifi_connect_open' ]; then - ensure_wifi_on - iw dev "$wifi_interface" connect "${2}" - dhclient "$wifi_interface" - #ip route delete default - #ip route add default via 192.168.1.1 dev wls1 - -elif [ "${1}" = 'wifi_connect_wep_ascii' ]; then - ensure_wifi_on - iw dev "$wifi_interface" connect "${2}" key 0:"${3}" - dhclient "$wifi_interface" - -elif [ "${1}" = 'wifi_connect_wep_hex' ]; then - ensure_wifi_on - iw dev "$wifi_interface" connect "${2}" key d:0:"${3}" - dhclient "$wifi_interface" - -elif [ "${1}" = 'wifi_connect_wpa' ]; then - ensure_wifi_on - wpa_passphrase "${2}" "${3}" > /tmp/wpa_supplicant.conf - wpa_supplicant -B -i "$wifi_interface" -c /tmp/wpa_supplicant.conf - dhclient "$wifi_interface" - -elif [ "${1}" = 'wifi_disconnect' ]; then - ip link set "$wifi_interface" down - -else - echo 'Available commands:' - echo ' eth_connect' - echo ' eth_disconnect' - echo ' wifi_scan' - echo ' wifi_connect_open SSID' - echo ' wifi_connect_wep_ascii SSID KEY' - echo ' wifi_connect_wep_hex SSID KEY' - echo ' wifi_connect_wpa SSID KEY' - echo ' wifi_disconnect' -fi diff --git a/bin/plomlombot.sh b/bin/plomlombot.sh deleted file mode 100755 index 1153d2d..0000000 --- a/bin/plomlombot.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/sh -cd ~/plomlombot-irc -./run.sh -r 604800 -n botlomplom "#zrolaps" diff --git a/bin/renew_certs.sh b/bin/renew_certs.sh deleted file mode 100755 index d1853b5..0000000 --- a/bin/renew_certs.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/sh - -service nginx stop -~/letsencrypt/letsencrypt-auto renew -service nginx restart diff --git a/bin/setup_opendkim.sh b/bin/setup_opendkim.sh deleted file mode 100755 index ce1e3d5..0000000 --- a/bin/setup_opendkim.sh +++ /dev/null @@ -1,65 +0,0 @@ -#!/bin/sh -set -e -selector=$1 -file=$2 - -if [ ! -n "$selector" ]; then - cat << EOF -Usage: $0 SELECTOR [KEYFILE] - set up DKIM system and configuration - -If existing KEYFILE is given, set up DKIM to use SELECTOR and apply key from -KEYFILE. - -If existing KEYFILE is not given, generate KEYFILE and DNS TXT file for -SELECTOR. -EOF - exit -fi - -if [ ! "$(id -u)" -eq "0" ]; then - echo "Must be run as root." - exit 1 -fi - -set -x -apt-get -y install opendkim - -if [ ! -n "$file" ]; then - apt-get -y install opendkim-tools - opendkim-genkey -d plomlompom.com -s $selector - apt-get -y --purge autoremove opendkim-tools - set +x - echo - echo 'Generated key file at '$selector'.private.' - echo 'Also generated '$selector'.txt, APPLY its content below to your DNS' \ - 'record.' - echo 'AFTER the waiting time for DNS propagation RERUN this script with' \ - 'the key file as SECOND parameter (still use selector as first one).' - echo - cat $selector.txt -else - if [ ! -f "$file" ]; then - set +x - echo - echo "Keyfile $file does not exist." - exit 1 - fi - cp ~/config/systemfiles/opendkim.conf /etc/opendkim.conf - sed -r -i 's/^#Selector .*$/Selector '$selector'/' /etc/opendkim.conf - mkdir -p /etc/opendkim - if [ -f /etc/opendkim/dkim.key ]; then - cp /etc/opendkim/dkim.key /etc/opendkim/dkim.key~ - fi - cp $file /etc/opendkim/dkim.key - cp ~/config/systemfiles/main.cf /etc/postfix/main.cf - cat >> /etc/postfix/main.cf << EOF - -# Use opendkim at given port as mail filter. -non_smtpd_milters = inet:localhost:12301 -EOF - service opendkim restart - service postfix restart - set +x - echo - echo 'Ensure the DKIM TXT entry in your DNS record matches!' -fi diff --git a/bin/setup_starttls.sh b/bin/setup_starttls.sh deleted file mode 100755 index 3b306c2..0000000 --- a/bin/setup_starttls.sh +++ /dev/null @@ -1,38 +0,0 @@ -#!/bin/sh -set -x -set -e -key=$1 -cert=$2 - -if [ ! "$(id -u)" -eq "0" ]; then - echo "Must be run as root." - exit 1 -fi - -key_target=/etc/postfix/key.pem -if [ ! -n "$key" ]; then - if [ ! -f "${key_target}" ]; then - (umask 077; openssl genrsa -out "${key_target}" 2048) - fi -else - cp "$key" "${key_target}" -fi - -fqdn=$(postconf -h myhostname) -cert_target=/etc/postfix/cert.pem -if [ ! -n "$cert" ]; then - if [ ! -f "${cert_target}" ]; then - openssl req -new -key "${key_target}" -x509 -subj "/CN=${fqdn}" -days 3650 -out "${cert_target}" - fi -else - cp "$cert" "${cert_target}" -fi - -cat >> /etc/postfix/main.cf << EOF - -# Enable server-side STARTTLS. -smtpd_tls_cert_file = /etc/postfix/cert.pem -smtpd_tls_key_file = /etc/postfix/key.pem -smtpd_tls_security_level = may -EOF -service postfix restart diff --git a/bin/simplemail.sh b/bin/simplemail.sh deleted file mode 100755 index af0eb1a..0000000 --- a/bin/simplemail.sh +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/sh -# -# This mails to user plom the message in the file named by the first parameter, -# decoded with the first line as subject and everything below the second line -# as the message body. - -subject=`head -1 $1` -body=`tail -n +3 $1` -echo "$body" | mutt -s "$subject" plom diff --git a/bin/simplemail_out.sh b/bin/simplemail_out.sh deleted file mode 100755 index 8340944..0000000 --- a/bin/simplemail_out.sh +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/sh -# -# This mails to plom@plomlompom.com the message in the file named by the first -# parameter, decoded with the first line as subject and everything below the -# second line as the message body. - -subject=`head -1 $1` -body=`tail -n +3 $1` -echo "$body" | mutt -s "$subject" plom@plomlompom.com diff --git a/bin/start_htwtxt.sh b/bin/start_htwtxt.sh deleted file mode 100755 index e5ee45a..0000000 --- a/bin/start_htwtxt.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh -$GOPATH/bin/htwtxt \ - --contact 'see http://www.plomlompom.de/' \ - --mailport 587 \ - --mailserver smtp.gmail.com \ - --mailuser christian.heller@gmail.com \ - --port 8000 \ - --signup diff --git a/bin/symlink.sh b/bin/symlink.sh deleted file mode 100755 index d653a0b..0000000 --- a/bin/symlink.sh +++ /dev/null @@ -1,41 +0,0 @@ -#!/bin/sh - -set -x -set -e - -dir_minimal=~/config/dotfiles/minimal -dir_user_prefix=~/config/dotfiles/user -dir_user_minimal=$dir_user_prefix/minimal -dir_user_machine=$dir_user_prefix/$1/minimal -if [ "$3" = "" ]; then - dir_user_variety=$dir_user_prefix/$1/$2 -else - dir_user_variety=$dir_user_prefix/$1/$2/minimal -fi -dir_user_subvariety=$dir_user_prefix/$1/$2/$3 -dir_root=~/config/dotfiles/root -homedir=`echo ~` -find ~ -lname $homedir'/config/*' -delete -for file in `ls $dir_minimal`; do - ln -fs $dir_minimal/$file ~/.$file -done -if [ "$(id -u)" -eq "0" ]; then - for file in `ls $dir_root`; do - ln -fs $dir_root/$file ~/.$file - done -else - for file in `ls $dir_user_minimal`; do - ln -fs $dir_user_minimal/$file ~/.$file - done - for file in `ls $dir_user_machine`; do - ln -fs $dir_user_machine/$file ~/.$file - done - for file in `ls $dir_user_variety`; do - ln -fs $dir_user_variety/$file ~/.$file - done - if [ ! "$3" = "" ]; then - for file in `ls $dir_user_subvariety`; do - ln -fs $dir_user_subvariety/$file ~/.$file - done - fi -fi diff --git a/bin/w530_backlight.sh b/bin/w530_backlight.sh deleted file mode 100755 index 5b24fa7..0000000 --- a/bin/w530_backlight.sh +++ /dev/null @@ -1,32 +0,0 @@ -#!/bin/sh - -# A very primitive backlight setter with a hardcoded backlight path, to replace -# xbacklight which currently does not work on my system. - -if ! echo "${1}" | egrep -q '^[0-9]+$' && ! [ "${1}" = "+" -o "${1}" = "-" ]; then - echo 'Argument must be a number, or "+", or "-".' - exit 1 -fi -backlight_dir=/sys/class/backlight/intel_backlight -max_brightness=$(cat "${backlight_dir}"/max_brightness) -target="${backlight_dir}"/brightness -if [ "${1}" = "+" -o "${1}" = "-" ]; then - fract=$(expr "${max_brightness}" / 20) - cur_brightness=$(cat "${backlight_dir}"/brightness) - brightness=$(expr "${cur_brightness}" "${1}" "${fract}") - if [ "${brightness}" -gt "${max_brightness}" ]; then - brightness="${max_brightness}" - elif [ "${brightness}" -lt "0" ]; then - brightness=0 - fi - sudo sh -c 'echo '"${brightness}"' > '"${target}" - exit 0 -fi -percentage=${1} -if [ "${percentage}" = '100' ]; then - sudo sh -c 'echo '"${max_brightness}"' > '"${target}" -else - fract=$(expr "${max_brightness}" / 100) - brightness=$(expr "${percentage}" \* "${fract}") - sudo sh -c 'echo '"${brightness}"' > '"${target}" -fi diff --git a/bin/w530_startx_force_nvidia.sh b/bin/w530_startx_force_nvidia.sh deleted file mode 100755 index 3c3ca59..0000000 --- a/bin/w530_startx_force_nvidia.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/sh - -# Undo bumblebee setup. -sudo service bumblebeed stop -sudo modprobe nvidia-drm -sudo update-alternatives --set glx /usr/lib/nvidia - -# Use special xorg.conf and pass NVIDIA_DIRECT directive to .xinitrc. -NVIDIA_DIRECT=1 startx -- -config xorg.conf.forced_nvidia - -# Recreate bumblebee setup. -sudo service bumblebeed start -sudo update-alternatives --auto glx diff --git a/bin/weechat-wrapper.sh b/bin/weechat-wrapper.sh deleted file mode 100755 index 333c9d1..0000000 --- a/bin/weechat-wrapper.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh - -# Enforce ~/.weechatrc as sole persistent weechat config file. -~/config/bin/simplemail.sh ~/config/mails/weechat_restart_reminder -rm -rf ~/.weechat/ -WEECHATCONF=`tr '\n' ';' < ~/.weechatrc` -weechat -r "$WEECHATCONF" -rm -rf ~/.weechat/ diff --git a/bin/wicd-wrapper.sh b/bin/wicd-wrapper.sh deleted file mode 100755 index 8ed74bd..0000000 --- a/bin/wicd-wrapper.sh +++ /dev/null @@ -1,67 +0,0 @@ -#!/bin/sh - -check_wifi_id_set() { - if ! echo "${1}" | egrep -q '^[0-9]+$'; then - echo 'Wifi identifier must be integer.' - exit 1 - fi -} - -ensure_wifi_on() { - if [ ! "$(wifi)" = "wifi = on" ]; then - sudo wifi on - fi -} - -print_usage() { - echo 'Available commands:' - echo ' eth_connect' - echo ' eth_disconnect' - echo ' wifi_scan' - echo ' wifi_info WIFI_ID' - echo ' wifi_set_wpa WIFI_ID KEY' - echo ' wifi_connect WIFI_ID' - echo ' wifi_disconnect' -} - -if ! echo "${1}"; then - echo 'No command given.' - print_usage - exit 1 -elif [ "${1}" = 'eth_connect' ]; then - wicd-cli --wired --connect - -elif [ "${1}" = 'eth_disconnect' ]; then - wicd-cli --wired --disconnect - -elif [ "${1}" = 'wifi_scan' ]; then - ensure_wifi_on - wicd-cli --wireless --scan - wicd-cli --wireless --list-networks - -elif [ "${1}" = 'wifi_info' ]; then - check_wifi_id_set "${2}" - wicd-cli --wireless --network="${2}" --network-details - -elif [ "${1}" = 'wifi_set_wpa' ]; then - check_wifi_id_set "${2}" - if ! echo "${3}" ; then - echo 'No key set.' - exit 1 - fi - wicd-cli --wireless --network="${2}" --network-property=enctype --set-to=wpa - wicd-cli --wireless --network="${2}" --network-property=key --set-to="${3}" - -elif [ "${1}" = 'wifi_connect' ]; then - ensure_wifi_on - check_wifi_id_set "${2}" - wicd-cli --wireless --network="${2}" --connect - -elif [ "${1}" = 'wifi_disconnect' ]; then - wicd-cli --wireless --disconnect - -else - echo 'Unknown command.' - print_usage - exit 1 -fi diff --git a/bin/zinskritik.sh b/bin/zinskritik.sh deleted file mode 100755 index 9ad293a..0000000 --- a/bin/zinskritik.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/sh -cd ~/plomlombot-irc -./run.sh -r 604800 -n histomat "#freie-gesellschaft" diff --git a/buster/apt-mark/all b/buster/apt-mark/all deleted file mode 100644 index 4b760bc..0000000 --- a/buster/apt-mark/all +++ /dev/null @@ -1,12 +0,0 @@ -# connectivity: ifupdown seems necessary everyhwere, isc-dhcp-client -# unpredictably so -ifupdown -isc-dhcp-client -# git for the setup directory; cloning works with ca-certificates -ca-certificates -git -# to avoid constant warnings about no locale being found -locales -# extremely useful for basic network debugging; missed these more than once in an emergency -netcat -iputils-ping diff --git a/buster/apt-mark/desktop b/buster/apt-mark/desktop deleted file mode 100644 index f537318..0000000 --- a/buster/apt-mark/desktop +++ /dev/null @@ -1,2 +0,0 @@ -# so that grub learns about kernel updates -grub-pc diff --git a/buster/apt-mark/dumpsite b/buster/apt-mark/dumpsite deleted file mode 100644 index a87852a..0000000 --- a/buster/apt-mark/dumpsite +++ /dev/null @@ -1,13 +0,0 @@ -wget -# for blog and zettel -pandoc -# for blog -html2text -uuid-runtime -python3 -# for url_catcher daemon -python3-venv -build-essential -python3-dev -screen -postfix diff --git a/buster/apt-mark/eeepc b/buster/apt-mark/eeepc deleted file mode 100644 index 73a755f..0000000 --- a/buster/apt-mark/eeepc +++ /dev/null @@ -1,3 +0,0 @@ -# for wifi -firmware-ralink -# diff --git a/buster/apt-mark/mail b/buster/apt-mark/mail deleted file mode 100644 index 1ef369d..0000000 --- a/buster/apt-mark/mail +++ /dev/null @@ -1,17 +0,0 @@ -# smtp server -postfix -# opendkim -opendkim -opendkim-tools -# for pingmail -mailutils -# ssl -certbot -# IMAPS -pwgen -dovecot-imapd -# sieve filtering -dovecot-lmtpd -dovecot-sieve -# to funnel mail from additional server -fetchmail diff --git a/buster/apt-mark/old_server b/buster/apt-mark/old_server deleted file mode 100644 index c3d995b..0000000 --- a/buster/apt-mark/old_server +++ /dev/null @@ -1,2 +0,0 @@ -# because it contains ifconfig -net-tools diff --git a/buster/apt-mark/peertube b/buster/apt-mark/peertube deleted file mode 100644 index 5b73bac..0000000 --- a/buster/apt-mark/peertube +++ /dev/null @@ -1,15 +0,0 @@ -ffmpeg -postgresql -postgresql-contrib -openssl -redis-server -python-dev -# only needed for setup -g++ -make -git -curl -unzip -libncurses5 -pwgen -wget diff --git a/buster/apt-mark/play b/buster/apt-mark/play deleted file mode 100644 index 154f7e7..0000000 --- a/buster/apt-mark/play +++ /dev/null @@ -1,4 +0,0 @@ -weechat -screen -gnupg -dirmngr diff --git a/buster/apt-mark/pleroma b/buster/apt-mark/pleroma deleted file mode 100644 index ec7a134..0000000 --- a/buster/apt-mark/pleroma +++ /dev/null @@ -1,5 +0,0 @@ -# Pleroma DB -postgresql -postgresql-contrib -# only needed for setup -pwgen diff --git a/buster/apt-mark/pleroma_otp b/buster/apt-mark/pleroma_otp deleted file mode 100644 index 4805a43..0000000 --- a/buster/apt-mark/pleroma_otp +++ /dev/null @@ -1,4 +0,0 @@ -# only needed for setup -curl -unzip -libncurses5 diff --git a/buster/apt-mark/pleroma_source b/buster/apt-mark/pleroma_source deleted file mode 100644 index 2b1cd35..0000000 --- a/buster/apt-mark/pleroma_source +++ /dev/null @@ -1,4 +0,0 @@ -# only needed for setup -build-essential -wget -gnupg diff --git a/buster/apt-mark/seedbox b/buster/apt-mark/seedbox deleted file mode 100644 index 37b941e..0000000 --- a/buster/apt-mark/seedbox +++ /dev/null @@ -1,8 +0,0 @@ -# needed for rtorrent config setup -curl -# needed for torrenting -rtorrent -# needed for torrenting session -screen -# needed for upload/download -rsync diff --git a/buster/apt-mark/server b/buster/apt-mark/server deleted file mode 100644 index 2ab22d2..0000000 --- a/buster/apt-mark/server +++ /dev/null @@ -1,6 +0,0 @@ -# so we can login at all ⦠-openssh-server -# firewalling -nftables -# We want to be able to use ALL our servers as borg backup destinations. -borgbackup diff --git a/buster/apt-mark/thinkpad b/buster/apt-mark/thinkpad deleted file mode 100644 index 6a780f2..0000000 --- a/buster/apt-mark/thinkpad +++ /dev/null @@ -1,7 +0,0 @@ -# for wifi -firmware-iwlwifi -# for tlp -tlp -tp-smapi-dkms -linux-headers-amd64 -# diff --git a/buster/apt-mark/user b/buster/apt-mark/user deleted file mode 100644 index ece05a4..0000000 --- a/buster/apt-mark/user +++ /dev/null @@ -1,77 +0,0 @@ -# to avoid booting problems with encrypted LVM, see <https://askubuntu.com/a/1105848> -cryptsetup-initramfs -lvm2 -# this provides setupcon which reads /etc/default/console-setup -console-setup -# without this, systemd-logind won't run, and so not detect lid close for hibernation -dbus -# for wifi -wicd-curses -wicd-gtk -# for X to start at all -xserver-xorg-video-intel -# X input: keyboard and touchpad -xserver-xorg-input-evdev -xserver-xorg-input-synaptics -# for startx -xinit -# for xrdb -x11-xserver-utils -# for startx to run for non-root user -libpam-systemd -# window environment -i3 -i3status -suckless-tools -xterm -# to get sleepy at night -redshift -# for alsamixer -alsa-utils -# for xterm and browser unicode display -ttf-unifont -# also useful -vim -sudo -less -man-db -manpages -procps -# firefox dependencies -libdbus-glib-1-2 -libgtk-3-0 -# firefox installation dependencies (remove later?) -curl -python3 -bzip2 -wget -jq -unzip -# to mount encrypted USB stick and use its contents -pmount -cryptsetup -openssh-client -# for syncing -borgbackup -# emacs -emacs25 -emacs-common-non-dfsg -emacs-el -elpa-ledger -ledger -elpa-elfeed -# mail setup -isync -notmuch -elpa-notmuch -pinentry-gtk2 -# to mount Android phone -go-mtpfs -# to use HP Deskjet F380 scanner from GIMP -sane-utils -libsane-hpaio -xsane -# to use HP Deskjet F380 printer -cups -hplip -# diff --git a/buster/apt-mark/w530 b/buster/apt-mark/w530 deleted file mode 100644 index e69de29..0000000 diff --git a/buster/apt-mark/web b/buster/apt-mark/web deleted file mode 100644 index 4912b8a..0000000 --- a/buster/apt-mark/web +++ /dev/null @@ -1,4 +0,0 @@ -nginx-light -# for SSL -certbot -python3-certbot-nginx diff --git a/buster/apt-mark/website b/buster/apt-mark/website deleted file mode 100644 index c046f50..0000000 --- a/buster/apt-mark/website +++ /dev/null @@ -1,8 +0,0 @@ -# for gitweb -gitweb -fcgiwrap -# for plomlombot -gnupg -dirmngr -python3-venv -screen diff --git a/buster/apt-mark/x200s b/buster/apt-mark/x200s deleted file mode 100644 index e69de29..0000000 diff --git a/buster/etc_files/all/etc/apt/apt.conf.d/99_minimize_dependencies b/buster/etc_files/all/etc/apt/apt.conf.d/99_minimize_dependencies deleted file mode 100644 index 4aaef79..0000000 --- a/buster/etc_files/all/etc/apt/apt.conf.d/99_minimize_dependencies +++ /dev/null @@ -1,4 +0,0 @@ -APT::AutoRemove::RecommendsImportant "false"; -APT::AutoRemove::SuggestsImportant "false"; -APT::Install-Recommends "false"; -APT::Install-Suggests "false"; diff --git a/buster/etc_files/all/etc/apt/sources.list b/buster/etc_files/all/etc/apt/sources.list deleted file mode 100644 index 349e8a6..0000000 --- a/buster/etc_files/all/etc/apt/sources.list +++ /dev/null @@ -1,4 +0,0 @@ -deb http://deb.debian.org/debian buster main contrib non-free -deb http://deb.debian.org/debian-security/ buster/updates main contrib non-free -deb http://deb.debian.org/debian buster-updates main contrib non-free -deb http://ftp.debian.org/debian buster-backports main contrib non-free diff --git a/buster/etc_files/all/etc/default/locale b/buster/etc_files/all/etc/default/locale deleted file mode 100644 index dd6eee3..0000000 --- a/buster/etc_files/all/etc/default/locale +++ /dev/null @@ -1 +0,0 @@ -LANG="en_US.UTF-8" diff --git a/buster/etc_files/all/etc/locale.gen b/buster/etc_files/all/etc/locale.gen deleted file mode 100644 index a28cfa4..0000000 --- a/buster/etc_files/all/etc/locale.gen +++ /dev/null @@ -1,483 +0,0 @@ -# This file lists locales that you wish to have built. You can find a list -# of valid supported locales at /usr/share/i18n/SUPPORTED, and you can add -# user defined locales to /usr/local/share/i18n/SUPPORTED. If you change -# this file, you need to rerun locale-gen. - - -# aa_DJ ISO-8859-1 -# aa_DJ.UTF-8 UTF-8 -# aa_ER UTF-8 -# aa_ER@saaho UTF-8 -# aa_ET UTF-8 -# af_ZA ISO-8859-1 -# af_ZA.UTF-8 UTF-8 -# ak_GH UTF-8 -# am_ET UTF-8 -# an_ES ISO-8859-15 -# an_ES.UTF-8 UTF-8 -# anp_IN UTF-8 -# ar_AE ISO-8859-6 -# ar_AE.UTF-8 UTF-8 -# ar_BH ISO-8859-6 -# ar_BH.UTF-8 UTF-8 -# ar_DZ ISO-8859-6 -# ar_DZ.UTF-8 UTF-8 -# ar_EG ISO-8859-6 -# ar_EG.UTF-8 UTF-8 -# ar_IN UTF-8 -# ar_IQ ISO-8859-6 -# ar_IQ.UTF-8 UTF-8 -# ar_JO ISO-8859-6 -# ar_JO.UTF-8 UTF-8 -# ar_KW ISO-8859-6 -# ar_KW.UTF-8 UTF-8 -# ar_LB ISO-8859-6 -# ar_LB.UTF-8 UTF-8 -# ar_LY ISO-8859-6 -# ar_LY.UTF-8 UTF-8 -# ar_MA ISO-8859-6 -# ar_MA.UTF-8 UTF-8 -# ar_OM ISO-8859-6 -# ar_OM.UTF-8 UTF-8 -# ar_QA ISO-8859-6 -# ar_QA.UTF-8 UTF-8 -# ar_SA ISO-8859-6 -# ar_SA.UTF-8 UTF-8 -# ar_SD ISO-8859-6 -# ar_SD.UTF-8 UTF-8 -# ar_SS UTF-8 -# ar_SY ISO-8859-6 -# ar_SY.UTF-8 UTF-8 -# ar_TN ISO-8859-6 -# ar_TN.UTF-8 UTF-8 -# ar_YE ISO-8859-6 -# ar_YE.UTF-8 UTF-8 -# as_IN UTF-8 -# ast_ES ISO-8859-15 -# ast_ES.UTF-8 UTF-8 -# ayc_PE UTF-8 -# az_AZ UTF-8 -# be_BY CP1251 -# be_BY.UTF-8 UTF-8 -# be_BY@latin UTF-8 -# bem_ZM UTF-8 -# ber_DZ UTF-8 -# ber_MA UTF-8 -# bg_BG CP1251 -# bg_BG.UTF-8 UTF-8 -# bhb_IN.UTF-8 UTF-8 -# bho_IN UTF-8 -# bn_BD UTF-8 -# bn_IN UTF-8 -# bo_CN UTF-8 -# bo_IN UTF-8 -# br_FR ISO-8859-1 -# br_FR.UTF-8 UTF-8 -# br_FR@euro ISO-8859-15 -# brx_IN UTF-8 -# bs_BA ISO-8859-2 -# bs_BA.UTF-8 UTF-8 -# byn_ER UTF-8 -# ca_AD ISO-8859-15 -# ca_AD.UTF-8 UTF-8 -# ca_ES ISO-8859-1 -# ca_ES.UTF-8 UTF-8 -# ca_ES.UTF-8@valencia UTF-8 -# ca_ES@euro ISO-8859-15 -# ca_ES@valencia ISO-8859-15 -# ca_FR ISO-8859-15 -# ca_FR.UTF-8 UTF-8 -# ca_IT ISO-8859-15 -# ca_IT.UTF-8 UTF-8 -# ce_RU UTF-8 -# chr_US UTF-8 -# cmn_TW UTF-8 -# crh_UA UTF-8 -# cs_CZ ISO-8859-2 -# cs_CZ.UTF-8 UTF-8 -# csb_PL UTF-8 -# cv_RU UTF-8 -# cy_GB ISO-8859-14 -# cy_GB.UTF-8 UTF-8 -# da_DK ISO-8859-1 -# da_DK.UTF-8 UTF-8 -# de_AT ISO-8859-1 -# de_AT.UTF-8 UTF-8 -# de_AT@euro ISO-8859-15 -# de_BE ISO-8859-1 -# de_BE.UTF-8 UTF-8 -# de_BE@euro ISO-8859-15 -# de_CH ISO-8859-1 -# de_CH.UTF-8 UTF-8 -# de_DE ISO-8859-1 -# de_DE.UTF-8 UTF-8 -# de_DE@euro ISO-8859-15 -# de_IT ISO-8859-1 -# de_IT.UTF-8 UTF-8 -# de_LI.UTF-8 UTF-8 -# de_LU ISO-8859-1 -# de_LU.UTF-8 UTF-8 -# de_LU@euro ISO-8859-15 -# doi_IN UTF-8 -# dv_MV UTF-8 -# dz_BT UTF-8 -# el_CY ISO-8859-7 -# el_CY.UTF-8 UTF-8 -# el_GR ISO-8859-7 -# el_GR.UTF-8 UTF-8 -# en_AG UTF-8 -# en_AU ISO-8859-1 -# en_AU.UTF-8 UTF-8 -# en_BW ISO-8859-1 -# en_BW.UTF-8 UTF-8 -# en_CA ISO-8859-1 -# en_CA.UTF-8 UTF-8 -# en_DK ISO-8859-1 -# en_DK.ISO-8859-15 ISO-8859-15 -# en_DK.UTF-8 UTF-8 -# en_GB ISO-8859-1 -# en_GB.ISO-8859-15 ISO-8859-15 -# en_GB.UTF-8 UTF-8 -# en_HK ISO-8859-1 -# en_HK.UTF-8 UTF-8 -# en_IE ISO-8859-1 -# en_IE.UTF-8 UTF-8 -# en_IE@euro ISO-8859-15 -# en_IL UTF-8 -# en_IN UTF-8 -# en_NG UTF-8 -# en_NZ ISO-8859-1 -# en_NZ.UTF-8 UTF-8 -# en_PH ISO-8859-1 -# en_PH.UTF-8 UTF-8 -# en_SG ISO-8859-1 -# en_SG.UTF-8 UTF-8 -# en_US ISO-8859-1 -# en_US.ISO-8859-15 ISO-8859-15 -en_US.UTF-8 UTF-8 -# en_ZA ISO-8859-1 -# en_ZA.UTF-8 UTF-8 -# en_ZM UTF-8 -# en_ZW ISO-8859-1 -# en_ZW.UTF-8 UTF-8 -# eo UTF-8 -# es_AR ISO-8859-1 -# es_AR.UTF-8 UTF-8 -# es_BO ISO-8859-1 -# es_BO.UTF-8 UTF-8 -# es_CL ISO-8859-1 -# es_CL.UTF-8 UTF-8 -# es_CO ISO-8859-1 -# es_CO.UTF-8 UTF-8 -# es_CR ISO-8859-1 -# es_CR.UTF-8 UTF-8 -# es_CU UTF-8 -# es_DO ISO-8859-1 -# es_DO.UTF-8 UTF-8 -# es_EC ISO-8859-1 -# es_EC.UTF-8 UTF-8 -# es_ES ISO-8859-1 -# es_ES.UTF-8 UTF-8 -# es_ES@euro ISO-8859-15 -# es_GT ISO-8859-1 -# es_GT.UTF-8 UTF-8 -# es_HN ISO-8859-1 -# es_HN.UTF-8 UTF-8 -# es_MX ISO-8859-1 -# es_MX.UTF-8 UTF-8 -# es_NI ISO-8859-1 -# es_NI.UTF-8 UTF-8 -# es_PA ISO-8859-1 -# es_PA.UTF-8 UTF-8 -# es_PE ISO-8859-1 -# es_PE.UTF-8 UTF-8 -# es_PR ISO-8859-1 -# es_PR.UTF-8 UTF-8 -# es_PY ISO-8859-1 -# es_PY.UTF-8 UTF-8 -# es_SV ISO-8859-1 -# es_SV.UTF-8 UTF-8 -# es_US ISO-8859-1 -# es_US.UTF-8 UTF-8 -# es_UY ISO-8859-1 -# es_UY.UTF-8 UTF-8 -# es_VE ISO-8859-1 -# es_VE.UTF-8 UTF-8 -# et_EE ISO-8859-1 -# et_EE.ISO-8859-15 ISO-8859-15 -# et_EE.UTF-8 UTF-8 -# eu_ES ISO-8859-1 -# eu_ES.UTF-8 UTF-8 -# eu_ES@euro ISO-8859-15 -# eu_FR ISO-8859-1 -# eu_FR.UTF-8 UTF-8 -# eu_FR@euro ISO-8859-15 -# fa_IR UTF-8 -# ff_SN UTF-8 -# fi_FI ISO-8859-1 -# fi_FI.UTF-8 UTF-8 -# fi_FI@euro ISO-8859-15 -# fil_PH UTF-8 -# fo_FO ISO-8859-1 -# fo_FO.UTF-8 UTF-8 -# fr_BE ISO-8859-1 -# fr_BE.UTF-8 UTF-8 -# fr_BE@euro ISO-8859-15 -# fr_CA ISO-8859-1 -# fr_CA.UTF-8 UTF-8 -# fr_CH ISO-8859-1 -# fr_CH.UTF-8 UTF-8 -# fr_FR ISO-8859-1 -# fr_FR.UTF-8 UTF-8 -# fr_FR@euro ISO-8859-15 -# fr_LU ISO-8859-1 -# fr_LU.UTF-8 UTF-8 -# fr_LU@euro ISO-8859-15 -# fur_IT UTF-8 -# fy_DE UTF-8 -# fy_NL UTF-8 -# ga_IE ISO-8859-1 -# ga_IE.UTF-8 UTF-8 -# ga_IE@euro ISO-8859-15 -# gd_GB ISO-8859-15 -# gd_GB.UTF-8 UTF-8 -# gez_ER UTF-8 -# gez_ER@abegede UTF-8 -# gez_ET UTF-8 -# gez_ET@abegede UTF-8 -# gl_ES ISO-8859-1 -# gl_ES.UTF-8 UTF-8 -# gl_ES@euro ISO-8859-15 -# gu_IN UTF-8 -# gv_GB ISO-8859-1 -# gv_GB.UTF-8 UTF-8 -# ha_NG UTF-8 -# hak_TW UTF-8 -# he_IL ISO-8859-8 -# he_IL.UTF-8 UTF-8 -# hi_IN UTF-8 -# hne_IN UTF-8 -# hr_HR ISO-8859-2 -# hr_HR.UTF-8 UTF-8 -# hsb_DE ISO-8859-2 -# hsb_DE.UTF-8 UTF-8 -# ht_HT UTF-8 -# hu_HU ISO-8859-2 -# hu_HU.UTF-8 UTF-8 -# hy_AM UTF-8 -# hy_AM.ARMSCII-8 ARMSCII-8 -# ia_FR UTF-8 -# id_ID ISO-8859-1 -# id_ID.UTF-8 UTF-8 -# ig_NG UTF-8 -# ik_CA UTF-8 -# is_IS ISO-8859-1 -# is_IS.UTF-8 UTF-8 -# it_CH ISO-8859-1 -# it_CH.UTF-8 UTF-8 -# it_IT ISO-8859-1 -# it_IT.UTF-8 UTF-8 -# it_IT@euro ISO-8859-15 -# iu_CA UTF-8 -# ja_JP.EUC-JP EUC-JP -# ja_JP.UTF-8 UTF-8 -# ka_GE GEORGIAN-PS -# ka_GE.UTF-8 UTF-8 -# kk_KZ PT154 -# kk_KZ.RK1048 RK1048 -# kk_KZ.UTF-8 UTF-8 -# kl_GL ISO-8859-1 -# kl_GL.UTF-8 UTF-8 -# km_KH UTF-8 -# kn_IN UTF-8 -# ko_KR.EUC-KR EUC-KR -# ko_KR.UTF-8 UTF-8 -# kok_IN UTF-8 -# ks_IN UTF-8 -# ks_IN@devanagari UTF-8 -# ku_TR ISO-8859-9 -# ku_TR.UTF-8 UTF-8 -# kw_GB ISO-8859-1 -# kw_GB.UTF-8 UTF-8 -# ky_KG UTF-8 -# lb_LU UTF-8 -# lg_UG ISO-8859-10 -# lg_UG.UTF-8 UTF-8 -# li_BE UTF-8 -# li_NL UTF-8 -# lij_IT UTF-8 -# ln_CD UTF-8 -# lo_LA UTF-8 -# lt_LT ISO-8859-13 -# lt_LT.UTF-8 UTF-8 -# lv_LV ISO-8859-13 -# lv_LV.UTF-8 UTF-8 -# lzh_TW UTF-8 -# mag_IN UTF-8 -# mai_IN UTF-8 -# mg_MG ISO-8859-15 -# mg_MG.UTF-8 UTF-8 -# mhr_RU UTF-8 -# mi_NZ ISO-8859-13 -# mi_NZ.UTF-8 UTF-8 -# mk_MK ISO-8859-5 -# mk_MK.UTF-8 UTF-8 -# ml_IN UTF-8 -# mn_MN UTF-8 -# mni_IN UTF-8 -# mr_IN UTF-8 -# ms_MY ISO-8859-1 -# ms_MY.UTF-8 UTF-8 -# mt_MT ISO-8859-3 -# mt_MT.UTF-8 UTF-8 -# my_MM UTF-8 -# nan_TW UTF-8 -# nan_TW@latin UTF-8 -# nb_NO ISO-8859-1 -# nb_NO.UTF-8 UTF-8 -# nds_DE UTF-8 -# nds_NL UTF-8 -# ne_NP UTF-8 -# nhn_MX UTF-8 -# niu_NU UTF-8 -# niu_NZ UTF-8 -# nl_AW UTF-8 -# nl_BE ISO-8859-1 -# nl_BE.UTF-8 UTF-8 -# nl_BE@euro ISO-8859-15 -# nl_NL ISO-8859-1 -# nl_NL.UTF-8 UTF-8 -# nl_NL@euro ISO-8859-15 -# nn_NO ISO-8859-1 -# nn_NO.UTF-8 UTF-8 -# nr_ZA UTF-8 -# nso_ZA UTF-8 -# oc_FR ISO-8859-1 -# oc_FR.UTF-8 UTF-8 -# om_ET UTF-8 -# om_KE ISO-8859-1 -# om_KE.UTF-8 UTF-8 -# or_IN UTF-8 -# os_RU UTF-8 -# pa_IN UTF-8 -# pa_PK UTF-8 -# pap_AW UTF-8 -# pap_CW UTF-8 -# pl_PL ISO-8859-2 -# pl_PL.UTF-8 UTF-8 -# ps_AF UTF-8 -# pt_BR ISO-8859-1 -# pt_BR.UTF-8 UTF-8 -# pt_PT ISO-8859-1 -# pt_PT.UTF-8 UTF-8 -# pt_PT@euro ISO-8859-15 -# quz_PE UTF-8 -# raj_IN UTF-8 -# ro_RO ISO-8859-2 -# ro_RO.UTF-8 UTF-8 -# ru_RU ISO-8859-5 -# ru_RU.CP1251 CP1251 -# ru_RU.KOI8-R KOI8-R -# ru_RU.UTF-8 UTF-8 -# ru_UA KOI8-U -# ru_UA.UTF-8 UTF-8 -# rw_RW UTF-8 -# sa_IN UTF-8 -# sat_IN UTF-8 -# sc_IT UTF-8 -# sd_IN UTF-8 -# sd_IN@devanagari UTF-8 -# se_NO UTF-8 -# sgs_LT UTF-8 -# shs_CA UTF-8 -# si_LK UTF-8 -# sid_ET UTF-8 -# sk_SK ISO-8859-2 -# sk_SK.UTF-8 UTF-8 -# sl_SI ISO-8859-2 -# sl_SI.UTF-8 UTF-8 -# so_DJ ISO-8859-1 -# so_DJ.UTF-8 UTF-8 -# so_ET UTF-8 -# so_KE ISO-8859-1 -# so_KE.UTF-8 UTF-8 -# so_SO ISO-8859-1 -# so_SO.UTF-8 UTF-8 -# sq_AL ISO-8859-1 -# sq_AL.UTF-8 UTF-8 -# sq_MK UTF-8 -# sr_ME UTF-8 -# sr_RS UTF-8 -# sr_RS@latin UTF-8 -# ss_ZA UTF-8 -# st_ZA ISO-8859-1 -# st_ZA.UTF-8 UTF-8 -# sv_FI ISO-8859-1 -# sv_FI.UTF-8 UTF-8 -# sv_FI@euro ISO-8859-15 -# sv_SE ISO-8859-1 -# sv_SE.ISO-8859-15 ISO-8859-15 -# sv_SE.UTF-8 UTF-8 -# sw_KE UTF-8 -# sw_TZ UTF-8 -# szl_PL UTF-8 -# ta_IN UTF-8 -# ta_LK UTF-8 -# tcy_IN.UTF-8 UTF-8 -# te_IN UTF-8 -# tg_TJ KOI8-T -# tg_TJ.UTF-8 UTF-8 -# th_TH TIS-620 -# th_TH.UTF-8 UTF-8 -# the_NP UTF-8 -# ti_ER UTF-8 -# ti_ET UTF-8 -# tig_ER UTF-8 -# tk_TM UTF-8 -# tl_PH ISO-8859-1 -# tl_PH.UTF-8 UTF-8 -# tn_ZA UTF-8 -# tr_CY ISO-8859-9 -# tr_CY.UTF-8 UTF-8 -# tr_TR ISO-8859-9 -# tr_TR.UTF-8 UTF-8 -# ts_ZA UTF-8 -# tt_RU UTF-8 -# tt_RU@iqtelif UTF-8 -# ug_CN UTF-8 -# uk_UA KOI8-U -# uk_UA.UTF-8 UTF-8 -# unm_US UTF-8 -# ur_IN UTF-8 -# ur_PK UTF-8 -# uz_UZ ISO-8859-1 -# uz_UZ.UTF-8 UTF-8 -# uz_UZ@cyrillic UTF-8 -# ve_ZA UTF-8 -# vi_VN UTF-8 -# wa_BE ISO-8859-1 -# wa_BE.UTF-8 UTF-8 -# wa_BE@euro ISO-8859-15 -# wae_CH UTF-8 -# wal_ET UTF-8 -# wo_SN UTF-8 -# xh_ZA ISO-8859-1 -# xh_ZA.UTF-8 UTF-8 -# yi_US CP1255 -# yi_US.UTF-8 UTF-8 -# yo_NG UTF-8 -# yue_HK UTF-8 -# zh_CN GB2312 -# zh_CN.GB18030 GB18030 -# zh_CN.GBK GBK -# zh_CN.UTF-8 UTF-8 -# zh_HK BIG5-HKSCS -# zh_HK.UTF-8 UTF-8 -# zh_SG GB2312 -# zh_SG.GBK GBK -# zh_SG.UTF-8 UTF-8 -# zh_TW BIG5 -# zh_TW.EUC-TW EUC-TW -# zh_TW.UTF-8 UTF-8 -# zu_ZA ISO-8859-1 -# zu_ZA.UTF-8 UTF-8 diff --git a/buster/etc_files/all/etc/timezone b/buster/etc_files/all/etc/timezone deleted file mode 100644 index 94d5acc..0000000 --- a/buster/etc_files/all/etc/timezone +++ /dev/null @@ -1 +0,0 @@ -Europe/Berlin diff --git a/buster/etc_files/dumpsite/etc/nginx/sites-available/dumpsite.nginx b/buster/etc_files/dumpsite/etc/nginx/sites-available/dumpsite.nginx deleted file mode 100644 index 25c2d62..0000000 --- a/buster/etc_files/dumpsite/etc/nginx/sites-available/dumpsite.nginx +++ /dev/null @@ -1,28 +0,0 @@ -server { - listen 443 ssl; - server_name REPLACE_fqdn_ECALPER; - ssl_certificate /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/privkey.pem; - root /var/www-dump/; - - location /dump/ { - autoindex on; - } - - location /geheim/ { - auth_basic "geheim geheim"; - auth_basic_user_file /var/www-dump/password_geheim; - autoindex on; - } - - location /zettel/ { - # rewrite non-suffixed filenames to .html ones - rewrite ^(/zettel/(.*/)*[^./]+)$ $1.html; - autoindex on; - } - - location /uwsgi/ { - include uwsgi_params; - uwsgi_pass 127.0.0.1:3031; - } -} diff --git a/buster/etc_files/dumpsite/etc/systemd/system/url_catcher.service b/buster/etc_files/dumpsite/etc/systemd/system/url_catcher.service deleted file mode 100644 index 45d079c..0000000 --- a/buster/etc_files/dumpsite/etc/systemd/system/url_catcher.service +++ /dev/null @@ -1,12 +0,0 @@ -[Unit] -Description=url_catcher screen - -[Service] -Type=forking -User=plom -# The LC_ALL fixes submission failing on some articles. -ExecStart=/bin/sh -c 'LC_ALL=en_US.UTF8 cd ~/url-catcher && screen -d -m ./run.sh' -Restart=always - -[Install] -WantedBy=multi-user.target diff --git a/buster/etc_files/eeepc/etc/systemd/logind.conf b/buster/etc_files/eeepc/etc/systemd/logind.conf deleted file mode 100644 index 6a61f0b..0000000 --- a/buster/etc_files/eeepc/etc/systemd/logind.conf +++ /dev/null @@ -1,8 +0,0 @@ -# This file is part of systemd. -# -# See logind.conf(5) for details. - -[Login] -# Note that with the standard Buster kernel this won't work due to -# <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919227>. -HandleLidSwitch=hibernate diff --git a/buster/etc_files/mail/etc/aliases b/buster/etc_files/mail/etc/aliases deleted file mode 100644 index 5c52e6f..0000000 --- a/buster/etc_files/mail/etc/aliases +++ /dev/null @@ -1,24 +0,0 @@ -# /etc/aliases -# maps whom what is sent to - -# As per RFC 2142. -mailer-daemon: plom -postmaster: plom -hostmaster: plom -usenet: plom -news: plom -webmaster: plom -www: plom -ftp: plom -abuse: plom -noc: plom -security: plom -root: plom - -# Personal aliases. -plomlompom: plom -christian.heller: plom -christian_heller: plom -christianheller: plom -c.heller: plom -heller: plom diff --git a/buster/etc_files/mail/etc/dovecot/conf.d/99-lmtp-sieve-filtering.conf b/buster/etc_files/mail/etc/dovecot/conf.d/99-lmtp-sieve-filtering.conf deleted file mode 100644 index eaf927b..0000000 --- a/buster/etc_files/mail/etc/dovecot/conf.d/99-lmtp-sieve-filtering.conf +++ /dev/null @@ -1,18 +0,0 @@ -# This is only necessary when we use dovecot's LMTP mechanism to receive -# mail from postfix. -auth_username_format = %Ln - -# Add sieve filtering. -protocol lmtp { - mail_plugins = $mail_plugins sieve -} - -# We don't strictly need to provide a LMTP server to fetch mail from -# postfix, but we do if we want to do sophisticated stuff like sieve -# filtering on the way. -service lmtp { - inet_listener lmtp { - address = 127.0.0.1 - port = 2424 - } -} diff --git a/buster/etc_files/mail/etc/dovecot/conf.d/99-smtp-sasl.conf b/buster/etc_files/mail/etc/dovecot/conf.d/99-smtp-sasl.conf deleted file mode 100644 index d076d63..0000000 --- a/buster/etc_files/mail/etc/dovecot/conf.d/99-smtp-sasl.conf +++ /dev/null @@ -1,10 +0,0 @@ -service auth { - unix_listener auth-userdb { - } - - unix_listener /var/spool/postfix/private/auth { - mode = 0660 - user = postfix - group = postfix - } -} diff --git a/buster/etc_files/mail/etc/mailutils.conf b/buster/etc_files/mail/etc/mailutils.conf deleted file mode 100644 index 44efe26..0000000 --- a/buster/etc_files/mail/etc/mailutils.conf +++ /dev/null @@ -1,4 +0,0 @@ -# mailutils by default uses the FQDN as the mail domain name, fix this -address { - email-domain REPLACE_maildomain_ECALPER; -}; diff --git a/buster/etc_files/mail/etc/nftables.conf b/buster/etc_files/mail/etc/nftables.conf deleted file mode 100755 index 747d214..0000000 --- a/buster/etc_files/mail/etc/nftables.conf +++ /dev/null @@ -1,24 +0,0 @@ -#!/usr/sbin/nft -f - -flush ruleset - -table inet filter { - chain input { - type filter hook input priority 0; policy drop; - iif lo accept comment "accept localhost traffic" - ct state invalid drop comment "drop invalid connections" - ct state established, related accept comment "accept traffic originated from us" - tcp dport 22 accept comment "accept SSH on default port" - tcp dport 25 accept comment "accept SMTP (allowing for STARTTLS); necessary for mail server to mail server banter, i.e. for receiving mails" - tcp dport 80 accept comment "accept HTTP; necessary for Certbot HTTP challenge" - tcp dport 465 accept comment "accept SMTPS; for mail user agent to mail server, i.e. for sending mails" - tcp dport 993 accept comment "accept IMAPS; for reading/downloading mails" - ip protocol icmp icmp type echo-request accept comment "accept ICMP for pinging" - } - chain forward { - type filter hook forward priority 0; policy drop; - } - chain output { - type filter hook output priority 0; policy accept; - } -} diff --git a/buster/etc_files/mail/etc/systemd/system/fetchmail_old_account.service b/buster/etc_files/mail/etc/systemd/system/fetchmail_old_account.service deleted file mode 100644 index dc8acb4..0000000 --- a/buster/etc_files/mail/etc/systemd/system/fetchmail_old_account.service +++ /dev/null @@ -1,8 +0,0 @@ -[Unit] -Description=Run plom's fetchmail - -[Service] -Type=oneshot -User=plom -# fetchmail returns 1 when no new mail, we want to catch that -ExecStart=/bin/sh -c 'fetchmail || [ $? -eq 1 ]' diff --git a/buster/etc_files/mail/etc/systemd/system/fetchmail_old_account.timer b/buster/etc_files/mail/etc/systemd/system/fetchmail_old_account.timer deleted file mode 100644 index 0568eeb..0000000 --- a/buster/etc_files/mail/etc/systemd/system/fetchmail_old_account.timer +++ /dev/null @@ -1,8 +0,0 @@ -[Unit] -Description=Run fetchmail once every minute - -[Timer] -OnCalendar=minutely - -[Install] -WantedBy=timers.target diff --git a/buster/etc_files/mail/etc/systemd/system/pingmail.service b/buster/etc_files/mail/etc/systemd/system/pingmail.service deleted file mode 100644 index e332114..0000000 --- a/buster/etc_files/mail/etc/systemd/system/pingmail.service +++ /dev/null @@ -1,7 +0,0 @@ -[Unit] -Description=Run pingmail check - -[Service] -Type=oneshot -User=plom -ExecStart=/bin/sh -c '~/pingmail/pingmail check' diff --git a/buster/etc_files/mail/etc/systemd/system/pingmail.timer b/buster/etc_files/mail/etc/systemd/system/pingmail.timer deleted file mode 100644 index dba0c9f..0000000 --- a/buster/etc_files/mail/etc/systemd/system/pingmail.timer +++ /dev/null @@ -1,8 +0,0 @@ -[Unit] -Description=Run pingmail check once every hour - -[Timer] -OnCalendar=*-*-* *:00:00 - -[Install] -WantedBy=timers.target diff --git a/buster/etc_files/old_server/etc/apt/sources.list b/buster/etc_files/old_server/etc/apt/sources.list deleted file mode 100644 index a1fbdb0..0000000 --- a/buster/etc_files/old_server/etc/apt/sources.list +++ /dev/null @@ -1,4 +0,0 @@ -deb http://deb.debian.org/debian stretch main contrib non-free -deb http://deb.debian.org/debian-security/ stretch/updates main contrib non-free -deb http://deb.debian.org/debian stretch-updates main contrib non-free -deb http://ftp.debian.org/debian stretch-backports main contrib non-free diff --git a/buster/etc_files/play/etc/systemd/system/encrypt_chatlogs.service b/buster/etc_files/play/etc/systemd/system/encrypt_chatlogs.service deleted file mode 100644 index bc81613..0000000 --- a/buster/etc_files/play/etc/systemd/system/encrypt_chatlogs.service +++ /dev/null @@ -1,6 +0,0 @@ -[Unit] -Description=Attempt encryption of old chat logs -[Service] -Type=oneshot -User=plom -ExecStart=/bin/sh -c '~/weechatlogs_encrypter.sh' diff --git a/buster/etc_files/play/etc/systemd/system/encrypt_chatlogs.timer b/buster/etc_files/play/etc/systemd/system/encrypt_chatlogs.timer deleted file mode 100644 index 79a6e1e..0000000 --- a/buster/etc_files/play/etc/systemd/system/encrypt_chatlogs.timer +++ /dev/null @@ -1,8 +0,0 @@ -[Unit] -Description=Attempt encryption of old chatlogs once every minute. - -[Timer] -OnCalendar=*-*-* *:*:00 - -[Install] -WantedBy=timers.target \ No newline at end of file diff --git a/buster/etc_files/pleroma/var/lib/pleroma/static/instance/panel.html b/buster/etc_files/pleroma/var/lib/pleroma/static/instance/panel.html deleted file mode 100644 index 8e2e67f..0000000 --- a/buster/etc_files/pleroma/var/lib/pleroma/static/instance/panel.html +++ /dev/null @@ -1,4 +0,0 @@ -<div style="margin: 1em;"> - <p>Privacy: Visitor IP addresses are anonymized in the logs.</p> - <p>Contact: See <a href="https://plomlompom.com/contact.html">plomlompom.com contact page</a>.</p> -</div> diff --git a/buster/etc_files/pleroma/var/lib/pleroma/static/robots.txt b/buster/etc_files/pleroma/var/lib/pleroma/static/robots.txt deleted file mode 100644 index eb05362..0000000 --- a/buster/etc_files/pleroma/var/lib/pleroma/static/robots.txt +++ /dev/null @@ -1,2 +0,0 @@ -User-agent: * -Disallow: diff --git a/buster/etc_files/pleroma/var/lib/pleroma/static/static/terms-of-service.html b/buster/etc_files/pleroma/var/lib/pleroma/static/static/terms-of-service.html deleted file mode 100644 index 7268bac..0000000 --- a/buster/etc_files/pleroma/var/lib/pleroma/static/static/terms-of-service.html +++ /dev/null @@ -1 +0,0 @@ -This is <a href="https://plomlompom.com">plomlompom</a>'s personal single-user Pleroma instance. diff --git a/buster/etc_files/server/etc/nftables.conf b/buster/etc_files/server/etc/nftables.conf deleted file mode 100755 index efbc182..0000000 --- a/buster/etc_files/server/etc/nftables.conf +++ /dev/null @@ -1,20 +0,0 @@ -#!/usr/sbin/nft -f - -flush ruleset - -table inet filter { - chain input { - type filter hook input priority 0; policy drop; - iif lo accept comment "accept localhost traffic" - ct state invalid drop comment "drop invalid connections" - ct state established, related accept comment "accept traffic originated from us" - tcp dport 22 accept comment "accept SSH on default port" - ip protocol icmp icmp type echo-request accept comment "accept ICMP for pinging" - } - chain forward { - type filter hook forward priority 0; policy drop; - } - chain output { - type filter hook output priority 0; policy accept; - } -} diff --git a/buster/etc_files/server/etc/ssh/sshd_config b/buster/etc_files/server/etc/ssh/sshd_config deleted file mode 100644 index 857962b..0000000 --- a/buster/etc_files/server/etc/ssh/sshd_config +++ /dev/null @@ -1,124 +0,0 @@ -# $OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $ - -# This is the sshd server system-wide configuration file. See -# sshd_config(5) for more information. - -# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin - -# The strategy used for options in the default sshd_config shipped with -# OpenSSH is to specify options with their default value where -# possible, but leave them commented. Uncommented options override the -# default value. - -Port 22 -#AddressFamily any -#ListenAddress 0.0.0.0 -#ListenAddress :: - -#HostKey /etc/ssh/ssh_host_rsa_key -#HostKey /etc/ssh/ssh_host_ecdsa_key -#HostKey /etc/ssh/ssh_host_ed25519_key - -# Ciphers and keying -#RekeyLimit default none - -# Logging -#SyslogFacility AUTH -#LogLevel INFO - -# Authentication: - -#LoginGraceTime 2m -PermitRootLogin no # plomlompom's security rule -#StrictModes yes -#MaxAuthTries 6 -#MaxSessions 10 - -#PubkeyAuthentication yes - -# Expect .ssh/authorized_keys2 to be disregarded by default in future. -#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2 - -#AuthorizedPrincipalsFile none - -#AuthorizedKeysCommand none -#AuthorizedKeysCommandUser nobody - -# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts -#HostbasedAuthentication no -# Change to yes if you don't trust ~/.ssh/known_hosts for -# HostbasedAuthentication -#IgnoreUserKnownHosts no -# Don't read the user's ~/.rhosts and ~/.shosts files -#IgnoreRhosts yes - -# To disable tunneled clear text passwords, change to no here! -#PasswordAuthentication yes -#PermitEmptyPasswords no - -# Change to yes to enable challenge-response passwords (beware issues with -# some PAM modules and threads) -ChallengeResponseAuthentication no - -# Kerberos options -#KerberosAuthentication no -#KerberosOrLocalPasswd yes -#KerberosTicketCleanup yes -#KerberosGetAFSToken no - -# GSSAPI options -#GSSAPIAuthentication no -#GSSAPICleanupCredentials yes -#GSSAPIStrictAcceptorCheck yes -#GSSAPIKeyExchange no - -# Set this to 'yes' to enable PAM authentication, account processing, -# and session processing. If this is enabled, PAM authentication will -# be allowed through the ChallengeResponseAuthentication and -# PasswordAuthentication. Depending on your PAM configuration, -# PAM authentication via ChallengeResponseAuthentication may bypass -# the setting of "PermitRootLogin yes -# If you just want the PAM account and session checks to run without -# PAM authentication, then enable this but set PasswordAuthentication -# and ChallengeResponseAuthentication to 'no'. -UsePAM yes - -#AllowAgentForwarding yes -#AllowTcpForwarding yes -#GatewayPorts no -X11Forwarding yes -#X11DisplayOffset 10 -#X11UseLocalhost yes -#PermitTTY yes -PrintMotd no -#PrintLastLog yes -#TCPKeepAlive yes -#PermitUserEnvironment no -#Compression delayed -#ClientAliveInterval 0 -#ClientAliveCountMax 3 -#UseDNS no -#PidFile /var/run/sshd.pid -#MaxStartups 10:30:100 -#PermitTunnel no -#ChrootDirectory none -#VersionAddendum none - -# no default banner path -#Banner none - -# Allow client to pass locale environment variables -AcceptEnv LANG LC_* - -# override default of no subsystems -Subsystem sftp /usr/lib/openssh/sftp-server - -# Example of overriding settings on a per-user basis -#Match User anoncvs -# X11Forwarding no -# AllowTcpForwarding no -# PermitTTY no -# ForceCommand cvs server - -ClientAliveInterval 120 -PasswordAuthentication no # plomlompom's security rule diff --git a/buster/etc_files/thinkpad/etc/default/tlp b/buster/etc_files/thinkpad/etc/default/tlp deleted file mode 100644 index b73846b..0000000 --- a/buster/etc_files/thinkpad/etc/default/tlp +++ /dev/null @@ -1,306 +0,0 @@ -# ------------------------------------------------------------------------------ -# tlp - Parameters for power saving -# See full explanation: http://linrunner.de/en/tlp/docs/tlp-configuration.html - -# Hint: some features are disabled by default, remove the leading # to enable -# them. - -# Set to 0 to disable, 1 to enable TLP. -TLP_ENABLE=1 - -# Operation mode when no power supply can be detected: AC, BAT. -# Concerns some desktop and embedded hardware only. -TLP_DEFAULT_MODE=AC - -# Operation mode select: 0=depend on power source, 1=always use TLP_DEFAULT_MODE -# Hint: use in conjunction with TLP_DEFAULT_MODE=BAT for BAT settings on AC. -TLP_PERSISTENT_DEFAULT=0 - -# Seconds laptop mode has to wait after the disk goes idle before doing a sync. -# Non-zero value enables, zero disables laptop mode. -DISK_IDLE_SECS_ON_AC=0 -DISK_IDLE_SECS_ON_BAT=2 - -# Dirty page values (timeouts in secs). -MAX_LOST_WORK_SECS_ON_AC=15 -MAX_LOST_WORK_SECS_ON_BAT=60 - -# Hint: CPU parameters below are disabled by default, remove the leading # -# to enable them, otherwise kernel default values are used. - -# Select a CPU frequency scaling governor. -# Intel Core i processor with intel_pstate driver: -# powersave(*), performance. -# Older hardware with acpi-cpufreq driver: -# ondemand(*), powersave, performance, conservative, schedutil. -# (*) is recommended. -# Hint: use tlp-stat -p to show the active driver and available governors. -# Important: -# powersave for intel_pstate and ondemand for acpi-cpufreq are power -# efficient for *almost all* workloads and therefore kernel and most -# distributions have chosen them as defaults. If you still want to change, -# you should know what you're doing! You *must* disable your distribution's -# governor settings or conflicts will occur. -#CPU_SCALING_GOVERNOR_ON_AC=powersave -#CPU_SCALING_GOVERNOR_ON_BAT=powersave - -# Set the min/max frequency available for the scaling governor. -# Possible values strongly depend on your CPU. For available frequencies see -# the output of tlp-stat -p. -#CPU_SCALING_MIN_FREQ_ON_AC=0 -#CPU_SCALING_MAX_FREQ_ON_AC=0 -#CPU_SCALING_MIN_FREQ_ON_BAT=0 -#CPU_SCALING_MAX_FREQ_ON_BAT=0 - -# Set energy performance hints (HWP) for Intel P-state governor: -# performance, balance_performance, default, balance_power, power -# Values are given in order of increasing power saving. -# Note: Intel Skylake or newer CPU and Kernel >= 4.10 required. -CPU_HWP_ON_AC=balance_performance -CPU_HWP_ON_BAT=balance_power - -# Set Intel P-state performance: 0..100 (%). -# Limit the max/min P-state to control the power dissipation of the CPU. -# Values are stated as a percentage of the available performance. -# Requires an Intel Core i processor with intel_pstate driver. -#CPU_MIN_PERF_ON_AC=0 -#CPU_MAX_PERF_ON_AC=100 -#CPU_MIN_PERF_ON_BAT=0 -#CPU_MAX_PERF_ON_BAT=30 - -# Set the CPU "turbo boost" feature: 0=disable, 1=allow -# Requires an Intel Core i processor. -# Important: -# - This may conflict with your distribution's governor settings -# - A value of 1 does *not* activate boosting, it just allows it -#CPU_BOOST_ON_AC=1 -#CPU_BOOST_ON_BAT=0 - -# Minimize number of used CPU cores/hyper-threads under light load conditions: -# 0=disable, 1=enable. -SCHED_POWERSAVE_ON_AC=0 -SCHED_POWERSAVE_ON_BAT=1 - -# Kernel NMI Watchdog: -# 0=disable (default, saves power), 1=enable (for kernel debugging only). -NMI_WATCHDOG=0 - -# Change CPU voltages aka "undervolting" - Kernel with PHC patch required. -# Frequency voltage pairs are written to: -# /sys/devices/system/cpu/cpu0/cpufreq/phc_controls -# CAUTION: only use this, if you thoroughly understand what you are doing! -#PHC_CONTROLS="F:V F:V F:V F:V" - -# Set CPU performance versus energy savings policy: -# performance, balance-performance, default, balance-power, power. -# Values are given in order of increasing power saving. -# Requires kernel module msr and x86_energy_perf_policy from linux-tools. -ENERGY_PERF_POLICY_ON_AC=performance -ENERGY_PERF_POLICY_ON_BAT=power - -# Disk devices; separate multiple devices with spaces (default: sda). -# Devices can be specified by disk ID also (lookup with: tlp diskid). -DISK_DEVICES="sda sdb" - -# Disk advanced power management level: 1..254, 255 (max saving, min, off). -# Levels 1..127 may spin down the disk; 255 allowable on most drives. -# Separate values for multiple disks with spaces. Use the special value 'keep' -# to keep the hardware default for the particular disk. -DISK_APM_LEVEL_ON_AC="254 254" -DISK_APM_LEVEL_ON_BAT="128 128" - -# Hard disk spin down timeout: -# 0: spin down disabled -# 1..240: timeouts from 5s to 20min (in units of 5s) -# 241..251: timeouts from 30min to 5.5 hours (in units of 30min) -# See 'man hdparm' for details. -# Separate values for multiple disks with spaces. Use the special value 'keep' -# to keep the hardware default for the particular disk. -#DISK_SPINDOWN_TIMEOUT_ON_AC="0 0" -#DISK_SPINDOWN_TIMEOUT_ON_BAT="0 0" - -# Select IO scheduler for the disk devices: cfq, deadline, noop (Default: cfq). -# Separate values for multiple disks with spaces. Use the special value 'keep' -# to keep the kernel default scheduler for the particular disk. -#DISK_IOSCHED="cfq cfq" - -# AHCI link power management (ALPM) for disk devices: -# min_power, med_power_with_dipm(*), medium_power, max_performance. -# (*) Kernel >= 4.15 required, then recommended. -# Multiple values separated with spaces are tried sequentially until success. -SATA_LINKPWR_ON_AC="med_power_with_dipm max_performance" -SATA_LINKPWR_ON_BAT="med_power_with_dipm min_power" - -# Exclude host devices from AHCI link power management. -# Separate multiple hosts with spaces. -#SATA_LINKPWR_BLACKLIST="host1" - -# Runtime Power Management for AHCI host and disks devices: -# on=disable, auto=enable. -# EXPERIMENTAL ** WARNING: auto will most likely cause system lockups/data loss. -#AHCI_RUNTIME_PM_ON_AC=on -#AHCI_RUNTIME_PM_ON_BAT=on - -# Seconds of inactivity before disk is suspended. -AHCI_RUNTIME_PM_TIMEOUT=15 - -# PCI Express Active State Power Management (PCIe ASPM): -# default, performance, powersave. -PCIE_ASPM_ON_AC=performance -PCIE_ASPM_ON_BAT=powersave - -# Radeon graphics clock speed (profile method): low, mid, high, auto, default; -# auto = mid on BAT, high on AC; default = use hardware defaults. -RADEON_POWER_PROFILE_ON_AC=high -RADEON_POWER_PROFILE_ON_BAT=low - -# Radeon dynamic power management method (DPM): battery, performance. -RADEON_DPM_STATE_ON_AC=performance -RADEON_DPM_STATE_ON_BAT=battery - -# Radeon DPM performance level: auto, low, high; auto is recommended. -RADEON_DPM_PERF_LEVEL_ON_AC=auto -RADEON_DPM_PERF_LEVEL_ON_BAT=auto - -# WiFi power saving mode: on=enable, off=disable; not supported by all adapters. -WIFI_PWR_ON_AC=off -WIFI_PWR_ON_BAT=on - -# Disable wake on LAN: Y/N. -WOL_DISABLE=Y - -# Enable audio power saving for Intel HDA, AC97 devices (timeout in secs). -# A value of 0 disables, >=1 enables power saving (recommended: 1). -SOUND_POWER_SAVE_ON_AC=0 -SOUND_POWER_SAVE_ON_BAT=1 - -# Disable controller too (HDA only): Y/N. -SOUND_POWER_SAVE_CONTROLLER=Y - -# Power off optical drive in UltraBay/MediaBay: 0=disable, 1=enable. -# Drive can be powered on again by releasing (and reinserting) the eject lever -# or by pressing the disc eject button on newer models. -# Note: an UltraBay/MediaBay hard disk is never powered off. -BAY_POWEROFF_ON_AC=0 -BAY_POWEROFF_ON_BAT=0 -# Optical drive device to power off (default sr0). -BAY_DEVICE="sr0" - -# Runtime Power Management for PCI(e) bus devices: on=disable, auto=enable. -RUNTIME_PM_ON_AC=on -RUNTIME_PM_ON_BAT=auto - -# Exclude PCI(e) device adresses the following list from Runtime PM -# (separate with spaces). Use lspci to get the adresses (1st column). -#RUNTIME_PM_BLACKLIST="bb:dd.f 11:22.3 44:55.6" - -# Exclude PCI(e) devices assigned to the listed drivers from Runtime PM. -# Default when unconfigured is "amdgpu nouveau nvidia radeon" which -# prevents accidential power-on of dGPU in hybrid graphics setups. -# Use "" to disable the feature completely. -# Separate multiple drivers with spaces. -#RUNTIME_PM_DRIVER_BLACKLIST="amdgpu nouveau nvidia radeon" - -# Set to 0 to disable, 1 to enable USB autosuspend feature. -USB_AUTOSUSPEND=1 - -# Exclude listed devices from USB autosuspend (separate with spaces). -# Use lsusb to get the ids. -# Note: input devices (usbhid) are excluded automatically -#USB_BLACKLIST="1111:2222 3333:4444" - -# Bluetooth devices are excluded from USB autosuspend: -# 0=do not exclude, 1=exclude. -USB_BLACKLIST_BTUSB=0 - -# Phone devices are excluded from USB autosuspend: -# 0=do not exclude, 1=exclude (enable charging). -USB_BLACKLIST_PHONE=0 - -# Printers are excluded from USB autosuspend: -# 0=do not exclude, 1=exclude. -USB_BLACKLIST_PRINTER=1 - -# WWAN devices are excluded from USB autosuspend: -# 0=do not exclude, 1=exclude. -USB_BLACKLIST_WWAN=1 - -# Include listed devices into USB autosuspend even if already excluded -# by the blacklists above (separate with spaces). -# Use lsusb to get the ids. -#USB_WHITELIST="1111:2222 3333:4444" - -# Set to 1 to disable autosuspend before shutdown, 0 to do nothing -# (workaround for USB devices that cause shutdown problems). -#USB_AUTOSUSPEND_DISABLE_ON_SHUTDOWN=1 - -# Restore radio device state (Bluetooth, WiFi, WWAN) from previous shutdown -# on system startup: 0=disable, 1=enable. -# Hint: the parameters DEVICES_TO_DISABLE/ENABLE_ON_STARTUP/SHUTDOWN below -# are ignored when this is enabled! -RESTORE_DEVICE_STATE_ON_STARTUP=0 - -# Radio devices to disable on startup: bluetooth, wifi, wwan. -# Separate multiple devices with spaces. -#DEVICES_TO_DISABLE_ON_STARTUP="bluetooth wifi wwan" - -# Radio devices to enable on startup: bluetooth, wifi, wwan. -# Separate multiple devices with spaces. -#DEVICES_TO_ENABLE_ON_STARTUP="wifi" - -# Radio devices to disable on shutdown: bluetooth, wifi, wwan. -# (workaround for devices that are blocking shutdown). -#DEVICES_TO_DISABLE_ON_SHUTDOWN="bluetooth wifi wwan" - -# Radio devices to enable on shutdown: bluetooth, wifi, wwan. -# (to prevent other operating systems from missing radios). -#DEVICES_TO_ENABLE_ON_SHUTDOWN="wwan" - -# Radio devices to enable on AC: bluetooth, wifi, wwan. -#DEVICES_TO_ENABLE_ON_AC="bluetooth wifi wwan" - -# Radio devices to disable on battery: bluetooth, wifi, wwan. -#DEVICES_TO_DISABLE_ON_BAT="bluetooth wifi wwan" - -# Radio devices to disable on battery when not in use (not connected): -# bluetooth, wifi, wwan. -#DEVICES_TO_DISABLE_ON_BAT_NOT_IN_USE="bluetooth wifi wwan" - -# Battery charge thresholds (ThinkPad only, tp-smapi or acpi-call kernel module -# required). Charging starts when the remaining capacity falls below the -# START_CHARGE_THRESH value and stops when exceeding the STOP_CHARGE_THRESH value. -# Main / Internal battery (values in %) -START_CHARGE_THRESH_BAT0=75 -STOP_CHARGE_THRESH_BAT0=80 -# Ultrabay / Slice / Replaceable battery (values in %) -#START_CHARGE_THRESH_BAT1=75 -#STOP_CHARGE_THRESH_BAT1=80 - -# Restore charge thresholds when AC is unplugged: 0=disable, 1=enable. -#RESTORE_THRESHOLDS_ON_BAT=1 - -# ------------------------------------------------------------------------------ -# tlp-rdw - Parameters for the radio device wizard -# Possible devices: bluetooth, wifi, wwan. - -# Hints: -# - Parameters are disabled by default, remove the leading # to enable them -# - Separate multiple radio devices with spaces - -# Radio devices to disable on connect. -#DEVICES_TO_DISABLE_ON_LAN_CONNECT="wifi wwan" -#DEVICES_TO_DISABLE_ON_WIFI_CONNECT="wwan" -#DEVICES_TO_DISABLE_ON_WWAN_CONNECT="wifi" - -# Radio devices to enable on disconnect. -#DEVICES_TO_ENABLE_ON_LAN_DISCONNECT="wifi wwan" -#DEVICES_TO_ENABLE_ON_WIFI_DISCONNECT="" -#DEVICES_TO_ENABLE_ON_WWAN_DISCONNECT="" - -# Radio devices to enable/disable when docked. -#DEVICES_TO_ENABLE_ON_DOCK="" -#DEVICES_TO_DISABLE_ON_DOCK="" - -# Radio devices to enable/disable when undocked. -#DEVICES_TO_ENABLE_ON_UNDOCK="wifi" -#DEVICES_TO_DISABLE_ON_UNDOCK="" diff --git a/buster/etc_files/thinkpad/etc/systemd/logind.conf b/buster/etc_files/thinkpad/etc/systemd/logind.conf deleted file mode 100644 index 1098229..0000000 --- a/buster/etc_files/thinkpad/etc/systemd/logind.conf +++ /dev/null @@ -1,6 +0,0 @@ -# This file is part of systemd. -# -# See logind.conf(5) for details. - -[Login] -HandleLidSwitch=hibernate diff --git a/buster/etc_files/user/etc/cups/printers.conf b/buster/etc_files/user/etc/cups/printers.conf deleted file mode 100644 index 3475600..0000000 --- a/buster/etc_files/user/etc/cups/printers.conf +++ /dev/null @@ -1,20 +0,0 @@ -# Printer configuration file for CUPS v2.2.10 -# Written by cupsd -# DO NOT EDIT THIS FILE WHEN CUPSD IS RUNNING -<Printer HP_Deskjet_F300_series> -UUID urn:uuid:e856a26d-66f8-327a-4dca-0d8a09f87a25 -Info HP Deskjet F300 series -Location -MakeModel HP Deskjet f300 Series, hpcups 3.18.12 -DeviceURI hp:/usb/Deskjet_F300_series?serial=CN63VB21TM04KH -State Idle -Type 36892 -Accepting Yes -Shared No -JobSheets none none -QuotaPeriod 0 -PageLimit 0 -KLimit 0 -OpPolicy default -ErrorPolicy retry-job -</Printer> diff --git a/buster/etc_files/user/etc/default/console-setup b/buster/etc_files/user/etc/default/console-setup deleted file mode 100644 index 090d241..0000000 --- a/buster/etc_files/user/etc/default/console-setup +++ /dev/null @@ -1,4 +0,0 @@ -CHARMAP="UTF-8" -CODESET="Lat15" -FONTFACE="Terminus" -FONTSIZE="6x12" diff --git a/buster/etc_files/user/opt/firefox/blank.html b/buster/etc_files/user/opt/firefox/blank.html deleted file mode 100644 index 79e707e..0000000 --- a/buster/etc_files/user/opt/firefox/blank.html +++ /dev/null @@ -1 +0,0 @@ -not quite blank diff --git a/buster/etc_files/user/opt/firefox/defaults/pref/autoconfig.js b/buster/etc_files/user/opt/firefox/defaults/pref/autoconfig.js deleted file mode 100644 index cf8ea80..0000000 --- a/buster/etc_files/user/opt/firefox/defaults/pref/autoconfig.js +++ /dev/null @@ -1,4 +0,0 @@ -// We set up AutoConfig according to <https://support.mozilla.org/en-US/kb/customizing-firefox-using-autoconfig>, see firefox.cfg comments on why we need it -pref("general.config.filename", "firefox.cfg"); -pref("general.config.obscure_value", 0); - diff --git a/buster/etc_files/user/opt/firefox/firefox.cfg b/buster/etc_files/user/opt/firefox/firefox.cfg deleted file mode 100644 index b321153..0000000 --- a/buster/etc_files/user/opt/firefox/firefox.cfg +++ /dev/null @@ -1,18 +0,0 @@ -// do not put any code into this first line, as it gets ignored by Firefox - -// we zero extensions.autoDisableScopes so our pre-installed extensions activate by default -pref("extensions.autoDisableScopes", 0); - -// we turn off annoying setup popups and pages; these settings are the result more of trial and error than thorough understanding by me, so more research might be warranted to discipline them -pref("startup.homepage_welcome_url", "file:///opt/firefox/blank.html"); -pref("browser.startup.homepage", "file:///opt/firefox/blank.html"); -pref("browser.startup.blankWindow", true); -pref("datareporting.policy.firstRunURL", ""); -pref("browser.shell.checkDefaultBrowser", false); -pref("datareporting.policy.dataSubmissionPolicyBypassNotification", true); - -// use socks proxy by default -pref("network.proxy.type", 1); -pref("network.proxy.socks", "localhost"); -pref("network.proxy.socks_port", 9999); -pref("network.proxy.remote_dns", true); diff --git a/buster/etc_files/user/usr/share/applications/firefox.desktop b/buster/etc_files/user/usr/share/applications/firefox.desktop deleted file mode 100644 index cb8d354..0000000 --- a/buster/etc_files/user/usr/share/applications/firefox.desktop +++ /dev/null @@ -1,3 +0,0 @@ -[Desktop Entry] -Name=Firefox -Exec=/usr/local/bin/firefox %u diff --git a/buster/etc_files/web/etc/nftables.conf b/buster/etc_files/web/etc/nftables.conf deleted file mode 100755 index ec6732a..0000000 --- a/buster/etc_files/web/etc/nftables.conf +++ /dev/null @@ -1,22 +0,0 @@ -#!/usr/sbin/nft -f - -flush ruleset - -table inet filter { - chain input { - type filter hook input priority 0; policy drop; - iif lo accept comment "accept localhost traffic" - ct state invalid drop comment "drop invalid connections" - ct state established, related accept comment "accept traffic originated from us" - tcp dport 22 accept comment "accept SSH on default port" - tcp dport 80 accept comment "accept HTTP on default port" - tcp dport 443 accept comment "accept HTTPS on default port" - ip protocol icmp icmp type echo-request accept comment "accept ICMP for pinging" - } - chain forward { - type filter hook forward priority 0; policy drop; - } - chain output { - type filter hook output priority 0; policy accept; - } -} diff --git a/buster/etc_files/web/etc/nginx/nginx.conf b/buster/etc_files/web/etc/nginx/nginx.conf deleted file mode 100644 index 8320425..0000000 --- a/buster/etc_files/web/etc/nginx/nginx.conf +++ /dev/null @@ -1,38 +0,0 @@ -# system integration -user www-data; -worker_processes auto; -pid /run/nginx.pid; -include /etc/nginx/modules-enabled/*.conf; - -# is expected even if empty -events { -} - -http { - # define content-type headers - include /etc/nginx/mime.types; - charset utf-8; - - # Some standard optimizations, i.e. Debian default. Explained in - # <https://thoughts.t37.net/nginx-optimization-understanding-sendfile-tcp-nodelay-and-tcp-nopush-c55cdd276765> - # Not that I understand it all ⦠- sendfile on; - tcp_nopush on; - tcp_nodelay on; - - # logging deactivated due to GDPR - #access_log /var/log/nginx/access.log; - #error_log /var/log/nginx/error.log; - access_log off; - error_log off; - - # virtual hosts: sites-enabled is the Debian way, conf.d the NGINX default - include /etc/nginx/conf.d/*.conf; - include /etc/nginx/sites-enabled/*; - - # Redirect all HTTP requests to HTTPS. - server { - listen 80; - return 301 https://$host$request_uri; - } -} diff --git a/buster/etc_files/website/etc/gitweb.conf b/buster/etc_files/website/etc/gitweb.conf deleted file mode 100644 index 88dea47..0000000 --- a/buster/etc_files/website/etc/gitweb.conf +++ /dev/null @@ -1,22 +0,0 @@ -# path to git projects (<project>.git) -$projectroot = "/var/repos"; - -# don't show repos without git-daemon-export-ok file -$export_ok = "git-daemon-export-ok"; - -# directory to use for temp files -# explicitely set by Debian so it's probably a good choice -$git_temp = "/tmp"; - -# git-diff-tree(1) options to use for generated patches -# we don't want to to guess renames, so empty -@diff_opts = (); - -# Base path for where to find the repos for cloning. -@git_base_url_list = ('https://REPLACE_fqdn_ECALPER/repos/clone'); - -# allow snapshots -$feature{'snapshot'}{'default'} = ['zip', 'tgz']; - -# insert header for GDPR compliance -$site_header = "/var/www/header.html" diff --git a/buster/etc_files/website/etc/nginx/sites-available/website.nginx b/buster/etc_files/website/etc/nginx/sites-available/website.nginx deleted file mode 100644 index cbad304..0000000 --- a/buster/etc_files/website/etc/nginx/sites-available/website.nginx +++ /dev/null @@ -1,40 +0,0 @@ -server { - listen 443 ssl; - server_name REPLACE_fqdn_ECALPER; - ssl_certificate /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/privkey.pem; - root /var/www/html/; - index index.html index.htm index.nginx-debian.html; - - # serve /var/repos/* for HTTPS git cloning - location ~ /repos/clone(/.*) { - include fastcgi_params; - fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend; - # Commented out so only repos are served that contain a - # git-daemon-export-ok file. - # fastcgi_param GIT_HTTP_EXPORT_ALL ""; - fastcgi_param GIT_PROJECT_ROOT /var/repos; - fastcgi_param PATH_INFO $1; - fastcgi_pass unix:/var/run/fcgiwrap.socket; - } - - # gitweb static files - location /repos/static/ { - alias /usr/share/gitweb/static/; - } - - # gitweb; this needs packages fcgiwrap and gitweb - location /repos/ { - include fastcgi_params; - fastcgi_param SCRIPT_FILENAME /usr/share/gitweb/gitweb.cgi; - fastcgi_param GITWEB_CONFIG /etc/gitweb.conf; - fastcgi_pass unix:/var/run/fcgiwrap.socket; - } - - # login-protected IRC logs - location ~ ^/irclogs/([^/]+)/ { - auth_basic "$1 logs"; - auth_basic_user_file /var/www/irclogs_pw/$1; - autoindex on; - } -} diff --git a/buster/etc_files/website/etc/systemd/system/plomlombot.service b/buster/etc_files/website/etc/systemd/system/plomlombot.service deleted file mode 100644 index a4f6769..0000000 --- a/buster/etc_files/website/etc/systemd/system/plomlombot.service +++ /dev/null @@ -1,11 +0,0 @@ -[Unit] -Description=plomlombot screen - -[Service] -Type=simple -User=plom -ExecStart=/bin/sh -c '~/plomlombot_daemon.sh' -Restart=always - -[Install] -WantedBy=multi-user.target diff --git a/buster/etc_files/x200s/etc/wicd/manager-settings.conf b/buster/etc_files/x200s/etc/wicd/manager-settings.conf deleted file mode 100644 index de12c6c..0000000 --- a/buster/etc_files/x200s/etc/wicd/manager-settings.conf +++ /dev/null @@ -1,24 +0,0 @@ -[Settings] -backend = external -wireless_interface = wls1 -wired_interface = enp0s25 -wpa_driver = wext -always_show_wired_interface = False -use_global_dns = False -global_dns_1 = None -global_dns_2 = None -global_dns_3 = None -global_dns_dom = None -global_search_dom = None -auto_reconnect = True -debug_mode = 0 -wired_connect_mode = 1 -signal_display_type = 0 -should_verify_ap = 1 -dhcp_client = 0 -link_detect_tool = 0 -flush_tool = 0 -sudo_app = 0 -prefer_wired = False -show_never_connect = True - diff --git a/buster/etc_files/x220/etc/wicd/manager-settings.conf b/buster/etc_files/x220/etc/wicd/manager-settings.conf deleted file mode 100644 index 985df76..0000000 --- a/buster/etc_files/x220/etc/wicd/manager-settings.conf +++ /dev/null @@ -1,24 +0,0 @@ -[Settings] -backend = external -wireless_interface = wlp3s0 -wired_interface = enp0s25 -wpa_driver = wext -always_show_wired_interface = False -use_global_dns = False -global_dns_1 = None -global_dns_2 = None -global_dns_3 = None -global_dns_dom = None -global_search_dom = None -auto_reconnect = True -debug_mode = 0 -wired_connect_mode = 1 -signal_display_type = 0 -should_verify_ap = 1 -dhcp_client = 0 -link_detect_tool = 0 -flush_tool = 0 -sudo_app = 0 -prefer_wired = False -show_never_connect = True - diff --git a/buster/home_files/eeepc/.config/i3status/config b/buster/home_files/eeepc/.config/i3status/config deleted file mode 100644 index 207bef4..0000000 --- a/buster/home_files/eeepc/.config/i3status/config +++ /dev/null @@ -1,82 +0,0 @@ -# plomlompom's i3 status bar configuration - -# Activate colors; set update interval of one second. -general { - colors = true - interval = 1 -} - -# Selection / order of status elements. -order += "disk /" -order += "disk /home/" -order += "wireless wlp2s0" -order += "ethernet enp1s0" -order += "battery 0" -order += "cpu_usage" -order += "load" -order += "cpu_temperature 0" -order += "time" -order += "volume master" - -# How much space is left in / ? -disk "/" { - format = "/: %avail of %total" - separator_block_width = 25 -} - -# How much space is left in /home/ ? -disk "/home/" { - format = "/home: %avail of %total" - separator_block_width = 25 -} - -# WLAN status: show IP and connection quality or "down". -wireless wlp2s0 { - format_up = "w: (%quality at %essid) %ip" - format_down = "w: down" - separator_block_width = 10 -} - -# Ethernet status: show IP or "down". -ethernet enp1s0 { - format_up = "e: %ip" - format_down = "e: down" - separator_block_width = 25 -} - -# Battery status: show FULL/CHARGING/BATTERY, storage, time left. -battery 0 { - format = "b: %status %percentage %remaining" - separator_block_width = 25 -} - -# Show CPU usage. -cpu_usage { - format = "cpu: %usage" - separator_block_width = 10 -} - -# Show system load during last 1/5/15 minutes. -load { - format = "%1min %5min %15min" - separator_block_width = 25 -} - -# Show CPU temperature in degrees of celsius. -cpu_temperature 0 { - format = "%degrees °C" - separator_block_width = 25 -} - -# Show date/time/timezone as "year-month-day hour:minute:second -# timezone_numeric/timezone_alphabetic". -time { - format = "%Y-%m-%d %H:%M:%S %z/%Z" - separator_block_width = 25 -} - -volume master { - format = "âª: %volume" - format_muted = "âª: muted (%volume)" - separator_block_width = 25 -} diff --git a/buster/home_files/minimal/.bashrc b/buster/home_files/minimal/.bashrc deleted file mode 100644 index 5ee9ad8..0000000 --- a/buster/home_files/minimal/.bashrc +++ /dev/null @@ -1,26 +0,0 @@ -# Settings for interactive shells. - -# Fancy colors for ls. -alias ls="ls --color=auto" - -# Use vim as default editor for anything. -export VISUAL=vim -export EDITOR=$VISUAL - -# Colored prompt with username, hostname, date/time, directory. -colornumber=7 # Default to white if no color set via colornumber dotfile. -colornumber_file=~/.shell_prompt_color -if [ -f $colornumber_file ]; then - colornumber=`cat $colornumber_file` -fi -tput_color="$(tput setaf $colornumber)$(tput bold)" -tput_reset="$(tput sgr0)" -# Bash confuses the line length when not told to not count escape sequences. -if [ ! "$BASH" = "" ]; then - tput_color="\[$tput_color\]" - tput_reset="\[$tput_reset\]" -fi -PS1="${tput_color}["\$\(date\ +%Y-%m-%d/%H:%M:%S/%Z\)" $(whoami)@$(hostname):"\$\(pwd\)"]$ $tput_reset" -PS2="${tput_color}> $tput_reset" -PS3="${tput_color}select: $tput_reset" -PS4="${tput_color}+ $tput_reset" diff --git a/buster/home_files/root/.shell_prompt_color b/buster/home_files/root/.shell_prompt_color deleted file mode 100644 index d00491f..0000000 --- a/buster/home_files/root/.shell_prompt_color +++ /dev/null @@ -1 +0,0 @@ -1 diff --git a/buster/home_files/user/.Xresources b/buster/home_files/user/.Xresources deleted file mode 100644 index 45b10af..0000000 --- a/buster/home_files/user/.Xresources +++ /dev/null @@ -1,56 +0,0 @@ -! otherwise various applications will assume merely 8 colors -XTerm.termName: xterm-256color - -! font -! actually, "mono" is already the default for faceName (it will -! pick whatever fc-match mono delivers), but we need to set _some_ -! faceName to trigger XTerm activating TrueType fonts -! (XTerm*fontRender by itself won't do the trick), and we want -! TrueType fonts because, well, they scale better, and XTerm lets them -! fall back on alternatives (hi there ttf-unifont) when a Unicode -! glyph is not found -XTerm*faceName: mono - -! white on black -XTerm*reverseVideo: on - -! blink screen instead of sound -XTerm*visualBell: on - -! proper ALT as META key treatment -XTerm*eightBitInput: false - -! font sizes -XTerm*faceSize: 8 -XTerm*faceSize1: 4 -XTerm*faceSize2: 5 -XTerm*faceSize3: 6 -XTerm*faceSize4: 8 -XTerm*faceSize5: 14 -XTerm*faceSize6: 25 - -! colors -! black -XTerm*color0: #202020 -XTerm*color8: #3F3F3F -! red -XTerm*color1: #A82020 -XTerm*color9: #E82020 -! green -XTerm*color2: #20A820 -XTerm*color10: #20E820 -! yellow -XTerm*color3: #A8A820 -XTerm*color11: #E8E820 -! blue -XTerm*color4: #3F3FFF -XTerm*color12: #9F9FFF -! magenta -XTerm*color5: #A83FFF -XTerm*color13: #E89FFF -! cyan -XTerm*color6: #3FA8FF -XTerm*color14: #9FE8FF -! white -XTerm*color7: #A8A8A8 -XTerm*color15: #E8E8E8 diff --git a/buster/home_files/user/.borgrepos b/buster/home_files/user/.borgrepos deleted file mode 100644 index c40eee3..0000000 --- a/buster/home_files/user/.borgrepos +++ /dev/null @@ -1,4 +0,0 @@ -plom@plomlompom.com -plom@mail.plomlompom.com -plom@play.plomlompom.com -# file read ends at last newline diff --git a/buster/home_files/user/.config/i3/config b/buster/home_files/user/.config/i3/config deleted file mode 100644 index 19c654e..0000000 --- a/buster/home_files/user/.config/i3/config +++ /dev/null @@ -1,83 +0,0 @@ -# plomlompom's i3-wm configuration - -# Font for i3 text -font pango:Terminus 8px - -# Force "tabbed" as default layout for new windows. -workspace_layout tabbed - -# Make the Windows key the modifier key for all i3-wm actions. -set $mod Mod4 -floating_modifier $mod - -# Launch xterm. -bindsym $mod+Return exec xterm - -# Launch programs via dmenu. -bindsym $mod+d exec dmenu_run -bindsym $mod+x exec dmenu_run - -# Kill window. -bindsym $mod+Shift+Q kill - -# Move focus between windows. -bindsym $mod+Left focus left -bindsym $mod+Down focus down -bindsym $mod+Up focus up -bindsym $mod+Right focus right - -# Don't move focus with mouse. -focus_follows_mouse no - -# Move windows. -bindsym $mod+Shift+Left move left -bindsym $mod+Shift+Down move down -bindsym $mod+Shift+Up move up -bindsym $mod+Shift+Right move right - -# Resize windows -bindsym $mod+h resize shrink width 1 px or 1 ppt -bindsym $mod+l resize grow width 1 px or 1 ppt -bindsym $mod+j resize shrink height -bindsym $mod+k resize grow height - -# Toggle fullscreen for focused window. -bindsym $mod+f fullscreen - -# Toggle floating of window, focus on floating or tabbed windows. -bindsym $mod+Shift+space floating toggle -bindsym $mod+space focus mode_toggle - -# Switch to workspace x. -bindsym $mod+1 workspace 1 -bindsym $mod+2 workspace 2 -bindsym $mod+3 workspace 3 -bindsym $mod+4 workspace 4 -bindsym $mod+5 workspace 5 -bindsym $mod+6 workspace 6 -bindsym $mod+7 workspace 7 -bindsym $mod+8 workspace 8 -bindsym $mod+9 workspace 9 -bindsym $mod+0 workspace 10 - -# Move window to workspace x. -bindsym $mod+Shift+exclam move workspace 1 -bindsym $mod+Shift+quotedbl move workspace 2 -bindsym $mod+Shift+section move workspace 3 -bindsym $mod+Shift+dollar move workspace 4 -bindsym $mod+Shift+percent move workspace 5 -bindsym $mod+Shift+ampersand move workspace 6 -bindsym $mod+Shift+slash move workspace 7 -bindsym $mod+Shift+parenleft move workspace 8 -bindsym $mod+Shift+parenright move workspace 9 -bindsym $mod+Shift+equal move workspace 10 - -# Reload i3 config file, restart (keeping sesion) i3, exit i3. -bindsym $mod+Shift+C reload -bindsym $mod+Shift+R restart -bindsym $mod+Shift+P exit - -# Select "i3status" as i3 status bar. -bar { - status_command i3status -} diff --git a/buster/home_files/user/.emacs.d/init.el b/buster/home_files/user/.emacs.d/init.el deleted file mode 100644 index fbec980..0000000 --- a/buster/home_files/user/.emacs.d/init.el +++ /dev/null @@ -1,323 +0,0 @@ -;; general layout -;; ============== - -;; need no stinkin emacs help screen as start up, and no menu bar -(setq inhibit-startup-screen t) -(menu-bar-mode -1) - -;; highlight cursor line, parentheses -(global-hl-line-mode 1) -(show-paren-mode 1) - -;; show line numbers, use separator space -(global-linum-mode) -(setq linum-format "%d ") - -;; count cursor column, row in mode line -(setq column-number-mode t) - -;; settings to make GUI tolerable -(if window-system - (progn - (add-to-list 'default-frame-alist '(foreground-color . "white")) - (add-to-list 'default-frame-alist '(background-color . "black")) - (set-face-attribute 'default nil :height 80) - (scroll-bar-mode -1) - (setq visible-bell t) - (setq linum-format "%d"))) - -;; use as default browser what XDG offers -(setq-default browse-url-browser-function 'browse-url-xdg-open) - - - -;; general keybindings -;; =================== - -;; create and use a minimal global map using just the self-insert command -;; bindings and a selection of some to me very common keystrokes -(setq minimal-map (make-sparse-keymap)) -(substitute-key-definition 'self-insert-command 'self-insert-command - minimal-map global-map) -(use-global-map minimal-map) -(global-set-key (kbd "DEL") 'backward-delete-char-untabify) -(global-set-key (kbd "RET") 'newline) -(global-set-key (kbd "TAB") 'indent-for-tab-command) -(global-set-key (kbd "<up>") 'previous-line) -(global-set-key (kbd "<down>") 'next-line) -(global-set-key (kbd "<left>") 'left-char) -(global-set-key (kbd "<right>") 'right-char) -(global-set-key (kbd "<prior>") 'scroll-down-command) -(global-set-key (kbd "<next>") 'scroll-up-command) -(global-set-key (kbd "M-x") 'execute-extended-command) -(global-set-key (kbd "C-g") 'keyboard-quit) -;(global-set-key (kbd "<f3>") 'kmacro-start-macro-or-insert-counter) -;(global-set-key (kbd "<f4>") 'kmacro-end-or-call-macro) -;; note how to switch back to the original map: (use-global-map global-map) -(setq shr-map (make-sparse-keymap)) ; got annoying in elfeed-show on URLs - - - -;; minibuffer -;; ========== - -;; incremental minibuffer completion -(icomplete-mode 1) - - - -;; text editing -;; ============ - -;; tabs are evil -(setq-default indent-tabs-mode nil) -(setq-default tab-width 4) -(setq indent-line-function 'insert-tab) - -;; show trailing whitespace -(setq-default show-trailing-whitespace 1) - -;; on save, ask whether to ensure text file's last line ends in a -;; newline character -(setq require-final-newline 1) - -;; use dedicated directory for version-controlled, endless backups; -;; never delete old versions -(setq make-backup-files t - backup-directory-alist `(("." . "~/.emacs_backups")) - backup-by-copying t - version-control t - delete-old-versions 1) ;; neither t nor nil: never delete - - -;; package management -;; ================== - -;; where we get packages from -(setq package-archives '(("gnu" . "https://elpa.gnu.org/packages/") - ("melpa-unstable" . "https://melpa.org/packages/") - ("melpa-stable" . "https://stable.melpa.org/packages/"))) - -;; ensure certain packages are installed (actually, we use Debian repos here) -;; credit to <https://stackoverflow.com/a/10093312> -;(setq package-list '(elfeed ledger-mode)) -;(package-initialize) -;(dolist (package package-list) -; (unless (package-installed-p package) -; (package-install package))) - - - -;;; window management -;;; ================= -; -;;; track window configurations to allow window config undo -;(winner-mode 1) - - - -;; mail setup -;; ========== - -(setq send-mail-function 'smtpmail-send-it) -(setq smtpmail-smtp-server "mail.plomlompom.com") -(setq smtpmail-smtp-service 465) -(setq smtpmail-stream-type 'ssl) -(setq smtpmail-smtp-user "plom") -(setq mml-secure-openpgp-encrypt-to-self t) -(add-hook 'message-setup-hook 'mml-secure-sign-pgpmime) - -;(setq gnutls-log-level 0) - -;; if we don't set this, we get this warning: -;; gnutls.c: [1] Note that the security level of the Diffie-Hellman key exchange -;; has been lowered to 256 bits and this may allow decryption of the session data -(setq gnutls-min-prime-bits 1024) - -;; there is a WEIRD bug somewhere in /network-stream-open-tls/ that disappears the -;; stream process, seemingly unless the /message/ function is called at the right -;; place (earliest in /nsm-verify-connection/ right before the "cond" there, latest -;; in /network-stream-get-response/ right after "(goto-char start)"; this works -;; unless /inhibit_message/ is set, indicating that writing to the *Messages* -;; buffer is not relevant, but maybe writing to the echo area is); activing the -;; gnutls logging is just a hack to achieve such calls to /message/ in the -;; /network-stream-open-tls/ flow. -(setq gnutls-log-level 1) ; miraculously makes smtpmail work - -;; constructs From: domain if mail composer directly called (from without -;; notmuch), but we don't actually intend to do that -;(setq mail-host-address "plomlompom.com") - -;; otherwise notmuch becomes extremely slow in some cases -(setq-default notmuch-show-indent-content nil) - -;; this only works if we use notmuch-mua-send instead of message-send -(setq notmuch-fcc-dirs '(("plom@plomlompom.com" . "maildir/Sent"))) - -;; this gets rid of "i-did-not-set--mail-host-address--so-tickle-me" -;; in the message ID -(setq mail-host-address "plomlompom.com") - -;; notmuch saved searches -(setq notmuch-saved-searches - '((:name "inbox" :query "tag:unread and folder:inbox") - (:name "all" :query "tag:unread not folder:maildir/Trash") - (:name "plomlompom.de" :query "tag:unread and folder:maildir/plomlompom.de") - (:name "nebenan" :query "tag:unread and folder:maildir/nebenan") - (:name "reflect-info" :query "tag:unread and folder:maildir/reflect-info") - (:name "gmail" :query "tag:unread and folder:maildir/gmail.com") - (:name "mutter" :query "tag:unread and folder:maildir/mutter"))) - - - -;; org mode -;; ======== - -;; unsure why, but to re-set the key map, we not only have to explicitely do it -;; only after org-mode loading, but also have to explicitely overwrite the -;; C-c keybinding; TODO: investigate -(with-eval-after-load 'org - (setq org-mode-map (make-sparse-keymap)) - (define-key org-mode-map (kbd "C-c") nil) - (define-key org-mode-map (kbd "TAB") 'org-cycle) - (define-key org-mode-map (kbd "<backtab>") 'org-shifttab)) - -;; don't truncate lines by default -(setq org-startup-truncated nil) - -;; basic org-capture config -(setq org-capture-templates - '(("x" "test" plain (file "~/org/notes.org") "%T: %?"))) -(add-hook 'org-capture-mode-hook 'evil-insert-state) - -;; agenda view on startup -(load-library "find-lisp") -(setq org-agenda-files (find-lisp-find-files "~/org" "\.org$")) -(setq org-agenda-span 90) -(setq org-agenda-use-time-grid nil) -(add-hook 'emacs-startup-hook (lambda () - (org-agenda-list) - (switch-to-buffer "*Org Agenda*") - (other-window 1))) - -;;; for calendar, use ISO date style -;(setq calendar-date-style 'iso) -;(setq diary-number-of-entries 7) -;(diary) -;(setq org-agenda-time-grid '((today require-timed remove-match) -; #("----------------" 0 16 (org-heading t)) -; (0 200 400 600 800 1000 1200 -; 1400 1600 1800 2000 2200))) - -;; empty org-agenda-mode keybindings -(add-hook 'org-agenda-mode-hook - (lambda () - (setq org-agenda-mode-map (make-sparse-keymap)))) -(add-hook 'org-agenda-mode-hook - (lambda () - (use-local-map (make-sparse-keymap)))) - -;; org-publish-all -(setq org-publish-project-alist - '( - ("website" - :base-directory "~/org/web/" - :base-extension "org" - :publishing-directory "~/html/" - :recursive t - :publishing-function org-html-publish-to-html - :headline-levels 4 ; Just the default for this project. - :auto-preamble t - ))) - -;; use [ki:] syntax to hide stuff from exports -(defun classify-information (text backend info) - "Replaces '[ki:WHATEVER]' with '[klassifizierte Information]'." - (replace-regexp-in-string "\\[ki:[^\]]*\]" "[klassifizierte Information]" text)) -(add-hook 'org-export-filter-plain-text-functions 'classify-information) - -;; add HTML validator link to exports -(setq org-html-validation-link "<a href=\"https://validator.w3.org/check?uri=referer\">Validate</a>") - - - -;;; Info mode -;;; ========= - -(setq Info-mode-map (make-sparse-keymap)) -(define-key Info-mode-map (kbd "RET") 'Info-follow-nearest-node) -(define-key Info-mode-map (kbd "u") 'Info-up) -(define-key Info-mode-map (kbd "TAB") 'Info-next-reference) -(define-key Info-mode-map (kbd "<backtab>") 'Info-prev-reference) -(define-key Info-mode-map (kbd "H") 'Info-history-back) -(define-key Info-mode-map (kbd "L") 'Info-history-forward) -(define-key Info-mode-map (kbd "I") 'Info-goto-node) -(define-key Info-mode-map (kbd "i") 'Info-index) - - - -;; help mode -;; ========= - -(setq help-mode-map (make-sparse-keymap)) -(define-key help-mode-map (kbd "TAB") 'forward-button) -(define-key help-mode-map (kbd "RET") 'help-follow) -(define-key help-mode-map (kbd "<backtab>") 'backward-button) - - - -;; elfeed -;; ====== - -(require 'elfeed) ; needed so we can set the font faces -(set-face-background 'elfeed-search-title-face "magenta") -(set-face-background 'elfeed-search-unread-count-face "magenta") -(setq elfeed-feeds - '("https://capsurvival.blogspot.com/feeds/posts/default" - "https://jungle.world/rss.xml" - "http://news.dieweltistgarnichtso.net/bin/index.xml" - "https://taz.de/!s=&ExportStatus=Intern&SuchRahmen=Online;rss/" - "http://www.tagesschau.de/xml/atom")) -(setq elfeed-search-mode-map (make-sparse-keymap)) -(define-key elfeed-search-mode-map (kbd "RET") 'elfeed-search-show-entry) -(defun elfeed-search-mark-as-read() (interactive) - (elfeed-search-untag-all 'unread)) -(define-key elfeed-search-mode-map (kbd "r") 'elfeed-search-mark-as-read) -(define-key elfeed-search-mode-map (kbd "R") 'elfeed-search-tag-all-unread) -(define-key elfeed-search-mode-map (kbd "f") 'elfeed-search-live-filter) -(define-key elfeed-search-mode-map (kbd "u") 'elfeed-update) -(setq elfeed-show-mode-map (make-sparse-keymap)) -(define-key elfeed-show-mode-map (kbd "u") 'elfeed) -(define-key elfeed-show-mode-map (kbd "TAB") 'shr-next-link) -(define-key elfeed-show-mode-map (kbd "<backtab>") 'shr-previous-link) -(define-key elfeed-show-mode-map (kbd "a") 'elfeed-show-prev) -(define-key elfeed-show-mode-map (kbd "d") 'elfeed-show-next) -(define-key elfeed-show-mode-map (kbd "y") 'shr-copy-url) -(define-key elfeed-show-mode-map (kbd "RET") 'shr-browse-url) - - - -;; eww -;; === - -(setq eww-mode-map (make-sparse-keymap)) -(define-key eww-mode-map (kbd "TAB") 'shr-next-link) -(define-key eww-mode-map (kbd "<backtab>") 'shr-previous-link) -(define-key eww-mode-map (kbd "H") 'eww-back-url) -(define-key eww-mode-map (kbd "L") 'eww-forward-url) - - - -;; ledger -;; ====== -(setq ledger-mode-map (make-sparse-keymap)) -(define-key ledger-mode-map (kbd "TAB") 'ledger-magic-tab) - - - -;;; plomvi mode -;;; =========== - -(defvar plomvi-return-combo (kbd "C-c")) -(load "~/public_repos/plomvi.el/plomvi.el") -(plomvi-global-mode 1) diff --git a/buster/home_files/user/.gitconfig b/buster/home_files/user/.gitconfig deleted file mode 100644 index 8967d25..0000000 --- a/buster/home_files/user/.gitconfig +++ /dev/null @@ -1,3 +0,0 @@ -[user] - email = c.heller@plomlompom.de - name = Christian Heller diff --git a/buster/home_files/user/.mbsyncrc b/buster/home_files/user/.mbsyncrc deleted file mode 100644 index 6a0e5cd..0000000 --- a/buster/home_files/user/.mbsyncrc +++ /dev/null @@ -1,28 +0,0 @@ -IMAPAccount plom -# Address to connect to -Host mail.plomlompom.com -User plom -# For some reason, mbsync doesn't accept a PassCmd output beyond 79 chars, -# therefore the pw in ~/.authinfo should not be longer than that. -PassCmd "cat ~/.authinfo | cut -d' ' -f8-" -SSLType IMAPS -AuthMechs LOGIN - -IMAPStore core-remote -Account plom - -MaildirStore core-local -# The trailing "/" is important -Path ~/mail/maildir/ -Inbox ~/mail/inbox/ - -Channel core -Master :core-remote: -Slave :core-local: -Patterns * -# Automatically create missing mailboxes, both locally and on the server -Create Both -# Save the synchronization state files in the relevant directory -SyncState * -# If a mail is marked T ("Trashed") or deleted, remove it for real everywhere -Expunge Both diff --git a/buster/home_files/user/.notmuch-config b/buster/home_files/user/.notmuch-config deleted file mode 100644 index 9532761..0000000 --- a/buster/home_files/user/.notmuch-config +++ /dev/null @@ -1,9 +0,0 @@ -[database] -path=/home/plom/mail -[search] -exclude_tags=deleted;spam; -# the fields below set the From: if the mail composer is called from -# within notmuch -[user] -name=Christian Heller -primary_email=plom@plomlompom.com diff --git a/buster/home_files/user/.shell_prompt_color b/buster/home_files/user/.shell_prompt_color deleted file mode 100644 index 0cfbf08..0000000 --- a/buster/home_files/user/.shell_prompt_color +++ /dev/null @@ -1 +0,0 @@ -2 diff --git a/buster/home_files/user/.tridactylrc b/buster/home_files/user/.tridactylrc deleted file mode 100644 index e39e5a0..0000000 --- a/buster/home_files/user/.tridactylrc +++ /dev/null @@ -1,13 +0,0 @@ -sanitize tridactyllocal tridactylsync -guiset statuspanel top-right -guiset tabs autohide -set newtab file:///opt/firefox/blank.html -autocmd DocStart www.reddit.com urlmodify -t www.reddit old.reddit -bind / fillcmdline find -bind n findnext 1 -bind N findnext -1 -set findcase insensitive -bind j scrollline 3 -bind k scrollline -3 -set hintuppercase false -set searchengine duckduckgo diff --git a/buster/home_files/user/.xinitrc b/buster/home_files/user/.xinitrc deleted file mode 100644 index c7a0a66..0000000 --- a/buster/home_files/user/.xinitrc +++ /dev/null @@ -1,17 +0,0 @@ -# X init configuration - -# Set keymap. -setxkbmap de - -# Map CapsLock to Compose key. -xmodmap -e "clear Lock" -xmodmap -e "keycode 66 = Multi_key" - -# Load xterm settings -xrdb -merge ~/.Xresources - -# Redshift to Berlin, Germany. -redshift -rl 53:13 & - -# Launch window manager. -i3 diff --git a/buster/home_files/user/mail_sync.sh b/buster/home_files/user/mail_sync.sh deleted file mode 100755 index 6962800..0000000 --- a/buster/home_files/user/mail_sync.sh +++ /dev/null @@ -1,43 +0,0 @@ -#!/bin/sh -set -e - -basedir="/home/plom/mail/maildir/" -# Ensure directories exist for all "dir:*" tags. -for tag in $(notmuch search --output=tags '*'); do - if [ ! $(echo "${tag}" | cut -c-4) = "dir:" ]; then - continue - fi - target_dir="${basedir}"$(echo "${tag}" | cut -c5-)"/cur/" - if [ ! -d "${target_dir}" ]; then - echo "Directory ${target_dir} does not exist." - exit 1 - fi -done - -# Ensure all "dir:*"-tagged mails are in proper directories, -# remove all "dir:*" tags. -for tag in $(notmuch search --output=tags '*'); do - if [ ! $(echo "${tag}" | cut -c-4) = "dir:" ]; then - continue - fi - target_dir="${basedir}"$(echo "${tag}" | cut -c5-)"/cur/" - for f in $(notmuch search --output=files tag:"${tag}"); do - new_name=$(basename "${f}" | sed -e 's/,U=[0-9]*//') - target_path="${target_dir}${new_name}" - if [ ! "${target_path}" = "${f}" ]; then - echo "Moving ${f} to ${target_path}." - mv "${f}" "${target_path}" - fi - done - notmuch tag -"${tag}" tag:"${tag}" -done - -# Remove all "deleted"-tagged files from maildirs. -notmuch search --output=files tag:deleted | while read f; do - echo "Deleting ${f}" - rm "${f}" -done - -# Sync changes back to server and update notmuch index. -mbsync -a -notmuch new diff --git a/buster/home_files/user/public_repos/repos b/buster/home_files/user/public_repos/repos deleted file mode 100644 index 27eb028..0000000 --- a/buster/home_files/user/public_repos/repos +++ /dev/null @@ -1,7 +0,0 @@ -# List of repos we want cloned in ~/public_repos -config -pingmail.git -plomlombot-irc.git -plomrogue -plomrogue2-experiments -plomvi.el diff --git a/buster/home_files/w530/.config/i3status/config b/buster/home_files/w530/.config/i3status/config deleted file mode 100644 index b9fb15f..0000000 --- a/buster/home_files/w530/.config/i3status/config +++ /dev/null @@ -1,82 +0,0 @@ -# plomlompom's i3 status bar configuration - -# Activate colors; set update interval of one second. -general { - colors = true - interval = 1 -} - -# Selection / order of status elements. -order += "disk /" -order += "disk /home/" -order += "wireless wlp3s0" -order += "ethernet enp0s25" -order += "battery 0" -order += "cpu_usage" -order += "load" -order += "cpu_temperature 0" -order += "time" -order += "volume master" - -# How much space is left in / ? -disk "/" { - format = "/: %avail available of %total" - separator_block_width = 25 -} - -# How much space is left in /home ? -disk "/home/" { - format = "/home: %avail available of %total" - separator_block_width = 25 -} - -# WLAN status: show IP and connection quality or "down". -wireless wlp3s0 { - format_up = "w: (%quality at %essid) %ip" - format_down = "w: down" - separator_block_width = 10 -} - -# Ethernet status: show IP or "down". -ethernet enp0s25 { - format_up = "e: %ip" - format_down = "e: down" - separator_block_width = 25 -} - -# Battery status: show FULL/CHARGING/BATTERY, storage, time left. -battery 0 { - format = "b: %status %percentage %remaining" - separator_block_width = 25 -} - -# Show CPU usage. -cpu_usage { - format = "cpu: %usage" - separator_block_width = 10 -} - -# Show system load during last 1/5/15 minutes. -load { - format = "%1min %5min %15min" - separator_block_width = 25 -} - -# Show CPU temperature in degrees of celsius. -cpu_temperature 0 { - format = "%degrees °C" - separator_block_width = 25 -} - -# Show date/time/timezone as "year-month-day hour:minute:second -# timezone_numeric/timezone_alphabetic". -time { - format = "%Y-%m-%d %H:%M:%S %z/%Z" - separator_block_width = 25 -} - -volume master { - format = "âª: %volume" - format_muted = "âª: muted (%volume)" - separator_block_width = 25 -} diff --git a/buster/home_files/x200s/.config/i3status/config b/buster/home_files/x200s/.config/i3status/config deleted file mode 100644 index 256f174..0000000 --- a/buster/home_files/x200s/.config/i3status/config +++ /dev/null @@ -1,82 +0,0 @@ -# plomlompom's i3 status bar configuration - -# Activate colors; set update interval of one second. -general { - colors = true - interval = 1 -} - -# Selection / order of status elements. -order += "disk /" -order += "disk /home/" -order += "wireless wls1" -order += "ethernet enp0s25" -order += "battery 0" -order += "cpu_usage" -order += "load" -order += "cpu_temperature 0" -order += "time" -order += "volume master" - -# How much space is left in / ? -disk "/" { - format = "/: %avail available of %total" - separator_block_width = 25 -} - -# How much space is left in /home ? -disk "/home/" { - format = "/home: %avail available of %total" - separator_block_width = 25 -} - -# WLAN status: show IP and connection quality or "down". -wireless wls1 { - format_up = "w: (%quality at %essid) %ip" - format_down = "w: down" - separator_block_width = 10 -} - -# Ethernet status: show IP or "down". -ethernet enp0s25 { - format_up = "e: %ip" - format_down = "e: down" - separator_block_width = 25 -} - -# Battery status: show FULL/CHARGING/BATTERY, storage, time left. -battery 0 { - format = "b: %status %percentage %remaining" - separator_block_width = 25 -} - -# Show CPU usage. -cpu_usage { - format = "cpu: %usage" - separator_block_width = 10 -} - -# Show system load during last 1/5/15 minutes. -load { - format = "%1min %5min %15min" - separator_block_width = 25 -} - -# Show CPU temperature in degrees of celsius. -cpu_temperature 0 { - format = "%degrees °C" - separator_block_width = 25 -} - -# Show date/time/timezone as "year-month-day hour:minute:second -# timezone_numeric/timezone_alphabetic". -time { - format = "%Y-%m-%d %H:%M:%S %z/%Z" - separator_block_width = 25 -} - -volume master { - format = "âª: %volume" - format_muted = "âª: muted (%volume)" - separator_block_width = 25 -} diff --git a/buster/home_files/x220/.config/i3status/config b/buster/home_files/x220/.config/i3status/config deleted file mode 100644 index b9fb15f..0000000 --- a/buster/home_files/x220/.config/i3status/config +++ /dev/null @@ -1,82 +0,0 @@ -# plomlompom's i3 status bar configuration - -# Activate colors; set update interval of one second. -general { - colors = true - interval = 1 -} - -# Selection / order of status elements. -order += "disk /" -order += "disk /home/" -order += "wireless wlp3s0" -order += "ethernet enp0s25" -order += "battery 0" -order += "cpu_usage" -order += "load" -order += "cpu_temperature 0" -order += "time" -order += "volume master" - -# How much space is left in / ? -disk "/" { - format = "/: %avail available of %total" - separator_block_width = 25 -} - -# How much space is left in /home ? -disk "/home/" { - format = "/home: %avail available of %total" - separator_block_width = 25 -} - -# WLAN status: show IP and connection quality or "down". -wireless wlp3s0 { - format_up = "w: (%quality at %essid) %ip" - format_down = "w: down" - separator_block_width = 10 -} - -# Ethernet status: show IP or "down". -ethernet enp0s25 { - format_up = "e: %ip" - format_down = "e: down" - separator_block_width = 25 -} - -# Battery status: show FULL/CHARGING/BATTERY, storage, time left. -battery 0 { - format = "b: %status %percentage %remaining" - separator_block_width = 25 -} - -# Show CPU usage. -cpu_usage { - format = "cpu: %usage" - separator_block_width = 10 -} - -# Show system load during last 1/5/15 minutes. -load { - format = "%1min %5min %15min" - separator_block_width = 25 -} - -# Show CPU temperature in degrees of celsius. -cpu_temperature 0 { - format = "%degrees °C" - separator_block_width = 25 -} - -# Show date/time/timezone as "year-month-day hour:minute:second -# timezone_numeric/timezone_alphabetic". -time { - format = "%Y-%m-%d %H:%M:%S %z/%Z" - separator_block_width = 25 -} - -volume master { - format = "âª: %volume" - format_muted = "âª: muted (%volume)" - separator_block_width = 25 -} diff --git a/buster/other_files/append_opendkim.conf b/buster/other_files/append_opendkim.conf deleted file mode 100644 index ee5dc14..0000000 --- a/buster/other_files/append_opendkim.conf +++ /dev/null @@ -1,6 +0,0 @@ - -# plomlompom customizations -Domain REPLACE_maildomain_ECALPER -KeyFile /etc/dkimkeys/REPLACE_selector_ECALPER.private -Selector REPLACE_selector_ECALPER -Socket inet:8892@localhost diff --git a/buster/other_files/append_pleroma_config b/buster/other_files/append_pleroma_config deleted file mode 100644 index 54a65d0..0000000 --- a/buster/other_files/append_pleroma_config +++ /dev/null @@ -1,24 +0,0 @@ - -########################################## -# below this: customizations by plomlompom - -config :pleroma, :instance, - registrations_open: false, - safe_dm_mentions: true, - cleanup_attachments: true - -config :pleroma, :frontend_configurations, - pleroma_fe: %{ - showInstanceSpecificPanel: true, - background: "/pixel.png", - logo: "/pixel.png" - } - -config :pleroma, :chat, - enabled: false - -config :pleroma, Pleroma.Captcha, - enabled: false - -config :pleroma, :static_fe, - enabled: true diff --git a/buster/other_files/append_postfix_main.cf b/buster/other_files/append_postfix_main.cf deleted file mode 100644 index 385058c..0000000 --- a/buster/other_files/append_postfix_main.cf +++ /dev/null @@ -1,23 +0,0 @@ - -# TLS certs -smtpd_tls_cert_file=/etc/letsencrypt/live/${myhostname}/fullchain.pem -smtpd_tls_key_file=/etc/letsencrypt/live/${myhostname}/privkey.pem - -# OpenDKIM milter -non_smtpd_milters = inet:localhost:8892 -smtpd_milters = inet:localhost:8892 - -# transport mail to dovecot; not strictly needed, as even without this -# postfix will throw mail to /var/mail/USER to be found by dovecot for -# serving via IMAP etc.; but using dovecot's LMTP server for delivery -# allows us to do stuff like dovecot-side sieve filtering. -mailbox_transport = lmtp:inet:127.0.0.1:2424 - -# to authenticate on SMTP, we need a SASL mechanism; we talk to dovecot -# for this, since it provides one -smtpd_sasl_type = dovecot -smtpd_sasl_path = private/auth -smtpd_sasl_auth_enable = yes - -# we append mail domain here for if it is different than $myhostname -mydestination = $myhostname localhost.$mydomain localhost REPLACE_maildomain_ECALPER diff --git a/buster/other_files/append_postfix_master.cf b/buster/other_files/append_postfix_master.cf deleted file mode 100644 index 5d1aa3c..0000000 --- a/buster/other_files/append_postfix_master.cf +++ /dev/null @@ -1,4 +0,0 @@ - -# Run SMTPS on port 465, enforce TLS there. -smtps inet n - y - - smtpd - -o smtpd_tls_wrappermode=yes diff --git a/buster/other_files/blog_hook_post-receive b/buster/other_files/blog_hook_post-receive deleted file mode 100755 index b671248..0000000 --- a/buster/other_files/blog_hook_post-receive +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/sh -blog_dir=~/blog -export GIT_DIR=$(pwd) -export GIT_WORK_TREE="$blog_dir" -git checkout -f -cd "$GIT_WORK_TREE" -redo -git add metadata/author metadata/url metadata/title metadata/*.tmpl metadata/automatic_metadata captchas/linkable/* -count=$(ls -1 metadata/*.automatic_metadata 2>/dev/null | wc -l) -if [ "$count" != 0 ]; then - git add metadata/*.automatic_metadata -fi -status=$(git status -s) -n_updates=$(printf "$status" | grep -vE '^\?\?' | wc -l) -if [ "$n_updates" -gt 0 ]; then - git commit -a -m 'Update metadata' -fi diff --git a/buster/other_files/dovecot.sieve b/buster/other_files/dovecot.sieve deleted file mode 100644 index 5346309..0000000 --- a/buster/other_files/dovecot.sieve +++ /dev/null @@ -1,8 +0,0 @@ -require ["fileinto"]; -require ["mailbox"]; -if address :is "from" "foo@bar.com" { - fileinto :create "foo"; -} -if address :is :domain "to" "example.com" { - fileinto :create "example.com"; -} diff --git a/buster/other_files/dumpsite_index.html b/buster/other_files/dumpsite_index.html deleted file mode 100644 index 0c2093f..0000000 --- a/buster/other_files/dumpsite_index.html +++ /dev/null @@ -1,3 +0,0 @@ -<!DOCTYPE html> -<meta charset="UTF-8"> -<a href="blog">Zum Blog?</a> diff --git a/buster/other_files/fetchmailrc b/buster/other_files/fetchmailrc deleted file mode 100755 index b437563..0000000 --- a/buster/other_files/fetchmailrc +++ /dev/null @@ -1,2 +0,0 @@ -# remove "keep" if you're sure about your setup; it keeps mails on server from getting deleted -poll mail.example.com protocol pop3 username "foo@example.com" password "PASSWORD" ssl keep diff --git a/buster/other_files/peertube_production.yaml b/buster/other_files/peertube_production.yaml deleted file mode 100644 index 86804e2..0000000 --- a/buster/other_files/peertube_production.yaml +++ /dev/null @@ -1,375 +0,0 @@ -listen: - hostname: 'localhost' - port: 9000 - -# Correspond to your reverse proxy server_name/listen configuration -webserver: - https: true - hostname: 'example.com' - port: 443 - -rates_limit: - api: - # 50 attempts in 10 seconds - window: 10 seconds - max: 50 - login: - # 15 attempts in 5 min - window: 5 minutes - max: 15 - signup: - # 2 attempts in 5 min (only succeeded attempts are taken into account) - window: 5 minutes - max: 2 - ask_send_email: - # 3 attempts in 5 min - window: 5 minutes - max: 3 - -# Proxies to trust to get real client IP -# If you run PeerTube just behind a local proxy (nginx), keep 'loopback' -# If you run PeerTube behind a remote proxy, add the proxy IP address (or subnet) -trust_proxy: - - 'loopback' - -# Your database name will be "peertube"+database.suffix -database: - password: 'peertube' - hostname: 'localhost' - port: 5432 - suffix: '_prod' - username: 'peertube' - pool: - max: 5 - -# Redis server for short time storage -# You can also specify a 'socket' path to a unix socket but first need to -# comment out hostname and port -redis: - hostname: 'localhost' - port: 6379 - auth: null - db: 0 - -# SMTP server to send emails -smtp: - hostname: null - port: 465 # If you use StartTLS: 587 - username: null - password: null - tls: true # If you use StartTLS: false - disable_starttls: false - ca_file: null # Used for self signed certificates - from_address: 'admin@example.com' - -email: - body: - signature: "PeerTube" - subject: - prefix: "[PeerTube]" - -# From the project root directory -storage: - tmp: '/var/www/peertube/storage/tmp/' # Use to download data (imports etc), store uploaded files before processing... - avatars: '/var/www/peertube/storage/avatars/' - videos: '/var/www/peertube/storage/videos/' - streaming_playlists: '/var/www/peertube/storage/streaming-playlists/' - redundancy: '/var/www/peertube/storage/redundancy/' - logs: '/var/www/peertube/storage/logs/' - previews: '/var/www/peertube/storage/previews/' - thumbnails: '/var/www/peertube/storage/thumbnails/' - torrents: '/var/www/peertube/storage/torrents/' - captions: '/var/www/peertube/storage/captions/' - cache: '/var/www/peertube/storage/cache/' - plugins: '/var/www/peertube/storage/plugins/' - -log: - level: 'info' # debug/info/warning/error - rotation: - enabled : true # Enabled by default, if disabled make sure that 'storage.logs' is pointing to a folder handled by logrotate - maxFileSize: 12MB - maxFiles: 20 - anonymizeIP: true - -search: - # Add ability to fetch remote videos/actors by their URI, that may not be federated with your instance - # If enabled, the associated group will be able to "escape" from the instance follows - # That means they will be able to follow channels, watch videos, list videos of non followed instances - remote_uri: - users: true - anonymous: false - -trending: - videos: - interval_days: 7 # Compute trending videos for the last x days - -# Cache remote videos on your server, to help other instances to broadcast the video -# You can define multiple caches using different sizes/strategies -# Once you have defined your strategies, choose which instances you want to cache in admin -> manage follows -> following -redundancy: - videos: - check_interval: '1 hour' # How often you want to check new videos to cache - strategies: # Just uncomment strategies you want -# - -# size: '10GB' -# # Minimum time the video must remain in the cache. Only accept values > 10 hours (to not overload remote instances) -# min_lifetime: '48 hours' -# strategy: 'most-views' # Cache videos that have the most views -# - -# size: '10GB' -# # Minimum time the video must remain in the cache. Only accept values > 10 hours (to not overload remote instances) -# min_lifetime: '48 hours' -# strategy: 'trending' # Cache trending videos -# - -# size: '10GB' -# # Minimum time the video must remain in the cache. Only accept values > 10 hours (to not overload remote instances) -# min_lifetime: '48 hours' -# strategy: 'recently-added' # Cache recently added videos -# min_views: 10 # Having at least x views - -csp: - enabled: false - report_only: true # CSP directives are still being tested, so disable the report only mode at your own risk! - report_uri: - -tracker: - # If you disable the tracker, you disable the P2P aspect of PeerTube - enabled: true - # Only handle requests on your videos. - # If you set this to false it means you have a public tracker. - # Then, it is possible that clients overload your instance with external torrents - private: true - # Reject peers that do a lot of announces (could improve privacy of TCP/UDP peers) - reject_too_many_announces: false - -history: - videos: - # If you want to limit users videos history - # -1 means there is no limitations - # Other values could be '6 months' or '30 days' etc (PeerTube will periodically delete old entries from database) - max_age: -1 - -views: - videos: - # PeerTube creates a database entry every hour for each video to track views over a period of time - # This is used in particular by the Trending page - # PeerTube could remove old remote video views if you want to reduce your database size (video view counter will not be altered) - # -1 means no cleanup - # Other values could be '6 months' or '30 days' etc (PeerTube will periodically delete old entries from database) - remote: - max_age: -1 - -plugins: - # The website PeerTube will ask for available PeerTube plugins and themes - # This is an unmoderated plugin index, so only install plugins/themes you trust - index: - enabled: true - check_latest_versions_interval: '12 hours' # How often you want to check new plugins/themes versions - url: 'https://packages.joinpeertube.org' - - -############################################################################### -# -# From this point, all the following keys can be overridden by the web interface -# (local-production.json file). If you need to change some values, prefer to -# use the web interface because the configuration will be automatically -# reloaded without any need to restart PeerTube. -# -# /!\ If you already have a local-production.json file, the modification of the -# following keys will have no effect /!\. -# -############################################################################### - -cache: - previews: - size: 500 # Max number of previews you want to cache - captions: - size: 500 # Max number of video captions/subtitles you want to cache - -admin: - # Used to generate the root user at first startup - # And to receive emails from the contact form - email: 'admin@example.com' - -contact_form: - enabled: true - -signup: - enabled: false - limit: 10 # When the limit is reached, registrations are disabled. -1 == unlimited - requires_email_verification: false - filters: - cidr: # You can specify CIDR ranges to whitelist (empty = no filtering) or blacklist - whitelist: [] - blacklist: [] - -user: - # Default value of maximum video BYTES the user can upload (does not take into account transcoded files). - # -1 == unlimited - video_quota: -1 - video_quota_daily: -1 - -# If enabled, the video will be transcoded to mp4 (x264) with "faststart" flag -# In addition, if some resolutions are enabled the mp4 video file will be transcoded to these new resolutions. -# Please, do not disable transcoding since many uploaded videos will not work -transcoding: - enabled: true - # Allow your users to upload .mkv, .mov, .avi, .flv videos - allow_additional_extensions: true - # If a user uploads an audio file, PeerTube will create a video by merging the preview file and the audio file - allow_audio_files: true - threads: 1 - resolutions: # Only created if the original video has a higher resolution, uses more storage! - 0p: false # audio-only (creates mp4 without video stream, always created when enabled) - 240p: true - 360p: true - 480p: true - 720p: true - 1080p: true - 2160p: false - - # Generate videos in a WebTorrent format (what we do since the first PeerTube release) - # If you also enabled the hls format, it will multiply videos storage by 2 - # If disabled, breaks federation with PeerTube instances < 2.1 - webtorrent: - enabled: true - - # /!\ Requires ffmpeg >= 4.1 - # Generate HLS playlists and fragmented MP4 files. Better playback than with WebTorrent: - # * Resolution change is smoother - # * Faster playback in particular with long videos - # * More stable playback (less bugs/infinite loading) - # If you also enabled the webtorrent format, it will multiply videos storage by 2 - hls: - enabled: true - -import: - # Add ability for your users to import remote videos (from YouTube, torrent...) - videos: - http: # Classic HTTP or all sites supported by youtube-dl https://rg3.github.io/youtube-dl/supportedsites.html - enabled: false - # You can use an HTTP/HTTPS/SOCKS proxy with youtube-dl - proxy: - enabled: false - url: "" - torrent: # Magnet URI or torrent file (use classic TCP/UDP/WebSeed to download the file) - enabled: false - -auto_blacklist: - # New videos automatically blacklisted so moderators can review before publishing - videos: - of_users: - enabled: false - -# Instance settings -instance: - name: 'PlomTube' - short_description: '' - description: 'Personal PeerTube instance by plomlompom (see https://plomlompom.com) for his own videos.' # Support markdown - terms: '**Privacy**: Videos here are streamed via the BitTorrent protocol, which might expose your IP to other peers â see the "P2P & Privacy" section [here](/about/peertube). Internally, site visits are logged by the PeerTube software, but with IPs anonymized. **Contact**: See https://plomlompom.com/contact.html' # Support markdown - code_of_conduct: '' # Supports markdown - - # Who moderates the instance? What is the policy regarding NSFW videos? Political videos? etc - moderation_information: '' # Supports markdown - - # Why did you create this instance? - creation_reason: '' - - # Who is behind the instance? A single person? A non profit? - administrator: '' - - # How long do you plan to maintain this instance? - maintenance_lifetime: '' - - # How will you pay the PeerTube instance server? With your own funds? With users donations? Advertising? - business_model: '' - - # If you want to explain on what type of hardware your PeerTube instance runs - # Example: "2 vCore, 2GB RAM..." - hardware_information: '' # Supports Markdown - - # What are the main languages of your instance? To interact with your users for example - # Uncomment or add the languages you want - # List of supported languages: https://peertube.cpy.re/api/v1/videos/languages - languages: -# - en -# - es -# - fr - - # You can specify the main categories of your instance (dedicated to music, gaming or politics etc) - # Uncomment or add the category ids you want - # List of supported categories: https://peertube.cpy.re/api/v1/videos/categories - categories: -# - 1 # Music -# - 2 # Films -# - 3 # Vehicles -# - 4 # Art -# - 5 # Sports -# - 6 # Travels -# - 7 # Gaming -# - 8 # People -# - 9 # Comedy -# - 10 # Entertainment -# - 11 # News & Politics -# - 12 # How To -# - 13 # Education -# - 14 # Activism -# - 15 # Science & Technology -# - 16 # Animals -# - 17 # Kids -# - 18 # Food - - default_client_route: '/videos/trending' - - # Whether or not the instance is dedicated to NSFW content - # Enabling it will allow other administrators to know that you are mainly federating sensitive content - # Moreover, the NSFW checkbox on video upload will be automatically checked by default - is_nsfw: false - # By default, "do_not_list" or "blur" or "display" NSFW videos - # Could be overridden per user with a setting - default_nsfw_policy: 'do_not_list' - - customizations: - javascript: '' # Directly your JavaScript code (without <script> tags). Will be eval at runtime - css: '' # Directly your CSS code (without <style> tags). Will be injected at runtime - # Robot.txt rules. To disallow robots to crawl your instance and disallow indexation of your site, add '/' to "Disallow:' - robots: | - User-agent: * - Disallow: - # Security.txt rules. To discourage researchers from testing your instance and disable security.txt integration, set this to an empty string. - securitytxt: - "# If you would like to report a security issue\n# you may report it to:\nContact: https://github.com/Chocobozzz/PeerTube/blob/develop/SECURITY.md\nContact: mailto:" - -services: - # Cards configuration to format video in Twitter - twitter: - username: '@Chocobozzz' # Indicates the Twitter account for the website or platform on which the content was published - # If true, a video player will be embedded in the Twitter feed on PeerTube video share - # If false, we use an image link card that will redirect on your PeerTube instance - # Change it to "true", and then test on https://cards-dev.twitter.com/validator to see if you are whitelisted - whitelisted: false - -followers: - instance: - # Allow or not other instances to follow yours - enabled: true - # Whether or not an administrator must manually validate a new follower - manual_approval: false - -followings: - instance: - # If you want to automatically follow back new instance followers - # If this option is enabled, use the mute feature instead of deleting followings - # /!\ Don't enable this if you don't have a reactive moderation team /!\ - auto_follow_back: - enabled: false - - # If you want to automatically follow instances of the public index - # If this option is enabled, use the mute feature instead of deleting followings - # /!\ Don't enable this if you don't have a reactive moderation team /!\ - auto_follow_index: - enabled: false - index_url: 'https://instances.joinpeertube.org' - -theme: - default: 'default' diff --git a/buster/other_files/pingmailrc b/buster/other_files/pingmailrc deleted file mode 100644 index 46bcbfe..0000000 --- a/buster/other_files/pingmailrc +++ /dev/null @@ -1,45 +0,0 @@ -# place for test files whose modification times are used to track lifesigns -testdir=$HOME'/.pingmail' - -# modification time is the last time a ping was sent or a lifetime received -ping_touch=$testdir'/ping_touch' - -# modification time is when the count for sending checker a warning mail starts -reminder_touch=$testdir'/reminder_touch' - -# how long to wait for lifesigns before sending a ping; double is time to wait -# for a lifesign before sending a warning message to checker -wait_time=86400 - -# address of the checker, receives warning message after too long wait -checker_address='bar@example.org' - -# address of the checked person, ping is sent here -checked_address='foo@example.org' - -# content of ping message sent to checked person -subj2checked='[pingmail] Ping!' -msg2checked='Hi!\n -\nThis is an automated mail ping from '$checker_address'. -\nRespond to show that you are still alive!' - -# content of warning message sent to checker -id_target='foo' -subj2checker='[pingmail] No recent life signs from '$id_target -reminder_time=`expr $wait_time \* 2` -msg2checker='pingmail reporting in:\n -\nNo life signs from '$id_target' for the last '$reminder_time' seconds. -\nMaybe you should give them a call to check if they are okay.' - -# mail client command reading message body from stdin and subject from parameter -mailclient_s='mail -s' - -# mailbox file to check for most recent life sign -mbox=$HOME'/mail/foo' - -# to recursively search for most recent matches to $matchstring as lifesigns -#maildir=$HOME'/mail' - -# pattern to search $maildir for recursively for lifesigns -#checked_address_escaped=`echo $checked_address | sed 's/\./\\./g'` -#matchstring='^From: .*('$checked_address_escaped'|alternate@example\.org)' diff --git a/buster/other_files/pixel.png b/buster/other_files/pixel.png deleted file mode 100644 index 45d6db2..0000000 Binary files a/buster/other_files/pixel.png and /dev/null differ diff --git a/buster/other_files/pleroma_panel.html b/buster/other_files/pleroma_panel.html deleted file mode 100644 index 8e2e67f..0000000 --- a/buster/other_files/pleroma_panel.html +++ /dev/null @@ -1,4 +0,0 @@ -<div style="margin: 1em;"> - <p>Privacy: Visitor IP addresses are anonymized in the logs.</p> - <p>Contact: See <a href="https://plomlompom.com/contact.html">plomlompom.com contact page</a>.</p> -</div> diff --git a/buster/other_files/pleroma_robots.txt b/buster/other_files/pleroma_robots.txt deleted file mode 100644 index eb05362..0000000 --- a/buster/other_files/pleroma_robots.txt +++ /dev/null @@ -1,2 +0,0 @@ -User-agent: * -Disallow: diff --git a/buster/other_files/pleroma_terms-of-service.html b/buster/other_files/pleroma_terms-of-service.html deleted file mode 100644 index 7268bac..0000000 --- a/buster/other_files/pleroma_terms-of-service.html +++ /dev/null @@ -1 +0,0 @@ -This is <a href="https://plomlompom.com">plomlompom</a>'s personal single-user Pleroma instance. diff --git a/buster/other_files/plomlombot_daemon.sh b/buster/other_files/plomlombot_daemon.sh deleted file mode 100755 index a9285bf..0000000 --- a/buster/other_files/plomlombot_daemon.sh +++ /dev/null @@ -1,62 +0,0 @@ -#!/bin/sh -set -e - -# Repeatedly parse config file for GPG key and bot screen configs. -path=~/.plomlombot -db_dir="${HOME}/plomlombot_db" -irclogs_dir=/var/www/html/irclogs -irclogs_pw_dir=/var/www/irclogs_pw -hostname_mod_epoch=$(stat -c%Y /etc/hostname) -while true; do - if [ -f "${path}" ]; then - cat "${path}" | while read line; do - first_word=$(echo -n "${line}" | cut -d' ' -f1) - - # Read "bot:" line, start bot screen session from it if not yet existing, - # set up irclogs dir if not yet existing. - if [ "${first_word}" = "bot:" ]; then - session_name=$(echo -n "${line}" | cut -d' ' -f2) - bot_name=$(echo -n "${line}" | cut -d' ' -f3) - channel_name=$(echo -n "${line}" | cut -d' ' -f4) - shortened_channel_name="${channel_name}" - first_char=$(echo -n "${channel_name}" | cut -c1) - if [ "${first_char}" = "#" ]; then - shortened_channel_name=$(echo -n "${channel_name}" | cut -c2-) - fi - server_name=$(echo -n "${line}" | cut -d' ' -f5) - login_user=$(echo -n "${line}" | cut -d' ' -f6) - login_pw=$(echo -n "${line}" | cut -d' ' -f7) - add_option=$(echo -n "${line}" | cut -d' ' -f8-) - set +e - screen -S "${session_name}" -Q select . > /dev/null - start_screen=$? - set -e - if [ "${start_screen}" -eq "1" ]; then - cd ~/plomlombot-irc - LANG="en_US.UTF-8" screen -d -m -S "${session_name}" ./run.sh -r 604800 -n "${bot_name}" -s "${server_name}" -c "${channel_name}" ${add_option} - fi - md5_server=$(echo -n "${server_name}" | md5sum | cut -d' ' -f1) - md5_channel=$(echo -n "${channel_name}" | md5sum | cut -d' ' -f1) - logs_dir="${db_dir}/${md5_server}/${md5_channel}/logs" - # FIXME: Note the trouble we will have if we have the same channel - # name on different servers ⦠- ln -sfn "${logs_dir}" "${irclogs_dir}/${shortened_channel_name}" - echo "${login_user}":'{PLAIN}'"${login_pw}" > "${irclogs_pw_dir}/${shortened_channel_name}" - - # If "gpg_key" line, encrypt old raw logs to that GPG key. - elif [ "${first_word}" = "gpg_key" ]; then - key=$(echo -n "${line}" | cut -d' ' -f2) - mkdir -p ~/plomlombot_db - cd ~/plomlombot_db - # Dirty hack: To avoid trouble with GPG key expiration, fake - # system to something reasonbly old (younger than key creation, - # older than expiration) by taking the mod datetime of - # /etc/hostname, which should have last be changed when the - # system was set up. - find . -path '*/*/raw_logs/*.txt' -mtime +1 -type f -exec gpg --recipient "${key}" --trust-model always --faked-system-time="${hostname_mod_epoch}" --encrypt {} \; -exec rm {} \; - fi - - done - sleep 1 - fi -done diff --git a/buster/other_files/plomlombot_hook_post-receive b/buster/other_files/plomlombot_hook_post-receive deleted file mode 100755 index c4627af..0000000 --- a/buster/other_files/plomlombot_hook_post-receive +++ /dev/null @@ -1,2 +0,0 @@ -#!/bin/sh -GIT_WORK_TREE=/home/plom/plomlombot-irc git checkout -f diff --git a/buster/other_files/url-catcher_customizations.json b/buster/other_files/url-catcher_customizations.json deleted file mode 100644 index acc4778..0000000 --- a/buster/other_files/url-catcher_customizations.json +++ /dev/null @@ -1,13 +0,0 @@ -{ - "translations": { - "wrongCaptcha": "Captcha leider falsch.", - "invalidURL": "Falsch formatierte URL.", - "recordedURL": "URL aufgezeichnet (wird gesichtet und bei Angemessenheit dem Artikel angefügt): ", - "pleaseWait": "Zu viele Versuche von dieser IP. So viele Sekunden warten: " - }, - "mailConfig": { - "to": "plom+url_catcher@plomlompom.com", - "from": "plom+url_catcher@plomlompom.com" - }, - "slowdownReset": 3600 -} diff --git a/buster/other_files/website_hook_post-receive b/buster/other_files/website_hook_post-receive deleted file mode 100755 index 26d1cce..0000000 --- a/buster/other_files/website_hook_post-receive +++ /dev/null @@ -1,2 +0,0 @@ -#!/bin/sh -GIT_WORK_TREE=/var/www git checkout -f diff --git a/buster/other_files/weechat-wrapper.sh b/buster/other_files/weechat-wrapper.sh deleted file mode 100755 index b433574..0000000 --- a/buster/other_files/weechat-wrapper.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/sh - -# Enforce ~/.weechatrc as sole persistent weechat config file. -rm -rf ~/.weechat/ -WEECHATCONF=`tr '\n' ';' < ~/.weechatrc` -weechat -r "$WEECHATCONF" -rm -rf ~/.weechat/ diff --git a/buster/other_files/weechatlogs_encrypter.sh b/buster/other_files/weechatlogs_encrypter.sh deleted file mode 100755 index 9e177d3..0000000 --- a/buster/other_files/weechatlogs_encrypter.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/sh -# Encrypt dated weechatlog files older than one day to GPG target defined in -# ~/.encrypt_target -set -e - -gpg_key=$(cat ~/.encrypt_target) -cd ~/weechatlogs/irc/ - -# Dirty hack: To avoid trouble with GPG key expiration, fake -# system to something reasonbly old (younger than key creation, -# older than expiration) by taking the mod datetime of -# /etc/hostname, which should have last be changed when the -# system was set up. -hostname_mod_epoch=$(stat -c%Y /etc/hostname) -find . -regextype posix-egrep -regex '^.*/.*/.*\.[0-9]{4}-[0-9]{2}-[0-9]{2}\.weechatlog$' -type f -mtime +1 -exec gpg --recipient "${gpg_key}" --trust-model always --faked-system-time="${hostname_mod_epoch}" --encrypt {} \; -exec rm {} \; - diff --git a/buster/other_files/weechatrc b/buster/other_files/weechatrc deleted file mode 100644 index 089c441..0000000 --- a/buster/other_files/weechatrc +++ /dev/null @@ -1,8 +0,0 @@ -/set logger.file.path ~/weechatlogs -/set logger.file.flush_delay 0 -/set logger.mask.irc "irc/$server/$channel.%Y-%m-%d.weechatlog" -/set weechat.bar.status.items "[time],[buffer_last_number],[buffer_plugin],buffer_number+:+buffer_name+(buffer_modes)+{buffer_nicklist_count}+buffer_zoom+buffer_filter,[lag],[hotlist],completion,scroll,[otr]" -/set weechat.color.chat_nick_colors "lightcyan" -/server add freenode irc.freenode.net -nicks=plimlompom,plimlomp0m,pliml0mp0m -realname="foo bar" -autojoin=#plomlompomtest -/connect freenode -/bar hide buflist diff --git a/buster/other_files/zettel_hook_post-receive b/buster/other_files/zettel_hook_post-receive deleted file mode 100755 index 3bea5b2..0000000 --- a/buster/other_files/zettel_hook_post-receive +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/sh -ZETTELDIR=/home/plom/zettel -GIT_WORK_TREE=$ZETTELDIR git checkout -f -cd $ZETTELDIR -redo diff --git a/buster/setup_scripts/backup_app.sh b/buster/setup_scripts/backup_app.sh deleted file mode 100755 index 9b37b14..0000000 --- a/buster/setup_scripts/backup_app.sh +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/sh -set -e -set -x - -if [ "$#" -lt 3 ]; then - echo 'Need at least three arguments: service name, DB name, and backup directory names.' - false -fi -app="$1" -db_name="$2" -shift 2 - -cd /tmp -rm -rf "${app}_backup" -mkdir "${app}_backup" -chmod 777 "${app}_backup" - -service "${app}" stop - -su postgres -lc "pg_dump -d ${db_name} --format=custom -f /tmp/${app}_backup/${db_name}.pgdump" -for target in "$@"; do - mkdir -p $(dirname "${app}_backup${target}") - cp -a "${target}" "${app}_backup${target}" -done - -tar cf "${app}_backup.tar" "${app}_backup" -rm -rf "${app}_backup" -chown plom:plom "${app}_backup.tar" -mv "${app}_backup.tar" /home/plom diff --git a/buster/setup_scripts/copy_dirtree.sh b/buster/setup_scripts/copy_dirtree.sh deleted file mode 100755 index c0cb9bf..0000000 --- a/buster/setup_scripts/copy_dirtree.sh +++ /dev/null @@ -1,30 +0,0 @@ -#!/bin/sh -# Copy files in argument-selected subdirectories of $1 to subdirectories -# of $2 (which may be an empty string), e.g. with $1 of "etc_files", $2 -# of "" and $3 of "all", copy files below etc_files/all such as -# etc_files/all/etc/foo/bar to equivalent locations below / such as -# /etc/foo/bar. Create directories as necessary. Multiple arguments after -# $3 are possible. -# -# CAUTION: This removes original files at the affected paths. -set -e - -if [ "$#" -lt 3 ]; then - echo 'Need arguments: source root, target root, modules.' - false -fi -source_root="$1" -target_root="$2" -shift 2 - -for target_module in "$@"; do - mkdir -p "${source_root}/${target_module}" - cd "${source_root}/${target_module}" - for path in $(find . -type f); do - target_path="${target_root}"$(echo "${path}" | cut -c2-) - source_path=$(realpath "${path}") - dir=$(dirname "${target_path}") - mkdir -p "${dir}" - cp "${source_path}" "${target_path}" - done -done diff --git a/buster/setup_scripts/init_user_and_keybased_login.sh b/buster/setup_scripts/init_user_and_keybased_login.sh deleted file mode 100755 index 298bafa..0000000 --- a/buster/setup_scripts/init_user_and_keybased_login.sh +++ /dev/null @@ -1,56 +0,0 @@ -#!/bin/sh -# This script turns a fresh server with password-based root access to -# one of only key-based access and only to new non-root account plom. -# -# CAUTION: This is optimized for a *fresh* setup. It will overwrite any -# pre-existing ~/.ssh/authorized_keys of user plom with one that solely -# contains the local ~/.ssh/id_rsa.pub, and also any old -# /etc/ssh/sshd_config. -# -# Dependencies: ssh, scp, sshpass, ~/.ssh/id_rsa.pub, properly -# configured sshd_config file in reach. -set -e - -# Location auf a sshd_config with "PermitRootLogin no" and -# "PasswordAuthentication no". -config_tree_prefix="${HOME}/public_repos/config/buster" -linkable_files_dir="${config_tree_prefix}/etc_files/server" -system_path_sshd_config='/etc/ssh/sshd_config' -local_path_sshd_config="${linkable_files_dir}${system_path_sshd_config}" - -# Ensure we have a server name as argument. -if [ $# -eq 0 ]; then - echo "Need server as argument." - false -fi -server="$1" - -# Ask for root password only once, sshpass will re-use it then often. -stty -echo -printf "(Old) server root password: " -read PW_ROOT -stty echo -printf "\n" -export SSHPASS="${PW_ROOT}" - -# This will be used to log-in as root from plom account. -echo 'Asking for new root password.' -ssh root@"${server}" "passwd" - -# Create user plom, and his ~/.ssh/authorized_keys based on the local -# ~/.ssh/id_rsa.pub; ensure the result has proper permissions and -# ownerships. Then disable root and pw login by copying over the -# sshd_config and restart ssh daemon. -# -# This could be a line or two shorter by using ssh-copy-id, but that -# would require setting a password for user plom otherwise not needed. -sshpass -e scp ~/.ssh/id_rsa.pub root@"${server}":/tmp/authorized_keys -sshpass -e ssh root@"${server}" \ - 'useradd -m plom && '\ - 'mkdir /home/plom/.ssh && '\ - 'chown plom:plom /home/plom/.ssh && '\ - 'chown plom:plom /tmp/authorized_keys && '\ - 'chmod u=rw,go= /tmp/authorized_keys && '\ - 'mv /tmp/authorized_keys /home/plom/.ssh/' -sshpass -e scp "${local_path_sshd_config}" root@"${server}":"${system_path_sshd_config}" -sshpass -e ssh root@"${server}" 'service ssh restart' diff --git a/buster/setup_scripts/init_user_login.sh b/buster/setup_scripts/init_user_login.sh deleted file mode 100755 index 7f3536a..0000000 --- a/buster/setup_scripts/init_user_login.sh +++ /dev/null @@ -1,35 +0,0 @@ -#!/bin/sh -set -e - -# Location auf a sshd_config with "PermitRootLogin no" and -# "PasswordAuthentication no". -config_tree_prefix="${HOME}/public_repos/config/buster" -linkable_files_dir="${config_tree_prefix}/etc_files/server" -system_path_sshd_config='/etc/ssh/sshd_config' -local_path_sshd_config="${linkable_files_dir}${system_path_sshd_config}" - -# Ensure we have a server name as argument. -if [ $# -eq 0 ]; then - echo "Need server as argument." - false -fi -server="$1" - -# So we're only asked once ⦠-eval $(ssh-agent) -ssh-add - -# This will be used to log-in as root from plom account. -echo 'Asking for new root password.' -ssh root@"${server}" "passwd" - -# Set up plom's ~/.ssh/authorized_keys from root's. -ssh root@"${server}" 'useradd -m plom' -ssh root@"${server}" 'mkdir /home/plom/.ssh' -ssh root@"${server}" 'chown plom:plom /home/plom/.ssh' -ssh root@"${server}" 'cp /root/.ssh/authorized_keys /home/plom/.ssh/' -ssh root@"${server}" 'chown plom:plom /home/plom/.ssh/authorized_keys' - -# Set up SSH config and remove direct SSH login to root. -scp "${local_path_sshd_config}" root@"${server}":"${system_path_sshd_config}" -ssh root@"${server}" 'rm -rf /root/.ssh && service ssh restart' diff --git a/buster/setup_scripts/install_for_target.sh b/buster/setup_scripts/install_for_target.sh deleted file mode 100755 index 853a672..0000000 --- a/buster/setup_scripts/install_for_target.sh +++ /dev/null @@ -1,20 +0,0 @@ -#!/bin/sh -# Walks through the package names in the argument-selected files of -# apt-mark/ and ensures the respective packages are installed. -# -# Ignores anything in an apt-mark/ file after the last newline. -set -e - -config_tree_prefix="${HOME}/config/buster" -aptmark_dir="${config_tree_prefix}/apt-mark" - -for target in "$@"; do - path="${aptmark_dir}/${target}" - # TODO: continue if file at $path not found, to get rid of dummy files - cat "${path}" | while read line; do - echo "$line" - if [ ! $(echo "${line}" | cut -c1) = "#" ]; then - DEBIAN_FRONTEND=noninteractive apt-get -y -o Dpkg::Options::=--force-confold install "${line}" - fi - done -done diff --git a/buster/setup_scripts/migrate_app.sh b/buster/setup_scripts/migrate_app.sh deleted file mode 100755 index 9ae8c8d..0000000 --- a/buster/setup_scripts/migrate_app.sh +++ /dev/null @@ -1,39 +0,0 @@ -#!/bin/sh -set -e -set -x - -if [ "$#" -lt 2 ]; then - echo 'Need two arguments: old server IP, and service name.' - false -fi -if [ ! "$2" = "pleroma_otp" ] && [ ! "$2" = "pleroma_source" ] && [ ! "$2" = "peertube" ]; then - echo "Need legal service name (pleroma_otp or pleroma_source or peertube)." - false -fi -server_ip="$1" -app="$2" -service="$2" -if [ "${app}" = "pleroma_otp" ]; then - db_name="pleroma" - dirs="/var/lib/pleroma/uploads /etc/pleroma" - service=pleroma -elif [ "${app}" = "pleroma_source" ]; then - db_name="pleroma" - dirs="/var/lib/pleroma/uploads /opt/pleroma/config" - service=pleroma -elif [ "${app}" = "peertube" ]; then - db_name="peertube_prod" - dirs="/var/www/peertube/storage /var/www/peertube/config" -fi - -config_tree_prefix="${HOME}/config/buster" -setup_scripts_dir="${config_tree_prefix}/setup_scripts" - -cd "${setup_scripts_dir}" -./prepare_to_meet_server.sh "${server_ip}" -read -p'Hit Enter when you are done.' ignore -eval $(ssh-agent) && ssh-add -echo 'Enter password for root on target server next.' -ssh plom@"${server_ip}" "su -lc \"cd config/buster/setup_scripts && git pull && ./backup_app.sh ${service} ${db_name} ${dirs}\"" -scp plom@"${server_ip}":~/${service}_backup.tar /home/plom/${service}_backup.tar -./restore_app.sh "${app}" "${db_name}" diff --git a/buster/setup_scripts/migrate_borg.sh b/buster/setup_scripts/migrate_borg.sh deleted file mode 100755 index a119b16..0000000 --- a/buster/setup_scripts/migrate_borg.sh +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/sh -set -e - -if [ "$#" -ne 1 ]; then - echo 'Need old server IP.' - false -fi -old_server="$1" -config_tree_prefix="${HOME}/config/buster" -cp "${config_tree_prefix}/setup_scripts/prepare_to_meet_server.sh" /home/plom/ -chown plom:plom /home/plom/prepare_to_meet_server.sh -su -lc "./prepare_to_meet_server.sh ${old_server}" plom -read -p'Hit Enter when you are done.' ignore -rm /home/plom/prepare_to_meet_server.sh -cp "${config_tree_prefix}/setup_scripts/mirror_dir.sh" /home/plom/ -su -lc "./mirror_dir.sh ${old_server} /home/plom/borg" plom -rm /home/plom/mirror_dir.sh diff --git a/buster/setup_scripts/mirror_dir.sh b/buster/setup_scripts/mirror_dir.sh deleted file mode 100755 index 0fc03aa..0000000 --- a/buster/setup_scripts/mirror_dir.sh +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/sh -# Mirror directory tree from remote to local server, keeping the path. -set -e - -if [ $# -lt 2 ]; then - echo "Need server and directory as arguments." - false -fi -server=$1 -dir=$2 -path_package=/tmp/delete.tar - -eval `ssh-agent` -ssh-add -cd -ssh plom@"${server}" "cd \"${dir}\" && tar cf ${path_package} ." -scp plom@"${server}":"${path_package}" "${path_package}" -mkdir -p "${dir}" -cd "${dir}" -tar xf "${path_package}" -cd -rm "${path_package}" -ssh plom@"${server}" rm "${path_package}" diff --git a/buster/setup_scripts/prepare_to_meet_server.sh b/buster/setup_scripts/prepare_to_meet_server.sh deleted file mode 100755 index df2aa41..0000000 --- a/buster/setup_scripts/prepare_to_meet_server.sh +++ /dev/null @@ -1,22 +0,0 @@ -#!/bin/sh -# Do some of the steps necessary to SSH (key-based) with another server. -set -e - -if [ "$#" -ne 1 ]; then - echo 'Need server IP as argument.' - false -fi -target="$1" - -# We need a public key to copy over, so generate it if not found. -if [ ! -f ~/.ssh/id_rsa.pub ]; then - ssh-keygen -N "" -fi - -# Add target to ~/.ssh/known_hosts so we don't get -# asked for permission at inopportune moments. -ssh-keyscan -H "$target" >> ~/.ssh/known_hosts - -# Tell user what to do. -echo "APPEND FOLLOWING TO TARGET'S ~/.ssh/authorized_keys:" -cat ~/.ssh/id_rsa.pub diff --git a/buster/setup_scripts/purge_nonrequireds.sh b/buster/setup_scripts/purge_nonrequireds.sh deleted file mode 100755 index af2d61b..0000000 --- a/buster/setup_scripts/purge_nonrequireds.sh +++ /dev/null @@ -1,30 +0,0 @@ -#!/bin/sh -# This script removes all Debian packages that are not of Priority -# "required" or not depended on by packages of priority "required" -# or not listed in the argument-selected files of apt-mark/. -set -e - -config_tree_prefix="${HOME}/config/buster" -aptmark_dir="${config_tree_prefix}/apt-mark" - -dpkg-query -Wf '${Package} ${Priority}\n' | grep ' required' | sed 's/ required//' > /tmp/list_white_unsorted -for target in "$@"; do - path="${aptmark_dir}/${target}" - cat "${path}" | while read line; do - if [ ! $(echo "${line}" | cut -c1) = "#" ]; then - echo "${line}" >> /tmp/list_white_unsorted - fi - done -done -sort /tmp/list_white_unsorted > /tmp/list_white -dpkg-query -Wf '${Package}\n' > /tmp/list_all_packages -sort /tmp/list_all_packages > /tmp/foo -mv /tmp/foo /tmp/list_all_packages -comm -3 /tmp/list_all_packages /tmp/list_white > /tmp/list_black -apt-mark auto `cat /tmp/list_black` -DEBIAN_FRONTEND=noninteractive apt-get -y --purge autoremove -rm /tmp/list_all_packages /tmp/list_white_unsorted /tmp/list_white /tmp/list_black - -# Somehow, auto-mounts get undone by all of this, so re-mount /etc/fstab. -# TODO: Find out why. -mount -a diff --git a/buster/setup_scripts/restore_app.sh b/buster/setup_scripts/restore_app.sh deleted file mode 100755 index 817c07d..0000000 --- a/buster/setup_scripts/restore_app.sh +++ /dev/null @@ -1,53 +0,0 @@ -#!/bin/sh -set -e -set -x - -if [ "$#" -lt 2 ]; then - echo 'Need two arguments: service name and DB name.' - false -fi -if [ ! "$1" = "pleroma_otp" ] && [ ! "$1" = "pleroma_source" ] && [ ! "$1" = "peertube" ]; then - echo "Need legal service name (pleroma_otp or pleroma_source or peertube)." - false -fi -app="$1" -db_name="$2" -service="$1" -if [ "${app}" = "pleroma_source" ] || [ "${app}" = "pleroma_otp" ]; then - service=pleroma -fi - -service "${service}" stop - -mv "/home/plom/${service}_backup.tar" /tmp/ -cd /tmp -tar xf "${service}_backup.tar" - -su postgres -c "pg_restore -c -1 -d ${db_name} ${service}_backup/${db_name}.pgdump" -rm "${service}_backup/${db_name}.pgdump" - -cd "${service}_backup" -for path in $(find . -type f); do - if [ "${app}" = "pleroma_source" ]; then - if [ "${path}" = './opt/pleroma/config/prod.secret.exs' ]; then - continue # skip file that contains passwords - fi - fi - target_path=$(echo "${path}" | cut -c2-) - source_path=$(realpath "${path}") - dir=$(dirname "${target_path}") - mkdir -p "${dir}" - cp -a "${source_path}" "${target_path}" -done - -# TODO: Horrible hack, improve. -if [ "${app}" = "pleroma_otp" ]; then - db_pw=$(cat /etc/pleroma/config.exs | grep password | sed 's/[ ]*password\: *//g' | sed 's/,//g' | sed 's/"//g') -elif [ "${app}" = "peertube" ]; then - db_pw=$(cat /var/www/peertube/config/production.yaml | grep password | head -1 | sed "s/[ ]*password\: *//g" | sed "s/'//g") -fi -if [ "${app}" = "pleroma_otp" ] || [ "${app}" = "peertube" ]; then - su postgres -lc "psql -c \"ALTER USER ${service} WITH PASSWORD '${db_pw}';\"" -fi - -service "${service}" start diff --git a/buster/setup_scripts/set_hostname_and_fqdn.sh b/buster/setup_scripts/set_hostname_and_fqdn.sh deleted file mode 100755 index a3b9f9a..0000000 --- a/buster/setup_scripts/set_hostname_and_fqdn.sh +++ /dev/null @@ -1,50 +0,0 @@ -#!/bin/sh -# Sets hostname and optionally FQDN. -# -# Calls hostname, writes to /etc/hostname and /etc/hosts. For /etc/hosts -# writing follows recommendations from Debian manual at -# <https://www.debian.org/doc/manuals/debian-reference/ch05.en.html> -# (section "The hostname resolution") on how to map hostname and possibly -# FQDN to a permanent IP if present (we assume here any non-private IP -# and non-loopback IP returned by hostname -I to fulfill that criterion -# on our systems) or to 127.0.1.1 if not. On the reasoning for separating -# localhost and hostname mapping to different IPs, see -# <https://unix.stackexchange.com/a/13087>. -# -# Ignores IPv6s. -set -e - -hostname="$1" -fqdn="$2" -if [ "${hostname}" = "" ]; then - echo "Need hostname as argument." - false -fi -echo "${hostname}" > /etc/hostname -hostname "${hostname}" - -final_ip="127.0.1.1" -for ip in $(hostname -I); do - if [ $(echo "${ip}" | grep ':' | wc -l) -eq 1 ]; then - continue - fi - range_1=$(echo "${ip}" | cut -d "." -f 1) - range_2=$(echo "${ip}" | cut -d "." -f 2) - if [ "${range_1}" -eq 127 ]; then - continue - elif [ "${range_1}" -eq 10 ]; then - continue - elif [ "${range_1}" -eq 172 ]; then - if [ "${range_2}" -ge 16 ] && [ "${range_2}" -le 31 ]; then - continue - fi - elif [ "${range_1}" -eq 192 ]; then - if [ "${range_2}" -eq 168 ]; then - continue - fi - fi - final_ip="${ip}" -done - -echo "127.0.0.1 localhost.localdomain localhost" > /etc/hosts -echo "${final_ip} ${fqdn} ${hostname}" >> /etc/hosts diff --git a/buster/setup_scripts/setup.sh b/buster/setup_scripts/setup.sh deleted file mode 100755 index cd120e9..0000000 --- a/buster/setup_scripts/setup.sh +++ /dev/null @@ -1,39 +0,0 @@ -#!/bin/sh -set -e - -# Provide maximum input for set_hostname_and_fqdn.sh. -if [ "$#" -lt 2 ]; then - echo 'Need at least two arguments (hostname, FQDN).' - false -fi -hostname="$1" -fqdn="$2" -shift 2 - -config_tree_prefix="${HOME}/config/buster" -setup_scripts_dir="${config_tree_prefix}/setup_scripts" -cd "${setup_scripts_dir}" - -# Adapt /etc/ to our needs by copying from ./etc_files. This will set -# basic configurations affecting following steps, such as setup of APT -# and the locale selection, so needs to be right at the beginning. -./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" all "$@" - -# Set hostname and FQDN. -./set_hostname_and_fqdn.sh "${hostname}" "${fqdn}" - -# Ensure package installation state as defined by what packages are -# defined as required by Debian policy and by settings in ./apt-mark/. -apt update -./install_for_target.sh all "$@" -./purge_nonrequireds.sh all "$@" - -# Ensure our desired locale is available. -locale-gen - -# Only upgrade after reducing the system to the desired minimum, so that -# we don't need to get more data than necessary. -apt -y dist-upgrade - -# Set Berlin localtime. -ln -sf /usr/share/zoneinfo/Europe/Berlin /etc/localtime diff --git a/buster/setup_scripts/setup_desktop.sh b/buster/setup_scripts/setup_desktop.sh deleted file mode 100755 index 97488e1..0000000 --- a/buster/setup_scripts/setup_desktop.sh +++ /dev/null @@ -1,94 +0,0 @@ -#!/bin/sh -set -e - -if [ "$#" -ne 1 ]; then - echo 'Need exactly one argument (system name).' - false -fi -if [ ! "$1" = "eeepc" ] && [ ! "$1" = "x200s" ] && [ ! "$1" = "x220" ] && [ ! "$1" = "w530" ]; then - echo "Need legal system name." - false -fi -system_name="$1" - -# Set up system without user environment. -config_tree_prefix="${HOME}/config/buster" -setup_scripts_dir="${config_tree_prefix}/setup_scripts" -cd "${setup_scripts_dir}" -if [ "$1" = "x200s" ] || [ "$1" = "x220" ] || [ "$1" = "w530" ]; then - ./setup.sh "${system_name}" "" user desktop thinkpad "${system_name}" -else - ./setup.sh "${system_name}" "" user desktop "${system_name}" -fi -# For hibernation on lid switch to work, we need a newer kernel on the EeePC, -# see <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919227>. -if [ "${system_name}" = "eeepc" ]; then - apt -y install -t buster-backports linux-image-amd64 -fi - -# Set up printer. -lpadmin -p 'HP_Deskjet_F300_series' -m 'drv:///hpcups.drv/hp-deskjet_f300_series.ppd' -o 'OutputMode=NormalGray' -E -service cups restart - -# Install Firefox directly from Mozilla. -firefox_release="68.4.1esr" -firefox_filename="firefox-${firefox_release}.tar.bz2" -url_firefox="https://ftp.mozilla.org/pub/firefox/releases/${firefox_release}/linux-x86_64/en-US/${firefox_filename}" -wget "${url_firefox}" -mv "${firefox_filename}" /opt/ -cd /opt/ -tar xf "${firefox_filename}" -rm "${firefox_filename}" -ln -s /opt/firefox/firefox /usr/local/bin/ -update-alternatives --install /usr/bin/x-www-browser x-www-browser /opt/firefox/firefox 200 -update-alternatives --set x-www-browser /opt/firefox/firefox - -# Install Firefox plugins. -# See <https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/Distribution_options/Sideloading_add-ons> -extensions_dir="/usr/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/" -mkdir -p "${extensions_dir}" -umatrix_version="1.4.0" -umatrix_xpi="uMatrix.firefox.xpi" -url_umatrix="https://github.com/gorhill/uMatrix/releases/download/${umatrix_version}/${umatrix_xpi}" -wget "${url_umatrix}" -name=$(unzip -p "${umatrix_xpi}" manifest.json | jq -r .applications.gecko.id) -mv "${umatrix_xpi}" "${name}".xpi -tridactyl_version="1.17.1pre3355" -tridactyl_xpi="tridactyl_beta-${tridactyl_version}-an+fx.xpi" -url_tridactyl="https://tridactyl.cmcaine.co.uk/betas/${tridactyl_xpi}" -wget "${url_tridactyl}" -name=$(unzip -p "${tridactyl_xpi}" manifest.json | jq -r .applications.gecko.id) -mv "${tridactyl_xpi}" "${name}.xpi" -mv *.xpi "${extensions_dir}" - -# Set up user environments. -secrets_dev="sdb" -source_dir_secrets="/media/${secrets_dev}/to_usb" -target_dir_secrets="/home/plom/tmp_secrets" -cd "${setup_scripts_dir}" -./copy_dirtree.sh "${config_tree_prefix}/home_files" "/root" minimal root -set +e -HOME_DIR_EXISTS=$([ ! -d "/home/plom" ]; echo $?) -set -e -adduser --disabled-password --gecos "" plom -usermod -a -G sudo plom -passwd plom -if [ "${HOME_DIR_EXISTS}" -eq 0 ]; then - echo "Put secrets drive into slot for /dev/${secrets_dev}." - while [ ! -e /dev/"${secrets_dev}" ]; do - sleep 1 - done - stty -echo - printf "Secrets passphrase: " - read secrets_pass - stty echo - echo "" # newline so user knows their input return was accepted - echo "${secrets_pass}" | pmount /dev/"${secrets_dev}" - cp -a "${source_dir_secrets}" "${target_dir_secrets}" - chown -R plom:plom "${target_dir_secrets}" - pumount "${secrets_dev}" - echo "You can remove /dev/${secrets_dev} now." - cp setup_home.sh /home/plom - chown plom:plom /home/plom/setup_home.sh - SECRETS_PASS="${secrets_pass}" su -c "cd && ./setup_home.sh ${system_name}" plom -fi diff --git a/buster/setup_scripts/setup_dumpsite.sh b/buster/setup_scripts/setup_dumpsite.sh deleted file mode 100755 index c2592d8..0000000 --- a/buster/setup_scripts/setup_dumpsite.sh +++ /dev/null @@ -1,102 +0,0 @@ -#!/bin/sh -set -e - -if [ "$#" -ne 4 ]; then - echo 'Need domain name and mail and old server and repos source ("local" or "remote"?).' - false -fi -if [ ! "$4" = "local" ] && [ ! "$4" = "remote" ]; then - echo "Need legal repo source name." - false -fi -domain="$1" -mail="$2" -old_server="$3" -repos_source="$4" - -read -p"Only continue if hostname is not domain of url_catcher's target mail address, else abort!" ignore - -# Install configs, set up firewall. -echo "postfix postfix/main_mailer_type string 'Internet Site'" | debconf-set-selections -echo "postfix postfix/mailname string $(hostname -f)" | debconf-set-selections -config_tree_prefix="${HOME}/config/buster" -./install_for_target.sh web dumpsite -./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" web dumpsite -nft -f /etc/nftables.conf - -# Set up letsencrypt certificate. TODO: Is it auto-renewed? -ln -sf /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default -certbot --nginx --agree-tos --redirect --no-eff-email -m "${mail}" -d "${domain}" -rm /etc/nginx/sites-enabled/default - -# Set up connection to old dump server. -cp "${config_tree_prefix}/setup_scripts/prepare_to_meet_server.sh" /home/plom/ -chown plom:plom /home/plom/prepare_to_meet_server.sh -su -lc "./prepare_to_meet_server.sh ${old_server}" plom -read -p'Hit Enter when you are done.' ignore -rm /home/plom/prepare_to_meet_server.sh - -# Set up dump dirs. -mkdir /var/www-dump -chown plom:plom /var/www-dump -dump_dir=dump -geheim_dir=geheim -su -lc "ln -s /home/plom/${dump_dir} /var/www-dump/${dump_dir}" plom -su -lc "ln -s /home/plom/${geheim_dir} /var/www-dump/${geheim_dir}" plom -cp "${config_tree_prefix}/setup_scripts/mirror_dir.sh" /home/plom/ -su -lc "./mirror_dir.sh ${old_server} /home/plom/${dump_dir}" plom -su -lc "./mirror_dir.sh ${old_server} /home/plom/${geheim_dir}" plom -su -lc "scp plom@${old_server}:/var/www-dump/password_geheim ~" plom -mv /home/plom/password_geheim /var/www-dump/password_geheim -rm /home/plom/mirror_dir.sh - -# Set up redo. -wget http://news.dieweltistgarnichtso.net/bin/archives/redo-sh.tar.gz -tar -moxzf redo-sh.tar.gz -C /usr/local - -# Set up zettel. -su -lc "git clone --mirror ${old_server}:zettel.git" plom -cp "${config_tree_prefix}/other_files/zettel_hook_post-receive" /home/plom/zettel.git/hooks/post-receive -su -lc "git clone ~/zettel.git && cd zettel && redo" plom -su -lc "ln -s /home/plom/zettel /var/www-dump/zettel" plom -# NOTE: Locally, to update content, clone zettel.git, not zettel. - -# Set up redo blog. -su -lc "git clone --mirror ${old_server}:blog.git" plom -cp "${config_tree_prefix}/other_files/blog_hook_post-receive" /home/plom/blog.git/hooks/post-receive -su -lc "git clone ~/blog.git" plom -# TODO: set up like plomlombot repo (with post-recieve hook)? -if [ "$repo_source" = "local"]; then - su -lc "git clone /var/repos/redo-blog" plom -else - su -lc "git clone https://plomlompom.com/repos/clone/redo-blog" plom -fi -su -lc "cd redo-blog && ./add_dir.sh ~/blog" plom -su -lc "cd blog && redo" plom -su -lc "ln -s /home/plom/blog/public /var/www-dump/blog" plom -# NOTE: Locally, to update content, clone blog.git, not blog. - -# Set up url catcher. -# TODO: set up like plomlombot repo (with post-recieve hook)? -if [ "$repo_source" = "local"]; then - su -lc "git clone /var/repos/url-catcher" plom -else - su -lc "git clone https://plomlompom.com/repos/clone/url-catcher" plom -fi -su -lc "cd url-catcher && ln -s ../blog/captchas/linkable/ captchas" plom -cp "${config_tree_prefix}/other_files/url-catcher_customizations.json" /home/plom/url-catcher/customizations.json -systemctl enable url_catcher.service -service url_catcher start -cp "${config_tree_prefix}/setup_scripts/mirror_dir.sh" /home/plom/ -su -lc "./mirror_dir.sh ${old_server} /home/plom/url-catcher/ips" plom -su -lc "./mirror_dir.sh ${old_server} /home/plom/url-catcher/lists" plom -rm /home/plom/mirror_dir.sh - -# Set up index.html -cp "${config_tree_prefix}/other_files/dumpsite_index.html" /var/www-dump/index.html - -# Prepare NGINX. -sed -i "s/REPLACE_fqdn_ECALPER/${domain}/g" /etc/nginx/sites-available/dumpsite.nginx -ln -s /etc/nginx/sites-available/dumpsite.nginx /etc/nginx/sites-enabled/dumpsite.nginx - -service nginx restart diff --git a/buster/setup_scripts/setup_home.sh b/buster/setup_scripts/setup_home.sh deleted file mode 100755 index 24f4c67..0000000 --- a/buster/setup_scripts/setup_home.sh +++ /dev/null @@ -1,102 +0,0 @@ -#!/bin/sh -set -e - -if [ "$#" -ne 1 ]; then - echo 'Need exactly one argument (system name).' - false -fi -if [ ! "$1" = "eeepc" ] && [ ! "$1" = "x200s" ]&& [ ! "$1" = "x220" ]; then - echo "Need legal system name." - false -fi -system_name="$1" - -public_repos_dir="${HOME}/public_repos" -config_tree_prefix="${public_repos_dir}/config" -path_borgscript="${config_tree_prefix}/all_new_2018/borg.sh" -config_tree_buster="${config_tree_prefix}/buster" -setup_scripts_dir="${config_tree_buster}/setup_scripts" -repos_list_file="${public_repos_dir}/repos" -dir_secrets="${HOME}/tmp_secrets" -borgkeys_dir=~/.config/borg/keys -borgrepos_file=~/.borgrepos -ssh_dir=~/.ssh -authinfo_file=.authinfo -maildir=~/mail/maildir - -ensure_repo() { - repo_name="${1}" - if [ ! -d "${public_repos_dir}/${repo_name}" ]; then - cd "${public_repos_dir}" - git clone plom@plomlompom.com:/var/repos/${repo_name} - fi -} - -# Set up iniitial non-public parts of infrastructure: SSH authentication. -cd "${dir_secrets}" -mkdir -p "${ssh_dir}" -echo "Setting up .ssh" -cp id_rsa ~/.ssh -stty -echo -ssh-keygen -y -f ~/.ssh/id_rsa > ~/.ssh/id_rsa.pub -stty echo -eval $(ssh-agent) -ssh-add -ssh-keyscan -H "plomlompom.com" >> ~/.ssh/known_hosts - -# Clone config to copy dotfiles etc. from it. -cd -mkdir -p "${public_repos_dir}" -ensure_repo config -cd "${setup_scripts_dir}" -./copy_dirtree.sh "${config_tree_buster}/home_files" "${HOME}" minimal user "${system_name}" - -# Set up native messenger for tridactyl. -version='ef9f02d0da258f68d7faf8898707f6d83d90d07a' -curl -fsSl "https://raw.githubusercontent.com/tridactyl/tridactyl/${version}/native/install.sh" | bash - -# Set up further non-public parts of infrastructure. -cd "${dir_secrets}" -script -c 'gpg --import secret_keys.asc' /dev/null -tar xf borg_keyfiles.tar -mkdir -p "${borgkeys_dir}" -mv borg_keyfiles/* "${borgkeys_dir}" -# .authinfo may not be present on every secrets drive yet -if [ -f "${authinfo_file}" ]; then - cp "${authinfo_file}" ~ -fi -cd -rm -rf "${dir_secrets}" - -# Sync org dir via borgbackup. For this we need the borgbackup servers -# in our .ssh/known_hosts file. -cat "${borgrepos_file}" | while read line; do - first_char=$(echo "${line}" | cut -c1) - if [ "${first_char}" = "#" ]; then - continue - fi - server=$(echo "${line}" | sed 's/.*@//') - ssh-keyscan "${server}" >> "${ssh_dir}"/known_hosts -done -BORG_PASSPHRASE="${SECRETS_PASS}" "${path_borgscript}" orgpull - -# Fill ~/public_repos. -cat "${repos_list_file}" | while read line; do - first_char=$(echo "${line}" | cut -c1) - if [ "${first_char}" = "#" ]; then - continue - fi - ensure_repo "${line}" -done - -# Set up e-mail system. Note that we only do mbsync if the imap pass file -# is found. It may not be present on every secrets drive yet, so we have to -# deal with the possibility of it being absent at this point. -mkdir -p "${maildir}" # expected by mbsync/isync -if [ -f "${HOME}/${authinfo_file}" ]; then - mbsync -a - notmuch new -fi - -# Final note on how to integrate tridactyl. -echo "TODO: As tridactyl user, don't forget to do :source on the first Firefox run, wait a little while (Tridactyl needs to walk through all commands in the .tridactylrc) and then re-start." diff --git a/buster/setup_scripts/setup_mail.sh b/buster/setup_scripts/setup_mail.sh deleted file mode 100755 index c749f27..0000000 --- a/buster/setup_scripts/setup_mail.sh +++ /dev/null @@ -1,121 +0,0 @@ -#!/bin/sh -set -e - -# Check we have the necessary arguments. -if [ "$#" -lt 1 ]; then - echo 'Need mail for letsencrypt, mail domain, and optionally old server IP.' - false -fi -mail="$1" -mail_domain="$2" -old_server="$3" - -read -p'You sure you entered the correct mail domain? (not the server domain, but what comes after the @ in your mail addresses) If not, abort here!' ignore - -config_tree_prefix="${HOME}/config/buster" -echo "postfix postfix/main_mailer_type string 'Internet Site'" | debconf-set-selections -echo "postfix postfix/mailname string ${mail_domain}" | debconf-set-selections -./install_for_target.sh mail -./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" mail -nft -f /etc/nftables.conf - -# Rebuild aliases DB from /etc/aliases -newaliases - -# Update config files without overwriting defaults. -cat "${config_tree_prefix}/other_files/append_postfix_main.cf" >> /etc/postfix/main.cf -cat "${config_tree_prefix}/other_files/append_postfix_master.cf" >> /etc/postfix/master.cf -cat "${config_tree_prefix}/other_files/append_opendkim.conf" >> /etc/opendkim.conf - -# Set up letsencrypt certificate. We need this for STARTTLS on port -# 25/SMTP (some mail servers refuse delivering mails here if no -# STARTTLS available) and transport-layer TLS on port 465 (for -# user-to-server SMTPS) -# TODO: Is it auto-renewed? -certbot certonly --standalone --agree-tos --no-eff-email -m "${mail}" -d "$(hostname -f)" - -# For if FQDN != mail domain name. -sed -i "s/REPLACE_maildomain_ECALPER/${mail_domain}/g" /etc/mailutils.conf -sed -i "s/REPLACE_maildomain_ECALPER/${mail_domain}/g" /etc/postfix/main.cf - -# OpenDKIM setup. -selector=$(hostname)$(date +%Y%m%d) -opendkim-genkey -d "${mail_domain}" -D /etc/dkimkeys -s "${selector}" -sed -i "s/REPLACE_maildomain_ECALPER/${mail_domain}/g" /etc/opendkim.conf -sed -i "s/REPLACE_selector_ECALPER/${selector}/g" /etc/opendkim.conf - -# Dovecot sieve filtering via LMTP. Without this, mail only gets -# delivered to /var/mail/â¦, with it /var/mail/⦠remains the fallback -# inbox, but all else is sieve-filtered to ~/mail/. -cp "${config_tree_prefix}/other_files/dovecot.sieve" /home/plom/.dovecot.sieve -chown plom:plom /home/plom/.dovecot.sieve - -# In addition to our postfix server receiving mails, we funnel mails from a -# POP3 account into dovecot via fetchmail. It might make sense to adapt the -# ~/.dovecot.sieve to move mails targeted to the fetched mail account to their -# own mbox. -cp "${config_tree_prefix}/other_files/fetchmailrc" /home/plom/.fetchmailrc -chown plom:plom /home/plom/.fetchmailrc -chmod 0700 /home/plom/.fetchmailrc - -# Pingmail setup. -cp "${config_tree_prefix}/other_files/pingmailrc" /home/plom/.pingmailrc -chown plom:plom /home/plom/.pingmailrc -su -lc "cd && git clone https://plomlompom.com/repos/clone/pingmail" plom - -# To allow IMAPS access. -echo "ssl_cert = </etc/letsencrypt/live/$(hostname -f)/fullchain.pem" > /etc/dovecot/conf.d/99-ssl-certs.conf -echo "ssl_key = </etc/letsencrypt/live/$(hostname -f)/privkey.pem" >> /etc/dovecot/conf.d/99-ssl-certs.conf -password=$(pwgen -s 100 1) -echo "plom:${password}" | chpasswd - -# Get old mail data, shutdown old postfix server. -if [ "${old_server}" != "" ]; then - cp "${config_tree_prefix}/setup_scripts/prepare_to_meet_server.sh" /home/plom/ - su -lc "./prepare_to_meet_server.sh ${old_server}" plom - read -p'Hit Enter when you are done.' ignore - rm /home/plom/prepare_to_meet_server.sh - su -lc "scp plom@${old_server}:.dovecot.sieve ~" plom - su -lc "scp plom@${old_server}:.fetchmailrc ~" plom - su -lc "scp plom@${old_server}:.pingmailrc ~" plom - su -lc "ssh -t plom@${old_server} \"su -lc 'service postfix stop'\"" plom - su -lc "ssh plom@${old_server} \"su -lc 'systemctl disable fetchmail_old_account.timer'\"" plom - su -lc "ssh plom@${old_server} \"su -lc 'service fetchmail_old_account stop'\"" plom - #su -lc "ssh -t plom@${old_server} \"su -lc 'service fetchmail stop'\"" plom - cp "${config_tree_prefix}/setup_scripts/mirror_dir.sh" /home/plom/ - su -lc "./mirror_dir.sh ${old_server} /home/plom/mail" plom - rm /home/plom/mirror_dir.sh - touch /var/mail/plom - chown plom:mail /var/mail/plom - chmod 0600 /var/mail/plom - su -lc "scp plom@${old_server}:/var/mail/plom /var/mail/plom" plom -fi - -# Start everything anew to ensure new configurations. -service opendkim restart -service postfix restart -service dovecot restart - -# Pingmail and fetchmail have some systemd timers waiting. To let systemd -# know about them, do this. -systemctl daemon-reload -systemctl enable --now fetchmail_old_account.timer -systemctl enable --now pingmail.timer - -# Final advice to user. -echo "To put into DNS:" -cat "/etc/dkimkeys/${selector}.txt" -echo "If subdomain, append .subdomain to _domainkeys!" -echo "Also ensure DMARC record of 'v=DMARC1; p=none; rua=mailto:plom+dmarc@plomlompom.com;' as TXT entry at _dmarc or, if subdomain, _dmarc.subdomain" -echo "Also ensure SPF record of 'v=spf1 mx -all' as TXT entry at @ or subdomain" -echo "Also ensure reverse DNS lookup for our IP points to $(hostname -f)" -echo "Also ensure MX record of priority 10 for @ or subdomain pointing to $(hostname -f)" -echo "IMAPS password for user plom is: ${password}" -echo "Also don't forget borgbackup migration â¦" - -# todo just for proper mail /sending/: -# * how to check IP safety -# https://talosintelligence.com/reputation_center/lookup?search=$IP -# http://www.anti-abuse.org/multi-rbl-check-results/?host= -# https://www.dnsbl.info/dnsbl-database-check.php -# note that none of these catch the IPs that gmx etc. reject diff --git a/buster/setup_scripts/setup_peertube.sh b/buster/setup_scripts/setup_peertube.sh deleted file mode 100755 index fb9afc9..0000000 --- a/buster/setup_scripts/setup_peertube.sh +++ /dev/null @@ -1,76 +0,0 @@ -#!/bin/sh -set -e - -# Heavily inspired by -# <https://github.com/Chocobozzz/PeerTube/blob/develop/support/doc/production.md> -# and -# <https://github.com/Chocobozzz/PeerTube/blob/develop/support/doc/dependencies.md> - -if [ "$#" -ne 2 ]; then - echo 'Need domain name, mail_address as arguments.' - false -fi -domain="$1" -mail="$2" - -# Install dependencies, set up firewall. -config_tree_prefix="${HOME}/config/buster" -./install_for_target.sh web peertube -./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" web -nft -f /etc/nftables.conf - -# Get NodeJS. See -# <https://github.com/nodesource/distributions/blob/master/README.md> -curl -sL https://deb.nodesource.com/setup_10.x | bash - -apt-get install -y nodejs - -# Get Yarn. See -# <https://classic.yarnpkg.com/en/docs/install#debian-stable> -curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - -echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list -apt update && apt install yarn - -systemctl start redis postgresql - -# Prepare user and DB. -useradd -m -d /var/www/peertube -s /bin/bash -p peertube peertube -db_pw=$(pwgen -s 100 1) -su postgres -lc "psql -c \"CREATE USER peertube WITH PASSWORD '${db_pw}';\"" -su -l postgres -c 'createdb -O peertube -E UTF8 -T template0 peertube_prod' -su -l postgres -c 'psql -c "CREATE EXTENSION pg_trgm;" peertube_prod' -su -l postgres -c 'psql -c "CREATE EXTENSION unaccent;" peertube_prod' - -# Install and configure PeerTube from latest version. -VERSION=$(curl -s https://api.github.com/repos/chocobozzz/peertube/releases/latest | grep tag_name | cut -d '"' -f 4) && echo "Latest Peertube version is $VERSION" -cd /var/www/peertube && su -l peertube -c "mkdir config storage versions && cd versions" -su -l peertube -c "wget -q 'https://github.com/Chocobozzz/PeerTube/releases/download/${VERSION}/peertube-${VERSION}.zip'" -su -l peertube -c "unzip peertube-${VERSION}.zip && rm peertube-${VERSION}.zip" -su -l peertube -c "ln -s peertube-${VERSION} ./peertube-latest" -su -l peertube -c "cd peertube-latest && yarn install --production --pure-lockfile" - -# Configure PeerTube. -cp "${config_tree_prefix}/other_files/peertube_production.yaml" /var/www/peertube/config/production.yaml -chown peertube:peertube /var/www/peertube/config/production.yaml -sed -i "s/admin\@example\.com/${mail}/g" config/production.yaml -sed -i "s/example\.com/${domain}/g" config/production.yaml -sed -i "s/password: 'peertube'/password: '${db_pw}'/g" config/production.yaml - -# Set up letsencrypt certificate. TODO: Is it auto-renewed? -ln -sf /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default -certbot --nginx --agree-tos --redirect --no-eff-email -m "${mail}" -d "${domain}" -rm /etc/nginx/sites-enabled/default - -# Configure NGINX. -cp /var/www/peertube/peertube-latest/support/nginx/peertube /etc/nginx/sites-available/peertube -sed -i "s/peertube.example.com/${domain}/g" /etc/nginx/sites-available/peertube -sed -i -E 's/^([[:space:]]*)(access_log|error_log)([[:space:]])/\1# \2\3/g' /etc/nginx/sites-available/peertube -ln -s /etc/nginx/sites-available/peertube /etc/nginx/sites-enabled/peertube - -# Configure systemd and start PeerTube through it. -cp /var/www/peertube/peertube-latest/support/systemd/peertube.service /etc/systemd/system/ -systemctl daemon-reload -systemctl enable peertube -systemctl start peertube - -# Restart NGINX. -service nginx restart diff --git a/buster/setup_scripts/setup_play.sh b/buster/setup_scripts/setup_play.sh deleted file mode 100755 index 2f3cb7d..0000000 --- a/buster/setup_scripts/setup_play.sh +++ /dev/null @@ -1,55 +0,0 @@ -#!/bin/sh -set -e -set -x - -if [ "$#" -lt 1 ]; then - echo "Need public key ID and optionally old server IP." - false -fi -gpg_key="$1" -old_server="$2" - -config_tree_prefix="${HOME}/config/buster" -./install_for_target.sh play -./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" play -cp "${config_tree_prefix}/other_files/weechatrc" /home/plom/.weechatrc -cp "${config_tree_prefix}/other_files/weechat-wrapper.sh" /home/plom/ -cp "${config_tree_prefix}/other_files/weechatlogs_encrypter.sh" /home/plom/ -chown plom:plom /home/plom/*weechat* -chown plom:plom /home/plom/.weechatrc -echo "${gpg_key}" > /home/plom/.encrypt_target -chown plom:plom /home/plom/.encrypt_target - -# TODO refactor with setup_website.sh -# Add encryption key. -keyservers='sks-keyservers.net/ keys.gnupg.net' -set +e -while true; do - do_break=0 - for keyserver in $(echo "${keyservers}"); do - su plom -c "gpg --no-tty --keyserver $keyserver --recv-key ${gpg_key}" - if [ $? -eq "0" ]; then - do_break=1 - break - fi - echo "Attempt with keyserver ${keyserver} unsuccessful, trying other." - done - if [ "${do_break}" -eq "1" ]; then - break - fi -done -set -e - -if [ "${old_server}" != "" ]; then - cp "${config_tree_prefix}/setup_scripts/prepare_to_meet_server.sh" /home/plom/ - su -lc "./prepare_to_meet_server.sh ${old_server}" plom - read -p'Hit Enter when you are done.' ignore - rm /home/plom/prepare_to_meet_server.sh - su -lc "scp plom@${old_server}:.ssh/authorized_keys .ssh/authorized_keys" plom - su -lc "scp plom@${old_server}:.weechatrc ~" plom - cp "${config_tree_prefix}/setup_scripts/mirror_dir.sh" /home/plom/ - su -lc "./mirror_dir.sh ${old_server} /home/plom/weechatlogs" plom - rm /home/plom/mirror_dir.sh -fi - -systemctl enable --now encrypt_chatlogs.timer diff --git a/buster/setup_scripts/setup_pleroma_otp.sh b/buster/setup_scripts/setup_pleroma_otp.sh deleted file mode 100755 index 7a38d79..0000000 --- a/buster/setup_scripts/setup_pleroma_otp.sh +++ /dev/null @@ -1,94 +0,0 @@ -#!/bin/sh -set -e -# Heavily inspired by <https://docs.pleroma.social/otp_en.html> - -if [ "$#" -ne 2 ]; then - echo 'Need domain name, mail_address as arguments.' - false -fi -domain="$1" -mail="$2" - -# Install dependencies, set up firewall. -config_tree_prefix="${HOME}/config/buster" -./install_for_target.sh web pleroma pleroma_otp -./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" web pleroma -nft -f /etc/nftables.conf - -# Set up letsencrypt certificate. TODO: Is it auto-renewed? -ln -sf /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default -certbot --nginx --agree-tos --redirect --no-eff-email -m "${mail}" -d "${domain}" -rm /etc/nginx/sites-enabled/default - -# Prepare user. -adduser --system --shell /bin/false --home /opt/pleroma pleroma - -# Download and unzip latest stable release, set up Pleroma dirs. -export FLAVOUR='amd64' -su pleroma -s $SHELL -lc " -curl 'https://git.pleroma.social/api/v4/projects/2/jobs/artifacts/stable/download?job=$FLAVOUR' -o /tmp/pleroma.zip -unzip /tmp/pleroma.zip -d /tmp/ -" -su pleroma -s $SHELL -lc " -mv /tmp/release/* /opt/pleroma -rmdir /tmp/release -rm /tmp/pleroma.zip -" -mkdir -p /var/lib/pleroma/uploads -chown -R pleroma /var/lib/pleroma -mkdir -p /etc/pleroma -chown -R pleroma /etc/pleroma - -# Configure and set up DB. -su pleroma -s $SHELL -lc "./bin/pleroma_ctl instance gen \ ---output /etc/pleroma/config.exs \ ---output-psql /tmp/setup_db.psql \ ---domain ${domain} \ ---instance-name plom-roma \ ---admin-email ${mail} \ ---notify-email ${mail} \ ---dbhost localhost \ ---dbname pleroma \ ---dbuser pleroma \ ---db-configurable N \ ---rum N \ ---indexable Y \ ---uploads-dir /var/lib/pleroma/uploads \ ---static-dir /var/lib/pleroma/static \ ---listen-ip 127.0.0.1 \ ---listen-port 4000 \ ---dbpass $(pwgen -s 100 1)" -su postgres -s $SHELL -lc "psql -f /tmp/setup_db.psql" -su pleroma -s $SHELL -lc "./bin/pleroma_ctl migrate" - -# Since the OTP release does not support .secret.exs configuration -# files, we hack our own alternative by simply appending custom -# configurations to /etc/config.exs. -cat "${config_tree_prefix}/other_files/append_pleroma_config" >> /etc/pleroma/config.exs - -# Single-pixel picture hack for removing Pleroma FE images. -cp "${config_tree_prefix}/other_files/pixel.png" /var/lib/pleroma/static/ -chown pleroma:nogroup /var/lib/pleroma/static/pixel.png - -# Info panel and TOS. -#mkdir -p /var/lib/pleroma/static/instance -#mkdir -p /var/lib/pleroma/static/static -#cp "${config_tree_prefix}/other_files/pleroma_panel.html" /var/lib/pleroma/static/instance/panel.html -#cp "${config_tree_prefix}/other_files/pleroma_terms-of-service.html" /var/lib/pleroma/static/static/terms-of-service.html -#cp "${config_tree_prefix}/other_files/pleroma_robots.txt" /var/lib/pleroma/static/robots.txt - -# Hack to fix <https://git.pleroma.social/pleroma/pleroma/issues/1616> -curl https://git.pleroma.social/pleroma/pleroma/-/raw/4271cfb81a8983f5ec6a878cab1fb3fbd164245d/priv/static/static/static-fe.css?inline=false >> /var/lib/pleroma/static/static/static-fe.css - -# Prepare NGINX config for Pleroma. -cp /opt/pleroma/installation/pleroma.nginx /etc/nginx/sites-available/pleroma.nginx -sed -i "s/example\.tld/${domain}/g" /etc/nginx/sites-available/pleroma.nginx -ln -s /etc/nginx/sites-available/pleroma.nginx /etc/nginx/sites-enabled/pleroma.nginx - -# Systemd integration. -cp /opt/pleroma/installation/pleroma.service /etc/systemd/system/pleroma.service -systemctl start pleroma -systemctl enable pleroma - -# Only restart NGINX with Pleroma running. -service nginx restart diff --git a/buster/setup_scripts/setup_pleroma_source.sh b/buster/setup_scripts/setup_pleroma_source.sh deleted file mode 100755 index 2385fb4..0000000 --- a/buster/setup_scripts/setup_pleroma_source.sh +++ /dev/null @@ -1,94 +0,0 @@ -#!/bin/sh -set -e -set -x -# Heavily inspired by <https://docs-develop.pleroma.social/backend/installation/debian_based_en/> - -if [ "$#" -ne 2 ]; then - echo 'Need domain name, mail_address as arguments.' - false -fi -domain="$1" -mail="$2" - -# Install dependencies, configs, set up firewall. -config_tree_prefix="${HOME}/config/buster" -./install_for_target.sh web pleroma pleroma_source -./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" web pleroma -nft -f /etc/nftables.conf - -# Prepare user. -adduser --system --group --shell /bin/false --home /var/lib/pleroma pleroma - -# Setup Erlang. -wget -P /tmp/ https://packages.erlang-solutions.com/erlang-solutions_1.0_all.deb -dpkg -i /tmp/erlang-solutions_1.0_all.deb -apt update -apt -y install elixir erlang-dev erlang-tools erlang-parsetools erlang-eldap erlang-ssh erlang-xmerl - -mkdir -p /opt/pleroma -chown -R pleroma:pleroma /opt/pleroma -su pleroma -s $SHELL -lc 'git clone -b develop https://git.pleroma.social/pleroma/pleroma /opt/pleroma' -su pleroma -s $SHELL -lc 'mix local.hex --force' -su pleroma -s $SHELL -lc 'mix local.rebar --force' -su pleroma -s $SHELL -lc "cd /opt/pleroma &&\ -mix deps.get &&\ -mix pleroma.instance gen \ ---output config/generated_config.exs \ ---output-psql /tmp/setup_db.psql \ ---domain ${domain} \ ---instance-name plomroma \ ---admin-email ${mail} \ ---notify-email ${mail} \ ---dbhost localhost \ ---dbname pleroma \ ---dbuser pleroma \ ---db-configurable N \ ---rum N \ ---indexable Y \ ---uploads-dir /var/lib/pleroma/uploads \ ---static-dir /var/lib/pleroma/static \ ---listen-ip 127.0.0.1 \ ---listen-port 4000 \ ---dbpass $(pwgen -s 100 1) &&\ -mv config/{generated_config.exs,prod.secret.exs}" -su postgres -s $SHELL -lc 'psql -f /tmp/setup_db.psql' -su pleroma -s $SHELL -lc 'cd /opt/pleroma && MIX_ENV=prod mix ecto.migrate' - -# Add our own plom.exs and import it to prod.secret.exs -echo '' >> /opt/pleroma/config/prod.secret.exs -echo 'import_config "plom.exs"' >> /opt/pleroma/config/prod.secret.exs -echo 'import Config' > /opt/pleroma/config/plom.exs -cat "${config_tree_prefix}/other_files/append_pleroma_config" >> /opt/pleroma/config/plom.exs - -# Single-pixel picture hack for removing Pleroma FE images. -cp "${config_tree_prefix}/other_files/pixel.png" /var/lib/pleroma/static/ -chown pleroma:nogroup /var/lib/pleroma/static/pixel.png - -# Info panel and TOS. -#mkdir -p /var/lib/pleroma/static/instance -#mkdir -p /var/lib/pleroma/static/static -#cp "${config_tree_prefix}/other_files/pleroma_panel.html" /var/lib/pleroma/static/instance/panel.html -#cp "${config_tree_prefix}/other_files/pleroma_terms-of-service.html" /var/lib/pleroma/static/static/terms-of-service.html -#cp "${config_tree_prefix}/other_files/pleroma_robots.txt" /var/lib/pleroma/static/robots.txt - -# Upload directory. For some reason this does not exist yet here. -mkdir -p /var/lib/pleroma/uploads -chown pleroma:nogroup /var/lib/pleroma/uploads - -# Set up letsencrypt certificate. TODO: Is it auto-renewed? -ln -sf /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default -certbot --nginx --agree-tos --redirect --no-eff-email -m "${mail}" -d "${domain}" -rm /etc/nginx/sites-enabled/default - -# Prepare NGINX config for Pleroma. -cp /opt/pleroma/installation/pleroma.nginx /etc/nginx/sites-available/pleroma.nginx -sed -i "s/example\.tld/${domain}/g" /etc/nginx/sites-available/pleroma.nginx -ln -s /etc/nginx/sites-available/pleroma.nginx /etc/nginx/sites-enabled/pleroma.nginx - -# Systemd integration. -cp /opt/pleroma/installation/pleroma.service /etc/systemd/system/pleroma.service -systemctl start pleroma -systemctl enable pleroma - -# Only restart NGINX with Pleroma running. -service nginx restart diff --git a/buster/setup_scripts/setup_seedbox.sh b/buster/setup_scripts/setup_seedbox.sh deleted file mode 100755 index 32c7791..0000000 --- a/buster/setup_scripts/setup_seedbox.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/sh -set -e - -./install_for_target.sh seedbox - -# As according to <https://rtorrent-docs.readthedocs.io/en/latest/cookbook.html#modernized-configuration-template> -su -lc "curl -Ls 'https://raw.githubusercontent.com/wiki/rakshasa/rtorrent/CONFIG-Template.md' | grep -A9999 '^######' | grep -B9999 '^### END' | sed -re \"s:/home/USERNAME:\$HOME:\" >~/.rtorrent.rc" plom -su -lc "mkdir ~/rtorrent" plom - -# As according to <https://unix.stackexchange.com/a/475485> -chmod u+s /usr/bin/screen -chmod 755 /var/run/screen diff --git a/buster/setup_scripts/setup_server.sh b/buster/setup_scripts/setup_server.sh deleted file mode 100755 index fa4cc6e..0000000 --- a/buster/setup_scripts/setup_server.sh +++ /dev/null @@ -1,26 +0,0 @@ -#!/bin/sh -# Next setup steps for a server whose login policy has just been set from -# the outside via ./init_user_and_keybased_login.sh. -set -e - -# Provide maximum input for set_hostname_and_fqdn.sh. -if [ "$#" -lt 2 ]; then - echo 'Need exactly two arguments (hostname, FQDN).' - false -fi -hostname="$1" -fqdn="$2" -additional_arg="$3" - -# Set up system without user environment. -config_tree_prefix="${HOME}/config/buster" -setup_scripts_dir="${config_tree_prefix}/setup_scripts" -cd "${setup_scripts_dir}" -./setup.sh "${hostname}" "${fqdn}" server "${additional_arg}" - -# If we have not yet set the shell for user plom, ensure it here. This -# is mostly for convenience. -usermod -s /bin/bash plom - -# Enable firewall. -systemctl enable nftables.service diff --git a/buster/setup_scripts/setup_website.sh b/buster/setup_scripts/setup_website.sh deleted file mode 100755 index d1dc91d..0000000 --- a/buster/setup_scripts/setup_website.sh +++ /dev/null @@ -1,137 +0,0 @@ -#!/bin/sh -set -e - -if [ "$#" -ne 4 ] && [ "$#" -ne 5 ]; then - echo 'Need domain name and mail and key ID and init state and possibly old server IP as argument.' - false -fi -if [ ! "$4" = "copy" ] && [ ! "$4" = "new" ] && [ ! "$4" = "upgrade" ]; then - echo "Need init state to be either 'copy' or 'new' or 'upgrade'" - false -fi -if [ ! "$4" = "new" ] && [ "$#" -ne 5 ]; then - echo "With init state != 'new' need fifth argument old server IP." - false -fi -domain="$1" -mail="$2" -gpg_key="$3" -init_state="$4" -old_server="$5" - -# NOTE: init_state=upgrade is for migration from older stretch server setup - -# Install configs, set up firewall. -config_tree_prefix="${HOME}/config/buster" -./install_for_target.sh web website -./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" web website -nft -f /etc/nftables.conf - -# Set up letsencrypt certificate. TODO: Is it auto-renewed? -ln -sf /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default -certbot --nginx --agree-tos --redirect --no-eff-email -m "${mail}" -d "${domain}" -rm /etc/nginx/sites-enabled/default - -# Set up connection to old server. -if [ ! "${init_state}" = "new" ]; then - cp "${config_tree_prefix}/setup_scripts/prepare_to_meet_server.sh" /home/plom/ - chown plom:plom /home/plom/prepare_to_meet_server.sh - su -lc "./prepare_to_meet_server.sh ${old_server}" plom - read -p'Hit Enter when you are done.' ignore - rm /home/plom/prepare_to_meet_server.sh -fi - -# Set up repos dir. -# To use this dir, "git clone --mirror" repo source paths into it as user plom. -# As user plom, touch git-daemon-export-ok files into it to make the repo -# publically available. -if [ "${init_state}" = "new" ]; then - mkdir /var/repos - chown plom:plom /var/repos -else - cp "${config_tree_prefix}/setup_scripts/mirror_dir.sh" /home/plom/ - chmod a+w /var - if [ "${init_state}" = "copy" ]; then - su -lc "./mirror_dir.sh ${old_server} /var/repos" plom - else - su -lc "./mirror_dir.sh ${old_server} /var/public_repos" plom - fi - chmod a-w /var - rm /home/plom/mirror_dir.sh -fi - -# Prepare NGINX and GitWeb config. -sed -i "s/REPLACE_fqdn_ECALPER/${domain}/g" /etc/gitweb.conf -sed -i "s/REPLACE_fqdn_ECALPER/${domain}/g" /etc/nginx/sites-available/website.nginx -ln -s /etc/nginx/sites-available/website.nginx /etc/nginx/sites-enabled/website.nginx - -# Set up website. TODO: use non-/var/www dir for better separation to dump site -rm -rf /var/www -mkdir /var/www -chown plom:plom /var/www -if [ "${init_state}" = "upgrade" ]; then - # This assumes the old core.plomlompom.com filesystem hierarchy. - su -lc "cd /var/repos && git clone --mirror plom@core.plomlompom.com:repos/website" plom -elif [ "${init_state}" = "new" ]; then - su -lc "cd /var/repos && git init --bare website.git" plom -fi -cp "${config_tree_prefix}/other_files/website_hook_post-receive" /var/repos/website.git/hooks/post-receive -su -lc 'cd /var/www && git clone /var/repos/website.git .' plom - -# Add encryption key. -keyservers='sks-keyservers.net/ keys.gnupg.net' -set +e -while true; do - do_break=0 - for keyserver in $(echo "${keyservers}"); do - su plom -c "gpg --no-tty --keyserver $keyserver --recv-key ${gpg_key}" - if [ $? -eq "0" ]; then - do_break=1 - break - fi - echo "Attempt with keyserver ${keyserver} unsuccessful, trying other." - done - if [ "${do_break}" -eq "1" ]; then - break - fi -done -set -e - -# Set up plomlombot. -irclogs_dir=/var/www/html/irclogs -irclogs_pw_dir=/var/www/irclogs_pw -mkdir -p "${irclogs_dir}" -chown -R plom:plom "${irclogs_dir}" -mkdir -p "${irclogs_pw_dir}" -chown -R plom:plom "${irclogs_pw_dir}" -if [ "${init_state}" = "new" ]; then - # Handle the case that the repo is in the old pre-buster server setup â - # even then, the URL should be the same. - su -lc "cd /var/repos && git clone --mirror https://plomlompom.com/repos/clone/plomlombot-irc" plom - su -lc "touch /var/repos/plomlombot-irc.git/git-daemon-export-ok" plom - cp "${config_tree_prefix}/other_files/plomlombot_hook_post-receive" /var/repos/plomlombot-irc.git/hooks/post-receive -fi -su -lc "git clone /var/repos/plomlombot-irc.git" plom -cp "${config_tree_prefix}/other_files/plomlombot_daemon.sh" /home/plom/ -chown plom:plom /home/plom/plomlombot_daemon.sh -if [ "${init_state}" = "new" ]; then - echo 'bot: plomlombog plomlombog #plomlomtest irc.freenode.net foo bar' >> /home/plom/.plomlombot - chown plom:plom /home/plom/.plomlombot -else - cp "${config_tree_prefix}/setup_scripts/mirror_dir.sh" /home/plom/ - su -lc "./mirror_dir.sh ${old_server} /home/plom/plomlombot_db" plom - rm /home/plom/mirror_dir.sh - su -lc "scp plom@${old_server}:.plomlombot ~" plom - su -lc "ssh plom@${old_server} \"su -lc 'service plomlombot stop'\"" plom -fi -systemctl enable plomlombot.service -service plomlombot start - -# In the above step, we might have created a root-owned /var/www/html â -# fix this here. -chown -R plom:plom /var/www/html - -# TODO: -# - rename /home/plom/public_repos to /home/plom/repos - -service nginx restart diff --git a/buster/setup_scripts/update_pleroma_source.sh b/buster/setup_scripts/update_pleroma_source.sh deleted file mode 100755 index cf63eb8..0000000 --- a/buster/setup_scripts/update_pleroma_source.sh +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/sh -set -e -set -x - -# Heavily inspired by <https://docs-develop.pleroma.social/backend/administration/updating/> -su pleroma -s $SHELL -lc 'cd /opt/pleroma && git pull && mix deps.get' -service pleroma stop -su pleroma -s $SHELL -lc 'MIX_ENV=prod cd /opt/pleroma && mix ecto.migrate' -service pleroma start diff --git a/buster/setup_scripts/upgrade_peertube.sh b/buster/setup_scripts/upgrade_peertube.sh deleted file mode 100755 index 2f434a7..0000000 --- a/buster/setup_scripts/upgrade_peertube.sh +++ /dev/null @@ -1,48 +0,0 @@ -#!/bin/sh -set -e - -# Heavily inspired by -# <https://docs.joinpeertube.org/#/install-any-os?id=upgrade> - -# backup DB -SQL_BACKUP_PATH="backup/sql-peertube_prod-$(date -Im).bak" -cd /var/www/peertube/ -su peertube -c 'mkdir -p backup' -su postgres -c "pg_dump -F c peertube_prod" | su peertube -c "tee ${SQL_BACKUP_PATH}" > /dev/null - -# Get new PeerTube version. -VERSION=$(curl -s https://api.github.com/repos/chocobozzz/peertube/releases/latest | grep tag_name | cut -d '"' -f 4) && echo "Latest Peertube version is $VERSION" -cd /var/www/peertube/versions -su peertube -c "wget -q \"https://github.com/Chocobozzz/PeerTube/releases/download/${VERSION}/peertube-${VERSION}.zip\"" -su peertube -c "unzip -o peertube-${VERSION}.zip && rm peertube-${VERSION}.zip" - -# Yarn new PeerTube. -su -l peertube -c "cd /var/www/peertube/versions/peertube-${VERSION} && yarn install --production --pure-lockfile" - -# Copy new default.yaml (TODO: find out what it does) -su peertube -c "cp /var/www/peertube/versions/peertube-${VERSION}/config/default.yaml /var/www/peertube/config/default.yaml" - -set +e -echo -echo "Check differences between new and old production.yaml[.example]" -diff /var/www/peertube/versions/peertube-${VERSION}/config/production.yaml.example /var/www/peertube/config/production.yaml -echo -set -e - -# Link new PeerTube as latest one. -cd /var/www/peertube -unlink ./peertube-latest -su peertube -c "ln -s versions/peertube-${VERSION} ./peertube-latest" - -set +e -echo -echo "Check differences between new and old NGINX files" -cd /var/www/peertube/versions -diff "$(ls --sort=t | head -2 | tail -1)/support/nginx/peertube" "$(ls --sort=t | head -1)/support/nginx/peertube" -echo -echo "Check differences between new and old systemd unit files" -diff "$(ls --sort=t | head -2 | tail -1)/support/systemd/peertube.service" "$(ls --sort=t | head -1)/support/systemd/peertube.service" -echo -set -e - -service peertube restart diff --git a/dotfiles/minimal/bashrc b/dotfiles/minimal/bashrc deleted file mode 100644 index 4a80025..0000000 --- a/dotfiles/minimal/bashrc +++ /dev/null @@ -1,9 +0,0 @@ -# Bash as a non-login shell in non-POSIX-mode does not read in the startup -# script at the path in $ENV. This forces it to still read in the ~/.shinit -# startup script for non-login shells. - -. ~/.shinit - -export NVM_DIR="$HOME/.nvm" -[ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" # This loads nvm -[ -s "$NVM_DIR/bash_completion" ] && \. "$NVM_DIR/bash_completion" # This loads nvm bash_completion diff --git a/dotfiles/minimal/gitconfig b/dotfiles/minimal/gitconfig deleted file mode 100644 index 5cdc162..0000000 --- a/dotfiles/minimal/gitconfig +++ /dev/null @@ -1,3 +0,0 @@ -[user] - name = Christian Heller - email = c.heller@plomlompom.de diff --git a/dotfiles/minimal/profile b/dotfiles/minimal/profile deleted file mode 100644 index c39fc53..0000000 --- a/dotfiles/minimal/profile +++ /dev/null @@ -1,8 +0,0 @@ -# Initialization for login shells. - -# Tell interactive shells to look in ~/.shinit for setup. -ENV=$HOME/.shinit -export ENV -. $ENV - -export PATH="$HOME/.cargo/bin:$PATH" diff --git a/dotfiles/minimal/shinit b/dotfiles/minimal/shinit deleted file mode 100644 index 25d1396..0000000 --- a/dotfiles/minimal/shinit +++ /dev/null @@ -1,37 +0,0 @@ -# Settings for interactive shells. - -# Ensure shell truly is interactive to avoid confusing non-interactive shells. -if [[ $- == *i* ]]; then - - # Fancy colors for ls. - alias ls="ls --color=auto" - - # Use vim as default editor for anything. - export VISUAL=vim - export EDITOR=$VISUAL - - # Colored prompt with username, hostname, date/time, directory. - colornumber=7 # Default to white if no color set via colornumber dotfile. - colornumber_file=~/.shinit_color - if [ -f $colornumber_file ]; then - colornumber=`cat $colornumber_file` - fi - tput_color="$(tput setaf $colornumber)$(tput bold)" - tput_reset="$(tput sgr0)" - # Bash confuses the line length when not told to not count escape sequences. - if [ ! "$BASH" = "" ]; then - tput_color="\[$tput_color\]" - tput_reset="\[$tput_reset\]" - fi - PS1="${tput_color}["\$\(date\ +%Y-%m-%d/%H:%M:%S/%Z\)" $USER@$(hostname):"\$\(pwd\)"]$ $tput_reset" - PS2="${tput_color}> $tput_reset" - PS3="${tput_color}select: $tput_reset" - PS4="${tput_color}+ $tput_reset" - - # Add local additions. - local_shinit_file=~/.shinit_add - if [ -f $local_shinit_file ]; then - . $local_shinit_file - fi - -fi diff --git a/dotfiles/minimal/vimrc b/dotfiles/minimal/vimrc deleted file mode 100644 index 8c923e6..0000000 --- a/dotfiles/minimal/vimrc +++ /dev/null @@ -1,30 +0,0 @@ -" Activate syntax highlighting. -syntax on -filetype plugin on - -" Number lines. -set number - -"" Don't add unsolicited final newline. -"set binary - -" Indentation rules (tabs to 4 spaces). -set expandtab -set shiftwidth=2 -set softtabstop=2 - -" Backups. -set backup -set backupdir=~/.vimbackups -let myvar = strftime("%Y-%m-%d_%H-%M-%S") -let myvar = "set backupext=_". myvar -execute myvar - -" Keep syntax highlighting healthy. -autocmd BufEnter * :syntax sync fromstart - -" Mark the 80-th column. -set colorcolumn=80 - -" Source additions -source ~/.vimrc_add diff --git a/dotfiles/root/shinit_color b/dotfiles/root/shinit_color deleted file mode 100644 index d00491f..0000000 --- a/dotfiles/root/shinit_color +++ /dev/null @@ -1 +0,0 @@ -1 diff --git a/dotfiles/root/vimrc_add b/dotfiles/root/vimrc_add deleted file mode 100644 index e69de29..0000000 diff --git a/dotfiles/user/server/minimal/mailfilter b/dotfiles/user/server/minimal/mailfilter deleted file mode 100644 index ca0ef47..0000000 --- a/dotfiles/user/server/minimal/mailfilter +++ /dev/null @@ -1,25 +0,0 @@ -DEFAULT="$HOME/mail/new_inbox/" -logfile "$HOME/.mailfilter.log" - -if ( /^To: .*heller@talon\.one.*/:D || /^Subject: .*Talon*/:D ) -{ - DIR="$HOME/mail/talonone/" - `mkdir -p $DIR/{cur,new,tmp}` - to $DIR -} - -if ( /^Subject: Postfix SMTP server: errors from /:D && \ - /^From: Mail Delivery System <MAILER-DAEMON@plomlompom\.com>/:D && \ - /^To: Postmaster <postmaster@plomlompom\.com>/:D ) -{ - DIR="$HOME/mail/new_postfix_smtp_server_errors_from/" - `mkdir -p $DIR/{cur,new,tmp}` - to $DIR -} - -if ( /^From: \"Nebenan\.de\" \<noreply@nebenan\.de\>/:D ) -{ - DIR="$HOME/mail/nebenan_de/" - `mkdir -p $DIR/{cur,new,tmp}` - to $DIR -} diff --git a/dotfiles/user/server/minimal/muttrc b/dotfiles/user/server/minimal/muttrc deleted file mode 100644 index d87fc08..0000000 --- a/dotfiles/user/server/minimal/muttrc +++ /dev/null @@ -1,66 +0,0 @@ -# plomlompom's mutt configuration file - -# Define mailboxes. -set mbox_type=Maildir -set folder=/home/plom/mail -set spoolfile=$folder/inbox -set mbox=$folder/archive -set record=$folder/sent -set postponed=$folder/postponed - -# Move read messages from $spoolfile to $mbox. -set move=yes - -# Macro to a mailboxes view built from all folders below ~/mail. -macro index,pager y <change-folder>?<toggle-mailboxes> -mailboxes `ls /home/plom/mail | sed -e 's/^/=/' | tr "\n" " "` - -# What goes into the default header display. -ignore * -unignore from: subject to cc date - -# Force some variables for From: and Message-ID: generation. -set realname="Christian Heller" - -# Allow me to reply myself. -set reply_self = yes - -# Only scroll in the current message, not across messages. -set pager_stop = yes - -# Sort message top-down new-old. -set sort=reverse-date - -# Ensure visibility of attachments. The second line handles (in an ugly way) the -# issue of mails that use the content-type of multipart/alternative wrongly, by -# omitting from the text/plain alternative relevant multimedia files attached to -# the multipart/related alternative that contains text/html and said files. This -# will in certain cases make the pager default to displaying the HTML variant of -# a mail when a plain text one is available, but this is preferable to hiding -# potentially important attachments. -set index_format="%4C %Z %?X?[%X]& ? %{%b %d} %-15.15L (%?l?%4l&%4c?) %s" -alternative_order multipart/related text/plain text/html - -# Defaults from /usr/share/doc/mutt/examples/gpg.rc -set pgp_decode_command="gpg --status-fd=2 %?p?--passphrase-fd 0? --no-verbose --quiet --batch --output - %f" -set pgp_verify_command="gpg --status-fd=2 --no-verbose --quiet --batch --output - --verify %s %f" -set pgp_decrypt_command="gpg --status-fd=2 %?p?--passphrase-fd 0? --no-verbose --quiet --batch --output - %f" -set pgp_sign_command="gpg --no-verbose --batch --quiet --output - %?p?--passphrase-fd 0? --armor --detach-sign --textmode %?a?-u %a? %f" -set pgp_clearsign_command="gpg --no-verbose --batch --quiet --output - %?p?--passphrase-fd 0? --armor --textmode --clearsign %?a?-u %a? %f" -set pgp_encrypt_only_command="/usr/lib/mutt/pgpewrap gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust -- -r %r -- %f" -set pgp_encrypt_sign_command="/usr/lib/mutt/pgpewrap gpg %?p?--passphrase-fd 0? --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust -- -r %r -- %f" -set pgp_import_command="gpg --no-verbose --import %f" -set pgp_export_command="gpg --no-verbose --export --armor %r" -set pgp_verify_key_command="gpg --verbose --batch --fingerprint --check-sigs %r" -set pgp_list_pubring_command="gpg --no-verbose --batch --quiet --with-colons --list-keys %r" -set pgp_list_secring_command="gpg --no-verbose --batch --quiet --with-colons --list-secret-keys %r" -set pgp_good_sign="^\\[GNUPG:\\] GOODSIG" - -# Further stuff from http://codesorcery.net/old/mutt/mutt-gnupg-howto -set pgp_autosign=yes -set pgp_sign_as=0x98F64A5F -set pgp_replyencrypt=yes -set pgp_timeout=1800 - -# Promoting my public key. -my_hdr X-PGP-Key: https://dump.plomlompom.com/dump/plomlompom.asc diff --git a/dotfiles/user/server/minimal/vimrc_add b/dotfiles/user/server/minimal/vimrc_add deleted file mode 100644 index e69de29..0000000 diff --git a/dotfiles/user/server/personal/minimal/getmail/getmailrc b/dotfiles/user/server/personal/minimal/getmail/getmailrc deleted file mode 100644 index 0f89085..0000000 --- a/dotfiles/user/server/personal/minimal/getmail/getmailrc +++ /dev/null @@ -1,17 +0,0 @@ -# plomlompom's getmail configuration - -# Where and how to get mail from. -[retriever] -type = SimplePOP3SSLRetriever -server = mail.klostein.com -username = c.heller@plomlompom.de - -# Let procmail take charge of incoming mail. Use user-defined rc file. -[destination] -type = MDA_external -path = /usr/bin/procmail -arguments = ("-m", "/home/plom/.procmailrc") - -# Delete retrieved mail from server. -[options] -delete = false diff --git a/dotfiles/user/server/personal/minimal/procmailrc b/dotfiles/user/server/personal/minimal/procmailrc deleted file mode 100644 index 91bcd36..0000000 --- a/dotfiles/user/server/personal/minimal/procmailrc +++ /dev/null @@ -1,72 +0,0 @@ -# plomlompom's procmail configuration - -MAILDIR=/home/plom/mail -DEFAULT=$MAILDIR/inbox/ - -:0 -* ^To: Bisdahin <termin@bisdahin.de> -bisdahin/ - -:0 -* ^From: Doodle <mailer@doodle.com> -doodle/ - -:0 -* ^From: FetLife <donotreply@fetlifemail\.com> -fetlife/ - -:0 -* ^From: Flattr <no-reply@flattr.com> -flattr/ - -:0 -* ^From: noreply@statusnetondemand.net -identica/ - -:0 -* ^From: .*@linkedin\.com -linkedin/ - -:0 -* ^To: .*forum@detrans.de -ML-detrans/ - -:0 -* ^To: .*liste-ff-medien@gruene-jugend.de -ML-gj-medien/ - -:0 -* ^To: wann-klettern-wir@googlegroups\.com -ML-klettern/ - -:0 -* ^Subject: \[schildower-kreis-info\] -schildower_kreis/ - -:0 -* ^Subject: .*\[reflect-info\] -reflect-info/ - -:0 -* ^To: .*st-berlin@smjg.org -ML-smjg-berlin/ - -:0 -* ^Subject: Logwatch for plomlompom\.com \(Linux\) -serverlogs/ - -:0 -* ^Subject: ***SPAM*** -spam-suspect/ - -:0 -* ^Subject: .*talon.* -talonone/ - -:0 -* ^From: Twitter -twitter/ - -:0 -* ^From: Computerspielemuseum -computerspielemuseum/ diff --git a/dotfiles/user/server/personal/minimal/shinit_add b/dotfiles/user/server/personal/minimal/shinit_add deleted file mode 100644 index 02d6a99..0000000 --- a/dotfiles/user/server/personal/minimal/shinit_add +++ /dev/null @@ -1,4 +0,0 @@ -# Server-specific .shinit additions. - -# Wrapper for weechat to force local config file on it anew on each run. -alias weechat="~/config/bin/weechat-wrapper.sh" diff --git a/dotfiles/user/server/personal/minimal/weechatrc b/dotfiles/user/server/personal/minimal/weechatrc deleted file mode 100644 index 3601d48..0000000 --- a/dotfiles/user/server/personal/minimal/weechatrc +++ /dev/null @@ -1,13 +0,0 @@ -/set logger.file.path ~/weechatlogs -/set logger.file.flush_delay 0 -/script install otr.py -/set weechat.bar.status.items "[time],[buffer_last_number],[buffer_plugin],buffer_number+:+buffer_name+(buffer_modes)+{buffer_nicklist_count}+buffer_zoom+buffer_filter,[lag],[hotlist],completion,scroll,[otr]" -/set weechat.color.chat_nick_colors "lightcyan" -/server add localhost localhost -/connect localhost -/server del freenode -/server add freenode irc.freenode.net -nicks=plomlompom,plomlomp0m,ploml0mp0m,pl0ml0mp0m -realname="Christian Heller" -autojoin=#nodrama.de,#twitter.de,#freie-gesellschaft,#zrolaps,#twtxt,#freakazoid,#nodrama.finance,#unordentlich -/server add rizon irc.rizon.net -nicks=AlfredEdel,AlfredEde1,A1fredEdel,A1fredEde1 -autojoin=#8chan-deutsch,#mememagic -username=foo -/server add quakenet irc.quakenet.org -nicks=plomlompom,plomlomp0m,ploml0mp0m,pl0ml0mp0m -realname="Christian Heller" -autojoin=#rgrd -/connect freenode -/connect rizon diff --git a/dotfiles/user/server/personal/plomlompom.com/shinit_color b/dotfiles/user/server/personal/plomlompom.com/shinit_color deleted file mode 100644 index b8626c4..0000000 --- a/dotfiles/user/server/personal/plomlompom.com/shinit_color +++ /dev/null @@ -1 +0,0 @@ -4 diff --git a/dotfiles/user/server/personal/test.plomlompom.com/shinit_color b/dotfiles/user/server/personal/test.plomlompom.com/shinit_color deleted file mode 100644 index 00750ed..0000000 --- a/dotfiles/user/server/personal/test.plomlompom.com/shinit_color +++ /dev/null @@ -1 +0,0 @@ -3 diff --git a/dotfiles/user/server/public/shinit_add b/dotfiles/user/server/public/shinit_add deleted file mode 100644 index 6db1bac..0000000 --- a/dotfiles/user/server/public/shinit_add +++ /dev/null @@ -1,4 +0,0 @@ -# Server-specific .shinit additions. - -# Golang dev environment -export GOPATH=~/gopath diff --git a/dotfiles/user/server/public/shinit_color b/dotfiles/user/server/public/shinit_color deleted file mode 100644 index 1e8b314..0000000 --- a/dotfiles/user/server/public/shinit_color +++ /dev/null @@ -1 +0,0 @@ -6 diff --git a/dotfiles/user/thinkpad/W530/Xresources-local b/dotfiles/user/thinkpad/W530/Xresources-local deleted file mode 100644 index c0418e5..0000000 --- a/dotfiles/user/thinkpad/W530/Xresources-local +++ /dev/null @@ -1,40 +0,0 @@ -! font size -XTerm*faceSize: 8 -xterm*VT100*faceSize1: 7 -xterm*VT100*faceSize2: 8 -xterm*VT100*faceSize3: 9 -xterm*VT100*faceSize4: 10 -xterm*VT100*faceSize5: 12 -xterm*VT100*faceSize6: 15 - -! black -*color0: #202020 -*color8: #3F3F3F - -! red -*color1: #A82020 -*color9: #E82020 - -! green -*color2: #20A820 -*color10: #20E820 - -! yellow -*color3: #A8A820 -*color11: #E8E820 - -! blue -*color4: #3F3FFF -*color12: #9F9FFF - -! magenta -*color5: #A83FFF -*color13: #E89FFF - -! cyan -*color6: #3FA8FF -*color14: #9FE8FF - -! white -*color7: #A8A8A8 -*color15: #E8E8E8 diff --git a/dotfiles/user/thinkpad/W530/i3status.conf b/dotfiles/user/thinkpad/W530/i3status.conf deleted file mode 100644 index f566ffe..0000000 --- a/dotfiles/user/thinkpad/W530/i3status.conf +++ /dev/null @@ -1,88 +0,0 @@ -# plomlompom's i3 status bar configuration - -# Activate colors; set update interval of one second. -general { - colors = true - interval = 1 -} - -# Selection / order of status elements. -order += "disk /" -order += "disk /home" -order += "wireless wlp3s0" -order += "ethernet enp0s25" -order += "battery 0" -order += "cpu_usage" -order += "load" -order += "cpu_temperature 0" -order += "cpu_temperature 1" -order += "time" -order += "volume master" - -# How much space is left in / ? -disk "/" { - format = "/: %avail available of %total" - separator_block_width = 10 -} - -# How much space is left in /home ? -disk "/home" { - format = "/home: %avail available of %total" - separator_block_width = 40 -} - - -# WLAN status: show IP and connection quality or "down". -wireless wlp3s0 { - format_up = "w: (%quality at %essid) %ip" - format_down = "w: down" - separator_block_width = 10 -} - -# Ethernet status: show IP or "down". -ethernet enp0s25 { - format_up = "e: %ip" - format_down = "e: down" - separator_block_width = 40 -} - -# Battery status: show FULL/CHARGING/BATTERY, storage, time left. -battery 0 { - format = "b: %status %percentage %remaining" - separator_block_width = 40 -} - -# Show CPU usage. -cpu_usage { - format = "cpu: %usage" - separator_block_width = 10 -} - -# Show system load during last 1/5/15 minutes. -load { - format = "%1min %5min %15min" - separator_block_width = 40 -} - -# Show CPU temperature in degrees of celsius. -cpu_temperature 0 { - format = "%degrees °C" - separator_block_width = 10 -} -cpu_temperature 1 { - format = "%degrees °C" - separator_block_width = 40 -} - -# Show date/time/timezone as "year-month-day hour:minute:second -# timezone_numeric/timezone_alphabetic". -time { - format = "%Y-%m-%d %H:%M:%S %z/%Z" - separator_block_width = 40 -} - -volume master { - format = "âª: %volume" - format_muted = "âª: muted (%volume)" - separator_block_width = 40 -} diff --git a/dotfiles/user/thinkpad/X200s/Xresources-local b/dotfiles/user/thinkpad/X200s/Xresources-local deleted file mode 100644 index 32c741c..0000000 --- a/dotfiles/user/thinkpad/X200s/Xresources-local +++ /dev/null @@ -1,34 +0,0 @@ -! font size -XTerm*faceSize: 8 - -! black -*color0: #000000 -*color8: #3F3F3F - -! red -*color1: #BF0000 -*color9: #FF0000 - -! green -*color2: #00BF00 -*color10: #00FF00 - -! yellow -*color3: #BFBF00 -*color11: #FFFF00 - -! blue -*color4: #3F3FFF -*color12: #9F9FFF - -! magenta -*color5: #BF3FFF -*color13: #FFF9FF - -! cyan -*color6: #3FBFFF -*color14: #9FFFFF - -! white -*color7: #BFBFBF -*color15: #FFFFFF diff --git a/dotfiles/user/thinkpad/X200s/i3status.conf b/dotfiles/user/thinkpad/X200s/i3status.conf deleted file mode 100644 index dcc1ad0..0000000 --- a/dotfiles/user/thinkpad/X200s/i3status.conf +++ /dev/null @@ -1,62 +0,0 @@ -# plomlompom's i3 status bar configuration - -# Activate colors; set update interval of one second. -general { - colors = true - interval = 1 -} - -# Selection / order of status elements. -order += "disk /" -order += "disk /home" -order += "wireless wls1" -order += "ethernet enp0s25" -order += "battery 0" -order += "cpu_temperature 0" -order += "load" -order += "time" - -# How much space is left in / ? -disk "/" { - format = "%free" -} - -# How much space is left in /home ? -disk "/home" { - format = "%free" -} - - -# WLAN status: show IP and connection quality or "down". -wireless wls1 { - format_up = "W: (%quality at %essid) %ip" - format_down = "W: down" -} - -# Ethernet status: show IP or "down". -ethernet enp0s25 { - format_up = "E: %ip" - format_down = "E: down" -} - -# Battery status: show FULL/CHARGING/BATTERY, storage, time left. -battery 0 { - format = "%status %percentage %remaining" -} - -# Show CPU temperature in degrees of celsius. -cpu_temperature 0 { - format = "T: %degrees °C" -} - -# Show system load during last 1/5/15 minutes. -load { - format = "L: %1min %5min %15min" -} - -# Show date/time/timezone as "year-month-day hour:minute:second -# timezone_numeric/timezone_alphabetic". -time { - - format = "%Y-%m-%d %H:%M:%S %z/%Z" -} diff --git a/dotfiles/user/thinkpad/minimal/Xresources b/dotfiles/user/thinkpad/minimal/Xresources deleted file mode 100644 index a7d31f3..0000000 --- a/dotfiles/user/thinkpad/minimal/Xresources +++ /dev/null @@ -1,7 +0,0 @@ -! font -XTerm*faceName: -misc-fixed-medium-r-normal--13-120-75-75-C-70-iso10646-1 -XTerm*reverseVideo: on -XTerm*visualBell: on - -! proper ALT as META key treatment -XTerm*eightBitInput: false diff --git a/dotfiles/user/thinkpad/minimal/i3 b/dotfiles/user/thinkpad/minimal/i3 deleted file mode 100644 index d388a23..0000000 --- a/dotfiles/user/thinkpad/minimal/i3 +++ /dev/null @@ -1,84 +0,0 @@ -# plomlompom's i3-wm configuration - -# Font for i3 text -font pango:Terminus 11px -#font -misc-fixed-medium-r-normal--13-120-75-75-C-70-iso10646-1 - -# Force "tabbed" as default layout for new windows. -workspace_layout tabbed - -# Make the Windows key the modifier key for all i3-wm actions. -set $mod Mod4 -floating_modifier $mod - -# Launch xterm. -bindsym $mod+Return exec xterm -r - -# Launch programs via dmenu. -bindsym $mod+d exec dmenu_run -bindsym $mod+x exec dmenu_run - -# Kill window. -bindsym $mod+Shift+Q kill - -# Move focus between windows. -bindsym $mod+Left focus left -bindsym $mod+Down focus down -bindsym $mod+Up focus up -bindsym $mod+Right focus right - -# Don't move focus with mouse. -focus_follows_mouse no - -# Move windows. -bindsym $mod+Shift+Left move left -bindsym $mod+Shift+Down move down -bindsym $mod+Shift+Up move up -bindsym $mod+Shift+Right move right - -# Resize windows -bindsym $mod+h resize shrink width 1 px or 1 ppt -bindsym $mod+l resize grow width 1 px or 1 ppt -bindsym $mod+j resize shrink height -bindsym $mod+k resize grow height - -# Toggle fullscreen for focused window. -bindsym $mod+f fullscreen - -# Toggle floating of window, focus on floating or tabbed windows. -bindsym $mod+Shift+space floating toggle -bindsym $mod+space focus mode_toggle - -# Switch to workspace x. -bindsym $mod+1 workspace 1 -bindsym $mod+2 workspace 2 -bindsym $mod+3 workspace 3 -bindsym $mod+4 workspace 4 -bindsym $mod+5 workspace 5 -bindsym $mod+6 workspace 6 -bindsym $mod+7 workspace 7 -bindsym $mod+8 workspace 8 -bindsym $mod+9 workspace 9 -bindsym $mod+0 workspace 10 - -# Move window to workspace x. -bindsym $mod+Shift+exclam move workspace 1 -bindsym $mod+Shift+quotedbl move workspace 2 -bindsym $mod+Shift+section move workspace 3 -bindsym $mod+Shift+dollar move workspace 4 -bindsym $mod+Shift+percent move workspace 5 -bindsym $mod+Shift+ampersand move workspace 6 -bindsym $mod+Shift+slash move workspace 7 -bindsym $mod+Shift+parenleft move workspace 8 -bindsym $mod+Shift+parenright move workspace 9 -bindsym $mod+Shift+equal move workspace 10 - -# Reload i3 config file, restart (keeping sesion) i3, exit i3. -bindsym $mod+Shift+C reload -bindsym $mod+Shift+R restart -bindsym $mod+Shift+P exit - -# Select "i3status" as i3 status bar. -bar { - status_command i3status | ~/config/bin/i3status_wrapper.py -} diff --git a/dotfiles/user/thinkpad/minimal/pentadactylrc b/dotfiles/user/thinkpad/minimal/pentadactylrc deleted file mode 100644 index 5f62966..0000000 --- a/dotfiles/user/thinkpad/minimal/pentadactylrc +++ /dev/null @@ -1,20 +0,0 @@ -set! browser.startup.page=3 -set! privacy.donottrackheader.enabled=true -set! network.cookie.lifetimePolicy=2 -set! browser.formfill.enable=false -set! browser.block.target_new_window=true -set! browser.download.lastDir=~/downloads -"set! javascript.enabled=false -"set! permissions.default.image=2 -set! general.useragent.override=foo -set! signon.rememberSignons=false -set! network.proxy.socks=localhost -set! network.proxy.socks_port=9999 -set! network.proxy.type=1 -set go=CMsbr -set showtabline=never -highlight Hint -append font: "Droid Sans Mono"; margin: 0em; padding: 0.1em; padding-right: 0.2em; -command plom open http://www.plomlompom.de/PlomWiki/plomwiki.php?title=Start -set fc=ignore -set ds=duckduckgo -set visualbell diff --git a/dotfiles/user/thinkpad/minimal/shinit_color b/dotfiles/user/thinkpad/minimal/shinit_color deleted file mode 100644 index 0cfbf08..0000000 --- a/dotfiles/user/thinkpad/minimal/shinit_color +++ /dev/null @@ -1 +0,0 @@ -2 diff --git a/dotfiles/user/thinkpad/minimal/vimrc_add b/dotfiles/user/thinkpad/minimal/vimrc_add deleted file mode 100644 index 96acb52..0000000 --- a/dotfiles/user/thinkpad/minimal/vimrc_add +++ /dev/null @@ -1 +0,0 @@ -" source ~/.vimrc_vimgo diff --git a/dotfiles/user/thinkpad/minimal/xinitrc b/dotfiles/user/thinkpad/minimal/xinitrc deleted file mode 100644 index 44d3822..0000000 --- a/dotfiles/user/thinkpad/minimal/xinitrc +++ /dev/null @@ -1,32 +0,0 @@ -# X init configuration - -# Set keymap. -setxkbmap de - -# Read in X configuration. -xrdb -merge ~/.Xresources -xrdb -merge ~/.Xresources-local - -# Redshift to Berlin, Germany. -redshift -rl 53:13 & - -# Enforce QWERTZ. (Why twice?) -setxkbmap de - -# Use CapsLock as Ctrl, against the Emacs pinky. -setxkbmap -option caps:ctrl_modifier - -# Set up compose key. -xmodmap ~/.Xmodmap - -# Optionally, for certain Optimus systems with a first GPU connected to the -# display and a second (NVidia) GPU providing 3D acceleration, use the first GPU -# as sink for the second. This may confuse DPI settings, so re-set those. -if [ "${NVIDIA_DIRECT}" ]; then - xrandr --setprovideroutputsource modesetting NVIDIA-0 - xrandr --auto - xrandr --dpi 96 -fi - -# Launch window manager. -i3 -c ~/.i3 diff --git a/jessie_postinstall.sh b/jessie_postinstall.sh deleted file mode 100755 index 0b628e5..0000000 --- a/jessie_postinstall.sh +++ /dev/null @@ -1,338 +0,0 @@ -#!/bin/sh -set -x -set -e - -if [ ! "$1" = "thinkpad" ] && [ ! "$1" = "server" ]; then - echo "Need argument." - false -fi -if [ "$1" = "thinkpad" ] && [ ! "$2" = "X200s" ] && [ ! "$2" = "T450s" ]; then - echo "Need Thinkpad type." - false -fi -if [ "$1" = "server" ] && [ ! "$2" = "personal" ] && [ ! "$2" = "public" ]; then - echo "Need server purpose." - false -fi -if [ "$2" = "personal" ] && [ ! "$3" = "test.plomlompom.com" ] && \ - [ ! "$3" = "plomlompom.com" ]; then - echo "Need server domain" - false -fi - -# Some important variables -if [ "$3" = "plomlompom.com" ]; then - hostname="plomlompom" -elif [ "$3" = "test.plomlompom.com" ]; then - hostname="test.plomlompom" -elif [ "$2" = "public" ]; then - hostname="htwtxt.plomlompom" -elif [ "$2" = "X200s" ]; then - hostname="X200s" -elif [ "$2" = "T450s" ]; then - hostname="T450s" -fi - -if [ "$1" = "server" ]; then - # Set root pw. - passwd -fi - -# Post-installation reduction. -dpkg-query -Wf '${Package} ${Priority}\n' | grep ' required' | sed \ - 's/ required//' > list_white_unsorted -echo 'ifupdown' >> list_white_unsorted -echo 'isc-dhcp-client' >> list_white_unsorted -sort list_white_unsorted > list_white -dpkg-query -Wf '${Package}\n' > list_all_packages -sort list_all_packages > foo -mv foo list_all_packages -comm -3 list_all_packages list_white > list_black -apt-mark auto `cat list_black` -echo 'APT::AutoRemove::RecommendsImportant "false";' > /etc/apt/apt.conf.d/99mindeps -echo 'APT::AutoRemove::SuggestsImportant "false";' >> /etc/apt/apt.conf.d/99mindeps -DEBIAN_FRONTEND=noninteractive apt-get -y --purge autoremove -rm list_all_packages list_white_unsorted list_white list_black -echo 'APT::Install-Recommends "false";' >> /etc/apt/apt.conf.d/99mindeps -echo 'APT::Install-Suggests "false";' >> /etc/apt/apt.conf.d/99mindeps - -# Set hostname and FQDN. -echo $hostname > /etc/hostname -hostname $hostname -if [ "$1" = "server" ]; then - echo '127.0.0.1 localhost' > /etc/hosts - ip=`hostname -I | cut -d " " -f 1` - echo "$ip $hostname.com $hostname" >> /etc/hosts - - # Call dhclient on startup. - cat > /etc/systemd/system/dhclient.service << EOF -[Unit] -Description=Ethernet connection - -[Service] -ExecStart=/sbin/dhclient eth0 - -[Install] -WantedBy=multi-user.target -EOF - systemctl enable /etc/systemd/system/dhclient.service -fi - -# Package management config, system upgrade. -echo 'deb http://ftp.debian.org/debian/ jessie main contrib non-free' \ - > /etc/apt/sources.list -echo 'deb http://security.debian.org/ jessie/updates main contrib non-free' \ - >> /etc/apt/sources.list -echo 'deb http://ftp.debian.org/debian/ jessie-updates main contrib non-free' \ - >> /etc/apt/sources.list -if [ "$1" = "thinkpad" ] || [ "$2" = "public" ]; then - echo 'deb http://ftp.debian.org/debian/ jessie-backports main contrib' \ -' non-free' >> /etc/apt/sources.list - echo 'deb http://ftp.debian.org/debian/ testing main contrib non-free' \ - >> /etc/apt/sources.list - echo 'deb http://security.debian.org/ testing/updates main contrib' \ -' non-free' >> /etc/apt/sources.list - echo 'deb http://ftp.debian.org/debian/ testing-updates main contrib' \ -' non-free' >> /etc/apt/sources.list - echo 'APT::Default-Release "stable";' \ - >> /etc/apt/apt.conf.d/99defaultrelease -fi -if [ "$1" = "thinkpad" ]; then - dhclient eth0 -fi -apt-get update -apt-get -y dist-upgrade - -# Set up manuals. -apt-get -y install man-db manpages less - -if [ "$1" = "thinkpad" ]; then - # Power management as per <http://thinkwiki.de/TLP_-_Linux_Stromsparen>. - echo '' >> /etc/apt/sources.list - echo 'deb http://repo.linrunner.de/debian jessie main' \ - >> /etc/apt/sources.list - apt-key adv --keyserver pool.sks-keyservers.net --recv-keys CD4E8809 - apt-get update - apt-get -y install linux-headers-amd64 tlp tp-smapi-dkms - sed -i 's/^#START_CHARGE_THRESH_BAT0/START_CHARGE_THRESH_BAT0=10 '\ -'#START_CHARGE_THRESH_BAT0/' /etc/default/tlp - sed -i 's/^#STOP_CHARGE_THRESH_BAT0/STOP_CHARGE_THRESH_BAT0=95 '\ -'#STOP_CHARGE_THRESH_BAT0/' /etc/default/tlp - sed -i 's/^#START_CHARGE_THRESH_BAT1/START_CHARGE_THRESH_BAT0=10 '\ -'#START_CHARGE_THRESH_BAT1/' /etc/default/tlp - sed -i 's/^#STOP_CHARGE_THRESH_BAT1/STOP_CHARGE_THRESH_BAT0=95 '\ -'#STOP_CHARGE_THRESH_BAT1/' /etc/default/tlp - sed -i 's/^#DEVICES_TO_DISABLE_ON_STARTUP/DEVICES_TO_DISABLE_ON_STARTUP='\ -'"bluetooth wifi wwan" #DEVICES_TO_DISABLE_ON_STARTUP/' /etc/default/tlp - tlp start -fi - -# Don't clear boot messages on start up. -sed -i 's/^TTYVTDisallocate=yes$/TTYVTDisallocate=no/g' \ - /etc/systemd/system/getty.target.wants/getty\@tty1.service - -# Set up timezone. -echo 'Europe/Berlin' > /etc/timezone -cp /usr/share/zoneinfo/Europe/Berlin /etc/localtime - -# Locale config. -apt-get -y install locales -echo 'en_US.UTF-8 UTF-8' >> /etc/locale.gen -locale-gen - -if [ "$1" = "thinkpad" ]; then - # Console config. - DEBIAN_FRONTEND=nointeractive apt-get -y install console-setup - echo 'ACTIVE_CONSOLES="/dev/tty[1-6]"' > /etc/default/console-setup - echo 'CHARMAP="UTF-8"' >> /etc/default/console-setup - echo 'CODESET="Lat15"' >> /etc/default/console-setup - echo 'FONTFACE="TerminusBold"' >> /etc/default/console-setup - echo 'FONTSIZE="8x16"' >> /etc/default/console-setup - echo 'export LC_ALL="en_US.UTF-8"' >> /etc/profile - sed -i 's/^XKBLAYOUT/XKBLAYOUT="de" # XKBLAYOUT/g' /etc/default/keyboard - service keyboard-setup restart -fi - -# Clone git repository. -apt-get -y install ca-certificates -apt-get -y install git -git clone http://github.com/plomlompom/config -config/bin/symlink.sh - -# Add user. Remove old user's config/ if it exists. -useradd -m -s /bin/bash plom -rm -rf /home/plom/config -su - plom -c 'git clone http://github.com/plomlompom/config /home/plom/config' -su plom -c '/home/plom/config/bin/symlink.sh '$1' '$2' '$3 - -# Allow user to sudo. -if [ "$1" = "thinkpad" ]; then - apt-get -y install sudo - adduser plom sudo -fi - -# Set up editor. -mkdir -p .vimbackups -su plom -c 'mkdir -p /home/plom/.vimbackups/' -apt-get -y install vim - -if [ "$1" = "server" ]; then - # Set up ssh-guard. - apt-get -y install sshguard rsyslog - - # Set up openssh-server. - apt-get -y install openssh-server - - # Set up mail system. - su plom -c 'mkdir -p /home/plom/mail/' - su plom -c 'mkdir -p /home/plom/mail/inbox/{cur,new,tmp}' - su plom -c 'mkdir -p /home/plom/mail/new_inbox/{cur,new,tmp}' - sed -i 's/^delete = true$/delete = false/g' \ - /home/plom/config/dotfiles/user/server/personal/minimal/getmail/getmailrc - DEBIAN_FRONTEND=noninteractive apt-get -y install mutt postfix maildrop - cp config/systemfiles/main.cf /etc/postfix/main.cf - sed -i 's/HOSTNAME/'$hostname.com'/g' /etc/postfix/main.cf - cp config/systemfiles/aliases /etc/aliases - newaliases - service postfix restart - if [ "$2" = "personal" ]; then - apt-get -y install getmail4 procmail - fi - - # Set up regular system update reminder. - apt-get -y install cron - su plom -c "echo '0 18 * * 0 ~/config/bin/simplemail.sh '\ - '~/config/mails/update_reminder' | crontab -" - - if [ "$2" = "personal" ]; then - # Set up screen/weechat/OTR/bitlbee. Make bitlbee listen only locally. - apt-get -y install screen weechat-plugins python-potr bitlbee - sed -i 's/^# DaemonInterface/DaemonInterface = 127.0.0.1 '\ -'# DaemonInterface/' /etc/bitlbee/bitlbee.conf - sedtest=`grep -E '^DaemonInterface = 127.0.0.1 #' \ - /etc/bitlbee/bitlbee.conf | wc -l | cut -d ' ' -f 1` - if [ 0 -eq $sedtest ]; then - false - fi - cp config/systemfiles/weechat.service \ - /etc/systemd/system/weechat.service - systemctl enable /etc/systemd/system/weechat.service - - # Send instructions mail. - config/bin/simplemail.sh config/mails/server_postinstall_finished - - elif [ "$2" = "public" ]; then - - # Set up htwtxt and environment. - apt-get -y install screen - apt-get -y -t jessie-backports install golang - su - plom -c 'git clone https://github.com/plomlompom/htwtxt $GOPATH/src/htwtxt' - su - plom -c 'go get htwtxt' - path=`su - plom -c 'echo $GOPATH/bin/htwtxt'` - su - plom -c 'mkdir -p ~/htwtxt' - cp config/systemfiles/htwtxt_restart_reminder.service \ - /etc/systemd/system/htwtxt_restart_reminder.service - systemctl enable /etc/systemd/system/htwtxt_restart_reminder.service - - # Set up nginx and letsencrypt. - apt-get -y install nginx - cp config/systemfiles/nginx.conf /etc/nginx/nginx.conf - cd ~ - git clone https://github.com/letsencrypt/letsencrypt - echo '0 18 * * 0 ~/config/bin/renew_certs.sh' | crontab - - - # Set up plomlombot. - apt-get -y install python3 python3-venv python3-pip - su - plom -c 'cd && git clone http://github.com/plomlompom/plomlombot-irc' - su - plom -c 'mkdir -p ~/plomlombot_db' - cp config/systemfiles/plomlombot.service \ - /etc/systemd/system/plomlombot.service - systemctl enable /etc/systemd/system/plomlombot.service - - # Set up plomlombot logging infrastructure. - mkdir -p /var/www/html/irclogs/ - ln -s /home/plom/plomlombot_db/6f322d574618816aa2d6d1ceb4fd2551/3c0248e76a1de3a6ee5bf3421f7379b0/logs/ /var/www/html/irclogs/zrolaps - touch /var/www/password_irclogs_zrolaps - ln -s /home/plom/plomlombot_db/6f322d574618816aa2d6d1ceb4fd2551/657eea42f86866f2954d39f92a6c71ff/logs/ /var/www/html/irclogs/nodrama.de - touch /var/www/password_irclogs_nodrama_de - ln -s /home/plom/plomlombot_db/6f322d574618816aa2d6d1ceb4fd2551/a083c5d5efca3734294fa656692990b6/logs/ /var/www/html/irclogs/freakazoid - touch /var/www/password_irclogs_freakazoid - - # Set up other web-served directories. - su - plom -c 'mkdir -p /home/plom/dump' - ln -s /home/plom/dump/ /var/www/html/dump - su - plom -c 'mkdir -p /home/plom/geheim' - ln -s /home/plom/geheim/ /var/www/html/geheim - su - plom -c 'mkdir -p /home/plom/lesekreis' - ln -s /home/plom/geheim/ /var/www/html/lesekreis - su - plom -c 'mkdir -p /home/plom/zettel' - ln -s /home/plom/zettel/ /var/www/html/zettel - su - plom -c 'git init --bare /home/plom/zettel.git' - su - plom -c 'cp ~/config/systemfiles/post-update ~/zettel.git/hooks/' - su - plom -c 'chmod a+x /home/plom/zettel.git/hooks/post-update' - - # Install website generator tools - apt-get -y install pandoc wget - wget http://news.dieweltistgarnichtso.net/bin/archives/redo-sh.tar.gz - tar -oxzf redo-sh.tar.gz -C /usr/local - rm redo-sh.tar.gz - apt-get --purge autoremove wget - fi - -elif [ "$1" = "thinkpad" ]; then - # Set up networking (wifi!). - apt-get -y install firmware-iwlwifi - DEBIAN_FRONTEND=noninteractive apt-get -y install wicd-curses - sed -i 's/^wired_interface = .*$/wired_interface = eth0/g' \ - /etc/wicd/manager-settings.conf - sed -i 's/^wireless_interface = .*$/wireless_interface = wlan0/g' \ - /etc/wicd/manager-settings.conf - systemctl restart wicd - - # Set up hibernation on lid close. - echo 'HandleLidSwitch=hibernate' >> /etc/systemd/logind.conf - - # Set up sound. - usermod -aG audio plom - apt-get -y install alsa-utils - if [ "$2" = "X200s" ]; then - amixer -c 0 sset Master playback 100% unmute - elif [ "$2" = "T450s" ]; then - amixer -c 1 sset Master playback 100% unmute - # Re-order souncards so the commonly used one is the first one. - echo 'options snd_hda_intel index=1,0' >> /etc/modprobe.d/sound.conf - fi - - # Set up window system, i3, redshift. - apt-get -y install xserver-xorg xinit xterm i3 i3status dmenu redshift - - # Set up OpenGL and hardware acceleration. - if [ "$2" = "X200s" ]; then - apt-get -y install i965-va-driver - elif [ "$2" = "T450s" ]; then - apt-get -y -t jessie-backports install xserver-xorg-video-intel - fi - apt-get -y install libgl1-mesa-dri - usermod -aG video plom - - # Install xrandr. - apt-get -y install x11-xserver-utils - - # Set up pentadactyl. - apt-get -y install iceweasel xul-ext-noscript - apt-get -y -t jessie-backports install xul-ext-pentadactyl - apt-get -y install vim-gtk - su plom -c 'mkdir -p /home/plom/downloads/' - - # Set up openssh-client. - apt-get -y install openssh-client -fi - -# Set password for user. -passwd plom - -# Clean up. -rm jessie_postinstall.sh - -# Finalize everything with a reboot. -echo "You may reboot now with the 'reboot' command unless there's more to do." diff --git a/mails/htwtxt_restart b/mails/htwtxt_restart deleted file mode 100644 index 8247df9..0000000 --- a/mails/htwtxt_restart +++ /dev/null @@ -1,5 +0,0 @@ -[SYSADMIN] [HTWTXT] Restart reminder - -The virtual server hosting the htwtxt server was restarted, so the htwtxt server -itself needs to be restarted too, via (in screen) its -~/config/bin/start_htwtxt.sh. diff --git a/mails/server_postinstall_finished b/mails/server_postinstall_finished deleted file mode 100644 index 75253c9..0000000 --- a/mails/server_postinstall_finished +++ /dev/null @@ -1,23 +0,0 @@ -[SYSADMIN] Server post-installation TODO - -The server post-installation script seems to have run successfully. Remember to -perform the following tasks: - -- once when mail system set-up seems stable, in - config/dotfiles_user_server/getmail/getmailrc, set [options] delete = true - -- ensure the following DNS TXT record for @: v=spf1 mx -all - -- run (as root) config/bin/setup_opendkim.sh $selector to set up system for DKIM - key signing, with a second parameter $keyfile if a key already exists; without - second parameter, this will generate a new key and print the DNS record to add - -- run (as root) config/bin/setup_starttls.sh to set up server-side STARTTLS for - mail; optionally run with paths to 1) a key file and 2) a cert file as - arguments if those exist to re-use existing ones - -- in the screen weechat/bitlbee session (run "screen -dr"), switch to the - &bitlbee channel, register with a password ("register", "/oper . [password]"), - and set up Jabber account with password ("account add jabber - plomlompom@jabber.ccc.de", "/oper . [password]"), then activate it ("account - on") diff --git a/mails/update_reminder b/mails/update_reminder deleted file mode 100644 index 81dd02c..0000000 --- a/mails/update_reminder +++ /dev/null @@ -1,7 +0,0 @@ -[SYSADMIN] System updating reminder - -This is your regular reminder to run: - -apt-get update -apt-get upgrade -apt-get dist-upgrade diff --git a/mails/weechat_restart_reminder b/mails/weechat_restart_reminder deleted file mode 100644 index 3aecea2..0000000 --- a/mails/weechat_restart_reminder +++ /dev/null @@ -1,5 +0,0 @@ -[SYSADMIN] weechat restarted, re-identify! - -Your weechat was restarted, so don't forget to re-identify on freenode to -nickserv via "/msg nickserv identify [password]", and on bitlbee by joining -&bitlbee, "identify", "/oper . [password]", and "account on". diff --git a/notes b/notes deleted file mode 100644 index 1dcf1b4..0000000 --- a/notes +++ /dev/null @@ -1,54 +0,0 @@ -some stuff I need to incorporate later on: - -the blog post-update git hook: - - - -#!/bin/sh -blog_dir=~/blog -export GIT_DIR=$(pwd) -export GIT_WORK_TREE="$blog_dir" -git checkout -f -cd "$GIT_WORK_TREE" -redo -git add metadata/author metadata/url metadata/title metadata/*.tmpl metadata/automatic_metadata captchas/linkable/* -count=$(ls -1 metadata/*.automatic_metadata 2>/dev/null | wc -l) -if [ "$count" != 0 ]; then - git add metadata/*.automatic_metadata -fi -status=$(git status -s) -n_updates=$(printf "$status" | grep -vE '^\?\?' | wc -l) -if [ "$n_updates" -gt 0 ]; then - git commit -a -m 'Update metadata' -fi - - -furthermore, the url_catcher virtualenv run.sh script needs this (to compile uwsgi): - -apt-get install python3.4-dev - - -also, these: - -# /etc/systemd/system/url_catcher.service - -[Unit] -Description=URL catcher - -[Service] -Type=forking -User=plom -ExecStart=/bin/sh -c 'LC_ALL=en_US.UTF8 screen -d -m ~/url_catcher.sh' - -[Install] -WantedBy=multi-user.target - - - -and url_catcher.sh: - -#!/bin/sh - -cd ~ -cd url-catcher -./run.sh diff --git a/raspbian/.alsoftrc b/raspbian/.alsoftrc deleted file mode 100644 index 21db2a5..0000000 --- a/raspbian/.alsoftrc +++ /dev/null @@ -1,3 +0,0 @@ -# for minetest sound to work -[alsa] -mmap = false diff --git a/raspbian/.asoundrc b/raspbian/.asoundrc deleted file mode 100644 index 46eb301..0000000 --- a/raspbian/.asoundrc +++ /dev/null @@ -1,73 +0,0 @@ -# using hdmi0 for TV stereo, hdmi1 for a 5.1 speaker set-up -# unfortunately, a non-square speaker number creates some noise -# therefore for hdmi1 we declare 8 speakers, but re-map them to 6 speakers -pcm.hdmi0 { - type hw - card 0 -} -pcm.hdmi1 { - type route - slave { - pcm "hw:1,0" - channels 8 - } - ttable { - 0.0 = 1 - 1.1 = 1 - 2.2 = 1 - 3.3 = 1 - 4.4 = 1 - 5.5 = 1 - 6.0 = 0.5 - 6.2 = 0.5 - 7.1 = 0.5 - 7.3 = 0.5 - } -} - -# upmix stereo to 5.1 â so we can watch stereo YouTube on all speakers -# with this: $ chromium-browser --alsa-output-device=stereo51 -# (numbers taken from <https://www.volkerschatz.com/noise/alsa.html>) -pcm.stereo51 { - type route - slave { - pcm "hw:1,0" - channels 8 - } - ttable { - 0.0 = 1 - 0.2 = -0.6 - 0.3 = -0.39 - 0.4 = 0.5 - 0.5 = 0.5 - 1.1 = 1 - 1.2 = -0.6 - 1.3 = -0.39 - 1.4 = 0.5 - 1.5 = 0.5 - } -} - -# default to hdmi0, overwrite with AUDIO_HDMI=1 env prefix -pcm.!default { - type plug - slave.pcm { - @func concat - strings [ - "hdmi" - { - @func getenv - vars [ AUDIO_HDMI ] - default "0" - } - ] - } -} -ctl.!default { - type hw - card { - @func getenv - vars [ AUDIO_HDMI ] - default 0 - } -} diff --git a/raspbian/.bash_aliases b/raspbian/.bash_aliases deleted file mode 100644 index 5036cb4..0000000 --- a/raspbian/.bash_aliases +++ /dev/null @@ -1,11 +0,0 @@ -# for whatever reason, emulationstation gets some strange screen flicker issues -# if the second display is activated, so ensure it is only started with that off -alias emulationstation="xrandr --output HDMI-2 --off && emulationstation" - -# since the second HDMI only outputs sound with video, we have to ensure it's -# activated with xrandr if we want to use it for surround sound setup -alias mpv51="xrandr --output HDMI-2 --auto && AUDIO_HDMI=1 mpv --alsa-ignore-chmap '--audio-channels=5.1(alsa)'" -alias chromium-upmix="xrandr --output HDMI-2 --auto && chromium-browser --alsa-output-device=stereo51" -alias alsamixer51="AUDIO_HDMI=1 alsamixer" -# see vlc -H why these -alias vlc51="xrandr --output HDMI-2 --auto && vlc --alsa-audio-device=hdmi1 --alsa-audio-channels=4199" diff --git a/setup_go.sh b/setup_go.sh deleted file mode 100755 index fc2f344..0000000 --- a/setup_go.sh +++ /dev/null @@ -1,44 +0,0 @@ -#!/bin/sh - -set -e -set -x - -url=$1 - -ensure_line() { - add_string="$1" - file="$2" - test=`grep "$add_string" "$file" | wc -l` - if [ $test -lt 1 ]; then - echo "$add_string" >> "$file" - fi -} - -filename=temp_golang_binary - -if [ "$url" = "" ]; then - echo 'Need URL of current go package' - exit 1 -fi -sudo rm -rf /usr/local/go -sudo apt-get -y install wget -wget -O $filename $url -sudo tar -C /usr/local -xzf $filename -rm $filename -ensure_line 'export PATH=$PATH:/usr/local/go/bin' ~/.shinit_add -ensure_line 'export GOPATH=~/gopath' ~/.shinit_add -sudo apt-get -y install vim-pathogen -rm -rf ~/.vim/bundle/vim-go -git clone https://github.com/fatih/vim-go.git ~/.vim/bundle/vim-go -ensure_line 'source ~/.vimrc_vimgo' ~/.vimrc_add -cat << EOF > ~/.vimrc_vimgo -" vim-go: Make vim-go run. -call pathogen#infect() -let g:go_disable_autoinstall = 0 -" vim-go: Highlight -let g:go_highlight_functions = 1 -let g:go_highlight_methods = 1 -let g:go_highlight_structs = 1 -let g:go_highlight_operators = 1 -let g:go_highlight_build_constraints = 1 -EOF diff --git a/stretch/apt-mark/seedbox b/stretch/apt-mark/seedbox deleted file mode 100644 index 37b941e..0000000 --- a/stretch/apt-mark/seedbox +++ /dev/null @@ -1,8 +0,0 @@ -# needed for rtorrent config setup -curl -# needed for torrenting -rtorrent -# needed for torrenting session -screen -# needed for upload/download -rsync diff --git a/stretch/etc_files/server/etc/ssh/sshd_config b/stretch/etc_files/server/etc/ssh/sshd_config deleted file mode 100644 index 89d08ac..0000000 --- a/stretch/etc_files/server/etc/ssh/sshd_config +++ /dev/null @@ -1,126 +0,0 @@ -# $OpenBSD: sshd_config,v 1.100 2016/08/15 12:32:04 naddy Exp $ - -# This is the sshd server system-wide configuration file. See -# sshd_config(5) for more information. - -# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin - -# The strategy used for options in the default sshd_config shipped with -# OpenSSH is to specify options with their default value where -# possible, but leave them commented. Uncommented options override the -# default value. - -Port 22 -#AddressFamily any -#ListenAddress 0.0.0.0 -#ListenAddress :: - -#HostKey /etc/ssh/ssh_host_rsa_key -#HostKey /etc/ssh/ssh_host_ecdsa_key -#HostKey /etc/ssh/ssh_host_ed25519_key - -# Ciphers and keying -#RekeyLimit default none - -# Logging -#SyslogFacility AUTH -#LogLevel INFO - -# Authentication: - -#LoginGraceTime 2m -PermitRootLogin no # plomlompom's security rule -#StrictModes yes -#MaxAuthTries 6 -#MaxSessions 10 - -#PubkeyAuthentication yes - -# Expect .ssh/authorized_keys2 to be disregarded by default in future. -#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2 - -#AuthorizedPrincipalsFile none - -#AuthorizedKeysCommand none -#AuthorizedKeysCommandUser nobody - -# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts -#HostbasedAuthentication no -# Change to yes if you don't trust ~/.ssh/known_hosts for -# HostbasedAuthentication -#IgnoreUserKnownHosts no -# Don't read the user's ~/.rhosts and ~/.shosts files -#IgnoreRhosts yes - -# To disable tunneled clear text passwords, change to no here! -#PasswordAuthentication yes -#PermitEmptyPasswords no - -# Change to yes to enable challenge-response passwords (beware issues with -# some PAM modules and threads) -ChallengeResponseAuthentication no - -# Kerberos options -#KerberosAuthentication no -#KerberosOrLocalPasswd yes -#KerberosTicketCleanup yes -#KerberosGetAFSToken no - -# GSSAPI options -#GSSAPIAuthentication no -#GSSAPICleanupCredentials yes -#GSSAPIStrictAcceptorCheck yes -#GSSAPIKeyExchange no - -# Set this to 'yes' to enable PAM authentication, account processing, -# and session processing. If this is enabled, PAM authentication will -# be allowed through the ChallengeResponseAuthentication and -# PasswordAuthentication. Depending on your PAM configuration, -# PAM authentication via ChallengeResponseAuthentication may bypass -# the setting of "PermitRootLogin yes -# If you just want the PAM account and session checks to run without -# PAM authentication, then enable this but set PasswordAuthentication -# and ChallengeResponseAuthentication to 'no'. -UsePAM yes - -#AllowAgentForwarding yes -#AllowTcpForwarding yes -#GatewayPorts no -X11Forwarding yes -#X11DisplayOffset 10 -#X11UseLocalhost yes -#PermitTTY yes -PrintMotd no -#PrintLastLog yes -#TCPKeepAlive yes -#UseLogin no -#UsePrivilegeSeparation sandbox -#PermitUserEnvironment no -#Compression delayed -#ClientAliveInterval 0 -#ClientAliveCountMax 3 -#UseDNS no -#PidFile /var/run/sshd.pid -#MaxStartups 10:30:100 -#PermitTunnel no -#ChrootDirectory none -#VersionAddendum none - -# no default banner path -#Banner none - -# Allow client to pass locale environment variables -AcceptEnv LANG LC_* - -# override default of no subsystems -Subsystem sftp /usr/lib/openssh/sftp-server - -# Example of overriding settings on a per-user basis -#Match User anoncvs -# X11Forwarding no -# AllowTcpForwarding no -# PermitTTY no -# ForceCommand cvs server - -ClientAliveInterval 120 -PasswordAuthentication no # plomlompom's security rule diff --git a/stretch/setup_scripts/init_user_and_keybased_login.sh b/stretch/setup_scripts/init_user_and_keybased_login.sh deleted file mode 100755 index cea582f..0000000 --- a/stretch/setup_scripts/init_user_and_keybased_login.sh +++ /dev/null @@ -1,56 +0,0 @@ -#!/bin/sh -# This script turns a fresh server with password-based root access into -# one of only key-based access and only to new non-root account plom. -# -# CAUTION: This is optimized for a *fresh* setup. It will overwrite any -# pre-existing ~/.ssh/authorized_keys of user plom with one that solely -# contains the local ~/.ssh/id_rsa.pub, and also any old -# /etc/ssh/sshd_config. -# -# Dependencies: ssh, scp, sshpass, ~/.ssh/id_rsa.pub, properly -# configured sshd_config file in reach. -set -e - -# Location of an sshd_config with "PermitRootLogin no" and -# "PasswordAuthentication no". -config_tree_prefix="${HOME}/public_repos/config/stretch" -linkable_files_dir="${config_tree_prefix}/etc_files/server" -system_path_sshd_config='/etc/ssh/sshd_config' -local_path_sshd_config="${linkable_files_dir}${system_path_sshd_config}" - -# Ensure we have a server name as argument. -if [ $# -eq 0 ]; then - echo "Need server as argument." - false -fi -server="$1" - -# This will be used to log-in as root from plom account. -echo 'First, enter the old root password; then enter new password twice.' -ssh root@"${server}" "passwd" - -# Save root password for sshpass -stty -echo -printf "Re-enter new server root password: " -read PW_ROOT -stty echo -printf "\n" -export SSHPASS="${PW_ROOT}" - -# Create user plom, and his ~/.ssh/authorized_keys based on the local -# ~/.ssh/id_rsa.pub; ensure the result has proper permissions and -# ownerships. Then disable root and pw login by copying over the -# sshd_config and restart ssh daemon. -# -# This could be a line or two shorter by using ssh-copy-id, but that -# would require setting a password for user plom otherwise not needed. -sshpass -e scp ~/.ssh/id_rsa.pub root@"${server}":/tmp/authorized_keys -sshpass -e ssh root@"${server}" \ - 'useradd -m plom && '\ - 'mkdir /home/plom/.ssh && '\ - 'chown plom:plom /home/plom/.ssh && '\ - 'chown plom:plom /tmp/authorized_keys && '\ - 'chmod u=rw,go= /tmp/authorized_keys && '\ - 'mv /tmp/authorized_keys /home/plom/.ssh/' -sshpass -e scp "${local_path_sshd_config}" root@"${server}":"${system_path_sshd_config}" -sshpass -e ssh root@"${server}" 'service ssh restart' diff --git a/stretch/setup_scripts/install_for_target.sh b/stretch/setup_scripts/install_for_target.sh deleted file mode 100755 index 3a42c4d..0000000 --- a/stretch/setup_scripts/install_for_target.sh +++ /dev/null @@ -1,20 +0,0 @@ -#!/bin/sh -# Walks through the package names in the argument-selected files of -# apt-mark/ and ensures the respective packages are installed. -# -# Ignores anything in an apt-mark/ file after the last newline. -set -e - -config_tree_prefix="${HOME}/config/stretch" -aptmark_dir="${config_tree_prefix}/apt-mark" - -for target in "$@"; do - path="${aptmark_dir}/${target}" - # TODO: continue if file at $path not found, to get rid of dummy files - cat "${path}" | while read line; do - echo "$line" - if [ ! $(echo "${line}" | cut -c1) = "#" ]; then - DEBIAN_FRONTEND=noninteractive apt-get -y -o Dpkg::Options::=--force-confold install "${line}" - fi - done -done diff --git a/stretch/setup_scripts/setup_seedbox.sh b/stretch/setup_scripts/setup_seedbox.sh deleted file mode 100755 index a2d2187..0000000 --- a/stretch/setup_scripts/setup_seedbox.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/sh -set -e - -./install_for_target.sh seedbox - -# As according to <https://rtorrent-docs.readthedocs.io/en/latest/cookbook.html#modernized-configuration-template> -su -lc "curl -Ls 'https://raw.githubusercontent.com/wiki/rakshasa/rtorrent/CONFIG-Template.md' | grep -A9999 '^######' | grep -B9999 '^### END' | sed -re \"s:/home/USERNAME:\$HOME:\" >~/.rtorrent.rc" plom -su -lc "echo 'pieces.hash.on_completion.set = no' >> ~/.rtorrent.rc" plom -su -lc "mkdir ~/rtorrent" plom - -# As according to <https://unix.stackexchange.com/a/475485> -chmod u+s /usr/bin/screen -chmod 755 /var/run/screen diff --git a/systemfiles/aliases b/systemfiles/aliases deleted file mode 100644 index 59c52b4..0000000 --- a/systemfiles/aliases +++ /dev/null @@ -1,23 +0,0 @@ -# /etc/aliases - -# As per RFC 2142. -mailer-daemon: plom -postmaster: plom -hostmaster: plom -usenet: plom -news: plom -webmaster: plom -www: plom -ftp: plom -abuse: plom -noc: plom -security: plom -root: plom - -# Personal aliases. -plomlompom: plom -christian.heller: plom -christian_heller: plom -christianheller: plom -c.heller: plom -heller: plom diff --git a/systemfiles/htwtxt_restart_reminder.service b/systemfiles/htwtxt_restart_reminder.service deleted file mode 100644 index a1e0ad8..0000000 --- a/systemfiles/htwtxt_restart_reminder.service +++ /dev/null @@ -1,12 +0,0 @@ -# /etc/systemd/system/weechat.service - -[Unit] -Description=htwtxt restart reminder - -[Service] -Type=forking -User=plom -ExecStart=/bin/sh -c '~/config/bin/simplemail_out.sh ~/config/mails/htwtxt_restart' - -[Install] -WantedBy=multi-user.target diff --git a/systemfiles/main.cf b/systemfiles/main.cf deleted file mode 100644 index f1a7a8d..0000000 --- a/systemfiles/main.cf +++ /dev/null @@ -1,16 +0,0 @@ -# /etc/postfix/main.cf - -# Use maildrop as MDA. -mailbox_command = /usr/bin/maildrop - -# Restrictive relaying policy. -smtpd_relay_restrictions = permit_mynetworks defer_unauth_destination - -# What domains to receive mail for: names of local server. -mydestination = HOSTNAME, localhost - -# What clients to relay mail from: only local server. -mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 - -# Paranoid maximum error notification. -notify_classes=2bounce, bounce, data, delay, policy, protocol, resource, software diff --git a/systemfiles/nginx.conf b/systemfiles/nginx.conf deleted file mode 100644 index 3def78d..0000000 --- a/systemfiles/nginx.conf +++ /dev/null @@ -1,90 +0,0 @@ -# system integration -user www-data; -pid /run/nginx.pid; - -# is expected even if empty -events { -} - -http { - # define content-type headers - types { - text/html html htm shtml; - text/css css; - text/xml xml; - text/plain txt sh rst md; - application/xhtml+xml xhtml; - application/pdf pdf; - image/jpeg jpg jpeg; - image/png png; - } - default_type application/octet_stream; - charset utf-8; - - # logging - access_log /var/log/nginx/access.log; - error_log /var/log/nginx/error.log; - - # enforce https - server { - listen 80; - return 301 https://$host$request_uri; - } - - # IRC logs - server { - listen 443 ssl; - server_name dump.plomlompom.com; - ssl_certificate /etc/letsencrypt/live/dump.plomlompom.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/dump.plomlompom.com/privkey.pem; - root /var/www/html/; - location /zettel/ { - # rewrite non-suffixed filenames to .html ones - rewrite ^(/zettel/(.*/)*[^./]+)$ $1.html; - autoindex on; - } - location /dump/ { - autoindex on; - } - location /geheim/ { - auth_basic "geheim geheim"; - auth_basic_user_file /var/www/password_geheim; - autoindex on; - } - location /irclogs/zrolaps/ { - auth_basic "#zrolaps logs"; - auth_basic_user_file /var/www/password_irclogs_zrolaps; - autoindex on; - } - location /irclogs/nodrama.de/ { - auth_basic "#nodrama.de logs"; - auth_basic_user_file /var/www/password_irclogs_nodrama_de; - autoindex on; - } - location /irclogs/freakazoid/ { - auth_basic "#freakazoid logs"; - auth_basic_user_file /var/www/password_irclogs_freakazoid; - autoindex on; - } - location /lesekreis/ { - auth_basic "Quellen Lesekreis"; - auth_basic_user_file /var/www/password_lesekreis; - autoindex on; - } - location /uwsgi/ { - include uwsgi_params; - uwsgi_pass 127.0.0.1:3031; - } - } - - # htwtxt - server { - listen 443 ssl; - server_name htwtxt.plomlompom.com; - ssl_certificate /etc/letsencrypt/live/htwtxt.plomlompom.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/htwtxt.plomlompom.com/privkey.pem; - location / { - proxy_pass http://127.0.0.1:8000; - } - } -} diff --git a/systemfiles/opendkim.conf b/systemfiles/opendkim.conf deleted file mode 100644 index 2bd3c19..0000000 --- a/systemfiles/opendkim.conf +++ /dev/null @@ -1,22 +0,0 @@ -# The domain for which mails are signed. -Domain plomlompom.com - -# Location of the private key to sign mails with. -KeyFile /etc/opendkim/dkim.key - -# Identifies the signing key; useful when replacing it. -#Selector keyname - -# Canonicalize the body strictly for signing, but the header (more legitimately -# subject to reformatting by forwarding servers) less so. -Canonicalization relaxed/simple - -# Invalidate the signature of mails to which additional From fields were added -# after the signing. (See RFC for details on how this works.) -OversignHeaders From - -# Where to communicate with the MTA. -Socket inet:12301@localhost - -# Don't act as root. -UserID opendkim:opendkim diff --git a/systemfiles/plomlombot.service b/systemfiles/plomlombot.service deleted file mode 100644 index 8c992d8..0000000 --- a/systemfiles/plomlombot.service +++ /dev/null @@ -1,12 +0,0 @@ -# /etc/systemd/system/plomlombot.service - -[Unit] -Description=plomlombot screen - -[Service] -Type=forking -User=plom -ExecStart=/bin/sh -c 'LC_ALL=en_US.UTF8 screen -d -m ~/config/bin/plomlombot.sh && screen -d -m ~/config/bin/broiler_in.sh && screen -d -m ~/config/bin/hubbabubba.sh && screen -d -m ~/config/bin/zinskritik.sh' - -[Install] -WantedBy=multi-user.target diff --git a/systemfiles/post-update b/systemfiles/post-update deleted file mode 100755 index 3bea5b2..0000000 --- a/systemfiles/post-update +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/sh -ZETTELDIR=/home/plom/zettel -GIT_WORK_TREE=$ZETTELDIR git checkout -f -cd $ZETTELDIR -redo diff --git a/systemfiles/weechat.service b/systemfiles/weechat.service deleted file mode 100644 index 5fb3e0f..0000000 --- a/systemfiles/weechat.service +++ /dev/null @@ -1,12 +0,0 @@ -# /etc/systemd/system/weechat.service - -[Unit] -Description=weechat screen - -[Service] -Type=forking -User=plom -ExecStart=/bin/sh -c 'LC_ALL=en_US.UTF8 screen -d -m ~/config/bin/weechat-wrapper.sh' - -[Install] -WantedBy=multi-user.target diff --git a/update_key.sh b/update_key.sh deleted file mode 100755 index 23b07ca..0000000 --- a/update_key.sh +++ /dev/null @@ -1,14 +0,0 @@ -#!/bin/sh -set -e - -if [ "$#" -ne 1 ]; then - echo "Need exactly one argument: public key ID." - false -fi -gpg_key="$1" -keyservers='keyserver.ubuntu.com pgp.surf.nl pgp.rediris.es' -set +e -for keyserver in $(echo "${keyservers}"); do - gpg --no-tty --keyserver $keyserver --send-key "${gpg_key}" -done -set -e