From: Christian Heller Date: Mon, 24 Feb 2025 20:12:52 +0000 (+0100) Subject: Move old stuff into archived/, maybe delete later. X-Git-Url: https://plomlompom.com/repos/%7B%7B%20web_path%20%7D%7D/static/template?a=commitdiff_plain;h=1cf402f00f81750279deff8823e5c047c3c7cf62;p=config Move old stuff into archived/, maybe delete later. --- diff --git a/all_new_2018/apt-mark/all b/all_new_2018/apt-mark/all deleted file mode 100644 index f748f3b..0000000 --- a/all_new_2018/apt-mark/all +++ /dev/null @@ -1,9 +0,0 @@ -# connectivity: ifupdown seems necessary everyhwere, isc-dhcp-client -# unpredictably so -ifupdown -isc-dhcp-client -# git for the setup directory; cloning works with ca-certificates -ca-certificates -git -# to avoid constant warnings about no locale being found -locales diff --git a/all_new_2018/apt-mark/server b/all_new_2018/apt-mark/server deleted file mode 100644 index 4f7fc5d..0000000 --- a/all_new_2018/apt-mark/server +++ /dev/null @@ -1,7 +0,0 @@ -# needed to log in to server via ssh -openssh-server -# provides /etc/inputrc and understanding of ctrl+arrow key combos -readline-common -# provides systemd scripts that configure iptables via /etc/iptables/* -iptables-persistent -# this line is here because the shell "read" in install_for_target.sh ignores lines without final newline \ No newline at end of file diff --git a/all_new_2018/borg.sh b/all_new_2018/borg.sh deleted file mode 100755 index 18321b1..0000000 --- a/all_new_2018/borg.sh +++ /dev/null @@ -1,145 +0,0 @@ -#!/bin/sh -set -e - -standard_repo="borg" -config_file="${HOME}/.borgrepos" - -usage() { - echo "Need operation as argument, one of:" - echo "init" - echo "store" - echo "check" - echo "export_keyfiles" - echo "orgpush" - echo "orgpull" - false -} - -read_pw() { - if [ "${#SSH_AGENT_PID}" -eq 0 ]; then - eval $(ssh-agent) - echo "ssh-add" - stty -echo - ssh-add - stty echo - fi - if [ "${#BORG_PASSPHRASE}" -eq 0 ]; then - stty -echo - printf "Borg passphrase: " - read password - stty echo - printf "\n" - export BORG_PASSPHRASE="${password}" - fi -} - -if [ ! -f "${config_file}" ]; then - echo '# file read ends at last newline' >> "${config_file}" -fi -if [ "$#" -lt 1 ]; then - usage -fi -first_arg="$1" -shift -if [ "${first_arg}" = "init" ]; then - if [ ! "$#" -eq 1 ]; then - echo "Need exactly one argument: target of form user@server" - false - fi - target="$1" - echo "Initializing: ${target}" - borg init --verbose --encryption=keyfile "${target}:${standard_repo}" - tmp_file="/tmp/new_borgrepos" - echo "${target}" > "${tmp_file}" - cat "${config_file}" >> "${tmp_file}" - cp "${tmp_file}" "${config_file}" -elif [ "${first_arg}" = "store" ]; then - if [ ! "$#" -eq 2 ]; then - echo "Need precisely two arguments: archive name and path to archive." - false - fi - archive_name=$1 - shift - to_backup="$@" - read_pw - cat "${config_file}" | while read line; do - first_char=$(echo "${line}" | cut -c1) - if [ "${first_char}" = "#" ]; then - continue - fi - repo="${line}:${standard_repo}" - archive="${repo}::${archive_name}-{utcnow:%Y-%m-%dT%H:%M}" - echo "Creating archive: ${archive}" - borg create --verbose --list "${archive}" "${to_backup}" - done -elif [ "${first_arg}" = "check" ]; then - if [ ! "$#" -eq 0 ]; then - echo "Need no arguments" - false - fi - read_pw - cat "${config_file}" | while read line; do - first_char=$(echo "${line}" | cut -c1) - if [ "${first_char}" = "#" ]; then - continue - fi - repo="${line}:${standard_repo}" - echo "Checking repo: ${repo}" - borg check --verbose "${repo}" - done -elif [ "${first_arg}" = "export_keyfiles" ]; then - if [ ! "$#" -eq 1 ]; then - echo "Need output tar file name." - false - fi - tar_target="${1}" - tmp_dir="${HOME}/.borgtmp" - keyfiles_dir="${tmp_dir}/borg_keyfiles" - mkdir -p "${keyfiles_dir}" - cat "${config_file}" | while read line; do - first_char=$(echo "${line}" | cut -c1) - if [ "${first_char}" = "#" ]; then - continue - fi - repo="${line}:${standard_repo}" - borg key export "${repo}" "${keyfiles_dir}/${line}" - done - cur_dir="$(pwd)" - cd "${tmp_dir}" - target=$(basename "${keyfiles_dir}") - tar cf "${tar_target}" "${target}" - mv "${tar_target}" "${cur_dir}" - cd - rm -rf "${tmp_dir}" -elif [ "${first_arg}" = "orgpush" ]; then - archive_name="orgdir" - to_backup=~/org - read_pw - cat "${config_file}" | while read line; do - first_char=$(echo "${line}" | cut -c1) - if [ "${first_char}" = "#" ]; then - continue - fi - repo="${line}:${standard_repo}" - archive="${repo}::${archive_name}-{utcnow:%Y-%m-%dT%H:%M}" - echo "Creating archive: ${archive}" - borg create --verbose --list "${archive}" "${to_backup}" --exclude ~/org/.git - done -elif [ "${first_arg}" = "orgpull" ]; then - archive_name="orgdir" - read_pw - cd / - cat "${config_file}" | while read line; do - first_char=$(echo "${line}" | cut -c1) - if [ "${first_char}" = "#" ]; then - continue - fi - repo="${line}:${standard_repo}" - archive=$(borg list "${repo}" | grep "${orgdir}" | tail -1 | cut -f1 -d' ') - echo "Pulling archive: ${archive}" - borg extract --verbose "${repo}::${archive}" - break - done -else - usage -fi diff --git a/all_new_2018/linkable_etc_files/all/etc/apt/apt.conf.d/99_minimize_dependencies b/all_new_2018/linkable_etc_files/all/etc/apt/apt.conf.d/99_minimize_dependencies deleted file mode 100644 index 4aaef79..0000000 --- a/all_new_2018/linkable_etc_files/all/etc/apt/apt.conf.d/99_minimize_dependencies +++ /dev/null @@ -1,4 +0,0 @@ -APT::AutoRemove::RecommendsImportant "false"; -APT::AutoRemove::SuggestsImportant "false"; -APT::Install-Recommends "false"; -APT::Install-Suggests "false"; diff --git a/all_new_2018/linkable_etc_files/all/etc/apt/sources.list b/all_new_2018/linkable_etc_files/all/etc/apt/sources.list deleted file mode 100644 index 68064c6..0000000 --- a/all_new_2018/linkable_etc_files/all/etc/apt/sources.list +++ /dev/null @@ -1,4 +0,0 @@ -deb http://deb.debian.org/debian stretch main contrib non-free -deb http://deb.debian.org/debian-security/ stretch/updates main contrib non-free -deb http://deb.debian.org/debian stretch-updates main contrib non-free -deb http://ftp.debian.org/debian stretch-backports main contrib non-free \ No newline at end of file diff --git a/all_new_2018/linkable_etc_files/all/etc/locale.gen b/all_new_2018/linkable_etc_files/all/etc/locale.gen deleted file mode 100644 index a28cfa4..0000000 --- a/all_new_2018/linkable_etc_files/all/etc/locale.gen +++ /dev/null @@ -1,483 +0,0 @@ -# This file lists locales that you wish to have built. You can find a list -# of valid supported locales at /usr/share/i18n/SUPPORTED, and you can add -# user defined locales to /usr/local/share/i18n/SUPPORTED. If you change -# this file, you need to rerun locale-gen. - - -# aa_DJ ISO-8859-1 -# aa_DJ.UTF-8 UTF-8 -# aa_ER UTF-8 -# aa_ER@saaho UTF-8 -# aa_ET UTF-8 -# af_ZA ISO-8859-1 -# af_ZA.UTF-8 UTF-8 -# ak_GH UTF-8 -# am_ET UTF-8 -# an_ES ISO-8859-15 -# an_ES.UTF-8 UTF-8 -# anp_IN UTF-8 -# ar_AE ISO-8859-6 -# ar_AE.UTF-8 UTF-8 -# ar_BH ISO-8859-6 -# ar_BH.UTF-8 UTF-8 -# ar_DZ ISO-8859-6 -# ar_DZ.UTF-8 UTF-8 -# ar_EG ISO-8859-6 -# ar_EG.UTF-8 UTF-8 -# ar_IN UTF-8 -# ar_IQ ISO-8859-6 -# ar_IQ.UTF-8 UTF-8 -# ar_JO ISO-8859-6 -# ar_JO.UTF-8 UTF-8 -# ar_KW ISO-8859-6 -# ar_KW.UTF-8 UTF-8 -# ar_LB ISO-8859-6 -# ar_LB.UTF-8 UTF-8 -# ar_LY ISO-8859-6 -# ar_LY.UTF-8 UTF-8 -# ar_MA ISO-8859-6 -# ar_MA.UTF-8 UTF-8 -# ar_OM ISO-8859-6 -# ar_OM.UTF-8 UTF-8 -# ar_QA ISO-8859-6 -# ar_QA.UTF-8 UTF-8 -# ar_SA ISO-8859-6 -# ar_SA.UTF-8 UTF-8 -# ar_SD ISO-8859-6 -# ar_SD.UTF-8 UTF-8 -# ar_SS UTF-8 -# ar_SY ISO-8859-6 -# ar_SY.UTF-8 UTF-8 -# ar_TN ISO-8859-6 -# ar_TN.UTF-8 UTF-8 -# ar_YE ISO-8859-6 -# ar_YE.UTF-8 UTF-8 -# as_IN UTF-8 -# ast_ES ISO-8859-15 -# ast_ES.UTF-8 UTF-8 -# ayc_PE UTF-8 -# az_AZ UTF-8 -# be_BY CP1251 -# be_BY.UTF-8 UTF-8 -# be_BY@latin UTF-8 -# bem_ZM UTF-8 -# ber_DZ UTF-8 -# ber_MA UTF-8 -# bg_BG CP1251 -# bg_BG.UTF-8 UTF-8 -# bhb_IN.UTF-8 UTF-8 -# bho_IN UTF-8 -# bn_BD UTF-8 -# bn_IN UTF-8 -# bo_CN UTF-8 -# bo_IN UTF-8 -# br_FR ISO-8859-1 -# br_FR.UTF-8 UTF-8 -# br_FR@euro ISO-8859-15 -# brx_IN UTF-8 -# bs_BA ISO-8859-2 -# bs_BA.UTF-8 UTF-8 -# byn_ER UTF-8 -# ca_AD ISO-8859-15 -# ca_AD.UTF-8 UTF-8 -# ca_ES ISO-8859-1 -# ca_ES.UTF-8 UTF-8 -# ca_ES.UTF-8@valencia UTF-8 -# ca_ES@euro ISO-8859-15 -# ca_ES@valencia ISO-8859-15 -# ca_FR ISO-8859-15 -# ca_FR.UTF-8 UTF-8 -# ca_IT ISO-8859-15 -# ca_IT.UTF-8 UTF-8 -# ce_RU UTF-8 -# chr_US UTF-8 -# cmn_TW UTF-8 -# crh_UA UTF-8 -# cs_CZ ISO-8859-2 -# cs_CZ.UTF-8 UTF-8 -# csb_PL UTF-8 -# cv_RU UTF-8 -# cy_GB ISO-8859-14 -# cy_GB.UTF-8 UTF-8 -# da_DK ISO-8859-1 -# da_DK.UTF-8 UTF-8 -# de_AT ISO-8859-1 -# de_AT.UTF-8 UTF-8 -# de_AT@euro ISO-8859-15 -# de_BE ISO-8859-1 -# de_BE.UTF-8 UTF-8 -# de_BE@euro ISO-8859-15 -# de_CH ISO-8859-1 -# de_CH.UTF-8 UTF-8 -# de_DE ISO-8859-1 -# de_DE.UTF-8 UTF-8 -# de_DE@euro ISO-8859-15 -# de_IT ISO-8859-1 -# de_IT.UTF-8 UTF-8 -# de_LI.UTF-8 UTF-8 -# de_LU ISO-8859-1 -# de_LU.UTF-8 UTF-8 -# de_LU@euro ISO-8859-15 -# doi_IN UTF-8 -# dv_MV UTF-8 -# dz_BT UTF-8 -# el_CY ISO-8859-7 -# el_CY.UTF-8 UTF-8 -# el_GR ISO-8859-7 -# el_GR.UTF-8 UTF-8 -# en_AG UTF-8 -# en_AU ISO-8859-1 -# en_AU.UTF-8 UTF-8 -# en_BW ISO-8859-1 -# en_BW.UTF-8 UTF-8 -# en_CA ISO-8859-1 -# en_CA.UTF-8 UTF-8 -# en_DK ISO-8859-1 -# en_DK.ISO-8859-15 ISO-8859-15 -# en_DK.UTF-8 UTF-8 -# en_GB ISO-8859-1 -# en_GB.ISO-8859-15 ISO-8859-15 -# en_GB.UTF-8 UTF-8 -# en_HK ISO-8859-1 -# en_HK.UTF-8 UTF-8 -# en_IE ISO-8859-1 -# en_IE.UTF-8 UTF-8 -# en_IE@euro ISO-8859-15 -# en_IL UTF-8 -# en_IN UTF-8 -# en_NG UTF-8 -# en_NZ ISO-8859-1 -# en_NZ.UTF-8 UTF-8 -# en_PH ISO-8859-1 -# en_PH.UTF-8 UTF-8 -# en_SG ISO-8859-1 -# en_SG.UTF-8 UTF-8 -# en_US ISO-8859-1 -# en_US.ISO-8859-15 ISO-8859-15 -en_US.UTF-8 UTF-8 -# en_ZA ISO-8859-1 -# en_ZA.UTF-8 UTF-8 -# en_ZM UTF-8 -# en_ZW ISO-8859-1 -# en_ZW.UTF-8 UTF-8 -# eo UTF-8 -# es_AR ISO-8859-1 -# es_AR.UTF-8 UTF-8 -# es_BO ISO-8859-1 -# es_BO.UTF-8 UTF-8 -# es_CL ISO-8859-1 -# es_CL.UTF-8 UTF-8 -# es_CO ISO-8859-1 -# es_CO.UTF-8 UTF-8 -# es_CR ISO-8859-1 -# es_CR.UTF-8 UTF-8 -# es_CU UTF-8 -# es_DO ISO-8859-1 -# es_DO.UTF-8 UTF-8 -# es_EC ISO-8859-1 -# es_EC.UTF-8 UTF-8 -# es_ES ISO-8859-1 -# es_ES.UTF-8 UTF-8 -# es_ES@euro ISO-8859-15 -# es_GT ISO-8859-1 -# es_GT.UTF-8 UTF-8 -# es_HN ISO-8859-1 -# es_HN.UTF-8 UTF-8 -# es_MX ISO-8859-1 -# es_MX.UTF-8 UTF-8 -# es_NI ISO-8859-1 -# es_NI.UTF-8 UTF-8 -# es_PA ISO-8859-1 -# es_PA.UTF-8 UTF-8 -# es_PE ISO-8859-1 -# es_PE.UTF-8 UTF-8 -# es_PR ISO-8859-1 -# es_PR.UTF-8 UTF-8 -# es_PY ISO-8859-1 -# es_PY.UTF-8 UTF-8 -# es_SV ISO-8859-1 -# es_SV.UTF-8 UTF-8 -# es_US ISO-8859-1 -# es_US.UTF-8 UTF-8 -# es_UY ISO-8859-1 -# es_UY.UTF-8 UTF-8 -# es_VE ISO-8859-1 -# es_VE.UTF-8 UTF-8 -# et_EE ISO-8859-1 -# et_EE.ISO-8859-15 ISO-8859-15 -# et_EE.UTF-8 UTF-8 -# eu_ES ISO-8859-1 -# eu_ES.UTF-8 UTF-8 -# eu_ES@euro ISO-8859-15 -# eu_FR ISO-8859-1 -# eu_FR.UTF-8 UTF-8 -# eu_FR@euro ISO-8859-15 -# fa_IR UTF-8 -# ff_SN UTF-8 -# fi_FI ISO-8859-1 -# fi_FI.UTF-8 UTF-8 -# fi_FI@euro ISO-8859-15 -# fil_PH UTF-8 -# fo_FO ISO-8859-1 -# fo_FO.UTF-8 UTF-8 -# fr_BE ISO-8859-1 -# fr_BE.UTF-8 UTF-8 -# fr_BE@euro ISO-8859-15 -# fr_CA ISO-8859-1 -# fr_CA.UTF-8 UTF-8 -# fr_CH ISO-8859-1 -# fr_CH.UTF-8 UTF-8 -# fr_FR ISO-8859-1 -# fr_FR.UTF-8 UTF-8 -# fr_FR@euro ISO-8859-15 -# fr_LU ISO-8859-1 -# fr_LU.UTF-8 UTF-8 -# fr_LU@euro ISO-8859-15 -# fur_IT UTF-8 -# fy_DE UTF-8 -# fy_NL UTF-8 -# ga_IE ISO-8859-1 -# ga_IE.UTF-8 UTF-8 -# ga_IE@euro ISO-8859-15 -# gd_GB ISO-8859-15 -# gd_GB.UTF-8 UTF-8 -# gez_ER UTF-8 -# gez_ER@abegede UTF-8 -# gez_ET UTF-8 -# gez_ET@abegede UTF-8 -# gl_ES ISO-8859-1 -# gl_ES.UTF-8 UTF-8 -# gl_ES@euro ISO-8859-15 -# gu_IN UTF-8 -# gv_GB ISO-8859-1 -# gv_GB.UTF-8 UTF-8 -# ha_NG UTF-8 -# hak_TW UTF-8 -# he_IL ISO-8859-8 -# he_IL.UTF-8 UTF-8 -# hi_IN UTF-8 -# hne_IN UTF-8 -# hr_HR ISO-8859-2 -# hr_HR.UTF-8 UTF-8 -# hsb_DE ISO-8859-2 -# hsb_DE.UTF-8 UTF-8 -# ht_HT UTF-8 -# hu_HU ISO-8859-2 -# hu_HU.UTF-8 UTF-8 -# hy_AM UTF-8 -# hy_AM.ARMSCII-8 ARMSCII-8 -# ia_FR UTF-8 -# id_ID ISO-8859-1 -# id_ID.UTF-8 UTF-8 -# ig_NG UTF-8 -# ik_CA UTF-8 -# is_IS ISO-8859-1 -# is_IS.UTF-8 UTF-8 -# it_CH ISO-8859-1 -# it_CH.UTF-8 UTF-8 -# it_IT ISO-8859-1 -# it_IT.UTF-8 UTF-8 -# it_IT@euro ISO-8859-15 -# iu_CA UTF-8 -# ja_JP.EUC-JP EUC-JP -# ja_JP.UTF-8 UTF-8 -# ka_GE GEORGIAN-PS -# ka_GE.UTF-8 UTF-8 -# kk_KZ PT154 -# kk_KZ.RK1048 RK1048 -# kk_KZ.UTF-8 UTF-8 -# kl_GL ISO-8859-1 -# kl_GL.UTF-8 UTF-8 -# km_KH UTF-8 -# kn_IN UTF-8 -# ko_KR.EUC-KR EUC-KR -# ko_KR.UTF-8 UTF-8 -# kok_IN UTF-8 -# ks_IN UTF-8 -# ks_IN@devanagari UTF-8 -# ku_TR ISO-8859-9 -# ku_TR.UTF-8 UTF-8 -# kw_GB ISO-8859-1 -# kw_GB.UTF-8 UTF-8 -# ky_KG UTF-8 -# lb_LU UTF-8 -# lg_UG ISO-8859-10 -# lg_UG.UTF-8 UTF-8 -# li_BE UTF-8 -# li_NL UTF-8 -# lij_IT UTF-8 -# ln_CD UTF-8 -# lo_LA UTF-8 -# lt_LT ISO-8859-13 -# lt_LT.UTF-8 UTF-8 -# lv_LV ISO-8859-13 -# lv_LV.UTF-8 UTF-8 -# lzh_TW UTF-8 -# mag_IN UTF-8 -# mai_IN UTF-8 -# mg_MG ISO-8859-15 -# mg_MG.UTF-8 UTF-8 -# mhr_RU UTF-8 -# mi_NZ ISO-8859-13 -# mi_NZ.UTF-8 UTF-8 -# mk_MK ISO-8859-5 -# mk_MK.UTF-8 UTF-8 -# ml_IN UTF-8 -# mn_MN UTF-8 -# mni_IN UTF-8 -# mr_IN UTF-8 -# ms_MY ISO-8859-1 -# ms_MY.UTF-8 UTF-8 -# mt_MT ISO-8859-3 -# mt_MT.UTF-8 UTF-8 -# my_MM UTF-8 -# nan_TW UTF-8 -# nan_TW@latin UTF-8 -# nb_NO ISO-8859-1 -# nb_NO.UTF-8 UTF-8 -# nds_DE UTF-8 -# nds_NL UTF-8 -# ne_NP UTF-8 -# nhn_MX UTF-8 -# niu_NU UTF-8 -# niu_NZ UTF-8 -# nl_AW UTF-8 -# nl_BE ISO-8859-1 -# nl_BE.UTF-8 UTF-8 -# nl_BE@euro ISO-8859-15 -# nl_NL ISO-8859-1 -# nl_NL.UTF-8 UTF-8 -# nl_NL@euro ISO-8859-15 -# nn_NO ISO-8859-1 -# nn_NO.UTF-8 UTF-8 -# nr_ZA UTF-8 -# nso_ZA UTF-8 -# oc_FR ISO-8859-1 -# oc_FR.UTF-8 UTF-8 -# om_ET UTF-8 -# om_KE ISO-8859-1 -# om_KE.UTF-8 UTF-8 -# or_IN UTF-8 -# os_RU UTF-8 -# pa_IN UTF-8 -# pa_PK UTF-8 -# pap_AW UTF-8 -# pap_CW UTF-8 -# pl_PL ISO-8859-2 -# pl_PL.UTF-8 UTF-8 -# ps_AF UTF-8 -# pt_BR ISO-8859-1 -# pt_BR.UTF-8 UTF-8 -# pt_PT ISO-8859-1 -# pt_PT.UTF-8 UTF-8 -# pt_PT@euro ISO-8859-15 -# quz_PE UTF-8 -# raj_IN UTF-8 -# ro_RO ISO-8859-2 -# ro_RO.UTF-8 UTF-8 -# ru_RU ISO-8859-5 -# ru_RU.CP1251 CP1251 -# ru_RU.KOI8-R KOI8-R -# ru_RU.UTF-8 UTF-8 -# ru_UA KOI8-U -# ru_UA.UTF-8 UTF-8 -# rw_RW UTF-8 -# sa_IN UTF-8 -# sat_IN UTF-8 -# sc_IT UTF-8 -# sd_IN UTF-8 -# sd_IN@devanagari UTF-8 -# se_NO UTF-8 -# sgs_LT UTF-8 -# shs_CA UTF-8 -# si_LK UTF-8 -# sid_ET UTF-8 -# sk_SK ISO-8859-2 -# sk_SK.UTF-8 UTF-8 -# sl_SI ISO-8859-2 -# sl_SI.UTF-8 UTF-8 -# so_DJ ISO-8859-1 -# so_DJ.UTF-8 UTF-8 -# so_ET UTF-8 -# so_KE ISO-8859-1 -# so_KE.UTF-8 UTF-8 -# so_SO ISO-8859-1 -# so_SO.UTF-8 UTF-8 -# sq_AL ISO-8859-1 -# sq_AL.UTF-8 UTF-8 -# sq_MK UTF-8 -# sr_ME UTF-8 -# sr_RS UTF-8 -# sr_RS@latin UTF-8 -# ss_ZA UTF-8 -# st_ZA ISO-8859-1 -# st_ZA.UTF-8 UTF-8 -# sv_FI ISO-8859-1 -# sv_FI.UTF-8 UTF-8 -# sv_FI@euro ISO-8859-15 -# sv_SE ISO-8859-1 -# sv_SE.ISO-8859-15 ISO-8859-15 -# sv_SE.UTF-8 UTF-8 -# sw_KE UTF-8 -# sw_TZ UTF-8 -# szl_PL UTF-8 -# ta_IN UTF-8 -# ta_LK UTF-8 -# tcy_IN.UTF-8 UTF-8 -# te_IN UTF-8 -# tg_TJ KOI8-T -# tg_TJ.UTF-8 UTF-8 -# th_TH TIS-620 -# th_TH.UTF-8 UTF-8 -# the_NP UTF-8 -# ti_ER UTF-8 -# ti_ET UTF-8 -# tig_ER UTF-8 -# tk_TM UTF-8 -# tl_PH ISO-8859-1 -# tl_PH.UTF-8 UTF-8 -# tn_ZA UTF-8 -# tr_CY ISO-8859-9 -# tr_CY.UTF-8 UTF-8 -# tr_TR ISO-8859-9 -# tr_TR.UTF-8 UTF-8 -# ts_ZA UTF-8 -# tt_RU UTF-8 -# tt_RU@iqtelif UTF-8 -# ug_CN UTF-8 -# uk_UA KOI8-U -# uk_UA.UTF-8 UTF-8 -# unm_US UTF-8 -# ur_IN UTF-8 -# ur_PK UTF-8 -# uz_UZ ISO-8859-1 -# uz_UZ.UTF-8 UTF-8 -# uz_UZ@cyrillic UTF-8 -# ve_ZA UTF-8 -# vi_VN UTF-8 -# wa_BE ISO-8859-1 -# wa_BE.UTF-8 UTF-8 -# wa_BE@euro ISO-8859-15 -# wae_CH UTF-8 -# wal_ET UTF-8 -# wo_SN UTF-8 -# xh_ZA ISO-8859-1 -# xh_ZA.UTF-8 UTF-8 -# yi_US CP1255 -# yi_US.UTF-8 UTF-8 -# yo_NG UTF-8 -# yue_HK UTF-8 -# zh_CN GB2312 -# zh_CN.GB18030 GB18030 -# zh_CN.GBK GBK -# zh_CN.UTF-8 UTF-8 -# zh_HK BIG5-HKSCS -# zh_HK.UTF-8 UTF-8 -# zh_SG GB2312 -# zh_SG.GBK GBK -# zh_SG.UTF-8 UTF-8 -# zh_TW BIG5 -# zh_TW.EUC-TW EUC-TW -# zh_TW.UTF-8 UTF-8 -# zu_ZA ISO-8859-1 -# zu_ZA.UTF-8 UTF-8 diff --git a/all_new_2018/linkable_etc_files/all/etc/timezone b/all_new_2018/linkable_etc_files/all/etc/timezone deleted file mode 100644 index 94d5acc..0000000 --- a/all_new_2018/linkable_etc_files/all/etc/timezone +++ /dev/null @@ -1 +0,0 @@ -Europe/Berlin diff --git a/all_new_2018/linkable_etc_files/mail/etc/aliases b/all_new_2018/linkable_etc_files/mail/etc/aliases deleted file mode 100644 index 59c52b4..0000000 --- a/all_new_2018/linkable_etc_files/mail/etc/aliases +++ /dev/null @@ -1,23 +0,0 @@ -# /etc/aliases - -# As per RFC 2142. -mailer-daemon: plom -postmaster: plom -hostmaster: plom -usenet: plom -news: plom -webmaster: plom -www: plom -ftp: plom -abuse: plom -noc: plom -security: plom -root: plom - -# Personal aliases. -plomlompom: plom -christian.heller: plom -christian_heller: plom -christianheller: plom -c.heller: plom -heller: plom diff --git a/all_new_2018/linkable_etc_files/mail/etc/dovecot/conf.d/99-auth.conf b/all_new_2018/linkable_etc_files/mail/etc/dovecot/conf.d/99-auth.conf deleted file mode 100644 index 4a8549c..0000000 --- a/all_new_2018/linkable_etc_files/mail/etc/dovecot/conf.d/99-auth.conf +++ /dev/null @@ -1,3 +0,0 @@ -# This is only necessary when we use dovecot's LMTP mechanism to receive -# mail from postfix. -auth_username_format = %Ln diff --git a/all_new_2018/linkable_etc_files/mail/etc/dovecot/conf.d/99-lmtp.conf b/all_new_2018/linkable_etc_files/mail/etc/dovecot/conf.d/99-lmtp.conf deleted file mode 100644 index 097f04e..0000000 --- a/all_new_2018/linkable_etc_files/mail/etc/dovecot/conf.d/99-lmtp.conf +++ /dev/null @@ -1,4 +0,0 @@ -# Add sieve filtering. -protocol lmtp { - mail_plugins = $mail_plugins sieve -} diff --git a/all_new_2018/linkable_etc_files/mail/etc/dovecot/conf.d/99-mail.conf b/all_new_2018/linkable_etc_files/mail/etc/dovecot/conf.d/99-mail.conf deleted file mode 100644 index 1ea9178..0000000 --- a/all_new_2018/linkable_etc_files/mail/etc/dovecot/conf.d/99-mail.conf +++ /dev/null @@ -1 +0,0 @@ -mail_privileged_group = mail \ No newline at end of file diff --git a/all_new_2018/linkable_etc_files/mail/etc/dovecot/conf.d/99-master.conf b/all_new_2018/linkable_etc_files/mail/etc/dovecot/conf.d/99-master.conf deleted file mode 100644 index f8c5b43..0000000 --- a/all_new_2018/linkable_etc_files/mail/etc/dovecot/conf.d/99-master.conf +++ /dev/null @@ -1,20 +0,0 @@ -service auth { - unix_listener auth-userdb { - } - - unix_listener /var/spool/postfix/private/auth { - mode = 0660 - user = postfix - group = postfix - } -} - -# We don't strictly need to provide a LMTP server to fetch mail from -# postfix, but we do if we want to do sophisticated stuff like sieve -# filtering on the way. -service lmtp { - inet_listener lmtp { - address = 127.0.0.1 - port = 2424 - } -} diff --git a/all_new_2018/linkable_etc_files/mail/etc/dovecot/conf.d/99-ssl.conf b/all_new_2018/linkable_etc_files/mail/etc/dovecot/conf.d/99-ssl.conf deleted file mode 100644 index 7fa2f5f..0000000 --- a/all_new_2018/linkable_etc_files/mail/etc/dovecot/conf.d/99-ssl.conf +++ /dev/null @@ -1 +0,0 @@ -ssl = required diff --git a/all_new_2018/linkable_etc_files/mail/etc/iptables/rules.v4 b/all_new_2018/linkable_etc_files/mail/etc/iptables/rules.v4 deleted file mode 100644 index 2950321..0000000 --- a/all_new_2018/linkable_etc_files/mail/etc/iptables/rules.v4 +++ /dev/null @@ -1,20 +0,0 @@ -*filter -:INPUT DROP [0:0] -:FORWARD DROP [0:0] -:OUTPUT ACCEPT [0:0] -# otherwise self-referential connections to local host will fail --A INPUT -i lo -j ACCEPT -# this enables ping etc. --A INPUT -p icmp -j ACCEPT -# tolerate any inbound connections requested by our server, no matter the port --A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -# SSH --A INPUT -p tcp --dport 22 -j ACCEPT -# SMTP (allowing for STARTTLS); necessary for mail server to mail server banter --A INPUT -p tcp --dport 25 -j ACCEPT -# SMTPS, for mail server to mail user agent communication --A INPUT -p tcp --dport 465 -j ACCEPT -# IMAPS --A INPUT -p tcp --dport 993 -j ACCEPT -COMMIT -# this last line is here because iptables-restore ignores the final command if no newline follows it \ No newline at end of file diff --git a/all_new_2018/linkable_etc_files/mail/etc/mailutils.conf b/all_new_2018/linkable_etc_files/mail/etc/mailutils.conf deleted file mode 100644 index 44efe26..0000000 --- a/all_new_2018/linkable_etc_files/mail/etc/mailutils.conf +++ /dev/null @@ -1,4 +0,0 @@ -# mailutils by default uses the FQDN as the mail domain name, fix this -address { - email-domain REPLACE_maildomain_ECALPER; -}; diff --git a/all_new_2018/linkable_etc_files/mail/etc/opendkim.conf b/all_new_2018/linkable_etc_files/mail/etc/opendkim.conf deleted file mode 100644 index dbd31b4..0000000 --- a/all_new_2018/linkable_etc_files/mail/etc/opendkim.conf +++ /dev/null @@ -1,86 +0,0 @@ -# This is a basic configuration that can easily be adapted to suit a standard -# installation. For more advanced options, see opendkim.conf(5) and/or -# /usr/share/doc/opendkim/examples/opendkim.conf.sample. - -# Log to syslog -Syslog yes -# Required to use local socket with MTAs that access the socket as a non- -# privileged user (e.g. Postfix) -UMask 007 - -# Sign for example.com with key in /etc/dkimkeys/dkim.key using -# selector '2007' (e.g. 2007._domainkey.example.com) -#Domain example.com -#KeyFile /etc/dkimkeys/dkim.key -#Selector 2007 -Domain REPLACE_Domain_ECALPER -KeyFile /etc/dkimkeys/REPLACE_Selector_ECALPER.private -Selector REPLACE_Selector_ECALPER - -# Commonly-used options; the commented-out versions show the defaults. -#Canonicalization simple -#Mode sv -#SubDomains no -#SubDomains yes -Canonicalization relaxed/simple - -# Socket smtp://localhost -# -# ## Socket socketspec -# ## -# ## Names the socket where this filter should listen for milter connections -# ## from the MTA. Required. Should be in one of these forms: -# ## -# ## inet:port@address to listen on a specific interface -# ## inet:port to listen on all interfaces -# ## local:/path/to/socket to listen on a UNIX domain socket -# -#Socket inet:8892@localhost -#Socket local:/var/run/opendkim/opendkim.sock -Socket inet:12301@localhost - -## PidFile filename -### default (none) -### -### Name of the file where the filter should write its pid before beginning -### normal operations. -# -PidFile /var/run/opendkim/opendkim.pid - - -# Always oversign From (sign using actual From and a null From to prevent -# malicious signatures header fields (From and/or others) between the signer -# and the verifier. From is oversigned by default in the Debian pacakge -# because it is often the identity key used by reputation systems and thus -# somewhat security sensitive. -OversignHeaders From - -## ResolverConfiguration filename -## default (none) -## -## Specifies a configuration file to be passed to the Unbound library that -## performs DNS queries applying the DNSSEC protocol. See the Unbound -## documentation at http://unbound.net for the expected content of this file. -## The results of using this and the TrustAnchorFile setting at the same -## time are undefined. -## In Debian, /etc/unbound/unbound.conf is shipped as part of the Suggested -## unbound package - -# ResolverConfiguration /etc/unbound/unbound.conf - -## TrustAnchorFile filename -## default (none) -## -## Specifies a file from which trust anchor data should be read when doing -## DNS queries and applying the DNSSEC protocol. See the Unbound documentation -## at http://unbound.net for the expected format of this file. - -TrustAnchorFile /usr/share/dns/root.key - -## Userid userid -### default (none) -### -### Change to user "userid" before starting normal operation? May include -### a group ID as well, separated from the userid by a colon. -# -UserID opendkim \ No newline at end of file diff --git a/all_new_2018/linkable_etc_files/mail/etc/postfix/main.cf b/all_new_2018/linkable_etc_files/mail/etc/postfix/main.cf deleted file mode 100644 index 7074961..0000000 --- a/all_new_2018/linkable_etc_files/mail/etc/postfix/main.cf +++ /dev/null @@ -1,59 +0,0 @@ -# See /usr/share/postfix/main.cf.dist for a commented, more complete version - - -# Debian specific: Specifying a file name will cause the first -# line of that file to be used as the name. The Debian default -# is /etc/mailname. -#myorigin = /etc/mailname - -smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) -biff = no - -# appending .domain is the MUA's job. -append_dot_mydomain = no - -# Uncomment the next line to generate "delayed mail" warnings -#delay_warning_time = 4h - -readme_directory = no - -# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on -# fresh installs. -compatibility_level = 2 - -# TLS parameters (excluding smtpd_tls_(cert|key)_file for own adaption below) -smtpd_use_tls=yes -smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache -smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache - -# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for -# information on enabling SSL in the smtp client. - -smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination -myorigin = /etc/mailname -myhostname = REPLACE_myhostname_ECALPER -alias_maps = hash:/etc/aliases -alias_database = hash:/etc/aliases -mydestination = $myhostname localhost.$mydomain localhost REPLACE_mydomain_if_domainwide_ECALPER -relayhost = -mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 -mailbox_size_limit = 0 -recipient_delimiter = + -inet_interfaces = all -inet_protocols = all - -# plomlompom-specific adaptions to allow TLS and SASL via LetsEncrypt/Dovecot. -smtpd_tls_cert_file=/etc/letsencrypt/live/${myhostname}/fullchain.pem -smtpd_tls_key_file=/etc/letsencrypt/live/${myhostname}/privkey.pem -smtpd_sasl_type = dovecot -smtpd_sasl_path = private/auth - -# connect to opendkim -smtpd_milters = inet:localhost:12301 -non_smtpd_milters = inet:localhost:12301 - -# transport mail to dovecot; not strictly needed, as even without this -# postfix will throw mail to /var/mail/USER to be found by dovecot for -# serving via IMAP etc.; but using dovecot's LMTP server for delivery -# allows us to do stuff like dovecot-side sieve filtering. -mailbox_transport = lmtp:inet:127.0.0.1:2424 \ No newline at end of file diff --git a/all_new_2018/linkable_etc_files/mail/etc/postfix/master.cf b/all_new_2018/linkable_etc_files/mail/etc/postfix/master.cf deleted file mode 100644 index bce1262..0000000 --- a/all_new_2018/linkable_etc_files/mail/etc/postfix/master.cf +++ /dev/null @@ -1,124 +0,0 @@ -# -# Postfix master process configuration file. For details on the format -# of the file, see the master(5) manual page (command: "man 5 master" or -# on-line: http://www.postfix.org/master.5.html). -# -# Do not forget to execute "postfix reload" after editing this file. -# -# ========================================================================== -# service type private unpriv chroot wakeup maxproc command + args -# (yes) (yes) (no) (never) (100) -# ========================================================================== -smtp inet n - y - - smtpd -#smtp inet n - y - 1 postscreen -#smtpd pass - - y - - smtpd -#dnsblog unix - - y - 0 dnsblog -#tlsproxy unix - - y - 0 tlsproxy -#submission inet n - y - - smtpd -# -o syslog_name=postfix/submission -# -o smtpd_tls_security_level=encrypt -# -o smtpd_sasl_auth_enable=yes -# -o smtpd_reject_unlisted_recipient=no -# -o smtpd_client_restrictions=$mua_client_restrictions -# -o smtpd_helo_restrictions=$mua_helo_restrictions -# -o smtpd_sender_restrictions=$mua_sender_restrictions -# -o smtpd_recipient_restrictions= -# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject -# -o milter_macro_daemon_name=ORIGINATING -smtps inet n - y - - smtpd - -o syslog_name=postfix/smtps - -o smtpd_tls_wrappermode=yes - -o smtpd_sasl_auth_enable=yes - -o smtpd_reject_unlisted_recipient=no -# -o smtpd_client_restrictions=$mua_client_restrictions -# -o smtpd_helo_restrictions=$mua_helo_restrictions -# -o smtpd_sender_restrictions=$mua_sender_restrictions -# -o smtpd_recipient_restrictions= -# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject -# -o milter_macro_daemon_name=ORIGINATING -#628 inet n - y - - qmqpd -pickup unix n - y 60 1 pickup -cleanup unix n - y - 0 cleanup -qmgr unix n - n 300 1 qmgr -#qmgr unix n - n 300 1 oqmgr -tlsmgr unix - - y 1000? 1 tlsmgr -rewrite unix - - y - - trivial-rewrite -bounce unix - - y - 0 bounce -defer unix - - y - 0 bounce -trace unix - - y - 0 bounce -verify unix - - y - 1 verify -flush unix n - y 1000? 0 flush -proxymap unix - - n - - proxymap -proxywrite unix - - n - 1 proxymap -smtp unix - - y - - smtp -relay unix - - y - - smtp -# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 -showq unix n - y - - showq -error unix - - y - - error -retry unix - - y - - error -discard unix - - y - - discard -local unix - n n - - local -virtual unix - n n - - virtual -lmtp unix - - y - - lmtp -anvil unix - - y - 1 anvil -scache unix - - y - 1 scache -# -# ==================================================================== -# Interfaces to non-Postfix software. Be sure to examine the manual -# pages of the non-Postfix software to find out what options it wants. -# -# Many of the following services use the Postfix pipe(8) delivery -# agent. See the pipe(8) man page for information about ${recipient} -# and other message envelope options. -# ==================================================================== -# -# maildrop. See the Postfix MAILDROP_README file for details. -# Also specify in main.cf: maildrop_destination_recipient_limit=1 -# -maildrop unix - n n - - pipe - flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient} -# -# ==================================================================== -# -# Recent Cyrus versions can use the existing "lmtp" master.cf entry. -# -# Specify in cyrus.conf: -# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4 -# -# Specify in main.cf one or more of the following: -# mailbox_transport = lmtp:inet:localhost -# virtual_transport = lmtp:inet:localhost -# -# ==================================================================== -# -# Cyrus 2.1.5 (Amos Gouaux) -# Also specify in main.cf: cyrus_destination_recipient_limit=1 -# -#cyrus unix - n n - - pipe -# user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user} -# -# ==================================================================== -# Old example of delivery via Cyrus. -# -#old-cyrus unix - n n - - pipe -# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user} -# -# ==================================================================== -# -# See the Postfix UUCP_README file for configuration details. -# -uucp unix - n n - - pipe - flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) -# -# Other external delivery methods. -# -ifmail unix - n n - - pipe - flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) -bsmtp unix - n n - - pipe - flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient -scalemail-backend unix - n n - 2 pipe - flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension} -mailman unix - n n - - pipe - flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py - ${nexthop} ${user} - diff --git a/all_new_2018/linkable_etc_files/mail/etc/systemd/system/fetchmail.service b/all_new_2018/linkable_etc_files/mail/etc/systemd/system/fetchmail.service deleted file mode 100644 index dc8acb4..0000000 --- a/all_new_2018/linkable_etc_files/mail/etc/systemd/system/fetchmail.service +++ /dev/null @@ -1,8 +0,0 @@ -[Unit] -Description=Run plom's fetchmail - -[Service] -Type=oneshot -User=plom -# fetchmail returns 1 when no new mail, we want to catch that -ExecStart=/bin/sh -c 'fetchmail || [ $? -eq 1 ]' diff --git a/all_new_2018/linkable_etc_files/mail/etc/systemd/system/pingmail.service b/all_new_2018/linkable_etc_files/mail/etc/systemd/system/pingmail.service deleted file mode 100644 index e332114..0000000 --- a/all_new_2018/linkable_etc_files/mail/etc/systemd/system/pingmail.service +++ /dev/null @@ -1,7 +0,0 @@ -[Unit] -Description=Run pingmail check - -[Service] -Type=oneshot -User=plom -ExecStart=/bin/sh -c '~/pingmail/pingmail check' diff --git a/all_new_2018/linkable_etc_files/mail/etc/systemd/system/timers.target.wants/fetchmail.timer b/all_new_2018/linkable_etc_files/mail/etc/systemd/system/timers.target.wants/fetchmail.timer deleted file mode 100644 index c67e8e7..0000000 --- a/all_new_2018/linkable_etc_files/mail/etc/systemd/system/timers.target.wants/fetchmail.timer +++ /dev/null @@ -1,8 +0,0 @@ -[Unit] -Description=Run fetchmail once every minute - -[Timer] -OnCalendar=*-*-* *:*:00 - -[Install] -WantedBy=timers.target diff --git a/all_new_2018/linkable_etc_files/mail/etc/systemd/system/timers.target.wants/pingmail.timer b/all_new_2018/linkable_etc_files/mail/etc/systemd/system/timers.target.wants/pingmail.timer deleted file mode 100644 index dba0c9f..0000000 --- a/all_new_2018/linkable_etc_files/mail/etc/systemd/system/timers.target.wants/pingmail.timer +++ /dev/null @@ -1,8 +0,0 @@ -[Unit] -Description=Run pingmail check once every hour - -[Timer] -OnCalendar=*-*-* *:00:00 - -[Install] -WantedBy=timers.target diff --git a/all_new_2018/linkable_etc_files/play/etc/systemd/system/encrypt_chatlogs.service b/all_new_2018/linkable_etc_files/play/etc/systemd/system/encrypt_chatlogs.service deleted file mode 100644 index d0fcb9c..0000000 --- a/all_new_2018/linkable_etc_files/play/etc/systemd/system/encrypt_chatlogs.service +++ /dev/null @@ -1,6 +0,0 @@ -[Unit] -Description=Pull website repo -[Service] -Type=oneshot -User=plom -ExecStart=/bin/sh -c '~/encrypter.sh' diff --git a/all_new_2018/linkable_etc_files/play/etc/systemd/system/timers.target.wants/encrypt_chatlogs.timer b/all_new_2018/linkable_etc_files/play/etc/systemd/system/timers.target.wants/encrypt_chatlogs.timer deleted file mode 100644 index 79a6e1e..0000000 --- a/all_new_2018/linkable_etc_files/play/etc/systemd/system/timers.target.wants/encrypt_chatlogs.timer +++ /dev/null @@ -1,8 +0,0 @@ -[Unit] -Description=Attempt encryption of old chatlogs once every minute. - -[Timer] -OnCalendar=*-*-* *:*:00 - -[Install] -WantedBy=timers.target \ No newline at end of file diff --git a/all_new_2018/linkable_etc_files/sendonly/etc/aliases b/all_new_2018/linkable_etc_files/sendonly/etc/aliases deleted file mode 100644 index 01e159c..0000000 --- a/all_new_2018/linkable_etc_files/sendonly/etc/aliases +++ /dev/null @@ -1,3 +0,0 @@ -# /etc/aliases -postmaster: root -root: plom@plomlompom.com \ No newline at end of file diff --git a/all_new_2018/linkable_etc_files/sendonly/etc/postfix/main.cf b/all_new_2018/linkable_etc_files/sendonly/etc/postfix/main.cf deleted file mode 100644 index d081783..0000000 --- a/all_new_2018/linkable_etc_files/sendonly/etc/postfix/main.cf +++ /dev/null @@ -1,38 +0,0 @@ -# See /usr/share/postfix/main.cf.dist for a commented, more complete version - - -# Debian specific: Specifying a file name will cause the first -# line of that file to be used as the name. The Debian default -# is /etc/mailname. -#myorigin = /etc/mailname - -smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) -biff = no - -# appending .domain is the MUA's job. -append_dot_mydomain = no - -# Uncomment the next line to generate "delayed mail" warnings -#delay_warning_time = 4h - -readme_directory = no - -# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on -# fresh installs. -compatibility_level = 2 - -# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for -# information on enabling SSL in the smtp client. - -smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination -myorigin = /etc/mailname -myhostname = $myorigin -alias_maps = hash:/etc/aliases -alias_database = hash:/etc/aliases -mydestination = $myhostname localhost.$mydomain localhost -relayhost = -mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 -mailbox_size_limit = 0 -recipient_delimiter = + -inet_interfaces = loopback-only -inet_protocols = all \ No newline at end of file diff --git a/all_new_2018/linkable_etc_files/server/etc/iptables/rules.v4 b/all_new_2018/linkable_etc_files/server/etc/iptables/rules.v4 deleted file mode 100644 index 8e0b1f6..0000000 --- a/all_new_2018/linkable_etc_files/server/etc/iptables/rules.v4 +++ /dev/null @@ -1,14 +0,0 @@ -*filter -:INPUT DROP [0:0] -:FORWARD DROP [0:0] -:OUTPUT ACCEPT [0:0] -# otherwise self-referential connections to local host will fail --A INPUT -i lo -j ACCEPT -# tolerate any inbound connections requested by our server, no matter the port --A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -# this enables ping etc. --A INPUT -p icmp -j ACCEPT -# SSH --A INPUT -p tcp --dport 22 -j ACCEPT -COMMIT -# this last line is here because iptables-restore ignores the final command if no newline follows it \ No newline at end of file diff --git a/all_new_2018/linkable_etc_files/server/etc/ssh/sshd_config b/all_new_2018/linkable_etc_files/server/etc/ssh/sshd_config deleted file mode 100644 index 89d08ac..0000000 --- a/all_new_2018/linkable_etc_files/server/etc/ssh/sshd_config +++ /dev/null @@ -1,126 +0,0 @@ -# $OpenBSD: sshd_config,v 1.100 2016/08/15 12:32:04 naddy Exp $ - -# This is the sshd server system-wide configuration file. See -# sshd_config(5) for more information. - -# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin - -# The strategy used for options in the default sshd_config shipped with -# OpenSSH is to specify options with their default value where -# possible, but leave them commented. Uncommented options override the -# default value. - -Port 22 -#AddressFamily any -#ListenAddress 0.0.0.0 -#ListenAddress :: - -#HostKey /etc/ssh/ssh_host_rsa_key -#HostKey /etc/ssh/ssh_host_ecdsa_key -#HostKey /etc/ssh/ssh_host_ed25519_key - -# Ciphers and keying -#RekeyLimit default none - -# Logging -#SyslogFacility AUTH -#LogLevel INFO - -# Authentication: - -#LoginGraceTime 2m -PermitRootLogin no # plomlompom's security rule -#StrictModes yes -#MaxAuthTries 6 -#MaxSessions 10 - -#PubkeyAuthentication yes - -# Expect .ssh/authorized_keys2 to be disregarded by default in future. -#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2 - -#AuthorizedPrincipalsFile none - -#AuthorizedKeysCommand none -#AuthorizedKeysCommandUser nobody - -# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts -#HostbasedAuthentication no -# Change to yes if you don't trust ~/.ssh/known_hosts for -# HostbasedAuthentication -#IgnoreUserKnownHosts no -# Don't read the user's ~/.rhosts and ~/.shosts files -#IgnoreRhosts yes - -# To disable tunneled clear text passwords, change to no here! -#PasswordAuthentication yes -#PermitEmptyPasswords no - -# Change to yes to enable challenge-response passwords (beware issues with -# some PAM modules and threads) -ChallengeResponseAuthentication no - -# Kerberos options -#KerberosAuthentication no -#KerberosOrLocalPasswd yes -#KerberosTicketCleanup yes -#KerberosGetAFSToken no - -# GSSAPI options -#GSSAPIAuthentication no -#GSSAPICleanupCredentials yes -#GSSAPIStrictAcceptorCheck yes -#GSSAPIKeyExchange no - -# Set this to 'yes' to enable PAM authentication, account processing, -# and session processing. If this is enabled, PAM authentication will -# be allowed through the ChallengeResponseAuthentication and -# PasswordAuthentication. Depending on your PAM configuration, -# PAM authentication via ChallengeResponseAuthentication may bypass -# the setting of "PermitRootLogin yes -# If you just want the PAM account and session checks to run without -# PAM authentication, then enable this but set PasswordAuthentication -# and ChallengeResponseAuthentication to 'no'. -UsePAM yes - -#AllowAgentForwarding yes -#AllowTcpForwarding yes -#GatewayPorts no -X11Forwarding yes -#X11DisplayOffset 10 -#X11UseLocalhost yes -#PermitTTY yes -PrintMotd no -#PrintLastLog yes -#TCPKeepAlive yes -#UseLogin no -#UsePrivilegeSeparation sandbox -#PermitUserEnvironment no -#Compression delayed -#ClientAliveInterval 0 -#ClientAliveCountMax 3 -#UseDNS no -#PidFile /var/run/sshd.pid -#MaxStartups 10:30:100 -#PermitTunnel no -#ChrootDirectory none -#VersionAddendum none - -# no default banner path -#Banner none - -# Allow client to pass locale environment variables -AcceptEnv LANG LC_* - -# override default of no subsystems -Subsystem sftp /usr/lib/openssh/sftp-server - -# Example of overriding settings on a per-user basis -#Match User anoncvs -# X11Forwarding no -# AllowTcpForwarding no -# PermitTTY no -# ForceCommand cvs server - -ClientAliveInterval 120 -PasswordAuthentication no # plomlompom's security rule diff --git a/all_new_2018/linkable_etc_files/web/etc/cron.d/certbot b/all_new_2018/linkable_etc_files/web/etc/cron.d/certbot deleted file mode 100644 index 1fd8aaf..0000000 --- a/all_new_2018/linkable_etc_files/web/etc/cron.d/certbot +++ /dev/null @@ -1,17 +0,0 @@ -# /etc/cron.d/certbot: crontab entries for the certbot package -# -# Upstream recommends attempting renewal twice a day -# -# Eventually, this will be an opportunity to validate certificates -# haven't been revoked, etc. Renewal will only occur if expiration -# is within 30 days. -SHELL=/bin/sh -PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin - -# plomlompom added the --webroot -w /var/www/html/ so that renewal -# works with nginx running, and the nginx reload post-hook so that -# the new certificates are linked to by nginx. Note that by default -# we rely on the systemd timer service file instead of this cronjob, -# but since both are installed by the certbot package to serve which -# ever of the two is used, we cautiously adapt both of them too. -0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(3600))' && certbot -q renew --webroot -w /var/www/html/ --post-hook "service nginx reload" diff --git a/all_new_2018/linkable_etc_files/web/etc/gitweb.conf b/all_new_2018/linkable_etc_files/web/etc/gitweb.conf deleted file mode 100644 index 71ce3c5..0000000 --- a/all_new_2018/linkable_etc_files/web/etc/gitweb.conf +++ /dev/null @@ -1,19 +0,0 @@ -# path to git projects (.git) -$projectroot = "/var/public_repos"; - -# directory to use for temp files -# explicitely set by Debian so it's probably a good choice -$git_temp = "/tmp"; - -# git-diff-tree(1) options to use for generated patches -# we don't want to to guess renames, so empty -@diff_opts = (); - -# Base path for where to find the repos for cloning. -@git_base_url_list = ('https://REPLACE_fqdn_ECALPER/repos/clone'); - -# allow snapshots -$feature{'snapshot'}{'default'} = ['zip', 'tgz']; - -# insert header for GDPR compliance -$site_header = "/var/www/header.html" diff --git a/all_new_2018/linkable_etc_files/web/etc/iptables/rules.v4 b/all_new_2018/linkable_etc_files/web/etc/iptables/rules.v4 deleted file mode 100644 index 9b714c6..0000000 --- a/all_new_2018/linkable_etc_files/web/etc/iptables/rules.v4 +++ /dev/null @@ -1,18 +0,0 @@ -*filter -:INPUT DROP [0:0] -:FORWARD DROP [0:0] -:OUTPUT ACCEPT [0:0] -# otherwise self-referential connections to local host will fail --A INPUT -i lo -j ACCEPT -# tolerate any inbound connections requested by our server, no matter the port --A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -# this enables ping etc. --A INPUT -p icmp -j ACCEPT -# SSH --A INPUT -p tcp --dport 22 -j ACCEPT -# HTTP --A INPUT -p tcp --dport 80 -j ACCEPT -# HTTPS --A INPUT -p tcp --dport 443 -j ACCEPT -COMMIT -# this last line is here because iptables-restore ignores the final command if no newline follows it \ No newline at end of file diff --git a/all_new_2018/linkable_etc_files/web/etc/nginx/nginx.conf b/all_new_2018/linkable_etc_files/web/etc/nginx/nginx.conf deleted file mode 100644 index f1be9e6..0000000 --- a/all_new_2018/linkable_etc_files/web/etc/nginx/nginx.conf +++ /dev/null @@ -1,84 +0,0 @@ -# system integration -user www-data; -worker_processes auto; -pid /run/nginx.pid; - -# we need this for the xslt_stylesheet directive below -#load_module modules/ngx_http_xslt_filter_module.so; - -# is expected even if empty -events { -} - -http { - # define content-type headers - types { - text/html html htm shtml; - text/css css; - text/xml xml; - text/plain txt sh rst md asc; - application/xhtml+xml xhtml; - application/pdf pdf; - image/jpeg jpg jpeg; - image/png png; - } - default_type application/octet_stream; - charset utf-8; - - # logging deactivated due to GDPR - #access_log /var/log/nginx/access.log; - #error_log /var/log/nginx/error.log; - - # HTTP server: only enforce HTTPS - server { - listen 80; - return 301 https://$host$request_uri; - } - - # HTTPS server - server { - listen 443 ssl; - server_name REPLACE_fqdn_ECALPER; - ssl_certificate /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/privkey.pem; - root /var/www/html/; - index index.html index.htm index.nginx-debian.html; - - # serve /var/www/public_repos/* for HTTPS git cloning - location ~ /repos/clone(/.*) { - include fastcgi_params; - fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend; - fastcgi_param GIT_HTTP_EXPORT_ALL ""; - fastcgi_param GIT_PROJECT_ROOT /var/public_repos; - fastcgi_param PATH_INFO $1; - fastcgi_pass unix:/var/run/fcgiwrap.socket; - } - - # gitweb static files - location /repos/static/ { - alias /usr/share/gitweb/static/; - } - - # gitweb; this needs packages fcgiwrap and gitweb - location /repos/ { - include fastcgi_params; - fastcgi_param SCRIPT_FILENAME /usr/share/gitweb/gitweb.cgi; - fastcgi_param GITWEB_CONFIG /etc/gitweb.conf; - fastcgi_pass unix:/var/run/fcgiwrap.socket; - } - - # login-protected IRC logs - location ~ /irclogs/([^/]+)/ { - auth_basic "$1 logs"; - auth_basic_user_file /var/www/irclogs_pw/$1; - autoindex on; - } - - ## entry for IRC logs - #location /irclogs/ { - # autoindex on; - # autoindex_format xml; - # xslt_stylesheet /var/www/autoindex.xslt; - #} - } -} diff --git a/all_new_2018/linkable_etc_files/web/etc/systemd/system/certbot.service b/all_new_2018/linkable_etc_files/web/etc/systemd/system/certbot.service deleted file mode 100644 index 0d20d1f..0000000 --- a/all_new_2018/linkable_etc_files/web/etc/systemd/system/certbot.service +++ /dev/null @@ -1,11 +0,0 @@ -[Unit] -Description=Certbot -Documentation=file:///usr/share/doc/python-certbot-doc/html/index.html -Documentation=https://letsencrypt.readthedocs.io/en/latest/ -[Service] -# plomlompom added the --webroot -w /var/www/html/ so that renewal -# works with nginx running, and the nginx reload post-hook so that -# the new certificates are linked to by nginx. -Type=oneshot -ExecStart=/usr/bin/certbot -q renew --webroot -w /var/www/html/ --post-hook "service nginx reload" -PrivateTmp=true \ No newline at end of file diff --git a/all_new_2018/linkable_etc_files/web/etc/systemd/system/plomlombot.service b/all_new_2018/linkable_etc_files/web/etc/systemd/system/plomlombot.service deleted file mode 100644 index a4f6769..0000000 --- a/all_new_2018/linkable_etc_files/web/etc/systemd/system/plomlombot.service +++ /dev/null @@ -1,11 +0,0 @@ -[Unit] -Description=plomlombot screen - -[Service] -Type=simple -User=plom -ExecStart=/bin/sh -c '~/plomlombot_daemon.sh' -Restart=always - -[Install] -WantedBy=multi-user.target diff --git a/all_new_2018/setup_scripts/add_encryption_key.sh b/all_new_2018/setup_scripts/add_encryption_key.sh deleted file mode 100755 index 71a9488..0000000 --- a/all_new_2018/setup_scripts/add_encryption_key.sh +++ /dev/null @@ -1,30 +0,0 @@ -#!/bin/sh -set -e - -# Ensure we have a GPG target to encrypt to. -if [ $# -lt 1 ]; then - echo "Need public key ID as argument." - false -fi -gpg_key="$1" - -config_tree_prefix="${HOME}/config/all_new_2018" -apt -y install gnupg dirmngr -keyservers='sks-keyservers.net/ keys.gnupg.net' -set +e -while true; do - do_break=0 - for keyserver in $(echo "${keyservers}"); do - su plom -c "gpg --no-tty --keyserver $keyserver --recv-key ${gpg_key}" - if [ $? -eq "0" ]; then - do_break=1 - break - fi - echo "Attempt with keyserver ${keyserver} unsuccessful, trying other." - done - if [ "${do_break}" -eq "1" ]; then - break - fi -done -set -e -# TODO: We may remove dirmngr here if only this script installed it. diff --git a/all_new_2018/setup_scripts/hardlink_etc.sh b/all_new_2018/setup_scripts/hardlink_etc.sh deleted file mode 100755 index 9d9acc2..0000000 --- a/all_new_2018/setup_scripts/hardlink_etc.sh +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/sh -# Hard link files to those in argument-selected subdirectories of -# linkable_etc_files//, e.g. link /etc/foo/bar to -# linkable_etc_files/$1/etc/foo/bar and so on. Create directories as -# necessary. We do the hard linking so files that should be readable to -# non-root in /etc/ remain so despite having a path below /root/, as -# symbolic links point into /root/ without making the targets readable -# to non-root. -# CAUTION: This removes original files at the affected paths. -set -e - -config_tree_prefix="${HOME}/config/all_new_2018" -linkable_files_dir="${config_tree_prefix}/linkable_etc_files" - -for target in "$@"; do - cd "${linkable_files_dir}/${target}" - for path in $(find . -type f); do - linking=$(echo "${path}" | cut -c2-) - linked=$(realpath "${path}") - dir=$(dirname "${linking}") - mkdir -p "${dir}" - ln -f "${linked}" "${linking}" - done -done diff --git a/all_new_2018/setup_scripts/init_user_and_keybased_login.sh b/all_new_2018/setup_scripts/init_user_and_keybased_login.sh deleted file mode 100755 index 6a46c20..0000000 --- a/all_new_2018/setup_scripts/init_user_and_keybased_login.sh +++ /dev/null @@ -1,52 +0,0 @@ -#!/bin/sh -# This script turns a fresh server with password-based root access to -# one of only key-based access and only to new non-root account plom. -# -# CAUTION: This is optimized for a *fresh* setup. It will overwrite any -# pre-existing ~/.ssh/authorized_keys of user plom with one that solely -# contains the local ~/.ssh/id_rsa.pub, and also any old -# /etc/ssh/sshd_config. -# -# Dependencies: ssh, scp, sshpass, ~/.ssh/id_rsa.pub, properly -# configured sshd_config file in reach. -set -e - -# Location auf a sshd_config with "PermitRootLogin no" and -# "PasswordAuthentication no". -config_tree_prefix="${HOME}/config/all_new_2018" -linkable_files_dir="${config_tree_prefix}/linkable_etc_files/server" -system_path_sshd_config='/etc/ssh/sshd_config' -local_path_sshd_config="${linkable_files_dir}/${system_path_sshd_config}" - -# Ensure we have a server name as argument. -if [ $# -eq 0 ]; then - echo "Need server as argument." - false -fi -server="$1" - -# Ask for root password only once, sshpass will re-use it then often. -stty -echo -printf "Server root password: " -read PW_ROOT -stty echo -printf "\n" -export SSHPASS="${PW_ROOT}" - -# Create user plom, and his ~/.ssh/authorized_keys based on the local -# ~/.ssh/id_rsa.pub; ensure the result has proper permissions and -# ownerships. Then disable root and pw login by copying over the -# sshd_config and restart ssh daemon. -# -# This could be a line or two shorter by using ssh-copy-id, but that -# would require setting a password for user plom otherwise not needed. -sshpass -e scp ~/.ssh/id_rsa.pub root@"${server}":/tmp/authorized_keys -sshpass -e ssh root@"${server}" \ - 'useradd -m plom && '\ - 'mkdir /home/plom/.ssh && '\ - 'chown plom:plom /home/plom/.ssh && '\ - 'chown plom:plom /tmp/authorized_keys && '\ - 'chmod u=rw,go= /tmp/authorized_keys && '\ - 'mv /tmp/authorized_keys /home/plom/.ssh/' -sshpass -e scp "${local_path_sshd_config}" root@"${server}":"${system_path_sshd_config}" -sshpass -e ssh root@"${server}" 'service ssh restart' diff --git a/all_new_2018/setup_scripts/install_for_target.sh b/all_new_2018/setup_scripts/install_for_target.sh deleted file mode 100755 index 53914d6..0000000 --- a/all_new_2018/setup_scripts/install_for_target.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/sh -# Walks through the package names in the argument-selected files of -# apt-mark/ and ensures the respective packages are installed. -# -# Ignores anything in an apt-mark/ file after the last newline. -set -e - -config_tree_prefix="${HOME}/config/all_new_2018" -aptmark_dir="${config_tree_prefix}/apt-mark" - -for target in "$@"; do - path="${aptmark_dir}/${target}" - cat "${path}" | while read line; do - echo "$line" - if [ ! $(echo "${line}" | cut -c1) = "#" ]; then - apt-get -y install "${line}" - fi - done -done diff --git a/all_new_2018/setup_scripts/letsencrypt.sh b/all_new_2018/setup_scripts/letsencrypt.sh deleted file mode 100755 index 29ed3b6..0000000 --- a/all_new_2018/setup_scripts/letsencrypt.sh +++ /dev/null @@ -1,31 +0,0 @@ -#!/bin/sh -# Certify current server with LetsEncrypt. -# Uses hostname -f for the domain we want to certify. -set -e - -# Ensure we have a mail address as argument. -if [ $# -lt 1 ]; then - echo "Need mail address as argument." - false -fi -mail_address="$1" - -# We need certbot to get LetsEncrypt certificates. -apt install -y certbot - -# If port 80 blocked by iptables, open it. -set +e -iptables -C INPUT -p tcp --dport 80 -j ACCEPT -open_iptables="$?" -set -e -if [ "${open_iptables}" -eq "1" ]; then - iptables -A INPUT -p tcp --dport 80 -j ACCEPT -fi - -# Create new certificate and copy it to /etc/letsencrypt. -certbot certonly --standalone --agree-tos -m "${mail_address}" -d "$(hostname -f)" - -# Remove iptables rule to open port 80 if we added it. -if [ "${open_iptables}" -eq "1" ]; then - iptables -D INPUT -p tcp --dport 80 -j ACCEPT -fi diff --git a/all_new_2018/setup_scripts/letsencrypt_get.sh b/all_new_2018/setup_scripts/letsencrypt_get.sh deleted file mode 100755 index c2b3e9f..0000000 --- a/all_new_2018/setup_scripts/letsencrypt_get.sh +++ /dev/null @@ -1,20 +0,0 @@ -#!/bin/sh -# Copy over LetsEncrypt certificates from another server. -set -e - -# Ensure we have a server name as argument. -if [ $# -lt 1 ]; then - echo "Need server as argument." - false -fi -server="$1" - -# Copy over. -ssh -t plom@${server} 'su -c "cd /etc/ && tar cf letsencrypt.tar letsencrypt && chown plom:plom letsencrypt.tar && mv letsencrypt.tar /home/plom/"' -scp plom@${server}:~/letsencrypt.tar . -apt -y install certbot -rmdir /etc/letsencrypt -mv letsencrypt.tar /etc/ -cd /etc/ -tar xf letsencrypt.tar -rm letsencrypt.tar diff --git a/all_new_2018/setup_scripts/mirror_dir.sh b/all_new_2018/setup_scripts/mirror_dir.sh deleted file mode 100755 index 0fc03aa..0000000 --- a/all_new_2018/setup_scripts/mirror_dir.sh +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/sh -# Mirror directory tree from remote to local server, keeping the path. -set -e - -if [ $# -lt 2 ]; then - echo "Need server and directory as arguments." - false -fi -server=$1 -dir=$2 -path_package=/tmp/delete.tar - -eval `ssh-agent` -ssh-add -cd -ssh plom@"${server}" "cd \"${dir}\" && tar cf ${path_package} ." -scp plom@"${server}":"${path_package}" "${path_package}" -mkdir -p "${dir}" -cd "${dir}" -tar xf "${path_package}" -cd -rm "${path_package}" -ssh plom@"${server}" rm "${path_package}" diff --git a/all_new_2018/setup_scripts/prepare_to_meet_server.sh b/all_new_2018/setup_scripts/prepare_to_meet_server.sh deleted file mode 100755 index 13d05ca..0000000 --- a/all_new_2018/setup_scripts/prepare_to_meet_server.sh +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/sh -# Do some of the steps necessary to SSH (key-based) with another server. -set -e - -target="$1" - -# We need a public key to copy over, so generate it if not found. -if [ ! -f ~/.ssh/id_rsa.pub ]; then - ssh-keygen -fi - -# Add target to ~/.ssh/known_hosts so we don't get -# asked for permission at inopportune moments. -ssh-keyscan -H "$target" >> ~/.ssh/known_hosts - -# Tell user what to do. -echo "APPEND FOLLOWING TO TARGET'S ~/.ssh/authorized_keys:" -cat ~/.ssh/id_rsa.pub diff --git a/all_new_2018/setup_scripts/purge_nonrequireds.sh b/all_new_2018/setup_scripts/purge_nonrequireds.sh deleted file mode 100755 index e444a55..0000000 --- a/all_new_2018/setup_scripts/purge_nonrequireds.sh +++ /dev/null @@ -1,26 +0,0 @@ -#!/bin/sh -# This script removes all Debian packages that are not of Priority -# "required" or not depended on by packages of priority "required" -# or not listed in the argument-selected files of apt-mark/. -set -e - -config_tree_prefix="${HOME}/config/all_new_2018" -aptmark_dir="${config_tree_prefix}/apt-mark" - -dpkg-query -Wf '${Package} ${Priority}\n' | grep ' required' | sed 's/ required//' > /tmp/list_white_unsorted -for target in "$@"; do - path="${aptmark_dir}/${target}" - cat "${path}" | while read line; do - if [ ! $(echo "${line}" | cut -c1) = "#" ]; then - echo "${line}" >> /tmp/list_white_unsorted - fi - done -done -sort /tmp/list_white_unsorted > /tmp/list_white -dpkg-query -Wf '${Package}\n' > /tmp/list_all_packages -sort /tmp/list_all_packages > /tmp/foo -mv /tmp/foo /tmp/list_all_packages -comm -3 /tmp/list_all_packages /tmp/list_white > /tmp/list_black -apt-mark auto `cat /tmp/list_black` -DEBIAN_FRONTEND=noninteractive apt-get -y --purge autoremove -rm /tmp/list_all_packages /tmp/list_white_unsorted /tmp/list_white /tmp/list_black diff --git a/all_new_2018/setup_scripts/set_hostname_and_fqdn.sh b/all_new_2018/setup_scripts/set_hostname_and_fqdn.sh deleted file mode 100755 index 3f95590..0000000 --- a/all_new_2018/setup_scripts/set_hostname_and_fqdn.sh +++ /dev/null @@ -1,45 +0,0 @@ -#!/bin/sh -# Sets hostname and optionally FQDN. -# -# Calls hostname, writes to /etc/hostname and /etc/hosts. For /etc/hosts -# writing follows recommendations from Debian manual at -# -# (section "The hostname resolution") on how to map hostname and possibly -# FQDN to a permanent IP if present (we assume here any non-private IP -# and non-loopback IP returned by hostname -I to fulfill that criterion -# on our systems) or to 127.0.1.1 if not. On the reasoning for separating -# localhost and hostname mapping to different IPs, see -# . -set -e - -hostname="$1" -fqdn="$2" -if [ "${hostname}" = "" ]; then - echo "Need hostname as argument." - false -fi -echo "${hostname}" > /etc/hostname -hostname "${hostname}" - -final_ip="127.0.1.1" -for ip in $(hostname -I); do - range_1=$(echo "${ip}" | cut -d "." -f 1) - range_2=$(echo "${ip}" | cut -d "." -f 2) - if [ "${range_1}" -eq 127 ]; then - continue - elif [ "${range_1}" -eq 10 ]; then - continue - elif [ "${range_1}" -eq 172 ]; then - if [ "${range_2}" -ge 16 ] && [ "${range_2}" -le 31 ]; then - continue - fi - elif [ "${range_1}" -eq 192 ]; then - if [ "${range_2}" -eq 168 ]; then - continue - fi - fi - final_ip="${ip}" -done - -echo "127.0.0.1 localhost.localdomain localhost" > /etc/hosts -echo "${final_ip} ${fqdn} ${hostname}" >> /etc/hosts diff --git a/all_new_2018/setup_scripts/setup_mail.sh b/all_new_2018/setup_scripts/setup_mail.sh deleted file mode 100755 index 2080705..0000000 --- a/all_new_2018/setup_scripts/setup_mail.sh +++ /dev/null @@ -1,94 +0,0 @@ -#/bin/sh -set -e - -# Check we have the necessary arguments. -if [ $# -lt 2 ]; then - echo "Give arguments of mail domain and DKIM selector." - echo "Also, if hosting mail for entire domain, give third argument 'domainwide'." - false -fi -mail_domain="$1" -dkim_selector="$2" -domainwide="$3" - -config_tree_prefix="${HOME}/config/all_new_2018" -setup_scripts_dir="${config_tree_prefix}/setup_scripts" -cd "${setup_scripts_dir}" - -# Set up DKIM key. Only keep opendkim-tools on system if pre-installed. -mkdir -p /etc/dkimkeys/ -set +e -dpkg -s opendkim-tools &> /dev/null -preinstalled="$?" -set -e -if [ ! "${preinstalled}" -eq "0" ]; then - apt install -y opendkim-tools -fi -opendkim-genkey -s "${dkim_selector}" -mv "${dkim_selector}.private" /etc/dkimkeys/ -if [ ! "${preinstalled}" -eq "0" ]; then - apt -y --purge autoremove opendkim-tools -fi - -# Link and adapt mail-server-specific /etc/ files. -./hardlink_etc.sh mail -sed -i "s/REPLACE_maildomain_ECALPER/${mail_domain}/g" /etc/mailutils.conf -sed -i "s/REPLACE_Domain_ECALPER/${mail_domain}/g" /etc/opendkim.conf -sed -i "s/REPLACE_Selector_ECALPER/${dkim_selector}/g" /etc/opendkim.conf -sed -i "s/REPLACE_myhostname_ECALPER/$(hostname -f)/g" /etc/postfix/main.cf -if [ "${domainwide}" = "domainwide" ]; then - sed -i 's/REPLACE_mydomain_if_domainwide_ECALPER/$mydomain/g' /etc/postfix/main.cf -else - sed -i 's/REPLACE_mydomain_if_domainwide_ECALPER//g' /etc/postfix/main.cf -fi -# Since we re-set the iptables rules, we need to reload them. -iptables-restore /etc/iptables/rules.v4 - -# Some useful debconf selections. -echo "postfix postfix/main_mailer_type string 'Internet Site'" | debconf-set-selections -echo "ssl_cert = /etc/dovecot/conf.d/99-ssl-certs.conf -echo "ssl_key = > /etc/dovecot/conf.d/99-ssl-certs.conf - -# The second line should not be necessary due to the first line, but for -# some reason the installation forgets to set up /etc/mailname early -# enough to not (when running newaliases) stumble over its absence. -echo "postfix postfix/mailname string ${mail_domain}" | debconf-set-selections -echo "${mail_domain}" > /etc/mailname - -# Everything should now be ready for installations. Note that we don't -# strictly need dovecot-lmtpd, as postfix will deliver mail to /var/mail/USER -# in any case, to be found by dovecot; we use it as a transport mechanism to -# allow for sophisticated stuff like dovecot-side sieve filtering (installed -# with dovecot-sieve). -apt install -y -o Dpkg::Options::=--force-confold postfix dovecot-imapd dovecot-lmtpd dovecot-sieve opendkim -cp "${config_tree_prefix}/user_files/dovecot.sieve" /home/plom/.dovecot.sieve -chown plom:plom /home/plom/.dovecot.sieve - -# Pingmail setup. -apt install -y mailutils -cp "${config_tree_prefix}/user_files/pingmailrc" /home/plom/.pingmailrc -chown plom:plom /home/plom/.pingmailrc -su plom -c "cd && git clone https://plomlompom.com/repos/clone/pingmail.git" - -# In addition to our postfix server receiving mails, we funnel mails from a -# POP3 account into dovecot via fetchmail. It might make sense to adapt the -# ~/.dovecot.sieve to move mails targeted to the fetched mail account to their -# own mbox. -apt -y install fetchmail -cp "${config_tree_prefix}/user_files/fetchmailrc" /home/plom/.fetchmailrc -chown plom:plom /home/plom/.fetchmailrc -chmod 0700 /home/plom/.fetchmailrc - -# Pingmail and fetchmail have some systemd timers waiting. To let systemd -# know about them, do this. -systemctl daemon-reload - -# Final advice to user. -echo "TODO: Ensure MX entry for your system in your DNS configuration." -echo "TODO: Ensure a proper SPF entry for this system in your DNS configuration; something like 'v=spf1 mx -all' mapped to your host." -echo "TODO: passwd plom for IMAPS login" -echo "TODO: adapt /home/plom/.fetchmailrc and then do: systemctl start fetchmail.timer" -echo "TODO: adapt /home/plom/.dovecot.sieve and /home/plom/.pingmailrc (sieve mail by pingmail target person into mbox defined in .pingmailrc), then run: systemctl start pingmail.timer" -echo "TODO: Add the follow DMARK entry as TXT to your DNS configugration: 'v=DMARC1; p=none; rua=mailto:plom+dmarc@plomlompom.com;' mapped to _dmarc" -echo "TODO: Add the following DKIM entry to your DNS configuration (possibly with slightly changed host entry – if your mail domain includes a subdomain, append that with a dot):" -cat "${dkim_selector}.txt" diff --git a/all_new_2018/setup_scripts/setup_play.sh b/all_new_2018/setup_scripts/setup_play.sh deleted file mode 100755 index f37be49..0000000 --- a/all_new_2018/setup_scripts/setup_play.sh +++ /dev/null @@ -1,36 +0,0 @@ -#!/bin/sh -set -e - -# Ensure we have a GPG target to encrypt to. -if [ $# -lt 1 ]; then - echo "Need public key ID as argument." - false -fi -gpg_key="$1" - -config_tree_prefix="${HOME}/config/all_new_2018" -setup_scripts_dir="${config_tree_prefix}/setup_scripts" -cd "${setup_scripts_dir}" - -# If anything strange happens, let root send mail to us. -./setup_sendonly.sh - -# Apart from weechat, vim and screen will also be useful for everyday activity. -apt -y install weechat screen vim - -# Link and copy over files. -./hardlink_etc.sh play -cp "${config_tree_prefix}/user_files/encrypter.sh" /home/plom/ -chown plom:plom /home/plom/encrypter.sh -cp "${config_tree_prefix}/user_files/weechat-wrapper.sh" /home/plom/ -chown plom:plom /home/plom/weechat-wrapper.sh -cp "${config_tree_prefix}/user_files/weechatrc" /home/plom/.weechatrc -chown plom:plom /home/plom/.weechatrc -apt -y install screen -echo "$gpg_key" > /home/plom/.encrypt_target -chown plom:plom /home/plom/.encrypt_target - -# Start encrypt_chatlogs job. -./add_encryption_key.sh "${gpg_key}" -systemctl daemon-reload -systemctl start encrypt_chatlogs.timer diff --git a/all_new_2018/setup_scripts/setup_plomlombot.sh b/all_new_2018/setup_scripts/setup_plomlombot.sh deleted file mode 100755 index de22ef3..0000000 --- a/all_new_2018/setup_scripts/setup_plomlombot.sh +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/sh -set -e - -# Ensure we have a GPG target to encrypt to. -if [ $# -lt 1 ]; then - echo "Need public key ID as argument." - false -fi -gpg_key="$1" - -config_tree_prefix="${HOME}/config/all_new_2018" -irclogs_dir=/var/www/html/irclogs -irclogs_pw_dir=/var/www/irclogs_pw - -./add_encryption_key.sh "${gpg_key}" -apt -y install screen python3-venv -cp "${config_tree_prefix}"/user_files/plomlombot_daemon.sh /home/plom/ -chown plom:plom /home/plom/plomlombot_daemon.sh -su plom -c "cd && git clone /var/public_repos/plomlombot-irc" -systemctl enable /etc/systemd/system/plomlombot.service -service plomlombot start -mkdir -p "${irclogs_dir}" -chown -R plom:plom "${irclogs_dir}" -mkdir -p "${irclogs_pw_dir}" -chown -R plom:plom "${irclogs_pw_dir}" -echo "Don't forget to add a file ~/.plomlombot with content such as:" -echo "gpg_key ${gpg_key}" -echo "bot: SCREEN_SESSION_NAME BOT_NAME #CHANNEL_NAME IRC_SERVER_NAME LOGS_USER LOGS_PW" -echo "# file should end in newline or non-interpreted line such as this" diff --git a/all_new_2018/setup_scripts/setup_sendonly.sh b/all_new_2018/setup_scripts/setup_sendonly.sh deleted file mode 100755 index e761eeb..0000000 --- a/all_new_2018/setup_scripts/setup_sendonly.sh +++ /dev/null @@ -1,14 +0,0 @@ -#!/bin/sh -# This sets up the minimum of a mail server necessary to send out mails -# to the world. -set -e - -config_tree_prefix="${HOME}/config/all_new_2018" -setup_scripts_dir="${config_tree_prefix}/setup_scripts" -cd "${setup_scripts_dir}" - -./hardlink_etc.sh sendonly -echo "postfix postfix/main_mailer_type string 'Internet Site'" | debconf-set-selections -echo "postfix postfix/mailname string $(hostname -f)" | debconf-set-selections -echo "$(hostname -f)" > /etc/mailname -apt install -y postfix diff --git a/all_new_2018/setup_scripts/setup_server.sh b/all_new_2018/setup_scripts/setup_server.sh deleted file mode 100755 index 172d8d2..0000000 --- a/all_new_2018/setup_scripts/setup_server.sh +++ /dev/null @@ -1,52 +0,0 @@ -#!/bin/sh -# Next setup steps for a server whose login policy has just been set from -# the outside via ./init_user_and_keybased_login.sh. -set -e - -# Provide maximum input for set_hostname_and_fqdn.sh. -if [ "$#" -ne 2 ]; then - echo 'Need exactly two arguments (hostname, FQDN).' - false -fi -hostname="$1" -fqdn="$2" - -config_tree_prefix="${HOME}/config/all_new_2018" -setup_scripts_dir="${config_tree_prefix}/setup_scripts" -cd "${setup_scripts_dir}" - -# Adapt /etc/ to our needs by hardlinking into ./linkable_etc_files. This -# will set basic configurations affecting following steps, such as setup -# of APT and the locale selection, so needs to be right at the beginning. -./hardlink_etc.sh all server - -# Set hostname and FQDN. -./set_hostname_and_fqdn.sh "${hostname}" "${fqdn}" - -# Some debconf selections we don't want to get asked during coming -# install actions. -echo 'iptables-persistent iptables-persistent/autosave_v4 boolean false' | debconf-set-selections -echo 'iptables-persistent iptables-persistent/autosave_v6 boolean false' | debconf-set-selections - -# Ensure package installation state as defined by what packages are -# defined as required by Debian policy and by settings in ./apt-mark/. -apt update -./install_for_target.sh all server -./purge_nonrequireds.sh all server - -# Ensure our desired locale is available. -locale-gen - -# Only upgrade after reducing the system to the desired minimum, so that -# we don't need to get more data than necessary. -apt -y dist-upgrade - -# Set Berlin localtime. -ln -sf /usr/share/zoneinfo/Europe/Berlin /etc/localtime - -# If we have not yet set the shell for user plom, ensure it here. This -# is mostly for convenience. -usermod -s /bin/bash plom - -# We want to be able to use ALL our servers as borg backup destinations. -apt -y install borgbackup diff --git a/all_new_2018/setup_scripts/setup_web.sh b/all_new_2018/setup_scripts/setup_web.sh deleted file mode 100755 index 400aa22..0000000 --- a/all_new_2018/setup_scripts/setup_web.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/sh -# Set up plomlompom.com web server. -set -e - -config_tree_prefix="${HOME}/config/all_new_2018" -setup_scripts_dir="${config_tree_prefix}/setup_scripts" -cd "${setup_scripts_dir}" - -./hardlink_etc.sh web -./setup_sendonly.sh -sed -i "s/REPLACE_fqdn_ECALPER/$(hostname -f)/g" /etc/nginx/nginx.conf -sed -i "s/REPLACE_fqdn_ECALPER/$(hostname -f)/g" /etc/gitweb.conf -cd /var/ -rm -rf www -git clone plom@core.plomlompom.com:repos/website www -apt -y -o Dpkg::Options::=--force-confold install nginx gitweb fcgiwrap -mkdir /var/public_repos -chown plom:plom /var/public_repos -iptables-restore /etc/iptables/rules.v4 diff --git a/all_new_2018/user_files/dovecot.sieve b/all_new_2018/user_files/dovecot.sieve deleted file mode 100644 index 5346309..0000000 --- a/all_new_2018/user_files/dovecot.sieve +++ /dev/null @@ -1,8 +0,0 @@ -require ["fileinto"]; -require ["mailbox"]; -if address :is "from" "foo@bar.com" { - fileinto :create "foo"; -} -if address :is :domain "to" "example.com" { - fileinto :create "example.com"; -} diff --git a/all_new_2018/user_files/encrypter.sh b/all_new_2018/user_files/encrypter.sh deleted file mode 100755 index e2ebd44..0000000 --- a/all_new_2018/user_files/encrypter.sh +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/sh -# Encrypt dated weechatlog files older than one day to GPG target defined in -# ~/.encrypt_target -set -e - -gpg_key=$(cat ~/.encrypt_target) -cd ~/weechatlogs/irc/ -find . -regextype posix-egrep -regex '^.*/.*/.*\.[0-9]{4}-[0-9]{2}-[0-9]{2}\.weechatlog$' -type f -mtime +1 -exec gpg --recipient "${gpg_key}" --trust-model always --encrypt {} \; -exec rm {} \; - diff --git a/all_new_2018/user_files/fetchmailrc b/all_new_2018/user_files/fetchmailrc deleted file mode 100755 index b437563..0000000 --- a/all_new_2018/user_files/fetchmailrc +++ /dev/null @@ -1,2 +0,0 @@ -# remove "keep" if you're sure about your setup; it keeps mails on server from getting deleted -poll mail.example.com protocol pop3 username "foo@example.com" password "PASSWORD" ssl keep diff --git a/all_new_2018/user_files/pingmailrc b/all_new_2018/user_files/pingmailrc deleted file mode 100644 index 46bcbfe..0000000 --- a/all_new_2018/user_files/pingmailrc +++ /dev/null @@ -1,45 +0,0 @@ -# place for test files whose modification times are used to track lifesigns -testdir=$HOME'/.pingmail' - -# modification time is the last time a ping was sent or a lifetime received -ping_touch=$testdir'/ping_touch' - -# modification time is when the count for sending checker a warning mail starts -reminder_touch=$testdir'/reminder_touch' - -# how long to wait for lifesigns before sending a ping; double is time to wait -# for a lifesign before sending a warning message to checker -wait_time=86400 - -# address of the checker, receives warning message after too long wait -checker_address='bar@example.org' - -# address of the checked person, ping is sent here -checked_address='foo@example.org' - -# content of ping message sent to checked person -subj2checked='[pingmail] Ping!' -msg2checked='Hi!\n -\nThis is an automated mail ping from '$checker_address'. -\nRespond to show that you are still alive!' - -# content of warning message sent to checker -id_target='foo' -subj2checker='[pingmail] No recent life signs from '$id_target -reminder_time=`expr $wait_time \* 2` -msg2checker='pingmail reporting in:\n -\nNo life signs from '$id_target' for the last '$reminder_time' seconds. -\nMaybe you should give them a call to check if they are okay.' - -# mail client command reading message body from stdin and subject from parameter -mailclient_s='mail -s' - -# mailbox file to check for most recent life sign -mbox=$HOME'/mail/foo' - -# to recursively search for most recent matches to $matchstring as lifesigns -#maildir=$HOME'/mail' - -# pattern to search $maildir for recursively for lifesigns -#checked_address_escaped=`echo $checked_address | sed 's/\./\\./g'` -#matchstring='^From: .*('$checked_address_escaped'|alternate@example\.org)' diff --git a/all_new_2018/user_files/plomlombot_daemon.sh b/all_new_2018/user_files/plomlombot_daemon.sh deleted file mode 100755 index 5cf1f6a..0000000 --- a/all_new_2018/user_files/plomlombot_daemon.sh +++ /dev/null @@ -1,55 +0,0 @@ -#!/bin/sh -set -e - -# Repeatedly parse config file for GPG key and bot screen configs. -path=~/.plomlombot -db_dir="${HOME}/plomlombot_db" -irclogs_dir=/var/www/html/irclogs -irclogs_pw_dir=/var/www/irclogs_pw -while true; do - if [ -f "${path}" ]; then - cat "${path}" | while read line; do - first_word=$(echo -n "${line}" | cut -d' ' -f1) - - # Read "bot:" line, start bot screen session from it if not yet existing, - # set up irclogs dir if not yet existing. - if [ "${first_word}" = "bot:" ]; then - session_name=$(echo -n "${line}" | cut -d' ' -f2) - bot_name=$(echo -n "${line}" | cut -d' ' -f3) - channel_name=$(echo -n "${line}" | cut -d' ' -f4) - shortened_channel_name="${channel_name}" - first_char=$(echo -n "${channel_name}" | cut -c1) - if [ "${first_char}" = "#" ]; then - shortened_channel_name=$(echo -n "${channel_name}" | cut -c2-) - fi - server_name=$(echo -n "${line}" | cut -d' ' -f5) - login_user=$(echo -n "${line}" | cut -d' ' -f6) - login_pw=$(echo -n "${line}" | cut -d' ' -f7) - set +e - screen -S "${session_name}" -Q select . > /dev/null - start_screen=$? - set -e - if [ "${start_screen}" -eq "1" ]; then - cd ~/plomlombot-irc - LANG="en_US.UTF-8" screen -d -m -S "${session_name}" ./run.sh -r 604800 -n "${bot_name}" -s "${server_name}" "${channel_name}" - fi - md5_server=$(echo -n "${server_name}" | md5sum | cut -d' ' -f1) - md5_channel=$(echo -n "${channel_name}" | md5sum | cut -d' ' -f1) - logs_dir="${db_dir}/${md5_server}/${md5_channel}/logs" - # FIXME: Note the trouble we will have if we have the same channel - # name on different servers … - ln -sfn "${logs_dir}" "${irclogs_dir}/${shortened_channel_name}" - echo "${login_user}":'{PLAIN}'"${login_pw}" > "${irclogs_pw_dir}/${shortened_channel_name}" - - # If "gpg" line, encrypt old raw logs to that GPG key. - elif [ "${first_word}" = "gpg_key" ]; then - key=$(echo -n "${line}" | cut -d' ' -f2) - mkdir -p ~/plomlombot_db - cd ~/plomlombot_db - find . -path '*/*/raw_logs/*.txt' -mtime +1 -type f -exec gpg --recipient "${key}" --trust-model always --encrypt {} \; -exec rm {} \; - fi - - done - sleep 1 - fi -done diff --git a/all_new_2018/user_files/weechat-wrapper.sh b/all_new_2018/user_files/weechat-wrapper.sh deleted file mode 100755 index 4625dd8..0000000 --- a/all_new_2018/user_files/weechat-wrapper.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh - -# Enforce ~/.weechatrc as sole persistent weechat config file. -#~/config/bin/simplemail.sh ~/config/mails/weechat_restart_reminder -rm -rf ~/.weechat/ -WEECHATCONF=`tr '\n' ';' < ~/.weechatrc` -weechat -r "$WEECHATCONF" -rm -rf ~/.weechat/ diff --git a/all_new_2018/user_files/weechatrc b/all_new_2018/user_files/weechatrc deleted file mode 100644 index ab30c17..0000000 --- a/all_new_2018/user_files/weechatrc +++ /dev/null @@ -1,7 +0,0 @@ -/set logger.file.path ~/weechatlogs -/set logger.file.flush_delay 0 -/set logger.mask.irc "irc/$server/$channel.%Y-%m-%d.weechatlog" -/set weechat.bar.status.items "[time],[buffer_last_number],[buffer_plugin],buffer_number+:+buffer_name+(buffer_modes)+{buffer_nicklist_count}+buffer_zoom+buffer_filter,[lag],[hotlist],completion,scroll,[otr]" -/set weechat.color.chat_nick_colors "lightcyan" -/server add freenode irc.freenode.net -nicks=plimlompom,plimlomp0m,pliml0mp0m -realname="foo bar" -autojoin=#plomlompomtest -/connect freenode diff --git a/ansible/config.yml b/ansible/config.yml deleted file mode 100644 index 3386c91..0000000 --- a/ansible/config.yml +++ /dev/null @@ -1,117 +0,0 @@ ---- -- hosts: all - user: root - become: yes - tasks: - - - name: ensure directories for symlinks exist - file: state=directory dest={{item}} - with_lines: cat ~/config/ansible/files/dirs | sed -e 's/ *#.*$//' - - name: symlink system files - file: state=hard force=yes src={{item}} dest={{item|basename|regex_replace('___','/')}} - with_fileglob: ~/config/ansible/files/system/* - - name: set hostname for current session - shell: hostname w530 - - # Init package management. - - name: update package lists - apt: update_cache=yes - - name: APT - dist-upgrade - apt: upgrade=dist - - # Ensure power management. - - name: ensure power management tools are installed - apt: name={{item}} state=present - with_lines: cat ~/config/ansible/files/apt-mark/power_management | sed -e 's/ *#.*$//' - - name: start TLP - shell: tlp start - - # Configure console. - # - # For some reason, some settings are only applied two reboots after this. - - name: symlink console config files - file: state=link force=yes src={{item}} dest={{item|basename|regex_replace('___','/')}} - with_fileglob: ~/config/ansible/files/console/* - - name: ensure locales and console-setup are installed - apt: name={{item}} state=present - with_lines: cat ~/config/ansible/files/apt-mark/console | sed -e 's/ *#.*$//' - - name: generate en_US.UTF-8 locale - locale_gen: name=en_US.UTF-8 state=present - - name: run setupcon to apply console settings from /etc/default/ - command: setupcon - - # Miscellaneous. - - name: Ensure dotfile symlinks - file: state=link force=yes src={{item}} dest=~/.{{item|basename}} - with_fileglob: - - ~/config/dotfiles/minimal/* - - ~/config/dotfiles/root/* - - name: ensure ~/.vimbackups directory - file: state=directory dest=~/.vimbackups - - name: ensure man-db, manpages are installed - apt: name={{item}} state=present - with_lines: cat ~/config/ansible/files/apt-mark/man | sed -e 's/ *#.*$//' - - name: set /etc/localtime - file: state=link force=yes src=/usr/share/zoneinfo/Europe/Berlin dest=/etc/localtime - - name: ensure various useful tools are installed – sudo, git, vim, less, openssh - apt: name={{item}} state=present - with_lines: cat ~/config/ansible/files/apt-mark/various_useful | sed -e 's/ *#.*$//' - - name: ensure boot messages are not cleared on start up - replace: dest=/etc/systemd/system/getty.target.wants/getty@tty1.service regexp='^TTYVTDisallocate=yes.*$' replace='TTYVTDisallocate=no' - - # Config user. - - name: create user plom with sudo privileges and bash shell - user: name=plom groups=sudo shell=/bin/bash - - name: have config repo in user directory - git: repo=https://github.com/plomlompom/config dest=/home/plom/config - become_user: plom - become_method: su - - # Ensure X window environment. - - name: ensure minimal X window environment - apt: name={{item}} state=present - with_lines: cat ~/config/ansible/files/apt-mark/minimal_x | sed -e 's/ *#.*$//' - - name: ensure 3d acceleration and optimus switch - apt: name={{item}} state=present - with_lines: cat ~/config/ansible/files/apt-mark/3d_acceleration | sed -e 's/ *#.*$//' - - name: ensure user plom is in bumblebee group - user: name=plom groups=bumblebee append=yes - - name: ensure basic X tools - apt: name={{item}} state=present - with_lines: cat ~/config/ansible/files/apt-mark/basic_x_tools | sed -e 's/ *#.*$//' - - # Set up pentadactyl. - - name: ensure browser environment - apt: name={{item}} state=present - with_lines: cat ~/config/ansible/files/apt-mark/browser_environment | sed -e 's/ *#.*$//' - - # Ensure wifi. - - name: ensure wifi configuration - apt: name={{item}} state=present - with_lines: cat ~/config/ansible/files/apt-mark/wifi | sed -e 's/ *#.*$//' - - # Ensure audio/video consumption necessities. - - name: ensure multimedia tools - apt: name={{item}} state=present - with_lines: cat ~/config/ansible/files/apt-mark/multimedia | sed -e 's/ *#.*$//' - - # Ensure hotkeys. - # - # For some reason, the brightness hotkeys still won't be available unless acpid is restarted (yes, after reboot). - - name: ensure hotkeys - apt: name={{item}} state=present - with_lines: cat ~/config/ansible/files/apt-mark/hotkeys | sed -e 's/ *#.*$//' - - # Remove undesired packages - - name: collect desired packages - shell: cat files/apt-mark/* | sed -e 's/ *#.*$//' > /tmp/white_list_unsorted && sort /tmp/white_list_unsorted > /tmp/white_list_sorted - - name: collect currently installed packages - shell: dpkg-query -Wf '${Package}\n' > /tmp/all_unsorted && sort /tmp/all_unsorted > /tmp/all_sorted - - name: create black list of packages to mark as automatically installed from the difference between the required packages and the packages currently installed - shell: comm -3 /tmp/all_sorted /tmp/white_list_sorted > /tmp/list_black - - name: mark all packages from black list as automatically installed - shell: apt-mark auto $(cat /tmp/list_black) - - name: mark all packages from white list as manually installed - shell: apt-mark manual $(cat /tmp/white_list_unsorted) - - name: purge all packages automatically installed that are not depended on - shell: DEBIAN_FRONTEND=noninteractive apt-get -y --purge autoremove diff --git a/ansible/config_new.yml b/ansible/config_new.yml deleted file mode 100644 index f3bd3f5..0000000 --- a/ansible/config_new.yml +++ /dev/null @@ -1,147 +0,0 @@ ---- -- hosts: all - user: root - become: yes - tasks: - - - name: ensure directories for symlinks exist - file: state=directory dest={{item}} - with_lines: cat ~/config/ansible/files/dirs_new | sed -e 's/ *#.*$//' - - name: symlink system files - file: state=hard force=yes src={{item}} dest={{item|basename|regex_replace('___','/')}} - with_fileglob: - - ~/config/ansible/files/system_new/minimal/* - - ~/config/ansible/files/system_new/{{ system_name }}/* - - name: set hostname for current session - shell: hostname {{ system_name }} - - # Init package management. - - name: add palemoon repo signing key - apt_key: - url: https://download.opensuse.org/repositories/home:stevenpusser/Debian_9.0/Release.key - state: present - - name: update package lists - apt: update_cache=yes - - name: APT - dist-upgrade - apt: upgrade=dist - - # Ensure packages needed for disk encryption on startup (how does this work?) - - name: ensure power management tools are installed - apt: name={{item}} state=present - with_lines: - - cat ~/config/ansible/files/apt-mark_new/minimal/disk_encryption | sed -e 's/ *#.*$//' - - # Ensure power management. - - name: ensure power management tools are installed - apt: name={{item}} state=present - with_lines: - - cat ~/config/ansible/files/apt-mark_new/minimal/power_management | sed -e 's/ *#.*$//' - - cat ~/config/ansible/files/apt-mark_new/X200s/power_management | sed -e 's/ *#.*$//' - - name: start TLP - shell: tlp start - - # Configure console. - # - # For some reason, some settings are only applied two reboots after this. - - name: symlink console config files - file: state=link force=yes src={{item}} dest={{item|basename|regex_replace('___','/')}} - with_fileglob: ~/config/ansible/files/console/* - - name: ensure locales and console-setup are installed - apt: name={{item}} state=present - with_lines: cat ~/config/ansible/files/apt-mark_new/minimal/console | sed -e 's/ *#.*$//' - - name: generate en_US.UTF-8 locale - locale_gen: name=en_US.UTF-8 state=present - - name: Touch keyboard config file so setupcon does not ignore it. - command: touch /etc/default/keyboard - - name: run setupcon to apply console settings from /etc/default/ - command: setupcon - - # Miscellaneous. - - name: Ensure dotfile symlinks - file: state=link force=yes src={{item}} dest=~/.{{item|basename}} - with_fileglob: - - ~/config/dotfiles/minimal/* - - ~/config/dotfiles/root/* - - name: ensure ~/.vimbackups directory - file: state=directory dest=~/.vimbackups - - name: ensure man-db, manpages are installed - apt: name={{item}} state=present - with_lines: cat ~/config/ansible/files/apt-mark_new/minimal/man | sed -e 's/ *#.*$//' - - name: set /etc/localtime - file: state=link force=yes src=/usr/share/zoneinfo/Europe/Berlin dest=/etc/localtime - - name: ensure various useful tools are installed – sudo, git, vim, less, openssh - apt: name={{item}} state=present - with_lines: cat ~/config/ansible/files/apt-mark_new/minimal/various_useful | sed -e 's/ *#.*$//' - - name: ensure boot messages are not cleared on start up - replace: dest=/etc/systemd/system/getty.target.wants/getty@tty1.service regexp='^TTYVTDisallocate=yes.*$' replace='TTYVTDisallocate=no' - - # Config user. - - name: create user plom with sudo privileges and bash shell - user: name=plom groups=sudo shell=/bin/bash - #- name: have config repo in user directory - # git: repo=https://github.com/plomlompom/config dest=/home/plom/config - # become_user: plom - # become_method: su - - # Ensure X window environment. - - name: ensure minimal X window environment - apt: name={{item}} state=present - with_lines: cat ~/config/ansible/files/apt-mark_new/minimal/minimal_x | sed -e 's/ *#.*$//' - - name: ensure 3d acceleration - apt: name={{item}} state=present - with_lines: cat ~/config/ansible/files/apt-mark_new/minimal/3d_acceleration | sed -e 's/ *#.*$//' - #- name: ensure optimus switch - # apt: name={{item}} state=present - # with_lines: cat ~/config/ansible/files/apt-mark_new/W530/3d_acceleration | sed -e 's/ *#.*$//' - #- name: ensure user plom is in bumblebee group - # user: name=plom groups=bumblebee append=yes - - name: ensure basic X tools - apt: name={{item}} state=present - with_lines: cat ~/config/ansible/files/apt-mark_new/minimal/basic_x_tools | sed -e 's/ *#.*$//' - - ## Set up browser environment. - #- name: ensure qutebrowser - # include: tasks/qutebrowser.yml - - name: ensure browser environment - apt: name={{item}} state=present - with_lines: cat ~/config/ansible/files/apt-mark_new/minimal/browser_environment | sed -e 's/ *#.*$//' - - # Ensure wifi. - - name: ensure wifi configuration - apt: name={{item}} state=present - with_lines: - - cat ~/config/ansible/files/apt-mark_new/minimal/wifi | sed -e 's/ *#.*$//' - - cat ~/config/ansible/files/apt-mark_new/X200s/wifi | sed -e 's/ *#.*$//' - #- name: ensure wicd - # apt: name={{item}} state=present - # with_lines: cat ~/config/ansible/files/apt-mark_new/W530/wicd | sed -e 's/ *#.*$//' - - # Ensure audio/video consumption necessities. - - name: ensure multimedia tools - apt: name={{item}} state=present - with_lines: cat ~/config/ansible/files/apt-mark_new/minimal/multimedia | sed -e 's/ *#.*$//' - #- name: ensure multimedia tools - # apt: name={{item}} state=present - # with_lines: cat ~/config/ansible/files/apt-mark_new/W530/multimedia | sed -e 's/ *#.*$//' - - # Ensure hotkeys. - # - # For some reason, the brightness hotkeys still won't be available unless acpid is restarted (yes, after reboot). - #- name: ensure hotkeys - # apt: name={{item}} state=present - # with_lines: cat ~/config/ansible/files/apt-mark/hotkeys | sed -e 's/ *#.*$//' - - # Remove undesired packages - - name: collect desired packages - shell: cat files/apt-mark_new/minimal/* files/apt-mark_new/{{ system_name }}/* | sed -e 's/ *#.*$//' > /tmp/white_list_unsorted && sort /tmp/white_list_unsorted > /tmp/white_list_sorted - - name: collect currently installed packages - shell: dpkg-query -Wf '${Package}\n' > /tmp/all_unsorted && sort /tmp/all_unsorted > /tmp/all_sorted - - name: create black list of packages to mark as automatically installed from the difference between the required packages and the packages currently installed - shell: comm -3 /tmp/all_sorted /tmp/white_list_sorted > /tmp/list_black - - name: mark all packages from black list as automatically installed - shell: apt-mark auto $(cat /tmp/list_black) - - name: mark all packages from white list as manually installed - shell: apt-mark manual $(cat /tmp/white_list_unsorted) - - name: purge all packages automatically installed that are not depended on - shell: DEBIAN_FRONTEND=noninteractive apt-get -y --purge autoremove - diff --git a/ansible/files/apt-mark/3d_acceleration b/ansible/files/apt-mark/3d_acceleration deleted file mode 100644 index 7d0ba5b..0000000 --- a/ansible/files/apt-mark/3d_acceleration +++ /dev/null @@ -1,5 +0,0 @@ -bumblebee-nvidia -libgl1-mesa-dri # tested as necessary for OpenGL 3D acceleration to work -libglu1-mesa # tested as necessary for OpenGL 3D acceleration to work -linux-headers-amd64 # tested as necessary to build proper nvidia-driver module -primus # bridge by which bumblebee will deliver Nvidia-renderend content to Intel card diff --git a/ansible/files/apt-mark/basic_x_tools b/ansible/files/apt-mark/basic_x_tools deleted file mode 100644 index 9c68622..0000000 --- a/ansible/files/apt-mark/basic_x_tools +++ /dev/null @@ -1,7 +0,0 @@ -i3 -i3status -python3 # this is what the i3status wrapper is written in -redshift -suckless-tools # contains dmenu; not using virtual packages as that won't be marked manually installed -xterm -x11-xserver-utils # includes xrdb which applies .Xresources files diff --git a/ansible/files/apt-mark/browser_environment b/ansible/files/apt-mark/browser_environment deleted file mode 100644 index cc9575c..0000000 --- a/ansible/files/apt-mark/browser_environment +++ /dev/null @@ -1,4 +0,0 @@ -iceweasel -vim-gtk # used by pentadactyl for text editing -xul-ext-noscript -xul-ext-pentadactyl diff --git a/ansible/files/apt-mark/console b/ansible/files/apt-mark/console deleted file mode 100644 index 01bcbf8..0000000 --- a/ansible/files/apt-mark/console +++ /dev/null @@ -1,2 +0,0 @@ -console-setup -locales diff --git a/ansible/files/apt-mark/core b/ansible/files/apt-mark/core deleted file mode 100644 index 43afba8..0000000 --- a/ansible/files/apt-mark/core +++ /dev/null @@ -1,55 +0,0 @@ -base-files -base-passwd -bash -bsdutils -coreutils -dash -debconf -debianutils -diffutils -dpkg -e2fslibs -e2fsprogs -findutils -gcc-6-base -grep -gzip -hostname -init-system-helpers -libacl1 -libattr1 -libblkid1 -libc6 -libc-bin -libcomerr2 -libfdisk1 -libgcc1 -liblzma5 -libmount1 -libpam0g -libpam-modules -libpam-modules-bin -libpam-runtime -libpcre3 -libselinux1 -libsepol1 -libsmartcols1 -libss2 -libtinfo5 -libuuid1 -login -lsb-base -mawk -mount -multiarch-support -ncurses-base -ncurses-bin -passwd -perl-base -sed -sensible-utils -sysvinit-utils -tar -tzdata -util-linux -zlib1g diff --git a/ansible/files/apt-mark/hotkeys b/ansible/files/apt-mark/hotkeys deleted file mode 100644 index f11bdfa..0000000 --- a/ansible/files/apt-mark/hotkeys +++ /dev/null @@ -1 +0,0 @@ -acpid # captures hotkey presses and triggers respective /etc/acpi/events/* diff --git a/ansible/files/apt-mark/man b/ansible/files/apt-mark/man deleted file mode 100644 index f688e67..0000000 --- a/ansible/files/apt-mark/man +++ /dev/null @@ -1,2 +0,0 @@ -man-db -manpages diff --git a/ansible/files/apt-mark/minimal_ansible_environment b/ansible/files/apt-mark/minimal_ansible_environment deleted file mode 100644 index f9f4097..0000000 --- a/ansible/files/apt-mark/minimal_ansible_environment +++ /dev/null @@ -1,3 +0,0 @@ -ansible -ifupdown # needed for internet connectivity -isc-dhcp-client # needed for internet connectivity diff --git a/ansible/files/apt-mark/minimal_x b/ansible/files/apt-mark/minimal_x deleted file mode 100644 index f785794..0000000 --- a/ansible/files/apt-mark/minimal_x +++ /dev/null @@ -1,4 +0,0 @@ -libpam-systemd # needed to start X as non-root -xinit # contains startx -xserver-xorg-core -xserver-xorg-input-evdev # supports all input devices the kernel knows about diff --git a/ansible/files/apt-mark/multimedia b/ansible/files/apt-mark/multimedia deleted file mode 100644 index 0b6d9ef..0000000 --- a/ansible/files/apt-mark/multimedia +++ /dev/null @@ -1,6 +0,0 @@ -alsa-utils -eject -ffmpeg # somehow this is needed to make youtube-dl grab 1080p versions of videos -libdvd-pkg # decss stuff -mpv -youtube-dl # needed by mpv to directly work YouTube URLs diff --git a/ansible/files/apt-mark/power_management b/ansible/files/apt-mark/power_management deleted file mode 100644 index 3dba602..0000000 --- a/ansible/files/apt-mark/power_management +++ /dev/null @@ -1,2 +0,0 @@ -acpi-call-dkms # needed for tlp to access Thinkpad-specific features -tlp diff --git a/ansible/files/apt-mark/various_useful b/ansible/files/apt-mark/various_useful deleted file mode 100644 index e37a898..0000000 --- a/ansible/files/apt-mark/various_useful +++ /dev/null @@ -1,5 +0,0 @@ -git -less -openssh-client -sudo -vim diff --git a/ansible/files/apt-mark/wifi b/ansible/files/apt-mark/wifi deleted file mode 100644 index 0d9d93c..0000000 --- a/ansible/files/apt-mark/wifi +++ /dev/null @@ -1,4 +0,0 @@ -firmware-iwlwifi # wifi driver -wicd-cli # thanks to my own wicd_wrapper.sh should be enough for most stuff -wicd-curses # although this currently is very buggy -wicd-gtk # workaround for when wicd-curses fails diff --git a/ansible/files/apt-mark_new/W530/3d_acceleration b/ansible/files/apt-mark_new/W530/3d_acceleration deleted file mode 100644 index 1b7e696..0000000 --- a/ansible/files/apt-mark_new/W530/3d_acceleration +++ /dev/null @@ -1,3 +0,0 @@ -bumblebee-nvidia -linux-headers-amd64 # tested as necessary to build proper nvidia-driver module -primus # bridge by which bumblebee will deliver Nvidia-renderend content to Intel card diff --git a/ansible/files/apt-mark_new/W530/browser_environment b/ansible/files/apt-mark_new/W530/browser_environment deleted file mode 100644 index cc9575c..0000000 --- a/ansible/files/apt-mark_new/W530/browser_environment +++ /dev/null @@ -1,4 +0,0 @@ -iceweasel -vim-gtk # used by pentadactyl for text editing -xul-ext-noscript -xul-ext-pentadactyl diff --git a/ansible/files/apt-mark_new/W530/hotkeys b/ansible/files/apt-mark_new/W530/hotkeys deleted file mode 100644 index f11bdfa..0000000 --- a/ansible/files/apt-mark_new/W530/hotkeys +++ /dev/null @@ -1 +0,0 @@ -acpid # captures hotkey presses and triggers respective /etc/acpi/events/* diff --git a/ansible/files/apt-mark_new/W530/multimedia b/ansible/files/apt-mark_new/W530/multimedia deleted file mode 100644 index 219097d..0000000 --- a/ansible/files/apt-mark_new/W530/multimedia +++ /dev/null @@ -1,3 +0,0 @@ -eject -ffmpeg # somehow this is needed to make youtube-dl grab 1080p versions of videos -libdvd-pkg # decss stuff diff --git a/ansible/files/apt-mark_new/W530/wicd b/ansible/files/apt-mark_new/W530/wicd deleted file mode 100644 index 55d86fe..0000000 --- a/ansible/files/apt-mark_new/W530/wicd +++ /dev/null @@ -1,3 +0,0 @@ -wicd-cli # thanks to my own wicd_wrapper.sh should be enough for most stuff -wicd-curses # although this currently is very buggy -wicd-gtk # workaround for when wicd-curses fails diff --git a/ansible/files/apt-mark_new/X200s/multimedia b/ansible/files/apt-mark_new/X200s/multimedia deleted file mode 100644 index dbcf4ee..0000000 --- a/ansible/files/apt-mark_new/X200s/multimedia +++ /dev/null @@ -1,4 +0,0 @@ -alsa-utils -ffmpeg # somehow this is needed to make youtube-dl grab 1080p versions of videos -mpv -youtube-dl # needed by mpv to directly work YouTube URLs diff --git a/ansible/files/apt-mark_new/X200s/power_management b/ansible/files/apt-mark_new/X200s/power_management deleted file mode 100644 index f6954bf..0000000 --- a/ansible/files/apt-mark_new/X200s/power_management +++ /dev/null @@ -1,2 +0,0 @@ -tp-smapi-dkms -linux-headers-amd64 diff --git a/ansible/files/apt-mark_new/X200s/wifi b/ansible/files/apt-mark_new/X200s/wifi deleted file mode 100644 index a0e499d..0000000 --- a/ansible/files/apt-mark_new/X200s/wifi +++ /dev/null @@ -1 +0,0 @@ -wpasupplicant diff --git a/ansible/files/apt-mark_new/minimal/3d_acceleration b/ansible/files/apt-mark_new/minimal/3d_acceleration deleted file mode 100644 index aa318bd..0000000 --- a/ansible/files/apt-mark_new/minimal/3d_acceleration +++ /dev/null @@ -1,2 +0,0 @@ -libglu1-mesa # tested as necessary for OpenGL 3D acceleration to work -libgl1-mesa-dri # tested as necessary for OpenGL 3D acceleration to work diff --git a/ansible/files/apt-mark_new/minimal/basic_x_tools b/ansible/files/apt-mark_new/minimal/basic_x_tools deleted file mode 100644 index 9c68622..0000000 --- a/ansible/files/apt-mark_new/minimal/basic_x_tools +++ /dev/null @@ -1,7 +0,0 @@ -i3 -i3status -python3 # this is what the i3status wrapper is written in -redshift -suckless-tools # contains dmenu; not using virtual packages as that won't be marked manually installed -xterm -x11-xserver-utils # includes xrdb which applies .Xresources files diff --git a/ansible/files/apt-mark_new/minimal/browser_environment b/ansible/files/apt-mark_new/minimal/browser_environment deleted file mode 100644 index 536ea49..0000000 --- a/ansible/files/apt-mark_new/minimal/browser_environment +++ /dev/null @@ -1 +0,0 @@ -palemoon diff --git a/ansible/files/apt-mark_new/minimal/console b/ansible/files/apt-mark_new/minimal/console deleted file mode 100644 index 01bcbf8..0000000 --- a/ansible/files/apt-mark_new/minimal/console +++ /dev/null @@ -1,2 +0,0 @@ -console-setup -locales diff --git a/ansible/files/apt-mark_new/minimal/core b/ansible/files/apt-mark_new/minimal/core deleted file mode 100644 index 43afba8..0000000 --- a/ansible/files/apt-mark_new/minimal/core +++ /dev/null @@ -1,55 +0,0 @@ -base-files -base-passwd -bash -bsdutils -coreutils -dash -debconf -debianutils -diffutils -dpkg -e2fslibs -e2fsprogs -findutils -gcc-6-base -grep -gzip -hostname -init-system-helpers -libacl1 -libattr1 -libblkid1 -libc6 -libc-bin -libcomerr2 -libfdisk1 -libgcc1 -liblzma5 -libmount1 -libpam0g -libpam-modules -libpam-modules-bin -libpam-runtime -libpcre3 -libselinux1 -libsepol1 -libsmartcols1 -libss2 -libtinfo5 -libuuid1 -login -lsb-base -mawk -mount -multiarch-support -ncurses-base -ncurses-bin -passwd -perl-base -sed -sensible-utils -sysvinit-utils -tar -tzdata -util-linux -zlib1g diff --git a/ansible/files/apt-mark_new/minimal/disk_encryption b/ansible/files/apt-mark_new/minimal/disk_encryption deleted file mode 100644 index 67ecd10..0000000 --- a/ansible/files/apt-mark_new/minimal/disk_encryption +++ /dev/null @@ -1,2 +0,0 @@ -cryptsetup -udev diff --git a/ansible/files/apt-mark_new/minimal/man b/ansible/files/apt-mark_new/minimal/man deleted file mode 100644 index f688e67..0000000 --- a/ansible/files/apt-mark_new/minimal/man +++ /dev/null @@ -1,2 +0,0 @@ -man-db -manpages diff --git a/ansible/files/apt-mark_new/minimal/minimal_ansible_environment b/ansible/files/apt-mark_new/minimal/minimal_ansible_environment deleted file mode 100644 index f9f4097..0000000 --- a/ansible/files/apt-mark_new/minimal/minimal_ansible_environment +++ /dev/null @@ -1,3 +0,0 @@ -ansible -ifupdown # needed for internet connectivity -isc-dhcp-client # needed for internet connectivity diff --git a/ansible/files/apt-mark_new/minimal/minimal_x b/ansible/files/apt-mark_new/minimal/minimal_x deleted file mode 100644 index f785794..0000000 --- a/ansible/files/apt-mark_new/minimal/minimal_x +++ /dev/null @@ -1,4 +0,0 @@ -libpam-systemd # needed to start X as non-root -xinit # contains startx -xserver-xorg-core -xserver-xorg-input-evdev # supports all input devices the kernel knows about diff --git a/ansible/files/apt-mark_new/minimal/multimedia b/ansible/files/apt-mark_new/minimal/multimedia deleted file mode 100644 index 0bcc060..0000000 --- a/ansible/files/apt-mark_new/minimal/multimedia +++ /dev/null @@ -1,3 +0,0 @@ -alsa-utils -mpv -youtube-dl # needed by mpv to directly work YouTube URLs diff --git a/ansible/files/apt-mark_new/minimal/power_management b/ansible/files/apt-mark_new/minimal/power_management deleted file mode 100644 index 3dba602..0000000 --- a/ansible/files/apt-mark_new/minimal/power_management +++ /dev/null @@ -1,2 +0,0 @@ -acpi-call-dkms # needed for tlp to access Thinkpad-specific features -tlp diff --git a/ansible/files/apt-mark_new/minimal/various_useful b/ansible/files/apt-mark_new/minimal/various_useful deleted file mode 100644 index e37a898..0000000 --- a/ansible/files/apt-mark_new/minimal/various_useful +++ /dev/null @@ -1,5 +0,0 @@ -git -less -openssh-client -sudo -vim diff --git a/ansible/files/apt-mark_new/minimal/wifi b/ansible/files/apt-mark_new/minimal/wifi deleted file mode 100644 index 4b8432d..0000000 --- a/ansible/files/apt-mark_new/minimal/wifi +++ /dev/null @@ -1 +0,0 @@ -firmware-iwlwifi # wifi driver diff --git a/ansible/files/console/___etc___default___console-setup b/ansible/files/console/___etc___default___console-setup deleted file mode 100644 index 090d241..0000000 --- a/ansible/files/console/___etc___default___console-setup +++ /dev/null @@ -1,4 +0,0 @@ -CHARMAP="UTF-8" -CODESET="Lat15" -FONTFACE="Terminus" -FONTSIZE="6x12" diff --git a/ansible/files/console/___etc___default___keyboard b/ansible/files/console/___etc___default___keyboard deleted file mode 100644 index 7f08e30..0000000 --- a/ansible/files/console/___etc___default___keyboard +++ /dev/null @@ -1,4 +0,0 @@ -# setting XKBMODEL to the questionable default seems to be necessary and works nicely -# curiously, putting a comment on the same line as a variable setting seems to break things -XKBMODEL="pc105" -XKBLAYOUT="de" diff --git a/ansible/files/dirs b/ansible/files/dirs deleted file mode 100644 index 269b746..0000000 --- a/ansible/files/dirs +++ /dev/null @@ -1,2 +0,0 @@ -/etc/wicd -/etc/acpi/events diff --git a/ansible/files/dirs_new b/ansible/files/dirs_new deleted file mode 100644 index 0739bb8..0000000 --- a/ansible/files/dirs_new +++ /dev/null @@ -1 +0,0 @@ -/etc/wicd diff --git a/ansible/files/system/___etc___X11___xorg.conf.forced_nvidia b/ansible/files/system/___etc___X11___xorg.conf.forced_nvidia deleted file mode 100644 index 605a10d..0000000 --- a/ansible/files/system/___etc___X11___xorg.conf.forced_nvidia +++ /dev/null @@ -1,34 +0,0 @@ -# This is the Optimus-specific configuration recommended by the "NVIDIA -# Accelerated Linux Graphics Drivre README and Installation Guide", Chapter 32 -# "Offloading Graphics Display with RandR 1.4" -# () -# with the "AllowEmptyInitialConfigratuion" added as described by -# . - -Section "ServerLayout" - Identifier "layout" - Screen 0 "nvidia" - Inactive "intel" -EndSection - -Section "Device" - Identifier "nvidia" - Driver "nvidia" - BusID "PCI:01:00:0" - Option "AllowEmptyInitialConfiguration" -EndSection - -Section "Screen" - Identifier "nvidia" - Device "nvidia" -EndSection - -Section "Device" - Identifier "intel" - Driver "modesetting" -EndSection - -Section "Screen" - Identifier "intel" - Device "intel" -EndSection diff --git a/ansible/files/system/___etc___acpi___events___plom-brightness-down b/ansible/files/system/___etc___acpi___events___plom-brightness-down deleted file mode 100644 index 8d718d2..0000000 --- a/ansible/files/system/___etc___acpi___events___plom-brightness-down +++ /dev/null @@ -1,2 +0,0 @@ -event=video/brightnessdown -action=/root/config/bin/w530_backlight.sh - diff --git a/ansible/files/system/___etc___acpi___events___plom-brightness-up b/ansible/files/system/___etc___acpi___events___plom-brightness-up deleted file mode 100644 index 864ce5f..0000000 --- a/ansible/files/system/___etc___acpi___events___plom-brightness-up +++ /dev/null @@ -1,2 +0,0 @@ -event=video/brightnessup -action=/root/config/bin/w530_backlight.sh + diff --git a/ansible/files/system/___etc___acpi___events___plom-micmute b/ansible/files/system/___etc___acpi___events___plom-micmute deleted file mode 100644 index 2aab48e..0000000 --- a/ansible/files/system/___etc___acpi___events___plom-micmute +++ /dev/null @@ -1,2 +0,0 @@ -event=button/f20 -action=amixer set Mic toggle diff --git a/ansible/files/system/___etc___acpi___events___plom-mute b/ansible/files/system/___etc___acpi___events___plom-mute deleted file mode 100644 index 3c40988..0000000 --- a/ansible/files/system/___etc___acpi___events___plom-mute +++ /dev/null @@ -1,2 +0,0 @@ -event=button/mute -action=amixer set Master toggle diff --git a/ansible/files/system/___etc___acpi___events___plom-volume-down b/ansible/files/system/___etc___acpi___events___plom-volume-down deleted file mode 100644 index 7658b1c..0000000 --- a/ansible/files/system/___etc___acpi___events___plom-volume-down +++ /dev/null @@ -1,2 +0,0 @@ -event=button/volumedown -action=amixer set Master 10- diff --git a/ansible/files/system/___etc___acpi___events___plom-volume-up b/ansible/files/system/___etc___acpi___events___plom-volume-up deleted file mode 100644 index 9ba779f..0000000 --- a/ansible/files/system/___etc___acpi___events___plom-volume-up +++ /dev/null @@ -1,2 +0,0 @@ -event=button/volumeup -action=amixer set Master 10+ diff --git a/ansible/files/system/___etc___apt___apt.conf.d___99mindeps b/ansible/files/system/___etc___apt___apt.conf.d___99mindeps deleted file mode 100644 index 4aaef79..0000000 --- a/ansible/files/system/___etc___apt___apt.conf.d___99mindeps +++ /dev/null @@ -1,4 +0,0 @@ -APT::AutoRemove::RecommendsImportant "false"; -APT::AutoRemove::SuggestsImportant "false"; -APT::Install-Recommends "false"; -APT::Install-Suggests "false"; diff --git a/ansible/files/system/___etc___apt___sources.list b/ansible/files/system/___etc___apt___sources.list deleted file mode 100644 index e64d6ee..0000000 --- a/ansible/files/system/___etc___apt___sources.list +++ /dev/null @@ -1,4 +0,0 @@ -deb http://ftp.debian.org/debian/ stretch main contrib non-free -deb http://ftp.debian.org/debian/ stretch-updates main contrib non-free -deb http://ftp.debian.org/debian stretch-backports main contrib non-free -deb http://security.debian.org/ stretch/updates main contrib non-free diff --git a/ansible/files/system/___etc___default___tlp b/ansible/files/system/___etc___default___tlp deleted file mode 100644 index 6db0f60..0000000 --- a/ansible/files/system/___etc___default___tlp +++ /dev/null @@ -1,278 +0,0 @@ -# ------------------------------------------------------------------------------ -# tlp - Parameters for power save -# See full explanation: http://linrunner.de/en/tlp/docs/tlp-configuration.html - -# Hint: some features are disabled by default, remove the leading # to enable -# them. - -# Set to 0 to disable, 1 to enable TLP. -TLP_ENABLE=1 - -# Operation mode when no power supply can be detected: AC, BAT -# Concerns some desktop and embedded hardware only. -TLP_DEFAULT_MODE=AC - -# Seconds laptop mode has to wait after the disk goes idle before doing a sync. -# Non-zero value enables, zero disables laptop mode. -DISK_IDLE_SECS_ON_AC=0 -DISK_IDLE_SECS_ON_BAT=2 - -# Dirty page values (timeouts in secs). -MAX_LOST_WORK_SECS_ON_AC=15 -MAX_LOST_WORK_SECS_ON_BAT=60 - -# Hint: CPU parameters below are disabled by default, remove the leading # -# to enable them, otherwise kernel default values are used. - -# Select a CPU frequency scaling governor. -# Intel Core i processor with intel_pstate driver: -# powersave(*), performance -# Older hardware with acpi-cpufreq driver: -# ondemand(*), powersave, performance, conservative -# (*) is recommended. -# Hint: use tlp-stat -p to show the active driver and available governors. -# Important: -# You *must* disable your distribution's governor settings or conflicts will -# occur. ondemand is sufficient for *almost all* workloads, you should know -# what you're doing! -#CPU_SCALING_GOVERNOR_ON_AC=powersave -#CPU_SCALING_GOVERNOR_ON_BAT=powersave - -# Set the min/max frequency available for the scaling governor. -# Possible values strongly depend on your CPU. For available frequencies see -# the output of tlp-stat -p. -#CPU_SCALING_MIN_FREQ_ON_AC=0 -#CPU_SCALING_MAX_FREQ_ON_AC=0 -#CPU_SCALING_MIN_FREQ_ON_BAT=0 -#CPU_SCALING_MAX_FREQ_ON_BAT=0 - -# Set Intel P-state performance: 0..100 (%) -# Limit the max/min P-state to control the power dissipation of the CPU. -# Values are stated as a percentage of the available performance. -# Requires an Intel Core i processor with intel_pstate driver. -#CPU_MIN_PERF_ON_AC=0 -#CPU_MAX_PERF_ON_AC=100 -#CPU_MIN_PERF_ON_BAT=0 -#CPU_MAX_PERF_ON_BAT=30 - -# Set the CPU "turbo boost" feature: 0=disable, 1=allow -# Requires an Intel Core i processor. -# Important: -# - This may conflict with your distribution's governor settings -# - A value of 1 does *not* activate boosting, it just allows it -#CPU_BOOST_ON_AC=1 -#CPU_BOOST_ON_BAT=0 - -# Minimize number of used CPU cores/hyper-threads under light load conditions -SCHED_POWERSAVE_ON_AC=0 -SCHED_POWERSAVE_ON_BAT=1 - -# Kernel NMI Watchdog: -# 0=disable (default, saves power), 1=enable (for kernel debugging only) -NMI_WATCHDOG=0 - -# Change CPU voltages aka "undervolting" - Kernel with PHC patch required -# Frequency voltage pairs are written to: -# /sys/devices/system/cpu/cpu0/cpufreq/phc_controls -# CAUTION: only use this, if you thoroughly understand what you are doing! -#PHC_CONTROLS="F:V F:V F:V F:V" - -# Set CPU performance versus energy savings policy: -# performance, normal, powersave -# Requires kernel module msr and x86_energy_perf_policy from linux-tools -ENERGY_PERF_POLICY_ON_AC=performance -ENERGY_PERF_POLICY_ON_BAT=powersave - -# Hard disk devices; separate multiple devices with spaces (default: sda). -# Devices can be specified by disk ID also (lookup with: tlp diskid). -DISK_DEVICES="sda sdb" - -# Hard disk advanced power management level: 1..254, 255 (max saving, min, off) -# Levels 1..127 may spin down the disk; 255 allowable on most drives. -# Separate values for multiple disks with spaces. Use the special value 'keep' -# to keep the hardware default for the particular disk. -DISK_APM_LEVEL_ON_AC="254 254" -DISK_APM_LEVEL_ON_BAT="128 128" - -# Hard disk spin down timeout: -# 0: spin down disabled -# 1..240: timeouts from 5s to 20min (in units of 5s) -# 241..251: timeouts from 30min to 5.5 hours (in units of 30min) -# See 'man hdparm' for details. -# Separate values for multiple disks with spaces. Use the special value 'keep' -# to keep the hardware default for the particular disk. -#DISK_SPINDOWN_TIMEOUT_ON_AC="0 0" -#DISK_SPINDOWN_TIMEOUT_ON_BAT="0 0" - -# Select IO scheduler for the disk devices: cfq, deadline, noop (Default: cfq); -# Separate values for multiple disks with spaces. Use the special value 'keep' -# to keep the kernel default scheduler for the particular disk. -#DISK_IOSCHED="cfq cfq" - -# SATA aggressive link power management (ALPM): -# min_power, medium_power, max_performance -SATA_LINKPWR_ON_AC=max_performance -SATA_LINKPWR_ON_BAT=min_power - -# Exclude SATA host devices from link power management. -# Separate multiple hosts with spaces. -#SATA_LINKPWR_BLACKLIST="host1" - -# Runtime Power Management for AHCI controllers and disks: -# on=disable, auto=enable -# EXPERIMENTAL ** WARNING: auto will most likely cause system lockups/data loss -#AHCI_RUNTIME_PM_ON_AC=on -#AHCI_RUNTIME_PM_ON_BAT=on - -# Seconds of inactivity before disk is suspended -AHCI_RUNTIME_PM_TIMEOUT=15 - -# PCI Express Active State Power Management (PCIe ASPM): -# default, performance, powersave -PCIE_ASPM_ON_AC=performance -PCIE_ASPM_ON_BAT=powersave - -# Radeon graphics clock speed (profile method): low, mid, high, auto, default; -# auto = mid on BAT, high on AC; default = use hardware defaults. -# (Kernel >= 2.6.35 only, open-source radeon driver explicitly) -RADEON_POWER_PROFILE_ON_AC=high -RADEON_POWER_PROFILE_ON_BAT=low - -# Radeon dynamic power management method (DPM): battery, performance -# (Kernel >= 3.11 only, requires boot option radeon.dpm=1) -RADEON_DPM_STATE_ON_AC=performance -RADEON_DPM_STATE_ON_BAT=battery - -# Radeon DPM performance level: auto, low, high; auto is recommended. -RADEON_DPM_PERF_LEVEL_ON_AC=auto -RADEON_DPM_PERF_LEVEL_ON_BAT=auto - -# WiFi power saving mode: on=enable, off=disable; not supported by all adapters. -WIFI_PWR_ON_AC=off -WIFI_PWR_ON_BAT=on - -# Disable wake on LAN: Y/N -WOL_DISABLE=Y - -# Enable audio power saving for Intel HDA, AC97 devices (timeout in secs). -# A value of 0 disables, >=1 enables power save. -SOUND_POWER_SAVE_ON_AC=0 -SOUND_POWER_SAVE_ON_BAT=1 - -# Disable controller too (HDA only): Y/N -SOUND_POWER_SAVE_CONTROLLER=Y - -# Set to 1 to power off optical drive in UltraBay/MediaBay when running on -# battery. A value of 0 disables this feature (Default). -# Drive can be powered on again by releasing (and reinserting) the eject lever -# or by pressing the disc eject button on newer models. -# Note: an UltraBay/MediaBay hard disk is never powered off. -BAY_POWEROFF_ON_BAT=0 -# Optical drive device to power off (default sr0). -BAY_DEVICE="sr0" - -# Runtime Power Management for PCI(e) bus devices: on=disable, auto=enable -RUNTIME_PM_ON_AC=on -RUNTIME_PM_ON_BAT=auto - -# Runtime PM for *all* PCI(e) bus devices, except blacklisted ones: -# 0=disable, 1=enable -RUNTIME_PM_ALL=1 - -# Exclude PCI(e) device adresses the following list from Runtime PM -# (separate with spaces). Use lspci to get the adresses (1st column). -#RUNTIME_PM_BLACKLIST="bb:dd.f 11:22.3 44:55.6" - -# Exclude PCI(e) devices assigned to the listed drivers from Runtime PM -# (should prevent accidential power on of hybrid graphics' discrete part). -# Default is "radeon nouveau"; use "" to disable the feature completely. -# Separate multiple drivers with spaces. -RUNTIME_PM_DRIVER_BLACKLIST="radeon nouveau" - -# Set to 0 to disable, 1 to enable USB autosuspend feature. -USB_AUTOSUSPEND=1 - -# Exclude listed devices from USB autosuspend (separate with spaces). -# Use lsusb to get the ids. -# Note: input devices (usbhid) are excluded automatically (see below) -#USB_BLACKLIST="1111:2222 3333:4444" - -# WWAN devices are excluded from USB autosuspend: 0=do not exclude / 1=exclude -USB_BLACKLIST_WWAN=1 - -# Include listed devices into USB autosuspend even if already excluded -# by the driver or WWAN blacklists above (separate with spaces). -# Use lsusb to get the ids. -#USB_WHITELIST="1111:2222 3333:4444" - -# Set to 1 to disable autosuspend before shutdown, 0 to do nothing -# (workaround for USB devices that cause shutdown problems). -#USB_AUTOSUSPEND_DISABLE_ON_SHUTDOWN=1 - -# Restore radio device state (Bluetooth, WiFi, WWAN) from previous shutdown -# on system startup: 0=disable, 1=enable. -# Hint: the parameters DEVICES_TO_DISABLE/ENABLE_ON_STARTUP/SHUTDOWN below -# are ignored when this is enabled! -RESTORE_DEVICE_STATE_ON_STARTUP=0 - -# Radio devices to disable on startup: bluetooth, wifi, wwan. -# Separate multiple devices with spaces. -DEVICES_TO_DISABLE_ON_STARTUP="bluetooth wifi wwan" - -# Radio devices to enable on startup: bluetooth, wifi, wwan. -# Separate multiple devices with spaces. -#DEVICES_TO_ENABLE_ON_STARTUP="wifi" - -# Radio devices to disable on shutdown: bluetooth, wifi, wwan -# (workaround for devices that are blocking shutdown). -#DEVICES_TO_DISABLE_ON_SHUTDOWN="bluetooth wifi wwan" - -# Radio devices to enable on shutdown: bluetooth, wifi, wwan -# (to prevent other operating systems from missing radios). -#DEVICES_TO_ENABLE_ON_SHUTDOWN="wwan" - -# Radio devices to enable on AC: bluetooth, wifi, wwan -#DEVICES_TO_ENABLE_ON_AC="bluetooth wifi wwan" - -# Radio devices to disable on battery: bluetooth, wifi, wwan -#DEVICES_TO_DISABLE_ON_BAT="bluetooth wifi wwan" - -# Radio devices to disable on battery when not in use (not connected): -# bluetooth, wifi, wwan -DEVICES_TO_DISABLE_ON_BAT_NOT_IN_USE="bluetooth wifi wwan" - -# Battery charge thresholds (ThinkPad only, tp-smapi or acpi-call kernel module -# required). Charging starts when the remaining capacity falls below the -# START_CHARGE_THRESH value and stops when exceeding the STOP_CHARGE_THRESH value. -# Main / Internal battery (values in %) -START_CHARGE_THRESH_BAT0=10 -STOP_CHARGE_THRESH_BAT0=95 -# Ultrabay / Slice / Replaceable battery (values in %) -START_CHARGE_THRESH_BAT1=10 -STOP_CHARGE_THRESH_BAT1=95 - -# ------------------------------------------------------------------------------ -# tlp-rdw - Parameters for the radio device wizard -# Possible devices: bluetooth, wifi, wwan - -# Hints: -# - Parameters are disabled by default, remove the leading # to enable them. -# - Separate multiple radio devices with spaces. - -# Radio devices to disable on connect. -#DEVICES_TO_DISABLE_ON_LAN_CONNECT="wifi wwan" -#DEVICES_TO_DISABLE_ON_WIFI_CONNECT="wwan" -#DEVICES_TO_DISABLE_ON_WWAN_CONNECT="wifi" - -# Radio devices to enable on disconnect. -#DEVICES_TO_ENABLE_ON_LAN_DISCONNECT="wifi wwan" -#DEVICES_TO_ENABLE_ON_WIFI_DISCONNECT="" -#DEVICES_TO_ENABLE_ON_WWAN_DISCONNECT="" - -# Radio devices to enable/disable when docked. -#DEVICES_TO_ENABLE_ON_DOCK="" -#DEVICES_TO_DISABLE_ON_DOCK="" - -# Radio devices to enable/disable when undocked. -#DEVICES_TO_ENABLE_ON_UNDOCK="wifi" -#DEVICES_TO_DISABLE_ON_UNDOCK="" diff --git a/ansible/files/system/___etc___hostname b/ansible/files/system/___etc___hostname deleted file mode 100644 index 8769fca..0000000 --- a/ansible/files/system/___etc___hostname +++ /dev/null @@ -1 +0,0 @@ -w530 diff --git a/ansible/files/system/___etc___hosts b/ansible/files/system/___etc___hosts deleted file mode 100644 index d920e4f..0000000 --- a/ansible/files/system/___etc___hosts +++ /dev/null @@ -1,7 +0,0 @@ -127.0.0.1 localhost -127.0.1.1 w530 - -# The following lines are desirable for IPv6 capable hosts -::1 localhost ip6-localhost ip6-loopback -ff02::1 ip6-allnodes -ff02::2 ip6-allrouters diff --git a/ansible/files/system/___etc___profile b/ansible/files/system/___etc___profile deleted file mode 100644 index 5884d7b..0000000 --- a/ansible/files/system/___etc___profile +++ /dev/null @@ -1,35 +0,0 @@ -# /etc/profile: system-wide .profile file for the Bourne shell (sh(1)) -# and Bourne compatible shells (bash(1), ksh(1), ash(1), ...). - -if [ "`id -u`" -eq 0 ]; then - PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" -else - PATH="/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games" -fi -export PATH - -if [ "${PS1-}" ]; then - if [ "${BASH-}" ] && [ "$BASH" != "/bin/sh" ]; then - # The file bash.bashrc already sets the default PS1. - # PS1='\h:\w\$ ' - if [ -f /etc/bash.bashrc ]; then - . /etc/bash.bashrc - fi - else - if [ "`id -u`" -eq 0 ]; then - PS1='# ' - else - PS1='$ ' - fi - fi -fi - -if [ -d /etc/profile.d ]; then - for i in /etc/profile.d/*.sh; do - if [ -r $i ]; then - . $i - fi - done - unset i -fi -export LC_ALL="en_US.UTF-8" diff --git a/ansible/files/system/___etc___systemd___logind.conf b/ansible/files/system/___etc___systemd___logind.conf deleted file mode 100644 index 7a9004a..0000000 --- a/ansible/files/system/___etc___systemd___logind.conf +++ /dev/null @@ -1,38 +0,0 @@ -# This file is part of systemd. -# -# systemd is free software; you can redistribute it and/or modify it -# under the terms of the GNU Lesser General Public License as published by -# the Free Software Foundation; either version 2.1 of the License, or -# (at your option) any later version. -# -# Entries in this file show the compile time defaults. -# You can change settings by editing this file. -# Defaults can be restored by simply deleting this file. -# -# See logind.conf(5) for details. - -[Login] -#NAutoVTs=6 -#ReserveVT=6 -#KillUserProcesses=no -#KillOnlyUsers= -#KillExcludeUsers=root -#InhibitDelayMaxSec=5 -#HandlePowerKey=poweroff -#HandleSuspendKey=suspend -#HandleHibernateKey=hibernate -#HandleLidSwitch=suspend -#HandleLidSwitchDocked=ignore -#PowerKeyIgnoreInhibited=no -#SuspendKeyIgnoreInhibited=no -#HibernateKeyIgnoreInhibited=no -#LidSwitchIgnoreInhibited=yes -#HoldoffTimeoutSec=30s -#IdleAction=ignore -#IdleActionSec=30min -#RuntimeDirectorySize=10% -#RemoveIPC=yes -#InhibitorsMax=8192 -#SessionsMax=8192 -#UserTasksMax=33% -HandleLidSwitch=hibernate diff --git a/ansible/files/system/___etc___timezone b/ansible/files/system/___etc___timezone deleted file mode 100644 index 94d5acc..0000000 --- a/ansible/files/system/___etc___timezone +++ /dev/null @@ -1 +0,0 @@ -Europe/Berlin diff --git a/ansible/files/system/___etc___wicd___manager-settings.conf b/ansible/files/system/___etc___wicd___manager-settings.conf deleted file mode 100644 index d2ef3ee..0000000 --- a/ansible/files/system/___etc___wicd___manager-settings.conf +++ /dev/null @@ -1,24 +0,0 @@ -[Settings] -backend = external -wireless_interface = wlp3s0 -wired_interface = enp0s25 -wpa_driver = wext -always_show_wired_interface = False -use_global_dns = False -global_dns_1 = None -global_dns_2 = None -global_dns_3 = None -global_dns_dom = None -global_search_dom = None -auto_reconnect = True -debug_mode = False -wired_connect_mode = 1 -signal_display_type = 0 -should_verify_ap = 1 -dhcp_client = 0 -link_detect_tool = 0 -flush_tool = 0 -sudo_app = 0 -prefer_wired = False -show_never_connect = True - diff --git a/ansible/files/system_new/W530/___etc___X11___xorg.conf.forced_nvidia b/ansible/files/system_new/W530/___etc___X11___xorg.conf.forced_nvidia deleted file mode 100644 index e651031..0000000 --- a/ansible/files/system_new/W530/___etc___X11___xorg.conf.forced_nvidia +++ /dev/null @@ -1,34 +0,0 @@ -# This is the Optimus-specific configuration recommended by the "NVIDIA -# Accelerated Linux Graphics Driver README and Installation Guide", Chapter 32 -# "Offloading Graphics Display with RandR 1.4" -# () -# with the "AllowEmptyInitialConfigratuion" added as described by -# . - -Section "ServerLayout" - Identifier "layout" - Screen 0 "nvidia" - Inactive "intel" -EndSection - -Section "Device" - Identifier "nvidia" - Driver "nvidia" - BusID "PCI:01:00:0" - Option "AllowEmptyInitialConfiguration" -EndSection - -Section "Screen" - Identifier "nvidia" - Device "nvidia" -EndSection - -Section "Device" - Identifier "intel" - Driver "modesetting" -EndSection - -Section "Screen" - Identifier "intel" - Device "intel" -EndSection diff --git a/ansible/files/system_new/W530/___etc___hostname b/ansible/files/system_new/W530/___etc___hostname deleted file mode 100644 index 4d385ae..0000000 --- a/ansible/files/system_new/W530/___etc___hostname +++ /dev/null @@ -1 +0,0 @@ -W530 diff --git a/ansible/files/system_new/W530/___etc___hosts b/ansible/files/system_new/W530/___etc___hosts deleted file mode 100644 index c6f72a5..0000000 --- a/ansible/files/system_new/W530/___etc___hosts +++ /dev/null @@ -1,7 +0,0 @@ -127.0.0.1 localhost -127.0.1.1 W530 - -# The following lines are desirable for IPv6 capable hosts -::1 localhost ip6-localhost ip6-loopback -ff02::1 ip6-allnodes -ff02::2 ip6-allrouters diff --git a/ansible/files/system_new/W530/___etc___wicd___manager-settings.conf b/ansible/files/system_new/W530/___etc___wicd___manager-settings.conf deleted file mode 100644 index d2ef3ee..0000000 --- a/ansible/files/system_new/W530/___etc___wicd___manager-settings.conf +++ /dev/null @@ -1,24 +0,0 @@ -[Settings] -backend = external -wireless_interface = wlp3s0 -wired_interface = enp0s25 -wpa_driver = wext -always_show_wired_interface = False -use_global_dns = False -global_dns_1 = None -global_dns_2 = None -global_dns_3 = None -global_dns_dom = None -global_search_dom = None -auto_reconnect = True -debug_mode = False -wired_connect_mode = 1 -signal_display_type = 0 -should_verify_ap = 1 -dhcp_client = 0 -link_detect_tool = 0 -flush_tool = 0 -sudo_app = 0 -prefer_wired = False -show_never_connect = True - diff --git a/ansible/files/system_new/X200s/___etc___hostname b/ansible/files/system_new/X200s/___etc___hostname deleted file mode 100644 index d241415..0000000 --- a/ansible/files/system_new/X200s/___etc___hostname +++ /dev/null @@ -1 +0,0 @@ -X200s diff --git a/ansible/files/system_new/X200s/___etc___hosts b/ansible/files/system_new/X200s/___etc___hosts deleted file mode 100644 index b275ecb..0000000 --- a/ansible/files/system_new/X200s/___etc___hosts +++ /dev/null @@ -1,7 +0,0 @@ -127.0.0.1 localhost -127.0.1.1 X200s - -# The following lines are desirable for IPv6 capable hosts -::1 localhost ip6-localhost ip6-loopback -ff02::1 ip6-allnodes -ff02::2 ip6-allrouters diff --git a/ansible/files/system_new/minimal/___etc___apt___apt.conf.d___99mindeps b/ansible/files/system_new/minimal/___etc___apt___apt.conf.d___99mindeps deleted file mode 100644 index 4aaef79..0000000 --- a/ansible/files/system_new/minimal/___etc___apt___apt.conf.d___99mindeps +++ /dev/null @@ -1,4 +0,0 @@ -APT::AutoRemove::RecommendsImportant "false"; -APT::AutoRemove::SuggestsImportant "false"; -APT::Install-Recommends "false"; -APT::Install-Suggests "false"; diff --git a/ansible/files/system_new/minimal/___etc___apt___sources.list b/ansible/files/system_new/minimal/___etc___apt___sources.list deleted file mode 100644 index e64d6ee..0000000 --- a/ansible/files/system_new/minimal/___etc___apt___sources.list +++ /dev/null @@ -1,4 +0,0 @@ -deb http://ftp.debian.org/debian/ stretch main contrib non-free -deb http://ftp.debian.org/debian/ stretch-updates main contrib non-free -deb http://ftp.debian.org/debian stretch-backports main contrib non-free -deb http://security.debian.org/ stretch/updates main contrib non-free diff --git a/ansible/files/system_new/minimal/___etc___apt___sources.list.d___palemoon.list b/ansible/files/system_new/minimal/___etc___apt___sources.list.d___palemoon.list deleted file mode 100644 index f90488e..0000000 --- a/ansible/files/system_new/minimal/___etc___apt___sources.list.d___palemoon.list +++ /dev/null @@ -1 +0,0 @@ -deb http://download.opensuse.org/repositories/home:/stevenpusser/Debian_9.0/ / diff --git a/ansible/files/system_new/minimal/___etc___default___tlp b/ansible/files/system_new/minimal/___etc___default___tlp deleted file mode 100644 index 6db0f60..0000000 --- a/ansible/files/system_new/minimal/___etc___default___tlp +++ /dev/null @@ -1,278 +0,0 @@ -# ------------------------------------------------------------------------------ -# tlp - Parameters for power save -# See full explanation: http://linrunner.de/en/tlp/docs/tlp-configuration.html - -# Hint: some features are disabled by default, remove the leading # to enable -# them. - -# Set to 0 to disable, 1 to enable TLP. -TLP_ENABLE=1 - -# Operation mode when no power supply can be detected: AC, BAT -# Concerns some desktop and embedded hardware only. -TLP_DEFAULT_MODE=AC - -# Seconds laptop mode has to wait after the disk goes idle before doing a sync. -# Non-zero value enables, zero disables laptop mode. -DISK_IDLE_SECS_ON_AC=0 -DISK_IDLE_SECS_ON_BAT=2 - -# Dirty page values (timeouts in secs). -MAX_LOST_WORK_SECS_ON_AC=15 -MAX_LOST_WORK_SECS_ON_BAT=60 - -# Hint: CPU parameters below are disabled by default, remove the leading # -# to enable them, otherwise kernel default values are used. - -# Select a CPU frequency scaling governor. -# Intel Core i processor with intel_pstate driver: -# powersave(*), performance -# Older hardware with acpi-cpufreq driver: -# ondemand(*), powersave, performance, conservative -# (*) is recommended. -# Hint: use tlp-stat -p to show the active driver and available governors. -# Important: -# You *must* disable your distribution's governor settings or conflicts will -# occur. ondemand is sufficient for *almost all* workloads, you should know -# what you're doing! -#CPU_SCALING_GOVERNOR_ON_AC=powersave -#CPU_SCALING_GOVERNOR_ON_BAT=powersave - -# Set the min/max frequency available for the scaling governor. -# Possible values strongly depend on your CPU. For available frequencies see -# the output of tlp-stat -p. -#CPU_SCALING_MIN_FREQ_ON_AC=0 -#CPU_SCALING_MAX_FREQ_ON_AC=0 -#CPU_SCALING_MIN_FREQ_ON_BAT=0 -#CPU_SCALING_MAX_FREQ_ON_BAT=0 - -# Set Intel P-state performance: 0..100 (%) -# Limit the max/min P-state to control the power dissipation of the CPU. -# Values are stated as a percentage of the available performance. -# Requires an Intel Core i processor with intel_pstate driver. -#CPU_MIN_PERF_ON_AC=0 -#CPU_MAX_PERF_ON_AC=100 -#CPU_MIN_PERF_ON_BAT=0 -#CPU_MAX_PERF_ON_BAT=30 - -# Set the CPU "turbo boost" feature: 0=disable, 1=allow -# Requires an Intel Core i processor. -# Important: -# - This may conflict with your distribution's governor settings -# - A value of 1 does *not* activate boosting, it just allows it -#CPU_BOOST_ON_AC=1 -#CPU_BOOST_ON_BAT=0 - -# Minimize number of used CPU cores/hyper-threads under light load conditions -SCHED_POWERSAVE_ON_AC=0 -SCHED_POWERSAVE_ON_BAT=1 - -# Kernel NMI Watchdog: -# 0=disable (default, saves power), 1=enable (for kernel debugging only) -NMI_WATCHDOG=0 - -# Change CPU voltages aka "undervolting" - Kernel with PHC patch required -# Frequency voltage pairs are written to: -# /sys/devices/system/cpu/cpu0/cpufreq/phc_controls -# CAUTION: only use this, if you thoroughly understand what you are doing! -#PHC_CONTROLS="F:V F:V F:V F:V" - -# Set CPU performance versus energy savings policy: -# performance, normal, powersave -# Requires kernel module msr and x86_energy_perf_policy from linux-tools -ENERGY_PERF_POLICY_ON_AC=performance -ENERGY_PERF_POLICY_ON_BAT=powersave - -# Hard disk devices; separate multiple devices with spaces (default: sda). -# Devices can be specified by disk ID also (lookup with: tlp diskid). -DISK_DEVICES="sda sdb" - -# Hard disk advanced power management level: 1..254, 255 (max saving, min, off) -# Levels 1..127 may spin down the disk; 255 allowable on most drives. -# Separate values for multiple disks with spaces. Use the special value 'keep' -# to keep the hardware default for the particular disk. -DISK_APM_LEVEL_ON_AC="254 254" -DISK_APM_LEVEL_ON_BAT="128 128" - -# Hard disk spin down timeout: -# 0: spin down disabled -# 1..240: timeouts from 5s to 20min (in units of 5s) -# 241..251: timeouts from 30min to 5.5 hours (in units of 30min) -# See 'man hdparm' for details. -# Separate values for multiple disks with spaces. Use the special value 'keep' -# to keep the hardware default for the particular disk. -#DISK_SPINDOWN_TIMEOUT_ON_AC="0 0" -#DISK_SPINDOWN_TIMEOUT_ON_BAT="0 0" - -# Select IO scheduler for the disk devices: cfq, deadline, noop (Default: cfq); -# Separate values for multiple disks with spaces. Use the special value 'keep' -# to keep the kernel default scheduler for the particular disk. -#DISK_IOSCHED="cfq cfq" - -# SATA aggressive link power management (ALPM): -# min_power, medium_power, max_performance -SATA_LINKPWR_ON_AC=max_performance -SATA_LINKPWR_ON_BAT=min_power - -# Exclude SATA host devices from link power management. -# Separate multiple hosts with spaces. -#SATA_LINKPWR_BLACKLIST="host1" - -# Runtime Power Management for AHCI controllers and disks: -# on=disable, auto=enable -# EXPERIMENTAL ** WARNING: auto will most likely cause system lockups/data loss -#AHCI_RUNTIME_PM_ON_AC=on -#AHCI_RUNTIME_PM_ON_BAT=on - -# Seconds of inactivity before disk is suspended -AHCI_RUNTIME_PM_TIMEOUT=15 - -# PCI Express Active State Power Management (PCIe ASPM): -# default, performance, powersave -PCIE_ASPM_ON_AC=performance -PCIE_ASPM_ON_BAT=powersave - -# Radeon graphics clock speed (profile method): low, mid, high, auto, default; -# auto = mid on BAT, high on AC; default = use hardware defaults. -# (Kernel >= 2.6.35 only, open-source radeon driver explicitly) -RADEON_POWER_PROFILE_ON_AC=high -RADEON_POWER_PROFILE_ON_BAT=low - -# Radeon dynamic power management method (DPM): battery, performance -# (Kernel >= 3.11 only, requires boot option radeon.dpm=1) -RADEON_DPM_STATE_ON_AC=performance -RADEON_DPM_STATE_ON_BAT=battery - -# Radeon DPM performance level: auto, low, high; auto is recommended. -RADEON_DPM_PERF_LEVEL_ON_AC=auto -RADEON_DPM_PERF_LEVEL_ON_BAT=auto - -# WiFi power saving mode: on=enable, off=disable; not supported by all adapters. -WIFI_PWR_ON_AC=off -WIFI_PWR_ON_BAT=on - -# Disable wake on LAN: Y/N -WOL_DISABLE=Y - -# Enable audio power saving for Intel HDA, AC97 devices (timeout in secs). -# A value of 0 disables, >=1 enables power save. -SOUND_POWER_SAVE_ON_AC=0 -SOUND_POWER_SAVE_ON_BAT=1 - -# Disable controller too (HDA only): Y/N -SOUND_POWER_SAVE_CONTROLLER=Y - -# Set to 1 to power off optical drive in UltraBay/MediaBay when running on -# battery. A value of 0 disables this feature (Default). -# Drive can be powered on again by releasing (and reinserting) the eject lever -# or by pressing the disc eject button on newer models. -# Note: an UltraBay/MediaBay hard disk is never powered off. -BAY_POWEROFF_ON_BAT=0 -# Optical drive device to power off (default sr0). -BAY_DEVICE="sr0" - -# Runtime Power Management for PCI(e) bus devices: on=disable, auto=enable -RUNTIME_PM_ON_AC=on -RUNTIME_PM_ON_BAT=auto - -# Runtime PM for *all* PCI(e) bus devices, except blacklisted ones: -# 0=disable, 1=enable -RUNTIME_PM_ALL=1 - -# Exclude PCI(e) device adresses the following list from Runtime PM -# (separate with spaces). Use lspci to get the adresses (1st column). -#RUNTIME_PM_BLACKLIST="bb:dd.f 11:22.3 44:55.6" - -# Exclude PCI(e) devices assigned to the listed drivers from Runtime PM -# (should prevent accidential power on of hybrid graphics' discrete part). -# Default is "radeon nouveau"; use "" to disable the feature completely. -# Separate multiple drivers with spaces. -RUNTIME_PM_DRIVER_BLACKLIST="radeon nouveau" - -# Set to 0 to disable, 1 to enable USB autosuspend feature. -USB_AUTOSUSPEND=1 - -# Exclude listed devices from USB autosuspend (separate with spaces). -# Use lsusb to get the ids. -# Note: input devices (usbhid) are excluded automatically (see below) -#USB_BLACKLIST="1111:2222 3333:4444" - -# WWAN devices are excluded from USB autosuspend: 0=do not exclude / 1=exclude -USB_BLACKLIST_WWAN=1 - -# Include listed devices into USB autosuspend even if already excluded -# by the driver or WWAN blacklists above (separate with spaces). -# Use lsusb to get the ids. -#USB_WHITELIST="1111:2222 3333:4444" - -# Set to 1 to disable autosuspend before shutdown, 0 to do nothing -# (workaround for USB devices that cause shutdown problems). -#USB_AUTOSUSPEND_DISABLE_ON_SHUTDOWN=1 - -# Restore radio device state (Bluetooth, WiFi, WWAN) from previous shutdown -# on system startup: 0=disable, 1=enable. -# Hint: the parameters DEVICES_TO_DISABLE/ENABLE_ON_STARTUP/SHUTDOWN below -# are ignored when this is enabled! -RESTORE_DEVICE_STATE_ON_STARTUP=0 - -# Radio devices to disable on startup: bluetooth, wifi, wwan. -# Separate multiple devices with spaces. -DEVICES_TO_DISABLE_ON_STARTUP="bluetooth wifi wwan" - -# Radio devices to enable on startup: bluetooth, wifi, wwan. -# Separate multiple devices with spaces. -#DEVICES_TO_ENABLE_ON_STARTUP="wifi" - -# Radio devices to disable on shutdown: bluetooth, wifi, wwan -# (workaround for devices that are blocking shutdown). -#DEVICES_TO_DISABLE_ON_SHUTDOWN="bluetooth wifi wwan" - -# Radio devices to enable on shutdown: bluetooth, wifi, wwan -# (to prevent other operating systems from missing radios). -#DEVICES_TO_ENABLE_ON_SHUTDOWN="wwan" - -# Radio devices to enable on AC: bluetooth, wifi, wwan -#DEVICES_TO_ENABLE_ON_AC="bluetooth wifi wwan" - -# Radio devices to disable on battery: bluetooth, wifi, wwan -#DEVICES_TO_DISABLE_ON_BAT="bluetooth wifi wwan" - -# Radio devices to disable on battery when not in use (not connected): -# bluetooth, wifi, wwan -DEVICES_TO_DISABLE_ON_BAT_NOT_IN_USE="bluetooth wifi wwan" - -# Battery charge thresholds (ThinkPad only, tp-smapi or acpi-call kernel module -# required). Charging starts when the remaining capacity falls below the -# START_CHARGE_THRESH value and stops when exceeding the STOP_CHARGE_THRESH value. -# Main / Internal battery (values in %) -START_CHARGE_THRESH_BAT0=10 -STOP_CHARGE_THRESH_BAT0=95 -# Ultrabay / Slice / Replaceable battery (values in %) -START_CHARGE_THRESH_BAT1=10 -STOP_CHARGE_THRESH_BAT1=95 - -# ------------------------------------------------------------------------------ -# tlp-rdw - Parameters for the radio device wizard -# Possible devices: bluetooth, wifi, wwan - -# Hints: -# - Parameters are disabled by default, remove the leading # to enable them. -# - Separate multiple radio devices with spaces. - -# Radio devices to disable on connect. -#DEVICES_TO_DISABLE_ON_LAN_CONNECT="wifi wwan" -#DEVICES_TO_DISABLE_ON_WIFI_CONNECT="wwan" -#DEVICES_TO_DISABLE_ON_WWAN_CONNECT="wifi" - -# Radio devices to enable on disconnect. -#DEVICES_TO_ENABLE_ON_LAN_DISCONNECT="wifi wwan" -#DEVICES_TO_ENABLE_ON_WIFI_DISCONNECT="" -#DEVICES_TO_ENABLE_ON_WWAN_DISCONNECT="" - -# Radio devices to enable/disable when docked. -#DEVICES_TO_ENABLE_ON_DOCK="" -#DEVICES_TO_DISABLE_ON_DOCK="" - -# Radio devices to enable/disable when undocked. -#DEVICES_TO_ENABLE_ON_UNDOCK="wifi" -#DEVICES_TO_DISABLE_ON_UNDOCK="" diff --git a/ansible/files/system_new/minimal/___etc___profile b/ansible/files/system_new/minimal/___etc___profile deleted file mode 100644 index 5884d7b..0000000 --- a/ansible/files/system_new/minimal/___etc___profile +++ /dev/null @@ -1,35 +0,0 @@ -# /etc/profile: system-wide .profile file for the Bourne shell (sh(1)) -# and Bourne compatible shells (bash(1), ksh(1), ash(1), ...). - -if [ "`id -u`" -eq 0 ]; then - PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" -else - PATH="/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games" -fi -export PATH - -if [ "${PS1-}" ]; then - if [ "${BASH-}" ] && [ "$BASH" != "/bin/sh" ]; then - # The file bash.bashrc already sets the default PS1. - # PS1='\h:\w\$ ' - if [ -f /etc/bash.bashrc ]; then - . /etc/bash.bashrc - fi - else - if [ "`id -u`" -eq 0 ]; then - PS1='# ' - else - PS1='$ ' - fi - fi -fi - -if [ -d /etc/profile.d ]; then - for i in /etc/profile.d/*.sh; do - if [ -r $i ]; then - . $i - fi - done - unset i -fi -export LC_ALL="en_US.UTF-8" diff --git a/ansible/files/system_new/minimal/___etc___systemd___logind.conf b/ansible/files/system_new/minimal/___etc___systemd___logind.conf deleted file mode 100644 index 7a9004a..0000000 --- a/ansible/files/system_new/minimal/___etc___systemd___logind.conf +++ /dev/null @@ -1,38 +0,0 @@ -# This file is part of systemd. -# -# systemd is free software; you can redistribute it and/or modify it -# under the terms of the GNU Lesser General Public License as published by -# the Free Software Foundation; either version 2.1 of the License, or -# (at your option) any later version. -# -# Entries in this file show the compile time defaults. -# You can change settings by editing this file. -# Defaults can be restored by simply deleting this file. -# -# See logind.conf(5) for details. - -[Login] -#NAutoVTs=6 -#ReserveVT=6 -#KillUserProcesses=no -#KillOnlyUsers= -#KillExcludeUsers=root -#InhibitDelayMaxSec=5 -#HandlePowerKey=poweroff -#HandleSuspendKey=suspend -#HandleHibernateKey=hibernate -#HandleLidSwitch=suspend -#HandleLidSwitchDocked=ignore -#PowerKeyIgnoreInhibited=no -#SuspendKeyIgnoreInhibited=no -#HibernateKeyIgnoreInhibited=no -#LidSwitchIgnoreInhibited=yes -#HoldoffTimeoutSec=30s -#IdleAction=ignore -#IdleActionSec=30min -#RuntimeDirectorySize=10% -#RemoveIPC=yes -#InhibitorsMax=8192 -#SessionsMax=8192 -#UserTasksMax=33% -HandleLidSwitch=hibernate diff --git a/ansible/files/system_new/minimal/___etc___timezone b/ansible/files/system_new/minimal/___etc___timezone deleted file mode 100644 index 94d5acc..0000000 --- a/ansible/files/system_new/minimal/___etc___timezone +++ /dev/null @@ -1 +0,0 @@ -Europe/Berlin diff --git a/ansible/run_root.sh b/ansible/run_root.sh deleted file mode 100755 index 02856c2..0000000 --- a/ansible/run_root.sh +++ /dev/null @@ -1 +0,0 @@ -ansible-playbook -i 'localhost,' -c local config.yml diff --git a/ansible/run_root_new.sh b/ansible/run_root_new.sh deleted file mode 100755 index 36408a8..0000000 --- a/ansible/run_root_new.sh +++ /dev/null @@ -1 +0,0 @@ -ansible-playbook -i 'localhost,' -e system_name=X200s -c local config_new.yml diff --git a/ansible/run_user.sh b/ansible/run_user.sh deleted file mode 100755 index e52b521..0000000 --- a/ansible/run_user.sh +++ /dev/null @@ -1 +0,0 @@ -ansible-playbook -i 'localhost,' -c local user.yml diff --git a/ansible/run_user_new.sh b/ansible/run_user_new.sh deleted file mode 100755 index 510faad..0000000 --- a/ansible/run_user_new.sh +++ /dev/null @@ -1 +0,0 @@ -ansible-playbook -i 'localhost,' -e system_name=X200s -c local user_new.yml diff --git a/ansible/tasks/initial_purge.yml b/ansible/tasks/initial_purge.yml deleted file mode 100644 index 63fddd9..0000000 --- a/ansible/tasks/initial_purge.yml +++ /dev/null @@ -1,25 +0,0 @@ ---- - -- name: collect officially required packages - shell: dpkg-query -Wf '${Package} ${Priority}\n' | grep ' required' | sed 's/ required//' > /tmp/list_white_unsorted - -- name: add "ifupdown" and "isc-dhcp-client" (to keep internet connection afterwards) and "ansible" (to keep its modules available for continuing the configuration) to required packages - shell: echo 'ifupdown' >> /tmp/list_white_unsorted && echo 'isc-dhcp-client' >> /tmp/list_white_unsorted && echo 'ansible' >> /tmp/list_white_unsorted && sort /tmp/list_white_unsorted > /tmp/list_white - -- name: collect currently installed packages - shell: dpkg-query -Wf '${Package}\n' > /tmp/list_all_packages && sort /tmp/list_all_packages > /tmp/foo && mv /tmp/foo /tmp/list_all_packages - -- name: create black list of packages to mark as automatically installed from the difference between the required packages and the packages currently installed - shell: comm -3 /tmp/list_all_packages /tmp/list_white > /tmp/list_black - -- name: mark all packages from black list as automatically installed - shell: apt-mark auto $(cat /tmp/list_black) - -- name: purge all packages automatically installed that are not depended on - shell: DEBIAN_FRONTEND=noninteractive apt-get -y --purge autoremove - -- name: ensure flags directory exists - file: path=flags state=directory - -- name: set initial_purge_happened flag, so that this whole process does not get repeated - file: path=flags/initial_purge_happened state=touch diff --git a/ansible/tasks/qutebrowser.yml b/ansible/tasks/qutebrowser.yml deleted file mode 100644 index 916c854..0000000 --- a/ansible/tasks/qutebrowser.yml +++ /dev/null @@ -1,45 +0,0 @@ ---- - -- name: Set qutebrowser, python3-pypeg2 facts. - set_fact: - qutebrowser_deb_url: https://github.com/qutebrowser/qutebrowser/releases/download/v0.11.0/qutebrowser_0.11.0-1_all.deb - python3pypeg2_deb_url: https://qutebrowser.org/python3-pypeg2_2.15.2-1_all.deb - qutebrowser_deb_path: /tmp/qutebrowser.deb - python3pypeg2_deb_path: /tmp/python3-pypeg2.deb - -- name: Check if qutebrowser is installed. - command: dpkg-query -W qutebrowser - register: qutebrowser_debcheck - failed_when: qutebrowser_debcheck.rc > 1 - changed_when: qutebrowser_debcheck.rc == 1 - -- name: Check if qutebrowser-dependency python3-pypeg2 is installed. - command: dpkg-query -W python3-pypeg2 - register: python3pypeg2_debcheck - failed_when: python3pypeg2_debcheck.rc > 1 - changed_when: python3pypeg2_debcheck.rc == 1 - when: qutebrowser_debcheck.rc == 1 - -- name: Download python3-pypeg2 package. - get_url: url={{ python3pypeg2_deb_url }} dest={{ python3pypeg2_deb_path }} - when: qutebrowser_debcheck.rc == 1 and python3pypeg2_debcheck.rc == 1 - -- name: Download qutebrowser package. - get_url: url={{ qutebrowser_deb_url }} dest={{ qutebrowser_deb_path }} - when: qutebrowser_debcheck.rc == 1 - -# We use command: apt as a workaround because the Ansible apt module installs -# the Depends of the .deb marked as manual while we want them marked as auto. -- name: Install python3-pypeg2 package, - command: apt install --yes "{{ python3pypeg2_deb_path}}" - when: qutebrowser_debcheck.rc == 1 and python3pypeg2_debcheck.rc == 1 - -- name: Mark python3-pypeg2 package as automatically installed. - command: apt-mark auto python3-pypeg2 - when: qutebrowser_debcheck.rc == 1 and python3pypeg2_debcheck.rc == 1 - -# We use command: apt as a workaround because the Ansible apt module installs -# the Depends of the .deb marked as manual while we want them marked as auto. -- name: Install qutebrowser package. - command: apt install --yes "{{ qutebrowser_deb_path}}" - when: qutebrowser_debcheck.rc == 1 diff --git a/ansible/user.yml b/ansible/user.yml deleted file mode 100644 index 07dd189..0000000 --- a/ansible/user.yml +++ /dev/null @@ -1,13 +0,0 @@ -- hosts: all - tasks: - - - name: ensure ~/.vimbackups directory - file: state=directory dest=~/.vimbackups - - name: Ensure dotfile symlinks - file: state=link force=yes src={{item}} dest=~/.{{item|basename}} - with_fileglob: - - ~/config/dotfiles/minimal/* - - ~/config/dotfiles/user/thinkpad/minimal/* - - ~/config/dotfiles/user/thinkpad/W530/* - - name: ensure ~/downloads directory - file: state=directory dest=~/downloads diff --git a/ansible/user_new.yml b/ansible/user_new.yml deleted file mode 100644 index d6f46af..0000000 --- a/ansible/user_new.yml +++ /dev/null @@ -1,13 +0,0 @@ -- hosts: all - tasks: - - - name: ensure ~/.vimbackups directory - file: state=directory dest=~/.vimbackups - - name: Ensure dotfile symlinks - file: state=link force=yes src={{item}} dest=~/.{{item|basename}} - with_fileglob: - - ~/config/dotfiles/minimal/* - - ~/config/dotfiles/user/thinkpad/minimal/* - - ~/config/dotfiles/user/thinkpad/{{ system_name }}/* - - name: ensure ~/downloads directory - file: state=directory dest=~/downloads diff --git a/archive_plomroma.py b/archive_plomroma.py deleted file mode 100755 index 0ad89b7..0000000 --- a/archive_plomroma.py +++ /dev/null @@ -1,86 +0,0 @@ -#!/usr/bin/env python3 -import lxml -import argparse -# use with `find status.plomlompom.com -type f -name "*.html" -exec ./archive_plomroma.py -f {} \;` - -parser = argparse.ArgumentParser(description="archive plom's self-hosted pleroma feed") -parser.add_argument("-f", "--file", dest="file", required=True, help="HTML file to process") -args = parser.parse_args() -print("processing", args.file) - -def print_tree(node, level=0): - tag = node.tag - id = node.get("id") - classes = node.get("class") - text = (node.text or "").strip() - attributes_info = [] - if id: - attributes_info.append(f"id='{id}'") - if classes: - attributes_info.append(f"class='{classes}'") - attr_str = " ".join(attributes_info) - print(" " * level + f"<{tag} {attr_str}>", end="") - if text: - print(f" -> {text}") - else: - print() - for child in node: - print_tree(child, level + 1) - -with open(args.file, "r", encoding="utf-8") as file: - content = file.read() -from lxml import html -tree = html.fromstring(content) - -atom_links = tree.xpath('/html/head/link[@rel="alternate"]') -for atom_link in atom_links: - atom_link.getparent().remove(atom_link) -comments = tree.xpath('//comment()') -for comment in comments: - comment.getparent().remove(comment) -forms = tree.xpath('//form') -for form in forms: - form.getparent().remove(form) - - -def has_class(context, element, class_name): - classes = element[0].get('class', '').split() - return class_name in classes -ns = lxml.etree.FunctionNamespace(None) -ns['has-class'] = has_class -matching_divs = tree.xpath('//div[has-class(., "activity") and .//div[has-class(., "p-author")] and .//bdi[has-class(., "p-name") and string()!="plomlompom"]]') -imgs = tree.xpath('//img') -for img in imgs: - src = img.get('src') - if src and not src.startswith('https://status.plomlompom.com/'): - img.attrib.pop('src', None) - alt = img.get('alt') - if alt and not alt.startswith('../'): - img.attrib.pop('alt', None) - title = img.get('title') - if title and not title.startswith('../'): - img.attrib.pop('title', None) -removal_notice = "[Removed foreign content for static archive, follow permalink on date to see original.]" -for activity_div in matching_divs: - details = activity_div.xpath('.//details[./div[has-class]]') - for detail in details: - new_div = lxml.etree.Element("div") - new_div.text = removal_notice - detail.getparent().replace(detail, new_div) - e_contents = activity_div.xpath('.//div[has-class(., "e-content") or has-class(., "activity-content")]') - for content in e_contents: - content.clear() - content.text = removal_notice - -header = """ -

contact / privacy

-

plomroma (archived): This site is a static archive of a Pleroma instance formerly hosted by me, to preserve my own messages from that time. Foreign content has been removed, but may still be available via links.

-
-""" -tree.body.insert(0, html.fromstring(header)) - -# print_tree(tree) -with open(args.file, "w", encoding="utf-8") as file: - file.write(html.tostring(tree, pretty_print=True, encoding="utf-8").decode("utf-8")) - -print("done") diff --git a/archived/all_new_2018/apt-mark/all b/archived/all_new_2018/apt-mark/all new file mode 100644 index 0000000..f748f3b --- /dev/null +++ b/archived/all_new_2018/apt-mark/all @@ -0,0 +1,9 @@ +# connectivity: ifupdown seems necessary everyhwere, isc-dhcp-client +# unpredictably so +ifupdown +isc-dhcp-client +# git for the setup directory; cloning works with ca-certificates +ca-certificates +git +# to avoid constant warnings about no locale being found +locales diff --git a/archived/all_new_2018/apt-mark/server b/archived/all_new_2018/apt-mark/server new file mode 100644 index 0000000..4f7fc5d --- /dev/null +++ b/archived/all_new_2018/apt-mark/server @@ -0,0 +1,7 @@ +# needed to log in to server via ssh +openssh-server +# provides /etc/inputrc and understanding of ctrl+arrow key combos +readline-common +# provides systemd scripts that configure iptables via /etc/iptables/* +iptables-persistent +# this line is here because the shell "read" in install_for_target.sh ignores lines without final newline \ No newline at end of file diff --git a/archived/all_new_2018/borg.sh b/archived/all_new_2018/borg.sh new file mode 100755 index 0000000..18321b1 --- /dev/null +++ b/archived/all_new_2018/borg.sh @@ -0,0 +1,145 @@ +#!/bin/sh +set -e + +standard_repo="borg" +config_file="${HOME}/.borgrepos" + +usage() { + echo "Need operation as argument, one of:" + echo "init" + echo "store" + echo "check" + echo "export_keyfiles" + echo "orgpush" + echo "orgpull" + false +} + +read_pw() { + if [ "${#SSH_AGENT_PID}" -eq 0 ]; then + eval $(ssh-agent) + echo "ssh-add" + stty -echo + ssh-add + stty echo + fi + if [ "${#BORG_PASSPHRASE}" -eq 0 ]; then + stty -echo + printf "Borg passphrase: " + read password + stty echo + printf "\n" + export BORG_PASSPHRASE="${password}" + fi +} + +if [ ! -f "${config_file}" ]; then + echo '# file read ends at last newline' >> "${config_file}" +fi +if [ "$#" -lt 1 ]; then + usage +fi +first_arg="$1" +shift +if [ "${first_arg}" = "init" ]; then + if [ ! "$#" -eq 1 ]; then + echo "Need exactly one argument: target of form user@server" + false + fi + target="$1" + echo "Initializing: ${target}" + borg init --verbose --encryption=keyfile "${target}:${standard_repo}" + tmp_file="/tmp/new_borgrepos" + echo "${target}" > "${tmp_file}" + cat "${config_file}" >> "${tmp_file}" + cp "${tmp_file}" "${config_file}" +elif [ "${first_arg}" = "store" ]; then + if [ ! "$#" -eq 2 ]; then + echo "Need precisely two arguments: archive name and path to archive." + false + fi + archive_name=$1 + shift + to_backup="$@" + read_pw + cat "${config_file}" | while read line; do + first_char=$(echo "${line}" | cut -c1) + if [ "${first_char}" = "#" ]; then + continue + fi + repo="${line}:${standard_repo}" + archive="${repo}::${archive_name}-{utcnow:%Y-%m-%dT%H:%M}" + echo "Creating archive: ${archive}" + borg create --verbose --list "${archive}" "${to_backup}" + done +elif [ "${first_arg}" = "check" ]; then + if [ ! "$#" -eq 0 ]; then + echo "Need no arguments" + false + fi + read_pw + cat "${config_file}" | while read line; do + first_char=$(echo "${line}" | cut -c1) + if [ "${first_char}" = "#" ]; then + continue + fi + repo="${line}:${standard_repo}" + echo "Checking repo: ${repo}" + borg check --verbose "${repo}" + done +elif [ "${first_arg}" = "export_keyfiles" ]; then + if [ ! "$#" -eq 1 ]; then + echo "Need output tar file name." + false + fi + tar_target="${1}" + tmp_dir="${HOME}/.borgtmp" + keyfiles_dir="${tmp_dir}/borg_keyfiles" + mkdir -p "${keyfiles_dir}" + cat "${config_file}" | while read line; do + first_char=$(echo "${line}" | cut -c1) + if [ "${first_char}" = "#" ]; then + continue + fi + repo="${line}:${standard_repo}" + borg key export "${repo}" "${keyfiles_dir}/${line}" + done + cur_dir="$(pwd)" + cd "${tmp_dir}" + target=$(basename "${keyfiles_dir}") + tar cf "${tar_target}" "${target}" + mv "${tar_target}" "${cur_dir}" + cd + rm -rf "${tmp_dir}" +elif [ "${first_arg}" = "orgpush" ]; then + archive_name="orgdir" + to_backup=~/org + read_pw + cat "${config_file}" | while read line; do + first_char=$(echo "${line}" | cut -c1) + if [ "${first_char}" = "#" ]; then + continue + fi + repo="${line}:${standard_repo}" + archive="${repo}::${archive_name}-{utcnow:%Y-%m-%dT%H:%M}" + echo "Creating archive: ${archive}" + borg create --verbose --list "${archive}" "${to_backup}" --exclude ~/org/.git + done +elif [ "${first_arg}" = "orgpull" ]; then + archive_name="orgdir" + read_pw + cd / + cat "${config_file}" | while read line; do + first_char=$(echo "${line}" | cut -c1) + if [ "${first_char}" = "#" ]; then + continue + fi + repo="${line}:${standard_repo}" + archive=$(borg list "${repo}" | grep "${orgdir}" | tail -1 | cut -f1 -d' ') + echo "Pulling archive: ${archive}" + borg extract --verbose "${repo}::${archive}" + break + done +else + usage +fi diff --git a/archived/all_new_2018/linkable_etc_files/all/etc/apt/apt.conf.d/99_minimize_dependencies b/archived/all_new_2018/linkable_etc_files/all/etc/apt/apt.conf.d/99_minimize_dependencies new file mode 100644 index 0000000..4aaef79 --- /dev/null +++ b/archived/all_new_2018/linkable_etc_files/all/etc/apt/apt.conf.d/99_minimize_dependencies @@ -0,0 +1,4 @@ +APT::AutoRemove::RecommendsImportant "false"; +APT::AutoRemove::SuggestsImportant "false"; +APT::Install-Recommends "false"; +APT::Install-Suggests "false"; diff --git a/archived/all_new_2018/linkable_etc_files/all/etc/apt/sources.list b/archived/all_new_2018/linkable_etc_files/all/etc/apt/sources.list new file mode 100644 index 0000000..68064c6 --- /dev/null +++ b/archived/all_new_2018/linkable_etc_files/all/etc/apt/sources.list @@ -0,0 +1,4 @@ +deb http://deb.debian.org/debian stretch main contrib non-free +deb http://deb.debian.org/debian-security/ stretch/updates main contrib non-free +deb http://deb.debian.org/debian stretch-updates main contrib non-free +deb http://ftp.debian.org/debian stretch-backports main contrib non-free \ No newline at end of file diff --git a/archived/all_new_2018/linkable_etc_files/all/etc/locale.gen b/archived/all_new_2018/linkable_etc_files/all/etc/locale.gen new file mode 100644 index 0000000..a28cfa4 --- /dev/null +++ b/archived/all_new_2018/linkable_etc_files/all/etc/locale.gen @@ -0,0 +1,483 @@ +# This file lists locales that you wish to have built. You can find a list +# of valid supported locales at /usr/share/i18n/SUPPORTED, and you can add +# user defined locales to /usr/local/share/i18n/SUPPORTED. If you change +# this file, you need to rerun locale-gen. + + +# aa_DJ ISO-8859-1 +# aa_DJ.UTF-8 UTF-8 +# aa_ER UTF-8 +# aa_ER@saaho UTF-8 +# aa_ET UTF-8 +# af_ZA ISO-8859-1 +# af_ZA.UTF-8 UTF-8 +# ak_GH UTF-8 +# am_ET UTF-8 +# an_ES ISO-8859-15 +# an_ES.UTF-8 UTF-8 +# anp_IN UTF-8 +# ar_AE ISO-8859-6 +# ar_AE.UTF-8 UTF-8 +# ar_BH ISO-8859-6 +# ar_BH.UTF-8 UTF-8 +# ar_DZ ISO-8859-6 +# ar_DZ.UTF-8 UTF-8 +# ar_EG ISO-8859-6 +# ar_EG.UTF-8 UTF-8 +# ar_IN UTF-8 +# ar_IQ ISO-8859-6 +# ar_IQ.UTF-8 UTF-8 +# ar_JO ISO-8859-6 +# ar_JO.UTF-8 UTF-8 +# ar_KW ISO-8859-6 +# ar_KW.UTF-8 UTF-8 +# ar_LB ISO-8859-6 +# ar_LB.UTF-8 UTF-8 +# ar_LY ISO-8859-6 +# ar_LY.UTF-8 UTF-8 +# ar_MA ISO-8859-6 +# ar_MA.UTF-8 UTF-8 +# ar_OM ISO-8859-6 +# ar_OM.UTF-8 UTF-8 +# ar_QA ISO-8859-6 +# ar_QA.UTF-8 UTF-8 +# ar_SA ISO-8859-6 +# ar_SA.UTF-8 UTF-8 +# ar_SD ISO-8859-6 +# ar_SD.UTF-8 UTF-8 +# ar_SS UTF-8 +# ar_SY ISO-8859-6 +# ar_SY.UTF-8 UTF-8 +# ar_TN ISO-8859-6 +# ar_TN.UTF-8 UTF-8 +# ar_YE ISO-8859-6 +# ar_YE.UTF-8 UTF-8 +# as_IN UTF-8 +# ast_ES ISO-8859-15 +# ast_ES.UTF-8 UTF-8 +# ayc_PE UTF-8 +# az_AZ UTF-8 +# be_BY CP1251 +# be_BY.UTF-8 UTF-8 +# be_BY@latin UTF-8 +# bem_ZM UTF-8 +# ber_DZ UTF-8 +# ber_MA UTF-8 +# bg_BG CP1251 +# bg_BG.UTF-8 UTF-8 +# bhb_IN.UTF-8 UTF-8 +# bho_IN UTF-8 +# bn_BD UTF-8 +# bn_IN UTF-8 +# bo_CN UTF-8 +# bo_IN UTF-8 +# br_FR ISO-8859-1 +# br_FR.UTF-8 UTF-8 +# br_FR@euro ISO-8859-15 +# brx_IN UTF-8 +# bs_BA ISO-8859-2 +# bs_BA.UTF-8 UTF-8 +# byn_ER UTF-8 +# ca_AD ISO-8859-15 +# ca_AD.UTF-8 UTF-8 +# ca_ES ISO-8859-1 +# ca_ES.UTF-8 UTF-8 +# ca_ES.UTF-8@valencia UTF-8 +# ca_ES@euro ISO-8859-15 +# ca_ES@valencia ISO-8859-15 +# ca_FR ISO-8859-15 +# ca_FR.UTF-8 UTF-8 +# ca_IT ISO-8859-15 +# ca_IT.UTF-8 UTF-8 +# ce_RU UTF-8 +# chr_US UTF-8 +# cmn_TW UTF-8 +# crh_UA UTF-8 +# cs_CZ ISO-8859-2 +# cs_CZ.UTF-8 UTF-8 +# csb_PL UTF-8 +# cv_RU UTF-8 +# cy_GB ISO-8859-14 +# cy_GB.UTF-8 UTF-8 +# da_DK ISO-8859-1 +# da_DK.UTF-8 UTF-8 +# de_AT ISO-8859-1 +# de_AT.UTF-8 UTF-8 +# de_AT@euro ISO-8859-15 +# de_BE ISO-8859-1 +# de_BE.UTF-8 UTF-8 +# de_BE@euro ISO-8859-15 +# de_CH ISO-8859-1 +# de_CH.UTF-8 UTF-8 +# de_DE ISO-8859-1 +# de_DE.UTF-8 UTF-8 +# de_DE@euro ISO-8859-15 +# de_IT ISO-8859-1 +# de_IT.UTF-8 UTF-8 +# de_LI.UTF-8 UTF-8 +# de_LU ISO-8859-1 +# de_LU.UTF-8 UTF-8 +# de_LU@euro ISO-8859-15 +# doi_IN UTF-8 +# dv_MV UTF-8 +# dz_BT UTF-8 +# el_CY ISO-8859-7 +# el_CY.UTF-8 UTF-8 +# el_GR ISO-8859-7 +# el_GR.UTF-8 UTF-8 +# en_AG UTF-8 +# en_AU ISO-8859-1 +# en_AU.UTF-8 UTF-8 +# en_BW ISO-8859-1 +# en_BW.UTF-8 UTF-8 +# en_CA ISO-8859-1 +# en_CA.UTF-8 UTF-8 +# en_DK ISO-8859-1 +# en_DK.ISO-8859-15 ISO-8859-15 +# en_DK.UTF-8 UTF-8 +# en_GB ISO-8859-1 +# en_GB.ISO-8859-15 ISO-8859-15 +# en_GB.UTF-8 UTF-8 +# en_HK ISO-8859-1 +# en_HK.UTF-8 UTF-8 +# en_IE ISO-8859-1 +# en_IE.UTF-8 UTF-8 +# en_IE@euro ISO-8859-15 +# en_IL UTF-8 +# en_IN UTF-8 +# en_NG UTF-8 +# en_NZ ISO-8859-1 +# en_NZ.UTF-8 UTF-8 +# en_PH ISO-8859-1 +# en_PH.UTF-8 UTF-8 +# en_SG ISO-8859-1 +# en_SG.UTF-8 UTF-8 +# en_US ISO-8859-1 +# en_US.ISO-8859-15 ISO-8859-15 +en_US.UTF-8 UTF-8 +# en_ZA ISO-8859-1 +# en_ZA.UTF-8 UTF-8 +# en_ZM UTF-8 +# en_ZW ISO-8859-1 +# en_ZW.UTF-8 UTF-8 +# eo UTF-8 +# es_AR ISO-8859-1 +# es_AR.UTF-8 UTF-8 +# es_BO ISO-8859-1 +# es_BO.UTF-8 UTF-8 +# es_CL ISO-8859-1 +# es_CL.UTF-8 UTF-8 +# es_CO ISO-8859-1 +# es_CO.UTF-8 UTF-8 +# es_CR ISO-8859-1 +# es_CR.UTF-8 UTF-8 +# es_CU UTF-8 +# es_DO ISO-8859-1 +# es_DO.UTF-8 UTF-8 +# es_EC ISO-8859-1 +# es_EC.UTF-8 UTF-8 +# es_ES ISO-8859-1 +# es_ES.UTF-8 UTF-8 +# es_ES@euro ISO-8859-15 +# es_GT ISO-8859-1 +# es_GT.UTF-8 UTF-8 +# es_HN ISO-8859-1 +# es_HN.UTF-8 UTF-8 +# es_MX ISO-8859-1 +# es_MX.UTF-8 UTF-8 +# es_NI ISO-8859-1 +# es_NI.UTF-8 UTF-8 +# es_PA ISO-8859-1 +# es_PA.UTF-8 UTF-8 +# es_PE ISO-8859-1 +# es_PE.UTF-8 UTF-8 +# es_PR ISO-8859-1 +# es_PR.UTF-8 UTF-8 +# es_PY ISO-8859-1 +# es_PY.UTF-8 UTF-8 +# es_SV ISO-8859-1 +# es_SV.UTF-8 UTF-8 +# es_US ISO-8859-1 +# es_US.UTF-8 UTF-8 +# es_UY ISO-8859-1 +# es_UY.UTF-8 UTF-8 +# es_VE ISO-8859-1 +# es_VE.UTF-8 UTF-8 +# et_EE ISO-8859-1 +# et_EE.ISO-8859-15 ISO-8859-15 +# et_EE.UTF-8 UTF-8 +# eu_ES ISO-8859-1 +# eu_ES.UTF-8 UTF-8 +# eu_ES@euro ISO-8859-15 +# eu_FR ISO-8859-1 +# eu_FR.UTF-8 UTF-8 +# eu_FR@euro ISO-8859-15 +# fa_IR UTF-8 +# ff_SN UTF-8 +# fi_FI ISO-8859-1 +# fi_FI.UTF-8 UTF-8 +# fi_FI@euro ISO-8859-15 +# fil_PH UTF-8 +# fo_FO ISO-8859-1 +# fo_FO.UTF-8 UTF-8 +# fr_BE ISO-8859-1 +# fr_BE.UTF-8 UTF-8 +# fr_BE@euro ISO-8859-15 +# fr_CA ISO-8859-1 +# fr_CA.UTF-8 UTF-8 +# fr_CH ISO-8859-1 +# fr_CH.UTF-8 UTF-8 +# fr_FR ISO-8859-1 +# fr_FR.UTF-8 UTF-8 +# fr_FR@euro ISO-8859-15 +# fr_LU ISO-8859-1 +# fr_LU.UTF-8 UTF-8 +# fr_LU@euro ISO-8859-15 +# fur_IT UTF-8 +# fy_DE UTF-8 +# fy_NL UTF-8 +# ga_IE ISO-8859-1 +# ga_IE.UTF-8 UTF-8 +# ga_IE@euro ISO-8859-15 +# gd_GB ISO-8859-15 +# gd_GB.UTF-8 UTF-8 +# gez_ER UTF-8 +# gez_ER@abegede UTF-8 +# gez_ET UTF-8 +# gez_ET@abegede UTF-8 +# gl_ES ISO-8859-1 +# gl_ES.UTF-8 UTF-8 +# gl_ES@euro ISO-8859-15 +# gu_IN UTF-8 +# gv_GB ISO-8859-1 +# gv_GB.UTF-8 UTF-8 +# ha_NG UTF-8 +# hak_TW UTF-8 +# he_IL ISO-8859-8 +# he_IL.UTF-8 UTF-8 +# hi_IN UTF-8 +# hne_IN UTF-8 +# hr_HR ISO-8859-2 +# hr_HR.UTF-8 UTF-8 +# hsb_DE ISO-8859-2 +# hsb_DE.UTF-8 UTF-8 +# ht_HT UTF-8 +# hu_HU ISO-8859-2 +# hu_HU.UTF-8 UTF-8 +# hy_AM UTF-8 +# hy_AM.ARMSCII-8 ARMSCII-8 +# ia_FR UTF-8 +# id_ID ISO-8859-1 +# id_ID.UTF-8 UTF-8 +# ig_NG UTF-8 +# ik_CA UTF-8 +# is_IS ISO-8859-1 +# is_IS.UTF-8 UTF-8 +# it_CH ISO-8859-1 +# it_CH.UTF-8 UTF-8 +# it_IT ISO-8859-1 +# it_IT.UTF-8 UTF-8 +# it_IT@euro ISO-8859-15 +# iu_CA UTF-8 +# ja_JP.EUC-JP EUC-JP +# ja_JP.UTF-8 UTF-8 +# ka_GE GEORGIAN-PS +# ka_GE.UTF-8 UTF-8 +# kk_KZ PT154 +# kk_KZ.RK1048 RK1048 +# kk_KZ.UTF-8 UTF-8 +# kl_GL ISO-8859-1 +# kl_GL.UTF-8 UTF-8 +# km_KH UTF-8 +# kn_IN UTF-8 +# ko_KR.EUC-KR EUC-KR +# ko_KR.UTF-8 UTF-8 +# kok_IN UTF-8 +# ks_IN UTF-8 +# ks_IN@devanagari UTF-8 +# ku_TR ISO-8859-9 +# ku_TR.UTF-8 UTF-8 +# kw_GB ISO-8859-1 +# kw_GB.UTF-8 UTF-8 +# ky_KG UTF-8 +# lb_LU UTF-8 +# lg_UG ISO-8859-10 +# lg_UG.UTF-8 UTF-8 +# li_BE UTF-8 +# li_NL UTF-8 +# lij_IT UTF-8 +# ln_CD UTF-8 +# lo_LA UTF-8 +# lt_LT ISO-8859-13 +# lt_LT.UTF-8 UTF-8 +# lv_LV ISO-8859-13 +# lv_LV.UTF-8 UTF-8 +# lzh_TW UTF-8 +# mag_IN UTF-8 +# mai_IN UTF-8 +# mg_MG ISO-8859-15 +# mg_MG.UTF-8 UTF-8 +# mhr_RU UTF-8 +# mi_NZ ISO-8859-13 +# mi_NZ.UTF-8 UTF-8 +# mk_MK ISO-8859-5 +# mk_MK.UTF-8 UTF-8 +# ml_IN UTF-8 +# mn_MN UTF-8 +# mni_IN UTF-8 +# mr_IN UTF-8 +# ms_MY ISO-8859-1 +# ms_MY.UTF-8 UTF-8 +# mt_MT ISO-8859-3 +# mt_MT.UTF-8 UTF-8 +# my_MM UTF-8 +# nan_TW UTF-8 +# nan_TW@latin UTF-8 +# nb_NO ISO-8859-1 +# nb_NO.UTF-8 UTF-8 +# nds_DE UTF-8 +# nds_NL UTF-8 +# ne_NP UTF-8 +# nhn_MX UTF-8 +# niu_NU UTF-8 +# niu_NZ UTF-8 +# nl_AW UTF-8 +# nl_BE ISO-8859-1 +# nl_BE.UTF-8 UTF-8 +# nl_BE@euro ISO-8859-15 +# nl_NL ISO-8859-1 +# nl_NL.UTF-8 UTF-8 +# nl_NL@euro ISO-8859-15 +# nn_NO ISO-8859-1 +# nn_NO.UTF-8 UTF-8 +# nr_ZA UTF-8 +# nso_ZA UTF-8 +# oc_FR ISO-8859-1 +# oc_FR.UTF-8 UTF-8 +# om_ET UTF-8 +# om_KE ISO-8859-1 +# om_KE.UTF-8 UTF-8 +# or_IN UTF-8 +# os_RU UTF-8 +# pa_IN UTF-8 +# pa_PK UTF-8 +# pap_AW UTF-8 +# pap_CW UTF-8 +# pl_PL ISO-8859-2 +# pl_PL.UTF-8 UTF-8 +# ps_AF UTF-8 +# pt_BR ISO-8859-1 +# pt_BR.UTF-8 UTF-8 +# pt_PT ISO-8859-1 +# pt_PT.UTF-8 UTF-8 +# pt_PT@euro ISO-8859-15 +# quz_PE UTF-8 +# raj_IN UTF-8 +# ro_RO ISO-8859-2 +# ro_RO.UTF-8 UTF-8 +# ru_RU ISO-8859-5 +# ru_RU.CP1251 CP1251 +# ru_RU.KOI8-R KOI8-R +# ru_RU.UTF-8 UTF-8 +# ru_UA KOI8-U +# ru_UA.UTF-8 UTF-8 +# rw_RW UTF-8 +# sa_IN UTF-8 +# sat_IN UTF-8 +# sc_IT UTF-8 +# sd_IN UTF-8 +# sd_IN@devanagari UTF-8 +# se_NO UTF-8 +# sgs_LT UTF-8 +# shs_CA UTF-8 +# si_LK UTF-8 +# sid_ET UTF-8 +# sk_SK ISO-8859-2 +# sk_SK.UTF-8 UTF-8 +# sl_SI ISO-8859-2 +# sl_SI.UTF-8 UTF-8 +# so_DJ ISO-8859-1 +# so_DJ.UTF-8 UTF-8 +# so_ET UTF-8 +# so_KE ISO-8859-1 +# so_KE.UTF-8 UTF-8 +# so_SO ISO-8859-1 +# so_SO.UTF-8 UTF-8 +# sq_AL ISO-8859-1 +# sq_AL.UTF-8 UTF-8 +# sq_MK UTF-8 +# sr_ME UTF-8 +# sr_RS UTF-8 +# sr_RS@latin UTF-8 +# ss_ZA UTF-8 +# st_ZA ISO-8859-1 +# st_ZA.UTF-8 UTF-8 +# sv_FI ISO-8859-1 +# sv_FI.UTF-8 UTF-8 +# sv_FI@euro ISO-8859-15 +# sv_SE ISO-8859-1 +# sv_SE.ISO-8859-15 ISO-8859-15 +# sv_SE.UTF-8 UTF-8 +# sw_KE UTF-8 +# sw_TZ UTF-8 +# szl_PL UTF-8 +# ta_IN UTF-8 +# ta_LK UTF-8 +# tcy_IN.UTF-8 UTF-8 +# te_IN UTF-8 +# tg_TJ KOI8-T +# tg_TJ.UTF-8 UTF-8 +# th_TH TIS-620 +# th_TH.UTF-8 UTF-8 +# the_NP UTF-8 +# ti_ER UTF-8 +# ti_ET UTF-8 +# tig_ER UTF-8 +# tk_TM UTF-8 +# tl_PH ISO-8859-1 +# tl_PH.UTF-8 UTF-8 +# tn_ZA UTF-8 +# tr_CY ISO-8859-9 +# tr_CY.UTF-8 UTF-8 +# tr_TR ISO-8859-9 +# tr_TR.UTF-8 UTF-8 +# ts_ZA UTF-8 +# tt_RU UTF-8 +# tt_RU@iqtelif UTF-8 +# ug_CN UTF-8 +# uk_UA KOI8-U +# uk_UA.UTF-8 UTF-8 +# unm_US UTF-8 +# ur_IN UTF-8 +# ur_PK UTF-8 +# uz_UZ ISO-8859-1 +# uz_UZ.UTF-8 UTF-8 +# uz_UZ@cyrillic UTF-8 +# ve_ZA UTF-8 +# vi_VN UTF-8 +# wa_BE ISO-8859-1 +# wa_BE.UTF-8 UTF-8 +# wa_BE@euro ISO-8859-15 +# wae_CH UTF-8 +# wal_ET UTF-8 +# wo_SN UTF-8 +# xh_ZA ISO-8859-1 +# xh_ZA.UTF-8 UTF-8 +# yi_US CP1255 +# yi_US.UTF-8 UTF-8 +# yo_NG UTF-8 +# yue_HK UTF-8 +# zh_CN GB2312 +# zh_CN.GB18030 GB18030 +# zh_CN.GBK GBK +# zh_CN.UTF-8 UTF-8 +# zh_HK BIG5-HKSCS +# zh_HK.UTF-8 UTF-8 +# zh_SG GB2312 +# zh_SG.GBK GBK +# zh_SG.UTF-8 UTF-8 +# zh_TW BIG5 +# zh_TW.EUC-TW EUC-TW +# zh_TW.UTF-8 UTF-8 +# zu_ZA ISO-8859-1 +# zu_ZA.UTF-8 UTF-8 diff --git a/archived/all_new_2018/linkable_etc_files/all/etc/timezone b/archived/all_new_2018/linkable_etc_files/all/etc/timezone new file mode 100644 index 0000000..94d5acc --- /dev/null +++ b/archived/all_new_2018/linkable_etc_files/all/etc/timezone @@ -0,0 +1 @@ +Europe/Berlin diff --git a/archived/all_new_2018/linkable_etc_files/mail/etc/aliases b/archived/all_new_2018/linkable_etc_files/mail/etc/aliases new file mode 100644 index 0000000..59c52b4 --- /dev/null +++ b/archived/all_new_2018/linkable_etc_files/mail/etc/aliases @@ -0,0 +1,23 @@ +# /etc/aliases + +# As per RFC 2142. +mailer-daemon: plom +postmaster: plom +hostmaster: plom +usenet: plom +news: plom +webmaster: plom +www: plom +ftp: plom +abuse: plom +noc: plom +security: plom +root: plom + +# Personal aliases. +plomlompom: plom +christian.heller: plom +christian_heller: plom +christianheller: plom +c.heller: plom +heller: plom diff --git a/archived/all_new_2018/linkable_etc_files/mail/etc/dovecot/conf.d/99-auth.conf b/archived/all_new_2018/linkable_etc_files/mail/etc/dovecot/conf.d/99-auth.conf new file mode 100644 index 0000000..4a8549c --- /dev/null +++ b/archived/all_new_2018/linkable_etc_files/mail/etc/dovecot/conf.d/99-auth.conf @@ -0,0 +1,3 @@ +# This is only necessary when we use dovecot's LMTP mechanism to receive +# mail from postfix. +auth_username_format = %Ln diff --git a/archived/all_new_2018/linkable_etc_files/mail/etc/dovecot/conf.d/99-lmtp.conf b/archived/all_new_2018/linkable_etc_files/mail/etc/dovecot/conf.d/99-lmtp.conf new file mode 100644 index 0000000..097f04e --- /dev/null +++ b/archived/all_new_2018/linkable_etc_files/mail/etc/dovecot/conf.d/99-lmtp.conf @@ -0,0 +1,4 @@ +# Add sieve filtering. +protocol lmtp { + mail_plugins = $mail_plugins sieve +} diff --git a/archived/all_new_2018/linkable_etc_files/mail/etc/dovecot/conf.d/99-mail.conf b/archived/all_new_2018/linkable_etc_files/mail/etc/dovecot/conf.d/99-mail.conf new file mode 100644 index 0000000..1ea9178 --- /dev/null +++ b/archived/all_new_2018/linkable_etc_files/mail/etc/dovecot/conf.d/99-mail.conf @@ -0,0 +1 @@ +mail_privileged_group = mail \ No newline at end of file diff --git a/archived/all_new_2018/linkable_etc_files/mail/etc/dovecot/conf.d/99-master.conf b/archived/all_new_2018/linkable_etc_files/mail/etc/dovecot/conf.d/99-master.conf new file mode 100644 index 0000000..f8c5b43 --- /dev/null +++ b/archived/all_new_2018/linkable_etc_files/mail/etc/dovecot/conf.d/99-master.conf @@ -0,0 +1,20 @@ +service auth { + unix_listener auth-userdb { + } + + unix_listener /var/spool/postfix/private/auth { + mode = 0660 + user = postfix + group = postfix + } +} + +# We don't strictly need to provide a LMTP server to fetch mail from +# postfix, but we do if we want to do sophisticated stuff like sieve +# filtering on the way. +service lmtp { + inet_listener lmtp { + address = 127.0.0.1 + port = 2424 + } +} diff --git a/archived/all_new_2018/linkable_etc_files/mail/etc/dovecot/conf.d/99-ssl.conf b/archived/all_new_2018/linkable_etc_files/mail/etc/dovecot/conf.d/99-ssl.conf new file mode 100644 index 0000000..7fa2f5f --- /dev/null +++ b/archived/all_new_2018/linkable_etc_files/mail/etc/dovecot/conf.d/99-ssl.conf @@ -0,0 +1 @@ +ssl = required diff --git a/archived/all_new_2018/linkable_etc_files/mail/etc/iptables/rules.v4 b/archived/all_new_2018/linkable_etc_files/mail/etc/iptables/rules.v4 new file mode 100644 index 0000000..2950321 --- /dev/null +++ b/archived/all_new_2018/linkable_etc_files/mail/etc/iptables/rules.v4 @@ -0,0 +1,20 @@ +*filter +:INPUT DROP [0:0] +:FORWARD DROP [0:0] +:OUTPUT ACCEPT [0:0] +# otherwise self-referential connections to local host will fail +-A INPUT -i lo -j ACCEPT +# this enables ping etc. +-A INPUT -p icmp -j ACCEPT +# tolerate any inbound connections requested by our server, no matter the port +-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT +# SSH +-A INPUT -p tcp --dport 22 -j ACCEPT +# SMTP (allowing for STARTTLS); necessary for mail server to mail server banter +-A INPUT -p tcp --dport 25 -j ACCEPT +# SMTPS, for mail server to mail user agent communication +-A INPUT -p tcp --dport 465 -j ACCEPT +# IMAPS +-A INPUT -p tcp --dport 993 -j ACCEPT +COMMIT +# this last line is here because iptables-restore ignores the final command if no newline follows it \ No newline at end of file diff --git a/archived/all_new_2018/linkable_etc_files/mail/etc/mailutils.conf b/archived/all_new_2018/linkable_etc_files/mail/etc/mailutils.conf new file mode 100644 index 0000000..44efe26 --- /dev/null +++ b/archived/all_new_2018/linkable_etc_files/mail/etc/mailutils.conf @@ -0,0 +1,4 @@ +# mailutils by default uses the FQDN as the mail domain name, fix this +address { + email-domain REPLACE_maildomain_ECALPER; +}; diff --git a/archived/all_new_2018/linkable_etc_files/mail/etc/opendkim.conf b/archived/all_new_2018/linkable_etc_files/mail/etc/opendkim.conf new file mode 100644 index 0000000..dbd31b4 --- /dev/null +++ b/archived/all_new_2018/linkable_etc_files/mail/etc/opendkim.conf @@ -0,0 +1,86 @@ +# This is a basic configuration that can easily be adapted to suit a standard +# installation. For more advanced options, see opendkim.conf(5) and/or +# /usr/share/doc/opendkim/examples/opendkim.conf.sample. + +# Log to syslog +Syslog yes +# Required to use local socket with MTAs that access the socket as a non- +# privileged user (e.g. Postfix) +UMask 007 + +# Sign for example.com with key in /etc/dkimkeys/dkim.key using +# selector '2007' (e.g. 2007._domainkey.example.com) +#Domain example.com +#KeyFile /etc/dkimkeys/dkim.key +#Selector 2007 +Domain REPLACE_Domain_ECALPER +KeyFile /etc/dkimkeys/REPLACE_Selector_ECALPER.private +Selector REPLACE_Selector_ECALPER + +# Commonly-used options; the commented-out versions show the defaults. +#Canonicalization simple +#Mode sv +#SubDomains no +#SubDomains yes +Canonicalization relaxed/simple + +# Socket smtp://localhost +# +# ## Socket socketspec +# ## +# ## Names the socket where this filter should listen for milter connections +# ## from the MTA. Required. Should be in one of these forms: +# ## +# ## inet:port@address to listen on a specific interface +# ## inet:port to listen on all interfaces +# ## local:/path/to/socket to listen on a UNIX domain socket +# +#Socket inet:8892@localhost +#Socket local:/var/run/opendkim/opendkim.sock +Socket inet:12301@localhost + +## PidFile filename +### default (none) +### +### Name of the file where the filter should write its pid before beginning +### normal operations. +# +PidFile /var/run/opendkim/opendkim.pid + + +# Always oversign From (sign using actual From and a null From to prevent +# malicious signatures header fields (From and/or others) between the signer +# and the verifier. From is oversigned by default in the Debian pacakge +# because it is often the identity key used by reputation systems and thus +# somewhat security sensitive. +OversignHeaders From + +## ResolverConfiguration filename +## default (none) +## +## Specifies a configuration file to be passed to the Unbound library that +## performs DNS queries applying the DNSSEC protocol. See the Unbound +## documentation at http://unbound.net for the expected content of this file. +## The results of using this and the TrustAnchorFile setting at the same +## time are undefined. +## In Debian, /etc/unbound/unbound.conf is shipped as part of the Suggested +## unbound package + +# ResolverConfiguration /etc/unbound/unbound.conf + +## TrustAnchorFile filename +## default (none) +## +## Specifies a file from which trust anchor data should be read when doing +## DNS queries and applying the DNSSEC protocol. See the Unbound documentation +## at http://unbound.net for the expected format of this file. + +TrustAnchorFile /usr/share/dns/root.key + +## Userid userid +### default (none) +### +### Change to user "userid" before starting normal operation? May include +### a group ID as well, separated from the userid by a colon. +# +UserID opendkim \ No newline at end of file diff --git a/archived/all_new_2018/linkable_etc_files/mail/etc/postfix/main.cf b/archived/all_new_2018/linkable_etc_files/mail/etc/postfix/main.cf new file mode 100644 index 0000000..7074961 --- /dev/null +++ b/archived/all_new_2018/linkable_etc_files/mail/etc/postfix/main.cf @@ -0,0 +1,59 @@ +# See /usr/share/postfix/main.cf.dist for a commented, more complete version + + +# Debian specific: Specifying a file name will cause the first +# line of that file to be used as the name. The Debian default +# is /etc/mailname. +#myorigin = /etc/mailname + +smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) +biff = no + +# appending .domain is the MUA's job. +append_dot_mydomain = no + +# Uncomment the next line to generate "delayed mail" warnings +#delay_warning_time = 4h + +readme_directory = no + +# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on +# fresh installs. +compatibility_level = 2 + +# TLS parameters (excluding smtpd_tls_(cert|key)_file for own adaption below) +smtpd_use_tls=yes +smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache +smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache + +# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for +# information on enabling SSL in the smtp client. + +smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination +myorigin = /etc/mailname +myhostname = REPLACE_myhostname_ECALPER +alias_maps = hash:/etc/aliases +alias_database = hash:/etc/aliases +mydestination = $myhostname localhost.$mydomain localhost REPLACE_mydomain_if_domainwide_ECALPER +relayhost = +mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 +mailbox_size_limit = 0 +recipient_delimiter = + +inet_interfaces = all +inet_protocols = all + +# plomlompom-specific adaptions to allow TLS and SASL via LetsEncrypt/Dovecot. +smtpd_tls_cert_file=/etc/letsencrypt/live/${myhostname}/fullchain.pem +smtpd_tls_key_file=/etc/letsencrypt/live/${myhostname}/privkey.pem +smtpd_sasl_type = dovecot +smtpd_sasl_path = private/auth + +# connect to opendkim +smtpd_milters = inet:localhost:12301 +non_smtpd_milters = inet:localhost:12301 + +# transport mail to dovecot; not strictly needed, as even without this +# postfix will throw mail to /var/mail/USER to be found by dovecot for +# serving via IMAP etc.; but using dovecot's LMTP server for delivery +# allows us to do stuff like dovecot-side sieve filtering. +mailbox_transport = lmtp:inet:127.0.0.1:2424 \ No newline at end of file diff --git a/archived/all_new_2018/linkable_etc_files/mail/etc/postfix/master.cf b/archived/all_new_2018/linkable_etc_files/mail/etc/postfix/master.cf new file mode 100644 index 0000000..bce1262 --- /dev/null +++ b/archived/all_new_2018/linkable_etc_files/mail/etc/postfix/master.cf @@ -0,0 +1,124 @@ +# +# Postfix master process configuration file. For details on the format +# of the file, see the master(5) manual page (command: "man 5 master" or +# on-line: http://www.postfix.org/master.5.html). +# +# Do not forget to execute "postfix reload" after editing this file. +# +# ========================================================================== +# service type private unpriv chroot wakeup maxproc command + args +# (yes) (yes) (no) (never) (100) +# ========================================================================== +smtp inet n - y - - smtpd +#smtp inet n - y - 1 postscreen +#smtpd pass - - y - - smtpd +#dnsblog unix - - y - 0 dnsblog +#tlsproxy unix - - y - 0 tlsproxy +#submission inet n - y - - smtpd +# -o syslog_name=postfix/submission +# -o smtpd_tls_security_level=encrypt +# -o smtpd_sasl_auth_enable=yes +# -o smtpd_reject_unlisted_recipient=no +# -o smtpd_client_restrictions=$mua_client_restrictions +# -o smtpd_helo_restrictions=$mua_helo_restrictions +# -o smtpd_sender_restrictions=$mua_sender_restrictions +# -o smtpd_recipient_restrictions= +# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject +# -o milter_macro_daemon_name=ORIGINATING +smtps inet n - y - - smtpd + -o syslog_name=postfix/smtps + -o smtpd_tls_wrappermode=yes + -o smtpd_sasl_auth_enable=yes + -o smtpd_reject_unlisted_recipient=no +# -o smtpd_client_restrictions=$mua_client_restrictions +# -o smtpd_helo_restrictions=$mua_helo_restrictions +# -o smtpd_sender_restrictions=$mua_sender_restrictions +# -o smtpd_recipient_restrictions= +# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject +# -o milter_macro_daemon_name=ORIGINATING +#628 inet n - y - - qmqpd +pickup unix n - y 60 1 pickup +cleanup unix n - y - 0 cleanup +qmgr unix n - n 300 1 qmgr +#qmgr unix n - n 300 1 oqmgr +tlsmgr unix - - y 1000? 1 tlsmgr +rewrite unix - - y - - trivial-rewrite +bounce unix - - y - 0 bounce +defer unix - - y - 0 bounce +trace unix - - y - 0 bounce +verify unix - - y - 1 verify +flush unix n - y 1000? 0 flush +proxymap unix - - n - - proxymap +proxywrite unix - - n - 1 proxymap +smtp unix - - y - - smtp +relay unix - - y - - smtp +# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 +showq unix n - y - - showq +error unix - - y - - error +retry unix - - y - - error +discard unix - - y - - discard +local unix - n n - - local +virtual unix - n n - - virtual +lmtp unix - - y - - lmtp +anvil unix - - y - 1 anvil +scache unix - - y - 1 scache +# +# ==================================================================== +# Interfaces to non-Postfix software. Be sure to examine the manual +# pages of the non-Postfix software to find out what options it wants. +# +# Many of the following services use the Postfix pipe(8) delivery +# agent. See the pipe(8) man page for information about ${recipient} +# and other message envelope options. +# ==================================================================== +# +# maildrop. See the Postfix MAILDROP_README file for details. +# Also specify in main.cf: maildrop_destination_recipient_limit=1 +# +maildrop unix - n n - - pipe + flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient} +# +# ==================================================================== +# +# Recent Cyrus versions can use the existing "lmtp" master.cf entry. +# +# Specify in cyrus.conf: +# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4 +# +# Specify in main.cf one or more of the following: +# mailbox_transport = lmtp:inet:localhost +# virtual_transport = lmtp:inet:localhost +# +# ==================================================================== +# +# Cyrus 2.1.5 (Amos Gouaux) +# Also specify in main.cf: cyrus_destination_recipient_limit=1 +# +#cyrus unix - n n - - pipe +# user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user} +# +# ==================================================================== +# Old example of delivery via Cyrus. +# +#old-cyrus unix - n n - - pipe +# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user} +# +# ==================================================================== +# +# See the Postfix UUCP_README file for configuration details. +# +uucp unix - n n - - pipe + flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) +# +# Other external delivery methods. +# +ifmail unix - n n - - pipe + flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) +bsmtp unix - n n - - pipe + flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient +scalemail-backend unix - n n - 2 pipe + flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension} +mailman unix - n n - - pipe + flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py + ${nexthop} ${user} + diff --git a/archived/all_new_2018/linkable_etc_files/mail/etc/systemd/system/fetchmail.service b/archived/all_new_2018/linkable_etc_files/mail/etc/systemd/system/fetchmail.service new file mode 100644 index 0000000..dc8acb4 --- /dev/null +++ b/archived/all_new_2018/linkable_etc_files/mail/etc/systemd/system/fetchmail.service @@ -0,0 +1,8 @@ +[Unit] +Description=Run plom's fetchmail + +[Service] +Type=oneshot +User=plom +# fetchmail returns 1 when no new mail, we want to catch that +ExecStart=/bin/sh -c 'fetchmail || [ $? -eq 1 ]' diff --git a/archived/all_new_2018/linkable_etc_files/mail/etc/systemd/system/pingmail.service b/archived/all_new_2018/linkable_etc_files/mail/etc/systemd/system/pingmail.service new file mode 100644 index 0000000..e332114 --- /dev/null +++ b/archived/all_new_2018/linkable_etc_files/mail/etc/systemd/system/pingmail.service @@ -0,0 +1,7 @@ +[Unit] +Description=Run pingmail check + +[Service] +Type=oneshot +User=plom +ExecStart=/bin/sh -c '~/pingmail/pingmail check' diff --git a/archived/all_new_2018/linkable_etc_files/mail/etc/systemd/system/timers.target.wants/fetchmail.timer b/archived/all_new_2018/linkable_etc_files/mail/etc/systemd/system/timers.target.wants/fetchmail.timer new file mode 100644 index 0000000..c67e8e7 --- /dev/null +++ b/archived/all_new_2018/linkable_etc_files/mail/etc/systemd/system/timers.target.wants/fetchmail.timer @@ -0,0 +1,8 @@ +[Unit] +Description=Run fetchmail once every minute + +[Timer] +OnCalendar=*-*-* *:*:00 + +[Install] +WantedBy=timers.target diff --git a/archived/all_new_2018/linkable_etc_files/mail/etc/systemd/system/timers.target.wants/pingmail.timer b/archived/all_new_2018/linkable_etc_files/mail/etc/systemd/system/timers.target.wants/pingmail.timer new file mode 100644 index 0000000..dba0c9f --- /dev/null +++ b/archived/all_new_2018/linkable_etc_files/mail/etc/systemd/system/timers.target.wants/pingmail.timer @@ -0,0 +1,8 @@ +[Unit] +Description=Run pingmail check once every hour + +[Timer] +OnCalendar=*-*-* *:00:00 + +[Install] +WantedBy=timers.target diff --git a/archived/all_new_2018/linkable_etc_files/play/etc/systemd/system/encrypt_chatlogs.service b/archived/all_new_2018/linkable_etc_files/play/etc/systemd/system/encrypt_chatlogs.service new file mode 100644 index 0000000..d0fcb9c --- /dev/null +++ b/archived/all_new_2018/linkable_etc_files/play/etc/systemd/system/encrypt_chatlogs.service @@ -0,0 +1,6 @@ +[Unit] +Description=Pull website repo +[Service] +Type=oneshot +User=plom +ExecStart=/bin/sh -c '~/encrypter.sh' diff --git a/archived/all_new_2018/linkable_etc_files/play/etc/systemd/system/timers.target.wants/encrypt_chatlogs.timer b/archived/all_new_2018/linkable_etc_files/play/etc/systemd/system/timers.target.wants/encrypt_chatlogs.timer new file mode 100644 index 0000000..79a6e1e --- /dev/null +++ b/archived/all_new_2018/linkable_etc_files/play/etc/systemd/system/timers.target.wants/encrypt_chatlogs.timer @@ -0,0 +1,8 @@ +[Unit] +Description=Attempt encryption of old chatlogs once every minute. + +[Timer] +OnCalendar=*-*-* *:*:00 + +[Install] +WantedBy=timers.target \ No newline at end of file diff --git a/archived/all_new_2018/linkable_etc_files/sendonly/etc/aliases b/archived/all_new_2018/linkable_etc_files/sendonly/etc/aliases new file mode 100644 index 0000000..01e159c --- /dev/null +++ b/archived/all_new_2018/linkable_etc_files/sendonly/etc/aliases @@ -0,0 +1,3 @@ +# /etc/aliases +postmaster: root +root: plom@plomlompom.com \ No newline at end of file diff --git a/archived/all_new_2018/linkable_etc_files/sendonly/etc/postfix/main.cf b/archived/all_new_2018/linkable_etc_files/sendonly/etc/postfix/main.cf new file mode 100644 index 0000000..d081783 --- /dev/null +++ b/archived/all_new_2018/linkable_etc_files/sendonly/etc/postfix/main.cf @@ -0,0 +1,38 @@ +# See /usr/share/postfix/main.cf.dist for a commented, more complete version + + +# Debian specific: Specifying a file name will cause the first +# line of that file to be used as the name. The Debian default +# is /etc/mailname. +#myorigin = /etc/mailname + +smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) +biff = no + +# appending .domain is the MUA's job. +append_dot_mydomain = no + +# Uncomment the next line to generate "delayed mail" warnings +#delay_warning_time = 4h + +readme_directory = no + +# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on +# fresh installs. +compatibility_level = 2 + +# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for +# information on enabling SSL in the smtp client. + +smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination +myorigin = /etc/mailname +myhostname = $myorigin +alias_maps = hash:/etc/aliases +alias_database = hash:/etc/aliases +mydestination = $myhostname localhost.$mydomain localhost +relayhost = +mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 +mailbox_size_limit = 0 +recipient_delimiter = + +inet_interfaces = loopback-only +inet_protocols = all \ No newline at end of file diff --git a/archived/all_new_2018/linkable_etc_files/server/etc/iptables/rules.v4 b/archived/all_new_2018/linkable_etc_files/server/etc/iptables/rules.v4 new file mode 100644 index 0000000..8e0b1f6 --- /dev/null +++ b/archived/all_new_2018/linkable_etc_files/server/etc/iptables/rules.v4 @@ -0,0 +1,14 @@ +*filter +:INPUT DROP [0:0] +:FORWARD DROP [0:0] +:OUTPUT ACCEPT [0:0] +# otherwise self-referential connections to local host will fail +-A INPUT -i lo -j ACCEPT +# tolerate any inbound connections requested by our server, no matter the port +-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT +# this enables ping etc. +-A INPUT -p icmp -j ACCEPT +# SSH +-A INPUT -p tcp --dport 22 -j ACCEPT +COMMIT +# this last line is here because iptables-restore ignores the final command if no newline follows it \ No newline at end of file diff --git a/archived/all_new_2018/linkable_etc_files/server/etc/ssh/sshd_config b/archived/all_new_2018/linkable_etc_files/server/etc/ssh/sshd_config new file mode 100644 index 0000000..89d08ac --- /dev/null +++ b/archived/all_new_2018/linkable_etc_files/server/etc/ssh/sshd_config @@ -0,0 +1,126 @@ +# $OpenBSD: sshd_config,v 1.100 2016/08/15 12:32:04 naddy Exp $ + +# This is the sshd server system-wide configuration file. See +# sshd_config(5) for more information. + +# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin + +# The strategy used for options in the default sshd_config shipped with +# OpenSSH is to specify options with their default value where +# possible, but leave them commented. Uncommented options override the +# default value. + +Port 22 +#AddressFamily any +#ListenAddress 0.0.0.0 +#ListenAddress :: + +#HostKey /etc/ssh/ssh_host_rsa_key +#HostKey /etc/ssh/ssh_host_ecdsa_key +#HostKey /etc/ssh/ssh_host_ed25519_key + +# Ciphers and keying +#RekeyLimit default none + +# Logging +#SyslogFacility AUTH +#LogLevel INFO + +# Authentication: + +#LoginGraceTime 2m +PermitRootLogin no # plomlompom's security rule +#StrictModes yes +#MaxAuthTries 6 +#MaxSessions 10 + +#PubkeyAuthentication yes + +# Expect .ssh/authorized_keys2 to be disregarded by default in future. +#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2 + +#AuthorizedPrincipalsFile none + +#AuthorizedKeysCommand none +#AuthorizedKeysCommandUser nobody + +# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts +#HostbasedAuthentication no +# Change to yes if you don't trust ~/.ssh/known_hosts for +# HostbasedAuthentication +#IgnoreUserKnownHosts no +# Don't read the user's ~/.rhosts and ~/.shosts files +#IgnoreRhosts yes + +# To disable tunneled clear text passwords, change to no here! +#PasswordAuthentication yes +#PermitEmptyPasswords no + +# Change to yes to enable challenge-response passwords (beware issues with +# some PAM modules and threads) +ChallengeResponseAuthentication no + +# Kerberos options +#KerberosAuthentication no +#KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes +#KerberosGetAFSToken no + +# GSSAPI options +#GSSAPIAuthentication no +#GSSAPICleanupCredentials yes +#GSSAPIStrictAcceptorCheck yes +#GSSAPIKeyExchange no + +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will +# be allowed through the ChallengeResponseAuthentication and +# PasswordAuthentication. Depending on your PAM configuration, +# PAM authentication via ChallengeResponseAuthentication may bypass +# the setting of "PermitRootLogin yes +# If you just want the PAM account and session checks to run without +# PAM authentication, then enable this but set PasswordAuthentication +# and ChallengeResponseAuthentication to 'no'. +UsePAM yes + +#AllowAgentForwarding yes +#AllowTcpForwarding yes +#GatewayPorts no +X11Forwarding yes +#X11DisplayOffset 10 +#X11UseLocalhost yes +#PermitTTY yes +PrintMotd no +#PrintLastLog yes +#TCPKeepAlive yes +#UseLogin no +#UsePrivilegeSeparation sandbox +#PermitUserEnvironment no +#Compression delayed +#ClientAliveInterval 0 +#ClientAliveCountMax 3 +#UseDNS no +#PidFile /var/run/sshd.pid +#MaxStartups 10:30:100 +#PermitTunnel no +#ChrootDirectory none +#VersionAddendum none + +# no default banner path +#Banner none + +# Allow client to pass locale environment variables +AcceptEnv LANG LC_* + +# override default of no subsystems +Subsystem sftp /usr/lib/openssh/sftp-server + +# Example of overriding settings on a per-user basis +#Match User anoncvs +# X11Forwarding no +# AllowTcpForwarding no +# PermitTTY no +# ForceCommand cvs server + +ClientAliveInterval 120 +PasswordAuthentication no # plomlompom's security rule diff --git a/archived/all_new_2018/linkable_etc_files/web/etc/cron.d/certbot b/archived/all_new_2018/linkable_etc_files/web/etc/cron.d/certbot new file mode 100644 index 0000000..1fd8aaf --- /dev/null +++ b/archived/all_new_2018/linkable_etc_files/web/etc/cron.d/certbot @@ -0,0 +1,17 @@ +# /etc/cron.d/certbot: crontab entries for the certbot package +# +# Upstream recommends attempting renewal twice a day +# +# Eventually, this will be an opportunity to validate certificates +# haven't been revoked, etc. Renewal will only occur if expiration +# is within 30 days. +SHELL=/bin/sh +PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin + +# plomlompom added the --webroot -w /var/www/html/ so that renewal +# works with nginx running, and the nginx reload post-hook so that +# the new certificates are linked to by nginx. Note that by default +# we rely on the systemd timer service file instead of this cronjob, +# but since both are installed by the certbot package to serve which +# ever of the two is used, we cautiously adapt both of them too. +0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(3600))' && certbot -q renew --webroot -w /var/www/html/ --post-hook "service nginx reload" diff --git a/archived/all_new_2018/linkable_etc_files/web/etc/gitweb.conf b/archived/all_new_2018/linkable_etc_files/web/etc/gitweb.conf new file mode 100644 index 0000000..71ce3c5 --- /dev/null +++ b/archived/all_new_2018/linkable_etc_files/web/etc/gitweb.conf @@ -0,0 +1,19 @@ +# path to git projects (.git) +$projectroot = "/var/public_repos"; + +# directory to use for temp files +# explicitely set by Debian so it's probably a good choice +$git_temp = "/tmp"; + +# git-diff-tree(1) options to use for generated patches +# we don't want to to guess renames, so empty +@diff_opts = (); + +# Base path for where to find the repos for cloning. +@git_base_url_list = ('https://REPLACE_fqdn_ECALPER/repos/clone'); + +# allow snapshots +$feature{'snapshot'}{'default'} = ['zip', 'tgz']; + +# insert header for GDPR compliance +$site_header = "/var/www/header.html" diff --git a/archived/all_new_2018/linkable_etc_files/web/etc/iptables/rules.v4 b/archived/all_new_2018/linkable_etc_files/web/etc/iptables/rules.v4 new file mode 100644 index 0000000..9b714c6 --- /dev/null +++ b/archived/all_new_2018/linkable_etc_files/web/etc/iptables/rules.v4 @@ -0,0 +1,18 @@ +*filter +:INPUT DROP [0:0] +:FORWARD DROP [0:0] +:OUTPUT ACCEPT [0:0] +# otherwise self-referential connections to local host will fail +-A INPUT -i lo -j ACCEPT +# tolerate any inbound connections requested by our server, no matter the port +-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT +# this enables ping etc. +-A INPUT -p icmp -j ACCEPT +# SSH +-A INPUT -p tcp --dport 22 -j ACCEPT +# HTTP +-A INPUT -p tcp --dport 80 -j ACCEPT +# HTTPS +-A INPUT -p tcp --dport 443 -j ACCEPT +COMMIT +# this last line is here because iptables-restore ignores the final command if no newline follows it \ No newline at end of file diff --git a/archived/all_new_2018/linkable_etc_files/web/etc/nginx/nginx.conf b/archived/all_new_2018/linkable_etc_files/web/etc/nginx/nginx.conf new file mode 100644 index 0000000..f1be9e6 --- /dev/null +++ b/archived/all_new_2018/linkable_etc_files/web/etc/nginx/nginx.conf @@ -0,0 +1,84 @@ +# system integration +user www-data; +worker_processes auto; +pid /run/nginx.pid; + +# we need this for the xslt_stylesheet directive below +#load_module modules/ngx_http_xslt_filter_module.so; + +# is expected even if empty +events { +} + +http { + # define content-type headers + types { + text/html html htm shtml; + text/css css; + text/xml xml; + text/plain txt sh rst md asc; + application/xhtml+xml xhtml; + application/pdf pdf; + image/jpeg jpg jpeg; + image/png png; + } + default_type application/octet_stream; + charset utf-8; + + # logging deactivated due to GDPR + #access_log /var/log/nginx/access.log; + #error_log /var/log/nginx/error.log; + + # HTTP server: only enforce HTTPS + server { + listen 80; + return 301 https://$host$request_uri; + } + + # HTTPS server + server { + listen 443 ssl; + server_name REPLACE_fqdn_ECALPER; + ssl_certificate /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/privkey.pem; + root /var/www/html/; + index index.html index.htm index.nginx-debian.html; + + # serve /var/www/public_repos/* for HTTPS git cloning + location ~ /repos/clone(/.*) { + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend; + fastcgi_param GIT_HTTP_EXPORT_ALL ""; + fastcgi_param GIT_PROJECT_ROOT /var/public_repos; + fastcgi_param PATH_INFO $1; + fastcgi_pass unix:/var/run/fcgiwrap.socket; + } + + # gitweb static files + location /repos/static/ { + alias /usr/share/gitweb/static/; + } + + # gitweb; this needs packages fcgiwrap and gitweb + location /repos/ { + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME /usr/share/gitweb/gitweb.cgi; + fastcgi_param GITWEB_CONFIG /etc/gitweb.conf; + fastcgi_pass unix:/var/run/fcgiwrap.socket; + } + + # login-protected IRC logs + location ~ /irclogs/([^/]+)/ { + auth_basic "$1 logs"; + auth_basic_user_file /var/www/irclogs_pw/$1; + autoindex on; + } + + ## entry for IRC logs + #location /irclogs/ { + # autoindex on; + # autoindex_format xml; + # xslt_stylesheet /var/www/autoindex.xslt; + #} + } +} diff --git a/archived/all_new_2018/linkable_etc_files/web/etc/systemd/system/certbot.service b/archived/all_new_2018/linkable_etc_files/web/etc/systemd/system/certbot.service new file mode 100644 index 0000000..0d20d1f --- /dev/null +++ b/archived/all_new_2018/linkable_etc_files/web/etc/systemd/system/certbot.service @@ -0,0 +1,11 @@ +[Unit] +Description=Certbot +Documentation=file:///usr/share/doc/python-certbot-doc/html/index.html +Documentation=https://letsencrypt.readthedocs.io/en/latest/ +[Service] +# plomlompom added the --webroot -w /var/www/html/ so that renewal +# works with nginx running, and the nginx reload post-hook so that +# the new certificates are linked to by nginx. +Type=oneshot +ExecStart=/usr/bin/certbot -q renew --webroot -w /var/www/html/ --post-hook "service nginx reload" +PrivateTmp=true \ No newline at end of file diff --git a/archived/all_new_2018/linkable_etc_files/web/etc/systemd/system/plomlombot.service b/archived/all_new_2018/linkable_etc_files/web/etc/systemd/system/plomlombot.service new file mode 100644 index 0000000..a4f6769 --- /dev/null +++ b/archived/all_new_2018/linkable_etc_files/web/etc/systemd/system/plomlombot.service @@ -0,0 +1,11 @@ +[Unit] +Description=plomlombot screen + +[Service] +Type=simple +User=plom +ExecStart=/bin/sh -c '~/plomlombot_daemon.sh' +Restart=always + +[Install] +WantedBy=multi-user.target diff --git a/archived/all_new_2018/setup_scripts/add_encryption_key.sh b/archived/all_new_2018/setup_scripts/add_encryption_key.sh new file mode 100755 index 0000000..71a9488 --- /dev/null +++ b/archived/all_new_2018/setup_scripts/add_encryption_key.sh @@ -0,0 +1,30 @@ +#!/bin/sh +set -e + +# Ensure we have a GPG target to encrypt to. +if [ $# -lt 1 ]; then + echo "Need public key ID as argument." + false +fi +gpg_key="$1" + +config_tree_prefix="${HOME}/config/all_new_2018" +apt -y install gnupg dirmngr +keyservers='sks-keyservers.net/ keys.gnupg.net' +set +e +while true; do + do_break=0 + for keyserver in $(echo "${keyservers}"); do + su plom -c "gpg --no-tty --keyserver $keyserver --recv-key ${gpg_key}" + if [ $? -eq "0" ]; then + do_break=1 + break + fi + echo "Attempt with keyserver ${keyserver} unsuccessful, trying other." + done + if [ "${do_break}" -eq "1" ]; then + break + fi +done +set -e +# TODO: We may remove dirmngr here if only this script installed it. diff --git a/archived/all_new_2018/setup_scripts/hardlink_etc.sh b/archived/all_new_2018/setup_scripts/hardlink_etc.sh new file mode 100755 index 0000000..9d9acc2 --- /dev/null +++ b/archived/all_new_2018/setup_scripts/hardlink_etc.sh @@ -0,0 +1,24 @@ +#!/bin/sh +# Hard link files to those in argument-selected subdirectories of +# linkable_etc_files//, e.g. link /etc/foo/bar to +# linkable_etc_files/$1/etc/foo/bar and so on. Create directories as +# necessary. We do the hard linking so files that should be readable to +# non-root in /etc/ remain so despite having a path below /root/, as +# symbolic links point into /root/ without making the targets readable +# to non-root. +# CAUTION: This removes original files at the affected paths. +set -e + +config_tree_prefix="${HOME}/config/all_new_2018" +linkable_files_dir="${config_tree_prefix}/linkable_etc_files" + +for target in "$@"; do + cd "${linkable_files_dir}/${target}" + for path in $(find . -type f); do + linking=$(echo "${path}" | cut -c2-) + linked=$(realpath "${path}") + dir=$(dirname "${linking}") + mkdir -p "${dir}" + ln -f "${linked}" "${linking}" + done +done diff --git a/archived/all_new_2018/setup_scripts/init_user_and_keybased_login.sh b/archived/all_new_2018/setup_scripts/init_user_and_keybased_login.sh new file mode 100755 index 0000000..6a46c20 --- /dev/null +++ b/archived/all_new_2018/setup_scripts/init_user_and_keybased_login.sh @@ -0,0 +1,52 @@ +#!/bin/sh +# This script turns a fresh server with password-based root access to +# one of only key-based access and only to new non-root account plom. +# +# CAUTION: This is optimized for a *fresh* setup. It will overwrite any +# pre-existing ~/.ssh/authorized_keys of user plom with one that solely +# contains the local ~/.ssh/id_rsa.pub, and also any old +# /etc/ssh/sshd_config. +# +# Dependencies: ssh, scp, sshpass, ~/.ssh/id_rsa.pub, properly +# configured sshd_config file in reach. +set -e + +# Location auf a sshd_config with "PermitRootLogin no" and +# "PasswordAuthentication no". +config_tree_prefix="${HOME}/config/all_new_2018" +linkable_files_dir="${config_tree_prefix}/linkable_etc_files/server" +system_path_sshd_config='/etc/ssh/sshd_config' +local_path_sshd_config="${linkable_files_dir}/${system_path_sshd_config}" + +# Ensure we have a server name as argument. +if [ $# -eq 0 ]; then + echo "Need server as argument." + false +fi +server="$1" + +# Ask for root password only once, sshpass will re-use it then often. +stty -echo +printf "Server root password: " +read PW_ROOT +stty echo +printf "\n" +export SSHPASS="${PW_ROOT}" + +# Create user plom, and his ~/.ssh/authorized_keys based on the local +# ~/.ssh/id_rsa.pub; ensure the result has proper permissions and +# ownerships. Then disable root and pw login by copying over the +# sshd_config and restart ssh daemon. +# +# This could be a line or two shorter by using ssh-copy-id, but that +# would require setting a password for user plom otherwise not needed. +sshpass -e scp ~/.ssh/id_rsa.pub root@"${server}":/tmp/authorized_keys +sshpass -e ssh root@"${server}" \ + 'useradd -m plom && '\ + 'mkdir /home/plom/.ssh && '\ + 'chown plom:plom /home/plom/.ssh && '\ + 'chown plom:plom /tmp/authorized_keys && '\ + 'chmod u=rw,go= /tmp/authorized_keys && '\ + 'mv /tmp/authorized_keys /home/plom/.ssh/' +sshpass -e scp "${local_path_sshd_config}" root@"${server}":"${system_path_sshd_config}" +sshpass -e ssh root@"${server}" 'service ssh restart' diff --git a/archived/all_new_2018/setup_scripts/install_for_target.sh b/archived/all_new_2018/setup_scripts/install_for_target.sh new file mode 100755 index 0000000..53914d6 --- /dev/null +++ b/archived/all_new_2018/setup_scripts/install_for_target.sh @@ -0,0 +1,19 @@ +#!/bin/sh +# Walks through the package names in the argument-selected files of +# apt-mark/ and ensures the respective packages are installed. +# +# Ignores anything in an apt-mark/ file after the last newline. +set -e + +config_tree_prefix="${HOME}/config/all_new_2018" +aptmark_dir="${config_tree_prefix}/apt-mark" + +for target in "$@"; do + path="${aptmark_dir}/${target}" + cat "${path}" | while read line; do + echo "$line" + if [ ! $(echo "${line}" | cut -c1) = "#" ]; then + apt-get -y install "${line}" + fi + done +done diff --git a/archived/all_new_2018/setup_scripts/letsencrypt.sh b/archived/all_new_2018/setup_scripts/letsencrypt.sh new file mode 100755 index 0000000..29ed3b6 --- /dev/null +++ b/archived/all_new_2018/setup_scripts/letsencrypt.sh @@ -0,0 +1,31 @@ +#!/bin/sh +# Certify current server with LetsEncrypt. +# Uses hostname -f for the domain we want to certify. +set -e + +# Ensure we have a mail address as argument. +if [ $# -lt 1 ]; then + echo "Need mail address as argument." + false +fi +mail_address="$1" + +# We need certbot to get LetsEncrypt certificates. +apt install -y certbot + +# If port 80 blocked by iptables, open it. +set +e +iptables -C INPUT -p tcp --dport 80 -j ACCEPT +open_iptables="$?" +set -e +if [ "${open_iptables}" -eq "1" ]; then + iptables -A INPUT -p tcp --dport 80 -j ACCEPT +fi + +# Create new certificate and copy it to /etc/letsencrypt. +certbot certonly --standalone --agree-tos -m "${mail_address}" -d "$(hostname -f)" + +# Remove iptables rule to open port 80 if we added it. +if [ "${open_iptables}" -eq "1" ]; then + iptables -D INPUT -p tcp --dport 80 -j ACCEPT +fi diff --git a/archived/all_new_2018/setup_scripts/letsencrypt_get.sh b/archived/all_new_2018/setup_scripts/letsencrypt_get.sh new file mode 100755 index 0000000..c2b3e9f --- /dev/null +++ b/archived/all_new_2018/setup_scripts/letsencrypt_get.sh @@ -0,0 +1,20 @@ +#!/bin/sh +# Copy over LetsEncrypt certificates from another server. +set -e + +# Ensure we have a server name as argument. +if [ $# -lt 1 ]; then + echo "Need server as argument." + false +fi +server="$1" + +# Copy over. +ssh -t plom@${server} 'su -c "cd /etc/ && tar cf letsencrypt.tar letsencrypt && chown plom:plom letsencrypt.tar && mv letsencrypt.tar /home/plom/"' +scp plom@${server}:~/letsencrypt.tar . +apt -y install certbot +rmdir /etc/letsencrypt +mv letsencrypt.tar /etc/ +cd /etc/ +tar xf letsencrypt.tar +rm letsencrypt.tar diff --git a/archived/all_new_2018/setup_scripts/mirror_dir.sh b/archived/all_new_2018/setup_scripts/mirror_dir.sh new file mode 100755 index 0000000..0fc03aa --- /dev/null +++ b/archived/all_new_2018/setup_scripts/mirror_dir.sh @@ -0,0 +1,23 @@ +#!/bin/sh +# Mirror directory tree from remote to local server, keeping the path. +set -e + +if [ $# -lt 2 ]; then + echo "Need server and directory as arguments." + false +fi +server=$1 +dir=$2 +path_package=/tmp/delete.tar + +eval `ssh-agent` +ssh-add +cd +ssh plom@"${server}" "cd \"${dir}\" && tar cf ${path_package} ." +scp plom@"${server}":"${path_package}" "${path_package}" +mkdir -p "${dir}" +cd "${dir}" +tar xf "${path_package}" +cd +rm "${path_package}" +ssh plom@"${server}" rm "${path_package}" diff --git a/archived/all_new_2018/setup_scripts/prepare_to_meet_server.sh b/archived/all_new_2018/setup_scripts/prepare_to_meet_server.sh new file mode 100755 index 0000000..13d05ca --- /dev/null +++ b/archived/all_new_2018/setup_scripts/prepare_to_meet_server.sh @@ -0,0 +1,18 @@ +#!/bin/sh +# Do some of the steps necessary to SSH (key-based) with another server. +set -e + +target="$1" + +# We need a public key to copy over, so generate it if not found. +if [ ! -f ~/.ssh/id_rsa.pub ]; then + ssh-keygen +fi + +# Add target to ~/.ssh/known_hosts so we don't get +# asked for permission at inopportune moments. +ssh-keyscan -H "$target" >> ~/.ssh/known_hosts + +# Tell user what to do. +echo "APPEND FOLLOWING TO TARGET'S ~/.ssh/authorized_keys:" +cat ~/.ssh/id_rsa.pub diff --git a/archived/all_new_2018/setup_scripts/purge_nonrequireds.sh b/archived/all_new_2018/setup_scripts/purge_nonrequireds.sh new file mode 100755 index 0000000..e444a55 --- /dev/null +++ b/archived/all_new_2018/setup_scripts/purge_nonrequireds.sh @@ -0,0 +1,26 @@ +#!/bin/sh +# This script removes all Debian packages that are not of Priority +# "required" or not depended on by packages of priority "required" +# or not listed in the argument-selected files of apt-mark/. +set -e + +config_tree_prefix="${HOME}/config/all_new_2018" +aptmark_dir="${config_tree_prefix}/apt-mark" + +dpkg-query -Wf '${Package} ${Priority}\n' | grep ' required' | sed 's/ required//' > /tmp/list_white_unsorted +for target in "$@"; do + path="${aptmark_dir}/${target}" + cat "${path}" | while read line; do + if [ ! $(echo "${line}" | cut -c1) = "#" ]; then + echo "${line}" >> /tmp/list_white_unsorted + fi + done +done +sort /tmp/list_white_unsorted > /tmp/list_white +dpkg-query -Wf '${Package}\n' > /tmp/list_all_packages +sort /tmp/list_all_packages > /tmp/foo +mv /tmp/foo /tmp/list_all_packages +comm -3 /tmp/list_all_packages /tmp/list_white > /tmp/list_black +apt-mark auto `cat /tmp/list_black` +DEBIAN_FRONTEND=noninteractive apt-get -y --purge autoremove +rm /tmp/list_all_packages /tmp/list_white_unsorted /tmp/list_white /tmp/list_black diff --git a/archived/all_new_2018/setup_scripts/set_hostname_and_fqdn.sh b/archived/all_new_2018/setup_scripts/set_hostname_and_fqdn.sh new file mode 100755 index 0000000..3f95590 --- /dev/null +++ b/archived/all_new_2018/setup_scripts/set_hostname_and_fqdn.sh @@ -0,0 +1,45 @@ +#!/bin/sh +# Sets hostname and optionally FQDN. +# +# Calls hostname, writes to /etc/hostname and /etc/hosts. For /etc/hosts +# writing follows recommendations from Debian manual at +# +# (section "The hostname resolution") on how to map hostname and possibly +# FQDN to a permanent IP if present (we assume here any non-private IP +# and non-loopback IP returned by hostname -I to fulfill that criterion +# on our systems) or to 127.0.1.1 if not. On the reasoning for separating +# localhost and hostname mapping to different IPs, see +# . +set -e + +hostname="$1" +fqdn="$2" +if [ "${hostname}" = "" ]; then + echo "Need hostname as argument." + false +fi +echo "${hostname}" > /etc/hostname +hostname "${hostname}" + +final_ip="127.0.1.1" +for ip in $(hostname -I); do + range_1=$(echo "${ip}" | cut -d "." -f 1) + range_2=$(echo "${ip}" | cut -d "." -f 2) + if [ "${range_1}" -eq 127 ]; then + continue + elif [ "${range_1}" -eq 10 ]; then + continue + elif [ "${range_1}" -eq 172 ]; then + if [ "${range_2}" -ge 16 ] && [ "${range_2}" -le 31 ]; then + continue + fi + elif [ "${range_1}" -eq 192 ]; then + if [ "${range_2}" -eq 168 ]; then + continue + fi + fi + final_ip="${ip}" +done + +echo "127.0.0.1 localhost.localdomain localhost" > /etc/hosts +echo "${final_ip} ${fqdn} ${hostname}" >> /etc/hosts diff --git a/archived/all_new_2018/setup_scripts/setup_mail.sh b/archived/all_new_2018/setup_scripts/setup_mail.sh new file mode 100755 index 0000000..2080705 --- /dev/null +++ b/archived/all_new_2018/setup_scripts/setup_mail.sh @@ -0,0 +1,94 @@ +#/bin/sh +set -e + +# Check we have the necessary arguments. +if [ $# -lt 2 ]; then + echo "Give arguments of mail domain and DKIM selector." + echo "Also, if hosting mail for entire domain, give third argument 'domainwide'." + false +fi +mail_domain="$1" +dkim_selector="$2" +domainwide="$3" + +config_tree_prefix="${HOME}/config/all_new_2018" +setup_scripts_dir="${config_tree_prefix}/setup_scripts" +cd "${setup_scripts_dir}" + +# Set up DKIM key. Only keep opendkim-tools on system if pre-installed. +mkdir -p /etc/dkimkeys/ +set +e +dpkg -s opendkim-tools &> /dev/null +preinstalled="$?" +set -e +if [ ! "${preinstalled}" -eq "0" ]; then + apt install -y opendkim-tools +fi +opendkim-genkey -s "${dkim_selector}" +mv "${dkim_selector}.private" /etc/dkimkeys/ +if [ ! "${preinstalled}" -eq "0" ]; then + apt -y --purge autoremove opendkim-tools +fi + +# Link and adapt mail-server-specific /etc/ files. +./hardlink_etc.sh mail +sed -i "s/REPLACE_maildomain_ECALPER/${mail_domain}/g" /etc/mailutils.conf +sed -i "s/REPLACE_Domain_ECALPER/${mail_domain}/g" /etc/opendkim.conf +sed -i "s/REPLACE_Selector_ECALPER/${dkim_selector}/g" /etc/opendkim.conf +sed -i "s/REPLACE_myhostname_ECALPER/$(hostname -f)/g" /etc/postfix/main.cf +if [ "${domainwide}" = "domainwide" ]; then + sed -i 's/REPLACE_mydomain_if_domainwide_ECALPER/$mydomain/g' /etc/postfix/main.cf +else + sed -i 's/REPLACE_mydomain_if_domainwide_ECALPER//g' /etc/postfix/main.cf +fi +# Since we re-set the iptables rules, we need to reload them. +iptables-restore /etc/iptables/rules.v4 + +# Some useful debconf selections. +echo "postfix postfix/main_mailer_type string 'Internet Site'" | debconf-set-selections +echo "ssl_cert = /etc/dovecot/conf.d/99-ssl-certs.conf +echo "ssl_key = > /etc/dovecot/conf.d/99-ssl-certs.conf + +# The second line should not be necessary due to the first line, but for +# some reason the installation forgets to set up /etc/mailname early +# enough to not (when running newaliases) stumble over its absence. +echo "postfix postfix/mailname string ${mail_domain}" | debconf-set-selections +echo "${mail_domain}" > /etc/mailname + +# Everything should now be ready for installations. Note that we don't +# strictly need dovecot-lmtpd, as postfix will deliver mail to /var/mail/USER +# in any case, to be found by dovecot; we use it as a transport mechanism to +# allow for sophisticated stuff like dovecot-side sieve filtering (installed +# with dovecot-sieve). +apt install -y -o Dpkg::Options::=--force-confold postfix dovecot-imapd dovecot-lmtpd dovecot-sieve opendkim +cp "${config_tree_prefix}/user_files/dovecot.sieve" /home/plom/.dovecot.sieve +chown plom:plom /home/plom/.dovecot.sieve + +# Pingmail setup. +apt install -y mailutils +cp "${config_tree_prefix}/user_files/pingmailrc" /home/plom/.pingmailrc +chown plom:plom /home/plom/.pingmailrc +su plom -c "cd && git clone https://plomlompom.com/repos/clone/pingmail.git" + +# In addition to our postfix server receiving mails, we funnel mails from a +# POP3 account into dovecot via fetchmail. It might make sense to adapt the +# ~/.dovecot.sieve to move mails targeted to the fetched mail account to their +# own mbox. +apt -y install fetchmail +cp "${config_tree_prefix}/user_files/fetchmailrc" /home/plom/.fetchmailrc +chown plom:plom /home/plom/.fetchmailrc +chmod 0700 /home/plom/.fetchmailrc + +# Pingmail and fetchmail have some systemd timers waiting. To let systemd +# know about them, do this. +systemctl daemon-reload + +# Final advice to user. +echo "TODO: Ensure MX entry for your system in your DNS configuration." +echo "TODO: Ensure a proper SPF entry for this system in your DNS configuration; something like 'v=spf1 mx -all' mapped to your host." +echo "TODO: passwd plom for IMAPS login" +echo "TODO: adapt /home/plom/.fetchmailrc and then do: systemctl start fetchmail.timer" +echo "TODO: adapt /home/plom/.dovecot.sieve and /home/plom/.pingmailrc (sieve mail by pingmail target person into mbox defined in .pingmailrc), then run: systemctl start pingmail.timer" +echo "TODO: Add the follow DMARK entry as TXT to your DNS configugration: 'v=DMARC1; p=none; rua=mailto:plom+dmarc@plomlompom.com;' mapped to _dmarc" +echo "TODO: Add the following DKIM entry to your DNS configuration (possibly with slightly changed host entry – if your mail domain includes a subdomain, append that with a dot):" +cat "${dkim_selector}.txt" diff --git a/archived/all_new_2018/setup_scripts/setup_play.sh b/archived/all_new_2018/setup_scripts/setup_play.sh new file mode 100755 index 0000000..f37be49 --- /dev/null +++ b/archived/all_new_2018/setup_scripts/setup_play.sh @@ -0,0 +1,36 @@ +#!/bin/sh +set -e + +# Ensure we have a GPG target to encrypt to. +if [ $# -lt 1 ]; then + echo "Need public key ID as argument." + false +fi +gpg_key="$1" + +config_tree_prefix="${HOME}/config/all_new_2018" +setup_scripts_dir="${config_tree_prefix}/setup_scripts" +cd "${setup_scripts_dir}" + +# If anything strange happens, let root send mail to us. +./setup_sendonly.sh + +# Apart from weechat, vim and screen will also be useful for everyday activity. +apt -y install weechat screen vim + +# Link and copy over files. +./hardlink_etc.sh play +cp "${config_tree_prefix}/user_files/encrypter.sh" /home/plom/ +chown plom:plom /home/plom/encrypter.sh +cp "${config_tree_prefix}/user_files/weechat-wrapper.sh" /home/plom/ +chown plom:plom /home/plom/weechat-wrapper.sh +cp "${config_tree_prefix}/user_files/weechatrc" /home/plom/.weechatrc +chown plom:plom /home/plom/.weechatrc +apt -y install screen +echo "$gpg_key" > /home/plom/.encrypt_target +chown plom:plom /home/plom/.encrypt_target + +# Start encrypt_chatlogs job. +./add_encryption_key.sh "${gpg_key}" +systemctl daemon-reload +systemctl start encrypt_chatlogs.timer diff --git a/archived/all_new_2018/setup_scripts/setup_plomlombot.sh b/archived/all_new_2018/setup_scripts/setup_plomlombot.sh new file mode 100755 index 0000000..de22ef3 --- /dev/null +++ b/archived/all_new_2018/setup_scripts/setup_plomlombot.sh @@ -0,0 +1,29 @@ +#!/bin/sh +set -e + +# Ensure we have a GPG target to encrypt to. +if [ $# -lt 1 ]; then + echo "Need public key ID as argument." + false +fi +gpg_key="$1" + +config_tree_prefix="${HOME}/config/all_new_2018" +irclogs_dir=/var/www/html/irclogs +irclogs_pw_dir=/var/www/irclogs_pw + +./add_encryption_key.sh "${gpg_key}" +apt -y install screen python3-venv +cp "${config_tree_prefix}"/user_files/plomlombot_daemon.sh /home/plom/ +chown plom:plom /home/plom/plomlombot_daemon.sh +su plom -c "cd && git clone /var/public_repos/plomlombot-irc" +systemctl enable /etc/systemd/system/plomlombot.service +service plomlombot start +mkdir -p "${irclogs_dir}" +chown -R plom:plom "${irclogs_dir}" +mkdir -p "${irclogs_pw_dir}" +chown -R plom:plom "${irclogs_pw_dir}" +echo "Don't forget to add a file ~/.plomlombot with content such as:" +echo "gpg_key ${gpg_key}" +echo "bot: SCREEN_SESSION_NAME BOT_NAME #CHANNEL_NAME IRC_SERVER_NAME LOGS_USER LOGS_PW" +echo "# file should end in newline or non-interpreted line such as this" diff --git a/archived/all_new_2018/setup_scripts/setup_sendonly.sh b/archived/all_new_2018/setup_scripts/setup_sendonly.sh new file mode 100755 index 0000000..e761eeb --- /dev/null +++ b/archived/all_new_2018/setup_scripts/setup_sendonly.sh @@ -0,0 +1,14 @@ +#!/bin/sh +# This sets up the minimum of a mail server necessary to send out mails +# to the world. +set -e + +config_tree_prefix="${HOME}/config/all_new_2018" +setup_scripts_dir="${config_tree_prefix}/setup_scripts" +cd "${setup_scripts_dir}" + +./hardlink_etc.sh sendonly +echo "postfix postfix/main_mailer_type string 'Internet Site'" | debconf-set-selections +echo "postfix postfix/mailname string $(hostname -f)" | debconf-set-selections +echo "$(hostname -f)" > /etc/mailname +apt install -y postfix diff --git a/archived/all_new_2018/setup_scripts/setup_server.sh b/archived/all_new_2018/setup_scripts/setup_server.sh new file mode 100755 index 0000000..172d8d2 --- /dev/null +++ b/archived/all_new_2018/setup_scripts/setup_server.sh @@ -0,0 +1,52 @@ +#!/bin/sh +# Next setup steps for a server whose login policy has just been set from +# the outside via ./init_user_and_keybased_login.sh. +set -e + +# Provide maximum input for set_hostname_and_fqdn.sh. +if [ "$#" -ne 2 ]; then + echo 'Need exactly two arguments (hostname, FQDN).' + false +fi +hostname="$1" +fqdn="$2" + +config_tree_prefix="${HOME}/config/all_new_2018" +setup_scripts_dir="${config_tree_prefix}/setup_scripts" +cd "${setup_scripts_dir}" + +# Adapt /etc/ to our needs by hardlinking into ./linkable_etc_files. This +# will set basic configurations affecting following steps, such as setup +# of APT and the locale selection, so needs to be right at the beginning. +./hardlink_etc.sh all server + +# Set hostname and FQDN. +./set_hostname_and_fqdn.sh "${hostname}" "${fqdn}" + +# Some debconf selections we don't want to get asked during coming +# install actions. +echo 'iptables-persistent iptables-persistent/autosave_v4 boolean false' | debconf-set-selections +echo 'iptables-persistent iptables-persistent/autosave_v6 boolean false' | debconf-set-selections + +# Ensure package installation state as defined by what packages are +# defined as required by Debian policy and by settings in ./apt-mark/. +apt update +./install_for_target.sh all server +./purge_nonrequireds.sh all server + +# Ensure our desired locale is available. +locale-gen + +# Only upgrade after reducing the system to the desired minimum, so that +# we don't need to get more data than necessary. +apt -y dist-upgrade + +# Set Berlin localtime. +ln -sf /usr/share/zoneinfo/Europe/Berlin /etc/localtime + +# If we have not yet set the shell for user plom, ensure it here. This +# is mostly for convenience. +usermod -s /bin/bash plom + +# We want to be able to use ALL our servers as borg backup destinations. +apt -y install borgbackup diff --git a/archived/all_new_2018/setup_scripts/setup_web.sh b/archived/all_new_2018/setup_scripts/setup_web.sh new file mode 100755 index 0000000..400aa22 --- /dev/null +++ b/archived/all_new_2018/setup_scripts/setup_web.sh @@ -0,0 +1,19 @@ +#!/bin/sh +# Set up plomlompom.com web server. +set -e + +config_tree_prefix="${HOME}/config/all_new_2018" +setup_scripts_dir="${config_tree_prefix}/setup_scripts" +cd "${setup_scripts_dir}" + +./hardlink_etc.sh web +./setup_sendonly.sh +sed -i "s/REPLACE_fqdn_ECALPER/$(hostname -f)/g" /etc/nginx/nginx.conf +sed -i "s/REPLACE_fqdn_ECALPER/$(hostname -f)/g" /etc/gitweb.conf +cd /var/ +rm -rf www +git clone plom@core.plomlompom.com:repos/website www +apt -y -o Dpkg::Options::=--force-confold install nginx gitweb fcgiwrap +mkdir /var/public_repos +chown plom:plom /var/public_repos +iptables-restore /etc/iptables/rules.v4 diff --git a/archived/all_new_2018/user_files/dovecot.sieve b/archived/all_new_2018/user_files/dovecot.sieve new file mode 100644 index 0000000..5346309 --- /dev/null +++ b/archived/all_new_2018/user_files/dovecot.sieve @@ -0,0 +1,8 @@ +require ["fileinto"]; +require ["mailbox"]; +if address :is "from" "foo@bar.com" { + fileinto :create "foo"; +} +if address :is :domain "to" "example.com" { + fileinto :create "example.com"; +} diff --git a/archived/all_new_2018/user_files/encrypter.sh b/archived/all_new_2018/user_files/encrypter.sh new file mode 100755 index 0000000..e2ebd44 --- /dev/null +++ b/archived/all_new_2018/user_files/encrypter.sh @@ -0,0 +1,9 @@ +#!/bin/sh +# Encrypt dated weechatlog files older than one day to GPG target defined in +# ~/.encrypt_target +set -e + +gpg_key=$(cat ~/.encrypt_target) +cd ~/weechatlogs/irc/ +find . -regextype posix-egrep -regex '^.*/.*/.*\.[0-9]{4}-[0-9]{2}-[0-9]{2}\.weechatlog$' -type f -mtime +1 -exec gpg --recipient "${gpg_key}" --trust-model always --encrypt {} \; -exec rm {} \; + diff --git a/archived/all_new_2018/user_files/fetchmailrc b/archived/all_new_2018/user_files/fetchmailrc new file mode 100755 index 0000000..b437563 --- /dev/null +++ b/archived/all_new_2018/user_files/fetchmailrc @@ -0,0 +1,2 @@ +# remove "keep" if you're sure about your setup; it keeps mails on server from getting deleted +poll mail.example.com protocol pop3 username "foo@example.com" password "PASSWORD" ssl keep diff --git a/archived/all_new_2018/user_files/pingmailrc b/archived/all_new_2018/user_files/pingmailrc new file mode 100644 index 0000000..46bcbfe --- /dev/null +++ b/archived/all_new_2018/user_files/pingmailrc @@ -0,0 +1,45 @@ +# place for test files whose modification times are used to track lifesigns +testdir=$HOME'/.pingmail' + +# modification time is the last time a ping was sent or a lifetime received +ping_touch=$testdir'/ping_touch' + +# modification time is when the count for sending checker a warning mail starts +reminder_touch=$testdir'/reminder_touch' + +# how long to wait for lifesigns before sending a ping; double is time to wait +# for a lifesign before sending a warning message to checker +wait_time=86400 + +# address of the checker, receives warning message after too long wait +checker_address='bar@example.org' + +# address of the checked person, ping is sent here +checked_address='foo@example.org' + +# content of ping message sent to checked person +subj2checked='[pingmail] Ping!' +msg2checked='Hi!\n +\nThis is an automated mail ping from '$checker_address'. +\nRespond to show that you are still alive!' + +# content of warning message sent to checker +id_target='foo' +subj2checker='[pingmail] No recent life signs from '$id_target +reminder_time=`expr $wait_time \* 2` +msg2checker='pingmail reporting in:\n +\nNo life signs from '$id_target' for the last '$reminder_time' seconds. +\nMaybe you should give them a call to check if they are okay.' + +# mail client command reading message body from stdin and subject from parameter +mailclient_s='mail -s' + +# mailbox file to check for most recent life sign +mbox=$HOME'/mail/foo' + +# to recursively search for most recent matches to $matchstring as lifesigns +#maildir=$HOME'/mail' + +# pattern to search $maildir for recursively for lifesigns +#checked_address_escaped=`echo $checked_address | sed 's/\./\\./g'` +#matchstring='^From: .*('$checked_address_escaped'|alternate@example\.org)' diff --git a/archived/all_new_2018/user_files/plomlombot_daemon.sh b/archived/all_new_2018/user_files/plomlombot_daemon.sh new file mode 100755 index 0000000..5cf1f6a --- /dev/null +++ b/archived/all_new_2018/user_files/plomlombot_daemon.sh @@ -0,0 +1,55 @@ +#!/bin/sh +set -e + +# Repeatedly parse config file for GPG key and bot screen configs. +path=~/.plomlombot +db_dir="${HOME}/plomlombot_db" +irclogs_dir=/var/www/html/irclogs +irclogs_pw_dir=/var/www/irclogs_pw +while true; do + if [ -f "${path}" ]; then + cat "${path}" | while read line; do + first_word=$(echo -n "${line}" | cut -d' ' -f1) + + # Read "bot:" line, start bot screen session from it if not yet existing, + # set up irclogs dir if not yet existing. + if [ "${first_word}" = "bot:" ]; then + session_name=$(echo -n "${line}" | cut -d' ' -f2) + bot_name=$(echo -n "${line}" | cut -d' ' -f3) + channel_name=$(echo -n "${line}" | cut -d' ' -f4) + shortened_channel_name="${channel_name}" + first_char=$(echo -n "${channel_name}" | cut -c1) + if [ "${first_char}" = "#" ]; then + shortened_channel_name=$(echo -n "${channel_name}" | cut -c2-) + fi + server_name=$(echo -n "${line}" | cut -d' ' -f5) + login_user=$(echo -n "${line}" | cut -d' ' -f6) + login_pw=$(echo -n "${line}" | cut -d' ' -f7) + set +e + screen -S "${session_name}" -Q select . > /dev/null + start_screen=$? + set -e + if [ "${start_screen}" -eq "1" ]; then + cd ~/plomlombot-irc + LANG="en_US.UTF-8" screen -d -m -S "${session_name}" ./run.sh -r 604800 -n "${bot_name}" -s "${server_name}" "${channel_name}" + fi + md5_server=$(echo -n "${server_name}" | md5sum | cut -d' ' -f1) + md5_channel=$(echo -n "${channel_name}" | md5sum | cut -d' ' -f1) + logs_dir="${db_dir}/${md5_server}/${md5_channel}/logs" + # FIXME: Note the trouble we will have if we have the same channel + # name on different servers … + ln -sfn "${logs_dir}" "${irclogs_dir}/${shortened_channel_name}" + echo "${login_user}":'{PLAIN}'"${login_pw}" > "${irclogs_pw_dir}/${shortened_channel_name}" + + # If "gpg" line, encrypt old raw logs to that GPG key. + elif [ "${first_word}" = "gpg_key" ]; then + key=$(echo -n "${line}" | cut -d' ' -f2) + mkdir -p ~/plomlombot_db + cd ~/plomlombot_db + find . -path '*/*/raw_logs/*.txt' -mtime +1 -type f -exec gpg --recipient "${key}" --trust-model always --encrypt {} \; -exec rm {} \; + fi + + done + sleep 1 + fi +done diff --git a/archived/all_new_2018/user_files/weechat-wrapper.sh b/archived/all_new_2018/user_files/weechat-wrapper.sh new file mode 100755 index 0000000..4625dd8 --- /dev/null +++ b/archived/all_new_2018/user_files/weechat-wrapper.sh @@ -0,0 +1,8 @@ +#!/bin/sh + +# Enforce ~/.weechatrc as sole persistent weechat config file. +#~/config/bin/simplemail.sh ~/config/mails/weechat_restart_reminder +rm -rf ~/.weechat/ +WEECHATCONF=`tr '\n' ';' < ~/.weechatrc` +weechat -r "$WEECHATCONF" +rm -rf ~/.weechat/ diff --git a/archived/all_new_2018/user_files/weechatrc b/archived/all_new_2018/user_files/weechatrc new file mode 100644 index 0000000..ab30c17 --- /dev/null +++ b/archived/all_new_2018/user_files/weechatrc @@ -0,0 +1,7 @@ +/set logger.file.path ~/weechatlogs +/set logger.file.flush_delay 0 +/set logger.mask.irc "irc/$server/$channel.%Y-%m-%d.weechatlog" +/set weechat.bar.status.items "[time],[buffer_last_number],[buffer_plugin],buffer_number+:+buffer_name+(buffer_modes)+{buffer_nicklist_count}+buffer_zoom+buffer_filter,[lag],[hotlist],completion,scroll,[otr]" +/set weechat.color.chat_nick_colors "lightcyan" +/server add freenode irc.freenode.net -nicks=plimlompom,plimlomp0m,pliml0mp0m -realname="foo bar" -autojoin=#plomlompomtest +/connect freenode diff --git a/archived/ansible/config.yml b/archived/ansible/config.yml new file mode 100644 index 0000000..3386c91 --- /dev/null +++ b/archived/ansible/config.yml @@ -0,0 +1,117 @@ +--- +- hosts: all + user: root + become: yes + tasks: + + - name: ensure directories for symlinks exist + file: state=directory dest={{item}} + with_lines: cat ~/config/ansible/files/dirs | sed -e 's/ *#.*$//' + - name: symlink system files + file: state=hard force=yes src={{item}} dest={{item|basename|regex_replace('___','/')}} + with_fileglob: ~/config/ansible/files/system/* + - name: set hostname for current session + shell: hostname w530 + + # Init package management. + - name: update package lists + apt: update_cache=yes + - name: APT - dist-upgrade + apt: upgrade=dist + + # Ensure power management. + - name: ensure power management tools are installed + apt: name={{item}} state=present + with_lines: cat ~/config/ansible/files/apt-mark/power_management | sed -e 's/ *#.*$//' + - name: start TLP + shell: tlp start + + # Configure console. + # + # For some reason, some settings are only applied two reboots after this. + - name: symlink console config files + file: state=link force=yes src={{item}} dest={{item|basename|regex_replace('___','/')}} + with_fileglob: ~/config/ansible/files/console/* + - name: ensure locales and console-setup are installed + apt: name={{item}} state=present + with_lines: cat ~/config/ansible/files/apt-mark/console | sed -e 's/ *#.*$//' + - name: generate en_US.UTF-8 locale + locale_gen: name=en_US.UTF-8 state=present + - name: run setupcon to apply console settings from /etc/default/ + command: setupcon + + # Miscellaneous. + - name: Ensure dotfile symlinks + file: state=link force=yes src={{item}} dest=~/.{{item|basename}} + with_fileglob: + - ~/config/dotfiles/minimal/* + - ~/config/dotfiles/root/* + - name: ensure ~/.vimbackups directory + file: state=directory dest=~/.vimbackups + - name: ensure man-db, manpages are installed + apt: name={{item}} state=present + with_lines: cat ~/config/ansible/files/apt-mark/man | sed -e 's/ *#.*$//' + - name: set /etc/localtime + file: state=link force=yes src=/usr/share/zoneinfo/Europe/Berlin dest=/etc/localtime + - name: ensure various useful tools are installed – sudo, git, vim, less, openssh + apt: name={{item}} state=present + with_lines: cat ~/config/ansible/files/apt-mark/various_useful | sed -e 's/ *#.*$//' + - name: ensure boot messages are not cleared on start up + replace: dest=/etc/systemd/system/getty.target.wants/getty@tty1.service regexp='^TTYVTDisallocate=yes.*$' replace='TTYVTDisallocate=no' + + # Config user. + - name: create user plom with sudo privileges and bash shell + user: name=plom groups=sudo shell=/bin/bash + - name: have config repo in user directory + git: repo=https://github.com/plomlompom/config dest=/home/plom/config + become_user: plom + become_method: su + + # Ensure X window environment. + - name: ensure minimal X window environment + apt: name={{item}} state=present + with_lines: cat ~/config/ansible/files/apt-mark/minimal_x | sed -e 's/ *#.*$//' + - name: ensure 3d acceleration and optimus switch + apt: name={{item}} state=present + with_lines: cat ~/config/ansible/files/apt-mark/3d_acceleration | sed -e 's/ *#.*$//' + - name: ensure user plom is in bumblebee group + user: name=plom groups=bumblebee append=yes + - name: ensure basic X tools + apt: name={{item}} state=present + with_lines: cat ~/config/ansible/files/apt-mark/basic_x_tools | sed -e 's/ *#.*$//' + + # Set up pentadactyl. + - name: ensure browser environment + apt: name={{item}} state=present + with_lines: cat ~/config/ansible/files/apt-mark/browser_environment | sed -e 's/ *#.*$//' + + # Ensure wifi. + - name: ensure wifi configuration + apt: name={{item}} state=present + with_lines: cat ~/config/ansible/files/apt-mark/wifi | sed -e 's/ *#.*$//' + + # Ensure audio/video consumption necessities. + - name: ensure multimedia tools + apt: name={{item}} state=present + with_lines: cat ~/config/ansible/files/apt-mark/multimedia | sed -e 's/ *#.*$//' + + # Ensure hotkeys. + # + # For some reason, the brightness hotkeys still won't be available unless acpid is restarted (yes, after reboot). + - name: ensure hotkeys + apt: name={{item}} state=present + with_lines: cat ~/config/ansible/files/apt-mark/hotkeys | sed -e 's/ *#.*$//' + + # Remove undesired packages + - name: collect desired packages + shell: cat files/apt-mark/* | sed -e 's/ *#.*$//' > /tmp/white_list_unsorted && sort /tmp/white_list_unsorted > /tmp/white_list_sorted + - name: collect currently installed packages + shell: dpkg-query -Wf '${Package}\n' > /tmp/all_unsorted && sort /tmp/all_unsorted > /tmp/all_sorted + - name: create black list of packages to mark as automatically installed from the difference between the required packages and the packages currently installed + shell: comm -3 /tmp/all_sorted /tmp/white_list_sorted > /tmp/list_black + - name: mark all packages from black list as automatically installed + shell: apt-mark auto $(cat /tmp/list_black) + - name: mark all packages from white list as manually installed + shell: apt-mark manual $(cat /tmp/white_list_unsorted) + - name: purge all packages automatically installed that are not depended on + shell: DEBIAN_FRONTEND=noninteractive apt-get -y --purge autoremove diff --git a/archived/ansible/config_new.yml b/archived/ansible/config_new.yml new file mode 100644 index 0000000..f3bd3f5 --- /dev/null +++ b/archived/ansible/config_new.yml @@ -0,0 +1,147 @@ +--- +- hosts: all + user: root + become: yes + tasks: + + - name: ensure directories for symlinks exist + file: state=directory dest={{item}} + with_lines: cat ~/config/ansible/files/dirs_new | sed -e 's/ *#.*$//' + - name: symlink system files + file: state=hard force=yes src={{item}} dest={{item|basename|regex_replace('___','/')}} + with_fileglob: + - ~/config/ansible/files/system_new/minimal/* + - ~/config/ansible/files/system_new/{{ system_name }}/* + - name: set hostname for current session + shell: hostname {{ system_name }} + + # Init package management. + - name: add palemoon repo signing key + apt_key: + url: https://download.opensuse.org/repositories/home:stevenpusser/Debian_9.0/Release.key + state: present + - name: update package lists + apt: update_cache=yes + - name: APT - dist-upgrade + apt: upgrade=dist + + # Ensure packages needed for disk encryption on startup (how does this work?) + - name: ensure power management tools are installed + apt: name={{item}} state=present + with_lines: + - cat ~/config/ansible/files/apt-mark_new/minimal/disk_encryption | sed -e 's/ *#.*$//' + + # Ensure power management. + - name: ensure power management tools are installed + apt: name={{item}} state=present + with_lines: + - cat ~/config/ansible/files/apt-mark_new/minimal/power_management | sed -e 's/ *#.*$//' + - cat ~/config/ansible/files/apt-mark_new/X200s/power_management | sed -e 's/ *#.*$//' + - name: start TLP + shell: tlp start + + # Configure console. + # + # For some reason, some settings are only applied two reboots after this. + - name: symlink console config files + file: state=link force=yes src={{item}} dest={{item|basename|regex_replace('___','/')}} + with_fileglob: ~/config/ansible/files/console/* + - name: ensure locales and console-setup are installed + apt: name={{item}} state=present + with_lines: cat ~/config/ansible/files/apt-mark_new/minimal/console | sed -e 's/ *#.*$//' + - name: generate en_US.UTF-8 locale + locale_gen: name=en_US.UTF-8 state=present + - name: Touch keyboard config file so setupcon does not ignore it. + command: touch /etc/default/keyboard + - name: run setupcon to apply console settings from /etc/default/ + command: setupcon + + # Miscellaneous. + - name: Ensure dotfile symlinks + file: state=link force=yes src={{item}} dest=~/.{{item|basename}} + with_fileglob: + - ~/config/dotfiles/minimal/* + - ~/config/dotfiles/root/* + - name: ensure ~/.vimbackups directory + file: state=directory dest=~/.vimbackups + - name: ensure man-db, manpages are installed + apt: name={{item}} state=present + with_lines: cat ~/config/ansible/files/apt-mark_new/minimal/man | sed -e 's/ *#.*$//' + - name: set /etc/localtime + file: state=link force=yes src=/usr/share/zoneinfo/Europe/Berlin dest=/etc/localtime + - name: ensure various useful tools are installed – sudo, git, vim, less, openssh + apt: name={{item}} state=present + with_lines: cat ~/config/ansible/files/apt-mark_new/minimal/various_useful | sed -e 's/ *#.*$//' + - name: ensure boot messages are not cleared on start up + replace: dest=/etc/systemd/system/getty.target.wants/getty@tty1.service regexp='^TTYVTDisallocate=yes.*$' replace='TTYVTDisallocate=no' + + # Config user. + - name: create user plom with sudo privileges and bash shell + user: name=plom groups=sudo shell=/bin/bash + #- name: have config repo in user directory + # git: repo=https://github.com/plomlompom/config dest=/home/plom/config + # become_user: plom + # become_method: su + + # Ensure X window environment. + - name: ensure minimal X window environment + apt: name={{item}} state=present + with_lines: cat ~/config/ansible/files/apt-mark_new/minimal/minimal_x | sed -e 's/ *#.*$//' + - name: ensure 3d acceleration + apt: name={{item}} state=present + with_lines: cat ~/config/ansible/files/apt-mark_new/minimal/3d_acceleration | sed -e 's/ *#.*$//' + #- name: ensure optimus switch + # apt: name={{item}} state=present + # with_lines: cat ~/config/ansible/files/apt-mark_new/W530/3d_acceleration | sed -e 's/ *#.*$//' + #- name: ensure user plom is in bumblebee group + # user: name=plom groups=bumblebee append=yes + - name: ensure basic X tools + apt: name={{item}} state=present + with_lines: cat ~/config/ansible/files/apt-mark_new/minimal/basic_x_tools | sed -e 's/ *#.*$//' + + ## Set up browser environment. + #- name: ensure qutebrowser + # include: tasks/qutebrowser.yml + - name: ensure browser environment + apt: name={{item}} state=present + with_lines: cat ~/config/ansible/files/apt-mark_new/minimal/browser_environment | sed -e 's/ *#.*$//' + + # Ensure wifi. + - name: ensure wifi configuration + apt: name={{item}} state=present + with_lines: + - cat ~/config/ansible/files/apt-mark_new/minimal/wifi | sed -e 's/ *#.*$//' + - cat ~/config/ansible/files/apt-mark_new/X200s/wifi | sed -e 's/ *#.*$//' + #- name: ensure wicd + # apt: name={{item}} state=present + # with_lines: cat ~/config/ansible/files/apt-mark_new/W530/wicd | sed -e 's/ *#.*$//' + + # Ensure audio/video consumption necessities. + - name: ensure multimedia tools + apt: name={{item}} state=present + with_lines: cat ~/config/ansible/files/apt-mark_new/minimal/multimedia | sed -e 's/ *#.*$//' + #- name: ensure multimedia tools + # apt: name={{item}} state=present + # with_lines: cat ~/config/ansible/files/apt-mark_new/W530/multimedia | sed -e 's/ *#.*$//' + + # Ensure hotkeys. + # + # For some reason, the brightness hotkeys still won't be available unless acpid is restarted (yes, after reboot). + #- name: ensure hotkeys + # apt: name={{item}} state=present + # with_lines: cat ~/config/ansible/files/apt-mark/hotkeys | sed -e 's/ *#.*$//' + + # Remove undesired packages + - name: collect desired packages + shell: cat files/apt-mark_new/minimal/* files/apt-mark_new/{{ system_name }}/* | sed -e 's/ *#.*$//' > /tmp/white_list_unsorted && sort /tmp/white_list_unsorted > /tmp/white_list_sorted + - name: collect currently installed packages + shell: dpkg-query -Wf '${Package}\n' > /tmp/all_unsorted && sort /tmp/all_unsorted > /tmp/all_sorted + - name: create black list of packages to mark as automatically installed from the difference between the required packages and the packages currently installed + shell: comm -3 /tmp/all_sorted /tmp/white_list_sorted > /tmp/list_black + - name: mark all packages from black list as automatically installed + shell: apt-mark auto $(cat /tmp/list_black) + - name: mark all packages from white list as manually installed + shell: apt-mark manual $(cat /tmp/white_list_unsorted) + - name: purge all packages automatically installed that are not depended on + shell: DEBIAN_FRONTEND=noninteractive apt-get -y --purge autoremove + diff --git a/archived/ansible/files/apt-mark/3d_acceleration b/archived/ansible/files/apt-mark/3d_acceleration new file mode 100644 index 0000000..7d0ba5b --- /dev/null +++ b/archived/ansible/files/apt-mark/3d_acceleration @@ -0,0 +1,5 @@ +bumblebee-nvidia +libgl1-mesa-dri # tested as necessary for OpenGL 3D acceleration to work +libglu1-mesa # tested as necessary for OpenGL 3D acceleration to work +linux-headers-amd64 # tested as necessary to build proper nvidia-driver module +primus # bridge by which bumblebee will deliver Nvidia-renderend content to Intel card diff --git a/archived/ansible/files/apt-mark/basic_x_tools b/archived/ansible/files/apt-mark/basic_x_tools new file mode 100644 index 0000000..9c68622 --- /dev/null +++ b/archived/ansible/files/apt-mark/basic_x_tools @@ -0,0 +1,7 @@ +i3 +i3status +python3 # this is what the i3status wrapper is written in +redshift +suckless-tools # contains dmenu; not using virtual packages as that won't be marked manually installed +xterm +x11-xserver-utils # includes xrdb which applies .Xresources files diff --git a/archived/ansible/files/apt-mark/browser_environment b/archived/ansible/files/apt-mark/browser_environment new file mode 100644 index 0000000..cc9575c --- /dev/null +++ b/archived/ansible/files/apt-mark/browser_environment @@ -0,0 +1,4 @@ +iceweasel +vim-gtk # used by pentadactyl for text editing +xul-ext-noscript +xul-ext-pentadactyl diff --git a/archived/ansible/files/apt-mark/console b/archived/ansible/files/apt-mark/console new file mode 100644 index 0000000..01bcbf8 --- /dev/null +++ b/archived/ansible/files/apt-mark/console @@ -0,0 +1,2 @@ +console-setup +locales diff --git a/archived/ansible/files/apt-mark/core b/archived/ansible/files/apt-mark/core new file mode 100644 index 0000000..43afba8 --- /dev/null +++ b/archived/ansible/files/apt-mark/core @@ -0,0 +1,55 @@ +base-files +base-passwd +bash +bsdutils +coreutils +dash +debconf +debianutils +diffutils +dpkg +e2fslibs +e2fsprogs +findutils +gcc-6-base +grep +gzip +hostname +init-system-helpers +libacl1 +libattr1 +libblkid1 +libc6 +libc-bin +libcomerr2 +libfdisk1 +libgcc1 +liblzma5 +libmount1 +libpam0g +libpam-modules +libpam-modules-bin +libpam-runtime +libpcre3 +libselinux1 +libsepol1 +libsmartcols1 +libss2 +libtinfo5 +libuuid1 +login +lsb-base +mawk +mount +multiarch-support +ncurses-base +ncurses-bin +passwd +perl-base +sed +sensible-utils +sysvinit-utils +tar +tzdata +util-linux +zlib1g diff --git a/archived/ansible/files/apt-mark/hotkeys b/archived/ansible/files/apt-mark/hotkeys new file mode 100644 index 0000000..f11bdfa --- /dev/null +++ b/archived/ansible/files/apt-mark/hotkeys @@ -0,0 +1 @@ +acpid # captures hotkey presses and triggers respective /etc/acpi/events/* diff --git a/archived/ansible/files/apt-mark/man b/archived/ansible/files/apt-mark/man new file mode 100644 index 0000000..f688e67 --- /dev/null +++ b/archived/ansible/files/apt-mark/man @@ -0,0 +1,2 @@ +man-db +manpages diff --git a/archived/ansible/files/apt-mark/minimal_ansible_environment b/archived/ansible/files/apt-mark/minimal_ansible_environment new file mode 100644 index 0000000..f9f4097 --- /dev/null +++ b/archived/ansible/files/apt-mark/minimal_ansible_environment @@ -0,0 +1,3 @@ +ansible +ifupdown # needed for internet connectivity +isc-dhcp-client # needed for internet connectivity diff --git a/archived/ansible/files/apt-mark/minimal_x b/archived/ansible/files/apt-mark/minimal_x new file mode 100644 index 0000000..f785794 --- /dev/null +++ b/archived/ansible/files/apt-mark/minimal_x @@ -0,0 +1,4 @@ +libpam-systemd # needed to start X as non-root +xinit # contains startx +xserver-xorg-core +xserver-xorg-input-evdev # supports all input devices the kernel knows about diff --git a/archived/ansible/files/apt-mark/multimedia b/archived/ansible/files/apt-mark/multimedia new file mode 100644 index 0000000..0b6d9ef --- /dev/null +++ b/archived/ansible/files/apt-mark/multimedia @@ -0,0 +1,6 @@ +alsa-utils +eject +ffmpeg # somehow this is needed to make youtube-dl grab 1080p versions of videos +libdvd-pkg # decss stuff +mpv +youtube-dl # needed by mpv to directly work YouTube URLs diff --git a/archived/ansible/files/apt-mark/power_management b/archived/ansible/files/apt-mark/power_management new file mode 100644 index 0000000..3dba602 --- /dev/null +++ b/archived/ansible/files/apt-mark/power_management @@ -0,0 +1,2 @@ +acpi-call-dkms # needed for tlp to access Thinkpad-specific features +tlp diff --git a/archived/ansible/files/apt-mark/various_useful b/archived/ansible/files/apt-mark/various_useful new file mode 100644 index 0000000..e37a898 --- /dev/null +++ b/archived/ansible/files/apt-mark/various_useful @@ -0,0 +1,5 @@ +git +less +openssh-client +sudo +vim diff --git a/archived/ansible/files/apt-mark/wifi b/archived/ansible/files/apt-mark/wifi new file mode 100644 index 0000000..0d9d93c --- /dev/null +++ b/archived/ansible/files/apt-mark/wifi @@ -0,0 +1,4 @@ +firmware-iwlwifi # wifi driver +wicd-cli # thanks to my own wicd_wrapper.sh should be enough for most stuff +wicd-curses # although this currently is very buggy +wicd-gtk # workaround for when wicd-curses fails diff --git a/archived/ansible/files/apt-mark_new/W530/3d_acceleration b/archived/ansible/files/apt-mark_new/W530/3d_acceleration new file mode 100644 index 0000000..1b7e696 --- /dev/null +++ b/archived/ansible/files/apt-mark_new/W530/3d_acceleration @@ -0,0 +1,3 @@ +bumblebee-nvidia +linux-headers-amd64 # tested as necessary to build proper nvidia-driver module +primus # bridge by which bumblebee will deliver Nvidia-renderend content to Intel card diff --git a/archived/ansible/files/apt-mark_new/W530/browser_environment b/archived/ansible/files/apt-mark_new/W530/browser_environment new file mode 100644 index 0000000..cc9575c --- /dev/null +++ b/archived/ansible/files/apt-mark_new/W530/browser_environment @@ -0,0 +1,4 @@ +iceweasel +vim-gtk # used by pentadactyl for text editing +xul-ext-noscript +xul-ext-pentadactyl diff --git a/archived/ansible/files/apt-mark_new/W530/hotkeys b/archived/ansible/files/apt-mark_new/W530/hotkeys new file mode 100644 index 0000000..f11bdfa --- /dev/null +++ b/archived/ansible/files/apt-mark_new/W530/hotkeys @@ -0,0 +1 @@ +acpid # captures hotkey presses and triggers respective /etc/acpi/events/* diff --git a/archived/ansible/files/apt-mark_new/W530/multimedia b/archived/ansible/files/apt-mark_new/W530/multimedia new file mode 100644 index 0000000..219097d --- /dev/null +++ b/archived/ansible/files/apt-mark_new/W530/multimedia @@ -0,0 +1,3 @@ +eject +ffmpeg # somehow this is needed to make youtube-dl grab 1080p versions of videos +libdvd-pkg # decss stuff diff --git a/archived/ansible/files/apt-mark_new/W530/wicd b/archived/ansible/files/apt-mark_new/W530/wicd new file mode 100644 index 0000000..55d86fe --- /dev/null +++ b/archived/ansible/files/apt-mark_new/W530/wicd @@ -0,0 +1,3 @@ +wicd-cli # thanks to my own wicd_wrapper.sh should be enough for most stuff +wicd-curses # although this currently is very buggy +wicd-gtk # workaround for when wicd-curses fails diff --git a/archived/ansible/files/apt-mark_new/X200s/multimedia b/archived/ansible/files/apt-mark_new/X200s/multimedia new file mode 100644 index 0000000..dbcf4ee --- /dev/null +++ b/archived/ansible/files/apt-mark_new/X200s/multimedia @@ -0,0 +1,4 @@ +alsa-utils +ffmpeg # somehow this is needed to make youtube-dl grab 1080p versions of videos +mpv +youtube-dl # needed by mpv to directly work YouTube URLs diff --git a/archived/ansible/files/apt-mark_new/X200s/power_management b/archived/ansible/files/apt-mark_new/X200s/power_management new file mode 100644 index 0000000..f6954bf --- /dev/null +++ b/archived/ansible/files/apt-mark_new/X200s/power_management @@ -0,0 +1,2 @@ +tp-smapi-dkms +linux-headers-amd64 diff --git a/archived/ansible/files/apt-mark_new/X200s/wifi b/archived/ansible/files/apt-mark_new/X200s/wifi new file mode 100644 index 0000000..a0e499d --- /dev/null +++ b/archived/ansible/files/apt-mark_new/X200s/wifi @@ -0,0 +1 @@ +wpasupplicant diff --git a/archived/ansible/files/apt-mark_new/minimal/3d_acceleration b/archived/ansible/files/apt-mark_new/minimal/3d_acceleration new file mode 100644 index 0000000..aa318bd --- /dev/null +++ b/archived/ansible/files/apt-mark_new/minimal/3d_acceleration @@ -0,0 +1,2 @@ +libglu1-mesa # tested as necessary for OpenGL 3D acceleration to work +libgl1-mesa-dri # tested as necessary for OpenGL 3D acceleration to work diff --git a/archived/ansible/files/apt-mark_new/minimal/basic_x_tools b/archived/ansible/files/apt-mark_new/minimal/basic_x_tools new file mode 100644 index 0000000..9c68622 --- /dev/null +++ b/archived/ansible/files/apt-mark_new/minimal/basic_x_tools @@ -0,0 +1,7 @@ +i3 +i3status +python3 # this is what the i3status wrapper is written in +redshift +suckless-tools # contains dmenu; not using virtual packages as that won't be marked manually installed +xterm +x11-xserver-utils # includes xrdb which applies .Xresources files diff --git a/archived/ansible/files/apt-mark_new/minimal/browser_environment b/archived/ansible/files/apt-mark_new/minimal/browser_environment new file mode 100644 index 0000000..536ea49 --- /dev/null +++ b/archived/ansible/files/apt-mark_new/minimal/browser_environment @@ -0,0 +1 @@ +palemoon diff --git a/archived/ansible/files/apt-mark_new/minimal/console b/archived/ansible/files/apt-mark_new/minimal/console new file mode 100644 index 0000000..01bcbf8 --- /dev/null +++ b/archived/ansible/files/apt-mark_new/minimal/console @@ -0,0 +1,2 @@ +console-setup +locales diff --git a/archived/ansible/files/apt-mark_new/minimal/core b/archived/ansible/files/apt-mark_new/minimal/core new file mode 100644 index 0000000..43afba8 --- /dev/null +++ b/archived/ansible/files/apt-mark_new/minimal/core @@ -0,0 +1,55 @@ +base-files +base-passwd +bash +bsdutils +coreutils +dash +debconf +debianutils +diffutils +dpkg +e2fslibs +e2fsprogs +findutils +gcc-6-base +grep +gzip +hostname +init-system-helpers +libacl1 +libattr1 +libblkid1 +libc6 +libc-bin +libcomerr2 +libfdisk1 +libgcc1 +liblzma5 +libmount1 +libpam0g +libpam-modules +libpam-modules-bin +libpam-runtime +libpcre3 +libselinux1 +libsepol1 +libsmartcols1 +libss2 +libtinfo5 +libuuid1 +login +lsb-base +mawk +mount +multiarch-support +ncurses-base +ncurses-bin +passwd +perl-base +sed +sensible-utils +sysvinit-utils +tar +tzdata +util-linux +zlib1g diff --git a/archived/ansible/files/apt-mark_new/minimal/disk_encryption b/archived/ansible/files/apt-mark_new/minimal/disk_encryption new file mode 100644 index 0000000..67ecd10 --- /dev/null +++ b/archived/ansible/files/apt-mark_new/minimal/disk_encryption @@ -0,0 +1,2 @@ +cryptsetup +udev diff --git a/archived/ansible/files/apt-mark_new/minimal/man b/archived/ansible/files/apt-mark_new/minimal/man new file mode 100644 index 0000000..f688e67 --- /dev/null +++ b/archived/ansible/files/apt-mark_new/minimal/man @@ -0,0 +1,2 @@ +man-db +manpages diff --git a/archived/ansible/files/apt-mark_new/minimal/minimal_ansible_environment b/archived/ansible/files/apt-mark_new/minimal/minimal_ansible_environment new file mode 100644 index 0000000..f9f4097 --- /dev/null +++ b/archived/ansible/files/apt-mark_new/minimal/minimal_ansible_environment @@ -0,0 +1,3 @@ +ansible +ifupdown # needed for internet connectivity +isc-dhcp-client # needed for internet connectivity diff --git a/archived/ansible/files/apt-mark_new/minimal/minimal_x b/archived/ansible/files/apt-mark_new/minimal/minimal_x new file mode 100644 index 0000000..f785794 --- /dev/null +++ b/archived/ansible/files/apt-mark_new/minimal/minimal_x @@ -0,0 +1,4 @@ +libpam-systemd # needed to start X as non-root +xinit # contains startx +xserver-xorg-core +xserver-xorg-input-evdev # supports all input devices the kernel knows about diff --git a/archived/ansible/files/apt-mark_new/minimal/multimedia b/archived/ansible/files/apt-mark_new/minimal/multimedia new file mode 100644 index 0000000..0bcc060 --- /dev/null +++ b/archived/ansible/files/apt-mark_new/minimal/multimedia @@ -0,0 +1,3 @@ +alsa-utils +mpv +youtube-dl # needed by mpv to directly work YouTube URLs diff --git a/archived/ansible/files/apt-mark_new/minimal/power_management b/archived/ansible/files/apt-mark_new/minimal/power_management new file mode 100644 index 0000000..3dba602 --- /dev/null +++ b/archived/ansible/files/apt-mark_new/minimal/power_management @@ -0,0 +1,2 @@ +acpi-call-dkms # needed for tlp to access Thinkpad-specific features +tlp diff --git a/archived/ansible/files/apt-mark_new/minimal/various_useful b/archived/ansible/files/apt-mark_new/minimal/various_useful new file mode 100644 index 0000000..e37a898 --- /dev/null +++ b/archived/ansible/files/apt-mark_new/minimal/various_useful @@ -0,0 +1,5 @@ +git +less +openssh-client +sudo +vim diff --git a/archived/ansible/files/apt-mark_new/minimal/wifi b/archived/ansible/files/apt-mark_new/minimal/wifi new file mode 100644 index 0000000..4b8432d --- /dev/null +++ b/archived/ansible/files/apt-mark_new/minimal/wifi @@ -0,0 +1 @@ +firmware-iwlwifi # wifi driver diff --git a/archived/ansible/files/console/___etc___default___console-setup b/archived/ansible/files/console/___etc___default___console-setup new file mode 100644 index 0000000..090d241 --- /dev/null +++ b/archived/ansible/files/console/___etc___default___console-setup @@ -0,0 +1,4 @@ +CHARMAP="UTF-8" +CODESET="Lat15" +FONTFACE="Terminus" +FONTSIZE="6x12" diff --git a/archived/ansible/files/console/___etc___default___keyboard b/archived/ansible/files/console/___etc___default___keyboard new file mode 100644 index 0000000..7f08e30 --- /dev/null +++ b/archived/ansible/files/console/___etc___default___keyboard @@ -0,0 +1,4 @@ +# setting XKBMODEL to the questionable default seems to be necessary and works nicely +# curiously, putting a comment on the same line as a variable setting seems to break things +XKBMODEL="pc105" +XKBLAYOUT="de" diff --git a/archived/ansible/files/dirs b/archived/ansible/files/dirs new file mode 100644 index 0000000..269b746 --- /dev/null +++ b/archived/ansible/files/dirs @@ -0,0 +1,2 @@ +/etc/wicd +/etc/acpi/events diff --git a/archived/ansible/files/dirs_new b/archived/ansible/files/dirs_new new file mode 100644 index 0000000..0739bb8 --- /dev/null +++ b/archived/ansible/files/dirs_new @@ -0,0 +1 @@ +/etc/wicd diff --git a/archived/ansible/files/system/___etc___X11___xorg.conf.forced_nvidia b/archived/ansible/files/system/___etc___X11___xorg.conf.forced_nvidia new file mode 100644 index 0000000..605a10d --- /dev/null +++ b/archived/ansible/files/system/___etc___X11___xorg.conf.forced_nvidia @@ -0,0 +1,34 @@ +# This is the Optimus-specific configuration recommended by the "NVIDIA +# Accelerated Linux Graphics Drivre README and Installation Guide", Chapter 32 +# "Offloading Graphics Display with RandR 1.4" +# () +# with the "AllowEmptyInitialConfigratuion" added as described by +# . + +Section "ServerLayout" + Identifier "layout" + Screen 0 "nvidia" + Inactive "intel" +EndSection + +Section "Device" + Identifier "nvidia" + Driver "nvidia" + BusID "PCI:01:00:0" + Option "AllowEmptyInitialConfiguration" +EndSection + +Section "Screen" + Identifier "nvidia" + Device "nvidia" +EndSection + +Section "Device" + Identifier "intel" + Driver "modesetting" +EndSection + +Section "Screen" + Identifier "intel" + Device "intel" +EndSection diff --git a/archived/ansible/files/system/___etc___acpi___events___plom-brightness-down b/archived/ansible/files/system/___etc___acpi___events___plom-brightness-down new file mode 100644 index 0000000..8d718d2 --- /dev/null +++ b/archived/ansible/files/system/___etc___acpi___events___plom-brightness-down @@ -0,0 +1,2 @@ +event=video/brightnessdown +action=/root/config/bin/w530_backlight.sh - diff --git a/archived/ansible/files/system/___etc___acpi___events___plom-brightness-up b/archived/ansible/files/system/___etc___acpi___events___plom-brightness-up new file mode 100644 index 0000000..864ce5f --- /dev/null +++ b/archived/ansible/files/system/___etc___acpi___events___plom-brightness-up @@ -0,0 +1,2 @@ +event=video/brightnessup +action=/root/config/bin/w530_backlight.sh + diff --git a/archived/ansible/files/system/___etc___acpi___events___plom-micmute b/archived/ansible/files/system/___etc___acpi___events___plom-micmute new file mode 100644 index 0000000..2aab48e --- /dev/null +++ b/archived/ansible/files/system/___etc___acpi___events___plom-micmute @@ -0,0 +1,2 @@ +event=button/f20 +action=amixer set Mic toggle diff --git a/archived/ansible/files/system/___etc___acpi___events___plom-mute b/archived/ansible/files/system/___etc___acpi___events___plom-mute new file mode 100644 index 0000000..3c40988 --- /dev/null +++ b/archived/ansible/files/system/___etc___acpi___events___plom-mute @@ -0,0 +1,2 @@ +event=button/mute +action=amixer set Master toggle diff --git a/archived/ansible/files/system/___etc___acpi___events___plom-volume-down b/archived/ansible/files/system/___etc___acpi___events___plom-volume-down new file mode 100644 index 0000000..7658b1c --- /dev/null +++ b/archived/ansible/files/system/___etc___acpi___events___plom-volume-down @@ -0,0 +1,2 @@ +event=button/volumedown +action=amixer set Master 10- diff --git a/archived/ansible/files/system/___etc___acpi___events___plom-volume-up b/archived/ansible/files/system/___etc___acpi___events___plom-volume-up new file mode 100644 index 0000000..9ba779f --- /dev/null +++ b/archived/ansible/files/system/___etc___acpi___events___plom-volume-up @@ -0,0 +1,2 @@ +event=button/volumeup +action=amixer set Master 10+ diff --git a/archived/ansible/files/system/___etc___apt___apt.conf.d___99mindeps b/archived/ansible/files/system/___etc___apt___apt.conf.d___99mindeps new file mode 100644 index 0000000..4aaef79 --- /dev/null +++ b/archived/ansible/files/system/___etc___apt___apt.conf.d___99mindeps @@ -0,0 +1,4 @@ +APT::AutoRemove::RecommendsImportant "false"; +APT::AutoRemove::SuggestsImportant "false"; +APT::Install-Recommends "false"; +APT::Install-Suggests "false"; diff --git a/archived/ansible/files/system/___etc___apt___sources.list b/archived/ansible/files/system/___etc___apt___sources.list new file mode 100644 index 0000000..e64d6ee --- /dev/null +++ b/archived/ansible/files/system/___etc___apt___sources.list @@ -0,0 +1,4 @@ +deb http://ftp.debian.org/debian/ stretch main contrib non-free +deb http://ftp.debian.org/debian/ stretch-updates main contrib non-free +deb http://ftp.debian.org/debian stretch-backports main contrib non-free +deb http://security.debian.org/ stretch/updates main contrib non-free diff --git a/archived/ansible/files/system/___etc___default___tlp b/archived/ansible/files/system/___etc___default___tlp new file mode 100644 index 0000000..6db0f60 --- /dev/null +++ b/archived/ansible/files/system/___etc___default___tlp @@ -0,0 +1,278 @@ +# ------------------------------------------------------------------------------ +# tlp - Parameters for power save +# See full explanation: http://linrunner.de/en/tlp/docs/tlp-configuration.html + +# Hint: some features are disabled by default, remove the leading # to enable +# them. + +# Set to 0 to disable, 1 to enable TLP. +TLP_ENABLE=1 + +# Operation mode when no power supply can be detected: AC, BAT +# Concerns some desktop and embedded hardware only. +TLP_DEFAULT_MODE=AC + +# Seconds laptop mode has to wait after the disk goes idle before doing a sync. +# Non-zero value enables, zero disables laptop mode. +DISK_IDLE_SECS_ON_AC=0 +DISK_IDLE_SECS_ON_BAT=2 + +# Dirty page values (timeouts in secs). +MAX_LOST_WORK_SECS_ON_AC=15 +MAX_LOST_WORK_SECS_ON_BAT=60 + +# Hint: CPU parameters below are disabled by default, remove the leading # +# to enable them, otherwise kernel default values are used. + +# Select a CPU frequency scaling governor. +# Intel Core i processor with intel_pstate driver: +# powersave(*), performance +# Older hardware with acpi-cpufreq driver: +# ondemand(*), powersave, performance, conservative +# (*) is recommended. +# Hint: use tlp-stat -p to show the active driver and available governors. +# Important: +# You *must* disable your distribution's governor settings or conflicts will +# occur. ondemand is sufficient for *almost all* workloads, you should know +# what you're doing! +#CPU_SCALING_GOVERNOR_ON_AC=powersave +#CPU_SCALING_GOVERNOR_ON_BAT=powersave + +# Set the min/max frequency available for the scaling governor. +# Possible values strongly depend on your CPU. For available frequencies see +# the output of tlp-stat -p. +#CPU_SCALING_MIN_FREQ_ON_AC=0 +#CPU_SCALING_MAX_FREQ_ON_AC=0 +#CPU_SCALING_MIN_FREQ_ON_BAT=0 +#CPU_SCALING_MAX_FREQ_ON_BAT=0 + +# Set Intel P-state performance: 0..100 (%) +# Limit the max/min P-state to control the power dissipation of the CPU. +# Values are stated as a percentage of the available performance. +# Requires an Intel Core i processor with intel_pstate driver. +#CPU_MIN_PERF_ON_AC=0 +#CPU_MAX_PERF_ON_AC=100 +#CPU_MIN_PERF_ON_BAT=0 +#CPU_MAX_PERF_ON_BAT=30 + +# Set the CPU "turbo boost" feature: 0=disable, 1=allow +# Requires an Intel Core i processor. +# Important: +# - This may conflict with your distribution's governor settings +# - A value of 1 does *not* activate boosting, it just allows it +#CPU_BOOST_ON_AC=1 +#CPU_BOOST_ON_BAT=0 + +# Minimize number of used CPU cores/hyper-threads under light load conditions +SCHED_POWERSAVE_ON_AC=0 +SCHED_POWERSAVE_ON_BAT=1 + +# Kernel NMI Watchdog: +# 0=disable (default, saves power), 1=enable (for kernel debugging only) +NMI_WATCHDOG=0 + +# Change CPU voltages aka "undervolting" - Kernel with PHC patch required +# Frequency voltage pairs are written to: +# /sys/devices/system/cpu/cpu0/cpufreq/phc_controls +# CAUTION: only use this, if you thoroughly understand what you are doing! +#PHC_CONTROLS="F:V F:V F:V F:V" + +# Set CPU performance versus energy savings policy: +# performance, normal, powersave +# Requires kernel module msr and x86_energy_perf_policy from linux-tools +ENERGY_PERF_POLICY_ON_AC=performance +ENERGY_PERF_POLICY_ON_BAT=powersave + +# Hard disk devices; separate multiple devices with spaces (default: sda). +# Devices can be specified by disk ID also (lookup with: tlp diskid). +DISK_DEVICES="sda sdb" + +# Hard disk advanced power management level: 1..254, 255 (max saving, min, off) +# Levels 1..127 may spin down the disk; 255 allowable on most drives. +# Separate values for multiple disks with spaces. Use the special value 'keep' +# to keep the hardware default for the particular disk. +DISK_APM_LEVEL_ON_AC="254 254" +DISK_APM_LEVEL_ON_BAT="128 128" + +# Hard disk spin down timeout: +# 0: spin down disabled +# 1..240: timeouts from 5s to 20min (in units of 5s) +# 241..251: timeouts from 30min to 5.5 hours (in units of 30min) +# See 'man hdparm' for details. +# Separate values for multiple disks with spaces. Use the special value 'keep' +# to keep the hardware default for the particular disk. +#DISK_SPINDOWN_TIMEOUT_ON_AC="0 0" +#DISK_SPINDOWN_TIMEOUT_ON_BAT="0 0" + +# Select IO scheduler for the disk devices: cfq, deadline, noop (Default: cfq); +# Separate values for multiple disks with spaces. Use the special value 'keep' +# to keep the kernel default scheduler for the particular disk. +#DISK_IOSCHED="cfq cfq" + +# SATA aggressive link power management (ALPM): +# min_power, medium_power, max_performance +SATA_LINKPWR_ON_AC=max_performance +SATA_LINKPWR_ON_BAT=min_power + +# Exclude SATA host devices from link power management. +# Separate multiple hosts with spaces. +#SATA_LINKPWR_BLACKLIST="host1" + +# Runtime Power Management for AHCI controllers and disks: +# on=disable, auto=enable +# EXPERIMENTAL ** WARNING: auto will most likely cause system lockups/data loss +#AHCI_RUNTIME_PM_ON_AC=on +#AHCI_RUNTIME_PM_ON_BAT=on + +# Seconds of inactivity before disk is suspended +AHCI_RUNTIME_PM_TIMEOUT=15 + +# PCI Express Active State Power Management (PCIe ASPM): +# default, performance, powersave +PCIE_ASPM_ON_AC=performance +PCIE_ASPM_ON_BAT=powersave + +# Radeon graphics clock speed (profile method): low, mid, high, auto, default; +# auto = mid on BAT, high on AC; default = use hardware defaults. +# (Kernel >= 2.6.35 only, open-source radeon driver explicitly) +RADEON_POWER_PROFILE_ON_AC=high +RADEON_POWER_PROFILE_ON_BAT=low + +# Radeon dynamic power management method (DPM): battery, performance +# (Kernel >= 3.11 only, requires boot option radeon.dpm=1) +RADEON_DPM_STATE_ON_AC=performance +RADEON_DPM_STATE_ON_BAT=battery + +# Radeon DPM performance level: auto, low, high; auto is recommended. +RADEON_DPM_PERF_LEVEL_ON_AC=auto +RADEON_DPM_PERF_LEVEL_ON_BAT=auto + +# WiFi power saving mode: on=enable, off=disable; not supported by all adapters. +WIFI_PWR_ON_AC=off +WIFI_PWR_ON_BAT=on + +# Disable wake on LAN: Y/N +WOL_DISABLE=Y + +# Enable audio power saving for Intel HDA, AC97 devices (timeout in secs). +# A value of 0 disables, >=1 enables power save. +SOUND_POWER_SAVE_ON_AC=0 +SOUND_POWER_SAVE_ON_BAT=1 + +# Disable controller too (HDA only): Y/N +SOUND_POWER_SAVE_CONTROLLER=Y + +# Set to 1 to power off optical drive in UltraBay/MediaBay when running on +# battery. A value of 0 disables this feature (Default). +# Drive can be powered on again by releasing (and reinserting) the eject lever +# or by pressing the disc eject button on newer models. +# Note: an UltraBay/MediaBay hard disk is never powered off. +BAY_POWEROFF_ON_BAT=0 +# Optical drive device to power off (default sr0). +BAY_DEVICE="sr0" + +# Runtime Power Management for PCI(e) bus devices: on=disable, auto=enable +RUNTIME_PM_ON_AC=on +RUNTIME_PM_ON_BAT=auto + +# Runtime PM for *all* PCI(e) bus devices, except blacklisted ones: +# 0=disable, 1=enable +RUNTIME_PM_ALL=1 + +# Exclude PCI(e) device adresses the following list from Runtime PM +# (separate with spaces). Use lspci to get the adresses (1st column). +#RUNTIME_PM_BLACKLIST="bb:dd.f 11:22.3 44:55.6" + +# Exclude PCI(e) devices assigned to the listed drivers from Runtime PM +# (should prevent accidential power on of hybrid graphics' discrete part). +# Default is "radeon nouveau"; use "" to disable the feature completely. +# Separate multiple drivers with spaces. +RUNTIME_PM_DRIVER_BLACKLIST="radeon nouveau" + +# Set to 0 to disable, 1 to enable USB autosuspend feature. +USB_AUTOSUSPEND=1 + +# Exclude listed devices from USB autosuspend (separate with spaces). +# Use lsusb to get the ids. +# Note: input devices (usbhid) are excluded automatically (see below) +#USB_BLACKLIST="1111:2222 3333:4444" + +# WWAN devices are excluded from USB autosuspend: 0=do not exclude / 1=exclude +USB_BLACKLIST_WWAN=1 + +# Include listed devices into USB autosuspend even if already excluded +# by the driver or WWAN blacklists above (separate with spaces). +# Use lsusb to get the ids. +#USB_WHITELIST="1111:2222 3333:4444" + +# Set to 1 to disable autosuspend before shutdown, 0 to do nothing +# (workaround for USB devices that cause shutdown problems). +#USB_AUTOSUSPEND_DISABLE_ON_SHUTDOWN=1 + +# Restore radio device state (Bluetooth, WiFi, WWAN) from previous shutdown +# on system startup: 0=disable, 1=enable. +# Hint: the parameters DEVICES_TO_DISABLE/ENABLE_ON_STARTUP/SHUTDOWN below +# are ignored when this is enabled! +RESTORE_DEVICE_STATE_ON_STARTUP=0 + +# Radio devices to disable on startup: bluetooth, wifi, wwan. +# Separate multiple devices with spaces. +DEVICES_TO_DISABLE_ON_STARTUP="bluetooth wifi wwan" + +# Radio devices to enable on startup: bluetooth, wifi, wwan. +# Separate multiple devices with spaces. +#DEVICES_TO_ENABLE_ON_STARTUP="wifi" + +# Radio devices to disable on shutdown: bluetooth, wifi, wwan +# (workaround for devices that are blocking shutdown). +#DEVICES_TO_DISABLE_ON_SHUTDOWN="bluetooth wifi wwan" + +# Radio devices to enable on shutdown: bluetooth, wifi, wwan +# (to prevent other operating systems from missing radios). +#DEVICES_TO_ENABLE_ON_SHUTDOWN="wwan" + +# Radio devices to enable on AC: bluetooth, wifi, wwan +#DEVICES_TO_ENABLE_ON_AC="bluetooth wifi wwan" + +# Radio devices to disable on battery: bluetooth, wifi, wwan +#DEVICES_TO_DISABLE_ON_BAT="bluetooth wifi wwan" + +# Radio devices to disable on battery when not in use (not connected): +# bluetooth, wifi, wwan +DEVICES_TO_DISABLE_ON_BAT_NOT_IN_USE="bluetooth wifi wwan" + +# Battery charge thresholds (ThinkPad only, tp-smapi or acpi-call kernel module +# required). Charging starts when the remaining capacity falls below the +# START_CHARGE_THRESH value and stops when exceeding the STOP_CHARGE_THRESH value. +# Main / Internal battery (values in %) +START_CHARGE_THRESH_BAT0=10 +STOP_CHARGE_THRESH_BAT0=95 +# Ultrabay / Slice / Replaceable battery (values in %) +START_CHARGE_THRESH_BAT1=10 +STOP_CHARGE_THRESH_BAT1=95 + +# ------------------------------------------------------------------------------ +# tlp-rdw - Parameters for the radio device wizard +# Possible devices: bluetooth, wifi, wwan + +# Hints: +# - Parameters are disabled by default, remove the leading # to enable them. +# - Separate multiple radio devices with spaces. + +# Radio devices to disable on connect. +#DEVICES_TO_DISABLE_ON_LAN_CONNECT="wifi wwan" +#DEVICES_TO_DISABLE_ON_WIFI_CONNECT="wwan" +#DEVICES_TO_DISABLE_ON_WWAN_CONNECT="wifi" + +# Radio devices to enable on disconnect. +#DEVICES_TO_ENABLE_ON_LAN_DISCONNECT="wifi wwan" +#DEVICES_TO_ENABLE_ON_WIFI_DISCONNECT="" +#DEVICES_TO_ENABLE_ON_WWAN_DISCONNECT="" + +# Radio devices to enable/disable when docked. +#DEVICES_TO_ENABLE_ON_DOCK="" +#DEVICES_TO_DISABLE_ON_DOCK="" + +# Radio devices to enable/disable when undocked. +#DEVICES_TO_ENABLE_ON_UNDOCK="wifi" +#DEVICES_TO_DISABLE_ON_UNDOCK="" diff --git a/archived/ansible/files/system/___etc___hostname b/archived/ansible/files/system/___etc___hostname new file mode 100644 index 0000000..8769fca --- /dev/null +++ b/archived/ansible/files/system/___etc___hostname @@ -0,0 +1 @@ +w530 diff --git a/archived/ansible/files/system/___etc___hosts b/archived/ansible/files/system/___etc___hosts new file mode 100644 index 0000000..d920e4f --- /dev/null +++ b/archived/ansible/files/system/___etc___hosts @@ -0,0 +1,7 @@ +127.0.0.1 localhost +127.0.1.1 w530 + +# The following lines are desirable for IPv6 capable hosts +::1 localhost ip6-localhost ip6-loopback +ff02::1 ip6-allnodes +ff02::2 ip6-allrouters diff --git a/archived/ansible/files/system/___etc___profile b/archived/ansible/files/system/___etc___profile new file mode 100644 index 0000000..5884d7b --- /dev/null +++ b/archived/ansible/files/system/___etc___profile @@ -0,0 +1,35 @@ +# /etc/profile: system-wide .profile file for the Bourne shell (sh(1)) +# and Bourne compatible shells (bash(1), ksh(1), ash(1), ...). + +if [ "`id -u`" -eq 0 ]; then + PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" +else + PATH="/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games" +fi +export PATH + +if [ "${PS1-}" ]; then + if [ "${BASH-}" ] && [ "$BASH" != "/bin/sh" ]; then + # The file bash.bashrc already sets the default PS1. + # PS1='\h:\w\$ ' + if [ -f /etc/bash.bashrc ]; then + . /etc/bash.bashrc + fi + else + if [ "`id -u`" -eq 0 ]; then + PS1='# ' + else + PS1='$ ' + fi + fi +fi + +if [ -d /etc/profile.d ]; then + for i in /etc/profile.d/*.sh; do + if [ -r $i ]; then + . $i + fi + done + unset i +fi +export LC_ALL="en_US.UTF-8" diff --git a/archived/ansible/files/system/___etc___systemd___logind.conf b/archived/ansible/files/system/___etc___systemd___logind.conf new file mode 100644 index 0000000..7a9004a --- /dev/null +++ b/archived/ansible/files/system/___etc___systemd___logind.conf @@ -0,0 +1,38 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. +# +# Entries in this file show the compile time defaults. +# You can change settings by editing this file. +# Defaults can be restored by simply deleting this file. +# +# See logind.conf(5) for details. + +[Login] +#NAutoVTs=6 +#ReserveVT=6 +#KillUserProcesses=no +#KillOnlyUsers= +#KillExcludeUsers=root +#InhibitDelayMaxSec=5 +#HandlePowerKey=poweroff +#HandleSuspendKey=suspend +#HandleHibernateKey=hibernate +#HandleLidSwitch=suspend +#HandleLidSwitchDocked=ignore +#PowerKeyIgnoreInhibited=no +#SuspendKeyIgnoreInhibited=no +#HibernateKeyIgnoreInhibited=no +#LidSwitchIgnoreInhibited=yes +#HoldoffTimeoutSec=30s +#IdleAction=ignore +#IdleActionSec=30min +#RuntimeDirectorySize=10% +#RemoveIPC=yes +#InhibitorsMax=8192 +#SessionsMax=8192 +#UserTasksMax=33% +HandleLidSwitch=hibernate diff --git a/archived/ansible/files/system/___etc___timezone b/archived/ansible/files/system/___etc___timezone new file mode 100644 index 0000000..94d5acc --- /dev/null +++ b/archived/ansible/files/system/___etc___timezone @@ -0,0 +1 @@ +Europe/Berlin diff --git a/archived/ansible/files/system/___etc___wicd___manager-settings.conf b/archived/ansible/files/system/___etc___wicd___manager-settings.conf new file mode 100644 index 0000000..d2ef3ee --- /dev/null +++ b/archived/ansible/files/system/___etc___wicd___manager-settings.conf @@ -0,0 +1,24 @@ +[Settings] +backend = external +wireless_interface = wlp3s0 +wired_interface = enp0s25 +wpa_driver = wext +always_show_wired_interface = False +use_global_dns = False +global_dns_1 = None +global_dns_2 = None +global_dns_3 = None +global_dns_dom = None +global_search_dom = None +auto_reconnect = True +debug_mode = False +wired_connect_mode = 1 +signal_display_type = 0 +should_verify_ap = 1 +dhcp_client = 0 +link_detect_tool = 0 +flush_tool = 0 +sudo_app = 0 +prefer_wired = False +show_never_connect = True + diff --git a/archived/ansible/files/system_new/W530/___etc___X11___xorg.conf.forced_nvidia b/archived/ansible/files/system_new/W530/___etc___X11___xorg.conf.forced_nvidia new file mode 100644 index 0000000..e651031 --- /dev/null +++ b/archived/ansible/files/system_new/W530/___etc___X11___xorg.conf.forced_nvidia @@ -0,0 +1,34 @@ +# This is the Optimus-specific configuration recommended by the "NVIDIA +# Accelerated Linux Graphics Driver README and Installation Guide", Chapter 32 +# "Offloading Graphics Display with RandR 1.4" +# () +# with the "AllowEmptyInitialConfigratuion" added as described by +# . + +Section "ServerLayout" + Identifier "layout" + Screen 0 "nvidia" + Inactive "intel" +EndSection + +Section "Device" + Identifier "nvidia" + Driver "nvidia" + BusID "PCI:01:00:0" + Option "AllowEmptyInitialConfiguration" +EndSection + +Section "Screen" + Identifier "nvidia" + Device "nvidia" +EndSection + +Section "Device" + Identifier "intel" + Driver "modesetting" +EndSection + +Section "Screen" + Identifier "intel" + Device "intel" +EndSection diff --git a/archived/ansible/files/system_new/W530/___etc___hostname b/archived/ansible/files/system_new/W530/___etc___hostname new file mode 100644 index 0000000..4d385ae --- /dev/null +++ b/archived/ansible/files/system_new/W530/___etc___hostname @@ -0,0 +1 @@ +W530 diff --git a/archived/ansible/files/system_new/W530/___etc___hosts b/archived/ansible/files/system_new/W530/___etc___hosts new file mode 100644 index 0000000..c6f72a5 --- /dev/null +++ b/archived/ansible/files/system_new/W530/___etc___hosts @@ -0,0 +1,7 @@ +127.0.0.1 localhost +127.0.1.1 W530 + +# The following lines are desirable for IPv6 capable hosts +::1 localhost ip6-localhost ip6-loopback +ff02::1 ip6-allnodes +ff02::2 ip6-allrouters diff --git a/archived/ansible/files/system_new/W530/___etc___wicd___manager-settings.conf b/archived/ansible/files/system_new/W530/___etc___wicd___manager-settings.conf new file mode 100644 index 0000000..d2ef3ee --- /dev/null +++ b/archived/ansible/files/system_new/W530/___etc___wicd___manager-settings.conf @@ -0,0 +1,24 @@ +[Settings] +backend = external +wireless_interface = wlp3s0 +wired_interface = enp0s25 +wpa_driver = wext +always_show_wired_interface = False +use_global_dns = False +global_dns_1 = None +global_dns_2 = None +global_dns_3 = None +global_dns_dom = None +global_search_dom = None +auto_reconnect = True +debug_mode = False +wired_connect_mode = 1 +signal_display_type = 0 +should_verify_ap = 1 +dhcp_client = 0 +link_detect_tool = 0 +flush_tool = 0 +sudo_app = 0 +prefer_wired = False +show_never_connect = True + diff --git a/archived/ansible/files/system_new/X200s/___etc___hostname b/archived/ansible/files/system_new/X200s/___etc___hostname new file mode 100644 index 0000000..d241415 --- /dev/null +++ b/archived/ansible/files/system_new/X200s/___etc___hostname @@ -0,0 +1 @@ +X200s diff --git a/archived/ansible/files/system_new/X200s/___etc___hosts b/archived/ansible/files/system_new/X200s/___etc___hosts new file mode 100644 index 0000000..b275ecb --- /dev/null +++ b/archived/ansible/files/system_new/X200s/___etc___hosts @@ -0,0 +1,7 @@ +127.0.0.1 localhost +127.0.1.1 X200s + +# The following lines are desirable for IPv6 capable hosts +::1 localhost ip6-localhost ip6-loopback +ff02::1 ip6-allnodes +ff02::2 ip6-allrouters diff --git a/archived/ansible/files/system_new/minimal/___etc___apt___apt.conf.d___99mindeps b/archived/ansible/files/system_new/minimal/___etc___apt___apt.conf.d___99mindeps new file mode 100644 index 0000000..4aaef79 --- /dev/null +++ b/archived/ansible/files/system_new/minimal/___etc___apt___apt.conf.d___99mindeps @@ -0,0 +1,4 @@ +APT::AutoRemove::RecommendsImportant "false"; +APT::AutoRemove::SuggestsImportant "false"; +APT::Install-Recommends "false"; +APT::Install-Suggests "false"; diff --git a/archived/ansible/files/system_new/minimal/___etc___apt___sources.list b/archived/ansible/files/system_new/minimal/___etc___apt___sources.list new file mode 100644 index 0000000..e64d6ee --- /dev/null +++ b/archived/ansible/files/system_new/minimal/___etc___apt___sources.list @@ -0,0 +1,4 @@ +deb http://ftp.debian.org/debian/ stretch main contrib non-free +deb http://ftp.debian.org/debian/ stretch-updates main contrib non-free +deb http://ftp.debian.org/debian stretch-backports main contrib non-free +deb http://security.debian.org/ stretch/updates main contrib non-free diff --git a/archived/ansible/files/system_new/minimal/___etc___apt___sources.list.d___palemoon.list b/archived/ansible/files/system_new/minimal/___etc___apt___sources.list.d___palemoon.list new file mode 100644 index 0000000..f90488e --- /dev/null +++ b/archived/ansible/files/system_new/minimal/___etc___apt___sources.list.d___palemoon.list @@ -0,0 +1 @@ +deb http://download.opensuse.org/repositories/home:/stevenpusser/Debian_9.0/ / diff --git a/archived/ansible/files/system_new/minimal/___etc___default___tlp b/archived/ansible/files/system_new/minimal/___etc___default___tlp new file mode 100644 index 0000000..6db0f60 --- /dev/null +++ b/archived/ansible/files/system_new/minimal/___etc___default___tlp @@ -0,0 +1,278 @@ +# ------------------------------------------------------------------------------ +# tlp - Parameters for power save +# See full explanation: http://linrunner.de/en/tlp/docs/tlp-configuration.html + +# Hint: some features are disabled by default, remove the leading # to enable +# them. + +# Set to 0 to disable, 1 to enable TLP. +TLP_ENABLE=1 + +# Operation mode when no power supply can be detected: AC, BAT +# Concerns some desktop and embedded hardware only. +TLP_DEFAULT_MODE=AC + +# Seconds laptop mode has to wait after the disk goes idle before doing a sync. +# Non-zero value enables, zero disables laptop mode. +DISK_IDLE_SECS_ON_AC=0 +DISK_IDLE_SECS_ON_BAT=2 + +# Dirty page values (timeouts in secs). +MAX_LOST_WORK_SECS_ON_AC=15 +MAX_LOST_WORK_SECS_ON_BAT=60 + +# Hint: CPU parameters below are disabled by default, remove the leading # +# to enable them, otherwise kernel default values are used. + +# Select a CPU frequency scaling governor. +# Intel Core i processor with intel_pstate driver: +# powersave(*), performance +# Older hardware with acpi-cpufreq driver: +# ondemand(*), powersave, performance, conservative +# (*) is recommended. +# Hint: use tlp-stat -p to show the active driver and available governors. +# Important: +# You *must* disable your distribution's governor settings or conflicts will +# occur. ondemand is sufficient for *almost all* workloads, you should know +# what you're doing! +#CPU_SCALING_GOVERNOR_ON_AC=powersave +#CPU_SCALING_GOVERNOR_ON_BAT=powersave + +# Set the min/max frequency available for the scaling governor. +# Possible values strongly depend on your CPU. For available frequencies see +# the output of tlp-stat -p. +#CPU_SCALING_MIN_FREQ_ON_AC=0 +#CPU_SCALING_MAX_FREQ_ON_AC=0 +#CPU_SCALING_MIN_FREQ_ON_BAT=0 +#CPU_SCALING_MAX_FREQ_ON_BAT=0 + +# Set Intel P-state performance: 0..100 (%) +# Limit the max/min P-state to control the power dissipation of the CPU. +# Values are stated as a percentage of the available performance. +# Requires an Intel Core i processor with intel_pstate driver. +#CPU_MIN_PERF_ON_AC=0 +#CPU_MAX_PERF_ON_AC=100 +#CPU_MIN_PERF_ON_BAT=0 +#CPU_MAX_PERF_ON_BAT=30 + +# Set the CPU "turbo boost" feature: 0=disable, 1=allow +# Requires an Intel Core i processor. +# Important: +# - This may conflict with your distribution's governor settings +# - A value of 1 does *not* activate boosting, it just allows it +#CPU_BOOST_ON_AC=1 +#CPU_BOOST_ON_BAT=0 + +# Minimize number of used CPU cores/hyper-threads under light load conditions +SCHED_POWERSAVE_ON_AC=0 +SCHED_POWERSAVE_ON_BAT=1 + +# Kernel NMI Watchdog: +# 0=disable (default, saves power), 1=enable (for kernel debugging only) +NMI_WATCHDOG=0 + +# Change CPU voltages aka "undervolting" - Kernel with PHC patch required +# Frequency voltage pairs are written to: +# /sys/devices/system/cpu/cpu0/cpufreq/phc_controls +# CAUTION: only use this, if you thoroughly understand what you are doing! +#PHC_CONTROLS="F:V F:V F:V F:V" + +# Set CPU performance versus energy savings policy: +# performance, normal, powersave +# Requires kernel module msr and x86_energy_perf_policy from linux-tools +ENERGY_PERF_POLICY_ON_AC=performance +ENERGY_PERF_POLICY_ON_BAT=powersave + +# Hard disk devices; separate multiple devices with spaces (default: sda). +# Devices can be specified by disk ID also (lookup with: tlp diskid). +DISK_DEVICES="sda sdb" + +# Hard disk advanced power management level: 1..254, 255 (max saving, min, off) +# Levels 1..127 may spin down the disk; 255 allowable on most drives. +# Separate values for multiple disks with spaces. Use the special value 'keep' +# to keep the hardware default for the particular disk. +DISK_APM_LEVEL_ON_AC="254 254" +DISK_APM_LEVEL_ON_BAT="128 128" + +# Hard disk spin down timeout: +# 0: spin down disabled +# 1..240: timeouts from 5s to 20min (in units of 5s) +# 241..251: timeouts from 30min to 5.5 hours (in units of 30min) +# See 'man hdparm' for details. +# Separate values for multiple disks with spaces. Use the special value 'keep' +# to keep the hardware default for the particular disk. +#DISK_SPINDOWN_TIMEOUT_ON_AC="0 0" +#DISK_SPINDOWN_TIMEOUT_ON_BAT="0 0" + +# Select IO scheduler for the disk devices: cfq, deadline, noop (Default: cfq); +# Separate values for multiple disks with spaces. Use the special value 'keep' +# to keep the kernel default scheduler for the particular disk. +#DISK_IOSCHED="cfq cfq" + +# SATA aggressive link power management (ALPM): +# min_power, medium_power, max_performance +SATA_LINKPWR_ON_AC=max_performance +SATA_LINKPWR_ON_BAT=min_power + +# Exclude SATA host devices from link power management. +# Separate multiple hosts with spaces. +#SATA_LINKPWR_BLACKLIST="host1" + +# Runtime Power Management for AHCI controllers and disks: +# on=disable, auto=enable +# EXPERIMENTAL ** WARNING: auto will most likely cause system lockups/data loss +#AHCI_RUNTIME_PM_ON_AC=on +#AHCI_RUNTIME_PM_ON_BAT=on + +# Seconds of inactivity before disk is suspended +AHCI_RUNTIME_PM_TIMEOUT=15 + +# PCI Express Active State Power Management (PCIe ASPM): +# default, performance, powersave +PCIE_ASPM_ON_AC=performance +PCIE_ASPM_ON_BAT=powersave + +# Radeon graphics clock speed (profile method): low, mid, high, auto, default; +# auto = mid on BAT, high on AC; default = use hardware defaults. +# (Kernel >= 2.6.35 only, open-source radeon driver explicitly) +RADEON_POWER_PROFILE_ON_AC=high +RADEON_POWER_PROFILE_ON_BAT=low + +# Radeon dynamic power management method (DPM): battery, performance +# (Kernel >= 3.11 only, requires boot option radeon.dpm=1) +RADEON_DPM_STATE_ON_AC=performance +RADEON_DPM_STATE_ON_BAT=battery + +# Radeon DPM performance level: auto, low, high; auto is recommended. +RADEON_DPM_PERF_LEVEL_ON_AC=auto +RADEON_DPM_PERF_LEVEL_ON_BAT=auto + +# WiFi power saving mode: on=enable, off=disable; not supported by all adapters. +WIFI_PWR_ON_AC=off +WIFI_PWR_ON_BAT=on + +# Disable wake on LAN: Y/N +WOL_DISABLE=Y + +# Enable audio power saving for Intel HDA, AC97 devices (timeout in secs). +# A value of 0 disables, >=1 enables power save. +SOUND_POWER_SAVE_ON_AC=0 +SOUND_POWER_SAVE_ON_BAT=1 + +# Disable controller too (HDA only): Y/N +SOUND_POWER_SAVE_CONTROLLER=Y + +# Set to 1 to power off optical drive in UltraBay/MediaBay when running on +# battery. A value of 0 disables this feature (Default). +# Drive can be powered on again by releasing (and reinserting) the eject lever +# or by pressing the disc eject button on newer models. +# Note: an UltraBay/MediaBay hard disk is never powered off. +BAY_POWEROFF_ON_BAT=0 +# Optical drive device to power off (default sr0). +BAY_DEVICE="sr0" + +# Runtime Power Management for PCI(e) bus devices: on=disable, auto=enable +RUNTIME_PM_ON_AC=on +RUNTIME_PM_ON_BAT=auto + +# Runtime PM for *all* PCI(e) bus devices, except blacklisted ones: +# 0=disable, 1=enable +RUNTIME_PM_ALL=1 + +# Exclude PCI(e) device adresses the following list from Runtime PM +# (separate with spaces). Use lspci to get the adresses (1st column). +#RUNTIME_PM_BLACKLIST="bb:dd.f 11:22.3 44:55.6" + +# Exclude PCI(e) devices assigned to the listed drivers from Runtime PM +# (should prevent accidential power on of hybrid graphics' discrete part). +# Default is "radeon nouveau"; use "" to disable the feature completely. +# Separate multiple drivers with spaces. +RUNTIME_PM_DRIVER_BLACKLIST="radeon nouveau" + +# Set to 0 to disable, 1 to enable USB autosuspend feature. +USB_AUTOSUSPEND=1 + +# Exclude listed devices from USB autosuspend (separate with spaces). +# Use lsusb to get the ids. +# Note: input devices (usbhid) are excluded automatically (see below) +#USB_BLACKLIST="1111:2222 3333:4444" + +# WWAN devices are excluded from USB autosuspend: 0=do not exclude / 1=exclude +USB_BLACKLIST_WWAN=1 + +# Include listed devices into USB autosuspend even if already excluded +# by the driver or WWAN blacklists above (separate with spaces). +# Use lsusb to get the ids. +#USB_WHITELIST="1111:2222 3333:4444" + +# Set to 1 to disable autosuspend before shutdown, 0 to do nothing +# (workaround for USB devices that cause shutdown problems). +#USB_AUTOSUSPEND_DISABLE_ON_SHUTDOWN=1 + +# Restore radio device state (Bluetooth, WiFi, WWAN) from previous shutdown +# on system startup: 0=disable, 1=enable. +# Hint: the parameters DEVICES_TO_DISABLE/ENABLE_ON_STARTUP/SHUTDOWN below +# are ignored when this is enabled! +RESTORE_DEVICE_STATE_ON_STARTUP=0 + +# Radio devices to disable on startup: bluetooth, wifi, wwan. +# Separate multiple devices with spaces. +DEVICES_TO_DISABLE_ON_STARTUP="bluetooth wifi wwan" + +# Radio devices to enable on startup: bluetooth, wifi, wwan. +# Separate multiple devices with spaces. +#DEVICES_TO_ENABLE_ON_STARTUP="wifi" + +# Radio devices to disable on shutdown: bluetooth, wifi, wwan +# (workaround for devices that are blocking shutdown). +#DEVICES_TO_DISABLE_ON_SHUTDOWN="bluetooth wifi wwan" + +# Radio devices to enable on shutdown: bluetooth, wifi, wwan +# (to prevent other operating systems from missing radios). +#DEVICES_TO_ENABLE_ON_SHUTDOWN="wwan" + +# Radio devices to enable on AC: bluetooth, wifi, wwan +#DEVICES_TO_ENABLE_ON_AC="bluetooth wifi wwan" + +# Radio devices to disable on battery: bluetooth, wifi, wwan +#DEVICES_TO_DISABLE_ON_BAT="bluetooth wifi wwan" + +# Radio devices to disable on battery when not in use (not connected): +# bluetooth, wifi, wwan +DEVICES_TO_DISABLE_ON_BAT_NOT_IN_USE="bluetooth wifi wwan" + +# Battery charge thresholds (ThinkPad only, tp-smapi or acpi-call kernel module +# required). Charging starts when the remaining capacity falls below the +# START_CHARGE_THRESH value and stops when exceeding the STOP_CHARGE_THRESH value. +# Main / Internal battery (values in %) +START_CHARGE_THRESH_BAT0=10 +STOP_CHARGE_THRESH_BAT0=95 +# Ultrabay / Slice / Replaceable battery (values in %) +START_CHARGE_THRESH_BAT1=10 +STOP_CHARGE_THRESH_BAT1=95 + +# ------------------------------------------------------------------------------ +# tlp-rdw - Parameters for the radio device wizard +# Possible devices: bluetooth, wifi, wwan + +# Hints: +# - Parameters are disabled by default, remove the leading # to enable them. +# - Separate multiple radio devices with spaces. + +# Radio devices to disable on connect. +#DEVICES_TO_DISABLE_ON_LAN_CONNECT="wifi wwan" +#DEVICES_TO_DISABLE_ON_WIFI_CONNECT="wwan" +#DEVICES_TO_DISABLE_ON_WWAN_CONNECT="wifi" + +# Radio devices to enable on disconnect. +#DEVICES_TO_ENABLE_ON_LAN_DISCONNECT="wifi wwan" +#DEVICES_TO_ENABLE_ON_WIFI_DISCONNECT="" +#DEVICES_TO_ENABLE_ON_WWAN_DISCONNECT="" + +# Radio devices to enable/disable when docked. +#DEVICES_TO_ENABLE_ON_DOCK="" +#DEVICES_TO_DISABLE_ON_DOCK="" + +# Radio devices to enable/disable when undocked. +#DEVICES_TO_ENABLE_ON_UNDOCK="wifi" +#DEVICES_TO_DISABLE_ON_UNDOCK="" diff --git a/archived/ansible/files/system_new/minimal/___etc___profile b/archived/ansible/files/system_new/minimal/___etc___profile new file mode 100644 index 0000000..5884d7b --- /dev/null +++ b/archived/ansible/files/system_new/minimal/___etc___profile @@ -0,0 +1,35 @@ +# /etc/profile: system-wide .profile file for the Bourne shell (sh(1)) +# and Bourne compatible shells (bash(1), ksh(1), ash(1), ...). + +if [ "`id -u`" -eq 0 ]; then + PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" +else + PATH="/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games" +fi +export PATH + +if [ "${PS1-}" ]; then + if [ "${BASH-}" ] && [ "$BASH" != "/bin/sh" ]; then + # The file bash.bashrc already sets the default PS1. + # PS1='\h:\w\$ ' + if [ -f /etc/bash.bashrc ]; then + . /etc/bash.bashrc + fi + else + if [ "`id -u`" -eq 0 ]; then + PS1='# ' + else + PS1='$ ' + fi + fi +fi + +if [ -d /etc/profile.d ]; then + for i in /etc/profile.d/*.sh; do + if [ -r $i ]; then + . $i + fi + done + unset i +fi +export LC_ALL="en_US.UTF-8" diff --git a/archived/ansible/files/system_new/minimal/___etc___systemd___logind.conf b/archived/ansible/files/system_new/minimal/___etc___systemd___logind.conf new file mode 100644 index 0000000..7a9004a --- /dev/null +++ b/archived/ansible/files/system_new/minimal/___etc___systemd___logind.conf @@ -0,0 +1,38 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. +# +# Entries in this file show the compile time defaults. +# You can change settings by editing this file. +# Defaults can be restored by simply deleting this file. +# +# See logind.conf(5) for details. + +[Login] +#NAutoVTs=6 +#ReserveVT=6 +#KillUserProcesses=no +#KillOnlyUsers= +#KillExcludeUsers=root +#InhibitDelayMaxSec=5 +#HandlePowerKey=poweroff +#HandleSuspendKey=suspend +#HandleHibernateKey=hibernate +#HandleLidSwitch=suspend +#HandleLidSwitchDocked=ignore +#PowerKeyIgnoreInhibited=no +#SuspendKeyIgnoreInhibited=no +#HibernateKeyIgnoreInhibited=no +#LidSwitchIgnoreInhibited=yes +#HoldoffTimeoutSec=30s +#IdleAction=ignore +#IdleActionSec=30min +#RuntimeDirectorySize=10% +#RemoveIPC=yes +#InhibitorsMax=8192 +#SessionsMax=8192 +#UserTasksMax=33% +HandleLidSwitch=hibernate diff --git a/archived/ansible/files/system_new/minimal/___etc___timezone b/archived/ansible/files/system_new/minimal/___etc___timezone new file mode 100644 index 0000000..94d5acc --- /dev/null +++ b/archived/ansible/files/system_new/minimal/___etc___timezone @@ -0,0 +1 @@ +Europe/Berlin diff --git a/archived/ansible/run_root.sh b/archived/ansible/run_root.sh new file mode 100755 index 0000000..02856c2 --- /dev/null +++ b/archived/ansible/run_root.sh @@ -0,0 +1 @@ +ansible-playbook -i 'localhost,' -c local config.yml diff --git a/archived/ansible/run_root_new.sh b/archived/ansible/run_root_new.sh new file mode 100755 index 0000000..36408a8 --- /dev/null +++ b/archived/ansible/run_root_new.sh @@ -0,0 +1 @@ +ansible-playbook -i 'localhost,' -e system_name=X200s -c local config_new.yml diff --git a/archived/ansible/run_user.sh b/archived/ansible/run_user.sh new file mode 100755 index 0000000..e52b521 --- /dev/null +++ b/archived/ansible/run_user.sh @@ -0,0 +1 @@ +ansible-playbook -i 'localhost,' -c local user.yml diff --git a/archived/ansible/run_user_new.sh b/archived/ansible/run_user_new.sh new file mode 100755 index 0000000..510faad --- /dev/null +++ b/archived/ansible/run_user_new.sh @@ -0,0 +1 @@ +ansible-playbook -i 'localhost,' -e system_name=X200s -c local user_new.yml diff --git a/archived/ansible/tasks/initial_purge.yml b/archived/ansible/tasks/initial_purge.yml new file mode 100644 index 0000000..63fddd9 --- /dev/null +++ b/archived/ansible/tasks/initial_purge.yml @@ -0,0 +1,25 @@ +--- + +- name: collect officially required packages + shell: dpkg-query -Wf '${Package} ${Priority}\n' | grep ' required' | sed 's/ required//' > /tmp/list_white_unsorted + +- name: add "ifupdown" and "isc-dhcp-client" (to keep internet connection afterwards) and "ansible" (to keep its modules available for continuing the configuration) to required packages + shell: echo 'ifupdown' >> /tmp/list_white_unsorted && echo 'isc-dhcp-client' >> /tmp/list_white_unsorted && echo 'ansible' >> /tmp/list_white_unsorted && sort /tmp/list_white_unsorted > /tmp/list_white + +- name: collect currently installed packages + shell: dpkg-query -Wf '${Package}\n' > /tmp/list_all_packages && sort /tmp/list_all_packages > /tmp/foo && mv /tmp/foo /tmp/list_all_packages + +- name: create black list of packages to mark as automatically installed from the difference between the required packages and the packages currently installed + shell: comm -3 /tmp/list_all_packages /tmp/list_white > /tmp/list_black + +- name: mark all packages from black list as automatically installed + shell: apt-mark auto $(cat /tmp/list_black) + +- name: purge all packages automatically installed that are not depended on + shell: DEBIAN_FRONTEND=noninteractive apt-get -y --purge autoremove + +- name: ensure flags directory exists + file: path=flags state=directory + +- name: set initial_purge_happened flag, so that this whole process does not get repeated + file: path=flags/initial_purge_happened state=touch diff --git a/archived/ansible/tasks/qutebrowser.yml b/archived/ansible/tasks/qutebrowser.yml new file mode 100644 index 0000000..916c854 --- /dev/null +++ b/archived/ansible/tasks/qutebrowser.yml @@ -0,0 +1,45 @@ +--- + +- name: Set qutebrowser, python3-pypeg2 facts. + set_fact: + qutebrowser_deb_url: https://github.com/qutebrowser/qutebrowser/releases/download/v0.11.0/qutebrowser_0.11.0-1_all.deb + python3pypeg2_deb_url: https://qutebrowser.org/python3-pypeg2_2.15.2-1_all.deb + qutebrowser_deb_path: /tmp/qutebrowser.deb + python3pypeg2_deb_path: /tmp/python3-pypeg2.deb + +- name: Check if qutebrowser is installed. + command: dpkg-query -W qutebrowser + register: qutebrowser_debcheck + failed_when: qutebrowser_debcheck.rc > 1 + changed_when: qutebrowser_debcheck.rc == 1 + +- name: Check if qutebrowser-dependency python3-pypeg2 is installed. + command: dpkg-query -W python3-pypeg2 + register: python3pypeg2_debcheck + failed_when: python3pypeg2_debcheck.rc > 1 + changed_when: python3pypeg2_debcheck.rc == 1 + when: qutebrowser_debcheck.rc == 1 + +- name: Download python3-pypeg2 package. + get_url: url={{ python3pypeg2_deb_url }} dest={{ python3pypeg2_deb_path }} + when: qutebrowser_debcheck.rc == 1 and python3pypeg2_debcheck.rc == 1 + +- name: Download qutebrowser package. + get_url: url={{ qutebrowser_deb_url }} dest={{ qutebrowser_deb_path }} + when: qutebrowser_debcheck.rc == 1 + +# We use command: apt as a workaround because the Ansible apt module installs +# the Depends of the .deb marked as manual while we want them marked as auto. +- name: Install python3-pypeg2 package, + command: apt install --yes "{{ python3pypeg2_deb_path}}" + when: qutebrowser_debcheck.rc == 1 and python3pypeg2_debcheck.rc == 1 + +- name: Mark python3-pypeg2 package as automatically installed. + command: apt-mark auto python3-pypeg2 + when: qutebrowser_debcheck.rc == 1 and python3pypeg2_debcheck.rc == 1 + +# We use command: apt as a workaround because the Ansible apt module installs +# the Depends of the .deb marked as manual while we want them marked as auto. +- name: Install qutebrowser package. + command: apt install --yes "{{ qutebrowser_deb_path}}" + when: qutebrowser_debcheck.rc == 1 diff --git a/archived/ansible/user.yml b/archived/ansible/user.yml new file mode 100644 index 0000000..07dd189 --- /dev/null +++ b/archived/ansible/user.yml @@ -0,0 +1,13 @@ +- hosts: all + tasks: + + - name: ensure ~/.vimbackups directory + file: state=directory dest=~/.vimbackups + - name: Ensure dotfile symlinks + file: state=link force=yes src={{item}} dest=~/.{{item|basename}} + with_fileglob: + - ~/config/dotfiles/minimal/* + - ~/config/dotfiles/user/thinkpad/minimal/* + - ~/config/dotfiles/user/thinkpad/W530/* + - name: ensure ~/downloads directory + file: state=directory dest=~/downloads diff --git a/archived/ansible/user_new.yml b/archived/ansible/user_new.yml new file mode 100644 index 0000000..d6f46af --- /dev/null +++ b/archived/ansible/user_new.yml @@ -0,0 +1,13 @@ +- hosts: all + tasks: + + - name: ensure ~/.vimbackups directory + file: state=directory dest=~/.vimbackups + - name: Ensure dotfile symlinks + file: state=link force=yes src={{item}} dest=~/.{{item|basename}} + with_fileglob: + - ~/config/dotfiles/minimal/* + - ~/config/dotfiles/user/thinkpad/minimal/* + - ~/config/dotfiles/user/thinkpad/{{ system_name }}/* + - name: ensure ~/downloads directory + file: state=directory dest=~/downloads diff --git a/archived/archive_plomroma.py b/archived/archive_plomroma.py new file mode 100755 index 0000000..0ad89b7 --- /dev/null +++ b/archived/archive_plomroma.py @@ -0,0 +1,86 @@ +#!/usr/bin/env python3 +import lxml +import argparse +# use with `find status.plomlompom.com -type f -name "*.html" -exec ./archive_plomroma.py -f {} \;` + +parser = argparse.ArgumentParser(description="archive plom's self-hosted pleroma feed") +parser.add_argument("-f", "--file", dest="file", required=True, help="HTML file to process") +args = parser.parse_args() +print("processing", args.file) + +def print_tree(node, level=0): + tag = node.tag + id = node.get("id") + classes = node.get("class") + text = (node.text or "").strip() + attributes_info = [] + if id: + attributes_info.append(f"id='{id}'") + if classes: + attributes_info.append(f"class='{classes}'") + attr_str = " ".join(attributes_info) + print(" " * level + f"<{tag} {attr_str}>", end="") + if text: + print(f" -> {text}") + else: + print() + for child in node: + print_tree(child, level + 1) + +with open(args.file, "r", encoding="utf-8") as file: + content = file.read() +from lxml import html +tree = html.fromstring(content) + +atom_links = tree.xpath('/html/head/link[@rel="alternate"]') +for atom_link in atom_links: + atom_link.getparent().remove(atom_link) +comments = tree.xpath('//comment()') +for comment in comments: + comment.getparent().remove(comment) +forms = tree.xpath('//form') +for form in forms: + form.getparent().remove(form) + + +def has_class(context, element, class_name): + classes = element[0].get('class', '').split() + return class_name in classes +ns = lxml.etree.FunctionNamespace(None) +ns['has-class'] = has_class +matching_divs = tree.xpath('//div[has-class(., "activity") and .//div[has-class(., "p-author")] and .//bdi[has-class(., "p-name") and string()!="plomlompom"]]') +imgs = tree.xpath('//img') +for img in imgs: + src = img.get('src') + if src and not src.startswith('https://status.plomlompom.com/'): + img.attrib.pop('src', None) + alt = img.get('alt') + if alt and not alt.startswith('../'): + img.attrib.pop('alt', None) + title = img.get('title') + if title and not title.startswith('../'): + img.attrib.pop('title', None) +removal_notice = "[Removed foreign content for static archive, follow permalink on date to see original.]" +for activity_div in matching_divs: + details = activity_div.xpath('.//details[./div[has-class]]') + for detail in details: + new_div = lxml.etree.Element("div") + new_div.text = removal_notice + detail.getparent().replace(detail, new_div) + e_contents = activity_div.xpath('.//div[has-class(., "e-content") or has-class(., "activity-content")]') + for content in e_contents: + content.clear() + content.text = removal_notice + +header = """ +

contact / privacy

+

plomroma (archived): This site is a static archive of a Pleroma instance formerly hosted by me, to preserve my own messages from that time. Foreign content has been removed, but may still be available via links.

+
+""" +tree.body.insert(0, html.fromstring(header)) + +# print_tree(tree) +with open(args.file, "w", encoding="utf-8") as file: + file.write(html.tostring(tree, pretty_print=True, encoding="utf-8").decode("utf-8")) + +print("done") diff --git a/archived/bin/broiler_in.sh b/archived/bin/broiler_in.sh new file mode 100755 index 0000000..5b16ddd --- /dev/null +++ b/archived/bin/broiler_in.sh @@ -0,0 +1,3 @@ +#!/bin/sh +cd ~/plomlombot-irc +./run.sh -r 604800 -n broiler_in "#nodrama.de" diff --git a/archived/bin/hubbabubba.sh b/archived/bin/hubbabubba.sh new file mode 100755 index 0000000..50cc0f6 --- /dev/null +++ b/archived/bin/hubbabubba.sh @@ -0,0 +1,3 @@ +#!/bin/sh +cd ~/plomlombot-irc +./run.sh -r 604800 -n hubbabubba "#freakazoid" diff --git a/archived/bin/i3status_wrapper.py b/archived/bin/i3status_wrapper.py new file mode 100755 index 0000000..aa7b7c2 --- /dev/null +++ b/archived/bin/i3status_wrapper.py @@ -0,0 +1,26 @@ +#!/usr/bin/env python3 +# -*- coding: utf-8 -*- + +# Inspired by http://code.stapelberg.de/git/i3status/tree/contrib/wrapper.py + +import sys +import json +import subprocess + +def print_nonbuffered(message): + sys.stdout.write(message) + sys.stdout.flush() + +if __name__ == '__main__': + print_nonbuffered(sys.stdin.readline()) + print_nonbuffered(sys.stdin.readline()) + while True: + line, prefix = sys.stdin.readline(), '' + if line.startswith(','): + line, prefix = line[1:], ',' + j = json.loads(line) + if '1' == subprocess.getoutput('xset q | grep LED')[65]: + j.insert(len(j), {'full_text' : 'CAPS', + 'separator_block_width': 40, + 'color': '#FF0000'}) + print_nonbuffered(prefix+json.dumps(j)) diff --git a/archived/bin/install_certs.sh b/archived/bin/install_certs.sh new file mode 100755 index 0000000..5ef46b0 --- /dev/null +++ b/archived/bin/install_certs.sh @@ -0,0 +1,7 @@ +#!/bin/sh + +set -e +set -x + +~/letsencrypt/letsencrypt-auto certonly --standalone -d dump.plomlompom.com +~/letsencrypt/letsencrypt-auto certonly --standalone -d htwtxt.plomlompom.com diff --git a/archived/bin/network.sh b/archived/bin/network.sh new file mode 100755 index 0000000..5f88461 --- /dev/null +++ b/archived/bin/network.sh @@ -0,0 +1,65 @@ +#!/bin/sh + +eth_interface=enp0s25 +wifi_interface=wls1 + +ensure_wifi_on() { + if [ ! "$(wifi)" = "wifi = on" ]; then + #wifi on + ip link set "$wifi_interface" up + fi +} + +if ! echo "${1}"; then + echo 'No command given.' + print_usage + exit 1 +elif [ "${1}" = 'eth_connect' ]; then + ip link set "$eth_interface" up + dhclient "$eth_interface" + +elif [ "${1}" = 'eth_disconnect' ]; then + ip link set "$eth_interface" down + +elif [ "${1}" = 'wifi_scan' ]; then + ensure_wifi_on + ip link set "$wifi_interface" up + iw dev "$wifi_interface" scan | grep SSID + +elif [ "${1}" = 'wifi_connect_open' ]; then + ensure_wifi_on + iw dev "$wifi_interface" connect "${2}" + dhclient "$wifi_interface" + #ip route delete default + #ip route add default via 192.168.1.1 dev wls1 + +elif [ "${1}" = 'wifi_connect_wep_ascii' ]; then + ensure_wifi_on + iw dev "$wifi_interface" connect "${2}" key 0:"${3}" + dhclient "$wifi_interface" + +elif [ "${1}" = 'wifi_connect_wep_hex' ]; then + ensure_wifi_on + iw dev "$wifi_interface" connect "${2}" key d:0:"${3}" + dhclient "$wifi_interface" + +elif [ "${1}" = 'wifi_connect_wpa' ]; then + ensure_wifi_on + wpa_passphrase "${2}" "${3}" > /tmp/wpa_supplicant.conf + wpa_supplicant -B -i "$wifi_interface" -c /tmp/wpa_supplicant.conf + dhclient "$wifi_interface" + +elif [ "${1}" = 'wifi_disconnect' ]; then + ip link set "$wifi_interface" down + +else + echo 'Available commands:' + echo ' eth_connect' + echo ' eth_disconnect' + echo ' wifi_scan' + echo ' wifi_connect_open SSID' + echo ' wifi_connect_wep_ascii SSID KEY' + echo ' wifi_connect_wep_hex SSID KEY' + echo ' wifi_connect_wpa SSID KEY' + echo ' wifi_disconnect' +fi diff --git a/archived/bin/plomlombot.sh b/archived/bin/plomlombot.sh new file mode 100755 index 0000000..1153d2d --- /dev/null +++ b/archived/bin/plomlombot.sh @@ -0,0 +1,3 @@ +#!/bin/sh +cd ~/plomlombot-irc +./run.sh -r 604800 -n botlomplom "#zrolaps" diff --git a/archived/bin/renew_certs.sh b/archived/bin/renew_certs.sh new file mode 100755 index 0000000..d1853b5 --- /dev/null +++ b/archived/bin/renew_certs.sh @@ -0,0 +1,5 @@ +#!/bin/sh + +service nginx stop +~/letsencrypt/letsencrypt-auto renew +service nginx restart diff --git a/archived/bin/setup_opendkim.sh b/archived/bin/setup_opendkim.sh new file mode 100755 index 0000000..ce1e3d5 --- /dev/null +++ b/archived/bin/setup_opendkim.sh @@ -0,0 +1,65 @@ +#!/bin/sh +set -e +selector=$1 +file=$2 + +if [ ! -n "$selector" ]; then + cat << EOF +Usage: $0 SELECTOR [KEYFILE] - set up DKIM system and configuration + +If existing KEYFILE is given, set up DKIM to use SELECTOR and apply key from +KEYFILE. + +If existing KEYFILE is not given, generate KEYFILE and DNS TXT file for +SELECTOR. +EOF + exit +fi + +if [ ! "$(id -u)" -eq "0" ]; then + echo "Must be run as root." + exit 1 +fi + +set -x +apt-get -y install opendkim + +if [ ! -n "$file" ]; then + apt-get -y install opendkim-tools + opendkim-genkey -d plomlompom.com -s $selector + apt-get -y --purge autoremove opendkim-tools + set +x + echo + echo 'Generated key file at '$selector'.private.' + echo 'Also generated '$selector'.txt, APPLY its content below to your DNS' \ + 'record.' + echo 'AFTER the waiting time for DNS propagation RERUN this script with' \ + 'the key file as SECOND parameter (still use selector as first one).' + echo + cat $selector.txt +else + if [ ! -f "$file" ]; then + set +x + echo + echo "Keyfile $file does not exist." + exit 1 + fi + cp ~/config/systemfiles/opendkim.conf /etc/opendkim.conf + sed -r -i 's/^#Selector .*$/Selector '$selector'/' /etc/opendkim.conf + mkdir -p /etc/opendkim + if [ -f /etc/opendkim/dkim.key ]; then + cp /etc/opendkim/dkim.key /etc/opendkim/dkim.key~ + fi + cp $file /etc/opendkim/dkim.key + cp ~/config/systemfiles/main.cf /etc/postfix/main.cf + cat >> /etc/postfix/main.cf << EOF + +# Use opendkim at given port as mail filter. +non_smtpd_milters = inet:localhost:12301 +EOF + service opendkim restart + service postfix restart + set +x + echo + echo 'Ensure the DKIM TXT entry in your DNS record matches!' +fi diff --git a/archived/bin/setup_starttls.sh b/archived/bin/setup_starttls.sh new file mode 100755 index 0000000..3b306c2 --- /dev/null +++ b/archived/bin/setup_starttls.sh @@ -0,0 +1,38 @@ +#!/bin/sh +set -x +set -e +key=$1 +cert=$2 + +if [ ! "$(id -u)" -eq "0" ]; then + echo "Must be run as root." + exit 1 +fi + +key_target=/etc/postfix/key.pem +if [ ! -n "$key" ]; then + if [ ! -f "${key_target}" ]; then + (umask 077; openssl genrsa -out "${key_target}" 2048) + fi +else + cp "$key" "${key_target}" +fi + +fqdn=$(postconf -h myhostname) +cert_target=/etc/postfix/cert.pem +if [ ! -n "$cert" ]; then + if [ ! -f "${cert_target}" ]; then + openssl req -new -key "${key_target}" -x509 -subj "/CN=${fqdn}" -days 3650 -out "${cert_target}" + fi +else + cp "$cert" "${cert_target}" +fi + +cat >> /etc/postfix/main.cf << EOF + +# Enable server-side STARTTLS. +smtpd_tls_cert_file = /etc/postfix/cert.pem +smtpd_tls_key_file = /etc/postfix/key.pem +smtpd_tls_security_level = may +EOF +service postfix restart diff --git a/archived/bin/simplemail.sh b/archived/bin/simplemail.sh new file mode 100755 index 0000000..af0eb1a --- /dev/null +++ b/archived/bin/simplemail.sh @@ -0,0 +1,9 @@ +#!/bin/sh +# +# This mails to user plom the message in the file named by the first parameter, +# decoded with the first line as subject and everything below the second line +# as the message body. + +subject=`head -1 $1` +body=`tail -n +3 $1` +echo "$body" | mutt -s "$subject" plom diff --git a/archived/bin/simplemail_out.sh b/archived/bin/simplemail_out.sh new file mode 100755 index 0000000..8340944 --- /dev/null +++ b/archived/bin/simplemail_out.sh @@ -0,0 +1,9 @@ +#!/bin/sh +# +# This mails to plom@plomlompom.com the message in the file named by the first +# parameter, decoded with the first line as subject and everything below the +# second line as the message body. + +subject=`head -1 $1` +body=`tail -n +3 $1` +echo "$body" | mutt -s "$subject" plom@plomlompom.com diff --git a/archived/bin/start_htwtxt.sh b/archived/bin/start_htwtxt.sh new file mode 100755 index 0000000..e5ee45a --- /dev/null +++ b/archived/bin/start_htwtxt.sh @@ -0,0 +1,8 @@ +#!/bin/sh +$GOPATH/bin/htwtxt \ + --contact 'see http://www.plomlompom.de/' \ + --mailport 587 \ + --mailserver smtp.gmail.com \ + --mailuser christian.heller@gmail.com \ + --port 8000 \ + --signup diff --git a/archived/bin/symlink.sh b/archived/bin/symlink.sh new file mode 100755 index 0000000..d653a0b --- /dev/null +++ b/archived/bin/symlink.sh @@ -0,0 +1,41 @@ +#!/bin/sh + +set -x +set -e + +dir_minimal=~/config/dotfiles/minimal +dir_user_prefix=~/config/dotfiles/user +dir_user_minimal=$dir_user_prefix/minimal +dir_user_machine=$dir_user_prefix/$1/minimal +if [ "$3" = "" ]; then + dir_user_variety=$dir_user_prefix/$1/$2 +else + dir_user_variety=$dir_user_prefix/$1/$2/minimal +fi +dir_user_subvariety=$dir_user_prefix/$1/$2/$3 +dir_root=~/config/dotfiles/root +homedir=`echo ~` +find ~ -lname $homedir'/config/*' -delete +for file in `ls $dir_minimal`; do + ln -fs $dir_minimal/$file ~/.$file +done +if [ "$(id -u)" -eq "0" ]; then + for file in `ls $dir_root`; do + ln -fs $dir_root/$file ~/.$file + done +else + for file in `ls $dir_user_minimal`; do + ln -fs $dir_user_minimal/$file ~/.$file + done + for file in `ls $dir_user_machine`; do + ln -fs $dir_user_machine/$file ~/.$file + done + for file in `ls $dir_user_variety`; do + ln -fs $dir_user_variety/$file ~/.$file + done + if [ ! "$3" = "" ]; then + for file in `ls $dir_user_subvariety`; do + ln -fs $dir_user_subvariety/$file ~/.$file + done + fi +fi diff --git a/archived/bin/w530_backlight.sh b/archived/bin/w530_backlight.sh new file mode 100755 index 0000000..5b24fa7 --- /dev/null +++ b/archived/bin/w530_backlight.sh @@ -0,0 +1,32 @@ +#!/bin/sh + +# A very primitive backlight setter with a hardcoded backlight path, to replace +# xbacklight which currently does not work on my system. + +if ! echo "${1}" | egrep -q '^[0-9]+$' && ! [ "${1}" = "+" -o "${1}" = "-" ]; then + echo 'Argument must be a number, or "+", or "-".' + exit 1 +fi +backlight_dir=/sys/class/backlight/intel_backlight +max_brightness=$(cat "${backlight_dir}"/max_brightness) +target="${backlight_dir}"/brightness +if [ "${1}" = "+" -o "${1}" = "-" ]; then + fract=$(expr "${max_brightness}" / 20) + cur_brightness=$(cat "${backlight_dir}"/brightness) + brightness=$(expr "${cur_brightness}" "${1}" "${fract}") + if [ "${brightness}" -gt "${max_brightness}" ]; then + brightness="${max_brightness}" + elif [ "${brightness}" -lt "0" ]; then + brightness=0 + fi + sudo sh -c 'echo '"${brightness}"' > '"${target}" + exit 0 +fi +percentage=${1} +if [ "${percentage}" = '100' ]; then + sudo sh -c 'echo '"${max_brightness}"' > '"${target}" +else + fract=$(expr "${max_brightness}" / 100) + brightness=$(expr "${percentage}" \* "${fract}") + sudo sh -c 'echo '"${brightness}"' > '"${target}" +fi diff --git a/archived/bin/w530_startx_force_nvidia.sh b/archived/bin/w530_startx_force_nvidia.sh new file mode 100755 index 0000000..3c3ca59 --- /dev/null +++ b/archived/bin/w530_startx_force_nvidia.sh @@ -0,0 +1,13 @@ +#!/bin/sh + +# Undo bumblebee setup. +sudo service bumblebeed stop +sudo modprobe nvidia-drm +sudo update-alternatives --set glx /usr/lib/nvidia + +# Use special xorg.conf and pass NVIDIA_DIRECT directive to .xinitrc. +NVIDIA_DIRECT=1 startx -- -config xorg.conf.forced_nvidia + +# Recreate bumblebee setup. +sudo service bumblebeed start +sudo update-alternatives --auto glx diff --git a/archived/bin/weechat-wrapper.sh b/archived/bin/weechat-wrapper.sh new file mode 100755 index 0000000..333c9d1 --- /dev/null +++ b/archived/bin/weechat-wrapper.sh @@ -0,0 +1,8 @@ +#!/bin/sh + +# Enforce ~/.weechatrc as sole persistent weechat config file. +~/config/bin/simplemail.sh ~/config/mails/weechat_restart_reminder +rm -rf ~/.weechat/ +WEECHATCONF=`tr '\n' ';' < ~/.weechatrc` +weechat -r "$WEECHATCONF" +rm -rf ~/.weechat/ diff --git a/archived/bin/wicd-wrapper.sh b/archived/bin/wicd-wrapper.sh new file mode 100755 index 0000000..8ed74bd --- /dev/null +++ b/archived/bin/wicd-wrapper.sh @@ -0,0 +1,67 @@ +#!/bin/sh + +check_wifi_id_set() { + if ! echo "${1}" | egrep -q '^[0-9]+$'; then + echo 'Wifi identifier must be integer.' + exit 1 + fi +} + +ensure_wifi_on() { + if [ ! "$(wifi)" = "wifi = on" ]; then + sudo wifi on + fi +} + +print_usage() { + echo 'Available commands:' + echo ' eth_connect' + echo ' eth_disconnect' + echo ' wifi_scan' + echo ' wifi_info WIFI_ID' + echo ' wifi_set_wpa WIFI_ID KEY' + echo ' wifi_connect WIFI_ID' + echo ' wifi_disconnect' +} + +if ! echo "${1}"; then + echo 'No command given.' + print_usage + exit 1 +elif [ "${1}" = 'eth_connect' ]; then + wicd-cli --wired --connect + +elif [ "${1}" = 'eth_disconnect' ]; then + wicd-cli --wired --disconnect + +elif [ "${1}" = 'wifi_scan' ]; then + ensure_wifi_on + wicd-cli --wireless --scan + wicd-cli --wireless --list-networks + +elif [ "${1}" = 'wifi_info' ]; then + check_wifi_id_set "${2}" + wicd-cli --wireless --network="${2}" --network-details + +elif [ "${1}" = 'wifi_set_wpa' ]; then + check_wifi_id_set "${2}" + if ! echo "${3}" ; then + echo 'No key set.' + exit 1 + fi + wicd-cli --wireless --network="${2}" --network-property=enctype --set-to=wpa + wicd-cli --wireless --network="${2}" --network-property=key --set-to="${3}" + +elif [ "${1}" = 'wifi_connect' ]; then + ensure_wifi_on + check_wifi_id_set "${2}" + wicd-cli --wireless --network="${2}" --connect + +elif [ "${1}" = 'wifi_disconnect' ]; then + wicd-cli --wireless --disconnect + +else + echo 'Unknown command.' + print_usage + exit 1 +fi diff --git a/archived/bin/zinskritik.sh b/archived/bin/zinskritik.sh new file mode 100755 index 0000000..9ad293a --- /dev/null +++ b/archived/bin/zinskritik.sh @@ -0,0 +1,3 @@ +#!/bin/sh +cd ~/plomlombot-irc +./run.sh -r 604800 -n histomat "#freie-gesellschaft" diff --git a/archived/buster/apt-mark/all b/archived/buster/apt-mark/all new file mode 100644 index 0000000..4b760bc --- /dev/null +++ b/archived/buster/apt-mark/all @@ -0,0 +1,12 @@ +# connectivity: ifupdown seems necessary everyhwere, isc-dhcp-client +# unpredictably so +ifupdown +isc-dhcp-client +# git for the setup directory; cloning works with ca-certificates +ca-certificates +git +# to avoid constant warnings about no locale being found +locales +# extremely useful for basic network debugging; missed these more than once in an emergency +netcat +iputils-ping diff --git a/archived/buster/apt-mark/desktop b/archived/buster/apt-mark/desktop new file mode 100644 index 0000000..f537318 --- /dev/null +++ b/archived/buster/apt-mark/desktop @@ -0,0 +1,2 @@ +# so that grub learns about kernel updates +grub-pc diff --git a/archived/buster/apt-mark/dumpsite b/archived/buster/apt-mark/dumpsite new file mode 100644 index 0000000..a87852a --- /dev/null +++ b/archived/buster/apt-mark/dumpsite @@ -0,0 +1,13 @@ +wget +# for blog and zettel +pandoc +# for blog +html2text +uuid-runtime +python3 +# for url_catcher daemon +python3-venv +build-essential +python3-dev +screen +postfix diff --git a/archived/buster/apt-mark/eeepc b/archived/buster/apt-mark/eeepc new file mode 100644 index 0000000..73a755f --- /dev/null +++ b/archived/buster/apt-mark/eeepc @@ -0,0 +1,3 @@ +# for wifi +firmware-ralink +# diff --git a/archived/buster/apt-mark/mail b/archived/buster/apt-mark/mail new file mode 100644 index 0000000..1ef369d --- /dev/null +++ b/archived/buster/apt-mark/mail @@ -0,0 +1,17 @@ +# smtp server +postfix +# opendkim +opendkim +opendkim-tools +# for pingmail +mailutils +# ssl +certbot +# IMAPS +pwgen +dovecot-imapd +# sieve filtering +dovecot-lmtpd +dovecot-sieve +# to funnel mail from additional server +fetchmail diff --git a/archived/buster/apt-mark/old_server b/archived/buster/apt-mark/old_server new file mode 100644 index 0000000..c3d995b --- /dev/null +++ b/archived/buster/apt-mark/old_server @@ -0,0 +1,2 @@ +# because it contains ifconfig +net-tools diff --git a/archived/buster/apt-mark/peertube b/archived/buster/apt-mark/peertube new file mode 100644 index 0000000..5b73bac --- /dev/null +++ b/archived/buster/apt-mark/peertube @@ -0,0 +1,15 @@ +ffmpeg +postgresql +postgresql-contrib +openssl +redis-server +python-dev +# only needed for setup +g++ +make +git +curl +unzip +libncurses5 +pwgen +wget diff --git a/archived/buster/apt-mark/play b/archived/buster/apt-mark/play new file mode 100644 index 0000000..154f7e7 --- /dev/null +++ b/archived/buster/apt-mark/play @@ -0,0 +1,4 @@ +weechat +screen +gnupg +dirmngr diff --git a/archived/buster/apt-mark/pleroma b/archived/buster/apt-mark/pleroma new file mode 100644 index 0000000..ec7a134 --- /dev/null +++ b/archived/buster/apt-mark/pleroma @@ -0,0 +1,5 @@ +# Pleroma DB +postgresql +postgresql-contrib +# only needed for setup +pwgen diff --git a/archived/buster/apt-mark/pleroma_otp b/archived/buster/apt-mark/pleroma_otp new file mode 100644 index 0000000..4805a43 --- /dev/null +++ b/archived/buster/apt-mark/pleroma_otp @@ -0,0 +1,4 @@ +# only needed for setup +curl +unzip +libncurses5 diff --git a/archived/buster/apt-mark/pleroma_source b/archived/buster/apt-mark/pleroma_source new file mode 100644 index 0000000..2b1cd35 --- /dev/null +++ b/archived/buster/apt-mark/pleroma_source @@ -0,0 +1,4 @@ +# only needed for setup +build-essential +wget +gnupg diff --git a/archived/buster/apt-mark/seedbox b/archived/buster/apt-mark/seedbox new file mode 100644 index 0000000..37b941e --- /dev/null +++ b/archived/buster/apt-mark/seedbox @@ -0,0 +1,8 @@ +# needed for rtorrent config setup +curl +# needed for torrenting +rtorrent +# needed for torrenting session +screen +# needed for upload/download +rsync diff --git a/archived/buster/apt-mark/server b/archived/buster/apt-mark/server new file mode 100644 index 0000000..2ab22d2 --- /dev/null +++ b/archived/buster/apt-mark/server @@ -0,0 +1,6 @@ +# so we can login at all … +openssh-server +# firewalling +nftables +# We want to be able to use ALL our servers as borg backup destinations. +borgbackup diff --git a/archived/buster/apt-mark/thinkpad b/archived/buster/apt-mark/thinkpad new file mode 100644 index 0000000..6a780f2 --- /dev/null +++ b/archived/buster/apt-mark/thinkpad @@ -0,0 +1,7 @@ +# for wifi +firmware-iwlwifi +# for tlp +tlp +tp-smapi-dkms +linux-headers-amd64 +# diff --git a/archived/buster/apt-mark/user b/archived/buster/apt-mark/user new file mode 100644 index 0000000..ece05a4 --- /dev/null +++ b/archived/buster/apt-mark/user @@ -0,0 +1,77 @@ +# to avoid booting problems with encrypted LVM, see +cryptsetup-initramfs +lvm2 +# this provides setupcon which reads /etc/default/console-setup +console-setup +# without this, systemd-logind won't run, and so not detect lid close for hibernation +dbus +# for wifi +wicd-curses +wicd-gtk +# for X to start at all +xserver-xorg-video-intel +# X input: keyboard and touchpad +xserver-xorg-input-evdev +xserver-xorg-input-synaptics +# for startx +xinit +# for xrdb +x11-xserver-utils +# for startx to run for non-root user +libpam-systemd +# window environment +i3 +i3status +suckless-tools +xterm +# to get sleepy at night +redshift +# for alsamixer +alsa-utils +# for xterm and browser unicode display +ttf-unifont +# also useful +vim +sudo +less +man-db +manpages +procps +# firefox dependencies +libdbus-glib-1-2 +libgtk-3-0 +# firefox installation dependencies (remove later?) +curl +python3 +bzip2 +wget +jq +unzip +# to mount encrypted USB stick and use its contents +pmount +cryptsetup +openssh-client +# for syncing +borgbackup +# emacs +emacs25 +emacs-common-non-dfsg +emacs-el +elpa-ledger +ledger +elpa-elfeed +# mail setup +isync +notmuch +elpa-notmuch +pinentry-gtk2 +# to mount Android phone +go-mtpfs +# to use HP Deskjet F380 scanner from GIMP +sane-utils +libsane-hpaio +xsane +# to use HP Deskjet F380 printer +cups +hplip +# diff --git a/archived/buster/apt-mark/w530 b/archived/buster/apt-mark/w530 new file mode 100644 index 0000000..e69de29 diff --git a/archived/buster/apt-mark/web b/archived/buster/apt-mark/web new file mode 100644 index 0000000..4912b8a --- /dev/null +++ b/archived/buster/apt-mark/web @@ -0,0 +1,4 @@ +nginx-light +# for SSL +certbot +python3-certbot-nginx diff --git a/archived/buster/apt-mark/website b/archived/buster/apt-mark/website new file mode 100644 index 0000000..c046f50 --- /dev/null +++ b/archived/buster/apt-mark/website @@ -0,0 +1,8 @@ +# for gitweb +gitweb +fcgiwrap +# for plomlombot +gnupg +dirmngr +python3-venv +screen diff --git a/archived/buster/apt-mark/x200s b/archived/buster/apt-mark/x200s new file mode 100644 index 0000000..e69de29 diff --git a/archived/buster/etc_files/all/etc/apt/apt.conf.d/99_minimize_dependencies b/archived/buster/etc_files/all/etc/apt/apt.conf.d/99_minimize_dependencies new file mode 100644 index 0000000..4aaef79 --- /dev/null +++ b/archived/buster/etc_files/all/etc/apt/apt.conf.d/99_minimize_dependencies @@ -0,0 +1,4 @@ +APT::AutoRemove::RecommendsImportant "false"; +APT::AutoRemove::SuggestsImportant "false"; +APT::Install-Recommends "false"; +APT::Install-Suggests "false"; diff --git a/archived/buster/etc_files/all/etc/apt/sources.list b/archived/buster/etc_files/all/etc/apt/sources.list new file mode 100644 index 0000000..349e8a6 --- /dev/null +++ b/archived/buster/etc_files/all/etc/apt/sources.list @@ -0,0 +1,4 @@ +deb http://deb.debian.org/debian buster main contrib non-free +deb http://deb.debian.org/debian-security/ buster/updates main contrib non-free +deb http://deb.debian.org/debian buster-updates main contrib non-free +deb http://ftp.debian.org/debian buster-backports main contrib non-free diff --git a/archived/buster/etc_files/all/etc/default/locale b/archived/buster/etc_files/all/etc/default/locale new file mode 100644 index 0000000..dd6eee3 --- /dev/null +++ b/archived/buster/etc_files/all/etc/default/locale @@ -0,0 +1 @@ +LANG="en_US.UTF-8" diff --git a/archived/buster/etc_files/all/etc/locale.gen b/archived/buster/etc_files/all/etc/locale.gen new file mode 100644 index 0000000..a28cfa4 --- /dev/null +++ b/archived/buster/etc_files/all/etc/locale.gen @@ -0,0 +1,483 @@ +# This file lists locales that you wish to have built. You can find a list +# of valid supported locales at /usr/share/i18n/SUPPORTED, and you can add +# user defined locales to /usr/local/share/i18n/SUPPORTED. If you change +# this file, you need to rerun locale-gen. + + +# aa_DJ ISO-8859-1 +# aa_DJ.UTF-8 UTF-8 +# aa_ER UTF-8 +# aa_ER@saaho UTF-8 +# aa_ET UTF-8 +# af_ZA ISO-8859-1 +# af_ZA.UTF-8 UTF-8 +# ak_GH UTF-8 +# am_ET UTF-8 +# an_ES ISO-8859-15 +# an_ES.UTF-8 UTF-8 +# anp_IN UTF-8 +# ar_AE ISO-8859-6 +# ar_AE.UTF-8 UTF-8 +# ar_BH ISO-8859-6 +# ar_BH.UTF-8 UTF-8 +# ar_DZ ISO-8859-6 +# ar_DZ.UTF-8 UTF-8 +# ar_EG ISO-8859-6 +# ar_EG.UTF-8 UTF-8 +# ar_IN UTF-8 +# ar_IQ ISO-8859-6 +# ar_IQ.UTF-8 UTF-8 +# ar_JO ISO-8859-6 +# ar_JO.UTF-8 UTF-8 +# ar_KW ISO-8859-6 +# ar_KW.UTF-8 UTF-8 +# ar_LB ISO-8859-6 +# ar_LB.UTF-8 UTF-8 +# ar_LY ISO-8859-6 +# ar_LY.UTF-8 UTF-8 +# ar_MA ISO-8859-6 +# ar_MA.UTF-8 UTF-8 +# ar_OM ISO-8859-6 +# ar_OM.UTF-8 UTF-8 +# ar_QA ISO-8859-6 +# ar_QA.UTF-8 UTF-8 +# ar_SA ISO-8859-6 +# ar_SA.UTF-8 UTF-8 +# ar_SD ISO-8859-6 +# ar_SD.UTF-8 UTF-8 +# ar_SS UTF-8 +# ar_SY ISO-8859-6 +# ar_SY.UTF-8 UTF-8 +# ar_TN ISO-8859-6 +# ar_TN.UTF-8 UTF-8 +# ar_YE ISO-8859-6 +# ar_YE.UTF-8 UTF-8 +# as_IN UTF-8 +# ast_ES ISO-8859-15 +# ast_ES.UTF-8 UTF-8 +# ayc_PE UTF-8 +# az_AZ UTF-8 +# be_BY CP1251 +# be_BY.UTF-8 UTF-8 +# be_BY@latin UTF-8 +# bem_ZM UTF-8 +# ber_DZ UTF-8 +# ber_MA UTF-8 +# bg_BG CP1251 +# bg_BG.UTF-8 UTF-8 +# bhb_IN.UTF-8 UTF-8 +# bho_IN UTF-8 +# bn_BD UTF-8 +# bn_IN UTF-8 +# bo_CN UTF-8 +# bo_IN UTF-8 +# br_FR ISO-8859-1 +# br_FR.UTF-8 UTF-8 +# br_FR@euro ISO-8859-15 +# brx_IN UTF-8 +# bs_BA ISO-8859-2 +# bs_BA.UTF-8 UTF-8 +# byn_ER UTF-8 +# ca_AD ISO-8859-15 +# ca_AD.UTF-8 UTF-8 +# ca_ES ISO-8859-1 +# ca_ES.UTF-8 UTF-8 +# ca_ES.UTF-8@valencia UTF-8 +# ca_ES@euro ISO-8859-15 +# ca_ES@valencia ISO-8859-15 +# ca_FR ISO-8859-15 +# ca_FR.UTF-8 UTF-8 +# ca_IT ISO-8859-15 +# ca_IT.UTF-8 UTF-8 +# ce_RU UTF-8 +# chr_US UTF-8 +# cmn_TW UTF-8 +# crh_UA UTF-8 +# cs_CZ ISO-8859-2 +# cs_CZ.UTF-8 UTF-8 +# csb_PL UTF-8 +# cv_RU UTF-8 +# cy_GB ISO-8859-14 +# cy_GB.UTF-8 UTF-8 +# da_DK ISO-8859-1 +# da_DK.UTF-8 UTF-8 +# de_AT ISO-8859-1 +# de_AT.UTF-8 UTF-8 +# de_AT@euro ISO-8859-15 +# de_BE ISO-8859-1 +# de_BE.UTF-8 UTF-8 +# de_BE@euro ISO-8859-15 +# de_CH ISO-8859-1 +# de_CH.UTF-8 UTF-8 +# de_DE ISO-8859-1 +# de_DE.UTF-8 UTF-8 +# de_DE@euro ISO-8859-15 +# de_IT ISO-8859-1 +# de_IT.UTF-8 UTF-8 +# de_LI.UTF-8 UTF-8 +# de_LU ISO-8859-1 +# de_LU.UTF-8 UTF-8 +# de_LU@euro ISO-8859-15 +# doi_IN UTF-8 +# dv_MV UTF-8 +# dz_BT UTF-8 +# el_CY ISO-8859-7 +# el_CY.UTF-8 UTF-8 +# el_GR ISO-8859-7 +# el_GR.UTF-8 UTF-8 +# en_AG UTF-8 +# en_AU ISO-8859-1 +# en_AU.UTF-8 UTF-8 +# en_BW ISO-8859-1 +# en_BW.UTF-8 UTF-8 +# en_CA ISO-8859-1 +# en_CA.UTF-8 UTF-8 +# en_DK ISO-8859-1 +# en_DK.ISO-8859-15 ISO-8859-15 +# en_DK.UTF-8 UTF-8 +# en_GB ISO-8859-1 +# en_GB.ISO-8859-15 ISO-8859-15 +# en_GB.UTF-8 UTF-8 +# en_HK ISO-8859-1 +# en_HK.UTF-8 UTF-8 +# en_IE ISO-8859-1 +# en_IE.UTF-8 UTF-8 +# en_IE@euro ISO-8859-15 +# en_IL UTF-8 +# en_IN UTF-8 +# en_NG UTF-8 +# en_NZ ISO-8859-1 +# en_NZ.UTF-8 UTF-8 +# en_PH ISO-8859-1 +# en_PH.UTF-8 UTF-8 +# en_SG ISO-8859-1 +# en_SG.UTF-8 UTF-8 +# en_US ISO-8859-1 +# en_US.ISO-8859-15 ISO-8859-15 +en_US.UTF-8 UTF-8 +# en_ZA ISO-8859-1 +# en_ZA.UTF-8 UTF-8 +# en_ZM UTF-8 +# en_ZW ISO-8859-1 +# en_ZW.UTF-8 UTF-8 +# eo UTF-8 +# es_AR ISO-8859-1 +# es_AR.UTF-8 UTF-8 +# es_BO ISO-8859-1 +# es_BO.UTF-8 UTF-8 +# es_CL ISO-8859-1 +# es_CL.UTF-8 UTF-8 +# es_CO ISO-8859-1 +# es_CO.UTF-8 UTF-8 +# es_CR ISO-8859-1 +# es_CR.UTF-8 UTF-8 +# es_CU UTF-8 +# es_DO ISO-8859-1 +# es_DO.UTF-8 UTF-8 +# es_EC ISO-8859-1 +# es_EC.UTF-8 UTF-8 +# es_ES ISO-8859-1 +# es_ES.UTF-8 UTF-8 +# es_ES@euro ISO-8859-15 +# es_GT ISO-8859-1 +# es_GT.UTF-8 UTF-8 +# es_HN ISO-8859-1 +# es_HN.UTF-8 UTF-8 +# es_MX ISO-8859-1 +# es_MX.UTF-8 UTF-8 +# es_NI ISO-8859-1 +# es_NI.UTF-8 UTF-8 +# es_PA ISO-8859-1 +# es_PA.UTF-8 UTF-8 +# es_PE ISO-8859-1 +# es_PE.UTF-8 UTF-8 +# es_PR ISO-8859-1 +# es_PR.UTF-8 UTF-8 +# es_PY ISO-8859-1 +# es_PY.UTF-8 UTF-8 +# es_SV ISO-8859-1 +# es_SV.UTF-8 UTF-8 +# es_US ISO-8859-1 +# es_US.UTF-8 UTF-8 +# es_UY ISO-8859-1 +# es_UY.UTF-8 UTF-8 +# es_VE ISO-8859-1 +# es_VE.UTF-8 UTF-8 +# et_EE ISO-8859-1 +# et_EE.ISO-8859-15 ISO-8859-15 +# et_EE.UTF-8 UTF-8 +# eu_ES ISO-8859-1 +# eu_ES.UTF-8 UTF-8 +# eu_ES@euro ISO-8859-15 +# eu_FR ISO-8859-1 +# eu_FR.UTF-8 UTF-8 +# eu_FR@euro ISO-8859-15 +# fa_IR UTF-8 +# ff_SN UTF-8 +# fi_FI ISO-8859-1 +# fi_FI.UTF-8 UTF-8 +# fi_FI@euro ISO-8859-15 +# fil_PH UTF-8 +# fo_FO ISO-8859-1 +# fo_FO.UTF-8 UTF-8 +# fr_BE ISO-8859-1 +# fr_BE.UTF-8 UTF-8 +# fr_BE@euro ISO-8859-15 +# fr_CA ISO-8859-1 +# fr_CA.UTF-8 UTF-8 +# fr_CH ISO-8859-1 +# fr_CH.UTF-8 UTF-8 +# fr_FR ISO-8859-1 +# fr_FR.UTF-8 UTF-8 +# fr_FR@euro ISO-8859-15 +# fr_LU ISO-8859-1 +# fr_LU.UTF-8 UTF-8 +# fr_LU@euro ISO-8859-15 +# fur_IT UTF-8 +# fy_DE UTF-8 +# fy_NL UTF-8 +# ga_IE ISO-8859-1 +# ga_IE.UTF-8 UTF-8 +# ga_IE@euro ISO-8859-15 +# gd_GB ISO-8859-15 +# gd_GB.UTF-8 UTF-8 +# gez_ER UTF-8 +# gez_ER@abegede UTF-8 +# gez_ET UTF-8 +# gez_ET@abegede UTF-8 +# gl_ES ISO-8859-1 +# gl_ES.UTF-8 UTF-8 +# gl_ES@euro ISO-8859-15 +# gu_IN UTF-8 +# gv_GB ISO-8859-1 +# gv_GB.UTF-8 UTF-8 +# ha_NG UTF-8 +# hak_TW UTF-8 +# he_IL ISO-8859-8 +# he_IL.UTF-8 UTF-8 +# hi_IN UTF-8 +# hne_IN UTF-8 +# hr_HR ISO-8859-2 +# hr_HR.UTF-8 UTF-8 +# hsb_DE ISO-8859-2 +# hsb_DE.UTF-8 UTF-8 +# ht_HT UTF-8 +# hu_HU ISO-8859-2 +# hu_HU.UTF-8 UTF-8 +# hy_AM UTF-8 +# hy_AM.ARMSCII-8 ARMSCII-8 +# ia_FR UTF-8 +# id_ID ISO-8859-1 +# id_ID.UTF-8 UTF-8 +# ig_NG UTF-8 +# ik_CA UTF-8 +# is_IS ISO-8859-1 +# is_IS.UTF-8 UTF-8 +# it_CH ISO-8859-1 +# it_CH.UTF-8 UTF-8 +# it_IT ISO-8859-1 +# it_IT.UTF-8 UTF-8 +# it_IT@euro ISO-8859-15 +# iu_CA UTF-8 +# ja_JP.EUC-JP EUC-JP +# ja_JP.UTF-8 UTF-8 +# ka_GE GEORGIAN-PS +# ka_GE.UTF-8 UTF-8 +# kk_KZ PT154 +# kk_KZ.RK1048 RK1048 +# kk_KZ.UTF-8 UTF-8 +# kl_GL ISO-8859-1 +# kl_GL.UTF-8 UTF-8 +# km_KH UTF-8 +# kn_IN UTF-8 +# ko_KR.EUC-KR EUC-KR +# ko_KR.UTF-8 UTF-8 +# kok_IN UTF-8 +# ks_IN UTF-8 +# ks_IN@devanagari UTF-8 +# ku_TR ISO-8859-9 +# ku_TR.UTF-8 UTF-8 +# kw_GB ISO-8859-1 +# kw_GB.UTF-8 UTF-8 +# ky_KG UTF-8 +# lb_LU UTF-8 +# lg_UG ISO-8859-10 +# lg_UG.UTF-8 UTF-8 +# li_BE UTF-8 +# li_NL UTF-8 +# lij_IT UTF-8 +# ln_CD UTF-8 +# lo_LA UTF-8 +# lt_LT ISO-8859-13 +# lt_LT.UTF-8 UTF-8 +# lv_LV ISO-8859-13 +# lv_LV.UTF-8 UTF-8 +# lzh_TW UTF-8 +# mag_IN UTF-8 +# mai_IN UTF-8 +# mg_MG ISO-8859-15 +# mg_MG.UTF-8 UTF-8 +# mhr_RU UTF-8 +# mi_NZ ISO-8859-13 +# mi_NZ.UTF-8 UTF-8 +# mk_MK ISO-8859-5 +# mk_MK.UTF-8 UTF-8 +# ml_IN UTF-8 +# mn_MN UTF-8 +# mni_IN UTF-8 +# mr_IN UTF-8 +# ms_MY ISO-8859-1 +# ms_MY.UTF-8 UTF-8 +# mt_MT ISO-8859-3 +# mt_MT.UTF-8 UTF-8 +# my_MM UTF-8 +# nan_TW UTF-8 +# nan_TW@latin UTF-8 +# nb_NO ISO-8859-1 +# nb_NO.UTF-8 UTF-8 +# nds_DE UTF-8 +# nds_NL UTF-8 +# ne_NP UTF-8 +# nhn_MX UTF-8 +# niu_NU UTF-8 +# niu_NZ UTF-8 +# nl_AW UTF-8 +# nl_BE ISO-8859-1 +# nl_BE.UTF-8 UTF-8 +# nl_BE@euro ISO-8859-15 +# nl_NL ISO-8859-1 +# nl_NL.UTF-8 UTF-8 +# nl_NL@euro ISO-8859-15 +# nn_NO ISO-8859-1 +# nn_NO.UTF-8 UTF-8 +# nr_ZA UTF-8 +# nso_ZA UTF-8 +# oc_FR ISO-8859-1 +# oc_FR.UTF-8 UTF-8 +# om_ET UTF-8 +# om_KE ISO-8859-1 +# om_KE.UTF-8 UTF-8 +# or_IN UTF-8 +# os_RU UTF-8 +# pa_IN UTF-8 +# pa_PK UTF-8 +# pap_AW UTF-8 +# pap_CW UTF-8 +# pl_PL ISO-8859-2 +# pl_PL.UTF-8 UTF-8 +# ps_AF UTF-8 +# pt_BR ISO-8859-1 +# pt_BR.UTF-8 UTF-8 +# pt_PT ISO-8859-1 +# pt_PT.UTF-8 UTF-8 +# pt_PT@euro ISO-8859-15 +# quz_PE UTF-8 +# raj_IN UTF-8 +# ro_RO ISO-8859-2 +# ro_RO.UTF-8 UTF-8 +# ru_RU ISO-8859-5 +# ru_RU.CP1251 CP1251 +# ru_RU.KOI8-R KOI8-R +# ru_RU.UTF-8 UTF-8 +# ru_UA KOI8-U +# ru_UA.UTF-8 UTF-8 +# rw_RW UTF-8 +# sa_IN UTF-8 +# sat_IN UTF-8 +# sc_IT UTF-8 +# sd_IN UTF-8 +# sd_IN@devanagari UTF-8 +# se_NO UTF-8 +# sgs_LT UTF-8 +# shs_CA UTF-8 +# si_LK UTF-8 +# sid_ET UTF-8 +# sk_SK ISO-8859-2 +# sk_SK.UTF-8 UTF-8 +# sl_SI ISO-8859-2 +# sl_SI.UTF-8 UTF-8 +# so_DJ ISO-8859-1 +# so_DJ.UTF-8 UTF-8 +# so_ET UTF-8 +# so_KE ISO-8859-1 +# so_KE.UTF-8 UTF-8 +# so_SO ISO-8859-1 +# so_SO.UTF-8 UTF-8 +# sq_AL ISO-8859-1 +# sq_AL.UTF-8 UTF-8 +# sq_MK UTF-8 +# sr_ME UTF-8 +# sr_RS UTF-8 +# sr_RS@latin UTF-8 +# ss_ZA UTF-8 +# st_ZA ISO-8859-1 +# st_ZA.UTF-8 UTF-8 +# sv_FI ISO-8859-1 +# sv_FI.UTF-8 UTF-8 +# sv_FI@euro ISO-8859-15 +# sv_SE ISO-8859-1 +# sv_SE.ISO-8859-15 ISO-8859-15 +# sv_SE.UTF-8 UTF-8 +# sw_KE UTF-8 +# sw_TZ UTF-8 +# szl_PL UTF-8 +# ta_IN UTF-8 +# ta_LK UTF-8 +# tcy_IN.UTF-8 UTF-8 +# te_IN UTF-8 +# tg_TJ KOI8-T +# tg_TJ.UTF-8 UTF-8 +# th_TH TIS-620 +# th_TH.UTF-8 UTF-8 +# the_NP UTF-8 +# ti_ER UTF-8 +# ti_ET UTF-8 +# tig_ER UTF-8 +# tk_TM UTF-8 +# tl_PH ISO-8859-1 +# tl_PH.UTF-8 UTF-8 +# tn_ZA UTF-8 +# tr_CY ISO-8859-9 +# tr_CY.UTF-8 UTF-8 +# tr_TR ISO-8859-9 +# tr_TR.UTF-8 UTF-8 +# ts_ZA UTF-8 +# tt_RU UTF-8 +# tt_RU@iqtelif UTF-8 +# ug_CN UTF-8 +# uk_UA KOI8-U +# uk_UA.UTF-8 UTF-8 +# unm_US UTF-8 +# ur_IN UTF-8 +# ur_PK UTF-8 +# uz_UZ ISO-8859-1 +# uz_UZ.UTF-8 UTF-8 +# uz_UZ@cyrillic UTF-8 +# ve_ZA UTF-8 +# vi_VN UTF-8 +# wa_BE ISO-8859-1 +# wa_BE.UTF-8 UTF-8 +# wa_BE@euro ISO-8859-15 +# wae_CH UTF-8 +# wal_ET UTF-8 +# wo_SN UTF-8 +# xh_ZA ISO-8859-1 +# xh_ZA.UTF-8 UTF-8 +# yi_US CP1255 +# yi_US.UTF-8 UTF-8 +# yo_NG UTF-8 +# yue_HK UTF-8 +# zh_CN GB2312 +# zh_CN.GB18030 GB18030 +# zh_CN.GBK GBK +# zh_CN.UTF-8 UTF-8 +# zh_HK BIG5-HKSCS +# zh_HK.UTF-8 UTF-8 +# zh_SG GB2312 +# zh_SG.GBK GBK +# zh_SG.UTF-8 UTF-8 +# zh_TW BIG5 +# zh_TW.EUC-TW EUC-TW +# zh_TW.UTF-8 UTF-8 +# zu_ZA ISO-8859-1 +# zu_ZA.UTF-8 UTF-8 diff --git a/archived/buster/etc_files/all/etc/timezone b/archived/buster/etc_files/all/etc/timezone new file mode 100644 index 0000000..94d5acc --- /dev/null +++ b/archived/buster/etc_files/all/etc/timezone @@ -0,0 +1 @@ +Europe/Berlin diff --git a/archived/buster/etc_files/dumpsite/etc/nginx/sites-available/dumpsite.nginx b/archived/buster/etc_files/dumpsite/etc/nginx/sites-available/dumpsite.nginx new file mode 100644 index 0000000..25c2d62 --- /dev/null +++ b/archived/buster/etc_files/dumpsite/etc/nginx/sites-available/dumpsite.nginx @@ -0,0 +1,28 @@ +server { + listen 443 ssl; + server_name REPLACE_fqdn_ECALPER; + ssl_certificate /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/privkey.pem; + root /var/www-dump/; + + location /dump/ { + autoindex on; + } + + location /geheim/ { + auth_basic "geheim geheim"; + auth_basic_user_file /var/www-dump/password_geheim; + autoindex on; + } + + location /zettel/ { + # rewrite non-suffixed filenames to .html ones + rewrite ^(/zettel/(.*/)*[^./]+)$ $1.html; + autoindex on; + } + + location /uwsgi/ { + include uwsgi_params; + uwsgi_pass 127.0.0.1:3031; + } +} diff --git a/archived/buster/etc_files/dumpsite/etc/systemd/system/url_catcher.service b/archived/buster/etc_files/dumpsite/etc/systemd/system/url_catcher.service new file mode 100644 index 0000000..45d079c --- /dev/null +++ b/archived/buster/etc_files/dumpsite/etc/systemd/system/url_catcher.service @@ -0,0 +1,12 @@ +[Unit] +Description=url_catcher screen + +[Service] +Type=forking +User=plom +# The LC_ALL fixes submission failing on some articles. +ExecStart=/bin/sh -c 'LC_ALL=en_US.UTF8 cd ~/url-catcher && screen -d -m ./run.sh' +Restart=always + +[Install] +WantedBy=multi-user.target diff --git a/archived/buster/etc_files/eeepc/etc/systemd/logind.conf b/archived/buster/etc_files/eeepc/etc/systemd/logind.conf new file mode 100644 index 0000000..6a61f0b --- /dev/null +++ b/archived/buster/etc_files/eeepc/etc/systemd/logind.conf @@ -0,0 +1,8 @@ +# This file is part of systemd. +# +# See logind.conf(5) for details. + +[Login] +# Note that with the standard Buster kernel this won't work due to +# . +HandleLidSwitch=hibernate diff --git a/archived/buster/etc_files/mail/etc/aliases b/archived/buster/etc_files/mail/etc/aliases new file mode 100644 index 0000000..5c52e6f --- /dev/null +++ b/archived/buster/etc_files/mail/etc/aliases @@ -0,0 +1,24 @@ +# /etc/aliases +# maps whom what is sent to + +# As per RFC 2142. +mailer-daemon: plom +postmaster: plom +hostmaster: plom +usenet: plom +news: plom +webmaster: plom +www: plom +ftp: plom +abuse: plom +noc: plom +security: plom +root: plom + +# Personal aliases. +plomlompom: plom +christian.heller: plom +christian_heller: plom +christianheller: plom +c.heller: plom +heller: plom diff --git a/archived/buster/etc_files/mail/etc/dovecot/conf.d/99-lmtp-sieve-filtering.conf b/archived/buster/etc_files/mail/etc/dovecot/conf.d/99-lmtp-sieve-filtering.conf new file mode 100644 index 0000000..eaf927b --- /dev/null +++ b/archived/buster/etc_files/mail/etc/dovecot/conf.d/99-lmtp-sieve-filtering.conf @@ -0,0 +1,18 @@ +# This is only necessary when we use dovecot's LMTP mechanism to receive +# mail from postfix. +auth_username_format = %Ln + +# Add sieve filtering. +protocol lmtp { + mail_plugins = $mail_plugins sieve +} + +# We don't strictly need to provide a LMTP server to fetch mail from +# postfix, but we do if we want to do sophisticated stuff like sieve +# filtering on the way. +service lmtp { + inet_listener lmtp { + address = 127.0.0.1 + port = 2424 + } +} diff --git a/archived/buster/etc_files/mail/etc/dovecot/conf.d/99-smtp-sasl.conf b/archived/buster/etc_files/mail/etc/dovecot/conf.d/99-smtp-sasl.conf new file mode 100644 index 0000000..d076d63 --- /dev/null +++ b/archived/buster/etc_files/mail/etc/dovecot/conf.d/99-smtp-sasl.conf @@ -0,0 +1,10 @@ +service auth { + unix_listener auth-userdb { + } + + unix_listener /var/spool/postfix/private/auth { + mode = 0660 + user = postfix + group = postfix + } +} diff --git a/archived/buster/etc_files/mail/etc/mailutils.conf b/archived/buster/etc_files/mail/etc/mailutils.conf new file mode 100644 index 0000000..44efe26 --- /dev/null +++ b/archived/buster/etc_files/mail/etc/mailutils.conf @@ -0,0 +1,4 @@ +# mailutils by default uses the FQDN as the mail domain name, fix this +address { + email-domain REPLACE_maildomain_ECALPER; +}; diff --git a/archived/buster/etc_files/mail/etc/nftables.conf b/archived/buster/etc_files/mail/etc/nftables.conf new file mode 100755 index 0000000..747d214 --- /dev/null +++ b/archived/buster/etc_files/mail/etc/nftables.conf @@ -0,0 +1,24 @@ +#!/usr/sbin/nft -f + +flush ruleset + +table inet filter { + chain input { + type filter hook input priority 0; policy drop; + iif lo accept comment "accept localhost traffic" + ct state invalid drop comment "drop invalid connections" + ct state established, related accept comment "accept traffic originated from us" + tcp dport 22 accept comment "accept SSH on default port" + tcp dport 25 accept comment "accept SMTP (allowing for STARTTLS); necessary for mail server to mail server banter, i.e. for receiving mails" + tcp dport 80 accept comment "accept HTTP; necessary for Certbot HTTP challenge" + tcp dport 465 accept comment "accept SMTPS; for mail user agent to mail server, i.e. for sending mails" + tcp dport 993 accept comment "accept IMAPS; for reading/downloading mails" + ip protocol icmp icmp type echo-request accept comment "accept ICMP for pinging" + } + chain forward { + type filter hook forward priority 0; policy drop; + } + chain output { + type filter hook output priority 0; policy accept; + } +} diff --git a/archived/buster/etc_files/mail/etc/systemd/system/fetchmail_old_account.service b/archived/buster/etc_files/mail/etc/systemd/system/fetchmail_old_account.service new file mode 100644 index 0000000..dc8acb4 --- /dev/null +++ b/archived/buster/etc_files/mail/etc/systemd/system/fetchmail_old_account.service @@ -0,0 +1,8 @@ +[Unit] +Description=Run plom's fetchmail + +[Service] +Type=oneshot +User=plom +# fetchmail returns 1 when no new mail, we want to catch that +ExecStart=/bin/sh -c 'fetchmail || [ $? -eq 1 ]' diff --git a/archived/buster/etc_files/mail/etc/systemd/system/fetchmail_old_account.timer b/archived/buster/etc_files/mail/etc/systemd/system/fetchmail_old_account.timer new file mode 100644 index 0000000..0568eeb --- /dev/null +++ b/archived/buster/etc_files/mail/etc/systemd/system/fetchmail_old_account.timer @@ -0,0 +1,8 @@ +[Unit] +Description=Run fetchmail once every minute + +[Timer] +OnCalendar=minutely + +[Install] +WantedBy=timers.target diff --git a/archived/buster/etc_files/mail/etc/systemd/system/pingmail.service b/archived/buster/etc_files/mail/etc/systemd/system/pingmail.service new file mode 100644 index 0000000..e332114 --- /dev/null +++ b/archived/buster/etc_files/mail/etc/systemd/system/pingmail.service @@ -0,0 +1,7 @@ +[Unit] +Description=Run pingmail check + +[Service] +Type=oneshot +User=plom +ExecStart=/bin/sh -c '~/pingmail/pingmail check' diff --git a/archived/buster/etc_files/mail/etc/systemd/system/pingmail.timer b/archived/buster/etc_files/mail/etc/systemd/system/pingmail.timer new file mode 100644 index 0000000..dba0c9f --- /dev/null +++ b/archived/buster/etc_files/mail/etc/systemd/system/pingmail.timer @@ -0,0 +1,8 @@ +[Unit] +Description=Run pingmail check once every hour + +[Timer] +OnCalendar=*-*-* *:00:00 + +[Install] +WantedBy=timers.target diff --git a/archived/buster/etc_files/old_server/etc/apt/sources.list b/archived/buster/etc_files/old_server/etc/apt/sources.list new file mode 100644 index 0000000..a1fbdb0 --- /dev/null +++ b/archived/buster/etc_files/old_server/etc/apt/sources.list @@ -0,0 +1,4 @@ +deb http://deb.debian.org/debian stretch main contrib non-free +deb http://deb.debian.org/debian-security/ stretch/updates main contrib non-free +deb http://deb.debian.org/debian stretch-updates main contrib non-free +deb http://ftp.debian.org/debian stretch-backports main contrib non-free diff --git a/archived/buster/etc_files/play/etc/systemd/system/encrypt_chatlogs.service b/archived/buster/etc_files/play/etc/systemd/system/encrypt_chatlogs.service new file mode 100644 index 0000000..bc81613 --- /dev/null +++ b/archived/buster/etc_files/play/etc/systemd/system/encrypt_chatlogs.service @@ -0,0 +1,6 @@ +[Unit] +Description=Attempt encryption of old chat logs +[Service] +Type=oneshot +User=plom +ExecStart=/bin/sh -c '~/weechatlogs_encrypter.sh' diff --git a/archived/buster/etc_files/play/etc/systemd/system/encrypt_chatlogs.timer b/archived/buster/etc_files/play/etc/systemd/system/encrypt_chatlogs.timer new file mode 100644 index 0000000..79a6e1e --- /dev/null +++ b/archived/buster/etc_files/play/etc/systemd/system/encrypt_chatlogs.timer @@ -0,0 +1,8 @@ +[Unit] +Description=Attempt encryption of old chatlogs once every minute. + +[Timer] +OnCalendar=*-*-* *:*:00 + +[Install] +WantedBy=timers.target \ No newline at end of file diff --git a/archived/buster/etc_files/pleroma/var/lib/pleroma/static/instance/panel.html b/archived/buster/etc_files/pleroma/var/lib/pleroma/static/instance/panel.html new file mode 100644 index 0000000..8e2e67f --- /dev/null +++ b/archived/buster/etc_files/pleroma/var/lib/pleroma/static/instance/panel.html @@ -0,0 +1,4 @@ +
+

Privacy: Visitor IP addresses are anonymized in the logs.

+

Contact: See plomlompom.com contact page.

+
diff --git a/archived/buster/etc_files/pleroma/var/lib/pleroma/static/robots.txt b/archived/buster/etc_files/pleroma/var/lib/pleroma/static/robots.txt new file mode 100644 index 0000000..eb05362 --- /dev/null +++ b/archived/buster/etc_files/pleroma/var/lib/pleroma/static/robots.txt @@ -0,0 +1,2 @@ +User-agent: * +Disallow: diff --git a/archived/buster/etc_files/pleroma/var/lib/pleroma/static/static/terms-of-service.html b/archived/buster/etc_files/pleroma/var/lib/pleroma/static/static/terms-of-service.html new file mode 100644 index 0000000..7268bac --- /dev/null +++ b/archived/buster/etc_files/pleroma/var/lib/pleroma/static/static/terms-of-service.html @@ -0,0 +1 @@ +This is plomlompom's personal single-user Pleroma instance. diff --git a/archived/buster/etc_files/server/etc/nftables.conf b/archived/buster/etc_files/server/etc/nftables.conf new file mode 100755 index 0000000..efbc182 --- /dev/null +++ b/archived/buster/etc_files/server/etc/nftables.conf @@ -0,0 +1,20 @@ +#!/usr/sbin/nft -f + +flush ruleset + +table inet filter { + chain input { + type filter hook input priority 0; policy drop; + iif lo accept comment "accept localhost traffic" + ct state invalid drop comment "drop invalid connections" + ct state established, related accept comment "accept traffic originated from us" + tcp dport 22 accept comment "accept SSH on default port" + ip protocol icmp icmp type echo-request accept comment "accept ICMP for pinging" + } + chain forward { + type filter hook forward priority 0; policy drop; + } + chain output { + type filter hook output priority 0; policy accept; + } +} diff --git a/archived/buster/etc_files/server/etc/ssh/sshd_config b/archived/buster/etc_files/server/etc/ssh/sshd_config new file mode 100644 index 0000000..857962b --- /dev/null +++ b/archived/buster/etc_files/server/etc/ssh/sshd_config @@ -0,0 +1,124 @@ +# $OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $ + +# This is the sshd server system-wide configuration file. See +# sshd_config(5) for more information. + +# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin + +# The strategy used for options in the default sshd_config shipped with +# OpenSSH is to specify options with their default value where +# possible, but leave them commented. Uncommented options override the +# default value. + +Port 22 +#AddressFamily any +#ListenAddress 0.0.0.0 +#ListenAddress :: + +#HostKey /etc/ssh/ssh_host_rsa_key +#HostKey /etc/ssh/ssh_host_ecdsa_key +#HostKey /etc/ssh/ssh_host_ed25519_key + +# Ciphers and keying +#RekeyLimit default none + +# Logging +#SyslogFacility AUTH +#LogLevel INFO + +# Authentication: + +#LoginGraceTime 2m +PermitRootLogin no # plomlompom's security rule +#StrictModes yes +#MaxAuthTries 6 +#MaxSessions 10 + +#PubkeyAuthentication yes + +# Expect .ssh/authorized_keys2 to be disregarded by default in future. +#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2 + +#AuthorizedPrincipalsFile none + +#AuthorizedKeysCommand none +#AuthorizedKeysCommandUser nobody + +# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts +#HostbasedAuthentication no +# Change to yes if you don't trust ~/.ssh/known_hosts for +# HostbasedAuthentication +#IgnoreUserKnownHosts no +# Don't read the user's ~/.rhosts and ~/.shosts files +#IgnoreRhosts yes + +# To disable tunneled clear text passwords, change to no here! +#PasswordAuthentication yes +#PermitEmptyPasswords no + +# Change to yes to enable challenge-response passwords (beware issues with +# some PAM modules and threads) +ChallengeResponseAuthentication no + +# Kerberos options +#KerberosAuthentication no +#KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes +#KerberosGetAFSToken no + +# GSSAPI options +#GSSAPIAuthentication no +#GSSAPICleanupCredentials yes +#GSSAPIStrictAcceptorCheck yes +#GSSAPIKeyExchange no + +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will +# be allowed through the ChallengeResponseAuthentication and +# PasswordAuthentication. Depending on your PAM configuration, +# PAM authentication via ChallengeResponseAuthentication may bypass +# the setting of "PermitRootLogin yes +# If you just want the PAM account and session checks to run without +# PAM authentication, then enable this but set PasswordAuthentication +# and ChallengeResponseAuthentication to 'no'. +UsePAM yes + +#AllowAgentForwarding yes +#AllowTcpForwarding yes +#GatewayPorts no +X11Forwarding yes +#X11DisplayOffset 10 +#X11UseLocalhost yes +#PermitTTY yes +PrintMotd no +#PrintLastLog yes +#TCPKeepAlive yes +#PermitUserEnvironment no +#Compression delayed +#ClientAliveInterval 0 +#ClientAliveCountMax 3 +#UseDNS no +#PidFile /var/run/sshd.pid +#MaxStartups 10:30:100 +#PermitTunnel no +#ChrootDirectory none +#VersionAddendum none + +# no default banner path +#Banner none + +# Allow client to pass locale environment variables +AcceptEnv LANG LC_* + +# override default of no subsystems +Subsystem sftp /usr/lib/openssh/sftp-server + +# Example of overriding settings on a per-user basis +#Match User anoncvs +# X11Forwarding no +# AllowTcpForwarding no +# PermitTTY no +# ForceCommand cvs server + +ClientAliveInterval 120 +PasswordAuthentication no # plomlompom's security rule diff --git a/archived/buster/etc_files/thinkpad/etc/default/tlp b/archived/buster/etc_files/thinkpad/etc/default/tlp new file mode 100644 index 0000000..b73846b --- /dev/null +++ b/archived/buster/etc_files/thinkpad/etc/default/tlp @@ -0,0 +1,306 @@ +# ------------------------------------------------------------------------------ +# tlp - Parameters for power saving +# See full explanation: http://linrunner.de/en/tlp/docs/tlp-configuration.html + +# Hint: some features are disabled by default, remove the leading # to enable +# them. + +# Set to 0 to disable, 1 to enable TLP. +TLP_ENABLE=1 + +# Operation mode when no power supply can be detected: AC, BAT. +# Concerns some desktop and embedded hardware only. +TLP_DEFAULT_MODE=AC + +# Operation mode select: 0=depend on power source, 1=always use TLP_DEFAULT_MODE +# Hint: use in conjunction with TLP_DEFAULT_MODE=BAT for BAT settings on AC. +TLP_PERSISTENT_DEFAULT=0 + +# Seconds laptop mode has to wait after the disk goes idle before doing a sync. +# Non-zero value enables, zero disables laptop mode. +DISK_IDLE_SECS_ON_AC=0 +DISK_IDLE_SECS_ON_BAT=2 + +# Dirty page values (timeouts in secs). +MAX_LOST_WORK_SECS_ON_AC=15 +MAX_LOST_WORK_SECS_ON_BAT=60 + +# Hint: CPU parameters below are disabled by default, remove the leading # +# to enable them, otherwise kernel default values are used. + +# Select a CPU frequency scaling governor. +# Intel Core i processor with intel_pstate driver: +# powersave(*), performance. +# Older hardware with acpi-cpufreq driver: +# ondemand(*), powersave, performance, conservative, schedutil. +# (*) is recommended. +# Hint: use tlp-stat -p to show the active driver and available governors. +# Important: +# powersave for intel_pstate and ondemand for acpi-cpufreq are power +# efficient for *almost all* workloads and therefore kernel and most +# distributions have chosen them as defaults. If you still want to change, +# you should know what you're doing! You *must* disable your distribution's +# governor settings or conflicts will occur. +#CPU_SCALING_GOVERNOR_ON_AC=powersave +#CPU_SCALING_GOVERNOR_ON_BAT=powersave + +# Set the min/max frequency available for the scaling governor. +# Possible values strongly depend on your CPU. For available frequencies see +# the output of tlp-stat -p. +#CPU_SCALING_MIN_FREQ_ON_AC=0 +#CPU_SCALING_MAX_FREQ_ON_AC=0 +#CPU_SCALING_MIN_FREQ_ON_BAT=0 +#CPU_SCALING_MAX_FREQ_ON_BAT=0 + +# Set energy performance hints (HWP) for Intel P-state governor: +# performance, balance_performance, default, balance_power, power +# Values are given in order of increasing power saving. +# Note: Intel Skylake or newer CPU and Kernel >= 4.10 required. +CPU_HWP_ON_AC=balance_performance +CPU_HWP_ON_BAT=balance_power + +# Set Intel P-state performance: 0..100 (%). +# Limit the max/min P-state to control the power dissipation of the CPU. +# Values are stated as a percentage of the available performance. +# Requires an Intel Core i processor with intel_pstate driver. +#CPU_MIN_PERF_ON_AC=0 +#CPU_MAX_PERF_ON_AC=100 +#CPU_MIN_PERF_ON_BAT=0 +#CPU_MAX_PERF_ON_BAT=30 + +# Set the CPU "turbo boost" feature: 0=disable, 1=allow +# Requires an Intel Core i processor. +# Important: +# - This may conflict with your distribution's governor settings +# - A value of 1 does *not* activate boosting, it just allows it +#CPU_BOOST_ON_AC=1 +#CPU_BOOST_ON_BAT=0 + +# Minimize number of used CPU cores/hyper-threads under light load conditions: +# 0=disable, 1=enable. +SCHED_POWERSAVE_ON_AC=0 +SCHED_POWERSAVE_ON_BAT=1 + +# Kernel NMI Watchdog: +# 0=disable (default, saves power), 1=enable (for kernel debugging only). +NMI_WATCHDOG=0 + +# Change CPU voltages aka "undervolting" - Kernel with PHC patch required. +# Frequency voltage pairs are written to: +# /sys/devices/system/cpu/cpu0/cpufreq/phc_controls +# CAUTION: only use this, if you thoroughly understand what you are doing! +#PHC_CONTROLS="F:V F:V F:V F:V" + +# Set CPU performance versus energy savings policy: +# performance, balance-performance, default, balance-power, power. +# Values are given in order of increasing power saving. +# Requires kernel module msr and x86_energy_perf_policy from linux-tools. +ENERGY_PERF_POLICY_ON_AC=performance +ENERGY_PERF_POLICY_ON_BAT=power + +# Disk devices; separate multiple devices with spaces (default: sda). +# Devices can be specified by disk ID also (lookup with: tlp diskid). +DISK_DEVICES="sda sdb" + +# Disk advanced power management level: 1..254, 255 (max saving, min, off). +# Levels 1..127 may spin down the disk; 255 allowable on most drives. +# Separate values for multiple disks with spaces. Use the special value 'keep' +# to keep the hardware default for the particular disk. +DISK_APM_LEVEL_ON_AC="254 254" +DISK_APM_LEVEL_ON_BAT="128 128" + +# Hard disk spin down timeout: +# 0: spin down disabled +# 1..240: timeouts from 5s to 20min (in units of 5s) +# 241..251: timeouts from 30min to 5.5 hours (in units of 30min) +# See 'man hdparm' for details. +# Separate values for multiple disks with spaces. Use the special value 'keep' +# to keep the hardware default for the particular disk. +#DISK_SPINDOWN_TIMEOUT_ON_AC="0 0" +#DISK_SPINDOWN_TIMEOUT_ON_BAT="0 0" + +# Select IO scheduler for the disk devices: cfq, deadline, noop (Default: cfq). +# Separate values for multiple disks with spaces. Use the special value 'keep' +# to keep the kernel default scheduler for the particular disk. +#DISK_IOSCHED="cfq cfq" + +# AHCI link power management (ALPM) for disk devices: +# min_power, med_power_with_dipm(*), medium_power, max_performance. +# (*) Kernel >= 4.15 required, then recommended. +# Multiple values separated with spaces are tried sequentially until success. +SATA_LINKPWR_ON_AC="med_power_with_dipm max_performance" +SATA_LINKPWR_ON_BAT="med_power_with_dipm min_power" + +# Exclude host devices from AHCI link power management. +# Separate multiple hosts with spaces. +#SATA_LINKPWR_BLACKLIST="host1" + +# Runtime Power Management for AHCI host and disks devices: +# on=disable, auto=enable. +# EXPERIMENTAL ** WARNING: auto will most likely cause system lockups/data loss. +#AHCI_RUNTIME_PM_ON_AC=on +#AHCI_RUNTIME_PM_ON_BAT=on + +# Seconds of inactivity before disk is suspended. +AHCI_RUNTIME_PM_TIMEOUT=15 + +# PCI Express Active State Power Management (PCIe ASPM): +# default, performance, powersave. +PCIE_ASPM_ON_AC=performance +PCIE_ASPM_ON_BAT=powersave + +# Radeon graphics clock speed (profile method): low, mid, high, auto, default; +# auto = mid on BAT, high on AC; default = use hardware defaults. +RADEON_POWER_PROFILE_ON_AC=high +RADEON_POWER_PROFILE_ON_BAT=low + +# Radeon dynamic power management method (DPM): battery, performance. +RADEON_DPM_STATE_ON_AC=performance +RADEON_DPM_STATE_ON_BAT=battery + +# Radeon DPM performance level: auto, low, high; auto is recommended. +RADEON_DPM_PERF_LEVEL_ON_AC=auto +RADEON_DPM_PERF_LEVEL_ON_BAT=auto + +# WiFi power saving mode: on=enable, off=disable; not supported by all adapters. +WIFI_PWR_ON_AC=off +WIFI_PWR_ON_BAT=on + +# Disable wake on LAN: Y/N. +WOL_DISABLE=Y + +# Enable audio power saving for Intel HDA, AC97 devices (timeout in secs). +# A value of 0 disables, >=1 enables power saving (recommended: 1). +SOUND_POWER_SAVE_ON_AC=0 +SOUND_POWER_SAVE_ON_BAT=1 + +# Disable controller too (HDA only): Y/N. +SOUND_POWER_SAVE_CONTROLLER=Y + +# Power off optical drive in UltraBay/MediaBay: 0=disable, 1=enable. +# Drive can be powered on again by releasing (and reinserting) the eject lever +# or by pressing the disc eject button on newer models. +# Note: an UltraBay/MediaBay hard disk is never powered off. +BAY_POWEROFF_ON_AC=0 +BAY_POWEROFF_ON_BAT=0 +# Optical drive device to power off (default sr0). +BAY_DEVICE="sr0" + +# Runtime Power Management for PCI(e) bus devices: on=disable, auto=enable. +RUNTIME_PM_ON_AC=on +RUNTIME_PM_ON_BAT=auto + +# Exclude PCI(e) device adresses the following list from Runtime PM +# (separate with spaces). Use lspci to get the adresses (1st column). +#RUNTIME_PM_BLACKLIST="bb:dd.f 11:22.3 44:55.6" + +# Exclude PCI(e) devices assigned to the listed drivers from Runtime PM. +# Default when unconfigured is "amdgpu nouveau nvidia radeon" which +# prevents accidential power-on of dGPU in hybrid graphics setups. +# Use "" to disable the feature completely. +# Separate multiple drivers with spaces. +#RUNTIME_PM_DRIVER_BLACKLIST="amdgpu nouveau nvidia radeon" + +# Set to 0 to disable, 1 to enable USB autosuspend feature. +USB_AUTOSUSPEND=1 + +# Exclude listed devices from USB autosuspend (separate with spaces). +# Use lsusb to get the ids. +# Note: input devices (usbhid) are excluded automatically +#USB_BLACKLIST="1111:2222 3333:4444" + +# Bluetooth devices are excluded from USB autosuspend: +# 0=do not exclude, 1=exclude. +USB_BLACKLIST_BTUSB=0 + +# Phone devices are excluded from USB autosuspend: +# 0=do not exclude, 1=exclude (enable charging). +USB_BLACKLIST_PHONE=0 + +# Printers are excluded from USB autosuspend: +# 0=do not exclude, 1=exclude. +USB_BLACKLIST_PRINTER=1 + +# WWAN devices are excluded from USB autosuspend: +# 0=do not exclude, 1=exclude. +USB_BLACKLIST_WWAN=1 + +# Include listed devices into USB autosuspend even if already excluded +# by the blacklists above (separate with spaces). +# Use lsusb to get the ids. +#USB_WHITELIST="1111:2222 3333:4444" + +# Set to 1 to disable autosuspend before shutdown, 0 to do nothing +# (workaround for USB devices that cause shutdown problems). +#USB_AUTOSUSPEND_DISABLE_ON_SHUTDOWN=1 + +# Restore radio device state (Bluetooth, WiFi, WWAN) from previous shutdown +# on system startup: 0=disable, 1=enable. +# Hint: the parameters DEVICES_TO_DISABLE/ENABLE_ON_STARTUP/SHUTDOWN below +# are ignored when this is enabled! +RESTORE_DEVICE_STATE_ON_STARTUP=0 + +# Radio devices to disable on startup: bluetooth, wifi, wwan. +# Separate multiple devices with spaces. +#DEVICES_TO_DISABLE_ON_STARTUP="bluetooth wifi wwan" + +# Radio devices to enable on startup: bluetooth, wifi, wwan. +# Separate multiple devices with spaces. +#DEVICES_TO_ENABLE_ON_STARTUP="wifi" + +# Radio devices to disable on shutdown: bluetooth, wifi, wwan. +# (workaround for devices that are blocking shutdown). +#DEVICES_TO_DISABLE_ON_SHUTDOWN="bluetooth wifi wwan" + +# Radio devices to enable on shutdown: bluetooth, wifi, wwan. +# (to prevent other operating systems from missing radios). +#DEVICES_TO_ENABLE_ON_SHUTDOWN="wwan" + +# Radio devices to enable on AC: bluetooth, wifi, wwan. +#DEVICES_TO_ENABLE_ON_AC="bluetooth wifi wwan" + +# Radio devices to disable on battery: bluetooth, wifi, wwan. +#DEVICES_TO_DISABLE_ON_BAT="bluetooth wifi wwan" + +# Radio devices to disable on battery when not in use (not connected): +# bluetooth, wifi, wwan. +#DEVICES_TO_DISABLE_ON_BAT_NOT_IN_USE="bluetooth wifi wwan" + +# Battery charge thresholds (ThinkPad only, tp-smapi or acpi-call kernel module +# required). Charging starts when the remaining capacity falls below the +# START_CHARGE_THRESH value and stops when exceeding the STOP_CHARGE_THRESH value. +# Main / Internal battery (values in %) +START_CHARGE_THRESH_BAT0=75 +STOP_CHARGE_THRESH_BAT0=80 +# Ultrabay / Slice / Replaceable battery (values in %) +#START_CHARGE_THRESH_BAT1=75 +#STOP_CHARGE_THRESH_BAT1=80 + +# Restore charge thresholds when AC is unplugged: 0=disable, 1=enable. +#RESTORE_THRESHOLDS_ON_BAT=1 + +# ------------------------------------------------------------------------------ +# tlp-rdw - Parameters for the radio device wizard +# Possible devices: bluetooth, wifi, wwan. + +# Hints: +# - Parameters are disabled by default, remove the leading # to enable them +# - Separate multiple radio devices with spaces + +# Radio devices to disable on connect. +#DEVICES_TO_DISABLE_ON_LAN_CONNECT="wifi wwan" +#DEVICES_TO_DISABLE_ON_WIFI_CONNECT="wwan" +#DEVICES_TO_DISABLE_ON_WWAN_CONNECT="wifi" + +# Radio devices to enable on disconnect. +#DEVICES_TO_ENABLE_ON_LAN_DISCONNECT="wifi wwan" +#DEVICES_TO_ENABLE_ON_WIFI_DISCONNECT="" +#DEVICES_TO_ENABLE_ON_WWAN_DISCONNECT="" + +# Radio devices to enable/disable when docked. +#DEVICES_TO_ENABLE_ON_DOCK="" +#DEVICES_TO_DISABLE_ON_DOCK="" + +# Radio devices to enable/disable when undocked. +#DEVICES_TO_ENABLE_ON_UNDOCK="wifi" +#DEVICES_TO_DISABLE_ON_UNDOCK="" diff --git a/archived/buster/etc_files/thinkpad/etc/systemd/logind.conf b/archived/buster/etc_files/thinkpad/etc/systemd/logind.conf new file mode 100644 index 0000000..1098229 --- /dev/null +++ b/archived/buster/etc_files/thinkpad/etc/systemd/logind.conf @@ -0,0 +1,6 @@ +# This file is part of systemd. +# +# See logind.conf(5) for details. + +[Login] +HandleLidSwitch=hibernate diff --git a/archived/buster/etc_files/user/etc/cups/printers.conf b/archived/buster/etc_files/user/etc/cups/printers.conf new file mode 100644 index 0000000..3475600 --- /dev/null +++ b/archived/buster/etc_files/user/etc/cups/printers.conf @@ -0,0 +1,20 @@ +# Printer configuration file for CUPS v2.2.10 +# Written by cupsd +# DO NOT EDIT THIS FILE WHEN CUPSD IS RUNNING + +UUID urn:uuid:e856a26d-66f8-327a-4dca-0d8a09f87a25 +Info HP Deskjet F300 series +Location +MakeModel HP Deskjet f300 Series, hpcups 3.18.12 +DeviceURI hp:/usb/Deskjet_F300_series?serial=CN63VB21TM04KH +State Idle +Type 36892 +Accepting Yes +Shared No +JobSheets none none +QuotaPeriod 0 +PageLimit 0 +KLimit 0 +OpPolicy default +ErrorPolicy retry-job + diff --git a/archived/buster/etc_files/user/etc/default/console-setup b/archived/buster/etc_files/user/etc/default/console-setup new file mode 100644 index 0000000..090d241 --- /dev/null +++ b/archived/buster/etc_files/user/etc/default/console-setup @@ -0,0 +1,4 @@ +CHARMAP="UTF-8" +CODESET="Lat15" +FONTFACE="Terminus" +FONTSIZE="6x12" diff --git a/archived/buster/etc_files/user/opt/firefox/blank.html b/archived/buster/etc_files/user/opt/firefox/blank.html new file mode 100644 index 0000000..79e707e --- /dev/null +++ b/archived/buster/etc_files/user/opt/firefox/blank.html @@ -0,0 +1 @@ +not quite blank diff --git a/archived/buster/etc_files/user/opt/firefox/defaults/pref/autoconfig.js b/archived/buster/etc_files/user/opt/firefox/defaults/pref/autoconfig.js new file mode 100644 index 0000000..cf8ea80 --- /dev/null +++ b/archived/buster/etc_files/user/opt/firefox/defaults/pref/autoconfig.js @@ -0,0 +1,4 @@ +// We set up AutoConfig according to , see firefox.cfg comments on why we need it +pref("general.config.filename", "firefox.cfg"); +pref("general.config.obscure_value", 0); + diff --git a/archived/buster/etc_files/user/opt/firefox/firefox.cfg b/archived/buster/etc_files/user/opt/firefox/firefox.cfg new file mode 100644 index 0000000..b321153 --- /dev/null +++ b/archived/buster/etc_files/user/opt/firefox/firefox.cfg @@ -0,0 +1,18 @@ +// do not put any code into this first line, as it gets ignored by Firefox + +// we zero extensions.autoDisableScopes so our pre-installed extensions activate by default +pref("extensions.autoDisableScopes", 0); + +// we turn off annoying setup popups and pages; these settings are the result more of trial and error than thorough understanding by me, so more research might be warranted to discipline them +pref("startup.homepage_welcome_url", "file:///opt/firefox/blank.html"); +pref("browser.startup.homepage", "file:///opt/firefox/blank.html"); +pref("browser.startup.blankWindow", true); +pref("datareporting.policy.firstRunURL", ""); +pref("browser.shell.checkDefaultBrowser", false); +pref("datareporting.policy.dataSubmissionPolicyBypassNotification", true); + +// use socks proxy by default +pref("network.proxy.type", 1); +pref("network.proxy.socks", "localhost"); +pref("network.proxy.socks_port", 9999); +pref("network.proxy.remote_dns", true); diff --git a/archived/buster/etc_files/user/usr/share/applications/firefox.desktop b/archived/buster/etc_files/user/usr/share/applications/firefox.desktop new file mode 100644 index 0000000..cb8d354 --- /dev/null +++ b/archived/buster/etc_files/user/usr/share/applications/firefox.desktop @@ -0,0 +1,3 @@ +[Desktop Entry] +Name=Firefox +Exec=/usr/local/bin/firefox %u diff --git a/archived/buster/etc_files/web/etc/nftables.conf b/archived/buster/etc_files/web/etc/nftables.conf new file mode 100755 index 0000000..ec6732a --- /dev/null +++ b/archived/buster/etc_files/web/etc/nftables.conf @@ -0,0 +1,22 @@ +#!/usr/sbin/nft -f + +flush ruleset + +table inet filter { + chain input { + type filter hook input priority 0; policy drop; + iif lo accept comment "accept localhost traffic" + ct state invalid drop comment "drop invalid connections" + ct state established, related accept comment "accept traffic originated from us" + tcp dport 22 accept comment "accept SSH on default port" + tcp dport 80 accept comment "accept HTTP on default port" + tcp dport 443 accept comment "accept HTTPS on default port" + ip protocol icmp icmp type echo-request accept comment "accept ICMP for pinging" + } + chain forward { + type filter hook forward priority 0; policy drop; + } + chain output { + type filter hook output priority 0; policy accept; + } +} diff --git a/archived/buster/etc_files/web/etc/nginx/nginx.conf b/archived/buster/etc_files/web/etc/nginx/nginx.conf new file mode 100644 index 0000000..8320425 --- /dev/null +++ b/archived/buster/etc_files/web/etc/nginx/nginx.conf @@ -0,0 +1,38 @@ +# system integration +user www-data; +worker_processes auto; +pid /run/nginx.pid; +include /etc/nginx/modules-enabled/*.conf; + +# is expected even if empty +events { +} + +http { + # define content-type headers + include /etc/nginx/mime.types; + charset utf-8; + + # Some standard optimizations, i.e. Debian default. Explained in + # + # Not that I understand it all … + sendfile on; + tcp_nopush on; + tcp_nodelay on; + + # logging deactivated due to GDPR + #access_log /var/log/nginx/access.log; + #error_log /var/log/nginx/error.log; + access_log off; + error_log off; + + # virtual hosts: sites-enabled is the Debian way, conf.d the NGINX default + include /etc/nginx/conf.d/*.conf; + include /etc/nginx/sites-enabled/*; + + # Redirect all HTTP requests to HTTPS. + server { + listen 80; + return 301 https://$host$request_uri; + } +} diff --git a/archived/buster/etc_files/website/etc/gitweb.conf b/archived/buster/etc_files/website/etc/gitweb.conf new file mode 100644 index 0000000..88dea47 --- /dev/null +++ b/archived/buster/etc_files/website/etc/gitweb.conf @@ -0,0 +1,22 @@ +# path to git projects (.git) +$projectroot = "/var/repos"; + +# don't show repos without git-daemon-export-ok file +$export_ok = "git-daemon-export-ok"; + +# directory to use for temp files +# explicitely set by Debian so it's probably a good choice +$git_temp = "/tmp"; + +# git-diff-tree(1) options to use for generated patches +# we don't want to to guess renames, so empty +@diff_opts = (); + +# Base path for where to find the repos for cloning. +@git_base_url_list = ('https://REPLACE_fqdn_ECALPER/repos/clone'); + +# allow snapshots +$feature{'snapshot'}{'default'} = ['zip', 'tgz']; + +# insert header for GDPR compliance +$site_header = "/var/www/header.html" diff --git a/archived/buster/etc_files/website/etc/nginx/sites-available/website.nginx b/archived/buster/etc_files/website/etc/nginx/sites-available/website.nginx new file mode 100644 index 0000000..cbad304 --- /dev/null +++ b/archived/buster/etc_files/website/etc/nginx/sites-available/website.nginx @@ -0,0 +1,40 @@ +server { + listen 443 ssl; + server_name REPLACE_fqdn_ECALPER; + ssl_certificate /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/REPLACE_fqdn_ECALPER/privkey.pem; + root /var/www/html/; + index index.html index.htm index.nginx-debian.html; + + # serve /var/repos/* for HTTPS git cloning + location ~ /repos/clone(/.*) { + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend; + # Commented out so only repos are served that contain a + # git-daemon-export-ok file. + # fastcgi_param GIT_HTTP_EXPORT_ALL ""; + fastcgi_param GIT_PROJECT_ROOT /var/repos; + fastcgi_param PATH_INFO $1; + fastcgi_pass unix:/var/run/fcgiwrap.socket; + } + + # gitweb static files + location /repos/static/ { + alias /usr/share/gitweb/static/; + } + + # gitweb; this needs packages fcgiwrap and gitweb + location /repos/ { + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME /usr/share/gitweb/gitweb.cgi; + fastcgi_param GITWEB_CONFIG /etc/gitweb.conf; + fastcgi_pass unix:/var/run/fcgiwrap.socket; + } + + # login-protected IRC logs + location ~ ^/irclogs/([^/]+)/ { + auth_basic "$1 logs"; + auth_basic_user_file /var/www/irclogs_pw/$1; + autoindex on; + } +} diff --git a/archived/buster/etc_files/website/etc/systemd/system/plomlombot.service b/archived/buster/etc_files/website/etc/systemd/system/plomlombot.service new file mode 100644 index 0000000..a4f6769 --- /dev/null +++ b/archived/buster/etc_files/website/etc/systemd/system/plomlombot.service @@ -0,0 +1,11 @@ +[Unit] +Description=plomlombot screen + +[Service] +Type=simple +User=plom +ExecStart=/bin/sh -c '~/plomlombot_daemon.sh' +Restart=always + +[Install] +WantedBy=multi-user.target diff --git a/archived/buster/etc_files/x200s/etc/wicd/manager-settings.conf b/archived/buster/etc_files/x200s/etc/wicd/manager-settings.conf new file mode 100644 index 0000000..de12c6c --- /dev/null +++ b/archived/buster/etc_files/x200s/etc/wicd/manager-settings.conf @@ -0,0 +1,24 @@ +[Settings] +backend = external +wireless_interface = wls1 +wired_interface = enp0s25 +wpa_driver = wext +always_show_wired_interface = False +use_global_dns = False +global_dns_1 = None +global_dns_2 = None +global_dns_3 = None +global_dns_dom = None +global_search_dom = None +auto_reconnect = True +debug_mode = 0 +wired_connect_mode = 1 +signal_display_type = 0 +should_verify_ap = 1 +dhcp_client = 0 +link_detect_tool = 0 +flush_tool = 0 +sudo_app = 0 +prefer_wired = False +show_never_connect = True + diff --git a/archived/buster/etc_files/x220/etc/wicd/manager-settings.conf b/archived/buster/etc_files/x220/etc/wicd/manager-settings.conf new file mode 100644 index 0000000..985df76 --- /dev/null +++ b/archived/buster/etc_files/x220/etc/wicd/manager-settings.conf @@ -0,0 +1,24 @@ +[Settings] +backend = external +wireless_interface = wlp3s0 +wired_interface = enp0s25 +wpa_driver = wext +always_show_wired_interface = False +use_global_dns = False +global_dns_1 = None +global_dns_2 = None +global_dns_3 = None +global_dns_dom = None +global_search_dom = None +auto_reconnect = True +debug_mode = 0 +wired_connect_mode = 1 +signal_display_type = 0 +should_verify_ap = 1 +dhcp_client = 0 +link_detect_tool = 0 +flush_tool = 0 +sudo_app = 0 +prefer_wired = False +show_never_connect = True + diff --git a/archived/buster/home_files/eeepc/.config/i3status/config b/archived/buster/home_files/eeepc/.config/i3status/config new file mode 100644 index 0000000..207bef4 --- /dev/null +++ b/archived/buster/home_files/eeepc/.config/i3status/config @@ -0,0 +1,82 @@ +# plomlompom's i3 status bar configuration + +# Activate colors; set update interval of one second. +general { + colors = true + interval = 1 +} + +# Selection / order of status elements. +order += "disk /" +order += "disk /home/" +order += "wireless wlp2s0" +order += "ethernet enp1s0" +order += "battery 0" +order += "cpu_usage" +order += "load" +order += "cpu_temperature 0" +order += "time" +order += "volume master" + +# How much space is left in / ? +disk "/" { + format = "/: %avail of %total" + separator_block_width = 25 +} + +# How much space is left in /home/ ? +disk "/home/" { + format = "/home: %avail of %total" + separator_block_width = 25 +} + +# WLAN status: show IP and connection quality or "down". +wireless wlp2s0 { + format_up = "w: (%quality at %essid) %ip" + format_down = "w: down" + separator_block_width = 10 +} + +# Ethernet status: show IP or "down". +ethernet enp1s0 { + format_up = "e: %ip" + format_down = "e: down" + separator_block_width = 25 +} + +# Battery status: show FULL/CHARGING/BATTERY, storage, time left. +battery 0 { + format = "b: %status %percentage %remaining" + separator_block_width = 25 +} + +# Show CPU usage. +cpu_usage { + format = "cpu: %usage" + separator_block_width = 10 +} + +# Show system load during last 1/5/15 minutes. +load { + format = "%1min %5min %15min" + separator_block_width = 25 +} + +# Show CPU temperature in degrees of celsius. +cpu_temperature 0 { + format = "%degrees °C" + separator_block_width = 25 +} + +# Show date/time/timezone as "year-month-day hour:minute:second +# timezone_numeric/timezone_alphabetic". +time { + format = "%Y-%m-%d %H:%M:%S %z/%Z" + separator_block_width = 25 +} + +volume master { + format = "♪: %volume" + format_muted = "♪: muted (%volume)" + separator_block_width = 25 +} diff --git a/archived/buster/home_files/minimal/.bashrc b/archived/buster/home_files/minimal/.bashrc new file mode 100644 index 0000000..5ee9ad8 --- /dev/null +++ b/archived/buster/home_files/minimal/.bashrc @@ -0,0 +1,26 @@ +# Settings for interactive shells. + +# Fancy colors for ls. +alias ls="ls --color=auto" + +# Use vim as default editor for anything. +export VISUAL=vim +export EDITOR=$VISUAL + +# Colored prompt with username, hostname, date/time, directory. +colornumber=7 # Default to white if no color set via colornumber dotfile. +colornumber_file=~/.shell_prompt_color +if [ -f $colornumber_file ]; then + colornumber=`cat $colornumber_file` +fi +tput_color="$(tput setaf $colornumber)$(tput bold)" +tput_reset="$(tput sgr0)" +# Bash confuses the line length when not told to not count escape sequences. +if [ ! "$BASH" = "" ]; then + tput_color="\[$tput_color\]" + tput_reset="\[$tput_reset\]" +fi +PS1="${tput_color}["\$\(date\ +%Y-%m-%d/%H:%M:%S/%Z\)" $(whoami)@$(hostname):"\$\(pwd\)"]$ $tput_reset" +PS2="${tput_color}> $tput_reset" +PS3="${tput_color}select: $tput_reset" +PS4="${tput_color}+ $tput_reset" diff --git a/archived/buster/home_files/root/.shell_prompt_color b/archived/buster/home_files/root/.shell_prompt_color new file mode 100644 index 0000000..d00491f --- /dev/null +++ b/archived/buster/home_files/root/.shell_prompt_color @@ -0,0 +1 @@ +1 diff --git a/archived/buster/home_files/user/.Xresources b/archived/buster/home_files/user/.Xresources new file mode 100644 index 0000000..45b10af --- /dev/null +++ b/archived/buster/home_files/user/.Xresources @@ -0,0 +1,56 @@ +! otherwise various applications will assume merely 8 colors +XTerm.termName: xterm-256color + +! font +! actually, "mono" is already the default for faceName (it will +! pick whatever fc-match mono delivers), but we need to set _some_ +! faceName to trigger XTerm activating TrueType fonts +! (XTerm*fontRender by itself won't do the trick), and we want +! TrueType fonts because, well, they scale better, and XTerm lets them +! fall back on alternatives (hi there ttf-unifont) when a Unicode +! glyph is not found +XTerm*faceName: mono + +! white on black +XTerm*reverseVideo: on + +! blink screen instead of sound +XTerm*visualBell: on + +! proper ALT as META key treatment +XTerm*eightBitInput: false + +! font sizes +XTerm*faceSize: 8 +XTerm*faceSize1: 4 +XTerm*faceSize2: 5 +XTerm*faceSize3: 6 +XTerm*faceSize4: 8 +XTerm*faceSize5: 14 +XTerm*faceSize6: 25 + +! colors +! black +XTerm*color0: #202020 +XTerm*color8: #3F3F3F +! red +XTerm*color1: #A82020 +XTerm*color9: #E82020 +! green +XTerm*color2: #20A820 +XTerm*color10: #20E820 +! yellow +XTerm*color3: #A8A820 +XTerm*color11: #E8E820 +! blue +XTerm*color4: #3F3FFF +XTerm*color12: #9F9FFF +! magenta +XTerm*color5: #A83FFF +XTerm*color13: #E89FFF +! cyan +XTerm*color6: #3FA8FF +XTerm*color14: #9FE8FF +! white +XTerm*color7: #A8A8A8 +XTerm*color15: #E8E8E8 diff --git a/archived/buster/home_files/user/.borgrepos b/archived/buster/home_files/user/.borgrepos new file mode 100644 index 0000000..c40eee3 --- /dev/null +++ b/archived/buster/home_files/user/.borgrepos @@ -0,0 +1,4 @@ +plom@plomlompom.com +plom@mail.plomlompom.com +plom@play.plomlompom.com +# file read ends at last newline diff --git a/archived/buster/home_files/user/.config/i3/config b/archived/buster/home_files/user/.config/i3/config new file mode 100644 index 0000000..19c654e --- /dev/null +++ b/archived/buster/home_files/user/.config/i3/config @@ -0,0 +1,83 @@ +# plomlompom's i3-wm configuration + +# Font for i3 text +font pango:Terminus 8px + +# Force "tabbed" as default layout for new windows. +workspace_layout tabbed + +# Make the Windows key the modifier key for all i3-wm actions. +set $mod Mod4 +floating_modifier $mod + +# Launch xterm. +bindsym $mod+Return exec xterm + +# Launch programs via dmenu. +bindsym $mod+d exec dmenu_run +bindsym $mod+x exec dmenu_run + +# Kill window. +bindsym $mod+Shift+Q kill + +# Move focus between windows. +bindsym $mod+Left focus left +bindsym $mod+Down focus down +bindsym $mod+Up focus up +bindsym $mod+Right focus right + +# Don't move focus with mouse. +focus_follows_mouse no + +# Move windows. +bindsym $mod+Shift+Left move left +bindsym $mod+Shift+Down move down +bindsym $mod+Shift+Up move up +bindsym $mod+Shift+Right move right + +# Resize windows +bindsym $mod+h resize shrink width 1 px or 1 ppt +bindsym $mod+l resize grow width 1 px or 1 ppt +bindsym $mod+j resize shrink height +bindsym $mod+k resize grow height + +# Toggle fullscreen for focused window. +bindsym $mod+f fullscreen + +# Toggle floating of window, focus on floating or tabbed windows. +bindsym $mod+Shift+space floating toggle +bindsym $mod+space focus mode_toggle + +# Switch to workspace x. +bindsym $mod+1 workspace 1 +bindsym $mod+2 workspace 2 +bindsym $mod+3 workspace 3 +bindsym $mod+4 workspace 4 +bindsym $mod+5 workspace 5 +bindsym $mod+6 workspace 6 +bindsym $mod+7 workspace 7 +bindsym $mod+8 workspace 8 +bindsym $mod+9 workspace 9 +bindsym $mod+0 workspace 10 + +# Move window to workspace x. +bindsym $mod+Shift+exclam move workspace 1 +bindsym $mod+Shift+quotedbl move workspace 2 +bindsym $mod+Shift+section move workspace 3 +bindsym $mod+Shift+dollar move workspace 4 +bindsym $mod+Shift+percent move workspace 5 +bindsym $mod+Shift+ampersand move workspace 6 +bindsym $mod+Shift+slash move workspace 7 +bindsym $mod+Shift+parenleft move workspace 8 +bindsym $mod+Shift+parenright move workspace 9 +bindsym $mod+Shift+equal move workspace 10 + +# Reload i3 config file, restart (keeping sesion) i3, exit i3. +bindsym $mod+Shift+C reload +bindsym $mod+Shift+R restart +bindsym $mod+Shift+P exit + +# Select "i3status" as i3 status bar. +bar { + status_command i3status +} diff --git a/archived/buster/home_files/user/.emacs.d/init.el b/archived/buster/home_files/user/.emacs.d/init.el new file mode 100644 index 0000000..fbec980 --- /dev/null +++ b/archived/buster/home_files/user/.emacs.d/init.el @@ -0,0 +1,323 @@ +;; general layout +;; ============== + +;; need no stinkin emacs help screen as start up, and no menu bar +(setq inhibit-startup-screen t) +(menu-bar-mode -1) + +;; highlight cursor line, parentheses +(global-hl-line-mode 1) +(show-paren-mode 1) + +;; show line numbers, use separator space +(global-linum-mode) +(setq linum-format "%d ") + +;; count cursor column, row in mode line +(setq column-number-mode t) + +;; settings to make GUI tolerable +(if window-system + (progn + (add-to-list 'default-frame-alist '(foreground-color . "white")) + (add-to-list 'default-frame-alist '(background-color . "black")) + (set-face-attribute 'default nil :height 80) + (scroll-bar-mode -1) + (setq visible-bell t) + (setq linum-format "%d"))) + +;; use as default browser what XDG offers +(setq-default browse-url-browser-function 'browse-url-xdg-open) + + + +;; general keybindings +;; =================== + +;; create and use a minimal global map using just the self-insert command +;; bindings and a selection of some to me very common keystrokes +(setq minimal-map (make-sparse-keymap)) +(substitute-key-definition 'self-insert-command 'self-insert-command + minimal-map global-map) +(use-global-map minimal-map) +(global-set-key (kbd "DEL") 'backward-delete-char-untabify) +(global-set-key (kbd "RET") 'newline) +(global-set-key (kbd "TAB") 'indent-for-tab-command) +(global-set-key (kbd "") 'previous-line) +(global-set-key (kbd "") 'next-line) +(global-set-key (kbd "") 'left-char) +(global-set-key (kbd "") 'right-char) +(global-set-key (kbd "") 'scroll-down-command) +(global-set-key (kbd "") 'scroll-up-command) +(global-set-key (kbd "M-x") 'execute-extended-command) +(global-set-key (kbd "C-g") 'keyboard-quit) +;(global-set-key (kbd "") 'kmacro-start-macro-or-insert-counter) +;(global-set-key (kbd "") 'kmacro-end-or-call-macro) +;; note how to switch back to the original map: (use-global-map global-map) +(setq shr-map (make-sparse-keymap)) ; got annoying in elfeed-show on URLs + + + +;; minibuffer +;; ========== + +;; incremental minibuffer completion +(icomplete-mode 1) + + + +;; text editing +;; ============ + +;; tabs are evil +(setq-default indent-tabs-mode nil) +(setq-default tab-width 4) +(setq indent-line-function 'insert-tab) + +;; show trailing whitespace +(setq-default show-trailing-whitespace 1) + +;; on save, ask whether to ensure text file's last line ends in a +;; newline character +(setq require-final-newline 1) + +;; use dedicated directory for version-controlled, endless backups; +;; never delete old versions +(setq make-backup-files t + backup-directory-alist `(("." . "~/.emacs_backups")) + backup-by-copying t + version-control t + delete-old-versions 1) ;; neither t nor nil: never delete + + +;; package management +;; ================== + +;; where we get packages from +(setq package-archives '(("gnu" . "https://elpa.gnu.org/packages/") + ("melpa-unstable" . "https://melpa.org/packages/") + ("melpa-stable" . "https://stable.melpa.org/packages/"))) + +;; ensure certain packages are installed (actually, we use Debian repos here) +;; credit to +;(setq package-list '(elfeed ledger-mode)) +;(package-initialize) +;(dolist (package package-list) +; (unless (package-installed-p package) +; (package-install package))) + + + +;;; window management +;;; ================= +; +;;; track window configurations to allow window config undo +;(winner-mode 1) + + + +;; mail setup +;; ========== + +(setq send-mail-function 'smtpmail-send-it) +(setq smtpmail-smtp-server "mail.plomlompom.com") +(setq smtpmail-smtp-service 465) +(setq smtpmail-stream-type 'ssl) +(setq smtpmail-smtp-user "plom") +(setq mml-secure-openpgp-encrypt-to-self t) +(add-hook 'message-setup-hook 'mml-secure-sign-pgpmime) + +;(setq gnutls-log-level 0) + +;; if we don't set this, we get this warning: +;; gnutls.c: [1] Note that the security level of the Diffie-Hellman key exchange +;; has been lowered to 256 bits and this may allow decryption of the session data +(setq gnutls-min-prime-bits 1024) + +;; there is a WEIRD bug somewhere in /network-stream-open-tls/ that disappears the +;; stream process, seemingly unless the /message/ function is called at the right +;; place (earliest in /nsm-verify-connection/ right before the "cond" there, latest +;; in /network-stream-get-response/ right after "(goto-char start)"; this works +;; unless /inhibit_message/ is set, indicating that writing to the *Messages* +;; buffer is not relevant, but maybe writing to the echo area is); activing the +;; gnutls logging is just a hack to achieve such calls to /message/ in the +;; /network-stream-open-tls/ flow. +(setq gnutls-log-level 1) ; miraculously makes smtpmail work + +;; constructs From: domain if mail composer directly called (from without +;; notmuch), but we don't actually intend to do that +;(setq mail-host-address "plomlompom.com") + +;; otherwise notmuch becomes extremely slow in some cases +(setq-default notmuch-show-indent-content nil) + +;; this only works if we use notmuch-mua-send instead of message-send +(setq notmuch-fcc-dirs '(("plom@plomlompom.com" . "maildir/Sent"))) + +;; this gets rid of "i-did-not-set--mail-host-address--so-tickle-me" +;; in the message ID +(setq mail-host-address "plomlompom.com") + +;; notmuch saved searches +(setq notmuch-saved-searches + '((:name "inbox" :query "tag:unread and folder:inbox") + (:name "all" :query "tag:unread not folder:maildir/Trash") + (:name "plomlompom.de" :query "tag:unread and folder:maildir/plomlompom.de") + (:name "nebenan" :query "tag:unread and folder:maildir/nebenan") + (:name "reflect-info" :query "tag:unread and folder:maildir/reflect-info") + (:name "gmail" :query "tag:unread and folder:maildir/gmail.com") + (:name "mutter" :query "tag:unread and folder:maildir/mutter"))) + + + +;; org mode +;; ======== + +;; unsure why, but to re-set the key map, we not only have to explicitely do it +;; only after org-mode loading, but also have to explicitely overwrite the +;; C-c keybinding; TODO: investigate +(with-eval-after-load 'org + (setq org-mode-map (make-sparse-keymap)) + (define-key org-mode-map (kbd "C-c") nil) + (define-key org-mode-map (kbd "TAB") 'org-cycle) + (define-key org-mode-map (kbd "") 'org-shifttab)) + +;; don't truncate lines by default +(setq org-startup-truncated nil) + +;; basic org-capture config +(setq org-capture-templates + '(("x" "test" plain (file "~/org/notes.org") "%T: %?"))) +(add-hook 'org-capture-mode-hook 'evil-insert-state) + +;; agenda view on startup +(load-library "find-lisp") +(setq org-agenda-files (find-lisp-find-files "~/org" "\.org$")) +(setq org-agenda-span 90) +(setq org-agenda-use-time-grid nil) +(add-hook 'emacs-startup-hook (lambda () + (org-agenda-list) + (switch-to-buffer "*Org Agenda*") + (other-window 1))) + +;;; for calendar, use ISO date style +;(setq calendar-date-style 'iso) +;(setq diary-number-of-entries 7) +;(diary) +;(setq org-agenda-time-grid '((today require-timed remove-match) +; #("----------------" 0 16 (org-heading t)) +; (0 200 400 600 800 1000 1200 +; 1400 1600 1800 2000 2200))) + +;; empty org-agenda-mode keybindings +(add-hook 'org-agenda-mode-hook + (lambda () + (setq org-agenda-mode-map (make-sparse-keymap)))) +(add-hook 'org-agenda-mode-hook + (lambda () + (use-local-map (make-sparse-keymap)))) + +;; org-publish-all +(setq org-publish-project-alist + '( + ("website" + :base-directory "~/org/web/" + :base-extension "org" + :publishing-directory "~/html/" + :recursive t + :publishing-function org-html-publish-to-html + :headline-levels 4 ; Just the default for this project. + :auto-preamble t + ))) + +;; use [ki:] syntax to hide stuff from exports +(defun classify-information (text backend info) + "Replaces '[ki:WHATEVER]' with '[klassifizierte Information]'." + (replace-regexp-in-string "\\[ki:[^\]]*\]" "[klassifizierte Information]" text)) +(add-hook 'org-export-filter-plain-text-functions 'classify-information) + +;; add HTML validator link to exports +(setq org-html-validation-link "Validate") + + + +;;; Info mode +;;; ========= + +(setq Info-mode-map (make-sparse-keymap)) +(define-key Info-mode-map (kbd "RET") 'Info-follow-nearest-node) +(define-key Info-mode-map (kbd "u") 'Info-up) +(define-key Info-mode-map (kbd "TAB") 'Info-next-reference) +(define-key Info-mode-map (kbd "") 'Info-prev-reference) +(define-key Info-mode-map (kbd "H") 'Info-history-back) +(define-key Info-mode-map (kbd "L") 'Info-history-forward) +(define-key Info-mode-map (kbd "I") 'Info-goto-node) +(define-key Info-mode-map (kbd "i") 'Info-index) + + + +;; help mode +;; ========= + +(setq help-mode-map (make-sparse-keymap)) +(define-key help-mode-map (kbd "TAB") 'forward-button) +(define-key help-mode-map (kbd "RET") 'help-follow) +(define-key help-mode-map (kbd "") 'backward-button) + + + +;; elfeed +;; ====== + +(require 'elfeed) ; needed so we can set the font faces +(set-face-background 'elfeed-search-title-face "magenta") +(set-face-background 'elfeed-search-unread-count-face "magenta") +(setq elfeed-feeds + '("https://capsurvival.blogspot.com/feeds/posts/default" + "https://jungle.world/rss.xml" + "http://news.dieweltistgarnichtso.net/bin/index.xml" + "https://taz.de/!s=&ExportStatus=Intern&SuchRahmen=Online;rss/" + "http://www.tagesschau.de/xml/atom")) +(setq elfeed-search-mode-map (make-sparse-keymap)) +(define-key elfeed-search-mode-map (kbd "RET") 'elfeed-search-show-entry) +(defun elfeed-search-mark-as-read() (interactive) + (elfeed-search-untag-all 'unread)) +(define-key elfeed-search-mode-map (kbd "r") 'elfeed-search-mark-as-read) +(define-key elfeed-search-mode-map (kbd "R") 'elfeed-search-tag-all-unread) +(define-key elfeed-search-mode-map (kbd "f") 'elfeed-search-live-filter) +(define-key elfeed-search-mode-map (kbd "u") 'elfeed-update) +(setq elfeed-show-mode-map (make-sparse-keymap)) +(define-key elfeed-show-mode-map (kbd "u") 'elfeed) +(define-key elfeed-show-mode-map (kbd "TAB") 'shr-next-link) +(define-key elfeed-show-mode-map (kbd "") 'shr-previous-link) +(define-key elfeed-show-mode-map (kbd "a") 'elfeed-show-prev) +(define-key elfeed-show-mode-map (kbd "d") 'elfeed-show-next) +(define-key elfeed-show-mode-map (kbd "y") 'shr-copy-url) +(define-key elfeed-show-mode-map (kbd "RET") 'shr-browse-url) + + + +;; eww +;; === + +(setq eww-mode-map (make-sparse-keymap)) +(define-key eww-mode-map (kbd "TAB") 'shr-next-link) +(define-key eww-mode-map (kbd "") 'shr-previous-link) +(define-key eww-mode-map (kbd "H") 'eww-back-url) +(define-key eww-mode-map (kbd "L") 'eww-forward-url) + + + +;; ledger +;; ====== +(setq ledger-mode-map (make-sparse-keymap)) +(define-key ledger-mode-map (kbd "TAB") 'ledger-magic-tab) + + + +;;; plomvi mode +;;; =========== + +(defvar plomvi-return-combo (kbd "C-c")) +(load "~/public_repos/plomvi.el/plomvi.el") +(plomvi-global-mode 1) diff --git a/archived/buster/home_files/user/.gitconfig b/archived/buster/home_files/user/.gitconfig new file mode 100644 index 0000000..8967d25 --- /dev/null +++ b/archived/buster/home_files/user/.gitconfig @@ -0,0 +1,3 @@ +[user] + email = c.heller@plomlompom.de + name = Christian Heller diff --git a/archived/buster/home_files/user/.mbsyncrc b/archived/buster/home_files/user/.mbsyncrc new file mode 100644 index 0000000..6a0e5cd --- /dev/null +++ b/archived/buster/home_files/user/.mbsyncrc @@ -0,0 +1,28 @@ +IMAPAccount plom +# Address to connect to +Host mail.plomlompom.com +User plom +# For some reason, mbsync doesn't accept a PassCmd output beyond 79 chars, +# therefore the pw in ~/.authinfo should not be longer than that. +PassCmd "cat ~/.authinfo | cut -d' ' -f8-" +SSLType IMAPS +AuthMechs LOGIN + +IMAPStore core-remote +Account plom + +MaildirStore core-local +# The trailing "/" is important +Path ~/mail/maildir/ +Inbox ~/mail/inbox/ + +Channel core +Master :core-remote: +Slave :core-local: +Patterns * +# Automatically create missing mailboxes, both locally and on the server +Create Both +# Save the synchronization state files in the relevant directory +SyncState * +# If a mail is marked T ("Trashed") or deleted, remove it for real everywhere +Expunge Both diff --git a/archived/buster/home_files/user/.notmuch-config b/archived/buster/home_files/user/.notmuch-config new file mode 100644 index 0000000..9532761 --- /dev/null +++ b/archived/buster/home_files/user/.notmuch-config @@ -0,0 +1,9 @@ +[database] +path=/home/plom/mail +[search] +exclude_tags=deleted;spam; +# the fields below set the From: if the mail composer is called from +# within notmuch +[user] +name=Christian Heller +primary_email=plom@plomlompom.com diff --git a/archived/buster/home_files/user/.shell_prompt_color b/archived/buster/home_files/user/.shell_prompt_color new file mode 100644 index 0000000..0cfbf08 --- /dev/null +++ b/archived/buster/home_files/user/.shell_prompt_color @@ -0,0 +1 @@ +2 diff --git a/archived/buster/home_files/user/.tridactylrc b/archived/buster/home_files/user/.tridactylrc new file mode 100644 index 0000000..e39e5a0 --- /dev/null +++ b/archived/buster/home_files/user/.tridactylrc @@ -0,0 +1,13 @@ +sanitize tridactyllocal tridactylsync +guiset statuspanel top-right +guiset tabs autohide +set newtab file:///opt/firefox/blank.html +autocmd DocStart www.reddit.com urlmodify -t www.reddit old.reddit +bind / fillcmdline find +bind n findnext 1 +bind N findnext -1 +set findcase insensitive +bind j scrollline 3 +bind k scrollline -3 +set hintuppercase false +set searchengine duckduckgo diff --git a/archived/buster/home_files/user/.xinitrc b/archived/buster/home_files/user/.xinitrc new file mode 100644 index 0000000..c7a0a66 --- /dev/null +++ b/archived/buster/home_files/user/.xinitrc @@ -0,0 +1,17 @@ +# X init configuration + +# Set keymap. +setxkbmap de + +# Map CapsLock to Compose key. +xmodmap -e "clear Lock" +xmodmap -e "keycode 66 = Multi_key" + +# Load xterm settings +xrdb -merge ~/.Xresources + +# Redshift to Berlin, Germany. +redshift -rl 53:13 & + +# Launch window manager. +i3 diff --git a/archived/buster/home_files/user/mail_sync.sh b/archived/buster/home_files/user/mail_sync.sh new file mode 100755 index 0000000..6962800 --- /dev/null +++ b/archived/buster/home_files/user/mail_sync.sh @@ -0,0 +1,43 @@ +#!/bin/sh +set -e + +basedir="/home/plom/mail/maildir/" +# Ensure directories exist for all "dir:*" tags. +for tag in $(notmuch search --output=tags '*'); do + if [ ! $(echo "${tag}" | cut -c-4) = "dir:" ]; then + continue + fi + target_dir="${basedir}"$(echo "${tag}" | cut -c5-)"/cur/" + if [ ! -d "${target_dir}" ]; then + echo "Directory ${target_dir} does not exist." + exit 1 + fi +done + +# Ensure all "dir:*"-tagged mails are in proper directories, +# remove all "dir:*" tags. +for tag in $(notmuch search --output=tags '*'); do + if [ ! $(echo "${tag}" | cut -c-4) = "dir:" ]; then + continue + fi + target_dir="${basedir}"$(echo "${tag}" | cut -c5-)"/cur/" + for f in $(notmuch search --output=files tag:"${tag}"); do + new_name=$(basename "${f}" | sed -e 's/,U=[0-9]*//') + target_path="${target_dir}${new_name}" + if [ ! "${target_path}" = "${f}" ]; then + echo "Moving ${f} to ${target_path}." + mv "${f}" "${target_path}" + fi + done + notmuch tag -"${tag}" tag:"${tag}" +done + +# Remove all "deleted"-tagged files from maildirs. +notmuch search --output=files tag:deleted | while read f; do + echo "Deleting ${f}" + rm "${f}" +done + +# Sync changes back to server and update notmuch index. +mbsync -a +notmuch new diff --git a/archived/buster/home_files/user/public_repos/repos b/archived/buster/home_files/user/public_repos/repos new file mode 100644 index 0000000..27eb028 --- /dev/null +++ b/archived/buster/home_files/user/public_repos/repos @@ -0,0 +1,7 @@ +# List of repos we want cloned in ~/public_repos +config +pingmail.git +plomlombot-irc.git +plomrogue +plomrogue2-experiments +plomvi.el diff --git a/archived/buster/home_files/w530/.config/i3status/config b/archived/buster/home_files/w530/.config/i3status/config new file mode 100644 index 0000000..b9fb15f --- /dev/null +++ b/archived/buster/home_files/w530/.config/i3status/config @@ -0,0 +1,82 @@ +# plomlompom's i3 status bar configuration + +# Activate colors; set update interval of one second. +general { + colors = true + interval = 1 +} + +# Selection / order of status elements. +order += "disk /" +order += "disk /home/" +order += "wireless wlp3s0" +order += "ethernet enp0s25" +order += "battery 0" +order += "cpu_usage" +order += "load" +order += "cpu_temperature 0" +order += "time" +order += "volume master" + +# How much space is left in / ? +disk "/" { + format = "/: %avail available of %total" + separator_block_width = 25 +} + +# How much space is left in /home ? +disk "/home/" { + format = "/home: %avail available of %total" + separator_block_width = 25 +} + +# WLAN status: show IP and connection quality or "down". +wireless wlp3s0 { + format_up = "w: (%quality at %essid) %ip" + format_down = "w: down" + separator_block_width = 10 +} + +# Ethernet status: show IP or "down". +ethernet enp0s25 { + format_up = "e: %ip" + format_down = "e: down" + separator_block_width = 25 +} + +# Battery status: show FULL/CHARGING/BATTERY, storage, time left. +battery 0 { + format = "b: %status %percentage %remaining" + separator_block_width = 25 +} + +# Show CPU usage. +cpu_usage { + format = "cpu: %usage" + separator_block_width = 10 +} + +# Show system load during last 1/5/15 minutes. +load { + format = "%1min %5min %15min" + separator_block_width = 25 +} + +# Show CPU temperature in degrees of celsius. +cpu_temperature 0 { + format = "%degrees °C" + separator_block_width = 25 +} + +# Show date/time/timezone as "year-month-day hour:minute:second +# timezone_numeric/timezone_alphabetic". +time { + format = "%Y-%m-%d %H:%M:%S %z/%Z" + separator_block_width = 25 +} + +volume master { + format = "♪: %volume" + format_muted = "♪: muted (%volume)" + separator_block_width = 25 +} diff --git a/archived/buster/home_files/x200s/.config/i3status/config b/archived/buster/home_files/x200s/.config/i3status/config new file mode 100644 index 0000000..256f174 --- /dev/null +++ b/archived/buster/home_files/x200s/.config/i3status/config @@ -0,0 +1,82 @@ +# plomlompom's i3 status bar configuration + +# Activate colors; set update interval of one second. +general { + colors = true + interval = 1 +} + +# Selection / order of status elements. +order += "disk /" +order += "disk /home/" +order += "wireless wls1" +order += "ethernet enp0s25" +order += "battery 0" +order += "cpu_usage" +order += "load" +order += "cpu_temperature 0" +order += "time" +order += "volume master" + +# How much space is left in / ? +disk "/" { + format = "/: %avail available of %total" + separator_block_width = 25 +} + +# How much space is left in /home ? +disk "/home/" { + format = "/home: %avail available of %total" + separator_block_width = 25 +} + +# WLAN status: show IP and connection quality or "down". +wireless wls1 { + format_up = "w: (%quality at %essid) %ip" + format_down = "w: down" + separator_block_width = 10 +} + +# Ethernet status: show IP or "down". +ethernet enp0s25 { + format_up = "e: %ip" + format_down = "e: down" + separator_block_width = 25 +} + +# Battery status: show FULL/CHARGING/BATTERY, storage, time left. +battery 0 { + format = "b: %status %percentage %remaining" + separator_block_width = 25 +} + +# Show CPU usage. +cpu_usage { + format = "cpu: %usage" + separator_block_width = 10 +} + +# Show system load during last 1/5/15 minutes. +load { + format = "%1min %5min %15min" + separator_block_width = 25 +} + +# Show CPU temperature in degrees of celsius. +cpu_temperature 0 { + format = "%degrees °C" + separator_block_width = 25 +} + +# Show date/time/timezone as "year-month-day hour:minute:second +# timezone_numeric/timezone_alphabetic". +time { + format = "%Y-%m-%d %H:%M:%S %z/%Z" + separator_block_width = 25 +} + +volume master { + format = "♪: %volume" + format_muted = "♪: muted (%volume)" + separator_block_width = 25 +} diff --git a/archived/buster/home_files/x220/.config/i3status/config b/archived/buster/home_files/x220/.config/i3status/config new file mode 100644 index 0000000..b9fb15f --- /dev/null +++ b/archived/buster/home_files/x220/.config/i3status/config @@ -0,0 +1,82 @@ +# plomlompom's i3 status bar configuration + +# Activate colors; set update interval of one second. +general { + colors = true + interval = 1 +} + +# Selection / order of status elements. +order += "disk /" +order += "disk /home/" +order += "wireless wlp3s0" +order += "ethernet enp0s25" +order += "battery 0" +order += "cpu_usage" +order += "load" +order += "cpu_temperature 0" +order += "time" +order += "volume master" + +# How much space is left in / ? +disk "/" { + format = "/: %avail available of %total" + separator_block_width = 25 +} + +# How much space is left in /home ? +disk "/home/" { + format = "/home: %avail available of %total" + separator_block_width = 25 +} + +# WLAN status: show IP and connection quality or "down". +wireless wlp3s0 { + format_up = "w: (%quality at %essid) %ip" + format_down = "w: down" + separator_block_width = 10 +} + +# Ethernet status: show IP or "down". +ethernet enp0s25 { + format_up = "e: %ip" + format_down = "e: down" + separator_block_width = 25 +} + +# Battery status: show FULL/CHARGING/BATTERY, storage, time left. +battery 0 { + format = "b: %status %percentage %remaining" + separator_block_width = 25 +} + +# Show CPU usage. +cpu_usage { + format = "cpu: %usage" + separator_block_width = 10 +} + +# Show system load during last 1/5/15 minutes. +load { + format = "%1min %5min %15min" + separator_block_width = 25 +} + +# Show CPU temperature in degrees of celsius. +cpu_temperature 0 { + format = "%degrees °C" + separator_block_width = 25 +} + +# Show date/time/timezone as "year-month-day hour:minute:second +# timezone_numeric/timezone_alphabetic". +time { + format = "%Y-%m-%d %H:%M:%S %z/%Z" + separator_block_width = 25 +} + +volume master { + format = "♪: %volume" + format_muted = "♪: muted (%volume)" + separator_block_width = 25 +} diff --git a/archived/buster/other_files/append_opendkim.conf b/archived/buster/other_files/append_opendkim.conf new file mode 100644 index 0000000..ee5dc14 --- /dev/null +++ b/archived/buster/other_files/append_opendkim.conf @@ -0,0 +1,6 @@ + +# plomlompom customizations +Domain REPLACE_maildomain_ECALPER +KeyFile /etc/dkimkeys/REPLACE_selector_ECALPER.private +Selector REPLACE_selector_ECALPER +Socket inet:8892@localhost diff --git a/archived/buster/other_files/append_pleroma_config b/archived/buster/other_files/append_pleroma_config new file mode 100644 index 0000000..54a65d0 --- /dev/null +++ b/archived/buster/other_files/append_pleroma_config @@ -0,0 +1,24 @@ + +########################################## +# below this: customizations by plomlompom + +config :pleroma, :instance, + registrations_open: false, + safe_dm_mentions: true, + cleanup_attachments: true + +config :pleroma, :frontend_configurations, + pleroma_fe: %{ + showInstanceSpecificPanel: true, + background: "/pixel.png", + logo: "/pixel.png" + } + +config :pleroma, :chat, + enabled: false + +config :pleroma, Pleroma.Captcha, + enabled: false + +config :pleroma, :static_fe, + enabled: true diff --git a/archived/buster/other_files/append_postfix_main.cf b/archived/buster/other_files/append_postfix_main.cf new file mode 100644 index 0000000..385058c --- /dev/null +++ b/archived/buster/other_files/append_postfix_main.cf @@ -0,0 +1,23 @@ + +# TLS certs +smtpd_tls_cert_file=/etc/letsencrypt/live/${myhostname}/fullchain.pem +smtpd_tls_key_file=/etc/letsencrypt/live/${myhostname}/privkey.pem + +# OpenDKIM milter +non_smtpd_milters = inet:localhost:8892 +smtpd_milters = inet:localhost:8892 + +# transport mail to dovecot; not strictly needed, as even without this +# postfix will throw mail to /var/mail/USER to be found by dovecot for +# serving via IMAP etc.; but using dovecot's LMTP server for delivery +# allows us to do stuff like dovecot-side sieve filtering. +mailbox_transport = lmtp:inet:127.0.0.1:2424 + +# to authenticate on SMTP, we need a SASL mechanism; we talk to dovecot +# for this, since it provides one +smtpd_sasl_type = dovecot +smtpd_sasl_path = private/auth +smtpd_sasl_auth_enable = yes + +# we append mail domain here for if it is different than $myhostname +mydestination = $myhostname localhost.$mydomain localhost REPLACE_maildomain_ECALPER diff --git a/archived/buster/other_files/append_postfix_master.cf b/archived/buster/other_files/append_postfix_master.cf new file mode 100644 index 0000000..5d1aa3c --- /dev/null +++ b/archived/buster/other_files/append_postfix_master.cf @@ -0,0 +1,4 @@ + +# Run SMTPS on port 465, enforce TLS there. +smtps inet n - y - - smtpd + -o smtpd_tls_wrappermode=yes diff --git a/archived/buster/other_files/blog_hook_post-receive b/archived/buster/other_files/blog_hook_post-receive new file mode 100755 index 0000000..b671248 --- /dev/null +++ b/archived/buster/other_files/blog_hook_post-receive @@ -0,0 +1,17 @@ +#!/bin/sh +blog_dir=~/blog +export GIT_DIR=$(pwd) +export GIT_WORK_TREE="$blog_dir" +git checkout -f +cd "$GIT_WORK_TREE" +redo +git add metadata/author metadata/url metadata/title metadata/*.tmpl metadata/automatic_metadata captchas/linkable/* +count=$(ls -1 metadata/*.automatic_metadata 2>/dev/null | wc -l) +if [ "$count" != 0 ]; then + git add metadata/*.automatic_metadata +fi +status=$(git status -s) +n_updates=$(printf "$status" | grep -vE '^\?\?' | wc -l) +if [ "$n_updates" -gt 0 ]; then + git commit -a -m 'Update metadata' +fi diff --git a/archived/buster/other_files/dovecot.sieve b/archived/buster/other_files/dovecot.sieve new file mode 100644 index 0000000..5346309 --- /dev/null +++ b/archived/buster/other_files/dovecot.sieve @@ -0,0 +1,8 @@ +require ["fileinto"]; +require ["mailbox"]; +if address :is "from" "foo@bar.com" { + fileinto :create "foo"; +} +if address :is :domain "to" "example.com" { + fileinto :create "example.com"; +} diff --git a/archived/buster/other_files/dumpsite_index.html b/archived/buster/other_files/dumpsite_index.html new file mode 100644 index 0000000..0c2093f --- /dev/null +++ b/archived/buster/other_files/dumpsite_index.html @@ -0,0 +1,3 @@ + + +Zum Blog? diff --git a/archived/buster/other_files/fetchmailrc b/archived/buster/other_files/fetchmailrc new file mode 100755 index 0000000..b437563 --- /dev/null +++ b/archived/buster/other_files/fetchmailrc @@ -0,0 +1,2 @@ +# remove "keep" if you're sure about your setup; it keeps mails on server from getting deleted +poll mail.example.com protocol pop3 username "foo@example.com" password "PASSWORD" ssl keep diff --git a/archived/buster/other_files/peertube_production.yaml b/archived/buster/other_files/peertube_production.yaml new file mode 100644 index 0000000..86804e2 --- /dev/null +++ b/archived/buster/other_files/peertube_production.yaml @@ -0,0 +1,375 @@ +listen: + hostname: 'localhost' + port: 9000 + +# Correspond to your reverse proxy server_name/listen configuration +webserver: + https: true + hostname: 'example.com' + port: 443 + +rates_limit: + api: + # 50 attempts in 10 seconds + window: 10 seconds + max: 50 + login: + # 15 attempts in 5 min + window: 5 minutes + max: 15 + signup: + # 2 attempts in 5 min (only succeeded attempts are taken into account) + window: 5 minutes + max: 2 + ask_send_email: + # 3 attempts in 5 min + window: 5 minutes + max: 3 + +# Proxies to trust to get real client IP +# If you run PeerTube just behind a local proxy (nginx), keep 'loopback' +# If you run PeerTube behind a remote proxy, add the proxy IP address (or subnet) +trust_proxy: + - 'loopback' + +# Your database name will be "peertube"+database.suffix +database: + password: 'peertube' + hostname: 'localhost' + port: 5432 + suffix: '_prod' + username: 'peertube' + pool: + max: 5 + +# Redis server for short time storage +# You can also specify a 'socket' path to a unix socket but first need to +# comment out hostname and port +redis: + hostname: 'localhost' + port: 6379 + auth: null + db: 0 + +# SMTP server to send emails +smtp: + hostname: null + port: 465 # If you use StartTLS: 587 + username: null + password: null + tls: true # If you use StartTLS: false + disable_starttls: false + ca_file: null # Used for self signed certificates + from_address: 'admin@example.com' + +email: + body: + signature: "PeerTube" + subject: + prefix: "[PeerTube]" + +# From the project root directory +storage: + tmp: '/var/www/peertube/storage/tmp/' # Use to download data (imports etc), store uploaded files before processing... + avatars: '/var/www/peertube/storage/avatars/' + videos: '/var/www/peertube/storage/videos/' + streaming_playlists: '/var/www/peertube/storage/streaming-playlists/' + redundancy: '/var/www/peertube/storage/redundancy/' + logs: '/var/www/peertube/storage/logs/' + previews: '/var/www/peertube/storage/previews/' + thumbnails: '/var/www/peertube/storage/thumbnails/' + torrents: '/var/www/peertube/storage/torrents/' + captions: '/var/www/peertube/storage/captions/' + cache: '/var/www/peertube/storage/cache/' + plugins: '/var/www/peertube/storage/plugins/' + +log: + level: 'info' # debug/info/warning/error + rotation: + enabled : true # Enabled by default, if disabled make sure that 'storage.logs' is pointing to a folder handled by logrotate + maxFileSize: 12MB + maxFiles: 20 + anonymizeIP: true + +search: + # Add ability to fetch remote videos/actors by their URI, that may not be federated with your instance + # If enabled, the associated group will be able to "escape" from the instance follows + # That means they will be able to follow channels, watch videos, list videos of non followed instances + remote_uri: + users: true + anonymous: false + +trending: + videos: + interval_days: 7 # Compute trending videos for the last x days + +# Cache remote videos on your server, to help other instances to broadcast the video +# You can define multiple caches using different sizes/strategies +# Once you have defined your strategies, choose which instances you want to cache in admin -> manage follows -> following +redundancy: + videos: + check_interval: '1 hour' # How often you want to check new videos to cache + strategies: # Just uncomment strategies you want +# - +# size: '10GB' +# # Minimum time the video must remain in the cache. Only accept values > 10 hours (to not overload remote instances) +# min_lifetime: '48 hours' +# strategy: 'most-views' # Cache videos that have the most views +# - +# size: '10GB' +# # Minimum time the video must remain in the cache. Only accept values > 10 hours (to not overload remote instances) +# min_lifetime: '48 hours' +# strategy: 'trending' # Cache trending videos +# - +# size: '10GB' +# # Minimum time the video must remain in the cache. Only accept values > 10 hours (to not overload remote instances) +# min_lifetime: '48 hours' +# strategy: 'recently-added' # Cache recently added videos +# min_views: 10 # Having at least x views + +csp: + enabled: false + report_only: true # CSP directives are still being tested, so disable the report only mode at your own risk! + report_uri: + +tracker: + # If you disable the tracker, you disable the P2P aspect of PeerTube + enabled: true + # Only handle requests on your videos. + # If you set this to false it means you have a public tracker. + # Then, it is possible that clients overload your instance with external torrents + private: true + # Reject peers that do a lot of announces (could improve privacy of TCP/UDP peers) + reject_too_many_announces: false + +history: + videos: + # If you want to limit users videos history + # -1 means there is no limitations + # Other values could be '6 months' or '30 days' etc (PeerTube will periodically delete old entries from database) + max_age: -1 + +views: + videos: + # PeerTube creates a database entry every hour for each video to track views over a period of time + # This is used in particular by the Trending page + # PeerTube could remove old remote video views if you want to reduce your database size (video view counter will not be altered) + # -1 means no cleanup + # Other values could be '6 months' or '30 days' etc (PeerTube will periodically delete old entries from database) + remote: + max_age: -1 + +plugins: + # The website PeerTube will ask for available PeerTube plugins and themes + # This is an unmoderated plugin index, so only install plugins/themes you trust + index: + enabled: true + check_latest_versions_interval: '12 hours' # How often you want to check new plugins/themes versions + url: 'https://packages.joinpeertube.org' + + +############################################################################### +# +# From this point, all the following keys can be overridden by the web interface +# (local-production.json file). If you need to change some values, prefer to +# use the web interface because the configuration will be automatically +# reloaded without any need to restart PeerTube. +# +# /!\ If you already have a local-production.json file, the modification of the +# following keys will have no effect /!\. +# +############################################################################### + +cache: + previews: + size: 500 # Max number of previews you want to cache + captions: + size: 500 # Max number of video captions/subtitles you want to cache + +admin: + # Used to generate the root user at first startup + # And to receive emails from the contact form + email: 'admin@example.com' + +contact_form: + enabled: true + +signup: + enabled: false + limit: 10 # When the limit is reached, registrations are disabled. -1 == unlimited + requires_email_verification: false + filters: + cidr: # You can specify CIDR ranges to whitelist (empty = no filtering) or blacklist + whitelist: [] + blacklist: [] + +user: + # Default value of maximum video BYTES the user can upload (does not take into account transcoded files). + # -1 == unlimited + video_quota: -1 + video_quota_daily: -1 + +# If enabled, the video will be transcoded to mp4 (x264) with "faststart" flag +# In addition, if some resolutions are enabled the mp4 video file will be transcoded to these new resolutions. +# Please, do not disable transcoding since many uploaded videos will not work +transcoding: + enabled: true + # Allow your users to upload .mkv, .mov, .avi, .flv videos + allow_additional_extensions: true + # If a user uploads an audio file, PeerTube will create a video by merging the preview file and the audio file + allow_audio_files: true + threads: 1 + resolutions: # Only created if the original video has a higher resolution, uses more storage! + 0p: false # audio-only (creates mp4 without video stream, always created when enabled) + 240p: true + 360p: true + 480p: true + 720p: true + 1080p: true + 2160p: false + + # Generate videos in a WebTorrent format (what we do since the first PeerTube release) + # If you also enabled the hls format, it will multiply videos storage by 2 + # If disabled, breaks federation with PeerTube instances < 2.1 + webtorrent: + enabled: true + + # /!\ Requires ffmpeg >= 4.1 + # Generate HLS playlists and fragmented MP4 files. Better playback than with WebTorrent: + # * Resolution change is smoother + # * Faster playback in particular with long videos + # * More stable playback (less bugs/infinite loading) + # If you also enabled the webtorrent format, it will multiply videos storage by 2 + hls: + enabled: true + +import: + # Add ability for your users to import remote videos (from YouTube, torrent...) + videos: + http: # Classic HTTP or all sites supported by youtube-dl https://rg3.github.io/youtube-dl/supportedsites.html + enabled: false + # You can use an HTTP/HTTPS/SOCKS proxy with youtube-dl + proxy: + enabled: false + url: "" + torrent: # Magnet URI or torrent file (use classic TCP/UDP/WebSeed to download the file) + enabled: false + +auto_blacklist: + # New videos automatically blacklisted so moderators can review before publishing + videos: + of_users: + enabled: false + +# Instance settings +instance: + name: 'PlomTube' + short_description: '' + description: 'Personal PeerTube instance by plomlompom (see https://plomlompom.com) for his own videos.' # Support markdown + terms: '**Privacy**: Videos here are streamed via the BitTorrent protocol, which might expose your IP to other peers – see the "P2P & Privacy" section [here](/about/peertube). Internally, site visits are logged by the PeerTube software, but with IPs anonymized. **Contact**: See https://plomlompom.com/contact.html' # Support markdown + code_of_conduct: '' # Supports markdown + + # Who moderates the instance? What is the policy regarding NSFW videos? Political videos? etc + moderation_information: '' # Supports markdown + + # Why did you create this instance? + creation_reason: '' + + # Who is behind the instance? A single person? A non profit? + administrator: '' + + # How long do you plan to maintain this instance? + maintenance_lifetime: '' + + # How will you pay the PeerTube instance server? With your own funds? With users donations? Advertising? + business_model: '' + + # If you want to explain on what type of hardware your PeerTube instance runs + # Example: "2 vCore, 2GB RAM..." + hardware_information: '' # Supports Markdown + + # What are the main languages of your instance? To interact with your users for example + # Uncomment or add the languages you want + # List of supported languages: https://peertube.cpy.re/api/v1/videos/languages + languages: +# - en +# - es +# - fr + + # You can specify the main categories of your instance (dedicated to music, gaming or politics etc) + # Uncomment or add the category ids you want + # List of supported categories: https://peertube.cpy.re/api/v1/videos/categories + categories: +# - 1 # Music +# - 2 # Films +# - 3 # Vehicles +# - 4 # Art +# - 5 # Sports +# - 6 # Travels +# - 7 # Gaming +# - 8 # People +# - 9 # Comedy +# - 10 # Entertainment +# - 11 # News & Politics +# - 12 # How To +# - 13 # Education +# - 14 # Activism +# - 15 # Science & Technology +# - 16 # Animals +# - 17 # Kids +# - 18 # Food + + default_client_route: '/videos/trending' + + # Whether or not the instance is dedicated to NSFW content + # Enabling it will allow other administrators to know that you are mainly federating sensitive content + # Moreover, the NSFW checkbox on video upload will be automatically checked by default + is_nsfw: false + # By default, "do_not_list" or "blur" or "display" NSFW videos + # Could be overridden per user with a setting + default_nsfw_policy: 'do_not_list' + + customizations: + javascript: '' # Directly your JavaScript code (without