+++ /dev/null
-# connectivity: ifupdown seems necessary everyhwere, isc-dhcp-client
-# unpredictably so
-ifupdown
-isc-dhcp-client
-# git for the setup directory; cloning works with ca-certificates
-ca-certificates
-git
-# to avoid constant warnings about no locale being found
-locales
-# extremely useful for basic network debugging; missed these more than once in an emergency
-netcat-traditional
-iputils-ping
-# what would we do without this …
-apt
+++ /dev/null
-# for X to start at all
-linux-headers-amd64
-nvidia-driver
-firmware-misc-nonfree
-# X input: keyboard
-xserver-xorg-input-evdev
-# CUDA
-nvidia-cuda-dev
-nvidia-cuda-toolkit
-
+++ /dev/null
-# needed for torrenting
-rtorrent
-# needed for torrenting session
-screen
-
+++ /dev/null
-# so we can login at all …
-openssh-server
-# firewalling
-nftables
-# We want to be able to use ALL our servers as borg backup destinations.
-borgbackup
-# not only pull in systemd, but also /sbin/reboot and /sbin/shutdown
-systemd-sysv
-# necessary on _some_ vservers
-net-tools
-quota
-
+++ /dev/null
-# for wifi
-firmware-iwlwifi
-network-manager
-wpasupplicant
-# for tlp
-tlp
-tp-smapi-dkms
-# for X to start at all
-xserver-xorg-video-intel
-# X input: keyboard and touchpad
-xserver-xorg-input-evdev
-xserver-xorg-input-synaptics
-# to use printer
-cups
-#
-
+++ /dev/null
-# to avoid booting problems with encrypted LVM, see <https://askubuntu.com/a/1105848>
-cryptsetup-initramfs
-lvm2
-# this provides setupcon which reads /etc/default/console-setup
-console-setup
-# for startx
-xinit
-# for xrdb
-x11-xserver-utils
-# for startx to run for non-root user
-libpam-systemd
-# window environment
-i3
-i3status
-suckless-tools
-xterm
-# to get sleepy at night
-redshift
-# for alsamixer
-alsa-utils
-# also useful
-vim
-sudo
-less
-man-db
-manpages
-procps
-# firefox install dependencies
-wget
-bzip2
-# firefox running dependencies
-libgtk-3-0
-libdbus-glib-1-2
-# tridactyl install recommendations
-vim-gtk3
-curl
-# for firefox to emit sound
-pulseaudio
-# emacs
-emacs
-emacs-common-non-dfsg
-emacs-el
-elpa-ledger
-ledger
-# to mount encrypted USB stick and use its contents
-pmount
-cryptsetup
-openssh-client
-# for syncing
-borgbackup
-# mail setup
-isync
-notmuch
-elpa-notmuch
-pinentry-gtk2
-#
+++ /dev/null
-# for open-gpu-kernel-modules building
-gcc
-g++
-make
-linux-headers-amd64
-xz-utils
-# for NVIDIA driver .run --no-kernel-modules
-libvulkan1
-libglvnd-dev
-pkg-config
-# so we can add nvidia.NVreg_OpenRmEnableUnsupportedGpus=1 to default grub
-grub-efi-amd64
-
+++ /dev/null
-nginx-light
-# for SSL
-certbot
-python3-certbot-nginx
+++ /dev/null
-../bullseye/borg.sh
\ No newline at end of file
+++ /dev/null
-APT::AutoRemove::RecommendsImportant "false";
-APT::AutoRemove::SuggestsImportant "false";
-APT::Install-Recommends "false";
-APT::Install-Suggests "false";
+++ /dev/null
-deb http://deb.debian.org/debian bookworm main contrib non-free non-free-firmware
-deb http://security.debian.org/debian-security bookworm-security main contrib non-free non-free-firmware
-deb http://deb.debian.org/debian bookworm-updates main contrib non-free non-free-firmware
-deb http://ftp.debian.org/debian bookworm-backports main contrib non-free non-free-firmware
+++ /dev/null
-LANG="en_US.UTF-8"
+++ /dev/null
-# This file lists locales that you wish to have built. You can find a list
-# of valid supported locales at /usr/share/i18n/SUPPORTED, and you can add
-# user defined locales to /usr/local/share/i18n/SUPPORTED. If you change
-# this file, you need to rerun locale-gen.
-
-
-# aa_DJ ISO-8859-1
-# aa_DJ.UTF-8 UTF-8
-# aa_ER UTF-8
-# aa_ER@saaho UTF-8
-# aa_ET UTF-8
-# af_ZA ISO-8859-1
-# af_ZA.UTF-8 UTF-8
-# ak_GH UTF-8
-# am_ET UTF-8
-# an_ES ISO-8859-15
-# an_ES.UTF-8 UTF-8
-# anp_IN UTF-8
-# ar_AE ISO-8859-6
-# ar_AE.UTF-8 UTF-8
-# ar_BH ISO-8859-6
-# ar_BH.UTF-8 UTF-8
-# ar_DZ ISO-8859-6
-# ar_DZ.UTF-8 UTF-8
-# ar_EG ISO-8859-6
-# ar_EG.UTF-8 UTF-8
-# ar_IN UTF-8
-# ar_IQ ISO-8859-6
-# ar_IQ.UTF-8 UTF-8
-# ar_JO ISO-8859-6
-# ar_JO.UTF-8 UTF-8
-# ar_KW ISO-8859-6
-# ar_KW.UTF-8 UTF-8
-# ar_LB ISO-8859-6
-# ar_LB.UTF-8 UTF-8
-# ar_LY ISO-8859-6
-# ar_LY.UTF-8 UTF-8
-# ar_MA ISO-8859-6
-# ar_MA.UTF-8 UTF-8
-# ar_OM ISO-8859-6
-# ar_OM.UTF-8 UTF-8
-# ar_QA ISO-8859-6
-# ar_QA.UTF-8 UTF-8
-# ar_SA ISO-8859-6
-# ar_SA.UTF-8 UTF-8
-# ar_SD ISO-8859-6
-# ar_SD.UTF-8 UTF-8
-# ar_SS UTF-8
-# ar_SY ISO-8859-6
-# ar_SY.UTF-8 UTF-8
-# ar_TN ISO-8859-6
-# ar_TN.UTF-8 UTF-8
-# ar_YE ISO-8859-6
-# ar_YE.UTF-8 UTF-8
-# as_IN UTF-8
-# ast_ES ISO-8859-15
-# ast_ES.UTF-8 UTF-8
-# ayc_PE UTF-8
-# az_AZ UTF-8
-# be_BY CP1251
-# be_BY.UTF-8 UTF-8
-# be_BY@latin UTF-8
-# bem_ZM UTF-8
-# ber_DZ UTF-8
-# ber_MA UTF-8
-# bg_BG CP1251
-# bg_BG.UTF-8 UTF-8
-# bhb_IN.UTF-8 UTF-8
-# bho_IN UTF-8
-# bn_BD UTF-8
-# bn_IN UTF-8
-# bo_CN UTF-8
-# bo_IN UTF-8
-# br_FR ISO-8859-1
-# br_FR.UTF-8 UTF-8
-# br_FR@euro ISO-8859-15
-# brx_IN UTF-8
-# bs_BA ISO-8859-2
-# bs_BA.UTF-8 UTF-8
-# byn_ER UTF-8
-# ca_AD ISO-8859-15
-# ca_AD.UTF-8 UTF-8
-# ca_ES ISO-8859-1
-# ca_ES.UTF-8 UTF-8
-# ca_ES.UTF-8@valencia UTF-8
-# ca_ES@euro ISO-8859-15
-# ca_ES@valencia ISO-8859-15
-# ca_FR ISO-8859-15
-# ca_FR.UTF-8 UTF-8
-# ca_IT ISO-8859-15
-# ca_IT.UTF-8 UTF-8
-# ce_RU UTF-8
-# chr_US UTF-8
-# cmn_TW UTF-8
-# crh_UA UTF-8
-# cs_CZ ISO-8859-2
-# cs_CZ.UTF-8 UTF-8
-# csb_PL UTF-8
-# cv_RU UTF-8
-# cy_GB ISO-8859-14
-# cy_GB.UTF-8 UTF-8
-# da_DK ISO-8859-1
-# da_DK.UTF-8 UTF-8
-# de_AT ISO-8859-1
-# de_AT.UTF-8 UTF-8
-# de_AT@euro ISO-8859-15
-# de_BE ISO-8859-1
-# de_BE.UTF-8 UTF-8
-# de_BE@euro ISO-8859-15
-# de_CH ISO-8859-1
-# de_CH.UTF-8 UTF-8
-# de_DE ISO-8859-1
-# de_DE.UTF-8 UTF-8
-# de_DE@euro ISO-8859-15
-# de_IT ISO-8859-1
-# de_IT.UTF-8 UTF-8
-# de_LI.UTF-8 UTF-8
-# de_LU ISO-8859-1
-# de_LU.UTF-8 UTF-8
-# de_LU@euro ISO-8859-15
-# doi_IN UTF-8
-# dv_MV UTF-8
-# dz_BT UTF-8
-# el_CY ISO-8859-7
-# el_CY.UTF-8 UTF-8
-# el_GR ISO-8859-7
-# el_GR.UTF-8 UTF-8
-# en_AG UTF-8
-# en_AU ISO-8859-1
-# en_AU.UTF-8 UTF-8
-# en_BW ISO-8859-1
-# en_BW.UTF-8 UTF-8
-# en_CA ISO-8859-1
-# en_CA.UTF-8 UTF-8
-# en_DK ISO-8859-1
-# en_DK.ISO-8859-15 ISO-8859-15
-# en_DK.UTF-8 UTF-8
-# en_GB ISO-8859-1
-# en_GB.ISO-8859-15 ISO-8859-15
-# en_GB.UTF-8 UTF-8
-# en_HK ISO-8859-1
-# en_HK.UTF-8 UTF-8
-# en_IE ISO-8859-1
-# en_IE.UTF-8 UTF-8
-# en_IE@euro ISO-8859-15
-# en_IL UTF-8
-# en_IN UTF-8
-# en_NG UTF-8
-# en_NZ ISO-8859-1
-# en_NZ.UTF-8 UTF-8
-# en_PH ISO-8859-1
-# en_PH.UTF-8 UTF-8
-# en_SG ISO-8859-1
-# en_SG.UTF-8 UTF-8
-# en_US ISO-8859-1
-# en_US.ISO-8859-15 ISO-8859-15
-en_US.UTF-8 UTF-8
-# en_ZA ISO-8859-1
-# en_ZA.UTF-8 UTF-8
-# en_ZM UTF-8
-# en_ZW ISO-8859-1
-# en_ZW.UTF-8 UTF-8
-# eo UTF-8
-# es_AR ISO-8859-1
-# es_AR.UTF-8 UTF-8
-# es_BO ISO-8859-1
-# es_BO.UTF-8 UTF-8
-# es_CL ISO-8859-1
-# es_CL.UTF-8 UTF-8
-# es_CO ISO-8859-1
-# es_CO.UTF-8 UTF-8
-# es_CR ISO-8859-1
-# es_CR.UTF-8 UTF-8
-# es_CU UTF-8
-# es_DO ISO-8859-1
-# es_DO.UTF-8 UTF-8
-# es_EC ISO-8859-1
-# es_EC.UTF-8 UTF-8
-# es_ES ISO-8859-1
-# es_ES.UTF-8 UTF-8
-# es_ES@euro ISO-8859-15
-# es_GT ISO-8859-1
-# es_GT.UTF-8 UTF-8
-# es_HN ISO-8859-1
-# es_HN.UTF-8 UTF-8
-# es_MX ISO-8859-1
-# es_MX.UTF-8 UTF-8
-# es_NI ISO-8859-1
-# es_NI.UTF-8 UTF-8
-# es_PA ISO-8859-1
-# es_PA.UTF-8 UTF-8
-# es_PE ISO-8859-1
-# es_PE.UTF-8 UTF-8
-# es_PR ISO-8859-1
-# es_PR.UTF-8 UTF-8
-# es_PY ISO-8859-1
-# es_PY.UTF-8 UTF-8
-# es_SV ISO-8859-1
-# es_SV.UTF-8 UTF-8
-# es_US ISO-8859-1
-# es_US.UTF-8 UTF-8
-# es_UY ISO-8859-1
-# es_UY.UTF-8 UTF-8
-# es_VE ISO-8859-1
-# es_VE.UTF-8 UTF-8
-# et_EE ISO-8859-1
-# et_EE.ISO-8859-15 ISO-8859-15
-# et_EE.UTF-8 UTF-8
-# eu_ES ISO-8859-1
-# eu_ES.UTF-8 UTF-8
-# eu_ES@euro ISO-8859-15
-# eu_FR ISO-8859-1
-# eu_FR.UTF-8 UTF-8
-# eu_FR@euro ISO-8859-15
-# fa_IR UTF-8
-# ff_SN UTF-8
-# fi_FI ISO-8859-1
-# fi_FI.UTF-8 UTF-8
-# fi_FI@euro ISO-8859-15
-# fil_PH UTF-8
-# fo_FO ISO-8859-1
-# fo_FO.UTF-8 UTF-8
-# fr_BE ISO-8859-1
-# fr_BE.UTF-8 UTF-8
-# fr_BE@euro ISO-8859-15
-# fr_CA ISO-8859-1
-# fr_CA.UTF-8 UTF-8
-# fr_CH ISO-8859-1
-# fr_CH.UTF-8 UTF-8
-# fr_FR ISO-8859-1
-# fr_FR.UTF-8 UTF-8
-# fr_FR@euro ISO-8859-15
-# fr_LU ISO-8859-1
-# fr_LU.UTF-8 UTF-8
-# fr_LU@euro ISO-8859-15
-# fur_IT UTF-8
-# fy_DE UTF-8
-# fy_NL UTF-8
-# ga_IE ISO-8859-1
-# ga_IE.UTF-8 UTF-8
-# ga_IE@euro ISO-8859-15
-# gd_GB ISO-8859-15
-# gd_GB.UTF-8 UTF-8
-# gez_ER UTF-8
-# gez_ER@abegede UTF-8
-# gez_ET UTF-8
-# gez_ET@abegede UTF-8
-# gl_ES ISO-8859-1
-# gl_ES.UTF-8 UTF-8
-# gl_ES@euro ISO-8859-15
-# gu_IN UTF-8
-# gv_GB ISO-8859-1
-# gv_GB.UTF-8 UTF-8
-# ha_NG UTF-8
-# hak_TW UTF-8
-# he_IL ISO-8859-8
-# he_IL.UTF-8 UTF-8
-# hi_IN UTF-8
-# hne_IN UTF-8
-# hr_HR ISO-8859-2
-# hr_HR.UTF-8 UTF-8
-# hsb_DE ISO-8859-2
-# hsb_DE.UTF-8 UTF-8
-# ht_HT UTF-8
-# hu_HU ISO-8859-2
-# hu_HU.UTF-8 UTF-8
-# hy_AM UTF-8
-# hy_AM.ARMSCII-8 ARMSCII-8
-# ia_FR UTF-8
-# id_ID ISO-8859-1
-# id_ID.UTF-8 UTF-8
-# ig_NG UTF-8
-# ik_CA UTF-8
-# is_IS ISO-8859-1
-# is_IS.UTF-8 UTF-8
-# it_CH ISO-8859-1
-# it_CH.UTF-8 UTF-8
-# it_IT ISO-8859-1
-# it_IT.UTF-8 UTF-8
-# it_IT@euro ISO-8859-15
-# iu_CA UTF-8
-# ja_JP.EUC-JP EUC-JP
-# ja_JP.UTF-8 UTF-8
-# ka_GE GEORGIAN-PS
-# ka_GE.UTF-8 UTF-8
-# kk_KZ PT154
-# kk_KZ.RK1048 RK1048
-# kk_KZ.UTF-8 UTF-8
-# kl_GL ISO-8859-1
-# kl_GL.UTF-8 UTF-8
-# km_KH UTF-8
-# kn_IN UTF-8
-# ko_KR.EUC-KR EUC-KR
-# ko_KR.UTF-8 UTF-8
-# kok_IN UTF-8
-# ks_IN UTF-8
-# ks_IN@devanagari UTF-8
-# ku_TR ISO-8859-9
-# ku_TR.UTF-8 UTF-8
-# kw_GB ISO-8859-1
-# kw_GB.UTF-8 UTF-8
-# ky_KG UTF-8
-# lb_LU UTF-8
-# lg_UG ISO-8859-10
-# lg_UG.UTF-8 UTF-8
-# li_BE UTF-8
-# li_NL UTF-8
-# lij_IT UTF-8
-# ln_CD UTF-8
-# lo_LA UTF-8
-# lt_LT ISO-8859-13
-# lt_LT.UTF-8 UTF-8
-# lv_LV ISO-8859-13
-# lv_LV.UTF-8 UTF-8
-# lzh_TW UTF-8
-# mag_IN UTF-8
-# mai_IN UTF-8
-# mg_MG ISO-8859-15
-# mg_MG.UTF-8 UTF-8
-# mhr_RU UTF-8
-# mi_NZ ISO-8859-13
-# mi_NZ.UTF-8 UTF-8
-# mk_MK ISO-8859-5
-# mk_MK.UTF-8 UTF-8
-# ml_IN UTF-8
-# mn_MN UTF-8
-# mni_IN UTF-8
-# mr_IN UTF-8
-# ms_MY ISO-8859-1
-# ms_MY.UTF-8 UTF-8
-# mt_MT ISO-8859-3
-# mt_MT.UTF-8 UTF-8
-# my_MM UTF-8
-# nan_TW UTF-8
-# nan_TW@latin UTF-8
-# nb_NO ISO-8859-1
-# nb_NO.UTF-8 UTF-8
-# nds_DE UTF-8
-# nds_NL UTF-8
-# ne_NP UTF-8
-# nhn_MX UTF-8
-# niu_NU UTF-8
-# niu_NZ UTF-8
-# nl_AW UTF-8
-# nl_BE ISO-8859-1
-# nl_BE.UTF-8 UTF-8
-# nl_BE@euro ISO-8859-15
-# nl_NL ISO-8859-1
-# nl_NL.UTF-8 UTF-8
-# nl_NL@euro ISO-8859-15
-# nn_NO ISO-8859-1
-# nn_NO.UTF-8 UTF-8
-# nr_ZA UTF-8
-# nso_ZA UTF-8
-# oc_FR ISO-8859-1
-# oc_FR.UTF-8 UTF-8
-# om_ET UTF-8
-# om_KE ISO-8859-1
-# om_KE.UTF-8 UTF-8
-# or_IN UTF-8
-# os_RU UTF-8
-# pa_IN UTF-8
-# pa_PK UTF-8
-# pap_AW UTF-8
-# pap_CW UTF-8
-# pl_PL ISO-8859-2
-# pl_PL.UTF-8 UTF-8
-# ps_AF UTF-8
-# pt_BR ISO-8859-1
-# pt_BR.UTF-8 UTF-8
-# pt_PT ISO-8859-1
-# pt_PT.UTF-8 UTF-8
-# pt_PT@euro ISO-8859-15
-# quz_PE UTF-8
-# raj_IN UTF-8
-# ro_RO ISO-8859-2
-# ro_RO.UTF-8 UTF-8
-# ru_RU ISO-8859-5
-# ru_RU.CP1251 CP1251
-# ru_RU.KOI8-R KOI8-R
-# ru_RU.UTF-8 UTF-8
-# ru_UA KOI8-U
-# ru_UA.UTF-8 UTF-8
-# rw_RW UTF-8
-# sa_IN UTF-8
-# sat_IN UTF-8
-# sc_IT UTF-8
-# sd_IN UTF-8
-# sd_IN@devanagari UTF-8
-# se_NO UTF-8
-# sgs_LT UTF-8
-# shs_CA UTF-8
-# si_LK UTF-8
-# sid_ET UTF-8
-# sk_SK ISO-8859-2
-# sk_SK.UTF-8 UTF-8
-# sl_SI ISO-8859-2
-# sl_SI.UTF-8 UTF-8
-# so_DJ ISO-8859-1
-# so_DJ.UTF-8 UTF-8
-# so_ET UTF-8
-# so_KE ISO-8859-1
-# so_KE.UTF-8 UTF-8
-# so_SO ISO-8859-1
-# so_SO.UTF-8 UTF-8
-# sq_AL ISO-8859-1
-# sq_AL.UTF-8 UTF-8
-# sq_MK UTF-8
-# sr_ME UTF-8
-# sr_RS UTF-8
-# sr_RS@latin UTF-8
-# ss_ZA UTF-8
-# st_ZA ISO-8859-1
-# st_ZA.UTF-8 UTF-8
-# sv_FI ISO-8859-1
-# sv_FI.UTF-8 UTF-8
-# sv_FI@euro ISO-8859-15
-# sv_SE ISO-8859-1
-# sv_SE.ISO-8859-15 ISO-8859-15
-# sv_SE.UTF-8 UTF-8
-# sw_KE UTF-8
-# sw_TZ UTF-8
-# szl_PL UTF-8
-# ta_IN UTF-8
-# ta_LK UTF-8
-# tcy_IN.UTF-8 UTF-8
-# te_IN UTF-8
-# tg_TJ KOI8-T
-# tg_TJ.UTF-8 UTF-8
-# th_TH TIS-620
-# th_TH.UTF-8 UTF-8
-# the_NP UTF-8
-# ti_ER UTF-8
-# ti_ET UTF-8
-# tig_ER UTF-8
-# tk_TM UTF-8
-# tl_PH ISO-8859-1
-# tl_PH.UTF-8 UTF-8
-# tn_ZA UTF-8
-# tr_CY ISO-8859-9
-# tr_CY.UTF-8 UTF-8
-# tr_TR ISO-8859-9
-# tr_TR.UTF-8 UTF-8
-# ts_ZA UTF-8
-# tt_RU UTF-8
-# tt_RU@iqtelif UTF-8
-# ug_CN UTF-8
-# uk_UA KOI8-U
-# uk_UA.UTF-8 UTF-8
-# unm_US UTF-8
-# ur_IN UTF-8
-# ur_PK UTF-8
-# uz_UZ ISO-8859-1
-# uz_UZ.UTF-8 UTF-8
-# uz_UZ@cyrillic UTF-8
-# ve_ZA UTF-8
-# vi_VN UTF-8
-# wa_BE ISO-8859-1
-# wa_BE.UTF-8 UTF-8
-# wa_BE@euro ISO-8859-15
-# wae_CH UTF-8
-# wal_ET UTF-8
-# wo_SN UTF-8
-# xh_ZA ISO-8859-1
-# xh_ZA.UTF-8 UTF-8
-# yi_US CP1255
-# yi_US.UTF-8 UTF-8
-# yo_NG UTF-8
-# yue_HK UTF-8
-# zh_CN GB2312
-# zh_CN.GB18030 GB18030
-# zh_CN.GBK GBK
-# zh_CN.UTF-8 UTF-8
-# zh_HK BIG5-HKSCS
-# zh_HK.UTF-8 UTF-8
-# zh_SG GB2312
-# zh_SG.GBK GBK
-# zh_SG.UTF-8 UTF-8
-# zh_TW BIG5
-# zh_TW.EUC-TW EUC-TW
-# zh_TW.UTF-8 UTF-8
-# zu_ZA ISO-8859-1
-# zu_ZA.UTF-8 UTF-8
+++ /dev/null
-Europe/Berlin
+++ /dev/null
-[Unit]
-Description=rtorrent session
-After=network.target
-
-[Service]
-Type=simple
-User=plom
-Group=plom
-WorkingDirectory=/home/plom
-ExecStartPre=-/bin/rm -f /home/plom/session/rtorrent.lock
-ExecStart=/usr/bin/screen -S rtorrent -Dm /usr/bin/rtorrent
-ExecStop=/usr/bin/screen -S rtorrent -X quit
-Restart=on-failure
-RestartSec=3
-
-[Install]
-WantedBy=multi-user.target
+++ /dev/null
-
-# This is the sshd server system-wide configuration file. See
-# sshd_config(5) for more information.
-
-# This sshd was compiled with PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
-
-# The strategy used for options in the default sshd_config shipped with
-# OpenSSH is to specify options with their default value where
-# possible, but leave them commented. Uncommented options override the
-# default value.
-
-Include /etc/ssh/sshd_config.d/*.conf
-
-#Port 22
-#AddressFamily any
-#ListenAddress 0.0.0.0
-#ListenAddress ::
-
-#HostKey /etc/ssh/ssh_host_rsa_key
-#HostKey /etc/ssh/ssh_host_ecdsa_key
-#HostKey /etc/ssh/ssh_host_ed25519_key
-
-# Ciphers and keying
-#RekeyLimit default none
-
-# Logging
-#SyslogFacility AUTH
-#LogLevel INFO
-
-# Authentication:
-
-#LoginGraceTime 2m
-#PermitRootLogin prohibit-password
-PermitRootLogin no # plomlompom's security rule
-#StrictModes yes
-#MaxAuthTries 6
-#MaxSessions 10
-
-#PubkeyAuthentication yes
-
-# Expect .ssh/authorized_keys2 to be disregarded by default in future.
-#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2
-
-#AuthorizedPrincipalsFile none
-
-#AuthorizedKeysCommand none
-#AuthorizedKeysCommandUser nobody
-
-# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
-#HostbasedAuthentication no
-# Change to yes if you don't trust ~/.ssh/known_hosts for
-# HostbasedAuthentication
-#IgnoreUserKnownHosts no
-# Don't read the user's ~/.rhosts and ~/.shosts files
-#IgnoreRhosts yes
-
-# To disable tunneled clear text passwords, change to no here!
-PasswordAuthentication no
-#PermitEmptyPasswords no
-
-# Change to yes to enable challenge-response passwords (beware issues with
-# some PAM modules and threads)
-KbdInteractiveAuthentication no
-
-# Kerberos options
-#KerberosAuthentication no
-#KerberosOrLocalPasswd yes
-#KerberosTicketCleanup yes
-#KerberosGetAFSToken no
-
-# GSSAPI options
-#GSSAPIAuthentication no
-#GSSAPICleanupCredentials yes
-#GSSAPIStrictAcceptorCheck yes
-#GSSAPIKeyExchange no
-
-# Set this to 'yes' to enable PAM authentication, account processing,
-# and session processing. If this is enabled, PAM authentication will
-# be allowed through the KbdInteractiveAuthentication and
-# PasswordAuthentication. Depending on your PAM configuration,
-# PAM authentication via KbdInteractiveAuthentication may bypass
-# the setting of "PermitRootLogin prohibit-password".
-# If you just want the PAM account and session checks to run without
-# PAM authentication, then enable this but set PasswordAuthentication
-# and KbdInteractiveAuthentication to 'no'.
-UsePAM yes
-
-#AllowAgentForwarding yes
-#AllowTcpForwarding yes
-#GatewayPorts no
-X11Forwarding yes
-#X11DisplayOffset 10
-#X11UseLocalhost yes
-#PermitTTY yes
-PrintMotd no
-#PrintLastLog yes
-#TCPKeepAlive yes
-#PermitUserEnvironment no
-#Compression delayed
-ClientAliveInterval 15
-#ClientAliveCountMax 3
-#UseDNS no
-#PidFile /run/sshd.pid
-#MaxStartups 10:30:100
-#PermitTunnel no
-#ChrootDirectory none
-#VersionAddendum none
-
-# no default banner path
-#Banner none
-
-# Allow client to pass locale environment variables
-AcceptEnv LANG LC_*
-
-# override default of no subsystems
-Subsystem sftp /usr/lib/openssh/sftp-server
-
-# Example of overriding settings on a per-user basis
-#Match User anoncvs
-# X11Forwarding no
-# AllowTcpForwarding no
-# PermitTTY no
-# ForceCommand cvs server
+++ /dev/null
-server {
- listen 443 ssl;
- server_name REPLACE_fqdn_ECALPER;
- ssl_certificate /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/privkey.pem;
- root /var/www/status.plomlompom.com/;
-
- location = / {
- return 301 /users/plomlompom.html;
- }
-
- # re-direct to .html endings
- location ~ ^/(notice|users)/([^\.]*)/?$ {
- rewrite ^/(notice|users)/([^\./]*)/?$ /$1/$2.html permanent;
- }
-}
+++ /dev/null
-server {
- listen 443 ssl;
- server_name REPLACE_fqdn_ECALPER;
- ssl_certificate /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/privkey.pem;
- root /var/www/tube.plomlompom.com/;
-
- # re-direct to .html endings
- location ~ ^/videos/watch/([^\.]*)/?$ {
- rewrite ^/videos/watch/([^\./]*)/?$ /videos/watch/$1.html permanent;
- }
-}
+++ /dev/null
-# If you change this file, run 'update-grub' afterwards to update
-# /boot/grub/grub.cfg.
-# For full documentation of the options in this file, see:
-# info -f grub -n 'Simple configuration'
-
-GRUB_DEFAULT=0
-GRUB_TIMEOUT=5
-GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`
-GRUB_CMDLINE_LINUX_DEFAULT="quiet nvidia.NVreg_OpenRmEnableUnsupportedGpus=1"
-GRUB_CMDLINE_LINUX=""
-
-# Uncomment to enable BadRAM filtering, modify to suit your needs
-# This works with Linux (no patch required) and with any kernel that obtains
-# the memory map information from GRUB (GNU Mach, kernel of FreeBSD ...)
-#GRUB_BADRAM="0x01234567,0xfefefefe,0x89abcdef,0xefefefef"
-
-# Uncomment to disable graphical terminal (grub-pc only)
-#GRUB_TERMINAL=console
-
-# The resolution used on graphical terminal
-# note that you can use only modes which your graphic card supports via VBE
-# you can see them in real GRUB with the command `vbeinfo'
-#GRUB_GFXMODE=640x480
-
-# Uncomment if you don't want GRUB to pass "root=UUID=xxx" parameter to Linux
-#GRUB_DISABLE_LINUX_UUID=true
-
-# Uncomment to disable generation of recovery mode menu entries
-#GRUB_DISABLE_RECOVERY="true"
-
-# Uncomment to get a beep at grub start
-#GRUB_INIT_TUNE="480 440 1"
+++ /dev/null
-blacklist nouveau
-options nouveau modeset=0
-
+++ /dev/null
-#!/usr/sbin/nft -f
-
-flush ruleset
-
-table inet filter {
- chain input {
- type filter hook input priority 0; policy drop;
- iif lo accept comment "accept localhost traffic"
- ct state invalid drop comment "drop invalid connections"
- ct state established, related accept comment "accept traffic originated from us"
- tcp dport 22 accept comment "accept SSH on default port"
- tcp dport 80 accept comment "accept HTTP on default port"
- tcp dport 443 accept comment "accept HTTPS on default port"
- ip protocol icmp icmp type echo-request accept comment "accept ICMP for pinging"
- }
- chain forward {
- type filter hook forward priority 0; policy drop;
- }
- chain output {
- type filter hook output priority 0; policy accept;
- }
-}
+++ /dev/null
-# system integration
-user www-data;
-worker_processes auto;
-pid /run/nginx.pid;
-include /etc/nginx/modules-enabled/*.conf;
-
-# is expected even if empty
-events {
-}
-
-http {
- # define content-type headers
- include /etc/nginx/mime.types;
- charset utf-8;
-
- # Some standard optimizations, i.e. Debian default. Explained in
- # <https://thoughts.t37.net/nginx-optimization-understanding-sendfile-tcp-nodelay-and-tcp-nopush-c55cdd276765>
- # Not that I understand it all …
- sendfile on;
- tcp_nopush on;
- tcp_nodelay on;
-
- # logging deactivated due to GDPR
- #access_log /var/log/nginx/access.log;
- #error_log /var/log/nginx/error.log;
- access_log off;
- error_log off;
-
- # virtual hosts: sites-enabled is the Debian way, conf.d the NGINX default
- include /etc/nginx/conf.d/*.conf;
- include /etc/nginx/sites-enabled/*;
-
- # Redirect all HTTP requests to HTTPS.
- server {
- listen 80;
- return 301 https://$host$request_uri;
- }
-}
+++ /dev/null
-# Don't blank screen, as this will confuse the HDMI switch setup / lead to unrecoverable X sessions.
-xset s noblank
+++ /dev/null
-# Settings for interactive shells.
-
-# Fancy colors for ls.
-alias ls="ls --color=auto"
-
-# Other helpful aliases
-alias sshauth='eval $(ssh-agent) && ssh-add'
-# alias xrandrbig='xrandr --output LVDS-1 --off'
-
-# Use vim as default editor for anything.
-export VISUAL=vim
-export EDITOR=$VISUAL
-
-# Colored prompt with username, hostname, date/time, directory.
-colornumber=7 # Default to white if no color set via colornumber dotfile.
-colornumber_file=~/.shell_prompt_color
-if [ -f $colornumber_file ]; then
- colornumber=`cat $colornumber_file`
-fi
-tput_color="$(tput setaf $colornumber)$(tput bold)"
-tput_reset="$(tput sgr0)"
-# Bash confuses the line length when not told to not count escape sequences.
-if [ ! "$BASH" = "" ]; then
- tput_color="\[$tput_color\]"
- tput_reset="\[$tput_reset\]"
-fi
-PS1="${tput_color}["\$\(date\ +%Y-%m-%d/%H:%M:%S/%Z\)" $(whoami)@$(hostname):"\$\(pwd\)"]$ $tput_reset"
-PS2="${tput_color}> $tput_reset"
-PS3="${tput_color}select: $tput_reset"
-PS4="${tput_color}+ $tput_reset"
+++ /dev/null
-# where to write downloads into
-directory.default.set = ~/downloads
-
-# rtorrent's memory
-session.path.set = ~/session
-
-# security and paranoia
-dht.mode.set = disable
-protocol.pex.set = no
-protocol.encryption.set = require,require_RC4,allow_incoming,try_outgoing
-
+++ /dev/null
-! otherwise various applications will assume merely 8 colors
-XTerm.termName: xterm-256color
-
-! font
-! actually, "mono" is already the default for faceName (it will
-! pick whatever fc-match mono delivers), but we need to set _some_
-! faceName to trigger XTerm activating TrueType fonts
-! (XTerm*fontRender by itself won't do the trick), and we want
-! TrueType fonts because, well, they scale better, and XTerm lets them
-! fall back on alternatives (hi there ttf-unifont) when a Unicode
-! glyph is not found
-XTerm*faceName: mono
-
-! white on black
-XTerm*reverseVideo: on
-
-! blink screen instead of sound
-XTerm*visualBell: on
-
-! proper ALT as META key treatment
-XTerm*eightBitInput: false
-
-! font sizes
-XTerm*faceSize: 8
-XTerm*faceSize1: 4
-XTerm*faceSize2: 5
-XTerm*faceSize3: 6
-XTerm*faceSize4: 8
-XTerm*faceSize5: 14
-XTerm*faceSize6: 25
-
-! colors
-! black
-XTerm*color0: #202020
-XTerm*color8: #3F3F3F
-! red
-XTerm*color1: #A82020
-XTerm*color9: #E82020
-! green
-XTerm*color2: #20A820
-XTerm*color10: #20E820
-! yellow
-XTerm*color3: #A8A820
-XTerm*color11: #E8E820
-! blue
-XTerm*color4: #3F3FFF
-XTerm*color12: #9F9FFF
-! magenta
-XTerm*color5: #A83FFF
-XTerm*color13: #E89FFF
-! cyan
-XTerm*color6: #3FA8FF
-XTerm*color14: #9FE8FF
-! white
-XTerm*color7: #A8A8A8
-XTerm*color15: #E8E8E8
+++ /dev/null
-plom@plomlompom.com
-plom@mail.plomlompom.com
-plom@play.plomlompom.com
-# file read ends at last newline
+++ /dev/null
-# plomlompom's i3-wm configuration
-
-# Font for i3 text
-font pango:Terminus 8px
-
-# Force "tabbed" as default layout for new windows.
-workspace_layout tabbed
-
-# Make the Windows key the modifier key for all i3-wm actions.
-set $mod Mod4
-floating_modifier $mod
-
-# Launch xterm.
-bindsym $mod+Return exec xterm
-
-# Launch programs via dmenu.
-bindsym $mod+d exec dmenu_run
-bindsym $mod+x exec dmenu_run
-
-# Kill window.
-bindsym $mod+Shift+Q kill
-
-# Move focus between windows.
-bindsym $mod+Left focus left
-bindsym $mod+Down focus down
-bindsym $mod+Up focus up
-bindsym $mod+Right focus right
-
-# Don't move focus with mouse.
-focus_follows_mouse no
-
-# Move windows.
-bindsym $mod+Shift+Left move left
-bindsym $mod+Shift+Down move down
-bindsym $mod+Shift+Up move up
-bindsym $mod+Shift+Right move right
-
-# Resize windows
-bindsym $mod+h resize shrink width 1 px or 1 ppt
-bindsym $mod+l resize grow width 1 px or 1 ppt
-bindsym $mod+j resize shrink height
-bindsym $mod+k resize grow height
-
-# Toggle fullscreen for focused window.
-bindsym $mod+f fullscreen
-
-# Toggle floating of window, focus on floating or tabbed windows.
-bindsym $mod+Shift+space floating toggle
-bindsym $mod+space focus mode_toggle
-
-# Switch to workspace x.
-bindsym $mod+1 workspace 1
-bindsym $mod+2 workspace 2
-bindsym $mod+3 workspace 3
-bindsym $mod+4 workspace 4
-bindsym $mod+5 workspace 5
-bindsym $mod+6 workspace 6
-bindsym $mod+7 workspace 7
-bindsym $mod+8 workspace 8
-bindsym $mod+9 workspace 9
-bindsym $mod+0 workspace 10
-
-# Move window to workspace x.
-bindsym $mod+Shift+exclam move workspace 1
-bindsym $mod+Shift+quotedbl move workspace 2
-bindsym $mod+Shift+section move workspace 3
-bindsym $mod+Shift+dollar move workspace 4
-bindsym $mod+Shift+percent move workspace 5
-bindsym $mod+Shift+ampersand move workspace 6
-bindsym $mod+Shift+slash move workspace 7
-bindsym $mod+Shift+parenleft move workspace 8
-bindsym $mod+Shift+parenright move workspace 9
-bindsym $mod+Shift+equal move workspace 10
-
-# Reload i3 config file, restart (keeping sesion) i3, exit i3.
-bindsym $mod+Shift+C reload
-bindsym $mod+Shift+R restart
-bindsym $mod+Shift+P exit
-
-# Select "i3status" as i3 status bar, hide systray icons.
-bar {
- tray_output none
- status_command i3status
-}
-
-include ~/.config/i3/config_bonus
+++ /dev/null
-# plomlompom's i3 status bar configuration
-
-# Activate colors; set update interval of one second.
-general {
- colors = true
- interval = 1
-}
-
-# Selection / order of status elements.
-order += "disk /"
-order += "disk /home/"
-order += "wireless wlp3s0"
-order += "ethernet enp0s25"
-order += "battery 0"
-order += "cpu_usage"
-order += "load"
-order += "cpu_temperature 0"
-order += "time"
-order += "volume master"
-
-# How much space is left in / ?
-disk "/" {
- format = "/: %avail available of %total"
- separator_block_width = 25
-}
-
-# How much space is left in /home ?
-disk "/home/" {
- format = "/home: %avail available of %total"
- separator_block_width = 25
-}
-
-# WLAN status: show IP and connection quality or "down".
-wireless wlp3s0 {
- format_up = "w: (%quality at %essid) %ip"
- format_down = "w: down"
- separator_block_width = 10
-}
-
-# Ethernet status: show IP or "down".
-ethernet enp0s25 {
- format_up = "e: %ip"
- format_down = "e: down"
- separator_block_width = 25
-}
-
-# Battery status: show FULL/CHARGING/BATTERY, storage, time left.
-battery 0 {
- format = "b: %status %percentage %remaining"
- separator_block_width = 25
-}
-
-# Show CPU usage.
-cpu_usage {
- format = "cpu: %usage"
- separator_block_width = 10
-}
-
-# Show system load during last 1/5/15 minutes.
-load {
- format = "%1min %5min %15min"
- separator_block_width = 25
-}
-
-# Show CPU temperature in degrees of celsius.
-cpu_temperature 0 {
- format = "%degrees °C"
- separator_block_width = 25
-}
-
-# Show date/time/timezone as "year-month-day hour:minute:second
-# timezone_numeric/timezone_alphabetic".
-time {
- format = "%Y-%m-%d %H:%M:%S %z/%Z"
- separator_block_width = 25
-}
-
-volume master {
- format = "♪: %volume"
- format_muted = "♪: muted (%volume)"
- separator_block_width = 25
-}
+++ /dev/null
-;; general layout
-;; ==============
-
-;; need no stinkin emacs help screen as start up, and no menu bar
-(setq inhibit-startup-screen t)
-(menu-bar-mode -1)
-
-;; highlight cursor line, parentheses
-(global-hl-line-mode 1)
-(show-paren-mode 1)
-
-;; show line numbers, use separator space
-(global-linum-mode)
-(setq linum-format "%d ")
-
-;; count cursor column, row in mode line
-(setq column-number-mode t)
-
-;; settings to make GUI tolerable
-(if window-system
- (progn
- (add-to-list 'default-frame-alist '(foreground-color . "white"))
- (add-to-list 'default-frame-alist '(background-color . "black"))
- (set-face-attribute 'default nil :height 80)
- (scroll-bar-mode -1)
- (setq visible-bell t)
- (setq linum-format "%d")))
-
-;; use as default browser what XDG offers
-(setq-default browse-url-browser-function 'browse-url-xdg-open)
-
-
-
-;; general keybindings
-;; ===================
-
-;; create and use a minimal global map using just the self-insert command
-;; bindings and a selection of some to me very common keystrokes
-(setq minimal-map (make-sparse-keymap))
-(substitute-key-definition 'self-insert-command 'self-insert-command
- minimal-map global-map)
-(use-global-map minimal-map)
-(global-set-key (kbd "DEL") 'backward-delete-char-untabify)
-(global-set-key (kbd "RET") 'newline)
-(global-set-key (kbd "TAB") 'indent-for-tab-command)
-(global-set-key (kbd "<up>") 'previous-line)
-(global-set-key (kbd "<down>") 'next-line)
-(global-set-key (kbd "<left>") 'left-char)
-(global-set-key (kbd "<right>") 'right-char)
-(global-set-key (kbd "<prior>") 'scroll-down-command)
-(global-set-key (kbd "<next>") 'scroll-up-command)
-(global-set-key (kbd "M-x") 'execute-extended-command)
-(global-set-key (kbd "C-g") 'keyboard-quit)
-;(global-set-key (kbd "<f3>") 'kmacro-start-macro-or-insert-counter)
-;(global-set-key (kbd "<f4>") 'kmacro-end-or-call-macro)
-;; note how to switch back to the original map: (use-global-map global-map)
-(setq shr-map (make-sparse-keymap)) ; got annoying in elfeed-show on URLs
-
-
-
-;; minibuffer
-;; ==========
-
-;; incremental minibuffer completion
-(icomplete-mode 1)
-
-
-
-;; text editing
-;; ============
-
-;; tabs are evil
-(setq-default indent-tabs-mode nil)
-(setq-default tab-width 4)
-(setq indent-line-function 'insert-tab)
-
-;; show trailing whitespace
-(setq-default show-trailing-whitespace 1)
-
-;; on save, ask whether to ensure text file's last line ends in a
-;; newline character
-(setq require-final-newline 1)
-
-;; use dedicated directory for version-controlled, endless backups;
-;; never delete old versions
-(setq make-backup-files t
- backup-directory-alist `(("." . "~/.emacs_backups"))
- backup-by-copying t
- version-control t
- delete-old-versions 1) ;; neither t nor nil: never delete
-
-
-;; package management
-;; ==================
-
-;; where we get packages from
-(setq package-archives '(("gnu" . "https://elpa.gnu.org/packages/")
- ("melpa-unstable" . "https://melpa.org/packages/")
- ("melpa-stable" . "https://stable.melpa.org/packages/")))
-
-;; ensure certain packages are installed (actually, we use Debian repos here)
-;; credit to <https://stackoverflow.com/a/10093312>
-;(setq package-list '(elfeed ledger-mode))
-;(package-initialize)
-;(dolist (package package-list)
-; (unless (package-installed-p package)
-; (package-install package)))
-
-
-
-;;; window management
-;;; =================
-;
-;;; track window configurations to allow window config undo
-;(winner-mode 1)
-
-
-
-;; mail setup
-;; ==========
-
-(setq send-mail-function 'smtpmail-send-it)
-(setq smtpmail-smtp-server "mail.plomlompom.com")
-(setq smtpmail-smtp-service 465)
-(setq smtpmail-stream-type 'ssl)
-(setq smtpmail-smtp-user "plom")
-(setq mml-secure-openpgp-encrypt-to-self t)
-(add-hook 'message-setup-hook 'mml-secure-sign-pgpmime)
-
-;(setq gnutls-log-level 0)
-
-;; if we don't set this, we get this warning:
-;; gnutls.c: [1] Note that the security level of the Diffie-Hellman key exchange
-;; has been lowered to 256 bits and this may allow decryption of the session data
-(setq gnutls-min-prime-bits 1024)
-
-;; there is a WEIRD bug somewhere in /network-stream-open-tls/ that disappears the
-;; stream process, seemingly unless the /message/ function is called at the right
-;; place (earliest in /nsm-verify-connection/ right before the "cond" there, latest
-;; in /network-stream-get-response/ right after "(goto-char start)"; this works
-;; unless /inhibit_message/ is set, indicating that writing to the *Messages*
-;; buffer is not relevant, but maybe writing to the echo area is); activing the
-;; gnutls logging is just a hack to achieve such calls to /message/ in the
-;; /network-stream-open-tls/ flow.
-(setq gnutls-log-level 1) ; miraculously makes smtpmail work
-
-;; constructs From: domain if mail composer directly called (from without
-;; notmuch), but we don't actually intend to do that
-;(setq mail-host-address "plomlompom.com")
-
-;; otherwise notmuch becomes extremely slow in some cases
-(setq-default notmuch-show-indent-content nil)
-
-;; this only works if we use notmuch-mua-send instead of message-send
-(setq notmuch-fcc-dirs '(("plom@plomlompom.com" . "maildir/Sent")))
-
-;; this gets rid of "i-did-not-set--mail-host-address--so-tickle-me"
-;; in the message ID
-(setq mail-host-address "plomlompom.com")
-
-;; notmuch saved searches
-(setq notmuch-saved-searches
- '((:name "inbox" :query "tag:unread and folder:inbox")
- (:name "all" :query "tag:unread not folder:maildir/Trash")
- (:name "plomlompom.de" :query "tag:unread and folder:maildir/plomlompom.de")
- (:name "nebenan" :query "tag:unread and folder:maildir/nebenan")
- (:name "reflect-info" :query "tag:unread and folder:maildir/reflect-info")
- (:name "gmail" :query "tag:unread and folder:maildir/gmail.com")
- (:name "mutter" :query "tag:unread and folder:maildir/mutter")))
-
-
-
-;; org mode
-;; ========
-
-;; unsure why, but to re-set the key map, we not only have to explicitely do it
-;; only after org-mode loading, but also have to explicitely overwrite the
-;; C-c keybinding; TODO: investigate
-(with-eval-after-load 'org
- (setq org-mode-map (make-sparse-keymap))
- (define-key org-mode-map (kbd "C-c") nil)
- (define-key org-mode-map (kbd "TAB") 'org-cycle)
- (define-key org-mode-map (kbd "<backtab>") 'org-shifttab))
-
-;; don't truncate lines by default
-(setq org-startup-truncated nil)
-
-;; basic org-capture config
-(setq org-capture-templates
- '(("x" "test" plain (file "~/org/notes.org") "%T: %?")))
-(add-hook 'org-capture-mode-hook 'evil-insert-state)
-
-;; agenda view on startup
-(load-library "find-lisp")
-(setq org-agenda-files (find-lisp-find-files "~/org" "\.org$"))
-(setq org-agenda-span 90)
-(setq org-agenda-use-time-grid nil)
-(add-hook 'emacs-startup-hook (lambda ()
- (org-agenda-list)
- (switch-to-buffer "*Org Agenda*")
- (other-window 1)))
-
-;;; for calendar, use ISO date style
-;(setq calendar-date-style 'iso)
-;(setq diary-number-of-entries 7)
-;(diary)
-;(setq org-agenda-time-grid '((today require-timed remove-match)
-; #("----------------" 0 16 (org-heading t))
-; (0 200 400 600 800 1000 1200
-; 1400 1600 1800 2000 2200)))
-
-;; empty org-agenda-mode keybindings
-(add-hook 'org-agenda-mode-hook
- (lambda ()
- (setq org-agenda-mode-map (make-sparse-keymap))))
-(add-hook 'org-agenda-mode-hook
- (lambda ()
- (use-local-map (make-sparse-keymap))))
-
-;; org-publish-all
-(setq org-publish-project-alist
- '(
- ("website"
- :base-directory "~/org/web/"
- :base-extension "org"
- :publishing-directory "~/html/"
- :recursive t
- :publishing-function org-html-publish-to-html
- :headline-levels 4 ; Just the default for this project.
- :auto-preamble t
- )))
-
-;; use [ki:] syntax to hide stuff from exports
-(defun classify-information (text backend info)
- "Replaces '[ki:WHATEVER]' with '[klassifizierte Information]'."
- (replace-regexp-in-string "\\[ki:[^\]]*\]" "[klassifizierte Information]" text))
-(add-hook 'org-export-filter-plain-text-functions 'classify-information)
-
-;; add HTML validator link to exports
-(setq org-html-validation-link "<a href=\"https://validator.w3.org/check?uri=referer\">Validate</a>")
-
-
-
-;;; Info mode
-;;; =========
-
-(setq Info-mode-map (make-sparse-keymap))
-(define-key Info-mode-map (kbd "RET") 'Info-follow-nearest-node)
-(define-key Info-mode-map (kbd "u") 'Info-up)
-(define-key Info-mode-map (kbd "TAB") 'Info-next-reference)
-(define-key Info-mode-map (kbd "<backtab>") 'Info-prev-reference)
-(define-key Info-mode-map (kbd "H") 'Info-history-back)
-(define-key Info-mode-map (kbd "L") 'Info-history-forward)
-(define-key Info-mode-map (kbd "I") 'Info-goto-node)
-(define-key Info-mode-map (kbd "i") 'Info-index)
-
-
-
-;; help mode
-;; =========
-
-(setq help-mode-map (make-sparse-keymap))
-(define-key help-mode-map (kbd "TAB") 'forward-button)
-(define-key help-mode-map (kbd "RET") 'help-follow)
-(define-key help-mode-map (kbd "<backtab>") 'backward-button)
-
-
-
-; ;; elfeed
-; ;; ======
-;
-; (require 'elfeed) ; needed so we can set the font faces
-; (set-face-background 'elfeed-search-title-face "magenta")
-; (set-face-background 'elfeed-search-unread-count-face "magenta")
-; (setq elfeed-feeds
-; '("https://capsurvival.blogspot.com/feeds/posts/default"
-; "https://jungle.world/rss.xml"
-; "http://news.dieweltistgarnichtso.net/bin/index.xml"
-; "https://taz.de/!s=&ExportStatus=Intern&SuchRahmen=Online;rss/"
-; "http://www.tagesschau.de/xml/atom"))
-; (setq elfeed-search-mode-map (make-sparse-keymap))
-; (define-key elfeed-search-mode-map (kbd "RET") 'elfeed-search-show-entry)
-; (defun elfeed-search-mark-as-read() (interactive)
-; (elfeed-search-untag-all 'unread))
-; (define-key elfeed-search-mode-map (kbd "r") 'elfeed-search-mark-as-read)
-; (define-key elfeed-search-mode-map (kbd "R") 'elfeed-search-tag-all-unread)
-; (define-key elfeed-search-mode-map (kbd "f") 'elfeed-search-live-filter)
-; (define-key elfeed-search-mode-map (kbd "u") 'elfeed-update)
-; (setq elfeed-show-mode-map (make-sparse-keymap))
-; (define-key elfeed-show-mode-map (kbd "u") 'elfeed)
-; (define-key elfeed-show-mode-map (kbd "TAB") 'shr-next-link)
-; (define-key elfeed-show-mode-map (kbd "<backtab>") 'shr-previous-link)
-; (define-key elfeed-show-mode-map (kbd "a") 'elfeed-show-prev)
-; (define-key elfeed-show-mode-map (kbd "d") 'elfeed-show-next)
-; (define-key elfeed-show-mode-map (kbd "y") 'shr-copy-url)
-; (define-key elfeed-show-mode-map (kbd "RET") 'shr-browse-url)
-;
-;
-;
-; ;; eww
-; ;; ===
-;
-; (setq eww-mode-map (make-sparse-keymap))
-; (define-key eww-mode-map (kbd "TAB") 'shr-next-link)
-; (define-key eww-mode-map (kbd "<backtab>") 'shr-previous-link)
-; (define-key eww-mode-map (kbd "H") 'eww-back-url)
-; (define-key eww-mode-map (kbd "L") 'eww-forward-url)
-
-
-
-;; ledger
-;; ======
-(setq ledger-mode-map (make-sparse-keymap))
-(define-key ledger-mode-map (kbd "TAB") 'completion-at-point)
-
-
-
-;;; plomvi mode
-;;; ===========
-
-(defvar plomvi-return-combo (kbd "C-c"))
-(load "~/public_repos/plomvi.el/plomvi.el")
-(plomvi-global-mode 1)
+++ /dev/null
-[user]
- email = c.heller@plomlompom.de
- name = Christian Heller
+++ /dev/null
-IMAPAccount plom
-# Address to connect to
-Host mail.plomlompom.com
-User plom
-# For some reason, mbsync doesn't accept a PassCmd output beyond 79 chars,
-# therefore the pw in ~/.authinfo should not be longer than that.
-PassCmd "cat ~/.authinfo | cut -d' ' -f8-"
-SSLType IMAPS
-AuthMechs LOGIN
-
-IMAPStore core-remote
-Account plom
-
-MaildirStore core-local
-# The trailing "/" is important
-Path ~/mail/maildir/
-Inbox ~/mail/inbox/
-
-Channel core
-Far :core-remote:
-Near :core-local:
-Patterns *
-# Automatically create missing mailboxes, both locally and on the server
-Create Both
-# Save the synchronization state files in the relevant directory
-SyncState *
-# If a mail is marked T ("Trashed") or deleted, remove it for real everywhere
-Expunge Both
+++ /dev/null
-[database]
-path=/home/plom/mail
-[search]
-exclude_tags=deleted;spam;
-# the fields below set the From: if the mail composer is called from
-# within notmuch
-[user]
-name=Christian Heller
-primary_email=plom@plomlompom.com
+++ /dev/null
-# sanitize tridactyllocal tridactylsync
-# guiset tabs always
-# guiset hoverlink left
-# guiset statuspanel right
-autocmd DocStart www.reddit.com urlmodify -t www.reddit old.reddit
-# bind ö fillcmdline find
-# bind n findnext 1
-# bind N findnext -1
-bind j scrollline 3
-bind k scrollline -3
-set hintuppercase false
-set searchengine duckduckgo
-set theme midnight
-set searchurls.wiktionary https://en.wiktionary.org/w/index.php?search=
-set searchurls.dictcc https://www.dict.cc/?s=
-set hintchars 123456qwertasdfgyxcvb
-guiset gui none
-escapehatch
+++ /dev/null
-# X init configuration
-
-# Set keymap.
-setxkbmap de
-
-# Map CapsLock to Compose key.
-xmodmap -e "clear Lock"
-xmodmap -e "keycode 66 = Multi_key"
-
-# Load xterm settings
-xrdb -merge ~/.Xresources
-
-# Redshift to Berlin, Germany.
-redshift -rl 53:13 &
-
-sh .xinitrc_bonus
-
-# Launch window manager.
-i3
+++ /dev/null
-#!/bin/sh
-set -e
-
-basedir="/home/plom/mail/maildir/"
-# Ensure directories exist for all "dir:*" tags.
-for tag in $(notmuch search --output=tags '*'); do
- if [ ! $(echo "${tag}" | cut -c-4) = "dir:" ]; then
- continue
- fi
- target_dir="${basedir}"$(echo "${tag}" | cut -c5-)"/cur/"
- if [ ! -d "${target_dir}" ]; then
- echo "Directory ${target_dir} does not exist."
- exit 1
- fi
-done
-
-# Ensure all "dir:*"-tagged mails are in proper directories,
-# remove all "dir:*" tags.
-for tag in $(notmuch search --output=tags '*'); do
- if [ ! $(echo "${tag}" | cut -c-4) = "dir:" ]; then
- continue
- fi
- target_dir="${basedir}"$(echo "${tag}" | cut -c5-)"/cur/"
- for f in $(notmuch search --output=files tag:"${tag}"); do
- new_name=$(basename "${f}" | sed -e 's/,U=[0-9]*//')
- target_path="${target_dir}${new_name}"
- if [ ! "${target_path}" = "${f}" ]; then
- echo "Moving ${f} to ${target_path}."
- mv "${f}" "${target_path}"
- # NOTE: if we encounter an error here of ${f} not being findable, run "notmuch reindex tag:${tag}" to fix
- fi
- done
- notmuch tag -"${tag}" tag:"${tag}"
-done
-
-# Remove all "deleted"-tagged files from maildirs.
-notmuch search --output=files tag:deleted | while read f; do
- echo "Deleting ${f}"
- rm "${f}"
-done
-
-# Sync changes back to server and update notmuch index.
-mbsync -a
-notmuch new
+++ /dev/null
-# List of repos we want cloned in ~/public_repos
-config
-pingmail.git
-plomlombot-irc.git
-plomrogue
-plomrogue2-experiments
-plomvi.el
-misc
+++ /dev/null
-# put main workspaces on big monitor
-workspace 1 output LVDS-1
-workspace 2 output HDMI-1-0
-workspace 3 output HDMI-1-0
-workspace 4 output HDMI-1-0
-workspace 5 output HDMI-1-0
-workspace 6 output HDMI-1-0
-workspace 7 output HDMI-1-0
-workspace 8 output HDMI-1-0
-workspace 9 output HDMI-1-0
-workspace 10 output HDMI-1-0
-
-# default to big monitor's first workspace
-# exec "i3-msg 'workspace 1'"
+++ /dev/null
-# The extreme --pos disconnects the cursor movement spaces, so mouse stays inside selected screen.
-xrandr --output LVDS-1 --mode 1368x768 --output HDMI-1-0 --auto --pos 2000x2000
+++ /dev/null
-#!/bin/sh
-set -e
-. ./misc.sh
-. ../../misc.sh
-
-expect_n_args 2 "(hostname, FQDN)" "$@"
-hostname="$1"
-fqdn="$2"
-shift 2
-
-cd "${setup_scripts_dir}"
-
-# Adapt /etc/ to our needs by copying from ./etc_files. This will set
-# basic configurations affecting following steps, such as setup of APT
-# and the locale selection, so needs to be right at the beginning.
-./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" all "$@"
-
-# Set hostname and FQDN.
-./set_hostname_and_fqdn.sh "${hostname}" "${fqdn}"
-
-# Ensure package installation state as defined by what packages are
-# defined as required by Debian policy and by settings in ./apt-mark/.
-apt update
-./install_for_target.sh all "$@"
-./purge_nonrequireds.sh all "$@"
-
-# Ensure our desired locale is available.
-locale-gen
-
-# Only upgrade after reducing the system to the desired minimum, so that
-# we don't need to get more data than necessary.
-apt -y dist-upgrade
-
-# Set Berlin localtime.
-ln -sf /usr/share/zoneinfo/Europe/Berlin /etc/localtime
+++ /dev/null
-#!/bin/sh
-# Copy files in argument-selected subdirectories of $1 to subdirectories
-# of $2 (which may be an empty string), e.g. with $1 of "etc_files", $2
-# of "" and $3 of "all", copy files below etc_files/all such as
-# etc_files/all/etc/foo/bar to equivalent locations below / such as
-# /etc/foo/bar. Create directories as necessary. Multiple arguments after
-# $3 are possible.
-#
-# CAUTION: This removes original files at the affected paths.
-set -e
-. ./misc.sh
-. ../../misc.sh
-
-expect_n_args 3 "(source root, target root, modules)" "$@"
-
-source_root="$1"
-target_root="$2"
-shift 2
-
-for target_module in "$@"; do
- mkdir -p "${source_root}/${target_module}"
- cd "${source_root}/${target_module}"
- for path in $(find . -type f); do
- target_path="${target_root}"$(echo "${path}" | cut -c2-)
- source_path=$(realpath "${path}")
- dir=$(dirname "${target_path}")
- mkdir -p "${dir}"
- cp "${source_path}" "${target_path}"
- done
-done
+++ /dev/null
-../../bullseye/setup_scripts/init_user_and_keybased_login.sh
\ No newline at end of file
+++ /dev/null
-../../bullseye/setup_scripts/init_user_login.sh
\ No newline at end of file
+++ /dev/null
-#!/bin/sh
-# Walks through the package names in the argument-selected files of
-# apt-mark/ and ensures the respective packages are installed.
-#
-# Ignores anything in an apt-mark/ file after the last newline.
-set -e
-. ./misc.sh
-
-for target in "$@"; do
- path="${aptmark_dir}/${target}"
- # TODO: continue if file at $path not found, to get rid of dummy files
- cat "${path}" | while read line; do
- echo "$line"
- if [ ! $(echo "${line}" | cut -c1) = "#" ]; then
- DEBIAN_FRONTEND=noninteractive apt-get -y -o Dpkg::Options::=--force-confold install "${line}"
- fi
- done
-done
+++ /dev/null
-#!/bin/sh
-set -e
-. ./misc.sh
-. ../../misc.sh
-
-expect_n_args 1 "(old server IP)" "$@"
-old_server="$1"
-cp "${setup_scripts_dir}/misc.sh" /home/plom/
-cp "${setup_scripts_dir}/prepare_to_meet_server.sh" /home/plom/
-chown plom:plom /home/plom/prepare_to_meet_server.sh
-su -lc "./prepare_to_meet_server.sh ${old_server}" plom
-read -p'Hit Enter when you are done.' ignore
-rm /home/plom/prepare_to_meet_server.sh
-cp "${setup_scripts_dir}/mirror_dir.sh" /home/plom/
-su -lc "./mirror_dir.sh ${old_server} /home/plom/borg" plom
-rm /home/plom/mirror_dir.sh
-rm /home/plom/misc.sh
+++ /dev/null
-#!/bin/sh
-# Mirror directory tree from remote to local server, keeping the path.
-set -e
-. ./misc.sh
-. ../../misc.sh
-
-expect_n_args 2 "(server, directory)" "$@"
-server=$1
-dir=$2
-path_package=/tmp/delete.tar
-
-eval `ssh-agent`
-ssh-add
-cd
-ssh plom@"${server}" "cd \"${dir}\" && tar cf ${path_package} ."
-scp plom@"${server}":"${path_package}" "${path_package}"
-mkdir -p "${dir}"
-cd "${dir}"
-tar xf "${path_package}"
-cd
-rm "${path_package}"
-ssh plom@"${server}" rm "${path_package}"
+++ /dev/null
-#!/bin/sh
-set -e
-debian_version="bookworm"
-legal_system_names="x220 w530 h610m"
-config_tree_prefix="${HOME}/public_repos/config/${debian_version}"
-if [ ! -d "${config_tree_prefix}" ]; then
- config_tree_prefix="${HOME}/config/${debian_version}"
-fi
-setup_scripts_dir="${config_tree_prefix}/setup_scripts"
-aptmark_dir="${config_tree_prefix}/apt-mark"
-
-expect_setup_finished_file() {
- filename="$1"
- setup_script="$2"
- if [ ! -f "${HOME}/${filename}" ]; then
- echo "First need to run ${setup_script}."
- false
- fi
-}
-
-get_system_name_arg() {
- found=0
- for system_name_i in $legal_system_names; do
- if [ "$1" = "$system_name_i" ]; then
- found=1
- system_name="${system_name_i}"
- continue
- fi
- done
- if [ "$found" = 0 ]; then
- echo "Need legal system name."
- false
- fi
-}
+++ /dev/null
-#!/bin/sh
-# Do some of the steps necessary to SSH (key-based) with another server.
-set -e
-. ./misc.sh
-. ../../misc.sh
-
-expect_n_args 1 "(server IP)" "$@"
-target="$1"
-
-# We need a public key to copy over, so generate it if not found.
-if [ ! -f ~/.ssh/id_rsa.pub ]; then
- ssh-keygen -N ""
-fi
-
-# Add target to ~/.ssh/known_hosts so we don't get
-# asked for permission at inopportune moments.
-ssh-keyscan -H "$target" >> ~/.ssh/known_hosts
-
-# Tell user what to do.
-echo "APPEND FOLLOWING TO TARGET'S ~/.ssh/authorized_keys:"
-cat ~/.ssh/id_rsa.pub
+++ /dev/null
-#!/bin/sh
-# This script removes all Debian packages that are not of Priority
-# "required" or not depended on by packages of priority "required"
-# or not listed in the argument-selected files of apt-mark/.
-set -e
-. ./misc.sh
-
-# FIXME packages listed twice in the aptmark_dir get blacklisted?
-
-dpkg-query -Wf '${Package} ${Priority}\n' | grep ' required' | sed 's/ required//' > /tmp/list_white_unsorted
-for target in "$@"; do
- path="${aptmark_dir}/${target}"
- cat "${path}" | while read line; do
- if [ ! $(echo "${line}" | cut -c1) = "#" ]; then
- echo "${line}" >> /tmp/list_white_unsorted
- fi
- done
-done
-sort /tmp/list_white_unsorted > /tmp/list_white
-dpkg-query -Wf '${Package}\n' > /tmp/list_all_packages
-sort /tmp/list_all_packages > /tmp/foo
-mv /tmp/foo /tmp/list_all_packages
-comm -3 /tmp/list_all_packages /tmp/list_white > /tmp/list_black
-apt-mark auto `cat /tmp/list_black`
-DEBIAN_FRONTEND=noninteractive apt-get -y --purge autoremove
-rm /tmp/list_all_packages /tmp/list_white_unsorted /tmp/list_white /tmp/list_black
+++ /dev/null
-#!/bin/sh
-# Sets hostname and optionally FQDN.
-#
-# Calls hostname, writes to /etc/hostname and /etc/hosts. For /etc/hosts
-# writing follows recommendations from Debian manual at
-# <https://www.debian.org/doc/manuals/debian-reference/ch05.en.html>
-# (section "The hostname resolution") on how to map hostname and possibly
-# FQDN to a permanent IP if present (we assume here any non-private IP
-# and non-loopback IP returned by hostname -I to fulfill that criterion
-# on our systems) or to 127.0.1.1 if not. On the reasoning for separating
-# localhost and hostname mapping to different IPs, see
-# <https://unix.stackexchange.com/a/13087>.
-#
-# Ignores IPv6s.
-set -e
-. ./misc.sh
-. ../../misc.sh
-
-expect_n_args 1 "(hostname, fqdn)" "$@"
-
-hostname="$1"
-fqdn="$2"
-echo "${hostname}" > /etc/hostname
-hostname "${hostname}"
-
-final_ip="127.0.1.1"
-for ip in $(hostname -I); do
- if [ $(echo "${ip}" | grep ':' | wc -l) -eq 1 ]; then
- continue
- fi
- range_1=$(echo "${ip}" | cut -d "." -f 1)
- range_2=$(echo "${ip}" | cut -d "." -f 2)
- if [ "${range_1}" -eq 127 ]; then
- continue
- elif [ "${range_1}" -eq 10 ]; then
- continue
- elif [ "${range_1}" -eq 172 ]; then
- if [ "${range_2}" -ge 16 ] && [ "${range_2}" -le 31 ]; then
- continue
- fi
- elif [ "${range_1}" -eq 192 ]; then
- if [ "${range_2}" -eq 168 ]; then
- continue
- fi
- fi
- final_ip="${ip}"
-done
-
-echo "127.0.0.1 localhost.localdomain localhost" > /etc/hosts
-echo "${final_ip} ${fqdn} ${hostname}" >> /etc/hosts
+++ /dev/null
-#!/bin/sh
-set -e
-. ./misc.sh
-. ../../misc.sh
-
-expect_n_args 1 "(system name)" "$@"
-get_system_name_arg "$1"
-
-# Set up system without user environment.
-cd "${setup_scripts_dir}"
-if [ "$system_name" = "w530" || "$system_name" = "x220"]; then
- ./_setup.sh "${system_name}" "" user desktop thinkpad "${system_name}"
-else
- ./_setup.sh "${system_name}" "" user desktop "${system_name}"
-fi
-
-# # Set up printer.
-# ppd_deb="hll2350dwpdrv-4.0.0-1.i386.deb"
-# wget "https://download.brother.com/welcome/dlf103566/${ppd_deb}"
-# dpkg --add-architecture i386
-# apt update
-# apt install -y "./${ppd_deb}"
-# service cups restart
-# # lpadmin -p 'Brother_HLL2350DW' -m 'brother-HLL2350DW-cups-en.ppd'
-# rm "./${ppd_deb}"
-# # TODO explore potential lpadmin options like -o 'OutputMode=NormalGray'
-
-# Set up NVIDIA eGPU config.
-if [ "$system_name" = "w530" ]; then
- cd
- git clone https://github.com/NVIDIA/open-gpu-kernel-modules
- cd open-gpu-kernel-modules
- git checkout 337e28e
- # git checkout 4c29105335610933e744f4ab2524ea63fc39edaf
- make modules -j$(nproc)
- make modules_install
- cd
- driver_version=535.86.05
- # driver_version=545.29.06
- runscript=NVIDIA-Linux-x86_64-${driver_version}.run
- wget https://us.download.nvidia.com/XFree86/Linux-x86_64/${driver_version}/${runscript}
- rmmod nouveau
- chmod u+x ${runscript}
- ./${runscript} --no-kernel-modules --silent
- depmod
- # TODO I suspect that the GPU falling of the bus may be mildened by running nvidia-persistenced, check https://github.com/NVIDIA/nvidia-persistenced/tree/main/init
-fi
-
-# Set up user environments.
-cd "${setup_scripts_dir}"
-./copy_dirtree.sh "${config_tree_prefix}/home_files" "/root" minimal root
-adduser --disabled-password --gecos "" plom
-usermod -a -G sudo plom
-passwd plom
-cp -a ~/config /home/plom
-chown -R plom:plom /home/plom/config
+++ /dev/null
-#!/bin/sh
-set -e
-. ./misc.sh
-
-# Install Firefox directly from Mozilla.
-firefox_release="128.4.0esr"
-firefox_filename="firefox-${firefox_release}.tar.bz2"
-url_firefox="https://ftp.mozilla.org/pub/firefox/releases/${firefox_release}/linux-x86_64/en-US/${firefox_filename}"
-wget "${url_firefox}"
-mv "${firefox_filename}" /opt/
-cd /opt/
-tar xf "${firefox_filename}"
-rm "${firefox_filename}"
-ln -f -s /opt/firefox/firefox /usr/local/bin/
-update-alternatives --install /usr/bin/x-www-browser x-www-browser /opt/firefox/firefox 200
-update-alternatives --set x-www-browser /opt/firefox/firefox
-
-echo "TODO: Install uBlock Origin and tridactyl plugins, run :installnative and :source."
-
+++ /dev/null
-#!/bin/sh
-set -e
-. ./misc.sh
-. ../../misc.sh
-
-expect_n_args 1 "(system name)" "$@"
-get_system_name_arg "$1"
-
-cd $setup_scripts_dir
-./copy_dirtree.sh "${config_tree_prefix}/home_files" "${HOME}" minimal user "${system_name}"
-
-secrets_dev="sdb"
-source_dir_secrets="/media/${secrets_dev}/to_usb"
-target_dir_secrets="${HOME}/tmp_secrets"
-echo "Put secrets drive into slot for /dev/${secrets_dev}."
-while [ ! -e /dev/"${secrets_dev}" ]; do
- sleep 1
-done
-stty -echo
-printf "Secrets passphrase: "
-read SECRETS_PASS
-stty echo
-echo "" # newline so user knows their input return was accepted
-sudo -v
-echo "${SECRETS_PASS}" | sudo pmount /dev/"${secrets_dev}"
-cp -a "${source_dir_secrets}" "${target_dir_secrets}"
-sudo chown -R plom:plom "${target_dir_secrets}"
-sudo pumount "${secrets_dev}"
-echo "You can remove /dev/${secrets_dev} now."
-
-# Set up iniitial non-public parts of infrastructure: SSH authentication.
-ssh_dir=~/.ssh
-cd "${target_dir_secrets}"
-mkdir -p "${ssh_dir}"
-echo "Setting up .ssh"
-cp id_rsa ~/.ssh
-stty -echo
-ssh-keygen -y -f ~/.ssh/id_rsa > ~/.ssh/id_rsa.pub
-stty echo
-eval $(ssh-agent)
-ssh-add
-ssh-keyscan -H "plomlompom.com" >> ~/.ssh/known_hosts
-
-# Fill ~/public_repos.
-public_repos_dir="${HOME}/public_repos"
-repos_list_file="${public_repos_dir}/repos"
-mkdir -p "${public_repos_dir}"
-cat "${repos_list_file}" | while read line; do
- first_char=$(echo "${line}" | cut -c1)
- if [ "${first_char}" = "#" ]; then
- continue
- fi
- repo_name="${line}"
- if [ ! -d "${public_repos_dir}/${repo_name}" ]; then
- cd "${public_repos_dir}"
- git clone plom@plomlompom.com:/var/repos/${repo_name}
- fi
-done
-
-# Remove redundant config repo copy.
-config_tree_prefix="${public_repos_dir}/config/${debian_version}"
-rm -rf ~/config
-
-# # Set up native messenger for tridactyl.
-# version='ef9f02d0da258f68d7faf8898707f6d83d90d07a'
-# curl -fsSl "https://raw.githubusercontent.com/tridactyl/tridactyl/${version}/native/install.sh" | bash
-
-# Set up further non-public parts of infrastructure.
-cd "${target_dir_secrets}"
-script -c 'gpg --import secret_keys.asc' /dev/null
-path_borgscript="${config_tree_prefix}//borg.sh"
-
-# borg setup
-borgkeys_dir=~/.config/borg/keys
-borgrepos_file=~/.borgrepos
-tar xf borg_keyfiles.tar
-mkdir -p "${borgkeys_dir}"
-mv borg_keyfiles/* "${borgkeys_dir}"
-# Sync org dir via borgbackup. For this we need the borgbackup servers
-# in our .ssh/known_hosts file.
-cat "${borgrepos_file}" | while read line; do
- first_char=$(echo "${line}" | cut -c1)
- if [ "${first_char}" = "#" ]; then
- continue
- fi
- server=$(echo "${line}" | sed 's/.*@//')
- ssh-keyscan "${server}" >> "${ssh_dir}"/known_hosts
-done
-BORG_PASSPHRASE="${SECRETS_PASS}" "${path_borgscript}" orgpull
-
-# .authinfo may not be present on every secrets drive yet
-authinfo_file=.authinfo
-if [ -f "${authinfo_file}" ]; then
- cp "${authinfo_file}" ~
-fi
-cd
-
-maildir=~/mail/maildir
-# # Set up e-mail system. Note that we only do mbsync if the imap pass file
-# # is found. It may not be present on every secrets drive yet, so we have to
-# # deal with the possibility of it being absent at this point.
-mkdir -p "${maildir}" # expected by mbsync/isync
-if [ -f "${HOME}/${authinfo_file}" ]; then
- mbsync -a
- notmuch new
-fi
-
-# # Final note on how to integrate tridactyl.
-# echo "TODO: As tridactyl user, don't forget to do :source on the first Firefox run, wait a little while (Tridactyl needs to walk through all commands in the .tridactylrc) and then re-start."
+++ /dev/null
-#!/bin/sh
-set -e
-. ./misc.sh
-
-# Set up NVIDIA eGPU config.
-cd
-# git clone https://github.com/NVIDIA/open-gpu-kernel-modules
-# cd open-gpu-kernel-modules
-# git checkout 337e28e
-# # git checkout 4c29105335610933e744f4ab2524ea63fc39edaf
-# make modules -j$(nproc)
-# make modules_install
-# cd
-driver_version=535.86.05
-# driver_version=545.29.06
-runscript=NVIDIA-Linux-x86_64-${driver_version}.run
-# wget https://us.download.nvidia.com/XFree86/Linux-x86_64/${driver_version}/${runscript}
-set +e
-rmmod nouveau
-set -e
-chmod u+x ${runscript}
-./${runscript} --no-kernel-modules --silent
-depmod
-# TODO I suspect that the GPU falling of the bus may be mildened by running nvidia-persistenced, check https://github.com/NVIDIA/nvidia-persistenced/tree/main/init
+++ /dev/null
-#!/bin/sh
-set -e
-. ./misc.sh
-. ../../misc.sh
-
-expect_setup_finished_file setup_server_has_been_run setup_server.sh
-
-plom_home_dir=/home/plom
-
-cd "${setup_scripts_dir}"
-cp "${config_tree_prefix}/home_files/seedbox/.rtorrent.rc" "${plom_home_dir}"
-chown plom:plom "${plom_home_dir}/.rtorrent.rc"
-./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" seedbox
-./install_for_target.sh seedbox
-mkdir "${plom_home_dir}/downloads"
-chown plom:plom "${plom_home_dir}/downloads"
-mkdir "${plom_home_dir}/session"
-chown plom:plom "${plom_home_dir}/session"
-systemctl enable rtorrent.service --now
+++ /dev/null
-#!/bin/sh
-# Next setup steps for a server whose login policy has just been set from
-# the outside via ./init_user_login.sh or ./init_user_and_keybased_login.sh
-set -e
-. ./misc.sh
-. ../../misc.sh
-
-expect_n_args 2 "(hostname, FQDN)" "$@"
-hostname="$1"
-fqdn="$2"
-additional_arg="$3"
-
-# Set up basic server system.
-cd "${setup_scripts_dir}"
-./_setup.sh "${hostname}" "${fqdn}" server "$@"
-
-# If we have not yet set the shell for user plom, ensure it here. This
-# is mostly for convenience.
-usermod -s /bin/bash plom
-
-# Enable firewall.
-systemctl enable nftables.service
-
-touch "$HOME/setup_server_has_been_run"
+++ /dev/null
-#!/bin/sh
-set -e
-. ./misc.sh
-. ../../misc.sh
-
-expect_setup_finished_file setup_web_has_been_run setup_web.sh
-
-expect_n_args 1 "(website template, i.e. status.plomlompom.com, tube.plomlompom.com …)" "$@"
-website_template="$1"
-shift 1
-
-mirror_ip=""
-mirror_state="not mirroring automatically, since no IP given"
-domain="${website_template}"
-mail="plom+webmaster@plomlompom.com"
-if [ "$#" -gt 0 ]; then
- domain="$1"
- if [ "$#" -gt 1 ]; then
- mail="$2"
- if [ "$#" -gt 2 ]; then
- mirror_ip="$3"
- mirror_state="mirroring automatically from ${mirror_ip}"
- fi
- fi
-fi
-echo "Assuming domain ${domain} and letsencrypt support mail address ${mail} and ${mirror_state}, abort and provide as arguments in this order if other desired! (Otherwise just hit Return.)"
-read _
-
-if [ ! -z "${mirror_ip}" ]; then
- # Set up connection to old server.
- cp "${setup_scripts_dir}/misc.sh" /home/plom/
- cp "${setup_scripts_dir}/prepare_to_meet_server.sh" /home/plom/
- chown plom:plom /home/plom/prepare_to_meet_server.sh
- su -lc "./prepare_to_meet_server.sh ${mirror_ip}" plom
- read -p 'Hit Enter when you are done.' ignore
- rm /home/plom/prepare_to_meet_server.sh
-
- # Mirror dirs.
- cp "${setup_scripts_dir}/mirror_dir.sh" /home/plom/
- su -lc "./mirror_dir.sh ${mirror_ip} /var/www/${website_template}" plom
- rm /home/plom/mirror_dir.sh
- rm /home/plom/misc.sh
-fi
-
-# Install configs, set up firewall.
-./install_for_target.sh "${website_template}"
-./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" "${website_template}"
-nft -f /etc/nftables.conf
-
-# Set up letsencrypt certificate. TODO: Is it auto-renewed?
-ln -sf /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default
-certbot --nginx --agree-tos --redirect --no-eff-email -m "${mail}" -d "${domain}"
-rm /etc/nginx/sites-enabled/default
-
-# Prepare NGINX.
-sed -i "s/REPLACE_fqdn_ECALPER/${domain}/g" "/etc/nginx/sites-available/${website_template}.nginx"
-ln -s "/etc/nginx/sites-available/${website_template}.nginx" "/etc/nginx/sites-enabled/${website_template}.nginx"
-
-service nginx restart
-
+++ /dev/null
-#!/bin/sh
-set -e
-. ./misc.sh
-. ../../misc.sh
-
-expect_setup_finished_file setup_server_has_been_run setup_server.sh
-
-expect_n_args 1 "(domain name)" "$@"
-domain="$1"
-
-# Install configs, set up firewall.
-./install_for_target.sh web
-./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" web
-nft -f /etc/nftables.conf
-
-chown plom /var/www
-
-# # Set up letsencrypt certificate. TODO: Is it auto-renewed?
-# ln -sf /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default
-# certbot --nginx --agree-tos --redirect --no-eff-email -m "${mail}" -d "${domain}"
-# rm /etc/nginx/sites-enabled/default
-
-# # Prepare NGINX for status.plomlompom.com.
-# sed -i "s/REPLACE_fqdn_ECALPER/${domain}/g" /etc/nginx/sites-available/status.plomlompom.com.nginx
-# ln -s /etc/nginx/sites-available/status.plomlompom.com.nginx /etc/nginx/sites-enabled/status.plomlompom.com.nginx
-#
-# service nginx restart
-
-touch "$HOME/setup_web_has_been_run"
+++ /dev/null
-#!/bin/sh
-
-# Upgrade a fresh (!) system to Bookworm, as per [1]. Fresh, because: Don't
-# expect any customized config files to survive this. If you run this on a
-# remote machine, take care not to loose anything you need to re-connect, e.g.
-# any relevant adaptations you did to /etc/ssh/sshd_config …
-
-set -e
-. ./misc.sh
-. ../../misc.sh
-
-path_sources_list="/etc/apt/sources.list"
-
-export DEBIAN_FRONTEND=noninteractive
-apt update
-apt -y -o Dpkg::Options::="--force-confnew" upgrade
-apt -y -o Dpkg::Options::="--force-confnew" full-upgrade
-cp "${config_tree_prefix}/etc_files/all${path_sources_list}" "${path_sources_list}"
-apt clean
-apt update
-apt -y -o Dpkg::Options::="--force-confnew" upgrade
-apt -y -o Dpkg::Options::="--force-confnew" full-upgrade
-apt -y autoremove
-cp "${local_path_sshd_config}" "${system_path_sshd_config}"
--- /dev/null
+# connectivity: ifupdown seems necessary everyhwere, isc-dhcp-client
+# unpredictably so
+ifupdown
+isc-dhcp-client
+# git for the setup directory; cloning works with ca-certificates
+ca-certificates
+git
+# to avoid constant warnings about no locale being found
+locales
+# extremely useful for basic network debugging; missed these more than once in an emergency
+netcat-traditional
+iputils-ping
+# what would we do without this …
+apt
--- /dev/null
+# for X to start at all
+linux-headers-amd64
+nvidia-driver
+firmware-misc-nonfree
+# X input: keyboard
+xserver-xorg-input-evdev
+# CUDA
+nvidia-cuda-dev
+nvidia-cuda-toolkit
+
--- /dev/null
+# needed for torrenting
+rtorrent
+# needed for torrenting session
+screen
+
--- /dev/null
+# so we can login at all …
+openssh-server
+# firewalling
+nftables
+# We want to be able to use ALL our servers as borg backup destinations.
+borgbackup
+# not only pull in systemd, but also /sbin/reboot and /sbin/shutdown
+systemd-sysv
+# necessary on _some_ vservers
+net-tools
+quota
+
--- /dev/null
+# for wifi
+firmware-iwlwifi
+network-manager
+wpasupplicant
+# for tlp
+tlp
+tp-smapi-dkms
+# for X to start at all
+xserver-xorg-video-intel
+# X input: keyboard and touchpad
+xserver-xorg-input-evdev
+xserver-xorg-input-synaptics
+# to use printer
+cups
+#
+
--- /dev/null
+# to avoid booting problems with encrypted LVM, see <https://askubuntu.com/a/1105848>
+cryptsetup-initramfs
+lvm2
+# this provides setupcon which reads /etc/default/console-setup
+console-setup
+# for startx
+xinit
+# for xrdb
+x11-xserver-utils
+# for startx to run for non-root user
+libpam-systemd
+# window environment
+i3
+i3status
+suckless-tools
+xterm
+# to get sleepy at night
+redshift
+# for alsamixer
+alsa-utils
+# also useful
+vim
+sudo
+less
+man-db
+manpages
+procps
+# firefox install dependencies
+wget
+bzip2
+# firefox running dependencies
+libgtk-3-0
+libdbus-glib-1-2
+# tridactyl install recommendations
+vim-gtk3
+curl
+# for firefox to emit sound
+pulseaudio
+# emacs
+emacs
+emacs-common-non-dfsg
+emacs-el
+elpa-ledger
+ledger
+# to mount encrypted USB stick and use its contents
+pmount
+cryptsetup
+openssh-client
+# for syncing
+borgbackup
+# mail setup
+isync
+notmuch
+elpa-notmuch
+pinentry-gtk2
+#
--- /dev/null
+# for open-gpu-kernel-modules building
+gcc
+g++
+make
+linux-headers-amd64
+xz-utils
+# for NVIDIA driver .run --no-kernel-modules
+libvulkan1
+libglvnd-dev
+pkg-config
+# so we can add nvidia.NVreg_OpenRmEnableUnsupportedGpus=1 to default grub
+grub-efi-amd64
+
--- /dev/null
+nginx-light
+# for SSL
+certbot
+python3-certbot-nginx
--- /dev/null
+../bullseye/borg.sh
\ No newline at end of file
--- /dev/null
+APT::AutoRemove::RecommendsImportant "false";
+APT::AutoRemove::SuggestsImportant "false";
+APT::Install-Recommends "false";
+APT::Install-Suggests "false";
--- /dev/null
+deb http://deb.debian.org/debian bookworm main contrib non-free non-free-firmware
+deb http://security.debian.org/debian-security bookworm-security main contrib non-free non-free-firmware
+deb http://deb.debian.org/debian bookworm-updates main contrib non-free non-free-firmware
+deb http://ftp.debian.org/debian bookworm-backports main contrib non-free non-free-firmware
--- /dev/null
+LANG="en_US.UTF-8"
--- /dev/null
+# This file lists locales that you wish to have built. You can find a list
+# of valid supported locales at /usr/share/i18n/SUPPORTED, and you can add
+# user defined locales to /usr/local/share/i18n/SUPPORTED. If you change
+# this file, you need to rerun locale-gen.
+
+
+# aa_DJ ISO-8859-1
+# aa_DJ.UTF-8 UTF-8
+# aa_ER UTF-8
+# aa_ER@saaho UTF-8
+# aa_ET UTF-8
+# af_ZA ISO-8859-1
+# af_ZA.UTF-8 UTF-8
+# ak_GH UTF-8
+# am_ET UTF-8
+# an_ES ISO-8859-15
+# an_ES.UTF-8 UTF-8
+# anp_IN UTF-8
+# ar_AE ISO-8859-6
+# ar_AE.UTF-8 UTF-8
+# ar_BH ISO-8859-6
+# ar_BH.UTF-8 UTF-8
+# ar_DZ ISO-8859-6
+# ar_DZ.UTF-8 UTF-8
+# ar_EG ISO-8859-6
+# ar_EG.UTF-8 UTF-8
+# ar_IN UTF-8
+# ar_IQ ISO-8859-6
+# ar_IQ.UTF-8 UTF-8
+# ar_JO ISO-8859-6
+# ar_JO.UTF-8 UTF-8
+# ar_KW ISO-8859-6
+# ar_KW.UTF-8 UTF-8
+# ar_LB ISO-8859-6
+# ar_LB.UTF-8 UTF-8
+# ar_LY ISO-8859-6
+# ar_LY.UTF-8 UTF-8
+# ar_MA ISO-8859-6
+# ar_MA.UTF-8 UTF-8
+# ar_OM ISO-8859-6
+# ar_OM.UTF-8 UTF-8
+# ar_QA ISO-8859-6
+# ar_QA.UTF-8 UTF-8
+# ar_SA ISO-8859-6
+# ar_SA.UTF-8 UTF-8
+# ar_SD ISO-8859-6
+# ar_SD.UTF-8 UTF-8
+# ar_SS UTF-8
+# ar_SY ISO-8859-6
+# ar_SY.UTF-8 UTF-8
+# ar_TN ISO-8859-6
+# ar_TN.UTF-8 UTF-8
+# ar_YE ISO-8859-6
+# ar_YE.UTF-8 UTF-8
+# as_IN UTF-8
+# ast_ES ISO-8859-15
+# ast_ES.UTF-8 UTF-8
+# ayc_PE UTF-8
+# az_AZ UTF-8
+# be_BY CP1251
+# be_BY.UTF-8 UTF-8
+# be_BY@latin UTF-8
+# bem_ZM UTF-8
+# ber_DZ UTF-8
+# ber_MA UTF-8
+# bg_BG CP1251
+# bg_BG.UTF-8 UTF-8
+# bhb_IN.UTF-8 UTF-8
+# bho_IN UTF-8
+# bn_BD UTF-8
+# bn_IN UTF-8
+# bo_CN UTF-8
+# bo_IN UTF-8
+# br_FR ISO-8859-1
+# br_FR.UTF-8 UTF-8
+# br_FR@euro ISO-8859-15
+# brx_IN UTF-8
+# bs_BA ISO-8859-2
+# bs_BA.UTF-8 UTF-8
+# byn_ER UTF-8
+# ca_AD ISO-8859-15
+# ca_AD.UTF-8 UTF-8
+# ca_ES ISO-8859-1
+# ca_ES.UTF-8 UTF-8
+# ca_ES.UTF-8@valencia UTF-8
+# ca_ES@euro ISO-8859-15
+# ca_ES@valencia ISO-8859-15
+# ca_FR ISO-8859-15
+# ca_FR.UTF-8 UTF-8
+# ca_IT ISO-8859-15
+# ca_IT.UTF-8 UTF-8
+# ce_RU UTF-8
+# chr_US UTF-8
+# cmn_TW UTF-8
+# crh_UA UTF-8
+# cs_CZ ISO-8859-2
+# cs_CZ.UTF-8 UTF-8
+# csb_PL UTF-8
+# cv_RU UTF-8
+# cy_GB ISO-8859-14
+# cy_GB.UTF-8 UTF-8
+# da_DK ISO-8859-1
+# da_DK.UTF-8 UTF-8
+# de_AT ISO-8859-1
+# de_AT.UTF-8 UTF-8
+# de_AT@euro ISO-8859-15
+# de_BE ISO-8859-1
+# de_BE.UTF-8 UTF-8
+# de_BE@euro ISO-8859-15
+# de_CH ISO-8859-1
+# de_CH.UTF-8 UTF-8
+# de_DE ISO-8859-1
+# de_DE.UTF-8 UTF-8
+# de_DE@euro ISO-8859-15
+# de_IT ISO-8859-1
+# de_IT.UTF-8 UTF-8
+# de_LI.UTF-8 UTF-8
+# de_LU ISO-8859-1
+# de_LU.UTF-8 UTF-8
+# de_LU@euro ISO-8859-15
+# doi_IN UTF-8
+# dv_MV UTF-8
+# dz_BT UTF-8
+# el_CY ISO-8859-7
+# el_CY.UTF-8 UTF-8
+# el_GR ISO-8859-7
+# el_GR.UTF-8 UTF-8
+# en_AG UTF-8
+# en_AU ISO-8859-1
+# en_AU.UTF-8 UTF-8
+# en_BW ISO-8859-1
+# en_BW.UTF-8 UTF-8
+# en_CA ISO-8859-1
+# en_CA.UTF-8 UTF-8
+# en_DK ISO-8859-1
+# en_DK.ISO-8859-15 ISO-8859-15
+# en_DK.UTF-8 UTF-8
+# en_GB ISO-8859-1
+# en_GB.ISO-8859-15 ISO-8859-15
+# en_GB.UTF-8 UTF-8
+# en_HK ISO-8859-1
+# en_HK.UTF-8 UTF-8
+# en_IE ISO-8859-1
+# en_IE.UTF-8 UTF-8
+# en_IE@euro ISO-8859-15
+# en_IL UTF-8
+# en_IN UTF-8
+# en_NG UTF-8
+# en_NZ ISO-8859-1
+# en_NZ.UTF-8 UTF-8
+# en_PH ISO-8859-1
+# en_PH.UTF-8 UTF-8
+# en_SG ISO-8859-1
+# en_SG.UTF-8 UTF-8
+# en_US ISO-8859-1
+# en_US.ISO-8859-15 ISO-8859-15
+en_US.UTF-8 UTF-8
+# en_ZA ISO-8859-1
+# en_ZA.UTF-8 UTF-8
+# en_ZM UTF-8
+# en_ZW ISO-8859-1
+# en_ZW.UTF-8 UTF-8
+# eo UTF-8
+# es_AR ISO-8859-1
+# es_AR.UTF-8 UTF-8
+# es_BO ISO-8859-1
+# es_BO.UTF-8 UTF-8
+# es_CL ISO-8859-1
+# es_CL.UTF-8 UTF-8
+# es_CO ISO-8859-1
+# es_CO.UTF-8 UTF-8
+# es_CR ISO-8859-1
+# es_CR.UTF-8 UTF-8
+# es_CU UTF-8
+# es_DO ISO-8859-1
+# es_DO.UTF-8 UTF-8
+# es_EC ISO-8859-1
+# es_EC.UTF-8 UTF-8
+# es_ES ISO-8859-1
+# es_ES.UTF-8 UTF-8
+# es_ES@euro ISO-8859-15
+# es_GT ISO-8859-1
+# es_GT.UTF-8 UTF-8
+# es_HN ISO-8859-1
+# es_HN.UTF-8 UTF-8
+# es_MX ISO-8859-1
+# es_MX.UTF-8 UTF-8
+# es_NI ISO-8859-1
+# es_NI.UTF-8 UTF-8
+# es_PA ISO-8859-1
+# es_PA.UTF-8 UTF-8
+# es_PE ISO-8859-1
+# es_PE.UTF-8 UTF-8
+# es_PR ISO-8859-1
+# es_PR.UTF-8 UTF-8
+# es_PY ISO-8859-1
+# es_PY.UTF-8 UTF-8
+# es_SV ISO-8859-1
+# es_SV.UTF-8 UTF-8
+# es_US ISO-8859-1
+# es_US.UTF-8 UTF-8
+# es_UY ISO-8859-1
+# es_UY.UTF-8 UTF-8
+# es_VE ISO-8859-1
+# es_VE.UTF-8 UTF-8
+# et_EE ISO-8859-1
+# et_EE.ISO-8859-15 ISO-8859-15
+# et_EE.UTF-8 UTF-8
+# eu_ES ISO-8859-1
+# eu_ES.UTF-8 UTF-8
+# eu_ES@euro ISO-8859-15
+# eu_FR ISO-8859-1
+# eu_FR.UTF-8 UTF-8
+# eu_FR@euro ISO-8859-15
+# fa_IR UTF-8
+# ff_SN UTF-8
+# fi_FI ISO-8859-1
+# fi_FI.UTF-8 UTF-8
+# fi_FI@euro ISO-8859-15
+# fil_PH UTF-8
+# fo_FO ISO-8859-1
+# fo_FO.UTF-8 UTF-8
+# fr_BE ISO-8859-1
+# fr_BE.UTF-8 UTF-8
+# fr_BE@euro ISO-8859-15
+# fr_CA ISO-8859-1
+# fr_CA.UTF-8 UTF-8
+# fr_CH ISO-8859-1
+# fr_CH.UTF-8 UTF-8
+# fr_FR ISO-8859-1
+# fr_FR.UTF-8 UTF-8
+# fr_FR@euro ISO-8859-15
+# fr_LU ISO-8859-1
+# fr_LU.UTF-8 UTF-8
+# fr_LU@euro ISO-8859-15
+# fur_IT UTF-8
+# fy_DE UTF-8
+# fy_NL UTF-8
+# ga_IE ISO-8859-1
+# ga_IE.UTF-8 UTF-8
+# ga_IE@euro ISO-8859-15
+# gd_GB ISO-8859-15
+# gd_GB.UTF-8 UTF-8
+# gez_ER UTF-8
+# gez_ER@abegede UTF-8
+# gez_ET UTF-8
+# gez_ET@abegede UTF-8
+# gl_ES ISO-8859-1
+# gl_ES.UTF-8 UTF-8
+# gl_ES@euro ISO-8859-15
+# gu_IN UTF-8
+# gv_GB ISO-8859-1
+# gv_GB.UTF-8 UTF-8
+# ha_NG UTF-8
+# hak_TW UTF-8
+# he_IL ISO-8859-8
+# he_IL.UTF-8 UTF-8
+# hi_IN UTF-8
+# hne_IN UTF-8
+# hr_HR ISO-8859-2
+# hr_HR.UTF-8 UTF-8
+# hsb_DE ISO-8859-2
+# hsb_DE.UTF-8 UTF-8
+# ht_HT UTF-8
+# hu_HU ISO-8859-2
+# hu_HU.UTF-8 UTF-8
+# hy_AM UTF-8
+# hy_AM.ARMSCII-8 ARMSCII-8
+# ia_FR UTF-8
+# id_ID ISO-8859-1
+# id_ID.UTF-8 UTF-8
+# ig_NG UTF-8
+# ik_CA UTF-8
+# is_IS ISO-8859-1
+# is_IS.UTF-8 UTF-8
+# it_CH ISO-8859-1
+# it_CH.UTF-8 UTF-8
+# it_IT ISO-8859-1
+# it_IT.UTF-8 UTF-8
+# it_IT@euro ISO-8859-15
+# iu_CA UTF-8
+# ja_JP.EUC-JP EUC-JP
+# ja_JP.UTF-8 UTF-8
+# ka_GE GEORGIAN-PS
+# ka_GE.UTF-8 UTF-8
+# kk_KZ PT154
+# kk_KZ.RK1048 RK1048
+# kk_KZ.UTF-8 UTF-8
+# kl_GL ISO-8859-1
+# kl_GL.UTF-8 UTF-8
+# km_KH UTF-8
+# kn_IN UTF-8
+# ko_KR.EUC-KR EUC-KR
+# ko_KR.UTF-8 UTF-8
+# kok_IN UTF-8
+# ks_IN UTF-8
+# ks_IN@devanagari UTF-8
+# ku_TR ISO-8859-9
+# ku_TR.UTF-8 UTF-8
+# kw_GB ISO-8859-1
+# kw_GB.UTF-8 UTF-8
+# ky_KG UTF-8
+# lb_LU UTF-8
+# lg_UG ISO-8859-10
+# lg_UG.UTF-8 UTF-8
+# li_BE UTF-8
+# li_NL UTF-8
+# lij_IT UTF-8
+# ln_CD UTF-8
+# lo_LA UTF-8
+# lt_LT ISO-8859-13
+# lt_LT.UTF-8 UTF-8
+# lv_LV ISO-8859-13
+# lv_LV.UTF-8 UTF-8
+# lzh_TW UTF-8
+# mag_IN UTF-8
+# mai_IN UTF-8
+# mg_MG ISO-8859-15
+# mg_MG.UTF-8 UTF-8
+# mhr_RU UTF-8
+# mi_NZ ISO-8859-13
+# mi_NZ.UTF-8 UTF-8
+# mk_MK ISO-8859-5
+# mk_MK.UTF-8 UTF-8
+# ml_IN UTF-8
+# mn_MN UTF-8
+# mni_IN UTF-8
+# mr_IN UTF-8
+# ms_MY ISO-8859-1
+# ms_MY.UTF-8 UTF-8
+# mt_MT ISO-8859-3
+# mt_MT.UTF-8 UTF-8
+# my_MM UTF-8
+# nan_TW UTF-8
+# nan_TW@latin UTF-8
+# nb_NO ISO-8859-1
+# nb_NO.UTF-8 UTF-8
+# nds_DE UTF-8
+# nds_NL UTF-8
+# ne_NP UTF-8
+# nhn_MX UTF-8
+# niu_NU UTF-8
+# niu_NZ UTF-8
+# nl_AW UTF-8
+# nl_BE ISO-8859-1
+# nl_BE.UTF-8 UTF-8
+# nl_BE@euro ISO-8859-15
+# nl_NL ISO-8859-1
+# nl_NL.UTF-8 UTF-8
+# nl_NL@euro ISO-8859-15
+# nn_NO ISO-8859-1
+# nn_NO.UTF-8 UTF-8
+# nr_ZA UTF-8
+# nso_ZA UTF-8
+# oc_FR ISO-8859-1
+# oc_FR.UTF-8 UTF-8
+# om_ET UTF-8
+# om_KE ISO-8859-1
+# om_KE.UTF-8 UTF-8
+# or_IN UTF-8
+# os_RU UTF-8
+# pa_IN UTF-8
+# pa_PK UTF-8
+# pap_AW UTF-8
+# pap_CW UTF-8
+# pl_PL ISO-8859-2
+# pl_PL.UTF-8 UTF-8
+# ps_AF UTF-8
+# pt_BR ISO-8859-1
+# pt_BR.UTF-8 UTF-8
+# pt_PT ISO-8859-1
+# pt_PT.UTF-8 UTF-8
+# pt_PT@euro ISO-8859-15
+# quz_PE UTF-8
+# raj_IN UTF-8
+# ro_RO ISO-8859-2
+# ro_RO.UTF-8 UTF-8
+# ru_RU ISO-8859-5
+# ru_RU.CP1251 CP1251
+# ru_RU.KOI8-R KOI8-R
+# ru_RU.UTF-8 UTF-8
+# ru_UA KOI8-U
+# ru_UA.UTF-8 UTF-8
+# rw_RW UTF-8
+# sa_IN UTF-8
+# sat_IN UTF-8
+# sc_IT UTF-8
+# sd_IN UTF-8
+# sd_IN@devanagari UTF-8
+# se_NO UTF-8
+# sgs_LT UTF-8
+# shs_CA UTF-8
+# si_LK UTF-8
+# sid_ET UTF-8
+# sk_SK ISO-8859-2
+# sk_SK.UTF-8 UTF-8
+# sl_SI ISO-8859-2
+# sl_SI.UTF-8 UTF-8
+# so_DJ ISO-8859-1
+# so_DJ.UTF-8 UTF-8
+# so_ET UTF-8
+# so_KE ISO-8859-1
+# so_KE.UTF-8 UTF-8
+# so_SO ISO-8859-1
+# so_SO.UTF-8 UTF-8
+# sq_AL ISO-8859-1
+# sq_AL.UTF-8 UTF-8
+# sq_MK UTF-8
+# sr_ME UTF-8
+# sr_RS UTF-8
+# sr_RS@latin UTF-8
+# ss_ZA UTF-8
+# st_ZA ISO-8859-1
+# st_ZA.UTF-8 UTF-8
+# sv_FI ISO-8859-1
+# sv_FI.UTF-8 UTF-8
+# sv_FI@euro ISO-8859-15
+# sv_SE ISO-8859-1
+# sv_SE.ISO-8859-15 ISO-8859-15
+# sv_SE.UTF-8 UTF-8
+# sw_KE UTF-8
+# sw_TZ UTF-8
+# szl_PL UTF-8
+# ta_IN UTF-8
+# ta_LK UTF-8
+# tcy_IN.UTF-8 UTF-8
+# te_IN UTF-8
+# tg_TJ KOI8-T
+# tg_TJ.UTF-8 UTF-8
+# th_TH TIS-620
+# th_TH.UTF-8 UTF-8
+# the_NP UTF-8
+# ti_ER UTF-8
+# ti_ET UTF-8
+# tig_ER UTF-8
+# tk_TM UTF-8
+# tl_PH ISO-8859-1
+# tl_PH.UTF-8 UTF-8
+# tn_ZA UTF-8
+# tr_CY ISO-8859-9
+# tr_CY.UTF-8 UTF-8
+# tr_TR ISO-8859-9
+# tr_TR.UTF-8 UTF-8
+# ts_ZA UTF-8
+# tt_RU UTF-8
+# tt_RU@iqtelif UTF-8
+# ug_CN UTF-8
+# uk_UA KOI8-U
+# uk_UA.UTF-8 UTF-8
+# unm_US UTF-8
+# ur_IN UTF-8
+# ur_PK UTF-8
+# uz_UZ ISO-8859-1
+# uz_UZ.UTF-8 UTF-8
+# uz_UZ@cyrillic UTF-8
+# ve_ZA UTF-8
+# vi_VN UTF-8
+# wa_BE ISO-8859-1
+# wa_BE.UTF-8 UTF-8
+# wa_BE@euro ISO-8859-15
+# wae_CH UTF-8
+# wal_ET UTF-8
+# wo_SN UTF-8
+# xh_ZA ISO-8859-1
+# xh_ZA.UTF-8 UTF-8
+# yi_US CP1255
+# yi_US.UTF-8 UTF-8
+# yo_NG UTF-8
+# yue_HK UTF-8
+# zh_CN GB2312
+# zh_CN.GB18030 GB18030
+# zh_CN.GBK GBK
+# zh_CN.UTF-8 UTF-8
+# zh_HK BIG5-HKSCS
+# zh_HK.UTF-8 UTF-8
+# zh_SG GB2312
+# zh_SG.GBK GBK
+# zh_SG.UTF-8 UTF-8
+# zh_TW BIG5
+# zh_TW.EUC-TW EUC-TW
+# zh_TW.UTF-8 UTF-8
+# zu_ZA ISO-8859-1
+# zu_ZA.UTF-8 UTF-8
--- /dev/null
+Europe/Berlin
--- /dev/null
+[Unit]
+Description=rtorrent session
+After=network.target
+
+[Service]
+Type=simple
+User=plom
+Group=plom
+WorkingDirectory=/home/plom
+ExecStartPre=-/bin/rm -f /home/plom/session/rtorrent.lock
+ExecStart=/usr/bin/screen -S rtorrent -Dm /usr/bin/rtorrent
+ExecStop=/usr/bin/screen -S rtorrent -X quit
+Restart=on-failure
+RestartSec=3
+
+[Install]
+WantedBy=multi-user.target
--- /dev/null
+
+# This is the sshd server system-wide configuration file. See
+# sshd_config(5) for more information.
+
+# This sshd was compiled with PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+# The strategy used for options in the default sshd_config shipped with
+# OpenSSH is to specify options with their default value where
+# possible, but leave them commented. Uncommented options override the
+# default value.
+
+Include /etc/ssh/sshd_config.d/*.conf
+
+#Port 22
+#AddressFamily any
+#ListenAddress 0.0.0.0
+#ListenAddress ::
+
+#HostKey /etc/ssh/ssh_host_rsa_key
+#HostKey /etc/ssh/ssh_host_ecdsa_key
+#HostKey /etc/ssh/ssh_host_ed25519_key
+
+# Ciphers and keying
+#RekeyLimit default none
+
+# Logging
+#SyslogFacility AUTH
+#LogLevel INFO
+
+# Authentication:
+
+#LoginGraceTime 2m
+#PermitRootLogin prohibit-password
+PermitRootLogin no # plomlompom's security rule
+#StrictModes yes
+#MaxAuthTries 6
+#MaxSessions 10
+
+#PubkeyAuthentication yes
+
+# Expect .ssh/authorized_keys2 to be disregarded by default in future.
+#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2
+
+#AuthorizedPrincipalsFile none
+
+#AuthorizedKeysCommand none
+#AuthorizedKeysCommandUser nobody
+
+# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
+#HostbasedAuthentication no
+# Change to yes if you don't trust ~/.ssh/known_hosts for
+# HostbasedAuthentication
+#IgnoreUserKnownHosts no
+# Don't read the user's ~/.rhosts and ~/.shosts files
+#IgnoreRhosts yes
+
+# To disable tunneled clear text passwords, change to no here!
+PasswordAuthentication no
+#PermitEmptyPasswords no
+
+# Change to yes to enable challenge-response passwords (beware issues with
+# some PAM modules and threads)
+KbdInteractiveAuthentication no
+
+# Kerberos options
+#KerberosAuthentication no
+#KerberosOrLocalPasswd yes
+#KerberosTicketCleanup yes
+#KerberosGetAFSToken no
+
+# GSSAPI options
+#GSSAPIAuthentication no
+#GSSAPICleanupCredentials yes
+#GSSAPIStrictAcceptorCheck yes
+#GSSAPIKeyExchange no
+
+# Set this to 'yes' to enable PAM authentication, account processing,
+# and session processing. If this is enabled, PAM authentication will
+# be allowed through the KbdInteractiveAuthentication and
+# PasswordAuthentication. Depending on your PAM configuration,
+# PAM authentication via KbdInteractiveAuthentication may bypass
+# the setting of "PermitRootLogin prohibit-password".
+# If you just want the PAM account and session checks to run without
+# PAM authentication, then enable this but set PasswordAuthentication
+# and KbdInteractiveAuthentication to 'no'.
+UsePAM yes
+
+#AllowAgentForwarding yes
+#AllowTcpForwarding yes
+#GatewayPorts no
+X11Forwarding yes
+#X11DisplayOffset 10
+#X11UseLocalhost yes
+#PermitTTY yes
+PrintMotd no
+#PrintLastLog yes
+#TCPKeepAlive yes
+#PermitUserEnvironment no
+#Compression delayed
+ClientAliveInterval 15
+#ClientAliveCountMax 3
+#UseDNS no
+#PidFile /run/sshd.pid
+#MaxStartups 10:30:100
+#PermitTunnel no
+#ChrootDirectory none
+#VersionAddendum none
+
+# no default banner path
+#Banner none
+
+# Allow client to pass locale environment variables
+AcceptEnv LANG LC_*
+
+# override default of no subsystems
+Subsystem sftp /usr/lib/openssh/sftp-server
+
+# Example of overriding settings on a per-user basis
+#Match User anoncvs
+# X11Forwarding no
+# AllowTcpForwarding no
+# PermitTTY no
+# ForceCommand cvs server
--- /dev/null
+server {
+ listen 443 ssl;
+ server_name REPLACE_fqdn_ECALPER;
+ ssl_certificate /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/privkey.pem;
+ root /var/www/status.plomlompom.com/;
+
+ location = / {
+ return 301 /users/plomlompom.html;
+ }
+
+ # re-direct to .html endings
+ location ~ ^/(notice|users)/([^\.]*)/?$ {
+ rewrite ^/(notice|users)/([^\./]*)/?$ /$1/$2.html permanent;
+ }
+}
--- /dev/null
+server {
+ listen 443 ssl;
+ server_name REPLACE_fqdn_ECALPER;
+ ssl_certificate /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/privkey.pem;
+ root /var/www/tube.plomlompom.com/;
+
+ # re-direct to .html endings
+ location ~ ^/videos/watch/([^\.]*)/?$ {
+ rewrite ^/videos/watch/([^\./]*)/?$ /videos/watch/$1.html permanent;
+ }
+}
--- /dev/null
+# If you change this file, run 'update-grub' afterwards to update
+# /boot/grub/grub.cfg.
+# For full documentation of the options in this file, see:
+# info -f grub -n 'Simple configuration'
+
+GRUB_DEFAULT=0
+GRUB_TIMEOUT=5
+GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`
+GRUB_CMDLINE_LINUX_DEFAULT="quiet nvidia.NVreg_OpenRmEnableUnsupportedGpus=1"
+GRUB_CMDLINE_LINUX=""
+
+# Uncomment to enable BadRAM filtering, modify to suit your needs
+# This works with Linux (no patch required) and with any kernel that obtains
+# the memory map information from GRUB (GNU Mach, kernel of FreeBSD ...)
+#GRUB_BADRAM="0x01234567,0xfefefefe,0x89abcdef,0xefefefef"
+
+# Uncomment to disable graphical terminal (grub-pc only)
+#GRUB_TERMINAL=console
+
+# The resolution used on graphical terminal
+# note that you can use only modes which your graphic card supports via VBE
+# you can see them in real GRUB with the command `vbeinfo'
+#GRUB_GFXMODE=640x480
+
+# Uncomment if you don't want GRUB to pass "root=UUID=xxx" parameter to Linux
+#GRUB_DISABLE_LINUX_UUID=true
+
+# Uncomment to disable generation of recovery mode menu entries
+#GRUB_DISABLE_RECOVERY="true"
+
+# Uncomment to get a beep at grub start
+#GRUB_INIT_TUNE="480 440 1"
--- /dev/null
+blacklist nouveau
+options nouveau modeset=0
+
--- /dev/null
+#!/usr/sbin/nft -f
+
+flush ruleset
+
+table inet filter {
+ chain input {
+ type filter hook input priority 0; policy drop;
+ iif lo accept comment "accept localhost traffic"
+ ct state invalid drop comment "drop invalid connections"
+ ct state established, related accept comment "accept traffic originated from us"
+ tcp dport 22 accept comment "accept SSH on default port"
+ tcp dport 80 accept comment "accept HTTP on default port"
+ tcp dport 443 accept comment "accept HTTPS on default port"
+ ip protocol icmp icmp type echo-request accept comment "accept ICMP for pinging"
+ }
+ chain forward {
+ type filter hook forward priority 0; policy drop;
+ }
+ chain output {
+ type filter hook output priority 0; policy accept;
+ }
+}
--- /dev/null
+# system integration
+user www-data;
+worker_processes auto;
+pid /run/nginx.pid;
+include /etc/nginx/modules-enabled/*.conf;
+
+# is expected even if empty
+events {
+}
+
+http {
+ # define content-type headers
+ include /etc/nginx/mime.types;
+ charset utf-8;
+
+ # Some standard optimizations, i.e. Debian default. Explained in
+ # <https://thoughts.t37.net/nginx-optimization-understanding-sendfile-tcp-nodelay-and-tcp-nopush-c55cdd276765>
+ # Not that I understand it all …
+ sendfile on;
+ tcp_nopush on;
+ tcp_nodelay on;
+
+ # logging deactivated due to GDPR
+ #access_log /var/log/nginx/access.log;
+ #error_log /var/log/nginx/error.log;
+ access_log off;
+ error_log off;
+
+ # virtual hosts: sites-enabled is the Debian way, conf.d the NGINX default
+ include /etc/nginx/conf.d/*.conf;
+ include /etc/nginx/sites-enabled/*;
+
+ # Redirect all HTTP requests to HTTPS.
+ server {
+ listen 80;
+ return 301 https://$host$request_uri;
+ }
+}
--- /dev/null
+# Don't blank screen, as this will confuse the HDMI switch setup / lead to unrecoverable X sessions.
+xset s noblank
--- /dev/null
+# Settings for interactive shells.
+
+# Fancy colors for ls.
+alias ls="ls --color=auto"
+
+# Other helpful aliases
+alias sshauth='eval $(ssh-agent) && ssh-add'
+# alias xrandrbig='xrandr --output LVDS-1 --off'
+
+# Use vim as default editor for anything.
+export VISUAL=vim
+export EDITOR=$VISUAL
+
+# Colored prompt with username, hostname, date/time, directory.
+colornumber=7 # Default to white if no color set via colornumber dotfile.
+colornumber_file=~/.shell_prompt_color
+if [ -f $colornumber_file ]; then
+ colornumber=`cat $colornumber_file`
+fi
+tput_color="$(tput setaf $colornumber)$(tput bold)"
+tput_reset="$(tput sgr0)"
+# Bash confuses the line length when not told to not count escape sequences.
+if [ ! "$BASH" = "" ]; then
+ tput_color="\[$tput_color\]"
+ tput_reset="\[$tput_reset\]"
+fi
+PS1="${tput_color}["\$\(date\ +%Y-%m-%d/%H:%M:%S/%Z\)" $(whoami)@$(hostname):"\$\(pwd\)"]$ $tput_reset"
+PS2="${tput_color}> $tput_reset"
+PS3="${tput_color}select: $tput_reset"
+PS4="${tput_color}+ $tput_reset"
--- /dev/null
+# where to write downloads into
+directory.default.set = ~/downloads
+
+# rtorrent's memory
+session.path.set = ~/session
+
+# security and paranoia
+dht.mode.set = disable
+protocol.pex.set = no
+protocol.encryption.set = require,require_RC4,allow_incoming,try_outgoing
+
--- /dev/null
+! otherwise various applications will assume merely 8 colors
+XTerm.termName: xterm-256color
+
+! font
+! actually, "mono" is already the default for faceName (it will
+! pick whatever fc-match mono delivers), but we need to set _some_
+! faceName to trigger XTerm activating TrueType fonts
+! (XTerm*fontRender by itself won't do the trick), and we want
+! TrueType fonts because, well, they scale better, and XTerm lets them
+! fall back on alternatives (hi there ttf-unifont) when a Unicode
+! glyph is not found
+XTerm*faceName: mono
+
+! white on black
+XTerm*reverseVideo: on
+
+! blink screen instead of sound
+XTerm*visualBell: on
+
+! proper ALT as META key treatment
+XTerm*eightBitInput: false
+
+! font sizes
+XTerm*faceSize: 8
+XTerm*faceSize1: 4
+XTerm*faceSize2: 5
+XTerm*faceSize3: 6
+XTerm*faceSize4: 8
+XTerm*faceSize5: 14
+XTerm*faceSize6: 25
+
+! colors
+! black
+XTerm*color0: #202020
+XTerm*color8: #3F3F3F
+! red
+XTerm*color1: #A82020
+XTerm*color9: #E82020
+! green
+XTerm*color2: #20A820
+XTerm*color10: #20E820
+! yellow
+XTerm*color3: #A8A820
+XTerm*color11: #E8E820
+! blue
+XTerm*color4: #3F3FFF
+XTerm*color12: #9F9FFF
+! magenta
+XTerm*color5: #A83FFF
+XTerm*color13: #E89FFF
+! cyan
+XTerm*color6: #3FA8FF
+XTerm*color14: #9FE8FF
+! white
+XTerm*color7: #A8A8A8
+XTerm*color15: #E8E8E8
--- /dev/null
+plom@plomlompom.com
+plom@mail.plomlompom.com
+plom@play.plomlompom.com
+# file read ends at last newline
--- /dev/null
+# plomlompom's i3-wm configuration
+
+# Font for i3 text
+font pango:Terminus 8px
+
+# Force "tabbed" as default layout for new windows.
+workspace_layout tabbed
+
+# Make the Windows key the modifier key for all i3-wm actions.
+set $mod Mod4
+floating_modifier $mod
+
+# Launch xterm.
+bindsym $mod+Return exec xterm
+
+# Launch programs via dmenu.
+bindsym $mod+d exec dmenu_run
+bindsym $mod+x exec dmenu_run
+
+# Kill window.
+bindsym $mod+Shift+Q kill
+
+# Move focus between windows.
+bindsym $mod+Left focus left
+bindsym $mod+Down focus down
+bindsym $mod+Up focus up
+bindsym $mod+Right focus right
+
+# Don't move focus with mouse.
+focus_follows_mouse no
+
+# Move windows.
+bindsym $mod+Shift+Left move left
+bindsym $mod+Shift+Down move down
+bindsym $mod+Shift+Up move up
+bindsym $mod+Shift+Right move right
+
+# Resize windows
+bindsym $mod+h resize shrink width 1 px or 1 ppt
+bindsym $mod+l resize grow width 1 px or 1 ppt
+bindsym $mod+j resize shrink height
+bindsym $mod+k resize grow height
+
+# Toggle fullscreen for focused window.
+bindsym $mod+f fullscreen
+
+# Toggle floating of window, focus on floating or tabbed windows.
+bindsym $mod+Shift+space floating toggle
+bindsym $mod+space focus mode_toggle
+
+# Switch to workspace x.
+bindsym $mod+1 workspace 1
+bindsym $mod+2 workspace 2
+bindsym $mod+3 workspace 3
+bindsym $mod+4 workspace 4
+bindsym $mod+5 workspace 5
+bindsym $mod+6 workspace 6
+bindsym $mod+7 workspace 7
+bindsym $mod+8 workspace 8
+bindsym $mod+9 workspace 9
+bindsym $mod+0 workspace 10
+
+# Move window to workspace x.
+bindsym $mod+Shift+exclam move workspace 1
+bindsym $mod+Shift+quotedbl move workspace 2
+bindsym $mod+Shift+section move workspace 3
+bindsym $mod+Shift+dollar move workspace 4
+bindsym $mod+Shift+percent move workspace 5
+bindsym $mod+Shift+ampersand move workspace 6
+bindsym $mod+Shift+slash move workspace 7
+bindsym $mod+Shift+parenleft move workspace 8
+bindsym $mod+Shift+parenright move workspace 9
+bindsym $mod+Shift+equal move workspace 10
+
+# Reload i3 config file, restart (keeping sesion) i3, exit i3.
+bindsym $mod+Shift+C reload
+bindsym $mod+Shift+R restart
+bindsym $mod+Shift+P exit
+
+# Select "i3status" as i3 status bar, hide systray icons.
+bar {
+ tray_output none
+ status_command i3status
+}
+
+include ~/.config/i3/config_bonus
--- /dev/null
+# plomlompom's i3 status bar configuration
+
+# Activate colors; set update interval of one second.
+general {
+ colors = true
+ interval = 1
+}
+
+# Selection / order of status elements.
+order += "disk /"
+order += "disk /home/"
+order += "wireless wlp3s0"
+order += "ethernet enp0s25"
+order += "battery 0"
+order += "cpu_usage"
+order += "load"
+order += "cpu_temperature 0"
+order += "time"
+order += "volume master"
+
+# How much space is left in / ?
+disk "/" {
+ format = "/: %avail available of %total"
+ separator_block_width = 25
+}
+
+# How much space is left in /home ?
+disk "/home/" {
+ format = "/home: %avail available of %total"
+ separator_block_width = 25
+}
+
+# WLAN status: show IP and connection quality or "down".
+wireless wlp3s0 {
+ format_up = "w: (%quality at %essid) %ip"
+ format_down = "w: down"
+ separator_block_width = 10
+}
+
+# Ethernet status: show IP or "down".
+ethernet enp0s25 {
+ format_up = "e: %ip"
+ format_down = "e: down"
+ separator_block_width = 25
+}
+
+# Battery status: show FULL/CHARGING/BATTERY, storage, time left.
+battery 0 {
+ format = "b: %status %percentage %remaining"
+ separator_block_width = 25
+}
+
+# Show CPU usage.
+cpu_usage {
+ format = "cpu: %usage"
+ separator_block_width = 10
+}
+
+# Show system load during last 1/5/15 minutes.
+load {
+ format = "%1min %5min %15min"
+ separator_block_width = 25
+}
+
+# Show CPU temperature in degrees of celsius.
+cpu_temperature 0 {
+ format = "%degrees °C"
+ separator_block_width = 25
+}
+
+# Show date/time/timezone as "year-month-day hour:minute:second
+# timezone_numeric/timezone_alphabetic".
+time {
+ format = "%Y-%m-%d %H:%M:%S %z/%Z"
+ separator_block_width = 25
+}
+
+volume master {
+ format = "♪: %volume"
+ format_muted = "♪: muted (%volume)"
+ separator_block_width = 25
+}
--- /dev/null
+;; general layout
+;; ==============
+
+;; need no stinkin emacs help screen as start up, and no menu bar
+(setq inhibit-startup-screen t)
+(menu-bar-mode -1)
+
+;; highlight cursor line, parentheses
+(global-hl-line-mode 1)
+(show-paren-mode 1)
+
+;; show line numbers, use separator space
+(global-linum-mode)
+(setq linum-format "%d ")
+
+;; count cursor column, row in mode line
+(setq column-number-mode t)
+
+;; settings to make GUI tolerable
+(if window-system
+ (progn
+ (add-to-list 'default-frame-alist '(foreground-color . "white"))
+ (add-to-list 'default-frame-alist '(background-color . "black"))
+ (set-face-attribute 'default nil :height 80)
+ (scroll-bar-mode -1)
+ (setq visible-bell t)
+ (setq linum-format "%d")))
+
+;; use as default browser what XDG offers
+(setq-default browse-url-browser-function 'browse-url-xdg-open)
+
+
+
+;; general keybindings
+;; ===================
+
+;; create and use a minimal global map using just the self-insert command
+;; bindings and a selection of some to me very common keystrokes
+(setq minimal-map (make-sparse-keymap))
+(substitute-key-definition 'self-insert-command 'self-insert-command
+ minimal-map global-map)
+(use-global-map minimal-map)
+(global-set-key (kbd "DEL") 'backward-delete-char-untabify)
+(global-set-key (kbd "RET") 'newline)
+(global-set-key (kbd "TAB") 'indent-for-tab-command)
+(global-set-key (kbd "<up>") 'previous-line)
+(global-set-key (kbd "<down>") 'next-line)
+(global-set-key (kbd "<left>") 'left-char)
+(global-set-key (kbd "<right>") 'right-char)
+(global-set-key (kbd "<prior>") 'scroll-down-command)
+(global-set-key (kbd "<next>") 'scroll-up-command)
+(global-set-key (kbd "M-x") 'execute-extended-command)
+(global-set-key (kbd "C-g") 'keyboard-quit)
+;(global-set-key (kbd "<f3>") 'kmacro-start-macro-or-insert-counter)
+;(global-set-key (kbd "<f4>") 'kmacro-end-or-call-macro)
+;; note how to switch back to the original map: (use-global-map global-map)
+(setq shr-map (make-sparse-keymap)) ; got annoying in elfeed-show on URLs
+
+
+
+;; minibuffer
+;; ==========
+
+;; incremental minibuffer completion
+(icomplete-mode 1)
+
+
+
+;; text editing
+;; ============
+
+;; tabs are evil
+(setq-default indent-tabs-mode nil)
+(setq-default tab-width 4)
+(setq indent-line-function 'insert-tab)
+
+;; show trailing whitespace
+(setq-default show-trailing-whitespace 1)
+
+;; on save, ask whether to ensure text file's last line ends in a
+;; newline character
+(setq require-final-newline 1)
+
+;; use dedicated directory for version-controlled, endless backups;
+;; never delete old versions
+(setq make-backup-files t
+ backup-directory-alist `(("." . "~/.emacs_backups"))
+ backup-by-copying t
+ version-control t
+ delete-old-versions 1) ;; neither t nor nil: never delete
+
+
+;; package management
+;; ==================
+
+;; where we get packages from
+(setq package-archives '(("gnu" . "https://elpa.gnu.org/packages/")
+ ("melpa-unstable" . "https://melpa.org/packages/")
+ ("melpa-stable" . "https://stable.melpa.org/packages/")))
+
+;; ensure certain packages are installed (actually, we use Debian repos here)
+;; credit to <https://stackoverflow.com/a/10093312>
+;(setq package-list '(elfeed ledger-mode))
+;(package-initialize)
+;(dolist (package package-list)
+; (unless (package-installed-p package)
+; (package-install package)))
+
+
+
+;;; window management
+;;; =================
+;
+;;; track window configurations to allow window config undo
+;(winner-mode 1)
+
+
+
+;; mail setup
+;; ==========
+
+(setq send-mail-function 'smtpmail-send-it)
+(setq smtpmail-smtp-server "mail.plomlompom.com")
+(setq smtpmail-smtp-service 465)
+(setq smtpmail-stream-type 'ssl)
+(setq smtpmail-smtp-user "plom")
+(setq mml-secure-openpgp-encrypt-to-self t)
+(add-hook 'message-setup-hook 'mml-secure-sign-pgpmime)
+
+;(setq gnutls-log-level 0)
+
+;; if we don't set this, we get this warning:
+;; gnutls.c: [1] Note that the security level of the Diffie-Hellman key exchange
+;; has been lowered to 256 bits and this may allow decryption of the session data
+(setq gnutls-min-prime-bits 1024)
+
+;; there is a WEIRD bug somewhere in /network-stream-open-tls/ that disappears the
+;; stream process, seemingly unless the /message/ function is called at the right
+;; place (earliest in /nsm-verify-connection/ right before the "cond" there, latest
+;; in /network-stream-get-response/ right after "(goto-char start)"; this works
+;; unless /inhibit_message/ is set, indicating that writing to the *Messages*
+;; buffer is not relevant, but maybe writing to the echo area is); activing the
+;; gnutls logging is just a hack to achieve such calls to /message/ in the
+;; /network-stream-open-tls/ flow.
+(setq gnutls-log-level 1) ; miraculously makes smtpmail work
+
+;; constructs From: domain if mail composer directly called (from without
+;; notmuch), but we don't actually intend to do that
+;(setq mail-host-address "plomlompom.com")
+
+;; otherwise notmuch becomes extremely slow in some cases
+(setq-default notmuch-show-indent-content nil)
+
+;; this only works if we use notmuch-mua-send instead of message-send
+(setq notmuch-fcc-dirs '(("plom@plomlompom.com" . "maildir/Sent")))
+
+;; this gets rid of "i-did-not-set--mail-host-address--so-tickle-me"
+;; in the message ID
+(setq mail-host-address "plomlompom.com")
+
+;; notmuch saved searches
+(setq notmuch-saved-searches
+ '((:name "inbox" :query "tag:unread and folder:inbox")
+ (:name "all" :query "tag:unread not folder:maildir/Trash")
+ (:name "plomlompom.de" :query "tag:unread and folder:maildir/plomlompom.de")
+ (:name "nebenan" :query "tag:unread and folder:maildir/nebenan")
+ (:name "reflect-info" :query "tag:unread and folder:maildir/reflect-info")
+ (:name "gmail" :query "tag:unread and folder:maildir/gmail.com")
+ (:name "mutter" :query "tag:unread and folder:maildir/mutter")))
+
+
+
+;; org mode
+;; ========
+
+;; unsure why, but to re-set the key map, we not only have to explicitely do it
+;; only after org-mode loading, but also have to explicitely overwrite the
+;; C-c keybinding; TODO: investigate
+(with-eval-after-load 'org
+ (setq org-mode-map (make-sparse-keymap))
+ (define-key org-mode-map (kbd "C-c") nil)
+ (define-key org-mode-map (kbd "TAB") 'org-cycle)
+ (define-key org-mode-map (kbd "<backtab>") 'org-shifttab))
+
+;; don't truncate lines by default
+(setq org-startup-truncated nil)
+
+;; basic org-capture config
+(setq org-capture-templates
+ '(("x" "test" plain (file "~/org/notes.org") "%T: %?")))
+(add-hook 'org-capture-mode-hook 'evil-insert-state)
+
+;; agenda view on startup
+(load-library "find-lisp")
+(setq org-agenda-files (find-lisp-find-files "~/org" "\.org$"))
+(setq org-agenda-span 90)
+(setq org-agenda-use-time-grid nil)
+(add-hook 'emacs-startup-hook (lambda ()
+ (org-agenda-list)
+ (switch-to-buffer "*Org Agenda*")
+ (other-window 1)))
+
+;;; for calendar, use ISO date style
+;(setq calendar-date-style 'iso)
+;(setq diary-number-of-entries 7)
+;(diary)
+;(setq org-agenda-time-grid '((today require-timed remove-match)
+; #("----------------" 0 16 (org-heading t))
+; (0 200 400 600 800 1000 1200
+; 1400 1600 1800 2000 2200)))
+
+;; empty org-agenda-mode keybindings
+(add-hook 'org-agenda-mode-hook
+ (lambda ()
+ (setq org-agenda-mode-map (make-sparse-keymap))))
+(add-hook 'org-agenda-mode-hook
+ (lambda ()
+ (use-local-map (make-sparse-keymap))))
+
+;; org-publish-all
+(setq org-publish-project-alist
+ '(
+ ("website"
+ :base-directory "~/org/web/"
+ :base-extension "org"
+ :publishing-directory "~/html/"
+ :recursive t
+ :publishing-function org-html-publish-to-html
+ :headline-levels 4 ; Just the default for this project.
+ :auto-preamble t
+ )))
+
+;; use [ki:] syntax to hide stuff from exports
+(defun classify-information (text backend info)
+ "Replaces '[ki:WHATEVER]' with '[klassifizierte Information]'."
+ (replace-regexp-in-string "\\[ki:[^\]]*\]" "[klassifizierte Information]" text))
+(add-hook 'org-export-filter-plain-text-functions 'classify-information)
+
+;; add HTML validator link to exports
+(setq org-html-validation-link "<a href=\"https://validator.w3.org/check?uri=referer\">Validate</a>")
+
+
+
+;;; Info mode
+;;; =========
+
+(setq Info-mode-map (make-sparse-keymap))
+(define-key Info-mode-map (kbd "RET") 'Info-follow-nearest-node)
+(define-key Info-mode-map (kbd "u") 'Info-up)
+(define-key Info-mode-map (kbd "TAB") 'Info-next-reference)
+(define-key Info-mode-map (kbd "<backtab>") 'Info-prev-reference)
+(define-key Info-mode-map (kbd "H") 'Info-history-back)
+(define-key Info-mode-map (kbd "L") 'Info-history-forward)
+(define-key Info-mode-map (kbd "I") 'Info-goto-node)
+(define-key Info-mode-map (kbd "i") 'Info-index)
+
+
+
+;; help mode
+;; =========
+
+(setq help-mode-map (make-sparse-keymap))
+(define-key help-mode-map (kbd "TAB") 'forward-button)
+(define-key help-mode-map (kbd "RET") 'help-follow)
+(define-key help-mode-map (kbd "<backtab>") 'backward-button)
+
+
+
+; ;; elfeed
+; ;; ======
+;
+; (require 'elfeed) ; needed so we can set the font faces
+; (set-face-background 'elfeed-search-title-face "magenta")
+; (set-face-background 'elfeed-search-unread-count-face "magenta")
+; (setq elfeed-feeds
+; '("https://capsurvival.blogspot.com/feeds/posts/default"
+; "https://jungle.world/rss.xml"
+; "http://news.dieweltistgarnichtso.net/bin/index.xml"
+; "https://taz.de/!s=&ExportStatus=Intern&SuchRahmen=Online;rss/"
+; "http://www.tagesschau.de/xml/atom"))
+; (setq elfeed-search-mode-map (make-sparse-keymap))
+; (define-key elfeed-search-mode-map (kbd "RET") 'elfeed-search-show-entry)
+; (defun elfeed-search-mark-as-read() (interactive)
+; (elfeed-search-untag-all 'unread))
+; (define-key elfeed-search-mode-map (kbd "r") 'elfeed-search-mark-as-read)
+; (define-key elfeed-search-mode-map (kbd "R") 'elfeed-search-tag-all-unread)
+; (define-key elfeed-search-mode-map (kbd "f") 'elfeed-search-live-filter)
+; (define-key elfeed-search-mode-map (kbd "u") 'elfeed-update)
+; (setq elfeed-show-mode-map (make-sparse-keymap))
+; (define-key elfeed-show-mode-map (kbd "u") 'elfeed)
+; (define-key elfeed-show-mode-map (kbd "TAB") 'shr-next-link)
+; (define-key elfeed-show-mode-map (kbd "<backtab>") 'shr-previous-link)
+; (define-key elfeed-show-mode-map (kbd "a") 'elfeed-show-prev)
+; (define-key elfeed-show-mode-map (kbd "d") 'elfeed-show-next)
+; (define-key elfeed-show-mode-map (kbd "y") 'shr-copy-url)
+; (define-key elfeed-show-mode-map (kbd "RET") 'shr-browse-url)
+;
+;
+;
+; ;; eww
+; ;; ===
+;
+; (setq eww-mode-map (make-sparse-keymap))
+; (define-key eww-mode-map (kbd "TAB") 'shr-next-link)
+; (define-key eww-mode-map (kbd "<backtab>") 'shr-previous-link)
+; (define-key eww-mode-map (kbd "H") 'eww-back-url)
+; (define-key eww-mode-map (kbd "L") 'eww-forward-url)
+
+
+
+;; ledger
+;; ======
+(setq ledger-mode-map (make-sparse-keymap))
+(define-key ledger-mode-map (kbd "TAB") 'completion-at-point)
+
+
+
+;;; plomvi mode
+;;; ===========
+
+(defvar plomvi-return-combo (kbd "C-c"))
+(load "~/public_repos/plomvi.el/plomvi.el")
+(plomvi-global-mode 1)
--- /dev/null
+[user]
+ email = c.heller@plomlompom.de
+ name = Christian Heller
--- /dev/null
+IMAPAccount plom
+# Address to connect to
+Host mail.plomlompom.com
+User plom
+# For some reason, mbsync doesn't accept a PassCmd output beyond 79 chars,
+# therefore the pw in ~/.authinfo should not be longer than that.
+PassCmd "cat ~/.authinfo | cut -d' ' -f8-"
+SSLType IMAPS
+AuthMechs LOGIN
+
+IMAPStore core-remote
+Account plom
+
+MaildirStore core-local
+# The trailing "/" is important
+Path ~/mail/maildir/
+Inbox ~/mail/inbox/
+
+Channel core
+Far :core-remote:
+Near :core-local:
+Patterns *
+# Automatically create missing mailboxes, both locally and on the server
+Create Both
+# Save the synchronization state files in the relevant directory
+SyncState *
+# If a mail is marked T ("Trashed") or deleted, remove it for real everywhere
+Expunge Both
--- /dev/null
+[database]
+path=/home/plom/mail
+[search]
+exclude_tags=deleted;spam;
+# the fields below set the From: if the mail composer is called from
+# within notmuch
+[user]
+name=Christian Heller
+primary_email=plom@plomlompom.com
--- /dev/null
+# sanitize tridactyllocal tridactylsync
+# guiset tabs always
+# guiset hoverlink left
+# guiset statuspanel right
+autocmd DocStart www.reddit.com urlmodify -t www.reddit old.reddit
+# bind ö fillcmdline find
+# bind n findnext 1
+# bind N findnext -1
+bind j scrollline 3
+bind k scrollline -3
+set hintuppercase false
+set searchengine duckduckgo
+set theme midnight
+set searchurls.wiktionary https://en.wiktionary.org/w/index.php?search=
+set searchurls.dictcc https://www.dict.cc/?s=
+set hintchars 123456qwertasdfgyxcvb
+guiset gui none
+escapehatch
--- /dev/null
+# X init configuration
+
+# Set keymap.
+setxkbmap de
+
+# Map CapsLock to Compose key.
+xmodmap -e "clear Lock"
+xmodmap -e "keycode 66 = Multi_key"
+
+# Load xterm settings
+xrdb -merge ~/.Xresources
+
+# Redshift to Berlin, Germany.
+redshift -rl 53:13 &
+
+sh .xinitrc_bonus
+
+# Launch window manager.
+i3
--- /dev/null
+#!/bin/sh
+set -e
+
+basedir="/home/plom/mail/maildir/"
+# Ensure directories exist for all "dir:*" tags.
+for tag in $(notmuch search --output=tags '*'); do
+ if [ ! $(echo "${tag}" | cut -c-4) = "dir:" ]; then
+ continue
+ fi
+ target_dir="${basedir}"$(echo "${tag}" | cut -c5-)"/cur/"
+ if [ ! -d "${target_dir}" ]; then
+ echo "Directory ${target_dir} does not exist."
+ exit 1
+ fi
+done
+
+# Ensure all "dir:*"-tagged mails are in proper directories,
+# remove all "dir:*" tags.
+for tag in $(notmuch search --output=tags '*'); do
+ if [ ! $(echo "${tag}" | cut -c-4) = "dir:" ]; then
+ continue
+ fi
+ target_dir="${basedir}"$(echo "${tag}" | cut -c5-)"/cur/"
+ for f in $(notmuch search --output=files tag:"${tag}"); do
+ new_name=$(basename "${f}" | sed -e 's/,U=[0-9]*//')
+ target_path="${target_dir}${new_name}"
+ if [ ! "${target_path}" = "${f}" ]; then
+ echo "Moving ${f} to ${target_path}."
+ mv "${f}" "${target_path}"
+ # NOTE: if we encounter an error here of ${f} not being findable, run "notmuch reindex tag:${tag}" to fix
+ fi
+ done
+ notmuch tag -"${tag}" tag:"${tag}"
+done
+
+# Remove all "deleted"-tagged files from maildirs.
+notmuch search --output=files tag:deleted | while read f; do
+ echo "Deleting ${f}"
+ rm "${f}"
+done
+
+# Sync changes back to server and update notmuch index.
+mbsync -a
+notmuch new
--- /dev/null
+# List of repos we want cloned in ~/public_repos
+config
+pingmail.git
+plomlombot-irc.git
+plomrogue
+plomrogue2-experiments
+plomvi.el
+misc
--- /dev/null
+# put main workspaces on big monitor
+workspace 1 output LVDS-1
+workspace 2 output HDMI-1-0
+workspace 3 output HDMI-1-0
+workspace 4 output HDMI-1-0
+workspace 5 output HDMI-1-0
+workspace 6 output HDMI-1-0
+workspace 7 output HDMI-1-0
+workspace 8 output HDMI-1-0
+workspace 9 output HDMI-1-0
+workspace 10 output HDMI-1-0
+
+# default to big monitor's first workspace
+# exec "i3-msg 'workspace 1'"
--- /dev/null
+# The extreme --pos disconnects the cursor movement spaces, so mouse stays inside selected screen.
+xrandr --output LVDS-1 --mode 1368x768 --output HDMI-1-0 --auto --pos 2000x2000
--- /dev/null
+#!/bin/sh
+set -e
+. ./misc.sh
+. ../../misc.sh
+
+expect_n_args 2 "(hostname, FQDN)" "$@"
+hostname="$1"
+fqdn="$2"
+shift 2
+
+cd "${setup_scripts_dir}"
+
+# Adapt /etc/ to our needs by copying from ./etc_files. This will set
+# basic configurations affecting following steps, such as setup of APT
+# and the locale selection, so needs to be right at the beginning.
+./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" all "$@"
+
+# Set hostname and FQDN.
+./set_hostname_and_fqdn.sh "${hostname}" "${fqdn}"
+
+# Ensure package installation state as defined by what packages are
+# defined as required by Debian policy and by settings in ./apt-mark/.
+apt update
+./install_for_target.sh all "$@"
+./purge_nonrequireds.sh all "$@"
+
+# Ensure our desired locale is available.
+locale-gen
+
+# Only upgrade after reducing the system to the desired minimum, so that
+# we don't need to get more data than necessary.
+apt -y dist-upgrade
+
+# Set Berlin localtime.
+ln -sf /usr/share/zoneinfo/Europe/Berlin /etc/localtime
--- /dev/null
+#!/bin/sh
+# Copy files in argument-selected subdirectories of $1 to subdirectories
+# of $2 (which may be an empty string), e.g. with $1 of "etc_files", $2
+# of "" and $3 of "all", copy files below etc_files/all such as
+# etc_files/all/etc/foo/bar to equivalent locations below / such as
+# /etc/foo/bar. Create directories as necessary. Multiple arguments after
+# $3 are possible.
+#
+# CAUTION: This removes original files at the affected paths.
+set -e
+. ./misc.sh
+. ../../misc.sh
+
+expect_n_args 3 "(source root, target root, modules)" "$@"
+
+source_root="$1"
+target_root="$2"
+shift 2
+
+for target_module in "$@"; do
+ mkdir -p "${source_root}/${target_module}"
+ cd "${source_root}/${target_module}"
+ for path in $(find . -type f); do
+ target_path="${target_root}"$(echo "${path}" | cut -c2-)
+ source_path=$(realpath "${path}")
+ dir=$(dirname "${target_path}")
+ mkdir -p "${dir}"
+ cp "${source_path}" "${target_path}"
+ done
+done
--- /dev/null
+../../bullseye/setup_scripts/init_user_and_keybased_login.sh
\ No newline at end of file
--- /dev/null
+../../bullseye/setup_scripts/init_user_login.sh
\ No newline at end of file
--- /dev/null
+#!/bin/sh
+# Walks through the package names in the argument-selected files of
+# apt-mark/ and ensures the respective packages are installed.
+#
+# Ignores anything in an apt-mark/ file after the last newline.
+set -e
+. ./misc.sh
+
+for target in "$@"; do
+ path="${aptmark_dir}/${target}"
+ # TODO: continue if file at $path not found, to get rid of dummy files
+ cat "${path}" | while read line; do
+ echo "$line"
+ if [ ! $(echo "${line}" | cut -c1) = "#" ]; then
+ DEBIAN_FRONTEND=noninteractive apt-get -y -o Dpkg::Options::=--force-confold install "${line}"
+ fi
+ done
+done
--- /dev/null
+#!/bin/sh
+set -e
+. ./misc.sh
+. ../../misc.sh
+
+expect_n_args 1 "(old server IP)" "$@"
+old_server="$1"
+cp "${setup_scripts_dir}/misc.sh" /home/plom/
+cp "${setup_scripts_dir}/prepare_to_meet_server.sh" /home/plom/
+chown plom:plom /home/plom/prepare_to_meet_server.sh
+su -lc "./prepare_to_meet_server.sh ${old_server}" plom
+read -p'Hit Enter when you are done.' ignore
+rm /home/plom/prepare_to_meet_server.sh
+cp "${setup_scripts_dir}/mirror_dir.sh" /home/plom/
+su -lc "./mirror_dir.sh ${old_server} /home/plom/borg" plom
+rm /home/plom/mirror_dir.sh
+rm /home/plom/misc.sh
--- /dev/null
+#!/bin/sh
+# Mirror directory tree from remote to local server, keeping the path.
+set -e
+. ./misc.sh
+. ../../misc.sh
+
+expect_n_args 2 "(server, directory)" "$@"
+server=$1
+dir=$2
+path_package=/tmp/delete.tar
+
+eval `ssh-agent`
+ssh-add
+cd
+ssh plom@"${server}" "cd \"${dir}\" && tar cf ${path_package} ."
+scp plom@"${server}":"${path_package}" "${path_package}"
+mkdir -p "${dir}"
+cd "${dir}"
+tar xf "${path_package}"
+cd
+rm "${path_package}"
+ssh plom@"${server}" rm "${path_package}"
--- /dev/null
+#!/bin/sh
+set -e
+debian_version="bookworm"
+legal_system_names="x220 w530 h610m"
+config_tree_prefix="${HOME}/public_repos/config/${debian_version}"
+if [ ! -d "${config_tree_prefix}" ]; then
+ config_tree_prefix="${HOME}/config/${debian_version}"
+fi
+setup_scripts_dir="${config_tree_prefix}/setup_scripts"
+aptmark_dir="${config_tree_prefix}/apt-mark"
+
+expect_setup_finished_file() {
+ filename="$1"
+ setup_script="$2"
+ if [ ! -f "${HOME}/${filename}" ]; then
+ echo "First need to run ${setup_script}."
+ false
+ fi
+}
+
+get_system_name_arg() {
+ found=0
+ for system_name_i in $legal_system_names; do
+ if [ "$1" = "$system_name_i" ]; then
+ found=1
+ system_name="${system_name_i}"
+ continue
+ fi
+ done
+ if [ "$found" = 0 ]; then
+ echo "Need legal system name."
+ false
+ fi
+}
--- /dev/null
+#!/bin/sh
+# Do some of the steps necessary to SSH (key-based) with another server.
+set -e
+. ./misc.sh
+. ../../misc.sh
+
+expect_n_args 1 "(server IP)" "$@"
+target="$1"
+
+# We need a public key to copy over, so generate it if not found.
+if [ ! -f ~/.ssh/id_rsa.pub ]; then
+ ssh-keygen -N ""
+fi
+
+# Add target to ~/.ssh/known_hosts so we don't get
+# asked for permission at inopportune moments.
+ssh-keyscan -H "$target" >> ~/.ssh/known_hosts
+
+# Tell user what to do.
+echo "APPEND FOLLOWING TO TARGET'S ~/.ssh/authorized_keys:"
+cat ~/.ssh/id_rsa.pub
--- /dev/null
+#!/bin/sh
+# This script removes all Debian packages that are not of Priority
+# "required" or not depended on by packages of priority "required"
+# or not listed in the argument-selected files of apt-mark/.
+set -e
+. ./misc.sh
+
+# FIXME packages listed twice in the aptmark_dir get blacklisted?
+
+dpkg-query -Wf '${Package} ${Priority}\n' | grep ' required' | sed 's/ required//' > /tmp/list_white_unsorted
+for target in "$@"; do
+ path="${aptmark_dir}/${target}"
+ cat "${path}" | while read line; do
+ if [ ! $(echo "${line}" | cut -c1) = "#" ]; then
+ echo "${line}" >> /tmp/list_white_unsorted
+ fi
+ done
+done
+sort /tmp/list_white_unsorted > /tmp/list_white
+dpkg-query -Wf '${Package}\n' > /tmp/list_all_packages
+sort /tmp/list_all_packages > /tmp/foo
+mv /tmp/foo /tmp/list_all_packages
+comm -3 /tmp/list_all_packages /tmp/list_white > /tmp/list_black
+apt-mark auto `cat /tmp/list_black`
+DEBIAN_FRONTEND=noninteractive apt-get -y --purge autoremove
+rm /tmp/list_all_packages /tmp/list_white_unsorted /tmp/list_white /tmp/list_black
--- /dev/null
+#!/bin/sh
+# Sets hostname and optionally FQDN.
+#
+# Calls hostname, writes to /etc/hostname and /etc/hosts. For /etc/hosts
+# writing follows recommendations from Debian manual at
+# <https://www.debian.org/doc/manuals/debian-reference/ch05.en.html>
+# (section "The hostname resolution") on how to map hostname and possibly
+# FQDN to a permanent IP if present (we assume here any non-private IP
+# and non-loopback IP returned by hostname -I to fulfill that criterion
+# on our systems) or to 127.0.1.1 if not. On the reasoning for separating
+# localhost and hostname mapping to different IPs, see
+# <https://unix.stackexchange.com/a/13087>.
+#
+# Ignores IPv6s.
+set -e
+. ./misc.sh
+. ../../misc.sh
+
+expect_n_args 1 "(hostname, fqdn)" "$@"
+
+hostname="$1"
+fqdn="$2"
+echo "${hostname}" > /etc/hostname
+hostname "${hostname}"
+
+final_ip="127.0.1.1"
+for ip in $(hostname -I); do
+ if [ $(echo "${ip}" | grep ':' | wc -l) -eq 1 ]; then
+ continue
+ fi
+ range_1=$(echo "${ip}" | cut -d "." -f 1)
+ range_2=$(echo "${ip}" | cut -d "." -f 2)
+ if [ "${range_1}" -eq 127 ]; then
+ continue
+ elif [ "${range_1}" -eq 10 ]; then
+ continue
+ elif [ "${range_1}" -eq 172 ]; then
+ if [ "${range_2}" -ge 16 ] && [ "${range_2}" -le 31 ]; then
+ continue
+ fi
+ elif [ "${range_1}" -eq 192 ]; then
+ if [ "${range_2}" -eq 168 ]; then
+ continue
+ fi
+ fi
+ final_ip="${ip}"
+done
+
+echo "127.0.0.1 localhost.localdomain localhost" > /etc/hosts
+echo "${final_ip} ${fqdn} ${hostname}" >> /etc/hosts
--- /dev/null
+#!/bin/sh
+set -e
+. ./misc.sh
+. ../../misc.sh
+
+expect_n_args 1 "(system name)" "$@"
+get_system_name_arg "$1"
+
+# Set up system without user environment.
+cd "${setup_scripts_dir}"
+if [ "$system_name" = "w530" || "$system_name" = "x220"]; then
+ ./_setup.sh "${system_name}" "" user desktop thinkpad "${system_name}"
+else
+ ./_setup.sh "${system_name}" "" user desktop "${system_name}"
+fi
+
+# # Set up printer.
+# ppd_deb="hll2350dwpdrv-4.0.0-1.i386.deb"
+# wget "https://download.brother.com/welcome/dlf103566/${ppd_deb}"
+# dpkg --add-architecture i386
+# apt update
+# apt install -y "./${ppd_deb}"
+# service cups restart
+# # lpadmin -p 'Brother_HLL2350DW' -m 'brother-HLL2350DW-cups-en.ppd'
+# rm "./${ppd_deb}"
+# # TODO explore potential lpadmin options like -o 'OutputMode=NormalGray'
+
+# Set up NVIDIA eGPU config.
+if [ "$system_name" = "w530" ]; then
+ cd
+ git clone https://github.com/NVIDIA/open-gpu-kernel-modules
+ cd open-gpu-kernel-modules
+ git checkout 337e28e
+ # git checkout 4c29105335610933e744f4ab2524ea63fc39edaf
+ make modules -j$(nproc)
+ make modules_install
+ cd
+ driver_version=535.86.05
+ # driver_version=545.29.06
+ runscript=NVIDIA-Linux-x86_64-${driver_version}.run
+ wget https://us.download.nvidia.com/XFree86/Linux-x86_64/${driver_version}/${runscript}
+ rmmod nouveau
+ chmod u+x ${runscript}
+ ./${runscript} --no-kernel-modules --silent
+ depmod
+ # TODO I suspect that the GPU falling of the bus may be mildened by running nvidia-persistenced, check https://github.com/NVIDIA/nvidia-persistenced/tree/main/init
+fi
+
+# Set up user environments.
+cd "${setup_scripts_dir}"
+./copy_dirtree.sh "${config_tree_prefix}/home_files" "/root" minimal root
+adduser --disabled-password --gecos "" plom
+usermod -a -G sudo plom
+passwd plom
+cp -a ~/config /home/plom
+chown -R plom:plom /home/plom/config
--- /dev/null
+#!/bin/sh
+set -e
+. ./misc.sh
+
+# Install Firefox directly from Mozilla.
+firefox_release="128.4.0esr"
+firefox_filename="firefox-${firefox_release}.tar.bz2"
+url_firefox="https://ftp.mozilla.org/pub/firefox/releases/${firefox_release}/linux-x86_64/en-US/${firefox_filename}"
+wget "${url_firefox}"
+mv "${firefox_filename}" /opt/
+cd /opt/
+tar xf "${firefox_filename}"
+rm "${firefox_filename}"
+ln -f -s /opt/firefox/firefox /usr/local/bin/
+update-alternatives --install /usr/bin/x-www-browser x-www-browser /opt/firefox/firefox 200
+update-alternatives --set x-www-browser /opt/firefox/firefox
+
+echo "TODO: Install uBlock Origin and tridactyl plugins, run :installnative and :source."
+
--- /dev/null
+#!/bin/sh
+set -e
+. ./misc.sh
+. ../../misc.sh
+
+expect_n_args 1 "(system name)" "$@"
+get_system_name_arg "$1"
+
+cd $setup_scripts_dir
+./copy_dirtree.sh "${config_tree_prefix}/home_files" "${HOME}" minimal user "${system_name}"
+
+secrets_dev="sdb"
+source_dir_secrets="/media/${secrets_dev}/to_usb"
+target_dir_secrets="${HOME}/tmp_secrets"
+echo "Put secrets drive into slot for /dev/${secrets_dev}."
+while [ ! -e /dev/"${secrets_dev}" ]; do
+ sleep 1
+done
+stty -echo
+printf "Secrets passphrase: "
+read SECRETS_PASS
+stty echo
+echo "" # newline so user knows their input return was accepted
+sudo -v
+echo "${SECRETS_PASS}" | sudo pmount /dev/"${secrets_dev}"
+cp -a "${source_dir_secrets}" "${target_dir_secrets}"
+sudo chown -R plom:plom "${target_dir_secrets}"
+sudo pumount "${secrets_dev}"
+echo "You can remove /dev/${secrets_dev} now."
+
+# Set up iniitial non-public parts of infrastructure: SSH authentication.
+ssh_dir=~/.ssh
+cd "${target_dir_secrets}"
+mkdir -p "${ssh_dir}"
+echo "Setting up .ssh"
+cp id_rsa ~/.ssh
+stty -echo
+ssh-keygen -y -f ~/.ssh/id_rsa > ~/.ssh/id_rsa.pub
+stty echo
+eval $(ssh-agent)
+ssh-add
+ssh-keyscan -H "plomlompom.com" >> ~/.ssh/known_hosts
+
+# Fill ~/public_repos.
+public_repos_dir="${HOME}/public_repos"
+repos_list_file="${public_repos_dir}/repos"
+mkdir -p "${public_repos_dir}"
+cat "${repos_list_file}" | while read line; do
+ first_char=$(echo "${line}" | cut -c1)
+ if [ "${first_char}" = "#" ]; then
+ continue
+ fi
+ repo_name="${line}"
+ if [ ! -d "${public_repos_dir}/${repo_name}" ]; then
+ cd "${public_repos_dir}"
+ git clone plom@plomlompom.com:/var/repos/${repo_name}
+ fi
+done
+
+# Remove redundant config repo copy.
+config_tree_prefix="${public_repos_dir}/config/${debian_version}"
+rm -rf ~/config
+
+# # Set up native messenger for tridactyl.
+# version='ef9f02d0da258f68d7faf8898707f6d83d90d07a'
+# curl -fsSl "https://raw.githubusercontent.com/tridactyl/tridactyl/${version}/native/install.sh" | bash
+
+# Set up further non-public parts of infrastructure.
+cd "${target_dir_secrets}"
+script -c 'gpg --import secret_keys.asc' /dev/null
+path_borgscript="${config_tree_prefix}//borg.sh"
+
+# borg setup
+borgkeys_dir=~/.config/borg/keys
+borgrepos_file=~/.borgrepos
+tar xf borg_keyfiles.tar
+mkdir -p "${borgkeys_dir}"
+mv borg_keyfiles/* "${borgkeys_dir}"
+# Sync org dir via borgbackup. For this we need the borgbackup servers
+# in our .ssh/known_hosts file.
+cat "${borgrepos_file}" | while read line; do
+ first_char=$(echo "${line}" | cut -c1)
+ if [ "${first_char}" = "#" ]; then
+ continue
+ fi
+ server=$(echo "${line}" | sed 's/.*@//')
+ ssh-keyscan "${server}" >> "${ssh_dir}"/known_hosts
+done
+BORG_PASSPHRASE="${SECRETS_PASS}" "${path_borgscript}" orgpull
+
+# .authinfo may not be present on every secrets drive yet
+authinfo_file=.authinfo
+if [ -f "${authinfo_file}" ]; then
+ cp "${authinfo_file}" ~
+fi
+cd
+
+maildir=~/mail/maildir
+# # Set up e-mail system. Note that we only do mbsync if the imap pass file
+# # is found. It may not be present on every secrets drive yet, so we have to
+# # deal with the possibility of it being absent at this point.
+mkdir -p "${maildir}" # expected by mbsync/isync
+if [ -f "${HOME}/${authinfo_file}" ]; then
+ mbsync -a
+ notmuch new
+fi
+
+# # Final note on how to integrate tridactyl.
+# echo "TODO: As tridactyl user, don't forget to do :source on the first Firefox run, wait a little while (Tridactyl needs to walk through all commands in the .tridactylrc) and then re-start."
--- /dev/null
+#!/bin/sh
+set -e
+. ./misc.sh
+
+# Set up NVIDIA eGPU config.
+cd
+# git clone https://github.com/NVIDIA/open-gpu-kernel-modules
+# cd open-gpu-kernel-modules
+# git checkout 337e28e
+# # git checkout 4c29105335610933e744f4ab2524ea63fc39edaf
+# make modules -j$(nproc)
+# make modules_install
+# cd
+driver_version=535.86.05
+# driver_version=545.29.06
+runscript=NVIDIA-Linux-x86_64-${driver_version}.run
+# wget https://us.download.nvidia.com/XFree86/Linux-x86_64/${driver_version}/${runscript}
+set +e
+rmmod nouveau
+set -e
+chmod u+x ${runscript}
+./${runscript} --no-kernel-modules --silent
+depmod
+# TODO I suspect that the GPU falling of the bus may be mildened by running nvidia-persistenced, check https://github.com/NVIDIA/nvidia-persistenced/tree/main/init
--- /dev/null
+#!/bin/sh
+set -e
+. ./misc.sh
+. ../../misc.sh
+
+expect_setup_finished_file setup_server_has_been_run setup_server.sh
+
+plom_home_dir=/home/plom
+
+cd "${setup_scripts_dir}"
+cp "${config_tree_prefix}/home_files/seedbox/.rtorrent.rc" "${plom_home_dir}"
+chown plom:plom "${plom_home_dir}/.rtorrent.rc"
+./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" seedbox
+./install_for_target.sh seedbox
+mkdir "${plom_home_dir}/downloads"
+chown plom:plom "${plom_home_dir}/downloads"
+mkdir "${plom_home_dir}/session"
+chown plom:plom "${plom_home_dir}/session"
+systemctl enable rtorrent.service --now
--- /dev/null
+#!/bin/sh
+# Next setup steps for a server whose login policy has just been set from
+# the outside via ./init_user_login.sh or ./init_user_and_keybased_login.sh
+set -e
+. ./misc.sh
+. ../../misc.sh
+
+expect_n_args 2 "(hostname, FQDN)" "$@"
+hostname="$1"
+fqdn="$2"
+additional_arg="$3"
+
+# Set up basic server system.
+cd "${setup_scripts_dir}"
+./_setup.sh "${hostname}" "${fqdn}" server "$@"
+
+# If we have not yet set the shell for user plom, ensure it here. This
+# is mostly for convenience.
+usermod -s /bin/bash plom
+
+# Enable firewall.
+systemctl enable nftables.service
+
+touch "$HOME/setup_server_has_been_run"
--- /dev/null
+#!/bin/sh
+set -e
+. ./misc.sh
+. ../../misc.sh
+
+expect_setup_finished_file setup_web_has_been_run setup_web.sh
+
+expect_n_args 1 "(website template, i.e. status.plomlompom.com, tube.plomlompom.com …)" "$@"
+website_template="$1"
+shift 1
+
+mirror_ip=""
+mirror_state="not mirroring automatically, since no IP given"
+domain="${website_template}"
+mail="plom+webmaster@plomlompom.com"
+if [ "$#" -gt 0 ]; then
+ domain="$1"
+ if [ "$#" -gt 1 ]; then
+ mail="$2"
+ if [ "$#" -gt 2 ]; then
+ mirror_ip="$3"
+ mirror_state="mirroring automatically from ${mirror_ip}"
+ fi
+ fi
+fi
+echo "Assuming domain ${domain} and letsencrypt support mail address ${mail} and ${mirror_state}, abort and provide as arguments in this order if other desired! (Otherwise just hit Return.)"
+read _
+
+if [ ! -z "${mirror_ip}" ]; then
+ # Set up connection to old server.
+ cp "${setup_scripts_dir}/misc.sh" /home/plom/
+ cp "${setup_scripts_dir}/prepare_to_meet_server.sh" /home/plom/
+ chown plom:plom /home/plom/prepare_to_meet_server.sh
+ su -lc "./prepare_to_meet_server.sh ${mirror_ip}" plom
+ read -p 'Hit Enter when you are done.' ignore
+ rm /home/plom/prepare_to_meet_server.sh
+
+ # Mirror dirs.
+ cp "${setup_scripts_dir}/mirror_dir.sh" /home/plom/
+ su -lc "./mirror_dir.sh ${mirror_ip} /var/www/${website_template}" plom
+ rm /home/plom/mirror_dir.sh
+ rm /home/plom/misc.sh
+fi
+
+# Install configs, set up firewall.
+./install_for_target.sh "${website_template}"
+./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" "${website_template}"
+nft -f /etc/nftables.conf
+
+# Set up letsencrypt certificate. TODO: Is it auto-renewed?
+ln -sf /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default
+certbot --nginx --agree-tos --redirect --no-eff-email -m "${mail}" -d "${domain}"
+rm /etc/nginx/sites-enabled/default
+
+# Prepare NGINX.
+sed -i "s/REPLACE_fqdn_ECALPER/${domain}/g" "/etc/nginx/sites-available/${website_template}.nginx"
+ln -s "/etc/nginx/sites-available/${website_template}.nginx" "/etc/nginx/sites-enabled/${website_template}.nginx"
+
+service nginx restart
+
--- /dev/null
+#!/bin/sh
+set -e
+. ./misc.sh
+. ../../misc.sh
+
+expect_setup_finished_file setup_server_has_been_run setup_server.sh
+
+expect_n_args 1 "(domain name)" "$@"
+domain="$1"
+
+# Install configs, set up firewall.
+./install_for_target.sh web
+./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" web
+nft -f /etc/nftables.conf
+
+chown plom /var/www
+
+# # Set up letsencrypt certificate. TODO: Is it auto-renewed?
+# ln -sf /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default
+# certbot --nginx --agree-tos --redirect --no-eff-email -m "${mail}" -d "${domain}"
+# rm /etc/nginx/sites-enabled/default
+
+# # Prepare NGINX for status.plomlompom.com.
+# sed -i "s/REPLACE_fqdn_ECALPER/${domain}/g" /etc/nginx/sites-available/status.plomlompom.com.nginx
+# ln -s /etc/nginx/sites-available/status.plomlompom.com.nginx /etc/nginx/sites-enabled/status.plomlompom.com.nginx
+#
+# service nginx restart
+
+touch "$HOME/setup_web_has_been_run"
--- /dev/null
+#!/bin/sh
+
+# Upgrade a fresh (!) system to Bookworm, as per [1]. Fresh, because: Don't
+# expect any customized config files to survive this. If you run this on a
+# remote machine, take care not to loose anything you need to re-connect, e.g.
+# any relevant adaptations you did to /etc/ssh/sshd_config …
+
+set -e
+. ./misc.sh
+. ../../misc.sh
+
+path_sources_list="/etc/apt/sources.list"
+
+export DEBIAN_FRONTEND=noninteractive
+apt update
+apt -y -o Dpkg::Options::="--force-confnew" upgrade
+apt -y -o Dpkg::Options::="--force-confnew" full-upgrade
+cp "${config_tree_prefix}/etc_files/all${path_sources_list}" "${path_sources_list}"
+apt clean
+apt update
+apt -y -o Dpkg::Options::="--force-confnew" upgrade
+apt -y -o Dpkg::Options::="--force-confnew" full-upgrade
+apt -y autoremove
+cp "${local_path_sshd_config}" "${system_path_sshd_config}"
projects / config / commitdiff