From: Christian Heller Date: Fri, 21 Mar 2025 22:19:01 +0000 (+0100) Subject: Restructure and tabula rasa. X-Git-Url: https://plomlompom.com/repos/%7B%7B%20web_path%20%7D%7D/static/%7B%7Bdb.prefix%7D%7D/index.html?a=commitdiff_plain;h=8f41e22a4386a0a5ac1ecf5df1fdc0a3e44b08a1;p=config Restructure and tabula rasa. --- diff --git a/_bookworm/apt-mark/all b/_bookworm/apt-mark/all new file mode 100644 index 0000000..abd02d6 --- /dev/null +++ b/_bookworm/apt-mark/all @@ -0,0 +1,14 @@ +# connectivity: ifupdown seems necessary everyhwere, isc-dhcp-client +# unpredictably so +ifupdown +isc-dhcp-client +# git for the setup directory; cloning works with ca-certificates +ca-certificates +git +# to avoid constant warnings about no locale being found +locales +# extremely useful for basic network debugging; missed these more than once in an emergency +netcat-traditional +iputils-ping +# what would we do without this … +apt diff --git a/_bookworm/apt-mark/h610m b/_bookworm/apt-mark/h610m new file mode 100644 index 0000000..02b95cc --- /dev/null +++ b/_bookworm/apt-mark/h610m @@ -0,0 +1,10 @@ +# for X to start at all +linux-headers-amd64 +nvidia-driver +firmware-misc-nonfree +# X input: keyboard +xserver-xorg-input-evdev +# CUDA +nvidia-cuda-dev +nvidia-cuda-toolkit + diff --git a/_bookworm/apt-mark/seedbox b/_bookworm/apt-mark/seedbox new file mode 100644 index 0000000..7129acf --- /dev/null +++ b/_bookworm/apt-mark/seedbox @@ -0,0 +1,5 @@ +# needed for torrenting +rtorrent +# needed for torrenting session +screen + diff --git a/_bookworm/apt-mark/server b/_bookworm/apt-mark/server new file mode 100644 index 0000000..ecca45d --- /dev/null +++ b/_bookworm/apt-mark/server @@ -0,0 +1,12 @@ +# so we can login at all … +openssh-server +# firewalling +nftables +# We want to be able to use ALL our servers as borg backup destinations. +borgbackup +# not only pull in systemd, but also /sbin/reboot and /sbin/shutdown +systemd-sysv +# necessary on _some_ vservers +net-tools +quota + diff --git a/_bookworm/apt-mark/thinkpad b/_bookworm/apt-mark/thinkpad new file mode 100644 index 0000000..fa7bd38 --- /dev/null +++ b/_bookworm/apt-mark/thinkpad @@ -0,0 +1,16 @@ +# for wifi +firmware-iwlwifi +network-manager +wpasupplicant +# for tlp +tlp +tp-smapi-dkms +# for X to start at all +xserver-xorg-video-intel +# X input: keyboard and touchpad +xserver-xorg-input-evdev +xserver-xorg-input-synaptics +# to use printer +cups +# + diff --git a/_bookworm/apt-mark/user b/_bookworm/apt-mark/user new file mode 100644 index 0000000..831b81c --- /dev/null +++ b/_bookworm/apt-mark/user @@ -0,0 +1,56 @@ +# to avoid booting problems with encrypted LVM, see +cryptsetup-initramfs +lvm2 +# this provides setupcon which reads /etc/default/console-setup +console-setup +# for startx +xinit +# for xrdb +x11-xserver-utils +# for startx to run for non-root user +libpam-systemd +# window environment +i3 +i3status +suckless-tools +xterm +# to get sleepy at night +redshift +# for alsamixer +alsa-utils +# also useful +vim +sudo +less +man-db +manpages +procps +# firefox install dependencies +wget +bzip2 +# firefox running dependencies +libgtk-3-0 +libdbus-glib-1-2 +# tridactyl install recommendations +vim-gtk3 +curl +# for firefox to emit sound +pulseaudio +# emacs +emacs +emacs-common-non-dfsg +emacs-el +elpa-ledger +ledger +# to mount encrypted USB stick and use its contents +pmount +cryptsetup +openssh-client +# for syncing +borgbackup +# mail setup +isync +notmuch +elpa-notmuch +pinentry-gtk2 +# diff --git a/_bookworm/apt-mark/w530 b/_bookworm/apt-mark/w530 new file mode 100644 index 0000000..6c2cfd7 --- /dev/null +++ b/_bookworm/apt-mark/w530 @@ -0,0 +1,13 @@ +# for open-gpu-kernel-modules building +gcc +g++ +make +linux-headers-amd64 +xz-utils +# for NVIDIA driver .run --no-kernel-modules +libvulkan1 +libglvnd-dev +pkg-config +# so we can add nvidia.NVreg_OpenRmEnableUnsupportedGpus=1 to default grub +grub-efi-amd64 + diff --git a/_bookworm/apt-mark/web b/_bookworm/apt-mark/web new file mode 100644 index 0000000..4912b8a --- /dev/null +++ b/_bookworm/apt-mark/web @@ -0,0 +1,4 @@ +nginx-light +# for SSL +certbot +python3-certbot-nginx diff --git a/_bookworm/borg.sh b/_bookworm/borg.sh new file mode 120000 index 0000000..358132c --- /dev/null +++ b/_bookworm/borg.sh @@ -0,0 +1 @@ +../bullseye/borg.sh \ No newline at end of file diff --git a/_bookworm/etc_files/all/etc/apt/apt.conf.d/99_minimize_dependencies b/_bookworm/etc_files/all/etc/apt/apt.conf.d/99_minimize_dependencies new file mode 100644 index 0000000..4aaef79 --- /dev/null +++ b/_bookworm/etc_files/all/etc/apt/apt.conf.d/99_minimize_dependencies @@ -0,0 +1,4 @@ +APT::AutoRemove::RecommendsImportant "false"; +APT::AutoRemove::SuggestsImportant "false"; +APT::Install-Recommends "false"; +APT::Install-Suggests "false"; diff --git a/_bookworm/etc_files/all/etc/apt/sources.list b/_bookworm/etc_files/all/etc/apt/sources.list new file mode 100644 index 0000000..72b0ffb --- /dev/null +++ b/_bookworm/etc_files/all/etc/apt/sources.list @@ -0,0 +1,4 @@ +deb http://deb.debian.org/debian bookworm main contrib non-free non-free-firmware +deb http://security.debian.org/debian-security bookworm-security main contrib non-free non-free-firmware +deb http://deb.debian.org/debian bookworm-updates main contrib non-free non-free-firmware +deb http://ftp.debian.org/debian bookworm-backports main contrib non-free non-free-firmware diff --git a/_bookworm/etc_files/all/etc/default/locale b/_bookworm/etc_files/all/etc/default/locale new file mode 100644 index 0000000..dd6eee3 --- /dev/null +++ b/_bookworm/etc_files/all/etc/default/locale @@ -0,0 +1 @@ +LANG="en_US.UTF-8" diff --git a/_bookworm/etc_files/all/etc/locale.gen b/_bookworm/etc_files/all/etc/locale.gen new file mode 100644 index 0000000..a28cfa4 --- /dev/null +++ b/_bookworm/etc_files/all/etc/locale.gen @@ -0,0 +1,483 @@ +# This file lists locales that you wish to have built. You can find a list +# of valid supported locales at /usr/share/i18n/SUPPORTED, and you can add +# user defined locales to /usr/local/share/i18n/SUPPORTED. If you change +# this file, you need to rerun locale-gen. + + +# aa_DJ ISO-8859-1 +# aa_DJ.UTF-8 UTF-8 +# aa_ER UTF-8 +# aa_ER@saaho UTF-8 +# aa_ET UTF-8 +# af_ZA ISO-8859-1 +# af_ZA.UTF-8 UTF-8 +# ak_GH UTF-8 +# am_ET UTF-8 +# an_ES ISO-8859-15 +# an_ES.UTF-8 UTF-8 +# anp_IN UTF-8 +# ar_AE ISO-8859-6 +# ar_AE.UTF-8 UTF-8 +# ar_BH ISO-8859-6 +# ar_BH.UTF-8 UTF-8 +# ar_DZ ISO-8859-6 +# ar_DZ.UTF-8 UTF-8 +# ar_EG ISO-8859-6 +# ar_EG.UTF-8 UTF-8 +# ar_IN UTF-8 +# ar_IQ ISO-8859-6 +# ar_IQ.UTF-8 UTF-8 +# ar_JO ISO-8859-6 +# ar_JO.UTF-8 UTF-8 +# ar_KW ISO-8859-6 +# ar_KW.UTF-8 UTF-8 +# ar_LB ISO-8859-6 +# ar_LB.UTF-8 UTF-8 +# ar_LY ISO-8859-6 +# ar_LY.UTF-8 UTF-8 +# ar_MA ISO-8859-6 +# ar_MA.UTF-8 UTF-8 +# ar_OM ISO-8859-6 +# ar_OM.UTF-8 UTF-8 +# ar_QA ISO-8859-6 +# ar_QA.UTF-8 UTF-8 +# ar_SA ISO-8859-6 +# ar_SA.UTF-8 UTF-8 +# ar_SD ISO-8859-6 +# ar_SD.UTF-8 UTF-8 +# ar_SS UTF-8 +# ar_SY ISO-8859-6 +# ar_SY.UTF-8 UTF-8 +# ar_TN ISO-8859-6 +# ar_TN.UTF-8 UTF-8 +# ar_YE ISO-8859-6 +# ar_YE.UTF-8 UTF-8 +# as_IN UTF-8 +# ast_ES ISO-8859-15 +# ast_ES.UTF-8 UTF-8 +# ayc_PE UTF-8 +# az_AZ UTF-8 +# be_BY CP1251 +# be_BY.UTF-8 UTF-8 +# be_BY@latin UTF-8 +# bem_ZM UTF-8 +# ber_DZ UTF-8 +# ber_MA UTF-8 +# bg_BG CP1251 +# bg_BG.UTF-8 UTF-8 +# bhb_IN.UTF-8 UTF-8 +# bho_IN UTF-8 +# bn_BD UTF-8 +# bn_IN UTF-8 +# bo_CN UTF-8 +# bo_IN UTF-8 +# br_FR ISO-8859-1 +# br_FR.UTF-8 UTF-8 +# br_FR@euro ISO-8859-15 +# brx_IN UTF-8 +# bs_BA ISO-8859-2 +# bs_BA.UTF-8 UTF-8 +# byn_ER UTF-8 +# ca_AD ISO-8859-15 +# ca_AD.UTF-8 UTF-8 +# ca_ES ISO-8859-1 +# ca_ES.UTF-8 UTF-8 +# ca_ES.UTF-8@valencia UTF-8 +# ca_ES@euro ISO-8859-15 +# ca_ES@valencia ISO-8859-15 +# ca_FR ISO-8859-15 +# ca_FR.UTF-8 UTF-8 +# ca_IT ISO-8859-15 +# ca_IT.UTF-8 UTF-8 +# ce_RU UTF-8 +# chr_US UTF-8 +# cmn_TW UTF-8 +# crh_UA UTF-8 +# cs_CZ ISO-8859-2 +# cs_CZ.UTF-8 UTF-8 +# csb_PL UTF-8 +# cv_RU UTF-8 +# cy_GB ISO-8859-14 +# cy_GB.UTF-8 UTF-8 +# da_DK ISO-8859-1 +# da_DK.UTF-8 UTF-8 +# de_AT ISO-8859-1 +# de_AT.UTF-8 UTF-8 +# de_AT@euro ISO-8859-15 +# de_BE ISO-8859-1 +# de_BE.UTF-8 UTF-8 +# de_BE@euro ISO-8859-15 +# de_CH ISO-8859-1 +# de_CH.UTF-8 UTF-8 +# de_DE ISO-8859-1 +# de_DE.UTF-8 UTF-8 +# de_DE@euro ISO-8859-15 +# de_IT ISO-8859-1 +# de_IT.UTF-8 UTF-8 +# de_LI.UTF-8 UTF-8 +# de_LU ISO-8859-1 +# de_LU.UTF-8 UTF-8 +# de_LU@euro ISO-8859-15 +# doi_IN UTF-8 +# dv_MV UTF-8 +# dz_BT UTF-8 +# el_CY ISO-8859-7 +# el_CY.UTF-8 UTF-8 +# el_GR ISO-8859-7 +# el_GR.UTF-8 UTF-8 +# en_AG UTF-8 +# en_AU ISO-8859-1 +# en_AU.UTF-8 UTF-8 +# en_BW ISO-8859-1 +# en_BW.UTF-8 UTF-8 +# en_CA ISO-8859-1 +# en_CA.UTF-8 UTF-8 +# en_DK ISO-8859-1 +# en_DK.ISO-8859-15 ISO-8859-15 +# en_DK.UTF-8 UTF-8 +# en_GB ISO-8859-1 +# en_GB.ISO-8859-15 ISO-8859-15 +# en_GB.UTF-8 UTF-8 +# en_HK ISO-8859-1 +# en_HK.UTF-8 UTF-8 +# en_IE ISO-8859-1 +# en_IE.UTF-8 UTF-8 +# en_IE@euro ISO-8859-15 +# en_IL UTF-8 +# en_IN UTF-8 +# en_NG UTF-8 +# en_NZ ISO-8859-1 +# en_NZ.UTF-8 UTF-8 +# en_PH ISO-8859-1 +# en_PH.UTF-8 UTF-8 +# en_SG ISO-8859-1 +# en_SG.UTF-8 UTF-8 +# en_US ISO-8859-1 +# en_US.ISO-8859-15 ISO-8859-15 +en_US.UTF-8 UTF-8 +# en_ZA ISO-8859-1 +# en_ZA.UTF-8 UTF-8 +# en_ZM UTF-8 +# en_ZW ISO-8859-1 +# en_ZW.UTF-8 UTF-8 +# eo UTF-8 +# es_AR ISO-8859-1 +# es_AR.UTF-8 UTF-8 +# es_BO ISO-8859-1 +# es_BO.UTF-8 UTF-8 +# es_CL ISO-8859-1 +# es_CL.UTF-8 UTF-8 +# es_CO ISO-8859-1 +# es_CO.UTF-8 UTF-8 +# es_CR ISO-8859-1 +# es_CR.UTF-8 UTF-8 +# es_CU UTF-8 +# es_DO ISO-8859-1 +# es_DO.UTF-8 UTF-8 +# es_EC ISO-8859-1 +# es_EC.UTF-8 UTF-8 +# es_ES ISO-8859-1 +# es_ES.UTF-8 UTF-8 +# es_ES@euro ISO-8859-15 +# es_GT ISO-8859-1 +# es_GT.UTF-8 UTF-8 +# es_HN ISO-8859-1 +# es_HN.UTF-8 UTF-8 +# es_MX ISO-8859-1 +# es_MX.UTF-8 UTF-8 +# es_NI ISO-8859-1 +# es_NI.UTF-8 UTF-8 +# es_PA ISO-8859-1 +# es_PA.UTF-8 UTF-8 +# es_PE ISO-8859-1 +# es_PE.UTF-8 UTF-8 +# es_PR ISO-8859-1 +# es_PR.UTF-8 UTF-8 +# es_PY ISO-8859-1 +# es_PY.UTF-8 UTF-8 +# es_SV ISO-8859-1 +# es_SV.UTF-8 UTF-8 +# es_US ISO-8859-1 +# es_US.UTF-8 UTF-8 +# es_UY ISO-8859-1 +# es_UY.UTF-8 UTF-8 +# es_VE ISO-8859-1 +# es_VE.UTF-8 UTF-8 +# et_EE ISO-8859-1 +# et_EE.ISO-8859-15 ISO-8859-15 +# et_EE.UTF-8 UTF-8 +# eu_ES ISO-8859-1 +# eu_ES.UTF-8 UTF-8 +# eu_ES@euro ISO-8859-15 +# eu_FR ISO-8859-1 +# eu_FR.UTF-8 UTF-8 +# eu_FR@euro ISO-8859-15 +# fa_IR UTF-8 +# ff_SN UTF-8 +# fi_FI ISO-8859-1 +# fi_FI.UTF-8 UTF-8 +# fi_FI@euro ISO-8859-15 +# fil_PH UTF-8 +# fo_FO ISO-8859-1 +# fo_FO.UTF-8 UTF-8 +# fr_BE ISO-8859-1 +# fr_BE.UTF-8 UTF-8 +# fr_BE@euro ISO-8859-15 +# fr_CA ISO-8859-1 +# fr_CA.UTF-8 UTF-8 +# fr_CH ISO-8859-1 +# fr_CH.UTF-8 UTF-8 +# fr_FR ISO-8859-1 +# fr_FR.UTF-8 UTF-8 +# fr_FR@euro ISO-8859-15 +# fr_LU ISO-8859-1 +# fr_LU.UTF-8 UTF-8 +# fr_LU@euro ISO-8859-15 +# fur_IT UTF-8 +# fy_DE UTF-8 +# fy_NL UTF-8 +# ga_IE ISO-8859-1 +# ga_IE.UTF-8 UTF-8 +# ga_IE@euro ISO-8859-15 +# gd_GB ISO-8859-15 +# gd_GB.UTF-8 UTF-8 +# gez_ER UTF-8 +# gez_ER@abegede UTF-8 +# gez_ET UTF-8 +# gez_ET@abegede UTF-8 +# gl_ES ISO-8859-1 +# gl_ES.UTF-8 UTF-8 +# gl_ES@euro ISO-8859-15 +# gu_IN UTF-8 +# gv_GB ISO-8859-1 +# gv_GB.UTF-8 UTF-8 +# ha_NG UTF-8 +# hak_TW UTF-8 +# he_IL ISO-8859-8 +# he_IL.UTF-8 UTF-8 +# hi_IN UTF-8 +# hne_IN UTF-8 +# hr_HR ISO-8859-2 +# hr_HR.UTF-8 UTF-8 +# hsb_DE ISO-8859-2 +# hsb_DE.UTF-8 UTF-8 +# ht_HT UTF-8 +# hu_HU ISO-8859-2 +# hu_HU.UTF-8 UTF-8 +# hy_AM UTF-8 +# hy_AM.ARMSCII-8 ARMSCII-8 +# ia_FR UTF-8 +# id_ID ISO-8859-1 +# id_ID.UTF-8 UTF-8 +# ig_NG UTF-8 +# ik_CA UTF-8 +# is_IS ISO-8859-1 +# is_IS.UTF-8 UTF-8 +# it_CH ISO-8859-1 +# it_CH.UTF-8 UTF-8 +# it_IT ISO-8859-1 +# it_IT.UTF-8 UTF-8 +# it_IT@euro ISO-8859-15 +# iu_CA UTF-8 +# ja_JP.EUC-JP EUC-JP +# ja_JP.UTF-8 UTF-8 +# ka_GE GEORGIAN-PS +# ka_GE.UTF-8 UTF-8 +# kk_KZ PT154 +# kk_KZ.RK1048 RK1048 +# kk_KZ.UTF-8 UTF-8 +# kl_GL ISO-8859-1 +# kl_GL.UTF-8 UTF-8 +# km_KH UTF-8 +# kn_IN UTF-8 +# ko_KR.EUC-KR EUC-KR +# ko_KR.UTF-8 UTF-8 +# kok_IN UTF-8 +# ks_IN UTF-8 +# ks_IN@devanagari UTF-8 +# ku_TR ISO-8859-9 +# ku_TR.UTF-8 UTF-8 +# kw_GB ISO-8859-1 +# kw_GB.UTF-8 UTF-8 +# ky_KG UTF-8 +# lb_LU UTF-8 +# lg_UG ISO-8859-10 +# lg_UG.UTF-8 UTF-8 +# li_BE UTF-8 +# li_NL UTF-8 +# lij_IT UTF-8 +# ln_CD UTF-8 +# lo_LA UTF-8 +# lt_LT ISO-8859-13 +# lt_LT.UTF-8 UTF-8 +# lv_LV ISO-8859-13 +# lv_LV.UTF-8 UTF-8 +# lzh_TW UTF-8 +# mag_IN UTF-8 +# mai_IN UTF-8 +# mg_MG ISO-8859-15 +# mg_MG.UTF-8 UTF-8 +# mhr_RU UTF-8 +# mi_NZ ISO-8859-13 +# mi_NZ.UTF-8 UTF-8 +# mk_MK ISO-8859-5 +# mk_MK.UTF-8 UTF-8 +# ml_IN UTF-8 +# mn_MN UTF-8 +# mni_IN UTF-8 +# mr_IN UTF-8 +# ms_MY ISO-8859-1 +# ms_MY.UTF-8 UTF-8 +# mt_MT ISO-8859-3 +# mt_MT.UTF-8 UTF-8 +# my_MM UTF-8 +# nan_TW UTF-8 +# nan_TW@latin UTF-8 +# nb_NO ISO-8859-1 +# nb_NO.UTF-8 UTF-8 +# nds_DE UTF-8 +# nds_NL UTF-8 +# ne_NP UTF-8 +# nhn_MX UTF-8 +# niu_NU UTF-8 +# niu_NZ UTF-8 +# nl_AW UTF-8 +# nl_BE ISO-8859-1 +# nl_BE.UTF-8 UTF-8 +# nl_BE@euro ISO-8859-15 +# nl_NL ISO-8859-1 +# nl_NL.UTF-8 UTF-8 +# nl_NL@euro ISO-8859-15 +# nn_NO ISO-8859-1 +# nn_NO.UTF-8 UTF-8 +# nr_ZA UTF-8 +# nso_ZA UTF-8 +# oc_FR ISO-8859-1 +# oc_FR.UTF-8 UTF-8 +# om_ET UTF-8 +# om_KE ISO-8859-1 +# om_KE.UTF-8 UTF-8 +# or_IN UTF-8 +# os_RU UTF-8 +# pa_IN UTF-8 +# pa_PK UTF-8 +# pap_AW UTF-8 +# pap_CW UTF-8 +# pl_PL ISO-8859-2 +# pl_PL.UTF-8 UTF-8 +# ps_AF UTF-8 +# pt_BR ISO-8859-1 +# pt_BR.UTF-8 UTF-8 +# pt_PT ISO-8859-1 +# pt_PT.UTF-8 UTF-8 +# pt_PT@euro ISO-8859-15 +# quz_PE UTF-8 +# raj_IN UTF-8 +# ro_RO ISO-8859-2 +# ro_RO.UTF-8 UTF-8 +# ru_RU ISO-8859-5 +# ru_RU.CP1251 CP1251 +# ru_RU.KOI8-R KOI8-R +# ru_RU.UTF-8 UTF-8 +# ru_UA KOI8-U +# ru_UA.UTF-8 UTF-8 +# rw_RW UTF-8 +# sa_IN UTF-8 +# sat_IN UTF-8 +# sc_IT UTF-8 +# sd_IN UTF-8 +# sd_IN@devanagari UTF-8 +# se_NO UTF-8 +# sgs_LT UTF-8 +# shs_CA UTF-8 +# si_LK UTF-8 +# sid_ET UTF-8 +# sk_SK ISO-8859-2 +# sk_SK.UTF-8 UTF-8 +# sl_SI ISO-8859-2 +# sl_SI.UTF-8 UTF-8 +# so_DJ ISO-8859-1 +# so_DJ.UTF-8 UTF-8 +# so_ET UTF-8 +# so_KE ISO-8859-1 +# so_KE.UTF-8 UTF-8 +# so_SO ISO-8859-1 +# so_SO.UTF-8 UTF-8 +# sq_AL ISO-8859-1 +# sq_AL.UTF-8 UTF-8 +# sq_MK UTF-8 +# sr_ME UTF-8 +# sr_RS UTF-8 +# sr_RS@latin UTF-8 +# ss_ZA UTF-8 +# st_ZA ISO-8859-1 +# st_ZA.UTF-8 UTF-8 +# sv_FI ISO-8859-1 +# sv_FI.UTF-8 UTF-8 +# sv_FI@euro ISO-8859-15 +# sv_SE ISO-8859-1 +# sv_SE.ISO-8859-15 ISO-8859-15 +# sv_SE.UTF-8 UTF-8 +# sw_KE UTF-8 +# sw_TZ UTF-8 +# szl_PL UTF-8 +# ta_IN UTF-8 +# ta_LK UTF-8 +# tcy_IN.UTF-8 UTF-8 +# te_IN UTF-8 +# tg_TJ KOI8-T +# tg_TJ.UTF-8 UTF-8 +# th_TH TIS-620 +# th_TH.UTF-8 UTF-8 +# the_NP UTF-8 +# ti_ER UTF-8 +# ti_ET UTF-8 +# tig_ER UTF-8 +# tk_TM UTF-8 +# tl_PH ISO-8859-1 +# tl_PH.UTF-8 UTF-8 +# tn_ZA UTF-8 +# tr_CY ISO-8859-9 +# tr_CY.UTF-8 UTF-8 +# tr_TR ISO-8859-9 +# tr_TR.UTF-8 UTF-8 +# ts_ZA UTF-8 +# tt_RU UTF-8 +# tt_RU@iqtelif UTF-8 +# ug_CN UTF-8 +# uk_UA KOI8-U +# uk_UA.UTF-8 UTF-8 +# unm_US UTF-8 +# ur_IN UTF-8 +# ur_PK UTF-8 +# uz_UZ ISO-8859-1 +# uz_UZ.UTF-8 UTF-8 +# uz_UZ@cyrillic UTF-8 +# ve_ZA UTF-8 +# vi_VN UTF-8 +# wa_BE ISO-8859-1 +# wa_BE.UTF-8 UTF-8 +# wa_BE@euro ISO-8859-15 +# wae_CH UTF-8 +# wal_ET UTF-8 +# wo_SN UTF-8 +# xh_ZA ISO-8859-1 +# xh_ZA.UTF-8 UTF-8 +# yi_US CP1255 +# yi_US.UTF-8 UTF-8 +# yo_NG UTF-8 +# yue_HK UTF-8 +# zh_CN GB2312 +# zh_CN.GB18030 GB18030 +# zh_CN.GBK GBK +# zh_CN.UTF-8 UTF-8 +# zh_HK BIG5-HKSCS +# zh_HK.UTF-8 UTF-8 +# zh_SG GB2312 +# zh_SG.GBK GBK +# zh_SG.UTF-8 UTF-8 +# zh_TW BIG5 +# zh_TW.EUC-TW EUC-TW +# zh_TW.UTF-8 UTF-8 +# zu_ZA ISO-8859-1 +# zu_ZA.UTF-8 UTF-8 diff --git a/_bookworm/etc_files/all/etc/timezone b/_bookworm/etc_files/all/etc/timezone new file mode 100644 index 0000000..94d5acc --- /dev/null +++ b/_bookworm/etc_files/all/etc/timezone @@ -0,0 +1 @@ +Europe/Berlin diff --git a/_bookworm/etc_files/seedbox/etc/systemd/system/rtorrent.service b/_bookworm/etc_files/seedbox/etc/systemd/system/rtorrent.service new file mode 100644 index 0000000..babfd36 --- /dev/null +++ b/_bookworm/etc_files/seedbox/etc/systemd/system/rtorrent.service @@ -0,0 +1,17 @@ +[Unit] +Description=rtorrent session +After=network.target + +[Service] +Type=simple +User=plom +Group=plom +WorkingDirectory=/home/plom +ExecStartPre=-/bin/rm -f /home/plom/session/rtorrent.lock +ExecStart=/usr/bin/screen -S rtorrent -Dm /usr/bin/rtorrent +ExecStop=/usr/bin/screen -S rtorrent -X quit +Restart=on-failure +RestartSec=3 + +[Install] +WantedBy=multi-user.target diff --git a/_bookworm/etc_files/server/etc/ssh/sshd_config b/_bookworm/etc_files/server/etc/ssh/sshd_config new file mode 100644 index 0000000..e952cb3 --- /dev/null +++ b/_bookworm/etc_files/server/etc/ssh/sshd_config @@ -0,0 +1,123 @@ + +# This is the sshd server system-wide configuration file. See +# sshd_config(5) for more information. + +# This sshd was compiled with PATH=/usr/local/bin:/usr/bin:/bin:/usr/games + +# The strategy used for options in the default sshd_config shipped with +# OpenSSH is to specify options with their default value where +# possible, but leave them commented. Uncommented options override the +# default value. + +Include /etc/ssh/sshd_config.d/*.conf + +#Port 22 +#AddressFamily any +#ListenAddress 0.0.0.0 +#ListenAddress :: + +#HostKey /etc/ssh/ssh_host_rsa_key +#HostKey /etc/ssh/ssh_host_ecdsa_key +#HostKey /etc/ssh/ssh_host_ed25519_key + +# Ciphers and keying +#RekeyLimit default none + +# Logging +#SyslogFacility AUTH +#LogLevel INFO + +# Authentication: + +#LoginGraceTime 2m +#PermitRootLogin prohibit-password +PermitRootLogin no # plomlompom's security rule +#StrictModes yes +#MaxAuthTries 6 +#MaxSessions 10 + +#PubkeyAuthentication yes + +# Expect .ssh/authorized_keys2 to be disregarded by default in future. +#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2 + +#AuthorizedPrincipalsFile none + +#AuthorizedKeysCommand none +#AuthorizedKeysCommandUser nobody + +# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts +#HostbasedAuthentication no +# Change to yes if you don't trust ~/.ssh/known_hosts for +# HostbasedAuthentication +#IgnoreUserKnownHosts no +# Don't read the user's ~/.rhosts and ~/.shosts files +#IgnoreRhosts yes + +# To disable tunneled clear text passwords, change to no here! +PasswordAuthentication no +#PermitEmptyPasswords no + +# Change to yes to enable challenge-response passwords (beware issues with +# some PAM modules and threads) +KbdInteractiveAuthentication no + +# Kerberos options +#KerberosAuthentication no +#KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes +#KerberosGetAFSToken no + +# GSSAPI options +#GSSAPIAuthentication no +#GSSAPICleanupCredentials yes +#GSSAPIStrictAcceptorCheck yes +#GSSAPIKeyExchange no + +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will +# be allowed through the KbdInteractiveAuthentication and +# PasswordAuthentication. Depending on your PAM configuration, +# PAM authentication via KbdInteractiveAuthentication may bypass +# the setting of "PermitRootLogin prohibit-password". +# If you just want the PAM account and session checks to run without +# PAM authentication, then enable this but set PasswordAuthentication +# and KbdInteractiveAuthentication to 'no'. +UsePAM yes + +#AllowAgentForwarding yes +#AllowTcpForwarding yes +#GatewayPorts no +X11Forwarding yes +#X11DisplayOffset 10 +#X11UseLocalhost yes +#PermitTTY yes +PrintMotd no +#PrintLastLog yes +#TCPKeepAlive yes +#PermitUserEnvironment no +#Compression delayed +ClientAliveInterval 15 +#ClientAliveCountMax 3 +#UseDNS no +#PidFile /run/sshd.pid +#MaxStartups 10:30:100 +#PermitTunnel no +#ChrootDirectory none +#VersionAddendum none + +# no default banner path +#Banner none + +# Allow client to pass locale environment variables +AcceptEnv LANG LC_* + +# override default of no subsystems +Subsystem sftp /usr/lib/openssh/sftp-server + +# Example of overriding settings on a per-user basis +#Match User anoncvs +# X11Forwarding no +# AllowTcpForwarding no +# PermitTTY no +# ForceCommand cvs server diff --git a/_bookworm/etc_files/status.plomlompom.com/etc/nginx/sites-available/status.plomlompom.com.nginx b/_bookworm/etc_files/status.plomlompom.com/etc/nginx/sites-available/status.plomlompom.com.nginx new file mode 100644 index 0000000..99c19d2 --- /dev/null +++ b/_bookworm/etc_files/status.plomlompom.com/etc/nginx/sites-available/status.plomlompom.com.nginx @@ -0,0 +1,16 @@ +server { + listen 443 ssl; + server_name REPLACE_fqdn_ECALPER; + ssl_certificate /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/privkey.pem; + root /var/www/status.plomlompom.com/; + + location = / { + return 301 /users/plomlompom.html; + } + + # re-direct to .html endings + location ~ ^/(notice|users)/([^\.]*)/?$ { + rewrite ^/(notice|users)/([^\./]*)/?$ /$1/$2.html permanent; + } +} diff --git a/_bookworm/etc_files/tube.plomlompom.com/etc/nginx/sites-available/tube.plomlompom.com.nginx b/_bookworm/etc_files/tube.plomlompom.com/etc/nginx/sites-available/tube.plomlompom.com.nginx new file mode 100644 index 0000000..57b084a --- /dev/null +++ b/_bookworm/etc_files/tube.plomlompom.com/etc/nginx/sites-available/tube.plomlompom.com.nginx @@ -0,0 +1,12 @@ +server { + listen 443 ssl; + server_name REPLACE_fqdn_ECALPER; + ssl_certificate /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/privkey.pem; + root /var/www/tube.plomlompom.com/; + + # re-direct to .html endings + location ~ ^/videos/watch/([^\.]*)/?$ { + rewrite ^/videos/watch/([^\./]*)/?$ /videos/watch/$1.html permanent; + } +} diff --git a/_bookworm/etc_files/w530/etc/default/grub b/_bookworm/etc_files/w530/etc/default/grub new file mode 100644 index 0000000..ff1b598 --- /dev/null +++ b/_bookworm/etc_files/w530/etc/default/grub @@ -0,0 +1,32 @@ +# If you change this file, run 'update-grub' afterwards to update +# /boot/grub/grub.cfg. +# For full documentation of the options in this file, see: +# info -f grub -n 'Simple configuration' + +GRUB_DEFAULT=0 +GRUB_TIMEOUT=5 +GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian` +GRUB_CMDLINE_LINUX_DEFAULT="quiet nvidia.NVreg_OpenRmEnableUnsupportedGpus=1" +GRUB_CMDLINE_LINUX="" + +# Uncomment to enable BadRAM filtering, modify to suit your needs +# This works with Linux (no patch required) and with any kernel that obtains +# the memory map information from GRUB (GNU Mach, kernel of FreeBSD ...) +#GRUB_BADRAM="0x01234567,0xfefefefe,0x89abcdef,0xefefefef" + +# Uncomment to disable graphical terminal (grub-pc only) +#GRUB_TERMINAL=console + +# The resolution used on graphical terminal +# note that you can use only modes which your graphic card supports via VBE +# you can see them in real GRUB with the command `vbeinfo' +#GRUB_GFXMODE=640x480 + +# Uncomment if you don't want GRUB to pass "root=UUID=xxx" parameter to Linux +#GRUB_DISABLE_LINUX_UUID=true + +# Uncomment to disable generation of recovery mode menu entries +#GRUB_DISABLE_RECOVERY="true" + +# Uncomment to get a beep at grub start +#GRUB_INIT_TUNE="480 440 1" diff --git a/_bookworm/etc_files/w530/etc/modprobe.d/blacklist-nouveau.conf b/_bookworm/etc_files/w530/etc/modprobe.d/blacklist-nouveau.conf new file mode 100644 index 0000000..9699336 --- /dev/null +++ b/_bookworm/etc_files/w530/etc/modprobe.d/blacklist-nouveau.conf @@ -0,0 +1,3 @@ +blacklist nouveau +options nouveau modeset=0 + diff --git a/_bookworm/etc_files/web/etc/nftables.conf b/_bookworm/etc_files/web/etc/nftables.conf new file mode 100755 index 0000000..ec6732a --- /dev/null +++ b/_bookworm/etc_files/web/etc/nftables.conf @@ -0,0 +1,22 @@ +#!/usr/sbin/nft -f + +flush ruleset + +table inet filter { + chain input { + type filter hook input priority 0; policy drop; + iif lo accept comment "accept localhost traffic" + ct state invalid drop comment "drop invalid connections" + ct state established, related accept comment "accept traffic originated from us" + tcp dport 22 accept comment "accept SSH on default port" + tcp dport 80 accept comment "accept HTTP on default port" + tcp dport 443 accept comment "accept HTTPS on default port" + ip protocol icmp icmp type echo-request accept comment "accept ICMP for pinging" + } + chain forward { + type filter hook forward priority 0; policy drop; + } + chain output { + type filter hook output priority 0; policy accept; + } +} diff --git a/_bookworm/etc_files/web/etc/nginx/nginx.conf b/_bookworm/etc_files/web/etc/nginx/nginx.conf new file mode 100644 index 0000000..8320425 --- /dev/null +++ b/_bookworm/etc_files/web/etc/nginx/nginx.conf @@ -0,0 +1,38 @@ +# system integration +user www-data; +worker_processes auto; +pid /run/nginx.pid; +include /etc/nginx/modules-enabled/*.conf; + +# is expected even if empty +events { +} + +http { + # define content-type headers + include /etc/nginx/mime.types; + charset utf-8; + + # Some standard optimizations, i.e. Debian default. Explained in + # + # Not that I understand it all … + sendfile on; + tcp_nopush on; + tcp_nodelay on; + + # logging deactivated due to GDPR + #access_log /var/log/nginx/access.log; + #error_log /var/log/nginx/error.log; + access_log off; + error_log off; + + # virtual hosts: sites-enabled is the Debian way, conf.d the NGINX default + include /etc/nginx/conf.d/*.conf; + include /etc/nginx/sites-enabled/*; + + # Redirect all HTTP requests to HTTPS. + server { + listen 80; + return 301 https://$host$request_uri; + } +} diff --git a/_bookworm/home_files/h610m/.xinitrc_bonus b/_bookworm/home_files/h610m/.xinitrc_bonus new file mode 100644 index 0000000..1eaa7e8 --- /dev/null +++ b/_bookworm/home_files/h610m/.xinitrc_bonus @@ -0,0 +1,2 @@ +# Don't blank screen, as this will confuse the HDMI switch setup / lead to unrecoverable X sessions. +xset s noblank diff --git a/_bookworm/home_files/minimal/.bashrc b/_bookworm/home_files/minimal/.bashrc new file mode 100644 index 0000000..5c1d6b2 --- /dev/null +++ b/_bookworm/home_files/minimal/.bashrc @@ -0,0 +1,30 @@ +# Settings for interactive shells. + +# Fancy colors for ls. +alias ls="ls --color=auto" + +# Other helpful aliases +alias sshauth='eval $(ssh-agent) && ssh-add' +# alias xrandrbig='xrandr --output LVDS-1 --off' + +# Use vim as default editor for anything. +export VISUAL=vim +export EDITOR=$VISUAL + +# Colored prompt with username, hostname, date/time, directory. +colornumber=7 # Default to white if no color set via colornumber dotfile. +colornumber_file=~/.shell_prompt_color +if [ -f $colornumber_file ]; then + colornumber=`cat $colornumber_file` +fi +tput_color="$(tput setaf $colornumber)$(tput bold)" +tput_reset="$(tput sgr0)" +# Bash confuses the line length when not told to not count escape sequences. +if [ ! "$BASH" = "" ]; then + tput_color="\[$tput_color\]" + tput_reset="\[$tput_reset\]" +fi +PS1="${tput_color}["\$\(date\ +%Y-%m-%d/%H:%M:%S/%Z\)" $(whoami)@$(hostname):"\$\(pwd\)"]$ $tput_reset" +PS2="${tput_color}> $tput_reset" +PS3="${tput_color}select: $tput_reset" +PS4="${tput_color}+ $tput_reset" diff --git a/_bookworm/home_files/root/.shell_prompt_color b/_bookworm/home_files/root/.shell_prompt_color new file mode 100644 index 0000000..d00491f --- /dev/null +++ b/_bookworm/home_files/root/.shell_prompt_color @@ -0,0 +1 @@ +1 diff --git a/_bookworm/home_files/seedbox/.rtorrent.rc b/_bookworm/home_files/seedbox/.rtorrent.rc new file mode 100644 index 0000000..2513748 --- /dev/null +++ b/_bookworm/home_files/seedbox/.rtorrent.rc @@ -0,0 +1,11 @@ +# where to write downloads into +directory.default.set = ~/downloads + +# rtorrent's memory +session.path.set = ~/session + +# security and paranoia +dht.mode.set = disable +protocol.pex.set = no +protocol.encryption.set = require,require_RC4,allow_incoming,try_outgoing + diff --git a/_bookworm/home_files/user/.Xresources b/_bookworm/home_files/user/.Xresources new file mode 100644 index 0000000..45b10af --- /dev/null +++ b/_bookworm/home_files/user/.Xresources @@ -0,0 +1,56 @@ +! otherwise various applications will assume merely 8 colors +XTerm.termName: xterm-256color + +! font +! actually, "mono" is already the default for faceName (it will +! pick whatever fc-match mono delivers), but we need to set _some_ +! faceName to trigger XTerm activating TrueType fonts +! (XTerm*fontRender by itself won't do the trick), and we want +! TrueType fonts because, well, they scale better, and XTerm lets them +! fall back on alternatives (hi there ttf-unifont) when a Unicode +! glyph is not found +XTerm*faceName: mono + +! white on black +XTerm*reverseVideo: on + +! blink screen instead of sound +XTerm*visualBell: on + +! proper ALT as META key treatment +XTerm*eightBitInput: false + +! font sizes +XTerm*faceSize: 8 +XTerm*faceSize1: 4 +XTerm*faceSize2: 5 +XTerm*faceSize3: 6 +XTerm*faceSize4: 8 +XTerm*faceSize5: 14 +XTerm*faceSize6: 25 + +! colors +! black +XTerm*color0: #202020 +XTerm*color8: #3F3F3F +! red +XTerm*color1: #A82020 +XTerm*color9: #E82020 +! green +XTerm*color2: #20A820 +XTerm*color10: #20E820 +! yellow +XTerm*color3: #A8A820 +XTerm*color11: #E8E820 +! blue +XTerm*color4: #3F3FFF +XTerm*color12: #9F9FFF +! magenta +XTerm*color5: #A83FFF +XTerm*color13: #E89FFF +! cyan +XTerm*color6: #3FA8FF +XTerm*color14: #9FE8FF +! white +XTerm*color7: #A8A8A8 +XTerm*color15: #E8E8E8 diff --git a/_bookworm/home_files/user/.borgrepos b/_bookworm/home_files/user/.borgrepos new file mode 100644 index 0000000..c40eee3 --- /dev/null +++ b/_bookworm/home_files/user/.borgrepos @@ -0,0 +1,4 @@ +plom@plomlompom.com +plom@mail.plomlompom.com +plom@play.plomlompom.com +# file read ends at last newline diff --git a/_bookworm/home_files/user/.config/i3/config b/_bookworm/home_files/user/.config/i3/config new file mode 100644 index 0000000..7e4af34 --- /dev/null +++ b/_bookworm/home_files/user/.config/i3/config @@ -0,0 +1,86 @@ +# plomlompom's i3-wm configuration + +# Font for i3 text +font pango:Terminus 8px + +# Force "tabbed" as default layout for new windows. +workspace_layout tabbed + +# Make the Windows key the modifier key for all i3-wm actions. +set $mod Mod4 +floating_modifier $mod + +# Launch xterm. +bindsym $mod+Return exec xterm + +# Launch programs via dmenu. +bindsym $mod+d exec dmenu_run +bindsym $mod+x exec dmenu_run + +# Kill window. +bindsym $mod+Shift+Q kill + +# Move focus between windows. +bindsym $mod+Left focus left +bindsym $mod+Down focus down +bindsym $mod+Up focus up +bindsym $mod+Right focus right + +# Don't move focus with mouse. +focus_follows_mouse no + +# Move windows. +bindsym $mod+Shift+Left move left +bindsym $mod+Shift+Down move down +bindsym $mod+Shift+Up move up +bindsym $mod+Shift+Right move right + +# Resize windows +bindsym $mod+h resize shrink width 1 px or 1 ppt +bindsym $mod+l resize grow width 1 px or 1 ppt +bindsym $mod+j resize shrink height +bindsym $mod+k resize grow height + +# Toggle fullscreen for focused window. +bindsym $mod+f fullscreen + +# Toggle floating of window, focus on floating or tabbed windows. +bindsym $mod+Shift+space floating toggle +bindsym $mod+space focus mode_toggle + +# Switch to workspace x. +bindsym $mod+1 workspace 1 +bindsym $mod+2 workspace 2 +bindsym $mod+3 workspace 3 +bindsym $mod+4 workspace 4 +bindsym $mod+5 workspace 5 +bindsym $mod+6 workspace 6 +bindsym $mod+7 workspace 7 +bindsym $mod+8 workspace 8 +bindsym $mod+9 workspace 9 +bindsym $mod+0 workspace 10 + +# Move window to workspace x. +bindsym $mod+Shift+exclam move workspace 1 +bindsym $mod+Shift+quotedbl move workspace 2 +bindsym $mod+Shift+section move workspace 3 +bindsym $mod+Shift+dollar move workspace 4 +bindsym $mod+Shift+percent move workspace 5 +bindsym $mod+Shift+ampersand move workspace 6 +bindsym $mod+Shift+slash move workspace 7 +bindsym $mod+Shift+parenleft move workspace 8 +bindsym $mod+Shift+parenright move workspace 9 +bindsym $mod+Shift+equal move workspace 10 + +# Reload i3 config file, restart (keeping sesion) i3, exit i3. +bindsym $mod+Shift+C reload +bindsym $mod+Shift+R restart +bindsym $mod+Shift+P exit + +# Select "i3status" as i3 status bar, hide systray icons. +bar { + tray_output none + status_command i3status +} + +include ~/.config/i3/config_bonus diff --git a/_bookworm/home_files/user/.config/i3status/config b/_bookworm/home_files/user/.config/i3status/config new file mode 100644 index 0000000..b9fb15f --- /dev/null +++ b/_bookworm/home_files/user/.config/i3status/config @@ -0,0 +1,82 @@ +# plomlompom's i3 status bar configuration + +# Activate colors; set update interval of one second. +general { + colors = true + interval = 1 +} + +# Selection / order of status elements. +order += "disk /" +order += "disk /home/" +order += "wireless wlp3s0" +order += "ethernet enp0s25" +order += "battery 0" +order += "cpu_usage" +order += "load" +order += "cpu_temperature 0" +order += "time" +order += "volume master" + +# How much space is left in / ? +disk "/" { + format = "/: %avail available of %total" + separator_block_width = 25 +} + +# How much space is left in /home ? +disk "/home/" { + format = "/home: %avail available of %total" + separator_block_width = 25 +} + +# WLAN status: show IP and connection quality or "down". +wireless wlp3s0 { + format_up = "w: (%quality at %essid) %ip" + format_down = "w: down" + separator_block_width = 10 +} + +# Ethernet status: show IP or "down". +ethernet enp0s25 { + format_up = "e: %ip" + format_down = "e: down" + separator_block_width = 25 +} + +# Battery status: show FULL/CHARGING/BATTERY, storage, time left. +battery 0 { + format = "b: %status %percentage %remaining" + separator_block_width = 25 +} + +# Show CPU usage. +cpu_usage { + format = "cpu: %usage" + separator_block_width = 10 +} + +# Show system load during last 1/5/15 minutes. +load { + format = "%1min %5min %15min" + separator_block_width = 25 +} + +# Show CPU temperature in degrees of celsius. +cpu_temperature 0 { + format = "%degrees °C" + separator_block_width = 25 +} + +# Show date/time/timezone as "year-month-day hour:minute:second +# timezone_numeric/timezone_alphabetic". +time { + format = "%Y-%m-%d %H:%M:%S %z/%Z" + separator_block_width = 25 +} + +volume master { + format = "♪: %volume" + format_muted = "♪: muted (%volume)" + separator_block_width = 25 +} diff --git a/_bookworm/home_files/user/.emacs.d/init.el b/_bookworm/home_files/user/.emacs.d/init.el new file mode 100644 index 0000000..3868a75 --- /dev/null +++ b/_bookworm/home_files/user/.emacs.d/init.el @@ -0,0 +1,323 @@ +;; general layout +;; ============== + +;; need no stinkin emacs help screen as start up, and no menu bar +(setq inhibit-startup-screen t) +(menu-bar-mode -1) + +;; highlight cursor line, parentheses +(global-hl-line-mode 1) +(show-paren-mode 1) + +;; show line numbers, use separator space +(global-linum-mode) +(setq linum-format "%d ") + +;; count cursor column, row in mode line +(setq column-number-mode t) + +;; settings to make GUI tolerable +(if window-system + (progn + (add-to-list 'default-frame-alist '(foreground-color . "white")) + (add-to-list 'default-frame-alist '(background-color . "black")) + (set-face-attribute 'default nil :height 80) + (scroll-bar-mode -1) + (setq visible-bell t) + (setq linum-format "%d"))) + +;; use as default browser what XDG offers +(setq-default browse-url-browser-function 'browse-url-xdg-open) + + + +;; general keybindings +;; =================== + +;; create and use a minimal global map using just the self-insert command +;; bindings and a selection of some to me very common keystrokes +(setq minimal-map (make-sparse-keymap)) +(substitute-key-definition 'self-insert-command 'self-insert-command + minimal-map global-map) +(use-global-map minimal-map) +(global-set-key (kbd "DEL") 'backward-delete-char-untabify) +(global-set-key (kbd "RET") 'newline) +(global-set-key (kbd "TAB") 'indent-for-tab-command) +(global-set-key (kbd "") 'previous-line) +(global-set-key (kbd "") 'next-line) +(global-set-key (kbd "") 'left-char) +(global-set-key (kbd "") 'right-char) +(global-set-key (kbd "") 'scroll-down-command) +(global-set-key (kbd "") 'scroll-up-command) +(global-set-key (kbd "M-x") 'execute-extended-command) +(global-set-key (kbd "C-g") 'keyboard-quit) +;(global-set-key (kbd "") 'kmacro-start-macro-or-insert-counter) +;(global-set-key (kbd "") 'kmacro-end-or-call-macro) +;; note how to switch back to the original map: (use-global-map global-map) +(setq shr-map (make-sparse-keymap)) ; got annoying in elfeed-show on URLs + + + +;; minibuffer +;; ========== + +;; incremental minibuffer completion +(icomplete-mode 1) + + + +;; text editing +;; ============ + +;; tabs are evil +(setq-default indent-tabs-mode nil) +(setq-default tab-width 4) +(setq indent-line-function 'insert-tab) + +;; show trailing whitespace +(setq-default show-trailing-whitespace 1) + +;; on save, ask whether to ensure text file's last line ends in a +;; newline character +(setq require-final-newline 1) + +;; use dedicated directory for version-controlled, endless backups; +;; never delete old versions +(setq make-backup-files t + backup-directory-alist `(("." . "~/.emacs_backups")) + backup-by-copying t + version-control t + delete-old-versions 1) ;; neither t nor nil: never delete + + +;; package management +;; ================== + +;; where we get packages from +(setq package-archives '(("gnu" . "https://elpa.gnu.org/packages/") + ("melpa-unstable" . "https://melpa.org/packages/") + ("melpa-stable" . "https://stable.melpa.org/packages/"))) + +;; ensure certain packages are installed (actually, we use Debian repos here) +;; credit to +;(setq package-list '(elfeed ledger-mode)) +;(package-initialize) +;(dolist (package package-list) +; (unless (package-installed-p package) +; (package-install package))) + + + +;;; window management +;;; ================= +; +;;; track window configurations to allow window config undo +;(winner-mode 1) + + + +;; mail setup +;; ========== + +(setq send-mail-function 'smtpmail-send-it) +(setq smtpmail-smtp-server "mail.plomlompom.com") +(setq smtpmail-smtp-service 465) +(setq smtpmail-stream-type 'ssl) +(setq smtpmail-smtp-user "plom") +(setq mml-secure-openpgp-encrypt-to-self t) +(add-hook 'message-setup-hook 'mml-secure-sign-pgpmime) + +;(setq gnutls-log-level 0) + +;; if we don't set this, we get this warning: +;; gnutls.c: [1] Note that the security level of the Diffie-Hellman key exchange +;; has been lowered to 256 bits and this may allow decryption of the session data +(setq gnutls-min-prime-bits 1024) + +;; there is a WEIRD bug somewhere in /network-stream-open-tls/ that disappears the +;; stream process, seemingly unless the /message/ function is called at the right +;; place (earliest in /nsm-verify-connection/ right before the "cond" there, latest +;; in /network-stream-get-response/ right after "(goto-char start)"; this works +;; unless /inhibit_message/ is set, indicating that writing to the *Messages* +;; buffer is not relevant, but maybe writing to the echo area is); activing the +;; gnutls logging is just a hack to achieve such calls to /message/ in the +;; /network-stream-open-tls/ flow. +(setq gnutls-log-level 1) ; miraculously makes smtpmail work + +;; constructs From: domain if mail composer directly called (from without +;; notmuch), but we don't actually intend to do that +;(setq mail-host-address "plomlompom.com") + +;; otherwise notmuch becomes extremely slow in some cases +(setq-default notmuch-show-indent-content nil) + +;; this only works if we use notmuch-mua-send instead of message-send +(setq notmuch-fcc-dirs '(("plom@plomlompom.com" . "maildir/Sent"))) + +;; this gets rid of "i-did-not-set--mail-host-address--so-tickle-me" +;; in the message ID +(setq mail-host-address "plomlompom.com") + +;; notmuch saved searches +(setq notmuch-saved-searches + '((:name "inbox" :query "tag:unread and folder:inbox") + (:name "all" :query "tag:unread not folder:maildir/Trash") + (:name "plomlompom.de" :query "tag:unread and folder:maildir/plomlompom.de") + (:name "nebenan" :query "tag:unread and folder:maildir/nebenan") + (:name "reflect-info" :query "tag:unread and folder:maildir/reflect-info") + (:name "gmail" :query "tag:unread and folder:maildir/gmail.com") + (:name "mutter" :query "tag:unread and folder:maildir/mutter"))) + + + +;; org mode +;; ======== + +;; unsure why, but to re-set the key map, we not only have to explicitely do it +;; only after org-mode loading, but also have to explicitely overwrite the +;; C-c keybinding; TODO: investigate +(with-eval-after-load 'org + (setq org-mode-map (make-sparse-keymap)) + (define-key org-mode-map (kbd "C-c") nil) + (define-key org-mode-map (kbd "TAB") 'org-cycle) + (define-key org-mode-map (kbd "") 'org-shifttab)) + +;; don't truncate lines by default +(setq org-startup-truncated nil) + +;; basic org-capture config +(setq org-capture-templates + '(("x" "test" plain (file "~/org/notes.org") "%T: %?"))) +(add-hook 'org-capture-mode-hook 'evil-insert-state) + +;; agenda view on startup +(load-library "find-lisp") +(setq org-agenda-files (find-lisp-find-files "~/org" "\.org$")) +(setq org-agenda-span 90) +(setq org-agenda-use-time-grid nil) +(add-hook 'emacs-startup-hook (lambda () + (org-agenda-list) + (switch-to-buffer "*Org Agenda*") + (other-window 1))) + +;;; for calendar, use ISO date style +;(setq calendar-date-style 'iso) +;(setq diary-number-of-entries 7) +;(diary) +;(setq org-agenda-time-grid '((today require-timed remove-match) +; #("----------------" 0 16 (org-heading t)) +; (0 200 400 600 800 1000 1200 +; 1400 1600 1800 2000 2200))) + +;; empty org-agenda-mode keybindings +(add-hook 'org-agenda-mode-hook + (lambda () + (setq org-agenda-mode-map (make-sparse-keymap)))) +(add-hook 'org-agenda-mode-hook + (lambda () + (use-local-map (make-sparse-keymap)))) + +;; org-publish-all +(setq org-publish-project-alist + '( + ("website" + :base-directory "~/org/web/" + :base-extension "org" + :publishing-directory "~/html/" + :recursive t + :publishing-function org-html-publish-to-html + :headline-levels 4 ; Just the default for this project. + :auto-preamble t + ))) + +;; use [ki:] syntax to hide stuff from exports +(defun classify-information (text backend info) + "Replaces '[ki:WHATEVER]' with '[klassifizierte Information]'." + (replace-regexp-in-string "\\[ki:[^\]]*\]" "[klassifizierte Information]" text)) +(add-hook 'org-export-filter-plain-text-functions 'classify-information) + +;; add HTML validator link to exports +(setq org-html-validation-link "Validate") + + + +;;; Info mode +;;; ========= + +(setq Info-mode-map (make-sparse-keymap)) +(define-key Info-mode-map (kbd "RET") 'Info-follow-nearest-node) +(define-key Info-mode-map (kbd "u") 'Info-up) +(define-key Info-mode-map (kbd "TAB") 'Info-next-reference) +(define-key Info-mode-map (kbd "") 'Info-prev-reference) +(define-key Info-mode-map (kbd "H") 'Info-history-back) +(define-key Info-mode-map (kbd "L") 'Info-history-forward) +(define-key Info-mode-map (kbd "I") 'Info-goto-node) +(define-key Info-mode-map (kbd "i") 'Info-index) + + + +;; help mode +;; ========= + +(setq help-mode-map (make-sparse-keymap)) +(define-key help-mode-map (kbd "TAB") 'forward-button) +(define-key help-mode-map (kbd "RET") 'help-follow) +(define-key help-mode-map (kbd "") 'backward-button) + + + +; ;; elfeed +; ;; ====== +; +; (require 'elfeed) ; needed so we can set the font faces +; (set-face-background 'elfeed-search-title-face "magenta") +; (set-face-background 'elfeed-search-unread-count-face "magenta") +; (setq elfeed-feeds +; '("https://capsurvival.blogspot.com/feeds/posts/default" +; "https://jungle.world/rss.xml" +; "http://news.dieweltistgarnichtso.net/bin/index.xml" +; "https://taz.de/!s=&ExportStatus=Intern&SuchRahmen=Online;rss/" +; "http://www.tagesschau.de/xml/atom")) +; (setq elfeed-search-mode-map (make-sparse-keymap)) +; (define-key elfeed-search-mode-map (kbd "RET") 'elfeed-search-show-entry) +; (defun elfeed-search-mark-as-read() (interactive) +; (elfeed-search-untag-all 'unread)) +; (define-key elfeed-search-mode-map (kbd "r") 'elfeed-search-mark-as-read) +; (define-key elfeed-search-mode-map (kbd "R") 'elfeed-search-tag-all-unread) +; (define-key elfeed-search-mode-map (kbd "f") 'elfeed-search-live-filter) +; (define-key elfeed-search-mode-map (kbd "u") 'elfeed-update) +; (setq elfeed-show-mode-map (make-sparse-keymap)) +; (define-key elfeed-show-mode-map (kbd "u") 'elfeed) +; (define-key elfeed-show-mode-map (kbd "TAB") 'shr-next-link) +; (define-key elfeed-show-mode-map (kbd "") 'shr-previous-link) +; (define-key elfeed-show-mode-map (kbd "a") 'elfeed-show-prev) +; (define-key elfeed-show-mode-map (kbd "d") 'elfeed-show-next) +; (define-key elfeed-show-mode-map (kbd "y") 'shr-copy-url) +; (define-key elfeed-show-mode-map (kbd "RET") 'shr-browse-url) +; +; +; +; ;; eww +; ;; === +; +; (setq eww-mode-map (make-sparse-keymap)) +; (define-key eww-mode-map (kbd "TAB") 'shr-next-link) +; (define-key eww-mode-map (kbd "") 'shr-previous-link) +; (define-key eww-mode-map (kbd "H") 'eww-back-url) +; (define-key eww-mode-map (kbd "L") 'eww-forward-url) + + + +;; ledger +;; ====== +(setq ledger-mode-map (make-sparse-keymap)) +(define-key ledger-mode-map (kbd "TAB") 'completion-at-point) + + + +;;; plomvi mode +;;; =========== + +(defvar plomvi-return-combo (kbd "C-c")) +(load "~/public_repos/plomvi.el/plomvi.el") +(plomvi-global-mode 1) diff --git a/_bookworm/home_files/user/.gitconfig b/_bookworm/home_files/user/.gitconfig new file mode 100644 index 0000000..8967d25 --- /dev/null +++ b/_bookworm/home_files/user/.gitconfig @@ -0,0 +1,3 @@ +[user] + email = c.heller@plomlompom.de + name = Christian Heller diff --git a/_bookworm/home_files/user/.mbsyncrc b/_bookworm/home_files/user/.mbsyncrc new file mode 100644 index 0000000..59d01a9 --- /dev/null +++ b/_bookworm/home_files/user/.mbsyncrc @@ -0,0 +1,28 @@ +IMAPAccount plom +# Address to connect to +Host mail.plomlompom.com +User plom +# For some reason, mbsync doesn't accept a PassCmd output beyond 79 chars, +# therefore the pw in ~/.authinfo should not be longer than that. +PassCmd "cat ~/.authinfo | cut -d' ' -f8-" +SSLType IMAPS +AuthMechs LOGIN + +IMAPStore core-remote +Account plom + +MaildirStore core-local +# The trailing "/" is important +Path ~/mail/maildir/ +Inbox ~/mail/inbox/ + +Channel core +Far :core-remote: +Near :core-local: +Patterns * +# Automatically create missing mailboxes, both locally and on the server +Create Both +# Save the synchronization state files in the relevant directory +SyncState * +# If a mail is marked T ("Trashed") or deleted, remove it for real everywhere +Expunge Both diff --git a/_bookworm/home_files/user/.notmuch-config b/_bookworm/home_files/user/.notmuch-config new file mode 100644 index 0000000..9532761 --- /dev/null +++ b/_bookworm/home_files/user/.notmuch-config @@ -0,0 +1,9 @@ +[database] +path=/home/plom/mail +[search] +exclude_tags=deleted;spam; +# the fields below set the From: if the mail composer is called from +# within notmuch +[user] +name=Christian Heller +primary_email=plom@plomlompom.com diff --git a/_bookworm/home_files/user/.shell_prompt_color b/_bookworm/home_files/user/.shell_prompt_color new file mode 100644 index 0000000..0cfbf08 --- /dev/null +++ b/_bookworm/home_files/user/.shell_prompt_color @@ -0,0 +1 @@ +2 diff --git a/_bookworm/home_files/user/.tridactylrc b/_bookworm/home_files/user/.tridactylrc new file mode 100644 index 0000000..8da0831 --- /dev/null +++ b/_bookworm/home_files/user/.tridactylrc @@ -0,0 +1,18 @@ +# sanitize tridactyllocal tridactylsync +# guiset tabs always +# guiset hoverlink left +# guiset statuspanel right +autocmd DocStart www.reddit.com urlmodify -t www.reddit old.reddit +# bind ö fillcmdline find +# bind n findnext 1 +# bind N findnext -1 +bind j scrollline 3 +bind k scrollline -3 +set hintuppercase false +set searchengine duckduckgo +set theme midnight +set searchurls.wiktionary https://en.wiktionary.org/w/index.php?search= +set searchurls.dictcc https://www.dict.cc/?s= +set hintchars 123456qwertasdfgyxcvb +guiset gui none +escapehatch diff --git a/_bookworm/home_files/user/.xinitrc b/_bookworm/home_files/user/.xinitrc new file mode 100644 index 0000000..e1cbd6a --- /dev/null +++ b/_bookworm/home_files/user/.xinitrc @@ -0,0 +1,19 @@ +# X init configuration + +# Set keymap. +setxkbmap de + +# Map CapsLock to Compose key. +xmodmap -e "clear Lock" +xmodmap -e "keycode 66 = Multi_key" + +# Load xterm settings +xrdb -merge ~/.Xresources + +# Redshift to Berlin, Germany. +redshift -rl 53:13 & + +sh .xinitrc_bonus + +# Launch window manager. +i3 diff --git a/_bookworm/home_files/user/mail_sync.sh b/_bookworm/home_files/user/mail_sync.sh new file mode 100755 index 0000000..ffe6b4a --- /dev/null +++ b/_bookworm/home_files/user/mail_sync.sh @@ -0,0 +1,44 @@ +#!/bin/sh +set -e + +basedir="/home/plom/mail/maildir/" +# Ensure directories exist for all "dir:*" tags. +for tag in $(notmuch search --output=tags '*'); do + if [ ! $(echo "${tag}" | cut -c-4) = "dir:" ]; then + continue + fi + target_dir="${basedir}"$(echo "${tag}" | cut -c5-)"/cur/" + if [ ! -d "${target_dir}" ]; then + echo "Directory ${target_dir} does not exist." + exit 1 + fi +done + +# Ensure all "dir:*"-tagged mails are in proper directories, +# remove all "dir:*" tags. +for tag in $(notmuch search --output=tags '*'); do + if [ ! $(echo "${tag}" | cut -c-4) = "dir:" ]; then + continue + fi + target_dir="${basedir}"$(echo "${tag}" | cut -c5-)"/cur/" + for f in $(notmuch search --output=files tag:"${tag}"); do + new_name=$(basename "${f}" | sed -e 's/,U=[0-9]*//') + target_path="${target_dir}${new_name}" + if [ ! "${target_path}" = "${f}" ]; then + echo "Moving ${f} to ${target_path}." + mv "${f}" "${target_path}" + # NOTE: if we encounter an error here of ${f} not being findable, run "notmuch reindex tag:${tag}" to fix + fi + done + notmuch tag -"${tag}" tag:"${tag}" +done + +# Remove all "deleted"-tagged files from maildirs. +notmuch search --output=files tag:deleted | while read f; do + echo "Deleting ${f}" + rm "${f}" +done + +# Sync changes back to server and update notmuch index. +mbsync -a +notmuch new diff --git a/_bookworm/home_files/user/public_repos/repos b/_bookworm/home_files/user/public_repos/repos new file mode 100644 index 0000000..2414eec --- /dev/null +++ b/_bookworm/home_files/user/public_repos/repos @@ -0,0 +1,8 @@ +# List of repos we want cloned in ~/public_repos +config +pingmail.git +plomlombot-irc.git +plomrogue +plomrogue2-experiments +plomvi.el +misc diff --git a/_bookworm/home_files/w530/.config/i3/config_bonus b/_bookworm/home_files/w530/.config/i3/config_bonus new file mode 100644 index 0000000..50af63e --- /dev/null +++ b/_bookworm/home_files/w530/.config/i3/config_bonus @@ -0,0 +1,14 @@ +# put main workspaces on big monitor +workspace 1 output LVDS-1 +workspace 2 output HDMI-1-0 +workspace 3 output HDMI-1-0 +workspace 4 output HDMI-1-0 +workspace 5 output HDMI-1-0 +workspace 6 output HDMI-1-0 +workspace 7 output HDMI-1-0 +workspace 8 output HDMI-1-0 +workspace 9 output HDMI-1-0 +workspace 10 output HDMI-1-0 + +# default to big monitor's first workspace +# exec "i3-msg 'workspace 1'" diff --git a/_bookworm/home_files/w530/.xinitrc_bonus b/_bookworm/home_files/w530/.xinitrc_bonus new file mode 100644 index 0000000..b3a221f --- /dev/null +++ b/_bookworm/home_files/w530/.xinitrc_bonus @@ -0,0 +1,2 @@ +# The extreme --pos disconnects the cursor movement spaces, so mouse stays inside selected screen. +xrandr --output LVDS-1 --mode 1368x768 --output HDMI-1-0 --auto --pos 2000x2000 diff --git a/_bookworm/setup_scripts/_setup.sh b/_bookworm/setup_scripts/_setup.sh new file mode 100755 index 0000000..5f4bfda --- /dev/null +++ b/_bookworm/setup_scripts/_setup.sh @@ -0,0 +1,35 @@ +#!/bin/sh +set -e +. ./misc.sh +. ../../misc.sh + +expect_n_args 2 "(hostname, FQDN)" "$@" +hostname="$1" +fqdn="$2" +shift 2 + +cd "${setup_scripts_dir}" + +# Adapt /etc/ to our needs by copying from ./etc_files. This will set +# basic configurations affecting following steps, such as setup of APT +# and the locale selection, so needs to be right at the beginning. +./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" all "$@" + +# Set hostname and FQDN. +./set_hostname_and_fqdn.sh "${hostname}" "${fqdn}" + +# Ensure package installation state as defined by what packages are +# defined as required by Debian policy and by settings in ./apt-mark/. +apt update +./install_for_target.sh all "$@" +./purge_nonrequireds.sh all "$@" + +# Ensure our desired locale is available. +locale-gen + +# Only upgrade after reducing the system to the desired minimum, so that +# we don't need to get more data than necessary. +apt -y dist-upgrade + +# Set Berlin localtime. +ln -sf /usr/share/zoneinfo/Europe/Berlin /etc/localtime diff --git a/_bookworm/setup_scripts/copy_dirtree.sh b/_bookworm/setup_scripts/copy_dirtree.sh new file mode 100755 index 0000000..fbc3d9d --- /dev/null +++ b/_bookworm/setup_scripts/copy_dirtree.sh @@ -0,0 +1,30 @@ +#!/bin/sh +# Copy files in argument-selected subdirectories of $1 to subdirectories +# of $2 (which may be an empty string), e.g. with $1 of "etc_files", $2 +# of "" and $3 of "all", copy files below etc_files/all such as +# etc_files/all/etc/foo/bar to equivalent locations below / such as +# /etc/foo/bar. Create directories as necessary. Multiple arguments after +# $3 are possible. +# +# CAUTION: This removes original files at the affected paths. +set -e +. ./misc.sh +. ../../misc.sh + +expect_n_args 3 "(source root, target root, modules)" "$@" + +source_root="$1" +target_root="$2" +shift 2 + +for target_module in "$@"; do + mkdir -p "${source_root}/${target_module}" + cd "${source_root}/${target_module}" + for path in $(find . -type f); do + target_path="${target_root}"$(echo "${path}" | cut -c2-) + source_path=$(realpath "${path}") + dir=$(dirname "${target_path}") + mkdir -p "${dir}" + cp "${source_path}" "${target_path}" + done +done diff --git a/_bookworm/setup_scripts/init_user_and_keybased_login.sh b/_bookworm/setup_scripts/init_user_and_keybased_login.sh new file mode 120000 index 0000000..f95539d --- /dev/null +++ b/_bookworm/setup_scripts/init_user_and_keybased_login.sh @@ -0,0 +1 @@ +../../bullseye/setup_scripts/init_user_and_keybased_login.sh \ No newline at end of file diff --git a/_bookworm/setup_scripts/init_user_login.sh b/_bookworm/setup_scripts/init_user_login.sh new file mode 120000 index 0000000..0b0497d --- /dev/null +++ b/_bookworm/setup_scripts/init_user_login.sh @@ -0,0 +1 @@ +../../bullseye/setup_scripts/init_user_login.sh \ No newline at end of file diff --git a/_bookworm/setup_scripts/install_for_target.sh b/_bookworm/setup_scripts/install_for_target.sh new file mode 100755 index 0000000..6d04152 --- /dev/null +++ b/_bookworm/setup_scripts/install_for_target.sh @@ -0,0 +1,18 @@ +#!/bin/sh +# Walks through the package names in the argument-selected files of +# apt-mark/ and ensures the respective packages are installed. +# +# Ignores anything in an apt-mark/ file after the last newline. +set -e +. ./misc.sh + +for target in "$@"; do + path="${aptmark_dir}/${target}" + # TODO: continue if file at $path not found, to get rid of dummy files + cat "${path}" | while read line; do + echo "$line" + if [ ! $(echo "${line}" | cut -c1) = "#" ]; then + DEBIAN_FRONTEND=noninteractive apt-get -y -o Dpkg::Options::=--force-confold install "${line}" + fi + done +done diff --git a/_bookworm/setup_scripts/migrate_borg.sh b/_bookworm/setup_scripts/migrate_borg.sh new file mode 100755 index 0000000..b08cf2d --- /dev/null +++ b/_bookworm/setup_scripts/migrate_borg.sh @@ -0,0 +1,17 @@ +#!/bin/sh +set -e +. ./misc.sh +. ../../misc.sh + +expect_n_args 1 "(old server IP)" "$@" +old_server="$1" +cp "${setup_scripts_dir}/misc.sh" /home/plom/ +cp "${setup_scripts_dir}/prepare_to_meet_server.sh" /home/plom/ +chown plom:plom /home/plom/prepare_to_meet_server.sh +su -lc "./prepare_to_meet_server.sh ${old_server}" plom +read -p'Hit Enter when you are done.' ignore +rm /home/plom/prepare_to_meet_server.sh +cp "${setup_scripts_dir}/mirror_dir.sh" /home/plom/ +su -lc "./mirror_dir.sh ${old_server} /home/plom/borg" plom +rm /home/plom/mirror_dir.sh +rm /home/plom/misc.sh diff --git a/_bookworm/setup_scripts/mirror_dir.sh b/_bookworm/setup_scripts/mirror_dir.sh new file mode 100755 index 0000000..d650165 --- /dev/null +++ b/_bookworm/setup_scripts/mirror_dir.sh @@ -0,0 +1,22 @@ +#!/bin/sh +# Mirror directory tree from remote to local server, keeping the path. +set -e +. ./misc.sh +. ../../misc.sh + +expect_n_args 2 "(server, directory)" "$@" +server=$1 +dir=$2 +path_package=/tmp/delete.tar + +eval `ssh-agent` +ssh-add +cd +ssh plom@"${server}" "cd \"${dir}\" && tar cf ${path_package} ." +scp plom@"${server}":"${path_package}" "${path_package}" +mkdir -p "${dir}" +cd "${dir}" +tar xf "${path_package}" +cd +rm "${path_package}" +ssh plom@"${server}" rm "${path_package}" diff --git a/_bookworm/setup_scripts/misc.sh b/_bookworm/setup_scripts/misc.sh new file mode 100644 index 0000000..30f8e8c --- /dev/null +++ b/_bookworm/setup_scripts/misc.sh @@ -0,0 +1,34 @@ +#!/bin/sh +set -e +debian_version="bookworm" +legal_system_names="x220 w530 h610m" +config_tree_prefix="${HOME}/public_repos/config/${debian_version}" +if [ ! -d "${config_tree_prefix}" ]; then + config_tree_prefix="${HOME}/config/${debian_version}" +fi +setup_scripts_dir="${config_tree_prefix}/setup_scripts" +aptmark_dir="${config_tree_prefix}/apt-mark" + +expect_setup_finished_file() { + filename="$1" + setup_script="$2" + if [ ! -f "${HOME}/${filename}" ]; then + echo "First need to run ${setup_script}." + false + fi +} + +get_system_name_arg() { + found=0 + for system_name_i in $legal_system_names; do + if [ "$1" = "$system_name_i" ]; then + found=1 + system_name="${system_name_i}" + continue + fi + done + if [ "$found" = 0 ]; then + echo "Need legal system name." + false + fi +} diff --git a/_bookworm/setup_scripts/prepare_to_meet_server.sh b/_bookworm/setup_scripts/prepare_to_meet_server.sh new file mode 100755 index 0000000..8e54ca5 --- /dev/null +++ b/_bookworm/setup_scripts/prepare_to_meet_server.sh @@ -0,0 +1,21 @@ +#!/bin/sh +# Do some of the steps necessary to SSH (key-based) with another server. +set -e +. ./misc.sh +. ../../misc.sh + +expect_n_args 1 "(server IP)" "$@" +target="$1" + +# We need a public key to copy over, so generate it if not found. +if [ ! -f ~/.ssh/id_rsa.pub ]; then + ssh-keygen -N "" +fi + +# Add target to ~/.ssh/known_hosts so we don't get +# asked for permission at inopportune moments. +ssh-keyscan -H "$target" >> ~/.ssh/known_hosts + +# Tell user what to do. +echo "APPEND FOLLOWING TO TARGET'S ~/.ssh/authorized_keys:" +cat ~/.ssh/id_rsa.pub diff --git a/_bookworm/setup_scripts/purge_nonrequireds.sh b/_bookworm/setup_scripts/purge_nonrequireds.sh new file mode 100755 index 0000000..95f2897 --- /dev/null +++ b/_bookworm/setup_scripts/purge_nonrequireds.sh @@ -0,0 +1,26 @@ +#!/bin/sh +# This script removes all Debian packages that are not of Priority +# "required" or not depended on by packages of priority "required" +# or not listed in the argument-selected files of apt-mark/. +set -e +. ./misc.sh + +# FIXME packages listed twice in the aptmark_dir get blacklisted? + +dpkg-query -Wf '${Package} ${Priority}\n' | grep ' required' | sed 's/ required//' > /tmp/list_white_unsorted +for target in "$@"; do + path="${aptmark_dir}/${target}" + cat "${path}" | while read line; do + if [ ! $(echo "${line}" | cut -c1) = "#" ]; then + echo "${line}" >> /tmp/list_white_unsorted + fi + done +done +sort /tmp/list_white_unsorted > /tmp/list_white +dpkg-query -Wf '${Package}\n' > /tmp/list_all_packages +sort /tmp/list_all_packages > /tmp/foo +mv /tmp/foo /tmp/list_all_packages +comm -3 /tmp/list_all_packages /tmp/list_white > /tmp/list_black +apt-mark auto `cat /tmp/list_black` +DEBIAN_FRONTEND=noninteractive apt-get -y --purge autoremove +rm /tmp/list_all_packages /tmp/list_white_unsorted /tmp/list_white /tmp/list_black diff --git a/_bookworm/setup_scripts/set_hostname_and_fqdn.sh b/_bookworm/setup_scripts/set_hostname_and_fqdn.sh new file mode 100755 index 0000000..929d8bc --- /dev/null +++ b/_bookworm/setup_scripts/set_hostname_and_fqdn.sh @@ -0,0 +1,50 @@ +#!/bin/sh +# Sets hostname and optionally FQDN. +# +# Calls hostname, writes to /etc/hostname and /etc/hosts. For /etc/hosts +# writing follows recommendations from Debian manual at +# +# (section "The hostname resolution") on how to map hostname and possibly +# FQDN to a permanent IP if present (we assume here any non-private IP +# and non-loopback IP returned by hostname -I to fulfill that criterion +# on our systems) or to 127.0.1.1 if not. On the reasoning for separating +# localhost and hostname mapping to different IPs, see +# . +# +# Ignores IPv6s. +set -e +. ./misc.sh +. ../../misc.sh + +expect_n_args 1 "(hostname, fqdn)" "$@" + +hostname="$1" +fqdn="$2" +echo "${hostname}" > /etc/hostname +hostname "${hostname}" + +final_ip="127.0.1.1" +for ip in $(hostname -I); do + if [ $(echo "${ip}" | grep ':' | wc -l) -eq 1 ]; then + continue + fi + range_1=$(echo "${ip}" | cut -d "." -f 1) + range_2=$(echo "${ip}" | cut -d "." -f 2) + if [ "${range_1}" -eq 127 ]; then + continue + elif [ "${range_1}" -eq 10 ]; then + continue + elif [ "${range_1}" -eq 172 ]; then + if [ "${range_2}" -ge 16 ] && [ "${range_2}" -le 31 ]; then + continue + fi + elif [ "${range_1}" -eq 192 ]; then + if [ "${range_2}" -eq 168 ]; then + continue + fi + fi + final_ip="${ip}" +done + +echo "127.0.0.1 localhost.localdomain localhost" > /etc/hosts +echo "${final_ip} ${fqdn} ${hostname}" >> /etc/hosts diff --git a/_bookworm/setup_scripts/setup_desktop.sh b/_bookworm/setup_scripts/setup_desktop.sh new file mode 100755 index 0000000..fe11b83 --- /dev/null +++ b/_bookworm/setup_scripts/setup_desktop.sh @@ -0,0 +1,56 @@ +#!/bin/sh +set -e +. ./misc.sh +. ../../misc.sh + +expect_n_args 1 "(system name)" "$@" +get_system_name_arg "$1" + +# Set up system without user environment. +cd "${setup_scripts_dir}" +if [ "$system_name" = "w530" || "$system_name" = "x220"]; then + ./_setup.sh "${system_name}" "" user desktop thinkpad "${system_name}" +else + ./_setup.sh "${system_name}" "" user desktop "${system_name}" +fi + +# # Set up printer. +# ppd_deb="hll2350dwpdrv-4.0.0-1.i386.deb" +# wget "https://download.brother.com/welcome/dlf103566/${ppd_deb}" +# dpkg --add-architecture i386 +# apt update +# apt install -y "./${ppd_deb}" +# service cups restart +# # lpadmin -p 'Brother_HLL2350DW' -m 'brother-HLL2350DW-cups-en.ppd' +# rm "./${ppd_deb}" +# # TODO explore potential lpadmin options like -o 'OutputMode=NormalGray' + +# Set up NVIDIA eGPU config. +if [ "$system_name" = "w530" ]; then + cd + git clone https://github.com/NVIDIA/open-gpu-kernel-modules + cd open-gpu-kernel-modules + git checkout 337e28e + # git checkout 4c29105335610933e744f4ab2524ea63fc39edaf + make modules -j$(nproc) + make modules_install + cd + driver_version=535.86.05 + # driver_version=545.29.06 + runscript=NVIDIA-Linux-x86_64-${driver_version}.run + wget https://us.download.nvidia.com/XFree86/Linux-x86_64/${driver_version}/${runscript} + rmmod nouveau + chmod u+x ${runscript} + ./${runscript} --no-kernel-modules --silent + depmod + # TODO I suspect that the GPU falling of the bus may be mildened by running nvidia-persistenced, check https://github.com/NVIDIA/nvidia-persistenced/tree/main/init +fi + +# Set up user environments. +cd "${setup_scripts_dir}" +./copy_dirtree.sh "${config_tree_prefix}/home_files" "/root" minimal root +adduser --disabled-password --gecos "" plom +usermod -a -G sudo plom +passwd plom +cp -a ~/config /home/plom +chown -R plom:plom /home/plom/config diff --git a/_bookworm/setup_scripts/setup_firefox.sh b/_bookworm/setup_scripts/setup_firefox.sh new file mode 100755 index 0000000..5466b67 --- /dev/null +++ b/_bookworm/setup_scripts/setup_firefox.sh @@ -0,0 +1,19 @@ +#!/bin/sh +set -e +. ./misc.sh + +# Install Firefox directly from Mozilla. +firefox_release="128.4.0esr" +firefox_filename="firefox-${firefox_release}.tar.bz2" +url_firefox="https://ftp.mozilla.org/pub/firefox/releases/${firefox_release}/linux-x86_64/en-US/${firefox_filename}" +wget "${url_firefox}" +mv "${firefox_filename}" /opt/ +cd /opt/ +tar xf "${firefox_filename}" +rm "${firefox_filename}" +ln -f -s /opt/firefox/firefox /usr/local/bin/ +update-alternatives --install /usr/bin/x-www-browser x-www-browser /opt/firefox/firefox 200 +update-alternatives --set x-www-browser /opt/firefox/firefox + +echo "TODO: Install uBlock Origin and tridactyl plugins, run :installnative and :source." + diff --git a/_bookworm/setup_scripts/setup_home.sh b/_bookworm/setup_scripts/setup_home.sh new file mode 100755 index 0000000..54f0db1 --- /dev/null +++ b/_bookworm/setup_scripts/setup_home.sh @@ -0,0 +1,109 @@ +#!/bin/sh +set -e +. ./misc.sh +. ../../misc.sh + +expect_n_args 1 "(system name)" "$@" +get_system_name_arg "$1" + +cd $setup_scripts_dir +./copy_dirtree.sh "${config_tree_prefix}/home_files" "${HOME}" minimal user "${system_name}" + +secrets_dev="sdb" +source_dir_secrets="/media/${secrets_dev}/to_usb" +target_dir_secrets="${HOME}/tmp_secrets" +echo "Put secrets drive into slot for /dev/${secrets_dev}." +while [ ! -e /dev/"${secrets_dev}" ]; do + sleep 1 +done +stty -echo +printf "Secrets passphrase: " +read SECRETS_PASS +stty echo +echo "" # newline so user knows their input return was accepted +sudo -v +echo "${SECRETS_PASS}" | sudo pmount /dev/"${secrets_dev}" +cp -a "${source_dir_secrets}" "${target_dir_secrets}" +sudo chown -R plom:plom "${target_dir_secrets}" +sudo pumount "${secrets_dev}" +echo "You can remove /dev/${secrets_dev} now." + +# Set up iniitial non-public parts of infrastructure: SSH authentication. +ssh_dir=~/.ssh +cd "${target_dir_secrets}" +mkdir -p "${ssh_dir}" +echo "Setting up .ssh" +cp id_rsa ~/.ssh +stty -echo +ssh-keygen -y -f ~/.ssh/id_rsa > ~/.ssh/id_rsa.pub +stty echo +eval $(ssh-agent) +ssh-add +ssh-keyscan -H "plomlompom.com" >> ~/.ssh/known_hosts + +# Fill ~/public_repos. +public_repos_dir="${HOME}/public_repos" +repos_list_file="${public_repos_dir}/repos" +mkdir -p "${public_repos_dir}" +cat "${repos_list_file}" | while read line; do + first_char=$(echo "${line}" | cut -c1) + if [ "${first_char}" = "#" ]; then + continue + fi + repo_name="${line}" + if [ ! -d "${public_repos_dir}/${repo_name}" ]; then + cd "${public_repos_dir}" + git clone plom@plomlompom.com:/var/repos/${repo_name} + fi +done + +# Remove redundant config repo copy. +config_tree_prefix="${public_repos_dir}/config/${debian_version}" +rm -rf ~/config + +# # Set up native messenger for tridactyl. +# version='ef9f02d0da258f68d7faf8898707f6d83d90d07a' +# curl -fsSl "https://raw.githubusercontent.com/tridactyl/tridactyl/${version}/native/install.sh" | bash + +# Set up further non-public parts of infrastructure. +cd "${target_dir_secrets}" +script -c 'gpg --import secret_keys.asc' /dev/null +path_borgscript="${config_tree_prefix}//borg.sh" + +# borg setup +borgkeys_dir=~/.config/borg/keys +borgrepos_file=~/.borgrepos +tar xf borg_keyfiles.tar +mkdir -p "${borgkeys_dir}" +mv borg_keyfiles/* "${borgkeys_dir}" +# Sync org dir via borgbackup. For this we need the borgbackup servers +# in our .ssh/known_hosts file. +cat "${borgrepos_file}" | while read line; do + first_char=$(echo "${line}" | cut -c1) + if [ "${first_char}" = "#" ]; then + continue + fi + server=$(echo "${line}" | sed 's/.*@//') + ssh-keyscan "${server}" >> "${ssh_dir}"/known_hosts +done +BORG_PASSPHRASE="${SECRETS_PASS}" "${path_borgscript}" orgpull + +# .authinfo may not be present on every secrets drive yet +authinfo_file=.authinfo +if [ -f "${authinfo_file}" ]; then + cp "${authinfo_file}" ~ +fi +cd + +maildir=~/mail/maildir +# # Set up e-mail system. Note that we only do mbsync if the imap pass file +# # is found. It may not be present on every secrets drive yet, so we have to +# # deal with the possibility of it being absent at this point. +mkdir -p "${maildir}" # expected by mbsync/isync +if [ -f "${HOME}/${authinfo_file}" ]; then + mbsync -a + notmuch new +fi + +# # Final note on how to integrate tridactyl. +# echo "TODO: As tridactyl user, don't forget to do :source on the first Firefox run, wait a little while (Tridactyl needs to walk through all commands in the .tridactylrc) and then re-start." diff --git a/_bookworm/setup_scripts/setup_nvidia.sh b/_bookworm/setup_scripts/setup_nvidia.sh new file mode 100755 index 0000000..d05c8d1 --- /dev/null +++ b/_bookworm/setup_scripts/setup_nvidia.sh @@ -0,0 +1,24 @@ +#!/bin/sh +set -e +. ./misc.sh + +# Set up NVIDIA eGPU config. +cd +# git clone https://github.com/NVIDIA/open-gpu-kernel-modules +# cd open-gpu-kernel-modules +# git checkout 337e28e +# # git checkout 4c29105335610933e744f4ab2524ea63fc39edaf +# make modules -j$(nproc) +# make modules_install +# cd +driver_version=535.86.05 +# driver_version=545.29.06 +runscript=NVIDIA-Linux-x86_64-${driver_version}.run +# wget https://us.download.nvidia.com/XFree86/Linux-x86_64/${driver_version}/${runscript} +set +e +rmmod nouveau +set -e +chmod u+x ${runscript} +./${runscript} --no-kernel-modules --silent +depmod +# TODO I suspect that the GPU falling of the bus may be mildened by running nvidia-persistenced, check https://github.com/NVIDIA/nvidia-persistenced/tree/main/init diff --git a/_bookworm/setup_scripts/setup_seedbox.sh b/_bookworm/setup_scripts/setup_seedbox.sh new file mode 100755 index 0000000..f641011 --- /dev/null +++ b/_bookworm/setup_scripts/setup_seedbox.sh @@ -0,0 +1,19 @@ +#!/bin/sh +set -e +. ./misc.sh +. ../../misc.sh + +expect_setup_finished_file setup_server_has_been_run setup_server.sh + +plom_home_dir=/home/plom + +cd "${setup_scripts_dir}" +cp "${config_tree_prefix}/home_files/seedbox/.rtorrent.rc" "${plom_home_dir}" +chown plom:plom "${plom_home_dir}/.rtorrent.rc" +./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" seedbox +./install_for_target.sh seedbox +mkdir "${plom_home_dir}/downloads" +chown plom:plom "${plom_home_dir}/downloads" +mkdir "${plom_home_dir}/session" +chown plom:plom "${plom_home_dir}/session" +systemctl enable rtorrent.service --now diff --git a/_bookworm/setup_scripts/setup_server.sh b/_bookworm/setup_scripts/setup_server.sh new file mode 100755 index 0000000..c854b95 --- /dev/null +++ b/_bookworm/setup_scripts/setup_server.sh @@ -0,0 +1,24 @@ +#!/bin/sh +# Next setup steps for a server whose login policy has just been set from +# the outside via ./init_user_login.sh or ./init_user_and_keybased_login.sh +set -e +. ./misc.sh +. ../../misc.sh + +expect_n_args 2 "(hostname, FQDN)" "$@" +hostname="$1" +fqdn="$2" +additional_arg="$3" + +# Set up basic server system. +cd "${setup_scripts_dir}" +./_setup.sh "${hostname}" "${fqdn}" server "$@" + +# If we have not yet set the shell for user plom, ensure it here. This +# is mostly for convenience. +usermod -s /bin/bash plom + +# Enable firewall. +systemctl enable nftables.service + +touch "$HOME/setup_server_has_been_run" diff --git a/_bookworm/setup_scripts/setup_static_website.sh b/_bookworm/setup_scripts/setup_static_website.sh new file mode 100755 index 0000000..bdfb7d3 --- /dev/null +++ b/_bookworm/setup_scripts/setup_static_website.sh @@ -0,0 +1,60 @@ +#!/bin/sh +set -e +. ./misc.sh +. ../../misc.sh + +expect_setup_finished_file setup_web_has_been_run setup_web.sh + +expect_n_args 1 "(website template, i.e. status.plomlompom.com, tube.plomlompom.com …)" "$@" +website_template="$1" +shift 1 + +mirror_ip="" +mirror_state="not mirroring automatically, since no IP given" +domain="${website_template}" +mail="plom+webmaster@plomlompom.com" +if [ "$#" -gt 0 ]; then + domain="$1" + if [ "$#" -gt 1 ]; then + mail="$2" + if [ "$#" -gt 2 ]; then + mirror_ip="$3" + mirror_state="mirroring automatically from ${mirror_ip}" + fi + fi +fi +echo "Assuming domain ${domain} and letsencrypt support mail address ${mail} and ${mirror_state}, abort and provide as arguments in this order if other desired! (Otherwise just hit Return.)" +read _ + +if [ ! -z "${mirror_ip}" ]; then + # Set up connection to old server. + cp "${setup_scripts_dir}/misc.sh" /home/plom/ + cp "${setup_scripts_dir}/prepare_to_meet_server.sh" /home/plom/ + chown plom:plom /home/plom/prepare_to_meet_server.sh + su -lc "./prepare_to_meet_server.sh ${mirror_ip}" plom + read -p 'Hit Enter when you are done.' ignore + rm /home/plom/prepare_to_meet_server.sh + + # Mirror dirs. + cp "${setup_scripts_dir}/mirror_dir.sh" /home/plom/ + su -lc "./mirror_dir.sh ${mirror_ip} /var/www/${website_template}" plom + rm /home/plom/mirror_dir.sh + rm /home/plom/misc.sh +fi + +# Install configs, set up firewall. +./install_for_target.sh "${website_template}" +./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" "${website_template}" +nft -f /etc/nftables.conf + +# Set up letsencrypt certificate. TODO: Is it auto-renewed? +ln -sf /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default +certbot --nginx --agree-tos --redirect --no-eff-email -m "${mail}" -d "${domain}" +rm /etc/nginx/sites-enabled/default + +# Prepare NGINX. +sed -i "s/REPLACE_fqdn_ECALPER/${domain}/g" "/etc/nginx/sites-available/${website_template}.nginx" +ln -s "/etc/nginx/sites-available/${website_template}.nginx" "/etc/nginx/sites-enabled/${website_template}.nginx" + +service nginx restart + diff --git a/_bookworm/setup_scripts/setup_web.sh b/_bookworm/setup_scripts/setup_web.sh new file mode 100755 index 0000000..4807e8a --- /dev/null +++ b/_bookworm/setup_scripts/setup_web.sh @@ -0,0 +1,29 @@ +#!/bin/sh +set -e +. ./misc.sh +. ../../misc.sh + +expect_setup_finished_file setup_server_has_been_run setup_server.sh + +expect_n_args 1 "(domain name)" "$@" +domain="$1" + +# Install configs, set up firewall. +./install_for_target.sh web +./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" web +nft -f /etc/nftables.conf + +chown plom /var/www + +# # Set up letsencrypt certificate. TODO: Is it auto-renewed? +# ln -sf /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default +# certbot --nginx --agree-tos --redirect --no-eff-email -m "${mail}" -d "${domain}" +# rm /etc/nginx/sites-enabled/default + +# # Prepare NGINX for status.plomlompom.com. +# sed -i "s/REPLACE_fqdn_ECALPER/${domain}/g" /etc/nginx/sites-available/status.plomlompom.com.nginx +# ln -s /etc/nginx/sites-available/status.plomlompom.com.nginx /etc/nginx/sites-enabled/status.plomlompom.com.nginx +# +# service nginx restart + +touch "$HOME/setup_web_has_been_run" diff --git a/_bookworm/setup_scripts/upgrade_from_older_release.sh b/_bookworm/setup_scripts/upgrade_from_older_release.sh new file mode 100755 index 0000000..c13b8ca --- /dev/null +++ b/_bookworm/setup_scripts/upgrade_from_older_release.sh @@ -0,0 +1,24 @@ +#!/bin/sh + +# Upgrade a fresh (!) system to Bookworm, as per [1]. Fresh, because: Don't +# expect any customized config files to survive this. If you run this on a +# remote machine, take care not to loose anything you need to re-connect, e.g. +# any relevant adaptations you did to /etc/ssh/sshd_config … + +set -e +. ./misc.sh +. ../../misc.sh + +path_sources_list="/etc/apt/sources.list" + +export DEBIAN_FRONTEND=noninteractive +apt update +apt -y -o Dpkg::Options::="--force-confnew" upgrade +apt -y -o Dpkg::Options::="--force-confnew" full-upgrade +cp "${config_tree_prefix}/etc_files/all${path_sources_list}" "${path_sources_list}" +apt clean +apt update +apt -y -o Dpkg::Options::="--force-confnew" upgrade +apt -y -o Dpkg::Options::="--force-confnew" full-upgrade +apt -y autoremove +cp "${local_path_sshd_config}" "${system_path_sshd_config}" diff --git a/archived/__constants.sh b/archived/__constants.sh new file mode 100755 index 0000000..ac6dd89 --- /dev/null +++ b/archived/__constants.sh @@ -0,0 +1,22 @@ +#!/bin/sh +set -e + +PATH_REL_ETC=etc +PATH_REL_APTMARK=aptmark +PATH_REL_REPO=config +PATH_REL_HOME=home +PATH_MANY=../../many_releases +PATH_MANY_MISC="${PATH_MANY}/scripts/_misc.sh" +ROOTS_HERE_AND_MANY="${PATH_MANY} .." + +USERNAME=plom +PATH_USER_HOME="/home/${USERNAME}" + +FILENAME_PRIVATE_KEY=id_rsa +FILENAME_PUBLIC_KEY="${FILENAME_PRIVATE_KEY}.pub" +URL_PUBLIC_KEY="https://dump.plomlompom.com/dump/${FILENAME_PUBLIC_KEY}" +PATH_REL_LOCAL_SSH=.ssh +PATH_REL_AUTHORIZED_KEYS="${PATH_REL_LOCAL_SSH}/authorized_keys" +PATH_AUTHORIZED_KEYS="${HOME}/${PATH_REL_AUTHORIZED_KEYS}" +PATH_USER_SSH="${PATH_USER_HOME}/${PATH_REL_LOCAL_SSH}" + diff --git a/archived/__many_releases/aptmark/all b/archived/__many_releases/aptmark/all new file mode 100644 index 0000000..41bd4a9 --- /dev/null +++ b/archived/__many_releases/aptmark/all @@ -0,0 +1,12 @@ +# connectivity: ifupdown seems necessary everyhwere, isc-dhcp-client unpredictably so +ifupdown +isc-dhcp-client +# git for the setup directory; cloning works with ca-certificates +ca-certificates +git +# to avoid constant warnings about no locale being found +locales +# extremely useful for basic network debugging; missed these more than once in an emergency +netcat-traditional +iputils-ping + diff --git a/archived/__many_releases/aptmark/raspi b/archived/__many_releases/aptmark/raspi new file mode 100644 index 0000000..a59c153 --- /dev/null +++ b/archived/__many_releases/aptmark/raspi @@ -0,0 +1,30 @@ +# so we can still connect +openssh-server +# this gotta be good for _something_ … +raspi-firmware +# to boot into a graphical environment +greetd +sway +# for waybar script +calc +# for sound +pulseaudio +# for setting console keyboard via /etc/default/keyboard +console-setup +# for setting system time +ntpsec-ntpdate +# basic usage +mpv +firefox-esr +# for convenience +foot +less +sudo +vim +ack +man-db +# for ytplom +python3-venv +libmpv2 +ffmpeg + diff --git a/archived/__many_releases/etc/all/apt/apt.conf.d/99_minimize_dependencies b/archived/__many_releases/etc/all/apt/apt.conf.d/99_minimize_dependencies new file mode 100644 index 0000000..4aaef79 --- /dev/null +++ b/archived/__many_releases/etc/all/apt/apt.conf.d/99_minimize_dependencies @@ -0,0 +1,4 @@ +APT::AutoRemove::RecommendsImportant "false"; +APT::AutoRemove::SuggestsImportant "false"; +APT::Install-Recommends "false"; +APT::Install-Suggests "false"; diff --git a/archived/__many_releases/etc/all/locale.conf b/archived/__many_releases/etc/all/locale.conf new file mode 100644 index 0000000..dd6eee3 --- /dev/null +++ b/archived/__many_releases/etc/all/locale.conf @@ -0,0 +1 @@ +LANG="en_US.UTF-8" diff --git a/archived/__many_releases/etc/all/locale.gen b/archived/__many_releases/etc/all/locale.gen new file mode 100644 index 0000000..a28cfa4 --- /dev/null +++ b/archived/__many_releases/etc/all/locale.gen @@ -0,0 +1,483 @@ +# This file lists locales that you wish to have built. You can find a list +# of valid supported locales at /usr/share/i18n/SUPPORTED, and you can add +# user defined locales to /usr/local/share/i18n/SUPPORTED. If you change +# this file, you need to rerun locale-gen. + + +# aa_DJ ISO-8859-1 +# aa_DJ.UTF-8 UTF-8 +# aa_ER UTF-8 +# aa_ER@saaho UTF-8 +# aa_ET UTF-8 +# af_ZA ISO-8859-1 +# af_ZA.UTF-8 UTF-8 +# ak_GH UTF-8 +# am_ET UTF-8 +# an_ES ISO-8859-15 +# an_ES.UTF-8 UTF-8 +# anp_IN UTF-8 +# ar_AE ISO-8859-6 +# ar_AE.UTF-8 UTF-8 +# ar_BH ISO-8859-6 +# ar_BH.UTF-8 UTF-8 +# ar_DZ ISO-8859-6 +# ar_DZ.UTF-8 UTF-8 +# ar_EG ISO-8859-6 +# ar_EG.UTF-8 UTF-8 +# ar_IN UTF-8 +# ar_IQ ISO-8859-6 +# ar_IQ.UTF-8 UTF-8 +# ar_JO ISO-8859-6 +# ar_JO.UTF-8 UTF-8 +# ar_KW ISO-8859-6 +# ar_KW.UTF-8 UTF-8 +# ar_LB ISO-8859-6 +# ar_LB.UTF-8 UTF-8 +# ar_LY ISO-8859-6 +# ar_LY.UTF-8 UTF-8 +# ar_MA ISO-8859-6 +# ar_MA.UTF-8 UTF-8 +# ar_OM ISO-8859-6 +# ar_OM.UTF-8 UTF-8 +# ar_QA ISO-8859-6 +# ar_QA.UTF-8 UTF-8 +# ar_SA ISO-8859-6 +# ar_SA.UTF-8 UTF-8 +# ar_SD ISO-8859-6 +# ar_SD.UTF-8 UTF-8 +# ar_SS UTF-8 +# ar_SY ISO-8859-6 +# ar_SY.UTF-8 UTF-8 +# ar_TN ISO-8859-6 +# ar_TN.UTF-8 UTF-8 +# ar_YE ISO-8859-6 +# ar_YE.UTF-8 UTF-8 +# as_IN UTF-8 +# ast_ES ISO-8859-15 +# ast_ES.UTF-8 UTF-8 +# ayc_PE UTF-8 +# az_AZ UTF-8 +# be_BY CP1251 +# be_BY.UTF-8 UTF-8 +# be_BY@latin UTF-8 +# bem_ZM UTF-8 +# ber_DZ UTF-8 +# ber_MA UTF-8 +# bg_BG CP1251 +# bg_BG.UTF-8 UTF-8 +# bhb_IN.UTF-8 UTF-8 +# bho_IN UTF-8 +# bn_BD UTF-8 +# bn_IN UTF-8 +# bo_CN UTF-8 +# bo_IN UTF-8 +# br_FR ISO-8859-1 +# br_FR.UTF-8 UTF-8 +# br_FR@euro ISO-8859-15 +# brx_IN UTF-8 +# bs_BA ISO-8859-2 +# bs_BA.UTF-8 UTF-8 +# byn_ER UTF-8 +# ca_AD ISO-8859-15 +# ca_AD.UTF-8 UTF-8 +# ca_ES ISO-8859-1 +# ca_ES.UTF-8 UTF-8 +# ca_ES.UTF-8@valencia UTF-8 +# ca_ES@euro ISO-8859-15 +# ca_ES@valencia ISO-8859-15 +# ca_FR ISO-8859-15 +# ca_FR.UTF-8 UTF-8 +# ca_IT ISO-8859-15 +# ca_IT.UTF-8 UTF-8 +# ce_RU UTF-8 +# chr_US UTF-8 +# cmn_TW UTF-8 +# crh_UA UTF-8 +# cs_CZ ISO-8859-2 +# cs_CZ.UTF-8 UTF-8 +# csb_PL UTF-8 +# cv_RU UTF-8 +# cy_GB ISO-8859-14 +# cy_GB.UTF-8 UTF-8 +# da_DK ISO-8859-1 +# da_DK.UTF-8 UTF-8 +# de_AT ISO-8859-1 +# de_AT.UTF-8 UTF-8 +# de_AT@euro ISO-8859-15 +# de_BE ISO-8859-1 +# de_BE.UTF-8 UTF-8 +# de_BE@euro ISO-8859-15 +# de_CH ISO-8859-1 +# de_CH.UTF-8 UTF-8 +# de_DE ISO-8859-1 +# de_DE.UTF-8 UTF-8 +# de_DE@euro ISO-8859-15 +# de_IT ISO-8859-1 +# de_IT.UTF-8 UTF-8 +# de_LI.UTF-8 UTF-8 +# de_LU ISO-8859-1 +# de_LU.UTF-8 UTF-8 +# de_LU@euro ISO-8859-15 +# doi_IN UTF-8 +# dv_MV UTF-8 +# dz_BT UTF-8 +# el_CY ISO-8859-7 +# el_CY.UTF-8 UTF-8 +# el_GR ISO-8859-7 +# el_GR.UTF-8 UTF-8 +# en_AG UTF-8 +# en_AU ISO-8859-1 +# en_AU.UTF-8 UTF-8 +# en_BW ISO-8859-1 +# en_BW.UTF-8 UTF-8 +# en_CA ISO-8859-1 +# en_CA.UTF-8 UTF-8 +# en_DK ISO-8859-1 +# en_DK.ISO-8859-15 ISO-8859-15 +# en_DK.UTF-8 UTF-8 +# en_GB ISO-8859-1 +# en_GB.ISO-8859-15 ISO-8859-15 +# en_GB.UTF-8 UTF-8 +# en_HK ISO-8859-1 +# en_HK.UTF-8 UTF-8 +# en_IE ISO-8859-1 +# en_IE.UTF-8 UTF-8 +# en_IE@euro ISO-8859-15 +# en_IL UTF-8 +# en_IN UTF-8 +# en_NG UTF-8 +# en_NZ ISO-8859-1 +# en_NZ.UTF-8 UTF-8 +# en_PH ISO-8859-1 +# en_PH.UTF-8 UTF-8 +# en_SG ISO-8859-1 +# en_SG.UTF-8 UTF-8 +# en_US ISO-8859-1 +# en_US.ISO-8859-15 ISO-8859-15 +en_US.UTF-8 UTF-8 +# en_ZA ISO-8859-1 +# en_ZA.UTF-8 UTF-8 +# en_ZM UTF-8 +# en_ZW ISO-8859-1 +# en_ZW.UTF-8 UTF-8 +# eo UTF-8 +# es_AR ISO-8859-1 +# es_AR.UTF-8 UTF-8 +# es_BO ISO-8859-1 +# es_BO.UTF-8 UTF-8 +# es_CL ISO-8859-1 +# es_CL.UTF-8 UTF-8 +# es_CO ISO-8859-1 +# es_CO.UTF-8 UTF-8 +# es_CR ISO-8859-1 +# es_CR.UTF-8 UTF-8 +# es_CU UTF-8 +# es_DO ISO-8859-1 +# es_DO.UTF-8 UTF-8 +# es_EC ISO-8859-1 +# es_EC.UTF-8 UTF-8 +# es_ES ISO-8859-1 +# es_ES.UTF-8 UTF-8 +# es_ES@euro ISO-8859-15 +# es_GT ISO-8859-1 +# es_GT.UTF-8 UTF-8 +# es_HN ISO-8859-1 +# es_HN.UTF-8 UTF-8 +# es_MX ISO-8859-1 +# es_MX.UTF-8 UTF-8 +# es_NI ISO-8859-1 +# es_NI.UTF-8 UTF-8 +# es_PA ISO-8859-1 +# es_PA.UTF-8 UTF-8 +# es_PE ISO-8859-1 +# es_PE.UTF-8 UTF-8 +# es_PR ISO-8859-1 +# es_PR.UTF-8 UTF-8 +# es_PY ISO-8859-1 +# es_PY.UTF-8 UTF-8 +# es_SV ISO-8859-1 +# es_SV.UTF-8 UTF-8 +# es_US ISO-8859-1 +# es_US.UTF-8 UTF-8 +# es_UY ISO-8859-1 +# es_UY.UTF-8 UTF-8 +# es_VE ISO-8859-1 +# es_VE.UTF-8 UTF-8 +# et_EE ISO-8859-1 +# et_EE.ISO-8859-15 ISO-8859-15 +# et_EE.UTF-8 UTF-8 +# eu_ES ISO-8859-1 +# eu_ES.UTF-8 UTF-8 +# eu_ES@euro ISO-8859-15 +# eu_FR ISO-8859-1 +# eu_FR.UTF-8 UTF-8 +# eu_FR@euro ISO-8859-15 +# fa_IR UTF-8 +# ff_SN UTF-8 +# fi_FI ISO-8859-1 +# fi_FI.UTF-8 UTF-8 +# fi_FI@euro ISO-8859-15 +# fil_PH UTF-8 +# fo_FO ISO-8859-1 +# fo_FO.UTF-8 UTF-8 +# fr_BE ISO-8859-1 +# fr_BE.UTF-8 UTF-8 +# fr_BE@euro ISO-8859-15 +# fr_CA ISO-8859-1 +# fr_CA.UTF-8 UTF-8 +# fr_CH ISO-8859-1 +# fr_CH.UTF-8 UTF-8 +# fr_FR ISO-8859-1 +# fr_FR.UTF-8 UTF-8 +# fr_FR@euro ISO-8859-15 +# fr_LU ISO-8859-1 +# fr_LU.UTF-8 UTF-8 +# fr_LU@euro ISO-8859-15 +# fur_IT UTF-8 +# fy_DE UTF-8 +# fy_NL UTF-8 +# ga_IE ISO-8859-1 +# ga_IE.UTF-8 UTF-8 +# ga_IE@euro ISO-8859-15 +# gd_GB ISO-8859-15 +# gd_GB.UTF-8 UTF-8 +# gez_ER UTF-8 +# gez_ER@abegede UTF-8 +# gez_ET UTF-8 +# gez_ET@abegede UTF-8 +# gl_ES ISO-8859-1 +# gl_ES.UTF-8 UTF-8 +# gl_ES@euro ISO-8859-15 +# gu_IN UTF-8 +# gv_GB ISO-8859-1 +# gv_GB.UTF-8 UTF-8 +# ha_NG UTF-8 +# hak_TW UTF-8 +# he_IL ISO-8859-8 +# he_IL.UTF-8 UTF-8 +# hi_IN UTF-8 +# hne_IN UTF-8 +# hr_HR ISO-8859-2 +# hr_HR.UTF-8 UTF-8 +# hsb_DE ISO-8859-2 +# hsb_DE.UTF-8 UTF-8 +# ht_HT UTF-8 +# hu_HU ISO-8859-2 +# hu_HU.UTF-8 UTF-8 +# hy_AM UTF-8 +# hy_AM.ARMSCII-8 ARMSCII-8 +# ia_FR UTF-8 +# id_ID ISO-8859-1 +# id_ID.UTF-8 UTF-8 +# ig_NG UTF-8 +# ik_CA UTF-8 +# is_IS ISO-8859-1 +# is_IS.UTF-8 UTF-8 +# it_CH ISO-8859-1 +# it_CH.UTF-8 UTF-8 +# it_IT ISO-8859-1 +# it_IT.UTF-8 UTF-8 +# it_IT@euro ISO-8859-15 +# iu_CA UTF-8 +# ja_JP.EUC-JP EUC-JP +# ja_JP.UTF-8 UTF-8 +# ka_GE GEORGIAN-PS +# ka_GE.UTF-8 UTF-8 +# kk_KZ PT154 +# kk_KZ.RK1048 RK1048 +# kk_KZ.UTF-8 UTF-8 +# kl_GL ISO-8859-1 +# kl_GL.UTF-8 UTF-8 +# km_KH UTF-8 +# kn_IN UTF-8 +# ko_KR.EUC-KR EUC-KR +# ko_KR.UTF-8 UTF-8 +# kok_IN UTF-8 +# ks_IN UTF-8 +# ks_IN@devanagari UTF-8 +# ku_TR ISO-8859-9 +# ku_TR.UTF-8 UTF-8 +# kw_GB ISO-8859-1 +# kw_GB.UTF-8 UTF-8 +# ky_KG UTF-8 +# lb_LU UTF-8 +# lg_UG ISO-8859-10 +# lg_UG.UTF-8 UTF-8 +# li_BE UTF-8 +# li_NL UTF-8 +# lij_IT UTF-8 +# ln_CD UTF-8 +# lo_LA UTF-8 +# lt_LT ISO-8859-13 +# lt_LT.UTF-8 UTF-8 +# lv_LV ISO-8859-13 +# lv_LV.UTF-8 UTF-8 +# lzh_TW UTF-8 +# mag_IN UTF-8 +# mai_IN UTF-8 +# mg_MG ISO-8859-15 +# mg_MG.UTF-8 UTF-8 +# mhr_RU UTF-8 +# mi_NZ ISO-8859-13 +# mi_NZ.UTF-8 UTF-8 +# mk_MK ISO-8859-5 +# mk_MK.UTF-8 UTF-8 +# ml_IN UTF-8 +# mn_MN UTF-8 +# mni_IN UTF-8 +# mr_IN UTF-8 +# ms_MY ISO-8859-1 +# ms_MY.UTF-8 UTF-8 +# mt_MT ISO-8859-3 +# mt_MT.UTF-8 UTF-8 +# my_MM UTF-8 +# nan_TW UTF-8 +# nan_TW@latin UTF-8 +# nb_NO ISO-8859-1 +# nb_NO.UTF-8 UTF-8 +# nds_DE UTF-8 +# nds_NL UTF-8 +# ne_NP UTF-8 +# nhn_MX UTF-8 +# niu_NU UTF-8 +# niu_NZ UTF-8 +# nl_AW UTF-8 +# nl_BE ISO-8859-1 +# nl_BE.UTF-8 UTF-8 +# nl_BE@euro ISO-8859-15 +# nl_NL ISO-8859-1 +# nl_NL.UTF-8 UTF-8 +# nl_NL@euro ISO-8859-15 +# nn_NO ISO-8859-1 +# nn_NO.UTF-8 UTF-8 +# nr_ZA UTF-8 +# nso_ZA UTF-8 +# oc_FR ISO-8859-1 +# oc_FR.UTF-8 UTF-8 +# om_ET UTF-8 +# om_KE ISO-8859-1 +# om_KE.UTF-8 UTF-8 +# or_IN UTF-8 +# os_RU UTF-8 +# pa_IN UTF-8 +# pa_PK UTF-8 +# pap_AW UTF-8 +# pap_CW UTF-8 +# pl_PL ISO-8859-2 +# pl_PL.UTF-8 UTF-8 +# ps_AF UTF-8 +# pt_BR ISO-8859-1 +# pt_BR.UTF-8 UTF-8 +# pt_PT ISO-8859-1 +# pt_PT.UTF-8 UTF-8 +# pt_PT@euro ISO-8859-15 +# quz_PE UTF-8 +# raj_IN UTF-8 +# ro_RO ISO-8859-2 +# ro_RO.UTF-8 UTF-8 +# ru_RU ISO-8859-5 +# ru_RU.CP1251 CP1251 +# ru_RU.KOI8-R KOI8-R +# ru_RU.UTF-8 UTF-8 +# ru_UA KOI8-U +# ru_UA.UTF-8 UTF-8 +# rw_RW UTF-8 +# sa_IN UTF-8 +# sat_IN UTF-8 +# sc_IT UTF-8 +# sd_IN UTF-8 +# sd_IN@devanagari UTF-8 +# se_NO UTF-8 +# sgs_LT UTF-8 +# shs_CA UTF-8 +# si_LK UTF-8 +# sid_ET UTF-8 +# sk_SK ISO-8859-2 +# sk_SK.UTF-8 UTF-8 +# sl_SI ISO-8859-2 +# sl_SI.UTF-8 UTF-8 +# so_DJ ISO-8859-1 +# so_DJ.UTF-8 UTF-8 +# so_ET UTF-8 +# so_KE ISO-8859-1 +# so_KE.UTF-8 UTF-8 +# so_SO ISO-8859-1 +# so_SO.UTF-8 UTF-8 +# sq_AL ISO-8859-1 +# sq_AL.UTF-8 UTF-8 +# sq_MK UTF-8 +# sr_ME UTF-8 +# sr_RS UTF-8 +# sr_RS@latin UTF-8 +# ss_ZA UTF-8 +# st_ZA ISO-8859-1 +# st_ZA.UTF-8 UTF-8 +# sv_FI ISO-8859-1 +# sv_FI.UTF-8 UTF-8 +# sv_FI@euro ISO-8859-15 +# sv_SE ISO-8859-1 +# sv_SE.ISO-8859-15 ISO-8859-15 +# sv_SE.UTF-8 UTF-8 +# sw_KE UTF-8 +# sw_TZ UTF-8 +# szl_PL UTF-8 +# ta_IN UTF-8 +# ta_LK UTF-8 +# tcy_IN.UTF-8 UTF-8 +# te_IN UTF-8 +# tg_TJ KOI8-T +# tg_TJ.UTF-8 UTF-8 +# th_TH TIS-620 +# th_TH.UTF-8 UTF-8 +# the_NP UTF-8 +# ti_ER UTF-8 +# ti_ET UTF-8 +# tig_ER UTF-8 +# tk_TM UTF-8 +# tl_PH ISO-8859-1 +# tl_PH.UTF-8 UTF-8 +# tn_ZA UTF-8 +# tr_CY ISO-8859-9 +# tr_CY.UTF-8 UTF-8 +# tr_TR ISO-8859-9 +# tr_TR.UTF-8 UTF-8 +# ts_ZA UTF-8 +# tt_RU UTF-8 +# tt_RU@iqtelif UTF-8 +# ug_CN UTF-8 +# uk_UA KOI8-U +# uk_UA.UTF-8 UTF-8 +# unm_US UTF-8 +# ur_IN UTF-8 +# ur_PK UTF-8 +# uz_UZ ISO-8859-1 +# uz_UZ.UTF-8 UTF-8 +# uz_UZ@cyrillic UTF-8 +# ve_ZA UTF-8 +# vi_VN UTF-8 +# wa_BE ISO-8859-1 +# wa_BE.UTF-8 UTF-8 +# wa_BE@euro ISO-8859-15 +# wae_CH UTF-8 +# wal_ET UTF-8 +# wo_SN UTF-8 +# xh_ZA ISO-8859-1 +# xh_ZA.UTF-8 UTF-8 +# yi_US CP1255 +# yi_US.UTF-8 UTF-8 +# yo_NG UTF-8 +# yue_HK UTF-8 +# zh_CN GB2312 +# zh_CN.GB18030 GB18030 +# zh_CN.GBK GBK +# zh_CN.UTF-8 UTF-8 +# zh_HK BIG5-HKSCS +# zh_HK.UTF-8 UTF-8 +# zh_SG GB2312 +# zh_SG.GBK GBK +# zh_SG.UTF-8 UTF-8 +# zh_TW BIG5 +# zh_TW.EUC-TW EUC-TW +# zh_TW.UTF-8 UTF-8 +# zu_ZA ISO-8859-1 +# zu_ZA.UTF-8 UTF-8 diff --git a/archived/__many_releases/etc/all/timezone b/archived/__many_releases/etc/all/timezone new file mode 100644 index 0000000..94d5acc --- /dev/null +++ b/archived/__many_releases/etc/all/timezone @@ -0,0 +1 @@ +Europe/Berlin diff --git a/archived/__many_releases/etc/raspi/greetd/config.toml b/archived/__many_releases/etc/raspi/greetd/config.toml new file mode 100644 index 0000000..d7b50f8 --- /dev/null +++ b/archived/__many_releases/etc/raspi/greetd/config.toml @@ -0,0 +1,5 @@ +[terminal] +vt = 7 +[default_session] +command = "~/.nonpath_bins/on_session_start.sh" +user = "plom" diff --git a/archived/__many_releases/etc/raspi/ssh/sshd_config b/archived/__many_releases/etc/raspi/ssh/sshd_config new file mode 100644 index 0000000..e952cb3 --- /dev/null +++ b/archived/__many_releases/etc/raspi/ssh/sshd_config @@ -0,0 +1,123 @@ + +# This is the sshd server system-wide configuration file. See +# sshd_config(5) for more information. + +# This sshd was compiled with PATH=/usr/local/bin:/usr/bin:/bin:/usr/games + +# The strategy used for options in the default sshd_config shipped with +# OpenSSH is to specify options with their default value where +# possible, but leave them commented. Uncommented options override the +# default value. + +Include /etc/ssh/sshd_config.d/*.conf + +#Port 22 +#AddressFamily any +#ListenAddress 0.0.0.0 +#ListenAddress :: + +#HostKey /etc/ssh/ssh_host_rsa_key +#HostKey /etc/ssh/ssh_host_ecdsa_key +#HostKey /etc/ssh/ssh_host_ed25519_key + +# Ciphers and keying +#RekeyLimit default none + +# Logging +#SyslogFacility AUTH +#LogLevel INFO + +# Authentication: + +#LoginGraceTime 2m +#PermitRootLogin prohibit-password +PermitRootLogin no # plomlompom's security rule +#StrictModes yes +#MaxAuthTries 6 +#MaxSessions 10 + +#PubkeyAuthentication yes + +# Expect .ssh/authorized_keys2 to be disregarded by default in future. +#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2 + +#AuthorizedPrincipalsFile none + +#AuthorizedKeysCommand none +#AuthorizedKeysCommandUser nobody + +# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts +#HostbasedAuthentication no +# Change to yes if you don't trust ~/.ssh/known_hosts for +# HostbasedAuthentication +#IgnoreUserKnownHosts no +# Don't read the user's ~/.rhosts and ~/.shosts files +#IgnoreRhosts yes + +# To disable tunneled clear text passwords, change to no here! +PasswordAuthentication no +#PermitEmptyPasswords no + +# Change to yes to enable challenge-response passwords (beware issues with +# some PAM modules and threads) +KbdInteractiveAuthentication no + +# Kerberos options +#KerberosAuthentication no +#KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes +#KerberosGetAFSToken no + +# GSSAPI options +#GSSAPIAuthentication no +#GSSAPICleanupCredentials yes +#GSSAPIStrictAcceptorCheck yes +#GSSAPIKeyExchange no + +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will +# be allowed through the KbdInteractiveAuthentication and +# PasswordAuthentication. Depending on your PAM configuration, +# PAM authentication via KbdInteractiveAuthentication may bypass +# the setting of "PermitRootLogin prohibit-password". +# If you just want the PAM account and session checks to run without +# PAM authentication, then enable this but set PasswordAuthentication +# and KbdInteractiveAuthentication to 'no'. +UsePAM yes + +#AllowAgentForwarding yes +#AllowTcpForwarding yes +#GatewayPorts no +X11Forwarding yes +#X11DisplayOffset 10 +#X11UseLocalhost yes +#PermitTTY yes +PrintMotd no +#PrintLastLog yes +#TCPKeepAlive yes +#PermitUserEnvironment no +#Compression delayed +ClientAliveInterval 15 +#ClientAliveCountMax 3 +#UseDNS no +#PidFile /run/sshd.pid +#MaxStartups 10:30:100 +#PermitTunnel no +#ChrootDirectory none +#VersionAddendum none + +# no default banner path +#Banner none + +# Allow client to pass locale environment variables +AcceptEnv LANG LC_* + +# override default of no subsystems +Subsystem sftp /usr/lib/openssh/sftp-server + +# Example of overriding settings on a per-user basis +#Match User anoncvs +# X11Forwarding no +# AllowTcpForwarding no +# PermitTTY no +# ForceCommand cvs server diff --git a/archived/__many_releases/etc/raspi/systemd/system/throttle_cpu.service b/archived/__many_releases/etc/raspi/systemd/system/throttle_cpu.service new file mode 100644 index 0000000..5b37f85 --- /dev/null +++ b/archived/__many_releases/etc/raspi/systemd/system/throttle_cpu.service @@ -0,0 +1,13 @@ +[Unit] +Description=Monitor temperature to throttle CPU if necessary +After=network.target + +[Service] +Type=simple +ExecStart=/root/throttle_cpu.sh +Restart=always +RestartSec=10 +User=root + +[Install] +WantedBy=multi-user.target diff --git a/archived/__many_releases/home/all/.bashrc b/archived/__many_releases/home/all/.bashrc new file mode 100644 index 0000000..1b592d8 --- /dev/null +++ b/archived/__many_releases/home/all/.bashrc @@ -0,0 +1,29 @@ +# Settings for interactive shells. + +# Fancy colors for ls. +alias ls="ls --color=auto" + +# Other helpful aliases +alias sshauth='eval $(ssh-agent) && ssh-add' + +# Use vim as default editor for anything. +export VISUAL=vim +export EDITOR=$VISUAL + +# Colored prompt with username, hostname, date/time, directory. +colornumber=7 # Default to white if no color set via colornumber dotfile. +colornumber_file=~/.shell_prompt_color +if [ -f $colornumber_file ]; then + colornumber=`cat $colornumber_file` +fi +tput_color="$(tput setaf $colornumber)$(tput bold)" +tput_reset="$(tput sgr0)" +# Bash confuses the line length when not told to not count escape sequences. +if [ ! "$BASH" = "" ]; then + tput_color="\[$tput_color\]" + tput_reset="\[$tput_reset\]" +fi +PS1="${tput_color}["\$\(date\ +%Y-%m-%d/%H:%M:%S/%Z\)" $(whoami)@$(hostname):"\$\(pwd\)"]$ $tput_reset" +PS2="${tput_color}> $tput_reset" +PS3="${tput_color}select: $tput_reset" +PS4="${tput_color}+ $tput_reset" diff --git a/archived/__many_releases/home/all/.gitconfig b/archived/__many_releases/home/all/.gitconfig new file mode 100644 index 0000000..8967d25 --- /dev/null +++ b/archived/__many_releases/home/all/.gitconfig @@ -0,0 +1,3 @@ +[user] + email = c.heller@plomlompom.de + name = Christian Heller diff --git a/archived/__many_releases/home/raspi/.config/mpv/mpv.conf b/archived/__many_releases/home/raspi/.config/mpv/mpv.conf new file mode 100644 index 0000000..1a4418e --- /dev/null +++ b/archived/__many_releases/home/raspi/.config/mpv/mpv.conf @@ -0,0 +1,4 @@ +fullscreen=yes +profile=fast +vo=gpu +ao=pulse diff --git a/archived/__many_releases/home/raspi/.config/sway/config b/archived/__many_releases/home/raspi/.config/sway/config new file mode 100644 index 0000000..e995681 --- /dev/null +++ b/archived/__many_releases/home/raspi/.config/sway/config @@ -0,0 +1,37 @@ +# because these are included by /etc/sway/config for probably good reason … +include /etc/sway/config-vars.d/* +include /etc/sway/config.d/* + +# simple green background +output * background #559911 solid_color + +# keyboard layout +input * xkb_layout "de" + +# waybar +bar { + position top + status_command ~/.nonpath_bins/status.sh +} + +# keybindings +set $mod Mod4 + +bindsym $mod+Return exec foot +bindsym $mod+Shift+q kill +bindsym $mod+Shift+p exit + +bindsym $mod+f fullscreen +bindsym $mod+space focus mode_toggle +bindsym $mod+Shift+space floating toggle + +bindsym $mod+Left focus left +bindsym $mod+Down focus down +bindsym $mod+Up focus up +bindsym $mod+Right focus right + +bindsym $mod+Shift+Left move left +bindsym $mod+Shift+Down move down +bindsym $mod+Shift+Up move up +bindsym $mod+Shift+Right move right + diff --git a/archived/__many_releases/home/raspi/.nonpath_bins/on_session_start.sh b/archived/__many_releases/home/raspi/.nonpath_bins/on_session_start.sh new file mode 100755 index 0000000..380e79f --- /dev/null +++ b/archived/__many_releases/home/raspi/.nonpath_bins/on_session_start.sh @@ -0,0 +1,13 @@ +#!/usr/bin/sh +# Iinitalize anything we want in our sessions opened by greetd. + +# Workaround to pulseaudio daemon somehow not respecting setting these with +# ~/.config/pulse/default.pa – note that the first pactl call also seems +# necessary, probably for forcing some init routines without which the pacmd +# calls that follow won't work; TODO: find cleaner solutions +pactl list sinks > /dev/null +pacmd set-default-sink alsa_output.platform-fef05700.hdmi.hdmi-stereo +pacmd set-sink-volume alsa_output.platform-fef05700.hdmi.hdmi-stereo 65536 + +# Wayland environment. +/usr/bin/sway diff --git a/archived/__many_releases/home/raspi/.nonpath_bins/status.sh b/archived/__many_releases/home/raspi/.nonpath_bins/status.sh new file mode 100755 index 0000000..c58e8bf --- /dev/null +++ b/archived/__many_releases/home/raspi/.nonpath_bins/status.sh @@ -0,0 +1,14 @@ +#!/bin/sh +# see sway-bar(5) and swaybar-protocol(7) +MEGA=1000 +GIGA=1000000 +printf '{ "version": 1 }\n[\n' +while true; do + printf ' [\n' + printf ' {"full_text": "%s"},\n' "$(ip -4 addr show scope global | grep -oP '(?<=inet\s)\d+(\.\d+){3}')" + printf ' {"full_text": "%d° C"},\n' $(calc "$(cat /sys/class/thermal/thermal_zone0/temp) // ${MEGA}") + printf ' {"full_text": "%.1f/%.1f GHz"},\n' $(calc "$(cat /sys/devices/system/cpu/cpu0/cpufreq/scaling_cur_freq) / ${GIGA}") $(calc "$(cat /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq) / ${GIGA}") + printf ' {"full_text": "%s"},\n' "$(date +'%Y-%m-%d %X')" + printf ' ],\n' + sleep 1 +done diff --git a/archived/__many_releases/home/raspi/.profile b/archived/__many_releases/home/raspi/.profile new file mode 100644 index 0000000..d8c6f59 --- /dev/null +++ b/archived/__many_releases/home/raspi/.profile @@ -0,0 +1,10 @@ +# ~/.profile: executed by the command interpreter for login shells. + +# simplified defaults: read .bashrc, extend PATH by bin dirs +. "$HOME/.bashrc" +PATH="$HOME/.local/bin:$HOME/bin:$PATH" + +# to forward video on commands run via SSH login to screen we expect connected +if [ -n "$SSH_CONNECTION" ]; then + export WAYLAND_DISPLAY=wayland-1 +fi diff --git a/archived/__many_releases/home/raspi_root/throttle_cpu.sh b/archived/__many_releases/home/raspi_root/throttle_cpu.sh new file mode 100755 index 0000000..b5f533d --- /dev/null +++ b/archived/__many_releases/home/raspi_root/throttle_cpu.sh @@ -0,0 +1,35 @@ +#!/bin/sh +set -e + +MED_TEMP=85000 +MAX_TEMP=95000 + +MIN_FREQ=600000 +MED_FREQ=1000000 +MAX_FREQ=1500000 + +PATH_TEMP='/sys/class/thermal/thermal_zone0/temp' + +set_max_freq() { + for cpu in /sys/devices/system/cpu/cpu[0-9]*; do + echo "$1" > "$cpu/cpufreq/scaling_max_freq" + done + echo "$1" +} + +freq_set=$(set_max_freq "${MIN_FREQ}") +while true; do + temp=$(cat "${PATH_TEMP}") + if [ "${temp}" -ge "${MAX_TEMP}" ]; then + if [ "${freq_set}" -gt "${MIN_FREQ}" ]; then + freq_set=$(set_max_freq "${MIN_FREQ}") + fi + elif [ "${temp}" -ge "${MED_TEMP}" ]; then + if [ "${freq_set}" -gt "${MED_FREQ}" ]; then + freq_set=$(set_max_freq "${MED_FREQ}") + fi + elif [ "${freq_set}" -lt "${MAX_FREQ}" ]; then + freq_set=$(set_max_freq "${MAX_FREQ}") + fi + sleep 1 +done diff --git a/archived/__many_releases/home/root/.shell_prompt_color b/archived/__many_releases/home/root/.shell_prompt_color new file mode 100644 index 0000000..d00491f --- /dev/null +++ b/archived/__many_releases/home/root/.shell_prompt_color @@ -0,0 +1 @@ +1 diff --git a/archived/__many_releases/scripts/_misc.sh b/archived/__many_releases/scripts/_misc.sh new file mode 100644 index 0000000..941bc4d --- /dev/null +++ b/archived/__many_releases/scripts/_misc.sh @@ -0,0 +1,172 @@ +#!/bin/sh +set -e + +export DEBIAN_FRONTEND=noninteractive + +expect_min_n_args() { + min_args="$1" + explainer="$2" + shift 2 + if [ "$#" -lt "${min_args}" ]; then + echo "Need at least ${min_args} arguments … ${explainer}" + false + fi +} + +copy_dirtree() { + # Copy files in argument-selected subdirectories of $1 to subdirectories + # of $2 (which may be an empty string), e.g. with $1 of "etc_files", $2 + # of "" and $3 of "all", copy files below etc_files/all such as + # etc_files/all/etc/foo/bar to equivalent locations below / such as + # /etc/foo/bar. Create directories as necessary. Multiple arguments after + # $3 are possible. + # + # CAUTION: This overwrites original files at the affected paths. + expect_min_n_args 3 "(source root, target root, modules)" "$@" + source_root="$1" + target_root="$2" + shift 2 + modules="$@" + initial_directory="$(pwd)" + for module in ${modules}; do + module_path="${source_root}/${module}" + if [ ! -d "${module_path}" ]; then + continue + fi + cd "${module_path}" + for path in $(find . -type f); do + target_path="${target_root}"$(echo "${path}" | cut -c2-) + source_path=$(realpath "${path}") + dir=$(dirname "${target_path}") + mkdir -p "${dir}" + cp "${source_path}" "${target_path}" + done + cd "${initial_directory}" + done +} + +install_for_modules() { + # Walk through the package names in the argument-selected files of + # apt-mark/ and ensures the respective packages are installed. + # + # Caution: Ignores anything in an apt-mark/ file after the last newline, + # so make sure there's nothing meaningful thereafter. + expect_min_n_args 2 "(apt_mark_dir, modules)" "$@" + apt_mark_dir="$1" + shift 1 + modules="$@" + for module in ${modules}; do + path="${apt_mark_dir}/${module}" + if [ ! -f "${path}" ]; then + continue + fi + cat "${path}" | while read line; do + echo "$line" + if [ ! $(echo "${line}" | cut -c1) = "#" ]; then + apt-get -y -o Dpkg::Options::="--force-confnew" install "${line}" + fi + done + done +} + +mark_nonrequireds_auto() { + path_list_unsorted='/tmp/list_unsorted' + path_list_all_packages='/tmp/list_all_packages' + path_list_white='/tmp/list_white' + path_list_black='/tmp/list_black' + dpkg-query -Wf '${Package} ${Priority}\n' | grep ' required' | sed 's/ required//' > "${path_list_unsorted}" + sort "${path_list_unsorted}" | uniq > "${path_list_white}" + dpkg-query -Wf '${Package}\n' > "${path_list_unsorted}" + sort "${path_list_unsorted}" | uniq > "${path_list_all_packages}" + comm -3 "${path_list_all_packages}" "${path_list_white}" > "${path_list_black}" + apt-mark auto `cat "${path_list_black}"` + rm "${path_list_unsorted}" "${path_list_all_packages}" "${path_list_white}" "${path_list_black}" +} + +upgrade_from_older_release() { + # Upgrade system to calling context's Debian release. + # Caution: Don't expect any customized /etc files to surivive this! + path_sources_list='/apt/sources.list' + apt update + apt -y -o Dpkg::Options::='--force-confnew' upgrade + apt -y -o Dpkg::Options::='--force-confnew' full-upgrade + cp "../etc/all${path_sources_list}" "/etc${path_sources_list}" + apt clean + apt update + apt -y -o Dpkg::Options::='--force-confnew' upgrade + apt -y -o Dpkg::Options::='--force-confnew' full-upgrade + apt -y autoremove +} + +add_my_public_key() { + # NB: vars expected to be pulled in from caller previously calling constants.sh! + apt update + apt -y install wget + wget "${URL_PUBLIC_KEY}" + cat "${FILENAME_PUBLIC_KEY}" >> "${PATH_AUTHORIZED_KEYS}" + rm "${FILENAME_PUBLIC_KEY}" +} + +setup_for_raspi() { + # NB: vars expected to be pulled in from caller previously calling constants.sh! + + # ensure we can log in + add_my_public_key + # (alternatively, or preceding this to reduce non-remote typing, TEMPORARILY + # (!) set password login:) + # passwd + # echo 'PermitRootLogin yes' >> /etc/ssh/sshd_config + + # migrate to testing + upgrade_from_older_release + + # on installing console-setup, will guide it to do the right thing (including + # re-writing /etc/default/keyboard) + echo 'XKBLAYOUT=de' > /etc/default/keyboard + + # properly configure apt and reduce system to minimum that satisfies our own + # aptmark/ package lists + for root in ${ROOTS_HERE_AND_MANY}; do + copy_dirtree "${root}/${PATH_REL_ETC}/all" '/etc/apt' apt + done + apt update + mark_nonrequireds_auto + for root in ${ROOTS_HERE_AND_MANY}; do + install_for_modules "${root}/${PATH_REL_APTMARK}" all raspi + done + apt -y --purge autoremove + for root in ${ROOTS_HERE_AND_MANY}; do + copy_dirtree "${root}/${PATH_REL_ETC}" '/etc' all raspi + done + + # Ensure our desired locale is available. + locale-gen + + # Set Berlin localtime. + ln -sf /usr/share/zoneinfo/Europe/Berlin /etc/localtime + ntpdate-debian + + # so Sway won't complain about failing to access non-existant background image file + sed -i '/^output \* bg/ s/^/#/' /etc/sway/config + + # Set up root environment. + for root in ${ROOTS_HERE_AND_MANY}; do + copy_dirtree "${root}/${PATH_REL_HOME}" '/root' all root raspi_root + done + + # Set up user and their environment. + adduser --disabled-password --gecos "" "${USERNAME}" + usermod -a -G sudo "${USERNAME}" + for root in ${ROOTS_HERE_AND_MANY}; do + copy_dirtree "${root}/${PATH_REL_HOME}" "${PATH_USER_HOME}" all desktop raspi + done + mkdir "${PATH_USER_SSH}" + cp "${PATH_AUTHORIZED_KEYS}" "${PATH_USER_SSH}" + chown -R "${USERNAME}:${USERNAME}" "${PATH_USER_HOME}" + passwd "${USERNAME}" + rm "${PATH_AUTHORIZED_KEYS}" + + # Activate /root/throttle_cpu.sh daemonization. + systemctl enable throttle_cpu.service + systemctl start throttle_cpu.service +} diff --git a/archived/all_new_2018/apt-mark/all b/archived/all_new_2018/apt-mark/all deleted file mode 100644 index f748f3b..0000000 --- a/archived/all_new_2018/apt-mark/all +++ /dev/null @@ -1,9 +0,0 @@ -# connectivity: ifupdown seems necessary everyhwere, isc-dhcp-client -# unpredictably so -ifupdown -isc-dhcp-client -# git for the setup directory; cloning works with ca-certificates -ca-certificates -git -# to avoid constant warnings about no locale being found -locales diff --git a/archived/all_new_2018/apt-mark/server b/archived/all_new_2018/apt-mark/server deleted file mode 100644 index 4f7fc5d..0000000 --- a/archived/all_new_2018/apt-mark/server +++ /dev/null @@ -1,7 +0,0 @@ -# needed to log in to server via ssh -openssh-server -# provides /etc/inputrc and understanding of ctrl+arrow key combos -readline-common -# provides systemd scripts that configure iptables via /etc/iptables/* -iptables-persistent -# this line is here because the shell "read" in install_for_target.sh ignores lines without final newline \ No newline at end of file diff --git a/archived/all_new_2018/borg.sh b/archived/all_new_2018/borg.sh deleted file mode 100755 index 18321b1..0000000 --- a/archived/all_new_2018/borg.sh +++ /dev/null @@ -1,145 +0,0 @@ -#!/bin/sh -set -e - -standard_repo="borg" -config_file="${HOME}/.borgrepos" - -usage() { - echo "Need operation as argument, one of:" - echo "init" - echo "store" - echo "check" - echo "export_keyfiles" - echo "orgpush" - echo "orgpull" - false -} - -read_pw() { - if [ "${#SSH_AGENT_PID}" -eq 0 ]; then - eval $(ssh-agent) - echo "ssh-add" - stty -echo - ssh-add - stty echo - fi - if [ "${#BORG_PASSPHRASE}" -eq 0 ]; then - stty -echo - printf "Borg passphrase: " - read password - stty echo - printf "\n" - export BORG_PASSPHRASE="${password}" - fi -} - -if [ ! -f "${config_file}" ]; then - echo '# file read ends at last newline' >> "${config_file}" -fi -if [ "$#" -lt 1 ]; then - usage -fi -first_arg="$1" -shift -if [ "${first_arg}" = "init" ]; then - if [ ! "$#" -eq 1 ]; then - echo "Need exactly one argument: target of form user@server" - false - fi - target="$1" - echo "Initializing: ${target}" - borg init --verbose --encryption=keyfile "${target}:${standard_repo}" - tmp_file="/tmp/new_borgrepos" - echo "${target}" > "${tmp_file}" - cat "${config_file}" >> "${tmp_file}" - cp "${tmp_file}" "${config_file}" -elif [ "${first_arg}" = "store" ]; then - if [ ! "$#" -eq 2 ]; then - echo "Need precisely two arguments: archive name and path to archive." - false - fi - archive_name=$1 - shift - to_backup="$@" - read_pw - cat "${config_file}" | while read line; do - first_char=$(echo "${line}" | cut -c1) - if [ "${first_char}" = "#" ]; then - continue - fi - repo="${line}:${standard_repo}" - archive="${repo}::${archive_name}-{utcnow:%Y-%m-%dT%H:%M}" - echo "Creating archive: ${archive}" - borg create --verbose --list "${archive}" "${to_backup}" - done -elif [ "${first_arg}" = "check" ]; then - if [ ! "$#" -eq 0 ]; then - echo "Need no arguments" - false - fi - read_pw - cat "${config_file}" | while read line; do - first_char=$(echo "${line}" | cut -c1) - if [ "${first_char}" = "#" ]; then - continue - fi - repo="${line}:${standard_repo}" - echo "Checking repo: ${repo}" - borg check --verbose "${repo}" - done -elif [ "${first_arg}" = "export_keyfiles" ]; then - if [ ! "$#" -eq 1 ]; then - echo "Need output tar file name." - false - fi - tar_target="${1}" - tmp_dir="${HOME}/.borgtmp" - keyfiles_dir="${tmp_dir}/borg_keyfiles" - mkdir -p "${keyfiles_dir}" - cat "${config_file}" | while read line; do - first_char=$(echo "${line}" | cut -c1) - if [ "${first_char}" = "#" ]; then - continue - fi - repo="${line}:${standard_repo}" - borg key export "${repo}" "${keyfiles_dir}/${line}" - done - cur_dir="$(pwd)" - cd "${tmp_dir}" - target=$(basename "${keyfiles_dir}") - tar cf "${tar_target}" "${target}" - mv "${tar_target}" "${cur_dir}" - cd - rm -rf "${tmp_dir}" -elif [ "${first_arg}" = "orgpush" ]; then - archive_name="orgdir" - to_backup=~/org - read_pw - cat "${config_file}" | while read line; do - first_char=$(echo "${line}" | cut -c1) - if [ "${first_char}" = "#" ]; then - continue - fi - repo="${line}:${standard_repo}" - archive="${repo}::${archive_name}-{utcnow:%Y-%m-%dT%H:%M}" - echo "Creating archive: ${archive}" - borg create --verbose --list "${archive}" "${to_backup}" --exclude ~/org/.git - done -elif [ "${first_arg}" = "orgpull" ]; then - archive_name="orgdir" - read_pw - cd / - cat "${config_file}" | while read line; do - first_char=$(echo "${line}" | cut -c1) - if [ "${first_char}" = "#" ]; then - continue - fi - repo="${line}:${standard_repo}" - archive=$(borg list "${repo}" | grep "${orgdir}" | tail -1 | cut -f1 -d' ') - echo "Pulling archive: ${archive}" - borg extract --verbose "${repo}::${archive}" - break - done -else - usage -fi diff --git a/archived/all_new_2018/linkable_etc_files/all/etc/apt/apt.conf.d/99_minimize_dependencies b/archived/all_new_2018/linkable_etc_files/all/etc/apt/apt.conf.d/99_minimize_dependencies deleted file mode 100644 index 4aaef79..0000000 --- a/archived/all_new_2018/linkable_etc_files/all/etc/apt/apt.conf.d/99_minimize_dependencies +++ /dev/null @@ -1,4 +0,0 @@ -APT::AutoRemove::RecommendsImportant "false"; -APT::AutoRemove::SuggestsImportant "false"; -APT::Install-Recommends "false"; -APT::Install-Suggests "false"; diff --git a/archived/all_new_2018/linkable_etc_files/all/etc/apt/sources.list b/archived/all_new_2018/linkable_etc_files/all/etc/apt/sources.list deleted file mode 100644 index 68064c6..0000000 --- a/archived/all_new_2018/linkable_etc_files/all/etc/apt/sources.list +++ /dev/null @@ -1,4 +0,0 @@ -deb http://deb.debian.org/debian stretch main contrib non-free -deb http://deb.debian.org/debian-security/ stretch/updates main contrib non-free -deb http://deb.debian.org/debian stretch-updates main contrib non-free -deb http://ftp.debian.org/debian stretch-backports main contrib non-free \ No newline at end of file diff --git a/archived/all_new_2018/linkable_etc_files/all/etc/locale.gen b/archived/all_new_2018/linkable_etc_files/all/etc/locale.gen deleted file mode 100644 index a28cfa4..0000000 --- a/archived/all_new_2018/linkable_etc_files/all/etc/locale.gen +++ /dev/null @@ -1,483 +0,0 @@ -# This file lists locales that you wish to have built. You can find a list -# of valid supported locales at /usr/share/i18n/SUPPORTED, and you can add -# user defined locales to /usr/local/share/i18n/SUPPORTED. If you change -# this file, you need to rerun locale-gen. - - -# aa_DJ ISO-8859-1 -# aa_DJ.UTF-8 UTF-8 -# aa_ER UTF-8 -# aa_ER@saaho UTF-8 -# aa_ET UTF-8 -# af_ZA ISO-8859-1 -# af_ZA.UTF-8 UTF-8 -# ak_GH UTF-8 -# am_ET UTF-8 -# an_ES ISO-8859-15 -# an_ES.UTF-8 UTF-8 -# anp_IN UTF-8 -# ar_AE ISO-8859-6 -# ar_AE.UTF-8 UTF-8 -# ar_BH ISO-8859-6 -# ar_BH.UTF-8 UTF-8 -# ar_DZ ISO-8859-6 -# ar_DZ.UTF-8 UTF-8 -# ar_EG ISO-8859-6 -# ar_EG.UTF-8 UTF-8 -# ar_IN UTF-8 -# ar_IQ ISO-8859-6 -# ar_IQ.UTF-8 UTF-8 -# ar_JO ISO-8859-6 -# ar_JO.UTF-8 UTF-8 -# ar_KW ISO-8859-6 -# ar_KW.UTF-8 UTF-8 -# ar_LB ISO-8859-6 -# ar_LB.UTF-8 UTF-8 -# ar_LY ISO-8859-6 -# ar_LY.UTF-8 UTF-8 -# ar_MA ISO-8859-6 -# ar_MA.UTF-8 UTF-8 -# ar_OM ISO-8859-6 -# ar_OM.UTF-8 UTF-8 -# ar_QA ISO-8859-6 -# ar_QA.UTF-8 UTF-8 -# ar_SA ISO-8859-6 -# ar_SA.UTF-8 UTF-8 -# ar_SD ISO-8859-6 -# ar_SD.UTF-8 UTF-8 -# ar_SS UTF-8 -# ar_SY ISO-8859-6 -# ar_SY.UTF-8 UTF-8 -# ar_TN ISO-8859-6 -# ar_TN.UTF-8 UTF-8 -# ar_YE ISO-8859-6 -# ar_YE.UTF-8 UTF-8 -# as_IN UTF-8 -# ast_ES ISO-8859-15 -# ast_ES.UTF-8 UTF-8 -# ayc_PE UTF-8 -# az_AZ UTF-8 -# be_BY CP1251 -# be_BY.UTF-8 UTF-8 -# be_BY@latin UTF-8 -# bem_ZM UTF-8 -# ber_DZ UTF-8 -# ber_MA UTF-8 -# bg_BG CP1251 -# bg_BG.UTF-8 UTF-8 -# bhb_IN.UTF-8 UTF-8 -# bho_IN UTF-8 -# bn_BD UTF-8 -# bn_IN UTF-8 -# bo_CN UTF-8 -# bo_IN UTF-8 -# br_FR ISO-8859-1 -# br_FR.UTF-8 UTF-8 -# br_FR@euro ISO-8859-15 -# brx_IN UTF-8 -# bs_BA ISO-8859-2 -# bs_BA.UTF-8 UTF-8 -# byn_ER UTF-8 -# ca_AD ISO-8859-15 -# ca_AD.UTF-8 UTF-8 -# ca_ES ISO-8859-1 -# ca_ES.UTF-8 UTF-8 -# ca_ES.UTF-8@valencia UTF-8 -# ca_ES@euro ISO-8859-15 -# ca_ES@valencia ISO-8859-15 -# ca_FR ISO-8859-15 -# ca_FR.UTF-8 UTF-8 -# ca_IT ISO-8859-15 -# ca_IT.UTF-8 UTF-8 -# ce_RU UTF-8 -# chr_US UTF-8 -# cmn_TW UTF-8 -# crh_UA UTF-8 -# cs_CZ ISO-8859-2 -# cs_CZ.UTF-8 UTF-8 -# csb_PL UTF-8 -# cv_RU UTF-8 -# cy_GB ISO-8859-14 -# cy_GB.UTF-8 UTF-8 -# da_DK ISO-8859-1 -# da_DK.UTF-8 UTF-8 -# de_AT ISO-8859-1 -# de_AT.UTF-8 UTF-8 -# de_AT@euro ISO-8859-15 -# de_BE ISO-8859-1 -# de_BE.UTF-8 UTF-8 -# de_BE@euro ISO-8859-15 -# de_CH ISO-8859-1 -# de_CH.UTF-8 UTF-8 -# de_DE ISO-8859-1 -# de_DE.UTF-8 UTF-8 -# de_DE@euro ISO-8859-15 -# de_IT ISO-8859-1 -# de_IT.UTF-8 UTF-8 -# de_LI.UTF-8 UTF-8 -# de_LU ISO-8859-1 -# de_LU.UTF-8 UTF-8 -# de_LU@euro ISO-8859-15 -# doi_IN UTF-8 -# dv_MV UTF-8 -# dz_BT UTF-8 -# el_CY ISO-8859-7 -# el_CY.UTF-8 UTF-8 -# el_GR ISO-8859-7 -# el_GR.UTF-8 UTF-8 -# en_AG UTF-8 -# en_AU ISO-8859-1 -# en_AU.UTF-8 UTF-8 -# en_BW ISO-8859-1 -# en_BW.UTF-8 UTF-8 -# en_CA ISO-8859-1 -# en_CA.UTF-8 UTF-8 -# en_DK ISO-8859-1 -# en_DK.ISO-8859-15 ISO-8859-15 -# en_DK.UTF-8 UTF-8 -# en_GB ISO-8859-1 -# en_GB.ISO-8859-15 ISO-8859-15 -# en_GB.UTF-8 UTF-8 -# en_HK ISO-8859-1 -# en_HK.UTF-8 UTF-8 -# en_IE ISO-8859-1 -# en_IE.UTF-8 UTF-8 -# en_IE@euro ISO-8859-15 -# en_IL UTF-8 -# en_IN UTF-8 -# en_NG UTF-8 -# en_NZ ISO-8859-1 -# en_NZ.UTF-8 UTF-8 -# en_PH ISO-8859-1 -# en_PH.UTF-8 UTF-8 -# en_SG ISO-8859-1 -# en_SG.UTF-8 UTF-8 -# en_US ISO-8859-1 -# en_US.ISO-8859-15 ISO-8859-15 -en_US.UTF-8 UTF-8 -# en_ZA ISO-8859-1 -# en_ZA.UTF-8 UTF-8 -# en_ZM UTF-8 -# en_ZW ISO-8859-1 -# en_ZW.UTF-8 UTF-8 -# eo UTF-8 -# es_AR ISO-8859-1 -# es_AR.UTF-8 UTF-8 -# es_BO ISO-8859-1 -# es_BO.UTF-8 UTF-8 -# es_CL ISO-8859-1 -# es_CL.UTF-8 UTF-8 -# es_CO ISO-8859-1 -# es_CO.UTF-8 UTF-8 -# es_CR ISO-8859-1 -# es_CR.UTF-8 UTF-8 -# es_CU UTF-8 -# es_DO ISO-8859-1 -# es_DO.UTF-8 UTF-8 -# es_EC ISO-8859-1 -# es_EC.UTF-8 UTF-8 -# es_ES ISO-8859-1 -# es_ES.UTF-8 UTF-8 -# es_ES@euro ISO-8859-15 -# es_GT ISO-8859-1 -# es_GT.UTF-8 UTF-8 -# es_HN ISO-8859-1 -# es_HN.UTF-8 UTF-8 -# es_MX ISO-8859-1 -# es_MX.UTF-8 UTF-8 -# es_NI ISO-8859-1 -# es_NI.UTF-8 UTF-8 -# es_PA ISO-8859-1 -# es_PA.UTF-8 UTF-8 -# es_PE ISO-8859-1 -# es_PE.UTF-8 UTF-8 -# es_PR ISO-8859-1 -# es_PR.UTF-8 UTF-8 -# es_PY ISO-8859-1 -# es_PY.UTF-8 UTF-8 -# es_SV ISO-8859-1 -# es_SV.UTF-8 UTF-8 -# es_US ISO-8859-1 -# es_US.UTF-8 UTF-8 -# es_UY ISO-8859-1 -# es_UY.UTF-8 UTF-8 -# es_VE ISO-8859-1 -# es_VE.UTF-8 UTF-8 -# et_EE ISO-8859-1 -# et_EE.ISO-8859-15 ISO-8859-15 -# et_EE.UTF-8 UTF-8 -# eu_ES ISO-8859-1 -# eu_ES.UTF-8 UTF-8 -# eu_ES@euro ISO-8859-15 -# eu_FR ISO-8859-1 -# eu_FR.UTF-8 UTF-8 -# eu_FR@euro ISO-8859-15 -# fa_IR UTF-8 -# ff_SN UTF-8 -# fi_FI ISO-8859-1 -# fi_FI.UTF-8 UTF-8 -# fi_FI@euro ISO-8859-15 -# fil_PH UTF-8 -# fo_FO ISO-8859-1 -# fo_FO.UTF-8 UTF-8 -# fr_BE ISO-8859-1 -# fr_BE.UTF-8 UTF-8 -# fr_BE@euro ISO-8859-15 -# fr_CA ISO-8859-1 -# fr_CA.UTF-8 UTF-8 -# fr_CH ISO-8859-1 -# fr_CH.UTF-8 UTF-8 -# fr_FR ISO-8859-1 -# fr_FR.UTF-8 UTF-8 -# fr_FR@euro ISO-8859-15 -# fr_LU ISO-8859-1 -# fr_LU.UTF-8 UTF-8 -# fr_LU@euro ISO-8859-15 -# fur_IT UTF-8 -# fy_DE UTF-8 -# fy_NL UTF-8 -# ga_IE ISO-8859-1 -# ga_IE.UTF-8 UTF-8 -# ga_IE@euro ISO-8859-15 -# gd_GB ISO-8859-15 -# gd_GB.UTF-8 UTF-8 -# gez_ER UTF-8 -# gez_ER@abegede UTF-8 -# gez_ET UTF-8 -# gez_ET@abegede UTF-8 -# gl_ES ISO-8859-1 -# gl_ES.UTF-8 UTF-8 -# gl_ES@euro ISO-8859-15 -# gu_IN UTF-8 -# gv_GB ISO-8859-1 -# gv_GB.UTF-8 UTF-8 -# ha_NG UTF-8 -# hak_TW UTF-8 -# he_IL ISO-8859-8 -# he_IL.UTF-8 UTF-8 -# hi_IN UTF-8 -# hne_IN UTF-8 -# hr_HR ISO-8859-2 -# hr_HR.UTF-8 UTF-8 -# hsb_DE ISO-8859-2 -# hsb_DE.UTF-8 UTF-8 -# ht_HT UTF-8 -# hu_HU ISO-8859-2 -# hu_HU.UTF-8 UTF-8 -# hy_AM UTF-8 -# hy_AM.ARMSCII-8 ARMSCII-8 -# ia_FR UTF-8 -# id_ID ISO-8859-1 -# id_ID.UTF-8 UTF-8 -# ig_NG UTF-8 -# ik_CA UTF-8 -# is_IS ISO-8859-1 -# is_IS.UTF-8 UTF-8 -# it_CH ISO-8859-1 -# it_CH.UTF-8 UTF-8 -# it_IT ISO-8859-1 -# it_IT.UTF-8 UTF-8 -# it_IT@euro ISO-8859-15 -# iu_CA UTF-8 -# ja_JP.EUC-JP EUC-JP -# ja_JP.UTF-8 UTF-8 -# ka_GE GEORGIAN-PS -# ka_GE.UTF-8 UTF-8 -# kk_KZ PT154 -# kk_KZ.RK1048 RK1048 -# kk_KZ.UTF-8 UTF-8 -# kl_GL ISO-8859-1 -# kl_GL.UTF-8 UTF-8 -# km_KH UTF-8 -# kn_IN UTF-8 -# ko_KR.EUC-KR EUC-KR -# ko_KR.UTF-8 UTF-8 -# kok_IN UTF-8 -# ks_IN UTF-8 -# ks_IN@devanagari UTF-8 -# ku_TR ISO-8859-9 -# ku_TR.UTF-8 UTF-8 -# kw_GB ISO-8859-1 -# kw_GB.UTF-8 UTF-8 -# ky_KG UTF-8 -# lb_LU UTF-8 -# lg_UG ISO-8859-10 -# lg_UG.UTF-8 UTF-8 -# li_BE UTF-8 -# li_NL UTF-8 -# lij_IT UTF-8 -# ln_CD UTF-8 -# lo_LA UTF-8 -# lt_LT ISO-8859-13 -# lt_LT.UTF-8 UTF-8 -# lv_LV ISO-8859-13 -# lv_LV.UTF-8 UTF-8 -# lzh_TW UTF-8 -# mag_IN UTF-8 -# mai_IN UTF-8 -# mg_MG ISO-8859-15 -# mg_MG.UTF-8 UTF-8 -# mhr_RU UTF-8 -# mi_NZ ISO-8859-13 -# mi_NZ.UTF-8 UTF-8 -# mk_MK ISO-8859-5 -# mk_MK.UTF-8 UTF-8 -# ml_IN UTF-8 -# mn_MN UTF-8 -# mni_IN UTF-8 -# mr_IN UTF-8 -# ms_MY ISO-8859-1 -# ms_MY.UTF-8 UTF-8 -# mt_MT ISO-8859-3 -# mt_MT.UTF-8 UTF-8 -# my_MM UTF-8 -# nan_TW UTF-8 -# nan_TW@latin UTF-8 -# nb_NO ISO-8859-1 -# nb_NO.UTF-8 UTF-8 -# nds_DE UTF-8 -# nds_NL UTF-8 -# ne_NP UTF-8 -# nhn_MX UTF-8 -# niu_NU UTF-8 -# niu_NZ UTF-8 -# nl_AW UTF-8 -# nl_BE ISO-8859-1 -# nl_BE.UTF-8 UTF-8 -# nl_BE@euro ISO-8859-15 -# nl_NL ISO-8859-1 -# nl_NL.UTF-8 UTF-8 -# nl_NL@euro ISO-8859-15 -# nn_NO ISO-8859-1 -# nn_NO.UTF-8 UTF-8 -# nr_ZA UTF-8 -# nso_ZA UTF-8 -# oc_FR ISO-8859-1 -# oc_FR.UTF-8 UTF-8 -# om_ET UTF-8 -# om_KE ISO-8859-1 -# om_KE.UTF-8 UTF-8 -# or_IN UTF-8 -# os_RU UTF-8 -# pa_IN UTF-8 -# pa_PK UTF-8 -# pap_AW UTF-8 -# pap_CW UTF-8 -# pl_PL ISO-8859-2 -# pl_PL.UTF-8 UTF-8 -# ps_AF UTF-8 -# pt_BR ISO-8859-1 -# pt_BR.UTF-8 UTF-8 -# pt_PT ISO-8859-1 -# pt_PT.UTF-8 UTF-8 -# pt_PT@euro ISO-8859-15 -# quz_PE UTF-8 -# raj_IN UTF-8 -# ro_RO ISO-8859-2 -# ro_RO.UTF-8 UTF-8 -# ru_RU ISO-8859-5 -# ru_RU.CP1251 CP1251 -# ru_RU.KOI8-R KOI8-R -# ru_RU.UTF-8 UTF-8 -# ru_UA KOI8-U -# ru_UA.UTF-8 UTF-8 -# rw_RW UTF-8 -# sa_IN UTF-8 -# sat_IN UTF-8 -# sc_IT UTF-8 -# sd_IN UTF-8 -# sd_IN@devanagari UTF-8 -# se_NO UTF-8 -# sgs_LT UTF-8 -# shs_CA UTF-8 -# si_LK UTF-8 -# sid_ET UTF-8 -# sk_SK ISO-8859-2 -# sk_SK.UTF-8 UTF-8 -# sl_SI ISO-8859-2 -# sl_SI.UTF-8 UTF-8 -# so_DJ ISO-8859-1 -# so_DJ.UTF-8 UTF-8 -# so_ET UTF-8 -# so_KE ISO-8859-1 -# so_KE.UTF-8 UTF-8 -# so_SO ISO-8859-1 -# so_SO.UTF-8 UTF-8 -# sq_AL ISO-8859-1 -# sq_AL.UTF-8 UTF-8 -# sq_MK UTF-8 -# sr_ME UTF-8 -# sr_RS UTF-8 -# sr_RS@latin UTF-8 -# ss_ZA UTF-8 -# st_ZA ISO-8859-1 -# st_ZA.UTF-8 UTF-8 -# sv_FI ISO-8859-1 -# sv_FI.UTF-8 UTF-8 -# sv_FI@euro ISO-8859-15 -# sv_SE ISO-8859-1 -# sv_SE.ISO-8859-15 ISO-8859-15 -# sv_SE.UTF-8 UTF-8 -# sw_KE UTF-8 -# sw_TZ UTF-8 -# szl_PL UTF-8 -# ta_IN UTF-8 -# ta_LK UTF-8 -# tcy_IN.UTF-8 UTF-8 -# te_IN UTF-8 -# tg_TJ KOI8-T -# tg_TJ.UTF-8 UTF-8 -# th_TH TIS-620 -# th_TH.UTF-8 UTF-8 -# the_NP UTF-8 -# ti_ER UTF-8 -# ti_ET UTF-8 -# tig_ER UTF-8 -# tk_TM UTF-8 -# tl_PH ISO-8859-1 -# tl_PH.UTF-8 UTF-8 -# tn_ZA UTF-8 -# tr_CY ISO-8859-9 -# tr_CY.UTF-8 UTF-8 -# tr_TR ISO-8859-9 -# tr_TR.UTF-8 UTF-8 -# ts_ZA UTF-8 -# tt_RU UTF-8 -# tt_RU@iqtelif UTF-8 -# ug_CN UTF-8 -# uk_UA KOI8-U -# uk_UA.UTF-8 UTF-8 -# unm_US UTF-8 -# ur_IN UTF-8 -# ur_PK UTF-8 -# uz_UZ ISO-8859-1 -# uz_UZ.UTF-8 UTF-8 -# uz_UZ@cyrillic UTF-8 -# ve_ZA UTF-8 -# vi_VN UTF-8 -# wa_BE ISO-8859-1 -# wa_BE.UTF-8 UTF-8 -# wa_BE@euro ISO-8859-15 -# wae_CH UTF-8 -# wal_ET UTF-8 -# wo_SN UTF-8 -# xh_ZA ISO-8859-1 -# xh_ZA.UTF-8 UTF-8 -# yi_US CP1255 -# yi_US.UTF-8 UTF-8 -# yo_NG UTF-8 -# yue_HK UTF-8 -# zh_CN GB2312 -# zh_CN.GB18030 GB18030 -# zh_CN.GBK GBK -# zh_CN.UTF-8 UTF-8 -# zh_HK BIG5-HKSCS -# zh_HK.UTF-8 UTF-8 -# zh_SG GB2312 -# zh_SG.GBK GBK -# zh_SG.UTF-8 UTF-8 -# zh_TW BIG5 -# zh_TW.EUC-TW EUC-TW -# zh_TW.UTF-8 UTF-8 -# zu_ZA ISO-8859-1 -# zu_ZA.UTF-8 UTF-8 diff --git a/archived/all_new_2018/linkable_etc_files/all/etc/timezone b/archived/all_new_2018/linkable_etc_files/all/etc/timezone deleted file mode 100644 index 94d5acc..0000000 --- a/archived/all_new_2018/linkable_etc_files/all/etc/timezone +++ /dev/null @@ -1 +0,0 @@ -Europe/Berlin diff --git a/archived/all_new_2018/linkable_etc_files/mail/etc/aliases b/archived/all_new_2018/linkable_etc_files/mail/etc/aliases deleted file mode 100644 index 59c52b4..0000000 --- a/archived/all_new_2018/linkable_etc_files/mail/etc/aliases +++ /dev/null @@ -1,23 +0,0 @@ -# /etc/aliases - -# As per RFC 2142. -mailer-daemon: plom -postmaster: plom -hostmaster: plom -usenet: plom -news: plom -webmaster: plom -www: plom -ftp: plom -abuse: plom -noc: plom -security: plom -root: plom - -# Personal aliases. -plomlompom: plom -christian.heller: plom -christian_heller: plom -christianheller: plom -c.heller: plom -heller: plom diff --git a/archived/all_new_2018/linkable_etc_files/mail/etc/dovecot/conf.d/99-auth.conf b/archived/all_new_2018/linkable_etc_files/mail/etc/dovecot/conf.d/99-auth.conf deleted file mode 100644 index 4a8549c..0000000 --- a/archived/all_new_2018/linkable_etc_files/mail/etc/dovecot/conf.d/99-auth.conf +++ /dev/null @@ -1,3 +0,0 @@ -# This is only necessary when we use dovecot's LMTP mechanism to receive -# mail from postfix. -auth_username_format = %Ln diff --git a/archived/all_new_2018/linkable_etc_files/mail/etc/dovecot/conf.d/99-lmtp.conf b/archived/all_new_2018/linkable_etc_files/mail/etc/dovecot/conf.d/99-lmtp.conf deleted file mode 100644 index 097f04e..0000000 --- a/archived/all_new_2018/linkable_etc_files/mail/etc/dovecot/conf.d/99-lmtp.conf +++ /dev/null @@ -1,4 +0,0 @@ -# Add sieve filtering. -protocol lmtp { - mail_plugins = $mail_plugins sieve -} diff --git a/archived/all_new_2018/linkable_etc_files/mail/etc/dovecot/conf.d/99-mail.conf b/archived/all_new_2018/linkable_etc_files/mail/etc/dovecot/conf.d/99-mail.conf deleted file mode 100644 index 1ea9178..0000000 --- a/archived/all_new_2018/linkable_etc_files/mail/etc/dovecot/conf.d/99-mail.conf +++ /dev/null @@ -1 +0,0 @@ -mail_privileged_group = mail \ No newline at end of file diff --git a/archived/all_new_2018/linkable_etc_files/mail/etc/dovecot/conf.d/99-master.conf b/archived/all_new_2018/linkable_etc_files/mail/etc/dovecot/conf.d/99-master.conf deleted file mode 100644 index f8c5b43..0000000 --- a/archived/all_new_2018/linkable_etc_files/mail/etc/dovecot/conf.d/99-master.conf +++ /dev/null @@ -1,20 +0,0 @@ -service auth { - unix_listener auth-userdb { - } - - unix_listener /var/spool/postfix/private/auth { - mode = 0660 - user = postfix - group = postfix - } -} - -# We don't strictly need to provide a LMTP server to fetch mail from -# postfix, but we do if we want to do sophisticated stuff like sieve -# filtering on the way. -service lmtp { - inet_listener lmtp { - address = 127.0.0.1 - port = 2424 - } -} diff --git a/archived/all_new_2018/linkable_etc_files/mail/etc/dovecot/conf.d/99-ssl.conf b/archived/all_new_2018/linkable_etc_files/mail/etc/dovecot/conf.d/99-ssl.conf deleted file mode 100644 index 7fa2f5f..0000000 --- a/archived/all_new_2018/linkable_etc_files/mail/etc/dovecot/conf.d/99-ssl.conf +++ /dev/null @@ -1 +0,0 @@ -ssl = required diff --git a/archived/all_new_2018/linkable_etc_files/mail/etc/iptables/rules.v4 b/archived/all_new_2018/linkable_etc_files/mail/etc/iptables/rules.v4 deleted file mode 100644 index 2950321..0000000 --- a/archived/all_new_2018/linkable_etc_files/mail/etc/iptables/rules.v4 +++ /dev/null @@ -1,20 +0,0 @@ -*filter -:INPUT DROP [0:0] -:FORWARD DROP [0:0] -:OUTPUT ACCEPT [0:0] -# otherwise self-referential connections to local host will fail --A INPUT -i lo -j ACCEPT -# this enables ping etc. --A INPUT -p icmp -j ACCEPT -# tolerate any inbound connections requested by our server, no matter the port --A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -# SSH --A INPUT -p tcp --dport 22 -j ACCEPT -# SMTP (allowing for STARTTLS); necessary for mail server to mail server banter --A INPUT -p tcp --dport 25 -j ACCEPT -# SMTPS, for mail server to mail user agent communication --A INPUT -p tcp --dport 465 -j ACCEPT -# IMAPS --A INPUT -p tcp --dport 993 -j ACCEPT -COMMIT -# this last line is here because iptables-restore ignores the final command if no newline follows it \ No newline at end of file diff --git a/archived/all_new_2018/linkable_etc_files/mail/etc/mailutils.conf b/archived/all_new_2018/linkable_etc_files/mail/etc/mailutils.conf deleted file mode 100644 index 44efe26..0000000 --- a/archived/all_new_2018/linkable_etc_files/mail/etc/mailutils.conf +++ /dev/null @@ -1,4 +0,0 @@ -# mailutils by default uses the FQDN as the mail domain name, fix this -address { - email-domain REPLACE_maildomain_ECALPER; -}; diff --git a/archived/all_new_2018/linkable_etc_files/mail/etc/opendkim.conf b/archived/all_new_2018/linkable_etc_files/mail/etc/opendkim.conf deleted file mode 100644 index dbd31b4..0000000 --- a/archived/all_new_2018/linkable_etc_files/mail/etc/opendkim.conf +++ /dev/null @@ -1,86 +0,0 @@ -# This is a basic configuration that can easily be adapted to suit a standard -# installation. For more advanced options, see opendkim.conf(5) and/or -# /usr/share/doc/opendkim/examples/opendkim.conf.sample. - -# Log to syslog -Syslog yes -# Required to use local socket with MTAs that access the socket as a non- -# privileged user (e.g. Postfix) -UMask 007 - -# Sign for example.com with key in /etc/dkimkeys/dkim.key using -# selector '2007' (e.g. 2007._domainkey.example.com) -#Domain example.com -#KeyFile /etc/dkimkeys/dkim.key -#Selector 2007 -Domain REPLACE_Domain_ECALPER -KeyFile /etc/dkimkeys/REPLACE_Selector_ECALPER.private -Selector REPLACE_Selector_ECALPER - -# Commonly-used options; the commented-out versions show the defaults. -#Canonicalization simple -#Mode sv -#SubDomains no -#SubDomains yes -Canonicalization relaxed/simple - -# Socket smtp://localhost -# -# ## Socket socketspec -# ## -# ## Names the socket where this filter should listen for milter connections -# ## from the MTA. Required. Should be in one of these forms: -# ## -# ## inet:port@address to listen on a specific interface -# ## inet:port to listen on all interfaces -# ## local:/path/to/socket to listen on a UNIX domain socket -# -#Socket inet:8892@localhost -#Socket local:/var/run/opendkim/opendkim.sock -Socket inet:12301@localhost - -## PidFile filename -### default (none) -### -### Name of the file where the filter should write its pid before beginning -### normal operations. -# -PidFile /var/run/opendkim/opendkim.pid - - -# Always oversign From (sign using actual From and a null From to prevent -# malicious signatures header fields (From and/or others) between the signer -# and the verifier. From is oversigned by default in the Debian pacakge -# because it is often the identity key used by reputation systems and thus -# somewhat security sensitive. -OversignHeaders From - -## ResolverConfiguration filename -## default (none) -## -## Specifies a configuration file to be passed to the Unbound library that -## performs DNS queries applying the DNSSEC protocol. See the Unbound -## documentation at http://unbound.net for the expected content of this file. -## The results of using this and the TrustAnchorFile setting at the same -## time are undefined. -## In Debian, /etc/unbound/unbound.conf is shipped as part of the Suggested -## unbound package - -# ResolverConfiguration /etc/unbound/unbound.conf - -## TrustAnchorFile filename -## default (none) -## -## Specifies a file from which trust anchor data should be read when doing -## DNS queries and applying the DNSSEC protocol. See the Unbound documentation -## at http://unbound.net for the expected format of this file. - -TrustAnchorFile /usr/share/dns/root.key - -## Userid userid -### default (none) -### -### Change to user "userid" before starting normal operation? May include -### a group ID as well, separated from the userid by a colon. -# -UserID opendkim \ No newline at end of file diff --git a/archived/all_new_2018/linkable_etc_files/mail/etc/postfix/main.cf b/archived/all_new_2018/linkable_etc_files/mail/etc/postfix/main.cf deleted file mode 100644 index 7074961..0000000 --- a/archived/all_new_2018/linkable_etc_files/mail/etc/postfix/main.cf +++ /dev/null @@ -1,59 +0,0 @@ -# See /usr/share/postfix/main.cf.dist for a commented, more complete version - - -# Debian specific: Specifying a file name will cause the first -# line of that file to be used as the name. The Debian default -# is /etc/mailname. -#myorigin = /etc/mailname - -smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) -biff = no - -# appending .domain is the MUA's job. -append_dot_mydomain = no - -# Uncomment the next line to generate "delayed mail" warnings -#delay_warning_time = 4h - -readme_directory = no - -# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on -# fresh installs. -compatibility_level = 2 - -# TLS parameters (excluding smtpd_tls_(cert|key)_file for own adaption below) -smtpd_use_tls=yes -smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache -smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache - -# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for -# information on enabling SSL in the smtp client. - -smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination -myorigin = /etc/mailname -myhostname = REPLACE_myhostname_ECALPER -alias_maps = hash:/etc/aliases -alias_database = hash:/etc/aliases -mydestination = $myhostname localhost.$mydomain localhost REPLACE_mydomain_if_domainwide_ECALPER -relayhost = -mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 -mailbox_size_limit = 0 -recipient_delimiter = + -inet_interfaces = all -inet_protocols = all - -# plomlompom-specific adaptions to allow TLS and SASL via LetsEncrypt/Dovecot. -smtpd_tls_cert_file=/etc/letsencrypt/live/${myhostname}/fullchain.pem -smtpd_tls_key_file=/etc/letsencrypt/live/${myhostname}/privkey.pem -smtpd_sasl_type = dovecot -smtpd_sasl_path = private/auth - -# connect to opendkim -smtpd_milters = inet:localhost:12301 -non_smtpd_milters = inet:localhost:12301 - -# transport mail to dovecot; not strictly needed, as even without this -# postfix will throw mail to /var/mail/USER to be found by dovecot for -# serving via IMAP etc.; but using dovecot's LMTP server for delivery -# allows us to do stuff like dovecot-side sieve filtering. -mailbox_transport = lmtp:inet:127.0.0.1:2424 \ No newline at end of file diff --git a/archived/all_new_2018/linkable_etc_files/mail/etc/postfix/master.cf b/archived/all_new_2018/linkable_etc_files/mail/etc/postfix/master.cf deleted file mode 100644 index bce1262..0000000 --- a/archived/all_new_2018/linkable_etc_files/mail/etc/postfix/master.cf +++ /dev/null @@ -1,124 +0,0 @@ -# -# Postfix master process configuration file. For details on the format -# of the file, see the master(5) manual page (command: "man 5 master" or -# on-line: http://www.postfix.org/master.5.html). -# -# Do not forget to execute "postfix reload" after editing this file. -# -# ========================================================================== -# service type private unpriv chroot wakeup maxproc command + args -# (yes) (yes) (no) (never) (100) -# ========================================================================== -smtp inet n - y - - smtpd -#smtp inet n - y - 1 postscreen -#smtpd pass - - y - - smtpd -#dnsblog unix - - y - 0 dnsblog -#tlsproxy unix - - y - 0 tlsproxy -#submission inet n - y - - smtpd -# -o syslog_name=postfix/submission -# -o smtpd_tls_security_level=encrypt -# -o smtpd_sasl_auth_enable=yes -# -o smtpd_reject_unlisted_recipient=no -# -o smtpd_client_restrictions=$mua_client_restrictions -# -o smtpd_helo_restrictions=$mua_helo_restrictions -# -o smtpd_sender_restrictions=$mua_sender_restrictions -# -o smtpd_recipient_restrictions= -# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject -# -o milter_macro_daemon_name=ORIGINATING -smtps inet n - y - - smtpd - -o syslog_name=postfix/smtps - -o smtpd_tls_wrappermode=yes - -o smtpd_sasl_auth_enable=yes - -o smtpd_reject_unlisted_recipient=no -# -o smtpd_client_restrictions=$mua_client_restrictions -# -o smtpd_helo_restrictions=$mua_helo_restrictions -# -o smtpd_sender_restrictions=$mua_sender_restrictions -# -o smtpd_recipient_restrictions= -# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject -# -o milter_macro_daemon_name=ORIGINATING -#628 inet n - y - - qmqpd -pickup unix n - y 60 1 pickup -cleanup unix n - y - 0 cleanup -qmgr unix n - n 300 1 qmgr -#qmgr unix n - n 300 1 oqmgr -tlsmgr unix - - y 1000? 1 tlsmgr -rewrite unix - - y - - trivial-rewrite -bounce unix - - y - 0 bounce -defer unix - - y - 0 bounce -trace unix - - y - 0 bounce -verify unix - - y - 1 verify -flush unix n - y 1000? 0 flush -proxymap unix - - n - - proxymap -proxywrite unix - - n - 1 proxymap -smtp unix - - y - - smtp -relay unix - - y - - smtp -# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 -showq unix n - y - - showq -error unix - - y - - error -retry unix - - y - - error -discard unix - - y - - discard -local unix - n n - - local -virtual unix - n n - - virtual -lmtp unix - - y - - lmtp -anvil unix - - y - 1 anvil -scache unix - - y - 1 scache -# -# ==================================================================== -# Interfaces to non-Postfix software. Be sure to examine the manual -# pages of the non-Postfix software to find out what options it wants. -# -# Many of the following services use the Postfix pipe(8) delivery -# agent. See the pipe(8) man page for information about ${recipient} -# and other message envelope options. -# ==================================================================== -# -# maildrop. See the Postfix MAILDROP_README file for details. -# Also specify in main.cf: maildrop_destination_recipient_limit=1 -# -maildrop unix - n n - - pipe - flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient} -# -# ==================================================================== -# -# Recent Cyrus versions can use the existing "lmtp" master.cf entry. -# -# Specify in cyrus.conf: -# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4 -# -# Specify in main.cf one or more of the following: -# mailbox_transport = lmtp:inet:localhost -# virtual_transport = lmtp:inet:localhost -# -# ==================================================================== -# -# Cyrus 2.1.5 (Amos Gouaux) -# Also specify in main.cf: cyrus_destination_recipient_limit=1 -# -#cyrus unix - n n - - pipe -# user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user} -# -# ==================================================================== -# Old example of delivery via Cyrus. -# -#old-cyrus unix - n n - - pipe -# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user} -# -# ==================================================================== -# -# See the Postfix UUCP_README file for configuration details. -# -uucp unix - n n - - pipe - flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) -# -# Other external delivery methods. -# -ifmail unix - n n - - pipe - flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) -bsmtp unix - n n - - pipe - flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient -scalemail-backend unix - n n - 2 pipe - flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension} -mailman unix - n n - - pipe - flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py - ${nexthop} ${user} - diff --git a/archived/all_new_2018/linkable_etc_files/mail/etc/systemd/system/fetchmail.service b/archived/all_new_2018/linkable_etc_files/mail/etc/systemd/system/fetchmail.service deleted file mode 100644 index dc8acb4..0000000 --- a/archived/all_new_2018/linkable_etc_files/mail/etc/systemd/system/fetchmail.service +++ /dev/null @@ -1,8 +0,0 @@ -[Unit] -Description=Run plom's fetchmail - -[Service] -Type=oneshot -User=plom -# fetchmail returns 1 when no new mail, we want to catch that -ExecStart=/bin/sh -c 'fetchmail || [ $? -eq 1 ]' diff --git a/archived/all_new_2018/linkable_etc_files/mail/etc/systemd/system/pingmail.service b/archived/all_new_2018/linkable_etc_files/mail/etc/systemd/system/pingmail.service deleted file mode 100644 index e332114..0000000 --- a/archived/all_new_2018/linkable_etc_files/mail/etc/systemd/system/pingmail.service +++ /dev/null @@ -1,7 +0,0 @@ -[Unit] -Description=Run pingmail check - -[Service] -Type=oneshot -User=plom -ExecStart=/bin/sh -c '~/pingmail/pingmail check' diff --git a/archived/all_new_2018/linkable_etc_files/mail/etc/systemd/system/timers.target.wants/fetchmail.timer b/archived/all_new_2018/linkable_etc_files/mail/etc/systemd/system/timers.target.wants/fetchmail.timer deleted file mode 100644 index c67e8e7..0000000 --- a/archived/all_new_2018/linkable_etc_files/mail/etc/systemd/system/timers.target.wants/fetchmail.timer +++ /dev/null @@ -1,8 +0,0 @@ -[Unit] -Description=Run fetchmail once every minute - -[Timer] -OnCalendar=*-*-* *:*:00 - -[Install] -WantedBy=timers.target diff --git a/archived/all_new_2018/linkable_etc_files/mail/etc/systemd/system/timers.target.wants/pingmail.timer b/archived/all_new_2018/linkable_etc_files/mail/etc/systemd/system/timers.target.wants/pingmail.timer deleted file mode 100644 index dba0c9f..0000000 --- a/archived/all_new_2018/linkable_etc_files/mail/etc/systemd/system/timers.target.wants/pingmail.timer +++ /dev/null @@ -1,8 +0,0 @@ -[Unit] -Description=Run pingmail check once every hour - -[Timer] -OnCalendar=*-*-* *:00:00 - -[Install] -WantedBy=timers.target diff --git a/archived/all_new_2018/linkable_etc_files/play/etc/systemd/system/encrypt_chatlogs.service b/archived/all_new_2018/linkable_etc_files/play/etc/systemd/system/encrypt_chatlogs.service deleted file mode 100644 index d0fcb9c..0000000 --- a/archived/all_new_2018/linkable_etc_files/play/etc/systemd/system/encrypt_chatlogs.service +++ /dev/null @@ -1,6 +0,0 @@ -[Unit] -Description=Pull website repo -[Service] -Type=oneshot -User=plom -ExecStart=/bin/sh -c '~/encrypter.sh' diff --git a/archived/all_new_2018/linkable_etc_files/play/etc/systemd/system/timers.target.wants/encrypt_chatlogs.timer b/archived/all_new_2018/linkable_etc_files/play/etc/systemd/system/timers.target.wants/encrypt_chatlogs.timer deleted file mode 100644 index 79a6e1e..0000000 --- a/archived/all_new_2018/linkable_etc_files/play/etc/systemd/system/timers.target.wants/encrypt_chatlogs.timer +++ /dev/null @@ -1,8 +0,0 @@ -[Unit] -Description=Attempt encryption of old chatlogs once every minute. - -[Timer] -OnCalendar=*-*-* *:*:00 - -[Install] -WantedBy=timers.target \ No newline at end of file diff --git a/archived/all_new_2018/linkable_etc_files/sendonly/etc/aliases b/archived/all_new_2018/linkable_etc_files/sendonly/etc/aliases deleted file mode 100644 index 01e159c..0000000 --- a/archived/all_new_2018/linkable_etc_files/sendonly/etc/aliases +++ /dev/null @@ -1,3 +0,0 @@ -# /etc/aliases -postmaster: root -root: plom@plomlompom.com \ No newline at end of file diff --git a/archived/all_new_2018/linkable_etc_files/sendonly/etc/postfix/main.cf b/archived/all_new_2018/linkable_etc_files/sendonly/etc/postfix/main.cf deleted file mode 100644 index d081783..0000000 --- a/archived/all_new_2018/linkable_etc_files/sendonly/etc/postfix/main.cf +++ /dev/null @@ -1,38 +0,0 @@ -# See /usr/share/postfix/main.cf.dist for a commented, more complete version - - -# Debian specific: Specifying a file name will cause the first -# line of that file to be used as the name. The Debian default -# is /etc/mailname. -#myorigin = /etc/mailname - -smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) -biff = no - -# appending .domain is the MUA's job. -append_dot_mydomain = no - -# Uncomment the next line to generate "delayed mail" warnings -#delay_warning_time = 4h - -readme_directory = no - -# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on -# fresh installs. -compatibility_level = 2 - -# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for -# information on enabling SSL in the smtp client. - -smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination -myorigin = /etc/mailname -myhostname = $myorigin -alias_maps = hash:/etc/aliases -alias_database = hash:/etc/aliases -mydestination = $myhostname localhost.$mydomain localhost -relayhost = -mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 -mailbox_size_limit = 0 -recipient_delimiter = + -inet_interfaces = loopback-only -inet_protocols = all \ No newline at end of file diff --git a/archived/all_new_2018/linkable_etc_files/server/etc/iptables/rules.v4 b/archived/all_new_2018/linkable_etc_files/server/etc/iptables/rules.v4 deleted file mode 100644 index 8e0b1f6..0000000 --- a/archived/all_new_2018/linkable_etc_files/server/etc/iptables/rules.v4 +++ /dev/null @@ -1,14 +0,0 @@ -*filter -:INPUT DROP [0:0] -:FORWARD DROP [0:0] -:OUTPUT ACCEPT [0:0] -# otherwise self-referential connections to local host will fail --A INPUT -i lo -j ACCEPT -# tolerate any inbound connections requested by our server, no matter the port --A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -# this enables ping etc. --A INPUT -p icmp -j ACCEPT -# SSH --A INPUT -p tcp --dport 22 -j ACCEPT -COMMIT -# this last line is here because iptables-restore ignores the final command if no newline follows it \ No newline at end of file diff --git a/archived/all_new_2018/linkable_etc_files/server/etc/ssh/sshd_config b/archived/all_new_2018/linkable_etc_files/server/etc/ssh/sshd_config deleted file mode 100644 index 89d08ac..0000000 --- a/archived/all_new_2018/linkable_etc_files/server/etc/ssh/sshd_config +++ /dev/null @@ -1,126 +0,0 @@ -# $OpenBSD: sshd_config,v 1.100 2016/08/15 12:32:04 naddy Exp $ - -# This is the sshd server system-wide configuration file. See -# sshd_config(5) for more information. - -# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin - -# The strategy used for options in the default sshd_config shipped with -# OpenSSH is to specify options with their default value where -# possible, but leave them commented. Uncommented options override the -# default value. - -Port 22 -#AddressFamily any -#ListenAddress 0.0.0.0 -#ListenAddress :: - -#HostKey /etc/ssh/ssh_host_rsa_key -#HostKey /etc/ssh/ssh_host_ecdsa_key -#HostKey /etc/ssh/ssh_host_ed25519_key - -# Ciphers and keying -#RekeyLimit default none - -# Logging -#SyslogFacility AUTH -#LogLevel INFO - -# Authentication: - -#LoginGraceTime 2m -PermitRootLogin no # plomlompom's security rule -#StrictModes yes -#MaxAuthTries 6 -#MaxSessions 10 - -#PubkeyAuthentication yes - -# Expect .ssh/authorized_keys2 to be disregarded by default in future. -#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2 - -#AuthorizedPrincipalsFile none - -#AuthorizedKeysCommand none -#AuthorizedKeysCommandUser nobody - -# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts -#HostbasedAuthentication no -# Change to yes if you don't trust ~/.ssh/known_hosts for -# HostbasedAuthentication -#IgnoreUserKnownHosts no -# Don't read the user's ~/.rhosts and ~/.shosts files -#IgnoreRhosts yes - -# To disable tunneled clear text passwords, change to no here! -#PasswordAuthentication yes -#PermitEmptyPasswords no - -# Change to yes to enable challenge-response passwords (beware issues with -# some PAM modules and threads) -ChallengeResponseAuthentication no - -# Kerberos options -#KerberosAuthentication no -#KerberosOrLocalPasswd yes -#KerberosTicketCleanup yes -#KerberosGetAFSToken no - -# GSSAPI options -#GSSAPIAuthentication no -#GSSAPICleanupCredentials yes -#GSSAPIStrictAcceptorCheck yes -#GSSAPIKeyExchange no - -# Set this to 'yes' to enable PAM authentication, account processing, -# and session processing. If this is enabled, PAM authentication will -# be allowed through the ChallengeResponseAuthentication and -# PasswordAuthentication. Depending on your PAM configuration, -# PAM authentication via ChallengeResponseAuthentication may bypass -# the setting of "PermitRootLogin yes -# If you just want the PAM account and session checks to run without -# PAM authentication, then enable this but set PasswordAuthentication -# and ChallengeResponseAuthentication to 'no'. -UsePAM yes - -#AllowAgentForwarding yes -#AllowTcpForwarding yes -#GatewayPorts no -X11Forwarding yes -#X11DisplayOffset 10 -#X11UseLocalhost yes -#PermitTTY yes -PrintMotd no -#PrintLastLog yes -#TCPKeepAlive yes -#UseLogin no -#UsePrivilegeSeparation sandbox -#PermitUserEnvironment no -#Compression delayed -#ClientAliveInterval 0 -#ClientAliveCountMax 3 -#UseDNS no -#PidFile /var/run/sshd.pid -#MaxStartups 10:30:100 -#PermitTunnel no -#ChrootDirectory none -#VersionAddendum none - -# no default banner path -#Banner none - -# Allow client to pass locale environment variables -AcceptEnv LANG LC_* - -# override default of no subsystems -Subsystem sftp /usr/lib/openssh/sftp-server - -# Example of overriding settings on a per-user basis -#Match User anoncvs -# X11Forwarding no -# AllowTcpForwarding no -# PermitTTY no -# ForceCommand cvs server - -ClientAliveInterval 120 -PasswordAuthentication no # plomlompom's security rule diff --git a/archived/all_new_2018/linkable_etc_files/web/etc/cron.d/certbot b/archived/all_new_2018/linkable_etc_files/web/etc/cron.d/certbot deleted file mode 100644 index 1fd8aaf..0000000 --- a/archived/all_new_2018/linkable_etc_files/web/etc/cron.d/certbot +++ /dev/null @@ -1,17 +0,0 @@ -# /etc/cron.d/certbot: crontab entries for the certbot package -# -# Upstream recommends attempting renewal twice a day -# -# Eventually, this will be an opportunity to validate certificates -# haven't been revoked, etc. Renewal will only occur if expiration -# is within 30 days. -SHELL=/bin/sh -PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin - -# plomlompom added the --webroot -w /var/www/html/ so that renewal -# works with nginx running, and the nginx reload post-hook so that -# the new certificates are linked to by nginx. Note that by default -# we rely on the systemd timer service file instead of this cronjob, -# but since both are installed by the certbot package to serve which -# ever of the two is used, we cautiously adapt both of them too. -0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(3600))' && certbot -q renew --webroot -w /var/www/html/ --post-hook "service nginx reload" diff --git a/archived/all_new_2018/linkable_etc_files/web/etc/gitweb.conf b/archived/all_new_2018/linkable_etc_files/web/etc/gitweb.conf deleted file mode 100644 index 71ce3c5..0000000 --- a/archived/all_new_2018/linkable_etc_files/web/etc/gitweb.conf +++ /dev/null @@ -1,19 +0,0 @@ -# path to git projects (.git) -$projectroot = "/var/public_repos"; - -# directory to use for temp files -# explicitely set by Debian so it's probably a good choice -$git_temp = "/tmp"; - -# git-diff-tree(1) options to use for generated patches -# we don't want to to guess renames, so empty -@diff_opts = (); - -# Base path for where to find the repos for cloning. -@git_base_url_list = ('https://REPLACE_fqdn_ECALPER/repos/clone'); - -# allow snapshots -$feature{'snapshot'}{'default'} = ['zip', 'tgz']; - -# insert header for GDPR compliance -$site_header = "/var/www/header.html" diff --git a/archived/all_new_2018/linkable_etc_files/web/etc/iptables/rules.v4 b/archived/all_new_2018/linkable_etc_files/web/etc/iptables/rules.v4 deleted file mode 100644 index 9b714c6..0000000 --- a/archived/all_new_2018/linkable_etc_files/web/etc/iptables/rules.v4 +++ /dev/null @@ -1,18 +0,0 @@ -*filter -:INPUT DROP [0:0] -:FORWARD DROP [0:0] -:OUTPUT ACCEPT [0:0] -# otherwise self-referential connections to local host will fail --A INPUT -i lo -j ACCEPT -# tolerate any inbound connections requested by our server, no matter the port --A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -# this enables ping etc. --A INPUT -p icmp -j ACCEPT -# SSH --A INPUT -p tcp --dport 22 -j ACCEPT -# HTTP --A INPUT -p tcp --dport 80 -j ACCEPT -# HTTPS --A INPUT -p tcp --dport 443 -j ACCEPT -COMMIT -# this last line is here because iptables-restore ignores the final command if no newline follows it \ No newline at end of file diff --git a/archived/all_new_2018/linkable_etc_files/web/etc/nginx/nginx.conf b/archived/all_new_2018/linkable_etc_files/web/etc/nginx/nginx.conf deleted file mode 100644 index f1be9e6..0000000 --- a/archived/all_new_2018/linkable_etc_files/web/etc/nginx/nginx.conf +++ /dev/null @@ -1,84 +0,0 @@ -# system integration -user www-data; -worker_processes auto; -pid /run/nginx.pid; - -# we need this for the xslt_stylesheet directive below -#load_module modules/ngx_http_xslt_filter_module.so; - -# is expected even if empty -events { -} - -http { - # define content-type headers - types { - text/html html htm shtml; - text/css css; - text/xml xml; - text/plain txt sh rst md asc; - application/xhtml+xml xhtml; - application/pdf pdf; - image/jpeg jpg jpeg; - image/png png; - } - default_type application/octet_stream; - charset utf-8; - - # logging deactivated due to GDPR - #access_log /var/log/nginx/access.log; - #error_log /var/log/nginx/error.log; - - # HTTP server: only enforce HTTPS - server { - listen 80; - return 301 https://$host$request_uri; - } - - # HTTPS server - server { - listen 443 ssl; - server_name REPLACE_fqdn_ECALPER; - ssl_certificate /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/privkey.pem; - root /var/www/html/; - index index.html index.htm index.nginx-debian.html; - - # serve /var/www/public_repos/* for HTTPS git cloning - location ~ /repos/clone(/.*) { - include fastcgi_params; - fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend; - fastcgi_param GIT_HTTP_EXPORT_ALL ""; - fastcgi_param GIT_PROJECT_ROOT /var/public_repos; - fastcgi_param PATH_INFO $1; - fastcgi_pass unix:/var/run/fcgiwrap.socket; - } - - # gitweb static files - location /repos/static/ { - alias /usr/share/gitweb/static/; - } - - # gitweb; this needs packages fcgiwrap and gitweb - location /repos/ { - include fastcgi_params; - fastcgi_param SCRIPT_FILENAME /usr/share/gitweb/gitweb.cgi; - fastcgi_param GITWEB_CONFIG /etc/gitweb.conf; - fastcgi_pass unix:/var/run/fcgiwrap.socket; - } - - # login-protected IRC logs - location ~ /irclogs/([^/]+)/ { - auth_basic "$1 logs"; - auth_basic_user_file /var/www/irclogs_pw/$1; - autoindex on; - } - - ## entry for IRC logs - #location /irclogs/ { - # autoindex on; - # autoindex_format xml; - # xslt_stylesheet /var/www/autoindex.xslt; - #} - } -} diff --git a/archived/all_new_2018/linkable_etc_files/web/etc/systemd/system/certbot.service b/archived/all_new_2018/linkable_etc_files/web/etc/systemd/system/certbot.service deleted file mode 100644 index 0d20d1f..0000000 --- a/archived/all_new_2018/linkable_etc_files/web/etc/systemd/system/certbot.service +++ /dev/null @@ -1,11 +0,0 @@ -[Unit] -Description=Certbot -Documentation=file:///usr/share/doc/python-certbot-doc/html/index.html -Documentation=https://letsencrypt.readthedocs.io/en/latest/ -[Service] -# plomlompom added the --webroot -w /var/www/html/ so that renewal -# works with nginx running, and the nginx reload post-hook so that -# the new certificates are linked to by nginx. -Type=oneshot -ExecStart=/usr/bin/certbot -q renew --webroot -w /var/www/html/ --post-hook "service nginx reload" -PrivateTmp=true \ No newline at end of file diff --git a/archived/all_new_2018/linkable_etc_files/web/etc/systemd/system/plomlombot.service b/archived/all_new_2018/linkable_etc_files/web/etc/systemd/system/plomlombot.service deleted file mode 100644 index a4f6769..0000000 --- a/archived/all_new_2018/linkable_etc_files/web/etc/systemd/system/plomlombot.service +++ /dev/null @@ -1,11 +0,0 @@ -[Unit] -Description=plomlombot screen - -[Service] -Type=simple -User=plom -ExecStart=/bin/sh -c '~/plomlombot_daemon.sh' -Restart=always - -[Install] -WantedBy=multi-user.target diff --git a/archived/all_new_2018/setup_scripts/add_encryption_key.sh b/archived/all_new_2018/setup_scripts/add_encryption_key.sh deleted file mode 100755 index 71a9488..0000000 --- a/archived/all_new_2018/setup_scripts/add_encryption_key.sh +++ /dev/null @@ -1,30 +0,0 @@ -#!/bin/sh -set -e - -# Ensure we have a GPG target to encrypt to. -if [ $# -lt 1 ]; then - echo "Need public key ID as argument." - false -fi -gpg_key="$1" - -config_tree_prefix="${HOME}/config/all_new_2018" -apt -y install gnupg dirmngr -keyservers='sks-keyservers.net/ keys.gnupg.net' -set +e -while true; do - do_break=0 - for keyserver in $(echo "${keyservers}"); do - su plom -c "gpg --no-tty --keyserver $keyserver --recv-key ${gpg_key}" - if [ $? -eq "0" ]; then - do_break=1 - break - fi - echo "Attempt with keyserver ${keyserver} unsuccessful, trying other." - done - if [ "${do_break}" -eq "1" ]; then - break - fi -done -set -e -# TODO: We may remove dirmngr here if only this script installed it. diff --git a/archived/all_new_2018/setup_scripts/hardlink_etc.sh b/archived/all_new_2018/setup_scripts/hardlink_etc.sh deleted file mode 100755 index 9d9acc2..0000000 --- a/archived/all_new_2018/setup_scripts/hardlink_etc.sh +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/sh -# Hard link files to those in argument-selected subdirectories of -# linkable_etc_files//, e.g. link /etc/foo/bar to -# linkable_etc_files/$1/etc/foo/bar and so on. Create directories as -# necessary. We do the hard linking so files that should be readable to -# non-root in /etc/ remain so despite having a path below /root/, as -# symbolic links point into /root/ without making the targets readable -# to non-root. -# CAUTION: This removes original files at the affected paths. -set -e - -config_tree_prefix="${HOME}/config/all_new_2018" -linkable_files_dir="${config_tree_prefix}/linkable_etc_files" - -for target in "$@"; do - cd "${linkable_files_dir}/${target}" - for path in $(find . -type f); do - linking=$(echo "${path}" | cut -c2-) - linked=$(realpath "${path}") - dir=$(dirname "${linking}") - mkdir -p "${dir}" - ln -f "${linked}" "${linking}" - done -done diff --git a/archived/all_new_2018/setup_scripts/init_user_and_keybased_login.sh b/archived/all_new_2018/setup_scripts/init_user_and_keybased_login.sh deleted file mode 100755 index 6a46c20..0000000 --- a/archived/all_new_2018/setup_scripts/init_user_and_keybased_login.sh +++ /dev/null @@ -1,52 +0,0 @@ -#!/bin/sh -# This script turns a fresh server with password-based root access to -# one of only key-based access and only to new non-root account plom. -# -# CAUTION: This is optimized for a *fresh* setup. It will overwrite any -# pre-existing ~/.ssh/authorized_keys of user plom with one that solely -# contains the local ~/.ssh/id_rsa.pub, and also any old -# /etc/ssh/sshd_config. -# -# Dependencies: ssh, scp, sshpass, ~/.ssh/id_rsa.pub, properly -# configured sshd_config file in reach. -set -e - -# Location auf a sshd_config with "PermitRootLogin no" and -# "PasswordAuthentication no". -config_tree_prefix="${HOME}/config/all_new_2018" -linkable_files_dir="${config_tree_prefix}/linkable_etc_files/server" -system_path_sshd_config='/etc/ssh/sshd_config' -local_path_sshd_config="${linkable_files_dir}/${system_path_sshd_config}" - -# Ensure we have a server name as argument. -if [ $# -eq 0 ]; then - echo "Need server as argument." - false -fi -server="$1" - -# Ask for root password only once, sshpass will re-use it then often. -stty -echo -printf "Server root password: " -read PW_ROOT -stty echo -printf "\n" -export SSHPASS="${PW_ROOT}" - -# Create user plom, and his ~/.ssh/authorized_keys based on the local -# ~/.ssh/id_rsa.pub; ensure the result has proper permissions and -# ownerships. Then disable root and pw login by copying over the -# sshd_config and restart ssh daemon. -# -# This could be a line or two shorter by using ssh-copy-id, but that -# would require setting a password for user plom otherwise not needed. -sshpass -e scp ~/.ssh/id_rsa.pub root@"${server}":/tmp/authorized_keys -sshpass -e ssh root@"${server}" \ - 'useradd -m plom && '\ - 'mkdir /home/plom/.ssh && '\ - 'chown plom:plom /home/plom/.ssh && '\ - 'chown plom:plom /tmp/authorized_keys && '\ - 'chmod u=rw,go= /tmp/authorized_keys && '\ - 'mv /tmp/authorized_keys /home/plom/.ssh/' -sshpass -e scp "${local_path_sshd_config}" root@"${server}":"${system_path_sshd_config}" -sshpass -e ssh root@"${server}" 'service ssh restart' diff --git a/archived/all_new_2018/setup_scripts/install_for_target.sh b/archived/all_new_2018/setup_scripts/install_for_target.sh deleted file mode 100755 index 53914d6..0000000 --- a/archived/all_new_2018/setup_scripts/install_for_target.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/sh -# Walks through the package names in the argument-selected files of -# apt-mark/ and ensures the respective packages are installed. -# -# Ignores anything in an apt-mark/ file after the last newline. -set -e - -config_tree_prefix="${HOME}/config/all_new_2018" -aptmark_dir="${config_tree_prefix}/apt-mark" - -for target in "$@"; do - path="${aptmark_dir}/${target}" - cat "${path}" | while read line; do - echo "$line" - if [ ! $(echo "${line}" | cut -c1) = "#" ]; then - apt-get -y install "${line}" - fi - done -done diff --git a/archived/all_new_2018/setup_scripts/letsencrypt.sh b/archived/all_new_2018/setup_scripts/letsencrypt.sh deleted file mode 100755 index 29ed3b6..0000000 --- a/archived/all_new_2018/setup_scripts/letsencrypt.sh +++ /dev/null @@ -1,31 +0,0 @@ -#!/bin/sh -# Certify current server with LetsEncrypt. -# Uses hostname -f for the domain we want to certify. -set -e - -# Ensure we have a mail address as argument. -if [ $# -lt 1 ]; then - echo "Need mail address as argument." - false -fi -mail_address="$1" - -# We need certbot to get LetsEncrypt certificates. -apt install -y certbot - -# If port 80 blocked by iptables, open it. -set +e -iptables -C INPUT -p tcp --dport 80 -j ACCEPT -open_iptables="$?" -set -e -if [ "${open_iptables}" -eq "1" ]; then - iptables -A INPUT -p tcp --dport 80 -j ACCEPT -fi - -# Create new certificate and copy it to /etc/letsencrypt. -certbot certonly --standalone --agree-tos -m "${mail_address}" -d "$(hostname -f)" - -# Remove iptables rule to open port 80 if we added it. -if [ "${open_iptables}" -eq "1" ]; then - iptables -D INPUT -p tcp --dport 80 -j ACCEPT -fi diff --git a/archived/all_new_2018/setup_scripts/letsencrypt_get.sh b/archived/all_new_2018/setup_scripts/letsencrypt_get.sh deleted file mode 100755 index c2b3e9f..0000000 --- a/archived/all_new_2018/setup_scripts/letsencrypt_get.sh +++ /dev/null @@ -1,20 +0,0 @@ -#!/bin/sh -# Copy over LetsEncrypt certificates from another server. -set -e - -# Ensure we have a server name as argument. -if [ $# -lt 1 ]; then - echo "Need server as argument." - false -fi -server="$1" - -# Copy over. -ssh -t plom@${server} 'su -c "cd /etc/ && tar cf letsencrypt.tar letsencrypt && chown plom:plom letsencrypt.tar && mv letsencrypt.tar /home/plom/"' -scp plom@${server}:~/letsencrypt.tar . -apt -y install certbot -rmdir /etc/letsencrypt -mv letsencrypt.tar /etc/ -cd /etc/ -tar xf letsencrypt.tar -rm letsencrypt.tar diff --git a/archived/all_new_2018/setup_scripts/mirror_dir.sh b/archived/all_new_2018/setup_scripts/mirror_dir.sh deleted file mode 100755 index 0fc03aa..0000000 --- a/archived/all_new_2018/setup_scripts/mirror_dir.sh +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/sh -# Mirror directory tree from remote to local server, keeping the path. -set -e - -if [ $# -lt 2 ]; then - echo "Need server and directory as arguments." - false -fi -server=$1 -dir=$2 -path_package=/tmp/delete.tar - -eval `ssh-agent` -ssh-add -cd -ssh plom@"${server}" "cd \"${dir}\" && tar cf ${path_package} ." -scp plom@"${server}":"${path_package}" "${path_package}" -mkdir -p "${dir}" -cd "${dir}" -tar xf "${path_package}" -cd -rm "${path_package}" -ssh plom@"${server}" rm "${path_package}" diff --git a/archived/all_new_2018/setup_scripts/prepare_to_meet_server.sh b/archived/all_new_2018/setup_scripts/prepare_to_meet_server.sh deleted file mode 100755 index 13d05ca..0000000 --- a/archived/all_new_2018/setup_scripts/prepare_to_meet_server.sh +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/sh -# Do some of the steps necessary to SSH (key-based) with another server. -set -e - -target="$1" - -# We need a public key to copy over, so generate it if not found. -if [ ! -f ~/.ssh/id_rsa.pub ]; then - ssh-keygen -fi - -# Add target to ~/.ssh/known_hosts so we don't get -# asked for permission at inopportune moments. -ssh-keyscan -H "$target" >> ~/.ssh/known_hosts - -# Tell user what to do. -echo "APPEND FOLLOWING TO TARGET'S ~/.ssh/authorized_keys:" -cat ~/.ssh/id_rsa.pub diff --git a/archived/all_new_2018/setup_scripts/purge_nonrequireds.sh b/archived/all_new_2018/setup_scripts/purge_nonrequireds.sh deleted file mode 100755 index e444a55..0000000 --- a/archived/all_new_2018/setup_scripts/purge_nonrequireds.sh +++ /dev/null @@ -1,26 +0,0 @@ -#!/bin/sh -# This script removes all Debian packages that are not of Priority -# "required" or not depended on by packages of priority "required" -# or not listed in the argument-selected files of apt-mark/. -set -e - -config_tree_prefix="${HOME}/config/all_new_2018" -aptmark_dir="${config_tree_prefix}/apt-mark" - -dpkg-query -Wf '${Package} ${Priority}\n' | grep ' required' | sed 's/ required//' > /tmp/list_white_unsorted -for target in "$@"; do - path="${aptmark_dir}/${target}" - cat "${path}" | while read line; do - if [ ! $(echo "${line}" | cut -c1) = "#" ]; then - echo "${line}" >> /tmp/list_white_unsorted - fi - done -done -sort /tmp/list_white_unsorted > /tmp/list_white -dpkg-query -Wf '${Package}\n' > /tmp/list_all_packages -sort /tmp/list_all_packages > /tmp/foo -mv /tmp/foo /tmp/list_all_packages -comm -3 /tmp/list_all_packages /tmp/list_white > /tmp/list_black -apt-mark auto `cat /tmp/list_black` -DEBIAN_FRONTEND=noninteractive apt-get -y --purge autoremove -rm /tmp/list_all_packages /tmp/list_white_unsorted /tmp/list_white /tmp/list_black diff --git a/archived/all_new_2018/setup_scripts/set_hostname_and_fqdn.sh b/archived/all_new_2018/setup_scripts/set_hostname_and_fqdn.sh deleted file mode 100755 index 3f95590..0000000 --- a/archived/all_new_2018/setup_scripts/set_hostname_and_fqdn.sh +++ /dev/null @@ -1,45 +0,0 @@ -#!/bin/sh -# Sets hostname and optionally FQDN. -# -# Calls hostname, writes to /etc/hostname and /etc/hosts. For /etc/hosts -# writing follows recommendations from Debian manual at -# -# (section "The hostname resolution") on how to map hostname and possibly -# FQDN to a permanent IP if present (we assume here any non-private IP -# and non-loopback IP returned by hostname -I to fulfill that criterion -# on our systems) or to 127.0.1.1 if not. On the reasoning for separating -# localhost and hostname mapping to different IPs, see -# . -set -e - -hostname="$1" -fqdn="$2" -if [ "${hostname}" = "" ]; then - echo "Need hostname as argument." - false -fi -echo "${hostname}" > /etc/hostname -hostname "${hostname}" - -final_ip="127.0.1.1" -for ip in $(hostname -I); do - range_1=$(echo "${ip}" | cut -d "." -f 1) - range_2=$(echo "${ip}" | cut -d "." -f 2) - if [ "${range_1}" -eq 127 ]; then - continue - elif [ "${range_1}" -eq 10 ]; then - continue - elif [ "${range_1}" -eq 172 ]; then - if [ "${range_2}" -ge 16 ] && [ "${range_2}" -le 31 ]; then - continue - fi - elif [ "${range_1}" -eq 192 ]; then - if [ "${range_2}" -eq 168 ]; then - continue - fi - fi - final_ip="${ip}" -done - -echo "127.0.0.1 localhost.localdomain localhost" > /etc/hosts -echo "${final_ip} ${fqdn} ${hostname}" >> /etc/hosts diff --git a/archived/all_new_2018/setup_scripts/setup_mail.sh b/archived/all_new_2018/setup_scripts/setup_mail.sh deleted file mode 100755 index 2080705..0000000 --- a/archived/all_new_2018/setup_scripts/setup_mail.sh +++ /dev/null @@ -1,94 +0,0 @@ -#/bin/sh -set -e - -# Check we have the necessary arguments. -if [ $# -lt 2 ]; then - echo "Give arguments of mail domain and DKIM selector." - echo "Also, if hosting mail for entire domain, give third argument 'domainwide'." - false -fi -mail_domain="$1" -dkim_selector="$2" -domainwide="$3" - -config_tree_prefix="${HOME}/config/all_new_2018" -setup_scripts_dir="${config_tree_prefix}/setup_scripts" -cd "${setup_scripts_dir}" - -# Set up DKIM key. Only keep opendkim-tools on system if pre-installed. -mkdir -p /etc/dkimkeys/ -set +e -dpkg -s opendkim-tools &> /dev/null -preinstalled="$?" -set -e -if [ ! "${preinstalled}" -eq "0" ]; then - apt install -y opendkim-tools -fi -opendkim-genkey -s "${dkim_selector}" -mv "${dkim_selector}.private" /etc/dkimkeys/ -if [ ! "${preinstalled}" -eq "0" ]; then - apt -y --purge autoremove opendkim-tools -fi - -# Link and adapt mail-server-specific /etc/ files. -./hardlink_etc.sh mail -sed -i "s/REPLACE_maildomain_ECALPER/${mail_domain}/g" /etc/mailutils.conf -sed -i "s/REPLACE_Domain_ECALPER/${mail_domain}/g" /etc/opendkim.conf -sed -i "s/REPLACE_Selector_ECALPER/${dkim_selector}/g" /etc/opendkim.conf -sed -i "s/REPLACE_myhostname_ECALPER/$(hostname -f)/g" /etc/postfix/main.cf -if [ "${domainwide}" = "domainwide" ]; then - sed -i 's/REPLACE_mydomain_if_domainwide_ECALPER/$mydomain/g' /etc/postfix/main.cf -else - sed -i 's/REPLACE_mydomain_if_domainwide_ECALPER//g' /etc/postfix/main.cf -fi -# Since we re-set the iptables rules, we need to reload them. -iptables-restore /etc/iptables/rules.v4 - -# Some useful debconf selections. -echo "postfix postfix/main_mailer_type string 'Internet Site'" | debconf-set-selections -echo "ssl_cert = /etc/dovecot/conf.d/99-ssl-certs.conf -echo "ssl_key = > /etc/dovecot/conf.d/99-ssl-certs.conf - -# The second line should not be necessary due to the first line, but for -# some reason the installation forgets to set up /etc/mailname early -# enough to not (when running newaliases) stumble over its absence. -echo "postfix postfix/mailname string ${mail_domain}" | debconf-set-selections -echo "${mail_domain}" > /etc/mailname - -# Everything should now be ready for installations. Note that we don't -# strictly need dovecot-lmtpd, as postfix will deliver mail to /var/mail/USER -# in any case, to be found by dovecot; we use it as a transport mechanism to -# allow for sophisticated stuff like dovecot-side sieve filtering (installed -# with dovecot-sieve). -apt install -y -o Dpkg::Options::=--force-confold postfix dovecot-imapd dovecot-lmtpd dovecot-sieve opendkim -cp "${config_tree_prefix}/user_files/dovecot.sieve" /home/plom/.dovecot.sieve -chown plom:plom /home/plom/.dovecot.sieve - -# Pingmail setup. -apt install -y mailutils -cp "${config_tree_prefix}/user_files/pingmailrc" /home/plom/.pingmailrc -chown plom:plom /home/plom/.pingmailrc -su plom -c "cd && git clone https://plomlompom.com/repos/clone/pingmail.git" - -# In addition to our postfix server receiving mails, we funnel mails from a -# POP3 account into dovecot via fetchmail. It might make sense to adapt the -# ~/.dovecot.sieve to move mails targeted to the fetched mail account to their -# own mbox. -apt -y install fetchmail -cp "${config_tree_prefix}/user_files/fetchmailrc" /home/plom/.fetchmailrc -chown plom:plom /home/plom/.fetchmailrc -chmod 0700 /home/plom/.fetchmailrc - -# Pingmail and fetchmail have some systemd timers waiting. To let systemd -# know about them, do this. -systemctl daemon-reload - -# Final advice to user. -echo "TODO: Ensure MX entry for your system in your DNS configuration." -echo "TODO: Ensure a proper SPF entry for this system in your DNS configuration; something like 'v=spf1 mx -all' mapped to your host." -echo "TODO: passwd plom for IMAPS login" -echo "TODO: adapt /home/plom/.fetchmailrc and then do: systemctl start fetchmail.timer" -echo "TODO: adapt /home/plom/.dovecot.sieve and /home/plom/.pingmailrc (sieve mail by pingmail target person into mbox defined in .pingmailrc), then run: systemctl start pingmail.timer" -echo "TODO: Add the follow DMARK entry as TXT to your DNS configugration: 'v=DMARC1; p=none; rua=mailto:plom+dmarc@plomlompom.com;' mapped to _dmarc" -echo "TODO: Add the following DKIM entry to your DNS configuration (possibly with slightly changed host entry – if your mail domain includes a subdomain, append that with a dot):" -cat "${dkim_selector}.txt" diff --git a/archived/all_new_2018/setup_scripts/setup_play.sh b/archived/all_new_2018/setup_scripts/setup_play.sh deleted file mode 100755 index f37be49..0000000 --- a/archived/all_new_2018/setup_scripts/setup_play.sh +++ /dev/null @@ -1,36 +0,0 @@ -#!/bin/sh -set -e - -# Ensure we have a GPG target to encrypt to. -if [ $# -lt 1 ]; then - echo "Need public key ID as argument." - false -fi -gpg_key="$1" - -config_tree_prefix="${HOME}/config/all_new_2018" -setup_scripts_dir="${config_tree_prefix}/setup_scripts" -cd "${setup_scripts_dir}" - -# If anything strange happens, let root send mail to us. -./setup_sendonly.sh - -# Apart from weechat, vim and screen will also be useful for everyday activity. -apt -y install weechat screen vim - -# Link and copy over files. -./hardlink_etc.sh play -cp "${config_tree_prefix}/user_files/encrypter.sh" /home/plom/ -chown plom:plom /home/plom/encrypter.sh -cp "${config_tree_prefix}/user_files/weechat-wrapper.sh" /home/plom/ -chown plom:plom /home/plom/weechat-wrapper.sh -cp "${config_tree_prefix}/user_files/weechatrc" /home/plom/.weechatrc -chown plom:plom /home/plom/.weechatrc -apt -y install screen -echo "$gpg_key" > /home/plom/.encrypt_target -chown plom:plom /home/plom/.encrypt_target - -# Start encrypt_chatlogs job. -./add_encryption_key.sh "${gpg_key}" -systemctl daemon-reload -systemctl start encrypt_chatlogs.timer diff --git a/archived/all_new_2018/setup_scripts/setup_plomlombot.sh b/archived/all_new_2018/setup_scripts/setup_plomlombot.sh deleted file mode 100755 index de22ef3..0000000 --- a/archived/all_new_2018/setup_scripts/setup_plomlombot.sh +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/sh -set -e - -# Ensure we have a GPG target to encrypt to. -if [ $# -lt 1 ]; then - echo "Need public key ID as argument." - false -fi -gpg_key="$1" - -config_tree_prefix="${HOME}/config/all_new_2018" -irclogs_dir=/var/www/html/irclogs -irclogs_pw_dir=/var/www/irclogs_pw - -./add_encryption_key.sh "${gpg_key}" -apt -y install screen python3-venv -cp "${config_tree_prefix}"/user_files/plomlombot_daemon.sh /home/plom/ -chown plom:plom /home/plom/plomlombot_daemon.sh -su plom -c "cd && git clone /var/public_repos/plomlombot-irc" -systemctl enable /etc/systemd/system/plomlombot.service -service plomlombot start -mkdir -p "${irclogs_dir}" -chown -R plom:plom "${irclogs_dir}" -mkdir -p "${irclogs_pw_dir}" -chown -R plom:plom "${irclogs_pw_dir}" -echo "Don't forget to add a file ~/.plomlombot with content such as:" -echo "gpg_key ${gpg_key}" -echo "bot: SCREEN_SESSION_NAME BOT_NAME #CHANNEL_NAME IRC_SERVER_NAME LOGS_USER LOGS_PW" -echo "# file should end in newline or non-interpreted line such as this" diff --git a/archived/all_new_2018/setup_scripts/setup_sendonly.sh b/archived/all_new_2018/setup_scripts/setup_sendonly.sh deleted file mode 100755 index e761eeb..0000000 --- a/archived/all_new_2018/setup_scripts/setup_sendonly.sh +++ /dev/null @@ -1,14 +0,0 @@ -#!/bin/sh -# This sets up the minimum of a mail server necessary to send out mails -# to the world. -set -e - -config_tree_prefix="${HOME}/config/all_new_2018" -setup_scripts_dir="${config_tree_prefix}/setup_scripts" -cd "${setup_scripts_dir}" - -./hardlink_etc.sh sendonly -echo "postfix postfix/main_mailer_type string 'Internet Site'" | debconf-set-selections -echo "postfix postfix/mailname string $(hostname -f)" | debconf-set-selections -echo "$(hostname -f)" > /etc/mailname -apt install -y postfix diff --git a/archived/all_new_2018/setup_scripts/setup_server.sh b/archived/all_new_2018/setup_scripts/setup_server.sh deleted file mode 100755 index 172d8d2..0000000 --- a/archived/all_new_2018/setup_scripts/setup_server.sh +++ /dev/null @@ -1,52 +0,0 @@ -#!/bin/sh -# Next setup steps for a server whose login policy has just been set from -# the outside via ./init_user_and_keybased_login.sh. -set -e - -# Provide maximum input for set_hostname_and_fqdn.sh. -if [ "$#" -ne 2 ]; then - echo 'Need exactly two arguments (hostname, FQDN).' - false -fi -hostname="$1" -fqdn="$2" - -config_tree_prefix="${HOME}/config/all_new_2018" -setup_scripts_dir="${config_tree_prefix}/setup_scripts" -cd "${setup_scripts_dir}" - -# Adapt /etc/ to our needs by hardlinking into ./linkable_etc_files. This -# will set basic configurations affecting following steps, such as setup -# of APT and the locale selection, so needs to be right at the beginning. -./hardlink_etc.sh all server - -# Set hostname and FQDN. -./set_hostname_and_fqdn.sh "${hostname}" "${fqdn}" - -# Some debconf selections we don't want to get asked during coming -# install actions. -echo 'iptables-persistent iptables-persistent/autosave_v4 boolean false' | debconf-set-selections -echo 'iptables-persistent iptables-persistent/autosave_v6 boolean false' | debconf-set-selections - -# Ensure package installation state as defined by what packages are -# defined as required by Debian policy and by settings in ./apt-mark/. -apt update -./install_for_target.sh all server -./purge_nonrequireds.sh all server - -# Ensure our desired locale is available. -locale-gen - -# Only upgrade after reducing the system to the desired minimum, so that -# we don't need to get more data than necessary. -apt -y dist-upgrade - -# Set Berlin localtime. -ln -sf /usr/share/zoneinfo/Europe/Berlin /etc/localtime - -# If we have not yet set the shell for user plom, ensure it here. This -# is mostly for convenience. -usermod -s /bin/bash plom - -# We want to be able to use ALL our servers as borg backup destinations. -apt -y install borgbackup diff --git a/archived/all_new_2018/setup_scripts/setup_web.sh b/archived/all_new_2018/setup_scripts/setup_web.sh deleted file mode 100755 index 400aa22..0000000 --- a/archived/all_new_2018/setup_scripts/setup_web.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/sh -# Set up plomlompom.com web server. -set -e - -config_tree_prefix="${HOME}/config/all_new_2018" -setup_scripts_dir="${config_tree_prefix}/setup_scripts" -cd "${setup_scripts_dir}" - -./hardlink_etc.sh web -./setup_sendonly.sh -sed -i "s/REPLACE_fqdn_ECALPER/$(hostname -f)/g" /etc/nginx/nginx.conf -sed -i "s/REPLACE_fqdn_ECALPER/$(hostname -f)/g" /etc/gitweb.conf -cd /var/ -rm -rf www -git clone plom@core.plomlompom.com:repos/website www -apt -y -o Dpkg::Options::=--force-confold install nginx gitweb fcgiwrap -mkdir /var/public_repos -chown plom:plom /var/public_repos -iptables-restore /etc/iptables/rules.v4 diff --git a/archived/all_new_2018/user_files/dovecot.sieve b/archived/all_new_2018/user_files/dovecot.sieve deleted file mode 100644 index 5346309..0000000 --- a/archived/all_new_2018/user_files/dovecot.sieve +++ /dev/null @@ -1,8 +0,0 @@ -require ["fileinto"]; -require ["mailbox"]; -if address :is "from" "foo@bar.com" { - fileinto :create "foo"; -} -if address :is :domain "to" "example.com" { - fileinto :create "example.com"; -} diff --git a/archived/all_new_2018/user_files/encrypter.sh b/archived/all_new_2018/user_files/encrypter.sh deleted file mode 100755 index e2ebd44..0000000 --- a/archived/all_new_2018/user_files/encrypter.sh +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/sh -# Encrypt dated weechatlog files older than one day to GPG target defined in -# ~/.encrypt_target -set -e - -gpg_key=$(cat ~/.encrypt_target) -cd ~/weechatlogs/irc/ -find . -regextype posix-egrep -regex '^.*/.*/.*\.[0-9]{4}-[0-9]{2}-[0-9]{2}\.weechatlog$' -type f -mtime +1 -exec gpg --recipient "${gpg_key}" --trust-model always --encrypt {} \; -exec rm {} \; - diff --git a/archived/all_new_2018/user_files/fetchmailrc b/archived/all_new_2018/user_files/fetchmailrc deleted file mode 100755 index b437563..0000000 --- a/archived/all_new_2018/user_files/fetchmailrc +++ /dev/null @@ -1,2 +0,0 @@ -# remove "keep" if you're sure about your setup; it keeps mails on server from getting deleted -poll mail.example.com protocol pop3 username "foo@example.com" password "PASSWORD" ssl keep diff --git a/archived/all_new_2018/user_files/pingmailrc b/archived/all_new_2018/user_files/pingmailrc deleted file mode 100644 index 46bcbfe..0000000 --- a/archived/all_new_2018/user_files/pingmailrc +++ /dev/null @@ -1,45 +0,0 @@ -# place for test files whose modification times are used to track lifesigns -testdir=$HOME'/.pingmail' - -# modification time is the last time a ping was sent or a lifetime received -ping_touch=$testdir'/ping_touch' - -# modification time is when the count for sending checker a warning mail starts -reminder_touch=$testdir'/reminder_touch' - -# how long to wait for lifesigns before sending a ping; double is time to wait -# for a lifesign before sending a warning message to checker -wait_time=86400 - -# address of the checker, receives warning message after too long wait -checker_address='bar@example.org' - -# address of the checked person, ping is sent here -checked_address='foo@example.org' - -# content of ping message sent to checked person -subj2checked='[pingmail] Ping!' -msg2checked='Hi!\n -\nThis is an automated mail ping from '$checker_address'. -\nRespond to show that you are still alive!' - -# content of warning message sent to checker -id_target='foo' -subj2checker='[pingmail] No recent life signs from '$id_target -reminder_time=`expr $wait_time \* 2` -msg2checker='pingmail reporting in:\n -\nNo life signs from '$id_target' for the last '$reminder_time' seconds. -\nMaybe you should give them a call to check if they are okay.' - -# mail client command reading message body from stdin and subject from parameter -mailclient_s='mail -s' - -# mailbox file to check for most recent life sign -mbox=$HOME'/mail/foo' - -# to recursively search for most recent matches to $matchstring as lifesigns -#maildir=$HOME'/mail' - -# pattern to search $maildir for recursively for lifesigns -#checked_address_escaped=`echo $checked_address | sed 's/\./\\./g'` -#matchstring='^From: .*('$checked_address_escaped'|alternate@example\.org)' diff --git a/archived/all_new_2018/user_files/plomlombot_daemon.sh b/archived/all_new_2018/user_files/plomlombot_daemon.sh deleted file mode 100755 index 5cf1f6a..0000000 --- a/archived/all_new_2018/user_files/plomlombot_daemon.sh +++ /dev/null @@ -1,55 +0,0 @@ -#!/bin/sh -set -e - -# Repeatedly parse config file for GPG key and bot screen configs. -path=~/.plomlombot -db_dir="${HOME}/plomlombot_db" -irclogs_dir=/var/www/html/irclogs -irclogs_pw_dir=/var/www/irclogs_pw -while true; do - if [ -f "${path}" ]; then - cat "${path}" | while read line; do - first_word=$(echo -n "${line}" | cut -d' ' -f1) - - # Read "bot:" line, start bot screen session from it if not yet existing, - # set up irclogs dir if not yet existing. - if [ "${first_word}" = "bot:" ]; then - session_name=$(echo -n "${line}" | cut -d' ' -f2) - bot_name=$(echo -n "${line}" | cut -d' ' -f3) - channel_name=$(echo -n "${line}" | cut -d' ' -f4) - shortened_channel_name="${channel_name}" - first_char=$(echo -n "${channel_name}" | cut -c1) - if [ "${first_char}" = "#" ]; then - shortened_channel_name=$(echo -n "${channel_name}" | cut -c2-) - fi - server_name=$(echo -n "${line}" | cut -d' ' -f5) - login_user=$(echo -n "${line}" | cut -d' ' -f6) - login_pw=$(echo -n "${line}" | cut -d' ' -f7) - set +e - screen -S "${session_name}" -Q select . > /dev/null - start_screen=$? - set -e - if [ "${start_screen}" -eq "1" ]; then - cd ~/plomlombot-irc - LANG="en_US.UTF-8" screen -d -m -S "${session_name}" ./run.sh -r 604800 -n "${bot_name}" -s "${server_name}" "${channel_name}" - fi - md5_server=$(echo -n "${server_name}" | md5sum | cut -d' ' -f1) - md5_channel=$(echo -n "${channel_name}" | md5sum | cut -d' ' -f1) - logs_dir="${db_dir}/${md5_server}/${md5_channel}/logs" - # FIXME: Note the trouble we will have if we have the same channel - # name on different servers … - ln -sfn "${logs_dir}" "${irclogs_dir}/${shortened_channel_name}" - echo "${login_user}":'{PLAIN}'"${login_pw}" > "${irclogs_pw_dir}/${shortened_channel_name}" - - # If "gpg" line, encrypt old raw logs to that GPG key. - elif [ "${first_word}" = "gpg_key" ]; then - key=$(echo -n "${line}" | cut -d' ' -f2) - mkdir -p ~/plomlombot_db - cd ~/plomlombot_db - find . -path '*/*/raw_logs/*.txt' -mtime +1 -type f -exec gpg --recipient "${key}" --trust-model always --encrypt {} \; -exec rm {} \; - fi - - done - sleep 1 - fi -done diff --git a/archived/all_new_2018/user_files/weechat-wrapper.sh b/archived/all_new_2018/user_files/weechat-wrapper.sh deleted file mode 100755 index 4625dd8..0000000 --- a/archived/all_new_2018/user_files/weechat-wrapper.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh - -# Enforce ~/.weechatrc as sole persistent weechat config file. -#~/config/bin/simplemail.sh ~/config/mails/weechat_restart_reminder -rm -rf ~/.weechat/ -WEECHATCONF=`tr '\n' ';' < ~/.weechatrc` -weechat -r "$WEECHATCONF" -rm -rf ~/.weechat/ diff --git a/archived/all_new_2018/user_files/weechatrc b/archived/all_new_2018/user_files/weechatrc deleted file mode 100644 index ab30c17..0000000 --- a/archived/all_new_2018/user_files/weechatrc +++ /dev/null @@ -1,7 +0,0 @@ -/set logger.file.path ~/weechatlogs -/set logger.file.flush_delay 0 -/set logger.mask.irc "irc/$server/$channel.%Y-%m-%d.weechatlog" -/set weechat.bar.status.items "[time],[buffer_last_number],[buffer_plugin],buffer_number+:+buffer_name+(buffer_modes)+{buffer_nicklist_count}+buffer_zoom+buffer_filter,[lag],[hotlist],completion,scroll,[otr]" -/set weechat.color.chat_nick_colors "lightcyan" -/server add freenode irc.freenode.net -nicks=plimlompom,plimlomp0m,pliml0mp0m -realname="foo bar" -autojoin=#plomlompomtest -/connect freenode diff --git a/archived/ansible/config.yml b/archived/ansible/config.yml deleted file mode 100644 index 3386c91..0000000 --- a/archived/ansible/config.yml +++ /dev/null @@ -1,117 +0,0 @@ ---- -- hosts: all - user: root - become: yes - tasks: - - - name: ensure directories for symlinks exist - file: state=directory dest={{item}} - with_lines: cat ~/config/ansible/files/dirs | sed -e 's/ *#.*$//' - - name: symlink system files - file: state=hard force=yes src={{item}} dest={{item|basename|regex_replace('___','/')}} - with_fileglob: ~/config/ansible/files/system/* - - name: set hostname for current session - shell: hostname w530 - - # Init package management. - - name: update package lists - apt: update_cache=yes - - name: APT - dist-upgrade - apt: upgrade=dist - - # Ensure power management. - - name: ensure power management tools are installed - apt: name={{item}} state=present - with_lines: cat ~/config/ansible/files/apt-mark/power_management | sed -e 's/ *#.*$//' - - name: start TLP - shell: tlp start - - # Configure console. - # - # For some reason, some settings are only applied two reboots after this. - - name: symlink console config files - file: state=link force=yes src={{item}} dest={{item|basename|regex_replace('___','/')}} - with_fileglob: ~/config/ansible/files/console/* - - name: ensure locales and console-setup are installed - apt: name={{item}} state=present - with_lines: cat ~/config/ansible/files/apt-mark/console | sed -e 's/ *#.*$//' - - name: generate en_US.UTF-8 locale - locale_gen: name=en_US.UTF-8 state=present - - name: run setupcon to apply console settings from /etc/default/ - command: setupcon - - # Miscellaneous. - - name: Ensure dotfile symlinks - file: state=link force=yes src={{item}} dest=~/.{{item|basename}} - with_fileglob: - - ~/config/dotfiles/minimal/* - - ~/config/dotfiles/root/* - - name: ensure ~/.vimbackups directory - file: state=directory dest=~/.vimbackups - - name: ensure man-db, manpages are installed - apt: name={{item}} state=present - with_lines: cat ~/config/ansible/files/apt-mark/man | sed -e 's/ *#.*$//' - - name: set /etc/localtime - file: state=link force=yes src=/usr/share/zoneinfo/Europe/Berlin dest=/etc/localtime - - name: ensure various useful tools are installed – sudo, git, vim, less, openssh - apt: name={{item}} state=present - with_lines: cat ~/config/ansible/files/apt-mark/various_useful | sed -e 's/ *#.*$//' - - name: ensure boot messages are not cleared on start up - replace: dest=/etc/systemd/system/getty.target.wants/getty@tty1.service regexp='^TTYVTDisallocate=yes.*$' replace='TTYVTDisallocate=no' - - # Config user. - - name: create user plom with sudo privileges and bash shell - user: name=plom groups=sudo shell=/bin/bash - - name: have config repo in user directory - git: repo=https://github.com/plomlompom/config dest=/home/plom/config - become_user: plom - become_method: su - - # Ensure X window environment. - - name: ensure minimal X window environment - apt: name={{item}} state=present - with_lines: cat ~/config/ansible/files/apt-mark/minimal_x | sed -e 's/ *#.*$//' - - name: ensure 3d acceleration and optimus switch - apt: name={{item}} state=present - with_lines: cat ~/config/ansible/files/apt-mark/3d_acceleration | sed -e 's/ *#.*$//' - - name: ensure user plom is in bumblebee group - user: name=plom groups=bumblebee append=yes - - name: ensure basic X tools - apt: name={{item}} state=present - with_lines: cat ~/config/ansible/files/apt-mark/basic_x_tools | sed -e 's/ *#.*$//' - - # Set up pentadactyl. - - name: ensure browser environment - apt: name={{item}} state=present - with_lines: cat ~/config/ansible/files/apt-mark/browser_environment | sed -e 's/ *#.*$//' - - # Ensure wifi. - - name: ensure wifi configuration - apt: name={{item}} state=present - with_lines: cat ~/config/ansible/files/apt-mark/wifi | sed -e 's/ *#.*$//' - - # Ensure audio/video consumption necessities. - - name: ensure multimedia tools - apt: name={{item}} state=present - with_lines: cat ~/config/ansible/files/apt-mark/multimedia | sed -e 's/ *#.*$//' - - # Ensure hotkeys. - # - # For some reason, the brightness hotkeys still won't be available unless acpid is restarted (yes, after reboot). - - name: ensure hotkeys - apt: name={{item}} state=present - with_lines: cat ~/config/ansible/files/apt-mark/hotkeys | sed -e 's/ *#.*$//' - - # Remove undesired packages - - name: collect desired packages - shell: cat files/apt-mark/* | sed -e 's/ *#.*$//' > /tmp/white_list_unsorted && sort /tmp/white_list_unsorted > /tmp/white_list_sorted - - name: collect currently installed packages - shell: dpkg-query -Wf '${Package}\n' > /tmp/all_unsorted && sort /tmp/all_unsorted > /tmp/all_sorted - - name: create black list of packages to mark as automatically installed from the difference between the required packages and the packages currently installed - shell: comm -3 /tmp/all_sorted /tmp/white_list_sorted > /tmp/list_black - - name: mark all packages from black list as automatically installed - shell: apt-mark auto $(cat /tmp/list_black) - - name: mark all packages from white list as manually installed - shell: apt-mark manual $(cat /tmp/white_list_unsorted) - - name: purge all packages automatically installed that are not depended on - shell: DEBIAN_FRONTEND=noninteractive apt-get -y --purge autoremove diff --git a/archived/ansible/config_new.yml b/archived/ansible/config_new.yml deleted file mode 100644 index f3bd3f5..0000000 --- a/archived/ansible/config_new.yml +++ /dev/null @@ -1,147 +0,0 @@ ---- -- hosts: all - user: root - become: yes - tasks: - - - name: ensure directories for symlinks exist - file: state=directory dest={{item}} - with_lines: cat ~/config/ansible/files/dirs_new | sed -e 's/ *#.*$//' - - name: symlink system files - file: state=hard force=yes src={{item}} dest={{item|basename|regex_replace('___','/')}} - with_fileglob: - - ~/config/ansible/files/system_new/minimal/* - - ~/config/ansible/files/system_new/{{ system_name }}/* - - name: set hostname for current session - shell: hostname {{ system_name }} - - # Init package management. - - name: add palemoon repo signing key - apt_key: - url: https://download.opensuse.org/repositories/home:stevenpusser/Debian_9.0/Release.key - state: present - - name: update package lists - apt: update_cache=yes - - name: APT - dist-upgrade - apt: upgrade=dist - - # Ensure packages needed for disk encryption on startup (how does this work?) - - name: ensure power management tools are installed - apt: name={{item}} state=present - with_lines: - - cat ~/config/ansible/files/apt-mark_new/minimal/disk_encryption | sed -e 's/ *#.*$//' - - # Ensure power management. - - name: ensure power management tools are installed - apt: name={{item}} state=present - with_lines: - - cat ~/config/ansible/files/apt-mark_new/minimal/power_management | sed -e 's/ *#.*$//' - - cat ~/config/ansible/files/apt-mark_new/X200s/power_management | sed -e 's/ *#.*$//' - - name: start TLP - shell: tlp start - - # Configure console. - # - # For some reason, some settings are only applied two reboots after this. - - name: symlink console config files - file: state=link force=yes src={{item}} dest={{item|basename|regex_replace('___','/')}} - with_fileglob: ~/config/ansible/files/console/* - - name: ensure locales and console-setup are installed - apt: name={{item}} state=present - with_lines: cat ~/config/ansible/files/apt-mark_new/minimal/console | sed -e 's/ *#.*$//' - - name: generate en_US.UTF-8 locale - locale_gen: name=en_US.UTF-8 state=present - - name: Touch keyboard config file so setupcon does not ignore it. - command: touch /etc/default/keyboard - - name: run setupcon to apply console settings from /etc/default/ - command: setupcon - - # Miscellaneous. - - name: Ensure dotfile symlinks - file: state=link force=yes src={{item}} dest=~/.{{item|basename}} - with_fileglob: - - ~/config/dotfiles/minimal/* - - ~/config/dotfiles/root/* - - name: ensure ~/.vimbackups directory - file: state=directory dest=~/.vimbackups - - name: ensure man-db, manpages are installed - apt: name={{item}} state=present - with_lines: cat ~/config/ansible/files/apt-mark_new/minimal/man | sed -e 's/ *#.*$//' - - name: set /etc/localtime - file: state=link force=yes src=/usr/share/zoneinfo/Europe/Berlin dest=/etc/localtime - - name: ensure various useful tools are installed – sudo, git, vim, less, openssh - apt: name={{item}} state=present - with_lines: cat ~/config/ansible/files/apt-mark_new/minimal/various_useful | sed -e 's/ *#.*$//' - - name: ensure boot messages are not cleared on start up - replace: dest=/etc/systemd/system/getty.target.wants/getty@tty1.service regexp='^TTYVTDisallocate=yes.*$' replace='TTYVTDisallocate=no' - - # Config user. - - name: create user plom with sudo privileges and bash shell - user: name=plom groups=sudo shell=/bin/bash - #- name: have config repo in user directory - # git: repo=https://github.com/plomlompom/config dest=/home/plom/config - # become_user: plom - # become_method: su - - # Ensure X window environment. - - name: ensure minimal X window environment - apt: name={{item}} state=present - with_lines: cat ~/config/ansible/files/apt-mark_new/minimal/minimal_x | sed -e 's/ *#.*$//' - - name: ensure 3d acceleration - apt: name={{item}} state=present - with_lines: cat ~/config/ansible/files/apt-mark_new/minimal/3d_acceleration | sed -e 's/ *#.*$//' - #- name: ensure optimus switch - # apt: name={{item}} state=present - # with_lines: cat ~/config/ansible/files/apt-mark_new/W530/3d_acceleration | sed -e 's/ *#.*$//' - #- name: ensure user plom is in bumblebee group - # user: name=plom groups=bumblebee append=yes - - name: ensure basic X tools - apt: name={{item}} state=present - with_lines: cat ~/config/ansible/files/apt-mark_new/minimal/basic_x_tools | sed -e 's/ *#.*$//' - - ## Set up browser environment. - #- name: ensure qutebrowser - # include: tasks/qutebrowser.yml - - name: ensure browser environment - apt: name={{item}} state=present - with_lines: cat ~/config/ansible/files/apt-mark_new/minimal/browser_environment | sed -e 's/ *#.*$//' - - # Ensure wifi. - - name: ensure wifi configuration - apt: name={{item}} state=present - with_lines: - - cat ~/config/ansible/files/apt-mark_new/minimal/wifi | sed -e 's/ *#.*$//' - - cat ~/config/ansible/files/apt-mark_new/X200s/wifi | sed -e 's/ *#.*$//' - #- name: ensure wicd - # apt: name={{item}} state=present - # with_lines: cat ~/config/ansible/files/apt-mark_new/W530/wicd | sed -e 's/ *#.*$//' - - # Ensure audio/video consumption necessities. - - name: ensure multimedia tools - apt: name={{item}} state=present - with_lines: cat ~/config/ansible/files/apt-mark_new/minimal/multimedia | sed -e 's/ *#.*$//' - #- name: ensure multimedia tools - # apt: name={{item}} state=present - # with_lines: cat ~/config/ansible/files/apt-mark_new/W530/multimedia | sed -e 's/ *#.*$//' - - # Ensure hotkeys. - # - # For some reason, the brightness hotkeys still won't be available unless acpid is restarted (yes, after reboot). - #- name: ensure hotkeys - # apt: name={{item}} state=present - # with_lines: cat ~/config/ansible/files/apt-mark/hotkeys | sed -e 's/ *#.*$//' - - # Remove undesired packages - - name: collect desired packages - shell: cat files/apt-mark_new/minimal/* files/apt-mark_new/{{ system_name }}/* | sed -e 's/ *#.*$//' > /tmp/white_list_unsorted && sort /tmp/white_list_unsorted > /tmp/white_list_sorted - - name: collect currently installed packages - shell: dpkg-query -Wf '${Package}\n' > /tmp/all_unsorted && sort /tmp/all_unsorted > /tmp/all_sorted - - name: create black list of packages to mark as automatically installed from the difference between the required packages and the packages currently installed - shell: comm -3 /tmp/all_sorted /tmp/white_list_sorted > /tmp/list_black - - name: mark all packages from black list as automatically installed - shell: apt-mark auto $(cat /tmp/list_black) - - name: mark all packages from white list as manually installed - shell: apt-mark manual $(cat /tmp/white_list_unsorted) - - name: purge all packages automatically installed that are not depended on - shell: DEBIAN_FRONTEND=noninteractive apt-get -y --purge autoremove - diff --git a/archived/ansible/files/apt-mark/3d_acceleration b/archived/ansible/files/apt-mark/3d_acceleration deleted file mode 100644 index 7d0ba5b..0000000 --- a/archived/ansible/files/apt-mark/3d_acceleration +++ /dev/null @@ -1,5 +0,0 @@ -bumblebee-nvidia -libgl1-mesa-dri # tested as necessary for OpenGL 3D acceleration to work -libglu1-mesa # tested as necessary for OpenGL 3D acceleration to work -linux-headers-amd64 # tested as necessary to build proper nvidia-driver module -primus # bridge by which bumblebee will deliver Nvidia-renderend content to Intel card diff --git a/archived/ansible/files/apt-mark/basic_x_tools b/archived/ansible/files/apt-mark/basic_x_tools deleted file mode 100644 index 9c68622..0000000 --- a/archived/ansible/files/apt-mark/basic_x_tools +++ /dev/null @@ -1,7 +0,0 @@ -i3 -i3status -python3 # this is what the i3status wrapper is written in -redshift -suckless-tools # contains dmenu; not using virtual packages as that won't be marked manually installed -xterm -x11-xserver-utils # includes xrdb which applies .Xresources files diff --git a/archived/ansible/files/apt-mark/browser_environment b/archived/ansible/files/apt-mark/browser_environment deleted file mode 100644 index cc9575c..0000000 --- a/archived/ansible/files/apt-mark/browser_environment +++ /dev/null @@ -1,4 +0,0 @@ -iceweasel -vim-gtk # used by pentadactyl for text editing -xul-ext-noscript -xul-ext-pentadactyl diff --git a/archived/ansible/files/apt-mark/console b/archived/ansible/files/apt-mark/console deleted file mode 100644 index 01bcbf8..0000000 --- a/archived/ansible/files/apt-mark/console +++ /dev/null @@ -1,2 +0,0 @@ -console-setup -locales diff --git a/archived/ansible/files/apt-mark/core b/archived/ansible/files/apt-mark/core deleted file mode 100644 index 43afba8..0000000 --- a/archived/ansible/files/apt-mark/core +++ /dev/null @@ -1,55 +0,0 @@ -base-files -base-passwd -bash -bsdutils -coreutils -dash -debconf -debianutils -diffutils -dpkg -e2fslibs -e2fsprogs -findutils -gcc-6-base -grep -gzip -hostname -init-system-helpers -libacl1 -libattr1 -libblkid1 -libc6 -libc-bin -libcomerr2 -libfdisk1 -libgcc1 -liblzma5 -libmount1 -libpam0g -libpam-modules -libpam-modules-bin -libpam-runtime -libpcre3 -libselinux1 -libsepol1 -libsmartcols1 -libss2 -libtinfo5 -libuuid1 -login -lsb-base -mawk -mount -multiarch-support -ncurses-base -ncurses-bin -passwd -perl-base -sed -sensible-utils -sysvinit-utils -tar -tzdata -util-linux -zlib1g diff --git a/archived/ansible/files/apt-mark/hotkeys b/archived/ansible/files/apt-mark/hotkeys deleted file mode 100644 index f11bdfa..0000000 --- a/archived/ansible/files/apt-mark/hotkeys +++ /dev/null @@ -1 +0,0 @@ -acpid # captures hotkey presses and triggers respective /etc/acpi/events/* diff --git a/archived/ansible/files/apt-mark/man b/archived/ansible/files/apt-mark/man deleted file mode 100644 index f688e67..0000000 --- a/archived/ansible/files/apt-mark/man +++ /dev/null @@ -1,2 +0,0 @@ -man-db -manpages diff --git a/archived/ansible/files/apt-mark/minimal_ansible_environment b/archived/ansible/files/apt-mark/minimal_ansible_environment deleted file mode 100644 index f9f4097..0000000 --- a/archived/ansible/files/apt-mark/minimal_ansible_environment +++ /dev/null @@ -1,3 +0,0 @@ -ansible -ifupdown # needed for internet connectivity -isc-dhcp-client # needed for internet connectivity diff --git a/archived/ansible/files/apt-mark/minimal_x b/archived/ansible/files/apt-mark/minimal_x deleted file mode 100644 index f785794..0000000 --- a/archived/ansible/files/apt-mark/minimal_x +++ /dev/null @@ -1,4 +0,0 @@ -libpam-systemd # needed to start X as non-root -xinit # contains startx -xserver-xorg-core -xserver-xorg-input-evdev # supports all input devices the kernel knows about diff --git a/archived/ansible/files/apt-mark/multimedia b/archived/ansible/files/apt-mark/multimedia deleted file mode 100644 index 0b6d9ef..0000000 --- a/archived/ansible/files/apt-mark/multimedia +++ /dev/null @@ -1,6 +0,0 @@ -alsa-utils -eject -ffmpeg # somehow this is needed to make youtube-dl grab 1080p versions of videos -libdvd-pkg # decss stuff -mpv -youtube-dl # needed by mpv to directly work YouTube URLs diff --git a/archived/ansible/files/apt-mark/power_management b/archived/ansible/files/apt-mark/power_management deleted file mode 100644 index 3dba602..0000000 --- a/archived/ansible/files/apt-mark/power_management +++ /dev/null @@ -1,2 +0,0 @@ -acpi-call-dkms # needed for tlp to access Thinkpad-specific features -tlp diff --git a/archived/ansible/files/apt-mark/various_useful b/archived/ansible/files/apt-mark/various_useful deleted file mode 100644 index e37a898..0000000 --- a/archived/ansible/files/apt-mark/various_useful +++ /dev/null @@ -1,5 +0,0 @@ -git -less -openssh-client -sudo -vim diff --git a/archived/ansible/files/apt-mark/wifi b/archived/ansible/files/apt-mark/wifi deleted file mode 100644 index 0d9d93c..0000000 --- a/archived/ansible/files/apt-mark/wifi +++ /dev/null @@ -1,4 +0,0 @@ -firmware-iwlwifi # wifi driver -wicd-cli # thanks to my own wicd_wrapper.sh should be enough for most stuff -wicd-curses # although this currently is very buggy -wicd-gtk # workaround for when wicd-curses fails diff --git a/archived/ansible/files/apt-mark_new/W530/3d_acceleration b/archived/ansible/files/apt-mark_new/W530/3d_acceleration deleted file mode 100644 index 1b7e696..0000000 --- a/archived/ansible/files/apt-mark_new/W530/3d_acceleration +++ /dev/null @@ -1,3 +0,0 @@ -bumblebee-nvidia -linux-headers-amd64 # tested as necessary to build proper nvidia-driver module -primus # bridge by which bumblebee will deliver Nvidia-renderend content to Intel card diff --git a/archived/ansible/files/apt-mark_new/W530/browser_environment b/archived/ansible/files/apt-mark_new/W530/browser_environment deleted file mode 100644 index cc9575c..0000000 --- a/archived/ansible/files/apt-mark_new/W530/browser_environment +++ /dev/null @@ -1,4 +0,0 @@ -iceweasel -vim-gtk # used by pentadactyl for text editing -xul-ext-noscript -xul-ext-pentadactyl diff --git a/archived/ansible/files/apt-mark_new/W530/hotkeys b/archived/ansible/files/apt-mark_new/W530/hotkeys deleted file mode 100644 index f11bdfa..0000000 --- a/archived/ansible/files/apt-mark_new/W530/hotkeys +++ /dev/null @@ -1 +0,0 @@ -acpid # captures hotkey presses and triggers respective /etc/acpi/events/* diff --git a/archived/ansible/files/apt-mark_new/W530/multimedia b/archived/ansible/files/apt-mark_new/W530/multimedia deleted file mode 100644 index 219097d..0000000 --- a/archived/ansible/files/apt-mark_new/W530/multimedia +++ /dev/null @@ -1,3 +0,0 @@ -eject -ffmpeg # somehow this is needed to make youtube-dl grab 1080p versions of videos -libdvd-pkg # decss stuff diff --git a/archived/ansible/files/apt-mark_new/W530/wicd b/archived/ansible/files/apt-mark_new/W530/wicd deleted file mode 100644 index 55d86fe..0000000 --- a/archived/ansible/files/apt-mark_new/W530/wicd +++ /dev/null @@ -1,3 +0,0 @@ -wicd-cli # thanks to my own wicd_wrapper.sh should be enough for most stuff -wicd-curses # although this currently is very buggy -wicd-gtk # workaround for when wicd-curses fails diff --git a/archived/ansible/files/apt-mark_new/X200s/multimedia b/archived/ansible/files/apt-mark_new/X200s/multimedia deleted file mode 100644 index dbcf4ee..0000000 --- a/archived/ansible/files/apt-mark_new/X200s/multimedia +++ /dev/null @@ -1,4 +0,0 @@ -alsa-utils -ffmpeg # somehow this is needed to make youtube-dl grab 1080p versions of videos -mpv -youtube-dl # needed by mpv to directly work YouTube URLs diff --git a/archived/ansible/files/apt-mark_new/X200s/power_management b/archived/ansible/files/apt-mark_new/X200s/power_management deleted file mode 100644 index f6954bf..0000000 --- a/archived/ansible/files/apt-mark_new/X200s/power_management +++ /dev/null @@ -1,2 +0,0 @@ -tp-smapi-dkms -linux-headers-amd64 diff --git a/archived/ansible/files/apt-mark_new/X200s/wifi b/archived/ansible/files/apt-mark_new/X200s/wifi deleted file mode 100644 index a0e499d..0000000 --- a/archived/ansible/files/apt-mark_new/X200s/wifi +++ /dev/null @@ -1 +0,0 @@ -wpasupplicant diff --git a/archived/ansible/files/apt-mark_new/minimal/3d_acceleration b/archived/ansible/files/apt-mark_new/minimal/3d_acceleration deleted file mode 100644 index aa318bd..0000000 --- a/archived/ansible/files/apt-mark_new/minimal/3d_acceleration +++ /dev/null @@ -1,2 +0,0 @@ -libglu1-mesa # tested as necessary for OpenGL 3D acceleration to work -libgl1-mesa-dri # tested as necessary for OpenGL 3D acceleration to work diff --git a/archived/ansible/files/apt-mark_new/minimal/basic_x_tools b/archived/ansible/files/apt-mark_new/minimal/basic_x_tools deleted file mode 100644 index 9c68622..0000000 --- a/archived/ansible/files/apt-mark_new/minimal/basic_x_tools +++ /dev/null @@ -1,7 +0,0 @@ -i3 -i3status -python3 # this is what the i3status wrapper is written in -redshift -suckless-tools # contains dmenu; not using virtual packages as that won't be marked manually installed -xterm -x11-xserver-utils # includes xrdb which applies .Xresources files diff --git a/archived/ansible/files/apt-mark_new/minimal/browser_environment b/archived/ansible/files/apt-mark_new/minimal/browser_environment deleted file mode 100644 index 536ea49..0000000 --- a/archived/ansible/files/apt-mark_new/minimal/browser_environment +++ /dev/null @@ -1 +0,0 @@ -palemoon diff --git a/archived/ansible/files/apt-mark_new/minimal/console b/archived/ansible/files/apt-mark_new/minimal/console deleted file mode 100644 index 01bcbf8..0000000 --- a/archived/ansible/files/apt-mark_new/minimal/console +++ /dev/null @@ -1,2 +0,0 @@ -console-setup -locales diff --git a/archived/ansible/files/apt-mark_new/minimal/core b/archived/ansible/files/apt-mark_new/minimal/core deleted file mode 100644 index 43afba8..0000000 --- a/archived/ansible/files/apt-mark_new/minimal/core +++ /dev/null @@ -1,55 +0,0 @@ -base-files -base-passwd -bash -bsdutils -coreutils -dash -debconf -debianutils -diffutils -dpkg -e2fslibs -e2fsprogs -findutils -gcc-6-base -grep -gzip -hostname -init-system-helpers -libacl1 -libattr1 -libblkid1 -libc6 -libc-bin -libcomerr2 -libfdisk1 -libgcc1 -liblzma5 -libmount1 -libpam0g -libpam-modules -libpam-modules-bin -libpam-runtime -libpcre3 -libselinux1 -libsepol1 -libsmartcols1 -libss2 -libtinfo5 -libuuid1 -login -lsb-base -mawk -mount -multiarch-support -ncurses-base -ncurses-bin -passwd -perl-base -sed -sensible-utils -sysvinit-utils -tar -tzdata -util-linux -zlib1g diff --git a/archived/ansible/files/apt-mark_new/minimal/disk_encryption b/archived/ansible/files/apt-mark_new/minimal/disk_encryption deleted file mode 100644 index 67ecd10..0000000 --- a/archived/ansible/files/apt-mark_new/minimal/disk_encryption +++ /dev/null @@ -1,2 +0,0 @@ -cryptsetup -udev diff --git a/archived/ansible/files/apt-mark_new/minimal/man b/archived/ansible/files/apt-mark_new/minimal/man deleted file mode 100644 index f688e67..0000000 --- a/archived/ansible/files/apt-mark_new/minimal/man +++ /dev/null @@ -1,2 +0,0 @@ -man-db -manpages diff --git a/archived/ansible/files/apt-mark_new/minimal/minimal_ansible_environment b/archived/ansible/files/apt-mark_new/minimal/minimal_ansible_environment deleted file mode 100644 index f9f4097..0000000 --- a/archived/ansible/files/apt-mark_new/minimal/minimal_ansible_environment +++ /dev/null @@ -1,3 +0,0 @@ -ansible -ifupdown # needed for internet connectivity -isc-dhcp-client # needed for internet connectivity diff --git a/archived/ansible/files/apt-mark_new/minimal/minimal_x b/archived/ansible/files/apt-mark_new/minimal/minimal_x deleted file mode 100644 index f785794..0000000 --- a/archived/ansible/files/apt-mark_new/minimal/minimal_x +++ /dev/null @@ -1,4 +0,0 @@ -libpam-systemd # needed to start X as non-root -xinit # contains startx -xserver-xorg-core -xserver-xorg-input-evdev # supports all input devices the kernel knows about diff --git a/archived/ansible/files/apt-mark_new/minimal/multimedia b/archived/ansible/files/apt-mark_new/minimal/multimedia deleted file mode 100644 index 0bcc060..0000000 --- a/archived/ansible/files/apt-mark_new/minimal/multimedia +++ /dev/null @@ -1,3 +0,0 @@ -alsa-utils -mpv -youtube-dl # needed by mpv to directly work YouTube URLs diff --git a/archived/ansible/files/apt-mark_new/minimal/power_management b/archived/ansible/files/apt-mark_new/minimal/power_management deleted file mode 100644 index 3dba602..0000000 --- a/archived/ansible/files/apt-mark_new/minimal/power_management +++ /dev/null @@ -1,2 +0,0 @@ -acpi-call-dkms # needed for tlp to access Thinkpad-specific features -tlp diff --git a/archived/ansible/files/apt-mark_new/minimal/various_useful b/archived/ansible/files/apt-mark_new/minimal/various_useful deleted file mode 100644 index e37a898..0000000 --- a/archived/ansible/files/apt-mark_new/minimal/various_useful +++ /dev/null @@ -1,5 +0,0 @@ -git -less -openssh-client -sudo -vim diff --git a/archived/ansible/files/apt-mark_new/minimal/wifi b/archived/ansible/files/apt-mark_new/minimal/wifi deleted file mode 100644 index 4b8432d..0000000 --- a/archived/ansible/files/apt-mark_new/minimal/wifi +++ /dev/null @@ -1 +0,0 @@ -firmware-iwlwifi # wifi driver diff --git a/archived/ansible/files/console/___etc___default___console-setup b/archived/ansible/files/console/___etc___default___console-setup deleted file mode 100644 index 090d241..0000000 --- a/archived/ansible/files/console/___etc___default___console-setup +++ /dev/null @@ -1,4 +0,0 @@ -CHARMAP="UTF-8" -CODESET="Lat15" -FONTFACE="Terminus" -FONTSIZE="6x12" diff --git a/archived/ansible/files/console/___etc___default___keyboard b/archived/ansible/files/console/___etc___default___keyboard deleted file mode 100644 index 7f08e30..0000000 --- a/archived/ansible/files/console/___etc___default___keyboard +++ /dev/null @@ -1,4 +0,0 @@ -# setting XKBMODEL to the questionable default seems to be necessary and works nicely -# curiously, putting a comment on the same line as a variable setting seems to break things -XKBMODEL="pc105" -XKBLAYOUT="de" diff --git a/archived/ansible/files/dirs b/archived/ansible/files/dirs deleted file mode 100644 index 269b746..0000000 --- a/archived/ansible/files/dirs +++ /dev/null @@ -1,2 +0,0 @@ -/etc/wicd -/etc/acpi/events diff --git a/archived/ansible/files/dirs_new b/archived/ansible/files/dirs_new deleted file mode 100644 index 0739bb8..0000000 --- a/archived/ansible/files/dirs_new +++ /dev/null @@ -1 +0,0 @@ -/etc/wicd diff --git a/archived/ansible/files/system/___etc___X11___xorg.conf.forced_nvidia b/archived/ansible/files/system/___etc___X11___xorg.conf.forced_nvidia deleted file mode 100644 index 605a10d..0000000 --- a/archived/ansible/files/system/___etc___X11___xorg.conf.forced_nvidia +++ /dev/null @@ -1,34 +0,0 @@ -# This is the Optimus-specific configuration recommended by the "NVIDIA -# Accelerated Linux Graphics Drivre README and Installation Guide", Chapter 32 -# "Offloading Graphics Display with RandR 1.4" -# () -# with the "AllowEmptyInitialConfigratuion" added as described by -# . - -Section "ServerLayout" - Identifier "layout" - Screen 0 "nvidia" - Inactive "intel" -EndSection - -Section "Device" - Identifier "nvidia" - Driver "nvidia" - BusID "PCI:01:00:0" - Option "AllowEmptyInitialConfiguration" -EndSection - -Section "Screen" - Identifier "nvidia" - Device "nvidia" -EndSection - -Section "Device" - Identifier "intel" - Driver "modesetting" -EndSection - -Section "Screen" - Identifier "intel" - Device "intel" -EndSection diff --git a/archived/ansible/files/system/___etc___acpi___events___plom-brightness-down b/archived/ansible/files/system/___etc___acpi___events___plom-brightness-down deleted file mode 100644 index 8d718d2..0000000 --- a/archived/ansible/files/system/___etc___acpi___events___plom-brightness-down +++ /dev/null @@ -1,2 +0,0 @@ -event=video/brightnessdown -action=/root/config/bin/w530_backlight.sh - diff --git a/archived/ansible/files/system/___etc___acpi___events___plom-brightness-up b/archived/ansible/files/system/___etc___acpi___events___plom-brightness-up deleted file mode 100644 index 864ce5f..0000000 --- a/archived/ansible/files/system/___etc___acpi___events___plom-brightness-up +++ /dev/null @@ -1,2 +0,0 @@ -event=video/brightnessup -action=/root/config/bin/w530_backlight.sh + diff --git a/archived/ansible/files/system/___etc___acpi___events___plom-micmute b/archived/ansible/files/system/___etc___acpi___events___plom-micmute deleted file mode 100644 index 2aab48e..0000000 --- a/archived/ansible/files/system/___etc___acpi___events___plom-micmute +++ /dev/null @@ -1,2 +0,0 @@ -event=button/f20 -action=amixer set Mic toggle diff --git a/archived/ansible/files/system/___etc___acpi___events___plom-mute b/archived/ansible/files/system/___etc___acpi___events___plom-mute deleted file mode 100644 index 3c40988..0000000 --- a/archived/ansible/files/system/___etc___acpi___events___plom-mute +++ /dev/null @@ -1,2 +0,0 @@ -event=button/mute -action=amixer set Master toggle diff --git a/archived/ansible/files/system/___etc___acpi___events___plom-volume-down b/archived/ansible/files/system/___etc___acpi___events___plom-volume-down deleted file mode 100644 index 7658b1c..0000000 --- a/archived/ansible/files/system/___etc___acpi___events___plom-volume-down +++ /dev/null @@ -1,2 +0,0 @@ -event=button/volumedown -action=amixer set Master 10- diff --git a/archived/ansible/files/system/___etc___acpi___events___plom-volume-up b/archived/ansible/files/system/___etc___acpi___events___plom-volume-up deleted file mode 100644 index 9ba779f..0000000 --- a/archived/ansible/files/system/___etc___acpi___events___plom-volume-up +++ /dev/null @@ -1,2 +0,0 @@ -event=button/volumeup -action=amixer set Master 10+ diff --git a/archived/ansible/files/system/___etc___apt___apt.conf.d___99mindeps b/archived/ansible/files/system/___etc___apt___apt.conf.d___99mindeps deleted file mode 100644 index 4aaef79..0000000 --- a/archived/ansible/files/system/___etc___apt___apt.conf.d___99mindeps +++ /dev/null @@ -1,4 +0,0 @@ -APT::AutoRemove::RecommendsImportant "false"; -APT::AutoRemove::SuggestsImportant "false"; -APT::Install-Recommends "false"; -APT::Install-Suggests "false"; diff --git a/archived/ansible/files/system/___etc___apt___sources.list b/archived/ansible/files/system/___etc___apt___sources.list deleted file mode 100644 index e64d6ee..0000000 --- a/archived/ansible/files/system/___etc___apt___sources.list +++ /dev/null @@ -1,4 +0,0 @@ -deb http://ftp.debian.org/debian/ stretch main contrib non-free -deb http://ftp.debian.org/debian/ stretch-updates main contrib non-free -deb http://ftp.debian.org/debian stretch-backports main contrib non-free -deb http://security.debian.org/ stretch/updates main contrib non-free diff --git a/archived/ansible/files/system/___etc___default___tlp b/archived/ansible/files/system/___etc___default___tlp deleted file mode 100644 index 6db0f60..0000000 --- a/archived/ansible/files/system/___etc___default___tlp +++ /dev/null @@ -1,278 +0,0 @@ -# ------------------------------------------------------------------------------ -# tlp - Parameters for power save -# See full explanation: http://linrunner.de/en/tlp/docs/tlp-configuration.html - -# Hint: some features are disabled by default, remove the leading # to enable -# them. - -# Set to 0 to disable, 1 to enable TLP. -TLP_ENABLE=1 - -# Operation mode when no power supply can be detected: AC, BAT -# Concerns some desktop and embedded hardware only. -TLP_DEFAULT_MODE=AC - -# Seconds laptop mode has to wait after the disk goes idle before doing a sync. -# Non-zero value enables, zero disables laptop mode. -DISK_IDLE_SECS_ON_AC=0 -DISK_IDLE_SECS_ON_BAT=2 - -# Dirty page values (timeouts in secs). -MAX_LOST_WORK_SECS_ON_AC=15 -MAX_LOST_WORK_SECS_ON_BAT=60 - -# Hint: CPU parameters below are disabled by default, remove the leading # -# to enable them, otherwise kernel default values are used. - -# Select a CPU frequency scaling governor. -# Intel Core i processor with intel_pstate driver: -# powersave(*), performance -# Older hardware with acpi-cpufreq driver: -# ondemand(*), powersave, performance, conservative -# (*) is recommended. -# Hint: use tlp-stat -p to show the active driver and available governors. -# Important: -# You *must* disable your distribution's governor settings or conflicts will -# occur. ondemand is sufficient for *almost all* workloads, you should know -# what you're doing! -#CPU_SCALING_GOVERNOR_ON_AC=powersave -#CPU_SCALING_GOVERNOR_ON_BAT=powersave - -# Set the min/max frequency available for the scaling governor. -# Possible values strongly depend on your CPU. For available frequencies see -# the output of tlp-stat -p. -#CPU_SCALING_MIN_FREQ_ON_AC=0 -#CPU_SCALING_MAX_FREQ_ON_AC=0 -#CPU_SCALING_MIN_FREQ_ON_BAT=0 -#CPU_SCALING_MAX_FREQ_ON_BAT=0 - -# Set Intel P-state performance: 0..100 (%) -# Limit the max/min P-state to control the power dissipation of the CPU. -# Values are stated as a percentage of the available performance. -# Requires an Intel Core i processor with intel_pstate driver. -#CPU_MIN_PERF_ON_AC=0 -#CPU_MAX_PERF_ON_AC=100 -#CPU_MIN_PERF_ON_BAT=0 -#CPU_MAX_PERF_ON_BAT=30 - -# Set the CPU "turbo boost" feature: 0=disable, 1=allow -# Requires an Intel Core i processor. -# Important: -# - This may conflict with your distribution's governor settings -# - A value of 1 does *not* activate boosting, it just allows it -#CPU_BOOST_ON_AC=1 -#CPU_BOOST_ON_BAT=0 - -# Minimize number of used CPU cores/hyper-threads under light load conditions -SCHED_POWERSAVE_ON_AC=0 -SCHED_POWERSAVE_ON_BAT=1 - -# Kernel NMI Watchdog: -# 0=disable (default, saves power), 1=enable (for kernel debugging only) -NMI_WATCHDOG=0 - -# Change CPU voltages aka "undervolting" - Kernel with PHC patch required -# Frequency voltage pairs are written to: -# /sys/devices/system/cpu/cpu0/cpufreq/phc_controls -# CAUTION: only use this, if you thoroughly understand what you are doing! -#PHC_CONTROLS="F:V F:V F:V F:V" - -# Set CPU performance versus energy savings policy: -# performance, normal, powersave -# Requires kernel module msr and x86_energy_perf_policy from linux-tools -ENERGY_PERF_POLICY_ON_AC=performance -ENERGY_PERF_POLICY_ON_BAT=powersave - -# Hard disk devices; separate multiple devices with spaces (default: sda). -# Devices can be specified by disk ID also (lookup with: tlp diskid). -DISK_DEVICES="sda sdb" - -# Hard disk advanced power management level: 1..254, 255 (max saving, min, off) -# Levels 1..127 may spin down the disk; 255 allowable on most drives. -# Separate values for multiple disks with spaces. Use the special value 'keep' -# to keep the hardware default for the particular disk. -DISK_APM_LEVEL_ON_AC="254 254" -DISK_APM_LEVEL_ON_BAT="128 128" - -# Hard disk spin down timeout: -# 0: spin down disabled -# 1..240: timeouts from 5s to 20min (in units of 5s) -# 241..251: timeouts from 30min to 5.5 hours (in units of 30min) -# See 'man hdparm' for details. -# Separate values for multiple disks with spaces. Use the special value 'keep' -# to keep the hardware default for the particular disk. -#DISK_SPINDOWN_TIMEOUT_ON_AC="0 0" -#DISK_SPINDOWN_TIMEOUT_ON_BAT="0 0" - -# Select IO scheduler for the disk devices: cfq, deadline, noop (Default: cfq); -# Separate values for multiple disks with spaces. Use the special value 'keep' -# to keep the kernel default scheduler for the particular disk. -#DISK_IOSCHED="cfq cfq" - -# SATA aggressive link power management (ALPM): -# min_power, medium_power, max_performance -SATA_LINKPWR_ON_AC=max_performance -SATA_LINKPWR_ON_BAT=min_power - -# Exclude SATA host devices from link power management. -# Separate multiple hosts with spaces. -#SATA_LINKPWR_BLACKLIST="host1" - -# Runtime Power Management for AHCI controllers and disks: -# on=disable, auto=enable -# EXPERIMENTAL ** WARNING: auto will most likely cause system lockups/data loss -#AHCI_RUNTIME_PM_ON_AC=on -#AHCI_RUNTIME_PM_ON_BAT=on - -# Seconds of inactivity before disk is suspended -AHCI_RUNTIME_PM_TIMEOUT=15 - -# PCI Express Active State Power Management (PCIe ASPM): -# default, performance, powersave -PCIE_ASPM_ON_AC=performance -PCIE_ASPM_ON_BAT=powersave - -# Radeon graphics clock speed (profile method): low, mid, high, auto, default; -# auto = mid on BAT, high on AC; default = use hardware defaults. -# (Kernel >= 2.6.35 only, open-source radeon driver explicitly) -RADEON_POWER_PROFILE_ON_AC=high -RADEON_POWER_PROFILE_ON_BAT=low - -# Radeon dynamic power management method (DPM): battery, performance -# (Kernel >= 3.11 only, requires boot option radeon.dpm=1) -RADEON_DPM_STATE_ON_AC=performance -RADEON_DPM_STATE_ON_BAT=battery - -# Radeon DPM performance level: auto, low, high; auto is recommended. -RADEON_DPM_PERF_LEVEL_ON_AC=auto -RADEON_DPM_PERF_LEVEL_ON_BAT=auto - -# WiFi power saving mode: on=enable, off=disable; not supported by all adapters. -WIFI_PWR_ON_AC=off -WIFI_PWR_ON_BAT=on - -# Disable wake on LAN: Y/N -WOL_DISABLE=Y - -# Enable audio power saving for Intel HDA, AC97 devices (timeout in secs). -# A value of 0 disables, >=1 enables power save. -SOUND_POWER_SAVE_ON_AC=0 -SOUND_POWER_SAVE_ON_BAT=1 - -# Disable controller too (HDA only): Y/N -SOUND_POWER_SAVE_CONTROLLER=Y - -# Set to 1 to power off optical drive in UltraBay/MediaBay when running on -# battery. A value of 0 disables this feature (Default). -# Drive can be powered on again by releasing (and reinserting) the eject lever -# or by pressing the disc eject button on newer models. -# Note: an UltraBay/MediaBay hard disk is never powered off. -BAY_POWEROFF_ON_BAT=0 -# Optical drive device to power off (default sr0). -BAY_DEVICE="sr0" - -# Runtime Power Management for PCI(e) bus devices: on=disable, auto=enable -RUNTIME_PM_ON_AC=on -RUNTIME_PM_ON_BAT=auto - -# Runtime PM for *all* PCI(e) bus devices, except blacklisted ones: -# 0=disable, 1=enable -RUNTIME_PM_ALL=1 - -# Exclude PCI(e) device adresses the following list from Runtime PM -# (separate with spaces). Use lspci to get the adresses (1st column). -#RUNTIME_PM_BLACKLIST="bb:dd.f 11:22.3 44:55.6" - -# Exclude PCI(e) devices assigned to the listed drivers from Runtime PM -# (should prevent accidential power on of hybrid graphics' discrete part). -# Default is "radeon nouveau"; use "" to disable the feature completely. -# Separate multiple drivers with spaces. -RUNTIME_PM_DRIVER_BLACKLIST="radeon nouveau" - -# Set to 0 to disable, 1 to enable USB autosuspend feature. -USB_AUTOSUSPEND=1 - -# Exclude listed devices from USB autosuspend (separate with spaces). -# Use lsusb to get the ids. -# Note: input devices (usbhid) are excluded automatically (see below) -#USB_BLACKLIST="1111:2222 3333:4444" - -# WWAN devices are excluded from USB autosuspend: 0=do not exclude / 1=exclude -USB_BLACKLIST_WWAN=1 - -# Include listed devices into USB autosuspend even if already excluded -# by the driver or WWAN blacklists above (separate with spaces). -# Use lsusb to get the ids. -#USB_WHITELIST="1111:2222 3333:4444" - -# Set to 1 to disable autosuspend before shutdown, 0 to do nothing -# (workaround for USB devices that cause shutdown problems). -#USB_AUTOSUSPEND_DISABLE_ON_SHUTDOWN=1 - -# Restore radio device state (Bluetooth, WiFi, WWAN) from previous shutdown -# on system startup: 0=disable, 1=enable. -# Hint: the parameters DEVICES_TO_DISABLE/ENABLE_ON_STARTUP/SHUTDOWN below -# are ignored when this is enabled! -RESTORE_DEVICE_STATE_ON_STARTUP=0 - -# Radio devices to disable on startup: bluetooth, wifi, wwan. -# Separate multiple devices with spaces. -DEVICES_TO_DISABLE_ON_STARTUP="bluetooth wifi wwan" - -# Radio devices to enable on startup: bluetooth, wifi, wwan. -# Separate multiple devices with spaces. -#DEVICES_TO_ENABLE_ON_STARTUP="wifi" - -# Radio devices to disable on shutdown: bluetooth, wifi, wwan -# (workaround for devices that are blocking shutdown). -#DEVICES_TO_DISABLE_ON_SHUTDOWN="bluetooth wifi wwan" - -# Radio devices to enable on shutdown: bluetooth, wifi, wwan -# (to prevent other operating systems from missing radios). -#DEVICES_TO_ENABLE_ON_SHUTDOWN="wwan" - -# Radio devices to enable on AC: bluetooth, wifi, wwan -#DEVICES_TO_ENABLE_ON_AC="bluetooth wifi wwan" - -# Radio devices to disable on battery: bluetooth, wifi, wwan -#DEVICES_TO_DISABLE_ON_BAT="bluetooth wifi wwan" - -# Radio devices to disable on battery when not in use (not connected): -# bluetooth, wifi, wwan -DEVICES_TO_DISABLE_ON_BAT_NOT_IN_USE="bluetooth wifi wwan" - -# Battery charge thresholds (ThinkPad only, tp-smapi or acpi-call kernel module -# required). Charging starts when the remaining capacity falls below the -# START_CHARGE_THRESH value and stops when exceeding the STOP_CHARGE_THRESH value. -# Main / Internal battery (values in %) -START_CHARGE_THRESH_BAT0=10 -STOP_CHARGE_THRESH_BAT0=95 -# Ultrabay / Slice / Replaceable battery (values in %) -START_CHARGE_THRESH_BAT1=10 -STOP_CHARGE_THRESH_BAT1=95 - -# ------------------------------------------------------------------------------ -# tlp-rdw - Parameters for the radio device wizard -# Possible devices: bluetooth, wifi, wwan - -# Hints: -# - Parameters are disabled by default, remove the leading # to enable them. -# - Separate multiple radio devices with spaces. - -# Radio devices to disable on connect. -#DEVICES_TO_DISABLE_ON_LAN_CONNECT="wifi wwan" -#DEVICES_TO_DISABLE_ON_WIFI_CONNECT="wwan" -#DEVICES_TO_DISABLE_ON_WWAN_CONNECT="wifi" - -# Radio devices to enable on disconnect. -#DEVICES_TO_ENABLE_ON_LAN_DISCONNECT="wifi wwan" -#DEVICES_TO_ENABLE_ON_WIFI_DISCONNECT="" -#DEVICES_TO_ENABLE_ON_WWAN_DISCONNECT="" - -# Radio devices to enable/disable when docked. -#DEVICES_TO_ENABLE_ON_DOCK="" -#DEVICES_TO_DISABLE_ON_DOCK="" - -# Radio devices to enable/disable when undocked. -#DEVICES_TO_ENABLE_ON_UNDOCK="wifi" -#DEVICES_TO_DISABLE_ON_UNDOCK="" diff --git a/archived/ansible/files/system/___etc___hostname b/archived/ansible/files/system/___etc___hostname deleted file mode 100644 index 8769fca..0000000 --- a/archived/ansible/files/system/___etc___hostname +++ /dev/null @@ -1 +0,0 @@ -w530 diff --git a/archived/ansible/files/system/___etc___hosts b/archived/ansible/files/system/___etc___hosts deleted file mode 100644 index d920e4f..0000000 --- a/archived/ansible/files/system/___etc___hosts +++ /dev/null @@ -1,7 +0,0 @@ -127.0.0.1 localhost -127.0.1.1 w530 - -# The following lines are desirable for IPv6 capable hosts -::1 localhost ip6-localhost ip6-loopback -ff02::1 ip6-allnodes -ff02::2 ip6-allrouters diff --git a/archived/ansible/files/system/___etc___profile b/archived/ansible/files/system/___etc___profile deleted file mode 100644 index 5884d7b..0000000 --- a/archived/ansible/files/system/___etc___profile +++ /dev/null @@ -1,35 +0,0 @@ -# /etc/profile: system-wide .profile file for the Bourne shell (sh(1)) -# and Bourne compatible shells (bash(1), ksh(1), ash(1), ...). - -if [ "`id -u`" -eq 0 ]; then - PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" -else - PATH="/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games" -fi -export PATH - -if [ "${PS1-}" ]; then - if [ "${BASH-}" ] && [ "$BASH" != "/bin/sh" ]; then - # The file bash.bashrc already sets the default PS1. - # PS1='\h:\w\$ ' - if [ -f /etc/bash.bashrc ]; then - . /etc/bash.bashrc - fi - else - if [ "`id -u`" -eq 0 ]; then - PS1='# ' - else - PS1='$ ' - fi - fi -fi - -if [ -d /etc/profile.d ]; then - for i in /etc/profile.d/*.sh; do - if [ -r $i ]; then - . $i - fi - done - unset i -fi -export LC_ALL="en_US.UTF-8" diff --git a/archived/ansible/files/system/___etc___systemd___logind.conf b/archived/ansible/files/system/___etc___systemd___logind.conf deleted file mode 100644 index 7a9004a..0000000 --- a/archived/ansible/files/system/___etc___systemd___logind.conf +++ /dev/null @@ -1,38 +0,0 @@ -# This file is part of systemd. -# -# systemd is free software; you can redistribute it and/or modify it -# under the terms of the GNU Lesser General Public License as published by -# the Free Software Foundation; either version 2.1 of the License, or -# (at your option) any later version. -# -# Entries in this file show the compile time defaults. -# You can change settings by editing this file. -# Defaults can be restored by simply deleting this file. -# -# See logind.conf(5) for details. - -[Login] -#NAutoVTs=6 -#ReserveVT=6 -#KillUserProcesses=no -#KillOnlyUsers= -#KillExcludeUsers=root -#InhibitDelayMaxSec=5 -#HandlePowerKey=poweroff -#HandleSuspendKey=suspend -#HandleHibernateKey=hibernate -#HandleLidSwitch=suspend -#HandleLidSwitchDocked=ignore -#PowerKeyIgnoreInhibited=no -#SuspendKeyIgnoreInhibited=no -#HibernateKeyIgnoreInhibited=no -#LidSwitchIgnoreInhibited=yes -#HoldoffTimeoutSec=30s -#IdleAction=ignore -#IdleActionSec=30min -#RuntimeDirectorySize=10% -#RemoveIPC=yes -#InhibitorsMax=8192 -#SessionsMax=8192 -#UserTasksMax=33% -HandleLidSwitch=hibernate diff --git a/archived/ansible/files/system/___etc___timezone b/archived/ansible/files/system/___etc___timezone deleted file mode 100644 index 94d5acc..0000000 --- a/archived/ansible/files/system/___etc___timezone +++ /dev/null @@ -1 +0,0 @@ -Europe/Berlin diff --git a/archived/ansible/files/system/___etc___wicd___manager-settings.conf b/archived/ansible/files/system/___etc___wicd___manager-settings.conf deleted file mode 100644 index d2ef3ee..0000000 --- a/archived/ansible/files/system/___etc___wicd___manager-settings.conf +++ /dev/null @@ -1,24 +0,0 @@ -[Settings] -backend = external -wireless_interface = wlp3s0 -wired_interface = enp0s25 -wpa_driver = wext -always_show_wired_interface = False -use_global_dns = False -global_dns_1 = None -global_dns_2 = None -global_dns_3 = None -global_dns_dom = None -global_search_dom = None -auto_reconnect = True -debug_mode = False -wired_connect_mode = 1 -signal_display_type = 0 -should_verify_ap = 1 -dhcp_client = 0 -link_detect_tool = 0 -flush_tool = 0 -sudo_app = 0 -prefer_wired = False -show_never_connect = True - diff --git a/archived/ansible/files/system_new/W530/___etc___X11___xorg.conf.forced_nvidia b/archived/ansible/files/system_new/W530/___etc___X11___xorg.conf.forced_nvidia deleted file mode 100644 index e651031..0000000 --- a/archived/ansible/files/system_new/W530/___etc___X11___xorg.conf.forced_nvidia +++ /dev/null @@ -1,34 +0,0 @@ -# This is the Optimus-specific configuration recommended by the "NVIDIA -# Accelerated Linux Graphics Driver README and Installation Guide", Chapter 32 -# "Offloading Graphics Display with RandR 1.4" -# () -# with the "AllowEmptyInitialConfigratuion" added as described by -# . - -Section "ServerLayout" - Identifier "layout" - Screen 0 "nvidia" - Inactive "intel" -EndSection - -Section "Device" - Identifier "nvidia" - Driver "nvidia" - BusID "PCI:01:00:0" - Option "AllowEmptyInitialConfiguration" -EndSection - -Section "Screen" - Identifier "nvidia" - Device "nvidia" -EndSection - -Section "Device" - Identifier "intel" - Driver "modesetting" -EndSection - -Section "Screen" - Identifier "intel" - Device "intel" -EndSection diff --git a/archived/ansible/files/system_new/W530/___etc___hostname b/archived/ansible/files/system_new/W530/___etc___hostname deleted file mode 100644 index 4d385ae..0000000 --- a/archived/ansible/files/system_new/W530/___etc___hostname +++ /dev/null @@ -1 +0,0 @@ -W530 diff --git a/archived/ansible/files/system_new/W530/___etc___hosts b/archived/ansible/files/system_new/W530/___etc___hosts deleted file mode 100644 index c6f72a5..0000000 --- a/archived/ansible/files/system_new/W530/___etc___hosts +++ /dev/null @@ -1,7 +0,0 @@ -127.0.0.1 localhost -127.0.1.1 W530 - -# The following lines are desirable for IPv6 capable hosts -::1 localhost ip6-localhost ip6-loopback -ff02::1 ip6-allnodes -ff02::2 ip6-allrouters diff --git a/archived/ansible/files/system_new/W530/___etc___wicd___manager-settings.conf b/archived/ansible/files/system_new/W530/___etc___wicd___manager-settings.conf deleted file mode 100644 index d2ef3ee..0000000 --- a/archived/ansible/files/system_new/W530/___etc___wicd___manager-settings.conf +++ /dev/null @@ -1,24 +0,0 @@ -[Settings] -backend = external -wireless_interface = wlp3s0 -wired_interface = enp0s25 -wpa_driver = wext -always_show_wired_interface = False -use_global_dns = False -global_dns_1 = None -global_dns_2 = None -global_dns_3 = None -global_dns_dom = None -global_search_dom = None -auto_reconnect = True -debug_mode = False -wired_connect_mode = 1 -signal_display_type = 0 -should_verify_ap = 1 -dhcp_client = 0 -link_detect_tool = 0 -flush_tool = 0 -sudo_app = 0 -prefer_wired = False -show_never_connect = True - diff --git a/archived/ansible/files/system_new/X200s/___etc___hostname b/archived/ansible/files/system_new/X200s/___etc___hostname deleted file mode 100644 index d241415..0000000 --- a/archived/ansible/files/system_new/X200s/___etc___hostname +++ /dev/null @@ -1 +0,0 @@ -X200s diff --git a/archived/ansible/files/system_new/X200s/___etc___hosts b/archived/ansible/files/system_new/X200s/___etc___hosts deleted file mode 100644 index b275ecb..0000000 --- a/archived/ansible/files/system_new/X200s/___etc___hosts +++ /dev/null @@ -1,7 +0,0 @@ -127.0.0.1 localhost -127.0.1.1 X200s - -# The following lines are desirable for IPv6 capable hosts -::1 localhost ip6-localhost ip6-loopback -ff02::1 ip6-allnodes -ff02::2 ip6-allrouters diff --git a/archived/ansible/files/system_new/minimal/___etc___apt___apt.conf.d___99mindeps b/archived/ansible/files/system_new/minimal/___etc___apt___apt.conf.d___99mindeps deleted file mode 100644 index 4aaef79..0000000 --- a/archived/ansible/files/system_new/minimal/___etc___apt___apt.conf.d___99mindeps +++ /dev/null @@ -1,4 +0,0 @@ -APT::AutoRemove::RecommendsImportant "false"; -APT::AutoRemove::SuggestsImportant "false"; -APT::Install-Recommends "false"; -APT::Install-Suggests "false"; diff --git a/archived/ansible/files/system_new/minimal/___etc___apt___sources.list b/archived/ansible/files/system_new/minimal/___etc___apt___sources.list deleted file mode 100644 index e64d6ee..0000000 --- a/archived/ansible/files/system_new/minimal/___etc___apt___sources.list +++ /dev/null @@ -1,4 +0,0 @@ -deb http://ftp.debian.org/debian/ stretch main contrib non-free -deb http://ftp.debian.org/debian/ stretch-updates main contrib non-free -deb http://ftp.debian.org/debian stretch-backports main contrib non-free -deb http://security.debian.org/ stretch/updates main contrib non-free diff --git a/archived/ansible/files/system_new/minimal/___etc___apt___sources.list.d___palemoon.list b/archived/ansible/files/system_new/minimal/___etc___apt___sources.list.d___palemoon.list deleted file mode 100644 index f90488e..0000000 --- a/archived/ansible/files/system_new/minimal/___etc___apt___sources.list.d___palemoon.list +++ /dev/null @@ -1 +0,0 @@ -deb http://download.opensuse.org/repositories/home:/stevenpusser/Debian_9.0/ / diff --git a/archived/ansible/files/system_new/minimal/___etc___default___tlp b/archived/ansible/files/system_new/minimal/___etc___default___tlp deleted file mode 100644 index 6db0f60..0000000 --- a/archived/ansible/files/system_new/minimal/___etc___default___tlp +++ /dev/null @@ -1,278 +0,0 @@ -# ------------------------------------------------------------------------------ -# tlp - Parameters for power save -# See full explanation: http://linrunner.de/en/tlp/docs/tlp-configuration.html - -# Hint: some features are disabled by default, remove the leading # to enable -# them. - -# Set to 0 to disable, 1 to enable TLP. -TLP_ENABLE=1 - -# Operation mode when no power supply can be detected: AC, BAT -# Concerns some desktop and embedded hardware only. -TLP_DEFAULT_MODE=AC - -# Seconds laptop mode has to wait after the disk goes idle before doing a sync. -# Non-zero value enables, zero disables laptop mode. -DISK_IDLE_SECS_ON_AC=0 -DISK_IDLE_SECS_ON_BAT=2 - -# Dirty page values (timeouts in secs). -MAX_LOST_WORK_SECS_ON_AC=15 -MAX_LOST_WORK_SECS_ON_BAT=60 - -# Hint: CPU parameters below are disabled by default, remove the leading # -# to enable them, otherwise kernel default values are used. - -# Select a CPU frequency scaling governor. -# Intel Core i processor with intel_pstate driver: -# powersave(*), performance -# Older hardware with acpi-cpufreq driver: -# ondemand(*), powersave, performance, conservative -# (*) is recommended. -# Hint: use tlp-stat -p to show the active driver and available governors. -# Important: -# You *must* disable your distribution's governor settings or conflicts will -# occur. ondemand is sufficient for *almost all* workloads, you should know -# what you're doing! -#CPU_SCALING_GOVERNOR_ON_AC=powersave -#CPU_SCALING_GOVERNOR_ON_BAT=powersave - -# Set the min/max frequency available for the scaling governor. -# Possible values strongly depend on your CPU. For available frequencies see -# the output of tlp-stat -p. -#CPU_SCALING_MIN_FREQ_ON_AC=0 -#CPU_SCALING_MAX_FREQ_ON_AC=0 -#CPU_SCALING_MIN_FREQ_ON_BAT=0 -#CPU_SCALING_MAX_FREQ_ON_BAT=0 - -# Set Intel P-state performance: 0..100 (%) -# Limit the max/min P-state to control the power dissipation of the CPU. -# Values are stated as a percentage of the available performance. -# Requires an Intel Core i processor with intel_pstate driver. -#CPU_MIN_PERF_ON_AC=0 -#CPU_MAX_PERF_ON_AC=100 -#CPU_MIN_PERF_ON_BAT=0 -#CPU_MAX_PERF_ON_BAT=30 - -# Set the CPU "turbo boost" feature: 0=disable, 1=allow -# Requires an Intel Core i processor. -# Important: -# - This may conflict with your distribution's governor settings -# - A value of 1 does *not* activate boosting, it just allows it -#CPU_BOOST_ON_AC=1 -#CPU_BOOST_ON_BAT=0 - -# Minimize number of used CPU cores/hyper-threads under light load conditions -SCHED_POWERSAVE_ON_AC=0 -SCHED_POWERSAVE_ON_BAT=1 - -# Kernel NMI Watchdog: -# 0=disable (default, saves power), 1=enable (for kernel debugging only) -NMI_WATCHDOG=0 - -# Change CPU voltages aka "undervolting" - Kernel with PHC patch required -# Frequency voltage pairs are written to: -# /sys/devices/system/cpu/cpu0/cpufreq/phc_controls -# CAUTION: only use this, if you thoroughly understand what you are doing! -#PHC_CONTROLS="F:V F:V F:V F:V" - -# Set CPU performance versus energy savings policy: -# performance, normal, powersave -# Requires kernel module msr and x86_energy_perf_policy from linux-tools -ENERGY_PERF_POLICY_ON_AC=performance -ENERGY_PERF_POLICY_ON_BAT=powersave - -# Hard disk devices; separate multiple devices with spaces (default: sda). -# Devices can be specified by disk ID also (lookup with: tlp diskid). -DISK_DEVICES="sda sdb" - -# Hard disk advanced power management level: 1..254, 255 (max saving, min, off) -# Levels 1..127 may spin down the disk; 255 allowable on most drives. -# Separate values for multiple disks with spaces. Use the special value 'keep' -# to keep the hardware default for the particular disk. -DISK_APM_LEVEL_ON_AC="254 254" -DISK_APM_LEVEL_ON_BAT="128 128" - -# Hard disk spin down timeout: -# 0: spin down disabled -# 1..240: timeouts from 5s to 20min (in units of 5s) -# 241..251: timeouts from 30min to 5.5 hours (in units of 30min) -# See 'man hdparm' for details. -# Separate values for multiple disks with spaces. Use the special value 'keep' -# to keep the hardware default for the particular disk. -#DISK_SPINDOWN_TIMEOUT_ON_AC="0 0" -#DISK_SPINDOWN_TIMEOUT_ON_BAT="0 0" - -# Select IO scheduler for the disk devices: cfq, deadline, noop (Default: cfq); -# Separate values for multiple disks with spaces. Use the special value 'keep' -# to keep the kernel default scheduler for the particular disk. -#DISK_IOSCHED="cfq cfq" - -# SATA aggressive link power management (ALPM): -# min_power, medium_power, max_performance -SATA_LINKPWR_ON_AC=max_performance -SATA_LINKPWR_ON_BAT=min_power - -# Exclude SATA host devices from link power management. -# Separate multiple hosts with spaces. -#SATA_LINKPWR_BLACKLIST="host1" - -# Runtime Power Management for AHCI controllers and disks: -# on=disable, auto=enable -# EXPERIMENTAL ** WARNING: auto will most likely cause system lockups/data loss -#AHCI_RUNTIME_PM_ON_AC=on -#AHCI_RUNTIME_PM_ON_BAT=on - -# Seconds of inactivity before disk is suspended -AHCI_RUNTIME_PM_TIMEOUT=15 - -# PCI Express Active State Power Management (PCIe ASPM): -# default, performance, powersave -PCIE_ASPM_ON_AC=performance -PCIE_ASPM_ON_BAT=powersave - -# Radeon graphics clock speed (profile method): low, mid, high, auto, default; -# auto = mid on BAT, high on AC; default = use hardware defaults. -# (Kernel >= 2.6.35 only, open-source radeon driver explicitly) -RADEON_POWER_PROFILE_ON_AC=high -RADEON_POWER_PROFILE_ON_BAT=low - -# Radeon dynamic power management method (DPM): battery, performance -# (Kernel >= 3.11 only, requires boot option radeon.dpm=1) -RADEON_DPM_STATE_ON_AC=performance -RADEON_DPM_STATE_ON_BAT=battery - -# Radeon DPM performance level: auto, low, high; auto is recommended. -RADEON_DPM_PERF_LEVEL_ON_AC=auto -RADEON_DPM_PERF_LEVEL_ON_BAT=auto - -# WiFi power saving mode: on=enable, off=disable; not supported by all adapters. -WIFI_PWR_ON_AC=off -WIFI_PWR_ON_BAT=on - -# Disable wake on LAN: Y/N -WOL_DISABLE=Y - -# Enable audio power saving for Intel HDA, AC97 devices (timeout in secs). -# A value of 0 disables, >=1 enables power save. -SOUND_POWER_SAVE_ON_AC=0 -SOUND_POWER_SAVE_ON_BAT=1 - -# Disable controller too (HDA only): Y/N -SOUND_POWER_SAVE_CONTROLLER=Y - -# Set to 1 to power off optical drive in UltraBay/MediaBay when running on -# battery. A value of 0 disables this feature (Default). -# Drive can be powered on again by releasing (and reinserting) the eject lever -# or by pressing the disc eject button on newer models. -# Note: an UltraBay/MediaBay hard disk is never powered off. -BAY_POWEROFF_ON_BAT=0 -# Optical drive device to power off (default sr0). -BAY_DEVICE="sr0" - -# Runtime Power Management for PCI(e) bus devices: on=disable, auto=enable -RUNTIME_PM_ON_AC=on -RUNTIME_PM_ON_BAT=auto - -# Runtime PM for *all* PCI(e) bus devices, except blacklisted ones: -# 0=disable, 1=enable -RUNTIME_PM_ALL=1 - -# Exclude PCI(e) device adresses the following list from Runtime PM -# (separate with spaces). Use lspci to get the adresses (1st column). -#RUNTIME_PM_BLACKLIST="bb:dd.f 11:22.3 44:55.6" - -# Exclude PCI(e) devices assigned to the listed drivers from Runtime PM -# (should prevent accidential power on of hybrid graphics' discrete part). -# Default is "radeon nouveau"; use "" to disable the feature completely. -# Separate multiple drivers with spaces. -RUNTIME_PM_DRIVER_BLACKLIST="radeon nouveau" - -# Set to 0 to disable, 1 to enable USB autosuspend feature. -USB_AUTOSUSPEND=1 - -# Exclude listed devices from USB autosuspend (separate with spaces). -# Use lsusb to get the ids. -# Note: input devices (usbhid) are excluded automatically (see below) -#USB_BLACKLIST="1111:2222 3333:4444" - -# WWAN devices are excluded from USB autosuspend: 0=do not exclude / 1=exclude -USB_BLACKLIST_WWAN=1 - -# Include listed devices into USB autosuspend even if already excluded -# by the driver or WWAN blacklists above (separate with spaces). -# Use lsusb to get the ids. -#USB_WHITELIST="1111:2222 3333:4444" - -# Set to 1 to disable autosuspend before shutdown, 0 to do nothing -# (workaround for USB devices that cause shutdown problems). -#USB_AUTOSUSPEND_DISABLE_ON_SHUTDOWN=1 - -# Restore radio device state (Bluetooth, WiFi, WWAN) from previous shutdown -# on system startup: 0=disable, 1=enable. -# Hint: the parameters DEVICES_TO_DISABLE/ENABLE_ON_STARTUP/SHUTDOWN below -# are ignored when this is enabled! -RESTORE_DEVICE_STATE_ON_STARTUP=0 - -# Radio devices to disable on startup: bluetooth, wifi, wwan. -# Separate multiple devices with spaces. -DEVICES_TO_DISABLE_ON_STARTUP="bluetooth wifi wwan" - -# Radio devices to enable on startup: bluetooth, wifi, wwan. -# Separate multiple devices with spaces. -#DEVICES_TO_ENABLE_ON_STARTUP="wifi" - -# Radio devices to disable on shutdown: bluetooth, wifi, wwan -# (workaround for devices that are blocking shutdown). -#DEVICES_TO_DISABLE_ON_SHUTDOWN="bluetooth wifi wwan" - -# Radio devices to enable on shutdown: bluetooth, wifi, wwan -# (to prevent other operating systems from missing radios). -#DEVICES_TO_ENABLE_ON_SHUTDOWN="wwan" - -# Radio devices to enable on AC: bluetooth, wifi, wwan -#DEVICES_TO_ENABLE_ON_AC="bluetooth wifi wwan" - -# Radio devices to disable on battery: bluetooth, wifi, wwan -#DEVICES_TO_DISABLE_ON_BAT="bluetooth wifi wwan" - -# Radio devices to disable on battery when not in use (not connected): -# bluetooth, wifi, wwan -DEVICES_TO_DISABLE_ON_BAT_NOT_IN_USE="bluetooth wifi wwan" - -# Battery charge thresholds (ThinkPad only, tp-smapi or acpi-call kernel module -# required). Charging starts when the remaining capacity falls below the -# START_CHARGE_THRESH value and stops when exceeding the STOP_CHARGE_THRESH value. -# Main / Internal battery (values in %) -START_CHARGE_THRESH_BAT0=10 -STOP_CHARGE_THRESH_BAT0=95 -# Ultrabay / Slice / Replaceable battery (values in %) -START_CHARGE_THRESH_BAT1=10 -STOP_CHARGE_THRESH_BAT1=95 - -# ------------------------------------------------------------------------------ -# tlp-rdw - Parameters for the radio device wizard -# Possible devices: bluetooth, wifi, wwan - -# Hints: -# - Parameters are disabled by default, remove the leading # to enable them. -# - Separate multiple radio devices with spaces. - -# Radio devices to disable on connect. -#DEVICES_TO_DISABLE_ON_LAN_CONNECT="wifi wwan" -#DEVICES_TO_DISABLE_ON_WIFI_CONNECT="wwan" -#DEVICES_TO_DISABLE_ON_WWAN_CONNECT="wifi" - -# Radio devices to enable on disconnect. -#DEVICES_TO_ENABLE_ON_LAN_DISCONNECT="wifi wwan" -#DEVICES_TO_ENABLE_ON_WIFI_DISCONNECT="" -#DEVICES_TO_ENABLE_ON_WWAN_DISCONNECT="" - -# Radio devices to enable/disable when docked. -#DEVICES_TO_ENABLE_ON_DOCK="" -#DEVICES_TO_DISABLE_ON_DOCK="" - -# Radio devices to enable/disable when undocked. -#DEVICES_TO_ENABLE_ON_UNDOCK="wifi" -#DEVICES_TO_DISABLE_ON_UNDOCK="" diff --git a/archived/ansible/files/system_new/minimal/___etc___profile b/archived/ansible/files/system_new/minimal/___etc___profile deleted file mode 100644 index 5884d7b..0000000 --- a/archived/ansible/files/system_new/minimal/___etc___profile +++ /dev/null @@ -1,35 +0,0 @@ -# /etc/profile: system-wide .profile file for the Bourne shell (sh(1)) -# and Bourne compatible shells (bash(1), ksh(1), ash(1), ...). - -if [ "`id -u`" -eq 0 ]; then - PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" -else - PATH="/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games" -fi -export PATH - -if [ "${PS1-}" ]; then - if [ "${BASH-}" ] && [ "$BASH" != "/bin/sh" ]; then - # The file bash.bashrc already sets the default PS1. - # PS1='\h:\w\$ ' - if [ -f /etc/bash.bashrc ]; then - . /etc/bash.bashrc - fi - else - if [ "`id -u`" -eq 0 ]; then - PS1='# ' - else - PS1='$ ' - fi - fi -fi - -if [ -d /etc/profile.d ]; then - for i in /etc/profile.d/*.sh; do - if [ -r $i ]; then - . $i - fi - done - unset i -fi -export LC_ALL="en_US.UTF-8" diff --git a/archived/ansible/files/system_new/minimal/___etc___systemd___logind.conf b/archived/ansible/files/system_new/minimal/___etc___systemd___logind.conf deleted file mode 100644 index 7a9004a..0000000 --- a/archived/ansible/files/system_new/minimal/___etc___systemd___logind.conf +++ /dev/null @@ -1,38 +0,0 @@ -# This file is part of systemd. -# -# systemd is free software; you can redistribute it and/or modify it -# under the terms of the GNU Lesser General Public License as published by -# the Free Software Foundation; either version 2.1 of the License, or -# (at your option) any later version. -# -# Entries in this file show the compile time defaults. -# You can change settings by editing this file. -# Defaults can be restored by simply deleting this file. -# -# See logind.conf(5) for details. - -[Login] -#NAutoVTs=6 -#ReserveVT=6 -#KillUserProcesses=no -#KillOnlyUsers= -#KillExcludeUsers=root -#InhibitDelayMaxSec=5 -#HandlePowerKey=poweroff -#HandleSuspendKey=suspend -#HandleHibernateKey=hibernate -#HandleLidSwitch=suspend -#HandleLidSwitchDocked=ignore -#PowerKeyIgnoreInhibited=no -#SuspendKeyIgnoreInhibited=no -#HibernateKeyIgnoreInhibited=no -#LidSwitchIgnoreInhibited=yes -#HoldoffTimeoutSec=30s -#IdleAction=ignore -#IdleActionSec=30min -#RuntimeDirectorySize=10% -#RemoveIPC=yes -#InhibitorsMax=8192 -#SessionsMax=8192 -#UserTasksMax=33% -HandleLidSwitch=hibernate diff --git a/archived/ansible/files/system_new/minimal/___etc___timezone b/archived/ansible/files/system_new/minimal/___etc___timezone deleted file mode 100644 index 94d5acc..0000000 --- a/archived/ansible/files/system_new/minimal/___etc___timezone +++ /dev/null @@ -1 +0,0 @@ -Europe/Berlin diff --git a/archived/ansible/run_root.sh b/archived/ansible/run_root.sh deleted file mode 100755 index 02856c2..0000000 --- a/archived/ansible/run_root.sh +++ /dev/null @@ -1 +0,0 @@ -ansible-playbook -i 'localhost,' -c local config.yml diff --git a/archived/ansible/run_root_new.sh b/archived/ansible/run_root_new.sh deleted file mode 100755 index 36408a8..0000000 --- a/archived/ansible/run_root_new.sh +++ /dev/null @@ -1 +0,0 @@ -ansible-playbook -i 'localhost,' -e system_name=X200s -c local config_new.yml diff --git a/archived/ansible/run_user.sh b/archived/ansible/run_user.sh deleted file mode 100755 index e52b521..0000000 --- a/archived/ansible/run_user.sh +++ /dev/null @@ -1 +0,0 @@ -ansible-playbook -i 'localhost,' -c local user.yml diff --git a/archived/ansible/run_user_new.sh b/archived/ansible/run_user_new.sh deleted file mode 100755 index 510faad..0000000 --- a/archived/ansible/run_user_new.sh +++ /dev/null @@ -1 +0,0 @@ -ansible-playbook -i 'localhost,' -e system_name=X200s -c local user_new.yml diff --git a/archived/ansible/tasks/initial_purge.yml b/archived/ansible/tasks/initial_purge.yml deleted file mode 100644 index 63fddd9..0000000 --- a/archived/ansible/tasks/initial_purge.yml +++ /dev/null @@ -1,25 +0,0 @@ ---- - -- name: collect officially required packages - shell: dpkg-query -Wf '${Package} ${Priority}\n' | grep ' required' | sed 's/ required//' > /tmp/list_white_unsorted - -- name: add "ifupdown" and "isc-dhcp-client" (to keep internet connection afterwards) and "ansible" (to keep its modules available for continuing the configuration) to required packages - shell: echo 'ifupdown' >> /tmp/list_white_unsorted && echo 'isc-dhcp-client' >> /tmp/list_white_unsorted && echo 'ansible' >> /tmp/list_white_unsorted && sort /tmp/list_white_unsorted > /tmp/list_white - -- name: collect currently installed packages - shell: dpkg-query -Wf '${Package}\n' > /tmp/list_all_packages && sort /tmp/list_all_packages > /tmp/foo && mv /tmp/foo /tmp/list_all_packages - -- name: create black list of packages to mark as automatically installed from the difference between the required packages and the packages currently installed - shell: comm -3 /tmp/list_all_packages /tmp/list_white > /tmp/list_black - -- name: mark all packages from black list as automatically installed - shell: apt-mark auto $(cat /tmp/list_black) - -- name: purge all packages automatically installed that are not depended on - shell: DEBIAN_FRONTEND=noninteractive apt-get -y --purge autoremove - -- name: ensure flags directory exists - file: path=flags state=directory - -- name: set initial_purge_happened flag, so that this whole process does not get repeated - file: path=flags/initial_purge_happened state=touch diff --git a/archived/ansible/tasks/qutebrowser.yml b/archived/ansible/tasks/qutebrowser.yml deleted file mode 100644 index 916c854..0000000 --- a/archived/ansible/tasks/qutebrowser.yml +++ /dev/null @@ -1,45 +0,0 @@ ---- - -- name: Set qutebrowser, python3-pypeg2 facts. - set_fact: - qutebrowser_deb_url: https://github.com/qutebrowser/qutebrowser/releases/download/v0.11.0/qutebrowser_0.11.0-1_all.deb - python3pypeg2_deb_url: https://qutebrowser.org/python3-pypeg2_2.15.2-1_all.deb - qutebrowser_deb_path: /tmp/qutebrowser.deb - python3pypeg2_deb_path: /tmp/python3-pypeg2.deb - -- name: Check if qutebrowser is installed. - command: dpkg-query -W qutebrowser - register: qutebrowser_debcheck - failed_when: qutebrowser_debcheck.rc > 1 - changed_when: qutebrowser_debcheck.rc == 1 - -- name: Check if qutebrowser-dependency python3-pypeg2 is installed. - command: dpkg-query -W python3-pypeg2 - register: python3pypeg2_debcheck - failed_when: python3pypeg2_debcheck.rc > 1 - changed_when: python3pypeg2_debcheck.rc == 1 - when: qutebrowser_debcheck.rc == 1 - -- name: Download python3-pypeg2 package. - get_url: url={{ python3pypeg2_deb_url }} dest={{ python3pypeg2_deb_path }} - when: qutebrowser_debcheck.rc == 1 and python3pypeg2_debcheck.rc == 1 - -- name: Download qutebrowser package. - get_url: url={{ qutebrowser_deb_url }} dest={{ qutebrowser_deb_path }} - when: qutebrowser_debcheck.rc == 1 - -# We use command: apt as a workaround because the Ansible apt module installs -# the Depends of the .deb marked as manual while we want them marked as auto. -- name: Install python3-pypeg2 package, - command: apt install --yes "{{ python3pypeg2_deb_path}}" - when: qutebrowser_debcheck.rc == 1 and python3pypeg2_debcheck.rc == 1 - -- name: Mark python3-pypeg2 package as automatically installed. - command: apt-mark auto python3-pypeg2 - when: qutebrowser_debcheck.rc == 1 and python3pypeg2_debcheck.rc == 1 - -# We use command: apt as a workaround because the Ansible apt module installs -# the Depends of the .deb marked as manual while we want them marked as auto. -- name: Install qutebrowser package. - command: apt install --yes "{{ qutebrowser_deb_path}}" - when: qutebrowser_debcheck.rc == 1 diff --git a/archived/ansible/user.yml b/archived/ansible/user.yml deleted file mode 100644 index 07dd189..0000000 --- a/archived/ansible/user.yml +++ /dev/null @@ -1,13 +0,0 @@ -- hosts: all - tasks: - - - name: ensure ~/.vimbackups directory - file: state=directory dest=~/.vimbackups - - name: Ensure dotfile symlinks - file: state=link force=yes src={{item}} dest=~/.{{item|basename}} - with_fileglob: - - ~/config/dotfiles/minimal/* - - ~/config/dotfiles/user/thinkpad/minimal/* - - ~/config/dotfiles/user/thinkpad/W530/* - - name: ensure ~/downloads directory - file: state=directory dest=~/downloads diff --git a/archived/ansible/user_new.yml b/archived/ansible/user_new.yml deleted file mode 100644 index d6f46af..0000000 --- a/archived/ansible/user_new.yml +++ /dev/null @@ -1,13 +0,0 @@ -- hosts: all - tasks: - - - name: ensure ~/.vimbackups directory - file: state=directory dest=~/.vimbackups - - name: Ensure dotfile symlinks - file: state=link force=yes src={{item}} dest=~/.{{item|basename}} - with_fileglob: - - ~/config/dotfiles/minimal/* - - ~/config/dotfiles/user/thinkpad/minimal/* - - ~/config/dotfiles/user/thinkpad/{{ system_name }}/* - - name: ensure ~/downloads directory - file: state=directory dest=~/downloads diff --git a/archived/archive_plomroma.py b/archived/archive_plomroma.py deleted file mode 100755 index 0ad89b7..0000000 --- a/archived/archive_plomroma.py +++ /dev/null @@ -1,86 +0,0 @@ -#!/usr/bin/env python3 -import lxml -import argparse -# use with `find status.plomlompom.com -type f -name "*.html" -exec ./archive_plomroma.py -f {} \;` - -parser = argparse.ArgumentParser(description="archive plom's self-hosted pleroma feed") -parser.add_argument("-f", "--file", dest="file", required=True, help="HTML file to process") -args = parser.parse_args() -print("processing", args.file) - -def print_tree(node, level=0): - tag = node.tag - id = node.get("id") - classes = node.get("class") - text = (node.text or "").strip() - attributes_info = [] - if id: - attributes_info.append(f"id='{id}'") - if classes: - attributes_info.append(f"class='{classes}'") - attr_str = " ".join(attributes_info) - print(" " * level + f"<{tag} {attr_str}>", end="") - if text: - print(f" -> {text}") - else: - print() - for child in node: - print_tree(child, level + 1) - -with open(args.file, "r", encoding="utf-8") as file: - content = file.read() -from lxml import html -tree = html.fromstring(content) - -atom_links = tree.xpath('/html/head/link[@rel="alternate"]') -for atom_link in atom_links: - atom_link.getparent().remove(atom_link) -comments = tree.xpath('//comment()') -for comment in comments: - comment.getparent().remove(comment) -forms = tree.xpath('//form') -for form in forms: - form.getparent().remove(form) - - -def has_class(context, element, class_name): - classes = element[0].get('class', '').split() - return class_name in classes -ns = lxml.etree.FunctionNamespace(None) -ns['has-class'] = has_class -matching_divs = tree.xpath('//div[has-class(., "activity") and .//div[has-class(., "p-author")] and .//bdi[has-class(., "p-name") and string()!="plomlompom"]]') -imgs = tree.xpath('//img') -for img in imgs: - src = img.get('src') - if src and not src.startswith('https://status.plomlompom.com/'): - img.attrib.pop('src', None) - alt = img.get('alt') - if alt and not alt.startswith('../'): - img.attrib.pop('alt', None) - title = img.get('title') - if title and not title.startswith('../'): - img.attrib.pop('title', None) -removal_notice = "[Removed foreign content for static archive, follow permalink on date to see original.]" -for activity_div in matching_divs: - details = activity_div.xpath('.//details[./div[has-class]]') - for detail in details: - new_div = lxml.etree.Element("div") - new_div.text = removal_notice - detail.getparent().replace(detail, new_div) - e_contents = activity_div.xpath('.//div[has-class(., "e-content") or has-class(., "activity-content")]') - for content in e_contents: - content.clear() - content.text = removal_notice - -header = """ -

contact / privacy

-

plomroma (archived): This site is a static archive of a Pleroma instance formerly hosted by me, to preserve my own messages from that time. Foreign content has been removed, but may still be available via links.

-
-""" -tree.body.insert(0, html.fromstring(header)) - -# print_tree(tree) -with open(args.file, "w", encoding="utf-8") as file: - file.write(html.tostring(tree, pretty_print=True, encoding="utf-8").decode("utf-8")) - -print("done") diff --git a/archived/bin/broiler_in.sh b/archived/bin/broiler_in.sh deleted file mode 100755 index 5b16ddd..0000000 --- a/archived/bin/broiler_in.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/sh -cd ~/plomlombot-irc -./run.sh -r 604800 -n broiler_in "#nodrama.de" diff --git a/archived/bin/hubbabubba.sh b/archived/bin/hubbabubba.sh deleted file mode 100755 index 50cc0f6..0000000 --- a/archived/bin/hubbabubba.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/sh -cd ~/plomlombot-irc -./run.sh -r 604800 -n hubbabubba "#freakazoid" diff --git a/archived/bin/i3status_wrapper.py b/archived/bin/i3status_wrapper.py deleted file mode 100755 index aa7b7c2..0000000 --- a/archived/bin/i3status_wrapper.py +++ /dev/null @@ -1,26 +0,0 @@ -#!/usr/bin/env python3 -# -*- coding: utf-8 -*- - -# Inspired by http://code.stapelberg.de/git/i3status/tree/contrib/wrapper.py - -import sys -import json -import subprocess - -def print_nonbuffered(message): - sys.stdout.write(message) - sys.stdout.flush() - -if __name__ == '__main__': - print_nonbuffered(sys.stdin.readline()) - print_nonbuffered(sys.stdin.readline()) - while True: - line, prefix = sys.stdin.readline(), '' - if line.startswith(','): - line, prefix = line[1:], ',' - j = json.loads(line) - if '1' == subprocess.getoutput('xset q | grep LED')[65]: - j.insert(len(j), {'full_text' : 'CAPS', - 'separator_block_width': 40, - 'color': '#FF0000'}) - print_nonbuffered(prefix+json.dumps(j)) diff --git a/archived/bin/install_certs.sh b/archived/bin/install_certs.sh deleted file mode 100755 index 5ef46b0..0000000 --- a/archived/bin/install_certs.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/sh - -set -e -set -x - -~/letsencrypt/letsencrypt-auto certonly --standalone -d dump.plomlompom.com -~/letsencrypt/letsencrypt-auto certonly --standalone -d htwtxt.plomlompom.com diff --git a/archived/bin/network.sh b/archived/bin/network.sh deleted file mode 100755 index 5f88461..0000000 --- a/archived/bin/network.sh +++ /dev/null @@ -1,65 +0,0 @@ -#!/bin/sh - -eth_interface=enp0s25 -wifi_interface=wls1 - -ensure_wifi_on() { - if [ ! "$(wifi)" = "wifi = on" ]; then - #wifi on - ip link set "$wifi_interface" up - fi -} - -if ! echo "${1}"; then - echo 'No command given.' - print_usage - exit 1 -elif [ "${1}" = 'eth_connect' ]; then - ip link set "$eth_interface" up - dhclient "$eth_interface" - -elif [ "${1}" = 'eth_disconnect' ]; then - ip link set "$eth_interface" down - -elif [ "${1}" = 'wifi_scan' ]; then - ensure_wifi_on - ip link set "$wifi_interface" up - iw dev "$wifi_interface" scan | grep SSID - -elif [ "${1}" = 'wifi_connect_open' ]; then - ensure_wifi_on - iw dev "$wifi_interface" connect "${2}" - dhclient "$wifi_interface" - #ip route delete default - #ip route add default via 192.168.1.1 dev wls1 - -elif [ "${1}" = 'wifi_connect_wep_ascii' ]; then - ensure_wifi_on - iw dev "$wifi_interface" connect "${2}" key 0:"${3}" - dhclient "$wifi_interface" - -elif [ "${1}" = 'wifi_connect_wep_hex' ]; then - ensure_wifi_on - iw dev "$wifi_interface" connect "${2}" key d:0:"${3}" - dhclient "$wifi_interface" - -elif [ "${1}" = 'wifi_connect_wpa' ]; then - ensure_wifi_on - wpa_passphrase "${2}" "${3}" > /tmp/wpa_supplicant.conf - wpa_supplicant -B -i "$wifi_interface" -c /tmp/wpa_supplicant.conf - dhclient "$wifi_interface" - -elif [ "${1}" = 'wifi_disconnect' ]; then - ip link set "$wifi_interface" down - -else - echo 'Available commands:' - echo ' eth_connect' - echo ' eth_disconnect' - echo ' wifi_scan' - echo ' wifi_connect_open SSID' - echo ' wifi_connect_wep_ascii SSID KEY' - echo ' wifi_connect_wep_hex SSID KEY' - echo ' wifi_connect_wpa SSID KEY' - echo ' wifi_disconnect' -fi diff --git a/archived/bin/plomlombot.sh b/archived/bin/plomlombot.sh deleted file mode 100755 index 1153d2d..0000000 --- a/archived/bin/plomlombot.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/sh -cd ~/plomlombot-irc -./run.sh -r 604800 -n botlomplom "#zrolaps" diff --git a/archived/bin/renew_certs.sh b/archived/bin/renew_certs.sh deleted file mode 100755 index d1853b5..0000000 --- a/archived/bin/renew_certs.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/sh - -service nginx stop -~/letsencrypt/letsencrypt-auto renew -service nginx restart diff --git a/archived/bin/setup_opendkim.sh b/archived/bin/setup_opendkim.sh deleted file mode 100755 index ce1e3d5..0000000 --- a/archived/bin/setup_opendkim.sh +++ /dev/null @@ -1,65 +0,0 @@ -#!/bin/sh -set -e -selector=$1 -file=$2 - -if [ ! -n "$selector" ]; then - cat << EOF -Usage: $0 SELECTOR [KEYFILE] - set up DKIM system and configuration - -If existing KEYFILE is given, set up DKIM to use SELECTOR and apply key from -KEYFILE. - -If existing KEYFILE is not given, generate KEYFILE and DNS TXT file for -SELECTOR. -EOF - exit -fi - -if [ ! "$(id -u)" -eq "0" ]; then - echo "Must be run as root." - exit 1 -fi - -set -x -apt-get -y install opendkim - -if [ ! -n "$file" ]; then - apt-get -y install opendkim-tools - opendkim-genkey -d plomlompom.com -s $selector - apt-get -y --purge autoremove opendkim-tools - set +x - echo - echo 'Generated key file at '$selector'.private.' - echo 'Also generated '$selector'.txt, APPLY its content below to your DNS' \ - 'record.' - echo 'AFTER the waiting time for DNS propagation RERUN this script with' \ - 'the key file as SECOND parameter (still use selector as first one).' - echo - cat $selector.txt -else - if [ ! -f "$file" ]; then - set +x - echo - echo "Keyfile $file does not exist." - exit 1 - fi - cp ~/config/systemfiles/opendkim.conf /etc/opendkim.conf - sed -r -i 's/^#Selector .*$/Selector '$selector'/' /etc/opendkim.conf - mkdir -p /etc/opendkim - if [ -f /etc/opendkim/dkim.key ]; then - cp /etc/opendkim/dkim.key /etc/opendkim/dkim.key~ - fi - cp $file /etc/opendkim/dkim.key - cp ~/config/systemfiles/main.cf /etc/postfix/main.cf - cat >> /etc/postfix/main.cf << EOF - -# Use opendkim at given port as mail filter. -non_smtpd_milters = inet:localhost:12301 -EOF - service opendkim restart - service postfix restart - set +x - echo - echo 'Ensure the DKIM TXT entry in your DNS record matches!' -fi diff --git a/archived/bin/setup_starttls.sh b/archived/bin/setup_starttls.sh deleted file mode 100755 index 3b306c2..0000000 --- a/archived/bin/setup_starttls.sh +++ /dev/null @@ -1,38 +0,0 @@ -#!/bin/sh -set -x -set -e -key=$1 -cert=$2 - -if [ ! "$(id -u)" -eq "0" ]; then - echo "Must be run as root." - exit 1 -fi - -key_target=/etc/postfix/key.pem -if [ ! -n "$key" ]; then - if [ ! -f "${key_target}" ]; then - (umask 077; openssl genrsa -out "${key_target}" 2048) - fi -else - cp "$key" "${key_target}" -fi - -fqdn=$(postconf -h myhostname) -cert_target=/etc/postfix/cert.pem -if [ ! -n "$cert" ]; then - if [ ! -f "${cert_target}" ]; then - openssl req -new -key "${key_target}" -x509 -subj "/CN=${fqdn}" -days 3650 -out "${cert_target}" - fi -else - cp "$cert" "${cert_target}" -fi - -cat >> /etc/postfix/main.cf << EOF - -# Enable server-side STARTTLS. -smtpd_tls_cert_file = /etc/postfix/cert.pem -smtpd_tls_key_file = /etc/postfix/key.pem -smtpd_tls_security_level = may -EOF -service postfix restart diff --git a/archived/bin/simplemail.sh b/archived/bin/simplemail.sh deleted file mode 100755 index af0eb1a..0000000 --- a/archived/bin/simplemail.sh +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/sh -# -# This mails to user plom the message in the file named by the first parameter, -# decoded with the first line as subject and everything below the second line -# as the message body. - -subject=`head -1 $1` -body=`tail -n +3 $1` -echo "$body" | mutt -s "$subject" plom diff --git a/archived/bin/simplemail_out.sh b/archived/bin/simplemail_out.sh deleted file mode 100755 index 8340944..0000000 --- a/archived/bin/simplemail_out.sh +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/sh -# -# This mails to plom@plomlompom.com the message in the file named by the first -# parameter, decoded with the first line as subject and everything below the -# second line as the message body. - -subject=`head -1 $1` -body=`tail -n +3 $1` -echo "$body" | mutt -s "$subject" plom@plomlompom.com diff --git a/archived/bin/start_htwtxt.sh b/archived/bin/start_htwtxt.sh deleted file mode 100755 index e5ee45a..0000000 --- a/archived/bin/start_htwtxt.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh -$GOPATH/bin/htwtxt \ - --contact 'see http://www.plomlompom.de/' \ - --mailport 587 \ - --mailserver smtp.gmail.com \ - --mailuser christian.heller@gmail.com \ - --port 8000 \ - --signup diff --git a/archived/bin/symlink.sh b/archived/bin/symlink.sh deleted file mode 100755 index d653a0b..0000000 --- a/archived/bin/symlink.sh +++ /dev/null @@ -1,41 +0,0 @@ -#!/bin/sh - -set -x -set -e - -dir_minimal=~/config/dotfiles/minimal -dir_user_prefix=~/config/dotfiles/user -dir_user_minimal=$dir_user_prefix/minimal -dir_user_machine=$dir_user_prefix/$1/minimal -if [ "$3" = "" ]; then - dir_user_variety=$dir_user_prefix/$1/$2 -else - dir_user_variety=$dir_user_prefix/$1/$2/minimal -fi -dir_user_subvariety=$dir_user_prefix/$1/$2/$3 -dir_root=~/config/dotfiles/root -homedir=`echo ~` -find ~ -lname $homedir'/config/*' -delete -for file in `ls $dir_minimal`; do - ln -fs $dir_minimal/$file ~/.$file -done -if [ "$(id -u)" -eq "0" ]; then - for file in `ls $dir_root`; do - ln -fs $dir_root/$file ~/.$file - done -else - for file in `ls $dir_user_minimal`; do - ln -fs $dir_user_minimal/$file ~/.$file - done - for file in `ls $dir_user_machine`; do - ln -fs $dir_user_machine/$file ~/.$file - done - for file in `ls $dir_user_variety`; do - ln -fs $dir_user_variety/$file ~/.$file - done - if [ ! "$3" = "" ]; then - for file in `ls $dir_user_subvariety`; do - ln -fs $dir_user_subvariety/$file ~/.$file - done - fi -fi diff --git a/archived/bin/w530_backlight.sh b/archived/bin/w530_backlight.sh deleted file mode 100755 index 5b24fa7..0000000 --- a/archived/bin/w530_backlight.sh +++ /dev/null @@ -1,32 +0,0 @@ -#!/bin/sh - -# A very primitive backlight setter with a hardcoded backlight path, to replace -# xbacklight which currently does not work on my system. - -if ! echo "${1}" | egrep -q '^[0-9]+$' && ! [ "${1}" = "+" -o "${1}" = "-" ]; then - echo 'Argument must be a number, or "+", or "-".' - exit 1 -fi -backlight_dir=/sys/class/backlight/intel_backlight -max_brightness=$(cat "${backlight_dir}"/max_brightness) -target="${backlight_dir}"/brightness -if [ "${1}" = "+" -o "${1}" = "-" ]; then - fract=$(expr "${max_brightness}" / 20) - cur_brightness=$(cat "${backlight_dir}"/brightness) - brightness=$(expr "${cur_brightness}" "${1}" "${fract}") - if [ "${brightness}" -gt "${max_brightness}" ]; then - brightness="${max_brightness}" - elif [ "${brightness}" -lt "0" ]; then - brightness=0 - fi - sudo sh -c 'echo '"${brightness}"' > '"${target}" - exit 0 -fi -percentage=${1} -if [ "${percentage}" = '100' ]; then - sudo sh -c 'echo '"${max_brightness}"' > '"${target}" -else - fract=$(expr "${max_brightness}" / 100) - brightness=$(expr "${percentage}" \* "${fract}") - sudo sh -c 'echo '"${brightness}"' > '"${target}" -fi diff --git a/archived/bin/w530_startx_force_nvidia.sh b/archived/bin/w530_startx_force_nvidia.sh deleted file mode 100755 index 3c3ca59..0000000 --- a/archived/bin/w530_startx_force_nvidia.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/sh - -# Undo bumblebee setup. -sudo service bumblebeed stop -sudo modprobe nvidia-drm -sudo update-alternatives --set glx /usr/lib/nvidia - -# Use special xorg.conf and pass NVIDIA_DIRECT directive to .xinitrc. -NVIDIA_DIRECT=1 startx -- -config xorg.conf.forced_nvidia - -# Recreate bumblebee setup. -sudo service bumblebeed start -sudo update-alternatives --auto glx diff --git a/archived/bin/weechat-wrapper.sh b/archived/bin/weechat-wrapper.sh deleted file mode 100755 index 333c9d1..0000000 --- a/archived/bin/weechat-wrapper.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh - -# Enforce ~/.weechatrc as sole persistent weechat config file. -~/config/bin/simplemail.sh ~/config/mails/weechat_restart_reminder -rm -rf ~/.weechat/ -WEECHATCONF=`tr '\n' ';' < ~/.weechatrc` -weechat -r "$WEECHATCONF" -rm -rf ~/.weechat/ diff --git a/archived/bin/wicd-wrapper.sh b/archived/bin/wicd-wrapper.sh deleted file mode 100755 index 8ed74bd..0000000 --- a/archived/bin/wicd-wrapper.sh +++ /dev/null @@ -1,67 +0,0 @@ -#!/bin/sh - -check_wifi_id_set() { - if ! echo "${1}" | egrep -q '^[0-9]+$'; then - echo 'Wifi identifier must be integer.' - exit 1 - fi -} - -ensure_wifi_on() { - if [ ! "$(wifi)" = "wifi = on" ]; then - sudo wifi on - fi -} - -print_usage() { - echo 'Available commands:' - echo ' eth_connect' - echo ' eth_disconnect' - echo ' wifi_scan' - echo ' wifi_info WIFI_ID' - echo ' wifi_set_wpa WIFI_ID KEY' - echo ' wifi_connect WIFI_ID' - echo ' wifi_disconnect' -} - -if ! echo "${1}"; then - echo 'No command given.' - print_usage - exit 1 -elif [ "${1}" = 'eth_connect' ]; then - wicd-cli --wired --connect - -elif [ "${1}" = 'eth_disconnect' ]; then - wicd-cli --wired --disconnect - -elif [ "${1}" = 'wifi_scan' ]; then - ensure_wifi_on - wicd-cli --wireless --scan - wicd-cli --wireless --list-networks - -elif [ "${1}" = 'wifi_info' ]; then - check_wifi_id_set "${2}" - wicd-cli --wireless --network="${2}" --network-details - -elif [ "${1}" = 'wifi_set_wpa' ]; then - check_wifi_id_set "${2}" - if ! echo "${3}" ; then - echo 'No key set.' - exit 1 - fi - wicd-cli --wireless --network="${2}" --network-property=enctype --set-to=wpa - wicd-cli --wireless --network="${2}" --network-property=key --set-to="${3}" - -elif [ "${1}" = 'wifi_connect' ]; then - ensure_wifi_on - check_wifi_id_set "${2}" - wicd-cli --wireless --network="${2}" --connect - -elif [ "${1}" = 'wifi_disconnect' ]; then - wicd-cli --wireless --disconnect - -else - echo 'Unknown command.' - print_usage - exit 1 -fi diff --git a/archived/bin/zinskritik.sh b/archived/bin/zinskritik.sh deleted file mode 100755 index 9ad293a..0000000 --- a/archived/bin/zinskritik.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/sh -cd ~/plomlombot-irc -./run.sh -r 604800 -n histomat "#freie-gesellschaft" diff --git a/archived/bullseye/apt-mark/all b/archived/bullseye/apt-mark/all new file mode 100644 index 0000000..4b760bc --- /dev/null +++ b/archived/bullseye/apt-mark/all @@ -0,0 +1,12 @@ +# connectivity: ifupdown seems necessary everyhwere, isc-dhcp-client +# unpredictably so +ifupdown +isc-dhcp-client +# git for the setup directory; cloning works with ca-certificates +ca-certificates +git +# to avoid constant warnings about no locale being found +locales +# extremely useful for basic network debugging; missed these more than once in an emergency +netcat +iputils-ping diff --git a/archived/bullseye/apt-mark/desktop b/archived/bullseye/apt-mark/desktop new file mode 100644 index 0000000..f537318 --- /dev/null +++ b/archived/bullseye/apt-mark/desktop @@ -0,0 +1,2 @@ +# so that grub learns about kernel updates +grub-pc diff --git a/archived/bullseye/apt-mark/dumpsite b/archived/bullseye/apt-mark/dumpsite new file mode 100644 index 0000000..a87852a --- /dev/null +++ b/archived/bullseye/apt-mark/dumpsite @@ -0,0 +1,13 @@ +wget +# for blog and zettel +pandoc +# for blog +html2text +uuid-runtime +python3 +# for url_catcher daemon +python3-venv +build-essential +python3-dev +screen +postfix diff --git a/archived/bullseye/apt-mark/microblogpub b/archived/bullseye/apt-mark/microblogpub new file mode 100644 index 0000000..e2688e8 --- /dev/null +++ b/archived/bullseye/apt-mark/microblogpub @@ -0,0 +1,14 @@ +# to get python3.11 tgz +wget +build-essential +zlib1g-dev +libncurses5-dev +libgdbm-dev +libnss3-dev +libssl-dev +libreadline-dev +libffi-dev +libsqlite3-dev +libbz2-dev +# to set up poetry +curl diff --git a/archived/bullseye/apt-mark/play b/archived/bullseye/apt-mark/play new file mode 100644 index 0000000..154f7e7 --- /dev/null +++ b/archived/bullseye/apt-mark/play @@ -0,0 +1,4 @@ +weechat +screen +gnupg +dirmngr diff --git a/archived/bullseye/apt-mark/server b/archived/bullseye/apt-mark/server new file mode 100644 index 0000000..2ab22d2 --- /dev/null +++ b/archived/bullseye/apt-mark/server @@ -0,0 +1,6 @@ +# so we can login at all … +openssh-server +# firewalling +nftables +# We want to be able to use ALL our servers as borg backup destinations. +borgbackup diff --git a/archived/bullseye/apt-mark/thinkpad b/archived/bullseye/apt-mark/thinkpad new file mode 100644 index 0000000..6a780f2 --- /dev/null +++ b/archived/bullseye/apt-mark/thinkpad @@ -0,0 +1,7 @@ +# for wifi +firmware-iwlwifi +# for tlp +tlp +tp-smapi-dkms +linux-headers-amd64 +# diff --git a/archived/bullseye/apt-mark/user b/archived/bullseye/apt-mark/user new file mode 100644 index 0000000..b35f7a8 --- /dev/null +++ b/archived/bullseye/apt-mark/user @@ -0,0 +1,74 @@ +# to avoid booting problems with encrypted LVM, see +cryptsetup-initramfs +lvm2 +# this provides setupcon which reads /etc/default/console-setup +console-setup +# without this, systemd-logind won't run, and so not detect lid close for hibernation +dbus +# for X to start at all +xserver-xorg-video-intel +# X input: keyboard and touchpad +xserver-xorg-input-evdev +xserver-xorg-input-synaptics +# for startx +xinit +# for xrdb +x11-xserver-utils +# for startx to run for non-root user +libpam-systemd +# window environment +i3 +i3status +suckless-tools +xterm +# to get sleepy at night +redshift +# for alsamixer +alsa-utils +# for xterm and browser unicode display +ttf-unifont +# also useful +vim +sudo +less +man-db +manpages +procps +# firefox dependencies +libdbus-glib-1-2 +libgtk-3-0 +# firefox installation dependencies (remove later?) +curl +python3 +bzip2 +wget +jq +unzip +# to mount encrypted USB stick and use its contents +pmount +cryptsetup +openssh-client +# for syncing +borgbackup +# emacs +emacs +emacs-common-non-dfsg +emacs-el +elpa-ledger +ledger +elpa-elfeed +# mail setup +isync +notmuch +elpa-notmuch +pinentry-gtk2 +# to mount Android phone +go-mtpfs +# to use HP Deskjet F380 scanner from GIMP +sane-utils +xsane +# to use HP Deskjet F380 printer +cups +# for wifi +network-manager +# diff --git a/archived/bullseye/apt-mark/w530 b/archived/bullseye/apt-mark/w530 new file mode 100644 index 0000000..e69de29 diff --git a/archived/bullseye/apt-mark/web b/archived/bullseye/apt-mark/web new file mode 100644 index 0000000..4912b8a --- /dev/null +++ b/archived/bullseye/apt-mark/web @@ -0,0 +1,4 @@ +nginx-light +# for SSL +certbot +python3-certbot-nginx diff --git a/archived/bullseye/apt-mark/website b/archived/bullseye/apt-mark/website new file mode 100644 index 0000000..7bdd77f --- /dev/null +++ b/archived/bullseye/apt-mark/website @@ -0,0 +1,11 @@ +# for gitweb +gitweb +fcgiwrap +# for plomlombot +gnupg +dirmngr +python3-venv +screen +# for uwsgi +build-essential +python3-dev diff --git a/archived/bullseye/borg.sh b/archived/bullseye/borg.sh new file mode 100755 index 0000000..0ff0c08 --- /dev/null +++ b/archived/bullseye/borg.sh @@ -0,0 +1,147 @@ +#!/bin/sh +set -e + +standard_repo="borg" +config_file="${HOME}/.borgrepos" + +usage() { + echo "Need operation as argument, one of:" + echo "init" + echo "store" + echo "check" + echo "export_keyfiles" + echo "orgpush" + echo "orgpull" + false +} + +read_pw() { + if [ "${#SSH_AGENT_PID}" -eq 0 ]; then + eval $(ssh-agent) + echo "ssh-add" + stty -echo + ssh-add + stty echo + fi + if [ "${#BORG_PASSPHRASE}" -eq 0 ]; then + stty -echo + printf "Borg passphrase: " + read password + stty echo + printf "\n" + export BORG_PASSPHRASE="${password}" + fi +} + +if [ ! -f "${config_file}" ]; then + echo '# file read ends at last newline' >> "${config_file}" +fi +if [ "$#" -lt 1 ]; then + usage +fi +first_arg="$1" +shift +if [ "${first_arg}" = "init" ]; then + if [ ! "$#" -eq 1 ]; then + echo "Need exactly one argument: target of form user@server" + false + fi + target="$1" + echo "Initializing: ${target}" + borg init --verbose --encryption=keyfile "${target}:${standard_repo}" + tmp_file="/tmp/new_borgrepos" + echo "${target}" > "${tmp_file}" + cat "${config_file}" >> "${tmp_file}" + cp "${tmp_file}" "${config_file}" +elif [ "${first_arg}" = "store" ]; then + if [ ! "$#" -eq 2 ]; then + echo "Need precisely two arguments: archive name and path to archive." + false + fi + archive_name=$1 + shift + to_backup="$@" + read_pw + cat "${config_file}" | while read line; do + first_char=$(echo "${line}" | cut -c1) + if [ "${first_char}" = "#" ]; then + continue + fi + repo="${line}:${standard_repo}" + archive="${repo}::${archive_name}-{utcnow:%Y-%m-%dT%H:%M}" + echo "Creating archive: ${archive}" + borg create --verbose --list "${archive}" "${to_backup}" + done +elif [ "${first_arg}" = "check" ]; then + if [ ! "$#" -eq 0 ]; then + echo "Need no arguments" + false + fi + read_pw + cat "${config_file}" | while read line; do + first_char=$(echo "${line}" | cut -c1) + if [ "${first_char}" = "#" ]; then + continue + fi + repo="${line}:${standard_repo}" + echo "Checking repo: ${repo}" + borg check --verbose "${repo}" + done +elif [ "${first_arg}" = "export_keyfiles" ]; then + if [ ! "$#" -eq 1 ]; then + echo "Need output tar file name." + false + fi + tar_target="${1}" + tmp_dir="${HOME}/.borgtmp" + keyfiles_dir="${tmp_dir}/borg_keyfiles" + mkdir -p "${keyfiles_dir}" + cat "${config_file}" | while read line; do + first_char=$(echo "${line}" | cut -c1) + if [ "${first_char}" = "#" ]; then + continue + fi + repo="${line}:${standard_repo}" + borg key export "${repo}" "${keyfiles_dir}/${line}" + done + cur_dir="$(pwd)" + cd "${tmp_dir}" + target=$(basename "${keyfiles_dir}") + tar cf "${tar_target}" "${target}" + mv "${tar_target}" "${cur_dir}" + cd + rm -rf "${tmp_dir}" +elif [ "${first_arg}" = "orgpush" ]; then + archive_name="orgdir" + to_backup=~/org + read_pw + cat "${config_file}" | while read line; do + first_char=$(echo "${line}" | cut -c1) + if [ "${first_char}" = "#" ]; then + continue + fi + repo="${line}:${standard_repo}" + archive="${repo}::${archive_name}-{utcnow:%Y-%m-%dT%H:%M}" + echo "Creating archive: ${archive}" + borg create --verbose --list "${archive}" "${to_backup}" --exclude ~/org/.git + done +elif [ "${first_arg}" = "orgpull" ]; then + echo "Doing ORGPULL, potentially overwriting important data. Hit Return to continue, last chance to abort!" + read _ + archive_name="orgdir" + read_pw + cd / + cat "${config_file}" | while read line; do + first_char=$(echo "${line}" | cut -c1) + if [ "${first_char}" = "#" ]; then + continue + fi + repo="${line}:${standard_repo}" + archive=$(borg list "${repo}" | grep "${orgdir}" | tail -1 | cut -f1 -d' ') + echo "Pulling archive: ${archive}" + borg extract --verbose "${repo}::${archive}" + break + done +else + usage +fi diff --git a/archived/bullseye/etc_files/all/etc/apt/apt.conf.d/99_minimize_dependencies b/archived/bullseye/etc_files/all/etc/apt/apt.conf.d/99_minimize_dependencies new file mode 100644 index 0000000..4aaef79 --- /dev/null +++ b/archived/bullseye/etc_files/all/etc/apt/apt.conf.d/99_minimize_dependencies @@ -0,0 +1,4 @@ +APT::AutoRemove::RecommendsImportant "false"; +APT::AutoRemove::SuggestsImportant "false"; +APT::Install-Recommends "false"; +APT::Install-Suggests "false"; diff --git a/archived/bullseye/etc_files/all/etc/apt/sources.list b/archived/bullseye/etc_files/all/etc/apt/sources.list new file mode 100644 index 0000000..55b1418 --- /dev/null +++ b/archived/bullseye/etc_files/all/etc/apt/sources.list @@ -0,0 +1,4 @@ +deb http://deb.debian.org/debian bullseye main contrib non-free +deb http://security.debian.org/debian-security bullseye-security main contrib non-free +deb http://deb.debian.org/debian bullseye-updates main contrib non-free +deb http://ftp.debian.org/debian bullseye-backports main contrib non-free diff --git a/archived/bullseye/etc_files/all/etc/default/locale b/archived/bullseye/etc_files/all/etc/default/locale new file mode 100644 index 0000000..dd6eee3 --- /dev/null +++ b/archived/bullseye/etc_files/all/etc/default/locale @@ -0,0 +1 @@ +LANG="en_US.UTF-8" diff --git a/archived/bullseye/etc_files/all/etc/locale.gen b/archived/bullseye/etc_files/all/etc/locale.gen new file mode 100644 index 0000000..a28cfa4 --- /dev/null +++ b/archived/bullseye/etc_files/all/etc/locale.gen @@ -0,0 +1,483 @@ +# This file lists locales that you wish to have built. You can find a list +# of valid supported locales at /usr/share/i18n/SUPPORTED, and you can add +# user defined locales to /usr/local/share/i18n/SUPPORTED. If you change +# this file, you need to rerun locale-gen. + + +# aa_DJ ISO-8859-1 +# aa_DJ.UTF-8 UTF-8 +# aa_ER UTF-8 +# aa_ER@saaho UTF-8 +# aa_ET UTF-8 +# af_ZA ISO-8859-1 +# af_ZA.UTF-8 UTF-8 +# ak_GH UTF-8 +# am_ET UTF-8 +# an_ES ISO-8859-15 +# an_ES.UTF-8 UTF-8 +# anp_IN UTF-8 +# ar_AE ISO-8859-6 +# ar_AE.UTF-8 UTF-8 +# ar_BH ISO-8859-6 +# ar_BH.UTF-8 UTF-8 +# ar_DZ ISO-8859-6 +# ar_DZ.UTF-8 UTF-8 +# ar_EG ISO-8859-6 +# ar_EG.UTF-8 UTF-8 +# ar_IN UTF-8 +# ar_IQ ISO-8859-6 +# ar_IQ.UTF-8 UTF-8 +# ar_JO ISO-8859-6 +# ar_JO.UTF-8 UTF-8 +# ar_KW ISO-8859-6 +# ar_KW.UTF-8 UTF-8 +# ar_LB ISO-8859-6 +# ar_LB.UTF-8 UTF-8 +# ar_LY ISO-8859-6 +# ar_LY.UTF-8 UTF-8 +# ar_MA ISO-8859-6 +# ar_MA.UTF-8 UTF-8 +# ar_OM ISO-8859-6 +# ar_OM.UTF-8 UTF-8 +# ar_QA ISO-8859-6 +# ar_QA.UTF-8 UTF-8 +# ar_SA ISO-8859-6 +# ar_SA.UTF-8 UTF-8 +# ar_SD ISO-8859-6 +# ar_SD.UTF-8 UTF-8 +# ar_SS UTF-8 +# ar_SY ISO-8859-6 +# ar_SY.UTF-8 UTF-8 +# ar_TN ISO-8859-6 +# ar_TN.UTF-8 UTF-8 +# ar_YE ISO-8859-6 +# ar_YE.UTF-8 UTF-8 +# as_IN UTF-8 +# ast_ES ISO-8859-15 +# ast_ES.UTF-8 UTF-8 +# ayc_PE UTF-8 +# az_AZ UTF-8 +# be_BY CP1251 +# be_BY.UTF-8 UTF-8 +# be_BY@latin UTF-8 +# bem_ZM UTF-8 +# ber_DZ UTF-8 +# ber_MA UTF-8 +# bg_BG CP1251 +# bg_BG.UTF-8 UTF-8 +# bhb_IN.UTF-8 UTF-8 +# bho_IN UTF-8 +# bn_BD UTF-8 +# bn_IN UTF-8 +# bo_CN UTF-8 +# bo_IN UTF-8 +# br_FR ISO-8859-1 +# br_FR.UTF-8 UTF-8 +# br_FR@euro ISO-8859-15 +# brx_IN UTF-8 +# bs_BA ISO-8859-2 +# bs_BA.UTF-8 UTF-8 +# byn_ER UTF-8 +# ca_AD ISO-8859-15 +# ca_AD.UTF-8 UTF-8 +# ca_ES ISO-8859-1 +# ca_ES.UTF-8 UTF-8 +# ca_ES.UTF-8@valencia UTF-8 +# ca_ES@euro ISO-8859-15 +# ca_ES@valencia ISO-8859-15 +# ca_FR ISO-8859-15 +# ca_FR.UTF-8 UTF-8 +# ca_IT ISO-8859-15 +# ca_IT.UTF-8 UTF-8 +# ce_RU UTF-8 +# chr_US UTF-8 +# cmn_TW UTF-8 +# crh_UA UTF-8 +# cs_CZ ISO-8859-2 +# cs_CZ.UTF-8 UTF-8 +# csb_PL UTF-8 +# cv_RU UTF-8 +# cy_GB ISO-8859-14 +# cy_GB.UTF-8 UTF-8 +# da_DK ISO-8859-1 +# da_DK.UTF-8 UTF-8 +# de_AT ISO-8859-1 +# de_AT.UTF-8 UTF-8 +# de_AT@euro ISO-8859-15 +# de_BE ISO-8859-1 +# de_BE.UTF-8 UTF-8 +# de_BE@euro ISO-8859-15 +# de_CH ISO-8859-1 +# de_CH.UTF-8 UTF-8 +# de_DE ISO-8859-1 +# de_DE.UTF-8 UTF-8 +# de_DE@euro ISO-8859-15 +# de_IT ISO-8859-1 +# de_IT.UTF-8 UTF-8 +# de_LI.UTF-8 UTF-8 +# de_LU ISO-8859-1 +# de_LU.UTF-8 UTF-8 +# de_LU@euro ISO-8859-15 +# doi_IN UTF-8 +# dv_MV UTF-8 +# dz_BT UTF-8 +# el_CY ISO-8859-7 +# el_CY.UTF-8 UTF-8 +# el_GR ISO-8859-7 +# el_GR.UTF-8 UTF-8 +# en_AG UTF-8 +# en_AU ISO-8859-1 +# en_AU.UTF-8 UTF-8 +# en_BW ISO-8859-1 +# en_BW.UTF-8 UTF-8 +# en_CA ISO-8859-1 +# en_CA.UTF-8 UTF-8 +# en_DK ISO-8859-1 +# en_DK.ISO-8859-15 ISO-8859-15 +# en_DK.UTF-8 UTF-8 +# en_GB ISO-8859-1 +# en_GB.ISO-8859-15 ISO-8859-15 +# en_GB.UTF-8 UTF-8 +# en_HK ISO-8859-1 +# en_HK.UTF-8 UTF-8 +# en_IE ISO-8859-1 +# en_IE.UTF-8 UTF-8 +# en_IE@euro ISO-8859-15 +# en_IL UTF-8 +# en_IN UTF-8 +# en_NG UTF-8 +# en_NZ ISO-8859-1 +# en_NZ.UTF-8 UTF-8 +# en_PH ISO-8859-1 +# en_PH.UTF-8 UTF-8 +# en_SG ISO-8859-1 +# en_SG.UTF-8 UTF-8 +# en_US ISO-8859-1 +# en_US.ISO-8859-15 ISO-8859-15 +en_US.UTF-8 UTF-8 +# en_ZA ISO-8859-1 +# en_ZA.UTF-8 UTF-8 +# en_ZM UTF-8 +# en_ZW ISO-8859-1 +# en_ZW.UTF-8 UTF-8 +# eo UTF-8 +# es_AR ISO-8859-1 +# es_AR.UTF-8 UTF-8 +# es_BO ISO-8859-1 +# es_BO.UTF-8 UTF-8 +# es_CL ISO-8859-1 +# es_CL.UTF-8 UTF-8 +# es_CO ISO-8859-1 +# es_CO.UTF-8 UTF-8 +# es_CR ISO-8859-1 +# es_CR.UTF-8 UTF-8 +# es_CU UTF-8 +# es_DO ISO-8859-1 +# es_DO.UTF-8 UTF-8 +# es_EC ISO-8859-1 +# es_EC.UTF-8 UTF-8 +# es_ES ISO-8859-1 +# es_ES.UTF-8 UTF-8 +# es_ES@euro ISO-8859-15 +# es_GT ISO-8859-1 +# es_GT.UTF-8 UTF-8 +# es_HN ISO-8859-1 +# es_HN.UTF-8 UTF-8 +# es_MX ISO-8859-1 +# es_MX.UTF-8 UTF-8 +# es_NI ISO-8859-1 +# es_NI.UTF-8 UTF-8 +# es_PA ISO-8859-1 +# es_PA.UTF-8 UTF-8 +# es_PE ISO-8859-1 +# es_PE.UTF-8 UTF-8 +# es_PR ISO-8859-1 +# es_PR.UTF-8 UTF-8 +# es_PY ISO-8859-1 +# es_PY.UTF-8 UTF-8 +# es_SV ISO-8859-1 +# es_SV.UTF-8 UTF-8 +# es_US ISO-8859-1 +# es_US.UTF-8 UTF-8 +# es_UY ISO-8859-1 +# es_UY.UTF-8 UTF-8 +# es_VE ISO-8859-1 +# es_VE.UTF-8 UTF-8 +# et_EE ISO-8859-1 +# et_EE.ISO-8859-15 ISO-8859-15 +# et_EE.UTF-8 UTF-8 +# eu_ES ISO-8859-1 +# eu_ES.UTF-8 UTF-8 +# eu_ES@euro ISO-8859-15 +# eu_FR ISO-8859-1 +# eu_FR.UTF-8 UTF-8 +# eu_FR@euro ISO-8859-15 +# fa_IR UTF-8 +# ff_SN UTF-8 +# fi_FI ISO-8859-1 +# fi_FI.UTF-8 UTF-8 +# fi_FI@euro ISO-8859-15 +# fil_PH UTF-8 +# fo_FO ISO-8859-1 +# fo_FO.UTF-8 UTF-8 +# fr_BE ISO-8859-1 +# fr_BE.UTF-8 UTF-8 +# fr_BE@euro ISO-8859-15 +# fr_CA ISO-8859-1 +# fr_CA.UTF-8 UTF-8 +# fr_CH ISO-8859-1 +# fr_CH.UTF-8 UTF-8 +# fr_FR ISO-8859-1 +# fr_FR.UTF-8 UTF-8 +# fr_FR@euro ISO-8859-15 +# fr_LU ISO-8859-1 +# fr_LU.UTF-8 UTF-8 +# fr_LU@euro ISO-8859-15 +# fur_IT UTF-8 +# fy_DE UTF-8 +# fy_NL UTF-8 +# ga_IE ISO-8859-1 +# ga_IE.UTF-8 UTF-8 +# ga_IE@euro ISO-8859-15 +# gd_GB ISO-8859-15 +# gd_GB.UTF-8 UTF-8 +# gez_ER UTF-8 +# gez_ER@abegede UTF-8 +# gez_ET UTF-8 +# gez_ET@abegede UTF-8 +# gl_ES ISO-8859-1 +# gl_ES.UTF-8 UTF-8 +# gl_ES@euro ISO-8859-15 +# gu_IN UTF-8 +# gv_GB ISO-8859-1 +# gv_GB.UTF-8 UTF-8 +# ha_NG UTF-8 +# hak_TW UTF-8 +# he_IL ISO-8859-8 +# he_IL.UTF-8 UTF-8 +# hi_IN UTF-8 +# hne_IN UTF-8 +# hr_HR ISO-8859-2 +# hr_HR.UTF-8 UTF-8 +# hsb_DE ISO-8859-2 +# hsb_DE.UTF-8 UTF-8 +# ht_HT UTF-8 +# hu_HU ISO-8859-2 +# hu_HU.UTF-8 UTF-8 +# hy_AM UTF-8 +# hy_AM.ARMSCII-8 ARMSCII-8 +# ia_FR UTF-8 +# id_ID ISO-8859-1 +# id_ID.UTF-8 UTF-8 +# ig_NG UTF-8 +# ik_CA UTF-8 +# is_IS ISO-8859-1 +# is_IS.UTF-8 UTF-8 +# it_CH ISO-8859-1 +# it_CH.UTF-8 UTF-8 +# it_IT ISO-8859-1 +# it_IT.UTF-8 UTF-8 +# it_IT@euro ISO-8859-15 +# iu_CA UTF-8 +# ja_JP.EUC-JP EUC-JP +# ja_JP.UTF-8 UTF-8 +# ka_GE GEORGIAN-PS +# ka_GE.UTF-8 UTF-8 +# kk_KZ PT154 +# kk_KZ.RK1048 RK1048 +# kk_KZ.UTF-8 UTF-8 +# kl_GL ISO-8859-1 +# kl_GL.UTF-8 UTF-8 +# km_KH UTF-8 +# kn_IN UTF-8 +# ko_KR.EUC-KR EUC-KR +# ko_KR.UTF-8 UTF-8 +# kok_IN UTF-8 +# ks_IN UTF-8 +# ks_IN@devanagari UTF-8 +# ku_TR ISO-8859-9 +# ku_TR.UTF-8 UTF-8 +# kw_GB ISO-8859-1 +# kw_GB.UTF-8 UTF-8 +# ky_KG UTF-8 +# lb_LU UTF-8 +# lg_UG ISO-8859-10 +# lg_UG.UTF-8 UTF-8 +# li_BE UTF-8 +# li_NL UTF-8 +# lij_IT UTF-8 +# ln_CD UTF-8 +# lo_LA UTF-8 +# lt_LT ISO-8859-13 +# lt_LT.UTF-8 UTF-8 +# lv_LV ISO-8859-13 +# lv_LV.UTF-8 UTF-8 +# lzh_TW UTF-8 +# mag_IN UTF-8 +# mai_IN UTF-8 +# mg_MG ISO-8859-15 +# mg_MG.UTF-8 UTF-8 +# mhr_RU UTF-8 +# mi_NZ ISO-8859-13 +# mi_NZ.UTF-8 UTF-8 +# mk_MK ISO-8859-5 +# mk_MK.UTF-8 UTF-8 +# ml_IN UTF-8 +# mn_MN UTF-8 +# mni_IN UTF-8 +# mr_IN UTF-8 +# ms_MY ISO-8859-1 +# ms_MY.UTF-8 UTF-8 +# mt_MT ISO-8859-3 +# mt_MT.UTF-8 UTF-8 +# my_MM UTF-8 +# nan_TW UTF-8 +# nan_TW@latin UTF-8 +# nb_NO ISO-8859-1 +# nb_NO.UTF-8 UTF-8 +# nds_DE UTF-8 +# nds_NL UTF-8 +# ne_NP UTF-8 +# nhn_MX UTF-8 +# niu_NU UTF-8 +# niu_NZ UTF-8 +# nl_AW UTF-8 +# nl_BE ISO-8859-1 +# nl_BE.UTF-8 UTF-8 +# nl_BE@euro ISO-8859-15 +# nl_NL ISO-8859-1 +# nl_NL.UTF-8 UTF-8 +# nl_NL@euro ISO-8859-15 +# nn_NO ISO-8859-1 +# nn_NO.UTF-8 UTF-8 +# nr_ZA UTF-8 +# nso_ZA UTF-8 +# oc_FR ISO-8859-1 +# oc_FR.UTF-8 UTF-8 +# om_ET UTF-8 +# om_KE ISO-8859-1 +# om_KE.UTF-8 UTF-8 +# or_IN UTF-8 +# os_RU UTF-8 +# pa_IN UTF-8 +# pa_PK UTF-8 +# pap_AW UTF-8 +# pap_CW UTF-8 +# pl_PL ISO-8859-2 +# pl_PL.UTF-8 UTF-8 +# ps_AF UTF-8 +# pt_BR ISO-8859-1 +# pt_BR.UTF-8 UTF-8 +# pt_PT ISO-8859-1 +# pt_PT.UTF-8 UTF-8 +# pt_PT@euro ISO-8859-15 +# quz_PE UTF-8 +# raj_IN UTF-8 +# ro_RO ISO-8859-2 +# ro_RO.UTF-8 UTF-8 +# ru_RU ISO-8859-5 +# ru_RU.CP1251 CP1251 +# ru_RU.KOI8-R KOI8-R +# ru_RU.UTF-8 UTF-8 +# ru_UA KOI8-U +# ru_UA.UTF-8 UTF-8 +# rw_RW UTF-8 +# sa_IN UTF-8 +# sat_IN UTF-8 +# sc_IT UTF-8 +# sd_IN UTF-8 +# sd_IN@devanagari UTF-8 +# se_NO UTF-8 +# sgs_LT UTF-8 +# shs_CA UTF-8 +# si_LK UTF-8 +# sid_ET UTF-8 +# sk_SK ISO-8859-2 +# sk_SK.UTF-8 UTF-8 +# sl_SI ISO-8859-2 +# sl_SI.UTF-8 UTF-8 +# so_DJ ISO-8859-1 +# so_DJ.UTF-8 UTF-8 +# so_ET UTF-8 +# so_KE ISO-8859-1 +# so_KE.UTF-8 UTF-8 +# so_SO ISO-8859-1 +# so_SO.UTF-8 UTF-8 +# sq_AL ISO-8859-1 +# sq_AL.UTF-8 UTF-8 +# sq_MK UTF-8 +# sr_ME UTF-8 +# sr_RS UTF-8 +# sr_RS@latin UTF-8 +# ss_ZA UTF-8 +# st_ZA ISO-8859-1 +# st_ZA.UTF-8 UTF-8 +# sv_FI ISO-8859-1 +# sv_FI.UTF-8 UTF-8 +# sv_FI@euro ISO-8859-15 +# sv_SE ISO-8859-1 +# sv_SE.ISO-8859-15 ISO-8859-15 +# sv_SE.UTF-8 UTF-8 +# sw_KE UTF-8 +# sw_TZ UTF-8 +# szl_PL UTF-8 +# ta_IN UTF-8 +# ta_LK UTF-8 +# tcy_IN.UTF-8 UTF-8 +# te_IN UTF-8 +# tg_TJ KOI8-T +# tg_TJ.UTF-8 UTF-8 +# th_TH TIS-620 +# th_TH.UTF-8 UTF-8 +# the_NP UTF-8 +# ti_ER UTF-8 +# ti_ET UTF-8 +# tig_ER UTF-8 +# tk_TM UTF-8 +# tl_PH ISO-8859-1 +# tl_PH.UTF-8 UTF-8 +# tn_ZA UTF-8 +# tr_CY ISO-8859-9 +# tr_CY.UTF-8 UTF-8 +# tr_TR ISO-8859-9 +# tr_TR.UTF-8 UTF-8 +# ts_ZA UTF-8 +# tt_RU UTF-8 +# tt_RU@iqtelif UTF-8 +# ug_CN UTF-8 +# uk_UA KOI8-U +# uk_UA.UTF-8 UTF-8 +# unm_US UTF-8 +# ur_IN UTF-8 +# ur_PK UTF-8 +# uz_UZ ISO-8859-1 +# uz_UZ.UTF-8 UTF-8 +# uz_UZ@cyrillic UTF-8 +# ve_ZA UTF-8 +# vi_VN UTF-8 +# wa_BE ISO-8859-1 +# wa_BE.UTF-8 UTF-8 +# wa_BE@euro ISO-8859-15 +# wae_CH UTF-8 +# wal_ET UTF-8 +# wo_SN UTF-8 +# xh_ZA ISO-8859-1 +# xh_ZA.UTF-8 UTF-8 +# yi_US CP1255 +# yi_US.UTF-8 UTF-8 +# yo_NG UTF-8 +# yue_HK UTF-8 +# zh_CN GB2312 +# zh_CN.GB18030 GB18030 +# zh_CN.GBK GBK +# zh_CN.UTF-8 UTF-8 +# zh_HK BIG5-HKSCS +# zh_HK.UTF-8 UTF-8 +# zh_SG GB2312 +# zh_SG.GBK GBK +# zh_SG.UTF-8 UTF-8 +# zh_TW BIG5 +# zh_TW.EUC-TW EUC-TW +# zh_TW.UTF-8 UTF-8 +# zu_ZA ISO-8859-1 +# zu_ZA.UTF-8 UTF-8 diff --git a/archived/bullseye/etc_files/all/etc/timezone b/archived/bullseye/etc_files/all/etc/timezone new file mode 100644 index 0000000..94d5acc --- /dev/null +++ b/archived/bullseye/etc_files/all/etc/timezone @@ -0,0 +1 @@ +Europe/Berlin diff --git a/archived/bullseye/etc_files/daily_reboot/etc/systemd/system/reboot.service b/archived/bullseye/etc_files/daily_reboot/etc/systemd/system/reboot.service new file mode 100644 index 0000000..6566a1a --- /dev/null +++ b/archived/bullseye/etc_files/daily_reboot/etc/systemd/system/reboot.service @@ -0,0 +1,6 @@ +[Unit] +Description=Scheduled Reboot + +[Service] +Type=simple +ExecStart=/usr/bin/systemctl --force reboot diff --git a/archived/bullseye/etc_files/daily_reboot/etc/systemd/system/reboot.timer b/archived/bullseye/etc_files/daily_reboot/etc/systemd/system/reboot.timer new file mode 100644 index 0000000..741ff05 --- /dev/null +++ b/archived/bullseye/etc_files/daily_reboot/etc/systemd/system/reboot.timer @@ -0,0 +1,9 @@ +[Unit] +Description=schedule reboot + +[Timer] +Unit=reboot.service +OnCalendar=*-*-* 7:00:00 + +[Install] +WantedBy=timers.target diff --git a/archived/bullseye/etc_files/dumpsite/etc/nginx/sites-available/dumpsite.nginx b/archived/bullseye/etc_files/dumpsite/etc/nginx/sites-available/dumpsite.nginx new file mode 100644 index 0000000..9b57587 --- /dev/null +++ b/archived/bullseye/etc_files/dumpsite/etc/nginx/sites-available/dumpsite.nginx @@ -0,0 +1,29 @@ +server { + listen 443 ssl; + server_name REPLACE_fqdn_ECALPER; + ssl_certificate /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/privkey.pem; + root /var/www-dump/; + + location /dump/ { + autoindex on; + # add_header "Access-Control-Allow-Origin" *; + } + + location /geheim/ { + auth_basic "geheim geheim"; + auth_basic_user_file /var/www-dump/password_geheim; + autoindex on; + } + + location /zettel/ { + # rewrite non-suffixed filenames to .html ones + rewrite ^(/zettel/(.*/)*[^./]+)$ $1.html; + autoindex on; + } + + location /uwsgi/ { + include uwsgi_params; + uwsgi_pass 127.0.0.1:3031; + } +} diff --git a/archived/bullseye/etc_files/dumpsite/etc/systemd/system/url_catcher.service b/archived/bullseye/etc_files/dumpsite/etc/systemd/system/url_catcher.service new file mode 100644 index 0000000..45d079c --- /dev/null +++ b/archived/bullseye/etc_files/dumpsite/etc/systemd/system/url_catcher.service @@ -0,0 +1,12 @@ +[Unit] +Description=url_catcher screen + +[Service] +Type=forking +User=plom +# The LC_ALL fixes submission failing on some articles. +ExecStart=/bin/sh -c 'LC_ALL=en_US.UTF8 cd ~/url-catcher && screen -d -m ./run.sh' +Restart=always + +[Install] +WantedBy=multi-user.target diff --git a/archived/bullseye/etc_files/microblogpub/etc/apt/sources.list b/archived/bullseye/etc_files/microblogpub/etc/apt/sources.list new file mode 100644 index 0000000..1e7fd2e --- /dev/null +++ b/archived/bullseye/etc_files/microblogpub/etc/apt/sources.list @@ -0,0 +1,5 @@ +deb http://deb.debian.org/debian bullseye main contrib non-free +deb-src http://deb.debian.org/debian bullseye main contrib non-free +deb http://security.debian.org/debian-security bullseye-security main contrib non-free +deb http://deb.debian.org/debian bullseye-updates main contrib non-free +deb http://ftp.debian.org/debian bullseye-backports main contrib non-free diff --git a/archived/bullseye/etc_files/microblogpub/etc/nginx/sites-available/microblogpub.nginx b/archived/bullseye/etc_files/microblogpub/etc/nginx/sites-available/microblogpub.nginx new file mode 100644 index 0000000..6dfe4f1 --- /dev/null +++ b/archived/bullseye/etc_files/microblogpub/etc/nginx/sites-available/microblogpub.nginx @@ -0,0 +1,60 @@ +server { + listen 443 ssl; + client_max_body_size 4G; + server_name REPLACE_fqdn_ECALPER; + ssl_certificate /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/privkey.pem; + + # via + # and https://docs.microblog.pub/installing.html#nginx-config-tips + gzip on; + gzip_disable "msie6"; + gzip_vary on; + gzip_proxied any; + gzip_comp_level 6; + gzip_buffers 16 8k; + gzip_http_version 1.1; + gzip_min_length 256; + gzip_types + application/atom+xml + application/geo+json + application/javascript + application/x-javascript + application/json + application/ld+json + application/manifest+json + application/rdf+xml + application/rss+xml + application/xhtml+xml + application/xml + font/eot + font/otf + font/ttf + image/svg+xml + text/css + text/javascript + text/plain + text/xml + + text/html + + application/javascript + application/activity+json + application/octet-stream; + + location / { + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + proxy_redirect off; + proxy_buffering off; + proxy_pass http://localhost:8000; + } +} + +map $http_upgrade $connection_upgrade { + default upgrade; + '' close; +} diff --git a/archived/bullseye/etc_files/microblogpub/etc/systemd/system/microblogpub.service b/archived/bullseye/etc_files/microblogpub/etc/systemd/system/microblogpub.service new file mode 100644 index 0000000..966e58c --- /dev/null +++ b/archived/bullseye/etc_files/microblogpub/etc/systemd/system/microblogpub.service @@ -0,0 +1,13 @@ +[Unit] +Description=microblog.pub + +[Service] +Type=simple +User=plom +WorkingDirectory=/home/plom/testing.microblog.pub/ +ExecStart=/bin/sh -c '/home/plom/.local/bin/poetry run supervisord -c misc/supervisord.conf -n' +Environment=VENV_DIR=/home/plom/.cache/pypoetry/virtualenvs/REPLACE_venv_dir_ECALPER +Restart=always + +[Install] +WantedBy=multi-user.target diff --git a/archived/bullseye/etc_files/microblogpub/etc/systemd/system/microblogpub_prune.service b/archived/bullseye/etc_files/microblogpub/etc/systemd/system/microblogpub_prune.service new file mode 100644 index 0000000..9004cc5 --- /dev/null +++ b/archived/bullseye/etc_files/microblogpub/etc/systemd/system/microblogpub_prune.service @@ -0,0 +1,9 @@ +[Unit] +Description=microblog.pub pruning + +[Service] +Type=simple +ExecStart=/bin/sh -c '.prune.sh' + +[Install] +WantedBy=multi-user.target diff --git a/archived/bullseye/etc_files/microblogpub/etc/systemd/system/microblogpub_prune.timer b/archived/bullseye/etc_files/microblogpub/etc/systemd/system/microblogpub_prune.timer new file mode 100644 index 0000000..918a0c1 --- /dev/null +++ b/archived/bullseye/etc_files/microblogpub/etc/systemd/system/microblogpub_prune.timer @@ -0,0 +1,9 @@ +[Unit] +Description=schedule microblog.pub pruning + +[Timer] +Unit=microblogpub_prune.service +OnCalendar=*-*-* 7:00:00 + +[Install] +WantedBy=timers.target diff --git a/archived/bullseye/etc_files/play/etc/systemd/system/encrypt_chatlogs.service b/archived/bullseye/etc_files/play/etc/systemd/system/encrypt_chatlogs.service new file mode 100644 index 0000000..bc81613 --- /dev/null +++ b/archived/bullseye/etc_files/play/etc/systemd/system/encrypt_chatlogs.service @@ -0,0 +1,6 @@ +[Unit] +Description=Attempt encryption of old chat logs +[Service] +Type=oneshot +User=plom +ExecStart=/bin/sh -c '~/weechatlogs_encrypter.sh' diff --git a/archived/bullseye/etc_files/play/etc/systemd/system/encrypt_chatlogs.timer b/archived/bullseye/etc_files/play/etc/systemd/system/encrypt_chatlogs.timer new file mode 100644 index 0000000..79a6e1e --- /dev/null +++ b/archived/bullseye/etc_files/play/etc/systemd/system/encrypt_chatlogs.timer @@ -0,0 +1,8 @@ +[Unit] +Description=Attempt encryption of old chatlogs once every minute. + +[Timer] +OnCalendar=*-*-* *:*:00 + +[Install] +WantedBy=timers.target \ No newline at end of file diff --git a/archived/bullseye/etc_files/server/etc/ssh/sshd_config b/archived/bullseye/etc_files/server/etc/ssh/sshd_config new file mode 100644 index 0000000..811e93a --- /dev/null +++ b/archived/bullseye/etc_files/server/etc/ssh/sshd_config @@ -0,0 +1,124 @@ +# $OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $ + +# This is the sshd server system-wide configuration file. See +# sshd_config(5) for more information. + +# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin + +# The strategy used for options in the default sshd_config shipped with +# OpenSSH is to specify options with their default value where +# possible, but leave them commented. Uncommented options override the +# default value. + +Include /etc/ssh/sshd_config.d/*.conf + +#Port 22 +#AddressFamily any +#ListenAddress 0.0.0.0 +#ListenAddress :: + +#HostKey /etc/ssh/ssh_host_rsa_key +#HostKey /etc/ssh/ssh_host_ecdsa_key +#HostKey /etc/ssh/ssh_host_ed25519_key + +# Ciphers and keying +#RekeyLimit default none + +# Logging +#SyslogFacility AUTH +#LogLevel INFO + +# Authentication: + +#LoginGraceTime 2m +PermitRootLogin no # plomlompom's security rule +#StrictModes yes +#MaxAuthTries 6 +#MaxSessions 10 + +#PubkeyAuthentication yes + +# Expect .ssh/authorized_keys2 to be disregarded by default in future. +#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2 + +#AuthorizedPrincipalsFile none + +#AuthorizedKeysCommand none +#AuthorizedKeysCommandUser nobody + +# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts +#HostbasedAuthentication no +# Change to yes if you don't trust ~/.ssh/known_hosts for +# HostbasedAuthentication +#IgnoreUserKnownHosts no +# Don't read the user's ~/.rhosts and ~/.shosts files +#IgnoreRhosts yes + +# To disable tunneled clear text passwords, change to no here! +PasswordAuthentication no +#PermitEmptyPasswords no + +# Change to yes to enable challenge-response passwords (beware issues with +# some PAM modules and threads) +ChallengeResponseAuthentication no + +# Kerberos options +#KerberosAuthentication no +#KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes +#KerberosGetAFSToken no + +# GSSAPI options +#GSSAPIAuthentication no +#GSSAPICleanupCredentials yes +#GSSAPIStrictAcceptorCheck yes +#GSSAPIKeyExchange no + +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will +# be allowed through the ChallengeResponseAuthentication and +# PasswordAuthentication. Depending on your PAM configuration, +# PAM authentication via ChallengeResponseAuthentication may bypass +# the setting of "PermitRootLogin without-password". +# If you just want the PAM account and session checks to run without +# PAM authentication, then enable this but set PasswordAuthentication +# and ChallengeResponseAuthentication to 'no'. +UsePAM yes + +#AllowAgentForwarding yes +#AllowTcpForwarding yes +#GatewayPorts no +X11Forwarding yes +#X11DisplayOffset 10 +#X11UseLocalhost yes +#PermitTTY yes +PrintMotd no +#PrintLastLog yes +#TCPKeepAlive yes +#PermitUserEnvironment no +#Compression delayed +#ClientAliveInterval 0 +#ClientAliveCountMax 3 +#UseDNS no +#PidFile /var/run/sshd.pid +#MaxStartups 10:30:100 +#PermitTunnel no +#ChrootDirectory none +#VersionAddendum none + +# no default banner path +#Banner none + +# Allow client to pass locale environment variables +AcceptEnv LANG LC_* + +# override default of no subsystems +Subsystem sftp /usr/lib/openssh/sftp-server + +# Example of overriding settings on a per-user basis +#Match User anoncvs +# X11Forwarding no +# AllowTcpForwarding no +# PermitTTY no +# ForceCommand cvs server +ClientAliveInterval 15 diff --git a/archived/bullseye/etc_files/thinkpad/etc/default/tlp b/archived/bullseye/etc_files/thinkpad/etc/default/tlp new file mode 100644 index 0000000..b73846b --- /dev/null +++ b/archived/bullseye/etc_files/thinkpad/etc/default/tlp @@ -0,0 +1,306 @@ +# ------------------------------------------------------------------------------ +# tlp - Parameters for power saving +# See full explanation: http://linrunner.de/en/tlp/docs/tlp-configuration.html + +# Hint: some features are disabled by default, remove the leading # to enable +# them. + +# Set to 0 to disable, 1 to enable TLP. +TLP_ENABLE=1 + +# Operation mode when no power supply can be detected: AC, BAT. +# Concerns some desktop and embedded hardware only. +TLP_DEFAULT_MODE=AC + +# Operation mode select: 0=depend on power source, 1=always use TLP_DEFAULT_MODE +# Hint: use in conjunction with TLP_DEFAULT_MODE=BAT for BAT settings on AC. +TLP_PERSISTENT_DEFAULT=0 + +# Seconds laptop mode has to wait after the disk goes idle before doing a sync. +# Non-zero value enables, zero disables laptop mode. +DISK_IDLE_SECS_ON_AC=0 +DISK_IDLE_SECS_ON_BAT=2 + +# Dirty page values (timeouts in secs). +MAX_LOST_WORK_SECS_ON_AC=15 +MAX_LOST_WORK_SECS_ON_BAT=60 + +# Hint: CPU parameters below are disabled by default, remove the leading # +# to enable them, otherwise kernel default values are used. + +# Select a CPU frequency scaling governor. +# Intel Core i processor with intel_pstate driver: +# powersave(*), performance. +# Older hardware with acpi-cpufreq driver: +# ondemand(*), powersave, performance, conservative, schedutil. +# (*) is recommended. +# Hint: use tlp-stat -p to show the active driver and available governors. +# Important: +# powersave for intel_pstate and ondemand for acpi-cpufreq are power +# efficient for *almost all* workloads and therefore kernel and most +# distributions have chosen them as defaults. If you still want to change, +# you should know what you're doing! You *must* disable your distribution's +# governor settings or conflicts will occur. +#CPU_SCALING_GOVERNOR_ON_AC=powersave +#CPU_SCALING_GOVERNOR_ON_BAT=powersave + +# Set the min/max frequency available for the scaling governor. +# Possible values strongly depend on your CPU. For available frequencies see +# the output of tlp-stat -p. +#CPU_SCALING_MIN_FREQ_ON_AC=0 +#CPU_SCALING_MAX_FREQ_ON_AC=0 +#CPU_SCALING_MIN_FREQ_ON_BAT=0 +#CPU_SCALING_MAX_FREQ_ON_BAT=0 + +# Set energy performance hints (HWP) for Intel P-state governor: +# performance, balance_performance, default, balance_power, power +# Values are given in order of increasing power saving. +# Note: Intel Skylake or newer CPU and Kernel >= 4.10 required. +CPU_HWP_ON_AC=balance_performance +CPU_HWP_ON_BAT=balance_power + +# Set Intel P-state performance: 0..100 (%). +# Limit the max/min P-state to control the power dissipation of the CPU. +# Values are stated as a percentage of the available performance. +# Requires an Intel Core i processor with intel_pstate driver. +#CPU_MIN_PERF_ON_AC=0 +#CPU_MAX_PERF_ON_AC=100 +#CPU_MIN_PERF_ON_BAT=0 +#CPU_MAX_PERF_ON_BAT=30 + +# Set the CPU "turbo boost" feature: 0=disable, 1=allow +# Requires an Intel Core i processor. +# Important: +# - This may conflict with your distribution's governor settings +# - A value of 1 does *not* activate boosting, it just allows it +#CPU_BOOST_ON_AC=1 +#CPU_BOOST_ON_BAT=0 + +# Minimize number of used CPU cores/hyper-threads under light load conditions: +# 0=disable, 1=enable. +SCHED_POWERSAVE_ON_AC=0 +SCHED_POWERSAVE_ON_BAT=1 + +# Kernel NMI Watchdog: +# 0=disable (default, saves power), 1=enable (for kernel debugging only). +NMI_WATCHDOG=0 + +# Change CPU voltages aka "undervolting" - Kernel with PHC patch required. +# Frequency voltage pairs are written to: +# /sys/devices/system/cpu/cpu0/cpufreq/phc_controls +# CAUTION: only use this, if you thoroughly understand what you are doing! +#PHC_CONTROLS="F:V F:V F:V F:V" + +# Set CPU performance versus energy savings policy: +# performance, balance-performance, default, balance-power, power. +# Values are given in order of increasing power saving. +# Requires kernel module msr and x86_energy_perf_policy from linux-tools. +ENERGY_PERF_POLICY_ON_AC=performance +ENERGY_PERF_POLICY_ON_BAT=power + +# Disk devices; separate multiple devices with spaces (default: sda). +# Devices can be specified by disk ID also (lookup with: tlp diskid). +DISK_DEVICES="sda sdb" + +# Disk advanced power management level: 1..254, 255 (max saving, min, off). +# Levels 1..127 may spin down the disk; 255 allowable on most drives. +# Separate values for multiple disks with spaces. Use the special value 'keep' +# to keep the hardware default for the particular disk. +DISK_APM_LEVEL_ON_AC="254 254" +DISK_APM_LEVEL_ON_BAT="128 128" + +# Hard disk spin down timeout: +# 0: spin down disabled +# 1..240: timeouts from 5s to 20min (in units of 5s) +# 241..251: timeouts from 30min to 5.5 hours (in units of 30min) +# See 'man hdparm' for details. +# Separate values for multiple disks with spaces. Use the special value 'keep' +# to keep the hardware default for the particular disk. +#DISK_SPINDOWN_TIMEOUT_ON_AC="0 0" +#DISK_SPINDOWN_TIMEOUT_ON_BAT="0 0" + +# Select IO scheduler for the disk devices: cfq, deadline, noop (Default: cfq). +# Separate values for multiple disks with spaces. Use the special value 'keep' +# to keep the kernel default scheduler for the particular disk. +#DISK_IOSCHED="cfq cfq" + +# AHCI link power management (ALPM) for disk devices: +# min_power, med_power_with_dipm(*), medium_power, max_performance. +# (*) Kernel >= 4.15 required, then recommended. +# Multiple values separated with spaces are tried sequentially until success. +SATA_LINKPWR_ON_AC="med_power_with_dipm max_performance" +SATA_LINKPWR_ON_BAT="med_power_with_dipm min_power" + +# Exclude host devices from AHCI link power management. +# Separate multiple hosts with spaces. +#SATA_LINKPWR_BLACKLIST="host1" + +# Runtime Power Management for AHCI host and disks devices: +# on=disable, auto=enable. +# EXPERIMENTAL ** WARNING: auto will most likely cause system lockups/data loss. +#AHCI_RUNTIME_PM_ON_AC=on +#AHCI_RUNTIME_PM_ON_BAT=on + +# Seconds of inactivity before disk is suspended. +AHCI_RUNTIME_PM_TIMEOUT=15 + +# PCI Express Active State Power Management (PCIe ASPM): +# default, performance, powersave. +PCIE_ASPM_ON_AC=performance +PCIE_ASPM_ON_BAT=powersave + +# Radeon graphics clock speed (profile method): low, mid, high, auto, default; +# auto = mid on BAT, high on AC; default = use hardware defaults. +RADEON_POWER_PROFILE_ON_AC=high +RADEON_POWER_PROFILE_ON_BAT=low + +# Radeon dynamic power management method (DPM): battery, performance. +RADEON_DPM_STATE_ON_AC=performance +RADEON_DPM_STATE_ON_BAT=battery + +# Radeon DPM performance level: auto, low, high; auto is recommended. +RADEON_DPM_PERF_LEVEL_ON_AC=auto +RADEON_DPM_PERF_LEVEL_ON_BAT=auto + +# WiFi power saving mode: on=enable, off=disable; not supported by all adapters. +WIFI_PWR_ON_AC=off +WIFI_PWR_ON_BAT=on + +# Disable wake on LAN: Y/N. +WOL_DISABLE=Y + +# Enable audio power saving for Intel HDA, AC97 devices (timeout in secs). +# A value of 0 disables, >=1 enables power saving (recommended: 1). +SOUND_POWER_SAVE_ON_AC=0 +SOUND_POWER_SAVE_ON_BAT=1 + +# Disable controller too (HDA only): Y/N. +SOUND_POWER_SAVE_CONTROLLER=Y + +# Power off optical drive in UltraBay/MediaBay: 0=disable, 1=enable. +# Drive can be powered on again by releasing (and reinserting) the eject lever +# or by pressing the disc eject button on newer models. +# Note: an UltraBay/MediaBay hard disk is never powered off. +BAY_POWEROFF_ON_AC=0 +BAY_POWEROFF_ON_BAT=0 +# Optical drive device to power off (default sr0). +BAY_DEVICE="sr0" + +# Runtime Power Management for PCI(e) bus devices: on=disable, auto=enable. +RUNTIME_PM_ON_AC=on +RUNTIME_PM_ON_BAT=auto + +# Exclude PCI(e) device adresses the following list from Runtime PM +# (separate with spaces). Use lspci to get the adresses (1st column). +#RUNTIME_PM_BLACKLIST="bb:dd.f 11:22.3 44:55.6" + +# Exclude PCI(e) devices assigned to the listed drivers from Runtime PM. +# Default when unconfigured is "amdgpu nouveau nvidia radeon" which +# prevents accidential power-on of dGPU in hybrid graphics setups. +# Use "" to disable the feature completely. +# Separate multiple drivers with spaces. +#RUNTIME_PM_DRIVER_BLACKLIST="amdgpu nouveau nvidia radeon" + +# Set to 0 to disable, 1 to enable USB autosuspend feature. +USB_AUTOSUSPEND=1 + +# Exclude listed devices from USB autosuspend (separate with spaces). +# Use lsusb to get the ids. +# Note: input devices (usbhid) are excluded automatically +#USB_BLACKLIST="1111:2222 3333:4444" + +# Bluetooth devices are excluded from USB autosuspend: +# 0=do not exclude, 1=exclude. +USB_BLACKLIST_BTUSB=0 + +# Phone devices are excluded from USB autosuspend: +# 0=do not exclude, 1=exclude (enable charging). +USB_BLACKLIST_PHONE=0 + +# Printers are excluded from USB autosuspend: +# 0=do not exclude, 1=exclude. +USB_BLACKLIST_PRINTER=1 + +# WWAN devices are excluded from USB autosuspend: +# 0=do not exclude, 1=exclude. +USB_BLACKLIST_WWAN=1 + +# Include listed devices into USB autosuspend even if already excluded +# by the blacklists above (separate with spaces). +# Use lsusb to get the ids. +#USB_WHITELIST="1111:2222 3333:4444" + +# Set to 1 to disable autosuspend before shutdown, 0 to do nothing +# (workaround for USB devices that cause shutdown problems). +#USB_AUTOSUSPEND_DISABLE_ON_SHUTDOWN=1 + +# Restore radio device state (Bluetooth, WiFi, WWAN) from previous shutdown +# on system startup: 0=disable, 1=enable. +# Hint: the parameters DEVICES_TO_DISABLE/ENABLE_ON_STARTUP/SHUTDOWN below +# are ignored when this is enabled! +RESTORE_DEVICE_STATE_ON_STARTUP=0 + +# Radio devices to disable on startup: bluetooth, wifi, wwan. +# Separate multiple devices with spaces. +#DEVICES_TO_DISABLE_ON_STARTUP="bluetooth wifi wwan" + +# Radio devices to enable on startup: bluetooth, wifi, wwan. +# Separate multiple devices with spaces. +#DEVICES_TO_ENABLE_ON_STARTUP="wifi" + +# Radio devices to disable on shutdown: bluetooth, wifi, wwan. +# (workaround for devices that are blocking shutdown). +#DEVICES_TO_DISABLE_ON_SHUTDOWN="bluetooth wifi wwan" + +# Radio devices to enable on shutdown: bluetooth, wifi, wwan. +# (to prevent other operating systems from missing radios). +#DEVICES_TO_ENABLE_ON_SHUTDOWN="wwan" + +# Radio devices to enable on AC: bluetooth, wifi, wwan. +#DEVICES_TO_ENABLE_ON_AC="bluetooth wifi wwan" + +# Radio devices to disable on battery: bluetooth, wifi, wwan. +#DEVICES_TO_DISABLE_ON_BAT="bluetooth wifi wwan" + +# Radio devices to disable on battery when not in use (not connected): +# bluetooth, wifi, wwan. +#DEVICES_TO_DISABLE_ON_BAT_NOT_IN_USE="bluetooth wifi wwan" + +# Battery charge thresholds (ThinkPad only, tp-smapi or acpi-call kernel module +# required). Charging starts when the remaining capacity falls below the +# START_CHARGE_THRESH value and stops when exceeding the STOP_CHARGE_THRESH value. +# Main / Internal battery (values in %) +START_CHARGE_THRESH_BAT0=75 +STOP_CHARGE_THRESH_BAT0=80 +# Ultrabay / Slice / Replaceable battery (values in %) +#START_CHARGE_THRESH_BAT1=75 +#STOP_CHARGE_THRESH_BAT1=80 + +# Restore charge thresholds when AC is unplugged: 0=disable, 1=enable. +#RESTORE_THRESHOLDS_ON_BAT=1 + +# ------------------------------------------------------------------------------ +# tlp-rdw - Parameters for the radio device wizard +# Possible devices: bluetooth, wifi, wwan. + +# Hints: +# - Parameters are disabled by default, remove the leading # to enable them +# - Separate multiple radio devices with spaces + +# Radio devices to disable on connect. +#DEVICES_TO_DISABLE_ON_LAN_CONNECT="wifi wwan" +#DEVICES_TO_DISABLE_ON_WIFI_CONNECT="wwan" +#DEVICES_TO_DISABLE_ON_WWAN_CONNECT="wifi" + +# Radio devices to enable on disconnect. +#DEVICES_TO_ENABLE_ON_LAN_DISCONNECT="wifi wwan" +#DEVICES_TO_ENABLE_ON_WIFI_DISCONNECT="" +#DEVICES_TO_ENABLE_ON_WWAN_DISCONNECT="" + +# Radio devices to enable/disable when docked. +#DEVICES_TO_ENABLE_ON_DOCK="" +#DEVICES_TO_DISABLE_ON_DOCK="" + +# Radio devices to enable/disable when undocked. +#DEVICES_TO_ENABLE_ON_UNDOCK="wifi" +#DEVICES_TO_DISABLE_ON_UNDOCK="" diff --git a/archived/bullseye/etc_files/thinkpad/etc/network/interfaces b/archived/bullseye/etc_files/thinkpad/etc/network/interfaces new file mode 100644 index 0000000..9df66d5 --- /dev/null +++ b/archived/bullseye/etc_files/thinkpad/etc/network/interfaces @@ -0,0 +1,14 @@ +# This file describes the network interfaces available on your system +# and how to activate them. For more information, see interfaces(5). + +source /etc/network/interfaces.d/* + +# The loopback network interface +auto lo +iface lo inet loopback + +# # The primary network interface – commented out so network-manager can handle this! +# allow-hotplug enp0s25 +# iface enp0s25 inet dhcp +# # This is an autoconfigured IPv6 interface +# iface enp0s25 inet6 auto diff --git a/archived/bullseye/etc_files/thinkpad/etc/systemd/logind.conf b/archived/bullseye/etc_files/thinkpad/etc/systemd/logind.conf new file mode 100644 index 0000000..1098229 --- /dev/null +++ b/archived/bullseye/etc_files/thinkpad/etc/systemd/logind.conf @@ -0,0 +1,6 @@ +# This file is part of systemd. +# +# See logind.conf(5) for details. + +[Login] +HandleLidSwitch=hibernate diff --git a/archived/bullseye/etc_files/web/etc/nftables.conf b/archived/bullseye/etc_files/web/etc/nftables.conf new file mode 100755 index 0000000..ec6732a --- /dev/null +++ b/archived/bullseye/etc_files/web/etc/nftables.conf @@ -0,0 +1,22 @@ +#!/usr/sbin/nft -f + +flush ruleset + +table inet filter { + chain input { + type filter hook input priority 0; policy drop; + iif lo accept comment "accept localhost traffic" + ct state invalid drop comment "drop invalid connections" + ct state established, related accept comment "accept traffic originated from us" + tcp dport 22 accept comment "accept SSH on default port" + tcp dport 80 accept comment "accept HTTP on default port" + tcp dport 443 accept comment "accept HTTPS on default port" + ip protocol icmp icmp type echo-request accept comment "accept ICMP for pinging" + } + chain forward { + type filter hook forward priority 0; policy drop; + } + chain output { + type filter hook output priority 0; policy accept; + } +} diff --git a/archived/bullseye/etc_files/web/etc/nginx/nginx.conf b/archived/bullseye/etc_files/web/etc/nginx/nginx.conf new file mode 100644 index 0000000..8320425 --- /dev/null +++ b/archived/bullseye/etc_files/web/etc/nginx/nginx.conf @@ -0,0 +1,38 @@ +# system integration +user www-data; +worker_processes auto; +pid /run/nginx.pid; +include /etc/nginx/modules-enabled/*.conf; + +# is expected even if empty +events { +} + +http { + # define content-type headers + include /etc/nginx/mime.types; + charset utf-8; + + # Some standard optimizations, i.e. Debian default. Explained in + # + # Not that I understand it all … + sendfile on; + tcp_nopush on; + tcp_nodelay on; + + # logging deactivated due to GDPR + #access_log /var/log/nginx/access.log; + #error_log /var/log/nginx/error.log; + access_log off; + error_log off; + + # virtual hosts: sites-enabled is the Debian way, conf.d the NGINX default + include /etc/nginx/conf.d/*.conf; + include /etc/nginx/sites-enabled/*; + + # Redirect all HTTP requests to HTTPS. + server { + listen 80; + return 301 https://$host$request_uri; + } +} diff --git a/archived/bullseye/etc_files/website/etc/gitweb.conf b/archived/bullseye/etc_files/website/etc/gitweb.conf new file mode 100644 index 0000000..88dea47 --- /dev/null +++ b/archived/bullseye/etc_files/website/etc/gitweb.conf @@ -0,0 +1,22 @@ +# path to git projects (.git) +$projectroot = "/var/repos"; + +# don't show repos without git-daemon-export-ok file +$export_ok = "git-daemon-export-ok"; + +# directory to use for temp files +# explicitely set by Debian so it's probably a good choice +$git_temp = "/tmp"; + +# git-diff-tree(1) options to use for generated patches +# we don't want to to guess renames, so empty +@diff_opts = (); + +# Base path for where to find the repos for cloning. +@git_base_url_list = ('https://REPLACE_fqdn_ECALPER/repos/clone'); + +# allow snapshots +$feature{'snapshot'}{'default'} = ['zip', 'tgz']; + +# insert header for GDPR compliance +$site_header = "/var/www/header.html" diff --git a/archived/bullseye/etc_files/website/etc/nginx/sites-available/website.nginx b/archived/bullseye/etc_files/website/etc/nginx/sites-available/website.nginx new file mode 100644 index 0000000..ad5abed --- /dev/null +++ b/archived/bullseye/etc_files/website/etc/nginx/sites-available/website.nginx @@ -0,0 +1,45 @@ +server { + listen 443 ssl; + server_name REPLACE_fqdn_ECALPER; + ssl_certificate /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/privkey.pem; + root /var/www/html/; + index index.html index.htm index.nginx-debian.html; + + # serve /var/repos/* for HTTPS git cloning + location ~ /repos/clone(/.*) { + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend; + # Commented out so only repos are served that contain a + # git-daemon-export-ok file. + # fastcgi_param GIT_HTTP_EXPORT_ALL ""; + fastcgi_param GIT_PROJECT_ROOT /var/repos; + fastcgi_param PATH_INFO $1; + fastcgi_pass unix:/var/run/fcgiwrap.socket; + } + + # gitweb static files + location /repos/static/ { + alias /usr/share/gitweb/static/; + } + + # gitweb; this needs packages fcgiwrap and gitweb + location /repos/ { + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME /usr/share/gitweb/gitweb.cgi; + fastcgi_param GITWEB_CONFIG /etc/gitweb.conf; + fastcgi_pass unix:/var/run/fcgiwrap.socket; + } + + # login-protected IRC logs + location ~ ^/irclogs/([^/]+)/ { + auth_basic "$1 logs"; + auth_basic_user_file /var/www/irclogs_pw/$1; + autoindex on; + } + + location /guiltcards/ { + include uwsgi_params; + uwsgi_pass 127.0.0.1:9000; + } +} diff --git a/archived/bullseye/etc_files/website/etc/systemd/system/plomlombot.service b/archived/bullseye/etc_files/website/etc/systemd/system/plomlombot.service new file mode 100644 index 0000000..a4f6769 --- /dev/null +++ b/archived/bullseye/etc_files/website/etc/systemd/system/plomlombot.service @@ -0,0 +1,11 @@ +[Unit] +Description=plomlombot screen + +[Service] +Type=simple +User=plom +ExecStart=/bin/sh -c '~/plomlombot_daemon.sh' +Restart=always + +[Install] +WantedBy=multi-user.target diff --git a/archived/bullseye/home_files/minimal/.bashrc b/archived/bullseye/home_files/minimal/.bashrc new file mode 100644 index 0000000..e1d41d8 --- /dev/null +++ b/archived/bullseye/home_files/minimal/.bashrc @@ -0,0 +1,30 @@ +# Settings for interactive shells. + +# Fancy colors for ls. +alias ls="ls --color=auto" + +# Other helpful aliases +alias sshauth='eval $(ssh-agent) && ssh-add' +alias xrandrbig='xrandr --output LVDS-1 --off' + +# Use vim as default editor for anything. +export VISUAL=vim +export EDITOR=$VISUAL + +# Colored prompt with username, hostname, date/time, directory. +colornumber=7 # Default to white if no color set via colornumber dotfile. +colornumber_file=~/.shell_prompt_color +if [ -f $colornumber_file ]; then + colornumber=`cat $colornumber_file` +fi +tput_color="$(tput setaf $colornumber)$(tput bold)" +tput_reset="$(tput sgr0)" +# Bash confuses the line length when not told to not count escape sequences. +if [ ! "$BASH" = "" ]; then + tput_color="\[$tput_color\]" + tput_reset="\[$tput_reset\]" +fi +PS1="${tput_color}["\$\(date\ +%Y-%m-%d/%H:%M:%S/%Z\)" $(whoami)@$(hostname):"\$\(pwd\)"]$ $tput_reset" +PS2="${tput_color}> $tput_reset" +PS3="${tput_color}select: $tput_reset" +PS4="${tput_color}+ $tput_reset" diff --git a/archived/bullseye/home_files/root/.shell_prompt_color b/archived/bullseye/home_files/root/.shell_prompt_color new file mode 100644 index 0000000..d00491f --- /dev/null +++ b/archived/bullseye/home_files/root/.shell_prompt_color @@ -0,0 +1 @@ +1 diff --git a/archived/bullseye/home_files/user/.Xresources b/archived/bullseye/home_files/user/.Xresources new file mode 100644 index 0000000..45b10af --- /dev/null +++ b/archived/bullseye/home_files/user/.Xresources @@ -0,0 +1,56 @@ +! otherwise various applications will assume merely 8 colors +XTerm.termName: xterm-256color + +! font +! actually, "mono" is already the default for faceName (it will +! pick whatever fc-match mono delivers), but we need to set _some_ +! faceName to trigger XTerm activating TrueType fonts +! (XTerm*fontRender by itself won't do the trick), and we want +! TrueType fonts because, well, they scale better, and XTerm lets them +! fall back on alternatives (hi there ttf-unifont) when a Unicode +! glyph is not found +XTerm*faceName: mono + +! white on black +XTerm*reverseVideo: on + +! blink screen instead of sound +XTerm*visualBell: on + +! proper ALT as META key treatment +XTerm*eightBitInput: false + +! font sizes +XTerm*faceSize: 8 +XTerm*faceSize1: 4 +XTerm*faceSize2: 5 +XTerm*faceSize3: 6 +XTerm*faceSize4: 8 +XTerm*faceSize5: 14 +XTerm*faceSize6: 25 + +! colors +! black +XTerm*color0: #202020 +XTerm*color8: #3F3F3F +! red +XTerm*color1: #A82020 +XTerm*color9: #E82020 +! green +XTerm*color2: #20A820 +XTerm*color10: #20E820 +! yellow +XTerm*color3: #A8A820 +XTerm*color11: #E8E820 +! blue +XTerm*color4: #3F3FFF +XTerm*color12: #9F9FFF +! magenta +XTerm*color5: #A83FFF +XTerm*color13: #E89FFF +! cyan +XTerm*color6: #3FA8FF +XTerm*color14: #9FE8FF +! white +XTerm*color7: #A8A8A8 +XTerm*color15: #E8E8E8 diff --git a/archived/bullseye/home_files/user/.borgrepos b/archived/bullseye/home_files/user/.borgrepos new file mode 100644 index 0000000..c40eee3 --- /dev/null +++ b/archived/bullseye/home_files/user/.borgrepos @@ -0,0 +1,4 @@ +plom@plomlompom.com +plom@mail.plomlompom.com +plom@play.plomlompom.com +# file read ends at last newline diff --git a/archived/bullseye/home_files/user/.config/i3/config b/archived/bullseye/home_files/user/.config/i3/config new file mode 100644 index 0000000..07332f3 --- /dev/null +++ b/archived/bullseye/home_files/user/.config/i3/config @@ -0,0 +1,84 @@ +# plomlompom's i3-wm configuration + +# Font for i3 text +font pango:Terminus 8px + +# Force "tabbed" as default layout for new windows. +workspace_layout tabbed + +# Make the Windows key the modifier key for all i3-wm actions. +set $mod Mod4 +floating_modifier $mod + +# Launch xterm. +bindsym $mod+Return exec xterm + +# Launch programs via dmenu. +bindsym $mod+d exec dmenu_run +bindsym $mod+x exec dmenu_run + +# Kill window. +bindsym $mod+Shift+Q kill + +# Move focus between windows. +bindsym $mod+Left focus left +bindsym $mod+Down focus down +bindsym $mod+Up focus up +bindsym $mod+Right focus right + +# Don't move focus with mouse. +focus_follows_mouse no + +# Move windows. +bindsym $mod+Shift+Left move left +bindsym $mod+Shift+Down move down +bindsym $mod+Shift+Up move up +bindsym $mod+Shift+Right move right + +# Resize windows +bindsym $mod+h resize shrink width 1 px or 1 ppt +bindsym $mod+l resize grow width 1 px or 1 ppt +bindsym $mod+j resize shrink height +bindsym $mod+k resize grow height + +# Toggle fullscreen for focused window. +bindsym $mod+f fullscreen + +# Toggle floating of window, focus on floating or tabbed windows. +bindsym $mod+Shift+space floating toggle +bindsym $mod+space focus mode_toggle + +# Switch to workspace x. +bindsym $mod+1 workspace 1 +bindsym $mod+2 workspace 2 +bindsym $mod+3 workspace 3 +bindsym $mod+4 workspace 4 +bindsym $mod+5 workspace 5 +bindsym $mod+6 workspace 6 +bindsym $mod+7 workspace 7 +bindsym $mod+8 workspace 8 +bindsym $mod+9 workspace 9 +bindsym $mod+0 workspace 10 + +# Move window to workspace x. +bindsym $mod+Shift+exclam move workspace 1 +bindsym $mod+Shift+quotedbl move workspace 2 +bindsym $mod+Shift+section move workspace 3 +bindsym $mod+Shift+dollar move workspace 4 +bindsym $mod+Shift+percent move workspace 5 +bindsym $mod+Shift+ampersand move workspace 6 +bindsym $mod+Shift+slash move workspace 7 +bindsym $mod+Shift+parenleft move workspace 8 +bindsym $mod+Shift+parenright move workspace 9 +bindsym $mod+Shift+equal move workspace 10 + +# Reload i3 config file, restart (keeping sesion) i3, exit i3. +bindsym $mod+Shift+C reload +bindsym $mod+Shift+R restart +bindsym $mod+Shift+P exit + +# Select "i3status" as i3 status bar, hide systray icons. +bar { + tray_output none + status_command i3status +} diff --git a/archived/bullseye/home_files/user/.emacs.d/init.el b/archived/bullseye/home_files/user/.emacs.d/init.el new file mode 100644 index 0000000..9964c98 --- /dev/null +++ b/archived/bullseye/home_files/user/.emacs.d/init.el @@ -0,0 +1,323 @@ +;; general layout +;; ============== + +;; need no stinkin emacs help screen as start up, and no menu bar +(setq inhibit-startup-screen t) +(menu-bar-mode -1) + +;; highlight cursor line, parentheses +(global-hl-line-mode 1) +(show-paren-mode 1) + +;; show line numbers, use separator space +(global-linum-mode) +(setq linum-format "%d ") + +;; count cursor column, row in mode line +(setq column-number-mode t) + +;; settings to make GUI tolerable +(if window-system + (progn + (add-to-list 'default-frame-alist '(foreground-color . "white")) + (add-to-list 'default-frame-alist '(background-color . "black")) + (set-face-attribute 'default nil :height 80) + (scroll-bar-mode -1) + (setq visible-bell t) + (setq linum-format "%d"))) + +;; use as default browser what XDG offers +(setq-default browse-url-browser-function 'browse-url-xdg-open) + + + +;; general keybindings +;; =================== + +;; create and use a minimal global map using just the self-insert command +;; bindings and a selection of some to me very common keystrokes +(setq minimal-map (make-sparse-keymap)) +(substitute-key-definition 'self-insert-command 'self-insert-command + minimal-map global-map) +(use-global-map minimal-map) +(global-set-key (kbd "DEL") 'backward-delete-char-untabify) +(global-set-key (kbd "RET") 'newline) +(global-set-key (kbd "TAB") 'indent-for-tab-command) +(global-set-key (kbd "") 'previous-line) +(global-set-key (kbd "") 'next-line) +(global-set-key (kbd "") 'left-char) +(global-set-key (kbd "") 'right-char) +(global-set-key (kbd "") 'scroll-down-command) +(global-set-key (kbd "") 'scroll-up-command) +(global-set-key (kbd "M-x") 'execute-extended-command) +(global-set-key (kbd "C-g") 'keyboard-quit) +;(global-set-key (kbd "") 'kmacro-start-macro-or-insert-counter) +;(global-set-key (kbd "") 'kmacro-end-or-call-macro) +;; note how to switch back to the original map: (use-global-map global-map) +(setq shr-map (make-sparse-keymap)) ; got annoying in elfeed-show on URLs + + + +;; minibuffer +;; ========== + +;; incremental minibuffer completion +(icomplete-mode 1) + + + +;; text editing +;; ============ + +;; tabs are evil +(setq-default indent-tabs-mode nil) +(setq-default tab-width 4) +(setq indent-line-function 'insert-tab) + +;; show trailing whitespace +(setq-default show-trailing-whitespace 1) + +;; on save, ask whether to ensure text file's last line ends in a +;; newline character +(setq require-final-newline 1) + +;; use dedicated directory for version-controlled, endless backups; +;; never delete old versions +(setq make-backup-files t + backup-directory-alist `(("." . "~/.emacs_backups")) + backup-by-copying t + version-control t + delete-old-versions 1) ;; neither t nor nil: never delete + + +;; package management +;; ================== + +;; where we get packages from +(setq package-archives '(("gnu" . "https://elpa.gnu.org/packages/") + ("melpa-unstable" . "https://melpa.org/packages/") + ("melpa-stable" . "https://stable.melpa.org/packages/"))) + +;; ensure certain packages are installed (actually, we use Debian repos here) +;; credit to +;(setq package-list '(elfeed ledger-mode)) +;(package-initialize) +;(dolist (package package-list) +; (unless (package-installed-p package) +; (package-install package))) + + + +;;; window management +;;; ================= +; +;;; track window configurations to allow window config undo +;(winner-mode 1) + + + +;; mail setup +;; ========== + +(setq send-mail-function 'smtpmail-send-it) +(setq smtpmail-smtp-server "mail.plomlompom.com") +(setq smtpmail-smtp-service 465) +(setq smtpmail-stream-type 'ssl) +(setq smtpmail-smtp-user "plom") +(setq mml-secure-openpgp-encrypt-to-self t) +(add-hook 'message-setup-hook 'mml-secure-sign-pgpmime) + +;(setq gnutls-log-level 0) + +;; if we don't set this, we get this warning: +;; gnutls.c: [1] Note that the security level of the Diffie-Hellman key exchange +;; has been lowered to 256 bits and this may allow decryption of the session data +(setq gnutls-min-prime-bits 1024) + +;; there is a WEIRD bug somewhere in /network-stream-open-tls/ that disappears the +;; stream process, seemingly unless the /message/ function is called at the right +;; place (earliest in /nsm-verify-connection/ right before the "cond" there, latest +;; in /network-stream-get-response/ right after "(goto-char start)"; this works +;; unless /inhibit_message/ is set, indicating that writing to the *Messages* +;; buffer is not relevant, but maybe writing to the echo area is); activing the +;; gnutls logging is just a hack to achieve such calls to /message/ in the +;; /network-stream-open-tls/ flow. +(setq gnutls-log-level 1) ; miraculously makes smtpmail work + +;; constructs From: domain if mail composer directly called (from without +;; notmuch), but we don't actually intend to do that +;(setq mail-host-address "plomlompom.com") + +;; otherwise notmuch becomes extremely slow in some cases +(setq-default notmuch-show-indent-content nil) + +;; this only works if we use notmuch-mua-send instead of message-send +(setq notmuch-fcc-dirs '(("plom@plomlompom.com" . "maildir/Sent"))) + +;; this gets rid of "i-did-not-set--mail-host-address--so-tickle-me" +;; in the message ID +(setq mail-host-address "plomlompom.com") + +;; notmuch saved searches +(setq notmuch-saved-searches + '((:name "inbox" :query "tag:unread and folder:inbox") + (:name "all" :query "tag:unread not folder:maildir/Trash") + (:name "plomlompom.de" :query "tag:unread and folder:maildir/plomlompom.de") + (:name "nebenan" :query "tag:unread and folder:maildir/nebenan") + (:name "reflect-info" :query "tag:unread and folder:maildir/reflect-info") + (:name "gmail" :query "tag:unread and folder:maildir/gmail.com") + (:name "mutter" :query "tag:unread and folder:maildir/mutter"))) + + + +;; org mode +;; ======== + +;; unsure why, but to re-set the key map, we not only have to explicitely do it +;; only after org-mode loading, but also have to explicitely overwrite the +;; C-c keybinding; TODO: investigate +(with-eval-after-load 'org + (setq org-mode-map (make-sparse-keymap)) + (define-key org-mode-map (kbd "C-c") nil) + (define-key org-mode-map (kbd "TAB") 'org-cycle) + (define-key org-mode-map (kbd "") 'org-shifttab)) + +;; don't truncate lines by default +(setq org-startup-truncated nil) + +;; basic org-capture config +(setq org-capture-templates + '(("x" "test" plain (file "~/org/notes.org") "%T: %?"))) +(add-hook 'org-capture-mode-hook 'evil-insert-state) + +;; agenda view on startup +(load-library "find-lisp") +(setq org-agenda-files (find-lisp-find-files "~/org" "\.org$")) +(setq org-agenda-span 90) +(setq org-agenda-use-time-grid nil) +(add-hook 'emacs-startup-hook (lambda () + (org-agenda-list) + (switch-to-buffer "*Org Agenda*") + (other-window 1))) + +;;; for calendar, use ISO date style +;(setq calendar-date-style 'iso) +;(setq diary-number-of-entries 7) +;(diary) +;(setq org-agenda-time-grid '((today require-timed remove-match) +; #("----------------" 0 16 (org-heading t)) +; (0 200 400 600 800 1000 1200 +; 1400 1600 1800 2000 2200))) + +;; empty org-agenda-mode keybindings +(add-hook 'org-agenda-mode-hook + (lambda () + (setq org-agenda-mode-map (make-sparse-keymap)))) +(add-hook 'org-agenda-mode-hook + (lambda () + (use-local-map (make-sparse-keymap)))) + +;; org-publish-all +(setq org-publish-project-alist + '( + ("website" + :base-directory "~/org/web/" + :base-extension "org" + :publishing-directory "~/html/" + :recursive t + :publishing-function org-html-publish-to-html + :headline-levels 4 ; Just the default for this project. + :auto-preamble t + ))) + +;; use [ki:] syntax to hide stuff from exports +(defun classify-information (text backend info) + "Replaces '[ki:WHATEVER]' with '[klassifizierte Information]'." + (replace-regexp-in-string "\\[ki:[^\]]*\]" "[klassifizierte Information]" text)) +(add-hook 'org-export-filter-plain-text-functions 'classify-information) + +;; add HTML validator link to exports +(setq org-html-validation-link "Validate") + + + +;;; Info mode +;;; ========= + +(setq Info-mode-map (make-sparse-keymap)) +(define-key Info-mode-map (kbd "RET") 'Info-follow-nearest-node) +(define-key Info-mode-map (kbd "u") 'Info-up) +(define-key Info-mode-map (kbd "TAB") 'Info-next-reference) +(define-key Info-mode-map (kbd "") 'Info-prev-reference) +(define-key Info-mode-map (kbd "H") 'Info-history-back) +(define-key Info-mode-map (kbd "L") 'Info-history-forward) +(define-key Info-mode-map (kbd "I") 'Info-goto-node) +(define-key Info-mode-map (kbd "i") 'Info-index) + + + +;; help mode +;; ========= + +(setq help-mode-map (make-sparse-keymap)) +(define-key help-mode-map (kbd "TAB") 'forward-button) +(define-key help-mode-map (kbd "RET") 'help-follow) +(define-key help-mode-map (kbd "") 'backward-button) + + + +;; elfeed +;; ====== + +(require 'elfeed) ; needed so we can set the font faces +(set-face-background 'elfeed-search-title-face "magenta") +(set-face-background 'elfeed-search-unread-count-face "magenta") +(setq elfeed-feeds + '("https://capsurvival.blogspot.com/feeds/posts/default" + "https://jungle.world/rss.xml" + "http://news.dieweltistgarnichtso.net/bin/index.xml" + "https://taz.de/!s=&ExportStatus=Intern&SuchRahmen=Online;rss/" + "http://www.tagesschau.de/xml/atom")) +(setq elfeed-search-mode-map (make-sparse-keymap)) +(define-key elfeed-search-mode-map (kbd "RET") 'elfeed-search-show-entry) +(defun elfeed-search-mark-as-read() (interactive) + (elfeed-search-untag-all 'unread)) +(define-key elfeed-search-mode-map (kbd "r") 'elfeed-search-mark-as-read) +(define-key elfeed-search-mode-map (kbd "R") 'elfeed-search-tag-all-unread) +(define-key elfeed-search-mode-map (kbd "f") 'elfeed-search-live-filter) +(define-key elfeed-search-mode-map (kbd "u") 'elfeed-update) +(setq elfeed-show-mode-map (make-sparse-keymap)) +(define-key elfeed-show-mode-map (kbd "u") 'elfeed) +(define-key elfeed-show-mode-map (kbd "TAB") 'shr-next-link) +(define-key elfeed-show-mode-map (kbd "") 'shr-previous-link) +(define-key elfeed-show-mode-map (kbd "a") 'elfeed-show-prev) +(define-key elfeed-show-mode-map (kbd "d") 'elfeed-show-next) +(define-key elfeed-show-mode-map (kbd "y") 'shr-copy-url) +(define-key elfeed-show-mode-map (kbd "RET") 'shr-browse-url) + + + +;; eww +;; === + +(setq eww-mode-map (make-sparse-keymap)) +(define-key eww-mode-map (kbd "TAB") 'shr-next-link) +(define-key eww-mode-map (kbd "") 'shr-previous-link) +(define-key eww-mode-map (kbd "H") 'eww-back-url) +(define-key eww-mode-map (kbd "L") 'eww-forward-url) + + + +;; ledger +;; ====== +(setq ledger-mode-map (make-sparse-keymap)) +(define-key ledger-mode-map (kbd "TAB") 'completion-at-point) + + + +;;; plomvi mode +;;; =========== + +(defvar plomvi-return-combo (kbd "C-c")) +(load "~/public_repos/plomvi.el/plomvi.el") +(plomvi-global-mode 1) diff --git a/archived/bullseye/home_files/user/.gitconfig b/archived/bullseye/home_files/user/.gitconfig new file mode 100644 index 0000000..8967d25 --- /dev/null +++ b/archived/bullseye/home_files/user/.gitconfig @@ -0,0 +1,3 @@ +[user] + email = c.heller@plomlompom.de + name = Christian Heller diff --git a/archived/bullseye/home_files/user/.mbsyncrc b/archived/bullseye/home_files/user/.mbsyncrc new file mode 100644 index 0000000..6a0e5cd --- /dev/null +++ b/archived/bullseye/home_files/user/.mbsyncrc @@ -0,0 +1,28 @@ +IMAPAccount plom +# Address to connect to +Host mail.plomlompom.com +User plom +# For some reason, mbsync doesn't accept a PassCmd output beyond 79 chars, +# therefore the pw in ~/.authinfo should not be longer than that. +PassCmd "cat ~/.authinfo | cut -d' ' -f8-" +SSLType IMAPS +AuthMechs LOGIN + +IMAPStore core-remote +Account plom + +MaildirStore core-local +# The trailing "/" is important +Path ~/mail/maildir/ +Inbox ~/mail/inbox/ + +Channel core +Master :core-remote: +Slave :core-local: +Patterns * +# Automatically create missing mailboxes, both locally and on the server +Create Both +# Save the synchronization state files in the relevant directory +SyncState * +# If a mail is marked T ("Trashed") or deleted, remove it for real everywhere +Expunge Both diff --git a/archived/bullseye/home_files/user/.notmuch-config b/archived/bullseye/home_files/user/.notmuch-config new file mode 100644 index 0000000..9532761 --- /dev/null +++ b/archived/bullseye/home_files/user/.notmuch-config @@ -0,0 +1,9 @@ +[database] +path=/home/plom/mail +[search] +exclude_tags=deleted;spam; +# the fields below set the From: if the mail composer is called from +# within notmuch +[user] +name=Christian Heller +primary_email=plom@plomlompom.com diff --git a/archived/bullseye/home_files/user/.shell_prompt_color b/archived/bullseye/home_files/user/.shell_prompt_color new file mode 100644 index 0000000..0cfbf08 --- /dev/null +++ b/archived/bullseye/home_files/user/.shell_prompt_color @@ -0,0 +1 @@ +2 diff --git a/archived/bullseye/home_files/user/.tridactylrc b/archived/bullseye/home_files/user/.tridactylrc new file mode 100644 index 0000000..e39e5a0 --- /dev/null +++ b/archived/bullseye/home_files/user/.tridactylrc @@ -0,0 +1,13 @@ +sanitize tridactyllocal tridactylsync +guiset statuspanel top-right +guiset tabs autohide +set newtab file:///opt/firefox/blank.html +autocmd DocStart www.reddit.com urlmodify -t www.reddit old.reddit +bind / fillcmdline find +bind n findnext 1 +bind N findnext -1 +set findcase insensitive +bind j scrollline 3 +bind k scrollline -3 +set hintuppercase false +set searchengine duckduckgo diff --git a/archived/bullseye/home_files/user/.xinitrc b/archived/bullseye/home_files/user/.xinitrc new file mode 100644 index 0000000..c7a0a66 --- /dev/null +++ b/archived/bullseye/home_files/user/.xinitrc @@ -0,0 +1,17 @@ +# X init configuration + +# Set keymap. +setxkbmap de + +# Map CapsLock to Compose key. +xmodmap -e "clear Lock" +xmodmap -e "keycode 66 = Multi_key" + +# Load xterm settings +xrdb -merge ~/.Xresources + +# Redshift to Berlin, Germany. +redshift -rl 53:13 & + +# Launch window manager. +i3 diff --git a/archived/bullseye/home_files/user/mail_sync.sh b/archived/bullseye/home_files/user/mail_sync.sh new file mode 100755 index 0000000..6962800 --- /dev/null +++ b/archived/bullseye/home_files/user/mail_sync.sh @@ -0,0 +1,43 @@ +#!/bin/sh +set -e + +basedir="/home/plom/mail/maildir/" +# Ensure directories exist for all "dir:*" tags. +for tag in $(notmuch search --output=tags '*'); do + if [ ! $(echo "${tag}" | cut -c-4) = "dir:" ]; then + continue + fi + target_dir="${basedir}"$(echo "${tag}" | cut -c5-)"/cur/" + if [ ! -d "${target_dir}" ]; then + echo "Directory ${target_dir} does not exist." + exit 1 + fi +done + +# Ensure all "dir:*"-tagged mails are in proper directories, +# remove all "dir:*" tags. +for tag in $(notmuch search --output=tags '*'); do + if [ ! $(echo "${tag}" | cut -c-4) = "dir:" ]; then + continue + fi + target_dir="${basedir}"$(echo "${tag}" | cut -c5-)"/cur/" + for f in $(notmuch search --output=files tag:"${tag}"); do + new_name=$(basename "${f}" | sed -e 's/,U=[0-9]*//') + target_path="${target_dir}${new_name}" + if [ ! "${target_path}" = "${f}" ]; then + echo "Moving ${f} to ${target_path}." + mv "${f}" "${target_path}" + fi + done + notmuch tag -"${tag}" tag:"${tag}" +done + +# Remove all "deleted"-tagged files from maildirs. +notmuch search --output=files tag:deleted | while read f; do + echo "Deleting ${f}" + rm "${f}" +done + +# Sync changes back to server and update notmuch index. +mbsync -a +notmuch new diff --git a/archived/bullseye/home_files/user/public_repos/repos b/archived/bullseye/home_files/user/public_repos/repos new file mode 100644 index 0000000..27eb028 --- /dev/null +++ b/archived/bullseye/home_files/user/public_repos/repos @@ -0,0 +1,7 @@ +# List of repos we want cloned in ~/public_repos +config +pingmail.git +plomlombot-irc.git +plomrogue +plomrogue2-experiments +plomvi.el diff --git a/archived/bullseye/home_files/w530/.config/i3status/config b/archived/bullseye/home_files/w530/.config/i3status/config new file mode 100644 index 0000000..b9fb15f --- /dev/null +++ b/archived/bullseye/home_files/w530/.config/i3status/config @@ -0,0 +1,82 @@ +# plomlompom's i3 status bar configuration + +# Activate colors; set update interval of one second. +general { + colors = true + interval = 1 +} + +# Selection / order of status elements. +order += "disk /" +order += "disk /home/" +order += "wireless wlp3s0" +order += "ethernet enp0s25" +order += "battery 0" +order += "cpu_usage" +order += "load" +order += "cpu_temperature 0" +order += "time" +order += "volume master" + +# How much space is left in / ? +disk "/" { + format = "/: %avail available of %total" + separator_block_width = 25 +} + +# How much space is left in /home ? +disk "/home/" { + format = "/home: %avail available of %total" + separator_block_width = 25 +} + +# WLAN status: show IP and connection quality or "down". +wireless wlp3s0 { + format_up = "w: (%quality at %essid) %ip" + format_down = "w: down" + separator_block_width = 10 +} + +# Ethernet status: show IP or "down". +ethernet enp0s25 { + format_up = "e: %ip" + format_down = "e: down" + separator_block_width = 25 +} + +# Battery status: show FULL/CHARGING/BATTERY, storage, time left. +battery 0 { + format = "b: %status %percentage %remaining" + separator_block_width = 25 +} + +# Show CPU usage. +cpu_usage { + format = "cpu: %usage" + separator_block_width = 10 +} + +# Show system load during last 1/5/15 minutes. +load { + format = "%1min %5min %15min" + separator_block_width = 25 +} + +# Show CPU temperature in degrees of celsius. +cpu_temperature 0 { + format = "%degrees °C" + separator_block_width = 25 +} + +# Show date/time/timezone as "year-month-day hour:minute:second +# timezone_numeric/timezone_alphabetic". +time { + format = "%Y-%m-%d %H:%M:%S %z/%Z" + separator_block_width = 25 +} + +volume master { + format = "♪: %volume" + format_muted = "♪: muted (%volume)" + separator_block_width = 25 +} diff --git a/archived/bullseye/home_files/x220/.config/i3status/config b/archived/bullseye/home_files/x220/.config/i3status/config new file mode 100644 index 0000000..a81a117 --- /dev/null +++ b/archived/bullseye/home_files/x220/.config/i3status/config @@ -0,0 +1,79 @@ +# plomlompom's i3 status bar configuration + +# It is important that this file is edited as UTF-8. +# The following line should contain a sharp s: +# ß + +# Activate colors; set update interval of one second. +general { + colors = true + interval = 1 +} + +# Selection / order of status elements. +order += "disk /" +order += "wireless _first_" +order += "ethernet _first_" +order += "battery all" +order += "cpu_usage" +order += "load" +order += "cpu_temperature all" +order += "time" +order += "volume master" + +# How much space is left in / ? +disk "/" { + format = "/: %avail available of %total" + separator_block_width = 25 +} + +# WLAN status: show IP and connection quality or "down". +wireless _first_ { + format_up = "w: (%quality at %essid) %ip" + format_down = "w: down" + separator_block_width = 10 +} + +# Ethernet status: show IP or "down". +ethernet _first_ { + format_up = "e: %ip" + format_down = "e: down" + separator_block_width = 25 +} + +# Battery status: show FULL/CHARGING/BATTERY, storage, time left. +battery all { + format = "b: %status %percentage %remaining" + separator_block_width = 25 +} + +# Show CPU usage. +cpu_usage { + format = "cpu: %usage" + separator_block_width = 10 +} + +# Show system load during last 1/5/15 minutes. +load { + format = "%1min %5min %15min" + separator_block_width = 25 +} + +# Show CPU temperature in degrees of celsius. +cpu_temperature all { + format = "%degrees °C" + separator_block_width = 25 +} + +# Show date/time/timezone as "year-month-day hour:minute:second +# timezone_numeric/timezone_alphabetic". +time { + format = "%Y-%m-%d %H:%M:%S %z/%Z" + separator_block_width = 25 +} + +volume master { + format = "♪: %volume" + format_muted = "♪: muted (%volume)" + separator_block_width = 25 +} diff --git a/archived/bullseye/other_files/blank.html b/archived/bullseye/other_files/blank.html new file mode 100644 index 0000000..79e707e --- /dev/null +++ b/archived/bullseye/other_files/blank.html @@ -0,0 +1 @@ +not quite blank diff --git a/archived/bullseye/other_files/blog_hook_post-receive b/archived/bullseye/other_files/blog_hook_post-receive new file mode 100755 index 0000000..b671248 --- /dev/null +++ b/archived/bullseye/other_files/blog_hook_post-receive @@ -0,0 +1,17 @@ +#!/bin/sh +blog_dir=~/blog +export GIT_DIR=$(pwd) +export GIT_WORK_TREE="$blog_dir" +git checkout -f +cd "$GIT_WORK_TREE" +redo +git add metadata/author metadata/url metadata/title metadata/*.tmpl metadata/automatic_metadata captchas/linkable/* +count=$(ls -1 metadata/*.automatic_metadata 2>/dev/null | wc -l) +if [ "$count" != 0 ]; then + git add metadata/*.automatic_metadata +fi +status=$(git status -s) +n_updates=$(printf "$status" | grep -vE '^\?\?' | wc -l) +if [ "$n_updates" -gt 0 ]; then + git commit -a -m 'Update metadata' +fi diff --git a/archived/bullseye/other_files/dumpsite_index.html b/archived/bullseye/other_files/dumpsite_index.html new file mode 100644 index 0000000..0c2093f --- /dev/null +++ b/archived/bullseye/other_files/dumpsite_index.html @@ -0,0 +1,3 @@ + + +Zum Blog? diff --git a/archived/bullseye/other_files/plomlombot_daemon.sh b/archived/bullseye/other_files/plomlombot_daemon.sh new file mode 100755 index 0000000..9b9faee --- /dev/null +++ b/archived/bullseye/other_files/plomlombot_daemon.sh @@ -0,0 +1,62 @@ +#!/bin/sh +set -e + +# Repeatedly parse config file for GPG key and bot screen configs. +path=~/.plomlombot +db_dir="${HOME}/plomlombot_db" +irclogs_dir=/var/www/html/irclogs +irclogs_pw_dir=/var/www/irclogs_pw +hostname_mod_epoch=$(stat -c%Y /etc/hostname) +while true; do + if [ -f "${path}" ]; then + cat "${path}" | while read line; do + first_word=$(echo -n "${line}" | cut -d' ' -f1) + + # Read "bot:" line, start bot screen session from it if not yet existing, + # set up irclogs dir if not yet existing. + if [ "${first_word}" = "bot:" ]; then + session_name=$(echo -n "${line}" | cut -d' ' -f2) + bot_name=$(echo -n "${line}" | cut -d' ' -f3) + channel_name=$(echo -n "${line}" | cut -d' ' -f4) + shortened_channel_name="${channel_name}" + first_char=$(echo -n "${channel_name}" | cut -c1) + if [ "${first_char}" = "#" ]; then + shortened_channel_name=$(echo -n "${channel_name}" | cut -c2-) + fi + server_name=$(echo -n "${line}" | cut -d' ' -f5) + login_user=$(echo -n "${line}" | cut -d' ' -f6) + login_pw=$(echo -n "${line}" | cut -d' ' -f7) + add_option=$(echo -n "${line}" | cut -d' ' -f8-) + set +e + screen -S "${session_name}" -Q select . > /dev/null + start_screen=$? + set -e + if [ "${start_screen}" -eq "1" ]; then + cd ~/plomlombot-irc + LANG="en_US.UTF-8" screen -d -m -S "${session_name}" ./run.sh -r 604800 -n "${bot_name}" -u "${bot_name}" -s "${server_name}" -c "${channel_name}" ${add_option} + fi + md5_server=$(echo -n "${server_name}" | md5sum | cut -d' ' -f1) + md5_channel=$(echo -n "${channel_name}" | md5sum | cut -d' ' -f1) + logs_dir="${db_dir}/${md5_server}/${md5_channel}/logs" + # FIXME: Note the trouble we will have if we have the same channel + # name on different servers … + ln -sfn "${logs_dir}" "${irclogs_dir}/${shortened_channel_name}" + echo "${login_user}":'{PLAIN}'"${login_pw}" > "${irclogs_pw_dir}/${shortened_channel_name}" + + # If "gpg_key" line, encrypt old raw logs to that GPG key. + elif [ "${first_word}" = "gpg_key" ]; then + key=$(echo -n "${line}" | cut -d' ' -f2) + mkdir -p ~/plomlombot_db + cd ~/plomlombot_db + # Dirty hack: To avoid trouble with GPG key expiration, fake + # system to something reasonbly old (younger than key creation, + # older than expiration) by taking the mod datetime of + # /etc/hostname, which should have last be changed when the + # system was set up. + find . -path '*/*/raw_logs/*.txt' -mtime +1 -type f -exec gpg --recipient "${key}" --trust-model always --faked-system-time="${hostname_mod_epoch}" --encrypt {} \; -exec rm {} \; + fi + + done + sleep 1 + fi +done diff --git a/archived/bullseye/other_files/plomlombot_hook_post-receive b/archived/bullseye/other_files/plomlombot_hook_post-receive new file mode 100755 index 0000000..c4627af --- /dev/null +++ b/archived/bullseye/other_files/plomlombot_hook_post-receive @@ -0,0 +1,2 @@ +#!/bin/sh +GIT_WORK_TREE=/home/plom/plomlombot-irc git checkout -f diff --git a/archived/bullseye/other_files/prune_microblogpub.sh b/archived/bullseye/other_files/prune_microblogpub.sh new file mode 100644 index 0000000..8cfc385 --- /dev/null +++ b/archived/bullseye/other_files/prune_microblogpub.sh @@ -0,0 +1,10 @@ +#!/bin/sh +set -e +set -x +service microblogpub stop +microblogdir=/home/plom/testing.microblog.pub +cd "${microblogdir}" +cp -r data/microblogpub.db data/microblogpub.db.bak.$(date +%a) +su -lc "cd ${microblogdir} && poetry run inv prune-old-data" - plom +service microblogpub start +echo "last microblog pruning at $(date)" >> /home/plom/prune_log.txt diff --git a/archived/bullseye/other_files/url-catcher_customizations.json b/archived/bullseye/other_files/url-catcher_customizations.json new file mode 100644 index 0000000..acc4778 --- /dev/null +++ b/archived/bullseye/other_files/url-catcher_customizations.json @@ -0,0 +1,13 @@ +{ + "translations": { + "wrongCaptcha": "Captcha leider falsch.", + "invalidURL": "Falsch formatierte URL.", + "recordedURL": "URL aufgezeichnet (wird gesichtet und bei Angemessenheit dem Artikel angefügt): ", + "pleaseWait": "Zu viele Versuche von dieser IP. So viele Sekunden warten: " + }, + "mailConfig": { + "to": "plom+url_catcher@plomlompom.com", + "from": "plom+url_catcher@plomlompom.com" + }, + "slowdownReset": 3600 +} diff --git a/archived/bullseye/other_files/website_hook_post-receive b/archived/bullseye/other_files/website_hook_post-receive new file mode 100755 index 0000000..26d1cce --- /dev/null +++ b/archived/bullseye/other_files/website_hook_post-receive @@ -0,0 +1,2 @@ +#!/bin/sh +GIT_WORK_TREE=/var/www git checkout -f diff --git a/archived/bullseye/other_files/weechat-wrapper.sh b/archived/bullseye/other_files/weechat-wrapper.sh new file mode 100755 index 0000000..b433574 --- /dev/null +++ b/archived/bullseye/other_files/weechat-wrapper.sh @@ -0,0 +1,7 @@ +#!/bin/sh + +# Enforce ~/.weechatrc as sole persistent weechat config file. +rm -rf ~/.weechat/ +WEECHATCONF=`tr '\n' ';' < ~/.weechatrc` +weechat -r "$WEECHATCONF" +rm -rf ~/.weechat/ diff --git a/archived/bullseye/other_files/weechatlogs_encrypter.sh b/archived/bullseye/other_files/weechatlogs_encrypter.sh new file mode 100755 index 0000000..9e177d3 --- /dev/null +++ b/archived/bullseye/other_files/weechatlogs_encrypter.sh @@ -0,0 +1,16 @@ +#!/bin/sh +# Encrypt dated weechatlog files older than one day to GPG target defined in +# ~/.encrypt_target +set -e + +gpg_key=$(cat ~/.encrypt_target) +cd ~/weechatlogs/irc/ + +# Dirty hack: To avoid trouble with GPG key expiration, fake +# system to something reasonbly old (younger than key creation, +# older than expiration) by taking the mod datetime of +# /etc/hostname, which should have last be changed when the +# system was set up. +hostname_mod_epoch=$(stat -c%Y /etc/hostname) +find . -regextype posix-egrep -regex '^.*/.*/.*\.[0-9]{4}-[0-9]{2}-[0-9]{2}\.weechatlog$' -type f -mtime +1 -exec gpg --recipient "${gpg_key}" --trust-model always --faked-system-time="${hostname_mod_epoch}" --encrypt {} \; -exec rm {} \; + diff --git a/archived/bullseye/other_files/weechatrc b/archived/bullseye/other_files/weechatrc new file mode 100644 index 0000000..2673cb3 --- /dev/null +++ b/archived/bullseye/other_files/weechatrc @@ -0,0 +1,11 @@ +/set logger.file.path ~/weechatlogs +/set logger.file.flush_delay 0 +/set logger.mask.irc "irc/$server/$channel.%Y-%m-%d.weechatlog" +/set weechat.bar.status.items "[time],[buffer_last_number],[buffer_plugin],buffer_number+:+buffer_name+(buffer_modes)+{buffer_nicklist_count}+buffer_zoom+buffer_filter,[lag],[hotlist],completion,scroll,[otr]" +/set weechat.color.chat_nick_colors "lightcyan" +/server add libera irc.libera.chat/6697 -nicks=plomlompom,plomlomp0m,ploml0mp0m,pl0ml0mp0m -realname="Christian Heller" -autojoin=#plomlomtest -ssl +/set irc.server.libera.sasl_mechanism PLAIN +/set irc.server.libera.sasl_username FOO +/set irc.server.libera.sasl_password BAR +/connect libera +/bar hide buflist diff --git a/archived/bullseye/other_files/zettel_hook_post-receive b/archived/bullseye/other_files/zettel_hook_post-receive new file mode 100755 index 0000000..3bea5b2 --- /dev/null +++ b/archived/bullseye/other_files/zettel_hook_post-receive @@ -0,0 +1,5 @@ +#!/bin/sh +ZETTELDIR=/home/plom/zettel +GIT_WORK_TREE=$ZETTELDIR git checkout -f +cd $ZETTELDIR +redo diff --git a/archived/bullseye/setup_scripts/copy_dirtree.sh b/archived/bullseye/setup_scripts/copy_dirtree.sh new file mode 100755 index 0000000..c0cb9bf --- /dev/null +++ b/archived/bullseye/setup_scripts/copy_dirtree.sh @@ -0,0 +1,30 @@ +#!/bin/sh +# Copy files in argument-selected subdirectories of $1 to subdirectories +# of $2 (which may be an empty string), e.g. with $1 of "etc_files", $2 +# of "" and $3 of "all", copy files below etc_files/all such as +# etc_files/all/etc/foo/bar to equivalent locations below / such as +# /etc/foo/bar. Create directories as necessary. Multiple arguments after +# $3 are possible. +# +# CAUTION: This removes original files at the affected paths. +set -e + +if [ "$#" -lt 3 ]; then + echo 'Need arguments: source root, target root, modules.' + false +fi +source_root="$1" +target_root="$2" +shift 2 + +for target_module in "$@"; do + mkdir -p "${source_root}/${target_module}" + cd "${source_root}/${target_module}" + for path in $(find . -type f); do + target_path="${target_root}"$(echo "${path}" | cut -c2-) + source_path=$(realpath "${path}") + dir=$(dirname "${target_path}") + mkdir -p "${dir}" + cp "${source_path}" "${target_path}" + done +done diff --git a/archived/bullseye/setup_scripts/init_user_and_keybased_login.sh b/archived/bullseye/setup_scripts/init_user_and_keybased_login.sh new file mode 100755 index 0000000..358a37e --- /dev/null +++ b/archived/bullseye/setup_scripts/init_user_and_keybased_login.sh @@ -0,0 +1,50 @@ +#!/bin/sh +# This script turns a fresh server with password-based root access into +# one of only key-based access and only to new non-root account plom. +# +# CAUTION: This is optimized for a *fresh* setup. It will overwrite any +# pre-existing ~/.ssh/authorized_keys of user plom with one that solely +# contains the local ~/.ssh/id_rsa.pub, and also any old +# /etc/ssh/sshd_config. +# +# Dependencies: ssh, scp, sshpass, ~/.ssh/id_rsa.pub, properly +# configured sshd_config file in misc.sh:$local_etc_server +set -e +. ./misc.sh +. ../../misc.sh + +expect_n_args 1 "(server)" "$@" +server="$1" + +# If we already knew that host … +ssh-keygen -f "/home/plom/.ssh/known_hosts" -R "${server}" + +# This will be used to log-in as root from plom account. +printf '\nFirst, enter the old root password; then enter new password three times.\n\n' +ssh root@"${server}" 'printf "\n\n" && passwd' + +# Save root password for sshpass +stty -echo +printf "Re-enter new server root password: " +read PW_ROOT +stty echo +printf "\n" +export SSHPASS="${PW_ROOT}" + +# Create user plom, and his ~/.ssh/authorized_keys based on the local +# ~/.ssh/id_rsa.pub; ensure the result has proper permissions and +# ownerships. Then disable root and pw login by copying over the +# sshd_config and restart ssh daemon. +# +# This could be a line or two shorter by using ssh-copy-id, but that +# would require setting a password for user plom otherwise not needed. +sshpass -e scp ~/.ssh/id_rsa.pub root@"${server}":/tmp/authorized_keys +sshpass -e ssh root@"${server}" \ + 'useradd -m plom && '\ + 'mkdir /home/plom/.ssh && '\ + 'chown plom:plom /home/plom/.ssh && '\ + 'chown plom:plom /tmp/authorized_keys && '\ + 'chmod u=rw,go= /tmp/authorized_keys && '\ + 'mv /tmp/authorized_keys /home/plom/.ssh/' +sshpass -e scp "${local_path_sshd_config}" root@"${server}":"${system_path_sshd_config}" +sshpass -e ssh root@"${server}" 'service ssh restart' diff --git a/archived/bullseye/setup_scripts/init_user_login.sh b/archived/bullseye/setup_scripts/init_user_login.sh new file mode 100755 index 0000000..3dfc0d5 --- /dev/null +++ b/archived/bullseye/setup_scripts/init_user_login.sh @@ -0,0 +1,39 @@ +#!/bin/sh +# This script turns a fresh server with password-based root access into +# one of only key-based access and only to new non-root account plom. +# +# CAUTION: This is optimized for a *fresh* setup. It will overwrite any +# pre-existing ~/.ssh/authorized_keys of user plom with one that solely +# contains the local ~/.ssh/id_rsa.pub, and also any old +# /etc/ssh/sshd_config. +# +# Dependencies: ssh, scp, ~/.ssh/id_rsa.pub, properly configured sshd_config +# file in misc.sh:$local_etc_server. +set -e +. ./misc.sh +. ../../misc.sh + +expect_n_args 1 "(server)" "$@" +server="$1" + +# If we already knew that host … +ssh-keygen -f "/home/plom/.ssh/known_hosts" -R "${server}" + +# So we're only asked once … +eval $(ssh-agent) +ssh-add + +# This will be used to log-in as root from plom account. +printf '\nAsking for new root password.\n\n' +ssh root@"${server}" 'printf "\n\n" && passwd' + +# Set up plom's ~/.ssh/authorized_keys from root's. +ssh root@"${server}" 'useradd -m plom' +ssh root@"${server}" 'mkdir /home/plom/.ssh' +ssh root@"${server}" 'chown plom:plom /home/plom/.ssh' +ssh root@"${server}" 'cp /root/.ssh/authorized_keys /home/plom/.ssh/' +ssh root@"${server}" 'chown plom:plom /home/plom/.ssh/authorized_keys' + +# Set up SSH config and remove direct SSH login to root. +scp "${local_path_sshd_config}" root@"${server}":"${system_path_sshd_config}" +ssh root@"${server}" 'rm -rf /root/.ssh && service ssh restart' diff --git a/archived/bullseye/setup_scripts/install_for_target.sh b/archived/bullseye/setup_scripts/install_for_target.sh new file mode 100755 index 0000000..6f42b56 --- /dev/null +++ b/archived/bullseye/setup_scripts/install_for_target.sh @@ -0,0 +1,20 @@ +#!/bin/sh +# Walks through the package names in the argument-selected files of +# apt-mark/ and ensures the respective packages are installed. +# +# Ignores anything in an apt-mark/ file after the last newline. +set -e + +config_tree_prefix="${HOME}/config/bullseye" +aptmark_dir="${config_tree_prefix}/apt-mark" + +for target in "$@"; do + path="${aptmark_dir}/${target}" + # TODO: continue if file at $path not found, to get rid of dummy files + cat "${path}" | while read line; do + echo "$line" + if [ ! $(echo "${line}" | cut -c1) = "#" ]; then + DEBIAN_FRONTEND=noninteractive apt-get -y -o Dpkg::Options::=--force-confold install "${line}" + fi + done +done diff --git a/archived/bullseye/setup_scripts/migrate_borg.sh b/archived/bullseye/setup_scripts/migrate_borg.sh new file mode 100755 index 0000000..28a0fd9 --- /dev/null +++ b/archived/bullseye/setup_scripts/migrate_borg.sh @@ -0,0 +1,17 @@ +#!/bin/sh +set -e + +if [ "$#" -ne 1 ]; then + echo 'Need old server IP.' + false +fi +old_server="$1" +config_tree_prefix="${HOME}/config/bullseye" +cp "${config_tree_prefix}/setup_scripts/prepare_to_meet_server.sh" /home/plom/ +chown plom:plom /home/plom/prepare_to_meet_server.sh +su -lc "./prepare_to_meet_server.sh ${old_server}" plom +read -p'Hit Enter when you are done.' ignore +rm /home/plom/prepare_to_meet_server.sh +cp "${config_tree_prefix}/setup_scripts/mirror_dir.sh" /home/plom/ +su -lc "./mirror_dir.sh ${old_server} /home/plom/borg" plom +rm /home/plom/mirror_dir.sh diff --git a/archived/bullseye/setup_scripts/mirror_dir.sh b/archived/bullseye/setup_scripts/mirror_dir.sh new file mode 100755 index 0000000..0fc03aa --- /dev/null +++ b/archived/bullseye/setup_scripts/mirror_dir.sh @@ -0,0 +1,23 @@ +#!/bin/sh +# Mirror directory tree from remote to local server, keeping the path. +set -e + +if [ $# -lt 2 ]; then + echo "Need server and directory as arguments." + false +fi +server=$1 +dir=$2 +path_package=/tmp/delete.tar + +eval `ssh-agent` +ssh-add +cd +ssh plom@"${server}" "cd \"${dir}\" && tar cf ${path_package} ." +scp plom@"${server}":"${path_package}" "${path_package}" +mkdir -p "${dir}" +cd "${dir}" +tar xf "${path_package}" +cd +rm "${path_package}" +ssh plom@"${server}" rm "${path_package}" diff --git a/archived/bullseye/setup_scripts/misc.sh b/archived/bullseye/setup_scripts/misc.sh new file mode 100644 index 0000000..bf38bf6 --- /dev/null +++ b/archived/bullseye/setup_scripts/misc.sh @@ -0,0 +1,3 @@ +#!/bin/sh +#set -e +config_tree_prefix="${HOME}/public_repos/config/bullseye" diff --git a/archived/bullseye/setup_scripts/prepare_to_meet_server.sh b/archived/bullseye/setup_scripts/prepare_to_meet_server.sh new file mode 100755 index 0000000..df2aa41 --- /dev/null +++ b/archived/bullseye/setup_scripts/prepare_to_meet_server.sh @@ -0,0 +1,22 @@ +#!/bin/sh +# Do some of the steps necessary to SSH (key-based) with another server. +set -e + +if [ "$#" -ne 1 ]; then + echo 'Need server IP as argument.' + false +fi +target="$1" + +# We need a public key to copy over, so generate it if not found. +if [ ! -f ~/.ssh/id_rsa.pub ]; then + ssh-keygen -N "" +fi + +# Add target to ~/.ssh/known_hosts so we don't get +# asked for permission at inopportune moments. +ssh-keyscan -H "$target" >> ~/.ssh/known_hosts + +# Tell user what to do. +echo "APPEND FOLLOWING TO TARGET'S ~/.ssh/authorized_keys:" +cat ~/.ssh/id_rsa.pub diff --git a/archived/bullseye/setup_scripts/purge_nonrequireds.sh b/archived/bullseye/setup_scripts/purge_nonrequireds.sh new file mode 100755 index 0000000..135196b --- /dev/null +++ b/archived/bullseye/setup_scripts/purge_nonrequireds.sh @@ -0,0 +1,30 @@ +#!/bin/sh +# This script removes all Debian packages that are not of Priority +# "required" or not depended on by packages of priority "required" +# or not listed in the argument-selected files of apt-mark/. +set -e + +config_tree_prefix="${HOME}/config/bullseye" +aptmark_dir="${config_tree_prefix}/apt-mark" + +dpkg-query -Wf '${Package} ${Priority}\n' | grep ' required' | sed 's/ required//' > /tmp/list_white_unsorted +for target in "$@"; do + path="${aptmark_dir}/${target}" + cat "${path}" | while read line; do + if [ ! $(echo "${line}" | cut -c1) = "#" ]; then + echo "${line}" >> /tmp/list_white_unsorted + fi + done +done +sort /tmp/list_white_unsorted > /tmp/list_white +dpkg-query -Wf '${Package}\n' > /tmp/list_all_packages +sort /tmp/list_all_packages > /tmp/foo +mv /tmp/foo /tmp/list_all_packages +comm -3 /tmp/list_all_packages /tmp/list_white > /tmp/list_black +apt-mark auto `cat /tmp/list_black` +DEBIAN_FRONTEND=noninteractive apt-get -y --purge autoremove +rm /tmp/list_all_packages /tmp/list_white_unsorted /tmp/list_white /tmp/list_black + +# Somehow, auto-mounts get undone by all of this, so re-mount /etc/fstab. +# TODO: Find out why. +mount -a diff --git a/archived/bullseye/setup_scripts/set_hostname_and_fqdn.sh b/archived/bullseye/setup_scripts/set_hostname_and_fqdn.sh new file mode 100755 index 0000000..a3b9f9a --- /dev/null +++ b/archived/bullseye/setup_scripts/set_hostname_and_fqdn.sh @@ -0,0 +1,50 @@ +#!/bin/sh +# Sets hostname and optionally FQDN. +# +# Calls hostname, writes to /etc/hostname and /etc/hosts. For /etc/hosts +# writing follows recommendations from Debian manual at +# +# (section "The hostname resolution") on how to map hostname and possibly +# FQDN to a permanent IP if present (we assume here any non-private IP +# and non-loopback IP returned by hostname -I to fulfill that criterion +# on our systems) or to 127.0.1.1 if not. On the reasoning for separating +# localhost and hostname mapping to different IPs, see +# . +# +# Ignores IPv6s. +set -e + +hostname="$1" +fqdn="$2" +if [ "${hostname}" = "" ]; then + echo "Need hostname as argument." + false +fi +echo "${hostname}" > /etc/hostname +hostname "${hostname}" + +final_ip="127.0.1.1" +for ip in $(hostname -I); do + if [ $(echo "${ip}" | grep ':' | wc -l) -eq 1 ]; then + continue + fi + range_1=$(echo "${ip}" | cut -d "." -f 1) + range_2=$(echo "${ip}" | cut -d "." -f 2) + if [ "${range_1}" -eq 127 ]; then + continue + elif [ "${range_1}" -eq 10 ]; then + continue + elif [ "${range_1}" -eq 172 ]; then + if [ "${range_2}" -ge 16 ] && [ "${range_2}" -le 31 ]; then + continue + fi + elif [ "${range_1}" -eq 192 ]; then + if [ "${range_2}" -eq 168 ]; then + continue + fi + fi + final_ip="${ip}" +done + +echo "127.0.0.1 localhost.localdomain localhost" > /etc/hosts +echo "${final_ip} ${fqdn} ${hostname}" >> /etc/hosts diff --git a/archived/bullseye/setup_scripts/setup.sh b/archived/bullseye/setup_scripts/setup.sh new file mode 100755 index 0000000..aadfc25 --- /dev/null +++ b/archived/bullseye/setup_scripts/setup.sh @@ -0,0 +1,39 @@ +#!/bin/sh +set -e + +# Provide maximum input for set_hostname_and_fqdn.sh. +if [ "$#" -lt 2 ]; then + echo 'Need at least two arguments (hostname, FQDN).' + false +fi +hostname="$1" +fqdn="$2" +shift 2 + +config_tree_prefix="${HOME}/config/bullseye" +setup_scripts_dir="${config_tree_prefix}/setup_scripts" +cd "${setup_scripts_dir}" + +# Adapt /etc/ to our needs by copying from ./etc_files. This will set +# basic configurations affecting following steps, such as setup of APT +# and the locale selection, so needs to be right at the beginning. +./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" all "$@" + +# Set hostname and FQDN. +./set_hostname_and_fqdn.sh "${hostname}" "${fqdn}" + +# Ensure package installation state as defined by what packages are +# defined as required by Debian policy and by settings in ./apt-mark/. +apt update +./install_for_target.sh all "$@" +./purge_nonrequireds.sh all "$@" + +# Ensure our desired locale is available. +locale-gen + +# Only upgrade after reducing the system to the desired minimum, so that +# we don't need to get more data than necessary. +apt -y dist-upgrade + +# Set Berlin localtime. +ln -sf /usr/share/zoneinfo/Europe/Berlin /etc/localtime diff --git a/archived/bullseye/setup_scripts/setup_daily_reboot.sh b/archived/bullseye/setup_scripts/setup_daily_reboot.sh new file mode 100755 index 0000000..f8ed183 --- /dev/null +++ b/archived/bullseye/setup_scripts/setup_daily_reboot.sh @@ -0,0 +1,9 @@ +#!/bin/sh +set -e + +# Set up system without user environment. +config_tree_prefix="${HOME}/config/bullseye" + +./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" daily_reboot +systemctl enable reboot.timer +systemctl start reboot.timer diff --git a/archived/bullseye/setup_scripts/setup_desktop.sh b/archived/bullseye/setup_scripts/setup_desktop.sh new file mode 100755 index 0000000..329e6e2 --- /dev/null +++ b/archived/bullseye/setup_scripts/setup_desktop.sh @@ -0,0 +1,65 @@ +#!/bin/sh +set -e + +if [ "$#" -ne 1 ]; then + echo 'Need exactly one argument (system name).' + false +fi +if [ ! "$1" = "x220" ] && [ ! "$1" = "w530" ]; then + echo "Need legal system name." + false +fi +system_name="$1" + +# Set up system without user environment. +config_tree_prefix="${HOME}/config/bullseye" +setup_scripts_dir="${config_tree_prefix}/setup_scripts" +cd "${setup_scripts_dir}" +if [ "$1" = "x200s" ] || [ "$1" = "x220" ] || [ "$1" = "w530" ]; then + ./setup.sh "${system_name}" "" user desktop thinkpad "${system_name}" +else + ./setup.sh "${system_name}" "" user desktop "${system_name}" +fi + +# # Set up printer. +# ppd_deb="hll2350dwpdrv-4.0.0-1.i386.deb" +# wget "https://download.brother.com/welcome/dlf103566/${ppd_deb}" +# dpkg --add-architecture i386 +# apt update +# apt install -y "./${ppd_deb}" +# # lpadmin -p 'Brother_HLL2350DW' -m 'brother-HLL2350DW-cups-en.ppd' +# # service cups restart +# rm "./${ppd_deb}" +# # TODO explore potential lpadmin options like -o 'OutputMode=NormalGray' + +# Set up user environments. +secrets_dev="sdb" +source_dir_secrets="/media/${secrets_dev}/to_usb" +target_dir_secrets="/home/plom/tmp_secrets" +cd "${setup_scripts_dir}" +./copy_dirtree.sh "${config_tree_prefix}/home_files" "/root" minimal root +set +e +HOME_DIR_EXISTS=$([ ! -d "/home/plom" ]; echo $?) +set -e +adduser --disabled-password --gecos "" plom +usermod -a -G sudo plom +passwd plom +if [ "${HOME_DIR_EXISTS}" -eq 0 ]; then + echo "Put secrets drive into slot for /dev/${secrets_dev}." + while [ ! -e /dev/"${secrets_dev}" ]; do + sleep 1 + done + stty -echo + printf "Secrets passphrase: " + read secrets_pass + stty echo + echo "" # newline so user knows their input return was accepted + echo "${secrets_pass}" | pmount /dev/"${secrets_dev}" + cp -a "${source_dir_secrets}" "${target_dir_secrets}" + chown -R plom:plom "${target_dir_secrets}" + pumount "${secrets_dev}" + echo "You can remove /dev/${secrets_dev} now." + cp setup_home.sh /home/plom + chown plom:plom /home/plom/setup_home.sh + SECRETS_PASS="${secrets_pass}" su -c "cd && ./setup_home.sh ${system_name}" plom +fi diff --git a/archived/bullseye/setup_scripts/setup_dumpsite.sh b/archived/bullseye/setup_scripts/setup_dumpsite.sh new file mode 100755 index 0000000..35f7c8e --- /dev/null +++ b/archived/bullseye/setup_scripts/setup_dumpsite.sh @@ -0,0 +1,102 @@ +#!/bin/sh +set -e + +if [ "$#" -ne 4 ]; then + echo 'Need domain name and mail and old server and repos source ("local" or "remote"?).' + false +fi +if [ ! "$4" = "local" ] && [ ! "$4" = "remote" ]; then + echo "Need legal repo source name." + false +fi +domain="$1" +mail="$2" +old_server="$3" +repos_source="$4" + +read -p"Only continue if hostname is not domain of url_catcher's target mail address, else abort!" ignore + +# Install configs, set up firewall. +echo "postfix postfix/main_mailer_type string 'Internet Site'" | debconf-set-selections +echo "postfix postfix/mailname string $(hostname -f)" | debconf-set-selections +config_tree_prefix="${HOME}/config/bullseye" +./install_for_target.sh web dumpsite +./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" web dumpsite +nft -f /etc/nftables.conf + +# Set up letsencrypt certificate. TODO: Is it auto-renewed? +ln -sf /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default +certbot --nginx --agree-tos --redirect --no-eff-email -m "${mail}" -d "${domain}" +rm /etc/nginx/sites-enabled/default + +# Set up connection to old dump server. +cp "${config_tree_prefix}/setup_scripts/prepare_to_meet_server.sh" /home/plom/ +chown plom:plom /home/plom/prepare_to_meet_server.sh +su -lc "./prepare_to_meet_server.sh ${old_server}" plom +read -p'Hit Enter when you are done.' ignore +rm /home/plom/prepare_to_meet_server.sh + +# Set up dump dirs. +mkdir /var/www-dump +chown plom:plom /var/www-dump +dump_dir=dump +geheim_dir=geheim +su -lc "ln -s /home/plom/${dump_dir} /var/www-dump/${dump_dir}" plom +su -lc "ln -s /home/plom/${geheim_dir} /var/www-dump/${geheim_dir}" plom +cp "${config_tree_prefix}/setup_scripts/mirror_dir.sh" /home/plom/ +su -lc "./mirror_dir.sh ${old_server} /home/plom/${dump_dir}" plom +su -lc "./mirror_dir.sh ${old_server} /home/plom/${geheim_dir}" plom +su -lc "scp plom@${old_server}:/var/www-dump/password_geheim ~" plom +mv /home/plom/password_geheim /var/www-dump/password_geheim +rm /home/plom/mirror_dir.sh + +# Set up redo. +wget http://news.dieweltistgarnichtso.net/bin/archives/redo-sh.tar.gz +tar -moxzf redo-sh.tar.gz -C /usr/local + +# Set up zettel. +su -lc "git clone --mirror ${old_server}:zettel.git" plom +cp "${config_tree_prefix}/other_files/zettel_hook_post-receive" /home/plom/zettel.git/hooks/post-receive +su -lc "git clone ~/zettel.git && cd zettel && redo" plom +su -lc "ln -s /home/plom/zettel /var/www-dump/zettel" plom +# NOTE: Locally, to update content, clone zettel.git, not zettel. + +# Set up redo blog. +su -lc "git clone --mirror ${old_server}:blog.git" plom +cp "${config_tree_prefix}/other_files/blog_hook_post-receive" /home/plom/blog.git/hooks/post-receive +su -lc "git clone ~/blog.git" plom +# TODO: set up like plomlombot repo (with post-recieve hook)? +if [ "$repos_source" = "local"]; then + su -lc "git clone /var/repos/redo-blog" plom +else + su -lc "git clone https://plomlompom.com/repos/clone/redo-blog" plom +fi +su -lc "cd redo-blog && ./add_dir.sh ~/blog" plom +su -lc "cd blog && redo" plom +su -lc "ln -s /home/plom/blog/public /var/www-dump/blog" plom +# NOTE: Locally, to update content, clone blog.git, not blog. + +# Set up url catcher. +# TODO: set up like plomlombot repo (with post-recieve hook)? +if [ "$repos_source" = "local" ]; then + su -lc "git clone /var/repos/url-catcher" plom +else + su -lc "git clone https://plomlompom.com/repos/clone/url-catcher" plom +fi +su -lc "cd url-catcher && ln -s ../blog/captchas/linkable/ captchas" plom +cp "${config_tree_prefix}/other_files/url-catcher_customizations.json" /home/plom/url-catcher/customizations.json +systemctl enable url_catcher.service +service url_catcher start +cp "${config_tree_prefix}/setup_scripts/mirror_dir.sh" /home/plom/ +su -lc "./mirror_dir.sh ${old_server} /home/plom/url-catcher/ips" plom +su -lc "./mirror_dir.sh ${old_server} /home/plom/url-catcher/lists" plom +rm /home/plom/mirror_dir.sh + +# Set up index.html +cp "${config_tree_prefix}/other_files/dumpsite_index.html" /var/www-dump/index.html + +# Prepare NGINX. +sed -i "s/REPLACE_fqdn_ECALPER/${domain}/g" /etc/nginx/sites-available/dumpsite.nginx +ln -s /etc/nginx/sites-available/dumpsite.nginx /etc/nginx/sites-enabled/dumpsite.nginx + +service nginx restart diff --git a/archived/bullseye/setup_scripts/setup_firefox.sh b/archived/bullseye/setup_scripts/setup_firefox.sh new file mode 100755 index 0000000..1cc312f --- /dev/null +++ b/archived/bullseye/setup_scripts/setup_firefox.sh @@ -0,0 +1,24 @@ +#!/bin/sh +set -e + +# Set up system without user environment. +config_tree_prefix="${HOME}/config/bullseye" + +# Install Firefox directly from Mozilla. +firefox_release="91.5.1esr" +firefox_filename="firefox-${firefox_release}.tar.bz2" +url_firefox="https://ftp.mozilla.org/pub/firefox/releases/${firefox_release}/linux-x86_64/en-US/${firefox_filename}" +wget "${url_firefox}" +mv "${firefox_filename}" /opt/ +cd /opt/ +tar xf "${firefox_filename}" +rm "${firefox_filename}" +ln -f -s /opt/firefox/firefox /usr/local/bin/ +update-alternatives --install /usr/bin/x-www-browser x-www-browser /opt/firefox/firefox 200 +update-alternatives --set x-www-browser /opt/firefox/firefox + +# as default new tab content for tridactyl +cp "${config_tree_prefix}/other_files/blank.html" /opt/firefox/ + +echo "TODO: Install uBlock Origin and tridactyl plugins, run :installnative and :source." + diff --git a/archived/bullseye/setup_scripts/setup_home.sh b/archived/bullseye/setup_scripts/setup_home.sh new file mode 100755 index 0000000..7471598 --- /dev/null +++ b/archived/bullseye/setup_scripts/setup_home.sh @@ -0,0 +1,101 @@ +#!/bin/sh +set -e + +if [ "$#" -ne 1 ]; then + echo 'Need exactly one argument (system name).' + false +fi +if [ ! "$1" = "x220" ] && [ ! "$1" = "w530" ]; then + echo "Need legal system name." + false +fi +system_name="$1" + +public_repos_dir="${HOME}/public_repos" +config_tree_prefix="${public_repos_dir}/config/bullseye" +path_borgscript="${config_tree_prefix}//borg.sh" +setup_scripts_dir="${config_tree_prefix}/setup_scripts" +repos_list_file="${public_repos_dir}/repos" +dir_secrets="${HOME}/tmp_secrets" +borgkeys_dir=~/.config/borg/keys +borgrepos_file=~/.borgrepos +ssh_dir=~/.ssh +authinfo_file=.authinfo +maildir=~/mail/maildir + +ensure_repo() { + repo_name="${1}" + if [ ! -d "${public_repos_dir}/${repo_name}" ]; then + cd "${public_repos_dir}" + git clone plom@plomlompom.com:/var/repos/${repo_name} + fi +} + +# Set up iniitial non-public parts of infrastructure: SSH authentication. +cd "${dir_secrets}" +mkdir -p "${ssh_dir}" +echo "Setting up .ssh" +cp id_rsa ~/.ssh +stty -echo +ssh-keygen -y -f ~/.ssh/id_rsa > ~/.ssh/id_rsa.pub +stty echo +eval $(ssh-agent) +ssh-add +ssh-keyscan -H "plomlompom.com" >> ~/.ssh/known_hosts + +# Clone config to copy dotfiles etc. from it. +cd +mkdir -p "${public_repos_dir}" +ensure_repo config +cd "${setup_scripts_dir}" +./copy_dirtree.sh "${config_tree_prefix}/home_files" "${HOME}" minimal user "${system_name}" + +# # Set up native messenger for tridactyl. +# version='ef9f02d0da258f68d7faf8898707f6d83d90d07a' +# curl -fsSl "https://raw.githubusercontent.com/tridactyl/tridactyl/${version}/native/install.sh" | bash + +# Set up further non-public parts of infrastructure. +cd "${dir_secrets}" +script -c 'gpg --import secret_keys.asc' /dev/null +tar xf borg_keyfiles.tar +mkdir -p "${borgkeys_dir}" +mv borg_keyfiles/* "${borgkeys_dir}" +# .authinfo may not be present on every secrets drive yet +if [ -f "${authinfo_file}" ]; then + cp "${authinfo_file}" ~ +fi +cd +rm -rf "${dir_secrets}" + +# Sync org dir via borgbackup. For this we need the borgbackup servers +# in our .ssh/known_hosts file. +cat "${borgrepos_file}" | while read line; do + first_char=$(echo "${line}" | cut -c1) + if [ "${first_char}" = "#" ]; then + continue + fi + server=$(echo "${line}" | sed 's/.*@//') + ssh-keyscan "${server}" >> "${ssh_dir}"/known_hosts +done +BORG_PASSPHRASE="${SECRETS_PASS}" "${path_borgscript}" orgpull + +# Fill ~/public_repos. +cat "${repos_list_file}" | while read line; do + first_char=$(echo "${line}" | cut -c1) + if [ "${first_char}" = "#" ]; then + continue + fi + ensure_repo "${line}" +done + +# Set up e-mail system. Note that we only do mbsync if the imap pass file +# is found. It may not be present on every secrets drive yet, so we have to +# deal with the possibility of it being absent at this point. +mkdir -p "${maildir}" # expected by mbsync/isync +if [ -f "${HOME}/${authinfo_file}" ]; then + mbsync -a + notmuch new +fi + +# # Final note on how to integrate tridactyl. +# echo "TODO: As tridactyl user, don't forget to do :source on the first Firefox run, wait a little while (Tridactyl needs to walk through all commands in the .tridactylrc) and then re-start." diff --git a/archived/bullseye/setup_scripts/setup_microblogpub.sh b/archived/bullseye/setup_scripts/setup_microblogpub.sh new file mode 100755 index 0000000..d0f68c9 --- /dev/null +++ b/archived/bullseye/setup_scripts/setup_microblogpub.sh @@ -0,0 +1,58 @@ +#!/bin/sh +set -e +set -x + +if [ "$#" -ne 2 ]; then + echo 'Need domain name and mail.' + false +fi +domain="$1" +mail="$2" + +# Install configs, set up firewall. +config_tree_prefix="${HOME}/config/bullseye" +./install_for_target.sh web microblogpub +./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" web microblogpub +apt update # since we just updated /etc/apt/sources.list +nft -f /etc/nftables.conf + +# Set up letsencrypt certificate. TODO: Is it auto-renewed? +ln -sf /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default +certbot --nginx --agree-tos --redirect --no-eff-email -m "${mail}" -d "${domain}" +rm /etc/nginx/sites-enabled/default + +# Install Python >=3.10 from source (Bullseye only has 3.9). +python_version=3.11.1 +python_dirname="Python-${python_version}" +su -lc "wget https://www.python.org/ftp/python/${python_version}/${python_dirname}.tgz" plom +su -lc "tar -xvf ${python_dirname}.tgz" plom +su -lc "cd /home/plom/${python_dirname} && ./configure --enable-optimizations && make" +cd /home/plom/${python_dirname}/ +make altinstall +cd +rm -rf /home/plom/${python_dirname} + +# Configure/install Poetry and microblog.pub. +su -lc "curl -sSL https://install.python-poetry.org | python3.11" - plom +su -lc "git clone https://git.sr.ht/~tsileo/microblog.pub testing.microblog.pub" - plom +su -lc "poetry config installer.parallel false" - plom +su -lc "cd testing.microblog.pub && poetry install" - plom +su -lPc "cd testing.microblog.pub && poetry run inv configuration-wizard" - plom +su -lPc "cd testing.microblog.pub && poetry run inv migrate-db" - plom + +# Set up microblog.pub daemon service. +venv_dir_path=$( su -lPc "cd testing.microblog.pub && poetry env info --path" - plom) +venv_dir=$(basename ${venv_dir_path}) +sed -i "s/REPLACE_venv_dir_ECALPER/${venv_dir}/g" /etc/systemd/system/microblogpub.service +systemctl enable microblogpub.service +service microblogpub start + +# Prepare and start NGINX config. +sed -i "s/REPLACE_fqdn_ECALPER/${domain}/g" /etc/nginx/sites-available/microblogpub.nginx +ln -s /etc/nginx/sites-available/microblogpub.nginx /etc/nginx/sites-enabled/microblogpub.nginx +service nginx restart + +# Setup regular DB pruning +cp "${config_tree_prefix}/other_files/prune_microblog.sh" /home/plom/ +systemctl enable microblogpub_prune.timer +systemctl start microblogpub_prune.timer diff --git a/archived/bullseye/setup_scripts/setup_play.sh b/archived/bullseye/setup_scripts/setup_play.sh new file mode 100755 index 0000000..a29b2f6 --- /dev/null +++ b/archived/bullseye/setup_scripts/setup_play.sh @@ -0,0 +1,54 @@ +#!/bin/sh +set -e + +if [ "$#" -lt 1 ]; then + echo "Need public key ID and optionally old server IP." + false +fi +gpg_key="$1" +old_server="$2" + +config_tree_prefix="${HOME}/config/bullseye" +./install_for_target.sh play +./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" play +cp "${config_tree_prefix}/other_files/weechatrc" /home/plom/.weechatrc +cp "${config_tree_prefix}/other_files/weechat-wrapper.sh" /home/plom/ +cp "${config_tree_prefix}/other_files/weechatlogs_encrypter.sh" /home/plom/ +chown plom:plom /home/plom/*weechat* +chown plom:plom /home/plom/.weechatrc +echo "${gpg_key}" > /home/plom/.encrypt_target +chown plom:plom /home/plom/.encrypt_target + +# TODO refactor with setup_website.sh +# Add encryption key. +keyservers='keyserver.ubuntu.com pgp.surf.nl pgp.rediris.es' +set +e +while true; do + do_break=0 + for keyserver in $(echo "${keyservers}"); do + su plom -c "gpg --no-tty --keyserver $keyserver --recv-key ${gpg_key}" + if [ $? -eq "0" ]; then + do_break=1 + break + fi + echo "Attempt with keyserver ${keyserver} unsuccessful, trying other." + done + if [ "${do_break}" -eq "1" ]; then + break + fi +done +set -e + +if [ "${old_server}" != "" ]; then + cp "${config_tree_prefix}/setup_scripts/prepare_to_meet_server.sh" /home/plom/ + su -lc "./prepare_to_meet_server.sh ${old_server}" plom + read -p'Hit Enter when you are done.' ignore + rm /home/plom/prepare_to_meet_server.sh + su -lc "scp plom@${old_server}:.ssh/authorized_keys .ssh/authorized_keys" plom + su -lc "scp plom@${old_server}:.weechatrc ~" plom + cp "${config_tree_prefix}/setup_scripts/mirror_dir.sh" /home/plom/ + su -lc "./mirror_dir.sh ${old_server} /home/plom/weechatlogs" plom + rm /home/plom/mirror_dir.sh +fi + +systemctl enable --now encrypt_chatlogs.timer diff --git a/archived/bullseye/setup_scripts/setup_server.sh b/archived/bullseye/setup_scripts/setup_server.sh new file mode 100755 index 0000000..a05db18 --- /dev/null +++ b/archived/bullseye/setup_scripts/setup_server.sh @@ -0,0 +1,26 @@ +#!/bin/sh +# Next setup steps for a server whose login policy has just been set from +# the outside via ./init_user_and_keybased_login.sh. +set -e + +# Provide maximum input for set_hostname_and_fqdn.sh. +if [ "$#" -lt 2 ]; then + echo 'Need exactly two arguments (hostname, FQDN).' + false +fi +hostname="$1" +fqdn="$2" +additional_arg="$3" + +# Set up system without user environment. +config_tree_prefix="${HOME}/config/bullseye" +setup_scripts_dir="${config_tree_prefix}/setup_scripts" +cd "${setup_scripts_dir}" +./setup.sh "${hostname}" "${fqdn}" server "${additional_arg}" + +# If we have not yet set the shell for user plom, ensure it here. This +# is mostly for convenience. +usermod -s /bin/bash plom + +# Enable firewall. +systemctl enable nftables.service diff --git a/archived/bullseye/setup_scripts/setup_website.sh b/archived/bullseye/setup_scripts/setup_website.sh new file mode 100755 index 0000000..ad36796 --- /dev/null +++ b/archived/bullseye/setup_scripts/setup_website.sh @@ -0,0 +1,139 @@ +#!/bin/sh +set -e + +if [ "$#" -ne 4 ] && [ "$#" -ne 5 ]; then + echo 'Need domain name and mail and key ID and init state and possibly old server IP as argument.' + false +fi +if [ ! "$4" = "copy" ] && [ ! "$4" = "new" ]; then + echo "Need init state to be either 'copy' or 'new'." + false +fi +if [ ! "$4" = "new" ] && [ "$#" -ne 5 ]; then + echo "With init state != 'new' need fifth argument old server IP." + false +fi +domain="$1" +mail="$2" +gpg_key="$3" +init_state="$4" +old_server="$5" + +# Install configs, set up firewall. +config_tree_prefix="${HOME}/config/bullseye" +./install_for_target.sh web website +./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" web website +nft -f /etc/nftables.conf + +# Set up letsencrypt certificate. TODO: Is it auto-renewed? +ln -sf /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default +certbot --nginx --agree-tos --redirect --no-eff-email -m "${mail}" -d "${domain}" +rm /etc/nginx/sites-enabled/default + +# Set up connection to old server. +if [ ! "${init_state}" = "new" ]; then + cp "${config_tree_prefix}/setup_scripts/prepare_to_meet_server.sh" /home/plom/ + chown plom:plom /home/plom/prepare_to_meet_server.sh + su -lc "./prepare_to_meet_server.sh ${old_server}" plom + read -p'Hit Enter when you are done.' ignore + rm /home/plom/prepare_to_meet_server.sh +fi + +# Set up repos dir. +# To use this dir, "git clone --mirror" repo source paths into it as user plom. +# As user plom, touch git-daemon-export-ok files into it to make the repo +# publically available. +if [ "${init_state}" = "new" ]; then + mkdir /var/repos + chown plom:plom /var/repos +else + cp "${config_tree_prefix}/setup_scripts/mirror_dir.sh" /home/plom/ + chmod a+w /var + if [ "${init_state}" = "copy" ]; then + su -lc "./mirror_dir.sh ${old_server} /var/repos" plom + else + su -lc "./mirror_dir.sh ${old_server} /var/public_repos" plom + fi + chmod a-w /var + rm /home/plom/mirror_dir.sh +fi + +# Prepare NGINX and GitWeb config. +sed -i "s/REPLACE_fqdn_ECALPER/${domain}/g" /etc/gitweb.conf +sed -i "s/REPLACE_fqdn_ECALPER/${domain}/g" /etc/nginx/sites-available/website.nginx +ln -s /etc/nginx/sites-available/website.nginx /etc/nginx/sites-enabled/website.nginx + +# Set up website. TODO: use non-/var/www dir for better separation to dump site +rm -rf /var/www +mkdir /var/www +chown plom:plom /var/www +if [ "${init_state}" = "new" ]; then + su -lc "cd /var/repos && git init --bare website.git" plom +fi +cp "${config_tree_prefix}/other_files/website_hook_post-receive" /var/repos/website.git/hooks/post-receive +su -lc 'cd /var/www && git clone /var/repos/website.git .' plom + +# Add encryption key. +keyservers='keyserver.ubuntu.com pgp.surf.nl pgp.rediris.es' +set +e +while true; do + do_break=0 + for keyserver in $(echo "${keyservers}"); do + su plom -c "gpg --no-tty --keyserver $keyserver --recv-key ${gpg_key}" + if [ $? -eq "0" ]; then + do_break=1 + break + fi + echo "Attempt with keyserver ${keyserver} unsuccessful, trying other." + done + if [ "${do_break}" -eq "1" ]; then + break + fi +done +set -e + +# Set up plomlombot. +irclogs_dir=/var/www/html/irclogs +irclogs_pw_dir=/var/www/irclogs_pw +mkdir -p "${irclogs_dir}" +chown -R plom:plom "${irclogs_dir}" +mkdir -p "${irclogs_pw_dir}" +chown -R plom:plom "${irclogs_pw_dir}" +if [ "${init_state}" = "new" ]; then + # TODO investigate whether we can get rid of anything here + # Handle the case that the repo is in the old pre-buster server setup – + # even then, the URL should be the same. + su -lc "cd /var/repos && git clone --mirror https://plomlompom.com/repos/clone/plomlombot-irc" plom + su -lc "touch /var/repos/plomlombot-irc.git/git-daemon-export-ok" plom + cp "${config_tree_prefix}/other_files/plomlombot_hook_post-receive" /var/repos/plomlombot-irc.git/hooks/post-receive +fi +su -lc "git clone /var/repos/plomlombot-irc.git" plom +cp "${config_tree_prefix}/other_files/plomlombot_daemon.sh" /home/plom/ +chown plom:plom /home/plom/plomlombot_daemon.sh +if [ "${init_state}" = "new" ]; then + echo 'bot: plomlombog plomlombog #plomlomtest irc.freenode.net foo bar' >> /home/plom/.plomlombot + chown plom:plom /home/plom/.plomlombot +else + cp "${config_tree_prefix}/setup_scripts/mirror_dir.sh" /home/plom/ + su -lc "./mirror_dir.sh ${old_server} /home/plom/plomlombot_db" plom + rm /home/plom/mirror_dir.sh + su -lc "scp plom@${old_server}:.plomlombot ~" plom + # TODO su -lc "ssh plom@${old_server} \"su -lc 'service plomlombot stop'\"" plom +fi +# TODO systemctl enable plomlombot.service +# TODO service plomlombot start + +# Set up guiltcards. +su -lc "git clone /var/repos/guiltcards" plom +cp "${config_tree_prefix}/setup_scripts/mirror_dir.sh" /home/plom/ +su -lc "./mirror_dir.sh ${old_server} /home/plom/guiltcards/decks" plom +rm /home/plom/mirror_dir.sh + +# In the above step, we might have created a root-owned /var/www/html – +# fix this here. +chown -R plom:plom /var/www/html + +# TODO: +# - rename /home/plom/public_repos to /home/plom/repos + +service nginx restart diff --git a/archived/buster/apt-mark/all b/archived/buster/apt-mark/all deleted file mode 100644 index 4b760bc..0000000 --- a/archived/buster/apt-mark/all +++ /dev/null @@ -1,12 +0,0 @@ -# connectivity: ifupdown seems necessary everyhwere, isc-dhcp-client -# unpredictably so -ifupdown -isc-dhcp-client -# git for the setup directory; cloning works with ca-certificates -ca-certificates -git -# to avoid constant warnings about no locale being found -locales -# extremely useful for basic network debugging; missed these more than once in an emergency -netcat -iputils-ping diff --git a/archived/buster/apt-mark/desktop b/archived/buster/apt-mark/desktop deleted file mode 100644 index f537318..0000000 --- a/archived/buster/apt-mark/desktop +++ /dev/null @@ -1,2 +0,0 @@ -# so that grub learns about kernel updates -grub-pc diff --git a/archived/buster/apt-mark/dumpsite b/archived/buster/apt-mark/dumpsite deleted file mode 100644 index a87852a..0000000 --- a/archived/buster/apt-mark/dumpsite +++ /dev/null @@ -1,13 +0,0 @@ -wget -# for blog and zettel -pandoc -# for blog -html2text -uuid-runtime -python3 -# for url_catcher daemon -python3-venv -build-essential -python3-dev -screen -postfix diff --git a/archived/buster/apt-mark/eeepc b/archived/buster/apt-mark/eeepc deleted file mode 100644 index 73a755f..0000000 --- a/archived/buster/apt-mark/eeepc +++ /dev/null @@ -1,3 +0,0 @@ -# for wifi -firmware-ralink -# diff --git a/archived/buster/apt-mark/mail b/archived/buster/apt-mark/mail deleted file mode 100644 index 1ef369d..0000000 --- a/archived/buster/apt-mark/mail +++ /dev/null @@ -1,17 +0,0 @@ -# smtp server -postfix -# opendkim -opendkim -opendkim-tools -# for pingmail -mailutils -# ssl -certbot -# IMAPS -pwgen -dovecot-imapd -# sieve filtering -dovecot-lmtpd -dovecot-sieve -# to funnel mail from additional server -fetchmail diff --git a/archived/buster/apt-mark/old_server b/archived/buster/apt-mark/old_server deleted file mode 100644 index c3d995b..0000000 --- a/archived/buster/apt-mark/old_server +++ /dev/null @@ -1,2 +0,0 @@ -# because it contains ifconfig -net-tools diff --git a/archived/buster/apt-mark/peertube b/archived/buster/apt-mark/peertube deleted file mode 100644 index 5b73bac..0000000 --- a/archived/buster/apt-mark/peertube +++ /dev/null @@ -1,15 +0,0 @@ -ffmpeg -postgresql -postgresql-contrib -openssl -redis-server -python-dev -# only needed for setup -g++ -make -git -curl -unzip -libncurses5 -pwgen -wget diff --git a/archived/buster/apt-mark/play b/archived/buster/apt-mark/play deleted file mode 100644 index 154f7e7..0000000 --- a/archived/buster/apt-mark/play +++ /dev/null @@ -1,4 +0,0 @@ -weechat -screen -gnupg -dirmngr diff --git a/archived/buster/apt-mark/pleroma b/archived/buster/apt-mark/pleroma deleted file mode 100644 index ec7a134..0000000 --- a/archived/buster/apt-mark/pleroma +++ /dev/null @@ -1,5 +0,0 @@ -# Pleroma DB -postgresql -postgresql-contrib -# only needed for setup -pwgen diff --git a/archived/buster/apt-mark/pleroma_otp b/archived/buster/apt-mark/pleroma_otp deleted file mode 100644 index 4805a43..0000000 --- a/archived/buster/apt-mark/pleroma_otp +++ /dev/null @@ -1,4 +0,0 @@ -# only needed for setup -curl -unzip -libncurses5 diff --git a/archived/buster/apt-mark/pleroma_source b/archived/buster/apt-mark/pleroma_source deleted file mode 100644 index 2b1cd35..0000000 --- a/archived/buster/apt-mark/pleroma_source +++ /dev/null @@ -1,4 +0,0 @@ -# only needed for setup -build-essential -wget -gnupg diff --git a/archived/buster/apt-mark/seedbox b/archived/buster/apt-mark/seedbox deleted file mode 100644 index 37b941e..0000000 --- a/archived/buster/apt-mark/seedbox +++ /dev/null @@ -1,8 +0,0 @@ -# needed for rtorrent config setup -curl -# needed for torrenting -rtorrent -# needed for torrenting session -screen -# needed for upload/download -rsync diff --git a/archived/buster/apt-mark/server b/archived/buster/apt-mark/server deleted file mode 100644 index 2ab22d2..0000000 --- a/archived/buster/apt-mark/server +++ /dev/null @@ -1,6 +0,0 @@ -# so we can login at all … -openssh-server -# firewalling -nftables -# We want to be able to use ALL our servers as borg backup destinations. -borgbackup diff --git a/archived/buster/apt-mark/thinkpad b/archived/buster/apt-mark/thinkpad deleted file mode 100644 index 6a780f2..0000000 --- a/archived/buster/apt-mark/thinkpad +++ /dev/null @@ -1,7 +0,0 @@ -# for wifi -firmware-iwlwifi -# for tlp -tlp -tp-smapi-dkms -linux-headers-amd64 -# diff --git a/archived/buster/apt-mark/user b/archived/buster/apt-mark/user deleted file mode 100644 index ece05a4..0000000 --- a/archived/buster/apt-mark/user +++ /dev/null @@ -1,77 +0,0 @@ -# to avoid booting problems with encrypted LVM, see -cryptsetup-initramfs -lvm2 -# this provides setupcon which reads /etc/default/console-setup -console-setup -# without this, systemd-logind won't run, and so not detect lid close for hibernation -dbus -# for wifi -wicd-curses -wicd-gtk -# for X to start at all -xserver-xorg-video-intel -# X input: keyboard and touchpad -xserver-xorg-input-evdev -xserver-xorg-input-synaptics -# for startx -xinit -# for xrdb -x11-xserver-utils -# for startx to run for non-root user -libpam-systemd -# window environment -i3 -i3status -suckless-tools -xterm -# to get sleepy at night -redshift -# for alsamixer -alsa-utils -# for xterm and browser unicode display -ttf-unifont -# also useful -vim -sudo -less -man-db -manpages -procps -# firefox dependencies -libdbus-glib-1-2 -libgtk-3-0 -# firefox installation dependencies (remove later?) -curl -python3 -bzip2 -wget -jq -unzip -# to mount encrypted USB stick and use its contents -pmount -cryptsetup -openssh-client -# for syncing -borgbackup -# emacs -emacs25 -emacs-common-non-dfsg -emacs-el -elpa-ledger -ledger -elpa-elfeed -# mail setup -isync -notmuch -elpa-notmuch -pinentry-gtk2 -# to mount Android phone -go-mtpfs -# to use HP Deskjet F380 scanner from GIMP -sane-utils -libsane-hpaio -xsane -# to use HP Deskjet F380 printer -cups -hplip -# diff --git a/archived/buster/apt-mark/w530 b/archived/buster/apt-mark/w530 deleted file mode 100644 index e69de29..0000000 diff --git a/archived/buster/apt-mark/web b/archived/buster/apt-mark/web deleted file mode 100644 index 4912b8a..0000000 --- a/archived/buster/apt-mark/web +++ /dev/null @@ -1,4 +0,0 @@ -nginx-light -# for SSL -certbot -python3-certbot-nginx diff --git a/archived/buster/apt-mark/website b/archived/buster/apt-mark/website deleted file mode 100644 index c046f50..0000000 --- a/archived/buster/apt-mark/website +++ /dev/null @@ -1,8 +0,0 @@ -# for gitweb -gitweb -fcgiwrap -# for plomlombot -gnupg -dirmngr -python3-venv -screen diff --git a/archived/buster/apt-mark/x200s b/archived/buster/apt-mark/x200s deleted file mode 100644 index e69de29..0000000 diff --git a/archived/buster/etc_files/all/etc/apt/apt.conf.d/99_minimize_dependencies b/archived/buster/etc_files/all/etc/apt/apt.conf.d/99_minimize_dependencies deleted file mode 100644 index 4aaef79..0000000 --- a/archived/buster/etc_files/all/etc/apt/apt.conf.d/99_minimize_dependencies +++ /dev/null @@ -1,4 +0,0 @@ -APT::AutoRemove::RecommendsImportant "false"; -APT::AutoRemove::SuggestsImportant "false"; -APT::Install-Recommends "false"; -APT::Install-Suggests "false"; diff --git a/archived/buster/etc_files/all/etc/apt/sources.list b/archived/buster/etc_files/all/etc/apt/sources.list deleted file mode 100644 index 349e8a6..0000000 --- a/archived/buster/etc_files/all/etc/apt/sources.list +++ /dev/null @@ -1,4 +0,0 @@ -deb http://deb.debian.org/debian buster main contrib non-free -deb http://deb.debian.org/debian-security/ buster/updates main contrib non-free -deb http://deb.debian.org/debian buster-updates main contrib non-free -deb http://ftp.debian.org/debian buster-backports main contrib non-free diff --git a/archived/buster/etc_files/all/etc/default/locale b/archived/buster/etc_files/all/etc/default/locale deleted file mode 100644 index dd6eee3..0000000 --- a/archived/buster/etc_files/all/etc/default/locale +++ /dev/null @@ -1 +0,0 @@ -LANG="en_US.UTF-8" diff --git a/archived/buster/etc_files/all/etc/locale.gen b/archived/buster/etc_files/all/etc/locale.gen deleted file mode 100644 index a28cfa4..0000000 --- a/archived/buster/etc_files/all/etc/locale.gen +++ /dev/null @@ -1,483 +0,0 @@ -# This file lists locales that you wish to have built. You can find a list -# of valid supported locales at /usr/share/i18n/SUPPORTED, and you can add -# user defined locales to /usr/local/share/i18n/SUPPORTED. If you change -# this file, you need to rerun locale-gen. - - -# aa_DJ ISO-8859-1 -# aa_DJ.UTF-8 UTF-8 -# aa_ER UTF-8 -# aa_ER@saaho UTF-8 -# aa_ET UTF-8 -# af_ZA ISO-8859-1 -# af_ZA.UTF-8 UTF-8 -# ak_GH UTF-8 -# am_ET UTF-8 -# an_ES ISO-8859-15 -# an_ES.UTF-8 UTF-8 -# anp_IN UTF-8 -# ar_AE ISO-8859-6 -# ar_AE.UTF-8 UTF-8 -# ar_BH ISO-8859-6 -# ar_BH.UTF-8 UTF-8 -# ar_DZ ISO-8859-6 -# ar_DZ.UTF-8 UTF-8 -# ar_EG ISO-8859-6 -# ar_EG.UTF-8 UTF-8 -# ar_IN UTF-8 -# ar_IQ ISO-8859-6 -# ar_IQ.UTF-8 UTF-8 -# ar_JO ISO-8859-6 -# ar_JO.UTF-8 UTF-8 -# ar_KW ISO-8859-6 -# ar_KW.UTF-8 UTF-8 -# ar_LB ISO-8859-6 -# ar_LB.UTF-8 UTF-8 -# ar_LY ISO-8859-6 -# ar_LY.UTF-8 UTF-8 -# ar_MA ISO-8859-6 -# ar_MA.UTF-8 UTF-8 -# ar_OM ISO-8859-6 -# ar_OM.UTF-8 UTF-8 -# ar_QA ISO-8859-6 -# ar_QA.UTF-8 UTF-8 -# ar_SA ISO-8859-6 -# ar_SA.UTF-8 UTF-8 -# ar_SD ISO-8859-6 -# ar_SD.UTF-8 UTF-8 -# ar_SS UTF-8 -# ar_SY ISO-8859-6 -# ar_SY.UTF-8 UTF-8 -# ar_TN ISO-8859-6 -# ar_TN.UTF-8 UTF-8 -# ar_YE ISO-8859-6 -# ar_YE.UTF-8 UTF-8 -# as_IN UTF-8 -# ast_ES ISO-8859-15 -# ast_ES.UTF-8 UTF-8 -# ayc_PE UTF-8 -# az_AZ UTF-8 -# be_BY CP1251 -# be_BY.UTF-8 UTF-8 -# be_BY@latin UTF-8 -# bem_ZM UTF-8 -# ber_DZ UTF-8 -# ber_MA UTF-8 -# bg_BG CP1251 -# bg_BG.UTF-8 UTF-8 -# bhb_IN.UTF-8 UTF-8 -# bho_IN UTF-8 -# bn_BD UTF-8 -# bn_IN UTF-8 -# bo_CN UTF-8 -# bo_IN UTF-8 -# br_FR ISO-8859-1 -# br_FR.UTF-8 UTF-8 -# br_FR@euro ISO-8859-15 -# brx_IN UTF-8 -# bs_BA ISO-8859-2 -# bs_BA.UTF-8 UTF-8 -# byn_ER UTF-8 -# ca_AD ISO-8859-15 -# ca_AD.UTF-8 UTF-8 -# ca_ES ISO-8859-1 -# ca_ES.UTF-8 UTF-8 -# ca_ES.UTF-8@valencia UTF-8 -# ca_ES@euro ISO-8859-15 -# ca_ES@valencia ISO-8859-15 -# ca_FR ISO-8859-15 -# ca_FR.UTF-8 UTF-8 -# ca_IT ISO-8859-15 -# ca_IT.UTF-8 UTF-8 -# ce_RU UTF-8 -# chr_US UTF-8 -# cmn_TW UTF-8 -# crh_UA UTF-8 -# cs_CZ ISO-8859-2 -# cs_CZ.UTF-8 UTF-8 -# csb_PL UTF-8 -# cv_RU UTF-8 -# cy_GB ISO-8859-14 -# cy_GB.UTF-8 UTF-8 -# da_DK ISO-8859-1 -# da_DK.UTF-8 UTF-8 -# de_AT ISO-8859-1 -# de_AT.UTF-8 UTF-8 -# de_AT@euro ISO-8859-15 -# de_BE ISO-8859-1 -# de_BE.UTF-8 UTF-8 -# de_BE@euro ISO-8859-15 -# de_CH ISO-8859-1 -# de_CH.UTF-8 UTF-8 -# de_DE ISO-8859-1 -# de_DE.UTF-8 UTF-8 -# de_DE@euro ISO-8859-15 -# de_IT ISO-8859-1 -# de_IT.UTF-8 UTF-8 -# de_LI.UTF-8 UTF-8 -# de_LU ISO-8859-1 -# de_LU.UTF-8 UTF-8 -# de_LU@euro ISO-8859-15 -# doi_IN UTF-8 -# dv_MV UTF-8 -# dz_BT UTF-8 -# el_CY ISO-8859-7 -# el_CY.UTF-8 UTF-8 -# el_GR ISO-8859-7 -# el_GR.UTF-8 UTF-8 -# en_AG UTF-8 -# en_AU ISO-8859-1 -# en_AU.UTF-8 UTF-8 -# en_BW ISO-8859-1 -# en_BW.UTF-8 UTF-8 -# en_CA ISO-8859-1 -# en_CA.UTF-8 UTF-8 -# en_DK ISO-8859-1 -# en_DK.ISO-8859-15 ISO-8859-15 -# en_DK.UTF-8 UTF-8 -# en_GB ISO-8859-1 -# en_GB.ISO-8859-15 ISO-8859-15 -# en_GB.UTF-8 UTF-8 -# en_HK ISO-8859-1 -# en_HK.UTF-8 UTF-8 -# en_IE ISO-8859-1 -# en_IE.UTF-8 UTF-8 -# en_IE@euro ISO-8859-15 -# en_IL UTF-8 -# en_IN UTF-8 -# en_NG UTF-8 -# en_NZ ISO-8859-1 -# en_NZ.UTF-8 UTF-8 -# en_PH ISO-8859-1 -# en_PH.UTF-8 UTF-8 -# en_SG ISO-8859-1 -# en_SG.UTF-8 UTF-8 -# en_US ISO-8859-1 -# en_US.ISO-8859-15 ISO-8859-15 -en_US.UTF-8 UTF-8 -# en_ZA ISO-8859-1 -# en_ZA.UTF-8 UTF-8 -# en_ZM UTF-8 -# en_ZW ISO-8859-1 -# en_ZW.UTF-8 UTF-8 -# eo UTF-8 -# es_AR ISO-8859-1 -# es_AR.UTF-8 UTF-8 -# es_BO ISO-8859-1 -# es_BO.UTF-8 UTF-8 -# es_CL ISO-8859-1 -# es_CL.UTF-8 UTF-8 -# es_CO ISO-8859-1 -# es_CO.UTF-8 UTF-8 -# es_CR ISO-8859-1 -# es_CR.UTF-8 UTF-8 -# es_CU UTF-8 -# es_DO ISO-8859-1 -# es_DO.UTF-8 UTF-8 -# es_EC ISO-8859-1 -# es_EC.UTF-8 UTF-8 -# es_ES ISO-8859-1 -# es_ES.UTF-8 UTF-8 -# es_ES@euro ISO-8859-15 -# es_GT ISO-8859-1 -# es_GT.UTF-8 UTF-8 -# es_HN ISO-8859-1 -# es_HN.UTF-8 UTF-8 -# es_MX ISO-8859-1 -# es_MX.UTF-8 UTF-8 -# es_NI ISO-8859-1 -# es_NI.UTF-8 UTF-8 -# es_PA ISO-8859-1 -# es_PA.UTF-8 UTF-8 -# es_PE ISO-8859-1 -# es_PE.UTF-8 UTF-8 -# es_PR ISO-8859-1 -# es_PR.UTF-8 UTF-8 -# es_PY ISO-8859-1 -# es_PY.UTF-8 UTF-8 -# es_SV ISO-8859-1 -# es_SV.UTF-8 UTF-8 -# es_US ISO-8859-1 -# es_US.UTF-8 UTF-8 -# es_UY ISO-8859-1 -# es_UY.UTF-8 UTF-8 -# es_VE ISO-8859-1 -# es_VE.UTF-8 UTF-8 -# et_EE ISO-8859-1 -# et_EE.ISO-8859-15 ISO-8859-15 -# et_EE.UTF-8 UTF-8 -# eu_ES ISO-8859-1 -# eu_ES.UTF-8 UTF-8 -# eu_ES@euro ISO-8859-15 -# eu_FR ISO-8859-1 -# eu_FR.UTF-8 UTF-8 -# eu_FR@euro ISO-8859-15 -# fa_IR UTF-8 -# ff_SN UTF-8 -# fi_FI ISO-8859-1 -# fi_FI.UTF-8 UTF-8 -# fi_FI@euro ISO-8859-15 -# fil_PH UTF-8 -# fo_FO ISO-8859-1 -# fo_FO.UTF-8 UTF-8 -# fr_BE ISO-8859-1 -# fr_BE.UTF-8 UTF-8 -# fr_BE@euro ISO-8859-15 -# fr_CA ISO-8859-1 -# fr_CA.UTF-8 UTF-8 -# fr_CH ISO-8859-1 -# fr_CH.UTF-8 UTF-8 -# fr_FR ISO-8859-1 -# fr_FR.UTF-8 UTF-8 -# fr_FR@euro ISO-8859-15 -# fr_LU ISO-8859-1 -# fr_LU.UTF-8 UTF-8 -# fr_LU@euro ISO-8859-15 -# fur_IT UTF-8 -# fy_DE UTF-8 -# fy_NL UTF-8 -# ga_IE ISO-8859-1 -# ga_IE.UTF-8 UTF-8 -# ga_IE@euro ISO-8859-15 -# gd_GB ISO-8859-15 -# gd_GB.UTF-8 UTF-8 -# gez_ER UTF-8 -# gez_ER@abegede UTF-8 -# gez_ET UTF-8 -# gez_ET@abegede UTF-8 -# gl_ES ISO-8859-1 -# gl_ES.UTF-8 UTF-8 -# gl_ES@euro ISO-8859-15 -# gu_IN UTF-8 -# gv_GB ISO-8859-1 -# gv_GB.UTF-8 UTF-8 -# ha_NG UTF-8 -# hak_TW UTF-8 -# he_IL ISO-8859-8 -# he_IL.UTF-8 UTF-8 -# hi_IN UTF-8 -# hne_IN UTF-8 -# hr_HR ISO-8859-2 -# hr_HR.UTF-8 UTF-8 -# hsb_DE ISO-8859-2 -# hsb_DE.UTF-8 UTF-8 -# ht_HT UTF-8 -# hu_HU ISO-8859-2 -# hu_HU.UTF-8 UTF-8 -# hy_AM UTF-8 -# hy_AM.ARMSCII-8 ARMSCII-8 -# ia_FR UTF-8 -# id_ID ISO-8859-1 -# id_ID.UTF-8 UTF-8 -# ig_NG UTF-8 -# ik_CA UTF-8 -# is_IS ISO-8859-1 -# is_IS.UTF-8 UTF-8 -# it_CH ISO-8859-1 -# it_CH.UTF-8 UTF-8 -# it_IT ISO-8859-1 -# it_IT.UTF-8 UTF-8 -# it_IT@euro ISO-8859-15 -# iu_CA UTF-8 -# ja_JP.EUC-JP EUC-JP -# ja_JP.UTF-8 UTF-8 -# ka_GE GEORGIAN-PS -# ka_GE.UTF-8 UTF-8 -# kk_KZ PT154 -# kk_KZ.RK1048 RK1048 -# kk_KZ.UTF-8 UTF-8 -# kl_GL ISO-8859-1 -# kl_GL.UTF-8 UTF-8 -# km_KH UTF-8 -# kn_IN UTF-8 -# ko_KR.EUC-KR EUC-KR -# ko_KR.UTF-8 UTF-8 -# kok_IN UTF-8 -# ks_IN UTF-8 -# ks_IN@devanagari UTF-8 -# ku_TR ISO-8859-9 -# ku_TR.UTF-8 UTF-8 -# kw_GB ISO-8859-1 -# kw_GB.UTF-8 UTF-8 -# ky_KG UTF-8 -# lb_LU UTF-8 -# lg_UG ISO-8859-10 -# lg_UG.UTF-8 UTF-8 -# li_BE UTF-8 -# li_NL UTF-8 -# lij_IT UTF-8 -# ln_CD UTF-8 -# lo_LA UTF-8 -# lt_LT ISO-8859-13 -# lt_LT.UTF-8 UTF-8 -# lv_LV ISO-8859-13 -# lv_LV.UTF-8 UTF-8 -# lzh_TW UTF-8 -# mag_IN UTF-8 -# mai_IN UTF-8 -# mg_MG ISO-8859-15 -# mg_MG.UTF-8 UTF-8 -# mhr_RU UTF-8 -# mi_NZ ISO-8859-13 -# mi_NZ.UTF-8 UTF-8 -# mk_MK ISO-8859-5 -# mk_MK.UTF-8 UTF-8 -# ml_IN UTF-8 -# mn_MN UTF-8 -# mni_IN UTF-8 -# mr_IN UTF-8 -# ms_MY ISO-8859-1 -# ms_MY.UTF-8 UTF-8 -# mt_MT ISO-8859-3 -# mt_MT.UTF-8 UTF-8 -# my_MM UTF-8 -# nan_TW UTF-8 -# nan_TW@latin UTF-8 -# nb_NO ISO-8859-1 -# nb_NO.UTF-8 UTF-8 -# nds_DE UTF-8 -# nds_NL UTF-8 -# ne_NP UTF-8 -# nhn_MX UTF-8 -# niu_NU UTF-8 -# niu_NZ UTF-8 -# nl_AW UTF-8 -# nl_BE ISO-8859-1 -# nl_BE.UTF-8 UTF-8 -# nl_BE@euro ISO-8859-15 -# nl_NL ISO-8859-1 -# nl_NL.UTF-8 UTF-8 -# nl_NL@euro ISO-8859-15 -# nn_NO ISO-8859-1 -# nn_NO.UTF-8 UTF-8 -# nr_ZA UTF-8 -# nso_ZA UTF-8 -# oc_FR ISO-8859-1 -# oc_FR.UTF-8 UTF-8 -# om_ET UTF-8 -# om_KE ISO-8859-1 -# om_KE.UTF-8 UTF-8 -# or_IN UTF-8 -# os_RU UTF-8 -# pa_IN UTF-8 -# pa_PK UTF-8 -# pap_AW UTF-8 -# pap_CW UTF-8 -# pl_PL ISO-8859-2 -# pl_PL.UTF-8 UTF-8 -# ps_AF UTF-8 -# pt_BR ISO-8859-1 -# pt_BR.UTF-8 UTF-8 -# pt_PT ISO-8859-1 -# pt_PT.UTF-8 UTF-8 -# pt_PT@euro ISO-8859-15 -# quz_PE UTF-8 -# raj_IN UTF-8 -# ro_RO ISO-8859-2 -# ro_RO.UTF-8 UTF-8 -# ru_RU ISO-8859-5 -# ru_RU.CP1251 CP1251 -# ru_RU.KOI8-R KOI8-R -# ru_RU.UTF-8 UTF-8 -# ru_UA KOI8-U -# ru_UA.UTF-8 UTF-8 -# rw_RW UTF-8 -# sa_IN UTF-8 -# sat_IN UTF-8 -# sc_IT UTF-8 -# sd_IN UTF-8 -# sd_IN@devanagari UTF-8 -# se_NO UTF-8 -# sgs_LT UTF-8 -# shs_CA UTF-8 -# si_LK UTF-8 -# sid_ET UTF-8 -# sk_SK ISO-8859-2 -# sk_SK.UTF-8 UTF-8 -# sl_SI ISO-8859-2 -# sl_SI.UTF-8 UTF-8 -# so_DJ ISO-8859-1 -# so_DJ.UTF-8 UTF-8 -# so_ET UTF-8 -# so_KE ISO-8859-1 -# so_KE.UTF-8 UTF-8 -# so_SO ISO-8859-1 -# so_SO.UTF-8 UTF-8 -# sq_AL ISO-8859-1 -# sq_AL.UTF-8 UTF-8 -# sq_MK UTF-8 -# sr_ME UTF-8 -# sr_RS UTF-8 -# sr_RS@latin UTF-8 -# ss_ZA UTF-8 -# st_ZA ISO-8859-1 -# st_ZA.UTF-8 UTF-8 -# sv_FI ISO-8859-1 -# sv_FI.UTF-8 UTF-8 -# sv_FI@euro ISO-8859-15 -# sv_SE ISO-8859-1 -# sv_SE.ISO-8859-15 ISO-8859-15 -# sv_SE.UTF-8 UTF-8 -# sw_KE UTF-8 -# sw_TZ UTF-8 -# szl_PL UTF-8 -# ta_IN UTF-8 -# ta_LK UTF-8 -# tcy_IN.UTF-8 UTF-8 -# te_IN UTF-8 -# tg_TJ KOI8-T -# tg_TJ.UTF-8 UTF-8 -# th_TH TIS-620 -# th_TH.UTF-8 UTF-8 -# the_NP UTF-8 -# ti_ER UTF-8 -# ti_ET UTF-8 -# tig_ER UTF-8 -# tk_TM UTF-8 -# tl_PH ISO-8859-1 -# tl_PH.UTF-8 UTF-8 -# tn_ZA UTF-8 -# tr_CY ISO-8859-9 -# tr_CY.UTF-8 UTF-8 -# tr_TR ISO-8859-9 -# tr_TR.UTF-8 UTF-8 -# ts_ZA UTF-8 -# tt_RU UTF-8 -# tt_RU@iqtelif UTF-8 -# ug_CN UTF-8 -# uk_UA KOI8-U -# uk_UA.UTF-8 UTF-8 -# unm_US UTF-8 -# ur_IN UTF-8 -# ur_PK UTF-8 -# uz_UZ ISO-8859-1 -# uz_UZ.UTF-8 UTF-8 -# uz_UZ@cyrillic UTF-8 -# ve_ZA UTF-8 -# vi_VN UTF-8 -# wa_BE ISO-8859-1 -# wa_BE.UTF-8 UTF-8 -# wa_BE@euro ISO-8859-15 -# wae_CH UTF-8 -# wal_ET UTF-8 -# wo_SN UTF-8 -# xh_ZA ISO-8859-1 -# xh_ZA.UTF-8 UTF-8 -# yi_US CP1255 -# yi_US.UTF-8 UTF-8 -# yo_NG UTF-8 -# yue_HK UTF-8 -# zh_CN GB2312 -# zh_CN.GB18030 GB18030 -# zh_CN.GBK GBK -# zh_CN.UTF-8 UTF-8 -# zh_HK BIG5-HKSCS -# zh_HK.UTF-8 UTF-8 -# zh_SG GB2312 -# zh_SG.GBK GBK -# zh_SG.UTF-8 UTF-8 -# zh_TW BIG5 -# zh_TW.EUC-TW EUC-TW -# zh_TW.UTF-8 UTF-8 -# zu_ZA ISO-8859-1 -# zu_ZA.UTF-8 UTF-8 diff --git a/archived/buster/etc_files/all/etc/timezone b/archived/buster/etc_files/all/etc/timezone deleted file mode 100644 index 94d5acc..0000000 --- a/archived/buster/etc_files/all/etc/timezone +++ /dev/null @@ -1 +0,0 @@ -Europe/Berlin diff --git a/archived/buster/etc_files/dumpsite/etc/nginx/sites-available/dumpsite.nginx b/archived/buster/etc_files/dumpsite/etc/nginx/sites-available/dumpsite.nginx deleted file mode 100644 index 25c2d62..0000000 --- a/archived/buster/etc_files/dumpsite/etc/nginx/sites-available/dumpsite.nginx +++ /dev/null @@ -1,28 +0,0 @@ -server { - listen 443 ssl; - server_name REPLACE_fqdn_ECALPER; - ssl_certificate /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/privkey.pem; - root /var/www-dump/; - - location /dump/ { - autoindex on; - } - - location /geheim/ { - auth_basic "geheim geheim"; - auth_basic_user_file /var/www-dump/password_geheim; - autoindex on; - } - - location /zettel/ { - # rewrite non-suffixed filenames to .html ones - rewrite ^(/zettel/(.*/)*[^./]+)$ $1.html; - autoindex on; - } - - location /uwsgi/ { - include uwsgi_params; - uwsgi_pass 127.0.0.1:3031; - } -} diff --git a/archived/buster/etc_files/dumpsite/etc/systemd/system/url_catcher.service b/archived/buster/etc_files/dumpsite/etc/systemd/system/url_catcher.service deleted file mode 100644 index 45d079c..0000000 --- a/archived/buster/etc_files/dumpsite/etc/systemd/system/url_catcher.service +++ /dev/null @@ -1,12 +0,0 @@ -[Unit] -Description=url_catcher screen - -[Service] -Type=forking -User=plom -# The LC_ALL fixes submission failing on some articles. -ExecStart=/bin/sh -c 'LC_ALL=en_US.UTF8 cd ~/url-catcher && screen -d -m ./run.sh' -Restart=always - -[Install] -WantedBy=multi-user.target diff --git a/archived/buster/etc_files/eeepc/etc/systemd/logind.conf b/archived/buster/etc_files/eeepc/etc/systemd/logind.conf deleted file mode 100644 index 6a61f0b..0000000 --- a/archived/buster/etc_files/eeepc/etc/systemd/logind.conf +++ /dev/null @@ -1,8 +0,0 @@ -# This file is part of systemd. -# -# See logind.conf(5) for details. - -[Login] -# Note that with the standard Buster kernel this won't work due to -# . -HandleLidSwitch=hibernate diff --git a/archived/buster/etc_files/mail/etc/aliases b/archived/buster/etc_files/mail/etc/aliases deleted file mode 100644 index 5c52e6f..0000000 --- a/archived/buster/etc_files/mail/etc/aliases +++ /dev/null @@ -1,24 +0,0 @@ -# /etc/aliases -# maps whom what is sent to - -# As per RFC 2142. -mailer-daemon: plom -postmaster: plom -hostmaster: plom -usenet: plom -news: plom -webmaster: plom -www: plom -ftp: plom -abuse: plom -noc: plom -security: plom -root: plom - -# Personal aliases. -plomlompom: plom -christian.heller: plom -christian_heller: plom -christianheller: plom -c.heller: plom -heller: plom diff --git a/archived/buster/etc_files/mail/etc/dovecot/conf.d/99-lmtp-sieve-filtering.conf b/archived/buster/etc_files/mail/etc/dovecot/conf.d/99-lmtp-sieve-filtering.conf deleted file mode 100644 index eaf927b..0000000 --- a/archived/buster/etc_files/mail/etc/dovecot/conf.d/99-lmtp-sieve-filtering.conf +++ /dev/null @@ -1,18 +0,0 @@ -# This is only necessary when we use dovecot's LMTP mechanism to receive -# mail from postfix. -auth_username_format = %Ln - -# Add sieve filtering. -protocol lmtp { - mail_plugins = $mail_plugins sieve -} - -# We don't strictly need to provide a LMTP server to fetch mail from -# postfix, but we do if we want to do sophisticated stuff like sieve -# filtering on the way. -service lmtp { - inet_listener lmtp { - address = 127.0.0.1 - port = 2424 - } -} diff --git a/archived/buster/etc_files/mail/etc/dovecot/conf.d/99-smtp-sasl.conf b/archived/buster/etc_files/mail/etc/dovecot/conf.d/99-smtp-sasl.conf deleted file mode 100644 index d076d63..0000000 --- a/archived/buster/etc_files/mail/etc/dovecot/conf.d/99-smtp-sasl.conf +++ /dev/null @@ -1,10 +0,0 @@ -service auth { - unix_listener auth-userdb { - } - - unix_listener /var/spool/postfix/private/auth { - mode = 0660 - user = postfix - group = postfix - } -} diff --git a/archived/buster/etc_files/mail/etc/mailutils.conf b/archived/buster/etc_files/mail/etc/mailutils.conf deleted file mode 100644 index 44efe26..0000000 --- a/archived/buster/etc_files/mail/etc/mailutils.conf +++ /dev/null @@ -1,4 +0,0 @@ -# mailutils by default uses the FQDN as the mail domain name, fix this -address { - email-domain REPLACE_maildomain_ECALPER; -}; diff --git a/archived/buster/etc_files/mail/etc/nftables.conf b/archived/buster/etc_files/mail/etc/nftables.conf deleted file mode 100755 index 747d214..0000000 --- a/archived/buster/etc_files/mail/etc/nftables.conf +++ /dev/null @@ -1,24 +0,0 @@ -#!/usr/sbin/nft -f - -flush ruleset - -table inet filter { - chain input { - type filter hook input priority 0; policy drop; - iif lo accept comment "accept localhost traffic" - ct state invalid drop comment "drop invalid connections" - ct state established, related accept comment "accept traffic originated from us" - tcp dport 22 accept comment "accept SSH on default port" - tcp dport 25 accept comment "accept SMTP (allowing for STARTTLS); necessary for mail server to mail server banter, i.e. for receiving mails" - tcp dport 80 accept comment "accept HTTP; necessary for Certbot HTTP challenge" - tcp dport 465 accept comment "accept SMTPS; for mail user agent to mail server, i.e. for sending mails" - tcp dport 993 accept comment "accept IMAPS; for reading/downloading mails" - ip protocol icmp icmp type echo-request accept comment "accept ICMP for pinging" - } - chain forward { - type filter hook forward priority 0; policy drop; - } - chain output { - type filter hook output priority 0; policy accept; - } -} diff --git a/archived/buster/etc_files/mail/etc/systemd/system/fetchmail_old_account.service b/archived/buster/etc_files/mail/etc/systemd/system/fetchmail_old_account.service deleted file mode 100644 index dc8acb4..0000000 --- a/archived/buster/etc_files/mail/etc/systemd/system/fetchmail_old_account.service +++ /dev/null @@ -1,8 +0,0 @@ -[Unit] -Description=Run plom's fetchmail - -[Service] -Type=oneshot -User=plom -# fetchmail returns 1 when no new mail, we want to catch that -ExecStart=/bin/sh -c 'fetchmail || [ $? -eq 1 ]' diff --git a/archived/buster/etc_files/mail/etc/systemd/system/fetchmail_old_account.timer b/archived/buster/etc_files/mail/etc/systemd/system/fetchmail_old_account.timer deleted file mode 100644 index 0568eeb..0000000 --- a/archived/buster/etc_files/mail/etc/systemd/system/fetchmail_old_account.timer +++ /dev/null @@ -1,8 +0,0 @@ -[Unit] -Description=Run fetchmail once every minute - -[Timer] -OnCalendar=minutely - -[Install] -WantedBy=timers.target diff --git a/archived/buster/etc_files/mail/etc/systemd/system/pingmail.service b/archived/buster/etc_files/mail/etc/systemd/system/pingmail.service deleted file mode 100644 index e332114..0000000 --- a/archived/buster/etc_files/mail/etc/systemd/system/pingmail.service +++ /dev/null @@ -1,7 +0,0 @@ -[Unit] -Description=Run pingmail check - -[Service] -Type=oneshot -User=plom -ExecStart=/bin/sh -c '~/pingmail/pingmail check' diff --git a/archived/buster/etc_files/mail/etc/systemd/system/pingmail.timer b/archived/buster/etc_files/mail/etc/systemd/system/pingmail.timer deleted file mode 100644 index dba0c9f..0000000 --- a/archived/buster/etc_files/mail/etc/systemd/system/pingmail.timer +++ /dev/null @@ -1,8 +0,0 @@ -[Unit] -Description=Run pingmail check once every hour - -[Timer] -OnCalendar=*-*-* *:00:00 - -[Install] -WantedBy=timers.target diff --git a/archived/buster/etc_files/old_server/etc/apt/sources.list b/archived/buster/etc_files/old_server/etc/apt/sources.list deleted file mode 100644 index a1fbdb0..0000000 --- a/archived/buster/etc_files/old_server/etc/apt/sources.list +++ /dev/null @@ -1,4 +0,0 @@ -deb http://deb.debian.org/debian stretch main contrib non-free -deb http://deb.debian.org/debian-security/ stretch/updates main contrib non-free -deb http://deb.debian.org/debian stretch-updates main contrib non-free -deb http://ftp.debian.org/debian stretch-backports main contrib non-free diff --git a/archived/buster/etc_files/play/etc/systemd/system/encrypt_chatlogs.service b/archived/buster/etc_files/play/etc/systemd/system/encrypt_chatlogs.service deleted file mode 100644 index bc81613..0000000 --- a/archived/buster/etc_files/play/etc/systemd/system/encrypt_chatlogs.service +++ /dev/null @@ -1,6 +0,0 @@ -[Unit] -Description=Attempt encryption of old chat logs -[Service] -Type=oneshot -User=plom -ExecStart=/bin/sh -c '~/weechatlogs_encrypter.sh' diff --git a/archived/buster/etc_files/play/etc/systemd/system/encrypt_chatlogs.timer b/archived/buster/etc_files/play/etc/systemd/system/encrypt_chatlogs.timer deleted file mode 100644 index 79a6e1e..0000000 --- a/archived/buster/etc_files/play/etc/systemd/system/encrypt_chatlogs.timer +++ /dev/null @@ -1,8 +0,0 @@ -[Unit] -Description=Attempt encryption of old chatlogs once every minute. - -[Timer] -OnCalendar=*-*-* *:*:00 - -[Install] -WantedBy=timers.target \ No newline at end of file diff --git a/archived/buster/etc_files/pleroma/var/lib/pleroma/static/instance/panel.html b/archived/buster/etc_files/pleroma/var/lib/pleroma/static/instance/panel.html deleted file mode 100644 index 8e2e67f..0000000 --- a/archived/buster/etc_files/pleroma/var/lib/pleroma/static/instance/panel.html +++ /dev/null @@ -1,4 +0,0 @@ -
-

Privacy: Visitor IP addresses are anonymized in the logs.

-

Contact: See plomlompom.com contact page.

-
diff --git a/archived/buster/etc_files/pleroma/var/lib/pleroma/static/robots.txt b/archived/buster/etc_files/pleroma/var/lib/pleroma/static/robots.txt deleted file mode 100644 index eb05362..0000000 --- a/archived/buster/etc_files/pleroma/var/lib/pleroma/static/robots.txt +++ /dev/null @@ -1,2 +0,0 @@ -User-agent: * -Disallow: diff --git a/archived/buster/etc_files/pleroma/var/lib/pleroma/static/static/terms-of-service.html b/archived/buster/etc_files/pleroma/var/lib/pleroma/static/static/terms-of-service.html deleted file mode 100644 index 7268bac..0000000 --- a/archived/buster/etc_files/pleroma/var/lib/pleroma/static/static/terms-of-service.html +++ /dev/null @@ -1 +0,0 @@ -This is plomlompom's personal single-user Pleroma instance. diff --git a/archived/buster/etc_files/server/etc/nftables.conf b/archived/buster/etc_files/server/etc/nftables.conf deleted file mode 100755 index efbc182..0000000 --- a/archived/buster/etc_files/server/etc/nftables.conf +++ /dev/null @@ -1,20 +0,0 @@ -#!/usr/sbin/nft -f - -flush ruleset - -table inet filter { - chain input { - type filter hook input priority 0; policy drop; - iif lo accept comment "accept localhost traffic" - ct state invalid drop comment "drop invalid connections" - ct state established, related accept comment "accept traffic originated from us" - tcp dport 22 accept comment "accept SSH on default port" - ip protocol icmp icmp type echo-request accept comment "accept ICMP for pinging" - } - chain forward { - type filter hook forward priority 0; policy drop; - } - chain output { - type filter hook output priority 0; policy accept; - } -} diff --git a/archived/buster/etc_files/server/etc/ssh/sshd_config b/archived/buster/etc_files/server/etc/ssh/sshd_config deleted file mode 100644 index 857962b..0000000 --- a/archived/buster/etc_files/server/etc/ssh/sshd_config +++ /dev/null @@ -1,124 +0,0 @@ -# $OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $ - -# This is the sshd server system-wide configuration file. See -# sshd_config(5) for more information. - -# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin - -# The strategy used for options in the default sshd_config shipped with -# OpenSSH is to specify options with their default value where -# possible, but leave them commented. Uncommented options override the -# default value. - -Port 22 -#AddressFamily any -#ListenAddress 0.0.0.0 -#ListenAddress :: - -#HostKey /etc/ssh/ssh_host_rsa_key -#HostKey /etc/ssh/ssh_host_ecdsa_key -#HostKey /etc/ssh/ssh_host_ed25519_key - -# Ciphers and keying -#RekeyLimit default none - -# Logging -#SyslogFacility AUTH -#LogLevel INFO - -# Authentication: - -#LoginGraceTime 2m -PermitRootLogin no # plomlompom's security rule -#StrictModes yes -#MaxAuthTries 6 -#MaxSessions 10 - -#PubkeyAuthentication yes - -# Expect .ssh/authorized_keys2 to be disregarded by default in future. -#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2 - -#AuthorizedPrincipalsFile none - -#AuthorizedKeysCommand none -#AuthorizedKeysCommandUser nobody - -# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts -#HostbasedAuthentication no -# Change to yes if you don't trust ~/.ssh/known_hosts for -# HostbasedAuthentication -#IgnoreUserKnownHosts no -# Don't read the user's ~/.rhosts and ~/.shosts files -#IgnoreRhosts yes - -# To disable tunneled clear text passwords, change to no here! -#PasswordAuthentication yes -#PermitEmptyPasswords no - -# Change to yes to enable challenge-response passwords (beware issues with -# some PAM modules and threads) -ChallengeResponseAuthentication no - -# Kerberos options -#KerberosAuthentication no -#KerberosOrLocalPasswd yes -#KerberosTicketCleanup yes -#KerberosGetAFSToken no - -# GSSAPI options -#GSSAPIAuthentication no -#GSSAPICleanupCredentials yes -#GSSAPIStrictAcceptorCheck yes -#GSSAPIKeyExchange no - -# Set this to 'yes' to enable PAM authentication, account processing, -# and session processing. If this is enabled, PAM authentication will -# be allowed through the ChallengeResponseAuthentication and -# PasswordAuthentication. Depending on your PAM configuration, -# PAM authentication via ChallengeResponseAuthentication may bypass -# the setting of "PermitRootLogin yes -# If you just want the PAM account and session checks to run without -# PAM authentication, then enable this but set PasswordAuthentication -# and ChallengeResponseAuthentication to 'no'. -UsePAM yes - -#AllowAgentForwarding yes -#AllowTcpForwarding yes -#GatewayPorts no -X11Forwarding yes -#X11DisplayOffset 10 -#X11UseLocalhost yes -#PermitTTY yes -PrintMotd no -#PrintLastLog yes -#TCPKeepAlive yes -#PermitUserEnvironment no -#Compression delayed -#ClientAliveInterval 0 -#ClientAliveCountMax 3 -#UseDNS no -#PidFile /var/run/sshd.pid -#MaxStartups 10:30:100 -#PermitTunnel no -#ChrootDirectory none -#VersionAddendum none - -# no default banner path -#Banner none - -# Allow client to pass locale environment variables -AcceptEnv LANG LC_* - -# override default of no subsystems -Subsystem sftp /usr/lib/openssh/sftp-server - -# Example of overriding settings on a per-user basis -#Match User anoncvs -# X11Forwarding no -# AllowTcpForwarding no -# PermitTTY no -# ForceCommand cvs server - -ClientAliveInterval 120 -PasswordAuthentication no # plomlompom's security rule diff --git a/archived/buster/etc_files/thinkpad/etc/default/tlp b/archived/buster/etc_files/thinkpad/etc/default/tlp deleted file mode 100644 index b73846b..0000000 --- a/archived/buster/etc_files/thinkpad/etc/default/tlp +++ /dev/null @@ -1,306 +0,0 @@ -# ------------------------------------------------------------------------------ -# tlp - Parameters for power saving -# See full explanation: http://linrunner.de/en/tlp/docs/tlp-configuration.html - -# Hint: some features are disabled by default, remove the leading # to enable -# them. - -# Set to 0 to disable, 1 to enable TLP. -TLP_ENABLE=1 - -# Operation mode when no power supply can be detected: AC, BAT. -# Concerns some desktop and embedded hardware only. -TLP_DEFAULT_MODE=AC - -# Operation mode select: 0=depend on power source, 1=always use TLP_DEFAULT_MODE -# Hint: use in conjunction with TLP_DEFAULT_MODE=BAT for BAT settings on AC. -TLP_PERSISTENT_DEFAULT=0 - -# Seconds laptop mode has to wait after the disk goes idle before doing a sync. -# Non-zero value enables, zero disables laptop mode. -DISK_IDLE_SECS_ON_AC=0 -DISK_IDLE_SECS_ON_BAT=2 - -# Dirty page values (timeouts in secs). -MAX_LOST_WORK_SECS_ON_AC=15 -MAX_LOST_WORK_SECS_ON_BAT=60 - -# Hint: CPU parameters below are disabled by default, remove the leading # -# to enable them, otherwise kernel default values are used. - -# Select a CPU frequency scaling governor. -# Intel Core i processor with intel_pstate driver: -# powersave(*), performance. -# Older hardware with acpi-cpufreq driver: -# ondemand(*), powersave, performance, conservative, schedutil. -# (*) is recommended. -# Hint: use tlp-stat -p to show the active driver and available governors. -# Important: -# powersave for intel_pstate and ondemand for acpi-cpufreq are power -# efficient for *almost all* workloads and therefore kernel and most -# distributions have chosen them as defaults. If you still want to change, -# you should know what you're doing! You *must* disable your distribution's -# governor settings or conflicts will occur. -#CPU_SCALING_GOVERNOR_ON_AC=powersave -#CPU_SCALING_GOVERNOR_ON_BAT=powersave - -# Set the min/max frequency available for the scaling governor. -# Possible values strongly depend on your CPU. For available frequencies see -# the output of tlp-stat -p. -#CPU_SCALING_MIN_FREQ_ON_AC=0 -#CPU_SCALING_MAX_FREQ_ON_AC=0 -#CPU_SCALING_MIN_FREQ_ON_BAT=0 -#CPU_SCALING_MAX_FREQ_ON_BAT=0 - -# Set energy performance hints (HWP) for Intel P-state governor: -# performance, balance_performance, default, balance_power, power -# Values are given in order of increasing power saving. -# Note: Intel Skylake or newer CPU and Kernel >= 4.10 required. -CPU_HWP_ON_AC=balance_performance -CPU_HWP_ON_BAT=balance_power - -# Set Intel P-state performance: 0..100 (%). -# Limit the max/min P-state to control the power dissipation of the CPU. -# Values are stated as a percentage of the available performance. -# Requires an Intel Core i processor with intel_pstate driver. -#CPU_MIN_PERF_ON_AC=0 -#CPU_MAX_PERF_ON_AC=100 -#CPU_MIN_PERF_ON_BAT=0 -#CPU_MAX_PERF_ON_BAT=30 - -# Set the CPU "turbo boost" feature: 0=disable, 1=allow -# Requires an Intel Core i processor. -# Important: -# - This may conflict with your distribution's governor settings -# - A value of 1 does *not* activate boosting, it just allows it -#CPU_BOOST_ON_AC=1 -#CPU_BOOST_ON_BAT=0 - -# Minimize number of used CPU cores/hyper-threads under light load conditions: -# 0=disable, 1=enable. -SCHED_POWERSAVE_ON_AC=0 -SCHED_POWERSAVE_ON_BAT=1 - -# Kernel NMI Watchdog: -# 0=disable (default, saves power), 1=enable (for kernel debugging only). -NMI_WATCHDOG=0 - -# Change CPU voltages aka "undervolting" - Kernel with PHC patch required. -# Frequency voltage pairs are written to: -# /sys/devices/system/cpu/cpu0/cpufreq/phc_controls -# CAUTION: only use this, if you thoroughly understand what you are doing! -#PHC_CONTROLS="F:V F:V F:V F:V" - -# Set CPU performance versus energy savings policy: -# performance, balance-performance, default, balance-power, power. -# Values are given in order of increasing power saving. -# Requires kernel module msr and x86_energy_perf_policy from linux-tools. -ENERGY_PERF_POLICY_ON_AC=performance -ENERGY_PERF_POLICY_ON_BAT=power - -# Disk devices; separate multiple devices with spaces (default: sda). -# Devices can be specified by disk ID also (lookup with: tlp diskid). -DISK_DEVICES="sda sdb" - -# Disk advanced power management level: 1..254, 255 (max saving, min, off). -# Levels 1..127 may spin down the disk; 255 allowable on most drives. -# Separate values for multiple disks with spaces. Use the special value 'keep' -# to keep the hardware default for the particular disk. -DISK_APM_LEVEL_ON_AC="254 254" -DISK_APM_LEVEL_ON_BAT="128 128" - -# Hard disk spin down timeout: -# 0: spin down disabled -# 1..240: timeouts from 5s to 20min (in units of 5s) -# 241..251: timeouts from 30min to 5.5 hours (in units of 30min) -# See 'man hdparm' for details. -# Separate values for multiple disks with spaces. Use the special value 'keep' -# to keep the hardware default for the particular disk. -#DISK_SPINDOWN_TIMEOUT_ON_AC="0 0" -#DISK_SPINDOWN_TIMEOUT_ON_BAT="0 0" - -# Select IO scheduler for the disk devices: cfq, deadline, noop (Default: cfq). -# Separate values for multiple disks with spaces. Use the special value 'keep' -# to keep the kernel default scheduler for the particular disk. -#DISK_IOSCHED="cfq cfq" - -# AHCI link power management (ALPM) for disk devices: -# min_power, med_power_with_dipm(*), medium_power, max_performance. -# (*) Kernel >= 4.15 required, then recommended. -# Multiple values separated with spaces are tried sequentially until success. -SATA_LINKPWR_ON_AC="med_power_with_dipm max_performance" -SATA_LINKPWR_ON_BAT="med_power_with_dipm min_power" - -# Exclude host devices from AHCI link power management. -# Separate multiple hosts with spaces. -#SATA_LINKPWR_BLACKLIST="host1" - -# Runtime Power Management for AHCI host and disks devices: -# on=disable, auto=enable. -# EXPERIMENTAL ** WARNING: auto will most likely cause system lockups/data loss. -#AHCI_RUNTIME_PM_ON_AC=on -#AHCI_RUNTIME_PM_ON_BAT=on - -# Seconds of inactivity before disk is suspended. -AHCI_RUNTIME_PM_TIMEOUT=15 - -# PCI Express Active State Power Management (PCIe ASPM): -# default, performance, powersave. -PCIE_ASPM_ON_AC=performance -PCIE_ASPM_ON_BAT=powersave - -# Radeon graphics clock speed (profile method): low, mid, high, auto, default; -# auto = mid on BAT, high on AC; default = use hardware defaults. -RADEON_POWER_PROFILE_ON_AC=high -RADEON_POWER_PROFILE_ON_BAT=low - -# Radeon dynamic power management method (DPM): battery, performance. -RADEON_DPM_STATE_ON_AC=performance -RADEON_DPM_STATE_ON_BAT=battery - -# Radeon DPM performance level: auto, low, high; auto is recommended. -RADEON_DPM_PERF_LEVEL_ON_AC=auto -RADEON_DPM_PERF_LEVEL_ON_BAT=auto - -# WiFi power saving mode: on=enable, off=disable; not supported by all adapters. -WIFI_PWR_ON_AC=off -WIFI_PWR_ON_BAT=on - -# Disable wake on LAN: Y/N. -WOL_DISABLE=Y - -# Enable audio power saving for Intel HDA, AC97 devices (timeout in secs). -# A value of 0 disables, >=1 enables power saving (recommended: 1). -SOUND_POWER_SAVE_ON_AC=0 -SOUND_POWER_SAVE_ON_BAT=1 - -# Disable controller too (HDA only): Y/N. -SOUND_POWER_SAVE_CONTROLLER=Y - -# Power off optical drive in UltraBay/MediaBay: 0=disable, 1=enable. -# Drive can be powered on again by releasing (and reinserting) the eject lever -# or by pressing the disc eject button on newer models. -# Note: an UltraBay/MediaBay hard disk is never powered off. -BAY_POWEROFF_ON_AC=0 -BAY_POWEROFF_ON_BAT=0 -# Optical drive device to power off (default sr0). -BAY_DEVICE="sr0" - -# Runtime Power Management for PCI(e) bus devices: on=disable, auto=enable. -RUNTIME_PM_ON_AC=on -RUNTIME_PM_ON_BAT=auto - -# Exclude PCI(e) device adresses the following list from Runtime PM -# (separate with spaces). Use lspci to get the adresses (1st column). -#RUNTIME_PM_BLACKLIST="bb:dd.f 11:22.3 44:55.6" - -# Exclude PCI(e) devices assigned to the listed drivers from Runtime PM. -# Default when unconfigured is "amdgpu nouveau nvidia radeon" which -# prevents accidential power-on of dGPU in hybrid graphics setups. -# Use "" to disable the feature completely. -# Separate multiple drivers with spaces. -#RUNTIME_PM_DRIVER_BLACKLIST="amdgpu nouveau nvidia radeon" - -# Set to 0 to disable, 1 to enable USB autosuspend feature. -USB_AUTOSUSPEND=1 - -# Exclude listed devices from USB autosuspend (separate with spaces). -# Use lsusb to get the ids. -# Note: input devices (usbhid) are excluded automatically -#USB_BLACKLIST="1111:2222 3333:4444" - -# Bluetooth devices are excluded from USB autosuspend: -# 0=do not exclude, 1=exclude. -USB_BLACKLIST_BTUSB=0 - -# Phone devices are excluded from USB autosuspend: -# 0=do not exclude, 1=exclude (enable charging). -USB_BLACKLIST_PHONE=0 - -# Printers are excluded from USB autosuspend: -# 0=do not exclude, 1=exclude. -USB_BLACKLIST_PRINTER=1 - -# WWAN devices are excluded from USB autosuspend: -# 0=do not exclude, 1=exclude. -USB_BLACKLIST_WWAN=1 - -# Include listed devices into USB autosuspend even if already excluded -# by the blacklists above (separate with spaces). -# Use lsusb to get the ids. -#USB_WHITELIST="1111:2222 3333:4444" - -# Set to 1 to disable autosuspend before shutdown, 0 to do nothing -# (workaround for USB devices that cause shutdown problems). -#USB_AUTOSUSPEND_DISABLE_ON_SHUTDOWN=1 - -# Restore radio device state (Bluetooth, WiFi, WWAN) from previous shutdown -# on system startup: 0=disable, 1=enable. -# Hint: the parameters DEVICES_TO_DISABLE/ENABLE_ON_STARTUP/SHUTDOWN below -# are ignored when this is enabled! -RESTORE_DEVICE_STATE_ON_STARTUP=0 - -# Radio devices to disable on startup: bluetooth, wifi, wwan. -# Separate multiple devices with spaces. -#DEVICES_TO_DISABLE_ON_STARTUP="bluetooth wifi wwan" - -# Radio devices to enable on startup: bluetooth, wifi, wwan. -# Separate multiple devices with spaces. -#DEVICES_TO_ENABLE_ON_STARTUP="wifi" - -# Radio devices to disable on shutdown: bluetooth, wifi, wwan. -# (workaround for devices that are blocking shutdown). -#DEVICES_TO_DISABLE_ON_SHUTDOWN="bluetooth wifi wwan" - -# Radio devices to enable on shutdown: bluetooth, wifi, wwan. -# (to prevent other operating systems from missing radios). -#DEVICES_TO_ENABLE_ON_SHUTDOWN="wwan" - -# Radio devices to enable on AC: bluetooth, wifi, wwan. -#DEVICES_TO_ENABLE_ON_AC="bluetooth wifi wwan" - -# Radio devices to disable on battery: bluetooth, wifi, wwan. -#DEVICES_TO_DISABLE_ON_BAT="bluetooth wifi wwan" - -# Radio devices to disable on battery when not in use (not connected): -# bluetooth, wifi, wwan. -#DEVICES_TO_DISABLE_ON_BAT_NOT_IN_USE="bluetooth wifi wwan" - -# Battery charge thresholds (ThinkPad only, tp-smapi or acpi-call kernel module -# required). Charging starts when the remaining capacity falls below the -# START_CHARGE_THRESH value and stops when exceeding the STOP_CHARGE_THRESH value. -# Main / Internal battery (values in %) -START_CHARGE_THRESH_BAT0=75 -STOP_CHARGE_THRESH_BAT0=80 -# Ultrabay / Slice / Replaceable battery (values in %) -#START_CHARGE_THRESH_BAT1=75 -#STOP_CHARGE_THRESH_BAT1=80 - -# Restore charge thresholds when AC is unplugged: 0=disable, 1=enable. -#RESTORE_THRESHOLDS_ON_BAT=1 - -# ------------------------------------------------------------------------------ -# tlp-rdw - Parameters for the radio device wizard -# Possible devices: bluetooth, wifi, wwan. - -# Hints: -# - Parameters are disabled by default, remove the leading # to enable them -# - Separate multiple radio devices with spaces - -# Radio devices to disable on connect. -#DEVICES_TO_DISABLE_ON_LAN_CONNECT="wifi wwan" -#DEVICES_TO_DISABLE_ON_WIFI_CONNECT="wwan" -#DEVICES_TO_DISABLE_ON_WWAN_CONNECT="wifi" - -# Radio devices to enable on disconnect. -#DEVICES_TO_ENABLE_ON_LAN_DISCONNECT="wifi wwan" -#DEVICES_TO_ENABLE_ON_WIFI_DISCONNECT="" -#DEVICES_TO_ENABLE_ON_WWAN_DISCONNECT="" - -# Radio devices to enable/disable when docked. -#DEVICES_TO_ENABLE_ON_DOCK="" -#DEVICES_TO_DISABLE_ON_DOCK="" - -# Radio devices to enable/disable when undocked. -#DEVICES_TO_ENABLE_ON_UNDOCK="wifi" -#DEVICES_TO_DISABLE_ON_UNDOCK="" diff --git a/archived/buster/etc_files/thinkpad/etc/systemd/logind.conf b/archived/buster/etc_files/thinkpad/etc/systemd/logind.conf deleted file mode 100644 index 1098229..0000000 --- a/archived/buster/etc_files/thinkpad/etc/systemd/logind.conf +++ /dev/null @@ -1,6 +0,0 @@ -# This file is part of systemd. -# -# See logind.conf(5) for details. - -[Login] -HandleLidSwitch=hibernate diff --git a/archived/buster/etc_files/user/etc/cups/printers.conf b/archived/buster/etc_files/user/etc/cups/printers.conf deleted file mode 100644 index 3475600..0000000 --- a/archived/buster/etc_files/user/etc/cups/printers.conf +++ /dev/null @@ -1,20 +0,0 @@ -# Printer configuration file for CUPS v2.2.10 -# Written by cupsd -# DO NOT EDIT THIS FILE WHEN CUPSD IS RUNNING - -UUID urn:uuid:e856a26d-66f8-327a-4dca-0d8a09f87a25 -Info HP Deskjet F300 series -Location -MakeModel HP Deskjet f300 Series, hpcups 3.18.12 -DeviceURI hp:/usb/Deskjet_F300_series?serial=CN63VB21TM04KH -State Idle -Type 36892 -Accepting Yes -Shared No -JobSheets none none -QuotaPeriod 0 -PageLimit 0 -KLimit 0 -OpPolicy default -ErrorPolicy retry-job - diff --git a/archived/buster/etc_files/user/etc/default/console-setup b/archived/buster/etc_files/user/etc/default/console-setup deleted file mode 100644 index 090d241..0000000 --- a/archived/buster/etc_files/user/etc/default/console-setup +++ /dev/null @@ -1,4 +0,0 @@ -CHARMAP="UTF-8" -CODESET="Lat15" -FONTFACE="Terminus" -FONTSIZE="6x12" diff --git a/archived/buster/etc_files/user/opt/firefox/blank.html b/archived/buster/etc_files/user/opt/firefox/blank.html deleted file mode 100644 index 79e707e..0000000 --- a/archived/buster/etc_files/user/opt/firefox/blank.html +++ /dev/null @@ -1 +0,0 @@ -not quite blank diff --git a/archived/buster/etc_files/user/opt/firefox/defaults/pref/autoconfig.js b/archived/buster/etc_files/user/opt/firefox/defaults/pref/autoconfig.js deleted file mode 100644 index cf8ea80..0000000 --- a/archived/buster/etc_files/user/opt/firefox/defaults/pref/autoconfig.js +++ /dev/null @@ -1,4 +0,0 @@ -// We set up AutoConfig according to , see firefox.cfg comments on why we need it -pref("general.config.filename", "firefox.cfg"); -pref("general.config.obscure_value", 0); - diff --git a/archived/buster/etc_files/user/opt/firefox/firefox.cfg b/archived/buster/etc_files/user/opt/firefox/firefox.cfg deleted file mode 100644 index b321153..0000000 --- a/archived/buster/etc_files/user/opt/firefox/firefox.cfg +++ /dev/null @@ -1,18 +0,0 @@ -// do not put any code into this first line, as it gets ignored by Firefox - -// we zero extensions.autoDisableScopes so our pre-installed extensions activate by default -pref("extensions.autoDisableScopes", 0); - -// we turn off annoying setup popups and pages; these settings are the result more of trial and error than thorough understanding by me, so more research might be warranted to discipline them -pref("startup.homepage_welcome_url", "file:///opt/firefox/blank.html"); -pref("browser.startup.homepage", "file:///opt/firefox/blank.html"); -pref("browser.startup.blankWindow", true); -pref("datareporting.policy.firstRunURL", ""); -pref("browser.shell.checkDefaultBrowser", false); -pref("datareporting.policy.dataSubmissionPolicyBypassNotification", true); - -// use socks proxy by default -pref("network.proxy.type", 1); -pref("network.proxy.socks", "localhost"); -pref("network.proxy.socks_port", 9999); -pref("network.proxy.remote_dns", true); diff --git a/archived/buster/etc_files/user/usr/share/applications/firefox.desktop b/archived/buster/etc_files/user/usr/share/applications/firefox.desktop deleted file mode 100644 index cb8d354..0000000 --- a/archived/buster/etc_files/user/usr/share/applications/firefox.desktop +++ /dev/null @@ -1,3 +0,0 @@ -[Desktop Entry] -Name=Firefox -Exec=/usr/local/bin/firefox %u diff --git a/archived/buster/etc_files/web/etc/nftables.conf b/archived/buster/etc_files/web/etc/nftables.conf deleted file mode 100755 index ec6732a..0000000 --- a/archived/buster/etc_files/web/etc/nftables.conf +++ /dev/null @@ -1,22 +0,0 @@ -#!/usr/sbin/nft -f - -flush ruleset - -table inet filter { - chain input { - type filter hook input priority 0; policy drop; - iif lo accept comment "accept localhost traffic" - ct state invalid drop comment "drop invalid connections" - ct state established, related accept comment "accept traffic originated from us" - tcp dport 22 accept comment "accept SSH on default port" - tcp dport 80 accept comment "accept HTTP on default port" - tcp dport 443 accept comment "accept HTTPS on default port" - ip protocol icmp icmp type echo-request accept comment "accept ICMP for pinging" - } - chain forward { - type filter hook forward priority 0; policy drop; - } - chain output { - type filter hook output priority 0; policy accept; - } -} diff --git a/archived/buster/etc_files/web/etc/nginx/nginx.conf b/archived/buster/etc_files/web/etc/nginx/nginx.conf deleted file mode 100644 index 8320425..0000000 --- a/archived/buster/etc_files/web/etc/nginx/nginx.conf +++ /dev/null @@ -1,38 +0,0 @@ -# system integration -user www-data; -worker_processes auto; -pid /run/nginx.pid; -include /etc/nginx/modules-enabled/*.conf; - -# is expected even if empty -events { -} - -http { - # define content-type headers - include /etc/nginx/mime.types; - charset utf-8; - - # Some standard optimizations, i.e. Debian default. Explained in - # - # Not that I understand it all … - sendfile on; - tcp_nopush on; - tcp_nodelay on; - - # logging deactivated due to GDPR - #access_log /var/log/nginx/access.log; - #error_log /var/log/nginx/error.log; - access_log off; - error_log off; - - # virtual hosts: sites-enabled is the Debian way, conf.d the NGINX default - include /etc/nginx/conf.d/*.conf; - include /etc/nginx/sites-enabled/*; - - # Redirect all HTTP requests to HTTPS. - server { - listen 80; - return 301 https://$host$request_uri; - } -} diff --git a/archived/buster/etc_files/website/etc/gitweb.conf b/archived/buster/etc_files/website/etc/gitweb.conf deleted file mode 100644 index 88dea47..0000000 --- a/archived/buster/etc_files/website/etc/gitweb.conf +++ /dev/null @@ -1,22 +0,0 @@ -# path to git projects (.git) -$projectroot = "/var/repos"; - -# don't show repos without git-daemon-export-ok file -$export_ok = "git-daemon-export-ok"; - -# directory to use for temp files -# explicitely set by Debian so it's probably a good choice -$git_temp = "/tmp"; - -# git-diff-tree(1) options to use for generated patches -# we don't want to to guess renames, so empty -@diff_opts = (); - -# Base path for where to find the repos for cloning. -@git_base_url_list = ('https://REPLACE_fqdn_ECALPER/repos/clone'); - -# allow snapshots -$feature{'snapshot'}{'default'} = ['zip', 'tgz']; - -# insert header for GDPR compliance -$site_header = "/var/www/header.html" diff --git a/archived/buster/etc_files/website/etc/nginx/sites-available/website.nginx b/archived/buster/etc_files/website/etc/nginx/sites-available/website.nginx deleted file mode 100644 index cbad304..0000000 --- a/archived/buster/etc_files/website/etc/nginx/sites-available/website.nginx +++ /dev/null @@ -1,40 +0,0 @@ -server { - listen 443 ssl; - server_name REPLACE_fqdn_ECALPER; - ssl_certificate /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/privkey.pem; - root /var/www/html/; - index index.html index.htm index.nginx-debian.html; - - # serve /var/repos/* for HTTPS git cloning - location ~ /repos/clone(/.*) { - include fastcgi_params; - fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend; - # Commented out so only repos are served that contain a - # git-daemon-export-ok file. - # fastcgi_param GIT_HTTP_EXPORT_ALL ""; - fastcgi_param GIT_PROJECT_ROOT /var/repos; - fastcgi_param PATH_INFO $1; - fastcgi_pass unix:/var/run/fcgiwrap.socket; - } - - # gitweb static files - location /repos/static/ { - alias /usr/share/gitweb/static/; - } - - # gitweb; this needs packages fcgiwrap and gitweb - location /repos/ { - include fastcgi_params; - fastcgi_param SCRIPT_FILENAME /usr/share/gitweb/gitweb.cgi; - fastcgi_param GITWEB_CONFIG /etc/gitweb.conf; - fastcgi_pass unix:/var/run/fcgiwrap.socket; - } - - # login-protected IRC logs - location ~ ^/irclogs/([^/]+)/ { - auth_basic "$1 logs"; - auth_basic_user_file /var/www/irclogs_pw/$1; - autoindex on; - } -} diff --git a/archived/buster/etc_files/website/etc/systemd/system/plomlombot.service b/archived/buster/etc_files/website/etc/systemd/system/plomlombot.service deleted file mode 100644 index a4f6769..0000000 --- a/archived/buster/etc_files/website/etc/systemd/system/plomlombot.service +++ /dev/null @@ -1,11 +0,0 @@ -[Unit] -Description=plomlombot screen - -[Service] -Type=simple -User=plom -ExecStart=/bin/sh -c '~/plomlombot_daemon.sh' -Restart=always - -[Install] -WantedBy=multi-user.target diff --git a/archived/buster/etc_files/x200s/etc/wicd/manager-settings.conf b/archived/buster/etc_files/x200s/etc/wicd/manager-settings.conf deleted file mode 100644 index de12c6c..0000000 --- a/archived/buster/etc_files/x200s/etc/wicd/manager-settings.conf +++ /dev/null @@ -1,24 +0,0 @@ -[Settings] -backend = external -wireless_interface = wls1 -wired_interface = enp0s25 -wpa_driver = wext -always_show_wired_interface = False -use_global_dns = False -global_dns_1 = None -global_dns_2 = None -global_dns_3 = None -global_dns_dom = None -global_search_dom = None -auto_reconnect = True -debug_mode = 0 -wired_connect_mode = 1 -signal_display_type = 0 -should_verify_ap = 1 -dhcp_client = 0 -link_detect_tool = 0 -flush_tool = 0 -sudo_app = 0 -prefer_wired = False -show_never_connect = True - diff --git a/archived/buster/etc_files/x220/etc/wicd/manager-settings.conf b/archived/buster/etc_files/x220/etc/wicd/manager-settings.conf deleted file mode 100644 index 985df76..0000000 --- a/archived/buster/etc_files/x220/etc/wicd/manager-settings.conf +++ /dev/null @@ -1,24 +0,0 @@ -[Settings] -backend = external -wireless_interface = wlp3s0 -wired_interface = enp0s25 -wpa_driver = wext -always_show_wired_interface = False -use_global_dns = False -global_dns_1 = None -global_dns_2 = None -global_dns_3 = None -global_dns_dom = None -global_search_dom = None -auto_reconnect = True -debug_mode = 0 -wired_connect_mode = 1 -signal_display_type = 0 -should_verify_ap = 1 -dhcp_client = 0 -link_detect_tool = 0 -flush_tool = 0 -sudo_app = 0 -prefer_wired = False -show_never_connect = True - diff --git a/archived/buster/home_files/eeepc/.config/i3status/config b/archived/buster/home_files/eeepc/.config/i3status/config deleted file mode 100644 index 207bef4..0000000 --- a/archived/buster/home_files/eeepc/.config/i3status/config +++ /dev/null @@ -1,82 +0,0 @@ -# plomlompom's i3 status bar configuration - -# Activate colors; set update interval of one second. -general { - colors = true - interval = 1 -} - -# Selection / order of status elements. -order += "disk /" -order += "disk /home/" -order += "wireless wlp2s0" -order += "ethernet enp1s0" -order += "battery 0" -order += "cpu_usage" -order += "load" -order += "cpu_temperature 0" -order += "time" -order += "volume master" - -# How much space is left in / ? -disk "/" { - format = "/: %avail of %total" - separator_block_width = 25 -} - -# How much space is left in /home/ ? -disk "/home/" { - format = "/home: %avail of %total" - separator_block_width = 25 -} - -# WLAN status: show IP and connection quality or "down". -wireless wlp2s0 { - format_up = "w: (%quality at %essid) %ip" - format_down = "w: down" - separator_block_width = 10 -} - -# Ethernet status: show IP or "down". -ethernet enp1s0 { - format_up = "e: %ip" - format_down = "e: down" - separator_block_width = 25 -} - -# Battery status: show FULL/CHARGING/BATTERY, storage, time left. -battery 0 { - format = "b: %status %percentage %remaining" - separator_block_width = 25 -} - -# Show CPU usage. -cpu_usage { - format = "cpu: %usage" - separator_block_width = 10 -} - -# Show system load during last 1/5/15 minutes. -load { - format = "%1min %5min %15min" - separator_block_width = 25 -} - -# Show CPU temperature in degrees of celsius. -cpu_temperature 0 { - format = "%degrees °C" - separator_block_width = 25 -} - -# Show date/time/timezone as "year-month-day hour:minute:second -# timezone_numeric/timezone_alphabetic". -time { - format = "%Y-%m-%d %H:%M:%S %z/%Z" - separator_block_width = 25 -} - -volume master { - format = "♪: %volume" - format_muted = "♪: muted (%volume)" - separator_block_width = 25 -} diff --git a/archived/buster/home_files/minimal/.bashrc b/archived/buster/home_files/minimal/.bashrc deleted file mode 100644 index 5ee9ad8..0000000 --- a/archived/buster/home_files/minimal/.bashrc +++ /dev/null @@ -1,26 +0,0 @@ -# Settings for interactive shells. - -# Fancy colors for ls. -alias ls="ls --color=auto" - -# Use vim as default editor for anything. -export VISUAL=vim -export EDITOR=$VISUAL - -# Colored prompt with username, hostname, date/time, directory. -colornumber=7 # Default to white if no color set via colornumber dotfile. -colornumber_file=~/.shell_prompt_color -if [ -f $colornumber_file ]; then - colornumber=`cat $colornumber_file` -fi -tput_color="$(tput setaf $colornumber)$(tput bold)" -tput_reset="$(tput sgr0)" -# Bash confuses the line length when not told to not count escape sequences. -if [ ! "$BASH" = "" ]; then - tput_color="\[$tput_color\]" - tput_reset="\[$tput_reset\]" -fi -PS1="${tput_color}["\$\(date\ +%Y-%m-%d/%H:%M:%S/%Z\)" $(whoami)@$(hostname):"\$\(pwd\)"]$ $tput_reset" -PS2="${tput_color}> $tput_reset" -PS3="${tput_color}select: $tput_reset" -PS4="${tput_color}+ $tput_reset" diff --git a/archived/buster/home_files/root/.shell_prompt_color b/archived/buster/home_files/root/.shell_prompt_color deleted file mode 100644 index d00491f..0000000 --- a/archived/buster/home_files/root/.shell_prompt_color +++ /dev/null @@ -1 +0,0 @@ -1 diff --git a/archived/buster/home_files/user/.Xresources b/archived/buster/home_files/user/.Xresources deleted file mode 100644 index 45b10af..0000000 --- a/archived/buster/home_files/user/.Xresources +++ /dev/null @@ -1,56 +0,0 @@ -! otherwise various applications will assume merely 8 colors -XTerm.termName: xterm-256color - -! font -! actually, "mono" is already the default for faceName (it will -! pick whatever fc-match mono delivers), but we need to set _some_ -! faceName to trigger XTerm activating TrueType fonts -! (XTerm*fontRender by itself won't do the trick), and we want -! TrueType fonts because, well, they scale better, and XTerm lets them -! fall back on alternatives (hi there ttf-unifont) when a Unicode -! glyph is not found -XTerm*faceName: mono - -! white on black -XTerm*reverseVideo: on - -! blink screen instead of sound -XTerm*visualBell: on - -! proper ALT as META key treatment -XTerm*eightBitInput: false - -! font sizes -XTerm*faceSize: 8 -XTerm*faceSize1: 4 -XTerm*faceSize2: 5 -XTerm*faceSize3: 6 -XTerm*faceSize4: 8 -XTerm*faceSize5: 14 -XTerm*faceSize6: 25 - -! colors -! black -XTerm*color0: #202020 -XTerm*color8: #3F3F3F -! red -XTerm*color1: #A82020 -XTerm*color9: #E82020 -! green -XTerm*color2: #20A820 -XTerm*color10: #20E820 -! yellow -XTerm*color3: #A8A820 -XTerm*color11: #E8E820 -! blue -XTerm*color4: #3F3FFF -XTerm*color12: #9F9FFF -! magenta -XTerm*color5: #A83FFF -XTerm*color13: #E89FFF -! cyan -XTerm*color6: #3FA8FF -XTerm*color14: #9FE8FF -! white -XTerm*color7: #A8A8A8 -XTerm*color15: #E8E8E8 diff --git a/archived/buster/home_files/user/.borgrepos b/archived/buster/home_files/user/.borgrepos deleted file mode 100644 index c40eee3..0000000 --- a/archived/buster/home_files/user/.borgrepos +++ /dev/null @@ -1,4 +0,0 @@ -plom@plomlompom.com -plom@mail.plomlompom.com -plom@play.plomlompom.com -# file read ends at last newline diff --git a/archived/buster/home_files/user/.config/i3/config b/archived/buster/home_files/user/.config/i3/config deleted file mode 100644 index 19c654e..0000000 --- a/archived/buster/home_files/user/.config/i3/config +++ /dev/null @@ -1,83 +0,0 @@ -# plomlompom's i3-wm configuration - -# Font for i3 text -font pango:Terminus 8px - -# Force "tabbed" as default layout for new windows. -workspace_layout tabbed - -# Make the Windows key the modifier key for all i3-wm actions. -set $mod Mod4 -floating_modifier $mod - -# Launch xterm. -bindsym $mod+Return exec xterm - -# Launch programs via dmenu. -bindsym $mod+d exec dmenu_run -bindsym $mod+x exec dmenu_run - -# Kill window. -bindsym $mod+Shift+Q kill - -# Move focus between windows. -bindsym $mod+Left focus left -bindsym $mod+Down focus down -bindsym $mod+Up focus up -bindsym $mod+Right focus right - -# Don't move focus with mouse. -focus_follows_mouse no - -# Move windows. -bindsym $mod+Shift+Left move left -bindsym $mod+Shift+Down move down -bindsym $mod+Shift+Up move up -bindsym $mod+Shift+Right move right - -# Resize windows -bindsym $mod+h resize shrink width 1 px or 1 ppt -bindsym $mod+l resize grow width 1 px or 1 ppt -bindsym $mod+j resize shrink height -bindsym $mod+k resize grow height - -# Toggle fullscreen for focused window. -bindsym $mod+f fullscreen - -# Toggle floating of window, focus on floating or tabbed windows. -bindsym $mod+Shift+space floating toggle -bindsym $mod+space focus mode_toggle - -# Switch to workspace x. -bindsym $mod+1 workspace 1 -bindsym $mod+2 workspace 2 -bindsym $mod+3 workspace 3 -bindsym $mod+4 workspace 4 -bindsym $mod+5 workspace 5 -bindsym $mod+6 workspace 6 -bindsym $mod+7 workspace 7 -bindsym $mod+8 workspace 8 -bindsym $mod+9 workspace 9 -bindsym $mod+0 workspace 10 - -# Move window to workspace x. -bindsym $mod+Shift+exclam move workspace 1 -bindsym $mod+Shift+quotedbl move workspace 2 -bindsym $mod+Shift+section move workspace 3 -bindsym $mod+Shift+dollar move workspace 4 -bindsym $mod+Shift+percent move workspace 5 -bindsym $mod+Shift+ampersand move workspace 6 -bindsym $mod+Shift+slash move workspace 7 -bindsym $mod+Shift+parenleft move workspace 8 -bindsym $mod+Shift+parenright move workspace 9 -bindsym $mod+Shift+equal move workspace 10 - -# Reload i3 config file, restart (keeping sesion) i3, exit i3. -bindsym $mod+Shift+C reload -bindsym $mod+Shift+R restart -bindsym $mod+Shift+P exit - -# Select "i3status" as i3 status bar. -bar { - status_command i3status -} diff --git a/archived/buster/home_files/user/.emacs.d/init.el b/archived/buster/home_files/user/.emacs.d/init.el deleted file mode 100644 index fbec980..0000000 --- a/archived/buster/home_files/user/.emacs.d/init.el +++ /dev/null @@ -1,323 +0,0 @@ -;; general layout -;; ============== - -;; need no stinkin emacs help screen as start up, and no menu bar -(setq inhibit-startup-screen t) -(menu-bar-mode -1) - -;; highlight cursor line, parentheses -(global-hl-line-mode 1) -(show-paren-mode 1) - -;; show line numbers, use separator space -(global-linum-mode) -(setq linum-format "%d ") - -;; count cursor column, row in mode line -(setq column-number-mode t) - -;; settings to make GUI tolerable -(if window-system - (progn - (add-to-list 'default-frame-alist '(foreground-color . "white")) - (add-to-list 'default-frame-alist '(background-color . "black")) - (set-face-attribute 'default nil :height 80) - (scroll-bar-mode -1) - (setq visible-bell t) - (setq linum-format "%d"))) - -;; use as default browser what XDG offers -(setq-default browse-url-browser-function 'browse-url-xdg-open) - - - -;; general keybindings -;; =================== - -;; create and use a minimal global map using just the self-insert command -;; bindings and a selection of some to me very common keystrokes -(setq minimal-map (make-sparse-keymap)) -(substitute-key-definition 'self-insert-command 'self-insert-command - minimal-map global-map) -(use-global-map minimal-map) -(global-set-key (kbd "DEL") 'backward-delete-char-untabify) -(global-set-key (kbd "RET") 'newline) -(global-set-key (kbd "TAB") 'indent-for-tab-command) -(global-set-key (kbd "") 'previous-line) -(global-set-key (kbd "") 'next-line) -(global-set-key (kbd "") 'left-char) -(global-set-key (kbd "") 'right-char) -(global-set-key (kbd "") 'scroll-down-command) -(global-set-key (kbd "") 'scroll-up-command) -(global-set-key (kbd "M-x") 'execute-extended-command) -(global-set-key (kbd "C-g") 'keyboard-quit) -;(global-set-key (kbd "") 'kmacro-start-macro-or-insert-counter) -;(global-set-key (kbd "") 'kmacro-end-or-call-macro) -;; note how to switch back to the original map: (use-global-map global-map) -(setq shr-map (make-sparse-keymap)) ; got annoying in elfeed-show on URLs - - - -;; minibuffer -;; ========== - -;; incremental minibuffer completion -(icomplete-mode 1) - - - -;; text editing -;; ============ - -;; tabs are evil -(setq-default indent-tabs-mode nil) -(setq-default tab-width 4) -(setq indent-line-function 'insert-tab) - -;; show trailing whitespace -(setq-default show-trailing-whitespace 1) - -;; on save, ask whether to ensure text file's last line ends in a -;; newline character -(setq require-final-newline 1) - -;; use dedicated directory for version-controlled, endless backups; -;; never delete old versions -(setq make-backup-files t - backup-directory-alist `(("." . "~/.emacs_backups")) - backup-by-copying t - version-control t - delete-old-versions 1) ;; neither t nor nil: never delete - - -;; package management -;; ================== - -;; where we get packages from -(setq package-archives '(("gnu" . "https://elpa.gnu.org/packages/") - ("melpa-unstable" . "https://melpa.org/packages/") - ("melpa-stable" . "https://stable.melpa.org/packages/"))) - -;; ensure certain packages are installed (actually, we use Debian repos here) -;; credit to -;(setq package-list '(elfeed ledger-mode)) -;(package-initialize) -;(dolist (package package-list) -; (unless (package-installed-p package) -; (package-install package))) - - - -;;; window management -;;; ================= -; -;;; track window configurations to allow window config undo -;(winner-mode 1) - - - -;; mail setup -;; ========== - -(setq send-mail-function 'smtpmail-send-it) -(setq smtpmail-smtp-server "mail.plomlompom.com") -(setq smtpmail-smtp-service 465) -(setq smtpmail-stream-type 'ssl) -(setq smtpmail-smtp-user "plom") -(setq mml-secure-openpgp-encrypt-to-self t) -(add-hook 'message-setup-hook 'mml-secure-sign-pgpmime) - -;(setq gnutls-log-level 0) - -;; if we don't set this, we get this warning: -;; gnutls.c: [1] Note that the security level of the Diffie-Hellman key exchange -;; has been lowered to 256 bits and this may allow decryption of the session data -(setq gnutls-min-prime-bits 1024) - -;; there is a WEIRD bug somewhere in /network-stream-open-tls/ that disappears the -;; stream process, seemingly unless the /message/ function is called at the right -;; place (earliest in /nsm-verify-connection/ right before the "cond" there, latest -;; in /network-stream-get-response/ right after "(goto-char start)"; this works -;; unless /inhibit_message/ is set, indicating that writing to the *Messages* -;; buffer is not relevant, but maybe writing to the echo area is); activing the -;; gnutls logging is just a hack to achieve such calls to /message/ in the -;; /network-stream-open-tls/ flow. -(setq gnutls-log-level 1) ; miraculously makes smtpmail work - -;; constructs From: domain if mail composer directly called (from without -;; notmuch), but we don't actually intend to do that -;(setq mail-host-address "plomlompom.com") - -;; otherwise notmuch becomes extremely slow in some cases -(setq-default notmuch-show-indent-content nil) - -;; this only works if we use notmuch-mua-send instead of message-send -(setq notmuch-fcc-dirs '(("plom@plomlompom.com" . "maildir/Sent"))) - -;; this gets rid of "i-did-not-set--mail-host-address--so-tickle-me" -;; in the message ID -(setq mail-host-address "plomlompom.com") - -;; notmuch saved searches -(setq notmuch-saved-searches - '((:name "inbox" :query "tag:unread and folder:inbox") - (:name "all" :query "tag:unread not folder:maildir/Trash") - (:name "plomlompom.de" :query "tag:unread and folder:maildir/plomlompom.de") - (:name "nebenan" :query "tag:unread and folder:maildir/nebenan") - (:name "reflect-info" :query "tag:unread and folder:maildir/reflect-info") - (:name "gmail" :query "tag:unread and folder:maildir/gmail.com") - (:name "mutter" :query "tag:unread and folder:maildir/mutter"))) - - - -;; org mode -;; ======== - -;; unsure why, but to re-set the key map, we not only have to explicitely do it -;; only after org-mode loading, but also have to explicitely overwrite the -;; C-c keybinding; TODO: investigate -(with-eval-after-load 'org - (setq org-mode-map (make-sparse-keymap)) - (define-key org-mode-map (kbd "C-c") nil) - (define-key org-mode-map (kbd "TAB") 'org-cycle) - (define-key org-mode-map (kbd "") 'org-shifttab)) - -;; don't truncate lines by default -(setq org-startup-truncated nil) - -;; basic org-capture config -(setq org-capture-templates - '(("x" "test" plain (file "~/org/notes.org") "%T: %?"))) -(add-hook 'org-capture-mode-hook 'evil-insert-state) - -;; agenda view on startup -(load-library "find-lisp") -(setq org-agenda-files (find-lisp-find-files "~/org" "\.org$")) -(setq org-agenda-span 90) -(setq org-agenda-use-time-grid nil) -(add-hook 'emacs-startup-hook (lambda () - (org-agenda-list) - (switch-to-buffer "*Org Agenda*") - (other-window 1))) - -;;; for calendar, use ISO date style -;(setq calendar-date-style 'iso) -;(setq diary-number-of-entries 7) -;(diary) -;(setq org-agenda-time-grid '((today require-timed remove-match) -; #("----------------" 0 16 (org-heading t)) -; (0 200 400 600 800 1000 1200 -; 1400 1600 1800 2000 2200))) - -;; empty org-agenda-mode keybindings -(add-hook 'org-agenda-mode-hook - (lambda () - (setq org-agenda-mode-map (make-sparse-keymap)))) -(add-hook 'org-agenda-mode-hook - (lambda () - (use-local-map (make-sparse-keymap)))) - -;; org-publish-all -(setq org-publish-project-alist - '( - ("website" - :base-directory "~/org/web/" - :base-extension "org" - :publishing-directory "~/html/" - :recursive t - :publishing-function org-html-publish-to-html - :headline-levels 4 ; Just the default for this project. - :auto-preamble t - ))) - -;; use [ki:] syntax to hide stuff from exports -(defun classify-information (text backend info) - "Replaces '[ki:WHATEVER]' with '[klassifizierte Information]'." - (replace-regexp-in-string "\\[ki:[^\]]*\]" "[klassifizierte Information]" text)) -(add-hook 'org-export-filter-plain-text-functions 'classify-information) - -;; add HTML validator link to exports -(setq org-html-validation-link "Validate") - - - -;;; Info mode -;;; ========= - -(setq Info-mode-map (make-sparse-keymap)) -(define-key Info-mode-map (kbd "RET") 'Info-follow-nearest-node) -(define-key Info-mode-map (kbd "u") 'Info-up) -(define-key Info-mode-map (kbd "TAB") 'Info-next-reference) -(define-key Info-mode-map (kbd "") 'Info-prev-reference) -(define-key Info-mode-map (kbd "H") 'Info-history-back) -(define-key Info-mode-map (kbd "L") 'Info-history-forward) -(define-key Info-mode-map (kbd "I") 'Info-goto-node) -(define-key Info-mode-map (kbd "i") 'Info-index) - - - -;; help mode -;; ========= - -(setq help-mode-map (make-sparse-keymap)) -(define-key help-mode-map (kbd "TAB") 'forward-button) -(define-key help-mode-map (kbd "RET") 'help-follow) -(define-key help-mode-map (kbd "") 'backward-button) - - - -;; elfeed -;; ====== - -(require 'elfeed) ; needed so we can set the font faces -(set-face-background 'elfeed-search-title-face "magenta") -(set-face-background 'elfeed-search-unread-count-face "magenta") -(setq elfeed-feeds - '("https://capsurvival.blogspot.com/feeds/posts/default" - "https://jungle.world/rss.xml" - "http://news.dieweltistgarnichtso.net/bin/index.xml" - "https://taz.de/!s=&ExportStatus=Intern&SuchRahmen=Online;rss/" - "http://www.tagesschau.de/xml/atom")) -(setq elfeed-search-mode-map (make-sparse-keymap)) -(define-key elfeed-search-mode-map (kbd "RET") 'elfeed-search-show-entry) -(defun elfeed-search-mark-as-read() (interactive) - (elfeed-search-untag-all 'unread)) -(define-key elfeed-search-mode-map (kbd "r") 'elfeed-search-mark-as-read) -(define-key elfeed-search-mode-map (kbd "R") 'elfeed-search-tag-all-unread) -(define-key elfeed-search-mode-map (kbd "f") 'elfeed-search-live-filter) -(define-key elfeed-search-mode-map (kbd "u") 'elfeed-update) -(setq elfeed-show-mode-map (make-sparse-keymap)) -(define-key elfeed-show-mode-map (kbd "u") 'elfeed) -(define-key elfeed-show-mode-map (kbd "TAB") 'shr-next-link) -(define-key elfeed-show-mode-map (kbd "") 'shr-previous-link) -(define-key elfeed-show-mode-map (kbd "a") 'elfeed-show-prev) -(define-key elfeed-show-mode-map (kbd "d") 'elfeed-show-next) -(define-key elfeed-show-mode-map (kbd "y") 'shr-copy-url) -(define-key elfeed-show-mode-map (kbd "RET") 'shr-browse-url) - - - -;; eww -;; === - -(setq eww-mode-map (make-sparse-keymap)) -(define-key eww-mode-map (kbd "TAB") 'shr-next-link) -(define-key eww-mode-map (kbd "") 'shr-previous-link) -(define-key eww-mode-map (kbd "H") 'eww-back-url) -(define-key eww-mode-map (kbd "L") 'eww-forward-url) - - - -;; ledger -;; ====== -(setq ledger-mode-map (make-sparse-keymap)) -(define-key ledger-mode-map (kbd "TAB") 'ledger-magic-tab) - - - -;;; plomvi mode -;;; =========== - -(defvar plomvi-return-combo (kbd "C-c")) -(load "~/public_repos/plomvi.el/plomvi.el") -(plomvi-global-mode 1) diff --git a/archived/buster/home_files/user/.gitconfig b/archived/buster/home_files/user/.gitconfig deleted file mode 100644 index 8967d25..0000000 --- a/archived/buster/home_files/user/.gitconfig +++ /dev/null @@ -1,3 +0,0 @@ -[user] - email = c.heller@plomlompom.de - name = Christian Heller diff --git a/archived/buster/home_files/user/.mbsyncrc b/archived/buster/home_files/user/.mbsyncrc deleted file mode 100644 index 6a0e5cd..0000000 --- a/archived/buster/home_files/user/.mbsyncrc +++ /dev/null @@ -1,28 +0,0 @@ -IMAPAccount plom -# Address to connect to -Host mail.plomlompom.com -User plom -# For some reason, mbsync doesn't accept a PassCmd output beyond 79 chars, -# therefore the pw in ~/.authinfo should not be longer than that. -PassCmd "cat ~/.authinfo | cut -d' ' -f8-" -SSLType IMAPS -AuthMechs LOGIN - -IMAPStore core-remote -Account plom - -MaildirStore core-local -# The trailing "/" is important -Path ~/mail/maildir/ -Inbox ~/mail/inbox/ - -Channel core -Master :core-remote: -Slave :core-local: -Patterns * -# Automatically create missing mailboxes, both locally and on the server -Create Both -# Save the synchronization state files in the relevant directory -SyncState * -# If a mail is marked T ("Trashed") or deleted, remove it for real everywhere -Expunge Both diff --git a/archived/buster/home_files/user/.notmuch-config b/archived/buster/home_files/user/.notmuch-config deleted file mode 100644 index 9532761..0000000 --- a/archived/buster/home_files/user/.notmuch-config +++ /dev/null @@ -1,9 +0,0 @@ -[database] -path=/home/plom/mail -[search] -exclude_tags=deleted;spam; -# the fields below set the From: if the mail composer is called from -# within notmuch -[user] -name=Christian Heller -primary_email=plom@plomlompom.com diff --git a/archived/buster/home_files/user/.shell_prompt_color b/archived/buster/home_files/user/.shell_prompt_color deleted file mode 100644 index 0cfbf08..0000000 --- a/archived/buster/home_files/user/.shell_prompt_color +++ /dev/null @@ -1 +0,0 @@ -2 diff --git a/archived/buster/home_files/user/.tridactylrc b/archived/buster/home_files/user/.tridactylrc deleted file mode 100644 index e39e5a0..0000000 --- a/archived/buster/home_files/user/.tridactylrc +++ /dev/null @@ -1,13 +0,0 @@ -sanitize tridactyllocal tridactylsync -guiset statuspanel top-right -guiset tabs autohide -set newtab file:///opt/firefox/blank.html -autocmd DocStart www.reddit.com urlmodify -t www.reddit old.reddit -bind / fillcmdline find -bind n findnext 1 -bind N findnext -1 -set findcase insensitive -bind j scrollline 3 -bind k scrollline -3 -set hintuppercase false -set searchengine duckduckgo diff --git a/archived/buster/home_files/user/.xinitrc b/archived/buster/home_files/user/.xinitrc deleted file mode 100644 index c7a0a66..0000000 --- a/archived/buster/home_files/user/.xinitrc +++ /dev/null @@ -1,17 +0,0 @@ -# X init configuration - -# Set keymap. -setxkbmap de - -# Map CapsLock to Compose key. -xmodmap -e "clear Lock" -xmodmap -e "keycode 66 = Multi_key" - -# Load xterm settings -xrdb -merge ~/.Xresources - -# Redshift to Berlin, Germany. -redshift -rl 53:13 & - -# Launch window manager. -i3 diff --git a/archived/buster/home_files/user/mail_sync.sh b/archived/buster/home_files/user/mail_sync.sh deleted file mode 100755 index 6962800..0000000 --- a/archived/buster/home_files/user/mail_sync.sh +++ /dev/null @@ -1,43 +0,0 @@ -#!/bin/sh -set -e - -basedir="/home/plom/mail/maildir/" -# Ensure directories exist for all "dir:*" tags. -for tag in $(notmuch search --output=tags '*'); do - if [ ! $(echo "${tag}" | cut -c-4) = "dir:" ]; then - continue - fi - target_dir="${basedir}"$(echo "${tag}" | cut -c5-)"/cur/" - if [ ! -d "${target_dir}" ]; then - echo "Directory ${target_dir} does not exist." - exit 1 - fi -done - -# Ensure all "dir:*"-tagged mails are in proper directories, -# remove all "dir:*" tags. -for tag in $(notmuch search --output=tags '*'); do - if [ ! $(echo "${tag}" | cut -c-4) = "dir:" ]; then - continue - fi - target_dir="${basedir}"$(echo "${tag}" | cut -c5-)"/cur/" - for f in $(notmuch search --output=files tag:"${tag}"); do - new_name=$(basename "${f}" | sed -e 's/,U=[0-9]*//') - target_path="${target_dir}${new_name}" - if [ ! "${target_path}" = "${f}" ]; then - echo "Moving ${f} to ${target_path}." - mv "${f}" "${target_path}" - fi - done - notmuch tag -"${tag}" tag:"${tag}" -done - -# Remove all "deleted"-tagged files from maildirs. -notmuch search --output=files tag:deleted | while read f; do - echo "Deleting ${f}" - rm "${f}" -done - -# Sync changes back to server and update notmuch index. -mbsync -a -notmuch new diff --git a/archived/buster/home_files/user/public_repos/repos b/archived/buster/home_files/user/public_repos/repos deleted file mode 100644 index 27eb028..0000000 --- a/archived/buster/home_files/user/public_repos/repos +++ /dev/null @@ -1,7 +0,0 @@ -# List of repos we want cloned in ~/public_repos -config -pingmail.git -plomlombot-irc.git -plomrogue -plomrogue2-experiments -plomvi.el diff --git a/archived/buster/home_files/w530/.config/i3status/config b/archived/buster/home_files/w530/.config/i3status/config deleted file mode 100644 index b9fb15f..0000000 --- a/archived/buster/home_files/w530/.config/i3status/config +++ /dev/null @@ -1,82 +0,0 @@ -# plomlompom's i3 status bar configuration - -# Activate colors; set update interval of one second. -general { - colors = true - interval = 1 -} - -# Selection / order of status elements. -order += "disk /" -order += "disk /home/" -order += "wireless wlp3s0" -order += "ethernet enp0s25" -order += "battery 0" -order += "cpu_usage" -order += "load" -order += "cpu_temperature 0" -order += "time" -order += "volume master" - -# How much space is left in / ? -disk "/" { - format = "/: %avail available of %total" - separator_block_width = 25 -} - -# How much space is left in /home ? -disk "/home/" { - format = "/home: %avail available of %total" - separator_block_width = 25 -} - -# WLAN status: show IP and connection quality or "down". -wireless wlp3s0 { - format_up = "w: (%quality at %essid) %ip" - format_down = "w: down" - separator_block_width = 10 -} - -# Ethernet status: show IP or "down". -ethernet enp0s25 { - format_up = "e: %ip" - format_down = "e: down" - separator_block_width = 25 -} - -# Battery status: show FULL/CHARGING/BATTERY, storage, time left. -battery 0 { - format = "b: %status %percentage %remaining" - separator_block_width = 25 -} - -# Show CPU usage. -cpu_usage { - format = "cpu: %usage" - separator_block_width = 10 -} - -# Show system load during last 1/5/15 minutes. -load { - format = "%1min %5min %15min" - separator_block_width = 25 -} - -# Show CPU temperature in degrees of celsius. -cpu_temperature 0 { - format = "%degrees °C" - separator_block_width = 25 -} - -# Show date/time/timezone as "year-month-day hour:minute:second -# timezone_numeric/timezone_alphabetic". -time { - format = "%Y-%m-%d %H:%M:%S %z/%Z" - separator_block_width = 25 -} - -volume master { - format = "♪: %volume" - format_muted = "♪: muted (%volume)" - separator_block_width = 25 -} diff --git a/archived/buster/home_files/x200s/.config/i3status/config b/archived/buster/home_files/x200s/.config/i3status/config deleted file mode 100644 index 256f174..0000000 --- a/archived/buster/home_files/x200s/.config/i3status/config +++ /dev/null @@ -1,82 +0,0 @@ -# plomlompom's i3 status bar configuration - -# Activate colors; set update interval of one second. -general { - colors = true - interval = 1 -} - -# Selection / order of status elements. -order += "disk /" -order += "disk /home/" -order += "wireless wls1" -order += "ethernet enp0s25" -order += "battery 0" -order += "cpu_usage" -order += "load" -order += "cpu_temperature 0" -order += "time" -order += "volume master" - -# How much space is left in / ? -disk "/" { - format = "/: %avail available of %total" - separator_block_width = 25 -} - -# How much space is left in /home ? -disk "/home/" { - format = "/home: %avail available of %total" - separator_block_width = 25 -} - -# WLAN status: show IP and connection quality or "down". -wireless wls1 { - format_up = "w: (%quality at %essid) %ip" - format_down = "w: down" - separator_block_width = 10 -} - -# Ethernet status: show IP or "down". -ethernet enp0s25 { - format_up = "e: %ip" - format_down = "e: down" - separator_block_width = 25 -} - -# Battery status: show FULL/CHARGING/BATTERY, storage, time left. -battery 0 { - format = "b: %status %percentage %remaining" - separator_block_width = 25 -} - -# Show CPU usage. -cpu_usage { - format = "cpu: %usage" - separator_block_width = 10 -} - -# Show system load during last 1/5/15 minutes. -load { - format = "%1min %5min %15min" - separator_block_width = 25 -} - -# Show CPU temperature in degrees of celsius. -cpu_temperature 0 { - format = "%degrees °C" - separator_block_width = 25 -} - -# Show date/time/timezone as "year-month-day hour:minute:second -# timezone_numeric/timezone_alphabetic". -time { - format = "%Y-%m-%d %H:%M:%S %z/%Z" - separator_block_width = 25 -} - -volume master { - format = "♪: %volume" - format_muted = "♪: muted (%volume)" - separator_block_width = 25 -} diff --git a/archived/buster/home_files/x220/.config/i3status/config b/archived/buster/home_files/x220/.config/i3status/config deleted file mode 100644 index b9fb15f..0000000 --- a/archived/buster/home_files/x220/.config/i3status/config +++ /dev/null @@ -1,82 +0,0 @@ -# plomlompom's i3 status bar configuration - -# Activate colors; set update interval of one second. -general { - colors = true - interval = 1 -} - -# Selection / order of status elements. -order += "disk /" -order += "disk /home/" -order += "wireless wlp3s0" -order += "ethernet enp0s25" -order += "battery 0" -order += "cpu_usage" -order += "load" -order += "cpu_temperature 0" -order += "time" -order += "volume master" - -# How much space is left in / ? -disk "/" { - format = "/: %avail available of %total" - separator_block_width = 25 -} - -# How much space is left in /home ? -disk "/home/" { - format = "/home: %avail available of %total" - separator_block_width = 25 -} - -# WLAN status: show IP and connection quality or "down". -wireless wlp3s0 { - format_up = "w: (%quality at %essid) %ip" - format_down = "w: down" - separator_block_width = 10 -} - -# Ethernet status: show IP or "down". -ethernet enp0s25 { - format_up = "e: %ip" - format_down = "e: down" - separator_block_width = 25 -} - -# Battery status: show FULL/CHARGING/BATTERY, storage, time left. -battery 0 { - format = "b: %status %percentage %remaining" - separator_block_width = 25 -} - -# Show CPU usage. -cpu_usage { - format = "cpu: %usage" - separator_block_width = 10 -} - -# Show system load during last 1/5/15 minutes. -load { - format = "%1min %5min %15min" - separator_block_width = 25 -} - -# Show CPU temperature in degrees of celsius. -cpu_temperature 0 { - format = "%degrees °C" - separator_block_width = 25 -} - -# Show date/time/timezone as "year-month-day hour:minute:second -# timezone_numeric/timezone_alphabetic". -time { - format = "%Y-%m-%d %H:%M:%S %z/%Z" - separator_block_width = 25 -} - -volume master { - format = "♪: %volume" - format_muted = "♪: muted (%volume)" - separator_block_width = 25 -} diff --git a/archived/buster/other_files/append_opendkim.conf b/archived/buster/other_files/append_opendkim.conf deleted file mode 100644 index ee5dc14..0000000 --- a/archived/buster/other_files/append_opendkim.conf +++ /dev/null @@ -1,6 +0,0 @@ - -# plomlompom customizations -Domain REPLACE_maildomain_ECALPER -KeyFile /etc/dkimkeys/REPLACE_selector_ECALPER.private -Selector REPLACE_selector_ECALPER -Socket inet:8892@localhost diff --git a/archived/buster/other_files/append_pleroma_config b/archived/buster/other_files/append_pleroma_config deleted file mode 100644 index 54a65d0..0000000 --- a/archived/buster/other_files/append_pleroma_config +++ /dev/null @@ -1,24 +0,0 @@ - -########################################## -# below this: customizations by plomlompom - -config :pleroma, :instance, - registrations_open: false, - safe_dm_mentions: true, - cleanup_attachments: true - -config :pleroma, :frontend_configurations, - pleroma_fe: %{ - showInstanceSpecificPanel: true, - background: "/pixel.png", - logo: "/pixel.png" - } - -config :pleroma, :chat, - enabled: false - -config :pleroma, Pleroma.Captcha, - enabled: false - -config :pleroma, :static_fe, - enabled: true diff --git a/archived/buster/other_files/append_postfix_main.cf b/archived/buster/other_files/append_postfix_main.cf deleted file mode 100644 index 385058c..0000000 --- a/archived/buster/other_files/append_postfix_main.cf +++ /dev/null @@ -1,23 +0,0 @@ - -# TLS certs -smtpd_tls_cert_file=/etc/letsencrypt/live/${myhostname}/fullchain.pem -smtpd_tls_key_file=/etc/letsencrypt/live/${myhostname}/privkey.pem - -# OpenDKIM milter -non_smtpd_milters = inet:localhost:8892 -smtpd_milters = inet:localhost:8892 - -# transport mail to dovecot; not strictly needed, as even without this -# postfix will throw mail to /var/mail/USER to be found by dovecot for -# serving via IMAP etc.; but using dovecot's LMTP server for delivery -# allows us to do stuff like dovecot-side sieve filtering. -mailbox_transport = lmtp:inet:127.0.0.1:2424 - -# to authenticate on SMTP, we need a SASL mechanism; we talk to dovecot -# for this, since it provides one -smtpd_sasl_type = dovecot -smtpd_sasl_path = private/auth -smtpd_sasl_auth_enable = yes - -# we append mail domain here for if it is different than $myhostname -mydestination = $myhostname localhost.$mydomain localhost REPLACE_maildomain_ECALPER diff --git a/archived/buster/other_files/append_postfix_master.cf b/archived/buster/other_files/append_postfix_master.cf deleted file mode 100644 index 5d1aa3c..0000000 --- a/archived/buster/other_files/append_postfix_master.cf +++ /dev/null @@ -1,4 +0,0 @@ - -# Run SMTPS on port 465, enforce TLS there. -smtps inet n - y - - smtpd - -o smtpd_tls_wrappermode=yes diff --git a/archived/buster/other_files/blog_hook_post-receive b/archived/buster/other_files/blog_hook_post-receive deleted file mode 100755 index b671248..0000000 --- a/archived/buster/other_files/blog_hook_post-receive +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/sh -blog_dir=~/blog -export GIT_DIR=$(pwd) -export GIT_WORK_TREE="$blog_dir" -git checkout -f -cd "$GIT_WORK_TREE" -redo -git add metadata/author metadata/url metadata/title metadata/*.tmpl metadata/automatic_metadata captchas/linkable/* -count=$(ls -1 metadata/*.automatic_metadata 2>/dev/null | wc -l) -if [ "$count" != 0 ]; then - git add metadata/*.automatic_metadata -fi -status=$(git status -s) -n_updates=$(printf "$status" | grep -vE '^\?\?' | wc -l) -if [ "$n_updates" -gt 0 ]; then - git commit -a -m 'Update metadata' -fi diff --git a/archived/buster/other_files/dovecot.sieve b/archived/buster/other_files/dovecot.sieve deleted file mode 100644 index 5346309..0000000 --- a/archived/buster/other_files/dovecot.sieve +++ /dev/null @@ -1,8 +0,0 @@ -require ["fileinto"]; -require ["mailbox"]; -if address :is "from" "foo@bar.com" { - fileinto :create "foo"; -} -if address :is :domain "to" "example.com" { - fileinto :create "example.com"; -} diff --git a/archived/buster/other_files/dumpsite_index.html b/archived/buster/other_files/dumpsite_index.html deleted file mode 100644 index 0c2093f..0000000 --- a/archived/buster/other_files/dumpsite_index.html +++ /dev/null @@ -1,3 +0,0 @@ - - -Zum Blog? diff --git a/archived/buster/other_files/fetchmailrc b/archived/buster/other_files/fetchmailrc deleted file mode 100755 index b437563..0000000 --- a/archived/buster/other_files/fetchmailrc +++ /dev/null @@ -1,2 +0,0 @@ -# remove "keep" if you're sure about your setup; it keeps mails on server from getting deleted -poll mail.example.com protocol pop3 username "foo@example.com" password "PASSWORD" ssl keep diff --git a/archived/buster/other_files/peertube_production.yaml b/archived/buster/other_files/peertube_production.yaml deleted file mode 100644 index 86804e2..0000000 --- a/archived/buster/other_files/peertube_production.yaml +++ /dev/null @@ -1,375 +0,0 @@ -listen: - hostname: 'localhost' - port: 9000 - -# Correspond to your reverse proxy server_name/listen configuration -webserver: - https: true - hostname: 'example.com' - port: 443 - -rates_limit: - api: - # 50 attempts in 10 seconds - window: 10 seconds - max: 50 - login: - # 15 attempts in 5 min - window: 5 minutes - max: 15 - signup: - # 2 attempts in 5 min (only succeeded attempts are taken into account) - window: 5 minutes - max: 2 - ask_send_email: - # 3 attempts in 5 min - window: 5 minutes - max: 3 - -# Proxies to trust to get real client IP -# If you run PeerTube just behind a local proxy (nginx), keep 'loopback' -# If you run PeerTube behind a remote proxy, add the proxy IP address (or subnet) -trust_proxy: - - 'loopback' - -# Your database name will be "peertube"+database.suffix -database: - password: 'peertube' - hostname: 'localhost' - port: 5432 - suffix: '_prod' - username: 'peertube' - pool: - max: 5 - -# Redis server for short time storage -# You can also specify a 'socket' path to a unix socket but first need to -# comment out hostname and port -redis: - hostname: 'localhost' - port: 6379 - auth: null - db: 0 - -# SMTP server to send emails -smtp: - hostname: null - port: 465 # If you use StartTLS: 587 - username: null - password: null - tls: true # If you use StartTLS: false - disable_starttls: false - ca_file: null # Used for self signed certificates - from_address: 'admin@example.com' - -email: - body: - signature: "PeerTube" - subject: - prefix: "[PeerTube]" - -# From the project root directory -storage: - tmp: '/var/www/peertube/storage/tmp/' # Use to download data (imports etc), store uploaded files before processing... - avatars: '/var/www/peertube/storage/avatars/' - videos: '/var/www/peertube/storage/videos/' - streaming_playlists: '/var/www/peertube/storage/streaming-playlists/' - redundancy: '/var/www/peertube/storage/redundancy/' - logs: '/var/www/peertube/storage/logs/' - previews: '/var/www/peertube/storage/previews/' - thumbnails: '/var/www/peertube/storage/thumbnails/' - torrents: '/var/www/peertube/storage/torrents/' - captions: '/var/www/peertube/storage/captions/' - cache: '/var/www/peertube/storage/cache/' - plugins: '/var/www/peertube/storage/plugins/' - -log: - level: 'info' # debug/info/warning/error - rotation: - enabled : true # Enabled by default, if disabled make sure that 'storage.logs' is pointing to a folder handled by logrotate - maxFileSize: 12MB - maxFiles: 20 - anonymizeIP: true - -search: - # Add ability to fetch remote videos/actors by their URI, that may not be federated with your instance - # If enabled, the associated group will be able to "escape" from the instance follows - # That means they will be able to follow channels, watch videos, list videos of non followed instances - remote_uri: - users: true - anonymous: false - -trending: - videos: - interval_days: 7 # Compute trending videos for the last x days - -# Cache remote videos on your server, to help other instances to broadcast the video -# You can define multiple caches using different sizes/strategies -# Once you have defined your strategies, choose which instances you want to cache in admin -> manage follows -> following -redundancy: - videos: - check_interval: '1 hour' # How often you want to check new videos to cache - strategies: # Just uncomment strategies you want -# - -# size: '10GB' -# # Minimum time the video must remain in the cache. Only accept values > 10 hours (to not overload remote instances) -# min_lifetime: '48 hours' -# strategy: 'most-views' # Cache videos that have the most views -# - -# size: '10GB' -# # Minimum time the video must remain in the cache. Only accept values > 10 hours (to not overload remote instances) -# min_lifetime: '48 hours' -# strategy: 'trending' # Cache trending videos -# - -# size: '10GB' -# # Minimum time the video must remain in the cache. Only accept values > 10 hours (to not overload remote instances) -# min_lifetime: '48 hours' -# strategy: 'recently-added' # Cache recently added videos -# min_views: 10 # Having at least x views - -csp: - enabled: false - report_only: true # CSP directives are still being tested, so disable the report only mode at your own risk! - report_uri: - -tracker: - # If you disable the tracker, you disable the P2P aspect of PeerTube - enabled: true - # Only handle requests on your videos. - # If you set this to false it means you have a public tracker. - # Then, it is possible that clients overload your instance with external torrents - private: true - # Reject peers that do a lot of announces (could improve privacy of TCP/UDP peers) - reject_too_many_announces: false - -history: - videos: - # If you want to limit users videos history - # -1 means there is no limitations - # Other values could be '6 months' or '30 days' etc (PeerTube will periodically delete old entries from database) - max_age: -1 - -views: - videos: - # PeerTube creates a database entry every hour for each video to track views over a period of time - # This is used in particular by the Trending page - # PeerTube could remove old remote video views if you want to reduce your database size (video view counter will not be altered) - # -1 means no cleanup - # Other values could be '6 months' or '30 days' etc (PeerTube will periodically delete old entries from database) - remote: - max_age: -1 - -plugins: - # The website PeerTube will ask for available PeerTube plugins and themes - # This is an unmoderated plugin index, so only install plugins/themes you trust - index: - enabled: true - check_latest_versions_interval: '12 hours' # How often you want to check new plugins/themes versions - url: 'https://packages.joinpeertube.org' - - -############################################################################### -# -# From this point, all the following keys can be overridden by the web interface -# (local-production.json file). If you need to change some values, prefer to -# use the web interface because the configuration will be automatically -# reloaded without any need to restart PeerTube. -# -# /!\ If you already have a local-production.json file, the modification of the -# following keys will have no effect /!\. -# -############################################################################### - -cache: - previews: - size: 500 # Max number of previews you want to cache - captions: - size: 500 # Max number of video captions/subtitles you want to cache - -admin: - # Used to generate the root user at first startup - # And to receive emails from the contact form - email: 'admin@example.com' - -contact_form: - enabled: true - -signup: - enabled: false - limit: 10 # When the limit is reached, registrations are disabled. -1 == unlimited - requires_email_verification: false - filters: - cidr: # You can specify CIDR ranges to whitelist (empty = no filtering) or blacklist - whitelist: [] - blacklist: [] - -user: - # Default value of maximum video BYTES the user can upload (does not take into account transcoded files). - # -1 == unlimited - video_quota: -1 - video_quota_daily: -1 - -# If enabled, the video will be transcoded to mp4 (x264) with "faststart" flag -# In addition, if some resolutions are enabled the mp4 video file will be transcoded to these new resolutions. -# Please, do not disable transcoding since many uploaded videos will not work -transcoding: - enabled: true - # Allow your users to upload .mkv, .mov, .avi, .flv videos - allow_additional_extensions: true - # If a user uploads an audio file, PeerTube will create a video by merging the preview file and the audio file - allow_audio_files: true - threads: 1 - resolutions: # Only created if the original video has a higher resolution, uses more storage! - 0p: false # audio-only (creates mp4 without video stream, always created when enabled) - 240p: true - 360p: true - 480p: true - 720p: true - 1080p: true - 2160p: false - - # Generate videos in a WebTorrent format (what we do since the first PeerTube release) - # If you also enabled the hls format, it will multiply videos storage by 2 - # If disabled, breaks federation with PeerTube instances < 2.1 - webtorrent: - enabled: true - - # /!\ Requires ffmpeg >= 4.1 - # Generate HLS playlists and fragmented MP4 files. Better playback than with WebTorrent: - # * Resolution change is smoother - # * Faster playback in particular with long videos - # * More stable playback (less bugs/infinite loading) - # If you also enabled the webtorrent format, it will multiply videos storage by 2 - hls: - enabled: true - -import: - # Add ability for your users to import remote videos (from YouTube, torrent...) - videos: - http: # Classic HTTP or all sites supported by youtube-dl https://rg3.github.io/youtube-dl/supportedsites.html - enabled: false - # You can use an HTTP/HTTPS/SOCKS proxy with youtube-dl - proxy: - enabled: false - url: "" - torrent: # Magnet URI or torrent file (use classic TCP/UDP/WebSeed to download the file) - enabled: false - -auto_blacklist: - # New videos automatically blacklisted so moderators can review before publishing - videos: - of_users: - enabled: false - -# Instance settings -instance: - name: 'PlomTube' - short_description: '' - description: 'Personal PeerTube instance by plomlompom (see https://plomlompom.com) for his own videos.' # Support markdown - terms: '**Privacy**: Videos here are streamed via the BitTorrent protocol, which might expose your IP to other peers – see the "P2P & Privacy" section [here](/about/peertube). Internally, site visits are logged by the PeerTube software, but with IPs anonymized. **Contact**: See https://plomlompom.com/contact.html' # Support markdown - code_of_conduct: '' # Supports markdown - - # Who moderates the instance? What is the policy regarding NSFW videos? Political videos? etc - moderation_information: '' # Supports markdown - - # Why did you create this instance? - creation_reason: '' - - # Who is behind the instance? A single person? A non profit? - administrator: '' - - # How long do you plan to maintain this instance? - maintenance_lifetime: '' - - # How will you pay the PeerTube instance server? With your own funds? With users donations? Advertising? - business_model: '' - - # If you want to explain on what type of hardware your PeerTube instance runs - # Example: "2 vCore, 2GB RAM..." - hardware_information: '' # Supports Markdown - - # What are the main languages of your instance? To interact with your users for example - # Uncomment or add the languages you want - # List of supported languages: https://peertube.cpy.re/api/v1/videos/languages - languages: -# - en -# - es -# - fr - - # You can specify the main categories of your instance (dedicated to music, gaming or politics etc) - # Uncomment or add the category ids you want - # List of supported categories: https://peertube.cpy.re/api/v1/videos/categories - categories: -# - 1 # Music -# - 2 # Films -# - 3 # Vehicles -# - 4 # Art -# - 5 # Sports -# - 6 # Travels -# - 7 # Gaming -# - 8 # People -# - 9 # Comedy -# - 10 # Entertainment -# - 11 # News & Politics -# - 12 # How To -# - 13 # Education -# - 14 # Activism -# - 15 # Science & Technology -# - 16 # Animals -# - 17 # Kids -# - 18 # Food - - default_client_route: '/videos/trending' - - # Whether or not the instance is dedicated to NSFW content - # Enabling it will allow other administrators to know that you are mainly federating sensitive content - # Moreover, the NSFW checkbox on video upload will be automatically checked by default - is_nsfw: false - # By default, "do_not_list" or "blur" or "display" NSFW videos - # Could be overridden per user with a setting - default_nsfw_policy: 'do_not_list' - - customizations: - javascript: '' # Directly your JavaScript code (without